Package Details: husk 0.9.13-1

Git Clone URL: (read-only, click to copy)
Package Base: husk
Description: An iptables front-end to allow rules to be expressed in a more flexible, free-form style using language.
Upstream URL:
Licenses: GPL
Conflicts: husk-git
Submitter: fukawi2
Maintainer: None
Last Packager: fukawi2
Votes: 4
Popularity: 0.000000
First Submitted: 2010-11-01 07:47 (UTC)
Last Updated: 2018-05-17 01:53 (UTC)

Latest Comments

fukawi2 commented on 2014-09-16 08:17 (UTC)

Bump to 0.9.13

fukawi2 commented on 2013-08-01 23:09 (UTC)

Done, thx.

asdil12 commented on 2013-08-01 18:52 (UTC)

please add iptables to dependencies - build fails without

fukawi2 commented on 2013-06-03 22:57 (UTC)

Done in -3

valr commented on 2013-06-03 19:45 (UTC)

Hello, Following the latest news and move of /bin, /sbin, /usr/sbin to /usr/bin, could you adapt the PKGBUILD to something like this: package() { cd "$srcdir/$pkgname-$pkgver" sed -e 's|/usr/local/|/usr/|g' -i Makefile sed -e 's|/usr/sbin|/usr/bin|g' -i Makefile make DESTDIR=$pkgdir install } Thanks!!!

fukawi2 commented on 2013-02-25 10:27 (UTC)

Bump to 0.9.11 Note the output format has changed from a bash script to an iptables-restore script. Bash output is still available:,cntnt01,detail,0&cntnt01articleid=5&cntnt01pagelimit=16&cntnt01returnid=29

fukawi2 commented on 2012-12-09 23:37 (UTC)

Bump to 0.9.10 Lots of changes; check the CHANGES file for a complete list:

fukawi2 commented on 2012-02-26 10:35 (UTC)

Bump to 0.9.9: cleanup of ipv6 bogon list cleanup and repairs to compile_nat for "map" functionality destination addres not optional in "map" rule large cleanup, rewrite and repair of "compile_nat" sub cleanup of code for "common nat" rules; support for specifying source address to snat removed generation of "map" inversion; not required fire: added helper to make suggestions against ruleset

fukawi2 commented on 2012-02-05 10:16 (UTC)

Bump to 0.9.8: update "fallback" function of Makefile added man page for husk.conf added "clean" target to Makefile updated Makefile "uninstall" target cleanup README; remove duplicate documentation fire: user feedback on rule count after load added code support for documented "rules_file" config option added "wlan" to list of valid interface prefixes fire: fix errors when generating user feedback on systems without ipv6 fire: log to syslog if compilation fails fire; fix for logging iptables errors

fukawi2 commented on 2012-01-28 01:58 (UTC)

Bump to 0.9.7 Fixed some IPv6 issues mostly.

fukawi2 commented on 2011-12-28 07:20 (UTC)

Decent (usable) IPv6 support in this version. * ==> Version 0.9.5 fixed bug when checking for unknown config file options rework of ipv6 support. updated man docs for ipv6 changes general mass cleanup of code fix small typos remove src/ fix bug when ipv6 is disabled updates for ipv6 mods

fukawi2 commented on 2011-12-21 11:42 (UTC)

* ==> Version 0.9.4 add support for --log-prefix when using LOG target added some documentation to man page about TARGETS under RULE SYNTAX fix regex that matches quoted strings make header printing its own sub for reuse purposes fe80::/10 isnt site-local, it is link-local; not a bogon replace ipv6 anti-spoof dhcp bypass with generic link-local fe80::/10 bypass fix whitespace indenting cleanup reading of interfaces.conf fix bug in &basename function use "conntrack" module for state rules rather than "state" module remove redundant comment header allow revert to using 'state' module instead of 'conntrack' / 'ctstate' check for unknown configuration in husk.conf dont barf if the config file is empty or all comments; use defaults

fukawi2 commented on 2011-11-13 10:36 (UTC)

Bump to 0.9.3 added tcp 6052 to avg helper fix whitespace in avg helper trim $src in spoof to prevent excess whitespace in output remove references to iptables-restore; not used anymore added ignore_autoconf option to prevent logging of traffic from rfc3927 autoconfiged hosts added "configuration" section to husk manpage fixed typos in pod syntax expanded man page to include full list of references within SEE ALSO section fix regex for finding bad syntax more accurate error message when invalid syntax is found Create a LOG rule for anything that slips to the end of chains. fix perl syntax for calling subrouting log_and_drop fix perl syntax for calling subroutine log_and_drop Merge branch 'master' of fixed default husk.conf file removal of magic constants to set config file defaults when reading conf file perl syntax errors in the last commit.

fukawi2 commented on 2011-09-16 09:41 (UTC)

Bump to 0.9.2 Lots of minor changes and fixes. Expanded and more accurate helpers. fire script now saves rules using init script if it can be found.

fukawi2 commented on 2011-06-13 12:53 (UTC)

Bump to 0.9.0 Initial IPv6 support in this :)

fukawi2 commented on 2011-04-14 13:42 (UTC)

* ==> Version 0.8.4 Merge branch 'master' of always print license and disclaimer at top of output add system init script save command to end of fire script cleanup of fire script fixed typo in sql helper removed ICMP target from standalone example rules (replaced by helper file) added support for custom named xen bridges (eg, xenNET) added pptp helper to Makefile added helper ruleset for pptp use "x" instead of "crs" for cross-zone chain prefix

fukawi2 commented on 2011-02-17 08:26 (UTC)

