blob: a7509c447f1c205bb1e98eb630f14e851920e013 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
* Write firewall (iptables) implementation
- Add function declarations in eurephia_firewall.h (DONE)
- Enable firewall functionality by checking if firewall_interface
config variable is set. (DONE)
- Add eDBget_firewall_profile(ctx, session) in eurephiadb (DONE)
- Add eurephia_firewall(ctx, mode{ADD|DELETE}, {profilename|macaddr},
(eurephiaCTX *, const int mode, char *) (DONE)
- This function is located in eurephia_fw_iptables.c (DONE)
- iptables -I {INSERT place} is taken from config:
firewall_destination (DONE)
- iptables -j {vpnuser_profile} is taken from VPN users
accessprofile (DONE)
- Needs probably to be an own thread with root permission and a
socket to send ADD/DELETE commands (DONE)
- Flush iptables chain on startup
* Implement logging of env.variable time_duration on disconnect
- Needs to expand the openvpn_lastlog table with connection_duration
field.
* Write admin program
- Add / Delete / Modify users
- Add / Delete / Modify certificates (by loading the certfile)
- Add / Remove user->certlink
- Add / Delete blacklisted users/cert/IP addr
- Show lastlog
- Show blacklist
- Admin program should use eurephiaDB
* Make new eurephiadb-driver_template.c - template for creating db driver
- add new parameter to eDBregister_attempt(...) -- attempt_mode
* Write PostgreSQL driver
* A lot of QA
- Writing test program for DB drivers
- which tests only the driver (loads .so file)
- which tests the API, simulating openvpn calls
- Check that user gets blocked and blacklisted on too many failing attempts
- Check that right connection profiles are used
- Check that user/cert matches
|