Michael Rash
Michael Rash
Thanks for the suggestion - I'll take a look at this.
Jonathan provided a patch that is a partial solution to this in 44b040b. His patch allows fwknopd to be configured to insert new rules instead of add them to the...
Thanks for the feedback. We're working on a solution to this by deleting existing rules as well but it will take time to implement. fwknop is still going strong -...
If I recall correctly, Damien had also suggested something similar to this as well.
Hi - fwknop just looks for the existence of the iptables binary, and assumes this is the firewall to use if it's there. To get things working with nftables, just...
Thanks for the analysis. Agreed that a non-static bitfield is not something fwknop should try to interpret statically - definitely a bug. This will cause backwards compatibility issues, but that...
Agreed. In the case of the comment match, I think just not using -v would have made it more clear since there is a warning message. It just got kind...
One way to get things working is to compile fwknop with the --disable-execvpe argument to the configure script. This will force fwknopd to just execute commands via system(), and therefore...
Thanks for the bug report and to Damien for pointing out the fix. Obviously this one is pretty fundamental, so I'll get this fixed and make a new release in...
Good idea. I'll do some thinking on this. One quick way to get some benefit would be to send the fuzzing packet set over the network.