This release brings:
- [server] Add MAX_FW_TIMEOUT to access.conf stanzas to allow a maximum
number of seconds for client-specified timeouts in SPA packets. This
fixes issue #226 which was spotted by Jeremiah Rothschild.
- [server] Bug fix in CMD_EXEC mode to make sure to call exit() upon any
error from execvpe(). Without this fix, additional fwknopd processes
would be started upon a user specifying a command without the necessary
permissions. This bug was reported by Stephen Isard.
- [build] Jeremie Courreges-Anglas and Ingo Feinerer contributed a patch
to fix endian detection on OpenBSD systems based on information
contained here: https://www.opengroup.org/austin/docs/austin_514.txt
- [client/server] (Michael Stair) Added client and server infrastructure
written in Erlang. See the erlang/ directory.
fwknop stands for the "FireWall KNock OPerator", and implements an authorization
scheme called Single Packet Authorization (SPA). This method of authorization is
based around a default-drop packet filter (fwknop supports iptables and
firewalld on Linux, ipfw on FreeBSD and Mac OS X, and PF on OpenBSD) and
libpcap. SPA is essentially next generation port knocking.
