Thomas Bernard
|
700b86eeda
|
compatibility with OpenSSL 1.1.x
Use OpenSSL TLS_server_method() instead of TLSv1_server_method()
Also fix ERR_remove_state(0) call
|
2019-10-05 22:44:31 +02:00 |
Paul Chambers
|
123e589266
|
establish persistent mnl/netlink socket at init_redirect (needs elevated privileges)
|
2019-10-05 22:39:05 +02:00 |
Thomas Bernard
|
22223da9a1
|
use OpenBSD pledge() to drop privileges
To be tested
see #405
|
2019-10-03 23:23:53 +02:00 |
Thomas Bernard
|
174db857f8
|
fix end of file
|
2019-10-03 00:15:50 +02:00 |
Thomas Bernard
|
49a60028e7
|
2019
|
2019-10-03 00:15:32 +02:00 |
Thomas Bernard
|
6f4057ee82
|
update Changelog.txt
|
2019-10-03 00:15:13 +02:00 |
Thomas Bernard
|
57bc67f72a
|
2019
|
2019-10-02 23:42:55 +02:00 |
Paul Chambers
|
7ea314412c
|
make rdr_name_type enum values more unique
|
2019-10-02 23:42:15 +02:00 |
Paul Chambers
|
b36a6e94f8
|
NFT_RULE_USERDATA is sized, not null-terminated. Must use strndup()
|
2019-10-02 23:42:15 +02:00 |
Paul Chambers
|
fda82bceef
|
remove lingering debug stuff, add my name to file headers
|
2019-10-02 13:08:22 -07:00 |
Paul Chambers
|
dcad93615f
|
set the family attribute on the chain
|
2019-10-01 01:12:10 -07:00 |
Paul Chambers
|
2a496a1c1c
|
Minimize attributes set if chain_op is not NFT_MSG_NEWCHAIN
|
2019-10-01 00:40:05 -07:00 |
Paul Chambers
|
6a53e6e765
|
use the same name for all three tables, like sshguard does
|
2019-09-30 11:20:16 -07:00 |
Paul Chambers
|
13b63da3fb
|
bump the priority of miniupnpd's forward chain, so it processes packets before other filter chains
|
2019-09-30 09:40:40 -07:00 |
Paul Chambers
|
75bdb777cf
|
rework nft-specific globals, create & destroy tables/chains at init & shutdown
|
2019-09-30 00:12:08 -07:00 |
Paul Chambers
|
d5773600f9
|
add --firewall=<name> to genconfig.sh & tweak Makefiles to match
|
2019-09-28 22:17:51 -07:00 |
Paul Chambers
|
48f2339759
|
parse_rule_cmp: promote repeated code in cases outside the switch
|
2019-09-27 21:25:34 -07:00 |
Paul Chambers
|
dbdaabd21e
|
insert omitted break statements causing compiler warnings
|
2019-09-27 21:00:28 -07:00 |
Paul Chambers
|
b5021ef57f
|
suppress warnings for some intentional fallthrough cases in switch statements
|
2019-09-27 20:47:53 -07:00 |
Thomas Bernard
|
2c45b0793e
|
fix genconfig.sh for OpenBSD
see 70a215d693
|
2019-09-26 23:46:24 +02:00 |
Thomas Bernard
|
ace2250533
|
cast time_t to long long instead of long
|
2019-09-24 16:07:42 +02:00 |
Thomas Bernard
|
70a215d693
|
net.inet6.ip6.v6only has been removed in recent OpenBSD versions
|
2019-09-24 16:06:38 +02:00 |
Thomas Bernard
|
8c00d0747a
|
include <sys/select.h> for fd_set
|
2019-09-24 16:06:12 +02:00 |
Thomas Bernard
|
2917d99c58
|
2019
|
2019-09-24 16:05:44 +02:00 |
Thomas Bernard
|
a6291ca391
|
update miniupnpd/Changelog.txt and README
|
2019-09-24 13:02:20 +02:00 |
Thomas Bernard
|
1976452125
|
handle both IP_PKTINFO and IP_RECVIF defined.
