alff.git
17 months agoDHCRelay uses port 67 as sourceport master
Michael Schwarz [Mon, 11 Jun 2018 12:41:21 +0000 (14:41 +0200)]
DHCRelay uses port 67 as sourceport

2 years agoUpdate changelog for 0.2.3
Michael Schwarz [Mon, 16 Oct 2017 10:58:36 +0000 (12:58 +0200)]
Update changelog for 0.2.3

2 years agoChecks for portdefinitions in services
Michael Schwarz [Mon, 16 Oct 2017 10:52:28 +0000 (12:52 +0200)]
Checks for portdefinitions in services

2 years agoDelayed commit of changelog for version 0.2.1
Michael Schwarz [Fri, 13 Oct 2017 11:34:59 +0000 (13:34 +0200)]
Delayed commit of changelog for version 0.2.1

2 years agoAccept portranges in service definitions
Michael Schwarz [Fri, 13 Oct 2017 11:29:59 +0000 (13:29 +0200)]
Accept portranges in service definitions

3 years agoFixed generation of network based rules
Michael Schwarz [Mon, 15 Aug 2016 09:24:34 +0000 (11:24 +0200)]
Fixed generation of network based rules

3 years agoUpdate Changelog to version 0.2.1
Michael Schwarz [Thu, 21 Jan 2016 08:29:30 +0000 (09:29 +0100)]
Update Changelog to version 0.2.1

3 years agoImplement hooks at push also
Michael Schwarz [Thu, 21 Jan 2016 08:28:56 +0000 (09:28 +0100)]
Implement hooks at push also

3 years agoUpdate example files
Michael Schwarz [Wed, 20 Jan 2016 15:27:44 +0000 (16:27 +0100)]
Update example files

3 years agoImplement execution of hooks
Michael Schwarz [Wed, 20 Jan 2016 15:18:47 +0000 (16:18 +0100)]
Implement execution of hooks

  With alff 0.1.0, hooks could be called before and after generation
  of rules. While alff 0.2.0 can handle sites, the proceudre which calls
  this hooks must become rewritten.
  From now on, hooks can be called before all sites and per site.
  Therefore the hooks for e.g. pregenerate must resist in
  <alff-config-dir>/hooks.d/pregenerate/[ ALL | <site> ]

  Hooks must end with an exitcode. Hooks ending with exitcode != 0
  cause the rule generation to abort. STDOUT is given on success, STDERR
  will be displayed on termination with exitcode != 0.

3 years agoDamn typo v0.2.0-1
Michael Schwarz [Mon, 18 Jan 2016 13:32:22 +0000 (14:32 +0100)]
Damn typo

3 years agoMaking lintian not crying any more
Michael Schwarz [Thu, 14 Jan 2016 13:37:16 +0000 (14:37 +0100)]
Making lintian not crying any more

3 years agoUpdate changelog for relase
Michael Schwarz [Thu, 14 Jan 2016 12:29:45 +0000 (13:29 +0100)]
Update changelog for relase

3 years agoCreate rules dir on setup
Michael Schwarz [Thu, 14 Jan 2016 12:28:29 +0000 (13:28 +0100)]
Create rules dir on setup

4 years agoUpdate alff agent config (missing config statement)
Michael Schwarz [Tue, 2 Jun 2015 15:00:41 +0000 (17:00 +0200)]
Update alff agent config (missing config statement)

4 years agoUpdate plugin generateServiceChains.py to new config format
Michael Schwarz [Tue, 2 Jun 2015 14:58:35 +0000 (16:58 +0200)]
Update plugin generateServiceChains.py to new config format

4 years agoUse std POSIX shell instead of bash and remove old dependencies for alff-rulegen.
Maximilian Wilhelm [Sat, 30 May 2015 16:12:09 +0000 (18:12 +0200)]
Use std POSIX shell instead of bash and remove old dependencies for alff-rulegen.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

4 years agoUpdate handleUdpTraceroute plugin to new boolean option handling.
Maximilian Wilhelm [Thu, 28 May 2015 21:55:46 +0000 (23:55 +0200)]
Update handleUdpTraceroute plugin to new boolean option handling.

