onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-25 12:47:44 +01:00
Code Issues Releases Wiki Activity

2009-11-01 Vadim Kurland <vadim@vk.crocodile.org>

Browse Source 
* CompilerDriver_pf.cpp (CompilerDriver_pf::printStaticOptions):
Added support for PF configuration parameter "set state-policy"
which can have values "if-bound" or "floating". The GUI input
element provides these options in addition to the default empty
option. If empty list item is selected, command "set state-policy"
is not added to the generated .conf file at all. Fixes #423
This commit is contained in:
Vadim Kurland 2009-11-01 17:50:34 +00:00
parent c0f0f3afb9
commit 2310dad6ff
6 changed files with 1001 additions and 902 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
build_num
View File

@ -1 +1 @@
#define BUILD_NUM 1667
#define BUILD_NUM 1669

9
doc/ChangeLog
View File

@ -1,3 +1,12 @@
2009-11-01 Vadim Kurland <vadim@vk.crocodile.org>
* CompilerDriver_pf.cpp (CompilerDriver_pf::printStaticOptions):
Added support for PF configuration parameter "set state-policy"
which can have values "if-bound" or "floating". The GUI input
element provides these options in addition to the default empty
option. If empty list item is selected, command "set state-policy"
is not added to the generated .conf file at all. Fixes #423
2009-10-31 Vadim Kurland <vadim@vk.crocodile.org>
* instOptionsDialog.cpp (instOptionsDialog::instOptionsDialog):

16
src/gui/pfAdvancedDialog.cpp
View File

@ -35,6 +35,7 @@
#include "fwbuilder/Firewall.h"
#include "fwbuilder/Management.h"
#include "fwbuilder/Resources.h"
#include "fwbuilder/XMLTools.h"
#include <qcheckbox.h>
#include <qspinbox.h>
@ -57,6 +58,8 @@ pfAdvancedDialog::pfAdvancedDialog(QWidget *parent,FWObject *o)
obj=o;
QStringList slm;
string version = obj->getStr("version");
FWOptions *fwopt=(Firewall::cast(obj))->getOptionsObject();
assert(fwopt!=NULL);
@ -110,6 +113,19 @@ pfAdvancedDialog::pfAdvancedDialog(QWidget *parent,FWObject *o)
m_dialog->pf_optimization->addItems(getScreenNames(slm));
data.registerOption( m_dialog->pf_optimization, fwopt, "pf_optimization", slm);
// Prepare state_policy combo box
slm.clear();
slm.push_back("");
slm.push_back("");
slm.push_back(QObject::tr("Bound to interfaces"));
slm.push_back("if-bound");
slm.push_back(QObject::tr("Floating"));
slm.push_back("floating");
m_dialog->pf_state_policy->clear();
m_dialog->pf_state_policy->addItems(getScreenNames(slm));
data.registerOption( m_dialog->pf_state_policy, fwopt, "pf_state_policy", slm);
m_dialog->pf_state_policy->setEnabled(XMLTools::version_compare(version, "4.3") >= 0);
data.registerOption( m_dialog->pf_check_shadowing,fwopt, "check_shading");
data.registerOption( m_dialog->pf_ignore_empty_groups,fwopt,
"ignore_empty_groups");

1805
src/gui/pfadvanceddialog_q.ui
View File

File diff suppressed because it is too large Load Diff

6
src/pflib/CompilerDriver_pf.cpp
View File

@ -146,6 +146,12 @@ void CompilerDriver_pf::printStaticOptions(QTextStream &file, Firewall* fw)
file << endl;
string state_policy = options->getStr("pf_state_policy");
if (!state_policy.empty())
{
file << "set state-policy " << state_policy << endl;
}
QStringList limits;
if (options->getBool("pf_do_limit_frags") &&
options->getInt("pf_limit_frags")>0 )