fixes #391
|
2019-09-24 12:26:57 +02:00 |
Thomas Bernard
|
8cb006c538
|
macros.h: add FALL_THROUGH macro
|
2019-09-24 12:04:40 +02:00 |
Paul Chambers
|
ed9ef746a0
|
Distinguish between iptables and nftables in genconfig.sh, adding USE_IPTABLES or USE_NFTABLES defines.
|
2019-09-24 11:57:39 +02:00 |
Thomas Bernard
|
81e0d83403
|
build doc with Doxygen
|
2019-09-24 11:57:27 +02:00 |
Paul Chambers
|
8a56bb50cf
|
add 'dox' make target for nftables, which generates docs using doxygen. Also modify the uuid in the installed copy of miniupnpd.conf, not the pristine local copy that is under revision control.
|
2019-09-17 18:22:11 -07:00 |
Thomas Bernard
|
dec239d340
|
pfpinhole.c: fix includes
|
2019-09-02 02:03:41 +02:00 |
Thomas Bernard
|
5ab641e9e6
|
update Changelog
|
2019-09-02 01:01:43 +02:00 |
Thomas Bernard
|
d1d7059e75
|
fix file modes for nft_display.sh (chmod +x)
|
2019-09-02 00:57:49 +02:00 |
Guilherme Senges
|
62d62e4f88
|
Applied patch to OpenWRT compatibility
|
2019-09-02 00:28:45 +02:00 |
Paul Chambers
|
f24ca07640
|
Fix the error messages produced by nft_init.sh in normal operation. Simplify the script.
|
2019-08-31 23:22:30 -07:00 |
Paul Chambers
|
60b57a442a
|
Rework nft_removeall.sh to preserve nftables structures miniupnpd didn't add. Important for firewalld and sshguard co-existance.
|
2019-08-31 20:47:11 -07:00 |
Thomas Bernard
|
6317e73342
|
iptpinhole.c: fix ressource leak in ip6tc_init_verify_append()
fixes #393
|
2019-08-24 10:55:33 +02:00 |
Thomas Bernard
|
a77d1ff9d3
|
iptcrdr.c: memory allocation fix in get_portmappings_in_range()
fixes #394
|
2019-08-24 10:54:46 +02:00 |
Thomas Bernard
|
4f8a4abcd1
|
nftnlrdr: list_redirect_rule() only in DEBUG
|
2019-06-30 22:23:36 +02:00 |
Thomas Bernard
|
4e480a7c4e
|
nftnlrdr_misc.c: use syslog() instead of perror()
do not exit()
|
2019-06-30 22:02:15 +02:00 |
Thomas Bernard
|
9402b49456
|
update headers
|
2019-06-30 21:51:15 +02:00 |
Thomas Bernard
|
d8368f7651
|
test_nfct_get.c: openlog()
|
2019-06-30 21:50:55 +02:00 |
Thomas Bernard
|
9070e175d4
|
Merge remote-tracking branch 'svenauhagen/fixes/nftablesipv6'
|
2019-06-30 21:25:01 +02:00 |
Sven Auhagen
|
b377305db0
|
This commits fixes an error setting the NFT Chain in DNAT instead of Filter
|
2019-06-30 19:46:35 +02:00 |
Sven Auhagen
|
b581b5d8af
|
pinhole fixes
|
2019-06-28 11:02:19 +02:00 |
Thomas Bernard
|
3cf6efa912
|
miniupnpd/Changelog.txt update
|
2019-06-25 23:30:12 +02:00 |
Sven Auhagen
|
f67f6ae5f0
|
NFTables fixes and scripts
This commit fixes the list detection and uses the inet chain for ipv4.
The scripts got reworked as well and a display script was added.
|
2019-06-25 09:44:51 +02:00 |
sven
|
ee84a3949d
|
Update nftnlrdr_misc.h
Fix compiler warnings
|
2019-06-13 21:34:52 +02:00 |
Sven Auhagen
|
00ff23c428
|
This commit fixes IPv4 and adds IPv6 pinhole to nftables.
Signed-off-by: Sven Auhagen <sven.auhagen@voleatech.de>
|
2019-06-12 23:09:20 +02:00 |
Thomas Bernard
|
765156b04a
|
nftnlrdr.c: fix indent and spaces before eol
|
2019-06-04 23:02:52 +02:00 |