commit fcfedad398c091d59eb84f03a4b7c940c2a83f76 Author: Vadim Kurland Date: Tue Dec 25 22:25:59 2007 +0000 Initial import into v3 branch diff --git a/Doxyfile b/Doxyfile new file mode 100644 index 000000000..12f5cc413 --- /dev/null +++ b/Doxyfile @@ -0,0 +1,275 @@ +# Doxyfile 1.4.1-KDevelop + +#--------------------------------------------------------------------------- +# Project related configuration options +#--------------------------------------------------------------------------- +PROJECT_NAME = someproj.kdevelop +PROJECT_NUMBER = 1 +OUTPUT_DIRECTORY = +CREATE_SUBDIRS = NO +OUTPUT_LANGUAGE = English +USE_WINDOWS_ENCODING = NO +BRIEF_MEMBER_DESC = YES +REPEAT_BRIEF = YES +ABBREVIATE_BRIEF = "The $name class" \ + "The $name widget" \ + "The $name file" \ + is \ + provides \ + specifies \ + contains \ + represents \ + a \ + an \ + the +ALWAYS_DETAILED_SEC = NO +INLINE_INHERITED_MEMB = NO +FULL_PATH_NAMES = YES +STRIP_FROM_PATH = /home/krava/work/fwbuilder2/ +STRIP_FROM_INC_PATH = +SHORT_NAMES = NO +JAVADOC_AUTOBRIEF = NO +MULTILINE_CPP_IS_BRIEF = NO +DETAILS_AT_TOP = NO +INHERIT_DOCS = YES +DISTRIBUTE_GROUP_DOC = NO +TAB_SIZE = 8 +ALIASES = +OPTIMIZE_OUTPUT_FOR_C = NO +OPTIMIZE_OUTPUT_JAVA = NO +SUBGROUPING = YES +#--------------------------------------------------------------------------- +# Build related configuration options +#--------------------------------------------------------------------------- +EXTRACT_ALL = NO +EXTRACT_PRIVATE = NO +EXTRACT_STATIC = NO +EXTRACT_LOCAL_CLASSES = YES +EXTRACT_LOCAL_METHODS = NO +HIDE_UNDOC_MEMBERS = NO +HIDE_UNDOC_CLASSES = NO +HIDE_FRIEND_COMPOUNDS = NO +HIDE_IN_BODY_DOCS = NO +INTERNAL_DOCS = NO +CASE_SENSE_NAMES = YES +HIDE_SCOPE_NAMES = NO +SHOW_INCLUDE_FILES = YES +INLINE_INFO = YES +SORT_MEMBER_DOCS = YES +SORT_BRIEF_DOCS = NO +SORT_BY_SCOPE_NAME = NO +GENERATE_TODOLIST = YES +GENERATE_TESTLIST = YES +GENERATE_BUGLIST = YES +GENERATE_DEPRECATEDLIST= YES +ENABLED_SECTIONS = +MAX_INITIALIZER_LINES = 30 +SHOW_USED_FILES = YES +SHOW_DIRECTORIES = YES +FILE_VERSION_FILTER = +#--------------------------------------------------------------------------- +# configuration options related to warning and progress messages +#--------------------------------------------------------------------------- +QUIET = NO +WARNINGS = YES +WARN_IF_UNDOCUMENTED = YES +WARN_IF_DOC_ERROR = YES +WARN_NO_PARAMDOC = NO +WARN_FORMAT = "$file:$line: $text" +WARN_LOGFILE = +#--------------------------------------------------------------------------- +# configuration options related to the input files +#--------------------------------------------------------------------------- +INPUT = /home/krava/work/kdev/someproj +FILE_PATTERNS = *.c \ + *.cc \ + *.cxx \ + *.cpp \ + *.c++ \ + *.java \ + *.ii \ + *.ixx \ + *.ipp \ + *.i++ \ + *.inl \ + *.h \ + *.hh \ + *.hxx \ + *.hpp \ + *.h++ \ + *.idl \ + *.odl \ + *.cs \ + *.php \ + *.php3 \ + *.inc \ + *.m \ + *.mm \ + *.dox \ + *.C \ + *.CC \ + *.C++ \ + *.II \ + *.I++ \ + *.H \ + *.HH \ + *.H++ \ + *.CS \ + *.PHP \ + *.PHP3 \ + *.M \ + *.MM \ + *.C \ + *.H \ + *.tlh \ + *.diff \ + *.patch \ + *.moc \ + *.xpm \ + *.dox +RECURSIVE = yes +EXCLUDE = +EXCLUDE_SYMLINKS = NO +EXCLUDE_PATTERNS = +EXAMPLE_PATH = +EXAMPLE_PATTERNS = * +EXAMPLE_RECURSIVE = NO +IMAGE_PATH = +INPUT_FILTER = +FILTER_PATTERNS = +FILTER_SOURCE_FILES = NO +#--------------------------------------------------------------------------- +# configuration options related to source browsing +#--------------------------------------------------------------------------- +SOURCE_BROWSER = NO +INLINE_SOURCES = NO +STRIP_CODE_COMMENTS = YES +REFERENCED_BY_RELATION = YES +REFERENCES_RELATION = YES +VERBATIM_HEADERS = YES +#--------------------------------------------------------------------------- +# configuration options related to the alphabetical class index +#--------------------------------------------------------------------------- +ALPHABETICAL_INDEX = NO +COLS_IN_ALPHA_INDEX = 5 +IGNORE_PREFIX = +#--------------------------------------------------------------------------- +# configuration options related to the HTML output +#--------------------------------------------------------------------------- +GENERATE_HTML = YES +HTML_OUTPUT = html +HTML_FILE_EXTENSION = .html +HTML_HEADER = +HTML_FOOTER = +HTML_STYLESHEET = +HTML_ALIGN_MEMBERS = YES +GENERATE_HTMLHELP = NO +CHM_FILE = +HHC_LOCATION = +GENERATE_CHI = NO +BINARY_TOC = NO +TOC_EXPAND = NO +DISABLE_INDEX = NO +ENUM_VALUES_PER_LINE = 4 +GENERATE_TREEVIEW = NO +TREEVIEW_WIDTH = 250 +#--------------------------------------------------------------------------- +# configuration options related to the LaTeX output +#--------------------------------------------------------------------------- +GENERATE_LATEX = YES +LATEX_OUTPUT = latex +LATEX_CMD_NAME = latex +MAKEINDEX_CMD_NAME = makeindex +COMPACT_LATEX = NO +PAPER_TYPE = a4wide +EXTRA_PACKAGES = +LATEX_HEADER = +PDF_HYPERLINKS = NO +USE_PDFLATEX = NO +LATEX_BATCHMODE = NO +LATEX_HIDE_INDICES = NO +#--------------------------------------------------------------------------- +# configuration options related to the RTF output +#--------------------------------------------------------------------------- +GENERATE_RTF = NO +RTF_OUTPUT = rtf +COMPACT_RTF = NO +RTF_HYPERLINKS = NO +RTF_STYLESHEET_FILE = +RTF_EXTENSIONS_FILE = +#--------------------------------------------------------------------------- +# configuration options related to the man page output +#--------------------------------------------------------------------------- +GENERATE_MAN = NO +MAN_OUTPUT = man +MAN_EXTENSION = .3 +MAN_LINKS = NO +#--------------------------------------------------------------------------- +# configuration options related to the XML output +#--------------------------------------------------------------------------- +GENERATE_XML = yes +XML_OUTPUT = xml +XML_SCHEMA = +XML_DTD = +XML_PROGRAMLISTING = YES +#--------------------------------------------------------------------------- +# configuration options for the AutoGen Definitions output +#--------------------------------------------------------------------------- +GENERATE_AUTOGEN_DEF = NO +#--------------------------------------------------------------------------- +# configuration options related to the Perl module output +#--------------------------------------------------------------------------- +GENERATE_PERLMOD = NO +PERLMOD_LATEX = NO +PERLMOD_PRETTY = YES +PERLMOD_MAKEVAR_PREFIX = +#--------------------------------------------------------------------------- +# Configuration options related to the preprocessor +#--------------------------------------------------------------------------- +ENABLE_PREPROCESSING = YES +MACRO_EXPANSION = NO +EXPAND_ONLY_PREDEF = NO +SEARCH_INCLUDES = YES +INCLUDE_PATH = +INCLUDE_FILE_PATTERNS = +PREDEFINED = +EXPAND_AS_DEFINED = +SKIP_FUNCTION_MACROS = YES +#--------------------------------------------------------------------------- +# Configuration::additions related to external references +#--------------------------------------------------------------------------- +TAGFILES = +GENERATE_TAGFILE = someproj.tag +ALLEXTERNALS = NO +EXTERNAL_GROUPS = YES +PERL_PATH = /usr/bin/perl +#--------------------------------------------------------------------------- +# Configuration options related to the dot tool +#--------------------------------------------------------------------------- +CLASS_DIAGRAMS = YES +HIDE_UNDOC_RELATIONS = YES +HAVE_DOT = NO +CLASS_GRAPH = YES +COLLABORATION_GRAPH = YES +GROUP_GRAPHS = YES +UML_LOOK = NO +TEMPLATE_RELATIONS = NO +INCLUDE_GRAPH = YES +INCLUDED_BY_GRAPH = YES +CALL_GRAPH = NO +GRAPHICAL_HIERARCHY = YES +DIRECTORY_GRAPH = YES +DOT_IMAGE_FORMAT = png +DOT_PATH = +DOTFILE_DIRS = +MAX_DOT_GRAPH_WIDTH = 1024 +MAX_DOT_GRAPH_HEIGHT = 1024 +MAX_DOT_GRAPH_DEPTH = 1000 +DOT_TRANSPARENT = NO +DOT_MULTI_TARGETS = NO +GENERATE_LEGEND = YES +DOT_CLEANUP = YES +#--------------------------------------------------------------------------- +# Configuration::additions related to the search engine +#--------------------------------------------------------------------------- +SEARCHENGINE = NO diff --git a/FWBMainWindow_q.h b/FWBMainWindow_q.h new file mode 100644 index 000000000..e69de29bb diff --git a/VERSION b/VERSION new file mode 100644 index 000000000..780738f89 --- /dev/null +++ b/VERSION @@ -0,0 +1,30 @@ +#-*- mode: shell-script; tab-width: 4; -*- +# $Id: VERSION,v 1.47 2007/07/21 23:44:19 vkurland Exp $ + + +FWB_MAJOR_VERSION=2 +FWB_MINOR_VERSION=1 +FWB_MICRO_VERSION=99 +VERSION=$FWB_MAJOR_VERSION.$FWB_MINOR_VERSION.$FWB_MICRO_VERSION + +# +# release num. I use it to distinguish between pre-release builds and +# in rare situation when I need to produce replacement RPMs and do not +# want to change version number. +# +# Set it to "1" before publishing the release. +# + +RELEASE_NUM="1" +# RELEASE_NUM="`date +%Y%m%d`cvs" +# RELEASE_NUM="RC1" +# RELEASE_NUM="b" + +BETA="no" + +REQUIRED_LIBFWBUILDER_VERSION="2.1.99" + +# current (or major) version number of the library so file +# +LIBFWBUILDER_SOMAJOR=7 + diff --git a/VERSION.h b/VERSION.h new file mode 100644 index 000000000..a7c70c787 --- /dev/null +++ b/VERSION.h @@ -0,0 +1,2 @@ +#define VERSION "2.1.99" +#define RELEASE_NUM "1" diff --git a/autogen.sh b/autogen.sh new file mode 100644 index 000000000..44c2c5137 --- /dev/null +++ b/autogen.sh @@ -0,0 +1,33 @@ +#!/bin/sh + + +MAKE=`which gnumake 2>/dev/null` +if test ! -x "$MAKE" ; then MAKE=`which gmake` ; fi +if test ! -x "$MAKE" ; then MAKE=`which make` ; fi +HAVE_GNU_MAKE=`$MAKE --version|grep -c "Free Software Foundation"` + +if test "$HAVE_GNU_MAKE" != "1"; then + echo Could not find GNU make on this system, can not proceed with build. + exit 1 +else + echo Found GNU Make at $MAKE ... good. +fi + +echo This script runs configure ... +echo You did remember necessary arguments for configure, right? + +if test ! -x "`which aclocal`" +then echo you need autoconf to generate the configure script +fi + + +ACLOCALARG="" +test -d /sw/share/ && ACLOCALARG=" -I /sw/share/aclocal" + + +libtoolize --force --copy +acinclude +aclocal ${ACLOCALARG} +autoconf + +./configure ${CFGARGS} $* diff --git a/build_num b/build_num new file mode 100644 index 000000000..90a93ac3b --- /dev/null +++ b/build_num @@ -0,0 +1 @@ +#define BUILD_NUM 301 diff --git a/config.guess b/config.guess new file mode 100644 index 000000000..cc726cd15 --- /dev/null +++ b/config.guess @@ -0,0 +1,1388 @@ +#! /bin/sh +# Attempt to guess a canonical system name. +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, +# 2000, 2001, 2002, 2003 Free Software Foundation, Inc. + +timestamp='2003-02-22' + +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# Originally written by Per Bothner . +# Please send patches to . Submit a context +# diff and a properly formatted ChangeLog entry. +# +# This script attempts to guess a canonical system name similar to +# config.sub. If it succeeds, it prints the system name on stdout, and +# exits with 0. Otherwise, it exits with 1. +# +# The plan is that this can be called by configure scripts if you +# don't specify an explicit build system type. + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] + +Output the configuration name of the system \`$me' is run on. + +Operation modes: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.guess ($timestamp) + +Originally written by Per Bothner. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 +Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit 0 ;; + --version | -v ) + echo "$version" ; exit 0 ;; + --help | --h* | -h ) + echo "$usage"; exit 0 ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" >&2 + exit 1 ;; + * ) + break ;; + esac +done + +if test $# != 0; then + echo "$me: too many arguments$help" >&2 + exit 1 +fi + +trap 'exit 1' 1 2 15 + +# CC_FOR_BUILD -- compiler used by this script. Note that the use of a +# compiler to aid in system detection is discouraged as it requires +# temporary files to be created and, as you can see below, it is a +# headache to deal with in a portable fashion. + +# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still +# use `HOST_CC' if defined, but it is deprecated. + +# Portable tmp directory creation inspired by the Autoconf team. + +set_cc_for_build=' +trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; +trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; +: ${TMPDIR=/tmp} ; + { tmp=`(umask 077 && mktemp -d -q "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || + { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || + { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; +dummy=$tmp/dummy ; +tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; +case $CC_FOR_BUILD,$HOST_CC,$CC in + ,,) echo "int x;" > $dummy.c ; + for c in cc gcc c89 c99 ; do + if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then + CC_FOR_BUILD="$c"; break ; + fi ; + done ; + if test x"$CC_FOR_BUILD" = x ; then + CC_FOR_BUILD=no_compiler_found ; + fi + ;; + ,,*) CC_FOR_BUILD=$CC ;; + ,*,*) CC_FOR_BUILD=$HOST_CC ;; +esac ;' + +# This is needed to find uname on a Pyramid OSx when run in the BSD universe. +# (ghazi@noc.rutgers.edu 1994-08-24) +if (test -f /.attbin/uname) >/dev/null 2>&1 ; then + PATH=$PATH:/.attbin ; export PATH +fi + +UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown +UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown +UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown +UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown + +# Note: order is significant - the case branches are not exclusive. + +case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in + *:NetBSD:*:*) + # NetBSD (nbsd) targets should (where applicable) match one or + # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, + # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently + # switched to ELF, *-*-netbsd* would select the old + # object file format. This provides both forward + # compatibility and a consistent mechanism for selecting the + # object file format. + # + # Note: NetBSD doesn't particularly care about the vendor + # portion of the name. We always set it to "unknown". + sysctl="sysctl -n hw.machine_arch" + UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ + /usr/sbin/$sysctl 2>/dev/null || echo unknown)` + case "${UNAME_MACHINE_ARCH}" in + armeb) machine=armeb-unknown ;; + arm*) machine=arm-unknown ;; + sh3el) machine=shl-unknown ;; + sh3eb) machine=sh-unknown ;; + *) machine=${UNAME_MACHINE_ARCH}-unknown ;; + esac + # The Operating System including object format, if it has switched + # to ELF recently, or will in the future. + case "${UNAME_MACHINE_ARCH}" in + arm*|i386|m68k|ns32k|sh3*|sparc|vax) + eval $set_cc_for_build + if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep __ELF__ >/dev/null + then + # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). + # Return netbsd for either. FIX? + os=netbsd + else + os=netbsdelf + fi + ;; + *) + os=netbsd + ;; + esac + # The OS release + # Debian GNU/NetBSD machines have a different userland, and + # thus, need a distinct triplet. However, they do not need + # kernel version information, so it can be replaced with a + # suitable tag, in the style of linux-gnu. + case "${UNAME_VERSION}" in + Debian*) + release='-gnu' + ;; + *) + release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` + ;; + esac + # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: + # contains redundant information, the shorter form: + # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. + echo "${machine}-${os}${release}" + exit 0 ;; + amiga:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + arc:OpenBSD:*:*) + echo mipsel-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + hp300:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + mac68k:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + macppc:OpenBSD:*:*) + echo powerpc-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + mvme68k:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + mvme88k:OpenBSD:*:*) + echo m88k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + mvmeppc:OpenBSD:*:*) + echo powerpc-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + pmax:OpenBSD:*:*) + echo mipsel-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + sgi:OpenBSD:*:*) + echo mipseb-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + sun3:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + wgrisc:OpenBSD:*:*) + echo mipsel-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + *:OpenBSD:*:*) + echo ${UNAME_MACHINE}-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + alpha:OSF1:*:*) + if test $UNAME_RELEASE = "V4.0"; then + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` + fi + # According to Compaq, /usr/sbin/psrinfo has been available on + # OSF/1 and Tru64 systems produced since 1995. I hope that + # covers most systems running today. This code pipes the CPU + # types through head -n 1, so we only detect the type of CPU 0. + ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` + case "$ALPHA_CPU_TYPE" in + "EV4 (21064)") + UNAME_MACHINE="alpha" ;; + "EV4.5 (21064)") + UNAME_MACHINE="alpha" ;; + "LCA4 (21066/21068)") + UNAME_MACHINE="alpha" ;; + "EV5 (21164)") + UNAME_MACHINE="alphaev5" ;; + "EV5.6 (21164A)") + UNAME_MACHINE="alphaev56" ;; + "EV5.6 (21164PC)") + UNAME_MACHINE="alphapca56" ;; + "EV5.7 (21164PC)") + UNAME_MACHINE="alphapca57" ;; + "EV6 (21264)") + UNAME_MACHINE="alphaev6" ;; + "EV6.7 (21264A)") + UNAME_MACHINE="alphaev67" ;; + "EV6.8CB (21264C)") + UNAME_MACHINE="alphaev68" ;; + "EV6.8AL (21264B)") + UNAME_MACHINE="alphaev68" ;; + "EV6.8CX (21264D)") + UNAME_MACHINE="alphaev68" ;; + "EV6.9A (21264/EV69A)") + UNAME_MACHINE="alphaev69" ;; + "EV7 (21364)") + UNAME_MACHINE="alphaev7" ;; + "EV7.9 (21364A)") + UNAME_MACHINE="alphaev79" ;; + esac + # A Vn.n version is a released version. + # A Tn.n version is a released field test version. + # A Xn.n version is an unreleased experimental baselevel. + # 1.2 uses "1.2" for uname -r. + echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + exit 0 ;; + Alpha\ *:Windows_NT*:*) + # How do we know it's Interix rather than the generic POSIX subsystem? + # Should we change UNAME_MACHINE based on the output of uname instead + # of the specific Alpha model? + echo alpha-pc-interix + exit 0 ;; + 21064:Windows_NT:50:3) + echo alpha-dec-winnt3.5 + exit 0 ;; + Amiga*:UNIX_System_V:4.0:*) + echo m68k-unknown-sysv4 + exit 0;; + *:[Aa]miga[Oo][Ss]:*:*) + echo ${UNAME_MACHINE}-unknown-amigaos + exit 0 ;; + *:[Mm]orph[Oo][Ss]:*:*) + echo ${UNAME_MACHINE}-unknown-morphos + exit 0 ;; + *:OS/390:*:*) + echo i370-ibm-openedition + exit 0 ;; + arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) + echo arm-acorn-riscix${UNAME_RELEASE} + exit 0;; + SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) + echo hppa1.1-hitachi-hiuxmpp + exit 0;; + Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) + # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. + if test "`(/bin/universe) 2>/dev/null`" = att ; then + echo pyramid-pyramid-sysv3 + else + echo pyramid-pyramid-bsd + fi + exit 0 ;; + NILE*:*:*:dcosx) + echo pyramid-pyramid-svr4 + exit 0 ;; + DRS?6000:UNIX_SV:4.2*:7*) + case `/usr/bin/uname -p` in + sparc) echo sparc-icl-nx7 && exit 0 ;; + esac ;; + sun4H:SunOS:5.*:*) + echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) + echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + i86pc:SunOS:5.*:*) + echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + sun4*:SunOS:6*:*) + # According to config.sub, this is the proper way to canonicalize + # SunOS6. Hard to guess exactly what SunOS6 will be like, but + # it's likely to be more like Solaris than SunOS4. + echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + sun4*:SunOS:*:*) + case "`/usr/bin/arch -k`" in + Series*|S4*) + UNAME_RELEASE=`uname -v` + ;; + esac + # Japanese Language versions have a version number like `4.1.3-JL'. + echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` + exit 0 ;; + sun3*:SunOS:*:*) + echo m68k-sun-sunos${UNAME_RELEASE} + exit 0 ;; + sun*:*:4.2BSD:*) + UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` + test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 + case "`/bin/arch`" in + sun3) + echo m68k-sun-sunos${UNAME_RELEASE} + ;; + sun4) + echo sparc-sun-sunos${UNAME_RELEASE} + ;; + esac + exit 0 ;; + aushp:SunOS:*:*) + echo sparc-auspex-sunos${UNAME_RELEASE} + exit 0 ;; + # The situation for MiNT is a little confusing. The machine name + # can be virtually everything (everything which is not + # "atarist" or "atariste" at least should have a processor + # > m68000). The system name ranges from "MiNT" over "FreeMiNT" + # to the lowercase version "mint" (or "freemint"). Finally + # the system name "TOS" denotes a system which is actually not + # MiNT. But MiNT is downward compatible to TOS, so this should + # be no problem. + atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit 0 ;; + atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit 0 ;; + *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit 0 ;; + milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) + echo m68k-milan-mint${UNAME_RELEASE} + exit 0 ;; + hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) + echo m68k-hades-mint${UNAME_RELEASE} + exit 0 ;; + *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) + echo m68k-unknown-mint${UNAME_RELEASE} + exit 0 ;; + powerpc:machten:*:*) + echo powerpc-apple-machten${UNAME_RELEASE} + exit 0 ;; + RISC*:Mach:*:*) + echo mips-dec-mach_bsd4.3 + exit 0 ;; + RISC*:ULTRIX:*:*) + echo mips-dec-ultrix${UNAME_RELEASE} + exit 0 ;; + VAX*:ULTRIX*:*:*) + echo vax-dec-ultrix${UNAME_RELEASE} + exit 0 ;; + 2020:CLIX:*:* | 2430:CLIX:*:*) + echo clipper-intergraph-clix${UNAME_RELEASE} + exit 0 ;; + mips:*:*:UMIPS | mips:*:*:RISCos) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c +#ifdef __cplusplus +#include /* for printf() prototype */ + int main (int argc, char *argv[]) { +#else + int main (argc, argv) int argc; char *argv[]; { +#endif + #if defined (host_mips) && defined (MIPSEB) + #if defined (SYSTYPE_SYSV) + printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_SVR4) + printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) + printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); + #endif + #endif + exit (-1); + } +EOF + $CC_FOR_BUILD -o $dummy $dummy.c \ + && $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \ + && exit 0 + echo mips-mips-riscos${UNAME_RELEASE} + exit 0 ;; + Motorola:PowerMAX_OS:*:*) + echo powerpc-motorola-powermax + exit 0 ;; + Motorola:*:4.3:PL8-*) + echo powerpc-harris-powermax + exit 0 ;; + Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) + echo powerpc-harris-powermax + exit 0 ;; + Night_Hawk:Power_UNIX:*:*) + echo powerpc-harris-powerunix + exit 0 ;; + m88k:CX/UX:7*:*) + echo m88k-harris-cxux7 + exit 0 ;; + m88k:*:4*:R4*) + echo m88k-motorola-sysv4 + exit 0 ;; + m88k:*:3*:R3*) + echo m88k-motorola-sysv3 + exit 0 ;; + AViiON:dgux:*:*) + # DG/UX returns AViiON for all architectures + UNAME_PROCESSOR=`/usr/bin/uname -p` + if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] + then + if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ + [ ${TARGET_BINARY_INTERFACE}x = x ] + then + echo m88k-dg-dgux${UNAME_RELEASE} + else + echo m88k-dg-dguxbcs${UNAME_RELEASE} + fi + else + echo i586-dg-dgux${UNAME_RELEASE} + fi + exit 0 ;; + M88*:DolphinOS:*:*) # DolphinOS (SVR3) + echo m88k-dolphin-sysv3 + exit 0 ;; + M88*:*:R3*:*) + # Delta 88k system running SVR3 + echo m88k-motorola-sysv3 + exit 0 ;; + XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) + echo m88k-tektronix-sysv3 + exit 0 ;; + Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) + echo m68k-tektronix-bsd + exit 0 ;; + *:IRIX*:*:*) + echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` + exit 0 ;; + ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. + echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id + exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX ' + i*86:AIX:*:*) + echo i386-ibm-aix + exit 0 ;; + ia64:AIX:*:*) + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + fi + echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} + exit 0 ;; + *:AIX:2:3) + if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + + main() + { + if (!__power_pc()) + exit(1); + puts("powerpc-ibm-aix3.2.5"); + exit(0); + } +EOF + $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0 + echo rs6000-ibm-aix3.2.5 + elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then + echo rs6000-ibm-aix3.2.4 + else + echo rs6000-ibm-aix3.2 + fi + exit 0 ;; + *:AIX:*:[45]) + IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` + if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then + IBM_ARCH=rs6000 + else + IBM_ARCH=powerpc + fi + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + fi + echo ${IBM_ARCH}-ibm-aix${IBM_REV} + exit 0 ;; + *:AIX:*:*) + echo rs6000-ibm-aix + exit 0 ;; + ibmrt:4.4BSD:*|romp-ibm:BSD:*) + echo romp-ibm-bsd4.4 + exit 0 ;; + ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and + echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to + exit 0 ;; # report: romp-ibm BSD 4.3 + *:BOSX:*:*) + echo rs6000-bull-bosx + exit 0 ;; + DPX/2?00:B.O.S.:*:*) + echo m68k-bull-sysv3 + exit 0 ;; + 9000/[34]??:4.3bsd:1.*:*) + echo m68k-hp-bsd + exit 0 ;; + hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) + echo m68k-hp-bsd4.4 + exit 0 ;; + 9000/[34678]??:HP-UX:*:*) + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + case "${UNAME_MACHINE}" in + 9000/31? ) HP_ARCH=m68000 ;; + 9000/[34]?? ) HP_ARCH=m68k ;; + 9000/[678][0-9][0-9]) + if [ -x /usr/bin/getconf ]; then + sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` + sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` + case "${sc_cpu_version}" in + 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 + 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 + 532) # CPU_PA_RISC2_0 + case "${sc_kernel_bits}" in + 32) HP_ARCH="hppa2.0n" ;; + 64) HP_ARCH="hppa2.0w" ;; + '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 + esac ;; + esac + fi + if [ "${HP_ARCH}" = "" ]; then + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + + #define _HPUX_SOURCE + #include + #include + + int main () + { + #if defined(_SC_KERNEL_BITS) + long bits = sysconf(_SC_KERNEL_BITS); + #endif + long cpu = sysconf (_SC_CPU_VERSION); + + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1"); break; + case CPU_PA_RISC2_0: + #if defined(_SC_KERNEL_BITS) + switch (bits) + { + case 64: puts ("hppa2.0w"); break; + case 32: puts ("hppa2.0n"); break; + default: puts ("hppa2.0"); break; + } break; + #else /* !defined(_SC_KERNEL_BITS) */ + puts ("hppa2.0"); break; + #endif + default: puts ("hppa1.0"); break; + } + exit (0); + } +EOF + (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` + test -z "$HP_ARCH" && HP_ARCH=hppa + fi ;; + esac + if [ ${HP_ARCH} = "hppa2.0w" ] + then + # avoid double evaluation of $set_cc_for_build + test -n "$CC_FOR_BUILD" || eval $set_cc_for_build + if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E -) | grep __LP64__ >/dev/null + then + HP_ARCH="hppa2.0w" + else + HP_ARCH="hppa64" + fi + fi + echo ${HP_ARCH}-hp-hpux${HPUX_REV} + exit 0 ;; + ia64:HP-UX:*:*) + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + echo ia64-hp-hpux${HPUX_REV} + exit 0 ;; + 3050*:HI-UX:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + int + main () + { + long cpu = sysconf (_SC_CPU_VERSION); + /* The order matters, because CPU_IS_HP_MC68K erroneously returns + true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct + results, however. */ + if (CPU_IS_PA_RISC (cpu)) + { + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; + case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; + default: puts ("hppa-hitachi-hiuxwe2"); break; + } + } + else if (CPU_IS_HP_MC68K (cpu)) + puts ("m68k-hitachi-hiuxwe2"); + else puts ("unknown-hitachi-hiuxwe2"); + exit (0); + } +EOF + $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0 + echo unknown-hitachi-hiuxwe2 + exit 0 ;; + 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) + echo hppa1.1-hp-bsd + exit 0 ;; + 9000/8??:4.3bsd:*:*) + echo hppa1.0-hp-bsd + exit 0 ;; + *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) + echo hppa1.0-hp-mpeix + exit 0 ;; + hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) + echo hppa1.1-hp-osf + exit 0 ;; + hp8??:OSF1:*:*) + echo hppa1.0-hp-osf + exit 0 ;; + i*86:OSF1:*:*) + if [ -x /usr/sbin/sysversion ] ; then + echo ${UNAME_MACHINE}-unknown-osf1mk + else + echo ${UNAME_MACHINE}-unknown-osf1 + fi + exit 0 ;; + parisc*:Lites*:*:*) + echo hppa1.1-hp-lites + exit 0 ;; + C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) + echo c1-convex-bsd + exit 0 ;; + C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit 0 ;; + C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) + echo c34-convex-bsd + exit 0 ;; + C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) + echo c38-convex-bsd + exit 0 ;; + C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) + echo c4-convex-bsd + exit 0 ;; + CRAY*Y-MP:*:*:*) + echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*[A-Z]90:*:*:*) + echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ + | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ + -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ + -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*TS:*:*:*) + echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*T3E:*:*:*) + echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*SV1:*:*:*) + echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + *:UNICOS/mp:*:*) + echo nv1-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) + FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` + echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit 0 ;; + i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) + echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} + exit 0 ;; + sparc*:BSD/OS:*:*) + echo sparc-unknown-bsdi${UNAME_RELEASE} + exit 0 ;; + *:BSD/OS:*:*) + echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} + exit 0 ;; + *:FreeBSD:*:*) + # Determine whether the default compiler uses glibc. + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + #if __GLIBC__ >= 2 + LIBC=gnu + #else + LIBC= + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` + echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC} + exit 0 ;; + i*:CYGWIN*:*) + echo ${UNAME_MACHINE}-pc-cygwin + exit 0 ;; + i*:MINGW*:*) + echo ${UNAME_MACHINE}-pc-mingw32 + exit 0 ;; + i*:PW*:*) + echo ${UNAME_MACHINE}-pc-pw32 + exit 0 ;; + x86:Interix*:3*) + echo i586-pc-interix3 + exit 0 ;; + [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) + echo i${UNAME_MACHINE}-pc-mks + exit 0 ;; + i*:Windows_NT*:* | Pentium*:Windows_NT*:*) + # How do we know it's Interix rather than the generic POSIX subsystem? + # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we + # UNAME_MACHINE based on the output of uname instead of i386? + echo i586-pc-interix + exit 0 ;; + i*:UWIN*:*) + echo ${UNAME_MACHINE}-pc-uwin + exit 0 ;; + p*:CYGWIN*:*) + echo powerpcle-unknown-cygwin + exit 0 ;; + prep*:SunOS:5.*:*) + echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + *:GNU:*:*) + echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + exit 0 ;; + i*86:Minix:*:*) + echo ${UNAME_MACHINE}-pc-minix + exit 0 ;; + arm*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + ia64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + m68*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + mips:Linux:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #undef CPU + #undef mips + #undef mipsel + #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) + CPU=mipsel + #else + #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) + CPU=mips + #else + CPU= + #endif + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` + test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0 + ;; + mips64:Linux:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #undef CPU + #undef mips64 + #undef mips64el + #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) + CPU=mips64el + #else + #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) + CPU=mips64 + #else + CPU= + #endif + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` + test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0 + ;; + ppc:Linux:*:*) + echo powerpc-unknown-linux-gnu + exit 0 ;; + ppc64:Linux:*:*) + echo powerpc64-unknown-linux-gnu + exit 0 ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; + EV56) UNAME_MACHINE=alphaev56 ;; + PCA56) UNAME_MACHINE=alphapca56 ;; + PCA57) UNAME_MACHINE=alphapca56 ;; + EV6) UNAME_MACHINE=alphaev6 ;; + EV67) UNAME_MACHINE=alphaev67 ;; + EV68*) UNAME_MACHINE=alphaev68 ;; + esac + objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null + if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi + echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} + exit 0 ;; + parisc:Linux:*:* | hppa:Linux:*:*) + # Look for CPU level + case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in + PA7*) echo hppa1.1-unknown-linux-gnu ;; + PA8*) echo hppa2.0-unknown-linux-gnu ;; + *) echo hppa-unknown-linux-gnu ;; + esac + exit 0 ;; + parisc64:Linux:*:* | hppa64:Linux:*:*) + echo hppa64-unknown-linux-gnu + exit 0 ;; + s390:Linux:*:* | s390x:Linux:*:*) + echo ${UNAME_MACHINE}-ibm-linux + exit 0 ;; + sh*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + sparc:Linux:*:* | sparc64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + x86_64:Linux:*:*) + echo x86_64-unknown-linux-gnu + exit 0 ;; + i*86:Linux:*:*) + # The BFD linker knows what the default object file format is, so + # first see if it will tell us. cd to the root directory to prevent + # problems with other programs or directories called `ld' in the path. + # Set LC_ALL=C to ensure ld outputs messages in English. + ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \ + | sed -ne '/supported targets:/!d + s/[ ][ ]*/ /g + s/.*supported targets: *// + s/ .*// + p'` + case "$ld_supported_targets" in + elf32-i386) + TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu" + ;; + a.out-i386-linux) + echo "${UNAME_MACHINE}-pc-linux-gnuaout" + exit 0 ;; + coff-i386) + echo "${UNAME_MACHINE}-pc-linux-gnucoff" + exit 0 ;; + "") + # Either a pre-BFD a.out linker (linux-gnuoldld) or + # one that does not give us useful --help. + echo "${UNAME_MACHINE}-pc-linux-gnuoldld" + exit 0 ;; + esac + # Determine whether the default compiler is a.out or elf + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + #ifdef __ELF__ + # ifdef __GLIBC__ + # if __GLIBC__ >= 2 + LIBC=gnu + # else + LIBC=gnulibc1 + # endif + # else + LIBC=gnulibc1 + # endif + #else + #ifdef __INTEL_COMPILER + LIBC=gnu + #else + LIBC=gnuaout + #endif + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` + test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0 + test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0 + ;; + i*86:DYNIX/ptx:4*:*) + # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. + # earlier versions are messed up and put the nodename in both + # sysname and nodename. + echo i386-sequent-sysv4 + exit 0 ;; + i*86:UNIX_SV:4.2MP:2.*) + # Unixware is an offshoot of SVR4, but it has its own version + # number series starting with 2... + # I am not positive that other SVR4 systems won't match this, + # I just have to hope. -- rms. + # Use sysv4.2uw... so that sysv4* matches it. + echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} + exit 0 ;; + i*86:OS/2:*:*) + # If we were able to find `uname', then EMX Unix compatibility + # is probably installed. + echo ${UNAME_MACHINE}-pc-os2-emx + exit 0 ;; + i*86:XTS-300:*:STOP) + echo ${UNAME_MACHINE}-unknown-stop + exit 0 ;; + i*86:atheos:*:*) + echo ${UNAME_MACHINE}-unknown-atheos + exit 0 ;; + i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*) + echo i386-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + i*86:*DOS:*:*) + echo ${UNAME_MACHINE}-pc-msdosdjgpp + exit 0 ;; + i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) + UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` + if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then + echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} + else + echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} + fi + exit 0 ;; + i*86:*:5:[78]*) + case `/bin/uname -X | grep "^Machine"` in + *486*) UNAME_MACHINE=i486 ;; + *Pentium) UNAME_MACHINE=i586 ;; + *Pent*|*Celeron) UNAME_MACHINE=i686 ;; + esac + echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} + exit 0 ;; + i*86:*:3.2:*) + if test -f /usr/options/cb.name; then + UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then + UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` + (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 + (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ + && UNAME_MACHINE=i586 + (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ + && UNAME_MACHINE=i686 + (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ + && UNAME_MACHINE=i686 + echo ${UNAME_MACHINE}-pc-sco$UNAME_REL + else + echo ${UNAME_MACHINE}-pc-sysv32 + fi + exit 0 ;; + pc:*:*:*) + # Left here for compatibility: + # uname -m prints for DJGPP always 'pc', but it prints nothing about + # the processor, so we play safe by assuming i386. + echo i386-pc-msdosdjgpp + exit 0 ;; + Intel:Mach:3*:*) + echo i386-pc-mach3 + exit 0 ;; + paragon:*:*:*) + echo i860-intel-osf1 + exit 0 ;; + i860:*:4.*:*) # i860-SVR4 + if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then + echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 + else # Add other i860-SVR4 vendors below as they are discovered. + echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 + fi + exit 0 ;; + mini*:CTIX:SYS*5:*) + # "miniframe" + echo m68010-convergent-sysv + exit 0 ;; + mc68k:UNIX:SYSTEM5:3.51m) + echo m68k-convergent-sysv + exit 0 ;; + M680?0:D-NIX:5.3:*) + echo m68k-diab-dnix + exit 0 ;; + M68*:*:R3V[567]*:*) + test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;; + 3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0) + OS_REL='' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && echo i486-ncr-sysv4.3${OS_REL} && exit 0 + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;; + 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && echo i486-ncr-sysv4 && exit 0 ;; + m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) + echo m68k-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + mc68030:UNIX_System_V:4.*:*) + echo m68k-atari-sysv4 + exit 0 ;; + TSUNAMI:LynxOS:2.*:*) + echo sparc-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + rs6000:LynxOS:2.*:*) + echo rs6000-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*) + echo powerpc-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + SM[BE]S:UNIX_SV:*:*) + echo mips-dde-sysv${UNAME_RELEASE} + exit 0 ;; + RM*:ReliantUNIX-*:*:*) + echo mips-sni-sysv4 + exit 0 ;; + RM*:SINIX-*:*:*) + echo mips-sni-sysv4 + exit 0 ;; + *:SINIX-*:*:*) + if uname -p 2>/dev/null >/dev/null ; then + UNAME_MACHINE=`(uname -p) 2>/dev/null` + echo ${UNAME_MACHINE}-sni-sysv4 + else + echo ns32k-sni-sysv + fi + exit 0 ;; + PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort + # says + echo i586-unisys-sysv4 + exit 0 ;; + *:UNIX_System_V:4*:FTX*) + # From Gerald Hewes . + # How about differentiating between stratus architectures? -djm + echo hppa1.1-stratus-sysv4 + exit 0 ;; + *:*:*:FTX*) + # From seanf@swdc.stratus.com. + echo i860-stratus-sysv4 + exit 0 ;; + *:VOS:*:*) + # From Paul.Green@stratus.com. + echo hppa1.1-stratus-vos + exit 0 ;; + mc68*:A/UX:*:*) + echo m68k-apple-aux${UNAME_RELEASE} + exit 0 ;; + news*:NEWS-OS:6*:*) + echo mips-sony-newsos6 + exit 0 ;; + R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) + if [ -d /usr/nec ]; then + echo mips-nec-sysv${UNAME_RELEASE} + else + echo mips-unknown-sysv${UNAME_RELEASE} + fi + exit 0 ;; + BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. + echo powerpc-be-beos + exit 0 ;; + BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. + echo powerpc-apple-beos + exit 0 ;; + BePC:BeOS:*:*) # BeOS running on Intel PC compatible. + echo i586-pc-beos + exit 0 ;; + SX-4:SUPER-UX:*:*) + echo sx4-nec-superux${UNAME_RELEASE} + exit 0 ;; + SX-5:SUPER-UX:*:*) + echo sx5-nec-superux${UNAME_RELEASE} + exit 0 ;; + SX-6:SUPER-UX:*:*) + echo sx6-nec-superux${UNAME_RELEASE} + exit 0 ;; + Power*:Rhapsody:*:*) + echo powerpc-apple-rhapsody${UNAME_RELEASE} + exit 0 ;; + *:Rhapsody:*:*) + echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} + exit 0 ;; + *:Darwin:*:*) + case `uname -p` in + *86) UNAME_PROCESSOR=i686 ;; + powerpc) UNAME_PROCESSOR=powerpc ;; + esac + echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} + exit 0 ;; + *:procnto*:*:* | *:QNX:[0123456789]*:*) + UNAME_PROCESSOR=`uname -p` + if test "$UNAME_PROCESSOR" = "x86"; then + UNAME_PROCESSOR=i386 + UNAME_MACHINE=pc + fi + echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} + exit 0 ;; + *:QNX:*:4*) + echo i386-pc-qnx + exit 0 ;; + NSR-[DGKLNPTVW]:NONSTOP_KERNEL:*:*) + echo nsr-tandem-nsk${UNAME_RELEASE} + exit 0 ;; + *:NonStop-UX:*:*) + echo mips-compaq-nonstopux + exit 0 ;; + BS2000:POSIX*:*:*) + echo bs2000-siemens-sysv + exit 0 ;; + DS/*:UNIX_System_V:*:*) + echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} + exit 0 ;; + *:Plan9:*:*) + # "uname -m" is not consistent, so use $cputype instead. 386 + # is converted to i386 for consistency with other x86 + # operating systems. + if test "$cputype" = "386"; then + UNAME_MACHINE=i386 + else + UNAME_MACHINE="$cputype" + fi + echo ${UNAME_MACHINE}-unknown-plan9 + exit 0 ;; + *:TOPS-10:*:*) + echo pdp10-unknown-tops10 + exit 0 ;; + *:TENEX:*:*) + echo pdp10-unknown-tenex + exit 0 ;; + KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) + echo pdp10-dec-tops20 + exit 0 ;; + XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) + echo pdp10-xkl-tops20 + exit 0 ;; + *:TOPS-20:*:*) + echo pdp10-unknown-tops20 + exit 0 ;; + *:ITS:*:*) + echo pdp10-unknown-its + exit 0 ;; +esac + +#echo '(No uname command or uname output not recognized.)' 1>&2 +#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 + +eval $set_cc_for_build +cat >$dummy.c < +# include +#endif +main () +{ +#if defined (sony) +#if defined (MIPSEB) + /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, + I don't know.... */ + printf ("mips-sony-bsd\n"); exit (0); +#else +#include + printf ("m68k-sony-newsos%s\n", +#ifdef NEWSOS4 + "4" +#else + "" +#endif + ); exit (0); +#endif +#endif + +#if defined (__arm) && defined (__acorn) && defined (__unix) + printf ("arm-acorn-riscix"); exit (0); +#endif + +#if defined (hp300) && !defined (hpux) + printf ("m68k-hp-bsd\n"); exit (0); +#endif + +#if defined (NeXT) +#if !defined (__ARCHITECTURE__) +#define __ARCHITECTURE__ "m68k" +#endif + int version; + version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; + if (version < 4) + printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); + else + printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); + exit (0); +#endif + +#if defined (MULTIMAX) || defined (n16) +#if defined (UMAXV) + printf ("ns32k-encore-sysv\n"); exit (0); +#else +#if defined (CMU) + printf ("ns32k-encore-mach\n"); exit (0); +#else + printf ("ns32k-encore-bsd\n"); exit (0); +#endif +#endif +#endif + +#if defined (__386BSD__) + printf ("i386-pc-bsd\n"); exit (0); +#endif + +#if defined (sequent) +#if defined (i386) + printf ("i386-sequent-dynix\n"); exit (0); +#endif +#if defined (ns32000) + printf ("ns32k-sequent-dynix\n"); exit (0); +#endif +#endif + +#if defined (_SEQUENT_) + struct utsname un; + + uname(&un); + + if (strncmp(un.version, "V2", 2) == 0) { + printf ("i386-sequent-ptx2\n"); exit (0); + } + if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ + printf ("i386-sequent-ptx1\n"); exit (0); + } + printf ("i386-sequent-ptx\n"); exit (0); + +#endif + +#if defined (vax) +# if !defined (ultrix) +# include +# if defined (BSD) +# if BSD == 43 + printf ("vax-dec-bsd4.3\n"); exit (0); +# else +# if BSD == 199006 + printf ("vax-dec-bsd4.3reno\n"); exit (0); +# else + printf ("vax-dec-bsd\n"); exit (0); +# endif +# endif +# else + printf ("vax-dec-bsd\n"); exit (0); +# endif +# else + printf ("vax-dec-ultrix\n"); exit (0); +# endif +#endif + +#if defined (alliant) && defined (i860) + printf ("i860-alliant-bsd\n"); exit (0); +#endif + + exit (1); +} +EOF + +$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && $dummy && exit 0 + +# Apollos put the system type in the environment. + +test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; } + +# Convex versions that predate uname can use getsysinfo(1) + +if [ -x /usr/convex/getsysinfo ] +then + case `getsysinfo -f cpu_type` in + c1*) + echo c1-convex-bsd + exit 0 ;; + c2*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit 0 ;; + c34*) + echo c34-convex-bsd + exit 0 ;; + c38*) + echo c38-convex-bsd + exit 0 ;; + c4*) + echo c4-convex-bsd + exit 0 ;; + esac +fi + +cat >&2 < in order to provide the needed +information to handle your system. + +config.guess timestamp = $timestamp + +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null` + +hostinfo = `(hostinfo) 2>/dev/null` +/bin/universe = `(/bin/universe) 2>/dev/null` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` +/bin/arch = `(/bin/arch) 2>/dev/null` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` + +UNAME_MACHINE = ${UNAME_MACHINE} +UNAME_RELEASE = ${UNAME_RELEASE} +UNAME_SYSTEM = ${UNAME_SYSTEM} +UNAME_VERSION = ${UNAME_VERSION} +EOF + +exit 1 + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff --git a/config.h.in b/config.h.in new file mode 100644 index 000000000..da088ec3b --- /dev/null +++ b/config.h.in @@ -0,0 +1,121 @@ + +#include "VERSION.h" +#include "build_num" + +#undef PACKAGE_LOCALE_DIR +#undef PACKAGE_DATA_DIR +#undef PACKAGE_SOURCE_DIR + +#undef RCS_DIR +#undef RCS_FILE_NAME +#undef RCSDIFF_FILE_NAME +#undef RLOG_FILE_NAME +#undef CI_FILE_NAME +#undef CO_FILE_NAME + +/* Where system-wide QT translations are installed */ +#undef QTTRANSLATIONSDIR + +/* Define if you have the header file. */ +#undef HAVE_X11_SM_SMLIB_H + +/* Name of package */ +#undef PACKAGE + +/* OS */ +#undef OS + +/* OS */ +#undef OS_CYGWIN +#undef OS_MINGW +#undef OS_MACOSX +#undef OS_SOLARIS +#undef OS_FREEBSD +#undef OS_OPENBSD +#undef OS_LINUX +#undef OS_UNKNOWN + +#if defined(OS_SOLARIS) || defined(OS_FREEBSD) || defined(OS_OPENBSD) || defined(OS_LINUX) || defined(OS_MACOSX) +#define OS_UNIX 1 +#endif + +#if defined(_WIN32) +#define OS_WIN32 1 +#endif + +/* distribution (for Linux) */ +#undef DISTRO + +/* prefix dir */ +/* #undef PREFIX */ + +/* init dir */ +#undef RES_DIR + +#define MANIFEST_MARKER "# files: " + +#undef HAVE_LOCALE_H +#undef HAVE_GETOPT_H +#undef HAVE_SETLOCALE +#undef HAVE_SETENV +#undef HAVE_PUTENV +#undef HAVE_SIGNAL +#undef HAVE_SIGNAL_H + +#undef HAVE_PTY_H +#undef HAVE_LIBUTIL_H +#undef HAVE_UTIL_H + +#ifdef HAVE_GETOPT_H +# define HAVE_DECL_GETOPT HAVE_GETOPT_H +#endif + +#undef HAVE_STRUCT_TM_TM_ZONE +#undef TM_IN_SYS_TIME + +#undef HAVE_FORKPTY +#undef HAVE_CFMAKERAW + +/* + * This is needed for Solaris + */ +#undef __PRAGMA_REDEFINE_EXTNAME + + + +#undef HAVE_CATGETS +#undef HAVE_GETTEXT +#undef HAVE_LC_MESSAGES +#undef HAVE_STPCPY +#undef HAVE_LIBSM +#undef HAVE_MEMPCPY +#undef HAVE_STRCHR + +#undef HAVE_ANTLR_RUNTIME + +/* + * on some platforms (OpenBSD) the second parameter to dlopen is different + */ +#undef DLOPEN_MODE + +#if 0 +#ifdef __cplusplus +using namespace std; +/* + #ifndef __STD + #define __STD std + #endif +*/ +#endif +#endif + +#ifndef _WIN32 +# define SNPRINTF snprintf +# define VSNPRINTF vsnprintf +#else +# define SNPRINTF _snprintf +# define VSNPRINTF _vsnprintf +#endif + +#define _(x) x + diff --git a/config.sub b/config.sub new file mode 100644 index 000000000..9772e87d2 --- /dev/null +++ b/config.sub @@ -0,0 +1,1489 @@ +#! /bin/sh +# Configuration validation subroutine script. +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, +# 2000, 2001, 2002, 2003 Free Software Foundation, Inc. + +timestamp='2003-02-22' + +# This file is (in principle) common to ALL GNU software. +# The presence of a machine in this file suggests that SOME GNU software +# can handle that machine. It does not imply ALL GNU software can. +# +# This file is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, +# Boston, MA 02111-1307, USA. + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# Please send patches to . Submit a context +# diff and a properly formatted ChangeLog entry. +# +# Configuration subroutine to validate and canonicalize a configuration type. +# Supply the specified configuration type as an argument. +# If it is invalid, we print an error message on stderr and exit with code 1. +# Otherwise, we print the canonical config type on stdout and succeed. + +# This file is supposed to be the same for all GNU packages +# and recognize all the CPU types, system types and aliases +# that are meaningful with *any* GNU software. +# Each package is responsible for reporting which valid configurations +# it does not support. The user should be able to distinguish +# a failure to support a valid configuration from a meaningless +# configuration. + +# The goal of this file is to map all the various variations of a given +# machine specification into a single specification in the form: +# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM +# or in some cases, the newer four-part form: +# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM +# It is wrong to echo any other type of specification. + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] CPU-MFR-OPSYS + $0 [OPTION] ALIAS + +Canonicalize a configuration name. + +Operation modes: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.sub ($timestamp) + +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 +Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit 0 ;; + --version | -v ) + echo "$version" ; exit 0 ;; + --help | --h* | -h ) + echo "$usage"; exit 0 ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" + exit 1 ;; + + *local*) + # First pass through any local machine types. + echo $1 + exit 0;; + + * ) + break ;; + esac +done + +case $# in + 0) echo "$me: missing argument$help" >&2 + exit 1;; + 1) ;; + *) echo "$me: too many arguments$help" >&2 + exit 1;; +esac + +# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). +# Here we must recognize all the valid KERNEL-OS combinations. +maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` +case $maybe_os in + nto-qnx* | linux-gnu* | freebsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*) + os=-$maybe_os + basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` + ;; + *) + basic_machine=`echo $1 | sed 's/-[^-]*$//'` + if [ $basic_machine != $1 ] + then os=`echo $1 | sed 's/.*-/-/'` + else os=; fi + ;; +esac + +### Let's recognize common machines as not being operating systems so +### that things like config.sub decstation-3100 work. We also +### recognize some manufacturers as not being operating systems, so we +### can provide default operating systems below. +case $os in + -sun*os*) + # Prevent following clause from handling this invalid input. + ;; + -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ + -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ + -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ + -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ + -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ + -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ + -apple | -axis) + os= + basic_machine=$1 + ;; + -sim | -cisco | -oki | -wec | -winbond) + os= + basic_machine=$1 + ;; + -scout) + ;; + -wrs) + os=-vxworks + basic_machine=$1 + ;; + -chorusos*) + os=-chorusos + basic_machine=$1 + ;; + -chorusrdb) + os=-chorusrdb + basic_machine=$1 + ;; + -hiux*) + os=-hiuxwe2 + ;; + -sco5) + os=-sco3.2v5 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco4) + os=-sco3.2v4 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2.[4-9]*) + os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2v[4-9]*) + # Don't forget version if it is 3.2v4 or newer. + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco*) + os=-sco3.2v2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -udk*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -isc) + os=-isc2.2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -clix*) + basic_machine=clipper-intergraph + ;; + -isc*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -lynx*) + os=-lynxos + ;; + -ptx*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` + ;; + -windowsnt*) + os=`echo $os | sed -e 's/windowsnt/winnt/'` + ;; + -psos*) + os=-psos + ;; + -mint | -mint[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; +esac + +# Decode aliases for certain CPU-COMPANY combinations. +case $basic_machine in + # Recognize the basic CPU types without company name. + # Some are omitted here because they have special meanings below. + 1750a | 580 \ + | a29k \ + | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ + | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ + | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \ + | clipper \ + | d10v | d30v | dlx | dsp16xx \ + | fr30 | frv \ + | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ + | i370 | i860 | i960 | ia64 \ + | ip2k \ + | m32r | m68000 | m68k | m88k | mcore \ + | mips | mipsbe | mipseb | mipsel | mipsle \ + | mips16 \ + | mips64 | mips64el \ + | mips64vr | mips64vrel \ + | mips64orion | mips64orionel \ + | mips64vr4100 | mips64vr4100el \ + | mips64vr4300 | mips64vr4300el \ + | mips64vr5000 | mips64vr5000el \ + | mipsisa32 | mipsisa32el \ + | mipsisa32r2 | mipsisa32r2el \ + | mipsisa64 | mipsisa64el \ + | mipsisa64sb1 | mipsisa64sb1el \ + | mipsisa64sr71k | mipsisa64sr71kel \ + | mipstx39 | mipstx39el \ + | mn10200 | mn10300 \ + | msp430 \ + | ns16k | ns32k \ + | openrisc | or32 \ + | pdp10 | pdp11 | pj | pjl \ + | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ + | pyramid \ + | sh | sh[1234] | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \ + | sh64 | sh64le \ + | sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \ + | strongarm \ + | tahoe | thumb | tic80 | tron \ + | v850 | v850e \ + | we32k \ + | x86 | xscale | xstormy16 | xtensa \ + | z8k) + basic_machine=$basic_machine-unknown + ;; + m6811 | m68hc11 | m6812 | m68hc12) + # Motorola 68HC11/12. + basic_machine=$basic_machine-unknown + os=-none + ;; + m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) + ;; + + # We use `pc' rather than `unknown' + # because (1) that's what they normally are, and + # (2) the word "unknown" tends to confuse beginning users. + i*86 | x86_64) + basic_machine=$basic_machine-pc + ;; + # Object if more than one company name word. + *-*-*) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; + # Recognize the basic CPU types with company name. + 580-* \ + | a29k-* \ + | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ + | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ + | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ + | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ + | avr-* \ + | bs2000-* \ + | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ + | clipper-* | cydra-* \ + | d10v-* | d30v-* | dlx-* \ + | elxsi-* \ + | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \ + | h8300-* | h8500-* \ + | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ + | i*86-* | i860-* | i960-* | ia64-* \ + | ip2k-* \ + | m32r-* \ + | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ + | m88110-* | m88k-* | mcore-* \ + | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ + | mips16-* \ + | mips64-* | mips64el-* \ + | mips64vr-* | mips64vrel-* \ + | mips64orion-* | mips64orionel-* \ + | mips64vr4100-* | mips64vr4100el-* \ + | mips64vr4300-* | mips64vr4300el-* \ + | mips64vr5000-* | mips64vr5000el-* \ + | mipsisa32-* | mipsisa32el-* \ + | mipsisa32r2-* | mipsisa32r2el-* \ + | mipsisa64-* | mipsisa64el-* \ + | mipsisa64sb1-* | mipsisa64sb1el-* \ + | mipsisa64sr71k-* | mipsisa64sr71kel-* \ + | mipstx39-* | mipstx39el-* \ + | msp430-* \ + | none-* | np1-* | nv1-* | ns16k-* | ns32k-* \ + | orion-* \ + | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ + | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ + | pyramid-* \ + | romp-* | rs6000-* \ + | sh-* | sh[1234]-* | sh[23]e-* | sh[34]eb-* | shbe-* \ + | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ + | sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \ + | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \ + | tahoe-* | thumb-* \ + | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ + | tron-* \ + | v850-* | v850e-* | vax-* \ + | we32k-* \ + | x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \ + | xtensa-* \ + | ymp-* \ + | z8k-*) + ;; + # Recognize the various machine names and aliases which stand + # for a CPU type and a company and sometimes even an OS. + 386bsd) + basic_machine=i386-unknown + os=-bsd + ;; + 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) + basic_machine=m68000-att + ;; + 3b*) + basic_machine=we32k-att + ;; + a29khif) + basic_machine=a29k-amd + os=-udi + ;; + adobe68k) + basic_machine=m68010-adobe + os=-scout + ;; + alliant | fx80) + basic_machine=fx80-alliant + ;; + altos | altos3068) + basic_machine=m68k-altos + ;; + am29k) + basic_machine=a29k-none + os=-bsd + ;; + amdahl) + basic_machine=580-amdahl + os=-sysv + ;; + amiga | amiga-*) + basic_machine=m68k-unknown + ;; + amigaos | amigados) + basic_machine=m68k-unknown + os=-amigaos + ;; + amigaunix | amix) + basic_machine=m68k-unknown + os=-sysv4 + ;; + apollo68) + basic_machine=m68k-apollo + os=-sysv + ;; + apollo68bsd) + basic_machine=m68k-apollo + os=-bsd + ;; + aux) + basic_machine=m68k-apple + os=-aux + ;; + balance) + basic_machine=ns32k-sequent + os=-dynix + ;; + c90) + basic_machine=c90-cray + os=-unicos + ;; + convex-c1) + basic_machine=c1-convex + os=-bsd + ;; + convex-c2) + basic_machine=c2-convex + os=-bsd + ;; + convex-c32) + basic_machine=c32-convex + os=-bsd + ;; + convex-c34) + basic_machine=c34-convex + os=-bsd + ;; + convex-c38) + basic_machine=c38-convex + os=-bsd + ;; + cray | j90) + basic_machine=j90-cray + os=-unicos + ;; + crds | unos) + basic_machine=m68k-crds + ;; + cris | cris-* | etrax*) + basic_machine=cris-axis + ;; + da30 | da30-*) + basic_machine=m68k-da30 + ;; + decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) + basic_machine=mips-dec + ;; + decsystem10* | dec10*) + basic_machine=pdp10-dec + os=-tops10 + ;; + decsystem20* | dec20*) + basic_machine=pdp10-dec + os=-tops20 + ;; + delta | 3300 | motorola-3300 | motorola-delta \ + | 3300-motorola | delta-motorola) + basic_machine=m68k-motorola + ;; + delta88) + basic_machine=m88k-motorola + os=-sysv3 + ;; + dpx20 | dpx20-*) + basic_machine=rs6000-bull + os=-bosx + ;; + dpx2* | dpx2*-bull) + basic_machine=m68k-bull + os=-sysv3 + ;; + ebmon29k) + basic_machine=a29k-amd + os=-ebmon + ;; + elxsi) + basic_machine=elxsi-elxsi + os=-bsd + ;; + encore | umax | mmax) + basic_machine=ns32k-encore + ;; + es1800 | OSE68k | ose68k | ose | OSE) + basic_machine=m68k-ericsson + os=-ose + ;; + fx2800) + basic_machine=i860-alliant + ;; + genix) + basic_machine=ns32k-ns + ;; + gmicro) + basic_machine=tron-gmicro + os=-sysv + ;; + go32) + basic_machine=i386-pc + os=-go32 + ;; + h3050r* | hiux*) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + h8300hms) + basic_machine=h8300-hitachi + os=-hms + ;; + h8300xray) + basic_machine=h8300-hitachi + os=-xray + ;; + h8500hms) + basic_machine=h8500-hitachi + os=-hms + ;; + harris) + basic_machine=m88k-harris + os=-sysv3 + ;; + hp300-*) + basic_machine=m68k-hp + ;; + hp300bsd) + basic_machine=m68k-hp + os=-bsd + ;; + hp300hpux) + basic_machine=m68k-hp + os=-hpux + ;; + hp3k9[0-9][0-9] | hp9[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hp9k2[0-9][0-9] | hp9k31[0-9]) + basic_machine=m68000-hp + ;; + hp9k3[2-9][0-9]) + basic_machine=m68k-hp + ;; + hp9k6[0-9][0-9] | hp6[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hp9k7[0-79][0-9] | hp7[0-79][0-9]) + basic_machine=hppa1.1-hp + ;; + hp9k78[0-9] | hp78[0-9]) + # FIXME: really hppa2.0-hp + basic_machine=hppa1.1-hp + ;; + hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) + # FIXME: really hppa2.0-hp + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][13679] | hp8[0-9][13679]) + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][0-9] | hp8[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hppa-next) + os=-nextstep3 + ;; + hppaosf) + basic_machine=hppa1.1-hp + os=-osf + ;; + hppro) + basic_machine=hppa1.1-hp + os=-proelf + ;; + i370-ibm* | ibm*) + basic_machine=i370-ibm + ;; +# I'm not sure what "Sysv32" means. Should this be sysv3.2? + i*86v32) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv32 + ;; + i*86v4*) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv4 + ;; + i*86v) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv + ;; + i*86sol2) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-solaris2 + ;; + i386mach) + basic_machine=i386-mach + os=-mach + ;; + i386-vsta | vsta) + basic_machine=i386-unknown + os=-vsta + ;; + iris | iris4d) + basic_machine=mips-sgi + case $os in + -irix*) + ;; + *) + os=-irix4 + ;; + esac + ;; + isi68 | isi) + basic_machine=m68k-isi + os=-sysv + ;; + m88k-omron*) + basic_machine=m88k-omron + ;; + magnum | m3230) + basic_machine=mips-mips + os=-sysv + ;; + merlin) + basic_machine=ns32k-utek + os=-sysv + ;; + mingw32) + basic_machine=i386-pc + os=-mingw32 + ;; + miniframe) + basic_machine=m68000-convergent + ;; + *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; + mips3*-*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` + ;; + mips3*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown + ;; + mmix*) + basic_machine=mmix-knuth + os=-mmixware + ;; + monitor) + basic_machine=m68k-rom68k + os=-coff + ;; + morphos) + basic_machine=powerpc-unknown + os=-morphos + ;; + msdos) + basic_machine=i386-pc + os=-msdos + ;; + mvs) + basic_machine=i370-ibm + os=-mvs + ;; + ncr3000) + basic_machine=i486-ncr + os=-sysv4 + ;; + netbsd386) + basic_machine=i386-unknown + os=-netbsd + ;; + netwinder) + basic_machine=armv4l-rebel + os=-linux + ;; + news | news700 | news800 | news900) + basic_machine=m68k-sony + os=-newsos + ;; + news1000) + basic_machine=m68030-sony + os=-newsos + ;; + news-3600 | risc-news) + basic_machine=mips-sony + os=-newsos + ;; + necv70) + basic_machine=v70-nec + os=-sysv + ;; + next | m*-next ) + basic_machine=m68k-next + case $os in + -nextstep* ) + ;; + -ns2*) + os=-nextstep2 + ;; + *) + os=-nextstep3 + ;; + esac + ;; + nh3000) + basic_machine=m68k-harris + os=-cxux + ;; + nh[45]000) + basic_machine=m88k-harris + os=-cxux + ;; + nindy960) + basic_machine=i960-intel + os=-nindy + ;; + mon960) + basic_machine=i960-intel + os=-mon960 + ;; + nonstopux) + basic_machine=mips-compaq + os=-nonstopux + ;; + np1) + basic_machine=np1-gould + ;; + nv1) + basic_machine=nv1-cray + os=-unicosmp + ;; + nsr-tandem) + basic_machine=nsr-tandem + ;; + op50n-* | op60c-*) + basic_machine=hppa1.1-oki + os=-proelf + ;; + or32 | or32-*) + basic_machine=or32-unknown + os=-coff + ;; + OSE68000 | ose68000) + basic_machine=m68000-ericsson + os=-ose + ;; + os68k) + basic_machine=m68k-none + os=-os68k + ;; + pa-hitachi) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + paragon) + basic_machine=i860-intel + os=-osf + ;; + pbd) + basic_machine=sparc-tti + ;; + pbb) + basic_machine=m68k-tti + ;; + pc532 | pc532-*) + basic_machine=ns32k-pc532 + ;; + pentium | p5 | k5 | k6 | nexgen | viac3) + basic_machine=i586-pc + ;; + pentiumpro | p6 | 6x86 | athlon | athlon_*) + basic_machine=i686-pc + ;; + pentiumii | pentium2) + basic_machine=i686-pc + ;; + pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) + basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentiumpro-* | p6-* | 6x86-* | athlon-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentiumii-* | pentium2-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pn) + basic_machine=pn-gould + ;; + power) basic_machine=power-ibm + ;; + ppc) basic_machine=powerpc-unknown + ;; + ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppcle | powerpclittle | ppc-le | powerpc-little) + basic_machine=powerpcle-unknown + ;; + ppcle-* | powerpclittle-*) + basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppc64) basic_machine=powerpc64-unknown + ;; + ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppc64le | powerpc64little | ppc64-le | powerpc64-little) + basic_machine=powerpc64le-unknown + ;; + ppc64le-* | powerpc64little-*) + basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ps2) + basic_machine=i386-ibm + ;; + pw32) + basic_machine=i586-unknown + os=-pw32 + ;; + rom68k) + basic_machine=m68k-rom68k + os=-coff + ;; + rm[46]00) + basic_machine=mips-siemens + ;; + rtpc | rtpc-*) + basic_machine=romp-ibm + ;; + s390 | s390-*) + basic_machine=s390-ibm + ;; + s390x | s390x-*) + basic_machine=s390x-ibm + ;; + sa29200) + basic_machine=a29k-amd + os=-udi + ;; + sb1) + basic_machine=mipsisa64sb1-unknown + ;; + sb1el) + basic_machine=mipsisa64sb1el-unknown + ;; + sequent) + basic_machine=i386-sequent + ;; + sh) + basic_machine=sh-hitachi + os=-hms + ;; + sparclite-wrs | simso-wrs) + basic_machine=sparclite-wrs + os=-vxworks + ;; + sps7) + basic_machine=m68k-bull + os=-sysv2 + ;; + spur) + basic_machine=spur-unknown + ;; + st2000) + basic_machine=m68k-tandem + ;; + stratus) + basic_machine=i860-stratus + os=-sysv4 + ;; + sun2) + basic_machine=m68000-sun + ;; + sun2os3) + basic_machine=m68000-sun + os=-sunos3 + ;; + sun2os4) + basic_machine=m68000-sun + os=-sunos4 + ;; + sun3os3) + basic_machine=m68k-sun + os=-sunos3 + ;; + sun3os4) + basic_machine=m68k-sun + os=-sunos4 + ;; + sun4os3) + basic_machine=sparc-sun + os=-sunos3 + ;; + sun4os4) + basic_machine=sparc-sun + os=-sunos4 + ;; + sun4sol2) + basic_machine=sparc-sun + os=-solaris2 + ;; + sun3 | sun3-*) + basic_machine=m68k-sun + ;; + sun4) + basic_machine=sparc-sun + ;; + sun386 | sun386i | roadrunner) + basic_machine=i386-sun + ;; + sv1) + basic_machine=sv1-cray + os=-unicos + ;; + symmetry) + basic_machine=i386-sequent + os=-dynix + ;; + t3e) + basic_machine=alphaev5-cray + os=-unicos + ;; + t90) + basic_machine=t90-cray + os=-unicos + ;; + tic4x | c4x*) + basic_machine=tic4x-unknown + os=-coff + ;; + tic54x | c54x*) + basic_machine=tic54x-unknown + os=-coff + ;; + tic55x | c55x*) + basic_machine=tic55x-unknown + os=-coff + ;; + tic6x | c6x*) + basic_machine=tic6x-unknown + os=-coff + ;; + tx39) + basic_machine=mipstx39-unknown + ;; + tx39el) + basic_machine=mipstx39el-unknown + ;; + toad1) + basic_machine=pdp10-xkl + os=-tops20 + ;; + tower | tower-32) + basic_machine=m68k-ncr + ;; + udi29k) + basic_machine=a29k-amd + os=-udi + ;; + ultra3) + basic_machine=a29k-nyu + os=-sym1 + ;; + v810 | necv810) + basic_machine=v810-nec + os=-none + ;; + vaxv) + basic_machine=vax-dec + os=-sysv + ;; + vms) + basic_machine=vax-dec + os=-vms + ;; + vpp*|vx|vx-*) + basic_machine=f301-fujitsu + ;; + vxworks960) + basic_machine=i960-wrs + os=-vxworks + ;; + vxworks68) + basic_machine=m68k-wrs + os=-vxworks + ;; + vxworks29k) + basic_machine=a29k-wrs + os=-vxworks + ;; + w65*) + basic_machine=w65-wdc + os=-none + ;; + w89k-*) + basic_machine=hppa1.1-winbond + os=-proelf + ;; + xps | xps100) + basic_machine=xps100-honeywell + ;; + ymp) + basic_machine=ymp-cray + os=-unicos + ;; + z8k-*-coff) + basic_machine=z8k-unknown + os=-sim + ;; + none) + basic_machine=none-none + os=-none + ;; + +# Here we handle the default manufacturer of certain CPU types. It is in +# some cases the only manufacturer, in others, it is the most popular. + w89k) + basic_machine=hppa1.1-winbond + ;; + op50n) + basic_machine=hppa1.1-oki + ;; + op60c) + basic_machine=hppa1.1-oki + ;; + romp) + basic_machine=romp-ibm + ;; + rs6000) + basic_machine=rs6000-ibm + ;; + vax) + basic_machine=vax-dec + ;; + pdp10) + # there are many clones, so DEC is not a safe bet + basic_machine=pdp10-unknown + ;; + pdp11) + basic_machine=pdp11-dec + ;; + we32k) + basic_machine=we32k-att + ;; + sh3 | sh4 | sh[34]eb | sh[1234]le | sh[23]ele) + basic_machine=sh-unknown + ;; + sh64) + basic_machine=sh64-unknown + ;; + sparc | sparcv9 | sparcv9b) + basic_machine=sparc-sun + ;; + cydra) + basic_machine=cydra-cydrome + ;; + orion) + basic_machine=orion-highlevel + ;; + orion105) + basic_machine=clipper-highlevel + ;; + mac | mpw | mac-mpw) + basic_machine=m68k-apple + ;; + pmac | pmac-mpw) + basic_machine=powerpc-apple + ;; + *-unknown) + # Make sure to match an already-canonicalized machine name. + ;; + *) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; +esac + +# Here we canonicalize certain aliases for manufacturers. +case $basic_machine in + *-digital*) + basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` + ;; + *-commodore*) + basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` + ;; + *) + ;; +esac + +# Decode manufacturer-specific aliases for certain operating systems. + +if [ x"$os" != x"" ] +then +case $os in + # First match some system type aliases + # that might get confused with valid system types. + # -solaris* is a basic system type, with this one exception. + -solaris1 | -solaris1.*) + os=`echo $os | sed -e 's|solaris1|sunos4|'` + ;; + -solaris) + os=-solaris2 + ;; + -svr4*) + os=-sysv4 + ;; + -unixware*) + os=-sysv4.2uw + ;; + -gnu/linux*) + os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` + ;; + # First accept the basic system types. + # The portable systems comes first. + # Each alternative MUST END IN A *, to match a version number. + # -sysv* is not here because it comes later, after sysvr4. + -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ + | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ + | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ + | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ + | -aos* \ + | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ + | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ + | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \ + | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ + | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ + | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ + | -chorusos* | -chorusrdb* \ + | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ + | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \ + | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ + | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ + | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ + | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ + | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ + | -powermax* | -dnix*) + # Remember, each alternative MUST END IN *, to match a version number. + ;; + -qnx*) + case $basic_machine in + x86-* | i*86-*) + ;; + *) + os=-nto$os + ;; + esac + ;; + -nto-qnx*) + ;; + -nto*) + os=`echo $os | sed -e 's|nto|nto-qnx|'` + ;; + -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ + | -windows* | -osx | -abug | -netware* | -os9* | -beos* \ + | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) + ;; + -mac*) + os=`echo $os | sed -e 's|mac|macos|'` + ;; + -linux*) + os=`echo $os | sed -e 's|linux|linux-gnu|'` + ;; + -sunos5*) + os=`echo $os | sed -e 's|sunos5|solaris2|'` + ;; + -sunos6*) + os=`echo $os | sed -e 's|sunos6|solaris3|'` + ;; + -opened*) + os=-openedition + ;; + -wince*) + os=-wince + ;; + -osfrose*) + os=-osfrose + ;; + -osf*) + os=-osf + ;; + -utek*) + os=-bsd + ;; + -dynix*) + os=-bsd + ;; + -acis*) + os=-aos + ;; + -atheos*) + os=-atheos + ;; + -386bsd) + os=-bsd + ;; + -ctix* | -uts*) + os=-sysv + ;; + -nova*) + os=-rtmk-nova + ;; + -ns2 ) + os=-nextstep2 + ;; + -nsk*) + os=-nsk + ;; + # Preserve the version number of sinix5. + -sinix5.*) + os=`echo $os | sed -e 's|sinix|sysv|'` + ;; + -sinix*) + os=-sysv4 + ;; + -triton*) + os=-sysv3 + ;; + -oss*) + os=-sysv3 + ;; + -svr4) + os=-sysv4 + ;; + -svr3) + os=-sysv3 + ;; + -sysvr4) + os=-sysv4 + ;; + # This must come after -sysvr4. + -sysv*) + ;; + -ose*) + os=-ose + ;; + -es1800*) + os=-ose + ;; + -xenix) + os=-xenix + ;; + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + os=-mint + ;; + -aros*) + os=-aros + ;; + -kaos*) + os=-kaos + ;; + -none) + ;; + *) + # Get rid of the `-' at the beginning of $os. + os=`echo $os | sed 's/[^-]*-//'` + echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 + exit 1 + ;; +esac +else + +# Here we handle the default operating systems that come with various machines. +# The value should be what the vendor currently ships out the door with their +# machine or put another way, the most popular os provided with the machine. + +# Note that if you're going to try to match "-MANUFACTURER" here (say, +# "-sun"), then you have to tell the case statement up towards the top +# that MANUFACTURER isn't an operating system. Otherwise, code above +# will signal an error saying that MANUFACTURER isn't an operating +# system, and we'll never get to this point. + +case $basic_machine in + *-acorn) + os=-riscix1.2 + ;; + arm*-rebel) + os=-linux + ;; + arm*-semi) + os=-aout + ;; + # This must come before the *-dec entry. + pdp10-*) + os=-tops20 + ;; + pdp11-*) + os=-none + ;; + *-dec | vax-*) + os=-ultrix4.2 + ;; + m68*-apollo) + os=-domain + ;; + i386-sun) + os=-sunos4.0.2 + ;; + m68000-sun) + os=-sunos3 + # This also exists in the configure program, but was not the + # default. + # os=-sunos4 + ;; + m68*-cisco) + os=-aout + ;; + mips*-cisco) + os=-elf + ;; + mips*-*) + os=-elf + ;; + or32-*) + os=-coff + ;; + *-tti) # must be before sparc entry or we get the wrong os. + os=-sysv3 + ;; + sparc-* | *-sun) + os=-sunos4.1.1 + ;; + *-be) + os=-beos + ;; + *-ibm) + os=-aix + ;; + *-wec) + os=-proelf + ;; + *-winbond) + os=-proelf + ;; + *-oki) + os=-proelf + ;; + *-hp) + os=-hpux + ;; + *-hitachi) + os=-hiux + ;; + i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) + os=-sysv + ;; + *-cbm) + os=-amigaos + ;; + *-dg) + os=-dgux + ;; + *-dolphin) + os=-sysv3 + ;; + m68k-ccur) + os=-rtu + ;; + m88k-omron*) + os=-luna + ;; + *-next ) + os=-nextstep + ;; + *-sequent) + os=-ptx + ;; + *-crds) + os=-unos + ;; + *-ns) + os=-genix + ;; + i370-*) + os=-mvs + ;; + *-next) + os=-nextstep3 + ;; + *-gould) + os=-sysv + ;; + *-highlevel) + os=-bsd + ;; + *-encore) + os=-bsd + ;; + *-sgi) + os=-irix + ;; + *-siemens) + os=-sysv4 + ;; + *-masscomp) + os=-rtu + ;; + f30[01]-fujitsu | f700-fujitsu) + os=-uxpv + ;; + *-rom68k) + os=-coff + ;; + *-*bug) + os=-coff + ;; + *-apple) + os=-macos + ;; + *-atari*) + os=-mint + ;; + *) + os=-none + ;; +esac +fi + +# Here we handle the case where we know the os, and the CPU type, but not the +# manufacturer. We pick the logical manufacturer. +vendor=unknown +case $basic_machine in + *-unknown) + case $os in + -riscix*) + vendor=acorn + ;; + -sunos*) + vendor=sun + ;; + -aix*) + vendor=ibm + ;; + -beos*) + vendor=be + ;; + -hpux*) + vendor=hp + ;; + -mpeix*) + vendor=hp + ;; + -hiux*) + vendor=hitachi + ;; + -unos*) + vendor=crds + ;; + -dgux*) + vendor=dg + ;; + -luna*) + vendor=omron + ;; + -genix*) + vendor=ns + ;; + -mvs* | -opened*) + vendor=ibm + ;; + -ptx*) + vendor=sequent + ;; + -vxsim* | -vxworks* | -windiss*) + vendor=wrs + ;; + -aux*) + vendor=apple + ;; + -hms*) + vendor=hitachi + ;; + -mpw* | -macos*) + vendor=apple + ;; + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + vendor=atari + ;; + -vos*) + vendor=stratus + ;; + esac + basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` + ;; +esac + +echo $basic_machine$os +exit 0 + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff --git a/configure.in b/configure.in new file mode 100644 index 000000000..f2139a59b --- /dev/null +++ b/configure.in @@ -0,0 +1,461 @@ +dnl $Id: configure.in,v 1.70 2007/06/07 02:33:53 vkurland Exp $ + +AC_INIT(src/gui/main.cpp) +AC_CANONICAL_SYSTEM +AC_CONFIG_HEADER(config.h) + +PACKAGE=fwbuilder +AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [package]) +AC_SUBST(PACKAGE) + +dnl +dnl all version numbers are defined in the file VERSION +dnl +. ./VERSION + +BUILD_NUM=`cat build_num | cut -d' ' -f3` + +AC_SUBST(FWB_MAJOR_VERSION) +AC_SUBST(FWB_MINOR_VERSION) +AC_SUBST(FWB_MICRO_VERSION) +AC_SUBST(FWB_VERSION) + +SHORTVERSION=${FWB_MAJOR_VERSION}${FWB_MINOR_VERSION}${FWB_MICRO_VERSION} +AC_SUBST(SHORTVERSION) + +AC_SUBST(RELEASE_NUM) +AC_DEFINE_UNQUOTED(RELEASE_NUM, "$RELEASE_NUM", [release_num]) + +AC_SUBST(REQUIRED_LIBFWBUILDER_VERSION) +AC_SUBST(LIBFWBUILDER_SOMAJOR) + +echo "Creating VERSION.h file..." + +echo "#define VERSION \"$VERSION\"" > VERSION.h +echo "#define RELEASE_NUM \"$RELEASE_NUM\"" >> VERSION.h + +dnl try to find QT +dnl +AC_ARG_WITH(qtdir,[ --with-qtdir=DIR Specify directory path for QT ]) + +AC_MSG_CHECKING(looking for QT) +if test -n "$with_qtdir"; then + QTDIR="$with_qtdir"; +elif test -z "$QTDIR"; then + test -f "/usr/local/lib/qt3/include/qstyle.h" && QTDIR="/usr/local/lib/qt3" + test -f "/opt/lib/qt3/include/qstyle.h" && QTDIR="/opt/lib/qt3" + test -f "/opt/qt3/include/qstyle.h" && QTDIR="/opt/qt3" + test -f "/usr/lib/qt3/include/qstyle.h" && QTDIR="/usr/lib/qt3" + test -f "/usr/lib/qt-3.1/include/qstyle.h" && QTDIR="/usr/lib/qt-3.1" + test -f "/usr/lib/qt-3.2/include/qstyle.h" && QTDIR="/usr/lib/qt-3.2" + test -f "/usr/lib/qt-3.3/include/qstyle.h" && QTDIR="/usr/lib/qt-3.3" + test -f "/usr/local/include/qstyle.h" && QTDIR="/usr/local" + test -f "/usr/include/qstyle.h" && QTDIR="/usr" + test -f "/usr/lib64/qt-3.3/include/qstyle.h" && QTDIR="/usr/lib64/qt-3.3" +fi +export QTDIR +AC_MSG_RESULT($QTDIR) + +echo $QTDIR > qtdir + +QTTRANSLATIONSDIR="${QTDIR}/translations" +AC_DEFINE_UNQUOTED(QTTRANSLATIONSDIR, "$QTTRANSLATIONSDIR", [qttranslationsdir]) +AC_SUBST(QTTRANSLATIONSDIR) + +EXTENDED_PATH="${QTDIR}/bin:/usr/local/bin:$PATH" + +AC_PATH_PROG(QMAKE, qmake, ,[$EXTENDED_PATH]) +if test -z "$QMAKE"; then + AC_MSG_ERROR("Could not find qmake") +fi + +AC_MSG_CHECKING(checking version of QT this qmake is part of) +qmake_version=`$QMAKE -v 2>&1 | awk '/Using Qt version/ { print $4;}'` +case $qmake_version in + 4.*) AC_MSG_RESULT( $qmake_version ) ;; + *) AC_MSG_ERROR( "$qmake_version -- v4.x is required") ;; +esac + + + +AC_ARG_WITH(templatedir, [ --with-templatedir=DIR Specify directory path for fwbuilder template files ]) +AC_ARG_WITH(docdir, [ --with-docdir=DIR Specify directory path for fwbuilder + documentation files ]) + + + +dnl +dnl Determine init dir and add definition to config.h. Program +dnl determines prefix name of the directory it was started from +dnl and prepends it to the RES_DIR +dnl + +PREFIX=$ac_default_prefix + +if test "x$prefix" != "xNONE"; then + PREFIX=$prefix +fi +AC_DEFINE_UNQUOTED(PREFIX, "${PREFIX}", [prefix]) +AC_SUBST(PREFIX) + +AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [version]) +AC_SUBST(VERSION) + + +AC_PROG_INSTALL + +AC_ISC_POSIX +AC_PROG_CC +dnl AM_PROG_CC_STDC +AC_HEADER_STDC +AC_PROG_CPP +AC_PROG_CXX +AC_PROG_CXXCPP + +dnl need this for intl to compile on FreeBSD and may be other platforms +AC_CHECK_FUNCS(strchr memcpy) + + +dnl AM_INIT_AUTOMAKE($PACKAGE, $VERSION) +dnl AC_CANONICAL_HOST + +AC_PROG_MAKE_SET + + +dnl Check for GNU make +dnl +AC_MSG_CHECKING(whether make is GNU Make) +if ${MAKE-make} -q --version 2>/dev/null | grep '^GNU Make ' >/dev/null ; then + AC_MSG_RESULT(yes) +else + AC_MSG_RESULT(no) + if test "$host_vendor" = "sun" ; then + AC_MSG_ERROR("SUN make does not work for building Firewall Builder. Please install GNU make") + fi +fi + +dnl some platform-dependent flags +dnl +dnl e.g. we need to set -I/sw/include before check for GETTEXT +dnl +GUILINKFLAGS= +case "$build_os" in + *solaris*) + GUILINKFLAGS="-export-dynamic" + ;; + *darwin*) + if test -d /sw/include; then + CXXFLAGS="-I/sw/include" + CPPFLAGS="-I/sw/include" + CFLAGS="-I/sw/include" + LDFLAGS="-flat_namespace" + fi + LIBS="$LIBS -L/sw/lib" + AC_CHECK_LIB(poll, poll, [LIBS="$LIBS -lpoll"],[ + AC_MSG_ERROR([Could not link with libpoll: library is not installed on this system]) + ]) + ;; + esac +AC_SUBST(GUILINKFLAGS) + +dnl +dnl forkpty is in libutil on Linux and BSD, while on Mac it is in libc +dnl +AC_CHECK_HEADERS( [pty.h libutil.h util.h],[],[],[#include ]) +AC_CHECK_LIB(c,forkpty,[ + AC_DEFINE_UNQUOTED(HAVE_FORKPTY, 1, [forkpty]) + ],[ + AC_CHECK_LIB(util,forkpty,[ + AC_DEFINE_UNQUOTED(HAVE_FORKPTY, 1, [forkpty]) + LIBS="-lutil $LIBS" + ],[ + AC_MSG_RESULT(["forkpty not found, will use emulation"]) + ],[]) +],[]) + +AC_CHECK_LIB(c,cfmakeraw,[ + AC_DEFINE_UNQUOTED(HAVE_CFMAKERAW, 1, [cfmakeraw]) +]) + +dnl standard LIBTOOL fragment +dnl +dnl commented out 12/20 - we now use qmake and do not need libtool +dnl +dnl AC_LIBTOOL_DLOPEN +dnl AC_PROG_LIBTOOL +dnl AC_SUBST(LIBTOOL_DEPS) +dnl AM_PROG_LIBTOOL +dnl AC_PROG_RANLIB + +AC_CHECK_HEADERS([getopt.h]) +AC_CHECK_HEADERS([signal.h]) + +AC_CHECK_FUNCS(stat _stat signal) + +AC_STRUCT_TM +AC_STRUCT_TIMEZONE + +dnl do not insert spaces in these macros, even outside of [] +AC_PATH_PROG(RCS_FILE_NAME,[rcs],[rcs],[$EXTENDED_PATH]) +AC_PATH_PROG(RCSDIFF_FILE_NAME,[rcsdiff],[rcsdiff],[$EXTENDED_PATH]) +AC_PATH_PROG(RLOG_FILE_NAME,[rlog],[rlog],[$EXTENDED_PATH]) +AC_PATH_PROG(CI_FILE_NAME,[ci],[ci],[$EXTENDED_PATH]) +AC_PATH_PROG(CO_FILE_NAME,[co],[co],[$EXTENDED_PATH]) + +AC_DEFINE_UNQUOTED(RCS_FILE_NAME, ["$RCS_FILE_NAME"], [rcs_file_name]) +AC_DEFINE_UNQUOTED(RCSDIFF_FILE_NAME, ["$RCSDIFF_FILE_NAME"], [rcsdiff_file_name]) +AC_DEFINE_UNQUOTED(RLOG_FILE_NAME, ["$RLOG_FILE_NAME"], [rlog_file_name]) +AC_DEFINE_UNQUOTED(CI_FILE_NAME, ["$CI_FILE_NAME"], [ci_file_name]) +AC_DEFINE_UNQUOTED(CO_FILE_NAME, ["$CO_FILE_NAME"], [co_file_name]) + + +AC_PATH_PROG(LIBFWBUILDER_CONFIG, libfwbuilder-config-${FWB_MAJOR_VERSION}.${FWB_MINOR_VERSION}, ,[$EXTENDED_PATH]) + +if test x$LIBFWBUILDER_CONFIG = x ; then + AC_MSG_ERROR([*** libfwbuilder not installed, or libfwbuilder-config-2 is not in path]) +else + LIBFWBUILDER_CFLAGS_FWBUILDER="`$LIBFWBUILDER_CONFIG --cflags fwbuilder`" + LIBFWBUILDER_CFLAGS_FWCOMPILER="`$LIBFWBUILDER_CONFIG --cflags fwcompiler`" + LIBFWBUILDER_CFLAGS_FWBD="`$LIBFWBUILDER_CONFIG --cflags fwbd`" + LIBFWBUILDER_INCLUDEPATH="`$LIBFWBUILDER_CONFIG --includepath`" + LIBFWBUILDER_LIBPATH="`$LIBFWBUILDER_CONFIG --libpath`" + LIBFWBUILDER_LIBS_FWBUILDER="`$LIBFWBUILDER_CONFIG --libs fwbuilder`" + LIBFWBUILDER_LIBS_FWCOMPILER="`$LIBFWBUILDER_CONFIG --libs fwcompiler`" + LIBFWBUILDER_LIBS_FWBD="`$LIBFWBUILDER_CONFIG --libs fwbd`" + LIBFWBUILDER_STATICLIBS="`$LIBFWBUILDER_CONFIG --staticlibs`" + LIBFWBUILDER_VERSION="`$LIBFWBUILDER_CONFIG --version`" + + AC_MSG_CHECKING(libfwbuilder version) + if test x${LIBFWBUILDER_VERSION} != x${REQUIRED_LIBFWBUILDER_VERSION} ; then + AC_MSG_ERROR([*** Need libfwbuilder version $REQUIRED_LIBFWBUILDER_VERSION, found $LIBFWBUILDER_VERSION ]) + fi + AC_MSG_RESULT($LIBFWBUILDER_VERSION) + + AC_SUBST(LIBFWBUILDER_CFLAGS_FWBUILDER) + AC_SUBST(LIBFWBUILDER_CFLAGS_FWCOMPILER) + AC_SUBST(LIBFWBUILDER_LIBS_FWBUILDER) + AC_SUBST(LIBFWBUILDER_LIBS_FWCOMPILER) + AC_SUBST(LIBFWBUILDER_LIBPATH) + AC_SUBST(LIBFWBUILDER_INCLUDEPATH) + AC_SUBST(LIBFWBUILDER_STATICLIBS) + AC_SUBST(LIBFWBUILDER_VERSION) + +fi + +AC_DEFINE_UNQUOTED(LIBFWBUILDER_VERSION, "$LIBFWBUILDER_VERSION", [libfwbuilder_version]) + +AC_SUBST(LIBS) + +AC_LANG_CPLUSPLUS + +AC_PATH_PROG(ANTLR_CONFIG, antlr-config, , [$EXTENDED_PATH]) +AC_MSG_CHECKING(antlr) +HAVE_ANTLR_RUNTIME="1" +HAVE_EXTERNAL_ANTLR="0"; +if test x$ANTLR_CONFIG = x; then + ANTLR_INCLUDEPATH="`pwd`/src/" + ANTLR_LIBS="`pwd`/src/antlr/libantlr.a" + AC_MSG_RESULT(using provided) +else + ANTLR_VERSION="`$ANTLR_CONFIG --version`" + if test x$ANTLR_VERSION != x2.7.7; then + ANTLR_INCLUDEPATH="`pwd`/src/" + ANTLR_LIBS="`pwd`/src/antlr/libantlr.a" + AC_MSG_RESULT(using provided) + else + ANTLR_INCLUDEPATH="`$ANTLR_CONFIG --cflags`" + ANTLR_LIBS="`$ANTLR_CONFIG --libs`" + HAVE_EXTERNAL_ANTLR="1" + AC_MSG_RESULT(using external version $ANTLR_VERSION) + fi +fi +AC_DEFINE_UNQUOTED(HAVE_ANTLR_RUNTIME, 1, [antlr_runtime]) +AC_DEFINE_UNQUOTED(HAVE_EXTERNAL_ANTLR, $HAVE_EXTERNAL_ANTLR, [external_antlr]) +AC_SUBST(HAVE_ANTLR_RUNTIME) +AC_SUBST(HAVE_EXTERNAL_ANTLR) +AC_SUBST(ANTLR_LIBS) +AC_SUBST(ANTLR_INCLUDEPATH) + + + +dnl ******************************************************************** + +if test -z ${RELEASE_NUM}; then + RPMRELEASE="1" +else + RPMRELEASE="${RELEASE_NUM}"; +fi +AC_SUBST(RPMRELEASE) + +AC_MSG_CHECKING(what OS this is) + +case ${host} in + *-*-cygwin*) + OS=cygwin + OS_CYGWIN=1 + AC_MSG_RESULT(Win32 cygwin) + DEFAULT_RES_DIR="resources" + ;; + + *-*-mingw32*) + OS=mingw32 + OS_MINGW=1 + AC_MSG_RESULT(Win32 mingw) + DEFAULT_RES_DIR="resources" + ;; + + *-*-darwin*) + OS=MacOSX + OS_MACOSX=1 + MANDIR="${PREFIX}/share/man/" + AC_MSG_RESULT(MacOSX) + DEFAULT_RES_DIR="../Resources" + ;; + + *-*-solaris*) + OS=Solaris + OS_SOLARIS=1 + MANDIR="${PREFIX}/share/man/" + AC_MSG_RESULT(Solaris) + DEFAULT_RES_DIR="${PREFIX}/share/fwbuilder${FWB_MAJOR_VERSION}${FWB_MINOR_VERSION}" + ;; + + *-*-freebsd*) + OS=FreeBSD + OS_FREEBSD=1 + MANDIR="${PREFIX}/man/" + AC_MSG_RESULT(FreeBSD) + DEFAULT_RES_DIR="${PREFIX}/share/fwbuilder${FWB_MAJOR_VERSION}${FWB_MINOR_VERSION}" + ;; + + *-*-openbsd*) + OS=OpenBSD + OS_OPENBSD=1 + MANDIR="${PREFIX}/man/" + AC_MSG_RESULT(OpenBSD) + DEFAULT_RES_DIR="${PREFIX}/share/fwbuilder${FWB_MAJOR_VERSION}${FWB_MINOR_VERSION}" + ;; + + *-*-kfreebsd*) + OS=FreeBSD + OS_FREEBSD=1 + if test -f /etc/debian_version ; then + DISTRO=Debian + else + DISTRO="Unknown" + fi + MANDIR="${PREFIX}/share/man/" + AC_MSG_RESULT($DISTRO GNU/kFreeBSD) + DEFAULT_RES_DIR="${PREFIX}/share/fwbuilder${FWB_MAJOR_VERSION}${FWB_MINOR_VERSION}" + ;; + + *-*-linux*) + DEFAULT_RES_DIR="${PREFIX}/share/fwbuilder${FWB_MAJOR_VERSION}${FWB_MINOR_VERSION}" + OS=Linux + OS_LINUX=1 + if test -f /etc/debian_version ; then + DISTRO=Debian + elif test -f /etc/mandrake-release ; then + DISTRO=Mandrake + elif test -f /etc/slackware-version ; then + DISTRO=Slackware + elif test -f /etc/SuSE-release ; then + DISTRO=SuSE + elif test -f /etc/redhat-release ; then +# +# Mandrake has symlink /etc/redhat-release -> /etc/manrake-release , +# so this check must be the last +# + DISTRO=RedHat + else + DISTRO="Unknown" + fi + MANDIR="${PREFIX}/share/man/" + AC_MSG_RESULT($DISTRO Linux) + ;; + + *) + OS=Unknown + OS_UNKNOWN=1 + DISTRO=Unknown + MANDIR="${PREFIX}/share/man/" + AC_MSG_RESULT(Unknown) + DEFAULT_RES_DIR="${PREFIX}/share/fwbuilder${FWB_MAJOR_VERSION}${FWB_MINOR_VERSION}" + ;; +esac + +if test "x$with_templatedir" != "x"; then + RES_DIR="${with_templatedir}" +else + RES_DIR="$DEFAULT_RES_DIR" +fi + +AC_DEFINE_UNQUOTED(RES_DIR, "$RES_DIR", [res_dir]) +AC_SUBST(RES_DIR) + + +if test "x$with_docdir" != "x"; then + DOCDIR="${with_docdir}" +else + DOCDIR="${PREFIX}/share/doc/fwbuilder-${VERSION}" +fi +DOCDIRPATH=`dirname ${DOCDIR}` + +AC_SUBST(OS) +AC_DEFINE_UNQUOTED(OS, "${OS}", [os]) +test -n "$OS_CYGWIN" && AC_DEFINE_UNQUOTED(OS_CYGWIN, "${OS_CYGWIN}", [cygwin]) +test -n "$OS_MINGW" && AC_DEFINE_UNQUOTED(OS_MINGW, "${OS_MINGW}", [mingw]) +test -n "$OS_MACOSX" && AC_DEFINE_UNQUOTED(OS_MACOSX, "${OS_MACOSX}", [macosx]) +test -n "$OS_SOLARIS" && AC_DEFINE_UNQUOTED(OS_SOLARIS, "${OS_SOLARIS}", [solaris]) +test -n "$OS_FREEBSD" && AC_DEFINE_UNQUOTED(OS_FREEBSD, "${OS_FREEBSD}", [freebsd]) +test -n "$OS_OPENBSD" && AC_DEFINE_UNQUOTED(OS_OPENBSD, "${OS_OPENBSD}", [openbsd]) +test -n "$OS_LINUX" && AC_DEFINE_UNQUOTED(OS_LINUX, "${OS_LINUX}", [linux]) +test -n "$OS_UNKNOWN" && AC_DEFINE_UNQUOTED(OS_UNKNOWN, "${OS_UNKNOWN}", [unknown]) + +AC_SUBST(DISTRO) +AC_DEFINE_UNQUOTED(DISTRO, "${DISTRO}", [distro]) + +AC_SUBST(DOCDIRPATH) +AC_DEFINE_UNQUOTED(DOCDIRPATH, "${DOCDIRPATH}", [docdirpath]) + +AC_SUBST(DOCDIR) +AC_DEFINE_UNQUOTED(DOCDIR, "${DOCDIR}", [docdir]) + +AC_SUBST(MANDIR) + +AC_PATH_PROG(CCACHE, ccache, , ) + +dnl Support for the po directory. +AM_PO_SUBDIRS + +dnl AC_CONFIG_FILES([ Main.make ]) +AC_CONFIG_FILES([ qmake.inc ]) +AC_CONFIG_FILES([ po/POmakefile ], [AM_POSTPROCESS_PO_MAKEFILE]) + +AC_CONFIG_FILES([ src/res/objects_init.xml ]) +AC_CONFIG_FILES([ src/res/templates.xml ]) +AC_CONFIG_FILES([ src/res/resources.xml ]) +AC_CONFIG_FILES([ src/res/os/fwsm_os.xml ]) +AC_CONFIG_FILES([ src/res/os/freebsd.xml ]) +AC_CONFIG_FILES([ src/res/os/linux24.xml ]) +AC_CONFIG_FILES([ src/res/os/linksys.xml ]) +AC_CONFIG_FILES([ src/res/os/macosx.xml ]) +AC_CONFIG_FILES([ src/res/os/openbsd.xml ]) +AC_CONFIG_FILES([ src/res/os/pix_os.xml ]) +AC_CONFIG_FILES([ src/res/os/ios.xml ]) +AC_CONFIG_FILES([ src/res/os/solaris.xml ]) +AC_CONFIG_FILES([ src/res/os/unknown_os.xml ]) +AC_CONFIG_FILES([ src/res/platform/fwsm.xml ]) +AC_CONFIG_FILES([ src/res/platform/ipf.xml ]) +AC_CONFIG_FILES([ src/res/platform/ipfw.xml ]) +AC_CONFIG_FILES([ src/res/platform/iptables.xml ]) +AC_CONFIG_FILES([ src/res/platform/pf.xml ]) +AC_CONFIG_FILES([ src/res/platform/pix.xml ]) +AC_CONFIG_FILES([ src/res/platform/iosacl.xml ]) +AC_CONFIG_FILES([ src/res/platform/unknown.xml ]) + + +AC_OUTPUT + +. ./runqmake.sh + diff --git a/definitions.h b/definitions.h new file mode 100644 index 000000000..6413536ba --- /dev/null +++ b/definitions.h @@ -0,0 +1,39 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id$ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + + + Define global macros and constants in this file if they are used in + the GUI, compilers and tools + +*/ + +#ifndef __DEFINITIONS_ +#define __DEFINITIONS_ + + +#define DIVERTSOCKET 0 +#define DUMMYNETPIPE 1 +#define DUMMYNETQUEUE 2 + + +#endif diff --git a/description.txt b/description.txt new file mode 100644 index 000000000..3a5238f8c --- /dev/null +++ b/description.txt @@ -0,0 +1,44 @@ +This is the report of porting FWBuilder to the QT4 library. + +Done at all: +1) AboutDialog_q.ui: form completelly ported; CREATED: FWBAboutDialog.h +2) FWObjectClipboard.h, .cpp: no work at most +3) ColorCheckViewItem.h, .cpp: I found that this module isn't used in the project so I didn't do anything with it. +4) definitions.h +5) platforms.h, .cpp +6) FWObjectPropertiesFactory.h, .cpp +7) FWBSettings.h, .cpp +8) listOfLibraries.h, .cpp +9) FWBTree.h, .cpp +10) utils.h, .cpp +11) utils_no_qt.h, .cpp +12) FWObjectDropArea.h, .cpp, .ui: not tested +13) ObjectTreeViewItem.h, .cpp +14) ObjectTreeView.h, .cpp +15) listOfLibraries.h, .cpp +16) upgradePredicate.h +17) ObjConflictResolutionDialog.h, .cpp, .ui +18) SimpleTextEditor.h, .cpp, .ui +19) SimpleTextView.h, .cpp, .ui +20) SimpleIntEditor.h, .cpp, .ui +21) inplaceComboBox.h, .cpp +22) ActionsDialog.h, .cpp, .ui +23) ColorLabelMenuItem.h, .cpp, .ui +24) findDialog.h, .cpp, .ui +25) FindObjectWidget.h, .cpp, .ui +26) RCSFileDialog.h, .cpp + +Almost done: +1) FWBMainWindow.ui: form needs some attention in later porting but now it does work +2) RCS.h, .cpp: need some attention, may have problems with QProcess objects +3) DialogData.h, .cpp + +In work: +1) FWWindow.h, .cpp: big part of code is commented. +2) main.cpp: some part of code is commented. +3) ObjectManipulator.h, .cpp, .ui: need to connect Object Editor. +4) RuleSetView.h, .cpp + +Stopped files, files having problems: +1) FWObjectDrag.h, .cpp: problems with inheriting (QStoredDrag -> QMimeData, QDrag). +2) RCSFilePreview.h, .cpp, .ui: there is no such thing as file preview in Qt4 so I can't use these files for the RCSFileDialog dialog. diff --git a/doc/.cvsignore b/doc/.cvsignore new file mode 100644 index 000000000..641d40f7f --- /dev/null +++ b/doc/.cvsignore @@ -0,0 +1,4 @@ +Makefile +.moc +.ui +*.app diff --git a/doc/AUTHORS b/doc/AUTHORS new file mode 100644 index 000000000..e2d0cf091 --- /dev/null +++ b/doc/AUTHORS @@ -0,0 +1,13 @@ + + +Vadim Kurland Main author: GUI, iptables compiler + +Vadim Zaliva libfwbuilder API design; + XML DTD design; + XML data storage implementation; + implementation of printing + + + + + diff --git a/doc/COPYING b/doc/COPYING new file mode 100644 index 000000000..d60c31a97 --- /dev/null +++ b/doc/COPYING @@ -0,0 +1,340 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. diff --git a/doc/ChangeLog b/doc/ChangeLog new file mode 100644 index 000000000..6d1651631 --- /dev/null +++ b/doc/ChangeLog @@ -0,0 +1,5553 @@ +2007-12-13 vadim + + * linux24.xml.in: working on bug #1850352: "Install script wrongly + completes successful". Added more checks to the installer + scriptlet to make it properly terminate with non-zero error code + if iptables-restore returned error. Previously "echo" in the end + of the generated masked error code returned by iptables-restore + and made the GUI report successfull install even when it + terminated with an error. Also added test for the presence of + pkill on the system so that the script does not try to run it if + it is not available. + + * platforms.cpp (list): applied patch #1850368: 'PF 3.7 has + support for "set skip on"'. Patch by tomjudge@users.sourceforge.net + extends support for "set skip on" option to pf 3.7. + + * platforms.cpp (isDefaultPolicyRuleOptions): fixed bug #1850346: + "GUI has 2 views on which actions should be stateless". Even + though GUI made rules with action Route stateful by default, code + that determined if combination of options of a given policy rules + was default thought these rules should be stateless. + + * ipt.cpp: Applied patch 1835308: "Patch for adding "-q" option to + fwb_ipt". Option "-q" suppresses timestamp that is normally + included in the generated script. This way, if no objects or rules + changed in the firewall builder, generated script will be exactly + the same. Timestamps made generated script different even if + nothing really changed in the objects, which made external version + control systems detect changes when there were none. + + * PolicyCompiler_PrintRule.cpp (PrintRule::_printOptionalGlobalRules): + fixed bug 1848204: "ULOG-Setting ignored for invalid packets", + applied patch #1848609 provided by reporter. Code that matched and + logged packets in state INVALID always used target LOG, which was + a problem for iptables installations that only come with target + ULOG. + + * tcpservicedialog_q.ui: patch #1849500: "tooltip patch for + tcpservicedialog_q.ui". Additional tooltips in the TCP Service + dialog to explain function of tcp flags masks and settings. + +2007-12-12 vadim + + * ipt.cpp: fixed bug #1849328: "iptables restore unusable in + 2.1.15". This bug was introduced by the change for the bug + 1812295. If option "use iptables-restore to activate policy" is + on, we always generate script that prints iptables commands using + echo and sends them to the input of iptables-restore via pipe. + + * VERSION (FWB_MICRO_VERSION): begin v2.1.16 + +2007-12-08 vadim + + * PolicyCompiler_pf_writers.cpp (PrintRule::processNext): fixed + bug #1821576: "Rule option tracking gives inavlid config with + default value". Compiler should skip max-src-nodes when it is set + to default '0' in the GUI. + + * Added Brazilian Portuguese translation by Jose Carlos Medeiros + + +2007-11-25 vadim + + * Starting with build 320 Windows packages install on Vista + +2007-11-15 vadim + + * FWObjectDropArea.cpp (FWObjectDropArea::paintEvent): more fixes + for bug #1826558: need to fill background rectangle in "object + drop" widget for search. + + * RuleSetView.cpp (RuleSetView::paintCell): more fixes for bug + #1826558: need to fill background rectangle in action, options and + comment columns. + +2007-11-14 vadim + + * RuleSetView.cpp (RuleSetView::paintCell): fixed bug #1826558: + "OSX 10.5 font problem". This problem appeared only in Mac OS X + Leoprard (10.5) build, other platforms were unaffected. + +2007-11-02 vadim + + * instDialog.cpp (instDialog::installSelected): previous fix for + the bug #1811781: "Batch Install" was insufficient. Needed to + clear altAddress input field in the install options dialog in case + of the batch install. + +2007-10-28 vadim + + * PolicyCompiler_ipt.cpp (PolicyCompiler_ipt::createPrintRuleProcessor): + fixed bug #1812295: "Can't use runtime address tables AND + iptabels-restore". Script generated by fwb_ipt used "here + document" if the option "use iptables-restore to activate policy" + was turned on. This did not work in case policy used any tun-time + address table objects. Now generated script always uses "echo" to + generate iptables commands that it sends to th standard input of + iptables-restore. + + * instDialog.cpp (instDialog::doInstallPage): fixed bug #1811781: + "Batch Install". Built-in installer used address of the first + firewall of the batch to communicate with all firewalls in the + "batch install" mode. + + * PolicyCompiler_pf.cpp (PolicyCompiler_pf::addDefaultPolicyRule): + fixed bug #1800875 "'keep state' missing from pass out going + traffic rule". Compilers for pf, ipf and ipfw were affected. + + * pix_os.xml.in: fixed bug #1816798: "Installing policy on PIX 501 + fails". Command "terminal pager " is valid only for PIX 7.x and + caused error while installing policy on PIX 6.3. Removed this + command from the install sequence, it was not essential. + +2007-10-06 vadim + + * ipfAdvancedDialog.cpp (ipfAdvancedDialog::ipfAdvancedDialog): + applied patch by to add support for + Kerberos rcmd and Kerberos ekshell proxies in ipfilter NAT rules. + + * VERSION (FWB_MICRO_VERSION): begin v2.1.15 + +2007-09-10 vadim + + * 2.1.14 release + +2007-09-08 vadim + + * configure.in: patch by Carlos Silva to add + third parameter to AC_DEFINE_UNQUOTED + +2007-08-25 vadim + + * RuleOptionsDialog.cpp (RuleOptionsDialog::loadFWObject): fixed + bug #1764971: "allowed value range for burst limit". Iptables + "--limit-burst" option should not be limited in the GUI. + + * instDialog.cpp (instDialog::continueRun): fixed bug #1772722: + "installer should recognize when it uses plink 0.60". We detect + when installer uses plink on Windows by checking the name of the + configured ssh client. The check should be case-insensitive. + +2007-08-06 vadim + + * configure.in: applied patch by Carlos Silva to + make configure.in use ANTLR C++ run-time installed on the system + if it can find one; otherwise it uses copy in src/antlr + +2007-08-05 vadim + + * IPTImporter.cpp: fixed bug (no num): importer for iptables + should properly assign rule options when it finds "-m limit" and + "--limit" options in the input file. + + * IPTImporter.cpp: added a workaround for a situation when several + iptables commands pass control to the same user-define chaine in + the iptables-save file. As of fwbuilder v2.1, branch ruleset is a + child object of PolicyRule. This means two different rules can not + point at the same branch ruleset. This is unfortunate but it is + hard to fix in the current version because it requires changes XML + DTD and API. Will do this in 3.0. Meanwhile, checking if branch + ruleset with requested name already exists and change the name by + adding suffix '1', '2' etc to make it different. Imported rule is + marked as 'bad' (red background) and gets a comment explaining this. + + * iptables.g (tcp_flags_list): fixed bug #1764988: "iptables + import -> GUI crash": syntax for TCP flag matching in + iptables-save should allow for more than 2 flags in 'comp' part + + * iptables.g (target_options): added missing supprot for + "--log-tcp-sequence", "--log-tcp-options" and "--log-ip-options" + options for target LOG to iptables policy importer + + * iptables.g (protocol_word): fixed bug (no num): iptables policy + importer should properly parse numeric protocol + specification (e.g. "-p 47"). + + * Importer.cpp (Importer::getTCPService): fixed bug #1764988: + "iptables import -> GUI crash": iptables policy importer + recognizes and parses TCP flag parameters ALL and NONE + + * IPTImporter.cpp (IPTImporter::pushPolicyRule): fixed bug + #1764988: "iptables import -> GUI crash": iptables policy importer + recognizes and parses target RETURN + +2007-08-01 Vadim + + * FirewallDialog.cpp: fixed bug reported in Debian Bug report + #417685 - added missing #include to make code + compile with gcc 4.3 + + * fixed bug #1761373: "libfwbuilder doesn't build on Mandriva + cooker". Applied fixes to make the code compile with gcc 4.2 + + * VERSION: started 2.1.14 + +2007-07-18 vadim + + * PolicyCompiler_ipt.cpp (InterfaceAndDirection::processNext): + compiler permits setting direction in the rule while interface + field is "All". This generates iptables command in chain INPUT or + OUTPUT with "-i +" or "-o +" interface specification to match all + interfaces. + +2007-07-14 vadim + + * platforms.cpp (isDefaultPolicyRuleOptions): platform "iosacl" + does not have any rule options at this time; making sure we never + show an icon indicating non-default options. + + * templates.xml: added simple template for Cisco router 36xx + + * pf.cpp (main): Added support for "set skip on " command + for PF. If an interface is marked as "unprotected" in the GUI, + compiler generates this command for it. This is useful for loopback + or other virtual interfaces. + + * PolicyCompiler_pf_writers.cpp (PrintRule::processNext): better + compliance with PF 4.x. Feature Req. #1679793: "add 'no state' and + 'flags any'". If version is set to 4.x, compiler skips "flags S/SA + keep state" for rules mathcing tcp services. However, according to + the section "1.2. Operational changes" in PF FAQ at + http://www.openbsd.org/faq/upgrade41.html , there should be a way + to add "keep state" explicitly for rules on interface enc0. Added + this option to the rule options dialog. + + * pf.cpp (main): implemented support for PF limit options + "src-nodes", "tables" and "table-entries". Feature Req. #1674919: + "Support "set limit table-entries"" + + +2007-07-12 vadim + + * SSHSession.cpp: More key caching request and other messages for + wider variety of ssh clients. + + * SSHPIX.cpp (SSHPIX::stateMachine): fixed bug #1753188: "policy + activation fails on PIX and IOS". Installer failed if account used + to authenticate to the router or PIX went straight to 'enable' + mode after login. + +2007-07-07 vadim + + * PolicyCompiler_pf_writers.cpp (PrintRule::_printLogging): fixed + bug #1747828: "anchors generation - "log" not supported". "Log" + keyword is not allowed in "anchor" rules; compiler should not + generate it even if user turned logging on in a rule with action + 'Branch' + + * PolicyCompiler_ipt.cpp (checkForRestoreMarkInOutput::processNext): + fixed bug #1747332: "missing CONNMARK/ restore mark in Output Chain" + + * PolicyCompiler_PrintRule.cpp (PrintRule::_flushAndSetDefaultPolicy): + fixed bug #1746257: "fwbuilder breaks IPv6". Added an option to + the firewall settings dialog for iptables that controls whether + compiler should skip generation of the code to set default policy + of all ipv6 chains to DROP. This option is off by default, that is + compiler puts the code in. This helps maintain backwards + compatibility with old data files that do not have this option, + which is equivalent to this option being "off". + +2007-07-06 vadim + + * ObjectManipulator.cpp (ObjectManipulator::unlockObject): fixed + bug #1743117: "crash while editing any". Added check, user should + not be able to unlock Standard objects library + + * FWObject.cpp (FWObject::shallowDuplicate): fixed bug #1740766: + "lock not saved". This method now copies the value of "ro" + attribute (read-only). Clear it in the caller if + neccessary. Method duplicate() clears it after calling + shallowDuplicate in order to be able to modify the object, then + restores this attribute to its original value. + +2007-06-23 vadim + + * v2.1.12 release + + * iptables.g (target_options): parser for iptables is aware of + "--set-tos" target option. Even though fwbuilder does not support + target TOS, importer should be able to import policy that uses it + without crashing. + +2007-06-20 vadim + + * FWWindowPrint.cpp (printFirewall): fixed bug #1739373: "FWB2111, + register Routing not printed". Tab "Routing" was not included in + the printed copy of firewall policies. + + * NATCompiler_pf.h: fixed bug #1740545: "AddressTable in NAT + section". Policy compiler for PF crashed if AddressTable object + was used in TDst element of a NAT rule. + +2007-06-17 vadim + + * instDialog.cpp (instDialog::initiateCopy): fixed bug (no number) + where installer failed to properly copy .fwb file over to the + firewall if file name contained whitespace + +2007-06-16 vadim + + * instDialog.cpp (instDialog::prepareInstallerOptions): discovered + and fixed bug in the installer: if management interface of the + firewall is dynamic (i.e. had no IP address) and address of the + firewall was given in the "Installer" tab of the firewall object + dialog, installer failed to copy it to the instOptionsDialog and + filled corresponding entry field with 0.0.0.0 + + * OSConfigurator_linux24.cpp + (OSConfigurator_linux24::printShellFunctions): fixed bug 1737733: + "install script doesn't detect BROADCAST if eth is NO-CARRIER". + If firewall script runs before network interface comes up (i.e. is + still in NO-CARRIER state), script failed to add virtual addresses + for NAT. + +2007-06-13 vadim + + * ActionsDialog.cpp (registerOption): after changes made in the + compiler to simplify algorithm used to decide which chain a rule + with action Tag should go to, rule action option "Mark connections + in PREROUTING chain" ( "ipt_mark_prerouting" ) has been + deprecated. + +2007-06-12 vadim + + * FWWindow.cpp (FWWindow::reopenFirewall): Added platform + capability element "supports_nat" - if True, platform supports NAT + rules so the main window should show tab "NAT" in the policy + view. If this parameter is False, the tab disappears. + + * DiscoveryDruid.cpp (DiscoveryDruid::DiscoveryDruid): added main + menu item "File -> Import Policy" that activates Discovery Druid + and opens it on the page where user can choose configuration file + for import. + +2007-06-09 vadim + + * PolicyCompiler_PrintRule.cpp (PrintRule::_flushAndSetDefaultPolicy): + fixed bug #1711595: "ip6tables DROPs". Compiler adds rules to + permit any-to-any on loopback interface for ipv6 in addition to + rules that set default policy to DROP for all chains in ipv6 + +2007-06-06 vadim + + * antlr.pro: Added ANTLR C++ runtime to the project under src/antlr + +2007-06-05 vadim + + * PolicyCompiler_ipt.cpp (setChainPreroutingForTag::processNext): + streamlined algorithm that assigns chain to a rule with action + Tag. The goal is to always use chain PREROUTING for rules with + direction Inbound or Both and a combination of OUTPUT and + POSTROUTING for rules with direction Outbound and Both. + + +2007-06-02 vadim + + * DiscoveryDruid.cpp (DiscoveryDruid::importPlatformChanged): + finalized rule importer GUI. + +2007-06-01 vadim + + * IPTImporter.cpp (IPTImporter::pushNATRule): NAT import now works + +2007-05-30 vadim + + * pf.cpp (main): fixed bug #1727715: "Policy Installer failed but + indicates succes". Activation script for PF exits with non-zero + return code if script activation fails. + + * IPTImporter.cpp (IPTImporter::addSrv): import of target MARK and + TagService for iptables + + * IPTImporter.cpp (IPTImporter::pushRule): support for module + "limit" in importer for iptables + +2007-05-29 vadim + + * IPTImporter.cpp (IPTImporter::pushRule): meaningful import of + iptables-restore files with all actions for filter table. Action + "Continue" helps import iptables commands with targets LOG and + ULOG. + + * PolicyCompiler_ipt.cpp (PolicyCompiler_ipt::compile): Added + support for action "Continue" (an empty action) in the GUI and + compiler for iptables. This action creates a rule that does + nothing, however it generates iptables command with target "-j + LOG" if logging is turned on. This can be useful if one wants only + to log packets that match certain pattern but not make any policy + decision in the same rule. + +2007-05-28 vadim + + * IPTImporter.cpp (IPTImporter::pushRule): basic iptables-restore + import works (only policy rules, only minimal set of modules) + +2007-05-27 vadim + + * IPTImporter.cpp: initial work on iptables importer + + * OSConfigurator_linux24.cpp + (OSConfigurator_linux24::generateCodeForProtocolHandlers): Fixed + bug in the shell code that finds netfilter modules (missing + closing '"'). This bug broke generated iptables script. Bug was + introduced in 2.1.12 some time before build 270 + +2007-05-25 vadim + + * iosacl.g (vlan): ignore "vlan" commands while importing IOS + config + + * IOSImporter.cpp (IOSImporter::finalize): IOS accesslists + importer properly handles situation when the same list is applied + to multiple interfaces with different directions. + +2007-05-22 vadim + + * run-tests.sh: simple framework for automated unit tests + + * importer_test.cpp: unit test for Cisco IOS access lists + importer + + * IOSImporter.cpp (IOSImporter::finalize): IOS access lists + importer works with a large complex test file. Test can be + imported and then compiled with no manual changes. + + * PolicyCompiler_ipt.cpp (InterfacePolicyRulesWithOptimization): + allow for object group in "Interface" rule element + +2007-05-21 vadim + + * DiscoveryDruid.cpp (DiscoveryDruid::loadDataFromImporter): + finished configuration importer GUI + +2007-05-16 vadim + + * RoutingCompiler_ipt_writers.cpp: fixed bug #1718791: "Bug with + more than one router". This bug affected routing rules. + + * OSConfigurator_linux24.cpp (OSConfigurator_linux24::generateCodeForProtocolHandlers): + fixed bug #1720022: "Fail to load modules .ko.gz". + + * MangleTableCompiler_ipt.cpp (keepMangleTableRules::processNext): + fixed bug #1720480: '"-A POSTROUTING -i interface" in branching + rules'. Compiler should not generate iptables commands in + POSTROUTING chain with "-i interface" clause. + +2007-05-15 vadim + + * DiscoveryDruid.cpp (DiscoveryDruid::importConfig): basic GUI + support for the configuration importer + + * IOSImporter.h (class IOSImporter): derived class - importer for + Cisco IOS ACLs + + * Importer.h: generalized policy importer framework. Requires + grammar for each platform. + + * iosacl.g: ANTLR grammar for IOS ACLs. Only "access-list ", "ip + access-list extended" and certain "interface" commands cam be + parsed + +2007-05-11 vadim + + * SSHSession.cpp (SSHSession::readFromStdout): note about + built-in installer on windows. Installer seems to have broke with + upgrade of QT to 3.3.8. Specifically, in + SSHSession::readFromStdout(), proc->readStdout() returns a byte + array that contains actual output from the device, with some + garbage appeneded to it. The garbage is included in the size() + count of QByteArray returned by readStdout so it gets included + into the QString which we append to stdoutBuffer. This happens + only on win32; reverting to QT 3.3.7 fixes the problem. + + +2007-05-10 vadim + + * SSHPIX.cpp (SSHPIX::stateMachine): implemented support for + scheduled reload for PIX firewalls (for roll-back). + + * instOptionsDialog.cpp (instOptionsDialog::instOptionsDialog): + PIX and Cisco routers (IOS) : built-in installer can schedule + reboot of the firewall before activating new policy, then cancel + it if the policy has been activated successfully. + + * instOptionsDialog.cpp (instOptionsDialog::instOptionsDialog): + fixed long-standing problem with size of the built-in installer + options dialog. The dialog was too big and did not properly resize + itself when some options were hidden. + + * SSHIOS.cpp (SSHIOS::stateMachine): installer for Cisco routers + +2007-05-09 vadim + + * InterfaceDialog.cpp (InterfaceDialog::loadFWObject): added + support for the new attribute "unprotected" for the Interface + object in the GUI. Compilers skip this interface while assigning + ACLs or policy rules to interfaces. This is supported only in the + compiler for Cisco IOS ACLs at this time. + +2007-05-08 vadim + + * iosAdvancedDialog.cpp (iosAdvancedDialog::iosAdvancedDialog): + Added dialogs and resource files for Cisco IOS ACLs + +2007-05-07 vadim + + * RuleSetView.cpp (RuleSetView::changeAction): setting option + "stateless" appropriately when new rule is created. + + * objects_init.xml: added object "All TCP established" - a tcp + object with open port range and flag "established" + + * PolicyCompiler_ipf.cpp (PolicyCompiler_ipf::compile): using rule + processor CheckForTCPEstablished in compilers for iptables, ipf + and pf to check for TCP service objects with flag + "established". This is considered an error because these platforms + do not provide support for "established". + + * PolicyCompiler_ipfw_writers.cpp (PrintRule::processNext): using + new TCPService object flag "established" in compiler for ipfw. + + * PolicyCompiler_ipf.cpp (doSrcNegation::processNext) and + PolicyCompiler_ipfw.cpp: rules created for negation with action + 'Continue' should be stateless. + + * PolicyCompiler_ipt.cpp (Branching::expandBranch): fixed bug (no + number): compiler used to not set unique internal id for rules in + branches, which lead to chain names like 'C.0' in generated + script. + + * PolicyCompiler_PrintRule.cpp (PrintRule::_printLogPrefix): fixed + bug (no number): when a rule number is inserted into a log record + in place of macro %N, it should be formatted as "N/M" for rules in + a branch. + + * PolicyCompiler_ipt.cpp (decideOnChainForClassify::processNext): + fixed bug (no number): setting chain for Classify action only if + it has not been set before. Setting chain to POSTROUTING always + broke things if a rule with action 'Classify' was used in a + branch (so the chain has been set to that of the branch) + + * RuleSetView.cpp (RuleSetView::changeAction): working on bugs + #1676635: "no way to match on state if the action is drop" and + #1671910: "2.1.8 In 'Branch' acton compiler doesn't insert NEW + stanza". Rule option 'stateless' is automatically set when user + changes rule action so it becomes anything except 'Accept', 'Tag' + or 'Route'. This option is also automatically cleared when action + is switched to any of these three actions. The user can override + these default settings by checking or unchecking the option in the + rule options dialog. + + * PolicyCompiler_PrintRule.cpp: working on bugs #1676635: "no way + to match on state if the action is drop" and #1671910: "2.1.8 In + 'Branch' acton compiler doesn't insert NEW stanza". Rely only on + rule option 'stateless' to decide whether the rule should have + "-m state --state NEW". + +2007-05-06 vadim + + * v2.1.12 started + +2007-04-28 vadim + + * v2.1.11 release + +2007-04-24 vadim + + * SSHUnx.cpp (SSHUnx::SSHUnx): fixed bug #1702830: "fwbuilder does + not detect errors during policy install". Built-in installer + detects error messages printed by iptables and iptables-restore + and aborts installation process. Summary page shown in the end + reflects this as failed install. + + * instOptionsDialog.cpp (instOptionsDialog::updateRollback): fixed + bug #1701971: "Enabeling test mode doent activate the reboot + interval". Checking "Test mode" checkbox in the installer options + dialog should enable widgets that configure automatic reboot + timeout. + + +2007-04-23 vadim + + * PolicyCompiler_PrintRule.cpp (PrintRule::_printModules): bug + #1699483: "hashlimit-htable-expire not set". Compiler + automatically generates name for the --hashlimit-name option if it + is not set in the GUI. + + * PolicyCompiler_ipt.cpp (TagIfSrcFw::processNext): fixed bug + #1703954: "Mark target in postrouting chain". Packets that + originate on the firewall should be marked in the OUTPUT + chain. According to the netfilter packet flow diagram at + http://www.shorewall.net/NetfilterOverview.html , rerouting + happens after OUTPUT hook but before POSTROUTING hook. + + * FWBTree.cpp (FWBTree::isSystem): fixed bug #1703595: "build 230 + crashes when seaching for a deleted object" + + +2007-04-13 vadim + + * PolicyCompiler_PrintRule.cpp (PrintRule::_printModules): fixed + bug 1699483: "hashlimit-htable-expire not set". Added GUI controls + and compiler support for hashlimit module options + "--hashlimit-name", "--hashlimit-htable-size", + "--hashlimit-htable-max", "--hashlimit-htable-expire" and + "--hashlimit-htable-gcinterval" + + * OSConfigurator_linux24.cpp (linux24::generateCodeForProtocolHandlers): + fixed bug #1697832: "fc5 kernel 2.6.20 moved *conntrack* modules". + Starting with kernel 2.6.20, netfilter installs *conntrack* + modules in "/lib/modules/`uname -r`/kernel/net/netfilter/" rather + than "/lib/modules/`uname + -r`/kernel/net/ipv4/netfilter/". Modified shell code that finds + and loads all "*conntrack*" and "*nat*" modules, it should now + work with both old and new kernels. + + I do not know if this directory change was introduced only by + Fedora or it is general for the netfilter. + + * TCPServiceDialog.cpp (TCPServiceDialog::validate): fixed bug + #1695481: "compliation error with lower end port". Before, user + could enter start port range number greater than the end port + range number. Neither the GUI nor compiler noticed this, which + resulted in the incorrect firewall configuration. This fix adds + check in the GUI to not let the user enter port ranges like that. + +2007-04-03 vadim + + * PolicyCompiler_ipf_writers.cpp (PrintRule::_printWith): fixed + bug #1676845: "lsrr option not compiling" + + * PolicyCompiler_ipf_writers.cpp (PrintRule::_printWith): fixed + bug #1678410: "Ipfilter compiler uses wrong keyword for "fragment"" + + + * utils.cpp (getUserName): fixed bug #1684334: "RCS should use + $LOGNAME when commit" + + * ActionsDialog.cpp (ActionsDialog::loadFWObject): fixed bug + #1692411: "can't set accouting rule name (fwbuilder 2.1.11)" + +2007-03-24 vadim + + * RuleSetView.cpp (RuleSetView::paintCell): fixed bug #1685741: + "GUI crash: click on an empty part of obj tree, then desktop" + +2007-03-21 vadim + + * ObjectTreeView.cpp (ObjectTreeView::focusOutEvent): working on + the bug #1685741: "GUI crash: click on an empty part of obj tree, + then desktop" + +2007-03-18 vadim + + * InterfaceDialog.cpp (InterfaceDialog::loadFWObject): minor + redesign of the interface object dialog to make network zone more + prominent and easier to set when network and group objects have + long names. + +2007-03-13 vadim + + * PolicyCompiler_pf_writers.cpp (PrintRule::processNext): fixed + bug #1674940: "if max-src-conn == 0: syntax error". Options + max-src-conn and max-src-states can not have value '0' + + * TimeDialog.cpp (TimeDialog::loadFWObject): redesigned TimeService + object dialog + + * PolicyCompiler_PrintRule.cpp (PrintRule::_printTimeInterval): + fixed bug #1672191: "Time limit generates unexpected iptables + command" + + * PolicyCompiler_PrintRule.cpp (PrintRule::_printTimeInterval): + Added support for --datestart and --datestop options for module + 'time' in compiler for iptables + + * started v2.1.11 + +2007-02-17 vadim + + * RuleSetView.cpp (RuleSetView::findWhereUsedSlot): added an item + "Where used" to the context menu associated with objects in rules + + * FWWindow.cpp (FWWindow::setPolicyBranchTabName): a workaround + for the bug 1629461: "Policy tabs do not scroll @ window extent on + OSX". The tab widget used to show policy, nat, routing and policy + branch rulesets does not switch to a "folded" mode on Mac OS X + when it needs to show more tabs that fit in the window. Since I + can't figure out a way to force it to do that, I am dropping + "Policy/" from the tab titles for branches to make them + shorter. This will help users with policies with many branches, + however it does not solve the problem because as they keep adding + branches, at some point they won't fit in the window again. + +2007-02-15 vadim + + * FWWindow.cpp (FWWindow::fileCompare): fixed bug #1659832: "No + compile with QT without STL support" + + * instDialog.cpp (instDialog::initiateCopy): fixed bug #1661140: + "built-in installer broken in 2.1.9 for PF". Installer incorrectly + set name for files it copied to the firewall if compiler generated + more than one file. Normally two files are generated for PF and + ipfilter. + + * v2.1.10 started + +2007-02-10 vadim + + * v2.1.9 release + + * main.cpp (tty_raw): bug #1650369: "[patch] please add support + for GNU/kFreeBSD". Applied patch to make code compile on kFreeBSD. + +2007-02-03 vadim + + * listOfLibraries.cpp (list): fixed bug #1620284: "conflict when + adding library to Preferences/Libraries". When the user tried to + add a library to the list in Preferemces/Libraries when a data + file with the same object library was loaded, the GUI detected the + conflict and showed error dialog. + + * FWWindow.cpp (FWWindow::fileCompare): New feature: new operation + "Tools/Find Conflicting Objects in Two Data Files". This operation + inspects two data files (either .fwb or .fwl) and finds + conflicting objects. Conflicting objects have the same internal ID + but different attributes. Two data files can not be merged, or one + imported into another, if they contain such objects. This + operation also helps identify changes made to objects in two + copies of the same data file. This operation does not find objects + present in one file but not in the other, such objects present no + problem for merge or import operations. This operation works with + two external files, neither of which needs to be opened in the + program. Currently opened data file is not affected by this + operation and objects in the tree do not change. In the process of + this operation user is presented with series of dialogs showing + conflicting objects side by side. In the end the program can + generate report and write it to a text file. + +2007-01-30 vadim + + * instDialog.cpp (instDialog::initiateCopy): more for the bug + #1617501:"Install fails after compile". Making sure we always + strip directory path from the file name if user specified full + path for the policy file in the "Output file name" input field in + the "Compiler" tab of firewall object dialog. Need to strip path + when macro "%FWSCRIPT%" is substituted in installation scriptlets + and in some other places. + +2007-01-15 vadim + + * OSConfigurator_linux24.cpp (linux24::printRunTimeWrappers): + fixed bug (no num.): data files used for run-time AddressTable + objects can have empty lines, the script should skip them. + +2007-01-14 vadim + + * iptAdvancedDialog.cpp (iptAdvancedDialog::iptAdvancedDialog): + more for bug #1618381: "CLASSIFY/MARK are non-terminating". + Emulation of the terminating behavior for Classify and Tag actions + is now controlled by a global option in the "Compiler" tab of the + firewall properties dialog. This means emulation can be turned on + and off for all rules that might require it at once. It is + impossible to mix such rules with terminating and non-termninating + behavior. The reason for this is that shadowing detection + algorithm can only work with either terminating or non-terminating + rules, not with the mix. Hopefully this is the last change made + for this bug. + + * PolicyCompiler_ipt.cpp (ipt::getAddressTableVarName): fixed bug + #1632054: "Runtime AddressObjects FAIL to load if "Name:" contains + "."". Compiler checks if the name of the run-time AddressTable + object contains characters that have special meaning in sheel and + relaces them with '_' when it generates the name of the temporary + shell variable. + + * PolicyCompiler_ipt.cpp (splitNonTerminatingTargets): update for + bug #1618381: "CLASSIFY/MARK are non-terminating". Adding iptables + rule with target ACCEPT to make Tag and Classify rules + terminating. This is controlled by checkbox in the action dialog + for actions Classify and Tag. Default setting is off. + +2007-01-09 vadim + + * FWWindow.cpp (FWWindow::scheduleRuleSetRedraw): fixed bug (no + num.): GUI used show fanthom 'Policy', 'NAT' and 'Routing' tabs + when user deleted objects from the Deleted Objects library, + provided some of these objects were previously deleted firewalls. + +2007-01-07 vadim + + * GroupObjectDialog.cpp (GroupObjectDialog::dropped): fixed bug + #1624577: "group window doesn't stay open on multiple-adds". Using + special flag to tell ObjectTreeView that it should ignore + MouseReleaseEvent it gets after d&d operation, so it wont switch + object in the editor panel. Note the bug triggered only on Mac OS + X. + + * FWWindow.cpp (FWWindow::FWWindow): "Apply" and "Close" buttons + in the objct editor panel should be of fixed size horizontally + +2007-01-06 vadim + + * instDialog.cpp (instDialog::testFirewall): fixed bug + #1617501:"Install fails after compile". The GUI got confused when + user enter full path to the policy file in the "Output file name" + input field in the "Compiler" tab of firewall object dialog. + + * SimpleTextEditor.cpp (SimpleTextEditor::loadFromFile): fixed bug + 1619930: "Prolog tab's ScriptEditor's import fails to overwrite" + + * OSConfigurator_linux24.cpp (linux24::printRunTimeWrappers): + fixed bug #1628989: "run-time-loaded rules don't accept ";" as + line comment" + + * RuleOptionsDialog.cpp (RuleOptionsDialog::changed): fixed bug + #1620206: "RuleOptions' "Apply" button greyed-out until menu + selection" + + * SimpleTextEditor.cpp (SimpleTextEditor::SimpleTextEditor): fixed + bug #1619842: "prolog "script editor" opens behind other windows" + + * RuleSetView.cpp (RuleSetView::removeRule): fixed bug #1629521: + "can't delete empty chain/policy tab" + + * instOptionsDialog.cpp (instOptionsDialog::hidePIXOptions): + installOptionsDialog was too large and did not fit on some laptop + screens. Doing tricks to make sure the dialog properly resized + after unused GUI elements are hidden. + + +2007-01-04 vadim + + * PolicyCompiler.cpp (DetectShadowingForNonTerminatingRules::processNext): + (API change) + fixed bug #1618381: "CLASSIFY/MARK are non-terminating". Non-terminating + rules shadow each other "backwards", that is more general rule + shadows other rules _above_ it. Added flag 'reverse' to the method + find_more_general_rule and added new rule processor + DetectShadowingForNonTerminatingRules that finds such cases of + 'reverse' shadowing. Using it for rules in the mangle table for iptables. + + + * PolicyCompiler_ipt.cpp (finalizeChain::processNext): working on + bug #1618381 + + * For action Branch with option to add branching rule to the + mangle table: we now generate rules in PREROUTING, POSTROUTING, + INPUT, OUTPUT and FORWARD chains. This is because some targets + can only work in PREROUTING or POSTROUTING chains but we do not + know what rules will user put in the branch. So we need to branch + in all chains + + * For rules in mangle table with direction set to Inbound or + Outbound force chain to PREROUTING or POSTROUTING respectively + early. This eliminates duplicates such as the same rule in + PREROUTING and INPUT chains. Also since most (all?) targets that + require mangle table go into either PREROUTING or POSTROUTING + chains, it should be enough to use these two chains. + +2007-01-01 vadim + + + * ActionsDialog.cpp (ActionsDialog::setRule), + PolicyCompiler_ipt.cpp (splitNonTerminatingTargets::processNext): + working on bug #1618381: "CLASSIFY/MARK are + non-terminating". Converting non-terminating targets MARK and + CLASSIFY into equivalent of terminating targets using intermediate + chain and "-g" option to pass control to it. Added a checkbox to + the rule options dialog for action Classify for this, by default + this feature is off. + + +2006-12-27 vadim + + * Compiler.cpp (Compiler::expandGroupsInRuleElement): fixed bug + #1620925: "compile-time AddressTable object with empty file". + Compile-time AddressTable object that uses file with no addresses + should be treated as an empty group according to the "Ignore empty + groups" option. Changes are made as follows: + + - Compiler::expandGroupsInRuleElement does not call + s->setAnyElement(); to set rule element to 'any' before adding + addresses from the group. This means that if group is empty, rule + element remains empty (not even 'any', just with no children, + i.e. with size()==0). Note that AddressTable::loadFromSource() + leaves AddressTable object empty if the file does not have any + addresses. + + - Compiler::emptyGroupsInRE specifically checks for run-time + MultiAddress objects and skips them so they wont be treated as + empty groups (since they are indeed empty). Compile-time + MultiAddress objects are treated as groups and algorithm that + depends on option 'ignore empty groups' is executed for both empty + regular groups and empty compile-time MultiAddress objects. + + * PolicyCompiler_ipt_optimizer.cpp (optimize1::optimizeForRuleElement): + fixed bug #1623113: 'connlimit fails in compiled "address table" rules' + Module connlimit can only be used in iptables rules matching TCP services. + Such iptables commands have "-p tcp" and/or "-m tcp" options. If + a rule in fwbuilder uses TCP Service and connlimit option and has + multiple objects in src and dst, optimizer used to split it to minimize + matches. It however preserved connlimit option in all subrules, + even though some of them did not have TCP service after the split. This + lead to generation of incorrect iptables commands. + + * PolicyCompiler_ipt.cpp (Branching::expandBranch): fixed bug + #1623338: "Can not disable rules in a branch". Compiler for + iptables ignored flag 'disabled' on rules in a branch. + +2006-12-26 vadim + + * VERSION (FWB_MICRO_VERSION): set version to 2.1.9 + +2006-12-03 vadim + + * v2.1.8 released + +2006-11-30 vadim + + * FirewallDialog.cpp (FirewallDialog::applyChanges): fixed bug + #1589743: "compiler setting should be erased when fw platform + changes". If user configured firewall object to use thrid-party + compiler, this setting should be erased when firewall platform of + this object changes. 1) compilers are always platform-specific and + old compiler most likely won't work with different platform; 2) + 'advanced' firewall settings dialog may not have an entry field + for the compiler (e.g. dialog for PIX does not have it) + +2006-11-26 vadim + + * gui.pro (TARGET): All binaries are renamed to drop suffix + '21'. Opinion poll amongs the mailing list sbscribers showed + majority of users does not care for the ability to install and run + both old and new versions of fwbuilder on the same machine. This + feature creates substantial problems because of the symlinks to + libfwbuilder libraries that have the same name regardless of the + library version ('libfwbuilder.so' and 'libfwcompiler.so'). These + symlinks are required on Linux and *BSD and can not be avoided + easily. The only simple alternative was to rename libraries to + libfwbuilder21 and libfwcompiler21. I was impartial and thought of + doing this but FreeBSD port maintainer did not like this + solution. Given that most users said in the poll they do not want + this feature anyway, I am reverting binary and man page names back + to the old standard scheme without suffix '21'. + +2006-11-16 vadim + + * FindObjectWidget.cpp (FindObjectWidget::matchAttr): added back + search by regexp - object name or port, protocol or ICMP type + numbers can be defined as regular expressions. + +2006-11-09 vadim + + * PolicyCompiler_PrintRule.cpp (PrintRule::_printDirectionAndInterface): + fixed bug #1593221: "iptables filtering bridge problem - PHYSDEV: + no physdev opti..." Some times rules were generated with "-m + physdev" but witout "--physdev-in" or "--physdev-out" options. + + * PolicyCompiler_ipt.cpp (Branching::expandBranch): fixed bug + #1592130: "Policy Chaining Issues". Policy compiler should expand + rule subsets recursively + + * FWWindow.cpp (FWWindow::addPolicyBranchTab): working on bug + #1592130: "Policy Chaining Issues". The GUI should properly + display nested branch rulesets. + + * set version to 2.1.8 + +2006-10-30 vadim + + * v2.1.7 released + +2006-10-28 vadim + + * RuleSetView.cpp (RuleSetView::paintCell): fixes for QT w/o STL support + +2006-10-24 vadim + + * manually removed from findobjectwidget_q.ui and + findwhereusedwidget_q.ui + + * build 155 + +2006-10-23 vadim + + * platforms.cpp (getRouteOptions_pf_ipf): fixed bug (no num): the + program used to incorrectly save "route option" parameter that is + used for pf anf ipf firewalls when user edited action "Routing" + for iptables firewall. This would corrupt saved XML file if the + program was used under non-English locale. + +2006-10-22 vadim + + * ObjectTreeView.cpp (ObjectTreeView::updateTreeItems): eliminated + useless creation of interim QPixmap objects. It appears this was + responsible for creation of tons of extra pixmaps that triggered + bug 1582130 on windows. + + Bug ##1582130: "GUI crashes on windows when very large data file + is opened" is now fixed. + +2006-10-21 vadim + + * ObjectManipulator.cpp (ObjectManipulator::addTreePage): working + on bug #1582130: "GUI crashes on windows when very large data file + is opened". Using QPixmapCache everywhere. + + * PixmapFactory.cpp (PixmapFactory::getPixmap): bug #1582130 "GUI + crashes on windows when very large data file is opened". Ran into + a known limitation on number of simultaneously created pixmaps on + Windows. If the data file contains over 3000 obects or so, the GUI + crashes on Windows. This is caused by the fact that GDI has global + limit on the number of pixmaps. See here: + http://lists.trolltech.com/qt-interest/2005-01/thread00679-0.html + Using QPixmapCache class to cache and reuse pixmaps, using it via + simple wrapper PixmapFactory that automatically creates pixmaps + not found in the cache. + +2006-10-20 vadim + + * listOfLibraries.cpp (listOfLibraries::listOfLibraries): fixes + for QT w/o STL support on win32 + +2006-10-19 vadim + + * DialogData.cpp (DialogData::loadToWidget): properly using + remapping tables while loading strings into QComboBox when program + runs under international locale. Strings for qomboboxes are + defined in platforms.cpp and need to be translated accordingly. + +2006-10-16 vadim + + * RCSFileDialog.cpp (RCSFileDialog::getSelectedRev): fixed bug + #1578502: "crashing opening file". The GUI crashed if the user + switched "open file" dialog to detailed list mode and then tried + to open a file. + +2006-10-15 vadim + + * PolicyCompiler_pf_writers.cpp (PrintRule::_printAction): All + compilers print error mesage when they encounter unknow action in + a rule + + * Preprocessor.cpp (Preprocessor::convertObject): fixed bug + #1575355: "Compiler tries to resove deleted AddressTable + objects". Using findWhereUsed to find if MultiAddress object is + used in firewall being compiled so we don't try to resolve objects + that are not used anywhere. + + * FWObjectDatabase.cpp (FWObjectDatabase::findObjectsInGroup): + code refactoring: moved methods findObjectsInGroup and + findWhereUsed from the GUI to API. + +2006-10-08 vadim + + * v2.1.6 build 134: major improvements in support for outbound + ACLs in PIX 7.0 in compiler for PIX. Added file + 'v21_migration_notes.txt' to fwbuilder-pix package + +2006-10-07 vadim + + * NATCompiler_PrintRule.cpp (PrintRule::_printDstService): fixed + bug#1572735: "Wrong syntax with TagService in NAT table". Added + mssing "-m mark" + +2006-10-06 vadim + + * PolicyCompiler_ipfw.cpp (SpecialRuleActionsForShadowing::processNext): + rule with action 'Pipe' or 'Custom' should not shadow other rules + + * PolicyCompiler_ipfw_writers.cpp (PrintRule::processNext): + compiler for ipfw generates rule with action check-state depending + on the setting of he option "Add rule to accept packets matching + dynamic rules created for known sessions". This option is + controlled by a checkbox in the firewall settings dialog. + + * TableFactory.cpp (TableFactory::PrintTables): if AddressTable + object is configured to resolve at run time but file name is left + blank, compiler for PF generates PF configuration as follows: + "table persist". That is, it omits 'file "filename"' + clause all together. This is useful if table is updated + automatically using "max-src-conn, overload " option and + does not need to be pre-populated with addresses from a file. + +2006-10-05 vadim + + * pixAdvancedDialog.cpp (pixAdvancedDialog::pixAdvancedDialog): + added option "Generate outbound ACLs" for PIX 7.0 + +2006-10-02 vadim + + * Checking in updated German translation by Hans Peter Dittler + + +2006-09-29 vadim + + * PolicyCompiler_ipt.cpp (ipt::compile): fixed bug #1567873: + "CLASSIFY/Logging". eed to run rule processor + decideOnChainForClassify before rule is split for negation or + logging to properly pick up chain for action Classify. Previously + rules with this action and either negation or logging would match + packets in chains INPUT/OUTPUT/FORWARD but use chain POSTROUTING + when applying action. + +2006-09-28 vadim + + * pf.cpp (main): 'Prolog' section of the generated script can now + be added in different places: + - to the activation shell script, as before + - at the very top of generated .conf file + - after 'set' commands in the generated .conf file + - after 'scrub' commands in the generated .conf file + - after table definitions in the generated .conf file but + before all policy commands + +2006-09-26 vadim + + * checking in updated Russian localization by + +2006-09-21 vadim + + * ObjectManipulator.cpp (ObjectManipulator::deleteObj): fixed bug + #1562965: "no confirmation when deleting an object". In a scenario + when user starts with an emty object tree, then adds a firewall + with an interfaces, then tries to delete the interface, the GUI + would just delete it without presenting the user with "Are you + sure ?" confirmation dialog. + +2006-09-20 vadim + + * PolicyCompiler_ipt.cpp (convertAnyToNotFWForShadowing::processNext): + fixed bug #1562348: "a case of undetected rule shadowing". + Compiler did not detect shadowing in the pair of rules where first + rule was 'any any service' (flag 'firewall is part of any' is ON) + and the second was 'fw any service' when global flag 'firewall is + part of any' is OFF + + * confirmdeleteobjectdialog_q.ui: fixed bug #1561165: "Delete + dialog box sizing incorrect" + + * FWObject.cpp (FWObject::shallowDuplicate): API change: fixed bug + 1562290: "GUI crashes in discovery + druid". FWObject::shallowDuplicate should add to database index + only if dbroot is defined. If dbroot==NULL, trying to copy it from + parameter x of shallowDuplicate (the object we are duplicating), + but need to check if dbroot is != NULL after that as well, because + object we are dulicating may not belong to any object tree. This + is the case with interface objects created in + SNMPQuery::fetchInterfaces + + +2006-09-17 vadim + + * PolicyCompiler_pf_writers.cpp (PrintRule::processNext): feature + request #1531599: "max-src-conn and max-src-conn-rate". Added + support for max-src-conn and max-src-conn-rate options n compiler + for PF. + + * RuleOptionsDialog.cpp (RuleOptionsDialog::loadFWObject): feature + request #1531599: "max-src-conn and max-src-conn-rate". Added GUI + elements to support these PF options. + +2006-09-16 vadim + + * SSHPIX.cpp (SSHPIX::stateMachine): fixed a bug in the code that + deals with previously unseen ssh host key. Properly terminating + session if user hits 'No'; stopping heartbeat timer while waiting + for user input. + + * FWWindow.cpp (FWWindow::install): compile/install wizard is now + a top level non-modal window, it can be used in parallel with the + main window so one can inspect and fix rules while still looking + at the output produced by the compiler, or work with objects and + rules while pushing policy update to the firewall. + +2006-09-15 vadim + + * instDialog.cpp (instDialog::installerError): fixed bug #1559697: + "built-in installer crashes on incorrect password" + +2006-09-14 vadim + + * FWObjectClipboard.h: clipboard holds list of object IDs instead + of object copies. Clearing clipboard when an object is deleted + from the "Deleted objects" library in ObjectManipulator::delObj. + + * FWWindow.cpp (FWWindow::load): calling FWObjectDatabase::reIndex + to fix object reference counters and rebuild the index after + object tree is loaded from .fwb file. Doing the same in all policy + compilers. + + * NATCompiler_pf.cpp (splitForTSrc::processNext): fixed bug + #1556984" "Nat statements in PF are missing (source-natting)" + Compiler was too restrictive checking firewall's interfaces while + generating 'nat' rules. It generated such rule only when it was + able to find an interface with address/netmask combination that + defined subnet to which TSrc address belonged. 2.0.X used to be + more liberal and created nat rule even if such interface was not + found, in such case it generated nat rule bound to all interfaces + of the firewall. + +2006-09-13 vadim + + * ActionsDialog.cpp (ActionsDialog::iptRouteContinueToggled): + fixed bug #1557827: "iptables, routing, iif and continue". GUI + enforces rules on options to iptables target ROUTE: 'continue' is + mutually exclusive with --iif and --tee, therefore checking option + 'Continue packet inspection' disables options 'Change inbound + interface to' and 'Make a copy' (GUI elements are greyed out). + + +2006-09-10 vadim + + * FWWindow.cpp (FWWindow::scheduleRuleSetRedraw): using timer + event to make sure rule sets are redrawn no more than once when + needed. + +2006-09-08 vadim + + * FWWindow.cpp (FWWindow::load): using + FWObjectDatabase::addToIndexRecursive to quickly reindex whole + database once datafile is loaded. This works very fast. + + Fixes everywhere for the new format of FWObjectDatabase::create + + +2006-09-07 vadim + + * FWWindow.cpp (FWWindow::load): improvements in the GUI + ergonomics when working with very large data files: + + - The main window opens before the file specified on the command + line is loaded + + - Using status bar to print messages indicating progress of the + file loading process + + - Enforcing objects indexing after the file is loaded, this + speeds things up later + + * ObjectEditor.cpp (ObjectEditor::actionChanged): fixed bug + #1553394: "Options windows stays the same". + +2006-09-05 vadim + + * FWWindow.cpp (FWWindow::killInstDialog): compile/install dialog + is now not modal, this means the user can look at the policy and + objects while compilation and/or installation is going on. This is + especially convenient as it allows one to inspect the rules after + failed compilation while still having compiler error on screen. + + * VERSION: set version to 2.1.6 + + * configure.in: added check to make sure qmake found by configure + really is part of QT 3.x. This should help avoid build failures on + systems where both QT 3.x and 4.x are installed and where + /usr/bin/qmake is really QT 4.x qmake which we can not use. + +2006-08-31 vadim + + * PolicyCompiler_ipfw.cpp (processMultiAddressObjectsInRE): + checking for (currently unsupported) run-time AddressTable objects + + * All compilers: fixed bug #1544488: 'Error with DNS_name object + when "resolve during run time"'. Needed to swap run-time DNSName + and AddressTable objects with MultiAddressRunTime during rule + shadowing run + +2006-08-29 vadim + + * instDialog.cpp (readFromStdout): properly processing text coming + from the background process if it comes buffered in chunks that + include several lines of text and possibly incomplete last + line. Previously, text would come out werdly formatted in the log + window. + + * instDialog.cpp (processExited): detectig situation when + background process (compiler) crashes or is killed + + * RuleSetView.cpp (fixRulePosition): this method fixes rule + position if it is incorrect (this happens sometimes because of + errors in auto-upgrade transformations). fixRulePosition checks if + object the rule belongs to is read-only or belongs to a read-only + subtree in the database and temporarily breaks the lock in order + to be able to fix rule position. This method is recursive so it + supports cases when several objects between the rule and database + root are read-only. + +2006-08-27 vadim + + * instDialog.cpp (prepareInstallerOptions): Added checkbox 'save + copy of fwb file on the firewall' to the installer options + dialog. If this checkbox is on, installer copies .fwb file to the + firewall before it copies generated configuration and activates + it. This can be used as last resort backup but should be avoided + if firewall is managed from remote workstation and especially if + many firewalls are managed from dedicated management + workstation (because storing fwb file on each firewall means + security policy of all firewalls resides on all every one of them). + This option is off by default. + +2006-08-26 vadim + + * ConfirmDeleteObjectDialog.cpp (findForObject): redesign of the + dialog: now showing objects to be deleted and their parent objects + in the same list with selection disabled. This removes confusion + caused by the text in the dialog saying that 'seletect objects' + were bout to be deleted and ability to select objects in the + confirmation dialog. + +2006-08-20 vadim + + * PolicyCompiler_pf.cpp (fillDirection::processNext): fixed bug + #1543684: "fwb 2.1.5 IPFilter fallback rule issues". Fallback rule + should be 'pass out' if option 'Pass all outgoing' is used. + +2006-08-19 vadim + + * MangleTableCompiler_ipt.cpp (processNext): (new feature): added + checkbox to the action 'Branch' for iptables "In addition to + 'filter', create branching rule in 'mangle' table as well". When + this parameter is activated, compiler creates branching rules in + both filter and mangle tables; in mangle table it always uses + chains PREROUTING, INPUT, OUTPUT and FORWARD. + + * PolicyCompiler_ipt.cpp (processNext): fixed bug #1534423 "2.1.5, + mark action rules in branches". Added checkbox "Mark packets in + PREROUTING chain" to the action "Tag" for iptables. Compiler + places rule into PREROUTING chain when this parameter is + activated. + +2006-08-18 vadim + + * PolicyCompiler_ipt.cpp (compile): working on bug #1534423 + "2.1.5, mark action rules in branches". Branch rules with action + Tag go into mangle table. + +2006-08-17 vadim + + * gui.cw: this file is used by QT to save descriptions of custom + widgets + + * ObjectManipulator.h: added bunch of missing virtual destructors + to various classes + +2006-08-10 Vadim + + * ConfirmDeleteObjectDialog.cpp (ConfirmDeleteObjectDialog): + completed implementation of feature request #1116454: "Where Used + Option". When the user tries to delete an object from the tree, + the GUI presents a list of groups and firewall rules where this + object is used. + +2006-08-09 Vadim + + * instDialog.cpp (findFirewalls): main menu item 'Compile' and + corresponding toolbar button activate compilation/installation for + all firewalls in all libraries. This fixes bug #1531007: "no + firewall in comp/inst dialog if standard library selected" + + * utils.h (findByObjectType): added parameter bool skip_system_libs. + This method will skip libraries DELETED_LIB and TEMPLATE_LIB if this + parameter is true (which is its default value). + +2006-08-08 Vadim + + * ObjectEditor.cpp (validateAndClose): fixed bug (no num.): + "Apply" button in the editor panel would not activate when user + reopened an object after it was edited and then editor panel + closed. + +2006-08-08 Vadim + + * ObjectEditor.cpp (apply): fixed bug #1531020: "gui behaviour on + object renaming". Changing name of the selected object in the + editor updated it in the tree but not in the rule set view. + + * ActionsDialog.cpp (applyChanges): fixed bug #1531008: "gui + behaviour improvements". Gui used to reset rule selection after + user selected different object in the tree. + +2006-08-05 Vadim + + * newFirewallDialog.cpp (newFirewallDialog): fixed bug #1525808: + "fwbuilder21: Windows are too large ". One of the pages of the + firewall creation druid was too large vertically, as the result + whole druid would not fit on screens 1024x768 with standard font + bigger than 18pt + + * FindWhereUsedWidget.h (class FindWhereUsedWidget): Feature + request #1116454: "Where Used Option". Ilya implemented "Find + Where Used" function which quickly finds and shows rules of all + firewalls that utilize a given object. + +2006-07-23 vadim + + * RuleSetView.cpp (copyRule): still debugging problems caused by + QT w/o STL support. Also got rid of methods RuleSetView::isSrc, + isDst, isSrv etc, makes code cleaner cause these methods violated + data access boundaries in the class hierarchy. + +2006-07-22 vadim + + * FWObjectPropertiesFactory.cpp (getPolicyRuleOptions): fixes in + bunch of places where code assumed QT is built with STL support + +2006-07-20 vadim + + * PolicyCompiler_ipt_optimizer.cpp (processNext): checking if + objects in srv are of the type TCPService or UDPService; if they + are, treat srv as if it has one object even if there are several in + it. This eliminates uncessesary rule splitting that optimizer used + to do. + + * PolicyCompiler_ipt.cpp (compile): moved + InterfacePolicyRulesWithOptimization further down the chain of + rule processors to let other processors properly decide on chain + for rules that are associated with multiple interfaces. Such rule + is now treated as if it has one interface, and most of the chain + and target decisions are made before the rule is split. When the + rule is split in InterfacePolicyRulesWithOptimization, each part + gets one interface from the original list. + + * PolicyCompiler_ipt.cpp (SrcNegation): all rule processors that + work with negation reset "Interface" rule element in subrules they + create except for the very first. + + * main.cpp (main): removed plays with styles on Mac, they proved + unnecessary + +2006-07-18 vadim + + * unit_tests.cpp (main): unit test for RCS module, currently only + checks if rlog reading routing works right + + * RCS.cpp (RCS): trying to fix mysterious bug that causes RCS + module to misinterpret RCS log in some cases and read modification + date/time instead of the name of the user who apparently opened + and locked the file. However in cases like that the file in fact + is checked in and unlocked. Instead of reading rlog output line by + line and using regex to parse each line separately, we now read + the output in chunks using '------' as a separator. Each chunk + corresponds to one revision and all regexps are written to work on + the whole chunk instead of one line. + +2006-07-17 vadim + + * RuleSetView.cpp (paintCell): When user selects an object in the + rule set, all references to the same object in other rules are + highlighted by drawing thin red frame around them. Similarly, when + an object is selected in the tree, all references to it in the + currently visible ruleset are similarly highlighted. This helps + enforce the notion that all instances of the object in rules are + really references to the same object, as well as helps locate + these references visually. + +2006-07-12 vadim + + * FWWindow.cpp (exportLibraryTo): user choses libraries for export + using spearate modal dialog instead of built-in panel in the file + choosing dialog in the "File/Export Library" function + +2006-07-11 vadim + + * FWWindow.cpp (FWWindow): FindObjectWidget is not a custom widget + anymore - this is a workaround for QT bug #85440 : + http://www.trolltech.com/developer/task-tracker/index_html?id=85440&method=entry + +2006-07-09 vadim + + * ObjectTreeView.cpp (contentsMouseReleaseEvent): bugfix: the GUI + used to switch object in the editor if user tried to open a + different library and expand/collapse subtree in it. It should not + do this, expading/collapsing subtrees should not cause object + switch in the editor. + +2006-06-30 vadim + + * RuleSetView.cpp (paintCell): highlighting whole table cell for + rule options/actions/directions/etc when corresponding rule + element is selected. + + * Added title bar with icon and object type name to dialog panels + for all object types + +2006-06-25 vadim + + * PrefsDialog.cpp (PrefsDialog): removed "Data format" tab from + the Preferences dialog. Option that turns off saving standard + objects in every users data file was on by default for a long + time, now it is time to remove the GUI control all together. + + * FWBSettings.h: using macro SETTINGS_PATH_PREFIX to define path + prefix for settings. This makes it easier to change the prefix + when new version is introduced + +2006-06-23 vadim + + * DiscoveryDruid.cpp (): using QDns to get host names for + discovered ip addresses instead of our own DNS methods + +2006-06-21 vadim + + * NATCompiler_pf_writers.cpp (_printPort): fixed bug #1509411: + "FWB does not build correct PF RDR port ranges". RDR rules should + support port ranges in the RHS of "->" + + * qmake.inc.in: Passing CXXFLAGS from environment to the build + process. Fedora engineers had to add a hack to their .spec file to + do this, this change makes their hack unnecessary + +2006-06-17 vadim + + * PolicyCompiler_pf_writers.cpp (_printRouteOptions): implemented + spport for action Route for PF + +2006-06-15 vadim + + * ObjectTreeView.cpp (contentsMouseReleaseEvent): fixed selection + of multiple objects in the tree and interaction with editor. + +2006-06-14 vadim + + * PolicyCompiler_ipt.cpp (processNext): implemented support for + action Route for iptables + +2006-06-13 vadim + + * RuleSetView.cpp (openObjectInTree): selecting object in a rule + automatically opens it in the tree (both when editor opened and + when it is closed) + +2006-06-11 vadim + + * FWWindow.cpp (requestEditorOwnership): moved all the logic + controlling switching between objects whith editor open to this + method of FWWindow, this significantly simplifies other + classes. Now we can properly process situations when user opens an + object in a rule, edits it and then tries to open an object in the + tree for editing. This also works in other situations when object + with unsaved changes is opened in the editor and user tries to + switch to another one, possibly in a different panel or + widget. Still need to explore ways to maintain synchronized object + highlighting in the tree and in rules. + +2006-06-06 vadim + + * RuleSetView.cpp (maybeTip): directions are represented only by + icons with no text; added tooltip for directions + + * ObjectEditor.cpp (validateAndSave): cleanup in ObjectEditor + class - reusing method validateAndSave in methods close, + validateAndClose + + * FirewallDialog.cpp (loadFWObject): "snmp" tab of the firewall + object dialog has been deprecated + +2006-06-04 vadim + + * RuleSetView.cpp (revealObjectInTree): change in the GUI + behavior: - selection in the tree and ruleset are mutually + exclusive, that is selecting an object in ruleset turn selection + off in the tree and vice versa. Added menu item "Reveal in tree" + to the context menu that appears when user clicks right mouse + button on an object in ruleset. + + * PolicyCompiler_ipt.cpp (processNext): Added support for CONNMARK + as an option for rules with action Tag. If a checkbox "Mark + connections created by packets that match this rule" in rule + options of a rule with action Tag is checked, compiler adds + iptables command to save mark set by the Tag action into connmark + module, and then adds another command at the beginning of the + policy to restore it. + +2006-06-03 vadim + + * ActionsDialog.cpp (setRule): New rule action: "Route", to be + mapped to ROUTE target for iptables and 'route' option for pf and + ipf + +2006-05-31 vadim + + * RuleSetView.cpp (paintCell): When a group is opened in the + editor, an object can be highlighted there which is different from + the object highlighted in rules. Using alternatie color to + highlight object in rules when user switches keyboard focus to the + editor panel. This helps avoid confusion caused by identical look + of objects highlighted in rules and group view. Currently using + QColorGroup::midlight() to get color for when ruleset widget has + no focus. This is probably incorrect because color should change + when widget's colorGroup() changes from active to normal. Using + midlight color may lead to incorrect results if QT theme does not + define this color properly. + + +2006-05-25 vadim + + * ObjectManipulator.cpp (edit): GUI opens objects in the editor + panel on single mouse click on an object in the tree if editor + panel is opened. If it is closed, click just changes selection in + the tree. Drag and drop works because object is opened in the + editor on mouse release. Similarly, if user navigates in the tree + using keyboard, object is opened in the editor on keyReleased + event. Multiple selection works both by mouse and by keyboard. + +2006-05-20 vadim + + * PolicyCompiler_pf.cpp (swapAddressTableObjectsInRE): + AddressTable objects are converted to PF tables with the name of + the object in both run-time and compile-time mode. This is so only + for PF because other compilers simply expand compile-time + AddressTable objects as a group of addresses (and lose its name in + the process). Administrator can use compile-time AddressTable + object to create tables with names known beforehand. In the future + these tables can be used with 'overflow' rule option that updates + tables automatically. + + * TableFactory.cpp (init): implemented persistent tables in + compiler for PF: compiler maintains list of tables it creates + between passes for NAT and policy rules. This reduces duplication + if the same tables need to be created for both policy and NAT + rules. Tables for branched rule sets (anchors) are generated + separately and may duplicate those in the main rule set (although + their name is different). + +2006-05-16 vadim + + * PolicyCompiler_pf.cpp (processMultiAddressObjectsInRE): DNSName + object now inherits MultiAddress, this allows for DNSName to be + expanded into multiple addresses at compile time. Run time support + hasn't changed because most fw platforms automatically expand + domain name into all IP addresses defined as DNS A records for + this name. + +2006-05-14 vadim + + * FWWindow.cpp (unselectRules): rule set should lose focus when + object editor is opened in a panel. Object shown in the editor is + highlighted in the tree anyway. This works better during search + when "find next" finds object in the tree + + * NATCompiler_PrintRule.cpp (processNext): fixed bug #1476797: + "ipt NETMAP, POSTROUTING** chain --to problem with multiple + network targets". + + * PolicyCompiler_PrintRule.cpp (_printModules): Added support for + hashlimit module for iptables (with an option for older systems + where the same module is called dstlimit) + +2006-05-13 vadim + + * PolicyCompiler_PrintRule.cpp (_printModules): added support for + connlimit module for iptables + +2006-05-12 vadim + + * RuleOptionsDialog.cpp (loadFWObject): added input fieds for + iptables module "connlimit" + + * Many dialogs: converting all object, rule options and actions + editors from pop-up dialogs to built-in panels. + +2006-05-07 vadim + + * PrefsDialog.cpp (accept): removed entry field for scp, it is not + used by the installer. Cleaned up in all places where we check if + path to ssh is configured to make sure installer can use it. + + * TableFactory.cpp (createTablesForRE): names for tables that go + into an anchor have anchor name prepended to them as a prefix to + ensure global uniqueness. One side effect of this is that + AddressTable objects can only be used either in global rules or in + an anchor, but not in both at the same time because the name of + the table created for such object follows the name of the object + and hence appears the same in the main rule set and in the anchor. + + +2006-05-06 vadim + + * pf.cpp (main): Added support for branching rules for PF, + imlpemented via anchors. Rules defined in branches are stored in + separate .conf files and loaded by the .fw file using + pfctl -a -f Anchor rule files + are also added to manifest in the .fw file to make sure the built-in + installer will copy them to the firewall. + + * PolicyCompiler_ipt.cpp (processNext): support for branching + rules for iptables (via user-ddefined chain, chain name is + specified as action parameter for action 'Chain') + + * FWWindow.cpp (reopenFirewall): added support for policy + branches. Setting rule action to "Chain" or "Anchor" (depending on + platform) creates additional tab with a policy rule set. These + rules represent a branch in the policy, implemented by means of a + user-defined chain for iptables and anchor for pf. Chain or anchor + name is set as action parameter through standard action options + dialog. + + * FWWindow.cpp (fileSaveAs): fixed bug #1424880: "Save As" works + incorrectly. "Save As" works as follows: + * a new file is created with the name provided by user, this file + captures the state of the object database as of the moment when + user executed 'Save As' operation. + * if the old file was not in RCS, then any changes made to it + since it was saved to disk last time are lost. In other words, + next time user opens the old file, its content will be as it was + when it was saved to disk last time before using 'Save As' + operation + * if the old file was in RCS, then it is reverted to the head + revision in RCS + + * fixed bug #1434321: firewall name heading incorrect after + duplicate. After a firewall object is duplicated, the name of the + new object as shown in the tree and in pull-down list of firewalls + was incorrect. + + * ActionsDialog.cpp (setRule): Added GUI support for action + 'Branch' (represented as 'Chain' for iptables and 'Anchor' for pf) + +2006-04-30 vadim + + * platforms.cpp (getActionNameForPlatform): remapping names of + some new actions depending on the target firewall platform. For + example, action "Tag" appears as "Tag" for PF and as "Mark" for + iptables. Also remapping name for actions Pipe and + Accounting. This should help adoption of the new actions by people + who are familiar with corresponding features of the target + firewall platforms. Name mapping is done only for presentation; + all internal references to actions use their abstract internal + names both in the GUI and in all compilers. + +2006-04-30 + + * PolicyCompiler_PrintRule.cpp (_printOptionalGlobalRules): fixed + bug #1464806: "Global custom log prefix not applied to built in + options". Autogenerated rule that blocks packets matching INVALID + state will use globally set custom logging prefix. "-1" is used + for the rule number; macro "%C" is replaced with the chain name + "drop_invalid" + + * NATCompiler_pf_writers.cpp (processNext): fixed bug #1407328: + "NAT / RDR Exception PF problem". "no nat" rule in PF can + translate either into 'no nat' or 'no rdr', depending on what the + user really needs to achieve. There is no way fwbuilder can guess + right by just analysing this single rule, so it will generate both + variants. + +2006-04-23 vadim + + * SSHSession.h: fix for bug #1455772 did not work on windows where + QProcess added '\0' to each line of the stream passed to the ssh + client. On Unix we run fwbuilder as a wrapper for ssh client and + can intercept and filter these characters but on windows we do not + use wrapper and can't fix the problem that way. Better fix is to + avoid QString (and therefore conversions UTF8 <-> Unicode) all + together. Changed last parameter for constructor of SSHSession and + derived classes from QStringList to list. Now instDialog + reads script as sequence of bytes and does not convert it to + Unicode, then passes to the ssh client via SSHSession as-is. In + principle, this alleviates the need in the hack in main.cpp but I + leave it there just in case. (Forward ported from 2.0.12) + +2006-04-23 vadim + + * pixAdvancedDialog.cpp (displayCommands): changed title of the + tab where user controls protocol inspectors from "Fixup" to + "Inspect". Added a button to show commands that will be generated + by the compiler for a current combination of inspector + configuration, this button calls policy compiler fwb_pix and feeds + XML to it via standard input. Doing this automatically every time + user touches something in the inspector control widgets may be + slow on underpowered machines or when the data tree is very large + because the GUI needs to start external process, which reads and + parses the whole XML file. + +2006-04-22 vadim + + * pixAdvancedDialog.cpp (pixAdvancedDialog): calling fwb_pix to + generate protocol inspection commands. Need to implement saving + into a buffer in FWObjectDatabase to make this work. + +2006-04-19 ilya + + * FWWindow.cpp (singleInstall): batch compile and intsall + operations are possible when user selects several firewalls in the + tree and uses context menu items "Compile" and "install". Selected + firewalls are automatically checked in the batch install dialog. + + * FirewallDialog.cpp (loadFWObject): support for attribute + "inactive" in Firewall. Inactive firewalls are not picked for + batch compile and install operations. + +2006-04-10 vadim + + * NATCompiler_ipf.cpp (processNext), + ipfAdvancedDialog.cpp (ipfAdvancedDialog): Added support for PPTP + and IRC proxies for ipfilter + +2006-04-07 ilya + + * instDialog.cpp (selected): implemented batch compile and batch + install modes. Requires some work to polish the UI but basic + functionality works + +2006-03-26 vadim + + * OSConfigurator_linux24.cpp (generateCodeForProtocolHandlers): + fixed bug#1364060: "conntrack modules not found". The name of the + 'conntrack' module in Linux 2.6 is 'ip_conntrack.ko' and + 'ipt_conntack.ko'. Changed shell pattern to match new modules as + well as old ones. + + * linux24.xml.in: made "chmod +x" part of the sequence that + copieswall script to make the script is executable. This fixed bug + #1455748: "make firewall script executable" + + * main.cpp (main): it appears some older versions of Qt have a bug + referred to in the following article: + http://lists.trolltech.com/qt-interest/2004-10/thread00024-0.html + This bug causes '\0' to be appended to strings passed to/from + QProcess if they are converted to/from utf-8. Added workaround in + the ssh wrapper code to skip zeros. In combination with converting + config file strings from/to utf-8 this fixes bug #1455772: "Problem + with UTF8 Descriptions in FW Objects" + + * instDialog.cpp (initiateCopy): need to convert strings of the + config file from utf-8 in order to be able to use methods of + QString to process them. Strings are converted back to utf-8 right + before they are sent to the background ssh process to be copied to + the firewall in SSHSession::sendLine() + +2006-03-22 vadim + + * PolicyCompiler_ipt.cpp (prolog): switched from + Compiler::objcache to object index in FWObjectDatabase. Replaced + calls to Compiler::getCachedObject with calls to + FWReference::getPointer() everywhere + +2006-03-20 vadim + + * ipf.cpp, ipt.cpp, pf.cpp, ipfw.cpp (main): added call to + Preprocessor::compile() to convert DNSName and AddressTable + objects before rule processing starts + +2006-03-18 vadim + + * OSConfigurator_solaris.cpp (printPathForAllTools): fixed bug + #1393004: "Solaris does not have "egrep -q". Since egrep shipped + with Solaris does not have option '-q', using '-s' + + * ipf.cpp (main): fixed bug #1386226: "generated -nat.conf is not + removed when nat rules removed.". Old fw-nat.conf was left in + place when user deleted all NAT rules (the new one was not created + either). Now compiler deletes *-ipf.conf and *-nat.conf files + before creating new ones, also installer gets correct list of + files to read. + + * PolicyCompiler_PrintRule.cpp (PolicyRuleToString): fixed bug + #1375432: "fwb_ipt with twice -m state". Compiler used to generate + options "-m state --state XYZ" twice in a situation when + administrator uses custom service that already includes this code + and rule is not stateless. + +2006-03-15 ilya + + * ObjectManipulator.cpp (findFirewallsForObject): Using method + findWhereUSed to find firewalls that require compile/install after + an object is modified. + +2006-03-15 vadim + + * ObjectManipulator.cpp (_findWhereUsed): generic recursive method + that finds all groups and rules that use an object. + +2006-03-10 ilya + + * ObjectManipulator.cpp (contextMenu): added temporary pop-up menu + item 'simulate Install' for testing. + + * ObjectManipulator.cpp (__Is_Object_Ref_In_Firewall): added + support for detection of firewall objects that require compile and + install after any object in the tree is modified. The code keeps + track of changes made to firewall's policy rules, as well as + changes in all objects in the tree. After the user applies changes + in an object editor, the program inspects every firewall trying to + determine if the object is used in one of its rules. When one or + more firewalls using this object are found, corresponding items in + the tree are highlighted. Indirect usage, such as if the object is + a member of a group that is used in a rule, is also + detected. Multi-level group membership is detected too. + +2006-03-07 vadim + + * All compilers: compiler prints only one 'success' message at the + and of processing instead of after each section (policy, NAT + etc). This makes it easier to keep track of its progress and is + less confusing if it runs in a silent mode and takes a long time + to process one section. Before, when it printed "Rules compiled + successfully" after each section, the user could interpret this + message as if compiler was done, while in fact it was still + working on the next section + +2006-03-06 vadim + + * PolicyCompiler_ipt.cpp (removeFW): restored rule processor that + removes firewall object from src or dst to simplify rule if it + uses OUTPUT or INPUT chain. Doing this only if original rule did + not have negation and we do not add any virtual addresses for NAT. + After removal the rule collapses to a simple command like this: + + iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT + + this works fine except if we have added virtual addresses for + NAT. It is assumed that firewall object in rules represents + combination of addresses configured in its interfaces in the + GUI. Virtual addresses added for NAT are considered to be a side + effect and connections should not be implicitly permitted to them + by a rule with fw object in destination. The same applies to fw + object in source. See bug #685947 for discussion. To avoid + inadvertently opening holes in the firewall by a rule like that, + we remove fw object only when it is safe to do so. + + +2006-03-05 vadim + + * PolicyCompiler_ipt.cpp (decideOnChainForClassify): setting chain + to POSTROUTING for rules with action Classify. Also added checks + for this action in all rule processors that split rules in order + to assign them to INPUT/OUTPUT/FORWARD chains later because this + is not needed for this action (since only one chain is allowed + anyway) + + * PolicyCompiler_PrintRule.cpp (_printDstService): added checks + for iptables version "1.3.0" + + * PolicyCompiler_PrintRule.cpp (_printDirectionAndInterface): + added support for physdev module for bridging firewalls. This + module is used if interface a rule is associated with is marked as + bridge port and iptables version is set to 1.3.0 or later in the + firewall settings. Feature Request #1000757: "bridging: using physdev" + + * All compilers: by default treating bridge port interfaces the + same as unnumbered interfaces, unless target firewall platform + provides special support for bridge ports, such as module + 'physdev' in iptables + + * InterfaceDialog.cpp (loadFWObject): added support for bridge + port interface + +2006-03-04 vadim + + * fwbedit.cpp (main), fwblookup.cpp (main): using global variable + instead of singleton FWObjectDatabase::db. FWObjectDatabase::db + is not used in fwbuilder2 anywhere and can be eliminated. + + * FWObjectClipboard.cpp (add): must create new objects using + current instance of FWObjectDatabase because it maintains internal + object index. Replacing FWObjectDatabase::db with mw->db() to + accomplish that + + * getting rid of singleton FWObjectDatabase::db in the GUI - + replacing it everywhere with mw->db() + +2006-02-28 Vadim + + * FWObjectPropertiesFactory.cpp (getObjectProperties): printing + firewall's lastModified, lastCompiled and lastInstalled timestamps + in the info window and in tooltips + +2006-02-26 ilya + + * ObjectManipulator.cpp (updateLastModifiedTimestamp): added + methods to keep timestamps for the moments when a Firewall has + been modified, compiled and installed. Using these timestamps to + provide visual indication for when a firewall needs to be + installed using bold font for its name in the tree view. Will use + the same mechanism to automatically suggest which firewalls to + install when user hits "Install" menu item or toolbar + button. Still need to implement object modification tracking to + properly detect which firewall needs to be marked when an object + is modified (an object can be used in a firewall rule directly or + indirectly if it is a member of a group) + +2006-02-19 vadim + + * FWWindow.cpp (reopenFirewall): the GUI shows "Routing" tab only + if the corresponding policy compiler for a give host OS supports + it. Using element in the res/os/OS.xml resource + file. + + * FirewallDialog.cpp (fillVersion): fixed a bug where firewall + versions would appear in a mixed order in the 'version' pull-down + in firewall object dialog + +2006-02-18 vadim + + * Added support for load balancing rules in PF + + * Added support for address ranges and network objects in TSrc in + NAT rules for PF + + * Added support for pool types in NAT rules for PF ('bitmask', + 'random', 'source-hash', 'round-robin') as well as 'static-port' + option + + * PolicyCompiler_ipf_writers.cpp (_printAction): basic support for + Custom action for ipfilter. Lack of examples for actions 'auth' + and 'call' in ipfilter documentation or anywhere on the web makes + it hard to implement right. + + * PolicyCompiler_ipfw_writers.cpp (_printAction): Added support + for policy rule action Custom for ipfw + + * PolicyCompiler_ipfw_writers.cpp (_printAction): Fwbuilder policy + rule action 'Classify' is mapped to ipfw actions 'pipe' or + 'queue'. Fwbuilder policy rule action 'Pipe' is mapped to ipfw + action 'divert' + + +2006-02-17 ilya + + * execDialog.cpp (saveLog): Added a button and function to save + compile or install progress log to a file with extension .txt + + * killed startup wizard; the GUI starts accordingly to the setting + on the first page of the Preferences dialog - it can either start + up showing just standard objects library or automatically open + file the user was editing last time the GUI was used. + + * object created using "Duplicate" menu item is automatically + activated and opened in the editor + +2006-02-15 vadim + + * PolicyCompiler_pf_writers.cpp (_printQueue): implemented support + for action 'Classify' in compiler for PF, mapped to a filtering + rule option 'queue _queue_name_' + + * PolicyCompiler_PrintRule.cpp (PrintRule): implemented support + for actions 'Classify' and 'Custom' in compiler for + iptables. Action 'Classify' is mapped to '-j CLASSIFY --set-class M:N'; + action 'Custom' is used verbatim + +2006-02-15 ilya + + * :version 2.1.5 + + * :Added new Actions 'Classify' and 'Custom'. + + * :Added new dialog NATRuleOptionsDialog. + + * RuleSetView: In NATView inserted new column "Options" for + viewing of Nat Rule Options. + +2006-02-11 ilya + + * DiscoveryDruid.cpp (checkSNMPCommunity): unified method to check + validity of the host name/ip address for dns name server used for + zone transfer and seed host used for snmp crawler + +2006-02-09 vadim + + * PolicyCompiler_pf_writers.cpp (_printDstService): added support + for the TagService object (using 'tagged') + + * PolicyCompiler_PrintRule.cpp (_printDstService): added support + for the TagService service object (using --mark) + +2006-02-09 ilya + + * DiscoveryDruid.cpp (DiscoveryDruid): improvements in the + implementation of the address and name validity for snmp crawler + seed host and dns server for dns zone import. Implemented support + for IP aliases in snmp crawler + +2006-02-05 ilya + + * DiscoveryDruid.cpp (save): saving/restoring parameters of the + DiscoveryDruid between sessions + +2006-01-27 ilya + + * DiscoveryDruid.cpp (changedSelected): proper implementation of + long/short name generation for dns zone import; proper checks for + correctness of the seed host address for snmp crawler; showing + number of interfaces in discovered hosts on the results page + +2006-01-21 vadim + + * gui.pro (IMAGES): grand icons clean-up and update. Removed old + unused icons and images, added new icon theme by Irina Filvarova + +2006-01-20 ilya + + * DiscoveryDruid.cpp (changedSelected): working version of + discovey druid. Got rid of all calls to setModal, hence + workarounds defined in qt_workarounds.h are not needed anymore + +2006-01-16 vadim + + * DiscoveryDruid.cpp (stripObjects): minor formatting cleanup in + DiscoveryDruid; fixed typos in DiscoveryDruid ('wasCanceled' -> + 'wasCancelled'); refactored #includes to improve compilation speed + in DiscoveryDruid + + * DiscoveryDruid.cpp: had to move '#include "DiscoveryDruid.h"' + below all qt #include's to make code compile on windows. When this + #include was above qt includes, compiler would stop with an error: + + ------------------------------------------------------------ + C:\Qt\3.3.1\include\qlistbox.h(139) : warning C4003: not enough actual parameter + s for macro 'index' + C:\Qt\3.3.1\include\qlistbox.h(139) : error C2059: syntax error : ')' + C:\Qt\3.3.1\include\qlistbox.h(139) : error C2143: syntax error : missing ')' be + fore ';' + ------------------------------------------------------------ + I haven't figured out where does 'index' macro come from + + + * discoverydruid_q.ui.h: added workarounds for missing + QDialog::setModal in QT 3.1 + + * FWWindow.cpp (doCompile): since we now package platform and os + resource files with externally packaged compilers, we do not need + to use "-r" flag while calling compilers anymore + +2006-01-10 ilya + + * DiscoveryDruid.cpp (startHostsScan): implemented object import + from a file in "/etc/hosts" format. This includes druid page where + user selects objects from the list, a page where they can assign + object type for each record and a page where they chose a library + new objects should be part of + +2006-01-07 vadim + + * PolicyCompiler_ipfw_writers.cpp (_printAction): support for + action Pipe in ipfw. This action can be implemented using + "divert", "pipe" or "queue" rule actions in ipfw; the method is + chosen using rule action parameters dialog in the GUI. + + * ActionsDialog.cpp (setRule): support for action Pipe for ipfw in + the GUI. + + * PolicyCompiler_pf_writers.cpp (_printAction): added support for + Tag action for PF + +2006-01-03 vadim + + * ipt.cpp (main): implemented checks for the situation when + compiler produces an empty script. In such cases we avoid printing + any header or commit commands (such as '*mangle' and 'COMMIT' + if iptables-restore format is used) + + * PolicyCompiler_ipt.cpp (processNext): implemented support for + QUEUE target in compiler for iptables. Commands with this target + are generated for fwbuilder rules with action "Pipe" + + * MangleTableCompiler_ipt.h: Implemented support for MARK target + for iptables. Iptables commands with target MARK are generated for + fwbuilder rules using action "Tag". Rules are placed in + INPUT,OUTPUT and FORWARD chain of the "mangle" table, this ensures + that DNAT happens before rules placed in the mangle table see the + packet. PREROUTING chain in mangle table is executed before + PREROUTING chain in the nat table, so placing tagging rules in the + PREROUTING chain would make them fire before DNAT. POSTROUTING + chain of the mangle table, as well as its FORWARD and OUTPUT + chains, work before corresponding chains of the nat table. In all + cases the goal is to make sure DNAT rules process the packet + before, and SNAT rules process it after filtering and tagging + rules. + + * AddressTableDialog.cpp (preview): AddressTable dialog "preview" + function looks for the table file in the same directory as + currently opened data file if file name is entered as relative + path + +2005-12-16 ilya + + * FWObjectPropertiesFactory.cpp : For objects of type 'interface' + a path to library is included in "detailed properties". + + * FWWindow.cpp : Added new menu "/tools/Discovery Druid" + + * DiscoveryDruid.cpp : Created basic gui for Discovery druid + + +2005-12-16 ilya + + * SimpleTextView.cpp: new custom text viewer. + + * AddressTableDialog.cpp: file preview uses SimpleTextView. + + * newfirewalldialog_q.ui: Dialog size fixed (now all internal + widgets are visible) + + * fwbedit.cpp : fixed run with unknown options. Added a new option: + -u - interactive file upgrade + +2005-12-14 ilya + + * Added detailed tooltips for rule options for all fw platforms + + * Redrawing policy view if user changes firewall version; this + ensures that icon that indicates non-default rule options is + correctly updated in case different versions of the same fw + platform support different combinations of rule options. + + * Redesigned page of the new host dialog where user adds + interfaces manually. Before buttons "add","Update","remove" were + hidden because dialog was too small. + +2005-12-13 vadim + + * po.pro: Added Swedish translation made by Daniel Nylander + + +2005-12-13 ilya + + * RuleSetView.cpp (maybeTip): added tooltips for rule elements + Action and Options + +2005-12-02 vadim + + * NATCompiler_ipf.cpp (processNext): Run-time AddressTable objects + are not supported in ipfilter; added a placeholder for + corresponding rule processors, aborting compilation when such + object is detected in a rule + + * OSConfigurator_linux24.cpp (printPathForAllTools): fixed bug + #1361564: "Prolog script env settings unavailable". Need to define + env variables IPTABLES, LSMOD etc before prolog. + + (OSConfigurator_linux24::printChecksForRunTimeAddressTables): + compiler for iptables inserts shell code to ensure that data files + used in run-time AddressTable objects are present before firewall + policy is activated. + + * PolicyCompiler_PrintRule.cpp (processNext): implemented run-time + mode for AddressTable object in compiler for iptables. Current + implementation *dos not* emulate dynamic table reloads as can be + done for PF using "pfctl -t table -Treplace" command. The whole + policy script must be run again if data file AddressTable object + refers to changes. Current implementation does not allow comments + in the data file + +2005-12-01 ilya + + * version 2.1.4 + + * new object type TagService + + Actions 'Mark' and 'Queue' renamed as 'Tag' and 'Pipe' + respectively. + + * fwbedit.cpp: fixing of absent 'TagServices' group added. + + * ActionsDialog.cpp: new actions control dialog + + * RuleSetView.cpp: changed actions context menu to use new + parameters dialog (support of actions with parameters). + +2005-11-24 vadim + + * PolicyCompiler_pf.cpp (processNext): added support for run-time + AddressTable objects for PF. + + * PolicyCompiler_pf (PrintRule::_printAddr) + * TableFactory.cpp (TableFactory::PrintTables): support for DNSName + run-time mode in compiler for pf, ipfw and ipf + + * PolicyCompiler_PrintRule.cpp (_printAddr): support for DNSName + run-time mode in compiler for iptables + +2005-11-23 Vadim + + * AddressTable object dialog + +2005-11-22 vadim + + * TableFactory.cpp (createTablesForRE): class TableFactory reuses + existing tables separately for NAT and policy rules. Reuse of + tables created for NAT in the policy rules is difficult because + tables themselves are created in the temporary copy of the tree in + the NAT compiler (the same applies to the objects - members of the + tables) + +2005-11-21 vadim + + * NATCompiler_pf_writers.cpp (_printAddr): Improvement in the + compiler for PF: using '!' syntax for one-object negations + + * NATCompiler_pf.cpp (CeateTables): Improvement in the compiler + for PF: Using tables for NAT rules + + * TableFactory.cpp (createTablesForRE): using the same class to + generate tables for both policy and NAT rules for pf. Table names + are composed using rule positions so that table names do not + change between compiler runs (they used to change because they + were created using rule IDs, which changed because compiler + generated lots of copies of rules) + +2005-11-14 Vadim + + * version 2.1.3 + + new object type DNSName + + using this method in Compiler::prolog to resolve DNSName objects + that are supposed to be resolved at compile-time + + Redesigned RuleOptionsDialog to make room for new options + + Added actions MARK and QUEUE with basic support in API and GUI + + Added new object type AddressTable + +2005-11-05 vadim + + * iptAdvancedDialog.cpp (iptAdvancedDialog): fixed bug #1349326 + "ulogd option does not work". There was a typo in the class + iptAdvancedDialog ( useULOG instead of use_ULOG ) + *** Ported from 2.0.10 *** + +2005-11-01 vadim + + * NATCompiler_ipt.cpp (processNext): fixed bug #1342495: "SNAT + with address range". Compiler used to print warning "Adding + virtual addresses for NAT is not supported for address range" even + if adding virtual addresses for NAT was turned off. + *** Ported from 2.0.10 *** + +2005-10-26 vadim + + * PolicyCompiler_ipt.cpp (processNext): fixed bug #1313420: + "OUTPUT chain is built wrong under certain conditions." Rules + that have firewall in SRC and DST, while DST has negation, should + be split so that the second generated rule goes into OUTPUT chain + rather than FORWARD + *** Ported from 2.0.10 *** + +2005-10-24 vadim + + * FirewallDialog.cpp (openFWDialog): fixed bug #1315892: + "fwbuilder crashes on missing OS template" The GUI crashed if user + added new hostOS or firewall platform template under resources/os + or resources/platforms, then reinstalled the package (and + therefore lost their custom template files), then tried to open + firewall or host OS settings dialog for the object using new + template. + *** Ported from 2.0.10 *** + + * RuleOptionsDialog.cpp (loadFWObject): fixed bug #1305933: + "fwbuilder/Solaris: compilation errors". Another case of implicit + type conversion QString->string which does not compile on systems + with QT built w/o STL support. + *** Ported from 2.0.10 *** + + * main.cpp: fixed bug #1304878: fwbuilder: signal.h + required (Solaris). Using 'AC_CHECK_HEADERS([signal.h])' in + configure.in to check for the appropriate #include. + *** Ported from 2.0.10 *** + + * configure.in: fixed bug #1304764: "configure script: Sun make + check fails". Need to use ${MAKE-make} instead of $ac_make when + checking for GNU make. + *** Ported from 2.0.10 *** + + * fixed bug #1304785: "fwbuilder - Solaris has no libutil". Using + better way to check whether we need to link with libutil. + *** Ported from 2.0.10 *** + +2005-10-22 vadim + + * VERSION: set version to 2.0.10 in branch fwb2-2.0-maint + +2005-09-29 Vadim + + * PolicyCompiler_ipt.cpp (InterfacePolicyRulesWithOptimization): + new rule processor: checks if the rule is associated with an + interface and uses setInterfaceId to record its id. If the rule is + associated with multiple interfaces, splits the rule + accordingly. Unlike basic processor + PolicyCompiler::InterfacePolicyrules, this processor tries to + optimize rules applied to multiple interfaces using user-defined + chain + + ***** Policy compilers support multiple interfaces and negation in + "Interface" rule element + +2005-09-28 Vadim + + * RuleSetView.cpp (paintCell): merged interface policies with + global policy. Keeping most of the code that implements interface + policy tabs just in case. + + * set version to 2.1.2 + +2005-09-26 Vadim + + * RoutingRuleOptionsDialog.cpp (loadFWObject): Added support for + routing rules. Using "fwbuilder-routing" patch provided by Tidei + Maurizio + + * set version to 2.1.1 + + * ObjectManipulator.cpp (createObject),(newDNSName), + newHostDialog.cpp (accept): added checks for broken object tree + +2005-09-20 + + * DNSNameDialog.cpp (loadFWObject): new object type: DNSName + (Illiya) + +2005-09-17 + + * 2.0.9 release in branch fwb2-2.0-maint + +2005-09-12 + + * fwsm.xml.in: Added support for Cisco FWSM (platform and host OS) + + * pixAdvancedDialog.cpp (pixAdvancedDialog): Added support for + manual ACL commit in FWSM + +2005-09-11 + + * SSHPIX.cpp (SSHPIX): enable_prompt should include string "Access + Rules Download Complete" which is _sometimes_ printed by FWSM when + in auto-commit mode. + +2005-09-07 + + * ObjectManipulator.cpp (lockObject): Added ability to lock/unlock + individual objects in the tree (Illiya) + + * GroupObjectDialog.cpp (listViewSelectionChanged): Illiya + implemented Feature Req #1151208: "Allow multiple objects select + to make an action (Group)" + +2005-09-07 + + * SSHSession.cpp (cmpPrompt): overloaded method + SSHSession::cmpPrompt to be able to specify prompt as a regular + expression. This variant is very convenient for PIX prompts. + +2005-09-05 + + * fixed bug #1254775: "RCS checkin fails on Windows when data file + is too big". RCS tools failed to check the file in if it consisted + of one huge line of text. This fix makes th GUI save data file + (.fwb) in formatted form on Windows, just like on Linux. This + means each XML element is saved on separate line instead of all of + them being on the same line. + +2005-09-04 + + * NATCompiler_pf.cpp (processNext): fixed bug #1276083: + "Destination NAT rules". Old restriction on "rdr" rules that + required service in OSrv is not valid anymore, pf supports rdr + rules with no protocol specification. (ported from 2.0.9) + +2005-09-04 Vadim Kurland + + * FWWindow.cpp (fileCommit): properly handling situation when user + hits Cancel in check-in log dialog (should abort File/Commit + operation entirely) + + * main.cpp (main): added a workaround to make the GUI work in + Spanish locale (QT 3.3.4 ships with broken qt_es.qm file at least + on Fedora-C4 and Mac OS X) + +2005-08-31 + + * SSHUnx.cpp (stateMachine): fixed bug #1277129: "script is + truncated when installed by the GUI running on Mac". Large script + was getting truncated while copied to the firewall if GUI was + running on Mac OS X (bugfix ported from 2.0.9) + +2005-08-17 + + * fwbedit.cpp (usage): Finished implementation of RFE #1211612 + "fwbedit - add object?". Using "-p","-L","n" and "-o" command line + switches to specify parent, library, name and attributes of an + object + +2005-08-04 + + * fwbedit.cpp (main): Illiya is working on RFE #1211612: "fwbedit + - add object?" and #1114501: "Data file repair". Fwbedit can now + add objects as well as repair tree structure. Still needs some + more work. + +2005-07-31 + + * LINGUAS: Added Spanish translation, thanks to Carlos Lozano + + +2005-07-30 + + * Started v2.1.0 + +2005-07-30 + + * FWWindow.cpp (fileCommit): Illya implemented Feature Request + #1187461 "Add "commit" menu item". This menu item commits opened + data file to RCS but keeps it opened so the user can continue + editing. + +2005-07-29 + + * FWWindowPrint.cpp (addObjectsToTable): Illiya implemented + Feature Request #1225393 "FeatureRequest Print comments on + objects" + +2005-07-23 + + * RuleSetView.cpp (dragMoveEvent): Illiya fixed bug #1226069: + "Segfault: Drag&Drop between two instances" + +2005-07-21 + + * platforms.cpp (getLogFacilities): Illiya moved definitions of + log levels, log facilities and actions on reject to module + platforms.cpp. Methods getLogLevel, getLogFacilities and + getActionsOnReject return string lists suitable for using with + DialogData to provide mapping between localized and english + strings so that the user sees translated ones but enlish ones are + written into FWOptions object and used by compilers. This fixes + bugs #1240205: "Iilegal --log-level Information" and #1233165: + "Illegal Logging-Limit string.". + +2005-07-08 + + v2.0.8 released + + +2005-07-05 + + * SSHSession.cpp (allDataSent): calling allDataSent from heartBeat + slot method because on windows signal 'wroteToStdin' is emitted + before I had a chance to connect it to a slot in + SSHUnx::stateMachine in state PUSHING_CONFIG after entire file has + been transmitted. I used to send an extra '\n' to force signal + 'wroteToStdin', but that made the file to be sligltly different on + the receiving end and I do not like that. + + * RuleSetView.cpp (dragMoveEvent): not really a change: bug + 1226069 "Segfault: Drag&Drop between two instances" requires + redesign of the drag&drop mechanism so that live pointer to + FWObject is not passed between sender and receiver. + +2005-07-04 + + * SSHSession.cpp (startSession): fixed bug #1232478: "FWB shuts + down on incorrect password". Bug was intorduced in build 624 while + working on installer stalls and undescriptive ssh termination + error when OpenSSH 4.0 was used. + +2005-07-02 Vadim Kurland + + * main.cpp (main): ignore SIGHUP in the child process in ssh + wrapper. Closing stdin at the end of the file copy sends SIGHUP to + the child. By some reason, this caused ssh to terminate with error + message "killed by signal 1" and return code 255 on Fedora C4 + which uses OpenSSH v4.0p1 + +2005-07-02 + + * main.cpp (tty_raw): switched from TCSAFLUSH to TCSANOW in call + to tcsetattr when we switch tty to raw mode in ssh wrapper + code. This should fix mysterious stalls in the installer that were + introduced when I worked on the wrapper code to fix bug #1213361 + (problems with file copies on FreeBSD 5.4) + + * instDialog.cpp (initiateCopy): added missing "-v" option to ssh + call used to copy policy script to the firewall if "verbose" + checkbox is checked. This should help troubleshoot problems with + installer when ssh fails and terminates with an error. + +2005-06-25 + + * configure.in: need to call macro AC_PROG_MAKE_SET before + using $ac_make to check for GNU make + + * configure.in: added check for cfmakeraw (which is absent on Solaris) + + * configure.in: make script continue if forkpty is not found, + the program will use emulation. + +2005-06-13 + + * FWObjectPropertiesFactory.cpp (getObjectPropertiesDetailed): + sorting list of objects for tooltips. Sorting is done by object + name, alphabetically. TODO: use locale-aware sort and ignore + case of the letters. + +2005-06-12 + + * main.cpp (main): need to switch the pipe and stdin in the child + process to raw mode in order to ensure proper communication when + fwbuilder works in ssh wrapper mode. This (really) fixes bug + #1213361 + + * configure.in: Added path to QT where it is installed on 64-bit + systems to the list configure tries while searching for QT + +2005-06-11 + + * PolicyCompiler_ipt.cpp (processNext): fixed bug #1215279: "rate + limiting rule logs everything". Rule utlilizing "limit" module to + rate limit packets with logging logged every packet and dropped + those that exceeded the limit. The fix makes it apply the limit + first and then log only packets that were dropped. + + * main.cpp (forkpty): fixed bug #1072842: "fwbuilder: Solaris and + forkpty". We need forkpty fr built-in installer but this function + is not awailable on Solaris. I am adding re-implementation, but it + hasn't been tested since I do not have Solaris machine. + + * FWObjectPropertiesFactory.cpp (getObjectPropertiesDetailed): + fixed bug #1212179: "tool tips for TCP services cuts off some + services". The gui would show very long tooltip for large groups; + if the group was too large, the tooltip did not fit on the screen. + + * main.cpp (main): fixed bug #1213361: "PF on FreeBSD-5.4R". Bug + description is misleading, the probem was caused by built-in + installer rather than by compiler for PF. Installer would not copy + generated script over ssh if the script was longer than some + threshold and the gui was running on FreeBSD. + +2005-06-05 + + * linux24.xml.in: fixed bug #1212121: "sudo shutdown doesn't + work". Installer needs to schedule reboot when the user activates + policy in a test mode. There was a bug in the installer script + that improperly used sudo to run shutdown when installation was + performed using regular user account. + + * linux24.xml.in: fixed bug #1212123: "executing file below /tmp + as root". Avoiding world-writable directory /tmp/ while activating + policy in the test mode. This change makes installer use + subdirectory "tmp" under directory specified in the "intaller" tab + of firewall settings dialog. That directory is expected to have + proper permissions; subdirectory "tmp" can be created manually, + otherwise installer creates it. Either way, it is not + world-writable, therefore unauthorized users can not create + scripts in it. + + * freebsd.xml.in: Using pkill to find running shutdown process and + kill it to cancel pending reboot. Pkill simplifies the scriptlet + so we don't need to deal with output redirection etc. Pkill is + available on FreeBSD, Linux, OpenBSD and Solaris. + + * linux24.xml.in: another fix for a bug #1201406: "shutdown + messages should be suppressed". Scriptlet has been modified to + make sure it works in both sh and csh (user who installs the + policy may have tcsh as their login shell, root may use tcsh too) + +2005-05-30 + + * src/res/os/*.xml.in: fixed bug #1201406: "shutdown messages + should be suppressed". Installation scriptlet tries to kill + shutdown process, if there is one, to cancel pending shutdown that + might have been left over from test install. If there is none, the + script prints an error message "shutdown process not found" or + similar, which confuses user. Needed to suppress these error + messages. + + * fixed bug #1155351: "Remote install of FW rulset fails due to + race condition". Generated ipfw firewall script could not be ran + reliably over ssh session because "ipfw -f" flushes all rules and + all state, which breaks ssh session. As soon as the script needed + to print anything, it got I/O error from the system because TCP + session for ssh was blocked; this stopped the script and did not + let it activate new firewall policy. + + * PolicyCompiler_ipfw_writers.cpp (processNext): improvemet in the + compiler for ipfw: added "established" rule on top of the regular + backup ssh access rule; this allows to maintain management ssh + session after the policy is reloaded. both "ipfw -f" and swapping + sets flushes all states, so the ssh session used to upload and + activate new policy breaks. A rule with "established" keyword + maintains this session. + + * PolicyCompiler_ipfw_writers.cpp (processNext): improvement in + the compiler for ipfw: using rule sets to atomically swap old and + new rules. New rules are loaded in the set 1 and then swapped into + set 0. If there is an error in a new rule set, it is caught while + loading rules into inactive set 1, at which point script stops + without changing old firewall rules. + + * PolicyCompiler_pf.cpp (addDefaultPolicyRule): implemented + support for subnets for backup ssh access for pf,ipf,ipfw. Subnet + can be defined using either full netmask or bitlength: both + "192.168.1.0/255.255.255.0" and "192.168.1.0/24" are + acceptable. Single host address works too, both as "192.168.1.10" + and as "192.168.1.10/255.255.255.255" or + "192.168.1.10/32". Incorrect address or netmask cause compiler to + abort processing. + +2005-05-28 + + * GroupDialog: fixed bug #1207983: "incorrect size of "I" and "L" + buttons in the group view dialog". Tested with large font and + cleaned up layout in many dialogs. + + * HostDialog.cpp (loadFWObject): removed 'snmp community' option + from the Host object dialog - it was not used anywhere + + * ipt.cpp (main): fixed bug #1205665: "Error with summer time when + compiling script". Sometimes timezone name has "'" in it which + confuses shell and causes an error when generated script prints + "Activating firewall policy..." log message + + * RCS.cpp (RCSEnvFix): fixed bug #1204067: "incorrect timezone + handling in RCS". Windows version of RCS incorrectly converts + check-in time when time zone is east of GMT. Had to use "-z" + option on all RCS commands to explicitly set offset; "-zLT" + produces wrong results in rlog. + + * fwb_compile_all (LIB): fixed bug #1200902: "fwb_compile_all does + not work in 2.0". Script fwb_compile_all broke because of changes + in data file format + + * PolicyCompiler_PrintRule.cpp (_printTimeInterval): fixed bug + #191423: "Weekend Time restriction not created correctly". Rules + with time restriction spanning from Saturday to Sunday were + generated with incorrect "--day" option + + * objects_init.xml.in: fixed bug #210518: 'Incorrect ending day in + the standard object "weekends"'. This object defined time interval + ending at 23:59 on Monday instead of Sunday + + * implemented Feature Request #1145666: "Print RCS + Log". File/Properties dialog can now print RCS log. Thanks to + "Ilya V. Yalovoy" for the patch. + + +2005-05-23 + + * added updated German translation by Hans Peter Dittler + + +2005-05-20 + + * set version to 2.0.8 + +2005-05-08 + + * v2.0.7 released + +2005-05-04 + + * OSConfigurator_linux24.cpp (printPathForAllTools): fixed bug + #1195201: "getaddr function return error ip address". Yet another + change in the way we use grep to find IP addresses of an interface + on Linux. We can't use regex (bug #1123748) and need to filter out + secondary addresses from the "ip addr show" output. It looks like + "grep -v :" neatly solves the problem without using regex. + +2005-05-02 + + * snmp.cpp: API change: Compiled all OIDs. The program may run on + a system where MIBs are not installed, so we can not always use + symbolic OID names Also using snmp_out_toggle_options to turn + numeric output in all responses (equivalent to -On in snmp tools) + +2005-05-01 + + * snmp.cpp (walk): API changes: verbose error message, printing + response->errstat code as well as corresponding error string; this + should help debug snmp -related problems better + + * snmp.cpp (walk): API changes: using snmp_error to print last + snmp error string + +2005-04-27 + + * implemented support for SNMP operations in Windows packages + + * qmake.inc files overhaul + +2005-04-26 + + * newFirewallDialog.cpp (getInterfacesViaSNMP): switched to using + QT class DNS to get host/firewall name in new HostDialog and + newFirewallDialog classes. This seems to work better on Windows. + Also added more locks to prevent reentering getInterfacesViaSNMP + if user clicks the button multiple times in quick succession + +2005-04-23 + + * newFirewallDialog.cpp (accept): fixed bug #1187248: using "find" + for an address "192.168.10*" several times after a firewall + objects has been created using templates caused GUI to crash + +2005-04-17 + + * findDialog.cpp (matchAttr): implemented feature request + #1151206: "Search for IP Addresses". "Find" dialog searches for + objects by a combination of name and one of the following + attributes: address, tcp/udp port, ip protocol number or icmp + message type. Regular expressions can be used for both name and + attribute. + + * ObjectTreeView.cpp (getSimplifiedSelection): fixed bug #1151212: + "Collapsed sub-objects shouldn't be added if they are + hidden". When user selects multiple objects in the tree some of + which have child objects, those child objects used to be also + selected and added to groups in addition to their parent + objects via drag-and-drop operation. + + * GroupObjectDialog.cpp (pasteObj): fixed bug #1184791: "can not + copy/paste multiple objects into a group" + + * FWWindow.cpp (doCompile): implemented feature req. #1151220: + "Close" button should change is caption/title to "Install". When + user clicks "Install" toolbar button or main menu item, the + "Close" button in the pop-up window that displays compiler + progress changes its text caption to "Install" + +2005-04-13 + + * PolicyCompiler_ipt.cpp (addPredefinedPolicyRules): fixed bug + #1181359: "Missing traling space in "INVALID state" syslog + message" + +2005-04-10 + + * instDialog.cpp (continueRun): Improvement in built-in installer: + user can specify additional command line parameters for ssh that + built-in installer runs to access firewall. This allows for + alternative ssh port or alternative ssh identity to be used when + accessing firewall. Parameters can be added in the "Installer" tab + of firewall settings dialog for all platforms. + +2005-04-09 + + * ipt.cpp (main): fixed bug #1179103: 'compiled rules can not be + install'. Generated iptables script could not be used on systems + with non-English locale where timezone name used local characters + because these characters were printed as hex ( "台" ) and + '&' caused problems with shell. Now using single quotes to make + shell ignore any characters in the string. Will deal with proper + printing of localazed timezone later. + + +2005-04-07 + + * OSConfigurator_freebsd.cpp (printPathForAllTools): function + getaddr() falls back to 0.0.0.0/32 if dynamic interface has not + been assigned an address yet or is down. Ipfilter policy using + run-time substitution of dynamic interface addresses will be + functional even if these interfaces are down or do not have IP + address. + +2005-04-05 + + * PolicyCompiler_PrintRule.cpp (_flushAndSetDefaultPolicy): fixed + bug #1176890: "block IPv6". Generated iptables script sets default + policies to DROP in all ipv6 filter chains. More detailed control + can be implemented using prolog or epilog scripts. + +2005-04-03 + + * PolicyCompiler_pf.cpp (separateSrcPort): fixed bug #1176051: + "incorrect rule generated for TCP service ftp-data". If a rule + used several TCP or UDP service objects and one of them has source + port range configured, generated PF filter rule incorrectly + matched on a combiantion of that source port range _and_ + destination port ranges from all other service objects. This bug + affected compilers for OpenBSD PF and ipfilter + +2005-03-31 + + * FWWindowPrint.cpp (filePrint): fixed bug #1155163: "print does + not print group contents". The program printed only number of + objects contaned in object or service groups. Now it prints lists + of member objects for all groups used in rules. If groups contain + other groups, they are printed recursively. + +2005-03-30 + + * objects_init.xml.in: fixed bug #1172620: "Add tcp service object + for icslap". Added this object to the objects library "Standard". + + * FWWindow.cpp (info): fixed bug #1151243: "Maintain format of + description text". The GUI ignored text formatting in object + comment when displayed it in the info panel (lower left corner of + the main windows) + + * FWOptions.cpp (toXML): API change: fixed bug #1173801: '"&" + character in prolog/epilog'. Needed to call xmlEncodeSpecialChars + to encode special characters in firewall options + +2005-03-29 + + * ipf.cpp (printActivationCommandWithSubstitution): fixed bug + #1173064: "support for dynamic interfaces in ipfilter". Actual + address of dynamic interface is now determined at run-time in the + policy activation script .fw generated by + fwbuilder. If dynamic interface is used somewhere in the policy or + nat rules, it will be replaced with its actual address by + activation script before configuration is sent to ipf or ipnat for + activation. This run-time substitution is done only if a checkbox + is checked in the "Script options" tab of firewall settings + dialog. Default behavior is to use "any". This is because ipfilter + configuration files -ipf.conf and -nat.conf + that rely on run-time substitution of dynamic interface address + can not be loaded using standard activation scripts that come with + FreeBSD. + + This also fixes another problem in fwb_ipf where it generated rdr + and nat commands with address 0.0.0.0/32 if dynamic interface was + used in a NAT rule. + +2005-03-28 vadim + + * PolicyCompiler_PrintRule.cpp (_printMultiport): fixed bug + #1160186: 'IPTables Compiler - Multiport Issue'. When 16 or 31 + ports were used in a single rule, compiler generated command with + conflicting options "-m multiport --dport" + + * NATCompiler_ipf.cpp (processNext): fixed bug #1173067: "support + for port ranges in NAT rules (ipfilter)" - policy compiler for + ipfilter should split DNAT rules (rdr) that use TCP or UDP objects + with port ranges. A warning is issued if more than 20 rules are + created. + +2005-03-20 + + * utils.cpp (getFileDir): fixed bug #1157976: "patches to make + fwbuilder compile under NetBSD 1.6". Applied patches. + + * newHostDialog.cpp (newHostDialog): fixed bug #1151219: "New Host + creation window is not well dimensioned". Fixed wrong dialog page + layout in the new host wizard. + + * OSConfigurator_linux24.cpp (printPathForAllTools): fixed bug + #1123748: "busybox grep -E". Busybox in floppyfw is compiled + without support for egrep (or grep -E). Switched to using "plain" + grep. + + * InterfaceDialog.cpp (loadFWObject): fixed bug #1151052: "Not + external interfaces marked as external". Dialog for an interface + object that belongs to a host should not show checkbox "external + (insecure) interface" + + * Tools.cpp: API change: fixed bug #1158870: "mutexes are not + properly created on FreeBSD". Mutexes gethostbyname_mutex and + gethostbyaddr_mutex were never created but used on OS where + thread-safe resolver is not available. + +2005-02-17 + + * v2.0.6 released + +2005-02-17 + + * ipt.cpp (main): fixed bug #1123933 "iptables add_addr() expr + binary not found". As it turns out, /usr/bin/ is not in PATH + during boot time on Slackware. I added /usr/bin/ to PATH variable + in generated iptables script. + +2005-02-16 + + * OSConfigurator_linux24.cpp (printPathForAllTools): fixed bug + #1123748 "busybox grep -E". Busybox does not support option "-E" + with grep, however it has "egrep". + +2005-02-12 + + * instDialog.cpp (instDialog): proper localization in the + installer where it displays progress of the installation operation + +2005-02-11 + + * main.cpp (main): Troubleshooting weird case of data file + corruption during install + + * RCS.cpp (RCS): fixed bug #1120904: "GUI hangs when accessing RCS + file". Improved parsing of rlog output. + +2005-02-09 + + * utils.cpp (getUserName): working on bug #1118717: "fwbuilder 206 + on Windows XP SP2: error checking out". Env variable USERNAME was + not set in user's profile, which triggered this bug. Now using + getuid to get user name on Unix and GetUserName on Windows. This + should make the program more resilient for situations when + environment variable LOGNAME or USERNAME is not set + +2005-02-08 + + * ipt.cpp (main): Using getuid to read real user's ID on Unix + +2005-02-07 + + * instDialog.cpp (continueRun): Fix for support request #1118039: + "Error when Windows client calls plink -ssh". The problem is that + putty ignores protocol and port specified in the session file if + command line option -ssh is given. On the other hand, the sign of + session usage is an empty user name, so we can check for that. If + user name is empty, then putty will use current Windows account + name to log in to the firewall and this is unlikely to work + anyway. This seems to be a decent workaround. + + * printerStream.cpp (printQTable): further bugfixes in printing, + in particular fixed a problem with partially greyed-out horizontal + and vertical headers when ruleset was small enough to fit on the + first page. + +2005-02-05 + + * RuleSetView.cpp (selectionChanged): fixed bug #1030538: + "incorrect highlighting when selecting multiple rules". This bug + seems to be specific to Mac OS X + + * printerStream.cpp (printQTable): improvements in printing: + + - if a rule set does not fit on a single page, the program + repeats table header on each page ("Source","Destination","Service" etc) + + - the program does not draw the whole rule set in memory + anymore. Instead, it "scrolls" the table and only draws section + that fits on a single page. This means we can now print really + huge policies that can not be drawn as a whole because they + exceed maximum coordinate value. Tested with a rule set that + consists of 1200 rules which has size of 677x34884 pixels on my + machine. + +2005-02-03 + + * instDialog.cpp (selected): working on bug #1115412: "Problem + installer FWbuilder 2.0.5 for Windows". Switched to command line + option "-l" to specify user name for external ssh in + installer. This was necessary because Van Dyke SecureCRT on + Windows does not support user@host syntax. + + * instDialog.cpp: Installer verbose and quiet modes work as follows: + + - if quiet is off, verbose is off: prints everything that + firewall script prints on stdout and stderr; does not add "-v" + to calls to external ssh utilities + + - if quiet is off, verbose is on: adds "-v" to ssh command line + + - if quiet is on - supresses script output but still prints short + messages to indicate when it copies files to the firewall and when + it executes them + +2005-02-01 + + * ObjectManipulator.cpp (delObj): slightly changed logic with user + warnings in the object removal code. The program asks the user for + confirmation if they remove an ordinary object from a regular + library. Confirmation is not asked if object is removed from + "Deleted objects" library or when a library is being deleted (in + this case we ask a different quastion later anyway). This helps + avoid double warning when a library is deleted. + +2005-01-31 + + * POmakefile.in (POTFILES): Added module FWWindowPrint.cpp to the + list of files processed for localization + + * FWWindowPrint.cpp (filePrint): Added small margin inside table + cells in Legend and Object tables in the printout. + +2005-01-30 + + * PolicyCompiler_ipt.cpp (processNext): fixed bug #1112470: + "Problem with FW part of ANY in Bridged mode". If fw is + considered part of any, we should place rule in INPUT/OUTPUT + chains even if it is a bridging fw since fw itself may send or + receive packets. + + * PolicyCompiler_ipt.cpp (accounting): implemented feature + req. #1112980: "Need unique names for accounting rules". User can + now specify a unique name for rules with action 'Accounting'; this + name will be converted to a chain name. This simplifies accounting + since chain name for such rule won't change if the user adds or + removes rules above or below. + + * PolicyCompiler_ipt.cpp (accounting): fixed bug #1112976: + "Accounting rule with logging produces looped iptables command" + + * FWWindowPrint.cpp (beginPage): implemented Feature + Req. #1112778: "include date and time on printouts". Added date + and time to the header on each printed page. + + * RuleSetView.cpp (paintCell): fixed bug #1112776: "some items + touching seperator lines on printouts". Rule elements "Action", + "Direction", "Options" and "Comment" were placed right at the top + of the table cell which led to their clipping when rule set was + printed on Mac OS X. Need more testing. + + * FWWindowPrint.cpp (filePrint): fixed bug #1112764: "some Objects + are partially obscured in printout". Parts of the "Objects" table + were clipped. Need to test some more. + +2005-01-29 + + * FWBSettings.cpp (init): fixed bug #1112264: "Load last edited + file" setting doesn't work. This was broken only on Mac OS X. + + * FWObjectDatabase.cpp (merge): API change: fixed bug #1105167: + "Crash when importing a library that has been deleted". + +2005-01-27 + + * NATCompiler_pf_writers.cpp (_printPort): not quite fixed bug + #1105755 "Custom Service objects not working for PF + compiler". User tried to generate a nat rule like this using + CustomService object: + + nat on eth1 proto {tcp udp icmp gre} from 192.168.1.0/24 to any -> 22.22.22.22 + + Taken from the bug report: + + it turned out, I can not fix this. You are trying to use Custom + Service object to insert protocol list into a "nat" + rule. Normally, a service object such as TCP or UDP service + generates two components for any rule where it is used: a protocol + specification and port specification + (type/ code spec for ICMP). PF is sensitive to the order of + parameters in the rule, in particular, protocol must be defined + after interface but before src/dst addresses in the rule, while + port numbers go after addresses. Compiler easily retrieves this + information from IP, TCP, UDP and ICMP services and places it in a + proper slots in the rule it generates. CustomService does not + have a notion of protocol and parameters for it, so compiler puts + a string that is configured in the CustomService in the place + reserved for port numbers. This means you can not use + CustomService to specify protocols. + + There still was a bug in fwb_pf where it would print + "custom_service" in place of protocol. This is fixed in 2.0.6 + build 542. Protocols can not be inserted with Custom Service + though. + + Feature request #1111267 "CustomService should specify protocol + and parameters for it" has been opened + + + * PolicyCompiler_ipt.cpp (processNext): fixed bug #1102629: "lost + chain in accounting rules". Rules with multiple objects in one of + the rule elements and action 'Accounting' generated code that + ignored objects in that rule element + + * ObjectManipulator.cpp (newPhysicalAddress): fixed bug #1111244 + "GUI allows to add more than one MAC address to an + interface". There can only be one MAC address for each interface. + + * FWWindowPrint.cpp (printQTable): While printing rule sets, the + program makes sure rule set tables are broken on the rule + boundaries while switching to a new page. + + * Added "Page setup" dialog to set parameters such as printing + header, printing of a legend and object lists etc. + + * fixed bug #1109174: "Cannot print rule base" - implemented + printing + +2005-01-25 + + * instDialog.cpp (selected): fixed bug #1109631: "can not copy + firewall script to /etc on Linksys". Added an option ot all OS + resource files that determines whether user is allowed to change + installation directory on the firewall. Currently it is allowed on + all supported OS except Linksys/Sveasoft because there /etc/ + resides on read-only filesystem + +2005-01-24 + + * PolicyCompiler_ipt.cpp (processNext): fixed bug #1101910: "Samba + problem with Bridged Firewall". Need to split rule to take care of + broadcasts forwarded by the bridge and broadcasts that are + accepted by the firewall itself. Need to do this only if the rule + is not associated with any bridging interface. + + * PolicyCompiler_PrintRule.cpp (_printOptionalGlobalRules): fixed + bug #1106701: 'backup ssh access' and statefulness + interation. Need to add rules matching states ESTABLISHED and + RELATED for the backup ssh access to make sure it works even if + global rule matching these states is disabled. + + * configure.in: fixed bug #1107838: "bug in configure script in + fwbuilder 2.0.6". Need to specify path "./" when calling + runqmake.sh + + * FWWindowPrint.cpp (filePrint): printing legend and a list of + objects at the bottom of a printed document. + + * Compiler_ops.cpp (operator==): API change: fixed bug #1108861: + "two rules using MAC address matching shadow each other". Need to + check for MAC addresses while processing rules for shadowing. + + +2005-01-21 + + * FWWindowPrint.cpp (filePrint): Implemented printing of firewall + rule sets. Using standard QT class QPrinter; can print to a system + printers or to a file (PostScript), both in black and white or a + color where available. Prints policies of the currently opened + firewall. The program can calculate total number of pages and + offer the user a choice in the Print dialog only if QT v3.2 and + later is used. Each printed page has a header with the file name, + RCS revision and a page number. Currently, the header can not be + turned off (will implement in the future). + +2005-01-07 + + * v2.0.5 released + +2005-01-06 + + * RCS.cpp (isDiff): writing RCS log in UTF-8, this simplified + localization + +2005-01-02 + + * RCS.cpp (RCS): working on localization of RCS log entries. Build + 516 converts log strings into 8bit string into locale-specific + format on Unix before sending it to ci. Strings returned by rlog + are converted from locale-specific format. No conversion is done + on Windows and Mac OS X. + + * objects_init.xml.in: fixed bug (no num) that caused GUI crash + when user created new firewall object using template with three + interfaces. + +2004-12-30 + + * PolicyCompiler_ipfw_writers.cpp (processNext): fixed bug + #1093620: "path (to ipfw) with spaces fails". Generated script + failed if path to ipfw contained space. I only worked around this + problem for ipfw; paths to sysctl and logger must be standard and + never contain spaces. + + * PolicyCompiler_ipfw.cpp (processNext): fixed bug #1093472: "ipfw + port range(s) errors". There can only be one port range in a + single ipfw rule. + + * PolicyCompiler_ipfw_writers.cpp (_printProtocol): fixed bug + #1093461: "problem with 'established' in ipfw". Ipfw requires + protocol to be set to 'tcp' if option 'established' is used in a + rule. + +2004-12-29 + + * RCS.cpp (RCS): fixed bug #1092810: "Multiline RCS comments are + shown as a single line on windows". As it turned out, this bug + affected all platforms. + + * RCS.cpp (ci): an attempt to fix a bug that does not allow to + enter RCS comment using non-english locale. + +2004-12-28 + + * PolicyCompiler_ipt.cpp (getInterfaceVarName): fixed bug + #1059393: "function getaddr failed for eth1.0020". Generated + script can now work with interfaces that have a dot in their name + (such as "eth1.0020" - vlan interface) + + * PolicyCompiler_PrintRule.cpp (_printOptionalGlobalRules): fixed + bug #1092141: "irritating FORWARD rule for established + connections". Need rule in FORWARD chain only if ip forwarding is + on or set to "no change" + +2004-12-22 + + * Compiler.cpp (createRuleLabel): API change: fixed bug #1068119: + "additional whitespace for Rule comments in .fw file". Added extra + space between rule number and interface spec in rule comments. + + * PolicyCompiler_ipfw.cpp (processNext): fixed bug #1089866: + "multiple services in one rule confuses ipfw compiler". If several + UDP or TCP objects were used in the same policy rule and these + service objects had source port ranges defined, the compiler would + produce incorrect code by combining source port range + specifications together in the same ipfw command. + + * main.cpp (main): Pull-down menu "On startup" in the "General" + tab of the preferences dialog now has three items: "Load standard + objects", "Load last edited file" and "Ask user what to do". The + last item is default. + + * PolicyCompiler_PrintRule.cpp (_printProtocol): fixed bug + #1089586: "default --icmp-type value is 0 in iptables < + 1.2.9". The problem concerns policy rules using service object + "any ICMP". A rule like this is supposed to match any ICMP + packet. Few versions ago I had to add option "-m icmp" (and "-m + udp", "-m tcp") because I've discovered that iptables-restore on + some systems (linksys sveasoft firmware, iptables v1.2.11) refused + to load rules without it. Now it turns out that iptables v < 1.2.9 + (tested on 1.2.6a and 1.2.7a) implicitly adds equivalent of + "--icmp-type 0" to rules with "-p icmp -m icmp" and without + "--icmp-type" option. Since type 0 is actually icmp echo reply, a + rule like this does not match "any ICMP" as it was supposed to + do. Iptables 1.2.9 implicitly adds "--icmp-type 255" which matches + any icmp type. Using "--icmp-type 255" on iptables 1.2.6 and 1.2.7 + does not work (a rule does not match icmp packets with type + different from 255). The fix generates "-p icmp -m icmp + --icmp-type any" for iptables 1.2.9 and later, as well as when + iptables version is not specified in the firewall object settings. + It generates just "-p icmp" for versions < 1.2.9. + +2004-12-19 + + * ObjectManipulator.cpp (newInterfaceAddress): GUI change: main + menu item "Object/New Object/Address" and corresponding toolbar + button always creates an Address object under Objects/Addresses + folder in the tree. Address of an interface can be created using + pop-up menu item "Add IP Address" + +2004-12-16 + + * Bunch of cosmetic bugfixes in the GUI + + * PrefsDialog.cpp (setButtonColor): implemented feature request: + colors that are used to color rules can be changed in Preferences + dialog. + +2004-12-13 + + * FWWindow.cpp (fileOpen): when user clicks menu item "File/Open" + to open a new file, the GUI should save and close currently opened + file only after the user chooses new file. If user clicks Cancel + in the File/Open dialog, operation should be cancelled so the user + can continue working with currently opened file. The same applies + to operation File/New. + +2004-12-12 + + * po.pro: fixed bug (no num): localization was broken on win32 and + mac os x because translation files were not installed properly. + + * ObjectManipulator.cpp (pasteTo): improved behavior of the main + menu "Edit" as well as pop-up menu that appears when user right + mouse clicks on an object in the tree. Menu item "Paste" should + only be enabled if the clipboard is not empty and objects that are + stored in it can be pasted into selected object in the tree. + +2004-12-10 + + * RCSFilePreview.cpp (selectedRevision): fixed bug (localization): + RCS log entries made using non-ascii characters used to appear as + '???' in Open File and File/Properties dialogs. + + * ObjectEditor.cpp (validateAndClose): more bugfixes for the + behavior of the object editor dialogs. Dialog should ask if user + wants to save data and then validate it when user clicks on [x] to + close editor dialog. It used to validate the data first, then ask + if they want to close dialog. + +2004-12-09 + + * FWWindow.cpp (load): when user opens data file in the old format + (fwbuilder v1.1.x, extension .xml) and after autoupgrade the + program discovers that the same file with extension .fwb already + exists, it offers the user a chance to choose different name. If + user clicks "Cancel" at this point, the program cancel operation + and reverts upgraded data file back to its original name and + version. + + * listOfLibraries.cpp (add): fixed bug (internal #34) the program + should issue a warning when user tries to add a library file + (.fwl) that contains object library that already exists in the + opened data file. + + * ObjectEditor.cpp (validate): Streamlined logic in the object + editor dialog. This improves handling of the situation when user + closes dialog by clicking on [x] while 1) there are unsaved data + and/or 2) some of the object's parameters have illegal values. The + dialog behavior also depends on the setting of the global flag + "Autosave" that causes dialog to automatically save data when user + switches between objects. + +2004-12-08 + + * listOfLibraries.cpp (add): numerous fixes for localization + +2004-12-05 + + * ObjectManipulator.h: numerous bugfixes: + + - properly synchronizing state of the items main menu with state + of corresponding items in the pop-up menu that appears when user + right-mouse-clicks on an object in the tree + + - fixes for non-localized text strings in dialogs (mostly + "Continue", "Yes"/"No" etc. in many places) + + - proper localization of the human-readable version number text + for iptables; also made info window print readable text instead of + "lt_1.2.6" + + - cosmetic changes in some dialogs layout to make the look better + when localized text makes strings much longer + + - firewall object dialog tab "Templates" has been hidden. It is + unlikely that this feature will be implemented in 2.0.X series. + +2004-12-04 + + * listOfLibraries.cpp (add): fixed bug (no num): the GUI crashed + when user tried to add a library file for auto-load in + Preferences/Libraries and the first library object in that file + had a name using non-ascii characters + + * Bunch of other fixes to avoid '????' in various places for + localized strings + +2004-12-04 + + version 2.0.4 released + +2004-12-02 + + * utils.cpp (fillLibraries): fixed bug (no num): if a library was + assigned a name with non-ascii characters, it would appear + distorted in the pull-down list in object dialogs. + + * fixed bug #1077496 ] Error compiling libfwbuilder in FreeBSD: + The problem was caused by changed major version number of libnetsnmp library + in the latest net-snmp port (v5.2) + +2004-12-01 + + * FWWindow.cpp (openFirewall): fixed bug #1077072: "CrossPlatform + Firewall Builder Crash" - pressing arrow down key on the keyboard + right after the GUI started with no firewall objects defined + caused crash. + +2004-11-30 + + * po/ru.qm: Updated Russian translation + +2004-11-25 + + * PolicyCompiler_ipt.cpp (splitIfSrcNegAndFw::processNext): fixed + bug #1073491: incorrect code for rules using two interfaces with + negation. If a rule had two (or more) interfaces of the firewall + in the destination, with negation, the code generated by compiler + would check one interface's address in INPUT chain and another in + FORWARD chain. It should check addresses of all interfaces from + the corresponding rule element in the INPUT chain and also check + addresses and possibly services from other rule elements in the + FORWARD chain. This bug affected rules with two or more interfaces + both in source and destination. + + * po/LINGUAS: translators maintain Russian localization using QT + linguist rather than gettext, removed ru locale from gettext + Makefiles but left it in po.pro for installation + + * fwblookup.cpp: a fix to make it compile on FreeBSD w/o gnugetopt + port + + * utils.cpp (addPopupMenuItem): minor fix to help localization + ('add object' and operation on rules pull-down menus did not + translate properly) + +2004-11-23 + + * instDialog.cpp (continueRun): built-in installer checks exit + status of the script it runs on the firewall and aborts + installation sequence if it detects an error. OS resource files + have been updated accordingly so they return exit status '1' in + case of error and '0' when they succeed. + + * Compiler_ops.cpp (checkForShadowing): API change: still working + on the IPService object shadowing changes. ip fragments object was + shadowing GRE object, which was incorrect. Hopefully this change + finally fixes it. + +2004-11-21 + + * OSConfigurator_linux24.cpp (printPathForAllTools): fixed bug (no + number): policy compiler for iptables used "tail -1" in the shell + script that read actual IP addresses of interfaces of the + firewall. This shell code failed to determine correct address of + an interface that was configured with a secondary + address. Reverted to using grep (I switched to tail when ran into + limitations of one of the beta builds of Sveasoft Linksys firmware + that did not have grep) + +2004-11-18 + + * NATCompiler_ipt.cpp (processNext): fixed bug #1068936: + "unnumbered interace not using MASQUERADE". Comiler for iptables + will use target "MASQUERADE" if unnumbered interface is used in + Translated Source in a NAT rule. + + * utils.cpp (fillLibraries): fixed bug (no num): group object + dialog showed incorrect library name for groups located in the + "Standard" library + +2004-11-17 + + * listOfLibraries.cpp (add): fixed bug (no number): GUI could not + find names of the object libraries in external library files that + user added for automatic load in the Preferences dialog on + Windows. It would find the name of the library in the first file, + but failed to find library names in subsequent files and used the + name from the first file. Since this library was only present in + the first file, object tree was getting corrupted when the program + attempted to load this library from every file configured for + automatic pre-load. This only happened on Windows. + + * dns.cpp (init): API change: fixed bug (no number): program + crashed on FreeBSD 5.3 when using SNMP to obtain parameters for + hosts and interfaces. Crash occurred because of use of + uninitialized mutex variables in module dns.cpp + +2004-11-16 + + * main.cpp (main): improved error handling: if the GUI is started + with a file on the command line or is configured to open a file + automatically on startup and RCS can not check the file out, the + GUI will come up empty (with only standard objects loaded). + + * po/ja.po: Added Japanese translation by Tadashi Jokagi + + + * DialogFactory.cpp (createFWDialog): added XML element + FWBuilderResources/Target/dialog to platform and host OS resource + files. This element describes GUI dialog that should be opened for + the firewall object for a given firewall platform or host OS. This + is to be used with customized resource files, e.g. when user wants + to add their own host OS resource file to change commands used to + load and activate policy on the firewall. Such customized resource + file will have unique "description" element (the value of this + element appears in the pull-down menu in firewall object dialog) + and the same values for "family" and "dialog" elements to indicate + which firewall family it belongs to and which dialog should be + used. Policy compilers consult "family" element to check if the + firewall platform is supported by the compiler. + + * GroupObjectDialog.cpp (addIcon): fixed bug (no number): group + object dialog corrupted object names if they contained non-ascii + characters. + +2004-11-13 + + * pixAdvancedDialog.cpp (pixAdvancedDialog): Removed "always new" + mode for access lists and object groups for PIX + configurations. This mode works well when user installs new + configuration but causes problems if they want to reinstall the + same configuration. + + Also converted old option "pix_add_clear_statements" to one of the + confgiuration script modes. So, final list of script modes for PIX + is as follows: + + - basic or old format when access lists are cleared and added + from scratch. This is the simplest mode which can be used if + management station connects to the firewall from inside. Remote + management over IPSEC tunnel may be difficult since tunnel + traffic is blocked as soon as "clear access-list" command is + executed. + + - access-list and object-group commands are generated but "clear + access-list" and "clear object-groups" commands are not + added. User's installation scripts should take care of that. This + option replaces old option pix_add_clear_statements (with + opposite semantics) + + - temporary access list is created and added to outside + interface, then main lists and object groups are added with + permanent names and assigned to interfaces. Temporary list + permits all traffic from a single subnet configured in the GUI + via option pix_acl_temp_addr. Temporary list is small and is not + cleared in the end. Temporary list helps maintain IPSEC tunnel + for the time when access-lists are cleared and firewall is + running with default acl that does implict deny for all traffic. + + +2004-11-12 + + * pf.cpp (main): fixed bug (no number): pfctl expects "-F Sources" + and "-F Tables" command line options with "Sources" and "Tables" + capitalized. + + * FWObjectDatabase.cpp (merge): API change: changes in the object + database merge algorithm: when an object database we are trying to + merge has non-empty "Deleted objects" library, deleted objects + from this library should be ignored (they used to be deleted from + the current tree). Likewise, when current tree has non-empty + "Deleted objects" library and objects in it match objects being + merged in, objects should be removed from "Deleted objects" + library to avoid creating duplicate IDs with objects being merged + in. + + +2004-11-10 + + * Compiler_ops.cpp (checkForShadowing): API change: fixed bug (no + number): rule shadowing algorithm now assumes that IPService + object with protocol number '0' shadows any other service just + like 'any' does. + + * PolicyCompiler_ipt_optimizer.cpp (optimizeForRuleElement): fixed + bug #1063953: "Wrong accept/multiport rule generated". Compiler + generated wrong code for rules using multiple service objects of + different types (TCP and UDP, or TCP and ICMP etc), multiple + addresses in src or dst with option that requires using TCP RST + for action REJECT. + +2004-11-07 + + * SSHPIX.cpp (getACLs): New feature: added support for new + configuration script formats for PIX in installer: + + - basic or old format when access lists are cleared and added + from scratch + + - access lists have unique names each time policy is recompiled, + lists are added without clearing. + + - access lists are added with temporary names and assigned to + interfaces, then the same lists are added with permanent names, + lists are swapped and temporary lists cleared + + Last two methods provide for instantaneous access list swap so + that the firewall never runs with empty lists. This helps maintain + access to the firewall if configuration is installed remotely. + + + * SSHPIX.cpp: New feature: Installer always clears unused access + lists after confgiuration is loaded. + + +2004-11-06 + + * fwcompiler/Compiler.cpp (complexMatch): fixed bug #1055937: + "Any->all_multicasts not in INPUT Chain". Need to check if network + objects are multicasts; assume that multicast always matches + firewall object (e.g fwb_ipt will put rule with such network + object in destination in INPUT chain) + + + * instDialog.cpp (instDialog): Added an option to push PIX + configuration to a standby firewall at the end of install. + +2004-11-01 + + * NATCompiler_PrintRule.cpp (_printDstService): fixed bug (no + number) where compiler for iptables used option + "--destination-port" with module "multiport" for versions of + iptables that do not understand it (1.2.6 and later, as well as + default version setting 'any'). The option should be + "--destination-ports" or "--dports". + +2004-10-31 + + * FWBSettings.cpp (init): fixed bug (no number): Policy installer + failed if the following conditions were met: + - it was running on Linux, FreeBSD or Mac OS X + - working directory configured in the "General" tab of the + Preferences dialog did not exist and could not be created or its + permissions did not allow user that runs the GUI to access it + + * NATCompiler_ipt.cpp (processNext): fixed bug (no number) in + fwb_ipt that caused no-nat rules with firewall in OSrc to be + placed only in OUTPUT chain. Packets originating on the firewall + go into OUTPUT and POSTROUTING chains, so no-nat rules must be + placed in both. Other minor improvements for NAT of the locally + originated connections have been done as well. + +2004-10-30 + + * NATCompiler_PrintRuleIptRst.cpp (_endRuleLine): fixed bug (no + number): compiler placed extra quote '"' at the end of each NAT + command in the script using iptables-restore; this happened + only if all interfaces of the firewall had static addresses. + + * PolicyCompiler_PrintRule.cpp (_printProtocol): testing policy + installation via iptables-restore with old versions of iptables + (1.2.6a). Need to include "-m tcp", "-m udp" or "-m icmp", + otherwise iptables-restore does not understand options "--dport", + "--tcp-flags" and some others. Also had to use "--tcp-flags + SYN,RST,ACK SYN" instea dof "--syn" for better backwards + compatibility. + +2004-10-26 + + * ipt.cpp (main): iptables: Added ability to instert shell + commands defined in the prolog script in three places: + + - on the top of generated script + + - after interface configuration but before resetting existing + iptables policy + + - after existing policy rules are flushed and optional global + implied rules added but before all policy and NAT rules + +2004-10-24 + + * PolicyCompiler_PrintRuleIptRst.cpp (_createChain): implemented + Feature Request #1021201: "output iptables-restore compatible + config from fwb_ipt". Policy compiler for iptables can use + iptables-restore to activate firewall policy. Iptables-restore + provides for atomic policy load and allows to load large policy + much faster. Atomic load means the whole filter or nat table is + activated at once, and if there is an error, nothing is + changed. Compiler generates script in three possible formats: + + - the ususal shell script that adds rules one at a time by + executing iptables command with an "-A" flag to add a rule; + + - commands are fed to iptables-restore, this format is used when + all interfaces of the firewall have static IP addresses and + script does not need to determine addresses at run time; + + - script determines IP addresses of interfaces and discovers + dynamic interfaces that were defined as a "wildcard" interface + in fwbuilder (e.g. 'ppp*'); code that is sent to + iptables-restore is generated dynamically by the script at run + time. + + Using iptables-restore is optional and is controlled by + the checkbutton in the "Script options" tab of firewall settings + dialog. Path to iptables-restore utility can be set in the "Paths" + tab of the host settings dialog. + + * A change in the script generated by fwb_ipt: if iptables-restore + is not used to load policy, generated shell script purges existing + firewall policy (all tables and chains) and sets default chain + policies after it configures interfaces of the firewall. + Previously, it would flush tables and set default policy before it + configured interfaces. + +2004-10-23 + + * RuleSetView.cpp (pasteRuleAbove): fixed bug #1028866: "incorrect + order when several rules copied using copy/paste". Pasting + multiple rules into an empty policy caused rules to be inserted in + the wrong order. + + * freebsdAdvancedDialog.cpp (freebsdAdvancedDialog): fixed bug + #1046345: "ipfw - no option to specify ipfw executable". Added GUI + control to let user specify alternative path to "ipfw" on + FreeBSD. Control like that was previously available only for Mac + OS X + + * PolicyCompiler_ipt.cpp (checkForMatchingBroadcastAndMulticast), + Compiler.cpp (_complexMatchWithInterface): fixed bug #1040773: + need to match network address as well as broadcast. Packets sent + to the network address (192.168.1.0 for net 192.168.1.0/24) go in + the broadcast frame and behave just like IP broadcast packets + (sent to 192.168.1.1255 for the same net) + + * PolicyCompiler_ipt.cpp (finalizeChain::processNext): fixed bug + #1040599: "unnecessary FORWARD rules". If ip forwarding is turned + off in the host settings dialog of the linux-based firewall, + compiler should not generate rules in FORWARD chain. + +2004-10-20 + + * linux24.xml.in: Added element "Target/family" to all OS resource + XML files. Compilers use "family" resource element to determine if + host OS is supported. User may want to copy host OS resource file + to modify installer scriptlets; as long as the family element is + kept the same, compiler will accept new resource file. + + * linksys.xml.in: Added elements + "Target/options/suppress_comments" and + "Target/options/suppress_modules" to the OS resource files + linksys.xml and linux24.xml. These options suppress printing + comments in the generated script and remove commands that load + kernel modules. These options are used for Linksys/Sveasoft + appliance but can also be used for other firewalls based on Linux. + +2004-10-19 + + * pf.cpp (main): Activation script for PF flushes only information + about rules, nat, source and tables (it used to flush "all"). This + preserves queue entries and states. + + * ipt.cpp (main): moved rule permitting backup ssh access from the + management station to the firewall to the top of the script. This + helps maintain ssh session, otherwise it may stall or break + because stdout buffer is filled with diagnostic or progress output + from the script that is printed after all chains are flushed but + before rule permitting ssh to the firewall is added. If stdout + buffer is full, ssh stops and tries to send the text to the + management station but times out because firewall blocks it. + + * ipt.cpp: removed code that added iptables command to the "drop" + table to drop and log all dropped packets. This rule used + obsoleted patch-o-matic patch "drop" which is not available + anymore. + +2004-10-17 + + * ipt.cpp (main): fixed bug (no number): all policy compilers + properly detect an error when the output file can not be created + or overwritten and print error message to warn the user. + + * New feature: added support for prolog and epilog scripts for all + firewall platforms. This was available for PIX for some time, now + it has been added for all platforms. "Prolog/Epilog" tab of the + firewall settings dialog allows for editing of two blocks of + commands that will be added to the generated firewall script + verbatim. Prolog block is added on top, while epilog block is + added at the bottom. Both prolog and epilog are expected to be + shell scripts and are added to the generated shell script that + activates firewall. For iptables and ipfw all compiler generates + is this shell script and prolog and epilog commands are inserted + into it. These commands may execute some actions, as well as add + any policy or nat commands. For ipf and pf prolog and epilog + commands are added to the activation shell script ( .fw file); + prolog is added immediately after the command that flushes all + rules. This way user may either execute shell commands or add + policy and/or nat rules by loading them from external file. + +2004-10-10 + + * FWWindow.cpp (addFirewallToList): fixed bug (no number) + introduced in 2.0.3 when GUI crashed if user tried to choose + pull-down menu item in the firewall list after the very first + firewall object has been created. + + * SSHPIX.cpp: Added #include to make code compile with + gcc 3.4.2 and glibc 2.3.3 + + * ipt.cpp (main): fixed bug #1040788: fwb_ipt and user + name. Compiler used to read environment variable "USER" to find + out user's name. Sometimes this variable is not set, which caused + compiler to abort. Using env variable LOGNAME in addition to USER. + +2004-09-30 + + * v2.0.3 released + +2004-09-28 + + * instDialog.cpp (instDialog): since config diff is broken for pix + v6.3(3) (because it does not permit adding duplicate ACL entries), + "save diff to file" option is temporary disabled. "Incremental" + install renamed to "install only ACL,icmp,telnet,ssh,nat,global + and static commands" + +2004-09-27 + + * OSConfigurator_linux24.cpp (printPathForAllTools): script + generated by compiler for iptables checks if /usr/sbin/ip exists + on the firewall before it tries to use it to verify interfaces and + configure IP addresses. This check is only performed if user + activated options that use this tool. An error message "Interface + eth0 does not exist" was generated if package iproute2 was not + installed on the firewall, which was confusing. + + * FWWindow.cpp (doCompile): Added option "output file name" to + firewall settings dialogs for all platforms. User can specify the + name for the output file; this name is then used by built in + installer in place of a macro %FWSCRIPT%. + + * ipt.cpp (main): Added command line option "-o" for all compilers + + * FWWindow.cpp (save): fixed bug #1035800: "Autosave failure opens + error window repeatedly". This bug was in fact fixed earlier. + +2004-09-26 + + * FWWindow.cpp (fileSaveAs): fixed bug #1035130: 'Persistent + "Save" dialog box'. Certain combination of actions on user's part + used to lead to an indefinite loop of "do you want to save the + data" dialogs. The problem was triggered if user skipped choosing + a name for the new file in startup dialog. + + * linux24.xml.in: fixed bug #1035132: "compile errors with default + Linksys firewall object". This bug has been introduced in build + 435. When user created a new firewall object using one of the + template objects, the GUI would add bunch of garbage to the + firewall options. This garbage violated XML DTD, so compilers and + the GUI would not accept the data file anymore. + +2004-09-25 + + * ipt.cpp (main): using "set -x" to turn debugging on in generated + iptables script. This will work even if the script is activated + with "sh script.fw" command. + + * OSConfigurator_linux24.cpp (generateCodeForProtocolHandlers): + changed commmand line for sed to more portable version. We used to + use 'stmt; stmt' syntax, which is not always portable. Switched to + a supposedly more portable syntax using multiple "-e" command line + options. + +2004-09-23 + + * instDialog.cpp (getActivationCmd): fixed bug (no number): as of + build #430, installer ignored activation command configured in the + "install" tab of firewall settings dialog. Restored this + functionality. + + * OSConfigurator_linux24.cpp (printPathForAllTools): just like + with "tail -1", some busybox based systems require "head -1" to be + changed to "head -n1" + +2004-09-22 + + * instDialog.cpp (testRunRequested): fixed bugs in installer that + prevented it from working on OpenBSD. Enabled shceduled reboot for + all OS except PIX. + +2004-09-21 + + * instDialog.cpp (testRunRequested): "schedule reboot" option is + only enabled for linksys since it does not work on other platforms + (yet) + + * FWWindow.cpp (openFirewall): implemented Feature Request + #1032126: "Firewall label for clarity". Printing the name of the + firewall object that is opened in the policy panel in a large font + right above interface/policy tabs. This was easy to implement but + I consider it an experiment. Will request feedback from users. + + * SSHSession.cpp (startSession): refactored code in built-in + installer. Moved interaction with ssh to classes SSHSession, + SSHUnx and SSHPIX. Moved "scriptlets" that are executed on + firewall to activate policy in different modes to resource + files. Using ssh rather than scp to copy policy script to + unix-based firewalls (pscp.exe on Windows works only if the server + supports sftp, but dropbear on Linksys does not support it so + installer breaks if we use scp/pscp.exe to copy the policy). + Still having problems with scheduled reboot option on Linux/BSD + firewalls (it works on Linksys though). + + * OSConfigurator_linux24.cpp (printPathForAllTools): bugfix: some + editions of busybox do not support "tail -1" syntax and require + "tail -n1" + +2004-09-19 + + * instDialog.cpp (getActivationCmd): Improvement in the built-in + installer: added an option to schedule automatic firewall reboot + in specified time (in minutes) after policy activation. This + option is available for all firewall platforms but PIX. This + option only works if user requested policy activation in a test + mode, in which case policy is copied and activated on the firewall + but not stored in the permanent location. After reboot the + firewall reverts to the previous version of the policy. To cancel + scheduled reboot, run installer again with "test run" option + turned off. Installer stores the policy in the permanent location, + activates it and cancels scheduled reboot. + + * src/res/os/linux24.xml.in and other: moved all commands used by + built-in installer to resource files. + +2004-09-18 + + * NATCompiler_pf.cpp (processNext): NAT rule of type DNAT (rdr + rule) is assigned to an interface of the firewall if interface + object or its address object is used in ODst. To get rdr rule + without interface assignment, use an Address or a Host object that + has the same IP address as that of firewall's interface but that + is not a child of an interface. This is the same approach that is + used in iptables. + + * PolicyCompiler_pf.cpp (compile): Compiler for pf always uses + tables; this breaks compatibility with older OpenBSD systems (3.2 + and 3.3) + + * PolicyCompiler_pf.cpp (findDynamicInterfaces): Compiler for pf + puts interface name in a table even if interface is dynamic for + rules that use multiple objects in src or dst and one of these + objects is dynamic interface of the firewall that is being + processed. Using dynamic interface of another object in a rule is + still considered an error. Compiler puts the name of dynamic + interface in a table verbatim, without brackets '(' ')' since pf + does not replace dynamic interface with its address dynamically if + it is used in a table (pfctl issues an error if interface is put + in brackets) + +2004-09-17 + + * OSConfigurator_linux24.cpp (configureInterfaces): flushing only + secondary ip addresses on interfaces. This should fix a bug that + caused linksys/sveasoft unit to lose default route upon reboot if + external interface has static IP address. + +2004-09-15 + + * PolicyCompiler_pf.cpp (addDefaultPolicyRule): fixed bug + #1028980: "need an option to turn logging on on fallback rule" + + * PolicyCompiler_pf_writers.cpp (processNext): fixed bug #1028973: + fwb_pf: missing "flags S/SA" in front of "modulate state" + + * pfAdvancedDialog.cpp (pfAdvancedDialog): added an option to + permit tcp sessions opened prior to firewall restart. This is + needed now since compiler generates "flags S/SA" for the "keep + state" and "modulate state" rules which means firewall won't + permit TCP sessions unless it saw opening SYN packet. + + * instDialog.cpp (getActivationCmd): improvements in policy + installer: added an option for test run. When this option is + activated, policy script is pushed to the firewall and is executed + but is not stored there permanently. Firewall reverts to the last + working configuration after reboot. + + * NATCompiler_ipt_writers.cpp (processNext): using abbreviated + versions of "--dport", "--sport", "--dports", "--sports" options + to make generated iptables script smaller. Also changed the name + of the variables used to hold IP address of dynamic interface from + "interface_" to "i_". All this should help to fit + larger policies into small FLASH on linksys. These changes shrunk + my test script from 7964 bytes to 7430 bytes + +2004-09-14 + + * platforms.cpp (isDefaultOptions): fixed bug #1028078: + "options.png is not displayed for "Assume firewall is part..." + + * pfAdvancedDialog.cpp (pfAdvancedDialog): fixed bug (no num): + "firewall settings" dialog for OpenBSD pf did not save option "Use + tables". + + * instDialog.cpp (getActivationCmd): implemented compression of + the firewall script for Linksys/Sveasoft combo. Using gzip and + uuencode/uudecode to compress the script and store it in flash + variable 'fwb'. Installer prints flash memory stats after + commiting changes. Installer uses scp to copy firewall script to + the firewall and autogenerated prompt to detect when it logged in; + it does not depend on Linksys shell prompt anymore. + +2004-09-12 + + * PolicyCompiler_ipt.cpp (addPredefinedPolicyRules): implemented + feature request #1023430: "add checkbox for INVALID support in fw + settings". Added two checkboxes to the firewall settings dialog: + one adds a rule to drop INVALID packets and another adds logging + to the rule. + + * FWWindow.cpp (fileSaveAs): fixed bug #1026945: '"Save As" does + not work if current file is in RCS' + + * FWWindow.cpp (removeFirewallFromList): fixed a bug (no number): + after deleting a library firewall objects that belong to it were + not removed from the pull-down list + + * PolicyCompiler_ipt_optimizer.cpp (optimizeForRuleElement): fixed + bug #1026794: multiple SRC ntwks --> "iptables: invalid + argument". Recent changes in optimizer introduced this bug. Rules + with multiple objects in src or dst, TCP service, action Reject + and option "reject with TCP RST" would generate iptables command + that used option "--reject-with tcp-reset" without "-p tcp" + + * PolicyCompiler_pf_writers.cpp (_printDstAddr): fixed bug + #1006906: "Negated network causes pass on network". Compiler for + pf uses native negation syntax that is now available in pf + +2004-09-11 + + * PolicyCompiler_ipt.cpp (TimeNegation): fixed bug #1022216: + "negated time produces incorrect iptables rule". Implemented + negation for the "Time" rule element for iptables + + * PolicyCompiler_ipt.cpp (processNext): fixed bug #1026509: + "incorrect rules generated for dual negation with time". Compiler + generated incorrect iptables commands for rules that had negation + in two or more rule elements, one of which was Time. + +2004-09-09 + + * OSConfigurator_linux24.cpp (prolog): rules that permit packets + associated with ESTABLISHED,RELATED states moved to the beginning + of the script before NAT rules. + + * PolicyCompiler_ipt_writers.cpp: added a checkbox and support in + policy compiler for iptables to generate rules that drop packets + that are associated with no know connection (state "INVALID") + +2004-09-08 + + * Firewall.cpp (duplicate): API change: fixed bug (no number): all + references to the interfaces, as well as their IP and MAC + addresses, in policy and NAT rules should be replaced when + Firewall object is duplicated. Until now only references to the + firewall object itself and to its interfaces were replaced with + references to the newly created copies of object. References to IP + and MAC addresses still pointed at the old objects. + + * FWObjectDatabase.cpp (IDcounter): fixed bug #1022788: "GUI + corrupts XML file after creating a second firewall". Global object + ID counter was getting reset every time new FWObjectDatabase + object was created. This lead to the ID collision if user quickly + created and deleted complex objects (such as Firewall) and used + database merge. This should also fix bug #1022785: "GUI corrupts + XML file after creating a host entry" + + * PolicyCompiler_ipt_optimizer.cpp (processNext): fixed bug + #1024861: "optimizer is broken in fwb_ipt". Used idea and a patch + by Mark Vevers . Fixed compiler fwb_ipt generates + more efficient iptables script for rules with multiple objects in + all rule elements. The script is smaller and eliminates + unnecessary comparisons for packet attributes. Every attribute + (i.e. source address, destination address, protocol and port + numbers) is checked by the script only once. This should help + reduce load on firewalls with lots of complex rules. + + * VERSION: set version to 2.0.3 + +2004-08-31 + + * v2.0.2 released + +2004-08-31 + + * ipt.cpp (main): fixed bug #1019943: "Missing ip addresses in the + rule using interfaces" + + * linksysAdvancedDialog.cpp (linksysAdvancedDialog): fixed bug + #1019691: "040829 nightly build doesn't add paths for linksys" + +2004-08-30 + + * VERSION (VERSION): version 2.0.2, revision 1 + + * aboutdialog_q.ui.h (init): "About" dialog shows registration + status (used only in non-GPL versions) + +2004-08-28 + + * fixed FreeBSD port, now compiles on 5.3BETA + +2004-08-25 + + * RuleOptionsDialog.cpp (loadFWObject): Added support for options + "max", "max-src-nodes" and "max-src-states" in pf. These allow to + limit number of concurrent state table entries ("max"), number of + source addresses that can simultaneously have state table entries + ("max-src-nodes") and number of simultaneous state entries per + source address ("max-src-states") per rule. + + * LibExportDialog.cpp (accept): fixed bug #1015884: "Export more + than one library fails with 0 references". Export library + operation failed if user exported two libraries with groups or + rules in one library referencing objects in the other. + +2004-08-24 + + * pfAdvancedDialog.cpp (pfAdvancedDialog): Implemented support for + all timeout settings in pf: tcp.first,tcp.opening,tcp.established, + tcp.closing,tcp.finwait,tcp.closed,udp.first,udp.single,udp.multiple, + icmp.first,icmp.error,other.first,other.single,other.multiple, including + adaptive timeout scaling options adaptive.start and adaptive.end + + +2004-08-23 + + * FWBTree.cpp (getStandardSlotForObject): fixed bug #1014725: + "adding new ICMP types". If user created service group with the + name "ICMP", the GUI would place new ICMP objects under this group + instead of the standard folder "ICMP". There was the same problem + with other object types, too. + + * ObjectManipulator.cpp (simplifySelection): debugging in + operations "delete object", "move object", "undelete". Making sure + we can delete and undelete libraries, delete and move several + objects at once, group several objects. There were problems if + user selected several host or firewall objects using Shift-Click + (although interface and address objects were not visible to the + user, they were selected and acted upon in delete or move + functions; this lead to unexected results or crashes). + +2004-08-22 + + * templates.xml.in: added template firewall objects for Linksys + firewall and a web server. + + * templates.xml.in: fixed bug #1013957: "incorrect NAT rule in + firewall created from template #3". The problem was caused by + incorrect ip address of interface "dmz" in the template object #3. + + * pixAdvancedDialog.cpp (pixAdvancedDialog): implemented a backup + ssh access rule. The user specifies management station IP in the + firewall settings dialog for PIX and compiler adds a rule on top + of all other rules to permit ssh from this address to the + firewall. + +2004-08-21 + + * OSConfigurator_linux24.cpp (prolog): avoiding grep in the + generated iptables script - Sveasoft Alchemy pre-5.2.3 does not + have grep + + * API change: fixed bug #1012733: "configure --libdir=DIR will be + ignored at installation". Needed to use macro _libdir to specify + target directory for libraries. Used it in configure, qmake.in, + libfwbuilder-config-2 and a .spec file + + * objects_init.xml.in: added new service objects to the Standard + objects library: "xmas scan" (old object renamed "xmas scan - + full"), rsync, distcc, cvspserver, cvsup, afp, whois, bgp, radius + and radius acct, SSDP and UPnP. This fixes bug #1011248: "need two + xmas scan service objects" + + * FWWindow.cpp (fileImport): function File/Import offers a choice + of .fwl, .fwb and "all files" in the open file dialog. This fixes + bug #1013485: "File/Import should allow to import .fwb file" + + * FWWindow.cpp (load): fixed bug #1008956: "Existing .fwb file + gets overwritten if has wrong extension". If the GUI needs to + rename a data file with old extension .xml to .fwb, it checks if a + file with new extension exists and offers user a chance to choose + a different name. It also treats symlinks in a special way: if + user creates a symlink with extension .xml pointing at a file with + extension .fwb, the GUI simply follows the link and works with + .fwb file. This should work with Windows shortcuts, too. + + * instDialog.cpp (instDialog): built-in installer uses shell + prompt string patterns configured in the host OS settings dialog + for linksys. This fixes bug #1013022: "can not install policy + script on linksts Alchemy pre-5.2" + + * linksysAdvancedDialog.cpp (linksysAdvancedDialog): Added host OS + settings dialog for linksys/Sveasoft. Dialog provides entry fields + for paths to iptables, lsmod, modprobe, logger tools and two shell + prompt string patterns, this should help to work around changes in + the shell prompt on Linksys. This fixes bug #1013018: "host OS + settings" dialog is missing for linksys + +2004-08-20 + + * ObjectManipulator.cpp (contextMenu): fixed bug #1009345: "Can + only move one host object at a time between libraries" + + * ObjectManipulator.cpp (deleteObj): fixed bug #1013177: "deleting + multiple hosts causes crash" + + * DTD change: fixed bug #1011617: "deleting physcal address object + leads to the DTD violation" + +2004-08-08 + + * PolicyCompiler_ipt_writers.cpp (_printDstService): fixed bug + #1005148: "MAC matching - space missing". Space was missing + between MAC address and custom service code. + +2004-08-06 + + * listOfLibraries.cpp (add): fixed compile problem on systems + where QT is built without STL support + + * PolicyCompiler_ipt_writers.cpp (_printLimit): fixed bug #1004153 + "limit-burst = 0 is not valid". Iptables does not accept the rule + using "limit-burst" option if it is set to zero. + +2004-08-04 + + * ObjectManipulator.cpp (pasteTo): fixed bug #1003068: "object + copy/paste not always working". IP address object could not be + placed under interface using copy/paste operation. Now ip address + object can be pasted to interface as well as to Objects/Addresses + folder. + + * FWWindow.cpp (fileDiscard): Operation File/Discard closes the + file, discards all the changes that have been made to it and + replaces it with a fresh copy of the head revision from RCS. This + works if user wants to abort file upgrade when they switch to the + new version of fwbuilder. + +2004-08-02 + + * FWObject.cpp (deleteChildren): fixed bug #1001833: "memory leak" + - children objects were not deleted when FWObjectDatabase object + was destroyed. + + * iptAdvancedDialog.cpp (accept): fixed bug #1002388: "Clamp MSS + to MTU" option is missing in 2.0 + +2004-08-01 + + * objects_init.xml.in: there were two TCP Service objects + "linuxconf" in the Standard objects library. Object with ID + id3AED0D6D has been removed. It seems this object has been + duplicated long time ago (at least it was like this in 1.1.2) + + * FWObject.cpp (getPath): fixed bug #1001725: "object with empty + name can not be deleted". the problem was caused by the algorithm + used in FWObject::getPath. If object had had a blank name, the + path returned by this method would end with the name of its parent + without slash. + + * FWWindow.cpp (showFirewalls): fixed bug #1000485: "Firewalls in + the drop-down box not ordered". List of firewalls in the pull-down + that controls policy views is now alphabetically sorted on program + startup. + + * utils.cpp (fillLibraries): fixed bug #1000862: "Creating groups + in Deleted Objects". Library "Deleted objects" should not be + offered as a choice for "group objects" operation. + + * ObjectManipulator.cpp (contextMenu): fixed bug #1001275: "object + duplication fails w/ no action". GUI used to not allow user to + duplicate IP address object. Now any object can be duplicated so + that the copy is placed under the same parent, including IP + address. + + * ICMPServiceDialog.cpp (applyChanges): fixed bug #1001521: "Cant + create ICMP service". ICMP Service dialog did not save icmp code + and type numbers in the object. + +2004-07-29 + + * 2.0 released, CVS tag set + +2004-07-27 + + * FWWindow.cpp (install): the GUI calls external installer script + if it is configured in firewall settings dialog when user clicks + 'Install', otherwise it should use built-in installer. + +2004-07-24 + + * RuleSetView.cpp (insertRule): correctly copying rule direction + when interface rule is copied/pasted + + * instDialog.cpp (selected): proper error messages for management + interface misconfigurations + +2004-07-20 + + * ICMPServiceDialog.cpp (loadFWObject): ICMP service dialog allows + for setting type and code to 'any' (-1) + +2004-07-19 + + * OSConfigurator_linux24.cpp (processFirewallOptions): fixed bug + #992969: "argument to log should be quoted" + +2004-07-14 + + * PolicyCompiler_ipt.cpp (processNext): working on bug #990037: + "Wrong rule generated: fw interface included in negated + group". Rules with negation should not generate code in + INPUT/OUTPUT chains if option "assume firewall is part of any" is + off. + + * ObjectManipulator.cpp (delObj): fixed bug #990675: "Application + crashes when deleting objects" + +2004-07-11 + + * PolicyCompiler_ipt.cpp (splitIfSrcNegAndFw): optimized + processing of policy rules where firewall object is used in src or + dst with negation (possibly in combination with other + objects). Before, generated script would match firewall's + addresses in INPUT/OUTPUT and FORWARD chains which added redundant + checks in the FORWARD chain. + + * NATCompiler_ipt.cpp (processNext): fixed bugs #935794: "dual + translation and negation in fwb_ipt" and #986376: "Wrong result + for negated source in NAT rules". Dual translation rule with + negation in OSrc did not process negation in the second half + (POSTROUTING rule, the one that translates the source). + + * NATCompiler_ipt.cpp (processNext): fixed bug #965558: "False + ruleset generated for iptables (negate w/ nat)". There were + problems with double negations in NAT rules (OSrc and ODst, or + ODst and OSrv, etc). + + * OSConfigurator_linux24.cpp (printPathForAllTools): fixed bug + #988860: "Logging missing when firewall start is aborted". When + iptables script generated by fwb_ipt finds missing interfaces, + it prints error message both on stdout and sends it to the log. + +2004-07-10 + + * FWObject.cpp (_moveToDeletedObjects): now move deleted objects + to the special library with id 'sysid99' rather than delete them + completely. This serves two purposes: + 1. can easily provide for undelete function which is very + useful + 2. can catch a situation when an object has been deleted + fromt he external library but is still used in the data + file + + * FWObjectDatabase.cpp: while merging object trees, checking for + deleted objects. If an object is present in the current tree but + has been deleted in the file being merged in, special form of + conflict resolution dialog is shown. User has only one option - to + delete the object from the file. Typical situation when this + happens is when an object from external library is used in a rule + or group in a data file, then this object is deleted in the + external library. If this external library is preloaded and then + the data file using this object is opened, conflict occurs because + this object is present in the file but is in the "Deleted objects" + in the library. The problem is that the library is read-only, so + if we kept the object (actually, its copy coming from the data + file), the user would not be able to delete it. So, not only + object magically reappeared after it has been deleted from the + library, it appeared in read-only library and can not be deleted + anymore. To avoid this situation we must delete it in the file if + it has been deleted in the library. + + * ObjectManipulator.cpp (delObj): "delete object" function moves + it to "Deleted objects" library. + + * PrefsDialog.cpp (accept): Added checkbox "Show deleted objects" + to the preferences dialog. If this option is on, user has access + to deleted objects via library "Deleted objects". + + * ObjectManipulator.cpp (contextMenu): pull-down menu item "Move" + turns into "Undelete" if an object is in "Deleted objects" + library. This provides for a simple undelete function. + + +2004-07-09 + + * PolicyCompiler_ipt.cpp (processNext): fixed bug #925199: + "compiles wrongly a double negation". Policy compiler for iptables + generated incorrect code for rules where two rule elements used + negation (i.e. both src and dst, or dst and srv, etc.) + + * PolicyCompiler_ipt.cpp (prolog): fixed bug #978854: "false rule + generated for fw object in interface rule". Policy compiler for + iptables generated incorrect code for rules using negated firewall + object in source or destination when global option "assume + firewall is part of any" was turned off. + + * fwb_ipt: implemented Feature Request #913273: make "assume fw is + part of any" a per-rule option + +2004-07-08 + + * FWWindow.cpp (setupAutoSave): Added an option for autosave - if + this option is turned on, the gui periodically saves data to the + file. The autosave interval can be set between 1 minute and 2 + hours. + + * ipt.cpp (main): fixed bug #917422: "compiler misinterprets + interface with addr 0.0.0.0". If an interface has IP address + "0.0.0.0", it is considered an error. + + * added option "strip comments in the script" to the installer + for Linksys and PIX + + * do "nvram uset rc_firewall" before loading fw script on + Linksys + + * added the following to the list of errors for Linksys + /dev/nvram: Cannot allocate memory + + * skip table "mangle" when flushing iptables rules + + +2004-07-07 + + * NATCompiler_ipt_writers.cpp (processNext): fwb_ipt does not + include comments in the script if it is intended for linksys + firewall. Linksys has small nvram and script should be kept small, + otherwise it may not fit in nvram. + + * NATCompiler_pf.cpp (processNext): fixed bug #986518: "PF + redirection always point to loopback address" + +2004-07-06 + + * instDialog4.cpp (stateMachineLinksys): Activating policy on + Linksys/Sveasoft wothout reboot (using command "nvram get + rc_firewall | /bin/sh" instead) + + * OSConfigurator_linux24.cpp (prolog): added an option to firewall + platforms iptables, ipfilter, pf and ipfw that sets up a policy + rule to permit ssh access from one specified IP address to the + firewall regardless of other rules. This is for a backup ssh + access from the management workstation in case of an error in the + policy that locks user out of the firewall. The option (a checkbox + and entry field for the management station address) is located in + the "Compiler" tab of the firewall settings dialog. A command that + permits ssh to the firewall from the given address is added on top + of all other rules. + +2004-07-05 + + * RuleSetView.cpp (dropEvent): fixed bug #985187: "Usability bug: + Copy objects from one rule to another". Dragging an object from + one rule to another with Ctrl down makes a copy. If Ctrl is up, + then the object is moved. + + * instDialog4.cpp (stateMachineLinksys): Added support for Linksys + devices running Sveasoft firmware. Firewall object should be + configured as platform "iptables", host OS "linksys". Policy + installer works both using password and public key authentication. + + * NATCompiler_pf_writers.cpp (processNext): fixed bug #985527: pf + NAT rules miss destination port specification. NAT rules that + translate to "map" missed destination port specification. + + * main.cpp: the gui can now use external wrapper scipts for ssh + and scp all the way (removed all direct references to commands + "ssh" and "scp", use whatever is configured in preferences + everywhere) + +2004-07-04 + + * RuleSetView.cpp (contextMenu): fixed bugs in the rule + selection. The user can select one rule with a simple left-click + on the rule number, or multiple consequtive rules using + shift-left-click. Selecting non-ajacent rules with ctrl-click is + not supported; ctrl-click acts as normal click. Right-click calls + context menu and uses existing selection if click is on one of the + selected rules, or resets it if click is outside of the selection. + +2004-06-29 + + * ObjectTreeView.cpp (dragObject): implemented drag and drop of + multiple objects. User can select and then drag several objects + from the tree to a group or a rule. + + * LibExportDialog.cpp (accept): a change in the export library + algorithm. We now permit exporting several libraries to one file, + but check that all these libraries have only references to each + other and to objects in the Standard lib and have no references to + objects in libraries that are not going to be exported to the same + file. This ensures integrity of this file and helps avoid pulling + objects from other libraries into it. User can edit objects in the + exported libraries by opening this file as usual; the GUI does not + preload libraries configured in Preferences/Libraries when .fwl + file is opened and unlocks all libraries in this file so objects + can be edited. This way user can edit objects and move them + between libraries in the .fwl file. + +2004-06-28 + + * RCS.cpp (RCSEnvFix): fixed a bug (no #) that appeared only on + Windows: the GUI failed to check a file in to RCS if it was + launched by windows explorer via file extension association. + + * platform.cpp: pull-down "versions" is now translatable and says + "1.2.9 or later" for iptables v > 1.2.9 + +2004-06-26 + + * LibExportDialog.cpp: when a library is exported to a file, the + program checks whether any groups or rules in this library use + objects in the othe libraries. Only self-contained libraries can + be exported. + +2004-06-24 + + * PolicyCompiler_ipt.cpp (processNext): fixed bug #979484: + "improper command for rule with servie any and action reject." + For rules like that, and if rule options dialog does not specify + particular way to handle this combination, the compiler splits the + rule; the first iptables command rejects any tcp packet with TCP + RST, while the second rejects everything else with ICMP message. + + * minor bugfixes in the gui + + * incorporated changes suggested by a user to make code compile + with gcc 3.4 + +2004-06-23 + + * LINGUAS: added Vietnamese translation .po file + + * FWBSettings.cpp (init): Option "do not save standard libraries + in the user's data file" is now ON by default. User can still turn + it off though. + + * FWWindow.cpp (save): Usability fixes in methods that work with + libraries: + + - libary files have extension .fwl + + - preloaded libraries are always read-only (flag RO is set when + library file is loaded, regardless of the value this attribute + has in the file) + + - user can open library file using normal File/Open + operation. Read-only flag is cleared when library file is + opened, so it can be edited. File can be added to RCS and saved + using normal File/Save or File/SaveAs operations. + + - When user opens library file for editing, other libraries that + are configured in Preferences/Libraries are not preloaded. + + + +2004-06-22 + + * LibExportDialog.cpp (init): when object library is exported to a + file, the file gets extension .fwl to distinguish it from the + regular data file. The GUI allows to export only one library to a + file. + + * FWWindow.cpp (fileDiscard): added main menu function + "File/discard" which discard all changes that have been done to + the data and saved to the file and checks out clean copy of its + head revision from RCS. This provides for a quick way to roll back + to the latest revision. Older revisions can be checked out from RCS + using list of versions in the right hand panel in open file dialog + (this creates a branch in RCS). + +2004-06-20 + + * IPv4Dialog.cpp (DNSlookup): "DNS Lookup" button in the IP + address dialog runs dns query for the name of the address object + and if that fails, repeats query for the name of the host or + firewall object this address belongs to. If address object is in + the folder "Addresses", it does only one DNS lookup on its name. + +2004-06-18 + + * ObjectManipulator.cpp (ObjectManipulator): disabled ability to + drop objects into groups in the tree. It was confusing and not + really useful. Objects can still be dropped into a group opened in + the editor dialog. + + * ObjectTreeView.cpp (dragObject): enabled dragging of all objects + in the tree. It turns out, QListView will highlight multiple items + in the tree in Extended selection mode when user drags mouse + across items _and_ the first item they started cursor move on is + not drag-enabled. So, to avoid this unexpected highlighting + behavior, need to enable drag of all objects. We then make sure + that system folder can not be dropped anywhere. + +2004-06-16 + + * Compiler_ops.cpp (checkForShadowing): fixed bug #906709: "A + dynamic interface". Dynamic interface used to "shadow" old + broadcast object (0.0.0.0) + + * OSConfigurator_linux24.cpp (configureInterfaces): fixed bug + #912849: "Reorder activation of network interfaces in IPT" - + script generated by the compiler for iptables sets default policy + to DROP, flushes all rules and then reconfigures interfaces of the + firewall (it used to reconfigure intefaces and then flush the rules). + + * IPv4Dialog.cpp (DNSlookup): Button "DNS lookup" in the IP + address editor dialog does DNS lookup on the address object name + if the object is located in the "Addresses" folder, or on the + parent host object name if it belongs to an interface of a host or + a firewall. + + * ObjectManipulator.cpp (moveObject): refactored "move object" + functions and added debug printing. Trying to debug crash reported + by one of the users. + +2004-06-15 + + * ObjectEditor.cpp (hide): checking if screen position for the + dialog is 0,0 and not storing this value. This should help to work + around a weird bug where screen position of dialogs sometimes is + returned as 0,0 when GUI runs in Gnome. + + * Object names and comments are stored in the object file in UTF-8 + format. This allows for names and comments to be entered and + displayed in local languages. Although object names can be + localized, it is recommended to keep firewall names in plain ASCII + because compilers do not support UTF-8 yet. This fixes very old + bug #657156: "Special characters problem". + +2004-06-13 + + * init.cpp (init): the program uses reasonable default for the + directory where user might want to save their data files on each + OS. ( $HOME on Unix, $HOME/Documents on Mac, + $USERPROFILE/Documents in windows) + + * ObjectManipulator.cpp (updateObjName): whenever user changes the + name of a firewall, host or an interface object, the GUI asks + whether they want to also rename all IP and MAC addresses that + belong to that firewall or host. If user agrees to rename them, + the program generates names automatically using scheme + 'host_name:interface_name:ip' and 'host_name:interface_name:mac' + +2004-06-12 + + * newHostDialog.cpp (selected): implemented "new host" + wizard. User can choose to add interfaces manually or can use a + library of predefined host object templates. + +2004-06-10 + + * PolicyCompiler_pf_writers.cpp (_printDstService): fixed a bug + (no number) where fwb_pf would not include code defined by custom + service object in the .conf file + +2004-06-08 + + * ObjectManipulator.cpp (copyObj): implemented multi-object and + multi-rule copy/cut/paste operations + + * ObjectManipulator.cpp (moveObject): implemented "move object" + operation - moves object to another library; operation is accessed + via pull-down menu in the object tree. + +2004-06-06 + + * ObjectManipulator.cpp (groupObjects): added ability to select + multiple objects in the tree. Currently the following operations + are performed on multiple objects: delete, duplicate, group. + + * ObjectManipulator.cpp (groupObjects): operation of grouping of + selected obejcts. User selects several objects in the tree and + choses menu item "group" in the pull-down menu; the GUI brings up + a dialog asking for the new group name and a library it should be + put in. New group is created and all selected objects are + automatically added to it when user hits "Create group" button. + +2004-06-05 + + * pixAdvancedDialog.cpp (accept): added "Installer" tab to the PIX + firewall settings dialog + + * FWBSettings.cpp (getScreenPosition): checking if the window fits + in the screen before restoring its geometry. + + * ObjectListView.cpp (dragObject): setting hot spot in the center + of the object icon for drag and drop. + + * FWObjectPropertiesFactory.cpp (getObjectPropertiesDetailed): + showing group members in tooltips and conflict resolution dialog + + * ObjectEditor.cpp (ObjectEditor): redesigned ObjectEditor + class. All individual object editor classes are now inherited from + QDialog and are top-level windows. Class ObjectEditor is just a + manager that opens and hides appropriate dialog and manages its + size and position on the screen. Geometry is remembered separately + for each dialog for each object type, so we can have group object + editor open wider than, say, IP service object editor. Each object + editor has its optimal size. + + * pfAdvancedDialog.cpp (pfAdvancedDialog): yet another redesign of + PF firewall settings dialog. Using individual checkboxes to + enable/disable each "limit" and "timeout" option + + * ipt.cpp (main): all compilers do not create any files if there + was an error during rule processing (not even empty ones) + +2004-06-04 + + * RuleSetView.cpp : Info window shows properties of an object + selected in rules + + * RuleSetView.cpp (paintCell): added tooltips for objects in the + policy view, using the same detailed properties text that is used + for Info panel. + + * iptAdvancedDialog.cpp (accept): the actual command that + installer should run on the firewall to activate the policy can + now be specified in the "installer" tab of firewall settings + dialog for all platforms. If this input field is left blank, + installer will run firewall script, using sudo if user name used + to authenticate to the firewall is not 'root'. On Windows, + installer also does chmod +x on the file. + + * FWBSettings.cpp (setSSHPath): directory path and a file name for + the secure file transfer and secure shell utilities can be + configured in the Preferences (tab "SSH"). This allows for using + of different SSH packages on Windows, as well as using SSH + installed in a non-standard directory on Unix. + +2004-06-03 + + * ObjectTreeView.cpp (dragObject): standard folders in the tree + can not be dragged into groups or rules and open/close on double + click. Regular objects open editor on doubleclick. + + * ipt.cpp (main): compiler for iptables sets up PATH environment + variable at the beginning of the generated script. This is + particularly useful if policy is compiled on windows or mac for + Linux firewall that runs unknown version of Linux, so we cant be + sure where standard tools such as iptables, lsmod etc are + located. Most systems place them in /sbin, but for example SuSe + places iptables in /usr/sbin. If policy is compiled on one of the + Linux systems, we assume generated script will run on the same + system (which may not be true, btw), but if we compile on Windows, + there is no way to know where these tools are located + beforehand. In this case we need PATH. User can always override + this behavior and specify full path to all tools explicitly. + +2004-06-02 + + * linux24.xml.in: changed "Linux 2.4" to "Linux 2.4/2.6" in all + menu + + * iptAdvancedDialog.cpp (iptAdvancedDialog): removed "log all + dropped packets" option from the firewall settings dialog for + iptables. This option required p-o-m patch that has become + obsoleted and is not included in p-o-m anymore. + + * FWWindow.cpp (install): when user hits "Install", the GUI checks + if objects in the database were modified since policy of a + firewall has been compiled last time. If existing policy file is + older than the database, program offers the user to compile it + before it is installed. There are options to recompile, install + old copy or cancel the operation. + +2004-05-31 + + * RuleSetView.cpp: Added support for operations that act on + multiple rules: setting rule color, moving to a different position + in rule set, disabling/enabling, deleting. User can select + multiple rules by dragging mouse across several rows in the column + that shows rule numbers. Copy/Cut/Paste operations of multiple + rules are not supported yet. + + +2004-05-29 + + * RuleSetView.cpp (dragObject): implemented drag-and-drop of + objects in the rules + + * utils.cpp (setDisabledPalette): all entry fields in the object + editor are disabled if an object is read-only or is located in + read-only library. Object editor is still opened for read-only + objects, but since all fields are disabled, changes are not + allowed. Opening object editor for read-only and standard objects + allows for inspection of their properties. + + * FWWindow.cpp (load): file objects_init.xml does not include + empty "User" library anymore. Instead, this library is created + dynamically using method FWBTree::createNewLibrary when user + creates new data file. This simplified things since 1) "User" + library now has unique random ID in every data file so it can be + safely exported and then imported back without any conflicts; 2) + since its ID is unique, it can be renamed without creating any + conflicts. The library is only created in FWWindow::load() + (i.e. when new data file is created). It is not created when + existing data file is loaded because it is supposed to be + there. Old data files that still have this library with + semi-standard ID will load it as before, but the ID loses its + standard meaning. + +2004-05-23 + + * filePropDialog.cpp (filePropDialog): added "File properties" + main menu item and dialog + + * debugDialog.cpp (debugDialog): added "debug" menu item under "Help" + +2004-05-20 + + * instDialog.cpp : built-in installer works with all supported + firewall platforms: iptables, ipf, pf, ipfw and pix. + + * instDialog.cpp (instDialog): built-in installer reads list of + files that policy compiler generated for a given firewall object + ("manifest") from the .fw file and installs them on the + firewall. One file in the manifest needs to be marked as + executable, installer runs it after all files are copied. + + * all policy compilers: all compilers include a list of files + generated for a given firewall object ("manifest") in .fw file. + +2004-05-18 + + * RuleSetView.cpp (contextMenu): split long context menu that used + to be shown when user clicked right mouse button on an object in a + rule. Now this menu has only actions related to the object, while + actions for the whole rule belong in the context menu shown when + user clicks right mouse button on the rule number. + + * fr.po, ru.po: checked in updated French translation by + Jean-Michel Poure and added some rudimentary Russian + translation. Both translations are done in UTF-8. + +2004-05-15 + + * init.cpp (init): define global var localepath that is + initialized with a path to the directory where translation files + (*.qm) are installed. This path is defined as $respath/locale on + all systems (on Unix this typically is + /usr/share/fwbuilder/locale, while on Windows and Mac it will be a + subdirectory "locale" in the directory where the binary is + installed) + +2004-05-14 + + * ColorLabelMenuItem.cpp (ColorLabelMenuItem): implemented RFE + #725461: "Colors". Added ability to color-code rules in the + policy. User can pick one of the 7 predefined colors (plus none) + in the pop-down menu that appears when they right-mouse-click on + the policy or NAT rule. Custom text can be associated with each + color using a panel in the Preferences dialog, this text appears + as a tool tip when user flies mouse cursor over color buttons in + the pop-down menu. + +2004-05-12 + + * src/gui/ui: QT's ui translator uic creates code in this directory. + This allows me to add generated files to the internationalization + infrastructure (include in the .pot file). also added *.cpp files + in src/gui/ui to cvs so translators can look at them to better understand + context without having full QT development environment. + +2004-05-09 + + * PolicyCompiler_ipt.cpp (processNext): fixed bug #934949: + "duplicate rules". fwb_ipt created duplicate rules for a bridging + firewall if fw object or its interfaces or their addresses were + not in the source or desintaion + +2004-05-04 + + * newFirewallDialog.cpp (accept): "new firewall" wizard can create + a new firewall object using predefined templates from the file + templates.xml (the file is a pat of the package and is installed + in /usr/share/fwbuilder on Linux and in c:\FWBuilder\resources on + Windows). User picks a template and the program creates a + duplicate of the template object in the "User" object library. The + wizard page where user picks template shows a diagram of the + firewall configuration that illustrates its interfaces, their + configuration and addresses. Comment text associated with template + object explains its specific properties and is shown on the page + as well. + +2004-05-02 + + * templates.xml.in : a library of firewall object templates. This + library is a part of the distribution and is installed in + ${prefix}/share/fwbuilder on Linux and BSD and in + C:FWBuilder/resources on windows (the same dir where standard + objects are installed). This library is not loaded by default + though. + + * listOfLibraries.cpp (listOfLibraries): Added a page to the + preferences dialog to manage add-on libraries. The GUI maintains a + list of available add-on libraries and allows user to define which + ones will be automatically loaded when the GUI is started. The + program always adds "standard" and "templates" libraries to the + list, then scans directory $HOME/.fwbuilder/lib/ ( + C:\FWBuilder\lib on windows) and adds all .fwb files found there + to the list. It stores list of libraries in the user's preferences + together with a boolean flag that is set if a library should be + loaded on a start-up. Library added using main menu "Import + Library" is also added to the list so the user can make the + program load it automatically. + +2004-04-29 + + * Makefile.in: Added support for internationalization. Using + gettext 0.14.1. This is the first version where support for QT + lanuage files is available, but it is not available in RedHat or + other Linux distributions yet. Therefore had to copy some m4 macro + colelctions from example to directory 'm4', as well as copied a + Makefile.in and script remove-potcdate.sin to directory 'po'. New + version of xgettext recognizes standard QT localization method + tr() and can generate usual .pot files from strings used with + it. The nwe msgfmt can generate .qm files from translated .po + files. + + +2004-04-25 + + * instDialog.cpp (cmd): this method can be used whenever we need + to execute several commands on the firewall sequentially. + + * (instDialog): install dialog hides incremental install options + if 'diff' program can not be found (perhaps compiler that comes + with it is not installed) + + * instDialog2.cpp (PIXincrementalInstall): integrated with + fwb_pix_diff + * instDialog2.cpp (PIXbackup): implemented function that stores + backup copy of firewall configuration in a file + +2004-04-18 + + * findDialog.cpp (find): 'find object' function is implemented by + means of an external modeless dialog that allows for searching in + the tree and or policy rules and supports matching with regular + expressions. + + * newFirewallDialog.cpp (getInterfacesViaSNMP): 'new firewall' + wizard can discover interfaces using SNMP. Finished work on the + page where user can arrange interfaces according to their security + levels. + +2004-04-15 + + * newFirewallDialog.cpp (accept): added 'new firewall' + wizard. Still need to work on the page where user sets security + levels of interfaces. + +2004-04-14 + + * VERSION (BETA): added a variable in the VERSION file that + designates code revision as beta and stores beta testing period + expiration time (+30 days). Currently only About dialog shows this + time, but in the future I may make the program disable itself if + it is used past this time. The released version won't have this + limitation. This can be used to prompt people to upgrade, so I do + not have to support old versions. + +2004-04-11 + + * FWBSettings.cpp (restoreGeometry): added ability for dialogs to + automatically remember and restore their geometry (size and + relative position on the screen). Currently only main window, conflict + resolution dialog and object editor dialogs do this. Geometry is + stored in preferences. Main window comes up with a default geometry + 100,100,750,600 (x,y,w,h) when no geometry is found in settings. + +2004-04-10 + + * FWWindow.cpp (ConflictResolutionPredicate): implemented conflict + detection and resolution for the "merge" operation. The same + mechanism works for "open file" since it is also based on + merge. When there is a conflict during merge, the program opens a + dialog and asks the user which copy of the object they want to + keep. + +2004-04-09 + + * instDialog3.cpp (stateMachineSSHSUDO): builtin installer works + with Linux/BSD systems using combination of ssh on the client side + and sudo on the firewall. User provides a password for + authentication and the program logs in into the firewall as that + user, copies firewall script to "/etc/fw" (directory path is + hardcoded), then executes it using sudo. Sudo should be configured + for this user or group she belong to to be able to execute this + script as root with no password. + +2004-04-08 + + * instDialog.cpp (instDialog): added universal (hopefully) policy + installer program. The program uses ssh in a background on both + Unix and Windows (on Windows it requires putty/plink) to + communicate with the firewall. Currently only supports PIX but I + will add Linux/BSD later. Installer GUI asks user for a password. + +2004-04-07 + + * RuleOptionsDialog.cpp (loadFWObject): added rule options dialog + for ipt + +2004-04-06 + + * FWWindow.cpp (search): implemented advanced search method that + finds and highlights objects both in the tree and in any rule of + any firewall. This resolves problem outlined in Feature Request + #837448: '"Where used" only shows fw objects' + +2004-04-04 + + * FWWindow.cpp (save): implemented saving data file without making + copies of objects in the 'Standard' library (Feature Request + #810504). This feature is considered experimental and is off by + default. An option in Preferences dialog activates it. + + * FWWindow.cpp (load): All load is done via merging of the loaded + file with a standard object tree. Now we can load files saved + without copies of unused standard objects. + + * FWWindow.cpp (fileImport): implemented data import. Using method + FWObjectDatabase::merge to merge imported data with current object + tree. Only object IDs are compared, so modified standard object in + the imported file will be ignored and its changes will be lost. + +2004-04-03 + + * export.cpp (exportLibrary): Implemented library export + + * StartWizard.cpp (StartWizard): added simple startup wizard that + asks user if they want to open existing file or create a new + one. It also sets some useful preferences such as adds new file to + RCS and makes the program automatically open it when it is started + next time. + + * OSConfigurator_linux24.cpp (generateCodeForProtocolHandlers): + Fixed bug #956544: "Error into load modules script generation", + where generated script would not load kernel modules with names + "module.ko.gz". Regular expression should match on ".ko.*$" to + find these modules properly. Thanks to Andrey Kaminsky + who pointed this out. + + * RuleSetView.cpp (doubleClicked): double-clicking on an object in + the policy rule opens that object in the editor + +2004-04-02 + + * ObjectManipulator.cpp (ObjectManipulator): using combobox widget + instead of a tab widget for libraries. This way we can fit more + libraries without making interface cluttered. + +2004-03-31 + + * ipt.cpp (main): the GUI saves path to the DTD and resources in + user's settings using QT QSettings class. Policy compilers and + other tools can read this setting to quickly determine location of + DTD and resources. + +2004-03-29 + + * getting rid of STL classes in the GUI. The idea is to make GUI + use QT classes in most of the code and use STL classes such as + 'string', 'map', 'list' where it has to pass data to and from API + which is STL-based. This should simplify using QT compiled without + STL support (much less conversions between string and QString). + +2004-03-28 + + * main.cpp (main): the data file can be specified on a command + line both as an argument for option '-f' and after all + options. Option '-f' is preserved for compatibility with old + versions. Preferred method is to specify the file name as a + parameter without any option: "fwbuilder file.fwb" + +2004-03-27 + + * platforms.cpp (getVersionsForPlatform): usability improvement: + "combo boxes" that do not allow typing in them should not have + empty choices. Fixed this for a drop-down menu of version numbers + in firewall dialog. + +2004-03-26 + + * RuleSetView.cpp (insertRule): counting rules from zero in the GUI + + * (RuleSetView): this is not a change, I just wanted to document + that I tested the GUI with a policy that has 1000 rules. I haven't + noticed any delay in loading this policy compared with when it had + <100 rules. + +2004-03-25 + + * FWWindow.cpp (fileSaveAs): gui automatically chooses working dir + if none is set and user calls 'file save as' menu item : + * on Unix will use current dir. + * on Windows will use user's document dir. + + * NATCompiler_ipt.cpp (processNext): added a workaround for a bug + (no number): if address range object was used in SNAT or DNAT rule + and option 'manage virtual addresses' was on, compilerwould not + add virtual address properly. It still won't do it, but at least + there is a check for this situation and it prints appropriate + warning message. The problem with this is that if the range is + large, we end up with potentially lots of virtual addresses. Let + the user deal with this themselves. + + * ipt.cpp: compiler(s) understand new command line option '-R', + which should specify a full path to the resources. This is useful + on Windows and Mac where resources are installed in a non-fixed + place by the GUI package, but need to be used by the compilers. + +2004-03-24 + + * ObjectManipulator.cpp (contextMenu): each system group object in + the tree has an item in its pop-down menu that allows user to + quickly add an object to that group. + + * IPv4Dialog.cpp (DNSlookup): added ability to determine IP + address of an Address object using DNS lookup (using QDns class) + + * FWBSettings.cpp (FWBSettings): explicitly setting scope for + QSettings as "User" + +2004-03-22 + + * ObjectManipulator.cpp (addTreePage): added attribute 'ro' to all + elements in DTD (see API). This provides for a way of locking down + parts of the tree. + + * ObjectManipulator.cpp (addTreePage): read-only subtrees are + marked with an icon of a lock and text 'read-only' + + * objects_init.xml : standard objects tree is now read-only. User + objects can not be moved into 'standard' tree and standard objects + can not be edited but can be duplicated (a copy is automatically + created in the first user-defined library, most often it is a + library 'User') + + * FWWindow.cpp (install): GUI supplies a path to the firewall + object as a parameter to installation script rather than just its + name (as before). This is because the path has changed when + library element has been added. Changes made in the GUI (send path + instead of name) and in fwb_install script (to make it interpret + path). + +2004-03-21 + + * pixosAdvancedDialog.cpp (pixosAdvancedDialog): 'advanced host + settings' dialog for PIX + + * RuleSetView.cpp (contentsMousePressEvent): selectedObject is + chosen in mouse press and key press even handlers; got rid of + currentChanged slot all together. This eliminated flicker that was + caused by extra repaint of the cell when selected object was + chosen in currentChanged slot. + +2004-03-20 + + * DialogData.cpp (DialogOption): universal class to load and save + data in dialogs + + * pixAdvancedDialog.cpp (pixAdvancedDialog): 'advanced' firewall + options dialog for PIX. Implemented tabls 'Compiler options', + 'Prolog/Epilog', 'Timeouts' and partially 'Fixups'. Fixup pages + are disabled using resource string that defines which fixups are + available in certain PIX version. + + * FirewallDialog.cpp (openFWDialog): firewall dialog saves version + from the widget to the object before opening 'advanced' firewall + options dialog. This is a departure from the dialog logic where + all data is stored when user clicks 'Apply changes' button. + +2004-03-19 + + * FWBSettings.cpp: added support for an "object autosave" option + (automatic saving of changes in dialogs while switching between + objects) + + * RuleSetView.cpp (insertRule): added main menu items "insert + rule" and "add rule after current" + + * RuleSetView.cpp (contextMenu): added pop-up menu items for + adding, removing and moving rules up and down, as well as standard + copy/cut/paste operations on moves. Similar menu items added to + the main menu. + + * RuleSetView.cpp (paintCell): implemented double-buffering in + paintCell to improve performance and remove flickering + +2004-03-17 + + * FWBSettings.cpp: saving the size of the info window in settings + + * RCSFileDialog.cpp (RCSFileDialog): 'open file' dialog + automatically looks for files in the working directory configured + in a global preferences dialog. + + * main.cpp (main): added a global setting "startup action" in + Preferences. Currently two actions are available: "load standard + objects" and "load last edited file". + + * FWBSettings.cpp (FWBSettings): a specialized wrapper for + QSettings. I will be adding methods to this class to simplify + access to whatever global program preferences and options I + need. Currently it supports 'working dir' and 'info window style' + settings. Settings are stored in a platform-depended way as + QSettings does it. + +2004-03-16 + + * NATCompiler_ipt_writers.cpp (_printOPorts): minor bugifx - fixed + typo ( '==' -> '=' ) + + * ObjectEditor.cpp (closeEvent): object editor checks for + modifications before closing if user closes it using window + manager buttons. + + * FWWindow.cpp (unselectRules): the main window maintains single + selection across objects in the tree and in the policy + view. Selecting an object in the tree automatically unselects + object in the policy and vice versa. Now I can implement + copy/cut/paste functions driven by the main menu; these operations + will work on the currently selected object either in the tree or + in the policy. + + * FWWindow.cpp (editCut): copy/cut/paste operations work between + the tree and policy views using both context menus and main + menu. + + * ipt.cpp: output stream is created with a mode ios::binary on + Windows + + * RCS.cpp (isDiff): having problems with rcsdiff.exe in windows, + for now will assume that the file always changes and needs checkin + comment. + +2004-03-15 + + * RCS.cpp (co): using windows-specific functions to create a + temporary file for the file checkout + + * global.h: added redefinition of macro assert to be able to use + it on windows where we compile without debugging info. (the reason + I do not build Debug version on win32 is because I use precompiled + libraries libxml2 etc that are built using Release CRT, and I + can't mix different runtimes). + + * RCS.cpp (co): GUI makes sure that if the file has been opened + and locked by a user, another user can only open it read-only. The + same user has a choice of opening it read-only or read-write. The + latter case is useful in case of a program crash that leaves + opened files in the locked state. + + * RCS.cpp (co): added ability to open older revision of the file + read-only. Requested revision is checked out into temporary file, + which is then loaded and immediately deleted. The object tree is + locked read-only and 'save' and 'save as' operations are disabled. + +2004-03-14 + + * RCS.cpp (add): using "rcs -i -kb" to add a file to RCS, this + should help avoid extra CR in the file while working on windows + because it makes RCS use binary mode while working with the file. + +2004-03-13 + + * ObjectManipulator.cpp: GUI redesign: switched to a single window + design. Object manipulation happens inside three classes: + ObjectManipulator (the tree widgets and algorithms), ObjectEditor + (a stack of editor widgets and a glue logic), obejct info browser + (class QTextBrowser). Object editor appears as a non-modal dialog + when user double-clicks an object in the tree. Single click + updates data in the info window but does not open the + editor. Objects can be selected in the tree in any supported way - + keyboard arrows, keyboard shortcuts, hitting the first letter of + the objects's name, mouse click. In any case, appropriate object + is selected and info window is updated with its attributes. + + Info window has three modes: collapsed (there is no info window), + showing only comment attrbibute and showing brief summary of + object's parameters and a comment. User can switch between modes + using a button located on the main window panel directly under the + info widget. + +2004-03-12 + + * build environment is based on qmake: file qmake.inc is included + from qmake project files in all subdirectories. File qmake.inc + defines all variables for all platforms, so project files in + subdirs only add lists of files and take care of exceptions. File + qmake.inc is generated by configure, but all substitutions are + only needed for Unix and Mac. This file is checked in to cvs so it + could be used on Windows without a need to run configure. + + All qmake project files in subdirectories need no substitutions + by configure, so they all are checked in to cvs and can be used on + windows right away. + + Qmake project files fwbuilder2.pro and src/src.pro use template + 'subdirs' and make qmake descent into subdirectories and rebuild + projects there. + + Now using qmake to generate Makefile and MSVC project files in + src/fwblookup, src/fwbedit, src/ipt. Makes it easier to generate + consistent MSVC projects without having to edit them manually. + + resource files (src/res/*.xml and src/res/*/*.xml) are generated + by configure, however, since substitutions made in them are only + relevant on Unix and Mac, generated files are checked in to cvs so + they can be used on windows without running configure. + + No need to run configure (or autogen.sh) on Windows anymore. + + To build on Unix and Mac: + $ autogen.sh + $ make + $ make install + + To build on windows: + + run qmake, then make in the root dir. of the project + Open fwbuilder2.dsw in MSVC and rebuild all + + * NATCompiler_ipt.cpp, PolicyCompiler_ipt.cpp and others in + src/ipt: code cleanup. Removed all unused variables and added + handling for 'default' case in switch operators. + + + +2004-03-10 + + * FWWindow.cpp (compile): implemented main menu items "Rules/compile" + and "Rules/install". Still need to add toolbar buttons though. + + * execDialog.cpp (execDialog): a dialog for a background execution + of external commands. This class is used to call external policy + compilers and installer scripts. Uses QT class QProcess. + + * ipt.cpp: transfered compiler for iptables over to fwb2. Only + minor changes: new file name schema (*.h, *.cpp); proper choice of + the directory where resource files are located; eliminated last + dependencies on glib + +2004-03-09 + + * iptAdvancedDialog.cpp (accept): firewall settings dialog saves + all data in the object. + +2004-03-07 + + * iptAdvancedDialog.cpp (iptAdvancedDialog): firewall settings + dialog for iptables. Saving of the data back in the firewall + object is not implemented yet. + + * DialogFactory.cpp (createDialog): DialogFactory: class that + creates dialogs for all object types. + + * FWBTree.cpp (FWBTree): refactored code: all methods that enforce + our standard tree structure now belong to the class FWBTree + + * TimeDialog.cpp (applyChanges): added dialog for the Time + interval object. + +2004-03-06 + + * GroupObjectDialog.cpp (setupPopupMenu): added pop-up menu in the + group view (both icon and list modes) with oprations + copy,cut,paste and delete. + + * all dialogs: object is moved from library to library when user + clicks 'apply changes' (before it would move immediately when the + library was changed in the pop-down menu). + + * CustomServiceDialog.cpp (loadFWObject): added dialog for the + Custom Service object + +2004-03-05 + + * PropertyEditor.cpp (copyObj): added pop-up menu to object tree + view; implemented functions 'duplicate', 'copy', 'cut', 'paste' + +2004-03-04 + + * ObjectTreeView.cpp (contentsMouseReleaseEvent): objects in the + tree are selected with double-click. + + +2004-03-03 + + * RuleSetView.cpp (getRE): added platform capabilities check for + columns 'Time' and 'log/options' in policy views + + * RuleSetView.cpp (dragMoveEvent): support for d&d of Time objects + +2004-03-02 + + * InterfaceDialog.cpp (loadFWObject): added dialog elements for + interface security level, 'external' checkbox, network zone. + + * RCS.cpp (isDiff): added a wrapper for rcsdiff in RCS class + +2004-02-29 + + * PropertyEditor.cpp (createObject): properly creating interfaces + and addresses for the firewall object + + * further testing and improvements in RCS integration + +2004-02-28 + + * FWWindow.cpp (load): file can be opened with or without RCS, a + head revision or any specific revision, read-write or + read-only. File name, revision number and read-only status is + displayed on the main window's title bar. + + * FWWindow.cpp (load): added ability to open data files read-only + + * RCS.cpp (RCS): refactored the code, made class RCS a wrapper for + the command-line rcs tools. It should be possible to use the same + or similar interface for other version control system if needed. + +2004-02-26 + + * RCSFilePreview.cpp (showFileRLog): Open File dialog shows RCS + revisions of the chosen file in a preview panel. Added button "add + to RCS" that allows user to add selected file to RCS right from + the "open file" dialog. Added elements for opening file read-only + and with or without locking (but these functions have not been + implemented yet). + +2004-02-23 + + * RCS.cpp (rlog): class RCS provides simple integration with + RCS. Uses portable functions provided by QT to call external RCS + programs. + + * configure.in: added checks for external RCS programs ci, co, + rlog. + +2004-02-22 + + * FWWindow.cpp: added basic integration with RCS. Every time a + data file is opened, it is checked out from RCS and locked. If the + file has not been added to RCS, an initial checkin is performed + with a generic comment. Every time an opened file is saved (using + "save" or "save as" menu), it is checked in and kept in a locked + state. A new menu item "File/Close" has been added; this menu item + checks the file in and removes lock (does 'ci -u') so other users + can work on it, then it reopens a standard objects database in the + GUI. Opening a file while another file is already opened in the + GUI causes the latter to be closed (checked in and lock removed) + and a new one opened as described above. + + still TODO: add a dialog to ask the user for a checkin comment + text. Add a global option "Use RCS" so that using version control + is optional. Test the whole thing on Windows. + +2004-02-16 + + * PropertyEditor.cpp (PropertyEditor): added dialogs for + interface, MAC address, network, address range and other objects. + + * FWObjectDrag.h: implemented custom drag class FWObjectDrag; all + widgets dynamically check if the object being dragged can be + dropped in them. User can drag objects from the tree into groups + and rules, as well as from a group into the tree. + +2004-02-08 + + * IPServiceDialog.cpp (libChanged): implemented gui elements and + support for moving objects between libraries. + +2004-01-20 + + * added dialog for object IPv4. This object can now be created in + a standard place in the tree in a group Objects/Addresses as well + as as a child object of interface (as before in fwbuilder 1). This + allows for using object IPv4 as an abstract for an IP address + which is simpler than using a Host object. + +2004-01-04 + + * GroupObjectDialog.cpp: Experiment: user and standard object tree + views have different background colors. This provides simple + visual clue of what library the object shown in the editor panel + belongs to. This is especially useful if a standard object is + referenced from the user defined group and user opens it; in this + case the tree switches from user-defined objects to the standard + onces but this switch may not be evident from the first glance, + thus user loses context and may be confused why his objects + apparently have gone away. + +2004-01-03 + + * PropertyEditor.cpp (PropertyEditor): property editor has window + type "dialog" and always stays on top of the main + window. Implemented simple history feature for the object + navigation and added a button "Back" to the toolbar. + + * GroupObjectDialog.cpp (loadFWObject): group object dialog can + now show group contents as a set of icons or as a list; switching + between two modes is done using toggle buttons a-la file list + modes in the "open file" dialog. + + * PropertyEditor.cpp (loadObjects): merged object tree and object + property editor in one dialog. + +2003-12-20 + + * main.cpp (main): resources and preferences files can now be + found dynamically, using a full path to the directory the binary + has been launched from. The RES_DIR macro defined in config.h + now specifies relative path to the resource files starting from + the application root dir. If program is installed in + /usr/local/bin, then the application root is "/usr/local" and + resources should be located in /usr/local/$RES_DIR directory. + diff --git a/doc/Credits b/doc/Credits new file mode 100644 index 000000000..f51074457 --- /dev/null +++ b/doc/Credits @@ -0,0 +1,99 @@ +$Id: Credits 899 2005-12-14 06:58:43Z vkurland $ + +We would like to thank the following people who helped us in various +ways to make this project happen: + +Special thanks to Friedhelm Düsterhöft for help with XML +development and initial XSLT filters implementation. + +For icons : Hector Rivera Falu + +For icons and a first web site: Tanya Soussokolova + +For debugging on SuSE, building packages for SuSE and for help +with answering support requests: + Marc Pfefferkorn + +For German translation for Firewall Builder v1.x: + Marc Pfefferkorn + Jens Hektor + Axel Stenkamp + +For localization patch (gettext support) and French translation +for Firewall Builder v1.x: + Florent MANENS + +For French translation for Firewall Builder v2.x + Jean-Michel PourÌ© + +For Japanese translation for Firewall Builder v2.x + Tadashi Jokagi + +For Swedish translation: Daniel Nylander + +For ideas, suggestions, patches and contributions: +------------------------------------------------------------- +Friedhelm Düsterhöft" +- many suggestions and prototype for DTD. + + +Jeremy T. Bouse +- package maintainer for Debian +- libxml2 support. +- X.509 certificate generation druid assistance +- iptables/iproute2 patches + + +Carlo Wood +- many valuable patches and bug reports +- suggestions regarding rpm building process and changes to spec file + + +Jochen Friedrich +- ideas for future development + + +Vadim Fedukovich +- help with OpenSSL and answering related questins. + + +David Gullasch and +stephan_r@users.sourceforge.net +- firewall policy installation script + + +Igor Morozov +- first attempt at Win32 porting and a prototype + + +Mark Vevers +- for an idea and a patch that fixes optimizer in fwb_ipt +Patch information: + +Author: Mark Vevers +Copyright (c) 2004 Research Machines Plc + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + + + + + diff --git a/doc/FWBuilder-Routing-LICENSE.txt b/doc/FWBuilder-Routing-LICENSE.txt new file mode 100644 index 000000000..563c28bce --- /dev/null +++ b/doc/FWBuilder-Routing-LICENSE.txt @@ -0,0 +1,23 @@ + + Firewall Builder Routing add-on + + Copyright (C) 2004 Compal GmbH, Germany + + Author: Tidei Maurizio + + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies + of the Software, and to permit persons to whom the Software is furnished to do + so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in all + copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, + INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A + PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE + OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/doc/PatchAcceptancePolicy.txt b/doc/PatchAcceptancePolicy.txt new file mode 100644 index 000000000..4ecffd689 --- /dev/null +++ b/doc/PatchAcceptancePolicy.txt @@ -0,0 +1,36 @@ +$Id: PatchAcceptancePolicy.txt 152 2004-03-27 17:11:54Z vkurland $ + +Firewall Buider Project welcomes user contributions. Because we would +like not to be limited in future licensing options of the code, +authors of all submitted patches must agree that their contribution is +donated to our project under terms of following license (this is MIT +license): + +------------------------------------------------------------------------- + +Copyright (c) + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +------------------------------------------------------------------------- + +When submitting the patch please state that you agree with this +license. + diff --git a/doc/README.floppyfw b/doc/README.floppyfw new file mode 100644 index 000000000..bde560bcc --- /dev/null +++ b/doc/README.floppyfw @@ -0,0 +1,73 @@ + + +How to generate firewall script for floppyfw +(http://www.zelow.no/floppyfw/index.html) + + +1. in Firewall dialog, tab "Firewall", set the following parameters: + + - "Load modules" - OFF + - "Create virtual addresses for NAT rules" - ON + - "Use numeric log levels" - ON + + +2. download and install rpm "fwbuilder-floppyfw-0.9.7" + + +3. in "Compile/Install" tab configure full path and name of the +install script "/usr/bin/floppyfw_install.sh". Now you can compile +policy in a usual way using menu Rules->Compile and then install it +to floppyfw floppy using menu Rules->Install. Install script makes +certain checks to verify that floppy you use indeed contains floppyfw +code. Install script depends on mtools package. + + +4. some useful configuration parameters for floppyfw: + + - activate serial console for kernel boot-time messages and shell: + in file "config" : SERIAL_CONSOLE=ttyS0 + in file "syslinux.cfg" add "console=ttyS0,9600" kernel parameters: + +------- file config ---------------------- +# Choose the serial port for the console "n" for none. +SERIAL_CONSOLE=ttyS0 +------------------------------------------ + +------- file syslinux.cfg ---------------- +default floppyfw +display floppyfw.msg +label floppyfw + kernel vmlinuz + append initrd=initrd.gz root=/dev/fd0 console=ttyS0,9600 ether=0,0,0,eth0 ether=0,0,0,eth1 +------------------------------------------ + + + + - logging via syslog: + in file "config" set USE_SYSLOG=y and add "-R" to log to remote loghost + +------- file config ---------------------- +# Turning on syslogd and klogd. +# This is a nice thing but will eat CPU which is why it is turned +# off by default. +# +USE_SYSLOG=y + +# This SYSLOG does not use syslogd.conf so we have to set things here. +# Flags: +# Log to /dev/tty3 instead of /var/log/messages which aren't exactly a +# good idea on a ramdisk. +# -O /dev/tty3 +# Log to network. host:port +# -R 10.42.42.42:514 +# Log to both network and file: +# -L +# --MARK-- 0 is no mark. +# -m 0 +# SYSLOG_FLAGS="-m 360 -O /dev/tty3" +SYSLOG_FLAGS="-m 360 -R 10.42.42.4:514" +------------------------------------------ + + - do not forget to add rule to the firewall policy to permit sending + syslog packets from firewall to your loghost + diff --git a/doc/README.iosacl b/doc/README.iosacl new file mode 100644 index 000000000..2ac217221 --- /dev/null +++ b/doc/README.iosacl @@ -0,0 +1,75 @@ + + +Policy compiler for Cisco IOS Access lists has been implemented as +part of the Firewall Builder GUI as of version 2.1.12. The first +functional build were importer worked on all supported OS was build +270 (May 22, 2007) + + +Support for Cisco IOS access lists in Firewall Builder v2.1.12, build 270: +---------------------------------------------------------------- + +Features implemented in this version: + + - The compiler generates extended ACLs using "ip access-list + extended" command. ACL names are automatically generated using + abbreviated interface names and direction symbols to make it easy + to figure out which ACL is which. Compiler uses rather minimal set + of options of the "ip access-list" command and should generate code + that will work for IOS 12.x. I did not test with 11.x but I am + pretty sure it will work, at least with the latest versions of + 11.x. + + - Compiler can also add commands to configure logging. + + - The GUI includes built-in installer for routers which works just + like installer for PIX. Both installers were updated however to + improve support for the automatic roll-back feature in case you + lose connect with the firewall or the router because of an error in + the policy. Now you can make installer schedule reboot in a few + minutes, then upload new policy or ACLs and then cancel reboot if + upload was successful. While before auto-rollback option was only + available if you installed in the test mode, now you can always use + it. Test mode means that installer does not save configuration in + the permanent memory, as before. + + - All three installation methods that were available for PIX are now + available for routers: you can make it clear all access lists and + then load new ones or just update access lists without + clearing. The last method (the "safety net" method) creates + temporary acl to permit communication with the management station, + assigns it to the interface marked as management interface, then + clears all access lists and loads new ones and in the end swaps + proper list on the management interface. This helps prevent + locking yourself out of the router in the middle of the + installation process in case of an error in the ACL and at the same + time does not leave the router with no acls for the time it takes + to install new policy. In combination with automatic roll-back, + installation process is pretty reliable. + + - New option has been added to the interface object, called + "unprotected". This allows you to mark some interfaces to be + skipped by the compiler when it picks interfaces for ACL + rules. This should be useful when you have routers with many + interfaces and only want to add ACLs to some of them. Also, you can + explicitly put interface objects into policy rules and specify + direction if you want to do this manually. + + - Since router ACLs have no state, all rules should be created in the + policy pretty much like you do it on the router, including rules + that permit reply packets. New option has been added to the TCP + Service object, called "established". This makes compiler use + option "established" in rules it generates if it is supported by + the firewall platform. Compilers for iptables, ipfilter, pf and PIX + can not use objects with this option and treat it as an error + because corresponding platforms do not support it. IPFW, on the + other hand, supports it so compiler fwb_ipfw can use it. + + +Shortcomings of this version: + + - "tos", "precedence" and "time-range" options are not supported + + - "igmp" access lists can no be generated + + diff --git a/doc/README.ipf b/doc/README.ipf new file mode 100644 index 000000000..852a650ee --- /dev/null +++ b/doc/README.ipf @@ -0,0 +1,149 @@ +fwb_ipf(1) Firewall Builder fwb_ipf(1) + + + +NNAAMMEE + fwb_ipf - Policy compiler for ipfilter + +SSYYNNOOPPSSIISS + ffwwbb__iippff [[--vvVVxx]] [[--dd wwddiirr]] --ff ddaattaa__ffiillee..xxmmll object_name + + +DDEESSCCRRIIPPTTIIOONN + ffwwbb__iippff is a firewall policy compiler component of Fire­ + wall Builder (see fwbuilder(1)). This compiler generates + code for ipfilter. Compiler reads objects definitions and + firewall description from the data file specified with + "-f" option and generates ipfilter configuration files and + firewall activation script. + + All generated files have names that start with the name of + the firewall object. Firewall activation script has exten­ + sion ".fw" and is simple shell script that flushes current + policy, loads new filter and nat rules and then activates + ipfilter. IPFilter configuration file name starts with + the name of the firewall object, plus "-ipf.conf". NAT + configuration file name also starts with the name of the + firewall object, plus "-nat.conf". For example, if fire­ + wall object has name "myfirewall", then compiler will cre­ + ate three files: "myfirewall.fw", "myfirewall-pf.conf", + "myfirewall-nat.conf". + + The data file and the name of the firewall objects must be + specified on the command line. Other command line parame­ + ters are optional. + + + +OOPPTTIIOONNSS + -f FILE + Specify the name of the data file to be processed. + + + -d wdir + Specify working directory. Compiler creates + firewall activation script and ipfilter configura­ + tion files in this directory. If this parameter is + missing, then all files will be placed in the cur­ + rent working directory. + + + -v Be verbose: compiler prints diagnostic messages + when it works. + + + -V Print version number and quit. + + + -x Generate debugging information while working. This + option is intended for debugging only and may pro­ + duce lots of cryptic messages. + + +NNOOTTEESS + Support for ipf returned in version 1.0.1 of Firewall + Builder + + Supported features: + + + + o both ipf.conf and nat.conf files are generated + + + o negation in policy rules + + + o stateful inspection in individual rule can be + turned off in rule options dialog. By default com­ + piler adds "keep state" or "modulate state" to each + rule with action 'pass' + + + o rule options dialog provides a choice of icmp or + tcp rst replies for rules with action "Reject" + + + o compiler adds flag "allow-opts" if match on ip + options is needed + + + o compiler can generate rules matching on TCP flags + + + o compiler can generate script adding ip aliases for + NAT rules using addresses that do not belong to any + interface of the firewall + + + o compiler always adds rule "block quick all" at the + very bottom of the script to ensure "block all by + default" policy even if the policy is empty. + + + o Address ranges in both policy and NAT + + + + + Features that are not supported (yet) + + + o negation in NAT + + + o custom services + + + + + Features that won't be supported (at least not anytime + soon) + + + o policy routing + + + + +UURRLL + Firewall Builder home page is located at the following + URL: hhttttpp::////wwwwww..ffwwbbuuiillddeerr..oorrgg// + + +BBUUGGSS + Please report bugs using bug tracking system on Source­ + Forge: + + hhttttpp::////ssoouurrcceeffoorrggee..nneett//ttrraacckkeerr//??ggrroouupp__iidd==55331144&&aattiidd==110055331144 + + + +SSEEEE AALLSSOO + ffwwbbuuiillddeerr((11)),, ffwwbb__iipptt((11)),, ffwwbb__ppff((11)) + + + + + +FWB fwb_ipf(1) diff --git a/doc/README.ipfw b/doc/README.ipfw new file mode 100644 index 000000000..6d7fcfcf0 --- /dev/null +++ b/doc/README.ipfw @@ -0,0 +1,82 @@ +fwb_ipfw(1) Firewall Builder fwb_ipfw(1) + + + +NNAAMMEE + fwb_ipfw - Policy compiler for ipfw + +SSYYNNOOPPSSIISS + ffwwbb__iippffww [[--vvVVxx]] [[--dd wwddiirr]] --ff ddaattaa__ffiillee..xxmmll object_name + + +DDEESSCCRRIIPPTTIIOONN + ffwwbb__iippffww is a firewall policy compiler component of Fire­ + wall Builder (see fwbuilder(1)). This compiler generates + code for ipfw - a firewall and traffic shaper in FreeBSD + (see ipfw(8)). Compiler reads objects definitions and + firewall description from the data file specified with + "-f" option and generates firewall configuration and acti­ + vation script. + + The generated file has a name that starts with the name of + the firewall object, with an extension ".fw". It is a + shell script that flushes current policy, then loads new + filter and nat rules. + + The data file and the name of the firewall objects must be + specified on the command line. Other command line parame­ + ters are optional. + + + +OOPPTTIIOONNSS + -f FILE + Specify the name of the data file to be processed. + + + -d wdir + Specify working directory. Compiler creates fire­ + wall activation script in this directory. If this + parameter is missing, then all files will be placed + in the current working directory. + + + -v Be verbose: compiler prints diagnostic messages + when it works. + + + -V Print version number and quit. + + + -x Generate debugging information while working. This + option is intended for debugging only and may pro­ + duce lots of cryptic messages. + + +NNOOTTEESS + Support for ipfw was added in version 1.0.10 of Firewall + Builder + + + +UURRLL + Firewall Builder home page is located at the following + URL: hhttttpp::////wwwwww..ffwwbbuuiillddeerr..oorrgg// + + +BBUUGGSS + Please report bugs using bug tracking system on Source­ + Forge: + + hhttttpp::////ssoouurrcceeffoorrggee..nneett//ttrraacckkeerr//??ggrroouupp__iidd==55331144&&aattiidd==110055331144 + + + +SSEEEE AALLSSOO + ffwwbbuuiillddeerr((11)),, ffwwbb__iipptt((11)),, ffwwbb__ppff((11)) ffwwbb__iippff((11)) + + + + + +FWB fwb_ipfw(1) diff --git a/doc/README.ipt b/doc/README.ipt new file mode 100644 index 000000000..6f59a87af --- /dev/null +++ b/doc/README.ipt @@ -0,0 +1,68 @@ +fwb_ipt(1) Firewall Builder fwb_ipt(1) + + + +NNAAMMEE + fwb_ipt - Policy compiler for iptables + +SSYYNNOOPPSSIISS + ffwwbb__iipptt [[--wwvvVV]] [[--dd wwddiirr]] --ff ddaattaa__ffiillee..xxmmll object_name + + +DDEESSCCRRIIPPTTIIOONN + ffwwbb__iipptt is firewall policy compiler component of Firewall + Builder (see fwbuilder(1)). Compiler reads objects defini­ + tions and firewall description from the data file speci­ + fied with "-f" option and generates resultant iptables + script. The script is written to the file with the name + the same as the name of the firewall object, plus exten­ + sion ".fw". + + The data file and the name of the firewall objects must be + specified on the command line. Other command line parame­ + ters are optional. + + +OOPPTTIIOONNSS + -f FILE + Specify the name of the data file to be processed. + + + -d wdir + Specify working directory. Compiler creates file + with iptables script in this directory. If this + parameter is missing, then iptables script will be + placed in the current working directory. + + + -w Supress compiler's warnings + + + -v Be verbose: compiler prints diagnostic messages + when it works. + + + -V Print version number and quit. + + +UURRLL + Firewall Builder home page is located at the following + URL: hhttttpp::////wwwwww..ffwwbbuuiillddeerr..oorrgg// + + +BBUUGGSS + Please report bugs using bug tracking system on Source­ + Forge: + + hhttttpp::////ssoouurrcceeffoorrggee..nneett//ttrraacckkeerr//??ggrroouupp__iidd==55331144&&aattiidd==110055331144 + + + +SSEEEE AALLSSOO + ffwwbbuuiillddeerr((11)),, ffwwbb__iippff((11)),, ffwwbb__ppff((11)) + + + + + +FWB fwb_ipt(1) diff --git a/doc/README.pf b/doc/README.pf new file mode 100644 index 000000000..559ee8526 --- /dev/null +++ b/doc/README.pf @@ -0,0 +1,152 @@ +fwb_pf(1) Firewall Builder fwb_pf(1) + + + +NNAAMMEE + fwb_pf - Policy compiler for OpenBSD packet filter "pf" + +SSYYNNOOPPSSIISS + ffwwbb__ppff [[--vvVVxx]] [[--dd wwddiirr]] --ff ddaattaa__ffiillee..xxmmll object_name + + +DDEESSCCRRIIPPTTIIOONN + ffwwbb__ppff is a firewall policy compiler component of Firewall + Builder (see fwbuilder(1)). This compiler generates code + for OpenBSD Packet Filter (pf). Compiler reads objects + definitions and firewall description from the data file + specified with "-f" option and generates pf configuration + files and firewall activation script. + + All generated files have names that start with the name of + the firewall object. Firewall activation script has exten­ + sion ".fw" and is simple shell script that flushes current + policy, loads new filter and nat rules and then activates + pf. PF configuration file name starts with the name of + the firewall object, plus "-pf.conf". NAT configuration + file name also starts with the name of the firewall + object, plus "-nat.conf". For example, if firewall object + has name "myfirewall", then compiler will create three + files: "myfirewall.fw", "myfirewall-pf.conf", "myfirewall- + nat.conf". + + The data file and the name of the firewall objects must be + specified on the command line. Other command line parame­ + ters are optional. + + + +OOPPTTIIOONNSS + -f FILE + Specify the name of the data file to be processed. + + + -d wdir + Specify working directory. Compiler creates + firewall activation script and PF configuration + files in this directory. If this parameter is + missing, then all files will be placed in the cur­ + rent working directory. + + + -v Be verbose: compiler prints diagnostic messages + when it works. + + + -V Print version number and quit. + + + -x Generate debugging information while working. This + option is intended for debugging only and may pro­ + duce lots of cryptic messages. + + +NNOOTTEESS + Support for PF has been introduced in version 1.0.1 of + Firewall Builder + + + Supported features: + + + o both pf.conf and nat.conf files are generated + + + o negation in policy and NAT rules + + + o grouping in "from", "to" and ports using '{' '}' + syntax + + + o if checkbox "Scrub" is checked in the rule options + dialog, and rule's action is Accept, the compiler + generates two (almost) identical rules: first with + action 'scrub' and the second with action 'pass + quick' + + + o stateful inspection in individual rule can be + turned off in rule options dialog. By default com­ + piler adds "keep state" or "modulate state" to each + rule with action 'pass' + + + o rule options dialog provides a choice of icmp or + tcp rst replies for rules with action "Reject" + + + o compiler adds flag "allow-opts" if match on ip + options is needed + + + o compiler can generate rules matching on TCP flags + + + o compiler can generate script adding ip aliases for + NAT rules using addresses that do not belong to any + interface of the firewall + + + o compiler always adds rule "block quick all" at the + very bottom of the script to ensure "block all by + default" policy even if the policy is empty. + + + o Address ranges in both policy and NAT + + + + Features that are not supported (yet) + + + o custom services + + + + What will not be supported (at least not anytime soon) + + + o policy routing + + +UURRLL + Firewall Builder home page is located at the following + URL: hhttttpp::////wwwwww..ffwwbbuuiillddeerr..oorrgg// + + +BBUUGGSS + Please report bugs using bug tracking system on Source­ + Forge: + + hhttttpp::////ssoouurrcceeffoorrggee..nneett//ttrraacckkeerr//??ggrroouupp__iidd==55331144&&aattiidd==110055331144 + + + +SSEEEE AALLSSOO + ffwwbbuuiillddeerr((11)),, ffwwbb__iipptt((11)),, ffwwbb__iippff((11)) + + + + + +FWB fwb_pf(1) diff --git a/doc/README.policy_import b/doc/README.policy_import new file mode 100644 index 000000000..a9e2c5bfb --- /dev/null +++ b/doc/README.policy_import @@ -0,0 +1,166 @@ + + +Policy importer has been implemented as part of the Firewall Builder +GUI as of version 2.1.12. The first functional build were importer +worked on all supported OS was build 270 (May 22, 2007) + +Policy importer uses ANTLR lexer and parser ( http://www.antlr.org/ ) +Version 2.7.7 is used in Firewall Builder v2.1.12 ( http://www.antlr2.org/ ) + +Firewall Builder needs ANTLR C++ runtime header files and library and +include these in the source tree under src/antlr. Unless you want to +change the grammar (*.g files) you don't need to install ANTLR +separately. All relevant ANTLR files are included in the package. For +more information on ANTRL see: http://www.antlr2.org + + + +Policy import iptables configurations (v2.1.12, build 281 and later) +---------------------------------------------------------------- + + Features implemented in this version : + + - Importer can parse iptables config saved using iptables-save + utility. Because of the huge variety of iptables modules, Importer + can only interpret basic iptables configuration and a subset of + modules. Currently the following modules are supported: + + * state + * multiport + * limit + * mark + + - Importer creates firewall object with all interfaces. It can not + assign object name for the firewall object nor add IP and MAC + addresses to interfaces because this information is not present in + iptables-save file. + + - option "Assume firewall is part of 'any'" is off in the created + firewall object. Import is done this way in order to preserve logic + of chains INPUT, OUTPUT and FORWARD in the recreated fwbuilder + rules. Rules that had chain INPUT in the imported script will have + firewall object in "destination" in the corresponding fwbuilder + rules. Firewall object is placed in "Source" for rules with chain + OUTPUT. For rules with chain FORWARD rule elements "Source" and + "Destination" are populated with objects created using options "-s" + and "-d" of the original rules or left empty ("any"). + + - all recognized iptables rules are imported and interface and + direction are set in all rules appropriately. Interface objects are + created as parser finds them in the script. + + - targets ACCEPT, DROP, REJECT, MARK and others are converted to the + corresponding fwbuilder policy rule actions. Unrecognized targets + and converted to branching rules, where the name of the target + becomes the name of the branch. + + - SNAT, DNAT, MASQUERADING, REDIRECT and NETMAP targets and their + parameters are recognized in the NAT rules. + + - Address and service objects are created in the process for all + addresses and ports used in all rules. + + - iptables rules can refer to tcp/udp ports both by name or by + number. Importer can properly interpret both formats using system + function getservbyname() to convert service name to the port + number. Since the result of this function depends on the OS, some + port names may not convert on some systems. For example, Windows + can convert more limited set of service names compared to Linux or + BSD. + + - targets LOG and ULOG are converted to the "logging" option in + fwbuilder rules with action "Continue". This is an empty action + that does not affect packet flow through the firewall but can be + used in combination with "logging" option to log the packet. If + such empty (logging-only) rule is undesired, it must be manually + merged with some other rule in the policy. + + - "--log-prefix", and "--log-level" options of the LOG target are + recognized + + - "--ulog-prefix" option of the ULOG target is recognized. Other + options of the ULOG target are not. + + - Address and service objects are reused in the process of import. + + - in case when importer fails to parse some part of the iptables-save + file, corresponding policy rule is colored red and appropriate + diagnostic message added to its comment. The problem must be + corrected manually. + + - comments ("#") found inside access lists are ignored. + + +Shortcomings of this version: + + - user-defined chains in table "nat" are not supported + + - no import of time intervals + + - no MAC address matching import + + + + +Policy import of Cisco IOS access lists (v2.1.12, build 270) +---------------------------------------------------------------- + + Features implemented in this version : + + - Importer can parse router config saved using "show run" + command. Although importer can only interpret a subset of IOS + configuration commands, other commands that it does not understand + will be ignored and should not affect operation. No manual editing + of the config is required prior to import. + + - Importer creates firewall object with all interfaces + + - firewall object name is assigned if "hostname" command is found in + the configuration. If this command is not present, the name remains + generic "New Firewall" + + - interface addresses are assigned if command "ip address" is found + (multiple addresses per interface are supported). Interfaces + without "ip address" in the configuration are marked as + "unnumbered" in the firewall builder object tree. + + - all access lists are imported and interface and direction are set + in all rules appropriately + + - Address and service objects are created in the process for all + addresses and ports used in access lists + + - IOS access lists can define ip protocol, icmp code and type, and + tcp/udp ports both by name or by number. Importer can properly + interpret both formats. + + - "log", "log-input", "fragments", "established" keywords are + supported and translated into rule or object options as + appropriate. + + - Address and service objects are reused in the process of import. + + - in case when importer fails to parse some part of the access-list + command, corresponding policy rule is colored in red and + appropriate diagnostic message added to its comment. The problem + must be corrected manually. + + - "remark" commands found inside access lists are translated into + rule comments + + - comments ("!") found inside access lists are ignored. + + +Shortcomings of this version: + + - importer does not use address and service objects that existed in + the tree before the operation has started, it creates new + ones. Deduplication only works for objects created in the process + of import. + + - the following keywords available in extended access lists are not + supported at this time: tos, precedence, time-range. + + - igmp access lists are not parsed. + + diff --git a/doc/README.routing b/doc/README.routing new file mode 100644 index 000000000..be6db50d0 --- /dev/null +++ b/doc/README.routing @@ -0,0 +1,206 @@ + + //=========================================================================\\ + || Firewall Builder Routing Add-On || + || || + || Copyright (c) 2004 Compal GmbH, Germany || + || Tidei Maurizio, fwbuilder-routing at compal.de || + || || + \\=========================================================================// + + + + Index + + 1 - Requirements + 2 - Features + 3 - Problems + 4 - Future + + + +(1) Requirements +================ + +The routing rules composed in the gui can be compiled using the ip +tables compiler, which now generates "ip route" commands, too. The +"ip" command is available since Linux 2.2. The other compilers (ipf, +ipfw, pf and cisco pix) simply ignore the routing rules. + +If you want to use ECMP routing rules (Equal Cost Multi Path), make +sure your kernel is compiled with the CONFIG_IP_ROUTE_MULTIPATH +option. + + + +(2) Features +============ + +The GUI's routing add-on offers object based definition of the routing +rules, exactly the same way as you define policy rules. This enables +you to use the same objects you already defined to build the firewall +policy in your routing rules. You won't have to update them +separately when you change something in your network. + +In the GUI a routing rule is composed of a Destination, a Gateway, an +Interface, a Metric and the Comment. The following table shows what +can be inserted for this elements: + + | | | | | + |Destination |Gateway |Interface |Metric |Comment +------------------------|-------------------------------|---------------|---------------|-------|-------- +What can be inserted? |all Objects under the |- ip-adress |- interface |int |text + |library's "Objects" section: |- interface | | | + |- address ranges |- host | | | + |- addresses | | | | + |- groups | | | | + |- hosts | | | | + |- networks | | | | +------------------------|-------------------------------|---------------|---------------|-------|-------- +Restrictions |none |Only one |The interface |0-255 |none + | |interface or |has to be a | | + | |host with ONE |child of the | | + | |ip adress can |current fire- | | + | |be inserted |wall | | +------------------------|-------------------------------|---------------|---------------|-------|-------- +Default value |"Default" (0.0.0.0/0) |none |none |0 |"" + | | | | | + +To build a valid routing rule you have to insert at least one of the +two elements gateway and interface. More than one path can be +sprecified for one destination. + +"This approach is called 'Equal-Cost Multi-Path Routing' and is used +for load balancing (Note that this does not provide failover). With +ECMP, a router potentially has several available next hops towards any +given destination. A new gateway is chosen for each new +source/destination IP pair. This means that, for example, one FTP +connection will use only one link, but new connection to a different +server will use another link. This also means that routes to +often-used sites will always be over the same provider. But on big +backbones this should distribute traffic fine. Also this has another +good feature - single connection packets do not get reordered and +therefore do not kill TCP performance." (The last Paragraph is a +quotation from +"http://www.mikrotik.com/Documentation/manual_2.7/IP/Route.html") + +To create an ECMP rule simply specify several rules with different +paths, i.e. different combinations of Gateway and Interface, for the +same Destination and with the same metric. + +Example: + +Destination Gateway Interface Metric Comment + +hostA hostB eth1 0 first possible route +hostA hostC 0 second possible route +hostA eth3 0 third possible route + +If you try to insert a non-valid object in a field, it will be ignored +and a message box informs you of the mistake. + +The "Default" route can be specified by inserting a new rule or +deleting all the destination of an existing rule. + +Before compiling the rules, they traverse several checks, to make sure +that only complete, non-ambiguous and non-concurring rules are +translated into ip commands. Follow the instructions of the compiler +to correct the errors. + +If no error was found, the rules are automatically classified in ECMP +rules and non-ECMP. The ECMP rules are written out in a separated +section of the firewall script after the "normal" routing rules. + + + +(3) Problems +============ + +1. + Please note that when executing a firewall script all existing + routing rules previously set by user space processes will be + deleted. + + To see which rules will be deleted, you can use the command "ip + route show". All lines not including "proto kernel" will be deleted + upon reload of the firewall script. + +2. + *** NOTE FOR REDHAT 8.0 *** + + Redhat seems to reset routing rules explicitly upon system + startup. Therefore its hard to distinguish interface rules from + rules setup by the user. On Redhat systems you need to include the + interface basic routing rules into your fwbuilder routing setup. IF + YOU DO NOT FOLLOW THIS HINT, YOUR MACHINE WILL FREEZE ANY NETWORK + TRAFFIC UPON START OF THE FIREWALL SCRIPT. This means e.g. if eth0 + has network 192.168.3.0/24 attached to it, you need to add a route + with Destination=Network(192.168.3.0/24), Gateway empty and + Interface=eth0. We encountered this problem on redhat 8.0. Other + versions and distros might be affected too. Debian sarge and SuSE + Linux work fine without interface routing rules being included in + fwbuilders routing rules. + +3. + If the firewall script states that the ECMP routes could not be + installed on your system, make sure your Kernel was compiled with + the CONFIG_IP_ROUTE_MULTIPATH option or renounce to ECMP rules. + +4. + If you have interfaces with a dynamic address or a point-to-point + address and you try to insert a routing rule for the default + gateway, compilation might fail, stateing "gateway not reachable". + Typically this is the case for DSL dialup links. Solution: leave the + gateway field empty. Just specify the interface. + + Example: + + The firewall connects itself to the internet by a DSL link via + interface ppp0. During dialup pppd configures the default route: + + default via 62.14.190.33 dev ppp + + After specifying a routing rule in fwbuilder Destination=default, + Gateway empty, Interface=ppp0 and running the script on the + firewall, the route looks like: + + default dev ppp0 scope link + + Besides this, the kernel generates another route automaticelly upon + default gw setup: + + 62.14.190.33 dev ppp0 proto kernel scope link src 191.54.12.143 + + We tested this on Debian/sarge with kernel 2.4.27. + + Technical explanation: + + On compilation, fwbuilder checks if gateways are reachable through + any local network of the firewall. Otherwise setting up routing + rules will fail on the firewall upon install. In case of + point-to-point interfaces fwbuilder doesn't know the point-to-point + address of the interface. Therefore this check fails since for + fwbuilder it looks like the gateway is not from any local network. + The only workaround available so far is to leave the gateway empty + and to specify the interface only. Pakets will find their way to + the internet anyway, since they are traveling over a point-to-point + interface. + + +(4) Future +========== + +Ideas, that could be implemented in the future, are: + + - Multiple customizable routing tables + + The idea is to add an option to the policy rules enabling the user + to mark matching packets with a color. For every used color a new + routing table would have to be built, that will be used only for + packets marked with the associated color. + + + - Load balancing + + Another idea is to integrate more sophisticated load balancing + options in fwbuilder's GUI. + diff --git a/doc/ReleaseNotes_2.0.1.html b/doc/ReleaseNotes_2.0.1.html new file mode 100644 index 000000000..a26a08736 --- /dev/null +++ b/doc/ReleaseNotes_2.0.1.html @@ -0,0 +1,103 @@ + + + + + + Release Notes 2.0.1 + + + +

