onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-25 20:57:29 +01:00
Code Issues Releases Wiki Activity

* PolicyCompiler_ipf.cpp (SplitDirectionIpfilter::processNext):

Browse Source 
fixed bug #2874571: "ipfilter version 3.4.29 issues after
introduction of 282860". Optimizations added for PF broke rule
generation for ipfilter which does not allow rule without explicit
direction specification.
This commit is contained in:
Vadim Kurland 2009-10-13 21:56:02 +00:00
parent 5b5ef4316d
commit 3848a03edb
4 changed files with 37 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
build_num
View File

@ -1 +1 @@
#define BUILD_NUM 1591
#define BUILD_NUM 1592

6
doc/ChangeLog
View File

@ -1,5 +1,11 @@
2009-10-13 vadim <vadim@vk.crocodile.org>
* PolicyCompiler_ipf.cpp (SplitDirectionIpfilter::processNext):
fixed bug #2874571: "ipfilter version 3.4.29 issues after
introduction of 282860". Optimizations added for PF broke rule
generation for ipfilter which does not allow rule without explicit
direction specification.
* FWBSettings.cpp (FWBSettings::getCollapsedRuleGroups): fixed bug
#2872365: "problem with group names containing comma". State of
the rule group with a comma in the name could not be saved in

27
src/pflib/PolicyCompiler_ipf.cpp
View File

@ -379,6 +379,31 @@ bool PolicyCompiler_ipf::processMultiAddressObjectsInRE::processNext()
return true;
}
bool PolicyCompiler_ipf::SplitDirectionIpfilter::processNext()
{
PolicyRule *rule=getNext(); if (rule==NULL) return false;
if (rule->getDirection()==PolicyRule::Both)
{
PolicyRule *r= compiler->dbcopy->createPolicyRule();
compiler->temp_ruleset->add(r);
r->duplicate(rule);
r->setDirection(PolicyRule::Inbound);
tmp_queue.push_back(r);
r= compiler->dbcopy->createPolicyRule();
compiler->temp_ruleset->add(r);
r->duplicate(rule);
r->setDirection(PolicyRule::Outbound);
tmp_queue.push_back(r);
} else
tmp_queue.push_back(rule);
return true;
}
void PolicyCompiler_ipf::compile()
{
@ -474,7 +499,7 @@ void PolicyCompiler_ipf::compile()
add( new splitIfFirewallInSrc("split rule if firewall is in Src") );
add( new splitIfFirewallInDst("split rule if firewall is in Dst") );
add( new fillDirection("determine directions") );
add( new SplitDirection("split rules with direction 'both'" ) );
add( new SplitDirectionIpfilter("split rules with direction 'both'" ) );
add( new ExpandMultipleAddresses(
"expand objects with multiple addresses") );
add( new checkForDynamicInterfacesOfOtherObjects(

4
src/pflib/PolicyCompiler_ipf.h
View File

@ -65,6 +65,10 @@ namespace fwcompiler {
*/
virtual std::string debugPrintRule(libfwbuilder::Rule *rule);
/**
* split rules if direction is "Both"
*/
DECLARE_POLICY_RULE_PROCESSOR(SplitDirectionIpfilter);
/**
* splits rules with service 'any' because ipf can keep state