 See e44e6fac7a524add8331ca5c812fe0e46eee7d8d.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

4 years agoThere now is an iptables rule parser :) python
Maximilian Wilhelm [Thu, 28 May 2015 21:49:26 +0000 (23:49 +0200)]
There now is an iptables rule parser :)

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

4 years agoAdd very basic config check function which leverages the build in config validator.
Maximilian Wilhelm [Thu, 28 May 2015 21:39:46 +0000 (23:39 +0200)]
Add very basic config check function which leverages the build in config validator.

  This function is intended to be used to basicly validate the configuration
  for syntactical correctness and such without the need to run the generate
  function. This function might be extended to do further plausibility checks.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

4 years agoMake sure even mixed vlan/network/prefix specifications are handled correctly.
Maximilian Wilhelm [Thu, 28 May 2015 21:37:57 +0000 (23:37 +0200)]
Make sure even mixed vlan/network/prefix specifications are handled correctly.

  See fd4b798b4dbddad51869f0d1db9215cebbf3c239 for details.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

4 years agoReflect alff.config API changes in classify_inter_vlan_traffic plugin.
Maximilian Wilhelm [Thu, 28 May 2015 21:08:37 +0000 (23:08 +0200)]
Reflect alff.config API changes in classify_inter_vlan_traffic plugin.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

4 years agoRename "vlan"/"network" attributes to "network"/"prefix" and deprecate old ones.
Maximilian Wilhelm [Thu, 28 May 2015 20:58:15 +0000 (22:58 +0200)]
Rename "vlan"/"network" attributes to "network"/"prefix" and deprecate old ones.

  As the old 'vlan' name as been from old times and somewhat misleading it was
  about time to restart with new config paramter names which should be more
  generic and clear. So the old

    <vlan>
     <network> 1.2.3.4/5 </network>
    </vlan>

  is now deprecated in favour of

    <network>
      <prefix> 1.2.3.4/5 </prefix
    </network>

  thereby still accepting the old format but kindly nagging about it pointing to
  the problem. With this commit the internal API in the alff.config module has
  been changed as well to reflect the naming change, still providing the former
  names, too.

  With vim you could easily update your alff.conf with
    % s/\<network\>/prefix/
    % s/\<vlan\>/network/

  Please update your local plugins as well to get rid of the deprecation warnings :)

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

4 years agoEnrich example alff.conf with unified style and more comments.
Maximilian Wilhelm [Thu, 28 May 2015 20:52:43 +0000 (22:52 +0200)]
Enrich example alff.conf with unified style and more comments.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

4 years agoAdd AlffDeprecated() call to inform about and shame use of deprecated functions and...
Maximilian Wilhelm [Thu, 28 May 2015 20:34:15 +0000 (22:34 +0200)]
Add AlffDeprecated() call to inform about and shame use of deprecated functions and options.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

4 years agoParse boolean looking config values as boolean and add default for option 'support_ip...
Maximilian Wilhelm [Thu, 28 May 2015 18:17:11 +0000 (20:17 +0200)]
Parse boolean looking config values as boolean and add default for option 'support_ipv6_nat'.

  Parsing config values look like boolean values ('yes', 'no', 'true', 'false')
  matched case-insensitive as booleans unifies the parsing problem and simplifies
  handling these options.

  The option 'support_ipv6_nat' (default False) controles wether a 'nat' table
  for IPv6 is created as IPv6 NAT isn't available in older Kernel versions
  still active in the wild.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

4 years agoClean-up alff-cat.
Maximilian Wilhelm [Tue, 26 May 2015 13:14:39 +0000 (15:14 +0200)]
Clean-up alff-cat.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

4 years agoFix typos.
Maximilian Wilhelm [Tue, 26 May 2015 13:07:59 +0000 (15:07 +0200)]
Fix typos.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

4 years agoStyle pimp-up for ruleset module.
Maximilian Wilhelm [Tue, 26 May 2015 13:02:52 +0000 (15:02 +0200)]
Style pimp-up for ruleset module.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

4 years agoAllow option defaulting.
Maximilian Wilhelm [Tue, 26 May 2015 13:02:21 +0000 (15:02 +0200)]
Allow option defaulting.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

4 years agoStyle pimp-up for service module.
Maximilian Wilhelm [Tue, 26 May 2015 11:58:39 +0000 (13:58 +0200)]
Style pimp-up for service module.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

4 years agoFixes suppression of some vlans which are not at the same site
Michael Schwarz [Tue, 24 Feb 2015 15:55:31 +0000 (16:55 +0100)]
Fixes suppression of some vlans which are not at the same site

4 years agoThink before you commit ...
Michael Schwarz [Mon, 26 Jan 2015 13:31:01 +0000 (14:31 +0100)]
Think before you commit ...