Firewall Builder Release Notes

+
+

Version 2.0.1

+
+

+Released 08/11/04 +
+GUI and compilers v2.0.1 require API library libfwbuilder version 2.0.1 +
+

Summary

+

+Firewall Builder GUI v2.0.1 is a maintenance release that includes +fixes for bugs discovered since 2.0 has been released. +

+For those who wish to build from source, instructions are outlined +in "Install +and Build instructions" + + +

Bugs fixed in libfwbuilder API:

+
    +
  • bug #1001725: "object with empty name can not be + deleted". the problem was caused by the algorithm used in + FWObject::getPath. If object had had a blank name, the path + returned by this method would end with the name of its parent + without slash.
    • + +
+ + +
+
+

Bugs fixed in GUI:

+
    +
  • bug #1001521: "Cant create ICMP service". ICMP Service + dialog did not save icmp code and type numbers in the object. +
    • + +
  • bug #1001275: "object duplication fails w/ no action". GUI + used to not allow user to duplicate IP address object. Now any + object can be duplicated so that the copy is placed under the + same parent, including IP address.
    • + +
  • bug #1000862: "Creating groups in Deleted Objects". Library + "Deleted objects" should not be offered as a choice for "group + objects" operation.
    • + +
  • bug #1000485: "Firewalls in the drop-down box not + ordered". List of firewalls in the pull-down that controls + policy views is now alphabetically sorted on program + startup.
    • + +
  • there were two TCP Service objects "linuxconf" in the + Standard objects library. Object with ID id3AED0D6D has been + removed. It seems this object has been duplicated long time ago + (at least it was like this in 1.1.2)
    • + +
  • bug #1002388: "Clamp MSS to MTU" option was missing in + 2.0
    • + +
  • bug #1001833: fixed memory leak that appeared when autosave + option was used
    • + +
  • bug #1003068: "object copy/paste not always working". IP + address object could not be placed under interface using + copy/paste operation. Now ip address object can be pasted to + interface as well as to Objects/Addresses folder.
    • + +
  • Operation File/discard could not be used if the file was + upgraded. Changed the way operation File/Discard works: it now + closes the file, discards all the changes that have been made to + it and replaces it with a fresh copy of the head revision from + RCS. This works if user wants to abort file upgrade when they + switch to the new version of fwbuilder.
    • +
+ +
+
+

Bugs fixed in iptables policy compiler fwb_ipt:

+
    +
  • bug #1004153 "limit-burst = 0 is not valid". Iptables does not + accept the rule using "limit-burst" option if it is set to + zero.
    • +
+ + +
+ + +Last modified: Wed Aug 11 20:54:38 PDT 2004 + + + diff --git a/doc/ReleaseNotes_2.0.1.txt b/doc/ReleaseNotes_2.0.1.txt new file mode 100644 index 000000000..108711613 --- /dev/null +++ b/doc/ReleaseNotes_2.0.1.txt @@ -0,0 +1,55 @@ + Firewall Builder Release Notes + +Version 2.0.1 + + Released 08/11/04 + GUI and compilers v2.0.1 require API library libfwbuilder version 2.0.1 + +Summary + + Firewall Builder GUI v2.0.1 is a maintenance release that includes fixes for bugs discovered + since 2.0 has been released. + + For those who wish to build from source, instructions are outlined in "Install and Build + instructions" + +Bugs fixed in libfwbuilder API: + + * bug #1001725: "object with empty name can not be deleted". the problem was caused by the + algorithm used in FWObject::getPath. If object had had a blank name, the path returned by + this method would end with the name of its parent without slash. + +Bugs fixed in GUI: + + * bug #1001521: "Cant create ICMP service". ICMP Service dialog did not save icmp code and + type numbers in the object. + * bug #1001275: "object duplication fails w/ no action". GUI used to not allow user to + duplicate IP address object. Now any object can be duplicated so that the copy is placed + under the same parent, including IP address. + * bug #1000862: "Creating groups in Deleted Objects". Library "Deleted objects" should not + be offered as a choice for "group objects" operation. + * bug #1000485: "Firewalls in the drop-down box not ordered". List of firewalls in the + pull-down that controls policy views is now alphabetically sorted on program startup. + * there were two TCP Service objects "linuxconf" in the Standard objects library. Object + with ID id3AED0D6D has been removed. It seems this object has been duplicated long time + ago (at least it was like this in 1.1.2) + * bug #1002388: "Clamp MSS to MTU" option was missing in 2.0 + * bug #1001833: fixed memory leak that appeared when autosave option was used + * bug #1003068: "object copy/paste not always working". IP address object could not be + placed under interface using copy/paste operation. Now ip address object can be pasted to + interface as well as to Objects/Addresses folder. + * Operation File/discard could not be used if the file was upgraded. Changed the way + operation File/Discard works: it now closes the file, discards all the changes that have + been made to it and replaces it with a fresh copy of the head revision from RCS. This + works if user wants to abort file upgrade when they switch to the new version of + fwbuilder. + +Bugs fixed in iptables policy compiler fwb_ipt: + + * bug #1004153 "limit-burst = 0 is not valid". Iptables does not accept the rule using + "limit-burst" option if it is set to zero. + + ------------------------------------------------------------------------------------------ + + Last modified: Wed Aug 11 20:54:38 PDT 2004 +6 PDT 2004 diff --git a/doc/ReleaseNotes_2.0.2.html b/doc/ReleaseNotes_2.0.2.html new file mode 100644 index 000000000..125e138c8 --- /dev/null +++ b/doc/ReleaseNotes_2.0.2.html @@ -0,0 +1,171 @@ + + + + + + Release Notes 2.0.2 + + + +

Firewall Builder Release Notes

+
+

Version 2.0.2

+
+

+Released 08/31/04 +
+GUI and compilers v2.0.2 require API library libfwbuilder version 2.0.2 +
+

Summary

+

+Firewall Builder GUI v2.0.2 is a maintenance release that includes +fixes for bugs discovered since 2.0.1 has been released. +

+For those who wish to build from source, instructions are outlined +in "Install +and Build instructions" + + +

General

+
    +
  • Updated FreeBSD ports, tested on 5.3-BETA
    • +
+

+ + +
+
+

New standard objects

+
    +
  • added new service objects to the Standard objects library: + "xmas scan" (old object renamed "xmas scan - full"), rsync, + distcc, cvspserver, cvsup, afp, whois, bgp, radius and radius + acct, SSDP and UPnP.
    • +
+

+ + +
+
+

New template objects

+
    +
  • added template firewall objects for Linksys firewall and a + web server.
    • +
+

+ +
+
+

New features in policy compiler for PF

+
    +
  • Implemented support for all timeout settings in pf: + tcp.first,tcp.opening,tcp.established, + tcp.closing,tcp.finwait,tcp.closed,udp.first,udp.single,udp.multiple, + icmp.first,icmp.error,other.first,other.single,other.multiple, + including adaptive timeout scaling options adaptive.start and + adaptive.end
    • + +
  • Added support for options "max", "max-src-nodes" and + "max-src-states" in pf. These allow to limit number of + concurrent state table entries ("max"), number of source + addresses that can simultaneously have state table entries + ("max-src-nodes") and number of simultaneous state entries per + source address ("max-src-states") per rule.
    • +
+

+ + +
+
+

Bugs fixed in libfwbuilder API:

+
    +
  • : added element physAddress to list of child elements of + Library (bug #1011617)
    • + +
  • bug #1012733: "configure --libdir=DIR will be ignored at + installation". Needed to use macro _libdir to specify target + directory for libraries. Used it in configure, qmake.in, + libfwbuilder-config-2 and a .spec file. Code should compile and + install in correct place on 64-bit systems.
    • +
+

+ +
+
+

Bugs fixed in GUI:

+
    +
  • bug #1019691: "040829 nightly build doesn't add paths for + linksys"
    • + +
  • bug #1013177: "deleting multiple hosts causes crash" +
    • + +
  • bug #1009345: "Can only move one host object at a time + between libraries"
    • + +
  • bug #1013018: "host OS settings" dialog is missing for + linksys. Added host OS settings dialog for + linksys/Sveasoft. Dialog provides entry fields for paths to + iptables, lsmod, modprobe, logger tools and two shell prompt + string patterns, this should help to work around changes in the + shell prompt on Linksys.
    • + +
  • bug #1013022: "can not install policy script on linksts + Alchemy pre-5.2". Built-in installer uses shell prompt string + patterns configured in the host OS settings dialog for + linksys.
    • + +
  • bug #1008956: "Existing .fwb file gets overwritten if has + wrong extension". If the GUI needs to rename a data file with + old extension .xml to .fwb, it checks if a file with new + extension exists and offers user a chance to choose a different + name. It also treats symlinks in a special way: if user creates + a symlink with extension .xml pointing at a file with extension + .fwb, the GUI simply follows the link and works with .fwb + file. This should work with Windows shortcuts, too.
    • + +
  • bug #1013485: "File/Import should allow to import .fwb + file". Function File/Import offers a choice of .fwl, .fwb and + "all files" in the open file dialog.
    • + +
  • bug #1011248: "need two xmas scan service objects".
    • + +
  • bug #1013957: "incorrect NAT rule in firewall created from + template #3". The problem was caused by incorrect ip address of + interface "dmz" in the template object #3.
    • + +
  • bug #1014725: "adding new ICMP types". If user created + service group with the name "ICMP", the GUI would place new ICMP + objects under this group instead of the standard folder + "ICMP". There was the same problem with other object types, too.
    • + +
  • bug #1015884: "Export more than one library fails with 0 + references". Export library operation failed if user exported + two libraries with groups or rules in one library referencing + objects in the other.
    • + +
+ +
+
+

Bugs fixed in iptables policy compiler fwb_ipt:

+
    +
  • bug #1005148: "MAC matching - space missing". Space was + missing between MAC address and custom service code.
    • + +
  • avoiding grep in the script generated for Linksys/Sveasoft + firewall - Sveasoft Alchemy pre-5.2.3 does not have grep
    • + +
  • bug #1019943: "Missing ip addresses in the rule using + interfaces"
    • +
+ + +
+ + +Last modified: Tue Aug 31 20:38:55 PDT 2004 + + + diff --git a/doc/ReleaseNotes_2.0.2.txt b/doc/ReleaseNotes_2.0.2.txt new file mode 100644 index 000000000..84263f728 --- /dev/null +++ b/doc/ReleaseNotes_2.0.2.txt @@ -0,0 +1,100 @@ + Firewall Builder Release Notes + +Version 2.0.2 + + Released 08/31/04 + GUI and compilers v2.0.2 require API library libfwbuilder version 2.0.2 + +Summary + + Firewall Builder GUI v2.0.2 is a maintenance release that includes fixes + for bugs discovered since 2.0.1 has been released. + + For those who wish to build from source, instructions are outlined in + "Install and Build instructions" + +General + + * Updated FreeBSD ports, tested on 5.3-BETA + +New standard objects + + * added new service objects to the Standard objects library: "xmas scan" + (old object renamed "xmas scan - full"), rsync, distcc, cvspserver, + cvsup, afp, whois, bgp, radius and radius acct, SSDP and UPnP. + +New template objects + + * added template firewall objects for Linksys firewall and a web server. + +New features in policy compiler for PF + + * Implemented support for all timeout settings in pf: + tcp.first,tcp.opening,tcp.established, + tcp.closing,tcp.finwait,tcp.closed,udp.first,udp.single,udp.multiple, + icmp.first,icmp.error,other.first,other.single,other.multiple, + including adaptive timeout scaling options adaptive.start and + adaptive.end + * Added support for options "max", "max-src-nodes" and "max-src-states" + in pf. These allow to limit number of concurrent state table entries + ("max"), number of source addresses that can simultaneously have state + table entries ("max-src-nodes") and number of simultaneous state + entries per source address ("max-src-states") per rule. + +Bugs fixed in libfwbuilder API: + + * : added element physAddress to list of child elements of Library (bug + #1011617) + * bug #1012733: "configure --libdir=DIR will be ignored at + installation". Needed to use macro _libdir to specify target directory + for libraries. Used it in configure, qmake.in, libfwbuilder-config-2 + and a .spec file. Code should compile and install in correct place on + 64-bit systems. + +Bugs fixed in GUI: + + * bug #1019691: "040829 nightly build doesn't add paths for linksys" + * bug #1013177: "deleting multiple hosts causes crash" + * bug #1009345: "Can only move one host object at a time between + libraries" + * bug #1013018: "host OS settings" dialog is missing for linksys. Added + host OS settings dialog for linksys/Sveasoft. Dialog provides entry + fields for paths to iptables, lsmod, modprobe, logger tools and two + shell prompt string patterns, this should help to work around changes + in the shell prompt on Linksys. + * bug #1013022: "can not install policy script on linksts Alchemy + pre-5.2". Built-in installer uses shell prompt string patterns + configured in the host OS settings dialog for linksys. + * bug #1008956: "Existing .fwb file gets overwritten if has wrong + extension". If the GUI needs to rename a data file with old extension + .xml to .fwb, it checks if a file with new extension exists and offers + user a chance to choose a different name. It also treats symlinks in a + special way: if user creates a symlink with extension .xml pointing at + a file with extension .fwb, the GUI simply follows the link and works + with .fwb file. This should work with Windows shortcuts, too. + * bug #1013485: "File/Import should allow to import .fwb file". Function + File/Import offers a choice of .fwl, .fwb and "all files" in the open + file dialog. + * bug #1011248: "need two xmas scan service objects". + * bug #1013957: "incorrect NAT rule in firewall created from template + #3". The problem was caused by incorrect ip address of interface "dmz" + in the template object #3. + * bug #1014725: "adding new ICMP types". If user created service group + with the name "ICMP", the GUI would place new ICMP objects under this + group instead of the standard folder "ICMP". There was the same + problem with other object types, too. + * bug #1015884: "Export more than one library fails with 0 references". + Export library operation failed if user exported two libraries with + groups or rules in one library referencing objects in the other. + +Bugs fixed in iptables policy compiler fwb_ipt: + + * bug #1005148: "MAC matching - space missing". Space was missing + between MAC address and custom service code. + * avoiding grep in the script generated for Linksys/Sveasoft firewall - + Sveasoft Alchemy pre-5.2.3 does not have grep + * bug #1019943: "Missing ip addresses in the rule using interfaces" + + ---------------------------------------------------------------------- + + Last modified: Tue Aug 31 20:38:55 PDT 2004 diff --git a/doc/ReleaseNotes_2.0.3.html b/doc/ReleaseNotes_2.0.3.html new file mode 100644 index 000000000..769ad81df --- /dev/null +++ b/doc/ReleaseNotes_2.0.3.html @@ -0,0 +1,306 @@ + + + + + + Release Notes 2.0.3 + + + +

Firewall Builder Release Notes

+
+

Version 2.0.3

+
+

+Released 09/30/04 +
+GUI and compilers v2.0.3 require API library libfwbuilder version 2.0.3 +
+

Summary

+

+Firewall Builder GUI v2.0.3 is a maintenance release that includes +fixes for bugs discovered since 2.0.2 has been released. +

+For those who wish to build from source, instructions are outlined +in "Install +and Build instructions" + +

    +
  • This release improves support for the PF firewall by always + using tables in policy rules; it also uses syntax " ! + <tbl>" for negation, assignes "rdr" rules to interfaces + and adds "flags S/SA" to policy rules that keep state.
    • + +
  • This release significantly improves optimizer for iptables + and adds an automatically generated rule to block packets that + correspond to an INVALID state
    • + +
  • Built-in policy installer can compress firewall policy + script before it is installed in flash memory on + Linksys/Sveasoft firewall; this allows for much larger policy to + be used on Linksys. Script compression is optional.
    • + +
  • Built-in policy installer can be used to test new policy + rules with automatic roll-back to the previous version of the + policy after specified interval of time. This feature helps to + work around errors in the policy that block access to the + firewall from the management workstation. +
+

+ + +

Caveats

+ +

New version (as of build 421) completely changes the way it + loads and activates firewall script on linksys. Old version put + the whole script in variable rc_firewall. New one puts script in + variable fwb and puts a one-line command in rc_firewall to read + the script from fwb and execute it. This was done because of the + need to uncompress it when linksys executes command stored in + rc_firewall, in other words, rc_firewall needs to be a little + script that uncompresses and runs the main firewall script. This + is why scripts were separated and rc_firewall has changed compared + to the previous versions of fwbuilder. + +

Reverting from v2.0.3 (build 421 and later) to v2.0.2 requires + you to erase nvram variable "fwb" which holds the whole script in + the new builds. + +

+ + + +
+

New features in the built in policy installer

+
    +
  • added an option for test run. When this option is activated, + policy script is pushed to the firewall and is executed but is + not stored there permanently. Firewall reverts to the last + working configuration after reboot.
    • + +
  • implemented compression of the firewall script for + Linksys/Sveasoft combo. Using gzip and uuencode/uudecode to + compress the script and store it in flash variable + 'fwb'. Installer prints flash memory stats after commiting + changes. Installer uses scp to copy firewall script to the + firewall and autogenerated prompt to detect when it logged in; + it does not depend on Linksys shell prompt anymore.
    • + +
  • added an option to schedule automatic firewall reboot in + specified time (in minutes) after policy activation. This + option is available for all firewall platforms but PIX. This + option only works if user requested policy activation in a test + mode, in which case policy is copied and activated on the + firewall but not stored in the permanent location. After reboot + the firewall reverts to the previous version of the policy. To + cancel scheduled reboot, run installer again with "test run" + option turned off. Installer stores the policy in the permanent + location, activates it and cancels scheduled reboot. The + commands used to schedule reboot and cancel it depend on the + host os of the firewall. On Linux, it will use "shutdown -r +NN" + and "shutdown -c". On *BSD systems it uses "shutdown -r +NN" and + a combination of ps and awk to find and kill shutdown when + reboot is canceled. Installer uses "reboot" and kills it with + "killall" on linksys.
    • + +
  • All manipulations that installer does on the firewall are + programmed in little one-line scripts stored in resource file + for each supported OS the firewall is running. These are in + /usr/share/fwbuilder/os on Linux/*BSD or in + C:\FWBuilder\resources\os on Windows. Users can hack commands + in these files to make installer work with host OS that is not + supported by default. Currently, the GUI only looks for the + OS-specific resource files in the system-wide directory. Future + versions will also look in a predefined directory in users' + home. Directory path to be defined later.
    • + +
  • Added option "output file name" to firewall settings dialogs + for all platforms. User can specify the name for the output + file; this name is then used by built in installer in place of a + macro %FWSCRIPT%.
    • +
+

+ + +
+
+

New features in policy compiler for iptables

+
    +
  • implemented feature request #1023430: "add checkbox for + INVALID support in fw settings". Added two checkboxes to the + firewall settings dialog: one adds a rule to drop INVALID + packets and another adds logging to the rule.
    • + +
  • rules that permit packets associated with + ESTABLISHED,RELATED states moved to the beginning of the script + before NAT rules.
    • + +
  • bug #1022216: "negated time produces incorrect iptables + rule". Implemented negation for the "Time" rule element for + iptables
    • + +
  • using abbreviated versions of "--dport", "--sport", + "--dports", "--sports" options to make generated iptables script + smaller. Also changed the name of the variables used to hold IP + address of dynamic interface from "interface_<ifname>" to + "i_<ifname>". All this should help to fit larger policies into + small flash on linksys. These changes shrunk my test script from + 7964 bytes to 7430 bytes
    • + +
  • Generated iptables script flushes only secondary ip + addresses on interfaces during initialization phase if option + "configure interfaces" is on. This should fix a bug that caused + linksys/sveasoft unit to lose default route upon reboot if + external interface has static IP address.
    • + +
  • Generated script checks if /usr/sbin/ip exists on the + firewall before it tries to use it to verify interfaces and + configure IP addresses. This check is only performed if user + activated options that use this tool. An error message + "Interface eth0 does not exist" was generated if package + iproute2 was not installed on the firewall, which was + confusing.
    • +
+ + +
+
+

New features in policy compiler for PF

+
    +
  • A NAT rule of type DNAT (rdr rule) is assigned to an + interface of the firewall if interface object or its address + object is used in ODst. To get rdr rule without interface + assignment, use an Address or a Host object that has the same IP + address as that of firewall's interface but that is not a child + of an interface. This is the same approach that is used in + iptables.
    • + +
  • Compiler for pf always uses tables; this breaks + compatibility with older OpenBSD systems (3.2 and 3.3)
    • + +
  • Compiler for pf puts interface name in a table for rules + that use multiple objects in src or dst and one of these objects + is dynamic interface of the firewall that is being + processed. Using dynamic interface of another object in a rule + is still considered an error. Compiler puts the name of dynamic + interface in a table verbatim, without brackets '(' ')' since pf + does not replace dynamic interface with its address dynamically + if it is used in a table (pfctl issues an error if interface is + put in brackets)
    • + +
  • added an option to permit tcp sessions opened prior to + firewall restart. This is needed now since compiler generates + "flags S/SA" for the "keep state" and "modulate state" rules + which means firewall won't permit TCP sessions unless it saw + opening SYN packet.
    • + +
  • bug #1028973: fwb_pf: missing "flags S/SA" in front of + "modulate state". Compiler adds "flags S/SA" to policy rules + that use either "keep state" or "modulate state" options.
    • + +
  • bug #1028980: "need an option to turn logging on on fallback + rule". Option has been added.
    • +
+

+ + +
+
+

Bugs fixed in libfwbuilder API:

+
    +
  • bug #1022788: "GUI corrupts XML file after creating a second + firewall". Global object ID counter was getting reset every time + new FWObjectDatabase object was created. This lead to the ID + collision if user quickly created and deleted complex objects + (such as Firewall) and used database merge. This should also fix + bug #1022785: "GUI corrupts XML file after creating a host + entry"
    • + +
  • fixed bug (no number): all references to the interfaces, as + well as their IP and MAC addresses, in policy and NAT rules + should be replaced when Firewall object is duplicated. Until now + only references to the firewall object itself and to its + interfaces were replaced with references to the newly created + copies of object. References to IP and MAC addresses still + pointed at the old objects.
    • +
+

+ +
+
+

Bugs fixed in GUI:

+
    +
  • bug (no number): after deleting a library firewall objects + that belong to it were not removed from the pull-down list
    • + +
  • bug #1026945: '"Save As" does not work if current file is in + RCS'
    • + +
  • bug #1028078: "options.png is not displayed for "Assume + firewall is part..."
    • + +
  • bug #1035132: "compile errors with default Linksys firewall + object". This bug has been introduced in build 435. When user + created a new firewall object using one of the template objects, + the GUI would add bunch of garbage to the firewall options. This + garbage violated XML DTD, so compilers and the GUI would not + accept the data file anymore.
    • + +
  • bug #1035130: 'Persistent "Save" dialog box'. Certain + combination of actions on user's part used to lead to an + indefinite loop of "do you want to save the data" dialogs. The + problem was triggered if user skipped choosing a name for the + new file in startup dialog.
    • +
+ +
+
+

Bugs fixed in iptables policy compiler fwb_ipt:

+
    +
  • bug #1024861: "optimizer is broken in fwb_ipt". Used idea + and a patch by Mark Vevers . Fixed compiler + fwb_ipt generates more efficient iptables script for rules with + multiple objects in all rule elements. The script is smaller and + eliminates unnecessary comparisons for packet attributes. Every + attribute (i.e. source address, destination address, protocol + and port numbers) is checked by the script only once. This + should help reduce load on firewalls with lots of complex + rules. + +
  • bug #1026509: "incorrect rules generated for dual negation + with time". Compiler generated incorrect iptables commands for + rules that had negation in two or more rule elements, one of + which was Time.
    • + +
  • bug #1026794: multiple SRC ntwks --> "iptables: invalid + argument". Recent changes in optimizer introduced this + bug. Rules with multiple objects in src or dst, TCP service, + action Reject and option "reject with TCP RST" would generate + iptables command that used option "--reject-with tcp-reset" + without "-p tcp"
    • +
+ + + +
+
+

Bugs fixed in iptables policy compiler fwb_pf:

+
    +
  • bug #1006906: "Negated network causes pass on + network". Compiler for pf uses native negation syntax that is + now available in pf
    • + +
  • bug (no num): "firewall settings" dialog for OpenBSD pf did + not save option "Use tables". Since compiler is always using + tables, this option was removed from the dialog.
    • + +
+ +
+ + +Last modified: Thu Sep 30 20:16:23 PDT 2004 + + + diff --git a/doc/ReleaseNotes_2.0.3.txt b/doc/ReleaseNotes_2.0.3.txt new file mode 100644 index 000000000..f673b2884 --- /dev/null +++ b/doc/ReleaseNotes_2.0.3.txt @@ -0,0 +1,204 @@ + Firewall Builder Release Notes + +Version 2.0.3 + + Released 09/30/04 + GUI and compilers v2.0.3 require API library libfwbuilder version 2.0.3 + +Summary + + Firewall Builder GUI v2.0.3 is a maintenance release that includes fixes + for bugs discovered since 2.0.2 has been released. + + For those who wish to build from source, instructions are outlined in + "Install and Build instructions" + + * This release improves support for the PF firewall by always using + tables in policy rules; it also uses syntax " ! " for negation, + assignes "rdr" rules to interfaces and adds "flags S/SA" to policy + rules that keep state. + * This release significantly improves optimizer for iptables and adds an + automatically generated rule to block packets that correspond to an + INVALID state + * Built-in policy installer can compress firewall policy script before + it is installed in flash memory on Linksys/Sveasoft firewall; this + allows for much larger policy to be used on Linksys. Script + compression is optional. + * Built-in policy installer can be used to test new policy rules with + automatic roll-back to the previous version of the policy after + specified interval of time. This feature helps to work around errors + in the policy that block access to the firewall from the management + workstation. + +Caveats + + New version (as of build 421) completely changes the way it loads and + activates firewall script on linksys. Old version put the whole script in + variable rc_firewall. New one puts script in variable fwb and puts a + one-line command in rc_firewall to read the script from fwb and execute + it. This was done because of the need to uncompress it when linksys + executes command stored in rc_firewall, in other words, rc_firewall needs + to be a little script that uncompresses and runs the main firewall script. + This is why scripts were separated and rc_firewall has changed compared to + the previous versions of fwbuilder. + + Reverting from v2.0.3 (build 421 and later) to v2.0.2 requires you to + erase nvram variable "fwb" which holds the whole script in the new builds. + +New features in the built in policy installer + + * added an option for test run. When this option is activated, policy + script is pushed to the firewall and is executed but is not stored + there permanently. Firewall reverts to the last working configuration + after reboot. + * implemented compression of the firewall script for Linksys/Sveasoft + combo. Using gzip and uuencode/uudecode to compress the script and + store it in flash variable 'fwb'. Installer prints flash memory stats + after commiting changes. Installer uses scp to copy firewall script to + the firewall and autogenerated prompt to detect when it logged in; it + does not depend on Linksys shell prompt anymore. + * added an option to schedule automatic firewall reboot in specified + time (in minutes) after policy activation. This option is available + for all firewall platforms but PIX. This option only works if user + requested policy activation in a test mode, in which case policy is + copied and activated on the firewall but not stored in the permanent + location. After reboot the firewall reverts to the previous version of + the policy. To cancel scheduled reboot, run installer again with "test + run" option turned off. Installer stores the policy in the permanent + location, activates it and cancels scheduled reboot. The commands used + to schedule reboot and cancel it depend on the host os of the + firewall. On Linux, it will use "shutdown -r +NN" and "shutdown -c". + On *BSD systems it uses "shutdown -r +NN" and a combination of ps and + awk to find and kill shutdown when reboot is canceled. Installer uses + "reboot" and kills it with "killall" on linksys. + * All manipulations that installer does on the firewall are programmed + in little one-line scripts stored in resource file for each supported + OS the firewall is running. These are in /usr/share/fwbuilder/os on + Linux/*BSD or in C:\FWBuilder\resources\os on Windows. Users can hack + commands in these files to make installer work with host OS that is + not supported by default. Currently, the GUI only looks for the + OS-specific resource files in the system-wide directory. Future + versions will also look in a predefined directory in users' home. + Directory path to be defined later. + * Added option "output file name" to firewall settings dialogs for all + platforms. User can specify the name for the output file; this name is + then used by built in installer in place of a macro %FWSCRIPT%. + +New features in policy compiler for iptables + + * implemented feature request #1023430: "add checkbox for INVALID + support in fw settings". Added two checkboxes to the firewall settings + dialog: one adds a rule to drop INVALID packets and another adds + logging to the rule. + * rules that permit packets associated with ESTABLISHED,RELATED states + moved to the beginning of the script before NAT rules. + * bug #1022216: "negated time produces incorrect iptables rule". + Implemented negation for the "Time" rule element for iptables + * using abbreviated versions of "--dport", "--sport", "--dports", + "--sports" options to make generated iptables script smaller. Also + changed the name of the variables used to hold IP address of dynamic + interface from "interface_" to "i_". All this should + help to fit larger policies into small flash on linksys. These changes + shrunk my test script from 7964 bytes to 7430 bytes + * Generated iptables script flushes only secondary ip addresses on + interfaces during initialization phase if option "configure + interfaces" is on. This should fix a bug that caused linksys/sveasoft + unit to lose default route upon reboot if external interface has + static IP address. + * Generated script checks if /usr/sbin/ip exists on the firewall before + it tries to use it to verify interfaces and configure IP addresses. + This check is only performed if user activated options that use this + tool. An error message "Interface eth0 does not exist" was generated + if package iproute2 was not installed on the firewall, which was + confusing. + +New features in policy compiler for PF + + * A NAT rule of type DNAT (rdr rule) is assigned to an interface of the + firewall if interface object or its address object is used in ODst. To + get rdr rule without interface assignment, use an Address or a Host + object that has the same IP address as that of firewall's interface + but that is not a child of an interface. This is the same approach + that is used in iptables. + * Compiler for pf always uses tables; this breaks compatibility with + older OpenBSD systems (3.2 and 3.3) + * Compiler for pf puts interface name in a table for rules that use + multiple objects in src or dst and one of these objects is dynamic + interface of the firewall that is being processed. Using dynamic + interface of another object in a rule is still considered an error. + Compiler puts the name of dynamic interface in a table verbatim, + without brackets '(' ')' since pf does not replace dynamic interface + with its address dynamically if it is used in a table (pfctl issues an + error if interface is put in brackets) + * added an option to permit tcp sessions opened prior to firewall + restart. This is needed now since compiler generates "flags S/SA" for + the "keep state" and "modulate state" rules which means firewall won't + permit TCP sessions unless it saw opening SYN packet. + * bug #1028973: fwb_pf: missing "flags S/SA" in front of "modulate + state". Compiler adds "flags S/SA" to policy rules that use either + "keep state" or "modulate state" options. + * bug #1028980: "need an option to turn logging on on fallback rule". + Option has been added. + +Bugs fixed in libfwbuilder API: + + * bug #1022788: "GUI corrupts XML file after creating a second + firewall". Global object ID counter was getting reset every time new + FWObjectDatabase object was created. This lead to the ID collision if + user quickly created and deleted complex objects (such as Firewall) + and used database merge. This should also fix bug #1022785: "GUI + corrupts XML file after creating a host entry" + * fixed bug (no number): all references to the interfaces, as well as + their IP and MAC addresses, in policy and NAT rules should be replaced + when Firewall object is duplicated. Until now only references to the + firewall object itself and to its interfaces were replaced with + references to the newly created copies of object. References to IP and + MAC addresses still pointed at the old objects. + +Bugs fixed in GUI: + + * bug (no number): after deleting a library firewall objects that belong + to it were not removed from the pull-down list + * bug #1026945: '"Save As" does not work if current file is in RCS' + * bug #1028078: "options.png is not displayed for "Assume firewall is + part..." + * bug #1035132: "compile errors with default Linksys firewall object". + This bug has been introduced in build 435. When user created a new + firewall object using one of the template objects, the GUI would add + bunch of garbage to the firewall options. This garbage violated XML + DTD, so compilers and the GUI would not accept the data file anymore. + * bug #1035130: 'Persistent "Save" dialog box'. Certain combination of + actions on user's part used to lead to an indefinite loop of "do you + want to save the data" dialogs. The problem was triggered if user + skipped choosing a name for the new file in startup dialog. + +Bugs fixed in iptables policy compiler fwb_ipt: + + * bug #1024861: "optimizer is broken in fwb_ipt". Used idea and a patch + by Mark Vevers . Fixed compiler fwb_ipt generates + more efficient iptables script for rules with multiple objects in all + rule elements. The script is smaller and eliminates unnecessary + comparisons for packet attributes. Every attribute (i.e. source + address, destination address, protocol and port numbers) is checked by + the script only once. This should help reduce load on firewalls with + lots of complex rules. + * bug #1026509: "incorrect rules generated for dual negation with time". + Compiler generated incorrect iptables commands for rules that had + negation in two or more rule elements, one of which was Time. + * bug #1026794: multiple SRC ntwks --> "iptables: invalid argument". + Recent changes in optimizer introduced this bug. Rules with multiple + objects in src or dst, TCP service, action Reject and option "reject + with TCP RST" would generate iptables command that used option + "--reject-with tcp-reset" without "-p tcp" + +Bugs fixed in iptables policy compiler fwb_pf: + + * bug #1006906: "Negated network causes pass on network". Compiler for + pf uses native negation syntax that is now available in pf + * bug (no num): "firewall settings" dialog for OpenBSD pf did not save + option "Use tables". Since compiler is always using tables, this + option was removed from the dialog. + + ---------------------------------------------------------------------- + + Last modified: Thu Sep 30 20:16:23 PDT 2004 diff --git a/doc/ReleaseNotes_2.0.4.html b/doc/ReleaseNotes_2.0.4.html new file mode 100644 index 000000000..9ee827a91 --- /dev/null +++ b/doc/ReleaseNotes_2.0.4.html @@ -0,0 +1,381 @@ + + + + + + + +

Firewall Builder Release Notes

+
+

Version 2.0.4

+
+

+Released 12/02/04 +
+GUI and compilers v2.0.4 require API library libfwbuilder version 2.0.4 +
+

Summary

+

+ +

+For those who wish to build from source, instructions are outlined +in the document "Install and Build instructions" on our web site here + +

What's new

+
    + +
  • Improvements in the GUI +

    +

      +
    • improved error handling: if the GUI is started with a + file on the command line or is configured to open a file + automatically on startup and RCS can not check the file out, + the GUI will come up empty (with only standard objects + loaded). Previously in a situation when the GUI was + configured to open a file automatically, but the file could + not be checked out, there was no way to cancel this + automatic file open operation since the GUI would never come + up.
      • + +
    • Added Japanese translation by Tadashi Jokagi + <elf@elf.no-ip.org>
      • + +
    • Added Russian translation by RusBusinessSecurity Co. Ltd., + Russia. This translation is fairly complete but is still + considered preliminary. Bug reports and suggestions are very + welcome. +
      • + +
    + + +
  • Improvements in the built-in policy installer +

    +

      +
    • Built-in installer checks exit status of the script it + runs on the firewall and aborts installation sequence if it + detects an error. OS resource files have been updated + accordingly so they return exit status '1' in case of error + and '0' when they succeed.
      • + +
    • Added an option to push PIX configuration to a standby + firewall at the end of install.
      • + +
    • Added support in installer for new configuration script + formats for PIX: +

      +

        +
      1. basic or old format when access lists are cleared + and added from scratch
        2. + +
      2. Access lists have unique names each time policy is + recompiled, lists are added without clearing.
        3. + +
      3. Access lists are added with temporary names and + assigned to interfaces, then the same lists are added + with permanent names, lists are swapped and temporary + lists cleared
        4. +
      + +

      Last two methods provide for instantaneous access list + swap so that the firewall never runs with empty + lists. This helps maintain access to the firewall if + configuration is installed remotely. +

      • + +
    +
    • + +
  • Improvements in policy compiler for iptables: +

    +

      +
    • implemented Feature Request #1021201: "output + iptables-restore compatible config from fwb_ipt". Policy + compiler for iptables can use iptables-restore to activate + firewall policy. Iptables-restore provides for atomic policy + load and allows to load large policy much faster. Atomic + load means the whole filter or nat table is activated at + once, and if there is an error, nothing is changed. Compiler + generates script in three possible formats: +

      +

        +
      1. the ususal shell script that adds rules one at a + time by executing iptables command with an "-A" flag to + add a rule;
        2. + +
      2. commands are fed to iptables-restore, this format is + used when all interfaces of the firewall have static IP + addresses and script does not need to determine + addresses at run time;
        3. + +
      3. script determines IP addresses of interfaces and + discovers dynamic interfaces that were defined as a + "wildcard" interface in fwbuilder (e.g. 'ppp*'); code + that is sent to iptables-restore is generated + dynamically by the script at run time.
        4. +
      + +

      Using iptables-restore is optional and is controlled by + the checkbutton in the "Script options" tab of firewall + settings dialog. Path to iptables-restore utility can be + set in the "Paths" tab of the host settings dialog. +

      +
      • + +
    • policy installation via iptables-restore has been tested + with old versions of iptables (1.2.6a). Script need to + include "-m tcp", "-m udp" or "-m icmp", otherwise + iptables-restore does not understand options "--dport", + "--tcp-flags" and some others. Also had to use "--tcp-flags + SYN,RST,ACK SYN" instea dof "--syn" for better backwards + compatibility.
      • + +
    • A change in the script generated by fwb_ipt: if + iptables-restore is not used to load policy, generated shell + script purges existing firewall policy (all tables and + chains) and sets default chain policies after it configures + interfaces of the firewall. Previously, it would flush + tables and set default policy before it configured + interfaces.
      • + + +
    • removed code that added iptables command to the "drop" + table to drop and log all dropped packets. This rule used + obsoleted patch-o-matic patch "drop" which is not available + anymore.
      • + +
    • moved rule permitting backup ssh access from the + management station to the firewall to the top of the + script. This helps maintain ssh session, otherwise it may + stall or break because stdout buffer is filled with + diagnostic or progress output from the script that is + printed after all chains are flushed but before rule + permitting ssh to the firewall is added. If stdout buffer is + full, ssh stops and tries to send the text to the management + station but times out because firewall blocks it.
      • + + +
    +

    +
    • + +
  • Improvements in policy compiler for pf: +

    +

      +
    • Activation script for PF flushes only information about + rules, nat, source and tables (it used to flush "all"). This + preserves queue entries and states.
      • + +
    +

    +

    • + +
  • Improvements in policy compilers for all platforms: +

    +

      +
    • added support for prolog and epilog scripts for all + firewall platforms. This was available for PIX for some + time, now it has been added for all + platforms. "Prolog/Epilog" tab of the firewall settings + dialog allows for editing of two blocks of commands that + will be added to the generated firewall script + verbatim. Prolog block is added on top, while epilog block + is added at the bottom. Both prolog and epilog are expected + to be shell scripts and are added to the generated shell + script that activates firewall. For iptables and ipfw all + compiler generates is this shell script and prolog and + epilog commands are inserted into it. These commands may + execute some actions, as well as add any policy or nat + commands. For ipf and pf prolog and epilog commands are + added to the activation shell script ( .fw file); prolog is + added immediately after the command that flushes all + rules. This way user may either execute shell commands or + add policy and/or nat rules by loading them from external + file.
      • + +
    • all policy compilers properly detect an error when the + output file can not be created or overwritten and print + error message to warn the user.
      • + + +
    • Added element "Target/family" to all OS resource XML + files. Compilers use "family" resource element to determine + if host OS is supported. User may want to copy host OS + resource file to modify installer scriptlets; as long as the + family element is kept the same, compiler will accept new + resource file.
      • +
    +

    +

    • + +
    +
+ +
+
+
+ + +
+
+

Bugs fixed in GUI:

+
    +
  • bug #1077072: "CrossPlatform Firewall Builder Crash" - + pressing arrow down key on the keyboard right after the GUI + started with no firewall objects defined caused crash.
    • + +
  • bug (no num): if a library was assigned a name with + non-ascii characters, it would appear distorted in the pull-down + list in object dialogs.
    • + +
  • bug (no number) introduced in 2.0.3 when GUI crashed if user + tried to choose pull-down menu item in the firewall list after + the very first firewall object has been created.
    • + +
  • bug (no number): group object dialog corrupted object names + if they contained non-ascii characters.
    • + +
  • bug #1046345: "ipfw - no option to specify ipfw + executable". Added GUI control to let user specify alternative + path to "ipfw" on FreeBSD. Control like that was previously + available only for Mac OS X
    • + +
  • bug #1028866: "incorrect order when several rules copied + using copy/paste". Pasting multiple rules into an empty policy + caused rules to be inserted in the wrong order.
    • + +
  • bug (no number): Policy installer failed if the following + conditions were met: - it was running on Linux, FreeBSD or Mac + OS X - working directory configured in the "General" tab of the + Preferences dialog did not exist and could not be created or its + permissions did not allow user that runs the GUI to access + it
    • + +
  • Added #include to make code compile with gcc 3.4.2 + and glibc 2.3.3
    • + +
  • bug (no number): GUI could not find names of the object + libraries in external library files that user added for + automatic load in the Preferences dialog on Windows. It would + find the name of the library in the first file, but failed to + find library names in subsequent files and used the name from + the first file. Since this library was only present in the first + file, object tree was getting corrupted when the program + attempted to load this library from every file configured for + automatic pre-load. This only happened on Windows.
    • +
+ +
+
+

Bugs fixed in API:

+
    +
  • bug #1077496 ] Error compiling libfwbuilder in FreeBSD: + The problem was caused by changed major version number of libnetsnmp library + in the latest net-snmp port (v5.2)
    • + +
  • bug #1055937: "Any->all_multicasts not in INPUT Chain". Need + to check if network objects are multicasts; assume that + multicast always matches firewall object (e.g fwb_ipt will put + rule with such network object in destination in INPUT + chain)
    • + +
  • bug #1040773: need to match network address as well as + broadcast. Packets sent to the network address (192.168.1.0 for + net 192.168.1.0/24) go in the broadcast frame and behave just + like IP broadcast packets (sent to 192.168.1.1255 for the same + net)
    • + +
  • bug (no number): rule shadowing algorithm now assumes that + IPService object with protocol number '0' shades any other + service just like 'any' does.
    • + +
  • bug (no num): rule shadowing algorithm checks for IP flags + in IP service object. IP service object with protocol 0 shades + anything only if its flags are cleared. Two IP services shade + each other only if they are completely equal (protocols and all + flags settings are the same). However, IP service with protocol + 0 shades other IP service with protocol !=0 if all flags + settings are the same.
    • + +
  • change in the object database merge algorithm: when an + object database we are trying to merge has non-empty "Deleted + objects" library, deleted objects from this library should be + ignored (they used to be deleted from the current + tree). Likewise, when current tree has non-empty "Deleted + objects" library and objects in it match objects being merged + in, objects should be removed from "Deleted objects" library to + avoid creating duplicate IDs with objects being merged in.
    • + +
  • bug (no number): program crashed on FreeBSD 5.3 when using + SNMP to obtain parameters for hosts and interfaces. Crash + occurred because of use of uninitialized mutex variables in + module dns.cpp
    • + +
  • bug (no number): The API used to corrupt CustomService + object while saving data to the XML file if service code + included special characters such as '&'
    • + +
+ +
+
+

Bugs fixed in policy compiler for iptables fwb_ipt:

+
    +
  • bug #1073491: incorrect code for rules using two interfaces + with negation. If a rule had two (or more) interfaces of the + firewall in the destination, with negation, the code generated + by compiler would check one interface's address in INPUT chain + and another in FORWARD chain. It should check addresses of all + interfaces from the corresponding rule element in the INPUT + chain and also check addresses and possibly services from other + rule elements in the FORWARD chain. This bug affected rules with + two or more interfaces both in source and destination.
    • + +
  • bug #1040788: fwb_ipt and user name. Compiler used to read + environment variable "USER" to find out user's name. Sometimes + this variable is not set, which caused compiler to abort. Using + env variable LOGNAME in addition to USER.
    • + +
  • bug #1040599: "unnecessary FORWARD rules". If ip forwarding + is turned off in the host settings dialog of the linux-based + firewall, compiler should not generate rules in FORWARD + chain.
    • + +
  • bug (no number): compiler placed extra quote '"' at the end + of each NAT command in the script using iptables-restore; this + happened only if all interfaces of the firewall had static + addresses.
    • + +
  • bug (no number) in fwb_ipt that caused no-nat rules with + firewall in OSrc to be placed only in OUTPUT chain. Packets + originating on the firewall go into OUTPUT and POSTROUTING + chains, so no-nat rules must be placed in both. Other minor + improvements for NAT of the locally originated connections have + been done as well.
    • + +
  • bug (no number) where compiler for iptables used option + "--destination-port" with module "multiport" for versions of + iptables that do not understand it (1.2.6 and later, as well as + default version setting 'any'). The option should be + "--destination-ports" or "--dports".
    • + +
  • bug #1063953: "Wrong accept/multiport rule + generated". Compiler generated wrong code for rules using + multiple service objects of different types (TCP and UDP, or TCP + and ICMP etc), multiple addresses in src or dst with option that + requires using TCP RST for action REJECT. This bug was + introduced in build 453
    • + +
  • bug (no number): policy compiler for iptables used "tail -1" + in the shell script that read actual IP addresses of interfaces + of the firewall. This shell code failed to determine correct + address of an interface that was configured with a secondary + address. Reverted to using grep (I switched to tail when ran + into limitations of one of the beta builds of Sveasoft Linksys + firmware that did not have grep)
    • +
+ + + + diff --git a/doc/ReleaseNotes_2.0.4.txt b/doc/ReleaseNotes_2.0.4.txt new file mode 100644 index 000000000..e9901f58d --- /dev/null +++ b/doc/ReleaseNotes_2.0.4.txt @@ -0,0 +1,254 @@ + Firewall Builder Release Notes + +Version 2.0.4 + + Released 12/02/04 + GUI and compilers v2.0.4 require API library libfwbuilder version 2.0.4 + +Summary + + For those who wish to build from source, instructions are outlined in the + document "Install and Build instructions" on our web site here + +What's new + + * Improvements in the GUI + + * improved error handling: if the GUI is started with a file on the + command line or is configured to open a file automatically on + startup and RCS can not check the file out, the GUI will come up + empty (with only standard objects loaded). Previously in a + situation when the GUI was configured to open a file + automatically, but the file could not be checked out, there was + no way to cancel this automatic file open operation since the GUI + would never come up. + * Added Japanese translation by Tadashi Jokagi + * Added Russian translation by RusBusinessSecurity Co. Ltd., + Russia. This translation is fairly complete but is still + considered preliminary. Bug reports and suggestions are very + welcome. + + * Improvements in the built-in policy installer + + * Built-in installer checks exit status of the script it runs on + the firewall and aborts installation sequence if it detects an + error. OS resource files have been updated accordingly so they + return exit status '1' in case of error and '0' when they + succeed. + * Added an option to push PIX configuration to a standby firewall + at the end of install. + * Added support in installer for new configuration script formats + for PIX: + + 1. basic or old format when access lists are cleared and added + from scratch + 2. Access lists have unique names each time policy is + recompiled, lists are added without clearing. + 3. Access lists are added with temporary names and assigned to + interfaces, then the same lists are added with permanent + names, lists are swapped and temporary lists cleared + + Last two methods provide for instantaneous access list swap so + that the firewall never runs with empty lists. This helps + maintain access to the firewall if configuration is installed + remotely. + + * Improvements in policy compiler for iptables: + + * implemented Feature Request #1021201: "output iptables-restore + compatible config from fwb_ipt". Policy compiler for iptables can + use iptables-restore to activate firewall policy. + Iptables-restore provides for atomic policy load and allows to + load large policy much faster. Atomic load means the whole filter + or nat table is activated at once, and if there is an error, + nothing is changed. Compiler generates script in three possible + formats: + + 1. the ususal shell script that adds rules one at a time by + executing iptables command with an "-A" flag to add a rule; + 2. commands are fed to iptables-restore, this format is used + when all interfaces of the firewall have static IP addresses + and script does not need to determine addresses at run time; + 3. script determines IP addresses of interfaces and discovers + dynamic interfaces that were defined as a "wildcard" + interface in fwbuilder (e.g. 'ppp*'); code that is sent to + iptables-restore is generated dynamically by the script at + run time. + + Using iptables-restore is optional and is controlled by the + checkbutton in the "Script options" tab of firewall settings + dialog. Path to iptables-restore utility can be set in the + "Paths" tab of the host settings dialog. + + * policy installation via iptables-restore has been tested with old + versions of iptables (1.2.6a). Script need to include "-m tcp", + "-m udp" or "-m icmp", otherwise iptables-restore does not + understand options "--dport", "--tcp-flags" and some others. Also + had to use "--tcp-flags SYN,RST,ACK SYN" instea dof "--syn" for + better backwards compatibility. + * A change in the script generated by fwb_ipt: if iptables-restore + is not used to load policy, generated shell script purges + existing firewall policy (all tables and chains) and sets default + chain policies after it configures interfaces of the firewall. + Previously, it would flush tables and set default policy before + it configured interfaces. + * removed code that added iptables command to the "drop" table to + drop and log all dropped packets. This rule used obsoleted + patch-o-matic patch "drop" which is not available anymore. + * moved rule permitting backup ssh access from the management + station to the firewall to the top of the script. This helps + maintain ssh session, otherwise it may stall or break because + stdout buffer is filled with diagnostic or progress output from + the script that is printed after all chains are flushed but + before rule permitting ssh to the firewall is added. If stdout + buffer is full, ssh stops and tries to send the text to the + management station but times out because firewall blocks it. + + * Improvements in policy compiler for pf: + + * Activation script for PF flushes only information about rules, + nat, source and tables (it used to flush "all"). This preserves + queue entries and states. + + * Improvements in policy compilers for all platforms: + + * added support for prolog and epilog scripts for all firewall + platforms. This was available for PIX for some time, now it has + been added for all platforms. "Prolog/Epilog" tab of the firewall + settings dialog allows for editing of two blocks of commands that + will be added to the generated firewall script verbatim. Prolog + block is added on top, while epilog block is added at the bottom. + Both prolog and epilog are expected to be shell scripts and are + added to the generated shell script that activates firewall. For + iptables and ipfw all compiler generates is this shell script and + prolog and epilog commands are inserted into it. These commands + may execute some actions, as well as add any policy or nat + commands. For ipf and pf prolog and epilog commands are added to + the activation shell script ( .fw file); prolog is added + immediately after the command that flushes all rules. This way + user may either execute shell commands or add policy and/or nat + rules by loading them from external file. + * all policy compilers properly detect an error when the output + file can not be created or overwritten and print error message to + warn the user. + * Added element "Target/family" to all OS resource XML files. + Compilers use "family" resource element to determine if host OS + is supported. User may want to copy host OS resource file to + modify installer scriptlets; as long as the family element is + kept the same, compiler will accept new resource file. + + ---------------------------------------------------------------------- + +Bugs fixed in GUI: + + * bug #1077072: "CrossPlatform Firewall Builder Crash" - pressing arrow + down key on the keyboard right after the GUI started with no firewall + objects defined caused crash. + * bug (no num): if a library was assigned a name with non-ascii + characters, it would appear distorted in the pull-down list in object + dialogs. + * bug (no number) introduced in 2.0.3 when GUI crashed if user tried to + choose pull-down menu item in the firewall list after the very first + firewall object has been created. + * bug (no number): group object dialog corrupted object names if they + contained non-ascii characters. + * bug #1046345: "ipfw - no option to specify ipfw executable". Added GUI + control to let user specify alternative path to "ipfw" on FreeBSD. + Control like that was previously available only for Mac OS X + * bug #1028866: "incorrect order when several rules copied using + copy/paste". Pasting multiple rules into an empty policy caused rules + to be inserted in the wrong order. + * bug (no number): Policy installer failed if the following conditions + were met: - it was running on Linux, FreeBSD or Mac OS X - working + directory configured in the "General" tab of the Preferences dialog + did not exist and could not be created or its permissions did not + allow user that runs the GUI to access it + * Added #include to make code compile with gcc 3.4.2 and glibc + 2.3.3 + * bug (no number): GUI could not find names of the object libraries in + external library files that user added for automatic load in the + Preferences dialog on Windows. It would find the name of the library + in the first file, but failed to find library names in subsequent + files and used the name from the first file. Since this library was + only present in the first file, object tree was getting corrupted when + the program attempted to load this library from every file configured + for automatic pre-load. This only happened on Windows. + +Bugs fixed in API: + + * bug #1077496 ] Error compiling libfwbuilder in FreeBSD: The problem + was caused by changed major version number of libnetsnmp library in + the latest net-snmp port (v5.2) + * bug #1055937: "Any->all_multicasts not in INPUT Chain". Need to check + if network objects are multicasts; assume that multicast always + matches firewall object (e.g fwb_ipt will put rule with such network + object in destination in INPUT chain) + * bug #1040773: need to match network address as well as broadcast. + Packets sent to the network address (192.168.1.0 for net + 192.168.1.0/24) go in the broadcast frame and behave just like IP + broadcast packets (sent to 192.168.1.1255 for the same net) + * bug (no number): rule shadowing algorithm now assumes that IPService + object with protocol number '0' shades any other service just like + 'any' does. + * bug (no num): rule shadowing algorithm checks for IP flags in IP + service object. IP service object with protocol 0 shades anything only + if its flags are cleared. Two IP services shade each other only if + they are completely equal (protocols and all flags settings are the + same). However, IP service with protocol 0 shades other IP service + with protocol !=0 if all flags settings are the same. + * change in the object database merge algorithm: when an object database + we are trying to merge has non-empty "Deleted objects" library, + deleted objects from this library should be ignored (they used to be + deleted from the current tree). Likewise, when current tree has + non-empty "Deleted objects" library and objects in it match objects + being merged in, objects should be removed from "Deleted objects" + library to avoid creating duplicate IDs with objects being merged in. + * bug (no number): program crashed on FreeBSD 5.3 when using SNMP to + obtain parameters for hosts and interfaces. Crash occurred because of + use of uninitialized mutex variables in module dns.cpp + * bug (no number): The API used to corrupt CustomService object while + saving data to the XML file if service code included special + characters such as '&' + +Bugs fixed in policy compiler for iptables fwb_ipt: + + * bug #1073491: incorrect code for rules using two interfaces with + negation. If a rule had two (or more) interfaces of the firewall in + the destination, with negation, the code generated by compiler would + check one interface's address in INPUT chain and another in FORWARD + chain. It should check addresses of all interfaces from the + corresponding rule element in the INPUT chain and also check addresses + and possibly services from other rule elements in the FORWARD chain. + This bug affected rules with two or more interfaces both in source and + destination. + * bug #1040788: fwb_ipt and user name. Compiler used to read environment + variable "USER" to find out user's name. Sometimes this variable is + not set, which caused compiler to abort. Using env variable LOGNAME in + addition to USER. + * bug #1040599: "unnecessary FORWARD rules". If ip forwarding is turned + off in the host settings dialog of the linux-based firewall, compiler + should not generate rules in FORWARD chain. + * bug (no number): compiler placed extra quote '"' at the end of each + NAT command in the script using iptables-restore; this happened only + if all interfaces of the firewall had static addresses. + * bug (no number) in fwb_ipt that caused no-nat rules with firewall in + OSrc to be placed only in OUTPUT chain. Packets originating on the + firewall go into OUTPUT and POSTROUTING chains, so no-nat rules must + be placed in both. Other minor improvements for NAT of the locally + originated connections have been done as well. + * bug (no number) where compiler for iptables used option + "--destination-port" with module "multiport" for versions of iptables + that do not understand it (1.2.6 and later, as well as default version + setting 'any'). The option should be "--destination-ports" or + "--dports". + * bug #1063953: "Wrong accept/multiport rule generated". Compiler + generated wrong code for rules using multiple service objects of + different types (TCP and UDP, or TCP and ICMP etc), multiple addresses + in src or dst with option that requires using TCP RST for action + REJECT. This bug was introduced in build 453 + * bug (no number): policy compiler for iptables used "tail -1" in the + shell script that read actual IP addresses of interfaces of the + firewall. This shell code failed to determine correct address of an + interface that was configured with a secondary address. Reverted to + using grep (I switched to tail when ran into limitations of one of the + beta builds of Sveasoft Linksys firmware that did not have grep) diff --git a/doc/ReleaseNotes_2.0.5.html b/doc/ReleaseNotes_2.0.5.html new file mode 100644 index 000000000..61585335e --- /dev/null +++ b/doc/ReleaseNotes_2.0.5.html @@ -0,0 +1,212 @@ + + + + + + + +

Firewall Builder Release Notes

+
+

Version 2.0.5

+
+

+Released 01/07/05 +
+GUI and compilers v2.0.5 require API library libfwbuilder version 2.0.5 +
+

Summary

+

+This is a bugfix release; its main focus is on internationalization and usability +

+For those who wish to build from source, instructions are outlined +in the document "Install and Build instructions" on our web site here + +

What's new

+
    + +
  • Improvements in the GUI +

    +

      +
    • Fixed lots of places were strings were not properly + marked for localization, this lead to GUI showing '????' + instead of a text in some menu items and dialogs in + non-english locales
      • + +
    • properly synchronizing state of the items main menu with + state of corresponding items in the pop-up menu that appears + when user right-mouse-clicks on an object in the tree
      • + +
    • fixes for non-localized text strings in dialogs (mostly + "Continue", "Yes"/"No" etc. in many places)
      • + +
    • proper localization of the human-readable version number + text for iptables; also made info window print readable text + instead of "lt_1.2.6"
      • + +
    • cosmetic changes in some dialogs layout to make the look + better when localized text makes strings much longer
      • + +
    • firewall object dialog tab "Templates" has been hidden. It + is unlikely that this feature will be implemented in 2.0.X + series.
      • + +
    • Streamlined logic in the object editor dialog. This improves + handling of the situation when user closes dialog by clicking on + [x] while 1) there are unsaved data and/or 2) some of the + object's parameters have illegal values. The dialog behavior + also depends on the setting of the global flag "Autosave" that + causes dialog to automatically save data when user switches + between objects.
      • + +
    • when user opens data file in the old format (fwbuilder + v1.1.x, extension .xml) and after autoupgrade the program + discovers that the same file with extension .fwb already + exists, it offers the user a chance to choose different + name. If user clicks "Cancel" at this point, the program + cancel operation and reverts upgraded data file back to its + original name and version.
      • + +
    • improved behavior of the main menu "Edit" as well as + pop-up menu that appears when user right mouse clicks on an + object in the tree. Menu item "Paste" should only be enabled + if the clipboard is not empty and objects that are stored in + it can be pasted into selected object in the tree.
      • + +
    • when user clicks menu item "File/Open" to open a new + file, the GUI should save and close currently opened file + only after the user chooses new file. If user clicks Cancel + in the File/Open dialog, operation should be cancelled so + the user can continue working with currently opened + file. The same applies to operation File/New.
      • + +
    • implemented feature request: colors that are used to + color rules can be changed in Preferences dialog.
      • + +
    • main menu item "Object/New Object/Address" and + corresponding toolbar button always creates an Address + object under Objects/Addresses folder in the tree. Address + of an interface can be created using pop-up menu item "Add + IP Address"
      • + +
    • Pull-down menu "On startup" in the "General" tab of the + preferences dialog now has three items: "Load standard + objects", "Load last edited file" and "Ask user what to + do". The last item is default.
      • + +
    • Updated Japanese and Russian translations
      • +
    +
    • +
+ +
+
+
+ + +
+
+

Bugs fixed in GUI:

+
    +
  • bug (no num): the GUI crashed when user tried to add a + library file for auto-load in Preferences/Libraries and the + first library object in that file had a name using non-ascii + characters
    • + +
  • bug (internal #34) the program should issue a warning when + user tries to add a library file (.fwl) that contains object + library that already exists in the opened data file.
    • + +
  • bugfixes for the behavior of the object editor + dialogs. Dialog should ask if user wants to save data and then + validate it when user clicks on [x] to close editor dialog. It + used to validate the data first, then ask if they want to close + dialog.
    • + +
  • bug (localization): RCS log entries made using non-ascii + characters used to appear as '???' in Open File and + File/Properties dialogs.
    • + +
  • localization was broken on win32 and mac os x because + translation files were not installed properly. Now fixed.
    • + +
  • bug #1092810: "Multiline RCS comments are shown as a single + line on windows". As it turned out, this bug affected all + platforms.
    • + +
  • bug (no num) that caused GUI crash when user created new + firewall object using template with three interfaces.
    • +
+ +
+
+

Bugs fixed in API:

+
    +
  • bug #1068119: "additional whitespace for Rule comments in + .fw file". Added extra space between rule number and interface + spec in rule comments.
    • +
+ +
+
+

Bugs fixed in policy compiler for iptables fwb_ipt:

+
    +
  • bug #1089586: "default --icmp-type value is 0 in iptables < + 1.2.9". The problem concerns policy rules using service object + "any ICMP". A rule like this is supposed to match any ICMP + packet. Few versions ago I had to add option "-m icmp" (and "-m + udp", "-m tcp") because I've discovered that iptables-restore on + some systems (linksys sveasoft firmware, iptables v1.2.11) + refused to load rules without it. Now it turns out that iptables + v < 1.2.9 (tested on 1.2.6a and 1.2.7a) implicitly adds + equivalent of "--icmp-type 0" to rules with "-p icmp -m icmp" + and without "--icmp-type" option. Since type 0 is actually icmp + echo reply, a rule like this does not match "any ICMP" as it was + supposed to do. Iptables 1.2.9 implicitly adds "--icmp-type 255" + which matches any icmp type. Using "--icmp-type 255" on iptables + 1.2.6 and 1.2.7 does not work (a rule does not match icmp + packets with type different from 255). The fix generates "-p + icmp -m icmp --icmp-type any" for iptables 1.2.9 and later, as + well as when iptables version is not specified in the firewall + object settings. It generates just "-p icmp" for versions < + 1.2.9.
    • + +
  • bug #1092141: "irritating FORWARD rule for established + connections". Need rule in FORWARD chain only if ip forwarding + is on or set to "no change"
    • + +
  • bug #1059393: "function getaddr failed for + eth1.0020". Generated script can now work with interfaces that + have a dot in their name (such as "eth1.0020" - vlan interface)
    • + +
+ + + +
+
+

Bugs fixed in policy compiler for ipfw fwb_ipfw:

+
    +
  • bug #1089866: "multiple services in one rule confuses ipfw + compiler". If several UDP or TCP objects were used in the same + policy rule and these service objects had source port ranges + defined, the compiler would produce incorrect code by combining + source port range specifications together in the same ipfw + command.
    • + +
  • bug #1093461: "problem with 'established' in ipfw". Ipfw + requires protocol to be set to 'tcp' if option 'established' is + used in a rule.
    • + +
  • bug #1093472: "ipfw port range(s) errors". There can only be + one port range in a single ipfw rule.
    • + +
  • bug #1093620: "path (to ipfw) with spaces fails". Generated + script failed if path to ipfw contained space. I only worked + around this problem for ipfw; paths to sysctl and logger must be + standard and never contain spaces.
    • + +
+ + + diff --git a/doc/ReleaseNotes_2.0.5.txt b/doc/ReleaseNotes_2.0.5.txt new file mode 100644 index 000000000..fdc46f4ad --- /dev/null +++ b/doc/ReleaseNotes_2.0.5.txt @@ -0,0 +1,140 @@ + Firewall Builder Release Notes + +Version 2.0.5 + + Released 01/07/05 + GUI and compilers v2.0.5 require API library libfwbuilder version 2.0.5 + +Summary + + This is a bugfix release; its main focus is on internationalization and + usability + + For those who wish to build from source, instructions are outlined in the + document "Install and Build instructions" on our web site here + +What's new + + * Improvements in the GUI + + * Fixed lots of places were strings were not properly marked for + localization, this lead to GUI showing '????' instead of a text + in some menu items and dialogs in non-english locales + * properly synchronizing state of the items main menu with state of + corresponding items in the pop-up menu that appears when user + right-mouse-clicks on an object in the tree + * fixes for non-localized text strings in dialogs (mostly + "Continue", "Yes"/"No" etc. in many places) + * proper localization of the human-readable version number text for + iptables; also made info window print readable text instead of + "lt_1.2.6" + * cosmetic changes in some dialogs layout to make the look better + when localized text makes strings much longer + * firewall object dialog tab "Templates" has been hidden. It is + unlikely that this feature will be implemented in 2.0.X series. + * Streamlined logic in the object editor dialog. This improves + handling of the situation when user closes dialog by clicking on + [x] while 1) there are unsaved data and/or 2) some of the + object's parameters have illegal values. The dialog behavior also + depends on the setting of the global flag "Autosave" that causes + dialog to automatically save data when user switches between + objects. + * when user opens data file in the old format (fwbuilder v1.1.x, + extension .xml) and after autoupgrade the program discovers that + the same file with extension .fwb already exists, it offers the + user a chance to choose different name. If user clicks "Cancel" + at this point, the program cancel operation and reverts upgraded + data file back to its original name and version. + * improved behavior of the main menu "Edit" as well as pop-up menu + that appears when user right mouse clicks on an object in the + tree. Menu item "Paste" should only be enabled if the clipboard + is not empty and objects that are stored in it can be pasted into + selected object in the tree. + * when user clicks menu item "File/Open" to open a new file, the + GUI should save and close currently opened file only after the + user chooses new file. If user clicks Cancel in the File/Open + dialog, operation should be cancelled so the user can continue + working with currently opened file. The same applies to operation + File/New. + * implemented feature request: colors that are used to color rules + can be changed in Preferences dialog. + * main menu item "Object/New Object/Address" and corresponding + toolbar button always creates an Address object under + Objects/Addresses folder in the tree. Address of an interface can + be created using pop-up menu item "Add IP Address" + * Pull-down menu "On startup" in the "General" tab of the + preferences dialog now has three items: "Load standard objects", + "Load last edited file" and "Ask user what to do". The last item + is default. + * Updated Japanese and Russian translations + + ---------------------------------------------------------------------- + +Bugs fixed in GUI: + + * bug (no num): the GUI crashed when user tried to add a library file + for auto-load in Preferences/Libraries and the first library object in + that file had a name using non-ascii characters + * bug (internal #34) the program should issue a warning when user tries + to add a library file (.fwl) that contains object library that already + exists in the opened data file. + * bugfixes for the behavior of the object editor dialogs. Dialog should + ask if user wants to save data and then validate it when user clicks + on [x] to close editor dialog. It used to validate the data first, + then ask if they want to close dialog. + * bug (localization): RCS log entries made using non-ascii characters + used to appear as '???' in Open File and File/Properties dialogs. + * localization was broken on win32 and mac os x because translation + files were not installed properly. Now fixed. + * bug #1092810: "Multiline RCS comments are shown as a single line on + windows". As it turned out, this bug affected all platforms. + * bug (no num) that caused GUI crash when user created new firewall + object using template with three interfaces. + +Bugs fixed in API: + + * bug #1068119: "additional whitespace for Rule comments in .fw file". + Added extra space between rule number and interface spec in rule + comments. + +Bugs fixed in policy compiler for iptables fwb_ipt: + + * bug #1089586: "default --icmp-type value is 0 in iptables < 1.2.9". + The problem concerns policy rules using service object "any ICMP". A + rule like this is supposed to match any ICMP packet. Few versions ago + I had to add option "-m icmp" (and "-m udp", "-m tcp") because I've + discovered that iptables-restore on some systems (linksys sveasoft + firmware, iptables v1.2.11) refused to load rules without it. Now it + turns out that iptables v < 1.2.9 (tested on 1.2.6a and 1.2.7a) + implicitly adds equivalent of "--icmp-type 0" to rules with "-p icmp + -m icmp" and without "--icmp-type" option. Since type 0 is actually + icmp echo reply, a rule like this does not match "any ICMP" as it was + supposed to do. Iptables 1.2.9 implicitly adds "--icmp-type 255" which + matches any icmp type. Using "--icmp-type 255" on iptables 1.2.6 and + 1.2.7 does not work (a rule does not match icmp packets with type + different from 255). The fix generates "-p icmp -m icmp --icmp-type + any" for iptables 1.2.9 and later, as well as when iptables version is + not specified in the firewall object settings. It generates just "-p + icmp" for versions < 1.2.9. + * bug #1092141: "irritating FORWARD rule for established connections". + Need rule in FORWARD chain only if ip forwarding is on or set to "no + change" + * bug #1059393: "function getaddr failed for eth1.0020". Generated + script can now work with interfaces that have a dot in their name + (such as "eth1.0020" - vlan interface) + +Bugs fixed in policy compiler for ipfw fwb_ipfw: + + * bug #1089866: "multiple services in one rule confuses ipfw compiler". + If several UDP or TCP objects were used in the same policy rule and + these service objects had source port ranges defined, the compiler + would produce incorrect code by combining source port range + specifications together in the same ipfw command. + * bug #1093461: "problem with 'established' in ipfw". Ipfw requires + protocol to be set to 'tcp' if option 'established' is used in a rule. + * bug #1093472: "ipfw port range(s) errors". There can only be one port + range in a single ipfw rule. + * bug #1093620: "path (to ipfw) with spaces fails". Generated script + failed if path to ipfw contained space. I only worked around this + problem for ipfw; paths to sysctl and logger must be standard and + never contain spaces. diff --git a/doc/ReleaseNotes_2.0.6.html b/doc/ReleaseNotes_2.0.6.html new file mode 100644 index 000000000..e794b3740 --- /dev/null +++ b/doc/ReleaseNotes_2.0.6.html @@ -0,0 +1,259 @@ + + + + + + + +

Firewall Builder Release Notes

+
+

Version 2.0.6

+
+

+ Released 02/17/05 +
+ GUI and compilers v2.0.6 require API library libfwbuilder version 2.0.6 +
+

Summary

+

+ This release adds ability to print firewall rulesets +

+ For those who wish to build from source, instructions are outlined + in the document "Install and Build instructions" on our web site here + +

What's new

+
    + +
  • Improvements in the GUI +

    +

      +
    • Support for printing of firewall rulesets: +

      +

        +
      • prints policies and NAT rules for the currently + opened firewall object
        • + +
      • can print a header on each page, header includes + file name, RCS revision number and page number. Header + can be turned off
        • + +
      • can print a legend at the end of the + printout. Legend shows each icon and what object type it + corresponds to. Printing of the legend can be turned + off.
        • + +
      • can print a list of objects used in all rules of the + firewall. Each object is accompanied with a brief + summary of its parameters. This can be turned off as + well.
        • + +
      • While printing rule sets, the program will break the + table on the boundary of a rule when it reaches end of + the page
        • + +
      • Rule sets are printed as screenshots of the same + table widget used in the GUI. The user can change + scaling factor for the tables to make them fit on the + page
        • + +
      • Printing has been tested on Linux, Windows and Mac + OS X
        • +
      +
      • + +
    • slightly changed logic with user warnings in the object + removal code. The program asks the user for confirmation if + they remove an ordinary object from a regular + library. Confirmation is not asked if object is removed from + "Deleted objects" library or when a library is being deleted + (in this case we ask a different quastion later + anyway). This helps avoid double warning when a library is + deleted. +

      +

      • + +
    • New service objects: +
        +
      • TCP service objects for regular VNC viewer (displays + 0 and 1) and Java VNC viewer (displays 0 and 1)
        • +
      • UDP service object for OpenVPN
        • +
      +
      • +
    +
    • + +
  • Improvements in compiler for iptables fwb_ipt +

    +

      +
    • implemented feature req. #1112980: "Need unique names + for accounting rules". User can now specify a unique name + for rules with action 'Accounting'; this name will be + converted to a chain name. This simplifies accounting since + chain name for such rule won't change if the user adds or + removes rules above or below.
      • +
    +
    • +
+ +
+
+
+ + +
+
+

Bugs fixed in GUI:

+
    +
  • bug #1107838: "bug in configure script in fwbuilder + 2.0.6". Need to specify path "./" when calling runqmake.sh
    • + +
  • bug #1109631: "can not copy firewall script to /etc on + Linksys". Added an option ot all OS resource files that + determines whether user is allowed to change installation + directory on the firewall. Currently it is allowed on all + supported OS except Linksys/Sveasoft because there /etc/ resides + on read-only filesystem
    • + +
  • bug #1109174: "Cannot print rule base" - implemented + printing
    • + +
  • bug #1111244 "GUI allows to add more than one MAC address to + an interface". There can only be one MAC address for each + interface.
    • + +
  • bug #1112264: "Load last edited file" setting doesn't + work. This was broken only on Mac OS X.
    • + +
  • bug #1112764: "some Objects are partially obscured in + printout". Parts of the "Objects" table were clipped.
    • + +
  • bug #1112776: "some items touching seperator lines on + printouts". Rule elements "Action", "Direction", "Options" and + "Comment" were placed right at the top of the table cell which + led to their clipping when rule set was printed on Mac OS + X. Need more testing.
    • + +
  • bug #1115412: "Problem installer FWbuilder 2.0.5 for + Windows". Switched to command line option "-l" to specify user + name for external ssh in installer. This was necessary because + Van Dyke SecureCRT on Windows does not support user@host syntax.
    • + +
  • bug #1030538: "incorrect highlighting when selecting + multiple rules". This bug seems to be specific to Mac OS X
    • + +
  • support request #1118039: "Error when Windows client calls + plink -ssh". The problem is that putty ignores protocol and port + specified in the session file if command line option -ssh is + given. On the other hand, the sign of session usage is an empty + user name, so we can check for that. If user name is empty, then + putty will use current Windows account name to log in to the + firewall and this is unlikely to work anyway. This seems to be a + decent workaround.
    • + +
  • bug #1118717: "fwbuilder 206 on Windows XP SP2: error + checking out". Env variable USERNAME was not set in user's + profile, which triggered this bug. Now using getuid to get user + name on Unix and GetUserName on Windows. This should make the + program more resilient for situations when environment variable + LOGNAME or USERNAME is not set
    • + +
  • bug #1120904: "GUI hangs when accessing RCS file". Improved + parsing of rlog output.
    • +
+ +
+
+

Bugs fixed in API:

+
    +
  • bug #1108861: "two rules using MAC address matching shadow + each other". Need to check for MAC addresses while processing + rules for shadowing.
    • + +
  • bug #1105167: "Crash when importing a library that has been + deleted".
    • + + +
+ +
+
+

Bugs fixed in policy compiler for iptables fwb_ipt:

+
    +
  • bug #1106701: 'backup ssh access' and statefulness + interation. Need to add rules matching states ESTABLISHED and + RELATED for the backup ssh access to make sure it works even if + global rule matching these states is disabled.
    • + +
  • bug #1101910: "Samba problem with Bridged Firewall". Need to + split rule to take care of broadcasts forwarded by the bridge + and broadcasts that are accepted by the firewall itself. Need to + do this only if the rule is not associated with any bridging + interface.
    • + +
  • bug #1102629: "lost chain in accounting rules". Rules with + multiple objects in one of the rule elements and action + 'Accounting' generated code that ignored objects in that rule + element
    • + +
  • bug #1112976: "Accounting rule with logging produces looped + iptables command"
    • + +
  • bug #1112470: "Problem with FW part of ANY in Bridged mode". + If fw is considered part of any, we should place rule in + INPUT/OUTPUT chains even if it is a bridging fw since fw itself + may send or receive packets.
    • + +
  • bug #1123748 "busybox grep -E". Busybox does not support + option "-E" with grep, however it has "egrep".
    • + +
  • bug #1123933 "iptables add_addr() expr binary not found". As + it turns out, /usr/bin/ is not in PATH during boot time on + Slackware. I added /usr/bin/ to PATH variable in generated + iptables script.
    • +
+ + +
+
+

Bugs fixed in policy compiler for pf fwb_pf:

+
    +
  • bug #1105755 "Custom Service objects not working for PF + compiler".User tried to generate a nat rule like this using + CustomService object: +

    +

    + nat on eth1 proto {tcp udp icmp gre} from 192.168.1.0/24 to any -> 22.22.22.22 +
    +

    + Taken from the bug report: +

    + as it turned out, I can not fix this. You are trying to use + Custom Service object to insert protocol list into a "nat" + rule. Normally, a service object such as TCP or UDP service + generates two components for any rule where it is used: a + protocol specification and port specification (type/ code spec + for ICMP). PF is sensitive to the order of parameters in the + rule, in particular, protocol must be defined after interface + but before src/dst addresses in the rule, while port numbers + go after addresses. Compiler easily retrieves this + information from IP, TCP, UDP and ICMP services and places it + in a proper slots in the rule it generates. CustomService + does not have a notion of protocol and parameters for it, so + compiler puts a string that is configured in the CustomService + in the place reserved for port numbers. This means you can not + use CustomService to specify protocols. +

    + There still was a bug in fwb_pf where it would print + "custom_service" in place of protocol. This is fixed in 2.0.6 + build 542. Protocols can not be inserted with Custom Service + though. +

    + Feature request #1111267 "CustomService should specify protocol + and parameters for it" has been opened +

    • +
+ + + + diff --git a/doc/ReleaseNotes_2.0.6.txt b/doc/ReleaseNotes_2.0.6.txt new file mode 100644 index 000000000..5a76f75bd --- /dev/null +++ b/doc/ReleaseNotes_2.0.6.txt @@ -0,0 +1,166 @@ + Firewall Builder Release Notes + +Version 2.0.6 + + Released 02/17/05 + GUI and compilers v2.0.6 require API library libfwbuilder version 2.0.6 + +Summary + + This release adds ability to print firewall rulesets + + For those who wish to build from source, instructions are outlined in the + document "Install and Build instructions" on our web site here + +What's new + + * Improvements in the GUI + + * Support for printing of firewall rulesets: + + * prints policies and NAT rules for the currently opened + firewall object + * can print a header on each page, header includes file name, + RCS revision number and page number. Header can be turned + off + * can print a legend at the end of the printout. Legend shows + each icon and what object type it corresponds to. Printing + of the legend can be turned off. + * can print a list of objects used in all rules of the + firewall. Each object is accompanied with a brief summary of + its parameters. This can be turned off as well. + * While printing rule sets, the program will break the table + on the boundary of a rule when it reaches end of the page + * Rule sets are printed as screenshots of the same table + widget used in the GUI. The user can change scaling factor + for the tables to make them fit on the page + * Printing has been tested on Linux, Windows and Mac OS X + + * slightly changed logic with user warnings in the object removal + code. The program asks the user for confirmation if they remove + an ordinary object from a regular library. Confirmation is not + asked if object is removed from "Deleted objects" library or when + a library is being deleted (in this case we ask a different + quastion later anyway). This helps avoid double warning when a + library is deleted. + + * New service objects: + + * TCP service objects for regular VNC viewer (displays 0 and + 1) and Java VNC viewer (displays 0 and 1) + * UDP service object for OpenVPN + + * Improvements in compiler for iptables fwb_ipt + + * implemented feature req. #1112980: "Need unique names for + accounting rules". User can now specify a unique name for rules + with action 'Accounting'; this name will be converted to a chain + name. This simplifies accounting since chain name for such rule + won't change if the user adds or removes rules above or below. + + ---------------------------------------------------------------------- + +Bugs fixed in GUI: + + * bug #1107838: "bug in configure script in fwbuilder 2.0.6". Need to + specify path "./" when calling runqmake.sh + * bug #1109631: "can not copy firewall script to /etc on Linksys". Added + an option ot all OS resource files that determines whether user is + allowed to change installation directory on the firewall. Currently it + is allowed on all supported OS except Linksys/Sveasoft because there + /etc/ resides on read-only filesystem + * bug #1109174: "Cannot print rule base" - implemented printing + * bug #1111244 "GUI allows to add more than one MAC address to an + interface". There can only be one MAC address for each interface. + * bug #1112264: "Load last edited file" setting doesn't work. This was + broken only on Mac OS X. + * bug #1112764: "some Objects are partially obscured in printout". Parts + of the "Objects" table were clipped. + * bug #1112776: "some items touching seperator lines on printouts". Rule + elements "Action", "Direction", "Options" and "Comment" were placed + right at the top of the table cell which led to their clipping when + rule set was printed on Mac OS X. Need more testing. + * bug #1115412: "Problem installer FWbuilder 2.0.5 for Windows". + Switched to command line option "-l" to specify user name for external + ssh in installer. This was necessary because Van Dyke SecureCRT on + Windows does not support user@host syntax. + * bug #1030538: "incorrect highlighting when selecting multiple rules". + This bug seems to be specific to Mac OS X + * support request #1118039: "Error when Windows client calls plink + -ssh". The problem is that putty ignores protocol and port specified + in the session file if command line option -ssh is given. On the other + hand, the sign of session usage is an empty user name, so we can check + for that. If user name is empty, then putty will use current Windows + account name to log in to the firewall and this is unlikely to work + anyway. This seems to be a decent workaround. + * bug #1118717: "fwbuilder 206 on Windows XP SP2: error checking out". + Env variable USERNAME was not set in user's profile, which triggered + this bug. Now using getuid to get user name on Unix and GetUserName on + Windows. This should make the program more resilient for situations + when environment variable LOGNAME or USERNAME is not set + * bug #1120904: "GUI hangs when accessing RCS file". Improved parsing of + rlog output. + +Bugs fixed in API: + + * bug #1108861: "two rules using MAC address matching shadow each + other". Need to check for MAC addresses while processing rules for + shadowing. + * bug #1105167: "Crash when importing a library that has been deleted". + +Bugs fixed in policy compiler for iptables fwb_ipt: + + * bug #1106701: 'backup ssh access' and statefulness interation. Need to + add rules matching states ESTABLISHED and RELATED for the backup ssh + access to make sure it works even if global rule matching these states + is disabled. + * bug #1101910: "Samba problem with Bridged Firewall". Need to split + rule to take care of broadcasts forwarded by the bridge and broadcasts + that are accepted by the firewall itself. Need to do this only if the + rule is not associated with any bridging interface. + * bug #1102629: "lost chain in accounting rules". Rules with multiple + objects in one of the rule elements and action 'Accounting' generated + code that ignored objects in that rule element + * bug #1112976: "Accounting rule with logging produces looped iptables + command" + * bug #1112470: "Problem with FW part of ANY in Bridged mode". If fw is + considered part of any, we should place rule in INPUT/OUTPUT chains + even if it is a bridging fw since fw itself may send or receive + packets. + * bug #1123748 "busybox grep -E". Busybox does not support option "-E" + with grep, however it has "egrep". + * bug #1123933 "iptables add_addr() expr binary not found". As it turns + out, /usr/bin/ is not in PATH during boot time on Slackware. I added + /usr/bin/ to PATH variable in generated iptables script. + +Bugs fixed in policy compiler for pf fwb_pf: + + * bug #1105755 "Custom Service objects not working for PF compiler".User + tried to generate a nat rule like this using CustomService object: + + nat on eth1 proto {tcp udp icmp gre} from 192.168.1.0/24 to any -> + 22.22.22.22 + + Taken from the bug report: + + as it turned out, I can not fix this. You are trying to use Custom + Service object to insert protocol list into a "nat" rule. Normally, a + service object such as TCP or UDP service generates two components for + any rule where it is used: a protocol specification and port + specification (type/ code spec for ICMP). PF is sensitive to the order + of parameters in the rule, in particular, protocol must be defined + after interface but before src/dst addresses in the rule, while port + numbers go after addresses. Compiler easily retrieves this information + from IP, TCP, UDP and ICMP services and places it in a proper slots in + the rule it generates. CustomService does not have a notion of + protocol and parameters for it, so compiler puts a string that is + configured in the CustomService in the place reserved for port + numbers. This means you can not use CustomService to specify + protocols. + + There still was a bug in fwb_pf where it would print "custom_service" + in place of protocol. This is fixed in 2.0.6 build 542. Protocols can + not be inserted with Custom Service though. + + Feature request #1111267 "CustomService should specify protocol and + parameters for it" has been opened diff --git a/doc/ReleaseNotes_2.0.7.html b/doc/ReleaseNotes_2.0.7.html new file mode 100644 index 000000000..42a8ece3e --- /dev/null +++ b/doc/ReleaseNotes_2.0.7.html @@ -0,0 +1,271 @@ + + + + + + + +

Firewall Builder Release Notes

+
+

Version 2.0.7

+
+

+ Released 05/08/2005 +
+ GUI and compilers v2.0.7 require API library libfwbuilder version 2.0.7 +
+

Summary

+

+ This is a bug fix release +

+ For those who wish to build from source, instructions are outlined + in the document "Install and Build instructions" on our web site here + +

What's new

+
    +
  • Improvements in the GUI +

    +

      +
    • implemented feature req. #1151220: "Close" button should + change is caption/title to "Install". When user clicks + "Install" toolbar button or main menu item, the "Close" + button in the pop-up window that displays compiler progress + changes its text caption to "Install"
      • + +
    • implemented feature request #1151206: "Search for IP + Addresses". "Find" dialog searches for objects by a + combination of name and one of the following attributes: + address, tcp/udp port, ip protocol number or icmp message + type. Regular expressions can be used for both name and + attribute.
      • + +
    • Support for SNMP operations has been added in Windows + packages of Firewall Builder
      • +
    +
    • + +
  • Improvements in built-in installer: +

    + User can specify additional command line parameters for ssh + that built-in installer runs to access firewall. This allows + for alternative ssh port or alternative ssh identity to be + used when accessing firewall. Parameters can be added in the + "Installer" tab of firewall settings dialog for all + platforms. +

    +
    • + +
  • Improvements in compiler for ipfilter fwb_ipf +

    + Added support for dynamic addresses in ipfilter. Actual + address of dynamic interface is now determined at run-time + in the policy activation script <firewall_name>.fw + generated by fwbuilder. If dynamic interface is used + somewhere in the policy or nat rules, it will be replaced + with its actual address by activation script before + configuration is sent to ipf or ipnat for activation. This + run-time substitution is done only if a checkbox is checked + in the "Script options" tab of firewall settings + dialog. Default behavior is to use "any". This is because + ipfilter configuration files <firewall>-ipf.conf and + <firewall>-nat.conf that rely on run-time substitution + of dynamic interface address can not be loaded using + standard activation scripts that come with FreeBSD. +

    +

    + Generated script uses function getaddr() to determine + address of dynamic interface. This function falls back to + 0.0.0.0/32 if dynamic interface has not been assigned an + address yet or is down. Ipfilter policy using run-time + substitution of dynamic interface addresses will be + functional even if these interfaces are down or do not have + IP address. +

    +
    • + +
  • Improvements in compiler for iptables fwb_ipt +

    + Generated iptables script sets default policies to DROP in + all ipv6 filter chains. More detailed control can be + implemented using prolog or epilog scripts. +

    + Note that this changes behavior of the generated iptables + script with respect to IPv6. Until now, the script just + ignored IPv6 but some people felt this leaves a hole in the + firewall and asked me to make the script close it. Generated + shell code will check if ip6tables is installed on the + system and if it actually works before setting default + policies to DROP. This means it won't try to do it if + ip6tables is not installed or if it is present, but IPv6 is + not compiled into the kernel (so ip6tables does not work and + generates errors). +

    +
    • +
+ +
+
+
+ + +
+
+

Bugs fixed in GUI:

+
    +
  • bug #1151052: "Not external interfaces marked as + external". Dialog for an interface object that belongs to a host + should not show checkbox "external (insecure) interface"
    • + +
  • bug #1151212: "Collapsed sub-objects shouldn't be added if + they are hidden". When user selects multiple objects in the tree + some of which have child objects, those child objects used to be + also selected and added to groups in addition to their parent + objects via drag-and-drop operation.
    • + +
  • bug #1151243: "Maintain format of description text". The GUI + ignored text formatting in object comment when displayed it in + the info panel (lower left corner of the main windows)
    • + +
  • bug #1155163: "print does not print group contents". The + program printed only number of objects contaned in object or + service groups. Now it prints lists of member objects for all + groups used in rules. If groups contain other groups, they are + printed recursively.
    • + +
  • bug #1172620: "Add tcp service object for icslap". Added + this object to the objects library "Standard".
    • + +
  • bug #1184791: "can not copy/paste multiple objects into a + group"
    • + +
+ +
+
+

Bugs fixed in API:

+
    +
  • + bug #1158870: "mutexes are not properly created on + FreeBSD". Mutexes gethostbyname_mutex and gethostbyaddr_mutex + were never created but used on OS where thread-safe resolver + is not available. +
    • + +
  • bug #1151219: "New Host creation window is not well + dimensioned". Fixed wrong dialog page layout in the new host + wizard.
    • + +
  • bug #1157976: "patches to make fwbuilder compile under + NetBSD 1.6". Applied patches.
    • + +
  • bug #1173801: '"&" character in prolog/epilog'. Needed to + call xmlEncodeSpecialChars to encode special characters in + firewall options
    • +
+ +
+
+

Bugs fixed in policy compiler for iptables fwb_ipt:

+
    +
  • + bug #1123748: "busybox grep -E". Busybox in floppyfw is + compiled without support for egrep (or grep -E). Switched to + using "plain" grep.
    • + +
  • bug #1160186: 'IPTables Compiler - Multiport Issue'. When 16 + or 31 ports were used in a single rule, compiler generated + command with conflicting options "-m multiport --dport"
    • + +
  • + bug #1176890: "block IPv6". Generated iptables script sets + default policies to DROP in all ipv6 filter chains. More + detailed control can be implemented using prolog or epilog + scripts. +

    + Note that this changes behavior of the generated iptables + script with respect to IPv6. Until now, the script just + ignored IPv6 but some people felt this leaves a hole in the + firewall and asked me to make the script close it. Generated + shell code will check if ip6tables is installed on the + system and if it actually works before setting default + policies to DROP. This means it won't try to do it if + ip6tables is not installed or if it is present, but IPv6 is + not compiled into the kernel (so ip6tables does not work and + generates errors). +

    • + +
  • bug #1176890: "block IPv6". Generated iptables script sets + default policies to DROP in all ipv6 filter chains. More + detailed control can be implemented using prolog or epilog + scripts.
    • + +
  • bug #1179103: 'compiled rules can not be + installed'. Generated iptables script could not be used on + systems with non-English locale where timezone name used local + characters because these characters were printed as hex ( + "&#21488;" ) and '&' caused problems with shell. Now using + single quotes to make shell ignore any characters in the + string. Will deal with proper printing of localazed timezone + later.
    • + +
  • bug #1181359: "Missing traling space in "INVALID state" + syslog message"
    • + +
  • bug #1195201: "getaddr function return error ip address". Yet + another change in the way we use grep to find IP addresses of an + interface on Linux. We can't use regex (bug #1123748) and need + to filter out secondary addresses from the "ip addr show" + output. It looks like "grep -v :" neatly solves the problem + without using regex.
    • + +
+ + +
+
+

Bugs fixed in policy compiler for pf fwb_ipf:

+
    +
  • bug #1173067: "support for port ranges in NAT rules + (ipfilter)" - policy compiler for ipfilter should split DNAT + rules (rdr) that use TCP or UDP objects with port ranges. A + warning is issued if more than 20 rules are created. +
    • + +
  • bug + #1173064: "support for dynamic interfaces in ipfilter". Actual + address of dynamic interface is now determined at run-time in the + policy activation script <firewall_name>.fw generated by + fwbuilder. If dynamic interface is used somewhere in the policy or + nat rules, it will be replaced with its actual address by + activation script before configuration is sent to ipf or ipnat for + activation. This run-time substitution is done only if a checkbox + is checked in the "Script options" tab of firewall settings + dialog. Default behavior is to use "any". This is because ipfilter + configuration files <firewall>-ipf.conf and <firewall>-nat.conf + that rely on run-time substitution of dynamic interface address + can not be loaded using standard activation scripts that come with + FreeBSD. +

    + This also fixes another problem in fwb_ipf where it generated rdr + and nat commands with address 0.0.0.0/32 if dynamic interface was + used in a NAT rule.

    • + +
+ + + +
+
+

Bugs fixed in policy compiler for pf fwb_pf:

+
    +
  • bug #1176051: "incorrect rule generated for TCP service + ftp-data". If a rule used several TCP or UDP service objects and + one of them has source port range configured, generated PF + filter rule incorrectly matched on a combiantion of that source + port range _and_ destination port ranges from all other service + objects. This bug affected compilers for OpenBSD PF and ipfilter
    • +
+ + + diff --git a/doc/ReleaseNotes_2.0.7.txt b/doc/ReleaseNotes_2.0.7.txt new file mode 100644 index 000000000..ed200dff2 --- /dev/null +++ b/doc/ReleaseNotes_2.0.7.txt @@ -0,0 +1,181 @@ + Firewall Builder Release Notes + +Version 2.0.7 + + Released 05/08/2005 + GUI and compilers v2.0.7 require API library libfwbuilder version 2.0.7 + +Summary + + This is a bug fix release + + For those who wish to build from source, instructions are outlined in the + document "Install and Build instructions" on our web site here + +What's new + + * Improvements in the GUI + + * implemented feature req. #1151220: "Close" button should change + is caption/title to "Install". When user clicks "Install" toolbar + button or main menu item, the "Close" button in the pop-up window + that displays compiler progress changes its text caption to + "Install" + * implemented feature request #1151206: "Search for IP Addresses". + "Find" dialog searches for objects by a combination of name and + one of the following attributes: address, tcp/udp port, ip + protocol number or icmp message type. Regular expressions can be + used for both name and attribute. + * Support for SNMP operations has been added in Windows packages of + Firewall Builder + + * Improvements in built-in installer: + + User can specify additional command line parameters for ssh that + built-in installer runs to access firewall. This allows for + alternative ssh port or alternative ssh identity to be used when + accessing firewall. Parameters can be added in the "Installer" tab of + firewall settings dialog for all platforms. + + * Improvements in compiler for ipfilter fwb_ipf + + Added support for dynamic addresses in ipfilter. Actual address of + dynamic interface is now determined at run-time in the policy + activation script .fw generated by fwbuilder. If + dynamic interface is used somewhere in the policy or nat rules, it + will be replaced with its actual address by activation script before + configuration is sent to ipf or ipnat for activation. This run-time + substitution is done only if a checkbox is checked in the "Script + options" tab of firewall settings dialog. Default behavior is to use + "any". This is because ipfilter configuration files + -ipf.conf and -nat.conf that rely on run-time + substitution of dynamic interface address can not be loaded using + standard activation scripts that come with FreeBSD. + + Generated script uses function getaddr() to determine address of + dynamic interface. This function falls back to 0.0.0.0/32 if dynamic + interface has not been assigned an address yet or is down. Ipfilter + policy using run-time substitution of dynamic interface addresses will + be functional even if these interfaces are down or do not have IP + address. + + * Improvements in compiler for iptables fwb_ipt + + Generated iptables script sets default policies to DROP in all ipv6 + filter chains. More detailed control can be implemented using prolog + or epilog scripts. + + Note that this changes behavior of the generated iptables script with + respect to IPv6. Until now, the script just ignored IPv6 but some + people felt this leaves a hole in the firewall and asked me to make + the script close it. Generated shell code will check if ip6tables is + installed on the system and if it actually works before setting + default policies to DROP. This means it won't try to do it if + ip6tables is not installed or if it is present, but IPv6 is not + compiled into the kernel (so ip6tables does not work and generates + errors). + + ---------------------------------------------------------------------- + +Bugs fixed in GUI: + + * bug #1151052: "Not external interfaces marked as external". Dialog for + an interface object that belongs to a host should not show checkbox + "external (insecure) interface" + * bug #1151212: "Collapsed sub-objects shouldn't be added if they are + hidden". When user selects multiple objects in the tree some of which + have child objects, those child objects used to be also selected and + added to groups in addition to their parent objects via drag-and-drop + operation. + * bug #1151243: "Maintain format of description text". The GUI ignored + text formatting in object comment when displayed it in the info panel + (lower left corner of the main windows) + * bug #1155163: "print does not print group contents". The program + printed only number of objects contaned in object or service groups. + Now it prints lists of member objects for all groups used in rules. If + groups contain other groups, they are printed recursively. + * bug #1172620: "Add tcp service object for icslap". Added this object + to the objects library "Standard". + * bug #1184791: "can not copy/paste multiple objects into a group" + +Bugs fixed in API: + + * bug #1158870: "mutexes are not properly created on FreeBSD". Mutexes + gethostbyname_mutex and gethostbyaddr_mutex were never created but + used on OS where thread-safe resolver is not available. + * bug #1151219: "New Host creation window is not well dimensioned". + Fixed wrong dialog page layout in the new host wizard. + * bug #1157976: "patches to make fwbuilder compile under NetBSD 1.6". + Applied patches. + * bug #1173801: '"&" character in prolog/epilog'. Needed to call + xmlEncodeSpecialChars to encode special characters in firewall options + +Bugs fixed in policy compiler for iptables fwb_ipt: + + * bug #1123748: "busybox grep -E". Busybox in floppyfw is compiled + without support for egrep (or grep -E). Switched to using "plain" + grep. + * bug #1160186: 'IPTables Compiler - Multiport Issue'. When 16 or 31 + ports were used in a single rule, compiler generated command with + conflicting options "-m multiport --dport" + * bug #1176890: "block IPv6". Generated iptables script sets default + policies to DROP in all ipv6 filter chains. More detailed control can + be implemented using prolog or epilog scripts. + + Note that this changes behavior of the generated iptables script with + respect to IPv6. Until now, the script just ignored IPv6 but some + people felt this leaves a hole in the firewall and asked me to make + the script close it. Generated shell code will check if ip6tables is + installed on the system and if it actually works before setting + default policies to DROP. This means it won't try to do it if + ip6tables is not installed or if it is present, but IPv6 is not + compiled into the kernel (so ip6tables does not work and generates + errors). + * bug #1176890: "block IPv6". Generated iptables script sets default + policies to DROP in all ipv6 filter chains. More detailed control can + be implemented using prolog or epilog scripts. + * bug #1179103: 'compiled rules can not be installed'. Generated + iptables script could not be used on systems with non-English locale + where timezone name used local characters because these characters + were printed as hex ( "台" ) and '&' caused problems with shell. + Now using single quotes to make shell ignore any characters in the + string. Will deal with proper printing of localazed timezone later. + * bug #1181359: "Missing traling space in "INVALID state" syslog + message" + * bug #1195201: "getaddr function return error ip address". Yet another + change in the way we use grep to find IP addresses of an interface on + Linux. We can't use regex (bug #1123748) and need to filter out + secondary addresses from the "ip addr show" output. It looks like + "grep -v :" neatly solves the problem without using regex. + +Bugs fixed in policy compiler for pf fwb_ipf: + + * bug #1173067: "support for port ranges in NAT rules (ipfilter)" - + policy compiler for ipfilter should split DNAT rules (rdr) that use + TCP or UDP objects with port ranges. A warning is issued if more than + 20 rules are created. + * bug #1173064: "support for dynamic interfaces in ipfilter". Actual + address of dynamic interface is now determined at run-time in the + policy activation script .fw generated by fwbuilder. If + dynamic interface is used somewhere in the policy or nat rules, it + will be replaced with its actual address by activation script before + configuration is sent to ipf or ipnat for activation. This run-time + substitution is done only if a checkbox is checked in the "Script + options" tab of firewall settings dialog. Default behavior is to use + "any". This is because ipfilter configuration files + -ipf.conf and -nat.conf that rely on run-time + substitution of dynamic interface address can not be loaded using + standard activation scripts that come with FreeBSD. + + This also fixes another problem in fwb_ipf where it generated rdr and + nat commands with address 0.0.0.0/32 if dynamic interface was used in + a NAT rule. + +Bugs fixed in policy compiler for pf fwb_pf: + + * bug #1176051: "incorrect rule generated for TCP service ftp-data". If + a rule used several TCP or UDP service objects and one of them has + source port range configured, generated PF filter rule incorrectly + matched on a combiantion of that source port range _and_ destination + port ranges from all other service objects. This bug affected + compilers for OpenBSD PF and ipfilter diff --git a/doc/ReleaseNotes_2.0.8.html b/doc/ReleaseNotes_2.0.8.html new file mode 100644 index 000000000..875b1872c --- /dev/null +++ b/doc/ReleaseNotes_2.0.8.html @@ -0,0 +1,203 @@ + + + + + + + +

Firewall Builder Release Notes

+
+

Version 2.0.8

+
+

+ Released 07/08/2005 +
+ GUI and compilers v2.0.8 require API library libfwbuilder version 2.0.8 +
+

Summary

+

+ This is a bug fix release +

+ For those who wish to build from source, instructions are outlined + in the document "Install and Build instructions" on our web site here + +

What's new

+
    +
  • Improvements in the GUI +

    +

      +
    • Included updated German translation by Hans Peter + Dittler <hpdittler at braintec-consult.de> +
      • + +
    • implemented Feature Request #1145666: "Print RCS + Log". File/Properties dialog can now print RCS log. Thanks + to "Ilya V. Yalovoy" <yalovoy@pilot.aip.mk.ua> for the + patch.
      • + +
    • Some code changes were made to make the code comiple and + work on Solaris. In particular, tests and emulation for + forkpty and cfmakeraw functions were added. Currently this + still remains largely untested.
      • + +
    +
    • + +
  • Improvements in policy compilers for pf, ipf, ipfw +

    +

      +
    • implemented support for subnets for backup ssh access for + pf,ipf,ipfw. Subnet can be defined using either full netmask or + bitlength: both "192.168.1.0/255.255.255.0" and "192.168.1.0/24" + are acceptable. Single host address works too, both as + "192.168.1.10" and as "192.168.1.10/255.255.255.255" or + "192.168.1.10/32". Incorrect address or netmask cause compiler + to abort processing.
      • +
    +
    • + +
  • Improvements in compiler for ipfw +

    +

      +
    • using rule sets to atomically swap old and new + rules. New rules are loaded in the set 1 and then swapped + into set 0. If there is an error in a new rule set, it is + caught while loading rules into inactive set 1, at which + point script stops without changing old firewall rules.
      • + +
    • added "established" rule on top of the regular backup + ssh access rule; this allows to maintain management ssh + session after the policy is reloaded. both "ipfw -f" and + swapping sets flushes all states, so the ssh session used to + upload and activate new policy breaks. A rule with + "established" keyword maintains this session.
      • +
    +
    • + + +
+ +
+
+
+ + +
+
+

Bugs fixed in the Standard Objects library:

+
    +
  • bug #210518: 'Incorrect ending day in the standard object + "weekends"'. This object defined time interval ending at 23:59 + on Monday instead of Sunday
    • + +
+ + +
+
+

Bugs fixed in scripts and tools:

+
    +
  • bug #1200902: "fwb_compile_all does not work in 2.0". Script + fwb_compile_all broke because of changes in data file + format
    • + +
+ + +
+
+

Bugs fixed in GUI:

+
    +
  • bug #1072842: "fwbuilder: Solaris and forkpty". We need + forkpty fr built-in installer but this function is not awailable + on Solaris. I am adding re-implementation, but it hasn't been + tested since I do not have Solaris machine.
    • + +
  • bug #1201406: "shutdown messages should be + suppressed". Installation scriptlet tries to kill shutdown + process, if there is one, to cancel pending shutdown that might + have been left over from test install. If there is none, the + script prints an error message "shutdown process not found" or + similar, which confuses user. Needed to suppress these error + messages.
    • + +
  • bug #1204067: "incorrect timezone handling in RCS". Windows + version of RCS incorrectly converts check-in time when time zone + is east of GMT. This caused the GUI to incorrectly show checkin + time of files in the "Open File" dialog if the program was + running in locale East of GMT, for instance in Japan.
    • + +
  • bug #1207983: "incorrect size of "I" and "L" buttons in the + group view dialog". Tested with large font and cleaned up layout + in many dialogs.
    • + +
  • bug #1212121: "sudo shutdown doesn't work".
    • + +
  • bug #1212123: "executing file below /tmp as root". Avoiding + world-writable directory /tmp/ while activating policy in the + test mode. This change makes installer use subdirectory "tmp" + under directory specified in the "intaller" tab of firewall + settings dialog. That directory is expected to have proper + permissions; subdirectory "tmp" can be created manually, + otherwise installer creates it. Either way, it is not + world-writable, therefore unauthorized users can not create + scripts in it.
    • + +
  • bug #1212179: "tool tips for TCP services cuts off some + services". The gui would show very long tooltip for large + groups; if the group was too large, the tooltip did not fit on + the screen.
    • + +
  • bug #1213361: "PF on FreeBSD-5.4R". Bug description is + misleading, the probem was caused by built-in installer rather + than by compiler for PF. Installer would not copy generated + script over ssh if the script was longer than some threshold and + the gui was running on FreeBSD.
    • + +
+ +
+
+

Bugs fixed in policy compiler for iptables:

+
    +
  • bug #191423: "Weekend Time restriction not created + correctly". Rules with time restriction spanning from Saturday + to Sunday were generated with incorrect "--day" option +
    • + +
  • bug #1205665: "Error with summer time when compiling + script". Sometimes timezone name has "'" in it which confuses + shell and causes an error when generated script prints + "Activating firewall policy..." log message
    • + +
  • bug #1215279: "rate limiting rule logs everything". Rule + utlilizing "limit" module to rate limit packets with logging + logged every packet and dropped those that exceeded the + limit. The fix makes it apply the limit first and then log only + packets that were dropped.
    • +
+ + +
+
+

Bugs fixed in policy compiler for iptw:

+
    +
  • bug #1155351: "Remote install of FW rulset fails due to race + condition". Generated ipfw firewall script could not be ran + reliably over ssh session because "ipfw -f" flushes all rules + and all state, which breaks ssh session. As soon as the script + needed to print anything, it got I/O error from the system + because TCP session for ssh was blocked; this stopped the script + and did not let it activate new firewall policy. Using rule sets + and "established" rule for the backup ssh access solved the + problem. +
    • + +
+ + + + + + diff --git a/doc/ReleaseNotes_2.0.8.txt b/doc/ReleaseNotes_2.0.8.txt new file mode 100644 index 000000000..5d28df63f --- /dev/null +++ b/doc/ReleaseNotes_2.0.8.txt @@ -0,0 +1,124 @@ + Firewall Builder Release Notes + +Version 2.0.8 + + Released 07/08/2005 + GUI and compilers v2.0.8 require API library libfwbuilder version 2.0.8 + +Summary + + This is a bug fix release + + For those who wish to build from source, instructions are outlined in the + document "Install and Build instructions" on our web site here + +What's new + + * Improvements in the GUI + + * Included updated German translation by Hans Peter Dittler + + * implemented Feature Request #1145666: "Print RCS Log". + File/Properties dialog can now print RCS log. Thanks to "Ilya V. + Yalovoy" for the patch. + * Some code changes were made to make the code comiple and work on + Solaris. In particular, tests and emulation for forkpty and + cfmakeraw functions were added. Currently this still remains + largely untested. + + * Improvements in policy compilers for pf, ipf, ipfw + + * implemented support for subnets for backup ssh access for + pf,ipf,ipfw. Subnet can be defined using either full netmask or + bitlength: both "192.168.1.0/255.255.255.0" and "192.168.1.0/24" + are acceptable. Single host address works too, both as + "192.168.1.10" and as "192.168.1.10/255.255.255.255" or + "192.168.1.10/32". Incorrect address or netmask cause compiler to + abort processing. + + * Improvements in compiler for ipfw + + * using rule sets to atomically swap old and new rules. New rules + are loaded in the set 1 and then swapped into set 0. If there is + an error in a new rule set, it is caught while loading rules into + inactive set 1, at which point script stops without changing old + firewall rules. + * added "established" rule on top of the regular backup ssh access + rule; this allows to maintain management ssh session after the + policy is reloaded. both "ipfw -f" and swapping sets flushes all + states, so the ssh session used to upload and activate new policy + breaks. A rule with "established" keyword maintains this session. + + ---------------------------------------------------------------------- + +Bugs fixed in the Standard Objects library: + + * bug #210518: 'Incorrect ending day in the standard object "weekends"'. + This object defined time interval ending at 23:59 on Monday instead of + Sunday + +Bugs fixed in scripts and tools: + + * bug #1200902: "fwb_compile_all does not work in 2.0". Script + fwb_compile_all broke because of changes in data file format + +Bugs fixed in GUI: + + * bug #1072842: "fwbuilder: Solaris and forkpty". We need forkpty fr + built-in installer but this function is not awailable on Solaris. I am + adding re-implementation, but it hasn't been tested since I do not + have Solaris machine. + * bug #1201406: "shutdown messages should be suppressed". Installation + scriptlet tries to kill shutdown process, if there is one, to cancel + pending shutdown that might have been left over from test install. If + there is none, the script prints an error message "shutdown process + not found" or similar, which confuses user. Needed to suppress these + error messages. + * bug #1204067: "incorrect timezone handling in RCS". Windows version of + RCS incorrectly converts check-in time when time zone is east of GMT. + This caused the GUI to incorrectly show checkin time of files in the + "Open File" dialog if the program was running in locale East of GMT, + for instance in Japan. + * bug #1207983: "incorrect size of "I" and "L" buttons in the group view + dialog". Tested with large font and cleaned up layout in many dialogs. + * bug #1212121: "sudo shutdown doesn't work". + * bug #1212123: "executing file below /tmp as root". Avoiding + world-writable directory /tmp/ while activating policy in the test + mode. This change makes installer use subdirectory "tmp" under + directory specified in the "intaller" tab of firewall settings dialog. + That directory is expected to have proper permissions; subdirectory + "tmp" can be created manually, otherwise installer creates it. Either + way, it is not world-writable, therefore unauthorized users can not + create scripts in it. + * bug #1212179: "tool tips for TCP services cuts off some services". The + gui would show very long tooltip for large groups; if the group was + too large, the tooltip did not fit on the screen. + * bug #1213361: "PF on FreeBSD-5.4R". Bug description is misleading, the + probem was caused by built-in installer rather than by compiler for + PF. Installer would not copy generated script over ssh if the script + was longer than some threshold and the gui was running on FreeBSD. + +Bugs fixed in policy compiler for iptables: + + * bug #191423: "Weekend Time restriction not created correctly". Rules + with time restriction spanning from Saturday to Sunday were generated + with incorrect "--day" option + * bug #1205665: "Error with summer time when compiling script". + Sometimes timezone name has "'" in it which confuses shell and causes + an error when generated script prints "Activating firewall policy..." + log message + * bug #1215279: "rate limiting rule logs everything". Rule utlilizing + "limit" module to rate limit packets with logging logged every packet + and dropped those that exceeded the limit. The fix makes it apply the + limit first and then log only packets that were dropped. + +Bugs fixed in policy compiler for iptw: + + * bug #1155351: "Remote install of FW rulset fails due to race + condition". Generated ipfw firewall script could not be ran reliably + over ssh session because "ipfw -f" flushes all rules and all state, + which breaks ssh session. As soon as the script needed to print + anything, it got I/O error from the system because TCP session for ssh + was blocked; this stopped the script and did not let it activate new + firewall policy. Using rule sets and "established" rule for the backup + ssh access solved the problem. diff --git a/doc/ReleaseNotes_2.0.9.html b/doc/ReleaseNotes_2.0.9.html new file mode 100644 index 000000000..a7176ff2c --- /dev/null +++ b/doc/ReleaseNotes_2.0.9.html @@ -0,0 +1,100 @@ + + + + + + +

Firewall Builder Release Notes

+
+

Version 2.0.9

+
+

+ Released 09/17/2005 +
+ GUI and compilers v2.0.9 require API library libfwbuilder version 2.0.9 +
+

Summary

+

+ This is a bug fix release +

+ For those who wish to build from source, instructions are outlined + in the document "Install and Build instructions" on our web site here + +

What's new

+
    +
  • Added support for Cisco FWSM. This includes recognition + of platform-specific options and parameters for FWSM v2.3 + (based on PIX 6.3), as well as interaction with FWSM in + built-in policy installer. Firewall Builder for PIX v1.1.10 + is required to generate configuration compatible with FWSM. +
    • + +
  • Improvements in the GUI +

    +

      +
    • Feature Request #1225393 "Print comments on objects" +
      • + +
    • Feature Request #1187461 "Add "commit" menu item". This + menu item commits opened data file to RCS but keeps it + opened so the user can continue editing.
      • + +
    • Spanish translation has been added, thanks to Carlos + Lozano <clozano@andago.com>
      • + +
    +
    • +
+ +
+
+

Bugs fixed in the GUI:

+
    +
  • bug #1254775: "RCS checkin fails on Windows when data file + is too big". RCS tools failed to check the file in if it + consisted of one huge line of text. This fix makes th GUI save + data file (.fwb) in formatted form on Windows, just like on + Linux. This means each XML element is saved on separate line + instead of all of them being on the same line.
    • + +
  • bug #1226069: "Segfault: Drag&Drop between two + instances". If user started two instances of the GUI and tried + to drag and drop objects between them, the instance receiving an + object crashed.
    • + +
  • bugs #1233165: "Illegal Logging-Limit string" and #1287755: + "i18n is breaking iptables script". The GUI stored options of the + "limit" module as translated strings instead of standard + attributes.
    • + +
  • bug #1240205: "Iilegal --log-level Information". The GUI + stored log levels as translated strings instead of standard + attributes. +
    • + +
  • bug #1277129: "script is truncated when installed by the GUI + running on Mac". Built-in installer truncated firewall script + while copying it to the firewall if GUI was running on Mac OS X + and the script was relatively large. This bug triggered only on + Mac OS X.
    • + +
+ +
+
+

Bugs fixed in policy compiler for PF:

+
    +
  • bug #1276083: "Destination NAT rules". Old restriction on + "rdr" rules that required service in OSrv is not valid anymore, + pf supports rdr rules with no protocol specification.
    • + +
+ + + + + + + + diff --git a/doc/ReleaseNotes_2.0.9.txt b/doc/ReleaseNotes_2.0.9.txt new file mode 100644 index 000000000..37e9dd474 --- /dev/null +++ b/doc/ReleaseNotes_2.0.9.txt @@ -0,0 +1,56 @@ + Firewall Builder Release Notes + +Version 2.0.9 + + Released 09/17/2005 + GUI and compilers v2.0.9 require API library libfwbuilder version 2.0.9 + +Summary + + This is a bug fix release + + For those who wish to build from source, instructions are outlined in the + document "Install and Build instructions" on our web site here + +What's new + + * Added support for Cisco FWSM. This includes recognition of + platform-specific options and parameters for FWSM v2.3 (based on PIX + 6.3), as well as interaction with FWSM in built-in policy installer. + Firewall Builder for PIX v1.1.10 is required to generate configuration + compatible with FWSM. + * Improvements in the GUI + + * Feature Request #1225393 "Print comments on objects" + * Feature Request #1187461 "Add "commit" menu item". This menu item + commits opened data file to RCS but keeps it opened so the user + can continue editing. + * Spanish translation has been added, thanks to Carlos Lozano + + +Bugs fixed in the GUI: + + * bug #1254775: "RCS checkin fails on Windows when data file is too + big". RCS tools failed to check the file in if it consisted of one + huge line of text. This fix makes th GUI save data file (.fwb) in + formatted form on Windows, just like on Linux. This means each XML + element is saved on separate line instead of all of them being on the + same line. + * bug #1226069: "Segfault: Drag&Drop between two instances". If user + started two instances of the GUI and tried to drag and drop objects + between them, the instance receiving an object crashed. + * bugs #1233165: "Illegal Logging-Limit string" and #1287755: "i18n is + breaking iptables script". The GUI stored options of the "limit" + module as translated strings instead of standard attributes. + * bug #1240205: "Iilegal --log-level Information". The GUI stored log + levels as translated strings instead of standard attributes. + * bug #1277129: "script is truncated when installed by the GUI running + on Mac". Built-in installer truncated firewall script while copying it + to the firewall if GUI was running on Mac OS X and the script was + relatively large. This bug triggered only on Mac OS X. + +Bugs fixed in policy compiler for PF: + + * bug #1276083: "Destination NAT rules". Old restriction on "rdr" rules + that required service in OSrv is not valid anymore, pf supports rdr + rules with no protocol specification. diff --git a/doc/ReleaseNotes_2.1.10.html b/doc/ReleaseNotes_2.1.10.html new file mode 100644 index 000000000..1bb890f02 --- /dev/null +++ b/doc/ReleaseNotes_2.1.10.html @@ -0,0 +1,59 @@ + + + + + + + +

Firewall Builder Release Notes

+
+

Version 2.1.10

+
+

+Released 02/17/2007 +
+GUI and compilers v2.1.10 require API library libfwbuilder version 2.1.10 +
+

Summary

+

+This is bugfix release. + +

+For those who wish to build from source, instructions are outlined +in the document "Install and Build instructions" on our web site here + + + +

Improvements and bug fixes in the GUI

+
    + +
  • fixed bug #1661140: "built-in installer broken in 2.1.9 for + PF". Installer incorrectly set name for files it copied to the + firewall if generated configuration consisted of several + files. Affected platforms are PF and ipfilter because normally for + these platforms compiler generates two files. +
    • + +
  • fixed bug #1659832: "No compile with QT without STL + support"
    • + +
  • a workaround for the bug 1629461: "Policy tabs do not scroll @ + window extent on OSX". The tab widget used to show policy, nat, + routing and policy branch rulesets does not switch to a "folded" + mode on Mac OS X when it needs to show more tabs that fit in the + window. Since I can't figure out a way to force it to do that, I + am dropping "Policy/" from the tab titles for branches to make + them shorter. This will help users with policies with many + branches, however it does not solve the problem because as they + keep adding branches, at some point they won't fit in the window + again.
    • + +
  • added an item "Where used" to the context menu associated with + objects in rules
    • +
+ + + + + diff --git a/doc/ReleaseNotes_2.1.10.txt b/doc/ReleaseNotes_2.1.10.txt new file mode 100644 index 000000000..50236975b --- /dev/null +++ b/doc/ReleaseNotes_2.1.10.txt @@ -0,0 +1,33 @@ + Firewall Builder Release Notes + +Version 2.1.10 + + Released 02/17/2007 + GUI and compilers v2.1.10 require API library libfwbuilder version 2.1.10 + +Summary + + This is bugfix release. + + For those who wish to build from source, instructions are outlined in the + document "Install and Build instructions" on our web site here + +Improvements and bug fixes in the GUI + + * fixed bug #1661140: "built-in installer broken in 2.1.9 for PF". + Installer incorrectly set name for files it copied to the firewall if + generated configuration consisted of several files. Affected platforms + are PF and ipfilter because normally for these platforms compiler + generates two files. + * fixed bug #1659832: "No compile with QT without STL support" + * a workaround for the bug 1629461: "Policy tabs do not scroll @ window + extent on OSX". The tab widget used to show policy, nat, routing and + policy branch rulesets does not switch to a "folded" mode on Mac OS X + when it needs to show more tabs that fit in the window. Since I can't + figure out a way to force it to do that, I am dropping "Policy/" from + the tab titles for branches to make them shorter. This will help users + with policies with many branches, however it does not solve the + problem because as they keep adding branches, at some point they won't + fit in the window again. + * added an item "Where used" to the context menu associated with objects + in rules diff --git a/doc/ReleaseNotes_2.1.11.html b/doc/ReleaseNotes_2.1.11.html new file mode 100644 index 000000000..4003a085d --- /dev/null +++ b/doc/ReleaseNotes_2.1.11.html @@ -0,0 +1,109 @@ + + + + + + + +

Firewall Builder Release Notes

+
+

Version 2.1.11

+
+

+Released 04/29/2007 +
+GUI and compilers v2.1.11 require API library libfwbuilder version 2.1.11 +
+

Summary

+

+This is bugfix release. + +

+For those who wish to build from source, instructions are outlined +in the document "Install and Build instructions" on our web site here + + + +

Improvements and bug fixes in the GUI

+
    + +
  • redesigned TimeService object dialog
    • + +
  • minor redesign of the interface object dialog to make network + zone more prominent and easier to set when network and group + objects have long names.
    • + +
  • fixed bug #1685741: "GUI crash: click on an empty part of obj + tree, then desktop"
    • + +
  • fixed bug #1692411: "can't set accouting rule name (fwbuilder + 2.1.11)"
    • + +
  • fixed bug #1684334: "RCS should use $LOGNAME when commit"
    • + +
  • fixed bug #1701971: "Enabeling test mode doent activate the + reboot interval". Checking "Test mode" checkbox in the + installer options dialog should enable widgets that configure + automatic reboot timeout.
    • + +
  • fixed bug #1702830: "fwbuilder does not detect errors during + policy install". Built-in installer detects error messages + printed by iptables and iptables-restore and aborts + installation process. Summary page shown in the end reflects + this as failed install.
    • + +
+ +

Improvements and bug fixes in policy compiler for iptables

+
    +
  • Added support for --datestart and --datestop options for module + 'time' in compiler for iptables
    • + +
  • fixed bug #1672191: "Time limit generates unexpected iptables + command"
    • + +
  • fixed bug #1695481: "compliation error with lower end + port". Before, user could enter start port range number + greater than the end port range number. Neither the GUI nor + compiler noticed this, which resulted in the incorrect + firewall configuration. This fix adds check in the GUI to not + let the user enter port ranges like that.
    • + +
  • fixed bug 1699483: "hashlimit-htable-expire not set". Added GUI + controls and compiler support for hashlimit module options + "--hashlimit-name", "--hashlimit-htable-size", + "--hashlimit-htable-max", "--hashlimit-htable-expire" and + "--hashlimit-htable-gcinterval"
    • + +
  • fixed bug #1703954: "Mark target in postrouting chain". Packets + that originate on the firewall should be marked in the OUTPUT + chain. According to the netfilter packet flow diagram at + http://www.shorewall.net/NetfilterOverview.html , rerouting + happens after OUTPUT hook but before POSTROUTING hook. So in + order to be able to reroute packet originated on the firewall, + they should be marked in OUTPUT
    • + +
+ + +

Improvements and bug fixes in policy compiler for PF

+
    +
  • fixed bug #1674940: "if max-src-conn == 0: syntax + error". Options max-src-conn and max-src-states can not have + value '0'
    • + +
+ +

Improvements and bug fixes in policy compiler for ipfilter

+
    +
  • fixed bug #1678410: "Ipfilter compiler uses wrong keyword for + "fragment""
    • + +
  • fixed bug #1676845: "lsrr option not compiling"
    • + +
+ + + + diff --git a/doc/ReleaseNotes_2.1.11.txt b/doc/ReleaseNotes_2.1.11.txt new file mode 100644 index 000000000..bf302789f --- /dev/null +++ b/doc/ReleaseNotes_2.1.11.txt @@ -0,0 +1,65 @@ + Firewall Builder Release Notes + +Version 2.1.11 + + Released 04/29/2007 + GUI and compilers v2.1.11 require API library libfwbuilder version 2.1.11 + +Summary + + This is bugfix release. + + For those who wish to build from source, instructions are outlined in the + document "Install and Build instructions" on our web site here + +Improvements and bug fixes in the GUI + + * redesigned TimeService object dialog + * minor redesign of the interface object dialog to make network zone + more prominent and easier to set when network and group objects have + long names. + * fixed bug #1685741: "GUI crash: click on an empty part of obj tree, + then desktop" + * fixed bug #1692411: "can't set accouting rule name (fwbuilder 2.1.11)" + * fixed bug #1684334: "RCS should use $LOGNAME when commit" + * fixed bug #1701971: "Enabeling test mode doent activate the reboot + interval". Checking "Test mode" checkbox in the installer options + dialog should enable widgets that configure automatic reboot timeout. + * fixed bug #1702830: "fwbuilder does not detect errors during policy + install". Built-in installer detects error messages printed by + iptables and iptables-restore and aborts installation process. Summary + page shown in the end reflects this as failed install. + +Improvements and bug fixes in policy compiler for iptables + + * Added support for --datestart and --datestop options for module 'time' + in compiler for iptables + * fixed bug #1672191: "Time limit generates unexpected iptables command" + * fixed bug #1695481: "compliation error with lower end port". Before, + user could enter start port range number greater than the end port + range number. Neither the GUI nor compiler noticed this, which + resulted in the incorrect firewall configuration. This fix adds check + in the GUI to not let the user enter port ranges like that. + * fixed bug 1699483: "hashlimit-htable-expire not set". Added GUI + controls and compiler support for hashlimit module options + "--hashlimit-name", "--hashlimit-htable-size", + "--hashlimit-htable-max", "--hashlimit-htable-expire" and + "--hashlimit-htable-gcinterval" + * fixed bug #1703954: "Mark target in postrouting chain". Packets that + originate on the firewall should be marked in the OUTPUT chain. + According to the netfilter packet flow diagram at + http://www.shorewall.net/NetfilterOverview.html , rerouting happens + after OUTPUT hook but before POSTROUTING hook. So in order to be able + to reroute packet originated on the firewall, they should be marked in + OUTPUT + +Improvements and bug fixes in policy compiler for PF + + * fixed bug #1674940: "if max-src-conn == 0: syntax error". Options + max-src-conn and max-src-states can not have value '0' + +Improvements and bug fixes in policy compiler for ipfilter + + * fixed bug #1678410: "Ipfilter compiler uses wrong keyword for + "fragment"" + * fixed bug #1676845: "lsrr option not compiling" diff --git a/doc/ReleaseNotes_2.1.12.html b/doc/ReleaseNotes_2.1.12.html new file mode 100644 index 000000000..90194b251 --- /dev/null +++ b/doc/ReleaseNotes_2.1.12.html @@ -0,0 +1,436 @@ + + + + + + + +

Firewall Builder Release Notes

+
+

Version 2.1.12

+
+

+Released 06/24/2007 +
+GUI and compilers v2.1.12 require API library libfwbuilder version 2.1.12 +
+

Summary

+

+This release comes with support for Cisco IOS access lists and ability +to import existing iptables and IOS access lists +configurations. Multiple bug fixes are included as well. + +

+For those who wish to build from source, instructions are outlined +in the document "Install and Build instructions" on our web site here + +

Support for Cisco IOS access lists

+ +Policy compiler for Cisco IOS Access lists has been implemented as +part of the Firewall Builder GUI as of version 2.1.12. The first +functional build were importer worked on all supported OS was build +270 (May 22, 2007) +

+ + Features implemented in this version: +

+

    + +
  • The compiler generates extended ACLs using "ip access-list + extended" command. ACL names are automatically generated using + abbreviated interface names and direction symbols to make it easy + to figure out which ACL is which. Compiler uses rather minimal set + of options of the "ip access-list" command and should generate code + that will work for IOS 12.x. I did not test with 11.x but I am + pretty sure it will work, at least with the latest versions of + 11.x. + +
  • Compiler can also add commands to configure logging. + +
  • The GUI includes built-in installer for routers which works just + like installer for PIX. Both installers were updated however to + improve support for the automatic roll-back feature in case you + lose connect with the firewall or the router because of an error in + the policy. Now you can make installer schedule reboot in a few + minutes, then upload new policy or ACLs and then cancel reboot if + upload was successful. While before auto-rollback option was only + available if you installed in the test mode, now you can always use + it. Test mode means that installer does not save configuration in + the permanent memory, as before. + +
  • All three installation methods that were available for PIX are now + available for routers: you can make it clear all access lists and + then load new ones or just update access lists without + clearing. The last method (the "safety net" method) creates + temporary acl to permit communication with the management station, + assigns it to the interface marked as management interface, then + clears all access lists and loads new ones and in the end swaps + proper list on the management interface. This helps prevent + locking yourself out of the router in the middle of the + installation process in case of an error in the ACL and at the same + time does not leave the router with no acls for the time it takes + to install new policy. In combination with automatic roll-back, + installation process is pretty reliable. + +
  • New option has been added to the interface object, called + "unprotected". This allows you to mark some interfaces to be + skipped by the compiler when it picks interfaces for ACL + rules. This should be useful when you have routers with many + interfaces and only want to add ACLs to some of them. Also, you can + explicitly put interface objects into policy rules and specify + direction if you want to do this manually. + +
  • Since router ACLs have no state, all rules should be created in the + policy pretty much like you do it on the router, including rules + that permit reply packets. New option has been added to the TCP + Service object, called "established". This makes compiler use + option "established" in rules it generates if it is supported by + the firewall platform. Compilers for iptables, ipfilter, pf and PIX + can not use objects with this option and treat it as an error + because corresponding platforms do not support it. IPFW, on the + other hand, supports it so compiler fwb_ipfw can use it. + +
+

+ + Shortcomings of this version: +

+

    +
  • "tos", "precedence" and "time-range" options are not supported +
  • "igmp" access lists can no be generated +
+

+ + +

Policy import iptables configurations (v2.1.12, build 281 and later)

+

+Policy importer has been implemented as part of the Firewall Builder +GUI as of version 2.1.12. The first functional build were importer +worked on all supported OS was build 270 (May 22, 2007) +

+Policy importer uses ANTLR lexer and parser ( http://www.antlr.org/ ) +Version 2.7.7 is used in Firewall Builder v2.1.12 ( http://www.antlr2.org/ ) +

+Firewall Builder needs ANTLR C++ runtime header files and library and +include these in the source tree under src/antlr. Unless you want to +change the grammar (*.g files) you don't need to install ANTLR +separately. All relevant ANTLR files are included in the package. For +more information on ANTRL see: http://www.antlr2.org +

+ Features implemented in this version : + +

    +
  • Importer can parse iptables config saved using iptables-save + utility. Because of the huge variety of iptables modules, Importer + can only interpret basic iptables configuration and a subset of + modules. Currently the following modules are supported: +

    +

      +
    • state +
    • multiport +
    • limit +
    • mark +
    +

    +
  • Importer creates firewall object with all interfaces. It can not + assign object name for the firewall object nor add IP and MAC + addresses to interfaces because this information is not present in + iptables-save file. + +
  • option "Assume firewall is part of 'any'" is off in the created + firewall object. Import is done this way in order to preserve logic + of chains INPUT, OUTPUT and FORWARD in the recreated fwbuilder + rules. Rules that had chain INPUT in the imported script will have + firewall object in "destination" in the corresponding fwbuilder + rules. Firewall object is placed in "Source" for rules with chain + OUTPUT. For rules with chain FORWARD rule elements "Source" and + "Destination" are populated with objects created using options "-s" + and "-d" of the original rules or left empty ("any"). + +
  • all recognized iptables rules are imported and interface and + direction are set in all rules appropriately. Interface objects are + created as parser finds them in the script. + +
  • targets ACCEPT, DROP, REJECT, MARK and others are converted to the + corresponding fwbuilder policy rule actions. Unrecognized targets + and converted to branching rules, where the name of the target + becomes the name of the branch. + +
  • SNAT, DNAT, MASQUERADING, REDIRECT and NETMAP targets and their + parameters are recognized in the NAT rules. + +
  • Address and service objects are created in the process for all + addresses and ports used in all rules. + +
  • iptables rules can refer to tcp/udp ports both by name or by + number. Importer can properly interpret both formats using system + function getservbyname() to convert service name to the port + number. Since the result of this function depends on the OS, some + port names may not convert on some systems. For example, Windows + can convert more limited set of service names compared to Linux or + BSD. + +
  • targets LOG and ULOG are converted to the "logging" option in + fwbuilder rules with action "Continue". This is an empty action + that does not affect packet flow through the firewall but can be + used in combination with "logging" option to log the packet. If + such empty (logging-only) rule is undesired, it must be manually + merged with some other rule in the policy. + +
  • "--log-prefix", and "--log-level" options of the LOG target are + recognized + +
  • "--ulog-prefix" option of the ULOG target is recognized. Other + options of the ULOG target are not. + +
  • Address and service objects are reused in the process of import. + +
  • in case when importer fails to parse some part of the iptables-save + file, corresponding policy rule is colored red and appropriate + diagnostic message added to its comment. The problem must be + corrected manually. + +
  • comments ("#") found inside access lists are ignored. +
+ +Shortcomings of this version: + +
    +
  • user-defined chains in table "nat" are not supported +
  • no import of time intervals +
  • no MAC address matching import +
+ +

+ + +

Policy import of Cisco IOS access lists (v2.1.12, build 270)

+

+ + Features implemented in this version : + +

    +
  • Importer can parse router config saved using "show run" + command. Although importer can only interpret a subset of IOS + configuration commands, other commands that it does not understand + will be ignored and should not affect operation. No manual editing + of the config is required prior to import. + +
  • Importer creates firewall object with all interfaces + +
  • firewall object name is assigned if "hostname" command is found in + the configuration. If this command is not present, the name remains + generic "New Firewall" + +
  • interface addresses are assigned if command "ip address" is found + (multiple addresses per interface are supported). Interfaces + without "ip address" in the configuration are marked as + "unnumbered" in the firewall builder object tree. + +
  • all access lists are imported and interface and direction are set + in all rules appropriately + +
  • Address and service objects are created in the process for all + addresses and ports used in access lists + +
  • IOS access lists can define ip protocol, icmp code and type, and + tcp/udp ports both by name or by number. Importer can properly + interpret both formats. + +
  • "log", "log-input", "fragments", "established" keywords are + supported and translated into rule or object options as + appropriate. + +
  • Address and service objects are reused in the process of import. + +
  • in case when importer fails to parse some part of the access-list + command, corresponding policy rule is colored in red and + appropriate diagnostic message added to its comment. The problem + must be corrected manually. + +
  • "remark" commands found inside access lists are translated into + rule comments + +
  • comments ("!") found inside access lists are ignored. +
+

+ + Shortcomings of this version: + +

    +
  • importer does not use address and service objects that existed in + the tree before the operation has started, it creates new + ones. Deduplication only works for objects created in the process + of import. + +
  • the following keywords available in extended access lists are not + supported at this time: tos, precedence, time-range. + +
  • igmp access lists are not parsed. +
+ +

+

+

+ +

New object types and improvements in the base API

+ +
    + +
  • TCPService object now has flag "established". Policy comilers + for platforms that have special keyword for this flag can recognize + this flag in TCPService object.
    • + +
  • TCPService object "All TCP established" has been added to the + Standard objects library.
    • + +
  • Interface of the firewall has new flag "unprotected", currently + only used in compiler for Cisco IOS access lists. Compiler skips + interfaces marked as "unprotected" when it decides which interface a + policy rule should be assigned to. +
+ + +

Improvements and bug fixes in the GUI

+
    + +
  • dialogs and resource files for Cisco IOS access lists.
    • + +
  • Policy installer for Cisco routers
    • + +
  • fixed long-standing problem with size of the built-in installer + options dialog. The dialog was too big and did not properly resize + itself when some options were hidden.
    • + +
  • PIX and Cisco routers (IOS) : built-in installer can schedule + reboot of the firewall before activating new policy, then cancel + it if the policy has been activated successfully.
    • + +
  • note about built-in installer on windows. Installer seems to + have broke with upgrade of QT to 3.3.8. Specifically, in + SSHSession::readFromStdout(), proc->readStdout() returns a byte + array that contains actual output from the device, with some + garbage appeneded to it. The garbage is included in the size() + count of QByteArray returned by readStdout so it gets included + into the QString which we append to stdoutBuffer. This happens + only on win32; reverting to QT 3.3.7 fixes the problem.
    • + +
  • the GUI is compiled with ANTLR C++ run-time, used for policy + importer
    • + +
  • Policy importer: can read and import iptables rules from the + iptables-save file and Cisco IOS access lists from the router + configuration saved using "show run" command. See + README.policy_import file for more details.
    • + +
  • allow for object group in "Interface" rule element
    • + +
  • Added support for action "Continue" (an empty action) in the GUI + and compiler for iptables. This action creates a rule that does + nothing, however it generates iptables command with target "-j + LOG" if logging is turned on. This can be useful if one wants only + to log packets that match certain pattern but not make any policy + decision in the same rule.
    • + +
  • After changes made in the compiler to simplify algorithm used to + decide which chain a rule with action Tag should go to, rule + action option "Mark connections in PREROUTING chain" ( + "ipt_mark_prerouting" ) has been deprecated.
    • + +
  • fixed bug (no number) where installer failed to properly copy + .fwb file over to the firewall if file name contained + whitespace
    • + +
  • fixed bug #1739373: "FWB2111, register Routing not printed". Tab + "Routing" was not included in the printed copy of firewall + policies
    • +
+ +

Improvements and bug fixes in policy compiler for iptables

+
    + +
  • fixed bug 1737733: "install script doesn't detect BROADCAST if + eth is NO-CARRIER". If firewall script runs before network + interface comes up (i.e. is still in NO-CARRIER state), script + failed to add virtual addresses for NAT.
    • + +
  • fixed bug #1711595: "ip6tables DROPs". Compiler adds rules to + permit any-to-any on loopback interface for ipv6 in addition to + rules that set default policy to DROP for all chains in ipv6
    • + +
  • streamlined algorithm that assigns chain to a rule with action + Tag. The goal is to always use chain PREROUTING for rules with + direction Inbound or Both and a combination of OUTPUT and + POSTROUTING for rules with direction Outbound and Both.
    • + +
  • Added support for action "Continue" (an empty action) in the GUI + and compiler for iptables. This action creates a rule that does + nothing, however it generates iptables command with target "-j + LOG" if logging is turned on. This can be useful if one wants only + to log packets that match certain pattern but not make any policy + decision in the same rule.
    • + +
  • fixed bug #1718791: "Bug with more than one router". This bug + affected routing rules.
    • + +
  • fixed bug #1720022: "Fail to load modules .ko.gz".
    • + +
  • fixed bug #1720480: '"-A POSTROUTING -i interface" in branching + rules'. Compiler should not generate iptables commands in + POSTROUTING chain with "-i interface" clause.
    • + +
  • bug (no number): compiler used to not set unique internal id for + rules in branches, which lead to chain names like 'C.0' in + generated script.
    • + +
  • bug (no number): when a rule number is inserted into a log + record in place of macro %N, it should be formatted as "N/M" for + rules in a branch.
    • + +
  • bug (no number): setting chain for Classify action only if it + has not been set before. Setting chain to POSTROUTING always broke + things if a rule with action 'Classify' was used in a branch (so + the chain has been set to that of the branch)
    • + +
  • bugs #1676635: "no way to match on state if the action is drop" + and #1671910: "2.1.8 In 'Branch' acton compiler doesn't insert NEW + stanza". Rely only on rule option 'stateless' to decide whether + the rule should have "-m state --state NEW". Rule option + 'stateless' is automatically set when user changes rule action so + it becomes anything except 'Accept', 'Tag' or 'Route'. This option + is also automatically cleared when action is switched to any of + these three actions. The user can override these default settings + by checking or unchecking the option in the rule options dialog. + +
    • + +
+ + +

Improvements and bug fixes in policy compiler for PF

+
    +
  • fixed bug #1727715: "Policy Installer failed but indicates + succes". Activation script for PF exits with non-zero return code + if script activation fails.
    • + +
  • fixed bug #1740545: "AddressTable in NAT section". Policy + compiler for PF crashed if AddressTable object was used in TDst + element of a NAT rule.
    • + +
+ + +

Improvements and bug fixes in policy compiler for ipfw

+
    +
  • new TCPService object flag "established" in compiler for + ipfw.
    • + +
  • + +
+ + + + + diff --git a/doc/ReleaseNotes_2.1.12.txt b/doc/ReleaseNotes_2.1.12.txt new file mode 100644 index 000000000..ffb8dad33 --- /dev/null +++ b/doc/ReleaseNotes_2.1.12.txt @@ -0,0 +1,311 @@ + Firewall Builder Release Notes + +Version 2.1.12 + + Released 06/24/2007 + GUI and compilers v2.1.12 require API library libfwbuilder version 2.1.12 + +Summary + + This release comes with support for Cisco IOS access lists and ability to + import existing iptables and IOS access lists configurations. Multiple bug + fixes are included as well. + + For those who wish to build from source, instructions are outlined in the + document "Install and Build instructions" on our web site here + +Support for Cisco IOS access lists + + Policy compiler for Cisco IOS Access lists has been implemented as part of + the Firewall Builder GUI as of version 2.1.12. The first functional build + were importer worked on all supported OS was build 270 (May 22, 2007) + + Features implemented in this version: + + * The compiler generates extended ACLs using "ip access-list extended" + command. ACL names are automatically generated using abbreviated + interface names and direction symbols to make it easy to figure out + which ACL is which. Compiler uses rather minimal set of options of the + "ip access-list" command and should generate code that will work for + IOS 12.x. I did not test with 11.x but I am pretty sure it will work, + at least with the latest versions of 11.x. + * Compiler can also add commands to configure logging. + * The GUI includes built-in installer for routers which works just like + installer for PIX. Both installers were updated however to improve + support for the automatic roll-back feature in case you lose connect + with the firewall or the router because of an error in the policy. Now + you can make installer schedule reboot in a few minutes, then upload + new policy or ACLs and then cancel reboot if upload was successful. + While before auto-rollback option was only available if you installed + in the test mode, now you can always use it. Test mode means that + installer does not save configuration in the permanent memory, as + before. + * All three installation methods that were available for PIX are now + available for routers: you can make it clear all access lists and then + load new ones or just update access lists without clearing. The last + method (the "safety net" method) creates temporary acl to permit + communication with the management station, assigns it to the interface + marked as management interface, then clears all access lists and loads + new ones and in the end swaps proper list on the management interface. + This helps prevent locking yourself out of the router in the middle of + the installation process in case of an error in the ACL and at the + same time does not leave the router with no acls for the time it takes + to install new policy. In combination with automatic roll-back, + installation process is pretty reliable. + * New option has been added to the interface object, called + "unprotected". This allows you to mark some interfaces to be skipped + by the compiler when it picks interfaces for ACL rules. This should be + useful when you have routers with many interfaces and only want to add + ACLs to some of them. Also, you can explicitly put interface objects + into policy rules and specify direction if you want to do this + manually. + * Since router ACLs have no state, all rules should be created in the + policy pretty much like you do it on the router, including rules that + permit reply packets. New option has been added to the TCP Service + object, called "established". This makes compiler use option + "established" in rules it generates if it is supported by the firewall + platform. Compilers for iptables, ipfilter, pf and PIX can not use + objects with this option and treat it as an error because + corresponding platforms do not support it. IPFW, on the other hand, + supports it so compiler fwb_ipfw can use it. + + Shortcomings of this version: + + * "tos", "precedence" and "time-range" options are not supported + * "igmp" access lists can no be generated + +Policy import iptables configurations (v2.1.12, build 281 and later) + + Policy importer has been implemented as part of the Firewall Builder GUI + as of version 2.1.12. The first functional build were importer worked on + all supported OS was build 270 (May 22, 2007) + + Policy importer uses ANTLR lexer and parser ( http://www.antlr.org/ ) + Version 2.7.7 is used in Firewall Builder v2.1.12 ( http://www.antlr2.org/ + ) + + Firewall Builder needs ANTLR C++ runtime header files and library and + include these in the source tree under src/antlr. Unless you want to + change the grammar (*.g files) you don't need to install ANTLR separately. + All relevant ANTLR files are included in the package. For more information + on ANTRL see: http://www.antlr2.org + + Features implemented in this version : + + * Importer can parse iptables config saved using iptables-save utility. + Because of the huge variety of iptables modules, Importer can only + interpret basic iptables configuration and a subset of modules. + Currently the following modules are supported: + + * state + * multiport + * limit + * mark + + * Importer creates firewall object with all interfaces. It can not + assign object name for the firewall object nor add IP and MAC + addresses to interfaces because this information is not present in + iptables-save file. + * option "Assume firewall is part of 'any'" is off in the created + firewall object. Import is done this way in order to preserve logic of + chains INPUT, OUTPUT and FORWARD in the recreated fwbuilder rules. + Rules that had chain INPUT in the imported script will have firewall + object in "destination" in the corresponding fwbuilder rules. Firewall + object is placed in "Source" for rules with chain OUTPUT. For rules + with chain FORWARD rule elements "Source" and "Destination" are + populated with objects created using options "-s" and "-d" of the + original rules or left empty ("any"). + * all recognized iptables rules are imported and interface and direction + are set in all rules appropriately. Interface objects are created as + parser finds them in the script. + * targets ACCEPT, DROP, REJECT, MARK and others are converted to the + corresponding fwbuilder policy rule actions. Unrecognized targets and + converted to branching rules, where the name of the target becomes the + name of the branch. + * SNAT, DNAT, MASQUERADING, REDIRECT and NETMAP targets and their + parameters are recognized in the NAT rules. + * Address and service objects are created in the process for all + addresses and ports used in all rules. + * iptables rules can refer to tcp/udp ports both by name or by number. + Importer can properly interpret both formats using system function + getservbyname() to convert service name to the port number. Since the + result of this function depends on the OS, some port names may not + convert on some systems. For example, Windows can convert more limited + set of service names compared to Linux or BSD. + * targets LOG and ULOG are converted to the "logging" option in + fwbuilder rules with action "Continue". This is an empty action that + does not affect packet flow through the firewall but can be used in + combination with "logging" option to log the packet. If such empty + (logging-only) rule is undesired, it must be manually merged with some + other rule in the policy. + * "--log-prefix", and "--log-level" options of the LOG target are + recognized + * "--ulog-prefix" option of the ULOG target is recognized. Other options + of the ULOG target are not. + * Address and service objects are reused in the process of import. + * in case when importer fails to parse some part of the iptables-save + file, corresponding policy rule is colored red and appropriate + diagnostic message added to its comment. The problem must be corrected + manually. + * comments ("#") found inside access lists are ignored. + + Shortcomings of this version: + + * user-defined chains in table "nat" are not supported + * no import of time intervals + * no MAC address matching import + +Policy import of Cisco IOS access lists (v2.1.12, build 270) + + Features implemented in this version : + + * Importer can parse router config saved using "show run" command. + Although importer can only interpret a subset of IOS configuration + commands, other commands that it does not understand will be ignored + and should not affect operation. No manual editing of the config is + required prior to import. + * Importer creates firewall object with all interfaces + * firewall object name is assigned if "hostname" command is found in the + configuration. If this command is not present, the name remains + generic "New Firewall" + * interface addresses are assigned if command "ip address" is found + (multiple addresses per interface are supported). Interfaces without + "ip address" in the configuration are marked as "unnumbered" in the + firewall builder object tree. + * all access lists are imported and interface and direction are set in + all rules appropriately + * Address and service objects are created in the process for all + addresses and ports used in access lists + * IOS access lists can define ip protocol, icmp code and type, and + tcp/udp ports both by name or by number. Importer can properly + interpret both formats. + * "log", "log-input", "fragments", "established" keywords are supported + and translated into rule or object options as appropriate. + * Address and service objects are reused in the process of import. + * in case when importer fails to parse some part of the access-list + command, corresponding policy rule is colored in red and appropriate + diagnostic message added to its comment. The problem must be corrected + manually. + * "remark" commands found inside access lists are translated into rule + comments + * comments ("!") found inside access lists are ignored. + + Shortcomings of this version: + + * importer does not use address and service objects that existed in the + tree before the operation has started, it creates new ones. + Deduplication only works for objects created in the process of import. + * the following keywords available in extended access lists are not + supported at this time: tos, precedence, time-range. + * igmp access lists are not parsed. + + ---------------------------------------------------------------------- + +New object types and improvements in the base API + + * TCPService object now has flag "established". Policy comilers for + platforms that have special keyword for this flag can recognize this + flag in TCPService object. + * TCPService object "All TCP established" has been added to the Standard + objects library. + * Interface of the firewall has new flag "unprotected", currently only + used in compiler for Cisco IOS access lists. Compiler skips interfaces + marked as "unprotected" when it decides which interface a policy rule + should be assigned to. + +Improvements and bug fixes in the GUI + + * dialogs and resource files for Cisco IOS access lists. + * Policy installer for Cisco routers + * fixed long-standing problem with size of the built-in installer + options dialog. The dialog was too big and did not properly resize + itself when some options were hidden. + * PIX and Cisco routers (IOS) : built-in installer can schedule reboot + of the firewall before activating new policy, then cancel it if the + policy has been activated successfully. + * note about built-in installer on windows. Installer seems to have + broke with upgrade of QT to 3.3.8. Specifically, in + SSHSession::readFromStdout(), proc->readStdout() returns a byte array + that contains actual output from the device, with some garbage + appeneded to it. The garbage is included in the size() count of + QByteArray returned by readStdout so it gets included into the QString + which we append to stdoutBuffer. This happens only on win32; reverting + to QT 3.3.7 fixes the problem. + * the GUI is compiled with ANTLR C++ run-time, used for policy importer + * Policy importer: can read and import iptables rules from the + iptables-save file and Cisco IOS access lists from the router + configuration saved using "show run" command. See README.policy_import + file for more details. + * allow for object group in "Interface" rule element + * Added support for action "Continue" (an empty action) in the GUI and + compiler for iptables. This action creates a rule that does nothing, + however it generates iptables command with target "-j LOG" if logging + is turned on. This can be useful if one wants only to log packets that + match certain pattern but not make any policy decision in the same + rule. + * After changes made in the compiler to simplify algorithm used to + decide which chain a rule with action Tag should go to, rule action + option "Mark connections in PREROUTING chain" ( "ipt_mark_prerouting" + ) has been deprecated. + * fixed bug (no number) where installer failed to properly copy .fwb + file over to the firewall if file name contained whitespace + * fixed bug #1739373: "FWB2111, register Routing not printed". Tab + "Routing" was not included in the printed copy of firewall policies + +Improvements and bug fixes in policy compiler for iptables + + * fixed bug 1737733: "install script doesn't detect BROADCAST if eth is + NO-CARRIER". If firewall script runs before network interface comes up + (i.e. is still in NO-CARRIER state), script failed to add virtual + addresses for NAT. + * fixed bug #1711595: "ip6tables DROPs". Compiler adds rules to permit + any-to-any on loopback interface for ipv6 in addition to rules that + set default policy to DROP for all chains in ipv6 + * streamlined algorithm that assigns chain to a rule with action Tag. + The goal is to always use chain PREROUTING for rules with direction + Inbound or Both and a combination of OUTPUT and POSTROUTING for rules + with direction Outbound and Both. + * Added support for action "Continue" (an empty action) in the GUI and + compiler for iptables. This action creates a rule that does nothing, + however it generates iptables command with target "-j LOG" if logging + is turned on. This can be useful if one wants only to log packets that + match certain pattern but not make any policy decision in the same + rule. + * fixed bug #1718791: "Bug with more than one router". This bug affected + routing rules. + * fixed bug #1720022: "Fail to load modules .ko.gz". + * fixed bug #1720480: '"-A POSTROUTING -i interface" in branching + rules'. Compiler should not generate iptables commands in POSTROUTING + chain with "-i interface" clause. + * bug (no number): compiler used to not set unique internal id for rules + in branches, which lead to chain names like 'C.0' in generated script. + * bug (no number): when a rule number is inserted into a log record in + place of macro %N, it should be formatted as "N/M" for rules in a + branch. + * bug (no number): setting chain for Classify action only if it has not + been set before. Setting chain to POSTROUTING always broke things if a + rule with action 'Classify' was used in a branch (so the chain has + been set to that of the branch) + * bugs #1676635: "no way to match on state if the action is drop" and + #1671910: "2.1.8 In 'Branch' acton compiler doesn't insert NEW + stanza". Rely only on rule option 'stateless' to decide whether the + rule should have "-m state --state NEW". Rule option 'stateless' is + automatically set when user changes rule action so it becomes anything + except 'Accept', 'Tag' or 'Route'. This option is also automatically + cleared when action is switched to any of these three actions. The + user can override these default settings by checking or unchecking the + option in the rule options dialog. + +Improvements and bug fixes in policy compiler for PF + + * fixed bug #1727715: "Policy Installer failed but indicates succes". + Activation script for PF exits with non-zero return code if script + activation fails. + * fixed bug #1740545: "AddressTable in NAT section". Policy compiler for + PF crashed if AddressTable object was used in TDst element of a NAT + rule. + +Improvements and bug fixes in policy compiler for ipfw + + * new TCPService object flag "established" in compiler for ipfw. + * diff --git a/doc/ReleaseNotes_2.1.13.html b/doc/ReleaseNotes_2.1.13.html new file mode 100644 index 000000000..f51f681c9 --- /dev/null +++ b/doc/ReleaseNotes_2.1.13.html @@ -0,0 +1,106 @@ + + + + + + + +

Firewall Builder Release Notes

+
+

Version 2.1.13

+
+

+Released 07/22/2007 +
+GUI and compilers v2.1.13 require API library libfwbuilder version 2.1.13 +
+

Summary

+

+This is bugfix release; its main focus is better support for new +features available in PF in OpenBSD 4.1. + +

+For those who wish to build from source, instructions are outlined +in the document "Install and Build instructions" on our web site here + + + +

Improvements and bug fixes in the GUI

+
    + +
  • fixed bug #1740766: "lock not saved". This method now copies the + value of "ro" attribute (read-only). Clear it in the caller if + neccessary. Method duplicate() clears it after calling + shallowDuplicate in order to be able to modify the object, then + restores this attribute to its original value.
    • + +
  • fixed bug #1743117: "crash while editing any". Added check, user + should not be able to unlock Standard objects library
    • + +
  • fixed bug #1753188: "policy activation fails on PIX and + IOS". Installer failed if account used to authenticate to the + router or PIX went straight to 'enable' mode after login.
    • + +
  • added simple template object for Cisco router 36xx
    • +
+ +

Improvements and bug fixes in policy compiler for iptables

+
    + +
  • fixed bug #1746257: "fwbuilder breaks IPv6". Added an option to + the firewall settings dialog for iptables that controls whether + compiler should skip generation of the code to set default policy + of all ipv6 chains to DROP. This option is off by default, that is + compiler puts the code in. This helps maintain backwards + compatibility with old data files that do not have this option, + which is equivalent to this option being "off".
    • + +
  • fixed bug #1747332: "missing CONNMARK/ restore mark in Output + Chain"
    • + +
  • compiler permits setting direction in the rule while interface + field is "All". This generates iptables command in chain INPUT or + OUTPUT with "-i +" or "-o +" interface specification to match all + interfaces.
    • + +
+ + +

Improvements and bug fixes in policy compiler for PF

+
    +
  • fixed bug #1747828: "anchors generation - "log" not + supported". "Log" keyword is not allowed in "anchor" rules; + compiler should not generate it even if user turned logging on in + a rule with action 'Branch'
    • + +
  • implemented support for PF limit options "src-nodes", "tables" + and "table-entries". Feature Req. #1674919: "Support "set limit + table-entries""
    • + +
  • better compliance with PF 4.x. Feature Req. #1679793: "add 'no + state' and 'flags any'". If version is set to 4.x, compiler skips + "flags S/SA keep state" for rules mathcing tcp services. However, + according to the section "1.2. Operational changes" in PF FAQ at + http://www.openbsd.org/faq/upgrade41.html , there should be a way + to add "keep state" explicitly for rules on interface enc0. Added + this option to the rule options dialog.
    • + +
  • Added support for "set skip on " command for PF. If an + interface is marked as "unprotected" in the GUI, compiler + generates this command for it. This is useful for loopback or + other virtual interfaces. + + +
+ +

Improvements and bug fixes in policy compilers for Cisco IOS ACL

+
    +
  • Fixed bug that caused compiler to exit abnormally while + compiling a rule with interface field "all". Compiler should + generate ACL lines for all interfaces of the router (except those + marked "unprotected")
    • +
+ + + diff --git a/doc/ReleaseNotes_2.1.13.txt b/doc/ReleaseNotes_2.1.13.txt new file mode 100644 index 000000000..021c8d8c3 --- /dev/null +++ b/doc/ReleaseNotes_2.1.13.txt @@ -0,0 +1,67 @@ + Firewall Builder Release Notes + +Version 2.1.13 + + Released 07/22/2007 + GUI and compilers v2.1.13 require API library libfwbuilder version 2.1.13 + +Summary + + This is bugfix release; its main focus is better support for new features + available in PF in OpenBSD 4.1 + + For those who wish to build from source, instructions are outlined in the + document "Install and Build instructions" on our web site here + +Improvements and bug fixes in the GUI + + * fixed bug #1740766: "lock not saved". This method now copies the value + of "ro" attribute (read-only). Clear it in the caller if neccessary. + Method duplicate() clears it after calling shallowDuplicate in order + to be able to modify the object, then restores this attribute to its + original value. + * fixed bug #1743117: "crash while editing any". Added check, user + should not be able to unlock Standard objects library + * fixed bug #1753188: "policy activation fails on PIX and IOS". + Installer failed if account used to authenticate to the router or PIX + went straight to 'enable' mode after login. + * added simple template object for Cisco router 36xx + +Improvements and bug fixes in policy compiler for iptables + + * fixed bug #1746257: "fwbuilder breaks IPv6". Added an option to the + firewall settings dialog for iptables that controls whether compiler + should skip generation of the code to set default policy of all ipv6 + chains to DROP. This option is off by default, that is compiler puts + the code in. This helps maintain backwards compatibility with old data + files that do not have this option, which is equivalent to this option + being "off". + * fixed bug #1747332: "missing CONNMARK/ restore mark in Output Chain" + * compiler permits setting direction in the rule while interface field + is "All". This generates iptables command in chain INPUT or OUTPUT + with "-i +" or "-o +" interface specification to match all interfaces. + +Improvements and bug fixes in policy compiler for PF + + * fixed bug #1747828: "anchors generation - "log" not supported". "Log" + keyword is not allowed in "anchor" rules; compiler should not generate + it even if user turned logging on in a rule with action 'Branch' + * implemented support for PF limit options "src-nodes", "tables" and + "table-entries". Feature Req. #1674919: "Support "set limit + table-entries"" + * better compliance with PF 4.x. Feature Req. #1679793: "add 'no state' + and 'flags any'". If version is set to 4.x, compiler skips "flags S/SA + keep state" for rules mathcing tcp services. However, according to the + section "1.2. Operational changes" in PF FAQ at + http://www.openbsd.org/faq/upgrade41.html , there should be a way to + add "keep state" explicitly for rules on interface enc0. Added this + option to the rule options dialog. + * Added support for "set skip on " command for PF. If an interface is + marked as "unprotected" in the GUI, compiler generates this command + for it. This is useful for loopback or other virtual interfaces. + +Improvements and bug fixes in policy compilers for Cisco IOS ACL + + * Fixed bug that caused compiler to exit abnormally while compiling a + rule with interface field "all". Compiler should generate ACL lines + for all interfaces of the router (except those marked "unprotected") diff --git a/doc/ReleaseNotes_2.1.14.html b/doc/ReleaseNotes_2.1.14.html new file mode 100644 index 000000000..59766969b --- /dev/null +++ b/doc/ReleaseNotes_2.1.14.html @@ -0,0 +1,106 @@ + + + + + + + +

Firewall Builder Release Notes

+
+

Version 2.1.14

+
+

+Released 09/10/2007 +
+GUI and compilers v2.1.14 require API library libfwbuilder version 2.1.14 +
+

Summary

+

+This is another bugfix release, it comes with numerous improvements in +the iptables policy importer and fixes for gcc 4.2 and 4.3 + +

+For those who wish to build from source, instructions are outlined +in the document "Install and Build instructions" on our web site here + + + +

Improvements and bug fixes in libfwbuilder library

+
    + +
  • fixed bug #1761373: "libfwbuilder doesn't build on Mandriva + cooker". Applied fixes to make the code compile with gcc 4.2
    • + +
+ +

Improvements and bug fixes in the policy importer for iptables

+
    +
  • fixed bug #1764988: "iptables import -> GUI crash": +

    +

      + +
    • iptables policy importer recognizes and parses target + RETURN
      • + +
    • iptables policy importer recognizes and parses TCP flag + parameters ALL and NONE
      • + +
    • syntax for TCP flag matching in iptables-save should allow + for more than 2 flags in 'comp' part
      • + +
    +

    +

    • + +
  • fixed bug (no num): iptables policy importer should properly + parse numeric protocol specification (e.g. "-p 47").
    • + +
  • added missing supprot for "--log-tcp-sequence", +"--log-tcp-options" and "--log-ip-options" options for target LOG to + iptables policy importer
    • + +
  • added a workaround for a situation when several iptables + commands pass control to the same user-define chain in the + iptables-save file. As of fwbuilder v2.1, branch ruleset is a + child object of PolicyRule. This means two different rules can not + point at the same branch ruleset. This is unfortunate but it is + hard to fix in the current version because it requires changes XML + DTD and API. Will do this in 3.0. Meanwhile, checking if branch + ruleset with requested name already exists and change the name by + adding suffix '1', '2' etc to make it different. Imported rule is + marked as 'bad' (red background) and gets a comment explaining + this.
    • + +
  • fixed bug (no num): importer for iptables should properly assign + rule options when it finds "-m limit" and "--limit" options in the + input file.
    • + +
+ +

Improvements and bug fixes in the GUI

+
    +
  • configure.in: another patch by Carlos Silva + <r3pek@r3pek.org> to add third parameter to + AC_DEFINE_UNQUOTED + +
  • fixed bug reported in Debian Bug report #417685 - added missing + #include to make code compile with gcc 4.3
    • + +
  • applied patch by Carlos Silva <r3pek@r3pek.org> to make + configure.in use ANTLR C++ run-time installed on the system if + it can find one; otherwise it uses copy in src/antlr
    • + +
  • fixed bug #1772722: "installer should recognize when it uses + plink 0.60". We detect when installer uses plink on Windows by + checking the name of the configured ssh client. The check should + be case-insensitive.
    • + +
  • fixed bug #1764971: "allowed value range for burst + limit". Iptables "--limit-burst" option should not be limited in + the GUI.
    • + +
+ + + diff --git a/doc/ReleaseNotes_2.1.14.txt b/doc/ReleaseNotes_2.1.14.txt new file mode 100644 index 000000000..81c3a9218 --- /dev/null +++ b/doc/ReleaseNotes_2.1.14.txt @@ -0,0 +1,64 @@ + Firewall Builder Release Notes + +Version 2.1.14 + + Released 09/10/2007 + GUI and compilers v2.1.14 require API library libfwbuilder version 2.1.14 + +Summary + + This is another bugfix release, it comes with numerous improvements in the + iptables policy importer and fixes for gcc 4.2 and 4.3 + + For those who wish to build from source, instructions are outlined in the + document "Install and Build instructions" on our web site here + +Improvements and bug fixes in libfwbuilder library + + * fixed bug #1761373: "libfwbuilder doesn't build on Mandriva cooker". + Applied fixes to make the code compile with gcc 4.2 + +Improvements and bug fixes in the policy importer for iptables + + * fixed bug #1764988: "iptables import -> GUI crash": + + * iptables policy importer recognizes and parses target RETURN + * iptables policy importer recognizes and parses TCP flag + parameters ALL and NONE + * syntax for TCP flag matching in iptables-save should allow for + more than 2 flags in 'comp' part + + * fixed bug (no num): iptables policy importer should properly parse + numeric protocol specification (e.g. "-p 47"). + * added missing supprot for "--log-tcp-sequence", "--log-tcp-options" + and "--log-ip-options" options for target LOG to iptables policy + importer + * added a workaround for a situation when several iptables commands pass + control to the same user-define chain in the iptables-save file. As of + fwbuilder v2.1, branch ruleset is a child object of PolicyRule. This + means two different rules can not point at the same branch ruleset. + This is unfortunate but it is hard to fix in the current version + because it requires changes XML DTD and API. Will do this in 3.0. + Meanwhile, checking if branch ruleset with requested name already + exists and change the name by adding suffix '1', '2' etc to make it + different. Imported rule is marked as 'bad' (red background) and gets + a comment explaining this. + * fixed bug (no num): importer for iptables should properly assign rule + options when it finds "-m limit" and "--limit" options in the input + file. + +Improvements and bug fixes in the GUI + + * configure.in: another patch by Carlos Silva to add + third parameter to AC_DEFINE_UNQUOTED + * fixed bug reported in Debian Bug report #417685 - added missing + #include to make code compile with gcc 4.3 + * applied patch by Carlos Silva to make configure.in + use ANTLR C++ run-time installed on the system if it can find one; + otherwise it uses copy in src/antlr + * fixed bug #1772722: "installer should recognize when it uses plink + 0.60". We detect when installer uses plink on Windows by checking the + name of the configured ssh client. The check should be + case-insensitive. + * fixed bug #1764971: "allowed value range for burst limit". Iptables + "--limit-burst" option should not be limited in the GUI. diff --git a/doc/ReleaseNotes_2.1.15.html b/doc/ReleaseNotes_2.1.15.html new file mode 100644 index 000000000..278dfc13e --- /dev/null +++ b/doc/ReleaseNotes_2.1.15.html @@ -0,0 +1,88 @@ + + + + + + + +

Firewall Builder Release Notes

+
+

Version 2.1.15

+
+

+Released 12/10/2007 +
+GUI and compilers v2.1.15 require API library libfwbuilder version 2.1.15 +
+

Summary

+

+This is another bugfix release. Several problems with policy installer +running in batch mode have been fixed, also this release resolves +compatibility issues with Windows Vista and Mac OS X Leopard. + +

+For those who wish to build from source, instructions are outlined +in the document "Install and Build instructions" on our web site here + +

+The GUI code is in the freeze for QT4 conversion. I will fix bugs in +policy compilers but will try to avoid changes in the GUI. New GUI +based on QT4 will be released next spring when KDE4 is included in all +major Linux distributions and FreeBSD. There will be one more bugfix +release for v2.1 if necessary. + + +

Improvements and bug fixes in the GUI

+
    +
  • fixed bug #1811781: "Batch Install". Built-in installer used + address of the first firewall of the batch to communicate with + all firewalls in the "batch install" mode. +
    • + +
  • fixed bug #1826558: "OSX 10.5 font problem". This problem + appeared only in Mac OS X Leoprard (10.5) build, other platforms + were unaffected.
    • + +
  • Starting with build 320 Windows packages install on Vista
    • + +
  • Added Brazilian Portuguese translation by Jose Carlos Medeiros + <jose@psabs.com.br>
    • + +
  • fixed bug #1821576: "Rule option tracking gives inavlid config + with default value". Compiler should skip max-src-nodes when it is + set to default '0' in the GUI.
    • +
+ +

Improvements and bug fixes in the policy importer for iptables

+
    +
  • fixed bug #1812295: "Can't use runtime address tables AND + iptabels-restore". Script generated by fwb_ipt used "here + document" if the option "use iptables-restore to activate + policy" was turned on. This did not work in case policy used + any tun-time address table objects. Now generated script + always uses "echo" to generate iptables commands that it sends + to th standard input of iptables-restore. +
    • + +
+ +

Improvements and bug fixes in the policy importer for ipfilter

+
    +
  • applied patch by to add support for + Kerberos rcmd and Kerberos ekshell proxies in ipfilter NAT rules. +
    • + +
+ +

Improvements and bug fixes in the policy importer for pf

+
    +
  • fixed bug #1800875 "'keep state' missing from pass out going + traffic rule". Compilers for pf, ipf and ipfw were affected. +
    • + +
+ + + + diff --git a/doc/ReleaseNotes_2.1.15.txt b/doc/ReleaseNotes_2.1.15.txt new file mode 100644 index 000000000..40c1a7c47 --- /dev/null +++ b/doc/ReleaseNotes_2.1.15.txt @@ -0,0 +1,55 @@ + Firewall Builder Release Notes + +Version 2.1.15 + + Released 12/10/2007 + GUI and compilers v2.1.15 require API library libfwbuilder version 2.1.15 + +Summary + + This is another bugfix release. Several problems with policy installer + running in batch mode have been fixed, also this release resolves + compatibility issues with Windows Vista and Mac OS X Leopard. + + For those who wish to build from source, instructions are outlined in the + document "Install and Build instructions" on our web site here + + The GUI code is in the freeze for QT4 conversion. I will fix bugs in + policy compilers but will try to avoid changes in the GUI. New GUI based + on QT4 will be released next spring when KDE4 is included in all major + Linux distributions and FreeBSD. There will be one more bugfix release for + v2.1 if necessary. + +Improvements and bug fixes in the GUI + + * fixed bug #1811781: "Batch Install". Built-in installer used address + of the first firewall of the batch to communicate with all firewalls + in the "batch install" mode. + * fixed bug #1826558: "OSX 10.5 font problem". This problem appeared + only in Mac OS X Leoprard (10.5) build, other platforms were + unaffected. + * Starting with build 320 Windows packages install on Vista + * Added Brazilian Portuguese translation by Jose Carlos Medeiros + + * fixed bug #1821576: "Rule option tracking gives inavlid config with + default value". Compiler should skip max-src-nodes when it is set to + default '0' in the GUI. + +Improvements and bug fixes in the policy importer for iptables + + * fixed bug #1812295: "Can't use runtime address tables AND + iptabels-restore". Script generated by fwb_ipt used "here document" if + the option "use iptables-restore to activate policy" was turned on. + This did not work in case policy used any tun-time address table + objects. Now generated script always uses "echo" to generate iptables + commands that it sends to th standard input of iptables-restore. + +Improvements and bug fixes in the policy importer for ipfilter + + * applied patch by to add support for + Kerberos rcmd and Kerberos ekshell proxies in ipfilter NAT rules. + +Improvements and bug fixes in the policy importer for pf + + * fixed bug #1800875 "'keep state' missing from pass out going traffic + rule". Compilers for pf, ipf and ipfw were affected. diff --git a/doc/ReleaseNotes_2.1.7.html b/doc/ReleaseNotes_2.1.7.html new file mode 100644 index 000000000..0f7dbe5cf --- /dev/null +++ b/doc/ReleaseNotes_2.1.7.html @@ -0,0 +1,487 @@ + + + + + + + +

Firewall Builder Release Notes

+
+

Version 2.1.7

+
+

+Released 10/31/2006 +
+GUI and compilers v2.1.7 require API library libfwbuilder version 2.1.7 +
+

Summary

+

+ +

+For those who wish to build from source, instructions are outlined +in the document "Install and Build instructions" on our web site here + + +

Installation

+ +

+ Packages of Firewall Builder 2.1 are built in a such way that you + should be able to install them on the same machine with Firewall + Builder 2.0.X. All binaries have names that end with "21", + e.g. "fwbuilder21" or "fwb_ipt21". On Windows the + binary name is the same but the package installs in + directory c:\FWBuilder21 which is different from the default + directory for Firewall Builder 2.0; all registry entries are also + located in different subtrees. All this is done to ensure the user + can run Firewall Builder 2.1 while still using stable version 2.0.12 + on the same machine. +

+ +

Improvements and changes in the GUI

+
    + +
  • The GUI works much faster with very large object trees. Tested + using a data file with over 3000 objects) +

    +

    +
    • + +
  • "Where used" menu item has been added to quickly find and show + all groups and firewall rules that reference given + object. Confirmation dialog that is shown when user tries to + delete an object also shows all groups and rules that use it. +

    +

    +
    • + +
  • By popular request, built-in installer can now save a copy of + .fwb file to the firewall. +

    +

    +
    • + +
  • Compile/install dialog is now an independent window instead of a + modal dialog, this means the user can look at the policy and + objects while compilation and/or installation is going on. This is + especially convenient as it allows one to inspect the rules after + failed compilation while still having compiler error on screen. +

    +

    +
    • + + +
  • Network discovery driud is back, ported from fwbuilder + 1.0. As before, it supports reading object definitions from a + file in /etc/hosts format, can read DNS zone and also can + crawl the network using SNMP queries. +

    +

    +
    • + +
  • Startup wizard ("Welcome to Firewall Builder") has been + removed. The GUI now starts either into an empty database or + opens data file specified on the command line. +

    +

    • + +
  • Keeping track of dependencies between objects. This is + useful when many firewalls in the tree use the same set of + objects. Each firewall object keeps track of objects it + depends on, so if any object is modified, all firewalls that + use it in their rules are marked with bold font to indicate + that they need to be recompiled. Object dependencies are + tracked not only when objects are directly used in rules, + but also when they apepar there indirectly, as members of + groups +

    +

    • + +
  • Added bulk compile and install operations. This is useful + when there are many firewalls in the tree that need to be + compiled and installed in one go. Bulk install operation is + only possible if all firewalls use the same user name and + password for authentication. If this is not the case, + built-in installer can be instructed to ask for the + authentication information before it touches each firewall. +

    +

    • + +
  • All object dialogs have been converted into built-in + panels that appear in the right hand part of the main + window. This simplifies navigation ( pop-up dialogs used to + obscure parts of the main window). Objects open in the + editor on a single mouse click in the tree and rules. +

    +

    • + +
  • Improvements in "Find" function: administrator can now + drag an object into a well in the find dialog panel to make + it search for this particular object. This is useful if the + name of the obejct is not unique. Search by object's name or + a value of its attribute is also possible. +

    + +

    +

    • + +
  • In addition to the "Find" function, the "Find and replace" + operation has been implemented. Objects can be found and + replaced in groups and firewall rules +

    + +

    +

    • + +
+ + +

New object types, new rule types and rule elements, new + actions and other new features

+
    +
  • AddressTable  This object resolves to a set of + IP addresses defined in an external file. The object can be + configured to read the file at compile time or at run time. For + each compile-time AddressTable object defined in the object tree + compiler tries to find and read the file specified in the object + configuration. Compiler aborts processing if the file can not be + found or can not be read. If the file is in place and can be + read, such AddressTable object behaves as if it was a group of + IP address objects, that is, all addresses are explicitly copied + into generated configuration, although compiler may use target + firewall syntax that helps to group such sets of addresses into + tables. Compilers for iptables, ipfw, ipf and PIX generate bunch + of rules matching each address read from the file. Compiler for + PF creates a table and also lists all IP addresses it reads from + the file; it uses the name of the AddressTable object for the + name of the table it creates.

    + + + Run-time AddressTable objects are only supported by + compilers for iptables and PF. Compiler for iptables + generates shell code to read the contents of the file when + firewall configuration is activated. Compiler for PF uses + native "table <name> persist file <file_name>" + syntax. Here also the name of the table is the same as the + name of the AddressTable object it was created for. +

    +

    • + +
  • DNSName:  This object resolves a host name to + the IP address using DNS. Object can be confgiured to do so at + compile time or run time. Resolution is done using system call + gethostbyaddr() to read DNS A records for the name. System + resolver should take care of recursion and CNAME records, if + any. If the name resolves to several IP addresses, all addresses + are used in the generated firewall configuration. Run-time + DNSName objects rely on the target firewall software to be able + to convert symbolic names used in rules into actual IP addresses + at a time when policy is activated. Not all platforms provide + means to support run-time DNSName objects. +

    +

    • + + +
  • TagService:  This object matches tags set by + action Tag. It is translated into --mark + <mark_code> for iptables and tag option for + PF. This service object is only supported by compilers for + iptables and PF. +

    +

    • + +
  • Interface objects can now have an attribute to mark + them as bridge ports, used for bridging firewalls. +

    +

    • + + +
  • Support for routing rules has been implemented using patch + provided by Tidei Maurizio <fwbuilder-routing at + compal.de> Support for routing rules is only implemented in + compiler for iptables. See file README.routing included in + fwbuilder2 package. +

    +

    + NOTE: I can only provide very limited support for this feature, please direct your questions and bugreports to the author +
    +

    +

    • + +
  • Global policy and interface policies have been merged. Each + policy rule now has rule element "Interface". Administrator + can drag and drop interface object of the firewall into this + rule element field. Policy compilers support multiple + interfaces and negation in "Interface" rule element. Rule + element "direction" that previously was only part of the + interface policy rules is now part of all policy rules. +

    +

    • + +
  • Policy rules can have the following new actions:

    +

      +
    • Queue:  This action passes the packet to + user space process for inspection, it is translated + into QUEUE for iptables and divert for + ipfw. This action is only supported by compilers for + iptables and ipfw.. +

      +

      • + +
    • Custom:  This action allows administrator + to define arbitrary piece of code to be used in place of + an action. Supported by compilers for iptables, ipf and + ipfw +

      +

      • + +
    • Branch:  This action is used to create a + branch in the rule set. It works on target platforms that + provide suitable syntax and allow control to return to the + higher level rule set if the branch can not make final + decision about the packet. For iptables this action is + translated into user-defined chain. The name of the chain + is the name of the branch choosen by administrator. For PF + this action is translated into an anchor with the name the + same as the name of the branch defined by the + administrator. This action is only supported by compilers + for iptables and PF. +

      +
      + Fig.1 Rule #0 of the global policy creates a branch with the name rule0_branch +

      +

      +

      • + +
    • Tag:  This action associates internal tag + with the packet. Tag can later be inspected using + service object TagService. This action is + translated into MARK target with + corresponding --set-mark parameter and optionally + additional rule with CONNMARK --save-mark target + for iptables. If option that activates CONNMARK + target is used, compiler also adds a rule at the very + top of the policy to restore the mark. Rules are placed + in INPUT,OUTPUT and FORWARD chain + of the "mangle" table, this ensures + that DNAT happens before rules placed in the + mangle table see the packet. PREROUTING chain in + mangle table is executed before PREROUTING chain + in the nat table, so placing tagging rules in the + PREROUTING chain would make them fire before + DNAT. POSTROUTING chain of the mangle + table, as well as its FORWARD and OUTPUT + chains, work before corresponding chains of the nat + table. In all cases the goal is to make sure DNAT + rules process the packet before, and SNAT rules process + it after filtering and tagging rules.

      + + For PF this action is translated into tag. + Supported only by compilers for iptables and PF. +

      +
      + Fig.2 Example of a rule utilizing action Tag. To illustrate policy branches, this rule belongs to the branch with the name rule0_branch +

      +

      +

      • + +
    • Classify:  This action allows the firewall + to define QoS class for the packet that matches the + rule. It is translated into CLASSIFY for + iptables, with parameter --set-class. For PF it + is translated into queue; compiler for ipfw can + use pipe, queue or divert depending + on how the action is configured by the administrator in + the GUI. This action is only supported by compilers for + iptables, PF and ipfw. +

      +

      • + +
    • Route:  This action makes the firewall to + route the packet that matches the rule through an + interface or a gateway specified in the parameters of the + action. This action is translated into ROUTE target + for iptables and route option for PF and + ipfilter. Compilers for PF and ipfilter + support fastroute, route-to, + reply-to and dup-to options. +

      +
      + Fig.3 Rules #0 and #1 tag packets entering the firewall through interfaces eth0 and eth2; rules #3 and #4 help route reply packets back through the same interfaces +

      +

      + +

      • +
    +

    + The GUI uses different names for the new actions depending + on the target firewall platform to simplify adoption. For + example, new action that created branch in rule set is + called Chain for iptables firewalls and Anchor + for PF fierwalls. +

    +
    • + +
  • Firewall object now has an attribute "inactive". Firewall + marked as inactive will not be picked by the GUI for the bulk + compile and install operations even if the timestamps indicate + that this firewall object needs to be recompiled +

    +

    • + +
+ + +

Compiler for iptables

+
    +
  • Support for address tables loaded from external files at + compile or run time +

    +

    • + +
  • Support user defined chains with predefined names (using + special action ) +

    +

    • + +
  • Support + for CLASSIFY, MARK, CONNMARK, QUEUE, ROUTE + targets +

    +

    • + +
  • Support for physdev module for bridging firewalls +

    +

    • + +
  • additional optimization of rules i INPUT and OUTPUT chain: + now removing firewall object from src or dst to simplify rule + if it uses OUTPUT or INPUT chain. Doing this only if original + rule did not have negation and we do not add any virtual + addresses for NAT. After removal the rule collapses to a + simple command like this: +

    + 

    +	iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT
+
    +

    + this works fine except if we have added virtual addresses for + NAT. It is assumed that firewall object in rules represents + combination of addresses configured in its interfaces in the + GUI. Virtual addresses added for NAT are considered to be a + side effect and connections should not be implicitly permitted + to them by a rule with fw object in destination. The same + applies to fw object in source. See bug #685947 for + discussion. To avoid inadvertently opening holes in the + firewall by a rule like that, we remove fw object only when it + is safe to do so. +

    +

    • + +
  • support for modules connlimit + and hashlimit. There is an option to generate commands + for the latter module using name dstlimit because older + versions of iptables included this module under this (now + obsolete) name. +

    +

    • + +
+ + +

Compiler for PF

+
    + +
  • Support for load balancing rules
    • + +
  • Support for tag and route options
    • + +
  • Support for address ranges and networ objects in TSrc in NAT + rules
    • + +
  • Support for pool types in NAT rules ('bitmask', 'random', + 'source-hash', 'round-robin'), as well as 'static-port' + option.
    • + +
  • Supprot for anchors (by way of a special action)
    • + +
  • Support for tables with predefined names (using AddressTable object)
    • + +
  • Support for packet 'tagging' (by way of a special action and service object TagService)
    • + +
+ + +

Compiler for ipfilter

+
    +
  • Support for PPTP and IRC proxies
    • + +
  • Support for route option
    • + +
+ +

API

+
    +
  • internal object ID is augumented with process ID of the + program that creates an object. This allows fwbedit to quickly + create objects and still ensure their IDs are unique +
    • + +
  • +
+ +

fwbedit

+ +

+ Fwbedit can now create objects and repair broken object + database. This tool can now be used to populate object database + using shell scripts or other automation. For example, to create an + address object in object library 'Test' one could run it like + this: +

+

+ +

+ fwbedit -f filename.fwb -t IPv4 -n newAddress -L Test -o 192.0.2.1 +
+ + 
+       Firewall Builder:  general purpose object tree editing tool
+       Version 2.1.5-b
+       Usage: fwbedit21 -f filename.fwb -u [-a obj,grp] [-r obj,grp] [-d obj] [-s] [-l path] [(-p parent|-L library) -t objtype -n objname [-o object attributes]] 
+
+       -t objtype : create an object of this type
+       -L library : specify library when creating a new object
+       -p obj     : specify parent object when creating a new object
+       -n name    : specify a name of the new object
+       -o attribute1[,attribute2...]  :  specify attributes when creating a new object
+       -a obj,grp :  create reference to object 'obj' in the group 'grp'
+       -r obj,grp :  remove reference to object 'obj' from the group 'grp'
+       -d obj     :  delete object 'obj' and remove references to it from
+       all rules and groups
+       -l path    :  print list of objects for 'path'
+       -s         :  test and repair object tree structure
+       -u         : autoupgrade of file
+
+       An object and a group can be defined by their ID or 
+       by the full path and name in the XML tree
+
+       Object creation syntax:
+
+       -t Firewall -n obj_name -L User -o platform, host OS
+       -t IPv4 -n obj_name -L User -o IP address
+       -t DNSName -n obj_name -L User -o DNS record,run time
+       -t AddressRange -n obj_name -L User -o start address, end address
+       -t ObjectGroup
+       -t Network -n obj_name -L User -o address,netmask
+       -t Interval -n obj_name -L User -o start time,start date,start day,end time, end date, end day
+       -t Interface -n obj_name -L User -o security level,address type (dynamic or unnumbered),management
+       -t Host
+       -t TCPService -n obj_name -L User -o source port range start,end,Destination port range start,end,UAPRSF,UAPRSF
+       -t UDPService -n obj_name -L User -o source port range start,end,Destination port range start,end
+       -t ICMPService -n obj_name -L User -o ICMP type,ICMP code
+       -t IPService -n obj_name -L User -o protocol number,lsrr/ssrr/rr/ts/fragm/short_fragm 
+
+ + + diff --git a/doc/ReleaseNotes_2.1.7.txt b/doc/ReleaseNotes_2.1.7.txt new file mode 100644 index 000000000..4e4645218 --- /dev/null +++ b/doc/ReleaseNotes_2.1.7.txt @@ -0,0 +1,325 @@ + Firewall Builder Release Notes + +Version 2.1.7 + + Released 10/31/2006 + GUI and compilers v2.1.7 require API library libfwbuilder version 2.1.7 + +Summary + + For those who wish to build from source, instructions are outlined in the + document "Install and Build instructions" on our web site here + +Installation + + Packages of Firewall Builder 2.1 are built in a such way that you should + be able to install them on the same machine with Firewall Builder 2.0.X. + All binaries have names that end with "21", e.g. "fwbuilder21" or + "fwb_ipt21". On Windows the binary name is the same but the package + installs in directory c:\FWBuilder21 which is different from the default + directory for Firewall Builder 2.0; all registry entries are also located + in different subtrees. All this is done to ensure the user can run + Firewall Builder 2.1 while still using stable version 2.0.12 on the same + machine. + +Improvements and changes in the GUI + + * The GUI works much faster with very large object trees. Tested using a + data file with over 3000 objects) + + * "Where used" menu item has been added to quickly find and show all + groups and firewall rules that reference given object. Confirmation + dialog that is shown when user tries to delete an object also shows + all groups and rules that use it. + + * By popular request, built-in installer can now save a copy of .fwb + file to the firewall. + + * Compile/install dialog is now an independent window instead of a modal + dialog, this means the user can look at the policy and objects while + compilation and/or installation is going on. This is especially + convenient as it allows one to inspect the rules after failed + compilation while still having compiler error on screen. + + * Network discovery driud is back, ported from fwbuilder 1.0. As before, + it supports reading object definitions from a file in /etc/hosts + format, can read DNS zone and also can crawl the network using SNMP + queries. + + * Startup wizard ("Welcome to Firewall Builder") has been removed. The + GUI now starts either into an empty database or opens data file + specified on the command line. + + * Keeping track of dependencies between objects. This is useful when + many firewalls in the tree use the same set of objects. Each firewall + object keeps track of objects it depends on, so if any object is + modified, all firewalls that use it in their rules are marked with + bold font to indicate that they need to be recompiled. Object + dependencies are tracked not only when objects are directly used in + rules, but also when they apepar there indirectly, as members of + groups + + * Added bulk compile and install operations. This is useful when there + are many firewalls in the tree that need to be compiled and installed + in one go. Bulk install operation is only possible if all firewalls + use the same user name and password for authentication. If this is not + the case, built-in installer can be instructed to ask for the + authentication information before it touches each firewall. + + * All object dialogs have been converted into built-in panels that + appear in the right hand part of the main window. This simplifies + navigation ( pop-up dialogs used to obscure parts of the main window). + Objects open in the editor on a single mouse click in the tree and + rules. + + * Improvements in "Find" function: administrator can now drag an object + into a well in the find dialog panel to make it search for this + particular object. This is useful if the name of the obejct is not + unique. Search by object's name or a value of its attribute is also + possible. + + * In addition to the "Find" function, the "Find and replace" operation + has been implemented. Objects can be found and replaced in groups and + firewall rules + +New object types, new rule types and rule elements, new actions and other new +features + + * AddressTable This object resolves to a set of IP addresses defined in + an external file. The object can be configured to read the file at + compile time or at run time. For each compile-time AddressTable object + defined in the object tree compiler tries to find and read the file + specified in the object configuration. Compiler aborts processing if + the file can not be found or can not be read. If the file is in place + and can be read, such AddressTable object behaves as if it was a group + of IP address objects, that is, all addresses are explicitly copied + into generated configuration, although compiler may use target + firewall syntax that helps to group such sets of addresses into + tables. Compilers for iptables, ipfw, ipf and PIX generate bunch of + rules matching each address read from the file. Compiler for PF + creates a table and also lists all IP addresses it reads from the + file; it uses the name of the AddressTable object for the name of the + table it creates. + + Run-time AddressTable objects are only supported by compilers for + iptables and PF. Compiler for iptables generates shell code to read + the contents of the file when firewall configuration is activated. + Compiler for PF uses native "table persist file " + syntax. Here also the name of the table is the same as the name of the + AddressTable object it was created for. + + * DNSName: This object resolves a host name to the IP address using + DNS. Object can be confgiured to do so at compile time or run time. + Resolution is done using system call gethostbyaddr() to read DNS A + records for the name. System resolver should take care of recursion + and CNAME records, if any. If the name resolves to several IP + addresses, all addresses are used in the generated firewall + configuration. Run-time DNSName objects rely on the target firewall + software to be able to convert symbolic names used in rules into + actual IP addresses at a time when policy is activated. Not all + platforms provide means to support run-time DNSName objects. + + * TagService: This object matches tags set by action Tag. It is + translated into --mark for iptables and tag option for PF. + This service object is only supported by compilers for iptables and + PF. + + * Interface objects can now have an attribute to mark them as bridge + ports, used for bridging firewalls. + + * Support for routing rules has been implemented using patch provided by + Tidei Maurizio Support for routing + rules is only implemented in compiler for iptables. See file + README.routing included in fwbuilder2 package. + + NOTE: I can only provide very limited support for this feature, + please direct your questions and bugreports to the author + + * Global policy and interface policies have been merged. Each policy + rule now has rule element "Interface". Administrator can drag and drop + interface object of the firewall into this rule element field. Policy + compilers support multiple interfaces and negation in "Interface" rule + element. Rule element "direction" that previously was only part of the + interface policy rules is now part of all policy rules. + + * Policy rules can have the following new actions: + + * Queue: This action passes the packet to user space process for + inspection, it is translated into QUEUE for iptables and divert + for ipfw. This action is only supported by compilers for iptables + and ipfw.. + + * Custom: This action allows administrator to define arbitrary + piece of code to be used in place of an action. Supported by + compilers for iptables, ipf and ipfw + + * Branch: This action is used to create a branch in the rule set. + It works on target platforms that provide suitable syntax and + allow control to return to the higher level rule set if the + branch can not make final decision about the packet. For iptables + this action is translated into user-defined chain. The name of + the chain is the name of the branch choosen by administrator. For + PF this action is translated into an anchor with the name the + same as the name of the branch defined by the administrator. This + action is only supported by compilers for iptables and PF. + + Fig.1 Rule #0 of the global policy creates a branch with the name + rule0_branch + + * Tag: This action associates internal tag with the packet. Tag + can later be inspected using service object TagService. This + action is translated into MARK target with corresponding + --set-mark parameter and optionally additional rule with CONNMARK + --save-mark target for iptables. If option that activates + CONNMARK target is used, compiler also adds a rule at the very + top of the policy to restore the mark. Rules are placed in + INPUT,OUTPUT and FORWARD chain of the "mangle" table, this + ensures that DNAT happens before rules placed in the mangle table + see the packet. PREROUTING chain in mangle table is executed + before PREROUTING chain in the nat table, so placing tagging + rules in the PREROUTING chain would make them fire before DNAT. + POSTROUTING chain of the mangle table, as well as its FORWARD and + OUTPUT chains, work before corresponding chains of the nat table. + In all cases the goal is to make sure DNAT rules process the + packet before, and SNAT rules process it after filtering and + tagging rules. + + For PF this action is translated into tag. Supported only by + compilers for iptables and PF. + + Fig.2 Example of a rule utilizing action Tag. To illustrate + policy branches, this rule belongs to the branch with the name + rule0_branch + + * Classify: This action allows the firewall to define QoS class + for the packet that matches the rule. It is translated into + CLASSIFY for iptables, with parameter --set-class. For PF it is + translated into queue; compiler for ipfw can use pipe, queue or + divert depending on how the action is configured by the + administrator in the GUI. This action is only supported by + compilers for iptables, PF and ipfw. + + * Route: This action makes the firewall to route the packet that + matches the rule through an interface or a gateway specified in + the parameters of the action. This action is translated into + ROUTE target for iptables and route option for PF and ipfilter. + Compilers for PF and ipfilter support fastroute, route-to, + reply-to and dup-to options. + + Fig.3 Rules #0 and #1 tag packets entering the firewall through + interfaces eth0 and eth2; rules #3 and #4 help route reply + packets back through the same interfaces + + The GUI uses different names for the new actions depending on the + target firewall platform to simplify adoption. For example, new action + that created branch in rule set is called Chain for iptables firewalls + and Anchor for PF fierwalls. + + * Firewall object now has an attribute "inactive". Firewall marked as + inactive will not be picked by the GUI for the bulk compile and + install operations even if the timestamps indicate that this firewall + object needs to be recompiled + +Compiler for iptables + + * Support for address tables loaded from external files at compile or + run time + + * Support user defined chains with predefined names (using special + action ) + + * Support for CLASSIFY, MARK, CONNMARK, QUEUE, ROUTE targets + + * Support for physdev module for bridging firewalls + + * additional optimization of rules i INPUT and OUTPUT chain: now + removing firewall object from src or dst to simplify rule if it uses + OUTPUT or INPUT chain. Doing this only if original rule did not have + negation and we do not add any virtual addresses for NAT. After + removal the rule collapses to a simple command like this: + + iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT + + + this works fine except if we have added virtual addresses for NAT. It + is assumed that firewall object in rules represents combination of + addresses configured in its interfaces in the GUI. Virtual addresses + added for NAT are considered to be a side effect and connections + should not be implicitly permitted to them by a rule with fw object in + destination. The same applies to fw object in source. See bug #685947 + for discussion. To avoid inadvertently opening holes in the firewall + by a rule like that, we remove fw object only when it is safe to do + so. + + * support for modules connlimit and hashlimit. There is an option to + generate commands for the latter module using name dstlimit because + older versions of iptables included this module under this (now + obsolete) name. + +Compiler for PF + + * Support for load balancing rules + * Support for tag and route options + * Support for address ranges and networ objects in TSrc in NAT rules + * Support for pool types in NAT rules ('bitmask', 'random', + 'source-hash', 'round-robin'), as well as 'static-port' option. + * Supprot for anchors (by way of a special action) + * Support for tables with predefined names (using AddressTable object) + * Support for packet 'tagging' (by way of a special action and service + object TagService) + +Compiler for ipfilter + + * Support for PPTP and IRC proxies + * Support for route option + +API + + * internal object ID is augumented with process ID of the program that + creates an object. This allows fwbedit to quickly create objects and + still ensure their IDs are unique + * fwbedit + + Fwbedit can now create objects and repair broken object database. This + tool can now be used to populate object database using shell scripts or + other automation. For example, to create an address object in object + library 'Test' one could run it like this: + + fwbedit -f filename.fwb -t IPv4 -n newAddress -L Test -o 192.0.2.1 + + Firewall Builder: general purpose object tree editing tool + Version 2.1.5-b + Usage: fwbedit21 -f filename.fwb -u [-a obj,grp] [-r obj,grp] [-d obj] [-s] [-l path] [(-p parent|-L library) -t objtype -n objname [-o object attributes]] + + -t objtype : create an object of this type + -L library : specify library when creating a new object + -p obj : specify parent object when creating a new object + -n name : specify a name of the new object + -o attribute1[,attribute2...] : specify attributes when creating a new object + -a obj,grp : create reference to object 'obj' in the group 'grp' + -r obj,grp : remove reference to object 'obj' from the group 'grp' + -d obj : delete object 'obj' and remove references to it from + all rules and groups + -l path : print list of objects for 'path' + -s : test and repair object tree structure + -u : autoupgrade of file + + An object and a group can be defined by their ID or + by the full path and name in the XML tree + + Object creation syntax: + + -t Firewall -n obj_name -L User -o platform, host OS + -t IPv4 -n obj_name -L User -o IP address + -t DNSName -n obj_name -L User -o DNS record,run time + -t AddressRange -n obj_name -L User -o start address, end address + -t ObjectGroup + -t Network -n obj_name -L User -o address,netmask + -t Interval -n obj_name -L User -o start time,start date,start day,end time, end date, end day + -t Interface -n obj_name -L User -o security level,address type (dynamic or unnumbered),management + -t Host + -t TCPService -n obj_name -L User -o source port range start,end,Destination port range start,end,UAPRSF,UAPRSF + -t UDPService -n obj_name -L User -o source port range start,end,Destination port range start,end + -t ICMPService -n obj_name -L User -o ICMP type,ICMP code + -t IPService -n obj_name -L User -o protocol number,lsrr/ssrr/rr/ts/fragm/short_fragm + diff --git a/doc/ReleaseNotes_2.1.8.html b/doc/ReleaseNotes_2.1.8.html new file mode 100644 index 000000000..8a866713a --- /dev/null +++ b/doc/ReleaseNotes_2.1.8.html @@ -0,0 +1,97 @@ + + + + + + + +

Firewall Builder Release Notes

+
+

Version 2.1.8

+
+

+Released 12/02/2006 +
+GUI and compilers v2.1.8 require API library libfwbuilder version 2.1.8 +
+

Summary

+

+ +

+For those who wish to build from source, instructions are outlined +in the document "Install and Build instructions" on our web site here + + +

Installation

+ +

+ + Optinon poll ran on the fwbuilder-discussion mailing list showed + that majority of users are not interested in ability to install and + run both fwbuilder 2.0 and 2.1 on the same machine at the same + time. Hence we are reverting to the old naming schema without suffix + '21' for the binaries and man pages in this release. + +

+ +

Improvements and bug fixes in the GUI

+
    + +
  • The user can search for objects using regular expressions + matching their names or attributes. +

    +

    +
    • + +
  • Fixed bug #1592130: "Policy Chaining Issues". The GUI should + properly display nested branch rulesets. The user can create + policy branches within other branches. +
    • + + +
+ + +

All compilers

+ +
    +
  • Fixed bug #1590746 "problem with using "DNS Names" objects on MS + Windows". Compiler failed to convert DNSName objects set to resolve + at compile time into IP addresses. +
    • +
+ + +

Compiler for iptables

+
    +
  • fixed bug #1593221: "iptables filtering bridge problem - PHYSDEV: + no physdev opti..." Some times rules were generated with "-m + physdev" but witout "--physdev-in" or "--physdev-out" options. +
    • +
+ +

Compiler for Cisco PIX

+
    + +
  • fixed a bug (no num, support req. #1604103: "fwb_pix policy + compiler dies when SNMP or NTP hosts defined". Compiler did not + print error message when it could not find an interface with + network zone matching IP address of NTP or SNMP server (it just + printed the address without explanation of what went wrong) +
    • + +
  • Experimental utility fwb_pix_diff has been added to the + package. This utility takes two PIX configurations on the command + line and produces the 'diff' that consists of a set of commands + that should bring the firewall from the state defined by the first + config to the state defined by the second. Only PIX 7.0 is + supported. This utility will be incorporated into policy installer + in the future to make policy updates simpler and faster, + especially when small changes are made to the large set of access + lists and nat rules. +
    • +
+ + + diff --git a/doc/ReleaseNotes_2.1.8.txt b/doc/ReleaseNotes_2.1.8.txt new file mode 100644 index 000000000..6ef1417e8 --- /dev/null +++ b/doc/ReleaseNotes_2.1.8.txt @@ -0,0 +1,56 @@ + Firewall Builder Release Notes + +Version 2.1.8 + + Released 12/02/2006 + GUI and compilers v2.1.8 require API library libfwbuilder version 2.1.8 + +Summary + + For those who wish to build from source, instructions are outlined in the + document "Install and Build instructions" on our web site here + +Installation + + Optinon poll ran on the fwbuilder-discussion mailing list showed that + majority of users are not interested in ability to install and run both + fwbuilder 2.0 and 2.1 on the same machine at the same time. Hence we are + reverting to the old naming schema without suffix '21' for the binaries + and man pages in this release. + +Improvements and bug fixes in the GUI + + * The user can search for objects using regular expressions matching + their names or attributes. + + * Fixed bug #1592130: "Policy Chaining Issues". The GUI should properly + display nested branch rulesets. The user can create policy branches + within other branches. + +All compilers + + * Fixed bug #1590746 "problem with using "DNS Names" objects on MS + Windows". Compiler failed to convert DNSName objects set to resolve at + compile time into IP addresses. + +Compiler for iptables + + * fixed bug #1593221: "iptables filtering bridge problem - PHYSDEV: no + physdev opti..." Some times rules were generated with "-m physdev" but + witout "--physdev-in" or "--physdev-out" options. + +Compiler for Cisco PIX + + * fixed a bug (no num, support req. #1604103: "fwb_pix policy compiler + dies when SNMP or NTP hosts defined". Compiler did not print error + message when it could not find an interface with network zone matching + IP address of NTP or SNMP server (it just printed the address without + explanation of what went wrong) + * Experimental utility fwb_pix_diff has been added to the package. This + utility takes two PIX configurations on the command line and produces + the 'diff' that consists of a set of commands that should bring the + firewall from the state defined by the first config to the state + defined by the second. Only PIX 7.0 is supported. This utility will be + incorporated into policy installer in the future to make policy + updates simpler and faster, especially when small changes are made to + the large set of access lists and nat rules. diff --git a/doc/ReleaseNotes_2.1.9.html b/doc/ReleaseNotes_2.1.9.html new file mode 100644 index 000000000..55056ecaf --- /dev/null +++ b/doc/ReleaseNotes_2.1.9.html @@ -0,0 +1,187 @@ + + + + + + + +

Firewall Builder Release Notes

+
+

Version 2.1.9

+
+

+Released 02/10/2007 +
+GUI and compilers v2.1.9 require API library libfwbuilder version 2.1.9 +
+

Summary

+

+This is bugfix release. + +

+For those who wish to build from source, instructions are outlined +in the document "Install and Build instructions" on our web site here + + + +

Improvements and bug fixes in the GUI

+
    + +
  • New feature: new operation "Tools/Find Conflicting Objects in + Two Data Files". This operation inspects two data files (either + .fwb or .fwl) and finds conflicting objects. Conflicting objects + have the same internal ID but different attributes. Two data files + can not be merged, or one imported into another, if they contain + such objects. This operation also helps identify changes made to + objects in two copies of the same data file. This operation does + not find objects present in one file but not in the other, such + objects present no problem for merge or import operations. This + operation works with two external files, neither of which needs to + be opened in the program. Currently opened data file is not + affected by this operation and objects in the tree do not + change. In the process of this operation user is presented with + series of dialogs showing conflicting objects side by side. In the + end the program can generate report and write it to a text + file.
    • + + +
  • installOptionsDialog was too large and did not fit on some + laptop screens. Doing tricks to make sure the dialog properly + resized after unused GUI elements are hidden. +
    • + +
  • bug #1629521: "can't delete empty chain/policy tab"
    • + +
  • bug #1619842: "prolog "script editor" opens behind other + windows"
    • + +
  • bug #1620206: "RuleOptions' "Apply" button greyed-out until menu + selection"
    • + +
  • bug 1619930: "Prolog tab's ScriptEditor's import fails to + overwrite"
    • + +
  • bug #1617501:"Install fails after compile". The GUI got confused + when user enter full path to the policy file in the "Output file + name" input field in the "Compiler" tab of firewall object + dialog. Making sure we always strip directory path from the file + name if user specified full path for the policy file in the + "Output file name" input field in the "Compiler" tab of firewall + object dialog. Need to strip path when macro "%FWSCRIPT%" is + substituted in installation scriptlets and in some other + places.
    • + +
  • "Apply" and "Close" buttons in the objct editor panel should be + of fixed size horizontally
    • + +
  • bug #1624577: "group window doesn't stay open on + multiple-adds". Using special flag to tell ObjectTreeView that it + should ignore MouseReleaseEvent it gets after d&d operation, so it + wont switch object in the editor panel. Note the bug triggered + only on Mac OS X.
    • + +
  • bug (no num.): GUI used show fanthom 'Policy', 'NAT' and + 'Routing' tabs when user deleted objects from the Deleted Objects + library, provided some of these objects were previously deleted + firewalls.
    • + +
  • bug #1620284: "conflict when adding library to + Preferences/Libraries". When the user tried to add a library to + the list in Preferemces/Libraries when a data file with the same + object library was loaded, the GUI detected the conflict and + showed error dialog.
    • + +
  • bug #1650369: "[patch] please add support for + GNU/kFreeBSD". Applied patch to make code compile on kFreeBSD.
    • + +
+ + + + +

Compiler for iptables

+
    +
  • bug #1623338: "Can not disable rules in a branch". Compiler for + iptables ignored flag 'disabled' on rules in a branch. +
    • + +
  • bug #1623113: 'connlimit fails in compiled "address table" + rules' Module connlimit can only be used in iptables rules + matching TCP services. Such iptables commands have "-p tcp" + and/or "-m tcp" options. If a rule in fwbuilder uses TCP Service + and connlimit option and has multiple objects in src and dst, + optimizer used to split it to minimize matches. It however + preserved connlimit option in all subrules, even though some of + them did not have TCP service after the split. This lead to + generation of incorrect iptables commands.
    • + +
  • bug #1620925: "compile-time AddressTable object with empty + file". Compile-time AddressTable object that uses file with no + addresses should be treated as an empty group according to the + "Ignore empty groups" option.
    • + +
  • bug #1618381: "CLASSIFY/MARK are non-terminating". This bug + report in fact reported several problems. +

    +

      +
    • For action Branch with option to add branching rule to the + mangle table: we now generate rules in PREROUTING, + POSTROUTING, INPUT, OUTPUT and FORWARD chains. This is + because some targets can only work in PREROUTING or + POSTROUTING chains but we do not know what rules will user + put in the branch. So we need to branch in all chains +
      • + +
    • For rules in mangle table with direction set to Inbound or + Outbound force chain to PREROUTING or POSTROUTING + respectively early. This eliminates duplicates such as the + same rule in PREROUTING and INPUT chains. Also since most + (all?) targets that require mangle table go into either + PREROUTING or POSTROUTING chains, it should be enough to use + these two chains. +
      • + +
    • Non-terminating rules shadow each other "backwards", that + is more general rule shadows other rules _above_ it. Added + flag 'reverse' to the method find_more_general_rule and + added new rule processor + DetectShadowingForNonTerminatingRules that finds such cases + of 'reverse' shadowing. Using it for rules in the mangle + table for iptables. +
      • + +
    • Adding iptables rule with target ACCEPT to emulate + terminating behavior for Tag and Classify actions. Emulation + is controlled by a global option in the "Compiler" tab of + the firewall properties dialog (default is "off"). This + means emulation can be turned on and off for all rules that + might require it at once. It is impossible to mix such rules + with terminating and non-termninating behavior. The reason + for this is that shadowing detection algorithm can only work + with either terminating or non-terminating rules, not with + the mix.
      • + +
    +

    +
    • + +
  • bug #1628989: "run-time-loaded rules don't accept ";" as line + comment"
    • + +
  • bug #1632054: "Runtime AddressObjects FAIL to load if "Name:" + contains "."". Compiler checks if the name of the run-time + AddressTable object contains characters that have special meaning + in sheel and relaces them with '_' when it generates the name of + the temporary shell variable.
    • + +
  • bug (no num.): data files used for run-time AddressTable objects + can have empty lines, the script should skip them.
    • + + + +
+ + + + diff --git a/doc/ReleaseNotes_2.1.9.txt b/doc/ReleaseNotes_2.1.9.txt new file mode 100644 index 000000000..c1a771ec8 --- /dev/null +++ b/doc/ReleaseNotes_2.1.9.txt @@ -0,0 +1,118 @@ + Firewall Builder Release Notes + +Version 2.1.9 + + Released 02/10/2007 + GUI and compilers v2.1.9 require API library libfwbuilder version 2.1.9 + +Summary + + This is bugfix release. + + For those who wish to build from source, instructions are outlined in the + document "Install and Build instructions" on our web site here + +Improvements and bug fixes in the GUI + + * New feature: new operation "Tools/Find Conflicting Objects in Two Data + Files". This operation inspects two data files (either .fwb or .fwl) + and finds conflicting objects. Conflicting objects have the same + internal ID but different attributes. Two data files can not be + merged, or one imported into another, if they contain such objects. + This operation also helps identify changes made to objects in two + copies of the same data file. This operation does not find objects + present in one file but not in the other, such objects present no + problem for merge or import operations. This operation works with two + external files, neither of which needs to be opened in the program. + Currently opened data file is not affected by this operation and + objects in the tree do not change. In the process of this operation + user is presented with series of dialogs showing conflicting objects + side by side. In the end the program can generate report and write it + to a text file. + * installOptionsDialog was too large and did not fit on some laptop + screens. Doing tricks to make sure the dialog properly resized after + unused GUI elements are hidden. + * bug #1629521: "can't delete empty chain/policy tab" + * bug #1619842: "prolog "script editor" opens behind other windows" + * bug #1620206: "RuleOptions' "Apply" button greyed-out until menu + selection" + * bug 1619930: "Prolog tab's ScriptEditor's import fails to overwrite" + * bug #1617501:"Install fails after compile". The GUI got confused when + user enter full path to the policy file in the "Output file name" + input field in the "Compiler" tab of firewall object dialog. Making + sure we always strip directory path from the file name if user + specified full path for the policy file in the "Output file name" + input field in the "Compiler" tab of firewall object dialog. Need to + strip path when macro "%FWSCRIPT%" is substituted in installation + scriptlets and in some other places. + * "Apply" and "Close" buttons in the objct editor panel should be of + fixed size horizontally + * bug #1624577: "group window doesn't stay open on multiple-adds". Using + special flag to tell ObjectTreeView that it should ignore + MouseReleaseEvent it gets after d&d operation, so it wont switch + object in the editor panel. Note the bug triggered only on Mac OS X. + * bug (no num.): GUI used show fanthom 'Policy', 'NAT' and 'Routing' + tabs when user deleted objects from the Deleted Objects library, + provided some of these objects were previously deleted firewalls. + * bug #1620284: "conflict when adding library to Preferences/Libraries". + When the user tried to add a library to the list in + Preferemces/Libraries when a data file with the same object library + was loaded, the GUI detected the conflict and showed error dialog. + * bug #1650369: "[patch] please add support for GNU/kFreeBSD". Applied + patch to make code compile on kFreeBSD. + +Compiler for iptables + + * bug #1623338: "Can not disable rules in a branch". Compiler for + iptables ignored flag 'disabled' on rules in a branch. + * bug #1623113: 'connlimit fails in compiled "address table" rules' + Module connlimit can only be used in iptables rules matching TCP + services. Such iptables commands have "-p tcp" and/or "-m tcp" + options. If a rule in fwbuilder uses TCP Service and connlimit option + and has multiple objects in src and dst, optimizer used to split it to + minimize matches. It however preserved connlimit option in all + subrules, even though some of them did not have TCP service after the + split. This lead to generation of incorrect iptables commands. + * bug #1620925: "compile-time AddressTable object with empty file". + Compile-time AddressTable object that uses file with no addresses + should be treated as an empty group according to the "Ignore empty + groups" option. + * bug #1618381: "CLASSIFY/MARK are non-terminating". This bug report in + fact reported several problems. + + * For action Branch with option to add branching rule to the mangle + table: we now generate rules in PREROUTING, POSTROUTING, INPUT, + OUTPUT and FORWARD chains. This is because some targets can only + work in PREROUTING or POSTROUTING chains but we do not know what + rules will user put in the branch. So we need to branch in all + chains + * For rules in mangle table with direction set to Inbound or + Outbound force chain to PREROUTING or POSTROUTING respectively + early. This eliminates duplicates such as the same rule in + PREROUTING and INPUT chains. Also since most (all?) targets that + require mangle table go into either PREROUTING or POSTROUTING + chains, it should be enough to use these two chains. + * Non-terminating rules shadow each other "backwards", that is more + general rule shadows other rules _above_ it. Added flag 'reverse' + to the method find_more_general_rule and added new rule processor + DetectShadowingForNonTerminatingRules that finds such cases of + 'reverse' shadowing. Using it for rules in the mangle table for + iptables. + * Adding iptables rule with target ACCEPT to emulate terminating + behavior for Tag and Classify actions. Emulation is controlled by + a global option in the "Compiler" tab of the firewall properties + dialog (default is "off"). This means emulation can be turned on + and off for all rules that might require it at once. It is + impossible to mix such rules with terminating and + non-termninating behavior. The reason for this is that shadowing + detection algorithm can only work with either terminating or + non-terminating rules, not with the mix. + + * bug #1628989: "run-time-loaded rules don't accept ";" as line comment" + * bug #1632054: "Runtime AddressObjects FAIL to load if "Name:" contains + "."". Compiler checks if the name of the run-time AddressTable object + contains characters that have special meaning in sheel and relaces + them with '_' when it generates the name of the temporary shell + variable. + * bug (no num.): data files used for run-time AddressTable objects can + have empty lines, the script should skip them. diff --git a/doc/ReleaseNotes_2_0.html b/doc/ReleaseNotes_2_0.html new file mode 100644 index 000000000..fc9264e6f --- /dev/null +++ b/doc/ReleaseNotes_2_0.html @@ -0,0 +1,335 @@ + + + + + + + +

Firewall Builder Release Notes

+
+

Version 2.0

+
+

+Released 07/28/04 +
+GUI and compilers v2.0 require API library libfwbuilder version 2.0 +
+

Summary

+

+ +Firewall Builder GUI v2.0 has been completely rewritten using QT +

+For those who wish to build from source, instructions are outlined +in "Install +and Build instructions" + +

What's new

+

+ The GUI has been rewritten from scratch. The new GUI is based on + QT 3.x. It has been tested with Qt v3.1.1, 3.2.3 and 3.3.1. We + build on RedHat 9.0, Mandrake 10, SuSE 9.1, FreeBSD 5.2 using QT + packages that come with these systems. + +

The GUI has been redesigned to addresses problems known to + exist in fwbuilder 1.1.x user interface: + +

    +
  • Speed imporevements in the GUI. Firewall policy that consist + of 1000 rules renders just as fast as policy that has only 10 + rules. The GUI has actually been tested with 1000 rules + policies.
    • + +
  • Object tree is not synchronized with firewall policy + view. Selecting an object in the tree does not immediately open + it in the right hand panel in the main window. Right hand side + panel is dedicated for the policy view and always shows policy + or NAT rules of the firewall selected in the pull-down menu + above it. Editing of all objects is done in a separate floating + editor window that can be kept open at all times. +
    • + +
  • Properties of an object selected in the tree or in any rule + are shown in the information panel under the tree. The size of + the panel can be changed; the panel has three modes of + operation: a) hidden, b) showing only comment associated with + selected object, c) showing its parameters and comment. User can + choose the mode by clilcking on the toolbar button under the + information panel.
    • + +
  • "Find object" function finds obejcts by their name in the + tree, in groups and in rules. Regular expressions are + recognized.
    • + +
  • Built-in version control based on RCS provides for a simple + way to track changes.
    • + +
  • Data file can be opened read-only for inspection. If the + file is checked out and locked by a different user, it can only + be opened read-only.
    • + +
  • Data file can be given on the command line without "-f" + switch. The "-f" is also supported for backwards + compatibility.
    • + +
  • The program does not make copies of standard objects in user + data file anymore (per Feature Request #810504 "'Standard' + definitions should not be saved" )
    • + +
  • Users can create and distribute their own libraries of + objects. The GUI allows for objects to be exported to external + library file with extension .fwl and imported from such + file.
    • + +
  • Objects in the 'Standard' objects library, as well as + objects in libraries imported from external files, are + read-only
    • + +
  • Added an option for autosave - if this option is turned on, + the gui periodically saves data to the file. The autosave + interval can be set between 1 minute and 2 hours.
    • + +
  • The GUI detects collisions between objects when external + library is imported. Collision is detected when any attribute of + an objects in the tree is different from that attribute in the + object with the same unique ID in the file being imported. Some + old data files may trigger collisions because of subtle + differences in comments
    • + +
  • Whenever user changes the name of a firewall, host or an + interface object, the GUI asks whether they want to also rename + all IP and MAC addresses that belong to that firewall or + host. If user agrees to rename them, the program generates names + automatically using scheme 'host_name:interface_name:ip' and + 'host_name:interface_name:mac'
    • + +
  • Deleted objects are moved to a special library and can be + recovered with "Undelete" operation
    • + +
  • Rules can be color-labeled in all policies.
    • + +
  • Window size and position is remembered across multiple + sessions for all dialogs.
    • + +
  • Two modes of drag-and-drop of objects in policy and NAT + rules: dragging of an object moves it; dragging of an object + with Ctrl key pressed copies it
    • + +
  • Multiple objects can be selected in the tree. Operations + such as duplication, moving between libraries, copy/paste can be + performed on multiple selected objects
    • + +
  • Multiple rules can also be selected for operations such as + moving, deleting, copy/paste, setting colors
    • + +
  • A collection of firewall template objects comes in a + separate XML file with the package. You can create a new + firewall object using one for these templates. This replaced + "help me build firewall" wizard.
    • + +
  • The "Help me build firewall policy" wizard was phased out + and replaced with firewall templates. The template library will + be extended in the future releases.
    • + +
  • GUI has a built-in installer that uses external ssh client + to communicate with firewall. Installer has simple GUI interface + and works on both Linux and Windows (uses putty or SecureCRT on + Windows). There is no need in external install script + fwb_install anymore.
    • + +
  • An option has been added to firewall platforms iptables, + ipfilter, pf and ipfw that sets up a policy rule to permit ssh + access from one specified IP address to the firewall regardless + of other rules. This is for a backup ssh access from the + management workstation in case of an error in the policy that + locks user out of the firewall. The option (a checkbox and entry + field for the management station address) is located in the + "Compiler" tab of the firewall settings dialog. A command that + permits ssh to the firewall from the given address is added on + top of all other rules.
    • + +
  • Packages for Windows 2000, Windows XP and Mac OS X will be + distributed under a different license.
    • + +
  • The build process is based on qmake and uses autoconf + sparingly. Libtool is not used at all.
    • + +
  • Internationalization is done using gettext 0.14.1 which + supports QT .qm files
    • + +
  • Reasonably complete French translation is provided.
    • + +
  • Object names and comments are stored in the object file in + UTF-8 format. This allows for names and comments to be entered + and displayed in local languages. Although object names can be + localized, it is recommended to keep firewall names in plain + ASCII because compilers do not support UTF-8 yet. This fixes + very old bug #657156: "Special characters problem".
    • + +
  • Code compiles with gcc 3.4
    • +
+
+ + +
+
+

New firewall platforms and new features that apply to all + platforms:

+
    +
  • + Added support for Linksys devices running Sveasoft + firmware. Firewall object should be configured as platform + "iptables", host OS "linksys". Policy installer works both + using password and public key authentication.
    • + +
  • Added an option to firewall platforms iptables, ipfilter, pf + and ipfw that sets up a policy rule to permit ssh access from + one specified IP address to the firewall regardless of other + rules. This is for a backup ssh access from the management + workstation in case of an error in the policy that locks user + out of the firewall. The option (a checkbox and entry field for + the management station address) is located in the "Compiler" tab + of the firewall settings dialog. A command that permits ssh to + the firewall from the given address is added on top of all other + rules.
    • + +
  • added attribute 'lastModified' to element FWBObjectDatabase + in DTD. this attribute holds time of last modification done to + any object in the database (GMT). Added support for this + attribute in class FWObjectDatabase. This attribute is + implied.
    • +
+ +
+
+
+ +

Bugs fixed in libfwbuilder API:

+
    +
  • fixed bug that appeared only when used with libxml2 2.6.6 + and libxslt 1.0.33 - '*Group' elements were not converted + properly (losing all child elements). It worked on RH 9 with + libxml2 2.5.4 and libxslt 1.0.27. Fix tested with libxml2 2.6.6 + and libxslt 1.0.33 on Fedora C1
    • + +
  • Method Firewall::duplicate replaces references to the + firewall, its interfaces as well as IPv4 and physical addresses + of the interfaces in all rule sets with references to the copies + of corresponding objects. Now firewall created from another one + using 'duplicate' does not reference interfaces or addresses + that belong to the original firewall object.
    • + +
  • bug #950857: "Incorrect conversion of address range" - + address range that consisted of two IP addresses was converted + to a set of networks incorrectly.
    • + +
  • bug that occured on big endian architecture (e.g. Macintosh) + because of incorrect usage of preprocessor directives to check + BYTE_ORDER. This bug caused incorrect address arithmetics.
    • + +
  • bug #906709: "A dynamic interface". Dynamic interface used + to "shadow" old broadcast object (0.0.0.0)
    • +
+ + +
+
+

New features in iptables policy compiler fwb_ipt:

+
    +
  • Feature Request #913273: make "assume fw is part of any" a + per-rule option
    • + +
  • Processing of policy rules where firewall object is used in + src or dst with negation (possibly in combination with other + objects) has been optimized. Before, generated script would + match firewall's addresses in INPUT/OUTPUT and FORWARD chains + which added redundant checks in the FORWARD chain.
    • +
+ + +
+
+

Bugs fixed in iptables policy compiler fwb_ipt:

+
    +
  • + bug #956544: "Error into load modules script generation", + where generated script would not load kernel modules with + names "module.ko.gz". Regular expression should match on + ".ko.*$" to find these modules properly. Thanks to Andrey + Kaminsky who pointed this out. +
    • + +
  • bug #934949: "duplicate rules". fwb_ipt created duplicate + rules for a bridging firewall if fw object or its interfaces or + their addresses were not in the source or desintaion
    • + +
  • bug #912849: "Reorder activation of network interfaces in + IPT" - script generated by the compiler for iptables sets + default policy to DROP, flushes all rules and then reconfigures + interfaces of the firewall (it used to reconfigure intefaces and + then flush the rules).
    • + +
  • bug #906709: "A dynamic interface". Dynamic interface used + to "shadow" old broadcast object (0.0.0.0)
    • + +
  • bug #979484: "improper command for rule with service any and + action reject." For rules like that, and if rule options dialog + does not specify particular way to handle this combination, the + compiler splits the rule; the first iptables command rejects any + tcp packet with TCP RST, while the second rejects everything + else with ICMP message.
    • + +
  • bug #917422: "compiler misinterprets interface with addr + 0.0.0.0". If an interface has IP address "0.0.0.0", it is + considered an error.
    • + +
  • bug #978854: "false rule generated for fw object in + interface rule". Policy compiler for iptables generated + incorrect code for rules using negated firewall object in source + or destination when global option "assume firewall is part of + any" was turned off.
    • + +
  • bug #925199: "compiles wrongly a double negation". Policy + compiler for iptables generated incorrect code for rules where + two rule elements used negation (i.e. both src and dst, or dst + and srv, etc.)
    • + +
  • bug #988860: "Logging missing when firewall start is + aborted". When iptables script generated by fwb_ipt finds + missing interfaces, it prints error message both on stdout and + sends it to the log.
    • + +
  • bug #965558: "False ruleset generated for iptables (negate + w/ nat)". There were problems with double negations in NAT rules + (OSrc and ODst, or ODst and OSrv, etc).
    • + +
  • bugs #935794: "dual translation and negation in fwb_ipt" and + #986376: "Wrong result for negated source in NAT rules". Dual + translation rule with negation in OSrc did not process negation + in the second half (POSTROUTING rule, the one that translates + the source).
    • + +
  • bug #990037: "Wrong rule generated: fw interface included in + negated group". Rules with negation should not generate code in + INPUT/OUTPUT chains if option "assume firewall is part of any" + is off.
    • +
+ + +
+
+

Bugs fixed in iptables policy compiler fwb_pf:

+
    +
  • bug (no number) where fwb_pf would not include code defined by + custom service object in the .conf file
    • + +
  • bug #985527: pf NAT rules miss destination port + specification. NAT rules that translate to "map" missed + destination port specification.
    • + +
  • bug #986518: "PF redirection always point to loopback + address"
    • +
+ + + diff --git a/doc/ReleaseNotes_2_0.txt b/doc/ReleaseNotes_2_0.txt new file mode 100644 index 000000000..2cbec50aa --- /dev/null +++ b/doc/ReleaseNotes_2_0.txt @@ -0,0 +1,227 @@ + Firewall Builder Release Notes + +Version 2.0 + + Released 07/28/04 + GUI and compilers v2.0 require API library libfwbuilder version 2.0 + +Summary + + Firewall Builder GUI v2.0 has been completely rewritten using QT + + For those who wish to build from source, instructions are outlined in + "Install and Build instructions" + +What's new + + The GUI has been rewritten from scratch. The new GUI is based on QT 3.x. + It has been tested with Qt v3.1.1, 3.2.3 and 3.3.1. We build on RedHat + 9.0, Mandrake 10, SuSE 9.1, FreeBSD 5.2 using QT packages that come with + these systems. + + The GUI has been redesigned to addresses problems known to exist in + fwbuilder 1.1.x user interface: + + * Speed imporevements in the GUI. Firewall policy that consist of 1000 + rules renders just as fast as policy that has only 10 rules. The GUI + has actually been tested with 1000 rules policies. + * Object tree is not synchronized with firewall policy view. Selecting + an object in the tree does not immediately open it in the right hand + panel in the main window. Right hand side panel is dedicated for the + policy view and always shows policy or NAT rules of the firewall + selected in the pull-down menu above it. Editing of all objects is + done in a separate floating editor window that can be kept open at + all times. + * Properties of an object selected in the tree or in any rule are + shown in the information panel under the tree. The size of the panel + can be changed; the panel has three modes of operation: a) hidden, + b) showing only comment associated with selected object, c) showing + its parameters and comment. User can choose the mode by clilcking on + the toolbar button under the information panel. + * "Find object" function finds obejcts by their name in the tree, in + groups and in rules. Regular expressions are recognized. + * Built-in version control based on RCS provides for a simple way to + track changes. + * Data file can be opened read-only for inspection. If the file is + checked out and locked by a different user, it can only be opened + read-only. + * Data file can be given on the command line without "-f" switch. The + "-f" is also supported for backwards compatibility. + * The program does not make copies of standard objects in user data + file anymore (per Feature Request #810504 "'Standard' definitions + should not be saved" ) + * Users can create and distribute their own libraries of objects. The + GUI allows for objects to be exported to external library file with + extension .fwl and imported from such file. + * Objects in the 'Standard' objects library, as well as objects in + libraries imported from external files, are read-only + * Added an option for autosave - if this option is turned on, the gui + periodically saves data to the file. The autosave interval can be + set between 1 minute and 2 hours. + * The GUI detects collisions between objects when external library is + imported. Collision is detected when any attribute of an objects in + the tree is different from that attribute in the object with the + same unique ID in the file being imported. Some old data files may + trigger collisions because of subtle differences in comments + * Whenever user changes the name of a firewall, host or an interface + object, the GUI asks whether they want to also rename all IP and MAC + addresses that belong to that firewall or host. If user agrees to + rename them, the program generates names automatically using scheme + 'host_name:interface_name:ip' and 'host_name:interface_name:mac' + * Deleted objects are moved to a special library and can be recovered + with "Undelete" operation + * Rules can be color-labeled in all policies. + * Window size and position is remembered across multiple sessions for + all dialogs. + * Two modes of drag-and-drop of objects in policy and NAT rules: + dragging of an object moves it; dragging of an object with Ctrl key + pressed copies it + * Multiple objects can be selected in the tree. Operations such as + duplication, moving between libraries, copy/paste can be performed + on multiple selected objects + * Multiple rules can also be selected for operations such as moving, + deleting, copy/paste, setting colors + * A collection of firewall template objects comes in a separate XML + file with the package. You can create a new firewall object using + one for these templates. This replaced "help me build firewall" + wizard. + * The "Help me build firewall policy" wizard was phased out and + replaced with firewall templates. The template library will be + extended in the future releases. + * GUI has a built-in installer that uses external ssh client to + communicate with firewall. Installer has simple GUI interface and + works on both Linux and Windows (uses putty or SecureCRT on + Windows). There is no need in external install script fwb_install + anymore. + * An option has been added to firewall platforms iptables, ipfilter, + pf and ipfw that sets up a policy rule to permit ssh access from one + specified IP address to the firewall regardless of other rules. This + is for a backup ssh access from the management workstation in case + of an error in the policy that locks user out of the firewall. The + option (a checkbox and entry field for the management station + address) is located in the "Compiler" tab of the firewall settings + dialog. A command that permits ssh to the firewall from the given + address is added on top of all other rules. + * Packages for Windows 2000, Windows XP and Mac OS X will be + distributed under a different license. + * The build process is based on qmake and uses autoconf sparingly. + Libtool is not used at all. + * Internationalization is done using gettext 0.14.1 which supports QT + .qm files + * Reasonably complete French translation is provided. + * Object names and comments are stored in the object file in UTF-8 + format. This allows for names and comments to be entered and + displayed in local languages. Although object names can be + localized, it is recommended to keep firewall names in plain ASCII + because compilers do not support UTF-8 yet. This fixes very old bug + #657156: "Special characters problem". + * Code compiles with gcc 3.4 + +New firewall platforms and new features that apply to all platforms: + + * Added support for Linksys devices running Sveasoft firmware. + Firewall object should be configured as platform "iptables", host OS + "linksys". Policy installer works both using password and public key + authentication. + * Added an option to firewall platforms iptables, ipfilter, pf and + ipfw that sets up a policy rule to permit ssh access from one + specified IP address to the firewall regardless of other rules. This + is for a backup ssh access from the management workstation in case + of an error in the policy that locks user out of the firewall. The + option (a checkbox and entry field for the management station + address) is located in the "Compiler" tab of the firewall settings + dialog. A command that permits ssh to the firewall from the given + address is added on top of all other rules. + * added attribute 'lastModified' to element FWBObjectDatabase in DTD. + this attribute holds time of last modification done to any object in + the database (GMT). Added support for this attribute in class + FWObjectDatabase. This attribute is implied. + + -------------------------------------------------------------------- + +Bugs fixed in libfwbuilder API: + + * fixed bug that appeared only when used with libxml2 2.6.6 and + libxslt 1.0.33 - '*Group' elements were not converted properly + (losing all child elements). It worked on RH 9 with libxml2 2.5.4 + and libxslt 1.0.27. Fix tested with libxml2 2.6.6 and libxslt 1.0.33 + on Fedora C1 + * Method Firewall::duplicate replaces references to the firewall, its + interfaces as well as IPv4 and physical addresses of the interfaces + in all rule sets with references to the copies of corresponding + objects. Now firewall created from another one using 'duplicate' + does not reference interfaces or addresses that belong to the + original firewall object. + * bug #950857: "Incorrect conversion of address range" - address range + that consisted of two IP addresses was converted to a set of + networks incorrectly. + * bug that occured on big endian architecture (e.g. Macintosh) because + of incorrect usage of preprocessor directives to check BYTE_ORDER. + This bug caused incorrect address arithmetics. + * bug #906709: "A dynamic interface". Dynamic interface used to + "shadow" old broadcast object (0.0.0.0) + +New features in iptables policy compiler fwb_ipt: + + * Feature Request #913273: make "assume fw is part of any" a per-rule + option + * Processing of policy rules where firewall object is used in src or + dst with negation (possibly in combination with other objects) has + been optimized. Before, generated script would match firewall's + addresses in INPUT/OUTPUT and FORWARD chains which added redundant + checks in the FORWARD chain. + +Bugs fixed in iptables policy compiler fwb_ipt: + + * bug #956544: "Error into load modules script generation", where + generated script would not load kernel modules with names + "module.ko.gz". Regular expression should match on ".ko.*$" to find + these modules properly. Thanks to Andrey Kaminsky who + pointed this out. + * bug #934949: "duplicate rules". fwb_ipt created duplicate rules for + a bridging firewall if fw object or its interfaces or their + addresses were not in the source or desintaion + * bug #912849: "Reorder activation of network interfaces in IPT" - + script generated by the compiler for iptables sets default policy to + DROP, flushes all rules and then reconfigures interfaces of the + firewall (it used to reconfigure intefaces and then flush the + rules). + * bug #906709: "A dynamic interface". Dynamic interface used to + "shadow" old broadcast object (0.0.0.0) + * bug #979484: "improper command for rule with service any and action + reject." For rules like that, and if rule options dialog does not + specify particular way to handle this combination, the compiler + splits the rule; the first iptables command rejects any tcp packet + with TCP RST, while the second rejects everything else with ICMP + message. + * bug #917422: "compiler misinterprets interface with addr 0.0.0.0". + If an interface has IP address "0.0.0.0", it is considered an error. + * bug #978854: "false rule generated for fw object in interface rule". + Policy compiler for iptables generated incorrect code for rules + using negated firewall object in source or destination when global + option "assume firewall is part of any" was turned off. + * bug #925199: "compiles wrongly a double negation". Policy compiler + for iptables generated incorrect code for rules where two rule + elements used negation (i.e. both src and dst, or dst and srv, etc.) + * bug #988860: "Logging missing when firewall start is aborted". When + iptables script generated by fwb_ipt finds missing interfaces, it + prints error message both on stdout and sends it to the log. + * bug #965558: "False ruleset generated for iptables (negate w/ nat)". + There were problems with double negations in NAT rules (OSrc and + ODst, or ODst and OSrv, etc). + * bugs #935794: "dual translation and negation in fwb_ipt" and + #986376: "Wrong result for negated source in NAT rules". Dual + translation rule with negation in OSrc did not process negation in + the second half (POSTROUTING rule, the one that translates the + source). + * bug #990037: "Wrong rule generated: fw interface included in negated + group". Rules with negation should not generate code in INPUT/OUTPUT + chains if option "assume firewall is part of any" is off. + +Bugs fixed in iptables policy compiler fwb_pf: + + * bug (no number) where fwb_pf would not include code defined by + custom service object in the .conf file + * bug #985527: pf NAT rules miss destination port specification. NAT + rules that translate to "map" missed destination port specification. + * bug #986518: "PF redirection always point to loopback address" diff --git a/doc/ReleaseNotes_template.html b/doc/ReleaseNotes_template.html new file mode 100644 index 000000000..3aed9956d --- /dev/null +++ b/doc/ReleaseNotes_template.html @@ -0,0 +1,131 @@ + + + + + + + +

Firewall Builder Release Notes

+
+

Version 2.0.1

+
+

+Released MM/DD/YY +
+GUI and compilers v2.0.1 require API library libfwbuilder version 2.0.1 +
+

Summary

+

+ +

+For those who wish to build from source, instructions are outlined +in the document "Install and Build instructions" on our web site here + +

What's new

+
    +
  • Improvements in the GUI: +

    +

      +
    • + +
      • + +
    +
    +
    • + +
  • Improvements in policy compiler for iptables: +

    +

      +
    • + +
      • + +
    +

    +
    • + +
  • Improvements in policy compiler for ipfiler: +

    +

      +
    • + +
      • + +
    +

    +

    • + +
  • Improvements in policy compilers for all platforms: +

    +

      +
    • + +
      • +
    +

    +

    • + +
  • + New components: +

    +

      +
    • + +
      • +
    +
    +
+ +
+
+
+ +

Bugs fixed in libfwbuilder API:

+
    +
  • + +
    • +
+ + +
+
+

Bugs fixed in GUI:

+
    +
  • + +
    • + +
+ +
+
+

Bugs fixed in iptables policy compiler fwb_ipt:

+
    +
  • + +
    • +
+ +
+
+

Bugs fixed in iptables policy compiler fwb_ipf:

+
    +
  • + +
    • +
+ +
+
+

Bugs fixed in iptables policy compiler fwb_pf:

+
    +
  • + +
    • +
+ + + diff --git a/doc/doc.pro b/doc/doc.pro new file mode 100644 index 000000000..a1a639c9e --- /dev/null +++ b/doc/doc.pro @@ -0,0 +1,69 @@ +#-*- mode: makefile; tab-width: 4; -*- +# + +include(../qmake.inc) + +win32 { + QMAKE_RUN_CC = @echo + QMAKE_RUN_CXX = @echo + QMAKE_LINK = @echo +} +!win32 { + QMAKE_RUN_CC = @echo > /dev/null + QMAKE_RUN_CXX = @echo > /dev/null + QMAKE_LINK = @echo > /dev/null +} + +TARGET = doc + +doc.files = AUTHORS \ + ChangeLog \ + COPYING \ + Credits \ + README.floppyfw \ + README.ipf \ + README.ipfw \ + README.ipt \ + README.pf \ + README.routing \ + README.iosacl \ + README.policy_import \ + FWBuilder-Routing-LICENSE.txt \ + PatchAcceptancePolicy.txt \ + ReleaseNotes_2.1.7.html \ + ReleaseNotes_2.1.7.txt \ + ReleaseNotes_2.1.8.html \ + ReleaseNotes_2.1.8.txt \ + ReleaseNotes_2.1.9.html \ + ReleaseNotes_2.1.9.txt \ + ReleaseNotes_2.1.10.html \ + ReleaseNotes_2.1.10.txt \ + ReleaseNotes_2.1.11.html \ + ReleaseNotes_2.1.11.txt \ + ReleaseNotes_2.1.12.html \ + ReleaseNotes_2.1.12.txt \ + ReleaseNotes_2.1.13.html \ + ReleaseNotes_2.1.13.txt \ + ReleaseNotes_2.1.14.html \ + ReleaseNotes_2.1.14.txt \ + ReleaseNotes_2.1.15.html \ + ReleaseNotes_2.1.15.txt + +doc.path = $$DOCDIR + +man.files = fwbedit.1 \ + fwblookup.1 \ + fwbuilder.1 \ + fwb_ipf.1 \ + fwb_ipfw.1 \ + fwb_ipt.1 \ + fwb_pf.1 \ + +# fwb_install.1 \ +# fwb_compile_all.1 \ + +man.path = $$MANDIR/man1 + +INSTALLS -= target +INSTALLS += doc +INSTALLS += man diff --git a/doc/examples.fwb b/doc/examples.fwb new file mode 100644 index 000000000..8d5114731 --- /dev/null +++ b/doc/examples.fwb @@ -0,0 +1,446 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/doc/fwb_compile_all.1 b/doc/fwb_compile_all.1 new file mode 100644 index 000000000..be26b3410 --- /dev/null +++ b/doc/fwb_compile_all.1 @@ -0,0 +1,56 @@ +.TH fwb_compile_all 1 "" FWB "Firewall Builder" +.SH NAME +fwb_compile_all \- Wrapper script that compiles policies for multiple firewall objects +.SH SYNOPSIS + +.B fwb_compile_all +.RB -f file.xml +.RB [-d wdir] +.RB [-av] +[obj[ obj ...]] + +.SH "DESCRIPTION" + +.B fwb_compile_all +is a wrapper script that compiles policies for several firewall +objects in one batch job. This script takes a list of firewall object +names on the command line (or '-a' command line option, see below) and +calls policy compiler for each one. The script correctly determines +which policy compiler is needed depending on the firewall platform of +each object. + +.SH OPTIONS +.IP "-a" +The script processes all firewall objects in the "/Firewalls" subtree. + +.IP "-d wdir" +Specify working directory. Compiler creates file with iptables script +in this directory. If this parameter is missing, then iptables script +will be placed in the current working directory. + +.IP "-f FILE" +Specify the name of the data file to be processed. + +.IP "-v" +Script passes this option to the compiler, this makes it print +diagnostic messages indicating its progress. + +.SH URL +Firewall Builder home page is located at the following URL: +.B http://www.fwbuilder.org/ + +.SH BUGS +Please report bugs using bug tracking system on SourceForge: + +.BR http://sourceforge.net/tracker/?group_id=5314&atid=105314 + + +.SH SEE ALSO +.BR fwbuilder(1), +.BR fwb_ipt(1) +.BR fwb_ipf(1) +.BR fwb_pf(1) +.BR fwbedit(1), +.BR fwblookup(1) + +.P diff --git a/doc/fwb_install.1 b/doc/fwb_install.1 new file mode 100644 index 000000000..b4aad7dba --- /dev/null +++ b/doc/fwb_install.1 @@ -0,0 +1,126 @@ +.\"-*- mode: nroff; tab-width: 4; -*- +.\" +.de Sp +.if n .sp +.if t .sp 0.4 +.. +.TH fwb_install 1 "" FWB "Firewall Builder" +.SH NAME +fwb_install \- Firewall policy installation and activation script +.SH SYNOPSIS + +.B fwb_install +.B [-d wdir] +.B -f data_file.xml +object_name + +.SH "DESCRIPTION" + +.B fwb_install +is firewall policy installation and activation script for Firewall +Builder (see fwbuilder(1)). This script transfers compiled +rulesets via ssh to a firewall and activates them. Optionally it +transfers a backup of the .xml source file, too. +.PP +The data file and the name of the firewall objects must be specified +on the command line. Other command line parameters are optional. +.PP +The firewall rules should allow ssh traffic to the firewall, or you +will lock yourself out. +.PP + +.SH INSTALLATION + +You should have a ssh and sshd installed and configured properly. +.PP +Make a public/private keypair using ssh-keygen tool, the public key +goes into ~$REMOTEUSER/.ssh/ on the firewall, $SSHIDENTITY locally +points to the private key. Protect your key with a good passphrase! +.PP +Tell fwbuilder to use the script: enter /home/vadim/Projects/fwb/fwbuilder/../usr//bin/fwb_install (a full +path and name for this script) in the "install script" entry field in +the firewall object dialog. +.PP +To customize the script you can adjust the following variables inside +of it : +.PP +.PD 0 +.TP +.B REMOTEDIR +Specifies where the firewall script or configuration file will be +placed on the firewall (default: "/etc/firewall") +.TP +.B REMOTEUSER +Specifies the user on the firewall allowed to set up the firewall rulesets +(default: "root") +.TP +.B DOXMLBACKUP +Specifies whether we want to store a backup copy of the .xml on the firewall +(default: "YES") +.TP +.B SSHIDENTITY +location of private ssh key (default: "${HOME}/.ssh/id_dsa") + + +.SH OPTIONS +.IP "-f FILE" +Specify the name of the data file to be processed. + +.IP "-d wdir" +Specify working directory. Policy compilers create firewall +configurations and/or scripts in this directory. If this parameter is +missing, then script looks in the current working directory. + +.SH CAVEATS + +The firewall rules should allow ssh traffic to the firewall, or you +will lock yourself out. + +.PP +The script uses address of firewall's interface which is marked as +"management". The script aborts if there is no management interface. + +.PP +There still is a depenency on the current DTD structure in that the +script assumes that all firewalls are always located in the tree +branch "Firewalls". This may change in the future; the script will +need to be updated then. + +.PP +This script has been developed and tested for iptables firewall on +Linux systems. To the best of my knowledge, nobody used this script +for any other firewall type or OS, however it should work for any +firewall running on a Unix box where firewall configuration is +represented in a form of a shell script. On example is ipfw used on +FreeBSD or Mac OS X. + +.PP +.SH URL +Firewall Builder home page is located at the following URL: +.B http://www.fwbuilder.org/ + +.SH BUGS +Please report bugs using bug tracking system on SourceForge: + +.BR http://sourceforge.net/tracker/?group_id=5314&atid=105314 + +.SH AUTHOR + +David Gullasch , +Changes and corrections by Vadim Kurland + +.SH DISCLAIMER + +(K) 2001 by David Gullasch , All +rights reversed. Copy what you like, but give credit and include this +note. Don't blame me when this script does not do what you want it to +- there is no bug-free software. + + +.SH SEE ALSO +.BR fwbuilder(1), +.BR fwb_ipt(1), +.BR fwb_ipf(1), +.BR fwb_pf(1) + +.P diff --git a/doc/fwb_ipf.1 b/doc/fwb_ipf.1 new file mode 100644 index 000000000..94eee7edd --- /dev/null +++ b/doc/fwb_ipf.1 @@ -0,0 +1,139 @@ +.de Sp +.if n .sp +.if t .sp 0.4 +.. +.TH fwb_ipf 1 "" FWB "Firewall Builder" +.SH NAME +fwb_ipf \- Policy compiler for ipfilter +.SH SYNOPSIS + +.B fwb_ipf +.B [-vVx] +.B [-d wdir] +.B [-o output.fw] +.B -f data_file.xml +object_name + +.SH "DESCRIPTION" + +.B fwb_ipf +is a firewall policy compiler component of Firewall Builder (see +fwbuilder(1)). This compiler generates code for ipfilter. Compiler +reads objects definitions and firewall description from the data file +specified with "-f" option and generates ipfilter configuration files +and firewall activation script. + +All generated files have names that start with the name of the +firewall object. Firewall activation script has extension ".fw" and is +simple shell script that flushes current policy, loads new filter and +nat rules and then activates ipfilter. IPFilter configuration file name +starts with the name of the firewall object, plus "-ipf.conf". NAT +configuration file name also starts with the name of the firewall +object, plus "-nat.conf". For example, if firewall object has name +"myfirewall", then compiler will create three files: "myfirewall.fw", +"myfirewall-pf.conf", "myfirewall-nat.conf". + +The data file and the name of the firewall objects must be specified +on the command line. Other command line parameters are optional. + + +.SH OPTIONS +.IP "-f FILE" +Specify the name of the data file to be processed. + +.IP "-o output.fw" +Specify output file name + +.IP "-d wdir" +Specify working directory. Compiler creates firewall activation +script and ipfilter configuration files in this directory. If this +parameter is missing, then all files will be placed in the +current working directory. + +.IP "-v" +Be verbose: compiler prints diagnostic messages when it works. + +.IP "-V" +Print version number and quit. + +.IP "-x" +Generate debugging information while working. This option is intended +for debugging only and may produce lots of cryptic messages. + +.SH NOTES + +Support for ipf returned in version 1.0.1 of Firewall Builder + +Supported features: + + +.IP o +both ipf.conf and nat.conf files are generated + +.IP o +negation in policy rules + +.IP o +stateful inspection in individual rule can be turned off in rule +options dialog. By default compiler adds "keep state" or "modulate +state" to each rule with action 'pass' + +.IP o +rule options dialog provides a choice of icmp or tcp rst replies for +rules with action "Reject" + +.IP o +compiler adds flag "allow-opts" if match on ip options is needed + +.IP o +compiler can generate rules matching on TCP flags + +.IP o +compiler can generate script adding ip aliases for NAT rules using addresses +that do not belong to any interface of the firewall + +.IP o +compiler always adds rule "block quick all" at the very bottom of +the script to ensure "block all by default" policy even if the policy +is empty. + +.IP o +Address ranges in both policy and NAT + + + +.PP +Features that are not supported (yet) + +.IP o +negation in NAT + +.IP o +custom services + + + +.PP +Features that won't be supported (at least not anytime soon) + +.IP o +policy routing + + + +.SH URL +Firewall Builder home page is located at the following URL: +.B http://www.fwbuilder.org/ + +.SH BUGS +Please report bugs using bug tracking system on SourceForge: + +.BR http://sourceforge.net/tracker/?group_id=5314&atid=105314 + + +.SH SEE ALSO +.BR fwbuilder(1), +.BR fwb_ipt(1), +.BR fwb_pf(1) + +.P diff --git a/doc/fwb_ipf21.1 b/doc/fwb_ipf21.1 new file mode 100644 index 000000000..94eee7edd --- /dev/null +++ b/doc/fwb_ipf21.1 @@ -0,0 +1,139 @@ +.de Sp +.if n .sp +.if t .sp 0.4 +.. +.TH fwb_ipf 1 "" FWB "Firewall Builder" +.SH NAME +fwb_ipf \- Policy compiler for ipfilter +.SH SYNOPSIS + +.B fwb_ipf +.B [-vVx] +.B [-d wdir] +.B [-o output.fw] +.B -f data_file.xml +object_name + +.SH "DESCRIPTION" + +.B fwb_ipf +is a firewall policy compiler component of Firewall Builder (see +fwbuilder(1)). This compiler generates code for ipfilter. Compiler +reads objects definitions and firewall description from the data file +specified with "-f" option and generates ipfilter configuration files +and firewall activation script. + +All generated files have names that start with the name of the +firewall object. Firewall activation script has extension ".fw" and is +simple shell script that flushes current policy, loads new filter and +nat rules and then activates ipfilter. IPFilter configuration file name +starts with the name of the firewall object, plus "-ipf.conf". NAT +configuration file name also starts with the name of the firewall +object, plus "-nat.conf". For example, if firewall object has name +"myfirewall", then compiler will create three files: "myfirewall.fw", +"myfirewall-pf.conf", "myfirewall-nat.conf". + +The data file and the name of the firewall objects must be specified +on the command line. Other command line parameters are optional. + + +.SH OPTIONS +.IP "-f FILE" +Specify the name of the data file to be processed. + +.IP "-o output.fw" +Specify output file name + +.IP "-d wdir" +Specify working directory. Compiler creates firewall activation +script and ipfilter configuration files in this directory. If this +parameter is missing, then all files will be placed in the +current working directory. + +.IP "-v" +Be verbose: compiler prints diagnostic messages when it works. + +.IP "-V" +Print version number and quit. + +.IP "-x" +Generate debugging information while working. This option is intended +for debugging only and may produce lots of cryptic messages. + +.SH NOTES + +Support for ipf returned in version 1.0.1 of Firewall Builder + +Supported features: + + +.IP o +both ipf.conf and nat.conf files are generated + +.IP o +negation in policy rules + +.IP o +stateful inspection in individual rule can be turned off in rule +options dialog. By default compiler adds "keep state" or "modulate +state" to each rule with action 'pass' + +.IP o +rule options dialog provides a choice of icmp or tcp rst replies for +rules with action "Reject" + +.IP o +compiler adds flag "allow-opts" if match on ip options is needed + +.IP o +compiler can generate rules matching on TCP flags + +.IP o +compiler can generate script adding ip aliases for NAT rules using addresses +that do not belong to any interface of the firewall + +.IP o +compiler always adds rule "block quick all" at the very bottom of +the script to ensure "block all by default" policy even if the policy +is empty. + +.IP o +Address ranges in both policy and NAT + + + +.PP +Features that are not supported (yet) + +.IP o +negation in NAT + +.IP o +custom services + + + +.PP +Features that won't be supported (at least not anytime soon) + +.IP o +policy routing + + + +.SH URL +Firewall Builder home page is located at the following URL: +.B http://www.fwbuilder.org/ + +.SH BUGS +Please report bugs using bug tracking system on SourceForge: + +.BR http://sourceforge.net/tracker/?group_id=5314&atid=105314 + + +.SH SEE ALSO +.BR fwbuilder(1), +.BR fwb_ipt(1), +.BR fwb_pf(1) + +.P diff --git a/doc/fwb_ipfw.1 b/doc/fwb_ipfw.1 new file mode 100644 index 000000000..3c2d37fca --- /dev/null +++ b/doc/fwb_ipfw.1 @@ -0,0 +1,78 @@ +.de Sp +.if n .sp +.if t .sp 0.4 +.. +.TH fwb_ipfw 1 "" FWB "Firewall Builder" +.SH NAME +fwb_ipfw \- Policy compiler for ipfw +.SH SYNOPSIS + +.B fwb_ipfw +.B [-vVx] +.B [-d wdir] +.B [-o output.fw] +.B -f data_file.xml +object_name + +.SH "DESCRIPTION" + +.B fwb_ipfw +is a firewall policy compiler component of Firewall Builder (see +fwbuilder(1)). This compiler generates code for ipfw - a firewall and +traffic shaper in FreeBSD (see ipfw(8)). Compiler reads objects +definitions and firewall description from the data file specified with +"-f" option and generates firewall configuration and activation +script. + +The generated file has a name that starts with the name of the +firewall object, with an extension ".fw". It is a shell script that +flushes current policy, then loads new filter and nat rules. + +The data file and the name of the firewall objects must be specified +on the command line. Other command line parameters are optional. + + +.SH OPTIONS +.IP "-f FILE" +Specify the name of the data file to be processed. + +.IP "-o output.fw" +Specify output file name + +.IP "-d wdir" +Specify working directory. Compiler creates firewall activation +script in this directory. If this parameter is missing, then all +files will be placed in the current working directory. + +.IP "-v" +Be verbose: compiler prints diagnostic messages when it works. + +.IP "-V" +Print version number and quit. + +.IP "-x" +Generate debugging information while working. This option is intended +for debugging only and may produce lots of cryptic messages. + +.SH NOTES + +Support for ipfw was added in version 1.0.10 of Firewall Builder + + +.SH URL +Firewall Builder home page is located at the following URL: +.B http://www.fwbuilder.org/ + +.SH BUGS +Please report bugs using bug tracking system on SourceForge: + +.BR http://sourceforge.net/tracker/?group_id=5314&atid=105314 + + +.SH SEE ALSO +.BR fwbuilder(1), +.BR fwb_ipt(1), +.BR fwb_pf(1) +.BR fwb_ipf(1) + +.P diff --git a/doc/fwb_ipfw21.1 b/doc/fwb_ipfw21.1 new file mode 100644 index 000000000..3c2d37fca --- /dev/null +++ b/doc/fwb_ipfw21.1 @@ -0,0 +1,78 @@ +.de Sp +.if n .sp +.if t .sp 0.4 +.. +.TH fwb_ipfw 1 "" FWB "Firewall Builder" +.SH NAME +fwb_ipfw \- Policy compiler for ipfw +.SH SYNOPSIS + +.B fwb_ipfw +.B [-vVx] +.B [-d wdir] +.B [-o output.fw] +.B -f data_file.xml +object_name + +.SH "DESCRIPTION" + +.B fwb_ipfw +is a firewall policy compiler component of Firewall Builder (see +fwbuilder(1)). This compiler generates code for ipfw - a firewall and +traffic shaper in FreeBSD (see ipfw(8)). Compiler reads objects +definitions and firewall description from the data file specified with +"-f" option and generates firewall configuration and activation +script. + +The generated file has a name that starts with the name of the +firewall object, with an extension ".fw". It is a shell script that +flushes current policy, then loads new filter and nat rules. + +The data file and the name of the firewall objects must be specified +on the command line. Other command line parameters are optional. + + +.SH OPTIONS +.IP "-f FILE" +Specify the name of the data file to be processed. + +.IP "-o output.fw" +Specify output file name + +.IP "-d wdir" +Specify working directory. Compiler creates firewall activation +script in this directory. If this parameter is missing, then all +files will be placed in the current working directory. + +.IP "-v" +Be verbose: compiler prints diagnostic messages when it works. + +.IP "-V" +Print version number and quit. + +.IP "-x" +Generate debugging information while working. This option is intended +for debugging only and may produce lots of cryptic messages. + +.SH NOTES + +Support for ipfw was added in version 1.0.10 of Firewall Builder + + +.SH URL +Firewall Builder home page is located at the following URL: +.B http://www.fwbuilder.org/ + +.SH BUGS +Please report bugs using bug tracking system on SourceForge: + +.BR http://sourceforge.net/tracker/?group_id=5314&atid=105314 + + +.SH SEE ALSO +.BR fwbuilder(1), +.BR fwb_ipt(1), +.BR fwb_pf(1) +.BR fwb_ipf(1) + +.P diff --git a/doc/fwb_ipt.1 b/doc/fwb_ipt.1 new file mode 100644 index 000000000..fe0bc172a --- /dev/null +++ b/doc/fwb_ipt.1 @@ -0,0 +1,59 @@ +.TH fwb_ipt 1 "" FWB "Firewall Builder" +.SH NAME +fwb_ipt \- Policy compiler for iptables +.SH SYNOPSIS + +.B fwb_ipt +.RB [-wvV] +.RB [-d wdir] +.RB [-o output.fw] +.RB -f data_file.xml +object_name + +.SH "DESCRIPTION" + +.B fwb_ipt +is a firewall policy compiler component of Firewall Builder (see +fwbuilder(1)). Compiler reads objects definitions and firewall +description from the data file specified with "-f" option and +generates resultant iptables script. The script is written to +the file with the name the same as the name of the firewall +object, plus extension ".fw". + +The data file and the name of the firewall objects must be specified +on the command line. Other command line parameters are optional. + +.SH OPTIONS +.IP "-f FILE" +Specify the name of the data file to be processed. + +.IP "-o output.fw" +Specify output file name + +.IP "-d wdir" +Specify working directory. Compiler creates file with iptables script +in this directory. If this parameter is missing, then iptables script +will be placed in the current working directory. + +.IP "-v" +Be verbose: compiler prints diagnostic messages when it works. + +.IP "-V" +Print version number and quit. + +.SH URL +Firewall Builder home page is located at the following URL: +.B http://www.fwbuilder.org/ + +.SH BUGS +Please report bugs using bug tracking system on SourceForge: + +.BR http://sourceforge.net/tracker/?group_id=5314&atid=105314 + + +.SH SEE ALSO +.BR fwbuilder(1), +.BR fwb_ipf(1), +.BR fwb_pf(1) + +.P diff --git a/doc/fwb_ipt21.1 b/doc/fwb_ipt21.1 new file mode 100644 index 000000000..fe0bc172a --- /dev/null +++ b/doc/fwb_ipt21.1 @@ -0,0 +1,59 @@ +.TH fwb_ipt 1 "" FWB "Firewall Builder" +.SH NAME +fwb_ipt \- Policy compiler for iptables +.SH SYNOPSIS + +.B fwb_ipt +.RB [-wvV] +.RB [-d wdir] +.RB [-o output.fw] +.RB -f data_file.xml +object_name + +.SH "DESCRIPTION" + +.B fwb_ipt +is a firewall policy compiler component of Firewall Builder (see +fwbuilder(1)). Compiler reads objects definitions and firewall +description from the data file specified with "-f" option and +generates resultant iptables script. The script is written to +the file with the name the same as the name of the firewall +object, plus extension ".fw". + +The data file and the name of the firewall objects must be specified +on the command line. Other command line parameters are optional. + +.SH OPTIONS +.IP "-f FILE" +Specify the name of the data file to be processed. + +.IP "-o output.fw" +Specify output file name + +.IP "-d wdir" +Specify working directory. Compiler creates file with iptables script +in this directory. If this parameter is missing, then iptables script +will be placed in the current working directory. + +.IP "-v" +Be verbose: compiler prints diagnostic messages when it works. + +.IP "-V" +Print version number and quit. + +.SH URL +Firewall Builder home page is located at the following URL: +.B http://www.fwbuilder.org/ + +.SH BUGS +Please report bugs using bug tracking system on SourceForge: + +.BR http://sourceforge.net/tracker/?group_id=5314&atid=105314 + + +.SH SEE ALSO +.BR fwbuilder(1), +.BR fwb_ipf(1), +.BR fwb_pf(1) + +.P diff --git a/doc/fwb_pf.1 b/doc/fwb_pf.1 new file mode 100644 index 000000000..9f82e422a --- /dev/null +++ b/doc/fwb_pf.1 @@ -0,0 +1,140 @@ +.de Sp +.if n .sp +.if t .sp 0.4 +.. +.TH fwb_pf 1 "" FWB "Firewall Builder" +.SH NAME +fwb_pf \- Policy compiler for OpenBSD packet filter "pf" +.SH SYNOPSIS + +.B fwb_pf +.B [-vVx] +.B [-d wdir] +.B [-o output.fw] +.B -f data_file.xml +object_name + +.SH "DESCRIPTION" + +.B fwb_pf +is a firewall policy compiler component of Firewall Builder (see +fwbuilder(1)). This compiler generates code for OpenBSD Packet +Filter (pf). Compiler reads objects definitions and firewall description +from the data file specified with "-f" option and generates pf +configuration files and firewall activation script. + +All generated files have names that start with the name of the +firewall object. Firewall activation script has extension ".fw" and is +simple shell script that flushes current policy, loads new filter and +nat rules and then activates pf. PF configuration file name starts +with the name of the firewall object, plus "-pf.conf". NAT +configuration file name also starts with the name of the firewall +object, plus "-nat.conf". For example, if firewall object has name +"myfirewall", then compiler will create three files: "myfirewall.fw", +"myfirewall-pf.conf", "myfirewall-nat.conf". + +The data file and the name of the firewall objects must be specified +on the command line. Other command line parameters are optional. + + +.SH OPTIONS +.IP "-f FILE" +Specify the name of the data file to be processed. + +.IP "-o output.fw" +Specify output file name + +.IP "-d wdir" +Specify working directory. Compiler creates firewall activation +script and PF configuration files in this directory. If this +parameter is missing, then all files will be placed in the +current working directory. + +.IP "-v" +Be verbose: compiler prints diagnostic messages when it works. + +.IP "-V" +Print version number and quit. + +.IP "-x" +Generate debugging information while working. This option is intended +for debugging only and may produce lots of cryptic messages. + +.SH NOTES +Support for PF has been introduced in version 1.0.1 of Firewall Builder + + +Supported features: + +.IP o +both pf.conf and nat.conf files are generated + +.IP o +negation in policy and NAT rules + +.IP o +grouping in "from", "to" and ports using '{' '}' syntax + +.IP o +if checkbox "Scrub" is checked in the rule options dialog, and +rule's action is Accept, the compiler generates two (almost) +identical rules: first with action 'scrub' and the second with +action 'pass quick' + +.IP o +stateful inspection in individual rule can be turned off in rule +options dialog. By default compiler adds "keep state" or "modulate +state" to each rule with action 'pass' + +.IP o +rule options dialog provides a choice of icmp or tcp rst replies for +rules with action "Reject" + +.IP o +compiler adds flag "allow-opts" if match on ip options is needed + +.IP o +compiler can generate rules matching on TCP flags + +.IP o +compiler can generate script adding ip aliases for NAT rules using addresses +that do not belong to any interface of the firewall + +.IP o +compiler always adds rule "block quick all" at the very bottom of +the script to ensure "block all by default" policy even if the policy +is empty. + +.IP o +Address ranges in both policy and NAT + + +.PP +Features that are not supported (yet) + +.IP o +custom services + + +.PP +What will not be supported (at least not anytime soon) + +.IP o +policy routing + +.SH URL +Firewall Builder home page is located at the following URL: +.B http://www.fwbuilder.org/ + +.SH BUGS +Please report bugs using bug tracking system on SourceForge: + +.BR http://sourceforge.net/tracker/?group_id=5314&atid=105314 + + +.SH SEE ALSO +.BR fwbuilder(1), +.BR fwb_ipt(1), +.BR fwb_ipf(1) + +.P diff --git a/doc/fwb_pf21.1 b/doc/fwb_pf21.1 new file mode 100644 index 000000000..9f82e422a --- /dev/null +++ b/doc/fwb_pf21.1 @@ -0,0 +1,140 @@ +.de Sp +.if n .sp +.if t .sp 0.4 +.. +.TH fwb_pf 1 "" FWB "Firewall Builder" +.SH NAME +fwb_pf \- Policy compiler for OpenBSD packet filter "pf" +.SH SYNOPSIS + +.B fwb_pf +.B [-vVx] +.B [-d wdir] +.B [-o output.fw] +.B -f data_file.xml +object_name + +.SH "DESCRIPTION" + +.B fwb_pf +is a firewall policy compiler component of Firewall Builder (see +fwbuilder(1)). This compiler generates code for OpenBSD Packet +Filter (pf). Compiler reads objects definitions and firewall description +from the data file specified with "-f" option and generates pf +configuration files and firewall activation script. + +All generated files have names that start with the name of the +firewall object. Firewall activation script has extension ".fw" and is +simple shell script that flushes current policy, loads new filter and +nat rules and then activates pf. PF configuration file name starts +with the name of the firewall object, plus "-pf.conf". NAT +configuration file name also starts with the name of the firewall +object, plus "-nat.conf". For example, if firewall object has name +"myfirewall", then compiler will create three files: "myfirewall.fw", +"myfirewall-pf.conf", "myfirewall-nat.conf". + +The data file and the name of the firewall objects must be specified +on the command line. Other command line parameters are optional. + + +.SH OPTIONS +.IP "-f FILE" +Specify the name of the data file to be processed. + +.IP "-o output.fw" +Specify output file name + +.IP "-d wdir" +Specify working directory. Compiler creates firewall activation +script and PF configuration files in this directory. If this +parameter is missing, then all files will be placed in the +current working directory. + +.IP "-v" +Be verbose: compiler prints diagnostic messages when it works. + +.IP "-V" +Print version number and quit. + +.IP "-x" +Generate debugging information while working. This option is intended +for debugging only and may produce lots of cryptic messages. + +.SH NOTES +Support for PF has been introduced in version 1.0.1 of Firewall Builder + + +Supported features: + +.IP o +both pf.conf and nat.conf files are generated + +.IP o +negation in policy and NAT rules + +.IP o +grouping in "from", "to" and ports using '{' '}' syntax + +.IP o +if checkbox "Scrub" is checked in the rule options dialog, and +rule's action is Accept, the compiler generates two (almost) +identical rules: first with action 'scrub' and the second with +action 'pass quick' + +.IP o +stateful inspection in individual rule can be turned off in rule +options dialog. By default compiler adds "keep state" or "modulate +state" to each rule with action 'pass' + +.IP o +rule options dialog provides a choice of icmp or tcp rst replies for +rules with action "Reject" + +.IP o +compiler adds flag "allow-opts" if match on ip options is needed + +.IP o +compiler can generate rules matching on TCP flags + +.IP o +compiler can generate script adding ip aliases for NAT rules using addresses +that do not belong to any interface of the firewall + +.IP o +compiler always adds rule "block quick all" at the very bottom of +the script to ensure "block all by default" policy even if the policy +is empty. + +.IP o +Address ranges in both policy and NAT + + +.PP +Features that are not supported (yet) + +.IP o +custom services + + +.PP +What will not be supported (at least not anytime soon) + +.IP o +policy routing + +.SH URL +Firewall Builder home page is located at the following URL: +.B http://www.fwbuilder.org/ + +.SH BUGS +Please report bugs using bug tracking system on SourceForge: + +.BR http://sourceforge.net/tracker/?group_id=5314&atid=105314 + + +.SH SEE ALSO +.BR fwbuilder(1), +.BR fwb_ipt(1), +.BR fwb_ipf(1) + +.P diff --git a/doc/fwbedit.1 b/doc/fwbedit.1 new file mode 100644 index 000000000..ae64171b2 --- /dev/null +++ b/doc/fwbedit.1 @@ -0,0 +1,94 @@ +.TH fwbedit 1 "" FWB "Firewall Builder" +.LO 1 +.SH NAME +fwbedit \- General purpose object tree editing tool +.SH SYNOPSIS + +.B fwbedit +.RB [-a obj,grp] +.RB [-r obj,grp] +.RB [-d obj] +.RB -f data_file.xml + + +.SH "DESCRIPTION" + +.B fwbedit +is a general purpose object tree editing tool for Firewall Builder (see +fwbuilder(1)). This tool can be used in the shell scripts written for +batch-processing of the Firewall Builder data files. Fwbedit can +perform the following operations on the objects and the tree: add a +reference to the given object to a group, remove reference to an +object from a group and delete an object and all references to it from +the tree. Both object and a group can be specified by their ID or +by their name and a full path in the tree (see section +.B EXAMPLES +below). + +.SH OPTIONS +.IP "-f FILE" +Specify the name of the data file to be processed. + +.IP "-a obj,grp" +Adds reference to object 'obj' to the group 'grp'. + +.IP "-r obj,grp" +Removes reference to object 'obj' from the group 'grp'. + +.IP "-d obj" +Deletes object 'obj' and references to it from all groups and rules. + +.IP "-V" +Prints version number and quit. + +.SH EXAMPLES +.PP +fwbedit -f x.xml -a /Objects/Hosts/A,/Objects/Groups/B +.PP +Adds reference to the Host object 'A' to the group 'B'. +.PP +.PP +fwbedit -f x.xml -a id3D71A1BA,id3D151943 +.PP +Adds reference to the object with ID id3D71A1BA to the group with ID +id3D151943. If objects with given IDs do not exist, fwbedit prints an +error message and does not make any changes in the data file. +.PP +.PP +fwbedit -f x.xml -a id3D71A1BA,/Objects/Groups/testgroup +.PP +Adds reference to the object with ID id3D71A1BA to the group +'testgroup'. +.PP +.PP +fwbedit can be used in combination with fwblookup to execute +operations on many objects: +.LP + fwblookup -f x.xml -lP /Objects/Hosts | \\ + grep domain.com | \\ + while read h; do \\ + fwbedit -f x.xml -a $h,/Objects/Groups/domainGRP; \\ + done +.PP +first, this script uses fwblookup to print full path of all Host +objects (option -l in combination with option -P prints full path for +all children objects of /Objects/Hosts), then uses grep to filter only +those hosts that have 'domain.com' in their name, then cycles through +the obtained list and uses fwbedit to add them to the group 'domainGRP'. + + +.SH URL +Firewall Builder home page is located at the following URL: +.B http://www.fwbuilder.org/ + +.SH BUGS +Please report bugs using bug tracking system on SourceForge: + +.BR http://sourceforge.net/tracker/?group_id=5314&atid=105314 + + +.SH SEE ALSO +.BR fwbuilder(1), +.BR fwblookup(1), + +.P diff --git a/doc/fwbedit21.1 b/doc/fwbedit21.1 new file mode 100644 index 000000000..ae64171b2 --- /dev/null +++ b/doc/fwbedit21.1 @@ -0,0 +1,94 @@ +.TH fwbedit 1 "" FWB "Firewall Builder" +.LO 1 +.SH NAME +fwbedit \- General purpose object tree editing tool +.SH SYNOPSIS + +.B fwbedit +.RB [-a obj,grp] +.RB [-r obj,grp] +.RB [-d obj] +.RB -f data_file.xml + + +.SH "DESCRIPTION" + +.B fwbedit +is a general purpose object tree editing tool for Firewall Builder (see +fwbuilder(1)). This tool can be used in the shell scripts written for +batch-processing of the Firewall Builder data files. Fwbedit can +perform the following operations on the objects and the tree: add a +reference to the given object to a group, remove reference to an +object from a group and delete an object and all references to it from +the tree. Both object and a group can be specified by their ID or +by their name and a full path in the tree (see section +.B EXAMPLES +below). + +.SH OPTIONS +.IP "-f FILE" +Specify the name of the data file to be processed. + +.IP "-a obj,grp" +Adds reference to object 'obj' to the group 'grp'. + +.IP "-r obj,grp" +Removes reference to object 'obj' from the group 'grp'. + +.IP "-d obj" +Deletes object 'obj' and references to it from all groups and rules. + +.IP "-V" +Prints version number and quit. + +.SH EXAMPLES +.PP +fwbedit -f x.xml -a /Objects/Hosts/A,/Objects/Groups/B +.PP +Adds reference to the Host object 'A' to the group 'B'. +.PP +.PP +fwbedit -f x.xml -a id3D71A1BA,id3D151943 +.PP +Adds reference to the object with ID id3D71A1BA to the group with ID +id3D151943. If objects with given IDs do not exist, fwbedit prints an +error message and does not make any changes in the data file. +.PP +.PP +fwbedit -f x.xml -a id3D71A1BA,/Objects/Groups/testgroup +.PP +Adds reference to the object with ID id3D71A1BA to the group +'testgroup'. +.PP +.PP +fwbedit can be used in combination with fwblookup to execute +operations on many objects: +.LP + fwblookup -f x.xml -lP /Objects/Hosts | \\ + grep domain.com | \\ + while read h; do \\ + fwbedit -f x.xml -a $h,/Objects/Groups/domainGRP; \\ + done +.PP +first, this script uses fwblookup to print full path of all Host +objects (option -l in combination with option -P prints full path for +all children objects of /Objects/Hosts), then uses grep to filter only +those hosts that have 'domain.com' in their name, then cycles through +the obtained list and uses fwbedit to add them to the group 'domainGRP'. + + +.SH URL +Firewall Builder home page is located at the following URL: +.B http://www.fwbuilder.org/ + +.SH BUGS +Please report bugs using bug tracking system on SourceForge: + +.BR http://sourceforge.net/tracker/?group_id=5314&atid=105314 + + +.SH SEE ALSO +.BR fwbuilder(1), +.BR fwblookup(1), + +.P diff --git a/doc/fwblookup.1 b/doc/fwblookup.1 new file mode 100644 index 000000000..d0032bdc2 --- /dev/null +++ b/doc/fwblookup.1 @@ -0,0 +1,95 @@ +.TH fwblookup 1 "" FWB "Firewall Builder" +.SH NAME +fwblookup \- General purpose object lookup tool +.SH SYNOPSIS + +.B fwblookup +.RB [-a attribute] +.RB [-rADILMNPTV] +.RB -f data_file.xml +object_id|tree_path_to_object + +.SH "DESCRIPTION" + +.B fwblookup +is a general purpose object lookup tool for Firewall Builder (see +fwbuilder(1)). This tool finds object in the data file specified with +"-f" option and prints its attributes requested via command line +options. Object to be found is designated by its ID or full tree path +given as an argument on the command line. This tool can be used in +scripts that need to be able to find and inspect objects in the XML +file, such as firewall policy installation script etc. + +.SH OPTIONS +.IP "-f FILE" +Specify the name of the data file to be processed. + +.IP "-a atribute" +Print value of the XML attribute 'attribute'. If specified attribute +does not exist in the object, fwblookup prints an error message and +terminates. This is universal option that can find and print any +attribute in any object, provided it exists, however you need to know +full tree path to the object or its ID and correct name of the +attribute you want to print. This means that detailed knowledge of +Firewall Builder XML DTD is required. See below for some convenient +shortcut options. This option can be used only once on a command line; +if it is used multiple times, then only the last attribute is printed. + +.IP "-A" +Print an address of the object. Since not all objects can have an +address, the program verifies type of the object and returns an error +if the object does not have an address. + +.IP "-D" +Dump all the data available for the object. If option "-r" is also +used, dump recursively the object and all other objects in the tree +below it. + +.IP "-I" +Print object's ID. + +.IP "-l" +List all the objects located immediately under the given object in the +tree (its 'children') and print their names, IDs, path or type, +depending on the options -N, -I, -T or -P which can be used together +with -l. + +.IP "-L" +Print interface label + +.IP "-M" +Print management address. Only Host and Firewall objects can have +management address. + +.IP "-N" +Print object's name + +.IP "-P" +Print full tree path to the object, starting with a tree root +"FWobjectDatabase". + +.IP "-r" +Dump or list the object and all other objects in the tree below +it (see "-l and -D") + +.IP "-T" +Print objects's type name. + +.IP "-V" +Print version number and quit. + +.SH URL +Firewall Builder home page is located at the following URL: +.B http://www.fwbuilder.org/ + +.SH BUGS +Please report bugs using bug tracking system on SourceForge: + +.BR http://sourceforge.net/tracker/?group_id=5314&atid=105314 + + +.SH SEE ALSO +.BR fwbuilder(1), +.BR fwbedit(1), + +.P diff --git a/doc/fwblookup21.1 b/doc/fwblookup21.1 new file mode 100644 index 000000000..d0032bdc2 --- /dev/null +++ b/doc/fwblookup21.1 @@ -0,0 +1,95 @@ +.TH fwblookup 1 "" FWB "Firewall Builder" +.SH NAME +fwblookup \- General purpose object lookup tool +.SH SYNOPSIS + +.B fwblookup +.RB [-a attribute] +.RB [-rADILMNPTV] +.RB -f data_file.xml +object_id|tree_path_to_object + +.SH "DESCRIPTION" + +.B fwblookup +is a general purpose object lookup tool for Firewall Builder (see +fwbuilder(1)). This tool finds object in the data file specified with +"-f" option and prints its attributes requested via command line +options. Object to be found is designated by its ID or full tree path +given as an argument on the command line. This tool can be used in +scripts that need to be able to find and inspect objects in the XML +file, such as firewall policy installation script etc. + +.SH OPTIONS +.IP "-f FILE" +Specify the name of the data file to be processed. + +.IP "-a atribute" +Print value of the XML attribute 'attribute'. If specified attribute +does not exist in the object, fwblookup prints an error message and +terminates. This is universal option that can find and print any +attribute in any object, provided it exists, however you need to know +full tree path to the object or its ID and correct name of the +attribute you want to print. This means that detailed knowledge of +Firewall Builder XML DTD is required. See below for some convenient +shortcut options. This option can be used only once on a command line; +if it is used multiple times, then only the last attribute is printed. + +.IP "-A" +Print an address of the object. Since not all objects can have an +address, the program verifies type of the object and returns an error +if the object does not have an address. + +.IP "-D" +Dump all the data available for the object. If option "-r" is also +used, dump recursively the object and all other objects in the tree +below it. + +.IP "-I" +Print object's ID. + +.IP "-l" +List all the objects located immediately under the given object in the +tree (its 'children') and print their names, IDs, path or type, +depending on the options -N, -I, -T or -P which can be used together +with -l. + +.IP "-L" +Print interface label + +.IP "-M" +Print management address. Only Host and Firewall objects can have +management address. + +.IP "-N" +Print object's name + +.IP "-P" +Print full tree path to the object, starting with a tree root +"FWobjectDatabase". + +.IP "-r" +Dump or list the object and all other objects in the tree below +it (see "-l and -D") + +.IP "-T" +Print objects's type name. + +.IP "-V" +Print version number and quit. + +.SH URL +Firewall Builder home page is located at the following URL: +.B http://www.fwbuilder.org/ + +.SH BUGS +Please report bugs using bug tracking system on SourceForge: + +.BR http://sourceforge.net/tracker/?group_id=5314&atid=105314 + + +.SH SEE ALSO +.BR fwbuilder(1), +.BR fwbedit(1), + +.P diff --git a/doc/fwbuilder.1 b/doc/fwbuilder.1 new file mode 100644 index 000000000..d7829eb45 --- /dev/null +++ b/doc/fwbuilder.1 @@ -0,0 +1,62 @@ +.de Sp +.if n .sp +.if t .sp 0.4 +.. +.TH fwbuilder 1 "" FWB "Firewall Builder" +.SH NAME +fwbuilder \- Multiplatform firewall configuration tool +.SH SYNOPSIS + +.B /usr/bin/fwbuilder +[ +.B -f file.xml +] + +.SH "DESCRIPTION" + +.B fwbuilder +is the Graphic User Interface (GUI) component of Firewall Builder. + +Firewall Builder consists of a GUI and set of policy +compilers for various firewall platforms. It helps +users maintain a database of objects and allows policy +editing using simple drag-and-drop operations. GUI +generates firewall description in the form of XML file, +which compilers then interpret and generate platform-specific +code. Several algorithms are provided for automated +network objects discovery and bulk import of data. The +GUI and policy compilers are completely independent, +this provides for a consistent abstract model and the +same GUI for different firewall platforms. + +At the moment of this writing Firewall Builder supports firewalls +based on iptables (available on Linux, kernel 2.4.x, see +fwb_ipt(1)), ipfilter (available on a variety of platforms +including *BSD, Solaris and others, see fwb_ipf(1)) and pf (available +on OpenBSD 3.0, see fwb_pf(1)) + +.SH OPTIONS +.IP "-f FILE" +Specify the name of the file to be loaded when program starts. + +.SH FILES +.IP $HOME/.qt/firewallbuilder2rc +fwbuilder stores user preferences in this file + +.SH URL +Firewall Builder home page is located at the following URL: +.B http://www.fwbuilder.org/ + +.SH BUGS +Please report bugs using bug tracking system on SourceForge: + +.BR http://sourceforge.net/tracker/?group_id=5314&atid=105314 + + +.SH SEE ALSO +.BR fwblookup(1), +.BR fwb_ipt(1), +.BR fwb_ipf(1), +.BR fwb_pf(1) + +.P diff --git a/doc/fwbuilder21.1 b/doc/fwbuilder21.1 new file mode 100644 index 000000000..d7829eb45 --- /dev/null +++ b/doc/fwbuilder21.1 @@ -0,0 +1,62 @@ +.de Sp +.if n .sp +.if t .sp 0.4 +.. +.TH fwbuilder 1 "" FWB "Firewall Builder" +.SH NAME +fwbuilder \- Multiplatform firewall configuration tool +.SH SYNOPSIS + +.B /usr/bin/fwbuilder +[ +.B -f file.xml +] + +.SH "DESCRIPTION" + +.B fwbuilder +is the Graphic User Interface (GUI) component of Firewall Builder. + +Firewall Builder consists of a GUI and set of policy +compilers for various firewall platforms. It helps +users maintain a database of objects and allows policy +editing using simple drag-and-drop operations. GUI +generates firewall description in the form of XML file, +which compilers then interpret and generate platform-specific +code. Several algorithms are provided for automated +network objects discovery and bulk import of data. The +GUI and policy compilers are completely independent, +this provides for a consistent abstract model and the +same GUI for different firewall platforms. + +At the moment of this writing Firewall Builder supports firewalls +based on iptables (available on Linux, kernel 2.4.x, see +fwb_ipt(1)), ipfilter (available on a variety of platforms +including *BSD, Solaris and others, see fwb_ipf(1)) and pf (available +on OpenBSD 3.0, see fwb_pf(1)) + +.SH OPTIONS +.IP "-f FILE" +Specify the name of the file to be loaded when program starts. + +.SH FILES +.IP $HOME/.qt/firewallbuilder2rc +fwbuilder stores user preferences in this file + +.SH URL +Firewall Builder home page is located at the following URL: +.B http://www.fwbuilder.org/ + +.SH BUGS +Please report bugs using bug tracking system on SourceForge: + +.BR http://sourceforge.net/tracker/?group_id=5314&atid=105314 + + +.SH SEE ALSO +.BR fwblookup(1), +.BR fwb_ipt(1), +.BR fwb_ipf(1), +.BR fwb_pf(1) + +.P diff --git a/fwbuilder4.pro b/fwbuilder4.pro new file mode 100644 index 000000000..e3a25fa28 --- /dev/null +++ b/fwbuilder4.pro @@ -0,0 +1,7 @@ +#-*- mode: makefile; tab-width: 4; -*- +# + +TEMPLATE = subdirs + +SUBDIRS = po src doc + diff --git a/install.sh b/install.sh new file mode 100644 index 000000000..ebc66913e --- /dev/null +++ b/install.sh @@ -0,0 +1,250 @@ +#! /bin/sh +# +# install - install a program, script, or datafile +# This comes from X11R5 (mit/util/scripts/install.sh). +# +# Copyright 1991 by the Massachusetts Institute of Technology +# +# Permission to use, copy, modify, distribute, and sell this software and its +# documentation for any purpose is hereby granted without fee, provided that +# the above copyright notice appear in all copies and that both that +# copyright notice and this permission notice appear in supporting +# documentation, and that the name of M.I.T. not be used in advertising or +# publicity pertaining to distribution of the software without specific, +# written prior permission. M.I.T. makes no representations about the +# suitability of this software for any purpose. It is provided "as is" +# without express or implied warranty. +# +# Calling this script install-sh is preferred over install.sh, to prevent +# `make' implicit rules from creating a file called install from it +# when there is no Makefile. +# +# This script is compatible with the BSD install script, but was written +# from scratch. It can only install one file at a time, a restriction +# shared with many OS's install programs. + + +# set DOITPROG to echo to test this script + +# Don't use :- since 4.3BSD and earlier shells don't like it. +doit="${DOITPROG-}" + + +# put in absolute paths if you don't have them in your path; or use env. vars. + +mvprog="${MVPROG-mv}" +cpprog="${CPPROG-cp}" +chmodprog="${CHMODPROG-chmod}" +chownprog="${CHOWNPROG-chown}" +chgrpprog="${CHGRPPROG-chgrp}" +stripprog="${STRIPPROG-strip}" +rmprog="${RMPROG-rm}" +mkdirprog="${MKDIRPROG-mkdir}" + +transformbasename="" +transform_arg="" +instcmd="$mvprog" +chmodcmd="$chmodprog 0755" +chowncmd="" +chgrpcmd="" +stripcmd="" +rmcmd="$rmprog -f" +mvcmd="$mvprog" +src="" +dst="" +dir_arg="" + +while [ x"$1" != x ]; do + case $1 in + -c) instcmd="$cpprog" + shift + continue;; + + -d) dir_arg=true + shift + continue;; + + -m) chmodcmd="$chmodprog $2" + shift + shift + continue;; + + -o) chowncmd="$chownprog $2" + shift + shift + continue;; + + -g) chgrpcmd="$chgrpprog $2" + shift + shift + continue;; + + -s) stripcmd="$stripprog" + shift + continue;; + + -t=*) transformarg=`echo $1 | sed 's/-t=//'` + shift + continue;; + + -b=*) transformbasename=`echo $1 | sed 's/-b=//'` + shift + continue;; + + *) if [ x"$src" = x ] + then + src=$1 + else + # this colon is to work around a 386BSD /bin/sh bug + : + dst=$1 + fi + shift + continue;; + esac +done + +if [ x"$src" = x ] +then + echo "install: no input file specified" + exit 1 +else + true +fi + +if [ x"$dir_arg" != x ]; then + dst=$src + src="" + + if [ -d $dst ]; then + instcmd=: + else + instcmd=mkdir + fi +else + +# Waiting for this to be detected by the "$instcmd $src $dsttmp" command +# might cause directories to be created, which would be especially bad +# if $src (and thus $dsttmp) contains '*'. + + if [ -f $src -o -d $src ] + then + true + else + echo "install: $src does not exist" + exit 1 + fi + + if [ x"$dst" = x ] + then + echo "install: no destination specified" + exit 1 + else + true + fi + +# If destination is a directory, append the input filename; if your system +# does not like double slashes in filenames, you may need to add some logic + + if [ -d $dst ] + then + dst="$dst"/`basename $src` + else + true + fi +fi + +## this sed command emulates the dirname command +dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` + +# Make sure that the destination directory exists. +# this part is taken from Noah Friedman's mkinstalldirs script + +# Skip lots of stat calls in the usual case. +if [ ! -d "$dstdir" ]; then +defaultIFS=' +' +IFS="${IFS-${defaultIFS}}" + +oIFS="${IFS}" +# Some sh's can't handle IFS=/ for some reason. +IFS='%' +set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'` +IFS="${oIFS}" + +pathcomp='' + +while [ $# -ne 0 ] ; do + pathcomp="${pathcomp}${1}" + shift + + if [ ! -d "${pathcomp}" ] ; + then + $mkdirprog "${pathcomp}" + else + true + fi + + pathcomp="${pathcomp}/" +done +fi + +if [ x"$dir_arg" != x ] +then + $doit $instcmd $dst && + + if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi && + if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi && + if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi && + if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi +else + +# If we're going to rename the final executable, determine the name now. + + if [ x"$transformarg" = x ] + then + dstfile=`basename $dst` + else + dstfile=`basename $dst $transformbasename | + sed $transformarg`$transformbasename + fi + +# don't allow the sed command to completely eliminate the filename + + if [ x"$dstfile" = x ] + then + dstfile=`basename $dst` + else + true + fi + +# Make a temp file name in the proper directory. + + dsttmp=$dstdir/#inst.$$# + +# Move or copy the file name to the temp name + + $doit $instcmd $src $dsttmp && + + trap "rm -f ${dsttmp}" 0 && + +# and set any options; do chmod last to preserve setuid bits + +# If any of these fail, we abort the whole thing. If we want to +# ignore errors from any of these, just make sure not to ignore +# errors from the above "$doit $instcmd $src $dsttmp" command. + + if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi && + if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi && + if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi && + if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi && + +# Now rename the file to the real destination. + + $doit $rmcmd -f $dstdir/$dstfile && + $doit $mvcmd $dsttmp $dstdir/$dstfile + +fi && + + +exit 0 diff --git a/log b/log new file mode 100644 index 000000000..8428c067a --- /dev/null +++ b/log @@ -0,0 +1,267 @@ +g++ -c -pipe -O2 -Wall -W -D_REENTRANT -DQT_NO_DEBUG -DQT_GUI_LIB -DQT_NETWORK_LIB -DQT_CORE_LIB -DQT_SHARED -I/usr/local/Trolltech/Qt-4.2.1/mkspecs/linux-g++ -I. -I/usr/local/Trolltech/Qt-4.2.1/include/QtCore -I/usr/local/Trolltech/Qt-4.2.1/include/QtCore -I/usr/local/Trolltech/Qt-4.2.1/include/QtNetwork -I/usr/local/Trolltech/Qt-4.2.1/include/QtNetwork -I/usr/local/Trolltech/Qt-4.2.1/include/QtGui -I/usr/local/Trolltech/Qt-4.2.1/include/QtGui -I/usr/local/Trolltech/Qt-4.2.1/include -I. -Isrc/gui -I. -I. -o FWWindow.o src/gui/FWWindow.cpp +In file included from src/gui/FWWindow.cpp:29: +src/gui/utils.h:47:32: fwbuilder/FWObject.h: No such file or directory +src/gui/utils.h:48:35: fwbuilder/FWReference.h: No such file or directory +In file included from src/gui/FWWindow.cpp:29: +src/gui/utils.h:79: error: `libfwbuilder' has not been declared +src/gui/utils.h:79: error: `FWObject' has not been declared +src/gui/utils.h:80: error: ISO C++ forbids declaration of `obj' with no type +src/gui/utils.h:81: error: `libfwbuilder' has not been declared +src/gui/utils.h:81: error: `FWObject' has not been declared +src/gui/utils.h:82: error: ISO C++ forbids declaration of `obj' with no type +src/gui/utils.h:92: error: `libfwbuilder' has not been declared +src/gui/utils.h:92: error: `FWObject' has not been declared +src/gui/utils.h:92: error: ISO C++ forbids declaration of `obj' with no type +src/gui/utils.h:101: error: `libfwbuilder' has not been declared +src/gui/utils.h:101: error: `FWObject' has not been declared +src/gui/utils.h:102: error: ISO C++ forbids declaration of `obj' with no type +In file included from src/gui/FWWindow.cpp:30: +src/gui/utils_no_qt.h:43: error: `libfwbuilder' has not been declared +src/gui/utils_no_qt.h:43: error: `FWObject' was not declared in this scope +src/gui/utils_no_qt.h:43: error: `libfwbuilder' has not been declared +src/gui/utils_no_qt.h:43: error: `FWObject' was not declared in this scope +src/gui/utils_no_qt.h:44: error: template argument 1 is invalid +src/gui/utils_no_qt.h:44: error: template argument 2 is invalid +src/gui/utils_no_qt.h:45: error: `libfwbuilder' has not been declared +src/gui/utils_no_qt.h:45: error: `FWObject' has not been declared +src/gui/utils_no_qt.h:45: error: `libfwbuilder' has not been declared +src/gui/utils_no_qt.h:45: error: `FWObject' has not been declared +src/gui/utils_no_qt.h:46: error: ISO C++ forbids declaration of `a' with no type +src/gui/utils_no_qt.h:46: error: ISO C++ forbids declaration of `b' with no type +src/gui/utils_no_qt.h: In member function `bool FWObjectNameCmpPredicate::operator()(int*, int*)': +src/gui/utils_no_qt.h:47: error: request for member `getName' in `*a', which is of non-class type `int' +src/gui/utils_no_qt.h:47: error: request for member `getName' in `*b', which is of non-class type `int' +src/gui/utils_no_qt.h: At global scope: +src/gui/utils_no_qt.h:51: error: `libfwbuilder' has not been declared +src/gui/utils_no_qt.h:51: error: `FWObject' was not declared in this scope +src/gui/utils_no_qt.h:52: error: template argument 1 is invalid +src/gui/utils_no_qt.h:56: error: `libfwbuilder' has not been declared +src/gui/utils_no_qt.h:56: error: expected `,' or `...' before '*' token +src/gui/utils_no_qt.h:57: error: ISO C++ forbids declaration of `FWObject' with no type +src/gui/utils_no_qt.h: In member function `bool findFWObjectIDPredicate::operator()(int) const': +src/gui/utils_no_qt.h:57: error: `o' was not declared in this scope +src/gui/utils_no_qt.h:57: warning: unused variable 'o' +src/gui/utils_no_qt.h: At global scope: +src/gui/utils_no_qt.h:60: error: `libfwbuilder' has not been declared +src/gui/utils_no_qt.h:60: warning: `findFirewalls' initialized and declared `extern' +src/gui/utils_no_qt.h:60: error: variable or field `findFirewalls' declared void +src/gui/utils_no_qt.h:60: error: `FWObject' was not declared in this scope +src/gui/utils_no_qt.h:60: error: `o' was not declared in this scope +src/gui/utils_no_qt.h:61: error: `libfwbuilder' has not been declared +src/gui/utils_no_qt.h:61: error: `FWObject' was not declared in this scope +src/gui/utils_no_qt.h:61: error: template argument 1 is invalid +src/gui/utils_no_qt.h:61: error: template argument 2 is invalid +src/gui/utils_no_qt.h:61: error: `fwlist' was not declared in this scope +src/gui/utils_no_qt.h:62: error: expected primary-expression before "bool" +src/gui/utils_no_qt.h:62: error: initializer expression list treated as compound expression +src/gui/utils_no_qt.h:64: error: `libfwbuilder' has not been declared +src/gui/utils_no_qt.h:64: warning: `findHosts' initialized and declared `extern' +src/gui/utils_no_qt.h:64: error: variable or field `findHosts' declared void +src/gui/utils_no_qt.h:64: error: `FWObject' was not declared in this scope +src/gui/utils_no_qt.h:64: error: `o' was not declared in this scope +src/gui/utils_no_qt.h:65: error: `libfwbuilder' has not been declared +src/gui/utils_no_qt.h:65: error: `FWObject' was not declared in this scope +src/gui/utils_no_qt.h:65: error: template argument 1 is invalid +src/gui/utils_no_qt.h:65: error: template argument 2 is invalid +src/gui/utils_no_qt.h:65: error: `fwlist' was not declared in this scope +src/gui/utils_no_qt.h:66: error: expected primary-expression before "bool" +src/gui/utils_no_qt.h:66: error: initializer expression list treated as compound expression +src/gui/utils_no_qt.h:68: error: `libfwbuilder' has not been declared +src/gui/utils_no_qt.h:68: warning: `findByObjectType' initialized and declared `extern' +src/gui/utils_no_qt.h:68: error: variable or field `findByObjectType' declared void +src/gui/utils_no_qt.h:68: error: `FWObject' was not declared in this scope +src/gui/utils_no_qt.h:68: error: `o' was not declared in this scope +src/gui/utils_no_qt.h:69: error: expected primary-expression before "const" +src/gui/utils_no_qt.h:70: error: `libfwbuilder' has not been declared +src/gui/utils_no_qt.h:70: error: `FWObject' was not declared in this scope +src/gui/utils_no_qt.h:70: error: template argument 1 is invalid +src/gui/utils_no_qt.h:70: error: template argument 2 is invalid +src/gui/utils_no_qt.h:70: error: `fwlist' was not declared in this scope +src/gui/utils_no_qt.h:71: error: expected primary-expression before "bool" +src/gui/utils_no_qt.h:71: error: initializer expression list treated as compound expression +src/gui/utils_no_qt.h:73: error: `libfwbuilder' has not been declared +src/gui/utils_no_qt.h:73: error: expected initializer before '*' token +In file included from src/gui/FWWindow.cpp:32: +src/gui/FWWindow.h:75: error: `FWObject' is not a member of `libfwbuilder' +src/gui/FWWindow.h:75: error: `FWObject' is not a member of `libfwbuilder' +src/gui/FWWindow.h:75: error: template argument 1 is invalid +src/gui/FWWindow.h:75: error: template argument 2 is invalid +src/gui/FWWindow.h:75: error: ISO C++ forbids declaration of `firewalls' with no type +src/gui/FWWindow.h:76: error: `FWObject' is not a member of `libfwbuilder' +src/gui/FWWindow.h:76: error: `FWObject' is not a member of `libfwbuilder' +src/gui/FWWindow.h:76: error: template argument 1 is invalid +src/gui/FWWindow.h:76: error: template argument 3 is invalid +src/gui/FWWindow.h:76: error: template argument 4 is invalid +src/gui/FWWindow.h:76: error: ISO C++ forbids declaration of `ruleSetViews' with no type +src/gui/FWWindow.h:79: error: using-declaration for non-member at class scope +src/gui/FWWindow.h:79: error: expected `;' before '*' token +src/gui/FWWindow.h:81: error: using-declaration for non-member at class scope +src/gui/FWWindow.h:81: error: expected `;' before '*' token +src/gui/FWWindow.h:90: error: using-declaration for non-member at class scope +src/gui/FWWindow.h:90: error: expected `;' before '*' token +src/gui/FWWindow.h:91: error: using-declaration for non-member at class scope +src/gui/FWWindow.h:91: error: expected `;' before '*' token +src/gui/FWWindow.h:104: error: `libfwbuilder::FWObject' has not been declared +src/gui/FWWindow.h:104: error: ISO C++ forbids declaration of `fw' with no type +src/gui/FWWindow.h:135: error: `std::set' has not been declared +src/gui/FWWindow.h:135: error: expected `,' or `...' before '<' token +src/gui/FWWindow.h:135: error: ISO C++ forbids declaration of `parameter' with no type +src/gui/FWWindow.h:137: error: `std::set' has not been declared +src/gui/FWWindow.h:137: error: expected `,' or `...' before '<' token +src/gui/FWWindow.h:137: error: ISO C++ forbids declaration of `parameter' with no type +src/gui/FWWindow.h:185: error: `libfwbuilder::FWObject' has not been declared +src/gui/FWWindow.h:185: error: ISO C++ forbids declaration of `f' with no type +src/gui/FWWindow.h:186: error: `libfwbuilder::FWObject' has not been declared +src/gui/FWWindow.h:186: error: ISO C++ forbids declaration of `f' with no type +src/gui/FWWindow.h:187: error: `libfwbuilder::FWObject' has not been declared +src/gui/FWWindow.h:187: error: ISO C++ forbids declaration of `f' with no type +src/gui/FWWindow.h:188: error: `libfwbuilder::FWObject' has not been declared +src/gui/FWWindow.h:188: error: ISO C++ forbids declaration of `f' with no type +src/gui/FWWindow.h:192: error: `libfwbuilder::FWReference' has not been declared +src/gui/FWWindow.h:192: error: ISO C++ forbids declaration of `obj' with no type +src/gui/FWWindow.h:200: error: `libfwbuilder::FWObject' has not been declared +src/gui/FWWindow.h:200: error: ISO C++ forbids declaration of `fw' with no type +src/gui/FWWindow.h:202: error: `libfwbuilder::FWObject' has not been declared +src/gui/FWWindow.h:202: error: ISO C++ forbids declaration of `obj' with no type +src/gui/FWWindow.h:218: error: using-declaration for non-member at class scope +src/gui/FWWindow.h:218: error: expected `;' before '*' token +src/gui/FWWindow.h:219: error: expected `;' before "QString" +src/gui/FWWindow.h:221: error: `libfwbuilder::FWObject' has not been declared +src/gui/FWWindow.h:221: error: ISO C++ forbids declaration of `o' with no type +src/gui/FWWindow.h:224: error: `libfwbuilder::FWObject' has not been declared +src/gui/FWWindow.h:224: error: ISO C++ forbids declaration of `parameter' with no type +src/gui/FWWindow.h:225: error: `libfwbuilder::FWObject' has not been declared +src/gui/FWWindow.h:225: error: ISO C++ forbids declaration of `parameter' with no type +src/gui/FWWindow.h:226: error: expected `;' before '(' token +src/gui/FWWindow.h:244: error: `FWObject' is not a member of `libfwbuilder' +src/gui/FWWindow.h:244: error: `FWObject' is not a member of `libfwbuilder' +src/gui/FWWindow.h:244: error: template argument 1 is invalid +src/gui/FWWindow.h:244: error: template argument 2 is invalid +src/gui/FWWindow.h:244: error: ISO C++ forbids declaration of `selectedLibs' with no type +src/gui/FWWindow.h:245: error: `FWObject' is not a member of `libfwbuilder' +src/gui/FWWindow.h:245: error: `FWObject' is not a member of `libfwbuilder' +src/gui/FWWindow.h:245: error: template argument 1 is invalid +src/gui/FWWindow.h:245: error: template argument 2 is invalid +src/gui/FWWindow.h:245: error: ISO C++ forbids declaration of `selectedLibs' with no type +src/gui/FWWindow.h:247: error: `libfwbuilder::FWObject' has not been declared +src/gui/FWWindow.h:248: error: `libfwbuilder::FWObject' has not been declared +src/gui/FWWindow.h:249: error: `FWReference' is not a member of `libfwbuilder' +src/gui/FWWindow.h:249: error: `FWReference' is not a member of `libfwbuilder' +src/gui/FWWindow.h:249: error: template argument 1 is invalid +src/gui/FWWindow.h:249: error: template argument 2 is invalid +src/gui/FWWindow.h:249: error: ISO C++ forbids declaration of `lib' with no type +src/gui/FWWindow.h:249: error: ISO C++ forbids declaration of `root' with no type +src/gui/FWWindow.h:249: error: ISO C++ forbids declaration of `extRefs' with no type +src/gui/FWWindow.cpp:354: error: variable or field `info' declared void +src/gui/FWWindow.cpp:354: error: `int FWWindow::info' is not a static member of `class FWWindow' +src/gui/FWWindow.cpp:354: error: `FWObject' was not declared in this scope +src/gui/FWWindow.cpp:354: error: `obj' was not declared in this scope +src/gui/FWWindow.cpp:355: error: expected `,' or `;' before '{' token +src/gui/FWWindow.cpp:1566: error: variable or field `findExternalRefs' declared void +src/gui/FWWindow.cpp:1566: error: `int FWWindow::findExternalRefs' is not a static member of `class FWWindow' +src/gui/FWWindow.cpp:1566: error: `FWObject' was not declared in this scope +src/gui/FWWindow.cpp:1566: error: `lib' was not declared in this scope +src/gui/FWWindow.cpp:1567: error: `FWObject' was not declared in this scope +src/gui/FWWindow.cpp:1567: error: `root' was not declared in this scope +src/gui/FWWindow.cpp:1568: error: `FWReference' was not declared in this scope +src/gui/FWWindow.cpp:1568: error: template argument 1 is invalid +src/gui/FWWindow.cpp:1568: error: template argument 2 is invalid +src/gui/FWWindow.cpp:1568: error: `extRefs' was not declared in this scope +src/gui/FWWindow.cpp:1569: error: initializer expression list treated as compound expression +src/gui/FWWindow.cpp:1569: error: expected `,' or `;' before '{' token +src/gui/FWWindow.cpp:1586: error: `FWObject' was not declared in this scope +src/gui/FWWindow.cpp:1586: error: template argument 1 is invalid +src/gui/FWWindow.cpp:1586: error: template argument 2 is invalid +src/gui/FWWindow.cpp:1587: error: ISO C++ forbids declaration of `selectedLibs' with no type +src/gui/FWWindow.cpp:1732: error: `FWObject' was not declared in this scope +src/gui/FWWindow.cpp:1732: error: template argument 1 is invalid +src/gui/FWWindow.cpp:1732: error: template argument 2 is invalid +src/gui/FWWindow.cpp:1733: error: ISO C++ forbids declaration of `selectedLibs' with no type +src/gui/FWWindow.cpp:1867: error: `int FWWindow::findFirewallInList' is not a static member of `class FWWindow' +src/gui/FWWindow.cpp:1867: error: `FWObject' was not declared in this scope +src/gui/FWWindow.cpp:1867: error: `f' was not declared in this scope +src/gui/FWWindow.cpp:1868: error: expected `,' or `;' before '{' token +src/gui/FWWindow.cpp:1878: error: variable or field `addFirewallToList' declared void +src/gui/FWWindow.cpp:1878: error: `int FWWindow::addFirewallToList' is not a static member of `class FWWindow' +src/gui/FWWindow.cpp:1878: error: `FWObject' was not declared in this scope +src/gui/FWWindow.cpp:1878: error: `o' was not declared in this scope +src/gui/FWWindow.cpp:1879: error: expected `,' or `;' before '{' token +src/gui/FWWindow.cpp:1908: error: variable or field `removeFirewallFromList' declared void +src/gui/FWWindow.cpp:1908: error: `int FWWindow::removeFirewallFromList' is not a static member of `class FWWindow' +src/gui/FWWindow.cpp:1908: error: `FWObject' was not declared in this scope +src/gui/FWWindow.cpp:1908: error: `o' was not declared in this scope +src/gui/FWWindow.cpp:1909: error: expected `,' or `;' before '{' token +src/gui/FWWindow.cpp:1926: error: variable or field `ensureObjectVisibleInRules' declared void +src/gui/FWWindow.cpp:1926: error: `int FWWindow::ensureObjectVisibleInRules' is not a static member of `class FWWindow' +src/gui/FWWindow.cpp:1926: error: `FWReference' was not declared in this scope +src/gui/FWWindow.cpp:1926: error: `obj' was not declared in this scope +src/gui/FWWindow.cpp:1927: error: expected `,' or `;' before '{' token +src/gui/FWWindow.cpp:1964: error: variable or field `updateFirewallName' declared void +src/gui/FWWindow.cpp:1964: error: `int FWWindow::updateFirewallName' is not a static member of `class FWWindow' +src/gui/FWWindow.cpp:1964: error: `FWObject' was not declared in this scope +src/gui/FWWindow.cpp:1964: error: `obj' was not declared in this scope +src/gui/FWWindow.cpp:1964: error: expected primary-expression before "const" +src/gui/FWWindow.cpp:1965: error: initializer expression list treated as compound expression +src/gui/FWWindow.cpp:1965: error: expected `,' or `;' before '{' token +src/gui/FWWindow.cpp:1993: error: variable or field `deleteFirewall' declared void +src/gui/FWWindow.cpp:1993: error: `int FWWindow::deleteFirewall' is not a static member of `class FWWindow' +src/gui/FWWindow.cpp:1993: error: `FWObject' was not declared in this scope +src/gui/FWWindow.cpp:1993: error: `fw' was not declared in this scope +src/gui/FWWindow.cpp:1994: error: expected `,' or `;' before '{' token +src/gui/FWWindow.cpp:2170: error: variable or field `showFirewall' declared void +src/gui/FWWindow.cpp:2170: error: `int FWWindow::showFirewall' is not a static member of `class FWWindow' +src/gui/FWWindow.cpp:2170: error: `FWObject' was not declared in this scope +src/gui/FWWindow.cpp:2170: error: `obj' was not declared in this scope +src/gui/FWWindow.cpp:2171: error: expected `,' or `;' before '{' token +src/gui/FWWindow.cpp:2210: error: variable or field `showFirewallRuleSets' declared void +src/gui/FWWindow.cpp:2210: error: `int FWWindow::showFirewallRuleSets' is not a static member of `class FWWindow' +src/gui/FWWindow.cpp:2210: error: `FWObject' was not declared in this scope +src/gui/FWWindow.cpp:2210: error: `fw' was not declared in this scope +src/gui/FWWindow.cpp:2211: error: expected `,' or `;' before '{' token +src/gui/FWWindow.cpp:2351: error: variable or field `compile' declared void +src/gui/FWWindow.cpp:2351: error: `int FWWindow::compile' is not a static member of `class FWWindow' +src/gui/FWWindow.cpp:2351: error: `set' was not declared in this scope +src/gui/FWWindow.cpp:2351: error: expected primary-expression before '*' token +src/gui/FWWindow.cpp:2351: error: expected primary-expression before '>' token +src/gui/FWWindow.cpp:2351: error: `vf' was not declared in this scope +src/gui/FWWindow.cpp:2352: error: expected `,' or `;' before '{' token +src/gui/FWWindow.cpp:2377: error: variable or field `install' declared void +src/gui/FWWindow.cpp:2377: error: `int FWWindow::install' is not a static member of `class FWWindow' +src/gui/FWWindow.cpp:2377: error: `set' was not declared in this scope +src/gui/FWWindow.cpp:2377: error: expected primary-expression before '*' token +src/gui/FWWindow.cpp:2377: error: expected primary-expression before '>' token +src/gui/FWWindow.cpp:2377: error: `vf' was not declared in this scope +src/gui/FWWindow.cpp:2378: error: expected `,' or `;' before '{' token +src/gui/FWWindow.cpp:2506: error: variable or field `findWhereUsed' declared void +src/gui/FWWindow.cpp:2506: error: `int FWWindow::findWhereUsed' is not a static member of `class FWWindow' +src/gui/FWWindow.cpp:2506: error: `FWObject' was not declared in this scope +src/gui/FWWindow.cpp:2506: error: `obj' was not declared in this scope +src/gui/FWWindow.cpp:2507: error: expected `,' or `;' before '{' token +src/gui/FWWindow.cpp:2585: error: variable or field `findObject' declared void +src/gui/FWWindow.cpp:2585: error: `int FWWindow::findObject' is not a static member of `class FWWindow' +src/gui/FWWindow.cpp:2585: error: `FWObject' was not declared in this scope +src/gui/FWWindow.cpp:2585: error: `o' was not declared in this scope +src/gui/FWWindow.cpp:2586: error: expected `,' or `;' before '{' token +src/gui/FWWindow.cpp:2656: warning: unused parameter 'w' +src/gui/FWWindow.cpp:2611: warning: unused parameter 'w' +src/gui/FWWindow.cpp:2531: warning: unused parameter 'ev' +src/gui/FWWindow.cpp:2514: warning: unused parameter 'ev' +src/gui/FWWindow.cpp:2321: warning: unused parameter 'ev' +src/gui/FWWindow.cpp:2189: warning: unused parameter 'idx' +src/gui/FWWindow.cpp:2049: warning: unused parameter 'subset' +src/gui/FWWindow.cpp:2014: warning: unused parameter 'subset' +src/gui/FWWindow.cpp:2003: warning: unused parameter 'subset' +src/gui/FWWindow.cpp:1824: warning: unused parameter 'open_first_firewall' +src/gui/FWWindow.cpp:1733: warning: unused parameter 'fname' +src/gui/FWWindow.cpp:1733: warning: unused parameter 'selectedLibs' +src/gui/FWWindow.cpp:1733: warning: unused parameter 'rof' +src/gui/FWWindow.cpp:1587: warning: unused parameter 'selectedLibs' +src/gui/FWWindow.cpp:1336: warning: unused parameter 'libfpath' +src/gui/FWWindow.cpp:1195: warning: unused parameter 'unlock' +src/gui/FWWindow.cpp:778: warning: unused parameter 'dialogs_parent' +src/gui/FWWindow.cpp:470: warning: unused parameter 'fname' +src/gui/FWWindow.cpp:443: warning: unused parameter 'fname' +src/gui/FWWindow.cpp:443: warning: unused parameter 'checkPresence' +src/gui/FWWindow.cpp:443: warning: unused parameter 'title' +src/gui/FWWindow.cpp:410: warning: unused parameter 'fname' +make: *** [FWWindow.o] Error 1 diff --git a/m4/nls.m4 b/m4/nls.m4 new file mode 100644 index 000000000..36bc49317 --- /dev/null +++ b/m4/nls.m4 @@ -0,0 +1,49 @@ +# nls.m4 serial 1 (gettext-0.12) +dnl Copyright (C) 1995-2003 Free Software Foundation, Inc. +dnl This file is free software, distributed under the terms of the GNU +dnl General Public License. As a special exception to the GNU General +dnl Public License, this file may be distributed as part of a program +dnl that contains a configuration script generated by Autoconf, under +dnl the same distribution terms as the rest of that program. +dnl +dnl This file can can be used in projects which are not available under +dnl the GNU General Public License or the GNU Library General Public +dnl License but which still want to provide support for the GNU gettext +dnl functionality. +dnl Please note that the actual code of the GNU gettext library is covered +dnl by the GNU Library General Public License, and the rest of the GNU +dnl gettext package package is covered by the GNU General Public License. +dnl They are *not* in the public domain. + +dnl Authors: +dnl Ulrich Drepper , 1995-2000. +dnl Bruno Haible , 2000-2003. + +AC_DEFUN([AM_NLS], +[ + AC_MSG_CHECKING([whether NLS is requested]) + dnl Default is enabled NLS + AC_ARG_ENABLE(nls, + [ --disable-nls do not use Native Language Support], + USE_NLS=$enableval, USE_NLS=yes) + AC_MSG_RESULT($USE_NLS) + AC_SUBST(USE_NLS) +]) + +AC_DEFUN([AM_MKINSTALLDIRS], +[ + dnl If the AC_CONFIG_AUX_DIR macro for autoconf is used we possibly + dnl find the mkinstalldirs script in another subdir but $(top_srcdir). + dnl Try to locate it. + MKINSTALLDIRS= + if test -n "$ac_aux_dir"; then + case "$ac_aux_dir" in + /*) MKINSTALLDIRS="$ac_aux_dir/mkinstalldirs" ;; + *) MKINSTALLDIRS="\$(top_builddir)/$ac_aux_dir/mkinstalldirs" ;; + esac + fi + if test -z "$MKINSTALLDIRS"; then + MKINSTALLDIRS="\$(top_srcdir)/mkinstalldirs" + fi + AC_SUBST(MKINSTALLDIRS) +]) diff --git a/m4/po.m4 b/m4/po.m4 new file mode 100644 index 000000000..e16199881 --- /dev/null +++ b/m4/po.m4 @@ -0,0 +1,426 @@ +# po.m4 serial 3 (gettext-0.14) +dnl Copyright (C) 1995-2003 Free Software Foundation, Inc. +dnl This file is free software, distributed under the terms of the GNU +dnl General Public License. As a special exception to the GNU General +dnl Public License, this file may be distributed as part of a program +dnl that contains a configuration script generated by Autoconf, under +dnl the same distribution terms as the rest of that program. +dnl +dnl This file can can be used in projects which are not available under +dnl the GNU General Public License or the GNU Library General Public +dnl License but which still want to provide support for the GNU gettext +dnl functionality. +dnl Please note that the actual code of the GNU gettext library is covered +dnl by the GNU Library General Public License, and the rest of the GNU +dnl gettext package package is covered by the GNU General Public License. +dnl They are *not* in the public domain. + +dnl Authors: +dnl Ulrich Drepper , 1995-2000. +dnl Bruno Haible , 2000-2003. + +dnl Checks for all prerequisites of the po subdirectory. +AC_DEFUN([AM_PO_SUBDIRS], +[ + AC_REQUIRE([AC_PROG_MAKE_SET])dnl + AC_REQUIRE([AC_PROG_INSTALL])dnl + AC_REQUIRE([AM_MKINSTALLDIRS])dnl + AC_REQUIRE([AM_NLS])dnl + + dnl Perform the following tests also if --disable-nls has been given, + dnl because they are needed for "make dist" to work. + + dnl Search for GNU msgfmt in the PATH. + dnl The first test excludes Solaris msgfmt and early GNU msgfmt versions. + dnl The second test excludes FreeBSD msgfmt. + AM_PATH_PROG_WITH_TEST(MSGFMT, msgfmt, + [$ac_dir/$ac_word --statistics /dev/null >/dev/null 2>&1 && + (if $ac_dir/$ac_word --statistics /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi)], + :) + AC_PATH_PROG(GMSGFMT, gmsgfmt, $MSGFMT) + + dnl Search for GNU xgettext 0.12 or newer in the PATH. + dnl The first test excludes Solaris xgettext and early GNU xgettext versions. + dnl The second test excludes FreeBSD xgettext. + AM_PATH_PROG_WITH_TEST(XGETTEXT, xgettext, + [$ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null >/dev/null 2>&1 && + (if $ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi)], + :) + dnl Remove leftover from FreeBSD xgettext call. + rm -f messages.po + + dnl Search for GNU msgmerge 0.11 or newer in the PATH. + AM_PATH_PROG_WITH_TEST(MSGMERGE, msgmerge, + [$ac_dir/$ac_word --update -q /dev/null /dev/null >/dev/null 2>&1], :) + + dnl This could go away some day; the PATH_PROG_WITH_TEST already does it. + dnl Test whether we really found GNU msgfmt. + if test "$GMSGFMT" != ":"; then + dnl If it is no GNU msgfmt we define it as : so that the + dnl Makefiles still can work. + if $GMSGFMT --statistics /dev/null >/dev/null 2>&1 && + (if $GMSGFMT --statistics /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi); then + : ; + else + GMSGFMT=`echo "$GMSGFMT" | sed -e 's,^.*/,,'` + AC_MSG_RESULT( + [found $GMSGFMT program is not GNU msgfmt; ignore it]) + GMSGFMT=":" + fi + fi + + dnl This could go away some day; the PATH_PROG_WITH_TEST already does it. + dnl Test whether we really found GNU xgettext. + if test "$XGETTEXT" != ":"; then + dnl If it is no GNU xgettext we define it as : so that the + dnl Makefiles still can work. + if $XGETTEXT --omit-header --copyright-holder= --msgid-bugs-address= /dev/null >/dev/null 2>&1 && + (if $XGETTEXT --omit-header --copyright-holder= --msgid-bugs-address= /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi); then + : ; + else + AC_MSG_RESULT( + [found xgettext program is not GNU xgettext; ignore it]) + XGETTEXT=":" + fi + dnl Remove leftover from FreeBSD xgettext call. + rm -f messages.po + fi + + AC_OUTPUT_COMMANDS([ + for ac_file in $CONFIG_FILES; do + # Support "outfile[:infile[:infile...]]" + case "$ac_file" in + *:*) ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;; + esac + # PO directories have a Makefile.in generated from Makefile.in.in. + case "$ac_file" in */Makefile.in) + # Adjust a relative srcdir. + ac_dir=`echo "$ac_file"|sed 's%/[^/][^/]*$%%'` + ac_dir_suffix="/`echo "$ac_dir"|sed 's%^\./%%'`" + ac_dots=`echo "$ac_dir_suffix"|sed 's%/[^/]*%../%g'` + # In autoconf-2.13 it is called $ac_given_srcdir. + # In autoconf-2.50 it is called $srcdir. + test -n "$ac_given_srcdir" || ac_given_srcdir="$srcdir" + case "$ac_given_srcdir" in + .) top_srcdir=`echo $ac_dots|sed 's%/$%%'` ;; + /*) top_srcdir="$ac_given_srcdir" ;; + *) top_srcdir="$ac_dots$ac_given_srcdir" ;; + esac + if test -f "$ac_given_srcdir/$ac_dir/POTFILES.in"; then + rm -f "$ac_dir/POTFILES" + test -n "$as_me" && echo "$as_me: creating $ac_dir/POTFILES" || echo "creating $ac_dir/POTFILES" + cat "$ac_given_srcdir/$ac_dir/POTFILES.in" | sed -e "/^#/d" -e "/^[ ]*\$/d" -e "s,.*, $top_srcdir/& \\\\," | sed -e "\$s/\(.*\) \\\\/\1/" > "$ac_dir/POTFILES" + POMAKEFILEDEPS="POTFILES.in" + # ALL_LINGUAS, POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES depend + # on $ac_dir but don't depend on user-specified configuration + # parameters. + if test -f "$ac_given_srcdir/$ac_dir/LINGUAS"; then + # The LINGUAS file contains the set of available languages. + if test -n "$OBSOLETE_ALL_LINGUAS"; then + test -n "$as_me" && echo "$as_me: setting ALL_LINGUAS in configure.in is obsolete" || echo "setting ALL_LINGUAS in configure.in is obsolete" + fi + ALL_LINGUAS_=`sed -e "/^#/d" "$ac_given_srcdir/$ac_dir/LINGUAS"` + # Hide the ALL_LINGUAS assigment from automake. + eval 'ALL_LINGUAS''=$ALL_LINGUAS_' + POMAKEFILEDEPS="$POMAKEFILEDEPS LINGUAS" + else + # The set of available languages was given in configure.in. + eval 'ALL_LINGUAS''=$OBSOLETE_ALL_LINGUAS' + fi + # Compute POFILES + # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).po) + # Compute UPDATEPOFILES + # as $(foreach lang, $(ALL_LINGUAS), $(lang).po-update) + # Compute DUMMYPOFILES + # as $(foreach lang, $(ALL_LINGUAS), $(lang).nop) + # Compute GMOFILES + # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).gmo) + case "$ac_given_srcdir" in + .) srcdirpre= ;; + *) srcdirpre='$(srcdir)/' ;; + esac + POFILES= + UPDATEPOFILES= + DUMMYPOFILES= + GMOFILES= + for lang in $ALL_LINGUAS; do + POFILES="$POFILES $srcdirpre$lang.po" + UPDATEPOFILES="$UPDATEPOFILES $lang.po-update" + DUMMYPOFILES="$DUMMYPOFILES $lang.nop" + GMOFILES="$GMOFILES $srcdirpre$lang.gmo" + done + # CATALOGS depends on both $ac_dir and the user's LINGUAS + # environment variable. + INST_LINGUAS= + if test -n "$ALL_LINGUAS"; then + for presentlang in $ALL_LINGUAS; do + useit=no + if test "%UNSET%" != "$LINGUAS"; then + desiredlanguages="$LINGUAS" + else + desiredlanguages="$ALL_LINGUAS" + fi + for desiredlang in $desiredlanguages; do + # Use the presentlang catalog if desiredlang is + # a. equal to presentlang, or + # b. a variant of presentlang (because in this case, + # presentlang can be used as a fallback for messages + # which are not translated in the desiredlang catalog). + case "$desiredlang" in + "$presentlang"*) useit=yes;; + esac + done + if test $useit = yes; then + INST_LINGUAS="$INST_LINGUAS $presentlang" + fi + done + fi + CATALOGS= + if test -n "$INST_LINGUAS"; then + for lang in $INST_LINGUAS; do + CATALOGS="$CATALOGS $lang.gmo" + done + fi + test -n "$as_me" && echo "$as_me: creating $ac_dir/Makefile" || echo "creating $ac_dir/Makefile" + sed -e "/^POTFILES =/r $ac_dir/POTFILES" -e "/^# Makevars/r $ac_given_srcdir/$ac_dir/Makevars" -e "s|@POFILES@|$POFILES|g" -e "s|@UPDATEPOFILES@|$UPDATEPOFILES|g" -e "s|@DUMMYPOFILES@|$DUMMYPOFILES|g" -e "s|@GMOFILES@|$GMOFILES|g" -e "s|@CATALOGS@|$CATALOGS|g" -e "s|@POMAKEFILEDEPS@|$POMAKEFILEDEPS|g" "$ac_dir/Makefile.in" > "$ac_dir/Makefile" + for f in "$ac_given_srcdir/$ac_dir"/Rules-*; do + if test -f "$f"; then + case "$f" in + *.orig | *.bak | *~) ;; + *) cat "$f" >> "$ac_dir/Makefile" ;; + esac + fi + done + fi + ;; + esac + done], + [# Capture the value of obsolete ALL_LINGUAS because we need it to compute + # POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES, CATALOGS. But hide it + # from automake. + eval 'OBSOLETE_ALL_LINGUAS''="$ALL_LINGUAS"' + # Capture the value of LINGUAS because we need it to compute CATALOGS. + LINGUAS="${LINGUAS-%UNSET%}" + ]) +]) + +dnl Postprocesses a Makefile in a directory containing PO files. +AC_DEFUN([AM_POSTPROCESS_PO_MAKEFILE], +[ + # When this code is run, in config.status, two variables have already been + # set: + # - OBSOLETE_ALL_LINGUAS is the value of LINGUAS set in configure.in, + # - LINGUAS is the value of the environment variable LINGUAS at configure + # time. + +changequote(,)dnl + # Adjust a relative srcdir. + ac_dir=`echo "$ac_file"|sed 's%/[^/][^/]*$%%'` + ac_dir_suffix="/`echo "$ac_dir"|sed 's%^\./%%'`" + ac_dots=`echo "$ac_dir_suffix"|sed 's%/[^/]*%../%g'` + # In autoconf-2.13 it is called $ac_given_srcdir. + # In autoconf-2.50 it is called $srcdir. + test -n "$ac_given_srcdir" || ac_given_srcdir="$srcdir" + case "$ac_given_srcdir" in + .) top_srcdir=`echo $ac_dots|sed 's%/$%%'` ;; + /*) top_srcdir="$ac_given_srcdir" ;; + *) top_srcdir="$ac_dots$ac_given_srcdir" ;; + esac + + # Find a way to echo strings without interpreting backslash. + if test "X`(echo '\t') 2>/dev/null`" = 'X\t'; then + gt_echo='echo' + else + if test "X`(printf '%s\n' '\t') 2>/dev/null`" = 'X\t'; then + gt_echo='printf %s\n' + else + echo_func () { + cat < "$ac_file.tmp" + if grep -l '@TCLCATALOGS@' "$ac_file" > /dev/null; then + # Add dependencies that cannot be formulated as a simple suffix rule. + for lang in $ALL_LINGUAS; do + frobbedlang=`echo $lang | sed -e 's/\..*$//' -e 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/'` + cat >> "$ac_file.tmp" < /dev/null; then + # Add dependencies that cannot be formulated as a simple suffix rule. + for lang in $ALL_LINGUAS; do + frobbedlang=`echo $lang | sed -e 's/_/-/g'` + cat >> "$ac_file.tmp" <> "$ac_file.tmp" < t-$@ + mv t-$@ $@ + +all-local: all-local-@USE_NLS@ + +all-local-yes: stamp-po +all-local-no: + +# stamp-po is a timestamp denoting the last time at which the CATALOGS have +# been loosely updated. Its purpose is that when a developer or translator +# checks out the package via CVS, and the $(DOMAIN).pot file is not in CVS, +# "make" will update the $(DOMAIN).pot and the $(CATALOGS), but subsequent +# invocations of "make" will do nothing. This timestamp would not be necessary +# if updating the $(CATALOGS) would always touch them; however, the rule for +# $(POFILES) has been designed to not touch files that don't need to be +# changed. +stamp-po: $(srcdir)/$(DOMAIN).pot + test -z "$(QMFILES)" || $(MAKE) $(QMFILES) + @echo "touch stamp-po" + @echo timestamp > stamp-poT + @mv stamp-poT stamp-po + +# Note: Target 'all' must not depend on target '$(DOMAIN).pot-update', +# otherwise packages like GCC can not be built if only parts of the source +# have been downloaded. + +# This target rebuilds $(DOMAIN).pot; it is an expensive operation. +# Note that $(DOMAIN).pot is not touched if it doesn't need to be changed. +$(DOMAIN).pot-update: $(POTFILES_DEPS) remove-potcdate.sed + $(XGETTEXT) --default-domain=$(DOMAIN) --directory=$(top_srcdir) \ + --add-comments=TRANSLATORS: $(XGETTEXT_OPTIONS) \ + --copyright-holder='$(COPYRIGHT_HOLDER)' \ + --msgid-bugs-address='$(MSGID_BUGS_ADDRESS)' \ + $(POTFILES) + test ! -f $(DOMAIN).po || { \ + if test -f $(srcdir)/$(DOMAIN).pot; then \ + sed -f remove-potcdate.sed < $(srcdir)/$(DOMAIN).pot > $(DOMAIN).1po && \ + sed -f remove-potcdate.sed < $(DOMAIN).po > $(DOMAIN).2po && \ + if cmp $(DOMAIN).1po $(DOMAIN).2po >/dev/null 2>&1; then \ + rm -f $(DOMAIN).1po $(DOMAIN).2po $(DOMAIN).po; \ + else \ + rm -f $(DOMAIN).1po $(DOMAIN).2po $(srcdir)/$(DOMAIN).pot && \ + mv $(DOMAIN).po $(srcdir)/$(DOMAIN).pot; \ + fi; \ + else \ + mv $(DOMAIN).po $(srcdir)/$(DOMAIN).pot; \ + fi; \ + } + +# This rule has no dependencies: we don't need to update $(DOMAIN).pot at +# every "make" invocation, only create it when it is missing. +# Only "make $(DOMAIN).pot-update" or "make dist" will force an update. +$(srcdir)/$(DOMAIN).pot: + $(MAKE) $(DOMAIN).pot-update + +# This target rebuilds a PO file if $(DOMAIN).pot has changed. +# Note that a PO file is not touched if it doesn't need to be changed. +$(POFILES): $(srcdir)/$(DOMAIN).pot + @lang=`echo $@ | sed -e 's,.*/,,' -e 's/\.po$$//'`; \ + if test -f "$(srcdir)/$${lang}.po"; then \ + test "$(srcdir)" = . && cdcmd="" || cdcmd="cd $(srcdir) && "; \ + echo "$${cdcmd}$(MSGMERGE_UPDATE) $${lang}.po $(DOMAIN).pot"; \ + cd $(srcdir) && $(MSGMERGE_UPDATE) $${lang}.po $(DOMAIN).pot; \ + else \ + $(MAKE) $${lang}.po-create; \ + fi + +install-data-local: install-data-local-@USE_NLS@ +install-data-local-no: all-local +install-data-local-yes: all-local + $(mkinstalldirs) $(DESTDIR)$(pkgdatadir)/locale + @echo "*** Catalogs: $(CATALOGS)" + @catalogs='$(CATALOGS)'; \ + for cat in $$catalogs; do \ + cat=`basename $$cat`; \ + if test -r $$cat; then realcat=$$cat; else realcat=$(srcdir)/$$cat; fi; \ + $(INSTALL_DATA) $$realcat $(DESTDIR)$(pkgdatadir)/locale/$(DOMAIN)_$$cat; \ + echo "installing $$realcat as $(DESTDIR)$(pkgdatadir)/locale/$(DOMAIN)_$$cat"; \ + done + +installdirs-local: installdirs-local-@USE_NLS@ +installdirs-local-no: +installdirs-local-yes: + $(mkinstalldirs) $(DESTDIR)$(pkgdatadir)/locale + +uninstall-local: uninstall-local-@USE_NLS@ +uninstall-local-no: +uninstall-local-yes: + catalogs='$(CATALOGS)'; \ + for cat in $$catalogs; do \ + cat=`basename $$cat`; \ + rm -f $(DESTDIR)$(pkgdatadir)/locale/$(DOMAIN)_$$cat; \ + done + +html ID: + +# Hidden from automake, but really activated. Works around an automake-1.5 bug. +#distdir: distdir1 +distdir1: + $(MAKE) update-po + +update-po: Makefile + $(MAKE) $(DOMAIN).pot-update + test -z "$(UPDATEPOFILES)" || $(MAKE) $(UPDATEPOFILES) + $(MAKE) update-gmo + +# General rule for creating PO files. + +.nop.po-create: + @lang=`echo $@ | sed -e 's/\.po-create$$//'`; \ + echo "File $$lang.po does not exist. If you are a translator, you can create it through 'msginit'." 1>&2; \ + exit 1 + +# General rule for updating PO files. + +.nop.po-update: + @lang=`echo $@ | sed -e 's/\.po-update$$//'`; \ + tmpdir=`pwd`; \ + echo "$$lang:"; \ + test "$(srcdir)" = . && cdcmd="" || cdcmd="cd $(srcdir) && "; \ + echo "$${cdcmd}$(MSGMERGE) $$lang.po $(DOMAIN).pot -o $$lang.new.po"; \ + cd $(srcdir); \ + if $(MSGMERGE) $$lang.po $(DOMAIN).pot -o $$tmpdir/$$lang.new.po; then \ + if cmp $$lang.po $$tmpdir/$$lang.new.po >/dev/null 2>&1; then \ + rm -f $$tmpdir/$$lang.new.po; \ + else \ + if mv -f $$tmpdir/$$lang.new.po $$lang.po; then \ + :; \ + else \ + echo "msgmerge for $$lang.po failed: cannot move $$tmpdir/$$lang.new.po to $$lang.po" 1>&2; \ + exit 1; \ + fi; \ + fi; \ + else \ + echo "msgmerge for $$lang.po failed!" 1>&2; \ + rm -f $$tmpdir/$$lang.new.po; \ + fi + +$(DUMMYPOFILES): + +update-gmo: Makefile $(QMFILES) + @: +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/po/README b/po/README new file mode 100644 index 000000000..211047291 --- /dev/null +++ b/po/README @@ -0,0 +1,22 @@ + + +why makefiles in this directory are so strange + + +mostly because I need to be able to build on Linux/*BSD and Windows +and integrate qmake-based environment with automake/autoconf Makefile +that is needed to properly handle .po files. + +Qmake generates Makefile using project file po.pro. This Makefile +can only install .qm files prepared beforehand and checked in to CVS. +This is just as well, since I do not have gettext 0.14. on my main development +machine so I can't regenerate .qm files there anyway. The Makefile generated +by qmake will also work on windows. + +whenver I need to regenerate .qm files, I log in to a different machine +and use POmakefile: + +cd po +make -f POmakefile update-po + + diff --git a/po/de.po b/po/de.po new file mode 100644 index 000000000..ac1eb7292 --- /dev/null +++ b/po/de.po @@ -0,0 +1,8422 @@ +# This file is distributed under the same license as the PACKAGE package. +# Copyright (C) YEAR NetCitadel, LLC. +# Heiko Abler <djtools@gmx.net>, 2005. +# Hans Peter Dittler <hpdittler@braintec-consult.de>, 2005. +# +msgid "" +msgstr "" +"Project-Id-Version: fwbuilder\n" +"Report-Msgid-Bugs-To: vadim@fwbuilder.org\n" +"POT-Creation-Date: 2007-12-08 21:27-0800\n" +"PO-Revision-Date: 2005-02-24 16:31+0100\n" +"Last-Translator: Hans Peter Dittler <hpdittler@braintec-consult.de>\n" +"Language-Team: German\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-15\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.3.1\n" + +#: src/gui/ActionsDialog.cpp:97 +msgid "" +"'Chabge inbound interface', 'Continue packet inspection' and 'Make a copy' " +"options are mutually exclusive" +msgstr "" +"'Ringangsinterface wechseln', 'Paketinspektion fortsetzen' und 'Kopie " +"erzeugen' diese Optionen schließen sich gegenseitig aus" + +#: src/gui/ActionsDialog.cpp:98 src/gui/ActionsDialog.cpp:123 +#: src/gui/AddressRangeDialog.cpp:108 src/gui/AddressRangeDialog.cpp:119 +#: src/gui/FirewallDialog.cpp:315 src/gui/FirewallDialog.cpp:340 +#: src/gui/FWWindow.cpp:724 src/gui/FWWindow.cpp:733 src/gui/FWWindow.cpp:858 +#: src/gui/FWWindow.cpp:1082 src/gui/FWWindow.cpp:1095 +#: src/gui/FWWindow.cpp:1111 src/gui/FWWindow.cpp:1149 +#: src/gui/FWWindow.cpp:1155 src/gui/FWWindow.cpp:1224 +#: src/gui/FWWindow.cpp:1318 src/gui/FWWindow.cpp:1360 +#: src/gui/FWWindow.cpp:1383 src/gui/FWWindow.cpp:1456 +#: src/gui/FWWindow.cpp:1474 src/gui/FWWindow.cpp:1537 +#: src/gui/FWWindow.cpp:1549 src/gui/FWWindowPrint.cpp:923 +#: src/gui/instDialog.cpp:719 src/gui/instDialog.cpp:1462 +#: src/gui/instDialog.cpp:1580 src/gui/IPv4Dialog.cpp:146 +#: src/gui/IPv4Dialog.cpp:160 src/gui/listOfLibraries.cpp:148 +#: src/gui/listOfLibraries.cpp:188 src/gui/listOfLibraries.cpp:215 +#: src/gui/NetworkDialog.cpp:109 src/gui/NetworkDialog.cpp:120 +#: src/gui/RCS.cpp:499 src/gui/RCS.cpp:688 src/gui/RCS.cpp:701 +#: src/gui/RCS.cpp:718 src/gui/RCS.cpp:801 src/gui/utils.cpp:198 +#, fuzzy +msgid "&Continue" +msgstr "Fortsetzen" + +#: src/gui/ActionsDialog.cpp:122 +msgid "" +"Rule name for accounting is converted to the iptables\n" +"chain name and therefore may not contain white space\n" +"and special characters." +msgstr "" +"Namen der Accounting-Regeln werden in iptables\n" +"chain names umgewandelt und dürfen daher keine Leerzeichen oder\n" +"Sonderzeichen enthalten." + +#: src/gui/ActionsDialog.cpp:222 src/gui/ActionsDialog.cpp:223 +#: src/gui/.ui/actionsdialog_q.cpp:470 +msgid "Emulation is currently ON, rule will be terminating" +msgstr "" + +#: src/gui/ActionsDialog.cpp:226 src/gui/ActionsDialog.cpp:227 +msgid "Emulation is currently OFF, rule will be non-terminating" +msgstr "" + +#: src/gui/AddressRangeDialog.cpp:107 src/gui/AddressRangeDialog.cpp:118 +#: src/gui/IPv4Dialog.cpp:145 src/gui/NetworkDialog.cpp:108 +#, qt-format +msgid "Illegal IP address '%1'" +msgstr "Ungültige IP Adresse: '%1'" + +#: src/gui/ColorLabelMenuItem.cpp:48 +msgid "no color" +msgstr "keine Farbe" + +#: src/gui/CommentEditorPanel.cpp:75 src/gui/SimpleTextEditor.cpp:66 +msgid "Warning: loading from file discards current contents of the script." +msgstr "" +"Warnung: das Laden aus der Datei überschreibt den aktuellen Inhalt des " +"Skripts." + +#: src/gui/CommentEditorPanel.cpp:80 +msgid "Choose file that contains PIX commands" +msgstr "Bitte Datei mit den PIX-Kommandos auswählen" + +#: src/gui/CommentEditorPanel.cpp:88 src/gui/DiscoveryDruid.cpp:791 +#: src/gui/SimpleTextEditor.cpp:79 +#, qt-format +msgid "Could not open file %1" +msgstr "Konnte Datei %1 nicht öffnen" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:157 +#: src/gui/FindWhereUsedWidget.cpp:171 src/gui/FWWindow.cpp:2115 +#: src/gui/FWWindowPrint.cpp:369 +msgid "NAT" +msgstr "NAT" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:160 +#: src/gui/FindWhereUsedWidget.cpp:174 src/gui/FWWindow.cpp:2087 +msgid "Policy" +msgstr "Policy" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:163 +#: src/gui/FindWhereUsedWidget.cpp:177 src/gui/FWWindow.cpp:2130 +#: src/gui/FWWindowPrint.cpp:396 src/gui/platforms.cpp:559 +#, fuzzy +msgid "Routing" +msgstr "Routing" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:166 +#: src/gui/FindWhereUsedWidget.cpp:180 +msgid "Unknown rule set" +msgstr "Unbekannte Regelgruppe" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:168 +#: src/gui/FindWhereUsedWidget.cpp:182 +#, fuzzy, qt-format +msgid "/Rule%1" +msgstr "Regel %1" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:182 +#: src/gui/FindWhereUsedWidget.cpp:196 +#, fuzzy +msgid "Type: " +msgstr "Typ: " + +#: src/gui/ConfirmDeleteObjectDialog.cpp:203 +msgid "Not used anywhere" +msgstr "Wird nirgends benutzt" + +#: src/gui/DialogFactory.cpp:158 src/gui/DialogFactory.cpp:181 +#, qt-format +msgid "Support module for %1 is not available" +msgstr "Hilfsmodul für %1 ist nicht verfügbar" + +#: src/gui/DiscoveryDruid.cpp:616 +#, fuzzy +msgid "Hosts file parsing ..." +msgstr "Hosts Datei wird durchsucht ..." + +#: src/gui/DiscoveryDruid.cpp:625 +msgid "DNS zone transfer ..." +msgstr "DNS Zonen-Transfer ..." + +#: src/gui/DiscoveryDruid.cpp:635 +msgid "Network discovery using SNMP ..." +msgstr "Netzwerk-Erkundung mit Hilfe von SNMP ..." + +#: src/gui/DiscoveryDruid.cpp:645 +#, fuzzy +msgid "Import configuration from file ..." +msgstr "* Laden der Konfiguration aus Datei %1" + +#: src/gui/DiscoveryDruid.cpp:790 src/gui/DiscoveryDruid.cpp:1675 +#: src/gui/DiscoveryDruid.cpp:1722 +#, fuzzy +msgid "Discovery error" +msgstr "Fehler bei der Erkundung" + +#: src/gui/DiscoveryDruid.cpp:1086 src/gui/DiscoveryDruid.cpp:1158 +#, fuzzy +msgid "Adding objects ..." +msgstr "Objekte werden hinzugefügt ..." + +#: src/gui/DiscoveryDruid.cpp:1086 src/gui/DiscoveryDruid.cpp:1159 +#: src/gui/DiscoveryDruid.cpp:1362 src/gui/DiscoveryDruid.cpp:1507 +#: src/gui/DiscoveryDruid.cpp:1549 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:111 +#: src/gui/.ui/filterdialog_q.cpp:154 src/gui/.ui/instoptionsdialog_q.cpp:286 +#: src/gui/.ui/libexport_q.cpp:113 src/gui/.ui/newgroupdialog_q.cpp:102 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1826 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:310 +#: src/gui/.ui/printingprogressdialog_q.cpp:74 +#: src/gui/.ui/simpleinteditor_q.cpp:89 src/gui/.ui/simpletexteditor_q.cpp:96 +msgid "Cancel" +msgstr "Abbruch" + +#: src/gui/DiscoveryDruid.cpp:1362 +#, fuzzy +msgid "Prepare objects ..." +msgstr "Objekte werden vorbereitet ..." + +#: src/gui/DiscoveryDruid.cpp:1507 src/gui/DiscoveryDruid.cpp:1548 +msgid "Copying results ..." +msgstr "Resultate werden kopiert ...." + +#: src/gui/DiscoveryDruid.cpp:1838 +msgid "Incomlete network specification." +msgstr "Unvollständige Netzwerk-Spezifikation." + +#: src/gui/DiscoveryDruid.cpp:1917 +#, fuzzy +msgid "Empty community string" +msgstr "Leerer community-string" + +#: src/gui/DiscoveryDruid.cpp:2132 +msgid "" +"Firewall Builder can import Cisco IOS access lists from the router " +"configuration saved using 'show run' or any other command that saves running " +"config. The name of the created firewall object, all of its interfaces and " +"their addresses will be configured automatically if this information can be " +"found in the configuration file." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:2143 +msgid "" +"Firewall Builder can import iptables rules from a file in iptables-save " +"format. Firewall name and addresses of its interfaces need to be configured " +"manually because iptables-save file does not have this information. " +msgstr "" + +#: src/gui/execDialog.cpp:101 src/gui/instDialog.cpp:1436 +#: src/gui/instDialog.cpp:2110 +msgid "Error: Failed to start program" +msgstr "Fehler: Programm konnte nicht gestartet werden" + +#: src/gui/filePropDialog.cpp:62 +msgid "Opened read-only" +msgstr "Im nur-Lesen Modus geöffnet" + +#: src/gui/filePropDialog.cpp:80 +#, qt-format +msgid "Revision %1" +msgstr "Revision %1" + +#: src/gui/FilterDialog.cpp:102 +#, fuzzy +msgid "Filter error" +msgstr "Filter-Fehler" + +#: src/gui/FilterDialog.cpp:102 +msgid "Invalid RegExp." +msgstr "Ungültiger regulärer Ausdruck." + +#: src/gui/FilterDialog.cpp:404 src/gui/GroupObjectDialog.cpp:144 +#: src/gui/.ui/findobjectwidget_q.cpp:203 +#: src/gui/.ui/newfirewalldialog_q.cpp:171 +#: src/gui/.ui/newfirewalldialog_q.cpp:322 +#: src/gui/.ui/newfirewalldialog_q.cpp:501 +#: src/gui/.ui/newfirewalldialog_q.cpp:523 src/gui/.ui/newhostdialog_q.cpp:187 +#: src/gui/.ui/newhostdialog_q.cpp:397 src/gui/.ui/prefsdialog_q.cpp:210 +#: src/gui/.ui/prefsdialog_q.cpp:391 +msgid "Name" +msgstr "Name" + +#: src/gui/FilterDialog.cpp:405 src/gui/FWWindowPrint.cpp:94 +#: src/gui/.ui/discoverydruid_q.cpp:1021 src/gui/.ui/finddialog_q.cpp:134 +#: src/gui/.ui/findobjectwidget_q.cpp:204 src/gui/.ui/ipv4dialog_q.cpp:170 +#: src/gui/.ui/newfirewalldialog_q.cpp:173 +#: src/gui/.ui/newfirewalldialog_q.cpp:324 +#: src/gui/.ui/newfirewalldialog_q.cpp:503 +#: src/gui/.ui/newfirewalldialog_q.cpp:525 src/gui/.ui/newhostdialog_q.cpp:189 +#: src/gui/.ui/newhostdialog_q.cpp:399 +msgid "Address" +msgstr "Adresse" + +#: src/gui/FilterDialog.cpp:408 +#, fuzzy +msgid "Contains" +msgstr "Beinhaltet" + +#: src/gui/FilterDialog.cpp:409 +msgid "Is equal to" +msgstr "Ist gleich wie" + +#: src/gui/FilterDialog.cpp:410 +msgid "Starts with" +msgstr "Beginnt mit" + +#: src/gui/FilterDialog.cpp:411 +#, fuzzy +msgid "Ends with" +msgstr "Endet mit" + +#: src/gui/FilterDialog.cpp:412 +msgid "Matches Wildcard" +msgstr "Enspricht Wildcard" + +#: src/gui/FilterDialog.cpp:413 +msgid "Matches RegExp" +msgstr "Entspricht regulärem Ausdruck" + +#: src/gui/findDialog.cpp:269 src/gui/FindObjectWidget.cpp:324 +msgid "Search hit the end of the object tree." +msgstr "Die Suche ist am Ende des Objekt-Baumes angelangt." + +#: src/gui/findDialog.cpp:270 src/gui/FindObjectWidget.cpp:317 +#: src/gui/FindObjectWidget.cpp:325 +#, fuzzy +msgid "&Continue at top" +msgstr "Am &Anfang weitermachen" + +#: src/gui/findDialog.cpp:270 src/gui/FindObjectWidget.cpp:317 +#: src/gui/FindObjectWidget.cpp:325 +#, fuzzy +msgid "&Stop" +msgstr "Stopp" + +#: src/gui/FindObjectWidget.cpp:316 +#, fuzzy +msgid "Search hit the end of the policy rules." +msgstr "Die Suche ist am Ende des Policy-Regeln angelangt." + +#: src/gui/FindObjectWidget.cpp:354 +msgid "Search or Replace object ind't specified." +msgstr "Das Such- oder das Ersetzungs-Objekt fehlt." + +#: src/gui/FindObjectWidget.cpp:364 +msgid "Cannot replace object by itself." +msgstr "Kann ein Objekt nicht durch sich selbst erseten." + +#: src/gui/FindObjectWidget.cpp:372 +msgid "Search and Replace objects are incompatible." +msgstr "Such- und Ersetzungs-Objekt passen nicht zueinander." + +#: src/gui/FindObjectWidget.cpp:466 +#, fuzzy, qt-format +msgid "Replaced %1 objects." +msgstr "%1 Objekte wurden ersetzt." + +#: src/gui/FindObjectWidget.cpp:585 +msgid "Policy of firewall '" +msgstr "Policy der Firewall '" + +#: src/gui/FirewallDialog.cpp:314 src/gui/FirewallDialog.cpp:339 +#, qt-format +msgid "FWBuilder API error: %1" +msgstr "FWBuilder API Fehler: %1" + +#: src/gui/freebsdAdvancedDialog.cpp:62 src/gui/linksysAdvancedDialog.cpp:68 +#: src/gui/linux24AdvancedDialog.cpp:62 src/gui/macosxAdvancedDialog.cpp:62 +#: src/gui/openbsdAdvancedDialog.cpp:62 src/gui/solarisAdvancedDialog.cpp:62 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:195 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:199 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:203 +#: src/gui/.ui/linux24advanceddialog_q.cpp:371 +#: src/gui/.ui/linux24advanceddialog_q.cpp:375 +#: src/gui/.ui/linux24advanceddialog_q.cpp:379 +#: src/gui/.ui/linux24advanceddialog_q.cpp:383 +#: src/gui/.ui/linux24advanceddialog_q.cpp:387 +#: src/gui/.ui/linux24advanceddialog_q.cpp:391 +#: src/gui/.ui/linux24advanceddialog_q.cpp:395 +#: src/gui/.ui/linux24advanceddialog_q.cpp:399 +#: src/gui/.ui/linux24advanceddialog_q.cpp:403 +#: src/gui/.ui/linux24advanceddialog_q.cpp:418 +#: src/gui/.ui/linux24advanceddialog_q.cpp:422 +#: src/gui/.ui/linux24advanceddialog_q.cpp:426 +#: src/gui/.ui/linux24advanceddialog_q.cpp:430 +#: src/gui/.ui/linux24advanceddialog_q.cpp:434 +#: src/gui/.ui/linux24advanceddialog_q.cpp:438 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:172 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:176 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:180 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:180 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:184 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:189 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:193 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:189 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:195 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:199 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:204 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:208 +msgid "No change" +msgstr "Keine Änderung" + +#: src/gui/freebsdAdvancedDialog.cpp:65 src/gui/linksysAdvancedDialog.cpp:71 +#: src/gui/linux24AdvancedDialog.cpp:65 src/gui/macosxAdvancedDialog.cpp:65 +#: src/gui/openbsdAdvancedDialog.cpp:65 src/gui/solarisAdvancedDialog.cpp:65 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:196 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:200 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:204 +#: src/gui/.ui/linux24advanceddialog_q.cpp:372 +#: src/gui/.ui/linux24advanceddialog_q.cpp:376 +#: src/gui/.ui/linux24advanceddialog_q.cpp:380 +#: src/gui/.ui/linux24advanceddialog_q.cpp:384 +#: src/gui/.ui/linux24advanceddialog_q.cpp:388 +#: src/gui/.ui/linux24advanceddialog_q.cpp:392 +#: src/gui/.ui/linux24advanceddialog_q.cpp:396 +#: src/gui/.ui/linux24advanceddialog_q.cpp:400 +#: src/gui/.ui/linux24advanceddialog_q.cpp:404 +#: src/gui/.ui/linux24advanceddialog_q.cpp:419 +#: src/gui/.ui/linux24advanceddialog_q.cpp:423 +#: src/gui/.ui/linux24advanceddialog_q.cpp:427 +#: src/gui/.ui/linux24advanceddialog_q.cpp:431 +#: src/gui/.ui/linux24advanceddialog_q.cpp:435 +#: src/gui/.ui/linux24advanceddialog_q.cpp:439 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:173 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:177 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:181 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:181 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:185 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:190 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:194 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:190 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:196 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:200 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:205 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:209 +msgid "On" +msgstr "Ein" + +#: src/gui/freebsdAdvancedDialog.cpp:68 src/gui/linksysAdvancedDialog.cpp:74 +#: src/gui/linux24AdvancedDialog.cpp:68 src/gui/macosxAdvancedDialog.cpp:68 +#: src/gui/openbsdAdvancedDialog.cpp:68 src/gui/solarisAdvancedDialog.cpp:68 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:197 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:201 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:205 +#: src/gui/.ui/linux24advanceddialog_q.cpp:373 +#: src/gui/.ui/linux24advanceddialog_q.cpp:377 +#: src/gui/.ui/linux24advanceddialog_q.cpp:381 +#: src/gui/.ui/linux24advanceddialog_q.cpp:385 +#: src/gui/.ui/linux24advanceddialog_q.cpp:389 +#: src/gui/.ui/linux24advanceddialog_q.cpp:393 +#: src/gui/.ui/linux24advanceddialog_q.cpp:397 +#: src/gui/.ui/linux24advanceddialog_q.cpp:401 +#: src/gui/.ui/linux24advanceddialog_q.cpp:405 +#: src/gui/.ui/linux24advanceddialog_q.cpp:420 +#: src/gui/.ui/linux24advanceddialog_q.cpp:424 +#: src/gui/.ui/linux24advanceddialog_q.cpp:428 +#: src/gui/.ui/linux24advanceddialog_q.cpp:432 +#: src/gui/.ui/linux24advanceddialog_q.cpp:436 +#: src/gui/.ui/linux24advanceddialog_q.cpp:440 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:174 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:178 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:182 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:182 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:186 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:191 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:195 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:191 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:197 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:201 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:206 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:210 +msgid "Off" +msgstr "Aus" + +#: src/gui/FWBSettings.cpp:150 +#, qt-format +msgid "" +"Working directory %1 does not exist and could not be created.\n" +"Ignoring this setting." +msgstr "" +"Arbeitsverzeichnis %1 exitiert nicht und konnte nicht angelegt werden.\n" +"Einstellung wurde ignoriert." + +#: src/gui/FWBTree.cpp:399 +msgid "New Library" +msgstr "Neue Bilbliothek" + +#: src/gui/FWObjectDropArea.cpp:103 +#, fuzzy +msgid "Drop object here." +msgstr "Objekt hier plazieren." + +#: src/gui/FWObjectDropArea.cpp:141 src/gui/GroupObjectDialog.cpp:682 +#: src/gui/ObjectManipulator.cpp:916 src/gui/RuleSetView.cpp:1666 +#: src/gui/.ui/FWBMainWindow_q.cpp:476 +msgid "Paste" +msgstr "Einfügen" + +#: src/gui/FWObjectDropArea.cpp:143 src/gui/GroupObjectDialog.cpp:683 +#: src/gui/ObjConflictResolutionDialog.cpp:118 +#: src/gui/ObjConflictResolutionDialog.cpp:142 +#: src/gui/ObjectManipulator.cpp:921 src/gui/RuleSetView.cpp:1669 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:110 +#: src/gui/.ui/FWBMainWindow_q.cpp:542 src/gui/.ui/FWBMainWindow_q.cpp:543 +#: src/gui/.ui/newfirewalldialog_q.cpp:508 src/gui/.ui/newhostdialog_q.cpp:409 +msgid "Delete" +msgstr "Löschen" + +#: src/gui/FWObjectPropertiesFactory.cpp:102 +msgid "DNS record: " +msgstr "DNS Datensatz: " + +#: src/gui/FWObjectPropertiesFactory.cpp:106 +#, fuzzy +msgid "Address Table: " +msgstr "Adressen-Tabelle: " + +#: src/gui/FWObjectPropertiesFactory.cpp:157 +msgid " objects" +msgstr " Objekte" + +#: src/gui/FWObjectPropertiesFactory.cpp:173 +#, qt-format +msgid "protocol: %1" +msgstr "Protokoll: %1" + +#: src/gui/FWObjectPropertiesFactory.cpp:177 +#, qt-format +msgid "type: %1" +msgstr "Typ: %1" + +#: src/gui/FWObjectPropertiesFactory.cpp:179 +#, qt-format +msgid "code: %1" +msgstr "Code: %1" + +#: src/gui/FWObjectPropertiesFactory.cpp:238 +#, fuzzy +msgid "Library: " +msgstr "Bibliothek:" + +#: src/gui/FWObjectPropertiesFactory.cpp:243 +msgid "Object Id: " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:248 +#, fuzzy +msgid "Object Type: " +msgstr "<b>Objekttyp:</b> " + +#: src/gui/FWObjectPropertiesFactory.cpp:252 +#, fuzzy +msgid "Object Name: " +msgstr "Objektname" + +#: src/gui/FWObjectPropertiesFactory.cpp:274 +#, fuzzy +msgid "DNS record:" +msgstr "DNS Datensatz: " + +#: src/gui/FWObjectPropertiesFactory.cpp:277 +#: src/gui/FWObjectPropertiesFactory.cpp:285 +#, fuzzy +msgid "Run-time" +msgstr "Laufzeit" + +#: src/gui/FWObjectPropertiesFactory.cpp:277 +#: src/gui/FWObjectPropertiesFactory.cpp:285 +#, fuzzy +msgid "Compile-time" +msgstr "Übersetzungszeitpunkt" + +#: src/gui/FWObjectPropertiesFactory.cpp:282 +msgid "Table file:" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:320 +#, fuzzy, qt-format +msgid "%1 objects
\n" +msgstr "%1 Objekte<br>\n" + +#: src/gui/FWObjectPropertiesFactory.cpp:385 +msgid "Path: " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:444 +msgid "protocol " +msgstr "Protokoll" + +#: src/gui/FWObjectPropertiesFactory.cpp:449 +msgid "type: " +msgstr "Typ: " + +#: src/gui/FWObjectPropertiesFactory.cpp:451 +msgid "code: " +msgstr "Code: " + +#: src/gui/FWObjectPropertiesFactory.cpp:471 +#, qt-format +msgid "Pattern: \"%1\"" +msgstr "Muster: \"%1\"" + +#: src/gui/FWObjectPropertiesFactory.cpp:605 +msgid "Action : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:608 +#, fuzzy +msgid "Parameter: " +msgstr "Parameter" + +#: src/gui/FWObjectPropertiesFactory.cpp:631 +#, fuzzy +msgid "Log prefix : " +msgstr "<b>Log-Präfix :</b> " + +#: src/gui/FWObjectPropertiesFactory.cpp:637 +#, fuzzy +msgid "Log Level : " +msgstr "<b>Log Level :</b> " + +#: src/gui/FWObjectPropertiesFactory.cpp:644 +#, fuzzy +msgid "Netlink group : " +msgstr "netlink group:" + +#: src/gui/FWObjectPropertiesFactory.cpp:650 +#, fuzzy +msgid "Limit Value : " +msgstr "<b>Grenzwert :</b> " + +#: src/gui/FWObjectPropertiesFactory.cpp:656 +#, fuzzy +msgid "Limit suffix : " +msgstr "<b>Grenzwert-Suffix :</b> " + +#: src/gui/FWObjectPropertiesFactory.cpp:663 +#, fuzzy +msgid "Limit burst : " +msgstr "<b>Grenzwert-Burst :</b> " + +#: src/gui/FWObjectPropertiesFactory.cpp:670 +msgid "
  • Part of Any
    • " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:676 +#: src/gui/FWObjectPropertiesFactory.cpp:706 +#: src/gui/FWObjectPropertiesFactory.cpp:735 +#: src/gui/FWObjectPropertiesFactory.cpp:758 +msgid "
  • Stateless
    • " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:685 +#, fuzzy +msgid "Log facility: " +msgstr "Log-Funktion: " + +#: src/gui/FWObjectPropertiesFactory.cpp:692 +#: src/gui/FWObjectPropertiesFactory.cpp:775 +#, fuzzy +msgid "Log level : " +msgstr "Log-Level:" + +#: src/gui/FWObjectPropertiesFactory.cpp:700 +msgid "
  • Send 'unreachable'
    • " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:712 +#, fuzzy +msgid "
  • Keep information on fragmented packets
    • " +msgstr "" +"<li><b>Behalte Informationen über fragmentierte\n" +"Pakete, um sie auf spätere Fragmente\n" +"anwenden zu können</b></li> " + +#: src/gui/FWObjectPropertiesFactory.cpp:722 +#, fuzzy +msgid "Log prefix : " +msgstr "Log-Präfix:" + +#: src/gui/FWObjectPropertiesFactory.cpp:728 +#, fuzzy +msgid "Max state : " +msgstr "<b>Max. Status:</b> " + +#: src/gui/FWObjectPropertiesFactory.cpp:741 +msgid "
  • Source tracking
    • " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:744 +#, fuzzy +msgid "Max src nodes : " +msgstr "<b>Max. Anzahl Quell-Knoten :</b> " + +#: src/gui/FWObjectPropertiesFactory.cpp:747 +#, fuzzy +msgid "Max src states: " +msgstr "<b>Max. Quell-Zustände:</b> " + +#: src/gui/FWObjectPropertiesFactory.cpp:767 +#, qt-format +msgid "Ver:%1
    \n" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:781 +#, fuzzy +msgid "Log interval : " +msgstr "<b>Log-Intervall :</b> " + +#: src/gui/FWObjectPropertiesFactory.cpp:788 +#, fuzzy +msgid "
  • Disable logging for this rule
    • " +msgstr "Log-Funktion für diese Regel komplett ausschalten" + +#: src/gui/FWObjectPropertiesFactory.cpp:820 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:159 +#, fuzzy +msgid "bitmask" +msgstr "Netzmaske" + +#: src/gui/FWObjectPropertiesFactory.cpp:821 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:160 +#, fuzzy +msgid "random" +msgstr "verwende eine zufällige ID" + +#: src/gui/FWObjectPropertiesFactory.cpp:822 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:161 +msgid "source-hash" +msgstr "Quell-Hash" + +#: src/gui/FWObjectPropertiesFactory.cpp:823 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:162 +msgid "round-robin" +msgstr "Round-Robin" + +#: src/gui/FWObjectPropertiesFactory.cpp:825 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:163 +msgid "static-port" +msgstr "statische Portnummer" + +#: src/gui/FWWindow.cpp:175 +msgid "No firewalls defined" +msgstr "Keine Firewalls definiert" + +#: src/gui/FWWindow.cpp:379 +msgid "" +"Some objects have been modified but not saved.\n" +"Do you want to save changes now ?" +msgstr "" +"Es wurd einige Objekte modifiziert aber nicht gespeichert.\n" +"Wollen Sie die Änderungen jetzt sichern?" + +#: src/gui/FWWindow.cpp:381 src/gui/ObjectEditor.cpp:466 +#: src/gui/.ui/FWBMainWindow_q.cpp:453 +#, fuzzy +msgid "&Save" +msgstr "Speichern" + +#: src/gui/FWWindow.cpp:381 src/gui/ObjectEditor.cpp:466 +#: src/gui/.ui/FWBMainWindow_q.cpp:556 +#, fuzzy +msgid "&Discard" +msgstr "Verwerfen" + +#: src/gui/FWWindow.cpp:381 src/gui/FWWindow.cpp:680 src/gui/RCS.cpp:748 +#: src/gui/.ui/askrulenumberdialog_q.cpp:91 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:189 +#: src/gui/.ui/ipfadvanceddialog_q.cpp:549 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:353 +#: src/gui/.ui/iptadvanceddialog_q.cpp:601 +#: src/gui/.ui/linksysadvanceddialog_q.cpp:198 +#: src/gui/.ui/linux24advanceddialog_q.cpp:368 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:167 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:175 +#: src/gui/.ui/pagesetupdialog_q.cpp:110 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1002 src/gui/.ui/prefsdialog_q.cpp:366 +#: src/gui/.ui/rcsfilesavedialog_q.cpp:104 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:185 +#, fuzzy +msgid "&Cancel" +msgstr "Abbruch" + +#: src/gui/FWWindow.cpp:436 +msgid "FWB Files (*.fwb);;All Files (*)" +msgstr "FWB Dateien (*.fwb);;Alle Dateien(*)" + +#: src/gui/FWWindow.cpp:447 src/gui/FWWindow.cpp:1805 +#, qt-format +msgid "" +"The file %1 already exists.\n" +"Do you want to overwrite it ?" +msgstr "" +"Die Datei %1 existiert bereits.\n" +"Wollen Sie sie überschreiben?" + +#: src/gui/FWWindow.cpp:449 src/gui/FWWindow.cpp:1807 +#: src/gui/ObjectManipulator.cpp:510 src/gui/ObjectManipulator.cpp:539 +#: src/gui/ObjectManipulator.cpp:1752 src/gui/ObjectManipulator.cpp:1828 +#, fuzzy +msgid "&Yes" +msgstr "Ja" + +#: src/gui/FWWindow.cpp:449 src/gui/FWWindow.cpp:1807 +#: src/gui/ObjectManipulator.cpp:510 src/gui/ObjectManipulator.cpp:539 +#: src/gui/ObjectManipulator.cpp:1752 src/gui/ObjectManipulator.cpp:1828 +#, fuzzy +msgid "&No" +msgstr "Nein" + +#: src/gui/FWWindow.cpp:483 src/gui/FWWindow.cpp:1086 +#: src/gui/StartWizard.cpp:99 +msgid "Choose name and location for the new file" +msgstr "Bitte Namen und Speicherort für die neue Datei auswählen" + +#: src/gui/FWWindow.cpp:585 +msgid "Saving data to file..." +msgstr "Die Daten werden in die Datei gespeichert..." + +#: src/gui/FWWindow.cpp:617 +msgid "Choose name and location for the file" +msgstr "Bitte Namen und Speicherort für die Datei auswählen" + +#: src/gui/FWWindow.cpp:674 +msgid "" +"This operation discards all changes that have been saved\n" +"into the file so far, closes it and replaces it with a clean\n" +"copy of its head revision from RCS.\n" +"\n" +"All changes will be lost if you do this.\n" +"\n" +msgstr "" +"Dieses Kommando verwirft alle Änderungen, die noch nicht in der\n" +"Datei abgespeichert wurden, schließt die Datei und ersetzt das Projekt\n" +"im Speicher mit einer Kopie der letzten Revision aus dem RCS.\n" +"\n" +"Alle Änderungen gehen verloren, wenn Sie weitermachen.\n" +"\n" + +#: src/gui/FWWindow.cpp:679 src/gui/ObjectEditor.cpp:439 +#, fuzzy +msgid "&Discard changes" +msgstr "Änderungen &verwerfen" + +#: src/gui/FWWindow.cpp:723 +#, qt-format +msgid "File %1 has been added to RCS." +msgstr "Datei %1 wurde zum RCS hinzugefügt." + +#: src/gui/FWWindow.cpp:732 src/gui/StartWizard.cpp:157 +#, qt-format +msgid "" +"Error adding file to RCS:\n" +"%1" +msgstr "" +"Fehler beim Einfügen der Datei in das RCS:\n" +"%1" + +#: src/gui/FWWindow.cpp:739 src/gui/FWWindow.cpp:1124 +msgid "(read-only)" +msgstr "(Nur-Lesen)" + +#: src/gui/FWWindow.cpp:798 src/gui/FWWindow.cpp:908 +#, fuzzy +msgid "Loading system objects..." +msgstr "Laden der Standard-Objekte" + +#: src/gui/FWWindow.cpp:857 src/gui/FWWindow.cpp:1148 +#: src/gui/FWWindow.cpp:1154 +#, qt-format +msgid "" +"Error loading file:\n" +"%1" +msgstr "" +"Fehler beim Laden der Datei:\n" +"%1" + +#: src/gui/FWWindow.cpp:916 +#, fuzzy +msgid "Reading and parsing data file..." +msgstr "Lsen und Verarbeiten der Datei..." + +#: src/gui/FWWindow.cpp:986 +msgid "Merging with system objects..." +msgstr "Mit System-Objekten mischen..." + +#: src/gui/FWWindow.cpp:1080 +#, qt-format +msgid "" +"Firewall Builder 2 uses file extension '.fwb' and \n" +"needs to rename old data file '%1' to '%2',\n" +"but file '%3' already exists.\n" +"Choose a different name for the new file." +msgstr "" +"Firewall Builder 2 verwendet den Dateityp '.fwb' und \n" +"muss den Namen der alten Datei '%1' in '%2' ändern,\n" +"aber die Datei '%3' existiert bereits.\n" +"Bitte wählen Sie einen anderen NAmen für die Datei." + +#: src/gui/FWWindow.cpp:1094 +msgid "Load operation cancelled and data file reverted to original version." +msgstr "" +"Ladefunktion abgebrochen, Daten wieder in den alten Zustand zurück versetzt." + +#: src/gui/FWWindow.cpp:1109 +#, qt-format +msgid "" +"Firewall Builder 2 uses file extension '.fwb'. Your data file '%1' \n" +"has been renamed '%2'" +msgstr "" +"Firewall Builder 2 verwendet den Dateityp '.fwb'. Ihre Datendatei '%1' \n" +"wurde in '%2' umbenannt" + +#: src/gui/FWWindow.cpp:1140 +#, qt-format +msgid "Exception: %1" +msgstr "Ausnahmefehler: %1" + +#: src/gui/FWWindow.cpp:1142 +#, qt-format +msgid "Failed transformation : %1" +msgstr "Umwandlung fehlkerhaft: %1" + +#: src/gui/FWWindow.cpp:1144 +#, qt-format +msgid "XML element : %1" +msgstr "XML-Element: %1" + +#: src/gui/FWWindow.cpp:1167 +#, fuzzy +msgid "Building object tree..." +msgstr "Objekt Baum erzeugen..." + +#: src/gui/FWWindow.cpp:1172 +#, fuzzy +msgid "Indexing..." +msgstr "Index aufbauen..." + +#: src/gui/FWWindow.cpp:1197 +#, qt-format +msgid "Checking file %1 in RCS" +msgstr "Datei %1 wird im RCS eingecheckt" + +#: src/gui/FWWindow.cpp:1222 +#, qt-format +msgid "" +"Error checking in file %1:\n" +"%2" +msgstr "" +"Fehler beim Prüfen der Datei %1:\n" +"%2" + +#: src/gui/FWWindow.cpp:1310 src/gui/FWWindow.cpp:1750 +msgid "File is read-only" +msgstr "Datei ist schreibgeschützt" + +#: src/gui/FWWindow.cpp:1316 src/gui/FWWindow.cpp:1754 +#, qt-format +msgid "Error saving file %1: %2" +msgstr "Fehler beim Speichern der Datei %1: %2" + +#: src/gui/FWWindow.cpp:1359 src/gui/listOfLibraries.cpp:214 +#, qt-format +msgid "Duplicate library '%1'" +msgstr "Doppelte Bibliothek '%1'" + +#: src/gui/FWWindow.cpp:1381 src/gui/FWWindow.cpp:1454 +#: src/gui/FWWindow.cpp:1472 src/gui/listOfLibraries.cpp:186 +#, qt-format +msgid "" +"Error loading file %1:\n" +"%2" +msgstr "" +"Fehler beim Laden der Datei %1:\n" +"%2" + +#: src/gui/FWWindow.cpp:1395 +msgid "Choose a file to import" +msgstr "Zu importierende Datei auswählen" + +#: src/gui/FWWindow.cpp:1413 +msgid "" +"This operation inspects two data files (either .fwb or .fwl) and finds " +"conflicting objects. Conflicting objects have the same internal ID but " +"different attributes. Two data files can not be merged, or one imported into " +"another, if they contain such objects. This operation also helps identify " +"changes made to objects in two copies of the same data file.

    This " +"operation does not find objects present in one file but not in the other, " +"such objects present no problem for merge or import operations.

    This " +"operation works with two external files, neither of which needs to be opened " +"in the program. Currently opened data file is not affected by this operation " +"and objects in the tree do not change.

    Do you want to proceed ?" +msgstr "" + +#: src/gui/FWWindow.cpp:1426 +msgid "Choose the first file" +msgstr "" + +#: src/gui/FWWindow.cpp:1433 +#, fuzzy +msgid "Choose the second file" +msgstr "Kommentare für diesen Code" + +#: src/gui/FWWindow.cpp:1496 +#, qt-format +msgid "" +"Total number of conflicting objects: %1.\n" +"Do you want to generate report?" +msgstr "" + +#: src/gui/FWWindow.cpp:1509 +#, fuzzy +msgid "TXT Files (*.txt);;All Files (*)" +msgstr "FWB Dateien (*.fwb);;Alle Dateien(*)" + +#: src/gui/FWWindow.cpp:1511 +#, fuzzy +msgid "Choose name and location for the report file" +msgstr "Bitte Namen und Speicherort für die neue Datei auswählen" + +#: src/gui/FWWindow.cpp:1536 +#, qt-format +msgid "Can not open report file for writing. File '%1'" +msgstr "" + +#: src/gui/FWWindow.cpp:1547 +#, qt-format +msgid "" +"Unexpected error comparing files %1 and %2:\n" +"%3" +msgstr "" + +#: src/gui/FWWindow.cpp:1664 +#, qt-format +msgid "" +"Library %1: Firewall '%2' (global policy rule #%3) uses object '%4' from " +"library '%5'" +msgstr "" +"Bibliothek %1: Firewall '%2' (globale Policy Regel #%3) verwendet das Objekt " +"'%4' aus der Bibliothek '%5'" + +#: src/gui/FWWindow.cpp:1673 +#, qt-format +msgid "" +"Library %1: Firewall '%2' (interface %3 policy rule #%4) uses object '%5' " +"from library '%6'" +msgstr "" +"Bibliothek %1: Firewall '%2' (Interface %3 Policy Regel #%4) verwendet das " +"Objekt '%5' aus der Bibliothek '%6'" + +#: src/gui/FWWindow.cpp:1684 +#, qt-format +msgid "" +"Library %1: Firewall '%2' (NAT rule #%3) uses object '%4' from library '%5'" +msgstr "" +"Bibliothek %1: Firewall '%2' (NAT Regel %3) verwendet das Objekt '%4' aus " +"der Bibliothek '%5'" + +#: src/gui/FWWindow.cpp:1694 +#, qt-format +msgid "Library %1: Group '%2' uses object '%3' from library '%4'" +msgstr "" +"Bibliothek %1: Gruppe '%2' verwendet das Objekt '%3' aus der Bibliothek '%4'" + +#: src/gui/FWWindow.cpp:1709 +msgid "" +"A library that you are trying to export contains references\n" +"to objects in the other libraries and can not be exported.\n" +"The following objects need to be moved outside of it or\n" +"objects that they refer to moved in it:" +msgstr "" +"Die Bibliothek, die gerade exportiert werden soll,\n" +"enthält Referenzen zu Objekten in anderen Bibliotheken und\n" +"kann nicht exportiert werden.\n" +"Folgende Objekte müssen aus der Bibliothek entfernt werden\n" +"oder die referenzierten Objekte müssen in diese Bibliothek\n" +"verschoben werden:" + +#: src/gui/FWWindow.cpp:1780 +msgid "Please select a library you want to export." +msgstr "Bitte eine zu exportierende Bibliothek auswählen." + +#: src/gui/FWWindow.cpp:1999 +#, qt-format +msgid "%1" +msgstr "" + +#: src/gui/FWWindow.cpp:2011 +#, qt-format +msgid "Building branch policy view '%1'..." +msgstr "Die Policy-Ansicht %1 des Branches wird erzeugt..." + +#: src/gui/FWWindow.cpp:2081 +msgid "Building policy view..." +msgstr "Policy-Ansicht erzeugen..." + +#: src/gui/FWWindow.cpp:2110 +msgid "Building NAT view..." +msgstr "NAT-Ansicht erzeugen..." + +#: src/gui/FWWindow.cpp:2125 +msgid "Building routing view..." +msgstr "Routing-Ansicht erzeugen..." + +#: src/gui/FWWindowPrint.cpp:92 src/gui/.ui/discoverydruid_q.cpp:1023 +#: src/gui/.ui/firewalldialog_q.cpp:209 src/gui/.ui/firewalldialog_q.cpp:210 +#: src/gui/.ui/instdialog_q.cpp:83 src/gui/.ui/instdialog_q.cpp:135 +#: src/gui/.ui/instdialog_q.cpp:224 src/gui/.ui/instdialog_q.cpp:269 +#: src/gui/.ui/instdialog_q.cpp:279 src/gui/.ui/instdialog_q.cpp:289 +msgid "Firewall" +msgstr "Firewall" + +#: src/gui/FWWindowPrint.cpp:93 src/gui/.ui/discoverydruid_q.cpp:1022 +#: src/gui/.ui/hostdialog_q.cpp:144 src/gui/.ui/hostdialog_q.cpp:145 +msgid "Host" +msgstr "Host" + +#: src/gui/FWWindowPrint.cpp:95 +msgid "Addres Range" +msgstr "Adressbereich" + +#: src/gui/FWWindowPrint.cpp:96 src/gui/RuleSetView.cpp:3315 +#: src/gui/RuleSetView.cpp:3565 src/gui/.ui/interfacedialog_q.cpp:231 +#: src/gui/.ui/interfacedialog_q.cpp:232 +msgid "Interface" +msgstr "Interface" + +#: src/gui/FWWindowPrint.cpp:97 src/gui/.ui/networkdialog_q.cpp:163 +#: src/gui/.ui/networkdialog_q.cpp:164 +msgid "Network" +msgstr "Netzwerk" + +#: src/gui/FWWindowPrint.cpp:98 +msgid "Group of objects" +msgstr "Objekt-Gruppe" + +#: src/gui/FWWindowPrint.cpp:99 src/gui/.ui/customservicedialog_q.cpp:177 +#: src/gui/.ui/customservicedialog_q.cpp:178 +msgid "Custom Service" +msgstr "Benutzerdefinierter Service" + +#: src/gui/FWWindowPrint.cpp:100 src/gui/.ui/ipservicedialog_q.cpp:209 +msgid "IP Service" +msgstr "IP-Dienst" + +#: src/gui/FWWindowPrint.cpp:101 src/gui/.ui/icmpservicedialog_q.cpp:168 +msgid "ICMP Service" +msgstr "ICMP-Dienst" + +#: src/gui/FWWindowPrint.cpp:102 src/gui/.ui/tcpservicedialog_q.cpp:371 +msgid "TCP Service" +msgstr "TCP-Dienst" + +#: src/gui/FWWindowPrint.cpp:103 src/gui/.ui/udpservicedialog_q.cpp:222 +msgid "UDP Service" +msgstr "UDP-Dienst" + +#: src/gui/FWWindowPrint.cpp:104 +msgid "Group of services" +msgstr "Service-Gruppe" + +#: src/gui/FWWindowPrint.cpp:105 src/gui/.ui/timedialog_q.cpp:242 +msgid "Time Interval" +msgstr "Zeitintervall" + +#: src/gui/FWWindowPrint.cpp:281 +#, qt-format +msgid "Firewall name: %1" +msgstr "Firewall Name: %1" + +#: src/gui/FWWindowPrint.cpp:282 +msgid "Platform: " +msgstr "Plattform:" + +#: src/gui/FWWindowPrint.cpp:283 +msgid "Version: " +msgstr "Version:" + +#: src/gui/FWWindowPrint.cpp:284 +msgid "Host OS: " +msgstr "Host Betriebssystem:" + +#: src/gui/FWWindowPrint.cpp:290 +msgid "Global Policy" +msgstr "Globale Policy" + +#: src/gui/FWWindowPrint.cpp:341 +#, qt-format +msgid "Interface %1" +msgstr "Interface %1" + +#: src/gui/FWWindowPrint.cpp:541 +msgid "Legend" +msgstr "Legende" + +#: src/gui/FWWindowPrint.cpp:632 src/gui/.ui/discoverydruid_q.cpp:1015 +msgid "Objects" +msgstr "Objekte" + +#: src/gui/FWWindowPrint.cpp:854 +#, fuzzy +msgid "Groups" +msgstr "Gruppe" + +#: src/gui/FWWindowPrint.cpp:897 +msgid "EMPTY" +msgstr "leer" + +#: src/gui/FWWindowPrint.cpp:919 src/gui/FWWindowPrint.cpp:922 +#: src/gui/FWWindowPrint.cpp:930 +msgid "Printing aborted" +msgstr "Drucken abgebrochen" + +#: src/gui/FWWindowPrint.cpp:926 +msgid "Printing completed" +msgstr "Drucken vollendet" + +#: src/gui/GroupObjectDialog.cpp:145 +msgid "Properties" +msgstr "Eigenschaften" + +#: src/gui/GroupObjectDialog.cpp:675 src/gui/.ui/FWBMainWindow_q.cpp:449 +#: src/gui/.ui/FWBMainWindow_q.cpp:493 src/gui/.ui/FWBMainWindow_q.cpp:494 +msgid "Open" +msgstr "Öffnen" + +#: src/gui/GroupObjectDialog.cpp:677 src/gui/ObjectManipulator.cpp:840 +#: src/gui/RuleSetView.cpp:1660 src/gui/RuleSetView.cpp:1789 +#: src/gui/RuleSetView.cpp:1793 src/gui/RuleSetView.cpp:1797 +#: src/gui/.ui/ipfadvanceddialog_q.cpp:593 +#: src/gui/.ui/ipfadvanceddialog_q.cpp:597 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:379 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:383 +#: src/gui/.ui/iptadvanceddialog_q.cpp:635 +#: src/gui/.ui/iptadvanceddialog_q.cpp:641 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1107 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1111 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1882 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1886 +msgid "Edit" +msgstr "Bearbeiten" + +#: src/gui/GroupObjectDialog.cpp:680 src/gui/ObjectManipulator.cpp:912 +#: src/gui/RuleSetView.cpp:1663 src/gui/.ui/FWBMainWindow_q.cpp:473 +msgid "Copy" +msgstr "Kopieren" + +#: src/gui/GroupObjectDialog.cpp:681 src/gui/ObjectManipulator.cpp:914 +#: src/gui/RuleSetView.cpp:1665 src/gui/.ui/FWBMainWindow_q.cpp:470 +msgid "Cut" +msgstr "Ausschneiden" + +#: src/gui/InstallFirewallViewItem.cpp:31 src/gui/instDialog.cpp:1893 +#: src/gui/instDialog.cpp:2045 src/gui/instDialog.cpp:2253 +#: src/gui/instDialog.cpp:2272 src/gui/instDialog.cpp:2286 +#: src/gui/instDialog.cpp:2298 +#, fuzzy +msgid "Failure" +msgstr "Fehler" + +#: src/gui/InstallFirewallViewItem.cpp:44 src/gui/instDialog.cpp:1149 +#: src/gui/instDialog.cpp:1150 src/gui/instDialog.cpp:1818 +#: src/gui/instDialog.cpp:1847 src/gui/instDialog.cpp:1848 +#, fuzzy +msgid "Success" +msgstr "Erfolg" + +#: src/gui/instBatchOptionsDialog.cpp:47 +msgid "Batch install options" +msgstr "Optionen für die Batch-Installatin" + +#: src/gui/instDialog.cpp:116 +msgid "There is no firewalls to process." +msgstr "Es gibt keine Firewalls zum Bearbeiten" + +#: src/gui/instDialog.cpp:131 +#, fuzzy +msgid "" +"

    Select firewalls for compilation.

    " +msgstr "" +"<p align=\"center\"><b><font size=\"+2\">Firewall zum " +"Übersetzen wählen.</font></b></p>" + +#: src/gui/instDialog.cpp:145 +msgid "Unknown operation." +msgstr "Unbekannter Befehl." + +#: src/gui/instDialog.cpp:176 +msgid "Show details" +msgstr "Details anzeigen" + +#: src/gui/instDialog.cpp:182 +msgid "Hide details" +msgstr "Details verbergen" + +#: src/gui/instDialog.cpp:286 +msgid "Unsupported exception" +msgstr "Unbekannter Ausnahmefehler" + +#: src/gui/instDialog.cpp:326 +msgid "Summary:" +msgstr "" + +#: src/gui/instDialog.cpp:329 src/gui/instDialog.cpp:359 +#, qt-format +msgid "* firewall name : %1" +msgstr "* Firewall Name : %1" + +#: src/gui/instDialog.cpp:331 +#, qt-format +msgid "* user name : %1" +msgstr "* Benutzer Name: %1" + +#: src/gui/instDialog.cpp:333 +#, qt-format +msgid "* management address : %1" +msgstr "* Verwaltungs-Adresse : %1" + +#: src/gui/instDialog.cpp:335 +#, qt-format +msgid "* platform : %1" +msgstr "* Plattform %1" + +#: src/gui/instDialog.cpp:337 +#, qt-format +msgid "* host OS : %1" +msgstr "* Host Betriebssystem : %1" + +#: src/gui/instDialog.cpp:339 +#, qt-format +msgid "* Loading configuration from file %1" +msgstr "* Laden der Konfiguration aus Datei %1" + +#: src/gui/instDialog.cpp:344 +msgid "* Incremental install" +msgstr "* Inkrementelles Installieren" + +#: src/gui/instDialog.cpp:349 +#, qt-format +msgid "* Configuration diff will be saved in file %1" +msgstr "* Die Konfigurationsunterschiede werden in Datei %1 gespeichert" + +#: src/gui/instDialog.cpp:354 +msgid "* Commands will not be executed on the firewall" +msgstr "* Auf dem Firewall werden keine Kommandos ausgeführt" + +#: src/gui/instDialog.cpp:656 +#, qt-format +msgid "" +"Only one interface of the firewall '%1' must be marked as management " +"interface." +msgstr "" +"Es darf nur ein Interface bei der Firewall '%1' als Management-Schnittstelle " +"markiert sein." + +#: src/gui/instDialog.cpp:663 +#, qt-format +msgid "" +"One of the interfaces of the firewall '%1' must be marked as management " +"interface." +msgstr "" +"Es muss ein Interface bei der Firewall '%1' als Management-Schnittstelle " +"markiert sein." + +#: src/gui/instDialog.cpp:670 +msgid "" +"Management interface does not have IP address, can not communicate with the " +"firewall." +msgstr "" +"Das Management-Interface hat keine IP-Adresse, daher ist keine Kommunikation " +"mit der Firewall möglich." + +#: src/gui/instDialog.cpp:718 +#, qt-format +msgid "File %1 not found." +msgstr "Datei %1 nicht gefunden." + +#: src/gui/instDialog.cpp:1002 src/gui/SSHPIX.cpp:347 +#, qt-format +msgid "Can not open file %1" +msgstr "Datei %1 kann nicht geöffnet werden" + +#: src/gui/instDialog.cpp:1105 +#, fuzzy, qt-format +msgid "" +"\n" +"Copying %1 -> %2:%3\n" +msgstr "" +"\n" +"Es wird kopiert: %1 -> %2\n" + +#: src/gui/instDialog.cpp:1139 +#, qt-format +msgid "" +"Running command '%1'\n" +"\n" +msgstr "" +"Ausgeführter Befehl '%1'\n" +"\n" + +#: src/gui/instDialog.cpp:1154 src/gui/instDialog.cpp:1155 +#: src/gui/instDialog.cpp:1823 src/gui/instDialog.cpp:1859 +#: src/gui/instDialog.cpp:1860 +#, fuzzy +msgid "Error" +msgstr "Fehler" + +#: src/gui/instDialog.cpp:1177 +#, fuzzy +msgid "Fatal error, terminating install sequence\n" +msgstr "Fehler: Installationsvorgang abgebrochen\n" + +#: src/gui/instDialog.cpp:1190 +msgid "Done\n" +msgstr "Fertig\n" + +#: src/gui/instDialog.cpp:1253 +msgid "Activating new policy\n" +msgstr "Neue Policy wird aktiviert\n" + +#: src/gui/instDialog.cpp:1421 +#, fuzzy, qt-format +msgid "Compiling rule sets for firewall: %1" +msgstr "Installieren der Policy-regeln auf der Firewall '%1'." + +#: src/gui/instDialog.cpp:1459 +#, fuzzy +msgid "" +"Policy installer uses Secure Shell to communicate with the firewall.\n" +"Please configure directory path to the secure shell utility \n" +"installed on your machine using Preferences dialog" +msgstr "" +"Der Policy-Installationsprozess verwendet Secure Shell (SSH) um mit der " +"Firewall zu kommunizieren.\n" +"Bitte konfigurieren Sie den Pfad zu den Werkzeugen 'secure file copy' und " +"'secure \n" +"shell' auf Ihrer Maschine im Dialog 'Werkzeuge'" + +#: src/gui/instDialog.cpp:1483 +#, fuzzy +msgid "Firewall isn't compiled." +msgstr "Firewall wurde nicht übersetzt." + +#: src/gui/instDialog.cpp:1578 +msgid "" +"Firewall platform is not specified in this object.\n" +"Can't compile firewall policy." +msgstr "" +"Angaben zur PLattform der Firewall fehlen in diesem Objekt.\n" +"Die Firewall-Policy kann nicht übersetzt werden." + +#: src/gui/instDialog.cpp:1779 +#, fuzzy +msgid "Error: Terminating install sequence\n" +msgstr "Fehler: Installationsvorgang abgebrochen\n" + +#: src/gui/instDialog.cpp:1852 +msgid "Abnormal program termination" +msgstr "Ungeplanter Programmabbruch" + +#: src/gui/instDialog.cpp:1858 +msgid "Skipped" +msgstr "Übersprungen" + +#: src/gui/instDialog.cpp:1888 src/gui/instDialog.cpp:2040 +#, fuzzy +msgid "Compiling ..." +msgstr "Übersetzen..." + +#: src/gui/instDialog.cpp:1901 +#, fuzzy +msgid "Recompile" +msgstr "Neu-Übersetzen" + +#: src/gui/instDialog.cpp:1987 +#, fuzzy +msgid "Batch policy rules compilation" +msgstr "Überstzung der Batch-Policy-Regeln" + +#: src/gui/instDialog.cpp:2016 src/gui/instDialog.cpp:2159 +#: src/gui/.ui/discoverydruid_q.cpp:992 src/gui/.ui/execdialog_q.cpp:94 +#: src/gui/.ui/instdialog_q.cpp:278 +msgid "Stop" +msgstr "Stopp" + +#: src/gui/instDialog.cpp:2170 +#, fuzzy +msgid "Install firewall: " +msgstr "Firewall Policy installieren" + +#: src/gui/instDialog.cpp:2180 +#, fuzzy +msgid "Installing firewalls" +msgstr "Firewall Policy wird nstalliert" + +#: src/gui/instDialog.cpp:2211 +#, fuzzy +msgid "Installing ..." +msgstr "Installieren..." + +#: src/gui/instDialog.cpp:2265 +#, qt-format +msgid "Installing policy rules on firewall '%1'." +msgstr "Installieren der Policy-regeln auf der Firewall '%1'." + +#: src/gui/instDialog.cpp:2395 src/gui/.ui/instdialog_q.cpp:276 +#, fuzzy +msgid "Show selected" +msgstr "Ausgewählte Objekte anzeigen" + +#: src/gui/instDialog.cpp:2401 +msgid "Show all" +msgstr "Alle anzeigen" + +#: src/gui/instOptionsDialog.cpp:66 +#, fuzzy, qt-format +msgid "Install options for firewall '%1'" +msgstr "Installieren der Policy-Regeln auf der Firewall '%1'." + +#: src/gui/InterfaceDialog.cpp:193 +msgid "Group: " +msgstr "Gruppe: " + +#: src/gui/InterfaceDialog.cpp:211 +msgid "Network: " +msgstr "Netzwerk: " + +#: src/gui/ipfAdvancedDialog.cpp:170 src/gui/ipfAdvancedDialog.cpp:179 +#: src/gui/ipfwAdvancedDialog.cpp:144 src/gui/ipfwAdvancedDialog.cpp:153 +#: src/gui/iptAdvancedDialog.cpp:204 src/gui/iptAdvancedDialog.cpp:213 +#: src/gui/pfAdvancedDialog.cpp:278 src/gui/pfAdvancedDialog.cpp:287 +#: src/gui/pixAdvancedDialog.cpp:786 src/gui/pixAdvancedDialog.cpp:795 +#: src/gui/.ui/metriceditorpanel_q.cpp:76 src/gui/.ui/simpleinteditor_q.cpp:88 +#: src/gui/.ui/simpletexteditor_q.cpp:93 +msgid "Script Editor" +msgstr "Skripteditor" + +#: src/gui/IPv4Dialog.cpp:159 src/gui/NetworkDialog.cpp:119 +#, qt-format +msgid "Illegal netmask '%1'" +msgstr "Ungültige Netzmaske '%1'" + +#: src/gui/IPv4Dialog.cpp:263 +#, qt-format +msgid "" +"DNS lookup failed for both names of the address object '%1' and the name of " +"the host '%2'." +msgstr "" +"DNS-Auflösung war für beide Namen des Adress-Objekts '%1' und des Host-" +"Namens '%2' unmöglich." + +#: src/gui/IPv4Dialog.cpp:270 +#, qt-format +msgid "DNS lookup failed for name of the address object '%1'." +msgstr "DNS-Auflösung war für den Namen des Adress-Objekts '%1' unmöglich." + +#: src/gui/LibraryDialog.cpp:151 +msgid "Pick the color for this library" +msgstr "Bitte Farbe für diese Bibliothek auswählen" + +#: src/gui/listOfLibraries.cpp:142 +#, fuzzy +msgid "" +"The library file you are trying to open\n" +"has been saved in an older version of\n" +"Firewall Builder and needs to be upgraded.\n" +"To upgrade it, just load it in the Firewall\n" +"Builder GUI and save back to file again." +msgstr "" +"Die Bibliotheks-Datei, die geöffnet werden soll,\n" +"Wurde mit einer älteren Version von\n" +"Firewall Builder gespeichert und muss in das neue Format gewandelt werden.\n" +"Um die Bibliothek zu wandeln, einfach im Firewall\n" +"Builder GUI laden und die Datei wieder abspeichern." + +#: src/gui/newFirewallDialog.cpp:99 src/gui/.ui/newhostdialog_q.cpp:390 +msgid "" +"Check option 'dynamic address' for the interface that gets its IP address " +"dynamically via DHCP or PPP protocol." +msgstr "" +"Aktivieren Sie bitte die Option 'dynamische Adresse' für das Interface, das " +"seine Adresse dynamisch über das DHCP- oder PPP-Protokoll zugewiesen erhält." + +#: src/gui/newFirewallDialog.cpp:100 src/gui/.ui/newhostdialog_q.cpp:389 +msgid "" +"Check option 'Unnumbered interface' for the interface that does not have an " +"IP address. Examples of interfaces of this kind are those used to terminate " +"PPPoE or VPN tunnels." +msgstr "" +"Die Option 'unnummeriertes Interface' muss für das Interface aktiviert sein, " +"das keine (feste) IP-Adresse hat. Dies sind zum Beispiel Interfaces an denen " +"PPPoE oder VPN-Tunnel terminiert werden." + +#: src/gui/newFirewallDialog.cpp:229 src/gui/newHostDialog.cpp:222 +msgid "Missing SNMP community string." +msgstr "Fehlende SNMP-Community." + +#: src/gui/newFirewallDialog.cpp:248 src/gui/newHostDialog.cpp:241 +#, qt-format +msgid "Address of %1 could not be obtained via DNS" +msgstr "Die Adresse %1 konnte über das DNS nicht aufgelöst werden" + +#: src/gui/newFirewallDialog.cpp:422 +msgid "dynamic" +msgstr "dynamisch" + +#: src/gui/newFirewallDialog.cpp:503 src/gui/newHostDialog.cpp:433 +#, qt-format +msgid "Interface: %1 (%2)" +msgstr "Interface: %1 (%2)" + +#: src/gui/newFirewallDialog.cpp:511 src/gui/newHostDialog.cpp:441 +#: src/gui/.ui/newfirewalldialog_q.cpp:514 src/gui/.ui/newhostdialog_q.cpp:404 +msgid "Dynamic address" +msgstr "Dynamische Adresse" + +#: src/gui/newFirewallDialog.cpp:513 src/gui/newHostDialog.cpp:443 +#: src/gui/.ui/interfacedialog_q.cpp:254 +#: src/gui/.ui/newfirewalldialog_q.cpp:513 src/gui/.ui/newhostdialog_q.cpp:395 +msgid "Unnumbered interface" +msgstr "nicht-nummeriertes Interface" + +#: src/gui/newFirewallDialog.cpp:515 src/gui/.ui/interfacedialog_q.cpp:259 +#: src/gui/.ui/newfirewalldialog_q.cpp:512 +msgid "Bridge port" +msgstr "Bridge-Port" + +#: src/gui/newFirewallDialog.cpp:555 src/gui/newHostDialog.cpp:480 +#, qt-format +msgid "Illegal address '%1/%2'" +msgstr "Ungültige Adresse '%1/%2'" + +#: src/gui/ObjConflictResolutionDialog.cpp:63 +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:152 +msgid "Keep current object" +msgstr "aktuelles Objekt beibehalten" + +#: src/gui/ObjConflictResolutionDialog.cpp:64 +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:157 +msgid "Replace with this object" +msgstr "Mit diesem Objekt ersetzen" + +#: src/gui/ObjConflictResolutionDialog.cpp:117 +#: src/gui/ObjConflictResolutionDialog.cpp:141 +#, fuzzy, qt-format +msgid "Object '%1' has been deleted" +msgstr "Objekt <b>'%1'</b> wurde gelöscht" + +#: src/gui/ObjConflictResolutionDialog.cpp:176 +#, fuzzy, qt-format +msgid "Object '%1' in the objects tree" +msgstr "Objekt <b>'%1'</b> im Objekt-Baum" + +#: src/gui/ObjConflictResolutionDialog.cpp:178 +#: src/gui/ObjConflictResolutionDialog.cpp:180 +#, fuzzy, qt-format +msgid "Object '%1' in file %2" +msgstr "Objekt <b>'%1'</b> in der Datei %2" + +#: src/gui/ObjConflictResolutionDialog.cpp:297 +#: src/gui/.ui/findobjectwidget_q.cpp:191 +#, fuzzy +msgid "Next" +msgstr "weiter" + +#: src/gui/ObjConflictResolutionDialog.cpp:299 +msgid "" +"The following two objects have the same internal ID but different attributes:" +msgstr "" + +#: src/gui/ObjConflictResolutionDialog.cpp:300 +msgid "Skip the rest but build report" +msgstr "" + +#: src/gui/ObjectEditor.cpp:437 +msgid "" +"Modifications done to this object can not be saved.\n" +"Do you want to continue editing it ?" +msgstr "" +"Die Veränderungen an diesem Objekt können nicht gespeichert werden.\n" +"Wollen Sie mit dem Editieren fortfahren?" + +#: src/gui/ObjectEditor.cpp:438 src/gui/ObjectEditor.cpp:466 +#: src/gui/TCPServiceDialog.cpp:177 src/gui/TCPServiceDialog.cpp:185 +#: src/gui/UDPServiceDialog.cpp:119 src/gui/UDPServiceDialog.cpp:127 +#: src/gui/utils.cpp:221 +#, fuzzy +msgid "&Continue editing" +msgstr "&Weiter editieren" + +#: src/gui/ObjectEditor.cpp:465 +msgid "" +"This object has been modified but not saved.\n" +"Do you want to save it ?" +msgstr "" +"Dieses Objekt wurde verändert aber noch nicht gespeichert.\n" +"Wollen Sie es jetzt abspeichern?" + +#: src/gui/ObjectManipulator.cpp:145 +msgid "Object Manipulator" +msgstr "Objekt-Manipulator" + +#: src/gui/ObjectManipulator.cpp:161 +#, fuzzy +msgid "New &Library" +msgstr "Neue Bilbliothek" + +#: src/gui/ObjectManipulator.cpp:164 +#, fuzzy +msgid "New &Firewall" +msgstr "Neue Firewall" + +#: src/gui/ObjectManipulator.cpp:165 +#, fuzzy +msgid "New &Host" +msgstr "Neuer Host" + +#: src/gui/ObjectManipulator.cpp:166 +#, fuzzy +msgid "New &Interface" +msgstr "Neues Interface" + +#: src/gui/ObjectManipulator.cpp:168 +#, fuzzy +msgid "New &Network" +msgstr "Neues Netzwerk" + +#: src/gui/ObjectManipulator.cpp:169 +#, fuzzy +msgid "New &Address" +msgstr "Neue Adresse" + +#: src/gui/ObjectManipulator.cpp:170 +#, fuzzy +msgid "New &DNS Name" +msgstr "Neuer DNS Name" + +#: src/gui/ObjectManipulator.cpp:171 +#, fuzzy +msgid "New A&ddress Table" +msgstr "Neue Adress-Tabelle" + +#: src/gui/ObjectManipulator.cpp:172 +#, fuzzy +msgid "New Address &Range" +msgstr "Neuer Adressbereich" + +#: src/gui/ObjectManipulator.cpp:173 +#, fuzzy +msgid "New &Object Group" +msgstr "Neue Objekt-Gruppe" + +#: src/gui/ObjectManipulator.cpp:175 +#, fuzzy +msgid "New &Custom Service" +msgstr "Neuer benutzerdefinierter Dienst" + +#: src/gui/ObjectManipulator.cpp:176 +#, fuzzy +msgid "New &IP Service" +msgstr "Neuer IP-Dienst" + +#: src/gui/ObjectManipulator.cpp:177 +#, fuzzy +msgid "New IC&MP Service" +msgstr "Neuer ICMP-Dienst" + +#: src/gui/ObjectManipulator.cpp:178 +#, fuzzy +msgid "New &TCP Service" +msgstr "Neuer TCP-Dienst" + +#: src/gui/ObjectManipulator.cpp:179 +#, fuzzy +msgid "New &UDP Service" +msgstr "Neuer UDP Dienst" + +#: src/gui/ObjectManipulator.cpp:180 +#, fuzzy +msgid "New &TagService" +msgstr "Neuer Tag-Dienst" + +#: src/gui/ObjectManipulator.cpp:181 +#, fuzzy +msgid "New &Service Group" +msgstr "Neue Dienste-Gruppe" + +#: src/gui/ObjectManipulator.cpp:183 +#, fuzzy +msgid "New Ti&me Interval" +msgstr "Neues Zeitintervall" + +#: src/gui/ObjectManipulator.cpp:230 +msgid " ( read only )" +msgstr " ( schreibgeschützt )" + +#: src/gui/ObjectManipulator.cpp:498 +msgid "" +"The name of the object '%1' has changed. The program can also\n" +"rename IP address objects that belong to this object,\n" +"using standard naming scheme 'host_name:interface_name:ip'.\n" +"This makes it easier to distinguish what host or a firewall\n" +"given IP address object belongs to when it is used in \n" +"the policy or NAT rule. The program also renames MAC address\n" +"objects using scheme 'host_name:interface_name:mac'.\n" +"Do you want to rename child IP and MAC address objects now?\n" +"(If you click 'No', names of all address objects that belong to\n" +"%1 will stay the same.)" +msgstr "" +"Der Name des Ojektes '%1' wurde geändert. Das Programm kann auch\n" +"die Namen der IP-Adressen-Objekte, die zu diesem Objekt gehören,\n" +"nach dem Schema 'Host-Name:Interface-Name:IP' anpassen.\n" +"Dies erleichtert das Zuordnen von IP-Adressen zu Hosts\n" +"oder Firewalls, wenn sie in der Policy oder in NAT-Regeln\n" +"verwendet werden. Das Programm ändert auch die Namen von\n" +"MAC-Adressen-Objekten nach dem Schema 'Host-Name:Interface-Name:MAC'.\n" +"Wollen Sie die zum Objekt gehörenden IP- und MAC-Adressen-Objekte jetzt\n" +"automatisch ändern lassen?\n" +"(Wenn Sie 'Nein', anklicken, bleiben die Namen aller Adressen-Objekte,\n" +"die zu %1 gehören, unverändert.)" + +#: src/gui/ObjectManipulator.cpp:527 +msgid "" +"The name of the interface '%1' has changed. The program can also\n" +"rename IP address objects that belong to this interface,\n" +"using standard naming scheme 'host_name:interface_name:ip'.\n" +"This makes it easier to distinguish what host or a firewall\n" +"given IP address object belongs to when it is used in \n" +"the policy or NAT rule. The program also renames MAC address\n" +"objects using scheme 'host_name:interface_name:mac'.\n" +"Do you want to rename child IP and MAC address objects now?\n" +"(If you click 'No', names of all address objects that belong to\n" +"%1 will stay the same.)" +msgstr "" +"Der Name des Interfaces '%1' wurde geändert. Das Programm kann auch\n" +"die Namen der IP-Adressen-Objekte, die zu diesem Objekt gehören,\n" +"nach dem Schema 'Host-Name:Interface-Name:IP' anpassen.\n" +"Dies erleichtert das Zuordnen von IP-Adressen zu Hosts\n" +"oder Firewalls, wenn sie in der Policy oder in NAT-Regeln\n" +"verwendet werden. Das Programm ändert auch die Namen von\n" +"MAC-Adressen-Objekten nach dem Schema 'Host-Name:Interface-Name:MAC'.\n" +"Wollen Sie die zum Objekt gehörenden IP- und MAC-Adressen-Objekte\n" +"jetzt automatisch ändern lassen?\n" +"(Wenn Sie 'Nein', anklicken, bleiben die Namen aller Adressen-Objekte,\n" +"die zu %1 gehören, unverändert.)" + +#: src/gui/ObjectManipulator.cpp:874 +#, qt-format +msgid "place in library %1" +msgstr "in der Bibliothek %1 abglegen" + +#: src/gui/ObjectManipulator.cpp:883 +#, qt-format +msgid "to library %1" +msgstr "in die Bibliothek %1" + +#: src/gui/ObjectManipulator.cpp:893 +msgid "place here" +msgstr "hier ablegen" + +#: src/gui/ObjectManipulator.cpp:896 +msgid "Duplicate ..." +msgstr "Duplizieren..." + +#: src/gui/ObjectManipulator.cpp:901 src/gui/ObjectManipulator.cpp:904 +msgid "Move ..." +msgstr "Verschieben ..." + +#: src/gui/ObjectManipulator.cpp:933 +msgid "Add Interface" +msgstr "Interface Hinzufügen" + +#: src/gui/ObjectManipulator.cpp:938 +msgid "Add IP Address" +msgstr "IP-Adresse hinzufügen" + +#: src/gui/ObjectManipulator.cpp:940 +msgid "Add MAC Address" +msgstr "MAC-Adresse hinzufügen" + +#: src/gui/ObjectManipulator.cpp:945 src/gui/.ui/newfirewalldialog_q.cpp:486 +msgid "New Firewall" +msgstr "Neue Firewall" + +#: src/gui/ObjectManipulator.cpp:950 src/gui/ObjectManipulator.cpp:2515 +#: src/gui/ObjectManipulator.cpp:2531 +msgid "New Address" +msgstr "Neue Adresse" + +#: src/gui/ObjectManipulator.cpp:955 src/gui/ObjectManipulator.cpp:2546 +#, fuzzy +msgid "New DNS Name" +msgstr "Neuer DNS Name" + +#: src/gui/ObjectManipulator.cpp:961 src/gui/ObjectManipulator.cpp:2557 +#, fuzzy +msgid "New Address Table" +msgstr "Neue Adress-Tabelle" + +#: src/gui/ObjectManipulator.cpp:966 src/gui/ObjectManipulator.cpp:2624 +msgid "New Address Range" +msgstr "Neuer Adressbereich" + +#: src/gui/ObjectManipulator.cpp:970 src/gui/.ui/newhostdialog_q.cpp:377 +msgid "New Host" +msgstr "Neuer Host" + +#: src/gui/ObjectManipulator.cpp:974 src/gui/ObjectManipulator.cpp:2491 +msgid "New Network" +msgstr "Neues Netzwerk" + +#: src/gui/ObjectManipulator.cpp:978 src/gui/ObjectManipulator.cpp:1006 +#: src/gui/.ui/newgroupdialog_q.cpp:97 +msgid "New Group" +msgstr "Neue Gruppe" + +#: src/gui/ObjectManipulator.cpp:982 src/gui/ObjectManipulator.cpp:2647 +msgid "New Custom Service" +msgstr "Neuer benutzerdefinierter Dienst" + +#: src/gui/ObjectManipulator.cpp:986 src/gui/ObjectManipulator.cpp:2658 +msgid "New IP Service" +msgstr "Neuer IP-Dienst" + +#: src/gui/ObjectManipulator.cpp:990 src/gui/ObjectManipulator.cpp:2669 +msgid "New ICMP Service" +msgstr "Neuer ICMP-Dienst" + +#: src/gui/ObjectManipulator.cpp:994 src/gui/ObjectManipulator.cpp:2680 +msgid "New TCP Service" +msgstr "Neuer TCP-Dienst" + +#: src/gui/ObjectManipulator.cpp:998 src/gui/ObjectManipulator.cpp:2691 +msgid "New UDP Service" +msgstr "Neuer UDP Dienst" + +#: src/gui/ObjectManipulator.cpp:1002 src/gui/ObjectManipulator.cpp:2591 +#, fuzzy +msgid "New TagService" +msgstr "Neuer Tag-Dienst" + +#: src/gui/ObjectManipulator.cpp:1010 src/gui/ObjectManipulator.cpp:2714 +msgid "New Time Interval" +msgstr "Neues Zeitintervall" + +#: src/gui/ObjectManipulator.cpp:1014 src/gui/.ui/finddialog_q.cpp:131 +#: src/gui/.ui/findwhereusedwidget_q.cpp:121 +msgid "Find" +msgstr "Suche" + +#: src/gui/ObjectManipulator.cpp:1015 src/gui/RuleSetView.cpp:1672 +msgid "Where used" +msgstr "Wo benutzt" + +#: src/gui/ObjectManipulator.cpp:1027 src/gui/.ui/groupobjectdialog_q.cpp:186 +#: src/gui/.ui/groupobjectdialog_q.cpp:187 +msgid "Group" +msgstr "Gruppe" + +#: src/gui/ObjectManipulator.cpp:1035 src/gui/.ui/FWBMainWindow_q.cpp:499 +#: src/gui/.ui/FWBMainWindow_q.cpp:500 src/gui/.ui/instdialog_q.cpp:79 +#: src/gui/.ui/instdialog_q.cpp:267 +msgid "Compile" +msgstr "Übersetzen" + +#: src/gui/ObjectManipulator.cpp:1036 src/gui/.ui/FWBMainWindow_q.cpp:502 +#: src/gui/.ui/FWBMainWindow_q.cpp:503 src/gui/.ui/instdialog_q.cpp:81 +#: src/gui/.ui/instdialog_q.cpp:268 +msgid "Install" +msgstr "Installieren" + +#: src/gui/ObjectManipulator.cpp:1043 src/gui/.ui/FWBMainWindow_q.cpp:561 +#: src/gui/.ui/FWBMainWindow_q.cpp:562 +#, fuzzy +msgid "Lock" +msgstr "Locked (blockiert) durch" + +#: src/gui/ObjectManipulator.cpp:1045 src/gui/.ui/FWBMainWindow_q.cpp:563 +#: src/gui/.ui/FWBMainWindow_q.cpp:564 +msgid "Unlock" +msgstr "Freigeben" + +#: src/gui/ObjectManipulator.cpp:1054 +msgid "dump" +msgstr "Dump" + +#: src/gui/ObjectManipulator.cpp:1087 +msgid "Undelete..." +msgstr "Wiederherstellen..." + +#: src/gui/ObjectManipulator.cpp:1576 +#, qt-format +msgid "" +"Impossible to insert object %1 (type %2) into %3\n" +"because of incompatible type." +msgstr "" +"Es ist unmöglich das Objekt %1 (Typ %2) in %3 einzufügen,\n" +"da die Typen inkompatibel sind." + +#: src/gui/ObjectManipulator.cpp:1743 +#, fuzzy +msgid "" +"Emptying the 'Deleted Objects' in a library file is not recommended.\n" +"When you remove deleted objects from a library file, Firewall Builder\n" +"loses ability to track them. If a group or a policy rule in some\n" +"data file still uses removed object from this library, you may encounter\n" +"unusual and unexpected behavior of the program.\n" +"Do you want to delete selected objects anyway ?" +msgstr "" +"Es ist nicht empfehlenswert die 'Deleted Objects' aus einer Bibliothek zu " +"entfernen.\n" +"Wenn die gelöschten Objekte aus der Bibliothek entfernt werden, verliert " +"Firewall Builder\n" +"die Möglichkeit, ihre Verwendung aufzuzeichnen. Wenn eine Gruppe or Policy " +"in\n" +"einer Datei die entfernten Objekte immer noch refernziert, kann es\n" +"zu ungewöhnlichem und unerwartetem Verhalten des Programmes führen.\n" +"Wollen Sie die Objekte trotzdem entgültig löschen?" + +#: src/gui/ObjectManipulator.cpp:1823 +#, qt-format +msgid "" +"When you delete a library, all objects that belong to it\n" +"disappear from the tree and all groups and rules that reference them.\n" +"You won't be able to reverse this operation later.\n" +"Do you still want to delete library %1?" +msgstr "" +"Wenn Sie eine Bibliothek löschen, werden alle Objekte darin aus dem\n" +"Objekt-Baum und allen Gruppen und Firewall-Policies, die sie verwenden, " +"entfernt.\n" +"Es ist nicht möglich, diese Operation wieder umzukehren.\n" +"Wollen Sie die Bibliothek %1 wirklich löschen?" + +#: src/gui/ObjectManipulator.cpp:2343 +#, qt-format +msgid "" +"Type '%1': new object can not be created because\n" +"corresponding branch is missing in the object tree.\n" +"Please repair the tree using command 'fwbedit -s -f file.fwb'." +msgstr "" +"Typ '%1': ein neues Objekt kann nicht angelegt werden\n" +"weil der entsprechende Ast im Objekt-Baum fehlt.\n" +"Bitte den Baum mit dem Kommando 'fwbedit -s -f file.fwb' reparieren." + +#: src/gui/ObjectManipulator.cpp:2470 src/gui/ObjectManipulator.cpp:2473 +msgid "New Interface" +msgstr "Neues Interface" + +#: src/gui/ObjectManipulator.cpp:2635 +msgid "New Object Group" +msgstr "Neue Objekt-Gruppe" + +#: src/gui/ObjectManipulator.cpp:2702 +msgid "New Service Group" +msgstr "Neue Dienste-Gruppe" + +#: src/gui/ObjectManipulator.cpp:2821 +msgid "Searching for firewalls affected by the change..." +msgstr "" +"Es werden die Firewalls gesucht, die von der Änderung betroffen sind..." + +#: src/gui/ObjectTreeView.cpp:115 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:66 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:113 +#: src/gui/.ui/discoverydruid_q.cpp:748 src/gui/.ui/discoverydruid_q.cpp:1024 +#: src/gui/.ui/FWBMainWindow_q.cpp:575 +msgid "Object" +msgstr "Objekt" + +#: src/gui/pfAdvancedDialog.cpp:98 +msgid "Aggressive" +msgstr "aggressiv" + +#: src/gui/pfAdvancedDialog.cpp:100 +msgid "Conservative" +msgstr "konservativ" + +#: src/gui/pfAdvancedDialog.cpp:102 +msgid "For high latency" +msgstr "für hohe Latenz-Zeiten" + +#: src/gui/pfAdvancedDialog.cpp:104 +msgid "Normal" +msgstr "Normal" + +#: src/gui/pixAdvancedDialog.cpp:130 +msgid "0 - System Unusable" +msgstr "0 - System nich verwendbar" + +#: src/gui/pixAdvancedDialog.cpp:135 +msgid "1 - Take Immediate Action" +msgstr "1 - unmittelbare Reaktion notwendig" + +#: src/gui/pixAdvancedDialog.cpp:140 +msgid "2 - Critical Condition" +msgstr "2 - kritischer Zustand" + +#: src/gui/pixAdvancedDialog.cpp:145 +msgid "3 - Error Message" +msgstr "3 - Fehlermelding" + +#: src/gui/pixAdvancedDialog.cpp:150 +msgid "4 - Warning Message" +msgstr "4 - Warnung" + +#: src/gui/pixAdvancedDialog.cpp:155 +msgid "5 - Normal but significant condition" +msgstr "5- normaler Betrieb aber außergewöhnlicher Zustand" + +#: src/gui/pixAdvancedDialog.cpp:160 +msgid "6 - Informational" +msgstr "6 - Nur zur Information" + +#: src/gui/pixAdvancedDialog.cpp:165 +msgid "7 - Debug Message" +msgstr "7 - Debug Nachricht" + +#: src/gui/pixAdvancedDialog.cpp:679 src/gui/pixAdvancedDialog.cpp:717 +msgid "Error: Policy compiler for PIX is not installed" +msgstr "Fehler: der Policy-Compiler für PIX ist nicht installiert" + +#: src/gui/pixAdvancedDialog.cpp:703 +#, fuzzy +msgid "Compiler error" +msgstr "Fehler beim Übersetzen" + +#: src/gui/platforms.cpp:60 src/gui/.ui/ruleoptionsdialog_q.cpp:791 +msgid "alert" +msgstr "Alarm" + +#: src/gui/platforms.cpp:62 src/gui/.ui/ruleoptionsdialog_q.cpp:792 +msgid "crit" +msgstr "kritisch" + +#: src/gui/platforms.cpp:64 src/gui/.ui/pfadvanceddialog_q.cpp:1075 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:793 +msgid "error" +msgstr "Fehler" + +#: src/gui/platforms.cpp:66 src/gui/.ui/ruleoptionsdialog_q.cpp:794 +msgid "warning" +msgstr "Warnung" + +#: src/gui/platforms.cpp:68 src/gui/.ui/ruleoptionsdialog_q.cpp:795 +msgid "notice" +msgstr "Hinweis" + +#: src/gui/platforms.cpp:70 src/gui/.ui/ruleoptionsdialog_q.cpp:796 +msgid "info" +msgstr "Information" + +#: src/gui/platforms.cpp:72 src/gui/.ui/ruleoptionsdialog_q.cpp:797 +msgid "debug" +msgstr "Debug" + +#: src/gui/platforms.cpp:78 +msgid "kern" +msgstr "Kernel" + +#: src/gui/platforms.cpp:80 +msgid "user" +msgstr "Benutzer" + +#: src/gui/platforms.cpp:82 +#, fuzzy +msgid "mail" +msgstr "Mail" + +#: src/gui/platforms.cpp:84 +#, fuzzy +msgid "daemon" +msgstr "Dämon" + +#: src/gui/platforms.cpp:86 +#, fuzzy +msgid "auth" +msgstr "auth" + +#: src/gui/platforms.cpp:88 +#, fuzzy +msgid "syslog" +msgstr "Syslog" + +#: src/gui/platforms.cpp:90 +msgid "lpr" +msgstr "lpr" + +#: src/gui/platforms.cpp:92 +msgid "news" +msgstr "News" + +#: src/gui/platforms.cpp:94 +#, fuzzy +msgid "uucp" +msgstr "uucp" + +#: src/gui/platforms.cpp:96 +#, fuzzy +msgid "cron" +msgstr "cron" + +#: src/gui/platforms.cpp:98 +msgid "authpriv" +msgstr "authpriv" + +#: src/gui/platforms.cpp:100 src/gui/.ui/pixadvanceddialog_q.cpp:1945 +msgid "ftp" +msgstr "FTP" + +#: src/gui/platforms.cpp:102 +msgid "local0" +msgstr "local0" + +#: src/gui/platforms.cpp:104 +msgid "local1" +msgstr "local1" + +#: src/gui/platforms.cpp:106 +msgid "local2" +msgstr "local2" + +#: src/gui/platforms.cpp:108 +msgid "local3" +msgstr "local3" + +#: src/gui/platforms.cpp:110 +msgid "local4" +msgstr "local4" + +#: src/gui/platforms.cpp:112 +msgid "local5" +msgstr "local5" + +#: src/gui/platforms.cpp:114 +msgid "local6" +msgstr "local6" + +#: src/gui/platforms.cpp:116 +msgid "local7" +msgstr "local7" + +#: src/gui/platforms.cpp:121 +msgid "ICMP admin prohibited" +msgstr "Meldung 'ICMP admin prohibited'" + +#: src/gui/platforms.cpp:123 +msgid "ICMP host prohibited" +msgstr "Meldung 'ICMP host prohibited'" + +#: src/gui/platforms.cpp:125 +msgid "ICMP host unreachable" +msgstr "Meldung 'ICMP host unreachable'" + +#: src/gui/platforms.cpp:127 +msgid "ICMP net prohibited" +msgstr "Meldung 'ICMP net prohibited'" + +#: src/gui/platforms.cpp:129 +msgid "ICMP net unreachable" +msgstr "Meldung 'ICMP net unreachable'" + +#: src/gui/platforms.cpp:131 +msgid "ICMP port unreachable" +msgstr "Meldung 'ICMP port unreachable'" + +#: src/gui/platforms.cpp:133 +msgid "ICMP protocol unreachable" +msgstr "Meldung 'ICMP protocol unreachable'" + +#: src/gui/platforms.cpp:135 +msgid "TCP RST" +msgstr "TCP RST" + +#: src/gui/platforms.cpp:138 src/gui/.ui/actionsdialog_q.cpp:476 +#: src/gui/.ui/actionsdialog_q.cpp:483 +msgid "Route through" +msgstr "Routen über" + +#: src/gui/platforms.cpp:140 src/gui/.ui/actionsdialog_q.cpp:477 +#: src/gui/.ui/actionsdialog_q.cpp:484 +msgid "Route reply through" +msgstr "Auf Route über antworten" + +#: src/gui/platforms.cpp:142 src/gui/.ui/actionsdialog_q.cpp:478 +#: src/gui/.ui/actionsdialog_q.cpp:485 +msgid "Route a copy through" +msgstr "Route für Kopie verwenden" + +#: src/gui/platforms.cpp:145 src/gui/.ui/iptadvanceddialog_q.cpp:644 +msgid "on top of the script" +msgstr "am Beginn des Skripts" + +#: src/gui/platforms.cpp:147 src/gui/.ui/iptadvanceddialog_q.cpp:645 +msgid "after interface configuration" +msgstr "nach der Interface-Konfiguration" + +#: src/gui/platforms.cpp:149 src/gui/.ui/iptadvanceddialog_q.cpp:646 +msgid "after policy reset" +msgstr "nach dem Rücksetzen der Policies" + +#: src/gui/platforms.cpp:152 +#, fuzzy +msgid "in the activation shell script" +msgstr "am Beginn des Skripts" + +#: src/gui/platforms.cpp:155 +msgid "in the pf rule file, at the very top" +msgstr "" + +#: src/gui/platforms.cpp:158 +msgid "in the pf rule file, after set comamnds" +msgstr "" + +#: src/gui/platforms.cpp:161 +msgid "in the pf rule file, after scrub comamnds" +msgstr "" + +#: src/gui/platforms.cpp:164 +msgid "in the pf rule file, after table definitions" +msgstr "" + +#: src/gui/platforms.cpp:169 src/gui/.ui/ruleoptionsdialog_q.cpp:807 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:823 +msgid "/day" +msgstr "/Tag" + +#: src/gui/platforms.cpp:171 src/gui/.ui/ruleoptionsdialog_q.cpp:808 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:824 +msgid "/hour" +msgstr "/Stunde" + +#: src/gui/platforms.cpp:173 src/gui/.ui/ruleoptionsdialog_q.cpp:809 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:825 +msgid "/minute" +msgstr "/Minute" + +#: src/gui/platforms.cpp:175 src/gui/.ui/ruleoptionsdialog_q.cpp:810 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:826 +msgid "/second" +msgstr "/Sekunde" + +#: src/gui/platforms.cpp:380 +msgid "- any -" +msgstr "- beliebig -" + +#: src/gui/platforms.cpp:381 +msgid "1.2.5 or earlier" +msgstr "1.2.5 oder älter" + +#: src/gui/platforms.cpp:382 +msgid "1.2.6 to 1.2.8" +msgstr "1.2.6 bis 1.2.8" + +#: src/gui/platforms.cpp:383 +#, fuzzy +msgid "1.2.9 to 1.2.11" +msgstr "1.2.9 bis 1.2.11" + +#: src/gui/platforms.cpp:384 +#, fuzzy +msgid "1.3.0 or later" +msgstr "1.3.0 oder neuer" + +#: src/gui/platforms.cpp:401 +msgid "3.x" +msgstr "" + +#: src/gui/platforms.cpp:402 +msgid "4.x" +msgstr "" + +#: src/gui/platforms.cpp:518 +msgid "Accept" +msgstr "Akzeptieren" + +#: src/gui/platforms.cpp:520 +msgid "Deny" +msgstr "Verbieten" + +#: src/gui/platforms.cpp:522 +msgid "Reject" +msgstr "Zurückweisen" + +#: src/gui/platforms.cpp:524 +msgid "Scrub" +msgstr "Säubern (scrub)" + +#: src/gui/platforms.cpp:526 +msgid "Return" +msgstr "Return" + +#: src/gui/platforms.cpp:528 +#, fuzzy +msgid "Skip" +msgstr "überspringen" + +#: src/gui/platforms.cpp:530 src/gui/.ui/longtextdialog_q.cpp:96 +msgid "Continue" +msgstr "Fortsetzen" + +#: src/gui/platforms.cpp:532 +msgid "Modify" +msgstr "Ändern" + +#: src/gui/platforms.cpp:534 +msgid "Classify" +msgstr "Klassifizieren" + +#: src/gui/platforms.cpp:536 +#, fuzzy +msgid "Custom" +msgstr "bneutzerdefiniert" + +#: src/gui/platforms.cpp:539 +#, fuzzy +msgid "Branch" +msgstr "Verzweigung" + +#: src/gui/platforms.cpp:540 +msgid "Chain" +msgstr "Kette" + +#: src/gui/platforms.cpp:541 +#, fuzzy +msgid "Anchor" +msgstr "Anker" + +#: src/gui/platforms.cpp:545 +msgid "Accounting" +msgstr "Accounting" + +#: src/gui/platforms.cpp:546 +#, fuzzy +msgid "Count" +msgstr "Zählen" + +#: src/gui/platforms.cpp:550 +msgid "Tag" +msgstr "Tag" + +#: src/gui/platforms.cpp:551 +#, fuzzy +msgid "Mark" +msgstr "Marke" + +#: src/gui/platforms.cpp:555 +msgid "Pipe" +msgstr "Pipe" + +#: src/gui/platforms.cpp:556 +msgid "Queue" +msgstr "Warteschlange" + +#: src/gui/PrefsDialog.cpp:176 +msgid "Pick the color" +msgstr "Farbe auswählen" + +#: src/gui/PrefsDialog.cpp:224 +msgid "Find working directory" +msgstr "Arbeitsverzeichnis suchen" + +#: src/gui/PrefsDialog.cpp:233 +msgid "Find Secure Shell utility" +msgstr "SSH-Programm suchen" + +#: src/gui/PrefsDialog.cpp:284 +msgid "Find add-on library" +msgstr "Zubehör-Bibliothek suchen" + +#: src/gui/printerStream.cpp:132 +#, qt-format +msgid "Page %1" +msgstr "Seize %1" + +#: src/gui/PrintingProgressDialog.cpp:48 +#, qt-format +msgid "Printing (page %1/%2)" +msgstr "Drucke (Seite %1/%2)" + +#: src/gui/PrintingProgressDialog.cpp:50 +#, fuzzy, qt-format +msgid "Printing page %1" +msgstr "Drucke Seite %1" + +#: src/gui/PrintingProgressDialog.cpp:67 +msgid "Aborting print operation" +msgstr "Drucken abbrechen" + +#: src/gui/RCS.cpp:498 src/gui/RCS.cpp:717 src/gui/RCS.cpp:800 +#, qt-format +msgid "Error checking file out: %1" +msgstr "Fehler beim Auspacken der Datei: %1" + +#: src/gui/RCS.cpp:558 +#, qt-format +msgid "" +"Fatal error during initial RCS checkin of file %1 :\n" +" %2\n" +"Exit status %3" +msgstr "" +"Fataler Fehler beim ersten Einlagern der Datei %1 :\n" +" %2\n" +"Exit Status %3" + +#: src/gui/RCS.cpp:687 +msgid "Error creating temporary file " +msgstr "Fehler beim Anlegen der temporären Datei " + +#: src/gui/RCS.cpp:700 +msgid "Error writing to temporary file " +msgstr "Fehler beim Schreiben in die temporäre Datei " + +#: src/gui/RCS.cpp:732 +#, qt-format +msgid "" +"File is opened and locked by %1.\n" +"You can only open it read-only." +msgstr "" +"Die Datei ist von %1 geöffnet und gesperrt.\n" +"Sie können sie schreibgeschützt öffnen." + +#: src/gui/RCS.cpp:745 +#, qt-format +msgid "" +"Revision %1 of this file has been checked out and locked by you earlier.\n" +"The file may be opened in another copy of Firewall Builder or was left " +"opened\n" +"after the program crashed." +msgstr "" +"Die Revision %1 dieser Datei ist bereits ausgelagert und von Ihnen " +"gesperrt.\n" +"Die Datei kann in einer anderen Kopie von Firewall Builder offen sein oder " +"blieb geöffnet\n" +"nach einem Absturz des Programmes." + +#: src/gui/RCS.cpp:748 +#, fuzzy +msgid "Open &read-only" +msgstr "Nur zum Lesen öffnen" + +#: src/gui/RCS.cpp:748 +#, fuzzy +msgid "&Open and continue editing" +msgstr "Öffnen und &weiter editieren" + +#: src/gui/RCS.cpp:991 +#, qt-format +msgid "Fatal error running rlog for %1" +msgstr "Fataler Fehler beim der Ausführung von rlog für %1" + +#: src/gui/RCS.cpp:1031 +#, qt-format +msgid "Fatal error running rcsdiff for file %1" +msgstr "Fataler Fehler beim der Ausführung von rcsdiff für dei Datei %1" + +#: src/gui/RCSFilePreview.cpp:137 +msgid "File is not in RCS" +msgstr "Die Datei ist nicht im RCS" + +#: src/gui/RuleSetView.cpp:206 +msgid "A Rule Set" +msgstr "Eine Regelgruppe" + +#: src/gui/RuleSetView.cpp:621 +msgid "Outbound " +msgstr "Auswärts" + +#: src/gui/RuleSetView.cpp:707 +msgid "Original" +msgstr "Original" + +#: src/gui/RuleSetView.cpp:708 +#, fuzzy +msgid "Default" +msgstr "Standardwert" + +#: src/gui/RuleSetView.cpp:711 src/gui/.ui/instdialog_q.cpp:274 +msgid "All" +msgstr "Alle" + +#: src/gui/RuleSetView.cpp:712 src/gui/RuleSetView.cpp:720 +#: src/gui/.ui/timedialog_q.cpp:245 src/gui/.ui/timedialog_q.cpp:262 +msgid "Any" +msgstr "beliebige" + +#: src/gui/RuleSetView.cpp:1457 src/gui/RuleSetView.cpp:1717 +#: src/gui/RuleSetView.cpp:1745 src/gui/.ui/FWBMainWindow_q.cpp:521 +#: src/gui/.ui/FWBMainWindow_q.cpp:522 +msgid "Insert Rule" +msgstr "Regel einfügen" + +#: src/gui/RuleSetView.cpp:1459 src/gui/RuleSetView.cpp:1473 +msgid "Paste Rule" +msgstr "Regel aus Puffer einfügen" + +#: src/gui/RuleSetView.cpp:1603 +#, fuzzy +msgid "Parameters" +msgstr "Parameter" + +#: src/gui/RuleSetView.cpp:1620 +msgid "Inbound" +msgstr "eingehend" + +#: src/gui/RuleSetView.cpp:1624 +msgid "Outbound" +msgstr "ausgehend" + +#: src/gui/RuleSetView.cpp:1628 +msgid "Both" +msgstr "biderectional" + +#: src/gui/RuleSetView.cpp:1637 +msgid "Rule Options" +msgstr "Regel-Optionen" + +#: src/gui/RuleSetView.cpp:1644 +msgid "Logging On" +msgstr "Log Ein" + +#: src/gui/RuleSetView.cpp:1648 +msgid "Logging Off" +msgstr "Log Aus" + +#: src/gui/RuleSetView.cpp:1674 +#, fuzzy +msgid "Reveal in tree" +msgstr "Suche im Baum" + +#: src/gui/RuleSetView.cpp:1677 +msgid "Negate" +msgstr "Negieren" + +#: src/gui/RuleSetView.cpp:1725 +#, qt-format +msgid "Rules: %1-%2" +msgstr "Regeln: %1-%2" + +#: src/gui/RuleSetView.cpp:1728 +#, qt-format +msgid "Rule: %1" +msgstr "Regel: %1" + +#: src/gui/RuleSetView.cpp:1733 +msgid "Color Label:" +msgstr "Farbe für das Label:" + +#: src/gui/RuleSetView.cpp:1747 src/gui/.ui/FWBMainWindow_q.cpp:527 +#: src/gui/.ui/FWBMainWindow_q.cpp:528 +msgid "Add Rule Below" +msgstr "Regel unterhalb einfügen" + +#: src/gui/RuleSetView.cpp:1750 src/gui/.ui/FWBMainWindow_q.cpp:529 +#: src/gui/.ui/FWBMainWindow_q.cpp:530 +msgid "Remove Rule" +msgstr "Regel entfernen" + +#: src/gui/RuleSetView.cpp:1751 +msgid "Remove Rules" +msgstr "Regeln entfernen" + +#: src/gui/RuleSetView.cpp:1754 +msgid "Move Rule" +msgstr "Regel verschieben" + +#: src/gui/RuleSetView.cpp:1755 +msgid "Move Rules" +msgstr "Regeln verschieben" + +#: src/gui/RuleSetView.cpp:1761 src/gui/.ui/FWBMainWindow_q.cpp:532 +#: src/gui/.ui/FWBMainWindow_q.cpp:533 +msgid "Copy Rule" +msgstr "Regel kopieren" + +#: src/gui/RuleSetView.cpp:1763 src/gui/.ui/FWBMainWindow_q.cpp:534 +#: src/gui/.ui/FWBMainWindow_q.cpp:535 +msgid "Cut Rule" +msgstr "Regel ausschneiden" + +#: src/gui/RuleSetView.cpp:1765 src/gui/.ui/FWBMainWindow_q.cpp:536 +#: src/gui/.ui/FWBMainWindow_q.cpp:537 +msgid "Paste Rule Above" +msgstr "Regel aus dem Puffer oben einfügen" + +#: src/gui/RuleSetView.cpp:1767 src/gui/.ui/FWBMainWindow_q.cpp:538 +#: src/gui/.ui/FWBMainWindow_q.cpp:539 +msgid "Paste Rule Below" +msgstr "Regel aus dem Puffer unten einfügen" + +#: src/gui/RuleSetView.cpp:1774 +msgid "Enable Rule" +msgstr "Regel aktivieren" + +#: src/gui/RuleSetView.cpp:1775 +msgid "Enable Rules" +msgstr "Regeln aktivieren" + +#: src/gui/RuleSetView.cpp:1779 +msgid "Disable Rule" +msgstr "Regel deaktivieren" + +#: src/gui/RuleSetView.cpp:1780 +msgid "Disable Rules" +msgstr "Regeln deaktivieren" + +#: src/gui/RuleSetView.cpp:3306 src/gui/RuleSetView.cpp:3396 +msgid "Source" +msgstr "Quelle" + +#: src/gui/RuleSetView.cpp:3309 src/gui/RuleSetView.cpp:3399 +#: src/gui/RuleSetView.cpp:3559 +msgid "Destination" +msgstr "Ziel" + +#: src/gui/RuleSetView.cpp:3312 src/gui/RuleSetView.cpp:3402 +msgid "Service" +msgstr "Dienst" + +#: src/gui/RuleSetView.cpp:3318 src/gui/RuleSetView.cpp:3405 +msgid "Direction" +msgstr "Richtung" + +#: src/gui/RuleSetView.cpp:3321 src/gui/RuleSetView.cpp:3408 +msgid "Action" +msgstr "Aktion" + +#: src/gui/RuleSetView.cpp:3326 src/gui/RuleSetView.cpp:3413 +#: src/gui/.ui/timedialog_q.cpp:241 +msgid "Time" +msgstr "Zeit" + +#: src/gui/RuleSetView.cpp:3332 src/gui/RuleSetView.cpp:3419 +#: src/gui/RuleSetView.cpp:3499 src/gui/RuleSetView.cpp:3571 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:206 +#: src/gui/.ui/linux24advanceddialog_q.cpp:415 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:184 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:198 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1854 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:308 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:212 +msgid "Options" +msgstr "Optionen" + +#: src/gui/RuleSetView.cpp:3336 src/gui/RuleSetView.cpp:3423 +#: src/gui/RuleSetView.cpp:3502 src/gui/RuleSetView.cpp:3574 +msgid "Comment" +msgstr "Kommentar" + +#: src/gui/RuleSetView.cpp:3481 +msgid "Original Src" +msgstr "Original Quelle" + +#: src/gui/RuleSetView.cpp:3484 +msgid "Original Dst" +msgstr "Original Ziel" + +#: src/gui/RuleSetView.cpp:3487 +msgid "Original Srv" +msgstr "Original Dienst" + +#: src/gui/RuleSetView.cpp:3490 +msgid "Translated Src" +msgstr "Übersetzte Quelle" + +#: src/gui/RuleSetView.cpp:3493 +msgid "Translated Dst" +msgstr "Übersetztes Ziel" + +#: src/gui/RuleSetView.cpp:3496 +msgid "Translated Srv" +msgstr "Übersetzter Dienst" + +#: src/gui/RuleSetView.cpp:3562 +#, fuzzy +msgid "Gateway" +msgstr "Gateway" + +#: src/gui/RuleSetView.cpp:3568 +#, fuzzy +msgid "Metric" +msgstr "Metrik" + +#: src/gui/SimpleTextEditor.cpp:71 +#, fuzzy +msgid "Choose file" +msgstr "Zu importierende Datei auswählen" + +#: src/gui/SSHPIX.cpp:136 src/gui/SSHUnx.cpp:95 +#, fuzzy +msgid "" +"\n" +"*** Fatal error :" +msgstr "" +"\n" +"***Schwerwiegender Fehler:" + +#: src/gui/SSHPIX.cpp:170 src/gui/SSHUnx.cpp:151 +#, fuzzy +msgid "Logged in" +msgstr "angemeldet" + +#: src/gui/SSHPIX.cpp:171 +#, fuzzy +msgid "Switching to enable mode..." +msgstr "Umschalten zum aktivierten Modus...\n" + +#: src/gui/SSHPIX.cpp:205 src/gui/SSHUnx.cpp:176 +msgid "New RSA key" +msgstr "Neuer RSA Key" + +#: src/gui/SSHPIX.cpp:206 src/gui/SSHUnx.cpp:177 +msgid "Yes" +msgstr "Ja" + +#: src/gui/SSHPIX.cpp:206 src/gui/SSHUnx.cpp:177 +msgid "No" +msgstr "Nein" + +#: src/gui/SSHPIX.cpp:252 +msgid "In enable mode." +msgstr "Aktivirter Modus eingeschaltet." + +#: src/gui/SSHPIX.cpp:387 src/gui/SSHPIX.cpp:783 +msgid "Pushing firewall configuration" +msgstr "Die Firewll Konfiguration wird übertragen" + +#: src/gui/SSHPIX.cpp:424 +#, qt-format +msgid "Rule %1" +msgstr "Regel %1" + +#: src/gui/SSHPIX.cpp:450 +#, fuzzy +msgid "End" +msgstr "Ende" + +#: src/gui/SSHPIX.cpp:532 +msgid "Making backup copy of the firewall configuration" +msgstr "Erstelle Backup der Firewall-Konfiguration" + +#: src/gui/SSHPIX.cpp:596 +msgid "*** Clearing unused access lists" +msgstr "*** Löschen der unbenutzten Access-Listen" + +#: src/gui/SSHPIX.cpp:661 +msgid "*** Clearing unused object groups" +msgstr "*** Löschen der unbenutzten Objekt-Gruppen" + +#: src/gui/SSHPIX.cpp:681 +msgid "*** End " +msgstr "*** Ende " + +#: src/gui/SSHPIX.cpp:692 +msgid "Reading current firewall configuration" +msgstr "Lese aktuelle Firewall-Konfiguration" + +#: src/gui/SSHPIX.cpp:717 +msgid "Generating configuration diff" +msgstr "Erstelle die Differenz der Konfigurationen" + +#: src/gui/SSHPIX.cpp:732 +#, qt-format +msgid "Fork failed for %1" +msgstr "Fork nicht möglich für %1" + +#: src/gui/SSHPIX.cpp:738 +msgid "Not enough memory." +msgstr "Nicht genügend Speicher" + +#: src/gui/SSHPIX.cpp:743 +msgid "Too many opened file descriptors in the system." +msgstr "Zu viele Dateideskriptoren im System geöffnet." + +#: src/gui/SSHPIX.cpp:769 +msgid "Empty configuration diff" +msgstr "Leere Differenz der Konfigurationen" + +#: src/gui/SSHSession.cpp:90 +#, fuzzy, qt-format +msgid "" +"You are connecting to the firewall '%1' for the first time. It has " +"provided you its identification in a form of its host public key. The " +"fingerprint of the host public key is: \"%2\" You can save the host key to " +"the local database by pressing YES, or you can cancel connection by pressing " +"NO. You should press YES only if you are sure you are really connected to " +"the firewall '%3'." +msgstr "" +"Sie verbinden sich zum ersten Mal mit der Firewall <b>'%1'</b>. " +"Sie hat ihre Identifikation in Form ihres öffentlkichen Host-Schlüssels " +"übermittelt. Der Fingerabdruck des Schlüsels ist: \"%2\". Sie können den " +"Host-Schlüssel mit 'Ja' in die lokale Datenbasis übernehmen oder die " +"Verbindung durch 'Nein' wieder abbrechen. Sie sollten nur dann 'ja' " +"eingeben, wenn Sie sicher sind, dass Sie mit der Firewall <b>'%3'</" +"b> verbunden sind." + +#: src/gui/SSHSession.cpp:180 +msgid "Failed to start ssh" +msgstr "Starten von SSH fehlgeschlagen" + +#: src/gui/SSHSession.cpp:498 +msgid "ERROR" +msgstr "FEHLER" + +#: src/gui/SSHSession.cpp:498 src/gui/.ui/filepropdialog_q.cpp:126 +#: src/gui/.ui/instoptionsdialog_q.cpp:285 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1825 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:309 +#: src/gui/.ui/simpleinteditor_q.cpp:91 src/gui/.ui/simpletexteditor_q.cpp:95 +msgid "OK" +msgstr "OK" + +#: src/gui/SSHSession.cpp:500 +#, qt-format +msgid "SSH session terminated, exit status: %1" +msgstr "SSH-Sitzung beendnet, Status: %1" + +#: src/gui/SSHUnx.cpp:236 +msgid "Done" +msgstr "Fertig" + +#: src/gui/SSHUnx.cpp:248 +msgid "Error in SSH" +msgstr "SSH-Fehler" + +#: src/gui/StartWizard.cpp:106 +#, qt-format +msgid "File %1 is read-only, you can not save changes to it." +msgstr "" +"Die Datei %1 ist schreibgeschützt, Sie können keine Änderungen darin " +"speichern" + +#: src/gui/StartWizard.cpp:171 +#, qt-format +msgid "" +"Error opening file:\n" +"%1" +msgstr "" +"Fehler beim Öffnen von :\n" +"%1" + +#: src/gui/TCPServiceDialog.cpp:176 src/gui/UDPServiceDialog.cpp:118 +msgid "Invalid range defined for the source port." +msgstr "" + +#: src/gui/TCPServiceDialog.cpp:184 src/gui/UDPServiceDialog.cpp:126 +msgid "Invalid range defined for the destination port." +msgstr "" + +#: src/gui/TimeDialog.cpp:68 src/gui/TimeDialog.cpp:69 +#: src/gui/.ui/timedialog_q.cpp:256 src/gui/.ui/timedialog_q.cpp:259 +#, fuzzy +msgid "(M/D/Y)" +msgstr "Datum (M/T/J/:" + +#: src/gui/TimeDialog.cpp:73 src/gui/TimeDialog.cpp:74 +#, fuzzy +msgid "(D/M/Y)" +msgstr "Datum (T/M/J):" + +#: src/gui/TimeDialog.cpp:78 src/gui/TimeDialog.cpp:79 +#, fuzzy +msgid "(Y/M/D)" +msgstr "Datum (J/M/T):" + +#: src/gui/TimeDialog.cpp:83 src/gui/TimeDialog.cpp:84 +#, fuzzy +msgid "(Y/D/M)" +msgstr "Datum (J/T/M):" + +#: src/gui/.ui/aboutdialog_q.cpp:136 src/gui/.ui/aboutdialog_q.cpp:137 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:109 +#: src/gui/.ui/FWBMainWindow_q.cpp:439 +msgid "Firewall Builder" +msgstr "Firewall Builder" + +#: src/gui/.ui/aboutdialog_q.cpp:138 +msgid "Using libfwbuilder API v" +msgstr "benutzt libfwbuilder API v" + +#: src/gui/.ui/aboutdialog_q.cpp:139 +msgid "Revision: " +msgstr "Revision: " + +#: src/gui/.ui/aboutdialog_q.cpp:140 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:187 +#: src/gui/.ui/ipfadvanceddialog_q.cpp:547 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:351 +#: src/gui/.ui/iptadvanceddialog_q.cpp:599 +#: src/gui/.ui/linksysadvanceddialog_q.cpp:196 +#: src/gui/.ui/linux24advanceddialog_q.cpp:366 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:165 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:173 +#: src/gui/.ui/pagesetupdialog_q.cpp:108 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1000 src/gui/.ui/prefsdialog_q.cpp:364 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:183 +#, fuzzy +msgid "&OK" +msgstr "OK" + +#: src/gui/.ui/aboutdialog_q.cpp:142 +#, fuzzy +msgid "Copyright 2002-2006 NetCitadel, LLC" +msgstr "Copyright 2002-2006 NetCitadel, LLC" + +#: src/gui/.ui/aboutdialog_q.cpp:143 +#, fuzzy +msgid "" +"

    http://www." +"fwbuilder.org

    " +msgstr "" +"<p align=\"center\"><a href=\"http://www.fwbuilder.org/\">http://" +"www./fwbuilder.org</a></p>" + +#: src/gui/.ui/actionsdialog_q.cpp:451 +msgid "Actions Dialog" +msgstr "Aktions-Dialog" + +#: src/gui/.ui/actionsdialog_q.cpp:452 +msgid "fw/rule num/action" +msgstr "fw/rule num/action" + +#: src/gui/.ui/actionsdialog_q.cpp:453 +msgid "Tag string:" +msgstr "Tag-String:" + +#: src/gui/.ui/actionsdialog_q.cpp:454 +msgid "" +"If rule action is 'Reject', this option defines firewall's reaction to the " +"packet matching the rule" +msgstr "" +"Wenn die eingestellte Reaktion 'Zurückweisen (reject)' ist, definiert diese " +"Option die Reaktion der Firewall auf Pakete, die zu dieser Regel passen" + +#: src/gui/.ui/actionsdialog_q.cpp:455 +msgid "This action has no parameters." +msgstr "Diese Aktion hat keine Parameter." + +#: src/gui/.ui/actionsdialog_q.cpp:456 +msgid "Tag value:" +msgstr "Tag-Wert:" + +#: src/gui/.ui/actionsdialog_q.cpp:457 +msgid "Mark connections created by packets that match this rule" +msgstr "" +"Markiere Verbindungen, die mit Pakten passend zu dieser Regel aufgebaut " +"werden" + +#: src/gui/.ui/actionsdialog_q.cpp:458 +msgid "Requires CONNMARK target" +msgstr "Als Ziel wird CONMMARK benötigt" + +#: src/gui/.ui/actionsdialog_q.cpp:459 +msgid "" +"Note: this action translates into MARK target for iptables. Normally this " +"target is non-terminating, that is, other rules with Classify or Tag actions " +"belog this one will process the same packet. However, Firewall Builder can " +"emulate terminating behavior for this action. Option in the \"compiler\" tab " +"of the firewall object properties dialog activates emulation." +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:460 +msgid "Emulation is currently ON, the rule will be terminating" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:461 +msgid "" +"Rule name for accounting. (white spaces and special characters are not " +"allowed)" +msgstr "" +"Regelname für Accounting. (Leerzeichen und Sonderzeichen sind nicht erlaubt)" + +#: src/gui/.ui/actionsdialog_q.cpp:462 +msgid "Packet classification can be implemented in different ways:" +msgstr "Paket-Klassifikation kann unterschiedlich implementiert werden:" + +#: src/gui/.ui/actionsdialog_q.cpp:464 +msgid "use dummynet(4) 'pipe'" +msgstr "Verwenden von dummynet(4) 'pipe'" + +#: src/gui/.ui/actionsdialog_q.cpp:465 +msgid "use dummynet(4) 'queue'" +msgstr "Verwenden von dummynet(4) 'queue'" + +#: src/gui/.ui/actionsdialog_q.cpp:466 +msgid "Pipe or queue number:" +msgstr "Nummer der Pipe oder der Queue:" + +#: src/gui/.ui/actionsdialog_q.cpp:467 +#, fuzzy +msgid "Custom string:" +msgstr "benutzerdefinierter Text" + +#: src/gui/.ui/actionsdialog_q.cpp:468 +msgid "Classify string:" +msgstr "Klassifikations-Text:" + +#: src/gui/.ui/actionsdialog_q.cpp:469 +msgid "" +"Note: CLASSIFY target in iptables is non-terminating, that is other rules " +"with Classify or Mark target below this will process the same packet. " +"However, Firewall Builder can emulate terminating behavior for this action. " +"Emulation is activated by an option in the \"compiler\" tab of the firewall " +"object properties dialog." +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:471 +#, fuzzy +msgid "Divert socket port number:" +msgstr "Umleitung Socket-Port-Nummer:" + +#: src/gui/.ui/actionsdialog_q.cpp:472 +msgid "User-defined chain name:" +msgstr "Benutzerdefinierter Name für Chain:" + +#: src/gui/.ui/actionsdialog_q.cpp:473 +msgid "" +"In addition to 'filter', create branching rule in 'mangle' table as well" +msgstr "" +"Zusätzlich zum Eintrag in der 'filter'-Tabelle, wird auch eine Sprungregel " +"in der 'mangle'-Tabelle erzeugt" + +#: src/gui/.ui/actionsdialog_q.cpp:474 +#, fuzzy +msgid "Anchor name:" +msgstr "Name des Ankers:" + +#: src/gui/.ui/actionsdialog_q.cpp:479 src/gui/.ui/actionsdialog_q.cpp:486 +#, fuzzy +msgid "interface" +msgstr "Interface" + +#: src/gui/.ui/actionsdialog_q.cpp:480 src/gui/.ui/actionsdialog_q.cpp:487 +msgid "next hop" +msgstr "nächster Knoten" + +#: src/gui/.ui/actionsdialog_q.cpp:481 +msgid "Fastroute" +msgstr "Fastroute" + +#: src/gui/.ui/actionsdialog_q.cpp:488 +#, fuzzy +msgid "Change inbound interface to" +msgstr "Eingangsinterface ändern in" + +#: src/gui/.ui/actionsdialog_q.cpp:489 +msgid "Route through gateway" +msgstr "Route über Gateway" + +#: src/gui/.ui/actionsdialog_q.cpp:490 +#, fuzzy +msgid "Change outbound interface to" +msgstr "Ausgangsinterface ändern in" + +#: src/gui/.ui/actionsdialog_q.cpp:491 +#, fuzzy +msgid "Continue packet inspection" +msgstr "Paketinspektion fortsetzen" + +#: src/gui/.ui/actionsdialog_q.cpp:492 +msgid "Make a copy" +msgstr "Kopie erstellen" + +#: src/gui/.ui/addressrangedialog_q.cpp:162 +#: src/gui/.ui/addressrangedialog_q.cpp:163 +msgid "Address Range" +msgstr "Adressen-Bereich" + +#: src/gui/.ui/addressrangedialog_q.cpp:164 +#: src/gui/.ui/addresstabledialog_q.cpp:198 +#: src/gui/.ui/customservicedialog_q.cpp:179 +#: src/gui/.ui/dnsnamedialog_q.cpp:173 src/gui/.ui/firewalldialog_q.cpp:215 +#: src/gui/.ui/groupobjectdialog_q.cpp:188 src/gui/.ui/hostdialog_q.cpp:149 +#: src/gui/.ui/icmpservicedialog_q.cpp:169 +#: src/gui/.ui/interfacedialog_q.cpp:233 src/gui/.ui/ipservicedialog_q.cpp:210 +#: src/gui/.ui/ipv4dialog_q.cpp:171 src/gui/.ui/librarydialog_q.cpp:141 +#: src/gui/.ui/networkdialog_q.cpp:165 src/gui/.ui/physaddressdialog_q.cpp:154 +#: src/gui/.ui/tagservicedialog_q.cpp:149 +#: src/gui/.ui/tcpservicedialog_q.cpp:372 src/gui/.ui/timedialog_q.cpp:271 +#: src/gui/.ui/udpservicedialog_q.cpp:223 +msgid "Comment:" +msgstr "Kommentar:" + +#: src/gui/.ui/addressrangedialog_q.cpp:165 +msgid "Range End:" +msgstr "Bereichsende:" + +#: src/gui/.ui/addressrangedialog_q.cpp:166 +msgid "Range Start:" +msgstr "Bereichsanfang:" + +#: src/gui/.ui/addressrangedialog_q.cpp:167 +#: src/gui/.ui/addresstabledialog_q.cpp:200 +#: src/gui/.ui/customservicedialog_q.cpp:180 +#: src/gui/.ui/dnsnamedialog_q.cpp:178 src/gui/.ui/firewalldialog_q.cpp:216 +#: src/gui/.ui/groupobjectdialog_q.cpp:193 src/gui/.ui/hostdialog_q.cpp:147 +#: src/gui/.ui/icmpservicedialog_q.cpp:170 +#: src/gui/.ui/interfacedialog_q.cpp:234 src/gui/.ui/ipservicedialog_q.cpp:219 +#: src/gui/.ui/ipv4dialog_q.cpp:172 src/gui/.ui/librarydialog_q.cpp:139 +#: src/gui/.ui/networkdialog_q.cpp:166 src/gui/.ui/newfirewalldialog_q.cpp:516 +#: src/gui/.ui/newhostdialog_q.cpp:392 src/gui/.ui/physaddressdialog_q.cpp:151 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:820 +#: src/gui/.ui/tagservicedialog_q.cpp:151 +#: src/gui/.ui/tcpservicedialog_q.cpp:398 src/gui/.ui/timedialog_q.cpp:272 +#: src/gui/.ui/udpservicedialog_q.cpp:231 +msgid "Name:" +msgstr "Name:" + +#: src/gui/.ui/addressrangedialog_q.cpp:168 +#: src/gui/.ui/addresstabledialog_q.cpp:199 +#: src/gui/.ui/customservicedialog_q.cpp:181 +#: src/gui/.ui/dnsnamedialog_q.cpp:177 src/gui/.ui/firewalldialog_q.cpp:217 +#: src/gui/.ui/groupobjectdialog_q.cpp:192 src/gui/.ui/hostdialog_q.cpp:148 +#: src/gui/.ui/icmpservicedialog_q.cpp:171 +#: src/gui/.ui/interfacedialog_q.cpp:236 src/gui/.ui/ipservicedialog_q.cpp:218 +#: src/gui/.ui/ipv4dialog_q.cpp:173 src/gui/.ui/networkdialog_q.cpp:167 +#: src/gui/.ui/newgroupdialog_q.cpp:98 src/gui/.ui/physaddressdialog_q.cpp:152 +#: src/gui/.ui/tagservicedialog_q.cpp:150 +#: src/gui/.ui/tcpservicedialog_q.cpp:399 src/gui/.ui/timedialog_q.cpp:273 +#: src/gui/.ui/udpservicedialog_q.cpp:230 +msgid "Library:" +msgstr "Bibliothek:" + +#: src/gui/.ui/addresstabledialog_q.cpp:196 +#: src/gui/.ui/addresstabledialog_q.cpp:197 +#, fuzzy +msgid "Address Table" +msgstr "Adressen-Tabelle" + +#: src/gui/.ui/addresstabledialog_q.cpp:202 +#: src/gui/.ui/dnsnamedialog_q.cpp:175 +#, fuzzy +msgid "Compile Time" +msgstr "Übersetzungszeit" + +#: src/gui/.ui/addresstabledialog_q.cpp:203 +#: src/gui/.ui/dnsnamedialog_q.cpp:176 +#, fuzzy +msgid "Run Time" +msgstr "Laufzeit" + +#: src/gui/.ui/addresstabledialog_q.cpp:204 +#, fuzzy +msgid "File name:" +msgstr "Dateiname:" + +#: src/gui/.ui/addresstabledialog_q.cpp:205 +#: src/gui/.ui/addresstabledialog_q.cpp:206 +#, fuzzy +msgid "Browse" +msgstr "Blättern" + +#: src/gui/.ui/addresstabledialog_q.cpp:207 +#, fuzzy +msgid "Preview" +msgstr "Vorschau" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:87 +msgid "Enter New Position For The Rule" +msgstr "Neue Position für die Regel eingeben" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:88 +msgid "Enter new position for selected rules:" +msgstr "Neue Position für die markierten Regeln eingeben:" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:89 +#, fuzzy +msgid "&Move" +msgstr "&Verschieben" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:90 +msgid "Alt+M" +msgstr "Alt+M" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:92 src/gui/.ui/debugdialog_q.cpp:76 +#: src/gui/.ui/execdialog_q.cpp:96 src/gui/.ui/pagesetupdialog_q.cpp:111 +msgid "Alt+C" +msgstr "Alt+C" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:108 src/gui/.ui/prefsdialog_q.cpp:401 +msgid "Orange" +msgstr "orange" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:110 src/gui/.ui/prefsdialog_q.cpp:408 +msgid "Green" +msgstr "grün" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:112 src/gui/.ui/prefsdialog_q.cpp:406 +msgid "Purple" +msgstr "violett" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:114 src/gui/.ui/prefsdialog_q.cpp:398 +msgid "Blue" +msgstr "blau" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:116 src/gui/.ui/prefsdialog_q.cpp:399 +msgid "Yellow" +msgstr "gelb" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:118 src/gui/.ui/prefsdialog_q.cpp:409 +msgid "Gray" +msgstr "grau" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:120 src/gui/.ui/prefsdialog_q.cpp:397 +msgid "Red" +msgstr "rot" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:122 +msgid "No color" +msgstr "farblos" + +#: src/gui/.ui/commenteditorpanel_q.cpp:95 +#, fuzzy +msgid "Comment Editor Panel" +msgstr "Kommentare editieren" + +#: src/gui/.ui/commenteditorpanel_q.cpp:96 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:155 +#: src/gui/.ui/routingruleoptionsdialog_q.cpp:119 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:784 +msgid "fw/rule num" +msgstr "fw/rule num" + +#: src/gui/.ui/commenteditorpanel_q.cpp:98 +#: src/gui/.ui/simpletexteditor_q.cpp:97 +msgid "Import from file ..." +msgstr "Import aus Datei..." + +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:67 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:114 +#, fuzzy +msgid "Parent" +msgstr "Eltern" + +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:68 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:115 +#: src/gui/.ui/findwhereusedwidget_q.cpp:63 +#: src/gui/.ui/findwhereusedwidget_q.cpp:120 +#, fuzzy +msgid "Details" +msgstr "Details" + +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:112 +msgid "" +"Groups and firewall policy rules shown in the list below reference objects " +"you are about to delete. If you delete objects, they will be removed from " +"these groups and rules." +msgstr "" +"Gruppen und Firewall-Policy-Regeln in der Liste unten beziehen sich auf " +"Objekte, die gerade gelöscht werden sollen. Wenn die Objekte gelöschte " +"werden, werden sie aus all den Regeln und Gruppen entfernt." + +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:116 +msgid "" +"Deleted objects are moved to the \"Deleted objects\" library. You can " +"recover them later by moving back to the user's library. However if you " +"delete an object already located in the \"Deleted objects\" library, it is " +"destroyed and can not be restored." +msgstr "" +"Gelöschte Objekte werden in die Bibliothek \"Gelöschte Objekte\" übertragen. " +"Man kann sie später von dort durch zurückkopieren in die aktuelle Benutzer-" +"Bibliothek wieder zugänglich machen- Werden allerdings Objekte aus der " +"Bibliothek \"Gelöschte Objekte\" selbst gelöscht, so werden sie endgültig " +"zerstört und können nicht mehr wiederhergestellt werden." + +#: src/gui/.ui/customservicedialog_q.cpp:182 +msgid "" +"Custom service object has separate code string for each supported firewall " +"platform." +msgstr "" +"Benutzerdefiniertes Dienst-Objekt hat für jede unterstütze Firewall-" +"Plattform einen anderen Code." + +#: src/gui/.ui/customservicedialog_q.cpp:183 +#: src/gui/.ui/discoverydruid_q.cpp:940 src/gui/.ui/firewalldialog_q.cpp:218 +msgid "Platform:" +msgstr "Plattform:" + +#: src/gui/.ui/customservicedialog_q.cpp:184 +#: src/gui/.ui/tagservicedialog_q.cpp:152 +msgid "Code:" +msgstr "Code:" + +#: src/gui/.ui/debugdialog_q.cpp:74 +msgid "Debugging Info" +msgstr "Debugging Information" + +#: src/gui/.ui/debugdialog_q.cpp:75 src/gui/.ui/execdialog_q.cpp:95 +#: src/gui/.ui/FWBMainWindow_q.cpp:498 +#, fuzzy +msgid "&Close" +msgstr "Schließen" + +#: src/gui/.ui/discoverydruid_q.cpp:750 src/gui/.ui/discoverydruid_q.cpp:1025 +#, fuzzy +msgid "Interfaces" +msgstr "Interfaces" + +#: src/gui/.ui/discoverydruid_q.cpp:752 src/gui/.ui/discoverydruid_q.cpp:1026 +#: src/gui/.ui/filterdialog_q.cpp:91 src/gui/.ui/filterdialog_q.cpp:164 +#, fuzzy +msgid "Type" +msgstr "Typ" + +#: src/gui/.ui/discoverydruid_q.cpp:921 src/gui/.ui/FWBMainWindow_q.cpp:565 +#: src/gui/.ui/FWBMainWindow_q.cpp:566 +msgid "Discovery Druid" +msgstr "Automat zur Netzerkennung" + +#: src/gui/.ui/discoverydruid_q.cpp:922 +msgid "" +"Choose discovery method used to collect information about network objects " +"from the list below and click 'Next' to continue." +msgstr "" +"Bitte aus der Liste unten die Methode auswählen, mit der Informationen über " +"Objekte im Netz gesammelt werden sollen und dann 'Next' anklicken." + +#: src/gui/.ui/discoverydruid_q.cpp:923 +msgid "Discovery method:" +msgstr "Methode zur Netzwerkerkundung:" + +#: src/gui/.ui/discoverydruid_q.cpp:924 +msgid "Read file in hosts format" +msgstr "Datei im 'hosts'-Format lesen" + +#: src/gui/.ui/discoverydruid_q.cpp:925 src/gui/.ui/discoverydruid_q.cpp:948 +msgid "Import DNS zone" +msgstr "DNS-Zone importieren" + +#: src/gui/.ui/discoverydruid_q.cpp:926 +msgid "Perform network discovery using SNMP" +msgstr "Netzwerk mit SNMP durchsuchen" + +#: src/gui/.ui/discoverydruid_q.cpp:927 src/gui/.ui/discoverydruid_q.cpp:942 +#, fuzzy +msgid "Import configuration of a firewall or a router" +msgstr "Speichere die Konfigurations-Differenz in einer Datei" + +#: src/gui/.ui/discoverydruid_q.cpp:928 +msgid "Discovery Method" +msgstr "Methode zur Netzwerkerkundung" + +#: src/gui/.ui/discoverydruid_q.cpp:929 +msgid "Enter full path and file name below or click \"Browse\" to find it:" +msgstr "" +"Vollständigen Pfad und Dateiname unten eingeben oder \"Browse\" zum " +"Durchsuchen wählen:" + +#: src/gui/.ui/discoverydruid_q.cpp:930 +msgid "File in hosts format" +msgstr "Datei im 'hosts'-Format" + +#: src/gui/.ui/discoverydruid_q.cpp:931 +#, fuzzy +msgid "Browse ..." +msgstr "Blättern..." + +#: src/gui/.ui/discoverydruid_q.cpp:932 +msgid "Reading file in hosts format" +msgstr "Lesen einer Datei im 'hosts'-Format" + +#: src/gui/.ui/discoverydruid_q.cpp:933 +msgid "" +"All objects created during import will be placed in the library currently " +"opened in the tree." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:934 +msgid "" +"Policy import tries to parse given configuration file and preserve its logic " +"as close as possible. However, very often target firewall configuration " +"allows for more commands, options and their combinations than importer can " +"understand. Rules that importer could not parse exactly are colored red in " +"the rule sets it creates. Always inspect firewall policy created by the " +"importer and compare it with the original. Manual changes and corrections " +"may be required. Comments in the rules that could not be parsed show " +"fragments of the original configuration parser did not understand." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:935 +#, fuzzy +msgid "Import from file: " +msgstr "Import aus Datei..." + +#: src/gui/.ui/discoverydruid_q.cpp:936 src/gui/.ui/prefsdialog_q.cpp:380 +#: src/gui/.ui/prefsdialog_q.cpp:385 +msgid "Browse..." +msgstr "Blättern..." + +#: src/gui/.ui/discoverydruid_q.cpp:938 +msgid "Cisco IOS" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:939 +#, fuzzy +msgid "iptables" +msgstr "iptables:" + +#: src/gui/.ui/discoverydruid_q.cpp:941 +#: src/gui/.ui/printingprogressdialog_q.cpp:75 +#, fuzzy +msgid "textLabel1" +msgstr "textLabel1" + +#: src/gui/.ui/discoverydruid_q.cpp:943 +msgid "" +"This discovery method creates objects for all 'A' records found in DNS " +"domain. You will later have a chance to accept only those objects you wish " +"and ignore others.\n" +"Please enter the domain name below:" +msgstr "" +"Diese Suchmethode erzeugt Objekte für alle 'A'-Datensätze, die sich im DNS " +"finden lassen. Später kann man dann die Objekte auswählen, die man behalten " +"will und die restlichen ignorieren.\n" +"Bitte unten den Domän-Namen eingeben:" + +#: src/gui/.ui/discoverydruid_q.cpp:945 +#, fuzzy +msgid "Domain name" +msgstr "Domän-Name" + +#: src/gui/.ui/discoverydruid_q.cpp:946 +#, fuzzy +msgid "" +"Objects created using this method may have long or short names. long name " +"consists of the host name and full domain name (this is called Fully " +"Qualified Domain Name). Short name consists of only host name. Check in " +"the box below if you wish to use long name, then click next to continue:" +msgstr "" +"Objekte, die mit dieser Methode erzeugt werden, können entweder kurze oder " +"lange Namen erhalten. Lange Namen bestehen aus dem Host-Namen und der " +"vollständigen Domäne (<i>Fully Qualified Domain Name</i>). Kurze " +"Namen enthalten nur den Host-Namen. Bitte das gewünschte Kästchen unten " +"ankreuzen und dann 'next' anklicken." + +#: src/gui/.ui/discoverydruid_q.cpp:947 +#, fuzzy +msgid "Use long names" +msgstr "Lange Namen benutzen" + +#: src/gui/.ui/discoverydruid_q.cpp:949 +msgid "" +"DNS zone information has to be transferred from the name server " +"authoritative for the domain. Pick the name server:" +msgstr "" +"DNS Zonendaten müssen von einem für diese Domäne authorativen DNS-SErver " +"bezogen werden. Bitte den Server auswählen:" + +#: src/gui/.ui/discoverydruid_q.cpp:950 src/gui/.ui/discoverydruid_q.cpp:957 +#, fuzzy +msgid "Name server" +msgstr "Name-Server" + +#: src/gui/.ui/discoverydruid_q.cpp:951 +msgid "choose name server from the list below" +msgstr "Name-Server aus der Liste unten auswählen" + +#: src/gui/.ui/discoverydruid_q.cpp:952 +msgid "server name or its IP address here if you wish to use different one:" +msgstr "" +"Server-Name oder IP-Adresse angeben, wenn ein anderer Server verwendet " +"werden soll:" + +#: src/gui/.ui/discoverydruid_q.cpp:954 +#, fuzzy +msgid "DNS Query options" +msgstr "Optionen für DNS-Abfrage" + +#: src/gui/.ui/discoverydruid_q.cpp:955 +#, fuzzy +msgid "Timeout (sec)" +msgstr "Timeout (Sek.)" + +#: src/gui/.ui/discoverydruid_q.cpp:956 +#, fuzzy +msgid "Retries" +msgstr "Wiederholungen" + +#: src/gui/.ui/discoverydruid_q.cpp:958 +msgid "" +"This discovery method scans networks looking for hosts or gateways " +"responding to SNMP queries. It pulls host's ARP table and uses all the " +"entries found in it to create objects. Scan starts from the host called " +"\"seed\". Enter \"seed\" host name or address below:" +msgstr "" +"Diese Netzwerkerkundung durchsucht Netzwerke auf Knoten, die auf SNMP-" +"Anfragen antworten. Sie liest dann die ARP-Tabelle und benutzt deren " +"Einträge um Objekte anzulegen. Die Suche startet bei dem unten benannten " +"Anfangsknoten:" + +#: src/gui/.ui/discoverydruid_q.cpp:959 +msgid "'Seed' host" +msgstr "Anfangsknoten" + +#: src/gui/.ui/discoverydruid_q.cpp:961 +#, fuzzy +msgid "Enter a valid host name or address." +msgstr "Bitte einen zulässigen Rechnernamen oder eine IP-Adresse eingeben." + +#: src/gui/.ui/discoverydruid_q.cpp:962 +msgid "" +"The scanner process can be confined to a certain network, so it won't " +"discover hosts on adjacent networks. If you leave these fields blank, " +"scanner will visit all networks it can find:" +msgstr "" +"Die Netzwerksuche kann auf ein bestimmtes Teilnetz beschränkt werde, so dass " +"keine Knoten in benachbarten Netzen erkannt werden. Wenn diese Felder leer " +"gelassen werden, wird der Scanner alle Netzwerke durchsuchen, die er " +"erreichen kann." + +#: src/gui/.ui/discoverydruid_q.cpp:963 +msgid "Confine scan to this network:" +msgstr "Suche auf dieses Netz beschränken:" + +#: src/gui/.ui/discoverydruid_q.cpp:964 src/gui/.ui/ipv4dialog_q.cpp:175 +#: src/gui/.ui/networkdialog_q.cpp:168 src/gui/.ui/newfirewalldialog_q.cpp:518 +#: src/gui/.ui/newhostdialog_q.cpp:406 +msgid "Netmask:" +msgstr "Netzmaske:" + +#: src/gui/.ui/discoverydruid_q.cpp:965 src/gui/.ui/ipv4dialog_q.cpp:174 +#: src/gui/.ui/networkdialog_q.cpp:169 src/gui/.ui/newfirewalldialog_q.cpp:517 +#: src/gui/.ui/newhostdialog_q.cpp:394 +msgid "Address:" +msgstr "Adresse:" + +#: src/gui/.ui/discoverydruid_q.cpp:967 +#, fuzzy +msgid "Network discovery using SNMP" +msgstr "Netzwerk mit Hilfe von SNMP erkunden" + +#: src/gui/.ui/discoverydruid_q.cpp:968 +msgid "" +"The scanner process can repeat its algorithm recursively using each new host " +"it finds as a new \"seed\". This allows it to find as many objects on your " +"network as possible. On the other hand, it takes more time and may find some " +"objects you do not really need. You can turn recursive scanning on below:" +msgstr "" +"Die Netzwerkerkundung kann den Suchalgorithmus rekursiv auf jeden neu " +"entdeckten Knoten anwenden. Damit wird es möglich im Netz nahezu alle Knoten " +"zu finden. Andererseits dauert so die Erkundung deutlich länger und es kann " +"auch sein, dass mehr ungewünschte Onjekte gefunden werden. Rekursive Suche " +"unten auswählen:" + +#: src/gui/.ui/discoverydruid_q.cpp:969 +msgid "Run network scan recursively" +msgstr "Netzwerk rekursiv durchsuchen:" + +#: src/gui/.ui/discoverydruid_q.cpp:970 +msgid "" +"The scanner process can find nodes beyond the boundaries of your network by " +"following point-to-point links connecting it to the Internet or other parts " +"of WAN." +msgstr "" +"Der Suchprozess kann auch Knoten außerhalb der Grenzen des lokalen Netzwerks " +"finden, wenn Punkt-zu-Punkt-Verbindungen zum Internet und zu anderen Teilen " +"des WANs abgesucht werden." + +#: src/gui/.ui/discoverydruid_q.cpp:971 +msgid "Follow point-to-point links" +msgstr "Punkt-zu-Punkt-Verbindungen verfolgen" + +#: src/gui/.ui/discoverydruid_q.cpp:972 +msgid "" +"The scanner process can distinguish virtual IP addresses created on hosts as " +"static \"published\" ARP entries or as secondary addresses on interfaces." +msgstr "" +"Der Suchprozess kann virtuelle IP-Adressen erkennen, die auf Knoten als " +"statische ARP-Einträge \"publiziert\" werden." + +#: src/gui/.ui/discoverydruid_q.cpp:973 +#, fuzzy +msgid "Include virtual addresses" +msgstr "Virtuelle Adressen einschließen" + +#: src/gui/.ui/discoverydruid_q.cpp:974 +msgid "" +"Analysis of ARP table yields IP addresses for hosts on your network. In " +"order to determine their names, scanner can run reverse name lookup queries " +"using your name servers (DNS):" +msgstr "" +"Analyse der ARP-Tabelle ergibt nur IP-Adressen der Knoten im Netzwerk. Um " +"auch die Namen zu finden, kann der Suchprozess Namen mit Hilfe von Reverse-" +"Anfragen im DNS auflösen." + +#: src/gui/.ui/discoverydruid_q.cpp:975 +msgid "Run reverse name lookup DNS queries to determine host names" +msgstr "Reverse-DNS-Abfragen zur Auflösung von Knoten-Namen benutzen" + +#: src/gui/.ui/discoverydruid_q.cpp:976 +#, fuzzy +msgid "Network scan options" +msgstr "Netzwerk-Scan-Optionen:" + +#: src/gui/.ui/discoverydruid_q.cpp:977 +msgid "" +"Enter parameters for SNMP and DNS reverse lookup queries below. (If unsure, " +"just leave default values):" +msgstr "" +"Parameter für SNMP und DNS-reverse-lookup unten eintragen. (Im Zweifelsfall " +"einfach Vorgabewerte verwenden)." + +#: src/gui/.ui/discoverydruid_q.cpp:978 +#, fuzzy +msgid "SNMP query parameters:" +msgstr "SNMP Abfrage Parameter:" + +#: src/gui/.ui/discoverydruid_q.cpp:979 +#: src/gui/.ui/newfirewalldialog_q.cpp:497 src/gui/.ui/newhostdialog_q.cpp:386 +msgid "SNMP 'read' community string:" +msgstr "SNMP 'read' community string:" + +#: src/gui/.ui/discoverydruid_q.cpp:980 src/gui/.ui/discoverydruid_q.cpp:984 +msgid "number of retries:" +msgstr "Anzahl der Versuche:" + +#: src/gui/.ui/discoverydruid_q.cpp:981 +#, fuzzy +msgid "timeout (sec):" +msgstr "Timeout (Sek.):" + +#: src/gui/.ui/discoverydruid_q.cpp:982 +msgid "public" +msgstr "öffentlich" + +#: src/gui/.ui/discoverydruid_q.cpp:983 +#, fuzzy +msgid "DNS parameters:" +msgstr "DNS Parameter:" + +#: src/gui/.ui/discoverydruid_q.cpp:985 +#, fuzzy +msgid "timeout (sec) :" +msgstr "Timeout (Sek.):" + +#: src/gui/.ui/discoverydruid_q.cpp:986 +msgid "Number of threads:" +msgstr "Anzahl paralleler Threads:" + +#: src/gui/.ui/discoverydruid_q.cpp:988 +msgid "SNMP and DNS reverse lookup queries parameters" +msgstr "SNMP und DNS Reverse-Lookup Parameter" + +#: src/gui/.ui/discoverydruid_q.cpp:990 +msgid "Process name" +msgstr "Namen verarbeiten" + +#: src/gui/.ui/discoverydruid_q.cpp:993 +#, fuzzy +msgid "Save scan log to file" +msgstr "Die Log-Daten werden in die Datei gespeichert" + +#: src/gui/.ui/discoverydruid_q.cpp:994 +#, fuzzy +msgid "Process log:" +msgstr "Fortschritt:" + +#: src/gui/.ui/discoverydruid_q.cpp:995 +msgid "Discovery is in progress" +msgstr "Erkundung läuft" + +#: src/gui/.ui/discoverydruid_q.cpp:996 +msgid "" +"These are the networks found by the scanner process. Choose the ones you " +"wish to use from the list below, then click 'Next':" +msgstr "" +"Dies sind die Netzwerke, die xom Suchprozess gefunden wurden. Bitte die " +"gewünschten aus der Liste unten auswählen und dann 'next' anklicken:" + +#: src/gui/.ui/discoverydruid_q.cpp:997 src/gui/.ui/discoverydruid_q.cpp:1003 +#: src/gui/.ui/discoverydruid_q.cpp:1008 src/gui/.ui/discoverydruid_q.cpp:1013 +#: src/gui/.ui/discoverydruid_q.cpp:1019 +msgid "Select All" +msgstr "Alles auswählen" + +#: src/gui/.ui/discoverydruid_q.cpp:998 src/gui/.ui/discoverydruid_q.cpp:1009 +#: src/gui/.ui/discoverydruid_q.cpp:1018 +#, fuzzy +msgid "Filter ..." +msgstr "Filter ..." + +#: src/gui/.ui/discoverydruid_q.cpp:999 src/gui/.ui/discoverydruid_q.cpp:1004 +#: src/gui/.ui/discoverydruid_q.cpp:1010 src/gui/.ui/discoverydruid_q.cpp:1014 +#: src/gui/.ui/discoverydruid_q.cpp:1016 +msgid "Unselect All" +msgstr "Alles deselektieren" + +#: src/gui/.ui/discoverydruid_q.cpp:1000 src/gui/.ui/discoverydruid_q.cpp:1007 +#: src/gui/.ui/discoverydruid_q.cpp:1017 +#, fuzzy +msgid "Remove Filter" +msgstr "Filter entfernen" + +#: src/gui/.ui/discoverydruid_q.cpp:1001 src/gui/.ui/discoverydruid_q.cpp:1011 +#, fuzzy +msgid "->" +msgstr "-" + +#: src/gui/.ui/discoverydruid_q.cpp:1002 src/gui/.ui/discoverydruid_q.cpp:1012 +#, fuzzy +msgid "<-" +msgstr "-" + +#: src/gui/.ui/discoverydruid_q.cpp:1005 +#, fuzzy +msgid "Networks" +msgstr "Netzwerke" + +#: src/gui/.ui/discoverydruid_q.cpp:1006 +msgid "Choose objects you wish to use, then click 'Next':" +msgstr "Objekte, die bearbeitet werden sollen, auswählen und 'Next' anklicken:" + +#: src/gui/.ui/discoverydruid_q.cpp:1020 +#, fuzzy +msgid "Change type of selected objects:" +msgstr "Typ der ausgewählten Objekte anpassen:" + +#: src/gui/.ui/discoverydruid_q.cpp:1027 +msgid "" +"Here you can change type of the objects to be created for each address " +"discovered by the scanner. By default, an \"Address\" object is created for " +"the host with just one interface with single IP address and \"Host\" object " +"is created for the host with multiple interfaces, however you can change " +"their types on this page." +msgstr "" +"Hier kann der Typ der Objekte geändert werden, die für die jeweilige Adresse " +"vom Suchprozess angelegt werden. Normalerweise wird ein Objekt vom Typ " +"\"Adresse\" für Knoten mit nur einem Interface mit einer IP-Adresse angelegt " +"und ein Objekt vom Typ \"Host\" für Knoten mit mehreren Interfaces. Will man " +"das nicht, so kann man dies hier ändern." + +#: src/gui/.ui/discoverydruid_q.cpp:1028 +msgid "Adjust Object types" +msgstr "Objekt-Typen anpassen" + +#: src/gui/.ui/discoverydruid_q.cpp:1029 +msgid "Select target library" +msgstr "Ziel-Bibliothek auswählen" + +#: src/gui/.ui/discoverydruid_q.cpp:1030 +#, fuzzy +msgid "Target library" +msgstr "Ziel-Bibliothek" + +#: src/gui/.ui/discoverydruid_q.cpp:1031 +msgid "Adding new objects to library ..." +msgstr "Neue Objekte in Bibliothek einfügen ..." + +#: src/gui/.ui/discoverydruid_q.cpp:1032 +#, fuzzy +msgid "Creatnig objects" +msgstr "Neue Objekte erstellen" + +#: src/gui/.ui/dnsnamedialog_q.cpp:171 src/gui/.ui/dnsnamedialog_q.cpp:172 +#, fuzzy +msgid "DNS Name" +msgstr "DNS-Name" + +#: src/gui/.ui/dnsnamedialog_q.cpp:179 +msgid "DNS Record:" +msgstr "DNS Datensatz:" + +#: src/gui/.ui/execdialog_q.cpp:92 +msgid "Executing external command" +msgstr "Externes Kommando ausführen" + +#: src/gui/.ui/execdialog_q.cpp:93 src/gui/.ui/instdialog_q.cpp:287 +#, fuzzy +msgid "Save log to file" +msgstr "Die Log-Daten werden in die Datei gespeichert" + +#: src/gui/.ui/filepropdialog_q.cpp:114 +msgid "File Properties" +msgstr "Dateieigenschaften" + +#: src/gui/.ui/filepropdialog_q.cpp:115 +msgid "Location:" +msgstr "Ort:" + +#: src/gui/.ui/filepropdialog_q.cpp:116 +msgid "RO" +msgstr "RO" + +#: src/gui/.ui/filepropdialog_q.cpp:117 +msgid "Revision Control:" +msgstr "Revisions-Kontrolle:" + +#: src/gui/.ui/filepropdialog_q.cpp:118 +msgid "Time of last modification:" +msgstr "Zeitpunkt der letzten Änderung:" + +#: src/gui/.ui/filepropdialog_q.cpp:119 +msgid "Revision:" +msgstr "Revision:" + +#: src/gui/.ui/filepropdialog_q.cpp:120 +msgid "Locked by user:" +msgstr "Gesperrt durch Benutzer:" + +#: src/gui/.ui/filepropdialog_q.cpp:121 +msgid "location" +msgstr "Ort" + +#: src/gui/.ui/filepropdialog_q.cpp:122 +msgid "lastModified" +msgstr "zuletzt geändert" + +#: src/gui/.ui/filepropdialog_q.cpp:123 +msgid "rev" +msgstr "rev" + +#: src/gui/.ui/filepropdialog_q.cpp:124 +msgid "lockedBy" +msgstr "gesperrt durch" + +#: src/gui/.ui/filepropdialog_q.cpp:125 +msgid "Revision history:" +msgstr "Revisions-Historie:" + +#: src/gui/.ui/filepropdialog_q.cpp:127 src/gui/.ui/FWBMainWindow_q.cpp:458 +msgid "Print" +msgstr "Drucken" + +#: src/gui/.ui/filterdialog_q.cpp:89 src/gui/.ui/filterdialog_q.cpp:163 +msgid "Target" +msgstr "Ziel" + +#: src/gui/.ui/filterdialog_q.cpp:93 src/gui/.ui/filterdialog_q.cpp:165 +#, fuzzy +msgid "Pattern" +msgstr "Muster" + +#: src/gui/.ui/filterdialog_q.cpp:150 +#, fuzzy +msgid "Filter" +msgstr "Filter" + +#: src/gui/.ui/filterdialog_q.cpp:151 src/gui/.ui/FWBMainWindow_q.cpp:452 +#: src/gui/.ui/FWBMainWindow_q.cpp:495 src/gui/.ui/FWBMainWindow_q.cpp:496 +msgid "Save" +msgstr "Speichern" + +#: src/gui/.ui/filterdialog_q.cpp:152 src/gui/.ui/prefsdialog_q.cpp:213 +#: src/gui/.ui/prefsdialog_q.cpp:392 +msgid "Load" +msgstr "Laden" + +#: src/gui/.ui/filterdialog_q.cpp:153 src/gui/.ui/libexport_q.cpp:112 +msgid "Ok" +msgstr "OK" + +#: src/gui/.ui/filterdialog_q.cpp:155 +#, fuzzy +msgid "Match" +msgstr "Treffer" + +#: src/gui/.ui/filterdialog_q.cpp:157 +#, fuzzy +msgid "all" +msgstr "alle" + +#: src/gui/.ui/filterdialog_q.cpp:158 src/gui/.ui/icmpservicedialog_q.cpp:173 +#: src/gui/.ui/icmpservicedialog_q.cpp:175 +msgid "any" +msgstr "beliebige" + +#: src/gui/.ui/filterdialog_q.cpp:159 +msgid "of the following:" +msgstr "aus den folgenden:" + +#: src/gui/.ui/filterdialog_q.cpp:161 +msgid "+" +msgstr "+" + +#: src/gui/.ui/filterdialog_q.cpp:162 +msgid "Add a new pattern" +msgstr "Ein neues Muster hinzufügen" + +#: src/gui/.ui/filterdialog_q.cpp:166 +msgid "Case sensitive" +msgstr "Gross- und Kleinschreibung beachten" + +#: src/gui/.ui/filterdialog_q.cpp:167 +#, fuzzy +msgid "-" +msgstr "-" + +#: src/gui/.ui/filterdialog_q.cpp:168 +msgid "Remove a pattern" +msgstr "Ein Muster entfernen" + +#: src/gui/.ui/finddialog_q.cpp:127 src/gui/.ui/FWBMainWindow_q.cpp:513 +msgid "Find Object" +msgstr "Finde Objekt" + +#: src/gui/.ui/finddialog_q.cpp:128 +msgid "Text to be found in object names:" +msgstr "Text, der im Objekt-Namen gefunden werden soll:" + +#: src/gui/.ui/finddialog_q.cpp:129 +msgid "Search in policy rules" +msgstr "Suche in den Policy-Regeln" + +#: src/gui/.ui/finddialog_q.cpp:130 +msgid "Search in the tree" +msgstr "Suche im Baum" + +#: src/gui/.ui/finddialog_q.cpp:132 +msgid "Matching attribute:" +msgstr "Passendes Attrribut:" + +#: src/gui/.ui/finddialog_q.cpp:135 src/gui/.ui/findobjectwidget_q.cpp:205 +msgid "TCP/UDP port" +msgstr "TCP/UDP-Port" + +#: src/gui/.ui/finddialog_q.cpp:136 src/gui/.ui/findobjectwidget_q.cpp:206 +#, fuzzy +msgid "Protocol number" +msgstr "Protokoll-Nummer:" + +#: src/gui/.ui/finddialog_q.cpp:137 src/gui/.ui/findobjectwidget_q.cpp:207 +#, fuzzy +msgid "ICMP type" +msgstr "ICMP-Typ:" + +#: src/gui/.ui/finddialog_q.cpp:138 src/gui/.ui/findobjectwidget_q.cpp:208 +msgid "Search for substring using regular expressions" +msgstr "Nach Teiltext mit regulärem Ausdruck suchen" + +#: src/gui/.ui/findobjectwidget_q.cpp:187 +#: src/gui/.ui/findwhereusedwidget_q.cpp:116 +#: src/gui/.ui/fwobjectdroparea_q.cpp:49 +#: src/gui/.ui/tagservicedialog_q.cpp:147 +msgid "Form1" +msgstr "Form1" + +#: src/gui/.ui/findobjectwidget_q.cpp:188 +#, fuzzy +msgid " Replace object " +msgstr " Objekt ersetzen " + +#: src/gui/.ui/findobjectwidget_q.cpp:189 +#, fuzzy +msgid "Replace && Find" +msgstr "Ersetzen && Finden" + +#: src/gui/.ui/findobjectwidget_q.cpp:192 +msgid "Replace all" +msgstr "Alle Ersetzen" + +#: src/gui/.ui/findobjectwidget_q.cpp:193 +#, fuzzy +msgid "Replace" +msgstr "Ersetzen" + +#: src/gui/.ui/findobjectwidget_q.cpp:194 +msgid "Scope for search and replace :" +msgstr "Bereich für Suchen und Ersetzen:" + +#: src/gui/.ui/findobjectwidget_q.cpp:196 +#, fuzzy +msgid "Tree only" +msgstr "nur der Baum" + +#: src/gui/.ui/findobjectwidget_q.cpp:197 +msgid "Tree and policy of all firewalls" +msgstr "Baum und Policy aller Firewalls" + +#: src/gui/.ui/findobjectwidget_q.cpp:198 +msgid "Policy of all firewalls" +msgstr "Policy aller Firewalls" + +#: src/gui/.ui/findobjectwidget_q.cpp:199 +msgid "policy of the opened firewall" +msgstr "Policy der geöffneten Firewall" + +#: src/gui/.ui/findobjectwidget_q.cpp:200 +#: src/gui/.ui/findwhereusedwidget_q.cpp:122 +#: src/gui/.ui/FWBMainWindow_q.cpp:446 src/gui/.ui/FWBMainWindow_q.cpp:497 +#: src/gui/.ui/simpletextview_q.cpp:94 +msgid "Close" +msgstr "Schließen" + +#: src/gui/.ui/findobjectwidget_q.cpp:201 +#, fuzzy +msgid " Find object" +msgstr " Finde Objekt" + +#: src/gui/.ui/findwhereusedwidget_q.cpp:62 +#: src/gui/.ui/findwhereusedwidget_q.cpp:119 +#, fuzzy +msgid "Parent Object" +msgstr "Vorgänger Objekt" + +#: src/gui/.ui/findwhereusedwidget_q.cpp:117 +#, fuzzy +msgid "Object:" +msgstr "Objekt:" + +#: src/gui/.ui/findwhereusedwidget_q.cpp:118 +msgid "Object is found in :" +msgstr "Objekt wurde gefunden in: " + +#: src/gui/.ui/firewalldialog_q.cpp:211 +msgid "Host OS Settings ..." +msgstr "Host-Betriebssystem Einstellungen ..." + +#: src/gui/.ui/firewalldialog_q.cpp:212 +#, fuzzy +msgid "Inactive firewall" +msgstr "Inaktive Firewall" + +#: src/gui/.ui/firewalldialog_q.cpp:213 +msgid "Skip this firewall for batch compile and install operations" +msgstr "" +"Diese Firewall bei der Batch-Übersetzung und bei der Installation " +"überspringen" + +#: src/gui/.ui/firewalldialog_q.cpp:214 +msgid "Firewall Settings ..." +msgstr "Firewall Einstellungen ..." + +#: src/gui/.ui/firewalldialog_q.cpp:219 +msgid "Version:" +msgstr "Version:" + +#: src/gui/.ui/firewalldialog_q.cpp:220 +msgid "Host OS:" +msgstr "Host-Betriebssystem:" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:186 +msgid "FreeBSD: advanced settings" +msgstr "FreeBSD: erweiterte Einstellungen" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:191 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:183 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:177 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:211 +msgid "Forward source routed packets" +msgstr "Forward source routed packets (Pakete mit Quell-Routen transportieren)" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:192 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:169 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:197 +msgid "Generate ICMP redirects" +msgstr "ICMP-redirects erzweugen" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:193 +#: src/gui/.ui/linux24advanceddialog_q.cpp:406 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:170 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:187 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:202 +msgid "Packet forwarding" +msgstr "Pakete transportieren" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:207 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:187 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:201 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:215 +msgid "" +"Specify directory path and a file name for the following utilities on the OS " +"your firewall machine is running. Leave these empty if you want to use " +"default values." +msgstr "" +"Bitte geben Sie den Pfad und die Dateinamen für die Hilfsprogramme an, die " +"für das Betriebssystem gelten, das Ihre Firewall benutzt. Sie können die " +"Einträge leer lassen, wenn die Standardwerte benutzt werden sollen." + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:208 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:214 +msgid "ipnat:" +msgstr "ipnat:" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:209 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:186 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:200 +msgid "sysctl:" +msgstr "sysctl:" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:210 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:213 +msgid "ipf:" +msgstr "ipf:" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:211 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:185 +msgid "ipfw:" +msgstr "ipfw:" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:212 +#: src/gui/.ui/linksysadvanceddialog_q.cpp:206 +#: src/gui/.ui/linux24advanceddialog_q.cpp:457 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:188 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:202 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:216 +msgid "Path" +msgstr "Pfad" + +#: src/gui/.ui/FWBMainWindow_q.cpp:441 +msgid "" +"Click here to change amount of information shown about object selected in " +"the tree" +msgstr "" +"Bitte hier anklicken um die Menge der angezeigten Informationen über das im " +"Baum selektierte Objekt zu wählen" + +#: src/gui/.ui/FWBMainWindow_q.cpp:442 +msgid "Firewall Name" +msgstr "Firewwall Name" + +#: src/gui/.ui/FWBMainWindow_q.cpp:443 src/gui/.ui/instdialog_q.cpp:281 +msgid "Firewalls:" +msgstr "Firewalls:" + +#: src/gui/.ui/FWBMainWindow_q.cpp:444 +msgid "Tab 1" +msgstr "Tab 1" + +#: src/gui/.ui/FWBMainWindow_q.cpp:445 +msgid "Apply" +msgstr "Anwenden" + +#: src/gui/.ui/FWBMainWindow_q.cpp:447 +msgid "New Object File" +msgstr "Neue Objektdatei" + +#: src/gui/.ui/FWBMainWindow_q.cpp:448 +#, fuzzy +msgid "&New Object File" +msgstr "Neue Objektdatei" + +#: src/gui/.ui/FWBMainWindow_q.cpp:450 +#, fuzzy +msgid "&Open..." +msgstr "&Öffnen..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:451 +msgid "Ctrl+O" +msgstr "Strg+O" + +#: src/gui/.ui/FWBMainWindow_q.cpp:454 +msgid "Ctrl+S" +msgstr "Strg+S" + +#: src/gui/.ui/FWBMainWindow_q.cpp:455 +msgid "Save As" +msgstr "Speichern unter" + +#: src/gui/.ui/FWBMainWindow_q.cpp:456 +#, fuzzy +msgid "Save &As..." +msgstr "Speichern &unter..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:459 +#, fuzzy +msgid "&Print..." +msgstr "&Drucken..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:460 +msgid "Ctrl+P" +msgstr "Strg+P" + +#: src/gui/.ui/FWBMainWindow_q.cpp:461 +msgid "Exit" +msgstr "Beenden" + +#: src/gui/.ui/FWBMainWindow_q.cpp:462 +#, fuzzy +msgid "E&xit" +msgstr "Beenden" + +#: src/gui/.ui/FWBMainWindow_q.cpp:464 +msgid "Undo" +msgstr "Rückgängig" + +#: src/gui/.ui/FWBMainWindow_q.cpp:465 +#, fuzzy +msgid "&Undo" +msgstr "Rückgängig" + +#: src/gui/.ui/FWBMainWindow_q.cpp:466 +msgid "Ctrl+Z" +msgstr "Strg+Z" + +#: src/gui/.ui/FWBMainWindow_q.cpp:467 +msgid "Redo" +msgstr "Wiederholen" + +#: src/gui/.ui/FWBMainWindow_q.cpp:468 +#, fuzzy +msgid "&Redo" +msgstr "Wiederholen" + +#: src/gui/.ui/FWBMainWindow_q.cpp:469 +msgid "Ctrl+Y" +msgstr "Strg+Y" + +#: src/gui/.ui/FWBMainWindow_q.cpp:471 +#, fuzzy +msgid "&Cut" +msgstr "Ausschneiden" + +#: src/gui/.ui/FWBMainWindow_q.cpp:472 +msgid "Ctrl+X" +msgstr "Strg+X" + +#: src/gui/.ui/FWBMainWindow_q.cpp:474 +#, fuzzy +msgid "C&opy" +msgstr "Kopieren" + +#: src/gui/.ui/FWBMainWindow_q.cpp:475 +msgid "Ctrl+C" +msgstr "Strg+C" + +#: src/gui/.ui/FWBMainWindow_q.cpp:477 +#, fuzzy +msgid "&Paste" +msgstr "Einfügen" + +#: src/gui/.ui/FWBMainWindow_q.cpp:478 +msgid "Ctrl+V" +msgstr "Strg+V" + +#: src/gui/.ui/FWBMainWindow_q.cpp:481 src/gui/.ui/FWBMainWindow_q.cpp:517 +msgid "Ctrl+F" +msgstr "Strg+F" + +#: src/gui/.ui/FWBMainWindow_q.cpp:482 +msgid "Contents" +msgstr "Inhalt" + +#: src/gui/.ui/FWBMainWindow_q.cpp:483 +#, fuzzy +msgid "&Contents..." +msgstr "&Inhalt..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:485 +msgid "Index" +msgstr "Index" + +#: src/gui/.ui/FWBMainWindow_q.cpp:486 +#, fuzzy +msgid "&Index..." +msgstr "Inde&x" + +#: src/gui/.ui/FWBMainWindow_q.cpp:488 +msgid "About" +msgstr "Über" + +#: src/gui/.ui/FWBMainWindow_q.cpp:489 +#, fuzzy +msgid "&About" +msgstr "Über" + +#: src/gui/.ui/FWBMainWindow_q.cpp:491 src/gui/.ui/FWBMainWindow_q.cpp:492 +msgid "New" +msgstr "Neu" + +#: src/gui/.ui/FWBMainWindow_q.cpp:501 +msgid "Compile rules" +msgstr "Regeln übersetzen" + +#: src/gui/.ui/FWBMainWindow_q.cpp:504 +msgid "Install firewall policy" +msgstr "Firewall Policy installieren" + +#: src/gui/.ui/FWBMainWindow_q.cpp:505 src/gui/.ui/FWBMainWindow_q.cpp:506 +#: src/gui/.ui/objectmanipulator_q.cpp:111 +msgid "Back" +msgstr "Zurück" + +#: src/gui/.ui/FWBMainWindow_q.cpp:507 src/gui/.ui/FWBMainWindow_q.cpp:508 +msgid "Move back to the previous object" +msgstr "Gehe zum vorigen Onbejkt zurück" + +#: src/gui/.ui/FWBMainWindow_q.cpp:509 +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:155 +#: src/gui/.ui/objectmanipulator_q.cpp:114 +msgid "New Object" +msgstr "Neues Objekt" + +#: src/gui/.ui/FWBMainWindow_q.cpp:510 +#, fuzzy +msgid "&New Object" +msgstr "Neues Objekt" + +#: src/gui/.ui/FWBMainWindow_q.cpp:511 src/gui/.ui/objectmanipulator_q.cpp:115 +msgid "Create New Object" +msgstr "Neues Objekt erstellen" + +#: src/gui/.ui/FWBMainWindow_q.cpp:512 +msgid "Ctrl+N" +msgstr "Strg+N" + +#: src/gui/.ui/FWBMainWindow_q.cpp:514 +#, fuzzy +msgid "&Find Object" +msgstr "Finde Objekt" + +#: src/gui/.ui/FWBMainWindow_q.cpp:515 src/gui/.ui/FWBMainWindow_q.cpp:516 +msgid "Find object in the tree" +msgstr "Objekt im Baum finden" + +#: src/gui/.ui/FWBMainWindow_q.cpp:518 +msgid "Preferences..." +msgstr "Einstellungen..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:519 +#, fuzzy +msgid "P&references..." +msgstr "Einstellungen..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:520 +msgid "Edit Preferences" +msgstr "Einstellungen ändern" + +#: src/gui/.ui/FWBMainWindow_q.cpp:523 src/gui/.ui/FWBMainWindow_q.cpp:524 +msgid "Move Rule Up" +msgstr "Regel nach oben verschieben" + +#: src/gui/.ui/FWBMainWindow_q.cpp:525 src/gui/.ui/FWBMainWindow_q.cpp:526 +msgid "Move Rule Down" +msgstr "Regel nach unten verschieben" + +#: src/gui/.ui/FWBMainWindow_q.cpp:531 +msgid "Ctrl+Del" +msgstr "Strg+Entf" + +#: src/gui/.ui/FWBMainWindow_q.cpp:540 +msgid "Add File to RCS" +msgstr "Datei zum RCS hinzufügen" + +#: src/gui/.ui/FWBMainWindow_q.cpp:541 +#, fuzzy +msgid "Add File to &RCS" +msgstr "Datei zum RCS hinzufügen" + +#: src/gui/.ui/FWBMainWindow_q.cpp:544 +msgid "Export Library To a File" +msgstr "Bibliothek in Datei exportieren" + +#: src/gui/.ui/FWBMainWindow_q.cpp:545 +#, fuzzy +msgid "&Export Library" +msgstr "&Exportiere Bibliothek" + +#: src/gui/.ui/FWBMainWindow_q.cpp:546 +msgid "Import Library From a File" +msgstr "Importiere Bibliothek aus Datei" + +#: src/gui/.ui/FWBMainWindow_q.cpp:547 +#, fuzzy +msgid "&Import Library" +msgstr "&Importiere Bibliothek" + +#: src/gui/.ui/FWBMainWindow_q.cpp:548 +msgid "Debug" +msgstr "Debug" + +#: src/gui/.ui/FWBMainWindow_q.cpp:549 +#, fuzzy +msgid "&Debug" +msgstr "Debug" + +#: src/gui/.ui/FWBMainWindow_q.cpp:550 src/gui/.ui/FWBMainWindow_q.cpp:551 +#, fuzzy +msgid "&Properties" +msgstr "Eigenschaften" + +#: src/gui/.ui/FWBMainWindow_q.cpp:552 +#, fuzzy +msgid "Show File Properties" +msgstr "Zeige Dateieigenschaften" + +#: src/gui/.ui/FWBMainWindow_q.cpp:553 src/gui/.ui/FWBMainWindow_q.cpp:554 +msgid "Move Selected Rules" +msgstr "Übertrage ausgewählte Regeln" + +#: src/gui/.ui/FWBMainWindow_q.cpp:555 +msgid "Discard" +msgstr "Verwerfen" + +#: src/gui/.ui/FWBMainWindow_q.cpp:557 +msgid "" +"Discard Changes and Overwrite With Clean Copy Of The Head Revision From RCS" +msgstr "" +"Änderungen verwerfen und Laden einer frischen Kopie der Revision von der " +"Spitze dem RCS" + +#: src/gui/.ui/FWBMainWindow_q.cpp:558 +#, fuzzy +msgid "Commit" +msgstr "Übernehmen" + +#: src/gui/.ui/FWBMainWindow_q.cpp:559 +#, fuzzy +msgid "Co&mmit" +msgstr "Übernehmen" + +#: src/gui/.ui/FWBMainWindow_q.cpp:560 +#, fuzzy +msgid "Commit Opened File to RCS and Continue Editing" +msgstr "Übernehme die geöffnete Datei ins RCS und fahre mit dem Editieren fort" + +#: src/gui/.ui/FWBMainWindow_q.cpp:567 src/gui/.ui/FWBMainWindow_q.cpp:568 +#, fuzzy +msgid "new item" +msgstr "Neues Element" + +#: src/gui/.ui/FWBMainWindow_q.cpp:569 src/gui/.ui/FWBMainWindow_q.cpp:570 +msgid "Find Conflicting Objects in Two Files" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:571 +#, fuzzy +msgid "Import Po&licy" +msgstr "&Importiere Bibliothek" + +#: src/gui/.ui/FWBMainWindow_q.cpp:572 +msgid "Toolbar" +msgstr "Werkzeugleiste" + +#: src/gui/.ui/FWBMainWindow_q.cpp:573 +#, fuzzy +msgid "&File" +msgstr "Filter" + +#: src/gui/.ui/FWBMainWindow_q.cpp:574 +#, fuzzy +msgid "&Edit" +msgstr "Bearbeiten" + +#: src/gui/.ui/FWBMainWindow_q.cpp:576 +msgid "Rules" +msgstr "Regeln" + +#: src/gui/.ui/FWBMainWindow_q.cpp:577 +#, fuzzy +msgid "Tools" +msgstr "Werkzeugleiste" + +#: src/gui/.ui/FWBMainWindow_q.cpp:578 +#, fuzzy +msgid "&Help" +msgstr "&Hilfe" + +#: src/gui/.ui/groupobjectdialog_q.cpp:190 +msgid "I" +msgstr "I" + +#: src/gui/.ui/groupobjectdialog_q.cpp:191 +msgid "L" +msgstr "L" + +#: src/gui/.ui/hostdialog_q.cpp:146 +msgid "MAC matching" +msgstr "MAC Vergleich" + +#: src/gui/.ui/icmpservicedialog_q.cpp:167 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1071 +msgid "ICMP" +msgstr "ICMP" + +#: src/gui/.ui/icmpservicedialog_q.cpp:172 +msgid "ICMP Type:" +msgstr "ICMP-Typ:" + +#: src/gui/.ui/icmpservicedialog_q.cpp:174 +msgid "ICMP Code:" +msgstr "ICMP Code:" + +#: src/gui/.ui/instdialog_q.cpp:85 src/gui/.ui/instdialog_q.cpp:270 +#: src/gui/.ui/librarydialog_q.cpp:136 src/gui/.ui/librarydialog_q.cpp:137 +msgid "Library" +msgstr "Bibliothek" + +#: src/gui/.ui/instdialog_q.cpp:87 src/gui/.ui/instdialog_q.cpp:271 +#, fuzzy +msgid "Last Modified" +msgstr "zuletzt geändert" + +#: src/gui/.ui/instdialog_q.cpp:89 src/gui/.ui/instdialog_q.cpp:272 +#, fuzzy +msgid "Last Compiled" +msgstr "zuletzt übersetzt" + +#: src/gui/.ui/instdialog_q.cpp:91 src/gui/.ui/instdialog_q.cpp:273 +#, fuzzy +msgid "Last Installed" +msgstr "zuletzt installiert" + +#: src/gui/.ui/instdialog_q.cpp:136 src/gui/.ui/instdialog_q.cpp:280 +#, fuzzy +msgid "Progress" +msgstr "Fortschritt" + +#: src/gui/.ui/instdialog_q.cpp:225 src/gui/.ui/instdialog_q.cpp:290 +#, fuzzy +msgid "Compile status" +msgstr "Übersetzungsstatus" + +#: src/gui/.ui/instdialog_q.cpp:226 src/gui/.ui/instdialog_q.cpp:291 +#, fuzzy +msgid "Install status" +msgstr "Installationsstatus" + +#: src/gui/.ui/instdialog_q.cpp:263 +msgid "Firewall Builder: Policy Installer" +msgstr "Firewall Builder: Policy Installationsroutine" + +#: src/gui/.ui/instdialog_q.cpp:264 +#, fuzzy +msgid "" +"

    Select firewalls to compile and " +"install.

    " +msgstr "" +"<p align=\"center\"><b><font size=\"+2\">Firewalls zum " +"übersetzen und installieren auswählen.</font></b></p>" + +#: src/gui/.ui/instdialog_q.cpp:265 +msgid "Perform batch install" +msgstr "Batch-Installation durchführen" + +#: src/gui/.ui/instdialog_q.cpp:266 +msgid "" +"Check this option if you want to install all selected firewalls " +"automatically. This only works if you use the same user name and password to " +"authenticate to all these firewalls. " +msgstr "" +"Diese Option ankreuzen, wenn alle gewählten Firewalls automatisch " +"installiert werden sollen. Dies funktioniert nur, wenn bei allen der gleiche " +"Benutzer und das gleiche Passwort zum Anmelden verwendet wird. " + +#: src/gui/.ui/instdialog_q.cpp:275 +#, fuzzy +msgid "None" +msgstr "keine" + +#: src/gui/.ui/instdialog_q.cpp:282 +#, fuzzy +msgid "firewall" +msgstr "Firewall" + +#: src/gui/.ui/instdialog_q.cpp:283 +msgid "Progress:" +msgstr "Fortschritt:" + +#: src/gui/.ui/instdialog_q.cpp:285 +msgid "Show Details" +msgstr "Details anzeigen" + +#: src/gui/.ui/instdialog_q.cpp:286 +#, fuzzy +msgid "Process log" +msgstr "Fortschritts-Log" + +#: src/gui/.ui/instoptionsdialog_q.cpp:283 +#, fuzzy +msgid "Install options" +msgstr "Installations-Optionen" + +#: src/gui/.ui/instoptionsdialog_q.cpp:284 +#, fuzzy, qt-format +msgid "" +"

    Install options for firewall '%1'

    " +msgstr "" +"<p align=\"center\"><b><font size=\"+2\">Installations-" +"Optionen für Firewall '%1'</font></b></p>" + +#: src/gui/.ui/instoptionsdialog_q.cpp:287 +msgid "min" +msgstr "min" + +#: src/gui/.ui/instoptionsdialog_q.cpp:288 +#, fuzzy +msgid "" +"Test run: run the script on the firewall but do not store it permanently." +msgstr "" +"Testdurchlauf: das Skript wird auf der Firewall ausgeführt aber nicht\n" +"dauerhaft auf der Firewall abgespeichert.\n" + +#: src/gui/.ui/instoptionsdialog_q.cpp:289 +msgid "Schedule reboot in " +msgstr "Re-Boot einplanen in " + +#: src/gui/.ui/instoptionsdialog_q.cpp:290 +msgid "" +"Rebooting the firewall will restore its original policy. To cancel reboot, " +"install the policy with \"test run\" option turned off" +msgstr "" +"Re-Boot der Firewall wird die originalen Policies wieder aktivieren. Um den " +"Re-Boot zu verhindern, müssen Sie die Policy mit abgeschalteter Option " +"\"Testdurchlauf\" erneut installieren." + +#: src/gui/.ui/instoptionsdialog_q.cpp:291 +#, fuzzy +msgid "" +"If you install the policy in test mode, it will not be saved permanently, so " +"you can revert to the last working configuration by rebooting the firewall" +msgstr "" +"Wenn das Skript auf der Firewall im Test-Modus installiert wird, kann man " +"zur letzten fehlerfreien Version durch ein Re-Boot der Firewall zurückkehren." + +#: src/gui/.ui/instoptionsdialog_q.cpp:292 +msgid "Cancel reboot if policy activation was successfull" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:293 +msgid "" +"Quiet install: do not print anything as commands are executed on the firewall" +msgstr "" +"stille Installation: es wird nichts gedruckt während die Kommandos auf der " +"Firewall ausgeführt werden" + +#: src/gui/.ui/instoptionsdialog_q.cpp:294 +msgid "Verbose: print all commands as they are executed on the firewall" +msgstr "" +"ausführlich: alle Kommandos werden gedruckt wie sie auf der Firewall " +"ausgeführt werden" + +#: src/gui/.ui/instoptionsdialog_q.cpp:295 +msgid "Remove comments from configuration" +msgstr "Kommentare aus der Konfiguration entfernen" + +#: src/gui/.ui/instoptionsdialog_q.cpp:296 +msgid "Compress script" +msgstr "Skript komprimieren" + +#: src/gui/.ui/instoptionsdialog_q.cpp:297 +msgid "Store a copy of fwb file on the firewall" +msgstr "Eine Kopie der fwb-.Datei auf der Firewall abspeichern" + +#: src/gui/.ui/instoptionsdialog_q.cpp:298 +msgid "Alternative address to communicate with the firewall:" +msgstr "Alternative Adresse zur Kommunikation mit der Firewall:" + +#: src/gui/.ui/instoptionsdialog_q.cpp:299 +msgid "Options for PIX and fwsm firewalls :" +msgstr "Optionen für PIX und fwsm Firewalls:" + +#: src/gui/.ui/instoptionsdialog_q.cpp:300 +msgid "Write configuration to standby PIX" +msgstr "Schreibe die Konfiguration auf die Standby-PIX" + +#: src/gui/.ui/instoptionsdialog_q.cpp:301 +msgid "Dry run (commands won't be executed on the firewall)" +msgstr "Testlauf (es werden keine Kommandos auf der Firewall ausgeführt)" + +#: src/gui/.ui/instoptionsdialog_q.cpp:302 +msgid "Store configuration diff in a file" +msgstr "Speichere die Konfigurations-Differenz in einer Datei" + +#: src/gui/.ui/instoptionsdialog_q.cpp:303 +msgid "" +"install only ACL, 'icmp', 'telnet', 'ssh', 'nat', 'global' and 'static' " +"commands" +msgstr "" +"installiere nur ACL, 'icmp', 'telnet', 'ssh', 'nat', 'global' und 'static' " +"Kommandos" + +#: src/gui/.ui/instoptionsdialog_q.cpp:304 +msgid "" +"Calculate difference between current firewall state and generated " +"configuration and install only those commands that update state of the " +"firewall" +msgstr "" +"Berechne den Unterschied zwischen dem aktuellen Firewall-Stand und der neu " +"generierten Konfiguration und installiere nur die Kommandos, die den Zustand " +"der Firewall verändern" + +#: src/gui/.ui/instoptionsdialog_q.cpp:305 +msgid "Make a backup copy of the firewall configuration in this file:" +msgstr "" +"Anlegen einer Sicherheitskopie der Firewall-Konfiguration in der Datei:" + +#: src/gui/.ui/instoptionsdialog_q.cpp:306 +msgid "Password or passphrase:" +msgstr "Passwort oder Pass-Phrase" + +#: src/gui/.ui/instoptionsdialog_q.cpp:307 +msgid "User name:" +msgstr "User name:" + +#: src/gui/.ui/instoptionsdialog_q.cpp:308 +msgid "Enable password:" +msgstr "Enable password:" + +#: src/gui/.ui/interfacedialog_q.cpp:235 +#: src/gui/.ui/newfirewalldialog_q.cpp:507 src/gui/.ui/newhostdialog_q.cpp:393 +msgid "Label:" +msgstr "Bezeichner:" + +#: src/gui/.ui/interfacedialog_q.cpp:237 +msgid "Security level:" +msgstr "Sicherheitsstufe:" + +#: src/gui/.ui/interfacedialog_q.cpp:238 +#, fuzzy +msgid "" +"

    Each interface of the firewall must have security level associated with " +"it.
    Security level can be any number between 0 and 100, 0 being least " +"secure and 100 being most secure levels. Interface with security level 0 " +"ususally serves Internet connection.

    " +msgstr "" +"<p>Jedem Interface der Firewall muss ein Sicherheits-Level zugeordnet " +"sein. <br>Sicherheits-Level können mit einer Zahl zwischen 0 und 100 " +"angegeben werden, wobei 0 die unsicherste und 100 die sicherste Stufe " +"darstellen. Das Interface mit dem Level 0 verbindet normalerweise mit dem " +"Internet.</p>" + +#: src/gui/.ui/interfacedialog_q.cpp:239 +#, fuzzy +msgid "" +"

    Each interface of the firewall must have security level associated with " +"it.
    \n" +"Security level can be any number between 0 and 100, 0 being least secure and " +"100 being most secure levels. Interface with security level 0 ususally " +"serves Internet connection.

    " +msgstr "" +"<p>Jedem Interface der Firewall muss ein Sicherheits-Level zugeordnet " +"sein. <br>Sicherheits-Level können mit einer Zahl zwischen 0 und 100 " +"angegeben werden, wobei 0 die unsicherste und 100 die sicherste Stufe " +"darstellen. Das Interface mit dem Level 0 verbindet normalerweise mit dem " +"Internet.</p>" + +#: src/gui/.ui/interfacedialog_q.cpp:241 src/gui/.ui/interfacedialog_q.cpp:244 +#, fuzzy +msgid "" +"

    Network zone consists of hosts and networks that can be reached through " +"this interface of the firewall. Subnet to which this interface is directly " +"attached must be part of its network zone. Other subnets reachable by means " +"of routing should alse be added to the network zone.\n" +"
    \n" +"If network zone for this interface consists of only one subnet, you can " +"simply choose that network's object in the pull-down below. If your network " +"zone should include multiple subnets, you need to create an Object Group, " +"then put all hosts and networks which are going to be part of the network " +"zone into that group and finally choose this group in the pull-down below." +msgstr "" +"<p>Die Netzwerk-Zone besteht aus den Rechnern und Netzwerken, die " +"durch dieses Interface auf der Firewall erreicht werden. Subnetze, die " +"direkt an das Interface angeschlossen sind, müssen Teil der Netzwerk-Zone " +"sein. Andere Subnetze, die indirekt über Routen erreichbar sind, sollten " +"benfalls der Netzwerk-Zone zugefügt werden.\n" +"<br>\n" +"Wenn Die Netzwerk-Zone für diese Interface nur aus einem Subnetz besteht, " +"können Sie einfach das Netzwerk-Objekt aus dem unten stehenden Pull-Down-" +"Menu auswählen. Wenn Ihre Netzwerk-Zone mehrere Subnetze enthalten soll, " +"müssen sie zuerst eine Objekt-Gruppe erstellen und dann alle Rechner-Objekte " +"und alle Netze, die Teil der Netzwerk-Zone werden sollen, in diese Gruppe " +"ziehen. Abschließend können Sie dann diese Gruppe aus dem Pull-Down-Menu " +"unten auswählen.</p>" + +#: src/gui/.ui/interfacedialog_q.cpp:247 +msgid "Network zone:" +msgstr "Netzwerkzone:" + +#: src/gui/.ui/interfacedialog_q.cpp:249 +#, fuzzy +msgid "This interface is external (insecure)" +msgstr "Dieses Interface ist extern (unsicher)" + +#: src/gui/.ui/interfacedialog_q.cpp:250 +#, fuzzy +msgid "" +"

    One interface of the firewall must be marked as 'external'. This " +"interface should be connected to the least secure network, usually the " +"Internet.

    " +msgstr "" +"Ein Interface der Firewall muss als 'extern' markiert sein. Dieses Interface " +"sollte mit dem als am wenigsten sicher betrachteten Netzwerk, normalerweise " +"dem Internet, verbunden sein." + +#: src/gui/.ui/interfacedialog_q.cpp:251 +msgid "" +"One interface of the firewall must be marked as 'external'. This interface " +"should be connected to the least secure network, usually the Internet." +msgstr "" +"Ein Interface der Firewall muss als 'extern' markiert sein. Dieses Interface " +"sollte mit dem als am wenigsten sicher betrachteten Netzwerk, normalerweise " +"dem Internet, verbunden sein." + +#: src/gui/.ui/interfacedialog_q.cpp:252 +msgid "Management interface" +msgstr "Management-Interface" + +#: src/gui/.ui/interfacedialog_q.cpp:253 +#, fuzzy +msgid "" +"

    Check if this interface is used for management (SNMP queries, remote " +"policy install etc.)

