Project: IP Blocker

Website: http://www.ipblocker.org/

Includes the Perl library Net/IPBlocker, aka Net::IPBlocker,
 and the applications IP Blocker versions 1.x and 2.x.



Revision history for IP Blocker version 2.x:

2.0.20050808  Sun Aug 08 01:00 2005
 - Updated documentation and published updated release.

2.0.20050730  Sat Jul 30 21:00 2005
 - Added Secure Framework derivative front-end so others may use the
   same auth system as IP Blocker 2.x with their own web applications.
   This generic front-end is included with the IP Blocker 2.x package
   in the "secure_framework" subdirectory.

2.0.20050419  Tue Apr 19 21:00 2005
 - Fixed clshowacl.pl, clrun-ios.pl, and clrun-linux.pl to pass debug
   setting from main config file to the Remote module.

2.0.20050403  Sun Apr 03 01:00 2005
 - Fixed debugging options and added debug log
 - Added audit log view in HTML, displays log in reverse with most
   recent events at the top of the page.

2.0.20050402  Sat Apr 02 22:45 2005
 - Added clget-configs.pl which will fetch Cisco configs from all
   nodes and store them as text files in a directory, using the
   native "show running-config" command (across an ssh connection if
   you set that up) rather than tftp -- tftp is a clear-text protocol
   that provides no means of authentication.
 - Added email notifications for blocking actions

2.0.20050330  Wed Mar 30 19:00 2005
 - Preview Release posted online for testing!
 - Version 2.x is the current Devel branch
 - Primary benefits of this release over 1.x are newly added features
   to support blocking at multiple points with one action as is needed
   for situations where a user has multiple borders.  This release
   also includes support for both Cisco IOS and Linux iptables.
 - This is a full rewrite from 1.x, all new, but there is _no_
   upgrade path from 1.x.  You can run 1.x and 2.x side-by-side
   in different directory trees for those looking to migrate.


Revision history for Perl library Net/IPBlocker:

2.0.20050808  Sun Aug 08 01:00 2005
 - First release of chammer, aka Cisco Hammer, a script built on top of these
   modules that was used successfully to make config changes to 600+ Cisco
   switches and routers -- tested and works well on both CatOS and IOS.
 - Updated documentation and published new release.

2.0.20050627  Mon Jun 27 02:45 2005
 - Added several new features to IPBlocker::Remote which include the following:
   Now reaps children for spawned telnet or ssh sessions; no more zombies.
   Optional prompt detection feature to automagically deal w/ unknown prompts.
   Several small tweaks made to better meet the needs of "chammer" tool.
 - Changed IPBlocker.pm to truncate only leading # and ! comments
   in loadfile subroutine, rather than any position # and !

2.0.20050419  Tue Apr 19 20:30 2005
 - Added support for outbound ACL's in the Cisco IOS module.
   New node config directive "inout = out" to apply ACL as outbound.  
   Default behavior will apply inbound, or use "inout = in".

2.0.20050403  Sun Apr 03 01:00 2005
 - Fixed debugging option, default set to zero.

2.0.20050402  Sat Apr 02 22:45 2005
 - Added check to see if acl header, body, and footer files exist
   and if not, continue to work in the event the user is starting
   out with a blank access list for the given overwrite node.
 - Added filename to error output for sub loadfile.

2.0.20050401  Fri Apr 01 00:15 2005
 - Removed requirement for Perl 5.8; tested okay under Perl 5.6.1

2.0.20050329  Tue Mar 29 17:30 2005
 - Minor code cleanup, added more comments.

2.0.20050326  Sat Mar 26 19:40 2005
 - Added html template parsing to WebApp, replacing all instances of 
   <VAR>variable</VAR> with $self->{variable}
 - Finished WebApp username and password login handling and added
   time_based signature to login form to reduce brute-force risks.

