fwknop implements an authorization scheme thatrequires only a single encrypted packet tocommunicate various pieces of information,including desired access through a Netfilterpolicy and/or specific commands to execute on thetarget system. The main application of thisprogram is to protect services such as SSH with anadditional layer of security in order to make theexploitation of vulnerabilities much moredifficult. The authorization server works bypassively monitoring authorization packets vialibpcap.
License: GNU General Public License (GPL)
Changes:
The ENABLE_OUTPUT_ACCESS keyword was added to access.conf file parsing. This provides a configuration gate for the iptables OUTPUT chain that is similar to the ENABLE_FORWARD_ACCESS keyword, and adds the abiliy to control which access.conf SOURCE blocks interface to the OUTPUT chain. Installation support was improved for various Linux distributions, including Fedora 8 and Ubuntu 7.10. The test suite was updated to include OUTPUT chain tests, to reference access.conf files in the test/conf/ directory, and to perform SPA packet format validation tests by parsing fwknopd output.
More...