    " +msgstr "" +"<p>Prüfen, ob dieses Interface für das Management genutzt wird (SNMP " +"Anfragen, Policy-Installation aus der Ferne usw.)<p>" + +#: src/gui/.ui/interfacedialog_q.cpp:255 +#, fuzzy +msgid "Address is assigned dynamically" +msgstr "" +"Die Adresse wird dynamisch\n" +"zugewiesen" + +#: src/gui/.ui/interfacedialog_q.cpp:256 +#: src/gui/.ui/newfirewalldialog_q.cpp:515 +msgid "Regular interface" +msgstr "normales Interface" + +#: src/gui/.ui/interfacedialog_q.cpp:257 +#, fuzzy +msgid "Unprotected interface" +msgstr "nicht-nummeriertes Interface" + +#: src/gui/.ui/interfacedialog_q.cpp:258 +msgid "Skip this interface while assigning policy rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:546 +msgid "ipf: advanced settings" +msgstr "ipf: erweiterte Einstellungen" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:551 +msgid "Use raudio proxy in NAT rules" +msgstr "Verwende den raudio-Proxy in den NAT-Regeln" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:552 +msgid "Use h323 proxy in NAT rules" +msgstr "Verwende den h323-Proxy in den NAT-Regeln" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:553 +msgid "Use ipsec proxy in NAT rules" +msgstr "Verwende den ipsec-Proxy in den NAT-Regeln" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:554 +msgid "Use ftp proxy in NAT rules" +msgstr "Verwende den FTP-Proxy in den NAT-Regeln" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:555 +msgid "Use rcmd proxy in NAT rules" +msgstr "Verwende den rcmd-Proxy in den NAT-Regeln" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:556 +#, fuzzy +msgid "Use Kerberos rcmd proxy in NAT rules" +msgstr "Verwende den rcmd-Proxy in den NAT-Regeln" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:557 +#, fuzzy +msgid "Use Kerberos ekshell proxy in NAT rules" +msgstr "Verwende den ipsec-Proxy in den NAT-Regeln" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:558 +msgid "" +"Some protocols involve multiple associated network connections. Firewall can " +"keep track of such connections automatically if you activate one or all of " +"the following options:" +msgstr "" +"Einige Protokolle verwenden mehrere parallele Netzwerkverbindungen. Die " +"Firewall kann solche Verbindungen automatisch berücksichtigen, wenn Sie eine " +"oder alle der folgenden Optionen aktivieren:" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:559 +#, fuzzy +msgid "Use PPTP proxy in NAT rules" +msgstr "Verwende den PPTP-Proxy in den NAT-Regeln" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:560 +#, fuzzy +msgid "Use IRC proxy in NAT rules for DCC" +msgstr "Verwende den IRC-Proxy in den NAT-Regeln" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:561 +msgid "Protocol Helpers" +msgstr "Protokoll Helfer" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:562 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:356 +#: src/gui/.ui/iptadvanceddialog_q.cpp:610 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1004 +msgid "Compiler:" +msgstr "Kompiler:" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:563 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1019 +msgid "" +"There are two ways compiler can generate code for rules in the Global " +"Policy: it can either create two ipf rules to control both incoming and " +"outgoing packets for each rule, or it can create only one ipf rule for " +"incoming packets and permit all outgoing ones.You get more control over the " +"packets crossing the firewall in the first mode, but generated script is " +"going to be smaller if you choose the second." +msgstr "" +"Es gibt zwei Methoden nach denen der Kompiler aus den Regeln den globalen " +"Policy Code generieren kann: Er kann entweder zwei ipf-Regeln erzeugen und " +"so sowohl ankommende als auch abgehende Pakete für jede Regel erfassen, oder " +"er kann nur eine ipf-Regel für ankommende Pakete erzeugen und grundsätzlich " +"alle abgehende Pakete zulassen. Sie haben mehr Kontrolle über die Pakete, " +"die die Firewall durchlaufen bei Benutzung von zwei Regeln, aber das " +"generierte Skript ist wesentlich kleiner, wenn Sie die zweite Methode wählen." + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:564 +msgid "" +"Masquerade returned icmp as being from original\n" +"packet's destination" +msgstr "" +"Die Masquerade-Funktion sendet ICMP zurück\n" +"wie wenn es vom ursprünglichen Ziel des Paketes käme" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:567 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1018 +msgid "Generate both 'in' and 'out' rules" +msgstr "Generiere sowohl ankommende wie ausgehende Regeln" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:568 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1017 +msgid "Pass all outgoing" +msgstr "Lasse alle ausgehende Pakete durch" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:569 +#: src/gui/.ui/iptadvanceddialog_q.cpp:608 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1009 +msgid "Accept TCP sessions opened prior to firewall restart" +msgstr "" +"Akzeptiere TCP-Verbindungen, die bereits vor dem Neustart der Firewall " +"bestanden" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:570 +msgid "Find and eliminate duplicate rules" +msgstr "Doppelte Regeln finden und beseitigen" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:571 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:360 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1011 +msgid "Detect rule shadowing in policy" +msgstr "Überdeckung von Regeln in der Policy untersuchen" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:572 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:361 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1012 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1846 +msgid "" +"Shadowing happens because a rule is a superset of a subsequent rule and any " +"packets potentially matched by the subsequent rule have already been matched " +"by the prior rule." +msgstr "" +"Überdeckungen entstehen wenn eine Regel die Übermenge einer späteren Regel " +"ist und alle Pakete für die spätere Regel bereits von der ersten Regel " +"behandelt werden." + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:573 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:358 +#: src/gui/.ui/iptadvanceddialog_q.cpp:616 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1013 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1841 +msgid "Ignore empty groups in rules" +msgstr "Leere Gruppen in Regeln ignorieren" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:574 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:359 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1014 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1842 +msgid "" +"If the option is deactivated, compiler treats empty groups as an error and " +"aborts processing the policy. If this option is activated, compiler removes " +"all empty groups from all rule elements. If rule element becomes 'any' after " +"the last empty group has been removed, the whole rule will be ignored. Use " +"this option only if you fully understand how it works!" +msgstr "" +"Wenn diese Option ausgeschaltet ist, werden leere Gruppen vom Kompiler als " +"Fehler beheandelt und die Bearbeitung der Policy wird abgebrochen. Ist die " +"Option aktiv, entfernt der Kompiler alle leeren Gruppen aus allen Teilen der " +"Regeln. Wenn eine Regel nach Entfernen der letzten leeren Gruppe für " +"'beliebig' gültig wird, wird die gesamte Regel ignoriert. Benutzen Sie diese " +"Option nur wenn Sie ihre Funktion völlig verstehen!" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:575 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:364 +#: src/gui/.ui/iptadvanceddialog_q.cpp:617 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1006 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1828 +msgid "" +"Always permit ssh access from\n" +"the management workstation\n" +"with this address:" +msgstr "" +"Immer den Zugriff mit SSH von einer\n" +"Management-Station mit dieser\n" +"Adresse erlauben:" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:578 +#: src/gui/.ui/iptadvanceddialog_q.cpp:620 +msgid "Default action on 'Reject':" +msgstr "Standard-Aktion bei 'Zurückweisen':" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:579 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:355 +#: src/gui/.ui/iptadvanceddialog_q.cpp:603 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1005 +msgid "Command line options for the compiler:" +msgstr "Kommandozeilen-Optionen für den Kompiler:" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:580 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:357 +#: src/gui/.ui/iptadvanceddialog_q.cpp:611 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1015 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1827 +msgid "" +"Output file name (if left blank, the file name is constructed of the " +"firewall object name and extension \".fw\")" +msgstr "" +"Name der Ausgabedatei (wenn das Feld leer bleibt, wird der Dateiname " +"automatisch aus dem Namen der Firewall und der Endung \".fw\" gebildet)" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:581 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:367 +#: src/gui/.ui/iptadvanceddialog_q.cpp:623 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1021 +msgid "Compiler" +msgstr "Kompiler" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:582 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:368 +#: src/gui/.ui/iptadvanceddialog_q.cpp:624 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1096 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1873 +msgid "External install script" +msgstr "externes Installations-Skript" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:583 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:369 +#: src/gui/.ui/iptadvanceddialog_q.cpp:625 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1097 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1874 +msgid "" +"Policy install script (using built-in installer if this field is blank):" +msgstr "" +"Policy-Installations-Skript (wenn das Feld leer ist, wird die eingebaute " +"Installationsroutine verwendet):" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:584 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:370 +#: src/gui/.ui/iptadvanceddialog_q.cpp:626 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1098 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1875 +msgid "Command line options for the script:" +msgstr "Kommandozeilen-Optionen für das Skript:" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:585 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:371 +#: src/gui/.ui/iptadvanceddialog_q.cpp:627 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1099 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1876 +msgid "Built-in installer" +msgstr "Eingebaute Installationsroutine" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:586 +msgid "Directory on the firewall where configuration files should be installed" +msgstr "" +"Verzeichnis in dem auf der Firewall die Konfigurationsdateien abgelegt " +"werden sollen" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:587 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:376 +#: src/gui/.ui/iptadvanceddialog_q.cpp:632 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1104 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1879 +msgid "Additional command line parameters for ssh" +msgstr "Zusatzparameter für die ssh Kommandozeile" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:588 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:375 +#: src/gui/.ui/iptadvanceddialog_q.cpp:631 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1103 +msgid "" +"A command that installer should execute on the firewall in order to activate " +"the policy (if this field is blank, installer runs firewall script in the " +"directory specified above; it uses sudo if user name is not 'root')" +msgstr "" +"Kommando das vom Installationsprogramm auf der Firewall ausgeführt werden " +"soll um die Policy zu aktivieren (wenn das Feld leer ist, führt das " +"Installationsprogramm das Skript im oben angegebenen Verzeichnis aus. Es " +"wird automatisch 'sudo' verwendet wenn der Benutzer nicht 'root' ist)." + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:589 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:372 +#: src/gui/.ui/iptadvanceddialog_q.cpp:628 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1100 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1877 +msgid "" +"Alternative name or address used to communicate with the firewall (also " +"putty session name on Windows)" +msgstr "" +"Alternativer Namen oder alternative Adresse zur Kommunikation mit der " +"Firewall (hier auch den Name der PUTTY-Sitzung unter Windows eintragen):" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:590 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:373 +#: src/gui/.ui/iptadvanceddialog_q.cpp:629 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1101 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1878 +msgid "" +"User name used to authenticate to the firewall (leave this empty if you use " +"putty session):" +msgstr "" +"Benutzername der auf der Firewall zum Anmelden verwendet werden soll (Das " +"Feld kann leer bleiben, wenn Sie eine Sitzung mit 'PUTTY' verwenden):" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:591 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:377 +#: src/gui/.ui/iptadvanceddialog_q.cpp:633 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1105 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1880 +msgid "Installer" +msgstr "Installations-Programm" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:594 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:384 +#: src/gui/.ui/iptadvanceddialog_q.cpp:640 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1113 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1883 +msgid "" +"The following commands will be added verbatim on top of generated " +"configuration" +msgstr "" +"Die nachfolgenden Kommandos werden wortgetreu an den Anfang der generierten " +"Konfigurationsdaten kopiert" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:599 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:381 +#: src/gui/.ui/iptadvanceddialog_q.cpp:637 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1109 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1888 +msgid "" +"The following commands will be added verbatim after generated configuration" +msgstr "" +"Die nachfolgenden Kommandos werden wortgetreu an das Ende der generierten " +"Konfigurationsdaten kopiert" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:600 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:386 +#: src/gui/.ui/iptadvanceddialog_q.cpp:647 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1118 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1889 +msgid "Prolog/Epilog" +msgstr "Prolog/Epilog" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:601 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:849 +msgid "Log facility:" +msgstr "Log-Funktion: " + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:602 +#: src/gui/.ui/iptadvanceddialog_q.cpp:654 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:799 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:850 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:881 +msgid "Log level:" +msgstr "Log-Level:" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:603 +msgid "Log packet body" +msgstr "Paket-Inhalt in die Log-Datei schreiben" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:604 +msgid "Block if can not log" +msgstr "Blockieren, falls kein Schreiben in die Log-Datei möglich" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:605 +#: src/gui/.ui/iptadvanceddialog_q.cpp:663 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1121 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2076 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:801 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:851 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:858 +msgid "Logging" +msgstr "Log-Datei schreiben" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:606 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:387 +#: src/gui/.ui/iptadvanceddialog_q.cpp:669 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1122 +msgid "Add virtual addresses for NAT" +msgstr "Virtuelle Adressen für NAT hinzufügen" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:607 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:388 +#: src/gui/.ui/iptadvanceddialog_q.cpp:665 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1123 +msgid "Configure Interfaces of the firewall machine" +msgstr "Konfiguriere Interfaces auf der Firewall" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:608 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:389 +#: src/gui/.ui/iptadvanceddialog_q.cpp:666 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1124 +msgid "Turn debugging on in generated script" +msgstr "Degug-Informationen im Generierungsskript einschalten" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:609 +msgid "Optimization" +msgstr "Optimierung" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:610 +msgid "" +"If this option is on, policy compiler adds virtual addresses to the " +"interfaces to make the firewall answer to ARP queries for addresses used in " +"NAT rules." +msgstr "" +"Mit dieser Option wird der Kompiler veranlasst, virtuelle Adressen für in " +"NAT-Regeln vorkommende Adressen anzulegen. Die Firewall antwortet dann auf " +"ARP-Anfragen für diese Adressen." + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:611 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:390 +#: src/gui/.ui/iptadvanceddialog_q.cpp:664 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1125 +msgid "These options enable auxiliary sections in the generated shell script." +msgstr "" +"Diese Optionen schalten zusätzliche Bereiche in den generierten Shell-" +"Skripten ein." + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:612 +msgid "Determine addresses of dynamic interfaces at run time" +msgstr "Adressen von dynamischen Interfaces zur Laufzeit bestimmen" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:613 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:391 +#: src/gui/.ui/iptadvanceddialog_q.cpp:672 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1126 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1872 +msgid "Script Options" +msgstr "Skript-Optionen" + +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:350 +msgid "ipfw: advanced settings" +msgstr "ipfw: erweiterte Einstellungen" + +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:362 +msgid "" +"Add rule to accept packets matching dynamic rules created for\n" +"known sessions on top of the policy (action 'check-state')" +msgstr "" + +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:374 +#: src/gui/.ui/iptadvanceddialog_q.cpp:630 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1102 +msgid "Directory on the firewall where script should be installed" +msgstr "" +"Verzeichnis auf der Firewall, in der das Skript installiert werden soll" + +#: src/gui/.ui/ipservicedialog_q.cpp:208 +msgid "IP" +msgstr "IP" + +#: src/gui/.ui/ipservicedialog_q.cpp:212 +msgid "all fragments" +msgstr "alle Fragmente" + +#: src/gui/.ui/ipservicedialog_q.cpp:213 +msgid "rr (record route)" +msgstr "rr (record route)" + +#: src/gui/.ui/ipservicedialog_q.cpp:214 +msgid "timestamp" +msgstr "Zeitstempel" + +#: src/gui/.ui/ipservicedialog_q.cpp:215 +msgid "ssrr (strict source route)" +msgstr "ssrr (strict source route)" + +#: src/gui/.ui/ipservicedialog_q.cpp:216 +msgid "'short' fragments" +msgstr "'short' fragments" + +#: src/gui/.ui/ipservicedialog_q.cpp:217 +msgid "lsrr (loose source route)" +msgstr "lsrr (loose source route)" + +#: src/gui/.ui/ipservicedialog_q.cpp:220 +msgid "Protocol number:" +msgstr "Protokoll-Nummer:" + +#: src/gui/.ui/ipservicedialog_q.cpp:221 +msgid "( 0 - any protocol )" +msgstr "( 0 - beliebiges Protokoll )" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:598 +msgid "iptables: advanced settings" +msgstr "iptables: erweiterte Einstellungen" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:604 +msgid "Accept ESTABLISHED and RELATED packets before the first rule" +msgstr "Akzeptiere ESTABLISHED und RELATED Pakete vor der ersten Regel" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:605 +msgid "Bridging firewall" +msgstr "Bridging Firewall" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:606 +msgid "Detect shadowing in policy rules" +msgstr "Prüfe auf Überlappungen in den Policy-Regeln" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:607 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1832 +msgid "Assume firewall is part of 'any'" +msgstr "Automatisch die Firewall bei 'beliebig' einschließen" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:609 +msgid "Enable support for NAT of locally originated connections" +msgstr "" +"Die Unterstützung durch NAT auch für lokal beginnende Verbindungen " +"einschalten" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:612 +msgid "" +"Drop packets that are associated with\n" +"no known connection" +msgstr "" +"Verwerfe Pakete, die nicht zu einer\n" +"bekannten Verbindung gehören" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:614 +msgid "and log them" +msgstr "und schreibe sie in die Log-Datei" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:615 +msgid "Clamp MSS to MTU" +msgstr "MSS automatisch auf MTU festlegen" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:621 +msgid "Make Tag and Classify actions terminating" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:622 +msgid "Do not set default policy for ipv6" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:642 +msgid "Insert prolog script " +msgstr "Prolog-Skript einfügen" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:649 +msgid "use ULOG" +msgstr "benutze ULOG" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:650 +msgid "use LOG" +msgstr "benutze LOG" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:651 +msgid "log TCP seq. numbers" +msgstr "TCP-Sequenznummern in die Log-Datei schreiben" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:652 +msgid "log IP options" +msgstr "IP-Optionen in die Log-Datei schreiben" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:653 +msgid "use numeric syslog levels" +msgstr "numerische Sylog-Level verwenden" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:655 +msgid "log TCP options" +msgstr "TCP-Optionen in Log-datei eintragen" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:656 +msgid "cprange" +msgstr "cprange" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:657 +msgid "queue threshold:" +msgstr "queue threshold:" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:658 +msgid "netlink group:" +msgstr "netlink group:" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:659 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:798 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:857 +msgid "Log prefix:" +msgstr "Log-Präfix:" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:660 +msgid "Logging limit:" +msgstr "Limit für Log-Datei:" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:661 +msgid "" +"Activate logging in all rules\n" +"(overrides rule options, use for debugging)" +msgstr "" +"Schreiben von Log-daten in allen Regeln erzwingen\n" +"(überschreibt die jeweiligen Einstellungen der Regeln - zur Fehlersuche)" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:667 +msgid "Verify interfaces before loading firewall policy" +msgstr "Interfaces prüfen, bevor die Firewall-Policy geladen wird" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:668 +msgid "Load modules" +msgstr "Module laden" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:670 +msgid "Use iptables-restore to activate policy" +msgstr "" +"Die Funktion 'iptables-restore' wird zur Aktivierung der Policy verwendet" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:671 +msgid "iptables-restore replaces firewall policy in one atomic transaction" +msgstr "" +"Die Funktion 'iptables-restore' aktiviert die Policy in einer " +"einzigenunteilbaren Transaktion" + +#: src/gui/.ui/ipv4dialog_q.cpp:169 +msgid "IPv4" +msgstr "IPv4" + +#: src/gui/.ui/ipv4dialog_q.cpp:176 +msgid "DNS Lookup..." +msgstr "DNS Lookup..." + +#: src/gui/.ui/libexport_q.cpp:106 +msgid "Export" +msgstr "Exportieren" + +#: src/gui/.ui/libexport_q.cpp:107 +msgid "" +"This will export a library to a file which can later be imported back into " +"Firewall Builder" +msgstr "" +"Mit dieser Funktion wird eine Bibliothek in eine Datei exportiert, die " +"später wieder vom Firewall Builder gelesen werden kann" + +#: src/gui/.ui/libexport_q.cpp:109 +msgid "New Item" +msgstr "Neues Element" + +#: src/gui/.ui/libexport_q.cpp:110 +msgid "Make exported libraries read-only" +msgstr "Markiere die exportierte Bibliothek als schreibgeschützt" + +#: src/gui/.ui/libexport_q.cpp:111 +msgid "Choose libraries to be exported:" +msgstr "Wählen Sie die zu exportierenden Bibliotheken:" + +#: src/gui/.ui/librarydialog_q.cpp:138 +msgid "Color:" +msgstr "Farbe:" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:195 +msgid "Linksys/Sveasoft: advanced settings" +msgstr "Linksys/Sveasoft: erweiterte Einstellungen" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:200 +#: src/gui/.ui/linux24advanceddialog_q.cpp:450 +msgid "modprobe:" +msgstr "modprobe:" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:201 +#: src/gui/.ui/linux24advanceddialog_q.cpp:451 +msgid "logger:" +msgstr "logger:" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:202 +#: src/gui/.ui/linux24advanceddialog_q.cpp:452 +msgid "ip:" +msgstr "IP:" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:203 +#: src/gui/.ui/linux24advanceddialog_q.cpp:453 +msgid "lsmod" +msgstr "lsmod" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:204 +#: src/gui/.ui/linux24advanceddialog_q.cpp:455 +msgid "iptables:" +msgstr "iptables:" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:205 +#: src/gui/.ui/linux24advanceddialog_q.cpp:454 +msgid "" +"Specify directory path and a file name for each utility on your firewall " +"machine. Leave these empty if you want to use default values." +msgstr "" +"Bitte geben Sie den Pfad und die Dateinamen für die Hilfsprogramme auf Ihrer " +"Firewall an. Sie können die Einträge leer lassen, wenn die Standardwerte " +"benutzt werden sollen." + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:207 +#, fuzzy +msgid "" +"Policy installer relies on the shell prompt on the firewall to execute " +"commands. Installer tries both prompt string patterns configured here; it " +"assumes that the firewall is ready to accept a command if either prompt " +"matches. You should only need to change these string patterns if Sveasoft " +"changes the shell prompt in the future releases of the software.\n" +"
    \n" +"
    \n" +"The default strings work for Sveasoft Alchemy pre-5.1 and pre-5.2" +msgstr "" +"Der Policy-Installationsprozess ist auf die Shell-Prompts auf der Firewall " +"angewiesen, um Kommandos ausführen zu können. Der Prozess sucht nach den " +"beiden hier konfigurierten Testmustern. Er geht davon ausm dass die Firewall " +"für Kommandos bereit ist, wenn er einen der Prompts erkennt. Eine Änderung " +"sollte nur dann notwendig sein, wenn Sveasoft den Shell-Prompt bei einem " +"zukünftigen Software-Release ändern sollte.\n" +"<br>\n" +"<br>\n" +"Die Standardwerte sollten bei Sveasoft Alchemy pre-5.1 und pre-5.2 " +"funktionieren" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:211 +msgid "Use default prompts" +msgstr "Standard-Prompts verwenden" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:212 +msgid "prompt 2" +msgstr "Prompt 2" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:213 +msgid "prompt 1" +msgstr "Prompt 1" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:214 +msgid "Prompts" +msgstr "Prompts" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:365 +msgid "Linux 2.4: advanced settings" +msgstr "Linux 2.4: erweiterte Optionen" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:407 +msgid "Kernel anti-spoofing protection" +msgstr "im Kernel anti-spoofing aktivieren" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:408 +msgid "Ignore broadcast pings" +msgstr "Broadcast-Pings ignorieren" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:409 +msgid "Ignore all pings" +msgstr "Alle Pings ignorieren" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:410 +msgid "Accept source route" +msgstr "Source Route akzeptieren" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:411 +msgid "Accept ICMP redirects" +msgstr "ICMP-Redirect akzeptieren" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:412 +msgid "Ignore bogus ICMP errors" +msgstr "unsinnige ICMP-Fehler ignorieren" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:413 +msgid "Allow dynamic addresses" +msgstr "Dynamische Adressen erlauben" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:414 +msgid "Log martians" +msgstr "Martians (unplausible Absenderadressen) in die Log-Datei" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:416 +msgid "" +"These parameters make sense for connections to or from the firewall host" +msgstr "Diese Parameter machen nur bei Verbindungen von oder zur Firewall Sinn" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:441 +msgid "TCP sack" +msgstr "TCP SACK" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:442 +msgid "TCP window scaling" +msgstr "TCP window scaling" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:443 +msgid "TCP ECN" +msgstr "TCP ECN" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:444 +msgid "TCP SYN cookies" +msgstr "TCP SYN cookies" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:445 +msgid "TCP keepalive time (sec)" +msgstr "TCP keep alive time (Sek.)" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:446 +msgid "TCP fack" +msgstr "TCP FACK" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:447 +msgid "TCP timestamps" +msgstr "TCP Zeitstempel" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:448 +msgid "TCP FIN timeout (sec)" +msgstr "TCP FIN Timeout (Sek.)" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:449 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1051 +#: src/gui/.ui/tcpservicedialog_q.cpp:370 +msgid "TCP" +msgstr "TCP" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:456 +msgid "iptables-restore:" +msgstr "iptables-restore:" + +#: src/gui/.ui/longtextdialog_q.cpp:95 +msgid "longTextDialog_q" +msgstr "longTextDialog_q" + +#: src/gui/.ui/longtextdialog_q.cpp:97 +msgid "this is the error text" +msgstr "dies ist der Fehler-Text" + +#: src/gui/.ui/macosxadvanceddialog_q.cpp:164 +msgid "MacOS X: advanced settings" +msgstr "MacOS X: erweiterte Optionen" + +#: src/gui/.ui/metriceditorpanel_q.cpp:78 +#, fuzzy +msgid "textLabel2" +msgstr "Bezeichner2" + +#: src/gui/.ui/natruleoptionsdialog_q.cpp:154 +#, fuzzy +msgid "NAT Rule Options" +msgstr "NAT-Regeloptionen" + +#: src/gui/.ui/natruleoptionsdialog_q.cpp:156 +msgid "No options are available for this firewall platform" +msgstr "Für diese Firewall-Plattform sind keine Optionen verfügbar" + +#: src/gui/.ui/natruleoptionsdialog_q.cpp:157 +#, fuzzy +msgid "Pool type" +msgstr "Pool-Typ:" + +#: src/gui/.ui/natruleoptionsdialog_q.cpp:158 +#, fuzzy +msgid "default" +msgstr "Standard" + +#: src/gui/.ui/newfirewalldialog_q.cpp:172 +#: src/gui/.ui/newfirewalldialog_q.cpp:323 +#: src/gui/.ui/newfirewalldialog_q.cpp:502 +#: src/gui/.ui/newfirewalldialog_q.cpp:524 src/gui/.ui/newhostdialog_q.cpp:188 +#: src/gui/.ui/newhostdialog_q.cpp:398 +msgid "Label" +msgstr "Bezeichner" + +#: src/gui/.ui/newfirewalldialog_q.cpp:174 +#: src/gui/.ui/newfirewalldialog_q.cpp:504 src/gui/.ui/newhostdialog_q.cpp:190 +#: src/gui/.ui/newhostdialog_q.cpp:400 +msgid "Netmask" +msgstr "Netzmaske" + +#: src/gui/.ui/newfirewalldialog_q.cpp:175 +#: src/gui/.ui/newfirewalldialog_q.cpp:505 src/gui/.ui/newhostdialog_q.cpp:191 +#: src/gui/.ui/newhostdialog_q.cpp:401 +msgid "Dyn" +msgstr "dyn" + +#: src/gui/.ui/newfirewalldialog_q.cpp:176 +#: src/gui/.ui/newfirewalldialog_q.cpp:506 src/gui/.ui/newhostdialog_q.cpp:192 +#: src/gui/.ui/newhostdialog_q.cpp:402 +msgid "MAC" +msgstr "MAC" + +#: src/gui/.ui/newfirewalldialog_q.cpp:325 +#: src/gui/.ui/newfirewalldialog_q.cpp:526 +msgid "Security Level" +msgstr "Sicherheitsstufe" + +#: src/gui/.ui/newfirewalldialog_q.cpp:487 src/gui/.ui/newhostdialog_q.cpp:378 +msgid "Enter the name of the new object below:" +msgstr "Bitte den Namen des neuen Objekts unten angeben:" + +#: src/gui/.ui/newfirewalldialog_q.cpp:488 +msgid "Choose firewall software it is running:" +msgstr "Die vom Objekt verwendete Firewall-Software auswählen:" + +#: src/gui/.ui/newfirewalldialog_q.cpp:489 +msgid "Choose OS the new firewall runs on:" +msgstr "Bitte das Betriebssystem der neuen Firewall auswählen:" + +#: src/gui/.ui/newfirewalldialog_q.cpp:490 +msgid "Use preconfigured template firewall objects" +msgstr "Vorkonfigurierte Beispiel-Firewall-Objekete verwenden" + +#: src/gui/.ui/newfirewalldialog_q.cpp:492 +msgid "" +"Next step is to add interfaces to the new firewall. There are two ways to do " +"it: using SNMP query or manually. Adding them using SNMP query is fast and " +"automatic, but is only possible if firewall runs SNMP agent and you know " +"SNMP community string 'read'." +msgstr "" +"Als nächstes müssen die Interfaces in der Firewall angelegt werden. Es gibt " +"zwei Möglichkeiten dafür: mit Hilfe von SNMP-Queries oder von Hand. Das " +"Auslesen mit SNMP ist schnell und kann automatisch erfolgen, aber es " +"funktioniert nur bei Firewalls, die einen SNMP-Agenten bieten und deren SNMP-" +"community für das Lesen bekannt ist." + +#: src/gui/.ui/newfirewalldialog_q.cpp:494 src/gui/.ui/newhostdialog_q.cpp:383 +msgid "Configure interfaces manually" +msgstr "Interfaces von Hand konfigurieren" + +#: src/gui/.ui/newfirewalldialog_q.cpp:495 +msgid "Use SNMP to discover interfaces of the firewall" +msgstr "SNMP benutzen um die Interfaces der Firewall zu erkunden" + +#: src/gui/.ui/newfirewalldialog_q.cpp:496 src/gui/.ui/newhostdialog_q.cpp:385 +msgid "Discover Interfaces using SNMP" +msgstr "Interfaces mit Hilfe von SNMP erkunden" + +#: src/gui/.ui/newfirewalldialog_q.cpp:499 +msgid "" +"Here you can add or edit interfaces manually. 'Name' corresponds to the name " +"of the physical interface, such as 'eth0', 'fxp0', 'ethernet0' etc. 'Label' " +"is used to mark interface to reflect network topology, e.g. 'outside' or " +"'inside'. Label is mandatory for PIX firewall." +msgstr "" +"Hier können Sie manuell Interfaces hinzufügen oder abändern. Der angezeigte " +"'Name' entspricht dem Namen des physikalischen Interfaces, wie 'eth0', " +"'fxp0', 'ethernet0' usw. 'Bezeichner' wird benutzt um Interfaces in ihrer " +"Funktion zu kennzeichnen, zum Beispiel 'aussen' oder 'innen'. Bezeichner " +"sind für die PIX-Firewall zwingend notwendig." + +#: src/gui/.ui/newfirewalldialog_q.cpp:500 src/gui/.ui/newhostdialog_q.cpp:391 +msgid "Click 'Next' when done." +msgstr "Bitte 'weiter' anklicken, wenn Sie fertig sind" + +#: src/gui/.ui/newfirewalldialog_q.cpp:509 src/gui/.ui/newhostdialog_q.cpp:408 +msgid "Update" +msgstr "Auffrischen" + +#: src/gui/.ui/newfirewalldialog_q.cpp:510 src/gui/.ui/newhostdialog_q.cpp:407 +msgid "Add" +msgstr "Hinzufügen" + +#: src/gui/.ui/newfirewalldialog_q.cpp:519 src/gui/.ui/newhostdialog_q.cpp:403 +msgid "MAC:" +msgstr "MAC:" + +#: src/gui/.ui/newfirewalldialog_q.cpp:521 +msgid "up" +msgstr "up" + +#: src/gui/.ui/newfirewalldialog_q.cpp:522 +msgid "down" +msgstr "down" + +#: src/gui/.ui/newfirewalldialog_q.cpp:527 +msgid "Click 'Finish' when done." +msgstr "Nach Beendigung 'Fertig' anklicken" + +#: src/gui/.ui/newfirewalldialog_q.cpp:528 +msgid "" +"In order to be able to build firewall policy properly, Firewall Builder " +"needs information about 'security level' of the firewall's interfaces. " +"Interface that connects it to the Internet is considered 'insecure' and has " +"security level '0', while interface connected to the internal network is " +"supposed to be 'secure' (security level '100'). You can arrange interfaces " +"in the order of their security level below." +msgstr "" +"Um die Policy für die Firewall korrekt erstellen zu können, braucht der " +"Firewall Builder Informationen über das Sicherheits-Level der Interfaces der " +"Firewall. Das Interface, das mit dem Internet verbunden ist, wird als " +"'unsicher' betrachtet und hat das Level '0'. Ein Interface, das mit dem " +"internen Netzwerk verbunden ist wird als 'sicher' betrachtet und hat das " +"Level '100'. Sie können unten die Interfaces passend einstellen." + +#: src/gui/.ui/newfirewalldialog_q.cpp:530 src/gui/.ui/newhostdialog_q.cpp:411 +msgid "" +"Choose template object in the list and click 'Finish' when ready. Template " +"objects use generic interface names that will be iherited by the firewall " +"object you create. You may need to rename them later to reflect real names " +"of interfaces on your firewall machine." +msgstr "" +"Bitte wählen Sie ein Muster-Objekt aus der Liste und klicken Sie dann auf " +"'fertig'. Muster-Objekte verwenden allgemein gültige Namen für Interfaces, " +"die dann von dem neu erzeugten Firewall-Objekt übernommen werden. Es kann " +"erforderlich sein, diese Namen später mit den realen Namen der Firewall-" +"Interfaces zu überschreiben." + +#: src/gui/.ui/newgroupdialog_q.cpp:99 +msgid "Group Name:" +msgstr "Gruppenname:" + +#: src/gui/.ui/newgroupdialog_q.cpp:100 +msgid "This operation will create a new group and put selected objects in it" +msgstr "" +"Diese Aktion erzeugt eine neue Gruppe und fügt die ausgewählten Objekte in " +"die Gruppe ein" + +#: src/gui/.ui/newgroupdialog_q.cpp:101 +msgid "Create a group" +msgstr "Eine Gruppe erstellen" + +#: src/gui/.ui/newhostdialog_q.cpp:379 +msgid "Use preconfigured template host objects" +msgstr "Vorkonfigurierte Beispiele für die Host-Objekte verwenden" + +#: src/gui/.ui/newhostdialog_q.cpp:381 +msgid "" +"Next step is to add interfaces to the new host. There are two ways to do it: " +"using SNMP query or manually. Adding them using SNMP query is fast and " +"automatic, but is only possible if the host runs SNMP agent and you know " +"SNMP community string 'read'." +msgstr "" +"Als nächstes müssen die Interfaces des neuen Hosts angelegt werden. Es gibt " +"zwei Möglichkeiten dafür: mit Hilfe von SNMP-Queries oder von Hand. Das " +"Auslesen mit SNMP ist schnell und kann automatisch erfolgen, aber es " +"funktioniert nur bei Hosts, die einen SNMP-Agenten bieten und deren SNMP-" +"community für das Lesen bekannt ist." + +#: src/gui/.ui/newhostdialog_q.cpp:384 +msgid "Use SNMP to discover interfaces of the host" +msgstr "SNMP benutzen um die Interfaces des Hosts zu erkunden" + +#: src/gui/.ui/newhostdialog_q.cpp:388 +msgid "" +"Here you can add or edit interfaces manually. 'Name' corresponds to the name " +"of the physical interface, such as 'eth0', 'fxp0', 'ethernet0' etc. 'Label' " +"is used to mark interface to reflect network topology, e.g. 'outside' or " +"'inside'." +msgstr "" +"Hier können Sie manuell Interfaces hinzufügen oder abändern. Der angezeigte " +"'Name' entspricht dem Namen des physikalischen Interfaces, wie 'eth0', " +"'fxp0', 'ethernet0' usw. 'Bezeichner' wird benutzt um Interfaces in ihrer " +"Funktion zu kennzeichnen, zum Beispiel 'aussen' oder 'innen'." + +#: src/gui/.ui/newhostdialog_q.cpp:396 +msgid "" +"This is unnumbered interface, that is, it does not have an IP address. You " +"can use this for interfaces that terminate PPPoE or other VPN tunnels" +msgstr "" +"Dies ist ein unnummeriertes Interface, das bedeutet es hat keine (feste) IP-" +"Adresse. Sie können dieses Interface zum Beispiel zum Terminieren eines VPN-" +"Tunnels oder einer PPPoE-verbindung verwenden." + +#: src/gui/.ui/newhostdialog_q.cpp:405 +msgid "" +"Address of this interface is assigned dynamically using DHCP or PPP protocol" +msgstr "" +"Das Interface erhält seine Adresse dynamisch über das DHCP- oder PPP-" +"Protokoll" + +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:148 +msgid "Conflict Resolution" +msgstr "Lösung von Konflikten" + +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:149 +msgid "" +"There is a conflict between an object in your tree and object in the file " +"you are trying to open. Choose which version of this object you want to use:" +msgstr "" +"Es existiert ein Konflikt zwischen einem Objekt in Ihrem Objekt-Baum und " +"einem Objekt in der Datei, die Sie gerade öffnen wollen. Bitte wählen Sie " +"die Version des objektes, die Sie verwenden wollen:" + +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:150 +msgid "Current Object " +msgstr "Aktuelles Objekt " + +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:153 +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:158 +msgid "" +"Always choose this\n" +"object if there is a conflict" +msgstr "" +"Im Falle von Konflikten immer\n" +"dieses Objekt auswählen" + +#: src/gui/.ui/objectmanipulator_q.cpp:108 +msgid "Tree of Objects" +msgstr "Objektbaum" + +#: src/gui/.ui/objectmanipulator_q.cpp:112 +msgid "Go back to the previous object" +msgstr "Zum vorigen Objekt zurückkehren" + +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:172 +msgid "OpenBSD: advanced settings" +msgstr "OpenBSD: erweiterte Einsellungen" + +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:178 +msgid "Enable directed broadcast" +msgstr "Erlaube directed Broadcasts (Broadcasts an Netze)" + +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:199 +msgid "pfctl:" +msgstr "pfctl:" + +#: src/gui/.ui/pagesetupdialog_q.cpp:103 +msgid "Page Setup" +msgstr "Seitenaufbau" + +#: src/gui/.ui/pagesetupdialog_q.cpp:104 +msgid "start each section on a new page" +msgstr "Jeden Abschnitt auf neuer Seite starten" + +#: src/gui/.ui/pagesetupdialog_q.cpp:105 +msgid "print header on every page" +msgstr "Header auf jeder Seite drucken" + +#: src/gui/.ui/pagesetupdialog_q.cpp:106 +#, fuzzy +msgid "print legend" +msgstr "Legende drucken" + +#: src/gui/.ui/pagesetupdialog_q.cpp:107 +#, fuzzy +msgid "print objects used in rules" +msgstr "Objekte drucken, die in Regeln benutzt werden" + +#: src/gui/.ui/pagesetupdialog_q.cpp:109 +#, fuzzy +msgid "Alt+O" +msgstr "Alt+O" + +#: src/gui/.ui/pagesetupdialog_q.cpp:112 +#, fuzzy +msgid "Scale tables: " +msgstr "Tabellengröße anpassen: " + +#: src/gui/.ui/pagesetupdialog_q.cpp:114 +msgid "50%" +msgstr "50%" + +#: src/gui/.ui/pagesetupdialog_q.cpp:115 +msgid "75%" +msgstr "75%" + +#: src/gui/.ui/pagesetupdialog_q.cpp:116 +msgid "100%" +msgstr "100%" + +#: src/gui/.ui/pagesetupdialog_q.cpp:117 +msgid "150%" +msgstr "150%" + +#: src/gui/.ui/pagesetupdialog_q.cpp:118 +msgid "200%" +msgstr "200%" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:999 +msgid "pf: advanced settings" +msgstr "pf: erweiterte Einstellungen" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1010 +msgid "Modulate state for all stateful rules (applies only to TCP services)" +msgstr "" +"Den Status für alle Regeln mit Status (stateful) modulieren (gilt nur für " +"TCP-Dienste)" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1020 +msgid "Optimization:" +msgstr "Optimierung:" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1022 +msgid "Enforce Minimum TTL:" +msgstr "Minimale TTL erzwingen:" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1023 +msgid "Enforce Maximum MSS:" +msgstr "Maximum MSS erzwingen:" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1024 +msgid "Enforces a maximum Maximum Segment Size (MSS) in TCP packet headers." +msgstr "" +"Die Maximale Segment Größe (MSS) in den TCP-Paket-Headern zwangsweise " +"eintragen" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1025 +msgid "Enforces a minimum Time To Live (TTL) in IP packet headers." +msgstr "Eine minimale Lebensdauer (TTL) zwangsweise in die IP-Pakete eintragen" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1026 +msgid "Reassemble fragments" +msgstr "Reassemble Fragments (Defragmentierung)" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1027 +msgid "Clear DF bit" +msgstr "Lösche DF Bit" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1028 +msgid "Clears the don't fragment bit from the IP packet header." +msgstr "Lösche das don't fragment Bit aus dem IP-Header." + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1029 +msgid "Use random ID" +msgstr "verwende eine zufällige ID" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1030 +msgid "" +"Replaces the IP identification field of outgoing packets with random values " +"to compensate for operating systems that use predictable values." +msgstr "" +"Diese Funktion ersetzt das ID-Feld von ausgehenden Paketen durch eine " +"Zufallszahl. Dies erschwert Attacken auf Systeme, die vorhersagbare IDs " +"generieren" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1032 +msgid "Buffer and reassemble fragments (default)" +msgstr "Fragmente werden zwischengespeichert und re-assembliert (Standard)" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1033 +msgid "" +"Buffers incoming packet fragments and reassembles them into a complete " +"packet before passing them to the filter engine." +msgstr "" +"Ankommende Paket-Fragmente werden zwischengespeichert und re-assembliert " +"bevor sie als komplette Pakete an die Filter-Maschine weiter gegeben werden." + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1034 +msgid "Drop duplicate fragments, do not buffer and reassemble" +msgstr "" +"Verwerfe doppelte Fragmente, keine Versuche zur Pufferung und Re-" +"Assemblierung machen" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1035 +msgid "" +"Causes duplicate fragments to be dropped and any overlaps to be cropped." +msgstr "Doppelte Fragmente werden verworfen und alle überlappungen beseitigt." + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1036 +msgid "Drop duplicate and subsequent fragments" +msgstr "Verwerfe doppelte und alle nachfolgenden Fragmente" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1037 +msgid "" +"Similar to 'Drop duplicate fragments' except that all duplicate or " +"overlapping fragments will be dropped as well as any further corresponding " +"fragments." +msgstr "" +"Dies ist ähnlich wie die Funktion 'verwerfe doppelte Fragmente', außer dass " +"nach dem Verwerfen der doppelten Fragmente auch alle nachfolgenden " +"Fragmente, die zu diesem Paket gehören, verworfen werden." + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1038 +msgid "Scrub rule options" +msgstr "Aufräumen der Regel-Optionen" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1039 +msgid "maximum number of entries in the memory pool used for packet reassembly" +msgstr "Maximale Anzahl von Einträgen Re-Assemblierungspool für Pakete" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1040 +#, fuzzy +msgid "table-entries" +msgstr "iptables-restore:" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1041 +msgid "maximum number of addresses that canbe stored in tables" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1042 +msgid "" +"maximum number of entries in the memory pool used for state table entries" +msgstr "Maximale Anzahl von Einträgen im Speicherpool für die Statustabelle" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1043 +#, fuzzy +msgid "state table size: " +msgstr "Größe der Statustabelle:" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1044 +#, fuzzy +msgid "reassembly pool: " +msgstr "Re-Assemblierungspool:" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1045 +#, fuzzy +msgid "" +"maximum number of entries in the memory pool used for tracking source IP " +"addresses" +msgstr "Maximale Anzahl von Einträgen Re-Assemblierungspool für Pakete" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1046 +#, fuzzy +msgid "maximum number of tables that can exist in the memory simultaneously" +msgstr "Maximale Anzahl von Einträgen Re-Assemblierungspool für Pakete" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1047 +#, fuzzy +msgid "tables" +msgstr "iptables:" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1048 +msgid "src-nodes" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1049 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:876 +#, fuzzy +msgid "Limits" +msgstr "Limits" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1050 +msgid "" +"When a packet matches a stateful connection, the seconds to live for the " +"connection will be updated to the value which corresponds to the connection " +"state." +msgstr "" +"Wenn ein Paket zu einer Regel mit Status (stateful) passt, so werden die " +"Haltezeit für diese Verbindung auf einen Wert gesetzt, der zum aktuellen " +"Status der Verbindung passt." + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1052 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1065 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1074 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1077 +msgid "first" +msgstr "erstes" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1053 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1066 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1072 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1078 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1081 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1082 +msgid "The state after the first packet." +msgstr "Der Status nach dem ersten Paket" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1054 +msgid "opening" +msgstr "öffnend" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1055 +msgid " The state before the destination host ever sends a packet." +msgstr " Der Zustand bevor der Empfängerrechner jemals ein Paket sendet." + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1056 +msgid "established" +msgstr "etabliert" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1057 +msgid "The fully established state." +msgstr "Der vollständig etablierte Status." + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1058 +msgid "The state after the first FIN has been sent." +msgstr "Der Status nach dem Senden des ersten FIN" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1059 +msgid "closing" +msgstr "schliessend" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1060 +msgid "" +"The state after both FINs have been exchanged and the connection is closed." +msgstr "" +"Der Status nach dem beide FINs ausgetauscht wurden und die Verbindung " +"geschlossen ist." + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1061 +msgid "finwait" +msgstr "FIN-WAIT" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1062 +msgid "The state after one endpoint sends an RST." +msgstr "Der Status nachdem eine der beiden Seiten ein RST gesendet hat." + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1063 +msgid "closed" +msgstr "geschlossen" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1064 +#: src/gui/.ui/udpservicedialog_q.cpp:221 +msgid "UDP" +msgstr "UDP" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1067 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1079 +msgid "single" +msgstr "einzeln" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1068 +msgid "" +"The state if the source host sends more than one packet but the destination " +"host has never sent one back." +msgstr "" +"Status in dem der Quell-Host mehrere Pakete gesendet hat, aber der Ziel-Host " +"nie ein Paket zurück gesendet hat." + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1069 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1080 +msgid "multiple" +msgstr "mehrfach" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1070 +msgid " The state if both hosts have sent packets." +msgstr "Der Status in dem beide Hosts Pakete gesendet haben" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1073 +msgid "The state after an ICMP error came back in response to an ICMP packet." +msgstr "" +"Der Status wenn eine ICMP-Fehlermeldung als Antwort auf ein ICMP-Paket " +"empfangen wurde. " + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1076 +msgid "Other Protocols" +msgstr "Andere Protokolle" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1083 +msgid "Fragments" +msgstr "Fragmente" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1084 +msgid "reassembly timeout" +msgstr "reassembly timeout (Zeitfenster für die Ankunft von Paketteilen) " + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1085 +msgid "state expiration timeout" +msgstr "Zeitspanne nach der Statusinformationen gelöscht werden" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1086 +msgid "seconds between purges of expired states and packet fragments." +msgstr "" +"Sekunden zwischen zwei Löschvorgängen für überholte Statuseinträge und Paket-" +"Fragmente." + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1087 +msgid "seconds before an unassembled fragment is expired." +msgstr "Sekunden bevor ein nicht assembliertes Paket verworfen wird." + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1088 +msgid "Adaptive scaling" +msgstr "adaptive Skalierung" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1089 +msgid "" +"Timeout values can be reduced adaptively as the number of state table " +"entries grows (see man page pf.conf(5) for details)" +msgstr "" +"Die Zeitspanne kann adaptiv verkleinert werden, wenn die Anzahl der Einträge " +"in der Statustabelle wächst (siehe 'man page pf.conf(5)' für Einzelheiten)" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1090 +msgid "adaptive start" +msgstr "Startpunkt für adaptive Anpassung" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1091 +msgid "" +"When the number of state entries exceeds this value, adaptive scaling begins." +msgstr "" +"Wenn die Anzahl der Einträge in der Statustabelle diesen Wert übersteigt, " +"beginnt das adaptive Verhalten" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1092 +msgid "adaptive end" +msgstr "Ende des adaptiven Verhaltens" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1093 +msgid "" +"When reaching this number of state entries, all timeout val- ues become " +"zero, effectively purging all state entries imme- diately." +msgstr "" +"Wenn diese Anzahl von Einträgen erreicht wird, werden alle Zeitspannen auf 0 " +"gesetzt, damit werden alle überholten Einträge sofort gelöscht." + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1094 +msgid "Activate adaptive timeout scaling" +msgstr "Aktiviere das adaptive anpassen der Timeouts" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1095 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1910 +msgid "Timeouts" +msgstr "Timeouts" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1114 +#, fuzzy +msgid "Insert prolog and epilog scripts" +msgstr "Prolog-Skript einfügen" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1116 +#, fuzzy +msgid "in the activation shell script (.fw file)" +msgstr "am Beginn des Skripts" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1117 +msgid "in the pf rule file (.conf file)" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1119 +msgid "Log Prefix" +msgstr "Log-Präfix" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1120 +msgid "Fallback \"deny all\" rule should log blocked packets" +msgstr "" +"Die Rückfallregel \"deny all\" soll gesperrte Pakete in die Log-Datei " +"schreiben" + +#: src/gui/.ui/physaddressdialog_q.cpp:149 +msgid "physAddress" +msgstr "physAddress" + +#: src/gui/.ui/physaddressdialog_q.cpp:150 +#, fuzzy +msgid "MAC Address" +msgstr "MAC-Adresse hinzufügen" + +#: src/gui/.ui/physaddressdialog_q.cpp:153 +msgid "Physical address (MAC):" +msgstr "physikalische Adresse (MAC):" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1824 +msgid "PIX Firewall Settings" +msgstr "PIX Firewall Einstellungen" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1831 +msgid "Policy Compiler Options" +msgstr "Policy Kompiler Optionen" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1833 +msgid "" +"Generate rules assuming the firewall is part of \"Any\". This makes a " +"difference in rules that use services 'ssh' and 'telnet' since PIX uses " +"special commands to control ssh and telnet access to the firewall machine" +msgstr "" +"Die Regeln werden unter der Annahme generiert, dass die Firewall selbst Teil " +"der Gruppe \"beliebig\" ist. Dies macht einen Unterschied bei Regeln die " +"eine der Dienste 'SSH' oder 'TELNET' benutzen, da beim PIX spezielle " +"Kommandos den Zugriff von SSH und TELNET auf die Firewall regeln" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1834 +msgid "" +"Replace NAT'ted objects with their \n" +"translations in policy rules" +msgstr "" +"Ersetze alle von NAT betroffenen Objekte durch \n" +"ihre übersetzten Werte in den Policy-Regeln" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1836 +msgid "" +"PIX inspects packets with ACLs before it does NAT, while many other " +"firewalls do NAT first and then apply ACLs. Policy compiler can emulate the " +"latter behaviour if this options is turned on." +msgstr "" +"PIX prüft Pakete mit Hilfe von ACLs bevor sie mit NAT behandelt werden. " +"Viele andere Firewalls arbeiten zuerst mit NAT und legen dann die ACLs an, " +"Der Policy-Kompiler emuliert das zweite Verhalten auf der PIX, wenn diese " +"Option aktiviert ist." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1837 +msgid "Emulate outbound ACLs" +msgstr "Emulieren der ausgehenden ACLs" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1838 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1840 +msgid "" +"Normally PIX does not support ouotbound ACL, however policy compiler can " +"emulate them if this option is turned on" +msgstr "" +"Normalerweise unterstützt PIX keine ausgehenden ACLs, der Policy-Kompiler " +"kann jedoch diese Funktionalität emulieren, wenn diese Option gesetzt ist" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1839 +#, fuzzy +msgid "Generate outbound ACLs" +msgstr "Emulieren der ausgehenden ACLs" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1843 +msgid "Optimize 'default nat' rules" +msgstr "Optimieren der 'standard-NAT' Regeln" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1844 +msgid "" +"In nat rules where network zone object is used in OSrc, ODst and OSrv are " +"'any' and TSrc defines a global pool for the translation, replace object in " +"OSrc with 'any' to produce PIX command \"nat (interface) N 0.0.0.0 0.0.0.0\"" +msgstr "" +"In den NAT-Regeln, in denen die Netzwerk-Objekte in OSrc (orig. Quelle), " +"ODst (orig. Ziel) und OSrv (orig. Dienst) 'beliebig' sind und wenn TSrc " +"(übers. Quelle) einen allgemeinen Pool für die Übersetzunbg angibt, wird das " +"Objekt in OSrc durch 'beliebig' ersetzt und so das PIX-Kommando \"nat " +"(interface) N 0.0.0.0 0.0.0.0\" erzeugt" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1845 +msgid "Detect rule shadowing in the policy" +msgstr "Überdeckende Regeln in der Policy werden gesucht" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1847 +msgid "Verification of NAT rules" +msgstr "Die NAT-Regeln werden kontrolliert" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1848 +msgid "Check for duplicate nat rules" +msgstr "Doppelte NAT-Regeln werden gesucht" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1849 +msgid "Check for overlapping global pools" +msgstr "Prüfe auf überlappende globale Adressenpools" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1850 +msgid "Check for overlapping statics" +msgstr "Prüfe auf überlappende statische Zuweisungen" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1851 +msgid "" +"Check for overlapping global\n" +"pools and statics" +msgstr "" +"Prüfe Überlappungen zwischen globalen\n" +"Pools und statischen Zuweisungen" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1853 +msgid "Compiler Options" +msgstr "Kompiler-Optionen" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1855 +msgid "Comment the code" +msgstr "Kommentare für diesen Code" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1856 +msgid "Insert comments into generated PIX configuration file" +msgstr "Füge Kommentare in die generierte PIX-Konfigurationsdatei ein" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1857 +msgid "Use ACL remarks" +msgstr "Benutze ACL remarks" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1858 +msgid "Use ACL remarks to relate ACL commands and policy rules in the GUI" +msgstr "" +"Benutze ACL remarks um die ACL-Kommandos mit den Policy-Regeln im GUI zu " +"verknüpfen" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1859 +msgid "Group similar commands together" +msgstr "Gruppiere ähnliche Kommandos zusammen" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1860 +msgid "" +"Group PIX commands in the script so that similar commands appear next to " +"each other, just like PIX does it when you use 'show config'" +msgstr "" +"Gruppiere PIX-Kommandos im Skript so, dass ähnliche Kommandos nahe " +"beieinander auftauchen, so wie vom PIX-Kommando 'show config' gewohnt" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1861 +msgid "Use manual ACL commit on FWSM" +msgstr "Benutze manuelles ACL-Commit auf FWSM" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1862 +msgid "Access lists (requires Firewall Builder for PIX 1.1.6 and later)" +msgstr "Access-Listen (benötigt Firewall Builder for PIX 1.1.6 oder neuer)" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1863 +#, fuzzy +msgid "" +"Clear all access lists then install new ones. This method may interrupt " +"access to the firewall if you manage it remotely via IPSEC tunnel. This is " +"the way access lists were generated in older versions of Firewall Builder " +"for PIX." +msgstr "" +"Lösche zuerst alle Access-Listen und installiere dann die neuen. Diese\n" +"Methode kann den Zugriff auf die Firewall unterbrechen, wenn sie über\n" +"einen IPSEC-Tunnel aus der Ferne bedient wird. Dies ist die Art, wie\n" +"Access-Listen in älteren Versionen des Firewall Builder für die PIX\n" +"generiert worden sind." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1864 +#, fuzzy +msgid "" +"Do not clear access lists and object group, just generate PIX commands for " +"the new ones. Use this optin if you have your own policy installation " +"scripts." +msgstr "" +"Die Access-Listen und die Objekt-Gruppe werden nicht gelöscht, es werden\n" +"lediglich die PIX-Kommandos erzeugt, die für die Erstellung der neuen\n" +"benötigt werden. Diese Option ist dann sinnvoll, wenn Sie eine eigene\n" +"Routine zur Installation der Policy-Konfiguration verwenden wollen." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1865 +#, fuzzy +msgid "" +"\"Safety net\" method:\n" +"\n" +"First, create temporary access list to permit connections from the " +"management subnet specified below to the firewall and assign it to outside " +"interface. This temporary ACL helps maintain session between management " +"station and the firewall while access lists are reloaded in case connection " +"comes over IPSEC tunnel. Then clear permanent lists, recreate them and " +"assign to interfaces. This method ensures that remote access to the firewall " +"is maintained without interruption at a cost of slightly larger " +"configuration." +msgstr "" +"Methode mit \"Sicherheitsnetz\":\n" +"\n" +"Zuerst wird eine temporäre Access-Liste angelegt, die den Zugriff vom\n" +"Management-Subnetz (wie unten angegeben) aus auf die Firewall erlaubt,\n" +"und dem Interface zur Außenwelt zugewiesen.\n" +"Diese temporäre ACL hilft die Sitzung zwischen der Management-Station und\n" +"der Firewall über einen IPSEC-Tunnel aufrecht zu erhalten während die\n" +"Access-Listen neu geladen werden.\n" +"Anschließend werden die permanenten Access-Listen gelöscht und neu\n" +"angelegt und den Interfaces zugeordnet. Diese Methode stellt sicher,\n" +"dass der Zugriff auf die Firewall ohne Unterbrechung bestehen bleibt,\n" +"erkauft dies allerdings durch eine etwas umfangreichere Konfiguration." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1868 +msgid "" +"Temporary access list should permit access from this address or subnet (use " +"prefix notation to specify subnet, e.g. 192.0.2.0/24):" +msgstr "" +"Mit einer temporären Access-Liste sollte der Zugriff von dieser Adresse oder " +"diesem Subnetz (bitte in Präfix-Notation z.B. 192.0.2.0/24) erlaubt werden:" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1890 +msgid "Set all to defaults.." +msgstr "Alles auf Standardwerte setzen.." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1891 +msgid "xlate" +msgstr "xlate (übersetzen)" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1892 +msgid "conn" +msgstr "conn" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1893 +msgid "udp" +msgstr "UDP" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1894 +msgid "rpc" +msgstr "RPC" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1895 +msgid "h323" +msgstr "h323" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1896 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2020 +msgid "sip" +msgstr "SIP" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1897 +#, fuzzy +msgid "sip&media" +msgstr "sip&media" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1898 +msgid "unauth" +msgstr "unauth" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1899 +msgid "telnet" +msgstr "Telnet" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1900 +msgid "ssh" +msgstr "SSH" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1901 +msgid "ss" +msgstr "SS" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1902 +msgid "mm" +msgstr "MM" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1903 +msgid "hh" +msgstr "HH" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1904 +msgid "half-closed" +msgstr "halb-geschlossen" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1906 +msgid "Inactivity" +msgstr "Inaktivität" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1907 +msgid "Absolute" +msgstr "absolut" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1911 +msgid "" +"Policy compiler generates 'fixup' commands for PIX v6.1-6.3 and FWSM v2.3. " +"For PIX 7.0 it generates 'class-map' and 'inspect' commands assigned to the " +"'policy-map' under either default or custom inspection classes." +msgstr "" +"Der Policy-Kompiler generiert 'fixup'-Kommandos für PIX v6.1-6.3 und FWSM " +"v2.3. Für PIX 7.0 generiert er 'class-map'- und 'inspect'-Kommandos, die der " +"'policy-map' zugeordnet sind (entweder in Standard oder in " +"benutzerdefinierten Inspektionsklassen)." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1913 +msgid "Enable all protocols" +msgstr "Alle Protokolle aktivieren" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1914 +msgid "Disable all protocols" +msgstr "Deaktiviere alle Protokolle" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1915 +msgid "Skip all protocols" +msgstr "Überspringe alle Protokolle" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1916 +#, fuzzy +msgid "Display generated commands" +msgstr "Erzeugte Kommandos anzeigen" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1918 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1927 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1933 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1941 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1950 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1958 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1966 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1972 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1980 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1988 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1995 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2002 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2009 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2017 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2024 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2032 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2040 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2048 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2055 +msgid "skip" +msgstr "überspringen" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1919 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1928 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1934 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1942 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1951 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1959 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1967 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1973 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1981 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1989 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1996 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2003 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2010 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2018 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2025 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2033 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2041 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2049 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2056 +msgid "enable" +msgstr "aktivieren" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1920 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1929 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1935 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1943 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1952 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1960 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1968 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1974 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1982 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1990 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1997 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2004 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2011 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2019 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2026 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2034 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2042 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2050 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2057 +msgid "disable" +msgstr "deaktivieren" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1921 +msgid "" +"Computer Telephony Interface Quick Buffer Encoding (CTIQBE) protocol " +"inspection module that supports NAT, PAT, and bi-directional NAT." +msgstr "" +"Modul zur Inspektion des 'Computer Telephony Interface Quick Buffer Encoding " +"(CTIQBE)'Protokolls mit Unterstützung von NAT, PAT und bidrektionalem NAT." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1922 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1938 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1947 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1956 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1964 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1977 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1993 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2000 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2007 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2014 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2022 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2030 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2037 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2045 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2053 +msgid "port:" +msgstr "Port:" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1923 +msgid "ctiqbe" +msgstr "ctiqbe" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1924 +msgid "" +"Based on this maximum-length configured by the user, the DNS fixup checks to " +"see if the DNS packet length is within this limit. Every UDP DNS packet " +"(request/response) undergoes the above check." +msgstr "" +"Der DNS-Fixup prüft jedes DNS-UDP-Paket (Anfrage oder Antwort), ob die Länge " +"des Paketes innerhalb der vom Benutzer eingestellten maximalen Länge liegt" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1925 +msgid "max length:" +msgstr "max. Länge:" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1930 +msgid "dns" +msgstr "DNS" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1931 +msgid "Enables PAT for Encapsulating Security Payload (ESP), single tunnel." +msgstr "" +"Aktiviert PAT für Encapsulating Security Payload (ESP), einfacher Tunnel" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1936 +msgid "esp ike" +msgstr "esp ike" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1939 +msgid "strict:" +msgstr "strikt:" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1944 +msgid "" +"Activated support for FTP protocol and allows to change the ftp control " +"connection port number." +msgstr "" +"Aktiviert die Unterstützung für das FTP-Protokoll und erlaubt damit die " +"Änderung der Port-Nummer für den Kommando-Kanal des FTP-Dienstes" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1946 +msgid "" +"Specifies to use H.225, the ITU standard that governs H.225.0 session " +"establishment and packetization, with H.323" +msgstr "" +"Aktiviert die Verwendung von H.225, dem ITU Standard für den Aufbau und die " +"Steuerung der Paketierung von H.225.0-Sitzungen zusammen mit H.323" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1948 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1955 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1963 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1978 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2015 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2029 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2038 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2046 +msgid "--" +msgstr "--" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1953 +msgid "h323 h225" +msgstr "h323 h225" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1954 +msgid "" +"Specifies to use RAS with H.323 to enable dissimilar communication devices " +"to communicate with each other." +msgstr "" +"Aktiviert die Verwendung von RAS mit H.323 um unterschiedliche Endgeräte " +"miteinander kommunizieren zu lassen." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1961 +msgid "h323 ras" +msgstr "h323 RAS" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1962 +msgid "" +"The default port for HTTP is 80. Use the port option to change the HTTP " +"port, or specify a range of HTTP ports." +msgstr "" +"Der Standartport für HTTP ist Port 80. In den Portoptionen können Sie diesen " +"ändern oder einen Portbereich angeben." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1969 +msgid "http" +msgstr "HTTP" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1970 +msgid "" +"Enables NAT of ICMP error messages. This creates translations for " +"intermediate hops based on the static or network address translation " +"configuration on the firewall." +msgstr "" +"Aktiviert NAT auch für ICMP-Fehlermeldungen. Damit werden " +"Adressübersetzungen für die dazwischenliegenden Stationen erzeugt, die auf " +"den statischen oder dynamischen Einstellungen der Firewall basieren." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1975 +msgid "icmp error" +msgstr "ICMP-Fehler" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1976 +msgid "" +"Provides NAT support for Microsoft NetMeeting, SiteServer, and Active " +"Directory products that use LightWeight Directory Access Protocol (LDAP) to " +"exchange directory information with an for Internet Locator Service (ILS) " +"server." +msgstr "" +"Schaltet die NAT-Unterstützung für Microsoft NetMeeting, SiteServer, und " +"Active Directory Produkte ein, die das LightWeight Directory Access Protocol " +"(LDAP) benutzen, um Directory-Informationen mit einem Internet Locator " +"Service (ILS) auf einem Server auszutauschen." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1983 +msgid "ils" +msgstr "ILS" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1984 +msgid "Enables the Media Gateway Control Protocol (MGCP) fixup." +msgstr "" +"Das Korrektur-Programm für das Media Gateway Control Protokoll (MGCP) " +"aktivieren." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1985 +msgid "Gateway Port:" +msgstr "Gateway Port:" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1986 +msgid "Call Agent port:" +msgstr "Port-Nummer des Call-Agent:" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1991 +msgid "mgcp" +msgstr "MGCP" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1992 +msgid "" +"Enables Point-to-Point Tunneling Protocol (PPTP) application inspection." +msgstr "" +"Point-to-Point Tunneling Protocol (PPTP) Anwendungs-Prüfung einschalten." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1998 +msgid "pptp" +msgstr "PPTP" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1999 +msgid "Enables inspection of RSH protocol." +msgstr "RSH-Protokoll-Prüfung einschalten" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2005 +msgid "rsh" +msgstr "RSH" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2006 +msgid "" +"Lets PIX Firewall pass Real Time Streaming Protocol (RTSP) packets. RTSP is " +"used by RealAudio, RealNetworks, Apple QuickTime 4, RealPlayer, and Cisco IP/" +"TV connections." +msgstr "" +"Mit dieser Option lässt die PIX-Firewall Pakete des Real Time Streaming " +"Protokolls (RTSP) passieren. RTSP wird von RealAudio, RealNetworks, Apple " +"QuickTime 4, RealPlayer, and Cisco IP-TV Verbindungen verwendet." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2012 +msgid "rtsp" +msgstr "RTSP" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2013 +msgid "" +"Enable or change the port assignment for the Session Initiation Protocol " +"(SIP) for Voice over IP TCP connections." +msgstr "" +"Aktivieren oder Verändern der Port-Zuweisung für das Session Initiation " +"Protokoll (SIP) für Voice over IP TCP-Verbindungen." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2021 +msgid "Enable SIP-over-UDP application inspection." +msgstr "SIP-over-UDP Anwendungs-Prüfung einschalten" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2027 +msgid "sip udp" +msgstr "SIP UDP" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2028 +msgid "" +"Enable SCCP application inspection. SCCP protocol supports IP telephony and " +"can coexist in an H.323 environment. An application layer ensures that all " +"SCCP signaling and media packets can traverse the PIX Firewall and " +"interoperate with H.323 terminals." +msgstr "" +"Aktiviere die SCCP Anwendungs-Prüfung. Das SCCP-Protokoll unterstützt IP-" +"Telefonie und kann gleichzeitig mit H.323 Verbindungen verwendet werden. " +"Eine entsprechende Anwendungsschicht sichert die Übertragung von SCCP-" +"Signalisierungsdaten und Medienpaketen durch die PIX-Firewall und kann mit " +"H.323-Endgeräten zusammen arbeiten." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2035 +msgid "skinny" +msgstr "skinny" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2036 +msgid "" +"Enables the Mail Guard feature, which only lets mail servers receive the RFC " +"821, section 4.5.1, commands of HELO, MAIL, RCPT, DATA, RSET, NOOP, and " +"QUIT. All other commands are translated into X's which are rejected by the " +"internal server." +msgstr "" +"Aktiviert das 'Mail Guard feature', welches dafür sorgt, dass Mail-Server " +"nur die in RFC 821 im Abschnitt 4.5.1 festgelegten Kommandos HELO, MAIL, " +"RCPT, DATA, RSET, NOOP und QUIT erhalten. Alle anderen Kommandos werden mit " +"x überschreiben und damit vom internen Server abgewiesen." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2043 +msgid "smtp" +msgstr "SMTP" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2044 +msgid "Enables support for SQL*Net protocol." +msgstr "Unterstützung für das SQL*Net Protokoll aktivieren." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2051 +msgid "sqlnet" +msgstr "SQLNET" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2052 +msgid "Enable TFTP application inspection." +msgstr "Die Inspektion des TFTP-Protokolls einschalten." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2058 +msgid "tftp" +msgstr "TFTP" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2059 +msgid "Inspect" +msgstr "Inspizieren" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2060 +msgid "Syslog" +msgstr "Syslog" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2061 +msgid "Syslog host (name or IP address):" +msgstr "Syslog-Rechner (Name oder IP-Adresse):" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2062 +msgid "syslog facility:" +msgstr "Syslog-Funktion:" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2063 +msgid "syslog level ('logging trap'):" +msgstr "Syslog-Level ('logging trap'):" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2064 +msgid "Syslog message queue size (messages):" +msgstr "Warteschlangengröße für Sylog-Nachrichten (messages):" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2065 +msgid "Use 'EMBLEM' format for syslog messages" +msgstr "Verwende das 'EMBLEM-Format' für Log-Einträge" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2066 +msgid "" +"PIX Firewall Version 6.3 introduces support for EMBLEM format, which is " +"required when using the CiscoWorks Resource Manager Essentials (RME) syslog " +"analyzer." +msgstr "" +"PIX-Firewall hat seit Version 6.3 die Unterstützung für das EMBLEM Format " +"eingeführt, ein Format das für die Nutzung des 'CiscoWorks Resource Manager " +"Essentials (RME) syslog analyzer' notwendig ist." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2067 +msgid "Set device id for syslog messages (v6.3 and later):" +msgstr "Die Geräte-ID für syslog-Nachrichten setzen (Version 6.3 oder später):" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2068 +msgid "use address of interface" +msgstr "verwende die Adressen des Interfaces" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2069 +msgid "use text string" +msgstr "verwende Text-String" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2070 +msgid "use hostname" +msgstr "verwende Hostname" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2071 +msgid "The logging timestamp command requires that the clock command be set." +msgstr "" +"Das Eintragen der Zeitstempel in die Log-Datei erfordert das Stellen der Uhr." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2072 +msgid "Enable logging timestamps on syslog file" +msgstr "Aktiviere Zeitstempel bei den Ausgaben in die syslog-Datei" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2073 +msgid "Other logging destinations and levels:" +msgstr "Andere Ziele für Log-Daten und Log-Level:" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2074 +msgid "Internal buffer" +msgstr "Interner Puffer" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2075 +msgid "Console" +msgstr "Konsole" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2077 +msgid "Actively reset inbound TCP connections with RST" +msgstr "Hereinkommende TCP-Verbindungen aktiv mit RST zurücksetzen" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2079 +msgid "Actively reset inbound TCP connections with RST on outside interface" +msgstr "" +"Setze ankommende TCP-Verbindungen aktiv mit RST auf externen Interfaces " +"zurück" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2081 +#, fuzzy +msgid "Force each TCP connection to linger in a shortened TIME&WAIT" +msgstr "" +"Erzwinge, dass jede TCP-Verbindung in einer verkürzten TIME&WAIT " +"Wartezeit verbleibt" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2082 +msgid "Alt+W" +msgstr "Alt+W" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2083 +msgid "Enable the IP Frag Guard feature (deprecated in v6.3 and later)." +msgstr "" +"Einschalten des 'IP Frag Guard Features' (abgeschafft in Version 6.3 und " +"später)." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2084 +msgid "Enable TCP resource control for AAA Authentication Proxy" +msgstr "" +"Aktiviere die TCP-Ressourcen-Kontrolle für den AAA-Authentisierungs-Proxy" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2085 +msgid "" +"Specify that when an incoming packet does a route lookup,\n" +"the incoming interface is used to determine which interface\n" +"the packet should go to, and which is the next hop\n" +"(deprecated in v6.3 and later)." +msgstr "" +"Gebe an, dass wenn ankommende Pakete eine Route nachsehen,\n" +"das empfangende Interface zur Ermittlung des ausgehenden\n" +"Interfaces und des nächsten Zieles benutzt wird. \n" +"(in Version 6.3 und später nicht mehr unterstützt)." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2089 +msgid "Disable inbound embedded DNS A record fixups" +msgstr "Abschalten der Anpassung von eingehenden DNS A-Datensätzen" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2090 +msgid "Disable outbound DNS A record replies" +msgstr "Ausgehende DNS-Antworten mit A-Datensätzen unterdrücken" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2091 +msgid "maximum number of simultaneous TCP and UDP connections" +msgstr "maximale Anzahl von gleichzeitigen TCP- und UDP-Verbindungen" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2092 +msgid "maximum number of embryonic connections per host" +msgstr "maximal Anzahl von Verbindungen im Aufbauzustand je Host" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2093 +msgid "" +"Specifies the maximum number of simultaneous TCP and UDP connections for the " +"entire subnet. The default is 0, which means unlimited connections. (Idle " +"connections are closed after the idle timeout specified by the timeout conn " +"command.)" +msgstr "" +"Gibt die maximale Anzahl von gelichzeitig erlaubten TCP- und UDP-" +"Verbindungen für das gesamte Subnetz an. Der Standardwert ist 0, das " +"bedeutet 'kein Limit'. (Nicht mehr aktive Verbindungen werden geschlossen " +"nach dem 'idle timeout' der im conn-Kommando angegeben werden kann.)" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2094 +msgid "" +"Specifies the maximum number of embryonic connections per host. An embryonic " +"connection is a connection request that has not finished the necessary " +"handshake between source and destination. Set a small value for slower " +"systems, and a higher value for faster systems. The default is 0, which " +"means unlimited embryonic connections." +msgstr "" +"Gibt die maximale Anzahl von Verbindungen im Aufbauzustand ausgehend von " +"einem Host an. Verbindungen in diesem Zustand haben noch nicht alle " +"notwendigen Phasen des Handshakes zwischen Quelle und Ziel für den Aufbau " +"durchlaufen. Ein kleiner Wert passt zu langsamen Systemen, ein größerer für " +"schnelle Systeme. Der Standardwert ist 0, die bedeutet keine Limitierung von " +"Verbindungen im Aufbaustatus." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2095 +msgid "The following parameters are used for all NAT rules:" +msgstr "Folgende Parameter werden für alle NAT-Regeln verwendet:" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2096 +msgid "" +"(The default for both parameters is 0, which means unlimited number of " +"connections.)" +msgstr "" +"(Der Standardwert für beie Parameter ist 0, was keine Limitierung für die " +"Anzahl der Verbindungen bedeutet.)" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2097 +msgid "PIX Options" +msgstr "PIX-Optionen" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:275 +msgid "PIX Advanced Configuration Options" +msgstr "fortgeschrittene PIX-Konfigurations-Optionen" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:276 +msgid "Set PIX host name using object's name" +msgstr "Setzen des PIX-Namens unter Verwendung des Objekt-Namens" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:277 +msgid "Generate commands to configure addresses for interfaces" +msgstr "Kommandos generieren, die den Interfaces Adressen zuordnen" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:278 src/gui/.ui/prefsdialog_q.cpp:381 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:788 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:848 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:856 +msgid "General" +msgstr "Allgemein" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:279 +msgid "NTP Servers:" +msgstr "NTP-Server:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:282 +msgid "Server 1:" +msgstr "Server 1:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:283 +msgid "Server 2:" +msgstr "Server 2:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:284 +msgid "Server 3:" +msgstr "Server 3:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:286 +msgid "Preffered:" +msgstr "vorzugsweise:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:287 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:301 +msgid "IP address:" +msgstr "IP-Adresse" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:288 +msgid "NTP" +msgstr "NTP" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:289 +msgid "Disable SNMP Agent" +msgstr "SNMP-Agent deaktivieren" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:290 +msgid "Set SNMP communities using data from the firewall object dialog" +msgstr "Setzen der SNMP-Community-Strings aus den Daten des Firewall-Objektes" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:291 +msgid "SNMP servers" +msgstr "SNMP Server" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:293 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:297 +msgid "Poll" +msgstr "Poll" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:294 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:298 +msgid "Poll and Traps" +msgstr "Poll und Traps" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:295 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:299 +msgid "Traps" +msgstr "Traps" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:300 +msgid "Enable:" +msgstr "Aktivieren:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:302 +msgid "SNMP Server 1:" +msgstr "SNMP Server 1:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:303 +msgid "SNMP Server 2:" +msgstr "SNMP Server 2:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:304 +msgid "Enable sending log messages as SNMP trap notifications" +msgstr "" +"Aktiviere das Senden von Log-Informationen als SNMP-TRAP Benachrichtigungen" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:305 +msgid "SNMP" +msgstr "SNMP" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:306 +msgid "Change TCP MSS to" +msgstr "Die TCP-MSS festlegen auf" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:307 +msgid "bytes" +msgstr "Bytes" + +#: src/gui/.ui/prefsdialog_q.cpp:214 src/gui/.ui/prefsdialog_q.cpp:393 +msgid "File Path" +msgstr "Dateipfad" + +#: src/gui/.ui/prefsdialog_q.cpp:363 +msgid "Preferences" +msgstr "Präferenzen" + +#: src/gui/.ui/prefsdialog_q.cpp:368 +msgid "minutes" +msgstr "Minuten" + +#: src/gui/.ui/prefsdialog_q.cpp:369 +msgid "Periodically save data to file every " +msgstr "Regelmäßig Daten in eine Datei sichern alle" + +#: src/gui/.ui/prefsdialog_q.cpp:370 +msgid "Tooltip delay:" +msgstr "Verzögerungszeit für Tool-Tipps" + +#: src/gui/.ui/prefsdialog_q.cpp:371 +msgid "Enable object tooltips" +msgstr "Objekt-Tool-Tipps aktivieren" + +#: src/gui/.ui/prefsdialog_q.cpp:372 +msgid "Show deleted objects" +msgstr "Gelöschte Objekte anzeigen" + +#: src/gui/.ui/prefsdialog_q.cpp:373 +msgid "Automatically save data in dialogs when switching between objects" +msgstr "" +"Automatisch die Daten der Dialoge speichern, wenn auf ein neues Objekt " +"gegangen wird" + +#: src/gui/.ui/prefsdialog_q.cpp:374 +msgid "On startup: " +msgstr "beim Start:" + +#: src/gui/.ui/prefsdialog_q.cpp:376 +msgid "Load standard objects" +msgstr "Laden der Standard-Objekte" + +#: src/gui/.ui/prefsdialog_q.cpp:377 +msgid "Load last edited file" +msgstr "Laden der zuletzt bearbeiteten Datei" + +#: src/gui/.ui/prefsdialog_q.cpp:378 +msgid "Expand all branches in the object tree" +msgstr "Alle Zweige des Objekt-Baumes öffnen" + +#: src/gui/.ui/prefsdialog_q.cpp:379 +msgid "Working directory:" +msgstr "Arbeitsverzeichnis:" + +#: src/gui/.ui/prefsdialog_q.cpp:382 +msgid "Do not ask for the log record when checking in new file revision." +msgstr "" +"Nicht nach Log-Informationen fragen, wenn eine neue Revision eingespeichert " +"wird" + +#: src/gui/.ui/prefsdialog_q.cpp:383 +msgid "Revision Control" +msgstr "Revisions-Kontrolle" + +#: src/gui/.ui/prefsdialog_q.cpp:384 +msgid "" +"A full path to the Secure Shell utility (remote command execution; for " +"example ssh on Unix or plink.exe or vsh.exe on Windows):" +msgstr "" +"Der vollständige Pfad zu einem 'Secure Shell' Programm (remote command " +"execution; zum Beispiel ssh für Unix oder plink.exe or vsh.exe für Windows):" + +#: src/gui/.ui/prefsdialog_q.cpp:386 +msgid "SSH" +msgstr "SSH" + +#: src/gui/.ui/prefsdialog_q.cpp:387 +msgid "Add..." +msgstr "Hinzufügen..." + +#: src/gui/.ui/prefsdialog_q.cpp:388 +msgid "Remove" +msgstr "Entfernen" + +#: src/gui/.ui/prefsdialog_q.cpp:389 +msgid "" +"If you remove libraries from the list, changes get in effect next time you " +"start the program" +msgstr "" +"Wenn Sie Bibliotheken aus der Liste entfernen wird die Änderung erst beim " +"nächsten Start des Programmes wirksam" + +#: src/gui/.ui/prefsdialog_q.cpp:390 +msgid "Available libraries:" +msgstr "Verfügbare Bibliotheken:" + +#: src/gui/.ui/prefsdialog_q.cpp:394 +msgid "Libraries" +msgstr "Bibliotheken" + +#: src/gui/.ui/prefsdialog_q.cpp:395 +msgid "Use these labels to mark rules in the firewall policy" +msgstr "" +"Diese Bezeichner zum Kennzeichnen von Regeln in der Firewall-Policy verwenden" + +#: src/gui/.ui/prefsdialog_q.cpp:410 +msgid "Labels" +msgstr "Bezeichner" + +#: src/gui/.ui/printingprogressdialog_q.cpp:73 +#, fuzzy +msgid "Printing" +msgstr "Drucken" + +#: src/gui/.ui/rcsfilepreview_q.cpp:49 src/gui/.ui/rcsfilepreview_q.cpp:122 +msgid "Revision" +msgstr "Revision" + +#: src/gui/.ui/rcsfilepreview_q.cpp:52 src/gui/.ui/rcsfilepreview_q.cpp:123 +msgid "Date" +msgstr "Datum" + +#: src/gui/.ui/rcsfilepreview_q.cpp:55 src/gui/.ui/rcsfilepreview_q.cpp:124 +msgid "Author" +msgstr "Autor" + +#: src/gui/.ui/rcsfilepreview_q.cpp:58 src/gui/.ui/rcsfilepreview_q.cpp:125 +msgid "Locked by" +msgstr "Locked (blockiert) durch" + +#: src/gui/.ui/rcsfilepreview_q.cpp:120 +msgid "RCSFilePreview" +msgstr "RCSFilePreview" + +#: src/gui/.ui/rcsfilepreview_q.cpp:121 +msgid "Open read-only" +msgstr "Nur zum Lesen öffnen" + +#: src/gui/.ui/rcsfilepreview_q.cpp:126 +msgid "RCS log:" +msgstr "RCS log:" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:100 +msgid "Log record for the new revision" +msgstr "Logbuch-Eintrag für die neue Revision" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:101 +msgid "Do not ask me anymore, always check files in with empty log" +msgstr "" +"Nicht mehr nachfragen, neue Revisionen immer mit leeren Logbuch-Eintrag " +"speichern" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:102 +#, fuzzy +msgid "Check file &in" +msgstr "Datei im RCS spe&ichern" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:103 +msgid "Alt+I" +msgstr "Alt+I" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:106 +#, qt-format +msgid "Checking file %1 into RCS" +msgstr "Datei %1 in das RCS eintragen" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:107 +msgid "Log record for this revision: " +msgstr "Logbuch-Eintrag für diese Revision: " + +#: src/gui/.ui/routingruleoptionsdialog_q.cpp:118 +#, fuzzy +msgid "Routing Rule Options" +msgstr "Routing-Regeloptionen" + +#: src/gui/.ui/routingruleoptionsdialog_q.cpp:120 +msgid "If installation of this routing rule fails, just carry on" +msgstr "" +"Wenn die Installation dieser Routing-Regel mislingt, einfach weitermachen" + +#: src/gui/.ui/routingruleoptionsdialog_q.cpp:121 +msgid "No options available for routing rules of this firewall platform" +msgstr "" +"Auf dieser Firewall-Plattform existieren keine Optionen für Routing-Regeln" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:783 +msgid "Rule Options for ipt" +msgstr "Regel-Optionen für ipt" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:785 +#, fuzzy +msgid "" +"Assume firewall is part of 'any' (this setting only affects code generated " +"for this rule)" +msgstr "" +"Nehme an, die Firewall ist Teil von 'beliebig' (gilt nur für den Code dieser " +"Regel)" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:786 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:845 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:853 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:877 +msgid "Stateless rule" +msgstr "Regel ohne Status (stateless)" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:787 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:844 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:852 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:878 +msgid "" +"Normally policy compiler uses stateful inspection in each rule. Activating " +"next option makes this rule stateless." +msgstr "" +"Normalerweise verwendet der Policy-Kompiler statusbehaftete Inspektionen " +"(stateful inspection) bei jeder Regel. Aktivieren der nächsten Option macht " +"diese Regel statusfrei (stateles)." + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:800 +#, fuzzy +msgid "Netlink group (if using ULOG): " +msgstr "" +"Netlink Gruppe\n" +"(bei Verwendung von ULOG): " + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:802 +#, fuzzy +msgid "Rate (rule matches if it hits this often or less):" +msgstr "" +"Die Regel trifft zu, wenn sie öfter\n" +"oder seltener zutrifft: " + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:803 +msgid "Module limit" +msgstr "Modul limit" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:804 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:827 +msgid "Burst:" +msgstr "Burst:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:811 +msgid "limit" +msgstr "Limit" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:812 +msgid "bit" +msgstr "bit" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:813 +msgid "per network with netmask of " +msgstr "je Netzwerk mit einer Makse wie " + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:814 +#, fuzzy +msgid "Number of allowed connections per client host" +msgstr "maximale Anzahl von Verbindungen je Host" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:815 +msgid "Module connlimit" +msgstr "Modul connlimit" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:816 +#, fuzzy +msgid "connlimit" +msgstr "connlimit" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:817 +msgid "Module hashlimit" +msgstr "Modul hashlimit" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:818 +msgid "" +"On some older systems this module has name 'dstlimit'. Check here if you " +"need to use this name." +msgstr "" +"Auf einigen älteren Systemen hat das Modul den Namen 'dstlimit'. Bitte hier " +"ankreuzen, wenn dieser Name verwendet werden soll." + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:819 +#, fuzzy +msgid "Rate:" +msgstr "Datum:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:828 +#, fuzzy +msgid "Mode:" +msgstr "Mode:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:830 +#, fuzzy +msgid "dstip" +msgstr "dstip" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:831 +#, fuzzy +msgid "srcip" +msgstr "srcip" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:832 +msgid "dstip,dstport" +msgstr "dstip,datport" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:833 +msgid "srcip,srcport" +msgstr "srcip,srcport" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:834 +#, fuzzy +msgid "htable-size:" +msgstr "iptables:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:835 +msgid "" +"The number of buckets of the hash table (omit this option in generated " +"script if set to 0)" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:836 +msgid "htable-max:" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:837 +msgid "" +"Maximum number of entries in the hash (omit this option in generated script " +"if set to 0)" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:838 +#, fuzzy +msgid "htable-expire:" +msgstr "iptables-restore:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:839 +msgid "" +"After how many milliseconds do hash entries expire (omit this option in the " +"generated script if set to 0)" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:840 +msgid "htable-gcinterval:" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:841 +msgid "" +"How many milliseconds between garbage collection intervals (omit this option " +"in generated script if set to 0)" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:842 +msgid "" +"Options below control size of the hash table and expiration time. They will " +"be omitted from the generated script if set to zero." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:843 +msgid "hashlimit" +msgstr "hashlimit" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:846 +#, fuzzy +msgid "" +"Send ICMP 'unreachable' packet masquerading as being from the original " +"destination" +msgstr "" +"Sende ICMP 'unreachable' Paket so maskiert, wie wenn es von der " +"ursprünglichen Zieladresse käme" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:847 +#, fuzzy +msgid "" +"Keep information on fragmented packets, to be applied to later fragments" +msgstr "" +"Behalte Informationen über fragmentierte Pakete, um sie auf spätere " +"Fragmente anwenden zu können" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:854 +msgid "" +"In PF 4.x \"flags S/SA keep state\" is the default. Compiler will omit these " +"flags while generating code for stateful rules matching tcp services. " +"However, according to the PF FAQ, care should be taken while dealing with " +"states and interface enc0. To avoid leaking unencrypted traffic out, the FAQ " +"recommends setting 'keep state' explicitly in all rules on the enc0 " +"interface. This option applies only if version is set to 4.x." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:855 +msgid "Add 'keep state' " +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:859 +msgid "Activate source tracking" +msgstr "Aktivieren der Quellenverfolgung (source tracking)" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:860 +msgid "" +"When this option is checked, the number of states per source IP is tracked " +msgstr "" +"Mit dieser Option wird die Überwachung der Statusänderungen für jede Quell-" +"IP-Adresse aktiviert" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:861 +#, fuzzy +msgid "" +"Maximum number of source addresses which can simultaneously have state table " +"entries (max-src-nodes):" +msgstr "" +"Maximale Anzahl von Quelladressen, welche gleichzeitig Einträge in der " +"Statustabelle haben dürfen:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:862 +#, fuzzy +msgid "" +"Maximum number of simultaneous state entries that a single source address " +"can create with this rule (max-src-states):" +msgstr "" +"Maximale Anzahl von gleichzeitigen Einträgen, die eine einzelne Quelladresse " +"mit dieser Regel in der Statustabelle erzeugen darf:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:863 +msgid "Tracking" +msgstr "Verfolgung" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:864 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:872 +msgid "overload table:" +msgstr "overload table:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:865 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:871 +msgid "flush" +msgstr "flush" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:866 +#, fuzzy +msgid "" +"Maximum number of simultaneous TCP connections that a single host can make " +"(max-src-conn):" +msgstr "" +"Maximale Anzahl von gleichzeitigen TCP-Verbindungen, die ein einzelner Host " +"aufbauen darf (max-arc-conn):" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:867 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:870 +msgid "global" +msgstr "global" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:868 +msgid "The limit of new connections over a time interval (max-src-conn-rate):" +msgstr "Limit für neue Verbindungen je Zeitspanne (max-src-conn-rate):" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:869 +msgid "/" +msgstr "/" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:873 +#, fuzzy +msgid "sec" +msgstr "Sekunde" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:874 +msgid "" +"When this limit is reached, further packets matching the rule that would " +"create state are dropped, until existing states time out." +msgstr "" +"Wenn diese Schwelle erreicht ist, werden solange weitere Pakete verworfen, " +"auf die diese Regel zutrifft und die den limitierten Status erzeugen, bis " +"durch Timeout wieder der Status verlassen wird." + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:875 +#, fuzzy +msgid "" +"Maximum number of concurrent states this rule may create. Unlimited if set " +"to zero (option 'max')." +msgstr "" +"Maximale Zahl von gleichzeitigen Statuseinträgen, die von dieser Regel " +"erzeugt werden dürfen (unlimitiert, wenn der Wert auf o steht)(Option 'max'):" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:879 +msgid "These options are only valid for PIX running software v6.3 or later" +msgstr "Diese Optionen gelten nur für PIX mit Softwareversion 6.3 oder neuer" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:880 +#, fuzzy +msgid "completely disable logging for this rule" +msgstr "Log-Funktion für diese Regel komplett ausschalten" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:882 +msgid "Logging interval:" +msgstr "Intervall für die Log-Funktion:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:883 +#, fuzzy +msgid "Tere are no options for this firewall platform" +msgstr "Für diese Firewall-Plattform sind keine Optionen verfügbar" + +#: src/gui/.ui/simpletextview_q.cpp:92 +msgid "Text viewer" +msgstr "Textbetrachter" + +#: src/gui/.ui/simpletextview_q.cpp:93 +#, fuzzy +msgid "Object Name" +msgstr "Objektname" + +#: src/gui/.ui/solarisadvanceddialog_q.cpp:182 +msgid "Solaris: advanced settings" +msgstr "Solaris: erweiterte Einstellungen" + +#: src/gui/.ui/solarisadvanceddialog_q.cpp:187 +msgid "Ignore ICMP redirects" +msgstr "Ignoriere ICMP-Redirects" + +#: src/gui/.ui/solarisadvanceddialog_q.cpp:192 +msgid "Forward directed broadcasts" +msgstr "Transportiere directed (an ein Netz gerichtete) Broadcasts" + +#: src/gui/.ui/solarisadvanceddialog_q.cpp:193 +msgid "Respond to echo broadcast" +msgstr "Antworte auf Echo-Broadcasts" + +#: src/gui/.ui/tagservicedialog_q.cpp:148 +#, fuzzy +msgid "Tag Service" +msgstr "Tag-Dienst" + +#: src/gui/.ui/tcpservicedialog_q.cpp:375 +#, fuzzy +msgid "Use option \"established\" if supported by the target firewall platform" +msgstr "Für diese Firewall-Plattform sind keine Optionen verfügbar" + +#: src/gui/.ui/tcpservicedialog_q.cpp:377 +msgid "Settings:" +msgstr "Einstellungen:" + +#: src/gui/.ui/tcpservicedialog_q.cpp:390 +msgid "U" +msgstr "U" + +#: src/gui/.ui/tcpservicedialog_q.cpp:391 +msgid "A" +msgstr "A" + +#: src/gui/.ui/tcpservicedialog_q.cpp:392 +msgid "P" +msgstr "P" + +#: src/gui/.ui/tcpservicedialog_q.cpp:393 +msgid "R" +msgstr "R" + +#: src/gui/.ui/tcpservicedialog_q.cpp:394 +msgid "S" +msgstr "S" + +#: src/gui/.ui/tcpservicedialog_q.cpp:395 +msgid "F" +msgstr "F" + +#: src/gui/.ui/tcpservicedialog_q.cpp:396 +msgid "Mask:" +msgstr "Maske:" + +#: src/gui/.ui/tcpservicedialog_q.cpp:397 +#, fuzzy +msgid "Flags:" +msgstr "TCP FLags" + +#: src/gui/.ui/tcpservicedialog_q.cpp:400 +#: src/gui/.ui/udpservicedialog_q.cpp:224 +msgid "Source Port Range" +msgstr "Bereich für Quell-Portnummern" + +#: src/gui/.ui/tcpservicedialog_q.cpp:401 +#: src/gui/.ui/tcpservicedialog_q.cpp:404 +#: src/gui/.ui/udpservicedialog_q.cpp:225 +#: src/gui/.ui/udpservicedialog_q.cpp:228 +msgid "Start:" +msgstr "Beginn:" + +#: src/gui/.ui/tcpservicedialog_q.cpp:402 +#: src/gui/.ui/tcpservicedialog_q.cpp:405 +#: src/gui/.ui/udpservicedialog_q.cpp:226 +#: src/gui/.ui/udpservicedialog_q.cpp:229 +msgid "End:" +msgstr "Ende:" + +#: src/gui/.ui/tcpservicedialog_q.cpp:403 +#: src/gui/.ui/udpservicedialog_q.cpp:227 +msgid "Destination Port Range" +msgstr "Bereich für Ziel-Portnummern" + +#: src/gui/.ui/timedialog_q.cpp:246 src/gui/.ui/timedialog_q.cpp:263 +msgid "Sunday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:247 src/gui/.ui/timedialog_q.cpp:264 +#, fuzzy +msgid "Monday" +msgstr "Ändern" + +#: src/gui/.ui/timedialog_q.cpp:248 src/gui/.ui/timedialog_q.cpp:265 +msgid "Tuesday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:249 src/gui/.ui/timedialog_q.cpp:266 +msgid "Wednesday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:250 src/gui/.ui/timedialog_q.cpp:267 +msgid "Thursday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:251 src/gui/.ui/timedialog_q.cpp:268 +msgid "Friday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:252 src/gui/.ui/timedialog_q.cpp:269 +msgid "Saturday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:253 +#, fuzzy +msgid "Start day of week:" +msgstr "Wochentag (0-6):" + +#: src/gui/.ui/timedialog_q.cpp:254 +#, fuzzy +msgid "Start time:" +msgstr "Beginn:" + +#: src/gui/.ui/timedialog_q.cpp:255 +#, fuzzy +msgid "Start date:" +msgstr "Beginn:" + +#: src/gui/.ui/timedialog_q.cpp:258 +#, fuzzy +msgid "End date:" +msgstr "Aktivieren:" + +#: src/gui/.ui/timedialog_q.cpp:260 +#, fuzzy +msgid "End time:" +msgstr "Ende:" + +#: src/gui/.ui/timedialog_q.cpp:270 +#, fuzzy +msgid "End day of week:" +msgstr "Wochentag (0-6):" + +#: src/gui/utils.cpp:197 +msgid "" +"Impossible to apply changes because object is located in read-only\n" +"part of the tee or data file was opened read-only" +msgstr "" +"Änderungen können nicht gespeichert werden weil das Objekt im\n" +"schreibgeschützten Teil des Baumes liegt oder die Datei\n" +"schreibgeschützt geöffnet worden ist" + +#: src/gui/utils.cpp:219 +#, qt-format +msgid "Object with name '%1' already exists, please choose different name." +msgstr "" +"Das Objekt mit dem Namen '%1' existiert bereits, bitte wählen Sie einen " +"anderen Namen" + +#: src/gui/aboutdialog_q.ui.h:14 +msgid "Revision: %1 ( Build: %2 )" +msgstr "Revision: %1 ( Build: %2 )" + +#: src/gui/aboutdialog_q.ui.h:16 +#, fuzzy +msgid "Using Firewall Builder API %1" +msgstr "benutzt Firewall Builder API %1" + +#: src/gui/aboutdialog_q.ui.h:19 +msgid "Registered" +msgstr "registriert" + +#: src/gui/aboutdialog_q.ui.h:20 +msgid "Unregistered" +msgstr "unregistriert" + +#: src/gui/upgradePredicate.h:45 +msgid "" +"The data file you are trying to open has been\n" +"saved with an older version of Firewall Builder.\n" +"Opening it in this version will cause it to be\n" +"upgraded, which may prevent older versions of\n" +"the program from reading it. Backup copy of your\n" +"file in the old format will be made in the same\n" +"directory with extension '.bak'.\n" +"Are you sure you want to open it?" +msgstr "" +"Die Projekt-Datei, die Sie gerade öffnen wollen,\n" +"wurde mit einer älteren Version des Firewall Builder abgespeichert.\n" +"Wenn Sie es mit dieser Version öffnen, werden die Daten in\n" +"das aktuelle Format umgewandelt, was verhindern kann,\n" +"dass ältere Versionen des Programms darauf zugreifen können.\n" +"Es wird automatisch eine Backup-Kopie der Datei im alten Format\n" +"im gleichen Verzeichnis mit der Endung '.bak' abgelegt.\n" +"Sind Sie sicher, dass Sie weitermachen wollen?" + +#: src/gui/upgradePredicate.h:53 +#, fuzzy +msgid "&Upgrade" +msgstr "&Upgrade" + +#: src/gui/upgradePredicate.h:54 +#, fuzzy +msgid "&Do not load the file" +msgstr "&Datei nicht laden" + +#, fuzzy +#~ msgid "Policy/%1" +#~ msgstr "Policy/%1" + +#, fuzzy +#~ msgid "Save configuration" +#~ msgstr "Konfiguration speichern" + +#, fuzzy +#~ msgid "Save configuration to standby unit" +#~ msgstr "Konfiguration im Standby-Gerät speichern" + +#, fuzzy +#~ msgid "Exiting" +#~ msgstr "Verlassen" + +#~ msgid "Mark packets in PREROUTING chain" +#~ msgstr "Markiere Paket in der PREROUTING-Chain" + +#, fuzzy +#~ msgid "C&ommit" +#~ msgstr "Übernehmen" + +#~ msgid "Enter authentication information below and click 'Next'" +#~ msgstr "" +#~ "Authentisierungs-Informationen unten eintragen und 'Weiter' anklicken" + +#~ msgid "Activate a rule on:" +#~ msgstr "Aktiviere eine Regel an:" + +#~ msgid "Date:" +#~ msgstr "Datum:" + +#~ msgid "Time:" +#~ msgstr "Zeit:" + +#~ msgid "Deactivate a rule on:" +#~ msgstr "Deaktiviere eine Regel an:" + +#~ msgid "&Continue" +#~ msgstr "&Weiter" + +#~ msgid "&Stop" +#~ msgstr "&Stopp" + +#~ msgid "<b>Library:</b> " +#~ msgstr "<b>Bibliothek:</b> " + +#~ msgid "<b>Object Id:</b> " +#~ msgstr "<b>Objekt Id:</b>" + +#~ msgid "<b>Object Name:</b> " +#~ msgstr "<b>Objektname:</b> " + +#, fuzzy +#~ msgid "<b>DNS record:</b>" +#~ msgstr "<b>DNS Datensatz:</b>" + +#, fuzzy +#~ msgid "<b>Table file:</b>" +#~ msgstr "<b>Tabelle Datei:</b> " + +#, fuzzy +#~ msgid "<b>Path:</b> " +#~ msgstr "<b>Pfad:</b> " + +#, fuzzy +#~ msgid "<b>Action :</b> " +#~ msgstr "<b>Aktion :</b> " + +#, fuzzy +#~ msgid "<b>Parameter:</b> " +#~ msgstr "<b>Parameter:</b> " + +#, fuzzy +#~ msgid "<b>Netlink group :</b> " +#~ msgstr "<b>Netlink Gruppe :</b> " + +#~ msgid "<li><b>Part of Any</b></li>" +#~ msgstr "<li><b>Teil von Ales</b></li>" + +#~ msgid "<li><b>Stateless</b></li> " +#~ msgstr "<li><b>Stateless</b></li> " + +#, fuzzy +#~ msgid "<b>Log facility:</b> " +#~ msgstr "<b>Log-facility:</b> " + +#, fuzzy +#~ msgid "<b>Log level :</b> " +#~ msgstr "<b>Log-Level :</b> " + +#~ msgid "<li><b>Send 'unreachable'</b></li>" +#~ msgstr "<li><b>'unreachable' senden</b></li>" + +#, fuzzy +#~ msgid "<b>Log prefix :</b> " +#~ msgstr "<b>Log-Präfix:</b> " + +#~ msgid "<li><b>Source tracking</b></li> " +#~ msgstr "<li><b>Quell-Adresse verfolgen</b></li> " + +#~ msgid "<u><b>Ver:%1</b></u><br>\n" +#~ msgstr "<u><b>Ver:%1</b></u><br>\n" + +#, fuzzy +#~ msgid "" +#~ "<li><b>Disable logging for this rule</b></li> " +#~ msgstr "" +#~ "<li><b>Log-Funktion für diese Regel ausschalten</b></" +#~ "li> " + +#~ msgid "&Save" +#~ msgstr "&Speichern" + +#~ msgid "&Discard" +#~ msgstr "&Verwerfen" + +#~ msgid "&Cancel" +#~ msgstr "&Abbrechen" + +#~ msgid "&Yes" +#~ msgstr "&Ja" + +#~ msgid "&No" +#~ msgstr "&Nein" + +#~ msgid "<b>Summary:</b>" +#~ msgstr "<b>Zusammenfassung:</b>" + +#~ msgid "&Edit" +#~ msgstr "B&earbeiten" + +#~ msgid "New &Library" +#~ msgstr "Neue &Bibliothek" + +#~ msgid "New &Firewall" +#~ msgstr "Neue &Firewall" + +#~ msgid "New &Host" +#~ msgstr "Neuer &Host" + +#~ msgid "New &Interface" +#~ msgstr "Neues &Interface" + +#~ msgid "New &Network" +#~ msgstr "Neues &Netzwerk" + +#~ msgid "New &Address" +#~ msgstr "Neue &Adresse" + +#~ msgid "New &DNS Name" +#~ msgstr "Neuer &.#;DNS-Name" + +#, fuzzy +#~ msgid "New A&ddress Table" +#~ msgstr "Neuer A&dressbereich" + +#~ msgid "New Address &Range" +#~ msgstr "Neuer Adress-Be&reich" + +#~ msgid "New &Object Group" +#~ msgstr "Neue Objekt-&Gruppe" + +#~ msgid "New &Custom Service" +#~ msgstr "Neuer benutzerdefinierter &Dienst" + +#~ msgid "New &IP Service" +#~ msgstr "Neuer &IP-Dienst" + +#~ msgid "New IC&MP Service" +#~ msgstr "Neuer IC&MP-Dienst" + +#~ msgid "New &TCP Service" +#~ msgstr "Neuer &TCP-Dienst" + +#~ msgid "New &UDP Service" +#~ msgstr "Neuer &UDP-Dienst" + +#, fuzzy +#~ msgid "New &TagService" +#~ msgstr "Neuer &Tag-Dienst" + +#~ msgid "New &Service Group" +#~ msgstr "Neue &Dienst-Gruppe" + +#~ msgid "New Ti&me Interval" +#~ msgstr "Neues &Zeit-Intervall" + +#~ msgid "Open &read-only" +#~ msgstr "Öffnen der Datei nur zum &Lesen" + +#~ msgid "&OK" +#~ msgstr "&OK" + +#~ msgid "&Close" +#~ msgstr "S&chließen" + +#~ msgid "->" +#~ msgstr "->" + +#~ msgid "<-" +#~ msgstr "<-" + +#~ msgid "&New Object File" +#~ msgstr "&Neue Objektdatei" + +#~ msgid "E&xit" +#~ msgstr "&Beenden" + +#~ msgid "&Undo" +#~ msgstr "R&ückgängig" + +#~ msgid "&Redo" +#~ msgstr "Wiede&rholen" + +#~ msgid "&Cut" +#~ msgstr "Auss&chneiden" + +#~ msgid "C&opy" +#~ msgstr "K&opieren" + +#~ msgid "&Paste" +#~ msgstr "E&infügen" + +#~ msgid "&About" +#~ msgstr "&Über" + +#~ msgid "&New Object" +#~ msgstr "&Neues Objekt" + +#~ msgid "&Find Object" +#~ msgstr "Objekt &finden" + +#~ msgid "P&references..." +#~ msgstr "&Einstellungen..." + +#~ msgid "Add File to &RCS" +#~ msgstr "Datei zum &RCS hinzufügen" + +#~ msgid "&Debug" +#~ msgstr "&Debug" + +#~ msgid "&Properties" +#~ msgstr "&Eigenschaften" + +#, fuzzy +#~ msgid "C&ommit" +#~ msgstr "Ü&:bernehmen" + +#~ msgid "&File" +#~ msgstr "&Datei" + +#~ msgid "" +#~ "<p>One interface of the firewall must be marked as 'external'. This " +#~ "interface should be connected to the least secure network, usually the " +#~ "Internet.</p>" +#~ msgstr "" +#~ "<p>Ein Interface der Firewall muss als 'extern' markiert sein. " +#~ "Dieses Interface sollte mit dem als am wenigsten sicher betrachteten " +#~ "Netzwerk, normalerweise dem Internet, verbunden sein.</p>" + +#~ msgid "" +#~ "Some objects have been modified since\n" +#~ "you compiled the policy last time.\n" +#~ "Do you want to recompile it before you install ?" +#~ msgstr "" +#~ "Einige Objekte wurden modifiziert\n" +#~ "seit die Policy das letzte Mal übersetzt wurde.\n" +#~ "Wollen Sie neu kompilieren bevor Sie installieren?" + +#~ msgid "&Compile" +#~ msgstr "&Kompilieren" + +#~ msgid "&Install old copy" +#~ msgstr "&Installieren der alten Kopie" + +#~ msgid "" +#~ "When you delete an object, it is removed from the tree and\n" +#~ "all groups and firewall policy rules that reference it.\n" +#~ "Do you want to delete selected objects ?" +#~ msgstr "" +#~ "Wenn Sie ein Objekt löschen, wird es aus dem Objekt-Baum und allen\n" +#~ "Gruppen und Firewall-Policies, die es verwenden, entfernt.\n" +#~ "Wollen Sie die markierten Objekte wirklich löschen?" + +#~ msgid "Find Secure File Transfer utility" +#~ msgstr "Programm zum sicheren Dateitransfer (scp) suchen" + +#~ msgid "Accounting " +#~ msgstr "Accounting" + +#, fuzzy +#~ msgid "Metric Editor" +#~ msgstr "Metric-Editor" + +#~ msgid "End\n" +#~ msgstr "Ende\n" + +#~ msgid "Pushing firewall configuration\n" +#~ msgstr "Firewall Konfiguration wird übertragen\n" + +#~ msgid "Apply Changes" +#~ msgstr "Änderungen durchführen" + +#, fuzzy +#~ msgid "..." +#~ msgstr "..." + +#, fuzzy +#~ msgid "File preview:" +#~ msgstr "Voransicht" + +#~ msgid "" +#~ "Drop here firewall objects that should be used as policy templates for " +#~ "this firewall. Rules will be added on top of the rules of this firewall " +#~ "and will be taken from policies of the template objects in the order they " +#~ "were added, from top to bottom:" +#~ msgstr "" +#~ "Firewall-Objekte, die als Policy-Muster für diese Firewall verwendet " +#~ "werden sollen, hier ablegen. Die Regeln werden oberhalb der lokalen " +#~ "Regeln dieser Firewall hinzugefügt. Die Regeln werden aus den Policies " +#~ "der Muster-Objekte in der Reiehnfolge, in der sie abgelegt wurden, in die " +#~ "neue Firewall bernommen, von oben nach unten:" + +#~ msgid "SNMP community:" +#~ msgstr "SNMP community:" + +#~ msgid "Contact:" +#~ msgstr "Kontakt:" + +#~ msgid "SNMP Get" +#~ msgstr "SNMP Get" + +#~ msgid "Description:" +#~ msgstr "Beschreibung:" + +#~ msgid "Del" +#~ msgstr "Entf" + +#~ msgid "Installing policy rules on firewall '%1'. Logging in" +#~ msgstr "Installation der Policy-regeln auf der Firewall '%1', Einloggen" + +#~ msgid "" +#~ "Check option 'Unnumbered interface' for the interface that does not have " +#~ "an IP address. Examples of interfaces of this kind are those used to " +#~ "terminate PPPoE or VPN tunnels and interfaces of the bridging firewall." +#~ msgstr "" +#~ "Die Option 'unnummeriertes Interface' muss für das Interface aktiviert " +#~ "sein, das keine (feste) IP-Adresse hat. Dies sind zum Beispiel Interfaces " +#~ "an denen PPPoE oder VPN-Tunnel terminiert werden oder die Interfaces " +#~ "einer bridging firewall." + +#~ msgid "Fixup" +#~ msgstr "Korrektur" + +#~ msgid "Ask user what to do" +#~ msgstr "Frage den Benutzer was zu tun ist" + +#~ msgid "" +#~ "A full path to the Secure Copy utility (secure file copy; for example scp " +#~ "on Unix or pscp.exe or vcp.exe on Windows):" +#~ msgstr "" +#~ "Der vollständige Pfad zu einem sicheren Datei-Kopier-Programm (secure " +#~ "file copy; zum Beispiel scp für Unix oder pscp.exe or vcp.exe für " +#~ "Windows):" + +#~ msgid "" +#~ "Do not save a copy of objects form add-on libraries in each data file" +#~ msgstr "" +#~ "Keine Kopien von Objekten aus Zusatzbibliotheken in jeder Datendatei " +#~ "speichern" + +#~ msgid "" +#~ "This option is provisional and will change or disappear in future " +#~ "releases because we expect to make this a default behavior." +#~ msgstr "" +#~ "Diese option ist nur provisorisch und wird in einem späteren Release " +#~ "wieder verschwinden da dieses Verhalten zukünftig zum Standard gemacht " +#~ "werde wird." + +#~ msgid "Data format" +#~ msgstr "Datenformat" + +#~ msgid "Welcome to Firewall Builder" +#~ msgstr "Willkommen beim Firewall Builder" + +#~ msgid "<b>Firewall Builder N.N.N</b>" +#~ msgstr "<b>Firewall Builder N.N.N</b>" + +#~ msgid "Do you want to open existing project file or create a new one?" +#~ msgstr "" +#~ "Möchten Sie eine vorhandene Projektdatei öffnen oder eine neue erstellen?" + +#~ msgid "Create new project file" +#~ msgstr "Neue Projektdatei anlegen" + +#~ msgid "Open existing file" +#~ msgstr "Vorhandene Datei öffnen" + +#~ msgid "File name: %1" +#~ msgstr "Dateiname: %1" + +#~ msgid "" +#~ "Activate Revision Control System for this file\n" +#~ "(if you do not do this now, you can always activate it later)" +#~ msgstr "" +#~ "Revisions-Kontroll-System für diese Datei aktivieren\n" +#~ "(Wenn Sie dies jetzt nicht aktivieren, können Sie es später jederzeit " +#~ "nachholen)" + +#~ msgid "" +#~ "Let the program automatically open this file when I start it next time\n" +#~ "(you can activate this option later using Preferences dialog)" +#~ msgstr "" +#~ "Das Programm soll automatisch diese Datei öffnen, wenn es das nächste\n" +#~ "Mal gestartet wird. (diese Option kann auch später unter 'Einstellungen'\n" +#~ "verändert werden)" + +#~ msgid "Recognize regular expressions in search pattern" +#~ msgstr "Erkenne reguläre Ausdrücke im Suchmuster" diff --git a/po/de.qm b/po/de.qm new file mode 100644 index 000000000..c6cb05baa Binary files /dev/null and b/po/de.qm differ diff --git a/po/es.po b/po/es.po new file mode 100644 index 000000000..c4ded9738 --- /dev/null +++ b/po/es.po @@ -0,0 +1,7827 @@ +# translation of es.po to Spanish +# This file is distributed under the same license as the fwbuilder package. +# Copyright (C) 2005 Free Software Foundation, Inc. +# Spanish translate by Andago +msgid "" +msgstr "" +"Project-Id-Version: es\n" +"Report-Msgid-Bugs-To: vadim@fwbuilder.org\n" +"POT-Creation-Date: 2007-12-08 21:27-0800\n" +"PO-Revision-Date: 2005-07-26 13:20+0200\n" +"Last-Translator: Carlos A. Lozano \n" +"Language-Team: Spanish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#: src/gui/ActionsDialog.cpp:97 +msgid "" +"'Chabge inbound interface', 'Continue packet inspection' and 'Make a copy' " +"options are mutually exclusive" +msgstr "" + +#: src/gui/ActionsDialog.cpp:98 src/gui/ActionsDialog.cpp:123 +#: src/gui/AddressRangeDialog.cpp:108 src/gui/AddressRangeDialog.cpp:119 +#: src/gui/FirewallDialog.cpp:315 src/gui/FirewallDialog.cpp:340 +#: src/gui/FWWindow.cpp:724 src/gui/FWWindow.cpp:733 src/gui/FWWindow.cpp:858 +#: src/gui/FWWindow.cpp:1082 src/gui/FWWindow.cpp:1095 +#: src/gui/FWWindow.cpp:1111 src/gui/FWWindow.cpp:1149 +#: src/gui/FWWindow.cpp:1155 src/gui/FWWindow.cpp:1224 +#: src/gui/FWWindow.cpp:1318 src/gui/FWWindow.cpp:1360 +#: src/gui/FWWindow.cpp:1383 src/gui/FWWindow.cpp:1456 +#: src/gui/FWWindow.cpp:1474 src/gui/FWWindow.cpp:1537 +#: src/gui/FWWindow.cpp:1549 src/gui/FWWindowPrint.cpp:923 +#: src/gui/instDialog.cpp:719 src/gui/instDialog.cpp:1462 +#: src/gui/instDialog.cpp:1580 src/gui/IPv4Dialog.cpp:146 +#: src/gui/IPv4Dialog.cpp:160 src/gui/listOfLibraries.cpp:148 +#: src/gui/listOfLibraries.cpp:188 src/gui/listOfLibraries.cpp:215 +#: src/gui/NetworkDialog.cpp:109 src/gui/NetworkDialog.cpp:120 +#: src/gui/RCS.cpp:499 src/gui/RCS.cpp:688 src/gui/RCS.cpp:701 +#: src/gui/RCS.cpp:718 src/gui/RCS.cpp:801 src/gui/utils.cpp:198 +msgid "&Continue" +msgstr "&Continuar" + +#: src/gui/ActionsDialog.cpp:122 +msgid "" +"Rule name for accounting is converted to the iptables\n" +"chain name and therefore may not contain white space\n" +"and special characters." +msgstr "" +"El nombre de regla para esta cuenta es convertido a un nombre\n" +"de cadena de iptables, por lo que no puede contender espacios\n" +"en blanco ni caracteres especiales." + +#: src/gui/ActionsDialog.cpp:222 src/gui/ActionsDialog.cpp:223 +#: src/gui/.ui/actionsdialog_q.cpp:470 +msgid "Emulation is currently ON, rule will be terminating" +msgstr "" + +#: src/gui/ActionsDialog.cpp:226 src/gui/ActionsDialog.cpp:227 +msgid "Emulation is currently OFF, rule will be non-terminating" +msgstr "" + +#: src/gui/AddressRangeDialog.cpp:107 src/gui/AddressRangeDialog.cpp:118 +#: src/gui/IPv4Dialog.cpp:145 src/gui/NetworkDialog.cpp:108 +#, qt-format +msgid "Illegal IP address '%1'" +msgstr "Dirección IP ilegal '%1'" + +#: src/gui/ColorLabelMenuItem.cpp:48 +msgid "no color" +msgstr "sin color" + +#: src/gui/CommentEditorPanel.cpp:75 src/gui/SimpleTextEditor.cpp:66 +msgid "Warning: loading from file discards current contents of the script." +msgstr "" +"Warning: cargar desde eel fichero descarta contenidos actuales del script." + +#: src/gui/CommentEditorPanel.cpp:80 +msgid "Choose file that contains PIX commands" +msgstr "Elija un fichero que contenga comandos PIX" + +#: src/gui/CommentEditorPanel.cpp:88 src/gui/DiscoveryDruid.cpp:791 +#: src/gui/SimpleTextEditor.cpp:79 +#, qt-format +msgid "Could not open file %1" +msgstr "No se pudo abrir el fichero %1" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:157 +#: src/gui/FindWhereUsedWidget.cpp:171 src/gui/FWWindow.cpp:2115 +#: src/gui/FWWindowPrint.cpp:369 +msgid "NAT" +msgstr "NAT" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:160 +#: src/gui/FindWhereUsedWidget.cpp:174 src/gui/FWWindow.cpp:2087 +msgid "Policy" +msgstr "Política" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:163 +#: src/gui/FindWhereUsedWidget.cpp:177 src/gui/FWWindow.cpp:2130 +#: src/gui/FWWindowPrint.cpp:396 src/gui/platforms.cpp:559 +msgid "Routing" +msgstr "" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:166 +#: src/gui/FindWhereUsedWidget.cpp:180 +msgid "Unknown rule set" +msgstr "" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:168 +#: src/gui/FindWhereUsedWidget.cpp:182 +#, fuzzy, qt-format +msgid "/Rule%1" +msgstr "Regla %1" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:182 +#: src/gui/FindWhereUsedWidget.cpp:196 +#, fuzzy +msgid "Type: " +msgstr "tipo: " + +#: src/gui/ConfirmDeleteObjectDialog.cpp:203 +msgid "Not used anywhere" +msgstr "" + +#: src/gui/DialogFactory.cpp:158 src/gui/DialogFactory.cpp:181 +#, qt-format +msgid "Support module for %1 is not available" +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:616 +#, fuzzy +msgid "Hosts file parsing ..." +msgstr "Opciones del SO de la máquina ..." + +#: src/gui/DiscoveryDruid.cpp:625 +msgid "DNS zone transfer ..." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:635 +msgid "Network discovery using SNMP ..." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:645 +#, fuzzy +msgid "Import configuration from file ..." +msgstr "* Cargando fichero de configuración %1" + +#: src/gui/DiscoveryDruid.cpp:790 src/gui/DiscoveryDruid.cpp:1675 +#: src/gui/DiscoveryDruid.cpp:1722 +msgid "Discovery error" +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:1086 src/gui/DiscoveryDruid.cpp:1158 +#, fuzzy +msgid "Adding objects ..." +msgstr " objetos" + +#: src/gui/DiscoveryDruid.cpp:1086 src/gui/DiscoveryDruid.cpp:1159 +#: src/gui/DiscoveryDruid.cpp:1362 src/gui/DiscoveryDruid.cpp:1507 +#: src/gui/DiscoveryDruid.cpp:1549 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:111 +#: src/gui/.ui/filterdialog_q.cpp:154 src/gui/.ui/instoptionsdialog_q.cpp:286 +#: src/gui/.ui/libexport_q.cpp:113 src/gui/.ui/newgroupdialog_q.cpp:102 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1826 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:310 +#: src/gui/.ui/printingprogressdialog_q.cpp:74 +#: src/gui/.ui/simpleinteditor_q.cpp:89 src/gui/.ui/simpletexteditor_q.cpp:96 +msgid "Cancel" +msgstr "Cancelar" + +#: src/gui/DiscoveryDruid.cpp:1362 +#, fuzzy +msgid "Prepare objects ..." +msgstr "Ãrbol de Objetos" + +#: src/gui/DiscoveryDruid.cpp:1507 src/gui/DiscoveryDruid.cpp:1548 +msgid "Copying results ..." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:1838 +msgid "Incomlete network specification." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:1917 +#, fuzzy +msgid "Empty community string" +msgstr "Cadena 'read' de la comunidad SNMP:" + +#: src/gui/DiscoveryDruid.cpp:2132 +msgid "" +"Firewall Builder can import Cisco IOS access lists from the router " +"configuration saved using 'show run' or any other command that saves running " +"config. The name of the created firewall object, all of its interfaces and " +"their addresses will be configured automatically if this information can be " +"found in the configuration file." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:2143 +msgid "" +"Firewall Builder can import iptables rules from a file in iptables-save " +"format. Firewall name and addresses of its interfaces need to be configured " +"manually because iptables-save file does not have this information. " +msgstr "" + +#: src/gui/execDialog.cpp:101 src/gui/instDialog.cpp:1436 +#: src/gui/instDialog.cpp:2110 +msgid "Error: Failed to start program" +msgstr "Error: Fallo al iniciar el programa" + +#: src/gui/filePropDialog.cpp:62 +msgid "Opened read-only" +msgstr "Abierto de sólo-lectura" + +#: src/gui/filePropDialog.cpp:80 +#, qt-format +msgid "Revision %1" +msgstr "Revisión %1" + +#: src/gui/FilterDialog.cpp:102 +msgid "Filter error" +msgstr "" + +#: src/gui/FilterDialog.cpp:102 +msgid "Invalid RegExp." +msgstr "" + +#: src/gui/FilterDialog.cpp:404 src/gui/GroupObjectDialog.cpp:144 +#: src/gui/.ui/findobjectwidget_q.cpp:203 +#: src/gui/.ui/newfirewalldialog_q.cpp:171 +#: src/gui/.ui/newfirewalldialog_q.cpp:322 +#: src/gui/.ui/newfirewalldialog_q.cpp:501 +#: src/gui/.ui/newfirewalldialog_q.cpp:523 src/gui/.ui/newhostdialog_q.cpp:187 +#: src/gui/.ui/newhostdialog_q.cpp:397 src/gui/.ui/prefsdialog_q.cpp:210 +#: src/gui/.ui/prefsdialog_q.cpp:391 +msgid "Name" +msgstr "Nombre" + +#: src/gui/FilterDialog.cpp:405 src/gui/FWWindowPrint.cpp:94 +#: src/gui/.ui/discoverydruid_q.cpp:1021 src/gui/.ui/finddialog_q.cpp:134 +#: src/gui/.ui/findobjectwidget_q.cpp:204 src/gui/.ui/ipv4dialog_q.cpp:170 +#: src/gui/.ui/newfirewalldialog_q.cpp:173 +#: src/gui/.ui/newfirewalldialog_q.cpp:324 +#: src/gui/.ui/newfirewalldialog_q.cpp:503 +#: src/gui/.ui/newfirewalldialog_q.cpp:525 src/gui/.ui/newhostdialog_q.cpp:189 +#: src/gui/.ui/newhostdialog_q.cpp:399 +msgid "Address" +msgstr "Dirección" + +#: src/gui/FilterDialog.cpp:408 +#, fuzzy +msgid "Contains" +msgstr "Contenidos" + +#: src/gui/FilterDialog.cpp:409 +msgid "Is equal to" +msgstr "" + +#: src/gui/FilterDialog.cpp:410 +msgid "Starts with" +msgstr "" + +#: src/gui/FilterDialog.cpp:411 +#, fuzzy +msgid "Ends with" +msgstr "Editar" + +#: src/gui/FilterDialog.cpp:412 +msgid "Matches Wildcard" +msgstr "" + +#: src/gui/FilterDialog.cpp:413 +msgid "Matches RegExp" +msgstr "" + +#: src/gui/findDialog.cpp:269 src/gui/FindObjectWidget.cpp:324 +msgid "Search hit the end of the object tree." +msgstr "Buscar entrada al final del árbol de objetos." + +#: src/gui/findDialog.cpp:270 src/gui/FindObjectWidget.cpp:317 +#: src/gui/FindObjectWidget.cpp:325 +msgid "&Continue at top" +msgstr "&Continuar arriba" + +#: src/gui/findDialog.cpp:270 src/gui/FindObjectWidget.cpp:317 +#: src/gui/FindObjectWidget.cpp:325 +msgid "&Stop" +msgstr "Parar" + +#: src/gui/FindObjectWidget.cpp:316 +#, fuzzy +msgid "Search hit the end of the policy rules." +msgstr "Buscar entrada al final del árbol de objetos." + +#: src/gui/FindObjectWidget.cpp:354 +msgid "Search or Replace object ind't specified." +msgstr "" + +#: src/gui/FindObjectWidget.cpp:364 +msgid "Cannot replace object by itself." +msgstr "" + +#: src/gui/FindObjectWidget.cpp:372 +msgid "Search and Replace objects are incompatible." +msgstr "" + +#: src/gui/FindObjectWidget.cpp:466 +#, fuzzy, qt-format +msgid "Replaced %1 objects." +msgstr "Reemplazar con este objeto" + +#: src/gui/FindObjectWidget.cpp:585 +msgid "Policy of firewall '" +msgstr "" + +#: src/gui/FirewallDialog.cpp:314 src/gui/FirewallDialog.cpp:339 +#, qt-format +msgid "FWBuilder API error: %1" +msgstr "" + +#: src/gui/freebsdAdvancedDialog.cpp:62 src/gui/linksysAdvancedDialog.cpp:68 +#: src/gui/linux24AdvancedDialog.cpp:62 src/gui/macosxAdvancedDialog.cpp:62 +#: src/gui/openbsdAdvancedDialog.cpp:62 src/gui/solarisAdvancedDialog.cpp:62 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:195 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:199 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:203 +#: src/gui/.ui/linux24advanceddialog_q.cpp:371 +#: src/gui/.ui/linux24advanceddialog_q.cpp:375 +#: src/gui/.ui/linux24advanceddialog_q.cpp:379 +#: src/gui/.ui/linux24advanceddialog_q.cpp:383 +#: src/gui/.ui/linux24advanceddialog_q.cpp:387 +#: src/gui/.ui/linux24advanceddialog_q.cpp:391 +#: src/gui/.ui/linux24advanceddialog_q.cpp:395 +#: src/gui/.ui/linux24advanceddialog_q.cpp:399 +#: src/gui/.ui/linux24advanceddialog_q.cpp:403 +#: src/gui/.ui/linux24advanceddialog_q.cpp:418 +#: src/gui/.ui/linux24advanceddialog_q.cpp:422 +#: src/gui/.ui/linux24advanceddialog_q.cpp:426 +#: src/gui/.ui/linux24advanceddialog_q.cpp:430 +#: src/gui/.ui/linux24advanceddialog_q.cpp:434 +#: src/gui/.ui/linux24advanceddialog_q.cpp:438 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:172 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:176 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:180 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:180 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:184 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:189 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:193 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:189 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:195 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:199 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:204 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:208 +msgid "No change" +msgstr "No modificar" + +#: src/gui/freebsdAdvancedDialog.cpp:65 src/gui/linksysAdvancedDialog.cpp:71 +#: src/gui/linux24AdvancedDialog.cpp:65 src/gui/macosxAdvancedDialog.cpp:65 +#: src/gui/openbsdAdvancedDialog.cpp:65 src/gui/solarisAdvancedDialog.cpp:65 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:196 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:200 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:204 +#: src/gui/.ui/linux24advanceddialog_q.cpp:372 +#: src/gui/.ui/linux24advanceddialog_q.cpp:376 +#: src/gui/.ui/linux24advanceddialog_q.cpp:380 +#: src/gui/.ui/linux24advanceddialog_q.cpp:384 +#: src/gui/.ui/linux24advanceddialog_q.cpp:388 +#: src/gui/.ui/linux24advanceddialog_q.cpp:392 +#: src/gui/.ui/linux24advanceddialog_q.cpp:396 +#: src/gui/.ui/linux24advanceddialog_q.cpp:400 +#: src/gui/.ui/linux24advanceddialog_q.cpp:404 +#: src/gui/.ui/linux24advanceddialog_q.cpp:419 +#: src/gui/.ui/linux24advanceddialog_q.cpp:423 +#: src/gui/.ui/linux24advanceddialog_q.cpp:427 +#: src/gui/.ui/linux24advanceddialog_q.cpp:431 +#: src/gui/.ui/linux24advanceddialog_q.cpp:435 +#: src/gui/.ui/linux24advanceddialog_q.cpp:439 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:173 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:177 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:181 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:181 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:185 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:190 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:194 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:190 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:196 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:200 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:205 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:209 +msgid "On" +msgstr "On" + +#: src/gui/freebsdAdvancedDialog.cpp:68 src/gui/linksysAdvancedDialog.cpp:74 +#: src/gui/linux24AdvancedDialog.cpp:68 src/gui/macosxAdvancedDialog.cpp:68 +#: src/gui/openbsdAdvancedDialog.cpp:68 src/gui/solarisAdvancedDialog.cpp:68 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:197 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:201 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:205 +#: src/gui/.ui/linux24advanceddialog_q.cpp:373 +#: src/gui/.ui/linux24advanceddialog_q.cpp:377 +#: src/gui/.ui/linux24advanceddialog_q.cpp:381 +#: src/gui/.ui/linux24advanceddialog_q.cpp:385 +#: src/gui/.ui/linux24advanceddialog_q.cpp:389 +#: src/gui/.ui/linux24advanceddialog_q.cpp:393 +#: src/gui/.ui/linux24advanceddialog_q.cpp:397 +#: src/gui/.ui/linux24advanceddialog_q.cpp:401 +#: src/gui/.ui/linux24advanceddialog_q.cpp:405 +#: src/gui/.ui/linux24advanceddialog_q.cpp:420 +#: src/gui/.ui/linux24advanceddialog_q.cpp:424 +#: src/gui/.ui/linux24advanceddialog_q.cpp:428 +#: src/gui/.ui/linux24advanceddialog_q.cpp:432 +#: src/gui/.ui/linux24advanceddialog_q.cpp:436 +#: src/gui/.ui/linux24advanceddialog_q.cpp:440 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:174 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:178 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:182 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:182 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:186 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:191 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:195 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:191 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:197 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:201 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:206 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:210 +msgid "Off" +msgstr "Off" + +#: src/gui/FWBSettings.cpp:150 +#, qt-format +msgid "" +"Working directory %1 does not exist and could not be created.\n" +"Ignoring this setting." +msgstr "" +"El directorio de trabajo %1 no existe o no puede ser creado.\n" +"Ignorando esta opción." + +#: src/gui/FWBTree.cpp:399 +msgid "New Library" +msgstr "Nueva Librería" + +#: src/gui/FWObjectDropArea.cpp:103 +#, fuzzy +msgid "Drop object here." +msgstr "Grupo de objetos" + +#: src/gui/FWObjectDropArea.cpp:141 src/gui/GroupObjectDialog.cpp:682 +#: src/gui/ObjectManipulator.cpp:916 src/gui/RuleSetView.cpp:1666 +#: src/gui/.ui/FWBMainWindow_q.cpp:476 +msgid "Paste" +msgstr "Pegar" + +#: src/gui/FWObjectDropArea.cpp:143 src/gui/GroupObjectDialog.cpp:683 +#: src/gui/ObjConflictResolutionDialog.cpp:118 +#: src/gui/ObjConflictResolutionDialog.cpp:142 +#: src/gui/ObjectManipulator.cpp:921 src/gui/RuleSetView.cpp:1669 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:110 +#: src/gui/.ui/FWBMainWindow_q.cpp:542 src/gui/.ui/FWBMainWindow_q.cpp:543 +#: src/gui/.ui/newfirewalldialog_q.cpp:508 src/gui/.ui/newhostdialog_q.cpp:409 +msgid "Delete" +msgstr "Borrar" + +#: src/gui/FWObjectPropertiesFactory.cpp:102 +msgid "DNS record: " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:106 +#, fuzzy +msgid "Address Table: " +msgstr "Rango de Direcciones" + +#: src/gui/FWObjectPropertiesFactory.cpp:157 +msgid " objects" +msgstr " objetos" + +#: src/gui/FWObjectPropertiesFactory.cpp:173 +#, qt-format +msgid "protocol: %1" +msgstr "protocolo: %1" + +#: src/gui/FWObjectPropertiesFactory.cpp:177 +#, qt-format +msgid "type: %1" +msgstr "tipo: %1" + +#: src/gui/FWObjectPropertiesFactory.cpp:179 +#, qt-format +msgid "code: %1" +msgstr "código: %1" + +#: src/gui/FWObjectPropertiesFactory.cpp:238 +msgid "Library: " +msgstr "Librería: " + +#: src/gui/FWObjectPropertiesFactory.cpp:243 +msgid "Object Id: " +msgstr "Id de Objeto: " + +#: src/gui/FWObjectPropertiesFactory.cpp:248 +msgid "Object Type: " +msgstr "Tipo de Objeto: " + +#: src/gui/FWObjectPropertiesFactory.cpp:252 +msgid "Object Name: " +msgstr "Nombre de Objeto: " + +#: src/gui/FWObjectPropertiesFactory.cpp:274 +#, fuzzy +msgid "DNS record:" +msgstr "Id de Objeto: " + +#: src/gui/FWObjectPropertiesFactory.cpp:277 +#: src/gui/FWObjectPropertiesFactory.cpp:285 +#, fuzzy +msgid "Run-time" +msgstr "Tiempo" + +#: src/gui/FWObjectPropertiesFactory.cpp:277 +#: src/gui/FWObjectPropertiesFactory.cpp:285 +#, fuzzy +msgid "Compile-time" +msgstr "Compilar" + +#: src/gui/FWObjectPropertiesFactory.cpp:282 +#, fuzzy +msgid "Table file:" +msgstr "Nombre de Objeto: " + +#: src/gui/FWObjectPropertiesFactory.cpp:320 +#, qt-format +msgid "%1 objects
    \n" +msgstr "%1 objetos
    \n" + +#: src/gui/FWObjectPropertiesFactory.cpp:385 +#, fuzzy +msgid "Path: " +msgstr "Librería: " + +#: src/gui/FWObjectPropertiesFactory.cpp:444 +msgid "protocol " +msgstr "protocolo " + +#: src/gui/FWObjectPropertiesFactory.cpp:449 +msgid "type: " +msgstr "tipo: " + +#: src/gui/FWObjectPropertiesFactory.cpp:451 +msgid "code: " +msgstr "código: " + +#: src/gui/FWObjectPropertiesFactory.cpp:471 +#, qt-format +msgid "Pattern: \"%1\"" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:605 +#, fuzzy +msgid "Action : " +msgstr "Id de Objeto: " + +#: src/gui/FWObjectPropertiesFactory.cpp:608 +#, fuzzy +msgid "Parameter: " +msgstr "Librería: " + +#: src/gui/FWObjectPropertiesFactory.cpp:631 +#, fuzzy +msgid "Log prefix : " +msgstr "Prefijo de log:" + +#: src/gui/FWObjectPropertiesFactory.cpp:637 +msgid "Log Level : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:644 +#, fuzzy +msgid "Netlink group : " +msgstr "grupo netlink:" + +#: src/gui/FWObjectPropertiesFactory.cpp:650 +#, fuzzy +msgid "Limit Value : " +msgstr "Librería: " + +#: src/gui/FWObjectPropertiesFactory.cpp:656 +msgid "Limit suffix : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:663 +#, fuzzy +msgid "Limit burst : " +msgstr "Librería: " + +#: src/gui/FWObjectPropertiesFactory.cpp:670 +msgid "

  • Part of Any
    • " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:676 +#: src/gui/FWObjectPropertiesFactory.cpp:706 +#: src/gui/FWObjectPropertiesFactory.cpp:735 +#: src/gui/FWObjectPropertiesFactory.cpp:758 +msgid "
  • Stateless
    • " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:685 +#, fuzzy +msgid "Log facility: " +msgstr "Facilidad de Log:" + +#: src/gui/FWObjectPropertiesFactory.cpp:692 +#: src/gui/FWObjectPropertiesFactory.cpp:775 +#, fuzzy +msgid "Log level : " +msgstr "Prefijo de log:" + +#: src/gui/FWObjectPropertiesFactory.cpp:700 +msgid "
  • Send 'unreachable'
    • " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:712 +#, fuzzy +msgid "
  • Keep information on fragmented packets
    • " +msgstr "" +"Guardar información de paquetes\n" +"fragmentados, para ser aplicada más tarde\n" +"a los fragmentos" + +#: src/gui/FWObjectPropertiesFactory.cpp:722 +#, fuzzy +msgid "Log prefix : " +msgstr "Prefijo de log:" + +#: src/gui/FWObjectPropertiesFactory.cpp:728 +#, fuzzy +msgid "Max state : " +msgstr "Librería: " + +#: src/gui/FWObjectPropertiesFactory.cpp:741 +msgid "
  • Source tracking
    • " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:744 +msgid "Max src nodes : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:747 +#, fuzzy +msgid "Max src states: " +msgstr "Librería: " + +#: src/gui/FWObjectPropertiesFactory.cpp:767 +#, qt-format +msgid "Ver:%1
    \n" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:781 +#, fuzzy +msgid "Log interval : " +msgstr "Librería: " + +#: src/gui/FWObjectPropertiesFactory.cpp:788 +#, fuzzy +msgid "
  • Disable logging for this rule
    • " +msgstr "" +"completamente desactivado logging\n" +"para esta regla" + +#: src/gui/FWObjectPropertiesFactory.cpp:820 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:159 +#, fuzzy +msgid "bitmask" +msgstr "Máscara" + +#: src/gui/FWObjectPropertiesFactory.cpp:821 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:160 +#, fuzzy +msgid "random" +msgstr "Usar ID aleatorio" + +#: src/gui/FWObjectPropertiesFactory.cpp:822 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:161 +msgid "source-hash" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:823 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:162 +msgid "round-robin" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:825 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:163 +msgid "static-port" +msgstr "" + +#: src/gui/FWWindow.cpp:175 +msgid "No firewalls defined" +msgstr "Cortafuegos no definidos" + +#: src/gui/FWWindow.cpp:379 +msgid "" +"Some objects have been modified but not saved.\n" +"Do you want to save changes now ?" +msgstr "" +"Algunos objetos has sido modificados pero no guardados.\n" +"Quiere salvar los cambios ahora ?" + +#: src/gui/FWWindow.cpp:381 src/gui/ObjectEditor.cpp:466 +#: src/gui/.ui/FWBMainWindow_q.cpp:453 +msgid "&Save" +msgstr "&Salvar" + +#: src/gui/FWWindow.cpp:381 src/gui/ObjectEditor.cpp:466 +#: src/gui/.ui/FWBMainWindow_q.cpp:556 +msgid "&Discard" +msgstr "&Descartar" + +#: src/gui/FWWindow.cpp:381 src/gui/FWWindow.cpp:680 src/gui/RCS.cpp:748 +#: src/gui/.ui/askrulenumberdialog_q.cpp:91 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:189 +#: src/gui/.ui/ipfadvanceddialog_q.cpp:549 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:353 +#: src/gui/.ui/iptadvanceddialog_q.cpp:601 +#: src/gui/.ui/linksysadvanceddialog_q.cpp:198 +#: src/gui/.ui/linux24advanceddialog_q.cpp:368 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:167 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:175 +#: src/gui/.ui/pagesetupdialog_q.cpp:110 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1002 src/gui/.ui/prefsdialog_q.cpp:366 +#: src/gui/.ui/rcsfilesavedialog_q.cpp:104 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:185 +msgid "&Cancel" +msgstr "&Cancelar" + +#: src/gui/FWWindow.cpp:436 +msgid "FWB Files (*.fwb);;All Files (*)" +msgstr "FWB Ficheros (*.fwb);;Todos los ficheros (*)" + +#: src/gui/FWWindow.cpp:447 src/gui/FWWindow.cpp:1805 +#, qt-format +msgid "" +"The file %1 already exists.\n" +"Do you want to overwrite it ?" +msgstr "" +"The fichero %1 ya existe.\n" +"Quiere sobreescribirlo?" + +#: src/gui/FWWindow.cpp:449 src/gui/FWWindow.cpp:1807 +#: src/gui/ObjectManipulator.cpp:510 src/gui/ObjectManipulator.cpp:539 +#: src/gui/ObjectManipulator.cpp:1752 src/gui/ObjectManipulator.cpp:1828 +msgid "&Yes" +msgstr "&Si" + +#: src/gui/FWWindow.cpp:449 src/gui/FWWindow.cpp:1807 +#: src/gui/ObjectManipulator.cpp:510 src/gui/ObjectManipulator.cpp:539 +#: src/gui/ObjectManipulator.cpp:1752 src/gui/ObjectManipulator.cpp:1828 +msgid "&No" +msgstr "&No" + +#: src/gui/FWWindow.cpp:483 src/gui/FWWindow.cpp:1086 +#: src/gui/StartWizard.cpp:99 +msgid "Choose name and location for the new file" +msgstr "Elija nombre y localización para el nuevo fichero" + +#: src/gui/FWWindow.cpp:585 +msgid "Saving data to file..." +msgstr "Salvando datos a fichero..." + +#: src/gui/FWWindow.cpp:617 +msgid "Choose name and location for the file" +msgstr "Elija nombre y localización para el fichero" + +#: src/gui/FWWindow.cpp:674 +msgid "" +"This operation discards all changes that have been saved\n" +"into the file so far, closes it and replaces it with a clean\n" +"copy of its head revision from RCS.\n" +"\n" +"All changes will be lost if you do this.\n" +"\n" +msgstr "" +"Esta operación descarta todos los cambios que se han guardado\n" +"en el fichero, lo cierra y lo reemplaza con una copia limpia\n" +"con la cabecera de revisión desde RCS.\n" +"\n" +"Todos los cambios se perderán si hace esto.\n" +"\n" + +#: src/gui/FWWindow.cpp:679 src/gui/ObjectEditor.cpp:439 +msgid "&Discard changes" +msgstr "&Descartar cambios" + +#: src/gui/FWWindow.cpp:723 +#, qt-format +msgid "File %1 has been added to RCS." +msgstr "Fichero %1 ha sido añadido a RCS." + +#: src/gui/FWWindow.cpp:732 src/gui/StartWizard.cpp:157 +#, qt-format +msgid "" +"Error adding file to RCS:\n" +"%1" +msgstr "" +"Error añadiendo el fichero a RCS:\n" +"%1" + +#: src/gui/FWWindow.cpp:739 src/gui/FWWindow.cpp:1124 +msgid "(read-only)" +msgstr "(sólo-lectura)" + +#: src/gui/FWWindow.cpp:798 src/gui/FWWindow.cpp:908 +#, fuzzy +msgid "Loading system objects..." +msgstr "Cargar objetos estandar" + +#: src/gui/FWWindow.cpp:857 src/gui/FWWindow.cpp:1148 +#: src/gui/FWWindow.cpp:1154 +#, qt-format +msgid "" +"Error loading file:\n" +"%1" +msgstr "" +"Error cargando fichero:\n" +"%1" + +#: src/gui/FWWindow.cpp:916 +#, fuzzy +msgid "Reading and parsing data file..." +msgstr "Salvando datos a fichero..." + +#: src/gui/FWWindow.cpp:986 +msgid "Merging with system objects..." +msgstr "" + +#: src/gui/FWWindow.cpp:1080 +#, qt-format +msgid "" +"Firewall Builder 2 uses file extension '.fwb' and \n" +"needs to rename old data file '%1' to '%2',\n" +"but file '%3' already exists.\n" +"Choose a different name for the new file." +msgstr "" +"Firewall Builder 2 usa la extesión de fichero '.fwb' y\n" +"necesita renombrar el antiguo fichero '%1' a '%2',\n" +"pero el fichero '%3' ya existe.\n" +"Elija un nombre diferente para el nuevo fichero." + +#: src/gui/FWWindow.cpp:1094 +msgid "Load operation cancelled and data file reverted to original version." +msgstr "" +"Operación de carga cancelada y fichero de datos restaurado al original." + +#: src/gui/FWWindow.cpp:1109 +#, qt-format +msgid "" +"Firewall Builder 2 uses file extension '.fwb'. Your data file '%1' \n" +"has been renamed '%2'" +msgstr "" +"Firewall Builder 2 usa la extesión de fichero '.fwb'. Su fichero '%1' \n" +"ha sido renombrado a '%2'" + +#: src/gui/FWWindow.cpp:1140 +#, qt-format +msgid "Exception: %1" +msgstr "Excepción: %1" + +#: src/gui/FWWindow.cpp:1142 +#, qt-format +msgid "Failed transformation : %1" +msgstr "Transformación fallida: %1" + +#: src/gui/FWWindow.cpp:1144 +#, qt-format +msgid "XML element : %1" +msgstr "Elemento XML: %1" + +#: src/gui/FWWindow.cpp:1167 +#, fuzzy +msgid "Building object tree..." +msgstr "Encontrar objeto en el árbol" + +#: src/gui/FWWindow.cpp:1172 +#, fuzzy +msgid "Indexing..." +msgstr "&Ãndice..." + +#: src/gui/FWWindow.cpp:1197 +#, qt-format +msgid "Checking file %1 in RCS" +msgstr "Comprobando fichero %1 en RCS" + +#: src/gui/FWWindow.cpp:1222 +#, qt-format +msgid "" +"Error checking in file %1:\n" +"%2" +msgstr "" +"Error comprobando en fichero %1:\n" +"%2" + +#: src/gui/FWWindow.cpp:1310 src/gui/FWWindow.cpp:1750 +msgid "File is read-only" +msgstr "Fichero de sólo-lectura" + +#: src/gui/FWWindow.cpp:1316 src/gui/FWWindow.cpp:1754 +#, qt-format +msgid "Error saving file %1: %2" +msgstr "Error guardando fichero %1: %2" + +#: src/gui/FWWindow.cpp:1359 src/gui/listOfLibraries.cpp:214 +#, qt-format +msgid "Duplicate library '%1'" +msgstr "Librería duplicada '%1'" + +#: src/gui/FWWindow.cpp:1381 src/gui/FWWindow.cpp:1454 +#: src/gui/FWWindow.cpp:1472 src/gui/listOfLibraries.cpp:186 +#, qt-format +msgid "" +"Error loading file %1:\n" +"%2" +msgstr "" +"Error cargando fichero %1:\n" +"%2" + +#: src/gui/FWWindow.cpp:1395 +msgid "Choose a file to import" +msgstr "Elija fichero a importar" + +#: src/gui/FWWindow.cpp:1413 +msgid "" +"This operation inspects two data files (either .fwb or .fwl) and finds " +"conflicting objects. Conflicting objects have the same internal ID but " +"different attributes. Two data files can not be merged, or one imported into " +"another, if they contain such objects. This operation also helps identify " +"changes made to objects in two copies of the same data file.

    This " +"operation does not find objects present in one file but not in the other, " +"such objects present no problem for merge or import operations.

    This " +"operation works with two external files, neither of which needs to be opened " +"in the program. Currently opened data file is not affected by this operation " +"and objects in the tree do not change.

    Do you want to proceed ?" +msgstr "" + +#: src/gui/FWWindow.cpp:1426 +msgid "Choose the first file" +msgstr "" + +#: src/gui/FWWindow.cpp:1433 +#, fuzzy +msgid "Choose the second file" +msgstr "Comentar el código" + +#: src/gui/FWWindow.cpp:1496 +#, qt-format +msgid "" +"Total number of conflicting objects: %1.\n" +"Do you want to generate report?" +msgstr "" + +#: src/gui/FWWindow.cpp:1509 +#, fuzzy +msgid "TXT Files (*.txt);;All Files (*)" +msgstr "FWB Ficheros (*.fwb);;Todos los ficheros (*)" + +#: src/gui/FWWindow.cpp:1511 +#, fuzzy +msgid "Choose name and location for the report file" +msgstr "Elija nombre y localización para el nuevo fichero" + +#: src/gui/FWWindow.cpp:1536 +#, qt-format +msgid "Can not open report file for writing. File '%1'" +msgstr "" + +#: src/gui/FWWindow.cpp:1547 +#, qt-format +msgid "" +"Unexpected error comparing files %1 and %2:\n" +"%3" +msgstr "" + +#: src/gui/FWWindow.cpp:1664 +#, qt-format +msgid "" +"Library %1: Firewall '%2' (global policy rule #%3) uses object '%4' from " +"library '%5'" +msgstr "" +"Librería %1: Cortafuegos '%2'(regla de política global #%3) usa el objeto '%" +"4'desde librería '%5'" + +#: src/gui/FWWindow.cpp:1673 +#, qt-format +msgid "" +"Library %1: Firewall '%2' (interface %3 policy rule #%4) uses object '%5' " +"from library '%6'" +msgstr "" +"Librería %1: Cortafuegos '%2'(interfaz %3 regla de política #%4) usa objeto " +"'%5' desde librería '%6'" + +#: src/gui/FWWindow.cpp:1684 +#, qt-format +msgid "" +"Library %1: Firewall '%2' (NAT rule #%3) uses object '%4' from library '%5'" +msgstr "" +"Librería %1: Cortafuegos '%2'(regla NAT #%3) usa objeto '%4'desde librería '%" +"5'" + +#: src/gui/FWWindow.cpp:1694 +#, qt-format +msgid "Library %1: Group '%2' uses object '%3' from library '%4'" +msgstr "Librería %1: Grupo '%2' usa objeto '%3' desde librería '%4'" + +#: src/gui/FWWindow.cpp:1709 +msgid "" +"A library that you are trying to export contains references\n" +"to objects in the other libraries and can not be exported.\n" +"The following objects need to be moved outside of it or\n" +"objects that they refer to moved in it:" +msgstr "" +"Una librería que intenta exportar contiene referencias a\n" +"objetos en otras librerías y no puede ser exportada.\n" +"Los siguientes objetos necesitan ser movidos fuera de ella o\n" +"los objetos que refiere movidos en ella:" + +#: src/gui/FWWindow.cpp:1780 +msgid "Please select a library you want to export." +msgstr "Por favor seleccione la librería que quiere exportar." + +#: src/gui/FWWindow.cpp:1999 +#, qt-format +msgid "%1" +msgstr "" + +#: src/gui/FWWindow.cpp:2011 +#, qt-format +msgid "Building branch policy view '%1'..." +msgstr "" + +#: src/gui/FWWindow.cpp:2081 +msgid "Building policy view..." +msgstr "" + +#: src/gui/FWWindow.cpp:2110 +msgid "Building NAT view..." +msgstr "" + +#: src/gui/FWWindow.cpp:2125 +msgid "Building routing view..." +msgstr "" + +#: src/gui/FWWindowPrint.cpp:92 src/gui/.ui/discoverydruid_q.cpp:1023 +#: src/gui/.ui/firewalldialog_q.cpp:209 src/gui/.ui/firewalldialog_q.cpp:210 +#: src/gui/.ui/instdialog_q.cpp:83 src/gui/.ui/instdialog_q.cpp:135 +#: src/gui/.ui/instdialog_q.cpp:224 src/gui/.ui/instdialog_q.cpp:269 +#: src/gui/.ui/instdialog_q.cpp:279 src/gui/.ui/instdialog_q.cpp:289 +msgid "Firewall" +msgstr "Cortafuegos" + +#: src/gui/FWWindowPrint.cpp:93 src/gui/.ui/discoverydruid_q.cpp:1022 +#: src/gui/.ui/hostdialog_q.cpp:144 src/gui/.ui/hostdialog_q.cpp:145 +msgid "Host" +msgstr "Máquina" + +#: src/gui/FWWindowPrint.cpp:95 +msgid "Addres Range" +msgstr "Rango de direcciones" + +#: src/gui/FWWindowPrint.cpp:96 src/gui/RuleSetView.cpp:3315 +#: src/gui/RuleSetView.cpp:3565 src/gui/.ui/interfacedialog_q.cpp:231 +#: src/gui/.ui/interfacedialog_q.cpp:232 +msgid "Interface" +msgstr "Interfaz" + +#: src/gui/FWWindowPrint.cpp:97 src/gui/.ui/networkdialog_q.cpp:163 +#: src/gui/.ui/networkdialog_q.cpp:164 +msgid "Network" +msgstr "Red" + +#: src/gui/FWWindowPrint.cpp:98 +msgid "Group of objects" +msgstr "Grupo de objetos" + +#: src/gui/FWWindowPrint.cpp:99 src/gui/.ui/customservicedialog_q.cpp:177 +#: src/gui/.ui/customservicedialog_q.cpp:178 +msgid "Custom Service" +msgstr "Servicio customizado" + +#: src/gui/FWWindowPrint.cpp:100 src/gui/.ui/ipservicedialog_q.cpp:209 +msgid "IP Service" +msgstr "Servicio IP" + +#: src/gui/FWWindowPrint.cpp:101 src/gui/.ui/icmpservicedialog_q.cpp:168 +msgid "ICMP Service" +msgstr "Servicio ICMP" + +#: src/gui/FWWindowPrint.cpp:102 src/gui/.ui/tcpservicedialog_q.cpp:371 +msgid "TCP Service" +msgstr "Servicio TCP" + +#: src/gui/FWWindowPrint.cpp:103 src/gui/.ui/udpservicedialog_q.cpp:222 +msgid "UDP Service" +msgstr "Servicio UDP" + +#: src/gui/FWWindowPrint.cpp:104 +msgid "Group of services" +msgstr "Grupo de servicios" + +#: src/gui/FWWindowPrint.cpp:105 src/gui/.ui/timedialog_q.cpp:242 +msgid "Time Interval" +msgstr "Intervalo de tiempo" + +#: src/gui/FWWindowPrint.cpp:281 +#, qt-format +msgid "Firewall name: %1" +msgstr "Nombre de cortafuegos: %1" + +#: src/gui/FWWindowPrint.cpp:282 +msgid "Platform: " +msgstr "Plataforma: " + +#: src/gui/FWWindowPrint.cpp:283 +msgid "Version: " +msgstr "Versión: " + +#: src/gui/FWWindowPrint.cpp:284 +msgid "Host OS: " +msgstr "SO. de la máquina: " + +#: src/gui/FWWindowPrint.cpp:290 +msgid "Global Policy" +msgstr "Política Global" + +#: src/gui/FWWindowPrint.cpp:341 +#, qt-format +msgid "Interface %1" +msgstr "Interfaz %1" + +#: src/gui/FWWindowPrint.cpp:541 +msgid "Legend" +msgstr "Leyenda" + +#: src/gui/FWWindowPrint.cpp:632 src/gui/.ui/discoverydruid_q.cpp:1015 +msgid "Objects" +msgstr "Objetos" + +#: src/gui/FWWindowPrint.cpp:854 +msgid "Groups" +msgstr "Grupos" + +#: src/gui/FWWindowPrint.cpp:897 +msgid "EMPTY" +msgstr "VACIO" + +#: src/gui/FWWindowPrint.cpp:919 src/gui/FWWindowPrint.cpp:922 +#: src/gui/FWWindowPrint.cpp:930 +msgid "Printing aborted" +msgstr "Impresión abortada" + +#: src/gui/FWWindowPrint.cpp:926 +msgid "Printing completed" +msgstr "Impresión completada" + +#: src/gui/GroupObjectDialog.cpp:145 +msgid "Properties" +msgstr "Propiedades" + +#: src/gui/GroupObjectDialog.cpp:675 src/gui/.ui/FWBMainWindow_q.cpp:449 +#: src/gui/.ui/FWBMainWindow_q.cpp:493 src/gui/.ui/FWBMainWindow_q.cpp:494 +msgid "Open" +msgstr "Abrir" + +#: src/gui/GroupObjectDialog.cpp:677 src/gui/ObjectManipulator.cpp:840 +#: src/gui/RuleSetView.cpp:1660 src/gui/RuleSetView.cpp:1789 +#: src/gui/RuleSetView.cpp:1793 src/gui/RuleSetView.cpp:1797 +#: src/gui/.ui/ipfadvanceddialog_q.cpp:593 +#: src/gui/.ui/ipfadvanceddialog_q.cpp:597 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:379 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:383 +#: src/gui/.ui/iptadvanceddialog_q.cpp:635 +#: src/gui/.ui/iptadvanceddialog_q.cpp:641 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1107 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1111 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1882 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1886 +msgid "Edit" +msgstr "Editar" + +#: src/gui/GroupObjectDialog.cpp:680 src/gui/ObjectManipulator.cpp:912 +#: src/gui/RuleSetView.cpp:1663 src/gui/.ui/FWBMainWindow_q.cpp:473 +msgid "Copy" +msgstr "Copiar" + +#: src/gui/GroupObjectDialog.cpp:681 src/gui/ObjectManipulator.cpp:914 +#: src/gui/RuleSetView.cpp:1665 src/gui/.ui/FWBMainWindow_q.cpp:470 +msgid "Cut" +msgstr "Cortar" + +#: src/gui/InstallFirewallViewItem.cpp:31 src/gui/instDialog.cpp:1893 +#: src/gui/instDialog.cpp:2045 src/gui/instDialog.cpp:2253 +#: src/gui/instDialog.cpp:2272 src/gui/instDialog.cpp:2286 +#: src/gui/instDialog.cpp:2298 +#, fuzzy +msgid "Failure" +msgstr "&Fichero" + +#: src/gui/InstallFirewallViewItem.cpp:44 src/gui/instDialog.cpp:1149 +#: src/gui/instDialog.cpp:1150 src/gui/instDialog.cpp:1818 +#: src/gui/instDialog.cpp:1847 src/gui/instDialog.cpp:1848 +#, fuzzy +msgid "Success" +msgstr "Origen" + +#: src/gui/instBatchOptionsDialog.cpp:47 +msgid "Batch install options" +msgstr "" + +#: src/gui/instDialog.cpp:116 +msgid "There is no firewalls to process." +msgstr "" + +#: src/gui/instDialog.cpp:131 +msgid "" +"

    Select firewalls for compilation.

    " +msgstr "" + +#: src/gui/instDialog.cpp:145 +msgid "Unknown operation." +msgstr "" + +#: src/gui/instDialog.cpp:176 +msgid "Show details" +msgstr "" + +#: src/gui/instDialog.cpp:182 +msgid "Hide details" +msgstr "" + +#: src/gui/instDialog.cpp:286 +msgid "Unsupported exception" +msgstr "Excepción No Soportada" + +#: src/gui/instDialog.cpp:326 +msgid "Summary:" +msgstr "Resumen:" + +#: src/gui/instDialog.cpp:329 src/gui/instDialog.cpp:359 +#, qt-format +msgid "* firewall name : %1" +msgstr "* nombre del cortafuegos: %1" + +#: src/gui/instDialog.cpp:331 +#, qt-format +msgid "* user name : %1" +msgstr "* nombre de usuario: %1" + +#: src/gui/instDialog.cpp:333 +#, qt-format +msgid "* management address : %1" +msgstr "* dirección de gestión: %1" + +#: src/gui/instDialog.cpp:335 +#, qt-format +msgid "* platform : %1" +msgstr "* plataforma : %1" + +#: src/gui/instDialog.cpp:337 +#, qt-format +msgid "* host OS : %1" +msgstr "* SO de máquina: %1" + +#: src/gui/instDialog.cpp:339 +#, qt-format +msgid "* Loading configuration from file %1" +msgstr "* Cargando fichero de configuración %1" + +#: src/gui/instDialog.cpp:344 +msgid "* Incremental install" +msgstr "* Instalación incremental" + +#: src/gui/instDialog.cpp:349 +#, qt-format +msgid "* Configuration diff will be saved in file %1" +msgstr "* Diff de configuración será guardado en fichero %1" + +#: src/gui/instDialog.cpp:354 +msgid "* Commands will not be executed on the firewall" +msgstr "* Los comandos no serán ejecutados en el cortafuegos" + +#: src/gui/instDialog.cpp:656 +#, qt-format +msgid "" +"Only one interface of the firewall '%1' must be marked as management " +"interface." +msgstr "" +"Sólo un interfaz del cortafuegos '%1' debe ser marcado como interfaz de " +"gestión." + +#: src/gui/instDialog.cpp:663 +#, qt-format +msgid "" +"One of the interfaces of the firewall '%1' must be marked as management " +"interface." +msgstr "" +"Sólo un de los interfaces del cortafuegos '%1' debe ser marcado como " +"interfaz de gestión." + +#: src/gui/instDialog.cpp:670 +msgid "" +"Management interface does not have IP address, can not communicate with the " +"firewall." +msgstr "" +"El interfaz de gestión no tiene dirección IP, no se puede comunicar con el " +"cortafuegos." + +#: src/gui/instDialog.cpp:718 +#, qt-format +msgid "File %1 not found." +msgstr "Fichero %1 no encontrado." + +#: src/gui/instDialog.cpp:1002 src/gui/SSHPIX.cpp:347 +#, qt-format +msgid "Can not open file %1" +msgstr "No se puede abrir el fichero %1" + +#: src/gui/instDialog.cpp:1105 +#, fuzzy, qt-format +msgid "" +"\n" +"Copying %1 -> %2:%3\n" +msgstr "" +"\n" +"Copiando %1 -> %2\n" + +#: src/gui/instDialog.cpp:1139 +#, qt-format +msgid "" +"Running command '%1'\n" +"\n" +msgstr "Ejecutando comando '%1'\n" + +#: src/gui/instDialog.cpp:1154 src/gui/instDialog.cpp:1155 +#: src/gui/instDialog.cpp:1823 src/gui/instDialog.cpp:1859 +#: src/gui/instDialog.cpp:1860 +msgid "Error" +msgstr "" + +#: src/gui/instDialog.cpp:1177 +#, fuzzy +msgid "Fatal error, terminating install sequence\n" +msgstr "ERROR: Finalizando secuencia de instalación\n" + +#: src/gui/instDialog.cpp:1190 +msgid "Done\n" +msgstr "Hecho\n" + +#: src/gui/instDialog.cpp:1253 +msgid "Activating new policy\n" +msgstr "Activando nueva política\n" + +#: src/gui/instDialog.cpp:1421 +#, fuzzy, qt-format +msgid "Compiling rule sets for firewall: %1" +msgstr "Instalando reglas de política en el cortafuegos '%1'" + +#: src/gui/instDialog.cpp:1459 +#, fuzzy +msgid "" +"Policy installer uses Secure Shell to communicate with the firewall.\n" +"Please configure directory path to the secure shell utility \n" +"installed on your machine using Preferences dialog" +msgstr "" +"El instalador de políticas usa Shell segura para comunicarse con el " +"cortafuegos.\n" +"Por favor configure el path a su copía de ficheros segura y utilidades \n" +"de shell segura instaladas en su máquina usando el dialogo Preferencias" + +#: src/gui/instDialog.cpp:1483 +#, fuzzy +msgid "Firewall isn't compiled." +msgstr "Firewall Builder" + +#: src/gui/instDialog.cpp:1578 +msgid "" +"Firewall platform is not specified in this object.\n" +"Can't compile firewall policy." +msgstr "" +"No hay plataforma de cortafuegos especificada en este objeto.\n" +"No se puede compilar la política del cortafuegos" + +#: src/gui/instDialog.cpp:1779 +#, fuzzy +msgid "Error: Terminating install sequence\n" +msgstr "ERROR: Finalizando secuencia de instalación\n" + +#: src/gui/instDialog.cpp:1852 +msgid "Abnormal program termination" +msgstr "" + +#: src/gui/instDialog.cpp:1858 +msgid "Skipped" +msgstr "" + +#: src/gui/instDialog.cpp:1888 src/gui/instDialog.cpp:2040 +#, fuzzy +msgid "Compiling ..." +msgstr "Compilar" + +#: src/gui/instDialog.cpp:1901 +#, fuzzy +msgid "Recompile" +msgstr "Compilar" + +#: src/gui/instDialog.cpp:1987 +#, fuzzy +msgid "Batch policy rules compilation" +msgstr "Buscar en reglas de políticas" + +#: src/gui/instDialog.cpp:2016 src/gui/instDialog.cpp:2159 +#: src/gui/.ui/discoverydruid_q.cpp:992 src/gui/.ui/execdialog_q.cpp:94 +#: src/gui/.ui/instdialog_q.cpp:278 +msgid "Stop" +msgstr "Parar" + +#: src/gui/instDialog.cpp:2170 +#, fuzzy +msgid "Install firewall: " +msgstr "Instalar política de cortafuegos" + +#: src/gui/instDialog.cpp:2180 +#, fuzzy +msgid "Installing firewalls" +msgstr "Instalar política de cortafuegos" + +#: src/gui/instDialog.cpp:2211 +#, fuzzy +msgid "Installing ..." +msgstr "Instalar" + +#: src/gui/instDialog.cpp:2265 +#, qt-format +msgid "Installing policy rules on firewall '%1'." +msgstr "Instalando reglas de política en el cortafuegos '%1'" + +#: src/gui/instDialog.cpp:2395 src/gui/.ui/instdialog_q.cpp:276 +#, fuzzy +msgid "Show selected" +msgstr "Mostrar objetos borrados" + +#: src/gui/instDialog.cpp:2401 +msgid "Show all" +msgstr "" + +#: src/gui/instOptionsDialog.cpp:66 +#, fuzzy, qt-format +msgid "Install options for firewall '%1'" +msgstr "Instalando reglas de política en el cortafuegos '%1'" + +#: src/gui/InterfaceDialog.cpp:193 +msgid "Group: " +msgstr "Grupo: " + +#: src/gui/InterfaceDialog.cpp:211 +msgid "Network: " +msgstr "Red: " + +#: src/gui/ipfAdvancedDialog.cpp:170 src/gui/ipfAdvancedDialog.cpp:179 +#: src/gui/ipfwAdvancedDialog.cpp:144 src/gui/ipfwAdvancedDialog.cpp:153 +#: src/gui/iptAdvancedDialog.cpp:204 src/gui/iptAdvancedDialog.cpp:213 +#: src/gui/pfAdvancedDialog.cpp:278 src/gui/pfAdvancedDialog.cpp:287 +#: src/gui/pixAdvancedDialog.cpp:786 src/gui/pixAdvancedDialog.cpp:795 +#: src/gui/.ui/metriceditorpanel_q.cpp:76 src/gui/.ui/simpleinteditor_q.cpp:88 +#: src/gui/.ui/simpletexteditor_q.cpp:93 +msgid "Script Editor" +msgstr "Editor de script" + +#: src/gui/IPv4Dialog.cpp:159 src/gui/NetworkDialog.cpp:119 +#, qt-format +msgid "Illegal netmask '%1'" +msgstr "Mascara ilegal '%1'" + +#: src/gui/IPv4Dialog.cpp:263 +#, qt-format +msgid "" +"DNS lookup failed for both names of the address object '%1' and the name of " +"the host '%2'." +msgstr "" +"Busqueda en DNS falló para ambos nombres de las direcciones objeto '%1' y el " +"nombre de máquina '%2'." + +#: src/gui/IPv4Dialog.cpp:270 +#, qt-format +msgid "DNS lookup failed for name of the address object '%1'." +msgstr "Buscada en DNS falló para el nombre de la dirección objeto '%1'." + +#: src/gui/LibraryDialog.cpp:151 +msgid "Pick the color for this library" +msgstr "Elija el color de esta librería" + +#: src/gui/listOfLibraries.cpp:142 +#, fuzzy +msgid "" +"The library file you are trying to open\n" +"has been saved in an older version of\n" +"Firewall Builder and needs to be upgraded.\n" +"To upgrade it, just load it in the Firewall\n" +"Builder GUI and save back to file again." +msgstr "" +"El fichero librería que intenta abrir\n" +"ha sido guardado con una versión más antigua de\n" +"Firewall Builder y necesitan ser actualizados.\n" +"Para actualizarlos, cargelos desde Firewall\n" +"Builder y salvelos de nuevos a disco." + +#: src/gui/newFirewallDialog.cpp:99 src/gui/.ui/newhostdialog_q.cpp:390 +msgid "" +"Check option 'dynamic address' for the interface that gets its IP address " +"dynamically via DHCP or PPP protocol." +msgstr "" +"Active opción 'dirección dinámica' para el interfaz obtenga su dirección IP " +"dinámicamente via DHCP o el protocolo PPP." + +#: src/gui/newFirewallDialog.cpp:100 src/gui/.ui/newhostdialog_q.cpp:389 +msgid "" +"Check option 'Unnumbered interface' for the interface that does not have an " +"IP address. Examples of interfaces of this kind are those used to terminate " +"PPPoE or VPN tunnels." +msgstr "" +"Active la opción 'interfaz no numérado' para que el interfaz no tenga " +"dirección IP. Ejemplo de interfaces de este tipo son aquellos usados como " +"terminales PPPoE o tuneles VPN." + +#: src/gui/newFirewallDialog.cpp:229 src/gui/newHostDialog.cpp:222 +msgid "Missing SNMP community string." +msgstr "Identificador de comunidad SNMP no encontrado" + +#: src/gui/newFirewallDialog.cpp:248 src/gui/newHostDialog.cpp:241 +#, qt-format +msgid "Address of %1 could not be obtained via DNS" +msgstr "Dirección de %1 no pudo ser obtenida via DNS" + +#: src/gui/newFirewallDialog.cpp:422 +msgid "dynamic" +msgstr "dinámica" + +#: src/gui/newFirewallDialog.cpp:503 src/gui/newHostDialog.cpp:433 +#, qt-format +msgid "Interface: %1 (%2)" +msgstr "Interfaz: %1 (%2)" + +#: src/gui/newFirewallDialog.cpp:511 src/gui/newHostDialog.cpp:441 +#: src/gui/.ui/newfirewalldialog_q.cpp:514 src/gui/.ui/newhostdialog_q.cpp:404 +msgid "Dynamic address" +msgstr "Dirección dinámica" + +#: src/gui/newFirewallDialog.cpp:513 src/gui/newHostDialog.cpp:443 +#: src/gui/.ui/interfacedialog_q.cpp:254 +#: src/gui/.ui/newfirewalldialog_q.cpp:513 src/gui/.ui/newhostdialog_q.cpp:395 +msgid "Unnumbered interface" +msgstr "Intefaz no numerado" + +#: src/gui/newFirewallDialog.cpp:515 src/gui/.ui/interfacedialog_q.cpp:259 +#: src/gui/.ui/newfirewalldialog_q.cpp:512 +msgid "Bridge port" +msgstr "" + +#: src/gui/newFirewallDialog.cpp:555 src/gui/newHostDialog.cpp:480 +#, qt-format +msgid "Illegal address '%1/%2'" +msgstr "Dirección ilegal '%1/%2'" + +#: src/gui/ObjConflictResolutionDialog.cpp:63 +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:152 +msgid "Keep current object" +msgstr "Guardar objeto actual" + +#: src/gui/ObjConflictResolutionDialog.cpp:64 +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:157 +msgid "Replace with this object" +msgstr "Reemplazar con este objeto" + +#: src/gui/ObjConflictResolutionDialog.cpp:117 +#: src/gui/ObjConflictResolutionDialog.cpp:141 +#, fuzzy, qt-format +msgid "Object '%1' has been deleted" +msgstr "Objeto '%1' ha sido eliminado" + +#: src/gui/ObjConflictResolutionDialog.cpp:176 +#, fuzzy, qt-format +msgid "Object '%1' in the objects tree" +msgstr "Objeto '%1' en el árbol de objetos" + +#: src/gui/ObjConflictResolutionDialog.cpp:178 +#: src/gui/ObjConflictResolutionDialog.cpp:180 +#, fuzzy, qt-format +msgid "Object '%1' in file %2" +msgstr "Objeto '%1' en fichero %2" + +#: src/gui/ObjConflictResolutionDialog.cpp:297 +#: src/gui/.ui/findobjectwidget_q.cpp:191 +#, fuzzy +msgid "Next" +msgstr "Negar" + +#: src/gui/ObjConflictResolutionDialog.cpp:299 +msgid "" +"The following two objects have the same internal ID but different attributes:" +msgstr "" + +#: src/gui/ObjConflictResolutionDialog.cpp:300 +msgid "Skip the rest but build report" +msgstr "" + +#: src/gui/ObjectEditor.cpp:437 +msgid "" +"Modifications done to this object can not be saved.\n" +"Do you want to continue editing it ?" +msgstr "" +"Las modificaciones hechas a este objeto no pueden guardadas.\n" +"Quiere continuar editandolo ?" + +#: src/gui/ObjectEditor.cpp:438 src/gui/ObjectEditor.cpp:466 +#: src/gui/TCPServiceDialog.cpp:177 src/gui/TCPServiceDialog.cpp:185 +#: src/gui/UDPServiceDialog.cpp:119 src/gui/UDPServiceDialog.cpp:127 +#: src/gui/utils.cpp:221 +msgid "&Continue editing" +msgstr "&Continuar editando" + +#: src/gui/ObjectEditor.cpp:465 +msgid "" +"This object has been modified but not saved.\n" +"Do you want to save it ?" +msgstr "" +"Este objeto ha sido modificado pero no guardado.\n" +"Quiere guardarlo ?" + +#: src/gui/ObjectManipulator.cpp:145 +msgid "Object Manipulator" +msgstr "Manulador de objeto" + +#: src/gui/ObjectManipulator.cpp:161 +msgid "New &Library" +msgstr "Nueva &Librería" + +#: src/gui/ObjectManipulator.cpp:164 +msgid "New &Firewall" +msgstr "Nuevo Corta&fuegos" + +#: src/gui/ObjectManipulator.cpp:165 +msgid "New &Host" +msgstr "Nueva máquina" + +#: src/gui/ObjectManipulator.cpp:166 +msgid "New &Interface" +msgstr "Nuevo &Interfaz" + +#: src/gui/ObjectManipulator.cpp:168 +msgid "New &Network" +msgstr "&Nueva Red" + +#: src/gui/ObjectManipulator.cpp:169 +msgid "New &Address" +msgstr "Nuev&a Dirección" + +#: src/gui/ObjectManipulator.cpp:170 +msgid "New &DNS Name" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:171 +#, fuzzy +msgid "New A&ddress Table" +msgstr "Nuevo Rango de Direcciones" + +#: src/gui/ObjectManipulator.cpp:172 +msgid "New Address &Range" +msgstr "Nuevo &Rango de Direcciones" + +#: src/gui/ObjectManipulator.cpp:173 +msgid "New &Object Group" +msgstr "Nuevo Grupo de &Objetos" + +#: src/gui/ObjectManipulator.cpp:175 +msgid "New &Custom Service" +msgstr "Nuevo Servicio &Custom" + +#: src/gui/ObjectManipulator.cpp:176 +msgid "New &IP Service" +msgstr "Nuevo Servcicio &IP" + +#: src/gui/ObjectManipulator.cpp:177 +msgid "New IC&MP Service" +msgstr "Nuevo Sercicio IC&MP" + +#: src/gui/ObjectManipulator.cpp:178 +msgid "New &TCP Service" +msgstr "Nuevo Servicio &TCP" + +#: src/gui/ObjectManipulator.cpp:179 +msgid "New &UDP Service" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:180 +#, fuzzy +msgid "New &TagService" +msgstr "Nuevo Servicio &TCP" + +#: src/gui/ObjectManipulator.cpp:181 +msgid "New &Service Group" +msgstr "Nuevo Grupo de &Servicios" + +#: src/gui/ObjectManipulator.cpp:183 +msgid "New Ti&me Interval" +msgstr "Nuevo Intervalo de Tie&mpo" + +#: src/gui/ObjectManipulator.cpp:230 +msgid " ( read only )" +msgstr " ( sólo lectura )" + +#: src/gui/ObjectManipulator.cpp:498 +msgid "" +"The name of the object '%1' has changed. The program can also\n" +"rename IP address objects that belong to this object,\n" +"using standard naming scheme 'host_name:interface_name:ip'.\n" +"This makes it easier to distinguish what host or a firewall\n" +"given IP address object belongs to when it is used in \n" +"the policy or NAT rule. The program also renames MAC address\n" +"objects using scheme 'host_name:interface_name:mac'.\n" +"Do you want to rename child IP and MAC address objects now?\n" +"(If you click 'No', names of all address objects that belong to\n" +"%1 will stay the same.)" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:527 +msgid "" +"The name of the interface '%1' has changed. The program can also\n" +"rename IP address objects that belong to this interface,\n" +"using standard naming scheme 'host_name:interface_name:ip'.\n" +"This makes it easier to distinguish what host or a firewall\n" +"given IP address object belongs to when it is used in \n" +"the policy or NAT rule. The program also renames MAC address\n" +"objects using scheme 'host_name:interface_name:mac'.\n" +"Do you want to rename child IP and MAC address objects now?\n" +"(If you click 'No', names of all address objects that belong to\n" +"%1 will stay the same.)" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:874 +#, qt-format +msgid "place in library %1" +msgstr "colocar en librería %1" + +#: src/gui/ObjectManipulator.cpp:883 +#, qt-format +msgid "to library %1" +msgstr "a librería %1" + +#: src/gui/ObjectManipulator.cpp:893 +msgid "place here" +msgstr "colocar aquí" + +#: src/gui/ObjectManipulator.cpp:896 +msgid "Duplicate ..." +msgstr "Dpulicar ..." + +#: src/gui/ObjectManipulator.cpp:901 src/gui/ObjectManipulator.cpp:904 +msgid "Move ..." +msgstr "Mover ..." + +#: src/gui/ObjectManipulator.cpp:933 +msgid "Add Interface" +msgstr "Añádir Interfaz" + +#: src/gui/ObjectManipulator.cpp:938 +msgid "Add IP Address" +msgstr "Añadir Dirección IP" + +#: src/gui/ObjectManipulator.cpp:940 +msgid "Add MAC Address" +msgstr "Añadir Dirección MAC" + +#: src/gui/ObjectManipulator.cpp:945 src/gui/.ui/newfirewalldialog_q.cpp:486 +msgid "New Firewall" +msgstr "Nuevo Cortafuegos" + +#: src/gui/ObjectManipulator.cpp:950 src/gui/ObjectManipulator.cpp:2515 +#: src/gui/ObjectManipulator.cpp:2531 +msgid "New Address" +msgstr "Nueva Dirección" + +#: src/gui/ObjectManipulator.cpp:955 src/gui/ObjectManipulator.cpp:2546 +#, fuzzy +msgid "New DNS Name" +msgstr "Nueva clave RSA" + +#: src/gui/ObjectManipulator.cpp:961 src/gui/ObjectManipulator.cpp:2557 +#, fuzzy +msgid "New Address Table" +msgstr "Nuevo Rango de Direcciones" + +#: src/gui/ObjectManipulator.cpp:966 src/gui/ObjectManipulator.cpp:2624 +msgid "New Address Range" +msgstr "Nuevo Rango de Direcciones" + +#: src/gui/ObjectManipulator.cpp:970 src/gui/.ui/newhostdialog_q.cpp:377 +msgid "New Host" +msgstr "Nueva Máquina" + +#: src/gui/ObjectManipulator.cpp:974 src/gui/ObjectManipulator.cpp:2491 +msgid "New Network" +msgstr "Nueva Red" + +#: src/gui/ObjectManipulator.cpp:978 src/gui/ObjectManipulator.cpp:1006 +#: src/gui/.ui/newgroupdialog_q.cpp:97 +msgid "New Group" +msgstr "Nuevo Grupo" + +#: src/gui/ObjectManipulator.cpp:982 src/gui/ObjectManipulator.cpp:2647 +msgid "New Custom Service" +msgstr "Nuevo Servicio Custom" + +#: src/gui/ObjectManipulator.cpp:986 src/gui/ObjectManipulator.cpp:2658 +msgid "New IP Service" +msgstr "Nuevo Servicio IP" + +#: src/gui/ObjectManipulator.cpp:990 src/gui/ObjectManipulator.cpp:2669 +msgid "New ICMP Service" +msgstr "Nuevo Servicio ICMP" + +#: src/gui/ObjectManipulator.cpp:994 src/gui/ObjectManipulator.cpp:2680 +msgid "New TCP Service" +msgstr "Nuevo Servicio TCP" + +#: src/gui/ObjectManipulator.cpp:998 src/gui/ObjectManipulator.cpp:2691 +msgid "New UDP Service" +msgstr "Nuevo Servicio UDP" + +#: src/gui/ObjectManipulator.cpp:1002 src/gui/ObjectManipulator.cpp:2591 +#, fuzzy +msgid "New TagService" +msgstr "Nuevo Servicio TCP" + +#: src/gui/ObjectManipulator.cpp:1010 src/gui/ObjectManipulator.cpp:2714 +msgid "New Time Interval" +msgstr "Nuevo Intervalo de tiempo" + +#: src/gui/ObjectManipulator.cpp:1014 src/gui/.ui/finddialog_q.cpp:131 +#: src/gui/.ui/findwhereusedwidget_q.cpp:121 +msgid "Find" +msgstr "Encontrar" + +#: src/gui/ObjectManipulator.cpp:1015 src/gui/RuleSetView.cpp:1672 +msgid "Where used" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1027 src/gui/.ui/groupobjectdialog_q.cpp:186 +#: src/gui/.ui/groupobjectdialog_q.cpp:187 +msgid "Group" +msgstr "Grupo" + +#: src/gui/ObjectManipulator.cpp:1035 src/gui/.ui/FWBMainWindow_q.cpp:499 +#: src/gui/.ui/FWBMainWindow_q.cpp:500 src/gui/.ui/instdialog_q.cpp:79 +#: src/gui/.ui/instdialog_q.cpp:267 +msgid "Compile" +msgstr "Compilar" + +#: src/gui/ObjectManipulator.cpp:1036 src/gui/.ui/FWBMainWindow_q.cpp:502 +#: src/gui/.ui/FWBMainWindow_q.cpp:503 src/gui/.ui/instdialog_q.cpp:81 +#: src/gui/.ui/instdialog_q.cpp:268 +msgid "Install" +msgstr "Instalar" + +#: src/gui/ObjectManipulator.cpp:1043 src/gui/.ui/FWBMainWindow_q.cpp:561 +#: src/gui/.ui/FWBMainWindow_q.cpp:562 +#, fuzzy +msgid "Lock" +msgstr "Bloqueado por" + +#: src/gui/ObjectManipulator.cpp:1045 src/gui/.ui/FWBMainWindow_q.cpp:563 +#: src/gui/.ui/FWBMainWindow_q.cpp:564 +msgid "Unlock" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1054 +msgid "dump" +msgstr "volcar" + +#: src/gui/ObjectManipulator.cpp:1087 +msgid "Undelete..." +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1576 +#, qt-format +msgid "" +"Impossible to insert object %1 (type %2) into %3\n" +"because of incompatible type." +msgstr "" +"Imposible insertar objeto %1 (tipo %2) en %3\n" +"por ser de tipo incompatible." + +#: src/gui/ObjectManipulator.cpp:1743 +#, fuzzy +msgid "" +"Emptying the 'Deleted Objects' in a library file is not recommended.\n" +"When you remove deleted objects from a library file, Firewall Builder\n" +"loses ability to track them. If a group or a policy rule in some\n" +"data file still uses removed object from this library, you may encounter\n" +"unusual and unexpected behavior of the program.\n" +"Do you want to delete selected objects anyway ?" +msgstr "" +"Eliminar los 'Objetos Borrars' en un fichero librería es no recomendado.\n" +"Cuando elimina los objetos borrados de una librería, Firewall Builder\n" +"ya no podrá encontrarlos. Si un grupo o regla de pólitica en algún fichero\n" +"de datos todavía es usada y se elimina desde esta librería, el programa\n" +"podría comportarse de un modo inesperao.\n" +"Todavia quiere eliminar los objetos seleccionados ?" + +#: src/gui/ObjectManipulator.cpp:1823 +#, qt-format +msgid "" +"When you delete a library, all objects that belong to it\n" +"disappear from the tree and all groups and rules that reference them.\n" +"You won't be able to reverse this operation later.\n" +"Do you still want to delete library %1?" +msgstr "" +"Cuando borrar una librería, todos los objetos incluidos en esta\n" +"desaparecen desde el árbol, y todos los grupos y reglas que las " +"referencian.\n" +"Esta operación no se puede deshacer con posterioridad.\n" +"Todavía quiere borrar la librería %1?" + +#: src/gui/ObjectManipulator.cpp:2343 +#, qt-format +msgid "" +"Type '%1': new object can not be created because\n" +"corresponding branch is missing in the object tree.\n" +"Please repair the tree using command 'fwbedit -s -f file.fwb'." +msgstr "" + +#: src/gui/ObjectManipulator.cpp:2470 src/gui/ObjectManipulator.cpp:2473 +msgid "New Interface" +msgstr "Nuevo Interfaz" + +#: src/gui/ObjectManipulator.cpp:2635 +msgid "New Object Group" +msgstr "Nuevo Grupo de Objetos" + +#: src/gui/ObjectManipulator.cpp:2702 +msgid "New Service Group" +msgstr "Nuevo Grupo de Servicios" + +#: src/gui/ObjectManipulator.cpp:2821 +msgid "Searching for firewalls affected by the change..." +msgstr "" + +#: src/gui/ObjectTreeView.cpp:115 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:66 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:113 +#: src/gui/.ui/discoverydruid_q.cpp:748 src/gui/.ui/discoverydruid_q.cpp:1024 +#: src/gui/.ui/FWBMainWindow_q.cpp:575 +msgid "Object" +msgstr "Objeto" + +#: src/gui/pfAdvancedDialog.cpp:98 +msgid "Aggressive" +msgstr "Agresivo" + +#: src/gui/pfAdvancedDialog.cpp:100 +msgid "Conservative" +msgstr "Conservativo" + +#: src/gui/pfAdvancedDialog.cpp:102 +msgid "For high latency" +msgstr "Para alta latencia" + +#: src/gui/pfAdvancedDialog.cpp:104 +msgid "Normal" +msgstr "Normal" + +#: src/gui/pixAdvancedDialog.cpp:130 +msgid "0 - System Unusable" +msgstr "0 - Sistema no Usable" + +#: src/gui/pixAdvancedDialog.cpp:135 +msgid "1 - Take Immediate Action" +msgstr "1 - Coger una acción inmediata" + +#: src/gui/pixAdvancedDialog.cpp:140 +msgid "2 - Critical Condition" +msgstr "2 - Condición Crítica" + +#: src/gui/pixAdvancedDialog.cpp:145 +msgid "3 - Error Message" +msgstr "3 - Mensaje de Error" + +#: src/gui/pixAdvancedDialog.cpp:150 +msgid "4 - Warning Message" +msgstr "4 - Mensaje de Aviso" + +#: src/gui/pixAdvancedDialog.cpp:155 +msgid "5 - Normal but significant condition" +msgstr "5 - Normal pero condición significativa" + +#: src/gui/pixAdvancedDialog.cpp:160 +msgid "6 - Informational" +msgstr "6 - Informativo" + +#: src/gui/pixAdvancedDialog.cpp:165 +msgid "7 - Debug Message" +msgstr "7 - Mensaje de Debug" + +#: src/gui/pixAdvancedDialog.cpp:679 src/gui/pixAdvancedDialog.cpp:717 +msgid "Error: Policy compiler for PIX is not installed" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:703 +#, fuzzy +msgid "Compiler error" +msgstr "Compilador" + +#: src/gui/platforms.cpp:60 src/gui/.ui/ruleoptionsdialog_q.cpp:791 +msgid "alert" +msgstr "alerta" + +#: src/gui/platforms.cpp:62 src/gui/.ui/ruleoptionsdialog_q.cpp:792 +msgid "crit" +msgstr "" + +#: src/gui/platforms.cpp:64 src/gui/.ui/pfadvanceddialog_q.cpp:1075 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:793 +msgid "error" +msgstr "" + +#: src/gui/platforms.cpp:66 src/gui/.ui/ruleoptionsdialog_q.cpp:794 +msgid "warning" +msgstr "aviso" + +#: src/gui/platforms.cpp:68 src/gui/.ui/ruleoptionsdialog_q.cpp:795 +msgid "notice" +msgstr "" + +#: src/gui/platforms.cpp:70 src/gui/.ui/ruleoptionsdialog_q.cpp:796 +msgid "info" +msgstr "" + +#: src/gui/platforms.cpp:72 src/gui/.ui/ruleoptionsdialog_q.cpp:797 +msgid "debug" +msgstr "" + +#: src/gui/platforms.cpp:78 +msgid "kern" +msgstr "" + +#: src/gui/platforms.cpp:80 +msgid "user" +msgstr "" + +#: src/gui/platforms.cpp:82 +#, fuzzy +msgid "mail" +msgstr "Normal" + +#: src/gui/platforms.cpp:84 +#, fuzzy +msgid "daemon" +msgstr "abajo" + +#: src/gui/platforms.cpp:86 +#, fuzzy +msgid "auth" +msgstr "Path" + +#: src/gui/platforms.cpp:88 +#, fuzzy +msgid "syslog" +msgstr "Syslog" + +#: src/gui/platforms.cpp:90 +msgid "lpr" +msgstr "" + +#: src/gui/platforms.cpp:92 +msgid "news" +msgstr "" + +#: src/gui/platforms.cpp:94 +#, fuzzy +msgid "uucp" +msgstr "arriba" + +#: src/gui/platforms.cpp:96 +#, fuzzy +msgid "cron" +msgstr "Acción" + +#: src/gui/platforms.cpp:98 +msgid "authpriv" +msgstr "" + +#: src/gui/platforms.cpp:100 src/gui/.ui/pixadvanceddialog_q.cpp:1945 +msgid "ftp" +msgstr "" + +#: src/gui/platforms.cpp:102 +msgid "local0" +msgstr "" + +#: src/gui/platforms.cpp:104 +msgid "local1" +msgstr "" + +#: src/gui/platforms.cpp:106 +msgid "local2" +msgstr "" + +#: src/gui/platforms.cpp:108 +msgid "local3" +msgstr "" + +#: src/gui/platforms.cpp:110 +msgid "local4" +msgstr "" + +#: src/gui/platforms.cpp:112 +msgid "local5" +msgstr "" + +#: src/gui/platforms.cpp:114 +msgid "local6" +msgstr "" + +#: src/gui/platforms.cpp:116 +msgid "local7" +msgstr "" + +#: src/gui/platforms.cpp:121 +msgid "ICMP admin prohibited" +msgstr "Administrador ICMP prohibido" + +#: src/gui/platforms.cpp:123 +msgid "ICMP host prohibited" +msgstr "Máquina ICMP prohibida" + +#: src/gui/platforms.cpp:125 +msgid "ICMP host unreachable" +msgstr "Máquina ICMP no alcanzable" + +#: src/gui/platforms.cpp:127 +msgid "ICMP net prohibited" +msgstr "Red ICMP prohibida" + +#: src/gui/platforms.cpp:129 +msgid "ICMP net unreachable" +msgstr "Red ICMP no alcanzable" + +#: src/gui/platforms.cpp:131 +msgid "ICMP port unreachable" +msgstr "Puerto ICMP no alcanzable" + +#: src/gui/platforms.cpp:133 +msgid "ICMP protocol unreachable" +msgstr "Protocolo ICMP no alcanzable" + +#: src/gui/platforms.cpp:135 +msgid "TCP RST" +msgstr "" + +#: src/gui/platforms.cpp:138 src/gui/.ui/actionsdialog_q.cpp:476 +#: src/gui/.ui/actionsdialog_q.cpp:483 +msgid "Route through" +msgstr "" + +#: src/gui/platforms.cpp:140 src/gui/.ui/actionsdialog_q.cpp:477 +#: src/gui/.ui/actionsdialog_q.cpp:484 +msgid "Route reply through" +msgstr "" + +#: src/gui/platforms.cpp:142 src/gui/.ui/actionsdialog_q.cpp:478 +#: src/gui/.ui/actionsdialog_q.cpp:485 +msgid "Route a copy through" +msgstr "" + +#: src/gui/platforms.cpp:145 src/gui/.ui/iptadvanceddialog_q.cpp:644 +msgid "on top of the script" +msgstr "en lo alto del script" + +#: src/gui/platforms.cpp:147 src/gui/.ui/iptadvanceddialog_q.cpp:645 +msgid "after interface configuration" +msgstr "después de configurar interfaz" + +#: src/gui/platforms.cpp:149 src/gui/.ui/iptadvanceddialog_q.cpp:646 +msgid "after policy reset" +msgstr "después resetear política" + +#: src/gui/platforms.cpp:152 +#, fuzzy +msgid "in the activation shell script" +msgstr "en lo alto del script" + +#: src/gui/platforms.cpp:155 +msgid "in the pf rule file, at the very top" +msgstr "" + +#: src/gui/platforms.cpp:158 +msgid "in the pf rule file, after set comamnds" +msgstr "" + +#: src/gui/platforms.cpp:161 +msgid "in the pf rule file, after scrub comamnds" +msgstr "" + +#: src/gui/platforms.cpp:164 +msgid "in the pf rule file, after table definitions" +msgstr "" + +#: src/gui/platforms.cpp:169 src/gui/.ui/ruleoptionsdialog_q.cpp:807 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:823 +msgid "/day" +msgstr "/día" + +#: src/gui/platforms.cpp:171 src/gui/.ui/ruleoptionsdialog_q.cpp:808 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:824 +msgid "/hour" +msgstr "/hora" + +#: src/gui/platforms.cpp:173 src/gui/.ui/ruleoptionsdialog_q.cpp:809 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:825 +msgid "/minute" +msgstr "/minuto" + +#: src/gui/platforms.cpp:175 src/gui/.ui/ruleoptionsdialog_q.cpp:810 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:826 +msgid "/second" +msgstr "/segundo" + +#: src/gui/platforms.cpp:380 +msgid "- any -" +msgstr "- alguno -" + +#: src/gui/platforms.cpp:381 +msgid "1.2.5 or earlier" +msgstr "1.2.5 o anterior" + +#: src/gui/platforms.cpp:382 +msgid "1.2.6 to 1.2.8" +msgstr "1.2.6 a 1.2.8" + +#: src/gui/platforms.cpp:383 +#, fuzzy +msgid "1.2.9 to 1.2.11" +msgstr "1.2.6 a 1.2.8" + +#: src/gui/platforms.cpp:384 +#, fuzzy +msgid "1.3.0 or later" +msgstr "1.2.9 o posterior" + +#: src/gui/platforms.cpp:401 +msgid "3.x" +msgstr "" + +#: src/gui/platforms.cpp:402 +msgid "4.x" +msgstr "" + +#: src/gui/platforms.cpp:518 +msgid "Accept" +msgstr "Aceptar" + +#: src/gui/platforms.cpp:520 +msgid "Deny" +msgstr "Denegar" + +#: src/gui/platforms.cpp:522 +msgid "Reject" +msgstr "Rechazar" + +#: src/gui/platforms.cpp:524 +msgid "Scrub" +msgstr "" + +#: src/gui/platforms.cpp:526 +msgid "Return" +msgstr "" + +#: src/gui/platforms.cpp:528 +#, fuzzy +msgid "Skip" +msgstr "ignorar" + +#: src/gui/platforms.cpp:530 src/gui/.ui/longtextdialog_q.cpp:96 +msgid "Continue" +msgstr "Continuar" + +#: src/gui/platforms.cpp:532 +msgid "Modify" +msgstr "" + +#: src/gui/platforms.cpp:534 +msgid "Classify" +msgstr "" + +#: src/gui/platforms.cpp:536 +#, fuzzy +msgid "Custom" +msgstr "Cortar" + +#: src/gui/platforms.cpp:539 +#, fuzzy +msgid "Branch" +msgstr "Atras" + +#: src/gui/platforms.cpp:540 +msgid "Chain" +msgstr "" + +#: src/gui/platforms.cpp:541 +#, fuzzy +msgid "Anchor" +msgstr "Autor" + +#: src/gui/platforms.cpp:545 +msgid "Accounting" +msgstr "" + +#: src/gui/platforms.cpp:546 +#, fuzzy +msgid "Count" +msgstr "Cortar" + +#: src/gui/platforms.cpp:550 +msgid "Tag" +msgstr "" + +#: src/gui/platforms.cpp:551 +#, fuzzy +msgid "Mark" +msgstr "Máscara:" + +#: src/gui/platforms.cpp:555 +msgid "Pipe" +msgstr "" + +#: src/gui/platforms.cpp:556 +msgid "Queue" +msgstr "" + +#: src/gui/PrefsDialog.cpp:176 +msgid "Pick the color" +msgstr "Elegir un color" + +#: src/gui/PrefsDialog.cpp:224 +msgid "Find working directory" +msgstr "Encontrar directorio de trabajo" + +#: src/gui/PrefsDialog.cpp:233 +msgid "Find Secure Shell utility" +msgstr "Encontrar utilidad de Shell Segura" + +#: src/gui/PrefsDialog.cpp:284 +msgid "Find add-on library" +msgstr "Encontrar librería add-on" + +#: src/gui/printerStream.cpp:132 +#, qt-format +msgid "Page %1" +msgstr "" + +#: src/gui/PrintingProgressDialog.cpp:48 +#, qt-format +msgid "Printing (page %1/%2)" +msgstr "" + +#: src/gui/PrintingProgressDialog.cpp:50 +#, fuzzy, qt-format +msgid "Printing page %1" +msgstr "Impresión abortada" + +#: src/gui/PrintingProgressDialog.cpp:67 +msgid "Aborting print operation" +msgstr "" + +#: src/gui/RCS.cpp:498 src/gui/RCS.cpp:717 src/gui/RCS.cpp:800 +#, qt-format +msgid "Error checking file out: %1" +msgstr "Error chequeando fichero de salida: %1" + +#: src/gui/RCS.cpp:558 +#, qt-format +msgid "" +"Fatal error during initial RCS checkin of file %1 :\n" +" %2\n" +"Exit status %3" +msgstr "" +"Error falta durante chequeo TCS inicial del fichero %1 :\n" +"%2\n" +"Estatus de salida %3" + +#: src/gui/RCS.cpp:687 +msgid "Error creating temporary file " +msgstr "Error creando fichero temporal " + +#: src/gui/RCS.cpp:700 +msgid "Error writing to temporary file " +msgstr "Error escribiendo a fichero temporal" + +#: src/gui/RCS.cpp:732 +#, qt-format +msgid "" +"File is opened and locked by %1.\n" +"You can only open it read-only." +msgstr "" +"Fichero abierto y bloqueado por %1.\n" +"Puede solo abrirse en modo sólo-lectura." + +#: src/gui/RCS.cpp:745 +#, qt-format +msgid "" +"Revision %1 of this file has been checked out and locked by you earlier.\n" +"The file may be opened in another copy of Firewall Builder or was left " +"opened\n" +"after the program crashed." +msgstr "" +"La revisión %1 de este fichero ha sido marcado y bloqueado por ti " +"anteriormente.\n" +"Este fichero puede estar abierto por otra copia de Firewall Builder o ha " +"sido dejada abierta\n" +"después de que el programa murió." + +#: src/gui/RCS.cpp:748 +msgid "Open &read-only" +msgstr "Abrir sólo-lectu&ra" + +#: src/gui/RCS.cpp:748 +msgid "&Open and continue editing" +msgstr "Abrir y c&ontinuar editando" + +#: src/gui/RCS.cpp:991 +#, qt-format +msgid "Fatal error running rlog for %1" +msgstr "Error fatal ejecutando rlog para %1" + +#: src/gui/RCS.cpp:1031 +#, qt-format +msgid "Fatal error running rcsdiff for file %1" +msgstr "Error fatal ejecutando rcsdiff para fichero %1" + +#: src/gui/RCSFilePreview.cpp:137 +msgid "File is not in RCS" +msgstr "Fichero no esta en RCS" + +#: src/gui/RuleSetView.cpp:206 +msgid "A Rule Set" +msgstr "A Conjunto de Reglas" + +#: src/gui/RuleSetView.cpp:621 +msgid "Outbound " +msgstr "Saliente " + +#: src/gui/RuleSetView.cpp:707 +msgid "Original" +msgstr "Original" + +#: src/gui/RuleSetView.cpp:708 +#, fuzzy +msgid "Default" +msgstr "Borrar" + +#: src/gui/RuleSetView.cpp:711 src/gui/.ui/instdialog_q.cpp:274 +msgid "All" +msgstr "" + +#: src/gui/RuleSetView.cpp:712 src/gui/RuleSetView.cpp:720 +#: src/gui/.ui/timedialog_q.cpp:245 src/gui/.ui/timedialog_q.cpp:262 +msgid "Any" +msgstr "Alguna" + +#: src/gui/RuleSetView.cpp:1457 src/gui/RuleSetView.cpp:1717 +#: src/gui/RuleSetView.cpp:1745 src/gui/.ui/FWBMainWindow_q.cpp:521 +#: src/gui/.ui/FWBMainWindow_q.cpp:522 +msgid "Insert Rule" +msgstr "Insertar Regla" + +#: src/gui/RuleSetView.cpp:1459 src/gui/RuleSetView.cpp:1473 +msgid "Paste Rule" +msgstr "Pegar Regla" + +#: src/gui/RuleSetView.cpp:1603 +#, fuzzy +msgid "Parameters" +msgstr "Fragmentos" + +#: src/gui/RuleSetView.cpp:1620 +msgid "Inbound" +msgstr "Entrante" + +#: src/gui/RuleSetView.cpp:1624 +msgid "Outbound" +msgstr "Saliente" + +#: src/gui/RuleSetView.cpp:1628 +msgid "Both" +msgstr "Ambos" + +#: src/gui/RuleSetView.cpp:1637 +msgid "Rule Options" +msgstr "Opciones de Regla" + +#: src/gui/RuleSetView.cpp:1644 +msgid "Logging On" +msgstr "" + +#: src/gui/RuleSetView.cpp:1648 +msgid "Logging Off" +msgstr "" + +#: src/gui/RuleSetView.cpp:1674 +#, fuzzy +msgid "Reveal in tree" +msgstr "Buscar en el árbol" + +#: src/gui/RuleSetView.cpp:1677 +msgid "Negate" +msgstr "Negar" + +#: src/gui/RuleSetView.cpp:1725 +#, qt-format +msgid "Rules: %1-%2" +msgstr "Reglas: %1-%2" + +#: src/gui/RuleSetView.cpp:1728 +#, qt-format +msgid "Rule: %1" +msgstr "Regla: %1" + +#: src/gui/RuleSetView.cpp:1733 +msgid "Color Label:" +msgstr "Color de Etiqueta:" + +#: src/gui/RuleSetView.cpp:1747 src/gui/.ui/FWBMainWindow_q.cpp:527 +#: src/gui/.ui/FWBMainWindow_q.cpp:528 +msgid "Add Rule Below" +msgstr "Añadir Regla Abajo" + +#: src/gui/RuleSetView.cpp:1750 src/gui/.ui/FWBMainWindow_q.cpp:529 +#: src/gui/.ui/FWBMainWindow_q.cpp:530 +msgid "Remove Rule" +msgstr "Eliminar Regla" + +#: src/gui/RuleSetView.cpp:1751 +msgid "Remove Rules" +msgstr "Eliminar Reglas" + +#: src/gui/RuleSetView.cpp:1754 +msgid "Move Rule" +msgstr "Mover Regla" + +#: src/gui/RuleSetView.cpp:1755 +msgid "Move Rules" +msgstr "Mover Reglas" + +#: src/gui/RuleSetView.cpp:1761 src/gui/.ui/FWBMainWindow_q.cpp:532 +#: src/gui/.ui/FWBMainWindow_q.cpp:533 +msgid "Copy Rule" +msgstr "Copiar Regla" + +#: src/gui/RuleSetView.cpp:1763 src/gui/.ui/FWBMainWindow_q.cpp:534 +#: src/gui/.ui/FWBMainWindow_q.cpp:535 +msgid "Cut Rule" +msgstr "Cortar Regla" + +#: src/gui/RuleSetView.cpp:1765 src/gui/.ui/FWBMainWindow_q.cpp:536 +#: src/gui/.ui/FWBMainWindow_q.cpp:537 +msgid "Paste Rule Above" +msgstr "Pegar Regla Arriba" + +#: src/gui/RuleSetView.cpp:1767 src/gui/.ui/FWBMainWindow_q.cpp:538 +#: src/gui/.ui/FWBMainWindow_q.cpp:539 +msgid "Paste Rule Below" +msgstr "Pegar Regla Abajo" + +#: src/gui/RuleSetView.cpp:1774 +msgid "Enable Rule" +msgstr "Activar Regla" + +#: src/gui/RuleSetView.cpp:1775 +msgid "Enable Rules" +msgstr "Activar Reglas" + +#: src/gui/RuleSetView.cpp:1779 +msgid "Disable Rule" +msgstr "Desactivar Regla" + +#: src/gui/RuleSetView.cpp:1780 +msgid "Disable Rules" +msgstr "Desactivar Reglas" + +#: src/gui/RuleSetView.cpp:3306 src/gui/RuleSetView.cpp:3396 +msgid "Source" +msgstr "Origen" + +#: src/gui/RuleSetView.cpp:3309 src/gui/RuleSetView.cpp:3399 +#: src/gui/RuleSetView.cpp:3559 +msgid "Destination" +msgstr "Destino" + +#: src/gui/RuleSetView.cpp:3312 src/gui/RuleSetView.cpp:3402 +msgid "Service" +msgstr "Servicio" + +#: src/gui/RuleSetView.cpp:3318 src/gui/RuleSetView.cpp:3405 +msgid "Direction" +msgstr "Dirección" + +#: src/gui/RuleSetView.cpp:3321 src/gui/RuleSetView.cpp:3408 +msgid "Action" +msgstr "Acción" + +#: src/gui/RuleSetView.cpp:3326 src/gui/RuleSetView.cpp:3413 +#: src/gui/.ui/timedialog_q.cpp:241 +msgid "Time" +msgstr "Tiempo" + +#: src/gui/RuleSetView.cpp:3332 src/gui/RuleSetView.cpp:3419 +#: src/gui/RuleSetView.cpp:3499 src/gui/RuleSetView.cpp:3571 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:206 +#: src/gui/.ui/linux24advanceddialog_q.cpp:415 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:184 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:198 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1854 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:308 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:212 +msgid "Options" +msgstr "Opciones" + +#: src/gui/RuleSetView.cpp:3336 src/gui/RuleSetView.cpp:3423 +#: src/gui/RuleSetView.cpp:3502 src/gui/RuleSetView.cpp:3574 +msgid "Comment" +msgstr "Comentario" + +#: src/gui/RuleSetView.cpp:3481 +msgid "Original Src" +msgstr "Src Original" + +#: src/gui/RuleSetView.cpp:3484 +msgid "Original Dst" +msgstr "Dst Original" + +#: src/gui/RuleSetView.cpp:3487 +msgid "Original Srv" +msgstr "Srv Original" + +#: src/gui/RuleSetView.cpp:3490 +msgid "Translated Src" +msgstr "Src Traducido" + +#: src/gui/RuleSetView.cpp:3493 +msgid "Translated Dst" +msgstr "Dst Traducido" + +#: src/gui/RuleSetView.cpp:3496 +msgid "Translated Srv" +msgstr "Srv Traducido" + +#: src/gui/RuleSetView.cpp:3562 +#, fuzzy +msgid "Gateway" +msgstr "Puerto de Puerta de Enlace:" + +#: src/gui/RuleSetView.cpp:3568 +#, fuzzy +msgid "Metric" +msgstr "Servicio" + +#: src/gui/SimpleTextEditor.cpp:71 +#, fuzzy +msgid "Choose file" +msgstr "Elija fichero a importar" + +#: src/gui/SSHPIX.cpp:136 src/gui/SSHUnx.cpp:95 +#, fuzzy +msgid "" +"\n" +"*** Fatal error :" +msgstr "*** Error fatal :" + +#: src/gui/SSHPIX.cpp:170 src/gui/SSHUnx.cpp:151 +#, fuzzy +msgid "Logged in" +msgstr "Conectado e idenficado\n" + +#: src/gui/SSHPIX.cpp:171 +#, fuzzy +msgid "Switching to enable mode..." +msgstr "Cambiando a modo activado...\n" + +#: src/gui/SSHPIX.cpp:205 src/gui/SSHUnx.cpp:176 +msgid "New RSA key" +msgstr "Nueva clave RSA" + +#: src/gui/SSHPIX.cpp:206 src/gui/SSHUnx.cpp:177 +msgid "Yes" +msgstr "Si" + +#: src/gui/SSHPIX.cpp:206 src/gui/SSHUnx.cpp:177 +msgid "No" +msgstr "No" + +#: src/gui/SSHPIX.cpp:252 +msgid "In enable mode." +msgstr "In modo activo." + +#: src/gui/SSHPIX.cpp:387 src/gui/SSHPIX.cpp:783 +msgid "Pushing firewall configuration" +msgstr "Poniendo configuración del cortafuegos" + +#: src/gui/SSHPIX.cpp:424 +#, qt-format +msgid "Rule %1" +msgstr "Regla %1" + +#: src/gui/SSHPIX.cpp:450 +#, fuzzy +msgid "End" +msgstr "Final:" + +#: src/gui/SSHPIX.cpp:532 +msgid "Making backup copy of the firewall configuration" +msgstr "Hacer copia de seguridad de la configuración del firewall" + +#: src/gui/SSHPIX.cpp:596 +msgid "*** Clearing unused access lists" +msgstr "*** Limpiando listas de acceso no usadas" + +#: src/gui/SSHPIX.cpp:661 +msgid "*** Clearing unused object groups" +msgstr "*** Limpiando grupos de objetos no usados" + +#: src/gui/SSHPIX.cpp:681 +msgid "*** End " +msgstr "*** Fin " + +#: src/gui/SSHPIX.cpp:692 +msgid "Reading current firewall configuration" +msgstr "Leyendo la configuración actual del cortafuegos" + +#: src/gui/SSHPIX.cpp:717 +msgid "Generating configuration diff" +msgstr "Generando diff de configuración" + +#: src/gui/SSHPIX.cpp:732 +#, qt-format +msgid "Fork failed for %1" +msgstr "Fork falló para %1" + +#: src/gui/SSHPIX.cpp:738 +msgid "Not enough memory." +msgstr "No hay suficiente memoria." + +#: src/gui/SSHPIX.cpp:743 +msgid "Too many opened file descriptors in the system." +msgstr "Demasiados descriptores de ficheros abiertos en el sistema." + +#: src/gui/SSHPIX.cpp:769 +msgid "Empty configuration diff" +msgstr "Diff de configuración vacio" + +#: src/gui/SSHSession.cpp:90 +#, qt-format +msgid "" +"You are connecting to the firewall '%1' for the first time. It has " +"provided you its identification in a form of its host public key. The " +"fingerprint of the host public key is: \"%2\" You can save the host key to " +"the local database by pressing YES, or you can cancel connection by pressing " +"NO. You should press YES only if you are sure you are really connected to " +"the firewall '%3'." +msgstr "" +"Esta conectandose a el cortafuegos '%1' por primera vez. Se le ha " +"proveido con una identificación tipo clave pública de la máquina. La clave " +"pública de la máquina es: \"%2\". Puede guardar la clave de la máquina a una " +"base de datos local pulsando SI, o puede cancelear la conexión pulsando NO. " +"Debería puslar YES sólo si esta seguro de estar realmente conectado a el " +"cortafuegos '%3'." + +#: src/gui/SSHSession.cpp:180 +msgid "Failed to start ssh" +msgstr "Fallo al iniciar ssh" + +#: src/gui/SSHSession.cpp:498 +msgid "ERROR" +msgstr "ERROR" + +#: src/gui/SSHSession.cpp:498 src/gui/.ui/filepropdialog_q.cpp:126 +#: src/gui/.ui/instoptionsdialog_q.cpp:285 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1825 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:309 +#: src/gui/.ui/simpleinteditor_q.cpp:91 src/gui/.ui/simpletexteditor_q.cpp:95 +msgid "OK" +msgstr "OK" + +#: src/gui/SSHSession.cpp:500 +#, qt-format +msgid "SSH session terminated, exit status: %1" +msgstr "Session SSH terminada, estatus al salir: %1" + +#: src/gui/SSHUnx.cpp:236 +msgid "Done" +msgstr "Hecho" + +#: src/gui/SSHUnx.cpp:248 +msgid "Error in SSH" +msgstr "Error en SSH" + +#: src/gui/StartWizard.cpp:106 +#, qt-format +msgid "File %1 is read-only, you can not save changes to it." +msgstr "Fichero %1 es de sólo-lectura, no se pueden guardar los cambios." + +#: src/gui/StartWizard.cpp:171 +#, qt-format +msgid "" +"Error opening file:\n" +"%1" +msgstr "" +"Error abriendo fichero:\n" +"%1" + +#: src/gui/TCPServiceDialog.cpp:176 src/gui/UDPServiceDialog.cpp:118 +msgid "Invalid range defined for the source port." +msgstr "" + +#: src/gui/TCPServiceDialog.cpp:184 src/gui/UDPServiceDialog.cpp:126 +msgid "Invalid range defined for the destination port." +msgstr "" + +#: src/gui/TimeDialog.cpp:68 src/gui/TimeDialog.cpp:69 +#: src/gui/.ui/timedialog_q.cpp:256 src/gui/.ui/timedialog_q.cpp:259 +#, fuzzy +msgid "(M/D/Y)" +msgstr "Fecha (M/D/Y):" + +#: src/gui/TimeDialog.cpp:73 src/gui/TimeDialog.cpp:74 +#, fuzzy +msgid "(D/M/Y)" +msgstr "Fecha (D/M/Y):" + +#: src/gui/TimeDialog.cpp:78 src/gui/TimeDialog.cpp:79 +#, fuzzy +msgid "(Y/M/D)" +msgstr "Fecha (Y/M/D):" + +#: src/gui/TimeDialog.cpp:83 src/gui/TimeDialog.cpp:84 +#, fuzzy +msgid "(Y/D/M)" +msgstr "Fecha (Y/D/M):" + +#: src/gui/.ui/aboutdialog_q.cpp:136 src/gui/.ui/aboutdialog_q.cpp:137 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:109 +#: src/gui/.ui/FWBMainWindow_q.cpp:439 +msgid "Firewall Builder" +msgstr "Firewall Builder" + +#: src/gui/.ui/aboutdialog_q.cpp:138 +msgid "Using libfwbuilder API v" +msgstr "Usando libfwbuilder API v" + +#: src/gui/.ui/aboutdialog_q.cpp:139 +msgid "Revision: " +msgstr "Revisión: " + +#: src/gui/.ui/aboutdialog_q.cpp:140 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:187 +#: src/gui/.ui/ipfadvanceddialog_q.cpp:547 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:351 +#: src/gui/.ui/iptadvanceddialog_q.cpp:599 +#: src/gui/.ui/linksysadvanceddialog_q.cpp:196 +#: src/gui/.ui/linux24advanceddialog_q.cpp:366 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:165 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:173 +#: src/gui/.ui/pagesetupdialog_q.cpp:108 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1000 src/gui/.ui/prefsdialog_q.cpp:364 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:183 +msgid "&OK" +msgstr "&OK" + +#: src/gui/.ui/aboutdialog_q.cpp:142 +#, fuzzy +msgid "Copyright 2002-2006 NetCitadel, LLC" +msgstr "Copyright 2002-2004 NetCitadel, LLC" + +#: src/gui/.ui/aboutdialog_q.cpp:143 +msgid "" +"

    http://www." +"fwbuilder.org

    " +msgstr "" +"

    http://www." +"fwbuilder.org

    " + +#: src/gui/.ui/actionsdialog_q.cpp:451 +msgid "Actions Dialog" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:452 +msgid "fw/rule num/action" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:453 +msgid "Tag string:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:454 +msgid "" +"If rule action is 'Reject', this option defines firewall's reaction to the " +"packet matching the rule" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:455 +msgid "This action has no parameters." +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:456 +msgid "Tag value:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:457 +msgid "Mark connections created by packets that match this rule" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:458 +msgid "Requires CONNMARK target" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:459 +msgid "" +"Note: this action translates into MARK target for iptables. Normally this " +"target is non-terminating, that is, other rules with Classify or Tag actions " +"belog this one will process the same packet. However, Firewall Builder can " +"emulate terminating behavior for this action. Option in the \"compiler\" tab " +"of the firewall object properties dialog activates emulation." +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:460 +msgid "Emulation is currently ON, the rule will be terminating" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:461 +msgid "" +"Rule name for accounting. (white spaces and special characters are not " +"allowed)" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:462 +msgid "Packet classification can be implemented in different ways:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:464 +msgid "use dummynet(4) 'pipe'" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:465 +msgid "use dummynet(4) 'queue'" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:466 +msgid "Pipe or queue number:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:467 +#, fuzzy +msgid "Custom string:" +msgstr "usar cadena de texto" + +#: src/gui/.ui/actionsdialog_q.cpp:468 +msgid "Classify string:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:469 +msgid "" +"Note: CLASSIFY target in iptables is non-terminating, that is other rules " +"with Classify or Mark target below this will process the same packet. " +"However, Firewall Builder can emulate terminating behavior for this action. " +"Emulation is activated by an option in the \"compiler\" tab of the firewall " +"object properties dialog." +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:471 +#, fuzzy +msgid "Divert socket port number:" +msgstr "Número de protocolo:" + +#: src/gui/.ui/actionsdialog_q.cpp:472 +msgid "User-defined chain name:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:473 +msgid "" +"In addition to 'filter', create branching rule in 'mangle' table as well" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:474 +#, fuzzy +msgid "Anchor name:" +msgstr "Acción" + +#: src/gui/.ui/actionsdialog_q.cpp:479 src/gui/.ui/actionsdialog_q.cpp:486 +#, fuzzy +msgid "interface" +msgstr "Interfaz" + +#: src/gui/.ui/actionsdialog_q.cpp:480 src/gui/.ui/actionsdialog_q.cpp:487 +msgid "next hop" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:481 +msgid "Fastroute" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:488 +#, fuzzy +msgid "Change inbound interface to" +msgstr "Intefaz de administración" + +#: src/gui/.ui/actionsdialog_q.cpp:489 +msgid "Route through gateway" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:490 +#, fuzzy +msgid "Change outbound interface to" +msgstr "Intefaz de administración" + +#: src/gui/.ui/actionsdialog_q.cpp:491 +#, fuzzy +msgid "Continue packet inspection" +msgstr "&Continuar arriba" + +#: src/gui/.ui/actionsdialog_q.cpp:492 +msgid "Make a copy" +msgstr "" + +#: src/gui/.ui/addressrangedialog_q.cpp:162 +#: src/gui/.ui/addressrangedialog_q.cpp:163 +msgid "Address Range" +msgstr "Rango de Direcciones" + +#: src/gui/.ui/addressrangedialog_q.cpp:164 +#: src/gui/.ui/addresstabledialog_q.cpp:198 +#: src/gui/.ui/customservicedialog_q.cpp:179 +#: src/gui/.ui/dnsnamedialog_q.cpp:173 src/gui/.ui/firewalldialog_q.cpp:215 +#: src/gui/.ui/groupobjectdialog_q.cpp:188 src/gui/.ui/hostdialog_q.cpp:149 +#: src/gui/.ui/icmpservicedialog_q.cpp:169 +#: src/gui/.ui/interfacedialog_q.cpp:233 src/gui/.ui/ipservicedialog_q.cpp:210 +#: src/gui/.ui/ipv4dialog_q.cpp:171 src/gui/.ui/librarydialog_q.cpp:141 +#: src/gui/.ui/networkdialog_q.cpp:165 src/gui/.ui/physaddressdialog_q.cpp:154 +#: src/gui/.ui/tagservicedialog_q.cpp:149 +#: src/gui/.ui/tcpservicedialog_q.cpp:372 src/gui/.ui/timedialog_q.cpp:271 +#: src/gui/.ui/udpservicedialog_q.cpp:223 +msgid "Comment:" +msgstr "Comentario:" + +#: src/gui/.ui/addressrangedialog_q.cpp:165 +msgid "Range End:" +msgstr "Final de Rango:" + +#: src/gui/.ui/addressrangedialog_q.cpp:166 +msgid "Range Start:" +msgstr "Comienzo de Rango:" + +#: src/gui/.ui/addressrangedialog_q.cpp:167 +#: src/gui/.ui/addresstabledialog_q.cpp:200 +#: src/gui/.ui/customservicedialog_q.cpp:180 +#: src/gui/.ui/dnsnamedialog_q.cpp:178 src/gui/.ui/firewalldialog_q.cpp:216 +#: src/gui/.ui/groupobjectdialog_q.cpp:193 src/gui/.ui/hostdialog_q.cpp:147 +#: src/gui/.ui/icmpservicedialog_q.cpp:170 +#: src/gui/.ui/interfacedialog_q.cpp:234 src/gui/.ui/ipservicedialog_q.cpp:219 +#: src/gui/.ui/ipv4dialog_q.cpp:172 src/gui/.ui/librarydialog_q.cpp:139 +#: src/gui/.ui/networkdialog_q.cpp:166 src/gui/.ui/newfirewalldialog_q.cpp:516 +#: src/gui/.ui/newhostdialog_q.cpp:392 src/gui/.ui/physaddressdialog_q.cpp:151 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:820 +#: src/gui/.ui/tagservicedialog_q.cpp:151 +#: src/gui/.ui/tcpservicedialog_q.cpp:398 src/gui/.ui/timedialog_q.cpp:272 +#: src/gui/.ui/udpservicedialog_q.cpp:231 +msgid "Name:" +msgstr "Nombre:" + +#: src/gui/.ui/addressrangedialog_q.cpp:168 +#: src/gui/.ui/addresstabledialog_q.cpp:199 +#: src/gui/.ui/customservicedialog_q.cpp:181 +#: src/gui/.ui/dnsnamedialog_q.cpp:177 src/gui/.ui/firewalldialog_q.cpp:217 +#: src/gui/.ui/groupobjectdialog_q.cpp:192 src/gui/.ui/hostdialog_q.cpp:148 +#: src/gui/.ui/icmpservicedialog_q.cpp:171 +#: src/gui/.ui/interfacedialog_q.cpp:236 src/gui/.ui/ipservicedialog_q.cpp:218 +#: src/gui/.ui/ipv4dialog_q.cpp:173 src/gui/.ui/networkdialog_q.cpp:167 +#: src/gui/.ui/newgroupdialog_q.cpp:98 src/gui/.ui/physaddressdialog_q.cpp:152 +#: src/gui/.ui/tagservicedialog_q.cpp:150 +#: src/gui/.ui/tcpservicedialog_q.cpp:399 src/gui/.ui/timedialog_q.cpp:273 +#: src/gui/.ui/udpservicedialog_q.cpp:230 +msgid "Library:" +msgstr "Librería:" + +#: src/gui/.ui/addresstabledialog_q.cpp:196 +#: src/gui/.ui/addresstabledialog_q.cpp:197 +#, fuzzy +msgid "Address Table" +msgstr "Rango de Direcciones" + +#: src/gui/.ui/addresstabledialog_q.cpp:202 +#: src/gui/.ui/dnsnamedialog_q.cpp:175 +#, fuzzy +msgid "Compile Time" +msgstr "Compilar" + +#: src/gui/.ui/addresstabledialog_q.cpp:203 +#: src/gui/.ui/dnsnamedialog_q.cpp:176 +#, fuzzy +msgid "Run Time" +msgstr "Tiempo" + +#: src/gui/.ui/addresstabledialog_q.cpp:204 +#, fuzzy +msgid "File name:" +msgstr "Nombre de fichero: %1" + +#: src/gui/.ui/addresstabledialog_q.cpp:205 +#: src/gui/.ui/addresstabledialog_q.cpp:206 +#, fuzzy +msgid "Browse" +msgstr "Navegar..." + +#: src/gui/.ui/addresstabledialog_q.cpp:207 +#, fuzzy +msgid "Preview" +msgstr "rev" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:87 +msgid "Enter New Position For The Rule" +msgstr "Introduzca nueva posición para la regla" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:88 +msgid "Enter new position for selected rules:" +msgstr "Introduzca nueva posición para las reglas seleccionadas" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:89 +msgid "&Move" +msgstr "&Mover" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:90 +msgid "Alt+M" +msgstr "" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:92 src/gui/.ui/debugdialog_q.cpp:76 +#: src/gui/.ui/execdialog_q.cpp:96 src/gui/.ui/pagesetupdialog_q.cpp:111 +msgid "Alt+C" +msgstr "" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:108 src/gui/.ui/prefsdialog_q.cpp:401 +msgid "Orange" +msgstr "Naranja" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:110 src/gui/.ui/prefsdialog_q.cpp:408 +msgid "Green" +msgstr "Verde" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:112 src/gui/.ui/prefsdialog_q.cpp:406 +msgid "Purple" +msgstr "Purpura" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:114 src/gui/.ui/prefsdialog_q.cpp:398 +msgid "Blue" +msgstr "Azul" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:116 src/gui/.ui/prefsdialog_q.cpp:399 +msgid "Yellow" +msgstr "Amarillo" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:118 src/gui/.ui/prefsdialog_q.cpp:409 +msgid "Gray" +msgstr "Gris" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:120 src/gui/.ui/prefsdialog_q.cpp:397 +msgid "Red" +msgstr "Rojo" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:122 +msgid "No color" +msgstr "Sin color" + +#: src/gui/.ui/commenteditorpanel_q.cpp:95 +#, fuzzy +msgid "Comment Editor Panel" +msgstr "Editor de Comentarios" + +#: src/gui/.ui/commenteditorpanel_q.cpp:96 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:155 +#: src/gui/.ui/routingruleoptionsdialog_q.cpp:119 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:784 +msgid "fw/rule num" +msgstr "" + +#: src/gui/.ui/commenteditorpanel_q.cpp:98 +#: src/gui/.ui/simpletexteditor_q.cpp:97 +msgid "Import from file ..." +msgstr "Importar desde fichero ..." + +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:67 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:114 +#, fuzzy +msgid "Parent" +msgstr "Imprimir" + +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:68 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:115 +#: src/gui/.ui/findwhereusedwidget_q.cpp:63 +#: src/gui/.ui/findwhereusedwidget_q.cpp:120 +msgid "Details" +msgstr "" + +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:112 +msgid "" +"Groups and firewall policy rules shown in the list below reference objects " +"you are about to delete. If you delete objects, they will be removed from " +"these groups and rules." +msgstr "" + +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:116 +msgid "" +"Deleted objects are moved to the \"Deleted objects\" library. You can " +"recover them later by moving back to the user's library. However if you " +"delete an object already located in the \"Deleted objects\" library, it is " +"destroyed and can not be restored." +msgstr "" + +#: src/gui/.ui/customservicedialog_q.cpp:182 +msgid "" +"Custom service object has separate code string for each supported firewall " +"platform." +msgstr "" +"El objeto de servicio custom tiene una cadena de código para cada plataforma " +"de cortafuegos soportada." + +#: src/gui/.ui/customservicedialog_q.cpp:183 +#: src/gui/.ui/discoverydruid_q.cpp:940 src/gui/.ui/firewalldialog_q.cpp:218 +msgid "Platform:" +msgstr "Plataforma:" + +#: src/gui/.ui/customservicedialog_q.cpp:184 +#: src/gui/.ui/tagservicedialog_q.cpp:152 +msgid "Code:" +msgstr "Código:" + +#: src/gui/.ui/debugdialog_q.cpp:74 +msgid "Debugging Info" +msgstr "Información de Debug" + +#: src/gui/.ui/debugdialog_q.cpp:75 src/gui/.ui/execdialog_q.cpp:95 +#: src/gui/.ui/FWBMainWindow_q.cpp:498 +msgid "&Close" +msgstr "&Cerrar" + +#: src/gui/.ui/discoverydruid_q.cpp:750 src/gui/.ui/discoverydruid_q.cpp:1025 +#, fuzzy +msgid "Interfaces" +msgstr "Interfaz" + +#: src/gui/.ui/discoverydruid_q.cpp:752 src/gui/.ui/discoverydruid_q.cpp:1026 +#: src/gui/.ui/filterdialog_q.cpp:91 src/gui/.ui/filterdialog_q.cpp:164 +#, fuzzy +msgid "Type" +msgstr "tipo: " + +#: src/gui/.ui/discoverydruid_q.cpp:921 src/gui/.ui/FWBMainWindow_q.cpp:565 +#: src/gui/.ui/FWBMainWindow_q.cpp:566 +msgid "Discovery Druid" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:922 +msgid "" +"Choose discovery method used to collect information about network objects " +"from the list below and click 'Next' to continue." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:923 +msgid "Discovery method:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:924 +msgid "Read file in hosts format" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:925 src/gui/.ui/discoverydruid_q.cpp:948 +msgid "Import DNS zone" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:926 +msgid "Perform network discovery using SNMP" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:927 src/gui/.ui/discoverydruid_q.cpp:942 +#, fuzzy +msgid "Import configuration of a firewall or a router" +msgstr "Guardar diff de configuración en un fichero" + +#: src/gui/.ui/discoverydruid_q.cpp:928 +msgid "Discovery Method" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:929 +msgid "Enter full path and file name below or click \"Browse\" to find it:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:930 +msgid "File in hosts format" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:931 +#, fuzzy +msgid "Browse ..." +msgstr "Navegar..." + +#: src/gui/.ui/discoverydruid_q.cpp:932 +msgid "Reading file in hosts format" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:933 +msgid "" +"All objects created during import will be placed in the library currently " +"opened in the tree." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:934 +msgid "" +"Policy import tries to parse given configuration file and preserve its logic " +"as close as possible. However, very often target firewall configuration " +"allows for more commands, options and their combinations than importer can " +"understand. Rules that importer could not parse exactly are colored red in " +"the rule sets it creates. Always inspect firewall policy created by the " +"importer and compare it with the original. Manual changes and corrections " +"may be required. Comments in the rules that could not be parsed show " +"fragments of the original configuration parser did not understand." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:935 +#, fuzzy +msgid "Import from file: " +msgstr "Importar desde fichero ..." + +#: src/gui/.ui/discoverydruid_q.cpp:936 src/gui/.ui/prefsdialog_q.cpp:380 +#: src/gui/.ui/prefsdialog_q.cpp:385 +msgid "Browse..." +msgstr "Navegar..." + +#: src/gui/.ui/discoverydruid_q.cpp:938 +msgid "Cisco IOS" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:939 +#, fuzzy +msgid "iptables" +msgstr "desactivar" + +#: src/gui/.ui/discoverydruid_q.cpp:941 +#: src/gui/.ui/printingprogressdialog_q.cpp:75 +#, fuzzy +msgid "textLabel1" +msgstr "Etiqueta" + +#: src/gui/.ui/discoverydruid_q.cpp:943 +msgid "" +"This discovery method creates objects for all 'A' records found in DNS " +"domain. You will later have a chance to accept only those objects you wish " +"and ignore others.\n" +"Please enter the domain name below:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:945 +#, fuzzy +msgid "Domain name" +msgstr "Acción" + +#: src/gui/.ui/discoverydruid_q.cpp:946 +msgid "" +"Objects created using this method may have long or short names. long name " +"consists of the host name and full domain name (this is called Fully " +"Qualified Domain Name). Short name consists of only host name. Check in " +"the box below if you wish to use long name, then click next to continue:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:947 +#, fuzzy +msgid "Use long names" +msgstr "Nombre de usuario:" + +#: src/gui/.ui/discoverydruid_q.cpp:949 +msgid "" +"DNS zone information has to be transferred from the name server " +"authoritative for the domain. Pick the name server:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:950 src/gui/.ui/discoverydruid_q.cpp:957 +#, fuzzy +msgid "Name server" +msgstr "SNMP servidores" + +#: src/gui/.ui/discoverydruid_q.cpp:951 +msgid "choose name server from the list below" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:952 +msgid "server name or its IP address here if you wish to use different one:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:954 +#, fuzzy +msgid "DNS Query options" +msgstr "Opciones de Regla" + +#: src/gui/.ui/discoverydruid_q.cpp:955 +#, fuzzy +msgid "Timeout (sec)" +msgstr "Timeouts" + +#: src/gui/.ui/discoverydruid_q.cpp:956 +#, fuzzy +msgid "Retries" +msgstr "Servicio" + +#: src/gui/.ui/discoverydruid_q.cpp:958 +msgid "" +"This discovery method scans networks looking for hosts or gateways " +"responding to SNMP queries. It pulls host's ARP table and uses all the " +"entries found in it to create objects. Scan starts from the host called " +"\"seed\". Enter \"seed\" host name or address below:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:959 +msgid "'Seed' host" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:961 +#, fuzzy +msgid "Enter a valid host name or address." +msgstr "Máquina Syslog (nombre o dirección IP):" + +#: src/gui/.ui/discoverydruid_q.cpp:962 +msgid "" +"The scanner process can be confined to a certain network, so it won't " +"discover hosts on adjacent networks. If you leave these fields blank, " +"scanner will visit all networks it can find:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:963 +msgid "Confine scan to this network:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:964 src/gui/.ui/ipv4dialog_q.cpp:175 +#: src/gui/.ui/networkdialog_q.cpp:168 src/gui/.ui/newfirewalldialog_q.cpp:518 +#: src/gui/.ui/newhostdialog_q.cpp:406 +msgid "Netmask:" +msgstr "Mascara:" + +#: src/gui/.ui/discoverydruid_q.cpp:965 src/gui/.ui/ipv4dialog_q.cpp:174 +#: src/gui/.ui/networkdialog_q.cpp:169 src/gui/.ui/newfirewalldialog_q.cpp:517 +#: src/gui/.ui/newhostdialog_q.cpp:394 +msgid "Address:" +msgstr "Direccion:" + +#: src/gui/.ui/discoverydruid_q.cpp:967 +#, fuzzy +msgid "Network discovery using SNMP" +msgstr "Descubrir Interfaces usando SNMP" + +#: src/gui/.ui/discoverydruid_q.cpp:968 +msgid "" +"The scanner process can repeat its algorithm recursively using each new host " +"it finds as a new \"seed\". This allows it to find as many objects on your " +"network as possible. On the other hand, it takes more time and may find some " +"objects you do not really need. You can turn recursive scanning on below:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:969 +msgid "Run network scan recursively" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:970 +msgid "" +"The scanner process can find nodes beyond the boundaries of your network by " +"following point-to-point links connecting it to the Internet or other parts " +"of WAN." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:971 +msgid "Follow point-to-point links" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:972 +msgid "" +"The scanner process can distinguish virtual IP addresses created on hosts as " +"static \"published\" ARP entries or as secondary addresses on interfaces." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:973 +#, fuzzy +msgid "Include virtual addresses" +msgstr "Añadir direcciones virtuales para NAT" + +#: src/gui/.ui/discoverydruid_q.cpp:974 +msgid "" +"Analysis of ARP table yields IP addresses for hosts on your network. In " +"order to determine their names, scanner can run reverse name lookup queries " +"using your name servers (DNS):" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:975 +msgid "Run reverse name lookup DNS queries to determine host names" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:976 +#, fuzzy +msgid "Network scan options" +msgstr "Zona de red:" + +#: src/gui/.ui/discoverydruid_q.cpp:977 +msgid "" +"Enter parameters for SNMP and DNS reverse lookup queries below. (If unsure, " +"just leave default values):" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:978 +#, fuzzy +msgid "SNMP query parameters:" +msgstr "Fragmentos" + +#: src/gui/.ui/discoverydruid_q.cpp:979 +#: src/gui/.ui/newfirewalldialog_q.cpp:497 src/gui/.ui/newhostdialog_q.cpp:386 +msgid "SNMP 'read' community string:" +msgstr "Cadena 'read' de la comunidad SNMP:" + +#: src/gui/.ui/discoverydruid_q.cpp:980 src/gui/.ui/discoverydruid_q.cpp:984 +msgid "number of retries:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:981 +#, fuzzy +msgid "timeout (sec):" +msgstr "Timeouts" + +#: src/gui/.ui/discoverydruid_q.cpp:982 +msgid "public" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:983 +#, fuzzy +msgid "DNS parameters:" +msgstr "Fragmentos" + +#: src/gui/.ui/discoverydruid_q.cpp:985 +#, fuzzy +msgid "timeout (sec) :" +msgstr "Timeouts" + +#: src/gui/.ui/discoverydruid_q.cpp:986 +msgid "Number of threads:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:988 +msgid "SNMP and DNS reverse lookup queries parameters" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:990 +msgid "Process name" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:993 +#, fuzzy +msgid "Save scan log to file" +msgstr "Salvando datos a fichero..." + +#: src/gui/.ui/discoverydruid_q.cpp:994 +#, fuzzy +msgid "Process log:" +msgstr "Progreso:" + +#: src/gui/.ui/discoverydruid_q.cpp:995 +msgid "Discovery is in progress" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:996 +msgid "" +"These are the networks found by the scanner process. Choose the ones you " +"wish to use from the list below, then click 'Next':" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:997 src/gui/.ui/discoverydruid_q.cpp:1003 +#: src/gui/.ui/discoverydruid_q.cpp:1008 src/gui/.ui/discoverydruid_q.cpp:1013 +#: src/gui/.ui/discoverydruid_q.cpp:1019 +msgid "Select All" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:998 src/gui/.ui/discoverydruid_q.cpp:1009 +#: src/gui/.ui/discoverydruid_q.cpp:1018 +#, fuzzy +msgid "Filter ..." +msgstr "Dpulicar ..." + +#: src/gui/.ui/discoverydruid_q.cpp:999 src/gui/.ui/discoverydruid_q.cpp:1004 +#: src/gui/.ui/discoverydruid_q.cpp:1010 src/gui/.ui/discoverydruid_q.cpp:1014 +#: src/gui/.ui/discoverydruid_q.cpp:1016 +msgid "Unselect All" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1000 src/gui/.ui/discoverydruid_q.cpp:1007 +#: src/gui/.ui/discoverydruid_q.cpp:1017 +#, fuzzy +msgid "Remove Filter" +msgstr "Eliminar Regla" + +#: src/gui/.ui/discoverydruid_q.cpp:1001 src/gui/.ui/discoverydruid_q.cpp:1011 +msgid "->" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1002 src/gui/.ui/discoverydruid_q.cpp:1012 +msgid "<-" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1005 +#, fuzzy +msgid "Networks" +msgstr "Red" + +#: src/gui/.ui/discoverydruid_q.cpp:1006 +msgid "Choose objects you wish to use, then click 'Next':" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1020 +#, fuzzy +msgid "Change type of selected objects:" +msgstr "Mostrar objetos borrados" + +#: src/gui/.ui/discoverydruid_q.cpp:1027 +msgid "" +"Here you can change type of the objects to be created for each address " +"discovered by the scanner. By default, an \"Address\" object is created for " +"the host with just one interface with single IP address and \"Host\" object " +"is created for the host with multiple interfaces, however you can change " +"their types on this page." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1028 +msgid "Adjust Object types" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1029 +msgid "Select target library" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1030 +#, fuzzy +msgid "Target library" +msgstr "a librería %1" + +#: src/gui/.ui/discoverydruid_q.cpp:1031 +msgid "Adding new objects to library ..." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1032 +#, fuzzy +msgid "Creatnig objects" +msgstr "Crear Nuevo Objeto" + +#: src/gui/.ui/dnsnamedialog_q.cpp:171 src/gui/.ui/dnsnamedialog_q.cpp:172 +#, fuzzy +msgid "DNS Name" +msgstr "Nombre" + +#: src/gui/.ui/dnsnamedialog_q.cpp:179 +msgid "DNS Record:" +msgstr "" + +#: src/gui/.ui/execdialog_q.cpp:92 +msgid "Executing external command" +msgstr "Ejecutar comando externo" + +#: src/gui/.ui/execdialog_q.cpp:93 src/gui/.ui/instdialog_q.cpp:287 +#, fuzzy +msgid "Save log to file" +msgstr "Salvando datos a fichero..." + +#: src/gui/.ui/filepropdialog_q.cpp:114 +msgid "File Properties" +msgstr "Propiedades de Fichero" + +#: src/gui/.ui/filepropdialog_q.cpp:115 +msgid "Location:" +msgstr "Localización:" + +#: src/gui/.ui/filepropdialog_q.cpp:116 +msgid "RO" +msgstr "RO" + +#: src/gui/.ui/filepropdialog_q.cpp:117 +msgid "Revision Control:" +msgstr "Control de revisión:" + +#: src/gui/.ui/filepropdialog_q.cpp:118 +msgid "Time of last modification:" +msgstr "Tiempo de última modificación:" + +#: src/gui/.ui/filepropdialog_q.cpp:119 +msgid "Revision:" +msgstr "Revisión:" + +#: src/gui/.ui/filepropdialog_q.cpp:120 +msgid "Locked by user:" +msgstr "Bloqueado por usuario:" + +#: src/gui/.ui/filepropdialog_q.cpp:121 +msgid "location" +msgstr "localización" + +#: src/gui/.ui/filepropdialog_q.cpp:122 +msgid "lastModified" +msgstr "últimavezModificado" + +#: src/gui/.ui/filepropdialog_q.cpp:123 +msgid "rev" +msgstr "rev" + +#: src/gui/.ui/filepropdialog_q.cpp:124 +msgid "lockedBy" +msgstr "bloqueadoPor" + +#: src/gui/.ui/filepropdialog_q.cpp:125 +msgid "Revision history:" +msgstr "Hístorico de revisión:" + +#: src/gui/.ui/filepropdialog_q.cpp:127 src/gui/.ui/FWBMainWindow_q.cpp:458 +msgid "Print" +msgstr "Imprimir" + +#: src/gui/.ui/filterdialog_q.cpp:89 src/gui/.ui/filterdialog_q.cpp:163 +msgid "Target" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:93 src/gui/.ui/filterdialog_q.cpp:165 +#, fuzzy +msgid "Pattern" +msgstr "Pegar" + +#: src/gui/.ui/filterdialog_q.cpp:150 +#, fuzzy +msgid "Filter" +msgstr "&Fichero" + +#: src/gui/.ui/filterdialog_q.cpp:151 src/gui/.ui/FWBMainWindow_q.cpp:452 +#: src/gui/.ui/FWBMainWindow_q.cpp:495 src/gui/.ui/FWBMainWindow_q.cpp:496 +msgid "Save" +msgstr "Guardar" + +#: src/gui/.ui/filterdialog_q.cpp:152 src/gui/.ui/prefsdialog_q.cpp:213 +#: src/gui/.ui/prefsdialog_q.cpp:392 +msgid "Load" +msgstr "Cargar" + +#: src/gui/.ui/filterdialog_q.cpp:153 src/gui/.ui/libexport_q.cpp:112 +msgid "Ok" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:155 +#, fuzzy +msgid "Match" +msgstr "Path" + +#: src/gui/.ui/filterdialog_q.cpp:157 +#, fuzzy +msgid "all" +msgstr "Instalar" + +#: src/gui/.ui/filterdialog_q.cpp:158 src/gui/.ui/icmpservicedialog_q.cpp:173 +#: src/gui/.ui/icmpservicedialog_q.cpp:175 +msgid "any" +msgstr "alguna" + +#: src/gui/.ui/filterdialog_q.cpp:159 +msgid "of the following:" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:161 +msgid "+" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:162 +msgid "Add a new pattern" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:166 +msgid "Case sensitive" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:167 +msgid "-" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:168 +msgid "Remove a pattern" +msgstr "" + +#: src/gui/.ui/finddialog_q.cpp:127 src/gui/.ui/FWBMainWindow_q.cpp:513 +msgid "Find Object" +msgstr "Encontrar Objeto" + +#: src/gui/.ui/finddialog_q.cpp:128 +msgid "Text to be found in object names:" +msgstr "Texto a ser encontrado en los nombres de objetos:" + +#: src/gui/.ui/finddialog_q.cpp:129 +msgid "Search in policy rules" +msgstr "Buscar en reglas de políticas" + +#: src/gui/.ui/finddialog_q.cpp:130 +msgid "Search in the tree" +msgstr "Buscar en el árbol" + +#: src/gui/.ui/finddialog_q.cpp:132 +msgid "Matching attribute:" +msgstr "" + +#: src/gui/.ui/finddialog_q.cpp:135 src/gui/.ui/findobjectwidget_q.cpp:205 +msgid "TCP/UDP port" +msgstr "" + +#: src/gui/.ui/finddialog_q.cpp:136 src/gui/.ui/findobjectwidget_q.cpp:206 +#, fuzzy +msgid "Protocol number" +msgstr "Número de protocolo:" + +#: src/gui/.ui/finddialog_q.cpp:137 src/gui/.ui/findobjectwidget_q.cpp:207 +#, fuzzy +msgid "ICMP type" +msgstr "Tipo ICMP:" + +#: src/gui/.ui/finddialog_q.cpp:138 src/gui/.ui/findobjectwidget_q.cpp:208 +msgid "Search for substring using regular expressions" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:187 +#: src/gui/.ui/findwhereusedwidget_q.cpp:116 +#: src/gui/.ui/fwobjectdroparea_q.cpp:49 +#: src/gui/.ui/tagservicedialog_q.cpp:147 +msgid "Form1" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:188 +#, fuzzy +msgid " Replace object " +msgstr "Reemplazar con este objeto" + +#: src/gui/.ui/findobjectwidget_q.cpp:189 +msgid "Replace && Find" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:192 +msgid "Replace all" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:193 +#, fuzzy +msgid "Replace" +msgstr "Plantillas" + +#: src/gui/.ui/findobjectwidget_q.cpp:194 +msgid "Scope for search and replace :" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:196 +#, fuzzy +msgid "Tree only" +msgstr " ( sólo lectura )" + +#: src/gui/.ui/findobjectwidget_q.cpp:197 +msgid "Tree and policy of all firewalls" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:198 +msgid "Policy of all firewalls" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:199 +msgid "policy of the opened firewall" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:200 +#: src/gui/.ui/findwhereusedwidget_q.cpp:122 +#: src/gui/.ui/FWBMainWindow_q.cpp:446 src/gui/.ui/FWBMainWindow_q.cpp:497 +#: src/gui/.ui/simpletextview_q.cpp:94 +msgid "Close" +msgstr "Cerrar" + +#: src/gui/.ui/findobjectwidget_q.cpp:201 +#, fuzzy +msgid " Find object" +msgstr "Encontrar Objeto" + +#: src/gui/.ui/findwhereusedwidget_q.cpp:62 +#: src/gui/.ui/findwhereusedwidget_q.cpp:119 +#, fuzzy +msgid "Parent Object" +msgstr "Objeto Actual " + +#: src/gui/.ui/findwhereusedwidget_q.cpp:117 +#, fuzzy +msgid "Object:" +msgstr "Objeto" + +#: src/gui/.ui/findwhereusedwidget_q.cpp:118 +msgid "Object is found in :" +msgstr "" + +#: src/gui/.ui/firewalldialog_q.cpp:211 +msgid "Host OS Settings ..." +msgstr "Opciones del SO de la máquina ..." + +#: src/gui/.ui/firewalldialog_q.cpp:212 +#, fuzzy +msgid "Inactive firewall" +msgstr "Nuevo Cortafuegos" + +#: src/gui/.ui/firewalldialog_q.cpp:213 +msgid "Skip this firewall for batch compile and install operations" +msgstr "" + +#: src/gui/.ui/firewalldialog_q.cpp:214 +msgid "Firewall Settings ..." +msgstr "Opciones del Cortafuegos ..." + +#: src/gui/.ui/firewalldialog_q.cpp:219 +msgid "Version:" +msgstr "Versión:" + +#: src/gui/.ui/firewalldialog_q.cpp:220 +msgid "Host OS:" +msgstr "SO de la máquina:" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:186 +msgid "FreeBSD: advanced settings" +msgstr "FreeBSD: opciones avanzadas" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:191 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:183 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:177 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:211 +msgid "Forward source routed packets" +msgstr "Redirigir paquetes enrutados desde el origen" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:192 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:169 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:197 +msgid "Generate ICMP redirects" +msgstr "Generar redirecciones ICMP" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:193 +#: src/gui/.ui/linux24advanceddialog_q.cpp:406 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:170 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:187 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:202 +msgid "Packet forwarding" +msgstr "Redirección de paquetes" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:207 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:187 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:201 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:215 +msgid "" +"Specify directory path and a file name for the following utilities on the OS " +"your firewall machine is running. Leave these empty if you want to use " +"default values." +msgstr "" +"Espedifica un path o un nombre de fichero para las siguientes utilidades de " +"el SO de la máquina que esta ejecutando el cortafuegos. Deje vacio este " +"valor si quiere usar los valores por defecto." + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:208 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:214 +msgid "ipnat:" +msgstr "ipnat:" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:209 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:186 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:200 +msgid "sysctl:" +msgstr "sysctl:" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:210 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:213 +msgid "ipf:" +msgstr "ipf:" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:211 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:185 +msgid "ipfw:" +msgstr "ipfw:" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:212 +#: src/gui/.ui/linksysadvanceddialog_q.cpp:206 +#: src/gui/.ui/linux24advanceddialog_q.cpp:457 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:188 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:202 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:216 +msgid "Path" +msgstr "Path" + +#: src/gui/.ui/FWBMainWindow_q.cpp:441 +msgid "" +"Click here to change amount of information shown about object selected in " +"the tree" +msgstr "" +"Pulse aquí para cambiar la cantidad de información mostrada por los objectos " +"seleccionados en el árbol" + +#: src/gui/.ui/FWBMainWindow_q.cpp:442 +msgid "Firewall Name" +msgstr "Nombre de cortaFuegos" + +#: src/gui/.ui/FWBMainWindow_q.cpp:443 src/gui/.ui/instdialog_q.cpp:281 +msgid "Firewalls:" +msgstr "Cortafuegos:" + +#: src/gui/.ui/FWBMainWindow_q.cpp:444 +msgid "Tab 1" +msgstr "Pestaña 1" + +#: src/gui/.ui/FWBMainWindow_q.cpp:445 +msgid "Apply" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:447 +msgid "New Object File" +msgstr "Nuevo fichero objeto" + +#: src/gui/.ui/FWBMainWindow_q.cpp:448 +msgid "&New Object File" +msgstr "&Nuevo fichero objeto" + +#: src/gui/.ui/FWBMainWindow_q.cpp:450 +msgid "&Open..." +msgstr "Abrir..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:451 +msgid "Ctrl+O" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:454 +msgid "Ctrl+S" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:455 +msgid "Save As" +msgstr "Guardar Como" + +#: src/gui/.ui/FWBMainWindow_q.cpp:456 +msgid "Save &As..." +msgstr "Gu&ardar Como..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:459 +msgid "&Print..." +msgstr "&Imprimir..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:460 +msgid "Ctrl+P" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:461 +msgid "Exit" +msgstr "Salir" + +#: src/gui/.ui/FWBMainWindow_q.cpp:462 +msgid "E&xit" +msgstr "Salir" + +#: src/gui/.ui/FWBMainWindow_q.cpp:464 +msgid "Undo" +msgstr "Deshacer" + +#: src/gui/.ui/FWBMainWindow_q.cpp:465 +msgid "&Undo" +msgstr "Deshacer" + +#: src/gui/.ui/FWBMainWindow_q.cpp:466 +msgid "Ctrl+Z" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:467 +msgid "Redo" +msgstr "Rehacer" + +#: src/gui/.ui/FWBMainWindow_q.cpp:468 +msgid "&Redo" +msgstr "&Rehacer" + +#: src/gui/.ui/FWBMainWindow_q.cpp:469 +msgid "Ctrl+Y" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:471 +msgid "&Cut" +msgstr "&Cortar" + +#: src/gui/.ui/FWBMainWindow_q.cpp:472 +msgid "Ctrl+X" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:474 +msgid "C&opy" +msgstr "C&opiar" + +#: src/gui/.ui/FWBMainWindow_q.cpp:475 +msgid "Ctrl+C" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:477 +msgid "&Paste" +msgstr "&Pegar" + +#: src/gui/.ui/FWBMainWindow_q.cpp:478 +msgid "Ctrl+V" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:481 src/gui/.ui/FWBMainWindow_q.cpp:517 +msgid "Ctrl+F" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:482 +msgid "Contents" +msgstr "Contenidos" + +#: src/gui/.ui/FWBMainWindow_q.cpp:483 +msgid "&Contents..." +msgstr "&Contenidos" + +#: src/gui/.ui/FWBMainWindow_q.cpp:485 +msgid "Index" +msgstr "Ãndice" + +#: src/gui/.ui/FWBMainWindow_q.cpp:486 +msgid "&Index..." +msgstr "&Ãndice..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:488 +msgid "About" +msgstr "Acerca de" + +#: src/gui/.ui/FWBMainWindow_q.cpp:489 +msgid "&About" +msgstr "&Acerca de" + +#: src/gui/.ui/FWBMainWindow_q.cpp:491 src/gui/.ui/FWBMainWindow_q.cpp:492 +msgid "New" +msgstr "Nuevo" + +#: src/gui/.ui/FWBMainWindow_q.cpp:501 +msgid "Compile rules" +msgstr "Compilar reglas" + +#: src/gui/.ui/FWBMainWindow_q.cpp:504 +msgid "Install firewall policy" +msgstr "Instalar política de cortafuegos" + +#: src/gui/.ui/FWBMainWindow_q.cpp:505 src/gui/.ui/FWBMainWindow_q.cpp:506 +#: src/gui/.ui/objectmanipulator_q.cpp:111 +msgid "Back" +msgstr "Atras" + +#: src/gui/.ui/FWBMainWindow_q.cpp:507 src/gui/.ui/FWBMainWindow_q.cpp:508 +msgid "Move back to the previous object" +msgstr "Mover atras a un objeto previo" + +#: src/gui/.ui/FWBMainWindow_q.cpp:509 +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:155 +#: src/gui/.ui/objectmanipulator_q.cpp:114 +msgid "New Object" +msgstr "Nuevo Objeto" + +#: src/gui/.ui/FWBMainWindow_q.cpp:510 +msgid "&New Object" +msgstr "&Nuevo Objeto" + +#: src/gui/.ui/FWBMainWindow_q.cpp:511 src/gui/.ui/objectmanipulator_q.cpp:115 +msgid "Create New Object" +msgstr "Crear Nuevo Objeto" + +#: src/gui/.ui/FWBMainWindow_q.cpp:512 +msgid "Ctrl+N" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:514 +msgid "&Find Object" +msgstr "Encontrar Objeto" + +#: src/gui/.ui/FWBMainWindow_q.cpp:515 src/gui/.ui/FWBMainWindow_q.cpp:516 +msgid "Find object in the tree" +msgstr "Encontrar objeto en el árbol" + +#: src/gui/.ui/FWBMainWindow_q.cpp:518 +msgid "Preferences..." +msgstr "Preferencias..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:519 +msgid "P&references..." +msgstr "P&referencias..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:520 +msgid "Edit Preferences" +msgstr "Editar Preferencias" + +#: src/gui/.ui/FWBMainWindow_q.cpp:523 src/gui/.ui/FWBMainWindow_q.cpp:524 +msgid "Move Rule Up" +msgstr "Mover Regla Arriba" + +#: src/gui/.ui/FWBMainWindow_q.cpp:525 src/gui/.ui/FWBMainWindow_q.cpp:526 +msgid "Move Rule Down" +msgstr "Mover Regla Abajo" + +#: src/gui/.ui/FWBMainWindow_q.cpp:531 +msgid "Ctrl+Del" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:540 +msgid "Add File to RCS" +msgstr "Añadir Fichero a RCS" + +#: src/gui/.ui/FWBMainWindow_q.cpp:541 +msgid "Add File to &RCS" +msgstr "Añadir Fichero a &RCS" + +#: src/gui/.ui/FWBMainWindow_q.cpp:544 +msgid "Export Library To a File" +msgstr "Exportar Librería A un Fichero" + +#: src/gui/.ui/FWBMainWindow_q.cpp:545 +msgid "&Export Library" +msgstr "&Exportar Librería" + +#: src/gui/.ui/FWBMainWindow_q.cpp:546 +msgid "Import Library From a File" +msgstr "Importar Librería Desde un Fichero" + +#: src/gui/.ui/FWBMainWindow_q.cpp:547 +msgid "&Import Library" +msgstr "&Importar Librería" + +#: src/gui/.ui/FWBMainWindow_q.cpp:548 +msgid "Debug" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:549 +msgid "&Debug" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:550 src/gui/.ui/FWBMainWindow_q.cpp:551 +msgid "&Properties" +msgstr "&Propiedades" + +#: src/gui/.ui/FWBMainWindow_q.cpp:552 +#, fuzzy +msgid "Show File Properties" +msgstr "Propiedades de Fichero" + +#: src/gui/.ui/FWBMainWindow_q.cpp:553 src/gui/.ui/FWBMainWindow_q.cpp:554 +msgid "Move Selected Rules" +msgstr "Mover Reglas Seleccionadas" + +#: src/gui/.ui/FWBMainWindow_q.cpp:555 +msgid "Discard" +msgstr "Descartar" + +#: src/gui/.ui/FWBMainWindow_q.cpp:557 +msgid "" +"Discard Changes and Overwrite With Clean Copy Of The Head Revision From RCS" +msgstr "Descartar cambios y sobrescribir con una copia limpia desde el RCS" + +#: src/gui/.ui/FWBMainWindow_q.cpp:558 +#, fuzzy +msgid "Commit" +msgstr "Comentario" + +#: src/gui/.ui/FWBMainWindow_q.cpp:559 +#, fuzzy +msgid "Co&mmit" +msgstr "Comentario" + +#: src/gui/.ui/FWBMainWindow_q.cpp:560 +#, fuzzy +msgid "Commit Opened File to RCS and Continue Editing" +msgstr "Abrir y c&ontinuar editando" + +#: src/gui/.ui/FWBMainWindow_q.cpp:567 src/gui/.ui/FWBMainWindow_q.cpp:568 +#, fuzzy +msgid "new item" +msgstr "Nuevo Item" + +#: src/gui/.ui/FWBMainWindow_q.cpp:569 src/gui/.ui/FWBMainWindow_q.cpp:570 +msgid "Find Conflicting Objects in Two Files" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:571 +#, fuzzy +msgid "Import Po&licy" +msgstr "&Importar Librería" + +#: src/gui/.ui/FWBMainWindow_q.cpp:572 +msgid "Toolbar" +msgstr "Barra de Herramientas" + +#: src/gui/.ui/FWBMainWindow_q.cpp:573 +msgid "&File" +msgstr "&Fichero" + +#: src/gui/.ui/FWBMainWindow_q.cpp:574 +msgid "&Edit" +msgstr "&Editar" + +#: src/gui/.ui/FWBMainWindow_q.cpp:576 +msgid "Rules" +msgstr "Reglas" + +#: src/gui/.ui/FWBMainWindow_q.cpp:577 +#, fuzzy +msgid "Tools" +msgstr "Barra de Herramientas" + +#: src/gui/.ui/FWBMainWindow_q.cpp:578 +msgid "&Help" +msgstr "Ayuda" + +#: src/gui/.ui/groupobjectdialog_q.cpp:190 +msgid "I" +msgstr "" + +#: src/gui/.ui/groupobjectdialog_q.cpp:191 +msgid "L" +msgstr "" + +#: src/gui/.ui/hostdialog_q.cpp:146 +msgid "MAC matching" +msgstr "" + +#: src/gui/.ui/icmpservicedialog_q.cpp:167 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1071 +msgid "ICMP" +msgstr "" + +#: src/gui/.ui/icmpservicedialog_q.cpp:172 +msgid "ICMP Type:" +msgstr "Tipo ICMP:" + +#: src/gui/.ui/icmpservicedialog_q.cpp:174 +msgid "ICMP Code:" +msgstr "Código ICMP:" + +#: src/gui/.ui/instdialog_q.cpp:85 src/gui/.ui/instdialog_q.cpp:270 +#: src/gui/.ui/librarydialog_q.cpp:136 src/gui/.ui/librarydialog_q.cpp:137 +msgid "Library" +msgstr "Librería:" + +#: src/gui/.ui/instdialog_q.cpp:87 src/gui/.ui/instdialog_q.cpp:271 +#, fuzzy +msgid "Last Modified" +msgstr "últimavezModificado" + +#: src/gui/.ui/instdialog_q.cpp:89 src/gui/.ui/instdialog_q.cpp:272 +#, fuzzy +msgid "Last Compiled" +msgstr "Compilar" + +#: src/gui/.ui/instdialog_q.cpp:91 src/gui/.ui/instdialog_q.cpp:273 +#, fuzzy +msgid "Last Installed" +msgstr "Instalador" + +#: src/gui/.ui/instdialog_q.cpp:136 src/gui/.ui/instdialog_q.cpp:280 +#, fuzzy +msgid "Progress" +msgstr "Progreso:" + +#: src/gui/.ui/instdialog_q.cpp:225 src/gui/.ui/instdialog_q.cpp:290 +#, fuzzy +msgid "Compile status" +msgstr "Compilar reglas" + +#: src/gui/.ui/instdialog_q.cpp:226 src/gui/.ui/instdialog_q.cpp:291 +#, fuzzy +msgid "Install status" +msgstr "Instalar" + +#: src/gui/.ui/instdialog_q.cpp:263 +msgid "Firewall Builder: Policy Installer" +msgstr "Firewall Builder: Política de Instalador" + +#: src/gui/.ui/instdialog_q.cpp:264 +msgid "" +"

    Select firewalls to compile and " +"install.

    " +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:265 +msgid "Perform batch install" +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:266 +msgid "" +"Check this option if you want to install all selected firewalls " +"automatically. This only works if you use the same user name and password to " +"authenticate to all these firewalls. " +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:275 +#, fuzzy +msgid "None" +msgstr "Hecho" + +#: src/gui/.ui/instdialog_q.cpp:282 +#, fuzzy +msgid "firewall" +msgstr "Cortafuegos" + +#: src/gui/.ui/instdialog_q.cpp:283 +msgid "Progress:" +msgstr "Progreso:" + +#: src/gui/.ui/instdialog_q.cpp:285 +msgid "Show Details" +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:286 +#, fuzzy +msgid "Process log" +msgstr "Progreso:" + +#: src/gui/.ui/instoptionsdialog_q.cpp:283 +#, fuzzy +msgid "Install options" +msgstr "Ignorar todos los pings" + +#: src/gui/.ui/instoptionsdialog_q.cpp:284 +#, qt-format +msgid "" +"

    Install options for firewall '%1'

    " +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:287 +msgid "min" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:288 +#, fuzzy +msgid "" +"Test run: run the script on the firewall but do not store it permanently." +msgstr "" +"Test de ejecución: ejecuta el script en el cortafuegos pero no lo guarda " +"permanentemente.\n" +"Puede volver a la ultima configuración que funcionaba reinicializando el " +"cortafuegos." + +#: src/gui/.ui/instoptionsdialog_q.cpp:289 +msgid "Schedule reboot in " +msgstr "Reinicio programado en " + +#: src/gui/.ui/instoptionsdialog_q.cpp:290 +msgid "" +"Rebooting the firewall will restore its original policy. To cancel reboot, " +"install the policy with \"test run\" option turned off" +msgstr "" +"Reiniciar el cortafuegos restaurará su política original. Para cancelar " +"reinicio, instale la política con la opción \"test de ejecución\" desactivada" + +#: src/gui/.ui/instoptionsdialog_q.cpp:291 +#, fuzzy +msgid "" +"If you install the policy in test mode, it will not be saved permanently, so " +"you can revert to the last working configuration by rebooting the firewall" +msgstr "" +"Test de ejecución: ejecuta el script en el cortafuegos pero no lo guarda " +"permanentemente.\n" +"Puede volver a la ultima configuración que funcionaba reinicializando el " +"cortafuegos." + +#: src/gui/.ui/instoptionsdialog_q.cpp:292 +msgid "Cancel reboot if policy activation was successfull" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:293 +msgid "" +"Quiet install: do not print anything as commands are executed on the firewall" +msgstr "" +"Instalación silenciosa: no imprime que comandos se ejecutan en el cortafuegos" + +#: src/gui/.ui/instoptionsdialog_q.cpp:294 +msgid "Verbose: print all commands as they are executed on the firewall" +msgstr "Verbose: imprime todos los comandos que se ejecutan en el cortafuegos" + +#: src/gui/.ui/instoptionsdialog_q.cpp:295 +msgid "Remove comments from configuration" +msgstr "Eliminar comentarios de la configuración" + +#: src/gui/.ui/instoptionsdialog_q.cpp:296 +msgid "Compress script" +msgstr "Comprimir script" + +#: src/gui/.ui/instoptionsdialog_q.cpp:297 +msgid "Store a copy of fwb file on the firewall" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:298 +msgid "Alternative address to communicate with the firewall:" +msgstr "Dirección alternativa para comunicar con el cortafuegos:" + +#: src/gui/.ui/instoptionsdialog_q.cpp:299 +msgid "Options for PIX and fwsm firewalls :" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:300 +msgid "Write configuration to standby PIX" +msgstr "Escribir configuración a PIX Standby" + +#: src/gui/.ui/instoptionsdialog_q.cpp:301 +msgid "Dry run (commands won't be executed on the firewall)" +msgstr "" +"Ejecución en modo pruega (los comandos no será ejecutados en el cortafuegos)" + +#: src/gui/.ui/instoptionsdialog_q.cpp:302 +msgid "Store configuration diff in a file" +msgstr "Guardar diff de configuración en un fichero" + +#: src/gui/.ui/instoptionsdialog_q.cpp:303 +msgid "" +"install only ACL, 'icmp', 'telnet', 'ssh', 'nat', 'global' and 'static' " +"commands" +msgstr "" +"instalar sólo ACL, 'icmp', 'telnet', 'ssh', 'nat', 'global' y 'static' " +"comandos" + +#: src/gui/.ui/instoptionsdialog_q.cpp:304 +msgid "" +"Calculate difference between current firewall state and generated " +"configuration and install only those commands that update state of the " +"firewall" +msgstr "" +"Calcular diferencia entre el estado actual del cortafuegos y la " +"configuración generada e instalar solo aquellos comandos que actualizan el " +"estado del cortafuegos" + +#: src/gui/.ui/instoptionsdialog_q.cpp:305 +msgid "Make a backup copy of the firewall configuration in this file:" +msgstr "" +"Hacer un copia de seguridad de la configuración del cortafuegos a este " +"fichero:" + +#: src/gui/.ui/instoptionsdialog_q.cpp:306 +msgid "Password or passphrase:" +msgstr "Clave o palabrá de paso:" + +#: src/gui/.ui/instoptionsdialog_q.cpp:307 +msgid "User name:" +msgstr "Nombre de usuario:" + +#: src/gui/.ui/instoptionsdialog_q.cpp:308 +msgid "Enable password:" +msgstr "Activar clave:" + +#: src/gui/.ui/interfacedialog_q.cpp:235 +#: src/gui/.ui/newfirewalldialog_q.cpp:507 src/gui/.ui/newhostdialog_q.cpp:393 +msgid "Label:" +msgstr "Etiqueta:" + +#: src/gui/.ui/interfacedialog_q.cpp:237 +msgid "Security level:" +msgstr "Nivel de seguridad:" + +#: src/gui/.ui/interfacedialog_q.cpp:238 +msgid "" +"

    Each interface of the firewall must have security level associated with " +"it.
    Security level can be any number between 0 and 100, 0 being least " +"secure and 100 being most secure levels. Interface with security level 0 " +"ususally serves Internet connection.

    " +msgstr "" +"

    Cada interfaz del cortafuegos debe tener un nivel de seguridad asociado. " +"
    El nivel de seguridad puede ser un número entre 0 y 100, 0 es el menos " +"seguro y 100 el más seguro. Interfaces con nivel de seguridad 0 normalmente " +"sirven una conexión de Internet.

    " + +#: src/gui/.ui/interfacedialog_q.cpp:239 +msgid "" +"

    Each interface of the firewall must have security level associated with " +"it.
    \n" +"Security level can be any number between 0 and 100, 0 being least secure and " +"100 being most secure levels. Interface with security level 0 ususally " +"serves Internet connection.

    " +msgstr "" +"

    ada interfaz del cortafuegos debe tener un nivel de seguridad asociado. " +"
    \n" +"El nivel de seguridad puede ser un número entre 0 y 100, 0 es el menos " +"seguro y 100 el más seguro. Interfaces con nivel de seguridad 0 normalmente " +"sirven una conexión de Internet.

    " + +#: src/gui/.ui/interfacedialog_q.cpp:241 src/gui/.ui/interfacedialog_q.cpp:244 +msgid "" +"

    Network zone consists of hosts and networks that can be reached through " +"this interface of the firewall. Subnet to which this interface is directly " +"attached must be part of its network zone. Other subnets reachable by means " +"of routing should alse be added to the network zone.\n" +"
    \n" +"If network zone for this interface consists of only one subnet, you can " +"simply choose that network's object in the pull-down below. If your network " +"zone should include multiple subnets, you need to create an Object Group, " +"then put all hosts and networks which are going to be part of the network " +"zone into that group and finally choose this group in the pull-down below." +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:247 +msgid "Network zone:" +msgstr "Zona de red:" + +#: src/gui/.ui/interfacedialog_q.cpp:249 +#, fuzzy +msgid "This interface is external (insecure)" +msgstr "" +"Este interfaz es\n" +"externo (inseguro)" + +#: src/gui/.ui/interfacedialog_q.cpp:250 +msgid "" +"

    One interface of the firewall must be marked as 'external'. This " +"interface should be connected to the least secure network, usually the " +"Internet.

    " +msgstr "" +"

    Un interfaz del cortafuegos debe ser marcado como 'external'. Este " +"interfaz debería ser conectado a la red menos segura, normalmente a Internet." +"

    " + +#: src/gui/.ui/interfacedialog_q.cpp:251 +msgid "" +"One interface of the firewall must be marked as 'external'. This interface " +"should be connected to the least secure network, usually the Internet." +msgstr "" +"Un interfaz del cortafuegos debe ser marcado como 'external'. Este interfaz " +"debería estar conectado a la red menos segura, normalmente Internet." + +#: src/gui/.ui/interfacedialog_q.cpp:252 +msgid "Management interface" +msgstr "Intefaz de administración" + +#: src/gui/.ui/interfacedialog_q.cpp:253 +msgid "" +"

    Check if this interface is used for management (SNMP queries, remote " +"policy install etc.)

    " +msgstr "" +"

    Comprobar si el interfaz es usado para administración (consultas SNMP, " +"instalación de políticas remotas etc.)