==> Version 0.8.0 fixed handling of ports in "map" rules support for using source port and destination port in the same rule; support for multiport interception small fix to my home-made coalesce function code correctness for returning from procedure subs added better code correctness for usage of next and last functions wrong backref on source|dest ports fixed broken file includes updated logging options for log and drop updated logging comment for portscan rules added licensing details for portscan rules fix incorrect logic on comparing --no-confirm flag in fire script only jump antispoof chain for traffic on interfaced we're protecting fixed the way we append the line number comment to raw iptables rules added portscan to example rules added portscan functionality to README adjust logging options to prevent dos issues added a "common" function for portscan protection added a --no-confirm option to fire script updated example rules to use current chain substitution in raw iptables allow current chain substitution in raw iptables

fukawi2 commented on 2010-12-31 04:29 (UTC)

==> Version 0.7.2 changed the criteria for autogenerated crs chains only check defined interfaces for bridged status fixed bridge handling dont use physdev for ME zone more intelligent bridge detection fixed simple example rules added "vif" interface regex added a TODO note added support for bridged interfaces using physdev module updated regex for interface name matching validation

fukawi2 commented on 2010-12-22 12:02 (UTC)

Version 0.7.0. Rewrite and Refactor to avoid copyright issues.

fukawi2 commented on 2010-12-02 08:50 (UTC)

==> Version 0.6.5 adjusted comment on dhcp discover spoof bypass fixed iptables syntax errors fixed syntax errors bypass spoof protection for dhcp discover packets removed as a bogon since it can be legitimate source incorrect back reference used in multiport regex added new-no-syn protection to simple example rules using syntax "standard syn" swap a long if-elsif-elsif-etc block for a switch block extra commenting renamed sub "strip_extra_spaces" to "collapse_spaces" new method of handling empty and comment-only lines added "standard" new-no-syn protection added a coalesce function to tidy up some ternary operations

fukawi2 commented on 2010-12-01 08:23 (UTC)

==> Version 0.6.4 updated simple example rules to include drop handler modified some regex updated README to explain handlers added support for drop and reject handlers stop time module being included in all rules general code cleanup; pass arguments to subs using hashes

fukawi2 commented on 2010-11-29 08:36 (UTC)

==> Version 0.6.3 fixed regex patterns for "port" and "ports" keywords added support for "day" keyword; fixed syntax of output rules when using modules with multiple options fixed syntax for statistics module fixed syntax error added support for statistics module with keywords "every" and "offset" added error checking for script output added support for time-based "start" and "finish" keywords added icons fixed interface name matching in standard rule compilation added logging for standard protections

fukawi2 commented on 2010-11-28 12:30 (UTC)

==> Version 0.6.2 added simple example file to Makefile added simple example file refactor of the way bogons are generated to include comments expanded bogon configuration expanded error handling of unknown keywords added CHANGES file

fukawi2 commented on 2010-11-27 00:01 (UTC)

==> Version 0.6.1 make some regexes a bit more liberal fixed syntax error and scope declaration issues

fukawi2 commented on 2010-11-25 12:16 (UTC)

==> Version 0.6.0 replace string comparisions with regex comparisons rename variable to make its purpose clearer reworded error message when "end match calls" is found in wrong place add a line number comment to "iptables" rules refactor how call chains are dispatched refactor some routines use make greater use of hashes renamed function compile_redirect to compile_interception added support for source or destination ports instead of only destination ports fixed more regexes updated some regex patterns to be more accurate fixed bug setting default policies extra error handling for ending blocks fixed comment on bogon rule updated README to document the "ANY" interface fixed parsing of hostgroups dont remove config during uninstall added example rule for "ANY" special interface added support for special interface "ANY" added a debugging function fixed hostgroup usage added missing RFC1918 address to bogons test for root in fire script added bogons to hostgroups.conf sanity check for duplicates in interfaces file only generate protection chains if the rules file actually uses them fixed fire script to exit if compilation fails

fukawi2 commented on 2010-11-21 03:56 (UTC)

Bump to 0.5.2: ==> Version 0.5.2 updated 'fire' script we're now much more 'safer' with an automatic reversion to the previous ruleset if the application is not confirmed by the user. based on the script written by Martin F. Krafft <> and distributed under the Artistic Licence 2.0 Much more sanity checking and error handling too. call bogon and xmas protection early (-I instead of -A) fixed error in bogon and xmas protection generation fixed error in bogon and xmas protection generation converted constants to use uppercase names added support for "xmas" standard function updated README file added support for "bogon" standard function

fukawi2 commented on 2010-11-20 09:19 (UTC)

Bump to 0.5.1 Fixed some "show-stopper" bugs in 0.5.0 with 'forward' rules.

fukawi2 commented on 2010-11-20 06:00 (UTC)

Bump to 0.5.0 ==> Version 0.5.0 updated example rules to suit new 'match chain' syntax out of habit from the system husk is based on, I wrote 'match table' when it should have been 'match chain' so the syntax has been updated to suit the correct semantics. fixed default config file major cleanup and refactor

fukawi2 commented on 2010-11-11 09:34 (UTC)

Bump to 0.4.2: Changes: only snat for rfc1918 private addresses refactored rules generation in compile_call updated Makefile to avoid clobbering existing config fixed typo in generation of loopback rules updated install paths in Makefile