-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathREADME
90 lines (66 loc) · 3.66 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
DESCRIPTION
IPFWTABLED is a daemon for FreeBSD OS which is intended to provide remote
interface to IPFW's (FreeBSD firewall) tables. This might be useful for
environments which use ipfw tables intensively (to prevent fork-bombing with
'ipfw' command) or want to control firewall remotely.
IPFWTABLED supports automatic expiring of entries in IPFW tables based on
configured values for expiration interval. This may be specified one for all
tables or different for each of them.
USAGE
ipfwtabled [-b <host>[:<port>][ -b <host>[:<port>] ...]]
[-d] [-t|-u] [-e [<tableidx>]:<timeinsec>[-e <tableidx>:<timeinsec> ...]]
-b <host>:<port> - bind address
-d - daemonize
-t - use TCP
-u - use UDP
-e [<idx>]:<sec> - specify expiry period for entries of table
idx is index of ipfw table
sec is amount of seconds before entry to be purged
if idx is not specified value is set for all tables
-h - print this message
See Perl example script 'client.pl' for reference on client implementation.
INSTALLATION
Source comes with simple Makefile thus plain
$ make
should be enough.
COMPATIBILITY
Tested on FreeBSD 9 but should work on earlier versions as well.
SOURCE
Source is available on github: https://github.com/InvisiLabs/ipfwtabled
TODO
* Add statistics dumping on operations performed and queue state
* Add persistence for expiration cache to survive service restarts
* Add hash field for authentication/integrity check purposes
BUGS
Please, report bugs and suggestions to <v.khondar at invisilabs.com> or via
github issue tracker at https://github.com/InvisiLabs/ipfwtabled/issues
LIMITATIONS
Only ADD/DELETE/FLUSH operations for IPFW tables are supported.
TTL for table entries can be specified only table-wide on ipfwtabled startup.
Single address in CIDR notation is processed per single request.
IPFWTABLED must be run as root as integration with IPFW is performed via
setsockopt() interface which requires root privileges.
COPYRIGHT & LICENSE
Copyright (c) 2012,
Vadym S. Khondar <v.khondar at invisilabs.com>, InvisiLabs.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name of the InvisiLabs nor the
names of its contributors may be used to endorse or promote products
derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.