Commit Graph

909 Commits

Author SHA1 Message Date
Thomas Bernard 700b86eeda
compatibility with OpenSSL 1.1.x
Use OpenSSL TLS_server_method() instead of TLSv1_server_method()
Also fix ERR_remove_state(0) call
2019-10-05 22:44:31 +02:00
Paul Chambers 123e589266 establish persistent mnl/netlink socket at init_redirect (needs elevated privileges) 2019-10-05 22:39:05 +02:00
Thomas Bernard 22223da9a1 use OpenBSD pledge() to drop privileges
To be tested

see #405
2019-10-03 23:23:53 +02:00
Thomas Bernard 174db857f8 fix end of file 2019-10-03 00:15:50 +02:00
Thomas Bernard 49a60028e7 2019 2019-10-03 00:15:32 +02:00
Thomas Bernard 6f4057ee82 update Changelog.txt 2019-10-03 00:15:13 +02:00
Thomas Bernard 57bc67f72a 2019 2019-10-02 23:42:55 +02:00
Paul Chambers 7ea314412c make rdr_name_type enum values more unique 2019-10-02 23:42:15 +02:00
Paul Chambers b36a6e94f8 NFT_RULE_USERDATA is sized, not null-terminated. Must use strndup() 2019-10-02 23:42:15 +02:00
Paul Chambers fda82bceef remove lingering debug stuff, add my name to file headers 2019-10-02 13:08:22 -07:00
Paul Chambers dcad93615f set the family attribute on the chain 2019-10-01 01:12:10 -07:00
Paul Chambers 2a496a1c1c Minimize attributes set if chain_op is not NFT_MSG_NEWCHAIN 2019-10-01 00:40:05 -07:00
Paul Chambers 6a53e6e765 use the same name for all three tables, like sshguard does 2019-09-30 11:20:16 -07:00
Paul Chambers 13b63da3fb bump the priority of miniupnpd's forward chain, so it processes packets before other filter chains 2019-09-30 09:40:40 -07:00
Paul Chambers 75bdb777cf rework nft-specific globals, create & destroy tables/chains at init & shutdown 2019-09-30 00:12:08 -07:00
Paul Chambers d5773600f9 add --firewall=<name> to genconfig.sh & tweak Makefiles to match 2019-09-28 22:17:51 -07:00
Paul Chambers 48f2339759 parse_rule_cmp: promote repeated code in cases outside the switch 2019-09-27 21:25:34 -07:00
Paul Chambers dbdaabd21e insert omitted break statements causing compiler warnings 2019-09-27 21:00:28 -07:00
Paul Chambers b5021ef57f suppress warnings for some intentional fallthrough cases in switch statements 2019-09-27 20:47:53 -07:00
Thomas Bernard 2c45b0793e fix genconfig.sh for OpenBSD
see 70a215d693
2019-09-26 23:46:24 +02:00
Thomas Bernard ace2250533
cast time_t to long long instead of long 2019-09-24 16:07:42 +02:00
Thomas Bernard 70a215d693 net.inet6.ip6.v6only has been removed in recent OpenBSD versions 2019-09-24 16:06:38 +02:00
Thomas Bernard 8c00d0747a
include <sys/select.h> for fd_set 2019-09-24 16:06:12 +02:00
Thomas Bernard 2917d99c58 2019 2019-09-24 16:05:44 +02:00
Thomas Bernard a6291ca391 update miniupnpd/Changelog.txt and README 2019-09-24 13:02:20 +02:00
Thomas Bernard 1976452125 handle both IP_PKTINFO and IP_RECVIF defined.
fixes #391
2019-09-24 12:26:57 +02:00
Thomas Bernard 8cb006c538 macros.h: add FALL_THROUGH macro 2019-09-24 12:04:40 +02:00
Paul Chambers ed9ef746a0 Distinguish between iptables and nftables in genconfig.sh, adding USE_IPTABLES or USE_NFTABLES defines. 2019-09-24 11:57:39 +02:00
Thomas Bernard 81e0d83403 build doc with Doxygen 2019-09-24 11:57:27 +02:00
Paul Chambers 8a56bb50cf add 'dox' make target for nftables, which generates docs using doxygen. Also modify the uuid in the installed copy of miniupnpd.conf, not the pristine local copy that is under revision control. 2019-09-17 18:22:11 -07:00
Thomas Bernard dec239d340
pfpinhole.c: fix includes 2019-09-02 02:03:41 +02:00
Thomas Bernard 5ab641e9e6
update Changelog 2019-09-02 01:01:43 +02:00
Thomas Bernard d1d7059e75 fix file modes for nft_display.sh (chmod +x) 2019-09-02 00:57:49 +02:00
Guilherme Senges 62d62e4f88 Applied patch to OpenWRT compatibility 2019-09-02 00:28:45 +02:00
Paul Chambers f24ca07640 Fix the error messages produced by nft_init.sh in normal operation. Simplify the script. 2019-08-31 23:22:30 -07:00
Paul Chambers 60b57a442a Rework nft_removeall.sh to preserve nftables structures miniupnpd didn't add. Important for firewalld and sshguard co-existance. 2019-08-31 20:47:11 -07:00
Thomas Bernard 6317e73342 iptpinhole.c: fix ressource leak in ip6tc_init_verify_append()
fixes #393
2019-08-24 10:55:33 +02:00
Thomas Bernard a77d1ff9d3
iptcrdr.c: memory allocation fix in get_portmappings_in_range()
fixes #394
2019-08-24 10:54:46 +02:00
Thomas Bernard 4f8a4abcd1
nftnlrdr: list_redirect_rule() only in DEBUG 2019-06-30 22:23:36 +02:00
Thomas Bernard 4e480a7c4e nftnlrdr_misc.c: use syslog() instead of perror()
do not exit()
2019-06-30 22:02:15 +02:00
Thomas Bernard 9402b49456
update headers 2019-06-30 21:51:15 +02:00
Thomas Bernard d8368f7651
test_nfct_get.c: openlog() 2019-06-30 21:50:55 +02:00
Thomas Bernard 9070e175d4 Merge remote-tracking branch 'svenauhagen/fixes/nftablesipv6' 2019-06-30 21:25:01 +02:00
Sven Auhagen b377305db0 This commits fixes an error setting the NFT Chain in DNAT instead of Filter 2019-06-30 19:46:35 +02:00
Sven Auhagen b581b5d8af pinhole fixes 2019-06-28 11:02:19 +02:00
Thomas Bernard 3cf6efa912
miniupnpd/Changelog.txt update 2019-06-25 23:30:12 +02:00
Sven Auhagen f67f6ae5f0 NFTables fixes and scripts
This commit fixes the list detection and uses the inet chain for ipv4.
The scripts got reworked as well and a display script was added.
2019-06-25 09:44:51 +02:00
sven ee84a3949d Update nftnlrdr_misc.h
Fix compiler warnings
2019-06-13 21:34:52 +02:00
Sven Auhagen 00ff23c428 This commit fixes IPv4 and adds IPv6 pinhole to nftables.
Signed-off-by: Sven Auhagen <sven.auhagen@voleatech.de>
2019-06-12 23:09:20 +02:00
Thomas Bernard 765156b04a nftnlrdr.c: fix indent and spaces before eol 2019-06-04 23:02:52 +02:00