    " + +#: src/gui/.ui/interfacedialog_q.cpp:255 +#, fuzzy +msgid "Address is assigned dynamically" +msgstr "" +"La dirección es asignada\n" +"dinámicamente" + +#: src/gui/.ui/interfacedialog_q.cpp:256 +#: src/gui/.ui/newfirewalldialog_q.cpp:515 +msgid "Regular interface" +msgstr "Interface regular" + +#: src/gui/.ui/interfacedialog_q.cpp:257 +#, fuzzy +msgid "Unprotected interface" +msgstr "Intefaz no numerado" + +#: src/gui/.ui/interfacedialog_q.cpp:258 +msgid "Skip this interface while assigning policy rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:546 +msgid "ipf: advanced settings" +msgstr "ipf: opciones avanzadas" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:551 +msgid "Use raudio proxy in NAT rules" +msgstr "Usar proxy raudio in reglas NAT" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:552 +msgid "Use h323 proxy in NAT rules" +msgstr "Usar proxy h323 in reglas NAT" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:553 +msgid "Use ipsec proxy in NAT rules" +msgstr "Usar proxy ipsec en reglas NAT" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:554 +msgid "Use ftp proxy in NAT rules" +msgstr "Usar proxy ftp en reglas NAT" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:555 +msgid "Use rcmd proxy in NAT rules" +msgstr "Usar proxy rcmd en reglas NAT" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:556 +#, fuzzy +msgid "Use Kerberos rcmd proxy in NAT rules" +msgstr "Usar proxy rcmd en reglas NAT" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:557 +#, fuzzy +msgid "Use Kerberos ekshell proxy in NAT rules" +msgstr "Usar proxy ipsec en reglas NAT" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:558 +msgid "" +"Some protocols involve multiple associated network connections. Firewall can " +"keep track of such connections automatically if you activate one or all of " +"the following options:" +msgstr "" +"Algunos protocolos requieres multiples conexiones de red asociadas. El " +"cortafuegos puede tener en cuenta tales conexiones automaticamente si activa " +"alguna o todas de las siguientes opciones:" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:559 +#, fuzzy +msgid "Use PPTP proxy in NAT rules" +msgstr "Usar proxy ftp en reglas NAT" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:560 +#, fuzzy +msgid "Use IRC proxy in NAT rules for DCC" +msgstr "Usar proxy ftp en reglas NAT" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:561 +msgid "Protocol Helpers" +msgstr "Cabeceras de Protocolo" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:562 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:356 +#: src/gui/.ui/iptadvanceddialog_q.cpp:610 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1004 +msgid "Compiler:" +msgstr "Compilador:" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:563 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1019 +msgid "" +"There are two ways compiler can generate code for rules in the Global " +"Policy: it can either create two ipf rules to control both incoming and " +"outgoing packets for each rule, or it can create only one ipf rule for " +"incoming packets and permit all outgoing ones.You get more control over the " +"packets crossing the firewall in the first mode, but generated script is " +"going to be smaller if you choose the second." +msgstr "" +"El compilador tiene dos modos de generar código para las reglas en la " +"Política Global: puede o crear 2 reglas ipf para controlar ambos paquetes de " +"entrada y salida para cada regla, o puede crear sólo una regla ipf para los " +"paquetes entrantes y permitir todos los salientes. Puede obtener más control " +"usando el primer modo en el cortafugos, pero los scripts generados son más " +"pequeños si utiliza el segundo modo." + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:564 +msgid "" +"Masquerade returned icmp as being from original\n" +"packet's destination" +msgstr "" +"Masquerado devolvió icmp como si fuera desde el\n" +"destino original del paquete" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:567 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1018 +msgid "Generate both 'in' and 'out' rules" +msgstr "Generadas ambas 'in' y 'out' reglas" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:568 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1017 +msgid "Pass all outgoing" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:569 +#: src/gui/.ui/iptadvanceddialog_q.cpp:608 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1009 +msgid "Accept TCP sessions opened prior to firewall restart" +msgstr "Aceptar seciones TCP abiertas antes de reiniciar el cortafuegos" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:570 +msgid "Find and eliminate duplicate rules" +msgstr "Encontrar y eliminar reglas duplicadas" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:571 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:360 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1011 +msgid "Detect rule shadowing in policy" +msgstr "Detectar regla de shadowing en la política" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:572 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:361 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1012 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1846 +msgid "" +"Shadowing happens because a rule is a superset of a subsequent rule and any " +"packets potentially matched by the subsequent rule have already been matched " +"by the prior rule." +msgstr "" +"Shadowing ocurre porque una regla es un subconjunto de la siguiente reglas y " +"algun paquete ha sido potencialmente marcado por la subsecuente regla y ya " +"ha sido marcado por una regla anterior." + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:573 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:358 +#: src/gui/.ui/iptadvanceddialog_q.cpp:616 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1013 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1841 +msgid "Ignore empty groups in rules" +msgstr "Ignorar grupos vacios en las reglas" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:574 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:359 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1014 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1842 +msgid "" +"If the option is deactivated, compiler treats empty groups as an error and " +"aborts processing the policy. If this option is activated, compiler removes " +"all empty groups from all rule elements. If rule element becomes 'any' after " +"the last empty group has been removed, the whole rule will be ignored. Use " +"this option only if you fully understand how it works!" +msgstr "" +"Si la opción es desactivada, el compilador trata los grupos vacios como " +"error y aborta el procesado de políticas. Si esta opción es activada, el " +"compilador elimina todos los gurpos vacios desde todos los elementos de la " +"regla. Si la elemento de la regla tiene 'any' despues de que el último grupo " +"vacio haya sido eleiminado la regla será ignorada. Use esta opción solo si " +"la comprende completamente!" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:575 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:364 +#: src/gui/.ui/iptadvanceddialog_q.cpp:617 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1006 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1828 +msgid "" +"Always permit ssh access from\n" +"the management workstation\n" +"with this address:" +msgstr "" +"Permitir siempre acceso ssh desde\n" +"la máquina de gestión\n" +"con esta dirección:" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:578 +#: src/gui/.ui/iptadvanceddialog_q.cpp:620 +msgid "Default action on 'Reject':" +msgstr "Acción por defecto 'Reject':" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:579 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:355 +#: src/gui/.ui/iptadvanceddialog_q.cpp:603 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1005 +msgid "Command line options for the compiler:" +msgstr "Opciones de línea de comandos para el compilador:" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:580 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:357 +#: src/gui/.ui/iptadvanceddialog_q.cpp:611 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1015 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1827 +msgid "" +"Output file name (if left blank, the file name is constructed of the " +"firewall object name and extension \".fw\")" +msgstr "" +"Nombre de fichero de salida (si lo deja vacio, el nombre de fichero es " +"formado con el nombre del objeto del cortafuegos y la extension \".fw\")" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:581 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:367 +#: src/gui/.ui/iptadvanceddialog_q.cpp:623 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1021 +msgid "Compiler" +msgstr "Compilador" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:582 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:368 +#: src/gui/.ui/iptadvanceddialog_q.cpp:624 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1096 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1873 +msgid "External install script" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:583 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:369 +#: src/gui/.ui/iptadvanceddialog_q.cpp:625 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1097 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1874 +msgid "" +"Policy install script (using built-in installer if this field is blank):" +msgstr "" +"Script de instalación de políticas (usa un instalador propio si el campo " +"esta vacio):" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:584 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:370 +#: src/gui/.ui/iptadvanceddialog_q.cpp:626 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1098 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1875 +msgid "Command line options for the script:" +msgstr "Opciones de línea de comandos para el script:" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:585 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:371 +#: src/gui/.ui/iptadvanceddialog_q.cpp:627 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1099 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1876 +msgid "Built-in installer" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:586 +msgid "Directory on the firewall where configuration files should be installed" +msgstr "" +"Directorio en el cortafuegos donde los ficheros de configuración son " +"instalados" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:587 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:376 +#: src/gui/.ui/iptadvanceddialog_q.cpp:632 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1104 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1879 +msgid "Additional command line parameters for ssh" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:588 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:375 +#: src/gui/.ui/iptadvanceddialog_q.cpp:631 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1103 +msgid "" +"A command that installer should execute on the firewall in order to activate " +"the policy (if this field is blank, installer runs firewall script in the " +"directory specified above; it uses sudo if user name is not 'root')" +msgstr "" +"Un comando que el instalador ejecutará en el cortafuegos para activar la " +"política (si este campo esta vacio, el instalar ejecutara el script del " +"cortafuegos en el directorio especificado arriba; utiliza sudo si el usuario " +"no es 'root')" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:589 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:372 +#: src/gui/.ui/iptadvanceddialog_q.cpp:628 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1100 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1877 +msgid "" +"Alternative name or address used to communicate with the firewall (also " +"putty session name on Windows)" +msgstr "" +"Un nombre alternativo o dirección usada para comunicar con el cortafuegos " +"(también putty es el nombre de la sesión en Windows)" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:590 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:373 +#: src/gui/.ui/iptadvanceddialog_q.cpp:629 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1101 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1878 +msgid "" +"User name used to authenticate to the firewall (leave this empty if you use " +"putty session):" +msgstr "" +"Nombre de usuario usado para autenticar en el cortafuegos (dejelo vacio si " +"usa una sesión desde putty):" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:591 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:377 +#: src/gui/.ui/iptadvanceddialog_q.cpp:633 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1105 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1880 +msgid "Installer" +msgstr "Instalador" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:594 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:384 +#: src/gui/.ui/iptadvanceddialog_q.cpp:640 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1113 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1883 +msgid "" +"The following commands will be added verbatim on top of generated " +"configuration" +msgstr "" +"Los siguientes comandos añaden comentarios en lo algo de la configuración " +"generada" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:599 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:381 +#: src/gui/.ui/iptadvanceddialog_q.cpp:637 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1109 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1888 +msgid "" +"The following commands will be added verbatim after generated configuration" +msgstr "" +"Los siguientes comandos añaden comentarios despues de generar la " +"configuración" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:600 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:386 +#: src/gui/.ui/iptadvanceddialog_q.cpp:647 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1118 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1889 +msgid "Prolog/Epilog" +msgstr "Prólogo/Epílogo" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:601 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:849 +msgid "Log facility:" +msgstr "Facilidad de Log:" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:602 +#: src/gui/.ui/iptadvanceddialog_q.cpp:654 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:799 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:850 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:881 +msgid "Log level:" +msgstr "Nivel de Log:" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:603 +msgid "Log packet body" +msgstr "Cuerpo del paquete de Log" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:604 +msgid "Block if can not log" +msgstr "Bloquear si no se puede hacer log" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:605 +#: src/gui/.ui/iptadvanceddialog_q.cpp:663 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1121 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2076 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:801 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:851 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:858 +msgid "Logging" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:606 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:387 +#: src/gui/.ui/iptadvanceddialog_q.cpp:669 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1122 +msgid "Add virtual addresses for NAT" +msgstr "Añadir direcciones virtuales para NAT" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:607 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:388 +#: src/gui/.ui/iptadvanceddialog_q.cpp:665 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1123 +msgid "Configure Interfaces of the firewall machine" +msgstr "Configurar Interfaces de la máquina del firewall" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:608 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:389 +#: src/gui/.ui/iptadvanceddialog_q.cpp:666 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1124 +msgid "Turn debugging on in generated script" +msgstr "Activando debug en el script generado" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:609 +msgid "Optimization" +msgstr "Optimización" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:610 +msgid "" +"If this option is on, policy compiler adds virtual addresses to the " +"interfaces to make the firewall answer to ARP queries for addresses used in " +"NAT rules." +msgstr "" +"Si activa esta opción, el compilador de políticas añade direcciones " +"virtuales a los interfaces paa hacer que el cortafuegos responda a las " +"peticiones ARP de direcciones usadas en el las reglas NAT" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:611 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:390 +#: src/gui/.ui/iptadvanceddialog_q.cpp:664 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1125 +msgid "These options enable auxiliary sections in the generated shell script." +msgstr "" +"Estas opciones activan secciones auxiliares en el script de shell generado." + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:612 +msgid "Determine addresses of dynamic interfaces at run time" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:613 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:391 +#: src/gui/.ui/iptadvanceddialog_q.cpp:672 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1126 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1872 +msgid "Script Options" +msgstr "Opciones de Script" + +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:350 +msgid "ipfw: advanced settings" +msgstr "ipfw: opciones avanzadas" + +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:362 +msgid "" +"Add rule to accept packets matching dynamic rules created for\n" +"known sessions on top of the policy (action 'check-state')" +msgstr "" + +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:374 +#: src/gui/.ui/iptadvanceddialog_q.cpp:630 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1102 +msgid "Directory on the firewall where script should be installed" +msgstr "Directorio del cortafuegos donde el script debe ser instalado" + +#: src/gui/.ui/ipservicedialog_q.cpp:208 +msgid "IP" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:212 +msgid "all fragments" +msgstr "todos los fragmentos" + +#: src/gui/.ui/ipservicedialog_q.cpp:213 +msgid "rr (record route)" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:214 +msgid "timestamp" +msgstr "marca de tiempo" + +#: src/gui/.ui/ipservicedialog_q.cpp:215 +msgid "ssrr (strict source route)" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:216 +msgid "'short' fragments" +msgstr "'short' fragmentos" + +#: src/gui/.ui/ipservicedialog_q.cpp:217 +msgid "lsrr (loose source route)" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:220 +msgid "Protocol number:" +msgstr "Número de protocolo:" + +#: src/gui/.ui/ipservicedialog_q.cpp:221 +msgid "( 0 - any protocol )" +msgstr "( 0 - algún protocolo )" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:598 +msgid "iptables: advanced settings" +msgstr "iptables: opciones avanzadas" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:604 +msgid "Accept ESTABLISHED and RELATED packets before the first rule" +msgstr "Aceptar paquetes ESTABLISHED y RELATEd antes de la primera regla" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:605 +msgid "Bridging firewall" +msgstr "Cortafuegos tipo Bridging" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:606 +msgid "Detect shadowing in policy rules" +msgstr "Detectar shadowing en las reglas de políticas" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:607 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1832 +msgid "Assume firewall is part of 'any'" +msgstr "Asumir que el cortafuegos es parte de 'any'" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:609 +msgid "Enable support for NAT of locally originated connections" +msgstr "Activar soporte para NAT de conexiones originadas localmente" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:612 +msgid "" +"Drop packets that are associated with\n" +"no known connection" +msgstr "" +"Eliminar paquetes asociados con una\n" +"conexión no conocida" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:614 +msgid "and log them" +msgstr "y logearlos" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:615 +msgid "Clamp MSS to MTU" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:621 +msgid "Make Tag and Classify actions terminating" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:622 +msgid "Do not set default policy for ipv6" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:642 +msgid "Insert prolog script " +msgstr "Insertar prologo de script " + +#: src/gui/.ui/iptadvanceddialog_q.cpp:649 +msgid "use ULOG" +msgstr "usar ULOG" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:650 +msgid "use LOG" +msgstr "usar LOG" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:651 +msgid "log TCP seq. numbers" +msgstr "log TCP sec. números" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:652 +msgid "log IP options" +msgstr "log opciones IP" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:653 +msgid "use numeric syslog levels" +msgstr "usar niveles numéricos de syslog" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:655 +msgid "log TCP options" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:656 +msgid "cprange" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:657 +msgid "queue threshold:" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:658 +msgid "netlink group:" +msgstr "grupo netlink:" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:659 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:798 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:857 +msgid "Log prefix:" +msgstr "Prefijo de log:" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:660 +msgid "Logging limit:" +msgstr "Limite de Logging:" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:661 +msgid "" +"Activate logging in all rules\n" +"(overrides rule options, use for debugging)" +msgstr "" +"Activar logs in todas las reglas\n" +"(sobreescribe las opciones de las reglas, usado para debug)" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:667 +msgid "Verify interfaces before loading firewall policy" +msgstr "Verificar interfaces antes de cargar la política del cortafuegos" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:668 +msgid "Load modules" +msgstr "Cargar módulos" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:670 +msgid "Use iptables-restore to activate policy" +msgstr "Usar iptables-restore para activar la política" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:671 +msgid "iptables-restore replaces firewall policy in one atomic transaction" +msgstr "" +"iptables-restore reemplaza la política del cortafuegos en una operación " +"atómica" + +#: src/gui/.ui/ipv4dialog_q.cpp:169 +msgid "IPv4" +msgstr "IPv4" + +#: src/gui/.ui/ipv4dialog_q.cpp:176 +msgid "DNS Lookup..." +msgstr "Busqueda de DNS..." + +#: src/gui/.ui/libexport_q.cpp:106 +msgid "Export" +msgstr "Exportar" + +#: src/gui/.ui/libexport_q.cpp:107 +msgid "" +"This will export a library to a file which can later be imported back into " +"Firewall Builder" +msgstr "" +"Esto exportará una librería a un fichero el cual puede ser importado de " +"vuelto a Firewall Builder" + +#: src/gui/.ui/libexport_q.cpp:109 +msgid "New Item" +msgstr "Nuevo Item" + +#: src/gui/.ui/libexport_q.cpp:110 +msgid "Make exported libraries read-only" +msgstr "Hacer que las librerías exportadas sean de sólo-lectura" + +#: src/gui/.ui/libexport_q.cpp:111 +msgid "Choose libraries to be exported:" +msgstr "Elegir librerías a ser exportadas:" + +#: src/gui/.ui/librarydialog_q.cpp:138 +msgid "Color:" +msgstr "Color:" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:195 +msgid "Linksys/Sveasoft: advanced settings" +msgstr "Linksys/Sveasoft: opciones avanzadas" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:200 +#: src/gui/.ui/linux24advanceddialog_q.cpp:450 +msgid "modprobe:" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:201 +#: src/gui/.ui/linux24advanceddialog_q.cpp:451 +msgid "logger:" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:202 +#: src/gui/.ui/linux24advanceddialog_q.cpp:452 +msgid "ip:" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:203 +#: src/gui/.ui/linux24advanceddialog_q.cpp:453 +msgid "lsmod" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:204 +#: src/gui/.ui/linux24advanceddialog_q.cpp:455 +msgid "iptables:" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:205 +#: src/gui/.ui/linux24advanceddialog_q.cpp:454 +msgid "" +"Specify directory path and a file name for each utility on your firewall " +"machine. Leave these empty if you want to use default values." +msgstr "" +"Especificar un path y un nombre de fichero para cada utilidad de la máquina " +"del corfuegos. Dejelo vacio si quiere usar los valores por defecto." + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:207 +msgid "" +"Policy installer relies on the shell prompt on the firewall to execute " +"commands. Installer tries both prompt string patterns configured here; it " +"assumes that the firewall is ready to accept a command if either prompt " +"matches. You should only need to change these string patterns if Sveasoft " +"changes the shell prompt in the future releases of the software.\n" +"
    \n" +"
    \n" +"The default strings work for Sveasoft Alchemy pre-5.1 and pre-5.2" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:211 +msgid "Use default prompts" +msgstr "Usar prompts por defecto" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:212 +msgid "prompt 2" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:213 +msgid "prompt 1" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:214 +msgid "Prompts" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:365 +msgid "Linux 2.4: advanced settings" +msgstr "Linux 2.4: opciones avanzadas" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:407 +msgid "Kernel anti-spoofing protection" +msgstr "Kernel protección anti-spoofing" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:408 +msgid "Ignore broadcast pings" +msgstr "Ignorar pings broadcast" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:409 +msgid "Ignore all pings" +msgstr "Ignorar todos los pings" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:410 +msgid "Accept source route" +msgstr "Aceptar ruta origen" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:411 +msgid "Accept ICMP redirects" +msgstr "Aceptar redirecciónes ICMP" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:412 +msgid "Ignore bogus ICMP errors" +msgstr "Ignorar bogus errores ICMP" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:413 +msgid "Allow dynamic addresses" +msgstr "Permitir direcciones dinámicas" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:414 +msgid "Log martians" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:416 +msgid "" +"These parameters make sense for connections to or from the firewall host" +msgstr "" +"Estos parámetros se refieren a conexiones a o desde la máquina del " +"cortafuegos" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:441 +msgid "TCP sack" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:442 +msgid "TCP window scaling" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:443 +msgid "TCP ECN" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:444 +msgid "TCP SYN cookies" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:445 +msgid "TCP keepalive time (sec)" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:446 +msgid "TCP fack" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:447 +msgid "TCP timestamps" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:448 +msgid "TCP FIN timeout (sec)" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:449 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1051 +#: src/gui/.ui/tcpservicedialog_q.cpp:370 +msgid "TCP" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:456 +msgid "iptables-restore:" +msgstr "" + +#: src/gui/.ui/longtextdialog_q.cpp:95 +msgid "longTextDialog_q" +msgstr "" + +#: src/gui/.ui/longtextdialog_q.cpp:97 +msgid "this is the error text" +msgstr "este es el texto de error" + +#: src/gui/.ui/macosxadvanceddialog_q.cpp:164 +msgid "MacOS X: advanced settings" +msgstr "MacOS X: opciones avanzadas" + +#: src/gui/.ui/metriceditorpanel_q.cpp:78 +#, fuzzy +msgid "textLabel2" +msgstr "Etiqueta" + +#: src/gui/.ui/natruleoptionsdialog_q.cpp:154 +#, fuzzy +msgid "NAT Rule Options" +msgstr "Opciones de Regla" + +#: src/gui/.ui/natruleoptionsdialog_q.cpp:156 +msgid "No options are available for this firewall platform" +msgstr "" + +#: src/gui/.ui/natruleoptionsdialog_q.cpp:157 +#, fuzzy +msgid "Pool type" +msgstr "Tipo ICMP:" + +#: src/gui/.ui/natruleoptionsdialog_q.cpp:158 +#, fuzzy +msgid "default" +msgstr "Borrar" + +#: src/gui/.ui/newfirewalldialog_q.cpp:172 +#: src/gui/.ui/newfirewalldialog_q.cpp:323 +#: src/gui/.ui/newfirewalldialog_q.cpp:502 +#: src/gui/.ui/newfirewalldialog_q.cpp:524 src/gui/.ui/newhostdialog_q.cpp:188 +#: src/gui/.ui/newhostdialog_q.cpp:398 +msgid "Label" +msgstr "Etiqueta" + +#: src/gui/.ui/newfirewalldialog_q.cpp:174 +#: src/gui/.ui/newfirewalldialog_q.cpp:504 src/gui/.ui/newhostdialog_q.cpp:190 +#: src/gui/.ui/newhostdialog_q.cpp:400 +msgid "Netmask" +msgstr "Máscara" + +#: src/gui/.ui/newfirewalldialog_q.cpp:175 +#: src/gui/.ui/newfirewalldialog_q.cpp:505 src/gui/.ui/newhostdialog_q.cpp:191 +#: src/gui/.ui/newhostdialog_q.cpp:401 +msgid "Dyn" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:176 +#: src/gui/.ui/newfirewalldialog_q.cpp:506 src/gui/.ui/newhostdialog_q.cpp:192 +#: src/gui/.ui/newhostdialog_q.cpp:402 +msgid "MAC" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:325 +#: src/gui/.ui/newfirewalldialog_q.cpp:526 +msgid "Security Level" +msgstr "Nivel de Seguridad" + +#: src/gui/.ui/newfirewalldialog_q.cpp:487 src/gui/.ui/newhostdialog_q.cpp:378 +msgid "Enter the name of the new object below:" +msgstr "Introduza nombre del nuevo objeto abajo:" + +#: src/gui/.ui/newfirewalldialog_q.cpp:488 +msgid "Choose firewall software it is running:" +msgstr "Elija software de cortafuegos que esta ejecutando:" + +#: src/gui/.ui/newfirewalldialog_q.cpp:489 +msgid "Choose OS the new firewall runs on:" +msgstr "Elija SO que el nuevo cortafuegos ejecuta:" + +#: src/gui/.ui/newfirewalldialog_q.cpp:490 +msgid "Use preconfigured template firewall objects" +msgstr "Usar plantilla preconfigurada para objetos del cortafuegos" + +#: src/gui/.ui/newfirewalldialog_q.cpp:492 +msgid "" +"Next step is to add interfaces to the new firewall. There are two ways to do " +"it: using SNMP query or manually. Adding them using SNMP query is fast and " +"automatic, but is only possible if firewall runs SNMP agent and you know " +"SNMP community string 'read'." +msgstr "" +"El siguiente paso es para añadir interfaces nuevos al cortafugos. Hay 2 " +"maneras de hacerlo: usando una petición SNMP o manualmente. Añadirlos usando " +"una petición SNMP es rápido y automático, pero es solo posible si el " +"cortafuegos ejecuta un agnte SNMP y conoce la cadena 'read' de la comunidad " +"SNMP." + +#: src/gui/.ui/newfirewalldialog_q.cpp:494 src/gui/.ui/newhostdialog_q.cpp:383 +msgid "Configure interfaces manually" +msgstr "Configurar intefaces manualmente" + +#: src/gui/.ui/newfirewalldialog_q.cpp:495 +msgid "Use SNMP to discover interfaces of the firewall" +msgstr "Usar SNMP para descubrir interfaces del cortafuegos" + +#: src/gui/.ui/newfirewalldialog_q.cpp:496 src/gui/.ui/newhostdialog_q.cpp:385 +msgid "Discover Interfaces using SNMP" +msgstr "Descubrir Interfaces usando SNMP" + +#: src/gui/.ui/newfirewalldialog_q.cpp:499 +msgid "" +"Here you can add or edit interfaces manually. 'Name' corresponds to the name " +"of the physical interface, such as 'eth0', 'fxp0', 'ethernet0' etc. 'Label' " +"is used to mark interface to reflect network topology, e.g. 'outside' or " +"'inside'. Label is mandatory for PIX firewall." +msgstr "" +"Aquí puede añadir o editar los interfaces manualmente. 'Nombre' corresponde " +"al nombre físico del interfaz,m como 'eth0', 'fxp0', 'ethernet' etc. " +"'Etiqueta' es usada para marca el interfaz para reflejar la topología de " +"red, e.g. 'externa' o 'interna'. La etiqueta es obligatoria en un " +"cortafuegos PIX." + +#: src/gui/.ui/newfirewalldialog_q.cpp:500 src/gui/.ui/newhostdialog_q.cpp:391 +msgid "Click 'Next' when done." +msgstr "Pulse 'Next'cuando acabe." + +#: src/gui/.ui/newfirewalldialog_q.cpp:509 src/gui/.ui/newhostdialog_q.cpp:408 +msgid "Update" +msgstr "Actualizar" + +#: src/gui/.ui/newfirewalldialog_q.cpp:510 src/gui/.ui/newhostdialog_q.cpp:407 +msgid "Add" +msgstr "Añadir" + +#: src/gui/.ui/newfirewalldialog_q.cpp:519 src/gui/.ui/newhostdialog_q.cpp:403 +msgid "MAC:" +msgstr "MAC:" + +#: src/gui/.ui/newfirewalldialog_q.cpp:521 +msgid "up" +msgstr "arriba" + +#: src/gui/.ui/newfirewalldialog_q.cpp:522 +msgid "down" +msgstr "abajo" + +#: src/gui/.ui/newfirewalldialog_q.cpp:527 +msgid "Click 'Finish' when done." +msgstr "Pulsar 'Finish' cuando acabe." + +#: src/gui/.ui/newfirewalldialog_q.cpp:528 +msgid "" +"In order to be able to build firewall policy properly, Firewall Builder " +"needs information about 'security level' of the firewall's interfaces. " +"Interface that connects it to the Internet is considered 'insecure' and has " +"security level '0', while interface connected to the internal network is " +"supposed to be 'secure' (security level '100'). You can arrange interfaces " +"in the order of their security level below." +msgstr "" +"Para configurar propiamente la política construida del cortafuegos, Firewall " +"Builder necesita información sobre 'el nivel de seguridad' de los interfaces " +"del cortafuegos. El interfaz que conecta a la Internet es considerado " +"'inseguro' y tiene nivel de seguridad '0', mientras el interfaz este " +"conectado la red interna se supone que es 'seguro' (nivel de seguridad " +"'100')." + +#: src/gui/.ui/newfirewalldialog_q.cpp:530 src/gui/.ui/newhostdialog_q.cpp:411 +msgid "" +"Choose template object in the list and click 'Finish' when ready. Template " +"objects use generic interface names that will be iherited by the firewall " +"object you create. You may need to rename them later to reflect real names " +"of interfaces on your firewall machine." +msgstr "" +"Elija plantilla de objeto en la lista y pulse 'Finish' cuando este " +"preparado. La plantaila del objeto usa un nombre de interfaz genérico que " +"sera heredado por el objeto del contafuegos que cree. Puede necesitar " +"renombrarlos más tarde para reflejar los nombres reales de los intefaces en " +"el cortafuegos de su máquina." + +#: src/gui/.ui/newgroupdialog_q.cpp:99 +msgid "Group Name:" +msgstr "Nombre de Grupo:" + +#: src/gui/.ui/newgroupdialog_q.cpp:100 +msgid "This operation will create a new group and put selected objects in it" +msgstr "" +"Esta operación creará un nuevo grupo y pondrá los objetos seleccionados en el" + +#: src/gui/.ui/newgroupdialog_q.cpp:101 +msgid "Create a group" +msgstr "Crear un grupo" + +#: src/gui/.ui/newhostdialog_q.cpp:379 +msgid "Use preconfigured template host objects" +msgstr "Usar plantilla preconfigurada para objetos de la máquina" + +#: src/gui/.ui/newhostdialog_q.cpp:381 +msgid "" +"Next step is to add interfaces to the new host. There are two ways to do it: " +"using SNMP query or manually. Adding them using SNMP query is fast and " +"automatic, but is only possible if the host runs SNMP agent and you know " +"SNMP community string 'read'." +msgstr "" +"El siguiente paso es añadir un interfaz a la nueva máquina. Hay 2 maneras de " +"hacerlo: usando una petición SNMP o manualmente. Añadirlos usando una " +"petición SNMP es rápido y automático, pero es solo posible si el cortafuegos " +"ejecuta un agnte SNMP y conoce la cadena 'read' de la comunidad SNMP." + +#: src/gui/.ui/newhostdialog_q.cpp:384 +msgid "Use SNMP to discover interfaces of the host" +msgstr "User SNMP para descubrir interfaces de la máquina" + +#: src/gui/.ui/newhostdialog_q.cpp:388 +msgid "" +"Here you can add or edit interfaces manually. 'Name' corresponds to the name " +"of the physical interface, such as 'eth0', 'fxp0', 'ethernet0' etc. 'Label' " +"is used to mark interface to reflect network topology, e.g. 'outside' or " +"'inside'." +msgstr "" +"Aquí puede añadir o editar los interfaces manualmente. 'Nombre' corresponde " +"al nombre físico del interfaz,m como 'eth0', 'fxp0', 'ethernet' etc. " +"'Etiqueta' es usada para marca el interfaz para reflejar la topología de " +"red, e.g. 'externa' o 'interna'." + +#: src/gui/.ui/newhostdialog_q.cpp:396 +msgid "" +"This is unnumbered interface, that is, it does not have an IP address. You " +"can use this for interfaces that terminate PPPoE or other VPN tunnels" +msgstr "" +"Este es un interfaz no numerádo, que significa que no tiene dirección IP. " +"Puede usar este inferfaz como terminal PPPoE o otros tuneles VPN" + +#: src/gui/.ui/newhostdialog_q.cpp:405 +msgid "" +"Address of this interface is assigned dynamically using DHCP or PPP protocol" +msgstr "" +"La dirección de este inferfaz es asignada dinámicamente usando DHCP o el " +"protocolo PPP" + +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:148 +msgid "Conflict Resolution" +msgstr "Resolver Conflicto" + +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:149 +msgid "" +"There is a conflict between an object in your tree and object in the file " +"you are trying to open. Choose which version of this object you want to use:" +msgstr "" +"Hay un conflicto entre los objetos de su árbol y los objetos del fichero que " +"esta intentando abrir. Elija que versión de los objetos quiere usar:" + +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:150 +msgid "Current Object " +msgstr "Objeto Actual " + +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:153 +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:158 +msgid "" +"Always choose this\n" +"object if there is a conflict" +msgstr "" +"Siempre elije este\n" +"objeto si hay algún conflicto" + +#: src/gui/.ui/objectmanipulator_q.cpp:108 +msgid "Tree of Objects" +msgstr "Ãrbol de Objetos" + +#: src/gui/.ui/objectmanipulator_q.cpp:112 +msgid "Go back to the previous object" +msgstr "Volver a el objeto previo" + +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:172 +msgid "OpenBSD: advanced settings" +msgstr "OpenBSD: opciones avanzadas" + +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:178 +msgid "Enable directed broadcast" +msgstr "Activar broadcast directo" + +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:199 +msgid "pfctl:" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:103 +msgid "Page Setup" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:104 +msgid "start each section on a new page" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:105 +msgid "print header on every page" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:106 +#, fuzzy +msgid "print legend" +msgstr "Impresión completada" + +#: src/gui/.ui/pagesetupdialog_q.cpp:107 +#, fuzzy +msgid "print objects used in rules" +msgstr "Encontrar objeto en el árbol" + +#: src/gui/.ui/pagesetupdialog_q.cpp:109 +msgid "Alt+O" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:112 +#, fuzzy +msgid "Scale tables: " +msgstr "tamaño de tabla de estado:" + +#: src/gui/.ui/pagesetupdialog_q.cpp:114 +msgid "50%" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:115 +msgid "75%" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:116 +msgid "100%" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:117 +msgid "150%" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:118 +msgid "200%" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:999 +msgid "pf: advanced settings" +msgstr "pf: opciones avanzadas" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1010 +msgid "Modulate state for all stateful rules (applies only to TCP services)" +msgstr "" +"Modular estado para todas las reglas de estado (se aplica sólo a servicios " +"TCP)" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1020 +msgid "Optimization:" +msgstr "Optimización:" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1022 +msgid "Enforce Minimum TTL:" +msgstr "Forzar Mínimo TTL:" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1023 +msgid "Enforce Maximum MSS:" +msgstr "Forzar Máximo MSS:" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1024 +msgid "Enforces a maximum Maximum Segment Size (MSS) in TCP packet headers." +msgstr "" +"Forzar un máximo Maximum Segment Size (MSS) en cabeceras de paquetes TCP." + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1025 +msgid "Enforces a minimum Time To Live (TTL) in IP packet headers." +msgstr "Forzar un mínimo Time To Live (TTL) en cabeceras de paquetes IP" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1026 +msgid "Reassemble fragments" +msgstr "Reensamblar fragmentos" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1027 +msgid "Clear DF bit" +msgstr "Limpiar bit DF" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1028 +msgid "Clears the don't fragment bit from the IP packet header." +msgstr "Limpiar el bit de no fragmentado de la cabecera de los paquetes IP." + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1029 +msgid "Use random ID" +msgstr "Usar ID aleatorio" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1030 +msgid "" +"Replaces the IP identification field of outgoing packets with random values " +"to compensate for operating systems that use predictable values." +msgstr "" +"Reemplaza el campo de identificación IP de los paquetes salientes con " +"valores aleatorios para compensar los el uso de valores predecibles del " +"sistema operativo." + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1032 +msgid "Buffer and reassemble fragments (default)" +msgstr "Buffer para reensamblar fragmentos (por defecto)" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1033 +msgid "" +"Buffers incoming packet fragments and reassembles them into a complete " +"packet before passing them to the filter engine." +msgstr "" +"Guarda los fragmentos de paquetes entrantes y los reensambla en un completo " +"paquete antes de pasarlos a las funciones filtro." + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1034 +msgid "Drop duplicate fragments, do not buffer and reassemble" +msgstr "Elimina fragmentos duplicados, no bufferea y reemsanbla" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1035 +msgid "" +"Causes duplicate fragments to be dropped and any overlaps to be cropped." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1036 +msgid "Drop duplicate and subsequent fragments" +msgstr "Descarta duplicados y los subsecuentes fragmentos" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1037 +msgid "" +"Similar to 'Drop duplicate fragments' except that all duplicate or " +"overlapping fragments will be dropped as well as any further corresponding " +"fragments." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1038 +msgid "Scrub rule options" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1039 +msgid "maximum number of entries in the memory pool used for packet reassembly" +msgstr "" +"máximo número de entradas en el pool de memoria usadas para reemsamblar " +"paquetes" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1040 +msgid "table-entries" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1041 +msgid "maximum number of addresses that canbe stored in tables" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1042 +msgid "" +"maximum number of entries in the memory pool used for state table entries" +msgstr "" +"máximo número de entradas en el pool de memoria usadas para entradas de " +"tabla de estados" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1043 +#, fuzzy +msgid "state table size: " +msgstr "tamaño de tabla de estado:" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1044 +#, fuzzy +msgid "reassembly pool: " +msgstr "reensamblar el pool:" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1045 +#, fuzzy +msgid "" +"maximum number of entries in the memory pool used for tracking source IP " +"addresses" +msgstr "" +"máximo número de entradas en el pool de memoria usadas para reemsamblar " +"paquetes" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1046 +#, fuzzy +msgid "maximum number of tables that can exist in the memory simultaneously" +msgstr "" +"máximo número de entradas en el pool de memoria usadas para reemsamblar " +"paquetes" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1047 +#, fuzzy +msgid "tables" +msgstr "activar" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1048 +msgid "src-nodes" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1049 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:876 +#, fuzzy +msgid "Limits" +msgstr "minutos" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1050 +msgid "" +"When a packet matches a stateful connection, the seconds to live for the " +"connection will be updated to the value which corresponds to the connection " +"state." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1052 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1065 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1074 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1077 +msgid "first" +msgstr "primero" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1053 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1066 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1072 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1078 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1081 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1082 +msgid "The state after the first packet." +msgstr "El estado despues de el primer paquete." + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1054 +msgid "opening" +msgstr "abriendo" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1055 +msgid " The state before the destination host ever sends a packet." +msgstr " El estado antes de que la máquina destino haya enviado un paquete." + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1056 +msgid "established" +msgstr "establecido" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1057 +msgid "The fully established state." +msgstr "El estado totalmente establecido" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1058 +msgid "The state after the first FIN has been sent." +msgstr "El estado despues de que el primer FIN ha sido enviado." + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1059 +msgid "closing" +msgstr "cerrando" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1060 +msgid "" +"The state after both FINs have been exchanged and the connection is closed." +msgstr "" +"El estado despues de que ambos FINs han sido intercambiados y la conexion " +"esta cerrada." + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1061 +msgid "finwait" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1062 +msgid "The state after one endpoint sends an RST." +msgstr "El estado después de que el puntofinal envia un RST." + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1063 +msgid "closed" +msgstr "cerrado" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1064 +#: src/gui/.ui/udpservicedialog_q.cpp:221 +msgid "UDP" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1067 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1079 +msgid "single" +msgstr "simple" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1068 +msgid "" +"The state if the source host sends more than one packet but the destination " +"host has never sent one back." +msgstr "" +"El estado si la máquina fuente envia uno o mas paquetes pero la máquina " +"destino no ha enviado alguno de vuelta." + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1069 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1080 +msgid "multiple" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1070 +msgid " The state if both hosts have sent packets." +msgstr " El estado si ambas máquinas han enviado paquetes." + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1073 +msgid "The state after an ICMP error came back in response to an ICMP packet." +msgstr "" +"El estado después de que un error ICMP fue la respuesta a un paquete ICMP." + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1076 +msgid "Other Protocols" +msgstr "Otros protocolos" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1083 +msgid "Fragments" +msgstr "Fragmentos" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1084 +msgid "reassembly timeout" +msgstr "timeout de reensamblado" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1085 +msgid "state expiration timeout" +msgstr "timeout de expiración de estado" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1086 +msgid "seconds between purges of expired states and packet fragments." +msgstr "segundos entre purgar de estados expirados y fragmentos de paquetes." + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1087 +msgid "seconds before an unassembled fragment is expired." +msgstr "segundos antes de que fragentos no ensamblados expiren." + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1088 +msgid "Adaptive scaling" +msgstr "Escalado adaptativo" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1089 +msgid "" +"Timeout values can be reduced adaptively as the number of state table " +"entries grows (see man page pf.conf(5) for details)" +msgstr "" +"Los valores de timeout pueden ser reducidos adaptativamente cuando el número " +"de entradas en la tabla de estado crece (mire la página de manual pf.conf(5))" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1090 +msgid "adaptive start" +msgstr "inicio de adaptación" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1091 +msgid "" +"When the number of state entries exceeds this value, adaptive scaling begins." +msgstr "" +"Cuando el número de entradas de estado excede este valor, el escalado " +"adaptativo empieza." + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1092 +msgid "adaptive end" +msgstr "final de adaptación" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1093 +msgid "" +"When reaching this number of state entries, all timeout val- ues become " +"zero, effectively purging all state entries imme- diately." +msgstr "" +"Cuando alcance este número todas las entradas de estado, y todos los valores " +"de timeout serán zero, purgando todas las entradas de estado immediatamente." + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1094 +msgid "Activate adaptive timeout scaling" +msgstr "Activar escalado adaptativo de timeout" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1095 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1910 +msgid "Timeouts" +msgstr "Timeouts" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1114 +#, fuzzy +msgid "Insert prolog and epilog scripts" +msgstr "Insertar prologo de script " + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1116 +#, fuzzy +msgid "in the activation shell script (.fw file)" +msgstr "en lo alto del script" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1117 +msgid "in the pf rule file (.conf file)" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1119 +msgid "Log Prefix" +msgstr "Prefijo de Log" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1120 +msgid "Fallback \"deny all\" rule should log blocked packets" +msgstr "" +"Caer a la regla '\"deny all\" debería hacer log de todos los paquetes " +"bloqueados" + +#: src/gui/.ui/physaddressdialog_q.cpp:149 +msgid "physAddress" +msgstr "" + +#: src/gui/.ui/physaddressdialog_q.cpp:150 +#, fuzzy +msgid "MAC Address" +msgstr "Añadir Dirección MAC" + +#: src/gui/.ui/physaddressdialog_q.cpp:153 +msgid "Physical address (MAC):" +msgstr "Dirección física (MAX):" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1824 +msgid "PIX Firewall Settings" +msgstr "PIX Opciones del cortafuegos" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1831 +msgid "Policy Compiler Options" +msgstr "Opciones del Compilador de Políticas" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1833 +msgid "" +"Generate rules assuming the firewall is part of \"Any\". This makes a " +"difference in rules that use services 'ssh' and 'telnet' since PIX uses " +"special commands to control ssh and telnet access to the firewall machine" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1834 +msgid "" +"Replace NAT'ted objects with their \n" +"translations in policy rules" +msgstr "" +"Reemplaza objetos NAT'ted con sus \n" +"traducciones en reglas de política" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1836 +msgid "" +"PIX inspects packets with ACLs before it does NAT, while many other " +"firewalls do NAT first and then apply ACLs. Policy compiler can emulate the " +"latter behaviour if this options is turned on." +msgstr "" +"PIX inspecciona los paquetes con ACLs antes hacer NAT, mientras otros muchos " +"cortafuegos hacen primero NAT y entonces aplican ACLs. El compilador de " +"políticas puede similar ese comportamiento si activa esta opción." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1837 +msgid "Emulate outbound ACLs" +msgstr "Emular ACLs salientes" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1838 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1840 +msgid "" +"Normally PIX does not support ouotbound ACL, however policy compiler can " +"emulate them if this option is turned on" +msgstr "" +"Normalmente PIX no soporta ACLs de salida, pero el compilador de políticas " +"puede emularlas si activa esta opción" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1839 +#, fuzzy +msgid "Generate outbound ACLs" +msgstr "Emular ACLs salientes" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1843 +msgid "Optimize 'default nat' rules" +msgstr "Optimizar reglas 'default nat'" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1844 +msgid "" +"In nat rules where network zone object is used in OSrc, ODst and OSrv are " +"'any' and TSrc defines a global pool for the translation, replace object in " +"OSrc with 'any' to produce PIX command \"nat (interface) N 0.0.0.0 0.0.0.0\"" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1845 +msgid "Detect rule shadowing in the policy" +msgstr "Detectar shadowing de reglas en la política" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1847 +msgid "Verification of NAT rules" +msgstr "Verificar reglas de NAT" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1848 +msgid "Check for duplicate nat rules" +msgstr "Comprobar reglas nat duplicadas" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1849 +msgid "Check for overlapping global pools" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1850 +msgid "Check for overlapping statics" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1851 +msgid "" +"Check for overlapping global\n" +"pools and statics" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1853 +msgid "Compiler Options" +msgstr "Opciones del compilador" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1855 +msgid "Comment the code" +msgstr "Comentar el código" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1856 +msgid "Insert comments into generated PIX configuration file" +msgstr "Insertar comentarios en el fichero de configuración PIX generado" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1857 +msgid "Use ACL remarks" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1858 +msgid "Use ACL remarks to relate ACL commands and policy rules in the GUI" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1859 +msgid "Group similar commands together" +msgstr "Grupo similar de comandos juntos" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1860 +msgid "" +"Group PIX commands in the script so that similar commands appear next to " +"each other, just like PIX does it when you use 'show config'" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1861 +msgid "Use manual ACL commit on FWSM" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1862 +msgid "Access lists (requires Firewall Builder for PIX 1.1.6 and later)" +msgstr "Listas de acceso (requiere Firewall Builder para PIX 1.1.6 o superior)" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1863 +#, fuzzy +msgid "" +"Clear all access lists then install new ones. This method may interrupt " +"access to the firewall if you manage it remotely via IPSEC tunnel. This is " +"the way access lists were generated in older versions of Firewall Builder " +"for PIX." +msgstr "" +"Limpiar todas las listas de acceso cuando se instala una nueva. Este método " +"puede\n" +"interrumpir el acceso al cortafuegos si lo administra remotamante a través " +"de un\n" +"tunel IPSEC. Este fue el método usado por la anteriores versiones de " +"Firewall\n" +"Builder para PIX." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1864 +#, fuzzy +msgid "" +"Do not clear access lists and object group, just generate PIX commands for " +"the new ones. Use this optin if you have your own policy installation " +"scripts." +msgstr "" +"No limpiar las listas de acceso o grupos de objetos, generar comandos PIX\n" +"para los nuevos. Use esta opción si tiene sus propios scritps de " +"instalación\n" +"de políticas." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1865 +msgid "" +"\"Safety net\" method:\n" +"\n" +"First, create temporary access list to permit connections from the " +"management subnet specified below to the firewall and assign it to outside " +"interface. This temporary ACL helps maintain session between management " +"station and the firewall while access lists are reloaded in case connection " +"comes over IPSEC tunnel. Then clear permanent lists, recreate them and " +"assign to interfaces. This method ensures that remote access to the firewall " +"is maintained without interruption at a cost of slightly larger " +"configuration." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1868 +msgid "" +"Temporary access list should permit access from this address or subnet (use " +"prefix notation to specify subnet, e.g. 192.0.2.0/24):" +msgstr "" +"Temporalmente la lista de acceso debería permitir acceder desde esta " +"dirección o subred (use la notación con prefijo para especificar la subred " +"ej. 192.0.2.0/24):" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1890 +msgid "Set all to defaults.." +msgstr "Poner todos a por defecto.." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1891 +msgid "xlate" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1892 +msgid "conn" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1893 +msgid "udp" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1894 +msgid "rpc" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1895 +msgid "h323" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1896 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2020 +msgid "sip" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1897 +msgid "sip&media" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1898 +msgid "unauth" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1899 +msgid "telnet" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1900 +msgid "ssh" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1901 +msgid "ss" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1902 +msgid "mm" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1903 +msgid "hh" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1904 +msgid "half-closed" +msgstr "medio-cerrado" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1906 +msgid "Inactivity" +msgstr "Inactividad" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1907 +msgid "Absolute" +msgstr "Abosluto" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1911 +msgid "" +"Policy compiler generates 'fixup' commands for PIX v6.1-6.3 and FWSM v2.3. " +"For PIX 7.0 it generates 'class-map' and 'inspect' commands assigned to the " +"'policy-map' under either default or custom inspection classes." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1913 +msgid "Enable all protocols" +msgstr "Activar todos los protocolos" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1914 +msgid "Disable all protocols" +msgstr "Desactivar todos los protocolos" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1915 +msgid "Skip all protocols" +msgstr "Ignorar todos los protocolos" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1916 +#, fuzzy +msgid "Display generated commands" +msgstr "Generar comandos para arreglar:" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1918 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1927 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1933 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1941 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1950 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1958 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1966 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1972 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1980 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1988 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1995 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2002 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2009 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2017 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2024 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2032 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2040 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2048 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2055 +msgid "skip" +msgstr "ignorar" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1919 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1928 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1934 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1942 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1951 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1959 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1967 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1973 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1981 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1989 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1996 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2003 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2010 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2018 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2025 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2033 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2041 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2049 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2056 +msgid "enable" +msgstr "activar" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1920 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1929 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1935 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1943 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1952 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1960 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1968 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1974 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1982 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1990 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1997 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2004 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2011 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2019 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2026 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2034 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2042 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2050 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2057 +msgid "disable" +msgstr "desactivar" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1921 +msgid "" +"Computer Telephony Interface Quick Buffer Encoding (CTIQBE) protocol " +"inspection module that supports NAT, PAT, and bi-directional NAT." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1922 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1938 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1947 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1956 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1964 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1977 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1993 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2000 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2007 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2014 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2022 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2030 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2037 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2045 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2053 +msgid "port:" +msgstr "puerto:" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1923 +msgid "ctiqbe" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1924 +msgid "" +"Based on this maximum-length configured by the user, the DNS fixup checks to " +"see if the DNS packet length is within this limit. Every UDP DNS packet " +"(request/response) undergoes the above check." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1925 +msgid "max length:" +msgstr "max longitud:" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1930 +msgid "dns" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1931 +msgid "Enables PAT for Encapsulating Security Payload (ESP), single tunnel." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1936 +msgid "esp ike" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1939 +msgid "strict:" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1944 +msgid "" +"Activated support for FTP protocol and allows to change the ftp control " +"connection port number." +msgstr "" +"Activar soporte para protocolo FTP y permitir cambiar el número de puerto de " +"conexión de control del ftp" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1946 +msgid "" +"Specifies to use H.225, the ITU standard that governs H.225.0 session " +"establishment and packetization, with H.323" +msgstr "" +"Especificar el uso de H.225, el estandar ITU que gobierna el establecimiento " +"y paquetizacion de sesión H.225.0, con H.323" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1948 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1955 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1963 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1978 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2015 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2029 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2038 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2046 +msgid "--" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1953 +msgid "h323 h225" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1954 +msgid "" +"Specifies to use RAS with H.323 to enable dissimilar communication devices " +"to communicate with each other." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1961 +msgid "h323 ras" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1962 +msgid "" +"The default port for HTTP is 80. Use the port option to change the HTTP " +"port, or specify a range of HTTP ports." +msgstr "" +"El puerto por defecto para HTTP es 80. Use la opción de cambiar el puerto " +"HTTP, o especifique un rango de puertos HTTP." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1969 +msgid "http" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1970 +msgid "" +"Enables NAT of ICMP error messages. This creates translations for " +"intermediate hops based on the static or network address translation " +"configuration on the firewall." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1975 +msgid "icmp error" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1976 +msgid "" +"Provides NAT support for Microsoft NetMeeting, SiteServer, and Active " +"Directory products that use LightWeight Directory Access Protocol (LDAP) to " +"exchange directory information with an for Internet Locator Service (ILS) " +"server." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1983 +msgid "ils" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1984 +msgid "Enables the Media Gateway Control Protocol (MGCP) fixup." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1985 +msgid "Gateway Port:" +msgstr "Puerto de Puerta de Enlace:" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1986 +msgid "Call Agent port:" +msgstr "Puerto de Agente de llamada:" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1991 +msgid "mgcp" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1992 +msgid "" +"Enables Point-to-Point Tunneling Protocol (PPTP) application inspection." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1998 +msgid "pptp" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1999 +msgid "Enables inspection of RSH protocol." +msgstr "Actibar inspección del protocolo RSH" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2005 +msgid "rsh" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2006 +msgid "" +"Lets PIX Firewall pass Real Time Streaming Protocol (RTSP) packets. RTSP is " +"used by RealAudio, RealNetworks, Apple QuickTime 4, RealPlayer, and Cisco IP/" +"TV connections." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2012 +msgid "rtsp" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2013 +msgid "" +"Enable or change the port assignment for the Session Initiation Protocol " +"(SIP) for Voice over IP TCP connections." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2021 +msgid "Enable SIP-over-UDP application inspection." +msgstr "Activar inspección de la aplicación SIP-sobre-UDP" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2027 +msgid "sip udp" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2028 +msgid "" +"Enable SCCP application inspection. SCCP protocol supports IP telephony and " +"can coexist in an H.323 environment. An application layer ensures that all " +"SCCP signaling and media packets can traverse the PIX Firewall and " +"interoperate with H.323 terminals." +msgstr "" +"Activar inspección de la aplicación SCCP. El protocolo SCCP soporta " +"telefonía IP y puede coexistir con un entorno H.323. Un nivel de aplicación " +"asegura que todas las señales y paquetes SCCP puede atravesar el Cortafuegos " +"PIX e interoperar con terminales H.323." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2035 +msgid "skinny" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2036 +msgid "" +"Enables the Mail Guard feature, which only lets mail servers receive the RFC " +"821, section 4.5.1, commands of HELO, MAIL, RCPT, DATA, RSET, NOOP, and " +"QUIT. All other commands are translated into X's which are rejected by the " +"internal server." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2043 +msgid "smtp" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2044 +msgid "Enables support for SQL*Net protocol." +msgstr "Activar soporta para el protocolo SQL*Net" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2051 +msgid "sqlnet" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2052 +msgid "Enable TFTP application inspection." +msgstr "Activar inspección de la aplicación TFTP" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2058 +msgid "tftp" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2059 +msgid "Inspect" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2060 +msgid "Syslog" +msgstr "Syslog" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2061 +msgid "Syslog host (name or IP address):" +msgstr "Máquina Syslog (nombre o dirección IP):" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2062 +msgid "syslog facility:" +msgstr "facilidad syslog:" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2063 +msgid "syslog level ('logging trap'):" +msgstr "nivel de syslog ('logging trap'):" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2064 +msgid "Syslog message queue size (messages):" +msgstr "Tamaño de cola de mensajes de syslog (mensajes):" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2065 +msgid "Use 'EMBLEM' format for syslog messages" +msgstr "Usar el formato 'EMBLEM' para los mensajes de syslog" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2066 +msgid "" +"PIX Firewall Version 6.3 introduces support for EMBLEM format, which is " +"required when using the CiscoWorks Resource Manager Essentials (RME) syslog " +"analyzer." +msgstr "" +"PIX Firewall Versión 6.3 introduce soporte para el formato EMBLEM, el cual " +"es requerido cuando se usa el analizador de syslog CiscoWorks Resource " +"Manager Essentials (RME)." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2067 +msgid "Set device id for syslog messages (v6.3 and later):" +msgstr "" +"Incluir el id del dispositivo en los mensajes de syslog (v6.3 o superior):" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2068 +msgid "use address of interface" +msgstr "usar dirección de interfaz" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2069 +msgid "use text string" +msgstr "usar cadena de texto" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2070 +msgid "use hostname" +msgstr "usar nombre de máquina" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2071 +msgid "The logging timestamp command requires that the clock command be set." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2072 +msgid "Enable logging timestamps on syslog file" +msgstr "Activar marcas de tiempo en el fichero syslog" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2073 +msgid "Other logging destinations and levels:" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2074 +msgid "Internal buffer" +msgstr "Buffer interno" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2075 +msgid "Console" +msgstr "Consola" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2077 +msgid "Actively reset inbound TCP connections with RST" +msgstr "Activamente resetear conexiones entrantes TCP con RST" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2079 +msgid "Actively reset inbound TCP connections with RST on outside interface" +msgstr "" +"Activamente resetear conexiones entrantes TCP con RST en el interfaz externo" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2081 +msgid "Force each TCP connection to linger in a shortened TIME&WAIT" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2082 +msgid "Alt+W" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2083 +msgid "Enable the IP Frag Guard feature (deprecated in v6.3 and later)." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2084 +msgid "Enable TCP resource control for AAA Authentication Proxy" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2085 +msgid "" +"Specify that when an incoming packet does a route lookup,\n" +"the incoming interface is used to determine which interface\n" +"the packet should go to, and which is the next hop\n" +"(deprecated in v6.3 and later)." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2089 +msgid "Disable inbound embedded DNS A record fixups" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2090 +msgid "Disable outbound DNS A record replies" +msgstr "Desactivar respuestas salientes a registro DNS A" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2091 +msgid "maximum number of simultaneous TCP and UDP connections" +msgstr "máximo número de conexiones simultaneas TCP y UDP" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2092 +msgid "maximum number of embryonic connections per host" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2093 +msgid "" +"Specifies the maximum number of simultaneous TCP and UDP connections for the " +"entire subnet. The default is 0, which means unlimited connections. (Idle " +"connections are closed after the idle timeout specified by the timeout conn " +"command.)" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2094 +msgid "" +"Specifies the maximum number of embryonic connections per host. An embryonic " +"connection is a connection request that has not finished the necessary " +"handshake between source and destination. Set a small value for slower " +"systems, and a higher value for faster systems. The default is 0, which " +"means unlimited embryonic connections." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2095 +msgid "The following parameters are used for all NAT rules:" +msgstr "Los siguientes parámetros son usados por todas las reglas NAT:" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2096 +msgid "" +"(The default for both parameters is 0, which means unlimited number of " +"connections.)" +msgstr "" +"(El valor por defecto para ambos parámetros es 0, lo cual significa que el " +"número de conexiones es ilimitado.)" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2097 +msgid "PIX Options" +msgstr "Opciones PIX" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:275 +msgid "PIX Advanced Configuration Options" +msgstr "Opciones de configuración avanzadas PIX" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:276 +msgid "Set PIX host name using object's name" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:277 +msgid "Generate commands to configure addresses for interfaces" +msgstr "Generar comandos para configurar direcciones de los interfaces" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:278 src/gui/.ui/prefsdialog_q.cpp:381 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:788 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:848 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:856 +msgid "General" +msgstr "General" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:279 +msgid "NTP Servers:" +msgstr "Servidores NTP:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:282 +msgid "Server 1:" +msgstr "Servidor 1:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:283 +msgid "Server 2:" +msgstr "Servidor 2:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:284 +msgid "Server 3:" +msgstr "Servidor 3:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:286 +msgid "Preffered:" +msgstr "Preferido:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:287 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:301 +msgid "IP address:" +msgstr "Dirección IP:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:288 +msgid "NTP" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:289 +msgid "Disable SNMP Agent" +msgstr "Desactivar Agente SNMP" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:290 +msgid "Set SNMP communities using data from the firewall object dialog" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:291 +msgid "SNMP servers" +msgstr "SNMP servidores" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:293 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:297 +msgid "Poll" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:294 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:298 +msgid "Poll and Traps" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:295 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:299 +msgid "Traps" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:300 +msgid "Enable:" +msgstr "Activar:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:302 +msgid "SNMP Server 1:" +msgstr "SNMP Servidor 1:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:303 +msgid "SNMP Server 2:" +msgstr "SNMP Servidor 2:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:304 +msgid "Enable sending log messages as SNMP trap notifications" +msgstr "Activar envio de mensajes de log a traves de SNMP trap notificaciones" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:305 +msgid "SNMP" +msgstr "SNMP" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:306 +msgid "Change TCP MSS to" +msgstr "Cambiar TCP MSS a" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:307 +msgid "bytes" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:214 src/gui/.ui/prefsdialog_q.cpp:393 +msgid "File Path" +msgstr "Path de Fichero" + +#: src/gui/.ui/prefsdialog_q.cpp:363 +msgid "Preferences" +msgstr "Preferencias" + +#: src/gui/.ui/prefsdialog_q.cpp:368 +msgid "minutes" +msgstr "minutos" + +#: src/gui/.ui/prefsdialog_q.cpp:369 +msgid "Periodically save data to file every " +msgstr "Periodicamente salvar datos a cada fichero " + +#: src/gui/.ui/prefsdialog_q.cpp:370 +msgid "Tooltip delay:" +msgstr "Retardo de notas:" + +#: src/gui/.ui/prefsdialog_q.cpp:371 +msgid "Enable object tooltips" +msgstr "Activar notas en objetos" + +#: src/gui/.ui/prefsdialog_q.cpp:372 +msgid "Show deleted objects" +msgstr "Mostrar objetos borrados" + +#: src/gui/.ui/prefsdialog_q.cpp:373 +msgid "Automatically save data in dialogs when switching between objects" +msgstr "Automáticamente salvar datos en dialogos cuando cambias entre objetos" + +#: src/gui/.ui/prefsdialog_q.cpp:374 +msgid "On startup: " +msgstr "Al arrancar: " + +#: src/gui/.ui/prefsdialog_q.cpp:376 +msgid "Load standard objects" +msgstr "Cargar objetos estandar" + +#: src/gui/.ui/prefsdialog_q.cpp:377 +msgid "Load last edited file" +msgstr "Cargar el último fichero editado" + +#: src/gui/.ui/prefsdialog_q.cpp:378 +msgid "Expand all branches in the object tree" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:379 +msgid "Working directory:" +msgstr "Directorio de trabajo:" + +#: src/gui/.ui/prefsdialog_q.cpp:382 +msgid "Do not ask for the log record when checking in new file revision." +msgstr "" +"No preguntar por el registro log cuando compruebas una nueva revisión de " +"fichero." + +#: src/gui/.ui/prefsdialog_q.cpp:383 +msgid "Revision Control" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:384 +msgid "" +"A full path to the Secure Shell utility (remote command execution; for " +"example ssh on Unix or plink.exe or vsh.exe on Windows):" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:386 +msgid "SSH" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:387 +msgid "Add..." +msgstr "Añadir..." + +#: src/gui/.ui/prefsdialog_q.cpp:388 +msgid "Remove" +msgstr "Eliminar" + +#: src/gui/.ui/prefsdialog_q.cpp:389 +msgid "" +"If you remove libraries from the list, changes get in effect next time you " +"start the program" +msgstr "" +"Si tu eliminas librerías desde la lista, los cambios tendrán efecto la " +"proxima vez que inicie el programa" + +#: src/gui/.ui/prefsdialog_q.cpp:390 +msgid "Available libraries:" +msgstr "Librerías disponibles:" + +#: src/gui/.ui/prefsdialog_q.cpp:394 +msgid "Libraries" +msgstr "Librerías" + +#: src/gui/.ui/prefsdialog_q.cpp:395 +msgid "Use these labels to mark rules in the firewall policy" +msgstr "Usar estas etiquetas para marcar reglas en la política del cortafuegos" + +#: src/gui/.ui/prefsdialog_q.cpp:410 +msgid "Labels" +msgstr "Etiquetas" + +#: src/gui/.ui/printingprogressdialog_q.cpp:73 +#, fuzzy +msgid "Printing" +msgstr "Imprimir" + +#: src/gui/.ui/rcsfilepreview_q.cpp:49 src/gui/.ui/rcsfilepreview_q.cpp:122 +msgid "Revision" +msgstr "Revisión" + +#: src/gui/.ui/rcsfilepreview_q.cpp:52 src/gui/.ui/rcsfilepreview_q.cpp:123 +msgid "Date" +msgstr "Fecha" + +#: src/gui/.ui/rcsfilepreview_q.cpp:55 src/gui/.ui/rcsfilepreview_q.cpp:124 +msgid "Author" +msgstr "Autor" + +#: src/gui/.ui/rcsfilepreview_q.cpp:58 src/gui/.ui/rcsfilepreview_q.cpp:125 +msgid "Locked by" +msgstr "Bloqueado por" + +#: src/gui/.ui/rcsfilepreview_q.cpp:120 +msgid "RCSFilePreview" +msgstr "" + +#: src/gui/.ui/rcsfilepreview_q.cpp:121 +msgid "Open read-only" +msgstr "Abrir sólo-lectura" + +#: src/gui/.ui/rcsfilepreview_q.cpp:126 +msgid "RCS log:" +msgstr "" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:100 +msgid "Log record for the new revision" +msgstr "Registro log para la nueva revisión" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:101 +msgid "Do not ask me anymore, always check files in with empty log" +msgstr "No preguntar más, siempre quechear ficheros con un log vacio" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:102 +msgid "Check file &in" +msgstr "Quequear f&ichero en" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:103 +msgid "Alt+I" +msgstr "" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:106 +#, qt-format +msgid "Checking file %1 into RCS" +msgstr "Quequear fichero %1 en RCS" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:107 +msgid "Log record for this revision: " +msgstr "Registro log para esta revisión" + +#: src/gui/.ui/routingruleoptionsdialog_q.cpp:118 +#, fuzzy +msgid "Routing Rule Options" +msgstr "Opciones de Regla" + +#: src/gui/.ui/routingruleoptionsdialog_q.cpp:120 +msgid "If installation of this routing rule fails, just carry on" +msgstr "" + +#: src/gui/.ui/routingruleoptionsdialog_q.cpp:121 +msgid "No options available for routing rules of this firewall platform" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:783 +msgid "Rule Options for ipt" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:785 +msgid "" +"Assume firewall is part of 'any' (this setting only affects code generated " +"for this rule)" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:786 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:845 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:853 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:877 +msgid "Stateless rule" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:787 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:844 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:852 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:878 +msgid "" +"Normally policy compiler uses stateful inspection in each rule. Activating " +"next option makes this rule stateless." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:800 +msgid "Netlink group (if using ULOG): " +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:802 +msgid "Rate (rule matches if it hits this often or less):" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:803 +msgid "Module limit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:804 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:827 +msgid "Burst:" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:811 +msgid "limit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:812 +msgid "bit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:813 +msgid "per network with netmask of " +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:814 +msgid "Number of allowed connections per client host" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:815 +msgid "Module connlimit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:816 +#, fuzzy +msgid "connlimit" +msgstr "Limite de Logging:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:817 +msgid "Module hashlimit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:818 +msgid "" +"On some older systems this module has name 'dstlimit'. Check here if you " +"need to use this name." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:819 +#, fuzzy +msgid "Rate:" +msgstr "Fecha:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:828 +#, fuzzy +msgid "Mode:" +msgstr "Código:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:830 +#, fuzzy +msgid "dstip" +msgstr "ignorar" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:831 +#, fuzzy +msgid "srcip" +msgstr "ignorar" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:832 +msgid "dstip,dstport" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:833 +msgid "srcip,srcport" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:834 +#, fuzzy +msgid "htable-size:" +msgstr "tamaño de tabla de estado:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:835 +msgid "" +"The number of buckets of the hash table (omit this option in generated " +"script if set to 0)" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:836 +msgid "htable-max:" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:837 +msgid "" +"Maximum number of entries in the hash (omit this option in generated script " +"if set to 0)" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:838 +msgid "htable-expire:" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:839 +msgid "" +"After how many milliseconds do hash entries expire (omit this option in the " +"generated script if set to 0)" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:840 +msgid "htable-gcinterval:" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:841 +msgid "" +"How many milliseconds between garbage collection intervals (omit this option " +"in generated script if set to 0)" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:842 +msgid "" +"Options below control size of the hash table and expiration time. They will " +"be omitted from the generated script if set to zero." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:843 +msgid "hashlimit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:846 +#, fuzzy +msgid "" +"Send ICMP 'unreachable' packet masquerading as being from the original " +"destination" +msgstr "" +"Enviar paquete ICMP 'unreachable'\n" +"enmascarándolo como si fuera\n" +"desde el destino original" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:847 +#, fuzzy +msgid "" +"Keep information on fragmented packets, to be applied to later fragments" +msgstr "" +"Guardar información de paquetes\n" +"fragmentados, para ser aplicada más tarde\n" +"a los fragmentos" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:854 +msgid "" +"In PF 4.x \"flags S/SA keep state\" is the default. Compiler will omit these " +"flags while generating code for stateful rules matching tcp services. " +"However, according to the PF FAQ, care should be taken while dealing with " +"states and interface enc0. To avoid leaking unencrypted traffic out, the FAQ " +"recommends setting 'keep state' explicitly in all rules on the enc0 " +"interface. This option applies only if version is set to 4.x." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:855 +msgid "Add 'keep state' " +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:859 +msgid "Activate source tracking" +msgstr "Activar tracking de origen" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:860 +msgid "" +"When this option is checked, the number of states per source IP is tracked " +msgstr "" +"Cuando esta opción es activada, el número de estados por IP origen es " +"tracked " + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:861 +#, fuzzy +msgid "" +"Maximum number of source addresses which can simultaneously have state table " +"entries (max-src-nodes):" +msgstr "" +"Máximo número de direcciones origen la cuales pueden simultaneamente tener " +"entradas en la tabla de estados:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:862 +#, fuzzy +msgid "" +"Maximum number of simultaneous state entries that a single source address " +"can create with this rule (max-src-states):" +msgstr "" +"Máximo número de entradas de estado simultaneas que una simple dirección " +"origen puede crear con esta regla:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:863 +msgid "Tracking" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:864 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:872 +msgid "overload table:" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:865 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:871 +msgid "flush" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:866 +#, fuzzy +msgid "" +"Maximum number of simultaneous TCP connections that a single host can make " +"(max-src-conn):" +msgstr "" +"Máximo número de entradas de estado simultaneas que una simple dirección " +"origen puede crear con esta regla:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:867 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:870 +msgid "global" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:868 +msgid "The limit of new connections over a time interval (max-src-conn-rate):" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:869 +msgid "/" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:873 +#, fuzzy +msgid "sec" +msgstr "/segundo" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:874 +msgid "" +"When this limit is reached, further packets matching the rule that would " +"create state are dropped, until existing states time out." +msgstr "" +"Cuando el límite es alcanzado, el resto de paquetes que encajen con la regla " +"creada son deshechados, hasta que el tiempo del existente estado termine." + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:875 +#, fuzzy +msgid "" +"Maximum number of concurrent states this rule may create. Unlimited if set " +"to zero (option 'max')." +msgstr "" +"Máximo número de estados concurrentes que esta regla puede crear. " +"(Ilimitados si se pone a cero)." + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:879 +msgid "These options are only valid for PIX running software v6.3 or later" +msgstr "Esta opciones son validas para PIX corriendo software v.6.3 o superior" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:880 +#, fuzzy +msgid "completely disable logging for this rule" +msgstr "" +"completamente desactivado logging\n" +"para esta regla" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:882 +msgid "Logging interval:" +msgstr "Logging intervalo:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:883 +msgid "Tere are no options for this firewall platform" +msgstr "" + +#: src/gui/.ui/simpletextview_q.cpp:92 +msgid "Text viewer" +msgstr "" + +#: src/gui/.ui/simpletextview_q.cpp:93 +#, fuzzy +msgid "Object Name" +msgstr "Nombre de Objeto: " + +#: src/gui/.ui/solarisadvanceddialog_q.cpp:182 +msgid "Solaris: advanced settings" +msgstr "Solaris: opciones avanzadas" + +#: src/gui/.ui/solarisadvanceddialog_q.cpp:187 +msgid "Ignore ICMP redirects" +msgstr "Ignorar redicciones ICMP" + +#: src/gui/.ui/solarisadvanceddialog_q.cpp:192 +msgid "Forward directed broadcasts" +msgstr "" + +#: src/gui/.ui/solarisadvanceddialog_q.cpp:193 +msgid "Respond to echo broadcast" +msgstr "Respuesta a eco broadcast" + +#: src/gui/.ui/tagservicedialog_q.cpp:148 +#, fuzzy +msgid "Tag Service" +msgstr "Servicio TCP" + +#: src/gui/.ui/tcpservicedialog_q.cpp:375 +msgid "Use option \"established\" if supported by the target firewall platform" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:377 +msgid "Settings:" +msgstr "Opciones:" + +#: src/gui/.ui/tcpservicedialog_q.cpp:390 +msgid "U" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:391 +msgid "A" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:392 +msgid "P" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:393 +msgid "R" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:394 +msgid "S" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:395 +msgid "F" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:396 +msgid "Mask:" +msgstr "Máscara:" + +#: src/gui/.ui/tcpservicedialog_q.cpp:397 +#, fuzzy +msgid "Flags:" +msgstr "Flags TCP" + +#: src/gui/.ui/tcpservicedialog_q.cpp:400 +#: src/gui/.ui/udpservicedialog_q.cpp:224 +msgid "Source Port Range" +msgstr "Rango de Puertos Origen" + +#: src/gui/.ui/tcpservicedialog_q.cpp:401 +#: src/gui/.ui/tcpservicedialog_q.cpp:404 +#: src/gui/.ui/udpservicedialog_q.cpp:225 +#: src/gui/.ui/udpservicedialog_q.cpp:228 +msgid "Start:" +msgstr "Inicio:" + +#: src/gui/.ui/tcpservicedialog_q.cpp:402 +#: src/gui/.ui/tcpservicedialog_q.cpp:405 +#: src/gui/.ui/udpservicedialog_q.cpp:226 +#: src/gui/.ui/udpservicedialog_q.cpp:229 +msgid "End:" +msgstr "Final:" + +#: src/gui/.ui/tcpservicedialog_q.cpp:403 +#: src/gui/.ui/udpservicedialog_q.cpp:227 +msgid "Destination Port Range" +msgstr "Rango de Puertos Destino" + +#: src/gui/.ui/timedialog_q.cpp:246 src/gui/.ui/timedialog_q.cpp:263 +msgid "Sunday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:247 src/gui/.ui/timedialog_q.cpp:264 +msgid "Monday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:248 src/gui/.ui/timedialog_q.cpp:265 +msgid "Tuesday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:249 src/gui/.ui/timedialog_q.cpp:266 +msgid "Wednesday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:250 src/gui/.ui/timedialog_q.cpp:267 +msgid "Thursday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:251 src/gui/.ui/timedialog_q.cpp:268 +msgid "Friday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:252 src/gui/.ui/timedialog_q.cpp:269 +msgid "Saturday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:253 +#, fuzzy +msgid "Start day of week:" +msgstr "Día de la semana (0-6):" + +#: src/gui/.ui/timedialog_q.cpp:254 +#, fuzzy +msgid "Start time:" +msgstr "Inicio:" + +#: src/gui/.ui/timedialog_q.cpp:255 +#, fuzzy +msgid "Start date:" +msgstr "Inicio:" + +#: src/gui/.ui/timedialog_q.cpp:258 +#, fuzzy +msgid "End date:" +msgstr "Activar:" + +#: src/gui/.ui/timedialog_q.cpp:260 +#, fuzzy +msgid "End time:" +msgstr "Final:" + +#: src/gui/.ui/timedialog_q.cpp:270 +#, fuzzy +msgid "End day of week:" +msgstr "Día de la semana (0-6):" + +#: src/gui/utils.cpp:197 +msgid "" +"Impossible to apply changes because object is located in read-only\n" +"part of the tee or data file was opened read-only" +msgstr "" +"Imposible aplicar los cambios porque el objeto es lalizado en un parte\n" +"de solo lectura o el fichero de datos fue abierto en sólo lectura" + +#: src/gui/utils.cpp:219 +#, qt-format +msgid "Object with name '%1' already exists, please choose different name." +msgstr "Objeto con nombre '%1' ya existe, por favor elija un nombre diferente." + +#: src/gui/aboutdialog_q.ui.h:14 +msgid "Revision: %1 ( Build: %2 )" +msgstr "" + +#: src/gui/aboutdialog_q.ui.h:16 +#, fuzzy +msgid "Using Firewall Builder API %1" +msgstr "Usando libfwbuilder API v" + +#: src/gui/aboutdialog_q.ui.h:19 +msgid "Registered" +msgstr "" + +#: src/gui/aboutdialog_q.ui.h:20 +msgid "Unregistered" +msgstr "" + +#: src/gui/upgradePredicate.h:45 +msgid "" +"The data file you are trying to open has been\n" +"saved with an older version of Firewall Builder.\n" +"Opening it in this version will cause it to be\n" +"upgraded, which may prevent older versions of\n" +"the program from reading it. Backup copy of your\n" +"file in the old format will be made in the same\n" +"directory with extension '.bak'.\n" +"Are you sure you want to open it?" +msgstr "" +"Los fichero de dato que intenta abrir ha sido salvado\n" +"con una versión más antigua de Firewall Builder.\n" +"Abrirlo con esta versión causará que sea actualizado\n" +"lo cual puede evitar que versiones mas antiguas del\n" +"programa puedan leerlo. Una copia del fichero con el\n" +"formato antiguo será creada en el mismo directorio con\n" +"la extensión '.bak'.\n" +"Está seguro que quiere abrirlo?" + +#: src/gui/upgradePredicate.h:53 +msgid "&Upgrade" +msgstr "Act&ualizar" + +#: src/gui/upgradePredicate.h:54 +msgid "&Do not load the file" +msgstr "No cargar el fichero" + +#, fuzzy +#~ msgid "Policy/%1" +#~ msgstr "Política" + +#, fuzzy +#~ msgid "Save configuration" +#~ msgstr "Guardar configuración\n" + +#, fuzzy +#~ msgid "Save configuration to standby unit" +#~ msgstr "Save configuración a unidad standby\n" + +#, fuzzy +#~ msgid "Exiting" +#~ msgstr "Saliendo\n" + +#, fuzzy +#~ msgid "C&ommit" +#~ msgstr "Comentario" + +#~ msgid "Enter authentication information below and click 'Next'" +#~ msgstr "Introduzca información de autenticación abajo y pulse 'Siguiente'" + +#~ msgid "Activate a rule on:" +#~ msgstr "Activar una regla on:" + +#~ msgid "Date:" +#~ msgstr "Fecha:" + +#~ msgid "Time:" +#~ msgstr "Tiempo:" + +#~ msgid "Deactivate a rule on:" +#~ msgstr "Desactivar la regla on:" + +#~ msgid "" +#~ "Some objects have been modified since\n" +#~ "you compiled the policy last time.\n" +#~ "Do you want to recompile it before you install ?" +#~ msgstr "" +#~ "Algunos objetos fueron modificados desde\n" +#~ "que compiló la política la última vez.\n" +#~ "Quiere recompilarlo antes de instalar ?" + +#~ msgid "&Compile" +#~ msgstr "&Compilar" + +#~ msgid "&Install old copy" +#~ msgstr "&Instalar la copia antigua" + +#~ msgid "" +#~ "When you delete an object, it is removed from the tree and\n" +#~ "all groups and firewall policy rules that reference it.\n" +#~ "Do you want to delete selected objects ?" +#~ msgstr "" +#~ "Cuando se elimina un objeto, esto se elimina del árbol igual que\n" +#~ "todos los grupos y reglas de políticas del cortafuegos a que referencia.\n" +#~ "Esta seguro que quiere borrar los objetos seleccionados ?" + +#~ msgid "Find Secure File Transfer utility" +#~ msgstr "Encontrar utilidad de transferencía de fichero segura" + +#, fuzzy +#~ msgid "Metric Editor" +#~ msgstr "Editor de script" + +#~ msgid "End\n" +#~ msgstr "Final\n" + +#~ msgid "Pushing firewall configuration\n" +#~ msgstr "Poniendo configuración del cortafuegos\n" + +#~ msgid "Apply Changes" +#~ msgstr "Aplicar Cambios" + +#, fuzzy +#~ msgid "..." +#~ msgstr "Añadir..." + +#, fuzzy +#~ msgid "File preview:" +#~ msgstr "Propiedades de Fichero" + +#~ msgid "" +#~ "Drop here firewall objects that should be used as policy templates for " +#~ "this firewall. Rules will be added on top of the rules of this firewall " +#~ "and will be taken from policies of the template objects in the order they " +#~ "were added, from top to bottom:" +#~ msgstr "" +#~ "Arrastre aquí los objetos del cortafuegos que deberían ser usados como " +#~ "pantillas de política del cortafuegos. Las reglas serán añadidas a los de " +#~ "las reglas del cortafuegos y será cogidas desde políticas de los " +#~ "plantillas de objetos en el orden en que fueron añadidas, desde arriba a " +#~ "abajo:" + +#~ msgid "SNMP community:" +#~ msgstr "Comunidad SNMP:" + +#~ msgid "Contact:" +#~ msgstr "Contacto:" + +#~ msgid "SNMP Get" +#~ msgstr "SNMP Get" + +#~ msgid "Description:" +#~ msgstr "Descripción:" + +#~ msgid "Installing policy rules on firewall '%1'. Logging in" +#~ msgstr "Instalando reglas de politica en el cortafuegos '%1'. Logging in" + +#~ msgid "" +#~ "Check option 'Unnumbered interface' for the interface that does not have " +#~ "an IP address. Examples of interfaces of this kind are those used to " +#~ "terminate PPPoE or VPN tunnels and interfaces of the bridging firewall." +#~ msgstr "" +#~ "Active la opción 'interfaz no numérado' para que el interfaz no tenga " +#~ "dirección IP. Ejemplo de interfaces de este tipo son aquellos usados como " +#~ "terminales PPPoE o tuneles VPN e interfaces para cortafuegos tipo " +#~ "bridging." + +#~ msgid "Fixup" +#~ msgstr "Arreglar" + +#~ msgid "Ask user what to do" +#~ msgstr "Preguntar al usuario que hacer" + +#~ msgid "" +#~ "This option is provisional and will change or disappear in future " +#~ "releases because we expect to make this a default behavior." +#~ msgstr "" +#~ "Esta opción es provisional y cambiará o desaparecerá en futuras versiones " +#~ "porque esperamos hacer este el comportamiento por defecto." + +#~ msgid "Data format" +#~ msgstr "Formato de datos" + +#~ msgid "Welcome to Firewall Builder" +#~ msgstr "Bievenido a Firewall Builder" + +#~ msgid "Firewall Builder N.N.N" +#~ msgstr "Firewall Builder N.N.N" + +#~ msgid "Do you want to open existing project file or create a new one?" +#~ msgstr "Quiere abrir un fichero de proyecto existente o crear uno nuevo?" + +#~ msgid "Create new project file" +#~ msgstr "Crear un nuevo fichero de proyecto" + +#~ msgid "Open existing file" +#~ msgstr "Abrir un fichero existente" + +#~ msgid "File name: %1" +#~ msgstr "Nombre de fichero: %1" + +#~ msgid "" +#~ "Activate Revision Control System for this file\n" +#~ "(if you do not do this now, you can always activate it later)" +#~ msgstr "" +#~ "Activar Revision Control System para este fichero\n" +#~ "(si no lo activa ahora, siempre puede activarlo más tarde)" + +#~ msgid "" +#~ "Let the program automatically open this file when I start it next time\n" +#~ "(you can activate this option later using Preferences dialog)" +#~ msgstr "" +#~ "Dejar que el programa abra automáticamente este fichero cuando arranquela " +#~ "proxima vez\n" +#~ "(puede activar esta opción más tarde usando el dialogo Preferencias)" + +#~ msgid "Recognize regular expressions in search pattern" +#~ msgstr "Reconocer expresiones regulares en el patrón de busqueda" diff --git a/po/es.qm b/po/es.qm new file mode 100644 index 000000000..bb39cea2f Binary files /dev/null and b/po/es.qm differ diff --git a/po/fr.po b/po/fr.po new file mode 100644 index 000000000..552457c8f --- /dev/null +++ b/po/fr.po @@ -0,0 +1,7422 @@ +# French translation of fwbuilder. +# Copyright (C) 2004 NetCitadel, LLC +# This file is distributed under the same license as the fwbuilder package. +# Jean-Michel Pouré , 2004. +# , fuzzy +# +# +msgid "" +msgstr "" +"Project-Id-Version: fwbuilder 2.0\n" +"Report-Msgid-Bugs-To: vadim@fwbuilder.org\n" +"POT-Creation-Date: 2007-12-08 21:27-0800\n" +"PO-Revision-Date: 2004-05-19 11:06+0200\n" +"Last-Translator: Jean-Michel Pouré \n" +"Language-Team: French\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#: src/gui/ActionsDialog.cpp:97 +msgid "" +"'Chabge inbound interface', 'Continue packet inspection' and 'Make a copy' " +"options are mutually exclusive" +msgstr "" + +#: src/gui/ActionsDialog.cpp:98 src/gui/ActionsDialog.cpp:123 +#: src/gui/AddressRangeDialog.cpp:108 src/gui/AddressRangeDialog.cpp:119 +#: src/gui/FirewallDialog.cpp:315 src/gui/FirewallDialog.cpp:340 +#: src/gui/FWWindow.cpp:724 src/gui/FWWindow.cpp:733 src/gui/FWWindow.cpp:858 +#: src/gui/FWWindow.cpp:1082 src/gui/FWWindow.cpp:1095 +#: src/gui/FWWindow.cpp:1111 src/gui/FWWindow.cpp:1149 +#: src/gui/FWWindow.cpp:1155 src/gui/FWWindow.cpp:1224 +#: src/gui/FWWindow.cpp:1318 src/gui/FWWindow.cpp:1360 +#: src/gui/FWWindow.cpp:1383 src/gui/FWWindow.cpp:1456 +#: src/gui/FWWindow.cpp:1474 src/gui/FWWindow.cpp:1537 +#: src/gui/FWWindow.cpp:1549 src/gui/FWWindowPrint.cpp:923 +#: src/gui/instDialog.cpp:719 src/gui/instDialog.cpp:1462 +#: src/gui/instDialog.cpp:1580 src/gui/IPv4Dialog.cpp:146 +#: src/gui/IPv4Dialog.cpp:160 src/gui/listOfLibraries.cpp:148 +#: src/gui/listOfLibraries.cpp:188 src/gui/listOfLibraries.cpp:215 +#: src/gui/NetworkDialog.cpp:109 src/gui/NetworkDialog.cpp:120 +#: src/gui/RCS.cpp:499 src/gui/RCS.cpp:688 src/gui/RCS.cpp:701 +#: src/gui/RCS.cpp:718 src/gui/RCS.cpp:801 src/gui/utils.cpp:198 +msgid "&Continue" +msgstr "&Continuer" + +#: src/gui/ActionsDialog.cpp:122 +msgid "" +"Rule name for accounting is converted to the iptables\n" +"chain name and therefore may not contain white space\n" +"and special characters." +msgstr "" + +#: src/gui/ActionsDialog.cpp:222 src/gui/ActionsDialog.cpp:223 +#: src/gui/.ui/actionsdialog_q.cpp:470 +msgid "Emulation is currently ON, rule will be terminating" +msgstr "" + +#: src/gui/ActionsDialog.cpp:226 src/gui/ActionsDialog.cpp:227 +msgid "Emulation is currently OFF, rule will be non-terminating" +msgstr "" + +#: src/gui/AddressRangeDialog.cpp:107 src/gui/AddressRangeDialog.cpp:118 +#: src/gui/IPv4Dialog.cpp:145 src/gui/NetworkDialog.cpp:108 +#, qt-format +msgid "Illegal IP address '%1'" +msgstr "" + +#: src/gui/ColorLabelMenuItem.cpp:48 +msgid "no color" +msgstr "" + +#: src/gui/CommentEditorPanel.cpp:75 src/gui/SimpleTextEditor.cpp:66 +msgid "Warning: loading from file discards current contents of the script." +msgstr "" + +#: src/gui/CommentEditorPanel.cpp:80 +msgid "Choose file that contains PIX commands" +msgstr "" + +#: src/gui/CommentEditorPanel.cpp:88 src/gui/DiscoveryDruid.cpp:791 +#: src/gui/SimpleTextEditor.cpp:79 +#, qt-format +msgid "Could not open file %1" +msgstr "" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:157 +#: src/gui/FindWhereUsedWidget.cpp:171 src/gui/FWWindow.cpp:2115 +#: src/gui/FWWindowPrint.cpp:369 +msgid "NAT" +msgstr "NAT" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:160 +#: src/gui/FindWhereUsedWidget.cpp:174 src/gui/FWWindow.cpp:2087 +msgid "Policy" +msgstr "Politique" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:163 +#: src/gui/FindWhereUsedWidget.cpp:177 src/gui/FWWindow.cpp:2130 +#: src/gui/FWWindowPrint.cpp:396 src/gui/platforms.cpp:559 +#, fuzzy +msgid "Routing" +msgstr "Comptabilisation" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:166 +#: src/gui/FindWhereUsedWidget.cpp:180 +msgid "Unknown rule set" +msgstr "" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:168 +#: src/gui/FindWhereUsedWidget.cpp:182 +#, fuzzy, qt-format +msgid "/Rule%1" +msgstr "Règle %1" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:182 +#: src/gui/FindWhereUsedWidget.cpp:196 +msgid "Type: " +msgstr "" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:203 +msgid "Not used anywhere" +msgstr "" + +#: src/gui/DialogFactory.cpp:158 src/gui/DialogFactory.cpp:181 +#, qt-format +msgid "Support module for %1 is not available" +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:616 +#, fuzzy +msgid "Hosts file parsing ..." +msgstr "Configuration de l'OS de l'hôte..." + +#: src/gui/DiscoveryDruid.cpp:625 +msgid "DNS zone transfer ..." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:635 +msgid "Network discovery using SNMP ..." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:645 +#, fuzzy +msgid "Import configuration from file ..." +msgstr "Importer depuis un fichier..." + +#: src/gui/DiscoveryDruid.cpp:790 src/gui/DiscoveryDruid.cpp:1675 +#: src/gui/DiscoveryDruid.cpp:1722 +msgid "Discovery error" +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:1086 src/gui/DiscoveryDruid.cpp:1158 +msgid "Adding objects ..." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:1086 src/gui/DiscoveryDruid.cpp:1159 +#: src/gui/DiscoveryDruid.cpp:1362 src/gui/DiscoveryDruid.cpp:1507 +#: src/gui/DiscoveryDruid.cpp:1549 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:111 +#: src/gui/.ui/filterdialog_q.cpp:154 src/gui/.ui/instoptionsdialog_q.cpp:286 +#: src/gui/.ui/libexport_q.cpp:113 src/gui/.ui/newgroupdialog_q.cpp:102 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1826 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:310 +#: src/gui/.ui/printingprogressdialog_q.cpp:74 +#: src/gui/.ui/simpleinteditor_q.cpp:89 src/gui/.ui/simpletexteditor_q.cpp:96 +msgid "Cancel" +msgstr "Annuler" + +#: src/gui/DiscoveryDruid.cpp:1362 +#, fuzzy +msgid "Prepare objects ..." +msgstr "Arborescence d'objets" + +#: src/gui/DiscoveryDruid.cpp:1507 src/gui/DiscoveryDruid.cpp:1548 +msgid "Copying results ..." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:1838 +msgid "Incomlete network specification." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:1917 +msgid "Empty community string" +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:2132 +msgid "" +"Firewall Builder can import Cisco IOS access lists from the router " +"configuration saved using 'show run' or any other command that saves running " +"config. The name of the created firewall object, all of its interfaces and " +"their addresses will be configured automatically if this information can be " +"found in the configuration file." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:2143 +msgid "" +"Firewall Builder can import iptables rules from a file in iptables-save " +"format. Firewall name and addresses of its interfaces need to be configured " +"manually because iptables-save file does not have this information. " +msgstr "" + +#: src/gui/execDialog.cpp:101 src/gui/instDialog.cpp:1436 +#: src/gui/instDialog.cpp:2110 +msgid "Error: Failed to start program" +msgstr "Erreur : impossible de lancer l'application" + +#: src/gui/filePropDialog.cpp:62 +#, fuzzy +msgid "Opened read-only" +msgstr "Ouvrir·en·lecture-seule" + +#: src/gui/filePropDialog.cpp:80 +#, fuzzy, qt-format +msgid "Revision %1" +msgstr "Version :" + +#: src/gui/FilterDialog.cpp:102 +msgid "Filter error" +msgstr "" + +#: src/gui/FilterDialog.cpp:102 +msgid "Invalid RegExp." +msgstr "" + +#: src/gui/FilterDialog.cpp:404 src/gui/GroupObjectDialog.cpp:144 +#: src/gui/.ui/findobjectwidget_q.cpp:203 +#: src/gui/.ui/newfirewalldialog_q.cpp:171 +#: src/gui/.ui/newfirewalldialog_q.cpp:322 +#: src/gui/.ui/newfirewalldialog_q.cpp:501 +#: src/gui/.ui/newfirewalldialog_q.cpp:523 src/gui/.ui/newhostdialog_q.cpp:187 +#: src/gui/.ui/newhostdialog_q.cpp:397 src/gui/.ui/prefsdialog_q.cpp:210 +#: src/gui/.ui/prefsdialog_q.cpp:391 +msgid "Name" +msgstr "Nom" + +#: src/gui/FilterDialog.cpp:405 src/gui/FWWindowPrint.cpp:94 +#: src/gui/.ui/discoverydruid_q.cpp:1021 src/gui/.ui/finddialog_q.cpp:134 +#: src/gui/.ui/findobjectwidget_q.cpp:204 src/gui/.ui/ipv4dialog_q.cpp:170 +#: src/gui/.ui/newfirewalldialog_q.cpp:173 +#: src/gui/.ui/newfirewalldialog_q.cpp:324 +#: src/gui/.ui/newfirewalldialog_q.cpp:503 +#: src/gui/.ui/newfirewalldialog_q.cpp:525 src/gui/.ui/newhostdialog_q.cpp:189 +#: src/gui/.ui/newhostdialog_q.cpp:399 +msgid "Address" +msgstr "Adresse" + +#: src/gui/FilterDialog.cpp:408 +#, fuzzy +msgid "Contains" +msgstr "Contenu" + +#: src/gui/FilterDialog.cpp:409 +msgid "Is equal to" +msgstr "" + +#: src/gui/FilterDialog.cpp:410 +msgid "Starts with" +msgstr "" + +#: src/gui/FilterDialog.cpp:411 +#, fuzzy +msgid "Ends with" +msgstr "Edition" + +#: src/gui/FilterDialog.cpp:412 +msgid "Matches Wildcard" +msgstr "" + +#: src/gui/FilterDialog.cpp:413 +msgid "Matches RegExp" +msgstr "" + +#: src/gui/findDialog.cpp:269 src/gui/FindObjectWidget.cpp:324 +msgid "Search hit the end of the object tree." +msgstr "" + +#: src/gui/findDialog.cpp:270 src/gui/FindObjectWidget.cpp:317 +#: src/gui/FindObjectWidget.cpp:325 +#, fuzzy +msgid "&Continue at top" +msgstr "&Continuer" + +#: src/gui/findDialog.cpp:270 src/gui/FindObjectWidget.cpp:317 +#: src/gui/FindObjectWidget.cpp:325 +msgid "&Stop" +msgstr "" + +#: src/gui/FindObjectWidget.cpp:316 +#, fuzzy +msgid "Search hit the end of the policy rules." +msgstr "Chercher dans les règles de la politique" + +#: src/gui/FindObjectWidget.cpp:354 +msgid "Search or Replace object ind't specified." +msgstr "" + +#: src/gui/FindObjectWidget.cpp:364 +msgid "Cannot replace object by itself." +msgstr "" + +#: src/gui/FindObjectWidget.cpp:372 +msgid "Search and Replace objects are incompatible." +msgstr "" + +#: src/gui/FindObjectWidget.cpp:466 +#, qt-format +msgid "Replaced %1 objects." +msgstr "" + +#: src/gui/FindObjectWidget.cpp:585 +msgid "Policy of firewall '" +msgstr "" + +#: src/gui/FirewallDialog.cpp:314 src/gui/FirewallDialog.cpp:339 +#, qt-format +msgid "FWBuilder API error: %1" +msgstr "" + +#: src/gui/freebsdAdvancedDialog.cpp:62 src/gui/linksysAdvancedDialog.cpp:68 +#: src/gui/linux24AdvancedDialog.cpp:62 src/gui/macosxAdvancedDialog.cpp:62 +#: src/gui/openbsdAdvancedDialog.cpp:62 src/gui/solarisAdvancedDialog.cpp:62 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:195 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:199 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:203 +#: src/gui/.ui/linux24advanceddialog_q.cpp:371 +#: src/gui/.ui/linux24advanceddialog_q.cpp:375 +#: src/gui/.ui/linux24advanceddialog_q.cpp:379 +#: src/gui/.ui/linux24advanceddialog_q.cpp:383 +#: src/gui/.ui/linux24advanceddialog_q.cpp:387 +#: src/gui/.ui/linux24advanceddialog_q.cpp:391 +#: src/gui/.ui/linux24advanceddialog_q.cpp:395 +#: src/gui/.ui/linux24advanceddialog_q.cpp:399 +#: src/gui/.ui/linux24advanceddialog_q.cpp:403 +#: src/gui/.ui/linux24advanceddialog_q.cpp:418 +#: src/gui/.ui/linux24advanceddialog_q.cpp:422 +#: src/gui/.ui/linux24advanceddialog_q.cpp:426 +#: src/gui/.ui/linux24advanceddialog_q.cpp:430 +#: src/gui/.ui/linux24advanceddialog_q.cpp:434 +#: src/gui/.ui/linux24advanceddialog_q.cpp:438 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:172 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:176 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:180 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:180 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:184 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:189 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:193 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:189 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:195 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:199 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:204 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:208 +msgid "No change" +msgstr "Aucun changement" + +#: src/gui/freebsdAdvancedDialog.cpp:65 src/gui/linksysAdvancedDialog.cpp:71 +#: src/gui/linux24AdvancedDialog.cpp:65 src/gui/macosxAdvancedDialog.cpp:65 +#: src/gui/openbsdAdvancedDialog.cpp:65 src/gui/solarisAdvancedDialog.cpp:65 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:196 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:200 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:204 +#: src/gui/.ui/linux24advanceddialog_q.cpp:372 +#: src/gui/.ui/linux24advanceddialog_q.cpp:376 +#: src/gui/.ui/linux24advanceddialog_q.cpp:380 +#: src/gui/.ui/linux24advanceddialog_q.cpp:384 +#: src/gui/.ui/linux24advanceddialog_q.cpp:388 +#: src/gui/.ui/linux24advanceddialog_q.cpp:392 +#: src/gui/.ui/linux24advanceddialog_q.cpp:396 +#: src/gui/.ui/linux24advanceddialog_q.cpp:400 +#: src/gui/.ui/linux24advanceddialog_q.cpp:404 +#: src/gui/.ui/linux24advanceddialog_q.cpp:419 +#: src/gui/.ui/linux24advanceddialog_q.cpp:423 +#: src/gui/.ui/linux24advanceddialog_q.cpp:427 +#: src/gui/.ui/linux24advanceddialog_q.cpp:431 +#: src/gui/.ui/linux24advanceddialog_q.cpp:435 +#: src/gui/.ui/linux24advanceddialog_q.cpp:439 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:173 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:177 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:181 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:181 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:185 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:190 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:194 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:190 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:196 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:200 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:205 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:209 +msgid "On" +msgstr "Activé" + +#: src/gui/freebsdAdvancedDialog.cpp:68 src/gui/linksysAdvancedDialog.cpp:74 +#: src/gui/linux24AdvancedDialog.cpp:68 src/gui/macosxAdvancedDialog.cpp:68 +#: src/gui/openbsdAdvancedDialog.cpp:68 src/gui/solarisAdvancedDialog.cpp:68 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:197 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:201 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:205 +#: src/gui/.ui/linux24advanceddialog_q.cpp:373 +#: src/gui/.ui/linux24advanceddialog_q.cpp:377 +#: src/gui/.ui/linux24advanceddialog_q.cpp:381 +#: src/gui/.ui/linux24advanceddialog_q.cpp:385 +#: src/gui/.ui/linux24advanceddialog_q.cpp:389 +#: src/gui/.ui/linux24advanceddialog_q.cpp:393 +#: src/gui/.ui/linux24advanceddialog_q.cpp:397 +#: src/gui/.ui/linux24advanceddialog_q.cpp:401 +#: src/gui/.ui/linux24advanceddialog_q.cpp:405 +#: src/gui/.ui/linux24advanceddialog_q.cpp:420 +#: src/gui/.ui/linux24advanceddialog_q.cpp:424 +#: src/gui/.ui/linux24advanceddialog_q.cpp:428 +#: src/gui/.ui/linux24advanceddialog_q.cpp:432 +#: src/gui/.ui/linux24advanceddialog_q.cpp:436 +#: src/gui/.ui/linux24advanceddialog_q.cpp:440 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:174 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:178 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:182 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:182 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:186 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:191 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:195 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:191 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:197 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:201 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:206 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:210 +msgid "Off" +msgstr "Désactivé" + +#: src/gui/FWBSettings.cpp:150 +#, qt-format +msgid "" +"Working directory %1 does not exist and could not be created.\n" +"Ignoring this setting." +msgstr "" + +#: src/gui/FWBTree.cpp:399 +msgid "New Library" +msgstr "Nouvelle bibliothèque" + +#: src/gui/FWObjectDropArea.cpp:103 +#, fuzzy +msgid "Drop object here." +msgstr "Arborescence d'objets" + +#: src/gui/FWObjectDropArea.cpp:141 src/gui/GroupObjectDialog.cpp:682 +#: src/gui/ObjectManipulator.cpp:916 src/gui/RuleSetView.cpp:1666 +#: src/gui/.ui/FWBMainWindow_q.cpp:476 +msgid "Paste" +msgstr "Coller" + +#: src/gui/FWObjectDropArea.cpp:143 src/gui/GroupObjectDialog.cpp:683 +#: src/gui/ObjConflictResolutionDialog.cpp:118 +#: src/gui/ObjConflictResolutionDialog.cpp:142 +#: src/gui/ObjectManipulator.cpp:921 src/gui/RuleSetView.cpp:1669 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:110 +#: src/gui/.ui/FWBMainWindow_q.cpp:542 src/gui/.ui/FWBMainWindow_q.cpp:543 +#: src/gui/.ui/newfirewalldialog_q.cpp:508 src/gui/.ui/newhostdialog_q.cpp:409 +msgid "Delete" +msgstr "Supprimer" + +#: src/gui/FWObjectPropertiesFactory.cpp:102 +msgid "DNS record: " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:106 +#, fuzzy +msgid "Address Table: " +msgstr "Plage d'adresses" + +#: src/gui/FWObjectPropertiesFactory.cpp:157 +msgid " objects" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:173 +#, qt-format +msgid "protocol: %1" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:177 +#, qt-format +msgid "type: %1" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:179 +#, qt-format +msgid "code: %1" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:238 +#, fuzzy +msgid "Library: " +msgstr "Bibliothèque :" + +#: src/gui/FWObjectPropertiesFactory.cpp:243 +msgid "Object Id: " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:248 +msgid "Object Type: " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:252 +msgid "Object Name: " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:274 +#, fuzzy +msgid "DNS record:" +msgstr "Bibliothèque :" + +#: src/gui/FWObjectPropertiesFactory.cpp:277 +#: src/gui/FWObjectPropertiesFactory.cpp:285 +#, fuzzy +msgid "Run-time" +msgstr "Horaires" + +#: src/gui/FWObjectPropertiesFactory.cpp:277 +#: src/gui/FWObjectPropertiesFactory.cpp:285 +#, fuzzy +msgid "Compile-time" +msgstr "Compiler" + +#: src/gui/FWObjectPropertiesFactory.cpp:282 +#, fuzzy +msgid "Table file:" +msgstr "Bibliothèque :" + +#: src/gui/FWObjectPropertiesFactory.cpp:320 +#, qt-format +msgid "%1 objects
    \n" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:385 +#, fuzzy +msgid "Path: " +msgstr "Bibliothèque :" + +#: src/gui/FWObjectPropertiesFactory.cpp:444 +msgid "protocol " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:449 +msgid "type: " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:451 +msgid "code: " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:471 +#, qt-format +msgid "Pattern: \"%1\"" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:605 +msgid "Action : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:608 +#, fuzzy +msgid "Parameter: " +msgstr "Bibliothèque :" + +#: src/gui/FWObjectPropertiesFactory.cpp:631 +msgid "Log prefix : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:637 +msgid "Log Level : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:644 +msgid "Netlink group : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:650 +#, fuzzy +msgid "Limit Value : " +msgstr "Bibliothèque :" + +#: src/gui/FWObjectPropertiesFactory.cpp:656 +msgid "Limit suffix : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:663 +#, fuzzy +msgid "Limit burst : " +msgstr "Bibliothèque :" + +#: src/gui/FWObjectPropertiesFactory.cpp:670 +msgid "

  • Part of Any
    • " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:676 +#: src/gui/FWObjectPropertiesFactory.cpp:706 +#: src/gui/FWObjectPropertiesFactory.cpp:735 +#: src/gui/FWObjectPropertiesFactory.cpp:758 +msgid "
  • Stateless
    • " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:685 +#, fuzzy +msgid "Log facility: " +msgstr "Bibliothèque :" + +#: src/gui/FWObjectPropertiesFactory.cpp:692 +#: src/gui/FWObjectPropertiesFactory.cpp:775 +#, fuzzy +msgid "Log level : " +msgstr "Bibliothèque :" + +#: src/gui/FWObjectPropertiesFactory.cpp:700 +msgid "
  • Send 'unreachable'
    • " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:712 +msgid "
  • Keep information on fragmented packets
    • " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:722 +#, fuzzy +msgid "Log prefix : " +msgstr "Bibliothèque :" + +#: src/gui/FWObjectPropertiesFactory.cpp:728 +#, fuzzy +msgid "Max state : " +msgstr "Bibliothèque :" + +#: src/gui/FWObjectPropertiesFactory.cpp:741 +msgid "
  • Source tracking
    • " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:744 +msgid "Max src nodes : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:747 +#, fuzzy +msgid "Max src states: " +msgstr "Bibliothèque :" + +#: src/gui/FWObjectPropertiesFactory.cpp:767 +#, qt-format +msgid "Ver:%1
    \n" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:781 +#, fuzzy +msgid "Log interval : " +msgstr "Bibliothèque :" + +#: src/gui/FWObjectPropertiesFactory.cpp:788 +msgid "
  • Disable logging for this rule
    • " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:820 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:159 +#, fuzzy +msgid "bitmask" +msgstr "Masque réseau" + +#: src/gui/FWObjectPropertiesFactory.cpp:821 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:160 +#, fuzzy +msgid "random" +msgstr "Annuler" + +#: src/gui/FWObjectPropertiesFactory.cpp:822 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:161 +msgid "source-hash" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:823 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:162 +msgid "round-robin" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:825 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:163 +msgid "static-port" +msgstr "" + +#: src/gui/FWWindow.cpp:175 +msgid "No firewalls defined" +msgstr "Aucun firewall défini" + +#: src/gui/FWWindow.cpp:379 +msgid "" +"Some objects have been modified but not saved.\n" +"Do you want to save changes now ?" +msgstr "" + +#: src/gui/FWWindow.cpp:381 src/gui/ObjectEditor.cpp:466 +#: src/gui/.ui/FWBMainWindow_q.cpp:453 +msgid "&Save" +msgstr "Enregi&strer" + +#: src/gui/FWWindow.cpp:381 src/gui/ObjectEditor.cpp:466 +#: src/gui/.ui/FWBMainWindow_q.cpp:556 +msgid "&Discard" +msgstr "Aban&donner" + +#: src/gui/FWWindow.cpp:381 src/gui/FWWindow.cpp:680 src/gui/RCS.cpp:748 +#: src/gui/.ui/askrulenumberdialog_q.cpp:91 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:189 +#: src/gui/.ui/ipfadvanceddialog_q.cpp:549 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:353 +#: src/gui/.ui/iptadvanceddialog_q.cpp:601 +#: src/gui/.ui/linksysadvanceddialog_q.cpp:198 +#: src/gui/.ui/linux24advanceddialog_q.cpp:368 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:167 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:175 +#: src/gui/.ui/pagesetupdialog_q.cpp:110 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1002 src/gui/.ui/prefsdialog_q.cpp:366 +#: src/gui/.ui/rcsfilesavedialog_q.cpp:104 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:185 +msgid "&Cancel" +msgstr "Annuler" + +#: src/gui/FWWindow.cpp:436 +msgid "FWB Files (*.fwb);;All Files (*)" +msgstr "" + +#: src/gui/FWWindow.cpp:447 src/gui/FWWindow.cpp:1805 +#, qt-format +msgid "" +"The file %1 already exists.\n" +"Do you want to overwrite it ?" +msgstr "" + +#: src/gui/FWWindow.cpp:449 src/gui/FWWindow.cpp:1807 +#: src/gui/ObjectManipulator.cpp:510 src/gui/ObjectManipulator.cpp:539 +#: src/gui/ObjectManipulator.cpp:1752 src/gui/ObjectManipulator.cpp:1828 +#, fuzzy +msgid "&Yes" +msgstr "Oui" + +#: src/gui/FWWindow.cpp:449 src/gui/FWWindow.cpp:1807 +#: src/gui/ObjectManipulator.cpp:510 src/gui/ObjectManipulator.cpp:539 +#: src/gui/ObjectManipulator.cpp:1752 src/gui/ObjectManipulator.cpp:1828 +#, fuzzy +msgid "&No" +msgstr "Non" + +#: src/gui/FWWindow.cpp:483 src/gui/FWWindow.cpp:1086 +#: src/gui/StartWizard.cpp:99 +msgid "Choose name and location for the new file" +msgstr "" + +#: src/gui/FWWindow.cpp:585 +msgid "Saving data to file..." +msgstr "" + +#: src/gui/FWWindow.cpp:617 +msgid "Choose name and location for the file" +msgstr "" + +#: src/gui/FWWindow.cpp:674 +msgid "" +"This operation discards all changes that have been saved\n" +"into the file so far, closes it and replaces it with a clean\n" +"copy of its head revision from RCS.\n" +"\n" +"All changes will be lost if you do this.\n" +"\n" +msgstr "" + +#: src/gui/FWWindow.cpp:679 src/gui/ObjectEditor.cpp:439 +#, fuzzy +msgid "&Discard changes" +msgstr "Aban&donner" + +#: src/gui/FWWindow.cpp:723 +#, qt-format +msgid "File %1 has been added to RCS." +msgstr "" + +#: src/gui/FWWindow.cpp:732 src/gui/StartWizard.cpp:157 +#, qt-format +msgid "" +"Error adding file to RCS:\n" +"%1" +msgstr "" + +#: src/gui/FWWindow.cpp:739 src/gui/FWWindow.cpp:1124 +msgid "(read-only)" +msgstr "" + +#: src/gui/FWWindow.cpp:798 src/gui/FWWindow.cpp:908 +#, fuzzy +msgid "Loading system objects..." +msgstr "Charger les objets standard" + +#: src/gui/FWWindow.cpp:857 src/gui/FWWindow.cpp:1148 +#: src/gui/FWWindow.cpp:1154 +#, qt-format +msgid "" +"Error loading file:\n" +"%1" +msgstr "" + +#: src/gui/FWWindow.cpp:916 +msgid "Reading and parsing data file..." +msgstr "" + +#: src/gui/FWWindow.cpp:986 +msgid "Merging with system objects..." +msgstr "" + +#: src/gui/FWWindow.cpp:1080 +#, qt-format +msgid "" +"Firewall Builder 2 uses file extension '.fwb' and \n" +"needs to rename old data file '%1' to '%2',\n" +"but file '%3' already exists.\n" +"Choose a different name for the new file." +msgstr "" + +#: src/gui/FWWindow.cpp:1094 +msgid "Load operation cancelled and data file reverted to original version." +msgstr "" + +#: src/gui/FWWindow.cpp:1109 +#, qt-format +msgid "" +"Firewall Builder 2 uses file extension '.fwb'. Your data file '%1' \n" +"has been renamed '%2'" +msgstr "" + +#: src/gui/FWWindow.cpp:1140 +#, qt-format +msgid "Exception: %1" +msgstr "" + +#: src/gui/FWWindow.cpp:1142 +#, qt-format +msgid "Failed transformation : %1" +msgstr "" + +#: src/gui/FWWindow.cpp:1144 +#, qt-format +msgid "XML element : %1" +msgstr "Elément XML : %1" + +#: src/gui/FWWindow.cpp:1167 +#, fuzzy +msgid "Building object tree..." +msgstr "Chercher un objet dans l'arborescence" + +#: src/gui/FWWindow.cpp:1172 +#, fuzzy +msgid "Indexing..." +msgstr "&Index..." + +#: src/gui/FWWindow.cpp:1197 +#, qt-format +msgid "Checking file %1 in RCS" +msgstr "" + +#: src/gui/FWWindow.cpp:1222 +#, qt-format +msgid "" +"Error checking in file %1:\n" +"%2" +msgstr "" + +#: src/gui/FWWindow.cpp:1310 src/gui/FWWindow.cpp:1750 +msgid "File is read-only" +msgstr "Le fichier est en lecture seule" + +#: src/gui/FWWindow.cpp:1316 src/gui/FWWindow.cpp:1754 +#, qt-format +msgid "Error saving file %1: %2" +msgstr "" + +#: src/gui/FWWindow.cpp:1359 src/gui/listOfLibraries.cpp:214 +#, qt-format +msgid "Duplicate library '%1'" +msgstr "" + +#: src/gui/FWWindow.cpp:1381 src/gui/FWWindow.cpp:1454 +#: src/gui/FWWindow.cpp:1472 src/gui/listOfLibraries.cpp:186 +#, qt-format +msgid "" +"Error loading file %1:\n" +"%2" +msgstr "" + +#: src/gui/FWWindow.cpp:1395 +msgid "Choose a file to import" +msgstr "Choisir un fichier à importer" + +#: src/gui/FWWindow.cpp:1413 +msgid "" +"This operation inspects two data files (either .fwb or .fwl) and finds " +"conflicting objects. Conflicting objects have the same internal ID but " +"different attributes. Two data files can not be merged, or one imported into " +"another, if they contain such objects. This operation also helps identify " +"changes made to objects in two copies of the same data file.

    This " +"operation does not find objects present in one file but not in the other, " +"such objects present no problem for merge or import operations.

    This " +"operation works with two external files, neither of which needs to be opened " +"in the program. Currently opened data file is not affected by this operation " +"and objects in the tree do not change.

    Do you want to proceed ?" +msgstr "" + +#: src/gui/FWWindow.cpp:1426 +msgid "Choose the first file" +msgstr "" + +#: src/gui/FWWindow.cpp:1433 +#, fuzzy +msgid "Choose the second file" +msgstr "Commenter le code" + +#: src/gui/FWWindow.cpp:1496 +#, qt-format +msgid "" +"Total number of conflicting objects: %1.\n" +"Do you want to generate report?" +msgstr "" + +#: src/gui/FWWindow.cpp:1509 +msgid "TXT Files (*.txt);;All Files (*)" +msgstr "" + +#: src/gui/FWWindow.cpp:1511 +msgid "Choose name and location for the report file" +msgstr "" + +#: src/gui/FWWindow.cpp:1536 +#, qt-format +msgid "Can not open report file for writing. File '%1'" +msgstr "" + +#: src/gui/FWWindow.cpp:1547 +#, qt-format +msgid "" +"Unexpected error comparing files %1 and %2:\n" +"%3" +msgstr "" + +#: src/gui/FWWindow.cpp:1664 +#, qt-format +msgid "" +"Library %1: Firewall '%2' (global policy rule #%3) uses object '%4' from " +"library '%5'" +msgstr "" + +#: src/gui/FWWindow.cpp:1673 +#, qt-format +msgid "" +"Library %1: Firewall '%2' (interface %3 policy rule #%4) uses object '%5' " +"from library '%6'" +msgstr "" + +#: src/gui/FWWindow.cpp:1684 +#, qt-format +msgid "" +"Library %1: Firewall '%2' (NAT rule #%3) uses object '%4' from library '%5'" +msgstr "" + +#: src/gui/FWWindow.cpp:1694 +#, qt-format +msgid "Library %1: Group '%2' uses object '%3' from library '%4'" +msgstr "" + +#: src/gui/FWWindow.cpp:1709 +msgid "" +"A library that you are trying to export contains references\n" +"to objects in the other libraries and can not be exported.\n" +"The following objects need to be moved outside of it or\n" +"objects that they refer to moved in it:" +msgstr "" + +#: src/gui/FWWindow.cpp:1780 +msgid "Please select a library you want to export." +msgstr "" + +#: src/gui/FWWindow.cpp:1999 +#, qt-format +msgid "%1" +msgstr "" + +#: src/gui/FWWindow.cpp:2011 +#, qt-format +msgid "Building branch policy view '%1'..." +msgstr "" + +#: src/gui/FWWindow.cpp:2081 +msgid "Building policy view..." +msgstr "" + +#: src/gui/FWWindow.cpp:2110 +msgid "Building NAT view..." +msgstr "" + +#: src/gui/FWWindow.cpp:2125 +msgid "Building routing view..." +msgstr "" + +#: src/gui/FWWindowPrint.cpp:92 src/gui/.ui/discoverydruid_q.cpp:1023 +#: src/gui/.ui/firewalldialog_q.cpp:209 src/gui/.ui/firewalldialog_q.cpp:210 +#: src/gui/.ui/instdialog_q.cpp:83 src/gui/.ui/instdialog_q.cpp:135 +#: src/gui/.ui/instdialog_q.cpp:224 src/gui/.ui/instdialog_q.cpp:269 +#: src/gui/.ui/instdialog_q.cpp:279 src/gui/.ui/instdialog_q.cpp:289 +msgid "Firewall" +msgstr "Firewall" + +#: src/gui/FWWindowPrint.cpp:93 src/gui/.ui/discoverydruid_q.cpp:1022 +#: src/gui/.ui/hostdialog_q.cpp:144 src/gui/.ui/hostdialog_q.cpp:145 +msgid "Host" +msgstr "Hôte" + +#: src/gui/FWWindowPrint.cpp:95 +#, fuzzy +msgid "Addres Range" +msgstr "Plage d'adresses" + +#: src/gui/FWWindowPrint.cpp:96 src/gui/RuleSetView.cpp:3315 +#: src/gui/RuleSetView.cpp:3565 src/gui/.ui/interfacedialog_q.cpp:231 +#: src/gui/.ui/interfacedialog_q.cpp:232 +msgid "Interface" +msgstr "Interface" + +#: src/gui/FWWindowPrint.cpp:97 src/gui/.ui/networkdialog_q.cpp:163 +#: src/gui/.ui/networkdialog_q.cpp:164 +msgid "Network" +msgstr "Réseau" + +#: src/gui/FWWindowPrint.cpp:98 +#, fuzzy +msgid "Group of objects" +msgstr "Arborescence d'objets" + +#: src/gui/FWWindowPrint.cpp:99 src/gui/.ui/customservicedialog_q.cpp:177 +#: src/gui/.ui/customservicedialog_q.cpp:178 +msgid "Custom Service" +msgstr "Service personnalisé" + +#: src/gui/FWWindowPrint.cpp:100 src/gui/.ui/ipservicedialog_q.cpp:209 +#, fuzzy +msgid "IP Service" +msgstr "Nouveau service IP" + +#: src/gui/FWWindowPrint.cpp:101 src/gui/.ui/icmpservicedialog_q.cpp:168 +#, fuzzy +msgid "ICMP Service" +msgstr "Nouveau service ICMP" + +#: src/gui/FWWindowPrint.cpp:102 src/gui/.ui/tcpservicedialog_q.cpp:371 +#, fuzzy +msgid "TCP Service" +msgstr "nouveau service TCP" + +#: src/gui/FWWindowPrint.cpp:103 src/gui/.ui/udpservicedialog_q.cpp:222 +#, fuzzy +msgid "UDP Service" +msgstr "Nouveau service UDP" + +#: src/gui/FWWindowPrint.cpp:104 +msgid "Group of services" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:105 src/gui/.ui/timedialog_q.cpp:242 +#, fuzzy +msgid "Time Interval" +msgstr "Nouvel·intervale·de·temps" + +#: src/gui/FWWindowPrint.cpp:281 +#, fuzzy, qt-format +msgid "Firewall name: %1" +msgstr "* nom du firewall : %1" + +#: src/gui/FWWindowPrint.cpp:282 +#, fuzzy +msgid "Platform: " +msgstr "Plate-forme :" + +#: src/gui/FWWindowPrint.cpp:283 +#, fuzzy +msgid "Version: " +msgstr "Version :" + +#: src/gui/FWWindowPrint.cpp:284 +#, fuzzy +msgid "Host OS: " +msgstr "OS de l'hôte" + +#: src/gui/FWWindowPrint.cpp:290 +#, fuzzy +msgid "Global Policy" +msgstr "Politique" + +#: src/gui/FWWindowPrint.cpp:341 +#, fuzzy, qt-format +msgid "Interface %1" +msgstr "Interface" + +#: src/gui/FWWindowPrint.cpp:541 +msgid "Legend" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:632 src/gui/.ui/discoverydruid_q.cpp:1015 +#, fuzzy +msgid "Objects" +msgstr "Objet" + +#: src/gui/FWWindowPrint.cpp:854 +#, fuzzy +msgid "Groups" +msgstr "Groupe" + +#: src/gui/FWWindowPrint.cpp:897 +msgid "EMPTY" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:919 src/gui/FWWindowPrint.cpp:922 +#: src/gui/FWWindowPrint.cpp:930 +msgid "Printing aborted" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:926 +msgid "Printing completed" +msgstr "" + +#: src/gui/GroupObjectDialog.cpp:145 +msgid "Properties" +msgstr "Propriétés" + +#: src/gui/GroupObjectDialog.cpp:675 src/gui/.ui/FWBMainWindow_q.cpp:449 +#: src/gui/.ui/FWBMainWindow_q.cpp:493 src/gui/.ui/FWBMainWindow_q.cpp:494 +msgid "Open" +msgstr "Ouvrir" + +#: src/gui/GroupObjectDialog.cpp:677 src/gui/ObjectManipulator.cpp:840 +#: src/gui/RuleSetView.cpp:1660 src/gui/RuleSetView.cpp:1789 +#: src/gui/RuleSetView.cpp:1793 src/gui/RuleSetView.cpp:1797 +#: src/gui/.ui/ipfadvanceddialog_q.cpp:593 +#: src/gui/.ui/ipfadvanceddialog_q.cpp:597 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:379 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:383 +#: src/gui/.ui/iptadvanceddialog_q.cpp:635 +#: src/gui/.ui/iptadvanceddialog_q.cpp:641 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1107 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1111 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1882 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1886 +msgid "Edit" +msgstr "Edition" + +#: src/gui/GroupObjectDialog.cpp:680 src/gui/ObjectManipulator.cpp:912 +#: src/gui/RuleSetView.cpp:1663 src/gui/.ui/FWBMainWindow_q.cpp:473 +msgid "Copy" +msgstr "Copier" + +#: src/gui/GroupObjectDialog.cpp:681 src/gui/ObjectManipulator.cpp:914 +#: src/gui/RuleSetView.cpp:1665 src/gui/.ui/FWBMainWindow_q.cpp:470 +msgid "Cut" +msgstr "Couper" + +#: src/gui/InstallFirewallViewItem.cpp:31 src/gui/instDialog.cpp:1893 +#: src/gui/instDialog.cpp:2045 src/gui/instDialog.cpp:2253 +#: src/gui/instDialog.cpp:2272 src/gui/instDialog.cpp:2286 +#: src/gui/instDialog.cpp:2298 +#, fuzzy +msgid "Failure" +msgstr "&Fichier" + +#: src/gui/InstallFirewallViewItem.cpp:44 src/gui/instDialog.cpp:1149 +#: src/gui/instDialog.cpp:1150 src/gui/instDialog.cpp:1818 +#: src/gui/instDialog.cpp:1847 src/gui/instDialog.cpp:1848 +#, fuzzy +msgid "Success" +msgstr "Source" + +#: src/gui/instBatchOptionsDialog.cpp:47 +msgid "Batch install options" +msgstr "" + +#: src/gui/instDialog.cpp:116 +msgid "There is no firewalls to process." +msgstr "" + +#: src/gui/instDialog.cpp:131 +msgid "" +"

    Select firewalls for compilation.

    " +msgstr "" + +#: src/gui/instDialog.cpp:145 +msgid "Unknown operation." +msgstr "" + +#: src/gui/instDialog.cpp:176 +msgid "Show details" +msgstr "" + +#: src/gui/instDialog.cpp:182 +msgid "Hide details" +msgstr "" + +#: src/gui/instDialog.cpp:286 +msgid "Unsupported exception" +msgstr "" + +#: src/gui/instDialog.cpp:326 +msgid "Summary:" +msgstr "" + +#: src/gui/instDialog.cpp:329 src/gui/instDialog.cpp:359 +#, qt-format +msgid "* firewall name : %1" +msgstr "* nom du firewall : %1" + +#: src/gui/instDialog.cpp:331 +#, fuzzy, qt-format +msgid "* user name : %1" +msgstr "* nom du firewall : %1" + +#: src/gui/instDialog.cpp:333 +#, qt-format +msgid "* management address : %1" +msgstr "" + +#: src/gui/instDialog.cpp:335 +#, qt-format +msgid "* platform : %1" +msgstr "* plate-forme : %1" + +#: src/gui/instDialog.cpp:337 +#, qt-format +msgid "* host OS : %1" +msgstr "* OS de l'hôte : %1" + +#: src/gui/instDialog.cpp:339 +#, qt-format +msgid "* Loading configuration from file %1" +msgstr "" + +#: src/gui/instDialog.cpp:344 +msgid "* Incremental install" +msgstr "" + +#: src/gui/instDialog.cpp:349 +#, qt-format +msgid "* Configuration diff will be saved in file %1" +msgstr "" + +#: src/gui/instDialog.cpp:354 +msgid "* Commands will not be executed on the firewall" +msgstr "" + +#: src/gui/instDialog.cpp:656 +#, qt-format +msgid "" +"Only one interface of the firewall '%1' must be marked as management " +"interface." +msgstr "" + +#: src/gui/instDialog.cpp:663 +#, qt-format +msgid "" +"One of the interfaces of the firewall '%1' must be marked as management " +"interface." +msgstr "" + +#: src/gui/instDialog.cpp:670 +msgid "" +"Management interface does not have IP address, can not communicate with the " +"firewall." +msgstr "" + +#: src/gui/instDialog.cpp:718 +#, qt-format +msgid "File %1 not found." +msgstr "" + +#: src/gui/instDialog.cpp:1002 src/gui/SSHPIX.cpp:347 +#, qt-format +msgid "Can not open file %1" +msgstr "" + +#: src/gui/instDialog.cpp:1105 +#, qt-format +msgid "" +"\n" +"Copying %1 -> %2:%3\n" +msgstr "" + +#: src/gui/instDialog.cpp:1139 +#, qt-format +msgid "" +"Running command '%1'\n" +"\n" +msgstr "" + +#: src/gui/instDialog.cpp:1154 src/gui/instDialog.cpp:1155 +#: src/gui/instDialog.cpp:1823 src/gui/instDialog.cpp:1859 +#: src/gui/instDialog.cpp:1860 +msgid "Error" +msgstr "" + +#: src/gui/instDialog.cpp:1177 +msgid "Fatal error, terminating install sequence\n" +msgstr "" + +#: src/gui/instDialog.cpp:1190 +msgid "Done\n" +msgstr "" + +#: src/gui/instDialog.cpp:1253 +msgid "Activating new policy\n" +msgstr "" + +#: src/gui/instDialog.cpp:1421 +#, qt-format +msgid "Compiling rule sets for firewall: %1" +msgstr "" + +#: src/gui/instDialog.cpp:1459 +msgid "" +"Policy installer uses Secure Shell to communicate with the firewall.\n" +"Please configure directory path to the secure shell utility \n" +"installed on your machine using Preferences dialog" +msgstr "" + +#: src/gui/instDialog.cpp:1483 +#, fuzzy +msgid "Firewall isn't compiled." +msgstr "Firewall Builder" + +#: src/gui/instDialog.cpp:1578 +msgid "" +"Firewall platform is not specified in this object.\n" +"Can't compile firewall policy." +msgstr "" + +#: src/gui/instDialog.cpp:1779 +msgid "Error: Terminating install sequence\n" +msgstr "" + +#: src/gui/instDialog.cpp:1852 +msgid "Abnormal program termination" +msgstr "" + +#: src/gui/instDialog.cpp:1858 +msgid "Skipped" +msgstr "" + +#: src/gui/instDialog.cpp:1888 src/gui/instDialog.cpp:2040 +#, fuzzy +msgid "Compiling ..." +msgstr "Compiler" + +#: src/gui/instDialog.cpp:1901 +#, fuzzy +msgid "Recompile" +msgstr "Compiler" + +#: src/gui/instDialog.cpp:1987 +#, fuzzy +msgid "Batch policy rules compilation" +msgstr "Chercher dans les règles de la politique" + +#: src/gui/instDialog.cpp:2016 src/gui/instDialog.cpp:2159 +#: src/gui/.ui/discoverydruid_q.cpp:992 src/gui/.ui/execdialog_q.cpp:94 +#: src/gui/.ui/instdialog_q.cpp:278 +msgid "Stop" +msgstr "" + +#: src/gui/instDialog.cpp:2170 +#, fuzzy +msgid "Install firewall: " +msgstr "Installer la politique du firewall" + +#: src/gui/instDialog.cpp:2180 +#, fuzzy +msgid "Installing firewalls" +msgstr "Installer la politique du firewall" + +#: src/gui/instDialog.cpp:2211 +#, fuzzy +msgid "Installing ..." +msgstr "Installer" + +#: src/gui/instDialog.cpp:2265 +#, qt-format +msgid "Installing policy rules on firewall '%1'." +msgstr "" + +#: src/gui/instDialog.cpp:2395 src/gui/.ui/instdialog_q.cpp:276 +msgid "Show selected" +msgstr "" + +#: src/gui/instDialog.cpp:2401 +msgid "Show all" +msgstr "" + +#: src/gui/instOptionsDialog.cpp:66 +#, fuzzy, qt-format +msgid "Install options for firewall '%1'" +msgstr "Installer la politique du firewall" + +#: src/gui/InterfaceDialog.cpp:193 +msgid "Group: " +msgstr "Groupe :" + +#: src/gui/InterfaceDialog.cpp:211 +msgid "Network: " +msgstr "Réseau :" + +#: src/gui/ipfAdvancedDialog.cpp:170 src/gui/ipfAdvancedDialog.cpp:179 +#: src/gui/ipfwAdvancedDialog.cpp:144 src/gui/ipfwAdvancedDialog.cpp:153 +#: src/gui/iptAdvancedDialog.cpp:204 src/gui/iptAdvancedDialog.cpp:213 +#: src/gui/pfAdvancedDialog.cpp:278 src/gui/pfAdvancedDialog.cpp:287 +#: src/gui/pixAdvancedDialog.cpp:786 src/gui/pixAdvancedDialog.cpp:795 +#: src/gui/.ui/metriceditorpanel_q.cpp:76 src/gui/.ui/simpleinteditor_q.cpp:88 +#: src/gui/.ui/simpletexteditor_q.cpp:93 +msgid "Script Editor" +msgstr "Editeur de scripts" + +#: src/gui/IPv4Dialog.cpp:159 src/gui/NetworkDialog.cpp:119 +#, qt-format +msgid "Illegal netmask '%1'" +msgstr "" + +#: src/gui/IPv4Dialog.cpp:263 +#, qt-format +msgid "" +"DNS lookup failed for both names of the address object '%1' and the name of " +"the host '%2'." +msgstr "" + +#: src/gui/IPv4Dialog.cpp:270 +#, fuzzy, qt-format +msgid "DNS lookup failed for name of the address object '%1'." +msgstr "La requête DNS a échoué pour %1" + +#: src/gui/LibraryDialog.cpp:151 +msgid "Pick the color for this library" +msgstr "" + +#: src/gui/listOfLibraries.cpp:142 +msgid "" +"The library file you are trying to open\n" +"has been saved in an older version of\n" +"Firewall Builder and needs to be upgraded.\n" +"To upgrade it, just load it in the Firewall\n" +"Builder GUI and save back to file again." +msgstr "" + +#: src/gui/newFirewallDialog.cpp:99 src/gui/.ui/newhostdialog_q.cpp:390 +msgid "" +"Check option 'dynamic address' for the interface that gets its IP address " +"dynamically via DHCP or PPP protocol." +msgstr "" + +#: src/gui/newFirewallDialog.cpp:100 src/gui/.ui/newhostdialog_q.cpp:389 +msgid "" +"Check option 'Unnumbered interface' for the interface that does not have an " +"IP address. Examples of interfaces of this kind are those used to terminate " +"PPPoE or VPN tunnels." +msgstr "" + +#: src/gui/newFirewallDialog.cpp:229 src/gui/newHostDialog.cpp:222 +msgid "Missing SNMP community string." +msgstr "" + +#: src/gui/newFirewallDialog.cpp:248 src/gui/newHostDialog.cpp:241 +#, qt-format +msgid "Address of %1 could not be obtained via DNS" +msgstr "" + +#: src/gui/newFirewallDialog.cpp:422 +msgid "dynamic" +msgstr "" + +#: src/gui/newFirewallDialog.cpp:503 src/gui/newHostDialog.cpp:433 +#, qt-format +msgid "Interface: %1 (%2)" +msgstr "" + +#: src/gui/newFirewallDialog.cpp:511 src/gui/newHostDialog.cpp:441 +#: src/gui/.ui/newfirewalldialog_q.cpp:514 src/gui/.ui/newhostdialog_q.cpp:404 +msgid "Dynamic address" +msgstr "Adresse dynamique" + +#: src/gui/newFirewallDialog.cpp:513 src/gui/newHostDialog.cpp:443 +#: src/gui/.ui/interfacedialog_q.cpp:254 +#: src/gui/.ui/newfirewalldialog_q.cpp:513 src/gui/.ui/newhostdialog_q.cpp:395 +msgid "Unnumbered interface" +msgstr "Interface sans numéro" + +#: src/gui/newFirewallDialog.cpp:515 src/gui/.ui/interfacedialog_q.cpp:259 +#: src/gui/.ui/newfirewalldialog_q.cpp:512 +msgid "Bridge port" +msgstr "" + +#: src/gui/newFirewallDialog.cpp:555 src/gui/newHostDialog.cpp:480 +#, qt-format +msgid "Illegal address '%1/%2'" +msgstr "" + +#: src/gui/ObjConflictResolutionDialog.cpp:63 +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:152 +msgid "Keep current object" +msgstr "" + +#: src/gui/ObjConflictResolutionDialog.cpp:64 +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:157 +msgid "Replace with this object" +msgstr "" + +#: src/gui/ObjConflictResolutionDialog.cpp:117 +#: src/gui/ObjConflictResolutionDialog.cpp:141 +#, qt-format +msgid "Object '%1' has been deleted" +msgstr "" + +#: src/gui/ObjConflictResolutionDialog.cpp:176 +#, fuzzy, qt-format +msgid "Object '%1' in the objects tree" +msgstr "Chercher un objet dans l'arborescence" + +#: src/gui/ObjConflictResolutionDialog.cpp:178 +#: src/gui/ObjConflictResolutionDialog.cpp:180 +#, qt-format +msgid "Object '%1' in file %2" +msgstr "" + +#: src/gui/ObjConflictResolutionDialog.cpp:297 +#: src/gui/.ui/findobjectwidget_q.cpp:191 +#, fuzzy +msgid "Next" +msgstr "Chercher suivant" + +#: src/gui/ObjConflictResolutionDialog.cpp:299 +msgid "" +"The following two objects have the same internal ID but different attributes:" +msgstr "" + +#: src/gui/ObjConflictResolutionDialog.cpp:300 +msgid "Skip the rest but build report" +msgstr "" + +#: src/gui/ObjectEditor.cpp:437 +msgid "" +"Modifications done to this object can not be saved.\n" +"Do you want to continue editing it ?" +msgstr "" + +#: src/gui/ObjectEditor.cpp:438 src/gui/ObjectEditor.cpp:466 +#: src/gui/TCPServiceDialog.cpp:177 src/gui/TCPServiceDialog.cpp:185 +#: src/gui/UDPServiceDialog.cpp:119 src/gui/UDPServiceDialog.cpp:127 +#: src/gui/utils.cpp:221 +msgid "&Continue editing" +msgstr "Poursuivre l'édition" + +#: src/gui/ObjectEditor.cpp:465 +msgid "" +"This object has been modified but not saved.\n" +"Do you want to save it ?" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:145 +msgid "Object Manipulator" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:161 +msgid "New &Library" +msgstr "Nouvelle·bibliothèque" + +#: src/gui/ObjectManipulator.cpp:164 +msgid "New &Firewall" +msgstr "Nouveau·&firewall" + +#: src/gui/ObjectManipulator.cpp:165 +msgid "New &Host" +msgstr "Nouvel·&hôte" + +#: src/gui/ObjectManipulator.cpp:166 +msgid "New &Interface" +msgstr "Nouvelle &interface" + +#: src/gui/ObjectManipulator.cpp:168 +msgid "New &Network" +msgstr "Nouveau &réseau" + +#: src/gui/ObjectManipulator.cpp:169 +msgid "New &Address" +msgstr "Nouvelle·&adresse" + +#: src/gui/ObjectManipulator.cpp:170 +msgid "New &DNS Name" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:171 +#, fuzzy +msgid "New A&ddress Table" +msgstr "Nouvelle plage d'adresses" + +#: src/gui/ObjectManipulator.cpp:172 +msgid "New Address &Range" +msgstr "Nouvelle·plage·d'ad&resses" + +#: src/gui/ObjectManipulator.cpp:173 +msgid "New &Object Group" +msgstr "Nouveau groupe d'&objets" + +#: src/gui/ObjectManipulator.cpp:175 +msgid "New &Custom Service" +msgstr "Nouveau service personnalisé" + +#: src/gui/ObjectManipulator.cpp:176 +msgid "New &IP Service" +msgstr "Nouveau service &IP" + +#: src/gui/ObjectManipulator.cpp:177 +msgid "New IC&MP Service" +msgstr "Nouveau service IC&MP" + +#: src/gui/ObjectManipulator.cpp:178 +msgid "New &TCP Service" +msgstr "Nouveau service &TCP" + +#: src/gui/ObjectManipulator.cpp:179 +msgid "New &UDP Service" +msgstr "Nouveau·service·&UDP" + +#: src/gui/ObjectManipulator.cpp:180 +#, fuzzy +msgid "New &TagService" +msgstr "Nouveau service &TCP" + +#: src/gui/ObjectManipulator.cpp:181 +msgid "New &Service Group" +msgstr "Nouveau groupe de &services" + +#: src/gui/ObjectManipulator.cpp:183 +msgid "New Ti&me Interval" +msgstr "Nouvel intervale de te&mps" + +#: src/gui/ObjectManipulator.cpp:230 +msgid " ( read only )" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:498 +msgid "" +"The name of the object '%1' has changed. The program can also\n" +"rename IP address objects that belong to this object,\n" +"using standard naming scheme 'host_name:interface_name:ip'.\n" +"This makes it easier to distinguish what host or a firewall\n" +"given IP address object belongs to when it is used in \n" +"the policy or NAT rule. The program also renames MAC address\n" +"objects using scheme 'host_name:interface_name:mac'.\n" +"Do you want to rename child IP and MAC address objects now?\n" +"(If you click 'No', names of all address objects that belong to\n" +"%1 will stay the same.)" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:527 +msgid "" +"The name of the interface '%1' has changed. The program can also\n" +"rename IP address objects that belong to this interface,\n" +"using standard naming scheme 'host_name:interface_name:ip'.\n" +"This makes it easier to distinguish what host or a firewall\n" +"given IP address object belongs to when it is used in \n" +"the policy or NAT rule. The program also renames MAC address\n" +"objects using scheme 'host_name:interface_name:mac'.\n" +"Do you want to rename child IP and MAC address objects now?\n" +"(If you click 'No', names of all address objects that belong to\n" +"%1 will stay the same.)" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:874 +#, qt-format +msgid "place in library %1" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:883 +#, qt-format +msgid "to library %1" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:893 +msgid "place here" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:896 +#, fuzzy +msgid "Duplicate ..." +msgstr "Doublon" + +#: src/gui/ObjectManipulator.cpp:901 src/gui/ObjectManipulator.cpp:904 +#, fuzzy +msgid "Move ..." +msgstr "Enregistrer sous..." + +#: src/gui/ObjectManipulator.cpp:933 +msgid "Add Interface" +msgstr "Ajouter une interface" + +#: src/gui/ObjectManipulator.cpp:938 +msgid "Add IP Address" +msgstr "Ajouter une adresse IP" + +#: src/gui/ObjectManipulator.cpp:940 +msgid "Add MAC Address" +msgstr "Ajouter une adresse MAC" + +#: src/gui/ObjectManipulator.cpp:945 src/gui/.ui/newfirewalldialog_q.cpp:486 +msgid "New Firewall" +msgstr "Nouveau firewall" + +#: src/gui/ObjectManipulator.cpp:950 src/gui/ObjectManipulator.cpp:2515 +#: src/gui/ObjectManipulator.cpp:2531 +msgid "New Address" +msgstr "Nouvelle adresse" + +#: src/gui/ObjectManipulator.cpp:955 src/gui/ObjectManipulator.cpp:2546 +#, fuzzy +msgid "New DNS Name" +msgstr "Nouvelle clé RSA" + +#: src/gui/ObjectManipulator.cpp:961 src/gui/ObjectManipulator.cpp:2557 +#, fuzzy +msgid "New Address Table" +msgstr "Nouvelle plage d'adresses" + +#: src/gui/ObjectManipulator.cpp:966 src/gui/ObjectManipulator.cpp:2624 +msgid "New Address Range" +msgstr "Nouvelle plage d'adresses" + +#: src/gui/ObjectManipulator.cpp:970 src/gui/.ui/newhostdialog_q.cpp:377 +msgid "New Host" +msgstr "Nouvel hôte" + +#: src/gui/ObjectManipulator.cpp:974 src/gui/ObjectManipulator.cpp:2491 +msgid "New Network" +msgstr "Nouveau réseau" + +#: src/gui/ObjectManipulator.cpp:978 src/gui/ObjectManipulator.cpp:1006 +#: src/gui/.ui/newgroupdialog_q.cpp:97 +msgid "New Group" +msgstr "Nouveau groupe" + +#: src/gui/ObjectManipulator.cpp:982 src/gui/ObjectManipulator.cpp:2647 +msgid "New Custom Service" +msgstr "Nouveau·service·personnalisé" + +#: src/gui/ObjectManipulator.cpp:986 src/gui/ObjectManipulator.cpp:2658 +msgid "New IP Service" +msgstr "Nouveau service IP" + +#: src/gui/ObjectManipulator.cpp:990 src/gui/ObjectManipulator.cpp:2669 +msgid "New ICMP Service" +msgstr "Nouveau service ICMP" + +#: src/gui/ObjectManipulator.cpp:994 src/gui/ObjectManipulator.cpp:2680 +msgid "New TCP Service" +msgstr "nouveau service TCP" + +#: src/gui/ObjectManipulator.cpp:998 src/gui/ObjectManipulator.cpp:2691 +msgid "New UDP Service" +msgstr "Nouveau service UDP" + +#: src/gui/ObjectManipulator.cpp:1002 src/gui/ObjectManipulator.cpp:2591 +#, fuzzy +msgid "New TagService" +msgstr "nouveau service TCP" + +#: src/gui/ObjectManipulator.cpp:1010 src/gui/ObjectManipulator.cpp:2714 +msgid "New Time Interval" +msgstr "Nouvel·intervale·de·temps" + +#: src/gui/ObjectManipulator.cpp:1014 src/gui/.ui/finddialog_q.cpp:131 +#: src/gui/.ui/findwhereusedwidget_q.cpp:121 +msgid "Find" +msgstr "Chercher" + +#: src/gui/ObjectManipulator.cpp:1015 src/gui/RuleSetView.cpp:1672 +msgid "Where used" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1027 src/gui/.ui/groupobjectdialog_q.cpp:186 +#: src/gui/.ui/groupobjectdialog_q.cpp:187 +msgid "Group" +msgstr "Groupe" + +#: src/gui/ObjectManipulator.cpp:1035 src/gui/.ui/FWBMainWindow_q.cpp:499 +#: src/gui/.ui/FWBMainWindow_q.cpp:500 src/gui/.ui/instdialog_q.cpp:79 +#: src/gui/.ui/instdialog_q.cpp:267 +msgid "Compile" +msgstr "Compiler" + +#: src/gui/ObjectManipulator.cpp:1036 src/gui/.ui/FWBMainWindow_q.cpp:502 +#: src/gui/.ui/FWBMainWindow_q.cpp:503 src/gui/.ui/instdialog_q.cpp:81 +#: src/gui/.ui/instdialog_q.cpp:268 +msgid "Install" +msgstr "Installer" + +#: src/gui/ObjectManipulator.cpp:1043 src/gui/.ui/FWBMainWindow_q.cpp:561 +#: src/gui/.ui/FWBMainWindow_q.cpp:562 +msgid "Lock" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1045 src/gui/.ui/FWBMainWindow_q.cpp:563 +#: src/gui/.ui/FWBMainWindow_q.cpp:564 +msgid "Unlock" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1054 +msgid "dump" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1087 +msgid "Undelete..." +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1576 +#, qt-format +msgid "" +"Impossible to insert object %1 (type %2) into %3\n" +"because of incompatible type." +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1743 +msgid "" +"Emptying the 'Deleted Objects' in a library file is not recommended.\n" +"When you remove deleted objects from a library file, Firewall Builder\n" +"loses ability to track them. If a group or a policy rule in some\n" +"data file still uses removed object from this library, you may encounter\n" +"unusual and unexpected behavior of the program.\n" +"Do you want to delete selected objects anyway ?" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1823 +#, qt-format +msgid "" +"When you delete a library, all objects that belong to it\n" +"disappear from the tree and all groups and rules that reference them.\n" +"You won't be able to reverse this operation later.\n" +"Do you still want to delete library %1?" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:2343 +#, qt-format +msgid "" +"Type '%1': new object can not be created because\n" +"corresponding branch is missing in the object tree.\n" +"Please repair the tree using command 'fwbedit -s -f file.fwb'." +msgstr "" + +#: src/gui/ObjectManipulator.cpp:2470 src/gui/ObjectManipulator.cpp:2473 +msgid "New Interface" +msgstr "Nouvelle interface" + +#: src/gui/ObjectManipulator.cpp:2635 +msgid "New Object Group" +msgstr "Nouveau groupe d'objets" + +#: src/gui/ObjectManipulator.cpp:2702 +msgid "New Service Group" +msgstr "Nouveau groupe de services" + +#: src/gui/ObjectManipulator.cpp:2821 +msgid "Searching for firewalls affected by the change..." +msgstr "" + +#: src/gui/ObjectTreeView.cpp:115 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:66 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:113 +#: src/gui/.ui/discoverydruid_q.cpp:748 src/gui/.ui/discoverydruid_q.cpp:1024 +#: src/gui/.ui/FWBMainWindow_q.cpp:575 +msgid "Object" +msgstr "Objet" + +#: src/gui/pfAdvancedDialog.cpp:98 +msgid "Aggressive" +msgstr "" + +#: src/gui/pfAdvancedDialog.cpp:100 +msgid "Conservative" +msgstr "" + +#: src/gui/pfAdvancedDialog.cpp:102 +msgid "For high latency" +msgstr "" + +#: src/gui/pfAdvancedDialog.cpp:104 +msgid "Normal" +msgstr "Normal" + +#: src/gui/pixAdvancedDialog.cpp:130 +msgid "0 - System Unusable" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:135 +msgid "1 - Take Immediate Action" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:140 +msgid "2 - Critical Condition" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:145 +msgid "3 - Error Message" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:150 +msgid "4 - Warning Message" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:155 +msgid "5 - Normal but significant condition" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:160 +msgid "6 - Informational" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:165 +msgid "7 - Debug Message" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:679 src/gui/pixAdvancedDialog.cpp:717 +msgid "Error: Policy compiler for PIX is not installed" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:703 +#, fuzzy +msgid "Compiler error" +msgstr "Compilateur" + +#: src/gui/platforms.cpp:60 src/gui/.ui/ruleoptionsdialog_q.cpp:791 +msgid "alert" +msgstr "" + +#: src/gui/platforms.cpp:62 src/gui/.ui/ruleoptionsdialog_q.cpp:792 +msgid "crit" +msgstr "crit" + +#: src/gui/platforms.cpp:64 src/gui/.ui/pfadvanceddialog_q.cpp:1075 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:793 +msgid "error" +msgstr "" + +#: src/gui/platforms.cpp:66 src/gui/.ui/ruleoptionsdialog_q.cpp:794 +msgid "warning" +msgstr "" + +#: src/gui/platforms.cpp:68 src/gui/.ui/ruleoptionsdialog_q.cpp:795 +msgid "notice" +msgstr "" + +#: src/gui/platforms.cpp:70 src/gui/.ui/ruleoptionsdialog_q.cpp:796 +msgid "info" +msgstr "" + +#: src/gui/platforms.cpp:72 src/gui/.ui/ruleoptionsdialog_q.cpp:797 +msgid "debug" +msgstr "" + +#: src/gui/platforms.cpp:78 +msgid "kern" +msgstr "" + +#: src/gui/platforms.cpp:80 +msgid "user" +msgstr "" + +#: src/gui/platforms.cpp:82 +#, fuzzy +msgid "mail" +msgstr "Normal" + +#: src/gui/platforms.cpp:84 +msgid "daemon" +msgstr "" + +#: src/gui/platforms.cpp:86 +#, fuzzy +msgid "auth" +msgstr "unauth" + +#: src/gui/platforms.cpp:88 +#, fuzzy +msgid "syslog" +msgstr "Syslog" + +#: src/gui/platforms.cpp:90 +msgid "lpr" +msgstr "" + +#: src/gui/platforms.cpp:92 +msgid "news" +msgstr "" + +#: src/gui/platforms.cpp:94 +msgid "uucp" +msgstr "" + +#: src/gui/platforms.cpp:96 +#, fuzzy +msgid "cron" +msgstr "conn" + +#: src/gui/platforms.cpp:98 +msgid "authpriv" +msgstr "" + +#: src/gui/platforms.cpp:100 src/gui/.ui/pixadvanceddialog_q.cpp:1945 +msgid "ftp" +msgstr "ftp" + +#: src/gui/platforms.cpp:102 +msgid "local0" +msgstr "" + +#: src/gui/platforms.cpp:104 +msgid "local1" +msgstr "" + +#: src/gui/platforms.cpp:106 +msgid "local2" +msgstr "" + +#: src/gui/platforms.cpp:108 +msgid "local3" +msgstr "" + +#: src/gui/platforms.cpp:110 +msgid "local4" +msgstr "" + +#: src/gui/platforms.cpp:112 +msgid "local5" +msgstr "" + +#: src/gui/platforms.cpp:114 +msgid "local6" +msgstr "" + +#: src/gui/platforms.cpp:116 +msgid "local7" +msgstr "" + +#: src/gui/platforms.cpp:121 +msgid "ICMP admin prohibited" +msgstr "" + +#: src/gui/platforms.cpp:123 +msgid "ICMP host prohibited" +msgstr "" + +#: src/gui/platforms.cpp:125 +msgid "ICMP host unreachable" +msgstr "" + +#: src/gui/platforms.cpp:127 +msgid "ICMP net prohibited" +msgstr "" + +#: src/gui/platforms.cpp:129 +msgid "ICMP net unreachable" +msgstr "" + +#: src/gui/platforms.cpp:131 +msgid "ICMP port unreachable" +msgstr "" + +#: src/gui/platforms.cpp:133 +msgid "ICMP protocol unreachable" +msgstr "" + +#: src/gui/platforms.cpp:135 +msgid "TCP RST" +msgstr "TCP RST" + +#: src/gui/platforms.cpp:138 src/gui/.ui/actionsdialog_q.cpp:476 +#: src/gui/.ui/actionsdialog_q.cpp:483 +msgid "Route through" +msgstr "" + +#: src/gui/platforms.cpp:140 src/gui/.ui/actionsdialog_q.cpp:477 +#: src/gui/.ui/actionsdialog_q.cpp:484 +msgid "Route reply through" +msgstr "" + +#: src/gui/platforms.cpp:142 src/gui/.ui/actionsdialog_q.cpp:478 +#: src/gui/.ui/actionsdialog_q.cpp:485 +msgid "Route a copy through" +msgstr "" + +#: src/gui/platforms.cpp:145 src/gui/.ui/iptadvanceddialog_q.cpp:644 +msgid "on top of the script" +msgstr "" + +#: src/gui/platforms.cpp:147 src/gui/.ui/iptadvanceddialog_q.cpp:645 +msgid "after interface configuration" +msgstr "" + +#: src/gui/platforms.cpp:149 src/gui/.ui/iptadvanceddialog_q.cpp:646 +#, fuzzy +msgid "after policy reset" +msgstr "Chercher dans les règles de la politique" + +#: src/gui/platforms.cpp:152 +msgid "in the activation shell script" +msgstr "" + +#: src/gui/platforms.cpp:155 +msgid "in the pf rule file, at the very top" +msgstr "" + +#: src/gui/platforms.cpp:158 +msgid "in the pf rule file, after set comamnds" +msgstr "" + +#: src/gui/platforms.cpp:161 +msgid "in the pf rule file, after scrub comamnds" +msgstr "" + +#: src/gui/platforms.cpp:164 +msgid "in the pf rule file, after table definitions" +msgstr "" + +#: src/gui/platforms.cpp:169 src/gui/.ui/ruleoptionsdialog_q.cpp:807 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:823 +msgid "/day" +msgstr "" + +#: src/gui/platforms.cpp:171 src/gui/.ui/ruleoptionsdialog_q.cpp:808 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:824 +msgid "/hour" +msgstr "" + +#: src/gui/platforms.cpp:173 src/gui/.ui/ruleoptionsdialog_q.cpp:809 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:825 +msgid "/minute" +msgstr "" + +#: src/gui/platforms.cpp:175 src/gui/.ui/ruleoptionsdialog_q.cpp:810 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:826 +msgid "/second" +msgstr "" + +#: src/gui/platforms.cpp:380 +msgid "- any -" +msgstr "" + +#: src/gui/platforms.cpp:381 +msgid "1.2.5 or earlier" +msgstr "" + +#: src/gui/platforms.cpp:382 +msgid "1.2.6 to 1.2.8" +msgstr "" + +#: src/gui/platforms.cpp:383 +msgid "1.2.9 to 1.2.11" +msgstr "" + +#: src/gui/platforms.cpp:384 +msgid "1.3.0 or later" +msgstr "" + +#: src/gui/platforms.cpp:401 +msgid "3.x" +msgstr "" + +#: src/gui/platforms.cpp:402 +msgid "4.x" +msgstr "" + +#: src/gui/platforms.cpp:518 +msgid "Accept" +msgstr "" + +#: src/gui/platforms.cpp:520 +msgid "Deny" +msgstr "" + +#: src/gui/platforms.cpp:522 +#, fuzzy +msgid "Reject" +msgstr "Objet" + +#: src/gui/platforms.cpp:524 +msgid "Scrub" +msgstr "" + +#: src/gui/platforms.cpp:526 +msgid "Return" +msgstr "" + +#: src/gui/platforms.cpp:528 +#, fuzzy +msgid "Skip" +msgstr "crit" + +#: src/gui/platforms.cpp:530 src/gui/.ui/longtextdialog_q.cpp:96 +#, fuzzy +msgid "Continue" +msgstr "&Continuer" + +#: src/gui/platforms.cpp:532 +msgid "Modify" +msgstr "" + +#: src/gui/platforms.cpp:534 +msgid "Classify" +msgstr "" + +#: src/gui/platforms.cpp:536 +#, fuzzy +msgid "Custom" +msgstr "Couper" + +#: src/gui/platforms.cpp:539 +#, fuzzy +msgid "Branch" +msgstr "Précédent" + +#: src/gui/platforms.cpp:540 +msgid "Chain" +msgstr "" + +#: src/gui/platforms.cpp:541 +msgid "Anchor" +msgstr "" + +#: src/gui/platforms.cpp:545 +#, fuzzy +msgid "Accounting" +msgstr "Comptabilisation" + +#: src/gui/platforms.cpp:546 +#, fuzzy +msgid "Count" +msgstr "Couper" + +#: src/gui/platforms.cpp:550 +msgid "Tag" +msgstr "" + +#: src/gui/platforms.cpp:551 +#, fuzzy +msgid "Mark" +msgstr "Masque :" + +#: src/gui/platforms.cpp:555 +msgid "Pipe" +msgstr "" + +#: src/gui/platforms.cpp:556 +msgid "Queue" +msgstr "" + +#: src/gui/PrefsDialog.cpp:176 +msgid "Pick the color" +msgstr "" + +#: src/gui/PrefsDialog.cpp:224 +msgid "Find working directory" +msgstr "" + +#: src/gui/PrefsDialog.cpp:233 +msgid "Find Secure Shell utility" +msgstr "" + +#: src/gui/PrefsDialog.cpp:284 +msgid "Find add-on library" +msgstr "" + +#: src/gui/printerStream.cpp:132 +#, qt-format +msgid "Page %1" +msgstr "" + +#: src/gui/PrintingProgressDialog.cpp:48 +#, qt-format +msgid "Printing (page %1/%2)" +msgstr "" + +#: src/gui/PrintingProgressDialog.cpp:50 +#, qt-format +msgid "Printing page %1" +msgstr "" + +#: src/gui/PrintingProgressDialog.cpp:67 +msgid "Aborting print operation" +msgstr "" + +#: src/gui/RCS.cpp:498 src/gui/RCS.cpp:717 src/gui/RCS.cpp:800 +#, qt-format +msgid "Error checking file out: %1" +msgstr "" + +#: src/gui/RCS.cpp:558 +#, qt-format +msgid "" +"Fatal error during initial RCS checkin of file %1 :\n" +" %2\n" +"Exit status %3" +msgstr "" + +#: src/gui/RCS.cpp:687 +msgid "Error creating temporary file " +msgstr "Erreur durant la création d'un fichier temporaire" + +#: src/gui/RCS.cpp:700 +msgid "Error writing to temporary file " +msgstr "Erreur·durant·l'écriture vers un fichier temporaire" + +#: src/gui/RCS.cpp:732 +#, qt-format +msgid "" +"File is opened and locked by %1.\n" +"You can only open it read-only." +msgstr "" + +#: src/gui/RCS.cpp:745 +#, qt-format +msgid "" +"Revision %1 of this file has been checked out and locked by you earlier.\n" +"The file may be opened in another copy of Firewall Builder or was left " +"opened\n" +"after the program crashed." +msgstr "" + +#: src/gui/RCS.cpp:748 +msgid "Open &read-only" +msgstr "Ouvrir en lectu&re-seule" + +#: src/gui/RCS.cpp:748 +msgid "&Open and continue editing" +msgstr "" + +#: src/gui/RCS.cpp:991 +#, qt-format +msgid "Fatal error running rlog for %1" +msgstr "" + +#: src/gui/RCS.cpp:1031 +#, qt-format +msgid "Fatal error running rcsdiff for file %1" +msgstr "" + +#: src/gui/RCSFilePreview.cpp:137 +msgid "File is not in RCS" +msgstr "" + +#: src/gui/RuleSetView.cpp:206 +msgid "A Rule Set" +msgstr "" + +#: src/gui/RuleSetView.cpp:621 +msgid "Outbound " +msgstr "En sortie" + +#: src/gui/RuleSetView.cpp:707 +msgid "Original" +msgstr "" + +#: src/gui/RuleSetView.cpp:708 +#, fuzzy +msgid "Default" +msgstr "Supprimer" + +#: src/gui/RuleSetView.cpp:711 src/gui/.ui/instdialog_q.cpp:274 +msgid "All" +msgstr "" + +#: src/gui/RuleSetView.cpp:712 src/gui/RuleSetView.cpp:720 +#: src/gui/.ui/timedialog_q.cpp:245 src/gui/.ui/timedialog_q.cpp:262 +msgid "Any" +msgstr "" + +#: src/gui/RuleSetView.cpp:1457 src/gui/RuleSetView.cpp:1717 +#: src/gui/RuleSetView.cpp:1745 src/gui/.ui/FWBMainWindow_q.cpp:521 +#: src/gui/.ui/FWBMainWindow_q.cpp:522 +msgid "Insert Rule" +msgstr "Insérer une règle" + +#: src/gui/RuleSetView.cpp:1459 src/gui/RuleSetView.cpp:1473 +#, fuzzy +msgid "Paste Rule" +msgstr "Coller la règle ci-dessus" + +#: src/gui/RuleSetView.cpp:1603 +msgid "Parameters" +msgstr "" + +#: src/gui/RuleSetView.cpp:1620 +#, fuzzy +msgid "Inbound" +msgstr "En sortie" + +#: src/gui/RuleSetView.cpp:1624 +#, fuzzy +msgid "Outbound" +msgstr "En sortie" + +#: src/gui/RuleSetView.cpp:1628 +msgid "Both" +msgstr "" + +#: src/gui/RuleSetView.cpp:1637 +#, fuzzy +msgid "Rule Options" +msgstr "Options" + +#: src/gui/RuleSetView.cpp:1644 +#, fuzzy +msgid "Logging On" +msgstr "Journalisation" + +#: src/gui/RuleSetView.cpp:1648 +#, fuzzy +msgid "Logging Off" +msgstr "Journalisation" + +#: src/gui/RuleSetView.cpp:1674 +#, fuzzy +msgid "Reveal in tree" +msgstr "Chercher dans l'arborescence" + +#: src/gui/RuleSetView.cpp:1677 +msgid "Negate" +msgstr "Prendre l'opposé" + +#: src/gui/RuleSetView.cpp:1725 +#, fuzzy, qt-format +msgid "Rules: %1-%2" +msgstr "Règle : %1" + +#: src/gui/RuleSetView.cpp:1728 +#, qt-format +msgid "Rule: %1" +msgstr "Règle : %1" + +#: src/gui/RuleSetView.cpp:1733 +msgid "Color Label:" +msgstr "Etiquette de couleur :" + +#: src/gui/RuleSetView.cpp:1747 src/gui/.ui/FWBMainWindow_q.cpp:527 +#: src/gui/.ui/FWBMainWindow_q.cpp:528 +msgid "Add Rule Below" +msgstr "Ajouter une règle ci-dessous" + +#: src/gui/RuleSetView.cpp:1750 src/gui/.ui/FWBMainWindow_q.cpp:529 +#: src/gui/.ui/FWBMainWindow_q.cpp:530 +msgid "Remove Rule" +msgstr "Supprimer la règle" + +#: src/gui/RuleSetView.cpp:1751 +#, fuzzy +msgid "Remove Rules" +msgstr "Supprimer la règle" + +#: src/gui/RuleSetView.cpp:1754 +#, fuzzy +msgid "Move Rule" +msgstr "Déplacer·la·règle·vers·le·haut" + +#: src/gui/RuleSetView.cpp:1755 +#, fuzzy +msgid "Move Rules" +msgstr "Déplacer·la·règle·vers·le·haut" + +#: src/gui/RuleSetView.cpp:1761 src/gui/.ui/FWBMainWindow_q.cpp:532 +#: src/gui/.ui/FWBMainWindow_q.cpp:533 +msgid "Copy Rule" +msgstr "Copier la règle" + +#: src/gui/RuleSetView.cpp:1763 src/gui/.ui/FWBMainWindow_q.cpp:534 +#: src/gui/.ui/FWBMainWindow_q.cpp:535 +msgid "Cut Rule" +msgstr "Couper la règle" + +#: src/gui/RuleSetView.cpp:1765 src/gui/.ui/FWBMainWindow_q.cpp:536 +#: src/gui/.ui/FWBMainWindow_q.cpp:537 +msgid "Paste Rule Above" +msgstr "Coller la règle ci-dessus" + +#: src/gui/RuleSetView.cpp:1767 src/gui/.ui/FWBMainWindow_q.cpp:538 +#: src/gui/.ui/FWBMainWindow_q.cpp:539 +msgid "Paste Rule Below" +msgstr "Coller la règle ci-dessous" + +#: src/gui/RuleSetView.cpp:1774 +msgid "Enable Rule" +msgstr "Activer règle" + +#: src/gui/RuleSetView.cpp:1775 +#, fuzzy +msgid "Enable Rules" +msgstr "Activer règle" + +#: src/gui/RuleSetView.cpp:1779 +msgid "Disable Rule" +msgstr "Désactiver règle" + +#: src/gui/RuleSetView.cpp:1780 +#, fuzzy +msgid "Disable Rules" +msgstr "Désactiver règle" + +#: src/gui/RuleSetView.cpp:3306 src/gui/RuleSetView.cpp:3396 +msgid "Source" +msgstr "Source" + +#: src/gui/RuleSetView.cpp:3309 src/gui/RuleSetView.cpp:3399 +#: src/gui/RuleSetView.cpp:3559 +msgid "Destination" +msgstr "Destination" + +#: src/gui/RuleSetView.cpp:3312 src/gui/RuleSetView.cpp:3402 +msgid "Service" +msgstr "Service" + +#: src/gui/RuleSetView.cpp:3318 src/gui/RuleSetView.cpp:3405 +msgid "Direction" +msgstr "Direction" + +#: src/gui/RuleSetView.cpp:3321 src/gui/RuleSetView.cpp:3408 +msgid "Action" +msgstr "Action" + +#: src/gui/RuleSetView.cpp:3326 src/gui/RuleSetView.cpp:3413 +#: src/gui/.ui/timedialog_q.cpp:241 +msgid "Time" +msgstr "Horaires" + +#: src/gui/RuleSetView.cpp:3332 src/gui/RuleSetView.cpp:3419 +#: src/gui/RuleSetView.cpp:3499 src/gui/RuleSetView.cpp:3571 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:206 +#: src/gui/.ui/linux24advanceddialog_q.cpp:415 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:184 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:198 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1854 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:308 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:212 +msgid "Options" +msgstr "Options" + +#: src/gui/RuleSetView.cpp:3336 src/gui/RuleSetView.cpp:3423 +#: src/gui/RuleSetView.cpp:3502 src/gui/RuleSetView.cpp:3574 +msgid "Comment" +msgstr "Commentaires" + +#: src/gui/RuleSetView.cpp:3481 +msgid "Original Src" +msgstr "" + +#: src/gui/RuleSetView.cpp:3484 +msgid "Original Dst" +msgstr "" + +#: src/gui/RuleSetView.cpp:3487 +msgid "Original Srv" +msgstr "" + +#: src/gui/RuleSetView.cpp:3490 +msgid "Translated Src" +msgstr "" + +#: src/gui/RuleSetView.cpp:3493 +msgid "Translated Dst" +msgstr "" + +#: src/gui/RuleSetView.cpp:3496 +msgid "Translated Srv" +msgstr "" + +#: src/gui/RuleSetView.cpp:3562 +msgid "Gateway" +msgstr "" + +#: src/gui/RuleSetView.cpp:3568 +#, fuzzy +msgid "Metric" +msgstr "Service" + +#: src/gui/SimpleTextEditor.cpp:71 +#, fuzzy +msgid "Choose file" +msgstr "Choisir un fichier à importer" + +#: src/gui/SSHPIX.cpp:136 src/gui/SSHUnx.cpp:95 +msgid "" +"\n" +"*** Fatal error :" +msgstr "" + +#: src/gui/SSHPIX.cpp:170 src/gui/SSHUnx.cpp:151 +#, fuzzy +msgid "Logged in" +msgstr "Journalisation" + +#: src/gui/SSHPIX.cpp:171 +msgid "Switching to enable mode..." +msgstr "" + +#: src/gui/SSHPIX.cpp:205 src/gui/SSHUnx.cpp:176 +msgid "New RSA key" +msgstr "Nouvelle clé RSA" + +#: src/gui/SSHPIX.cpp:206 src/gui/SSHUnx.cpp:177 +msgid "Yes" +msgstr "Oui" + +#: src/gui/SSHPIX.cpp:206 src/gui/SSHUnx.cpp:177 +msgid "No" +msgstr "Non" + +#: src/gui/SSHPIX.cpp:252 +msgid "In enable mode." +msgstr "" + +#: src/gui/SSHPIX.cpp:387 src/gui/SSHPIX.cpp:783 +msgid "Pushing firewall configuration" +msgstr "" + +#: src/gui/SSHPIX.cpp:424 +#, qt-format +msgid "Rule %1" +msgstr "Règle %1" + +#: src/gui/SSHPIX.cpp:450 +msgid "End" +msgstr "" + +#: src/gui/SSHPIX.cpp:532 +msgid "Making backup copy of the firewall configuration" +msgstr "" + +#: src/gui/SSHPIX.cpp:596 +msgid "*** Clearing unused access lists" +msgstr "" + +#: src/gui/SSHPIX.cpp:661 +msgid "*** Clearing unused object groups" +msgstr "" + +#: src/gui/SSHPIX.cpp:681 +msgid "*** End " +msgstr "" + +#: src/gui/SSHPIX.cpp:692 +msgid "Reading current firewall configuration" +msgstr "" + +#: src/gui/SSHPIX.cpp:717 +msgid "Generating configuration diff" +msgstr "" + +#: src/gui/SSHPIX.cpp:732 +#, qt-format +msgid "Fork failed for %1" +msgstr "" + +#: src/gui/SSHPIX.cpp:738 +msgid "Not enough memory." +msgstr "Mémoire insuffisante" + +#: src/gui/SSHPIX.cpp:743 +msgid "Too many opened file descriptors in the system." +msgstr "" + +#: src/gui/SSHPIX.cpp:769 +msgid "Empty configuration diff" +msgstr "" + +#: src/gui/SSHSession.cpp:90 +#, qt-format +msgid "" +"You are connecting to the firewall '%1' for the first time. It has " +"provided you its identification in a form of its host public key. The " +"fingerprint of the host public key is: \"%2\" You can save the host key to " +"the local database by pressing YES, or you can cancel connection by pressing " +"NO. You should press YES only if you are sure you are really connected to " +"the firewall '%3'." +msgstr "" + +#: src/gui/SSHSession.cpp:180 +#, fuzzy +msgid "Failed to start ssh" +msgstr "Erreur : impossible de lancer l'application" + +#: src/gui/SSHSession.cpp:498 +msgid "ERROR" +msgstr "" + +#: src/gui/SSHSession.cpp:498 src/gui/.ui/filepropdialog_q.cpp:126 +#: src/gui/.ui/instoptionsdialog_q.cpp:285 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1825 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:309 +#: src/gui/.ui/simpleinteditor_q.cpp:91 src/gui/.ui/simpletexteditor_q.cpp:95 +msgid "OK" +msgstr "OK" + +#: src/gui/SSHSession.cpp:500 +#, qt-format +msgid "SSH session terminated, exit status: %1" +msgstr "" + +#: src/gui/SSHUnx.cpp:236 +msgid "Done" +msgstr "" + +#: src/gui/SSHUnx.cpp:248 +msgid "Error in SSH" +msgstr "" + +#: src/gui/StartWizard.cpp:106 +#, qt-format +msgid "File %1 is read-only, you can not save changes to it." +msgstr "" + +#: src/gui/StartWizard.cpp:171 +#, qt-format +msgid "" +"Error opening file:\n" +"%1" +msgstr "" + +#: src/gui/TCPServiceDialog.cpp:176 src/gui/UDPServiceDialog.cpp:118 +msgid "Invalid range defined for the source port." +msgstr "" + +#: src/gui/TCPServiceDialog.cpp:184 src/gui/UDPServiceDialog.cpp:126 +msgid "Invalid range defined for the destination port." +msgstr "" + +#: src/gui/TimeDialog.cpp:68 src/gui/TimeDialog.cpp:69 +#: src/gui/.ui/timedialog_q.cpp:256 src/gui/.ui/timedialog_q.cpp:259 +#, fuzzy +msgid "(M/D/Y)" +msgstr "Date (M/J/A):" + +#: src/gui/TimeDialog.cpp:73 src/gui/TimeDialog.cpp:74 +#, fuzzy +msgid "(D/M/Y)" +msgstr "Date (D/M/A):" + +#: src/gui/TimeDialog.cpp:78 src/gui/TimeDialog.cpp:79 +#, fuzzy +msgid "(Y/M/D)" +msgstr "Date (A/M/J):" + +#: src/gui/TimeDialog.cpp:83 src/gui/TimeDialog.cpp:84 +#, fuzzy +msgid "(Y/D/M)" +msgstr "Date (A/J/M):" + +#: src/gui/.ui/aboutdialog_q.cpp:136 src/gui/.ui/aboutdialog_q.cpp:137 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:109 +#: src/gui/.ui/FWBMainWindow_q.cpp:439 +msgid "Firewall Builder" +msgstr "Firewall Builder" + +#: src/gui/.ui/aboutdialog_q.cpp:138 +msgid "Using libfwbuilder API v" +msgstr "" + +#: src/gui/.ui/aboutdialog_q.cpp:139 +msgid "Revision: " +msgstr "Version :" + +#: src/gui/.ui/aboutdialog_q.cpp:140 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:187 +#: src/gui/.ui/ipfadvanceddialog_q.cpp:547 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:351 +#: src/gui/.ui/iptadvanceddialog_q.cpp:599 +#: src/gui/.ui/linksysadvanceddialog_q.cpp:196 +#: src/gui/.ui/linux24advanceddialog_q.cpp:366 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:165 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:173 +#: src/gui/.ui/pagesetupdialog_q.cpp:108 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1000 src/gui/.ui/prefsdialog_q.cpp:364 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:183 +msgid "&OK" +msgstr "&OK" + +#: src/gui/.ui/aboutdialog_q.cpp:142 +msgid "Copyright 2002-2006 NetCitadel, LLC" +msgstr "" + +#: src/gui/.ui/aboutdialog_q.cpp:143 +msgid "" +"

    http://www." +"fwbuilder.org

    " +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:451 +msgid "Actions Dialog" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:452 +msgid "fw/rule num/action" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:453 +msgid "Tag string:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:454 +msgid "" +"If rule action is 'Reject', this option defines firewall's reaction to the " +"packet matching the rule" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:455 +msgid "This action has no parameters." +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:456 +msgid "Tag value:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:457 +msgid "Mark connections created by packets that match this rule" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:458 +msgid "Requires CONNMARK target" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:459 +msgid "" +"Note: this action translates into MARK target for iptables. Normally this " +"target is non-terminating, that is, other rules with Classify or Tag actions " +"belog this one will process the same packet. However, Firewall Builder can " +"emulate terminating behavior for this action. Option in the \"compiler\" tab " +"of the firewall object properties dialog activates emulation." +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:460 +msgid "Emulation is currently ON, the rule will be terminating" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:461 +msgid "" +"Rule name for accounting. (white spaces and special characters are not " +"allowed)" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:462 +msgid "Packet classification can be implemented in different ways:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:464 +msgid "use dummynet(4) 'pipe'" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:465 +msgid "use dummynet(4) 'queue'" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:466 +msgid "Pipe or queue number:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:467 +#, fuzzy +msgid "Custom string:" +msgstr "Service personnalisé" + +#: src/gui/.ui/actionsdialog_q.cpp:468 +msgid "Classify string:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:469 +msgid "" +"Note: CLASSIFY target in iptables is non-terminating, that is other rules " +"with Classify or Mark target below this will process the same packet. " +"However, Firewall Builder can emulate terminating behavior for this action. " +"Emulation is activated by an option in the \"compiler\" tab of the firewall " +"object properties dialog." +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:471 +msgid "Divert socket port number:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:472 +msgid "User-defined chain name:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:473 +msgid "" +"In addition to 'filter', create branching rule in 'mangle' table as well" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:474 +#, fuzzy +msgid "Anchor name:" +msgstr "Action" + +#: src/gui/.ui/actionsdialog_q.cpp:479 src/gui/.ui/actionsdialog_q.cpp:486 +#, fuzzy +msgid "interface" +msgstr "Interface" + +#: src/gui/.ui/actionsdialog_q.cpp:480 src/gui/.ui/actionsdialog_q.cpp:487 +msgid "next hop" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:481 +msgid "Fastroute" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:488 +#, fuzzy +msgid "Change inbound interface to" +msgstr "Interface de gestion" + +#: src/gui/.ui/actionsdialog_q.cpp:489 +msgid "Route through gateway" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:490 +#, fuzzy +msgid "Change outbound interface to" +msgstr "Interface de gestion" + +#: src/gui/.ui/actionsdialog_q.cpp:491 +#, fuzzy +msgid "Continue packet inspection" +msgstr "&Continuer" + +#: src/gui/.ui/actionsdialog_q.cpp:492 +msgid "Make a copy" +msgstr "" + +#: src/gui/.ui/addressrangedialog_q.cpp:162 +#: src/gui/.ui/addressrangedialog_q.cpp:163 +msgid "Address Range" +msgstr "Plage d'adresses" + +#: src/gui/.ui/addressrangedialog_q.cpp:164 +#: src/gui/.ui/addresstabledialog_q.cpp:198 +#: src/gui/.ui/customservicedialog_q.cpp:179 +#: src/gui/.ui/dnsnamedialog_q.cpp:173 src/gui/.ui/firewalldialog_q.cpp:215 +#: src/gui/.ui/groupobjectdialog_q.cpp:188 src/gui/.ui/hostdialog_q.cpp:149 +#: src/gui/.ui/icmpservicedialog_q.cpp:169 +#: src/gui/.ui/interfacedialog_q.cpp:233 src/gui/.ui/ipservicedialog_q.cpp:210 +#: src/gui/.ui/ipv4dialog_q.cpp:171 src/gui/.ui/librarydialog_q.cpp:141 +#: src/gui/.ui/networkdialog_q.cpp:165 src/gui/.ui/physaddressdialog_q.cpp:154 +#: src/gui/.ui/tagservicedialog_q.cpp:149 +#: src/gui/.ui/tcpservicedialog_q.cpp:372 src/gui/.ui/timedialog_q.cpp:271 +#: src/gui/.ui/udpservicedialog_q.cpp:223 +msgid "Comment:" +msgstr "Commentaires :" + +#: src/gui/.ui/addressrangedialog_q.cpp:165 +msgid "Range End:" +msgstr "Fin de plage :" + +#: src/gui/.ui/addressrangedialog_q.cpp:166 +msgid "Range Start:" +msgstr "Début de plage :" + +#: src/gui/.ui/addressrangedialog_q.cpp:167 +#: src/gui/.ui/addresstabledialog_q.cpp:200 +#: src/gui/.ui/customservicedialog_q.cpp:180 +#: src/gui/.ui/dnsnamedialog_q.cpp:178 src/gui/.ui/firewalldialog_q.cpp:216 +#: src/gui/.ui/groupobjectdialog_q.cpp:193 src/gui/.ui/hostdialog_q.cpp:147 +#: src/gui/.ui/icmpservicedialog_q.cpp:170 +#: src/gui/.ui/interfacedialog_q.cpp:234 src/gui/.ui/ipservicedialog_q.cpp:219 +#: src/gui/.ui/ipv4dialog_q.cpp:172 src/gui/.ui/librarydialog_q.cpp:139 +#: src/gui/.ui/networkdialog_q.cpp:166 src/gui/.ui/newfirewalldialog_q.cpp:516 +#: src/gui/.ui/newhostdialog_q.cpp:392 src/gui/.ui/physaddressdialog_q.cpp:151 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:820 +#: src/gui/.ui/tagservicedialog_q.cpp:151 +#: src/gui/.ui/tcpservicedialog_q.cpp:398 src/gui/.ui/timedialog_q.cpp:272 +#: src/gui/.ui/udpservicedialog_q.cpp:231 +msgid "Name:" +msgstr "Nom :" + +#: src/gui/.ui/addressrangedialog_q.cpp:168 +#: src/gui/.ui/addresstabledialog_q.cpp:199 +#: src/gui/.ui/customservicedialog_q.cpp:181 +#: src/gui/.ui/dnsnamedialog_q.cpp:177 src/gui/.ui/firewalldialog_q.cpp:217 +#: src/gui/.ui/groupobjectdialog_q.cpp:192 src/gui/.ui/hostdialog_q.cpp:148 +#: src/gui/.ui/icmpservicedialog_q.cpp:171 +#: src/gui/.ui/interfacedialog_q.cpp:236 src/gui/.ui/ipservicedialog_q.cpp:218 +#: src/gui/.ui/ipv4dialog_q.cpp:173 src/gui/.ui/networkdialog_q.cpp:167 +#: src/gui/.ui/newgroupdialog_q.cpp:98 src/gui/.ui/physaddressdialog_q.cpp:152 +#: src/gui/.ui/tagservicedialog_q.cpp:150 +#: src/gui/.ui/tcpservicedialog_q.cpp:399 src/gui/.ui/timedialog_q.cpp:273 +#: src/gui/.ui/udpservicedialog_q.cpp:230 +msgid "Library:" +msgstr "Bibliothèque :" + +#: src/gui/.ui/addresstabledialog_q.cpp:196 +#: src/gui/.ui/addresstabledialog_q.cpp:197 +#, fuzzy +msgid "Address Table" +msgstr "Plage d'adresses" + +#: src/gui/.ui/addresstabledialog_q.cpp:202 +#: src/gui/.ui/dnsnamedialog_q.cpp:175 +#, fuzzy +msgid "Compile Time" +msgstr "Compiler" + +#: src/gui/.ui/addresstabledialog_q.cpp:203 +#: src/gui/.ui/dnsnamedialog_q.cpp:176 +#, fuzzy +msgid "Run Time" +msgstr "Horaires" + +#: src/gui/.ui/addresstabledialog_q.cpp:204 +#, fuzzy +msgid "File name:" +msgstr "Nom de fichier : %1" + +#: src/gui/.ui/addresstabledialog_q.cpp:205 +#: src/gui/.ui/addresstabledialog_q.cpp:206 +#, fuzzy +msgid "Browse" +msgstr "Parcourir..." + +#: src/gui/.ui/addresstabledialog_q.cpp:207 +#, fuzzy +msgid "Preview" +msgstr "Propriétés" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:87 +msgid "Enter New Position For The Rule" +msgstr "" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:88 +msgid "Enter new position for selected rules:" +msgstr "" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:89 +msgid "&Move" +msgstr "" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:90 +#, fuzzy +msgid "Alt+M" +msgstr "Alt+C" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:92 src/gui/.ui/debugdialog_q.cpp:76 +#: src/gui/.ui/execdialog_q.cpp:96 src/gui/.ui/pagesetupdialog_q.cpp:111 +msgid "Alt+C" +msgstr "Alt+C" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:108 src/gui/.ui/prefsdialog_q.cpp:401 +msgid "Orange" +msgstr "Orange" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:110 src/gui/.ui/prefsdialog_q.cpp:408 +msgid "Green" +msgstr "Vert" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:112 src/gui/.ui/prefsdialog_q.cpp:406 +msgid "Purple" +msgstr "" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:114 src/gui/.ui/prefsdialog_q.cpp:398 +msgid "Blue" +msgstr "Bleu" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:116 src/gui/.ui/prefsdialog_q.cpp:399 +msgid "Yellow" +msgstr "Jaune" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:118 src/gui/.ui/prefsdialog_q.cpp:409 +msgid "Gray" +msgstr "" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:120 src/gui/.ui/prefsdialog_q.cpp:397 +msgid "Red" +msgstr "Rouge" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:122 +msgid "No color" +msgstr "" + +#: src/gui/.ui/commenteditorpanel_q.cpp:95 +#, fuzzy +msgid "Comment Editor Panel" +msgstr "Editeur d'objet" + +#: src/gui/.ui/commenteditorpanel_q.cpp:96 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:155 +#: src/gui/.ui/routingruleoptionsdialog_q.cpp:119 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:784 +msgid "fw/rule num" +msgstr "" + +#: src/gui/.ui/commenteditorpanel_q.cpp:98 +#: src/gui/.ui/simpletexteditor_q.cpp:97 +msgid "Import from file ..." +msgstr "Importer depuis un fichier..." + +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:67 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:114 +#, fuzzy +msgid "Parent" +msgstr "Imprimer" + +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:68 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:115 +#: src/gui/.ui/findwhereusedwidget_q.cpp:63 +#: src/gui/.ui/findwhereusedwidget_q.cpp:120 +#, fuzzy +msgid "Details" +msgstr "ils" + +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:112 +msgid "" +"Groups and firewall policy rules shown in the list below reference objects " +"you are about to delete. If you delete objects, they will be removed from " +"these groups and rules." +msgstr "" + +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:116 +msgid "" +"Deleted objects are moved to the \"Deleted objects\" library. You can " +"recover them later by moving back to the user's library. However if you " +"delete an object already located in the \"Deleted objects\" library, it is " +"destroyed and can not be restored." +msgstr "" + +#: src/gui/.ui/customservicedialog_q.cpp:182 +msgid "" +"Custom service object has separate code string for each supported firewall " +"platform." +msgstr "" + +#: src/gui/.ui/customservicedialog_q.cpp:183 +#: src/gui/.ui/discoverydruid_q.cpp:940 src/gui/.ui/firewalldialog_q.cpp:218 +msgid "Platform:" +msgstr "Plate-forme :" + +#: src/gui/.ui/customservicedialog_q.cpp:184 +#: src/gui/.ui/tagservicedialog_q.cpp:152 +msgid "Code:" +msgstr "Code :" + +#: src/gui/.ui/debugdialog_q.cpp:74 +msgid "Debugging Info" +msgstr "" + +#: src/gui/.ui/debugdialog_q.cpp:75 src/gui/.ui/execdialog_q.cpp:95 +#: src/gui/.ui/FWBMainWindow_q.cpp:498 +msgid "&Close" +msgstr "Fermer" + +#: src/gui/.ui/discoverydruid_q.cpp:750 src/gui/.ui/discoverydruid_q.cpp:1025 +#, fuzzy +msgid "Interfaces" +msgstr "Interface" + +#: src/gui/.ui/discoverydruid_q.cpp:752 src/gui/.ui/discoverydruid_q.cpp:1026 +#: src/gui/.ui/filterdialog_q.cpp:91 src/gui/.ui/filterdialog_q.cpp:164 +msgid "Type" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:921 src/gui/.ui/FWBMainWindow_q.cpp:565 +#: src/gui/.ui/FWBMainWindow_q.cpp:566 +msgid "Discovery Druid" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:922 +msgid "" +"Choose discovery method used to collect information about network objects " +"from the list below and click 'Next' to continue." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:923 +msgid "Discovery method:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:924 +msgid "Read file in hosts format" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:925 src/gui/.ui/discoverydruid_q.cpp:948 +msgid "Import DNS zone" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:926 +msgid "Perform network discovery using SNMP" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:927 src/gui/.ui/discoverydruid_q.cpp:942 +msgid "Import configuration of a firewall or a router" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:928 +msgid "Discovery Method" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:929 +msgid "Enter full path and file name below or click \"Browse\" to find it:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:930 +msgid "File in hosts format" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:931 +#, fuzzy +msgid "Browse ..." +msgstr "Parcourir..." + +#: src/gui/.ui/discoverydruid_q.cpp:932 +msgid "Reading file in hosts format" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:933 +msgid "" +"All objects created during import will be placed in the library currently " +"opened in the tree." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:934 +msgid "" +"Policy import tries to parse given configuration file and preserve its logic " +"as close as possible. However, very often target firewall configuration " +"allows for more commands, options and their combinations than importer can " +"understand. Rules that importer could not parse exactly are colored red in " +"the rule sets it creates. Always inspect firewall policy created by the " +"importer and compare it with the original. Manual changes and corrections " +"may be required. Comments in the rules that could not be parsed show " +"fragments of the original configuration parser did not understand." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:935 +#, fuzzy +msgid "Import from file: " +msgstr "Importer depuis un fichier..." + +#: src/gui/.ui/discoverydruid_q.cpp:936 src/gui/.ui/prefsdialog_q.cpp:380 +#: src/gui/.ui/prefsdialog_q.cpp:385 +msgid "Browse..." +msgstr "Parcourir..." + +#: src/gui/.ui/discoverydruid_q.cpp:938 +msgid "Cisco IOS" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:939 +#, fuzzy +msgid "iptables" +msgstr "iptables:" + +#: src/gui/.ui/discoverydruid_q.cpp:941 +#: src/gui/.ui/printingprogressdialog_q.cpp:75 +#, fuzzy +msgid "textLabel1" +msgstr "Etiquette" + +#: src/gui/.ui/discoverydruid_q.cpp:943 +msgid "" +"This discovery method creates objects for all 'A' records found in DNS " +"domain. You will later have a chance to accept only those objects you wish " +"and ignore others.\n" +"Please enter the domain name below:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:945 +#, fuzzy +msgid "Domain name" +msgstr "Action" + +#: src/gui/.ui/discoverydruid_q.cpp:946 +msgid "" +"Objects created using this method may have long or short names. long name " +"consists of the host name and full domain name (this is called Fully " +"Qualified Domain Name). Short name consists of only host name. Check in " +"the box below if you wish to use long name, then click next to continue:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:947 +#, fuzzy +msgid "Use long names" +msgstr "Nom d'utilisateur :" + +#: src/gui/.ui/discoverydruid_q.cpp:949 +msgid "" +"DNS zone information has to be transferred from the name server " +"authoritative for the domain. Pick the name server:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:950 src/gui/.ui/discoverydruid_q.cpp:957 +#, fuzzy +msgid "Name server" +msgstr "Serveurs SNMP" + +#: src/gui/.ui/discoverydruid_q.cpp:951 +msgid "choose name server from the list below" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:952 +msgid "server name or its IP address here if you wish to use different one:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:954 +#, fuzzy +msgid "DNS Query options" +msgstr "Options" + +#: src/gui/.ui/discoverydruid_q.cpp:955 +msgid "Timeout (sec)" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:956 +#, fuzzy +msgid "Retries" +msgstr "Service" + +#: src/gui/.ui/discoverydruid_q.cpp:958 +msgid "" +"This discovery method scans networks looking for hosts or gateways " +"responding to SNMP queries. It pulls host's ARP table and uses all the " +"entries found in it to create objects. Scan starts from the host called " +"\"seed\". Enter \"seed\" host name or address below:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:959 +msgid "'Seed' host" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:961 +msgid "Enter a valid host name or address." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:962 +msgid "" +"The scanner process can be confined to a certain network, so it won't " +"discover hosts on adjacent networks. If you leave these fields blank, " +"scanner will visit all networks it can find:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:963 +msgid "Confine scan to this network:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:964 src/gui/.ui/ipv4dialog_q.cpp:175 +#: src/gui/.ui/networkdialog_q.cpp:168 src/gui/.ui/newfirewalldialog_q.cpp:518 +#: src/gui/.ui/newhostdialog_q.cpp:406 +msgid "Netmask:" +msgstr "Masque réseau :" + +#: src/gui/.ui/discoverydruid_q.cpp:965 src/gui/.ui/ipv4dialog_q.cpp:174 +#: src/gui/.ui/networkdialog_q.cpp:169 src/gui/.ui/newfirewalldialog_q.cpp:517 +#: src/gui/.ui/newhostdialog_q.cpp:394 +msgid "Address:" +msgstr "Adresse :" + +#: src/gui/.ui/discoverydruid_q.cpp:967 +msgid "Network discovery using SNMP" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:968 +msgid "" +"The scanner process can repeat its algorithm recursively using each new host " +"it finds as a new \"seed\". This allows it to find as many objects on your " +"network as possible. On the other hand, it takes more time and may find some " +"objects you do not really need. You can turn recursive scanning on below:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:969 +msgid "Run network scan recursively" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:970 +msgid "" +"The scanner process can find nodes beyond the boundaries of your network by " +"following point-to-point links connecting it to the Internet or other parts " +"of WAN." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:971 +msgid "Follow point-to-point links" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:972 +msgid "" +"The scanner process can distinguish virtual IP addresses created on hosts as " +"static \"published\" ARP entries or as secondary addresses on interfaces." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:973 +#, fuzzy +msgid "Include virtual addresses" +msgstr "Ajouter des adresses virtuelles pour le NAT" + +#: src/gui/.ui/discoverydruid_q.cpp:974 +msgid "" +"Analysis of ARP table yields IP addresses for hosts on your network. In " +"order to determine their names, scanner can run reverse name lookup queries " +"using your name servers (DNS):" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:975 +msgid "Run reverse name lookup DNS queries to determine host names" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:976 +#, fuzzy +msgid "Network scan options" +msgstr "Zone réseau :" + +#: src/gui/.ui/discoverydruid_q.cpp:977 +msgid "" +"Enter parameters for SNMP and DNS reverse lookup queries below. (If unsure, " +"just leave default values):" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:978 +msgid "SNMP query parameters:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:979 +#: src/gui/.ui/newfirewalldialog_q.cpp:497 src/gui/.ui/newhostdialog_q.cpp:386 +msgid "SNMP 'read' community string:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:980 src/gui/.ui/discoverydruid_q.cpp:984 +msgid "number of retries:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:981 +msgid "timeout (sec):" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:982 +msgid "public" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:983 +#, fuzzy +msgid "DNS parameters:" +msgstr "Nom" + +#: src/gui/.ui/discoverydruid_q.cpp:985 +msgid "timeout (sec) :" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:986 +msgid "Number of threads:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:988 +msgid "SNMP and DNS reverse lookup queries parameters" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:990 +msgid "Process name" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:993 +msgid "Save scan log to file" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:994 +msgid "Process log:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:995 +msgid "Discovery is in progress" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:996 +msgid "" +"These are the networks found by the scanner process. Choose the ones you " +"wish to use from the list below, then click 'Next':" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:997 src/gui/.ui/discoverydruid_q.cpp:1003 +#: src/gui/.ui/discoverydruid_q.cpp:1008 src/gui/.ui/discoverydruid_q.cpp:1013 +#: src/gui/.ui/discoverydruid_q.cpp:1019 +msgid "Select All" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:998 src/gui/.ui/discoverydruid_q.cpp:1009 +#: src/gui/.ui/discoverydruid_q.cpp:1018 +#, fuzzy +msgid "Filter ..." +msgstr "Doublon" + +#: src/gui/.ui/discoverydruid_q.cpp:999 src/gui/.ui/discoverydruid_q.cpp:1004 +#: src/gui/.ui/discoverydruid_q.cpp:1010 src/gui/.ui/discoverydruid_q.cpp:1014 +#: src/gui/.ui/discoverydruid_q.cpp:1016 +msgid "Unselect All" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1000 src/gui/.ui/discoverydruid_q.cpp:1007 +#: src/gui/.ui/discoverydruid_q.cpp:1017 +#, fuzzy +msgid "Remove Filter" +msgstr "Supprimer la règle" + +#: src/gui/.ui/discoverydruid_q.cpp:1001 src/gui/.ui/discoverydruid_q.cpp:1011 +msgid "->" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1002 src/gui/.ui/discoverydruid_q.cpp:1012 +msgid "<-" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1005 +#, fuzzy +msgid "Networks" +msgstr "Réseau" + +#: src/gui/.ui/discoverydruid_q.cpp:1006 +msgid "Choose objects you wish to use, then click 'Next':" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1020 +msgid "Change type of selected objects:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1027 +msgid "" +"Here you can change type of the objects to be created for each address " +"discovered by the scanner. By default, an \"Address\" object is created for " +"the host with just one interface with single IP address and \"Host\" object " +"is created for the host with multiple interfaces, however you can change " +"their types on this page." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1028 +msgid "Adjust Object types" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1029 +msgid "Select target library" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1030 +#, fuzzy +msgid "Target library" +msgstr "Nouvelle bibliothèque" + +#: src/gui/.ui/discoverydruid_q.cpp:1031 +msgid "Adding new objects to library ..." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1032 +#, fuzzy +msgid "Creatnig objects" +msgstr "Créer un nouvel objet" + +#: src/gui/.ui/dnsnamedialog_q.cpp:171 src/gui/.ui/dnsnamedialog_q.cpp:172 +#, fuzzy +msgid "DNS Name" +msgstr "Nom" + +#: src/gui/.ui/dnsnamedialog_q.cpp:179 +msgid "DNS Record:" +msgstr "" + +#: src/gui/.ui/execdialog_q.cpp:92 +msgid "Executing external command" +msgstr "" + +#: src/gui/.ui/execdialog_q.cpp:93 src/gui/.ui/instdialog_q.cpp:287 +msgid "Save log to file" +msgstr "" + +#: src/gui/.ui/filepropdialog_q.cpp:114 +#, fuzzy +msgid "File Properties" +msgstr "Propriétés" + +#: src/gui/.ui/filepropdialog_q.cpp:115 +msgid "Location:" +msgstr "Emplacement :" + +#: src/gui/.ui/filepropdialog_q.cpp:116 +msgid "RO" +msgstr "" + +#: src/gui/.ui/filepropdialog_q.cpp:117 +#, fuzzy +msgid "Revision Control:" +msgstr "Gestion des versions" + +#: src/gui/.ui/filepropdialog_q.cpp:118 +msgid "Time of last modification:" +msgstr "" + +#: src/gui/.ui/filepropdialog_q.cpp:119 +#, fuzzy +msgid "Revision:" +msgstr "Version :" + +#: src/gui/.ui/filepropdialog_q.cpp:120 +msgid "Locked by user:" +msgstr "" + +#: src/gui/.ui/filepropdialog_q.cpp:121 +#, fuzzy +msgid "location" +msgstr "Emplacement :" + +#: src/gui/.ui/filepropdialog_q.cpp:122 +msgid "lastModified" +msgstr "" + +#: src/gui/.ui/filepropdialog_q.cpp:123 +msgid "rev" +msgstr "" + +#: src/gui/.ui/filepropdialog_q.cpp:124 +msgid "lockedBy" +msgstr "" + +#: src/gui/.ui/filepropdialog_q.cpp:125 +#, fuzzy +msgid "Revision history:" +msgstr "Version :" + +#: src/gui/.ui/filepropdialog_q.cpp:127 src/gui/.ui/FWBMainWindow_q.cpp:458 +msgid "Print" +msgstr "Imprimer" + +#: src/gui/.ui/filterdialog_q.cpp:89 src/gui/.ui/filterdialog_q.cpp:163 +msgid "Target" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:93 src/gui/.ui/filterdialog_q.cpp:165 +#, fuzzy +msgid "Pattern" +msgstr "Coller" + +#: src/gui/.ui/filterdialog_q.cpp:150 +#, fuzzy +msgid "Filter" +msgstr "&Fichier" + +#: src/gui/.ui/filterdialog_q.cpp:151 src/gui/.ui/FWBMainWindow_q.cpp:452 +#: src/gui/.ui/FWBMainWindow_q.cpp:495 src/gui/.ui/FWBMainWindow_q.cpp:496 +msgid "Save" +msgstr "Enregistrer" + +#: src/gui/.ui/filterdialog_q.cpp:152 src/gui/.ui/prefsdialog_q.cpp:213 +#: src/gui/.ui/prefsdialog_q.cpp:392 +msgid "Load" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:153 src/gui/.ui/libexport_q.cpp:112 +msgid "Ok" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:155 +#, fuzzy +msgid "Match" +msgstr "Chemin" + +#: src/gui/.ui/filterdialog_q.cpp:157 +#, fuzzy +msgid "all" +msgstr "Installer" + +#: src/gui/.ui/filterdialog_q.cpp:158 src/gui/.ui/icmpservicedialog_q.cpp:173 +#: src/gui/.ui/icmpservicedialog_q.cpp:175 +msgid "any" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:159 +msgid "of the following:" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:161 +msgid "+" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:162 +msgid "Add a new pattern" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:166 +msgid "Case sensitive" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:167 +msgid "-" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:168 +msgid "Remove a pattern" +msgstr "" + +#: src/gui/.ui/finddialog_q.cpp:127 src/gui/.ui/FWBMainWindow_q.cpp:513 +msgid "Find Object" +msgstr "Chercher un objet" + +#: src/gui/.ui/finddialog_q.cpp:128 +msgid "Text to be found in object names:" +msgstr "" + +#: src/gui/.ui/finddialog_q.cpp:129 +msgid "Search in policy rules" +msgstr "Chercher dans les règles de la politique" + +#: src/gui/.ui/finddialog_q.cpp:130 +msgid "Search in the tree" +msgstr "Chercher dans l'arborescence" + +#: src/gui/.ui/finddialog_q.cpp:132 +msgid "Matching attribute:" +msgstr "" + +#: src/gui/.ui/finddialog_q.cpp:135 src/gui/.ui/findobjectwidget_q.cpp:205 +msgid "TCP/UDP port" +msgstr "" + +#: src/gui/.ui/finddialog_q.cpp:136 src/gui/.ui/findobjectwidget_q.cpp:206 +msgid "Protocol number" +msgstr "" + +#: src/gui/.ui/finddialog_q.cpp:137 src/gui/.ui/findobjectwidget_q.cpp:207 +#, fuzzy +msgid "ICMP type" +msgstr "ICMP" + +#: src/gui/.ui/finddialog_q.cpp:138 src/gui/.ui/findobjectwidget_q.cpp:208 +msgid "Search for substring using regular expressions" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:187 +#: src/gui/.ui/findwhereusedwidget_q.cpp:116 +#: src/gui/.ui/fwobjectdroparea_q.cpp:49 +#: src/gui/.ui/tagservicedialog_q.cpp:147 +msgid "Form1" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:188 +msgid " Replace object " +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:189 +msgid "Replace && Find" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:192 +msgid "Replace all" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:193 +#, fuzzy +msgid "Replace" +msgstr "Modèles" + +#: src/gui/.ui/findobjectwidget_q.cpp:194 +msgid "Scope for search and replace :" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:196 +msgid "Tree only" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:197 +msgid "Tree and policy of all firewalls" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:198 +msgid "Policy of all firewalls" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:199 +msgid "policy of the opened firewall" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:200 +#: src/gui/.ui/findwhereusedwidget_q.cpp:122 +#: src/gui/.ui/FWBMainWindow_q.cpp:446 src/gui/.ui/FWBMainWindow_q.cpp:497 +#: src/gui/.ui/simpletextview_q.cpp:94 +msgid "Close" +msgstr "Fermer" + +#: src/gui/.ui/findobjectwidget_q.cpp:201 +#, fuzzy +msgid " Find object" +msgstr "Chercher un objet" + +#: src/gui/.ui/findwhereusedwidget_q.cpp:62 +#: src/gui/.ui/findwhereusedwidget_q.cpp:119 +#, fuzzy +msgid "Parent Object" +msgstr "Nouvel·objet" + +#: src/gui/.ui/findwhereusedwidget_q.cpp:117 +#, fuzzy +msgid "Object:" +msgstr "Objet" + +#: src/gui/.ui/findwhereusedwidget_q.cpp:118 +msgid "Object is found in :" +msgstr "" + +#: src/gui/.ui/firewalldialog_q.cpp:211 +msgid "Host OS Settings ..." +msgstr "Configuration de l'OS de l'hôte..." + +#: src/gui/.ui/firewalldialog_q.cpp:212 +#, fuzzy +msgid "Inactive firewall" +msgstr "Nouveau firewall" + +#: src/gui/.ui/firewalldialog_q.cpp:213 +msgid "Skip this firewall for batch compile and install operations" +msgstr "" + +#: src/gui/.ui/firewalldialog_q.cpp:214 +msgid "Firewall Settings ..." +msgstr "Configuration du firewall..." + +#: src/gui/.ui/firewalldialog_q.cpp:219 +msgid "Version:" +msgstr "Version :" + +#: src/gui/.ui/firewalldialog_q.cpp:220 +msgid "Host OS:" +msgstr "OS de l'hôte" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:186 +msgid "FreeBSD: advanced settings" +msgstr "" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:191 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:183 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:177 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:211 +msgid "Forward source routed packets" +msgstr "" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:192 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:169 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:197 +msgid "Generate ICMP redirects" +msgstr "" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:193 +#: src/gui/.ui/linux24advanceddialog_q.cpp:406 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:170 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:187 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:202 +msgid "Packet forwarding" +msgstr "" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:207 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:187 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:201 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:215 +msgid "" +"Specify directory path and a file name for the following utilities on the OS " +"your firewall machine is running. Leave these empty if you want to use " +"default values." +msgstr "" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:208 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:214 +msgid "ipnat:" +msgstr "ipnat:" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:209 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:186 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:200 +msgid "sysctl:" +msgstr "sysctl :" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:210 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:213 +msgid "ipf:" +msgstr "ipf:" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:211 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:185 +msgid "ipfw:" +msgstr "ipfw:" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:212 +#: src/gui/.ui/linksysadvanceddialog_q.cpp:206 +#: src/gui/.ui/linux24advanceddialog_q.cpp:457 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:188 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:202 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:216 +msgid "Path" +msgstr "Chemin" + +#: src/gui/.ui/FWBMainWindow_q.cpp:441 +msgid "" +"Click here to change amount of information shown about object selected in " +"the tree" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:442 +#, fuzzy +msgid "Firewall Name" +msgstr "Firewall" + +#: src/gui/.ui/FWBMainWindow_q.cpp:443 src/gui/.ui/instdialog_q.cpp:281 +msgid "Firewalls:" +msgstr "Firewalls :" + +#: src/gui/.ui/FWBMainWindow_q.cpp:444 +msgid "Tab 1" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:445 +msgid "Apply" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:447 +msgid "New Object File" +msgstr "Nouveau fichier d'objets" + +#: src/gui/.ui/FWBMainWindow_q.cpp:448 +msgid "&New Object File" +msgstr "&Nouveau fichier d'objets" + +#: src/gui/.ui/FWBMainWindow_q.cpp:450 +msgid "&Open..." +msgstr "&Ouvrir..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:451 +msgid "Ctrl+O" +msgstr "Ctrl+O" + +#: src/gui/.ui/FWBMainWindow_q.cpp:454 +msgid "Ctrl+S" +msgstr "Ctrl+S" + +#: src/gui/.ui/FWBMainWindow_q.cpp:455 +msgid "Save As" +msgstr "Enregistrer sous" + +#: src/gui/.ui/FWBMainWindow_q.cpp:456 +msgid "Save &As..." +msgstr "Enregistrer sous..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:459 +msgid "&Print..." +msgstr "Imprimer..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:460 +msgid "Ctrl+P" +msgstr "Ctrl+P" + +#: src/gui/.ui/FWBMainWindow_q.cpp:461 +msgid "Exit" +msgstr "Quitter" + +#: src/gui/.ui/FWBMainWindow_q.cpp:462 +msgid "E&xit" +msgstr "Quitter" + +#: src/gui/.ui/FWBMainWindow_q.cpp:464 +msgid "Undo" +msgstr "Annuler" + +#: src/gui/.ui/FWBMainWindow_q.cpp:465 +msgid "&Undo" +msgstr "Ann&uler" + +#: src/gui/.ui/FWBMainWindow_q.cpp:466 +msgid "Ctrl+Z" +msgstr "Ctrl+Z" + +#: src/gui/.ui/FWBMainWindow_q.cpp:467 +msgid "Redo" +msgstr "Refaire" + +#: src/gui/.ui/FWBMainWindow_q.cpp:468 +msgid "&Redo" +msgstr "&Refaire" + +#: src/gui/.ui/FWBMainWindow_q.cpp:469 +msgid "Ctrl+Y" +msgstr "Ctrl+Y" + +#: src/gui/.ui/FWBMainWindow_q.cpp:471 +msgid "&Cut" +msgstr "&Couper" + +#: src/gui/.ui/FWBMainWindow_q.cpp:472 +msgid "Ctrl+X" +msgstr "Ctrl+X" + +#: src/gui/.ui/FWBMainWindow_q.cpp:474 +msgid "C&opy" +msgstr "C&opier" + +#: src/gui/.ui/FWBMainWindow_q.cpp:475 +msgid "Ctrl+C" +msgstr "Ctrl+C" + +#: src/gui/.ui/FWBMainWindow_q.cpp:477 +msgid "&Paste" +msgstr "Coller" + +#: src/gui/.ui/FWBMainWindow_q.cpp:478 +msgid "Ctrl+V" +msgstr "Ctrl+V" + +#: src/gui/.ui/FWBMainWindow_q.cpp:481 src/gui/.ui/FWBMainWindow_q.cpp:517 +msgid "Ctrl+F" +msgstr "Ctrl+F" + +#: src/gui/.ui/FWBMainWindow_q.cpp:482 +msgid "Contents" +msgstr "Contenu" + +#: src/gui/.ui/FWBMainWindow_q.cpp:483 +msgid "&Contents..." +msgstr "&Contenu..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:485 +msgid "Index" +msgstr "Index" + +#: src/gui/.ui/FWBMainWindow_q.cpp:486 +msgid "&Index..." +msgstr "&Index..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:488 +msgid "About" +msgstr "A propos" + +#: src/gui/.ui/FWBMainWindow_q.cpp:489 +msgid "&About" +msgstr "&A propos" + +#: src/gui/.ui/FWBMainWindow_q.cpp:491 src/gui/.ui/FWBMainWindow_q.cpp:492 +msgid "New" +msgstr "Nouveau/Nouvelle" + +#: src/gui/.ui/FWBMainWindow_q.cpp:501 +msgid "Compile rules" +msgstr "Compiler les règles" + +#: src/gui/.ui/FWBMainWindow_q.cpp:504 +msgid "Install firewall policy" +msgstr "Installer la politique du firewall" + +#: src/gui/.ui/FWBMainWindow_q.cpp:505 src/gui/.ui/FWBMainWindow_q.cpp:506 +#: src/gui/.ui/objectmanipulator_q.cpp:111 +msgid "Back" +msgstr "Précédent" + +#: src/gui/.ui/FWBMainWindow_q.cpp:507 src/gui/.ui/FWBMainWindow_q.cpp:508 +msgid "Move back to the previous object" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:509 +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:155 +#: src/gui/.ui/objectmanipulator_q.cpp:114 +msgid "New Object" +msgstr "Nouvel·objet" + +#: src/gui/.ui/FWBMainWindow_q.cpp:510 +msgid "&New Object" +msgstr "&Nouvel objet" + +#: src/gui/.ui/FWBMainWindow_q.cpp:511 src/gui/.ui/objectmanipulator_q.cpp:115 +msgid "Create New Object" +msgstr "Créer un nouvel objet" + +#: src/gui/.ui/FWBMainWindow_q.cpp:512 +msgid "Ctrl+N" +msgstr "Ctrl+N" + +#: src/gui/.ui/FWBMainWindow_q.cpp:514 +msgid "&Find Object" +msgstr "Chercher un objet" + +#: src/gui/.ui/FWBMainWindow_q.cpp:515 src/gui/.ui/FWBMainWindow_q.cpp:516 +msgid "Find object in the tree" +msgstr "Chercher un objet dans l'arborescence" + +#: src/gui/.ui/FWBMainWindow_q.cpp:518 +msgid "Preferences..." +msgstr "Préférences..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:519 +#, fuzzy +msgid "P&references..." +msgstr "Préférences..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:520 +msgid "Edit Preferences" +msgstr "Editer les préférences" + +#: src/gui/.ui/FWBMainWindow_q.cpp:523 src/gui/.ui/FWBMainWindow_q.cpp:524 +msgid "Move Rule Up" +msgstr "Déplacer·la·règle·vers·le·haut" + +#: src/gui/.ui/FWBMainWindow_q.cpp:525 src/gui/.ui/FWBMainWindow_q.cpp:526 +msgid "Move Rule Down" +msgstr "Déplacer la règle vers le bas" + +#: src/gui/.ui/FWBMainWindow_q.cpp:531 +msgid "Ctrl+Del" +msgstr "Ctrl+Del" + +#: src/gui/.ui/FWBMainWindow_q.cpp:540 +#, fuzzy +msgid "Add File to RCS" +msgstr "Ajouter au RCS" + +#: src/gui/.ui/FWBMainWindow_q.cpp:541 +#, fuzzy +msgid "Add File to &RCS" +msgstr "Ajouter au RCS" + +#: src/gui/.ui/FWBMainWindow_q.cpp:544 +msgid "Export Library To a File" +msgstr "Exporter une bibliothèque vers un fichier" + +#: src/gui/.ui/FWBMainWindow_q.cpp:545 +#, fuzzy +msgid "&Export Library" +msgstr "Exporter une bibliothèque" + +#: src/gui/.ui/FWBMainWindow_q.cpp:546 +msgid "Import Library From a File" +msgstr "Importer une bibliothèque depuis un fichier" + +#: src/gui/.ui/FWBMainWindow_q.cpp:547 +#, fuzzy +msgid "&Import Library" +msgstr "Importer une bibliothèque" + +#: src/gui/.ui/FWBMainWindow_q.cpp:548 +msgid "Debug" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:549 +msgid "&Debug" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:550 src/gui/.ui/FWBMainWindow_q.cpp:551 +#, fuzzy +msgid "&Properties" +msgstr "Propriétés" + +#: src/gui/.ui/FWBMainWindow_q.cpp:552 +#, fuzzy +msgid "Show File Properties" +msgstr "Propriétés" + +#: src/gui/.ui/FWBMainWindow_q.cpp:553 src/gui/.ui/FWBMainWindow_q.cpp:554 +msgid "Move Selected Rules" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:555 +#, fuzzy +msgid "Discard" +msgstr "Aban&donner" + +#: src/gui/.ui/FWBMainWindow_q.cpp:557 +msgid "" +"Discard Changes and Overwrite With Clean Copy Of The Head Revision From RCS" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:558 +#, fuzzy +msgid "Commit" +msgstr "Commentaires" + +#: src/gui/.ui/FWBMainWindow_q.cpp:559 +#, fuzzy +msgid "Co&mmit" +msgstr "Commentaires" + +#: src/gui/.ui/FWBMainWindow_q.cpp:560 +msgid "Commit Opened File to RCS and Continue Editing" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:567 src/gui/.ui/FWBMainWindow_q.cpp:568 +#, fuzzy +msgid "new item" +msgstr "Nouvel élément" + +#: src/gui/.ui/FWBMainWindow_q.cpp:569 src/gui/.ui/FWBMainWindow_q.cpp:570 +msgid "Find Conflicting Objects in Two Files" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:571 +#, fuzzy +msgid "Import Po&licy" +msgstr "Importer une bibliothèque" + +#: src/gui/.ui/FWBMainWindow_q.cpp:572 +msgid "Toolbar" +msgstr "Barre d'outils" + +#: src/gui/.ui/FWBMainWindow_q.cpp:573 +msgid "&File" +msgstr "&Fichier" + +#: src/gui/.ui/FWBMainWindow_q.cpp:574 +msgid "&Edit" +msgstr "&Edition" + +#: src/gui/.ui/FWBMainWindow_q.cpp:576 +msgid "Rules" +msgstr "Règles" + +#: src/gui/.ui/FWBMainWindow_q.cpp:577 +#, fuzzy +msgid "Tools" +msgstr "Barre d'outils" + +#: src/gui/.ui/FWBMainWindow_q.cpp:578 +msgid "&Help" +msgstr "Aide" + +#: src/gui/.ui/groupobjectdialog_q.cpp:190 +msgid "I" +msgstr "I" + +#: src/gui/.ui/groupobjectdialog_q.cpp:191 +msgid "L" +msgstr "L" + +#: src/gui/.ui/hostdialog_q.cpp:146 +msgid "MAC matching" +msgstr "Vérification de l'adresse MAC" + +#: src/gui/.ui/icmpservicedialog_q.cpp:167 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1071 +msgid "ICMP" +msgstr "ICMP" + +#: src/gui/.ui/icmpservicedialog_q.cpp:172 +msgid "ICMP Type:" +msgstr "" + +#: src/gui/.ui/icmpservicedialog_q.cpp:174 +msgid "ICMP Code:" +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:85 src/gui/.ui/instdialog_q.cpp:270 +#: src/gui/.ui/librarydialog_q.cpp:136 src/gui/.ui/librarydialog_q.cpp:137 +msgid "Library" +msgstr "Bibliothèque" + +#: src/gui/.ui/instdialog_q.cpp:87 src/gui/.ui/instdialog_q.cpp:271 +msgid "Last Modified" +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:89 src/gui/.ui/instdialog_q.cpp:272 +#, fuzzy +msgid "Last Compiled" +msgstr "Compiler" + +#: src/gui/.ui/instdialog_q.cpp:91 src/gui/.ui/instdialog_q.cpp:273 +#, fuzzy +msgid "Last Installed" +msgstr "Installeur" + +#: src/gui/.ui/instdialog_q.cpp:136 src/gui/.ui/instdialog_q.cpp:280 +#, fuzzy +msgid "Progress" +msgstr "Propriétés" + +#: src/gui/.ui/instdialog_q.cpp:225 src/gui/.ui/instdialog_q.cpp:290 +#, fuzzy +msgid "Compile status" +msgstr "Compiler les règles" + +#: src/gui/.ui/instdialog_q.cpp:226 src/gui/.ui/instdialog_q.cpp:291 +#, fuzzy +msgid "Install status" +msgstr "Installer" + +#: src/gui/.ui/instdialog_q.cpp:263 +msgid "Firewall Builder: Policy Installer" +msgstr "Firewall Builder: installation de la politique" + +#: src/gui/.ui/instdialog_q.cpp:264 +msgid "" +"

    Select firewalls to compile and " +"install.

    " +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:265 +msgid "Perform batch install" +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:266 +msgid "" +"Check this option if you want to install all selected firewalls " +"automatically. This only works if you use the same user name and password to " +"authenticate to all these firewalls. " +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:275 +#, fuzzy +msgid "None" +msgstr "Non" + +#: src/gui/.ui/instdialog_q.cpp:282 +#, fuzzy +msgid "firewall" +msgstr "Firewall" + +#: src/gui/.ui/instdialog_q.cpp:283 +msgid "Progress:" +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:285 +msgid "Show Details" +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:286 +msgid "Process log" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:283 +#, fuzzy +msgid "Install options" +msgstr "Installer" + +#: src/gui/.ui/instoptionsdialog_q.cpp:284 +#, qt-format +msgid "" +"

    Install options for firewall '%1'

    " +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:287 +msgid "min" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:288 +msgid "" +"Test run: run the script on the firewall but do not store it permanently." +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:289 +msgid "Schedule reboot in " +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:290 +msgid "" +"Rebooting the firewall will restore its original policy. To cancel reboot, " +"install the policy with \"test run\" option turned off" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:291 +msgid "" +"If you install the policy in test mode, it will not be saved permanently, so " +"you can revert to the last working configuration by rebooting the firewall" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:292 +msgid "Cancel reboot if policy activation was successfull" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:293 +msgid "" +"Quiet install: do not print anything as commands are executed on the firewall" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:294 +msgid "Verbose: print all commands as they are executed on the firewall" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:295 +msgid "Remove comments from configuration" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:296 +msgid "Compress script" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:297 +msgid "Store a copy of fwb file on the firewall" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:298 +msgid "Alternative address to communicate with the firewall:" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:299 +msgid "Options for PIX and fwsm firewalls :" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:300 +msgid "Write configuration to standby PIX" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:301 +msgid "Dry run (commands won't be executed on the firewall)" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:302 +msgid "Store configuration diff in a file" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:303 +msgid "" +"install only ACL, 'icmp', 'telnet', 'ssh', 'nat', 'global' and 'static' " +"commands" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:304 +msgid "" +"Calculate difference between current firewall state and generated " +"configuration and install only those commands that update state of the " +"firewall" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:305 +msgid "Make a backup copy of the firewall configuration in this file:" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:306 +msgid "Password or passphrase:" +msgstr "Mot de passe ou paraphrase :" + +#: src/gui/.ui/instoptionsdialog_q.cpp:307 +msgid "User name:" +msgstr "Nom d'utilisateur :" + +#: src/gui/.ui/instoptionsdialog_q.cpp:308 +msgid "Enable password:" +msgstr "Activer le mot de passe :" + +#: src/gui/.ui/interfacedialog_q.cpp:235 +#: src/gui/.ui/newfirewalldialog_q.cpp:507 src/gui/.ui/newhostdialog_q.cpp:393 +msgid "Label:" +msgstr "Etiquette :" + +#: src/gui/.ui/interfacedialog_q.cpp:237 +msgid "Security level:" +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:238 +msgid "" +"

    Each interface of the firewall must have security level associated with " +"it.
    Security level can be any number between 0 and 100, 0 being least " +"secure and 100 being most secure levels. Interface with security level 0 " +"ususally serves Internet connection.

    " +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:239 +msgid "" +"

    Each interface of the firewall must have security level associated with " +"it.
    \n" +"Security level can be any number between 0 and 100, 0 being least secure and " +"100 being most secure levels. Interface with security level 0 ususally " +"serves Internet connection.

    " +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:241 src/gui/.ui/interfacedialog_q.cpp:244 +msgid "" +"

    Network zone consists of hosts and networks that can be reached through " +"this interface of the firewall. Subnet to which this interface is directly " +"attached must be part of its network zone. Other subnets reachable by means " +"of routing should alse be added to the network zone.\n" +"
    \n" +"If network zone for this interface consists of only one subnet, you can " +"simply choose that network's object in the pull-down below. If your network " +"zone should include multiple subnets, you need to create an Object Group, " +"then put all hosts and networks which are going to be part of the network " +"zone into that group and finally choose this group in the pull-down below." +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:247 +msgid "Network zone:" +msgstr "Zone réseau :" + +#: src/gui/.ui/interfacedialog_q.cpp:249 +#, fuzzy +msgid "This interface is external (insecure)" +msgstr "" +"Cette interface est externe\n" +"(potentiellement exposée à des attaques)" + +#: src/gui/.ui/interfacedialog_q.cpp:250 +msgid "" +"

    One interface of the firewall must be marked as 'external'. This " +"interface should be connected to the least secure network, usually the " +"Internet.

    " +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:251 +msgid "" +"One interface of the firewall must be marked as 'external'. This interface " +"should be connected to the least secure network, usually the Internet." +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:252 +msgid "Management interface" +msgstr "Interface de gestion" + +#: src/gui/.ui/interfacedialog_q.cpp:253 +msgid "" +"

    Check if this interface is used for management (SNMP queries, remote " +"policy install etc.)

    " +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:255 +#, fuzzy +msgid "Address is assigned dynamically" +msgstr "" +"Adresse assignée\n" +"dynamiquement" + +#: src/gui/.ui/interfacedialog_q.cpp:256 +#: src/gui/.ui/newfirewalldialog_q.cpp:515 +msgid "Regular interface" +msgstr "Interface matériel" + +#: src/gui/.ui/interfacedialog_q.cpp:257 +#, fuzzy +msgid "Unprotected interface" +msgstr "Interface sans numéro" + +#: src/gui/.ui/interfacedialog_q.cpp:258 +msgid "Skip this interface while assigning policy rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:546 +msgid "ipf: advanced settings" +msgstr "ipf: configuration avancée" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:551 +msgid "Use raudio proxy in NAT rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:552 +msgid "Use h323 proxy in NAT rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:553 +msgid "Use ipsec proxy in NAT rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:554 +msgid "Use ftp proxy in NAT rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:555 +msgid "Use rcmd proxy in NAT rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:556 +msgid "Use Kerberos rcmd proxy in NAT rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:557 +msgid "Use Kerberos ekshell proxy in NAT rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:558 +msgid "" +"Some protocols involve multiple associated network connections. Firewall can " +"keep track of such connections automatically if you activate one or all of " +"the following options:" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:559 +msgid "Use PPTP proxy in NAT rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:560 +msgid "Use IRC proxy in NAT rules for DCC" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:561 +msgid "Protocol Helpers" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:562 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:356 +#: src/gui/.ui/iptadvanceddialog_q.cpp:610 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1004 +msgid "Compiler:" +msgstr "Compilateur :" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:563 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1019 +msgid "" +"There are two ways compiler can generate code for rules in the Global " +"Policy: it can either create two ipf rules to control both incoming and " +"outgoing packets for each rule, or it can create only one ipf rule for " +"incoming packets and permit all outgoing ones.You get more control over the " +"packets crossing the firewall in the first mode, but generated script is " +"going to be smaller if you choose the second." +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:564 +msgid "" +"Masquerade returned icmp as being from original\n" +"packet's destination" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:567 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1018 +msgid "Generate both 'in' and 'out' rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:568 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1017 +msgid "Pass all outgoing" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:569 +#: src/gui/.ui/iptadvanceddialog_q.cpp:608 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1009 +msgid "Accept TCP sessions opened prior to firewall restart" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:570 +msgid "Find and eliminate duplicate rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:571 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:360 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1011 +msgid "Detect rule shadowing in policy" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:572 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:361 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1012 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1846 +msgid "" +"Shadowing happens because a rule is a superset of a subsequent rule and any " +"packets potentially matched by the subsequent rule have already been matched " +"by the prior rule." +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:573 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:358 +#: src/gui/.ui/iptadvanceddialog_q.cpp:616 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1013 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1841 +msgid "Ignore empty groups in rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:574 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:359 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1014 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1842 +msgid "" +"If the option is deactivated, compiler treats empty groups as an error and " +"aborts processing the policy. If this option is activated, compiler removes " +"all empty groups from all rule elements. If rule element becomes 'any' after " +"the last empty group has been removed, the whole rule will be ignored. Use " +"this option only if you fully understand how it works!" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:575 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:364 +#: src/gui/.ui/iptadvanceddialog_q.cpp:617 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1006 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1828 +msgid "" +"Always permit ssh access from\n" +"the management workstation\n" +"with this address:" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:578 +#: src/gui/.ui/iptadvanceddialog_q.cpp:620 +msgid "Default action on 'Reject':" +msgstr "Action par défaut après un \"Rejet\"." + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:579 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:355 +#: src/gui/.ui/iptadvanceddialog_q.cpp:603 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1005 +msgid "Command line options for the compiler:" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:580 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:357 +#: src/gui/.ui/iptadvanceddialog_q.cpp:611 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1015 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1827 +msgid "" +"Output file name (if left blank, the file name is constructed of the " +"firewall object name and extension \".fw\")" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:581 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:367 +#: src/gui/.ui/iptadvanceddialog_q.cpp:623 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1021 +msgid "Compiler" +msgstr "Compilateur" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:582 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:368 +#: src/gui/.ui/iptadvanceddialog_q.cpp:624 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1096 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1873 +msgid "External install script" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:583 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:369 +#: src/gui/.ui/iptadvanceddialog_q.cpp:625 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1097 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1874 +msgid "" +"Policy install script (using built-in installer if this field is blank):" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:584 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:370 +#: src/gui/.ui/iptadvanceddialog_q.cpp:626 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1098 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1875 +msgid "Command line options for the script:" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:585 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:371 +#: src/gui/.ui/iptadvanceddialog_q.cpp:627 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1099 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1876 +msgid "Built-in installer" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:586 +msgid "Directory on the firewall where configuration files should be installed" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:587 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:376 +#: src/gui/.ui/iptadvanceddialog_q.cpp:632 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1104 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1879 +msgid "Additional command line parameters for ssh" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:588 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:375 +#: src/gui/.ui/iptadvanceddialog_q.cpp:631 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1103 +msgid "" +"A command that installer should execute on the firewall in order to activate " +"the policy (if this field is blank, installer runs firewall script in the " +"directory specified above; it uses sudo if user name is not 'root')" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:589 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:372 +#: src/gui/.ui/iptadvanceddialog_q.cpp:628 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1100 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1877 +msgid "" +"Alternative name or address used to communicate with the firewall (also " +"putty session name on Windows)" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:590 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:373 +#: src/gui/.ui/iptadvanceddialog_q.cpp:629 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1101 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1878 +msgid "" +"User name used to authenticate to the firewall (leave this empty if you use " +"putty session):" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:591 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:377 +#: src/gui/.ui/iptadvanceddialog_q.cpp:633 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1105 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1880 +msgid "Installer" +msgstr "Installeur" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:594 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:384 +#: src/gui/.ui/iptadvanceddialog_q.cpp:640 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1113 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1883 +msgid "" +"The following commands will be added verbatim on top of generated " +"configuration" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:599 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:381 +#: src/gui/.ui/iptadvanceddialog_q.cpp:637 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1109 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1888 +msgid "" +"The following commands will be added verbatim after generated configuration" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:600 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:386 +#: src/gui/.ui/iptadvanceddialog_q.cpp:647 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1118 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1889 +msgid "Prolog/Epilog" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:601 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:849 +msgid "Log facility:" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:602 +#: src/gui/.ui/iptadvanceddialog_q.cpp:654 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:799 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:850 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:881 +msgid "Log level:" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:603 +msgid "Log packet body" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:604 +msgid "Block if can not log" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:605 +#: src/gui/.ui/iptadvanceddialog_q.cpp:663 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1121 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2076 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:801 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:851 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:858 +msgid "Logging" +msgstr "Journalisation" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:606 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:387 +#: src/gui/.ui/iptadvanceddialog_q.cpp:669 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1122 +msgid "Add virtual addresses for NAT" +msgstr "Ajouter des adresses virtuelles pour le NAT" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:607 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:388 +#: src/gui/.ui/iptadvanceddialog_q.cpp:665 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1123 +msgid "Configure Interfaces of the firewall machine" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:608 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:389 +#: src/gui/.ui/iptadvanceddialog_q.cpp:666 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1124 +msgid "Turn debugging on in generated script" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:609 +msgid "Optimization" +msgstr "Optimisation" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:610 +msgid "" +"If this option is on, policy compiler adds virtual addresses to the " +"interfaces to make the firewall answer to ARP queries for addresses used in " +"NAT rules." +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:611 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:390 +#: src/gui/.ui/iptadvanceddialog_q.cpp:664 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1125 +msgid "These options enable auxiliary sections in the generated shell script." +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:612 +msgid "Determine addresses of dynamic interfaces at run time" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:613 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:391 +#: src/gui/.ui/iptadvanceddialog_q.cpp:672 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1126 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1872 +msgid "Script Options" +msgstr "Options de script" + +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:350 +msgid "ipfw: advanced settings" +msgstr "ipfw: configuration avancée" + +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:362 +msgid "" +"Add rule to accept packets matching dynamic rules created for\n" +"known sessions on top of the policy (action 'check-state')" +msgstr "" + +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:374 +#: src/gui/.ui/iptadvanceddialog_q.cpp:630 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1102 +msgid "Directory on the firewall where script should be installed" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:208 +msgid "IP" +msgstr "IP" + +#: src/gui/.ui/ipservicedialog_q.cpp:212 +msgid "all fragments" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:213 +msgid "rr (record route)" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:214 +msgid "timestamp" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:215 +msgid "ssrr (strict source route)" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:216 +msgid "'short' fragments" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:217 +msgid "lsrr (loose source route)" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:220 +msgid "Protocol number:" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:221 +msgid "( 0 - any protocol )" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:598 +msgid "iptables: advanced settings" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:604 +msgid "Accept ESTABLISHED and RELATED packets before the first rule" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:605 +msgid "Bridging firewall" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:606 +msgid "Detect shadowing in policy rules" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:607 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1832 +msgid "Assume firewall is part of 'any'" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:609 +msgid "Enable support for NAT of locally originated connections" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:612 +msgid "" +"Drop packets that are associated with\n" +"no known connection" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:614 +msgid "and log them" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:615 +msgid "Clamp MSS to MTU" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:621 +msgid "Make Tag and Classify actions terminating" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:622 +msgid "Do not set default policy for ipv6" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:642 +msgid "Insert prolog script " +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:649 +msgid "use ULOG" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:650 +msgid "use LOG" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:651 +msgid "log TCP seq. numbers" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:652 +msgid "log IP options" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:653 +msgid "use numeric syslog levels" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:655 +msgid "log TCP options" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:656 +msgid "cprange" +msgstr "cprange" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:657 +msgid "queue threshold:" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:658 +msgid "netlink group:" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:659 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:798 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:857 +msgid "Log prefix:" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:660 +msgid "Logging limit:" +msgstr "Limite de journalisation :" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:661 +msgid "" +"Activate logging in all rules\n" +"(overrides rule options, use for debugging)" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:667 +msgid "Verify interfaces before loading firewall policy" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:668 +msgid "Load modules" +msgstr "Charger les modules" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:670 +msgid "Use iptables-restore to activate policy" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:671 +msgid "iptables-restore replaces firewall policy in one atomic transaction" +msgstr "" + +#: src/gui/.ui/ipv4dialog_q.cpp:169 +msgid "IPv4" +msgstr "IPv4" + +#: src/gui/.ui/ipv4dialog_q.cpp:176 +msgid "DNS Lookup..." +msgstr "Requêtes DNS..." + +#: src/gui/.ui/libexport_q.cpp:106 +msgid "Export" +msgstr "Exporter" + +#: src/gui/.ui/libexport_q.cpp:107 +msgid "" +"This will export a library to a file which can later be imported back into " +"Firewall Builder" +msgstr "" + +#: src/gui/.ui/libexport_q.cpp:109 +msgid "New Item" +msgstr "Nouvel élément" + +#: src/gui/.ui/libexport_q.cpp:110 +msgid "Make exported libraries read-only" +msgstr "" + +#: src/gui/.ui/libexport_q.cpp:111 +#, fuzzy +msgid "Choose libraries to be exported:" +msgstr "Choisir un fichier à importer" + +#: src/gui/.ui/librarydialog_q.cpp:138 +msgid "Color:" +msgstr "Couleur :" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:195 +#, fuzzy +msgid "Linksys/Sveasoft: advanced settings" +msgstr "ipf: configuration avancée" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:200 +#: src/gui/.ui/linux24advanceddialog_q.cpp:450 +msgid "modprobe:" +msgstr "modprobe :" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:201 +#: src/gui/.ui/linux24advanceddialog_q.cpp:451 +msgid "logger:" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:202 +#: src/gui/.ui/linux24advanceddialog_q.cpp:452 +msgid "ip:" +msgstr "ip:" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:203 +#: src/gui/.ui/linux24advanceddialog_q.cpp:453 +msgid "lsmod" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:204 +#: src/gui/.ui/linux24advanceddialog_q.cpp:455 +msgid "iptables:" +msgstr "iptables:" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:205 +#: src/gui/.ui/linux24advanceddialog_q.cpp:454 +msgid "" +"Specify directory path and a file name for each utility on your firewall " +"machine. Leave these empty if you want to use default values." +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:207 +msgid "" +"Policy installer relies on the shell prompt on the firewall to execute " +"commands. Installer tries both prompt string patterns configured here; it " +"assumes that the firewall is ready to accept a command if either prompt " +"matches. You should only need to change these string patterns if Sveasoft " +"changes the shell prompt in the future releases of the software.\n" +"
    \n" +"
    \n" +"The default strings work for Sveasoft Alchemy pre-5.1 and pre-5.2" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:211 +msgid "Use default prompts" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:212 +msgid "prompt 2" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:213 +msgid "prompt 1" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:214 +#, fuzzy +msgid "Prompts" +msgstr "Propriétés" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:365 +msgid "Linux 2.4: advanced settings" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:407 +msgid "Kernel anti-spoofing protection" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:408 +msgid "Ignore broadcast pings" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:409 +msgid "Ignore all pings" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:410 +msgid "Accept source route" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:411 +msgid "Accept ICMP redirects" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:412 +msgid "Ignore bogus ICMP errors" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:413 +msgid "Allow dynamic addresses" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:414 +msgid "Log martians" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:416 +msgid "" +"These parameters make sense for connections to or from the firewall host" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:441 +msgid "TCP sack" +msgstr "TCP sack" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:442 +msgid "TCP window scaling" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:443 +msgid "TCP ECN" +msgstr "TCP ECN" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:444 +msgid "TCP SYN cookies" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:445 +msgid "TCP keepalive time (sec)" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:446 +msgid "TCP fack" +msgstr "TCP fack" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:447 +msgid "TCP timestamps" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:448 +msgid "TCP FIN timeout (sec)" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:449 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1051 +#: src/gui/.ui/tcpservicedialog_q.cpp:370 +msgid "TCP" +msgstr "TCP" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:456 +#, fuzzy +msgid "iptables-restore:" +msgstr "iptables:" + +#: src/gui/.ui/longtextdialog_q.cpp:95 +msgid "longTextDialog_q" +msgstr "" + +#: src/gui/.ui/longtextdialog_q.cpp:97 +msgid "this is the error text" +msgstr "" + +#: src/gui/.ui/macosxadvanceddialog_q.cpp:164 +msgid "MacOS X: advanced settings" +msgstr "" + +#: src/gui/.ui/metriceditorpanel_q.cpp:78 +#, fuzzy +msgid "textLabel2" +msgstr "Etiquette" + +#: src/gui/.ui/natruleoptionsdialog_q.cpp:154 +#, fuzzy +msgid "NAT Rule Options" +msgstr "Options" + +#: src/gui/.ui/natruleoptionsdialog_q.cpp:156 +msgid "No options are available for this firewall platform" +msgstr "" + +#: src/gui/.ui/natruleoptionsdialog_q.cpp:157 +#, fuzzy +msgid "Pool type" +msgstr "ICMP" + +#: src/gui/.ui/natruleoptionsdialog_q.cpp:158 +#, fuzzy +msgid "default" +msgstr "Supprimer" + +#: src/gui/.ui/newfirewalldialog_q.cpp:172 +#: src/gui/.ui/newfirewalldialog_q.cpp:323 +#: src/gui/.ui/newfirewalldialog_q.cpp:502 +#: src/gui/.ui/newfirewalldialog_q.cpp:524 src/gui/.ui/newhostdialog_q.cpp:188 +#: src/gui/.ui/newhostdialog_q.cpp:398 +msgid "Label" +msgstr "Etiquette" + +#: src/gui/.ui/newfirewalldialog_q.cpp:174 +#: src/gui/.ui/newfirewalldialog_q.cpp:504 src/gui/.ui/newhostdialog_q.cpp:190 +#: src/gui/.ui/newhostdialog_q.cpp:400 +msgid "Netmask" +msgstr "Masque réseau" + +#: src/gui/.ui/newfirewalldialog_q.cpp:175 +#: src/gui/.ui/newfirewalldialog_q.cpp:505 src/gui/.ui/newhostdialog_q.cpp:191 +#: src/gui/.ui/newhostdialog_q.cpp:401 +msgid "Dyn" +msgstr "Dyn" + +#: src/gui/.ui/newfirewalldialog_q.cpp:176 +#: src/gui/.ui/newfirewalldialog_q.cpp:506 src/gui/.ui/newhostdialog_q.cpp:192 +#: src/gui/.ui/newhostdialog_q.cpp:402 +msgid "MAC" +msgstr "MAC" + +#: src/gui/.ui/newfirewalldialog_q.cpp:325 +#: src/gui/.ui/newfirewalldialog_q.cpp:526 +msgid "Security Level" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:487 src/gui/.ui/newhostdialog_q.cpp:378 +msgid "Enter the name of the new object below:" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:488 +msgid "Choose firewall software it is running:" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:489 +msgid "Choose OS the new firewall runs on:" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:490 +msgid "Use preconfigured template firewall objects" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:492 +msgid "" +"Next step is to add interfaces to the new firewall. There are two ways to do " +"it: using SNMP query or manually. Adding them using SNMP query is fast and " +"automatic, but is only possible if firewall runs SNMP agent and you know " +"SNMP community string 'read'." +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:494 src/gui/.ui/newhostdialog_q.cpp:383 +msgid "Configure interfaces manually" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:495 +msgid "Use SNMP to discover interfaces of the firewall" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:496 src/gui/.ui/newhostdialog_q.cpp:385 +msgid "Discover Interfaces using SNMP" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:499 +msgid "" +"Here you can add or edit interfaces manually. 'Name' corresponds to the name " +"of the physical interface, such as 'eth0', 'fxp0', 'ethernet0' etc. 'Label' " +"is used to mark interface to reflect network topology, e.g. 'outside' or " +"'inside'. Label is mandatory for PIX firewall." +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:500 src/gui/.ui/newhostdialog_q.cpp:391 +msgid "Click 'Next' when done." +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:509 src/gui/.ui/newhostdialog_q.cpp:408 +msgid "Update" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:510 src/gui/.ui/newhostdialog_q.cpp:407 +msgid "Add" +msgstr "Ajouter" + +#: src/gui/.ui/newfirewalldialog_q.cpp:519 src/gui/.ui/newhostdialog_q.cpp:403 +msgid "MAC:" +msgstr "MAC:" + +#: src/gui/.ui/newfirewalldialog_q.cpp:521 +msgid "up" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:522 +msgid "down" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:527 +msgid "Click 'Finish' when done." +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:528 +msgid "" +"In order to be able to build firewall policy properly, Firewall Builder " +"needs information about 'security level' of the firewall's interfaces. " +"Interface that connects it to the Internet is considered 'insecure' and has " +"security level '0', while interface connected to the internal network is " +"supposed to be 'secure' (security level '100'). You can arrange interfaces " +"in the order of their security level below." +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:530 src/gui/.ui/newhostdialog_q.cpp:411 +msgid "" +"Choose template object in the list and click 'Finish' when ready. Template " +"objects use generic interface names that will be iherited by the firewall " +"object you create. You may need to rename them later to reflect real names " +"of interfaces on your firewall machine." +msgstr "" + +#: src/gui/.ui/newgroupdialog_q.cpp:99 +#, fuzzy +msgid "Group Name:" +msgstr "Groupe :" + +#: src/gui/.ui/newgroupdialog_q.cpp:100 +msgid "This operation will create a new group and put selected objects in it" +msgstr "" + +#: src/gui/.ui/newgroupdialog_q.cpp:101 +msgid "Create a group" +msgstr "" + +#: src/gui/.ui/newhostdialog_q.cpp:379 +msgid "Use preconfigured template host objects" +msgstr "" + +#: src/gui/.ui/newhostdialog_q.cpp:381 +msgid "" +"Next step is to add interfaces to the new host. There are two ways to do it: " +"using SNMP query or manually. Adding them using SNMP query is fast and " +"automatic, but is only possible if the host runs SNMP agent and you know " +"SNMP community string 'read'." +msgstr "" + +#: src/gui/.ui/newhostdialog_q.cpp:384 +msgid "Use SNMP to discover interfaces of the host" +msgstr "" + +#: src/gui/.ui/newhostdialog_q.cpp:388 +msgid "" +"Here you can add or edit interfaces manually. 'Name' corresponds to the name " +"of the physical interface, such as 'eth0', 'fxp0', 'ethernet0' etc. 'Label' " +"is used to mark interface to reflect network topology, e.g. 'outside' or " +"'inside'." +msgstr "" + +#: src/gui/.ui/newhostdialog_q.cpp:396 +msgid "" +"This is unnumbered interface, that is, it does not have an IP address. You " +"can use this for interfaces that terminate PPPoE or other VPN tunnels" +msgstr "" + +#: src/gui/.ui/newhostdialog_q.cpp:405 +msgid "" +"Address of this interface is assigned dynamically using DHCP or PPP protocol" +msgstr "" + +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:148 +msgid "Conflict Resolution" +msgstr "" + +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:149 +msgid "" +"There is a conflict between an object in your tree and object in the file " +"you are trying to open. Choose which version of this object you want to use:" +msgstr "" + +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:150 +msgid "Current Object " +msgstr "" + +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:153 +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:158 +msgid "" +"Always choose this\n" +"object if there is a conflict" +msgstr "" + +#: src/gui/.ui/objectmanipulator_q.cpp:108 +msgid "Tree of Objects" +msgstr "Arborescence d'objets" + +#: src/gui/.ui/objectmanipulator_q.cpp:112 +msgid "Go back to the previous object" +msgstr "" + +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:172 +msgid "OpenBSD: advanced settings" +msgstr "" + +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:178 +msgid "Enable directed broadcast" +msgstr "" + +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:199 +msgid "pfctl:" +msgstr "pfctl :" + +#: src/gui/.ui/pagesetupdialog_q.cpp:103 +msgid "Page Setup" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:104 +msgid "start each section on a new page" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:105 +msgid "print header on every page" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:106 +msgid "print legend" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:107 +#, fuzzy +msgid "print objects used in rules" +msgstr "Chercher un objet dans l'arborescence" + +#: src/gui/.ui/pagesetupdialog_q.cpp:109 +#, fuzzy +msgid "Alt+O" +msgstr "Alt+C" + +#: src/gui/.ui/pagesetupdialog_q.cpp:112 +#, fuzzy +msgid "Scale tables: " +msgstr "iptables:" + +#: src/gui/.ui/pagesetupdialog_q.cpp:114 +msgid "50%" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:115 +msgid "75%" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:116 +msgid "100%" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:117 +msgid "150%" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:118 +msgid "200%" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:999 +msgid "pf: advanced settings" +msgstr "pf: configuration avancée" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1010 +msgid "Modulate state for all stateful rules (applies only to TCP services)" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1020 +msgid "Optimization:" +msgstr "Optimisation :" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1022 +msgid "Enforce Minimum TTL:" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1023 +msgid "Enforce Maximum MSS:" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1024 +msgid "Enforces a maximum Maximum Segment Size (MSS) in TCP packet headers." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1025 +msgid "Enforces a minimum Time To Live (TTL) in IP packet headers." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1026 +msgid "Reassemble fragments" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1027 +msgid "Clear DF bit" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1028 +msgid "Clears the don't fragment bit from the IP packet header." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1029 +msgid "Use random ID" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1030 +msgid "" +"Replaces the IP identification field of outgoing packets with random values " +"to compensate for operating systems that use predictable values." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1032 +msgid "Buffer and reassemble fragments (default)" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1033 +msgid "" +"Buffers incoming packet fragments and reassembles them into a complete " +"packet before passing them to the filter engine." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1034 +#, fuzzy +msgid "Drop duplicate fragments, do not buffer and reassemble" +msgstr "Supprimer les fragments constituant des doublons" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1035 +msgid "" +"Causes duplicate fragments to be dropped and any overlaps to be cropped." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1036 +#, fuzzy +msgid "Drop duplicate and subsequent fragments" +msgstr "Supprimer les fragments constituant des doublons" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1037 +msgid "" +"Similar to 'Drop duplicate fragments' except that all duplicate or " +"overlapping fragments will be dropped as well as any further corresponding " +"fragments." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1038 +msgid "Scrub rule options" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1039 +msgid "maximum number of entries in the memory pool used for packet reassembly" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1040 +#, fuzzy +msgid "table-entries" +msgstr "iptables:" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1041 +msgid "maximum number of addresses that canbe stored in tables" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1042 +msgid "" +"maximum number of entries in the memory pool used for state table entries" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1043 +msgid "state table size: " +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1044 +msgid "reassembly pool: " +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1045 +msgid "" +"maximum number of entries in the memory pool used for tracking source IP " +"addresses" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1046 +msgid "maximum number of tables that can exist in the memory simultaneously" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1047 +#, fuzzy +msgid "tables" +msgstr "iptables:" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1048 +msgid "src-nodes" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1049 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:876 +msgid "Limits" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1050 +msgid "" +"When a packet matches a stateful connection, the seconds to live for the " +"connection will be updated to the value which corresponds to the connection " +"state." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1052 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1065 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1074 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1077 +msgid "first" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1053 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1066 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1072 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1078 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1081 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1082 +msgid "The state after the first packet." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1054 +msgid "opening" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1055 +msgid " The state before the destination host ever sends a packet." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1056 +msgid "established" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1057 +msgid "The fully established state." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1058 +msgid "The state after the first FIN has been sent." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1059 +msgid "closing" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1060 +msgid "" +"The state after both FINs have been exchanged and the connection is closed." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1061 +#, fuzzy +msgid "finwait" +msgstr "ipnat:" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1062 +msgid "The state after one endpoint sends an RST." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1063 +#, fuzzy +msgid "closed" +msgstr "Fermer" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1064 +#: src/gui/.ui/udpservicedialog_q.cpp:221 +msgid "UDP" +msgstr "UDP" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1067 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1079 +msgid "single" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1068 +msgid "" +"The state if the source host sends more than one packet but the destination " +"host has never sent one back." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1069 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1080 +msgid "multiple" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1070 +msgid " The state if both hosts have sent packets." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1073 +msgid "The state after an ICMP error came back in response to an ICMP packet." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1076 +msgid "Other Protocols" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1083 +msgid "Fragments" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1084 +msgid "reassembly timeout" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1085 +msgid "state expiration timeout" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1086 +msgid "seconds between purges of expired states and packet fragments." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1087 +msgid "seconds before an unassembled fragment is expired." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1088 +msgid "Adaptive scaling" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1089 +msgid "" +"Timeout values can be reduced adaptively as the number of state table " +"entries grows (see man page pf.conf(5) for details)" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1090 +msgid "adaptive start" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1091 +msgid "" +"When the number of state entries exceeds this value, adaptive scaling begins." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1092 +msgid "adaptive end" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1093 +msgid "" +"When reaching this number of state entries, all timeout val- ues become " +"zero, effectively purging all state entries imme- diately." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1094 +msgid "Activate adaptive timeout scaling" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1095 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1910 +msgid "Timeouts" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1114 +msgid "Insert prolog and epilog scripts" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1116 +msgid "in the activation shell script (.fw file)" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1117 +msgid "in the pf rule file (.conf file)" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1119 +msgid "Log Prefix" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1120 +msgid "Fallback \"deny all\" rule should log blocked packets" +msgstr "" + +#: src/gui/.ui/physaddressdialog_q.cpp:149 +msgid "physAddress" +msgstr "" + +#: src/gui/.ui/physaddressdialog_q.cpp:150 +#, fuzzy +msgid "MAC Address" +msgstr "Ajouter une adresse MAC" + +#: src/gui/.ui/physaddressdialog_q.cpp:153 +msgid "Physical address (MAC):" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1824 +msgid "PIX Firewall Settings" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1831 +msgid "Policy Compiler Options" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1833 +msgid "" +"Generate rules assuming the firewall is part of \"Any\". This makes a " +"difference in rules that use services 'ssh' and 'telnet' since PIX uses " +"special commands to control ssh and telnet access to the firewall machine" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1834 +msgid "" +"Replace NAT'ted objects with their \n" +"translations in policy rules" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1836 +msgid "" +"PIX inspects packets with ACLs before it does NAT, while many other " +"firewalls do NAT first and then apply ACLs. Policy compiler can emulate the " +"latter behaviour if this options is turned on." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1837 +msgid "Emulate outbound ACLs" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1838 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1840 +msgid "" +"Normally PIX does not support ouotbound ACL, however policy compiler can " +"emulate them if this option is turned on" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1839 +msgid "Generate outbound ACLs" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1843 +msgid "Optimize 'default nat' rules" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1844 +msgid "" +"In nat rules where network zone object is used in OSrc, ODst and OSrv are " +"'any' and TSrc defines a global pool for the translation, replace object in " +"OSrc with 'any' to produce PIX command \"nat (interface) N 0.0.0.0 0.0.0.0\"" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1845 +msgid "Detect rule shadowing in the policy" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1847 +msgid "Verification of NAT rules" +msgstr "Vérification des règles de NAT" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1848 +msgid "Check for duplicate nat rules" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1849 +msgid "Check for overlapping global pools" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1850 +msgid "Check for overlapping statics" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1851 +msgid "" +"Check for overlapping global\n" +"pools and statics" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1853 +msgid "Compiler Options" +msgstr "Options de compilation" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1855 +msgid "Comment the code" +msgstr "Commenter le code" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1856 +msgid "Insert comments into generated PIX configuration file" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1857 +msgid "Use ACL remarks" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1858 +msgid "Use ACL remarks to relate ACL commands and policy rules in the GUI" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1859 +msgid "Group similar commands together" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1860 +msgid "" +"Group PIX commands in the script so that similar commands appear next to " +"each other, just like PIX does it when you use 'show config'" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1861 +msgid "Use manual ACL commit on FWSM" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1862 +msgid "Access lists (requires Firewall Builder for PIX 1.1.6 and later)" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1863 +msgid "" +"Clear all access lists then install new ones. This method may interrupt " +"access to the firewall if you manage it remotely via IPSEC tunnel. This is " +"the way access lists were generated in older versions of Firewall Builder " +"for PIX." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1864 +msgid "" +"Do not clear access lists and object group, just generate PIX commands for " +"the new ones. Use this optin if you have your own policy installation " +"scripts." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1865 +msgid "" +"\"Safety net\" method:\n" +"\n" +"First, create temporary access list to permit connections from the " +"management subnet specified below to the firewall and assign it to outside " +"interface. This temporary ACL helps maintain session between management " +"station and the firewall while access lists are reloaded in case connection " +"comes over IPSEC tunnel. Then clear permanent lists, recreate them and " +"assign to interfaces. This method ensures that remote access to the firewall " +"is maintained without interruption at a cost of slightly larger " +"configuration." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1868 +msgid "" +"Temporary access list should permit access from this address or subnet (use " +"prefix notation to specify subnet, e.g. 192.0.2.0/24):" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1890 +msgid "Set all to defaults.." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1891 +msgid "xlate" +msgstr "xlate" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1892 +msgid "conn" +msgstr "conn" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1893 +msgid "udp" +msgstr "udp" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1894 +msgid "rpc" +msgstr "rpc" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1895 +msgid "h323" +msgstr "h323" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1896 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2020 +msgid "sip" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1897 +msgid "sip&media" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1898 +msgid "unauth" +msgstr "unauth" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1899 +msgid "telnet" +msgstr "telnet" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1900 +msgid "ssh" +msgstr "ssh" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1901 +msgid "ss" +msgstr "ss" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1902 +msgid "mm" +msgstr "mm" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1903 +msgid "hh" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1904 +msgid "half-closed" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1906 +msgid "Inactivity" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1907 +msgid "Absolute" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1911 +msgid "" +"Policy compiler generates 'fixup' commands for PIX v6.1-6.3 and FWSM v2.3. " +"For PIX 7.0 it generates 'class-map' and 'inspect' commands assigned to the " +"'policy-map' under either default or custom inspection classes." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1913 +msgid "Enable all protocols" +msgstr "Activer tous les protocoles" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1914 +msgid "Disable all protocols" +msgstr "Désactiver tous les protocoles" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1915 +msgid "Skip all protocols" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1916 +msgid "Display generated commands" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1918 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1927 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1933 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1941 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1950 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1958 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1966 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1972 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1980 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1988 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1995 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2002 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2009 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2017 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2024 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2032 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2040 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2048 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2055 +msgid "skip" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1919 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1928 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1934 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1942 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1951 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1959 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1967 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1973 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1981 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1989 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1996 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2003 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2010 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2018 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2025 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2033 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2041 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2049 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2056 +msgid "enable" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1920 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1929 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1935 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1943 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1952 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1960 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1968 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1974 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1982 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1990 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1997 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2004 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2011 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2019 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2026 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2034 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2042 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2050 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2057 +msgid "disable" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1921 +msgid "" +"Computer Telephony Interface Quick Buffer Encoding (CTIQBE) protocol " +"inspection module that supports NAT, PAT, and bi-directional NAT." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1922 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1938 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1947 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1956 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1964 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1977 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1993 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2000 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2007 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2014 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2022 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2030 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2037 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2045 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2053 +msgid "port:" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1923 +msgid "ctiqbe" +msgstr "ctiqbe" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1924 +msgid "" +"Based on this maximum-length configured by the user, the DNS fixup checks to " +"see if the DNS packet length is within this limit. Every UDP DNS packet " +"(request/response) undergoes the above check." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1925 +msgid "max length:" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1930 +msgid "dns" +msgstr "dns" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1931 +msgid "Enables PAT for Encapsulating Security Payload (ESP), single tunnel." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1936 +msgid "esp ike" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1939 +msgid "strict:" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1944 +msgid "" +"Activated support for FTP protocol and allows to change the ftp control " +"connection port number." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1946 +msgid "" +"Specifies to use H.225, the ITU standard that governs H.225.0 session " +"establishment and packetization, with H.323" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1948 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1955 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1963 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1978 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2015 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2029 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2038 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2046 +msgid "--" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1953 +msgid "h323 h225" +msgstr "h323 h225" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1954 +msgid "" +"Specifies to use RAS with H.323 to enable dissimilar communication devices " +"to communicate with each other." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1961 +msgid "h323 ras" +msgstr "h323 ras" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1962 +msgid "" +"The default port for HTTP is 80. Use the port option to change the HTTP " +"port, or specify a range of HTTP ports." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1969 +msgid "http" +msgstr "http" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1970 +msgid "" +"Enables NAT of ICMP error messages. This creates translations for " +"intermediate hops based on the static or network address translation " +"configuration on the firewall." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1975 +msgid "icmp error" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1976 +msgid "" +"Provides NAT support for Microsoft NetMeeting, SiteServer, and Active " +"Directory products that use LightWeight Directory Access Protocol (LDAP) to " +"exchange directory information with an for Internet Locator Service (ILS) " +"server." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1983 +msgid "ils" +msgstr "ils" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1984 +msgid "Enables the Media Gateway Control Protocol (MGCP) fixup." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1985 +msgid "Gateway Port:" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1986 +msgid "Call Agent port:" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1991 +msgid "mgcp" +msgstr "mgcp" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1992 +msgid "" +"Enables Point-to-Point Tunneling Protocol (PPTP) application inspection." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1998 +msgid "pptp" +msgstr "pptp" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1999 +msgid "Enables inspection of RSH protocol." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2005 +msgid "rsh" +msgstr "rsh" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2006 +msgid "" +"Lets PIX Firewall pass Real Time Streaming Protocol (RTSP) packets. RTSP is " +"used by RealAudio, RealNetworks, Apple QuickTime 4, RealPlayer, and Cisco IP/" +"TV connections." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2012 +msgid "rtsp" +msgstr "rtsp" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2013 +msgid "" +"Enable or change the port assignment for the Session Initiation Protocol " +"(SIP) for Voice over IP TCP connections." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2021 +msgid "Enable SIP-over-UDP application inspection." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2027 +msgid "sip udp" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2028 +msgid "" +"Enable SCCP application inspection. SCCP protocol supports IP telephony and " +"can coexist in an H.323 environment. An application layer ensures that all " +"SCCP signaling and media packets can traverse the PIX Firewall and " +"interoperate with H.323 terminals." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2035 +msgid "skinny" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2036 +msgid "" +"Enables the Mail Guard feature, which only lets mail servers receive the RFC " +"821, section 4.5.1, commands of HELO, MAIL, RCPT, DATA, RSET, NOOP, and " +"QUIT. All other commands are translated into X's which are rejected by the " +"internal server." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2043 +msgid "smtp" +msgstr "smtp" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2044 +msgid "Enables support for SQL*Net protocol." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2051 +msgid "sqlnet" +msgstr "sqlnet" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2052 +msgid "Enable TFTP application inspection." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2058 +msgid "tftp" +msgstr "tftp" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2059 +msgid "Inspect" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2060 +msgid "Syslog" +msgstr "Syslog" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2061 +msgid "Syslog host (name or IP address):" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2062 +msgid "syslog facility:" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2063 +msgid "syslog level ('logging trap'):" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2064 +msgid "Syslog message queue size (messages):" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2065 +msgid "Use 'EMBLEM' format for syslog messages" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2066 +msgid "" +"PIX Firewall Version 6.3 introduces support for EMBLEM format, which is " +"required when using the CiscoWorks Resource Manager Essentials (RME) syslog " +"analyzer." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2067 +msgid "Set device id for syslog messages (v6.3 and later):" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2068 +msgid "use address of interface" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2069 +msgid "use text string" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2070 +msgid "use hostname" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2071 +msgid "The logging timestamp command requires that the clock command be set." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2072 +msgid "Enable logging timestamps on syslog file" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2073 +msgid "Other logging destinations and levels:" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2074 +msgid "Internal buffer" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2075 +msgid "Console" +msgstr "Console" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2077 +msgid "Actively reset inbound TCP connections with RST" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2079 +msgid "Actively reset inbound TCP connections with RST on outside interface" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2081 +msgid "Force each TCP connection to linger in a shortened TIME&WAIT" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2082 +msgid "Alt+W" +msgstr "Alt+W" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2083 +msgid "Enable the IP Frag Guard feature (deprecated in v6.3 and later)." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2084 +msgid "Enable TCP resource control for AAA Authentication Proxy" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2085 +msgid "" +"Specify that when an incoming packet does a route lookup,\n" +"the incoming interface is used to determine which interface\n" +"the packet should go to, and which is the next hop\n" +"(deprecated in v6.3 and later)." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2089 +msgid "Disable inbound embedded DNS A record fixups" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2090 +msgid "Disable outbound DNS A record replies" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2091 +msgid "maximum number of simultaneous TCP and UDP connections" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2092 +msgid "maximum number of embryonic connections per host" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2093 +msgid "" +"Specifies the maximum number of simultaneous TCP and UDP connections for the " +"entire subnet. The default is 0, which means unlimited connections. (Idle " +"connections are closed after the idle timeout specified by the timeout conn " +"command.)" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2094 +msgid "" +"Specifies the maximum number of embryonic connections per host. An embryonic " +"connection is a connection request that has not finished the necessary " +"handshake between source and destination. Set a small value for slower " +"systems, and a higher value for faster systems. The default is 0, which " +"means unlimited embryonic connections." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2095 +msgid "The following parameters are used for all NAT rules:" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2096 +msgid "" +"(The default for both parameters is 0, which means unlimited number of " +"connections.)" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2097 +msgid "PIX Options" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:275 +msgid "PIX Advanced Configuration Options" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:276 +msgid "Set PIX host name using object's name" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:277 +msgid "Generate commands to configure addresses for interfaces" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:278 src/gui/.ui/prefsdialog_q.cpp:381 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:788 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:848 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:856 +msgid "General" +msgstr "Général" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:279 +msgid "NTP Servers:" +msgstr "Serveur NTP :" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:282 +msgid "Server 1:" +msgstr "Server 1 :" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:283 +msgid "Server 2:" +msgstr "Server 2 :" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:284 +msgid "Server 3:" +msgstr "Server 3 :" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:286 +msgid "Preffered:" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:287 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:301 +msgid "IP address:" +msgstr "Adresse IP :" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:288 +msgid "NTP" +msgstr "NTP" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:289 +msgid "Disable SNMP Agent" +msgstr "Désactiver l'agent SNMP" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:290 +msgid "Set SNMP communities using data from the firewall object dialog" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:291 +msgid "SNMP servers" +msgstr "Serveurs SNMP" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:293 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:297 +msgid "Poll" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:294 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:298 +msgid "Poll and Traps" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:295 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:299 +msgid "Traps" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:300 +msgid "Enable:" +msgstr "Activer :" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:302 +msgid "SNMP Server 1:" +msgstr "Serveur SNMP·1 :" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:303 +msgid "SNMP Server 2:" +msgstr "Serveur·SNMP 2·:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:304 +msgid "Enable sending log messages as SNMP trap notifications" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:305 +msgid "SNMP" +msgstr "SNMP" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:306 +msgid "Change TCP MSS to" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:307 +msgid "bytes" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:214 src/gui/.ui/prefsdialog_q.cpp:393 +#, fuzzy +msgid "File Path" +msgstr "Chemin" + +#: src/gui/.ui/prefsdialog_q.cpp:363 +msgid "Preferences" +msgstr "Préférences" + +#: src/gui/.ui/prefsdialog_q.cpp:368 +msgid "minutes" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:369 +msgid "Periodically save data to file every " +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:370 +msgid "Tooltip delay:" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:371 +#, fuzzy +msgid "Enable object tooltips" +msgstr "Activer tous les protocoles" + +#: src/gui/.ui/prefsdialog_q.cpp:372 +msgid "Show deleted objects" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:373 +#, fuzzy +msgid "Automatically save data in dialogs when switching between objects" +msgstr "" +"Enregistrer automatiquement les données\n" +"en passant d'un objet à l'autre" + +#: src/gui/.ui/prefsdialog_q.cpp:374 +msgid "On startup: " +msgstr "Au démarrage :" + +#: src/gui/.ui/prefsdialog_q.cpp:376 +msgid "Load standard objects" +msgstr "Charger les objets standard" + +#: src/gui/.ui/prefsdialog_q.cpp:377 +msgid "Load last edited file" +msgstr "Charger les fichiers précédemment édités" + +#: src/gui/.ui/prefsdialog_q.cpp:378 +msgid "Expand all branches in the object tree" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:379 +msgid "Working directory:" +msgstr "Répertoire de travail :" + +#: src/gui/.ui/prefsdialog_q.cpp:382 +msgid "Do not ask for the log record when checking in new file revision." +msgstr "" +"Enregistrement les nouvelles versions de fichier sans tenir compte du " +"fichier de journalisation." + +#: src/gui/.ui/prefsdialog_q.cpp:383 +msgid "Revision Control" +msgstr "Gestion des versions" + +#: src/gui/.ui/prefsdialog_q.cpp:384 +msgid "" +"A full path to the Secure Shell utility (remote command execution; for " +"example ssh on Unix or plink.exe or vsh.exe on Windows):" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:386 +msgid "SSH" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:387 +#, fuzzy +msgid "Add..." +msgstr "Ajouter" + +#: src/gui/.ui/prefsdialog_q.cpp:388 +#, fuzzy +msgid "Remove" +msgstr "Supprimer la règle" + +#: src/gui/.ui/prefsdialog_q.cpp:389 +msgid "" +"If you remove libraries from the list, changes get in effect next time you " +"start the program" +msgstr "" +"En cas de modification de la liste des bibliothèques, les changements ne " +"seront appliqués qu'au prochain démarrage du programme." + +#: src/gui/.ui/prefsdialog_q.cpp:390 +msgid "Available libraries:" +msgstr "Bibliothèques disponibles :" + +#: src/gui/.ui/prefsdialog_q.cpp:394 +msgid "Libraries" +msgstr "Bibliothèques" + +#: src/gui/.ui/prefsdialog_q.cpp:395 +msgid "Use these labels to mark rules in the firewall policy" +msgstr "" +"Vous pouvez utiliser ces étiquettes pour marquer des règles au sein de la " +"politique du firewall" + +#: src/gui/.ui/prefsdialog_q.cpp:410 +msgid "Labels" +msgstr "Etiquettes" + +#: src/gui/.ui/printingprogressdialog_q.cpp:73 +#, fuzzy +msgid "Printing" +msgstr "Imprimer" + +#: src/gui/.ui/rcsfilepreview_q.cpp:49 src/gui/.ui/rcsfilepreview_q.cpp:122 +msgid "Revision" +msgstr "Version" + +#: src/gui/.ui/rcsfilepreview_q.cpp:52 src/gui/.ui/rcsfilepreview_q.cpp:123 +msgid "Date" +msgstr "Date" + +#: src/gui/.ui/rcsfilepreview_q.cpp:55 src/gui/.ui/rcsfilepreview_q.cpp:124 +msgid "Author" +msgstr "" + +#: src/gui/.ui/rcsfilepreview_q.cpp:58 src/gui/.ui/rcsfilepreview_q.cpp:125 +msgid "Locked by" +msgstr "" + +#: src/gui/.ui/rcsfilepreview_q.cpp:120 +msgid "RCSFilePreview" +msgstr "" + +#: src/gui/.ui/rcsfilepreview_q.cpp:121 +msgid "Open read-only" +msgstr "Ouvrir·en·lecture-seule" + +#: src/gui/.ui/rcsfilepreview_q.cpp:126 +msgid "RCS log:" +msgstr "" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:100 +msgid "Log record for the new revision" +msgstr "" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:101 +msgid "Do not ask me anymore, always check files in with empty log" +msgstr "" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:102 +msgid "Check file &in" +msgstr "" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:103 +msgid "Alt+I" +msgstr "Alt+I" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:106 +#, qt-format +msgid "Checking file %1 into RCS" +msgstr "" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:107 +msgid "Log record for this revision: " +msgstr "" + +#: src/gui/.ui/routingruleoptionsdialog_q.cpp:118 +#, fuzzy +msgid "Routing Rule Options" +msgstr "Options" + +#: src/gui/.ui/routingruleoptionsdialog_q.cpp:120 +msgid "If installation of this routing rule fails, just carry on" +msgstr "" + +#: src/gui/.ui/routingruleoptionsdialog_q.cpp:121 +msgid "No options available for routing rules of this firewall platform" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:783 +msgid "Rule Options for ipt" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:785 +msgid "" +"Assume firewall is part of 'any' (this setting only affects code generated " +"for this rule)" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:786 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:845 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:853 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:877 +msgid "Stateless rule" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:787 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:844 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:852 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:878 +msgid "" +"Normally policy compiler uses stateful inspection in each rule. Activating " +"next option makes this rule stateless." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:800 +msgid "Netlink group (if using ULOG): " +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:802 +msgid "Rate (rule matches if it hits this often or less):" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:803 +msgid "Module limit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:804 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:827 +msgid "Burst:" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:811 +msgid "limit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:812 +msgid "bit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:813 +msgid "per network with netmask of " +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:814 +msgid "Number of allowed connections per client host" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:815 +msgid "Module connlimit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:816 +#, fuzzy +msgid "connlimit" +msgstr "conn" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:817 +msgid "Module hashlimit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:818 +msgid "" +"On some older systems this module has name 'dstlimit'. Check here if you " +"need to use this name." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:819 +#, fuzzy +msgid "Rate:" +msgstr "Date:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:828 +#, fuzzy +msgid "Mode:" +msgstr "Code :" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:830 +#, fuzzy +msgid "dstip" +msgstr "smtp" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:831 +msgid "srcip" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:832 +msgid "dstip,dstport" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:833 +msgid "srcip,srcport" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:834 +#, fuzzy +msgid "htable-size:" +msgstr "iptables:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:835 +msgid "" +"The number of buckets of the hash table (omit this option in generated " +"script if set to 0)" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:836 +msgid "htable-max:" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:837 +msgid "" +"Maximum number of entries in the hash (omit this option in generated script " +"if set to 0)" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:838 +#, fuzzy +msgid "htable-expire:" +msgstr "iptables:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:839 +msgid "" +"After how many milliseconds do hash entries expire (omit this option in the " +"generated script if set to 0)" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:840 +msgid "htable-gcinterval:" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:841 +msgid "" +"How many milliseconds between garbage collection intervals (omit this option " +"in generated script if set to 0)" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:842 +msgid "" +"Options below control size of the hash table and expiration time. They will " +"be omitted from the generated script if set to zero." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:843 +msgid "hashlimit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:846 +msgid "" +"Send ICMP 'unreachable' packet masquerading as being from the original " +"destination" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:847 +msgid "" +"Keep information on fragmented packets, to be applied to later fragments" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:854 +msgid "" +"In PF 4.x \"flags S/SA keep state\" is the default. Compiler will omit these " +"flags while generating code for stateful rules matching tcp services. " +"However, according to the PF FAQ, care should be taken while dealing with " +"states and interface enc0. To avoid leaking unencrypted traffic out, the FAQ " +"recommends setting 'keep state' explicitly in all rules on the enc0 " +"interface. This option applies only if version is set to 4.x." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:855 +msgid "Add 'keep state' " +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:859 +msgid "Activate source tracking" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:860 +msgid "" +"When this option is checked, the number of states per source IP is tracked " +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:861 +msgid "" +"Maximum number of source addresses which can simultaneously have state table " +"entries (max-src-nodes):" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:862 +msgid "" +"Maximum number of simultaneous state entries that a single source address " +"can create with this rule (max-src-states):" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:863 +msgid "Tracking" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:864 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:872 +msgid "overload table:" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:865 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:871 +msgid "flush" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:866 +msgid "" +"Maximum number of simultaneous TCP connections that a single host can make " +"(max-src-conn):" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:867 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:870 +msgid "global" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:868 +msgid "The limit of new connections over a time interval (max-src-conn-rate):" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:869 +msgid "/" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:873 +msgid "sec" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:874 +msgid "" +"When this limit is reached, further packets matching the rule that would " +"create state are dropped, until existing states time out." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:875 +msgid "" +"Maximum number of concurrent states this rule may create. Unlimited if set " +"to zero (option 'max')." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:879 +msgid "These options are only valid for PIX running software v6.3 or later" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:880 +msgid "completely disable logging for this rule" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:882 +msgid "Logging interval:" +msgstr "Fréquence de journalisation :" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:883 +msgid "Tere are no options for this firewall platform" +msgstr "" + +#: src/gui/.ui/simpletextview_q.cpp:92 +msgid "Text viewer" +msgstr "" + +#: src/gui/.ui/simpletextview_q.cpp:93 +#, fuzzy +msgid "Object Name" +msgstr "Objet" + +#: src/gui/.ui/solarisadvanceddialog_q.cpp:182 +msgid "Solaris: advanced settings" +msgstr "" + +#: src/gui/.ui/solarisadvanceddialog_q.cpp:187 +msgid "Ignore ICMP redirects" +msgstr "" + +#: src/gui/.ui/solarisadvanceddialog_q.cpp:192 +msgid "Forward directed broadcasts" +msgstr "" + +#: src/gui/.ui/solarisadvanceddialog_q.cpp:193 +msgid "Respond to echo broadcast" +msgstr "" + +#: src/gui/.ui/tagservicedialog_q.cpp:148 +#, fuzzy +msgid "Tag Service" +msgstr "nouveau service TCP" + +#: src/gui/.ui/tcpservicedialog_q.cpp:375 +msgid "Use option \"established\" if supported by the target firewall platform" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:377 +msgid "Settings:" +msgstr "Configuration :" + +#: src/gui/.ui/tcpservicedialog_q.cpp:390 +msgid "U" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:391 +msgid "A" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:392 +msgid "P" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:393 +msgid "R" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:394 +msgid "S" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:395 +msgid "F" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:396 +msgid "Mask:" +msgstr "Masque :" + +#: src/gui/.ui/tcpservicedialog_q.cpp:397 +msgid "Flags:" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:400 +#: src/gui/.ui/udpservicedialog_q.cpp:224 +msgid "Source Port Range" +msgstr "Plage de ports source" + +#: src/gui/.ui/tcpservicedialog_q.cpp:401 +#: src/gui/.ui/tcpservicedialog_q.cpp:404 +#: src/gui/.ui/udpservicedialog_q.cpp:225 +#: src/gui/.ui/udpservicedialog_q.cpp:228 +msgid "Start:" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:402 +#: src/gui/.ui/tcpservicedialog_q.cpp:405 +#: src/gui/.ui/udpservicedialog_q.cpp:226 +#: src/gui/.ui/udpservicedialog_q.cpp:229 +msgid "End:" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:403 +#: src/gui/.ui/udpservicedialog_q.cpp:227 +msgid "Destination Port Range" +msgstr "Plage de ports de destination" + +#: src/gui/.ui/timedialog_q.cpp:246 src/gui/.ui/timedialog_q.cpp:263 +msgid "Sunday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:247 src/gui/.ui/timedialog_q.cpp:264 +msgid "Monday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:248 src/gui/.ui/timedialog_q.cpp:265 +msgid "Tuesday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:249 src/gui/.ui/timedialog_q.cpp:266 +msgid "Wednesday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:250 src/gui/.ui/timedialog_q.cpp:267 +msgid "Thursday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:251 src/gui/.ui/timedialog_q.cpp:268 +msgid "Friday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:252 src/gui/.ui/timedialog_q.cpp:269 +msgid "Saturday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:253 +msgid "Start day of week:" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:254 +msgid "Start time:" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:255 +msgid "Start date:" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:258 +#, fuzzy +msgid "End date:" +msgstr "Activer :" + +#: src/gui/.ui/timedialog_q.cpp:260 +msgid "End time:" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:270 +msgid "End day of week:" +msgstr "" + +#: src/gui/utils.cpp:197 +msgid "" +"Impossible to apply changes because object is located in read-only\n" +"part of the tee or data file was opened read-only" +msgstr "" + +#: src/gui/utils.cpp:219 +#, qt-format +msgid "Object with name '%1' already exists, please choose different name." +msgstr "" + +#: src/gui/aboutdialog_q.ui.h:14 +msgid "Revision: %1 ( Build: %2 )" +msgstr "" + +#: src/gui/aboutdialog_q.ui.h:16 +#, fuzzy +msgid "Using Firewall Builder API %1" +msgstr "Firewall Builder" + +#: src/gui/aboutdialog_q.ui.h:19 +msgid "Registered" +msgstr "" + +#: src/gui/aboutdialog_q.ui.h:20 +msgid "Unregistered" +msgstr "" + +#: src/gui/upgradePredicate.h:45 +msgid "" +"The data file you are trying to open has been\n" +"saved with an older version of Firewall Builder.\n" +"Opening it in this version will cause it to be\n" +"upgraded, which may prevent older versions of\n" +"the program from reading it. Backup copy of your\n" +"file in the old format will be made in the same\n" +"directory with extension '.bak'.\n" +"Are you sure you want to open it?" +msgstr "" + +#: src/gui/upgradePredicate.h:53 +msgid "&Upgrade" +msgstr "" + +#: src/gui/upgradePredicate.h:54 +msgid "&Do not load the file" +msgstr "" + +#, fuzzy +#~ msgid "Policy/%1" +#~ msgstr "Politique" + +#, fuzzy +#~ msgid "Exiting" +#~ msgstr "Quitter" + +#, fuzzy +#~ msgid "C&ommit" +#~ msgstr "Commentaires" + +#~ msgid "Date:" +#~ msgstr "Date:" + +#, fuzzy +#~ msgid "&Compile" +#~ msgstr "Compiler" + +#~ msgid "Accounting " +#~ msgstr "Comptabilisation" + +#, fuzzy +#~ msgid "Metric Editor" +#~ msgstr "Editeur de scripts" + +#~ msgid "Apply Changes" +#~ msgstr "Appliquer les changements" + +#, fuzzy +#~ msgid "..." +#~ msgstr "Ajouter" + +#~ msgid "SNMP community:" +#~ msgstr "Communauté SNMP :" + +#~ msgid "Contact:" +#~ msgstr "Contact :" + +#~ msgid "Description:" +#~ msgstr "Description :" + +#~ msgid "Del" +#~ msgstr "Supp" + +#~ msgid "" +#~ "This option is provisional and will change or disappear in future " +#~ "releases because we expect to make this a default behavior." +#~ msgstr "" +#~ "Cette option provisoire pourra être modifiée ou suprimée par la suite, " +#~ "pour devenir une configuration par défaut." + +#~ msgid "Data format" +#~ msgstr "Format de date" + +#, fuzzy +#~ msgid "Firewall Builder N.N.N" +#~ msgstr "Firewall Builder 2.0" + +#~ msgid "Create new project file" +#~ msgstr "Créer un nouveau fichier de projet" + +#~ msgid "Open existing file" +#~ msgstr "Ouvrir un fichier existant" + +#~ msgid "File name: %1" +#~ msgstr "Nom de fichier : %1" + +#~ msgid "Verification of policy rules" +#~ msgstr "Vérification de la validité des règles" + +#~ msgid "Script formatting" +#~ msgstr "Formattage du script" + +#, fuzzy +#~ msgid "&Add File to RCS" +#~ msgstr "Ajouter au RCS" + +#~ msgid "" +#~ "Automatically load the following\n" +#~ "libraries on startup:" +#~ msgstr "" +#~ "Au démarrage, charger automatiquement\n" +#~ "les bibliothèques suivantes :" + +#~ msgid "Copy of %1" +#~ msgstr "Copie de %1" + +#~ msgid "http://www.fwbuilder.org/" +#~ msgstr "http://www.fwbuilder.org/" + +#~ msgid "Environment" +#~ msgstr "Environnement" + +#~ msgid "OSrc" +#~ msgstr "OSrc" + +#~ msgid "ODst" +#~ msgstr "ODst" + +#~ msgid "OSrv" +#~ msgstr "OSrv" + +#~ msgid "TSrc" +#~ msgstr "TSrc" + +#~ msgid "TDst" +#~ msgstr "TDst" + +#~ msgid "TSrv" +#~ msgstr "TSrv" + +#~ msgid "Exec error: " +#~ msgstr "Erreur d'exécution :" diff --git a/po/fr.qm b/po/fr.qm new file mode 100644 index 000000000..e7803e123 Binary files /dev/null and b/po/fr.qm differ diff --git a/po/fwbuilder.pot b/po/fwbuilder.pot new file mode 100644 index 000000000..3044cfb3d --- /dev/null +++ b/po/fwbuilder.pot @@ -0,0 +1,7083 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR NetCitadel, LLC +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: vadim@fwbuilder.org\n" +"POT-Creation-Date: 2007-12-08 21:27-0800\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#: src/gui/ActionsDialog.cpp:97 +msgid "" +"'Chabge inbound interface', 'Continue packet inspection' and 'Make a copy' " +"options are mutually exclusive" +msgstr "" + +#: src/gui/ActionsDialog.cpp:98 src/gui/ActionsDialog.cpp:123 +#: src/gui/AddressRangeDialog.cpp:108 src/gui/AddressRangeDialog.cpp:119 +#: src/gui/FirewallDialog.cpp:315 src/gui/FirewallDialog.cpp:340 +#: src/gui/FWWindow.cpp:724 src/gui/FWWindow.cpp:733 src/gui/FWWindow.cpp:858 +#: src/gui/FWWindow.cpp:1082 src/gui/FWWindow.cpp:1095 +#: src/gui/FWWindow.cpp:1111 src/gui/FWWindow.cpp:1149 +#: src/gui/FWWindow.cpp:1155 src/gui/FWWindow.cpp:1224 +#: src/gui/FWWindow.cpp:1318 src/gui/FWWindow.cpp:1360 +#: src/gui/FWWindow.cpp:1383 src/gui/FWWindow.cpp:1456 +#: src/gui/FWWindow.cpp:1474 src/gui/FWWindow.cpp:1537 +#: src/gui/FWWindow.cpp:1549 src/gui/FWWindowPrint.cpp:923 +#: src/gui/instDialog.cpp:719 src/gui/instDialog.cpp:1462 +#: src/gui/instDialog.cpp:1580 src/gui/IPv4Dialog.cpp:146 +#: src/gui/IPv4Dialog.cpp:160 src/gui/listOfLibraries.cpp:148 +#: src/gui/listOfLibraries.cpp:188 src/gui/listOfLibraries.cpp:215 +#: src/gui/NetworkDialog.cpp:109 src/gui/NetworkDialog.cpp:120 +#: src/gui/RCS.cpp:499 src/gui/RCS.cpp:688 src/gui/RCS.cpp:701 +#: src/gui/RCS.cpp:718 src/gui/RCS.cpp:801 src/gui/utils.cpp:198 +msgid "&Continue" +msgstr "" + +#: src/gui/ActionsDialog.cpp:122 +msgid "" +"Rule name for accounting is converted to the iptables\n" +"chain name and therefore may not contain white space\n" +"and special characters." +msgstr "" + +#: src/gui/ActionsDialog.cpp:222 src/gui/ActionsDialog.cpp:223 +#: src/gui/.ui/actionsdialog_q.cpp:470 +msgid "Emulation is currently ON, rule will be terminating" +msgstr "" + +#: src/gui/ActionsDialog.cpp:226 src/gui/ActionsDialog.cpp:227 +msgid "Emulation is currently OFF, rule will be non-terminating" +msgstr "" + +#: src/gui/AddressRangeDialog.cpp:107 src/gui/AddressRangeDialog.cpp:118 +#: src/gui/IPv4Dialog.cpp:145 src/gui/NetworkDialog.cpp:108 +#, qt-format +msgid "Illegal IP address '%1'" +msgstr "" + +#: src/gui/ColorLabelMenuItem.cpp:48 +msgid "no color" +msgstr "" + +#: src/gui/CommentEditorPanel.cpp:75 src/gui/SimpleTextEditor.cpp:66 +msgid "Warning: loading from file discards current contents of the script." +msgstr "" + +#: src/gui/CommentEditorPanel.cpp:80 +msgid "Choose file that contains PIX commands" +msgstr "" + +#: src/gui/CommentEditorPanel.cpp:88 src/gui/DiscoveryDruid.cpp:791 +#: src/gui/SimpleTextEditor.cpp:79 +#, qt-format +msgid "Could not open file %1" +msgstr "" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:157 +#: src/gui/FindWhereUsedWidget.cpp:171 src/gui/FWWindow.cpp:2115 +#: src/gui/FWWindowPrint.cpp:369 +msgid "NAT" +msgstr "" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:160 +#: src/gui/FindWhereUsedWidget.cpp:174 src/gui/FWWindow.cpp:2087 +msgid "Policy" +msgstr "" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:163 +#: src/gui/FindWhereUsedWidget.cpp:177 src/gui/FWWindow.cpp:2130 +#: src/gui/FWWindowPrint.cpp:396 src/gui/platforms.cpp:559 +msgid "Routing" +msgstr "" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:166 +#: src/gui/FindWhereUsedWidget.cpp:180 +msgid "Unknown rule set" +msgstr "" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:168 +#: src/gui/FindWhereUsedWidget.cpp:182 +#, qt-format +msgid "/Rule%1" +msgstr "" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:182 +#: src/gui/FindWhereUsedWidget.cpp:196 +msgid "Type: " +msgstr "" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:203 +msgid "Not used anywhere" +msgstr "" + +#: src/gui/DialogFactory.cpp:158 src/gui/DialogFactory.cpp:181 +#, qt-format +msgid "Support module for %1 is not available" +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:616 +msgid "Hosts file parsing ..." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:625 +msgid "DNS zone transfer ..." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:635 +msgid "Network discovery using SNMP ..." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:645 +msgid "Import configuration from file ..." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:790 src/gui/DiscoveryDruid.cpp:1675 +#: src/gui/DiscoveryDruid.cpp:1722 +msgid "Discovery error" +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:1086 src/gui/DiscoveryDruid.cpp:1158 +msgid "Adding objects ..." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:1086 src/gui/DiscoveryDruid.cpp:1159 +#: src/gui/DiscoveryDruid.cpp:1362 src/gui/DiscoveryDruid.cpp:1507 +#: src/gui/DiscoveryDruid.cpp:1549 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:111 +#: src/gui/.ui/filterdialog_q.cpp:154 src/gui/.ui/instoptionsdialog_q.cpp:286 +#: src/gui/.ui/libexport_q.cpp:113 src/gui/.ui/newgroupdialog_q.cpp:102 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1826 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:310 +#: src/gui/.ui/printingprogressdialog_q.cpp:74 +#: src/gui/.ui/simpleinteditor_q.cpp:89 src/gui/.ui/simpletexteditor_q.cpp:96 +msgid "Cancel" +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:1362 +msgid "Prepare objects ..." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:1507 src/gui/DiscoveryDruid.cpp:1548 +msgid "Copying results ..." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:1838 +msgid "Incomlete network specification." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:1917 +msgid "Empty community string" +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:2132 +msgid "" +"Firewall Builder can import Cisco IOS access lists from the router " +"configuration saved using 'show run' or any other command that saves running " +"config. The name of the created firewall object, all of its interfaces and " +"their addresses will be configured automatically if this information can be " +"found in the configuration file." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:2143 +msgid "" +"Firewall Builder can import iptables rules from a file in iptables-save " +"format. Firewall name and addresses of its interfaces need to be configured " +"manually because iptables-save file does not have this information. " +msgstr "" + +#: src/gui/execDialog.cpp:101 src/gui/instDialog.cpp:1436 +#: src/gui/instDialog.cpp:2110 +msgid "Error: Failed to start program" +msgstr "" + +#: src/gui/filePropDialog.cpp:62 +msgid "Opened read-only" +msgstr "" + +#: src/gui/filePropDialog.cpp:80 +#, qt-format +msgid "Revision %1" +msgstr "" + +#: src/gui/FilterDialog.cpp:102 +msgid "Filter error" +msgstr "" + +#: src/gui/FilterDialog.cpp:102 +msgid "Invalid RegExp." +msgstr "" + +#: src/gui/FilterDialog.cpp:404 src/gui/GroupObjectDialog.cpp:144 +#: src/gui/.ui/findobjectwidget_q.cpp:203 +#: src/gui/.ui/newfirewalldialog_q.cpp:171 +#: src/gui/.ui/newfirewalldialog_q.cpp:322 +#: src/gui/.ui/newfirewalldialog_q.cpp:501 +#: src/gui/.ui/newfirewalldialog_q.cpp:523 src/gui/.ui/newhostdialog_q.cpp:187 +#: src/gui/.ui/newhostdialog_q.cpp:397 src/gui/.ui/prefsdialog_q.cpp:210 +#: src/gui/.ui/prefsdialog_q.cpp:391 +msgid "Name" +msgstr "" + +#: src/gui/FilterDialog.cpp:405 src/gui/FWWindowPrint.cpp:94 +#: src/gui/.ui/discoverydruid_q.cpp:1021 src/gui/.ui/finddialog_q.cpp:134 +#: src/gui/.ui/findobjectwidget_q.cpp:204 src/gui/.ui/ipv4dialog_q.cpp:170 +#: src/gui/.ui/newfirewalldialog_q.cpp:173 +#: src/gui/.ui/newfirewalldialog_q.cpp:324 +#: src/gui/.ui/newfirewalldialog_q.cpp:503 +#: src/gui/.ui/newfirewalldialog_q.cpp:525 src/gui/.ui/newhostdialog_q.cpp:189 +#: src/gui/.ui/newhostdialog_q.cpp:399 +msgid "Address" +msgstr "" + +#: src/gui/FilterDialog.cpp:408 +msgid "Contains" +msgstr "" + +#: src/gui/FilterDialog.cpp:409 +msgid "Is equal to" +msgstr "" + +#: src/gui/FilterDialog.cpp:410 +msgid "Starts with" +msgstr "" + +#: src/gui/FilterDialog.cpp:411 +msgid "Ends with" +msgstr "" + +#: src/gui/FilterDialog.cpp:412 +msgid "Matches Wildcard" +msgstr "" + +#: src/gui/FilterDialog.cpp:413 +msgid "Matches RegExp" +msgstr "" + +#: src/gui/findDialog.cpp:269 src/gui/FindObjectWidget.cpp:324 +msgid "Search hit the end of the object tree." +msgstr "" + +#: src/gui/findDialog.cpp:270 src/gui/FindObjectWidget.cpp:317 +#: src/gui/FindObjectWidget.cpp:325 +msgid "&Continue at top" +msgstr "" + +#: src/gui/findDialog.cpp:270 src/gui/FindObjectWidget.cpp:317 +#: src/gui/FindObjectWidget.cpp:325 +msgid "&Stop" +msgstr "" + +#: src/gui/FindObjectWidget.cpp:316 +msgid "Search hit the end of the policy rules." +msgstr "" + +#: src/gui/FindObjectWidget.cpp:354 +msgid "Search or Replace object ind't specified." +msgstr "" + +#: src/gui/FindObjectWidget.cpp:364 +msgid "Cannot replace object by itself." +msgstr "" + +#: src/gui/FindObjectWidget.cpp:372 +msgid "Search and Replace objects are incompatible." +msgstr "" + +#: src/gui/FindObjectWidget.cpp:466 +#, qt-format +msgid "Replaced %1 objects." +msgstr "" + +#: src/gui/FindObjectWidget.cpp:585 +msgid "Policy of firewall '" +msgstr "" + +#: src/gui/FirewallDialog.cpp:314 src/gui/FirewallDialog.cpp:339 +#, qt-format +msgid "FWBuilder API error: %1" +msgstr "" + +#: src/gui/freebsdAdvancedDialog.cpp:62 src/gui/linksysAdvancedDialog.cpp:68 +#: src/gui/linux24AdvancedDialog.cpp:62 src/gui/macosxAdvancedDialog.cpp:62 +#: src/gui/openbsdAdvancedDialog.cpp:62 src/gui/solarisAdvancedDialog.cpp:62 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:195 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:199 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:203 +#: src/gui/.ui/linux24advanceddialog_q.cpp:371 +#: src/gui/.ui/linux24advanceddialog_q.cpp:375 +#: src/gui/.ui/linux24advanceddialog_q.cpp:379 +#: src/gui/.ui/linux24advanceddialog_q.cpp:383 +#: src/gui/.ui/linux24advanceddialog_q.cpp:387 +#: src/gui/.ui/linux24advanceddialog_q.cpp:391 +#: src/gui/.ui/linux24advanceddialog_q.cpp:395 +#: src/gui/.ui/linux24advanceddialog_q.cpp:399 +#: src/gui/.ui/linux24advanceddialog_q.cpp:403 +#: src/gui/.ui/linux24advanceddialog_q.cpp:418 +#: src/gui/.ui/linux24advanceddialog_q.cpp:422 +#: src/gui/.ui/linux24advanceddialog_q.cpp:426 +#: src/gui/.ui/linux24advanceddialog_q.cpp:430 +#: src/gui/.ui/linux24advanceddialog_q.cpp:434 +#: src/gui/.ui/linux24advanceddialog_q.cpp:438 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:172 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:176 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:180 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:180 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:184 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:189 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:193 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:189 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:195 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:199 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:204 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:208 +msgid "No change" +msgstr "" + +#: src/gui/freebsdAdvancedDialog.cpp:65 src/gui/linksysAdvancedDialog.cpp:71 +#: src/gui/linux24AdvancedDialog.cpp:65 src/gui/macosxAdvancedDialog.cpp:65 +#: src/gui/openbsdAdvancedDialog.cpp:65 src/gui/solarisAdvancedDialog.cpp:65 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:196 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:200 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:204 +#: src/gui/.ui/linux24advanceddialog_q.cpp:372 +#: src/gui/.ui/linux24advanceddialog_q.cpp:376 +#: src/gui/.ui/linux24advanceddialog_q.cpp:380 +#: src/gui/.ui/linux24advanceddialog_q.cpp:384 +#: src/gui/.ui/linux24advanceddialog_q.cpp:388 +#: src/gui/.ui/linux24advanceddialog_q.cpp:392 +#: src/gui/.ui/linux24advanceddialog_q.cpp:396 +#: src/gui/.ui/linux24advanceddialog_q.cpp:400 +#: src/gui/.ui/linux24advanceddialog_q.cpp:404 +#: src/gui/.ui/linux24advanceddialog_q.cpp:419 +#: src/gui/.ui/linux24advanceddialog_q.cpp:423 +#: src/gui/.ui/linux24advanceddialog_q.cpp:427 +#: src/gui/.ui/linux24advanceddialog_q.cpp:431 +#: src/gui/.ui/linux24advanceddialog_q.cpp:435 +#: src/gui/.ui/linux24advanceddialog_q.cpp:439 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:173 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:177 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:181 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:181 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:185 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:190 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:194 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:190 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:196 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:200 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:205 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:209 +msgid "On" +msgstr "" + +#: src/gui/freebsdAdvancedDialog.cpp:68 src/gui/linksysAdvancedDialog.cpp:74 +#: src/gui/linux24AdvancedDialog.cpp:68 src/gui/macosxAdvancedDialog.cpp:68 +#: src/gui/openbsdAdvancedDialog.cpp:68 src/gui/solarisAdvancedDialog.cpp:68 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:197 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:201 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:205 +#: src/gui/.ui/linux24advanceddialog_q.cpp:373 +#: src/gui/.ui/linux24advanceddialog_q.cpp:377 +#: src/gui/.ui/linux24advanceddialog_q.cpp:381 +#: src/gui/.ui/linux24advanceddialog_q.cpp:385 +#: src/gui/.ui/linux24advanceddialog_q.cpp:389 +#: src/gui/.ui/linux24advanceddialog_q.cpp:393 +#: src/gui/.ui/linux24advanceddialog_q.cpp:397 +#: src/gui/.ui/linux24advanceddialog_q.cpp:401 +#: src/gui/.ui/linux24advanceddialog_q.cpp:405 +#: src/gui/.ui/linux24advanceddialog_q.cpp:420 +#: src/gui/.ui/linux24advanceddialog_q.cpp:424 +#: src/gui/.ui/linux24advanceddialog_q.cpp:428 +#: src/gui/.ui/linux24advanceddialog_q.cpp:432 +#: src/gui/.ui/linux24advanceddialog_q.cpp:436 +#: src/gui/.ui/linux24advanceddialog_q.cpp:440 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:174 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:178 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:182 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:182 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:186 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:191 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:195 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:191 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:197 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:201 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:206 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:210 +msgid "Off" +msgstr "" + +#: src/gui/FWBSettings.cpp:150 +#, qt-format +msgid "" +"Working directory %1 does not exist and could not be created.\n" +"Ignoring this setting." +msgstr "" + +#: src/gui/FWBTree.cpp:399 +msgid "New Library" +msgstr "" + +#: src/gui/FWObjectDropArea.cpp:103 +msgid "Drop object here." +msgstr "" + +#: src/gui/FWObjectDropArea.cpp:141 src/gui/GroupObjectDialog.cpp:682 +#: src/gui/ObjectManipulator.cpp:916 src/gui/RuleSetView.cpp:1666 +#: src/gui/.ui/FWBMainWindow_q.cpp:476 +msgid "Paste" +msgstr "" + +#: src/gui/FWObjectDropArea.cpp:143 src/gui/GroupObjectDialog.cpp:683 +#: src/gui/ObjConflictResolutionDialog.cpp:118 +#: src/gui/ObjConflictResolutionDialog.cpp:142 +#: src/gui/ObjectManipulator.cpp:921 src/gui/RuleSetView.cpp:1669 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:110 +#: src/gui/.ui/FWBMainWindow_q.cpp:542 src/gui/.ui/FWBMainWindow_q.cpp:543 +#: src/gui/.ui/newfirewalldialog_q.cpp:508 src/gui/.ui/newhostdialog_q.cpp:409 +msgid "Delete" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:102 +msgid "DNS record: " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:106 +msgid "Address Table: " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:157 +msgid " objects" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:173 +#, qt-format +msgid "protocol: %1" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:177 +#, qt-format +msgid "type: %1" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:179 +#, qt-format +msgid "code: %1" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:238 +msgid "Library: " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:243 +msgid "Object Id: " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:248 +msgid "Object Type: " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:252 +msgid "Object Name: " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:274 +msgid "DNS record:" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:277 +#: src/gui/FWObjectPropertiesFactory.cpp:285 +msgid "Run-time" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:277 +#: src/gui/FWObjectPropertiesFactory.cpp:285 +msgid "Compile-time" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:282 +msgid "Table file:" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:320 +#, qt-format +msgid "%1 objects
    \n" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:385 +msgid "Path: " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:444 +msgid "protocol " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:449 +msgid "type: " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:451 +msgid "code: " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:471 +#, qt-format +msgid "Pattern: \"%1\"" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:605 +msgid "Action : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:608 +msgid "Parameter: " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:631 +msgid "Log prefix : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:637 +msgid "Log Level : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:644 +msgid "Netlink group : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:650 +msgid "Limit Value : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:656 +msgid "Limit suffix : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:663 +msgid "Limit burst : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:670 +msgid "

  • Part of Any
    • " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:676 +#: src/gui/FWObjectPropertiesFactory.cpp:706 +#: src/gui/FWObjectPropertiesFactory.cpp:735 +#: src/gui/FWObjectPropertiesFactory.cpp:758 +msgid "
  • Stateless
    • " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:685 +msgid "Log facility: " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:692 +#: src/gui/FWObjectPropertiesFactory.cpp:775 +msgid "Log level : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:700 +msgid "
  • Send 'unreachable'
    • " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:712 +msgid "
  • Keep information on fragmented packets
    • " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:722 +msgid "Log prefix : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:728 +msgid "Max state : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:741 +msgid "
  • Source tracking
    • " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:744 +msgid "Max src nodes : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:747 +msgid "Max src states: " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:767 +#, qt-format +msgid "Ver:%1
    \n" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:781 +msgid "Log interval : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:788 +msgid "
  • Disable logging for this rule
    • " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:820 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:159 +msgid "bitmask" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:821 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:160 +msgid "random" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:822 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:161 +msgid "source-hash" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:823 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:162 +msgid "round-robin" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:825 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:163 +msgid "static-port" +msgstr "" + +#: src/gui/FWWindow.cpp:175 +msgid "No firewalls defined" +msgstr "" + +#: src/gui/FWWindow.cpp:379 +msgid "" +"Some objects have been modified but not saved.\n" +"Do you want to save changes now ?" +msgstr "" + +#: src/gui/FWWindow.cpp:381 src/gui/ObjectEditor.cpp:466 +#: src/gui/.ui/FWBMainWindow_q.cpp:453 +msgid "&Save" +msgstr "" + +#: src/gui/FWWindow.cpp:381 src/gui/ObjectEditor.cpp:466 +#: src/gui/.ui/FWBMainWindow_q.cpp:556 +msgid "&Discard" +msgstr "" + +#: src/gui/FWWindow.cpp:381 src/gui/FWWindow.cpp:680 src/gui/RCS.cpp:748 +#: src/gui/.ui/askrulenumberdialog_q.cpp:91 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:189 +#: src/gui/.ui/ipfadvanceddialog_q.cpp:549 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:353 +#: src/gui/.ui/iptadvanceddialog_q.cpp:601 +#: src/gui/.ui/linksysadvanceddialog_q.cpp:198 +#: src/gui/.ui/linux24advanceddialog_q.cpp:368 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:167 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:175 +#: src/gui/.ui/pagesetupdialog_q.cpp:110 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1002 src/gui/.ui/prefsdialog_q.cpp:366 +#: src/gui/.ui/rcsfilesavedialog_q.cpp:104 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:185 +msgid "&Cancel" +msgstr "" + +#: src/gui/FWWindow.cpp:436 +msgid "FWB Files (*.fwb);;All Files (*)" +msgstr "" + +#: src/gui/FWWindow.cpp:447 src/gui/FWWindow.cpp:1805 +#, qt-format +msgid "" +"The file %1 already exists.\n" +"Do you want to overwrite it ?" +msgstr "" + +#: src/gui/FWWindow.cpp:449 src/gui/FWWindow.cpp:1807 +#: src/gui/ObjectManipulator.cpp:510 src/gui/ObjectManipulator.cpp:539 +#: src/gui/ObjectManipulator.cpp:1752 src/gui/ObjectManipulator.cpp:1828 +msgid "&Yes" +msgstr "" + +#: src/gui/FWWindow.cpp:449 src/gui/FWWindow.cpp:1807 +#: src/gui/ObjectManipulator.cpp:510 src/gui/ObjectManipulator.cpp:539 +#: src/gui/ObjectManipulator.cpp:1752 src/gui/ObjectManipulator.cpp:1828 +msgid "&No" +msgstr "" + +#: src/gui/FWWindow.cpp:483 src/gui/FWWindow.cpp:1086 +#: src/gui/StartWizard.cpp:99 +msgid "Choose name and location for the new file" +msgstr "" + +#: src/gui/FWWindow.cpp:585 +msgid "Saving data to file..." +msgstr "" + +#: src/gui/FWWindow.cpp:617 +msgid "Choose name and location for the file" +msgstr "" + +#: src/gui/FWWindow.cpp:674 +msgid "" +"This operation discards all changes that have been saved\n" +"into the file so far, closes it and replaces it with a clean\n" +"copy of its head revision from RCS.\n" +"\n" +"All changes will be lost if you do this.\n" +"\n" +msgstr "" + +#: src/gui/FWWindow.cpp:679 src/gui/ObjectEditor.cpp:439 +msgid "&Discard changes" +msgstr "" + +#: src/gui/FWWindow.cpp:723 +#, qt-format +msgid "File %1 has been added to RCS." +msgstr "" + +#: src/gui/FWWindow.cpp:732 src/gui/StartWizard.cpp:157 +#, qt-format +msgid "" +"Error adding file to RCS:\n" +"%1" +msgstr "" + +#: src/gui/FWWindow.cpp:739 src/gui/FWWindow.cpp:1124 +msgid "(read-only)" +msgstr "" + +#: src/gui/FWWindow.cpp:798 src/gui/FWWindow.cpp:908 +msgid "Loading system objects..." +msgstr "" + +#: src/gui/FWWindow.cpp:857 src/gui/FWWindow.cpp:1148 +#: src/gui/FWWindow.cpp:1154 +#, qt-format +msgid "" +"Error loading file:\n" +"%1" +msgstr "" + +#: src/gui/FWWindow.cpp:916 +msgid "Reading and parsing data file..." +msgstr "" + +#: src/gui/FWWindow.cpp:986 +msgid "Merging with system objects..." +msgstr "" + +#: src/gui/FWWindow.cpp:1080 +#, qt-format +msgid "" +"Firewall Builder 2 uses file extension '.fwb' and \n" +"needs to rename old data file '%1' to '%2',\n" +"but file '%3' already exists.\n" +"Choose a different name for the new file." +msgstr "" + +#: src/gui/FWWindow.cpp:1094 +msgid "Load operation cancelled and data file reverted to original version." +msgstr "" + +#: src/gui/FWWindow.cpp:1109 +#, qt-format +msgid "" +"Firewall Builder 2 uses file extension '.fwb'. Your data file '%1' \n" +"has been renamed '%2'" +msgstr "" + +#: src/gui/FWWindow.cpp:1140 +#, qt-format +msgid "Exception: %1" +msgstr "" + +#: src/gui/FWWindow.cpp:1142 +#, qt-format +msgid "Failed transformation : %1" +msgstr "" + +#: src/gui/FWWindow.cpp:1144 +#, qt-format +msgid "XML element : %1" +msgstr "" + +#: src/gui/FWWindow.cpp:1167 +msgid "Building object tree..." +msgstr "" + +#: src/gui/FWWindow.cpp:1172 +msgid "Indexing..." +msgstr "" + +#: src/gui/FWWindow.cpp:1197 +#, qt-format +msgid "Checking file %1 in RCS" +msgstr "" + +#: src/gui/FWWindow.cpp:1222 +#, qt-format +msgid "" +"Error checking in file %1:\n" +"%2" +msgstr "" + +#: src/gui/FWWindow.cpp:1310 src/gui/FWWindow.cpp:1750 +msgid "File is read-only" +msgstr "" + +#: src/gui/FWWindow.cpp:1316 src/gui/FWWindow.cpp:1754 +#, qt-format +msgid "Error saving file %1: %2" +msgstr "" + +#: src/gui/FWWindow.cpp:1359 src/gui/listOfLibraries.cpp:214 +#, qt-format +msgid "Duplicate library '%1'" +msgstr "" + +#: src/gui/FWWindow.cpp:1381 src/gui/FWWindow.cpp:1454 +#: src/gui/FWWindow.cpp:1472 src/gui/listOfLibraries.cpp:186 +#, qt-format +msgid "" +"Error loading file %1:\n" +"%2" +msgstr "" + +#: src/gui/FWWindow.cpp:1395 +msgid "Choose a file to import" +msgstr "" + +#: src/gui/FWWindow.cpp:1413 +msgid "" +"This operation inspects two data files (either .fwb or .fwl) and finds " +"conflicting objects. Conflicting objects have the same internal ID but " +"different attributes. Two data files can not be merged, or one imported into " +"another, if they contain such objects. This operation also helps identify " +"changes made to objects in two copies of the same data file.

    This " +"operation does not find objects present in one file but not in the other, " +"such objects present no problem for merge or import operations.

    This " +"operation works with two external files, neither of which needs to be opened " +"in the program. Currently opened data file is not affected by this operation " +"and objects in the tree do not change.

    Do you want to proceed ?" +msgstr "" + +#: src/gui/FWWindow.cpp:1426 +msgid "Choose the first file" +msgstr "" + +#: src/gui/FWWindow.cpp:1433 +msgid "Choose the second file" +msgstr "" + +#: src/gui/FWWindow.cpp:1496 +#, qt-format +msgid "" +"Total number of conflicting objects: %1.\n" +"Do you want to generate report?" +msgstr "" + +#: src/gui/FWWindow.cpp:1509 +msgid "TXT Files (*.txt);;All Files (*)" +msgstr "" + +#: src/gui/FWWindow.cpp:1511 +msgid "Choose name and location for the report file" +msgstr "" + +#: src/gui/FWWindow.cpp:1536 +#, qt-format +msgid "Can not open report file for writing. File '%1'" +msgstr "" + +#: src/gui/FWWindow.cpp:1547 +#, qt-format +msgid "" +"Unexpected error comparing files %1 and %2:\n" +"%3" +msgstr "" + +#: src/gui/FWWindow.cpp:1664 +#, qt-format +msgid "" +"Library %1: Firewall '%2' (global policy rule #%3) uses object '%4' from " +"library '%5'" +msgstr "" + +#: src/gui/FWWindow.cpp:1673 +#, qt-format +msgid "" +"Library %1: Firewall '%2' (interface %3 policy rule #%4) uses object '%5' " +"from library '%6'" +msgstr "" + +#: src/gui/FWWindow.cpp:1684 +#, qt-format +msgid "" +"Library %1: Firewall '%2' (NAT rule #%3) uses object '%4' from library '%5'" +msgstr "" + +#: src/gui/FWWindow.cpp:1694 +#, qt-format +msgid "Library %1: Group '%2' uses object '%3' from library '%4'" +msgstr "" + +#: src/gui/FWWindow.cpp:1709 +msgid "" +"A library that you are trying to export contains references\n" +"to objects in the other libraries and can not be exported.\n" +"The following objects need to be moved outside of it or\n" +"objects that they refer to moved in it:" +msgstr "" + +#: src/gui/FWWindow.cpp:1780 +msgid "Please select a library you want to export." +msgstr "" + +#: src/gui/FWWindow.cpp:1999 +#, qt-format +msgid "%1" +msgstr "" + +#: src/gui/FWWindow.cpp:2011 +#, qt-format +msgid "Building branch policy view '%1'..." +msgstr "" + +#: src/gui/FWWindow.cpp:2081 +msgid "Building policy view..." +msgstr "" + +#: src/gui/FWWindow.cpp:2110 +msgid "Building NAT view..." +msgstr "" + +#: src/gui/FWWindow.cpp:2125 +msgid "Building routing view..." +msgstr "" + +#: src/gui/FWWindowPrint.cpp:92 src/gui/.ui/discoverydruid_q.cpp:1023 +#: src/gui/.ui/firewalldialog_q.cpp:209 src/gui/.ui/firewalldialog_q.cpp:210 +#: src/gui/.ui/instdialog_q.cpp:83 src/gui/.ui/instdialog_q.cpp:135 +#: src/gui/.ui/instdialog_q.cpp:224 src/gui/.ui/instdialog_q.cpp:269 +#: src/gui/.ui/instdialog_q.cpp:279 src/gui/.ui/instdialog_q.cpp:289 +msgid "Firewall" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:93 src/gui/.ui/discoverydruid_q.cpp:1022 +#: src/gui/.ui/hostdialog_q.cpp:144 src/gui/.ui/hostdialog_q.cpp:145 +msgid "Host" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:95 +msgid "Addres Range" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:96 src/gui/RuleSetView.cpp:3315 +#: src/gui/RuleSetView.cpp:3565 src/gui/.ui/interfacedialog_q.cpp:231 +#: src/gui/.ui/interfacedialog_q.cpp:232 +msgid "Interface" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:97 src/gui/.ui/networkdialog_q.cpp:163 +#: src/gui/.ui/networkdialog_q.cpp:164 +msgid "Network" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:98 +msgid "Group of objects" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:99 src/gui/.ui/customservicedialog_q.cpp:177 +#: src/gui/.ui/customservicedialog_q.cpp:178 +msgid "Custom Service" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:100 src/gui/.ui/ipservicedialog_q.cpp:209 +msgid "IP Service" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:101 src/gui/.ui/icmpservicedialog_q.cpp:168 +msgid "ICMP Service" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:102 src/gui/.ui/tcpservicedialog_q.cpp:371 +msgid "TCP Service" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:103 src/gui/.ui/udpservicedialog_q.cpp:222 +msgid "UDP Service" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:104 +msgid "Group of services" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:105 src/gui/.ui/timedialog_q.cpp:242 +msgid "Time Interval" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:281 +#, qt-format +msgid "Firewall name: %1" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:282 +msgid "Platform: " +msgstr "" + +#: src/gui/FWWindowPrint.cpp:283 +msgid "Version: " +msgstr "" + +#: src/gui/FWWindowPrint.cpp:284 +msgid "Host OS: " +msgstr "" + +#: src/gui/FWWindowPrint.cpp:290 +msgid "Global Policy" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:341 +#, qt-format +msgid "Interface %1" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:541 +msgid "Legend" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:632 src/gui/.ui/discoverydruid_q.cpp:1015 +msgid "Objects" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:854 +msgid "Groups" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:897 +msgid "EMPTY" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:919 src/gui/FWWindowPrint.cpp:922 +#: src/gui/FWWindowPrint.cpp:930 +msgid "Printing aborted" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:926 +msgid "Printing completed" +msgstr "" + +#: src/gui/GroupObjectDialog.cpp:145 +msgid "Properties" +msgstr "" + +#: src/gui/GroupObjectDialog.cpp:675 src/gui/.ui/FWBMainWindow_q.cpp:449 +#: src/gui/.ui/FWBMainWindow_q.cpp:493 src/gui/.ui/FWBMainWindow_q.cpp:494 +msgid "Open" +msgstr "" + +#: src/gui/GroupObjectDialog.cpp:677 src/gui/ObjectManipulator.cpp:840 +#: src/gui/RuleSetView.cpp:1660 src/gui/RuleSetView.cpp:1789 +#: src/gui/RuleSetView.cpp:1793 src/gui/RuleSetView.cpp:1797 +#: src/gui/.ui/ipfadvanceddialog_q.cpp:593 +#: src/gui/.ui/ipfadvanceddialog_q.cpp:597 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:379 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:383 +#: src/gui/.ui/iptadvanceddialog_q.cpp:635 +#: src/gui/.ui/iptadvanceddialog_q.cpp:641 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1107 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1111 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1882 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1886 +msgid "Edit" +msgstr "" + +#: src/gui/GroupObjectDialog.cpp:680 src/gui/ObjectManipulator.cpp:912 +#: src/gui/RuleSetView.cpp:1663 src/gui/.ui/FWBMainWindow_q.cpp:473 +msgid "Copy" +msgstr "" + +#: src/gui/GroupObjectDialog.cpp:681 src/gui/ObjectManipulator.cpp:914 +#: src/gui/RuleSetView.cpp:1665 src/gui/.ui/FWBMainWindow_q.cpp:470 +msgid "Cut" +msgstr "" + +#: src/gui/InstallFirewallViewItem.cpp:31 src/gui/instDialog.cpp:1893 +#: src/gui/instDialog.cpp:2045 src/gui/instDialog.cpp:2253 +#: src/gui/instDialog.cpp:2272 src/gui/instDialog.cpp:2286 +#: src/gui/instDialog.cpp:2298 +msgid "Failure" +msgstr "" + +#: src/gui/InstallFirewallViewItem.cpp:44 src/gui/instDialog.cpp:1149 +#: src/gui/instDialog.cpp:1150 src/gui/instDialog.cpp:1818 +#: src/gui/instDialog.cpp:1847 src/gui/instDialog.cpp:1848 +msgid "Success" +msgstr "" + +#: src/gui/instBatchOptionsDialog.cpp:47 +msgid "Batch install options" +msgstr "" + +#: src/gui/instDialog.cpp:116 +msgid "There is no firewalls to process." +msgstr "" + +#: src/gui/instDialog.cpp:131 +msgid "" +"

    Select firewalls for compilation.

