onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-19 09:47:20 +01:00
Code Issues Releases Wiki Activity

* platforms.cpp (isDefaultPolicyRuleOptions): fixed #1365 "missing

Browse Source 
some flags for the "non-default" rule options for PF"

* FWObjectPropertiesFactory.cpp (FWObjectPropertiesFactory::getPolicyRuleOptions):
fixed #1364 "add synproxy and other missing pf rule options to the
rule options tooltip"
This commit is contained in:
Vadim Kurland 2010-03-27 17:25:05 +00:00
parent 3b5d548ca4
commit b5a794d1f1
5 changed files with 144 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
build_num
View File

@ -1 +1 @@
#define BUILD_NUM 2764
#define BUILD_NUM 2767

9
doc/ChangeLog
View File

@ -1,3 +1,12 @@
2010-03-27 vadim <vadim@vk.crocodile.org>
* platforms.cpp (isDefaultPolicyRuleOptions): fixed #1365 "missing
some flags for the "non-default" rule options for PF"
* FWObjectPropertiesFactory.cpp (FWObjectPropertiesFactory::getPolicyRuleOptions):
fixed #1364 "add synproxy and other missing pf rule options to the
rule options tooltip"
2010-03-26 vadim <vadim@vk.crocodile.org>
* RuleSetModel.cpp (RuleSetModel::getDecoration): fixed #1363

12
src/gui/FWObjectPropertiesFactory.cpp
View File

@ -1117,8 +1117,18 @@ QString FWObjectPropertiesFactory::getPolicyRuleOptions(Rule *rule)
res+=QObject::tr("<b>Max src states:</b> ");
res+=QString(ropt->getStr("pf_max_src_states").c_str())+"<br>\n";
}
if (ropt->getBool("pf_synproxy"))
{
res+=QObject::tr("<li><b>synproxy</b></li> ");
}
if (ropt->getBool("pf_modulate_state"))
{
res+=QObject::tr("<li><b>modulate_state</b></li> ");
}
res+="</ul>";
}else if (platform=="ipfw")

10
src/gui/platforms.cpp
View File

@ -252,7 +252,7 @@ bool isDefaultPolicyRuleOptions(FWOptions *opt)
bool ge_4_5 = XMLTools::version_compare(version, "4.5")>=0;
if (ge_4_5)
{
res = (!opt->getBool("pf_no_sync") && opt->getBool("pf_pflow"));
res = (!opt->getBool("pf_no_sync") && !opt->getBool("pf_pflow"));
}
if (ge_4_0)
@ -265,7 +265,9 @@ bool isDefaultPolicyRuleOptions(FWOptions *opt)
opt->getInt("pf_max_src_conn_rate_num")<=0 &&
opt->getInt("pf_max_src_conn_rate_seconds")<=0 &&
! opt->getBool("pf_keep_state") &&
! opt->getBool("pf_sloppy_tracker")
! opt->getBool("pf_sloppy_tracker") &&
! opt->getBool("pf_synproxy") &&
! opt->getBool("pf_modulate_state")
);
}else
{
@ -277,7 +279,9 @@ bool isDefaultPolicyRuleOptions(FWOptions *opt)
opt->getInt("pf_max_src_conn_rate_num")<=0 &&
opt->getInt("pf_max_src_conn_rate_seconds")<=0 &&
! opt->getBool("pf_keep_state") &&
! opt->getBool("pf_sloppy_tracker")
! opt->getBool("pf_sloppy_tracker") &&
! opt->getBool("pf_synproxy") &&
! opt->getBool("pf_modulate_state")
);
}
}

