fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap. License: GNU General Public License (GPL) Changes: The ENABLE_OUTPUT_ACCESS keyword was added to access.conf file parsing. This provides a configuration gate for the iptables OUTPUT chain that is similar to the ENABLE_FORWARD_ACCESS keyword, and adds the abiliy to control which access.conf SOURCE blocks interface to the OUTPUT chain. Installation support was improved for various Linux distributions, including Fedora 8 and Ubuntu 7.10. The test suite was updated to include OUTPUT chain tests, to reference access.conf files in the test/conf/ directory, and to perform SPA packet format validation tests by parsing fwknopd output.

	Read more at FreshMeat
	www.pheedo.com/click.phdo?i=61eefc390d1ba5013624c0f00b71660b