4 years ago* Fixed loading of iptables-rules at systemboot
Michael Schwarz [Mon, 26 Jan 2015 12:55:29 +0000 (13:55 +0100)]
* Fixed loading of iptables-rules at systemboot
* Fixed creation of hookins for security classes
* Fixed suppress x_to_x chains

4 years agoUpdate changelog for 0.2.0-rc1 release
Michael Schwarz [Wed, 17 Dec 2014 09:09:35 +0000 (10:09 +0100)]
Update changelog for 0.2.0-rc1 release

4 years agoCreate md5sums to prove rulesets
Michael Schwarz [Tue, 9 Dec 2014 13:23:50 +0000 (14:23 +0100)]
Create md5sums to prove rulesets

4 years agoChanged path of alff-cat
Michael Schwarz [Tue, 2 Dec 2014 12:10:37 +0000 (13:10 +0100)]
Changed path of alff-cat

4 years agoSome changes in loading Rulesets
Michael Schwarz [Tue, 2 Dec 2014 11:53:35 +0000 (12:53 +0100)]
Some changes in loading Rulesets

4 years agoDelete token on firewalls
Michael Schwarz [Tue, 2 Dec 2014 11:52:27 +0000 (12:52 +0100)]
Delete token on firewalls

5 years agoChanged debian files for first version of NEW alff ;)
Michael Schwarz [Wed, 17 Sep 2014 13:33:48 +0000 (15:33 +0200)]
Changed debian files for first version of NEW alff ;)

5 years agoFixed path in function module, installed wrapper to call alff.py
Michael Schwarz [Wed, 17 Sep 2014 13:33:07 +0000 (15:33 +0200)]
Fixed path in function module, installed wrapper to call alff.py

5 years agoChanged the cat a little bit to load the new iptables-save rules
Michael Schwarz [Wed, 17 Sep 2014 12:32:54 +0000 (14:32 +0200)]
Changed the cat a little bit to load the new iptables-save rules

5 years agoUpdated alff.conf sample config to new format
Michael Schwarz [Wed, 17 Sep 2014 12:32:17 +0000 (14:32 +0200)]
Updated alff.conf sample config to new format

5 years agoFirst version of push function
Michael Schwarz [Wed, 10 Sep 2014 14:26:06 +0000 (16:26 +0200)]
First version of push function

5 years agoDo not create table nat for ipv6 unless the user wants this
Michael Schwarz [Wed, 10 Sep 2014 14:25:30 +0000 (16:25 +0200)]
Do not create table nat for ipv6 unless the user wants this

5 years agoTest if allow_from_world is set, otherwise plugins may break
Michael Schwarz [Wed, 27 Aug 2014 13:41:07 +0000 (15:41 +0200)]
Test if allow_from_world is set, otherwise plugins may break

5 years agoFix wrong indent
Michael Schwarz [Wed, 27 Aug 2014 13:40:52 +0000 (15:40 +0200)]
Fix wrong indent

5 years agoBe a little more verbose when suppressing chains
Michael Schwarz [Wed, 27 Aug 2014 13:14:18 +0000 (15:14 +0200)]
Be a little more verbose when suppressing chains

5 years agoFixed some typos
Michael Schwarz [Wed, 27 Aug 2014 12:55:42 +0000 (14:55 +0200)]
Fixed some typos

5 years agoSimple script to convert old service definitions to new json format
Michael Schwarz [Wed, 27 Aug 2014 12:30:53 +0000 (14:30 +0200)]
Simple script to convert old service definitions to new json format

5 years agoWhiped out old perl-stuff
Michael Schwarz [Wed, 20 Aug 2014 11:54:22 +0000 (13:54 +0200)]
Whiped out old perl-stuff

5 years agoSome more plugins
Michael Schwarz [Wed, 20 Aug 2014 11:53:41 +0000 (13:53 +0200)]
Some more plugins

5 years agoPlugin for generation of servicechains
Michael Schwarz [Wed, 20 Aug 2014 11:52:49 +0000 (13:52 +0200)]
Plugin for generation of servicechains