    " +msgstr "" + +#: src/gui/instDialog.cpp:145 +msgid "Unknown operation." +msgstr "" + +#: src/gui/instDialog.cpp:176 +msgid "Show details" +msgstr "" + +#: src/gui/instDialog.cpp:182 +msgid "Hide details" +msgstr "" + +#: src/gui/instDialog.cpp:286 +msgid "Unsupported exception" +msgstr "" + +#: src/gui/instDialog.cpp:326 +msgid "Summary:" +msgstr "" + +#: src/gui/instDialog.cpp:329 src/gui/instDialog.cpp:359 +#, qt-format +msgid "* firewall name : %1" +msgstr "" + +#: src/gui/instDialog.cpp:331 +#, qt-format +msgid "* user name : %1" +msgstr "" + +#: src/gui/instDialog.cpp:333 +#, qt-format +msgid "* management address : %1" +msgstr "" + +#: src/gui/instDialog.cpp:335 +#, qt-format +msgid "* platform : %1" +msgstr "" + +#: src/gui/instDialog.cpp:337 +#, qt-format +msgid "* host OS : %1" +msgstr "" + +#: src/gui/instDialog.cpp:339 +#, qt-format +msgid "* Loading configuration from file %1" +msgstr "" + +#: src/gui/instDialog.cpp:344 +msgid "* Incremental install" +msgstr "" + +#: src/gui/instDialog.cpp:349 +#, qt-format +msgid "* Configuration diff will be saved in file %1" +msgstr "" + +#: src/gui/instDialog.cpp:354 +msgid "* Commands will not be executed on the firewall" +msgstr "" + +#: src/gui/instDialog.cpp:656 +#, qt-format +msgid "" +"Only one interface of the firewall '%1' must be marked as management " +"interface." +msgstr "" + +#: src/gui/instDialog.cpp:663 +#, qt-format +msgid "" +"One of the interfaces of the firewall '%1' must be marked as management " +"interface." +msgstr "" + +#: src/gui/instDialog.cpp:670 +msgid "" +"Management interface does not have IP address, can not communicate with the " +"firewall." +msgstr "" + +#: src/gui/instDialog.cpp:718 +#, qt-format +msgid "File %1 not found." +msgstr "" + +#: src/gui/instDialog.cpp:1002 src/gui/SSHPIX.cpp:347 +#, qt-format +msgid "Can not open file %1" +msgstr "" + +#: src/gui/instDialog.cpp:1105 +#, qt-format +msgid "" +"\n" +"Copying %1 -> %2:%3\n" +msgstr "" + +#: src/gui/instDialog.cpp:1139 +#, qt-format +msgid "" +"Running command '%1'\n" +"\n" +msgstr "" + +#: src/gui/instDialog.cpp:1154 src/gui/instDialog.cpp:1155 +#: src/gui/instDialog.cpp:1823 src/gui/instDialog.cpp:1859 +#: src/gui/instDialog.cpp:1860 +msgid "Error" +msgstr "" + +#: src/gui/instDialog.cpp:1177 +msgid "Fatal error, terminating install sequence\n" +msgstr "" + +#: src/gui/instDialog.cpp:1190 +msgid "Done\n" +msgstr "" + +#: src/gui/instDialog.cpp:1253 +msgid "Activating new policy\n" +msgstr "" + +#: src/gui/instDialog.cpp:1421 +#, qt-format +msgid "Compiling rule sets for firewall: %1" +msgstr "" + +#: src/gui/instDialog.cpp:1459 +msgid "" +"Policy installer uses Secure Shell to communicate with the firewall.\n" +"Please configure directory path to the secure shell utility \n" +"installed on your machine using Preferences dialog" +msgstr "" + +#: src/gui/instDialog.cpp:1483 +msgid "Firewall isn't compiled." +msgstr "" + +#: src/gui/instDialog.cpp:1578 +msgid "" +"Firewall platform is not specified in this object.\n" +"Can't compile firewall policy." +msgstr "" + +#: src/gui/instDialog.cpp:1779 +msgid "Error: Terminating install sequence\n" +msgstr "" + +#: src/gui/instDialog.cpp:1852 +msgid "Abnormal program termination" +msgstr "" + +#: src/gui/instDialog.cpp:1858 +msgid "Skipped" +msgstr "" + +#: src/gui/instDialog.cpp:1888 src/gui/instDialog.cpp:2040 +msgid "Compiling ..." +msgstr "" + +#: src/gui/instDialog.cpp:1901 +msgid "Recompile" +msgstr "" + +#: src/gui/instDialog.cpp:1987 +msgid "Batch policy rules compilation" +msgstr "" + +#: src/gui/instDialog.cpp:2016 src/gui/instDialog.cpp:2159 +#: src/gui/.ui/discoverydruid_q.cpp:992 src/gui/.ui/execdialog_q.cpp:94 +#: src/gui/.ui/instdialog_q.cpp:278 +msgid "Stop" +msgstr "" + +#: src/gui/instDialog.cpp:2170 +msgid "Install firewall: " +msgstr "" + +#: src/gui/instDialog.cpp:2180 +msgid "Installing firewalls" +msgstr "" + +#: src/gui/instDialog.cpp:2211 +msgid "Installing ..." +msgstr "" + +#: src/gui/instDialog.cpp:2265 +#, qt-format +msgid "Installing policy rules on firewall '%1'." +msgstr "" + +#: src/gui/instDialog.cpp:2395 src/gui/.ui/instdialog_q.cpp:276 +msgid "Show selected" +msgstr "" + +#: src/gui/instDialog.cpp:2401 +msgid "Show all" +msgstr "" + +#: src/gui/instOptionsDialog.cpp:66 +#, qt-format +msgid "Install options for firewall '%1'" +msgstr "" + +#: src/gui/InterfaceDialog.cpp:193 +msgid "Group: " +msgstr "" + +#: src/gui/InterfaceDialog.cpp:211 +msgid "Network: " +msgstr "" + +#: src/gui/ipfAdvancedDialog.cpp:170 src/gui/ipfAdvancedDialog.cpp:179 +#: src/gui/ipfwAdvancedDialog.cpp:144 src/gui/ipfwAdvancedDialog.cpp:153 +#: src/gui/iptAdvancedDialog.cpp:204 src/gui/iptAdvancedDialog.cpp:213 +#: src/gui/pfAdvancedDialog.cpp:278 src/gui/pfAdvancedDialog.cpp:287 +#: src/gui/pixAdvancedDialog.cpp:786 src/gui/pixAdvancedDialog.cpp:795 +#: src/gui/.ui/metriceditorpanel_q.cpp:76 src/gui/.ui/simpleinteditor_q.cpp:88 +#: src/gui/.ui/simpletexteditor_q.cpp:93 +msgid "Script Editor" +msgstr "" + +#: src/gui/IPv4Dialog.cpp:159 src/gui/NetworkDialog.cpp:119 +#, qt-format +msgid "Illegal netmask '%1'" +msgstr "" + +#: src/gui/IPv4Dialog.cpp:263 +#, qt-format +msgid "" +"DNS lookup failed for both names of the address object '%1' and the name of " +"the host '%2'." +msgstr "" + +#: src/gui/IPv4Dialog.cpp:270 +#, qt-format +msgid "DNS lookup failed for name of the address object '%1'." +msgstr "" + +#: src/gui/LibraryDialog.cpp:151 +msgid "Pick the color for this library" +msgstr "" + +#: src/gui/listOfLibraries.cpp:142 +msgid "" +"The library file you are trying to open\n" +"has been saved in an older version of\n" +"Firewall Builder and needs to be upgraded.\n" +"To upgrade it, just load it in the Firewall\n" +"Builder GUI and save back to file again." +msgstr "" + +#: src/gui/newFirewallDialog.cpp:99 src/gui/.ui/newhostdialog_q.cpp:390 +msgid "" +"Check option 'dynamic address' for the interface that gets its IP address " +"dynamically via DHCP or PPP protocol." +msgstr "" + +#: src/gui/newFirewallDialog.cpp:100 src/gui/.ui/newhostdialog_q.cpp:389 +msgid "" +"Check option 'Unnumbered interface' for the interface that does not have an " +"IP address. Examples of interfaces of this kind are those used to terminate " +"PPPoE or VPN tunnels." +msgstr "" + +#: src/gui/newFirewallDialog.cpp:229 src/gui/newHostDialog.cpp:222 +msgid "Missing SNMP community string." +msgstr "" + +#: src/gui/newFirewallDialog.cpp:248 src/gui/newHostDialog.cpp:241 +#, qt-format +msgid "Address of %1 could not be obtained via DNS" +msgstr "" + +#: src/gui/newFirewallDialog.cpp:422 +msgid "dynamic" +msgstr "" + +#: src/gui/newFirewallDialog.cpp:503 src/gui/newHostDialog.cpp:433 +#, qt-format +msgid "Interface: %1 (%2)" +msgstr "" + +#: src/gui/newFirewallDialog.cpp:511 src/gui/newHostDialog.cpp:441 +#: src/gui/.ui/newfirewalldialog_q.cpp:514 src/gui/.ui/newhostdialog_q.cpp:404 +msgid "Dynamic address" +msgstr "" + +#: src/gui/newFirewallDialog.cpp:513 src/gui/newHostDialog.cpp:443 +#: src/gui/.ui/interfacedialog_q.cpp:254 +#: src/gui/.ui/newfirewalldialog_q.cpp:513 src/gui/.ui/newhostdialog_q.cpp:395 +msgid "Unnumbered interface" +msgstr "" + +#: src/gui/newFirewallDialog.cpp:515 src/gui/.ui/interfacedialog_q.cpp:259 +#: src/gui/.ui/newfirewalldialog_q.cpp:512 +msgid "Bridge port" +msgstr "" + +#: src/gui/newFirewallDialog.cpp:555 src/gui/newHostDialog.cpp:480 +#, qt-format +msgid "Illegal address '%1/%2'" +msgstr "" + +#: src/gui/ObjConflictResolutionDialog.cpp:63 +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:152 +msgid "Keep current object" +msgstr "" + +#: src/gui/ObjConflictResolutionDialog.cpp:64 +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:157 +msgid "Replace with this object" +msgstr "" + +#: src/gui/ObjConflictResolutionDialog.cpp:117 +#: src/gui/ObjConflictResolutionDialog.cpp:141 +#, qt-format +msgid "Object '%1' has been deleted" +msgstr "" + +#: src/gui/ObjConflictResolutionDialog.cpp:176 +#, qt-format +msgid "Object '%1' in the objects tree" +msgstr "" + +#: src/gui/ObjConflictResolutionDialog.cpp:178 +#: src/gui/ObjConflictResolutionDialog.cpp:180 +#, qt-format +msgid "Object '%1' in file %2" +msgstr "" + +#: src/gui/ObjConflictResolutionDialog.cpp:297 +#: src/gui/.ui/findobjectwidget_q.cpp:191 +msgid "Next" +msgstr "" + +#: src/gui/ObjConflictResolutionDialog.cpp:299 +msgid "" +"The following two objects have the same internal ID but different attributes:" +msgstr "" + +#: src/gui/ObjConflictResolutionDialog.cpp:300 +msgid "Skip the rest but build report" +msgstr "" + +#: src/gui/ObjectEditor.cpp:437 +msgid "" +"Modifications done to this object can not be saved.\n" +"Do you want to continue editing it ?" +msgstr "" + +#: src/gui/ObjectEditor.cpp:438 src/gui/ObjectEditor.cpp:466 +#: src/gui/TCPServiceDialog.cpp:177 src/gui/TCPServiceDialog.cpp:185 +#: src/gui/UDPServiceDialog.cpp:119 src/gui/UDPServiceDialog.cpp:127 +#: src/gui/utils.cpp:221 +msgid "&Continue editing" +msgstr "" + +#: src/gui/ObjectEditor.cpp:465 +msgid "" +"This object has been modified but not saved.\n" +"Do you want to save it ?" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:145 +msgid "Object Manipulator" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:161 +msgid "New &Library" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:164 +msgid "New &Firewall" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:165 +msgid "New &Host" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:166 +msgid "New &Interface" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:168 +msgid "New &Network" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:169 +msgid "New &Address" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:170 +msgid "New &DNS Name" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:171 +msgid "New A&ddress Table" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:172 +msgid "New Address &Range" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:173 +msgid "New &Object Group" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:175 +msgid "New &Custom Service" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:176 +msgid "New &IP Service" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:177 +msgid "New IC&MP Service" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:178 +msgid "New &TCP Service" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:179 +msgid "New &UDP Service" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:180 +msgid "New &TagService" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:181 +msgid "New &Service Group" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:183 +msgid "New Ti&me Interval" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:230 +msgid " ( read only )" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:498 +msgid "" +"The name of the object '%1' has changed. The program can also\n" +"rename IP address objects that belong to this object,\n" +"using standard naming scheme 'host_name:interface_name:ip'.\n" +"This makes it easier to distinguish what host or a firewall\n" +"given IP address object belongs to when it is used in \n" +"the policy or NAT rule. The program also renames MAC address\n" +"objects using scheme 'host_name:interface_name:mac'.\n" +"Do you want to rename child IP and MAC address objects now?\n" +"(If you click 'No', names of all address objects that belong to\n" +"%1 will stay the same.)" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:527 +msgid "" +"The name of the interface '%1' has changed. The program can also\n" +"rename IP address objects that belong to this interface,\n" +"using standard naming scheme 'host_name:interface_name:ip'.\n" +"This makes it easier to distinguish what host or a firewall\n" +"given IP address object belongs to when it is used in \n" +"the policy or NAT rule. The program also renames MAC address\n" +"objects using scheme 'host_name:interface_name:mac'.\n" +"Do you want to rename child IP and MAC address objects now?\n" +"(If you click 'No', names of all address objects that belong to\n" +"%1 will stay the same.)" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:874 +#, qt-format +msgid "place in library %1" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:883 +#, qt-format +msgid "to library %1" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:893 +msgid "place here" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:896 +msgid "Duplicate ..." +msgstr "" + +#: src/gui/ObjectManipulator.cpp:901 src/gui/ObjectManipulator.cpp:904 +msgid "Move ..." +msgstr "" + +#: src/gui/ObjectManipulator.cpp:933 +msgid "Add Interface" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:938 +msgid "Add IP Address" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:940 +msgid "Add MAC Address" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:945 src/gui/.ui/newfirewalldialog_q.cpp:486 +msgid "New Firewall" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:950 src/gui/ObjectManipulator.cpp:2515 +#: src/gui/ObjectManipulator.cpp:2531 +msgid "New Address" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:955 src/gui/ObjectManipulator.cpp:2546 +msgid "New DNS Name" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:961 src/gui/ObjectManipulator.cpp:2557 +msgid "New Address Table" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:966 src/gui/ObjectManipulator.cpp:2624 +msgid "New Address Range" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:970 src/gui/.ui/newhostdialog_q.cpp:377 +msgid "New Host" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:974 src/gui/ObjectManipulator.cpp:2491 +msgid "New Network" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:978 src/gui/ObjectManipulator.cpp:1006 +#: src/gui/.ui/newgroupdialog_q.cpp:97 +msgid "New Group" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:982 src/gui/ObjectManipulator.cpp:2647 +msgid "New Custom Service" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:986 src/gui/ObjectManipulator.cpp:2658 +msgid "New IP Service" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:990 src/gui/ObjectManipulator.cpp:2669 +msgid "New ICMP Service" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:994 src/gui/ObjectManipulator.cpp:2680 +msgid "New TCP Service" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:998 src/gui/ObjectManipulator.cpp:2691 +msgid "New UDP Service" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1002 src/gui/ObjectManipulator.cpp:2591 +msgid "New TagService" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1010 src/gui/ObjectManipulator.cpp:2714 +msgid "New Time Interval" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1014 src/gui/.ui/finddialog_q.cpp:131 +#: src/gui/.ui/findwhereusedwidget_q.cpp:121 +msgid "Find" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1015 src/gui/RuleSetView.cpp:1672 +msgid "Where used" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1027 src/gui/.ui/groupobjectdialog_q.cpp:186 +#: src/gui/.ui/groupobjectdialog_q.cpp:187 +msgid "Group" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1035 src/gui/.ui/FWBMainWindow_q.cpp:499 +#: src/gui/.ui/FWBMainWindow_q.cpp:500 src/gui/.ui/instdialog_q.cpp:79 +#: src/gui/.ui/instdialog_q.cpp:267 +msgid "Compile" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1036 src/gui/.ui/FWBMainWindow_q.cpp:502 +#: src/gui/.ui/FWBMainWindow_q.cpp:503 src/gui/.ui/instdialog_q.cpp:81 +#: src/gui/.ui/instdialog_q.cpp:268 +msgid "Install" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1043 src/gui/.ui/FWBMainWindow_q.cpp:561 +#: src/gui/.ui/FWBMainWindow_q.cpp:562 +msgid "Lock" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1045 src/gui/.ui/FWBMainWindow_q.cpp:563 +#: src/gui/.ui/FWBMainWindow_q.cpp:564 +msgid "Unlock" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1054 +msgid "dump" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1087 +msgid "Undelete..." +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1576 +#, qt-format +msgid "" +"Impossible to insert object %1 (type %2) into %3\n" +"because of incompatible type." +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1743 +msgid "" +"Emptying the 'Deleted Objects' in a library file is not recommended.\n" +"When you remove deleted objects from a library file, Firewall Builder\n" +"loses ability to track them. If a group or a policy rule in some\n" +"data file still uses removed object from this library, you may encounter\n" +"unusual and unexpected behavior of the program.\n" +"Do you want to delete selected objects anyway ?" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1823 +#, qt-format +msgid "" +"When you delete a library, all objects that belong to it\n" +"disappear from the tree and all groups and rules that reference them.\n" +"You won't be able to reverse this operation later.\n" +"Do you still want to delete library %1?" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:2343 +#, qt-format +msgid "" +"Type '%1': new object can not be created because\n" +"corresponding branch is missing in the object tree.\n" +"Please repair the tree using command 'fwbedit -s -f file.fwb'." +msgstr "" + +#: src/gui/ObjectManipulator.cpp:2470 src/gui/ObjectManipulator.cpp:2473 +msgid "New Interface" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:2635 +msgid "New Object Group" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:2702 +msgid "New Service Group" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:2821 +msgid "Searching for firewalls affected by the change..." +msgstr "" + +#: src/gui/ObjectTreeView.cpp:115 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:66 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:113 +#: src/gui/.ui/discoverydruid_q.cpp:748 src/gui/.ui/discoverydruid_q.cpp:1024 +#: src/gui/.ui/FWBMainWindow_q.cpp:575 +msgid "Object" +msgstr "" + +#: src/gui/pfAdvancedDialog.cpp:98 +msgid "Aggressive" +msgstr "" + +#: src/gui/pfAdvancedDialog.cpp:100 +msgid "Conservative" +msgstr "" + +#: src/gui/pfAdvancedDialog.cpp:102 +msgid "For high latency" +msgstr "" + +#: src/gui/pfAdvancedDialog.cpp:104 +msgid "Normal" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:130 +msgid "0 - System Unusable" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:135 +msgid "1 - Take Immediate Action" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:140 +msgid "2 - Critical Condition" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:145 +msgid "3 - Error Message" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:150 +msgid "4 - Warning Message" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:155 +msgid "5 - Normal but significant condition" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:160 +msgid "6 - Informational" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:165 +msgid "7 - Debug Message" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:679 src/gui/pixAdvancedDialog.cpp:717 +msgid "Error: Policy compiler for PIX is not installed" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:703 +msgid "Compiler error" +msgstr "" + +#: src/gui/platforms.cpp:60 src/gui/.ui/ruleoptionsdialog_q.cpp:791 +msgid "alert" +msgstr "" + +#: src/gui/platforms.cpp:62 src/gui/.ui/ruleoptionsdialog_q.cpp:792 +msgid "crit" +msgstr "" + +#: src/gui/platforms.cpp:64 src/gui/.ui/pfadvanceddialog_q.cpp:1075 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:793 +msgid "error" +msgstr "" + +#: src/gui/platforms.cpp:66 src/gui/.ui/ruleoptionsdialog_q.cpp:794 +msgid "warning" +msgstr "" + +#: src/gui/platforms.cpp:68 src/gui/.ui/ruleoptionsdialog_q.cpp:795 +msgid "notice" +msgstr "" + +#: src/gui/platforms.cpp:70 src/gui/.ui/ruleoptionsdialog_q.cpp:796 +msgid "info" +msgstr "" + +#: src/gui/platforms.cpp:72 src/gui/.ui/ruleoptionsdialog_q.cpp:797 +msgid "debug" +msgstr "" + +#: src/gui/platforms.cpp:78 +msgid "kern" +msgstr "" + +#: src/gui/platforms.cpp:80 +msgid "user" +msgstr "" + +#: src/gui/platforms.cpp:82 +msgid "mail" +msgstr "" + +#: src/gui/platforms.cpp:84 +msgid "daemon" +msgstr "" + +#: src/gui/platforms.cpp:86 +msgid "auth" +msgstr "" + +#: src/gui/platforms.cpp:88 +msgid "syslog" +msgstr "" + +#: src/gui/platforms.cpp:90 +msgid "lpr" +msgstr "" + +#: src/gui/platforms.cpp:92 +msgid "news" +msgstr "" + +#: src/gui/platforms.cpp:94 +msgid "uucp" +msgstr "" + +#: src/gui/platforms.cpp:96 +msgid "cron" +msgstr "" + +#: src/gui/platforms.cpp:98 +msgid "authpriv" +msgstr "" + +#: src/gui/platforms.cpp:100 src/gui/.ui/pixadvanceddialog_q.cpp:1945 +msgid "ftp" +msgstr "" + +#: src/gui/platforms.cpp:102 +msgid "local0" +msgstr "" + +#: src/gui/platforms.cpp:104 +msgid "local1" +msgstr "" + +#: src/gui/platforms.cpp:106 +msgid "local2" +msgstr "" + +#: src/gui/platforms.cpp:108 +msgid "local3" +msgstr "" + +#: src/gui/platforms.cpp:110 +msgid "local4" +msgstr "" + +#: src/gui/platforms.cpp:112 +msgid "local5" +msgstr "" + +#: src/gui/platforms.cpp:114 +msgid "local6" +msgstr "" + +#: src/gui/platforms.cpp:116 +msgid "local7" +msgstr "" + +#: src/gui/platforms.cpp:121 +msgid "ICMP admin prohibited" +msgstr "" + +#: src/gui/platforms.cpp:123 +msgid "ICMP host prohibited" +msgstr "" + +#: src/gui/platforms.cpp:125 +msgid "ICMP host unreachable" +msgstr "" + +#: src/gui/platforms.cpp:127 +msgid "ICMP net prohibited" +msgstr "" + +#: src/gui/platforms.cpp:129 +msgid "ICMP net unreachable" +msgstr "" + +#: src/gui/platforms.cpp:131 +msgid "ICMP port unreachable" +msgstr "" + +#: src/gui/platforms.cpp:133 +msgid "ICMP protocol unreachable" +msgstr "" + +#: src/gui/platforms.cpp:135 +msgid "TCP RST" +msgstr "" + +#: src/gui/platforms.cpp:138 src/gui/.ui/actionsdialog_q.cpp:476 +#: src/gui/.ui/actionsdialog_q.cpp:483 +msgid "Route through" +msgstr "" + +#: src/gui/platforms.cpp:140 src/gui/.ui/actionsdialog_q.cpp:477 +#: src/gui/.ui/actionsdialog_q.cpp:484 +msgid "Route reply through" +msgstr "" + +#: src/gui/platforms.cpp:142 src/gui/.ui/actionsdialog_q.cpp:478 +#: src/gui/.ui/actionsdialog_q.cpp:485 +msgid "Route a copy through" +msgstr "" + +#: src/gui/platforms.cpp:145 src/gui/.ui/iptadvanceddialog_q.cpp:644 +msgid "on top of the script" +msgstr "" + +#: src/gui/platforms.cpp:147 src/gui/.ui/iptadvanceddialog_q.cpp:645 +msgid "after interface configuration" +msgstr "" + +#: src/gui/platforms.cpp:149 src/gui/.ui/iptadvanceddialog_q.cpp:646 +msgid "after policy reset" +msgstr "" + +#: src/gui/platforms.cpp:152 +msgid "in the activation shell script" +msgstr "" + +#: src/gui/platforms.cpp:155 +msgid "in the pf rule file, at the very top" +msgstr "" + +#: src/gui/platforms.cpp:158 +msgid "in the pf rule file, after set comamnds" +msgstr "" + +#: src/gui/platforms.cpp:161 +msgid "in the pf rule file, after scrub comamnds" +msgstr "" + +#: src/gui/platforms.cpp:164 +msgid "in the pf rule file, after table definitions" +msgstr "" + +#: src/gui/platforms.cpp:169 src/gui/.ui/ruleoptionsdialog_q.cpp:807 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:823 +msgid "/day" +msgstr "" + +#: src/gui/platforms.cpp:171 src/gui/.ui/ruleoptionsdialog_q.cpp:808 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:824 +msgid "/hour" +msgstr "" + +#: src/gui/platforms.cpp:173 src/gui/.ui/ruleoptionsdialog_q.cpp:809 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:825 +msgid "/minute" +msgstr "" + +#: src/gui/platforms.cpp:175 src/gui/.ui/ruleoptionsdialog_q.cpp:810 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:826 +msgid "/second" +msgstr "" + +#: src/gui/platforms.cpp:380 +msgid "- any -" +msgstr "" + +#: src/gui/platforms.cpp:381 +msgid "1.2.5 or earlier" +msgstr "" + +#: src/gui/platforms.cpp:382 +msgid "1.2.6 to 1.2.8" +msgstr "" + +#: src/gui/platforms.cpp:383 +msgid "1.2.9 to 1.2.11" +msgstr "" + +#: src/gui/platforms.cpp:384 +msgid "1.3.0 or later" +msgstr "" + +#: src/gui/platforms.cpp:401 +msgid "3.x" +msgstr "" + +#: src/gui/platforms.cpp:402 +msgid "4.x" +msgstr "" + +#: src/gui/platforms.cpp:518 +msgid "Accept" +msgstr "" + +#: src/gui/platforms.cpp:520 +msgid "Deny" +msgstr "" + +#: src/gui/platforms.cpp:522 +msgid "Reject" +msgstr "" + +#: src/gui/platforms.cpp:524 +msgid "Scrub" +msgstr "" + +#: src/gui/platforms.cpp:526 +msgid "Return" +msgstr "" + +#: src/gui/platforms.cpp:528 +msgid "Skip" +msgstr "" + +#: src/gui/platforms.cpp:530 src/gui/.ui/longtextdialog_q.cpp:96 +msgid "Continue" +msgstr "" + +#: src/gui/platforms.cpp:532 +msgid "Modify" +msgstr "" + +#: src/gui/platforms.cpp:534 +msgid "Classify" +msgstr "" + +#: src/gui/platforms.cpp:536 +msgid "Custom" +msgstr "" + +#: src/gui/platforms.cpp:539 +msgid "Branch" +msgstr "" + +#: src/gui/platforms.cpp:540 +msgid "Chain" +msgstr "" + +#: src/gui/platforms.cpp:541 +msgid "Anchor" +msgstr "" + +#: src/gui/platforms.cpp:545 +msgid "Accounting" +msgstr "" + +#: src/gui/platforms.cpp:546 +msgid "Count" +msgstr "" + +#: src/gui/platforms.cpp:550 +msgid "Tag" +msgstr "" + +#: src/gui/platforms.cpp:551 +msgid "Mark" +msgstr "" + +#: src/gui/platforms.cpp:555 +msgid "Pipe" +msgstr "" + +#: src/gui/platforms.cpp:556 +msgid "Queue" +msgstr "" + +#: src/gui/PrefsDialog.cpp:176 +msgid "Pick the color" +msgstr "" + +#: src/gui/PrefsDialog.cpp:224 +msgid "Find working directory" +msgstr "" + +#: src/gui/PrefsDialog.cpp:233 +msgid "Find Secure Shell utility" +msgstr "" + +#: src/gui/PrefsDialog.cpp:284 +msgid "Find add-on library" +msgstr "" + +#: src/gui/printerStream.cpp:132 +#, qt-format +msgid "Page %1" +msgstr "" + +#: src/gui/PrintingProgressDialog.cpp:48 +#, qt-format +msgid "Printing (page %1/%2)" +msgstr "" + +#: src/gui/PrintingProgressDialog.cpp:50 +#, qt-format +msgid "Printing page %1" +msgstr "" + +#: src/gui/PrintingProgressDialog.cpp:67 +msgid "Aborting print operation" +msgstr "" + +#: src/gui/RCS.cpp:498 src/gui/RCS.cpp:717 src/gui/RCS.cpp:800 +#, qt-format +msgid "Error checking file out: %1" +msgstr "" + +#: src/gui/RCS.cpp:558 +#, qt-format +msgid "" +"Fatal error during initial RCS checkin of file %1 :\n" +" %2\n" +"Exit status %3" +msgstr "" + +#: src/gui/RCS.cpp:687 +msgid "Error creating temporary file " +msgstr "" + +#: src/gui/RCS.cpp:700 +msgid "Error writing to temporary file " +msgstr "" + +#: src/gui/RCS.cpp:732 +#, qt-format +msgid "" +"File is opened and locked by %1.\n" +"You can only open it read-only." +msgstr "" + +#: src/gui/RCS.cpp:745 +#, qt-format +msgid "" +"Revision %1 of this file has been checked out and locked by you earlier.\n" +"The file may be opened in another copy of Firewall Builder or was left " +"opened\n" +"after the program crashed." +msgstr "" + +#: src/gui/RCS.cpp:748 +msgid "Open &read-only" +msgstr "" + +#: src/gui/RCS.cpp:748 +msgid "&Open and continue editing" +msgstr "" + +#: src/gui/RCS.cpp:991 +#, qt-format +msgid "Fatal error running rlog for %1" +msgstr "" + +#: src/gui/RCS.cpp:1031 +#, qt-format +msgid "Fatal error running rcsdiff for file %1" +msgstr "" + +#: src/gui/RCSFilePreview.cpp:137 +msgid "File is not in RCS" +msgstr "" + +#: src/gui/RuleSetView.cpp:206 +msgid "A Rule Set" +msgstr "" + +#: src/gui/RuleSetView.cpp:621 +msgid "Outbound " +msgstr "" + +#: src/gui/RuleSetView.cpp:707 +msgid "Original" +msgstr "" + +#: src/gui/RuleSetView.cpp:708 +msgid "Default" +msgstr "" + +#: src/gui/RuleSetView.cpp:711 src/gui/.ui/instdialog_q.cpp:274 +msgid "All" +msgstr "" + +#: src/gui/RuleSetView.cpp:712 src/gui/RuleSetView.cpp:720 +#: src/gui/.ui/timedialog_q.cpp:245 src/gui/.ui/timedialog_q.cpp:262 +msgid "Any" +msgstr "" + +#: src/gui/RuleSetView.cpp:1457 src/gui/RuleSetView.cpp:1717 +#: src/gui/RuleSetView.cpp:1745 src/gui/.ui/FWBMainWindow_q.cpp:521 +#: src/gui/.ui/FWBMainWindow_q.cpp:522 +msgid "Insert Rule" +msgstr "" + +#: src/gui/RuleSetView.cpp:1459 src/gui/RuleSetView.cpp:1473 +msgid "Paste Rule" +msgstr "" + +#: src/gui/RuleSetView.cpp:1603 +msgid "Parameters" +msgstr "" + +#: src/gui/RuleSetView.cpp:1620 +msgid "Inbound" +msgstr "" + +#: src/gui/RuleSetView.cpp:1624 +msgid "Outbound" +msgstr "" + +#: src/gui/RuleSetView.cpp:1628 +msgid "Both" +msgstr "" + +#: src/gui/RuleSetView.cpp:1637 +msgid "Rule Options" +msgstr "" + +#: src/gui/RuleSetView.cpp:1644 +msgid "Logging On" +msgstr "" + +#: src/gui/RuleSetView.cpp:1648 +msgid "Logging Off" +msgstr "" + +#: src/gui/RuleSetView.cpp:1674 +msgid "Reveal in tree" +msgstr "" + +#: src/gui/RuleSetView.cpp:1677 +msgid "Negate" +msgstr "" + +#: src/gui/RuleSetView.cpp:1725 +#, qt-format +msgid "Rules: %1-%2" +msgstr "" + +#: src/gui/RuleSetView.cpp:1728 +#, qt-format +msgid "Rule: %1" +msgstr "" + +#: src/gui/RuleSetView.cpp:1733 +msgid "Color Label:" +msgstr "" + +#: src/gui/RuleSetView.cpp:1747 src/gui/.ui/FWBMainWindow_q.cpp:527 +#: src/gui/.ui/FWBMainWindow_q.cpp:528 +msgid "Add Rule Below" +msgstr "" + +#: src/gui/RuleSetView.cpp:1750 src/gui/.ui/FWBMainWindow_q.cpp:529 +#: src/gui/.ui/FWBMainWindow_q.cpp:530 +msgid "Remove Rule" +msgstr "" + +#: src/gui/RuleSetView.cpp:1751 +msgid "Remove Rules" +msgstr "" + +#: src/gui/RuleSetView.cpp:1754 +msgid "Move Rule" +msgstr "" + +#: src/gui/RuleSetView.cpp:1755 +msgid "Move Rules" +msgstr "" + +#: src/gui/RuleSetView.cpp:1761 src/gui/.ui/FWBMainWindow_q.cpp:532 +#: src/gui/.ui/FWBMainWindow_q.cpp:533 +msgid "Copy Rule" +msgstr "" + +#: src/gui/RuleSetView.cpp:1763 src/gui/.ui/FWBMainWindow_q.cpp:534 +#: src/gui/.ui/FWBMainWindow_q.cpp:535 +msgid "Cut Rule" +msgstr "" + +#: src/gui/RuleSetView.cpp:1765 src/gui/.ui/FWBMainWindow_q.cpp:536 +#: src/gui/.ui/FWBMainWindow_q.cpp:537 +msgid "Paste Rule Above" +msgstr "" + +#: src/gui/RuleSetView.cpp:1767 src/gui/.ui/FWBMainWindow_q.cpp:538 +#: src/gui/.ui/FWBMainWindow_q.cpp:539 +msgid "Paste Rule Below" +msgstr "" + +#: src/gui/RuleSetView.cpp:1774 +msgid "Enable Rule" +msgstr "" + +#: src/gui/RuleSetView.cpp:1775 +msgid "Enable Rules" +msgstr "" + +#: src/gui/RuleSetView.cpp:1779 +msgid "Disable Rule" +msgstr "" + +#: src/gui/RuleSetView.cpp:1780 +msgid "Disable Rules" +msgstr "" + +#: src/gui/RuleSetView.cpp:3306 src/gui/RuleSetView.cpp:3396 +msgid "Source" +msgstr "" + +#: src/gui/RuleSetView.cpp:3309 src/gui/RuleSetView.cpp:3399 +#: src/gui/RuleSetView.cpp:3559 +msgid "Destination" +msgstr "" + +#: src/gui/RuleSetView.cpp:3312 src/gui/RuleSetView.cpp:3402 +msgid "Service" +msgstr "" + +#: src/gui/RuleSetView.cpp:3318 src/gui/RuleSetView.cpp:3405 +msgid "Direction" +msgstr "" + +#: src/gui/RuleSetView.cpp:3321 src/gui/RuleSetView.cpp:3408 +msgid "Action" +msgstr "" + +#: src/gui/RuleSetView.cpp:3326 src/gui/RuleSetView.cpp:3413 +#: src/gui/.ui/timedialog_q.cpp:241 +msgid "Time" +msgstr "" + +#: src/gui/RuleSetView.cpp:3332 src/gui/RuleSetView.cpp:3419 +#: src/gui/RuleSetView.cpp:3499 src/gui/RuleSetView.cpp:3571 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:206 +#: src/gui/.ui/linux24advanceddialog_q.cpp:415 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:184 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:198 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1854 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:308 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:212 +msgid "Options" +msgstr "" + +#: src/gui/RuleSetView.cpp:3336 src/gui/RuleSetView.cpp:3423 +#: src/gui/RuleSetView.cpp:3502 src/gui/RuleSetView.cpp:3574 +msgid "Comment" +msgstr "" + +#: src/gui/RuleSetView.cpp:3481 +msgid "Original Src" +msgstr "" + +#: src/gui/RuleSetView.cpp:3484 +msgid "Original Dst" +msgstr "" + +#: src/gui/RuleSetView.cpp:3487 +msgid "Original Srv" +msgstr "" + +#: src/gui/RuleSetView.cpp:3490 +msgid "Translated Src" +msgstr "" + +#: src/gui/RuleSetView.cpp:3493 +msgid "Translated Dst" +msgstr "" + +#: src/gui/RuleSetView.cpp:3496 +msgid "Translated Srv" +msgstr "" + +#: src/gui/RuleSetView.cpp:3562 +msgid "Gateway" +msgstr "" + +#: src/gui/RuleSetView.cpp:3568 +msgid "Metric" +msgstr "" + +#: src/gui/SimpleTextEditor.cpp:71 +msgid "Choose file" +msgstr "" + +#: src/gui/SSHPIX.cpp:136 src/gui/SSHUnx.cpp:95 +msgid "" +"\n" +"*** Fatal error :" +msgstr "" + +#: src/gui/SSHPIX.cpp:170 src/gui/SSHUnx.cpp:151 +msgid "Logged in" +msgstr "" + +#: src/gui/SSHPIX.cpp:171 +msgid "Switching to enable mode..." +msgstr "" + +#: src/gui/SSHPIX.cpp:205 src/gui/SSHUnx.cpp:176 +msgid "New RSA key" +msgstr "" + +#: src/gui/SSHPIX.cpp:206 src/gui/SSHUnx.cpp:177 +msgid "Yes" +msgstr "" + +#: src/gui/SSHPIX.cpp:206 src/gui/SSHUnx.cpp:177 +msgid "No" +msgstr "" + +#: src/gui/SSHPIX.cpp:252 +msgid "In enable mode." +msgstr "" + +#: src/gui/SSHPIX.cpp:387 src/gui/SSHPIX.cpp:783 +msgid "Pushing firewall configuration" +msgstr "" + +#: src/gui/SSHPIX.cpp:424 +#, qt-format +msgid "Rule %1" +msgstr "" + +#: src/gui/SSHPIX.cpp:450 +msgid "End" +msgstr "" + +#: src/gui/SSHPIX.cpp:532 +msgid "Making backup copy of the firewall configuration" +msgstr "" + +#: src/gui/SSHPIX.cpp:596 +msgid "*** Clearing unused access lists" +msgstr "" + +#: src/gui/SSHPIX.cpp:661 +msgid "*** Clearing unused object groups" +msgstr "" + +#: src/gui/SSHPIX.cpp:681 +msgid "*** End " +msgstr "" + +#: src/gui/SSHPIX.cpp:692 +msgid "Reading current firewall configuration" +msgstr "" + +#: src/gui/SSHPIX.cpp:717 +msgid "Generating configuration diff" +msgstr "" + +#: src/gui/SSHPIX.cpp:732 +#, qt-format +msgid "Fork failed for %1" +msgstr "" + +#: src/gui/SSHPIX.cpp:738 +msgid "Not enough memory." +msgstr "" + +#: src/gui/SSHPIX.cpp:743 +msgid "Too many opened file descriptors in the system." +msgstr "" + +#: src/gui/SSHPIX.cpp:769 +msgid "Empty configuration diff" +msgstr "" + +#: src/gui/SSHSession.cpp:90 +#, qt-format +msgid "" +"You are connecting to the firewall '%1' for the first time. It has " +"provided you its identification in a form of its host public key. The " +"fingerprint of the host public key is: \"%2\" You can save the host key to " +"the local database by pressing YES, or you can cancel connection by pressing " +"NO. You should press YES only if you are sure you are really connected to " +"the firewall '%3'." +msgstr "" + +#: src/gui/SSHSession.cpp:180 +msgid "Failed to start ssh" +msgstr "" + +#: src/gui/SSHSession.cpp:498 +msgid "ERROR" +msgstr "" + +#: src/gui/SSHSession.cpp:498 src/gui/.ui/filepropdialog_q.cpp:126 +#: src/gui/.ui/instoptionsdialog_q.cpp:285 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1825 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:309 +#: src/gui/.ui/simpleinteditor_q.cpp:91 src/gui/.ui/simpletexteditor_q.cpp:95 +msgid "OK" +msgstr "" + +#: src/gui/SSHSession.cpp:500 +#, qt-format +msgid "SSH session terminated, exit status: %1" +msgstr "" + +#: src/gui/SSHUnx.cpp:236 +msgid "Done" +msgstr "" + +#: src/gui/SSHUnx.cpp:248 +msgid "Error in SSH" +msgstr "" + +#: src/gui/StartWizard.cpp:106 +#, qt-format +msgid "File %1 is read-only, you can not save changes to it." +msgstr "" + +#: src/gui/StartWizard.cpp:171 +#, qt-format +msgid "" +"Error opening file:\n" +"%1" +msgstr "" + +#: src/gui/TCPServiceDialog.cpp:176 src/gui/UDPServiceDialog.cpp:118 +msgid "Invalid range defined for the source port." +msgstr "" + +#: src/gui/TCPServiceDialog.cpp:184 src/gui/UDPServiceDialog.cpp:126 +msgid "Invalid range defined for the destination port." +msgstr "" + +#: src/gui/TimeDialog.cpp:68 src/gui/TimeDialog.cpp:69 +#: src/gui/.ui/timedialog_q.cpp:256 src/gui/.ui/timedialog_q.cpp:259 +msgid "(M/D/Y)" +msgstr "" + +#: src/gui/TimeDialog.cpp:73 src/gui/TimeDialog.cpp:74 +msgid "(D/M/Y)" +msgstr "" + +#: src/gui/TimeDialog.cpp:78 src/gui/TimeDialog.cpp:79 +msgid "(Y/M/D)" +msgstr "" + +#: src/gui/TimeDialog.cpp:83 src/gui/TimeDialog.cpp:84 +msgid "(Y/D/M)" +msgstr "" + +#: src/gui/.ui/aboutdialog_q.cpp:136 src/gui/.ui/aboutdialog_q.cpp:137 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:109 +#: src/gui/.ui/FWBMainWindow_q.cpp:439 +msgid "Firewall Builder" +msgstr "" + +#: src/gui/.ui/aboutdialog_q.cpp:138 +msgid "Using libfwbuilder API v" +msgstr "" + +#: src/gui/.ui/aboutdialog_q.cpp:139 +msgid "Revision: " +msgstr "" + +#: src/gui/.ui/aboutdialog_q.cpp:140 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:187 +#: src/gui/.ui/ipfadvanceddialog_q.cpp:547 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:351 +#: src/gui/.ui/iptadvanceddialog_q.cpp:599 +#: src/gui/.ui/linksysadvanceddialog_q.cpp:196 +#: src/gui/.ui/linux24advanceddialog_q.cpp:366 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:165 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:173 +#: src/gui/.ui/pagesetupdialog_q.cpp:108 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1000 src/gui/.ui/prefsdialog_q.cpp:364 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:183 +msgid "&OK" +msgstr "" + +#: src/gui/.ui/aboutdialog_q.cpp:142 +msgid "Copyright 2002-2006 NetCitadel, LLC" +msgstr "" + +#: src/gui/.ui/aboutdialog_q.cpp:143 +msgid "" +"

    http://www." +"fwbuilder.org

    " +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:451 +msgid "Actions Dialog" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:452 +msgid "fw/rule num/action" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:453 +msgid "Tag string:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:454 +msgid "" +"If rule action is 'Reject', this option defines firewall's reaction to the " +"packet matching the rule" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:455 +msgid "This action has no parameters." +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:456 +msgid "Tag value:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:457 +msgid "Mark connections created by packets that match this rule" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:458 +msgid "Requires CONNMARK target" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:459 +msgid "" +"Note: this action translates into MARK target for iptables. Normally this " +"target is non-terminating, that is, other rules with Classify or Tag actions " +"belog this one will process the same packet. However, Firewall Builder can " +"emulate terminating behavior for this action. Option in the \"compiler\" tab " +"of the firewall object properties dialog activates emulation." +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:460 +msgid "Emulation is currently ON, the rule will be terminating" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:461 +msgid "" +"Rule name for accounting. (white spaces and special characters are not " +"allowed)" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:462 +msgid "Packet classification can be implemented in different ways:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:464 +msgid "use dummynet(4) 'pipe'" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:465 +msgid "use dummynet(4) 'queue'" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:466 +msgid "Pipe or queue number:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:467 +msgid "Custom string:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:468 +msgid "Classify string:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:469 +msgid "" +"Note: CLASSIFY target in iptables is non-terminating, that is other rules " +"with Classify or Mark target below this will process the same packet. " +"However, Firewall Builder can emulate terminating behavior for this action. " +"Emulation is activated by an option in the \"compiler\" tab of the firewall " +"object properties dialog." +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:471 +msgid "Divert socket port number:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:472 +msgid "User-defined chain name:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:473 +msgid "" +"In addition to 'filter', create branching rule in 'mangle' table as well" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:474 +msgid "Anchor name:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:479 src/gui/.ui/actionsdialog_q.cpp:486 +msgid "interface" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:480 src/gui/.ui/actionsdialog_q.cpp:487 +msgid "next hop" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:481 +msgid "Fastroute" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:488 +msgid "Change inbound interface to" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:489 +msgid "Route through gateway" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:490 +msgid "Change outbound interface to" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:491 +msgid "Continue packet inspection" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:492 +msgid "Make a copy" +msgstr "" + +#: src/gui/.ui/addressrangedialog_q.cpp:162 +#: src/gui/.ui/addressrangedialog_q.cpp:163 +msgid "Address Range" +msgstr "" + +#: src/gui/.ui/addressrangedialog_q.cpp:164 +#: src/gui/.ui/addresstabledialog_q.cpp:198 +#: src/gui/.ui/customservicedialog_q.cpp:179 +#: src/gui/.ui/dnsnamedialog_q.cpp:173 src/gui/.ui/firewalldialog_q.cpp:215 +#: src/gui/.ui/groupobjectdialog_q.cpp:188 src/gui/.ui/hostdialog_q.cpp:149 +#: src/gui/.ui/icmpservicedialog_q.cpp:169 +#: src/gui/.ui/interfacedialog_q.cpp:233 src/gui/.ui/ipservicedialog_q.cpp:210 +#: src/gui/.ui/ipv4dialog_q.cpp:171 src/gui/.ui/librarydialog_q.cpp:141 +#: src/gui/.ui/networkdialog_q.cpp:165 src/gui/.ui/physaddressdialog_q.cpp:154 +#: src/gui/.ui/tagservicedialog_q.cpp:149 +#: src/gui/.ui/tcpservicedialog_q.cpp:372 src/gui/.ui/timedialog_q.cpp:271 +#: src/gui/.ui/udpservicedialog_q.cpp:223 +msgid "Comment:" +msgstr "" + +#: src/gui/.ui/addressrangedialog_q.cpp:165 +msgid "Range End:" +msgstr "" + +#: src/gui/.ui/addressrangedialog_q.cpp:166 +msgid "Range Start:" +msgstr "" + +#: src/gui/.ui/addressrangedialog_q.cpp:167 +#: src/gui/.ui/addresstabledialog_q.cpp:200 +#: src/gui/.ui/customservicedialog_q.cpp:180 +#: src/gui/.ui/dnsnamedialog_q.cpp:178 src/gui/.ui/firewalldialog_q.cpp:216 +#: src/gui/.ui/groupobjectdialog_q.cpp:193 src/gui/.ui/hostdialog_q.cpp:147 +#: src/gui/.ui/icmpservicedialog_q.cpp:170 +#: src/gui/.ui/interfacedialog_q.cpp:234 src/gui/.ui/ipservicedialog_q.cpp:219 +#: src/gui/.ui/ipv4dialog_q.cpp:172 src/gui/.ui/librarydialog_q.cpp:139 +#: src/gui/.ui/networkdialog_q.cpp:166 src/gui/.ui/newfirewalldialog_q.cpp:516 +#: src/gui/.ui/newhostdialog_q.cpp:392 src/gui/.ui/physaddressdialog_q.cpp:151 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:820 +#: src/gui/.ui/tagservicedialog_q.cpp:151 +#: src/gui/.ui/tcpservicedialog_q.cpp:398 src/gui/.ui/timedialog_q.cpp:272 +#: src/gui/.ui/udpservicedialog_q.cpp:231 +msgid "Name:" +msgstr "" + +#: src/gui/.ui/addressrangedialog_q.cpp:168 +#: src/gui/.ui/addresstabledialog_q.cpp:199 +#: src/gui/.ui/customservicedialog_q.cpp:181 +#: src/gui/.ui/dnsnamedialog_q.cpp:177 src/gui/.ui/firewalldialog_q.cpp:217 +#: src/gui/.ui/groupobjectdialog_q.cpp:192 src/gui/.ui/hostdialog_q.cpp:148 +#: src/gui/.ui/icmpservicedialog_q.cpp:171 +#: src/gui/.ui/interfacedialog_q.cpp:236 src/gui/.ui/ipservicedialog_q.cpp:218 +#: src/gui/.ui/ipv4dialog_q.cpp:173 src/gui/.ui/networkdialog_q.cpp:167 +#: src/gui/.ui/newgroupdialog_q.cpp:98 src/gui/.ui/physaddressdialog_q.cpp:152 +#: src/gui/.ui/tagservicedialog_q.cpp:150 +#: src/gui/.ui/tcpservicedialog_q.cpp:399 src/gui/.ui/timedialog_q.cpp:273 +#: src/gui/.ui/udpservicedialog_q.cpp:230 +msgid "Library:" +msgstr "" + +#: src/gui/.ui/addresstabledialog_q.cpp:196 +#: src/gui/.ui/addresstabledialog_q.cpp:197 +msgid "Address Table" +msgstr "" + +#: src/gui/.ui/addresstabledialog_q.cpp:202 +#: src/gui/.ui/dnsnamedialog_q.cpp:175 +msgid "Compile Time" +msgstr "" + +#: src/gui/.ui/addresstabledialog_q.cpp:203 +#: src/gui/.ui/dnsnamedialog_q.cpp:176 +msgid "Run Time" +msgstr "" + +#: src/gui/.ui/addresstabledialog_q.cpp:204 +msgid "File name:" +msgstr "" + +#: src/gui/.ui/addresstabledialog_q.cpp:205 +#: src/gui/.ui/addresstabledialog_q.cpp:206 +msgid "Browse" +msgstr "" + +#: src/gui/.ui/addresstabledialog_q.cpp:207 +msgid "Preview" +msgstr "" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:87 +msgid "Enter New Position For The Rule" +msgstr "" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:88 +msgid "Enter new position for selected rules:" +msgstr "" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:89 +msgid "&Move" +msgstr "" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:90 +msgid "Alt+M" +msgstr "" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:92 src/gui/.ui/debugdialog_q.cpp:76 +#: src/gui/.ui/execdialog_q.cpp:96 src/gui/.ui/pagesetupdialog_q.cpp:111 +msgid "Alt+C" +msgstr "" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:108 src/gui/.ui/prefsdialog_q.cpp:401 +msgid "Orange" +msgstr "" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:110 src/gui/.ui/prefsdialog_q.cpp:408 +msgid "Green" +msgstr "" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:112 src/gui/.ui/prefsdialog_q.cpp:406 +msgid "Purple" +msgstr "" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:114 src/gui/.ui/prefsdialog_q.cpp:398 +msgid "Blue" +msgstr "" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:116 src/gui/.ui/prefsdialog_q.cpp:399 +msgid "Yellow" +msgstr "" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:118 src/gui/.ui/prefsdialog_q.cpp:409 +msgid "Gray" +msgstr "" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:120 src/gui/.ui/prefsdialog_q.cpp:397 +msgid "Red" +msgstr "" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:122 +msgid "No color" +msgstr "" + +#: src/gui/.ui/commenteditorpanel_q.cpp:95 +msgid "Comment Editor Panel" +msgstr "" + +#: src/gui/.ui/commenteditorpanel_q.cpp:96 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:155 +#: src/gui/.ui/routingruleoptionsdialog_q.cpp:119 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:784 +msgid "fw/rule num" +msgstr "" + +#: src/gui/.ui/commenteditorpanel_q.cpp:98 +#: src/gui/.ui/simpletexteditor_q.cpp:97 +msgid "Import from file ..." +msgstr "" + +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:67 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:114 +msgid "Parent" +msgstr "" + +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:68 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:115 +#: src/gui/.ui/findwhereusedwidget_q.cpp:63 +#: src/gui/.ui/findwhereusedwidget_q.cpp:120 +msgid "Details" +msgstr "" + +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:112 +msgid "" +"Groups and firewall policy rules shown in the list below reference objects " +"you are about to delete. If you delete objects, they will be removed from " +"these groups and rules." +msgstr "" + +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:116 +msgid "" +"Deleted objects are moved to the \"Deleted objects\" library. You can " +"recover them later by moving back to the user's library. However if you " +"delete an object already located in the \"Deleted objects\" library, it is " +"destroyed and can not be restored." +msgstr "" + +#: src/gui/.ui/customservicedialog_q.cpp:182 +msgid "" +"Custom service object has separate code string for each supported firewall " +"platform." +msgstr "" + +#: src/gui/.ui/customservicedialog_q.cpp:183 +#: src/gui/.ui/discoverydruid_q.cpp:940 src/gui/.ui/firewalldialog_q.cpp:218 +msgid "Platform:" +msgstr "" + +#: src/gui/.ui/customservicedialog_q.cpp:184 +#: src/gui/.ui/tagservicedialog_q.cpp:152 +msgid "Code:" +msgstr "" + +#: src/gui/.ui/debugdialog_q.cpp:74 +msgid "Debugging Info" +msgstr "" + +#: src/gui/.ui/debugdialog_q.cpp:75 src/gui/.ui/execdialog_q.cpp:95 +#: src/gui/.ui/FWBMainWindow_q.cpp:498 +msgid "&Close" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:750 src/gui/.ui/discoverydruid_q.cpp:1025 +msgid "Interfaces" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:752 src/gui/.ui/discoverydruid_q.cpp:1026 +#: src/gui/.ui/filterdialog_q.cpp:91 src/gui/.ui/filterdialog_q.cpp:164 +msgid "Type" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:921 src/gui/.ui/FWBMainWindow_q.cpp:565 +#: src/gui/.ui/FWBMainWindow_q.cpp:566 +msgid "Discovery Druid" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:922 +msgid "" +"Choose discovery method used to collect information about network objects " +"from the list below and click 'Next' to continue." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:923 +msgid "Discovery method:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:924 +msgid "Read file in hosts format" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:925 src/gui/.ui/discoverydruid_q.cpp:948 +msgid "Import DNS zone" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:926 +msgid "Perform network discovery using SNMP" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:927 src/gui/.ui/discoverydruid_q.cpp:942 +msgid "Import configuration of a firewall or a router" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:928 +msgid "Discovery Method" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:929 +msgid "Enter full path and file name below or click \"Browse\" to find it:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:930 +msgid "File in hosts format" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:931 +msgid "Browse ..." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:932 +msgid "Reading file in hosts format" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:933 +msgid "" +"All objects created during import will be placed in the library currently " +"opened in the tree." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:934 +msgid "" +"Policy import tries to parse given configuration file and preserve its logic " +"as close as possible. However, very often target firewall configuration " +"allows for more commands, options and their combinations than importer can " +"understand. Rules that importer could not parse exactly are colored red in " +"the rule sets it creates. Always inspect firewall policy created by the " +"importer and compare it with the original. Manual changes and corrections " +"may be required. Comments in the rules that could not be parsed show " +"fragments of the original configuration parser did not understand." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:935 +msgid "Import from file: " +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:936 src/gui/.ui/prefsdialog_q.cpp:380 +#: src/gui/.ui/prefsdialog_q.cpp:385 +msgid "Browse..." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:938 +msgid "Cisco IOS" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:939 +msgid "iptables" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:941 +#: src/gui/.ui/printingprogressdialog_q.cpp:75 +msgid "textLabel1" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:943 +msgid "" +"This discovery method creates objects for all 'A' records found in DNS " +"domain. You will later have a chance to accept only those objects you wish " +"and ignore others.\n" +"Please enter the domain name below:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:945 +msgid "Domain name" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:946 +msgid "" +"Objects created using this method may have long or short names. long name " +"consists of the host name and full domain name (this is called Fully " +"Qualified Domain Name). Short name consists of only host name. Check in " +"the box below if you wish to use long name, then click next to continue:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:947 +msgid "Use long names" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:949 +msgid "" +"DNS zone information has to be transferred from the name server " +"authoritative for the domain. Pick the name server:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:950 src/gui/.ui/discoverydruid_q.cpp:957 +msgid "Name server" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:951 +msgid "choose name server from the list below" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:952 +msgid "server name or its IP address here if you wish to use different one:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:954 +msgid "DNS Query options" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:955 +msgid "Timeout (sec)" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:956 +msgid "Retries" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:958 +msgid "" +"This discovery method scans networks looking for hosts or gateways " +"responding to SNMP queries. It pulls host's ARP table and uses all the " +"entries found in it to create objects. Scan starts from the host called " +"\"seed\". Enter \"seed\" host name or address below:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:959 +msgid "'Seed' host" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:961 +msgid "Enter a valid host name or address." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:962 +msgid "" +"The scanner process can be confined to a certain network, so it won't " +"discover hosts on adjacent networks. If you leave these fields blank, " +"scanner will visit all networks it can find:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:963 +msgid "Confine scan to this network:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:964 src/gui/.ui/ipv4dialog_q.cpp:175 +#: src/gui/.ui/networkdialog_q.cpp:168 src/gui/.ui/newfirewalldialog_q.cpp:518 +#: src/gui/.ui/newhostdialog_q.cpp:406 +msgid "Netmask:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:965 src/gui/.ui/ipv4dialog_q.cpp:174 +#: src/gui/.ui/networkdialog_q.cpp:169 src/gui/.ui/newfirewalldialog_q.cpp:517 +#: src/gui/.ui/newhostdialog_q.cpp:394 +msgid "Address:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:967 +msgid "Network discovery using SNMP" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:968 +msgid "" +"The scanner process can repeat its algorithm recursively using each new host " +"it finds as a new \"seed\". This allows it to find as many objects on your " +"network as possible. On the other hand, it takes more time and may find some " +"objects you do not really need. You can turn recursive scanning on below:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:969 +msgid "Run network scan recursively" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:970 +msgid "" +"The scanner process can find nodes beyond the boundaries of your network by " +"following point-to-point links connecting it to the Internet or other parts " +"of WAN." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:971 +msgid "Follow point-to-point links" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:972 +msgid "" +"The scanner process can distinguish virtual IP addresses created on hosts as " +"static \"published\" ARP entries or as secondary addresses on interfaces." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:973 +msgid "Include virtual addresses" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:974 +msgid "" +"Analysis of ARP table yields IP addresses for hosts on your network. In " +"order to determine their names, scanner can run reverse name lookup queries " +"using your name servers (DNS):" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:975 +msgid "Run reverse name lookup DNS queries to determine host names" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:976 +msgid "Network scan options" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:977 +msgid "" +"Enter parameters for SNMP and DNS reverse lookup queries below. (If unsure, " +"just leave default values):" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:978 +msgid "SNMP query parameters:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:979 +#: src/gui/.ui/newfirewalldialog_q.cpp:497 src/gui/.ui/newhostdialog_q.cpp:386 +msgid "SNMP 'read' community string:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:980 src/gui/.ui/discoverydruid_q.cpp:984 +msgid "number of retries:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:981 +msgid "timeout (sec):" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:982 +msgid "public" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:983 +msgid "DNS parameters:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:985 +msgid "timeout (sec) :" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:986 +msgid "Number of threads:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:988 +msgid "SNMP and DNS reverse lookup queries parameters" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:990 +msgid "Process name" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:993 +msgid "Save scan log to file" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:994 +msgid "Process log:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:995 +msgid "Discovery is in progress" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:996 +msgid "" +"These are the networks found by the scanner process. Choose the ones you " +"wish to use from the list below, then click 'Next':" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:997 src/gui/.ui/discoverydruid_q.cpp:1003 +#: src/gui/.ui/discoverydruid_q.cpp:1008 src/gui/.ui/discoverydruid_q.cpp:1013 +#: src/gui/.ui/discoverydruid_q.cpp:1019 +msgid "Select All" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:998 src/gui/.ui/discoverydruid_q.cpp:1009 +#: src/gui/.ui/discoverydruid_q.cpp:1018 +msgid "Filter ..." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:999 src/gui/.ui/discoverydruid_q.cpp:1004 +#: src/gui/.ui/discoverydruid_q.cpp:1010 src/gui/.ui/discoverydruid_q.cpp:1014 +#: src/gui/.ui/discoverydruid_q.cpp:1016 +msgid "Unselect All" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1000 src/gui/.ui/discoverydruid_q.cpp:1007 +#: src/gui/.ui/discoverydruid_q.cpp:1017 +msgid "Remove Filter" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1001 src/gui/.ui/discoverydruid_q.cpp:1011 +msgid "->" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1002 src/gui/.ui/discoverydruid_q.cpp:1012 +msgid "<-" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1005 +msgid "Networks" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1006 +msgid "Choose objects you wish to use, then click 'Next':" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1020 +msgid "Change type of selected objects:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1027 +msgid "" +"Here you can change type of the objects to be created for each address " +"discovered by the scanner. By default, an \"Address\" object is created for " +"the host with just one interface with single IP address and \"Host\" object " +"is created for the host with multiple interfaces, however you can change " +"their types on this page." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1028 +msgid "Adjust Object types" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1029 +msgid "Select target library" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1030 +msgid "Target library" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1031 +msgid "Adding new objects to library ..." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1032 +msgid "Creatnig objects" +msgstr "" + +#: src/gui/.ui/dnsnamedialog_q.cpp:171 src/gui/.ui/dnsnamedialog_q.cpp:172 +msgid "DNS Name" +msgstr "" + +#: src/gui/.ui/dnsnamedialog_q.cpp:179 +msgid "DNS Record:" +msgstr "" + +#: src/gui/.ui/execdialog_q.cpp:92 +msgid "Executing external command" +msgstr "" + +#: src/gui/.ui/execdialog_q.cpp:93 src/gui/.ui/instdialog_q.cpp:287 +msgid "Save log to file" +msgstr "" + +#: src/gui/.ui/filepropdialog_q.cpp:114 +msgid "File Properties" +msgstr "" + +#: src/gui/.ui/filepropdialog_q.cpp:115 +msgid "Location:" +msgstr "" + +#: src/gui/.ui/filepropdialog_q.cpp:116 +msgid "RO" +msgstr "" + +#: src/gui/.ui/filepropdialog_q.cpp:117 +msgid "Revision Control:" +msgstr "" + +#: src/gui/.ui/filepropdialog_q.cpp:118 +msgid "Time of last modification:" +msgstr "" + +#: src/gui/.ui/filepropdialog_q.cpp:119 +msgid "Revision:" +msgstr "" + +#: src/gui/.ui/filepropdialog_q.cpp:120 +msgid "Locked by user:" +msgstr "" + +#: src/gui/.ui/filepropdialog_q.cpp:121 +msgid "location" +msgstr "" + +#: src/gui/.ui/filepropdialog_q.cpp:122 +msgid "lastModified" +msgstr "" + +#: src/gui/.ui/filepropdialog_q.cpp:123 +msgid "rev" +msgstr "" + +#: src/gui/.ui/filepropdialog_q.cpp:124 +msgid "lockedBy" +msgstr "" + +#: src/gui/.ui/filepropdialog_q.cpp:125 +msgid "Revision history:" +msgstr "" + +#: src/gui/.ui/filepropdialog_q.cpp:127 src/gui/.ui/FWBMainWindow_q.cpp:458 +msgid "Print" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:89 src/gui/.ui/filterdialog_q.cpp:163 +msgid "Target" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:93 src/gui/.ui/filterdialog_q.cpp:165 +msgid "Pattern" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:150 +msgid "Filter" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:151 src/gui/.ui/FWBMainWindow_q.cpp:452 +#: src/gui/.ui/FWBMainWindow_q.cpp:495 src/gui/.ui/FWBMainWindow_q.cpp:496 +msgid "Save" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:152 src/gui/.ui/prefsdialog_q.cpp:213 +#: src/gui/.ui/prefsdialog_q.cpp:392 +msgid "Load" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:153 src/gui/.ui/libexport_q.cpp:112 +msgid "Ok" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:155 +msgid "Match" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:157 +msgid "all" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:158 src/gui/.ui/icmpservicedialog_q.cpp:173 +#: src/gui/.ui/icmpservicedialog_q.cpp:175 +msgid "any" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:159 +msgid "of the following:" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:161 +msgid "+" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:162 +msgid "Add a new pattern" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:166 +msgid "Case sensitive" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:167 +msgid "-" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:168 +msgid "Remove a pattern" +msgstr "" + +#: src/gui/.ui/finddialog_q.cpp:127 src/gui/.ui/FWBMainWindow_q.cpp:513 +msgid "Find Object" +msgstr "" + +#: src/gui/.ui/finddialog_q.cpp:128 +msgid "Text to be found in object names:" +msgstr "" + +#: src/gui/.ui/finddialog_q.cpp:129 +msgid "Search in policy rules" +msgstr "" + +#: src/gui/.ui/finddialog_q.cpp:130 +msgid "Search in the tree" +msgstr "" + +#: src/gui/.ui/finddialog_q.cpp:132 +msgid "Matching attribute:" +msgstr "" + +#: src/gui/.ui/finddialog_q.cpp:135 src/gui/.ui/findobjectwidget_q.cpp:205 +msgid "TCP/UDP port" +msgstr "" + +#: src/gui/.ui/finddialog_q.cpp:136 src/gui/.ui/findobjectwidget_q.cpp:206 +msgid "Protocol number" +msgstr "" + +#: src/gui/.ui/finddialog_q.cpp:137 src/gui/.ui/findobjectwidget_q.cpp:207 +msgid "ICMP type" +msgstr "" + +#: src/gui/.ui/finddialog_q.cpp:138 src/gui/.ui/findobjectwidget_q.cpp:208 +msgid "Search for substring using regular expressions" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:187 +#: src/gui/.ui/findwhereusedwidget_q.cpp:116 +#: src/gui/.ui/fwobjectdroparea_q.cpp:49 +#: src/gui/.ui/tagservicedialog_q.cpp:147 +msgid "Form1" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:188 +msgid " Replace object " +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:189 +msgid "Replace && Find" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:192 +msgid "Replace all" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:193 +msgid "Replace" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:194 +msgid "Scope for search and replace :" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:196 +msgid "Tree only" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:197 +msgid "Tree and policy of all firewalls" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:198 +msgid "Policy of all firewalls" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:199 +msgid "policy of the opened firewall" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:200 +#: src/gui/.ui/findwhereusedwidget_q.cpp:122 +#: src/gui/.ui/FWBMainWindow_q.cpp:446 src/gui/.ui/FWBMainWindow_q.cpp:497 +#: src/gui/.ui/simpletextview_q.cpp:94 +msgid "Close" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:201 +msgid " Find object" +msgstr "" + +#: src/gui/.ui/findwhereusedwidget_q.cpp:62 +#: src/gui/.ui/findwhereusedwidget_q.cpp:119 +msgid "Parent Object" +msgstr "" + +#: src/gui/.ui/findwhereusedwidget_q.cpp:117 +msgid "Object:" +msgstr "" + +#: src/gui/.ui/findwhereusedwidget_q.cpp:118 +msgid "Object is found in :" +msgstr "" + +#: src/gui/.ui/firewalldialog_q.cpp:211 +msgid "Host OS Settings ..." +msgstr "" + +#: src/gui/.ui/firewalldialog_q.cpp:212 +msgid "Inactive firewall" +msgstr "" + +#: src/gui/.ui/firewalldialog_q.cpp:213 +msgid "Skip this firewall for batch compile and install operations" +msgstr "" + +#: src/gui/.ui/firewalldialog_q.cpp:214 +msgid "Firewall Settings ..." +msgstr "" + +#: src/gui/.ui/firewalldialog_q.cpp:219 +msgid "Version:" +msgstr "" + +#: src/gui/.ui/firewalldialog_q.cpp:220 +msgid "Host OS:" +msgstr "" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:186 +msgid "FreeBSD: advanced settings" +msgstr "" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:191 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:183 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:177 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:211 +msgid "Forward source routed packets" +msgstr "" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:192 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:169 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:197 +msgid "Generate ICMP redirects" +msgstr "" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:193 +#: src/gui/.ui/linux24advanceddialog_q.cpp:406 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:170 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:187 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:202 +msgid "Packet forwarding" +msgstr "" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:207 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:187 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:201 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:215 +msgid "" +"Specify directory path and a file name for the following utilities on the OS " +"your firewall machine is running. Leave these empty if you want to use " +"default values." +msgstr "" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:208 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:214 +msgid "ipnat:" +msgstr "" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:209 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:186 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:200 +msgid "sysctl:" +msgstr "" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:210 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:213 +msgid "ipf:" +msgstr "" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:211 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:185 +msgid "ipfw:" +msgstr "" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:212 +#: src/gui/.ui/linksysadvanceddialog_q.cpp:206 +#: src/gui/.ui/linux24advanceddialog_q.cpp:457 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:188 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:202 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:216 +msgid "Path" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:441 +msgid "" +"Click here to change amount of information shown about object selected in " +"the tree" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:442 +msgid "Firewall Name" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:443 src/gui/.ui/instdialog_q.cpp:281 +msgid "Firewalls:" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:444 +msgid "Tab 1" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:445 +msgid "Apply" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:447 +msgid "New Object File" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:448 +msgid "&New Object File" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:450 +msgid "&Open..." +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:451 +msgid "Ctrl+O" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:454 +msgid "Ctrl+S" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:455 +msgid "Save As" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:456 +msgid "Save &As..." +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:459 +msgid "&Print..." +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:460 +msgid "Ctrl+P" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:461 +msgid "Exit" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:462 +msgid "E&xit" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:464 +msgid "Undo" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:465 +msgid "&Undo" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:466 +msgid "Ctrl+Z" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:467 +msgid "Redo" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:468 +msgid "&Redo" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:469 +msgid "Ctrl+Y" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:471 +msgid "&Cut" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:472 +msgid "Ctrl+X" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:474 +msgid "C&opy" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:475 +msgid "Ctrl+C" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:477 +msgid "&Paste" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:478 +msgid "Ctrl+V" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:481 src/gui/.ui/FWBMainWindow_q.cpp:517 +msgid "Ctrl+F" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:482 +msgid "Contents" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:483 +msgid "&Contents..." +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:485 +msgid "Index" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:486 +msgid "&Index..." +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:488 +msgid "About" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:489 +msgid "&About" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:491 src/gui/.ui/FWBMainWindow_q.cpp:492 +msgid "New" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:501 +msgid "Compile rules" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:504 +msgid "Install firewall policy" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:505 src/gui/.ui/FWBMainWindow_q.cpp:506 +#: src/gui/.ui/objectmanipulator_q.cpp:111 +msgid "Back" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:507 src/gui/.ui/FWBMainWindow_q.cpp:508 +msgid "Move back to the previous object" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:509 +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:155 +#: src/gui/.ui/objectmanipulator_q.cpp:114 +msgid "New Object" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:510 +msgid "&New Object" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:511 src/gui/.ui/objectmanipulator_q.cpp:115 +msgid "Create New Object" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:512 +msgid "Ctrl+N" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:514 +msgid "&Find Object" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:515 src/gui/.ui/FWBMainWindow_q.cpp:516 +msgid "Find object in the tree" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:518 +msgid "Preferences..." +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:519 +msgid "P&references..." +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:520 +msgid "Edit Preferences" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:523 src/gui/.ui/FWBMainWindow_q.cpp:524 +msgid "Move Rule Up" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:525 src/gui/.ui/FWBMainWindow_q.cpp:526 +msgid "Move Rule Down" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:531 +msgid "Ctrl+Del" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:540 +msgid "Add File to RCS" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:541 +msgid "Add File to &RCS" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:544 +msgid "Export Library To a File" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:545 +msgid "&Export Library" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:546 +msgid "Import Library From a File" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:547 +msgid "&Import Library" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:548 +msgid "Debug" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:549 +msgid "&Debug" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:550 src/gui/.ui/FWBMainWindow_q.cpp:551 +msgid "&Properties" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:552 +msgid "Show File Properties" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:553 src/gui/.ui/FWBMainWindow_q.cpp:554 +msgid "Move Selected Rules" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:555 +msgid "Discard" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:557 +msgid "" +"Discard Changes and Overwrite With Clean Copy Of The Head Revision From RCS" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:558 +msgid "Commit" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:559 +msgid "Co&mmit" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:560 +msgid "Commit Opened File to RCS and Continue Editing" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:567 src/gui/.ui/FWBMainWindow_q.cpp:568 +msgid "new item" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:569 src/gui/.ui/FWBMainWindow_q.cpp:570 +msgid "Find Conflicting Objects in Two Files" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:571 +msgid "Import Po&licy" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:572 +msgid "Toolbar" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:573 +msgid "&File" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:574 +msgid "&Edit" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:576 +msgid "Rules" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:577 +msgid "Tools" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:578 +msgid "&Help" +msgstr "" + +#: src/gui/.ui/groupobjectdialog_q.cpp:190 +msgid "I" +msgstr "" + +#: src/gui/.ui/groupobjectdialog_q.cpp:191 +msgid "L" +msgstr "" + +#: src/gui/.ui/hostdialog_q.cpp:146 +msgid "MAC matching" +msgstr "" + +#: src/gui/.ui/icmpservicedialog_q.cpp:167 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1071 +msgid "ICMP" +msgstr "" + +#: src/gui/.ui/icmpservicedialog_q.cpp:172 +msgid "ICMP Type:" +msgstr "" + +#: src/gui/.ui/icmpservicedialog_q.cpp:174 +msgid "ICMP Code:" +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:85 src/gui/.ui/instdialog_q.cpp:270 +#: src/gui/.ui/librarydialog_q.cpp:136 src/gui/.ui/librarydialog_q.cpp:137 +msgid "Library" +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:87 src/gui/.ui/instdialog_q.cpp:271 +msgid "Last Modified" +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:89 src/gui/.ui/instdialog_q.cpp:272 +msgid "Last Compiled" +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:91 src/gui/.ui/instdialog_q.cpp:273 +msgid "Last Installed" +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:136 src/gui/.ui/instdialog_q.cpp:280 +msgid "Progress" +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:225 src/gui/.ui/instdialog_q.cpp:290 +msgid "Compile status" +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:226 src/gui/.ui/instdialog_q.cpp:291 +msgid "Install status" +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:263 +msgid "Firewall Builder: Policy Installer" +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:264 +msgid "" +"

    Select firewalls to compile and " +"install.

    " +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:265 +msgid "Perform batch install" +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:266 +msgid "" +"Check this option if you want to install all selected firewalls " +"automatically. This only works if you use the same user name and password to " +"authenticate to all these firewalls. " +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:275 +msgid "None" +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:282 +msgid "firewall" +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:283 +msgid "Progress:" +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:285 +msgid "Show Details" +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:286 +msgid "Process log" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:283 +msgid "Install options" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:284 +#, qt-format +msgid "" +"

    Install options for firewall '%1'

    " +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:287 +msgid "min" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:288 +msgid "" +"Test run: run the script on the firewall but do not store it permanently." +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:289 +msgid "Schedule reboot in " +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:290 +msgid "" +"Rebooting the firewall will restore its original policy. To cancel reboot, " +"install the policy with \"test run\" option turned off" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:291 +msgid "" +"If you install the policy in test mode, it will not be saved permanently, so " +"you can revert to the last working configuration by rebooting the firewall" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:292 +msgid "Cancel reboot if policy activation was successfull" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:293 +msgid "" +"Quiet install: do not print anything as commands are executed on the firewall" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:294 +msgid "Verbose: print all commands as they are executed on the firewall" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:295 +msgid "Remove comments from configuration" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:296 +msgid "Compress script" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:297 +msgid "Store a copy of fwb file on the firewall" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:298 +msgid "Alternative address to communicate with the firewall:" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:299 +msgid "Options for PIX and fwsm firewalls :" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:300 +msgid "Write configuration to standby PIX" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:301 +msgid "Dry run (commands won't be executed on the firewall)" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:302 +msgid "Store configuration diff in a file" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:303 +msgid "" +"install only ACL, 'icmp', 'telnet', 'ssh', 'nat', 'global' and 'static' " +"commands" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:304 +msgid "" +"Calculate difference between current firewall state and generated " +"configuration and install only those commands that update state of the " +"firewall" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:305 +msgid "Make a backup copy of the firewall configuration in this file:" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:306 +msgid "Password or passphrase:" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:307 +msgid "User name:" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:308 +msgid "Enable password:" +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:235 +#: src/gui/.ui/newfirewalldialog_q.cpp:507 src/gui/.ui/newhostdialog_q.cpp:393 +msgid "Label:" +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:237 +msgid "Security level:" +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:238 +msgid "" +"

    Each interface of the firewall must have security level associated with " +"it.
    Security level can be any number between 0 and 100, 0 being least " +"secure and 100 being most secure levels. Interface with security level 0 " +"ususally serves Internet connection.

    " +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:239 +msgid "" +"

    Each interface of the firewall must have security level associated with " +"it.
    \n" +"Security level can be any number between 0 and 100, 0 being least secure and " +"100 being most secure levels. Interface with security level 0 ususally " +"serves Internet connection.

    " +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:241 src/gui/.ui/interfacedialog_q.cpp:244 +msgid "" +"

    Network zone consists of hosts and networks that can be reached through " +"this interface of the firewall. Subnet to which this interface is directly " +"attached must be part of its network zone. Other subnets reachable by means " +"of routing should alse be added to the network zone.\n" +"
    \n" +"If network zone for this interface consists of only one subnet, you can " +"simply choose that network's object in the pull-down below. If your network " +"zone should include multiple subnets, you need to create an Object Group, " +"then put all hosts and networks which are going to be part of the network " +"zone into that group and finally choose this group in the pull-down below." +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:247 +msgid "Network zone:" +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:249 +msgid "This interface is external (insecure)" +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:250 +msgid "" +"

    One interface of the firewall must be marked as 'external'. This " +"interface should be connected to the least secure network, usually the " +"Internet.

    " +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:251 +msgid "" +"One interface of the firewall must be marked as 'external'. This interface " +"should be connected to the least secure network, usually the Internet." +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:252 +msgid "Management interface" +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:253 +msgid "" +"

    Check if this interface is used for management (SNMP queries, remote " +"policy install etc.)

    " +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:255 +msgid "Address is assigned dynamically" +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:256 +#: src/gui/.ui/newfirewalldialog_q.cpp:515 +msgid "Regular interface" +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:257 +msgid "Unprotected interface" +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:258 +msgid "Skip this interface while assigning policy rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:546 +msgid "ipf: advanced settings" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:551 +msgid "Use raudio proxy in NAT rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:552 +msgid "Use h323 proxy in NAT rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:553 +msgid "Use ipsec proxy in NAT rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:554 +msgid "Use ftp proxy in NAT rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:555 +msgid "Use rcmd proxy in NAT rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:556 +msgid "Use Kerberos rcmd proxy in NAT rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:557 +msgid "Use Kerberos ekshell proxy in NAT rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:558 +msgid "" +"Some protocols involve multiple associated network connections. Firewall can " +"keep track of such connections automatically if you activate one or all of " +"the following options:" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:559 +msgid "Use PPTP proxy in NAT rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:560 +msgid "Use IRC proxy in NAT rules for DCC" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:561 +msgid "Protocol Helpers" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:562 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:356 +#: src/gui/.ui/iptadvanceddialog_q.cpp:610 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1004 +msgid "Compiler:" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:563 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1019 +msgid "" +"There are two ways compiler can generate code for rules in the Global " +"Policy: it can either create two ipf rules to control both incoming and " +"outgoing packets for each rule, or it can create only one ipf rule for " +"incoming packets and permit all outgoing ones.You get more control over the " +"packets crossing the firewall in the first mode, but generated script is " +"going to be smaller if you choose the second." +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:564 +msgid "" +"Masquerade returned icmp as being from original\n" +"packet's destination" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:567 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1018 +msgid "Generate both 'in' and 'out' rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:568 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1017 +msgid "Pass all outgoing" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:569 +#: src/gui/.ui/iptadvanceddialog_q.cpp:608 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1009 +msgid "Accept TCP sessions opened prior to firewall restart" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:570 +msgid "Find and eliminate duplicate rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:571 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:360 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1011 +msgid "Detect rule shadowing in policy" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:572 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:361 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1012 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1846 +msgid "" +"Shadowing happens because a rule is a superset of a subsequent rule and any " +"packets potentially matched by the subsequent rule have already been matched " +"by the prior rule." +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:573 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:358 +#: src/gui/.ui/iptadvanceddialog_q.cpp:616 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1013 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1841 +msgid "Ignore empty groups in rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:574 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:359 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1014 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1842 +msgid "" +"If the option is deactivated, compiler treats empty groups as an error and " +"aborts processing the policy. If this option is activated, compiler removes " +"all empty groups from all rule elements. If rule element becomes 'any' after " +"the last empty group has been removed, the whole rule will be ignored. Use " +"this option only if you fully understand how it works!" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:575 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:364 +#: src/gui/.ui/iptadvanceddialog_q.cpp:617 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1006 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1828 +msgid "" +"Always permit ssh access from\n" +"the management workstation\n" +"with this address:" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:578 +#: src/gui/.ui/iptadvanceddialog_q.cpp:620 +msgid "Default action on 'Reject':" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:579 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:355 +#: src/gui/.ui/iptadvanceddialog_q.cpp:603 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1005 +msgid "Command line options for the compiler:" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:580 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:357 +#: src/gui/.ui/iptadvanceddialog_q.cpp:611 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1015 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1827 +msgid "" +"Output file name (if left blank, the file name is constructed of the " +"firewall object name and extension \".fw\")" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:581 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:367 +#: src/gui/.ui/iptadvanceddialog_q.cpp:623 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1021 +msgid "Compiler" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:582 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:368 +#: src/gui/.ui/iptadvanceddialog_q.cpp:624 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1096 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1873 +msgid "External install script" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:583 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:369 +#: src/gui/.ui/iptadvanceddialog_q.cpp:625 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1097 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1874 +msgid "" +"Policy install script (using built-in installer if this field is blank):" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:584 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:370 +#: src/gui/.ui/iptadvanceddialog_q.cpp:626 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1098 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1875 +msgid "Command line options for the script:" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:585 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:371 +#: src/gui/.ui/iptadvanceddialog_q.cpp:627 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1099 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1876 +msgid "Built-in installer" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:586 +msgid "Directory on the firewall where configuration files should be installed" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:587 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:376 +#: src/gui/.ui/iptadvanceddialog_q.cpp:632 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1104 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1879 +msgid "Additional command line parameters for ssh" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:588 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:375 +#: src/gui/.ui/iptadvanceddialog_q.cpp:631 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1103 +msgid "" +"A command that installer should execute on the firewall in order to activate " +"the policy (if this field is blank, installer runs firewall script in the " +"directory specified above; it uses sudo if user name is not 'root')" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:589 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:372 +#: src/gui/.ui/iptadvanceddialog_q.cpp:628 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1100 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1877 +msgid "" +"Alternative name or address used to communicate with the firewall (also " +"putty session name on Windows)" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:590 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:373 +#: src/gui/.ui/iptadvanceddialog_q.cpp:629 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1101 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1878 +msgid "" +"User name used to authenticate to the firewall (leave this empty if you use " +"putty session):" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:591 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:377 +#: src/gui/.ui/iptadvanceddialog_q.cpp:633 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1105 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1880 +msgid "Installer" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:594 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:384 +#: src/gui/.ui/iptadvanceddialog_q.cpp:640 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1113 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1883 +msgid "" +"The following commands will be added verbatim on top of generated " +"configuration" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:599 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:381 +#: src/gui/.ui/iptadvanceddialog_q.cpp:637 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1109 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1888 +msgid "" +"The following commands will be added verbatim after generated configuration" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:600 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:386 +#: src/gui/.ui/iptadvanceddialog_q.cpp:647 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1118 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1889 +msgid "Prolog/Epilog" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:601 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:849 +msgid "Log facility:" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:602 +#: src/gui/.ui/iptadvanceddialog_q.cpp:654 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:799 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:850 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:881 +msgid "Log level:" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:603 +msgid "Log packet body" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:604 +msgid "Block if can not log" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:605 +#: src/gui/.ui/iptadvanceddialog_q.cpp:663 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1121 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2076 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:801 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:851 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:858 +msgid "Logging" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:606 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:387 +#: src/gui/.ui/iptadvanceddialog_q.cpp:669 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1122 +msgid "Add virtual addresses for NAT" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:607 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:388 +#: src/gui/.ui/iptadvanceddialog_q.cpp:665 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1123 +msgid "Configure Interfaces of the firewall machine" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:608 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:389 +#: src/gui/.ui/iptadvanceddialog_q.cpp:666 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1124 +msgid "Turn debugging on in generated script" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:609 +msgid "Optimization" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:610 +msgid "" +"If this option is on, policy compiler adds virtual addresses to the " +"interfaces to make the firewall answer to ARP queries for addresses used in " +"NAT rules." +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:611 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:390 +#: src/gui/.ui/iptadvanceddialog_q.cpp:664 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1125 +msgid "These options enable auxiliary sections in the generated shell script." +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:612 +msgid "Determine addresses of dynamic interfaces at run time" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:613 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:391 +#: src/gui/.ui/iptadvanceddialog_q.cpp:672 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1126 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1872 +msgid "Script Options" +msgstr "" + +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:350 +msgid "ipfw: advanced settings" +msgstr "" + +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:362 +msgid "" +"Add rule to accept packets matching dynamic rules created for\n" +"known sessions on top of the policy (action 'check-state')" +msgstr "" + +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:374 +#: src/gui/.ui/iptadvanceddialog_q.cpp:630 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1102 +msgid "Directory on the firewall where script should be installed" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:208 +msgid "IP" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:212 +msgid "all fragments" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:213 +msgid "rr (record route)" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:214 +msgid "timestamp" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:215 +msgid "ssrr (strict source route)" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:216 +msgid "'short' fragments" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:217 +msgid "lsrr (loose source route)" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:220 +msgid "Protocol number:" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:221 +msgid "( 0 - any protocol )" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:598 +msgid "iptables: advanced settings" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:604 +msgid "Accept ESTABLISHED and RELATED packets before the first rule" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:605 +msgid "Bridging firewall" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:606 +msgid "Detect shadowing in policy rules" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:607 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1832 +msgid "Assume firewall is part of 'any'" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:609 +msgid "Enable support for NAT of locally originated connections" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:612 +msgid "" +"Drop packets that are associated with\n" +"no known connection" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:614 +msgid "and log them" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:615 +msgid "Clamp MSS to MTU" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:621 +msgid "Make Tag and Classify actions terminating" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:622 +msgid "Do not set default policy for ipv6" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:642 +msgid "Insert prolog script " +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:649 +msgid "use ULOG" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:650 +msgid "use LOG" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:651 +msgid "log TCP seq. numbers" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:652 +msgid "log IP options" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:653 +msgid "use numeric syslog levels" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:655 +msgid "log TCP options" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:656 +msgid "cprange" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:657 +msgid "queue threshold:" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:658 +msgid "netlink group:" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:659 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:798 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:857 +msgid "Log prefix:" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:660 +msgid "Logging limit:" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:661 +msgid "" +"Activate logging in all rules\n" +"(overrides rule options, use for debugging)" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:667 +msgid "Verify interfaces before loading firewall policy" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:668 +msgid "Load modules" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:670 +msgid "Use iptables-restore to activate policy" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:671 +msgid "iptables-restore replaces firewall policy in one atomic transaction" +msgstr "" + +#: src/gui/.ui/ipv4dialog_q.cpp:169 +msgid "IPv4" +msgstr "" + +#: src/gui/.ui/ipv4dialog_q.cpp:176 +msgid "DNS Lookup..." +msgstr "" + +#: src/gui/.ui/libexport_q.cpp:106 +msgid "Export" +msgstr "" + +#: src/gui/.ui/libexport_q.cpp:107 +msgid "" +"This will export a library to a file which can later be imported back into " +"Firewall Builder" +msgstr "" + +#: src/gui/.ui/libexport_q.cpp:109 +msgid "New Item" +msgstr "" + +#: src/gui/.ui/libexport_q.cpp:110 +msgid "Make exported libraries read-only" +msgstr "" + +#: src/gui/.ui/libexport_q.cpp:111 +msgid "Choose libraries to be exported:" +msgstr "" + +#: src/gui/.ui/librarydialog_q.cpp:138 +msgid "Color:" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:195 +msgid "Linksys/Sveasoft: advanced settings" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:200 +#: src/gui/.ui/linux24advanceddialog_q.cpp:450 +msgid "modprobe:" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:201 +#: src/gui/.ui/linux24advanceddialog_q.cpp:451 +msgid "logger:" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:202 +#: src/gui/.ui/linux24advanceddialog_q.cpp:452 +msgid "ip:" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:203 +#: src/gui/.ui/linux24advanceddialog_q.cpp:453 +msgid "lsmod" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:204 +#: src/gui/.ui/linux24advanceddialog_q.cpp:455 +msgid "iptables:" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:205 +#: src/gui/.ui/linux24advanceddialog_q.cpp:454 +msgid "" +"Specify directory path and a file name for each utility on your firewall " +"machine. Leave these empty if you want to use default values." +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:207 +msgid "" +"Policy installer relies on the shell prompt on the firewall to execute " +"commands. Installer tries both prompt string patterns configured here; it " +"assumes that the firewall is ready to accept a command if either prompt " +"matches. You should only need to change these string patterns if Sveasoft " +"changes the shell prompt in the future releases of the software.\n" +"
    \n" +"
    \n" +"The default strings work for Sveasoft Alchemy pre-5.1 and pre-5.2" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:211 +msgid "Use default prompts" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:212 +msgid "prompt 2" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:213 +msgid "prompt 1" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:214 +msgid "Prompts" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:365 +msgid "Linux 2.4: advanced settings" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:407 +msgid "Kernel anti-spoofing protection" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:408 +msgid "Ignore broadcast pings" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:409 +msgid "Ignore all pings" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:410 +msgid "Accept source route" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:411 +msgid "Accept ICMP redirects" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:412 +msgid "Ignore bogus ICMP errors" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:413 +msgid "Allow dynamic addresses" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:414 +msgid "Log martians" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:416 +msgid "" +"These parameters make sense for connections to or from the firewall host" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:441 +msgid "TCP sack" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:442 +msgid "TCP window scaling" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:443 +msgid "TCP ECN" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:444 +msgid "TCP SYN cookies" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:445 +msgid "TCP keepalive time (sec)" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:446 +msgid "TCP fack" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:447 +msgid "TCP timestamps" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:448 +msgid "TCP FIN timeout (sec)" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:449 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1051 +#: src/gui/.ui/tcpservicedialog_q.cpp:370 +msgid "TCP" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:456 +msgid "iptables-restore:" +msgstr "" + +#: src/gui/.ui/longtextdialog_q.cpp:95 +msgid "longTextDialog_q" +msgstr "" + +#: src/gui/.ui/longtextdialog_q.cpp:97 +msgid "this is the error text" +msgstr "" + +#: src/gui/.ui/macosxadvanceddialog_q.cpp:164 +msgid "MacOS X: advanced settings" +msgstr "" + +#: src/gui/.ui/metriceditorpanel_q.cpp:78 +msgid "textLabel2" +msgstr "" + +#: src/gui/.ui/natruleoptionsdialog_q.cpp:154 +msgid "NAT Rule Options" +msgstr "" + +#: src/gui/.ui/natruleoptionsdialog_q.cpp:156 +msgid "No options are available for this firewall platform" +msgstr "" + +#: src/gui/.ui/natruleoptionsdialog_q.cpp:157 +msgid "Pool type" +msgstr "" + +#: src/gui/.ui/natruleoptionsdialog_q.cpp:158 +msgid "default" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:172 +#: src/gui/.ui/newfirewalldialog_q.cpp:323 +#: src/gui/.ui/newfirewalldialog_q.cpp:502 +#: src/gui/.ui/newfirewalldialog_q.cpp:524 src/gui/.ui/newhostdialog_q.cpp:188 +#: src/gui/.ui/newhostdialog_q.cpp:398 +msgid "Label" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:174 +#: src/gui/.ui/newfirewalldialog_q.cpp:504 src/gui/.ui/newhostdialog_q.cpp:190 +#: src/gui/.ui/newhostdialog_q.cpp:400 +msgid "Netmask" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:175 +#: src/gui/.ui/newfirewalldialog_q.cpp:505 src/gui/.ui/newhostdialog_q.cpp:191 +#: src/gui/.ui/newhostdialog_q.cpp:401 +msgid "Dyn" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:176 +#: src/gui/.ui/newfirewalldialog_q.cpp:506 src/gui/.ui/newhostdialog_q.cpp:192 +#: src/gui/.ui/newhostdialog_q.cpp:402 +msgid "MAC" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:325 +#: src/gui/.ui/newfirewalldialog_q.cpp:526 +msgid "Security Level" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:487 src/gui/.ui/newhostdialog_q.cpp:378 +msgid "Enter the name of the new object below:" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:488 +msgid "Choose firewall software it is running:" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:489 +msgid "Choose OS the new firewall runs on:" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:490 +msgid "Use preconfigured template firewall objects" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:492 +msgid "" +"Next step is to add interfaces to the new firewall. There are two ways to do " +"it: using SNMP query or manually. Adding them using SNMP query is fast and " +"automatic, but is only possible if firewall runs SNMP agent and you know " +"SNMP community string 'read'." +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:494 src/gui/.ui/newhostdialog_q.cpp:383 +msgid "Configure interfaces manually" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:495 +msgid "Use SNMP to discover interfaces of the firewall" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:496 src/gui/.ui/newhostdialog_q.cpp:385 +msgid "Discover Interfaces using SNMP" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:499 +msgid "" +"Here you can add or edit interfaces manually. 'Name' corresponds to the name " +"of the physical interface, such as 'eth0', 'fxp0', 'ethernet0' etc. 'Label' " +"is used to mark interface to reflect network topology, e.g. 'outside' or " +"'inside'. Label is mandatory for PIX firewall." +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:500 src/gui/.ui/newhostdialog_q.cpp:391 +msgid "Click 'Next' when done." +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:509 src/gui/.ui/newhostdialog_q.cpp:408 +msgid "Update" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:510 src/gui/.ui/newhostdialog_q.cpp:407 +msgid "Add" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:519 src/gui/.ui/newhostdialog_q.cpp:403 +msgid "MAC:" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:521 +msgid "up" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:522 +msgid "down" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:527 +msgid "Click 'Finish' when done." +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:528 +msgid "" +"In order to be able to build firewall policy properly, Firewall Builder " +"needs information about 'security level' of the firewall's interfaces. " +"Interface that connects it to the Internet is considered 'insecure' and has " +"security level '0', while interface connected to the internal network is " +"supposed to be 'secure' (security level '100'). You can arrange interfaces " +"in the order of their security level below." +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:530 src/gui/.ui/newhostdialog_q.cpp:411 +msgid "" +"Choose template object in the list and click 'Finish' when ready. Template " +"objects use generic interface names that will be iherited by the firewall " +"object you create. You may need to rename them later to reflect real names " +"of interfaces on your firewall machine." +msgstr "" + +#: src/gui/.ui/newgroupdialog_q.cpp:99 +msgid "Group Name:" +msgstr "" + +#: src/gui/.ui/newgroupdialog_q.cpp:100 +msgid "This operation will create a new group and put selected objects in it" +msgstr "" + +#: src/gui/.ui/newgroupdialog_q.cpp:101 +msgid "Create a group" +msgstr "" + +#: src/gui/.ui/newhostdialog_q.cpp:379 +msgid "Use preconfigured template host objects" +msgstr "" + +#: src/gui/.ui/newhostdialog_q.cpp:381 +msgid "" +"Next step is to add interfaces to the new host. There are two ways to do it: " +"using SNMP query or manually. Adding them using SNMP query is fast and " +"automatic, but is only possible if the host runs SNMP agent and you know " +"SNMP community string 'read'." +msgstr "" + +#: src/gui/.ui/newhostdialog_q.cpp:384 +msgid "Use SNMP to discover interfaces of the host" +msgstr "" + +#: src/gui/.ui/newhostdialog_q.cpp:388 +msgid "" +"Here you can add or edit interfaces manually. 'Name' corresponds to the name " +"of the physical interface, such as 'eth0', 'fxp0', 'ethernet0' etc. 'Label' " +"is used to mark interface to reflect network topology, e.g. 'outside' or " +"'inside'." +msgstr "" + +#: src/gui/.ui/newhostdialog_q.cpp:396 +msgid "" +"This is unnumbered interface, that is, it does not have an IP address. You " +"can use this for interfaces that terminate PPPoE or other VPN tunnels" +msgstr "" + +#: src/gui/.ui/newhostdialog_q.cpp:405 +msgid "" +"Address of this interface is assigned dynamically using DHCP or PPP protocol" +msgstr "" + +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:148 +msgid "Conflict Resolution" +msgstr "" + +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:149 +msgid "" +"There is a conflict between an object in your tree and object in the file " +"you are trying to open. Choose which version of this object you want to use:" +msgstr "" + +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:150 +msgid "Current Object " +msgstr "" + +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:153 +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:158 +msgid "" +"Always choose this\n" +"object if there is a conflict" +msgstr "" + +#: src/gui/.ui/objectmanipulator_q.cpp:108 +msgid "Tree of Objects" +msgstr "" + +#: src/gui/.ui/objectmanipulator_q.cpp:112 +msgid "Go back to the previous object" +msgstr "" + +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:172 +msgid "OpenBSD: advanced settings" +msgstr "" + +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:178 +msgid "Enable directed broadcast" +msgstr "" + +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:199 +msgid "pfctl:" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:103 +msgid "Page Setup" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:104 +msgid "start each section on a new page" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:105 +msgid "print header on every page" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:106 +msgid "print legend" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:107 +msgid "print objects used in rules" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:109 +msgid "Alt+O" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:112 +msgid "Scale tables: " +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:114 +msgid "50%" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:115 +msgid "75%" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:116 +msgid "100%" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:117 +msgid "150%" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:118 +msgid "200%" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:999 +msgid "pf: advanced settings" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1010 +msgid "Modulate state for all stateful rules (applies only to TCP services)" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1020 +msgid "Optimization:" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1022 +msgid "Enforce Minimum TTL:" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1023 +msgid "Enforce Maximum MSS:" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1024 +msgid "Enforces a maximum Maximum Segment Size (MSS) in TCP packet headers." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1025 +msgid "Enforces a minimum Time To Live (TTL) in IP packet headers." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1026 +msgid "Reassemble fragments" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1027 +msgid "Clear DF bit" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1028 +msgid "Clears the don't fragment bit from the IP packet header." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1029 +msgid "Use random ID" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1030 +msgid "" +"Replaces the IP identification field of outgoing packets with random values " +"to compensate for operating systems that use predictable values." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1032 +msgid "Buffer and reassemble fragments (default)" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1033 +msgid "" +"Buffers incoming packet fragments and reassembles them into a complete " +"packet before passing them to the filter engine." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1034 +msgid "Drop duplicate fragments, do not buffer and reassemble" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1035 +msgid "" +"Causes duplicate fragments to be dropped and any overlaps to be cropped." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1036 +msgid "Drop duplicate and subsequent fragments" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1037 +msgid "" +"Similar to 'Drop duplicate fragments' except that all duplicate or " +"overlapping fragments will be dropped as well as any further corresponding " +"fragments." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1038 +msgid "Scrub rule options" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1039 +msgid "maximum number of entries in the memory pool used for packet reassembly" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1040 +msgid "table-entries" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1041 +msgid "maximum number of addresses that canbe stored in tables" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1042 +msgid "" +"maximum number of entries in the memory pool used for state table entries" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1043 +msgid "state table size: " +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1044 +msgid "reassembly pool: " +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1045 +msgid "" +"maximum number of entries in the memory pool used for tracking source IP " +"addresses" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1046 +msgid "maximum number of tables that can exist in the memory simultaneously" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1047 +msgid "tables" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1048 +msgid "src-nodes" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1049 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:876 +msgid "Limits" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1050 +msgid "" +"When a packet matches a stateful connection, the seconds to live for the " +"connection will be updated to the value which corresponds to the connection " +"state." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1052 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1065 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1074 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1077 +msgid "first" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1053 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1066 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1072 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1078 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1081 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1082 +msgid "The state after the first packet." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1054 +msgid "opening" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1055 +msgid " The state before the destination host ever sends a packet." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1056 +msgid "established" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1057 +msgid "The fully established state." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1058 +msgid "The state after the first FIN has been sent." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1059 +msgid "closing" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1060 +msgid "" +"The state after both FINs have been exchanged and the connection is closed." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1061 +msgid "finwait" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1062 +msgid "The state after one endpoint sends an RST." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1063 +msgid "closed" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1064 +#: src/gui/.ui/udpservicedialog_q.cpp:221 +msgid "UDP" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1067 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1079 +msgid "single" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1068 +msgid "" +"The state if the source host sends more than one packet but the destination " +"host has never sent one back." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1069 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1080 +msgid "multiple" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1070 +msgid " The state if both hosts have sent packets." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1073 +msgid "The state after an ICMP error came back in response to an ICMP packet." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1076 +msgid "Other Protocols" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1083 +msgid "Fragments" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1084 +msgid "reassembly timeout" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1085 +msgid "state expiration timeout" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1086 +msgid "seconds between purges of expired states and packet fragments." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1087 +msgid "seconds before an unassembled fragment is expired." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1088 +msgid "Adaptive scaling" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1089 +msgid "" +"Timeout values can be reduced adaptively as the number of state table " +"entries grows (see man page pf.conf(5) for details)" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1090 +msgid "adaptive start" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1091 +msgid "" +"When the number of state entries exceeds this value, adaptive scaling begins." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1092 +msgid "adaptive end" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1093 +msgid "" +"When reaching this number of state entries, all timeout val- ues become " +"zero, effectively purging all state entries imme- diately." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1094 +msgid "Activate adaptive timeout scaling" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1095 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1910 +msgid "Timeouts" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1114 +msgid "Insert prolog and epilog scripts" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1116 +msgid "in the activation shell script (.fw file)" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1117 +msgid "in the pf rule file (.conf file)" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1119 +msgid "Log Prefix" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1120 +msgid "Fallback \"deny all\" rule should log blocked packets" +msgstr "" + +#: src/gui/.ui/physaddressdialog_q.cpp:149 +msgid "physAddress" +msgstr "" + +#: src/gui/.ui/physaddressdialog_q.cpp:150 +msgid "MAC Address" +msgstr "" + +#: src/gui/.ui/physaddressdialog_q.cpp:153 +msgid "Physical address (MAC):" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1824 +msgid "PIX Firewall Settings" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1831 +msgid "Policy Compiler Options" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1833 +msgid "" +"Generate rules assuming the firewall is part of \"Any\". This makes a " +"difference in rules that use services 'ssh' and 'telnet' since PIX uses " +"special commands to control ssh and telnet access to the firewall machine" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1834 +msgid "" +"Replace NAT'ted objects with their \n" +"translations in policy rules" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1836 +msgid "" +"PIX inspects packets with ACLs before it does NAT, while many other " +"firewalls do NAT first and then apply ACLs. Policy compiler can emulate the " +"latter behaviour if this options is turned on." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1837 +msgid "Emulate outbound ACLs" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1838 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1840 +msgid "" +"Normally PIX does not support ouotbound ACL, however policy compiler can " +"emulate them if this option is turned on" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1839 +msgid "Generate outbound ACLs" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1843 +msgid "Optimize 'default nat' rules" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1844 +msgid "" +"In nat rules where network zone object is used in OSrc, ODst and OSrv are " +"'any' and TSrc defines a global pool for the translation, replace object in " +"OSrc with 'any' to produce PIX command \"nat (interface) N 0.0.0.0 0.0.0.0\"" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1845 +msgid "Detect rule shadowing in the policy" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1847 +msgid "Verification of NAT rules" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1848 +msgid "Check for duplicate nat rules" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1849 +msgid "Check for overlapping global pools" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1850 +msgid "Check for overlapping statics" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1851 +msgid "" +"Check for overlapping global\n" +"pools and statics" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1853 +msgid "Compiler Options" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1855 +msgid "Comment the code" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1856 +msgid "Insert comments into generated PIX configuration file" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1857 +msgid "Use ACL remarks" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1858 +msgid "Use ACL remarks to relate ACL commands and policy rules in the GUI" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1859 +msgid "Group similar commands together" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1860 +msgid "" +"Group PIX commands in the script so that similar commands appear next to " +"each other, just like PIX does it when you use 'show config'" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1861 +msgid "Use manual ACL commit on FWSM" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1862 +msgid "Access lists (requires Firewall Builder for PIX 1.1.6 and later)" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1863 +msgid "" +"Clear all access lists then install new ones. This method may interrupt " +"access to the firewall if you manage it remotely via IPSEC tunnel. This is " +"the way access lists were generated in older versions of Firewall Builder " +"for PIX." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1864 +msgid "" +"Do not clear access lists and object group, just generate PIX commands for " +"the new ones. Use this optin if you have your own policy installation " +"scripts." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1865 +msgid "" +"\"Safety net\" method:\n" +"\n" +"First, create temporary access list to permit connections from the " +"management subnet specified below to the firewall and assign it to outside " +"interface. This temporary ACL helps maintain session between management " +"station and the firewall while access lists are reloaded in case connection " +"comes over IPSEC tunnel. Then clear permanent lists, recreate them and " +"assign to interfaces. This method ensures that remote access to the firewall " +"is maintained without interruption at a cost of slightly larger " +"configuration." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1868 +msgid "" +"Temporary access list should permit access from this address or subnet (use " +"prefix notation to specify subnet, e.g. 192.0.2.0/24):" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1890 +msgid "Set all to defaults.." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1891 +msgid "xlate" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1892 +msgid "conn" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1893 +msgid "udp" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1894 +msgid "rpc" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1895 +msgid "h323" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1896 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2020 +msgid "sip" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1897 +msgid "sip&media" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1898 +msgid "unauth" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1899 +msgid "telnet" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1900 +msgid "ssh" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1901 +msgid "ss" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1902 +msgid "mm" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1903 +msgid "hh" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1904 +msgid "half-closed" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1906 +msgid "Inactivity" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1907 +msgid "Absolute" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1911 +msgid "" +"Policy compiler generates 'fixup' commands for PIX v6.1-6.3 and FWSM v2.3. " +"For PIX 7.0 it generates 'class-map' and 'inspect' commands assigned to the " +"'policy-map' under either default or custom inspection classes." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1913 +msgid "Enable all protocols" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1914 +msgid "Disable all protocols" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1915 +msgid "Skip all protocols" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1916 +msgid "Display generated commands" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1918 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1927 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1933 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1941 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1950 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1958 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1966 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1972 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1980 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1988 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1995 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2002 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2009 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2017 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2024 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2032 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2040 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2048 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2055 +msgid "skip" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1919 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1928 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1934 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1942 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1951 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1959 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1967 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1973 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1981 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1989 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1996 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2003 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2010 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2018 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2025 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2033 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2041 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2049 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2056 +msgid "enable" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1920 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1929 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1935 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1943 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1952 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1960 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1968 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1974 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1982 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1990 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1997 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2004 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2011 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2019 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2026 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2034 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2042 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2050 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2057 +msgid "disable" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1921 +msgid "" +"Computer Telephony Interface Quick Buffer Encoding (CTIQBE) protocol " +"inspection module that supports NAT, PAT, and bi-directional NAT." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1922 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1938 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1947 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1956 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1964 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1977 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1993 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2000 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2007 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2014 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2022 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2030 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2037 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2045 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2053 +msgid "port:" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1923 +msgid "ctiqbe" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1924 +msgid "" +"Based on this maximum-length configured by the user, the DNS fixup checks to " +"see if the DNS packet length is within this limit. Every UDP DNS packet " +"(request/response) undergoes the above check." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1925 +msgid "max length:" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1930 +msgid "dns" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1931 +msgid "Enables PAT for Encapsulating Security Payload (ESP), single tunnel." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1936 +msgid "esp ike" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1939 +msgid "strict:" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1944 +msgid "" +"Activated support for FTP protocol and allows to change the ftp control " +"connection port number." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1946 +msgid "" +"Specifies to use H.225, the ITU standard that governs H.225.0 session " +"establishment and packetization, with H.323" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1948 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1955 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1963 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1978 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2015 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2029 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2038 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2046 +msgid "--" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1953 +msgid "h323 h225" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1954 +msgid "" +"Specifies to use RAS with H.323 to enable dissimilar communication devices " +"to communicate with each other." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1961 +msgid "h323 ras" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1962 +msgid "" +"The default port for HTTP is 80. Use the port option to change the HTTP " +"port, or specify a range of HTTP ports." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1969 +msgid "http" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1970 +msgid "" +"Enables NAT of ICMP error messages. This creates translations for " +"intermediate hops based on the static or network address translation " +"configuration on the firewall." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1975 +msgid "icmp error" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1976 +msgid "" +"Provides NAT support for Microsoft NetMeeting, SiteServer, and Active " +"Directory products that use LightWeight Directory Access Protocol (LDAP) to " +"exchange directory information with an for Internet Locator Service (ILS) " +"server." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1983 +msgid "ils" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1984 +msgid "Enables the Media Gateway Control Protocol (MGCP) fixup." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1985 +msgid "Gateway Port:" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1986 +msgid "Call Agent port:" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1991 +msgid "mgcp" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1992 +msgid "" +"Enables Point-to-Point Tunneling Protocol (PPTP) application inspection." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1998 +msgid "pptp" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1999 +msgid "Enables inspection of RSH protocol." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2005 +msgid "rsh" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2006 +msgid "" +"Lets PIX Firewall pass Real Time Streaming Protocol (RTSP) packets. RTSP is " +"used by RealAudio, RealNetworks, Apple QuickTime 4, RealPlayer, and Cisco IP/" +"TV connections." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2012 +msgid "rtsp" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2013 +msgid "" +"Enable or change the port assignment for the Session Initiation Protocol " +"(SIP) for Voice over IP TCP connections." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2021 +msgid "Enable SIP-over-UDP application inspection." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2027 +msgid "sip udp" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2028 +msgid "" +"Enable SCCP application inspection. SCCP protocol supports IP telephony and " +"can coexist in an H.323 environment. An application layer ensures that all " +"SCCP signaling and media packets can traverse the PIX Firewall and " +"interoperate with H.323 terminals." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2035 +msgid "skinny" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2036 +msgid "" +"Enables the Mail Guard feature, which only lets mail servers receive the RFC " +"821, section 4.5.1, commands of HELO, MAIL, RCPT, DATA, RSET, NOOP, and " +"QUIT. All other commands are translated into X's which are rejected by the " +"internal server." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2043 +msgid "smtp" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2044 +msgid "Enables support for SQL*Net protocol." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2051 +msgid "sqlnet" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2052 +msgid "Enable TFTP application inspection." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2058 +msgid "tftp" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2059 +msgid "Inspect" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2060 +msgid "Syslog" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2061 +msgid "Syslog host (name or IP address):" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2062 +msgid "syslog facility:" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2063 +msgid "syslog level ('logging trap'):" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2064 +msgid "Syslog message queue size (messages):" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2065 +msgid "Use 'EMBLEM' format for syslog messages" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2066 +msgid "" +"PIX Firewall Version 6.3 introduces support for EMBLEM format, which is " +"required when using the CiscoWorks Resource Manager Essentials (RME) syslog " +"analyzer." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2067 +msgid "Set device id for syslog messages (v6.3 and later):" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2068 +msgid "use address of interface" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2069 +msgid "use text string" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2070 +msgid "use hostname" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2071 +msgid "The logging timestamp command requires that the clock command be set." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2072 +msgid "Enable logging timestamps on syslog file" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2073 +msgid "Other logging destinations and levels:" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2074 +msgid "Internal buffer" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2075 +msgid "Console" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2077 +msgid "Actively reset inbound TCP connections with RST" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2079 +msgid "Actively reset inbound TCP connections with RST on outside interface" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2081 +msgid "Force each TCP connection to linger in a shortened TIME&WAIT" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2082 +msgid "Alt+W" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2083 +msgid "Enable the IP Frag Guard feature (deprecated in v6.3 and later)." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2084 +msgid "Enable TCP resource control for AAA Authentication Proxy" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2085 +msgid "" +"Specify that when an incoming packet does a route lookup,\n" +"the incoming interface is used to determine which interface\n" +"the packet should go to, and which is the next hop\n" +"(deprecated in v6.3 and later)." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2089 +msgid "Disable inbound embedded DNS A record fixups" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2090 +msgid "Disable outbound DNS A record replies" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2091 +msgid "maximum number of simultaneous TCP and UDP connections" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2092 +msgid "maximum number of embryonic connections per host" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2093 +msgid "" +"Specifies the maximum number of simultaneous TCP and UDP connections for the " +"entire subnet. The default is 0, which means unlimited connections. (Idle " +"connections are closed after the idle timeout specified by the timeout conn " +"command.)" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2094 +msgid "" +"Specifies the maximum number of embryonic connections per host. An embryonic " +"connection is a connection request that has not finished the necessary " +"handshake between source and destination. Set a small value for slower " +"systems, and a higher value for faster systems. The default is 0, which " +"means unlimited embryonic connections." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2095 +msgid "The following parameters are used for all NAT rules:" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2096 +msgid "" +"(The default for both parameters is 0, which means unlimited number of " +"connections.)" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2097 +msgid "PIX Options" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:275 +msgid "PIX Advanced Configuration Options" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:276 +msgid "Set PIX host name using object's name" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:277 +msgid "Generate commands to configure addresses for interfaces" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:278 src/gui/.ui/prefsdialog_q.cpp:381 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:788 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:848 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:856 +msgid "General" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:279 +msgid "NTP Servers:" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:282 +msgid "Server 1:" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:283 +msgid "Server 2:" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:284 +msgid "Server 3:" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:286 +msgid "Preffered:" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:287 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:301 +msgid "IP address:" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:288 +msgid "NTP" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:289 +msgid "Disable SNMP Agent" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:290 +msgid "Set SNMP communities using data from the firewall object dialog" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:291 +msgid "SNMP servers" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:293 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:297 +msgid "Poll" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:294 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:298 +msgid "Poll and Traps" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:295 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:299 +msgid "Traps" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:300 +msgid "Enable:" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:302 +msgid "SNMP Server 1:" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:303 +msgid "SNMP Server 2:" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:304 +msgid "Enable sending log messages as SNMP trap notifications" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:305 +msgid "SNMP" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:306 +msgid "Change TCP MSS to" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:307 +msgid "bytes" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:214 src/gui/.ui/prefsdialog_q.cpp:393 +msgid "File Path" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:363 +msgid "Preferences" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:368 +msgid "minutes" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:369 +msgid "Periodically save data to file every " +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:370 +msgid "Tooltip delay:" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:371 +msgid "Enable object tooltips" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:372 +msgid "Show deleted objects" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:373 +msgid "Automatically save data in dialogs when switching between objects" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:374 +msgid "On startup: " +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:376 +msgid "Load standard objects" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:377 +msgid "Load last edited file" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:378 +msgid "Expand all branches in the object tree" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:379 +msgid "Working directory:" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:382 +msgid "Do not ask for the log record when checking in new file revision." +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:383 +msgid "Revision Control" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:384 +msgid "" +"A full path to the Secure Shell utility (remote command execution; for " +"example ssh on Unix or plink.exe or vsh.exe on Windows):" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:386 +msgid "SSH" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:387 +msgid "Add..." +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:388 +msgid "Remove" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:389 +msgid "" +"If you remove libraries from the list, changes get in effect next time you " +"start the program" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:390 +msgid "Available libraries:" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:394 +msgid "Libraries" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:395 +msgid "Use these labels to mark rules in the firewall policy" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:410 +msgid "Labels" +msgstr "" + +#: src/gui/.ui/printingprogressdialog_q.cpp:73 +msgid "Printing" +msgstr "" + +#: src/gui/.ui/rcsfilepreview_q.cpp:49 src/gui/.ui/rcsfilepreview_q.cpp:122 +msgid "Revision" +msgstr "" + +#: src/gui/.ui/rcsfilepreview_q.cpp:52 src/gui/.ui/rcsfilepreview_q.cpp:123 +msgid "Date" +msgstr "" + +#: src/gui/.ui/rcsfilepreview_q.cpp:55 src/gui/.ui/rcsfilepreview_q.cpp:124 +msgid "Author" +msgstr "" + +#: src/gui/.ui/rcsfilepreview_q.cpp:58 src/gui/.ui/rcsfilepreview_q.cpp:125 +msgid "Locked by" +msgstr "" + +#: src/gui/.ui/rcsfilepreview_q.cpp:120 +msgid "RCSFilePreview" +msgstr "" + +#: src/gui/.ui/rcsfilepreview_q.cpp:121 +msgid "Open read-only" +msgstr "" + +#: src/gui/.ui/rcsfilepreview_q.cpp:126 +msgid "RCS log:" +msgstr "" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:100 +msgid "Log record for the new revision" +msgstr "" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:101 +msgid "Do not ask me anymore, always check files in with empty log" +msgstr "" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:102 +msgid "Check file &in" +msgstr "" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:103 +msgid "Alt+I" +msgstr "" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:106 +#, qt-format +msgid "Checking file %1 into RCS" +msgstr "" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:107 +msgid "Log record for this revision: " +msgstr "" + +#: src/gui/.ui/routingruleoptionsdialog_q.cpp:118 +msgid "Routing Rule Options" +msgstr "" + +#: src/gui/.ui/routingruleoptionsdialog_q.cpp:120 +msgid "If installation of this routing rule fails, just carry on" +msgstr "" + +#: src/gui/.ui/routingruleoptionsdialog_q.cpp:121 +msgid "No options available for routing rules of this firewall platform" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:783 +msgid "Rule Options for ipt" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:785 +msgid "" +"Assume firewall is part of 'any' (this setting only affects code generated " +"for this rule)" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:786 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:845 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:853 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:877 +msgid "Stateless rule" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:787 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:844 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:852 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:878 +msgid "" +"Normally policy compiler uses stateful inspection in each rule. Activating " +"next option makes this rule stateless." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:800 +msgid "Netlink group (if using ULOG): " +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:802 +msgid "Rate (rule matches if it hits this often or less):" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:803 +msgid "Module limit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:804 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:827 +msgid "Burst:" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:811 +msgid "limit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:812 +msgid "bit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:813 +msgid "per network with netmask of " +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:814 +msgid "Number of allowed connections per client host" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:815 +msgid "Module connlimit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:816 +msgid "connlimit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:817 +msgid "Module hashlimit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:818 +msgid "" +"On some older systems this module has name 'dstlimit'. Check here if you " +"need to use this name." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:819 +msgid "Rate:" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:828 +msgid "Mode:" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:830 +msgid "dstip" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:831 +msgid "srcip" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:832 +msgid "dstip,dstport" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:833 +msgid "srcip,srcport" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:834 +msgid "htable-size:" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:835 +msgid "" +"The number of buckets of the hash table (omit this option in generated " +"script if set to 0)" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:836 +msgid "htable-max:" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:837 +msgid "" +"Maximum number of entries in the hash (omit this option in generated script " +"if set to 0)" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:838 +msgid "htable-expire:" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:839 +msgid "" +"After how many milliseconds do hash entries expire (omit this option in the " +"generated script if set to 0)" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:840 +msgid "htable-gcinterval:" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:841 +msgid "" +"How many milliseconds between garbage collection intervals (omit this option " +"in generated script if set to 0)" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:842 +msgid "" +"Options below control size of the hash table and expiration time. They will " +"be omitted from the generated script if set to zero." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:843 +msgid "hashlimit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:846 +msgid "" +"Send ICMP 'unreachable' packet masquerading as being from the original " +"destination" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:847 +msgid "" +"Keep information on fragmented packets, to be applied to later fragments" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:854 +msgid "" +"In PF 4.x \"flags S/SA keep state\" is the default. Compiler will omit these " +"flags while generating code for stateful rules matching tcp services. " +"However, according to the PF FAQ, care should be taken while dealing with " +"states and interface enc0. To avoid leaking unencrypted traffic out, the FAQ " +"recommends setting 'keep state' explicitly in all rules on the enc0 " +"interface. This option applies only if version is set to 4.x." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:855 +msgid "Add 'keep state' " +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:859 +msgid "Activate source tracking" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:860 +msgid "" +"When this option is checked, the number of states per source IP is tracked " +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:861 +msgid "" +"Maximum number of source addresses which can simultaneously have state table " +"entries (max-src-nodes):" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:862 +msgid "" +"Maximum number of simultaneous state entries that a single source address " +"can create with this rule (max-src-states):" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:863 +msgid "Tracking" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:864 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:872 +msgid "overload table:" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:865 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:871 +msgid "flush" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:866 +msgid "" +"Maximum number of simultaneous TCP connections that a single host can make " +"(max-src-conn):" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:867 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:870 +msgid "global" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:868 +msgid "The limit of new connections over a time interval (max-src-conn-rate):" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:869 +msgid "/" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:873 +msgid "sec" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:874 +msgid "" +"When this limit is reached, further packets matching the rule that would " +"create state are dropped, until existing states time out." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:875 +msgid "" +"Maximum number of concurrent states this rule may create. Unlimited if set " +"to zero (option 'max')." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:879 +msgid "These options are only valid for PIX running software v6.3 or later" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:880 +msgid "completely disable logging for this rule" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:882 +msgid "Logging interval:" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:883 +msgid "Tere are no options for this firewall platform" +msgstr "" + +#: src/gui/.ui/simpletextview_q.cpp:92 +msgid "Text viewer" +msgstr "" + +#: src/gui/.ui/simpletextview_q.cpp:93 +msgid "Object Name" +msgstr "" + +#: src/gui/.ui/solarisadvanceddialog_q.cpp:182 +msgid "Solaris: advanced settings" +msgstr "" + +#: src/gui/.ui/solarisadvanceddialog_q.cpp:187 +msgid "Ignore ICMP redirects" +msgstr "" + +#: src/gui/.ui/solarisadvanceddialog_q.cpp:192 +msgid "Forward directed broadcasts" +msgstr "" + +#: src/gui/.ui/solarisadvanceddialog_q.cpp:193 +msgid "Respond to echo broadcast" +msgstr "" + +#: src/gui/.ui/tagservicedialog_q.cpp:148 +msgid "Tag Service" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:375 +msgid "Use option \"established\" if supported by the target firewall platform" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:377 +msgid "Settings:" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:390 +msgid "U" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:391 +msgid "A" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:392 +msgid "P" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:393 +msgid "R" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:394 +msgid "S" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:395 +msgid "F" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:396 +msgid "Mask:" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:397 +msgid "Flags:" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:400 +#: src/gui/.ui/udpservicedialog_q.cpp:224 +msgid "Source Port Range" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:401 +#: src/gui/.ui/tcpservicedialog_q.cpp:404 +#: src/gui/.ui/udpservicedialog_q.cpp:225 +#: src/gui/.ui/udpservicedialog_q.cpp:228 +msgid "Start:" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:402 +#: src/gui/.ui/tcpservicedialog_q.cpp:405 +#: src/gui/.ui/udpservicedialog_q.cpp:226 +#: src/gui/.ui/udpservicedialog_q.cpp:229 +msgid "End:" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:403 +#: src/gui/.ui/udpservicedialog_q.cpp:227 +msgid "Destination Port Range" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:246 src/gui/.ui/timedialog_q.cpp:263 +msgid "Sunday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:247 src/gui/.ui/timedialog_q.cpp:264 +msgid "Monday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:248 src/gui/.ui/timedialog_q.cpp:265 +msgid "Tuesday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:249 src/gui/.ui/timedialog_q.cpp:266 +msgid "Wednesday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:250 src/gui/.ui/timedialog_q.cpp:267 +msgid "Thursday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:251 src/gui/.ui/timedialog_q.cpp:268 +msgid "Friday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:252 src/gui/.ui/timedialog_q.cpp:269 +msgid "Saturday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:253 +msgid "Start day of week:" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:254 +msgid "Start time:" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:255 +msgid "Start date:" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:258 +msgid "End date:" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:260 +msgid "End time:" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:270 +msgid "End day of week:" +msgstr "" + +#: src/gui/utils.cpp:197 +msgid "" +"Impossible to apply changes because object is located in read-only\n" +"part of the tee or data file was opened read-only" +msgstr "" + +#: src/gui/utils.cpp:219 +#, qt-format +msgid "Object with name '%1' already exists, please choose different name." +msgstr "" + +#: src/gui/aboutdialog_q.ui.h:14 +msgid "Revision: %1 ( Build: %2 )" +msgstr "" + +#: src/gui/aboutdialog_q.ui.h:16 +msgid "Using Firewall Builder API %1" +msgstr "" + +#: src/gui/aboutdialog_q.ui.h:19 +msgid "Registered" +msgstr "" + +#: src/gui/aboutdialog_q.ui.h:20 +msgid "Unregistered" +msgstr "" + +#: src/gui/upgradePredicate.h:45 +msgid "" +"The data file you are trying to open has been\n" +"saved with an older version of Firewall Builder.\n" +"Opening it in this version will cause it to be\n" +"upgraded, which may prevent older versions of\n" +"the program from reading it. Backup copy of your\n" +"file in the old format will be made in the same\n" +"directory with extension '.bak'.\n" +"Are you sure you want to open it?" +msgstr "" + +#: src/gui/upgradePredicate.h:53 +msgid "&Upgrade" +msgstr "" + +#: src/gui/upgradePredicate.h:54 +msgid "&Do not load the file" +msgstr "" diff --git a/po/ja.po b/po/ja.po new file mode 100644 index 000000000..91893970f --- /dev/null +++ b/po/ja.po @@ -0,0 +1,7470 @@ +# translation of ja.po to Japanese +# This file is distributed under the same license as the Firewall Builder package. +# Copyright (C) 2004 NetCitadel, LLC. +# Tadashi Jokagi , 2004. +# +msgid "" +msgstr "" +"Project-Id-Version: ja\n" +"Report-Msgid-Bugs-To: vadim@fwbuilder.org\n" +"POT-Creation-Date: 2007-12-08 21:27-0800\n" +"PO-Revision-Date: 2004-12-25 02:48+0900\n" +"Last-Translator: Tadashi Jokagi \n" +"Language-Team: Japanese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.0.2\n" + +#: src/gui/ActionsDialog.cpp:97 +msgid "" +"'Chabge inbound interface', 'Continue packet inspection' and 'Make a copy' " +"options are mutually exclusive" +msgstr "" + +#: src/gui/ActionsDialog.cpp:98 src/gui/ActionsDialog.cpp:123 +#: src/gui/AddressRangeDialog.cpp:108 src/gui/AddressRangeDialog.cpp:119 +#: src/gui/FirewallDialog.cpp:315 src/gui/FirewallDialog.cpp:340 +#: src/gui/FWWindow.cpp:724 src/gui/FWWindow.cpp:733 src/gui/FWWindow.cpp:858 +#: src/gui/FWWindow.cpp:1082 src/gui/FWWindow.cpp:1095 +#: src/gui/FWWindow.cpp:1111 src/gui/FWWindow.cpp:1149 +#: src/gui/FWWindow.cpp:1155 src/gui/FWWindow.cpp:1224 +#: src/gui/FWWindow.cpp:1318 src/gui/FWWindow.cpp:1360 +#: src/gui/FWWindow.cpp:1383 src/gui/FWWindow.cpp:1456 +#: src/gui/FWWindow.cpp:1474 src/gui/FWWindow.cpp:1537 +#: src/gui/FWWindow.cpp:1549 src/gui/FWWindowPrint.cpp:923 +#: src/gui/instDialog.cpp:719 src/gui/instDialog.cpp:1462 +#: src/gui/instDialog.cpp:1580 src/gui/IPv4Dialog.cpp:146 +#: src/gui/IPv4Dialog.cpp:160 src/gui/listOfLibraries.cpp:148 +#: src/gui/listOfLibraries.cpp:188 src/gui/listOfLibraries.cpp:215 +#: src/gui/NetworkDialog.cpp:109 src/gui/NetworkDialog.cpp:120 +#: src/gui/RCS.cpp:499 src/gui/RCS.cpp:688 src/gui/RCS.cpp:701 +#: src/gui/RCS.cpp:718 src/gui/RCS.cpp:801 src/gui/utils.cpp:198 +msgid "&Continue" +msgstr "続ã‘ã‚‹(&C)" + +#: src/gui/ActionsDialog.cpp:122 +msgid "" +"Rule name for accounting is converted to the iptables\n" +"chain name and therefore may not contain white space\n" +"and special characters." +msgstr "" + +#: src/gui/ActionsDialog.cpp:222 src/gui/ActionsDialog.cpp:223 +#: src/gui/.ui/actionsdialog_q.cpp:470 +msgid "Emulation is currently ON, rule will be terminating" +msgstr "" + +#: src/gui/ActionsDialog.cpp:226 src/gui/ActionsDialog.cpp:227 +msgid "Emulation is currently OFF, rule will be non-terminating" +msgstr "" + +#: src/gui/AddressRangeDialog.cpp:107 src/gui/AddressRangeDialog.cpp:118 +#: src/gui/IPv4Dialog.cpp:145 src/gui/NetworkDialog.cpp:108 +#, qt-format +msgid "Illegal IP address '%1'" +msgstr "ä¸å½“㪠IP アドレス '%1'" + +#: src/gui/ColorLabelMenuItem.cpp:48 +msgid "no color" +msgstr "色ãªã—" + +#: src/gui/CommentEditorPanel.cpp:75 src/gui/SimpleTextEditor.cpp:66 +msgid "Warning: loading from file discards current contents of the script." +msgstr "" + +#: src/gui/CommentEditorPanel.cpp:80 +msgid "Choose file that contains PIX commands" +msgstr "PIX コマンドをå«ã‚€ãƒ•ã‚¡ã‚¤ãƒ«ã‚’é¸æŠžã—ã¦ãã ã•ã„。" + +#: src/gui/CommentEditorPanel.cpp:88 src/gui/DiscoveryDruid.cpp:791 +#: src/gui/SimpleTextEditor.cpp:79 +#, qt-format +msgid "Could not open file %1" +msgstr "ファイル %1 ã‚’é–‹ãã“ã¨ãŒå‡ºæ¥ã¾ã›ã‚“。" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:157 +#: src/gui/FindWhereUsedWidget.cpp:171 src/gui/FWWindow.cpp:2115 +#: src/gui/FWWindowPrint.cpp:369 +msgid "NAT" +msgstr "NAT" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:160 +#: src/gui/FindWhereUsedWidget.cpp:174 src/gui/FWWindow.cpp:2087 +msgid "Policy" +msgstr "ãƒãƒªã‚·ãƒ¼" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:163 +#: src/gui/FindWhereUsedWidget.cpp:177 src/gui/FWWindow.cpp:2130 +#: src/gui/FWWindowPrint.cpp:396 src/gui/platforms.cpp:559 +#, fuzzy +msgid "Routing" +msgstr "アカウント" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:166 +#: src/gui/FindWhereUsedWidget.cpp:180 +msgid "Unknown rule set" +msgstr "" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:168 +#: src/gui/FindWhereUsedWidget.cpp:182 +#, fuzzy, qt-format +msgid "/Rule%1" +msgstr "ルール %1" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:182 +#: src/gui/FindWhereUsedWidget.cpp:196 +#, fuzzy +msgid "Type: " +msgstr "種類: " + +#: src/gui/ConfirmDeleteObjectDialog.cpp:203 +msgid "Not used anywhere" +msgstr "" + +#: src/gui/DialogFactory.cpp:158 src/gui/DialogFactory.cpp:181 +#, qt-format +msgid "Support module for %1 is not available" +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:616 +#, fuzzy +msgid "Hosts file parsing ..." +msgstr "ホスト OS 設定 ..." + +#: src/gui/DiscoveryDruid.cpp:625 +msgid "DNS zone transfer ..." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:635 +msgid "Network discovery using SNMP ..." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:645 +#, fuzzy +msgid "Import configuration from file ..." +msgstr "* ファイル %1 ã‹ã‚‰è¨­å®šã‚’読ã¿è¾¼ã¿ä¸­" + +#: src/gui/DiscoveryDruid.cpp:790 src/gui/DiscoveryDruid.cpp:1675 +#: src/gui/DiscoveryDruid.cpp:1722 +#, fuzzy +msgid "Discovery error" +msgstr "ICMP エラー" + +#: src/gui/DiscoveryDruid.cpp:1086 src/gui/DiscoveryDruid.cpp:1158 +#, fuzzy +msgid "Adding objects ..." +msgstr " オブジェクト" + +#: src/gui/DiscoveryDruid.cpp:1086 src/gui/DiscoveryDruid.cpp:1159 +#: src/gui/DiscoveryDruid.cpp:1362 src/gui/DiscoveryDruid.cpp:1507 +#: src/gui/DiscoveryDruid.cpp:1549 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:111 +#: src/gui/.ui/filterdialog_q.cpp:154 src/gui/.ui/instoptionsdialog_q.cpp:286 +#: src/gui/.ui/libexport_q.cpp:113 src/gui/.ui/newgroupdialog_q.cpp:102 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1826 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:310 +#: src/gui/.ui/printingprogressdialog_q.cpp:74 +#: src/gui/.ui/simpleinteditor_q.cpp:89 src/gui/.ui/simpletexteditor_q.cpp:96 +msgid "Cancel" +msgstr "å–り消ã—" + +#: src/gui/DiscoveryDruid.cpp:1362 +#, fuzzy +msgid "Prepare objects ..." +msgstr "オブジェクトã®ãƒ„リー" + +#: src/gui/DiscoveryDruid.cpp:1507 src/gui/DiscoveryDruid.cpp:1548 +msgid "Copying results ..." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:1838 +msgid "Incomlete network specification." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:1917 +#, fuzzy +msgid "Empty community string" +msgstr "SNMP 'read' コミュニティ文字列" + +#: src/gui/DiscoveryDruid.cpp:2132 +msgid "" +"Firewall Builder can import Cisco IOS access lists from the router " +"configuration saved using 'show run' or any other command that saves running " +"config. The name of the created firewall object, all of its interfaces and " +"their addresses will be configured automatically if this information can be " +"found in the configuration file." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:2143 +msgid "" +"Firewall Builder can import iptables rules from a file in iptables-save " +"format. Firewall name and addresses of its interfaces need to be configured " +"manually because iptables-save file does not have this information. " +msgstr "" + +#: src/gui/execDialog.cpp:101 src/gui/instDialog.cpp:1436 +#: src/gui/instDialog.cpp:2110 +msgid "Error: Failed to start program" +msgstr "エラー: プログラムã®é–‹å§‹ã«å¤±æ•—ã—ã¾ã—ãŸã€‚" + +#: src/gui/filePropDialog.cpp:62 +msgid "Opened read-only" +msgstr "読ã¿è¾¼ã¿å°‚用ã§é–‹ã„ã¦ã„ã¾ã™" + +#: src/gui/filePropDialog.cpp:80 +#, qt-format +msgid "Revision %1" +msgstr "リビジョン %1" + +#: src/gui/FilterDialog.cpp:102 +#, fuzzy +msgid "Filter error" +msgstr "ICMP エラー" + +#: src/gui/FilterDialog.cpp:102 +msgid "Invalid RegExp." +msgstr "" + +#: src/gui/FilterDialog.cpp:404 src/gui/GroupObjectDialog.cpp:144 +#: src/gui/.ui/findobjectwidget_q.cpp:203 +#: src/gui/.ui/newfirewalldialog_q.cpp:171 +#: src/gui/.ui/newfirewalldialog_q.cpp:322 +#: src/gui/.ui/newfirewalldialog_q.cpp:501 +#: src/gui/.ui/newfirewalldialog_q.cpp:523 src/gui/.ui/newhostdialog_q.cpp:187 +#: src/gui/.ui/newhostdialog_q.cpp:397 src/gui/.ui/prefsdialog_q.cpp:210 +#: src/gui/.ui/prefsdialog_q.cpp:391 +msgid "Name" +msgstr "åå‰" + +#: src/gui/FilterDialog.cpp:405 src/gui/FWWindowPrint.cpp:94 +#: src/gui/.ui/discoverydruid_q.cpp:1021 src/gui/.ui/finddialog_q.cpp:134 +#: src/gui/.ui/findobjectwidget_q.cpp:204 src/gui/.ui/ipv4dialog_q.cpp:170 +#: src/gui/.ui/newfirewalldialog_q.cpp:173 +#: src/gui/.ui/newfirewalldialog_q.cpp:324 +#: src/gui/.ui/newfirewalldialog_q.cpp:503 +#: src/gui/.ui/newfirewalldialog_q.cpp:525 src/gui/.ui/newhostdialog_q.cpp:189 +#: src/gui/.ui/newhostdialog_q.cpp:399 +msgid "Address" +msgstr "アドレス" + +#: src/gui/FilterDialog.cpp:408 +#, fuzzy +msgid "Contains" +msgstr "内容" + +#: src/gui/FilterDialog.cpp:409 +msgid "Is equal to" +msgstr "" + +#: src/gui/FilterDialog.cpp:410 +msgid "Starts with" +msgstr "" + +#: src/gui/FilterDialog.cpp:411 +#, fuzzy +msgid "Ends with" +msgstr "編集" + +#: src/gui/FilterDialog.cpp:412 +msgid "Matches Wildcard" +msgstr "" + +#: src/gui/FilterDialog.cpp:413 +msgid "Matches RegExp" +msgstr "" + +#: src/gui/findDialog.cpp:269 src/gui/FindObjectWidget.cpp:324 +msgid "Search hit the end of the object tree." +msgstr "検索ã®ãƒ’ットãŒã‚ªãƒ–ジェクトツリーã®æœ€å¾Œã§ã™ã€‚" + +#: src/gui/findDialog.cpp:270 src/gui/FindObjectWidget.cpp:317 +#: src/gui/FindObjectWidget.cpp:325 +#, fuzzy +msgid "&Continue at top" +msgstr "続ã‘ã‚‹(&C)" + +#: src/gui/findDialog.cpp:270 src/gui/FindObjectWidget.cpp:317 +#: src/gui/FindObjectWidget.cpp:325 +msgid "&Stop" +msgstr "åœæ­¢(&S)" + +#: src/gui/FindObjectWidget.cpp:316 +#, fuzzy +msgid "Search hit the end of the policy rules." +msgstr "検索ã®ãƒ’ットãŒã‚ªãƒ–ジェクトツリーã®æœ€å¾Œã§ã™ã€‚" + +#: src/gui/FindObjectWidget.cpp:354 +msgid "Search or Replace object ind't specified." +msgstr "" + +#: src/gui/FindObjectWidget.cpp:364 +msgid "Cannot replace object by itself." +msgstr "" + +#: src/gui/FindObjectWidget.cpp:372 +msgid "Search and Replace objects are incompatible." +msgstr "" + +#: src/gui/FindObjectWidget.cpp:466 +#, fuzzy, qt-format +msgid "Replaced %1 objects." +msgstr "ã“ã®ã‚ªãƒ–ジェクトã¨ç½®æ›" + +#: src/gui/FindObjectWidget.cpp:585 +msgid "Policy of firewall '" +msgstr "" + +#: src/gui/FirewallDialog.cpp:314 src/gui/FirewallDialog.cpp:339 +#, qt-format +msgid "FWBuilder API error: %1" +msgstr "" + +#: src/gui/freebsdAdvancedDialog.cpp:62 src/gui/linksysAdvancedDialog.cpp:68 +#: src/gui/linux24AdvancedDialog.cpp:62 src/gui/macosxAdvancedDialog.cpp:62 +#: src/gui/openbsdAdvancedDialog.cpp:62 src/gui/solarisAdvancedDialog.cpp:62 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:195 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:199 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:203 +#: src/gui/.ui/linux24advanceddialog_q.cpp:371 +#: src/gui/.ui/linux24advanceddialog_q.cpp:375 +#: src/gui/.ui/linux24advanceddialog_q.cpp:379 +#: src/gui/.ui/linux24advanceddialog_q.cpp:383 +#: src/gui/.ui/linux24advanceddialog_q.cpp:387 +#: src/gui/.ui/linux24advanceddialog_q.cpp:391 +#: src/gui/.ui/linux24advanceddialog_q.cpp:395 +#: src/gui/.ui/linux24advanceddialog_q.cpp:399 +#: src/gui/.ui/linux24advanceddialog_q.cpp:403 +#: src/gui/.ui/linux24advanceddialog_q.cpp:418 +#: src/gui/.ui/linux24advanceddialog_q.cpp:422 +#: src/gui/.ui/linux24advanceddialog_q.cpp:426 +#: src/gui/.ui/linux24advanceddialog_q.cpp:430 +#: src/gui/.ui/linux24advanceddialog_q.cpp:434 +#: src/gui/.ui/linux24advanceddialog_q.cpp:438 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:172 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:176 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:180 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:180 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:184 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:189 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:193 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:189 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:195 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:199 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:204 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:208 +msgid "No change" +msgstr "変更ãªã—" + +#: src/gui/freebsdAdvancedDialog.cpp:65 src/gui/linksysAdvancedDialog.cpp:71 +#: src/gui/linux24AdvancedDialog.cpp:65 src/gui/macosxAdvancedDialog.cpp:65 +#: src/gui/openbsdAdvancedDialog.cpp:65 src/gui/solarisAdvancedDialog.cpp:65 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:196 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:200 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:204 +#: src/gui/.ui/linux24advanceddialog_q.cpp:372 +#: src/gui/.ui/linux24advanceddialog_q.cpp:376 +#: src/gui/.ui/linux24advanceddialog_q.cpp:380 +#: src/gui/.ui/linux24advanceddialog_q.cpp:384 +#: src/gui/.ui/linux24advanceddialog_q.cpp:388 +#: src/gui/.ui/linux24advanceddialog_q.cpp:392 +#: src/gui/.ui/linux24advanceddialog_q.cpp:396 +#: src/gui/.ui/linux24advanceddialog_q.cpp:400 +#: src/gui/.ui/linux24advanceddialog_q.cpp:404 +#: src/gui/.ui/linux24advanceddialog_q.cpp:419 +#: src/gui/.ui/linux24advanceddialog_q.cpp:423 +#: src/gui/.ui/linux24advanceddialog_q.cpp:427 +#: src/gui/.ui/linux24advanceddialog_q.cpp:431 +#: src/gui/.ui/linux24advanceddialog_q.cpp:435 +#: src/gui/.ui/linux24advanceddialog_q.cpp:439 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:173 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:177 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:181 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:181 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:185 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:190 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:194 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:190 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:196 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:200 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:205 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:209 +msgid "On" +msgstr "オン" + +#: src/gui/freebsdAdvancedDialog.cpp:68 src/gui/linksysAdvancedDialog.cpp:74 +#: src/gui/linux24AdvancedDialog.cpp:68 src/gui/macosxAdvancedDialog.cpp:68 +#: src/gui/openbsdAdvancedDialog.cpp:68 src/gui/solarisAdvancedDialog.cpp:68 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:197 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:201 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:205 +#: src/gui/.ui/linux24advanceddialog_q.cpp:373 +#: src/gui/.ui/linux24advanceddialog_q.cpp:377 +#: src/gui/.ui/linux24advanceddialog_q.cpp:381 +#: src/gui/.ui/linux24advanceddialog_q.cpp:385 +#: src/gui/.ui/linux24advanceddialog_q.cpp:389 +#: src/gui/.ui/linux24advanceddialog_q.cpp:393 +#: src/gui/.ui/linux24advanceddialog_q.cpp:397 +#: src/gui/.ui/linux24advanceddialog_q.cpp:401 +#: src/gui/.ui/linux24advanceddialog_q.cpp:405 +#: src/gui/.ui/linux24advanceddialog_q.cpp:420 +#: src/gui/.ui/linux24advanceddialog_q.cpp:424 +#: src/gui/.ui/linux24advanceddialog_q.cpp:428 +#: src/gui/.ui/linux24advanceddialog_q.cpp:432 +#: src/gui/.ui/linux24advanceddialog_q.cpp:436 +#: src/gui/.ui/linux24advanceddialog_q.cpp:440 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:174 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:178 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:182 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:182 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:186 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:191 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:195 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:191 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:197 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:201 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:206 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:210 +msgid "Off" +msgstr "オフ" + +#: src/gui/FWBSettings.cpp:150 +#, qt-format +msgid "" +"Working directory %1 does not exist and could not be created.\n" +"Ignoring this setting." +msgstr "" +"作業ディレクトリ %1 ãŒå­˜åœ¨ã—ãªã„上ã«ä½œæˆã§ãã¾ã›ã‚“ã§ã—ãŸã€‚\n" +"ã“ã®è¨­å®šã¯ç„¡åŠ¹ã«ãªã‚Šã¾ã™ã€‚" + +#: src/gui/FWBTree.cpp:399 +msgid "New Library" +msgstr "æ–°è¦ãƒ©ã‚¤ãƒ–ラリ" + +#: src/gui/FWObjectDropArea.cpp:103 +#, fuzzy +msgid "Drop object here." +msgstr "オブジェクトã®ãƒ„リー" + +#: src/gui/FWObjectDropArea.cpp:141 src/gui/GroupObjectDialog.cpp:682 +#: src/gui/ObjectManipulator.cpp:916 src/gui/RuleSetView.cpp:1666 +#: src/gui/.ui/FWBMainWindow_q.cpp:476 +msgid "Paste" +msgstr "貼り付ã‘" + +#: src/gui/FWObjectDropArea.cpp:143 src/gui/GroupObjectDialog.cpp:683 +#: src/gui/ObjConflictResolutionDialog.cpp:118 +#: src/gui/ObjConflictResolutionDialog.cpp:142 +#: src/gui/ObjectManipulator.cpp:921 src/gui/RuleSetView.cpp:1669 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:110 +#: src/gui/.ui/FWBMainWindow_q.cpp:542 src/gui/.ui/FWBMainWindow_q.cpp:543 +#: src/gui/.ui/newfirewalldialog_q.cpp:508 src/gui/.ui/newhostdialog_q.cpp:409 +msgid "Delete" +msgstr "削除" + +#: src/gui/FWObjectPropertiesFactory.cpp:102 +msgid "DNS record: " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:106 +#, fuzzy +msgid "Address Table: " +msgstr "アドレスレンジ" + +#: src/gui/FWObjectPropertiesFactory.cpp:157 +msgid " objects" +msgstr " オブジェクト" + +#: src/gui/FWObjectPropertiesFactory.cpp:173 +#, qt-format +msgid "protocol: %1" +msgstr "プロトコル: %1" + +#: src/gui/FWObjectPropertiesFactory.cpp:177 +#, qt-format +msgid "type: %1" +msgstr "種類: %1" + +#: src/gui/FWObjectPropertiesFactory.cpp:179 +#, qt-format +msgid "code: %1" +msgstr "コード: %1" + +#: src/gui/FWObjectPropertiesFactory.cpp:238 +msgid "Library: " +msgstr "ライブラリ:" + +#: src/gui/FWObjectPropertiesFactory.cpp:243 +msgid "Object Id: " +msgstr "オブジェクト ID:" + +#: src/gui/FWObjectPropertiesFactory.cpp:248 +msgid "Object Type: " +msgstr "オブジェクトタイプ:" + +#: src/gui/FWObjectPropertiesFactory.cpp:252 +msgid "Object Name: " +msgstr "オブジェクトå:" + +#: src/gui/FWObjectPropertiesFactory.cpp:274 +#, fuzzy +msgid "DNS record:" +msgstr "オブジェクト ID:" + +#: src/gui/FWObjectPropertiesFactory.cpp:277 +#: src/gui/FWObjectPropertiesFactory.cpp:285 +#, fuzzy +msgid "Run-time" +msgstr "時間" + +#: src/gui/FWObjectPropertiesFactory.cpp:277 +#: src/gui/FWObjectPropertiesFactory.cpp:285 +#, fuzzy +msgid "Compile-time" +msgstr "コンパイル" + +#: src/gui/FWObjectPropertiesFactory.cpp:282 +#, fuzzy +msgid "Table file:" +msgstr "オブジェクトå:" + +#: src/gui/FWObjectPropertiesFactory.cpp:320 +#, qt-format +msgid "%1 objects
    \n" +msgstr "%1 オブジェクト
    \n" + +#: src/gui/FWObjectPropertiesFactory.cpp:385 +#, fuzzy +msgid "Path: " +msgstr "ライブラリ:" + +#: src/gui/FWObjectPropertiesFactory.cpp:444 +msgid "protocol " +msgstr "プロトコル " + +#: src/gui/FWObjectPropertiesFactory.cpp:449 +msgid "type: " +msgstr "種類: " + +#: src/gui/FWObjectPropertiesFactory.cpp:451 +msgid "code: " +msgstr "コード: " + +#: src/gui/FWObjectPropertiesFactory.cpp:471 +#, qt-format +msgid "Pattern: \"%1\"" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:605 +#, fuzzy +msgid "Action : " +msgstr "オブジェクト ID:" + +#: src/gui/FWObjectPropertiesFactory.cpp:608 +#, fuzzy +msgid "Parameter: " +msgstr "ライブラリ:" + +#: src/gui/FWObjectPropertiesFactory.cpp:631 +#, fuzzy +msgid "Log prefix : " +msgstr "ログ接頭語:" + +#: src/gui/FWObjectPropertiesFactory.cpp:637 +msgid "Log Level : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:644 +#, fuzzy +msgid "Netlink group : " +msgstr "ãƒãƒƒãƒˆãƒªãƒ³ã‚¯ã‚°ãƒ«ãƒ¼ãƒ—:" + +#: src/gui/FWObjectPropertiesFactory.cpp:650 +#, fuzzy +msgid "Limit Value : " +msgstr "ライブラリ:" + +#: src/gui/FWObjectPropertiesFactory.cpp:656 +msgid "Limit suffix : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:663 +#, fuzzy +msgid "Limit burst : " +msgstr "ライブラリ:" + +#: src/gui/FWObjectPropertiesFactory.cpp:670 +msgid "

  • Part of Any
    • " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:676 +#: src/gui/FWObjectPropertiesFactory.cpp:706 +#: src/gui/FWObjectPropertiesFactory.cpp:735 +#: src/gui/FWObjectPropertiesFactory.cpp:758 +msgid "
  • Stateless
    • " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:685 +#, fuzzy +msgid "Log facility: " +msgstr "ログファシリティ" + +#: src/gui/FWObjectPropertiesFactory.cpp:692 +#: src/gui/FWObjectPropertiesFactory.cpp:775 +#, fuzzy +msgid "Log level : " +msgstr "ログ接頭語:" + +#: src/gui/FWObjectPropertiesFactory.cpp:700 +msgid "
  • Send 'unreachable'
    • " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:712 +msgid "
  • Keep information on fragmented packets
    • " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:722 +#, fuzzy +msgid "Log prefix : " +msgstr "ログ接頭語:" + +#: src/gui/FWObjectPropertiesFactory.cpp:728 +#, fuzzy +msgid "Max state : " +msgstr "ライブラリ:" + +#: src/gui/FWObjectPropertiesFactory.cpp:741 +msgid "
  • Source tracking
    • " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:744 +msgid "Max src nodes : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:747 +#, fuzzy +msgid "Max src states: " +msgstr "ライブラリ:" + +#: src/gui/FWObjectPropertiesFactory.cpp:767 +#, qt-format +msgid "Ver:%1
    \n" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:781 +#, fuzzy +msgid "Log interval : " +msgstr "ライブラリ:" + +#: src/gui/FWObjectPropertiesFactory.cpp:788 +#, fuzzy +msgid "
  • Disable logging for this rule
    • " +msgstr "" +"ã“ã®ãƒ«ãƒ¼ãƒ«ã®ãƒ­ã‚°è¨˜ã®ç„¡åŠ¹åŒ–ã‚’\n" +"完了ã—ã¾ã—ãŸ" + +#: src/gui/FWObjectPropertiesFactory.cpp:820 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:159 +#, fuzzy +msgid "bitmask" +msgstr "ãƒãƒƒãƒˆãƒžã‚¹ã‚¯" + +#: src/gui/FWObjectPropertiesFactory.cpp:821 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:160 +#, fuzzy +msgid "random" +msgstr "ランダム ID ã®ä½¿ç”¨" + +#: src/gui/FWObjectPropertiesFactory.cpp:822 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:161 +msgid "source-hash" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:823 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:162 +msgid "round-robin" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:825 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:163 +msgid "static-port" +msgstr "" + +#: src/gui/FWWindow.cpp:175 +msgid "No firewalls defined" +msgstr "ファイアウォールã¯æœªå®šç¾©ã§ã™" + +#: src/gui/FWWindow.cpp:379 +msgid "" +"Some objects have been modified but not saved.\n" +"Do you want to save changes now ?" +msgstr "" +"ã„ãã¤ã‹ã®ã‚ªãƒ–ジェクトã®ä¿®æ­£ãŒä¿å­˜ã•ã‚Œã¦ã„ã¾ã›ã‚“。\n" +"変更をä¿å­˜ã—ã¾ã™ã‹?" + +#: src/gui/FWWindow.cpp:381 src/gui/ObjectEditor.cpp:466 +#: src/gui/.ui/FWBMainWindow_q.cpp:453 +msgid "&Save" +msgstr "ä¿å­˜(&S)" + +#: src/gui/FWWindow.cpp:381 src/gui/ObjectEditor.cpp:466 +#: src/gui/.ui/FWBMainWindow_q.cpp:556 +msgid "&Discard" +msgstr "破棄ã™ã‚‹(&D)" + +#: src/gui/FWWindow.cpp:381 src/gui/FWWindow.cpp:680 src/gui/RCS.cpp:748 +#: src/gui/.ui/askrulenumberdialog_q.cpp:91 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:189 +#: src/gui/.ui/ipfadvanceddialog_q.cpp:549 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:353 +#: src/gui/.ui/iptadvanceddialog_q.cpp:601 +#: src/gui/.ui/linksysadvanceddialog_q.cpp:198 +#: src/gui/.ui/linux24advanceddialog_q.cpp:368 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:167 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:175 +#: src/gui/.ui/pagesetupdialog_q.cpp:110 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1002 src/gui/.ui/prefsdialog_q.cpp:366 +#: src/gui/.ui/rcsfilesavedialog_q.cpp:104 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:185 +msgid "&Cancel" +msgstr "å–り消ã—(&C)" + +#: src/gui/FWWindow.cpp:436 +msgid "FWB Files (*.fwb);;All Files (*)" +msgstr "FWB ファイル (*.fwb);;ã™ã¹ã¦ã®ãƒ•ã‚¡ã‚¤ãƒ« (*)" + +#: src/gui/FWWindow.cpp:447 src/gui/FWWindow.cpp:1805 +#, qt-format +msgid "" +"The file %1 already exists.\n" +"Do you want to overwrite it ?" +msgstr "" +"ファイル %1 ã¯æ—¢ã«å­˜åœ¨ã—ã¾ã™ã€‚\n" +"本当ã«ä¸Šæ›¸ãã—ã¾ã™ã‹?" + +#: src/gui/FWWindow.cpp:449 src/gui/FWWindow.cpp:1807 +#: src/gui/ObjectManipulator.cpp:510 src/gui/ObjectManipulator.cpp:539 +#: src/gui/ObjectManipulator.cpp:1752 src/gui/ObjectManipulator.cpp:1828 +msgid "&Yes" +msgstr "ã¯ã„(&Y)" + +#: src/gui/FWWindow.cpp:449 src/gui/FWWindow.cpp:1807 +#: src/gui/ObjectManipulator.cpp:510 src/gui/ObjectManipulator.cpp:539 +#: src/gui/ObjectManipulator.cpp:1752 src/gui/ObjectManipulator.cpp:1828 +msgid "&No" +msgstr "ã„ã„ãˆ(&N)" + +#: src/gui/FWWindow.cpp:483 src/gui/FWWindow.cpp:1086 +#: src/gui/StartWizard.cpp:99 +msgid "Choose name and location for the new file" +msgstr "æ–°è¦ãƒ•ã‚¡ã‚¤ãƒ«ã®åå‰ã¨ãƒ•ã‚©ãƒ«ãƒ€ãƒ¼ã‚’é¸æŠž" + +#: src/gui/FWWindow.cpp:585 +msgid "Saving data to file..." +msgstr "ファイルã«ãƒ‡ãƒ¼ã‚¿ã‚’ä¿å­˜ã™ã‚‹..." + +#: src/gui/FWWindow.cpp:617 +msgid "Choose name and location for the file" +msgstr "ファイルã®åå‰ã¨ãƒ•ã‚©ãƒ«ãƒ€ãƒ¼ã‚’é¸æŠž" + +#: src/gui/FWWindow.cpp:674 +msgid "" +"This operation discards all changes that have been saved\n" +"into the file so far, closes it and replaces it with a clean\n" +"copy of its head revision from RCS.\n" +"\n" +"All changes will be lost if you do this.\n" +"\n" +msgstr "" + +#: src/gui/FWWindow.cpp:679 src/gui/ObjectEditor.cpp:439 +msgid "&Discard changes" +msgstr "変更ã®ã‚„ã‚Šç›´ã—(&D)" + +#: src/gui/FWWindow.cpp:723 +#, qt-format +msgid "File %1 has been added to RCS." +msgstr "ファイル %1 ã‚’ RCS ã«è¿½åŠ ã—ã¾ã—ãŸã€‚" + +#: src/gui/FWWindow.cpp:732 src/gui/StartWizard.cpp:157 +#, qt-format +msgid "" +"Error adding file to RCS:\n" +"%1" +msgstr "" +"RCS ã¸ã®ãƒ•ã‚¡ã‚¤ãƒ«ã®è¿½åŠ ã‚¨ãƒ©ãƒ¼:\n" +"%1" + +#: src/gui/FWWindow.cpp:739 src/gui/FWWindow.cpp:1124 +msgid "(read-only)" +msgstr "(読ã¿è¾¼ã¿å°‚用)" + +#: src/gui/FWWindow.cpp:798 src/gui/FWWindow.cpp:908 +#, fuzzy +msgid "Loading system objects..." +msgstr "標準オブジェクトを読ã¿è¾¼ã‚€" + +#: src/gui/FWWindow.cpp:857 src/gui/FWWindow.cpp:1148 +#: src/gui/FWWindow.cpp:1154 +#, qt-format +msgid "" +"Error loading file:\n" +"%1" +msgstr "" +"ファイルã®èª­ã¿è¾¼ã¿ã‚¨ãƒ©ãƒ¼:\n" +"%1" + +#: src/gui/FWWindow.cpp:916 +#, fuzzy +msgid "Reading and parsing data file..." +msgstr "ファイルã«ãƒ‡ãƒ¼ã‚¿ã‚’ä¿å­˜ã™ã‚‹..." + +#: src/gui/FWWindow.cpp:986 +msgid "Merging with system objects..." +msgstr "" + +#: src/gui/FWWindow.cpp:1080 +#, qt-format +msgid "" +"Firewall Builder 2 uses file extension '.fwb' and \n" +"needs to rename old data file '%1' to '%2',\n" +"but file '%3' already exists.\n" +"Choose a different name for the new file." +msgstr "" +"ファイアウォールビルダー2 ã¯ãƒ•ã‚¡ã‚¤ãƒ«æ‹¡å¼µå­ '.fwb' を使用ã—ã¾ã™ã€‚\n" +"ã‚ãªãŸã®ãƒ‡ãƒ¼ã‚¿ãƒ•ã‚¡ã‚¤ãƒ«ã¯ '%1' 㯠'%2' ã«å称変更ã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚<\n" +"ã—ã‹ã—ファイル '%3' ã¯æ—¢ã«å­˜åœ¨ã—ã¾ã™ã€‚\n" +"é•ã†æ–°è¦ãƒ•ã‚¡ã‚¤ãƒ«åã‚’é¸ã‚“ã§ãã ã•ã„。" + +#: src/gui/FWWindow.cpp:1094 +msgid "Load operation cancelled and data file reverted to original version." +msgstr "" + +#: src/gui/FWWindow.cpp:1109 +#, qt-format +msgid "" +"Firewall Builder 2 uses file extension '.fwb'. Your data file '%1' \n" +"has been renamed '%2'" +msgstr "" +"ファイアウォールビルダー2 ã¯ãƒ•ã‚¡ã‚¤ãƒ«æ‹¡å¼µå­ '.fwb' を使用ã—ã¾ã™ã€‚ã‚ãªãŸã®ãƒ‡ãƒ¼" +"タファイル㯠'%1' 㯠'%2' ã«å称変更ã•ã‚Œã¾ã—ãŸã€‚" + +#: src/gui/FWWindow.cpp:1140 +#, qt-format +msgid "Exception: %1" +msgstr "例外: %1" + +#: src/gui/FWWindow.cpp:1142 +#, qt-format +msgid "Failed transformation : %1" +msgstr "変æ›ã«å¤±æ•—ã—ã¾ã—㟠: %1" + +#: src/gui/FWWindow.cpp:1144 +#, qt-format +msgid "XML element : %1" +msgstr "XML è¦ç´  : %1" + +#: src/gui/FWWindow.cpp:1167 +#, fuzzy +msgid "Building object tree..." +msgstr "ツリー中ã®ã‚ªãƒ–ジェクトを検索" + +#: src/gui/FWWindow.cpp:1172 +#, fuzzy +msgid "Indexing..." +msgstr "インデックス...(&I)" + +#: src/gui/FWWindow.cpp:1197 +#, fuzzy, qt-format +msgid "Checking file %1 in RCS" +msgstr "ãƒã‚§ãƒƒã‚¯ãƒ•ã‚¡ã‚¤ãƒ«å…¥åŠ›(&I)" + +#: src/gui/FWWindow.cpp:1222 +#, qt-format +msgid "" +"Error checking in file %1:\n" +"%2" +msgstr "ファイル %1 ã®æ¤œæŸ»ä¸­ã®ã‚¨ãƒ©ãƒ¼ã§ã™:%2" + +#: src/gui/FWWindow.cpp:1310 src/gui/FWWindow.cpp:1750 +msgid "File is read-only" +msgstr "ファイルã¯èª­ã¿è¾¼ã¿å°‚用ã§ã™ã€‚" + +#: src/gui/FWWindow.cpp:1316 src/gui/FWWindow.cpp:1754 +#, qt-format +msgid "Error saving file %1: %2" +msgstr "ファイル %1 ã®ä¿å­˜ã‚¨ãƒ©ãƒ¼: %2" + +#: src/gui/FWWindow.cpp:1359 src/gui/listOfLibraries.cpp:214 +#, qt-format +msgid "Duplicate library '%1'" +msgstr "ライブラリ %1 ã®è¤‡è£½" + +#: src/gui/FWWindow.cpp:1381 src/gui/FWWindow.cpp:1454 +#: src/gui/FWWindow.cpp:1472 src/gui/listOfLibraries.cpp:186 +#, qt-format +msgid "" +"Error loading file %1:\n" +"%2" +msgstr "" +"ファイル %1 ã®èª­ã¿è¾¼ã¿ã‚¨ãƒ©ãƒ¼:\n" +"%2" + +#: src/gui/FWWindow.cpp:1395 +msgid "Choose a file to import" +msgstr "インãƒãƒ¼ãƒˆã™ã‚‹ãƒ•ã‚¡ã‚¤ãƒ«ã‚’é¸ã‚“ã§ãã ã•ã„。" + +#: src/gui/FWWindow.cpp:1413 +msgid "" +"This operation inspects two data files (either .fwb or .fwl) and finds " +"conflicting objects. Conflicting objects have the same internal ID but " +"different attributes. Two data files can not be merged, or one imported into " +"another, if they contain such objects. This operation also helps identify " +"changes made to objects in two copies of the same data file.

    This " +"operation does not find objects present in one file but not in the other, " +"such objects present no problem for merge or import operations.

    This " +"operation works with two external files, neither of which needs to be opened " +"in the program. Currently opened data file is not affected by this operation " +"and objects in the tree do not change.

    Do you want to proceed ?" +msgstr "" + +#: src/gui/FWWindow.cpp:1426 +msgid "Choose the first file" +msgstr "" + +#: src/gui/FWWindow.cpp:1433 +msgid "Choose the second file" +msgstr "" + +#: src/gui/FWWindow.cpp:1496 +#, qt-format +msgid "" +"Total number of conflicting objects: %1.\n" +"Do you want to generate report?" +msgstr "" + +#: src/gui/FWWindow.cpp:1509 +#, fuzzy +msgid "TXT Files (*.txt);;All Files (*)" +msgstr "FWB ファイル (*.fwb);;ã™ã¹ã¦ã®ãƒ•ã‚¡ã‚¤ãƒ« (*)" + +#: src/gui/FWWindow.cpp:1511 +#, fuzzy +msgid "Choose name and location for the report file" +msgstr "æ–°è¦ãƒ•ã‚¡ã‚¤ãƒ«ã®åå‰ã¨ãƒ•ã‚©ãƒ«ãƒ€ãƒ¼ã‚’é¸æŠž" + +#: src/gui/FWWindow.cpp:1536 +#, qt-format +msgid "Can not open report file for writing. File '%1'" +msgstr "" + +#: src/gui/FWWindow.cpp:1547 +#, qt-format +msgid "" +"Unexpected error comparing files %1 and %2:\n" +"%3" +msgstr "" + +#: src/gui/FWWindow.cpp:1664 +#, qt-format +msgid "" +"Library %1: Firewall '%2' (global policy rule #%3) uses object '%4' from " +"library '%5'" +msgstr "" + +#: src/gui/FWWindow.cpp:1673 +#, qt-format +msgid "" +"Library %1: Firewall '%2' (interface %3 policy rule #%4) uses object '%5' " +"from library '%6'" +msgstr "" + +#: src/gui/FWWindow.cpp:1684 +#, qt-format +msgid "" +"Library %1: Firewall '%2' (NAT rule #%3) uses object '%4' from library '%5'" +msgstr "" + +#: src/gui/FWWindow.cpp:1694 +#, qt-format +msgid "Library %1: Group '%2' uses object '%3' from library '%4'" +msgstr "" + +#: src/gui/FWWindow.cpp:1709 +msgid "" +"A library that you are trying to export contains references\n" +"to objects in the other libraries and can not be exported.\n" +"The following objects need to be moved outside of it or\n" +"objects that they refer to moved in it:" +msgstr "" + +#: src/gui/FWWindow.cpp:1780 +msgid "Please select a library you want to export." +msgstr "エクスãƒãƒ¼ãƒˆã—ãŸã„ライブラリをé¸æŠžã—ã¦ãã ã•ã„。" + +#: src/gui/FWWindow.cpp:1999 +#, qt-format +msgid "%1" +msgstr "" + +#: src/gui/FWWindow.cpp:2011 +#, qt-format +msgid "Building branch policy view '%1'..." +msgstr "" + +#: src/gui/FWWindow.cpp:2081 +msgid "Building policy view..." +msgstr "" + +#: src/gui/FWWindow.cpp:2110 +msgid "Building NAT view..." +msgstr "" + +#: src/gui/FWWindow.cpp:2125 +msgid "Building routing view..." +msgstr "" + +#: src/gui/FWWindowPrint.cpp:92 src/gui/.ui/discoverydruid_q.cpp:1023 +#: src/gui/.ui/firewalldialog_q.cpp:209 src/gui/.ui/firewalldialog_q.cpp:210 +#: src/gui/.ui/instdialog_q.cpp:83 src/gui/.ui/instdialog_q.cpp:135 +#: src/gui/.ui/instdialog_q.cpp:224 src/gui/.ui/instdialog_q.cpp:269 +#: src/gui/.ui/instdialog_q.cpp:279 src/gui/.ui/instdialog_q.cpp:289 +msgid "Firewall" +msgstr "ファイアウォール" + +#: src/gui/FWWindowPrint.cpp:93 src/gui/.ui/discoverydruid_q.cpp:1022 +#: src/gui/.ui/hostdialog_q.cpp:144 src/gui/.ui/hostdialog_q.cpp:145 +msgid "Host" +msgstr "ホスト" + +#: src/gui/FWWindowPrint.cpp:95 +#, fuzzy +msgid "Addres Range" +msgstr "アドレスレンジ" + +#: src/gui/FWWindowPrint.cpp:96 src/gui/RuleSetView.cpp:3315 +#: src/gui/RuleSetView.cpp:3565 src/gui/.ui/interfacedialog_q.cpp:231 +#: src/gui/.ui/interfacedialog_q.cpp:232 +msgid "Interface" +msgstr "インターフェース" + +#: src/gui/FWWindowPrint.cpp:97 src/gui/.ui/networkdialog_q.cpp:163 +#: src/gui/.ui/networkdialog_q.cpp:164 +msgid "Network" +msgstr "ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯" + +#: src/gui/FWWindowPrint.cpp:98 +#, fuzzy +msgid "Group of objects" +msgstr "オブジェクトã®ãƒ„リー" + +#: src/gui/FWWindowPrint.cpp:99 src/gui/.ui/customservicedialog_q.cpp:177 +#: src/gui/.ui/customservicedialog_q.cpp:178 +msgid "Custom Service" +msgstr "カスタムサービス" + +#: src/gui/FWWindowPrint.cpp:100 src/gui/.ui/ipservicedialog_q.cpp:209 +#, fuzzy +msgid "IP Service" +msgstr "æ–°è¦ IP サービス" + +#: src/gui/FWWindowPrint.cpp:101 src/gui/.ui/icmpservicedialog_q.cpp:168 +#, fuzzy +msgid "ICMP Service" +msgstr "æ–°è¦ ICMP サービス" + +#: src/gui/FWWindowPrint.cpp:102 src/gui/.ui/tcpservicedialog_q.cpp:371 +#, fuzzy +msgid "TCP Service" +msgstr "æ–°è¦ TCP サービス" + +#: src/gui/FWWindowPrint.cpp:103 src/gui/.ui/udpservicedialog_q.cpp:222 +#, fuzzy +msgid "UDP Service" +msgstr "æ–°è¦ UDP サービス" + +#: src/gui/FWWindowPrint.cpp:104 +msgid "Group of services" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:105 src/gui/.ui/timedialog_q.cpp:242 +#, fuzzy +msgid "Time Interval" +msgstr "æ–°è¦æ™‚é–“é–“éš”" + +#: src/gui/FWWindowPrint.cpp:281 +#, fuzzy, qt-format +msgid "Firewall name: %1" +msgstr "* ファイアウォールå: %1" + +#: src/gui/FWWindowPrint.cpp:282 +#, fuzzy +msgid "Platform: " +msgstr "プラットフォーム:" + +#: src/gui/FWWindowPrint.cpp:283 +#, fuzzy +msgid "Version: " +msgstr "ãƒãƒ¼ã‚¸ãƒ§ãƒ³:" + +#: src/gui/FWWindowPrint.cpp:284 +#, fuzzy +msgid "Host OS: " +msgstr "ホスト OS:" + +#: src/gui/FWWindowPrint.cpp:290 +#, fuzzy +msgid "Global Policy" +msgstr "ãƒãƒªã‚·ãƒ¼" + +#: src/gui/FWWindowPrint.cpp:341 +#, fuzzy, qt-format +msgid "Interface %1" +msgstr "インターフェース" + +#: src/gui/FWWindowPrint.cpp:541 +msgid "Legend" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:632 src/gui/.ui/discoverydruid_q.cpp:1015 +#, fuzzy +msgid "Objects" +msgstr "オブジェクト" + +#: src/gui/FWWindowPrint.cpp:854 +#, fuzzy +msgid "Groups" +msgstr "グループ" + +#: src/gui/FWWindowPrint.cpp:897 +msgid "EMPTY" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:919 src/gui/FWWindowPrint.cpp:922 +#: src/gui/FWWindowPrint.cpp:930 +msgid "Printing aborted" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:926 +msgid "Printing completed" +msgstr "" + +#: src/gui/GroupObjectDialog.cpp:145 +msgid "Properties" +msgstr "プロパティ" + +#: src/gui/GroupObjectDialog.cpp:675 src/gui/.ui/FWBMainWindow_q.cpp:449 +#: src/gui/.ui/FWBMainWindow_q.cpp:493 src/gui/.ui/FWBMainWindow_q.cpp:494 +msgid "Open" +msgstr "é–‹ã" + +#: src/gui/GroupObjectDialog.cpp:677 src/gui/ObjectManipulator.cpp:840 +#: src/gui/RuleSetView.cpp:1660 src/gui/RuleSetView.cpp:1789 +#: src/gui/RuleSetView.cpp:1793 src/gui/RuleSetView.cpp:1797 +#: src/gui/.ui/ipfadvanceddialog_q.cpp:593 +#: src/gui/.ui/ipfadvanceddialog_q.cpp:597 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:379 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:383 +#: src/gui/.ui/iptadvanceddialog_q.cpp:635 +#: src/gui/.ui/iptadvanceddialog_q.cpp:641 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1107 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1111 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1882 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1886 +msgid "Edit" +msgstr "編集" + +#: src/gui/GroupObjectDialog.cpp:680 src/gui/ObjectManipulator.cpp:912 +#: src/gui/RuleSetView.cpp:1663 src/gui/.ui/FWBMainWindow_q.cpp:473 +msgid "Copy" +msgstr "コピー" + +#: src/gui/GroupObjectDialog.cpp:681 src/gui/ObjectManipulator.cpp:914 +#: src/gui/RuleSetView.cpp:1665 src/gui/.ui/FWBMainWindow_q.cpp:470 +msgid "Cut" +msgstr "切りå–ã‚Š" + +#: src/gui/InstallFirewallViewItem.cpp:31 src/gui/instDialog.cpp:1893 +#: src/gui/instDialog.cpp:2045 src/gui/instDialog.cpp:2253 +#: src/gui/instDialog.cpp:2272 src/gui/instDialog.cpp:2286 +#: src/gui/instDialog.cpp:2298 +#, fuzzy +msgid "Failure" +msgstr "ファイル(&F)" + +#: src/gui/InstallFirewallViewItem.cpp:44 src/gui/instDialog.cpp:1149 +#: src/gui/instDialog.cpp:1150 src/gui/instDialog.cpp:1818 +#: src/gui/instDialog.cpp:1847 src/gui/instDialog.cpp:1848 +#, fuzzy +msgid "Success" +msgstr "ソース" + +#: src/gui/instBatchOptionsDialog.cpp:47 +msgid "Batch install options" +msgstr "" + +#: src/gui/instDialog.cpp:116 +msgid "There is no firewalls to process." +msgstr "" + +#: src/gui/instDialog.cpp:131 +msgid "" +"

    Select firewalls for compilation.

    " +msgstr "" + +#: src/gui/instDialog.cpp:145 +msgid "Unknown operation." +msgstr "" + +#: src/gui/instDialog.cpp:176 +msgid "Show details" +msgstr "" + +#: src/gui/instDialog.cpp:182 +msgid "Hide details" +msgstr "" + +#: src/gui/instDialog.cpp:286 +msgid "Unsupported exception" +msgstr "未サãƒãƒ¼ãƒˆã®ä¾‹å¤–" + +#: src/gui/instDialog.cpp:326 +msgid "Summary:" +msgstr "è¦ç´„:" + +#: src/gui/instDialog.cpp:329 src/gui/instDialog.cpp:359 +#, qt-format +msgid "* firewall name : %1" +msgstr "* ファイアウォールå: %1" + +#: src/gui/instDialog.cpp:331 +#, qt-format +msgid "* user name : %1" +msgstr "* ユーザーå: %1" + +#: src/gui/instDialog.cpp:333 +#, qt-format +msgid "* management address : %1" +msgstr "* 管ç†ã‚¢ãƒ‰ãƒ¬ã‚¹: %1" + +#: src/gui/instDialog.cpp:335 +#, qt-format +msgid "* platform : %1" +msgstr "* プラットフォーム: %1" + +#: src/gui/instDialog.cpp:337 +#, qt-format +msgid "* host OS : %1" +msgstr "* ホスト OS: %1" + +#: src/gui/instDialog.cpp:339 +#, qt-format +msgid "* Loading configuration from file %1" +msgstr "* ファイル %1 ã‹ã‚‰è¨­å®šã‚’読ã¿è¾¼ã¿ä¸­" + +#: src/gui/instDialog.cpp:344 +msgid "* Incremental install" +msgstr "* インクリメンタルインストール" + +#: src/gui/instDialog.cpp:349 +#, qt-format +msgid "* Configuration diff will be saved in file %1" +msgstr "* 設定ã®å·®åˆ†ã‚’ファイル %1 ã«ä¿å­˜ã™ã‚‹ã§ã—ょã†" + +#: src/gui/instDialog.cpp:354 +msgid "* Commands will not be executed on the firewall" +msgstr "* コマンドã¯ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«ä¸Šã§å®Ÿè¡Œã•ã‚Œãªã„ã§ã—ょã†" + +#: src/gui/instDialog.cpp:656 +#, qt-format +msgid "" +"Only one interface of the firewall '%1' must be marked as management " +"interface." +msgstr "" + +#: src/gui/instDialog.cpp:663 +#, qt-format +msgid "" +"One of the interfaces of the firewall '%1' must be marked as management " +"interface." +msgstr "" + +#: src/gui/instDialog.cpp:670 +msgid "" +"Management interface does not have IP address, can not communicate with the " +"firewall." +msgstr "" + +#: src/gui/instDialog.cpp:718 +#, qt-format +msgid "File %1 not found." +msgstr "ファイル %1 ãŒè¦‹ã¤ã‹ã‚Šã¾ã›ã‚“。" + +#: src/gui/instDialog.cpp:1002 src/gui/SSHPIX.cpp:347 +#, qt-format +msgid "Can not open file %1" +msgstr "ファイル %1 ã‚’é–‹ãã“ã¨ãŒå‡ºæ¥ã¾ã›ã‚“。" + +#: src/gui/instDialog.cpp:1105 +#, fuzzy, qt-format +msgid "" +"\n" +"Copying %1 -> %2:%3\n" +msgstr "" +"\n" +"コピー中 %1 -> %2\n" + +#: src/gui/instDialog.cpp:1139 +#, qt-format +msgid "" +"Running command '%1'\n" +"\n" +msgstr "" +"コマンド '%1' ã®å®Ÿè¡Œä¸­\n" +"\n" + +#: src/gui/instDialog.cpp:1154 src/gui/instDialog.cpp:1155 +#: src/gui/instDialog.cpp:1823 src/gui/instDialog.cpp:1859 +#: src/gui/instDialog.cpp:1860 +#, fuzzy +msgid "Error" +msgstr "error" + +#: src/gui/instDialog.cpp:1177 +#, fuzzy +msgid "Fatal error, terminating install sequence\n" +msgstr "エラー: インストールシーケンス終了\n" + +#: src/gui/instDialog.cpp:1190 +msgid "Done\n" +msgstr "実行ã—ã¾ã—ãŸ\n" + +#: src/gui/instDialog.cpp:1253 +msgid "Activating new policy\n" +msgstr "æ–°è¦ãƒãƒªã‚·ãƒ¼ã®æœ‰åŠ¹åŒ–中\n" + +#: src/gui/instDialog.cpp:1421 +#, qt-format +msgid "Compiling rule sets for firewall: %1" +msgstr "" + +#: src/gui/instDialog.cpp:1459 +msgid "" +"Policy installer uses Secure Shell to communicate with the firewall.\n" +"Please configure directory path to the secure shell utility \n" +"installed on your machine using Preferences dialog" +msgstr "" + +#: src/gui/instDialog.cpp:1483 +#, fuzzy +msgid "Firewall isn't compiled." +msgstr "ファイアウォールビルダー" + +#: src/gui/instDialog.cpp:1578 +msgid "" +"Firewall platform is not specified in this object.\n" +"Can't compile firewall policy." +msgstr "" +"ファイアウォールプラットフォームãŒã“ã®ã‚ªãƒ–ジェクトã§æŒ‡å®šã•ã‚Œã¦ã„ã¾ã›ã‚“。\n" +"ファイアウォールãƒãƒªã‚·ãƒ¼ã‚’コンパイルã§ãã¾ã›ã‚“。" + +#: src/gui/instDialog.cpp:1779 +#, fuzzy +msgid "Error: Terminating install sequence\n" +msgstr "エラー: インストールシーケンス終了\n" + +#: src/gui/instDialog.cpp:1852 +msgid "Abnormal program termination" +msgstr "" + +#: src/gui/instDialog.cpp:1858 +msgid "Skipped" +msgstr "" + +#: src/gui/instDialog.cpp:1888 src/gui/instDialog.cpp:2040 +#, fuzzy +msgid "Compiling ..." +msgstr "コンパイル" + +#: src/gui/instDialog.cpp:1901 +#, fuzzy +msgid "Recompile" +msgstr "コンパイル" + +#: src/gui/instDialog.cpp:1987 +#, fuzzy +msgid "Batch policy rules compilation" +msgstr "ãƒãƒªã‚·ãƒ¼ãƒ«ãƒ¼ãƒ«ç¾¤ã‹ã‚‰æ¤œç´¢" + +#: src/gui/instDialog.cpp:2016 src/gui/instDialog.cpp:2159 +#: src/gui/.ui/discoverydruid_q.cpp:992 src/gui/.ui/execdialog_q.cpp:94 +#: src/gui/.ui/instdialog_q.cpp:278 +msgid "Stop" +msgstr "åœæ­¢" + +#: src/gui/instDialog.cpp:2170 +#, fuzzy +msgid "Install firewall: " +msgstr "ファイアウォールãƒãƒªã‚·ãƒ¼ã®ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«" + +#: src/gui/instDialog.cpp:2180 +#, fuzzy +msgid "Installing firewalls" +msgstr "ファイアウォールãƒãƒªã‚·ãƒ¼ã®ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«" + +#: src/gui/instDialog.cpp:2211 +#, fuzzy +msgid "Installing ..." +msgstr "インストール" + +#: src/gui/instDialog.cpp:2265 +#, qt-format +msgid "Installing policy rules on firewall '%1'." +msgstr "" + +#: src/gui/instDialog.cpp:2395 src/gui/.ui/instdialog_q.cpp:276 +#, fuzzy +msgid "Show selected" +msgstr "削除ã•ã‚ŒãŸã‚ªãƒ–ジェクトを表示" + +#: src/gui/instDialog.cpp:2401 +msgid "Show all" +msgstr "" + +#: src/gui/instOptionsDialog.cpp:66 +#, fuzzy, qt-format +msgid "Install options for firewall '%1'" +msgstr "ファイアウォールãƒãƒªã‚·ãƒ¼ã®ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«" + +#: src/gui/InterfaceDialog.cpp:193 +msgid "Group: " +msgstr "グループ:" + +#: src/gui/InterfaceDialog.cpp:211 +msgid "Network: " +msgstr "ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯" + +#: src/gui/ipfAdvancedDialog.cpp:170 src/gui/ipfAdvancedDialog.cpp:179 +#: src/gui/ipfwAdvancedDialog.cpp:144 src/gui/ipfwAdvancedDialog.cpp:153 +#: src/gui/iptAdvancedDialog.cpp:204 src/gui/iptAdvancedDialog.cpp:213 +#: src/gui/pfAdvancedDialog.cpp:278 src/gui/pfAdvancedDialog.cpp:287 +#: src/gui/pixAdvancedDialog.cpp:786 src/gui/pixAdvancedDialog.cpp:795 +#: src/gui/.ui/metriceditorpanel_q.cpp:76 src/gui/.ui/simpleinteditor_q.cpp:88 +#: src/gui/.ui/simpletexteditor_q.cpp:93 +msgid "Script Editor" +msgstr "スクリプトエディタ" + +#: src/gui/IPv4Dialog.cpp:159 src/gui/NetworkDialog.cpp:119 +#, qt-format +msgid "Illegal netmask '%1'" +msgstr "ä¸å½“ãªãƒãƒƒãƒˆãƒžã‚¹ã‚¯ '%1'" + +#: src/gui/IPv4Dialog.cpp:263 +#, qt-format +msgid "" +"DNS lookup failed for both names of the address object '%1' and the name of " +"the host '%2'." +msgstr "" + +#: src/gui/IPv4Dialog.cpp:270 +#, qt-format +msgid "DNS lookup failed for name of the address object '%1'." +msgstr "アドレスオブジェクト '%1' ã®åå‰ã‚’ DNS 解決ã«å¤±æ•—ã—ã¾ã—ãŸã€‚" + +#: src/gui/LibraryDialog.cpp:151 +msgid "Pick the color for this library" +msgstr "ã“ã®ãƒ©ã‚¤ãƒ–ラリã®è‰²ã‚’é¸æŠžã—ã¦ãã ã•ã„。" + +#: src/gui/listOfLibraries.cpp:142 +msgid "" +"The library file you are trying to open\n" +"has been saved in an older version of\n" +"Firewall Builder and needs to be upgraded.\n" +"To upgrade it, just load it in the Firewall\n" +"Builder GUI and save back to file again." +msgstr "" + +#: src/gui/newFirewallDialog.cpp:99 src/gui/.ui/newhostdialog_q.cpp:390 +msgid "" +"Check option 'dynamic address' for the interface that gets its IP address " +"dynamically via DHCP or PPP protocol." +msgstr "" + +#: src/gui/newFirewallDialog.cpp:100 src/gui/.ui/newhostdialog_q.cpp:389 +msgid "" +"Check option 'Unnumbered interface' for the interface that does not have an " +"IP address. Examples of interfaces of this kind are those used to terminate " +"PPPoE or VPN tunnels." +msgstr "" + +#: src/gui/newFirewallDialog.cpp:229 src/gui/newHostDialog.cpp:222 +msgid "Missing SNMP community string." +msgstr "SNMP コミュニティ文字列ãŒè¶³ã‚Šã¾ã›ã‚“。" + +#: src/gui/newFirewallDialog.cpp:248 src/gui/newHostDialog.cpp:241 +#, qt-format +msgid "Address of %1 could not be obtained via DNS" +msgstr "" + +#: src/gui/newFirewallDialog.cpp:422 +msgid "dynamic" +msgstr "ダイナミック" + +#: src/gui/newFirewallDialog.cpp:503 src/gui/newHostDialog.cpp:433 +#, qt-format +msgid "Interface: %1 (%2)" +msgstr "インターフェース: %1 (%2)" + +#: src/gui/newFirewallDialog.cpp:511 src/gui/newHostDialog.cpp:441 +#: src/gui/.ui/newfirewalldialog_q.cpp:514 src/gui/.ui/newhostdialog_q.cpp:404 +msgid "Dynamic address" +msgstr "ダイナミックアドレス" + +#: src/gui/newFirewallDialog.cpp:513 src/gui/newHostDialog.cpp:443 +#: src/gui/.ui/interfacedialog_q.cpp:254 +#: src/gui/.ui/newfirewalldialog_q.cpp:513 src/gui/.ui/newhostdialog_q.cpp:395 +msgid "Unnumbered interface" +msgstr "アンナンãƒãƒ¼ãƒ‰ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ãƒ¼ã‚¹" + +#: src/gui/newFirewallDialog.cpp:515 src/gui/.ui/interfacedialog_q.cpp:259 +#: src/gui/.ui/newfirewalldialog_q.cpp:512 +msgid "Bridge port" +msgstr "" + +#: src/gui/newFirewallDialog.cpp:555 src/gui/newHostDialog.cpp:480 +#, qt-format +msgid "Illegal address '%1/%2'" +msgstr "ä¸å½“ãªã‚¢ãƒ‰ãƒ¬ã‚¹ '%1/%2'" + +#: src/gui/ObjConflictResolutionDialog.cpp:63 +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:152 +msgid "Keep current object" +msgstr "ç¾åœ¨ã®ã‚ªãƒ–ジェクトをä¿æŒ" + +#: src/gui/ObjConflictResolutionDialog.cpp:64 +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:157 +msgid "Replace with this object" +msgstr "ã“ã®ã‚ªãƒ–ジェクトã¨ç½®æ›" + +#: src/gui/ObjConflictResolutionDialog.cpp:117 +#: src/gui/ObjConflictResolutionDialog.cpp:141 +#, fuzzy, qt-format +msgid "Object '%1' has been deleted" +msgstr "オブジェクト '%1' を削除ã—ã¾ã—ãŸã€‚" + +#: src/gui/ObjConflictResolutionDialog.cpp:176 +#, fuzzy, qt-format +msgid "Object '%1' in the objects tree" +msgstr "検索ã®ãƒ’ットãŒã‚ªãƒ–ジェクトツリーã®æœ€å¾Œã§ã™ã€‚" + +#: src/gui/ObjConflictResolutionDialog.cpp:178 +#: src/gui/ObjConflictResolutionDialog.cpp:180 +#, fuzzy, qt-format +msgid "Object '%1' in file %2" +msgstr "ファイル %2 中㮠オブジェクト '%1'" + +#: src/gui/ObjConflictResolutionDialog.cpp:297 +#: src/gui/.ui/findobjectwidget_q.cpp:191 +#, fuzzy +msgid "Next" +msgstr "å¦å®š" + +#: src/gui/ObjConflictResolutionDialog.cpp:299 +msgid "" +"The following two objects have the same internal ID but different attributes:" +msgstr "" + +#: src/gui/ObjConflictResolutionDialog.cpp:300 +msgid "Skip the rest but build report" +msgstr "" + +#: src/gui/ObjectEditor.cpp:437 +msgid "" +"Modifications done to this object can not be saved.\n" +"Do you want to continue editing it ?" +msgstr "" + +#: src/gui/ObjectEditor.cpp:438 src/gui/ObjectEditor.cpp:466 +#: src/gui/TCPServiceDialog.cpp:177 src/gui/TCPServiceDialog.cpp:185 +#: src/gui/UDPServiceDialog.cpp:119 src/gui/UDPServiceDialog.cpp:127 +#: src/gui/utils.cpp:221 +msgid "&Continue editing" +msgstr "編集を続ã‘ã‚‹(&C)" + +#: src/gui/ObjectEditor.cpp:465 +#, fuzzy +msgid "" +"This object has been modified but not saved.\n" +"Do you want to save it ?" +msgstr "" +"ã„ãã¤ã‹ã®ã‚ªãƒ–ジェクトã®ä¿®æ­£ãŒä¿å­˜ã•ã‚Œã¦ã„ã¾ã›ã‚“。\n" +"変更をä¿å­˜ã—ã¾ã™ã‹?" + +#: src/gui/ObjectManipulator.cpp:145 +msgid "Object Manipulator" +msgstr "オブジェクトマニピュレータ" + +#: src/gui/ObjectManipulator.cpp:161 +msgid "New &Library" +msgstr "æ–°è¦ãƒ©ã‚¤ãƒ–ラリ(&L)" + +#: src/gui/ObjectManipulator.cpp:164 +msgid "New &Firewall" +msgstr "æ–°è¦ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«(&F)" + +#: src/gui/ObjectManipulator.cpp:165 +msgid "New &Host" +msgstr "æ–°è¦ãƒ›ã‚¹ãƒˆ(&H)" + +#: src/gui/ObjectManipulator.cpp:166 +msgid "New &Interface" +msgstr "æ–°è¦ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ãƒ¼ã‚¹(&I)" + +#: src/gui/ObjectManipulator.cpp:168 +msgid "New &Network" +msgstr "æ–°è¦ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯(&N)" + +#: src/gui/ObjectManipulator.cpp:169 +msgid "New &Address" +msgstr "æ–°è¦ã‚¢ãƒ‰ãƒ¬ã‚¹(&A)" + +#: src/gui/ObjectManipulator.cpp:170 +msgid "New &DNS Name" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:171 +#, fuzzy +msgid "New A&ddress Table" +msgstr "æ–°è¦ã‚¢ãƒ‰ãƒ¬ã‚¹ãƒ¬ãƒ³ã‚¸" + +#: src/gui/ObjectManipulator.cpp:172 +msgid "New Address &Range" +msgstr "æ–°è¦ã‚¢ãƒ‰ãƒ¬ã‚¹ãƒ¬ãƒ³ã‚¸(&R)" + +#: src/gui/ObjectManipulator.cpp:173 +msgid "New &Object Group" +msgstr "æ–°è¦ã‚ªãƒ–ジェクトグループ(&O)" + +#: src/gui/ObjectManipulator.cpp:175 +msgid "New &Custom Service" +msgstr "æ–°è¦ã‚«ã‚¹ã‚¿ãƒ ã‚µãƒ¼ãƒ“ス(&C)" + +#: src/gui/ObjectManipulator.cpp:176 +msgid "New &IP Service" +msgstr "æ–°è¦ IP サービス(&I)" + +#: src/gui/ObjectManipulator.cpp:177 +msgid "New IC&MP Service" +msgstr "æ–°è¦ ICMP サービス(&M)" + +#: src/gui/ObjectManipulator.cpp:178 +msgid "New &TCP Service" +msgstr "æ–°è¦ TCP サービス(&T)" + +#: src/gui/ObjectManipulator.cpp:179 +msgid "New &UDP Service" +msgstr "æ–°è¦ UDP サービス(&D)" + +#: src/gui/ObjectManipulator.cpp:180 +#, fuzzy +msgid "New &TagService" +msgstr "æ–°è¦ TCP サービス(&T)" + +#: src/gui/ObjectManipulator.cpp:181 +msgid "New &Service Group" +msgstr "æ–°è¦ã‚µãƒ¼ãƒ“スグループ(&S)" + +#: src/gui/ObjectManipulator.cpp:183 +msgid "New Ti&me Interval" +msgstr "æ–°è¦æ™‚é–“é–“éš”(&M)" + +#: src/gui/ObjectManipulator.cpp:230 +msgid " ( read only )" +msgstr "( 読ã¿è¾¼ã¿å°‚用 )" + +#: src/gui/ObjectManipulator.cpp:498 +msgid "" +"The name of the object '%1' has changed. The program can also\n" +"rename IP address objects that belong to this object,\n" +"using standard naming scheme 'host_name:interface_name:ip'.\n" +"This makes it easier to distinguish what host or a firewall\n" +"given IP address object belongs to when it is used in \n" +"the policy or NAT rule. The program also renames MAC address\n" +"objects using scheme 'host_name:interface_name:mac'.\n" +"Do you want to rename child IP and MAC address objects now?\n" +"(If you click 'No', names of all address objects that belong to\n" +"%1 will stay the same.)" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:527 +msgid "" +"The name of the interface '%1' has changed. The program can also\n" +"rename IP address objects that belong to this interface,\n" +"using standard naming scheme 'host_name:interface_name:ip'.\n" +"This makes it easier to distinguish what host or a firewall\n" +"given IP address object belongs to when it is used in \n" +"the policy or NAT rule. The program also renames MAC address\n" +"objects using scheme 'host_name:interface_name:mac'.\n" +"Do you want to rename child IP and MAC address objects now?\n" +"(If you click 'No', names of all address objects that belong to\n" +"%1 will stay the same.)" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:874 +#, qt-format +msgid "place in library %1" +msgstr "ライブラリ %1 ã®ä¸­ã®å ´æ‰€" + +#: src/gui/ObjectManipulator.cpp:883 +#, qt-format +msgid "to library %1" +msgstr "ライブラリ %1 ã¸" + +#: src/gui/ObjectManipulator.cpp:893 +msgid "place here" +msgstr "ã“ã“ã®å ´æ‰€" + +#: src/gui/ObjectManipulator.cpp:896 +msgid "Duplicate ..." +msgstr "複製 ..." + +#: src/gui/ObjectManipulator.cpp:901 src/gui/ObjectManipulator.cpp:904 +msgid "Move ..." +msgstr "移動 ..." + +#: src/gui/ObjectManipulator.cpp:933 +msgid "Add Interface" +msgstr "æ–°è¦ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ãƒ¼ã‚¹" + +#: src/gui/ObjectManipulator.cpp:938 +msgid "Add IP Address" +msgstr "æ–°è¦ IP アドレス" + +#: src/gui/ObjectManipulator.cpp:940 +msgid "Add MAC Address" +msgstr "æ–°è¦ MAC アドレス" + +#: src/gui/ObjectManipulator.cpp:945 src/gui/.ui/newfirewalldialog_q.cpp:486 +msgid "New Firewall" +msgstr "æ–°è¦ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«" + +#: src/gui/ObjectManipulator.cpp:950 src/gui/ObjectManipulator.cpp:2515 +#: src/gui/ObjectManipulator.cpp:2531 +msgid "New Address" +msgstr "æ–°è¦ã‚¢ãƒ‰ãƒ¬ã‚¹" + +#: src/gui/ObjectManipulator.cpp:955 src/gui/ObjectManipulator.cpp:2546 +#, fuzzy +msgid "New DNS Name" +msgstr "æ–°è¦ RSA キー" + +#: src/gui/ObjectManipulator.cpp:961 src/gui/ObjectManipulator.cpp:2557 +#, fuzzy +msgid "New Address Table" +msgstr "æ–°è¦ã‚¢ãƒ‰ãƒ¬ã‚¹ãƒ¬ãƒ³ã‚¸" + +#: src/gui/ObjectManipulator.cpp:966 src/gui/ObjectManipulator.cpp:2624 +msgid "New Address Range" +msgstr "æ–°è¦ã‚¢ãƒ‰ãƒ¬ã‚¹ãƒ¬ãƒ³ã‚¸" + +#: src/gui/ObjectManipulator.cpp:970 src/gui/.ui/newhostdialog_q.cpp:377 +msgid "New Host" +msgstr "æ–°è¦ãƒ›ã‚¹ãƒˆ" + +#: src/gui/ObjectManipulator.cpp:974 src/gui/ObjectManipulator.cpp:2491 +msgid "New Network" +msgstr "æ–°è¦ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯" + +#: src/gui/ObjectManipulator.cpp:978 src/gui/ObjectManipulator.cpp:1006 +#: src/gui/.ui/newgroupdialog_q.cpp:97 +msgid "New Group" +msgstr "æ–°è¦ã‚°ãƒ«ãƒ¼ãƒ—" + +#: src/gui/ObjectManipulator.cpp:982 src/gui/ObjectManipulator.cpp:2647 +msgid "New Custom Service" +msgstr "æ–°è¦ã‚«ã‚¹ã‚¿ãƒ ã‚µãƒ¼ãƒ“ス" + +#: src/gui/ObjectManipulator.cpp:986 src/gui/ObjectManipulator.cpp:2658 +msgid "New IP Service" +msgstr "æ–°è¦ IP サービス" + +#: src/gui/ObjectManipulator.cpp:990 src/gui/ObjectManipulator.cpp:2669 +msgid "New ICMP Service" +msgstr "æ–°è¦ ICMP サービス" + +#: src/gui/ObjectManipulator.cpp:994 src/gui/ObjectManipulator.cpp:2680 +msgid "New TCP Service" +msgstr "æ–°è¦ TCP サービス" + +#: src/gui/ObjectManipulator.cpp:998 src/gui/ObjectManipulator.cpp:2691 +msgid "New UDP Service" +msgstr "æ–°è¦ UDP サービス" + +#: src/gui/ObjectManipulator.cpp:1002 src/gui/ObjectManipulator.cpp:2591 +#, fuzzy +msgid "New TagService" +msgstr "æ–°è¦ TCP サービス" + +#: src/gui/ObjectManipulator.cpp:1010 src/gui/ObjectManipulator.cpp:2714 +msgid "New Time Interval" +msgstr "æ–°è¦æ™‚é–“é–“éš”" + +#: src/gui/ObjectManipulator.cpp:1014 src/gui/.ui/finddialog_q.cpp:131 +#: src/gui/.ui/findwhereusedwidget_q.cpp:121 +msgid "Find" +msgstr "検索" + +#: src/gui/ObjectManipulator.cpp:1015 src/gui/RuleSetView.cpp:1672 +msgid "Where used" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1027 src/gui/.ui/groupobjectdialog_q.cpp:186 +#: src/gui/.ui/groupobjectdialog_q.cpp:187 +msgid "Group" +msgstr "グループ" + +#: src/gui/ObjectManipulator.cpp:1035 src/gui/.ui/FWBMainWindow_q.cpp:499 +#: src/gui/.ui/FWBMainWindow_q.cpp:500 src/gui/.ui/instdialog_q.cpp:79 +#: src/gui/.ui/instdialog_q.cpp:267 +msgid "Compile" +msgstr "コンパイル" + +#: src/gui/ObjectManipulator.cpp:1036 src/gui/.ui/FWBMainWindow_q.cpp:502 +#: src/gui/.ui/FWBMainWindow_q.cpp:503 src/gui/.ui/instdialog_q.cpp:81 +#: src/gui/.ui/instdialog_q.cpp:268 +msgid "Install" +msgstr "インストール" + +#: src/gui/ObjectManipulator.cpp:1043 src/gui/.ui/FWBMainWindow_q.cpp:561 +#: src/gui/.ui/FWBMainWindow_q.cpp:562 +#, fuzzy +msgid "Lock" +msgstr "ロックã—ãŸäºº" + +#: src/gui/ObjectManipulator.cpp:1045 src/gui/.ui/FWBMainWindow_q.cpp:563 +#: src/gui/.ui/FWBMainWindow_q.cpp:564 +msgid "Unlock" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1054 +msgid "dump" +msgstr "ダンプ" + +#: src/gui/ObjectManipulator.cpp:1087 +msgid "Undelete..." +msgstr "削除ã®å¾©æ´»" + +#: src/gui/ObjectManipulator.cpp:1576 +#, qt-format +msgid "" +"Impossible to insert object %1 (type %2) into %3\n" +"because of incompatible type." +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1743 +msgid "" +"Emptying the 'Deleted Objects' in a library file is not recommended.\n" +"When you remove deleted objects from a library file, Firewall Builder\n" +"loses ability to track them. If a group or a policy rule in some\n" +"data file still uses removed object from this library, you may encounter\n" +"unusual and unexpected behavior of the program.\n" +"Do you want to delete selected objects anyway ?" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1823 +#, qt-format +msgid "" +"When you delete a library, all objects that belong to it\n" +"disappear from the tree and all groups and rules that reference them.\n" +"You won't be able to reverse this operation later.\n" +"Do you still want to delete library %1?" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:2343 +#, qt-format +msgid "" +"Type '%1': new object can not be created because\n" +"corresponding branch is missing in the object tree.\n" +"Please repair the tree using command 'fwbedit -s -f file.fwb'." +msgstr "" + +#: src/gui/ObjectManipulator.cpp:2470 src/gui/ObjectManipulator.cpp:2473 +msgid "New Interface" +msgstr "æ–°è¦ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ãƒ¼ã‚¹" + +#: src/gui/ObjectManipulator.cpp:2635 +msgid "New Object Group" +msgstr "æ–°è¦ã‚ªãƒ–ジェクトグループ" + +#: src/gui/ObjectManipulator.cpp:2702 +msgid "New Service Group" +msgstr "æ–°è¦ã‚µãƒ¼ãƒ“スグループ" + +#: src/gui/ObjectManipulator.cpp:2821 +msgid "Searching for firewalls affected by the change..." +msgstr "" + +#: src/gui/ObjectTreeView.cpp:115 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:66 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:113 +#: src/gui/.ui/discoverydruid_q.cpp:748 src/gui/.ui/discoverydruid_q.cpp:1024 +#: src/gui/.ui/FWBMainWindow_q.cpp:575 +msgid "Object" +msgstr "オブジェクト" + +#: src/gui/pfAdvancedDialog.cpp:98 +msgid "Aggressive" +msgstr "アグレッシブ" + +#: src/gui/pfAdvancedDialog.cpp:100 +msgid "Conservative" +msgstr "コンサãƒãƒ†ã‚£ãƒ–" + +#: src/gui/pfAdvancedDialog.cpp:102 +msgid "For high latency" +msgstr "" + +#: src/gui/pfAdvancedDialog.cpp:104 +msgid "Normal" +msgstr "通常" + +#: src/gui/pixAdvancedDialog.cpp:130 +msgid "0 - System Unusable" +msgstr "0 - システム未使用" + +#: src/gui/pixAdvancedDialog.cpp:135 +msgid "1 - Take Immediate Action" +msgstr "1 - ã™ãã•ã¾å‡¦ç†ã‚’ã™ã‚‹" + +#: src/gui/pixAdvancedDialog.cpp:140 +msgid "2 - Critical Condition" +msgstr "2 - å±é™ºãªçŠ¶æ…‹" + +#: src/gui/pixAdvancedDialog.cpp:145 +msgid "3 - Error Message" +msgstr "3 - エラーメッセージ" + +#: src/gui/pixAdvancedDialog.cpp:150 +msgid "4 - Warning Message" +msgstr "4 - 警告メッセージ" + +#: src/gui/pixAdvancedDialog.cpp:155 +msgid "5 - Normal but significant condition" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:160 +msgid "6 - Informational" +msgstr "6 - 情報" + +#: src/gui/pixAdvancedDialog.cpp:165 +msgid "7 - Debug Message" +msgstr "7 - デãƒã‚°ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸" + +#: src/gui/pixAdvancedDialog.cpp:679 src/gui/pixAdvancedDialog.cpp:717 +msgid "Error: Policy compiler for PIX is not installed" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:703 +#, fuzzy +msgid "Compiler error" +msgstr "コンパイラー" + +#: src/gui/platforms.cpp:60 src/gui/.ui/ruleoptionsdialog_q.cpp:791 +msgid "alert" +msgstr "alert" + +#: src/gui/platforms.cpp:62 src/gui/.ui/ruleoptionsdialog_q.cpp:792 +msgid "crit" +msgstr "crit" + +#: src/gui/platforms.cpp:64 src/gui/.ui/pfadvanceddialog_q.cpp:1075 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:793 +msgid "error" +msgstr "error" + +#: src/gui/platforms.cpp:66 src/gui/.ui/ruleoptionsdialog_q.cpp:794 +msgid "warning" +msgstr "warning" + +#: src/gui/platforms.cpp:68 src/gui/.ui/ruleoptionsdialog_q.cpp:795 +msgid "notice" +msgstr "notice" + +#: src/gui/platforms.cpp:70 src/gui/.ui/ruleoptionsdialog_q.cpp:796 +msgid "info" +msgstr "info" + +#: src/gui/platforms.cpp:72 src/gui/.ui/ruleoptionsdialog_q.cpp:797 +msgid "debug" +msgstr "debug" + +#: src/gui/platforms.cpp:78 +msgid "kern" +msgstr "" + +#: src/gui/platforms.cpp:80 +msgid "user" +msgstr "" + +#: src/gui/platforms.cpp:82 +#, fuzzy +msgid "mail" +msgstr "通常" + +#: src/gui/platforms.cpp:84 +#, fuzzy +msgid "daemon" +msgstr "下" + +#: src/gui/platforms.cpp:86 +#, fuzzy +msgid "auth" +msgstr "パス" + +#: src/gui/platforms.cpp:88 +#, fuzzy +msgid "syslog" +msgstr "Syslog" + +#: src/gui/platforms.cpp:90 +msgid "lpr" +msgstr "" + +#: src/gui/platforms.cpp:92 +msgid "news" +msgstr "" + +#: src/gui/platforms.cpp:94 +#, fuzzy +msgid "uucp" +msgstr "上" + +#: src/gui/platforms.cpp:96 +#, fuzzy +msgid "cron" +msgstr "æ“作" + +#: src/gui/platforms.cpp:98 +msgid "authpriv" +msgstr "" + +#: src/gui/platforms.cpp:100 src/gui/.ui/pixadvanceddialog_q.cpp:1945 +msgid "ftp" +msgstr "ftp" + +#: src/gui/platforms.cpp:102 +msgid "local0" +msgstr "" + +#: src/gui/platforms.cpp:104 +msgid "local1" +msgstr "" + +#: src/gui/platforms.cpp:106 +msgid "local2" +msgstr "" + +#: src/gui/platforms.cpp:108 +msgid "local3" +msgstr "" + +#: src/gui/platforms.cpp:110 +msgid "local4" +msgstr "" + +#: src/gui/platforms.cpp:112 +msgid "local5" +msgstr "" + +#: src/gui/platforms.cpp:114 +msgid "local6" +msgstr "" + +#: src/gui/platforms.cpp:116 +msgid "local7" +msgstr "" + +#: src/gui/platforms.cpp:121 +msgid "ICMP admin prohibited" +msgstr "ICMP 管ç†ã¯ç¦æ­¢ã•ã‚Œã¾ã—ãŸã€‚" + +#: src/gui/platforms.cpp:123 +msgid "ICMP host prohibited" +msgstr "ICMP ホストã¯ç¦æ­¢ã•ã‚Œã¾ã—ãŸã€‚" + +#: src/gui/platforms.cpp:125 +msgid "ICMP host unreachable" +msgstr "ICMP ホストã«åˆ°é”ã—ã¾ã›ã‚“。" + +#: src/gui/platforms.cpp:127 +msgid "ICMP net prohibited" +msgstr "ICMP ãƒãƒƒãƒˆã¯ç¦æ­¢ã•ã‚Œã¾ã—ãŸã€‚" + +#: src/gui/platforms.cpp:129 +msgid "ICMP net unreachable" +msgstr "ICMP ãƒãƒƒãƒˆã«åˆ°é”ã—ã¾ã›ã‚“。" + +#: src/gui/platforms.cpp:131 +msgid "ICMP port unreachable" +msgstr "ICMP ãƒãƒ¼ãƒˆã«åˆ°é”ã—ã¾ã›ã‚“。" + +#: src/gui/platforms.cpp:133 +msgid "ICMP protocol unreachable" +msgstr "ICMP プロトコルã«åˆ°é”ã—ã¾ã›ã‚“。" + +#: src/gui/platforms.cpp:135 +msgid "TCP RST" +msgstr "TCP RST" + +#: src/gui/platforms.cpp:138 src/gui/.ui/actionsdialog_q.cpp:476 +#: src/gui/.ui/actionsdialog_q.cpp:483 +msgid "Route through" +msgstr "" + +#: src/gui/platforms.cpp:140 src/gui/.ui/actionsdialog_q.cpp:477 +#: src/gui/.ui/actionsdialog_q.cpp:484 +msgid "Route reply through" +msgstr "" + +#: src/gui/platforms.cpp:142 src/gui/.ui/actionsdialog_q.cpp:478 +#: src/gui/.ui/actionsdialog_q.cpp:485 +msgid "Route a copy through" +msgstr "" + +#: src/gui/platforms.cpp:145 src/gui/.ui/iptadvanceddialog_q.cpp:644 +msgid "on top of the script" +msgstr "" + +#: src/gui/platforms.cpp:147 src/gui/.ui/iptadvanceddialog_q.cpp:645 +msgid "after interface configuration" +msgstr "インターフェース設定ã®å¾Œ" + +#: src/gui/platforms.cpp:149 src/gui/.ui/iptadvanceddialog_q.cpp:646 +msgid "after policy reset" +msgstr "ãƒãƒªã‚·ãƒ¼ãƒªã‚»ãƒƒãƒˆã®å¾Œ" + +#: src/gui/platforms.cpp:152 +msgid "in the activation shell script" +msgstr "" + +#: src/gui/platforms.cpp:155 +msgid "in the pf rule file, at the very top" +msgstr "" + +#: src/gui/platforms.cpp:158 +msgid "in the pf rule file, after set comamnds" +msgstr "" + +#: src/gui/platforms.cpp:161 +msgid "in the pf rule file, after scrub comamnds" +msgstr "" + +#: src/gui/platforms.cpp:164 +msgid "in the pf rule file, after table definitions" +msgstr "" + +#: src/gui/platforms.cpp:169 src/gui/.ui/ruleoptionsdialog_q.cpp:807 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:823 +msgid "/day" +msgstr "/æ—¥" + +#: src/gui/platforms.cpp:171 src/gui/.ui/ruleoptionsdialog_q.cpp:808 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:824 +msgid "/hour" +msgstr "/時" + +#: src/gui/platforms.cpp:173 src/gui/.ui/ruleoptionsdialog_q.cpp:809 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:825 +msgid "/minute" +msgstr "/分" + +#: src/gui/platforms.cpp:175 src/gui/.ui/ruleoptionsdialog_q.cpp:810 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:826 +msgid "/second" +msgstr "/秒" + +#: src/gui/platforms.cpp:380 +msgid "- any -" +msgstr "- ä»»æ„ -" + +#: src/gui/platforms.cpp:381 +msgid "1.2.5 or earlier" +msgstr "1.2.5 以上" + +#: src/gui/platforms.cpp:382 +msgid "1.2.6 to 1.2.8" +msgstr "" + +#: src/gui/platforms.cpp:383 +msgid "1.2.9 to 1.2.11" +msgstr "" + +#: src/gui/platforms.cpp:384 +#, fuzzy +msgid "1.3.0 or later" +msgstr "1.2.9 以上" + +#: src/gui/platforms.cpp:401 +msgid "3.x" +msgstr "" + +#: src/gui/platforms.cpp:402 +msgid "4.x" +msgstr "" + +#: src/gui/platforms.cpp:518 +msgid "Accept" +msgstr "å—ç†" + +#: src/gui/platforms.cpp:520 +msgid "Deny" +msgstr "破棄" + +#: src/gui/platforms.cpp:522 +msgid "Reject" +msgstr "æ‹’å¦" + +#: src/gui/platforms.cpp:524 +msgid "Scrub" +msgstr "" + +#: src/gui/platforms.cpp:526 +msgid "Return" +msgstr "" + +#: src/gui/platforms.cpp:528 +#, fuzzy +msgid "Skip" +msgstr "スキップ" + +#: src/gui/platforms.cpp:530 src/gui/.ui/longtextdialog_q.cpp:96 +msgid "Continue" +msgstr "続ã‘ã‚‹" + +#: src/gui/platforms.cpp:532 +msgid "Modify" +msgstr "" + +#: src/gui/platforms.cpp:534 +msgid "Classify" +msgstr "" + +#: src/gui/platforms.cpp:536 +#, fuzzy +msgid "Custom" +msgstr "切りå–ã‚Š" + +#: src/gui/platforms.cpp:539 +#, fuzzy +msgid "Branch" +msgstr "戻る" + +#: src/gui/platforms.cpp:540 +msgid "Chain" +msgstr "" + +#: src/gui/platforms.cpp:541 +#, fuzzy +msgid "Anchor" +msgstr "著者" + +#: src/gui/platforms.cpp:545 +#, fuzzy +msgid "Accounting" +msgstr "アカウント" + +#: src/gui/platforms.cpp:546 +#, fuzzy +msgid "Count" +msgstr "切りå–ã‚Š" + +#: src/gui/platforms.cpp:550 +msgid "Tag" +msgstr "" + +#: src/gui/platforms.cpp:551 +#, fuzzy +msgid "Mark" +msgstr "マスク:" + +#: src/gui/platforms.cpp:555 +msgid "Pipe" +msgstr "" + +#: src/gui/platforms.cpp:556 +msgid "Queue" +msgstr "" + +#: src/gui/PrefsDialog.cpp:176 +msgid "Pick the color" +msgstr "色を摘出" + +#: src/gui/PrefsDialog.cpp:224 +msgid "Find working directory" +msgstr "作業ディレクトリã®æ¤œç´¢" + +#: src/gui/PrefsDialog.cpp:233 +msgid "Find Secure Shell utility" +msgstr "セキュアシェルユーティリティã®æ¤œç´¢" + +#: src/gui/PrefsDialog.cpp:284 +msgid "Find add-on library" +msgstr "アドオンライブラリã®æ¤œç´¢" + +#: src/gui/printerStream.cpp:132 +#, qt-format +msgid "Page %1" +msgstr "" + +#: src/gui/PrintingProgressDialog.cpp:48 +#, qt-format +msgid "Printing (page %1/%2)" +msgstr "" + +#: src/gui/PrintingProgressDialog.cpp:50 +#, qt-format +msgid "Printing page %1" +msgstr "" + +#: src/gui/PrintingProgressDialog.cpp:67 +msgid "Aborting print operation" +msgstr "" + +#: src/gui/RCS.cpp:498 src/gui/RCS.cpp:717 src/gui/RCS.cpp:800 +#, qt-format +msgid "Error checking file out: %1" +msgstr "ファイルå–り出ã—ã®æ¤œæŸ»ä¸­ã‚¨ãƒ©ãƒ¼: %1" + +#: src/gui/RCS.cpp:558 +#, qt-format +msgid "" +"Fatal error during initial RCS checkin of file %1 :\n" +" %2\n" +"Exit status %3" +msgstr "" + +#: src/gui/RCS.cpp:687 +msgid "Error creating temporary file " +msgstr "一時ファイルã®ä½œæˆã«å¤±æ•—ã—ã¾ã—㟠" + +#: src/gui/RCS.cpp:700 +msgid "Error writing to temporary file " +msgstr "維æŒå€¤ãƒ•ã‚¡ã‚¤ãƒ«ã®æ›¸ãè¾¼ã¿ã«å¤±æ•—ã—ã¾ã—㟠" + +#: src/gui/RCS.cpp:732 +#, qt-format +msgid "" +"File is opened and locked by %1.\n" +"You can only open it read-only." +msgstr "" +"ファイルã¯ã‚ªãƒ¼ãƒ—ン済ã¿ã§ %1 ã«ãƒ­ãƒƒã‚¯ã•ã‚Œã¦ã„ã¾ã™ã€‚ãã‚Œã¯èª­ã¿è¾¼ã¿å°‚用ã§ã®ã¿é–‹" +"ãã“ã¨ãŒå‡ºæ¥ã¾ã™ã€‚" + +#: src/gui/RCS.cpp:745 +#, qt-format +msgid "" +"Revision %1 of this file has been checked out and locked by you earlier.\n" +"The file may be opened in another copy of Firewall Builder or was left " +"opened\n" +"after the program crashed." +msgstr "" + +#: src/gui/RCS.cpp:748 +msgid "Open &read-only" +msgstr "読ã¿è¾¼ã¿å°‚用ã§é–‹ã(&O)" + +#: src/gui/RCS.cpp:748 +msgid "&Open and continue editing" +msgstr "読ã¿è¾¼ã‚“ã§ç·¨é›†ã‚’続ã‘ã‚‹(&O)" + +#: src/gui/RCS.cpp:991 +#, qt-format +msgid "Fatal error running rlog for %1" +msgstr "致命的ãªã‚¨ãƒ©ãƒ¼ã§ã€%1 ã® rlog を実行中ã§ã™ã€‚" + +#: src/gui/RCS.cpp:1031 +#, qt-format +msgid "Fatal error running rcsdiff for file %1" +msgstr "致命的ãªã‚¨ãƒ©ãƒ¼ã§ã™ã€‚ファイル %1 ã®rcsdiff を実行中ã§ã™ã€‚" + +#: src/gui/RCSFilePreview.cpp:137 +msgid "File is not in RCS" +msgstr "ファイル㌠RCS ã«ã‚ã‚Šã¾ã›ã‚“。" + +#: src/gui/RuleSetView.cpp:206 +msgid "A Rule Set" +msgstr "ルールセット" + +#: src/gui/RuleSetView.cpp:621 +msgid "Outbound " +msgstr "外å‘ã" + +#: src/gui/RuleSetView.cpp:707 +msgid "Original" +msgstr "オリジナル" + +#: src/gui/RuleSetView.cpp:708 +#, fuzzy +msgid "Default" +msgstr "削除" + +#: src/gui/RuleSetView.cpp:711 src/gui/.ui/instdialog_q.cpp:274 +msgid "All" +msgstr "" + +#: src/gui/RuleSetView.cpp:712 src/gui/RuleSetView.cpp:720 +#: src/gui/.ui/timedialog_q.cpp:245 src/gui/.ui/timedialog_q.cpp:262 +msgid "Any" +msgstr "ã™ã¹ã¦" + +#: src/gui/RuleSetView.cpp:1457 src/gui/RuleSetView.cpp:1717 +#: src/gui/RuleSetView.cpp:1745 src/gui/.ui/FWBMainWindow_q.cpp:521 +#: src/gui/.ui/FWBMainWindow_q.cpp:522 +msgid "Insert Rule" +msgstr "ルール挿入" + +#: src/gui/RuleSetView.cpp:1459 src/gui/RuleSetView.cpp:1473 +msgid "Paste Rule" +msgstr "ルール貼り付ã‘" + +#: src/gui/RuleSetView.cpp:1603 +#, fuzzy +msgid "Parameters" +msgstr "フラグメント" + +#: src/gui/RuleSetView.cpp:1620 +msgid "Inbound" +msgstr "内å‘ã" + +#: src/gui/RuleSetView.cpp:1624 +msgid "Outbound" +msgstr "外å‘ã" + +#: src/gui/RuleSetView.cpp:1628 +msgid "Both" +msgstr "両方" + +#: src/gui/RuleSetView.cpp:1637 +msgid "Rule Options" +msgstr "ルールオプション" + +#: src/gui/RuleSetView.cpp:1644 +msgid "Logging On" +msgstr "記録ã™ã‚‹" + +#: src/gui/RuleSetView.cpp:1648 +msgid "Logging Off" +msgstr "記録ã—ãªã„" + +#: src/gui/RuleSetView.cpp:1674 +#, fuzzy +msgid "Reveal in tree" +msgstr "ツリーã‹ã‚‰æ¤œç´¢" + +#: src/gui/RuleSetView.cpp:1677 +msgid "Negate" +msgstr "å¦å®š" + +#: src/gui/RuleSetView.cpp:1725 +#, qt-format +msgid "Rules: %1-%2" +msgstr "ルール: %1-%2" + +#: src/gui/RuleSetView.cpp:1728 +#, qt-format +msgid "Rule: %1" +msgstr "ルール: %1" + +#: src/gui/RuleSetView.cpp:1733 +msgid "Color Label:" +msgstr "色ラベル:" + +#: src/gui/RuleSetView.cpp:1747 src/gui/.ui/FWBMainWindow_q.cpp:527 +#: src/gui/.ui/FWBMainWindow_q.cpp:528 +msgid "Add Rule Below" +msgstr "下ã«ãƒ«ãƒ¼ãƒ«è¿½åŠ " + +#: src/gui/RuleSetView.cpp:1750 src/gui/.ui/FWBMainWindow_q.cpp:529 +#: src/gui/.ui/FWBMainWindow_q.cpp:530 +msgid "Remove Rule" +msgstr "ルール削除" + +#: src/gui/RuleSetView.cpp:1751 +msgid "Remove Rules" +msgstr "複数ルール削除" + +#: src/gui/RuleSetView.cpp:1754 +msgid "Move Rule" +msgstr "ルール移動" + +#: src/gui/RuleSetView.cpp:1755 +msgid "Move Rules" +msgstr "複数ルール移動" + +#: src/gui/RuleSetView.cpp:1761 src/gui/.ui/FWBMainWindow_q.cpp:532 +#: src/gui/.ui/FWBMainWindow_q.cpp:533 +msgid "Copy Rule" +msgstr "ルールコピー" + +#: src/gui/RuleSetView.cpp:1763 src/gui/.ui/FWBMainWindow_q.cpp:534 +#: src/gui/.ui/FWBMainWindow_q.cpp:535 +msgid "Cut Rule" +msgstr "ルール切りå–ã‚Š" + +#: src/gui/RuleSetView.cpp:1765 src/gui/.ui/FWBMainWindow_q.cpp:536 +#: src/gui/.ui/FWBMainWindow_q.cpp:537 +msgid "Paste Rule Above" +msgstr "上ã«ãƒ«ãƒ¼ãƒ«ã‚’貼り付ã‘" + +#: src/gui/RuleSetView.cpp:1767 src/gui/.ui/FWBMainWindow_q.cpp:538 +#: src/gui/.ui/FWBMainWindow_q.cpp:539 +msgid "Paste Rule Below" +msgstr "下ã«ãƒ«ãƒ¼ãƒ«ã‚’貼り付ã‘" + +#: src/gui/RuleSetView.cpp:1774 +msgid "Enable Rule" +msgstr "ルール有効" + +#: src/gui/RuleSetView.cpp:1775 +msgid "Enable Rules" +msgstr "ルール群有効" + +#: src/gui/RuleSetView.cpp:1779 +msgid "Disable Rule" +msgstr "ルール無効" + +#: src/gui/RuleSetView.cpp:1780 +msgid "Disable Rules" +msgstr "ルール群無効" + +#: src/gui/RuleSetView.cpp:3306 src/gui/RuleSetView.cpp:3396 +msgid "Source" +msgstr "ソース" + +#: src/gui/RuleSetView.cpp:3309 src/gui/RuleSetView.cpp:3399 +#: src/gui/RuleSetView.cpp:3559 +msgid "Destination" +msgstr "ディスティãƒãƒ¼ã‚·ãƒ§ãƒ³" + +#: src/gui/RuleSetView.cpp:3312 src/gui/RuleSetView.cpp:3402 +msgid "Service" +msgstr "サービス" + +#: src/gui/RuleSetView.cpp:3318 src/gui/RuleSetView.cpp:3405 +msgid "Direction" +msgstr "æ–¹å‘" + +#: src/gui/RuleSetView.cpp:3321 src/gui/RuleSetView.cpp:3408 +msgid "Action" +msgstr "æ“作" + +#: src/gui/RuleSetView.cpp:3326 src/gui/RuleSetView.cpp:3413 +#: src/gui/.ui/timedialog_q.cpp:241 +msgid "Time" +msgstr "時間" + +#: src/gui/RuleSetView.cpp:3332 src/gui/RuleSetView.cpp:3419 +#: src/gui/RuleSetView.cpp:3499 src/gui/RuleSetView.cpp:3571 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:206 +#: src/gui/.ui/linux24advanceddialog_q.cpp:415 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:184 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:198 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1854 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:308 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:212 +msgid "Options" +msgstr "オプション" + +#: src/gui/RuleSetView.cpp:3336 src/gui/RuleSetView.cpp:3423 +#: src/gui/RuleSetView.cpp:3502 src/gui/RuleSetView.cpp:3574 +msgid "Comment" +msgstr "コメント" + +#: src/gui/RuleSetView.cpp:3481 +msgid "Original Src" +msgstr "オリジナルソース" + +#: src/gui/RuleSetView.cpp:3484 +msgid "Original Dst" +msgstr "オリジナルディスティãƒãƒ¼ã‚·ãƒ§ãƒ³" + +#: src/gui/RuleSetView.cpp:3487 +msgid "Original Srv" +msgstr "オリジナルサービス" + +#: src/gui/RuleSetView.cpp:3490 +msgid "Translated Src" +msgstr "転é€å…ƒã‚½ãƒ¼ã‚¹" + +#: src/gui/RuleSetView.cpp:3493 +msgid "Translated Dst" +msgstr "転é€å…ˆ" + +#: src/gui/RuleSetView.cpp:3496 +msgid "Translated Srv" +msgstr "転é€ã‚µãƒ¼ãƒ“ス" + +#: src/gui/RuleSetView.cpp:3562 +#, fuzzy +msgid "Gateway" +msgstr "ゲートウェイãƒãƒ¼ãƒˆ" + +#: src/gui/RuleSetView.cpp:3568 +#, fuzzy +msgid "Metric" +msgstr "サービス" + +#: src/gui/SimpleTextEditor.cpp:71 +#, fuzzy +msgid "Choose file" +msgstr "インãƒãƒ¼ãƒˆã™ã‚‹ãƒ•ã‚¡ã‚¤ãƒ«ã‚’é¸ã‚“ã§ãã ã•ã„。" + +#: src/gui/SSHPIX.cpp:136 src/gui/SSHUnx.cpp:95 +#, fuzzy +msgid "" +"\n" +"*** Fatal error :" +msgstr "*** 致命的ãªã‚¨ãƒ©ãƒ¼ :" + +#: src/gui/SSHPIX.cpp:170 src/gui/SSHUnx.cpp:151 +#, fuzzy +msgid "Logged in" +msgstr "ログイン\n" + +#: src/gui/SSHPIX.cpp:171 +#, fuzzy +msgid "Switching to enable mode..." +msgstr "有効モードã«åˆ‡ã‚Šæ›¿ãˆä¸­...\n" + +#: src/gui/SSHPIX.cpp:205 src/gui/SSHUnx.cpp:176 +msgid "New RSA key" +msgstr "æ–°è¦ RSA キー" + +#: src/gui/SSHPIX.cpp:206 src/gui/SSHUnx.cpp:177 +msgid "Yes" +msgstr "ã¯ã„" + +#: src/gui/SSHPIX.cpp:206 src/gui/SSHUnx.cpp:177 +msgid "No" +msgstr "ã„ã„ãˆ" + +#: src/gui/SSHPIX.cpp:252 +msgid "In enable mode." +msgstr "有効モード中ã§ã™ã€‚" + +#: src/gui/SSHPIX.cpp:387 src/gui/SSHPIX.cpp:783 +msgid "Pushing firewall configuration" +msgstr "" + +#: src/gui/SSHPIX.cpp:424 +#, qt-format +msgid "Rule %1" +msgstr "ルール %1" + +#: src/gui/SSHPIX.cpp:450 +#, fuzzy +msgid "End" +msgstr "終了:" + +#: src/gui/SSHPIX.cpp:532 +msgid "Making backup copy of the firewall configuration" +msgstr "ファイアウォール設定ã®ãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—コピー作æˆä¸­" + +#: src/gui/SSHPIX.cpp:596 +msgid "*** Clearing unused access lists" +msgstr "*** 未使用アクセス一覧ã®æ¶ˆåŽ»ä¸­" + +#: src/gui/SSHPIX.cpp:661 +msgid "*** Clearing unused object groups" +msgstr "*** 未使用オブジェクトグループã®æ¶ˆåŽ»ä¸­" + +#: src/gui/SSHPIX.cpp:681 +msgid "*** End " +msgstr "*** 終了" + +#: src/gui/SSHPIX.cpp:692 +msgid "Reading current firewall configuration" +msgstr "ç¾åœ¨ã®ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«è¨­å®šã®èª­ã¿è¾¼ã¿ä¸­" + +#: src/gui/SSHPIX.cpp:717 +msgid "Generating configuration diff" +msgstr "設定ã®å·®åˆ†ã‚’生æˆä¸­" + +#: src/gui/SSHPIX.cpp:732 +#, qt-format +msgid "Fork failed for %1" +msgstr "%1 ã®ãƒ•ã‚©ãƒ¼ã‚¯ã«å¤±æ•—ã—ã¾ã—ãŸ" + +#: src/gui/SSHPIX.cpp:738 +msgid "Not enough memory." +msgstr "メモリãŒã‚ã‚Šã¾ã›ã‚“。" + +#: src/gui/SSHPIX.cpp:743 +msgid "Too many opened file descriptors in the system." +msgstr "システムã§ãƒ•ã‚¡ã‚¤ãƒ«ãƒ‡ã‚£ã‚¹ã‚¯ãƒªãƒ—ã‚¿ã‚’é–‹ãã™ãŽã¦ã„ã¾ã™ã€‚" + +#: src/gui/SSHPIX.cpp:769 +msgid "Empty configuration diff" +msgstr "設定ã®å·®åˆ†ãŒã‚ã‚Šã¾ã›ã‚“" + +#: src/gui/SSHSession.cpp:90 +#, qt-format +msgid "" +"You are connecting to the firewall '%1' for the first time. It has " +"provided you its identification in a form of its host public key. The " +"fingerprint of the host public key is: \"%2\" You can save the host key to " +"the local database by pressing YES, or you can cancel connection by pressing " +"NO. You should press YES only if you are sure you are really connected to " +"the firewall '%3'." +msgstr "" + +#: src/gui/SSHSession.cpp:180 +msgid "Failed to start ssh" +msgstr "ssh ã®é–‹å§‹ã«å¤±æ•—ã—ã¾ã—ãŸã€‚" + +#: src/gui/SSHSession.cpp:498 +msgid "ERROR" +msgstr "エラー" + +#: src/gui/SSHSession.cpp:498 src/gui/.ui/filepropdialog_q.cpp:126 +#: src/gui/.ui/instoptionsdialog_q.cpp:285 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1825 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:309 +#: src/gui/.ui/simpleinteditor_q.cpp:91 src/gui/.ui/simpletexteditor_q.cpp:95 +msgid "OK" +msgstr "OK" + +#: src/gui/SSHSession.cpp:500 +#, qt-format +msgid "SSH session terminated, exit status: %1" +msgstr "SSH 接続ãŒåˆ‡æ–­ã—ã¾ã—ãŸã€‚終了ステータス: %1" + +#: src/gui/SSHUnx.cpp:236 +msgid "Done" +msgstr "終了ã—ã¾ã—ãŸ" + +#: src/gui/SSHUnx.cpp:248 +msgid "Error in SSH" +msgstr "SSH ã®ã‚¨ãƒ©ãƒ¼" + +#: src/gui/StartWizard.cpp:106 +#, qt-format +msgid "File %1 is read-only, you can not save changes to it." +msgstr "ファイル %1 ã¯èª­ã¿è¾¼ã¿å°‚用ã§ã™ã€‚変更をä¿å­˜ã™ã‚‹ã“ã¨ãŒå‡ºæ¥ã¾ã›ã‚“ã§ã—ãŸã€‚" + +#: src/gui/StartWizard.cpp:171 +#, qt-format +msgid "" +"Error opening file:\n" +"%1" +msgstr "" +"ファイルを開ãã“ã¨ãŒå‡ºæ¥ã¾ã›ã‚“:\n" +"%1" + +#: src/gui/TCPServiceDialog.cpp:176 src/gui/UDPServiceDialog.cpp:118 +msgid "Invalid range defined for the source port." +msgstr "" + +#: src/gui/TCPServiceDialog.cpp:184 src/gui/UDPServiceDialog.cpp:126 +msgid "Invalid range defined for the destination port." +msgstr "" + +#: src/gui/TimeDialog.cpp:68 src/gui/TimeDialog.cpp:69 +#: src/gui/.ui/timedialog_q.cpp:256 src/gui/.ui/timedialog_q.cpp:259 +#, fuzzy +msgid "(M/D/Y)" +msgstr "日付 (月/æ—¥/å¹´):" + +#: src/gui/TimeDialog.cpp:73 src/gui/TimeDialog.cpp:74 +#, fuzzy +msgid "(D/M/Y)" +msgstr "日付 (æ—¥/月/å¹´):" + +#: src/gui/TimeDialog.cpp:78 src/gui/TimeDialog.cpp:79 +#, fuzzy +msgid "(Y/M/D)" +msgstr "日付 (å¹´/æ—¥/月):" + +#: src/gui/TimeDialog.cpp:83 src/gui/TimeDialog.cpp:84 +#, fuzzy +msgid "(Y/D/M)" +msgstr "日付 (å¹´/æ—¥/月)" + +#: src/gui/.ui/aboutdialog_q.cpp:136 src/gui/.ui/aboutdialog_q.cpp:137 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:109 +#: src/gui/.ui/FWBMainWindow_q.cpp:439 +msgid "Firewall Builder" +msgstr "ファイアウォールビルダー" + +#: src/gui/.ui/aboutdialog_q.cpp:138 +msgid "Using libfwbuilder API v" +msgstr "試用中㮠libfwbuilder API ãƒãƒ¼ã‚¸ãƒ§ãƒ³" + +#: src/gui/.ui/aboutdialog_q.cpp:139 +msgid "Revision: " +msgstr "リビジョン: " + +#: src/gui/.ui/aboutdialog_q.cpp:140 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:187 +#: src/gui/.ui/ipfadvanceddialog_q.cpp:547 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:351 +#: src/gui/.ui/iptadvanceddialog_q.cpp:599 +#: src/gui/.ui/linksysadvanceddialog_q.cpp:196 +#: src/gui/.ui/linux24advanceddialog_q.cpp:366 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:165 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:173 +#: src/gui/.ui/pagesetupdialog_q.cpp:108 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1000 src/gui/.ui/prefsdialog_q.cpp:364 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:183 +msgid "&OK" +msgstr "&OK" + +#: src/gui/.ui/aboutdialog_q.cpp:142 +#, fuzzy +msgid "Copyright 2002-2006 NetCitadel, LLC" +msgstr "Copyright 2002-2004 NetCitadel, LLC" + +#: src/gui/.ui/aboutdialog_q.cpp:143 +#, fuzzy +msgid "" +"

    http://www." +"fwbuilder.org

    " +msgstr "http://www.fwbuilder.org" + +#: src/gui/.ui/actionsdialog_q.cpp:451 +msgid "Actions Dialog" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:452 +msgid "fw/rule num/action" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:453 +msgid "Tag string:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:454 +msgid "" +"If rule action is 'Reject', this option defines firewall's reaction to the " +"packet matching the rule" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:455 +msgid "This action has no parameters." +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:456 +msgid "Tag value:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:457 +msgid "Mark connections created by packets that match this rule" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:458 +msgid "Requires CONNMARK target" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:459 +msgid "" +"Note: this action translates into MARK target for iptables. Normally this " +"target is non-terminating, that is, other rules with Classify or Tag actions " +"belog this one will process the same packet. However, Firewall Builder can " +"emulate terminating behavior for this action. Option in the \"compiler\" tab " +"of the firewall object properties dialog activates emulation." +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:460 +msgid "Emulation is currently ON, the rule will be terminating" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:461 +msgid "" +"Rule name for accounting. (white spaces and special characters are not " +"allowed)" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:462 +msgid "Packet classification can be implemented in different ways:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:464 +msgid "use dummynet(4) 'pipe'" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:465 +msgid "use dummynet(4) 'queue'" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:466 +msgid "Pipe or queue number:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:467 +#, fuzzy +msgid "Custom string:" +msgstr "テキスト文字列を使用ã™ã‚‹" + +#: src/gui/.ui/actionsdialog_q.cpp:468 +msgid "Classify string:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:469 +msgid "" +"Note: CLASSIFY target in iptables is non-terminating, that is other rules " +"with Classify or Mark target below this will process the same packet. " +"However, Firewall Builder can emulate terminating behavior for this action. " +"Emulation is activated by an option in the \"compiler\" tab of the firewall " +"object properties dialog." +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:471 +#, fuzzy +msgid "Divert socket port number:" +msgstr "プロトコル番å·:" + +#: src/gui/.ui/actionsdialog_q.cpp:472 +msgid "User-defined chain name:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:473 +msgid "" +"In addition to 'filter', create branching rule in 'mangle' table as well" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:474 +#, fuzzy +msgid "Anchor name:" +msgstr "æ“作" + +#: src/gui/.ui/actionsdialog_q.cpp:479 src/gui/.ui/actionsdialog_q.cpp:486 +#, fuzzy +msgid "interface" +msgstr "インターフェース" + +#: src/gui/.ui/actionsdialog_q.cpp:480 src/gui/.ui/actionsdialog_q.cpp:487 +msgid "next hop" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:481 +msgid "Fastroute" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:488 +#, fuzzy +msgid "Change inbound interface to" +msgstr "インターフェンス管ç†" + +#: src/gui/.ui/actionsdialog_q.cpp:489 +msgid "Route through gateway" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:490 +#, fuzzy +msgid "Change outbound interface to" +msgstr "インターフェンス管ç†" + +#: src/gui/.ui/actionsdialog_q.cpp:491 +#, fuzzy +msgid "Continue packet inspection" +msgstr "続ã‘ã‚‹(&C)" + +#: src/gui/.ui/actionsdialog_q.cpp:492 +msgid "Make a copy" +msgstr "" + +#: src/gui/.ui/addressrangedialog_q.cpp:162 +#: src/gui/.ui/addressrangedialog_q.cpp:163 +msgid "Address Range" +msgstr "アドレスレンジ" + +#: src/gui/.ui/addressrangedialog_q.cpp:164 +#: src/gui/.ui/addresstabledialog_q.cpp:198 +#: src/gui/.ui/customservicedialog_q.cpp:179 +#: src/gui/.ui/dnsnamedialog_q.cpp:173 src/gui/.ui/firewalldialog_q.cpp:215 +#: src/gui/.ui/groupobjectdialog_q.cpp:188 src/gui/.ui/hostdialog_q.cpp:149 +#: src/gui/.ui/icmpservicedialog_q.cpp:169 +#: src/gui/.ui/interfacedialog_q.cpp:233 src/gui/.ui/ipservicedialog_q.cpp:210 +#: src/gui/.ui/ipv4dialog_q.cpp:171 src/gui/.ui/librarydialog_q.cpp:141 +#: src/gui/.ui/networkdialog_q.cpp:165 src/gui/.ui/physaddressdialog_q.cpp:154 +#: src/gui/.ui/tagservicedialog_q.cpp:149 +#: src/gui/.ui/tcpservicedialog_q.cpp:372 src/gui/.ui/timedialog_q.cpp:271 +#: src/gui/.ui/udpservicedialog_q.cpp:223 +msgid "Comment:" +msgstr "コメント:" + +#: src/gui/.ui/addressrangedialog_q.cpp:165 +msgid "Range End:" +msgstr "レンジ終了" + +#: src/gui/.ui/addressrangedialog_q.cpp:166 +msgid "Range Start:" +msgstr "レンジ開始" + +#: src/gui/.ui/addressrangedialog_q.cpp:167 +#: src/gui/.ui/addresstabledialog_q.cpp:200 +#: src/gui/.ui/customservicedialog_q.cpp:180 +#: src/gui/.ui/dnsnamedialog_q.cpp:178 src/gui/.ui/firewalldialog_q.cpp:216 +#: src/gui/.ui/groupobjectdialog_q.cpp:193 src/gui/.ui/hostdialog_q.cpp:147 +#: src/gui/.ui/icmpservicedialog_q.cpp:170 +#: src/gui/.ui/interfacedialog_q.cpp:234 src/gui/.ui/ipservicedialog_q.cpp:219 +#: src/gui/.ui/ipv4dialog_q.cpp:172 src/gui/.ui/librarydialog_q.cpp:139 +#: src/gui/.ui/networkdialog_q.cpp:166 src/gui/.ui/newfirewalldialog_q.cpp:516 +#: src/gui/.ui/newhostdialog_q.cpp:392 src/gui/.ui/physaddressdialog_q.cpp:151 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:820 +#: src/gui/.ui/tagservicedialog_q.cpp:151 +#: src/gui/.ui/tcpservicedialog_q.cpp:398 src/gui/.ui/timedialog_q.cpp:272 +#: src/gui/.ui/udpservicedialog_q.cpp:231 +msgid "Name:" +msgstr "åå‰:" + +#: src/gui/.ui/addressrangedialog_q.cpp:168 +#: src/gui/.ui/addresstabledialog_q.cpp:199 +#: src/gui/.ui/customservicedialog_q.cpp:181 +#: src/gui/.ui/dnsnamedialog_q.cpp:177 src/gui/.ui/firewalldialog_q.cpp:217 +#: src/gui/.ui/groupobjectdialog_q.cpp:192 src/gui/.ui/hostdialog_q.cpp:148 +#: src/gui/.ui/icmpservicedialog_q.cpp:171 +#: src/gui/.ui/interfacedialog_q.cpp:236 src/gui/.ui/ipservicedialog_q.cpp:218 +#: src/gui/.ui/ipv4dialog_q.cpp:173 src/gui/.ui/networkdialog_q.cpp:167 +#: src/gui/.ui/newgroupdialog_q.cpp:98 src/gui/.ui/physaddressdialog_q.cpp:152 +#: src/gui/.ui/tagservicedialog_q.cpp:150 +#: src/gui/.ui/tcpservicedialog_q.cpp:399 src/gui/.ui/timedialog_q.cpp:273 +#: src/gui/.ui/udpservicedialog_q.cpp:230 +msgid "Library:" +msgstr "ライブラリ:" + +#: src/gui/.ui/addresstabledialog_q.cpp:196 +#: src/gui/.ui/addresstabledialog_q.cpp:197 +#, fuzzy +msgid "Address Table" +msgstr "アドレスレンジ" + +#: src/gui/.ui/addresstabledialog_q.cpp:202 +#: src/gui/.ui/dnsnamedialog_q.cpp:175 +#, fuzzy +msgid "Compile Time" +msgstr "コンパイル" + +#: src/gui/.ui/addresstabledialog_q.cpp:203 +#: src/gui/.ui/dnsnamedialog_q.cpp:176 +#, fuzzy +msgid "Run Time" +msgstr "時間" + +#: src/gui/.ui/addresstabledialog_q.cpp:204 +#, fuzzy +msgid "File name:" +msgstr "ファイルå: %1" + +#: src/gui/.ui/addresstabledialog_q.cpp:205 +#: src/gui/.ui/addresstabledialog_q.cpp:206 +#, fuzzy +msgid "Browse" +msgstr "閲覧..." + +#: src/gui/.ui/addresstabledialog_q.cpp:207 +#, fuzzy +msgid "Preview" +msgstr "RCS ファイルプレビュー" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:87 +msgid "Enter New Position For The Rule" +msgstr "ルールã®<æ–°ã—ã„ä½ç½®ã‚’入力ã™ã‚‹" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:88 +msgid "Enter new position for selected rules:" +msgstr "é¸æŠžã•ã‚ŒãŸãƒ«ãƒ¼ãƒ«ç¾¤ã®æ–°ã—ã„ä½ç½®ã‚’入力ã™ã‚‹" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:89 +msgid "&Move" +msgstr "移動(&M)" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:90 +msgid "Alt+M" +msgstr "Alt+M" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:92 src/gui/.ui/debugdialog_q.cpp:76 +#: src/gui/.ui/execdialog_q.cpp:96 src/gui/.ui/pagesetupdialog_q.cpp:111 +msgid "Alt+C" +msgstr "Alt+C" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:108 src/gui/.ui/prefsdialog_q.cpp:401 +msgid "Orange" +msgstr "オレンジ色" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:110 src/gui/.ui/prefsdialog_q.cpp:408 +msgid "Green" +msgstr "緑色" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:112 src/gui/.ui/prefsdialog_q.cpp:406 +msgid "Purple" +msgstr "紫色" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:114 src/gui/.ui/prefsdialog_q.cpp:398 +msgid "Blue" +msgstr "é’色" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:116 src/gui/.ui/prefsdialog_q.cpp:399 +msgid "Yellow" +msgstr "黄色" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:118 src/gui/.ui/prefsdialog_q.cpp:409 +msgid "Gray" +msgstr "ç°è‰²" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:120 src/gui/.ui/prefsdialog_q.cpp:397 +msgid "Red" +msgstr "赤色" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:122 +msgid "No color" +msgstr "色ãªã—" + +#: src/gui/.ui/commenteditorpanel_q.cpp:95 +#, fuzzy +msgid "Comment Editor Panel" +msgstr "コメントエディタ" + +#: src/gui/.ui/commenteditorpanel_q.cpp:96 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:155 +#: src/gui/.ui/routingruleoptionsdialog_q.cpp:119 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:784 +msgid "fw/rule num" +msgstr "" + +#: src/gui/.ui/commenteditorpanel_q.cpp:98 +#: src/gui/.ui/simpletexteditor_q.cpp:97 +msgid "Import from file ..." +msgstr "ファイルã‹ã‚‰ã‚¤ãƒ³ãƒãƒ¼ãƒˆ ..." + +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:67 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:114 +#, fuzzy +msgid "Parent" +msgstr "å°åˆ·" + +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:68 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:115 +#: src/gui/.ui/findwhereusedwidget_q.cpp:63 +#: src/gui/.ui/findwhereusedwidget_q.cpp:120 +#, fuzzy +msgid "Details" +msgstr "ils" + +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:112 +msgid "" +"Groups and firewall policy rules shown in the list below reference objects " +"you are about to delete. If you delete objects, they will be removed from " +"these groups and rules." +msgstr "" + +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:116 +msgid "" +"Deleted objects are moved to the \"Deleted objects\" library. You can " +"recover them later by moving back to the user's library. However if you " +"delete an object already located in the \"Deleted objects\" library, it is " +"destroyed and can not be restored." +msgstr "" + +#: src/gui/.ui/customservicedialog_q.cpp:182 +msgid "" +"Custom service object has separate code string for each supported firewall " +"platform." +msgstr "" + +#: src/gui/.ui/customservicedialog_q.cpp:183 +#: src/gui/.ui/discoverydruid_q.cpp:940 src/gui/.ui/firewalldialog_q.cpp:218 +msgid "Platform:" +msgstr "プラットフォーム:" + +#: src/gui/.ui/customservicedialog_q.cpp:184 +#: src/gui/.ui/tagservicedialog_q.cpp:152 +msgid "Code:" +msgstr "コード:" + +#: src/gui/.ui/debugdialog_q.cpp:74 +msgid "Debugging Info" +msgstr "デãƒã‚°æƒ…å ±" + +#: src/gui/.ui/debugdialog_q.cpp:75 src/gui/.ui/execdialog_q.cpp:95 +#: src/gui/.ui/FWBMainWindow_q.cpp:498 +msgid "&Close" +msgstr "é–‰ã˜ã‚‹(&C)" + +#: src/gui/.ui/discoverydruid_q.cpp:750 src/gui/.ui/discoverydruid_q.cpp:1025 +#, fuzzy +msgid "Interfaces" +msgstr "インターフェース" + +#: src/gui/.ui/discoverydruid_q.cpp:752 src/gui/.ui/discoverydruid_q.cpp:1026 +#: src/gui/.ui/filterdialog_q.cpp:91 src/gui/.ui/filterdialog_q.cpp:164 +#, fuzzy +msgid "Type" +msgstr "種類: " + +#: src/gui/.ui/discoverydruid_q.cpp:921 src/gui/.ui/FWBMainWindow_q.cpp:565 +#: src/gui/.ui/FWBMainWindow_q.cpp:566 +msgid "Discovery Druid" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:922 +msgid "" +"Choose discovery method used to collect information about network objects " +"from the list below and click 'Next' to continue." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:923 +msgid "Discovery method:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:924 +msgid "Read file in hosts format" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:925 src/gui/.ui/discoverydruid_q.cpp:948 +msgid "Import DNS zone" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:926 +msgid "Perform network discovery using SNMP" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:927 src/gui/.ui/discoverydruid_q.cpp:942 +msgid "Import configuration of a firewall or a router" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:928 +msgid "Discovery Method" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:929 +msgid "Enter full path and file name below or click \"Browse\" to find it:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:930 +msgid "File in hosts format" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:931 +#, fuzzy +msgid "Browse ..." +msgstr "閲覧..." + +#: src/gui/.ui/discoverydruid_q.cpp:932 +msgid "Reading file in hosts format" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:933 +msgid "" +"All objects created during import will be placed in the library currently " +"opened in the tree." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:934 +msgid "" +"Policy import tries to parse given configuration file and preserve its logic " +"as close as possible. However, very often target firewall configuration " +"allows for more commands, options and their combinations than importer can " +"understand. Rules that importer could not parse exactly are colored red in " +"the rule sets it creates. Always inspect firewall policy created by the " +"importer and compare it with the original. Manual changes and corrections " +"may be required. Comments in the rules that could not be parsed show " +"fragments of the original configuration parser did not understand." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:935 +#, fuzzy +msgid "Import from file: " +msgstr "ファイルã‹ã‚‰ã‚¤ãƒ³ãƒãƒ¼ãƒˆ ..." + +#: src/gui/.ui/discoverydruid_q.cpp:936 src/gui/.ui/prefsdialog_q.cpp:380 +#: src/gui/.ui/prefsdialog_q.cpp:385 +msgid "Browse..." +msgstr "閲覧..." + +#: src/gui/.ui/discoverydruid_q.cpp:938 +msgid "Cisco IOS" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:939 +#, fuzzy +msgid "iptables" +msgstr "iptables:" + +#: src/gui/.ui/discoverydruid_q.cpp:941 +#: src/gui/.ui/printingprogressdialog_q.cpp:75 +#, fuzzy +msgid "textLabel1" +msgstr "ラベル" + +#: src/gui/.ui/discoverydruid_q.cpp:943 +msgid "" +"This discovery method creates objects for all 'A' records found in DNS " +"domain. You will later have a chance to accept only those objects you wish " +"and ignore others.\n" +"Please enter the domain name below:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:945 +#, fuzzy +msgid "Domain name" +msgstr "æ“作" + +#: src/gui/.ui/discoverydruid_q.cpp:946 +msgid "" +"Objects created using this method may have long or short names. long name " +"consists of the host name and full domain name (this is called Fully " +"Qualified Domain Name). Short name consists of only host name. Check in " +"the box below if you wish to use long name, then click next to continue:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:947 +#, fuzzy +msgid "Use long names" +msgstr "ユーザーå:" + +#: src/gui/.ui/discoverydruid_q.cpp:949 +msgid "" +"DNS zone information has to be transferred from the name server " +"authoritative for the domain. Pick the name server:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:950 src/gui/.ui/discoverydruid_q.cpp:957 +#, fuzzy +msgid "Name server" +msgstr "SNMP サーãƒãƒ¼" + +#: src/gui/.ui/discoverydruid_q.cpp:951 +msgid "choose name server from the list below" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:952 +msgid "server name or its IP address here if you wish to use different one:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:954 +#, fuzzy +msgid "DNS Query options" +msgstr "ルールオプション" + +#: src/gui/.ui/discoverydruid_q.cpp:955 +#, fuzzy +msgid "Timeout (sec)" +msgstr "TCP FIN タイムアウト(秒)" + +#: src/gui/.ui/discoverydruid_q.cpp:956 +#, fuzzy +msgid "Retries" +msgstr "サービス" + +#: src/gui/.ui/discoverydruid_q.cpp:958 +msgid "" +"This discovery method scans networks looking for hosts or gateways " +"responding to SNMP queries. It pulls host's ARP table and uses all the " +"entries found in it to create objects. Scan starts from the host called " +"\"seed\". Enter \"seed\" host name or address below:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:959 +msgid "'Seed' host" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:961 +#, fuzzy +msgid "Enter a valid host name or address." +msgstr "Syslog ホスト (åå‰ã‹ IP アドレス):" + +#: src/gui/.ui/discoverydruid_q.cpp:962 +msgid "" +"The scanner process can be confined to a certain network, so it won't " +"discover hosts on adjacent networks. If you leave these fields blank, " +"scanner will visit all networks it can find:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:963 +msgid "Confine scan to this network:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:964 src/gui/.ui/ipv4dialog_q.cpp:175 +#: src/gui/.ui/networkdialog_q.cpp:168 src/gui/.ui/newfirewalldialog_q.cpp:518 +#: src/gui/.ui/newhostdialog_q.cpp:406 +msgid "Netmask:" +msgstr "ãƒãƒƒãƒˆãƒžã‚¹ã‚¯:" + +#: src/gui/.ui/discoverydruid_q.cpp:965 src/gui/.ui/ipv4dialog_q.cpp:174 +#: src/gui/.ui/networkdialog_q.cpp:169 src/gui/.ui/newfirewalldialog_q.cpp:517 +#: src/gui/.ui/newhostdialog_q.cpp:394 +msgid "Address:" +msgstr "アドレス:" + +#: src/gui/.ui/discoverydruid_q.cpp:967 +#, fuzzy +msgid "Network discovery using SNMP" +msgstr "SNMP を用ã„ã¦ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ãƒ¼ã‚¹ã‚’発見ã™ã‚‹" + +#: src/gui/.ui/discoverydruid_q.cpp:968 +msgid "" +"The scanner process can repeat its algorithm recursively using each new host " +"it finds as a new \"seed\". This allows it to find as many objects on your " +"network as possible. On the other hand, it takes more time and may find some " +"objects you do not really need. You can turn recursive scanning on below:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:969 +msgid "Run network scan recursively" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:970 +msgid "" +"The scanner process can find nodes beyond the boundaries of your network by " +"following point-to-point links connecting it to the Internet or other parts " +"of WAN." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:971 +msgid "Follow point-to-point links" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:972 +msgid "" +"The scanner process can distinguish virtual IP addresses created on hosts as " +"static \"published\" ARP entries or as secondary addresses on interfaces." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:973 +#, fuzzy +msgid "Include virtual addresses" +msgstr "NAT 用ãƒãƒ¼ãƒãƒ£ãƒ«ã‚¢ãƒ‰ãƒ¬ã‚¹ç¾¤ã®è¿½åŠ " + +#: src/gui/.ui/discoverydruid_q.cpp:974 +msgid "" +"Analysis of ARP table yields IP addresses for hosts on your network. In " +"order to determine their names, scanner can run reverse name lookup queries " +"using your name servers (DNS):" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:975 +msgid "Run reverse name lookup DNS queries to determine host names" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:976 +#, fuzzy +msgid "Network scan options" +msgstr "ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã‚¾ãƒ¼ãƒ³:" + +#: src/gui/.ui/discoverydruid_q.cpp:977 +msgid "" +"Enter parameters for SNMP and DNS reverse lookup queries below. (If unsure, " +"just leave default values):" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:978 +#, fuzzy +msgid "SNMP query parameters:" +msgstr "フラグメント" + +#: src/gui/.ui/discoverydruid_q.cpp:979 +#: src/gui/.ui/newfirewalldialog_q.cpp:497 src/gui/.ui/newhostdialog_q.cpp:386 +msgid "SNMP 'read' community string:" +msgstr "SNMP 'read' コミュニティ文字列" + +#: src/gui/.ui/discoverydruid_q.cpp:980 src/gui/.ui/discoverydruid_q.cpp:984 +msgid "number of retries:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:981 +#, fuzzy +msgid "timeout (sec):" +msgstr "TCP FIN タイムアウト(秒)" + +#: src/gui/.ui/discoverydruid_q.cpp:982 +msgid "public" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:983 +#, fuzzy +msgid "DNS parameters:" +msgstr "フラグメント" + +#: src/gui/.ui/discoverydruid_q.cpp:985 +#, fuzzy +msgid "timeout (sec) :" +msgstr "TCP FIN タイムアウト(秒)" + +#: src/gui/.ui/discoverydruid_q.cpp:986 +msgid "Number of threads:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:988 +msgid "SNMP and DNS reverse lookup queries parameters" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:990 +msgid "Process name" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:993 +#, fuzzy +msgid "Save scan log to file" +msgstr "ファイルã«ãƒ‡ãƒ¼ã‚¿ã‚’ä¿å­˜ã™ã‚‹..." + +#: src/gui/.ui/discoverydruid_q.cpp:994 +#, fuzzy +msgid "Process log:" +msgstr "処ç†ä¸­:" + +#: src/gui/.ui/discoverydruid_q.cpp:995 +msgid "Discovery is in progress" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:996 +msgid "" +"These are the networks found by the scanner process. Choose the ones you " +"wish to use from the list below, then click 'Next':" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:997 src/gui/.ui/discoverydruid_q.cpp:1003 +#: src/gui/.ui/discoverydruid_q.cpp:1008 src/gui/.ui/discoverydruid_q.cpp:1013 +#: src/gui/.ui/discoverydruid_q.cpp:1019 +msgid "Select All" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:998 src/gui/.ui/discoverydruid_q.cpp:1009 +#: src/gui/.ui/discoverydruid_q.cpp:1018 +#, fuzzy +msgid "Filter ..." +msgstr "複製 ..." + +#: src/gui/.ui/discoverydruid_q.cpp:999 src/gui/.ui/discoverydruid_q.cpp:1004 +#: src/gui/.ui/discoverydruid_q.cpp:1010 src/gui/.ui/discoverydruid_q.cpp:1014 +#: src/gui/.ui/discoverydruid_q.cpp:1016 +msgid "Unselect All" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1000 src/gui/.ui/discoverydruid_q.cpp:1007 +#: src/gui/.ui/discoverydruid_q.cpp:1017 +#, fuzzy +msgid "Remove Filter" +msgstr "ルール削除" + +#: src/gui/.ui/discoverydruid_q.cpp:1001 src/gui/.ui/discoverydruid_q.cpp:1011 +msgid "->" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1002 src/gui/.ui/discoverydruid_q.cpp:1012 +msgid "<-" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1005 +#, fuzzy +msgid "Networks" +msgstr "ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯" + +#: src/gui/.ui/discoverydruid_q.cpp:1006 +msgid "Choose objects you wish to use, then click 'Next':" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1020 +#, fuzzy +msgid "Change type of selected objects:" +msgstr "削除ã•ã‚ŒãŸã‚ªãƒ–ジェクトを表示" + +#: src/gui/.ui/discoverydruid_q.cpp:1027 +msgid "" +"Here you can change type of the objects to be created for each address " +"discovered by the scanner. By default, an \"Address\" object is created for " +"the host with just one interface with single IP address and \"Host\" object " +"is created for the host with multiple interfaces, however you can change " +"their types on this page." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1028 +msgid "Adjust Object types" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1029 +msgid "Select target library" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1030 +#, fuzzy +msgid "Target library" +msgstr "ライブラリ %1 ã¸" + +#: src/gui/.ui/discoverydruid_q.cpp:1031 +msgid "Adding new objects to library ..." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1032 +#, fuzzy +msgid "Creatnig objects" +msgstr "æ–°è¦ã‚ªãƒ–ジェクト作æˆ" + +#: src/gui/.ui/dnsnamedialog_q.cpp:171 src/gui/.ui/dnsnamedialog_q.cpp:172 +#, fuzzy +msgid "DNS Name" +msgstr "åå‰" + +#: src/gui/.ui/dnsnamedialog_q.cpp:179 +msgid "DNS Record:" +msgstr "" + +#: src/gui/.ui/execdialog_q.cpp:92 +msgid "Executing external command" +msgstr "外部コマンドã®å®Ÿè¡Œ" + +#: src/gui/.ui/execdialog_q.cpp:93 src/gui/.ui/instdialog_q.cpp:287 +#, fuzzy +msgid "Save log to file" +msgstr "ファイルã«ãƒ‡ãƒ¼ã‚¿ã‚’ä¿å­˜ã™ã‚‹..." + +#: src/gui/.ui/filepropdialog_q.cpp:114 +msgid "File Properties" +msgstr "ファイルプロパティ" + +#: src/gui/.ui/filepropdialog_q.cpp:115 +msgid "Location:" +msgstr "場所:" + +#: src/gui/.ui/filepropdialog_q.cpp:116 +msgid "RO" +msgstr "RO" + +#: src/gui/.ui/filepropdialog_q.cpp:117 +msgid "Revision Control:" +msgstr "リビジョン制御" + +#: src/gui/.ui/filepropdialog_q.cpp:118 +msgid "Time of last modification:" +msgstr "最終修正ã®æ™‚é–“" + +#: src/gui/.ui/filepropdialog_q.cpp:119 +msgid "Revision:" +msgstr "リビジョン" + +#: src/gui/.ui/filepropdialog_q.cpp:120 +msgid "Locked by user:" +msgstr "ユーザーãŒãƒ­ãƒƒã‚¯ä¸­:" + +#: src/gui/.ui/filepropdialog_q.cpp:121 +msgid "location" +msgstr "場所" + +#: src/gui/.ui/filepropdialog_q.cpp:122 +msgid "lastModified" +msgstr "最終更新日時" + +#: src/gui/.ui/filepropdialog_q.cpp:123 +msgid "rev" +msgstr "リビジョン" + +#: src/gui/.ui/filepropdialog_q.cpp:124 +msgid "lockedBy" +msgstr "ロック者" + +#: src/gui/.ui/filepropdialog_q.cpp:125 +msgid "Revision history:" +msgstr "リビジョン履歴:" + +#: src/gui/.ui/filepropdialog_q.cpp:127 src/gui/.ui/FWBMainWindow_q.cpp:458 +msgid "Print" +msgstr "å°åˆ·" + +#: src/gui/.ui/filterdialog_q.cpp:89 src/gui/.ui/filterdialog_q.cpp:163 +msgid "Target" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:93 src/gui/.ui/filterdialog_q.cpp:165 +#, fuzzy +msgid "Pattern" +msgstr "貼り付ã‘" + +#: src/gui/.ui/filterdialog_q.cpp:150 +#, fuzzy +msgid "Filter" +msgstr "ファイル(&F)" + +#: src/gui/.ui/filterdialog_q.cpp:151 src/gui/.ui/FWBMainWindow_q.cpp:452 +#: src/gui/.ui/FWBMainWindow_q.cpp:495 src/gui/.ui/FWBMainWindow_q.cpp:496 +msgid "Save" +msgstr "ä¿å­˜" + +#: src/gui/.ui/filterdialog_q.cpp:152 src/gui/.ui/prefsdialog_q.cpp:213 +#: src/gui/.ui/prefsdialog_q.cpp:392 +msgid "Load" +msgstr "読ã¿è¾¼ã¿" + +#: src/gui/.ui/filterdialog_q.cpp:153 src/gui/.ui/libexport_q.cpp:112 +msgid "Ok" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:155 +#, fuzzy +msgid "Match" +msgstr "パス" + +#: src/gui/.ui/filterdialog_q.cpp:157 +#, fuzzy +msgid "all" +msgstr "インストール" + +#: src/gui/.ui/filterdialog_q.cpp:158 src/gui/.ui/icmpservicedialog_q.cpp:173 +#: src/gui/.ui/icmpservicedialog_q.cpp:175 +msgid "any" +msgstr "ä»»æ„" + +#: src/gui/.ui/filterdialog_q.cpp:159 +msgid "of the following:" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:161 +msgid "+" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:162 +msgid "Add a new pattern" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:166 +msgid "Case sensitive" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:167 +#, fuzzy +msgid "-" +msgstr "--" + +#: src/gui/.ui/filterdialog_q.cpp:168 +msgid "Remove a pattern" +msgstr "" + +#: src/gui/.ui/finddialog_q.cpp:127 src/gui/.ui/FWBMainWindow_q.cpp:513 +msgid "Find Object" +msgstr "オブジェクト検索" + +#: src/gui/.ui/finddialog_q.cpp:128 +msgid "Text to be found in object names:" +msgstr "" + +#: src/gui/.ui/finddialog_q.cpp:129 +msgid "Search in policy rules" +msgstr "ãƒãƒªã‚·ãƒ¼ãƒ«ãƒ¼ãƒ«ç¾¤ã‹ã‚‰æ¤œç´¢" + +#: src/gui/.ui/finddialog_q.cpp:130 +msgid "Search in the tree" +msgstr "ツリーã‹ã‚‰æ¤œç´¢" + +#: src/gui/.ui/finddialog_q.cpp:132 +msgid "Matching attribute:" +msgstr "" + +#: src/gui/.ui/finddialog_q.cpp:135 src/gui/.ui/findobjectwidget_q.cpp:205 +msgid "TCP/UDP port" +msgstr "" + +#: src/gui/.ui/finddialog_q.cpp:136 src/gui/.ui/findobjectwidget_q.cpp:206 +#, fuzzy +msgid "Protocol number" +msgstr "プロトコル番å·:" + +#: src/gui/.ui/finddialog_q.cpp:137 src/gui/.ui/findobjectwidget_q.cpp:207 +#, fuzzy +msgid "ICMP type" +msgstr "ICMP タイプ" + +#: src/gui/.ui/finddialog_q.cpp:138 src/gui/.ui/findobjectwidget_q.cpp:208 +msgid "Search for substring using regular expressions" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:187 +#: src/gui/.ui/findwhereusedwidget_q.cpp:116 +#: src/gui/.ui/fwobjectdroparea_q.cpp:49 +#: src/gui/.ui/tagservicedialog_q.cpp:147 +msgid "Form1" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:188 +#, fuzzy +msgid " Replace object " +msgstr "ã“ã®ã‚ªãƒ–ジェクトã¨ç½®æ›" + +#: src/gui/.ui/findobjectwidget_q.cpp:189 +msgid "Replace && Find" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:192 +msgid "Replace all" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:193 +#, fuzzy +msgid "Replace" +msgstr "テンプレート" + +#: src/gui/.ui/findobjectwidget_q.cpp:194 +msgid "Scope for search and replace :" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:196 +#, fuzzy +msgid "Tree only" +msgstr "( 読ã¿è¾¼ã¿å°‚用 )" + +#: src/gui/.ui/findobjectwidget_q.cpp:197 +msgid "Tree and policy of all firewalls" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:198 +msgid "Policy of all firewalls" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:199 +msgid "policy of the opened firewall" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:200 +#: src/gui/.ui/findwhereusedwidget_q.cpp:122 +#: src/gui/.ui/FWBMainWindow_q.cpp:446 src/gui/.ui/FWBMainWindow_q.cpp:497 +#: src/gui/.ui/simpletextview_q.cpp:94 +msgid "Close" +msgstr "é–‰ã˜ã‚‹" + +#: src/gui/.ui/findobjectwidget_q.cpp:201 +#, fuzzy +msgid " Find object" +msgstr "オブジェクト検索" + +#: src/gui/.ui/findwhereusedwidget_q.cpp:62 +#: src/gui/.ui/findwhereusedwidget_q.cpp:119 +#, fuzzy +msgid "Parent Object" +msgstr "ç¾åœ¨ã®ã‚ªãƒ–ジェクト " + +#: src/gui/.ui/findwhereusedwidget_q.cpp:117 +#, fuzzy +msgid "Object:" +msgstr "オブジェクト" + +#: src/gui/.ui/findwhereusedwidget_q.cpp:118 +msgid "Object is found in :" +msgstr "" + +#: src/gui/.ui/firewalldialog_q.cpp:211 +msgid "Host OS Settings ..." +msgstr "ホスト OS 設定 ..." + +#: src/gui/.ui/firewalldialog_q.cpp:212 +#, fuzzy +msgid "Inactive firewall" +msgstr "æ–°è¦ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«" + +#: src/gui/.ui/firewalldialog_q.cpp:213 +msgid "Skip this firewall for batch compile and install operations" +msgstr "" + +#: src/gui/.ui/firewalldialog_q.cpp:214 +msgid "Firewall Settings ..." +msgstr "ファイアウォール設定 ..." + +#: src/gui/.ui/firewalldialog_q.cpp:219 +msgid "Version:" +msgstr "ãƒãƒ¼ã‚¸ãƒ§ãƒ³:" + +#: src/gui/.ui/firewalldialog_q.cpp:220 +msgid "Host OS:" +msgstr "ホスト OS:" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:186 +msgid "FreeBSD: advanced settings" +msgstr "FreeBSD: 高度ãªè¨­å®š" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:191 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:183 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:177 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:211 +msgid "Forward source routed packets" +msgstr "" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:192 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:169 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:197 +msgid "Generate ICMP redirects" +msgstr "ICMP リダイレクト生æˆ" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:193 +#: src/gui/.ui/linux24advanceddialog_q.cpp:406 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:170 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:187 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:202 +msgid "Packet forwarding" +msgstr "パケット転é€" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:207 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:187 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:201 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:215 +msgid "" +"Specify directory path and a file name for the following utilities on the OS " +"your firewall machine is running. Leave these empty if you want to use " +"default values." +msgstr "" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:208 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:214 +msgid "ipnat:" +msgstr "ipnat:" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:209 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:186 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:200 +msgid "sysctl:" +msgstr "sysctl:" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:210 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:213 +msgid "ipf:" +msgstr "ipf:" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:211 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:185 +msgid "ipfw:" +msgstr "ipfw:" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:212 +#: src/gui/.ui/linksysadvanceddialog_q.cpp:206 +#: src/gui/.ui/linux24advanceddialog_q.cpp:457 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:188 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:202 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:216 +msgid "Path" +msgstr "パス" + +#: src/gui/.ui/FWBMainWindow_q.cpp:441 +msgid "" +"Click here to change amount of information shown about object selected in " +"the tree" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:442 +msgid "Firewall Name" +msgstr "ファイアウォールå" + +#: src/gui/.ui/FWBMainWindow_q.cpp:443 src/gui/.ui/instdialog_q.cpp:281 +msgid "Firewalls:" +msgstr "ファイアウォール:" + +#: src/gui/.ui/FWBMainWindow_q.cpp:444 +msgid "Tab 1" +msgstr "タブ 1" + +#: src/gui/.ui/FWBMainWindow_q.cpp:445 +msgid "Apply" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:447 +msgid "New Object File" +msgstr "æ–°è¦ã‚ªãƒ–ジェクトファイル" + +#: src/gui/.ui/FWBMainWindow_q.cpp:448 +msgid "&New Object File" +msgstr "æ–°è¦ã‚ªãƒ–ジェクトファイル(&N)" + +#: src/gui/.ui/FWBMainWindow_q.cpp:450 +msgid "&Open..." +msgstr "é–‹ã(&O)..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:451 +msgid "Ctrl+O" +msgstr "Ctrl+O" + +#: src/gui/.ui/FWBMainWindow_q.cpp:454 +msgid "Ctrl+S" +msgstr "Ctrl+S" + +#: src/gui/.ui/FWBMainWindow_q.cpp:455 +msgid "Save As" +msgstr "åå‰ã‚’付ã‘ã¦ä¿å­˜" + +#: src/gui/.ui/FWBMainWindow_q.cpp:456 +msgid "Save &As..." +msgstr "åå‰ã‚’付ã‘ã¦ä¿å­˜(&A)..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:459 +msgid "&Print..." +msgstr "å°åˆ·(&P)" + +#: src/gui/.ui/FWBMainWindow_q.cpp:460 +msgid "Ctrl+P" +msgstr "Ctrl+P" + +#: src/gui/.ui/FWBMainWindow_q.cpp:461 +msgid "Exit" +msgstr "終了" + +#: src/gui/.ui/FWBMainWindow_q.cpp:462 +msgid "E&xit" +msgstr "終了(&X)" + +#: src/gui/.ui/FWBMainWindow_q.cpp:464 +msgid "Undo" +msgstr "å–り消ã—" + +#: src/gui/.ui/FWBMainWindow_q.cpp:465 +msgid "&Undo" +msgstr "å–り消ã—(&U)" + +#: src/gui/.ui/FWBMainWindow_q.cpp:466 +msgid "Ctrl+Z" +msgstr "Ctrl+Z" + +#: src/gui/.ui/FWBMainWindow_q.cpp:467 +msgid "Redo" +msgstr "ã‚„ã‚Šç›´ã—" + +#: src/gui/.ui/FWBMainWindow_q.cpp:468 +msgid "&Redo" +msgstr "ã‚„ã‚Šç›´ã—(&R)" + +#: src/gui/.ui/FWBMainWindow_q.cpp:469 +msgid "Ctrl+Y" +msgstr "Ctrl+Y" + +#: src/gui/.ui/FWBMainWindow_q.cpp:471 +msgid "&Cut" +msgstr "切りå–ã‚Š(&C)" + +#: src/gui/.ui/FWBMainWindow_q.cpp:472 +msgid "Ctrl+X" +msgstr "Ctrl+X" + +#: src/gui/.ui/FWBMainWindow_q.cpp:474 +msgid "C&opy" +msgstr "コピー(&O)" + +#: src/gui/.ui/FWBMainWindow_q.cpp:475 +msgid "Ctrl+C" +msgstr "Ctrl+C" + +#: src/gui/.ui/FWBMainWindow_q.cpp:477 +msgid "&Paste" +msgstr "貼り付ã‘(&P)" + +#: src/gui/.ui/FWBMainWindow_q.cpp:478 +msgid "Ctrl+V" +msgstr "Ctrl+V" + +#: src/gui/.ui/FWBMainWindow_q.cpp:481 src/gui/.ui/FWBMainWindow_q.cpp:517 +msgid "Ctrl+F" +msgstr "Ctrl+F" + +#: src/gui/.ui/FWBMainWindow_q.cpp:482 +msgid "Contents" +msgstr "内容" + +#: src/gui/.ui/FWBMainWindow_q.cpp:483 +msgid "&Contents..." +msgstr "内容(&C)" + +#: src/gui/.ui/FWBMainWindow_q.cpp:485 +msgid "Index" +msgstr "インデックス" + +#: src/gui/.ui/FWBMainWindow_q.cpp:486 +msgid "&Index..." +msgstr "インデックス...(&I)" + +#: src/gui/.ui/FWBMainWindow_q.cpp:488 +msgid "About" +msgstr "ファイアウォールビルダーã«ã¤ã„ã¦" + +#: src/gui/.ui/FWBMainWindow_q.cpp:489 +msgid "&About" +msgstr "ファイアウォールビルダーã«ã¤ã„ã¦(&A)" + +#: src/gui/.ui/FWBMainWindow_q.cpp:491 src/gui/.ui/FWBMainWindow_q.cpp:492 +msgid "New" +msgstr "æ–°è¦" + +#: src/gui/.ui/FWBMainWindow_q.cpp:501 +msgid "Compile rules" +msgstr "コンパイルルール" + +#: src/gui/.ui/FWBMainWindow_q.cpp:504 +msgid "Install firewall policy" +msgstr "ファイアウォールãƒãƒªã‚·ãƒ¼ã®ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«" + +#: src/gui/.ui/FWBMainWindow_q.cpp:505 src/gui/.ui/FWBMainWindow_q.cpp:506 +#: src/gui/.ui/objectmanipulator_q.cpp:111 +msgid "Back" +msgstr "戻る" + +#: src/gui/.ui/FWBMainWindow_q.cpp:507 src/gui/.ui/FWBMainWindow_q.cpp:508 +msgid "Move back to the previous object" +msgstr "å‰ã®ã‚ªãƒ–ジェクトã«æˆ»ã‚‹" + +#: src/gui/.ui/FWBMainWindow_q.cpp:509 +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:155 +#: src/gui/.ui/objectmanipulator_q.cpp:114 +msgid "New Object" +msgstr "æ–°è¦ã‚ªãƒ–ジェクト" + +#: src/gui/.ui/FWBMainWindow_q.cpp:510 +msgid "&New Object" +msgstr "æ–°è¦ã‚ªãƒ–ジェクト(&N)" + +#: src/gui/.ui/FWBMainWindow_q.cpp:511 src/gui/.ui/objectmanipulator_q.cpp:115 +msgid "Create New Object" +msgstr "æ–°è¦ã‚ªãƒ–ジェクト作æˆ" + +#: src/gui/.ui/FWBMainWindow_q.cpp:512 +msgid "Ctrl+N" +msgstr "Ctrl+N" + +#: src/gui/.ui/FWBMainWindow_q.cpp:514 +msgid "&Find Object" +msgstr "オブジェクト検索(&F)" + +#: src/gui/.ui/FWBMainWindow_q.cpp:515 src/gui/.ui/FWBMainWindow_q.cpp:516 +msgid "Find object in the tree" +msgstr "ツリー中ã®ã‚ªãƒ–ジェクトを検索" + +#: src/gui/.ui/FWBMainWindow_q.cpp:518 +msgid "Preferences..." +msgstr "設定..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:519 +msgid "P&references..." +msgstr "設定(&E)..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:520 +msgid "Edit Preferences" +msgstr "設定ã®ç·¨é›†" + +#: src/gui/.ui/FWBMainWindow_q.cpp:523 src/gui/.ui/FWBMainWindow_q.cpp:524 +msgid "Move Rule Up" +msgstr "ルールを上ã«ç§»å‹•" + +#: src/gui/.ui/FWBMainWindow_q.cpp:525 src/gui/.ui/FWBMainWindow_q.cpp:526 +msgid "Move Rule Down" +msgstr "ルールを下ã«ç§»å‹•" + +#: src/gui/.ui/FWBMainWindow_q.cpp:531 +msgid "Ctrl+Del" +msgstr "Ctrl+Del" + +#: src/gui/.ui/FWBMainWindow_q.cpp:540 +msgid "Add File to RCS" +msgstr "RCS ã«ãƒ•ã‚¡ã‚¤ãƒ«ã‚’追加" + +#: src/gui/.ui/FWBMainWindow_q.cpp:541 +msgid "Add File to &RCS" +msgstr "RCS ã«ãƒ•ã‚¡ã‚¤ãƒ«ã‚’追加(&R)" + +#: src/gui/.ui/FWBMainWindow_q.cpp:544 +msgid "Export Library To a File" +msgstr "ファイルã¸ãƒ©ã‚¤ãƒ–ラリをエクスãƒãƒ¼ãƒˆ" + +#: src/gui/.ui/FWBMainWindow_q.cpp:545 +msgid "&Export Library" +msgstr "ライブラリエクスãƒãƒ¼ãƒˆ(&E)" + +#: src/gui/.ui/FWBMainWindow_q.cpp:546 +msgid "Import Library From a File" +msgstr "ファイルã‹ã‚‰ãƒ©ã‚¤ãƒ–ラリをインãƒãƒ¼ãƒˆ" + +#: src/gui/.ui/FWBMainWindow_q.cpp:547 +msgid "&Import Library" +msgstr "ライブラリインãƒãƒ¼ãƒˆ(&I)" + +#: src/gui/.ui/FWBMainWindow_q.cpp:548 +msgid "Debug" +msgstr "デãƒã‚°" + +#: src/gui/.ui/FWBMainWindow_q.cpp:549 +msgid "&Debug" +msgstr "デãƒã‚°(&D)" + +#: src/gui/.ui/FWBMainWindow_q.cpp:550 src/gui/.ui/FWBMainWindow_q.cpp:551 +msgid "&Properties" +msgstr "プロパティ(&P)" + +#: src/gui/.ui/FWBMainWindow_q.cpp:552 +#, fuzzy +msgid "Show File Properties" +msgstr "ファイルプロパティ" + +#: src/gui/.ui/FWBMainWindow_q.cpp:553 src/gui/.ui/FWBMainWindow_q.cpp:554 +msgid "Move Selected Rules" +msgstr "é¸æŠžã•ã‚ŒãŸãƒ«ãƒ¼ãƒ«ã‚’移動" + +#: src/gui/.ui/FWBMainWindow_q.cpp:555 +msgid "Discard" +msgstr "ã‚„ã‚Šç›´ã—" + +#: src/gui/.ui/FWBMainWindow_q.cpp:557 +msgid "" +"Discard Changes and Overwrite With Clean Copy Of The Head Revision From RCS" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:558 +#, fuzzy +msgid "Commit" +msgstr "コメント" + +#: src/gui/.ui/FWBMainWindow_q.cpp:559 +#, fuzzy +msgid "Co&mmit" +msgstr "コメント" + +#: src/gui/.ui/FWBMainWindow_q.cpp:560 +#, fuzzy +msgid "Commit Opened File to RCS and Continue Editing" +msgstr "読ã¿è¾¼ã‚“ã§ç·¨é›†ã‚’続ã‘ã‚‹(&O)" + +#: src/gui/.ui/FWBMainWindow_q.cpp:567 src/gui/.ui/FWBMainWindow_q.cpp:568 +#, fuzzy +msgid "new item" +msgstr "æ–°è¦é …ç›®" + +#: src/gui/.ui/FWBMainWindow_q.cpp:569 src/gui/.ui/FWBMainWindow_q.cpp:570 +msgid "Find Conflicting Objects in Two Files" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:571 +#, fuzzy +msgid "Import Po&licy" +msgstr "ライブラリインãƒãƒ¼ãƒˆ(&I)" + +#: src/gui/.ui/FWBMainWindow_q.cpp:572 +msgid "Toolbar" +msgstr "ツールãƒãƒ¼" + +#: src/gui/.ui/FWBMainWindow_q.cpp:573 +msgid "&File" +msgstr "ファイル(&F)" + +#: src/gui/.ui/FWBMainWindow_q.cpp:574 +msgid "&Edit" +msgstr "編集(&E)" + +#: src/gui/.ui/FWBMainWindow_q.cpp:576 +msgid "Rules" +msgstr "ルール" + +#: src/gui/.ui/FWBMainWindow_q.cpp:577 +#, fuzzy +msgid "Tools" +msgstr "ツールãƒãƒ¼" + +#: src/gui/.ui/FWBMainWindow_q.cpp:578 +msgid "&Help" +msgstr "ヘルプ(&H)" + +#: src/gui/.ui/groupobjectdialog_q.cpp:190 +msgid "I" +msgstr "I" + +#: src/gui/.ui/groupobjectdialog_q.cpp:191 +msgid "L" +msgstr "L" + +#: src/gui/.ui/hostdialog_q.cpp:146 +msgid "MAC matching" +msgstr "MAC 一致" + +#: src/gui/.ui/icmpservicedialog_q.cpp:167 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1071 +msgid "ICMP" +msgstr "ICMP" + +#: src/gui/.ui/icmpservicedialog_q.cpp:172 +msgid "ICMP Type:" +msgstr "ICMP タイプ" + +#: src/gui/.ui/icmpservicedialog_q.cpp:174 +msgid "ICMP Code:" +msgstr "ICMP コード:" + +#: src/gui/.ui/instdialog_q.cpp:85 src/gui/.ui/instdialog_q.cpp:270 +#: src/gui/.ui/librarydialog_q.cpp:136 src/gui/.ui/librarydialog_q.cpp:137 +msgid "Library" +msgstr "ライブラリ" + +#: src/gui/.ui/instdialog_q.cpp:87 src/gui/.ui/instdialog_q.cpp:271 +#, fuzzy +msgid "Last Modified" +msgstr "最終更新日時" + +#: src/gui/.ui/instdialog_q.cpp:89 src/gui/.ui/instdialog_q.cpp:272 +#, fuzzy +msgid "Last Compiled" +msgstr "コンパイル" + +#: src/gui/.ui/instdialog_q.cpp:91 src/gui/.ui/instdialog_q.cpp:273 +#, fuzzy +msgid "Last Installed" +msgstr "インストーラー" + +#: src/gui/.ui/instdialog_q.cpp:136 src/gui/.ui/instdialog_q.cpp:280 +#, fuzzy +msgid "Progress" +msgstr "処ç†ä¸­:" + +#: src/gui/.ui/instdialog_q.cpp:225 src/gui/.ui/instdialog_q.cpp:290 +#, fuzzy +msgid "Compile status" +msgstr "コンパイルルール" + +#: src/gui/.ui/instdialog_q.cpp:226 src/gui/.ui/instdialog_q.cpp:291 +#, fuzzy +msgid "Install status" +msgstr "インストール" + +#: src/gui/.ui/instdialog_q.cpp:263 +msgid "Firewall Builder: Policy Installer" +msgstr "ファイアウォールビルダー: ãƒãƒªã‚·ãƒ¼ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ©ãƒ¼" + +#: src/gui/.ui/instdialog_q.cpp:264 +msgid "" +"

    Select firewalls to compile and " +"install.

    " +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:265 +msgid "Perform batch install" +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:266 +msgid "" +"Check this option if you want to install all selected firewalls " +"automatically. This only works if you use the same user name and password to " +"authenticate to all these firewalls. " +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:275 +#, fuzzy +msgid "None" +msgstr "終了ã—ã¾ã—ãŸ" + +#: src/gui/.ui/instdialog_q.cpp:282 +#, fuzzy +msgid "firewall" +msgstr "ファイアウォール" + +#: src/gui/.ui/instdialog_q.cpp:283 +msgid "Progress:" +msgstr "処ç†ä¸­:" + +#: src/gui/.ui/instdialog_q.cpp:285 +msgid "Show Details" +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:286 +#, fuzzy +msgid "Process log" +msgstr "処ç†ä¸­:" + +#: src/gui/.ui/instoptionsdialog_q.cpp:283 +#, fuzzy +msgid "Install options" +msgstr "全ピングã®ç„¡è¦–" + +#: src/gui/.ui/instoptionsdialog_q.cpp:284 +#, qt-format +msgid "" +"

    Install options for firewall '%1'

    " +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:287 +msgid "min" +msgstr "最å°" + +#: src/gui/.ui/instoptionsdialog_q.cpp:288 +msgid "" +"Test run: run the script on the firewall but do not store it permanently." +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:289 +msgid "Schedule reboot in " +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:290 +msgid "" +"Rebooting the firewall will restore its original policy. To cancel reboot, " +"install the policy with \"test run\" option turned off" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:291 +msgid "" +"If you install the policy in test mode, it will not be saved permanently, so " +"you can revert to the last working configuration by rebooting the firewall" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:292 +msgid "Cancel reboot if policy activation was successfull" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:293 +msgid "" +"Quiet install: do not print anything as commands are executed on the firewall" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:294 +msgid "Verbose: print all commands as they are executed on the firewall" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:295 +msgid "Remove comments from configuration" +msgstr "設定ã‹ã‚‰ã‚³ãƒ¡ãƒ³ãƒˆã‚’削除" + +#: src/gui/.ui/instoptionsdialog_q.cpp:296 +msgid "Compress script" +msgstr "スクリプト圧縮" + +#: src/gui/.ui/instoptionsdialog_q.cpp:297 +msgid "Store a copy of fwb file on the firewall" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:298 +msgid "Alternative address to communicate with the firewall:" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:299 +msgid "Options for PIX and fwsm firewalls :" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:300 +msgid "Write configuration to standby PIX" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:301 +msgid "Dry run (commands won't be executed on the firewall)" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:302 +msgid "Store configuration diff in a file" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:303 +msgid "" +"install only ACL, 'icmp', 'telnet', 'ssh', 'nat', 'global' and 'static' " +"commands" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:304 +msgid "" +"Calculate difference between current firewall state and generated " +"configuration and install only those commands that update state of the " +"firewall" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:305 +msgid "Make a backup copy of the firewall configuration in this file:" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:306 +msgid "Password or passphrase:" +msgstr "パスワードã‹ãƒ‘スフレーズ:" + +#: src/gui/.ui/instoptionsdialog_q.cpp:307 +msgid "User name:" +msgstr "ユーザーå:" + +#: src/gui/.ui/instoptionsdialog_q.cpp:308 +msgid "Enable password:" +msgstr "有効ãªãƒ‘スワード:" + +#: src/gui/.ui/interfacedialog_q.cpp:235 +#: src/gui/.ui/newfirewalldialog_q.cpp:507 src/gui/.ui/newhostdialog_q.cpp:393 +msgid "Label:" +msgstr "ラベル:" + +#: src/gui/.ui/interfacedialog_q.cpp:237 +msgid "Security level:" +msgstr "セキュリティレベル:" + +#: src/gui/.ui/interfacedialog_q.cpp:238 +msgid "" +"

    Each interface of the firewall must have security level associated with " +"it.
    Security level can be any number between 0 and 100, 0 being least " +"secure and 100 being most secure levels. Interface with security level 0 " +"ususally serves Internet connection.

    " +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:239 +msgid "" +"

    Each interface of the firewall must have security level associated with " +"it.
    \n" +"Security level can be any number between 0 and 100, 0 being least secure and " +"100 being most secure levels. Interface with security level 0 ususally " +"serves Internet connection.

    " +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:241 src/gui/.ui/interfacedialog_q.cpp:244 +msgid "" +"

    Network zone consists of hosts and networks that can be reached through " +"this interface of the firewall. Subnet to which this interface is directly " +"attached must be part of its network zone. Other subnets reachable by means " +"of routing should alse be added to the network zone.\n" +"
    \n" +"If network zone for this interface consists of only one subnet, you can " +"simply choose that network's object in the pull-down below. If your network " +"zone should include multiple subnets, you need to create an Object Group, " +"then put all hosts and networks which are going to be part of the network " +"zone into that group and finally choose this group in the pull-down below." +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:247 +msgid "Network zone:" +msgstr "ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã‚¾ãƒ¼ãƒ³:" + +#: src/gui/.ui/interfacedialog_q.cpp:249 +#, fuzzy +msgid "This interface is external (insecure)" +msgstr "" +"ã“ã®ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ãƒ¼ã‚¹ã¯\n" +"外部ã§ã™ (セキュアã§ã¯ã‚ã‚Šã¾ã›ã‚“)" + +#: src/gui/.ui/interfacedialog_q.cpp:250 +msgid "" +"

    One interface of the firewall must be marked as 'external'. This " +"interface should be connected to the least secure network, usually the " +"Internet.

    " +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:251 +msgid "" +"One interface of the firewall must be marked as 'external'. This interface " +"should be connected to the least secure network, usually the Internet." +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:252 +msgid "Management interface" +msgstr "インターフェンス管ç†" + +#: src/gui/.ui/interfacedialog_q.cpp:253 +msgid "" +"

    Check if this interface is used for management (SNMP queries, remote " +"policy install etc.)

