Michael Rash

icon indicating a website link http://www.cipherdyne.org/ icon indicating an email [email protected]

icon company CipherDyne Security icon location Creator of Single Packet Authorization for Zero Trust architectures, author of "Linux Firewalls: Attack Detection and Response" from No Starch Press.

Results 41 issues of Michael Rash

Add firewalld support

2 comment

Recent RHEL and CentOS distros have moved to firewalld. fwsnort needs to support this.

Add ipset support

Add ipset support for Snort rules with large numbers of IP addresses. This feature was suggested by Imad Daou.

Use assert() in various places for a debug mode

Use assert() to validate expected values wherever possible when a debug mode is enabled.

Using the "C Bounded Model Checker" (CBMC)

Very strong validation of C code can be achieved through the usage of the C Bounded Model Checker (CBMC): https://www.cprover.org/cprover-manual/cbmc/tutorial/ The fwknop project should investigate its use in addition to...

Add IPFW* vars to the fwknopd man page

Need comprehensive IPFW\* variable documentation added to the fwknopd man page.

iPhone client HMAC support

Add support to the iPhone client for the new HMAC modes.

Build an Amazon fwknopd AMI

Create an Amazon AMI with fwknopd loaded and a default configuration that supports SNAT+DNAT so that other Amazon VPC instances can be reached through this host with SPA.

Optional OpenSSL direct usage for crypto operations

This would introduce a dependency on the OpenSSL library, but some users may prefer this. Usage of OpenSSL would cause current crypto code to not be compiled in via autoconf...

Attribute vulnerability author

We should likely include the author of each vulnerability. At least, my guess is that most people who are reporting a vulnerability at all to a CVE numbering authority wouldn't...

Add command_args configurability

Gpg command_args should be configurable via the gpgdir command line.