5 years agoRewritten class Service as Configwrapper for Servicedefinitions
Michael Schwarz [Wed, 20 Aug 2014 11:50:46 +0000 (13:50 +0200)]
Rewritten class Service as Configwrapper for Servicedefinitions

5 years agoFix errormessage
Michael Schwarz [Wed, 20 Aug 2014 09:11:08 +0000 (11:11 +0200)]
Fix errormessage

5 years agoMoved plugin out of pythontree, to store all the plugins in one
Michael Schwarz [Thu, 14 Aug 2014 08:17:46 +0000 (10:17 +0200)]
Moved plugin out of pythontree, to store all the plugins in one
directory

5 years agoWiped out old perl-stuff, will be completely rewritten in python
Michael Schwarz [Thu, 14 Aug 2014 08:14:30 +0000 (10:14 +0200)]
Wiped out old perl-stuff, will be completely rewritten in python

5 years agoReally wait for termination of the subprocess, not just check
Michael Schwarz [Fri, 1 Aug 2014 09:25:31 +0000 (11:25 +0200)]
Really wait for termination of the subprocess, not just check

5 years agoAdd base work for push function.
Maximilian Wilhelm [Tue, 12 Aug 2014 10:38:25 +0000 (12:38 +0200)]
Add base work for push function.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

5 years agoAdd first draft to services module.
Maximilian Wilhelm [Tue, 12 Aug 2014 10:36:13 +0000 (12:36 +0200)]
Add first draft to services module.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

5 years agoAdd Copyright notice and GPLv2 license header for every new file.
Maximilian Wilhelm [Fri, 18 Apr 2014 21:24:50 +0000 (23:24 +0200)]
Add Copyright notice and GPLv2 license header for every new file.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

5 years agoAdd support to remove empty chains and refs from ruleset.
Maximilian Wilhelm [Fri, 18 Apr 2014 21:02:50 +0000 (23:02 +0200)]
Add support to remove empty chains and refs from ruleset.

  The global option 'suppress_empty_chains' controls wether chains
  which don't contain any rules as well as rules containing a jump
  to such a chain will be suppressed when generating the ruleset.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

5 years agoAdd support to remove unreferenced chains from ruleset.
Maximilian Wilhelm [Fri, 18 Apr 2014 20:26:59 +0000 (22:26 +0200)]
Add support to remove unreferenced chains from ruleset.

  The global option 'suppress_unreferenced_chains' controls wether chains
  which aren't referenced by any rule will be suppressed when generating
  the ruleset.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

5 years agoNever ever at all remove empty table from the ruleset.
Maximilian Wilhelm [Fri, 18 Apr 2014 20:13:38 +0000 (22:13 +0200)]
Never ever at all remove empty table from the ruleset.

  Alff must not remove any empty table from the ruleset as there might have
  been rules in this table in the last ruleset and we would not flush these
  outdated rules with a new ruleset.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

5 years agoAdd logging support to ruleset module.
Maximilian Wilhelm [Fri, 18 Apr 2014 20:09:09 +0000 (22:09 +0200)]
Add logging support to ruleset module.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

5 years agoAdd alff.py main programm providing full site awareness.
Maximilian Wilhelm [Mon, 14 Apr 2014 23:45:50 +0000 (01:45 +0200)]
Add alff.py main programm providing full site awareness.

  With all these shiny new modules Alff is now fully site aware and thereby
  providing a powerful tool for managing the rulesets of a lot of distributed
  firewall(s| clusters) all around the world controlled by one central set of
  configuration files.

  Donations welcome :)

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

5 years agoAdd classify_inter_vlan_traffic plugin.
Maximilian Wilhelm [Mon, 14 Apr 2014 23:41:24 +0000 (01:41 +0200)]
Add classify_inter_vlan_traffic plugin.

  This is one of Alff's main plugins generating the vlan traversal matrix
  chains and loading the corresponding rules or default targets into these
  chains. The plugin now it fully site aware and uses the vlan interfaces
  configured for any given site. Using the site database and the internal
  ruleset it is possible to further minimize the generated ruleset so no
  useless or empty chains will be produced if configured accordingly.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

5 years agoAdd 'generate' function and base plugin.
Maximilian Wilhelm [Mon, 14 Apr 2014 23:34:49 +0000 (01:34 +0200)]
Add 'generate' function and base plugin.