    " +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:255 +msgid "Address is assigned dynamically" +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:256 +#: src/gui/.ui/newfirewalldialog_q.cpp:515 +msgid "Regular interface" +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:257 +#, fuzzy +msgid "Unprotected interface" +msgstr "アンナンãƒãƒ¼ãƒ‰ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ãƒ¼ã‚¹" + +#: src/gui/.ui/interfacedialog_q.cpp:258 +msgid "Skip this interface while assigning policy rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:546 +msgid "ipf: advanced settings" +msgstr "ipf: 高度ãªè¨­å®š" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:551 +msgid "Use raudio proxy in NAT rules" +msgstr "NAT ルール中㧠paudio を使用ã™ã‚‹" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:552 +msgid "Use h323 proxy in NAT rules" +msgstr "NAT ルール中㧠h323 プロキシを使用ã™ã‚‹" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:553 +msgid "Use ipsec proxy in NAT rules" +msgstr "NAT ルール中㧠ipsec プロキシを使用ã™ã‚‹" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:554 +msgid "Use ftp proxy in NAT rules" +msgstr "NAT ルール中㧠ftp プロキシを使用ã™ã‚‹" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:555 +msgid "Use rcmd proxy in NAT rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:556 +#, fuzzy +msgid "Use Kerberos rcmd proxy in NAT rules" +msgstr "NAT ルール中㧠ipsec プロキシを使用ã™ã‚‹" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:557 +#, fuzzy +msgid "Use Kerberos ekshell proxy in NAT rules" +msgstr "NAT ルール中㧠ipsec プロキシを使用ã™ã‚‹" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:558 +msgid "" +"Some protocols involve multiple associated network connections. Firewall can " +"keep track of such connections automatically if you activate one or all of " +"the following options:" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:559 +#, fuzzy +msgid "Use PPTP proxy in NAT rules" +msgstr "NAT ルール中㧠ftp プロキシを使用ã™ã‚‹" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:560 +#, fuzzy +msgid "Use IRC proxy in NAT rules for DCC" +msgstr "NAT ルール中㧠ftp プロキシを使用ã™ã‚‹" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:561 +msgid "Protocol Helpers" +msgstr "プロトコルヘッダー" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:562 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:356 +#: src/gui/.ui/iptadvanceddialog_q.cpp:610 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1004 +msgid "Compiler:" +msgstr "コンパイラー:" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:563 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1019 +msgid "" +"There are two ways compiler can generate code for rules in the Global " +"Policy: it can either create two ipf rules to control both incoming and " +"outgoing packets for each rule, or it can create only one ipf rule for " +"incoming packets and permit all outgoing ones.You get more control over the " +"packets crossing the firewall in the first mode, but generated script is " +"going to be smaller if you choose the second." +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:564 +msgid "" +"Masquerade returned icmp as being from original\n" +"packet's destination" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:567 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1018 +msgid "Generate both 'in' and 'out' rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:568 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1017 +msgid "Pass all outgoing" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:569 +#: src/gui/.ui/iptadvanceddialog_q.cpp:608 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1009 +msgid "Accept TCP sessions opened prior to firewall restart" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:570 +msgid "Find and eliminate duplicate rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:571 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:360 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1011 +msgid "Detect rule shadowing in policy" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:572 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:361 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1012 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1846 +msgid "" +"Shadowing happens because a rule is a superset of a subsequent rule and any " +"packets potentially matched by the subsequent rule have already been matched " +"by the prior rule." +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:573 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:358 +#: src/gui/.ui/iptadvanceddialog_q.cpp:616 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1013 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1841 +msgid "Ignore empty groups in rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:574 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:359 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1014 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1842 +msgid "" +"If the option is deactivated, compiler treats empty groups as an error and " +"aborts processing the policy. If this option is activated, compiler removes " +"all empty groups from all rule elements. If rule element becomes 'any' after " +"the last empty group has been removed, the whole rule will be ignored. Use " +"this option only if you fully understand how it works!" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:575 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:364 +#: src/gui/.ui/iptadvanceddialog_q.cpp:617 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1006 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1828 +msgid "" +"Always permit ssh access from\n" +"the management workstation\n" +"with this address:" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:578 +#: src/gui/.ui/iptadvanceddialog_q.cpp:620 +msgid "Default action on 'Reject':" +msgstr "'Reject(æ‹’å¦)'ã®ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã‚¢ã‚¯ã‚·ãƒ§ãƒ³:" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:579 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:355 +#: src/gui/.ui/iptadvanceddialog_q.cpp:603 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1005 +msgid "Command line options for the compiler:" +msgstr "コンパイラーã®ã‚³ãƒžãƒ³ãƒ‰ãƒ©ã‚¤ãƒ³ã‚ªãƒ—ション:" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:580 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:357 +#: src/gui/.ui/iptadvanceddialog_q.cpp:611 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1015 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1827 +msgid "" +"Output file name (if left blank, the file name is constructed of the " +"firewall object name and extension \".fw\")" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:581 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:367 +#: src/gui/.ui/iptadvanceddialog_q.cpp:623 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1021 +msgid "Compiler" +msgstr "コンパイラー" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:582 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:368 +#: src/gui/.ui/iptadvanceddialog_q.cpp:624 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1096 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1873 +msgid "External install script" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:583 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:369 +#: src/gui/.ui/iptadvanceddialog_q.cpp:625 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1097 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1874 +msgid "" +"Policy install script (using built-in installer if this field is blank):" +msgstr "" +"ãƒãƒªã‚·ãƒ¼ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã‚¹ã‚¯ãƒªãƒ—ト (ã‚‚ã—ã“ã®ãƒ•ã‚£ãƒ¼ãƒ«ãƒ‰ãŒãƒ–ランクã®æ™‚ã«ä½¿ç”¨ã™ã‚‹çµ„" +"ã¿è¾¼ã¿ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ©ãƒ¼)" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:584 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:370 +#: src/gui/.ui/iptadvanceddialog_q.cpp:626 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1098 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1875 +msgid "Command line options for the script:" +msgstr "スクリプトã®ã‚³ãƒžãƒ³ãƒ‰ãƒ©ã‚¤ãƒ³ã‚ªãƒ—ション" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:585 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:371 +#: src/gui/.ui/iptadvanceddialog_q.cpp:627 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1099 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1876 +msgid "Built-in installer" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:586 +msgid "Directory on the firewall where configuration files should be installed" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:587 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:376 +#: src/gui/.ui/iptadvanceddialog_q.cpp:632 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1104 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1879 +msgid "Additional command line parameters for ssh" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:588 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:375 +#: src/gui/.ui/iptadvanceddialog_q.cpp:631 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1103 +msgid "" +"A command that installer should execute on the firewall in order to activate " +"the policy (if this field is blank, installer runs firewall script in the " +"directory specified above; it uses sudo if user name is not 'root')" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:589 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:372 +#: src/gui/.ui/iptadvanceddialog_q.cpp:628 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1100 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1877 +msgid "" +"Alternative name or address used to communicate with the firewall (also " +"putty session name on Windows)" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:590 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:373 +#: src/gui/.ui/iptadvanceddialog_q.cpp:629 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1101 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1878 +msgid "" +"User name used to authenticate to the firewall (leave this empty if you use " +"putty session):" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:591 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:377 +#: src/gui/.ui/iptadvanceddialog_q.cpp:633 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1105 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1880 +msgid "Installer" +msgstr "インストーラー" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:594 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:384 +#: src/gui/.ui/iptadvanceddialog_q.cpp:640 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1113 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1883 +msgid "" +"The following commands will be added verbatim on top of generated " +"configuration" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:599 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:381 +#: src/gui/.ui/iptadvanceddialog_q.cpp:637 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1109 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1888 +msgid "" +"The following commands will be added verbatim after generated configuration" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:600 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:386 +#: src/gui/.ui/iptadvanceddialog_q.cpp:647 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1118 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1889 +msgid "Prolog/Epilog" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:601 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:849 +msgid "Log facility:" +msgstr "ログファシリティ" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:602 +#: src/gui/.ui/iptadvanceddialog_q.cpp:654 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:799 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:850 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:881 +msgid "Log level:" +msgstr "ログレベル:" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:603 +msgid "Log packet body" +msgstr "ログパケット本体" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:604 +msgid "Block if can not log" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:605 +#: src/gui/.ui/iptadvanceddialog_q.cpp:663 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1121 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2076 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:801 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:851 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:858 +msgid "Logging" +msgstr "ログ記録" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:606 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:387 +#: src/gui/.ui/iptadvanceddialog_q.cpp:669 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1122 +msgid "Add virtual addresses for NAT" +msgstr "NAT 用ãƒãƒ¼ãƒãƒ£ãƒ«ã‚¢ãƒ‰ãƒ¬ã‚¹ç¾¤ã®è¿½åŠ " + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:607 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:388 +#: src/gui/.ui/iptadvanceddialog_q.cpp:665 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1123 +msgid "Configure Interfaces of the firewall machine" +msgstr "ファイアウォールマシンã®ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ãƒ¼ã‚¹æ§‹æˆ" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:608 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:389 +#: src/gui/.ui/iptadvanceddialog_q.cpp:666 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1124 +msgid "Turn debugging on in generated script" +msgstr "生æˆã‚¹ã‚¯ãƒªãƒ—トã§ãƒ‡ãƒã‚°ã‚’切り替ãˆ" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:609 +msgid "Optimization" +msgstr "最é©åŒ–" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:610 +msgid "" +"If this option is on, policy compiler adds virtual addresses to the " +"interfaces to make the firewall answer to ARP queries for addresses used in " +"NAT rules." +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:611 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:390 +#: src/gui/.ui/iptadvanceddialog_q.cpp:664 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1125 +msgid "These options enable auxiliary sections in the generated shell script." +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:612 +msgid "Determine addresses of dynamic interfaces at run time" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:613 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:391 +#: src/gui/.ui/iptadvanceddialog_q.cpp:672 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1126 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1872 +msgid "Script Options" +msgstr "スクリプトオプション" + +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:350 +msgid "ipfw: advanced settings" +msgstr "ipfw: 高度ãªè¨­å®š" + +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:362 +msgid "" +"Add rule to accept packets matching dynamic rules created for\n" +"known sessions on top of the policy (action 'check-state')" +msgstr "" + +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:374 +#: src/gui/.ui/iptadvanceddialog_q.cpp:630 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1102 +msgid "Directory on the firewall where script should be installed" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:208 +msgid "IP" +msgstr "IP" + +#: src/gui/.ui/ipservicedialog_q.cpp:212 +msgid "all fragments" +msgstr "全フラグメント" + +#: src/gui/.ui/ipservicedialog_q.cpp:213 +msgid "rr (record route)" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:214 +msgid "timestamp" +msgstr "タイムスタンプ" + +#: src/gui/.ui/ipservicedialog_q.cpp:215 +msgid "ssrr (strict source route)" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:216 +msgid "'short' fragments" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:217 +msgid "lsrr (loose source route)" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:220 +msgid "Protocol number:" +msgstr "プロトコル番å·:" + +#: src/gui/.ui/ipservicedialog_q.cpp:221 +msgid "( 0 - any protocol )" +msgstr "( 0 - ä»»æ„ã®ãƒ—ロトコル )" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:598 +msgid "iptables: advanced settings" +msgstr "iptables: 高度ãªè¨­å®š" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:604 +msgid "Accept ESTABLISHED and RELATED packets before the first rule" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:605 +msgid "Bridging firewall" +msgstr "ブリッジ中ã®ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:606 +msgid "Detect shadowing in policy rules" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:607 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1832 +msgid "Assume firewall is part of 'any'" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:609 +msgid "Enable support for NAT of locally originated connections" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:612 +msgid "" +"Drop packets that are associated with\n" +"no known connection" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:614 +msgid "and log them" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:615 +msgid "Clamp MSS to MTU" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:621 +msgid "Make Tag and Classify actions terminating" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:622 +msgid "Do not set default policy for ipv6" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:642 +msgid "Insert prolog script " +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:649 +msgid "use ULOG" +msgstr "ULOG を使用ã™ã‚‹" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:650 +msgid "use LOG" +msgstr "LOG を使用ã™ã‚‹" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:651 +msgid "log TCP seq. numbers" +msgstr "TCP シーケンス番å·ã‚’ログ記録ã™ã‚‹" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:652 +msgid "log IP options" +msgstr "IP オプションをログ記録ã™ã‚‹" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:653 +msgid "use numeric syslog levels" +msgstr "使用ã™ã‚‹ syslog レベルã®æ•°å€¤" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:655 +msgid "log TCP options" +msgstr "ログ TCP オプション" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:656 +msgid "cprange" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:657 +msgid "queue threshold:" +msgstr "キュー閾値:" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:658 +msgid "netlink group:" +msgstr "ãƒãƒƒãƒˆãƒªãƒ³ã‚¯ã‚°ãƒ«ãƒ¼ãƒ—:" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:659 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:798 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:857 +msgid "Log prefix:" +msgstr "ログ接頭語:" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:660 +msgid "Logging limit:" +msgstr "ログ記録制é™:" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:661 +msgid "" +"Activate logging in all rules\n" +"(overrides rule options, use for debugging)" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:667 +msgid "Verify interfaces before loading firewall policy" +msgstr "ファイアウォールãƒãƒªã‚·ãƒ¼ã‚’ロードã™ã‚‹å‰ã«ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ãƒ¼ã‚¹ã‚’確èª" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:668 +msgid "Load modules" +msgstr "ロードモジュール" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:670 +msgid "Use iptables-restore to activate policy" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:671 +msgid "iptables-restore replaces firewall policy in one atomic transaction" +msgstr "" + +#: src/gui/.ui/ipv4dialog_q.cpp:169 +msgid "IPv4" +msgstr "IPv4" + +#: src/gui/.ui/ipv4dialog_q.cpp:176 +msgid "DNS Lookup..." +msgstr "DNS ç…§åˆ..." + +#: src/gui/.ui/libexport_q.cpp:106 +msgid "Export" +msgstr "エクスãƒãƒ¼ãƒˆ" + +#: src/gui/.ui/libexport_q.cpp:107 +msgid "" +"This will export a library to a file which can later be imported back into " +"Firewall Builder" +msgstr "" + +#: src/gui/.ui/libexport_q.cpp:109 +msgid "New Item" +msgstr "æ–°è¦é …ç›®" + +#: src/gui/.ui/libexport_q.cpp:110 +msgid "Make exported libraries read-only" +msgstr "" + +#: src/gui/.ui/libexport_q.cpp:111 +msgid "Choose libraries to be exported:" +msgstr "エクスãƒãƒ¼ãƒˆã™ã‚‹ãƒ©ã‚¤ãƒ–ラリをé¸æŠž:" + +#: src/gui/.ui/librarydialog_q.cpp:138 +msgid "Color:" +msgstr "色:" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:195 +msgid "Linksys/Sveasoft: advanced settings" +msgstr "Linksys/Sveasoft: 高度ãªè¨­å®š" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:200 +#: src/gui/.ui/linux24advanceddialog_q.cpp:450 +msgid "modprobe:" +msgstr "modprobe:" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:201 +#: src/gui/.ui/linux24advanceddialog_q.cpp:451 +msgid "logger:" +msgstr "logger:" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:202 +#: src/gui/.ui/linux24advanceddialog_q.cpp:452 +msgid "ip:" +msgstr "ip:" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:203 +#: src/gui/.ui/linux24advanceddialog_q.cpp:453 +msgid "lsmod" +msgstr "lsmod" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:204 +#: src/gui/.ui/linux24advanceddialog_q.cpp:455 +msgid "iptables:" +msgstr "iptables:" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:205 +#: src/gui/.ui/linux24advanceddialog_q.cpp:454 +msgid "" +"Specify directory path and a file name for each utility on your firewall " +"machine. Leave these empty if you want to use default values." +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:207 +msgid "" +"Policy installer relies on the shell prompt on the firewall to execute " +"commands. Installer tries both prompt string patterns configured here; it " +"assumes that the firewall is ready to accept a command if either prompt " +"matches. You should only need to change these string patterns if Sveasoft " +"changes the shell prompt in the future releases of the software.\n" +"
    \n" +"
    \n" +"The default strings work for Sveasoft Alchemy pre-5.1 and pre-5.2" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:211 +msgid "Use default prompts" +msgstr "デフォルトプロンプトを使ã†" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:212 +msgid "prompt 2" +msgstr "プロンプト2" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:213 +msgid "prompt 1" +msgstr "プロンプト1" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:214 +msgid "Prompts" +msgstr "プロンプト" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:365 +msgid "Linux 2.4: advanced settings" +msgstr "Linux 2.4: 高度ãªè¨­å®š" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:407 +msgid "Kernel anti-spoofing protection" +msgstr "カーãƒãƒ«ã® spoofing 対策ä¿è­·" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:408 +msgid "Ignore broadcast pings" +msgstr "ブロードキャストピングã®ç„¡è¦–" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:409 +msgid "Ignore all pings" +msgstr "全ピングã®ç„¡è¦–" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:410 +msgid "Accept source route" +msgstr "ソースルートã®è¨±å¯" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:411 +msgid "Accept ICMP redirects" +msgstr "ICMP リダイレクトã®å—ç†" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:412 +msgid "Ignore bogus ICMP errors" +msgstr "bogus ICMP エラーを無視" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:413 +msgid "Allow dynamic addresses" +msgstr "ダイナミックアドレス群ã®è¨±å¯" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:414 +msgid "Log martians" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:416 +msgid "" +"These parameters make sense for connections to or from the firewall host" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:441 +msgid "TCP sack" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:442 +msgid "TCP window scaling" +msgstr "TCP ウィンドウスケーリング" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:443 +msgid "TCP ECN" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:444 +msgid "TCP SYN cookies" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:445 +msgid "TCP keepalive time (sec)" +msgstr "TCP 生存時間 (秒)" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:446 +msgid "TCP fack" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:447 +msgid "TCP timestamps" +msgstr "TCP タイムスタンプ" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:448 +msgid "TCP FIN timeout (sec)" +msgstr "TCP FIN タイムアウト(秒)" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:449 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1051 +#: src/gui/.ui/tcpservicedialog_q.cpp:370 +msgid "TCP" +msgstr "TCP" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:456 +msgid "iptables-restore:" +msgstr "iptables-restore:" + +#: src/gui/.ui/longtextdialog_q.cpp:95 +msgid "longTextDialog_q" +msgstr "" + +#: src/gui/.ui/longtextdialog_q.cpp:97 +msgid "this is the error text" +msgstr "ã“ã‚Œã¯ã‚¨ãƒ©ãƒ¼ãƒ†ã‚­ã‚¹ãƒˆã§ã™" + +#: src/gui/.ui/macosxadvanceddialog_q.cpp:164 +msgid "MacOS X: advanced settings" +msgstr "Mac OS X: 高度ãªè¨­å®š" + +#: src/gui/.ui/metriceditorpanel_q.cpp:78 +#, fuzzy +msgid "textLabel2" +msgstr "ラベル" + +#: src/gui/.ui/natruleoptionsdialog_q.cpp:154 +#, fuzzy +msgid "NAT Rule Options" +msgstr "ルールオプション" + +#: src/gui/.ui/natruleoptionsdialog_q.cpp:156 +msgid "No options are available for this firewall platform" +msgstr "" + +#: src/gui/.ui/natruleoptionsdialog_q.cpp:157 +#, fuzzy +msgid "Pool type" +msgstr "ICMP タイプ" + +#: src/gui/.ui/natruleoptionsdialog_q.cpp:158 +#, fuzzy +msgid "default" +msgstr "削除" + +#: src/gui/.ui/newfirewalldialog_q.cpp:172 +#: src/gui/.ui/newfirewalldialog_q.cpp:323 +#: src/gui/.ui/newfirewalldialog_q.cpp:502 +#: src/gui/.ui/newfirewalldialog_q.cpp:524 src/gui/.ui/newhostdialog_q.cpp:188 +#: src/gui/.ui/newhostdialog_q.cpp:398 +msgid "Label" +msgstr "ラベル" + +#: src/gui/.ui/newfirewalldialog_q.cpp:174 +#: src/gui/.ui/newfirewalldialog_q.cpp:504 src/gui/.ui/newhostdialog_q.cpp:190 +#: src/gui/.ui/newhostdialog_q.cpp:400 +msgid "Netmask" +msgstr "ãƒãƒƒãƒˆãƒžã‚¹ã‚¯" + +#: src/gui/.ui/newfirewalldialog_q.cpp:175 +#: src/gui/.ui/newfirewalldialog_q.cpp:505 src/gui/.ui/newhostdialog_q.cpp:191 +#: src/gui/.ui/newhostdialog_q.cpp:401 +msgid "Dyn" +msgstr "Dyn" + +#: src/gui/.ui/newfirewalldialog_q.cpp:176 +#: src/gui/.ui/newfirewalldialog_q.cpp:506 src/gui/.ui/newhostdialog_q.cpp:192 +#: src/gui/.ui/newhostdialog_q.cpp:402 +msgid "MAC" +msgstr "MAC" + +#: src/gui/.ui/newfirewalldialog_q.cpp:325 +#: src/gui/.ui/newfirewalldialog_q.cpp:526 +msgid "Security Level" +msgstr "セキュリティレベル" + +#: src/gui/.ui/newfirewalldialog_q.cpp:487 src/gui/.ui/newhostdialog_q.cpp:378 +msgid "Enter the name of the new object below:" +msgstr "æ–°ã—ã„オブジェクトã®åå‰ã‚’入力ã—ã¦ãã ã•ã„:" + +#: src/gui/.ui/newfirewalldialog_q.cpp:488 +msgid "Choose firewall software it is running:" +msgstr "実行中ã®ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«ã‚½ãƒ•ãƒˆã‚¦ã‚§ã‚¢ã®é¸æŠžã—ã¦ãã ã•ã„:" + +#: src/gui/.ui/newfirewalldialog_q.cpp:489 +msgid "Choose OS the new firewall runs on:" +msgstr "æ–°è¦ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«ã‚’実行ã™ã‚‹ OS ã‚’é¸æŠžã—ã¦ãã ã•ã„:" + +#: src/gui/.ui/newfirewalldialog_q.cpp:490 +msgid "Use preconfigured template firewall objects" +msgstr "ã‚らã‹ã˜ã‚設定ã•ã‚ŒãŸãƒ†ãƒ³ãƒ—レートオブジェクトを使用ã™ã‚‹" + +#: src/gui/.ui/newfirewalldialog_q.cpp:492 +msgid "" +"Next step is to add interfaces to the new firewall. There are two ways to do " +"it: using SNMP query or manually. Adding them using SNMP query is fast and " +"automatic, but is only possible if firewall runs SNMP agent and you know " +"SNMP community string 'read'." +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:494 src/gui/.ui/newhostdialog_q.cpp:383 +msgid "Configure interfaces manually" +msgstr "インターフェースを手動設定ã™ã‚‹" + +#: src/gui/.ui/newfirewalldialog_q.cpp:495 +msgid "Use SNMP to discover interfaces of the firewall" +msgstr "SNMP を使用ã—ã€ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«ã®ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ãƒ¼ã‚¹ã‚’発見ã™ã‚‹" + +#: src/gui/.ui/newfirewalldialog_q.cpp:496 src/gui/.ui/newhostdialog_q.cpp:385 +msgid "Discover Interfaces using SNMP" +msgstr "SNMP を用ã„ã¦ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ãƒ¼ã‚¹ã‚’発見ã™ã‚‹" + +#: src/gui/.ui/newfirewalldialog_q.cpp:499 +msgid "" +"Here you can add or edit interfaces manually. 'Name' corresponds to the name " +"of the physical interface, such as 'eth0', 'fxp0', 'ethernet0' etc. 'Label' " +"is used to mark interface to reflect network topology, e.g. 'outside' or " +"'inside'. Label is mandatory for PIX firewall." +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:500 src/gui/.ui/newhostdialog_q.cpp:391 +msgid "Click 'Next' when done." +msgstr "「Nextã€ã‚’クリックã™ã‚‹ã¨å‡¦ç†ã—ã¾ã™ã€‚" + +#: src/gui/.ui/newfirewalldialog_q.cpp:509 src/gui/.ui/newhostdialog_q.cpp:408 +msgid "Update" +msgstr "æ›´æ–°" + +#: src/gui/.ui/newfirewalldialog_q.cpp:510 src/gui/.ui/newhostdialog_q.cpp:407 +msgid "Add" +msgstr "追加" + +#: src/gui/.ui/newfirewalldialog_q.cpp:519 src/gui/.ui/newhostdialog_q.cpp:403 +msgid "MAC:" +msgstr "MAC:" + +#: src/gui/.ui/newfirewalldialog_q.cpp:521 +msgid "up" +msgstr "上" + +#: src/gui/.ui/newfirewalldialog_q.cpp:522 +msgid "down" +msgstr "下" + +#: src/gui/.ui/newfirewalldialog_q.cpp:527 +msgid "Click 'Finish' when done." +msgstr "「Finishã€ã‚’クリックã™ã‚‹ã¨å‡¦ç†ã—ã¾ã™ã€‚" + +#: src/gui/.ui/newfirewalldialog_q.cpp:528 +msgid "" +"In order to be able to build firewall policy properly, Firewall Builder " +"needs information about 'security level' of the firewall's interfaces. " +"Interface that connects it to the Internet is considered 'insecure' and has " +"security level '0', while interface connected to the internal network is " +"supposed to be 'secure' (security level '100'). You can arrange interfaces " +"in the order of their security level below." +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:530 src/gui/.ui/newhostdialog_q.cpp:411 +msgid "" +"Choose template object in the list and click 'Finish' when ready. Template " +"objects use generic interface names that will be iherited by the firewall " +"object you create. You may need to rename them later to reflect real names " +"of interfaces on your firewall machine." +msgstr "" + +#: src/gui/.ui/newgroupdialog_q.cpp:99 +msgid "Group Name:" +msgstr "グループå:" + +#: src/gui/.ui/newgroupdialog_q.cpp:100 +msgid "This operation will create a new group and put selected objects in it" +msgstr "" + +#: src/gui/.ui/newgroupdialog_q.cpp:101 +msgid "Create a group" +msgstr "æ–°è¦ã‚°ãƒ«ãƒ¼ãƒ—" + +#: src/gui/.ui/newhostdialog_q.cpp:379 +msgid "Use preconfigured template host objects" +msgstr "事å‰å®šç¾©ã•ã‚ŒãŸãƒ›ã‚¹ãƒˆã‚ªãƒ–ジェクトテンプレートを使ã†" + +#: src/gui/.ui/newhostdialog_q.cpp:381 +msgid "" +"Next step is to add interfaces to the new host. There are two ways to do it: " +"using SNMP query or manually. Adding them using SNMP query is fast and " +"automatic, but is only possible if the host runs SNMP agent and you know " +"SNMP community string 'read'." +msgstr "" + +#: src/gui/.ui/newhostdialog_q.cpp:384 +msgid "Use SNMP to discover interfaces of the host" +msgstr "ホストã®ã‚¤ãƒ³ã‚¿ãƒ•ã‚§ãƒ¼ã‚¹ã‚’発見ã™ã‚‹ãŸã‚ã«SNMPを使用ã™ã‚‹" + +#: src/gui/.ui/newhostdialog_q.cpp:388 +msgid "" +"Here you can add or edit interfaces manually. 'Name' corresponds to the name " +"of the physical interface, such as 'eth0', 'fxp0', 'ethernet0' etc. 'Label' " +"is used to mark interface to reflect network topology, e.g. 'outside' or " +"'inside'." +msgstr "" + +#: src/gui/.ui/newhostdialog_q.cpp:396 +msgid "" +"This is unnumbered interface, that is, it does not have an IP address. You " +"can use this for interfaces that terminate PPPoE or other VPN tunnels" +msgstr "" + +#: src/gui/.ui/newhostdialog_q.cpp:405 +msgid "" +"Address of this interface is assigned dynamically using DHCP or PPP protocol" +msgstr "" + +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:148 +msgid "Conflict Resolution" +msgstr "" + +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:149 +msgid "" +"There is a conflict between an object in your tree and object in the file " +"you are trying to open. Choose which version of this object you want to use:" +msgstr "" + +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:150 +msgid "Current Object " +msgstr "ç¾åœ¨ã®ã‚ªãƒ–ジェクト " + +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:153 +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:158 +msgid "" +"Always choose this\n" +"object if there is a conflict" +msgstr "" + +#: src/gui/.ui/objectmanipulator_q.cpp:108 +msgid "Tree of Objects" +msgstr "オブジェクトã®ãƒ„リー" + +#: src/gui/.ui/objectmanipulator_q.cpp:112 +msgid "Go back to the previous object" +msgstr "å‰ã®ã‚ªãƒ–ジェクトã«æˆ»ã‚‹" + +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:172 +msgid "OpenBSD: advanced settings" +msgstr "OpenBSD: 高度ãªè¨­å®š" + +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:178 +msgid "Enable directed broadcast" +msgstr "" + +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:199 +msgid "pfctl:" +msgstr "pfctl:" + +#: src/gui/.ui/pagesetupdialog_q.cpp:103 +msgid "Page Setup" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:104 +msgid "start each section on a new page" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:105 +msgid "print header on every page" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:106 +msgid "print legend" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:107 +#, fuzzy +msgid "print objects used in rules" +msgstr "ツリー中ã®ã‚ªãƒ–ジェクトを検索" + +#: src/gui/.ui/pagesetupdialog_q.cpp:109 +#, fuzzy +msgid "Alt+O" +msgstr "Alt+M" + +#: src/gui/.ui/pagesetupdialog_q.cpp:112 +#, fuzzy +msgid "Scale tables: " +msgstr "ステートテーブルサイズ:" + +#: src/gui/.ui/pagesetupdialog_q.cpp:114 +msgid "50%" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:115 +msgid "75%" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:116 +msgid "100%" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:117 +msgid "150%" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:118 +msgid "200%" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:999 +msgid "pf: advanced settings" +msgstr "pf: 高度ãªè¨­å®š" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1010 +msgid "Modulate state for all stateful rules (applies only to TCP services)" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1020 +msgid "Optimization:" +msgstr "最é©åŒ–:" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1022 +msgid "Enforce Minimum TTL:" +msgstr "TTL 最å°å€¤ã®å¼·åŒ–" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1023 +msgid "Enforce Maximum MSS:" +msgstr "MSS 最大値ã®å¼·åŒ–" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1024 +msgid "Enforces a maximum Maximum Segment Size (MSS) in TCP packet headers." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1025 +msgid "Enforces a minimum Time To Live (TTL) in IP packet headers." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1026 +msgid "Reassemble fragments" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1027 +msgid "Clear DF bit" +msgstr "DF ビット解除" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1028 +msgid "Clears the don't fragment bit from the IP packet header." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1029 +msgid "Use random ID" +msgstr "ランダム ID ã®ä½¿ç”¨" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1030 +msgid "" +"Replaces the IP identification field of outgoing packets with random values " +"to compensate for operating systems that use predictable values." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1032 +msgid "Buffer and reassemble fragments (default)" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1033 +msgid "" +"Buffers incoming packet fragments and reassembles them into a complete " +"packet before passing them to the filter engine." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1034 +msgid "Drop duplicate fragments, do not buffer and reassemble" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1035 +msgid "" +"Causes duplicate fragments to be dropped and any overlaps to be cropped." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1036 +msgid "Drop duplicate and subsequent fragments" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1037 +msgid "" +"Similar to 'Drop duplicate fragments' except that all duplicate or " +"overlapping fragments will be dropped as well as any further corresponding " +"fragments." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1038 +msgid "Scrub rule options" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1039 +msgid "maximum number of entries in the memory pool used for packet reassembly" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1040 +#, fuzzy +msgid "table-entries" +msgstr "iptables-restore:" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1041 +msgid "maximum number of addresses that canbe stored in tables" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1042 +msgid "" +"maximum number of entries in the memory pool used for state table entries" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1043 +#, fuzzy +msgid "state table size: " +msgstr "ステートテーブルサイズ:" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1044 +msgid "reassembly pool: " +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1045 +msgid "" +"maximum number of entries in the memory pool used for tracking source IP " +"addresses" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1046 +msgid "maximum number of tables that can exist in the memory simultaneously" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1047 +#, fuzzy +msgid "tables" +msgstr "iptables:" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1048 +msgid "src-nodes" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1049 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:876 +#, fuzzy +msgid "Limits" +msgstr "分" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1050 +msgid "" +"When a packet matches a stateful connection, the seconds to live for the " +"connection will be updated to the value which corresponds to the connection " +"state." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1052 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1065 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1074 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1077 +msgid "first" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1053 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1066 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1072 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1078 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1081 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1082 +msgid "The state after the first packet." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1054 +msgid "opening" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1055 +msgid " The state before the destination host ever sends a packet." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1056 +msgid "established" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1057 +msgid "The fully established state." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1058 +msgid "The state after the first FIN has been sent." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1059 +msgid "closing" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1060 +msgid "" +"The state after both FINs have been exchanged and the connection is closed." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1061 +msgid "finwait" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1062 +msgid "The state after one endpoint sends an RST." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1063 +msgid "closed" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1064 +#: src/gui/.ui/udpservicedialog_q.cpp:221 +msgid "UDP" +msgstr "UDP" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1067 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1079 +msgid "single" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1068 +msgid "" +"The state if the source host sends more than one packet but the destination " +"host has never sent one back." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1069 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1080 +msgid "multiple" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1070 +msgid " The state if both hosts have sent packets." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1073 +msgid "The state after an ICMP error came back in response to an ICMP packet." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1076 +msgid "Other Protocols" +msgstr "ãã®ä»–ã®ãƒ—ロトコル" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1083 +msgid "Fragments" +msgstr "フラグメント" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1084 +msgid "reassembly timeout" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1085 +msgid "state expiration timeout" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1086 +msgid "seconds between purges of expired states and packet fragments." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1087 +msgid "seconds before an unassembled fragment is expired." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1088 +msgid "Adaptive scaling" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1089 +msgid "" +"Timeout values can be reduced adaptively as the number of state table " +"entries grows (see man page pf.conf(5) for details)" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1090 +msgid "adaptive start" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1091 +msgid "" +"When the number of state entries exceeds this value, adaptive scaling begins." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1092 +msgid "adaptive end" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1093 +msgid "" +"When reaching this number of state entries, all timeout val- ues become " +"zero, effectively purging all state entries imme- diately." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1094 +msgid "Activate adaptive timeout scaling" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1095 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1910 +msgid "Timeouts" +msgstr "タイムアウト" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1114 +msgid "Insert prolog and epilog scripts" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1116 +msgid "in the activation shell script (.fw file)" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1117 +msgid "in the pf rule file (.conf file)" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1119 +msgid "Log Prefix" +msgstr "ログ接頭語" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1120 +msgid "Fallback \"deny all\" rule should log blocked packets" +msgstr "" + +#: src/gui/.ui/physaddressdialog_q.cpp:149 +msgid "physAddress" +msgstr "物ç†ã‚¢ãƒ‰ãƒ¬ã‚¹" + +#: src/gui/.ui/physaddressdialog_q.cpp:150 +#, fuzzy +msgid "MAC Address" +msgstr "æ–°è¦ MAC アドレス" + +#: src/gui/.ui/physaddressdialog_q.cpp:153 +msgid "Physical address (MAC):" +msgstr "物ç†ã‚¢ãƒ‰ãƒ¬ã‚¹ (MAC):" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1824 +msgid "PIX Firewall Settings" +msgstr "PIX ファイアウォール設定" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1831 +msgid "Policy Compiler Options" +msgstr "ãƒãƒªã‚·ãƒ¼ã‚³ãƒ³ãƒ‘イラーオプション" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1833 +msgid "" +"Generate rules assuming the firewall is part of \"Any\". This makes a " +"difference in rules that use services 'ssh' and 'telnet' since PIX uses " +"special commands to control ssh and telnet access to the firewall machine" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1834 +msgid "" +"Replace NAT'ted objects with their \n" +"translations in policy rules" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1836 +msgid "" +"PIX inspects packets with ACLs before it does NAT, while many other " +"firewalls do NAT first and then apply ACLs. Policy compiler can emulate the " +"latter behaviour if this options is turned on." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1837 +msgid "Emulate outbound ACLs" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1838 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1840 +msgid "" +"Normally PIX does not support ouotbound ACL, however policy compiler can " +"emulate them if this option is turned on" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1839 +msgid "Generate outbound ACLs" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1843 +msgid "Optimize 'default nat' rules" +msgstr "'default nat' ルールを最é©åŒ–" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1844 +msgid "" +"In nat rules where network zone object is used in OSrc, ODst and OSrv are " +"'any' and TSrc defines a global pool for the translation, replace object in " +"OSrc with 'any' to produce PIX command \"nat (interface) N 0.0.0.0 0.0.0.0\"" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1845 +msgid "Detect rule shadowing in the policy" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1847 +msgid "Verification of NAT rules" +msgstr "NAT ルールã®æ¤œè¨¼ä¸­" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1848 +msgid "Check for duplicate nat rules" +msgstr "複製 NAT ルールã®æ¤œè¨¼ä¸­" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1849 +msgid "Check for overlapping global pools" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1850 +msgid "Check for overlapping statics" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1851 +msgid "" +"Check for overlapping global\n" +"pools and statics" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1853 +msgid "Compiler Options" +msgstr "コンパイラーオプション" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1855 +msgid "Comment the code" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1856 +msgid "Insert comments into generated PIX configuration file" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1857 +msgid "Use ACL remarks" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1858 +msgid "Use ACL remarks to relate ACL commands and policy rules in the GUI" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1859 +msgid "Group similar commands together" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1860 +msgid "" +"Group PIX commands in the script so that similar commands appear next to " +"each other, just like PIX does it when you use 'show config'" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1861 +msgid "Use manual ACL commit on FWSM" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1862 +msgid "Access lists (requires Firewall Builder for PIX 1.1.6 and later)" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1863 +msgid "" +"Clear all access lists then install new ones. This method may interrupt " +"access to the firewall if you manage it remotely via IPSEC tunnel. This is " +"the way access lists were generated in older versions of Firewall Builder " +"for PIX." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1864 +msgid "" +"Do not clear access lists and object group, just generate PIX commands for " +"the new ones. Use this optin if you have your own policy installation " +"scripts." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1865 +msgid "" +"\"Safety net\" method:\n" +"\n" +"First, create temporary access list to permit connections from the " +"management subnet specified below to the firewall and assign it to outside " +"interface. This temporary ACL helps maintain session between management " +"station and the firewall while access lists are reloaded in case connection " +"comes over IPSEC tunnel. Then clear permanent lists, recreate them and " +"assign to interfaces. This method ensures that remote access to the firewall " +"is maintained without interruption at a cost of slightly larger " +"configuration." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1868 +msgid "" +"Temporary access list should permit access from this address or subnet (use " +"prefix notation to specify subnet, e.g. 192.0.2.0/24):" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1890 +msgid "Set all to defaults.." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1891 +msgid "xlate" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1892 +msgid "conn" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1893 +msgid "udp" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1894 +msgid "rpc" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1895 +msgid "h323" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1896 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2020 +msgid "sip" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1897 +msgid "sip&media" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1898 +msgid "unauth" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1899 +msgid "telnet" +msgstr "telnet" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1900 +msgid "ssh" +msgstr "ssh" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1901 +msgid "ss" +msgstr "ss" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1902 +msgid "mm" +msgstr "mm" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1903 +msgid "hh" +msgstr "hh" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1904 +msgid "half-closed" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1906 +msgid "Inactivity" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1907 +msgid "Absolute" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1911 +msgid "" +"Policy compiler generates 'fixup' commands for PIX v6.1-6.3 and FWSM v2.3. " +"For PIX 7.0 it generates 'class-map' and 'inspect' commands assigned to the " +"'policy-map' under either default or custom inspection classes." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1913 +msgid "Enable all protocols" +msgstr "全プロトコルを有効" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1914 +msgid "Disable all protocols" +msgstr "全プロトコルを無効" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1915 +msgid "Skip all protocols" +msgstr "全プロトコルをスキップ" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1916 +#, fuzzy +msgid "Display generated commands" +msgstr "'clear' コマンドを生æˆ" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1918 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1927 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1933 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1941 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1950 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1958 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1966 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1972 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1980 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1988 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1995 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2002 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2009 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2017 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2024 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2032 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2040 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2048 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2055 +msgid "skip" +msgstr "スキップ" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1919 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1928 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1934 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1942 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1951 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1959 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1967 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1973 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1981 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1989 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1996 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2003 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2010 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2018 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2025 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2033 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2041 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2049 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2056 +msgid "enable" +msgstr "有効" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1920 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1929 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1935 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1943 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1952 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1960 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1968 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1974 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1982 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1990 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1997 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2004 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2011 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2019 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2026 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2034 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2042 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2050 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2057 +msgid "disable" +msgstr "無効" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1921 +msgid "" +"Computer Telephony Interface Quick Buffer Encoding (CTIQBE) protocol " +"inspection module that supports NAT, PAT, and bi-directional NAT." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1922 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1938 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1947 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1956 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1964 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1977 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1993 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2000 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2007 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2014 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2022 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2030 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2037 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2045 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2053 +msgid "port:" +msgstr "ãƒãƒ¼ãƒˆ:" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1923 +msgid "ctiqbe" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1924 +msgid "" +"Based on this maximum-length configured by the user, the DNS fixup checks to " +"see if the DNS packet length is within this limit. Every UDP DNS packet " +"(request/response) undergoes the above check." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1925 +msgid "max length:" +msgstr "最大長:" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1930 +msgid "dns" +msgstr "dns" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1931 +msgid "Enables PAT for Encapsulating Security Payload (ESP), single tunnel." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1936 +msgid "esp ike" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1939 +msgid "strict:" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1944 +msgid "" +"Activated support for FTP protocol and allows to change the ftp control " +"connection port number." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1946 +msgid "" +"Specifies to use H.225, the ITU standard that governs H.225.0 session " +"establishment and packetization, with H.323" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1948 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1955 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1963 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1978 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2015 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2029 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2038 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2046 +msgid "--" +msgstr "--" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1953 +msgid "h323 h225" +msgstr "h323 h225" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1954 +msgid "" +"Specifies to use RAS with H.323 to enable dissimilar communication devices " +"to communicate with each other." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1961 +msgid "h323 ras" +msgstr "h323 ras" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1962 +msgid "" +"The default port for HTTP is 80. Use the port option to change the HTTP " +"port, or specify a range of HTTP ports." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1969 +msgid "http" +msgstr "http" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1970 +msgid "" +"Enables NAT of ICMP error messages. This creates translations for " +"intermediate hops based on the static or network address translation " +"configuration on the firewall." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1975 +msgid "icmp error" +msgstr "ICMP エラー" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1976 +msgid "" +"Provides NAT support for Microsoft NetMeeting, SiteServer, and Active " +"Directory products that use LightWeight Directory Access Protocol (LDAP) to " +"exchange directory information with an for Internet Locator Service (ILS) " +"server." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1983 +msgid "ils" +msgstr "ils" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1984 +msgid "Enables the Media Gateway Control Protocol (MGCP) fixup." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1985 +msgid "Gateway Port:" +msgstr "ゲートウェイãƒãƒ¼ãƒˆ" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1986 +msgid "Call Agent port:" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1991 +msgid "mgcp" +msgstr "mgcp" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1992 +msgid "" +"Enables Point-to-Point Tunneling Protocol (PPTP) application inspection." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1998 +msgid "pptp" +msgstr "pptp" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1999 +msgid "Enables inspection of RSH protocol." +msgstr "RSHプロトコルã®æ¤œæŸ»ã‚’å¯èƒ½ã«ã™ã‚‹" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2005 +msgid "rsh" +msgstr "rsh" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2006 +msgid "" +"Lets PIX Firewall pass Real Time Streaming Protocol (RTSP) packets. RTSP is " +"used by RealAudio, RealNetworks, Apple QuickTime 4, RealPlayer, and Cisco IP/" +"TV connections." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2012 +msgid "rtsp" +msgstr "rtsp" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2013 +msgid "" +"Enable or change the port assignment for the Session Initiation Protocol " +"(SIP) for Voice over IP TCP connections." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2021 +msgid "Enable SIP-over-UDP application inspection." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2027 +msgid "sip udp" +msgstr "sip udp" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2028 +msgid "" +"Enable SCCP application inspection. SCCP protocol supports IP telephony and " +"can coexist in an H.323 environment. An application layer ensures that all " +"SCCP signaling and media packets can traverse the PIX Firewall and " +"interoperate with H.323 terminals." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2035 +msgid "skinny" +msgstr "skinny" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2036 +msgid "" +"Enables the Mail Guard feature, which only lets mail servers receive the RFC " +"821, section 4.5.1, commands of HELO, MAIL, RCPT, DATA, RSET, NOOP, and " +"QUIT. All other commands are translated into X's which are rejected by the " +"internal server." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2043 +msgid "smtp" +msgstr "smtp" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2044 +msgid "Enables support for SQL*Net protocol." +msgstr "SQL*Net プロトコルã®ã‚µãƒãƒ¼ãƒˆã‚’有効" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2051 +msgid "sqlnet" +msgstr "sqlnet" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2052 +msgid "Enable TFTP application inspection." +msgstr "TFTP アプリケーション検査を有効" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2058 +msgid "tftp" +msgstr "tftp" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2059 +msgid "Inspect" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2060 +msgid "Syslog" +msgstr "Syslog" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2061 +msgid "Syslog host (name or IP address):" +msgstr "Syslog ホスト (åå‰ã‹ IP アドレス):" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2062 +msgid "syslog facility:" +msgstr "syslog ファシリティ" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2063 +msgid "syslog level ('logging trap'):" +msgstr "syslog レベル ('logging trap')" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2064 +msgid "Syslog message queue size (messages):" +msgstr "Syslog メッセージキューサイズ(メッセージ):" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2065 +msgid "Use 'EMBLEM' format for syslog messages" +msgstr "syslog ã§`æ›¸å¼ 'EMBLEM' を使用ã™ã‚‹" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2066 +msgid "" +"PIX Firewall Version 6.3 introduces support for EMBLEM format, which is " +"required when using the CiscoWorks Resource Manager Essentials (RME) syslog " +"analyzer." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2067 +msgid "Set device id for syslog messages (v6.3 and later):" +msgstr "syslog メッセージã®ãƒ‡ãƒã‚¤ã‚¹ ID 設定 (v6.3 ã‹ãれ以上)" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2068 +msgid "use address of interface" +msgstr "インターフェースã®ã‚¢ãƒ‰ãƒ¬ã‚¹ã‚’使用ã™ã‚‹" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2069 +msgid "use text string" +msgstr "テキスト文字列を使用ã™ã‚‹" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2070 +msgid "use hostname" +msgstr "ホストåを使用ã™ã‚‹" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2071 +msgid "The logging timestamp command requires that the clock command be set." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2072 +msgid "Enable logging timestamps on syslog file" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2073 +msgid "Other logging destinations and levels:" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2074 +msgid "Internal buffer" +msgstr "内部ãƒãƒƒãƒ•ã‚¡" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2075 +msgid "Console" +msgstr "コンソール" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2077 +msgid "Actively reset inbound TCP connections with RST" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2079 +msgid "Actively reset inbound TCP connections with RST on outside interface" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2081 +msgid "Force each TCP connection to linger in a shortened TIME&WAIT" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2082 +msgid "Alt+W" +msgstr "Alt+W" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2083 +msgid "Enable the IP Frag Guard feature (deprecated in v6.3 and later)." +msgstr "IP フラグガード機能有効 (deprecated in v6.3 and later)" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2084 +msgid "Enable TCP resource control for AAA Authentication Proxy" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2085 +msgid "" +"Specify that when an incoming packet does a route lookup,\n" +"the incoming interface is used to determine which interface\n" +"the packet should go to, and which is the next hop\n" +"(deprecated in v6.3 and later)." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2089 +msgid "Disable inbound embedded DNS A record fixups" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2090 +msgid "Disable outbound DNS A record replies" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2091 +msgid "maximum number of simultaneous TCP and UDP connections" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2092 +msgid "maximum number of embryonic connections per host" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2093 +msgid "" +"Specifies the maximum number of simultaneous TCP and UDP connections for the " +"entire subnet. The default is 0, which means unlimited connections. (Idle " +"connections are closed after the idle timeout specified by the timeout conn " +"command.)" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2094 +msgid "" +"Specifies the maximum number of embryonic connections per host. An embryonic " +"connection is a connection request that has not finished the necessary " +"handshake between source and destination. Set a small value for slower " +"systems, and a higher value for faster systems. The default is 0, which " +"means unlimited embryonic connections." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2095 +msgid "The following parameters are used for all NAT rules:" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2096 +msgid "" +"(The default for both parameters is 0, which means unlimited number of " +"connections.)" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2097 +msgid "PIX Options" +msgstr "PIX オプション" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:275 +msgid "PIX Advanced Configuration Options" +msgstr "PIX 高度ãªè¨­å®šã‚ªãƒ—ション" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:276 +msgid "Set PIX host name using object's name" +msgstr "オブジェクトåを使用ã—㦠PIX ホストåを設定" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:277 +msgid "Generate commands to configure addresses for interfaces" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:278 src/gui/.ui/prefsdialog_q.cpp:381 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:788 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:848 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:856 +msgid "General" +msgstr "一般" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:279 +msgid "NTP Servers:" +msgstr "NTP サーãƒãƒ¼:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:282 +msgid "Server 1:" +msgstr "サーãƒãƒ¼ 1:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:283 +msgid "Server 2:" +msgstr "サーãƒãƒ¼ 2:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:284 +msgid "Server 3:" +msgstr "サーãƒãƒ¼ 3:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:286 +msgid "Preffered:" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:287 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:301 +msgid "IP address:" +msgstr "IP アドレス:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:288 +msgid "NTP" +msgstr "NTP" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:289 +msgid "Disable SNMP Agent" +msgstr "SNMP エージェントを無効ã«ã™ã‚‹" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:290 +msgid "Set SNMP communities using data from the firewall object dialog" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:291 +msgid "SNMP servers" +msgstr "SNMP サーãƒãƒ¼" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:293 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:297 +msgid "Poll" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:294 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:298 +msgid "Poll and Traps" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:295 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:299 +msgid "Traps" +msgstr "トラップ" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:300 +msgid "Enable:" +msgstr "有効:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:302 +msgid "SNMP Server 1:" +msgstr "SNMP サーãƒãƒ¼1:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:303 +msgid "SNMP Server 2:" +msgstr "SNMP サーãƒãƒ¼2:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:304 +msgid "Enable sending log messages as SNMP trap notifications" +msgstr "ログメッセージを SNMP トラップ通知ã§é€ä¿¡ã‚’有効ã«ã™ã‚‹" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:305 +msgid "SNMP" +msgstr "SNMP" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:306 +msgid "Change TCP MSS to" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:307 +msgid "bytes" +msgstr "ãƒã‚¤ãƒˆ" + +#: src/gui/.ui/prefsdialog_q.cpp:214 src/gui/.ui/prefsdialog_q.cpp:393 +msgid "File Path" +msgstr "ファイルパス" + +#: src/gui/.ui/prefsdialog_q.cpp:363 +msgid "Preferences" +msgstr "設定" + +#: src/gui/.ui/prefsdialog_q.cpp:368 +msgid "minutes" +msgstr "分" + +#: src/gui/.ui/prefsdialog_q.cpp:369 +msgid "Periodically save data to file every " +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:370 +msgid "Tooltip delay:" +msgstr "ツールãƒãƒƒãƒ—é…延" + +#: src/gui/.ui/prefsdialog_q.cpp:371 +msgid "Enable object tooltips" +msgstr "オブジェクトツールãƒãƒƒãƒ—スを有効ã«ã™ã‚‹" + +#: src/gui/.ui/prefsdialog_q.cpp:372 +msgid "Show deleted objects" +msgstr "削除ã•ã‚ŒãŸã‚ªãƒ–ジェクトを表示" + +#: src/gui/.ui/prefsdialog_q.cpp:373 +msgid "Automatically save data in dialogs when switching between objects" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:374 +msgid "On startup: " +msgstr "起動時" + +#: src/gui/.ui/prefsdialog_q.cpp:376 +msgid "Load standard objects" +msgstr "標準オブジェクトを読ã¿è¾¼ã‚€" + +#: src/gui/.ui/prefsdialog_q.cpp:377 +msgid "Load last edited file" +msgstr "最終編集ファイルを読ã¿è¾¼ã‚€" + +#: src/gui/.ui/prefsdialog_q.cpp:378 +msgid "Expand all branches in the object tree" +msgstr "オブジェクトツリーã®å…¨ã¦ã®åˆ†å²ã‚’展開" + +#: src/gui/.ui/prefsdialog_q.cpp:379 +msgid "Working directory:" +msgstr "作業ディレクトリ" + +#: src/gui/.ui/prefsdialog_q.cpp:382 +msgid "Do not ask for the log record when checking in new file revision." +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:383 +msgid "Revision Control" +msgstr "リビジョン制御" + +#: src/gui/.ui/prefsdialog_q.cpp:384 +msgid "" +"A full path to the Secure Shell utility (remote command execution; for " +"example ssh on Unix or plink.exe or vsh.exe on Windows):" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:386 +msgid "SSH" +msgstr "SSH" + +#: src/gui/.ui/prefsdialog_q.cpp:387 +msgid "Add..." +msgstr "追加" + +#: src/gui/.ui/prefsdialog_q.cpp:388 +msgid "Remove" +msgstr "削除" + +#: src/gui/.ui/prefsdialog_q.cpp:389 +msgid "" +"If you remove libraries from the list, changes get in effect next time you " +"start the program" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:390 +msgid "Available libraries:" +msgstr "有効ãªãƒ©ã‚¤ãƒ–ラリ:" + +#: src/gui/.ui/prefsdialog_q.cpp:394 +msgid "Libraries" +msgstr "ライブラリ" + +#: src/gui/.ui/prefsdialog_q.cpp:395 +msgid "Use these labels to mark rules in the firewall policy" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:410 +msgid "Labels" +msgstr "ラベル" + +#: src/gui/.ui/printingprogressdialog_q.cpp:73 +#, fuzzy +msgid "Printing" +msgstr "å°åˆ·" + +#: src/gui/.ui/rcsfilepreview_q.cpp:49 src/gui/.ui/rcsfilepreview_q.cpp:122 +msgid "Revision" +msgstr "リビジョン" + +#: src/gui/.ui/rcsfilepreview_q.cpp:52 src/gui/.ui/rcsfilepreview_q.cpp:123 +msgid "Date" +msgstr "日付" + +#: src/gui/.ui/rcsfilepreview_q.cpp:55 src/gui/.ui/rcsfilepreview_q.cpp:124 +msgid "Author" +msgstr "著者" + +#: src/gui/.ui/rcsfilepreview_q.cpp:58 src/gui/.ui/rcsfilepreview_q.cpp:125 +msgid "Locked by" +msgstr "ロックã—ãŸäºº" + +#: src/gui/.ui/rcsfilepreview_q.cpp:120 +msgid "RCSFilePreview" +msgstr "RCS ファイルプレビュー" + +#: src/gui/.ui/rcsfilepreview_q.cpp:121 +msgid "Open read-only" +msgstr "読ã¿è¾¼ã¿å°‚用ã§é–‹ã" + +#: src/gui/.ui/rcsfilepreview_q.cpp:126 +msgid "RCS log:" +msgstr "RCS ログ:" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:100 +msgid "Log record for the new revision" +msgstr "æ–°è¦ãƒªãƒ“ジョンã®ãƒ­ã‚°ãƒ¬ã‚³ãƒ¼ãƒ‰" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:101 +msgid "Do not ask me anymore, always check files in with empty log" +msgstr "" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:102 +msgid "Check file &in" +msgstr "ãƒã‚§ãƒƒã‚¯ãƒ•ã‚¡ã‚¤ãƒ«å…¥åŠ›(&I)" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:103 +msgid "Alt+I" +msgstr "Alt+I" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:106 +#, fuzzy, qt-format +msgid "Checking file %1 into RCS" +msgstr "ãƒã‚§ãƒƒã‚¯ãƒ•ã‚¡ã‚¤ãƒ«å…¥åŠ›(&I)" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:107 +msgid "Log record for this revision: " +msgstr "ã“ã®ãƒªãƒ“ジョンã®ãƒ­ã‚°ãƒ¬ã‚³ãƒ¼ãƒ‰" + +#: src/gui/.ui/routingruleoptionsdialog_q.cpp:118 +#, fuzzy +msgid "Routing Rule Options" +msgstr "ルールオプション" + +#: src/gui/.ui/routingruleoptionsdialog_q.cpp:120 +msgid "If installation of this routing rule fails, just carry on" +msgstr "" + +#: src/gui/.ui/routingruleoptionsdialog_q.cpp:121 +msgid "No options available for routing rules of this firewall platform" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:783 +msgid "Rule Options for ipt" +msgstr "ipt 用ルールオプション" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:785 +msgid "" +"Assume firewall is part of 'any' (this setting only affects code generated " +"for this rule)" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:786 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:845 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:853 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:877 +msgid "Stateless rule" +msgstr "ステートレスルール" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:787 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:844 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:852 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:878 +msgid "" +"Normally policy compiler uses stateful inspection in each rule. Activating " +"next option makes this rule stateless." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:800 +msgid "Netlink group (if using ULOG): " +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:802 +msgid "Rate (rule matches if it hits this often or less):" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:803 +msgid "Module limit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:804 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:827 +msgid "Burst:" +msgstr "ãƒãƒ¼ã‚¹ãƒˆ:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:811 +msgid "limit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:812 +msgid "bit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:813 +msgid "per network with netmask of " +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:814 +msgid "Number of allowed connections per client host" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:815 +msgid "Module connlimit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:816 +#, fuzzy +msgid "connlimit" +msgstr "ログ記録制é™:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:817 +msgid "Module hashlimit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:818 +msgid "" +"On some older systems this module has name 'dstlimit'. Check here if you " +"need to use this name." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:819 +#, fuzzy +msgid "Rate:" +msgstr "日付:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:828 +#, fuzzy +msgid "Mode:" +msgstr "コード:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:830 +#, fuzzy +msgid "dstip" +msgstr "smtp" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:831 +#, fuzzy +msgid "srcip" +msgstr "スキップ" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:832 +msgid "dstip,dstport" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:833 +msgid "srcip,srcport" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:834 +#, fuzzy +msgid "htable-size:" +msgstr "iptables:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:835 +msgid "" +"The number of buckets of the hash table (omit this option in generated " +"script if set to 0)" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:836 +msgid "htable-max:" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:837 +msgid "" +"Maximum number of entries in the hash (omit this option in generated script " +"if set to 0)" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:838 +#, fuzzy +msgid "htable-expire:" +msgstr "iptables-restore:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:839 +msgid "" +"After how many milliseconds do hash entries expire (omit this option in the " +"generated script if set to 0)" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:840 +msgid "htable-gcinterval:" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:841 +msgid "" +"How many milliseconds between garbage collection intervals (omit this option " +"in generated script if set to 0)" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:842 +msgid "" +"Options below control size of the hash table and expiration time. They will " +"be omitted from the generated script if set to zero." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:843 +msgid "hashlimit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:846 +msgid "" +"Send ICMP 'unreachable' packet masquerading as being from the original " +"destination" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:847 +msgid "" +"Keep information on fragmented packets, to be applied to later fragments" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:854 +msgid "" +"In PF 4.x \"flags S/SA keep state\" is the default. Compiler will omit these " +"flags while generating code for stateful rules matching tcp services. " +"However, according to the PF FAQ, care should be taken while dealing with " +"states and interface enc0. To avoid leaking unencrypted traffic out, the FAQ " +"recommends setting 'keep state' explicitly in all rules on the enc0 " +"interface. This option applies only if version is set to 4.x." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:855 +msgid "Add 'keep state' " +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:859 +msgid "Activate source tracking" +msgstr "ソース追跡を有効ã«ã™ã‚‹" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:860 +msgid "" +"When this option is checked, the number of states per source IP is tracked " +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:861 +msgid "" +"Maximum number of source addresses which can simultaneously have state table " +"entries (max-src-nodes):" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:862 +msgid "" +"Maximum number of simultaneous state entries that a single source address " +"can create with this rule (max-src-states):" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:863 +msgid "Tracking" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:864 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:872 +msgid "overload table:" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:865 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:871 +msgid "flush" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:866 +msgid "" +"Maximum number of simultaneous TCP connections that a single host can make " +"(max-src-conn):" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:867 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:870 +msgid "global" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:868 +msgid "The limit of new connections over a time interval (max-src-conn-rate):" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:869 +msgid "/" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:873 +#, fuzzy +msgid "sec" +msgstr "/秒" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:874 +msgid "" +"When this limit is reached, further packets matching the rule that would " +"create state are dropped, until existing states time out." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:875 +msgid "" +"Maximum number of concurrent states this rule may create. Unlimited if set " +"to zero (option 'max')." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:879 +msgid "These options are only valid for PIX running software v6.3 or later" +msgstr "" +"ã“れらã®ã‚ªãƒ—ションã¯å®Ÿè¡Œä¸­ã® PIX ソフトウェアãƒãƒ¼ã‚¸ãƒ§ãƒ³ 6.3 以上ã§æœ‰åŠ¹ã§ã™ã€‚" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:880 +#, fuzzy +msgid "completely disable logging for this rule" +msgstr "" +"ã“ã®ãƒ«ãƒ¼ãƒ«ã®ãƒ­ã‚°è¨˜ã®ç„¡åŠ¹åŒ–ã‚’\n" +"完了ã—ã¾ã—ãŸ" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:882 +msgid "Logging interval:" +msgstr "ログ記録間隔:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:883 +msgid "Tere are no options for this firewall platform" +msgstr "" + +#: src/gui/.ui/simpletextview_q.cpp:92 +msgid "Text viewer" +msgstr "" + +#: src/gui/.ui/simpletextview_q.cpp:93 +#, fuzzy +msgid "Object Name" +msgstr "オブジェクトå:" + +#: src/gui/.ui/solarisadvanceddialog_q.cpp:182 +msgid "Solaris: advanced settings" +msgstr "Solaris: 高度ãªè¨­å®š" + +#: src/gui/.ui/solarisadvanceddialog_q.cpp:187 +msgid "Ignore ICMP redirects" +msgstr "ICMP リダイレクトを無視" + +#: src/gui/.ui/solarisadvanceddialog_q.cpp:192 +msgid "Forward directed broadcasts" +msgstr "" + +#: src/gui/.ui/solarisadvanceddialog_q.cpp:193 +msgid "Respond to echo broadcast" +msgstr "エコーブロードキャストã¸ã®å¿œç­”" + +#: src/gui/.ui/tagservicedialog_q.cpp:148 +#, fuzzy +msgid "Tag Service" +msgstr "æ–°è¦ TCP サービス" + +#: src/gui/.ui/tcpservicedialog_q.cpp:375 +msgid "Use option \"established\" if supported by the target firewall platform" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:377 +msgid "Settings:" +msgstr "設定:" + +#: src/gui/.ui/tcpservicedialog_q.cpp:390 +msgid "U" +msgstr "U" + +#: src/gui/.ui/tcpservicedialog_q.cpp:391 +msgid "A" +msgstr "A" + +#: src/gui/.ui/tcpservicedialog_q.cpp:392 +msgid "P" +msgstr "P" + +#: src/gui/.ui/tcpservicedialog_q.cpp:393 +msgid "R" +msgstr "R" + +#: src/gui/.ui/tcpservicedialog_q.cpp:394 +msgid "S" +msgstr "S" + +#: src/gui/.ui/tcpservicedialog_q.cpp:395 +msgid "F" +msgstr "F" + +#: src/gui/.ui/tcpservicedialog_q.cpp:396 +msgid "Mask:" +msgstr "マスク:" + +#: src/gui/.ui/tcpservicedialog_q.cpp:397 +#, fuzzy +msgid "Flags:" +msgstr "TCP フラグ" + +#: src/gui/.ui/tcpservicedialog_q.cpp:400 +#: src/gui/.ui/udpservicedialog_q.cpp:224 +msgid "Source Port Range" +msgstr "é€ä¿¡å…ƒãƒãƒ¼ãƒˆãƒ¬ãƒ³ã‚¸" + +#: src/gui/.ui/tcpservicedialog_q.cpp:401 +#: src/gui/.ui/tcpservicedialog_q.cpp:404 +#: src/gui/.ui/udpservicedialog_q.cpp:225 +#: src/gui/.ui/udpservicedialog_q.cpp:228 +msgid "Start:" +msgstr "開始:" + +#: src/gui/.ui/tcpservicedialog_q.cpp:402 +#: src/gui/.ui/tcpservicedialog_q.cpp:405 +#: src/gui/.ui/udpservicedialog_q.cpp:226 +#: src/gui/.ui/udpservicedialog_q.cpp:229 +msgid "End:" +msgstr "終了:" + +#: src/gui/.ui/tcpservicedialog_q.cpp:403 +#: src/gui/.ui/udpservicedialog_q.cpp:227 +msgid "Destination Port Range" +msgstr "é€ä¿¡å…ˆãƒãƒ¼ãƒˆãƒ¬ãƒ³ã‚¸" + +#: src/gui/.ui/timedialog_q.cpp:246 src/gui/.ui/timedialog_q.cpp:263 +msgid "Sunday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:247 src/gui/.ui/timedialog_q.cpp:264 +msgid "Monday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:248 src/gui/.ui/timedialog_q.cpp:265 +msgid "Tuesday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:249 src/gui/.ui/timedialog_q.cpp:266 +msgid "Wednesday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:250 src/gui/.ui/timedialog_q.cpp:267 +msgid "Thursday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:251 src/gui/.ui/timedialog_q.cpp:268 +msgid "Friday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:252 src/gui/.ui/timedialog_q.cpp:269 +msgid "Saturday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:253 +#, fuzzy +msgid "Start day of week:" +msgstr "曜日数 (0-6)" + +#: src/gui/.ui/timedialog_q.cpp:254 +#, fuzzy +msgid "Start time:" +msgstr "開始:" + +#: src/gui/.ui/timedialog_q.cpp:255 +#, fuzzy +msgid "Start date:" +msgstr "開始:" + +#: src/gui/.ui/timedialog_q.cpp:258 +#, fuzzy +msgid "End date:" +msgstr "有効:" + +#: src/gui/.ui/timedialog_q.cpp:260 +#, fuzzy +msgid "End time:" +msgstr "終了:" + +#: src/gui/.ui/timedialog_q.cpp:270 +#, fuzzy +msgid "End day of week:" +msgstr "曜日数 (0-6)" + +#: src/gui/utils.cpp:197 +msgid "" +"Impossible to apply changes because object is located in read-only\n" +"part of the tee or data file was opened read-only" +msgstr "" + +#: src/gui/utils.cpp:219 +#, qt-format +msgid "Object with name '%1' already exists, please choose different name." +msgstr "オブジェクトå '%1' ã¯æ—¢ã«å­˜åœ¨ã—ã¾ã™ã€‚別ã®åå‰ã‚’洗濯ã—ã¦ãã ã•ã„。" + +#: src/gui/aboutdialog_q.ui.h:14 +msgid "Revision: %1 ( Build: %2 )" +msgstr "" + +#: src/gui/aboutdialog_q.ui.h:16 +#, fuzzy +msgid "Using Firewall Builder API %1" +msgstr "試用中㮠libfwbuilder API ãƒãƒ¼ã‚¸ãƒ§ãƒ³" + +#: src/gui/aboutdialog_q.ui.h:19 +msgid "Registered" +msgstr "" + +#: src/gui/aboutdialog_q.ui.h:20 +msgid "Unregistered" +msgstr "" + +#: src/gui/upgradePredicate.h:45 +msgid "" +"The data file you are trying to open has been\n" +"saved with an older version of Firewall Builder.\n" +"Opening it in this version will cause it to be\n" +"upgraded, which may prevent older versions of\n" +"the program from reading it. Backup copy of your\n" +"file in the old format will be made in the same\n" +"directory with extension '.bak'.\n" +"Are you sure you want to open it?" +msgstr "" + +#: src/gui/upgradePredicate.h:53 +msgid "&Upgrade" +msgstr "アップグレード(&)" + +#: src/gui/upgradePredicate.h:54 +msgid "&Do not load the file" +msgstr "ファイル %1 を読ã¿è¾¼ã¾ãªã„(&D)" + +#, fuzzy +#~ msgid "Policy/%1" +#~ msgstr "ãƒãƒªã‚·ãƒ¼" + +#, fuzzy +#~ msgid "Save configuration" +#~ msgstr "設定ã®ä¿å­˜\n" + +#, fuzzy +#~ msgid "Save configuration to standby unit" +#~ msgstr "標準ユニットã«è¨­å®šã‚’ä¿å­˜\n" + +#, fuzzy +#~ msgid "Exiting" +#~ msgstr "終了中\n" + +#, fuzzy +#~ msgid "C&ommit" +#~ msgstr "コメント" + +#~ msgid "Activate a rule on:" +#~ msgstr "ルールã®æ´»æ€§åŒ–日時" + +#~ msgid "Date:" +#~ msgstr "日付:" + +#~ msgid "Time:" +#~ msgstr "時間:" + +#~ msgid "Deactivate a rule on:" +#~ msgstr "ルールã®éžæ´»æ€§åŒ–日時" + +#~ msgid "&Compile" +#~ msgstr "コンパイル(&C)" + +#~ msgid "&Install old copy" +#~ msgstr "å¤ã„コピーをインストール(&I)" + +#~ msgid "Find Secure File Transfer utility" +#~ msgstr "セキュアファイル転é€ãƒ¦ãƒ¼ãƒ†ã‚£ãƒªãƒ†ã‚£ã®æ¤œç´¢" + +#~ msgid "Accounting " +#~ msgstr "アカウント" + +#, fuzzy +#~ msgid "Metric Editor" +#~ msgstr "スクリプトエディタ" + +#~ msgid "End\n" +#~ msgstr "終了\n" + +#~ msgid "Apply Changes" +#~ msgstr "変更をé©ç”¨" + +#, fuzzy +#~ msgid "..." +#~ msgstr "追加" + +#, fuzzy +#~ msgid "File preview:" +#~ msgstr "RCS ファイルプレビュー" + +#~ msgid "SNMP community:" +#~ msgstr "SNMP コミュニティ" + +#~ msgid "Contact:" +#~ msgstr "コンタクト:" + +#~ msgid "SNMP Get" +#~ msgstr "SNMPå–å¾—" + +#~ msgid "Description:" +#~ msgstr "説明:" + +#~ msgid "Del" +#~ msgstr "削除" + +#~ msgid "Data format" +#~ msgstr "日付書å¼" + +#~ msgid "Welcome to Firewall Builder" +#~ msgstr "ファイアウォールビルダーã¸ã‚ˆã†ã“ã" + +#, fuzzy +#~ msgid "Firewall Builder N.N.N" +#~ msgstr "ファイアウォールビルダー 2.0.4" + +#~ msgid "Do you want to open existing project file or create a new one?" +#~ msgstr "既存ã®ãƒ—ロジェクトファイルを開ãã‹æ–°è¦ä½œæˆã®ã©ã¡ã‚‰ã‚’ã—ãŸã„ã§ã™ã‹?" + +#~ msgid "Create new project file" +#~ msgstr "æ–°è¦ãƒ—ロジェクトファイルを作æˆã™ã‚‹" + +#~ msgid "Open existing file" +#~ msgstr "既存ã®ãƒ•ã‚¡ã‚¤ãƒ«ã‚’é–‹ã" + +#~ msgid "File name: %1" +#~ msgstr "ファイルå: %1" + +#~ msgid "" +#~ "Activate Revision Control System for this file\n" +#~ "(if you do not do this now, you can always activate it later)" +#~ msgstr "" +#~ "ã“ã®ãƒ•ã‚¡ã‚¤ãƒ«ã®ãƒªãƒ“ジョン制御システム(RCS)を有効化\n" +#~ "(ã“れを今ã—ãªãã¦ã‚‚ã€å¾Œã§æœ‰åŠ¹åŒ–ã™ã‚‹ã“ã¨ãŒå‡ºæ¥ã¾ã™)" + +#~ msgid "" +#~ "Let the program automatically open this file when I start it next time\n" +#~ "(you can activate this option later using Preferences dialog)" +#~ msgstr "" +#~ "ã“ã®ãƒ—ログラムを次ã«å®Ÿè¡Œã™ã‚‹ã¨ãã€è‡ªå‹•çš„ã«ã“ã®ãƒ•ã‚¡ã‚¤ãƒ«ã‚’オープンã™ã‚‹\n" +#~ "(プリファレンスダイアログを使用ã—ã¦ã€å¾Œã§ã“ã®ã‚ªãƒ—ションを有効化出æ¥ã¾ã™)" + +#~ msgid "Please choose a different name for the new file." +#~ msgstr "別ã®æ–°è¦ãƒ•ã‚¡ã‚¤ãƒ«åã‚’é¸æŠžã—ã¦ãã ã•ã„" + +#~ msgid "Script" +#~ msgstr "スクリプト" + +#~ msgid "Terminating session\n" +#~ msgstr "セッション中断中\n" + +#~ msgid "Verification of policy rules" +#~ msgstr "ãƒãƒªã‚·ãƒ¼ãƒ«ãƒ¼ãƒ«ã®ç¢ºèª" diff --git a/po/ja.qm b/po/ja.qm new file mode 100644 index 000000000..4bb0082b0 Binary files /dev/null and b/po/ja.qm differ diff --git a/po/po.pro b/po/po.pro new file mode 100644 index 000000000..7d39213a0 --- /dev/null +++ b/po/po.pro @@ -0,0 +1,52 @@ +#-*- mode: makefile; tab-width: 4; -*- +# + +include(../qmake.inc) + +win32 { + QMAKE_RUN_CC = @echo + QMAKE_RUN_CXX = @echo + QMAKE_LINK = @echo +} +!win32 { + QMAKE_RUN_CC = @echo > /dev/null + QMAKE_RUN_CXX = @echo > /dev/null + QMAKE_LINK = @echo > /dev/null +} + +TARGET = po + +!win32:LOCALEINSTALLDIR = $(INSTALL_ROOT)/$$PKGLOCALEDIR +win32:LOCALEINSTALLDIR = $$PKGLOCALEDIR + +de.path = $$PKGLOCALEDIR +!win32:de.extra = /usr/bin/install -c -m 644 de.qm $$LOCALEINSTALLDIR/fwbuilder_de.qm +win32:de.extra = -$(INSTALL_FILE) de.qm $$LOCALEINSTALLDIR\fwbuilder_de.qm + +es.path = $$PKGLOCALEDIR +!win32:es.extra = /usr/bin/install -c -m 644 es.qm $$LOCALEINSTALLDIR/fwbuilder_es.qm +win32:es.extra = -$(INSTALL_FILE) es.qm $$LOCALEINSTALLDIR\fwbuilder_es.qm + +fr.path = $$PKGLOCALEDIR +!win32:fr.extra = /usr/bin/install -c -m 644 fr.qm $$LOCALEINSTALLDIR/fwbuilder_fr.qm +win32:fr.extra = -$(INSTALL_FILE) fr.qm $$LOCALEINSTALLDIR\fwbuilder_fr.qm + +ja.path = $$PKGLOCALEDIR +!win32:ja.extra = /usr/bin/install -c -m 644 ja.qm $$LOCALEINSTALLDIR/fwbuilder_ja.qm +win32:ja.extra = -$(INSTALL_FILE) ja.qm $$LOCALEINSTALLDIR\fwbuilder_ja.qm + +pt_BR.path = $$PKGLOCALEDIR +!win32:pt_BR.extra = /usr/bin/install -c -m 644 pt_BR.qm $$LOCALEINSTALLDIR/fwbuilder_pt_BR.qm +win32:pt_BR.extra = -$(INSTALL_FILE) pt_BR.qm $$LOCALEINSTALLDIR\fwbuilder_pt_BR.qm + +ru.path = $$PKGLOCALEDIR +!win32:ru.extra = /usr/bin/install -c -m 644 ru.qm $$LOCALEINSTALLDIR/fwbuilder_ru.qm +win32:ru.extra = -$(INSTALL_FILE) ru.qm $$LOCALEINSTALLDIR\fwbuilder_ru.qm + +sv.path = $$PKGLOCALEDIR +!win32:sv.extra = /usr/bin/install -c -m 644 sv.qm $$LOCALEINSTALLDIR/fwbuilder_sv.qm +win32:sv.extra = -$(INSTALL_FILE) sv.qm $$LOCALEINSTALLDIR\fwbuilder_sv.qm + +INSTALLS -= target +INSTALLS += de es fr ja pt_BR ru sv + diff --git a/po/pt_BR.po b/po/pt_BR.po new file mode 100644 index 000000000..c6c315f8a --- /dev/null +++ b/po/pt_BR.po @@ -0,0 +1,7173 @@ +# Brazilian Portuguese translations for Fwbuilder +# This file is distributed under the same license as the fwbuilder package. +# Copyright (C) 2007 Free Software Foundation, Inc. +# Rubens Ferreira Neto , 2007. +# Jose Carlos Medeiros , 2007. +# +msgid "" +msgstr "" +"Project-Id-Version: fwbuilder 2.1\n" +"Report-Msgid-Bugs-To: vadim@fwbuilder.org\n" +"POT-Creation-Date: 2007-12-08 21:27-0800\n" +"PO-Revision-Date: 2007-11-28 10:28-0300\n" +"Last-Translator: Jose Carlos N Medeiros \n" +"Language-Team: Portuguese/Brazil \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-Language: Portuguese\n" +"X-Poedit-Country: BRAZIL\n" +"X-Poedit-SourceCharset: utf-8\n" + +#: src/gui/ActionsDialog.cpp:97 +msgid "" +"'Chabge inbound interface', 'Continue packet inspection' and 'Make a copy' " +"options are mutually exclusive" +msgstr "" + +#: src/gui/ActionsDialog.cpp:98 src/gui/ActionsDialog.cpp:123 +#: src/gui/AddressRangeDialog.cpp:108 src/gui/AddressRangeDialog.cpp:119 +#: src/gui/FirewallDialog.cpp:315 src/gui/FirewallDialog.cpp:340 +#: src/gui/FWWindow.cpp:724 src/gui/FWWindow.cpp:733 src/gui/FWWindow.cpp:858 +#: src/gui/FWWindow.cpp:1082 src/gui/FWWindow.cpp:1095 +#: src/gui/FWWindow.cpp:1111 src/gui/FWWindow.cpp:1149 +#: src/gui/FWWindow.cpp:1155 src/gui/FWWindow.cpp:1224 +#: src/gui/FWWindow.cpp:1318 src/gui/FWWindow.cpp:1360 +#: src/gui/FWWindow.cpp:1383 src/gui/FWWindow.cpp:1456 +#: src/gui/FWWindow.cpp:1474 src/gui/FWWindow.cpp:1537 +#: src/gui/FWWindow.cpp:1549 src/gui/FWWindowPrint.cpp:923 +#: src/gui/instDialog.cpp:719 src/gui/instDialog.cpp:1462 +#: src/gui/instDialog.cpp:1580 src/gui/IPv4Dialog.cpp:146 +#: src/gui/IPv4Dialog.cpp:160 src/gui/listOfLibraries.cpp:148 +#: src/gui/listOfLibraries.cpp:188 src/gui/listOfLibraries.cpp:215 +#: src/gui/NetworkDialog.cpp:109 src/gui/NetworkDialog.cpp:120 +#: src/gui/RCS.cpp:499 src/gui/RCS.cpp:688 src/gui/RCS.cpp:701 +#: src/gui/RCS.cpp:718 src/gui/RCS.cpp:801 src/gui/utils.cpp:198 +msgid "&Continue" +msgstr "&Continuar" + +#: src/gui/ActionsDialog.cpp:122 +msgid "" +"Rule name for accounting is converted to the iptables\n" +"chain name and therefore may not contain white space\n" +"and special characters." +msgstr "" + +#: src/gui/ActionsDialog.cpp:222 src/gui/ActionsDialog.cpp:223 +#: src/gui/.ui/actionsdialog_q.cpp:470 +msgid "Emulation is currently ON, rule will be terminating" +msgstr "" + +#: src/gui/ActionsDialog.cpp:226 src/gui/ActionsDialog.cpp:227 +msgid "Emulation is currently OFF, rule will be non-terminating" +msgstr "" + +#: src/gui/AddressRangeDialog.cpp:107 src/gui/AddressRangeDialog.cpp:118 +#: src/gui/IPv4Dialog.cpp:145 src/gui/NetworkDialog.cpp:108 +#, qt-format +msgid "Illegal IP address '%1'" +msgstr "Endereço IP Ilegal '%1'" + +#: src/gui/ColorLabelMenuItem.cpp:48 +msgid "no color" +msgstr "sem cor" + +#: src/gui/CommentEditorPanel.cpp:75 src/gui/SimpleTextEditor.cpp:66 +msgid "Warning: loading from file discards current contents of the script." +msgstr "Aviso: carregar o arquivo irá descartar o conteúdo atual do script." + +#: src/gui/CommentEditorPanel.cpp:80 +msgid "Choose file that contains PIX commands" +msgstr "Escolha o arquivo que contém os comandos do PIX" + +#: src/gui/CommentEditorPanel.cpp:88 src/gui/DiscoveryDruid.cpp:791 +#: src/gui/SimpleTextEditor.cpp:79 +#, qt-format +msgid "Could not open file %1" +msgstr "Não foi possível abrir o arquivo %1" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:157 +#: src/gui/FindWhereUsedWidget.cpp:171 src/gui/FWWindow.cpp:2115 +#: src/gui/FWWindowPrint.cpp:369 +msgid "NAT" +msgstr "NAT" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:160 +#: src/gui/FindWhereUsedWidget.cpp:174 src/gui/FWWindow.cpp:2087 +msgid "Policy" +msgstr "Política" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:163 +#: src/gui/FindWhereUsedWidget.cpp:177 src/gui/FWWindow.cpp:2130 +#: src/gui/FWWindowPrint.cpp:396 src/gui/platforms.cpp:559 +msgid "Routing" +msgstr "Roteamento" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:166 +#: src/gui/FindWhereUsedWidget.cpp:180 +msgid "Unknown rule set" +msgstr "Conjunto de regras desconhecido" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:168 +#: src/gui/FindWhereUsedWidget.cpp:182 +#, qt-format +msgid "/Rule%1" +msgstr "/Regra%1" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:182 +#: src/gui/FindWhereUsedWidget.cpp:196 +msgid "Type: " +msgstr "Tipo: " + +#: src/gui/ConfirmDeleteObjectDialog.cpp:203 +msgid "Not used anywhere" +msgstr "Não utilizado" + +#: src/gui/DialogFactory.cpp:158 src/gui/DialogFactory.cpp:181 +#, qt-format +msgid "Support module for %1 is not available" +msgstr "Suporte a módulo para %1 não esta disponível" + +#: src/gui/DiscoveryDruid.cpp:616 +msgid "Hosts file parsing ..." +msgstr "Analise do arquivo de máquinas ..." + +#: src/gui/DiscoveryDruid.cpp:625 +msgid "DNS zone transfer ..." +msgstr "Zona de transferência de DNS ..." + +#: src/gui/DiscoveryDruid.cpp:635 +msgid "Network discovery using SNMP ..." +msgstr "Descobrimento de rede usando SNMP ..." + +#: src/gui/DiscoveryDruid.cpp:645 +#, fuzzy +msgid "Import configuration from file ..." +msgstr "* Carregando configuração do arquivo %1" + +#: src/gui/DiscoveryDruid.cpp:790 src/gui/DiscoveryDruid.cpp:1675 +#: src/gui/DiscoveryDruid.cpp:1722 +msgid "Discovery error" +msgstr "Erro no descobrimento" + +#: src/gui/DiscoveryDruid.cpp:1086 src/gui/DiscoveryDruid.cpp:1158 +msgid "Adding objects ..." +msgstr "Adicionando objetos ..." + +#: src/gui/DiscoveryDruid.cpp:1086 src/gui/DiscoveryDruid.cpp:1159 +#: src/gui/DiscoveryDruid.cpp:1362 src/gui/DiscoveryDruid.cpp:1507 +#: src/gui/DiscoveryDruid.cpp:1549 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:111 +#: src/gui/.ui/filterdialog_q.cpp:154 src/gui/.ui/instoptionsdialog_q.cpp:286 +#: src/gui/.ui/libexport_q.cpp:113 src/gui/.ui/newgroupdialog_q.cpp:102 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1826 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:310 +#: src/gui/.ui/printingprogressdialog_q.cpp:74 +#: src/gui/.ui/simpleinteditor_q.cpp:89 src/gui/.ui/simpletexteditor_q.cpp:96 +msgid "Cancel" +msgstr "Cancelar" + +#: src/gui/DiscoveryDruid.cpp:1362 +msgid "Prepare objects ..." +msgstr "Preparar objetos ..." + +#: src/gui/DiscoveryDruid.cpp:1507 src/gui/DiscoveryDruid.cpp:1548 +msgid "Copying results ..." +msgstr "Copiando resultados ..." + +#: src/gui/DiscoveryDruid.cpp:1838 +msgid "Incomlete network specification." +msgstr "Especificação de rede incompleta." + +#: src/gui/DiscoveryDruid.cpp:1917 +msgid "Empty community string" +msgstr "Parâmetro de \"community\" vazio" + +#: src/gui/DiscoveryDruid.cpp:2132 +msgid "" +"Firewall Builder can import Cisco IOS access lists from the router " +"configuration saved using 'show run' or any other command that saves running " +"config. The name of the created firewall object, all of its interfaces and " +"their addresses will be configured automatically if this information can be " +"found in the configuration file." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:2143 +msgid "" +"Firewall Builder can import iptables rules from a file in iptables-save " +"format. Firewall name and addresses of its interfaces need to be configured " +"manually because iptables-save file does not have this information. " +msgstr "" + +#: src/gui/execDialog.cpp:101 src/gui/instDialog.cpp:1436 +#: src/gui/instDialog.cpp:2110 +msgid "Error: Failed to start program" +msgstr "Erro:: Falhou ao iniciar o programa" + +#: src/gui/filePropDialog.cpp:62 +msgid "Opened read-only" +msgstr "Aberto em somente leitura" + +#: src/gui/filePropDialog.cpp:80 +#, qt-format +msgid "Revision %1" +msgstr "Revisão %1" + +#: src/gui/FilterDialog.cpp:102 +msgid "Filter error" +msgstr "Erro no filtro" + +#: src/gui/FilterDialog.cpp:102 +msgid "Invalid RegExp." +msgstr "Exp. Regular inválida" + +#: src/gui/FilterDialog.cpp:404 src/gui/GroupObjectDialog.cpp:144 +#: src/gui/.ui/findobjectwidget_q.cpp:203 +#: src/gui/.ui/newfirewalldialog_q.cpp:171 +#: src/gui/.ui/newfirewalldialog_q.cpp:322 +#: src/gui/.ui/newfirewalldialog_q.cpp:501 +#: src/gui/.ui/newfirewalldialog_q.cpp:523 src/gui/.ui/newhostdialog_q.cpp:187 +#: src/gui/.ui/newhostdialog_q.cpp:397 src/gui/.ui/prefsdialog_q.cpp:210 +#: src/gui/.ui/prefsdialog_q.cpp:391 +msgid "Name" +msgstr "Nome" + +#: src/gui/FilterDialog.cpp:405 src/gui/FWWindowPrint.cpp:94 +#: src/gui/.ui/discoverydruid_q.cpp:1021 src/gui/.ui/finddialog_q.cpp:134 +#: src/gui/.ui/findobjectwidget_q.cpp:204 src/gui/.ui/ipv4dialog_q.cpp:170 +#: src/gui/.ui/newfirewalldialog_q.cpp:173 +#: src/gui/.ui/newfirewalldialog_q.cpp:324 +#: src/gui/.ui/newfirewalldialog_q.cpp:503 +#: src/gui/.ui/newfirewalldialog_q.cpp:525 src/gui/.ui/newhostdialog_q.cpp:189 +#: src/gui/.ui/newhostdialog_q.cpp:399 +msgid "Address" +msgstr "Endereço" + +#: src/gui/FilterDialog.cpp:408 +msgid "Contains" +msgstr "Contém" + +#: src/gui/FilterDialog.cpp:409 +msgid "Is equal to" +msgstr "É igual a" + +#: src/gui/FilterDialog.cpp:410 +msgid "Starts with" +msgstr "Inicia com" + +#: src/gui/FilterDialog.cpp:411 +msgid "Ends with" +msgstr "Finaliza com" + +#: src/gui/FilterDialog.cpp:412 +msgid "Matches Wildcard" +msgstr "Coringas" + +#: src/gui/FilterDialog.cpp:413 +msgid "Matches RegExp" +msgstr "Exp. Regulares" + +#: src/gui/findDialog.cpp:269 src/gui/FindObjectWidget.cpp:324 +msgid "Search hit the end of the object tree." +msgstr "" + +#: src/gui/findDialog.cpp:270 src/gui/FindObjectWidget.cpp:317 +#: src/gui/FindObjectWidget.cpp:325 +msgid "&Continue at top" +msgstr "&Continuar de cima" + +#: src/gui/findDialog.cpp:270 src/gui/FindObjectWidget.cpp:317 +#: src/gui/FindObjectWidget.cpp:325 +msgid "&Stop" +msgstr "&Parar" + +#: src/gui/FindObjectWidget.cpp:316 +msgid "Search hit the end of the policy rules." +msgstr "" + +#: src/gui/FindObjectWidget.cpp:354 +msgid "Search or Replace object ind't specified." +msgstr "" + +#: src/gui/FindObjectWidget.cpp:364 +msgid "Cannot replace object by itself." +msgstr "O objeto não pode ser substituído por ele mesmo." + +#: src/gui/FindObjectWidget.cpp:372 +msgid "Search and Replace objects are incompatible." +msgstr "Procurar e Substituir objetos são incompatíveis." + +#: src/gui/FindObjectWidget.cpp:466 +#, qt-format +msgid "Replaced %1 objects." +msgstr "Substituído %1 objetos." + +#: src/gui/FindObjectWidget.cpp:585 +msgid "Policy of firewall '" +msgstr "Política do firewall '" + +#: src/gui/FirewallDialog.cpp:314 src/gui/FirewallDialog.cpp:339 +#, qt-format +msgid "FWBuilder API error: %1" +msgstr "FWBuilder API erro: %1" + +#: src/gui/freebsdAdvancedDialog.cpp:62 src/gui/linksysAdvancedDialog.cpp:68 +#: src/gui/linux24AdvancedDialog.cpp:62 src/gui/macosxAdvancedDialog.cpp:62 +#: src/gui/openbsdAdvancedDialog.cpp:62 src/gui/solarisAdvancedDialog.cpp:62 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:195 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:199 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:203 +#: src/gui/.ui/linux24advanceddialog_q.cpp:371 +#: src/gui/.ui/linux24advanceddialog_q.cpp:375 +#: src/gui/.ui/linux24advanceddialog_q.cpp:379 +#: src/gui/.ui/linux24advanceddialog_q.cpp:383 +#: src/gui/.ui/linux24advanceddialog_q.cpp:387 +#: src/gui/.ui/linux24advanceddialog_q.cpp:391 +#: src/gui/.ui/linux24advanceddialog_q.cpp:395 +#: src/gui/.ui/linux24advanceddialog_q.cpp:399 +#: src/gui/.ui/linux24advanceddialog_q.cpp:403 +#: src/gui/.ui/linux24advanceddialog_q.cpp:418 +#: src/gui/.ui/linux24advanceddialog_q.cpp:422 +#: src/gui/.ui/linux24advanceddialog_q.cpp:426 +#: src/gui/.ui/linux24advanceddialog_q.cpp:430 +#: src/gui/.ui/linux24advanceddialog_q.cpp:434 +#: src/gui/.ui/linux24advanceddialog_q.cpp:438 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:172 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:176 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:180 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:180 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:184 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:189 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:193 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:189 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:195 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:199 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:204 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:208 +msgid "No change" +msgstr "Sem alteração" + +#: src/gui/freebsdAdvancedDialog.cpp:65 src/gui/linksysAdvancedDialog.cpp:71 +#: src/gui/linux24AdvancedDialog.cpp:65 src/gui/macosxAdvancedDialog.cpp:65 +#: src/gui/openbsdAdvancedDialog.cpp:65 src/gui/solarisAdvancedDialog.cpp:65 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:196 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:200 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:204 +#: src/gui/.ui/linux24advanceddialog_q.cpp:372 +#: src/gui/.ui/linux24advanceddialog_q.cpp:376 +#: src/gui/.ui/linux24advanceddialog_q.cpp:380 +#: src/gui/.ui/linux24advanceddialog_q.cpp:384 +#: src/gui/.ui/linux24advanceddialog_q.cpp:388 +#: src/gui/.ui/linux24advanceddialog_q.cpp:392 +#: src/gui/.ui/linux24advanceddialog_q.cpp:396 +#: src/gui/.ui/linux24advanceddialog_q.cpp:400 +#: src/gui/.ui/linux24advanceddialog_q.cpp:404 +#: src/gui/.ui/linux24advanceddialog_q.cpp:419 +#: src/gui/.ui/linux24advanceddialog_q.cpp:423 +#: src/gui/.ui/linux24advanceddialog_q.cpp:427 +#: src/gui/.ui/linux24advanceddialog_q.cpp:431 +#: src/gui/.ui/linux24advanceddialog_q.cpp:435 +#: src/gui/.ui/linux24advanceddialog_q.cpp:439 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:173 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:177 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:181 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:181 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:185 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:190 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:194 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:190 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:196 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:200 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:205 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:209 +msgid "On" +msgstr "Ligado" + +#: src/gui/freebsdAdvancedDialog.cpp:68 src/gui/linksysAdvancedDialog.cpp:74 +#: src/gui/linux24AdvancedDialog.cpp:68 src/gui/macosxAdvancedDialog.cpp:68 +#: src/gui/openbsdAdvancedDialog.cpp:68 src/gui/solarisAdvancedDialog.cpp:68 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:197 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:201 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:205 +#: src/gui/.ui/linux24advanceddialog_q.cpp:373 +#: src/gui/.ui/linux24advanceddialog_q.cpp:377 +#: src/gui/.ui/linux24advanceddialog_q.cpp:381 +#: src/gui/.ui/linux24advanceddialog_q.cpp:385 +#: src/gui/.ui/linux24advanceddialog_q.cpp:389 +#: src/gui/.ui/linux24advanceddialog_q.cpp:393 +#: src/gui/.ui/linux24advanceddialog_q.cpp:397 +#: src/gui/.ui/linux24advanceddialog_q.cpp:401 +#: src/gui/.ui/linux24advanceddialog_q.cpp:405 +#: src/gui/.ui/linux24advanceddialog_q.cpp:420 +#: src/gui/.ui/linux24advanceddialog_q.cpp:424 +#: src/gui/.ui/linux24advanceddialog_q.cpp:428 +#: src/gui/.ui/linux24advanceddialog_q.cpp:432 +#: src/gui/.ui/linux24advanceddialog_q.cpp:436 +#: src/gui/.ui/linux24advanceddialog_q.cpp:440 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:174 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:178 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:182 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:182 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:186 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:191 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:195 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:191 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:197 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:201 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:206 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:210 +msgid "Off" +msgstr "Desligado" + +#: src/gui/FWBSettings.cpp:150 +#, qt-format +msgid "" +"Working directory %1 does not exist and could not be created.\n" +"Ignoring this setting." +msgstr "" +"A pasta de trabalho %1 não existe e não pode ser criada.\n" +"Ignorando esta opção." + +#: src/gui/FWBTree.cpp:399 +msgid "New Library" +msgstr "Nova Biblioteca" + +#: src/gui/FWObjectDropArea.cpp:103 +msgid "Drop object here." +msgstr "Apagar objeto aqui." + +#: src/gui/FWObjectDropArea.cpp:141 src/gui/GroupObjectDialog.cpp:682 +#: src/gui/ObjectManipulator.cpp:916 src/gui/RuleSetView.cpp:1666 +#: src/gui/.ui/FWBMainWindow_q.cpp:476 +msgid "Paste" +msgstr "Colar" + +#: src/gui/FWObjectDropArea.cpp:143 src/gui/GroupObjectDialog.cpp:683 +#: src/gui/ObjConflictResolutionDialog.cpp:118 +#: src/gui/ObjConflictResolutionDialog.cpp:142 +#: src/gui/ObjectManipulator.cpp:921 src/gui/RuleSetView.cpp:1669 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:110 +#: src/gui/.ui/FWBMainWindow_q.cpp:542 src/gui/.ui/FWBMainWindow_q.cpp:543 +#: src/gui/.ui/newfirewalldialog_q.cpp:508 src/gui/.ui/newhostdialog_q.cpp:409 +msgid "Delete" +msgstr "Apagar" + +#: src/gui/FWObjectPropertiesFactory.cpp:102 +msgid "DNS record: " +msgstr "Registro DNS: " + +#: src/gui/FWObjectPropertiesFactory.cpp:106 +msgid "Address Table: " +msgstr "Tabela de Endereço: " + +#: src/gui/FWObjectPropertiesFactory.cpp:157 +msgid " objects" +msgstr " objetos" + +#: src/gui/FWObjectPropertiesFactory.cpp:173 +#, qt-format +msgid "protocol: %1" +msgstr "protocolo: %1" + +#: src/gui/FWObjectPropertiesFactory.cpp:177 +#, qt-format +msgid "type: %1" +msgstr "tipo: %1" + +#: src/gui/FWObjectPropertiesFactory.cpp:179 +#, qt-format +msgid "code: %1" +msgstr "código: %1" + +#: src/gui/FWObjectPropertiesFactory.cpp:238 +msgid "Library: " +msgstr "Biblioteca:" + +#: src/gui/FWObjectPropertiesFactory.cpp:243 +msgid "Object Id: " +msgstr "Id do Objeto: " + +#: src/gui/FWObjectPropertiesFactory.cpp:248 +msgid "Object Type: " +msgstr "Tipo do Objeto: " + +#: src/gui/FWObjectPropertiesFactory.cpp:252 +msgid "Object Name: " +msgstr "Nome do Objeto:" + +#: src/gui/FWObjectPropertiesFactory.cpp:274 +msgid "DNS record:" +msgstr "Registro DNS:" + +#: src/gui/FWObjectPropertiesFactory.cpp:277 +#: src/gui/FWObjectPropertiesFactory.cpp:285 +msgid "Run-time" +msgstr "Tempo-decorrido" + +#: src/gui/FWObjectPropertiesFactory.cpp:277 +#: src/gui/FWObjectPropertiesFactory.cpp:285 +msgid "Compile-time" +msgstr "Tempo-de-compilação" + +#: src/gui/FWObjectPropertiesFactory.cpp:282 +msgid "Table file:" +msgstr "Tabela:" + +#: src/gui/FWObjectPropertiesFactory.cpp:320 +#, qt-format +msgid "%1 objects
    \n" +msgstr "%1 objetos
    \n" + +#: src/gui/FWObjectPropertiesFactory.cpp:385 +msgid "Path: " +msgstr "Caminho: " + +#: src/gui/FWObjectPropertiesFactory.cpp:444 +msgid "protocol " +msgstr "protocolo" + +#: src/gui/FWObjectPropertiesFactory.cpp:449 +msgid "type: " +msgstr "tipo: " + +#: src/gui/FWObjectPropertiesFactory.cpp:451 +msgid "code: " +msgstr "código: " + +#: src/gui/FWObjectPropertiesFactory.cpp:471 +#, qt-format +msgid "Pattern: \"%1\"" +msgstr "Padrão: \"%1\"" + +#: src/gui/FWObjectPropertiesFactory.cpp:605 +msgid "Action : " +msgstr "Ação :" + +#: src/gui/FWObjectPropertiesFactory.cpp:608 +msgid "Parameter: " +msgstr "Parâmetro: " + +#: src/gui/FWObjectPropertiesFactory.cpp:631 +msgid "Log prefix : " +msgstr "Prefixo de Depuração : " + +#: src/gui/FWObjectPropertiesFactory.cpp:637 +msgid "Log Level : " +msgstr "Nível de Depuração : " + +#: src/gui/FWObjectPropertiesFactory.cpp:644 +msgid "Netlink group : " +msgstr "Grupo Netlink : " + +#: src/gui/FWObjectPropertiesFactory.cpp:650 +msgid "Limit Value : " +msgstr "Valor Limite : " + +#: src/gui/FWObjectPropertiesFactory.cpp:656 +msgid "Limit suffix : " +msgstr "Sufixo limite : " + +#: src/gui/FWObjectPropertiesFactory.cpp:663 +msgid "Limit burst : " +msgstr "Limite de estouro : " + +#: src/gui/FWObjectPropertiesFactory.cpp:670 +msgid "

  • Part of Any
    • " +msgstr "
  • Parte de Algum
    • " + +#: src/gui/FWObjectPropertiesFactory.cpp:676 +#: src/gui/FWObjectPropertiesFactory.cpp:706 +#: src/gui/FWObjectPropertiesFactory.cpp:735 +#: src/gui/FWObjectPropertiesFactory.cpp:758 +msgid "
  • Stateless
    • " +msgstr "
  • Sem estado
    • " + +#: src/gui/FWObjectPropertiesFactory.cpp:685 +msgid "Log facility: " +msgstr "Depuração: " + +#: src/gui/FWObjectPropertiesFactory.cpp:692 +#: src/gui/FWObjectPropertiesFactory.cpp:775 +msgid "Log level : " +msgstr "Nível de depuração : " + +#: src/gui/FWObjectPropertiesFactory.cpp:700 +msgid "
  • Send 'unreachable'
    • " +msgstr "
  • Enviar 'inalcançável'
    • " + +#: src/gui/FWObjectPropertiesFactory.cpp:712 +msgid "
  • Keep information on fragmented packets
    • " +msgstr "
  • Manter a informação em pacotes fragmentados
    • " + +#: src/gui/FWObjectPropertiesFactory.cpp:722 +msgid "Log prefix : " +msgstr "Prefixo de depuração : " + +#: src/gui/FWObjectPropertiesFactory.cpp:728 +msgid "Max state : " +msgstr "Estado máximo : " + +#: src/gui/FWObjectPropertiesFactory.cpp:741 +msgid "
  • Source tracking
    • " +msgstr "
  • Rastro da origem
    • " + +#: src/gui/FWObjectPropertiesFactory.cpp:744 +msgid "Max src nodes : " +msgstr "Máximo pontos de orig : " + +#: src/gui/FWObjectPropertiesFactory.cpp:747 +msgid "Max src states: " +msgstr "Máximo estados de orig: " + +#: src/gui/FWObjectPropertiesFactory.cpp:767 +#, qt-format +msgid "Ver:%1
    \n" +msgstr "Ver:%1
    \n" + +#: src/gui/FWObjectPropertiesFactory.cpp:781 +msgid "Log interval : " +msgstr "Intervalo de depuração : " + +#: src/gui/FWObjectPropertiesFactory.cpp:788 +msgid "
  • Disable logging for this rule
    • " +msgstr "
  • Desabilitar depuração para esta regra
    • " + +#: src/gui/FWObjectPropertiesFactory.cpp:820 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:159 +msgid "bitmask" +msgstr "máscara de bits" + +#: src/gui/FWObjectPropertiesFactory.cpp:821 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:160 +msgid "random" +msgstr "aleatório" + +#: src/gui/FWObjectPropertiesFactory.cpp:822 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:161 +msgid "source-hash" +msgstr "source-hash" + +#: src/gui/FWObjectPropertiesFactory.cpp:823 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:162 +msgid "round-robin" +msgstr "round-robin" + +#: src/gui/FWObjectPropertiesFactory.cpp:825 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:163 +msgid "static-port" +msgstr "porta-estática" + +#: src/gui/FWWindow.cpp:175 +msgid "No firewalls defined" +msgstr "Nenhum firewall definido" + +#: src/gui/FWWindow.cpp:379 +msgid "" +"Some objects have been modified but not saved.\n" +"Do you want to save changes now ?" +msgstr "" +"Alguns objetos foram modificados mas não salvos.\n" +"Deseja salvar agora ?" + +#: src/gui/FWWindow.cpp:381 src/gui/ObjectEditor.cpp:466 +#: src/gui/.ui/FWBMainWindow_q.cpp:453 +msgid "&Save" +msgstr "&Salvar" + +#: src/gui/FWWindow.cpp:381 src/gui/ObjectEditor.cpp:466 +#: src/gui/.ui/FWBMainWindow_q.cpp:556 +msgid "&Discard" +msgstr "&Descartar" + +#: src/gui/FWWindow.cpp:381 src/gui/FWWindow.cpp:680 src/gui/RCS.cpp:748 +#: src/gui/.ui/askrulenumberdialog_q.cpp:91 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:189 +#: src/gui/.ui/ipfadvanceddialog_q.cpp:549 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:353 +#: src/gui/.ui/iptadvanceddialog_q.cpp:601 +#: src/gui/.ui/linksysadvanceddialog_q.cpp:198 +#: src/gui/.ui/linux24advanceddialog_q.cpp:368 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:167 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:175 +#: src/gui/.ui/pagesetupdialog_q.cpp:110 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1002 src/gui/.ui/prefsdialog_q.cpp:366 +#: src/gui/.ui/rcsfilesavedialog_q.cpp:104 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:185 +msgid "&Cancel" +msgstr "&Cancelar" + +#: src/gui/FWWindow.cpp:436 +msgid "FWB Files (*.fwb);;All Files (*)" +msgstr "Arquivos FWB (*.fwb);;Todos os arquivos (*)" + +#: src/gui/FWWindow.cpp:447 src/gui/FWWindow.cpp:1805 +#, qt-format +msgid "" +"The file %1 already exists.\n" +"Do you want to overwrite it ?" +msgstr "" +"O arquivo %1 já existe.\n" +"Deseja reescreve-lo?" + +#: src/gui/FWWindow.cpp:449 src/gui/FWWindow.cpp:1807 +#: src/gui/ObjectManipulator.cpp:510 src/gui/ObjectManipulator.cpp:539 +#: src/gui/ObjectManipulator.cpp:1752 src/gui/ObjectManipulator.cpp:1828 +msgid "&Yes" +msgstr "&Sim" + +#: src/gui/FWWindow.cpp:449 src/gui/FWWindow.cpp:1807 +#: src/gui/ObjectManipulator.cpp:510 src/gui/ObjectManipulator.cpp:539 +#: src/gui/ObjectManipulator.cpp:1752 src/gui/ObjectManipulator.cpp:1828 +msgid "&No" +msgstr "&Não" + +#: src/gui/FWWindow.cpp:483 src/gui/FWWindow.cpp:1086 +#: src/gui/StartWizard.cpp:99 +msgid "Choose name and location for the new file" +msgstr "Digite o nome e local para o novo arquivo" + +#: src/gui/FWWindow.cpp:585 +msgid "Saving data to file..." +msgstr "Salvando no arquivo..." + +#: src/gui/FWWindow.cpp:617 +msgid "Choose name and location for the file" +msgstr "Digita o nome e local para o arquivo" + +#: src/gui/FWWindow.cpp:674 +msgid "" +"This operation discards all changes that have been saved\n" +"into the file so far, closes it and replaces it with a clean\n" +"copy of its head revision from RCS.\n" +"\n" +"All changes will be lost if you do this.\n" +"\n" +msgstr "" +"Esta operação descarta todas as alterações que foram salvas\n" +"no arquivo, feche-o e substitua-o com uma cópia\n" +"da revisão mais nova do RCS.\n" +"\n" +"Todas as alterações serão perdidas se você fizer isso.\n" +"\n" + +#: src/gui/FWWindow.cpp:679 src/gui/ObjectEditor.cpp:439 +msgid "&Discard changes" +msgstr "&Descartar alterações" + +#: src/gui/FWWindow.cpp:723 +#, qt-format +msgid "File %1 has been added to RCS." +msgstr "O arquivo %1 foi adicionado ao RCS." + +#: src/gui/FWWindow.cpp:732 src/gui/StartWizard.cpp:157 +#, qt-format +msgid "" +"Error adding file to RCS:\n" +"%1" +msgstr "" +"Erro ao adicionar o arquivo ao RCS:\n" +"%1" + +#: src/gui/FWWindow.cpp:739 src/gui/FWWindow.cpp:1124 +msgid "(read-only)" +msgstr "(somente leitura)" + +#: src/gui/FWWindow.cpp:798 src/gui/FWWindow.cpp:908 +msgid "Loading system objects..." +msgstr "Carregando objetos do sistema..." + +#: src/gui/FWWindow.cpp:857 src/gui/FWWindow.cpp:1148 +#: src/gui/FWWindow.cpp:1154 +#, qt-format +msgid "" +"Error loading file:\n" +"%1" +msgstr "" +"Erro abrindo o arquivo:\n" +"%1" + +#: src/gui/FWWindow.cpp:916 +msgid "Reading and parsing data file..." +msgstr "Lendo e analisando o arquivo de dados..." + +#: src/gui/FWWindow.cpp:986 +msgid "Merging with system objects..." +msgstr "Unir com objetos do sistema..." + +#: src/gui/FWWindow.cpp:1080 +#, qt-format +msgid "" +"Firewall Builder 2 uses file extension '.fwb' and \n" +"needs to rename old data file '%1' to '%2',\n" +"but file '%3' already exists.\n" +"Choose a different name for the new file." +msgstr "" + +#: src/gui/FWWindow.cpp:1094 +msgid "Load operation cancelled and data file reverted to original version." +msgstr "" + +#: src/gui/FWWindow.cpp:1109 +#, qt-format +msgid "" +"Firewall Builder 2 uses file extension '.fwb'. Your data file '%1' \n" +"has been renamed '%2'" +msgstr "" + +#: src/gui/FWWindow.cpp:1140 +#, qt-format +msgid "Exception: %1" +msgstr "Exceção: %1" + +#: src/gui/FWWindow.cpp:1142 +#, qt-format +msgid "Failed transformation : %1" +msgstr "Falha na transformação : %1" + +#: src/gui/FWWindow.cpp:1144 +#, qt-format +msgid "XML element : %1" +msgstr "Elemento XML : %1" + +#: src/gui/FWWindow.cpp:1167 +msgid "Building object tree..." +msgstr "Gerando árvore de objetos..." + +#: src/gui/FWWindow.cpp:1172 +msgid "Indexing..." +msgstr "Indexando..." + +#: src/gui/FWWindow.cpp:1197 +#, qt-format +msgid "Checking file %1 in RCS" +msgstr "Checando o arquivo %1 no RCS" + +#: src/gui/FWWindow.cpp:1222 +#, qt-format +msgid "" +"Error checking in file %1:\n" +"%2" +msgstr "" +"Erro checando o arquivo %1:\n" +"%2" + +#: src/gui/FWWindow.cpp:1310 src/gui/FWWindow.cpp:1750 +msgid "File is read-only" +msgstr "O arquivo é somente leitura" + +#: src/gui/FWWindow.cpp:1316 src/gui/FWWindow.cpp:1754 +#, qt-format +msgid "Error saving file %1: %2" +msgstr "Erro gravando o arquivo %1: %2" + +#: src/gui/FWWindow.cpp:1359 src/gui/listOfLibraries.cpp:214 +#, qt-format +msgid "Duplicate library '%1'" +msgstr "Duplicar a biblioteca '%1'" + +#: src/gui/FWWindow.cpp:1381 src/gui/FWWindow.cpp:1454 +#: src/gui/FWWindow.cpp:1472 src/gui/listOfLibraries.cpp:186 +#, qt-format +msgid "" +"Error loading file %1:\n" +"%2" +msgstr "" +"Erro carregando o arquivo %1:\n" +"%2" + +#: src/gui/FWWindow.cpp:1395 +msgid "Choose a file to import" +msgstr "Selecione um arquivo a importar" + +#: src/gui/FWWindow.cpp:1413 +msgid "" +"This operation inspects two data files (either .fwb or .fwl) and finds " +"conflicting objects. Conflicting objects have the same internal ID but " +"different attributes. Two data files can not be merged, or one imported into " +"another, if they contain such objects. This operation also helps identify " +"changes made to objects in two copies of the same data file.

    This " +"operation does not find objects present in one file but not in the other, " +"such objects present no problem for merge or import operations.

    This " +"operation works with two external files, neither of which needs to be opened " +"in the program. Currently opened data file is not affected by this operation " +"and objects in the tree do not change.

    Do you want to proceed ?" +msgstr "" + +#: src/gui/FWWindow.cpp:1426 +msgid "Choose the first file" +msgstr "" + +#: src/gui/FWWindow.cpp:1433 +#, fuzzy +msgid "Choose the second file" +msgstr "Comentar o código" + +#: src/gui/FWWindow.cpp:1496 +#, qt-format +msgid "" +"Total number of conflicting objects: %1.\n" +"Do you want to generate report?" +msgstr "" + +#: src/gui/FWWindow.cpp:1509 +#, fuzzy +msgid "TXT Files (*.txt);;All Files (*)" +msgstr "Arquivos FWB (*.fwb);;Todos os arquivos (*)" + +#: src/gui/FWWindow.cpp:1511 +#, fuzzy +msgid "Choose name and location for the report file" +msgstr "Digite o nome e local para o novo arquivo" + +#: src/gui/FWWindow.cpp:1536 +#, qt-format +msgid "Can not open report file for writing. File '%1'" +msgstr "" + +#: src/gui/FWWindow.cpp:1547 +#, qt-format +msgid "" +"Unexpected error comparing files %1 and %2:\n" +"%3" +msgstr "" + +#: src/gui/FWWindow.cpp:1664 +#, qt-format +msgid "" +"Library %1: Firewall '%2' (global policy rule #%3) uses object '%4' from " +"library '%5'" +msgstr "" + +#: src/gui/FWWindow.cpp:1673 +#, qt-format +msgid "" +"Library %1: Firewall '%2' (interface %3 policy rule #%4) uses object '%5' " +"from library '%6'" +msgstr "" + +#: src/gui/FWWindow.cpp:1684 +#, qt-format +msgid "" +"Library %1: Firewall '%2' (NAT rule #%3) uses object '%4' from library '%5'" +msgstr "" + +#: src/gui/FWWindow.cpp:1694 +#, qt-format +msgid "Library %1: Group '%2' uses object '%3' from library '%4'" +msgstr "" + +#: src/gui/FWWindow.cpp:1709 +msgid "" +"A library that you are trying to export contains references\n" +"to objects in the other libraries and can not be exported.\n" +"The following objects need to be moved outside of it or\n" +"objects that they refer to moved in it:" +msgstr "" + +#: src/gui/FWWindow.cpp:1780 +msgid "Please select a library you want to export." +msgstr "Seleciona a biblioteca que você quer exportar." + +#: src/gui/FWWindow.cpp:1999 +#, qt-format +msgid "%1" +msgstr "" + +#: src/gui/FWWindow.cpp:2011 +#, qt-format +msgid "Building branch policy view '%1'..." +msgstr "" + +#: src/gui/FWWindow.cpp:2081 +msgid "Building policy view..." +msgstr "Gerando visualização de política..." + +#: src/gui/FWWindow.cpp:2110 +msgid "Building NAT view..." +msgstr "Gerando visualização de NAT..." + +#: src/gui/FWWindow.cpp:2125 +msgid "Building routing view..." +msgstr "Gerando visualização de rotas..." + +#: src/gui/FWWindowPrint.cpp:92 src/gui/.ui/discoverydruid_q.cpp:1023 +#: src/gui/.ui/firewalldialog_q.cpp:209 src/gui/.ui/firewalldialog_q.cpp:210 +#: src/gui/.ui/instdialog_q.cpp:83 src/gui/.ui/instdialog_q.cpp:135 +#: src/gui/.ui/instdialog_q.cpp:224 src/gui/.ui/instdialog_q.cpp:269 +#: src/gui/.ui/instdialog_q.cpp:279 src/gui/.ui/instdialog_q.cpp:289 +msgid "Firewall" +msgstr "Firewall" + +#: src/gui/FWWindowPrint.cpp:93 src/gui/.ui/discoverydruid_q.cpp:1022 +#: src/gui/.ui/hostdialog_q.cpp:144 src/gui/.ui/hostdialog_q.cpp:145 +msgid "Host" +msgstr "Máquina" + +#: src/gui/FWWindowPrint.cpp:95 +msgid "Addres Range" +msgstr "Intervalo de Endereço" + +#: src/gui/FWWindowPrint.cpp:96 src/gui/RuleSetView.cpp:3315 +#: src/gui/RuleSetView.cpp:3565 src/gui/.ui/interfacedialog_q.cpp:231 +#: src/gui/.ui/interfacedialog_q.cpp:232 +msgid "Interface" +msgstr "Interface" + +#: src/gui/FWWindowPrint.cpp:97 src/gui/.ui/networkdialog_q.cpp:163 +#: src/gui/.ui/networkdialog_q.cpp:164 +msgid "Network" +msgstr "Rede" + +#: src/gui/FWWindowPrint.cpp:98 +msgid "Group of objects" +msgstr "Grupo de objetos" + +#: src/gui/FWWindowPrint.cpp:99 src/gui/.ui/customservicedialog_q.cpp:177 +#: src/gui/.ui/customservicedialog_q.cpp:178 +msgid "Custom Service" +msgstr "Customizar Serviço" + +#: src/gui/FWWindowPrint.cpp:100 src/gui/.ui/ipservicedialog_q.cpp:209 +msgid "IP Service" +msgstr "Serviço IP" + +#: src/gui/FWWindowPrint.cpp:101 src/gui/.ui/icmpservicedialog_q.cpp:168 +msgid "ICMP Service" +msgstr "Serviço ICMP" + +#: src/gui/FWWindowPrint.cpp:102 src/gui/.ui/tcpservicedialog_q.cpp:371 +msgid "TCP Service" +msgstr "Serviço TCP" + +#: src/gui/FWWindowPrint.cpp:103 src/gui/.ui/udpservicedialog_q.cpp:222 +msgid "UDP Service" +msgstr "Serviço UDP" + +#: src/gui/FWWindowPrint.cpp:104 +msgid "Group of services" +msgstr "Grupo de serviços" + +#: src/gui/FWWindowPrint.cpp:105 src/gui/.ui/timedialog_q.cpp:242 +msgid "Time Interval" +msgstr "Tempo de Intervalo" + +#: src/gui/FWWindowPrint.cpp:281 +#, qt-format +msgid "Firewall name: %1" +msgstr "Nome do Firewall: %1" + +#: src/gui/FWWindowPrint.cpp:282 +msgid "Platform: " +msgstr "Plataforma:" + +#: src/gui/FWWindowPrint.cpp:283 +msgid "Version: " +msgstr "Versão: " + +#: src/gui/FWWindowPrint.cpp:284 +msgid "Host OS: " +msgstr "S.O. da máquina:" + +#: src/gui/FWWindowPrint.cpp:290 +msgid "Global Policy" +msgstr "Política Global" + +#: src/gui/FWWindowPrint.cpp:341 +#, qt-format +msgid "Interface %1" +msgstr "Interface %1" + +#: src/gui/FWWindowPrint.cpp:541 +msgid "Legend" +msgstr "Legenda" + +#: src/gui/FWWindowPrint.cpp:632 src/gui/.ui/discoverydruid_q.cpp:1015 +msgid "Objects" +msgstr "Objetos" + +#: src/gui/FWWindowPrint.cpp:854 +msgid "Groups" +msgstr "Grupos" + +#: src/gui/FWWindowPrint.cpp:897 +msgid "EMPTY" +msgstr "VAZIO" + +#: src/gui/FWWindowPrint.cpp:919 src/gui/FWWindowPrint.cpp:922 +#: src/gui/FWWindowPrint.cpp:930 +msgid "Printing aborted" +msgstr "Impressão cancelada" + +#: src/gui/FWWindowPrint.cpp:926 +msgid "Printing completed" +msgstr "Impressão concluída" + +#: src/gui/GroupObjectDialog.cpp:145 +msgid "Properties" +msgstr "Propriedades" + +#: src/gui/GroupObjectDialog.cpp:675 src/gui/.ui/FWBMainWindow_q.cpp:449 +#: src/gui/.ui/FWBMainWindow_q.cpp:493 src/gui/.ui/FWBMainWindow_q.cpp:494 +msgid "Open" +msgstr "Abrir" + +#: src/gui/GroupObjectDialog.cpp:677 src/gui/ObjectManipulator.cpp:840 +#: src/gui/RuleSetView.cpp:1660 src/gui/RuleSetView.cpp:1789 +#: src/gui/RuleSetView.cpp:1793 src/gui/RuleSetView.cpp:1797 +#: src/gui/.ui/ipfadvanceddialog_q.cpp:593 +#: src/gui/.ui/ipfadvanceddialog_q.cpp:597 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:379 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:383 +#: src/gui/.ui/iptadvanceddialog_q.cpp:635 +#: src/gui/.ui/iptadvanceddialog_q.cpp:641 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1107 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1111 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1882 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1886 +msgid "Edit" +msgstr "Editar" + +#: src/gui/GroupObjectDialog.cpp:680 src/gui/ObjectManipulator.cpp:912 +#: src/gui/RuleSetView.cpp:1663 src/gui/.ui/FWBMainWindow_q.cpp:473 +msgid "Copy" +msgstr "Copiar" + +#: src/gui/GroupObjectDialog.cpp:681 src/gui/ObjectManipulator.cpp:914 +#: src/gui/RuleSetView.cpp:1665 src/gui/.ui/FWBMainWindow_q.cpp:470 +msgid "Cut" +msgstr "Cortar" + +#: src/gui/InstallFirewallViewItem.cpp:31 src/gui/instDialog.cpp:1893 +#: src/gui/instDialog.cpp:2045 src/gui/instDialog.cpp:2253 +#: src/gui/instDialog.cpp:2272 src/gui/instDialog.cpp:2286 +#: src/gui/instDialog.cpp:2298 +msgid "Failure" +msgstr "Falha" + +#: src/gui/InstallFirewallViewItem.cpp:44 src/gui/instDialog.cpp:1149 +#: src/gui/instDialog.cpp:1150 src/gui/instDialog.cpp:1818 +#: src/gui/instDialog.cpp:1847 src/gui/instDialog.cpp:1848 +msgid "Success" +msgstr "Sucesso" + +#: src/gui/instBatchOptionsDialog.cpp:47 +msgid "Batch install options" +msgstr "Opções de instalação em lote" + +#: src/gui/instDialog.cpp:116 +msgid "There is no firewalls to process." +msgstr "Não existem firewalls para processar." + +#: src/gui/instDialog.cpp:131 +msgid "" +"

    Select firewalls for compilation.

    " +msgstr "" + +#: src/gui/instDialog.cpp:145 +msgid "Unknown operation." +msgstr "Operação desconhecida." + +#: src/gui/instDialog.cpp:176 +msgid "Show details" +msgstr "Mostrar detalhes" + +#: src/gui/instDialog.cpp:182 +msgid "Hide details" +msgstr "Esconder detalhes" + +#: src/gui/instDialog.cpp:286 +msgid "Unsupported exception" +msgstr "Exceção não suportada" + +#: src/gui/instDialog.cpp:326 +msgid "Summary:" +msgstr "Resumo:" + +#: src/gui/instDialog.cpp:329 src/gui/instDialog.cpp:359 +#, qt-format +msgid "* firewall name : %1" +msgstr "* nome do firewall : %1" + +#: src/gui/instDialog.cpp:331 +#, qt-format +msgid "* user name : %1" +msgstr "* nome de usuário : %1" + +#: src/gui/instDialog.cpp:333 +#, qt-format +msgid "* management address : %1" +msgstr "* gerenciamento de endereço : %1" + +#: src/gui/instDialog.cpp:335 +#, qt-format +msgid "* platform : %1" +msgstr "* plataforma : %1" + +#: src/gui/instDialog.cpp:337 +#, qt-format +msgid "* host OS : %1" +msgstr "* S.O. da máquina : %1" + +#: src/gui/instDialog.cpp:339 +#, qt-format +msgid "* Loading configuration from file %1" +msgstr "* Carregando configuração do arquivo %1" + +#: src/gui/instDialog.cpp:344 +msgid "* Incremental install" +msgstr "* Instalação incremental" + +#: src/gui/instDialog.cpp:349 +#, qt-format +msgid "* Configuration diff will be saved in file %1" +msgstr "" + +#: src/gui/instDialog.cpp:354 +msgid "* Commands will not be executed on the firewall" +msgstr "" + +#: src/gui/instDialog.cpp:656 +#, qt-format +msgid "" +"Only one interface of the firewall '%1' must be marked as management " +"interface." +msgstr "" + +#: src/gui/instDialog.cpp:663 +#, qt-format +msgid "" +"One of the interfaces of the firewall '%1' must be marked as management " +"interface." +msgstr "" + +#: src/gui/instDialog.cpp:670 +msgid "" +"Management interface does not have IP address, can not communicate with the " +"firewall." +msgstr "" + +#: src/gui/instDialog.cpp:718 +#, qt-format +msgid "File %1 not found." +msgstr "Arquivo %1 não encontrado." + +#: src/gui/instDialog.cpp:1002 src/gui/SSHPIX.cpp:347 +#, qt-format +msgid "Can not open file %1" +msgstr "Impossível abrir o arquivo %1" + +#: src/gui/instDialog.cpp:1105 +#, qt-format +msgid "" +"\n" +"Copying %1 -> %2:%3\n" +msgstr "" +"\n" +"Copiando %1 -> %2:%3\n" + +#: src/gui/instDialog.cpp:1139 +#, qt-format +msgid "" +"Running command '%1'\n" +"\n" +msgstr "" +"Executando o comando '%1'\n" +"\n" + +#: src/gui/instDialog.cpp:1154 src/gui/instDialog.cpp:1155 +#: src/gui/instDialog.cpp:1823 src/gui/instDialog.cpp:1859 +#: src/gui/instDialog.cpp:1860 +msgid "Error" +msgstr "Erro" + +#: src/gui/instDialog.cpp:1177 +msgid "Fatal error, terminating install sequence\n" +msgstr "" + +#: src/gui/instDialog.cpp:1190 +msgid "Done\n" +msgstr "Feito\n" + +#: src/gui/instDialog.cpp:1253 +msgid "Activating new policy\n" +msgstr "Ativar nova política\n" + +#: src/gui/instDialog.cpp:1421 +#, qt-format +msgid "Compiling rule sets for firewall: %1" +msgstr "" + +#: src/gui/instDialog.cpp:1459 +msgid "" +"Policy installer uses Secure Shell to communicate with the firewall.\n" +"Please configure directory path to the secure shell utility \n" +"installed on your machine using Preferences dialog" +msgstr "" + +#: src/gui/instDialog.cpp:1483 +msgid "Firewall isn't compiled." +msgstr "O Firewall não esta compilado." + +#: src/gui/instDialog.cpp:1578 +msgid "" +"Firewall platform is not specified in this object.\n" +"Can't compile firewall policy." +msgstr "" + +#: src/gui/instDialog.cpp:1779 +msgid "Error: Terminating install sequence\n" +msgstr "" + +#: src/gui/instDialog.cpp:1852 +msgid "Abnormal program termination" +msgstr "Término anormal do programa" + +#: src/gui/instDialog.cpp:1858 +msgid "Skipped" +msgstr "Ignorado" + +#: src/gui/instDialog.cpp:1888 src/gui/instDialog.cpp:2040 +msgid "Compiling ..." +msgstr "Compilando ..." + +#: src/gui/instDialog.cpp:1901 +msgid "Recompile" +msgstr "Recompilar" + +#: src/gui/instDialog.cpp:1987 +msgid "Batch policy rules compilation" +msgstr "" + +#: src/gui/instDialog.cpp:2016 src/gui/instDialog.cpp:2159 +#: src/gui/.ui/discoverydruid_q.cpp:992 src/gui/.ui/execdialog_q.cpp:94 +#: src/gui/.ui/instdialog_q.cpp:278 +msgid "Stop" +msgstr "Parar" + +#: src/gui/instDialog.cpp:2170 +msgid "Install firewall: " +msgstr "Instalar o firewall:" + +#: src/gui/instDialog.cpp:2180 +msgid "Installing firewalls" +msgstr "Instalar os firewalls" + +#: src/gui/instDialog.cpp:2211 +msgid "Installing ..." +msgstr "Instalando ..." + +#: src/gui/instDialog.cpp:2265 +#, qt-format +msgid "Installing policy rules on firewall '%1'." +msgstr "Instalando regras de políticas no firewall '%1'." + +#: src/gui/instDialog.cpp:2395 src/gui/.ui/instdialog_q.cpp:276 +msgid "Show selected" +msgstr "Mostrar selecionados" + +#: src/gui/instDialog.cpp:2401 +msgid "Show all" +msgstr "Mostrar Tudo" + +#: src/gui/instOptionsDialog.cpp:66 +#, qt-format +msgid "Install options for firewall '%1'" +msgstr "Opções de instalação para o firewall '%1'" + +#: src/gui/InterfaceDialog.cpp:193 +msgid "Group: " +msgstr "Grupo: " + +#: src/gui/InterfaceDialog.cpp:211 +msgid "Network: " +msgstr "Rede: " + +#: src/gui/ipfAdvancedDialog.cpp:170 src/gui/ipfAdvancedDialog.cpp:179 +#: src/gui/ipfwAdvancedDialog.cpp:144 src/gui/ipfwAdvancedDialog.cpp:153 +#: src/gui/iptAdvancedDialog.cpp:204 src/gui/iptAdvancedDialog.cpp:213 +#: src/gui/pfAdvancedDialog.cpp:278 src/gui/pfAdvancedDialog.cpp:287 +#: src/gui/pixAdvancedDialog.cpp:786 src/gui/pixAdvancedDialog.cpp:795 +#: src/gui/.ui/metriceditorpanel_q.cpp:76 src/gui/.ui/simpleinteditor_q.cpp:88 +#: src/gui/.ui/simpletexteditor_q.cpp:93 +msgid "Script Editor" +msgstr "Editor de Script" + +#: src/gui/IPv4Dialog.cpp:159 src/gui/NetworkDialog.cpp:119 +#, qt-format +msgid "Illegal netmask '%1'" +msgstr "Máscara ilegal '%1'" + +#: src/gui/IPv4Dialog.cpp:263 +#, qt-format +msgid "" +"DNS lookup failed for both names of the address object '%1' and the name of " +"the host '%2'." +msgstr "" + +#: src/gui/IPv4Dialog.cpp:270 +#, qt-format +msgid "DNS lookup failed for name of the address object '%1'." +msgstr "" + +#: src/gui/LibraryDialog.cpp:151 +msgid "Pick the color for this library" +msgstr "Selecione a cor para esta biblioteca" + +#: src/gui/listOfLibraries.cpp:142 +msgid "" +"The library file you are trying to open\n" +"has been saved in an older version of\n" +"Firewall Builder and needs to be upgraded.\n" +"To upgrade it, just load it in the Firewall\n" +"Builder GUI and save back to file again." +msgstr "" + +#: src/gui/newFirewallDialog.cpp:99 src/gui/.ui/newhostdialog_q.cpp:390 +msgid "" +"Check option 'dynamic address' for the interface that gets its IP address " +"dynamically via DHCP or PPP protocol." +msgstr "" + +#: src/gui/newFirewallDialog.cpp:100 src/gui/.ui/newhostdialog_q.cpp:389 +msgid "" +"Check option 'Unnumbered interface' for the interface that does not have an " +"IP address. Examples of interfaces of this kind are those used to terminate " +"PPPoE or VPN tunnels." +msgstr "" + +#: src/gui/newFirewallDialog.cpp:229 src/gui/newHostDialog.cpp:222 +msgid "Missing SNMP community string." +msgstr "Esta faltando o parâmetro \"community\" do SNMP." + +#: src/gui/newFirewallDialog.cpp:248 src/gui/newHostDialog.cpp:241 +#, qt-format +msgid "Address of %1 could not be obtained via DNS" +msgstr "O endereço de %1 não pode ser obtido via DNS" + +#: src/gui/newFirewallDialog.cpp:422 +msgid "dynamic" +msgstr "dinâmico" + +#: src/gui/newFirewallDialog.cpp:503 src/gui/newHostDialog.cpp:433 +#, qt-format +msgid "Interface: %1 (%2)" +msgstr "Interface: %1 (%2)" + +#: src/gui/newFirewallDialog.cpp:511 src/gui/newHostDialog.cpp:441 +#: src/gui/.ui/newfirewalldialog_q.cpp:514 src/gui/.ui/newhostdialog_q.cpp:404 +msgid "Dynamic address" +msgstr "Endereço Dinâmico" + +#: src/gui/newFirewallDialog.cpp:513 src/gui/newHostDialog.cpp:443 +#: src/gui/.ui/interfacedialog_q.cpp:254 +#: src/gui/.ui/newfirewalldialog_q.cpp:513 src/gui/.ui/newhostdialog_q.cpp:395 +msgid "Unnumbered interface" +msgstr "Interface não numerada" + +#: src/gui/newFirewallDialog.cpp:515 src/gui/.ui/interfacedialog_q.cpp:259 +#: src/gui/.ui/newfirewalldialog_q.cpp:512 +msgid "Bridge port" +msgstr "Porta de Bridge" + +#: src/gui/newFirewallDialog.cpp:555 src/gui/newHostDialog.cpp:480 +#, qt-format +msgid "Illegal address '%1/%2'" +msgstr "Endereço ilegal '%1/%2'" + +#: src/gui/ObjConflictResolutionDialog.cpp:63 +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:152 +msgid "Keep current object" +msgstr "Manter o objeto atual" + +#: src/gui/ObjConflictResolutionDialog.cpp:64 +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:157 +msgid "Replace with this object" +msgstr "Substituir com este objeto" + +#: src/gui/ObjConflictResolutionDialog.cpp:117 +#: src/gui/ObjConflictResolutionDialog.cpp:141 +#, fuzzy, qt-format +msgid "Object '%1' has been deleted" +msgstr "Objeto '%1' foi removido" + +#: src/gui/ObjConflictResolutionDialog.cpp:176 +#, fuzzy, qt-format +msgid "Object '%1' in the objects tree" +msgstr "Objeto '%1' na árvore de objetos" + +#: src/gui/ObjConflictResolutionDialog.cpp:178 +#: src/gui/ObjConflictResolutionDialog.cpp:180 +#, fuzzy, qt-format +msgid "Object '%1' in file %2" +msgstr "Objeto '%1' no arquivo %2" + +#: src/gui/ObjConflictResolutionDialog.cpp:297 +#: src/gui/.ui/findobjectwidget_q.cpp:191 +msgid "Next" +msgstr "Seguinte" + +#: src/gui/ObjConflictResolutionDialog.cpp:299 +msgid "" +"The following two objects have the same internal ID but different attributes:" +msgstr "" + +#: src/gui/ObjConflictResolutionDialog.cpp:300 +msgid "Skip the rest but build report" +msgstr "" + +#: src/gui/ObjectEditor.cpp:437 +msgid "" +"Modifications done to this object can not be saved.\n" +"Do you want to continue editing it ?" +msgstr "" + +#: src/gui/ObjectEditor.cpp:438 src/gui/ObjectEditor.cpp:466 +#: src/gui/TCPServiceDialog.cpp:177 src/gui/TCPServiceDialog.cpp:185 +#: src/gui/UDPServiceDialog.cpp:119 src/gui/UDPServiceDialog.cpp:127 +#: src/gui/utils.cpp:221 +msgid "&Continue editing" +msgstr "&Continuar editando" + +#: src/gui/ObjectEditor.cpp:465 +msgid "" +"This object has been modified but not saved.\n" +"Do you want to save it ?" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:145 +msgid "Object Manipulator" +msgstr "Manipulador de Objeto" + +#: src/gui/ObjectManipulator.cpp:161 +msgid "New &Library" +msgstr "Nova &Biblioteca" + +#: src/gui/ObjectManipulator.cpp:164 +msgid "New &Firewall" +msgstr "Novo &Firewall" + +#: src/gui/ObjectManipulator.cpp:165 +msgid "New &Host" +msgstr "Nova &Máquina" + +#: src/gui/ObjectManipulator.cpp:166 +msgid "New &Interface" +msgstr "Nova &Interface" + +#: src/gui/ObjectManipulator.cpp:168 +msgid "New &Network" +msgstr "Nova &Rede" + +#: src/gui/ObjectManipulator.cpp:169 +msgid "New &Address" +msgstr "Novo &Endereço" + +#: src/gui/ObjectManipulator.cpp:170 +msgid "New &DNS Name" +msgstr "Novo &DNS" + +#: src/gui/ObjectManipulator.cpp:171 +msgid "New A&ddress Table" +msgstr "Nova Tabela de E&ndereços" + +#: src/gui/ObjectManipulator.cpp:172 +msgid "New Address &Range" +msgstr "Novo &Intervalo de Endereços" + +#: src/gui/ObjectManipulator.cpp:173 +msgid "New &Object Group" +msgstr "Novo &Grupo de Objetos" + +#: src/gui/ObjectManipulator.cpp:175 +msgid "New &Custom Service" +msgstr "Novo Serviço &Customizado" + +#: src/gui/ObjectManipulator.cpp:176 +msgid "New &IP Service" +msgstr "Novo &Serviço IP" + +#: src/gui/ObjectManipulator.cpp:177 +msgid "New IC&MP Service" +msgstr "Novo Serviço IC&MP" + +#: src/gui/ObjectManipulator.cpp:178 +msgid "New &TCP Service" +msgstr "Novo Serviço &TCP" + +#: src/gui/ObjectManipulator.cpp:179 +msgid "New &UDP Service" +msgstr "Novo Serviço &UDP" + +#: src/gui/ObjectManipulator.cpp:180 +msgid "New &TagService" +msgstr "Nova E&tiqueta" + +#: src/gui/ObjectManipulator.cpp:181 +msgid "New &Service Group" +msgstr "Novo Grupo de &Serviços" + +#: src/gui/ObjectManipulator.cpp:183 +msgid "New Ti&me Interval" +msgstr "Novo Intervalo de Te&mpo" + +#: src/gui/ObjectManipulator.cpp:230 +msgid " ( read only )" +msgstr " ( somente leitura )" + +#: src/gui/ObjectManipulator.cpp:498 +msgid "" +"The name of the object '%1' has changed. The program can also\n" +"rename IP address objects that belong to this object,\n" +"using standard naming scheme 'host_name:interface_name:ip'.\n" +"This makes it easier to distinguish what host or a firewall\n" +"given IP address object belongs to when it is used in \n" +"the policy or NAT rule. The program also renames MAC address\n" +"objects using scheme 'host_name:interface_name:mac'.\n" +"Do you want to rename child IP and MAC address objects now?\n" +"(If you click 'No', names of all address objects that belong to\n" +"%1 will stay the same.)" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:527 +msgid "" +"The name of the interface '%1' has changed. The program can also\n" +"rename IP address objects that belong to this interface,\n" +"using standard naming scheme 'host_name:interface_name:ip'.\n" +"This makes it easier to distinguish what host or a firewall\n" +"given IP address object belongs to when it is used in \n" +"the policy or NAT rule. The program also renames MAC address\n" +"objects using scheme 'host_name:interface_name:mac'.\n" +"Do you want to rename child IP and MAC address objects now?\n" +"(If you click 'No', names of all address objects that belong to\n" +"%1 will stay the same.)" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:874 +#, qt-format +msgid "place in library %1" +msgstr "colocar na biblioteca %1" + +#: src/gui/ObjectManipulator.cpp:883 +#, qt-format +msgid "to library %1" +msgstr "para a biblioteca %1" + +#: src/gui/ObjectManipulator.cpp:893 +msgid "place here" +msgstr "colocar aqui" + +#: src/gui/ObjectManipulator.cpp:896 +msgid "Duplicate ..." +msgstr "Duplicar ..." + +#: src/gui/ObjectManipulator.cpp:901 src/gui/ObjectManipulator.cpp:904 +msgid "Move ..." +msgstr "Mover ..." + +#: src/gui/ObjectManipulator.cpp:933 +msgid "Add Interface" +msgstr "Adicionar Interface" + +#: src/gui/ObjectManipulator.cpp:938 +msgid "Add IP Address" +msgstr "Adicionar Endereço IP" + +#: src/gui/ObjectManipulator.cpp:940 +msgid "Add MAC Address" +msgstr "Adicionar Endereço MAC" + +#: src/gui/ObjectManipulator.cpp:945 src/gui/.ui/newfirewalldialog_q.cpp:486 +msgid "New Firewall" +msgstr "Novo Firewall" + +#: src/gui/ObjectManipulator.cpp:950 src/gui/ObjectManipulator.cpp:2515 +#: src/gui/ObjectManipulator.cpp:2531 +msgid "New Address" +msgstr "Novo Endereço" + +#: src/gui/ObjectManipulator.cpp:955 src/gui/ObjectManipulator.cpp:2546 +msgid "New DNS Name" +msgstr "Novo DNS" + +#: src/gui/ObjectManipulator.cpp:961 src/gui/ObjectManipulator.cpp:2557 +msgid "New Address Table" +msgstr "Nova Tabela de Endereços" + +#: src/gui/ObjectManipulator.cpp:966 src/gui/ObjectManipulator.cpp:2624 +msgid "New Address Range" +msgstr "Novo Intervalo de Endereços" + +#: src/gui/ObjectManipulator.cpp:970 src/gui/.ui/newhostdialog_q.cpp:377 +msgid "New Host" +msgstr "Nova Máquina" + +#: src/gui/ObjectManipulator.cpp:974 src/gui/ObjectManipulator.cpp:2491 +msgid "New Network" +msgstr "Nova Rede" + +#: src/gui/ObjectManipulator.cpp:978 src/gui/ObjectManipulator.cpp:1006 +#: src/gui/.ui/newgroupdialog_q.cpp:97 +msgid "New Group" +msgstr "Novo Grupo" + +#: src/gui/ObjectManipulator.cpp:982 src/gui/ObjectManipulator.cpp:2647 +msgid "New Custom Service" +msgstr "Novo Serviço Customizado" + +#: src/gui/ObjectManipulator.cpp:986 src/gui/ObjectManipulator.cpp:2658 +msgid "New IP Service" +msgstr "Novo Serviço IP" + +#: src/gui/ObjectManipulator.cpp:990 src/gui/ObjectManipulator.cpp:2669 +msgid "New ICMP Service" +msgstr "Novo Serviço ICMP" + +#: src/gui/ObjectManipulator.cpp:994 src/gui/ObjectManipulator.cpp:2680 +msgid "New TCP Service" +msgstr "Novo Serviço TCP" + +#: src/gui/ObjectManipulator.cpp:998 src/gui/ObjectManipulator.cpp:2691 +msgid "New UDP Service" +msgstr "Novo Serviço UDP" + +#: src/gui/ObjectManipulator.cpp:1002 src/gui/ObjectManipulator.cpp:2591 +msgid "New TagService" +msgstr "Nova Etiqueta" + +#: src/gui/ObjectManipulator.cpp:1010 src/gui/ObjectManipulator.cpp:2714 +msgid "New Time Interval" +msgstr "Novo Intervalo de Tempo" + +#: src/gui/ObjectManipulator.cpp:1014 src/gui/.ui/finddialog_q.cpp:131 +#: src/gui/.ui/findwhereusedwidget_q.cpp:121 +msgid "Find" +msgstr "Procurar" + +#: src/gui/ObjectManipulator.cpp:1015 src/gui/RuleSetView.cpp:1672 +msgid "Where used" +msgstr "Quando utilizado" + +#: src/gui/ObjectManipulator.cpp:1027 src/gui/.ui/groupobjectdialog_q.cpp:186 +#: src/gui/.ui/groupobjectdialog_q.cpp:187 +msgid "Group" +msgstr "Grupo" + +#: src/gui/ObjectManipulator.cpp:1035 src/gui/.ui/FWBMainWindow_q.cpp:499 +#: src/gui/.ui/FWBMainWindow_q.cpp:500 src/gui/.ui/instdialog_q.cpp:79 +#: src/gui/.ui/instdialog_q.cpp:267 +msgid "Compile" +msgstr "Compilar" + +#: src/gui/ObjectManipulator.cpp:1036 src/gui/.ui/FWBMainWindow_q.cpp:502 +#: src/gui/.ui/FWBMainWindow_q.cpp:503 src/gui/.ui/instdialog_q.cpp:81 +#: src/gui/.ui/instdialog_q.cpp:268 +msgid "Install" +msgstr "Instalar" + +#: src/gui/ObjectManipulator.cpp:1043 src/gui/.ui/FWBMainWindow_q.cpp:561 +#: src/gui/.ui/FWBMainWindow_q.cpp:562 +msgid "Lock" +msgstr "Bloquear" + +#: src/gui/ObjectManipulator.cpp:1045 src/gui/.ui/FWBMainWindow_q.cpp:563 +#: src/gui/.ui/FWBMainWindow_q.cpp:564 +msgid "Unlock" +msgstr "Desbloquear" + +#: src/gui/ObjectManipulator.cpp:1054 +msgid "dump" +msgstr "dump" + +#: src/gui/ObjectManipulator.cpp:1087 +msgid "Undelete..." +msgstr "Desfazer..." + +#: src/gui/ObjectManipulator.cpp:1576 +#, qt-format +msgid "" +"Impossible to insert object %1 (type %2) into %3\n" +"because of incompatible type." +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1743 +msgid "" +"Emptying the 'Deleted Objects' in a library file is not recommended.\n" +"When you remove deleted objects from a library file, Firewall Builder\n" +"loses ability to track them. If a group or a policy rule in some\n" +"data file still uses removed object from this library, you may encounter\n" +"unusual and unexpected behavior of the program.\n" +"Do you want to delete selected objects anyway ?" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1823 +#, qt-format +msgid "" +"When you delete a library, all objects that belong to it\n" +"disappear from the tree and all groups and rules that reference them.\n" +"You won't be able to reverse this operation later.\n" +"Do you still want to delete library %1?" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:2343 +#, qt-format +msgid "" +"Type '%1': new object can not be created because\n" +"corresponding branch is missing in the object tree.\n" +"Please repair the tree using command 'fwbedit -s -f file.fwb'." +msgstr "" + +#: src/gui/ObjectManipulator.cpp:2470 src/gui/ObjectManipulator.cpp:2473 +msgid "New Interface" +msgstr "Nova Interface" + +#: src/gui/ObjectManipulator.cpp:2635 +msgid "New Object Group" +msgstr "Novo Grupo de Objetos" + +#: src/gui/ObjectManipulator.cpp:2702 +msgid "New Service Group" +msgstr "Novo Grupo de Serviços" + +#: src/gui/ObjectManipulator.cpp:2821 +msgid "Searching for firewalls affected by the change..." +msgstr "" + +#: src/gui/ObjectTreeView.cpp:115 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:66 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:113 +#: src/gui/.ui/discoverydruid_q.cpp:748 src/gui/.ui/discoverydruid_q.cpp:1024 +#: src/gui/.ui/FWBMainWindow_q.cpp:575 +msgid "Object" +msgstr "Objeto" + +#: src/gui/pfAdvancedDialog.cpp:98 +msgid "Aggressive" +msgstr "Agressivo" + +#: src/gui/pfAdvancedDialog.cpp:100 +msgid "Conservative" +msgstr "Conservador" + +#: src/gui/pfAdvancedDialog.cpp:102 +msgid "For high latency" +msgstr "Para alta latência" + +#: src/gui/pfAdvancedDialog.cpp:104 +msgid "Normal" +msgstr "Normal" + +#: src/gui/pixAdvancedDialog.cpp:130 +msgid "0 - System Unusable" +msgstr "0 - Sistema Inutilizável" + +#: src/gui/pixAdvancedDialog.cpp:135 +msgid "1 - Take Immediate Action" +msgstr "1 - Tomar uma Ação Imediata" + +#: src/gui/pixAdvancedDialog.cpp:140 +msgid "2 - Critical Condition" +msgstr "2 - Condição Critica" + +#: src/gui/pixAdvancedDialog.cpp:145 +msgid "3 - Error Message" +msgstr "3 - Mensagem de erro" + +#: src/gui/pixAdvancedDialog.cpp:150 +msgid "4 - Warning Message" +msgstr "4 - Mensagem de aviso" + +#: src/gui/pixAdvancedDialog.cpp:155 +msgid "5 - Normal but significant condition" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:160 +msgid "6 - Informational" +msgstr "6 - Mensagem informativa" + +#: src/gui/pixAdvancedDialog.cpp:165 +msgid "7 - Debug Message" +msgstr "7 - Mensagem de Depuração" + +#: src/gui/pixAdvancedDialog.cpp:679 src/gui/pixAdvancedDialog.cpp:717 +msgid "Error: Policy compiler for PIX is not installed" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:703 +msgid "Compiler error" +msgstr "Erro de compilação" + +#: src/gui/platforms.cpp:60 src/gui/.ui/ruleoptionsdialog_q.cpp:791 +msgid "alert" +msgstr "alerta" + +#: src/gui/platforms.cpp:62 src/gui/.ui/ruleoptionsdialog_q.cpp:792 +msgid "crit" +msgstr "crit" + +#: src/gui/platforms.cpp:64 src/gui/.ui/pfadvanceddialog_q.cpp:1075 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:793 +msgid "error" +msgstr "erro" + +#: src/gui/platforms.cpp:66 src/gui/.ui/ruleoptionsdialog_q.cpp:794 +msgid "warning" +msgstr "aviso" + +#: src/gui/platforms.cpp:68 src/gui/.ui/ruleoptionsdialog_q.cpp:795 +msgid "notice" +msgstr "nota" + +#: src/gui/platforms.cpp:70 src/gui/.ui/ruleoptionsdialog_q.cpp:796 +msgid "info" +msgstr "info" + +#: src/gui/platforms.cpp:72 src/gui/.ui/ruleoptionsdialog_q.cpp:797 +msgid "debug" +msgstr "depurar" + +#: src/gui/platforms.cpp:78 +msgid "kern" +msgstr "kern" + +#: src/gui/platforms.cpp:80 +msgid "user" +msgstr "usuário" + +#: src/gui/platforms.cpp:82 +msgid "mail" +msgstr "mail" + +#: src/gui/platforms.cpp:84 +msgid "daemon" +msgstr "daemon" + +#: src/gui/platforms.cpp:86 +msgid "auth" +msgstr "auth" + +#: src/gui/platforms.cpp:88 +msgid "syslog" +msgstr "syslog" + +#: src/gui/platforms.cpp:90 +msgid "lpr" +msgstr "lpr" + +#: src/gui/platforms.cpp:92 +msgid "news" +msgstr "notícias" + +#: src/gui/platforms.cpp:94 +msgid "uucp" +msgstr "uucp" + +#: src/gui/platforms.cpp:96 +msgid "cron" +msgstr "cron" + +#: src/gui/platforms.cpp:98 +msgid "authpriv" +msgstr "authpriv" + +#: src/gui/platforms.cpp:100 src/gui/.ui/pixadvanceddialog_q.cpp:1945 +msgid "ftp" +msgstr "ftp" + +#: src/gui/platforms.cpp:102 +msgid "local0" +msgstr "local0" + +#: src/gui/platforms.cpp:104 +msgid "local1" +msgstr "local1" + +#: src/gui/platforms.cpp:106 +msgid "local2" +msgstr "local2" + +#: src/gui/platforms.cpp:108 +msgid "local3" +msgstr "local3" + +#: src/gui/platforms.cpp:110 +msgid "local4" +msgstr "local4" + +#: src/gui/platforms.cpp:112 +msgid "local5" +msgstr "local5" + +#: src/gui/platforms.cpp:114 +msgid "local6" +msgstr "local6" + +#: src/gui/platforms.cpp:116 +msgid "local7" +msgstr "local7" + +#: src/gui/platforms.cpp:121 +msgid "ICMP admin prohibited" +msgstr "ICMP admin prohibited" + +#: src/gui/platforms.cpp:123 +msgid "ICMP host prohibited" +msgstr "ICMP host prohibited" + +#: src/gui/platforms.cpp:125 +msgid "ICMP host unreachable" +msgstr "ICMP host unreachable" + +#: src/gui/platforms.cpp:127 +msgid "ICMP net prohibited" +msgstr "ICMP net prohibited" + +#: src/gui/platforms.cpp:129 +msgid "ICMP net unreachable" +msgstr "ICMP net unreachable" + +#: src/gui/platforms.cpp:131 +msgid "ICMP port unreachable" +msgstr "ICMP port unreachable" + +#: src/gui/platforms.cpp:133 +msgid "ICMP protocol unreachable" +msgstr "ICMP protocol unreachable" + +#: src/gui/platforms.cpp:135 +msgid "TCP RST" +msgstr "TCP RST" + +#: src/gui/platforms.cpp:138 src/gui/.ui/actionsdialog_q.cpp:476 +#: src/gui/.ui/actionsdialog_q.cpp:483 +msgid "Route through" +msgstr "Rota através" + +#: src/gui/platforms.cpp:140 src/gui/.ui/actionsdialog_q.cpp:477 +#: src/gui/.ui/actionsdialog_q.cpp:484 +msgid "Route reply through" +msgstr "Resposta de rota através" + +#: src/gui/platforms.cpp:142 src/gui/.ui/actionsdialog_q.cpp:478 +#: src/gui/.ui/actionsdialog_q.cpp:485 +msgid "Route a copy through" +msgstr "Cópia de rota através" + +#: src/gui/platforms.cpp:145 src/gui/.ui/iptadvanceddialog_q.cpp:644 +msgid "on top of the script" +msgstr "no topo do script" + +#: src/gui/platforms.cpp:147 src/gui/.ui/iptadvanceddialog_q.cpp:645 +msgid "after interface configuration" +msgstr "após configuração da interface" + +#: src/gui/platforms.cpp:149 src/gui/.ui/iptadvanceddialog_q.cpp:646 +msgid "after policy reset" +msgstr "após reinício da política" + +#: src/gui/platforms.cpp:152 +msgid "in the activation shell script" +msgstr "no shell script de ativação" + +#: src/gui/platforms.cpp:155 +msgid "in the pf rule file, at the very top" +msgstr "" + +#: src/gui/platforms.cpp:158 +msgid "in the pf rule file, after set comamnds" +msgstr "" + +#: src/gui/platforms.cpp:161 +msgid "in the pf rule file, after scrub comamnds" +msgstr "" + +#: src/gui/platforms.cpp:164 +msgid "in the pf rule file, after table definitions" +msgstr "" + +#: src/gui/platforms.cpp:169 src/gui/.ui/ruleoptionsdialog_q.cpp:807 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:823 +msgid "/day" +msgstr "/dia" + +#: src/gui/platforms.cpp:171 src/gui/.ui/ruleoptionsdialog_q.cpp:808 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:824 +msgid "/hour" +msgstr "/hora" + +#: src/gui/platforms.cpp:173 src/gui/.ui/ruleoptionsdialog_q.cpp:809 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:825 +msgid "/minute" +msgstr "/minuto" + +#: src/gui/platforms.cpp:175 src/gui/.ui/ruleoptionsdialog_q.cpp:810 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:826 +msgid "/second" +msgstr "/segundo" + +#: src/gui/platforms.cpp:380 +msgid "- any -" +msgstr "-qualquer-" + +#: src/gui/platforms.cpp:381 +msgid "1.2.5 or earlier" +msgstr "1.2.5 ou acima" + +#: src/gui/platforms.cpp:382 +msgid "1.2.6 to 1.2.8" +msgstr "1.2.6 para 1.2.8" + +#: src/gui/platforms.cpp:383 +msgid "1.2.9 to 1.2.11" +msgstr "1.2.9 para 1.2.11" + +#: src/gui/platforms.cpp:384 +msgid "1.3.0 or later" +msgstr "1.3.0 ou posterior" + +#: src/gui/platforms.cpp:401 +msgid "3.x" +msgstr "" + +#: src/gui/platforms.cpp:402 +msgid "4.x" +msgstr "" + +#: src/gui/platforms.cpp:518 +msgid "Accept" +msgstr "Aceitar" + +#: src/gui/platforms.cpp:520 +msgid "Deny" +msgstr "Negar" + +#: src/gui/platforms.cpp:522 +msgid "Reject" +msgstr "Rejeitar" + +#: src/gui/platforms.cpp:524 +msgid "Scrub" +msgstr "" + +#: src/gui/platforms.cpp:526 +msgid "Return" +msgstr "Retornar" + +#: src/gui/platforms.cpp:528 +msgid "Skip" +msgstr "Pular" + +#: src/gui/platforms.cpp:530 src/gui/.ui/longtextdialog_q.cpp:96 +msgid "Continue" +msgstr "Continuar" + +#: src/gui/platforms.cpp:532 +msgid "Modify" +msgstr "Modificar" + +#: src/gui/platforms.cpp:534 +msgid "Classify" +msgstr "Classificar" + +#: src/gui/platforms.cpp:536 +msgid "Custom" +msgstr "Customizar" + +#: src/gui/platforms.cpp:539 +msgid "Branch" +msgstr "Ramo" + +#: src/gui/platforms.cpp:540 +msgid "Chain" +msgstr "" + +#: src/gui/platforms.cpp:541 +msgid "Anchor" +msgstr "Âncora" + +#: src/gui/platforms.cpp:545 +msgid "Accounting" +msgstr "Contabilidade" + +#: src/gui/platforms.cpp:546 +msgid "Count" +msgstr "Contagem" + +#: src/gui/platforms.cpp:550 +msgid "Tag" +msgstr "Etiqueta" + +#: src/gui/platforms.cpp:551 +msgid "Mark" +msgstr "Marcar" + +#: src/gui/platforms.cpp:555 +msgid "Pipe" +msgstr "Pipe" + +#: src/gui/platforms.cpp:556 +msgid "Queue" +msgstr "Fila" + +#: src/gui/PrefsDialog.cpp:176 +msgid "Pick the color" +msgstr "Selecione a cor" + +#: src/gui/PrefsDialog.cpp:224 +msgid "Find working directory" +msgstr "Procurar a pasta de trabalho" + +#: src/gui/PrefsDialog.cpp:233 +msgid "Find Secure Shell utility" +msgstr "Procurar utilitário de Shell Segura" + +#: src/gui/PrefsDialog.cpp:284 +msgid "Find add-on library" +msgstr "Procurar extensão" + +#: src/gui/printerStream.cpp:132 +#, qt-format +msgid "Page %1" +msgstr "Página %1" + +#: src/gui/PrintingProgressDialog.cpp:48 +#, qt-format +msgid "Printing (page %1/%2)" +msgstr "Imprimir (página %1/%2)" + +#: src/gui/PrintingProgressDialog.cpp:50 +#, qt-format +msgid "Printing page %1" +msgstr "Imprimir página %1" + +#: src/gui/PrintingProgressDialog.cpp:67 +msgid "Aborting print operation" +msgstr "Abortando a impressão" + +#: src/gui/RCS.cpp:498 src/gui/RCS.cpp:717 src/gui/RCS.cpp:800 +#, qt-format +msgid "Error checking file out: %1" +msgstr "Erro no checkout do arquivo: %1" + +#: src/gui/RCS.cpp:558 +#, qt-format +msgid "" +"Fatal error during initial RCS checkin of file %1 :\n" +" %2\n" +"Exit status %3" +msgstr "" + +#: src/gui/RCS.cpp:687 +msgid "Error creating temporary file " +msgstr "Erro ao criar o arquivo temporário" + +#: src/gui/RCS.cpp:700 +msgid "Error writing to temporary file " +msgstr "Erro ao gravar no arquivo temporário" + +#: src/gui/RCS.cpp:732 +#, qt-format +msgid "" +"File is opened and locked by %1.\n" +"You can only open it read-only." +msgstr "" + +#: src/gui/RCS.cpp:745 +#, qt-format +msgid "" +"Revision %1 of this file has been checked out and locked by you earlier.\n" +"The file may be opened in another copy of Firewall Builder or was left " +"opened\n" +"after the program crashed." +msgstr "" + +#: src/gui/RCS.cpp:748 +msgid "Open &read-only" +msgstr "Abrir somente leitu&ra" + +#: src/gui/RCS.cpp:748 +msgid "&Open and continue editing" +msgstr "Abrir e c&ontinuar editando" + +#: src/gui/RCS.cpp:991 +#, qt-format +msgid "Fatal error running rlog for %1" +msgstr "" + +#: src/gui/RCS.cpp:1031 +#, qt-format +msgid "Fatal error running rcsdiff for file %1" +msgstr "" + +#: src/gui/RCSFilePreview.cpp:137 +msgid "File is not in RCS" +msgstr "O arquivo não esta no RCS" + +#: src/gui/RuleSetView.cpp:206 +msgid "A Rule Set" +msgstr "Um Grupo de Regras" + +#: src/gui/RuleSetView.cpp:621 +msgid "Outbound " +msgstr "Saída" + +#: src/gui/RuleSetView.cpp:707 +msgid "Original" +msgstr "Original" + +#: src/gui/RuleSetView.cpp:708 +msgid "Default" +msgstr "Padrão" + +#: src/gui/RuleSetView.cpp:711 src/gui/.ui/instdialog_q.cpp:274 +msgid "All" +msgstr "Todos" + +#: src/gui/RuleSetView.cpp:712 src/gui/RuleSetView.cpp:720 +#: src/gui/.ui/timedialog_q.cpp:245 src/gui/.ui/timedialog_q.cpp:262 +msgid "Any" +msgstr "Qualquer" + +#: src/gui/RuleSetView.cpp:1457 src/gui/RuleSetView.cpp:1717 +#: src/gui/RuleSetView.cpp:1745 src/gui/.ui/FWBMainWindow_q.cpp:521 +#: src/gui/.ui/FWBMainWindow_q.cpp:522 +msgid "Insert Rule" +msgstr "Inserir Regra" + +#: src/gui/RuleSetView.cpp:1459 src/gui/RuleSetView.cpp:1473 +msgid "Paste Rule" +msgstr "Colar Regra" + +#: src/gui/RuleSetView.cpp:1603 +msgid "Parameters" +msgstr "Parâmetros" + +#: src/gui/RuleSetView.cpp:1620 +msgid "Inbound" +msgstr "Entrada" + +#: src/gui/RuleSetView.cpp:1624 +msgid "Outbound" +msgstr "Saída" + +#: src/gui/RuleSetView.cpp:1628 +msgid "Both" +msgstr "Ambos" + +#: src/gui/RuleSetView.cpp:1637 +msgid "Rule Options" +msgstr "Opções de Regras" + +#: src/gui/RuleSetView.cpp:1644 +msgid "Logging On" +msgstr "Depuração Ativa" + +#: src/gui/RuleSetView.cpp:1648 +msgid "Logging Off" +msgstr "Depuração Desativada" + +#: src/gui/RuleSetView.cpp:1674 +msgid "Reveal in tree" +msgstr "Mostrar em árvore" + +#: src/gui/RuleSetView.cpp:1677 +msgid "Negate" +msgstr "Negado" + +#: src/gui/RuleSetView.cpp:1725 +#, qt-format +msgid "Rules: %1-%2" +msgstr "Regras: %1-%2" + +#: src/gui/RuleSetView.cpp:1728 +#, qt-format +msgid "Rule: %1" +msgstr "Regra: %1" + +#: src/gui/RuleSetView.cpp:1733 +msgid "Color Label:" +msgstr "Rótulo de Cor:" + +#: src/gui/RuleSetView.cpp:1747 src/gui/.ui/FWBMainWindow_q.cpp:527 +#: src/gui/.ui/FWBMainWindow_q.cpp:528 +msgid "Add Rule Below" +msgstr "Adicionar Regra Abaixo" + +#: src/gui/RuleSetView.cpp:1750 src/gui/.ui/FWBMainWindow_q.cpp:529 +#: src/gui/.ui/FWBMainWindow_q.cpp:530 +msgid "Remove Rule" +msgstr "Remover Regra" + +#: src/gui/RuleSetView.cpp:1751 +msgid "Remove Rules" +msgstr "Remover Regras" + +#: src/gui/RuleSetView.cpp:1754 +msgid "Move Rule" +msgstr "Mover Regra" + +#: src/gui/RuleSetView.cpp:1755 +msgid "Move Rules" +msgstr "Mover Regras" + +#: src/gui/RuleSetView.cpp:1761 src/gui/.ui/FWBMainWindow_q.cpp:532 +#: src/gui/.ui/FWBMainWindow_q.cpp:533 +msgid "Copy Rule" +msgstr "Copiar Regras" + +#: src/gui/RuleSetView.cpp:1763 src/gui/.ui/FWBMainWindow_q.cpp:534 +#: src/gui/.ui/FWBMainWindow_q.cpp:535 +msgid "Cut Rule" +msgstr "Cortar Regra" + +#: src/gui/RuleSetView.cpp:1765 src/gui/.ui/FWBMainWindow_q.cpp:536 +#: src/gui/.ui/FWBMainWindow_q.cpp:537 +msgid "Paste Rule Above" +msgstr "Colar Regra Acima" + +#: src/gui/RuleSetView.cpp:1767 src/gui/.ui/FWBMainWindow_q.cpp:538 +#: src/gui/.ui/FWBMainWindow_q.cpp:539 +msgid "Paste Rule Below" +msgstr "Colar Regra Abaixo" + +#: src/gui/RuleSetView.cpp:1774 +msgid "Enable Rule" +msgstr "Ativar Regra" + +#: src/gui/RuleSetView.cpp:1775 +msgid "Enable Rules" +msgstr "Ativar Regras" + +#: src/gui/RuleSetView.cpp:1779 +msgid "Disable Rule" +msgstr "Desativar Regra" + +#: src/gui/RuleSetView.cpp:1780 +msgid "Disable Rules" +msgstr "Desativar Regras" + +#: src/gui/RuleSetView.cpp:3306 src/gui/RuleSetView.cpp:3396 +msgid "Source" +msgstr "Origem" + +#: src/gui/RuleSetView.cpp:3309 src/gui/RuleSetView.cpp:3399 +#: src/gui/RuleSetView.cpp:3559 +msgid "Destination" +msgstr "Destino" + +#: src/gui/RuleSetView.cpp:3312 src/gui/RuleSetView.cpp:3402 +msgid "Service" +msgstr "Serviço" + +#: src/gui/RuleSetView.cpp:3318 src/gui/RuleSetView.cpp:3405 +msgid "Direction" +msgstr "Direção" + +#: src/gui/RuleSetView.cpp:3321 src/gui/RuleSetView.cpp:3408 +msgid "Action" +msgstr "Ação" + +#: src/gui/RuleSetView.cpp:3326 src/gui/RuleSetView.cpp:3413 +#: src/gui/.ui/timedialog_q.cpp:241 +msgid "Time" +msgstr "Tempo" + +#: src/gui/RuleSetView.cpp:3332 src/gui/RuleSetView.cpp:3419 +#: src/gui/RuleSetView.cpp:3499 src/gui/RuleSetView.cpp:3571 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:206 +#: src/gui/.ui/linux24advanceddialog_q.cpp:415 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:184 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:198 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1854 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:308 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:212 +msgid "Options" +msgstr "Opções" + +#: src/gui/RuleSetView.cpp:3336 src/gui/RuleSetView.cpp:3423 +#: src/gui/RuleSetView.cpp:3502 src/gui/RuleSetView.cpp:3574 +msgid "Comment" +msgstr "Comentário" + +#: src/gui/RuleSetView.cpp:3481 +msgid "Original Src" +msgstr "Orig Original" + +#: src/gui/RuleSetView.cpp:3484 +msgid "Original Dst" +msgstr "Dest Original" + +#: src/gui/RuleSetView.cpp:3487 +msgid "Original Srv" +msgstr "Srv Original" + +#: src/gui/RuleSetView.cpp:3490 +msgid "Translated Src" +msgstr "Orig Traduzido" + +#: src/gui/RuleSetView.cpp:3493 +msgid "Translated Dst" +msgstr "Dest Traduzido" + +#: src/gui/RuleSetView.cpp:3496 +msgid "Translated Srv" +msgstr "Srv Traduzido" + +#: src/gui/RuleSetView.cpp:3562 +msgid "Gateway" +msgstr "Roteador" + +#: src/gui/RuleSetView.cpp:3568 +msgid "Metric" +msgstr "Métrica" + +#: src/gui/SimpleTextEditor.cpp:71 +#, fuzzy +msgid "Choose file" +msgstr "Selecione um arquivo a importar" + +#: src/gui/SSHPIX.cpp:136 src/gui/SSHUnx.cpp:95 +msgid "" +"\n" +"*** Fatal error :" +msgstr "" +"\n" +"*** Erro fatal :" + +#: src/gui/SSHPIX.cpp:170 src/gui/SSHUnx.cpp:151 +msgid "Logged in" +msgstr "Entrou" + +#: src/gui/SSHPIX.cpp:171 +msgid "Switching to enable mode..." +msgstr "Mudar para o modo ligado..." + +#: src/gui/SSHPIX.cpp:205 src/gui/SSHUnx.cpp:176 +msgid "New RSA key" +msgstr "Nova chave RSA" + +#: src/gui/SSHPIX.cpp:206 src/gui/SSHUnx.cpp:177 +msgid "Yes" +msgstr "Sim" + +#: src/gui/SSHPIX.cpp:206 src/gui/SSHUnx.cpp:177 +msgid "No" +msgstr "Não" + +#: src/gui/SSHPIX.cpp:252 +msgid "In enable mode." +msgstr "No modo ligado." + +#: src/gui/SSHPIX.cpp:387 src/gui/SSHPIX.cpp:783 +msgid "Pushing firewall configuration" +msgstr "Ativando configuração do firewall" + +#: src/gui/SSHPIX.cpp:424 +#, qt-format +msgid "Rule %1" +msgstr "Regra %1" + +#: src/gui/SSHPIX.cpp:450 +msgid "End" +msgstr "Fim" + +#: src/gui/SSHPIX.cpp:532 +msgid "Making backup copy of the firewall configuration" +msgstr "" + +#: src/gui/SSHPIX.cpp:596 +msgid "*** Clearing unused access lists" +msgstr "" + +#: src/gui/SSHPIX.cpp:661 +msgid "*** Clearing unused object groups" +msgstr "" + +#: src/gui/SSHPIX.cpp:681 +msgid "*** End " +msgstr "*** Final" + +#: src/gui/SSHPIX.cpp:692 +msgid "Reading current firewall configuration" +msgstr "Lendo a configuração de firewall atual" + +#: src/gui/SSHPIX.cpp:717 +msgid "Generating configuration diff" +msgstr "Gerando diferença de configuração" + +#: src/gui/SSHPIX.cpp:732 +#, qt-format +msgid "Fork failed for %1" +msgstr "Falhou o fork para %1" + +#: src/gui/SSHPIX.cpp:738 +msgid "Not enough memory." +msgstr "Memória insuficiente." + +#: src/gui/SSHPIX.cpp:743 +msgid "Too many opened file descriptors in the system." +msgstr "" + +#: src/gui/SSHPIX.cpp:769 +msgid "Empty configuration diff" +msgstr "Diferença de configuração vazia" + +#: src/gui/SSHSession.cpp:90 +#, qt-format +msgid "" +"You are connecting to the firewall '%1' for the first time. It has " +"provided you its identification in a form of its host public key. The " +"fingerprint of the host public key is: \"%2\" You can save the host key to " +"the local database by pressing YES, or you can cancel connection by pressing " +"NO. You should press YES only if you are sure you are really connected to " +"the firewall '%3'." +msgstr "" + +#: src/gui/SSHSession.cpp:180 +msgid "Failed to start ssh" +msgstr "Falhou ao iniciar o ssh" + +#: src/gui/SSHSession.cpp:498 +msgid "ERROR" +msgstr "ERRO" + +#: src/gui/SSHSession.cpp:498 src/gui/.ui/filepropdialog_q.cpp:126 +#: src/gui/.ui/instoptionsdialog_q.cpp:285 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1825 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:309 +#: src/gui/.ui/simpleinteditor_q.cpp:91 src/gui/.ui/simpletexteditor_q.cpp:95 +msgid "OK" +msgstr "OK" + +#: src/gui/SSHSession.cpp:500 +#, qt-format +msgid "SSH session terminated, exit status: %1" +msgstr "" + +#: src/gui/SSHUnx.cpp:236 +msgid "Done" +msgstr "Feito" + +#: src/gui/SSHUnx.cpp:248 +msgid "Error in SSH" +msgstr "Erro em SSH" + +#: src/gui/StartWizard.cpp:106 +#, qt-format +msgid "File %1 is read-only, you can not save changes to it." +msgstr "" + +#: src/gui/StartWizard.cpp:171 +#, qt-format +msgid "" +"Error opening file:\n" +"%1" +msgstr "" +"Erro abrindo o arquivo:\n" +"%1" + +#: src/gui/TCPServiceDialog.cpp:176 src/gui/UDPServiceDialog.cpp:118 +msgid "Invalid range defined for the source port." +msgstr "" + +#: src/gui/TCPServiceDialog.cpp:184 src/gui/UDPServiceDialog.cpp:126 +msgid "Invalid range defined for the destination port." +msgstr "" + +#: src/gui/TimeDialog.cpp:68 src/gui/TimeDialog.cpp:69 +#: src/gui/.ui/timedialog_q.cpp:256 src/gui/.ui/timedialog_q.cpp:259 +#, fuzzy +msgid "(M/D/Y)" +msgstr "Data (M/D/A):" + +#: src/gui/TimeDialog.cpp:73 src/gui/TimeDialog.cpp:74 +#, fuzzy +msgid "(D/M/Y)" +msgstr "Data (D/M/A):" + +#: src/gui/TimeDialog.cpp:78 src/gui/TimeDialog.cpp:79 +#, fuzzy +msgid "(Y/M/D)" +msgstr "Data (A/M/D):" + +#: src/gui/TimeDialog.cpp:83 src/gui/TimeDialog.cpp:84 +#, fuzzy +msgid "(Y/D/M)" +msgstr "Data (A/D/M):" + +#: src/gui/.ui/aboutdialog_q.cpp:136 src/gui/.ui/aboutdialog_q.cpp:137 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:109 +#: src/gui/.ui/FWBMainWindow_q.cpp:439 +msgid "Firewall Builder" +msgstr "Firewall Builder" + +#: src/gui/.ui/aboutdialog_q.cpp:138 +msgid "Using libfwbuilder API v" +msgstr "Usando libfwbuilder API v" + +#: src/gui/.ui/aboutdialog_q.cpp:139 +msgid "Revision: " +msgstr "Revisão:" + +#: src/gui/.ui/aboutdialog_q.cpp:140 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:187 +#: src/gui/.ui/ipfadvanceddialog_q.cpp:547 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:351 +#: src/gui/.ui/iptadvanceddialog_q.cpp:599 +#: src/gui/.ui/linksysadvanceddialog_q.cpp:196 +#: src/gui/.ui/linux24advanceddialog_q.cpp:366 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:165 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:173 +#: src/gui/.ui/pagesetupdialog_q.cpp:108 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1000 src/gui/.ui/prefsdialog_q.cpp:364 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:183 +msgid "&OK" +msgstr "&OK" + +#: src/gui/.ui/aboutdialog_q.cpp:142 +msgid "Copyright 2002-2006 NetCitadel, LLC" +msgstr "" + +#: src/gui/.ui/aboutdialog_q.cpp:143 +msgid "" +"

    http://www." +"fwbuilder.org

    " +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:451 +msgid "Actions Dialog" +msgstr "Ações" + +#: src/gui/.ui/actionsdialog_q.cpp:452 +msgid "fw/rule num/action" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:453 +msgid "Tag string:" +msgstr "Etiqueta:" + +#: src/gui/.ui/actionsdialog_q.cpp:454 +msgid "" +"If rule action is 'Reject', this option defines firewall's reaction to the " +"packet matching the rule" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:455 +msgid "This action has no parameters." +msgstr "Esta ação não tem parâmetros." + +#: src/gui/.ui/actionsdialog_q.cpp:456 +msgid "Tag value:" +msgstr "Valor:" + +#: src/gui/.ui/actionsdialog_q.cpp:457 +msgid "Mark connections created by packets that match this rule" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:458 +msgid "Requires CONNMARK target" +msgstr "Requer um destino CONNMARK" + +#: src/gui/.ui/actionsdialog_q.cpp:459 +msgid "" +"Note: this action translates into MARK target for iptables. Normally this " +"target is non-terminating, that is, other rules with Classify or Tag actions " +"belog this one will process the same packet. However, Firewall Builder can " +"emulate terminating behavior for this action. Option in the \"compiler\" tab " +"of the firewall object properties dialog activates emulation." +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:460 +msgid "Emulation is currently ON, the rule will be terminating" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:461 +msgid "" +"Rule name for accounting. (white spaces and special characters are not " +"allowed)" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:462 +msgid "Packet classification can be implemented in different ways:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:464 +msgid "use dummynet(4) 'pipe'" +msgstr "usar dummynet(4) 'pipe'" + +#: src/gui/.ui/actionsdialog_q.cpp:465 +msgid "use dummynet(4) 'queue'" +msgstr "usar dummynet(4) 'queue'" + +#: src/gui/.ui/actionsdialog_q.cpp:466 +msgid "Pipe or queue number:" +msgstr "Pipe ou número de fila:" + +#: src/gui/.ui/actionsdialog_q.cpp:467 +msgid "Custom string:" +msgstr "Frase personalizada:" + +#: src/gui/.ui/actionsdialog_q.cpp:468 +msgid "Classify string:" +msgstr "Classificar frase:" + +#: src/gui/.ui/actionsdialog_q.cpp:469 +msgid "" +"Note: CLASSIFY target in iptables is non-terminating, that is other rules " +"with Classify or Mark target below this will process the same packet. " +"However, Firewall Builder can emulate terminating behavior for this action. " +"Emulation is activated by an option in the \"compiler\" tab of the firewall " +"object properties dialog." +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:471 +msgid "Divert socket port number:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:472 +msgid "User-defined chain name:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:473 +msgid "" +"In addition to 'filter', create branching rule in 'mangle' table as well" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:474 +msgid "Anchor name:" +msgstr "Âncora:" + +#: src/gui/.ui/actionsdialog_q.cpp:479 src/gui/.ui/actionsdialog_q.cpp:486 +msgid "interface" +msgstr "interface" + +#: src/gui/.ui/actionsdialog_q.cpp:480 src/gui/.ui/actionsdialog_q.cpp:487 +msgid "next hop" +msgstr "próximo salto" + +#: src/gui/.ui/actionsdialog_q.cpp:481 +msgid "Fastroute" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:488 +msgid "Change inbound interface to" +msgstr "Mudar interface de entrada para" + +#: src/gui/.ui/actionsdialog_q.cpp:489 +msgid "Route through gateway" +msgstr "Rotear através do roteador" + +#: src/gui/.ui/actionsdialog_q.cpp:490 +msgid "Change outbound interface to" +msgstr "Mudar a interface de saída para" + +#: src/gui/.ui/actionsdialog_q.cpp:491 +msgid "Continue packet inspection" +msgstr "Continuar a inspeção de pacote" + +#: src/gui/.ui/actionsdialog_q.cpp:492 +msgid "Make a copy" +msgstr "Fazer uma cópia" + +#: src/gui/.ui/addressrangedialog_q.cpp:162 +#: src/gui/.ui/addressrangedialog_q.cpp:163 +msgid "Address Range" +msgstr "Intervalo de Endereços" + +#: src/gui/.ui/addressrangedialog_q.cpp:164 +#: src/gui/.ui/addresstabledialog_q.cpp:198 +#: src/gui/.ui/customservicedialog_q.cpp:179 +#: src/gui/.ui/dnsnamedialog_q.cpp:173 src/gui/.ui/firewalldialog_q.cpp:215 +#: src/gui/.ui/groupobjectdialog_q.cpp:188 src/gui/.ui/hostdialog_q.cpp:149 +#: src/gui/.ui/icmpservicedialog_q.cpp:169 +#: src/gui/.ui/interfacedialog_q.cpp:233 src/gui/.ui/ipservicedialog_q.cpp:210 +#: src/gui/.ui/ipv4dialog_q.cpp:171 src/gui/.ui/librarydialog_q.cpp:141 +#: src/gui/.ui/networkdialog_q.cpp:165 src/gui/.ui/physaddressdialog_q.cpp:154 +#: src/gui/.ui/tagservicedialog_q.cpp:149 +#: src/gui/.ui/tcpservicedialog_q.cpp:372 src/gui/.ui/timedialog_q.cpp:271 +#: src/gui/.ui/udpservicedialog_q.cpp:223 +msgid "Comment:" +msgstr "Comentário:" + +#: src/gui/.ui/addressrangedialog_q.cpp:165 +msgid "Range End:" +msgstr "Intervalo final" + +#: src/gui/.ui/addressrangedialog_q.cpp:166 +msgid "Range Start:" +msgstr "Intervalo Inicial" + +#: src/gui/.ui/addressrangedialog_q.cpp:167 +#: src/gui/.ui/addresstabledialog_q.cpp:200 +#: src/gui/.ui/customservicedialog_q.cpp:180 +#: src/gui/.ui/dnsnamedialog_q.cpp:178 src/gui/.ui/firewalldialog_q.cpp:216 +#: src/gui/.ui/groupobjectdialog_q.cpp:193 src/gui/.ui/hostdialog_q.cpp:147 +#: src/gui/.ui/icmpservicedialog_q.cpp:170 +#: src/gui/.ui/interfacedialog_q.cpp:234 src/gui/.ui/ipservicedialog_q.cpp:219 +#: src/gui/.ui/ipv4dialog_q.cpp:172 src/gui/.ui/librarydialog_q.cpp:139 +#: src/gui/.ui/networkdialog_q.cpp:166 src/gui/.ui/newfirewalldialog_q.cpp:516 +#: src/gui/.ui/newhostdialog_q.cpp:392 src/gui/.ui/physaddressdialog_q.cpp:151 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:820 +#: src/gui/.ui/tagservicedialog_q.cpp:151 +#: src/gui/.ui/tcpservicedialog_q.cpp:398 src/gui/.ui/timedialog_q.cpp:272 +#: src/gui/.ui/udpservicedialog_q.cpp:231 +msgid "Name:" +msgstr "Nome:" + +#: src/gui/.ui/addressrangedialog_q.cpp:168 +#: src/gui/.ui/addresstabledialog_q.cpp:199 +#: src/gui/.ui/customservicedialog_q.cpp:181 +#: src/gui/.ui/dnsnamedialog_q.cpp:177 src/gui/.ui/firewalldialog_q.cpp:217 +#: src/gui/.ui/groupobjectdialog_q.cpp:192 src/gui/.ui/hostdialog_q.cpp:148 +#: src/gui/.ui/icmpservicedialog_q.cpp:171 +#: src/gui/.ui/interfacedialog_q.cpp:236 src/gui/.ui/ipservicedialog_q.cpp:218 +#: src/gui/.ui/ipv4dialog_q.cpp:173 src/gui/.ui/networkdialog_q.cpp:167 +#: src/gui/.ui/newgroupdialog_q.cpp:98 src/gui/.ui/physaddressdialog_q.cpp:152 +#: src/gui/.ui/tagservicedialog_q.cpp:150 +#: src/gui/.ui/tcpservicedialog_q.cpp:399 src/gui/.ui/timedialog_q.cpp:273 +#: src/gui/.ui/udpservicedialog_q.cpp:230 +msgid "Library:" +msgstr "Biblioteca:" + +#: src/gui/.ui/addresstabledialog_q.cpp:196 +#: src/gui/.ui/addresstabledialog_q.cpp:197 +msgid "Address Table" +msgstr "Tabela de Endereços" + +#: src/gui/.ui/addresstabledialog_q.cpp:202 +#: src/gui/.ui/dnsnamedialog_q.cpp:175 +msgid "Compile Time" +msgstr "Tempo de Compilação" + +#: src/gui/.ui/addresstabledialog_q.cpp:203 +#: src/gui/.ui/dnsnamedialog_q.cpp:176 +msgid "Run Time" +msgstr "Tempo Decorrido" + +#: src/gui/.ui/addresstabledialog_q.cpp:204 +msgid "File name:" +msgstr "Nome do arquivo" + +#: src/gui/.ui/addresstabledialog_q.cpp:205 +#: src/gui/.ui/addresstabledialog_q.cpp:206 +msgid "Browse" +msgstr "Explorar" + +#: src/gui/.ui/addresstabledialog_q.cpp:207 +msgid "Preview" +msgstr "Pré visualização" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:87 +msgid "Enter New Position For The Rule" +msgstr "Entre com uma Nova Posição Para a Regra" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:88 +msgid "Enter new position for selected rules:" +msgstr "Entre com uma nova posição para as regras selecionadas:" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:89 +msgid "&Move" +msgstr "&Mover" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:90 +msgid "Alt+M" +msgstr "Alt+M" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:92 src/gui/.ui/debugdialog_q.cpp:76 +#: src/gui/.ui/execdialog_q.cpp:96 src/gui/.ui/pagesetupdialog_q.cpp:111 +msgid "Alt+C" +msgstr "Alt+C" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:108 src/gui/.ui/prefsdialog_q.cpp:401 +msgid "Orange" +msgstr "Laranja" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:110 src/gui/.ui/prefsdialog_q.cpp:408 +msgid "Green" +msgstr "Verde" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:112 src/gui/.ui/prefsdialog_q.cpp:406 +msgid "Purple" +msgstr "Púrpura" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:114 src/gui/.ui/prefsdialog_q.cpp:398 +msgid "Blue" +msgstr "Azul" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:116 src/gui/.ui/prefsdialog_q.cpp:399 +msgid "Yellow" +msgstr "Amarelo" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:118 src/gui/.ui/prefsdialog_q.cpp:409 +msgid "Gray" +msgstr "Cinza" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:120 src/gui/.ui/prefsdialog_q.cpp:397 +msgid "Red" +msgstr "Vermelho" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:122 +msgid "No color" +msgstr "Sem cor" + +#: src/gui/.ui/commenteditorpanel_q.cpp:95 +msgid "Comment Editor Panel" +msgstr "Editor de Comentários" + +#: src/gui/.ui/commenteditorpanel_q.cpp:96 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:155 +#: src/gui/.ui/routingruleoptionsdialog_q.cpp:119 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:784 +msgid "fw/rule num" +msgstr "num fw/regra" + +#: src/gui/.ui/commenteditorpanel_q.cpp:98 +#: src/gui/.ui/simpletexteditor_q.cpp:97 +msgid "Import from file ..." +msgstr "Importar do arquivo ..." + +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:67 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:114 +msgid "Parent" +msgstr "Pai" + +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:68 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:115 +#: src/gui/.ui/findwhereusedwidget_q.cpp:63 +#: src/gui/.ui/findwhereusedwidget_q.cpp:120 +msgid "Details" +msgstr "Detalhes" + +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:112 +msgid "" +"Groups and firewall policy rules shown in the list below reference objects " +"you are about to delete. If you delete objects, they will be removed from " +"these groups and rules." +msgstr "" + +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:116 +msgid "" +"Deleted objects are moved to the \"Deleted objects\" library. You can " +"recover them later by moving back to the user's library. However if you " +"delete an object already located in the \"Deleted objects\" library, it is " +"destroyed and can not be restored." +msgstr "" + +#: src/gui/.ui/customservicedialog_q.cpp:182 +msgid "" +"Custom service object has separate code string for each supported firewall " +"platform." +msgstr "" + +#: src/gui/.ui/customservicedialog_q.cpp:183 +#: src/gui/.ui/discoverydruid_q.cpp:940 src/gui/.ui/firewalldialog_q.cpp:218 +msgid "Platform:" +msgstr "Plataforma:" + +#: src/gui/.ui/customservicedialog_q.cpp:184 +#: src/gui/.ui/tagservicedialog_q.cpp:152 +msgid "Code:" +msgstr "Código:" + +#: src/gui/.ui/debugdialog_q.cpp:74 +msgid "Debugging Info" +msgstr "Info de Depuração" + +#: src/gui/.ui/debugdialog_q.cpp:75 src/gui/.ui/execdialog_q.cpp:95 +#: src/gui/.ui/FWBMainWindow_q.cpp:498 +msgid "&Close" +msgstr "&Fechar" + +#: src/gui/.ui/discoverydruid_q.cpp:750 src/gui/.ui/discoverydruid_q.cpp:1025 +msgid "Interfaces" +msgstr "Interfaces" + +#: src/gui/.ui/discoverydruid_q.cpp:752 src/gui/.ui/discoverydruid_q.cpp:1026 +#: src/gui/.ui/filterdialog_q.cpp:91 src/gui/.ui/filterdialog_q.cpp:164 +msgid "Type" +msgstr "Tipo" + +#: src/gui/.ui/discoverydruid_q.cpp:921 src/gui/.ui/FWBMainWindow_q.cpp:565 +#: src/gui/.ui/FWBMainWindow_q.cpp:566 +msgid "Discovery Druid" +msgstr "Assistente de Descobrimento" + +#: src/gui/.ui/discoverydruid_q.cpp:922 +msgid "" +"Choose discovery method used to collect information about network objects " +"from the list below and click 'Next' to continue." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:923 +msgid "Discovery method:" +msgstr "Método de descobrimento:" + +#: src/gui/.ui/discoverydruid_q.cpp:924 +msgid "Read file in hosts format" +msgstr "Ler o arquivo no formato hosts" + +#: src/gui/.ui/discoverydruid_q.cpp:925 src/gui/.ui/discoverydruid_q.cpp:948 +msgid "Import DNS zone" +msgstr "Importar zona DNS" + +#: src/gui/.ui/discoverydruid_q.cpp:926 +msgid "Perform network discovery using SNMP" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:927 src/gui/.ui/discoverydruid_q.cpp:942 +#, fuzzy +msgid "Import configuration of a firewall or a router" +msgstr "Gravar a diferença de configuração num arquivo" + +#: src/gui/.ui/discoverydruid_q.cpp:928 +msgid "Discovery Method" +msgstr "Método de Descobrimento" + +#: src/gui/.ui/discoverydruid_q.cpp:929 +msgid "Enter full path and file name below or click \"Browse\" to find it:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:930 +msgid "File in hosts format" +msgstr "Arquivo no formato do hosts" + +#: src/gui/.ui/discoverydruid_q.cpp:931 +msgid "Browse ..." +msgstr "Explorar ..." + +#: src/gui/.ui/discoverydruid_q.cpp:932 +msgid "Reading file in hosts format" +msgstr "Lendo o arquivo no formato hosts" + +#: src/gui/.ui/discoverydruid_q.cpp:933 +msgid "" +"All objects created during import will be placed in the library currently " +"opened in the tree." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:934 +msgid "" +"Policy import tries to parse given configuration file and preserve its logic " +"as close as possible. However, very often target firewall configuration " +"allows for more commands, options and their combinations than importer can " +"understand. Rules that importer could not parse exactly are colored red in " +"the rule sets it creates. Always inspect firewall policy created by the " +"importer and compare it with the original. Manual changes and corrections " +"may be required. Comments in the rules that could not be parsed show " +"fragments of the original configuration parser did not understand." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:935 +#, fuzzy +msgid "Import from file: " +msgstr "Importar do arquivo ..." + +# Revisar +#: src/gui/.ui/discoverydruid_q.cpp:936 src/gui/.ui/prefsdialog_q.cpp:380 +#: src/gui/.ui/prefsdialog_q.cpp:385 +msgid "Browse..." +msgstr "Navegar..." + +#: src/gui/.ui/discoverydruid_q.cpp:938 +msgid "Cisco IOS" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:939 +#, fuzzy +msgid "iptables" +msgstr "iptables:" + +#: src/gui/.ui/discoverydruid_q.cpp:941 +#: src/gui/.ui/printingprogressdialog_q.cpp:75 +msgid "textLabel1" +msgstr "textLabel1" + +#: src/gui/.ui/discoverydruid_q.cpp:943 +msgid "" +"This discovery method creates objects for all 'A' records found in DNS " +"domain. You will later have a chance to accept only those objects you wish " +"and ignore others.\n" +"Please enter the domain name below:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:945 +msgid "Domain name" +msgstr "Nome de domínio" + +#: src/gui/.ui/discoverydruid_q.cpp:946 +msgid "" +"Objects created using this method may have long or short names. long name " +"consists of the host name and full domain name (this is called Fully " +"Qualified Domain Name). Short name consists of only host name. Check in " +"the box below if you wish to use long name, then click next to continue:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:947 +msgid "Use long names" +msgstr "Usar nomes longos" + +#: src/gui/.ui/discoverydruid_q.cpp:949 +msgid "" +"DNS zone information has to be transferred from the name server " +"authoritative for the domain. Pick the name server:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:950 src/gui/.ui/discoverydruid_q.cpp:957 +msgid "Name server" +msgstr "Servidor de nomes" + +#: src/gui/.ui/discoverydruid_q.cpp:951 +msgid "choose name server from the list below" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:952 +msgid "server name or its IP address here if you wish to use different one:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:954 +msgid "DNS Query options" +msgstr "Opções de Consultas DNS" + +#: src/gui/.ui/discoverydruid_q.cpp:955 +msgid "Timeout (sec)" +msgstr "Tempo Limite (seg)" + +#: src/gui/.ui/discoverydruid_q.cpp:956 +msgid "Retries" +msgstr "Tentativas" + +#: src/gui/.ui/discoverydruid_q.cpp:958 +msgid "" +"This discovery method scans networks looking for hosts or gateways " +"responding to SNMP queries. It pulls host's ARP table and uses all the " +"entries found in it to create objects. Scan starts from the host called " +"\"seed\". Enter \"seed\" host name or address below:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:959 +msgid "'Seed' host" +msgstr "máquina 'semente'" + +#: src/gui/.ui/discoverydruid_q.cpp:961 +msgid "Enter a valid host name or address." +msgstr "Entre com um endereço ou nome de máquina válido." + +#: src/gui/.ui/discoverydruid_q.cpp:962 +msgid "" +"The scanner process can be confined to a certain network, so it won't " +"discover hosts on adjacent networks. If you leave these fields blank, " +"scanner will visit all networks it can find:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:963 +msgid "Confine scan to this network:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:964 src/gui/.ui/ipv4dialog_q.cpp:175 +#: src/gui/.ui/networkdialog_q.cpp:168 src/gui/.ui/newfirewalldialog_q.cpp:518 +#: src/gui/.ui/newhostdialog_q.cpp:406 +msgid "Netmask:" +msgstr "Máscara:" + +#: src/gui/.ui/discoverydruid_q.cpp:965 src/gui/.ui/ipv4dialog_q.cpp:174 +#: src/gui/.ui/networkdialog_q.cpp:169 src/gui/.ui/newfirewalldialog_q.cpp:517 +#: src/gui/.ui/newhostdialog_q.cpp:394 +msgid "Address:" +msgstr "Endereço:" + +#: src/gui/.ui/discoverydruid_q.cpp:967 +msgid "Network discovery using SNMP" +msgstr "Descobridor de redes usando SNMP" + +#: src/gui/.ui/discoverydruid_q.cpp:968 +msgid "" +"The scanner process can repeat its algorithm recursively using each new host " +"it finds as a new \"seed\". This allows it to find as many objects on your " +"network as possible. On the other hand, it takes more time and may find some " +"objects you do not really need. You can turn recursive scanning on below:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:969 +msgid "Run network scan recursively" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:970 +msgid "" +"The scanner process can find nodes beyond the boundaries of your network by " +"following point-to-point links connecting it to the Internet or other parts " +"of WAN." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:971 +msgid "Follow point-to-point links" +msgstr "Seguir links point-to-point" + +#: src/gui/.ui/discoverydruid_q.cpp:972 +msgid "" +"The scanner process can distinguish virtual IP addresses created on hosts as " +"static \"published\" ARP entries or as secondary addresses on interfaces." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:973 +msgid "Include virtual addresses" +msgstr "Incluir endereço virtual" + +#: src/gui/.ui/discoverydruid_q.cpp:974 +msgid "" +"Analysis of ARP table yields IP addresses for hosts on your network. In " +"order to determine their names, scanner can run reverse name lookup queries " +"using your name servers (DNS):" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:975 +msgid "Run reverse name lookup DNS queries to determine host names" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:976 +msgid "Network scan options" +msgstr "Opções de scan de rede" + +#: src/gui/.ui/discoverydruid_q.cpp:977 +msgid "" +"Enter parameters for SNMP and DNS reverse lookup queries below. (If unsure, " +"just leave default values):" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:978 +msgid "SNMP query parameters:" +msgstr "Parâmetros de consulta:" + +#: src/gui/.ui/discoverydruid_q.cpp:979 +#: src/gui/.ui/newfirewalldialog_q.cpp:497 src/gui/.ui/newhostdialog_q.cpp:386 +msgid "SNMP 'read' community string:" +msgstr "SNMP 'read' community string:" + +#: src/gui/.ui/discoverydruid_q.cpp:980 src/gui/.ui/discoverydruid_q.cpp:984 +msgid "number of retries:" +msgstr "números de tentativas:" + +#: src/gui/.ui/discoverydruid_q.cpp:981 +msgid "timeout (sec):" +msgstr "tempo limite (seg):" + +#: src/gui/.ui/discoverydruid_q.cpp:982 +msgid "public" +msgstr "público" + +#: src/gui/.ui/discoverydruid_q.cpp:983 +msgid "DNS parameters:" +msgstr "Parâmetros do DNS:" + +#: src/gui/.ui/discoverydruid_q.cpp:985 +msgid "timeout (sec) :" +msgstr "tempo limite (seg) :" + +#: src/gui/.ui/discoverydruid_q.cpp:986 +msgid "Number of threads:" +msgstr "Número de threads:" + +#: src/gui/.ui/discoverydruid_q.cpp:988 +msgid "SNMP and DNS reverse lookup queries parameters" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:990 +msgid "Process name" +msgstr "Nome do processo" + +#: src/gui/.ui/discoverydruid_q.cpp:993 +msgid "Save scan log to file" +msgstr "Gravar depuração de scan em arquivo" + +#: src/gui/.ui/discoverydruid_q.cpp:994 +msgid "Process log:" +msgstr "Depuração do processo:" + +#: src/gui/.ui/discoverydruid_q.cpp:995 +msgid "Discovery is in progress" +msgstr "Descobrimento em progresso" + +#: src/gui/.ui/discoverydruid_q.cpp:996 +msgid "" +"These are the networks found by the scanner process. Choose the ones you " +"wish to use from the list below, then click 'Next':" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:997 src/gui/.ui/discoverydruid_q.cpp:1003 +#: src/gui/.ui/discoverydruid_q.cpp:1008 src/gui/.ui/discoverydruid_q.cpp:1013 +#: src/gui/.ui/discoverydruid_q.cpp:1019 +msgid "Select All" +msgstr "Selecionar Tudo" + +#: src/gui/.ui/discoverydruid_q.cpp:998 src/gui/.ui/discoverydruid_q.cpp:1009 +#: src/gui/.ui/discoverydruid_q.cpp:1018 +msgid "Filter ..." +msgstr "Filtrar ..." + +#: src/gui/.ui/discoverydruid_q.cpp:999 src/gui/.ui/discoverydruid_q.cpp:1004 +#: src/gui/.ui/discoverydruid_q.cpp:1010 src/gui/.ui/discoverydruid_q.cpp:1014 +#: src/gui/.ui/discoverydruid_q.cpp:1016 +msgid "Unselect All" +msgstr "De-selecionar Tudo" + +#: src/gui/.ui/discoverydruid_q.cpp:1000 src/gui/.ui/discoverydruid_q.cpp:1007 +#: src/gui/.ui/discoverydruid_q.cpp:1017 +msgid "Remove Filter" +msgstr "Remover Filtro" + +#: src/gui/.ui/discoverydruid_q.cpp:1001 src/gui/.ui/discoverydruid_q.cpp:1011 +msgid "->" +msgstr "->" + +#: src/gui/.ui/discoverydruid_q.cpp:1002 src/gui/.ui/discoverydruid_q.cpp:1012 +msgid "<-" +msgstr "<-" + +#: src/gui/.ui/discoverydruid_q.cpp:1005 +msgid "Networks" +msgstr "Redes" + +#: src/gui/.ui/discoverydruid_q.cpp:1006 +msgid "Choose objects you wish to use, then click 'Next':" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1020 +msgid "Change type of selected objects:" +msgstr "Mudar o tipo dos objetos selecionados:" + +#: src/gui/.ui/discoverydruid_q.cpp:1027 +msgid "" +"Here you can change type of the objects to be created for each address " +"discovered by the scanner. By default, an \"Address\" object is created for " +"the host with just one interface with single IP address and \"Host\" object " +"is created for the host with multiple interfaces, however you can change " +"their types on this page." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1028 +msgid "Adjust Object types" +msgstr "Ajustar tipo dos Objetos" + +#: src/gui/.ui/discoverydruid_q.cpp:1029 +msgid "Select target library" +msgstr "Selecione a biblioteca de destino" + +#: src/gui/.ui/discoverydruid_q.cpp:1030 +msgid "Target library" +msgstr "Biblioteca de destino" + +#: src/gui/.ui/discoverydruid_q.cpp:1031 +msgid "Adding new objects to library ..." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1032 +msgid "Creatnig objects" +msgstr "Criando objetos" + +#: src/gui/.ui/dnsnamedialog_q.cpp:171 src/gui/.ui/dnsnamedialog_q.cpp:172 +msgid "DNS Name" +msgstr "Nome DNS" + +#: src/gui/.ui/dnsnamedialog_q.cpp:179 +msgid "DNS Record:" +msgstr "Registro DNS:" + +#: src/gui/.ui/execdialog_q.cpp:92 +msgid "Executing external command" +msgstr "Executando comando externo" + +#: src/gui/.ui/execdialog_q.cpp:93 src/gui/.ui/instdialog_q.cpp:287 +msgid "Save log to file" +msgstr "Salvar depuração no arquivo" + +#: src/gui/.ui/filepropdialog_q.cpp:114 +msgid "File Properties" +msgstr "Propriedades do Arquivo" + +#: src/gui/.ui/filepropdialog_q.cpp:115 +msgid "Location:" +msgstr "Localização :" + +#: src/gui/.ui/filepropdialog_q.cpp:116 +msgid "RO" +msgstr "RO" + +#: src/gui/.ui/filepropdialog_q.cpp:117 +msgid "Revision Control:" +msgstr "Controle de Revisão:" + +#: src/gui/.ui/filepropdialog_q.cpp:118 +msgid "Time of last modification:" +msgstr "Última modificação:" + +#: src/gui/.ui/filepropdialog_q.cpp:119 +msgid "Revision:" +msgstr "Revisão:" + +#: src/gui/.ui/filepropdialog_q.cpp:120 +msgid "Locked by user:" +msgstr "Bloqueado pelo usuário:" + +#: src/gui/.ui/filepropdialog_q.cpp:121 +msgid "location" +msgstr "localização" + +#: src/gui/.ui/filepropdialog_q.cpp:122 +msgid "lastModified" +msgstr "últimaAlteração" + +#: src/gui/.ui/filepropdialog_q.cpp:123 +msgid "rev" +msgstr "rev" + +#: src/gui/.ui/filepropdialog_q.cpp:124 +msgid "lockedBy" +msgstr "travadoPor" + +#: src/gui/.ui/filepropdialog_q.cpp:125 +msgid "Revision history:" +msgstr "Histórico de revisões:" + +#: src/gui/.ui/filepropdialog_q.cpp:127 src/gui/.ui/FWBMainWindow_q.cpp:458 +msgid "Print" +msgstr "Imprimir" + +#: src/gui/.ui/filterdialog_q.cpp:89 src/gui/.ui/filterdialog_q.cpp:163 +msgid "Target" +msgstr "Alvo" + +#: src/gui/.ui/filterdialog_q.cpp:93 src/gui/.ui/filterdialog_q.cpp:165 +msgid "Pattern" +msgstr "Padrão" + +#: src/gui/.ui/filterdialog_q.cpp:150 +msgid "Filter" +msgstr "Filtrar" + +#: src/gui/.ui/filterdialog_q.cpp:151 src/gui/.ui/FWBMainWindow_q.cpp:452 +#: src/gui/.ui/FWBMainWindow_q.cpp:495 src/gui/.ui/FWBMainWindow_q.cpp:496 +msgid "Save" +msgstr "Salvar" + +#: src/gui/.ui/filterdialog_q.cpp:152 src/gui/.ui/prefsdialog_q.cpp:213 +#: src/gui/.ui/prefsdialog_q.cpp:392 +msgid "Load" +msgstr "Carregar" + +#: src/gui/.ui/filterdialog_q.cpp:153 src/gui/.ui/libexport_q.cpp:112 +msgid "Ok" +msgstr "Ok" + +#: src/gui/.ui/filterdialog_q.cpp:155 +msgid "Match" +msgstr "Casa" + +#: src/gui/.ui/filterdialog_q.cpp:157 +msgid "all" +msgstr "tudo" + +#: src/gui/.ui/filterdialog_q.cpp:158 src/gui/.ui/icmpservicedialog_q.cpp:173 +#: src/gui/.ui/icmpservicedialog_q.cpp:175 +msgid "any" +msgstr "qualquer" + +#: src/gui/.ui/filterdialog_q.cpp:159 +msgid "of the following:" +msgstr "do seguinte:" + +#: src/gui/.ui/filterdialog_q.cpp:161 +msgid "+" +msgstr "+" + +#: src/gui/.ui/filterdialog_q.cpp:162 +msgid "Add a new pattern" +msgstr "Adicionar novo padrão" + +#: src/gui/.ui/filterdialog_q.cpp:166 +msgid "Case sensitive" +msgstr "Sensível ao caixa" + +#: src/gui/.ui/filterdialog_q.cpp:167 +msgid "-" +msgstr "-" + +#: src/gui/.ui/filterdialog_q.cpp:168 +msgid "Remove a pattern" +msgstr "Remover um padrão" + +#: src/gui/.ui/finddialog_q.cpp:127 src/gui/.ui/FWBMainWindow_q.cpp:513 +msgid "Find Object" +msgstr "Procurar Objeto" + +#: src/gui/.ui/finddialog_q.cpp:128 +msgid "Text to be found in object names:" +msgstr "" + +#: src/gui/.ui/finddialog_q.cpp:129 +msgid "Search in policy rules" +msgstr "Procurar nas regras de políticas" + +#: src/gui/.ui/finddialog_q.cpp:130 +msgid "Search in the tree" +msgstr "Procurar na árvore" + +#: src/gui/.ui/finddialog_q.cpp:132 +msgid "Matching attribute:" +msgstr "Casando atributo:" + +#: src/gui/.ui/finddialog_q.cpp:135 src/gui/.ui/findobjectwidget_q.cpp:205 +msgid "TCP/UDP port" +msgstr "porta TCP/UDP" + +#: src/gui/.ui/finddialog_q.cpp:136 src/gui/.ui/findobjectwidget_q.cpp:206 +msgid "Protocol number" +msgstr "Número de protocolo" + +#: src/gui/.ui/finddialog_q.cpp:137 src/gui/.ui/findobjectwidget_q.cpp:207 +msgid "ICMP type" +msgstr "Tipo de ICMP" + +#: src/gui/.ui/finddialog_q.cpp:138 src/gui/.ui/findobjectwidget_q.cpp:208 +msgid "Search for substring using regular expressions" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:187 +#: src/gui/.ui/findwhereusedwidget_q.cpp:116 +#: src/gui/.ui/fwobjectdroparea_q.cpp:49 +#: src/gui/.ui/tagservicedialog_q.cpp:147 +msgid "Form1" +msgstr "Form1" + +#: src/gui/.ui/findobjectwidget_q.cpp:188 +msgid " Replace object " +msgstr " Substituir objeto " + +#: src/gui/.ui/findobjectwidget_q.cpp:189 +msgid "Replace && Find" +msgstr "Substituir && Procurar" + +#: src/gui/.ui/findobjectwidget_q.cpp:192 +msgid "Replace all" +msgstr "Substituir todos" + +#: src/gui/.ui/findobjectwidget_q.cpp:193 +msgid "Replace" +msgstr "Substituir" + +#: src/gui/.ui/findobjectwidget_q.cpp:194 +msgid "Scope for search and replace :" +msgstr "Escopo para a procura e substituição :" + +#: src/gui/.ui/findobjectwidget_q.cpp:196 +msgid "Tree only" +msgstr "Ãrvore apenas" + +#: src/gui/.ui/findobjectwidget_q.cpp:197 +msgid "Tree and policy of all firewalls" +msgstr "Ãrvore e políticas de todos os firewalls" + +#: src/gui/.ui/findobjectwidget_q.cpp:198 +msgid "Policy of all firewalls" +msgstr "Políticas de todos os firewalls" + +#: src/gui/.ui/findobjectwidget_q.cpp:199 +msgid "policy of the opened firewall" +msgstr "política do firewall aberto" + +#: src/gui/.ui/findobjectwidget_q.cpp:200 +#: src/gui/.ui/findwhereusedwidget_q.cpp:122 +#: src/gui/.ui/FWBMainWindow_q.cpp:446 src/gui/.ui/FWBMainWindow_q.cpp:497 +#: src/gui/.ui/simpletextview_q.cpp:94 +msgid "Close" +msgstr "Fechar" + +#: src/gui/.ui/findobjectwidget_q.cpp:201 +msgid " Find object" +msgstr "Procurar objeto" + +#: src/gui/.ui/findwhereusedwidget_q.cpp:62 +#: src/gui/.ui/findwhereusedwidget_q.cpp:119 +msgid "Parent Object" +msgstr "Objeto Pai" + +#: src/gui/.ui/findwhereusedwidget_q.cpp:117 +msgid "Object:" +msgstr "Objeto:" + +#: src/gui/.ui/findwhereusedwidget_q.cpp:118 +msgid "Object is found in :" +msgstr "Objeto encontrado em :" + +#: src/gui/.ui/firewalldialog_q.cpp:211 +msgid "Host OS Settings ..." +msgstr "Opções de S.O. da máquina ..." + +#: src/gui/.ui/firewalldialog_q.cpp:212 +msgid "Inactive firewall" +msgstr "Firewall inativo" + +#: src/gui/.ui/firewalldialog_q.cpp:213 +msgid "Skip this firewall for batch compile and install operations" +msgstr "" + +#: src/gui/.ui/firewalldialog_q.cpp:214 +msgid "Firewall Settings ..." +msgstr "Opções do Firewall ..." + +#: src/gui/.ui/firewalldialog_q.cpp:219 +msgid "Version:" +msgstr "Versão:" + +#: src/gui/.ui/firewalldialog_q.cpp:220 +msgid "Host OS:" +msgstr "S.O. da máquina:" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:186 +msgid "FreeBSD: advanced settings" +msgstr "FreeBSD: opções avançadas" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:191 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:183 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:177 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:211 +msgid "Forward source routed packets" +msgstr "Redirecionar pacotes de origem roteados" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:192 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:169 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:197 +msgid "Generate ICMP redirects" +msgstr "Gerar redirecionamentos ICMP" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:193 +#: src/gui/.ui/linux24advanceddialog_q.cpp:406 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:170 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:187 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:202 +msgid "Packet forwarding" +msgstr "Redirecionamento de pacote" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:207 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:187 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:201 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:215 +msgid "" +"Specify directory path and a file name for the following utilities on the OS " +"your firewall machine is running. Leave these empty if you want to use " +"default values." +msgstr "" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:208 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:214 +msgid "ipnat:" +msgstr "ipnat:" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:209 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:186 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:200 +msgid "sysctl:" +msgstr "sysctl:" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:210 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:213 +msgid "ipf:" +msgstr "ipf:" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:211 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:185 +msgid "ipfw:" +msgstr "ipfw:" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:212 +#: src/gui/.ui/linksysadvanceddialog_q.cpp:206 +#: src/gui/.ui/linux24advanceddialog_q.cpp:457 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:188 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:202 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:216 +msgid "Path" +msgstr "Caminho" + +#: src/gui/.ui/FWBMainWindow_q.cpp:441 +msgid "" +"Click here to change amount of information shown about object selected in " +"the tree" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:442 +msgid "Firewall Name" +msgstr "Nome do Firewall" + +#: src/gui/.ui/FWBMainWindow_q.cpp:443 src/gui/.ui/instdialog_q.cpp:281 +msgid "Firewalls:" +msgstr "Firewalls:" + +#: src/gui/.ui/FWBMainWindow_q.cpp:444 +msgid "Tab 1" +msgstr "Tabela 1" + +#: src/gui/.ui/FWBMainWindow_q.cpp:445 +msgid "Apply" +msgstr "Aplicar" + +#: src/gui/.ui/FWBMainWindow_q.cpp:447 +msgid "New Object File" +msgstr "Novo Objeto de Arquivo" + +#: src/gui/.ui/FWBMainWindow_q.cpp:448 +msgid "&New Object File" +msgstr "&Novo Objeto de Arquivo" + +#: src/gui/.ui/FWBMainWindow_q.cpp:450 +msgid "&Open..." +msgstr "&Abrir..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:451 +msgid "Ctrl+O" +msgstr "Ctrl+O" + +#: src/gui/.ui/FWBMainWindow_q.cpp:454 +msgid "Ctrl+S" +msgstr "Ctrl+S" + +#: src/gui/.ui/FWBMainWindow_q.cpp:455 +msgid "Save As" +msgstr "Salvar Como" + +#: src/gui/.ui/FWBMainWindow_q.cpp:456 +msgid "Save &As..." +msgstr "Salvar &Como..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:459 +msgid "&Print..." +msgstr "&Imprimir..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:460 +msgid "Ctrl+P" +msgstr "Ctrl+P" + +#: src/gui/.ui/FWBMainWindow_q.cpp:461 +msgid "Exit" +msgstr "Sair" + +#: src/gui/.ui/FWBMainWindow_q.cpp:462 +msgid "E&xit" +msgstr "Sai&r" + +#: src/gui/.ui/FWBMainWindow_q.cpp:464 +msgid "Undo" +msgstr "Desfazer" + +#: src/gui/.ui/FWBMainWindow_q.cpp:465 +msgid "&Undo" +msgstr "&Desfazer" + +#: src/gui/.ui/FWBMainWindow_q.cpp:466 +msgid "Ctrl+Z" +msgstr "Ctrl+Z" + +#: src/gui/.ui/FWBMainWindow_q.cpp:467 +msgid "Redo" +msgstr "Refazer" + +#: src/gui/.ui/FWBMainWindow_q.cpp:468 +msgid "&Redo" +msgstr "&Refazer" + +#: src/gui/.ui/FWBMainWindow_q.cpp:469 +msgid "Ctrl+Y" +msgstr "Ctrl+Y" + +#: src/gui/.ui/FWBMainWindow_q.cpp:471 +msgid "&Cut" +msgstr "&Cortar" + +#: src/gui/.ui/FWBMainWindow_q.cpp:472 +msgid "Ctrl+X" +msgstr "Ctrl+X" + +#: src/gui/.ui/FWBMainWindow_q.cpp:474 +msgid "C&opy" +msgstr "C&opiar" + +#: src/gui/.ui/FWBMainWindow_q.cpp:475 +msgid "Ctrl+C" +msgstr "Ctrl+C" + +#: src/gui/.ui/FWBMainWindow_q.cpp:477 +msgid "&Paste" +msgstr "&Colar" + +#: src/gui/.ui/FWBMainWindow_q.cpp:478 +msgid "Ctrl+V" +msgstr "Ctrl+V" + +#: src/gui/.ui/FWBMainWindow_q.cpp:481 src/gui/.ui/FWBMainWindow_q.cpp:517 +msgid "Ctrl+F" +msgstr "Ctrl+F" + +#: src/gui/.ui/FWBMainWindow_q.cpp:482 +msgid "Contents" +msgstr "Conteúdo" + +#: src/gui/.ui/FWBMainWindow_q.cpp:483 +msgid "&Contents..." +msgstr "&Conteúdo..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:485 +msgid "Index" +msgstr "Ãndice" + +#: src/gui/.ui/FWBMainWindow_q.cpp:486 +msgid "&Index..." +msgstr "&Ãndice..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:488 +msgid "About" +msgstr "Sobre" + +#: src/gui/.ui/FWBMainWindow_q.cpp:489 +msgid "&About" +msgstr "&Sobre" + +#: src/gui/.ui/FWBMainWindow_q.cpp:491 src/gui/.ui/FWBMainWindow_q.cpp:492 +msgid "New" +msgstr "Novo" + +#: src/gui/.ui/FWBMainWindow_q.cpp:501 +msgid "Compile rules" +msgstr "Compilar regras" + +#: src/gui/.ui/FWBMainWindow_q.cpp:504 +msgid "Install firewall policy" +msgstr "Instalar política de firewall" + +#: src/gui/.ui/FWBMainWindow_q.cpp:505 src/gui/.ui/FWBMainWindow_q.cpp:506 +#: src/gui/.ui/objectmanipulator_q.cpp:111 +msgid "Back" +msgstr "Voltar" + +#: src/gui/.ui/FWBMainWindow_q.cpp:507 src/gui/.ui/FWBMainWindow_q.cpp:508 +msgid "Move back to the previous object" +msgstr "Voltar para o objeto anterior" + +#: src/gui/.ui/FWBMainWindow_q.cpp:509 +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:155 +#: src/gui/.ui/objectmanipulator_q.cpp:114 +msgid "New Object" +msgstr "Novo Objeto" + +#: src/gui/.ui/FWBMainWindow_q.cpp:510 +msgid "&New Object" +msgstr "&Novo Objeto" + +#: src/gui/.ui/FWBMainWindow_q.cpp:511 src/gui/.ui/objectmanipulator_q.cpp:115 +msgid "Create New Object" +msgstr "Criar Novo Objeto" + +#: src/gui/.ui/FWBMainWindow_q.cpp:512 +msgid "Ctrl+N" +msgstr "Ctrl+N" + +#: src/gui/.ui/FWBMainWindow_q.cpp:514 +msgid "&Find Object" +msgstr "&Procurar Objeto" + +#: src/gui/.ui/FWBMainWindow_q.cpp:515 src/gui/.ui/FWBMainWindow_q.cpp:516 +msgid "Find object in the tree" +msgstr "Procurar objeto na árvore" + +#: src/gui/.ui/FWBMainWindow_q.cpp:518 +msgid "Preferences..." +msgstr "Preferências..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:519 +msgid "P&references..." +msgstr "P&referências..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:520 +msgid "Edit Preferences" +msgstr "Editar Preferências" + +#: src/gui/.ui/FWBMainWindow_q.cpp:523 src/gui/.ui/FWBMainWindow_q.cpp:524 +msgid "Move Rule Up" +msgstr "Mover Regra para cima" + +#: src/gui/.ui/FWBMainWindow_q.cpp:525 src/gui/.ui/FWBMainWindow_q.cpp:526 +msgid "Move Rule Down" +msgstr "Mover Regra para baixo" + +#: src/gui/.ui/FWBMainWindow_q.cpp:531 +msgid "Ctrl+Del" +msgstr "Ctrl+Del" + +#: src/gui/.ui/FWBMainWindow_q.cpp:540 +msgid "Add File to RCS" +msgstr "Adicionar Arquivo para RCS" + +#: src/gui/.ui/FWBMainWindow_q.cpp:541 +msgid "Add File to &RCS" +msgstr "Adicionar Arquivo para &RCS" + +#: src/gui/.ui/FWBMainWindow_q.cpp:544 +msgid "Export Library To a File" +msgstr "Exportar Biblioteca Para Arquivo" + +#: src/gui/.ui/FWBMainWindow_q.cpp:545 +msgid "&Export Library" +msgstr "&Exportar Biblioteca" + +#: src/gui/.ui/FWBMainWindow_q.cpp:546 +msgid "Import Library From a File" +msgstr "Importar Biblioteca Para Arquivo" + +#: src/gui/.ui/FWBMainWindow_q.cpp:547 +msgid "&Import Library" +msgstr "&Importar Biblioteca" + +#: src/gui/.ui/FWBMainWindow_q.cpp:548 +msgid "Debug" +msgstr "Depurar" + +#: src/gui/.ui/FWBMainWindow_q.cpp:549 +msgid "&Debug" +msgstr "&Depurar" + +#: src/gui/.ui/FWBMainWindow_q.cpp:550 src/gui/.ui/FWBMainWindow_q.cpp:551 +msgid "&Properties" +msgstr "&Propriedades" + +#: src/gui/.ui/FWBMainWindow_q.cpp:552 +msgid "Show File Properties" +msgstr "Mostrar Propriedades do Arquivo" + +#: src/gui/.ui/FWBMainWindow_q.cpp:553 src/gui/.ui/FWBMainWindow_q.cpp:554 +msgid "Move Selected Rules" +msgstr "Mover Regras Selecionadas" + +#: src/gui/.ui/FWBMainWindow_q.cpp:555 +msgid "Discard" +msgstr "Descartar" + +#: src/gui/.ui/FWBMainWindow_q.cpp:557 +msgid "" +"Discard Changes and Overwrite With Clean Copy Of The Head Revision From RCS" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:558 +msgid "Commit" +msgstr "Adicionar" + +#: src/gui/.ui/FWBMainWindow_q.cpp:559 +#, fuzzy +msgid "Co&mmit" +msgstr "Adicionar" + +#: src/gui/.ui/FWBMainWindow_q.cpp:560 +msgid "Commit Opened File to RCS and Continue Editing" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:567 src/gui/.ui/FWBMainWindow_q.cpp:568 +msgid "new item" +msgstr "novo item" + +#: src/gui/.ui/FWBMainWindow_q.cpp:569 src/gui/.ui/FWBMainWindow_q.cpp:570 +msgid "Find Conflicting Objects in Two Files" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:571 +#, fuzzy +msgid "Import Po&licy" +msgstr "&Importar Biblioteca" + +#: src/gui/.ui/FWBMainWindow_q.cpp:572 +msgid "Toolbar" +msgstr "Barra de Ferramentas" + +#: src/gui/.ui/FWBMainWindow_q.cpp:573 +msgid "&File" +msgstr "&Arquivo" + +#: src/gui/.ui/FWBMainWindow_q.cpp:574 +msgid "&Edit" +msgstr "&Editar" + +#: src/gui/.ui/FWBMainWindow_q.cpp:576 +msgid "Rules" +msgstr "Regras" + +#: src/gui/.ui/FWBMainWindow_q.cpp:577 +msgid "Tools" +msgstr "Ferramentas" + +#: src/gui/.ui/FWBMainWindow_q.cpp:578 +msgid "&Help" +msgstr "&Ajuda" + +#: src/gui/.ui/groupobjectdialog_q.cpp:190 +msgid "I" +msgstr "I" + +#: src/gui/.ui/groupobjectdialog_q.cpp:191 +msgid "L" +msgstr "L" + +#: src/gui/.ui/hostdialog_q.cpp:146 +msgid "MAC matching" +msgstr "MAC encontrado" + +#: src/gui/.ui/icmpservicedialog_q.cpp:167 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1071 +msgid "ICMP" +msgstr "ICMP" + +#: src/gui/.ui/icmpservicedialog_q.cpp:172 +msgid "ICMP Type:" +msgstr "Tipo de ICMP:" + +#: src/gui/.ui/icmpservicedialog_q.cpp:174 +msgid "ICMP Code:" +msgstr "Código de ICMP:" + +#: src/gui/.ui/instdialog_q.cpp:85 src/gui/.ui/instdialog_q.cpp:270 +#: src/gui/.ui/librarydialog_q.cpp:136 src/gui/.ui/librarydialog_q.cpp:137 +msgid "Library" +msgstr "Biblioteca" + +#: src/gui/.ui/instdialog_q.cpp:87 src/gui/.ui/instdialog_q.cpp:271 +msgid "Last Modified" +msgstr "Última Modificação" + +#: src/gui/.ui/instdialog_q.cpp:89 src/gui/.ui/instdialog_q.cpp:272 +msgid "Last Compiled" +msgstr "Última Compilação" + +#: src/gui/.ui/instdialog_q.cpp:91 src/gui/.ui/instdialog_q.cpp:273 +msgid "Last Installed" +msgstr "Última Instalação" + +#: src/gui/.ui/instdialog_q.cpp:136 src/gui/.ui/instdialog_q.cpp:280 +msgid "Progress" +msgstr "Progresso" + +#: src/gui/.ui/instdialog_q.cpp:225 src/gui/.ui/instdialog_q.cpp:290 +msgid "Compile status" +msgstr "Estado da compilação" + +#: src/gui/.ui/instdialog_q.cpp:226 src/gui/.ui/instdialog_q.cpp:291 +msgid "Install status" +msgstr "Estado da Instalação" + +#: src/gui/.ui/instdialog_q.cpp:263 +msgid "Firewall Builder: Policy Installer" +msgstr "Firewall Builder: Instalador de Políticas" + +#: src/gui/.ui/instdialog_q.cpp:264 +msgid "" +"

    Select firewalls to compile and " +"install.

    " +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:265 +msgid "Perform batch install" +msgstr "Executar instalação em lote" + +#: src/gui/.ui/instdialog_q.cpp:266 +msgid "" +"Check this option if you want to install all selected firewalls " +"automatically. This only works if you use the same user name and password to " +"authenticate to all these firewalls. " +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:275 +msgid "None" +msgstr "Nenhum" + +#: src/gui/.ui/instdialog_q.cpp:282 +msgid "firewall" +msgstr "firewall" + +#: src/gui/.ui/instdialog_q.cpp:283 +msgid "Progress:" +msgstr "Progresso:" + +#: src/gui/.ui/instdialog_q.cpp:285 +msgid "Show Details" +msgstr "Mostrar Detalhes" + +#: src/gui/.ui/instdialog_q.cpp:286 +msgid "Process log" +msgstr "Processo de depuração" + +#: src/gui/.ui/instoptionsdialog_q.cpp:283 +msgid "Install options" +msgstr "Opções da instalação" + +#: src/gui/.ui/instoptionsdialog_q.cpp:284 +#, qt-format +msgid "" +"

    Install options for firewall '%1'

    " +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:287 +msgid "min" +msgstr "min" + +#: src/gui/.ui/instoptionsdialog_q.cpp:288 +msgid "" +"Test run: run the script on the firewall but do not store it permanently." +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:289 +msgid "Schedule reboot in " +msgstr "Agendar reinício em " + +#: src/gui/.ui/instoptionsdialog_q.cpp:290 +msgid "" +"Rebooting the firewall will restore its original policy. To cancel reboot, " +"install the policy with \"test run\" option turned off" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:291 +msgid "" +"If you install the policy in test mode, it will not be saved permanently, so " +"you can revert to the last working configuration by rebooting the firewall" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:292 +msgid "Cancel reboot if policy activation was successfull" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:293 +msgid "" +"Quiet install: do not print anything as commands are executed on the firewall" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:294 +msgid "Verbose: print all commands as they are executed on the firewall" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:295 +msgid "Remove comments from configuration" +msgstr "Remover comentários da configuração" + +#: src/gui/.ui/instoptionsdialog_q.cpp:296 +msgid "Compress script" +msgstr "Script de compressão" + +#: src/gui/.ui/instoptionsdialog_q.cpp:297 +msgid "Store a copy of fwb file on the firewall" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:298 +msgid "Alternative address to communicate with the firewall:" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:299 +msgid "Options for PIX and fwsm firewalls :" +msgstr "Opções dos firewalls PIX e fwsm :" + +#: src/gui/.ui/instoptionsdialog_q.cpp:300 +msgid "Write configuration to standby PIX" +msgstr "Gravar configuração no PIX em espera" + +#: src/gui/.ui/instoptionsdialog_q.cpp:301 +msgid "Dry run (commands won't be executed on the firewall)" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:302 +msgid "Store configuration diff in a file" +msgstr "Gravar a diferença de configuração num arquivo" + +#: src/gui/.ui/instoptionsdialog_q.cpp:303 +msgid "" +"install only ACL, 'icmp', 'telnet', 'ssh', 'nat', 'global' and 'static' " +"commands" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:304 +msgid "" +"Calculate difference between current firewall state and generated " +"configuration and install only those commands that update state of the " +"firewall" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:305 +msgid "Make a backup copy of the firewall configuration in this file:" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:306 +msgid "Password or passphrase:" +msgstr "Senha ou palavra chave:" + +#: src/gui/.ui/instoptionsdialog_q.cpp:307 +msgid "User name:" +msgstr "Nome do usuário:" + +#: src/gui/.ui/instoptionsdialog_q.cpp:308 +msgid "Enable password:" +msgstr "Ativar senha:" + +#: src/gui/.ui/interfacedialog_q.cpp:235 +#: src/gui/.ui/newfirewalldialog_q.cpp:507 src/gui/.ui/newhostdialog_q.cpp:393 +msgid "Label:" +msgstr "Etiqueta:" + +#: src/gui/.ui/interfacedialog_q.cpp:237 +msgid "Security level:" +msgstr "Nível de Segurança:" + +#: src/gui/.ui/interfacedialog_q.cpp:238 +msgid "" +"

    Each interface of the firewall must have security level associated with " +"it.
    Security level can be any number between 0 and 100, 0 being least " +"secure and 100 being most secure levels. Interface with security level 0 " +"ususally serves Internet connection.

    " +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:239 +msgid "" +"

    Each interface of the firewall must have security level associated with " +"it.
    \n" +"Security level can be any number between 0 and 100, 0 being least secure and " +"100 being most secure levels. Interface with security level 0 ususally " +"serves Internet connection.

    " +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:241 src/gui/.ui/interfacedialog_q.cpp:244 +msgid "" +"

    Network zone consists of hosts and networks that can be reached through " +"this interface of the firewall. Subnet to which this interface is directly " +"attached must be part of its network zone. Other subnets reachable by means " +"of routing should alse be added to the network zone.\n" +"
    \n" +"If network zone for this interface consists of only one subnet, you can " +"simply choose that network's object in the pull-down below. If your network " +"zone should include multiple subnets, you need to create an Object Group, " +"then put all hosts and networks which are going to be part of the network " +"zone into that group and finally choose this group in the pull-down below." +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:247 +msgid "Network zone:" +msgstr "Zona de rede:" + +#: src/gui/.ui/interfacedialog_q.cpp:249 +msgid "This interface is external (insecure)" +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:250 +msgid "" +"

    One interface of the firewall must be marked as 'external'. This " +"interface should be connected to the least secure network, usually the " +"Internet.

    " +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:251 +msgid "" +"One interface of the firewall must be marked as 'external'. This interface " +"should be connected to the least secure network, usually the Internet." +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:252 +msgid "Management interface" +msgstr "Gerenciador de interface" + +#: src/gui/.ui/interfacedialog_q.cpp:253 +msgid "" +"

    Check if this interface is used for management (SNMP queries, remote " +"policy install etc.)

    " +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:255 +msgid "Address is assigned dynamically" +msgstr "Endereço designado dinamicamente" + +#: src/gui/.ui/interfacedialog_q.cpp:256 +#: src/gui/.ui/newfirewalldialog_q.cpp:515 +msgid "Regular interface" +msgstr "Interface normal" + +#: src/gui/.ui/interfacedialog_q.cpp:257 +#, fuzzy +msgid "Unprotected interface" +msgstr "Interface não numerada" + +#: src/gui/.ui/interfacedialog_q.cpp:258 +msgid "Skip this interface while assigning policy rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:546 +msgid "ipf: advanced settings" +msgstr "ipf: opções avançadas" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:551 +msgid "Use raudio proxy in NAT rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:552 +msgid "Use h323 proxy in NAT rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:553 +msgid "Use ipsec proxy in NAT rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:554 +msgid "Use ftp proxy in NAT rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:555 +msgid "Use rcmd proxy in NAT rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:556 +msgid "Use Kerberos rcmd proxy in NAT rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:557 +msgid "Use Kerberos ekshell proxy in NAT rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:558 +msgid "" +"Some protocols involve multiple associated network connections. Firewall can " +"keep track of such connections automatically if you activate one or all of " +"the following options:" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:559 +msgid "Use PPTP proxy in NAT rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:560 +msgid "Use IRC proxy in NAT rules for DCC" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:561 +msgid "Protocol Helpers" +msgstr "Ajudante de Protocolos" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:562 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:356 +#: src/gui/.ui/iptadvanceddialog_q.cpp:610 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1004 +msgid "Compiler:" +msgstr "Compilador:" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:563 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1019 +msgid "" +"There are two ways compiler can generate code for rules in the Global " +"Policy: it can either create two ipf rules to control both incoming and " +"outgoing packets for each rule, or it can create only one ipf rule for " +"incoming packets and permit all outgoing ones.You get more control over the " +"packets crossing the firewall in the first mode, but generated script is " +"going to be smaller if you choose the second." +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:564 +msgid "" +"Masquerade returned icmp as being from original\n" +"packet's destination" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:567 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1018 +msgid "Generate both 'in' and 'out' rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:568 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1017 +msgid "Pass all outgoing" +msgstr "Permitir todas as saídas" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:569 +#: src/gui/.ui/iptadvanceddialog_q.cpp:608 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1009 +msgid "Accept TCP sessions opened prior to firewall restart" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:570 +msgid "Find and eliminate duplicate rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:571 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:360 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1011 +msgid "Detect rule shadowing in policy" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:572 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:361 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1012 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1846 +msgid "" +"Shadowing happens because a rule is a superset of a subsequent rule and any " +"packets potentially matched by the subsequent rule have already been matched " +"by the prior rule." +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:573 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:358 +#: src/gui/.ui/iptadvanceddialog_q.cpp:616 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1013 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1841 +msgid "Ignore empty groups in rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:574 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:359 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1014 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1842 +msgid "" +"If the option is deactivated, compiler treats empty groups as an error and " +"aborts processing the policy. If this option is activated, compiler removes " +"all empty groups from all rule elements. If rule element becomes 'any' after " +"the last empty group has been removed, the whole rule will be ignored. Use " +"this option only if you fully understand how it works!" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:575 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:364 +#: src/gui/.ui/iptadvanceddialog_q.cpp:617 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1006 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1828 +msgid "" +"Always permit ssh access from\n" +"the management workstation\n" +"with this address:" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:578 +#: src/gui/.ui/iptadvanceddialog_q.cpp:620 +msgid "Default action on 'Reject':" +msgstr "Ação padrão como 'Rejeitar':" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:579 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:355 +#: src/gui/.ui/iptadvanceddialog_q.cpp:603 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1005 +msgid "Command line options for the compiler:" +msgstr "Opções de comando para o compilador:" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:580 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:357 +#: src/gui/.ui/iptadvanceddialog_q.cpp:611 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1015 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1827 +msgid "" +"Output file name (if left blank, the file name is constructed of the " +"firewall object name and extension \".fw\")" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:581 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:367 +#: src/gui/.ui/iptadvanceddialog_q.cpp:623 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1021 +msgid "Compiler" +msgstr "Compilador" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:582 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:368 +#: src/gui/.ui/iptadvanceddialog_q.cpp:624 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1096 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1873 +msgid "External install script" +msgstr "Script de instalação externo" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:583 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:369 +#: src/gui/.ui/iptadvanceddialog_q.cpp:625 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1097 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1874 +msgid "" +"Policy install script (using built-in installer if this field is blank):" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:584 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:370 +#: src/gui/.ui/iptadvanceddialog_q.cpp:626 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1098 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1875 +msgid "Command line options for the script:" +msgstr "Opções de linha de comando para o script:" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:585 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:371 +#: src/gui/.ui/iptadvanceddialog_q.cpp:627 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1099 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1876 +msgid "Built-in installer" +msgstr "Instalador embutido" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:586 +msgid "Directory on the firewall where configuration files should be installed" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:587 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:376 +#: src/gui/.ui/iptadvanceddialog_q.cpp:632 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1104 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1879 +msgid "Additional command line parameters for ssh" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:588 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:375 +#: src/gui/.ui/iptadvanceddialog_q.cpp:631 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1103 +msgid "" +"A command that installer should execute on the firewall in order to activate " +"the policy (if this field is blank, installer runs firewall script in the " +"directory specified above; it uses sudo if user name is not 'root')" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:589 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:372 +#: src/gui/.ui/iptadvanceddialog_q.cpp:628 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1100 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1877 +msgid "" +"Alternative name or address used to communicate with the firewall (also " +"putty session name on Windows)" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:590 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:373 +#: src/gui/.ui/iptadvanceddialog_q.cpp:629 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1101 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1878 +msgid "" +"User name used to authenticate to the firewall (leave this empty if you use " +"putty session):" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:591 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:377 +#: src/gui/.ui/iptadvanceddialog_q.cpp:633 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1105 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1880 +msgid "Installer" +msgstr "Instalador" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:594 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:384 +#: src/gui/.ui/iptadvanceddialog_q.cpp:640 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1113 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1883 +msgid "" +"The following commands will be added verbatim on top of generated " +"configuration" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:599 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:381 +#: src/gui/.ui/iptadvanceddialog_q.cpp:637 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1109 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1888 +msgid "" +"The following commands will be added verbatim after generated configuration" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:600 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:386 +#: src/gui/.ui/iptadvanceddialog_q.cpp:647 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1118 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1889 +msgid "Prolog/Epilog" +msgstr "Prolog/Epilogo" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:601 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:849 +msgid "Log facility:" +msgstr "Depuração:" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:602 +#: src/gui/.ui/iptadvanceddialog_q.cpp:654 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:799 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:850 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:881 +msgid "Log level:" +msgstr "Nível de depuração:" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:603 +msgid "Log packet body" +msgstr "Corpo do pacote de depuração" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:604 +msgid "Block if can not log" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:605 +#: src/gui/.ui/iptadvanceddialog_q.cpp:663 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1121 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2076 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:801 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:851 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:858 +msgid "Logging" +msgstr "Depuração" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:606 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:387 +#: src/gui/.ui/iptadvanceddialog_q.cpp:669 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1122 +msgid "Add virtual addresses for NAT" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:607 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:388 +#: src/gui/.ui/iptadvanceddialog_q.cpp:665 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1123 +msgid "Configure Interfaces of the firewall machine" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:608 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:389 +#: src/gui/.ui/iptadvanceddialog_q.cpp:666 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1124 +msgid "Turn debugging on in generated script" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:609 +msgid "Optimization" +msgstr "Otimização" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:610 +msgid "" +"If this option is on, policy compiler adds virtual addresses to the " +"interfaces to make the firewall answer to ARP queries for addresses used in " +"NAT rules." +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:611 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:390 +#: src/gui/.ui/iptadvanceddialog_q.cpp:664 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1125 +msgid "These options enable auxiliary sections in the generated shell script." +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:612 +msgid "Determine addresses of dynamic interfaces at run time" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:613 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:391 +#: src/gui/.ui/iptadvanceddialog_q.cpp:672 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1126 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1872 +msgid "Script Options" +msgstr "Opções de Script" + +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:350 +msgid "ipfw: advanced settings" +msgstr "ipfw: opções avançadas" + +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:362 +msgid "" +"Add rule to accept packets matching dynamic rules created for\n" +"known sessions on top of the policy (action 'check-state')" +msgstr "" + +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:374 +#: src/gui/.ui/iptadvanceddialog_q.cpp:630 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1102 +msgid "Directory on the firewall where script should be installed" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:208 +msgid "IP" +msgstr "IP" + +#: src/gui/.ui/ipservicedialog_q.cpp:212 +msgid "all fragments" +msgstr "todos os fragmentos" + +#: src/gui/.ui/ipservicedialog_q.cpp:213 +msgid "rr (record route)" +msgstr "rr (registro de rota)" + +#: src/gui/.ui/ipservicedialog_q.cpp:214 +msgid "timestamp" +msgstr "timestamp" + +#: src/gui/.ui/ipservicedialog_q.cpp:215 +msgid "ssrr (strict source route)" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:216 +msgid "'short' fragments" +msgstr "fragmentos 'curtos'" + +#: src/gui/.ui/ipservicedialog_q.cpp:217 +msgid "lsrr (loose source route)" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:220 +msgid "Protocol number:" +msgstr "Numero de protocolo:" + +#: src/gui/.ui/ipservicedialog_q.cpp:221 +msgid "( 0 - any protocol )" +msgstr "( 0 - qualquer protocolo )" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:598 +msgid "iptables: advanced settings" +msgstr "iptables: opções avançadas" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:604 +msgid "Accept ESTABLISHED and RELATED packets before the first rule" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:605 +msgid "Bridging firewall" +msgstr "Firewall Bridge" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:606 +msgid "Detect shadowing in policy rules" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:607 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1832 +msgid "Assume firewall is part of 'any'" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:609 +msgid "Enable support for NAT of locally originated connections" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:612 +msgid "" +"Drop packets that are associated with\n" +"no known connection" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:614 +msgid "and log them" +msgstr "e depure eles" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:615 +msgid "Clamp MSS to MTU" +msgstr "Passar MSS para MTU" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:621 +msgid "Make Tag and Classify actions terminating" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:622 +msgid "Do not set default policy for ipv6" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:642 +msgid "Insert prolog script " +msgstr "Inserir script prolog " + +#: src/gui/.ui/iptadvanceddialog_q.cpp:649 +msgid "use ULOG" +msgstr "usar ULOG" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:650 +msgid "use LOG" +msgstr "usar LOG" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:651 +msgid "log TCP seq. numbers" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:652 +msgid "log IP options" +msgstr "opções de depuração de IP" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:653 +msgid "use numeric syslog levels" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:655 +msgid "log TCP options" +msgstr "opções de depuração de TCP" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:656 +msgid "cprange" +msgstr "cprange" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:657 +msgid "queue threshold:" +msgstr "limiar de fila:" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:658 +msgid "netlink group:" +msgstr "grupo netlink:" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:659 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:798 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:857 +msgid "Log prefix:" +msgstr "Prefixo de depuração:" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:660 +msgid "Logging limit:" +msgstr "Limite de depuração:" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:661 +msgid "" +"Activate logging in all rules\n" +"(overrides rule options, use for debugging)" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:667 +msgid "Verify interfaces before loading firewall policy" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:668 +msgid "Load modules" +msgstr "Carregar módulos" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:670 +msgid "Use iptables-restore to activate policy" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:671 +msgid "iptables-restore replaces firewall policy in one atomic transaction" +msgstr "" + +#: src/gui/.ui/ipv4dialog_q.cpp:169 +msgid "IPv4" +msgstr "IPv4" + +#: src/gui/.ui/ipv4dialog_q.cpp:176 +msgid "DNS Lookup..." +msgstr "Pesquisa de DNS..." + +#: src/gui/.ui/libexport_q.cpp:106 +msgid "Export" +msgstr "Exportar" + +#: src/gui/.ui/libexport_q.cpp:107 +msgid "" +"This will export a library to a file which can later be imported back into " +"Firewall Builder" +msgstr "" + +#: src/gui/.ui/libexport_q.cpp:109 +msgid "New Item" +msgstr "Novo Item" + +#: src/gui/.ui/libexport_q.cpp:110 +msgid "Make exported libraries read-only" +msgstr "" + +#: src/gui/.ui/libexport_q.cpp:111 +msgid "Choose libraries to be exported:" +msgstr "Escolha as bibliotecas que serão exportadas:" + +#: src/gui/.ui/librarydialog_q.cpp:138 +msgid "Color:" +msgstr "Cor:" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:195 +msgid "Linksys/Sveasoft: advanced settings" +msgstr "Linksys/Sveasoft: opções avançadas" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:200 +#: src/gui/.ui/linux24advanceddialog_q.cpp:450 +msgid "modprobe:" +msgstr "modprobe:" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:201 +#: src/gui/.ui/linux24advanceddialog_q.cpp:451 +msgid "logger:" +msgstr "depurador:" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:202 +#: src/gui/.ui/linux24advanceddialog_q.cpp:452 +msgid "ip:" +msgstr "ip:" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:203 +#: src/gui/.ui/linux24advanceddialog_q.cpp:453 +msgid "lsmod" +msgstr "lsmod" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:204 +#: src/gui/.ui/linux24advanceddialog_q.cpp:455 +msgid "iptables:" +msgstr "iptables:" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:205 +#: src/gui/.ui/linux24advanceddialog_q.cpp:454 +msgid "" +"Specify directory path and a file name for each utility on your firewall " +"machine. Leave these empty if you want to use default values." +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:207 +msgid "" +"Policy installer relies on the shell prompt on the firewall to execute " +"commands. Installer tries both prompt string patterns configured here; it " +"assumes that the firewall is ready to accept a command if either prompt " +"matches. You should only need to change these string patterns if Sveasoft " +"changes the shell prompt in the future releases of the software.\n" +"
    \n" +"
    \n" +"The default strings work for Sveasoft Alchemy pre-5.1 and pre-5.2" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:211 +msgid "Use default prompts" +msgstr "Usar prompt padrão" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:212 +msgid "prompt 2" +msgstr "prompt 2" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:213 +msgid "prompt 1" +msgstr "prompt 1" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:214 +msgid "Prompts" +msgstr "Prompts" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:365 +msgid "Linux 2.4: advanced settings" +msgstr "Linux 2.4: opções avançadas" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:407 +msgid "Kernel anti-spoofing protection" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:408 +msgid "Ignore broadcast pings" +msgstr "Ignorar pings em broadcast" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:409 +msgid "Ignore all pings" +msgstr "Ignorar todos os pings" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:410 +msgid "Accept source route" +msgstr "Aceitar rota de origem" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:411 +msgid "Accept ICMP redirects" +msgstr "Aceitar redirecionamento de ICMP" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:412 +msgid "Ignore bogus ICMP errors" +msgstr "Ignorar erros bogus ICMP" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:413 +msgid "Allow dynamic addresses" +msgstr "Aceitar endereços dinâmicos" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:414 +msgid "Log martians" +msgstr "Depurar martians" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:416 +msgid "" +"These parameters make sense for connections to or from the firewall host" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:441 +msgid "TCP sack" +msgstr "TCP sack" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:442 +msgid "TCP window scaling" +msgstr "TCP window scaling" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:443 +msgid "TCP ECN" +msgstr "TCP ECN" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:444 +msgid "TCP SYN cookies" +msgstr "TCP SYN cookies" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:445 +msgid "TCP keepalive time (sec)" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:446 +msgid "TCP fack" +msgstr "TCP fack" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:447 +msgid "TCP timestamps" +msgstr "TCP timestamps" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:448 +msgid "TCP FIN timeout (sec)" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:449 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1051 +#: src/gui/.ui/tcpservicedialog_q.cpp:370 +msgid "TCP" +msgstr "TCP" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:456 +msgid "iptables-restore:" +msgstr "iptables-restore:" + +#: src/gui/.ui/longtextdialog_q.cpp:95 +msgid "longTextDialog_q" +msgstr "longTextDialog_q" + +#: src/gui/.ui/longtextdialog_q.cpp:97 +msgid "this is the error text" +msgstr "este é a mensagem de erro" + +#: src/gui/.ui/macosxadvanceddialog_q.cpp:164 +msgid "MacOS X: advanced settings" +msgstr "MacOS X: opções avançadas" + +#: src/gui/.ui/metriceditorpanel_q.cpp:78 +msgid "textLabel2" +msgstr "" + +#: src/gui/.ui/natruleoptionsdialog_q.cpp:154 +msgid "NAT Rule Options" +msgstr "Opção para Regras de NAT" + +#: src/gui/.ui/natruleoptionsdialog_q.cpp:156 +msgid "No options are available for this firewall platform" +msgstr "" + +#: src/gui/.ui/natruleoptionsdialog_q.cpp:157 +msgid "Pool type" +msgstr "Tipo pool" + +#: src/gui/.ui/natruleoptionsdialog_q.cpp:158 +msgid "default" +msgstr "padrão" + +#: src/gui/.ui/newfirewalldialog_q.cpp:172 +#: src/gui/.ui/newfirewalldialog_q.cpp:323 +#: src/gui/.ui/newfirewalldialog_q.cpp:502 +#: src/gui/.ui/newfirewalldialog_q.cpp:524 src/gui/.ui/newhostdialog_q.cpp:188 +#: src/gui/.ui/newhostdialog_q.cpp:398 +msgid "Label" +msgstr "Etiqueta" + +#: src/gui/.ui/newfirewalldialog_q.cpp:174 +#: src/gui/.ui/newfirewalldialog_q.cpp:504 src/gui/.ui/newhostdialog_q.cpp:190 +#: src/gui/.ui/newhostdialog_q.cpp:400 +msgid "Netmask" +msgstr "Máscara" + +#: src/gui/.ui/newfirewalldialog_q.cpp:175 +#: src/gui/.ui/newfirewalldialog_q.cpp:505 src/gui/.ui/newhostdialog_q.cpp:191 +#: src/gui/.ui/newhostdialog_q.cpp:401 +msgid "Dyn" +msgstr "Dyn" + +#: src/gui/.ui/newfirewalldialog_q.cpp:176 +#: src/gui/.ui/newfirewalldialog_q.cpp:506 src/gui/.ui/newhostdialog_q.cpp:192 +#: src/gui/.ui/newhostdialog_q.cpp:402 +msgid "MAC" +msgstr "MAC" + +#: src/gui/.ui/newfirewalldialog_q.cpp:325 +#: src/gui/.ui/newfirewalldialog_q.cpp:526 +msgid "Security Level" +msgstr "Nível de Segurança" + +#: src/gui/.ui/newfirewalldialog_q.cpp:487 src/gui/.ui/newhostdialog_q.cpp:378 +msgid "Enter the name of the new object below:" +msgstr "Preencha abaixo o nome do novo objeto:" + +#: src/gui/.ui/newfirewalldialog_q.cpp:488 +msgid "Choose firewall software it is running:" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:489 +msgid "Choose OS the new firewall runs on:" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:490 +msgid "Use preconfigured template firewall objects" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:492 +msgid "" +"Next step is to add interfaces to the new firewall. There are two ways to do " +"it: using SNMP query or manually. Adding them using SNMP query is fast and " +"automatic, but is only possible if firewall runs SNMP agent and you know " +"SNMP community string 'read'." +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:494 src/gui/.ui/newhostdialog_q.cpp:383 +msgid "Configure interfaces manually" +msgstr "Configurar interfaces manualmente" + +#: src/gui/.ui/newfirewalldialog_q.cpp:495 +msgid "Use SNMP to discover interfaces of the firewall" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:496 src/gui/.ui/newhostdialog_q.cpp:385 +msgid "Discover Interfaces using SNMP" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:499 +msgid "" +"Here you can add or edit interfaces manually. 'Name' corresponds to the name " +"of the physical interface, such as 'eth0', 'fxp0', 'ethernet0' etc. 'Label' " +"is used to mark interface to reflect network topology, e.g. 'outside' or " +"'inside'. Label is mandatory for PIX firewall." +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:500 src/gui/.ui/newhostdialog_q.cpp:391 +msgid "Click 'Next' when done." +msgstr "Clique 'Próximo' quando feito." + +#: src/gui/.ui/newfirewalldialog_q.cpp:509 src/gui/.ui/newhostdialog_q.cpp:408 +msgid "Update" +msgstr "Atualizar" + +#: src/gui/.ui/newfirewalldialog_q.cpp:510 src/gui/.ui/newhostdialog_q.cpp:407 +msgid "Add" +msgstr "Adicionar" + +#: src/gui/.ui/newfirewalldialog_q.cpp:519 src/gui/.ui/newhostdialog_q.cpp:403 +msgid "MAC:" +msgstr "MAC:" + +#: src/gui/.ui/newfirewalldialog_q.cpp:521 +msgid "up" +msgstr "acima" + +#: src/gui/.ui/newfirewalldialog_q.cpp:522 +msgid "down" +msgstr "abaixo" + +#: src/gui/.ui/newfirewalldialog_q.cpp:527 +msgid "Click 'Finish' when done." +msgstr "Clique 'Finalizar' quando feito." + +#: src/gui/.ui/newfirewalldialog_q.cpp:528 +msgid "" +"In order to be able to build firewall policy properly, Firewall Builder " +"needs information about 'security level' of the firewall's interfaces. " +"Interface that connects it to the Internet is considered 'insecure' and has " +"security level '0', while interface connected to the internal network is " +"supposed to be 'secure' (security level '100'). You can arrange interfaces " +"in the order of their security level below." +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:530 src/gui/.ui/newhostdialog_q.cpp:411 +msgid "" +"Choose template object in the list and click 'Finish' when ready. Template " +"objects use generic interface names that will be iherited by the firewall " +"object you create. You may need to rename them later to reflect real names " +"of interfaces on your firewall machine." +msgstr "" + +#: src/gui/.ui/newgroupdialog_q.cpp:99 +msgid "Group Name:" +msgstr "Nome do Grupo:" + +#: src/gui/.ui/newgroupdialog_q.cpp:100 +msgid "This operation will create a new group and put selected objects in it" +msgstr "" + +#: src/gui/.ui/newgroupdialog_q.cpp:101 +msgid "Create a group" +msgstr "Criar um Grupo" + +#: src/gui/.ui/newhostdialog_q.cpp:379 +msgid "Use preconfigured template host objects" +msgstr "" + +#: src/gui/.ui/newhostdialog_q.cpp:381 +msgid "" +"Next step is to add interfaces to the new host. There are two ways to do it: " +"using SNMP query or manually. Adding them using SNMP query is fast and " +"automatic, but is only possible if the host runs SNMP agent and you know " +"SNMP community string 'read'." +msgstr "" + +#: src/gui/.ui/newhostdialog_q.cpp:384 +msgid "Use SNMP to discover interfaces of the host" +msgstr "" + +#: src/gui/.ui/newhostdialog_q.cpp:388 +msgid "" +"Here you can add or edit interfaces manually. 'Name' corresponds to the name " +"of the physical interface, such as 'eth0', 'fxp0', 'ethernet0' etc. 'Label' " +"is used to mark interface to reflect network topology, e.g. 'outside' or " +"'inside'." +msgstr "" + +#: src/gui/.ui/newhostdialog_q.cpp:396 +msgid "" +"This is unnumbered interface, that is, it does not have an IP address. You " +"can use this for interfaces that terminate PPPoE or other VPN tunnels" +msgstr "" + +#: src/gui/.ui/newhostdialog_q.cpp:405 +msgid "" +"Address of this interface is assigned dynamically using DHCP or PPP protocol" +msgstr "" + +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:148 +msgid "Conflict Resolution" +msgstr "Conflito de Resolução" + +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:149 +msgid "" +"There is a conflict between an object in your tree and object in the file " +"you are trying to open. Choose which version of this object you want to use:" +msgstr "" + +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:150 +msgid "Current Object " +msgstr "Objeto Atual" + +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:153 +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:158 +msgid "" +"Always choose this\n" +"object if there is a conflict" +msgstr "" + +#: src/gui/.ui/objectmanipulator_q.cpp:108 +msgid "Tree of Objects" +msgstr "Ãrvore de Objetos" + +#: src/gui/.ui/objectmanipulator_q.cpp:112 +msgid "Go back to the previous object" +msgstr "Voltar para o objeto anterior" + +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:172 +msgid "OpenBSD: advanced settings" +msgstr "OpenBSD: opções avançadas" + +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:178 +msgid "Enable directed broadcast" +msgstr "Ligar broadcast direto" + +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:199 +msgid "pfctl:" +msgstr "pfctl:" + +#: src/gui/.ui/pagesetupdialog_q.cpp:103 +msgid "Page Setup" +msgstr "Configuração de Página" + +#: src/gui/.ui/pagesetupdialog_q.cpp:104 +msgid "start each section on a new page" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:105 +msgid "print header on every page" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:106 +msgid "print legend" +msgstr "imprimir legenda" + +#: src/gui/.ui/pagesetupdialog_q.cpp:107 +msgid "print objects used in rules" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:109 +msgid "Alt+O" +msgstr "Alt+O" + +#: src/gui/.ui/pagesetupdialog_q.cpp:112 +msgid "Scale tables: " +msgstr "Tabelas escaláveis:" + +#: src/gui/.ui/pagesetupdialog_q.cpp:114 +msgid "50%" +msgstr "50%" + +#: src/gui/.ui/pagesetupdialog_q.cpp:115 +msgid "75%" +msgstr "75%" + +#: src/gui/.ui/pagesetupdialog_q.cpp:116 +msgid "100%" +msgstr "100%" + +#: src/gui/.ui/pagesetupdialog_q.cpp:117 +msgid "150%" +msgstr "150%" + +#: src/gui/.ui/pagesetupdialog_q.cpp:118 +msgid "200%" +msgstr "200%" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:999 +msgid "pf: advanced settings" +msgstr "pf: opções avançadas" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1010 +msgid "Modulate state for all stateful rules (applies only to TCP services)" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1020 +msgid "Optimization:" +msgstr "Otimização:" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1022 +msgid "Enforce Minimum TTL:" +msgstr "Reforçar Mínimo TTL:" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1023 +msgid "Enforce Maximum MSS:" +msgstr "Reforçar Máximo MSS:" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1024 +msgid "Enforces a maximum Maximum Segment Size (MSS) in TCP packet headers." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1025 +msgid "Enforces a minimum Time To Live (TTL) in IP packet headers." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1026 +msgid "Reassemble fragments" +msgstr "Remontar fragmentos" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1027 +msgid "Clear DF bit" +msgstr "Limpar o bit DF" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1028 +msgid "Clears the don't fragment bit from the IP packet header." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1029 +msgid "Use random ID" +msgstr "Usar ID randômico" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1030 +msgid "" +"Replaces the IP identification field of outgoing packets with random values " +"to compensate for operating systems that use predictable values." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1032 +msgid "Buffer and reassemble fragments (default)" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1033 +msgid "" +"Buffers incoming packet fragments and reassembles them into a complete " +"packet before passing them to the filter engine." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1034 +msgid "Drop duplicate fragments, do not buffer and reassemble" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1035 +msgid "" +"Causes duplicate fragments to be dropped and any overlaps to be cropped." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1036 +msgid "Drop duplicate and subsequent fragments" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1037 +msgid "" +"Similar to 'Drop duplicate fragments' except that all duplicate or " +"overlapping fragments will be dropped as well as any further corresponding " +"fragments." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1038 +msgid "Scrub rule options" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1039 +msgid "maximum number of entries in the memory pool used for packet reassembly" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1040 +#, fuzzy +msgid "table-entries" +msgstr "iptables-restore:" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1041 +msgid "maximum number of addresses that canbe stored in tables" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1042 +msgid "" +"maximum number of entries in the memory pool used for state table entries" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1043 +msgid "state table size: " +msgstr "tamanho da tabela de estados: " + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1044 +msgid "reassembly pool: " +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1045 +msgid "" +"maximum number of entries in the memory pool used for tracking source IP " +"addresses" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1046 +msgid "maximum number of tables that can exist in the memory simultaneously" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1047 +#, fuzzy +msgid "tables" +msgstr "iptables:" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1048 +msgid "src-nodes" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1049 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:876 +msgid "Limits" +msgstr "Limites" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1050 +msgid "" +"When a packet matches a stateful connection, the seconds to live for the " +"connection will be updated to the value which corresponds to the connection " +"state." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1052 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1065 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1074 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1077 +msgid "first" +msgstr "primeira" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1053 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1066 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1072 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1078 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1081 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1082 +msgid "The state after the first packet." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1054 +msgid "opening" +msgstr "abrindo" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1055 +msgid " The state before the destination host ever sends a packet." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1056 +msgid "established" +msgstr "estabelecida" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1057 +msgid "The fully established state." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1058 +msgid "The state after the first FIN has been sent." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1059 +msgid "closing" +msgstr "fechando" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1060 +msgid "" +"The state after both FINs have been exchanged and the connection is closed." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1061 +msgid "finwait" +msgstr "finwait" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1062 +msgid "The state after one endpoint sends an RST." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1063 +msgid "closed" +msgstr "fechado" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1064 +#: src/gui/.ui/udpservicedialog_q.cpp:221 +msgid "UDP" +msgstr "UDP" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1067 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1079 +msgid "single" +msgstr "simples" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1068 +msgid "" +"The state if the source host sends more than one packet but the destination " +"host has never sent one back." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1069 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1080 +msgid "multiple" +msgstr "múltiplo" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1070 +msgid " The state if both hosts have sent packets." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1073 +msgid "The state after an ICMP error came back in response to an ICMP packet." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1076 +msgid "Other Protocols" +msgstr "Outros Protocolos" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1083 +msgid "Fragments" +msgstr "Fragmentos" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1084 +msgid "reassembly timeout" +msgstr "remontar tempo limite" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1085 +msgid "state expiration timeout" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1086 +msgid "seconds between purges of expired states and packet fragments." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1087 +msgid "seconds before an unassembled fragment is expired." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1088 +msgid "Adaptive scaling" +msgstr "Escala adaptável" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1089 +msgid "" +"Timeout values can be reduced adaptively as the number of state table " +"entries grows (see man page pf.conf(5) for details)" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1090 +msgid "adaptive start" +msgstr "Inicio adaptável" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1091 +msgid "" +"When the number of state entries exceeds this value, adaptive scaling begins." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1092 +msgid "adaptive end" +msgstr "Fim adaptável" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1093 +msgid "" +"When reaching this number of state entries, all timeout val- ues become " +"zero, effectively purging all state entries imme- diately." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1094 +msgid "Activate adaptive timeout scaling" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1095 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1910 +msgid "Timeouts" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1114 +msgid "Insert prolog and epilog scripts" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1116 +msgid "in the activation shell script (.fw file)" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1117 +msgid "in the pf rule file (.conf file)" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1119 +msgid "Log Prefix" +msgstr "Prefixo de Depuração" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1120 +msgid "Fallback \"deny all\" rule should log blocked packets" +msgstr "" + +#: src/gui/.ui/physaddressdialog_q.cpp:149 +msgid "physAddress" +msgstr "physAddress" + +#: src/gui/.ui/physaddressdialog_q.cpp:150 +msgid "MAC Address" +msgstr "Endereço MAC" + +#: src/gui/.ui/physaddressdialog_q.cpp:153 +msgid "Physical address (MAC):" +msgstr "Endereço físico (MAC):" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1824 +msgid "PIX Firewall Settings" +msgstr "PIX Opções do Firewall" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1831 +msgid "Policy Compiler Options" +msgstr "Opções de Compilação de Política" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1833 +msgid "" +"Generate rules assuming the firewall is part of \"Any\". This makes a " +"difference in rules that use services 'ssh' and 'telnet' since PIX uses " +"special commands to control ssh and telnet access to the firewall machine" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1834 +msgid "" +"Replace NAT'ted objects with their \n" +"translations in policy rules" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1836 +msgid "" +"PIX inspects packets with ACLs before it does NAT, while many other " +"firewalls do NAT first and then apply ACLs. Policy compiler can emulate the " +"latter behaviour if this options is turned on." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1837 +msgid "Emulate outbound ACLs" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1838 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1840 +msgid "" +"Normally PIX does not support ouotbound ACL, however policy compiler can " +"emulate them if this option is turned on" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1839 +msgid "Generate outbound ACLs" +msgstr "Gerar ACLs de saída" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1843 +msgid "Optimize 'default nat' rules" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1844 +msgid "" +"In nat rules where network zone object is used in OSrc, ODst and OSrv are " +"'any' and TSrc defines a global pool for the translation, replace object in " +"OSrc with 'any' to produce PIX command \"nat (interface) N 0.0.0.0 0.0.0.0\"" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1845 +msgid "Detect rule shadowing in the policy" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1847 +msgid "Verification of NAT rules" +msgstr "Verificação de regras NAT" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1848 +msgid "Check for duplicate nat rules" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1849 +msgid "Check for overlapping global pools" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1850 +msgid "Check for overlapping statics" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1851 +msgid "" +"Check for overlapping global\n" +"pools and statics" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1853 +msgid "Compiler Options" +msgstr "Opções de Compilação" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1855 +msgid "Comment the code" +msgstr "Comentar o código" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1856 +msgid "Insert comments into generated PIX configuration file" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1857 +msgid "Use ACL remarks" +msgstr "Usar remarcação de ACL" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1858 +msgid "Use ACL remarks to relate ACL commands and policy rules in the GUI" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1859 +msgid "Group similar commands together" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1860 +msgid "" +"Group PIX commands in the script so that similar commands appear next to " +"each other, just like PIX does it when you use 'show config'" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1861 +msgid "Use manual ACL commit on FWSM" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1862 +msgid "Access lists (requires Firewall Builder for PIX 1.1.6 and later)" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1863 +msgid "" +"Clear all access lists then install new ones. This method may interrupt " +"access to the firewall if you manage it remotely via IPSEC tunnel. This is " +"the way access lists were generated in older versions of Firewall Builder " +"for PIX." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1864 +msgid "" +"Do not clear access lists and object group, just generate PIX commands for " +"the new ones. Use this optin if you have your own policy installation " +"scripts." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1865 +msgid "" +"\"Safety net\" method:\n" +"\n" +"First, create temporary access list to permit connections from the " +"management subnet specified below to the firewall and assign it to outside " +"interface. This temporary ACL helps maintain session between management " +"station and the firewall while access lists are reloaded in case connection " +"comes over IPSEC tunnel. Then clear permanent lists, recreate them and " +"assign to interfaces. This method ensures that remote access to the firewall " +"is maintained without interruption at a cost of slightly larger " +"configuration." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1868 +msgid "" +"Temporary access list should permit access from this address or subnet (use " +"prefix notation to specify subnet, e.g. 192.0.2.0/24):" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1890 +msgid "Set all to defaults.." +msgstr "Ajustar tudo para os padrões.." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1891 +msgid "xlate" +msgstr "xlate" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1892 +msgid "conn" +msgstr "conn" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1893 +msgid "udp" +msgstr "udp" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1894 +msgid "rpc" +msgstr "rpc" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1895 +msgid "h323" +msgstr "h323" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1896 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2020 +msgid "sip" +msgstr "sip" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1897 +msgid "sip&media" +msgstr "sip&media" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1898 +msgid "unauth" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1899 +msgid "telnet" +msgstr "telnet" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1900 +msgid "ssh" +msgstr "ssh" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1901 +msgid "ss" +msgstr "ss" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1902 +msgid "mm" +msgstr "mm" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1903 +msgid "hh" +msgstr "hh" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1904 +msgid "half-closed" +msgstr "half-closed" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1906 +msgid "Inactivity" +msgstr "Inatividade" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1907 +msgid "Absolute" +msgstr "Absoluto" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1911 +msgid "" +"Policy compiler generates 'fixup' commands for PIX v6.1-6.3 and FWSM v2.3. " +"For PIX 7.0 it generates 'class-map' and 'inspect' commands assigned to the " +"'policy-map' under either default or custom inspection classes." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1913 +msgid "Enable all protocols" +msgstr "Ativar todos os protocolos" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1914 +msgid "Disable all protocols" +msgstr "Desabilitar todos os protocolos" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1915 +msgid "Skip all protocols" +msgstr "Pular todos os protocolos" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1916 +msgid "Display generated commands" +msgstr "Mostrar os comandos gerados" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1918 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1927 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1933 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1941 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1950 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1958 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1966 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1972 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1980 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1988 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1995 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2002 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2009 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2017 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2024 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2032 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2040 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2048 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2055 +msgid "skip" +msgstr "Ignorar" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1919 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1928 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1934 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1942 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1951 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1959 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1967 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1973 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1981 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1989 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1996 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2003 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2010 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2018 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2025 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2033 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2041 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2049 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2056 +msgid "enable" +msgstr "ativar" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1920 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1929 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1935 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1943 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1952 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1960 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1968 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1974 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1982 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1990 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1997 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2004 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2011 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2019 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2026 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2034 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2042 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2050 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2057 +msgid "disable" +msgstr "desativar" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1921 +msgid "" +"Computer Telephony Interface Quick Buffer Encoding (CTIQBE) protocol " +"inspection module that supports NAT, PAT, and bi-directional NAT." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1922 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1938 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1947 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1956 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1964 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1977 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1993 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2000 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2007 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2014 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2022 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2030 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2037 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2045 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2053 +msgid "port:" +msgstr "porta:" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1923 +msgid "ctiqbe" +msgstr "ctiqbe" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1924 +msgid "" +"Based on this maximum-length configured by the user, the DNS fixup checks to " +"see if the DNS packet length is within this limit. Every UDP DNS packet " +"(request/response) undergoes the above check." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1925 +msgid "max length:" +msgstr "tamanho máximo:" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1930 +msgid "dns" +msgstr "dns" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1931 +msgid "Enables PAT for Encapsulating Security Payload (ESP), single tunnel." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1936 +msgid "esp ike" +msgstr "esp ike" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1939 +msgid "strict:" +msgstr "estrito:" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1944 +msgid "" +"Activated support for FTP protocol and allows to change the ftp control " +"connection port number." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1946 +msgid "" +"Specifies to use H.225, the ITU standard that governs H.225.0 session " +"establishment and packetization, with H.323" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1948 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1955 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1963 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1978 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2015 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2029 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2038 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2046 +msgid "--" +msgstr "--" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1953 +msgid "h323 h225" +msgstr "h323 h225" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1954 +msgid "" +"Specifies to use RAS with H.323 to enable dissimilar communication devices " +"to communicate with each other." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1961 +msgid "h323 ras" +msgstr "h323 ras" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1962 +msgid "" +"The default port for HTTP is 80. Use the port option to change the HTTP " +"port, or specify a range of HTTP ports." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1969 +msgid "http" +msgstr "http" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1970 +msgid "" +"Enables NAT of ICMP error messages. This creates translations for " +"intermediate hops based on the static or network address translation " +"configuration on the firewall." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1975 +msgid "icmp error" +msgstr "erro de icmp" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1976 +msgid "" +"Provides NAT support for Microsoft NetMeeting, SiteServer, and Active " +"Directory products that use LightWeight Directory Access Protocol (LDAP) to " +"exchange directory information with an for Internet Locator Service (ILS) " +"server." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1983 +msgid "ils" +msgstr "ils" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1984 +msgid "Enables the Media Gateway Control Protocol (MGCP) fixup." +msgstr "" + +# Revisar +#: src/gui/.ui/pixadvanceddialog_q.cpp:1985 +msgid "Gateway Port:" +msgstr "Porta Padrão:" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1986 +msgid "Call Agent port:" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1991 +msgid "mgcp" +msgstr "mgcp" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1992 +msgid "" +"Enables Point-to-Point Tunneling Protocol (PPTP) application inspection." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1998 +msgid "pptp" +msgstr "pptp" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1999 +msgid "Enables inspection of RSH protocol." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2005 +msgid "rsh" +msgstr "rsh" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2006 +msgid "" +"Lets PIX Firewall pass Real Time Streaming Protocol (RTSP) packets. RTSP is " +"used by RealAudio, RealNetworks, Apple QuickTime 4, RealPlayer, and Cisco IP/" +"TV connections." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2012 +msgid "rtsp" +msgstr "rtsp" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2013 +msgid "" +"Enable or change the port assignment for the Session Initiation Protocol " +"(SIP) for Voice over IP TCP connections." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2021 +msgid "Enable SIP-over-UDP application inspection." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2027 +msgid "sip udp" +msgstr "sip udp" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2028 +msgid "" +"Enable SCCP application inspection. SCCP protocol supports IP telephony and " +"can coexist in an H.323 environment. An application layer ensures that all " +"SCCP signaling and media packets can traverse the PIX Firewall and " +"interoperate with H.323 terminals." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2035 +msgid "skinny" +msgstr "skinny" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2036 +msgid "" +"Enables the Mail Guard feature, which only lets mail servers receive the RFC " +"821, section 4.5.1, commands of HELO, MAIL, RCPT, DATA, RSET, NOOP, and " +"QUIT. All other commands are translated into X's which are rejected by the " +"internal server." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2043 +msgid "smtp" +msgstr "smtp" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2044 +msgid "Enables support for SQL*Net protocol." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2051 +msgid "sqlnet" +msgstr "sqlnet" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2052 +msgid "Enable TFTP application inspection." +msgstr "Ligar a inspeção de aplicações TFTP." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2058 +msgid "tftp" +msgstr "tftp" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2059 +msgid "Inspect" +msgstr "Inspecionar" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2060 +msgid "Syslog" +msgstr "Syslog" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2061 +msgid "Syslog host (name or IP address):" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2062 +msgid "syslog facility:" +msgstr "facilidade syslog:" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2063 +msgid "syslog level ('logging trap'):" +msgstr "syslog level ('logging trap'):" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2064 +msgid "Syslog message queue size (messages):" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2065 +msgid "Use 'EMBLEM' format for syslog messages" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2066 +msgid "" +"PIX Firewall Version 6.3 introduces support for EMBLEM format, which is " +"required when using the CiscoWorks Resource Manager Essentials (RME) syslog " +"analyzer." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2067 +msgid "Set device id for syslog messages (v6.3 and later):" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2068 +msgid "use address of interface" +msgstr "usar o endereço da interface" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2069 +msgid "use text string" +msgstr "usar texto" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2070 +msgid "use hostname" +msgstr "usar nome de máquina" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2071 +msgid "The logging timestamp command requires that the clock command be set." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2072 +msgid "Enable logging timestamps on syslog file" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2073 +msgid "Other logging destinations and levels:" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2074 +msgid "Internal buffer" +msgstr "Buffer interno" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2075 +msgid "Console" +msgstr "Console" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2077 +msgid "Actively reset inbound TCP connections with RST" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2079 +msgid "Actively reset inbound TCP connections with RST on outside interface" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2081 +msgid "Force each TCP connection to linger in a shortened TIME&WAIT" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2082 +msgid "Alt+W" +msgstr "Alt+W" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2083 +msgid "Enable the IP Frag Guard feature (deprecated in v6.3 and later)." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2084 +msgid "Enable TCP resource control for AAA Authentication Proxy" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2085 +msgid "" +"Specify that when an incoming packet does a route lookup,\n" +"the incoming interface is used to determine which interface\n" +"the packet should go to, and which is the next hop\n" +"(deprecated in v6.3 and later)." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2089 +msgid "Disable inbound embedded DNS A record fixups" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2090 +msgid "Disable outbound DNS A record replies" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2091 +msgid "maximum number of simultaneous TCP and UDP connections" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2092 +msgid "maximum number of embryonic connections per host" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2093 +msgid "" +"Specifies the maximum number of simultaneous TCP and UDP connections for the " +"entire subnet. The default is 0, which means unlimited connections. (Idle " +"connections are closed after the idle timeout specified by the timeout conn " +"command.)" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2094 +msgid "" +"Specifies the maximum number of embryonic connections per host. An embryonic " +"connection is a connection request that has not finished the necessary " +"handshake between source and destination. Set a small value for slower " +"systems, and a higher value for faster systems. The default is 0, which " +"means unlimited embryonic connections." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2095 +msgid "The following parameters are used for all NAT rules:" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2096 +msgid "" +"(The default for both parameters is 0, which means unlimited number of " +"connections.)" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2097 +msgid "PIX Options" +msgstr "Opções PIX" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:275 +msgid "PIX Advanced Configuration Options" +msgstr "PIX Opções Avançadas de Configuração" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:276 +msgid "Set PIX host name using object's name" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:277 +msgid "Generate commands to configure addresses for interfaces" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:278 src/gui/.ui/prefsdialog_q.cpp:381 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:788 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:848 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:856 +msgid "General" +msgstr "Geral" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:279 +msgid "NTP Servers:" +msgstr "Servidores de NTP:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:282 +msgid "Server 1:" +msgstr "Servidor 1" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:283 +msgid "Server 2:" +msgstr "Servidor 2" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:284 +msgid "Server 3:" +msgstr "Servidor 3" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:286 +msgid "Preffered:" +msgstr "Preferido:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:287 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:301 +msgid "IP address:" +msgstr "Endereço IP:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:288 +msgid "NTP" +msgstr "NTP" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:289 +msgid "Disable SNMP Agent" +msgstr "Desabilitar Agente SNMP" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:290 +msgid "Set SNMP communities using data from the firewall object dialog" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:291 +msgid "SNMP servers" +msgstr "Servidores SNMP" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:293 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:297 +msgid "Poll" +msgstr "Poll" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:294 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:298 +msgid "Poll and Traps" +msgstr "Poll e Traps" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:295 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:299 +msgid "Traps" +msgstr "Armadilhas" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:300 +msgid "Enable:" +msgstr "Ativar:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:302 +msgid "SNMP Server 1:" +msgstr "Servidor SNMP 1:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:303 +msgid "SNMP Server 2:" +msgstr "Servidor SNMP 2:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:304 +msgid "Enable sending log messages as SNMP trap notifications" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:305 +msgid "SNMP" +msgstr "SNMP" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:306 +msgid "Change TCP MSS to" +msgstr "Mudar TCP MSS para" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:307 +msgid "bytes" +msgstr "bytes" + +#: src/gui/.ui/prefsdialog_q.cpp:214 src/gui/.ui/prefsdialog_q.cpp:393 +msgid "File Path" +msgstr "Caminho do Arquivo" + +#: src/gui/.ui/prefsdialog_q.cpp:363 +msgid "Preferences" +msgstr "Preferências" + +#: src/gui/.ui/prefsdialog_q.cpp:368 +msgid "minutes" +msgstr "minutos" + +#: src/gui/.ui/prefsdialog_q.cpp:369 +msgid "Periodically save data to file every " +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:370 +msgid "Tooltip delay:" +msgstr "Tempo da dica: " + +#: src/gui/.ui/prefsdialog_q.cpp:371 +msgid "Enable object tooltips" +msgstr "Habilitar dicas dos objetos" + +#: src/gui/.ui/prefsdialog_q.cpp:372 +msgid "Show deleted objects" +msgstr "Mostrar objetos removidos" + +#: src/gui/.ui/prefsdialog_q.cpp:373 +msgid "Automatically save data in dialogs when switching between objects" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:374 +msgid "On startup: " +msgstr "Ao iniciar: " + +#: src/gui/.ui/prefsdialog_q.cpp:376 +msgid "Load standard objects" +msgstr "Carregar os objetos padrões" + +#: src/gui/.ui/prefsdialog_q.cpp:377 +msgid "Load last edited file" +msgstr "Carregar o último arquivo editado" + +#: src/gui/.ui/prefsdialog_q.cpp:378 +msgid "Expand all branches in the object tree" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:379 +msgid "Working directory:" +msgstr "Pasta de trabalho:" + +#: src/gui/.ui/prefsdialog_q.cpp:382 +msgid "Do not ask for the log record when checking in new file revision." +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:383 +msgid "Revision Control" +msgstr "Controle de Revisão" + +#: src/gui/.ui/prefsdialog_q.cpp:384 +msgid "" +"A full path to the Secure Shell utility (remote command execution; for " +"example ssh on Unix or plink.exe or vsh.exe on Windows):" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:386 +msgid "SSH" +msgstr "SSH" + +#: src/gui/.ui/prefsdialog_q.cpp:387 +msgid "Add..." +msgstr "Adicionar..." + +#: src/gui/.ui/prefsdialog_q.cpp:388 +msgid "Remove" +msgstr "Remover" + +#: src/gui/.ui/prefsdialog_q.cpp:389 +msgid "" +"If you remove libraries from the list, changes get in effect next time you " +"start the program" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:390 +msgid "Available libraries:" +msgstr "Bibliotecas disponíveis:" + +#: src/gui/.ui/prefsdialog_q.cpp:394 +msgid "Libraries" +msgstr "Bibliotecas" + +#: src/gui/.ui/prefsdialog_q.cpp:395 +msgid "Use these labels to mark rules in the firewall policy" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:410 +msgid "Labels" +msgstr "Etiquetas" + +#: src/gui/.ui/printingprogressdialog_q.cpp:73 +msgid "Printing" +msgstr "Imprimir" + +#: src/gui/.ui/rcsfilepreview_q.cpp:49 src/gui/.ui/rcsfilepreview_q.cpp:122 +msgid "Revision" +msgstr "Revisão" + +#: src/gui/.ui/rcsfilepreview_q.cpp:52 src/gui/.ui/rcsfilepreview_q.cpp:123 +msgid "Date" +msgstr "Data" + +#: src/gui/.ui/rcsfilepreview_q.cpp:55 src/gui/.ui/rcsfilepreview_q.cpp:124 +msgid "Author" +msgstr "Autor" + +#: src/gui/.ui/rcsfilepreview_q.cpp:58 src/gui/.ui/rcsfilepreview_q.cpp:125 +msgid "Locked by" +msgstr "Travado por" + +#: src/gui/.ui/rcsfilepreview_q.cpp:120 +msgid "RCSFilePreview" +msgstr "RCSFilePreview" + +#: src/gui/.ui/rcsfilepreview_q.cpp:121 +msgid "Open read-only" +msgstr "Abrir em somente leitura" + +#: src/gui/.ui/rcsfilepreview_q.cpp:126 +msgid "RCS log:" +msgstr "RCS log:" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:100 +msgid "Log record for the new revision" +msgstr "" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:101 +msgid "Do not ask me anymore, always check files in with empty log" +msgstr "" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:102 +msgid "Check file &in" +msgstr "Check&in do arquivo" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:103 +msgid "Alt+I" +msgstr "Alt+I" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:106 +#, qt-format +msgid "Checking file %1 into RCS" +msgstr "Checkin do arquivo %1 para o RCS" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:107 +msgid "Log record for this revision: " +msgstr "Gravar registro desta revisão: " + +#: src/gui/.ui/routingruleoptionsdialog_q.cpp:118 +msgid "Routing Rule Options" +msgstr "Opções de Regras de Roteamento" + +#: src/gui/.ui/routingruleoptionsdialog_q.cpp:120 +msgid "If installation of this routing rule fails, just carry on" +msgstr "" + +#: src/gui/.ui/routingruleoptionsdialog_q.cpp:121 +msgid "No options available for routing rules of this firewall platform" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:783 +msgid "Rule Options for ipt" +msgstr "Opção de Regra para ipt" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:785 +msgid "" +"Assume firewall is part of 'any' (this setting only affects code generated " +"for this rule)" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:786 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:845 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:853 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:877 +msgid "Stateless rule" +msgstr "Regra Stateless" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:787 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:844 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:852 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:878 +msgid "" +"Normally policy compiler uses stateful inspection in each rule. Activating " +"next option makes this rule stateless." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:800 +msgid "Netlink group (if using ULOG): " +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:802 +msgid "Rate (rule matches if it hits this often or less):" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:803 +msgid "Module limit" +msgstr "Limite do Modulo" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:804 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:827 +msgid "Burst:" +msgstr "Burst:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:811 +msgid "limit" +msgstr "limite" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:812 +msgid "bit" +msgstr "bit" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:813 +msgid "per network with netmask of " +msgstr "por rede com máscara de " + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:814 +msgid "Number of allowed connections per client host" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:815 +msgid "Module connlimit" +msgstr "Módulo connlimit" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:816 +msgid "connlimit" +msgstr "connlimit" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:817 +msgid "Module hashlimit" +msgstr "Módulo hashlimit" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:818 +msgid "" +"On some older systems this module has name 'dstlimit'. Check here if you " +"need to use this name." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:819 +msgid "Rate:" +msgstr "Taxa:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:828 +msgid "Mode:" +msgstr "Modo:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:830 +msgid "dstip" +msgstr "dstip" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:831 +msgid "srcip" +msgstr "srcip" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:832 +msgid "dstip,dstport" +msgstr "dstip,dstport" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:833 +msgid "srcip,srcport" +msgstr "srcip,srcport" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:834 +#, fuzzy +msgid "htable-size:" +msgstr "iptables:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:835 +msgid "" +"The number of buckets of the hash table (omit this option in generated " +"script if set to 0)" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:836 +msgid "htable-max:" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:837 +msgid "" +"Maximum number of entries in the hash (omit this option in generated script " +"if set to 0)" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:838 +#, fuzzy +msgid "htable-expire:" +msgstr "iptables-restore:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:839 +msgid "" +"After how many milliseconds do hash entries expire (omit this option in the " +"generated script if set to 0)" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:840 +msgid "htable-gcinterval:" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:841 +msgid "" +"How many milliseconds between garbage collection intervals (omit this option " +"in generated script if set to 0)" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:842 +msgid "" +"Options below control size of the hash table and expiration time. They will " +"be omitted from the generated script if set to zero." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:843 +msgid "hashlimit" +msgstr "hashlimit" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:846 +msgid "" +"Send ICMP 'unreachable' packet masquerading as being from the original " +"destination" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:847 +msgid "" +"Keep information on fragmented packets, to be applied to later fragments" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:854 +msgid "" +"In PF 4.x \"flags S/SA keep state\" is the default. Compiler will omit these " +"flags while generating code for stateful rules matching tcp services. " +"However, according to the PF FAQ, care should be taken while dealing with " +"states and interface enc0. To avoid leaking unencrypted traffic out, the FAQ " +"recommends setting 'keep state' explicitly in all rules on the enc0 " +"interface. This option applies only if version is set to 4.x." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:855 +msgid "Add 'keep state' " +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:859 +msgid "Activate source tracking" +msgstr "Ativar source tracking" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:860 +msgid "" +"When this option is checked, the number of states per source IP is tracked " +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:861 +msgid "" +"Maximum number of source addresses which can simultaneously have state table " +"entries (max-src-nodes):" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:862 +msgid "" +"Maximum number of simultaneous state entries that a single source address " +"can create with this rule (max-src-states):" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:863 +msgid "Tracking" +msgstr "Tracking" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:864 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:872 +msgid "overload table:" +msgstr "tabela de sobrecarga:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:865 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:871 +msgid "flush" +msgstr "flush" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:866 +msgid "" +"Maximum number of simultaneous TCP connections that a single host can make " +"(max-src-conn):" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:867 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:870 +msgid "global" +msgstr "global" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:868 +msgid "The limit of new connections over a time interval (max-src-conn-rate):" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:869 +msgid "/" +msgstr "/" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:873 +msgid "sec" +msgstr "seg" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:874 +msgid "" +"When this limit is reached, further packets matching the rule that would " +"create state are dropped, until existing states time out." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:875 +msgid "" +"Maximum number of concurrent states this rule may create. Unlimited if set " +"to zero (option 'max')." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:879 +msgid "These options are only valid for PIX running software v6.3 or later" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:880 +msgid "completely disable logging for this rule" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:882 +msgid "Logging interval:" +msgstr "Intervalo da depuração:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:883 +msgid "Tere are no options for this firewall platform" +msgstr "" + +#: src/gui/.ui/simpletextview_q.cpp:92 +msgid "Text viewer" +msgstr "Visualizador de textos" + +#: src/gui/.ui/simpletextview_q.cpp:93 +msgid "Object Name" +msgstr "Nome do Objeto" + +#: src/gui/.ui/solarisadvanceddialog_q.cpp:182 +msgid "Solaris: advanced settings" +msgstr "Solaris: configurações avançadas" + +#: src/gui/.ui/solarisadvanceddialog_q.cpp:187 +msgid "Ignore ICMP redirects" +msgstr "Ignorar redirecionamento ICMP" + +#: src/gui/.ui/solarisadvanceddialog_q.cpp:192 +msgid "Forward directed broadcasts" +msgstr "Redirecionar broadcasts diretos" + +#: src/gui/.ui/solarisadvanceddialog_q.cpp:193 +msgid "Respond to echo broadcast" +msgstr "Responder para echo broadcast" + +#: src/gui/.ui/tagservicedialog_q.cpp:148 +msgid "Tag Service" +msgstr "Serviço Tag" + +#: src/gui/.ui/tcpservicedialog_q.cpp:375 +msgid "Use option \"established\" if supported by the target firewall platform" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:377 +msgid "Settings:" +msgstr "Configurações:" + +#: src/gui/.ui/tcpservicedialog_q.cpp:390 +msgid "U" +msgstr "U" + +#: src/gui/.ui/tcpservicedialog_q.cpp:391 +msgid "A" +msgstr "A" + +#: src/gui/.ui/tcpservicedialog_q.cpp:392 +msgid "P" +msgstr "P" + +#: src/gui/.ui/tcpservicedialog_q.cpp:393 +msgid "R" +msgstr "D" + +#: src/gui/.ui/tcpservicedialog_q.cpp:394 +msgid "S" +msgstr "S" + +#: src/gui/.ui/tcpservicedialog_q.cpp:395 +msgid "F" +msgstr "F" + +#: src/gui/.ui/tcpservicedialog_q.cpp:396 +msgid "Mask:" +msgstr "Máscara:" + +#: src/gui/.ui/tcpservicedialog_q.cpp:397 +#, fuzzy +msgid "Flags:" +msgstr "TCP Flags" + +#: src/gui/.ui/tcpservicedialog_q.cpp:400 +#: src/gui/.ui/udpservicedialog_q.cpp:224 +msgid "Source Port Range" +msgstr "Intervalo de Portas da Origem " + +#: src/gui/.ui/tcpservicedialog_q.cpp:401 +#: src/gui/.ui/tcpservicedialog_q.cpp:404 +#: src/gui/.ui/udpservicedialog_q.cpp:225 +#: src/gui/.ui/udpservicedialog_q.cpp:228 +msgid "Start:" +msgstr "Início:" + +#: src/gui/.ui/tcpservicedialog_q.cpp:402 +#: src/gui/.ui/tcpservicedialog_q.cpp:405 +#: src/gui/.ui/udpservicedialog_q.cpp:226 +#: src/gui/.ui/udpservicedialog_q.cpp:229 +msgid "End:" +msgstr "Fim:" + +#: src/gui/.ui/tcpservicedialog_q.cpp:403 +#: src/gui/.ui/udpservicedialog_q.cpp:227 +msgid "Destination Port Range" +msgstr "Intervalo de Portas do Destino" + +#: src/gui/.ui/timedialog_q.cpp:246 src/gui/.ui/timedialog_q.cpp:263 +msgid "Sunday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:247 src/gui/.ui/timedialog_q.cpp:264 +#, fuzzy +msgid "Monday" +msgstr "Modificar" + +#: src/gui/.ui/timedialog_q.cpp:248 src/gui/.ui/timedialog_q.cpp:265 +msgid "Tuesday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:249 src/gui/.ui/timedialog_q.cpp:266 +msgid "Wednesday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:250 src/gui/.ui/timedialog_q.cpp:267 +msgid "Thursday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:251 src/gui/.ui/timedialog_q.cpp:268 +msgid "Friday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:252 src/gui/.ui/timedialog_q.cpp:269 +msgid "Saturday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:253 +#, fuzzy +msgid "Start day of week:" +msgstr "Dia da semana (0-6):" + +#: src/gui/.ui/timedialog_q.cpp:254 +#, fuzzy +msgid "Start time:" +msgstr "Início:" + +#: src/gui/.ui/timedialog_q.cpp:255 +#, fuzzy +msgid "Start date:" +msgstr "Início:" + +#: src/gui/.ui/timedialog_q.cpp:258 +#, fuzzy +msgid "End date:" +msgstr "Ativar:" + +#: src/gui/.ui/timedialog_q.cpp:260 +#, fuzzy +msgid "End time:" +msgstr "Fim:" + +#: src/gui/.ui/timedialog_q.cpp:270 +#, fuzzy +msgid "End day of week:" +msgstr "Dia da semana (0-6):" + +#: src/gui/utils.cpp:197 +msgid "" +"Impossible to apply changes because object is located in read-only\n" +"part of the tee or data file was opened read-only" +msgstr "" + +#: src/gui/utils.cpp:219 +#, qt-format +msgid "Object with name '%1' already exists, please choose different name." +msgstr "" + +#: src/gui/aboutdialog_q.ui.h:14 +msgid "Revision: %1 ( Build: %2 )" +msgstr "Revisão: %1 ( Gerado: %2 )" + +#: src/gui/aboutdialog_q.ui.h:16 +msgid "Using Firewall Builder API %1" +msgstr "" + +#: src/gui/aboutdialog_q.ui.h:19 +msgid "Registered" +msgstr "Registrado" + +#: src/gui/aboutdialog_q.ui.h:20 +msgid "Unregistered" +msgstr "Não registrado" + +#: src/gui/upgradePredicate.h:45 +msgid "" +"The data file you are trying to open has been\n" +"saved with an older version of Firewall Builder.\n" +"Opening it in this version will cause it to be\n" +"upgraded, which may prevent older versions of\n" +"the program from reading it. Backup copy of your\n" +"file in the old format will be made in the same\n" +"directory with extension '.bak'.\n" +"Are you sure you want to open it?" +msgstr "" + +#: src/gui/upgradePredicate.h:53 +msgid "&Upgrade" +msgstr "&Atualizar" + +#: src/gui/upgradePredicate.h:54 +msgid "&Do not load the file" +msgstr "&Não carregar o arquivo" + +#~ msgid "Policy/%1" +#~ msgstr "Política/%1" + +#~ msgid "Save configuration" +#~ msgstr "Salvar configuração" + +#~ msgid "Save configuration to standby unit" +#~ msgstr "Salvar a configuração em espera" + +#~ msgid "Exiting" +#~ msgstr "Saindo" + +#~ msgid "C&ommit" +#~ msgstr "C&ommit" + +#~ msgid "Enter authentication information below and click 'Next'" +#~ msgstr "Entre com as informações de autenticação e clique em 'Próximo'" + +#~ msgid "Activate a rule on:" +#~ msgstr "Ativar uma regra em:" + +#~ msgid "Date:" +#~ msgstr "Data:" + +#~ msgid "Time:" +#~ msgstr "Hora:" + +#~ msgid "Deactivate a rule on:" +#~ msgstr "Desativar uma regra em:" diff --git a/po/pt_BR.qm b/po/pt_BR.qm new file mode 100644 index 000000000..dbb0cc3f7 Binary files /dev/null and b/po/pt_BR.qm differ diff --git a/po/remove-potcdate.sin b/po/remove-potcdate.sin new file mode 100644 index 000000000..2436c49e7 --- /dev/null +++ b/po/remove-potcdate.sin @@ -0,0 +1,19 @@ +# Sed script that remove the POT-Creation-Date line in the header entry +# from a POT file. +# +# The distinction between the first and the following occurrences of the +# pattern is achieved by looking at the hold space. +/^"POT-Creation-Date: .*"$/{ +x +# Test if the hold space is empty. +s/P/P/ +ta +# Yes it was empty. First occurrence. Remove the line. +g +d +bb +:a +# The hold space was nonempty. Following occurrences. Do nothing. +x +:b +} diff --git a/po/ru.po b/po/ru.po new file mode 100644 index 000000000..bc10d7488 --- /dev/null +++ b/po/ru.po @@ -0,0 +1,6874 @@ +# Russian translation for fwbuilder +# Copyright (C) 2004 NetCitadel, LLC +# This file is distributed under the same license as the fwbuilder package. +# Vadim Kurland , 2004 +# , fuzzy +# +# +msgid "" +msgstr "" +"Project-Id-Version: fwbuilder 2.0\n" +"Report-Msgid-Bugs-To: vadim@fwbuilder.org\n" +"POT-Creation-Date: 2006-10-02 09:21-0700\n" +"PO-Revision-Date: 2004-05-18 21:05+0800\n" +"Last-Translator: Vadim Kurland \n" +"Language-Team: Russian\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#: src/gui/ActionsDialog.cpp:97 +msgid "" +"'Chabge inbound interface', 'Continue packet inspection' and 'Make a copy' " +"options are mutually exclusive" +msgstr "" + +#: src/gui/ActionsDialog.cpp:98 src/gui/ActionsDialog.cpp:123 +#: src/gui/AddressRangeDialog.cpp:104 src/gui/AddressRangeDialog.cpp:115 +#: src/gui/FirewallDialog.cpp:309 src/gui/FirewallDialog.cpp:334 +#: src/gui/FWWindow.cpp:710 src/gui/FWWindow.cpp:719 src/gui/FWWindow.cpp:837 +#: src/gui/FWWindow.cpp:1061 src/gui/FWWindow.cpp:1074 +#: src/gui/FWWindow.cpp:1090 src/gui/FWWindow.cpp:1128 +#: src/gui/FWWindow.cpp:1134 src/gui/FWWindow.cpp:1203 +#: src/gui/FWWindow.cpp:1297 src/gui/FWWindow.cpp:1338 +#: src/gui/FWWindow.cpp:1361 src/gui/FWWindowPrint.cpp:851 +#: src/gui/instDialog.cpp:757 src/gui/instDialog.cpp:1382 +#: src/gui/instDialog.cpp:1495 src/gui/IPv4Dialog.cpp:142 +#: src/gui/IPv4Dialog.cpp:156 src/gui/listOfLibraries.cpp:147 +#: src/gui/listOfLibraries.cpp:187 src/gui/listOfLibraries.cpp:211 +#: src/gui/NetworkDialog.cpp:105 src/gui/NetworkDialog.cpp:116 +#: src/gui/RCS.cpp:489 src/gui/RCS.cpp:678 src/gui/RCS.cpp:691 +#: src/gui/RCS.cpp:708 src/gui/RCS.cpp:791 src/gui/utils.cpp:189 +msgid "&Continue" +msgstr "" + +#: src/gui/ActionsDialog.cpp:122 +msgid "" +"Rule name for accounting is converted to the iptables\n" +"chain name and therefore may not contain white space\n" +"and special characters." +msgstr "" + +#: src/gui/AddressRangeDialog.cpp:103 src/gui/AddressRangeDialog.cpp:114 +#: src/gui/IPv4Dialog.cpp:141 src/gui/NetworkDialog.cpp:104 +#, qt-format +msgid "Illegal IP address '%1'" +msgstr " IP '%1'" + +#: src/gui/ColorLabelMenuItem.cpp:47 +msgid "no color" +msgstr "" + +#: src/gui/CommentEditorPanel.cpp:75 src/gui/SimpleTextEditor.cpp:65 +msgid "Warning: loading from file discards current contents of the script." +msgstr "" + +#: src/gui/CommentEditorPanel.cpp:80 src/gui/SimpleTextEditor.cpp:70 +msgid "Choose file that contains PIX commands" +msgstr "" + +#: src/gui/CommentEditorPanel.cpp:88 src/gui/SimpleTextEditor.cpp:78 +#, qt-format +msgid "Could not open file %1" +msgstr "" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:148 +#: src/gui/FindWhereUsedWidget.cpp:165 src/gui/FWWindow.cpp:1919 +#: src/gui/FWWindowPrint.cpp:360 +msgid "NAT" +msgstr "" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:151 +#: src/gui/FindWhereUsedWidget.cpp:168 src/gui/FWWindow.cpp:1894 +msgid "Policy" +msgstr "" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:154 +#: src/gui/FindWhereUsedWidget.cpp:171 src/gui/FWWindow.cpp:1933 +#: src/gui/platforms.cpp:503 +msgid "Routing" +msgstr "" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:157 +#: src/gui/FindWhereUsedWidget.cpp:174 +msgid "Unknown rule set" +msgstr "" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:159 +#: src/gui/FindWhereUsedWidget.cpp:176 +#, fuzzy, qt-format +msgid "/Rule%1" +msgstr ":" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:173 +#: src/gui/FindWhereUsedWidget.cpp:190 +msgid "Type: " +msgstr "" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:195 +msgid "Not used anywhere" +msgstr "" + +#: src/gui/DialogFactory.cpp:156 src/gui/DialogFactory.cpp:178 +#, qt-format +msgid "Support module for %1 is not available" +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:499 +msgid "Hosts file parsing ..." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:549 +msgid "DNS zone transfer ..." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:560 +msgid "Network discovery using SNMP ..." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:942 src/gui/DiscoveryDruid.cpp:1014 +msgid "Adding objects ..." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:942 src/gui/DiscoveryDruid.cpp:1015 +#: src/gui/DiscoveryDruid.cpp:1216 src/gui/DiscoveryDruid.cpp:1342 +#: src/gui/DiscoveryDruid.cpp:1384 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:106 +#: src/gui/.ui/filterdialog_q.cpp:144 src/gui/.ui/instoptionsdialog_q.cpp:296 +#: src/gui/.ui/libexport_q.cpp:113 src/gui/.ui/newgroupdialog_q.cpp:102 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1803 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:310 +#: src/gui/.ui/printingprogressdialog_q.cpp:74 +#: src/gui/.ui/simpleinteditor_q.cpp:85 src/gui/.ui/simpletexteditor_q.cpp:90 +msgid "Cancel" +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:1216 +msgid "Prepare objects ..." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:1342 src/gui/DiscoveryDruid.cpp:1383 +msgid "Copying results ..." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:1436 src/gui/DiscoveryDruid.cpp:1488 +#: src/gui/DiscoveryDruid.cpp:1535 +msgid "Discovery error" +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:1651 +msgid "Incomlete network specification." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:1728 +msgid "Empty community string" +msgstr "" + +#: src/gui/execDialog.cpp:101 src/gui/instDialog.cpp:1356 +#: src/gui/instDialog.cpp:2025 +msgid "Error: Failed to start program" +msgstr "" + +#: src/gui/filePropDialog.cpp:62 +#, fuzzy +msgid "Opened read-only" +msgstr " " + +#: src/gui/filePropDialog.cpp:80 +#, qt-format +msgid "Revision %1" +msgstr "" + +#: src/gui/FilterDialog.cpp:102 +msgid "Filter error" +msgstr "" + +#: src/gui/FilterDialog.cpp:102 +msgid "Invalid RegExp." +msgstr "" + +#: src/gui/FilterDialog.cpp:404 src/gui/GroupObjectDialog.cpp:142 +#: src/gui/.ui/findobjectwidget_q.cpp:175 +#: src/gui/.ui/newfirewalldialog_q.cpp:170 +#: src/gui/.ui/newfirewalldialog_q.cpp:321 +#: src/gui/.ui/newfirewalldialog_q.cpp:501 +#: src/gui/.ui/newfirewalldialog_q.cpp:523 src/gui/.ui/newhostdialog_q.cpp:186 +#: src/gui/.ui/newhostdialog_q.cpp:397 src/gui/.ui/prefsdialog_q.cpp:209 +#: src/gui/.ui/prefsdialog_q.cpp:391 +msgid "Name" +msgstr "" + +#: src/gui/FilterDialog.cpp:405 src/gui/FWWindowPrint.cpp:92 +#: src/gui/.ui/discoverydruid_q.cpp:890 src/gui/.ui/finddialog_q.cpp:134 +#: src/gui/.ui/findobjectwidget_q.cpp:176 src/gui/.ui/ipv4dialog_q.cpp:166 +#: src/gui/.ui/newfirewalldialog_q.cpp:172 +#: src/gui/.ui/newfirewalldialog_q.cpp:323 +#: src/gui/.ui/newfirewalldialog_q.cpp:503 +#: src/gui/.ui/newfirewalldialog_q.cpp:525 src/gui/.ui/newhostdialog_q.cpp:188 +#: src/gui/.ui/newhostdialog_q.cpp:399 +msgid "Address" +msgstr "" + +#: src/gui/FilterDialog.cpp:408 +#, fuzzy +msgid "Contains" +msgstr " " + +#: src/gui/FilterDialog.cpp:409 +msgid "Is equal to" +msgstr "" + +#: src/gui/FilterDialog.cpp:410 +msgid "Starts with" +msgstr "" + +#: src/gui/FilterDialog.cpp:411 +msgid "Ends with" +msgstr "" + +#: src/gui/FilterDialog.cpp:412 +msgid "Matches Wildcard" +msgstr "" + +#: src/gui/FilterDialog.cpp:413 +msgid "Matches RegExp" +msgstr "" + +#: src/gui/findDialog.cpp:269 src/gui/FindObjectWidget.cpp:322 +msgid "Search hit the end of the object tree." +msgstr " ." + +#: src/gui/findDialog.cpp:270 src/gui/FindObjectWidget.cpp:315 +#: src/gui/FindObjectWidget.cpp:323 +#, fuzzy +msgid "&Continue at top" +msgstr " " + +#: src/gui/findDialog.cpp:270 src/gui/FindObjectWidget.cpp:315 +#: src/gui/FindObjectWidget.cpp:323 +msgid "&Stop" +msgstr "" + +#: src/gui/FindObjectWidget.cpp:314 +#, fuzzy +msgid "Search hit the end of the policy rules." +msgstr " ." + +#: src/gui/FindObjectWidget.cpp:352 +msgid "Search or Replace object ind't specified." +msgstr "" + +#: src/gui/FindObjectWidget.cpp:362 +msgid "Cannot replace object by itself." +msgstr "" + +#: src/gui/FindObjectWidget.cpp:370 +msgid "Search and Replace objects are incompatible." +msgstr "" + +#: src/gui/FindObjectWidget.cpp:464 +#, qt-format +msgid "Replaced %1 objects." +msgstr "" + +#: src/gui/FindObjectWidget.cpp:583 +msgid "Policy of firewall '" +msgstr "" + +#: src/gui/FirewallDialog.cpp:308 src/gui/FirewallDialog.cpp:333 +#, qt-format +msgid "FWBuilder API error: %1" +msgstr "" + +#: src/gui/freebsdAdvancedDialog.cpp:62 src/gui/linksysAdvancedDialog.cpp:68 +#: src/gui/linux24AdvancedDialog.cpp:62 src/gui/macosxAdvancedDialog.cpp:62 +#: src/gui/openbsdAdvancedDialog.cpp:62 src/gui/solarisAdvancedDialog.cpp:62 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:195 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:199 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:203 +#: src/gui/.ui/linux24advanceddialog_q.cpp:371 +#: src/gui/.ui/linux24advanceddialog_q.cpp:375 +#: src/gui/.ui/linux24advanceddialog_q.cpp:379 +#: src/gui/.ui/linux24advanceddialog_q.cpp:383 +#: src/gui/.ui/linux24advanceddialog_q.cpp:387 +#: src/gui/.ui/linux24advanceddialog_q.cpp:391 +#: src/gui/.ui/linux24advanceddialog_q.cpp:395 +#: src/gui/.ui/linux24advanceddialog_q.cpp:399 +#: src/gui/.ui/linux24advanceddialog_q.cpp:403 +#: src/gui/.ui/linux24advanceddialog_q.cpp:418 +#: src/gui/.ui/linux24advanceddialog_q.cpp:422 +#: src/gui/.ui/linux24advanceddialog_q.cpp:426 +#: src/gui/.ui/linux24advanceddialog_q.cpp:430 +#: src/gui/.ui/linux24advanceddialog_q.cpp:434 +#: src/gui/.ui/linux24advanceddialog_q.cpp:438 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:172 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:176 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:180 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:180 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:184 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:189 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:193 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:189 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:195 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:199 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:204 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:208 +msgid "No change" +msgstr "" + +#: src/gui/freebsdAdvancedDialog.cpp:65 src/gui/linksysAdvancedDialog.cpp:71 +#: src/gui/linux24AdvancedDialog.cpp:65 src/gui/macosxAdvancedDialog.cpp:65 +#: src/gui/openbsdAdvancedDialog.cpp:65 src/gui/solarisAdvancedDialog.cpp:65 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:196 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:200 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:204 +#: src/gui/.ui/linux24advanceddialog_q.cpp:372 +#: src/gui/.ui/linux24advanceddialog_q.cpp:376 +#: src/gui/.ui/linux24advanceddialog_q.cpp:380 +#: src/gui/.ui/linux24advanceddialog_q.cpp:384 +#: src/gui/.ui/linux24advanceddialog_q.cpp:388 +#: src/gui/.ui/linux24advanceddialog_q.cpp:392 +#: src/gui/.ui/linux24advanceddialog_q.cpp:396 +#: src/gui/.ui/linux24advanceddialog_q.cpp:400 +#: src/gui/.ui/linux24advanceddialog_q.cpp:404 +#: src/gui/.ui/linux24advanceddialog_q.cpp:419 +#: src/gui/.ui/linux24advanceddialog_q.cpp:423 +#: src/gui/.ui/linux24advanceddialog_q.cpp:427 +#: src/gui/.ui/linux24advanceddialog_q.cpp:431 +#: src/gui/.ui/linux24advanceddialog_q.cpp:435 +#: src/gui/.ui/linux24advanceddialog_q.cpp:439 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:173 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:177 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:181 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:181 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:185 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:190 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:194 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:190 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:196 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:200 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:205 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:209 +msgid "On" +msgstr "" + +#: src/gui/freebsdAdvancedDialog.cpp:68 src/gui/linksysAdvancedDialog.cpp:74 +#: src/gui/linux24AdvancedDialog.cpp:68 src/gui/macosxAdvancedDialog.cpp:68 +#: src/gui/openbsdAdvancedDialog.cpp:68 src/gui/solarisAdvancedDialog.cpp:68 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:197 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:201 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:205 +#: src/gui/.ui/linux24advanceddialog_q.cpp:373 +#: src/gui/.ui/linux24advanceddialog_q.cpp:377 +#: src/gui/.ui/linux24advanceddialog_q.cpp:381 +#: src/gui/.ui/linux24advanceddialog_q.cpp:385 +#: src/gui/.ui/linux24advanceddialog_q.cpp:389 +#: src/gui/.ui/linux24advanceddialog_q.cpp:393 +#: src/gui/.ui/linux24advanceddialog_q.cpp:397 +#: src/gui/.ui/linux24advanceddialog_q.cpp:401 +#: src/gui/.ui/linux24advanceddialog_q.cpp:405 +#: src/gui/.ui/linux24advanceddialog_q.cpp:420 +#: src/gui/.ui/linux24advanceddialog_q.cpp:424 +#: src/gui/.ui/linux24advanceddialog_q.cpp:428 +#: src/gui/.ui/linux24advanceddialog_q.cpp:432 +#: src/gui/.ui/linux24advanceddialog_q.cpp:436 +#: src/gui/.ui/linux24advanceddialog_q.cpp:440 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:174 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:178 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:182 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:182 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:186 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:191 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:195 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:191 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:197 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:201 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:206 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:210 +msgid "Off" +msgstr "" + +#: src/gui/FWBSettings.cpp:150 +#, qt-format +msgid "" +"Working directory %1 does not exist and could not be created.\n" +"Ignoring this setting." +msgstr "" + +#: src/gui/FWBTree.cpp:398 +msgid "New Library" +msgstr " " + +#: src/gui/FWObjectDropArea.cpp:93 +msgid "Drop object here." +msgstr "" + +#: src/gui/FWObjectDropArea.cpp:145 src/gui/GroupObjectDialog.cpp:665 +#: src/gui/ObjectManipulator.cpp:867 src/gui/RuleSetView.cpp:1561 +#: src/gui/.ui/FWBMainWindow_q.cpp:468 +msgid "Paste" +msgstr "" + +#: src/gui/FWObjectDropArea.cpp:147 src/gui/GroupObjectDialog.cpp:666 +#: src/gui/ObjConflictResolutionDialog.cpp:97 +#: src/gui/ObjConflictResolutionDialog.cpp:121 +#: src/gui/ObjectManipulator.cpp:872 src/gui/RuleSetView.cpp:1563 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:105 +#: src/gui/.ui/FWBMainWindow_q.cpp:534 src/gui/.ui/FWBMainWindow_q.cpp:535 +#: src/gui/.ui/newfirewalldialog_q.cpp:508 src/gui/.ui/newhostdialog_q.cpp:409 +msgid "Delete" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:100 +msgid "DNS record: " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:104 +#, fuzzy +msgid "Address Table: " +msgstr " " + +#: src/gui/FWObjectPropertiesFactory.cpp:155 +msgid " objects" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:171 +#, qt-format +msgid "protocol: %1" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:175 +#, qt-format +msgid "type: %1" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:177 +#, fuzzy, qt-format +msgid "code: %1" +msgstr ":" + +#: src/gui/FWObjectPropertiesFactory.cpp:219 +#, fuzzy +msgid "Library: " +msgstr ":" + +#: src/gui/FWObjectPropertiesFactory.cpp:224 +msgid "Object Id: " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:229 +msgid "Object Type: " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:233 +msgid "Object Name: " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:255 +msgid "DNS record:" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:258 +#: src/gui/FWObjectPropertiesFactory.cpp:266 +msgid "Run-time" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:258 +#: src/gui/FWObjectPropertiesFactory.cpp:266 +#, fuzzy +msgid "Compile-time" +msgstr "&Файл" + +#: src/gui/FWObjectPropertiesFactory.cpp:263 +msgid "Table file:" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:301 +#, qt-format +msgid "%1 objects
    \n" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:366 +msgid "Path: " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:423 +msgid "protocol " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:428 +msgid "type: " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:430 +msgid "code: " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:450 +#, qt-format +msgid "Pattern: \"%1\"" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:582 +msgid "Action : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:585 +msgid "Parameter: " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:608 +msgid "Log prefix : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:614 +msgid "Log Level : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:621 +msgid "Netlink group : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:627 +msgid "Limit Value : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:633 +msgid "Limit suffix : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:640 +msgid "Limit burst : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:647 +msgid "

  • Part of Any
    • " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:653 +#: src/gui/FWObjectPropertiesFactory.cpp:683 +#: src/gui/FWObjectPropertiesFactory.cpp:712 +#: src/gui/FWObjectPropertiesFactory.cpp:735 +msgid "
  • Stateless
    • " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:662 +msgid "Log facility: " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:669 +#: src/gui/FWObjectPropertiesFactory.cpp:752 +msgid "Log level : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:677 +msgid "
  • Send 'unreachable'
    • " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:689 +msgid "
  • Keep information on fragmented packets
    • " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:699 +msgid "Log prefix : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:705 +msgid "Max state : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:718 +msgid "
  • Source tracking
    • " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:721 +msgid "Max src nodes : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:724 +msgid "Max src states: " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:744 +#, qt-format +msgid "Ver:%1
    \n" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:758 +msgid "Log interval : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:765 +msgid "
  • Disable logging for this rule
    • " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:797 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:160 +msgid "bitmask" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:798 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:161 +msgid "random" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:799 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:162 +msgid "source-hash" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:800 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:163 +msgid "round-robin" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:802 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:164 +msgid "static-port" +msgstr "" + +#: src/gui/FWWindow.cpp:172 +msgid "No firewalls defined" +msgstr "Ðет ни одного файрволла" + +#: src/gui/FWWindow.cpp:376 +msgid "" +"Some objects have been modified but not saved.\n" +"Do you want to save changes now ?" +msgstr "" +"Ðекоторые объекты были модифицированы\n" +"но не Ñохранены. Хотите ли Ð’Ñ‹ Ñохранить Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ ?" + +#: src/gui/FWWindow.cpp:378 src/gui/ObjectEditor.cpp:466 +#: src/gui/.ui/FWBMainWindow_q.cpp:445 +msgid "&Save" +msgstr "&Сохранить" + +#: src/gui/FWWindow.cpp:378 src/gui/ObjectEditor.cpp:439 +#: src/gui/ObjectEditor.cpp:466 src/gui/.ui/FWBMainWindow_q.cpp:548 +msgid "&Discard" +msgstr "&Отмена" + +#: src/gui/FWWindow.cpp:378 src/gui/FWWindow.cpp:666 src/gui/RCS.cpp:738 +#: src/gui/.ui/askrulenumberdialog_q.cpp:91 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:189 +#: src/gui/.ui/ipfadvanceddialog_q.cpp:525 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:348 +#: src/gui/.ui/iptadvanceddialog_q.cpp:593 +#: src/gui/.ui/linksysadvanceddialog_q.cpp:191 +#: src/gui/.ui/linux24advanceddialog_q.cpp:368 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:167 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:175 +#: src/gui/.ui/pagesetupdialog_q.cpp:110 +#: src/gui/.ui/pfadvanceddialog_q.cpp:921 src/gui/.ui/prefsdialog_q.cpp:366 +#: src/gui/.ui/rcsfilesavedialog_q.cpp:104 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:185 +msgid "&Cancel" +msgstr "" + +#: src/gui/FWWindow.cpp:424 +msgid "FWB Files (*.fwb);;All Files (*)" +msgstr "" + +#: src/gui/FWWindow.cpp:435 src/gui/FWWindow.cpp:1634 +#, qt-format +msgid "" +"The file %1 already exists.\n" +"Do you want to overwrite it ?" +msgstr "Файл %1 уже ÑущеÑтвует. ПерепиÑать?" + +#: src/gui/FWWindow.cpp:437 src/gui/FWWindow.cpp:1636 +#: src/gui/ObjectManipulator.cpp:495 src/gui/ObjectManipulator.cpp:524 +#: src/gui/ObjectManipulator.cpp:1695 src/gui/ObjectManipulator.cpp:1771 +msgid "&Yes" +msgstr "" + +#: src/gui/FWWindow.cpp:437 src/gui/FWWindow.cpp:1636 +#: src/gui/ObjectManipulator.cpp:495 src/gui/ObjectManipulator.cpp:524 +#: src/gui/ObjectManipulator.cpp:1695 src/gui/ObjectManipulator.cpp:1771 +msgid "&No" +msgstr "" + +#: src/gui/FWWindow.cpp:471 src/gui/FWWindow.cpp:1065 +#: src/gui/StartWizard.cpp:99 +#, fuzzy +msgid "Choose name and location for the new file" +msgstr "Выберите Ð¸Ð¼Ñ Ð¸ фолдер Ð´Ð»Ñ Ð½Ð¾Ð²Ð¾Ð³Ð¾ файла" + +#: src/gui/FWWindow.cpp:571 +msgid "Saving data to file..." +msgstr "" + +#: src/gui/FWWindow.cpp:603 +#, fuzzy +msgid "Choose name and location for the file" +msgstr "Выберите Ð¸Ð¼Ñ Ð¸ фолдер Ð´Ð»Ñ Ð½Ð¾Ð²Ð¾Ð³Ð¾ файла" + +#: src/gui/FWWindow.cpp:660 +msgid "" +"This operation discards all changes that have been saved\n" +"into the file so far, closes it and replaces it with a clean\n" +"copy of its head revision from RCS.\n" +"\n" +"All changes will be lost if you do this.\n" +"\n" +msgstr "" + +#: src/gui/FWWindow.cpp:665 +#, fuzzy +msgid "&Discard changes" +msgstr "&Отмена" + +#: src/gui/FWWindow.cpp:709 +#, qt-format +msgid "File %1 has been added to RCS." +msgstr "" + +#: src/gui/FWWindow.cpp:718 src/gui/StartWizard.cpp:157 +#, qt-format +msgid "" +"Error adding file to RCS:\n" +"%1" +msgstr "" +"Ошибка Ð´Ð¾Ð±Ð°Ð²Ð»ÐµÐ½Ð¸Ñ Ñ„Ð°Ð¹Ð»Ð° в RCS\n" +"%1" + +#: src/gui/FWWindow.cpp:725 src/gui/FWWindow.cpp:1103 +msgid "(read-only)" +msgstr "(только Ð´Ð»Ñ Ñ‡Ñ‚ÐµÐ½Ð¸Ñ)" + +#: src/gui/FWWindow.cpp:777 src/gui/FWWindow.cpp:887 +msgid "Loading system objects..." +msgstr "" + +#: src/gui/FWWindow.cpp:836 src/gui/FWWindow.cpp:1127 +#: src/gui/FWWindow.cpp:1133 +#, qt-format +msgid "" +"Error loading file:\n" +"%1" +msgstr "" + +#: src/gui/FWWindow.cpp:895 +msgid "Reading and parsing data file..." +msgstr "" + +#: src/gui/FWWindow.cpp:965 +msgid "Merging with system objects..." +msgstr "" + +#: src/gui/FWWindow.cpp:1059 +#, qt-format +msgid "" +"Firewall Builder 2 uses file extension '.fwb' and \n" +"needs to rename old data file '%1' to '%2',\n" +"but file '%3' already exists.\n" +"Choose a different name for the new file." +msgstr "" + +#: src/gui/FWWindow.cpp:1073 +msgid "Load operation cancelled and data file reverted to original version." +msgstr "" + +#: src/gui/FWWindow.cpp:1088 +#, qt-format +msgid "" +"Firewall Builder 2 uses file extension '.fwb'. Your data file '%1' \n" +"has been renamed '%2'" +msgstr "" + +#: src/gui/FWWindow.cpp:1119 +#, qt-format +msgid "Exception: %1" +msgstr "" + +#: src/gui/FWWindow.cpp:1121 +#, qt-format +msgid "Failed transformation : %1" +msgstr "" + +#: src/gui/FWWindow.cpp:1123 +#, qt-format +msgid "XML element : %1" +msgstr "" + +#: src/gui/FWWindow.cpp:1146 +msgid "Building object tree..." +msgstr "" + +#: src/gui/FWWindow.cpp:1151 +msgid "Indexing..." +msgstr "" + +#: src/gui/FWWindow.cpp:1176 +#, qt-format +msgid "Checking file %1 in RCS" +msgstr "" + +#: src/gui/FWWindow.cpp:1201 +#, qt-format +msgid "" +"Error checking in file %1:\n" +"%2" +msgstr "" + +#: src/gui/FWWindow.cpp:1289 src/gui/FWWindow.cpp:1579 +msgid "File is read-only" +msgstr "" + +#: src/gui/FWWindow.cpp:1295 src/gui/FWWindow.cpp:1583 +#, qt-format +msgid "Error saving file %1: %2" +msgstr "" + +#: src/gui/FWWindow.cpp:1337 src/gui/listOfLibraries.cpp:210 +#, qt-format +msgid "Duplicate library '%1'" +msgstr "" + +#: src/gui/FWWindow.cpp:1359 src/gui/listOfLibraries.cpp:185 +#, qt-format +msgid "" +"Error loading file %1:\n" +"%2" +msgstr "" + +#: src/gui/FWWindow.cpp:1373 +msgid "Choose a file to import" +msgstr "" + +#: src/gui/FWWindow.cpp:1494 +#, qt-format +msgid "" +"Library %1: Firewall '%2' (global policy rule #%3) uses object '%4' from " +"library '%5'" +msgstr "" + +#: src/gui/FWWindow.cpp:1503 +#, qt-format +msgid "" +"Library %1: Firewall '%2' (interface %3 policy rule #%4) uses object '%5' " +"from library '%6'" +msgstr "" + +#: src/gui/FWWindow.cpp:1514 +#, qt-format +msgid "" +"Library %1: Firewall '%2' (NAT rule #%3) uses object '%4' from library '%5'" +msgstr "" + +#: src/gui/FWWindow.cpp:1524 +#, qt-format +msgid "Library %1: Group '%2' uses object '%3' from library '%4'" +msgstr "" + +#: src/gui/FWWindow.cpp:1539 +msgid "" +"A library that you are trying to export contains references\n" +"to objects in the other libraries and can not be exported.\n" +"The following objects need to be moved outside of it or\n" +"objects that they refer to moved in it:" +msgstr "" + +#: src/gui/FWWindow.cpp:1609 +msgid "Please select a library you want to export." +msgstr "" + +#: src/gui/FWWindow.cpp:1817 +#, qt-format +msgid "Policy/%1" +msgstr "" + +#: src/gui/FWWindow.cpp:1826 +#, qt-format +msgid "Building branch policy view '%1'..." +msgstr "" + +#: src/gui/FWWindow.cpp:1888 +msgid "Building policy view..." +msgstr "" + +#: src/gui/FWWindow.cpp:1914 +msgid "Building NAT view..." +msgstr "" + +#: src/gui/FWWindow.cpp:1928 +msgid "Building routing view..." +msgstr "" + +#: src/gui/FWWindowPrint.cpp:90 src/gui/.ui/discoverydruid_q.cpp:892 +#: src/gui/.ui/firewalldialog_q.cpp:200 src/gui/.ui/firewalldialog_q.cpp:201 +#: src/gui/.ui/instdialog_q.cpp:82 src/gui/.ui/instdialog_q.cpp:131 +#: src/gui/.ui/instdialog_q.cpp:220 src/gui/.ui/instdialog_q.cpp:266 +#: src/gui/.ui/instdialog_q.cpp:276 src/gui/.ui/instdialog_q.cpp:286 +msgid "Firewall" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:91 src/gui/.ui/discoverydruid_q.cpp:891 +#: src/gui/.ui/hostdialog_q.cpp:145 src/gui/.ui/hostdialog_q.cpp:146 +msgid "Host" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:93 +#, fuzzy +msgid "Addres Range" +msgstr " " + +#: src/gui/FWWindowPrint.cpp:94 src/gui/RuleSetView.cpp:3143 +#: src/gui/RuleSetView.cpp:3393 src/gui/.ui/interfacedialog_q.cpp:211 +#: src/gui/.ui/interfacedialog_q.cpp:212 +msgid "Interface" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:95 src/gui/.ui/networkdialog_q.cpp:164 +#: src/gui/.ui/networkdialog_q.cpp:165 +msgid "Network" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:96 +msgid "Group of objects" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:97 src/gui/.ui/customservicedialog_q.cpp:178 +#: src/gui/.ui/customservicedialog_q.cpp:179 +msgid "Custom Service" +msgstr " " + +#: src/gui/FWWindowPrint.cpp:98 src/gui/.ui/ipservicedialog_q.cpp:210 +#, fuzzy +msgid "IP Service" +msgstr " IP " + +#: src/gui/FWWindowPrint.cpp:99 src/gui/.ui/icmpservicedialog_q.cpp:169 +#, fuzzy +msgid "ICMP Service" +msgstr " ICMP " + +#: src/gui/FWWindowPrint.cpp:100 src/gui/.ui/tcpservicedialog_q.cpp:351 +#, fuzzy +msgid "TCP Service" +msgstr " TCP " + +#: src/gui/FWWindowPrint.cpp:101 src/gui/.ui/udpservicedialog_q.cpp:223 +#, fuzzy +msgid "UDP Service" +msgstr " UDP " + +#: src/gui/FWWindowPrint.cpp:102 +msgid "Group of services" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:103 src/gui/.ui/timedialog_q.cpp:237 +#, fuzzy +msgid "Time Interval" +msgstr " " + +#: src/gui/FWWindowPrint.cpp:275 +#, fuzzy, qt-format +msgid "Firewall name: %1" +msgstr " " + +#: src/gui/FWWindowPrint.cpp:276 +#, fuzzy +msgid "Platform: " +msgstr ":" + +#: src/gui/FWWindowPrint.cpp:277 +#, fuzzy +msgid "Version: " +msgstr ":" + +#: src/gui/FWWindowPrint.cpp:278 +msgid "Host OS: " +msgstr "" + +#: src/gui/FWWindowPrint.cpp:284 +msgid "Global Policy" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:334 +#, fuzzy, qt-format +msgid "Interface %1" +msgstr " " + +#: src/gui/FWWindowPrint.cpp:504 +msgid "Legend" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:580 src/gui/.ui/discoverydruid_q.cpp:884 +#, fuzzy +msgid "Objects" +msgstr " " + +#: src/gui/FWWindowPrint.cpp:782 +#, fuzzy +msgid "Groups" +msgstr ":" + +#: src/gui/FWWindowPrint.cpp:825 +msgid "EMPTY" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:847 src/gui/FWWindowPrint.cpp:850 +#: src/gui/FWWindowPrint.cpp:858 +msgid "Printing aborted" +msgstr "" + +#: src/gui/FWWindowPrint.cpp:854 +msgid "Printing completed" +msgstr "" + +#: src/gui/GroupObjectDialog.cpp:143 +msgid "Properties" +msgstr "" + +#: src/gui/GroupObjectDialog.cpp:658 src/gui/.ui/FWBMainWindow_q.cpp:441 +#: src/gui/.ui/FWBMainWindow_q.cpp:485 src/gui/.ui/FWBMainWindow_q.cpp:486 +msgid "Open" +msgstr "" + +#: src/gui/GroupObjectDialog.cpp:660 src/gui/ObjectManipulator.cpp:791 +#: src/gui/RuleSetView.cpp:1557 src/gui/RuleSetView.cpp:1678 +#: src/gui/RuleSetView.cpp:1682 src/gui/RuleSetView.cpp:1686 +#: src/gui/.ui/ipfadvanceddialog_q.cpp:567 +#: src/gui/.ui/ipfadvanceddialog_q.cpp:571 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:372 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:376 +#: src/gui/.ui/iptadvanceddialog_q.cpp:625 +#: src/gui/.ui/iptadvanceddialog_q.cpp:631 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1019 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1023 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1857 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1861 +msgid "Edit" +msgstr "" + +#: src/gui/GroupObjectDialog.cpp:663 src/gui/ObjectManipulator.cpp:863 +#: src/gui/RuleSetView.cpp:1559 src/gui/.ui/FWBMainWindow_q.cpp:465 +msgid "Copy" +msgstr "" + +#: src/gui/GroupObjectDialog.cpp:664 src/gui/ObjectManipulator.cpp:865 +#: src/gui/RuleSetView.cpp:1560 src/gui/.ui/FWBMainWindow_q.cpp:462 +msgid "Cut" +msgstr "" + +#: src/gui/InstallFirewallViewItem.cpp:31 src/gui/instDialog.cpp:1807 +#: src/gui/instDialog.cpp:1959 src/gui/instDialog.cpp:2177 +#: src/gui/instDialog.cpp:2195 src/gui/instDialog.cpp:2211 +#: src/gui/instDialog.cpp:2223 +#, fuzzy +msgid "Failure" +msgstr "&Файл" + +#: src/gui/InstallFirewallViewItem.cpp:44 src/gui/instDialog.cpp:1073 +#: src/gui/instDialog.cpp:1074 src/gui/instDialog.cpp:1732 +#: src/gui/instDialog.cpp:1761 src/gui/instDialog.cpp:1762 +msgid "Success" +msgstr "" + +#: src/gui/instBatchOptionsDialog.cpp:50 +msgid "Batch install options" +msgstr "" + +#: src/gui/instDialog.cpp:113 +msgid "There is no firewalls to process." +msgstr "" + +#: src/gui/instDialog.cpp:128 +msgid "" +"

    Select firewalls for compilation.

