* parsers/pix.g (icmp_top_level_command): see #2164 policy rules created from import of ssh, telnet and icmp commands should be on top; build 3510

2026-03-18 17:27:20 +01:00 · 2011-03-25 19:41:01 -07:00 · 2011-03-25 19:41:01 -07:00 · 8023a23dfb
commit 8023a23dfb
parent 60d0c4e308
6 changed files with 25 additions and 6 deletions
--- a/2
+++ b/2
@ -7,7 +7,7 @@ FWB_MICRO_VERSION=0
 # build number is like "nano" version number. I am incrementing build
 # number during development cycle
 #
-BUILD_NUM="3509"
+BUILD_NUM="3510"

 VERSION="$FWB_MAJOR_VERSION.$FWB_MINOR_VERSION.$FWB_MICRO_VERSION.$BUILD_NUM"

--- a/VERSION.h
+++ b/VERSION.h
@ -1,2 +1,2 @@
-#define VERSION      "4.2.0.3509"
+#define VERSION      "4.2.0.3510"
 #define GENERATION   "4.2"
--- a/packaging/fwbuilder-static-qt.spec
+++ b/packaging/fwbuilder-static-qt.spec
@ -3,7 +3,7 @@


 %define name    fwbuilder
-%define version 4.2.0.3509
+%define version 4.2.0.3510
 %define release 1

 %if "%_vendor" == "MandrakeSoft"
--- a/packaging/fwbuilder.control
+++ b/packaging/fwbuilder.control
@ -4,6 +4,6 @@ Replaces: fwbuilder (<=4.1.1-1), fwbuilder-common, fwbuilder-bsd, fwbuilder-linu
 Priority: extra
 Section: checkinstall
 Maintainer: vadim@fwbuilder.org
-Version: 4.2.0.3509-1
+Version: 4.2.0.3510-1
 Depends: libqt4-gui (>= 4.3.0), libxml2, libxslt1.1, libsnmp | libsnmp15
 Description: Firewall Builder GUI and policy compilers
--- a/packaging/fwbuilder.spec
+++ b/packaging/fwbuilder.spec
@ -1,6 +1,6 @@

 %define name    fwbuilder
-%define version 4.2.0.3509
+%define version 4.2.0.3510
 %define release 1

 %if "%_vendor" == "MandrakeSoft"
--- a/src/import/PIXImporter.cpp
+++ b/src/import/PIXImporter.cpp
@ -249,6 +249,14 @@ void PIXImporter::rearrangeVlanInterfaces()

 }

+bool compare_ruleset_names(string a, string b)
+{
+    if (a.find("ssh_commands") == 0) return true;
+    if (a.find("telnet_commands") == 0) return true;
+    if (a.find("icmp_commands") == 0) return true;
+    return a < b;
+}
+
 Firewall* PIXImporter::finalize()
 {
    // scan all UnidirectionalRuleSet objects, set interface and
@ -282,10 +290,21 @@ Firewall* PIXImporter::finalize()
                qDebug() << "all_rulesets.size()=" << all_rulesets.size();
            }

+            list<string> ruleset_names;
            std::map<const std::string,UnidirectionalRuleSet*>::iterator i;
            for (i=all_rulesets.begin(); i!=all_rulesets.end(); ++i)
            {
-                UnidirectionalRuleSet *irs = (*i).second;
+                ruleset_names.push_back((*i).first);
+            }
+
+            // sort rule sets by name, making sure "ssh_commands_*",
+            // "telnet_commands_*" and "icmp_commands_*" stay on top
+            ruleset_names.sort(compare_ruleset_names);
+
+            list<string>::iterator it;
+            for (it=ruleset_names.begin(); it!=ruleset_names.end(); ++it)
+            {
+                UnidirectionalRuleSet *irs = all_rulesets[*it];

                if (fwbdebug)
                {