match exists to ensure the proper environment for fwknopd operations.
This check is controlled by the new ENABLE_IPT_COMMENT_CHECK variable,
and was suggested by Hank Leininger.
+ - [server] 'make install' fix to ensure restrictive permissions on the
+ /etc/fwknop/ directory and /etc/fwknop/* files.
fwknop-2.0.1 (07/23/2012):
- [server] Bug fix where the same encryption key used for two stanzas in
rm -f $(distdir)/client/fwknop.8
rm -f $(distdir)/server/fwknopd.8
+install-exec-hook:
+ chmod 500 $(sysconfdir)/fwknop
+ chmod 700 $(sysconfdir)/fwknop/*
:CLOSED: <2012-08-12 Sun>
Hank Leininger suggested that fwknopd do better detection for the iptables
comment match since it is required for the expiration of SPA rules.
+*** Set restrictive permissions on /etc/fwknop/ directory and /etc/fwknop/* files.
+ :CLOSED: <2012-08-12 Sun>
+ Current default permissions on /etc/fwknop/ and /etc/fwknop/* are too lax.
** Include files for access.conf
Hank Leininger suggested that the main access.conf file have an option to
include other files in which access stanzas can be specified. This makes
** ipfw active/expire sets cannot be the same
Add a check to ensure that active and expire sets are not the same value in
fwknopd.conf, and add a corresponding test in the test suite.
-** Set restrictive permissions on /etc/fwknop/ directory and /etc/fwknop/* files.
- Current default permissions on /etc/fwknop/ and /etc/fwknop/* are too lax.
projects / fwknop.git / commitdiff