2.0.20050325  Fri Mar 25 01:00 2005
 - Added user management functions to WebApp for web-based authentication

2.0.20050324  Thu Mar 24 01:00 2005
 - WebApp now supports transparent auto-login if the web server is using
   basic_auth, also includes an option to disable this behavior, 
   forcing a second login if desired
 - Added encryption handling to WebApp through the use of crypt and
   Crypt::CBC
 - Tweaked file locking to use sysopen+flock; first edit to Logger in 2 years

2.0.20050323  Wed Mar 23 23:00 2005
 - WebApp now completely supports session management with cookies
 - Tweaked IPBlocker.pm readconfig to drop whitespace before and
   after correctly

2.0.20050321  Mon Mar 21 21:00 2005
 - Added a new module:
 	Net::IPBlocker::WebApp
   This module provides support for web-based applications,
   handling session management, authentication, and several
   other functions as needed by the upcoming IP Blocker 2.x
   release; we expect this module to change a lot over the
   next few days as additional capabilities are added

2.0.20050319  Sat Mar 19 08:15 2005
 - Minor code cleanup, added more comments

2.0.20050315  Tue Mar 15 19:00 2005
 - Added support for configuration files
 - Fixed loadaclfile saveaclfile and all acl join/split functions

2.0.20050314  Mon Mar 14 23:00 2005
 - Fixed bug in IOS for dynamic blocks discarding current acl

2.0.20050313  Sun Mar 13 22:00 2005
 - Added optional export functions to Syntax
 - Began to build master module, Net::IPBlocker
 - Updated Remote to properly store session value

2.0.20050312  Sat Mar 12 21:15 2005
 - Minor code cleanup and a few bug fixes
 - Fixed IOS dynamic block fetching and parsing current acl
 - For IOS added support to deploy blocks on multiple interfaces
   at same device
 - Fixed typos in Remote and added DEVICEprintwait function
 - Added additional example scripts

2.0.20050310  Thu Mar 10 00:30 2005
 - Minor code cleanup (lots more still needed!)
 - Added default "permit ip any any" for dynamic acl if
   starting empty, disable by setting {permitanyany}=0

2.0.20050307  Mon Mar 7 17:00 2005
 - First public release of a module-based library
 - Includes support for Linux IPTables and Cisco IOS
 - Provides:
	Net::IPBlocker (master module, see man page)
	Net::IPBlocker::Logger (log events to file or STDOUT)
	Net::IPBlocker::Remote (remote access via SSH and Telnet)
	Net::IPBlocker::Syntax (generate access list elements)
	Net::IPBlocker::IOS (support for Cisco IOS)
	Net::IPBlocker::IPT (support for Linux iptables)



Revision history for IP Blocker version 1.x:

1.2.20050227  Sun Feb 27 20:40 2005
Published update announcement to Freshmeat.net
 - Version 1.x is the current Stable branch

February 27, 2005:
Minor documentation updates
-- added REQUIREMENTS
-- updated INSTALL
-- updated README

February 24, 2005:
Minor bug fixes
-- added optional debug status output to page footer
-- added blocking action form, node as hidden value to
   support multiple interfaces

November 11, 2002:
Minor bug fixes
-- added chdir to autoexpire and block.cgi
-- added default username if no env{user}

November 6, 2002:
Added automatic block expiration tool: autoexpire
-- reads node list from wfe-nodes.conf
-- reads ttldb files and expires old blocks
-- pushes updated acl to node

November 4, 2002:
Added node-specific TTL logging
-- ttldb file defined in node config file

November 2, 2002:
Added support for safenets
-- requires NetAddr::IP

October 28, 2002:
Added support for multiple nodes
-- nodes idenitified in wfe-nodes.conf

October 10, 2002:
Added multiple logging and email notification
-- web front-end log file defined in wfe-config.conf
-- node-specific log file defined in node config file

October 1, 2002:
Initial release; supports Cisco IOS devices accessed via telnet