121
test/pf/objects-for-regression-tests.fwb
View File

@ -17611,7 +17611,7 @@
<Option name="use_tables">True</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id20228X55531" host_OS="openbsd" inactive="False" lastCompiled="1157930823" lastInstalled="0" lastModified="1263499555" platform="pf" version="ge_3.7" name="firewall80" comment="Testin state tracking options&#10;" ro="False">
<Firewall id="id20228X55531" host_OS="openbsd" inactive="False" lastCompiled="1157930823" lastInstalled="0" lastModified="1269710325" platform="pf" version="ge_3.7" name="firewall80" comment="Testin state tracking options&#10;" ro="False">
<NAT id="id20330X55531" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</NAT>
@ -17764,7 +17764,44 @@
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id20317X55531" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="">
<PolicyRule id="id70212X25510" disabled="False" group="" log="False" position="4" action="Accept" direction="Both" comment="synproxy">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id20240X55531"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="log_prefix"></Option>
<Option name="pf_keep_state">False</Option>
<Option name="pf_max_src_conn">0</Option>
<Option name="pf_max_src_conn_flush">False</Option>
<Option name="pf_max_src_conn_global">False</Option>
<Option name="pf_max_src_conn_overload_table"></Option>
<Option name="pf_max_src_conn_rate_num">0</Option>
<Option name="pf_max_src_conn_rate_seconds">0</Option>
<Option name="pf_max_src_nodes">10</Option>
<Option name="pf_max_src_states">0</Option>
<Option name="pf_modulate_state">False</Option>
<Option name="pf_no_sync">False</Option>
<Option name="pf_pflow">False</Option>
<Option name="pf_rule_max_state">0</Option>
<Option name="pf_sloppy_tracker">False</Option>
<Option name="pf_source_tracking">False</Option>
<Option name="pf_synproxy">True</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id20317X55531" disabled="False" log="True" position="5" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -17846,7 +17883,7 @@
<Option name="use_tables">True</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id20420X57591" host_OS="openbsd" inactive="False" lastCompiled="1157930823" lastInstalled="0" lastModified="1265520219" platform="pf" version="4.5" name="firewall80-4.5" comment="Testin state tracking options&#10;" ro="False">
<Firewall id="id20420X57591" host_OS="openbsd" inactive="False" lastCompiled="1157930823" lastInstalled="0" lastModified="1269710305" platform="pf" version="4.5" name="firewall80-4.5" comment="Testin state tracking options&#10;" ro="False">
<NAT id="id20508X57591" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</NAT>
@ -18073,7 +18110,7 @@
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id20602X57591" disabled="False" group="" log="False" position="6" action="Accept" direction="Both" comment="">
<PolicyRule id="id20602X57591" disabled="False" group="" log="False" position="6" action="Accept" direction="Both" comment="keep state, no-sync, pflow">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -18110,7 +18147,81 @@
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id20495X57591" disabled="False" log="True" position="7" action="Deny" direction="Both" comment="">
<PolicyRule id="id215627X25510" disabled="False" group="" log="False" position="7" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id20431X57591"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="log_prefix"></Option>
<Option name="pf_keep_state">False</Option>
<Option name="pf_max_src_conn">0</Option>
<Option name="pf_max_src_conn_flush">False</Option>
<Option name="pf_max_src_conn_global">False</Option>
<Option name="pf_max_src_conn_overload_table"></Option>
<Option name="pf_max_src_conn_rate_num">0</Option>
<Option name="pf_max_src_conn_rate_seconds">0</Option>
<Option name="pf_max_src_nodes">0</Option>
<Option name="pf_max_src_states">0</Option>
<Option name="pf_modulate_state">False</Option>
<Option name="pf_no_sync">False</Option>
<Option name="pf_pflow">False</Option>
<Option name="pf_rule_max_state">0</Option>
<Option name="pf_sloppy_tracker">False</Option>
<Option name="pf_source_tracking">False</Option>
<Option name="pf_synproxy">False</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id215802X25510" disabled="False" group="" log="False" position="8" action="Accept" direction="Both" comment="synproxy">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="log_prefix"></Option>
<Option name="pf_keep_state">False</Option>
<Option name="pf_max_src_conn">0</Option>
<Option name="pf_max_src_conn_flush">False</Option>
<Option name="pf_max_src_conn_global">False</Option>
<Option name="pf_max_src_conn_overload_table"></Option>
<Option name="pf_max_src_conn_rate_num">0</Option>
<Option name="pf_max_src_conn_rate_seconds">0</Option>
<Option name="pf_max_src_nodes">0</Option>
<Option name="pf_max_src_states">0</Option>
<Option name="pf_modulate_state">False</Option>
<Option name="pf_no_sync">False</Option>
<Option name="pf_pflow">False</Option>
<Option name="pf_rule_max_state">0</Option>
<Option name="pf_sloppy_tracker">False</Option>
<Option name="pf_source_tracking">False</Option>
<Option name="pf_synproxy">True</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id20495X57591" disabled="False" log="True" position="9" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>