From 213d27062337937a06d91adbaed5bf808600e7c9 Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Mon, 10 Aug 2009 22:33:16 +0000 Subject: [PATCH] * PolicyCompiler_pf_writers.cpp (PrintRule::processNext): For bug #2835193: "Modulate state doesnt work for PF". Check variable "modulate state" in rule optiopns and global firewall options. If checkbox is turned on in the firewall options, then we always use "modulate state". This option can also be turned on for an individual rule using rule options dialog. * pfAdvancedDialog.cpp (pfAdvancedDialog::pfAdvancedDialog): Fixed bug #2835193: "Modulate state doesnt work for PF". The name Xml attribute used to hold the value of "module state" option was entered incorrectly in the dialog. --- build_num | 2 +- doc/ChangeLog | 14 +++++++++++ src/gui/pfAdvancedDialog.cpp | 2 +- src/pflib/PolicyCompiler_pf_writers.cpp | 7 ++++-- test/pf/objects-for-regression-tests.fwb | 31 +++++++++--------------- 5 files changed, 32 insertions(+), 24 deletions(-) diff --git a/build_num b/build_num index f00292103..b71c7d42c 100644 --- a/build_num +++ b/build_num @@ -1 +1 @@ -#define BUILD_NUM 1212 +#define BUILD_NUM 1301 diff --git a/doc/ChangeLog b/doc/ChangeLog index d0ca2ea13..6f34d06e9 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,17 @@ +2009-08-10 vadim + + * PolicyCompiler_pf_writers.cpp (PrintRule::processNext): For bug + #2835193: "Modulate state doesnt work for PF". Check variable + "modulate state" in rule optiopns and global firewall options. If + checkbox is turned on in the firewall options, then we always use + "modulate state". This option can also be turned on for an + individual rule using rule options dialog. + + * pfAdvancedDialog.cpp (pfAdvancedDialog::pfAdvancedDialog): Fixed + bug #2835193: "Modulate state doesnt work for PF". The name Xml + attribute used to hold the value of "module state" option was + entered incorrectly in the dialog. + 2009-07-28 vadim * NATCompiler_pf_writers.cpp (PrintRule::_printSrcPort): remove diff --git a/src/gui/pfAdvancedDialog.cpp b/src/gui/pfAdvancedDialog.cpp index 63b0a4b5d..50a542890 100644 --- a/src/gui/pfAdvancedDialog.cpp +++ b/src/gui/pfAdvancedDialog.cpp @@ -115,7 +115,7 @@ pfAdvancedDialog::pfAdvancedDialog(QWidget *parent,FWObject *o) "ignore_empty_groups"); // data.registerOption( pf_use_tables, fwopt, "use_tables"); data.registerOption( m_dialog->pf_accept_new_tcp_with_no_syn,fwopt, "accept_new_tcp_with_no_syn"); - data.registerOption( m_dialog->pf_modulate_state,fwopt, "modulate_state"); + data.registerOption( m_dialog->pf_modulate_state,fwopt, "pf_modulate_state"); data.registerOption( m_dialog->pf_scrub_random_id,fwopt, "pf_scrub_random_id"); data.registerOption( m_dialog->pf_do_scrub,fwopt, "pf_do_scrub"); diff --git a/src/pflib/PolicyCompiler_pf_writers.cpp b/src/pflib/PolicyCompiler_pf_writers.cpp index f23752f5b..708f1a77d 100644 --- a/src/pflib/PolicyCompiler_pf_writers.cpp +++ b/src/pflib/PolicyCompiler_pf_writers.cpp @@ -954,9 +954,12 @@ bool PolicyCompiler_pf::PrintRule::processNext() compiler->output << "synproxy state "; else { - if (compiler->getCachedFwOpt()->getBool("pf_modulate_state") && tcpsrv!=NULL) + if ((ruleopt->getBool("pf_modulate_state") || + compiler->getCachedFwOpt()->getBool("pf_modulate_state")) && + tcpsrv!=NULL) + { compiler->output << "modulate state "; - else + } else { /* * "flags S/SA keep state" is implicit in 4.x diff --git a/test/pf/objects-for-regression-tests.fwb b/test/pf/objects-for-regression-tests.fwb index 47c88bb05..bb969a51b 100644 --- a/test/pf/objects-for-regression-tests.fwb +++ b/test/pf/objects-for-regression-tests.fwb @@ -407,21 +407,6 @@ - - - - - - - - - - - - - - - @@ -819,8 +804,6 @@ - - @@ -1401,7 +1384,7 @@ - + @@ -2063,7 +2046,7 @@ - + @@ -2078,6 +2061,7 @@ + @@ -2116,6 +2100,7 @@ + @@ -2123,6 +2108,7 @@ + @@ -2166,6 +2152,7 @@ + @@ -8860,7 +8847,7 @@ - + @@ -9058,6 +9045,7 @@ + @@ -9092,6 +9080,7 @@ + @@ -9099,6 +9088,7 @@ + @@ -9142,6 +9132,7 @@ +