File crowdsec-firewall-bouncer.changes of Package crowdsec-firewall-bouncer
------------------------------------------------------------------- Mon Aug 11 11:42:41 UTC 2025 - Richard Rahl <rrahl0@opensuse.org> - Update to version 0.0.34: * enhance: allow user to specify v4 and v6 chains independantly * enhance: Update strconv to uint64 for 32 bit cpus * do not exit with an error if stopped by SIGTERM or SIGINT * warn user if DOCKER-USER chain is detected but not configured * nftables: use named counters to track processed/dropped metrics * Revert "enhance: Update strconv to uint64 to allow go runtime to handle 32 bit allocation" * enhance: Update strconv to uint64 to allow go runtime to handle 32 bit allocation * enhance: Allow disabling ipv4 ------------------------------------------------------------------- Wed Jun 11 18:39:17 UTC 2025 - Aeneas Jaißle <aj@ajaissle.de> - Update to version 0.0.33: * add a fix for crowdsec firewall bouncer on fedora - update to version 0.0.32: * properly flush outgoing connections when adding a banned ip * simplify pf state flush * Disable timeouts for Edgerouter 10x ipsets * Ensure monotonic traffic metrics * add an option to allow adding a comment to iptables rules * refactor metrics registration ------------------------------------------------------------------- Mon Mar 24 12:10:24 UTC 2025 - Richard Rahl <rrahl0@opensuse.org> - Require ipset for all distributions ------------------------------------------------------------------- Sun Mar 23 20:09:30 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de> - add Requires for ipset on 15.x ------------------------------------------------------------------- Mon Feb 24 02:09:26 UTC 2025 - Richard Rahl <rrahl0@opensuse.org> - remove golang-packaging from the BR, as we only need go itself - remove the no_strip macro, as that's not needed anymore ------------------------------------------------------------------- Sat Feb 22 04:49:48 UTC 2025 - Richard Rahl <rrahl0@opensuse.org> - switch from always running the script, to moving it as a binary the user has to execute, before running the daemon ------------------------------------------------------------------- Sat Jan 4 22:35:11 UTC 2025 - Richard Rahl <rrahl0@opensuse.org> - require firewall backend - seperate out the service file - adapt the config file for the default firewall backend - remove the rc service file - remove _bouncer.sh script, as we replace it with our own script, which removes most of the packaging parts - add a simple script which autoconfigures the bouncer to a local crowdsec instance ------------------------------------------------------------------- Wed Dec 11 13:14:27 UTC 2024 - aj@ajaissle.de - Update to version 0.0.31: * iptables: do not ignore logging configuration * update dependencies + lint * Pipenv cache + remove useless build flags ------------------------------------------------------------------- Wed Dec 11 13:13:20 UTC 2024 - aj@ajaissle.de - Update to version 0.0.30: * Add support for usage metrics + improve metrics performance + improve iptables mode performance ------------------------------------------------------------------- Mon Aug 19 15:31:15 UTC 2024 - Aeneas Jaißle <aj@ajaissle.de> - Update to version 0.0.29: * revert go 1.22 minimal requirement * make: remove redundant go version check * update lint configuration; require go 1.22 * update functional test * Add TLS auth keys to config.yaml * use go 1.21.9 * update deps: crowdsec 1.6.1, go-cs-lib 0.0.10 * emit banned IPs metrics when in ipset mode * Allow overriding version.System in docker builds * config: apply variable expansion to all keys * deps: update test dependencies * go.mod: remove reference to unused sqlite * deps: bump crowdsec to 1.6.0 * CI: use go 1.21.7; bump actions * use go 1.21.6 * basic PF prometheus metrics (packets, bytes, banned ip count) * Governance init * Makefile: use GO macro if set, to check for version * logging: full standard timestamp with timezone (yyyy-mm-dd) * Log level: don't demote trace to debug if using the -v flag * golangci-lint update * use go 1.21.5 * update dependency on crowdsec and go-cs-bouncer * Lint * remove the the Before causing some systemd cycling issue. * allow ipset to clean up tables when receiving sigterm * Release action: fix asset upload ------------------------------------------------------------------- Tue Aug 13 12:21:52 UTC 2024 - Aeneas Jaißle <aj@ajaissle.de> - new package crowdsec-firewall-bouncer: Crowdsec bouncer written in golang for firewalls. crowdsec-firewall-bouncer will fetch new and old decisions from a CrowdSec API to add them in a blocklist used by supported firewalls. - initial version: v0.0.28: * Change log message "failed to flush" from info -> debug * Add option -version in favor of -V * func tests: no api key and certs at the same time * update crowdsec/go-cs-lib/go-cs-bouncer dependencies * Increase ipset_size default to 131072 * force raw output on cscli during install * fix vendor packaging * iptables: allow deny_action=TARPIT * use go 1.20.7, golangci-lint 1.54 * update test dependencies