  The 'generate' function - one of Alff's two main functions - is responsible
  for generating the ruleset. It now is fully site aware and will generate and
  save one ruleset per site.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

5 years agoAdd basic function loading framework and base class.
Maximilian Wilhelm [Mon, 14 Apr 2014 22:32:28 +0000 (00:32 +0200)]
Add basic function loading framework and base class.

  Alff will load all function modules on startup and build up the command
  line argument parser according all function configurations.

  The resulting function will then be executed with all it's arguments.

  The function framework allows the user to create own functions for whatever
  purposes might come to mind and thereby extent Alff scope of operation
  beyond the imaginable.

  The current implementation lacks support of the hook concept available
  in previous versions, which will be added again later as (mainly) the
  "pregenerate" has been widely used.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

5 years agoAdd misc utils for module/class loading and other nifty stuff.
Maximilian Wilhelm [Mon, 14 Apr 2014 22:31:07 +0000 (00:31 +0200)]
Add misc utils for module/class loading and other nifty stuff.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

5 years agoExtent ruleset API to query and remove chains.
Maximilian Wilhelm [Mon, 14 Apr 2014 22:29:20 +0000 (00:29 +0200)]
Extent ruleset API to query and remove chains.

  Added
   * chain_exists (protocol, table, chain)
   * chain_has_rules (protocol, table, chain)
   * remove_chain (protocol, table, chain)

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

5 years ago(Allow to and) print problematic rule in RulesetErrors.
Maximilian Wilhelm [Mon, 14 Apr 2014 22:28:30 +0000 (00:28 +0200)]
(Allow to and) print problematic rule in RulesetErrors.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

5 years agoAllow plugins to provide default value for get_plugin_option().
Maximilian Wilhelm [Mon, 14 Apr 2014 22:26:39 +0000 (00:26 +0200)]
Allow plugins to provide default value for get_plugin_option().

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

5 years agoRename config.get_vlan_list() to get_vlans().
Maximilian Wilhelm [Mon, 14 Apr 2014 22:25:58 +0000 (00:25 +0200)]
Rename config.get_vlan_list() to get_vlans().

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

5 years agoUse integer as internal protocol identifiers.
Maximilian Wilhelm [Mon, 14 Apr 2014 19:24:07 +0000 (21:24 +0200)]
Use integer as internal protocol identifiers.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

5 years agoFix exception messages for missing chains in ruleset.
Maximilian Wilhelm [Mon, 14 Apr 2014 00:25:20 +0000 (02:25 +0200)]
Fix exception messages for missing chains in ruleset.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

5 years agoAdd support to read rules from file.
Maximilian Wilhelm [Sun, 13 Apr 2014 23:23:41 +0000 (01:23 +0200)]
Add support to read rules from file.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

5 years agoAdd handling of ruleset cache dirs and print rules into files.
Maximilian Wilhelm [Sun, 13 Apr 2014 21:40:03 +0000 (23:40 +0200)]
Add handling of ruleset cache dirs and print rules into files.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

5 years agoImprove option handling in new config module + small fixes.
Maximilian Wilhelm [Sun, 13 Apr 2014 01:01:01 +0000 (03:01 +0200)]
Improve option handling in new config module + small fixes.

  * Add missing get_option() function.
  * Use real boolean values for options if possible.
  * Add get_config_dir() function.
  * Fix some syntax errors.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

5 years agoAdd basic ruleset management.
Maximilian Wilhelm [Sun, 13 Apr 2014 00:53:25 +0000 (02:53 +0200)]
Add basic ruleset management.

  This includes an ip(6)tables command line parser as far as needed for Alff
  and an ip(6)tables-save like ruleset generation function which now already
  generates identical rulesets when feeded manually :-)

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

5 years agoGroundwork for Alff rewrite in Python.
Maximilian Wilhelm [Sat, 4 Jan 2014 05:42:23 +0000 (06:42 +0100)]
Groundwork for Alff rewrite in Python.

