From owner-freebsd-questions@FreeBSD.ORG Sat Jun 9 21:43:42 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6A1BE106564A for ; Sat, 9 Jun 2012 21:43:42 +0000 (UTC) (envelope-from tundra@tundraware.com) Received: from ozzie.tundraware.com (ozzie.tundraware.com [75.145.138.73]) by mx1.freebsd.org (Postfix) with ESMTP id 0F1EC8FC12 for ; Sat, 9 Jun 2012 21:43:41 +0000 (UTC) Received: from [192.168.0.2] (viper.tundraware.com [192.168.0.2]) (authenticated bits=0) by ozzie.tundraware.com (8.14.5/8.14.5) with ESMTP id q59LhPSu094723 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for ; Sat, 9 Jun 2012 16:43:27 -0500 (CDT) (envelope-from tundra@tundraware.com) Message-ID: <4FD3C37C.7080009@tundraware.com> Date: Sat, 09 Jun 2012 16:43:24 -0500 From: Tim Daneliuk User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120430 Thunderbird/12.0.1 MIME-Version: 1.0 To: FreeBSD Mailing List Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (ozzie.tundraware.com [192.168.0.1]); Sat, 09 Jun 2012 16:43:27 -0500 (CDT) X-TundraWare-MailScanner-Information: Please contact the ISP for more information X-TundraWare-MailScanner-ID: q59LhPSu094723 X-TundraWare-MailScanner: Found to be clean X-TundraWare-MailScanner-From: tundra@tundraware.com X-Spam-Status: No Subject: [ANN] tperimeter 1.113 Released And Available X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jun 2012 21:43:42 -0000 'tperimeter' Version 1.113 is released and available at: http://www.tundraware.com/Software/tperimeter/ The last public release was 1.112 What's New ---------- Changed the wrapper file rebuild logic to delete outstanding access requests independently of how often the script is run (either by cron, or manually). This means that the 'cron' frequency now determines the average waiting time before a user's request is fulfilled. The '${DURATION}' variable in 'rebuild-hosts.allow.sh' sets how long access will be permitted (The default value is 10 minutes). Minor documentation updates, typo fixes, and housekeeping. What Is 'tperimeter'? --------------------- Have you ever been away from the office and needed, say, ssh access to your system? Ooops - you can't do that because in your zealous pursuit of security, you set your TCP wrappers to prevent outside access to all but a select group of hosts. Worse still, everywhere you go, your local IP address changes so there is no practical way to open up the wrappers for this situation. 'tperimeter' is a dynamic TCP wrapper control system that gives you (limited) remote control of your TCP wrapper configuration. It does this via a web interface that you've (hopefully) secured with https/SSL. You just log in, specify your current IP address and one of the services you want to access. 'tperimeter' will then briefly open a hole in your wrappers long enough to let you in. It then automatically closes the hole again. Voila! Remote access to your system, wherever you are. You get much of the facility of a VPN or so-called "port knocking" without most of the aggravation. As a side benefit, 'tperimeter' will also simplify management of your standard /etc/hosts.allow TCP wrapper control file. 'tperimeter' is written in python, shell script, and html. It is very small and easy to maintain. It was developed and tested on FreeBSD 4.x/8.x, and apache 1.x/2.x, but should run with very minor (or no) modification on most Unix-like systems like Linux or Mac OS X hosts. It comes complete with documentation in html, pdf, dvi, and Postscript formats. There is no licensing fee for any use, personal, commercial, government, or institutional. -- ---------------------------------------------------------------------------- Tim Daneliuk tundra@tundraware.com PGP Key: http://www.tundraware.com/PGP/