| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
| |
Make use of the iptables conntrack module instead of the older state module
for stateful firewalling.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
|
|
|
|
| |
The current implementation uses the MAC address of the client's VPN
interface. This also restricts eurephia to use TAP mode.
This patch adds preliminary support for also accepting the clients
IP address when updating the firewall rules. But the complete support
for TUN mode is not completed yet.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
As the firewall API has changed in regards to moving a way from
a string based implementation to a struct based implementation, the
older eurephia firewall module will not work any longer.
To make sure nothing bad happens, enforce that the efw-iptables
module is at least using API version 2. Also updated the module
version to reflect some changes as well.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
| |
Removed some #defines which was not needed and added missing comments.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
| |
Moved over the missing pieces to use the eFWupdateRequest struct. This is
a continuation of the work started in commit bdd956adcccd91ff553278fd73cea7
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
This static library is later on linked in. This is to avoid recompiling
the same source files several times during a complete eurephia
compilation.
|
| |
|
|
| |
Also added install rules to XSLT files
|
| | |
|
| |
|
|
|
| |
Made sure we only include needed include files and checked that
the copyright headers are equal and correct
|
| | |
|
| |
|
|
|
|
|
|
|
| |
eurephia_context.h do only need to know about the eurephiaFWINTF *
struct when compiling the auth plug-in and firewall modules.
To enable this, EUREPHIA_FWINTF needs to be defined as well as the
eurephiafw_struct.h must be included before including eurephia_context.h
in the source. When this is not done, *fwcfg will just be a void *.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Since this include file now only consists of eurephiaCTX definition,
it was moved to the common/ directory and renamed.
Moved the SESSION_* definitions out of this file and into
plugin/eurephiadb_session.h where they belong.
Moved the Posix MQ definitions into plugin/firewall/eurephiafw_struct.h
where they belong.
eurephia_context.h is now containing only context related things.
|
| | |
|
| |
|
|
|
|
| |
It will now support config option 'firewall_blacklist_send_to'. If set
it will send all blacklisted IP addresses to this chain (iptables -j).
If this option is not set, it will default to DROP.
|
| |
|
|
|
| |
Also changed the worker side to use sem_timedwait(), to not wait
forever on shutdown acknowledge
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
If the configuration variable 'firewall_blacklist_destination' is
set, it will insert DROP rules when a blacklisted IP address is
attempted.
Feature not tested yet.
|
|
|
Moved all OpenVPN plug-in related things into ./plugins, including firewall
Moved all shared code into ./common and moved the generic part of the
database files into ./database
Updated all CMakeLists.txt files and created a new one for the root directory
|