  Starting with config parser for XML config file with added site awareness
  and error definitions.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

5 years agoRemove configureFirewallNetworkOptions routine
Maximilian Wilhelm [Fri, 27 Dec 2013 16:25:32 +0000 (17:25 +0100)]
Remove configureFirewallNetworkOptions routine

  The sysctl settings should be set on the firewall machine itself and
  should not be part of every ruleset.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

5 years agoRemove pre-push filter.d stuff.
Maximilian Wilhelm [Fri, 27 Dec 2013 15:12:21 +0000 (16:12 +0100)]
Remove pre-push filter.d stuff.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

6 years agoupdate debian files for version 0.1.1 v0.1.1
Michael Schwarz [Wed, 22 May 2013 08:01:56 +0000 (10:01 +0200)]
update debian files for version 0.1.1

6 years agoAdjusted some more plugins for ipv6
Michael Schwarz [Wed, 24 Apr 2013 13:53:16 +0000 (15:53 +0200)]
Adjusted some more plugins for ipv6

  * create_chain_tcp_header_check
  * create_chain_tcp_scan_handling
  * handleICMP (Bugfix)
  * handleTracerouteUdp

6 years agoEnable DHCP on ipv6
Michael Schwarz [Wed, 24 Apr 2013 13:52:26 +0000 (15:52 +0200)]
Enable DHCP on ipv6

6 years agoDo some spoofcheks even in ipv6. This is probably not complete
Michael Schwarz [Wed, 24 Apr 2013 11:20:16 +0000 (13:20 +0200)]
Do some spoofcheks even in ipv6. This is probably not complete

6 years agoModified alff-cat to manage ipv6 rules
Michael Schwarz [Wed, 24 Apr 2013 09:26:12 +0000 (11:26 +0200)]
Modified alff-cat to manage ipv6 rules

6 years agoprotocol should be ipv6-icmp
Michael Schwarz [Wed, 24 Apr 2013 08:42:06 +0000 (10:42 +0200)]
protocol should be ipv6-icmp

6 years agoAdded check for nasty routing header 0
Michael Schwarz [Wed, 24 Apr 2013 08:40:59 +0000 (10:40 +0200)]
Added check for nasty routing header 0

6 years agoFirst bucket of adjusted plugins
Michael Schwarz [Wed, 24 Apr 2013 07:57:24 +0000 (09:57 +0200)]
First bucket of adjusted plugins

  *  acceptInterFirewallTraffic
  *  accept_established_connections_
  *  classifyInterVlanTraffic
  *  clear_filter_tables
  *  clear_table_
  *  create_chain_log_and_reject
  *  finish_FORWARD
  *  finish_INPUT
  *  handleICMP
  *  hookInBlackAndWhitelist

6 years agogetIpVersion() didn't match on negated networks
Michael Schwarz [Tue, 23 Apr 2013 14:19:26 +0000 (16:19 +0200)]
getIpVersion() didn't match on negated networks

6 years agoImplemented basic ipv6 functionality
Michael Schwarz [Mon, 22 Apr 2013 14:49:25 +0000 (16:49 +0200)]
Implemented basic ipv6 functionality

6 years agoreduced lenth of service chains
Michael Schwarz [Thu, 18 Apr 2013 13:45:59 +0000 (15:45 +0200)]
reduced lenth of service chains

   With iptables 1.4.10, chain names are limited to a lenth of 28 chars.
   Substituted Services with Srv, the lenth of the service chain names
   is reduced by five chars. This should work for most cases. In fact,
   that should be done more intelligent by a method in the future,
   limiting the names to 28 chars while generating the ruleset.

6 years agoAlso changed /usr/bin/env sh to bash
Michael Schwarz [Fri, 12 Apr 2013 11:44:04 +0000 (13:44 +0200)]
Also changed /usr/bin/env sh to bash

6 years agoOn wheezy, we want to use bash instead of sh
Michael Schwarz [Fri, 12 Apr 2013 11:35:55 +0000 (13:35 +0200)]
On wheezy, we want to use bash instead of sh

6 years agofixed error while generating inter vlan rules v0.1.0
Michael Schwarz [Wed, 13 Mar 2013 14:52:38 +0000 (15:52 +0100)]
fixed error while generating inter vlan rules

6 years agoFixed debian warnings, added multiple interface support
Michael Schwarz [Tue, 15 Jan 2013 15:30:47 +0000 (16:30 +0100)]
Fixed debian warnings, added multiple interface support

6 years agoMake sure alff-cat is executed by a real bash.
Maximilian Wilhelm [Tue, 15 Jan 2013 15:18:50 +0000 (16:18 +0100)]
Make sure alff-cat is executed by a real bash.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

11 years agoBeatufied debian/rules files.
Maximilian Wilhelm [Fri, 7 Dec 2007 17:24:20 +0000 (18:24 +0100)]
Beatufied debian/rules files.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>