65
test/pf/objects-for-regression-tests.fwb
View File

@ -16397,7 +16397,7 @@
<Option name="use_tables">True</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id19695X55350" host_OS="freebsd" inactive="False" lastCompiled="1256085789" lastInstalled="0" lastModified="1256085779" platform="pf" version="4.3" name="firewall22" comment="branching in NAT rules&#10;PF v4.3 and later" ro="False">
<Firewall id="id19695X55350" host_OS="freebsd" inactive="False" lastCompiled="1257097842" lastInstalled="0" lastModified="1257097832" platform="pf" version="4.3" name="firewall22" comment="branching in NAT rules&#10;PF v4.3 and later" ro="False">
<NAT id="id19729X55350" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id19730X55350" disabled="False" position="0" action="NATBranch" comment="">
<OSrc neg="False">
@ -16600,13 +16600,22 @@
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="activationCmd"></Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="check_shading">True</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="conf_file_name_on_firewall"></Option>
<Option name="configure_carp_interfaces">False</Option>
<Option name="configure_interfaces">False</Option>
<Option name="configure_pfsync_interfaces">False</Option>
<Option name="configure_vlan_interfaces">False</Option>
<Option name="debug">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="epilog_script"></Option>
<Option name="fallback_log">False</Option>
<Option name="firewall_dir"></Option>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
@ -16624,6 +16633,7 @@
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="ipt_mangle_only_rulesets"></Option>
<Option name="ipv4_6_order">ipv4_first</Option>
<Option name="limit_suffix">/day</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">0</Option>
@ -16639,32 +16649,85 @@
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_ssh">False</Option>
<Option name="modulate_state">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="openbsd_path_pfctl"></Option>
<Option name="openbsd_path_sysctl"></Option>
<Option name="output_file"></Option>
<Option name="pass_all_out">False</Option>
<Option name="pf_adaptive_end">0</Option>
<Option name="pf_adaptive_start">0</Option>
<Option name="pf_do_limit_frags">False</Option>
<Option name="pf_do_limit_src_nodes">False</Option>
<Option name="pf_do_limit_states">False</Option>
<Option name="pf_do_limit_table_entries">False</Option>
<Option name="pf_do_limit_tables">False</Option>
<Option name="pf_do_scrub">True</Option>
<Option name="pf_do_timeout_frag">False</Option>
<Option name="pf_do_timeout_interval">False</Option>
<Option name="pf_flush_states">False</Option>
<Option name="pf_icmp_error">0</Option>
<Option name="pf_icmp_first">0</Option>
<Option name="pf_limit_frags">5000</Option>
<Option name="pf_limit_src_nodes">0</Option>
<Option name="pf_limit_states">10000</Option>
<Option name="pf_limit_table_entries">0</Option>
<Option name="pf_limit_tables">0</Option>
<Option name="pf_modulate_state">False</Option>
<Option name="pf_optimization"></Option>
<Option name="pf_other_first">0</Option>
<Option name="pf_other_multiple">0</Option>
<Option name="pf_other_single">0</Option>
<Option name="pf_scrub_fragm_crop">False</Option>
<Option name="pf_scrub_fragm_drop_ovl">False</Option>
<Option name="pf_scrub_maxmss">1460</Option>
<Option name="pf_scrub_minttl">1</Option>
<Option name="pf_scrub_no_df">False</Option>
<Option name="pf_scrub_random_id">False</Option>
<Option name="pf_scrub_reassemble">True</Option>
<Option name="pf_scrub_use_maxmss">False</Option>
<Option name="pf_scrub_use_minttl">False</Option>
<Option name="pf_set_adaptive">False</Option>
<Option name="pf_set_icmp_error">False</Option>
<Option name="pf_set_icmp_first">False</Option>
<Option name="pf_set_other_first">False</Option>
<Option name="pf_set_other_multiple">False</Option>
<Option name="pf_set_other_single">False</Option>
<Option name="pf_set_tcp_closed">False</Option>
<Option name="pf_set_tcp_closing">False</Option>
<Option name="pf_set_tcp_established">False</Option>
<Option name="pf_set_tcp_finwait">False</Option>
<Option name="pf_set_tcp_first">False</Option>
<Option name="pf_set_tcp_opening">False</Option>
<Option name="pf_set_udp_first">False</Option>
<Option name="pf_set_udp_multiple">False</Option>
<Option name="pf_set_udp_single">False</Option>
<Option name="pf_state_policy">if-bound</Option>
<Option name="pf_tcp_closed">0</Option>
<Option name="pf_tcp_closing">0</Option>
<Option name="pf_tcp_established">0</Option>
<Option name="pf_tcp_finwait">0</Option>
<Option name="pf_tcp_first">0</Option>
<Option name="pf_tcp_opening">0</Option>
<Option name="pf_timeout_frag">30</Option>
<Option name="pf_timeout_interval">10</Option>
<Option name="pf_udp_first">0</Option>
<Option name="pf_udp_multiple">0</Option>
<Option name="pf_udp_single">0</Option>
<Option name="platform">iptables</Option>
<Option name="prolog_place">fw_file</Option>
<Option name="prolog_script"></Option>
<Option name="proxy_arp">False</Option>
<Option name="scpArgs"></Option>
<Option name="script_env_path"></Option>
<Option name="script_name_on_firewall"></Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="sshArgs"></Option>
<Option name="use_ip_tool">False</Option>
<Option name="use_numeric_log_levels">False</Option>
<Option name="use_tables">True</Option>