    " +msgstr "" + +#: src/gui/instDialog.cpp:142 +msgid "Unknown operation." +msgstr "" + +#: src/gui/instDialog.cpp:173 +msgid "Show details" +msgstr "" + +#: src/gui/instDialog.cpp:179 +msgid "Hide details" +msgstr "" + +#: src/gui/instDialog.cpp:208 +#, qt-format +msgid "Install options for firewall '%1'" +msgstr "" + +#: src/gui/instDialog.cpp:359 +msgid "Unsupported exception" +msgstr "" + +#: src/gui/instDialog.cpp:396 +msgid "Summary:" +msgstr "" + +#: src/gui/instDialog.cpp:399 src/gui/instDialog.cpp:429 +#, qt-format +msgid "* firewall name : %1" +msgstr "" + +#: src/gui/instDialog.cpp:401 +#, fuzzy, qt-format +msgid "* user name : %1" +msgstr "Ð˜Ð¼Ñ Ñ„Ð°Ð¹Ð»Ð°: %1" + +#: src/gui/instDialog.cpp:403 +#, qt-format +msgid "* management address : %1" +msgstr "" + +#: src/gui/instDialog.cpp:405 +#, qt-format +msgid "* platform : %1" +msgstr "" + +#: src/gui/instDialog.cpp:407 +#, qt-format +msgid "* host OS : %1" +msgstr "" + +#: src/gui/instDialog.cpp:409 +#, qt-format +msgid "* Loading configuration from file %1" +msgstr "" + +#: src/gui/instDialog.cpp:414 +msgid "* Incremental install" +msgstr "" + +#: src/gui/instDialog.cpp:419 +#, qt-format +msgid "* Configuration diff will be saved in file %1" +msgstr "" + +#: src/gui/instDialog.cpp:424 +msgid "* Commands will not be executed on the firewall" +msgstr "" + +#: src/gui/instDialog.cpp:694 +#, qt-format +msgid "" +"Only one interface of the firewall '%1' must be marked as management " +"interface." +msgstr "" + +#: src/gui/instDialog.cpp:701 +#, qt-format +msgid "" +"One of the interfaces of the firewall '%1' must be marked as management " +"interface." +msgstr "" + +#: src/gui/instDialog.cpp:709 +msgid "" +"Management interface does not have IP address, can not communicate with the " +"firewall." +msgstr "" + +#: src/gui/instDialog.cpp:756 +#, qt-format +msgid "File %1 not found." +msgstr "" + +#: src/gui/instDialog.cpp:946 src/gui/SSHPIX.cpp:271 +#, qt-format +msgid "Can not open file %1" +msgstr "" + +#: src/gui/instDialog.cpp:1029 +#, qt-format +msgid "" +"\n" +"Copying %1 -> %2:%3\n" +msgstr "" + +#: src/gui/instDialog.cpp:1063 +#, qt-format +msgid "" +"Running command '%1'\n" +"\n" +msgstr "" + +#: src/gui/instDialog.cpp:1078 src/gui/instDialog.cpp:1079 +#: src/gui/instDialog.cpp:1737 src/gui/instDialog.cpp:1773 +#: src/gui/instDialog.cpp:1774 +msgid "Error" +msgstr "" + +#: src/gui/instDialog.cpp:1101 +msgid "Fatal error, terminating install sequence\n" +msgstr "" + +#: src/gui/instDialog.cpp:1114 +msgid "Done\n" +msgstr "" + +#: src/gui/instDialog.cpp:1173 +msgid "Activating new policy\n" +msgstr "" + +#: src/gui/instDialog.cpp:1341 +#, qt-format +msgid "Compiling rule sets for firewall: %1" +msgstr "" + +#: src/gui/instDialog.cpp:1379 +msgid "" +"Policy installer uses Secure Shell to communicate with the firewall.\n" +"Please configure directory path to the secure shell utility \n" +"installed on your machine using Preferences dialog" +msgstr "" + +#: src/gui/instDialog.cpp:1399 +msgid "Firewall isn't compiled." +msgstr "" + +#: src/gui/instDialog.cpp:1493 +msgid "" +"Firewall platform is not specified in this object.\n" +"Can't compile firewall policy." +msgstr "" + +#: src/gui/instDialog.cpp:1693 +msgid "Error: Terminating install sequence\n" +msgstr "" + +#: src/gui/instDialog.cpp:1766 +msgid "Abnormal program termination" +msgstr "" + +#: src/gui/instDialog.cpp:1772 +msgid "Skipped" +msgstr "" + +#: src/gui/instDialog.cpp:1802 src/gui/instDialog.cpp:1954 +msgid "Compiling ..." +msgstr "" + +#: src/gui/instDialog.cpp:1815 +#, fuzzy +msgid "Recompile" +msgstr "&Файл" + +#: src/gui/instDialog.cpp:1901 +#, fuzzy +msgid "Batch policy rules compilation" +msgstr " " + +#: src/gui/instDialog.cpp:1930 src/gui/instDialog.cpp:2074 +#: src/gui/.ui/discoverydruid_q.cpp:861 src/gui/.ui/execdialog_q.cpp:93 +#: src/gui/.ui/instdialog_q.cpp:275 +msgid "Stop" +msgstr "" + +#: src/gui/instDialog.cpp:2085 +msgid "Install firewall: " +msgstr "" + +#: src/gui/instDialog.cpp:2095 +msgid "Installing firewalls" +msgstr "" + +#: src/gui/instDialog.cpp:2127 +msgid "Installing ..." +msgstr "" + +#: src/gui/instDialog.cpp:2188 +#, qt-format +msgid "Installing policy rules on firewall '%1'." +msgstr "" + +#: src/gui/instDialog.cpp:2318 src/gui/.ui/instdialog_q.cpp:273 +msgid "Show selected" +msgstr "" + +#: src/gui/instDialog.cpp:2324 +msgid "Show all" +msgstr "" + +#: src/gui/InterfaceDialog.cpp:182 +msgid "Group: " +msgstr ":" + +#: src/gui/InterfaceDialog.cpp:200 +msgid "Network: " +msgstr ":" + +#: src/gui/ipfAdvancedDialog.cpp:167 src/gui/ipfAdvancedDialog.cpp:175 +#: src/gui/ipfwAdvancedDialog.cpp:139 src/gui/ipfwAdvancedDialog.cpp:147 +#: src/gui/iptAdvancedDialog.cpp:216 src/gui/iptAdvancedDialog.cpp:224 +#: src/gui/pfAdvancedDialog.cpp:264 src/gui/pfAdvancedDialog.cpp:272 +#: src/gui/pixAdvancedDialog.cpp:777 src/gui/pixAdvancedDialog.cpp:785 +#: src/gui/.ui/metriceditorpanel_q.cpp:77 src/gui/.ui/simpleinteditor_q.cpp:84 +#: src/gui/.ui/simpletexteditor_q.cpp:87 +msgid "Script Editor" +msgstr "" + +#: src/gui/IPv4Dialog.cpp:155 src/gui/NetworkDialog.cpp:115 +#, qt-format +msgid "Illegal netmask '%1'" +msgstr " '%1'" + +#: src/gui/IPv4Dialog.cpp:266 +#, qt-format +msgid "" +"DNS lookup failed for both names of the address object '%1' and the name of " +"the host '%2'." +msgstr "" + +#: src/gui/IPv4Dialog.cpp:273 +#, fuzzy, qt-format +msgid "DNS lookup failed for name of the address object '%1'." +msgstr " %1 DNS" + +#: src/gui/LibraryDialog.cpp:152 +msgid "Pick the color for this library" +msgstr " " + +#: src/gui/listOfLibraries.cpp:141 +msgid "" +"The library file you are trying to open\n" +"has been saved in an older version of\n" +"Firewall Builder and needs to be upgraded.\n" +"To upgarde it, just load it in the Firewall\n" +"Builder GUI and save back to file again." +msgstr "" + +#: src/gui/newFirewallDialog.cpp:97 src/gui/.ui/newhostdialog_q.cpp:390 +msgid "" +"Check option 'dynamic address' for the interface that gets its IP address " +"dynamically via DHCP or PPP protocol." +msgstr "" + +#: src/gui/newFirewallDialog.cpp:98 src/gui/.ui/newhostdialog_q.cpp:389 +msgid "" +"Check option 'Unnumbered interface' for the interface that does not have an " +"IP address. Examples of interfaces of this kind are those used to terminate " +"PPPoE or VPN tunnels." +msgstr "" + +#: src/gui/newFirewallDialog.cpp:227 src/gui/newHostDialog.cpp:220 +msgid "Missing SNMP community string." +msgstr "" + +#: src/gui/newFirewallDialog.cpp:246 src/gui/newHostDialog.cpp:239 +#, qt-format +msgid "Address of %1 could not be obtained via DNS" +msgstr "" + +#: src/gui/newFirewallDialog.cpp:413 +msgid "dynamic" +msgstr "" + +#: src/gui/newFirewallDialog.cpp:494 src/gui/newHostDialog.cpp:424 +#, qt-format +msgid "Interface: %1 (%2)" +msgstr "" + +#: src/gui/newFirewallDialog.cpp:502 src/gui/newHostDialog.cpp:432 +#: src/gui/.ui/newfirewalldialog_q.cpp:514 src/gui/.ui/newhostdialog_q.cpp:404 +msgid "Dynamic address" +msgstr "" + +#: src/gui/newFirewallDialog.cpp:504 src/gui/newHostDialog.cpp:434 +#: src/gui/.ui/interfacedialog_q.cpp:236 +#: src/gui/.ui/newfirewalldialog_q.cpp:513 src/gui/.ui/newhostdialog_q.cpp:395 +msgid "Unnumbered interface" +msgstr "" + +#: src/gui/newFirewallDialog.cpp:506 src/gui/.ui/interfacedialog_q.cpp:237 +#: src/gui/.ui/newfirewalldialog_q.cpp:512 +msgid "Bridge port" +msgstr "" + +#: src/gui/newFirewallDialog.cpp:546 src/gui/newHostDialog.cpp:471 +#, qt-format +msgid "Illegal address '%1/%2'" +msgstr "" + +#: src/gui/ObjConflictResolutionDialog.cpp:77 +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:150 +msgid "Keep current object" +msgstr "" + +#: src/gui/ObjConflictResolutionDialog.cpp:78 +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:155 +msgid "Replace with this object" +msgstr "" + +#: src/gui/ObjConflictResolutionDialog.cpp:96 +#: src/gui/ObjConflictResolutionDialog.cpp:120 +#, qt-format +msgid "Object '%1' has been deleted" +msgstr "" + +#: src/gui/ObjConflictResolutionDialog.cpp:144 +#, qt-format +msgid "Object '%1' in the objects tree" +msgstr "" + +#: src/gui/ObjConflictResolutionDialog.cpp:146 +#: src/gui/ObjConflictResolutionDialog.cpp:148 +#, qt-format +msgid "Object '%1' in file %2" +msgstr "" + +#: src/gui/ObjectEditor.cpp:437 +msgid "" +"Modifications done to this object can not be saved.\n" +"Do you want to continue editing it ?" +msgstr "" + +#: src/gui/ObjectEditor.cpp:438 src/gui/.ui/FWBMainWindow_q.cpp:565 +msgid "&Edit" +msgstr "&Редактировать" + +#: src/gui/ObjectEditor.cpp:465 +#, fuzzy +msgid "" +"This object has been modified but not saved.\n" +"Do you want to save it ?" +msgstr "" +"Ðекоторые объекты были модифицированы\n" +"но не Ñохранены. Хотите ли Ð’Ñ‹ Ñохранить Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ ?" + +#: src/gui/ObjectEditor.cpp:466 src/gui/utils.cpp:212 +msgid "&Continue editing" +msgstr " " + +#: src/gui/ObjectManipulator.cpp:144 +msgid "Object Manipulator" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:161 +msgid "New &Library" +msgstr "Библиотека" + +#: src/gui/ObjectManipulator.cpp:164 +msgid "New &Firewall" +msgstr "Файрволл" + +#: src/gui/ObjectManipulator.cpp:165 +msgid "New &Host" +msgstr "ХоÑÑ‚" + +#: src/gui/ObjectManipulator.cpp:166 +msgid "New &Interface" +msgstr "ИнтерфейÑ" + +#: src/gui/ObjectManipulator.cpp:168 +msgid "New &Network" +msgstr "Сеть" + +#: src/gui/ObjectManipulator.cpp:169 +msgid "New &Address" +msgstr "ÐдреÑ" + +#: src/gui/ObjectManipulator.cpp:170 +msgid "New &DNS Name" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:171 +#, fuzzy +msgid "New A&ddress Table" +msgstr " " + +#: src/gui/ObjectManipulator.cpp:172 +msgid "New Address &Range" +msgstr "Диапазон адреÑов" + +#: src/gui/ObjectManipulator.cpp:173 +msgid "New &Object Group" +msgstr "Группа объектов" + +#: src/gui/ObjectManipulator.cpp:175 +msgid "New &Custom Service" +msgstr "Специальный ÑервиÑ" + +#: src/gui/ObjectManipulator.cpp:176 +msgid "New &IP Service" +msgstr "IP ÑервиÑ" + +#: src/gui/ObjectManipulator.cpp:177 +msgid "New IC&MP Service" +msgstr "ICMP ÑервиÑ" + +#: src/gui/ObjectManipulator.cpp:178 +msgid "New &TCP Service" +msgstr "TCP ÑервиÑ" + +#: src/gui/ObjectManipulator.cpp:179 +msgid "New &UDP Service" +msgstr "UDP ÑервиÑ" + +#: src/gui/ObjectManipulator.cpp:180 +#, fuzzy +msgid "New &TagService" +msgstr "TCP ÑервиÑ" + +#: src/gui/ObjectManipulator.cpp:181 +msgid "New &Service Group" +msgstr "группа ÑервиÑов" + +#: src/gui/ObjectManipulator.cpp:183 +msgid "New Ti&me Interval" +msgstr "интервал времени" + +#: src/gui/ObjectManipulator.cpp:229 +msgid " ( read only )" +msgstr " (только Ð´Ð»Ñ Ñ‡Ñ‚ÐµÐ½Ð¸Ñ)" + +#: src/gui/ObjectManipulator.cpp:483 +msgid "" +"The name of the object '%1' has changed. The program can also\n" +"rename IP address objects that belong to this object,\n" +"using standard naming scheme 'host_name:interface_name:ip'.\n" +"This makes it easier to distinguish what host or a firewall\n" +"given IP address object belongs to when it is used in \n" +"the policy or NAT rule. The program also renames MAC address\n" +"objects using scheme 'host_name:interface_name:mac'.\n" +"Do you want to rename child IP and MAC address objects now?\n" +"(If you click 'No', names of all address objects that belong to\n" +"%1 will stay the same.)" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:512 +msgid "" +"The name of the interface '%1' has changed. The program can also\n" +"rename IP address objects that belong to this interface,\n" +"using standard naming scheme 'host_name:interface_name:ip'.\n" +"This makes it easier to distinguish what host or a firewall\n" +"given IP address object belongs to when it is used in \n" +"the policy or NAT rule. The program also renames MAC address\n" +"objects using scheme 'host_name:interface_name:mac'.\n" +"Do you want to rename child IP and MAC address objects now?\n" +"(If you click 'No', names of all address objects that belong to\n" +"%1 will stay the same.)" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:825 +#, qt-format +msgid "place in library %1" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:834 +#, qt-format +msgid "to library %1" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:844 +msgid "place here" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:847 +#, fuzzy +msgid "Duplicate ..." +msgstr " " + +#: src/gui/ObjectManipulator.cpp:852 src/gui/ObjectManipulator.cpp:855 +msgid "Move ..." +msgstr "" + +#: src/gui/ObjectManipulator.cpp:884 +msgid "Add Interface" +msgstr " " + +#: src/gui/ObjectManipulator.cpp:889 +msgid "Add IP Address" +msgstr " IP " + +#: src/gui/ObjectManipulator.cpp:891 +msgid "Add MAC Address" +msgstr " MAC " + +#: src/gui/ObjectManipulator.cpp:896 src/gui/.ui/newfirewalldialog_q.cpp:486 +msgid "New Firewall" +msgstr " " + +#: src/gui/ObjectManipulator.cpp:901 src/gui/ObjectManipulator.cpp:2448 +#: src/gui/ObjectManipulator.cpp:2464 +msgid "New Address" +msgstr " " + +#: src/gui/ObjectManipulator.cpp:906 src/gui/ObjectManipulator.cpp:2479 +msgid "New DNS Name" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:912 src/gui/ObjectManipulator.cpp:2490 +#, fuzzy +msgid "New Address Table" +msgstr " " + +#: src/gui/ObjectManipulator.cpp:917 src/gui/ObjectManipulator.cpp:2557 +msgid "New Address Range" +msgstr " " + +#: src/gui/ObjectManipulator.cpp:921 src/gui/.ui/newhostdialog_q.cpp:377 +msgid "New Host" +msgstr " " + +#: src/gui/ObjectManipulator.cpp:925 src/gui/ObjectManipulator.cpp:2424 +msgid "New Network" +msgstr " " + +#: src/gui/ObjectManipulator.cpp:929 src/gui/ObjectManipulator.cpp:957 +#: src/gui/.ui/newgroupdialog_q.cpp:97 +msgid "New Group" +msgstr " " + +#: src/gui/ObjectManipulator.cpp:933 src/gui/ObjectManipulator.cpp:2580 +msgid "New Custom Service" +msgstr " " + +#: src/gui/ObjectManipulator.cpp:937 src/gui/ObjectManipulator.cpp:2591 +msgid "New IP Service" +msgstr " IP " + +#: src/gui/ObjectManipulator.cpp:941 src/gui/ObjectManipulator.cpp:2602 +msgid "New ICMP Service" +msgstr " ICMP " + +#: src/gui/ObjectManipulator.cpp:945 src/gui/ObjectManipulator.cpp:2613 +msgid "New TCP Service" +msgstr " TCP " + +#: src/gui/ObjectManipulator.cpp:949 src/gui/ObjectManipulator.cpp:2624 +msgid "New UDP Service" +msgstr " UDP " + +#: src/gui/ObjectManipulator.cpp:953 src/gui/ObjectManipulator.cpp:2524 +#, fuzzy +msgid "New TagService" +msgstr " TCP " + +#: src/gui/ObjectManipulator.cpp:961 src/gui/ObjectManipulator.cpp:2647 +msgid "New Time Interval" +msgstr " " + +#: src/gui/ObjectManipulator.cpp:965 src/gui/.ui/finddialog_q.cpp:131 +#: src/gui/.ui/findwhereusedwidget_q.cpp:118 +msgid "Find" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:966 +msgid "Where used" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:978 src/gui/.ui/groupobjectdialog_q.cpp:187 +#: src/gui/.ui/groupobjectdialog_q.cpp:188 +msgid "Group" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:986 src/gui/.ui/FWBMainWindow_q.cpp:491 +#: src/gui/.ui/FWBMainWindow_q.cpp:492 src/gui/.ui/instdialog_q.cpp:78 +#: src/gui/.ui/instdialog_q.cpp:264 +msgid "Compile" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:987 src/gui/.ui/FWBMainWindow_q.cpp:494 +#: src/gui/.ui/FWBMainWindow_q.cpp:495 src/gui/.ui/instdialog_q.cpp:80 +#: src/gui/.ui/instdialog_q.cpp:265 +msgid "Install" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:994 src/gui/.ui/FWBMainWindow_q.cpp:553 +#: src/gui/.ui/FWBMainWindow_q.cpp:554 +msgid "Lock" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:996 src/gui/.ui/FWBMainWindow_q.cpp:555 +#: src/gui/.ui/FWBMainWindow_q.cpp:556 +msgid "Unlock" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1005 +msgid "dump" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1038 +msgid "Undelete..." +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1527 +#, qt-format +msgid "" +"Impossible to insert object %1 (type %2) into %3\n" +"because of incompatible type." +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1686 +msgid "" +"Emptying the 'Deleted Objects' in a library file is not recommended.\n" +"When you remove deleted objects from a library file, Firewall Builder\n" +"loses ability to track them. If a group or a policy rule in some\n" +"data file still uses removed object from this library, you may encounter\n" +"unusual and unexpected behavior of the program.\n" +"Do you want to delete selected objects anyway ?" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1766 +#, qt-format +msgid "" +"When you delete a library, all objects that belong to it\n" +"disappear from the tree and all groups and rules that reference them.\n" +"You won't be able to reverse this operation later.\n" +"Do you still want to delete library %1?" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:2276 +#, qt-format +msgid "" +"Type '%1': new object can not be created because\n" +"corresponding branch is missing in the object tree.\n" +"Please repair the tree using command 'fwbedit -s -f file.fwb'." +msgstr "" + +#: src/gui/ObjectManipulator.cpp:2403 src/gui/ObjectManipulator.cpp:2406 +#, fuzzy +msgid "New Interface" +msgstr " " + +#: src/gui/ObjectManipulator.cpp:2568 +msgid "New Object Group" +msgstr " " + +#: src/gui/ObjectManipulator.cpp:2635 +msgid "New Service Group" +msgstr " " + +#: src/gui/ObjectManipulator.cpp:2823 +msgid "Searching for firewalls affected by the change..." +msgstr "" + +#: src/gui/ObjectTreeView.cpp:96 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:65 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:108 +#: src/gui/.ui/discoverydruid_q.cpp:689 src/gui/.ui/discoverydruid_q.cpp:893 +#: src/gui/.ui/FWBMainWindow_q.cpp:567 +msgid "Object" +msgstr "" + +#: src/gui/pfAdvancedDialog.cpp:89 +msgid "Aggressive" +msgstr "" + +#: src/gui/pfAdvancedDialog.cpp:91 +msgid "Conservative" +msgstr "" + +#: src/gui/pfAdvancedDialog.cpp:93 +msgid "For high latency" +msgstr "" + +#: src/gui/pfAdvancedDialog.cpp:95 +msgid "Normal" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:129 +msgid "0 - System Unusable" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:134 +msgid "1 - Take Immediate Action" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:139 +msgid "2 - Critical Condition" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:144 +msgid "3 - Error Message" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:149 +msgid "4 - Warning Message" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:154 +msgid "5 - Normal but significant condition" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:159 +msgid "6 - Informational" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:164 +msgid "7 - Debug Message" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:671 src/gui/pixAdvancedDialog.cpp:709 +msgid "Error: Policy compiler for PIX is not installed" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:695 +#, fuzzy +msgid "Compiler error" +msgstr "&Файл" + +#: src/gui/platforms.cpp:59 src/gui/.ui/ruleoptionsdialog_q.cpp:672 +msgid "alert" +msgstr "" + +#: src/gui/platforms.cpp:61 src/gui/.ui/ruleoptionsdialog_q.cpp:673 +msgid "crit" +msgstr "" + +#: src/gui/platforms.cpp:63 src/gui/.ui/pfadvanceddialog_q.cpp:987 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:674 +msgid "error" +msgstr "" + +#: src/gui/platforms.cpp:65 src/gui/.ui/ruleoptionsdialog_q.cpp:675 +msgid "warning" +msgstr "" + +#: src/gui/platforms.cpp:67 src/gui/.ui/ruleoptionsdialog_q.cpp:676 +msgid "notice" +msgstr "" + +#: src/gui/platforms.cpp:69 src/gui/.ui/ruleoptionsdialog_q.cpp:677 +msgid "info" +msgstr "" + +#: src/gui/platforms.cpp:71 src/gui/.ui/ruleoptionsdialog_q.cpp:678 +msgid "debug" +msgstr "" + +#: src/gui/platforms.cpp:77 +msgid "kern" +msgstr "" + +#: src/gui/platforms.cpp:79 +msgid "user" +msgstr "" + +#: src/gui/platforms.cpp:81 +msgid "mail" +msgstr "" + +#: src/gui/platforms.cpp:83 +msgid "daemon" +msgstr "" + +#: src/gui/platforms.cpp:85 +msgid "auth" +msgstr "" + +#: src/gui/platforms.cpp:87 +msgid "syslog" +msgstr "" + +#: src/gui/platforms.cpp:89 +msgid "lpr" +msgstr "" + +#: src/gui/platforms.cpp:91 +msgid "news" +msgstr "" + +#: src/gui/platforms.cpp:93 +msgid "uucp" +msgstr "" + +#: src/gui/platforms.cpp:95 +msgid "cron" +msgstr "" + +#: src/gui/platforms.cpp:97 +msgid "authpriv" +msgstr "" + +#: src/gui/platforms.cpp:99 src/gui/.ui/pixadvanceddialog_q.cpp:1920 +msgid "ftp" +msgstr "" + +#: src/gui/platforms.cpp:101 +msgid "local0" +msgstr "" + +#: src/gui/platforms.cpp:103 +msgid "local1" +msgstr "" + +#: src/gui/platforms.cpp:105 +msgid "local2" +msgstr "" + +#: src/gui/platforms.cpp:107 +msgid "local3" +msgstr "" + +#: src/gui/platforms.cpp:109 +msgid "local4" +msgstr "" + +#: src/gui/platforms.cpp:111 +msgid "local5" +msgstr "" + +#: src/gui/platforms.cpp:113 +msgid "local6" +msgstr "" + +#: src/gui/platforms.cpp:115 +msgid "local7" +msgstr "" + +#: src/gui/platforms.cpp:120 +msgid "ICMP admin prohibited" +msgstr "" + +#: src/gui/platforms.cpp:122 +msgid "ICMP host prohibited" +msgstr "" + +#: src/gui/platforms.cpp:124 +msgid "ICMP host unreachable" +msgstr "" + +#: src/gui/platforms.cpp:126 +msgid "ICMP net prohibited" +msgstr "" + +#: src/gui/platforms.cpp:128 +msgid "ICMP net unreachable" +msgstr "" + +#: src/gui/platforms.cpp:130 +msgid "ICMP port unreachable" +msgstr "" + +#: src/gui/platforms.cpp:132 +msgid "ICMP protocol unreachable" +msgstr "" + +#: src/gui/platforms.cpp:134 +msgid "TCP RST" +msgstr "" + +#: src/gui/platforms.cpp:137 src/gui/.ui/actionsdialog_q.cpp:460 +#: src/gui/.ui/actionsdialog_q.cpp:467 +msgid "Route through" +msgstr "" + +#: src/gui/platforms.cpp:139 src/gui/.ui/actionsdialog_q.cpp:461 +#: src/gui/.ui/actionsdialog_q.cpp:468 +msgid "Route reply through" +msgstr "" + +#: src/gui/platforms.cpp:141 src/gui/.ui/actionsdialog_q.cpp:462 +#: src/gui/.ui/actionsdialog_q.cpp:469 +msgid "Route a copy through" +msgstr "" + +#: src/gui/platforms.cpp:144 src/gui/.ui/iptadvanceddialog_q.cpp:634 +msgid "on top of the script" +msgstr "" + +#: src/gui/platforms.cpp:146 src/gui/.ui/iptadvanceddialog_q.cpp:635 +msgid "after interface configuration" +msgstr "" + +#: src/gui/platforms.cpp:148 src/gui/.ui/iptadvanceddialog_q.cpp:636 +#, fuzzy +msgid "after policy reset" +msgstr " " + +#: src/gui/platforms.cpp:151 +msgid "in the activation shell script" +msgstr "" + +#: src/gui/platforms.cpp:154 +msgid "in the pf rule file, at the very top" +msgstr "" + +#: src/gui/platforms.cpp:157 +msgid "in the pf rule file, after set comamnds" +msgstr "" + +#: src/gui/platforms.cpp:160 +msgid "in the pf rule file, after scrub comamnds" +msgstr "" + +#: src/gui/platforms.cpp:163 +msgid "in the pf rule file, after table definitions" +msgstr "" + +#: src/gui/platforms.cpp:168 src/gui/.ui/ruleoptionsdialog_q.cpp:688 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:701 +msgid "/day" +msgstr "" + +#: src/gui/platforms.cpp:170 src/gui/.ui/ruleoptionsdialog_q.cpp:689 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:702 +msgid "/hour" +msgstr "" + +#: src/gui/platforms.cpp:172 src/gui/.ui/ruleoptionsdialog_q.cpp:690 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:703 +msgid "/minute" +msgstr "" + +#: src/gui/platforms.cpp:174 src/gui/.ui/ruleoptionsdialog_q.cpp:691 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:704 +msgid "/second" +msgstr "" + +#: src/gui/platforms.cpp:338 +msgid "- any -" +msgstr "" + +#: src/gui/platforms.cpp:339 +msgid "1.2.5 or earlier" +msgstr "" + +#: src/gui/platforms.cpp:340 +msgid "1.2.6 to 1.2.8" +msgstr "" + +#: src/gui/platforms.cpp:341 +msgid "1.2.9 to 1.2.11" +msgstr "" + +#: src/gui/platforms.cpp:342 +msgid "1.3.0 or later" +msgstr "" + +#: src/gui/platforms.cpp:462 +msgid "Accept" +msgstr "" + +#: src/gui/platforms.cpp:464 +msgid "Deny" +msgstr "" + +#: src/gui/platforms.cpp:466 +msgid "Reject" +msgstr "" + +#: src/gui/platforms.cpp:468 +msgid "Scrub" +msgstr "" + +#: src/gui/platforms.cpp:470 +msgid "Return" +msgstr "" + +#: src/gui/platforms.cpp:472 +msgid "Skip" +msgstr "" + +#: src/gui/platforms.cpp:474 src/gui/.ui/longtextdialog_q.cpp:96 +#, fuzzy +msgid "Continue" +msgstr " " + +#: src/gui/platforms.cpp:476 +msgid "Modify" +msgstr "" + +#: src/gui/platforms.cpp:478 +msgid "Classify" +msgstr "" + +#: src/gui/platforms.cpp:480 +#, fuzzy +msgid "Custom" +msgstr " " + +#: src/gui/platforms.cpp:483 +msgid "Branch" +msgstr "" + +#: src/gui/platforms.cpp:484 +msgid "Chain" +msgstr "" + +#: src/gui/platforms.cpp:485 +msgid "Anchor" +msgstr "" + +#: src/gui/platforms.cpp:489 +msgid "Accounting" +msgstr "" + +#: src/gui/platforms.cpp:490 +#, fuzzy +msgid "Count" +msgstr ":" + +#: src/gui/platforms.cpp:494 +msgid "Tag" +msgstr "" + +#: src/gui/platforms.cpp:495 +msgid "Mark" +msgstr "" + +#: src/gui/platforms.cpp:499 +msgid "Pipe" +msgstr "" + +#: src/gui/platforms.cpp:500 +msgid "Queue" +msgstr "" + +#: src/gui/PrefsDialog.cpp:164 +#, fuzzy +msgid "Pick the color" +msgstr " " + +#: src/gui/PrefsDialog.cpp:212 +msgid "Find working directory" +msgstr "" + +#: src/gui/PrefsDialog.cpp:221 +msgid "Find Secure Shell utility" +msgstr "" + +#: src/gui/PrefsDialog.cpp:258 +msgid "Find add-on library" +msgstr "" + +#: src/gui/printerStream.cpp:132 +#, qt-format +msgid "Page %1" +msgstr "" + +#: src/gui/PrintingProgressDialog.cpp:48 +#, qt-format +msgid "Printing (page %1/%2)" +msgstr "" + +#: src/gui/PrintingProgressDialog.cpp:50 +#, qt-format +msgid "Printing page %1" +msgstr "" + +#: src/gui/PrintingProgressDialog.cpp:67 +msgid "Aborting print operation" +msgstr "" + +#: src/gui/RCS.cpp:488 src/gui/RCS.cpp:707 src/gui/RCS.cpp:790 +#, qt-format +msgid "Error checking file out: %1" +msgstr "" + +#: src/gui/RCS.cpp:548 +#, qt-format +msgid "" +"Fatal error during initial RCS checkin of file %1 :\n" +" %2\n" +"Exit status %3" +msgstr "" + +#: src/gui/RCS.cpp:677 +msgid "Error creating temporary file " +msgstr "" + +#: src/gui/RCS.cpp:690 +msgid "Error writing to temporary file " +msgstr "" + +#: src/gui/RCS.cpp:722 +#, qt-format +msgid "" +"File is opened and locked by %1.\n" +"You can only open it read-only." +msgstr "" + +#: src/gui/RCS.cpp:735 +#, qt-format +msgid "" +"Revision %1 of this file has been checked out and locked by you earlier.\n" +"The file may be opened in another copy of Firewall Builder or was left " +"opened\n" +"after the program crashed." +msgstr "" + +#: src/gui/RCS.cpp:738 +msgid "Open &read-only" +msgstr " " + +#: src/gui/RCS.cpp:738 +msgid "&Open and continue editing" +msgstr " " + +#: src/gui/RCS.cpp:981 +#, qt-format +msgid "Fatal error running rlog for %1" +msgstr "" + +#: src/gui/RCS.cpp:1021 +#, qt-format +msgid "Fatal error running rcsdiff for file %1" +msgstr "" + +#: src/gui/RCSFilePreview.cpp:128 +msgid "File is not in RCS" +msgstr "" + +#: src/gui/RuleSetView.cpp:206 +msgid "A Rule Set" +msgstr "" + +#: src/gui/RuleSetView.cpp:597 +msgid "Outbound " +msgstr "" + +#: src/gui/RuleSetView.cpp:673 +msgid "Original" +msgstr "" + +#: src/gui/RuleSetView.cpp:674 +msgid "Default" +msgstr "" + +#: src/gui/RuleSetView.cpp:677 src/gui/.ui/instdialog_q.cpp:271 +msgid "All" +msgstr "" + +#: src/gui/RuleSetView.cpp:678 src/gui/RuleSetView.cpp:686 +msgid "Any" +msgstr "" + +#: src/gui/RuleSetView.cpp:1364 src/gui/RuleSetView.cpp:1606 +#: src/gui/RuleSetView.cpp:1634 src/gui/.ui/FWBMainWindow_q.cpp:513 +#: src/gui/.ui/FWBMainWindow_q.cpp:514 +msgid "Insert Rule" +msgstr "" + +#: src/gui/RuleSetView.cpp:1366 src/gui/RuleSetView.cpp:1380 +msgid "Paste Rule" +msgstr "" + +#: src/gui/RuleSetView.cpp:1501 +msgid "Parameters" +msgstr "" + +#: src/gui/RuleSetView.cpp:1518 +msgid "Inbound" +msgstr "" + +#: src/gui/RuleSetView.cpp:1522 +msgid "Outbound" +msgstr "" + +#: src/gui/RuleSetView.cpp:1526 +msgid "Both" +msgstr "" + +#: src/gui/RuleSetView.cpp:1535 +msgid "Rule Options" +msgstr "" + +#: src/gui/RuleSetView.cpp:1542 +msgid "Logging On" +msgstr "" + +#: src/gui/RuleSetView.cpp:1546 +msgid "Logging Off" +msgstr "" + +#: src/gui/RuleSetView.cpp:1565 +#, fuzzy +msgid "Reveal in tree" +msgstr " " + +#: src/gui/RuleSetView.cpp:1567 +msgid "Negate" +msgstr "" + +#: src/gui/RuleSetView.cpp:1614 +#, fuzzy, qt-format +msgid "Rules: %1-%2" +msgstr ":" + +#: src/gui/RuleSetView.cpp:1617 +#, fuzzy, qt-format +msgid "Rule: %1" +msgstr ":" + +#: src/gui/RuleSetView.cpp:1622 +msgid "Color Label:" +msgstr "" + +#: src/gui/RuleSetView.cpp:1636 src/gui/.ui/FWBMainWindow_q.cpp:519 +#: src/gui/.ui/FWBMainWindow_q.cpp:520 +msgid "Add Rule Below" +msgstr "" + +#: src/gui/RuleSetView.cpp:1639 src/gui/.ui/FWBMainWindow_q.cpp:521 +#: src/gui/.ui/FWBMainWindow_q.cpp:522 +msgid "Remove Rule" +msgstr "" + +#: src/gui/RuleSetView.cpp:1640 +msgid "Remove Rules" +msgstr "" + +#: src/gui/RuleSetView.cpp:1643 +msgid "Move Rule" +msgstr "" + +#: src/gui/RuleSetView.cpp:1644 +#, fuzzy +msgid "Move Rules" +msgstr "Правила" + +#: src/gui/RuleSetView.cpp:1650 src/gui/.ui/FWBMainWindow_q.cpp:524 +#: src/gui/.ui/FWBMainWindow_q.cpp:525 +msgid "Copy Rule" +msgstr "" + +#: src/gui/RuleSetView.cpp:1652 src/gui/.ui/FWBMainWindow_q.cpp:526 +#: src/gui/.ui/FWBMainWindow_q.cpp:527 +msgid "Cut Rule" +msgstr "" + +#: src/gui/RuleSetView.cpp:1654 src/gui/.ui/FWBMainWindow_q.cpp:528 +#: src/gui/.ui/FWBMainWindow_q.cpp:529 +msgid "Paste Rule Above" +msgstr "" + +#: src/gui/RuleSetView.cpp:1656 src/gui/.ui/FWBMainWindow_q.cpp:530 +#: src/gui/.ui/FWBMainWindow_q.cpp:531 +msgid "Paste Rule Below" +msgstr "" + +#: src/gui/RuleSetView.cpp:1663 +msgid "Enable Rule" +msgstr "" + +#: src/gui/RuleSetView.cpp:1664 +msgid "Enable Rules" +msgstr "" + +#: src/gui/RuleSetView.cpp:1668 +msgid "Disable Rule" +msgstr "" + +#: src/gui/RuleSetView.cpp:1669 +msgid "Disable Rules" +msgstr "" + +#: src/gui/RuleSetView.cpp:3134 src/gui/RuleSetView.cpp:3224 +msgid "Source" +msgstr "" + +#: src/gui/RuleSetView.cpp:3137 src/gui/RuleSetView.cpp:3227 +#: src/gui/RuleSetView.cpp:3387 +msgid "Destination" +msgstr "" + +#: src/gui/RuleSetView.cpp:3140 src/gui/RuleSetView.cpp:3230 +msgid "Service" +msgstr "" + +#: src/gui/RuleSetView.cpp:3146 src/gui/RuleSetView.cpp:3233 +msgid "Direction" +msgstr "" + +#: src/gui/RuleSetView.cpp:3149 src/gui/RuleSetView.cpp:3236 +msgid "Action" +msgstr "" + +#: src/gui/RuleSetView.cpp:3154 src/gui/RuleSetView.cpp:3241 +#: src/gui/.ui/timedialog_q.cpp:236 +msgid "Time" +msgstr "" + +#: src/gui/RuleSetView.cpp:3160 src/gui/RuleSetView.cpp:3247 +#: src/gui/RuleSetView.cpp:3327 src/gui/RuleSetView.cpp:3399 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:206 +#: src/gui/.ui/linux24advanceddialog_q.cpp:415 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:184 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:198 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1829 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:308 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:212 +msgid "Options" +msgstr "" + +#: src/gui/RuleSetView.cpp:3164 src/gui/RuleSetView.cpp:3251 +#: src/gui/RuleSetView.cpp:3330 src/gui/RuleSetView.cpp:3402 +msgid "Comment" +msgstr "" + +#: src/gui/RuleSetView.cpp:3309 +msgid "Original Src" +msgstr "" + +#: src/gui/RuleSetView.cpp:3312 +msgid "Original Dst" +msgstr "" + +#: src/gui/RuleSetView.cpp:3315 +msgid "Original Srv" +msgstr "" + +#: src/gui/RuleSetView.cpp:3318 +msgid "Translated Src" +msgstr "" + +#: src/gui/RuleSetView.cpp:3321 +msgid "Translated Dst" +msgstr "" + +#: src/gui/RuleSetView.cpp:3324 +msgid "Translated Srv" +msgstr "" + +#: src/gui/RuleSetView.cpp:3390 +msgid "Gateway" +msgstr "" + +#: src/gui/RuleSetView.cpp:3396 +msgid "Metric" +msgstr "" + +#: src/gui/SSHPIX.cpp:127 src/gui/SSHUnx.cpp:92 +msgid "" +"\n" +"*** Fatal error :" +msgstr "" + +#: src/gui/SSHPIX.cpp:155 src/gui/SSHUnx.cpp:125 +msgid "Logged in" +msgstr "" + +#: src/gui/SSHPIX.cpp:156 +msgid "Switching to enable mode..." +msgstr "" + +#: src/gui/SSHPIX.cpp:177 src/gui/SSHUnx.cpp:149 +msgid "New RSA key" +msgstr "" + +#: src/gui/SSHPIX.cpp:178 src/gui/SSHUnx.cpp:150 +msgid "Yes" +msgstr "" + +#: src/gui/SSHPIX.cpp:178 src/gui/SSHUnx.cpp:150 +msgid "No" +msgstr "" + +#: src/gui/SSHPIX.cpp:223 +msgid "In enable mode." +msgstr "" + +#: src/gui/SSHPIX.cpp:311 src/gui/SSHPIX.cpp:729 +msgid "Pushing firewall configuration" +msgstr "" + +#: src/gui/SSHPIX.cpp:348 +#, fuzzy, qt-format +msgid "Rule %1" +msgstr ":" + +#: src/gui/SSHPIX.cpp:373 +msgid "End" +msgstr "" + +#: src/gui/SSHPIX.cpp:421 +msgid "Save configuration" +msgstr "" + +#: src/gui/SSHPIX.cpp:437 +msgid "Save configuration to standby unit" +msgstr "" + +#: src/gui/SSHPIX.cpp:442 src/gui/SSHPIX.cpp:452 +msgid "Exiting" +msgstr "" + +#: src/gui/SSHPIX.cpp:478 +msgid "Making backup copy of the firewall configuration" +msgstr "" + +#: src/gui/SSHPIX.cpp:542 +msgid "*** Clearing unused access lists" +msgstr "" + +#: src/gui/SSHPIX.cpp:607 +msgid "*** Clearing unused object groups" +msgstr "" + +#: src/gui/SSHPIX.cpp:627 +msgid "*** End " +msgstr "" + +#: src/gui/SSHPIX.cpp:638 +msgid "Reading current firewall configuration" +msgstr "" + +#: src/gui/SSHPIX.cpp:663 +msgid "Generating configuration diff" +msgstr "" + +#: src/gui/SSHPIX.cpp:678 +#, fuzzy, qt-format +msgid "Fork failed for %1" +msgstr " %1 DNS" + +#: src/gui/SSHPIX.cpp:684 +msgid "Not enough memory." +msgstr "" + +#: src/gui/SSHPIX.cpp:689 +msgid "Too many opened file descriptors in the system." +msgstr "" + +#: src/gui/SSHPIX.cpp:715 +msgid "Empty configuration diff" +msgstr "" + +#: src/gui/SSHSession.cpp:84 +#, qt-format +msgid "" +"You are connecting to the firewall '%1' for the first time. It has " +"provided you its identification in a form of its host public key. The " +"fingerprint of the host public key is: \"%2\" You can save the host key to " +"the local database by pressing YES, or you can cancel connection by pressing " +"NO. You should press YES only if you are sure you are really connected to " +"the firewall '%3'." +msgstr "" + +#: src/gui/SSHSession.cpp:157 +msgid "Failed to start ssh" +msgstr "" + +#: src/gui/SSHSession.cpp:453 +msgid "ERROR" +msgstr "" + +#: src/gui/SSHSession.cpp:453 src/gui/.ui/filepropdialog_q.cpp:122 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1802 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:309 +#: src/gui/.ui/simpleinteditor_q.cpp:87 src/gui/.ui/simpletexteditor_q.cpp:89 +msgid "OK" +msgstr "" + +#: src/gui/SSHSession.cpp:455 +#, qt-format +msgid "SSH session terminated, exit status: %1" +msgstr "" + +#: src/gui/SSHUnx.cpp:211 +msgid "Done" +msgstr "" + +#: src/gui/SSHUnx.cpp:223 +msgid "Error in SSH" +msgstr "" + +#: src/gui/StartWizard.cpp:106 +#, qt-format +msgid "File %1 is read-only, you can not save changes to it." +msgstr "Файл %1 защищен от запиÑи, Ð’Ñ‹ не Ñможете Ñохранить изменениÑ." + +#: src/gui/StartWizard.cpp:171 +#, fuzzy, qt-format +msgid "" +"Error opening file:\n" +"%1" +msgstr "" +"Ошибка Ð´Ð¾Ð±Ð°Ð²Ð»ÐµÐ½Ð¸Ñ Ñ„Ð°Ð¹Ð»Ð° в RCS\n" +"%1" + +#: src/gui/TimeDialog.cpp:67 src/gui/TimeDialog.cpp:68 +msgid "Date (M/D/Y):" +msgstr "" + +#: src/gui/TimeDialog.cpp:72 src/gui/TimeDialog.cpp:73 +msgid "Date (D/M/Y):" +msgstr "" + +#: src/gui/TimeDialog.cpp:77 src/gui/TimeDialog.cpp:78 +msgid "Date (Y/M/D):" +msgstr "" + +#: src/gui/TimeDialog.cpp:82 src/gui/TimeDialog.cpp:83 +msgid "Date (Y/D/M):" +msgstr "" + +#: src/gui/.ui/aboutdialog_q.cpp:136 src/gui/.ui/aboutdialog_q.cpp:137 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:104 +#: src/gui/.ui/FWBMainWindow_q.cpp:431 +msgid "Firewall Builder" +msgstr "" + +#: src/gui/.ui/aboutdialog_q.cpp:138 +msgid "Using libfwbuilder API v" +msgstr " libfwbuilder v" + +#: src/gui/.ui/aboutdialog_q.cpp:139 +msgid "Revision: " +msgstr "" + +#: src/gui/.ui/aboutdialog_q.cpp:140 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:187 +#: src/gui/.ui/ipfadvanceddialog_q.cpp:523 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:346 +#: src/gui/.ui/iptadvanceddialog_q.cpp:591 +#: src/gui/.ui/linksysadvanceddialog_q.cpp:189 +#: src/gui/.ui/linux24advanceddialog_q.cpp:366 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:165 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:173 +#: src/gui/.ui/pagesetupdialog_q.cpp:108 +#: src/gui/.ui/pfadvanceddialog_q.cpp:919 src/gui/.ui/prefsdialog_q.cpp:364 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:183 +msgid "&OK" +msgstr "" + +#: src/gui/.ui/aboutdialog_q.cpp:142 +msgid "Copyright 2002-2006 NetCitadel, LLC" +msgstr "" + +#: src/gui/.ui/aboutdialog_q.cpp:143 +msgid "" +"

    http://www." +"fwbuilder.org

    " +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:438 +msgid "Actions Dialog" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:439 +msgid "fw/rule num/action" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:440 +msgid "Tag string:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:441 +msgid "" +"If rule action is 'Reject', this option defines firewall's reaction to the " +"packet matching the rule" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:442 +msgid "This action has no parameters." +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:443 +msgid "Tag value:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:444 +msgid "Mark connections created by packets that match this rule" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:445 +msgid "Requires CONNMARK target" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:446 +msgid "Mark packets in PREROUTING chain" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:447 +msgid "" +"Rule name for accounting. (white spaces and special characters are not " +"allowed)" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:448 +msgid "Packet classification can be implemented in different ways:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:450 +msgid "use dummynet(4) 'pipe'" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:451 +msgid "use dummynet(4) 'queue'" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:452 +msgid "Pipe or queue number:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:453 +#, fuzzy +msgid "Custom string:" +msgstr " " + +#: src/gui/.ui/actionsdialog_q.cpp:454 +msgid "Classify string:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:455 +msgid "Divert socket port number:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:456 +msgid "User-defined chain name:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:457 +msgid "" +"In addition to 'filter', create branching rule in 'mangle' table as well" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:458 +msgid "Anchor name:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:463 src/gui/.ui/actionsdialog_q.cpp:470 +#, fuzzy +msgid "interface" +msgstr " " + +#: src/gui/.ui/actionsdialog_q.cpp:464 src/gui/.ui/actionsdialog_q.cpp:471 +msgid "next hop" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:465 +msgid "Fastroute" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:472 +msgid "Change inbound interface to" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:473 +msgid "Route through gateway" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:474 +msgid "Change outbound interface to" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:475 +#, fuzzy +msgid "Continue packet inspection" +msgstr " " + +#: src/gui/.ui/actionsdialog_q.cpp:476 +msgid "Make a copy" +msgstr "" + +#: src/gui/.ui/addressrangedialog_q.cpp:163 +#: src/gui/.ui/addressrangedialog_q.cpp:164 +msgid "Address Range" +msgstr " " + +#: src/gui/.ui/addressrangedialog_q.cpp:165 +#: src/gui/.ui/addresstabledialog_q.cpp:190 +#: src/gui/.ui/customservicedialog_q.cpp:180 +#: src/gui/.ui/dnsnamedialog_q.cpp:167 src/gui/.ui/firewalldialog_q.cpp:206 +#: src/gui/.ui/groupobjectdialog_q.cpp:189 src/gui/.ui/hostdialog_q.cpp:150 +#: src/gui/.ui/icmpservicedialog_q.cpp:170 +#: src/gui/.ui/interfacedialog_q.cpp:213 src/gui/.ui/ipservicedialog_q.cpp:211 +#: src/gui/.ui/ipv4dialog_q.cpp:167 src/gui/.ui/librarydialog_q.cpp:142 +#: src/gui/.ui/networkdialog_q.cpp:166 src/gui/.ui/physaddressdialog_q.cpp:155 +#: src/gui/.ui/tagservicedialog_q.cpp:145 +#: src/gui/.ui/tcpservicedialog_q.cpp:352 src/gui/.ui/timedialog_q.cpp:246 +#: src/gui/.ui/udpservicedialog_q.cpp:224 +msgid "Comment:" +msgstr ":" + +#: src/gui/.ui/addressrangedialog_q.cpp:166 +msgid "Range End:" +msgstr " :" + +#: src/gui/.ui/addressrangedialog_q.cpp:167 +msgid "Range Start:" +msgstr " :" + +#: src/gui/.ui/addressrangedialog_q.cpp:168 +#: src/gui/.ui/addresstabledialog_q.cpp:192 +#: src/gui/.ui/customservicedialog_q.cpp:181 +#: src/gui/.ui/dnsnamedialog_q.cpp:172 src/gui/.ui/firewalldialog_q.cpp:207 +#: src/gui/.ui/groupobjectdialog_q.cpp:194 src/gui/.ui/hostdialog_q.cpp:148 +#: src/gui/.ui/icmpservicedialog_q.cpp:171 +#: src/gui/.ui/interfacedialog_q.cpp:214 src/gui/.ui/ipservicedialog_q.cpp:220 +#: src/gui/.ui/ipv4dialog_q.cpp:168 src/gui/.ui/librarydialog_q.cpp:140 +#: src/gui/.ui/networkdialog_q.cpp:167 src/gui/.ui/newfirewalldialog_q.cpp:516 +#: src/gui/.ui/newhostdialog_q.cpp:392 src/gui/.ui/physaddressdialog_q.cpp:152 +#: src/gui/.ui/tagservicedialog_q.cpp:147 +#: src/gui/.ui/tcpservicedialog_q.cpp:375 src/gui/.ui/timedialog_q.cpp:247 +#: src/gui/.ui/udpservicedialog_q.cpp:232 +msgid "Name:" +msgstr ":" + +#: src/gui/.ui/addressrangedialog_q.cpp:169 +#: src/gui/.ui/addresstabledialog_q.cpp:191 +#: src/gui/.ui/customservicedialog_q.cpp:182 +#: src/gui/.ui/dnsnamedialog_q.cpp:171 src/gui/.ui/firewalldialog_q.cpp:208 +#: src/gui/.ui/groupobjectdialog_q.cpp:193 src/gui/.ui/hostdialog_q.cpp:149 +#: src/gui/.ui/icmpservicedialog_q.cpp:172 +#: src/gui/.ui/interfacedialog_q.cpp:216 src/gui/.ui/ipservicedialog_q.cpp:219 +#: src/gui/.ui/ipv4dialog_q.cpp:169 src/gui/.ui/networkdialog_q.cpp:168 +#: src/gui/.ui/newgroupdialog_q.cpp:98 src/gui/.ui/physaddressdialog_q.cpp:153 +#: src/gui/.ui/tagservicedialog_q.cpp:146 +#: src/gui/.ui/tcpservicedialog_q.cpp:376 src/gui/.ui/timedialog_q.cpp:248 +#: src/gui/.ui/udpservicedialog_q.cpp:231 +msgid "Library:" +msgstr ":" + +#: src/gui/.ui/addresstabledialog_q.cpp:188 +#: src/gui/.ui/addresstabledialog_q.cpp:189 +#, fuzzy +msgid "Address Table" +msgstr " " + +#: src/gui/.ui/addresstabledialog_q.cpp:194 +#: src/gui/.ui/dnsnamedialog_q.cpp:169 +#, fuzzy +msgid "Compile Time" +msgstr "&Файл" + +#: src/gui/.ui/addresstabledialog_q.cpp:195 +#: src/gui/.ui/dnsnamedialog_q.cpp:170 +msgid "Run Time" +msgstr "" + +#: src/gui/.ui/addresstabledialog_q.cpp:196 +#, fuzzy +msgid "File name:" +msgstr "Ð˜Ð¼Ñ Ñ„Ð°Ð¹Ð»Ð°: %1" + +#: src/gui/.ui/addresstabledialog_q.cpp:197 +#: src/gui/.ui/addresstabledialog_q.cpp:198 +msgid "Browse" +msgstr "" + +#: src/gui/.ui/addresstabledialog_q.cpp:199 +msgid "Preview" +msgstr "" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:87 +msgid "Enter New Position For The Rule" +msgstr "" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:88 +msgid "Enter new position for selected rules:" +msgstr "" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:89 +msgid "&Move" +msgstr "" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:90 +msgid "Alt+M" +msgstr "" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:92 src/gui/.ui/debugdialog_q.cpp:76 +#: src/gui/.ui/execdialog_q.cpp:95 src/gui/.ui/pagesetupdialog_q.cpp:111 +msgid "Alt+C" +msgstr "" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:109 src/gui/.ui/prefsdialog_q.cpp:401 +msgid "Orange" +msgstr "" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:111 src/gui/.ui/prefsdialog_q.cpp:408 +msgid "Green" +msgstr "" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:113 src/gui/.ui/prefsdialog_q.cpp:406 +msgid "Purple" +msgstr "" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:115 src/gui/.ui/prefsdialog_q.cpp:398 +msgid "Blue" +msgstr "" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:117 src/gui/.ui/prefsdialog_q.cpp:399 +msgid "Yellow" +msgstr "" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:119 src/gui/.ui/prefsdialog_q.cpp:409 +msgid "Gray" +msgstr "" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:121 src/gui/.ui/prefsdialog_q.cpp:397 +msgid "Red" +msgstr "" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:123 +msgid "No color" +msgstr "" + +#: src/gui/.ui/commenteditorpanel_q.cpp:96 +#, fuzzy +msgid "Comment Editor Panel" +msgstr " " + +#: src/gui/.ui/commenteditorpanel_q.cpp:97 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:156 +#: src/gui/.ui/routingruleoptionsdialog_q.cpp:120 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:665 +msgid "fw/rule num" +msgstr "" + +#: src/gui/.ui/commenteditorpanel_q.cpp:99 +#: src/gui/.ui/simpletexteditor_q.cpp:91 +msgid "Import from file ..." +msgstr "" + +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:66 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:109 +msgid "Parent" +msgstr "" + +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:67 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:110 +#: src/gui/.ui/findwhereusedwidget_q.cpp:63 +#: src/gui/.ui/findwhereusedwidget_q.cpp:117 +msgid "Details" +msgstr "" + +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:107 +msgid "" +"Groups and firewall policy rules shown in the list below reference objects " +"you are about to delete. If you delete objects, they will be removed from " +"these groups and rules." +msgstr "" + +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:111 +msgid "" +"Deleted objects are moved to the \"Deleted objects\" library. You can " +"recover them later by moving back to the user's library. However if you " +"delete an object already located in the \"Deleted objects\" library, it is " +"destroyed and can not be restored." +msgstr "" + +#: src/gui/.ui/customservicedialog_q.cpp:183 +msgid "" +"Custom service object has separate code string for each supported firewall " +"platform." +msgstr "" + +#: src/gui/.ui/customservicedialog_q.cpp:184 +#: src/gui/.ui/firewalldialog_q.cpp:209 +msgid "Platform:" +msgstr ":" + +#: src/gui/.ui/customservicedialog_q.cpp:185 +#: src/gui/.ui/tagservicedialog_q.cpp:148 +msgid "Code:" +msgstr ":" + +#: src/gui/.ui/debugdialog_q.cpp:74 +msgid "Debugging Info" +msgstr "" + +#: src/gui/.ui/debugdialog_q.cpp:75 src/gui/.ui/execdialog_q.cpp:94 +#: src/gui/.ui/FWBMainWindow_q.cpp:490 +msgid "&Close" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:691 src/gui/.ui/discoverydruid_q.cpp:894 +#, fuzzy +msgid "Interfaces" +msgstr " " + +#: src/gui/.ui/discoverydruid_q.cpp:693 src/gui/.ui/discoverydruid_q.cpp:895 +#: src/gui/.ui/filterdialog_q.cpp:90 src/gui/.ui/filterdialog_q.cpp:154 +msgid "Type" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:801 src/gui/.ui/FWBMainWindow_q.cpp:557 +#: src/gui/.ui/FWBMainWindow_q.cpp:558 +msgid "Discovery Druid" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:802 +msgid "" +"Choose discovery method used to collect information about network objects " +"from the list below and click 'Next' to continue." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:803 +msgid "Discovery method:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:804 +msgid "Read file in hosts format" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:805 src/gui/.ui/discoverydruid_q.cpp:817 +msgid "Import DNS zone" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:806 +msgid "Perform network discovery using SNMP" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:807 +msgid "Discovery Method" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:808 +msgid "Enter full path and file name below or click \"Browse\" to find it:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:809 +msgid "File in hosts format" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:810 +msgid "Browse ..." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:811 +msgid "Reading file in hosts format" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:812 +msgid "" +"This discovery method creates objects for all 'A' records found in DNS " +"domain. You will later have a chance to accept only those objects you wish " +"and ignore others.\n" +"Please enter the domain name below:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:814 +msgid "Domain name" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:815 +msgid "" +"Objects created using this method may have long or short names. long name " +"consists of the host name and full domain name (this is called Fully " +"Qualified Domain Name). Short name consists of only host name. Check in " +"the box below if you wish to use long name, then click next to continue:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:816 +msgid "Use long names" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:818 +msgid "" +"DNS zone information has to be transferred from the name server " +"authoritative for the domain. Pick the name server:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:819 src/gui/.ui/discoverydruid_q.cpp:826 +msgid "Name server" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:820 +msgid "choose name server from the list below" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:821 +msgid "server name or its IP address here if you wish to use different one:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:823 +msgid "DNS Query options" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:824 +msgid "Timeout (sec)" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:825 +msgid "Retries" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:827 +msgid "" +"This discovery method scans networks looking for hosts or gateways " +"responding to SNMP queries. It pulls host's ARP table and uses all the " +"entries found in it to create objects. Scan starts from the host called " +"\"seed\". Enter \"seed\" host name or address below:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:828 +msgid "'Seed' host" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:830 +msgid "Enter a valid host name or address." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:831 +msgid "" +"The scanner process can be confined to a certain network, so it won't " +"discover hosts on adjacent networks. If you leave these fields blank, " +"scanner will visit all networks it can find:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:832 +msgid "Confine scan to this network:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:833 src/gui/.ui/ipv4dialog_q.cpp:171 +#: src/gui/.ui/networkdialog_q.cpp:169 src/gui/.ui/newfirewalldialog_q.cpp:518 +#: src/gui/.ui/newhostdialog_q.cpp:406 +msgid "Netmask:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:834 src/gui/.ui/ipv4dialog_q.cpp:170 +#: src/gui/.ui/networkdialog_q.cpp:170 src/gui/.ui/newfirewalldialog_q.cpp:517 +#: src/gui/.ui/newhostdialog_q.cpp:394 +msgid "Address:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:836 +msgid "Network discovery using SNMP" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:837 +msgid "" +"The scanner process can repeat its algorithm recursively using each new host " +"it finds as a new \"seed\". This allows it to find as many objects on your " +"network as possible. On the other hand, it takes more time and may find some " +"objects you do not really need. You can turn recursive scanning on below:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:838 +msgid "Run network scan recursively" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:839 +msgid "" +"The scanner process can find nodes beyond the boundaries of your network by " +"following point-to-point links connecting it to the Internet or other parts " +"of WAN." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:840 +msgid "Follow point-to-point links" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:841 +msgid "" +"The scanner process can distinguish virtual IP addresses created on hosts as " +"static \"published\" ARP entries or as secondary addresses on interfaces." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:842 +msgid "Include virtual addresses" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:843 +msgid "" +"Analysis of ARP table yields IP addresses for hosts on your network. In " +"order to determine their names, scanner can run reverse name lookup queries " +"using your name servers (DNS):" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:844 +msgid "Run reverse name lookup DNS queries to determine host names" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:845 +msgid "Network scan options" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:846 +msgid "" +"Enter parameters for SNMP and DNS reverse lookup queries below. (If unsure, " +"just leave default values):" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:847 +msgid "SNMP query parameters:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:848 +#: src/gui/.ui/newfirewalldialog_q.cpp:497 src/gui/.ui/newhostdialog_q.cpp:386 +msgid "SNMP 'read' community string:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:849 src/gui/.ui/discoverydruid_q.cpp:853 +msgid "number of retries:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:850 +msgid "timeout (sec):" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:851 +msgid "public" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:852 +msgid "DNS parameters:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:854 +msgid "timeout (sec) :" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:855 +msgid "Number of threads:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:857 +msgid "SNMP and DNS reverse lookup queries parameters" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:859 +msgid "Process name" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:862 +msgid "Save scan log to file" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:863 +msgid "Process log:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:864 +msgid "Discovery is in progress" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:865 +msgid "" +"These are the networks found by the scanner process. Choose the ones you " +"wish to use from the list below, then click 'Next':" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:866 src/gui/.ui/discoverydruid_q.cpp:872 +#: src/gui/.ui/discoverydruid_q.cpp:877 src/gui/.ui/discoverydruid_q.cpp:882 +#: src/gui/.ui/discoverydruid_q.cpp:888 +msgid "Select All" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:867 src/gui/.ui/discoverydruid_q.cpp:878 +#: src/gui/.ui/discoverydruid_q.cpp:887 +#, fuzzy +msgid "Filter ..." +msgstr " " + +#: src/gui/.ui/discoverydruid_q.cpp:868 src/gui/.ui/discoverydruid_q.cpp:873 +#: src/gui/.ui/discoverydruid_q.cpp:879 src/gui/.ui/discoverydruid_q.cpp:883 +#: src/gui/.ui/discoverydruid_q.cpp:885 +msgid "Unselect All" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:869 src/gui/.ui/discoverydruid_q.cpp:876 +#: src/gui/.ui/discoverydruid_q.cpp:886 +msgid "Remove Filter" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:870 src/gui/.ui/discoverydruid_q.cpp:880 +msgid "->" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:871 src/gui/.ui/discoverydruid_q.cpp:881 +msgid "<-" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:874 +#, fuzzy +msgid "Networks" +msgstr ":" + +#: src/gui/.ui/discoverydruid_q.cpp:875 +msgid "Choose objects you wish to use, then click 'Next':" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:889 +msgid "Change type of selected objects:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:896 +msgid "" +"Here you can change type of the objects to be created for each address " +"discovered by the scanner. By default, an \"Address\" object is created for " +"the host with just one interface with single IP address and \"Host\" object " +"is created for the host with multiple interfaces, however you can change " +"their types on this page." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:897 +msgid "Adjust Object types" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:898 +msgid "Select target library" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:899 +#, fuzzy +msgid "Target library" +msgstr " " + +#: src/gui/.ui/discoverydruid_q.cpp:900 +msgid "Adding new objects to library ..." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:901 +#, fuzzy +msgid "Creatnig objects" +msgstr "Создать новый проект" + +#: src/gui/.ui/dnsnamedialog_q.cpp:165 src/gui/.ui/dnsnamedialog_q.cpp:166 +#, fuzzy +msgid "DNS Name" +msgstr ":" + +#: src/gui/.ui/dnsnamedialog_q.cpp:173 +msgid "DNS Record:" +msgstr "" + +#: src/gui/.ui/execdialog_q.cpp:91 +msgid "Executing external command" +msgstr "" + +#: src/gui/.ui/execdialog_q.cpp:92 src/gui/.ui/instdialog_q.cpp:284 +msgid "Save log to file" +msgstr "" + +#: src/gui/.ui/filepropdialog_q.cpp:110 +msgid "File Properties" +msgstr "" + +#: src/gui/.ui/filepropdialog_q.cpp:111 +msgid "Location:" +msgstr "" + +#: src/gui/.ui/filepropdialog_q.cpp:112 +msgid "RO" +msgstr "" + +#: src/gui/.ui/filepropdialog_q.cpp:113 +msgid "Revision Control:" +msgstr "" + +#: src/gui/.ui/filepropdialog_q.cpp:114 +msgid "Time of last modification:" +msgstr "" + +#: src/gui/.ui/filepropdialog_q.cpp:115 +#, fuzzy +msgid "Revision:" +msgstr ":" + +#: src/gui/.ui/filepropdialog_q.cpp:116 +msgid "Locked by user:" +msgstr "" + +#: src/gui/.ui/filepropdialog_q.cpp:117 +msgid "location" +msgstr "" + +#: src/gui/.ui/filepropdialog_q.cpp:118 +msgid "lastModified" +msgstr "" + +#: src/gui/.ui/filepropdialog_q.cpp:119 +msgid "rev" +msgstr "" + +#: src/gui/.ui/filepropdialog_q.cpp:120 +msgid "lockedBy" +msgstr "" + +#: src/gui/.ui/filepropdialog_q.cpp:121 +msgid "Revision history:" +msgstr "" + +#: src/gui/.ui/filepropdialog_q.cpp:123 src/gui/.ui/FWBMainWindow_q.cpp:450 +msgid "Print" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:88 src/gui/.ui/filterdialog_q.cpp:153 +msgid "Target" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:92 src/gui/.ui/filterdialog_q.cpp:155 +msgid "Pattern" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:140 +#, fuzzy +msgid "Filter" +msgstr "&Файл" + +#: src/gui/.ui/filterdialog_q.cpp:141 src/gui/.ui/FWBMainWindow_q.cpp:444 +#: src/gui/.ui/FWBMainWindow_q.cpp:487 src/gui/.ui/FWBMainWindow_q.cpp:488 +msgid "Save" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:142 src/gui/.ui/prefsdialog_q.cpp:212 +#: src/gui/.ui/prefsdialog_q.cpp:392 +msgid "Load" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:143 src/gui/.ui/instoptionsdialog_q.cpp:295 +#: src/gui/.ui/libexport_q.cpp:112 +msgid "Ok" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:145 +msgid "Match" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:147 +msgid "all" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:148 src/gui/.ui/icmpservicedialog_q.cpp:174 +#: src/gui/.ui/icmpservicedialog_q.cpp:176 +msgid "any" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:149 +msgid "of the following:" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:151 +msgid "+" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:152 +msgid "Add a new pattern" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:156 +msgid "Case sensitive" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:157 +msgid "-" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:158 +msgid "Remove a pattern" +msgstr "" + +#: src/gui/.ui/finddialog_q.cpp:127 src/gui/.ui/FWBMainWindow_q.cpp:505 +msgid "Find Object" +msgstr " " + +#: src/gui/.ui/finddialog_q.cpp:128 +msgid "Text to be found in object names:" +msgstr "" + +#: src/gui/.ui/finddialog_q.cpp:129 +msgid "Search in policy rules" +msgstr " " + +#: src/gui/.ui/finddialog_q.cpp:130 +msgid "Search in the tree" +msgstr " " + +#: src/gui/.ui/finddialog_q.cpp:132 +msgid "Matching attribute:" +msgstr "" + +#: src/gui/.ui/finddialog_q.cpp:135 src/gui/.ui/findobjectwidget_q.cpp:177 +msgid "TCP/UDP port" +msgstr "" + +#: src/gui/.ui/finddialog_q.cpp:136 src/gui/.ui/findobjectwidget_q.cpp:178 +msgid "Protocol number" +msgstr "" + +#: src/gui/.ui/finddialog_q.cpp:137 src/gui/.ui/findobjectwidget_q.cpp:179 +msgid "ICMP type" +msgstr "" + +#: src/gui/.ui/finddialog_q.cpp:138 +msgid "Search for substring using regular expressions" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:172 +#: src/gui/.ui/findwhereusedwidget_q.cpp:113 +#: src/gui/.ui/fwobjectdroparea_q.cpp:50 +#: src/gui/.ui/tagservicedialog_q.cpp:143 +msgid "Form1" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:173 +#, fuzzy +msgid " Find object" +msgstr " " + +#: src/gui/.ui/findobjectwidget_q.cpp:180 +msgid " Replace object " +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:181 +msgid "Replace && Find" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:183 +#, fuzzy +msgid "Next" +msgstr " " + +#: src/gui/.ui/findobjectwidget_q.cpp:184 +msgid "Replace all" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:185 +msgid "Replace" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:186 +msgid "Scope for search and replace :" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:188 +#, fuzzy +msgid "Tree only" +msgstr " (только Ð´Ð»Ñ Ñ‡Ñ‚ÐµÐ½Ð¸Ñ)" + +#: src/gui/.ui/findobjectwidget_q.cpp:189 +msgid "Tree and policy of all firewalls" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:190 +msgid "Policy of all firewalls" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:191 +msgid "policy of the opened firewall" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:192 +#: src/gui/.ui/findwhereusedwidget_q.cpp:119 +#: src/gui/.ui/FWBMainWindow_q.cpp:438 src/gui/.ui/FWBMainWindow_q.cpp:489 +#: src/gui/.ui/simpletextview_q.cpp:94 +msgid "Close" +msgstr "" + +#: src/gui/.ui/findwhereusedwidget_q.cpp:62 +#: src/gui/.ui/findwhereusedwidget_q.cpp:116 +#, fuzzy +msgid "Parent Object" +msgstr " " + +#: src/gui/.ui/findwhereusedwidget_q.cpp:114 +#, fuzzy +msgid "Object:" +msgstr " " + +#: src/gui/.ui/findwhereusedwidget_q.cpp:115 +msgid "Object is found in :" +msgstr "" + +#: src/gui/.ui/firewalldialog_q.cpp:202 +msgid "Host OS Settings ..." +msgstr "" + +#: src/gui/.ui/firewalldialog_q.cpp:203 +#, fuzzy +msgid "Inactive firewall" +msgstr " " + +#: src/gui/.ui/firewalldialog_q.cpp:204 +msgid "Skip this firewall for batch compile and install operations" +msgstr "" + +#: src/gui/.ui/firewalldialog_q.cpp:205 +msgid "Firewall Settings ..." +msgstr "" + +#: src/gui/.ui/firewalldialog_q.cpp:210 +msgid "Version:" +msgstr ":" + +#: src/gui/.ui/firewalldialog_q.cpp:211 +msgid "Host OS:" +msgstr "" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:186 +msgid "FreeBSD: advanced settings" +msgstr "" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:191 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:183 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:177 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:211 +msgid "Forward source routed packets" +msgstr "" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:192 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:169 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:197 +msgid "Generate ICMP redirects" +msgstr "" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:193 +#: src/gui/.ui/linux24advanceddialog_q.cpp:406 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:170 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:187 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:202 +msgid "Packet forwarding" +msgstr "" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:207 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:187 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:201 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:215 +msgid "" +"Specify directory path and a file name for the following utilities on the OS " +"your firewall machine is running. Leave these empty if you want to use " +"default values." +msgstr "" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:208 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:214 +msgid "ipnat:" +msgstr "" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:209 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:186 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:200 +msgid "sysctl:" +msgstr "" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:210 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:213 +msgid "ipf:" +msgstr "" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:211 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:185 +msgid "ipfw:" +msgstr "" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:212 +#: src/gui/.ui/linksysadvanceddialog_q.cpp:199 +#: src/gui/.ui/linux24advanceddialog_q.cpp:457 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:188 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:202 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:216 +msgid "Path" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:433 +msgid "" +"Click here to change amount of information shown about object selected in " +"the tree" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:434 +#, fuzzy +msgid "Firewall Name" +msgstr " " + +#: src/gui/.ui/FWBMainWindow_q.cpp:435 src/gui/.ui/instdialog_q.cpp:278 +msgid "Firewalls:" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:436 +msgid "Tab 1" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:437 +msgid "Apply" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:439 +msgid "New Object File" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:440 +msgid "&New Object File" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:442 +msgid "&Open..." +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:443 +msgid "Ctrl+O" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:446 +msgid "Ctrl+S" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:447 +msgid "Save As" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:448 +msgid "Save &As..." +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:451 +msgid "&Print..." +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:452 +msgid "Ctrl+P" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:453 +msgid "Exit" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:454 +msgid "E&xit" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:456 +msgid "Undo" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:457 +msgid "&Undo" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:458 +msgid "Ctrl+Z" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:459 +msgid "Redo" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:460 +msgid "&Redo" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:461 +msgid "Ctrl+Y" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:463 +msgid "&Cut" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:464 +msgid "Ctrl+X" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:466 +msgid "C&opy" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:467 +msgid "Ctrl+C" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:469 +msgid "&Paste" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:470 +msgid "Ctrl+V" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:473 src/gui/.ui/FWBMainWindow_q.cpp:509 +msgid "Ctrl+F" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:474 +msgid "Contents" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:475 +msgid "&Contents..." +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:477 +msgid "Index" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:478 +msgid "&Index..." +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:480 +msgid "About" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:481 +msgid "&About" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:483 src/gui/.ui/FWBMainWindow_q.cpp:484 +msgid "New" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:493 +msgid "Compile rules" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:496 +msgid "Install firewall policy" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:497 src/gui/.ui/FWBMainWindow_q.cpp:498 +#: src/gui/.ui/objectmanipulator_q.cpp:111 +msgid "Back" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:499 src/gui/.ui/FWBMainWindow_q.cpp:500 +msgid "Move back to the previous object" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:501 +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:153 +#: src/gui/.ui/objectmanipulator_q.cpp:114 +msgid "New Object" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:502 +msgid "&New Object" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:503 src/gui/.ui/objectmanipulator_q.cpp:115 +msgid "Create New Object" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:504 +msgid "Ctrl+N" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:506 +msgid "&Find Object" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:507 src/gui/.ui/FWBMainWindow_q.cpp:508 +msgid "Find object in the tree" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:510 +msgid "Preferences..." +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:511 +msgid "P&references..." +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:512 +msgid "Edit Preferences" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:515 src/gui/.ui/FWBMainWindow_q.cpp:516 +msgid "Move Rule Up" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:517 src/gui/.ui/FWBMainWindow_q.cpp:518 +msgid "Move Rule Down" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:523 +msgid "Ctrl+Del" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:532 +#, fuzzy +msgid "Add File to RCS" +msgstr "" +"Ошибка Ð´Ð¾Ð±Ð°Ð²Ð»ÐµÐ½Ð¸Ñ Ñ„Ð°Ð¹Ð»Ð° в RCS\n" +"%1" + +#: src/gui/.ui/FWBMainWindow_q.cpp:533 +#, fuzzy +msgid "Add File to &RCS" +msgstr "" +"Ошибка Ð´Ð¾Ð±Ð°Ð²Ð»ÐµÐ½Ð¸Ñ Ñ„Ð°Ð¹Ð»Ð° в RCS\n" +"%1" + +#: src/gui/.ui/FWBMainWindow_q.cpp:536 +msgid "Export Library To a File" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:537 +#, fuzzy +msgid "&Export Library" +msgstr " " + +#: src/gui/.ui/FWBMainWindow_q.cpp:538 +msgid "Import Library From a File" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:539 +#, fuzzy +msgid "&Import Library" +msgstr " " + +#: src/gui/.ui/FWBMainWindow_q.cpp:540 +msgid "Debug" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:541 +msgid "&Debug" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:542 src/gui/.ui/FWBMainWindow_q.cpp:543 +msgid "&Properties" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:544 +msgid "Show File Properties" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:545 src/gui/.ui/FWBMainWindow_q.cpp:546 +msgid "Move Selected Rules" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:547 +#, fuzzy +msgid "Discard" +msgstr "&Отмена" + +#: src/gui/.ui/FWBMainWindow_q.cpp:549 +msgid "" +"Discard Changes and Overwrite With Clean Copy Of The Head Revision From RCS" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:550 +#, fuzzy +msgid "Commit" +msgstr ":" + +#: src/gui/.ui/FWBMainWindow_q.cpp:551 +#, fuzzy +msgid "C&ommit" +msgstr ":" + +#: src/gui/.ui/FWBMainWindow_q.cpp:552 +#, fuzzy +msgid "Commit Opened File to RCS and Continue Editing" +msgstr " " + +#: src/gui/.ui/FWBMainWindow_q.cpp:559 src/gui/.ui/FWBMainWindow_q.cpp:560 +msgid "new item" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:561 +msgid "Toolbar" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:563 +msgid "&File" +msgstr "&Файл" + +#: src/gui/.ui/FWBMainWindow_q.cpp:569 +msgid "Rules" +msgstr "Правила" + +#: src/gui/.ui/FWBMainWindow_q.cpp:571 +msgid "Tools" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:573 +msgid "&Help" +msgstr "&Помощь" + +#: src/gui/.ui/groupobjectdialog_q.cpp:191 +msgid "I" +msgstr "" + +#: src/gui/.ui/groupobjectdialog_q.cpp:192 +msgid "L" +msgstr "" + +#: src/gui/.ui/hostdialog_q.cpp:147 +msgid "MAC matching" +msgstr "" + +#: src/gui/.ui/icmpservicedialog_q.cpp:168 +#: src/gui/.ui/pfadvanceddialog_q.cpp:983 +msgid "ICMP" +msgstr "" + +#: src/gui/.ui/icmpservicedialog_q.cpp:173 +msgid "ICMP Type:" +msgstr "" + +#: src/gui/.ui/icmpservicedialog_q.cpp:175 +msgid "ICMP Code:" +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:84 src/gui/.ui/instdialog_q.cpp:267 +#: src/gui/.ui/librarydialog_q.cpp:137 src/gui/.ui/librarydialog_q.cpp:138 +msgid "Library" +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:86 src/gui/.ui/instdialog_q.cpp:268 +msgid "Last Modified" +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:88 src/gui/.ui/instdialog_q.cpp:269 +#, fuzzy +msgid "Last Compiled" +msgstr "&Файл" + +#: src/gui/.ui/instdialog_q.cpp:90 src/gui/.ui/instdialog_q.cpp:270 +msgid "Last Installed" +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:132 src/gui/.ui/instdialog_q.cpp:277 +msgid "Progress" +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:221 src/gui/.ui/instdialog_q.cpp:287 +#, fuzzy +msgid "Compile status" +msgstr "&Файл" + +#: src/gui/.ui/instdialog_q.cpp:222 src/gui/.ui/instdialog_q.cpp:288 +msgid "Install status" +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:260 +msgid "Firewall Builder: Policy Installer" +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:261 +msgid "" +"

    Select firewalls to compile and " +"install.

    " +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:262 +msgid "Perform batch install" +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:263 +msgid "" +"Check this option if you want to install all selected firewalls " +"automatically. This only works if you use the same user name and password to " +"authenticate to all these firewalls. " +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:272 +msgid "None" +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:279 +#, fuzzy +msgid "firewall" +msgstr " " + +#: src/gui/.ui/instdialog_q.cpp:280 +msgid "Progress:" +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:282 +msgid "Show Details" +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:283 +msgid "Process log" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:271 +msgid "Install options" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:272 +#, qt-format +msgid "" +"

    Install options for firewall '%1'

    " +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:273 +msgid "Enter authentication information below and click 'Next'" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:274 +msgid "Password or passphrase:" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:275 +msgid "User name:" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:276 +msgid "Options for PIX and fwsm firewalls :" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:277 +msgid "Write configuration to standby PIX" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:278 +msgid "Dry run (commands won't be executed on the firewall)" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:279 +msgid "Store configuration diff in a file" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:280 +msgid "" +"install only ACL, 'icmp', 'telnet', 'ssh', 'nat', 'global' and 'static' " +"commands" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:281 +msgid "" +"Calculate difference between current firewall state and generated " +"configuration and install only those commands that update state of the " +"firewall" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:282 +msgid "Enable password:" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:283 +msgid "Make a backup copy of the firewall configuration in this file:" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:284 +msgid "Alternative address to communicate with the firewall:" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:285 +msgid "Schedule reboot in " +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:286 +msgid "" +"Rebooting the firewall will restore its original policy. To cancel reboot, " +"install the policy with \"test run\" option turned off" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:287 +msgid "min" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:288 +msgid "" +"If you install the policy in the test mode, you can revert to the last " +"working configuration by rebooting the firewall" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:289 +msgid "" +"Test run: run the script on the firewall but do not store it permanently." +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:290 +msgid "" +"Quiet install: do not print anything as commands are executed on the firewall" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:291 +msgid "Verbose: print all commands as they are executed on the firewall" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:292 +msgid "Remove comments from configuration" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:293 +msgid "Compress script" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:294 +msgid "Store a copy of fwb file on the firewall" +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:215 +#: src/gui/.ui/newfirewalldialog_q.cpp:507 src/gui/.ui/newhostdialog_q.cpp:393 +msgid "Label:" +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:217 +msgid "Security level:" +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:218 src/gui/.ui/interfacedialog_q.cpp:221 +msgid "" +"

    Network zone consists of hosts and networks that can be reached through " +"this interface of the firewall. Subnet to which this interface is directly " +"attached must be part of its network zone. Other subnets reachable by means " +"of routing should alse be added to the network zone.\n" +"
    \n" +"If network zone for this interface consists of only one subnet, you can " +"simply choose that network's object in the pull-down below. If your network " +"zone should include multiple subnets, you need to create an Object Group, " +"then put all hosts and networks which are going to be part of the network " +"zone into that group and finally choose this group in the pull-down below." +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:224 +msgid "Network zone:" +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:225 +msgid "" +"

    Each interface of the firewall must have security level associated with " +"it.
    Security level can be any number between 0 and 100, 0 being least " +"secure and 100 being most secure levels. Interface with security level 0 " +"ususally serves Internet connection.

    " +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:226 +msgid "" +"

    Each interface of the firewall must have security level associated with " +"it.
    \n" +"Security level can be any number between 0 and 100, 0 being least secure and " +"100 being most secure levels. Interface with security level 0 ususally " +"serves Internet connection.

    " +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:229 +msgid "Management interface" +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:230 +msgid "" +"

    Check if this interface is used for management (SNMP queries, remote " +"policy install etc.)

    " +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:231 +msgid "This interface is external (insecure)" +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:232 +msgid "" +"

    One interface of the firewall must be marked as 'external'. This " +"interface should be connected to the least secure network, usually the " +"Internet.

    " +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:233 +msgid "" +"One interface of the firewall must be marked as 'external'. This interface " +"should be connected to the least secure network, usually the Internet." +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:234 +#: src/gui/.ui/newfirewalldialog_q.cpp:515 +msgid "Regular interface" +msgstr "" + +#: src/gui/.ui/interfacedialog_q.cpp:235 +msgid "Address is assigned dynamically" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:522 +msgid "ipf: advanced settings" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:527 +msgid "Use raudio proxy in NAT rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:528 +msgid "Use h323 proxy in NAT rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:529 +msgid "Use ipsec proxy in NAT rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:530 +msgid "Use ftp proxy in NAT rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:531 +msgid "Use rcmd proxy in NAT rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:532 +msgid "Use PPTP proxy in NAT rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:533 +msgid "Use IRC proxy in NAT rules for DCC" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:534 +msgid "" +"Some protocols involve multiple associated network connections. Firewall can " +"keep track of such connections automatically if you activate one or all of " +"the following options:" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:535 +msgid "Protocol Helpers" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:536 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:355 +#: src/gui/.ui/iptadvanceddialog_q.cpp:607 +#: src/gui/.ui/pfadvanceddialog_q.cpp:923 +msgid "Compiler:" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:537 +#: src/gui/.ui/pfadvanceddialog_q.cpp:940 +msgid "" +"There are two ways compiler can generate code for rules in the Global " +"Policy: it can either create two ipf rules to control both incoming and " +"outgoing packets for each rule, or it can create only one ipf rule for " +"incoming packets and permit all outgoing ones.You get more control over the " +"packets crossing the firewall in the first mode, but generated script is " +"going to be smaller if you choose the second." +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:538 +msgid "" +"Masquerade returned icmp as being from original\n" +"packet's destination" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:541 +#: src/gui/.ui/pfadvanceddialog_q.cpp:939 +msgid "Generate both 'in' and 'out' rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:542 +#: src/gui/.ui/pfadvanceddialog_q.cpp:938 +msgid "Pass all outgoing" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:543 +#: src/gui/.ui/iptadvanceddialog_q.cpp:603 +#: src/gui/.ui/pfadvanceddialog_q.cpp:930 +msgid "Accept TCP sessions opened prior to firewall restart" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:544 +msgid "Find and eliminate duplicate rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:545 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:350 +#: src/gui/.ui/pfadvanceddialog_q.cpp:932 +msgid "Detect rule shadowing in policy" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:546 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:351 +#: src/gui/.ui/pfadvanceddialog_q.cpp:933 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1817 +msgid "" +"Shadowing happens because a rule is a superset of a subsequent rule and any " +"packets potentially matched by the subsequent rule have already been matched " +"by the prior rule." +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:547 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:352 +#: src/gui/.ui/iptadvanceddialog_q.cpp:606 +#: src/gui/.ui/pfadvanceddialog_q.cpp:934 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1814 +msgid "Ignore empty groups in rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:548 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:353 +#: src/gui/.ui/pfadvanceddialog_q.cpp:935 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1815 +msgid "" +"If the option is deactivated, compiler treats empty groups as an error and " +"aborts processing the policy. If this option is activated, compiler removes " +"all empty groups from all rule elements. If rule element becomes 'any' after " +"the last empty group has been removed, the whole rule will be ignored. Use " +"this option only if you fully understand how it works!" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:549 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:357 +#: src/gui/.ui/iptadvanceddialog_q.cpp:596 +#: src/gui/.ui/pfadvanceddialog_q.cpp:925 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1825 +msgid "" +"Always permit ssh access from\n" +"the management workstation\n" +"with this address:" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:552 +#: src/gui/.ui/iptadvanceddialog_q.cpp:609 +msgid "Default action on 'Reject':" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:553 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:354 +#: src/gui/.ui/iptadvanceddialog_q.cpp:595 +#: src/gui/.ui/pfadvanceddialog_q.cpp:924 +msgid "Command line options for the compiler:" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:554 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:356 +#: src/gui/.ui/iptadvanceddialog_q.cpp:608 +#: src/gui/.ui/pfadvanceddialog_q.cpp:936 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1818 +msgid "" +"Output file name (if left blank, the file name is constructed of the " +"firewall object name and extension \".fw\")" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:555 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:360 +#: src/gui/.ui/iptadvanceddialog_q.cpp:613 +#: src/gui/.ui/pfadvanceddialog_q.cpp:944 +msgid "Compiler" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:556 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:361 +#: src/gui/.ui/iptadvanceddialog_q.cpp:614 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1008 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1848 +msgid "External install script" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:557 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:362 +#: src/gui/.ui/iptadvanceddialog_q.cpp:615 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1009 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1849 +msgid "" +"Policy install script (using built-in installer if this field is blank):" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:558 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:363 +#: src/gui/.ui/iptadvanceddialog_q.cpp:616 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1010 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1850 +msgid "Command line options for the script:" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:559 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:364 +#: src/gui/.ui/iptadvanceddialog_q.cpp:617 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1011 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1851 +msgid "Built-in installer" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:560 +msgid "Directory on the firewall where configuration files should be installed" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:561 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:369 +#: src/gui/.ui/iptadvanceddialog_q.cpp:622 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1016 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1854 +msgid "Additional command line parameters for ssh" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:562 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:368 +#: src/gui/.ui/iptadvanceddialog_q.cpp:621 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1015 +msgid "" +"A command that installer should execute on the firewall in order to activate " +"the policy (if this field is blank, installer runs firewall script in the " +"directory specified above; it uses sudo if user name is not 'root')" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:563 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:365 +#: src/gui/.ui/iptadvanceddialog_q.cpp:618 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1012 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1852 +msgid "" +"Alternative name or address used to communicate with the firewall (also " +"putty session name on Windows)" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:564 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:366 +#: src/gui/.ui/iptadvanceddialog_q.cpp:619 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1013 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1853 +msgid "" +"User name used to authenticate to the firewall (leave this empty if you use " +"putty session):" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:565 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:370 +#: src/gui/.ui/iptadvanceddialog_q.cpp:623 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1017 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1855 +msgid "Installer" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:568 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:377 +#: src/gui/.ui/iptadvanceddialog_q.cpp:630 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1024 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1858 +msgid "" +"The following commands will be added verbatim on top of generated " +"configuration" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:573 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:374 +#: src/gui/.ui/iptadvanceddialog_q.cpp:627 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1021 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1863 +msgid "" +"The following commands will be added verbatim after generated configuration" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:574 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:379 +#: src/gui/.ui/iptadvanceddialog_q.cpp:637 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1026 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1864 +msgid "Prolog/Epilog" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:575 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:720 +msgid "Log facility:" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:576 +#: src/gui/.ui/iptadvanceddialog_q.cpp:644 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:680 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:721 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:750 +msgid "Log level:" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:577 +msgid "Log packet body" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:578 +msgid "Block if can not log" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:579 +#: src/gui/.ui/iptadvanceddialog_q.cpp:653 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1029 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2051 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:682 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:722 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:727 +msgid "Logging" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:580 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:380 +#: src/gui/.ui/iptadvanceddialog_q.cpp:659 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1030 +msgid "Add virtual addresses for NAT" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:581 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:381 +#: src/gui/.ui/iptadvanceddialog_q.cpp:655 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1031 +msgid "Configure Interfaces of the firewall machine" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:582 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:382 +#: src/gui/.ui/iptadvanceddialog_q.cpp:656 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1032 +msgid "Turn debugging on in generated script" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:583 +msgid "Optimization" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:584 +msgid "" +"If this option is on, policy compiler adds virtual addresses to the " +"interfaces to make the firewall answer to ARP queries for addresses used in " +"NAT rules." +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:585 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:383 +#: src/gui/.ui/iptadvanceddialog_q.cpp:654 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1033 +msgid "These options enable auxiliary sections in the generated shell script." +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:586 +msgid "Determine addresses of dynamic interfaces at run time" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:587 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:384 +#: src/gui/.ui/iptadvanceddialog_q.cpp:662 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1034 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1847 +msgid "Script Options" +msgstr "" + +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:345 +msgid "ipfw: advanced settings" +msgstr "" + +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:367 +#: src/gui/.ui/iptadvanceddialog_q.cpp:620 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1014 +msgid "Directory on the firewall where script should be installed" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:209 +msgid "IP" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:213 +msgid "all fragments" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:214 +msgid "rr (record route)" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:215 +msgid "timestamp" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:216 +msgid "ssrr (strict source route)" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:217 +msgid "'short' fragments" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:218 +msgid "lsrr (loose source route)" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:221 +msgid "Protocol number:" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:222 +msgid "( 0 - any protocol )" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:590 +msgid "iptables: advanced settings" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:599 +msgid "Accept ESTABLISHED and RELATED packets before the first rule" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:600 +msgid "Bridging firewall" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:601 +msgid "Detect shadowing in policy rules" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:602 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1807 +msgid "Assume firewall is part of 'any'" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:604 +msgid "Clamp MSS to MTU" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:605 +msgid "Enable support for NAT of locally originated connections" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:610 +msgid "" +"Drop packets that are associated with\n" +"no known connection" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:612 +msgid "and log them" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:632 +msgid "Insert prolog script " +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:639 +msgid "use ULOG" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:640 +msgid "use LOG" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:641 +msgid "log TCP seq. numbers" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:642 +msgid "log IP options" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:643 +msgid "use numeric syslog levels" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:645 +msgid "log TCP options" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:646 +msgid "cprange" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:647 +msgid "queue threshold:" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:648 +msgid "netlink group:" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:649 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:679 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:726 +msgid "Log prefix:" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:650 +msgid "Logging limit:" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:651 +msgid "" +"Activate logging in all rules\n" +"(overrides rule options, use for debugging)" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:657 +msgid "Verify interfaces before loading firewall policy" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:658 +msgid "Load modules" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:660 +msgid "Use iptables-restore to activate policy" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:661 +msgid "iptables-restore replaces firewall policy in one atomic transaction" +msgstr "" + +#: src/gui/.ui/ipv4dialog_q.cpp:165 +msgid "IPv4" +msgstr "" + +#: src/gui/.ui/ipv4dialog_q.cpp:172 +msgid "DNS Lookup..." +msgstr "" + +#: src/gui/.ui/libexport_q.cpp:106 +msgid "Export" +msgstr "" + +#: src/gui/.ui/libexport_q.cpp:107 +msgid "" +"This will export a library to a file which can later be imported back into " +"Firewall Builder" +msgstr "" + +#: src/gui/.ui/libexport_q.cpp:109 +msgid "New Item" +msgstr "" + +#: src/gui/.ui/libexport_q.cpp:110 +msgid "Make exported libraries read-only" +msgstr "" + +#: src/gui/.ui/libexport_q.cpp:111 +msgid "Choose libraries to be exported:" +msgstr "" + +#: src/gui/.ui/librarydialog_q.cpp:139 +msgid "Color:" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:188 +msgid "Linksys/Sveasoft: advanced settings" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:193 +#: src/gui/.ui/linux24advanceddialog_q.cpp:450 +msgid "modprobe:" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:194 +#: src/gui/.ui/linux24advanceddialog_q.cpp:451 +msgid "logger:" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:195 +#: src/gui/.ui/linux24advanceddialog_q.cpp:452 +msgid "ip:" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:196 +#: src/gui/.ui/linux24advanceddialog_q.cpp:453 +msgid "lsmod" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:197 +#: src/gui/.ui/linux24advanceddialog_q.cpp:455 +msgid "iptables:" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:198 +#: src/gui/.ui/linux24advanceddialog_q.cpp:454 +msgid "" +"Specify directory path and a file name for each utility on your firewall " +"machine. Leave these empty if you want to use default values." +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:200 +msgid "" +"Policy installer relies on the shell prompt on the firewall to execute " +"commands. Installer tries both prompt string patterns configured here; it " +"assumes that the firewall is ready to accept a command if either prompt " +"matches. You should only need to change these string patterns if Sveasoft " +"changes the shell prompt in the future releases of the software.\n" +"
    \n" +"
    \n" +"The default strings work for Sveasoft Alchemy pre-5.1 and pre-5.2" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:204 +msgid "prompt 1" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:205 +msgid "prompt 2" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:206 +msgid "Use default prompts" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:207 +msgid "Prompts" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:365 +msgid "Linux 2.4: advanced settings" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:407 +msgid "Kernel anti-spoofing protection" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:408 +msgid "Ignore broadcast pings" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:409 +msgid "Ignore all pings" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:410 +msgid "Accept source route" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:411 +msgid "Accept ICMP redirects" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:412 +msgid "Ignore bogus ICMP errors" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:413 +msgid "Allow dynamic addresses" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:414 +msgid "Log martians" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:416 +msgid "" +"These parameters make sense for connections to or from the firewall host" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:441 +msgid "TCP sack" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:442 +msgid "TCP window scaling" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:443 +msgid "TCP ECN" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:444 +msgid "TCP SYN cookies" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:445 +msgid "TCP keepalive time (sec)" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:446 +msgid "TCP fack" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:447 +msgid "TCP timestamps" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:448 +msgid "TCP FIN timeout (sec)" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:449 +#: src/gui/.ui/pfadvanceddialog_q.cpp:963 +#: src/gui/.ui/tcpservicedialog_q.cpp:350 +msgid "TCP" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:456 +msgid "iptables-restore:" +msgstr "" + +#: src/gui/.ui/longtextdialog_q.cpp:95 +msgid "longTextDialog_q" +msgstr "" + +#: src/gui/.ui/longtextdialog_q.cpp:97 +msgid "this is the error text" +msgstr "" + +#: src/gui/.ui/macosxadvanceddialog_q.cpp:164 +msgid "MacOS X: advanced settings" +msgstr "" + +#: src/gui/.ui/metriceditorpanel_q.cpp:79 +msgid "textLabel2" +msgstr "" + +#: src/gui/.ui/natruleoptionsdialog_q.cpp:155 +msgid "NAT Rule Options" +msgstr "" + +#: src/gui/.ui/natruleoptionsdialog_q.cpp:157 +msgid "No options are available for this firewall platform" +msgstr "" + +#: src/gui/.ui/natruleoptionsdialog_q.cpp:158 +msgid "Pool type" +msgstr "" + +#: src/gui/.ui/natruleoptionsdialog_q.cpp:159 +msgid "default" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:171 +#: src/gui/.ui/newfirewalldialog_q.cpp:322 +#: src/gui/.ui/newfirewalldialog_q.cpp:502 +#: src/gui/.ui/newfirewalldialog_q.cpp:524 src/gui/.ui/newhostdialog_q.cpp:187 +#: src/gui/.ui/newhostdialog_q.cpp:398 +msgid "Label" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:173 +#: src/gui/.ui/newfirewalldialog_q.cpp:504 src/gui/.ui/newhostdialog_q.cpp:189 +#: src/gui/.ui/newhostdialog_q.cpp:400 +msgid "Netmask" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:174 +#: src/gui/.ui/newfirewalldialog_q.cpp:505 src/gui/.ui/newhostdialog_q.cpp:190 +#: src/gui/.ui/newhostdialog_q.cpp:401 +msgid "Dyn" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:175 +#: src/gui/.ui/newfirewalldialog_q.cpp:506 src/gui/.ui/newhostdialog_q.cpp:191 +#: src/gui/.ui/newhostdialog_q.cpp:402 +msgid "MAC" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:324 +#: src/gui/.ui/newfirewalldialog_q.cpp:526 +msgid "Security Level" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:487 src/gui/.ui/newhostdialog_q.cpp:378 +msgid "Enter the name of the new object below:" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:488 +msgid "Choose firewall software it is running:" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:489 +msgid "Choose OS the new firewall runs on:" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:490 +msgid "Use preconfigured template firewall objects" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:492 +msgid "" +"Next step is to add interfaces to the new firewall. There are two ways to do " +"it: using SNMP query or manually. Adding them using SNMP query is fast and " +"automatic, but is only possible if firewall runs SNMP agent and you know " +"SNMP community string 'read'." +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:494 src/gui/.ui/newhostdialog_q.cpp:383 +msgid "Configure interfaces manually" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:495 +msgid "Use SNMP to discover interfaces of the firewall" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:496 src/gui/.ui/newhostdialog_q.cpp:385 +msgid "Discover Interfaces using SNMP" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:499 +msgid "" +"Here you can add or edit interfaces manually. 'Name' corresponds to the name " +"of the physical interface, such as 'eth0', 'fxp0', 'ethernet0' etc. 'Label' " +"is used to mark interface to reflect network topology, e.g. 'outside' or " +"'inside'. Label is mandatory for PIX firewall." +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:500 src/gui/.ui/newhostdialog_q.cpp:391 +msgid "Click 'Next' when done." +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:509 src/gui/.ui/newhostdialog_q.cpp:408 +msgid "Update" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:510 src/gui/.ui/newhostdialog_q.cpp:407 +msgid "Add" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:519 src/gui/.ui/newhostdialog_q.cpp:403 +msgid "MAC:" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:521 +msgid "up" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:522 +msgid "down" +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:527 +msgid "Click 'Finish' when done." +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:528 +msgid "" +"In order to be able to build firewall policy properly, Firewall Builder " +"needs information about 'security level' of the firewall's interfaces. " +"Interface that connects it to the Internet is considered 'insecure' and has " +"security level '0', while interface connected to the internal network is " +"supposed to be 'secure' (security level '100'). You can arrange interfaces " +"in the order of their security level below." +msgstr "" + +#: src/gui/.ui/newfirewalldialog_q.cpp:530 src/gui/.ui/newhostdialog_q.cpp:411 +msgid "" +"Choose template object in the list and click 'Finish' when ready. Template " +"objects use generic interface names that will be iherited by the firewall " +"object you create. You may need to rename them later to reflect real names " +"of interfaces on your firewall machine." +msgstr "" + +#: src/gui/.ui/newgroupdialog_q.cpp:99 +#, fuzzy +msgid "Group Name:" +msgstr ":" + +#: src/gui/.ui/newgroupdialog_q.cpp:100 +msgid "This operation will create a new group and put selected objects in it" +msgstr "" + +#: src/gui/.ui/newgroupdialog_q.cpp:101 +msgid "Create a group" +msgstr "" + +#: src/gui/.ui/newhostdialog_q.cpp:379 +msgid "Use preconfigured template host objects" +msgstr "" + +#: src/gui/.ui/newhostdialog_q.cpp:381 +msgid "" +"Next step is to add interfaces to the new host. There are two ways to do it: " +"using SNMP query or manually. Adding them using SNMP query is fast and " +"automatic, but is only possible if the host runs SNMP agent and you know " +"SNMP community string 'read'." +msgstr "" + +#: src/gui/.ui/newhostdialog_q.cpp:384 +msgid "Use SNMP to discover interfaces of the host" +msgstr "" + +#: src/gui/.ui/newhostdialog_q.cpp:388 +msgid "" +"Here you can add or edit interfaces manually. 'Name' corresponds to the name " +"of the physical interface, such as 'eth0', 'fxp0', 'ethernet0' etc. 'Label' " +"is used to mark interface to reflect network topology, e.g. 'outside' or " +"'inside'." +msgstr "" + +#: src/gui/.ui/newhostdialog_q.cpp:396 +msgid "" +"This is unnumbered interface, that is, it does not have an IP address. You " +"can use this for interfaces that terminate PPPoE or other VPN tunnels" +msgstr "" + +#: src/gui/.ui/newhostdialog_q.cpp:405 +msgid "" +"Address of this interface is assigned dynamically using DHCP or PPP protocol" +msgstr "" + +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:146 +msgid "Conflict Resolution" +msgstr "" + +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:147 +msgid "" +"There is a conflict between an object in your tree and object in the file " +"you are trying to open. Choose which version of this object you want to use:" +msgstr "" + +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:148 +msgid "Current Object " +msgstr "" + +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:151 +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:156 +msgid "" +"Always choose this\n" +"object if there is a conflict" +msgstr "" + +#: src/gui/.ui/objectmanipulator_q.cpp:108 +msgid "Tree of Objects" +msgstr "" + +#: src/gui/.ui/objectmanipulator_q.cpp:112 +msgid "Go back to the previous object" +msgstr "" + +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:172 +msgid "OpenBSD: advanced settings" +msgstr "" + +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:178 +msgid "Enable directed broadcast" +msgstr "" + +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:199 +msgid "pfctl:" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:103 +msgid "Page Setup" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:104 +msgid "start each section on a new page" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:105 +msgid "print header on every page" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:106 +msgid "print legend" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:107 +msgid "print objects used in rules" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:109 +msgid "Alt+O" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:112 +msgid "Scale tables: " +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:114 +msgid "50%" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:115 +msgid "75%" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:116 +msgid "100%" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:117 +msgid "150%" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:118 +msgid "200%" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:918 +msgid "pf: advanced settings" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:928 +msgid "state table size: " +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:929 +msgid "reassembly pool: " +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:931 +msgid "Modulate state for all stateful rules (applies only to TCP services)" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:941 +msgid "maximum number of entries in the memory pool used for packet reassembly" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:942 +msgid "" +"maximum number of entries in the memory pool used for state table entries" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:943 +msgid "Optimization:" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:945 +msgid "Enforce Minimum TTL:" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:946 +msgid "Enforce Maximum MSS:" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:947 +msgid "Enforces a maximum Maximum Segment Size (MSS) in TCP packet headers." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:948 +msgid "Enforces a minimum Time To Live (TTL) in IP packet headers." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:949 +msgid "Reassemble fragments" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:950 +msgid "Clear DF bit" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:951 +msgid "Clears the don't fragment bit from the IP packet header." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:952 +msgid "Use random ID" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:953 +msgid "" +"Replaces the IP identification field of outgoing packets with random values " +"to compensate for operating systems that use predictable values." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:955 +msgid "Buffer and reassemble fragments (default)" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:956 +msgid "" +"Buffers incoming packet fragments and reassembles them into a complete " +"packet before passing them to the filter engine." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:957 +msgid "Drop duplicate fragments, do not buffer and reassemble" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:958 +msgid "" +"Causes duplicate fragments to be dropped and any overlaps to be cropped." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:959 +msgid "Drop duplicate and subsequent fragments" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:960 +msgid "" +"Similar to 'Drop duplicate fragments' except that all duplicate or " +"overlapping fragments will be dropped as well as any further corresponding " +"fragments." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:961 +msgid "Scrub rule options" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:962 +msgid "" +"When a packet matches a stateful connection, the seconds to live for the " +"connection will be updated to the value which corresponds to the connection " +"state." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:964 +#: src/gui/.ui/pfadvanceddialog_q.cpp:977 +#: src/gui/.ui/pfadvanceddialog_q.cpp:986 +#: src/gui/.ui/pfadvanceddialog_q.cpp:989 +msgid "first" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:965 +#: src/gui/.ui/pfadvanceddialog_q.cpp:978 +#: src/gui/.ui/pfadvanceddialog_q.cpp:984 +#: src/gui/.ui/pfadvanceddialog_q.cpp:990 +#: src/gui/.ui/pfadvanceddialog_q.cpp:993 +#: src/gui/.ui/pfadvanceddialog_q.cpp:994 +msgid "The state after the first packet." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:966 +msgid "opening" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:967 +msgid " The state before the destination host ever sends a packet." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:968 +msgid "established" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:969 +msgid "The fully established state." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:970 +msgid "The state after the first FIN has been sent." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:971 +msgid "closing" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:972 +msgid "" +"The state after both FINs have been exchanged and the connection is closed." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:973 +msgid "finwait" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:974 +msgid "The state after one endpoint sends an RST." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:975 +msgid "closed" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:976 +#: src/gui/.ui/udpservicedialog_q.cpp:222 +msgid "UDP" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:979 +#: src/gui/.ui/pfadvanceddialog_q.cpp:991 +msgid "single" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:980 +msgid "" +"The state if the source host sends more than one packet but the destination " +"host has never sent one back." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:981 +#: src/gui/.ui/pfadvanceddialog_q.cpp:992 +msgid "multiple" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:982 +msgid " The state if both hosts have sent packets." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:985 +msgid "The state after an ICMP error came back in response to an ICMP packet." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:988 +msgid "Other Protocols" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:995 +msgid "Fragments" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:996 +msgid "reassembly timeout" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:997 +msgid "state expiration timeout" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:998 +msgid "seconds between purges of expired states and packet fragments." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:999 +msgid "seconds before an unassembled fragment is expired." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1000 +msgid "Adaptive scaling" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1001 +msgid "" +"Timeout values can be reduced adaptively as the number of state table " +"entries grows (see man page pf.conf(5) for details)" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1002 +msgid "adaptive start" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1003 +msgid "" +"When the number of state entries exceeds this value, adaptive scaling begins." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1004 +msgid "adaptive end" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1005 +msgid "" +"When reaching this number of state entries, all timeout val- ues become " +"zero, effectively purging all state entries imme- diately." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1006 +msgid "Activate adaptive timeout scaling" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1007 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1885 +msgid "Timeouts" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1027 +msgid "Log Prefix" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1028 +msgid "Fallback \"deny all\" rule should log blocked packets" +msgstr "" + +#: src/gui/.ui/physaddressdialog_q.cpp:150 +msgid "physAddress" +msgstr "" + +#: src/gui/.ui/physaddressdialog_q.cpp:151 +#, fuzzy +msgid "MAC Address" +msgstr " MAC " + +#: src/gui/.ui/physaddressdialog_q.cpp:154 +msgid "Physical address (MAC):" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1801 +msgid "PIX Firewall Settings" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1804 +msgid "Policy Compiler Options" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1805 +msgid "Emulate outbound ACLs" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1806 +msgid "" +"Normally PIX does not support ouotbound ACL, however policy compiler can " +"emulate them if this option is turned on" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1808 +msgid "" +"Generate rules assuming the firewall is part of \"Any\". This makes a " +"difference in rules that use services 'ssh' and 'telnet' since PIX uses " +"special commands to control ssh and telnet access to the firewall machine" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1809 +msgid "" +"Replace NAT'ted objects with their \n" +"translations in policy rules" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1811 +msgid "" +"PIX inspects packets with ACLs before it does NAT, while many other " +"firewalls do NAT first and then apply ACLs. Policy compiler can emulate the " +"latter behaviour if this options is turned on." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1812 +msgid "Optimize 'default nat' rules" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1813 +msgid "" +"In nat rules where network zone object is used in OSrc, ODst and OSrv are " +"'any' and TSrc defines a global pool for the translation, replace object in " +"OSrc with 'any' to produce PIX command \"nat (interface) N 0.0.0.0 0.0.0.0\"" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1816 +msgid "Detect rule shadowing in the policy" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1819 +msgid "Verification of NAT rules" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1820 +msgid "Check for duplicate nat rules" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1821 +msgid "Check for overlapping global pools" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1822 +msgid "Check for overlapping statics" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1823 +msgid "" +"Check for overlapping global\n" +"pools and statics" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1828 +msgid "Compiler Options" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1830 +msgid "Comment the code" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1831 +msgid "Insert comments into generated PIX configuration file" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1832 +msgid "Use ACL remarks" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1833 +msgid "Use ACL remarks to relate ACL commands and policy rules in the GUI" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1834 +msgid "Group similar commands together" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1835 +msgid "" +"Group PIX commands in the script so that similar commands appear next to " +"each other, just like PIX does it when you use 'show config'" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1836 +msgid "Use manual ACL commit on FWSM" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1837 +msgid "Access lists (requires Firewall Builder for PIX 1.1.6 and later)" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1838 +msgid "" +"Clear all access lists then install new ones. This method may interrupt " +"access to the firewall if you manage it remotely via IPSEC tunnel. This is " +"the way access lists were generated in older versions of Firewall Builder " +"for PIX." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1839 +msgid "" +"Do not clear access lists and object group, just generate PIX commands for " +"the new ones. Use this optin if you have your own policy installation " +"scripts." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1840 +msgid "" +"\"Safety net\" method:\n" +"\n" +"First, create temporary access list to permit connections from the " +"management subnet specified below to the firewall and assign it to outside " +"interface. This temporary ACL helps maintain session between management " +"station and the firewall while access lists are reloaded in case connection " +"comes over IPSEC tunnel. Then clear permanent lists, recreate them and " +"assign to interfaces. This method ensures that remote access to the firewall " +"is maintained without interruption at a cost of slightly larger " +"configuration." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1843 +msgid "" +"Temporary access list should permit access from this address or subnet (use " +"prefix notation to specify subnet, e.g. 192.0.2.0/24):" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1865 +msgid "Set all to defaults.." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1866 +msgid "xlate" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1867 +msgid "conn" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1868 +msgid "udp" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1869 +msgid "rpc" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1870 +msgid "h323" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1871 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1995 +msgid "sip" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1872 +msgid "sip&media" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1873 +msgid "unauth" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1874 +msgid "telnet" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1875 +msgid "ssh" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1876 +msgid "ss" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1877 +msgid "mm" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1878 +msgid "hh" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1879 +msgid "half-closed" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1881 +msgid "Inactivity" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1882 +msgid "Absolute" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1886 +msgid "" +"Policy compiler generates 'fixup' commands for PIX v6.1-6.3 and FWSM v2.3. " +"For PIX 7.0 it generates 'class-map' and 'inspect' commands assigned to the " +"'policy-map' under either default or custom inspection classes." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1888 +msgid "Enable all protocols" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1889 +msgid "Disable all protocols" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1890 +msgid "Skip all protocols" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1891 +msgid "Display generated commands" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1893 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1902 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1908 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1916 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1925 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1933 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1941 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1947 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1955 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1963 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1970 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1977 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1984 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1992 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1999 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2007 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2015 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2023 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2030 +msgid "skip" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1894 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1903 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1909 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1917 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1926 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1934 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1942 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1948 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1956 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1964 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1971 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1978 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1985 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1993 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2000 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2008 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2016 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2024 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2031 +msgid "enable" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1895 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1904 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1910 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1918 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1927 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1935 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1943 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1949 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1957 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1965 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1972 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1979 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1986 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1994 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2001 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2009 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2017 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2025 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2032 +msgid "disable" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1896 +msgid "" +"Computer Telephony Interface Quick Buffer Encoding (CTIQBE) protocol " +"inspection module that supports NAT, PAT, and bi-directional NAT." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1897 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1913 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1922 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1931 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1939 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1952 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1968 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1975 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1982 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1989 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1997 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2005 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2012 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2020 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2028 +msgid "port:" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1898 +msgid "ctiqbe" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1899 +msgid "" +"Based on this maximum-length configured by the user, the DNS fixup checks to " +"see if the DNS packet length is within this limit. Every UDP DNS packet " +"(request/response) undergoes the above check." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1900 +msgid "max length:" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1905 +msgid "dns" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1906 +msgid "Enables PAT for Encapsulating Security Payload (ESP), single tunnel." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1911 +msgid "esp ike" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1914 +msgid "strict:" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1919 +msgid "" +"Activated support for FTP protocol and allows to change the ftp control " +"connection port number." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1921 +msgid "" +"Specifies to use H.225, the ITU standard that governs H.225.0 session " +"establishment and packetization, with H.323" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1923 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1930 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1938 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1953 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1990 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2004 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2013 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2021 +msgid "--" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1928 +msgid "h323 h225" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1929 +msgid "" +"Specifies to use RAS with H.323 to enable dissimilar communication devices " +"to communicate with each other." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1936 +msgid "h323 ras" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1937 +msgid "" +"The default port for HTTP is 80. Use the port option to change the HTTP " +"port, or specify a range of HTTP ports." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1944 +msgid "http" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1945 +msgid "" +"Enables NAT of ICMP error messages. This creates translations for " +"intermediate hops based on the static or network address translation " +"configuration on the firewall." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1950 +msgid "icmp error" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1951 +msgid "" +"Provides NAT support for Microsoft NetMeeting, SiteServer, and Active " +"Directory products that use LightWeight Directory Access Protocol (LDAP) to " +"exchange directory information with an for Internet Locator Service (ILS) " +"server." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1958 +msgid "ils" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1959 +msgid "Enables the Media Gateway Control Protocol (MGCP) fixup." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1960 +msgid "Gateway Port:" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1961 +msgid "Call Agent port:" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1966 +msgid "mgcp" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1967 +msgid "" +"Enables Point-to-Point Tunneling Protocol (PPTP) application inspection." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1973 +msgid "pptp" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1974 +msgid "Enables inspection of RSH protocol." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1980 +msgid "rsh" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1981 +msgid "" +"Lets PIX Firewall pass Real Time Streaming Protocol (RTSP) packets. RTSP is " +"used by RealAudio, RealNetworks, Apple QuickTime 4, RealPlayer, and Cisco IP/" +"TV connections." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1987 +msgid "rtsp" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1988 +msgid "" +"Enable or change the port assignment for the Session Initiation Protocol " +"(SIP) for Voice over IP TCP connections." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1996 +msgid "Enable SIP-over-UDP application inspection." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2002 +msgid "sip udp" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2003 +msgid "" +"Enable SCCP application inspection. SCCP protocol supports IP telephony and " +"can coexist in an H.323 environment. An application layer ensures that all " +"SCCP signaling and media packets can traverse the PIX Firewall and " +"interoperate with H.323 terminals." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2010 +msgid "skinny" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2011 +msgid "" +"Enables the Mail Guard feature, which only lets mail servers receive the RFC " +"821, section 4.5.1, commands of HELO, MAIL, RCPT, DATA, RSET, NOOP, and " +"QUIT. All other commands are translated into X's which are rejected by the " +"internal server." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2018 +msgid "smtp" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2019 +msgid "Enables support for SQL*Net protocol." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2026 +msgid "sqlnet" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2027 +msgid "Enable TFTP application inspection." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2033 +msgid "tftp" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2034 +msgid "Inspect" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2035 +msgid "Syslog" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2036 +msgid "Syslog host (name or IP address):" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2037 +msgid "syslog facility:" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2038 +msgid "syslog level ('logging trap'):" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2039 +msgid "Syslog message queue size (messages):" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2040 +msgid "Use 'EMBLEM' format for syslog messages" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2041 +msgid "" +"PIX Firewall Version 6.3 introduces support for EMBLEM format, which is " +"required when using the CiscoWorks Resource Manager Essentials (RME) syslog " +"analyzer." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2042 +msgid "Set device id for syslog messages (v6.3 and later):" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2043 +msgid "use address of interface" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2044 +msgid "use text string" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2045 +msgid "use hostname" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2046 +msgid "The logging timestamp command requires that the clock command be set." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2047 +msgid "Enable logging timestamps on syslog file" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2048 +msgid "Other logging destinations and levels:" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2049 +msgid "Internal buffer" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2050 +msgid "Console" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2052 +msgid "Actively reset inbound TCP connections with RST" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2054 +msgid "Actively reset inbound TCP connections with RST on outside interface" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2056 +msgid "Force each TCP connection to linger in a shortened TIME&WAIT" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2057 +msgid "Alt+W" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2058 +msgid "Enable the IP Frag Guard feature (deprecated in v6.3 and later)." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2059 +msgid "Enable TCP resource control for AAA Authentication Proxy" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2060 +msgid "" +"Specify that when an incoming packet does a route lookup,\n" +"the incoming interface is used to determine which interface\n" +"the packet should go to, and which is the next hop\n" +"(deprecated in v6.3 and later)." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2064 +msgid "Disable inbound embedded DNS A record fixups" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2065 +msgid "Disable outbound DNS A record replies" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2066 +msgid "maximum number of simultaneous TCP and UDP connections" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2067 +msgid "maximum number of embryonic connections per host" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2068 +msgid "" +"Specifies the maximum number of simultaneous TCP and UDP connections for the " +"entire subnet. The default is 0, which means unlimited connections. (Idle " +"connections are closed after the idle timeout specified by the timeout conn " +"command.)" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2069 +msgid "" +"Specifies the maximum number of embryonic connections per host. An embryonic " +"connection is a connection request that has not finished the necessary " +"handshake between source and destination. Set a small value for slower " +"systems, and a higher value for faster systems. The default is 0, which " +"means unlimited embryonic connections." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2070 +msgid "The following parameters are used for all NAT rules:" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2071 +msgid "" +"(The default for both parameters is 0, which means unlimited number of " +"connections.)" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2072 +msgid "PIX Options" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:275 +msgid "PIX Advanced Configuration Options" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:276 +msgid "Set PIX host name using object's name" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:277 +msgid "Generate commands to configure addresses for interfaces" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:278 src/gui/.ui/prefsdialog_q.cpp:381 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:669 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:719 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:725 +msgid "General" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:279 +msgid "NTP Servers:" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:282 +msgid "Server 1:" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:283 +msgid "Server 2:" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:284 +msgid "Server 3:" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:286 +msgid "Preffered:" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:287 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:301 +msgid "IP address:" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:288 +msgid "NTP" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:289 +msgid "Disable SNMP Agent" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:290 +msgid "Set SNMP communities using data from the firewall object dialog" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:291 +msgid "SNMP servers" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:293 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:297 +msgid "Poll" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:294 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:298 +msgid "Poll and Traps" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:295 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:299 +msgid "Traps" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:300 +msgid "Enable:" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:302 +msgid "SNMP Server 1:" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:303 +msgid "SNMP Server 2:" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:304 +msgid "Enable sending log messages as SNMP trap notifications" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:305 +msgid "SNMP" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:306 +msgid "Change TCP MSS to" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:307 +msgid "bytes" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:213 src/gui/.ui/prefsdialog_q.cpp:393 +msgid "File Path" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:363 +msgid "Preferences" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:368 +msgid "minutes" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:369 +msgid "Periodically save data to file every " +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:370 +msgid "Tooltip delay:" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:371 +msgid "Enable object tooltips" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:372 +msgid "Show deleted objects" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:373 +msgid "Automatically save data in dialogs when switching between objects" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:374 +msgid "On startup: " +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:376 +msgid "Load standard objects" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:377 +msgid "Load last edited file" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:378 +#, fuzzy +msgid "Expand all branches in the object tree" +msgstr " ." + +#: src/gui/.ui/prefsdialog_q.cpp:379 +msgid "Working directory:" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:380 src/gui/.ui/prefsdialog_q.cpp:385 +msgid "Browse..." +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:382 +msgid "Do not ask for the log record when checking in new file revision." +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:383 +msgid "Revision Control" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:384 +msgid "" +"A full path to the Secure Shell utility (remote command execution; for " +"example ssh on Unix or plink.exe or vsh.exe on Windows):" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:386 +msgid "SSH" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:387 +msgid "Add..." +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:388 +msgid "Remove" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:389 +msgid "" +"If you remove libraries from the list, changes get in effect next time you " +"start the program" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:390 +msgid "Available libraries:" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:394 +msgid "Libraries" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:395 +msgid "Use these labels to mark rules in the firewall policy" +msgstr "" + +#: src/gui/.ui/prefsdialog_q.cpp:410 +msgid "Labels" +msgstr "" + +#: src/gui/.ui/printingprogressdialog_q.cpp:73 +msgid "Printing" +msgstr "" + +#: src/gui/.ui/printingprogressdialog_q.cpp:75 +msgid "textLabel1" +msgstr "" + +#: src/gui/.ui/rcsfilepreview_q.cpp:49 src/gui/.ui/rcsfilepreview_q.cpp:123 +msgid "Revision" +msgstr "" + +#: src/gui/.ui/rcsfilepreview_q.cpp:52 src/gui/.ui/rcsfilepreview_q.cpp:124 +msgid "Date" +msgstr "" + +#: src/gui/.ui/rcsfilepreview_q.cpp:55 src/gui/.ui/rcsfilepreview_q.cpp:125 +msgid "Author" +msgstr "" + +#: src/gui/.ui/rcsfilepreview_q.cpp:58 src/gui/.ui/rcsfilepreview_q.cpp:126 +msgid "Locked by" +msgstr "" + +#: src/gui/.ui/rcsfilepreview_q.cpp:121 +msgid "RCSFilePreview" +msgstr "" + +#: src/gui/.ui/rcsfilepreview_q.cpp:122 +msgid "Open read-only" +msgstr "" + +#: src/gui/.ui/rcsfilepreview_q.cpp:127 +msgid "RCS log:" +msgstr "" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:100 +msgid "Log record for the new revision" +msgstr "" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:101 +msgid "Do not ask me anymore, always check files in with empty log" +msgstr "" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:102 +msgid "Check file &in" +msgstr "" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:103 +msgid "Alt+I" +msgstr "" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:106 +#, qt-format +msgid "Checking file %1 into RCS" +msgstr "" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:107 +msgid "Log record for this revision: " +msgstr "" + +#: src/gui/.ui/routingruleoptionsdialog_q.cpp:119 +msgid "Routing Rule Options" +msgstr "" + +#: src/gui/.ui/routingruleoptionsdialog_q.cpp:121 +msgid "If installation of this routing rule fails, just carry on" +msgstr "" + +#: src/gui/.ui/routingruleoptionsdialog_q.cpp:122 +msgid "No options available for routing rules of this firewall platform" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:664 +msgid "Rule Options for ipt" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:666 +msgid "" +"Assume firewall is part of 'any' (this setting only affects code generated " +"for this rule)" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:667 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:716 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:724 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:746 +msgid "Stateless rule" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:668 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:715 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:723 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:747 +msgid "" +"Normally policy compiler uses stateful inspection in each rule. Activating " +"next option makes this rule stateless." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:681 +msgid "Netlink group (if using ULOG): " +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:683 +msgid "Rate (rule matches if it hits this often or less):" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:684 +msgid "Module limit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:685 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:706 +msgid "Burst:" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:692 +msgid "limit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:693 +msgid "bit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:694 +msgid "per network with netmask of " +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:695 +msgid "Number of allowed connections per client host" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:696 +msgid "Module connlimit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:697 +msgid "connlimit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:698 +msgid "Module hashlimit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:705 +#, fuzzy +msgid "Rate:" +msgstr ":" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:708 +msgid "dstip" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:709 +msgid "srcip" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:710 +msgid "dstip,dstport" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:711 +msgid "srcip,srcport" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:712 +#, fuzzy +msgid "Mode:" +msgstr ":" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:713 +msgid "" +"On some older systems this module has name 'dstlimit'. Check here if you " +"need to use this name." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:714 +msgid "hashlimit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:717 +msgid "" +"Send ICMP 'unreachable' packet masquerading as being from the original " +"destination" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:718 +msgid "" +"Keep information on fragmented packets, to be applied to later fragments" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:728 +msgid "Activate source tracking" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:729 +msgid "" +"When this option is checked, the number of states per source IP is tracked " +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:730 +msgid "" +"Maximum number of source addresses which can simultaneously have state table " +"entries (max-src-nodes):" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:731 +msgid "" +"Maximum number of simultaneous state entries that a single source address " +"can create with this rule (max-src-states):" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:732 +msgid "Tracking" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:733 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:741 +msgid "overload table:" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:734 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:740 +msgid "flush" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:735 +msgid "" +"Maximum number of simultaneous TCP connections that a single host can make " +"(max-src-conn):" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:736 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:739 +msgid "global" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:737 +msgid "The limit of new connections over a time interval (max-src-conn-rate):" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:738 +msgid "/" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:742 +msgid "sec" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:743 +msgid "" +"When this limit is reached, further packets matching the rule that would " +"create state are dropped, until existing states time out." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:744 +msgid "" +"Maximum number of concurrent states this rule may create. Unlimited if set " +"to zero (option 'max')." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:745 +msgid "Limits" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:748 +msgid "These options are only valid for PIX running software v6.3 or later" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:749 +msgid "completely disable logging for this rule" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:751 +msgid "Logging interval:" +msgstr "" + +#: src/gui/.ui/simpletextview_q.cpp:92 +msgid "Text viewer" +msgstr "" + +#: src/gui/.ui/simpletextview_q.cpp:93 +msgid "Object Name" +msgstr "" + +#: src/gui/.ui/solarisadvanceddialog_q.cpp:182 +msgid "Solaris: advanced settings" +msgstr "" + +#: src/gui/.ui/solarisadvanceddialog_q.cpp:187 +msgid "Ignore ICMP redirects" +msgstr "" + +#: src/gui/.ui/solarisadvanceddialog_q.cpp:192 +msgid "Forward directed broadcasts" +msgstr "" + +#: src/gui/.ui/solarisadvanceddialog_q.cpp:193 +msgid "Respond to echo broadcast" +msgstr "" + +#: src/gui/.ui/tagservicedialog_q.cpp:144 +#, fuzzy +msgid "Tag Service" +msgstr " TCP " + +#: src/gui/.ui/tcpservicedialog_q.cpp:353 +msgid "TCP Flags" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:355 +msgid "A" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:360 +msgid "U" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:363 +msgid "Mask:" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:365 +msgid "Settings:" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:366 +msgid "S" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:368 +msgid "F" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:369 +msgid "P" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:370 +msgid "R" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:377 +#: src/gui/.ui/udpservicedialog_q.cpp:225 +msgid "Source Port Range" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:378 +#: src/gui/.ui/tcpservicedialog_q.cpp:381 +#: src/gui/.ui/udpservicedialog_q.cpp:226 +#: src/gui/.ui/udpservicedialog_q.cpp:229 +msgid "Start:" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:379 +#: src/gui/.ui/tcpservicedialog_q.cpp:382 +#: src/gui/.ui/udpservicedialog_q.cpp:227 +#: src/gui/.ui/udpservicedialog_q.cpp:230 +msgid "End:" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:380 +#: src/gui/.ui/udpservicedialog_q.cpp:228 +msgid "Destination Port Range" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:238 +msgid "Activate a rule on:" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:239 src/gui/.ui/timedialog_q.cpp:243 +msgid "Day of week (0-6):" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:240 src/gui/.ui/timedialog_q.cpp:244 +msgid "Date:" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:241 src/gui/.ui/timedialog_q.cpp:245 +msgid "Time:" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:242 +msgid "Deactivate a rule on:" +msgstr "" + +#: src/gui/utils.cpp:188 +msgid "" +"Impossible to apply changes because object is located in read-only\n" +"part of the tee or data file was opened read-only" +msgstr "" + +#: src/gui/utils.cpp:210 +#, qt-format +msgid "Object with name '%1' already exists, please choose different name." +msgstr "" + +#: src/gui/aboutdialog_q.ui.h:14 +msgid "Revision: %1 ( Build: %2 )" +msgstr "" + +#: src/gui/aboutdialog_q.ui.h:16 +#, fuzzy +msgid "Using Firewall Builder API %1" +msgstr " libfwbuilder v" + +#: src/gui/aboutdialog_q.ui.h:19 +msgid "Registered" +msgstr "" + +#: src/gui/aboutdialog_q.ui.h:20 +msgid "Unregistered" +msgstr "" + +#: src/gui/upgradePredicate.h:45 +msgid "" +"The data file you are trying to open has been\n" +"saved with an older version of Firewall Builder.\n" +"Opening it in this version will cause it to be\n" +"upgraded, which may prevent older versions of\n" +"the program from reading it. Backup copy of your\n" +"file in the old format will be made in the same\n" +"directory with extension '.bak'.\n" +"Are you sure you want to open it?" +msgstr "" + +#: src/gui/upgradePredicate.h:53 +msgid "&Upgrade" +msgstr "" + +#: src/gui/upgradePredicate.h:54 +msgid "&Do not load the file" +msgstr "" + +#, fuzzy +#~ msgid "Please choose a different name for the new file." +#~ msgstr "Выберите Ð¸Ð¼Ñ Ð¸ фолдер Ð´Ð»Ñ Ð½Ð¾Ð²Ð¾Ð³Ð¾ файла" + +#, fuzzy +#~ msgid "" +#~ "Some objects have been modified since\n" +#~ "you compiled the policy last time.\n" +#~ "Do you want to recompile it before you install ?" +#~ msgstr "" +#~ "Ðекоторые объекты были модифицированы\n" +#~ "но не Ñохранены. Хотите ли Ð’Ñ‹ Ñохранить Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ ?" + +#~ msgid "Apply Changes" +#~ msgstr " " + +#~ msgid "Welcome to Firewall Builder" +#~ msgstr "Добро пожаловать в Firewall Builder" + +#~ msgid "Do you want to open existing project file or create a new one?" +#~ msgstr "Хотите ли Ð’Ñ‹ открыть ÑущеÑтвующий проект или Ñоздать новый ?" + +#~ msgid "Open existing file" +#~ msgstr "Открыть ÑущеÑтвующий проект" + +#~ msgid "" +#~ "Activate Revision Control System for this file\n" +#~ "(if you do not do this now, you can always activate it later)" +#~ msgstr "" +#~ "Ðктивизировать ÑиÑтему ÐºÐ¾Ð½Ñ‚Ñ€Ð¾Ð»Ñ Ð²ÐµÑ€Ñий Ð´Ð»Ñ Ñтого файла\n" +#~ "(еÑли Ð’Ñ‹ не Ñделаете Ñто ÑейчаÑ, Ð’Ñ‹ вÑегда можете активизироват ее позже)" + +#~ msgid "" +#~ "Let the program automatically open this file when I start it next time\n" +#~ "(you can activate this option later using Preferences dialog)" +#~ msgstr "" +#~ "Программа должна автоматичеÑки открывать Ñтот файл при\n" +#~ "Ñтарте (Ñта Ñ„ÑƒÐ½ÐºÑ†Ð¸Ñ Ñ‚Ð°ÐºÐ¶Ðµ может быть активизирована в диалоге УÑтановки)" + +#~ msgid "Copy of %1" +#~ msgstr " %1" diff --git a/po/ru.qm b/po/ru.qm new file mode 100644 index 000000000..bab7cf023 Binary files /dev/null and b/po/ru.qm differ diff --git a/po/ru.ts b/po/ru.ts new file mode 100644 index 000000000..858fa234e --- /dev/null +++ b/po/ru.ts @@ -0,0 +1,13189 @@ + + + @default + + A + test + + + F + test + + + I + test + + + L + test + + + P + test + + + R + test + + + S + test + + + U + test + + + -- + test + + + IP + test + + + OK + test + + + No + test + + + On + test + + + RO + test + + + hh + test + + + mm + test + + + ss + test + + + up + test + + + &OK + test + + + Add + test + + + Del + test + + + Cut + test + + + Dyn + test + + + MAC + MAC + + + NAT + test + + + NTP + test + + + New + test + + + Off + test + + + SSH + test + + + TCP + test + + + Red + test + + + UDP + test + + + Yes + test + + + any + test + + + dns + test + + + ftp + test + + + ils + test + + + ip: + test + + + rev + test + + + rpc + test + + + rsh + test + + + sip + test + + + ssh + test + + + udp + test + + + Destination + test + + + &Cut + test + + + /day + test + + + Back + test + + + Blue + test + + + Copy + test + + + Date + test + + + Edit + test + + + End: + test + + + Exit + test + + + Find + test + + + ICMP + test + + + IPv4 + test + + + Gray + test + + + Host + test + + + MAC: + test + + + Load + test + + + Name + test + + + Open + test + + + Path + test + + + Poll + test + + + SNMP + test + + + Redo + test + + + Save + test + + + Stop + test + + + Time + test + + + Undo + test + + + conn + test + + + crit + test + + + Use ACL remarks + test + + + h323 + test + + + down + test + + + dump + test + + + http + test + + + info + test + + + ipf: + test + + + mgcp + test + + + pptp + test + + + rtsp + test + + + skip + test + + + smtp + test + + + tftp + test + + + Set device id for syslog messages (v6.3 and later): + test + + + Working directory %1 does not seem to exist. +Do you want to create it ? + test + + + all fragments + test + + + Here you can add or edit interfaces manually. 'Name' corresponds to the name of the physical interface, such as 'eth0', 'fxp0', 'ethernet0' etc. 'Label' is used to mark interface to reflect network topology, e.g. 'outside' or 'inside'. Label is mandatory for PIX firewall. + test + + + Click here to change amount of information shown about object selected in the tree + test + + + Ignore bogus ICMP errors + test + + + These options control algorithms used by the policy compiler to generate iptables commands. + test + + + Range Start: + : + + + &Edit + &Редактировать + + + &File + &Файл + + + Clear DF bit + test + + + &Help + &Помощь + + + &Move + test + + + &Redo + test + + + &Save + &Сохранить + + + &Undo + test + + + Custom service object has separate code string for each supported firewall platform. + test + + + /hour + test + + + File is read-only + test + + + Timeouts + test + + + *** Fatal error : + test + + + C&opy + test + + + About + test + + + E&xit + test + + + Alt+C + test + + + Alt+I + test + + + Alt+M + test + + + Alt+W + test + + + Close + test + + + Code: + : + + + Date: + test + + + Debug + test + + + Fixup + test + + + Green + test + + + Group + test + + + Index + test + + + Label + test + + + You are connecting to the firewall <b>'%1'</b> for the first time. It has provided you its identification in a form of its host public key. The fingerprint of the host public key is: "%2" You can save the host key to the local database by pressing YES, or you can cancel connection by pressing NO. You should press YES only if you are sure you are really connected to the firewall <b>'%3'</b>. + test + + + Mask: + test + + + Name: + : + + + Paste + test + + + Block if can not log + test + + + Print + test + + + Rules + Правила + + + Tab 1 + test + + + Install + test + + + Time: + test + + + Traps + test + + + Check for overlapping global pools + test + + + Accept ESTABLISHED and RELATED packets before the first rule + test + + + Move back to the previous object + test + + + alert + test + + + type: %1 + test + + + bytes + test + + + debug + test + + + error + test + + + Use preconfigured template firewall objects + test + + + ipfw: + test + + + lsmod + test + + + Poll and Traps + test + + + port: + test + + + state table size: + test + + + &Discard changes + &Отмена + + + xlate + test + + + Group similar commands together + test + + + Firewall + test + + + Use h323 proxy in NAT rules + test + + + New UDP Service + UDP + + + New TCP Service + TCP + + + Revision: + test + + + Check option 'dynamic address' for the interface that gets its IP address dynamically via DHCP or PPP protocol. + test + + + Missing SNMP community string. + test + + + Tooltip delay: + test + + + use text string + test + + + ICMP admin prohibited + test + + + Stateless rule + test + + + Use ipsec proxy in NAT rules + test + + + New &IP Service + IP ÑÐµÑ€Ð²Ð¸Ñ + + + Library %1: Firewall '%2' (global policy rule #%3) uses object '%4' from library '%5' + test + + + These options enable auxiliary sections in the generated shell script. + test + + + Executing external command + test + + + Security Level + test + + + Illegal IP address '%1' + IP '%1' + + + Log record for the new revision + test + + + Keep information on fragmented +packets, to be applied to later +fragments + test + + + Failed transformation : %1 + test + + + Original Src + test + + + Original Srv + test + + + Original Dst + test + + + <p>Each interface of the firewall must have security level associated with it.<br>Security level can be any number between 0 and 100, 0 being least secure and 100 being most secure levels. Interface with security level 0 ususally serves Internet connection.</p> + test + + + Error creating temporary file + test + + + Firewall platform is not specified in this object. +Can't compile firewall policy. + test + + + Interface: %1 (%2) + test + + + Allow dynamic addresses + test + + + User name used to authenticate to the firewall (leave this empty if you use putty session): + test + + + use hostname + test + + + Object with name '%1' already exists, please choose different name. + test + + + In nat rules where network zone object is used in OSrc, ODst and OSrv are 'any' and TSrc defines a global pool for the translation, replace object in OSrc with 'any' to produce PIX command "nat (interface) N 0.0.0.0 0.0.0.0" + test + + + Enable or change the port assignment for the Session Initiation Protocol (SIP) for Voice over IP TCP connections. + test + + + Locked by user: + test + + + No color + test + + + use numeric syslog levels + test + + + Use rcmd proxy in NAT rules + test + + + Compiler Options + test + + + Color Label: + test + + + New &Network + Сеть + + + SSH terminated, exit status: %1 + test + + + * firewall name : %1 + test + + + 5 - Normal but significant condition + test + + + Object <b>'%1'</b> in the objects tree + test + + + Replaces the IP identification field of outgoing packets with random values to compensate for operating systems that use predictable values. + test + + + Not enough memory. + test + + + place in library %1 + test + + + New &Custom Service + Специальный ÑÐµÑ€Ð²Ð¸Ñ + + + Open read-only + test + + + Packet forwarding + test + + + In enable mode. + test + + + Replace with this object + test + + + Computer Telephony Interface Quick Buffer Encoding (CTIQBE) protocol inspection module that supports NAT, PAT, and bi-directional NAT. + test + + + Actively reset inbound TCP connections with RST on outside interface + test + + + Revision %1 of this file has been checked out and locked by you earlier. +The file may be opened in another copy of Firewall Builder or was left opened +after the program crashed. + test + + + reassembly pool: + test + + + Add MAC Address + MAC + + + Choose a file to import + test + + + Add File to RCS + testОшибка Ð´Ð¾Ð±Ð°Ð²Ð»ÐµÐ½Ð¸Ñ Ñ„Ð°Ð¹Ð»Ð° в RCS +%1 + + + Respond to echo broadcast + test + + + Group Name: + : + + + When you delete a library, all objects that belong to it +disappear from the tree and all groups and rules that reference them. +You won't be able to reverse this operation later. +Do you still want to delete library %1? + test + + + Translated Dst + test + + + Translated Srv + test + + + Translated Src + test + + + Enable Rule + test + + + Configure interfaces manually + test + + + Buffer and reassemble fragments (default) + test + + + TCP Flags + test + + + ICMP Code: + test + + + Text to be found in object names: + test + + + Send ICMP 'unreachable' packet +masquerading as being from +the original destination + test + + + TCP window scaling + test + + + ICMP Type: + test + + + Verification of NAT rules + test + + + icmp error + test + + + Solaris: advanced settings + test + + + File Path + test + + + OpenBSD: advanced settings + test + + + File is not in RCS + test + + + lastModified + test + + + Find working directory + test + + + Undelete... + test + + + PIX inspects packets with ACLs before it does NAT, while many other firewalls do NAT first and then apply ACLs. Policy compiler can emulate the latter behaviour if this options is turned on. + test + + + Assume firewall is part +of 'any' (this setting only +affects code generated +for this rule) + test + + + Check file &in + test + + + * host OS : %1 + test + + + &About + test + + + &Close + test + + + &Debug + test + + + Date (Y/M/D): + test + + + &Paste + test + + + Error activating firewall policy + test + + + Date (Y/D/M): + test + + + Enable TCP resource control for AAA Authentication Proxy + test + + + Reading current firewall configuration + test + + + sip&media + test + + + Remove Rules + test + + + max length: + test + + + New &Address + ÐÐ´Ñ€ÐµÑ + + + Save &As... + test + + + Library + test + + + Detect rule shadowing in the policy + test + + + Enable all protocols + test + + + Error checking file out: %1 + test + + + Causes duplicate fragments to be dropped and any overlaps to be cropped. + test + + + Log record for this revision: + test + + + SNMP Get + test + + + Do not ask me anymore, always check files in with empty log + test + + + Dynamic address + test + + + Library file %1 is corrupted. + test + + + New Object File + test + + + &New Object File + test + + + Choose name and folder for the new file + Выберите Ð¸Ð¼Ñ Ð¸ фолдер Ð´Ð»Ñ Ð½Ð¾Ð²Ð¾Ð³Ð¾ файла + + + logger: + test + + + Logging + test + + + Modulate state for all stateful rules (applies only to TCP services) + test + + + This object has been modified but not saved. +Do you want to save it before switching to another object? + test + + + The following commands will be added verbatim on top of generated configuration + test + + + Reassemble fragments + test + + + Enable password: + test + + + Force each TCP connection to linger in a shortened TIME&WAIT + test + + + Clamp MSS to MTU + test + + + Kernel anti-spoofing protection + test + + + Enable Rules + test + + + to library %1 + test + + + Masquerade returned icmp as being from original +packet's destination + test + + + Can not open file %1 + test + + + XML element : %1 + test + + + Find Secure File Transfer utility + test + + + Failed to start ssh + test + + + Choose libraries to be exported: + test + + + Drop duplicate fragments, do not buffer and reassemble + test + + + ICMP host unreachable + test + + + MacOS X: advanced settings + test + + + ICMP port unreachable + test + + + (The default for both parameters is 0, which means unlimited number of connections.) + test + + + Enable SIP-over-UDP application inspection. + test + + + Enter authentication information below and click 'Next' + test + + + Syslog host (name or IP address): + test + + + timestamp + test + + + Do not ask for the log record when checking in new file revision. + test + + + Enter new position for selected rules: + test + + + Enable SCCP application inspection. SCCP protocol supports IP telephony and can coexist in an H.323 environment. An application layer ensures that all SCCP signaling and media packets can traverse the PIX Firewall and interoperate with H.323 terminals. + test + + + Running command '%1' + + + test + + + Find Secure Shell utility + test + + + Periodically save data to file every + test + + + log IP options + test + + + Group PIX commands in the script so that similar commands appear next to each other, just like PIX does it when you use 'show config' + test + + + minutes + test + + + These parameters make sense for connections to or from the firewall host + test + + + Enable TFTP application inspection. + test + + + half-closed + test + + + Error loading file %1: +%2 + test + + + Address of this interface is assigned dynamically using DHCP or PPP protocol + test + + + ipfw: advanced settings + test + + + Some protocols involve multiple associated network connections. Firewall can keep track of such connections automatically if you activate one or all of the following options: + test + + + ipf: advanced settings + test + + + New &Firewall + Файрволл + + + pf: advanced settings + test + + + Incremental install + test + + + * Incremental install + test + + + If rule action is 'Reject', this option defines firewall's reaction to the packet matching the rule + test + + + Prolog/Epilog + test + + + The name of the interface '%1' has changed. The program can also +rename IP address objects that belong to this interface, +using standard naming scheme 'host_name:interface_name:ip'. +This makes it easier to distinguish what host or a firewall +given IP address object belongs to when it is used in +the policy or NAT rule. The program also renames MAC address +objects using scheme 'host_name:interface_name:mac'. +Do you want to rename child IP and MAC address objects now? +(If you click 'No', names of all address objects that belong to +%1 will stay the same.) + test + + + For high latency + test + + + Use SNMP to discover interfaces of the firewall + test + + + Compiler: + test + + + User name: + test + + + Templates + test + + + Fatal error running rcsdiff for file %1 + test + + + Scrub rule options + test + + + Add... + test + + + Action + test + + + state expiration timeout: + test + + + Disable SNMP Agent + test + + + This interface is +external (insecure) + test + + + Directory on the firewall where script should be installed + test + + + Address of %1 could not be obtained via DNS + test + + + Author + test + + + TCP timestamps + test + + + Cancel + test + + + Burst: + test + + + Similar to 'Drop duplicate fragments' except that all duplicate or overlapping fragments will be dropped as well as any further corresponding fragments. + test + + + Color: + test + + + Object Manipulator + test + + + Ctrl+C + test + + + Ctrl+F + test + + + Ctrl+N + test + + + Ctrl+O + test + + + Ctrl+P + test + + + Ctrl+S + test + + + Ctrl+V + test + + + Ctrl+X + test + + + Ctrl+Y + test + + + Ctrl+Z + test + + + Delete + test + + + &Index... + test + + + Move Rule Down + test + + + Script formatting + test + + + Drop duplicate and subsequent fragments + test + + + Generate both 'in' and 'out' rules + test + + + File Properties + test + + + Use 'EMBLEM' format for syslog messages + test + + + <p>Check if this interface is used for management (SNMP queries, remote policy install etc.)<p> + test + + + New IC&MP Service + ICMP ÑÐµÑ€Ð²Ð¸Ñ + + + Exception: %1 + test + + + Netmask + test + + + Network + test + + + Export + test + + + Description: + test + + + When you delete an object, it is removed from the tree and +all groups and firewall policy rules that reference it. +Do you want to delete selected objects ? + test + + + Add virtual addresses for NAT + test + + + This operation will create a new group and put selected objects in it + test + + + Error loading file: +%1 + test + + + Logging limit: + test + + + Forward source routed packets + test + + + Log packet body + test + + + Generate commands to configure addresses for interfaces + test + + + TCP keepalive time (sec) + test + + + Label: + test + + + Labels + test + + + maximum number of simultaneous TCP and UDP connections + test + + + One interface of the firewall must be marked as 'external'. This interface should be connected to the least secure network, usually the Internet. + test + + + Skip all protocols + test + + + Enable directed broadcast + test + + + Search hit the end of the object tree. + . + + + 1.2.9 or later + test + + + <a href="http://www.fwbuilder.org/">http://www.fwbuilder.org</a> + test + + + Negate + test + + + This option is provisional and will change or disappear in future releases because we expect to make this a default behavior. + test + + + Normal + test + + + h323 h225 + test + + + Object + test + + + New IP Service + IP + + + New Object + test + + + Orange + test + + + Normally policy compiler uses stateful inspection in each rule. Activating next option makes this rule stateless. + test + + + Firewall Builder + test + + + reassembly timeout: + test + + + &New Object + test + + + Policy + test + + + seconds before an unassembled fragment is expired. + test + + + Alternative address to communicate with the firewall: + test + + + Purple + test + + + Log Prefix + test + + + Find add-on library + test + + + Activate Revision Control System for this file +(if you do not do this now, you can always activate it later) + testÐктивизировать ÑиÑтему ÐºÐ¾Ð½Ñ‚Ñ€Ð¾Ð»Ñ Ð²ÐµÑ€Ñий Ð´Ð»Ñ Ñтого файла +(еÑли Ð’Ñ‹ не Ñделаете Ñто ÑейчаÑ, Ð’Ñ‹ вÑегда можете активизироват ее позже) + + + completely disable logging +for this rule + test + + + Remove + test + + + Ignore broadcast pings + test + + + objects + test + + + location + test + + + lockedBy + test + + + Firewall Builder: Policy Installer + test + + + Source + test + + + code: %1 + : + + + Start: + test + + + Syslog + test + + + Update + test + + + Check option 'Unnumbered interface' for the interface that does not have an IP address. Examples of interfaces of this kind are those used to terminate PPPoE or VPN tunnels. + test + + + Set all to defaults.. + test + + + Progress: + test + + + Emptying of the 'Deleted Objects' in a library file is not recommended. +When you remove deleted objects from a library file, Firewall Builder +loses ability to track them. If a group or a policy rule in some +data file still uses removed object from this library, you may encounter +unusual and unexpected behavior of the program. +Do you want to delete selected objects anyway ? + test + + + Enforces a maximum Maximum Segment Size (MSS) in TCP packet headers. + test + + + Yellow + test + + + PIX Firewall Version 6.3 introduces support for EMBLEM format, which is required when using the CiscoWorks Resource Manager Essentials (RME) syslog analyzer. + test + + + Protocol Helpers + test + + + Remove comments from configuration + test + + + Fatal error running rlog for %1 + test + + + <p>Each interface of the firewall must have security level associated with it.<br> +Security level can be any number between 0 and 100, 0 being least secure and 100 being most secure levels. Interface with security level 0 ususally serves Internet connection.</p> + test + + + Enables Point-to-Point Tunneling Protocol (PPTP) application inspection. + test + + + Move Selected Rules + test + + + Import from file ... + test + + + Specifies the maximum number of embryonic connections per host. An embryonic connection is a connection request that has not finished the necessary handshake between source and destination. Set a small value for slower systems, and a higher value for faster systems. The default is 0, which means unlimited embryonic connections. + test + + + PIX Options + test + + + Check for overlapping statics + test + + + Configure Interfaces of the firewall machine + test + + + Recognize regular expressions in search pattern + test + + + Conflict Resolution + test + + + /minute + test + + + Comment: + : + + + Compiler + test + + + DNS lookup failed for both names of the address object '%1' and the name of the host '%2'. + test + + + h323 ras + test + + + New &Interface + Ð˜Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ + + + Contact: + test + + + Contents + test + + + &Continue + test + + + Load standard objects + test + + + Syslog message queue size (messages): + test + + + &Open... + test + + + Optimization + test + + + Firewall Builder 2 uses file extension '.fwb'. Your data file '%1' +has been renamed '%2' + test + + + Options + test + + + Here you can add or edit interfaces manually. 'Name' corresponds to the name of the physical interface, such as 'eth0', 'fxp0', 'ethernet0' etc. 'Label' is used to mark interface to reflect network topology, e.g. 'outside' or 'inside'. + test + + + Available libraries: + test + + + Verify interfaces before loading firewall policy + test + + + No firewalls defined + Ðет ни одного файрволла + + + Default action on 'Reject': + test + + + syslog level ('logging trap'): + test + + + Saving data to file... + test + + + /second + test + + + Data format + test + + + No change + test + + + SNMP community: + test + + + code: + test + + + Host OS: + test + + + ctiqbe + test + + + Generating configuration diff + test + + + protocol + test + + + Date (M/D/Y): + test + + + Find and eliminate duplicate rules + test + + + enable + test + + + Disable Rule + test + + + Move ... + test + + + Properties + test + + + Gateway Port: + test + + + use address of interface + test + + + &Properties + test + + + Browse... + test + + + Accept ICMP redirects + test + + + Optimization: + test + + + ipnat: + test + + + Detect shadowing in policy rules + test + + + Error checking in file %1: +%2 + test + + + Expand all branches in the object tree + . + + + Create new project file + Создать новый проект + + + Unnumbered interface + test + + + New RSA key + test + + + Log level: + test + + + (read-only) + (только Ð´Ð»Ñ Ñ‡Ñ‚ÐµÐ½Ð¸Ñ) + + + The default port for HTTP is 80. Use the port option to change the HTTP port, or specify a range of HTTP ports. + test + + + <p>Network zone consists of hosts and networks that can be reached through this interface of the firewall. Subnet to which this interface is directly attached must be part of its network zone. Other subnets reachable by means of routing should alse be added to the network zone. +<br> +If network zone for this interface consists of only one subnet, you can simply choose that network's object in the pull-down below. If your network zone should include multiple subnets, you need to create an Object Group, then put all hosts and networks which are going to be part of the network zone into that group and finally choose this group in the pull-down below.</p> + test + + + Enables the Media Gateway Control Protocol (MGCP) fixup. + test + + + notice + test + + + Move Rules + Правила + + + Accept source route + test + + + pfctl: + test + + + Load modules + test + + + Store configuration diff in a file + test + + + Ignore empty groups in rules + test + + + skinny + test + + + Use tables + test + + + sqlnet + test + + + A full path to the Secure Shell utility (remote command execution; for example ssh on Unix or plink.exe or vsh.exe on Windows): + test + + + Address + test + + + telnet + test + + + Library %1: Firewall '%2' (interface %3 policy rule #%4) uses object '%5' from library '%6' + test + + + New &Library + Библиотека + + + Copy Rule + test + + + type: + test + + + unauth + test + + + Physical address (MAC): + test + + + log TCP seq. numbers + test + + + Turn debugging on in generated script + test + + + PIX Advanced Configuration Options + test + + + Log prefix: + test + + + maximum number of entries in the memory pool used for packet reassembly + test + + + physAddress + test + + + Host OS Settings ... + test + + + Install firewall policy + test + + + queue threshold: + test + + + Optimize 'default nat' rules + test + + + &Find Object + test + + + Deactivate a rule on: + test + + + Activate a rule on: + test + + + In order to be able to build firewall policy properly, Firewall Builder needs information about 'security level' of the firewall's interfaces. Interface that connects it to the Internet is considered 'insecure' and has security level '0', while interface connected to the internal network is supposed to be 'secure' (security level '100'). You can arrange interfaces in the order of their security level below. + test + + + Based on this maximum-length configured by the user, the DNS fixup checks to see if the DNS packet length is within this limit. Every UDP DNS packet (request/response) undergoes the above check. + test + + + &Install old copy + test + + + Regular interface + test + + + Enter New Position For The Rule + test + + + Forward directed broadcasts + test + + + A full path to the Secure Copy utility (secure file copy; for example scp on Unix or pscp.exe or vcp.exe on Windows): + test + + + Copyright 2002-2004 NetCitadel, LLC + test + + + TCP fack + test + + + TCP sack + test + + + Show deleted objects + test + + + Call Agent port: + test + + + Some objects have been modified but not saved. +Do you want to save changes now ? + testÐекоторые объекты были модифицированы +но не Ñохранены. Хотите ли Ð’Ñ‹ Ñохранить Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ ? + + + Check for duplicate nat rules + test + + + Use random ID + test + + + RCS log: + test + + + TCP ECN + test + + + TCP RST + test + + + Some objects have been modified since +you compiled the policy last time. +Do you want to recompile it before you install ? + testÐекоторые объекты были модифицированы +но не Ñохранены. Хотите ли Ð’Ñ‹ Ñохранить Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ ? + + + The name of the object '%1' has changed. The program can also +rename IP address objects that belong to this object, +using standard naming scheme 'host_name:interface_name:ip'. +This makes it easier to distinguish what host or a firewall +given IP address object belongs to when it is used in +the policy or NAT rule. The program also renames MAC address +objects using scheme 'host_name:interface_name:mac'. +Do you want to rename child IP and MAC address objects now? +(If you click 'No', names of all address objects that belong to +%1 will stay the same.) + test + + + Enter the name of the new object below: + test + + + Platform: + : + + + Please select a library you want to export. + test + + + Error saving file %1: %2 + test + + + Direction + test + + + Aggressive + test + + + File %1 has been added to RCS. + test + + + 6 - Informational + test + + + Set SNMP communities using data from the firewall object dialog + test + + + If you remove libraries from the list, changes get in effect next time you start the program + test + + + Linux 2.4: advanced settings + test + + + Enable the IP Frag Guard feature (deprecated in v6.3 and later). + test + + + Ignore all pings + test + + + Original + test + + + &Print... + test + + + * Test run, commands will not be executed on the firewall + test + + + Revision history: + test + + + Using libfwbuilder API v + libfwbuilder v + + + Running command on the firewall: + test + + + New &Host + ХоÑÑ‚ + + + Insert Rule + test + + + Only one interface of the firewall '%1' must be marked as management interface. + test + + + Insert comments into generated PIX configuration file + test + + + 7 - Debug Message + test + + + check this option to make compiler add 'clear' statements to remove all pre-existing ACLs and NAT commands + test + + + Destination Port Range + test + + + This is unnumbered interface, that is, it does not have an IP address. You can use this for interfaces that terminate PPPoE or other VPN tunnels + test + + + place here + test + + + These options are only valid for PIX running software v6.3 or later + test + + + use ULOG + test + + + 2 - Critical Condition + test + + + Libraries + test + + + Location: + test + + + Save As + test + + + The file %1 already exists. +Do you want to overwrite it ? + Файл %1 уже ÑущеÑтвует. ПерепиÑать? + + + Specify directory path and a file name for each utility on your firewall machine. Leave these empty if you want to use default values. + test + + + Enables support for SQL*Net protocol. + test + + + NTP Servers: + test + + + Absolute + test + + + Let the program automatically open this file when I start it next time +(you can activate this option later using Preferences dialog) + testПрограмма должна автоматичеÑки открывать Ñтот файл при +Ñтарте (Ñта Ñ„ÑƒÐ½ÐºÑ†Ð¸Ñ Ñ‚Ð°ÐºÐ¶Ðµ может быть активизирована в диалоге УÑтановки) + + + Rules: %1-%2 + : + + + Firewall Settings ... + test + + + There are two ways compiler can generate code for rules in the Global Policy: it can either create two ipf rules to control both incoming and outgoing packets for each rule, or it can create only one ipf rule for incoming packets and permit all outgoing ones.You get more control over the packets crossing the firewall in the first mode, but generated script is going to be smaller if you choose the second. + test + + + Enables the Mail Guard feature, which only lets mail servers receive the RFC 821, section 4.5.1, commands of HELO, MAIL, RCPT, DATA, RSET, NOOP, and QUIT. All other commands are translated into X's which are rejected by the internal server. + test + + + Unsupported exception + test + + + Revision %1 + test + + + Choose template object in the list and click 'Finish' when ready. Template objects use generic interface names that will be iherited by the firewall object you create. You may need to rename them later to reflect real names of interfaces on your firewall machine. + test + + + Rule %1 + test + + + ICMP net unreachable + test + + + Service + test + + + Server 1: + test + + + Server 2: + test + + + Server 3: + test + + + Network zone: + test + + + Choose firewall software it is running: + test + + + Use ACL remarks to relate ACL commands and policy rules in the GUI + test + + + Pushing firewall configuration + test + + + sip udp + test + + + Disable all protocols + test + + + Could not open file %1 + test + + + Choose file that contains PIX commands + test + + + Generate 'clear' commands + test + + + Change TCP MSS to + test + + + Locked by + test + + + Enforce Maximum MSS: + test + + + Actively reset inbound TCP connections with RST + test + + + Enforce Minimum TTL: + test + + + DNS lookup failed for name of the address object '%1'. + %1 DNS + + + File %1 not found. + test + + + Always choose this +object if there is a conflict + test + + + Warning: loading from file discards current contents of the script. + test + + + Policy installer uses Secure Shell to communicate with the firewall. +Please configure directory path to the secure file copy and secure +shell utilities installed on your machine using Preferences dialog + test + + + Drop here firewall objects that should be used as policy templates for this firewall. Rules will be added on top of the rules of this firewall and will be taken from policies of the template objects in the order they were added, from top to bottom: + test + + + Ignore ICMP redirects + test + + + Error writing to temporary file + test + + + Policy Compiler Options + test + + + netlink group: + test + + + <b>Summary:</b> + test + + + Comment + test + + + &Compile + &Файл + + + Compile + test + + + maximum number of entries in the memory pool used for state table entries + test + + + Console + test + + + Load last edited file + test + + + Paste Rule + test + + + cprange + test + + + iptables: + test + + + Discover Interfaces using SNMP + test + + + Do you want to open existing project file or create a new one? + Хотите ли Ð’Ñ‹ открыть ÑущеÑтвующий проект или Ñоздать новый ? + + + Outbound + test + + + Library %1: Group '%2' uses object '%3' from library '%4' + test + + + &Cancel + test + + + Pass all outgoing + test + + + Installer + test + + + Empty configuration diff + test + + + If the option is deactivated, compiler treats empty groups as an error and aborts processing the policy. If this option is activated, compiler removes all empty groups from all rule elements. If rule element becomes 'any' after the last empty group has been removed, the whole rule will be ignored. Use this option only if you fully understand how it works! + test + + + * user name : %1 + Ð˜Ð¼Ñ Ñ„Ð°Ð¹Ð»Ð°: %1 + + + Inactivity + test + + + Quiet install: do not print anything as commands are executed on the firewall + test + + + Address: + test + + + strict: + test + + + Generate rules assuming the firewall is part of "Any". This makes a difference in rules that use services 'ssh' and 'telnet' since PIX uses special commands to control ssh and telnet access to the firewall machine + test + + + Log facility: + test + + + Other logging destinations and levels: + test + + + syslog facility: + test + + + Provides NAT support for Microsoft NetMeeting, SiteServer, and Active Directory products that use LightWeight Directory Access Protocol (LDAP) to exchange directory information with an for Internet Locator Service (ILS) server. + test + + + Interface + test + + + Logging interval: + test + + + Edit Preferences + test + + + Working directory: + test + + + Revision Control + test + + + SNMP Server 1: + test + + + SNMP Server 2: + test + + + Disable outbound DNS A record replies + test + + + &Contents... + test + + + Alternative name or address used to communicate with the firewall (also putty session name on Windows) + test + + + IP address: + test + + + disable + test + + + Discard + &Отмена + + + &Discard + &Отмена + + + sysctl: + test + + + SNMP 'read' community string: + test + + + Click 'Finish' when done. + test + + + Enables NAT of ICMP error messages. This creates translations for intermediate hops based on the static or network address translation configuration on the firewall. + test + + + New Ti&me Interval + интервал времени + + + File name: %1 + Ð˜Ð¼Ñ Ñ„Ð°Ð¹Ð»Ð°: %1 + + + Specify directory path and a file name for the following utilities on the OS your firewall machine is running. Leave these empty if you want to use default values. + test + + + Object <b>'%1'</b> in file %2 + test + + + Directory on the firewall where configuration files should be installed + test + + + <p>One interface of the firewall must be marked as 'external'. This interface should be connected to the least secure network, usually the Internet.</p> + test + + + Lets PIX Firewall pass Real Time Streaming Protocol (RTSP) packets. RTSP is used by RealAudio, RealNetworks, Apple QuickTime 4, RealPlayer, and Cisco IP/TV connections. + test + + + Fatal error during initial RCS checkin of file %1 : + %2 +Exit status %3 + test + + + Toolbar + test + + + New &TCP Service + TCP ÑÐµÑ€Ð²Ð¸Ñ + + + New &UDP Service + UDP ÑÐµÑ€Ð²Ð¸Ñ + + + modprobe: + test + + + Rule Options for ipt + test + + + Ctrl+Del + test + + + Verbose: print all commands as they are executed on the firewall + test + + + Object <b>'%1'</b> has been deleted + test + + + Click 'Next' when done. + test + + + Detect rule shadowing in policy + test + + + seconds between purges of expired states and packet fragments. + test + + + Replace NAT'ted objects with their +translations in policy rules + test + + + Settings: + test + + + Library %1: Firewall '%2' (NAT rule #%3) uses object '%4' from library '%5' + test + + + New &Service Group + группа ÑервиÑов + + + The following parameters are used for all NAT rules: + test + + + Create a group + test + + + Network: + : + + + Assume firewall is part of 'any' + test + + + Activated support for FTP protocol and allows to change the ftp control connection port number. + test + + + Generate ICMP redirects + test + + + Impossible to insert object %1 (type %2) into %3 +because of incompatible type. + test + + + PIX Firewall Settings + test + + + Import Library From a File + test + + + Too many opened file descriptors in the system. + test + + + dynamic + test + + + Current Object + test + + + Accounting + test + + + TCP SYN cookies + test + + + Preferences... + test + + + P&references... + test + + + A Rule Set + test + + + Rule: %1 + : + + + FWB Files (*.fwb);;All Files (*) + test + + + Remove Rule + test + + + Export Library To a File + test + + + Enable: + test + + + SNMP servers + test + + + %1 objects<br> + + test + + + Disable Rules + test + + + Internal buffer + test + + + Specify that when an incoming packet does a route lookup, +the incoming interface is used to determine which interface +the packet should go to, and which is the next hop +(deprecated in v6.3 and later). + test + + + Cut Rule + test + + + Move Rule + test + + + Keep current object + test + + + This will export a library to a file which can later be imported back into Firewall Builder + test + + + Generated fixup commands: + test + + + New Item + test + + + use LOG + test + + + Version: + : + + + esp ike + test + + + * Loading configuration from file %1 + test + + + 4 - Warning Message + test + + + A command that installer should execute on the firewall in order to activate the policy (if this field is blank, installer runs firewall script in the directory specified above; it uses sudo if user name is not 'root') + test + + + Password or passphrase: + test + + + Netmask: + test + + + Use preconfigured template host objects + test + + + ICMP host prohibited + test + + + *** End + test + + + Enforces a minimum Time To Live (TTL) in IP packet headers. + test + + + Preffered: + test + + + Time of last modification: + test + + + Revision + test + + + Firewalls: + test + + + The logging timestamp command requires that the clock command be set. + test + + + Welcome to Firewall Builder + Добро пожаловать в Firewall Builder + + + Specifies to use RAS with H.323 to enable dissimilar communication devices to communicate with each other. + test + + + Rule matches if it hits this often +or less: + test + + + Preferences + test + + + Script Options + test + + + Command line options for the compiler: + test + + + lsrr (loose source route) + test + + + FreeBSD: advanced settings + test + + + Open existing file + Открыть ÑущеÑтвующий проект + + + Move Rule Up + test + + + Disable inbound embedded DNS A record fixups + test + + + Revision: + : + + + Script Editor + test + + + DNS Lookup... + test + + + Specifies to use H.225, the ITU standard that governs H.225.0 session establishment and packetization, with H.323 + test + + + New ICMP Service + ICMP + + + Compile rules + test + + + Always permit ssh access from +the management workstation +with this address: + test + + + Add Rule Below + test + + + Clears the don't fragment bit from the IP packet header. + test + + + Paste Rule Above + test + + + Paste Rule Below + test + + + ( read only ) + (только Ð´Ð»Ñ Ñ‡Ñ‚ÐµÐ½Ð¸Ñ) + + + Bridging firewall + test + + + New &Object Group + Группа объектов + + + New Address &Range + Диапазон адреÑов + + + 0 - System Unusable + test + + + Conservative + test + + + Making backup copy of the firewall configuration + test + + + Range End: + : + + + Make a backup copy of the firewall configuration in this file: + test + + + Choose OS the new firewall runs on: + test + + + warning + test + + + 1 - Take Immediate Action + test + + + Policy install script (using built-in installer if this field is blank): + test + + + Verification of policy rules + test + + + Activate logging in all rules +(overrides rule options, use for debugging) + test + + + Log martians + test + + + Logged in + + test + + + Data file has been created in the old version of Firewall Builder. Use fwbuilder GUI to convert it. + + test + + + Date (D/M/Y): + test + + + Comment the code + test + + + MAC matching + test + + + Calculate difference between current firewall state and generated configuration and install only those commands that update state of the firewall + test + + + The following commands will be added verbatim after generated configuration + test + + + General + test + + + ( 0 - any protocol ) + test + + + Next step is to add interfaces to the new firewall. There are two ways to do it: using SNMP query or manually. Adding them using SNMP query is fast and automatic, but is only possible if firewall runs SNMP agent and you know SNMP community string 'read'. + test + + + Shadowing happens because a rule is a superset of a subsequent rule and any packets potentially matched by the subsequent rule have already been matched by the prior rule. + test + + + Add IP Address + IP + + + Enable object tooltips + test + + + Logged in + test + + + Revision Control: + test + + + Security level: + test + + + Buffers incoming packet fragments and reassembles them into a complete packet before passing them to the filter engine. + test + + + * management address : %1 + test + + + On startup: + test + + + Netlink group +(if using ULOG): + test + + + Management interface does not have IP address, can not communicate with the firewall. + test + + + Command line options for the script: + test + + + Enable support for NAT of locally originated connections + test + + + iptables: advanced settings + test + + + Use SNMP to discover interfaces of the host + test + + + Set PIX host name using object's name + test + + + Accept TCP sessions opened prior to firewall restart + test + + + Day of week (0-6): + test + + + Enables PAT for Encapsulating Security Payload (ESP), single tunnel. + test + + + If this option is on, policy compiler adds virtual addresses to the interfaces to make the firewall answer to ARP queries for addresses used in NAT rules. + test + + + Fork failed for %1 + %1 DNS + + + Emulate outbound ACLs + test + + + Do not save a copy of objects form add-on libraries in each data file + test + + + Group: + : + + + File is opened and locked by %1. +You can only open it read-only. + test + + + Discard Changes and Overwrite With Clean Copy Of The Head Revision From RCS + test + + + 'short' fragments + test + + + Check option 'Unnumbered interface' for the interface that does not have an IP address. Examples of interfaces of this kind are those used to terminate PPPoE or VPN tunnels and interfaces of the bridging firewall. + test + + + Next step is to add interfaces to the new host. There are two ways to do it: using SNMP query or manually. Adding them using SNMP query is fast and automatic, but is only possible if the host runs SNMP agent and you know SNMP community string 'read'. + test + + + Address is assigned +dynamically + test + + + Use these labels to mark rules in the firewall policy + test + + + * Configuration diff will be saved in file %1 + test + + + maximum number of embryonic connections per host + test + + + Management interface + test + + + Error: Failed to start program + test + + + TCP FIN timeout (sec) + test + + + Error opening file: +%1 + testОшибка Ð´Ð¾Ð±Ð°Ð²Ð»ÐµÐ½Ð¸Ñ Ñ„Ð°Ð¹Ð»Ð° в RCS +%1 + + + Error adding file to RCS: +%1 + testОшибка Ð´Ð¾Ð±Ð°Ð²Ð»ÐµÐ½Ð¸Ñ Ñ„Ð°Ð¹Ð»Ð° в RCS +%1 + + + Protocol number: + test + + + ssrr (strict source route) + test + + + Tree of Objects + test + + + One of the interfaces of the firewall '%1' must be marked as management interface. + test + + + Test run (commands won't be executed on the firewall) + test + + + ICMP protocol unreachable + test + + + Find object in the tree + test + + + Debugging Info + test + + + Installing policy rules on firewall '%1'. Logging in + test + + + ICMP net prohibited + test + + + Normally PIX does not support ouotbound ACL, however policy compiler can emulate them if this option is turned on + test + + + log TCP options + test + + + Pushing firewall configuration + + test + + + Illegal address '%1/%2' + test + + + protocol: %1 + test + + + Use raudio proxy in NAT rules + test + + + Specifies the maximum number of simultaneous TCP and UDP connections for the entire subnet. The default is 0, which means unlimited connections. (Idle connections are closed after the idle timeout specified by the timeout conn command.) + test + + + There is a conflict between an object in your tree and object in the file you are trying to open. Choose which version of this object you want to use: + test + + + Enables inspection of RSH protocol. + test + + + Installing policy rules on firewall '%1'. + test + + + rr (record route) + test + + + File %1 is read-only, you can not save changes to it. + Файл %1 защищен от запиÑи, Ð’Ñ‹ не Ñможете Ñохранить изменениÑ. + + + A library that you are trying to export contains references +to objects in the other libraries and can not be exported. +The following objects need to be moved outside of it or +objects that they refer to moved in it: + test + + + 3 - Error Message + test + + + - any - + test + + + Create New Object + test + + + Use ftp proxy in NAT rules + test + + + Enable sending log messages as SNMP trap notifications + test + + + Source Port Range + test + + + Check for overlapping global pools and statics + test + + + Library: + : + + + Impossible to apply changes because object is located in read-only +part of the tee or data file was opened read-only + test + + + Enable logging timestamps on syslog file + test + + + Illegal netmask '%1' + '%1' + + + Automatically save data in dialogs when switching between objects + test + + + This operation discards all changes that have been saved +into the file so far, closes it and replaces it with a clean +copy of its head revision from RCS. + +All changes will be lost if you do this. + + + test + + + <b>Firewall Builder 2.0</b> + test + + + * platform : %1 + test + + + Add File to &RCS + testОшибка Ð´Ð¾Ð±Ð°Ð²Ð»ÐµÐ½Ð¸Ñ Ñ„Ð°Ð¹Ð»Ð° в RCS +%1 + + + RCSFilePreview + test + + + Switching to enable mode... + test + + + + AboutDialog_q + + Firewall Builder + Firewall Builder + + + Using libfwbuilder API v + ИÑпользуетÑÑ libfwbuilder API верÑии + + + Revision: + РевизиÑ: + + + &OK + OK + + + Copyright 2002-2004 NetCitadel, LLC + Copyright 2002-2004 (C) NetCitadel, LLC + + + <a href="http://www.fwbuilder.org/">http://www.fwbuilder.org</a> + <a href="http://www.fwbuilder.org/">http://www.fwbuilder.org</a> + + + Revision: %1 ( Build: %2 ) + РевизиÑ: %1 (Сборка: %2) + + + Using Firewall Builder API %1 + ИÑпользуетÑÑ Firewall Builder API верÑии %1 + + + Registered + ЗарегиÑÑ‚Ñ€Ð¸Ñ€Ð¾Ð²Ð°Ð½Ð°Ñ ÐºÐ¾Ð¿Ð¸Ñ Ð¿Ñ€Ð¾Ð³Ñ€Ð°Ð¼Ð¼Ñ‹ + + + Unregistered + ÐезарегиÑÑ‚Ñ€Ð¸Ñ€Ð¾Ð²Ð°Ð½Ð½Ð°Ñ ÐºÐ¾Ð¿Ð¸Ñ Ð¿Ñ€Ð¾Ð³Ñ€Ð°Ð¼Ð¼Ñ‹ + + + <p align="center"><a href="http://www.fwbuilder.org/">http://www.fwbuilder.org</a></p> + <p align="center"><a href="http://www.fwbuilder.org/">http://www.fwbuilder.org</a></p> + + + Copyright 2002-2006 NetCitadel, LLC + Copyright 2002-2006 (C) NetCitadel, LLC + + + + ActionsDialog + + 'Chabge inbound interface', 'Continue packet inspection' and 'Make a copy' options are mutually exclusive + Опции 'Изменить входÑщий интерфейÑ', 'Продолжить инÑпекцию пакетов' и 'Сделать копию' ÑвлÑÑŽÑ‚ÑÑ Ð²Ð·Ð°Ð¸Ð¼Ð½Ð¾ иÑключающими + + + &Continue + Продолжить + + + Rule name for accounting is converted to the iptables +chain name and therefore may not contain white space +and special characters. + Ðазвание правила Ð´Ð»Ñ ÑƒÑ‡ÐµÑ‚Ð° конвертируетÑÑ Ð² +название цепочки iptables, и поÑтому оно не может +Ñодержать пробела или других Ñпециальных Ñимволов. + + + + ActionsDialog_q + + Actions Dialog + ДейÑÑ‚Ð²Ð¸Ñ + + + fw/rule num/action + номер/дейÑтвие МЭ/правила + + + Tag string: + Строка пометки: + + + If rule action is 'Reject', this option defines firewall's reaction to the packet matching the rule + ЕÑли дейÑтвие правила уÑтановлено в 'Блокировать Ñ ÑƒÐ²ÐµÐ´Ð¾Ð¼Ð»ÐµÐ½Ð¸ÐµÐ¼', то Ñта Ð¾Ð¿Ñ†Ð¸Ñ Ð¾Ð¿Ñ€ÐµÐ´ÐµÐ»Ñет тип ÑƒÐ²ÐµÐ´Ð¾Ð¼Ð»ÐµÐ½Ð¸Ñ + + + This action has no parameters. + Ð”Ð»Ñ Ð²Ñ‹Ð±Ñ€Ð°Ð½Ð½Ð¾Ð³Ð¾ дейÑÑ‚Ð²Ð¸Ñ Ð½ÐµÑ‚ параметров. + + + Tag value: + Значение пометки: + + + Mark connections created by packets that match this rule + Маркировать пакеты, попадающие под Ñто правило + + + Requires CONNMARK target + Требует Ð½Ð°Ð»Ð¸Ñ‡Ð¸Ñ Ñ†ÐµÐ»Ð¸ CONNMARK + + + Mark packets in PREROUTING chain + Маркировать пакеты в цепочке PREROUTING + + + Rule name for accounting. (white spaces and special characters are not allowed) + Ðазвание правила Ð´Ð»Ñ ÑƒÑ‡ÐµÑ‚Ð° (пробел или Ñпециальные Ñимволы не допуÑтимы) + + + Packet classification can be implemented in different ways: + Варианты клаÑÑификации пакетов: + + + use dummynet(4) 'pipe' + иÑпользовать dummynet(4) 'pipe' + + + use dummynet(4) 'queue' + иÑпользовать dummynet(4) 'queue' + + + Pipe or queue number: + Ðомер pipe или queue: + + + Custom string: + Строка, Ð·Ð°Ð´Ð°Ð½Ð½Ð°Ñ Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»ÐµÐ¼: + + + Classify string: + Строка клаÑÑификации: + + + Divert socket port number: + Ðомер порта Ð´Ð»Ñ divert socket: + + + User-defined chain name: + Ðазвание цепочки, заданное пользователем: + + + In addition to 'filter', create branching rule in 'mangle' table as well + Ð’ дополнение к таблице 'filter' Ñоздать ветку правила в таблице 'mangle' + + + Anchor name: + Ð˜Ð¼Ñ Ð¿Ñ€Ð¸ÐºÑ€ÐµÐ¿Ð»ÐµÐ½Ð¸Ñ: + + + Route through + Маршрутизировать через + + + Route reply through + Маршрутизировать ответ через + + + Route a copy through + Маршрутизировать копию через + + + interface + Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ + + + next hop + Ñледующий маршрутизатор + + + Fastroute + БыÑÑ‚Ñ€Ð°Ñ Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ð¸Ð·Ð°Ñ†Ð¸Ñ + + + Change inbound interface to + Изменить входÑщий Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð½Ð° + + + Route through gateway + Маршрутизировать через маршрутизатор + + + Change outbound interface to + Изменить иÑходÑщий Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð½Ð° + + + Continue packet inspection + Продолжить инÑпекцию пакетов + + + Make a copy + Сделать копию + + + + AddressRangeDialog + + Illegal IP address '%1' + Ðекорректный IP Ð°Ð´Ñ€ÐµÑ '%1' + + + &Continue + Продолжить + + + + AddressRangeDialog_q + + Address Range + Диапазон адреÑов + + + Name: + Ðазвание: + + + Library: + Библиотека: + + + Comment: + Комментарий: + + + Range End: + Конец диапазона: + + + Range Start: + Ðачало диапазона: + + + Apply Changes + Применить + + + + AddressTableDialog_q + + Address Table + Таблица адреÑов + + + Comment: + Комментарий: + + + Library: + Библиотека: + + + Name: + Ðазвание: + + + Compile Time + Ð’Ñ€ÐµÐ¼Ñ ÐºÐ¾Ð¼Ð¿Ð¸Ð»Ñции + + + Run Time + Ð’Ñ€ÐµÐ¼Ñ Ð²Ñ‹Ð¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ + + + File name: + Ð˜Ð¼Ñ Ñ„Ð°Ð¹Ð»Ð°: + + + Browse + Выбрать + + + Preview + Предварительный проÑмотр + + + + ColorLabelMenuItem + + no color + без цвета + + + + CommentEditorPanel + + Warning: loading from file discards current contents of the script. + Предупреждение: загрузка из файла удалит текущее Ñодержимое Ñкрипта. + + + Choose file that contains PIX commands + Выберите файл, Ñодержащий команды Cisco PIX + + + Could not open file %1 + Ðе могу открыть файл %1 + + + + CommentEditorPanel_q + + Comment Editor Panel + Панель редактора комментариев + + + fw/rule num + номер МЭ/правила + + + Import from file ... + Импорт из файла... + + + + ConfirmDeleteObjectDialog + + NAT + Ð¡ÐµÑ‚ÐµÐ²Ð°Ñ Ñ‚Ñ€Ð°Ð½ÑлÑÑ†Ð¸Ñ Ð°Ð´Ñ€ÐµÑов (NAT) + + + Policy + Ðабор правил + + + Routing + ÐœÐ°Ñ€ÑˆÑ€ÑƒÑ‚Ð¸Ð·Ð°Ñ†Ð¸Ñ + + + Unknown rule set + ÐеизвеÑтный набор правил + + + /Rule%1 + /Правило%1 + + + Type: + Тип: + + + Not used anywhere + Ðигде не иÑпользуетÑÑ + + + + ConfirmDeleteObjectDialog_q + + Object + Объект + + + Parent + ÐаÑледует от + + + Details + ПодробноÑти + + + Firewall Builder + Firewall Builder + + + Delete + Удалить + + + Cancel + Отмена + + + Groups and firewall policy rules shown in the list below reference objects you are about to delete. If you delete objects, they will be removed from these groups and rules. + Группы и правила в ÑпиÑке ниже ÑÑылаютÑÑ Ð½Ð° объекты, которые вы ÑобираетеÑÑŒ удалить. ЕÑли вы их удалите, то они будут удалены и из Ñтих групп и правил. + + + Deleted objects are moved to the "Deleted objects" library. You can recover them later by moving back to the user's library. However if you delete an object already located in the "Deleted objects" library, it is destroyed and can not be restored. + Удаленные объекты перемещены в Ñпециальную библиотеку "Deleted objects", при необходимоÑти вы можете их воÑÑтановить путем Ð¿ÐµÑ€ÐµÐ¼ÐµÑ‰ÐµÐ½Ð¸Ñ Ð² обычную библиотеку. При удалении из Ñпециальной библиотеки "Deleted objects", объекты утрачиваютÑÑ Ð½Ð°Ð²Ñегда и не подлежат воÑÑтановлению. + + + + CustomServiceDialog_q + + Custom Service + ПользовательÑкий ÑÐµÑ€Ð²Ð¸Ñ + + + Name: + Ðазвание: + + + Library: + Библиотека: + + + Custom service object has separate code string for each supported firewall platform. + ПользовательÑкий ÑÐµÑ€Ð²Ð¸Ñ Ð´Ð¾Ð»Ð¶ÐµÐ½ Ñодержать отдельное определение Ð´Ð»Ñ ÐºÐ°Ð¶Ð´Ð¾Ð³Ð¾ типа межÑетевого Ñкрана. + + + Platform: + Тип межÑетевого Ñкрана: + + + Apply Changes + Применить + + + Code: + Определение: + + + Comment: + Комментарий: + + + + DNSNameDialog_q + + DNS Name + DNS Ð¸Ð¼Ñ + + + Comment: + Комментарий: + + + Compile Time + Ð’Ñ€ÐµÐ¼Ñ ÐºÐ¾Ð¼Ð¿Ð¸Ð»Ñции + + + Run Time + Ð’Ñ€ÐµÐ¼Ñ Ð²Ñ‹Ð¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ + + + Library: + Библиотека: + + + Name: + Ðазвание: + + + DNS Record: + DNS запиÑÑŒ: + + + + DiscoveryDruid + + Hosts file parsing ... + Обработка файла узлов ... + + + DNS zone transfer ... + Получение зоны DNS ... + + + Network discovery using SNMP ... + Получение информации через SNMP ... + + + Adding objects ... + Добавление объектов ... + + + Cancel + Отмена + + + Prepare objects ... + Подготовка объектов ... + + + Copying results ... + Копирование результатов ... + + + Discovery error + Ошибка Ð¿Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð¸Ñ Ð¸Ð½Ñ„Ð¾Ñ€Ð¼Ð°Ñ†Ð¸Ð¸ + + + Incomlete network specification. + ÐÐµÐ¿Ð¾Ð»Ð½Ð°Ñ ÑÐµÑ‚ÐµÐ²Ð°Ñ ÑпецификациÑ. + + + Empty community string + ПуÑÑ‚Ð°Ñ Ñтрока SNMP community + + + + DiscoveryDruid_q + + Object + Объект + + + Interfaces + ИнтерфейÑÑ‹ + + + Type + Тип + + + Discovery Druid + Менеджер Ð¿Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð¸Ñ Ð¸Ð½Ñ„Ð¾Ñ€Ð¼Ð°Ñ†Ð¸Ð¸ + + + Choose discovery method used to collect information about network objects from the list below and click 'Next' to continue. + Выберите метод Ð¿Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð¸Ñ Ð¸Ð½Ñ„Ð¾Ñ€Ð¼Ð°Ñ†Ð¸Ð¸ о Ñетевых объектов ниже и нажмите 'Далее' Ð´Ð»Ñ Ð¿Ñ€Ð¾Ð´Ð¾Ð»Ð¶ÐµÐ½Ð¸Ñ. + + + Discovery method: + Метод Ð¿Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð¸Ñ Ð¸Ð½Ñ„Ð¾Ñ€Ð¼Ð°Ñ†Ð¸Ð¸: + + + Read file in hosts format + Прочитать файл узлов (в формате /etc/hosts) + + + Import DNS zone + Импортировать зону DNS + + + Perform network discovery using SNMP + Получить информацию через SNMP + + + Discovery Method + Метод Ð¿Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð¸Ñ Ð¸Ð½Ñ„Ð¾Ñ€Ð¼Ð°Ñ†Ð¸Ð¸ + + + Enter full path and file name below or click "Browse" to find it: + Введите ниже полный путь и название файла или нажмите 'ПроÑмотр' ниже Ð´Ð»Ñ ÐµÐ³Ð¾ поиÑка: + + + File in hosts format + Файл узлов (в формате /etc/hosts) + + + Browse ... + Выбрать... + + + Reading file in hosts format + Чтение файла узлов (в формате /etc/hosts) + + + This discovery method creates objects for all 'A' records found in DNS domain. You will later have a chance to accept only those objects you wish and ignore others. +Please enter the domain name below: + Этот метод Ð¿Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð¸Ñ Ð¸Ð½Ñ„Ð¾Ñ€Ð¼Ð°Ñ†Ð¸Ð¸ Ñоздает объекты ÑоглаÑно запиÑи типа 'A' DNS указанного домена. Ðа Ñледующем шаге можно выбрать те объекты, которые вы хотите добавить (и ÑоответÑтвенно не добавлÑÑ‚ÑŒ ненужные). +Введите Ð¸Ð¼Ñ Ð´Ð¾Ð¼ÐµÐ½Ð°: + + + Domain name + Ð˜Ð¼Ñ Ð´Ð¾Ð¼ÐµÐ½Ð° + + + Objects created using this method may have long or short names. long name consists of the host name and full domain name (this is called <i>Fully Qualified Domain Name</i>). Short name consists of only host name. Check in the box below if you wish to use long name, then click next to continue: + Объекты Ñоздаваемые Ñтим методом могут иметь как длинные, так и короткие имена. Длинные имена ÑоÑтоÑÑ‚ из имени узла и полного доменного имени (FQDN). Короткие имена ÑоÑтоÑÑ‚ из имени узла. ПоÑтавьте отметку ниже, еÑли вы хотите получить объекты Ñ Ð´Ð»Ð¸Ð½Ð½Ñ‹Ð¼Ð¸ именами и нажмите Далее: + + + Use long names + ИÑпользовать длинные имена + + + DNS zone information has to be transferred from the name server authoritative for the domain. Pick the name server: + Ð˜Ð½Ñ„Ð¾Ñ€Ð¼Ð°Ñ†Ð¸Ñ Ð¾ зоне DNS будет получена от указанного DNS Ñервера: + + + Name server + DNS Ñервер + + + choose name server from the list below + выберите DNS Ñервер из ÑпиÑка ниже + + + server name or its IP address here if you wish to use different one: + альтернативное Ð¸Ð¼Ñ Ñервера или IP адреÑ: + + + DNS Query options + Опции DNS запроÑа + + + Timeout (sec) + Таймаут (Ñек) + + + Retries + КоличеÑтво повторов + + + This discovery method scans networks looking for hosts or gateways responding to SNMP queries. It pulls host's ARP table and uses all the entries found in it to create objects. Scan starts from the host called "seed". Enter "seed" host name or address below: + Этот метод Ð¿Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð¸Ñ Ð¸Ð½Ñ„Ð¾Ñ€Ð¼Ð°Ñ†Ð¸Ð¸ Ñоздает объекты ÑоглаÑно результатам опроÑа узлов и маршрутизаторов по протоколу SNMP. Он получает ARP таблицы узлов и иÑпользует вÑе запиÑи Ñтих таблиц. Сканирование начинаетÑÑ Ñ ÑƒÐ·Ð»Ð°, называемого "seed". Введите Ð¸Ð¼Ñ Ð¸Ð»Ð¸ IP Ð°Ð´Ñ€ÐµÑ ÑƒÐ·Ð»Ð° "seed": + + + 'Seed' host + Узел "seed" + + + Enter a valid host name or address. + Введите Ð¸Ð¼Ñ Ð¸Ð»Ð¸ IP Ð°Ð´Ñ€ÐµÑ ÑƒÐ·Ð»Ð°. + + + The scanner process can be confined to a certain network, so it won't discover hosts on adjacent networks. If you leave these fields blank, scanner will visit all networks it can find: + Сканер может быть наÑтроен на определенную подÑеть и не иÑпользовать ненужные подÑети. ЕÑли Ð¿Ð¾Ð»Ñ Ð½Ð¸Ð¶Ðµ будут пуÑÑ‚Ñ‹, то Ñканер будет иÑпользовать вÑе подÑети, которые Ñможет найти: + + + Confine scan to this network: + Сканировать только подÑеть: + + + Netmask: + МаÑка подÑети: + + + Address: + ÐдреÑ: + + + Network discovery using SNMP + Получение информации через SNMP + + + The scanner process can repeat its algorithm recursively using each new host it finds as a new "seed". This allows it to find as many objects on your network as possible. On the other hand, it takes more time and may find some objects you do not really need. You can turn recursive scanning on below: + Сканер может работать рекурÑивно, то еÑÑ‚ÑŒ пытатьÑÑ Ð¸Ñпользовать каждый найденый узел как "seed" узел. С одной Ñтороны, Ñто позволÑет получить информацию по макÑимуму объектов вашей Ñети, Ñ Ð´Ñ€ÑƒÐ³Ð¾Ð¹ - Ñканирование займет Ñлишком много времени. Включить рекурÑивное Ñканирование: + + + Run network scan recursively + ВыполнÑÑ‚ÑŒ рекурÑивное Ñканирование + + + The scanner process can find nodes beyond the boundaries of your network by following point-to-point links connecting it to the Internet or other parts of WAN. + Сканер может найти объекты за пределами вашей Ñети через каналы типа точка-точка, которые могут ÑоединÑÑ‚ÑŒ вашу Ñеть как Ñ Internet, так и Ñ Ð´Ñ€ÑƒÐ³Ð¸Ð¼Ð¸ чаÑÑ‚Ñми вашей Ñети. + + + Follow point-to-point links + ИÑпользовать каналы типа точка-точка + + + The scanner process can distinguish virtual IP addresses created on hosts as static "published" ARP entries or as secondary addresses on interfaces. + Сканер может различать виртуальные IP адреÑа Ñозданные на узлах как ÑтатичеÑкие запиÑи в ARP таблице, либо как вторичные адреÑа на интерфейÑе. + + + Include virtual addresses + Обрабатывать виртуальные адреÑа + + + Analysis of ARP table yields IP addresses for hosts on your network. In order to determine their names, scanner can run reverse name lookup queries using your name servers (DNS): + Получать DNS имена узлов Ð´Ð»Ñ IP адреÑов, найденых в ARP таблицах. Ð”Ð»Ñ Ð¿Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð¸Ñ DNS имен Ñканер будет иÑпользовать обратные DNS запроÑÑ‹ на ваши DNS Ñерверы: + + + Run reverse name lookup DNS queries to determine host names + Получать DNS имена узлов Ð´Ð»Ñ IP адреÑов через обратные DNS запроÑÑ‹ + + + Network scan options + Опции ÑÐºÐ°Ð½Ð¸Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ Ñети + + + Enter parameters for SNMP and DNS reverse lookup queries below. (If unsure, just leave default values): + Введите параметры Ð´Ð»Ñ SNMP и DNS обратных запроÑов (вы можете не изменÑÑ‚ÑŒ Ñто поле, чтобы иÑпользовать Ð·Ð½Ð°Ñ‡ÐµÐ½Ð¸Ñ Ð¿Ð¾-умолчанию): + + + SNMP query parameters: + Параметры SNMP запроÑов: + + + SNMP 'read' community string: + Строка SNMP community Ð´Ð»Ñ Ñ‡Ñ‚ÐµÐ½Ð¸Ñ: + + + number of retries: + количеÑтво попыток: + + + timeout (sec): + таймаут (Ñек): + + + public + public + + + DNS parameters: + Параметры DNS: + + + timeout (sec) : + таймаут (Ñек): + + + Number of threads: + КоличеÑтво потоков: + + + SNMP and DNS reverse lookup queries parameters + Параметры Ð´Ð»Ñ SNMP и DNS обратных запроÑов + + + Process name + Ð˜Ð¼Ñ Ð¿Ñ€Ð¾Ñ†ÐµÑÑа + + + Stop + Стоп + + + Save scan log to file + Сохранить журнал ÑÐºÐ°Ð½Ð¸Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ Ð² файл + + + Process log: + Журнал процеÑÑа: + + + Discovery is in progress + ВыполнÑетÑÑ Ð¿Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð¸Ðµ информации + + + These are the networks found by the scanner process. Choose the ones you wish to use from the list below, then click 'Next': + Ðиже перечиÑлены найденые Ñканером подÑети. Выберите те, которые вы будет иÑпользовать и нажмите 'Далее': + + + Select All + Выбрать вÑе + + + Filter ... + Фильтр ... + + + Unselect All + СнÑÑ‚ÑŒ выбор Ñо вÑех + + + Remove Filter + Удалить фильтр + + + -> + -> + + + <- + <- + + + Networks + ПодÑети + + + Choose objects you wish to use, then click 'Next': + Выберите объект, который вы хотите иÑпользовать и нажмите 'Далее': + + + Objects + Объекты + + + Change type of selected objects: + Изменить тип выбранных объектов: + + + Address + ÐÐ´Ñ€ÐµÑ + + + Host + Узел + + + Firewall + МежÑетевой Ñкран + + + Here you can change type of the objects to be created for each address discovered by the scanner. By default, an "Address" object is created for the host with just one interface with single IP address and "Host" object is created for the host with multiple interfaces, however you can change their types on this page. + Ð¡ÐµÐ¹Ñ‡Ð°Ñ Ð²Ñ‹ можете изменить тип объекта Ð´Ð»Ñ ÐºÐ°Ð¶Ð´Ð¾Ð³Ð¾ адреÑа, найденного Ñканером. По-умолчанию Ð´Ð»Ñ ÑƒÐ·Ð»Ð¾Ð² Ñ Ð¾Ð´Ð½Ð¸Ð¼ интерфейÑом и IP-адреÑом ÑоздаетÑÑ Ð¾Ð±ÑŠÐµÐºÑ‚ типа 'ÐдреÑ', Ð´Ð»Ñ ÑƒÐ·Ð»Ð¾Ð² Ñ Ð½ÐµÑколькими интерфейÑами ÑоздаетÑÑ Ð¾Ð±ÑŠÐµÐºÑ‚ типа 'Узел'. + + + Adjust Object types + Изменить типы объектов + + + Select target library + Выбрать библиотеку Ð´Ð»Ñ Ð¾Ð±ÑŠÐµÐºÑ‚Ð¾Ð² + + + Target library + Библиотека Ð´Ð»Ñ Ð¾Ð±ÑŠÐµÐºÑ‚Ð¾Ð² + + + Adding new objects to library ... + Добавление новых объектов в библиотеку ... + + + Creatnig objects + Прочитать файл узлов (формата /etc/hosts) + + + + FWBMainWindow_q + + Firewall Builder + Firewall Builder + + + Click here to change amount of information shown about object selected in the tree + Ðажмите, чтобы изменить режим показа информации про выбранный в дереве объект + + + Tab 1 + Tab 1 + + + Firewall Name + Ðазвание межÑетевого Ñкрана + + + Firewalls: + МежÑетевые Ñкраны: + + + &File + Проект + + + &Edit + Редактировать + + + Object + Объект + + + Rules + Правила + + + &Help + Помощь + + + Toolbar + Панель инÑтрументов + + + New Object File + Создать новый + + + &New Object File + Создать новый + + + Open + Открыть + + + &Open... + Открыть... + + + Ctrl+O + Ctrl-O + + + Save + Сохранить + + + &Save + Сохранить + + + Ctrl+S + Ctrl-S + + + Save As + Сохранить как + + + Save &As... + Сохранить как... + + + Print + Печать + + + &Print... + Печать... + + + Ctrl+P + Ctrl-P + + + Exit + Выход + + + E&xit + Выход + + + Undo + Отмена + + + &Undo + Отмена + + + Ctrl+Z + Ctrl-Z + + + Redo + Повторить отмененное дейÑтвие + + + &Redo + Повторить отмененное дейÑтвие + + + Ctrl+Y + Ctrl-Y + + + Cut + Вырезать + + + &Cut + Вырезать + + + Ctrl+X + Ctrl-X + + + Copy + Копировать + + + C&opy + Копировать + + + Ctrl+C + Ctrl-C + + + Paste + Ð’Ñтавить + + + &Paste + Ð’Ñтавить + + + Ctrl+V + Ctrl-V + + + Ctrl+F + Ctrl-F + + + Contents + Содержимое + + + &Contents... + Содержимое + + + Index + Содержание + + + &Index... + Содержание + + + About + О программе + + + &About + О программе + + + New + Создать + + + Close + Закрыть + + + &Close + Закрыть + + + Compile + Компилировать + + + Compile rules + Компилировать правила + + + Install + УÑтановить + + + Install firewall policy + УÑтановить набор правил + + + Back + Ðазад + + + Move back to the previous object + ВернутьÑÑ Ðº предидущему объекту + + + New Object + Создать объект + + + &New Object + Создать объект + + + Create New Object + Создать новый объект + + + Ctrl+N + Ctrl-N + + + Find Object + Ðайти объект + + + &Find Object + Ðайти объект... + + + Find object in the tree + ПоиÑк объекта по дереву + + + Preferences... + ÐаÑтройки... + + + P&references... + ÐаÑтройки... + + + Edit Preferences + Редактировать наÑтройки + + + Insert Rule + Ð’Ñтавить правило + + + Move Rule Up + ПеремеÑтить правило выше + + + Move Rule Down + ПеремеÑтить правило ниже + + + Add Rule Below + Добавить правило ниже + + + Remove Rule + Удалить правило + + + Ctrl+Del + Ctrl-Del + + + Copy Rule + Копировать правило + + + Cut Rule + Вырезать правило + + + Paste Rule Above + Ð’Ñтавить правило выше + + + Paste Rule Below + Ð’Ñтавить правило ниже + + + Add File to RCS + Добавить файл в ÑиÑтему ÐºÐ¾Ð½Ñ‚Ñ€Ð¾Ð»Ñ Ð²ÐµÑ€Ñий + + + Add File to &RCS + Добавить файл в ÑиÑтему ÐºÐ¾Ð½Ñ‚Ñ€Ð¾Ð»Ñ Ð²ÐµÑ€Ñий + + + Delete + Удалить + + + Del + Del + + + Export Library To a File + ЭкÑпортировать библиотеку в файл + + + &Export Library + ЭкÑпортировать библиотеку + + + Import Library From a File + Импортировать библиотеку из файла + + + &Import Library + Импортировать библиотеку + + + Debug + Отладка + + + &Debug + Отладка + + + &Properties + СвойÑтва + + + Move Selected Rules + ПеремеÑтить выбранные правила + + + Discard + Отменить Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ + + + &Discard + Отменить Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ + + + Discard Changes and Overwrite With Clean Copy Of The Head Revision From RCS + Отменить Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ Ð¸ перезапиÑать копией из оÑновной ветки ÑиÑтемы ÐºÐ¾Ð½Ñ‚Ñ€Ð¾Ð»Ñ Ð²ÐµÑ€Ñий + + + Apply + Применить + + + Show File Properties + +Показать ÑвойÑтва файла + + + Commit + ПринÑÑ‚ÑŒ Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ + + + C&ommit + ПринÑÑ‚ÑŒ Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ + + + Commit Opened File to RCS and Continue Editing + ПринÑÑ‚ÑŒ Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ Ð¾Ñ‚ÐºÑ€Ñ‹Ñ‚Ð¾Ð³Ð¾ файла в ÑиÑтему ÐºÐ¾Ð½Ñ‚Ñ€Ð¾Ð»Ñ Ð²ÐµÑ€ÑÐ¸Ñ Ð¸ продолжить редактирование + + + Lock + Заблокировать + + + Unlock + Разблокировать + + + Discovery Druid + Менеджер Ð¿Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð¸Ñ Ð¸Ð½Ñ„Ð¾Ñ€Ð¼Ð°Ñ†Ð¸Ð¸ + + + new item + новый Ñлемент + + + Tools + Утилиты + + + + FWObjectDropArea + + Drop object here. + ПомеÑтить объект Ñюда. + + + Paste + Ð’Ñтавить + + + Delete + Удалить + + + + FWObjectDropArea_q + + Form1 + Форма1 + + + + FWObjectPropertiesFactory + + <b>Library:</b> + <b>Библиотека:</b> + + + <b>Object Id:</b> + <b>Идентификатор объекта:</b> + + + <b>Object Type:</b> + <b>Тип объекта:</b> + + + <b>Object Name:</b> + <b>Ð˜Ð¼Ñ ÐžÐ±ÑŠÐµÐºÑ‚Ð°:</b> + + + + FWWindow + + Some objects have been modified but not saved. +Do you want to save changes now ? + Ðекоторые объекты были изменены без ÑохранениÑ. +Сохранить изменениÑ? + + + &Save + Сохранить + + + &Discard + Отменить Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ + + + &Cancel + Отмена + + + FWB Files (*.fwb);;All Files (*) + Файлы Firewall Builder (*.fwb);;Ð’Ñе файлы (*) + + + The file %1 already exists. +Do you want to overwrite it ? + Файл Ñ Ð¸Ð¼ÐµÐ½ÐµÐ¼ %1 уже ÑущеÑтвует. +Хотите перезапиÑать его? + + + Choose name and location for the new file + Выберите Ð¸Ð¼Ñ Ð¸ папку Ð´Ð»Ñ Ð½Ð¾Ð²Ð¾Ð³Ð¾ файла + + + Saving data to file... + Сохранение данных в файл... + + + Choose name and location for the file + Выберите Ð¸Ð¼Ñ Ð¸ папку Ð´Ð»Ñ Ñ€Ð°Ð·Ð¼ÐµÑ‰ÐµÐ½Ð¸Ñ Ñ„Ð°Ð¹Ð»Ð° + + + This operation discards all changes that have been saved +into the file so far, closes it and replaces it with a clean +copy of its head revision from RCS. + +All changes will be lost if you do this. + + + Ð’Ñ‹Ð±Ñ€Ð°Ð½Ð½Ð°Ñ Ð¾Ð¿ÐµÑ€Ð°Ñ†Ð¸Ñ Ð¿ÐµÑ€ÐµÐ·Ð°Ð¿Ð¸ÑˆÐµÑ‚ файл копией +из оÑновной ветки ÑиÑтемы ÐºÐ¾Ð½Ñ‚Ñ€Ð¾Ð»Ñ Ð²ÐµÑ€Ñий. + +Ð’Ñе ранее Ñделанные Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ Ð±ÑƒÐ´ÑƒÑ‚ утрачены. + + + &Discard changes + Отменить Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ + + + File %1 has been added to RCS. + Файл %1 был добавлен в ÑиÑтему ÐºÐ¾Ð½Ñ‚Ñ€Ð¾Ð»Ñ Ð²ÐµÑ€Ñий + + + Error adding file to RCS: +%1 + Ошибка при добавлении файла %1 в ÑиÑтему ÐºÐ¾Ð½Ñ‚Ñ€Ð¾Ð»Ñ Ð²ÐµÑ€Ñий + + + (read-only) + (только Ð´Ð»Ñ Ñ‡Ñ‚ÐµÐ½Ð¸Ñ) + + + Error loading file: +%1 + Ошибка при загрузке файла %1 + + + Firewall Builder 2 uses file extension '.fwb' and +needs to rename old data file '%1' to '%2', +but file '%3' already exists. +Choose a different name for the new file. + Firewall Builder верÑии 2 иÑпользует раÑширение файлов .fwb. +Ð”Ð»Ñ Ð²Ñ‹Ð¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ñ‚ÐµÐºÑƒÑ‰ÐµÐ¹ операции необходимо переименовать +Ñтарый файл %1 в новый %2, однако файл %3 уже ÑущеÑтвует. +Выберите другое Ð¸Ð¼Ñ Ð´Ð»Ñ Ñоздаваемого файла. + + + Please choose a different name for the new file. + Выберите другое Ð¸Ð¼Ñ Ð´Ð»Ñ Ñоздаваемого файла. + + + Firewall Builder 2 uses file extension '.fwb'. Your data file '%1' +has been renamed '%2' + Firewall Builder 2 иÑпользует раÑширение .fwb. +Старый файл %1 был переименован в %2. + + + Exception: %1 + ИÑключение: %1 + + + Failed transformation : %1 + Ошибка преобразованиÑ: %1 + + + XML element : %1 + Элемент XML: %1 + + + Error checking in file %1: +%2 + Ошибка при добавлении файла %1 в ÑиÑтему ÐºÐ¾Ð½Ñ‚Ñ€Ð¾Ð»Ñ Ð²ÐµÑ€Ñий: +%2 + + + File is read-only + Файл доÑтупен только Ð´Ð»Ñ Ñ‡Ñ‚ÐµÐ½Ð¸Ñ + + + Error saving file %1: %2 + Ошибка при Ñохранении файла %1: +%2 + + + Error loading file %1: +%2 + Ошибка при открытии файла %1: +%2 + + + Choose a file to import + Выберите файл Ð´Ð»Ñ Ð¸Ð¼Ð¿Ð¾Ñ€Ñ‚Ð° + + + No firewalls defined + Ðе определено ни одного межÑетевого Ñкрана + + + Policy + Ðабор правил + + + NAT + Ð¡ÐµÑ‚ÐµÐ²Ð°Ñ Ñ‚Ñ€Ð°Ð½ÑлÑÑ†Ð¸Ñ Ð°Ð´Ñ€ÐµÑов (NAT) + + + Firewall platform is not specified in this object. +Can't compile firewall policy. + Ðе задан тип межÑетевого Ñкрана Ð´Ð»Ñ Ñтого объекта. +Ðевозможно Ñкомпилировать набор правил. + + + Policy installer uses Secure Shell to communicate with the firewall. +Please configure directory path to the secure file copy and secure +shell utilities installed on your machine using Preferences dialog + Программа уÑтановки правил иÑпользует утилиты SSH Ð´Ð»Ñ ÑвÑзи Ñ Ð¼ÐµÐ¶Ñетевым Ñкраном. +Определите в наÑтройках программы пути к утилитам scp и ssh. + + + &Continue + Продолжить + + + Some objects have been modified since +you compiled the policy last time. +Do you want to recompile it before you install ? + Ðекоторые объекты были изменены Ñ Ð¼Ð¾Ð¼ÐµÐ½Ñ‚Ð° поÑледей копилÑции. +Хотите перекомпилировать набор правил перед тем как уÑтановить его? + + + &Compile + Компилировать + + + &Install old copy + УÑтановить Ñтарую копию + + + Load operation cancelled and data file reverted to original version. + ÐžÐ¿ÐµÑ€Ð°Ñ†Ð¸Ñ Ð¾Ñ‚ÐºÑ€Ñ‹Ñ‚Ð¸Ñ Ñ„Ð°Ð¹Ð»Ð° была отменена, поÑтому файл не был изменен. + + + &Yes + Да + + + &No + Ðет + + + Checking file %1 in RCS + Добавление файла %1 в ÑиÑтему ÐºÐ¾Ð½Ñ‚Ñ€Ð¾Ð»Ñ Ð²ÐµÑ€Ñий + + + Legend + УÑловные Ð¾Ð±Ð¾Ð·Ð½Ð°Ñ‡ÐµÐ½Ð¸Ñ + + + Objects + Объекты + + + Printing aborted + Печать отменена + + + Printing completed + Печать завершена + + + Close + Закрыть + + + Install + УÑтановить + + + Groups + Группы + + + EMPTY + ПуÑто + + + Loading system objects... + Загрузка ÑиÑтемных объектов... + + + Reading and parsing data file... + Чтение и обработка файла данных... + + + Merging with system objects... + Смешивание Ñ ÑиÑтемными объектами... + + + Building object tree... + ПоÑтроение дерева объектов... + + + Indexing... + ИндекÑациÑ... + + + A library that you are trying to export contains references +to objects in the other libraries and can not be exported. +The following objects need to be moved outside of it or +objects that they refer to moved in it: + Библиотека не может быть ÑкÑпортирована, так как, +Ñодержит ÑÑылки на объекты других библиотек. +Ð”Ð»Ñ ÑƒÑпешного ÑкÑÐ¿Ð¾Ñ€Ñ‚Ð¸Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ Ñледующие объекты +необходимо или удалить из библиотеки или помеÑтить в нее: + + + Please select a library you want to export. + Выберите библиотеку Ð´Ð»Ñ ÑкÑпортированиÑ. + + + Policy/%1 + Ðабор правил/%1 + + + Building branch policy view '%1'... + СтроитÑÑ Ð¿Ñ€ÐµÐ´Ñтавление ветки набора правил '%1' ... + + + Building policy view... + СтроитÑÑ Ð¿Ñ€ÐµÐ´Ñтавление набора правил ... + + + Building NAT view... + СтроитÑÑ Ð¿Ñ€ÐµÐ´Ñтавление таблицы транÑлÑции адреÑов ... + + + Building routing view... + СтроитÑÑ Ð¿Ñ€ÐµÐ´Ñтавление маршрутизации ... + + + Routing + ÐœÐ°Ñ€ÑˆÑ€ÑƒÑ‚Ð¸Ð·Ð°Ñ†Ð¸Ñ + + + + FilterDialog + + Filter error + Ошибка фильтрации + + + Invalid RegExp. + Ðекорректное регулÑрное выражение. + + + Name + Ðазвание + + + Address + ÐÐ´Ñ€ÐµÑ + + + Contains + Содержит + + + Is equal to + Эквивалентно + + + Starts with + ÐачинаетÑÑ Ð½Ð° + + + Ends with + ЗаканчиваетÑÑ Ð½Ð° + + + Matches Wildcard + СоответÑтвует шаблону + + + Matches RegExp + СоответÑтвует регулÑрному выражению + + + + FilterDialog_q + + Target + Цель + + + Type + Тип + + + Pattern + Образец + + + Filter + Фильтр + + + Save + Сохранить + + + Load + Загрузить + + + Ok + OK + + + Cancel + Отмена + + + Match + СоответÑтвие + + + all + вÑе + + + any + любой + + + of the following: + из Ñледующих: + + + + + + + + + Add a new pattern + Добавить новый образец + + + Case sensitive + ЧувÑтвителен к региÑтру + + + - + - + + + Remove a pattern + Удалить образец + + + + FindObjectWidget + + Search hit the end of the policy rules. + ПоиÑк по набору правил завершен. + + + &Continue at top + Продолжить Ñ Ð½Ð°Ñ‡Ð°Ð»Ð° + + + &Stop + ОК + + + Search hit the end of the object tree. + ПоиÑк по дереву объектов завершен. + + + Search or Replace object ind't specified. + Ðе указан объект Ð´Ð»Ñ Ð¿Ð¾Ð¸Ñка или замены. + + + Cannot replace object by itself. + Ðевозможно заменить объект на Ñамого ÑебÑ. + + + Search and Replace objects are incompatible. + Объекты Ð´Ð»Ñ Ð¿Ð¾Ð¸Ñка и замены разных типов. + + + Replaced %1 objects. + Заменен объект %1. + + + Policy of firewall ' + Ðабор правил межеÑетевого Ñкрана ' + + + + FindWhereUsedWidget + + NAT + Ð¡ÐµÑ‚ÐµÐ²Ð°Ñ Ñ‚Ñ€Ð°Ð½ÑлÑÑ†Ð¸Ñ Ð°Ð´Ñ€ÐµÑов (NAT) + + + Policy + Ðабор правил + + + Routing + ÐœÐ°Ñ€ÑˆÑ€ÑƒÑ‚Ð¸Ð·Ð°Ñ†Ð¸Ñ + + + Unknown rule set + ÐеизвеÑтный набор правил + + + /Rule%1 + /Правило%1 + + + Type: + Тип: + + + + FirewallDialog + + FWBuilder API error: %1 + Ошибка API FWBuilder: %1 + + + &Continue + Продолжить + + + + FirewallDialog_q + + Firewall + МежÑетевой Ñкран + + + General + ОÑновное + + + Name: + Ðазвание: + + + Library: + Библиотека: + + + Comment: + Комментарий: + + + Firewall Settings ... + ÐаÑтройка параметров межÑетевого Ñкрана... + + + Host OS Settings ... + ÐаÑтройка параметров операционной ÑиÑтемы... + + + Platform: + Тип межÑетевого Ñкрана: + + + Version: + ВерÑÐ¸Ñ Ð¼ÐµÐ¶Ñетевого Ñкрана: + + + Host OS: + ÐžÐ¿ÐµÑ€Ð°Ñ†Ð¸Ð¾Ð½Ð½Ð°Ñ ÑиÑтема межÑетевого Ñкрана: + + + Templates + Шаблоны + + + Drop here firewall objects that should be used as policy templates for this firewall. Rules will be added on top of the rules of this firewall and will be taken from policies of the template objects in the order they were added, from top to bottom: + Перетащите в облаÑÑ‚ÑŒ ниже другие объекты (только межÑетевые Ñкраны), которые будут иÑпользоватьÑÑ Ð´Ð»Ñ ÑÐ¾Ð·Ð´Ð°Ð½Ð¸Ñ ÑˆÐ°Ð±Ð»Ð¾Ð½Ð° Ñтого межÑетевого Ñкрана. Правила добавленных межÑетевых Ñкранов будут добавлÑÑ‚ÑŒÑÑ Ð² набор правил Ñтого Ñкрана в той же поÑледовательноÑти, в которой будут добавлены межÑетевые Ñкраны в облаÑÑ‚ÑŒ ниже: + + + SNMP + SNMP + + + SNMP community: + Строка SNMP community: + + + Contact: + Контактное лицо: + + + Location: + МеÑтоположение: + + + SNMP Get + Ðвтозаполнение при помощи SNMP запроÑа + + + Description: + ОпиÑание: + + + Apply Changes + Применить + + + Inactive firewall + Ðеактивный межÑетевой Ñкран + + + Skip this firewall for batch compile and install operations + ПропуÑкать Ñтот межÑетевой Ñкран при пакетной компилÑции и/или уÑтановке + + + + GroupObjectDialog + + Name + Ðазвание + + + Properties + СвойÑтва + + + Open + Открыть + + + Edit + Редактировать + + + Copy + Копировать + + + Cut + Вырезать + + + Paste + Ð’Ñтавить + + + Delete + Удалить + + + + GroupObjectDialog_q + + Group + Группа + + + L + L + + + I + I + + + Name: + Ðазвание: + + + Library: + Библиотека: + + + Apply Changes + Применить + + + Comment: + Комментарий: + + + + HostDialog_q + + Host + Узел + + + Name: + Ðазвание: + + + Library: + Библиотека: + + + Comment: + Комментарий: + + + SNMP community: + Строка SNMP community: + + + MAC matching + Проверка MAC адреÑа + + + Apply Changes + Применить + + + + ICMPServiceDialog_q + + ICMP + ICMP + + + Name: + Ðазвание: + + + Library: + Библиотека: + + + Apply Changes + Применить + + + ICMP Type: + Тип ICMP: + + + any + любой + + + ICMP Code: + Код ICMP: + + + Comment: + Комментарий: + + + ICMP Service + ICMP ÑÐµÑ€Ð²Ð¸Ñ + + + + IPServiceDialog_q + + IP + IP + + + Comment: + Комментарий: + + + all fragments + вÑе фрагменты + + + rr (record route) + rr (record route) + + + timestamp + timestamp + + + ssrr (strict source route) + ssrr (strict source route) + + + 'short' fragments + 'короткие' фрагменты + + + lsrr (loose source route) + lsrr (loose source route) + + + Protocol number: + Ðомер протокола: + + + ( 0 - any protocol ) + ( 0 - любой протокол ) + + + Name: + Ðазвание: + + + Library: + Библиотека: + + + Apply Changes + Применить + + + IP Service + IP ÑÐµÑ€Ð²Ð¸Ñ + + + + IPv4Dialog + + Illegal IP address '%1' + Ðекорректный IP Ð°Ð´Ñ€ÐµÑ %1 + + + &Continue + Продолжить + + + Illegal netmask '%1' + ÐÐµÐºÐ¾Ñ€Ñ€ÐµÐºÑ‚Ð½Ð°Ñ Ð¼Ð°Ñка подÑети %1 + + + DNS lookup failed for both names of the address object '%1' and the name of the host '%2'. + Ðе удалоÑÑŒ получить данные иÑÐ¿Ð¾Ð»ÑŒÐ·ÑƒÑ DNS Ð·Ð°Ð¿Ñ€Ð¾Ñ ÐºÐ°Ðº Ð´Ð»Ñ Ð°Ð´Ñ€ÐµÑа %1, так и Ð´Ð»Ñ Ð¸Ð¼ÐµÐ½Ð¸ %2. + + + DNS lookup failed for name of the address object '%1'. + Ðе удалоÑÑŒ получить Ð¸Ð¼Ñ Ð¸ÑÐ¿Ð¾Ð»ÑŒÐ·ÑƒÑ DNS Ð·Ð°Ð¿Ñ€Ð¾Ñ Ð´Ð»Ñ Ð°Ð´Ñ€ÐµÑа %1. + + + + IPv4Dialog_q + + IPv4 + IPv4 + + + Name: + Ðазвание: + + + Library: + Библиотека: + + + Comment: + Комментарий: + + + Address: + ÐдреÑ: + + + Netmask: + МаÑка подÑети: + + + Apply Changes + Применить + + + DNS Lookup... + Получить Ð¸Ð¼Ñ Ñ‡ÐµÑ€ÐµÐ· DNS запроÑ... + + + Address + ÐÐ´Ñ€ÐµÑ + + + + InterfaceDialog + + Group: + Группа: + + + Network: + ПодÑеть: + + + + InterfaceDialog_q + + Interface + Ð˜Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ + + + Name: + Ðазвание: + + + Library: + Библиотека: + + + Label: + Метка: + + + Address is assigned +dynamically + ÐÐ´Ñ€ÐµÑ Ð½Ð°Ð·Ð½Ð°Ñ‡Ð°ÐµÑ‚ÑÑ +динамичеÑки + + + Regular interface + Обычный Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ñ Ð°Ð´Ñ€ÐµÑом + + + Unnumbered interface + Ð˜Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð±ÐµÐ· адреÑа + + + Management interface + УправлÑющий Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ + + + <p>Check if this interface is used for management (SNMP queries, remote policy install etc.)<p> + <p>Выберите Ñтот пункт, еÑли Ñтот Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð¸ÑпользуетÑÑ Ð´Ð»Ñ ÑƒÐ¿Ñ€Ð°Ð²Ð»ÐµÐ½Ð¸Ñ Ð¼ÐµÐ¶Ñетевым Ñкраном (SNMP запроÑÑ‹, уÑтановка наборов правил и др.).</p> + + + This interface is +external (insecure) + Это внешний Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ +(небезопаÑный) + + + <p>One interface of the firewall must be marked as 'external'. This interface should be connected to the least secure network, usually the Internet.</p> + <p>Один из интерфейÑов должен быть внешним. Этот Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð´Ð¾Ð»Ð¶ÐµÐ½ подключатьÑÑ Ðº менее безопаÑной Ñети, чаще вÑего к Ñети Internet.</p> + + + One interface of the firewall must be marked as 'external'. This interface should be connected to the least secure network, usually the Internet. + Один из интерфейÑов должен быть внешним. Этот Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð´Ð¾Ð»Ð¶ÐµÐ½ подключатьÑÑ Ðº менее безопаÑной Ñети, чаще вÑего к Ñети Internet. + + + Apply Changes + Применить + + + Comment: + Комментарий: + + + <p>Network zone consists of hosts and networks that can be reached through this interface of the firewall. Subnet to which this interface is directly attached must be part of its network zone. Other subnets reachable by means of routing should alse be added to the network zone. +<br> +If network zone for this interface consists of only one subnet, you can simply choose that network's object in the pull-down below. If your network zone should include multiple subnets, you need to create an Object Group, then put all hosts and networks which are going to be part of the network zone into that group and finally choose this group in the pull-down below.</p> + <p>Ð¡ÐµÑ‚ÐµÐ²Ð°Ñ Ð·Ð¾Ð½Ð° ÑоÑтоит из узлов и подÑетей, к которым можно получить доÑтуп через Ñтот Ñетевой Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð¼ÐµÐ¶Ñетевого Ñкрана. ПодÑеть, к которой Ñтот Ñетевой Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð¿Ð¾Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½ напрÑмую, должна ÑвлÑÑ‚ÑŒÑÑ Ñ‡Ð°Ñтью Ñетевой зоны Ñтого интерфейÑа. Другие подÑети, доÑтупные через маршрутизацию также должны быть добавлены в Ñту Ñетевую зону. +<br> +ЕÑли ÑÐµÑ‚ÐµÐ²Ð°Ñ Ð·Ð¾Ð½Ð° Ð´Ð»Ñ Ñтого интерфейÑа ÑоÑтоит только из одной подÑети, тогда вы можете проÑто выбрать ее в выпадающем ÑпиÑке Ñетевых объектов ниже. ЕÑли ÑÐµÑ‚ÐµÐ²Ð°Ñ Ð·Ð¾Ð½Ð° должна включать неÑколько подÑетей, тогда необходимо Ñоздать группу объектов, в которую включить вÑе Ñти подÑети и выбрать Ñту группу объектов в выпадающем ÑпиÑке Ñетевых объектов ниже.</p> + + + Network zone: + Ð¡ÐµÑ‚ÐµÐ²Ð°Ñ Ð·Ð¾Ð½Ð°: + + + Security level: + Уровень безопаÑноÑти: + + + <p>Each interface of the firewall must have security level associated with it.<br>Security level can be any number between 0 and 100, 0 being least secure and 100 being most secure levels. Interface with security level 0 ususally serves Internet connection.</p> + <p>Каждому интерфейÑу межÑетевого Ñкрана должен быть назначен уровень безопаÑноÑти в диапазоне от 0 до 100. 0 означает меньшую безопаÑноÑÑ‚ÑŒ, 100 - бОльшую. Ðулевой уровень безопаÑноÑти чаще вÑего приÑваиваетÑÑ Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñу, подключенному к Ñети Internet.</p> + + + <p>Each interface of the firewall must have security level associated with it.<br> +Security level can be any number between 0 and 100, 0 being least secure and 100 being most secure levels. Interface with security level 0 ususally serves Internet connection.</p> + <p>Каждому интерфейÑу межÑетевого Ñкрана должен быть назначен уровень безопаÑноÑти в диапазоне от 0 до 100. 0 означает меньшую безопаÑноÑÑ‚ÑŒ, 100 - бОльшую. Ðулевой уровень безопаÑноÑти чаще вÑего приÑваиваетÑÑ Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñу, подключенному к Ñети Internet.</p> + + + This interface is external (insecure) + Это внешний Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ (небезопаÑный) + + + Address is assigned dynamically + ÐÐ´Ñ€ÐµÑ Ð½Ð°Ð·Ð½Ð°Ñ‡Ð°ÐµÑ‚ÑÑ Ð´Ð¸Ð½Ð°Ð¼Ð¸Ñ‡ÐµÑки + + + Bridge port + Порт моÑта + + + + InterfacePolicyView + + Source + ИÑточник + + + Destination + Ðазначение + + + Service + Ð¡ÐµÑ€Ð²Ð¸Ñ + + + Direction + Ðаправление + + + Action + ДейÑтвие + + + Time + Интервал времени + + + Options + Опции + + + Comment + Комментарий + + + + LibExportDialog + + Please select a library you want to export. + Выберите библиотеку Ð´Ð»Ñ ÑкÑпорта. + + + A library that you are trying to export contains references +to objects in the other libraries and can not be exported. +The following objects need to be moved outside of it or +objects that they refer to moved in it: + Библиотека не может быть ÑкÑпортирована, поÑкольку Ñодержит +ÑÑылки на объекты других библиотек. Ðеобходимо, или перемеÑтить +перечиÑленные ниже объекты из Ñтой в другие библиотеки, или +добавить в Ñту библиотеку объекты других библиотек, на которые +она ÑÑылаетÑÑ: + + + + LibExport_q + + Export + ЭкÑпорт + + + This will export a library to a file which can later be imported back into Firewall Builder + Это дейÑтвие произведет ÑкÑпорт библиотеки в файл, из которого она может быть позже импортирована обратно в Firewall Builder + + + New Item + Ðовый Ñлемент + + + Make exported libraries read-only + УÑтанавливать доÑтуп только Ð´Ð»Ñ Ñ‡Ñ‚ÐµÐ½Ð¸Ñ Ð½Ð° ÑкÑпортируемые библиотеки + + + Choose libraries to be exported: + Выберите библиотеки Ð´Ð»Ñ ÑкÑпорта: + + + Ok + OK + + + Cancel + Отмена + + + + LibraryDialog + + Pick the color for this library + Выберите цвет Ñтой библиотеки + + + + LibraryDialog_q + + Library + Библиотека + + + Name: + Ðазвание: + + + Comment: + Комментарий: + + + Color: + Цвет: + + + Apply Changes + Применить + + + + MetricEditorPanel_q + + Script Editor + Редактор Ñкриптов + + + textLabel2 + textLabel2 + + + + NATRuleOptionsDialog_q + + NAT Rule Options + Опции правила Ñетевой транÑлÑции адреÑов (NAT) + + + fw/rule num + номер МЭ/правила + + + No options are available for this firewall platform + Опции не доÑтупны Ð´Ð»Ñ Ð²Ñ‹Ð±Ñ€Ð°Ð½Ð½Ð¾Ð³Ð¾ межÑетевого Ñкрана + + + Pool type + Тип пула + + + default + по-умолчанию + + + bitmask + Ð±Ð¸Ñ‚Ð¾Ð²Ð°Ñ Ð¼Ð°Ñка + + + random + Ñлучайное + + + source-hash + Ñ…Ñш иÑточника + + + round-robin + round-robin + + + static-port + ÑтатичеÑкий порт + + + + NATView + + Original Src + ИÑходный +Ð°Ð´Ñ€ÐµÑ Ð¸Ñточника + + + Original Dst + ИÑходный +Ð°Ð´Ñ€ÐµÑ Ð½Ð°Ð·Ð½Ð°Ñ‡ÐµÐ½Ð¸Ñ + + + Original Srv + ИÑходный +ÑÐµÑ€Ð²Ð¸Ñ + + + Translated Src + ТранÑлированный +Ð°Ð´Ñ€ÐµÑ Ð¸Ñточника + + + Translated Dst + ТранÑлированный +Ð°Ð´Ñ€ÐµÑ Ð½Ð°Ð·Ð½Ð°Ñ‡ÐµÐ½Ð¸Ñ + + + Translated Srv + ТранÑлированный +ÑÐµÑ€Ð²Ð¸Ñ + + + Comment + Комментарий + + + Options + Опции + + + + NetworkDialog + + Illegal IP address '%1' + Ðекорректный IP Ð°Ð´Ñ€ÐµÑ %1 + + + &Continue + Продолжить + + + Illegal netmask '%1' + ÐÐµÐºÐ¾Ñ€Ñ€ÐµÐºÑ‚Ð½Ð°Ñ Ð¼Ð°Ñка подÑети %1 + + + + NetworkDialog_q + + Network + ПодÑеть + + + Name: + Ðазвание: + + + Library: + Библиотека: + + + Comment: + Комментарий: + + + Netmask: + МаÑка подÑети: + + + Address: + ÐдреÑ: + + + Apply Changes + Применить + + + + ObjConflictResolutionDialog + + Keep current object + Сохранить текущий объект + + + Replace with this object + Заменить указанным объектом + + + Object <b>'%1'</b> has been deleted + Объект <b> %1 </b> был удален + + + Delete + Удалить + + + Object <b>'%1'</b> in the objects tree + Объект <b> %1 </b> в дереве объектов + + + Object <b>'%1'</b> in file %2 + Объект <b> %1 </b> в файле %2 + + + + ObjConflictResolutionDialog_q + + Conflict Resolution + Разрешение конфликта + + + There is a conflict between an object in your tree and object in the file you are trying to open. Choose which version of this object you want to use: + ВерÑии объекта в дереве и в открываемом файле конфликтуют. Выберите, какую верÑию объекта Ñледует иÑпользовать: + + + Current Object + Текущий объект + + + Keep current object + Сохранить текущий объект + + + Always choose this +object if there is a conflict + Ð’Ñегда выбирать Ñтот +объект в Ñлучае конфликта + + + New Object + Создать объект + + + Replace with this object + Заменить Ñледующим объектом + + + + ObjectEditor + + This object has been modified but not saved. +Do you want to save it before switching to another object? + Ð˜Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ Ð² Ñтом объекте не были Ñохранены. +Сохранить их? + + + &Save + Сохранить + + + &Discard + Отменить Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ + + + &Continue editing + Продолжить редактирование + + + Modifications done to this object can not be saved. +Do you want to continue editing it ? + Ð˜Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ Ñтого объекта не могут быть Ñохранены. +Продолжить его редактирование? + + + &Edit + Редактировать + + + This object has been modified but not saved. +Do you want to save it ? + Этот объект был изменен, но не Ñохранен. +Сохранить его? + + + + ObjectEditor_q + + Firewall Builder + Firewall Builder + + + &Close + Закрыть + + + Alt+C + Alt+C + + + + ObjectManipulator + + Object Manipulator + Объектный манипулÑтор + + + New &Library + ÐÐ¾Ð²Ð°Ñ Ð±Ð¸Ð±Ð»Ð¸Ð¾Ñ‚ÐµÐºÐ° + + + New &Firewall + Ðовый межÑетевой Ñкран + + + New &Host + Ðовый узел + + + New &Interface + Ðовый Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ + + + New &Network + ÐÐ¾Ð²Ð°Ñ Ð¿Ð¾Ð´Ñеть + + + New &Address + Ðовый Ð°Ð´Ñ€ÐµÑ + + + New Address &Range + Ðовый диапазон адреÑов + + + New &Object Group + ÐÐ¾Ð²Ð°Ñ Ð³Ñ€ÑƒÐ¿Ð¿Ð° объектов + + + New &Custom Service + Ðовый пользовательÑкий ÑÐµÑ€Ð²Ð¸Ñ + + + New &IP Service + Ðовый IP ÑÐµÑ€Ð²Ð¸Ñ + + + New IC&MP Service + Ðовый ICMP ÑÐµÑ€Ð²Ð¸Ñ + + + New &TCP Service + Ðовый TCP ÑÐµÑ€Ð²Ð¸Ñ + + + New &UDP Service + Ðовый UDP ÑÐµÑ€Ð²Ð¸Ñ + + + New &Service Group + ÐÐ¾Ð²Ð°Ñ Ð³Ñ€ÑƒÐ¿Ð¿Ð° ÑервиÑов + + + New Ti&me Interval + Ðовый интервал времени + + + The name of the object '%1' has changed. The program can also +rename IP address objects that belong to this object, +using standard naming scheme 'host_name:interface_name:ip'. +This makes it easier to distinguish what host or a firewall +given IP address object belongs to when it is used in +the policy or NAT rule. The program also renames MAC address +objects using scheme 'host_name:interface_name:mac'. +Do you want to rename child IP and MAC address objects now? +(If you click 'No', names of all address objects that belong to +%1 will stay the same.) + Ðазвание объекта %1 изменилоÑÑŒ. Программа может +переименовать Ð½Ð°Ð·Ð²Ð°Ð½Ð¸Ñ IP интерфейÑов, отноÑÑщихÑÑ Ðº +Ñтому объекту, иÑÐ¿Ð¾Ð»ÑŒÐ·ÑƒÑ Ñтандартную Ñхему Ð¸Ð¼ÐµÐ½Ð¾Ð²Ð°Ð½Ð¸Ñ +интерфейÑов имÑ_узла:интерфейÑ:IP, а Ð½Ð°Ð·Ð²Ð°Ð½Ð¸Ñ MAC +интерфейÑов, иÑÐ¿Ð¾Ð»ÑŒÐ·ÑƒÑ Ñхему имÑ_узла:имÑ_интерфейÑа:MAC. + +Переименовать по приведенным Ñхемам? +(в Ñлучае отказа будут Ñохранены Ñтарые названиÑ) + + + The name of the interface '%1' has changed. The program can also +rename IP address objects that belong to this interface, +using standard naming scheme 'host_name:interface_name:ip'. +This makes it easier to distinguish what host or a firewall +given IP address object belongs to when it is used in +the policy or NAT rule. The program also renames MAC address +objects using scheme 'host_name:interface_name:mac'. +Do you want to rename child IP and MAC address objects now? +(If you click 'No', names of all address objects that belong to +%1 will stay the same.) + Ðазвание интерфейÑа %1 изменилоÑÑŒ. Программа может +переименовать Ð½Ð°Ð·Ð²Ð°Ð½Ð¸Ñ IP интерфейÑов, отноÑÑщихÑÑ Ðº +Ñтому объекту, иÑÐ¿Ð¾Ð»ÑŒÐ·ÑƒÑ Ñтандартную Ñхему Ð¸Ð¼ÐµÐ½Ð¾Ð²Ð°Ð½Ð¸Ñ +интерфейÑов имÑ_узла:интерфейÑ:IP, а Ð½Ð°Ð·Ð²Ð°Ð½Ð¸Ñ MAC +интерфейÑов, иÑÐ¿Ð¾Ð»ÑŒÐ·ÑƒÑ Ñхему имÑ_узла:имÑ_интерфейÑа:MAC. + +Переименовать по приведенным Ñхемам? +(в Ñлучае отказа будут Ñохранены Ñтарые названиÑ) + + + Edit + Редактировать + + + place in library %1 + помеÑтить в библиотеку %1 + + + to library %1 + в библиотеку %1 + + + place here + помеÑтить тут + + + Duplicate ... + Дублировать... + + + Move ... + ПеремеÑтить... + + + Copy + Копировать + + + Cut + Вырезать + + + Paste + Ð’Ñтавить + + + Delete + Удалить + + + Add Interface + Добавить Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ + + + Add IP Address + Добавить IP Ð°Ð´Ñ€ÐµÑ + + + Add MAC Address + Добавить MAC Ð°Ð´Ñ€ÐµÑ + + + New Firewall + Ðовый межÑетевой Ñкран + + + New Address + Ðовый Ð°Ð´Ñ€ÐµÑ + + + New Address Range + Ðовый диапазон адреÑов + + + New Host + Ðовый узел + + + New Network + ÐÐ¾Ð²Ð°Ñ Ð¿Ð¾Ð´Ñеть + + + New Group + ÐÐ¾Ð²Ð°Ñ Ð³Ñ€ÑƒÐ¿Ð¿Ð° + + + New Custom Service + Ðовый пользовательÑкий ÑÐµÑ€Ð²Ð¸Ñ + + + New IP Service + Ðовый IP ÑÐµÑ€Ð²Ð¸Ñ + + + New ICMP Service + Ðовый ICMP ÑÐµÑ€Ð²Ð¸Ñ + + + New TCP Service + Ðовый TCP ÑÐµÑ€Ð²Ð¸Ñ + + + New UDP Service + Ðовый ICMP ÑÐµÑ€Ð²Ð¸Ñ + + + New Time Interval + Ðовый интервал времени + + + Find + Ðайти + + + Compile + Компилировать + + + Install + УÑтановить + + + Group + Группа + + + dump + дамп + + + Undelete... + Отменить удаление... + + + Emptying of the 'Deleted Objects' in a library file is not recommended. +When you remove deleted objects from a library file, Firewall Builder +loses ability to track them. If a group or a policy rule in some +data file still uses removed object from this library, you may encounter +unusual and unexpected behavior of the program. +Do you want to delete selected objects anyway ? + Полное удаление удаленных объектов не рекомендуетÑÑ +и может привеÑти к непредÑказуемым результатам. +Ð’Ñ‹ точно уверены, что хотите ÑовÑем удалить их из библиотеки? + + + When you delete an object, it is removed from the tree and +all groups and firewall policy rules that reference it. +Do you want to delete selected objects ? + При удалении объекта, он удалÑетÑÑ Ð¸Ð· дерева, +из вÑех групп и наборов правил, которые ÑÑылалиÑÑŒ на него. +Удалить выбранные объекты? + + + When you delete a library, all objects that belong to it +disappear from the tree and all groups and rules that reference them. +You won't be able to reverse this operation later. +Do you still want to delete library %1? + При удалении библиотеки, вÑе объекты, которые отноÑÑÑ‚ÑÑ Ðº ней +удалÑÑŽÑ‚ÑÑ Ð¸Ð· дерева вмеÑте Ñо вÑеми Ñвоими группами и правилами. +Эта Ð¾Ð¿ÐµÑ€Ð°Ñ†Ð¸Ñ Ð½Ðµ может быть отменена. +Ð’Ñ‹ уверены, что хотите удалить библиотеку %1? + + + New Interface + Ðовый Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ + + + New Object Group + ÐÐ¾Ð²Ð°Ñ Ð³Ñ€ÑƒÐ¿Ð¿Ð° объектов + + + New Service Group + ÐÐ¾Ð²Ð°Ñ Ð³Ñ€ÑƒÐ¿Ð¿Ð° ÑервиÑов + + + &Yes + Да + + + &No + Ðет + + + New &DNS Name + Ðовое DNS Ð¸Ð¼Ñ + + + New A&ddress Table + ÐÐ¾Ð²Ð°Ñ Ñ‚Ð°Ð±Ð»Ð¸Ñ†Ð° адреÑов + + + New &TagService + Ðовый ÑÐµÑ€Ð²Ð¸Ñ Ð¿Ð¾Ð¼ÐµÑ‚Ð¾Ðº + + + New DNS Name + Ðовое DNS Ð¸Ð¼Ñ + + + New Address Table + ÐÐ¾Ð²Ð°Ñ Ñ‚Ð°Ð±Ð»Ð¸Ñ†Ð° адреÑов + + + New TagService + Ðовый ÑÐµÑ€Ð²Ð¸Ñ Ð¿Ð¾Ð¼ÐµÑ‚Ð¾Ðº + + + Where used + ИÑпользуетÑÑ + + + Lock + Заблокировать + + + Unlock + Разблокировать + + + Emptying the 'Deleted Objects' in a library file is not recommended. +When you remove deleted objects from a library file, Firewall Builder +loses ability to track them. If a group or a policy rule in some +data file still uses removed object from this library, you may encounter +unusual and unexpected behavior of the program. +Do you want to delete selected objects anyway ? + ОчиÑтка 'Deleted Obkects' в файле библиотеки не рекомендуетÑÑ. +При удалении объектов из файла библиотеки Firewall Builder терÑет +возможноÑÑ‚ÑŒ отÑлеживать их. ЕÑли группа или набор правил в +каком-нибудь файле данных иÑпользует удаленный из библиотеки +объект, то поведение программы может быть некорректным. +Ð’Ñ‹ вÑе равно хотите удалить выбранные объекты? + + + Searching for firewalls affected by the change... + ПоиÑк межÑетевых Ñкранов, на которые повлиÑет изменение ... + + + + ObjectManipulator_q + + Tree of Objects + Дерево объектов + + + Back + Ðазад + + + Go back to the previous object + Ðазад, к предидущему объекту + + + New Object + Создать объект + + + Create New Object + Создать новый объект + + + + ObjectTreeView + + Object + Объект + + + + PhysAddressDialog_q + + physAddress + физичеÑкий Ð°Ð´Ñ€ÐµÑ + + + Name: + Ðазвание: + + + Library: + Библиотека: + + + Comment: + Комментарий: + + + Physical address (MAC): + ФизичеÑкий Ð°Ð´Ñ€ÐµÑ (MAC): + + + Apply Changes + Применить + + + MAC Address + MAC Ð°Ð´Ñ€ÐµÑ + + + + PolicyView + + Source + ИÑточник + + + Destination + Ðазначение + + + Service + Ð¡ÐµÑ€Ð²Ð¸Ñ + + + Action + ДейÑтвие + + + Time + Интервал времени + + + Options + Опции + + + Comment + Комментарий + + + Interface + Ð˜Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ + + + Direction + Ðаправление + + + + PrefsDialog + + Find working directory + Определить рабочий каталог + + + Find Secure File Transfer utility + Определить утилиту scp + + + Find Secure Shell utility + Определить утилиту ssh + + + Find add-on library + Определить библиотеку дополнений + + + Pick the color + Выберите цвет + + + + PrintingProgressDialog + + Printing (page %1/%2) + Идет печать (Ñтраница %1 из %2) + + + Printing page %1 + Идет печать %1 Ñтраницы + + + Aborting print operation + Прерывание печати + + + + QApplication + + Executable '%1' requires Qt %2, found Qt %3. + ИÑполнÑемый %1 файл требует Qt %2, однако доÑтупна только %3. + + + Incompatible Qt Library Error + Ошибка неÑовмеÑтимоÑти библиотек Qt + + + + QColorDialog + + Hu&e: + Тон: + + + &Sat: + ÐаÑыщенноÑÑ‚ÑŒ: + + + &Val: + Значение: + + + &Red: + КраÑный: + + + &Green: + Зеленый: + + + Bl&ue: + Синий: + + + A&lpha channel: + Ðльфа канал: + + + &Basic colors + ПроÑтые цвета + + + &Custom colors + ПользовательÑкие цвета + + + &Define Custom Colors >> + Определить пользовательÑкие цвета >> + + + OK + OK + + + Cancel + Отмена + + + &Add to Custom Colors + Добавить в пользовательÑкие цвета + + + Select color + Выберите цвет + + + + QDialog + + Help + Справка + + + What's This? + Что Ñто? + + + + QErrorMessage + + Debug Message: + Отладочное Ñообщение: + + + Warning: + Предупреждение: + + + Fatal Error: + Ð¤Ð°Ñ‚Ð°Ð»ÑŒÐ½Ð°Ñ Ð¾ÑˆÐ¸Ð±ÐºÐ°: + + + &Show this message again + Показать Ñто Ñообщение еще раз + + + &OK + OK + + + + QFileDialog + + Copy or Move a File + Копировать или перемеÑтить файл + + + Read: %1 + Чтение: %1 + + + Write: %1 + ЗапиÑÑŒ: %1 + + + Cancel + Отмена + + + All Files (*) + Ð’Ñе файлы (*) + + + Name + Ð˜Ð¼Ñ + + + Size + Размер + + + Type + Тип + + + Date + Дата + + + Attributes + Ðтрибуты + + + &OK + OK + + + Look &in: + Смотреть в: + + + File &name: + Ð˜Ð¼Ñ Ñ„Ð°Ð¹Ð»Ð°: + + + File &type: + Тип файла: + + + Back + Ðазад + + + One directory up + Выше на один каталог + + + Create New Folder + Создать новый каталог + + + List View + Ð’ виде ÑпиÑка + + + Detail View + Ð’ виде подробного ÑпиÑка + + + Preview File Info + Показывать информацию о файле + + + Preview File Contents + Показывать Ñодержимое файла + + + Read-write + Чтение-запиÑÑŒ + + + Read-only + Только Ð´Ð»Ñ Ñ‡Ñ‚ÐµÐ½Ð¸Ñ + + + Write-only + Только Ð´Ð»Ñ Ð·Ð°Ð¿Ð¸Ñи + + + Inaccessible + ÐедоÑтупный + + + Symlink to File + СимволичеÑÐºÐ°Ñ ÑÑылка на файл + + + Symlink to Directory + СимволичеÑÐºÐ°Ñ ÑÑылка на каталог + + + Symlink to Special + СимволичеÑÐºÐ°Ñ ÑÑылка на Ñпециальный файл + + + File + Файл + + + Dir + Каталог + + + Special + Специальный + + + Open + Открыть + + + Save As + Сохранить как + + + &Open + Открыть + + + &Save + Сохранить + + + &Rename + Переименовать + + + &Delete + Удалить + + + R&eload + Обновить + + + Sort by &Name + Сортировка по имени + + + Sort by &Size + Сортировка по размеру + + + Sort by &Date + Сортировка по дате + + + &Unsorted + Без Ñортировки + + + Sort + Сортировать + + + Show &hidden files + Показывать Ñкрытые файлы + + + the file + файл + + + the directory + каталог + + + the symlink + ÑимволичеÑÐºÐ°Ñ ÑÑылка + + + Delete %1 + Удалить %1 + + + <qt>Are you sure you wish to delete %1 "%2"?</qt> + <at>Ð’Ñ‹ уверены, что хотите удалить %1 "%2"?</qt> + + + &Yes + Да + + + &No + Ðет + + + New Folder 1 + Ðовый каталог 1 + + + New Folder + Ðовый каталог + + + New Folder %1 + Ðовый каталог %1 + + + Find Directory + Ðайти каталог + + + Directories + Каталоги + + + Directory: + Каталог: + + + Error + Ошибка + + + %1 +File not found. +Check path and filename. + %1 +Файл не найден. +Проверьте правильноÑÑ‚ÑŒ пути и имени файла. + + + + QFontDialog + + &Font + Шрифт + + + Font st&yle + Стиль шрифта + + + &Size + Размер + + + Effects + Эффекты + + + Stri&keout + Перечеркивание + + + &Underline + Подчеркивание + + + Sample + Пример + + + Scr&ipt + Скрипт + + + OK + OK + + + Apply + Применить + + + Cancel + Отмена + + + Close + Закрыть + + + Select Font + Выберите шрифт + + + + QInputDialog + + OK + OK + + + Cancel + Отмена + + + + QMessageBox + + OK + OK + + + Cancel + Отмена + + + &Yes + Да + + + &No + Ðет + + + &Abort + Прервать + + + &Retry + Повторить + + + &Ignore + Игнорировать + + + Yes to &All + Ð’Ñегда Да + + + N&o to All + Ð’Ñегда Ðет + + + <h3>About Qt</h3><p>This program uses Qt version %1.</p><p>Qt is a C++ toolkit for multiplatform GUI &amp; application development.</p><p>Qt provides single-source portability across MS&nbsp;Windows, Mac&nbsp;OS&nbsp;X, Linux, and all major commercial Unix variants.<br>Qt is also available for embedded devices.</p><p>Qt is a Trolltech product. See <tt>http://www.trolltech.com/qt/</tt> for more information.</p> + <h3>About Qt</h3><p>This program uses Qt version %1.</p><p>Qt is a C++ toolkit for multiplatform GUI &amp; application development.</p><p>Qt provides single-source portability across MS&nbsp;Windows, Mac&nbsp;OS&nbsp;X, Linux, and all major commercial Unix variants.<br>Qt is also available for embedded devices.</p><p>Qt is a Trolltech product. See <tt>http://www.trolltech.com/qt/</tt> for more information.</p> + + + About Qt + О Qt + + + + QObject + + No change + Без изменений + + + On + Включить + + + Off + Выключить + + + Working directory %1 does not seem to exist. +Do you want to create it ? + Рабочий катлог %1 не ÑущеÑтвует. +Создать его? + + + Impossible to insert object %1 (type %2) into %3 +because of incompatible type. + Ðевозможно вÑтавить объект %1 (%2) в объект %3 +из-за неÑовмеÑтимоÑти типов объектов. + + + New Library + ÐÐ¾Ð²Ð°Ñ Ð±Ð¸Ð±Ð»Ð¸Ð¾Ñ‚ÐµÐºÐ° + + + objects + объекты + + + protocol: %1 + протокол: %1 + + + type: %1 + тип: %1 + + + code: %1 + код: %1 + + + %1 objects<br> + + %1 объекты<br> + + + + protocol + протокол + + + type: + тип: + + + code: + код: + + + Unsupported exception + Ðеподдерживаемое иÑключение + + + <b>Summary:</b> + <b>ИТОГО:</b> + + + * firewall name : %1 + * название межÑетевого Ñкрана: %1 + + + * user name : %1 + * Ð¸Ð¼Ñ Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ: %1 + + + * management address : %1 + * управлÑющий адреÑ: %1 + + + * platform : %1 + * тип межÑетевого Ñкрана: %1 + + + * host OS : %1 + * Ð¾Ð¿ÐµÑ€Ð°Ñ†Ð¸Ð¾Ð½Ð½Ð°Ñ ÑиÑтема межÑетевого Ñкрана: %1 + + + * Loading configuration from file %1 + * Загружаю конфигурацию из файла %1 + + + * Incremental install + * ПоÑÐ»ÐµÐ´Ð¾Ð²Ð°Ñ‚ÐµÐ»ÑŒÐ½Ð°Ñ ÑƒÑтановка + + + * Configuration diff will be saved in file %1 + * Ð Ð°Ð·Ð»Ð¸Ñ‡Ð¸Ñ Ð² конфигурации будут Ñохранены в файле %1 + + + * Commands will not be executed on the firewall + * Команды не будут выполнÑÑ‚ÑŒÑÑ Ð½Ð° межÑетевом Ñкране + + + Only one interface of the firewall '%1' must be marked as management interface. + Только один Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð¼ÐµÐ¶Ñетевого Ñкрана %1 может быть помечен как управлÑющий. + + + One of the interfaces of the firewall '%1' must be marked as management interface. + Один Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð¼ÐµÐ¶Ñетевого Ñкрана %1 должен быть помечен как управлÑющий. + + + Management interface does not have IP address, can not communicate with the firewall. + УправлÑющий Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð½Ðµ имеет IP адреÑа, не могу ÑвÑзатьÑÑ Ñ Ð¼ÐµÐ¶Ñетевым Ñкраном. + + + Can not open file %1 + Ðе могу открыть файл %1 + + + Library %1: Firewall '%2' (global policy rule #%3) uses object '%4' from library '%5' + Библиотека %1: МежÑетевой Ñкран %2 (правило в наборе #%3) иÑпользует объект %4 из библиотеки %5 + + + Library %1: Firewall '%2' (interface %3 policy rule #%4) uses object '%5' from library '%6' + Библиотека %1: МежÑетевой Ñкран %2 (правило интерфейÑа %3 в наборе #%4) иÑпользует объект %5 из библиотеки %6 + + + Library %1: Firewall '%2' (NAT rule #%3) uses object '%4' from library '%5' + Библиотека %1: МежÑетевой Ñкран %2 (правило NAT в наборе #%3) иÑпользует объект %4 из библиотеки %5 + + + Library %1: Group '%2' uses object '%3' from library '%4' + Библиотека %1: Группа %2 иÑпользует объект %3 из библиотеки %4 + + + File is read-only + Файл доÑтупен только Ð´Ð»Ñ Ñ‡Ñ‚ÐµÐ½Ð¸Ñ + + + Error saving file %1: %2 + Ошибка при Ñохранении файла %1: %2 + + + Library file %1 is corrupted. + Файл библиотеки %1 поврежден. + + + dynamic + динамичеÑкий + + + ( read only ) + (только Ð´Ð»Ñ Ñ‡Ñ‚ÐµÐ½Ð¸Ñ) + + + 0 - System Unusable + 0 - System Unusable + + + 1 - Take Immediate Action + 1 - Take Immediate Action + + + 2 - Critical Condition + 2 - Critical Condition + + + 3 - Error Message + 3 - Error Message + + + 4 - Warning Message + 4 - Warning Message + + + 5 - Normal but significant condition + 5 - Normal but significant condition + + + 6 - Informational + 6 - Informational + + + 7 - Debug Message + 7 - Debug Message + + + - any - + Ð»ÑŽÐ±Ð°Ñ + + + 1.2.9 or later + 1.2.9 или Ñтарше + + + Fatal error during initial RCS checkin of file %1 : + %2 +Exit status %3 + Ð¤Ð°Ñ‚Ð°Ð»ÑŒÐ½Ð°Ñ Ð¾ÑˆÐ¸Ð±ÐºÐ° при помещении файла %1 в ÑиÑтему ÐºÐ¾Ð½Ñ‚Ñ€Ð¾Ð»Ñ Ð²ÐµÑ€Ñий: +%2 +Код возврата %3 + + + Fatal error running rlog for %1 + Ð¤Ð°Ñ‚Ð°Ð»ÑŒÐ½Ð°Ñ Ð¾ÑˆÐ¸Ð±ÐºÐ° при выполнении rlog Ð´Ð»Ñ %1 + + + Fatal error running rcsdiff for file %1 + Ð¤Ð°Ñ‚Ð°Ð»ÑŒÐ½Ð°Ñ Ð¾ÑˆÐ¸Ð±ÐºÐ° при выполнении rcsdiff Ð´Ð»Ñ Ñ„Ð°Ð¹Ð»Ð° %1 + + + &Upgrade + Обновить + + + &Do not load the file + Ðе загружать файл + + + Impossible to apply changes because object is located in read-only +part of the tee or data file was opened read-only + Ðевозможно Ñохранить изменениÑ, поÑкольку объект размещен +в чаÑти или файле, доÑтупных только Ð´Ð»Ñ Ñ‡Ñ‚ÐµÐ½Ð¸Ñ + + + &Continue + Продолжить + + + Object with name '%1' already exists, please choose different name. + Объект Ñ Ð¸Ð¼ÐµÐ½ÐµÐ¼ %1 уже ÑущеÑтвует. Выберите другое имÑ. + + + &Continue editing + Продолжить редактирование + + + <b>Library:</b> + <b>Библиотека:</b> + + + <b>Object Id:</b> + <b>Идентификатор объекта:</b> + + + <b>Object Type:</b> + <b>Тип объекта:</b> + + + <b>Object Name:</b> + <b>Ð˜Ð¼Ñ ÐžÐ±ÑŠÐµÐºÑ‚Ð°:</b> + + + Working directory %1 does not exist and could not be created. +Ignoring this setting. + Рабочий каталог %1 не ÑущеÑтвует и не может быть Ñоздан. +Этот параметр будет проигнорирован. + + + ERROR + ОШИБКР+ + + OK + OK + + + Address Ranges + Диапазон адреÑов + + + Address RangesS + Диапазон адреÑов + + + Address RangesX + Диапазон адреÑов + + + The library file you are trying to open +has been saved in an older version of +Firewall Builder and needs to be upgraded. +To upgarde it, just load it in the Firewall +Builder GUI and save back to file again. + Открываемый файл библиотеки был Ñохранен +в формате Ñтарой верÑии Firewall Builder и +требует обновлениÑ. Ð”Ð»Ñ Ð²Ñ‹Ð¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ñтой +операции загрузите его в программу и Ñохраните. + + + Error loading file %1: +%2 + Ошибка при открытии файла %1: +%2 + + + Duplicate library '%1' + Ð”ÑƒÐ±Ð»Ð¸Ñ€Ð¾Ð²Ð°Ð½Ð½Ð°Ñ Ð±Ð¸Ð±Ð»Ð¸Ð¾Ñ‚ÐµÐºÐ° %1 + + + 1.2.5 or earlier + 1.2.5 или младше + + + 1.2.6 to 1.2.8 + Ñ 1.2.6 по 1.2.8 + + + The data file you are trying to open has been +saved with an older version of Firewall Builder. +Opening it in this version will cause it to be +upgraded, which may prevent older versions of +the program from reading it. Backup copy of your +file in the old format will be made in the same +directory with extension '.bak'. +Are you sure you want to open it? + Открываемый файл был Ñохранен в формате +Ñтарой верÑии Firewall Builder и будет обновлен. +Обновленный файл проекта Ð½ÐµÐ»ÑŒÐ·Ñ Ð±ÑƒÐ´ÐµÑ‚ +иÑпользовать в Ñтарых верÑиÑÑ… Firewall Builder. +Ð ÐµÐ·ÐµÑ€Ð²Ð½Ð°Ñ ÐºÐ¾Ð¿Ð¸Ñ Ñ„Ð°Ð¹Ð»Ð° в формате Ñтарой +верÑии будет Ñохранена в том же каталоге в +файле Ñ Ñ€Ð°Ñширением .bak. +Открыть файл? + + + Red + КраÑный + + + Orange + Оранжевый + + + Yellow + Желтый + + + Green + Зеленый + + + Blue + Синий + + + Purple + Пурпурный + + + Gray + Серый + + + Firewall + МежÑетевой Ñкран + + + Host + Узел + + + Address + ÐÐ´Ñ€ÐµÑ + + + Addres Range + Диапазон адреÑов + + + Interface + Ð˜Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ + + + Network + ПодÑеть + + + Group of objects + Группа объектов + + + Custom Service + ПользовательÑкий ÑÐµÑ€Ð²Ð¸Ñ + + + IP Service + IP ÑÐµÑ€Ð²Ð¸Ñ + + + ICMP Service + ICMP ÑÐµÑ€Ð²Ð¸Ñ + + + TCP Service + TCP ÑÐµÑ€Ð²Ð¸Ñ + + + UDP Service + UDP ÑÐµÑ€Ð²Ð¸Ñ + + + Group of services + Группа ÑервиÑов + + + Time Interval + Интервал времени + + + Page %1 + Страница %1 + + + Firewall name: %1 + Ðазвание межÑетевого Ñкрана: %1 + + + Platform: + Тип межÑетевого Ñкрана: + + + Version: + ВерÑÐ¸Ñ Ð¼ÐµÐ¶Ñетевого Ñкрана: + + + Host OS: + ÐžÐ¿ÐµÑ€Ð°Ñ†Ð¸Ð¾Ð½Ð½Ð°Ñ ÑиÑтема межÑетевого Ñкрана: + + + Global Policy + ОÑновной набор правил + + + Interface %1 + Ð˜Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ %1 + + + NAT + Ð¡ÐµÑ‚ÐµÐ²Ð°Ñ Ñ‚Ñ€Ð°Ð½ÑлÑÑ†Ð¸Ñ Ð°Ð´Ñ€ÐµÑов (NAT) + + + Support module for %1 is not available + Модуль поддержки %1 не доÑтупен + + + DNS record: + DNS запиÑÑŒ: + + + Address Table: + Таблица адреÑов: + + + <b>DNS record:</b> + <b>DNS запиÑÑŒ:</b> + + + Run-time + Во Ð²Ñ€ÐµÐ¼Ñ Ð²Ñ‹Ð¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ + + + Compile-time + Во Ð²Ñ€ÐµÐ¼Ñ ÐºÐ¾Ð¼Ð¿Ð¸Ð»Ñции + + + <b>Table file:</b> + <b>Файл Ñ Ñ‚Ð°Ð±Ð»Ð¸Ñ†ÐµÐ¹:</b> + + + <b>Path:</b> + <b>Путь:</b> + + + Pattern: "%1" + Образец: "%1" + + + <b>Action :</b> + <b>ДейÑтвие :</b> + + + <b>Parameter:</b> + <b>Параметр:</b> + + + <b>Log prefix :</b> + <b>Log prefix :</b> + + + <b>Log Level :</b> + <b>Log level :</b> + + + <b>Netlink group :</b> + <b>Группа netlink :</b> + + + <b>Limit Value :</b> + <b>Значение предела :</b> + + + <b>Limit suffix :</b> + <b>Ð¡ÑƒÑ„Ñ„Ð¸ÐºÑ Ð¿Ñ€ÐµÐ´ÐµÐ»Ð° :</b> + + + <b>Limit burst :</b> + <b>Изменение предела </b> + + + <li><b>Part of Any</b></li> + <li><b>ЧаÑÑ‚ÑŒ любого</b></li> + + + <li><b>Stateless</b></li> + <li><b>Без фильтрации по ÑоÑтоÑнию</b></li> + + + <b>Log facility:</b> + <b>Log facility:</b> + + + <b>Log level :</b> + <b>Log level :</b> + + + <li><b>Send 'unreachable'</b></li> + <li><b>Отправить 'недоÑтупен'</b></li> + + + <li><b>Keep information on fragmented packets</b></li> + <li><b>Хранить информацию по фрагментированным пакетам</b></li> + + + <b>Log prefix :</b> + <b>Log prefix :</b> + + + <b>Max state :</b> + <b>МакÑимум ÑоÑтоÑÐ½Ð¸Ñ :</b> + + + <li><b>Source tracking</b></li> + <li><b>ОтÑлеживание иÑточника</b></li> + + + <b>Max src nodes :</b> + <b>МакÑимум узлов иÑточника :</b> + + + <b>Max src states:</b> + <b>МакÑимум ÑоÑтоÑний иÑточника:</b> + + + <u><b>Ver:%1</b></u><br> + + <u><b>ВерÑиÑ:%1</b></u><br> + + + + <b>Log interval :</b> + <b>Интервал Ð¶ÑƒÑ€Ð½Ð°Ð»Ð¸Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ :</b> + + + <li><b>Disable logging for this rule</b></li> + <li><b>Выключить протоколирование Ð´Ð»Ñ Ñтого правила</b></li> + + + bitmask + Ð±Ð¸Ñ‚Ð¾Ð²Ð°Ñ Ð¼Ð°Ñка + + + random + Ñлучайное + + + source-hash + Ñ…Ñш иÑточника + + + round-robin + round-robin + + + static-port + ÑтатичеÑкий порт + + + Failure + Ошибка + + + Success + УÑпешно + + + Compiling rule sets for firewall: %1 + КомпилÑÑ†Ð¸Ñ Ð½Ð°Ð±Ð¾Ñ€Ð¾Ð² правил межÑетевого Ñкрана: %1 + + + Installing policy rules on firewall '%1'. + УÑтановка наборов правил межÑетевого Ñкрана: '%1'. + + + Type '%1': new object can not be created because +corresponding branch is missing in the object tree. +Please repair the tree using command 'fwbedit -s -f file.fwb'. + Тип '%1': новый объект не может быть Ñоздан, потому что +ÑоответÑÑ‚Ð²ÑƒÑŽÑ‰Ð°Ñ Ð²ÐµÑ‚ÐºÐ° отÑутÑтвует в дереве объектов. +ВоÑÑтановите дерево объектов командой 'fwbedit -s -f file.fwb'. + + + Aggressive + ÐгреÑÑивный + + + Conservative + КонÑервативный + + + For high latency + Ð”Ð»Ñ Ð²Ñ‹Ñокой латентноÑти + + + Normal + Ðормальный + + + alert + alert + + + crit + crit + + + error + error + + + warning + warning + + + notice + notice + + + info + info + + + debug + debug + + + kern + kern + + + user + user + + + mail + mail + + + daemon + daemon + + + auth + auth + + + syslog + syslog + + + lpr + lpr + + + news + news + + + uucp + uucp + + + cron + cron + + + authpriv + authpriv + + + ftp + ftp + + + local0 + local0 + + + local1 + local1 + + + local2 + local2 + + + local3 + local3 + + + local4 + local4 + + + local5 + local5 + + + local6 + local6 + + + local7 + local7 + + + ICMP admin prohibited + ICMP admin prohibited + + + ICMP host prohibited + ICMP host prohibited + + + ICMP host unreachable + ICMP host unreachable + + + ICMP net prohibited + ICMP net prohibited + + + ICMP net unreachable + + + + ICMP port unreachable + ICMP port unreachable + + + ICMP protocol unreachable + ICMP protocol unreachable + + + TCP RST + TCP RST + + + Route through + Маршрутизировать через + + + Route reply through + Маршрутизировать ответ через + + + Route a copy through + Маршрутизировать копию через + + + on top of the script + в начало Ñкрипта + + + after interface configuration + поÑле ÐºÐ¾Ð½Ñ„Ð¸Ð³ÑƒÑ€Ð¸Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñов + + + after policy reset + поÑле ÑƒÐ´Ð°Ð»ÐµÐ½Ð¸Ñ Ñтрарого набора правил + + + /day + в день + + + /hour + в Ñ‡Ð°Ñ + + + /minute + в минуту + + + /second + в Ñекунду + + + 1.2.9 to 1.2.11 + Ñ 1.2.9 по 1.2.11 + + + 1.3.0 or later + 1.3.0 или Ñтарше + + + Accept + Разрешить + + + Deny + Блокировать + + + Reject + Блокировать Ñ ÑƒÐ²ÐµÐ´Ð¾Ð¼Ð»ÐµÐ½Ð¸ÐµÐ¼ + + + Scrub + ЧиÑтить [SCRUB] + + + Return + Вернуть + + + Skip + ПропуÑтить + + + Continue + Продолжить + + + Modify + Изменить + + + Classify + КлаÑÑифицировать + + + Custom + Определенное пользователем + + + Branch + Ветка + + + Chain + Цепочка + + + Anchor + Прикрепить + + + Accounting + Учитывать + + + Count + Считать + + + Tag + Пометить + + + Mark + Маркировать + + + Pipe + Передать + + + Queue + ПоÑтавить в очередь + + + Routing + Маршрутизировать + + + + QProgressDialog + + Cancel + Отмена + + + + QTabDialog + + OK + OK + + + Apply + Применить + + + Help + Справка + + + Defaults + По-умолчанию + + + Cancel + Отмена + + + + QWizard + + &Cancel + Отмена + + + < &Back + < Ðазад + + + &Next > + Дальше > + + + &Finish + Готово + + + &Help + Помощь + + + + RCS + + Error checking file out: %1 + Ошибка при получении файла %1 из ÑиÑтемы ÐºÐ¾Ð½Ñ‚Ñ€Ð¾Ð»Ñ Ð²ÐµÑ€Ñий + + + &Continue + Продолжить + + + Error creating temporary file + Ошибка при Ñоздании временного файла + + + Error writing to temporary file + Ошибка при запиÑи во временный файл + + + File is opened and locked by %1. +You can only open it read-only. + Файл уже открыт и заблокирован %1. +Ð’Ñ‹ можете открыть его только Ð´Ð»Ñ Ñ‡Ñ‚ÐµÐ½Ð¸Ñ. + + + Revision %1 of this file has been checked out and locked by you earlier. +The file may be opened in another copy of Firewall Builder or was left opened +after the program crashed. + Ð ÐµÐ²Ð¸Ð·Ð¸Ñ %1 Ñтого файла была получена и заблокирована вами ранее. +Файл возможно открыт в другой копии программы Firewall Builder или +возможно оÑталÑÑ Ð¾Ñ‚ÐºÑ€Ñ‹Ñ‚Ñ‹Ð¼ поÑле краха предидущей копии программы. + + + Open &read-only + Открыть только Ð´Ð»Ñ Ñ‡Ñ‚ÐµÐ½Ð¸Ñ + + + &Open and continue editing + Открыть и продолжить редактирование + + + &Cancel + Отмена + + + + RCSFilePreview + + File is not in RCS + Файл не находитÑÑ Ð² ÑиÑтеме ÐºÐ¾Ð½Ñ‚Ñ€Ð¾Ð»Ñ Ð²ÐµÑ€Ñий + + + + RCSFilePreview_q + + RCSFilePreview + Предварительный проÑмотр файла из ÑиÑтемы ÐºÐ¾Ð½Ñ‚Ñ€Ð¾Ð»Ñ Ð²ÐµÑ€Ñий + + + Open read-only + Открыть только Ð´Ð»Ñ Ñ‡Ñ‚ÐµÐ½Ð¸Ñ + + + Revision + Ð ÐµÐ²Ð¸Ð·Ð¸Ñ + + + Date + Дата + + + Author + Ðвтор + + + Locked by + Заблокирован + + + RCS log: + Журнал ÑиÑтемы ÐºÐ¾Ð½Ñ‚Ñ€Ð¾Ð»Ñ Ð²ÐµÑ€Ñий: + + + + RCSFileSaveDialog_q + + Log record for the new revision + Сделать запиÑÑŒ в журнал Ð´Ð»Ñ Ð½Ð¾Ð²Ð¾Ð¹ верÑии + + + Log record for this revision: + Сделать запиÑÑŒ в журнал Ð´Ð»Ñ Ñтой верÑии: + + + Do not ask me anymore, always check files in with empty log + Ð’Ñегда помещать файл в ÑиÑтему ÐºÐ¾Ð½Ñ‚Ñ€Ð¾Ð»Ñ Ð²ÐµÑ€Ñий Ñ Ð¿ÑƒÑтой запиÑью в журнал + + + Check file &in + ПомеÑтить файл в ÑиÑтему ÐºÐ¾Ð½Ñ‚Ñ€Ð¾Ð»Ñ Ð²ÐµÑ€Ñий + + + Alt+I + Alt+I + + + &Cancel + Отмена + + + Checking file %1 into RCS + Добавление файла %1 в ÑиÑтему ÐºÐ¾Ð½Ñ‚Ñ€Ð¾Ð»Ñ Ð²ÐµÑ€Ñий + + + + RoutingRuleOptionsDialog_q + + Routing Rule Options + Опции правила маршрутизации + + + fw/rule num + номер МЭ/правила + + + If installation of this routing rule fails, just carry on + Продолжить при неуÑпешной уÑтановке Ñтого правила маршрутизации + + + No options available for routing rules of this firewall platform + Опции правил маршрутизации не доÑтупны Ð´Ð»Ñ Ð²Ñ‹Ð±Ñ€Ð°Ð½Ð½Ð¾Ð³Ð¾ межÑетевого Ñкрана + + + + RoutingView + + Destination + Ðазначение + + + Gateway + Маршрутизатор + + + Interface + Ð˜Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ + + + Metric + Метрика + + + Options + Опции + + + Comment + Комментарий + + + + RuleOptionsDialog + + Rule name for accounting is converted to the iptables +chain name and therefore may not contain white space +and special characters. + Ðазвание правила Ð´Ð»Ñ ÑƒÑ‡ÐµÑ‚Ð° конвертируетÑÑ Ð² +название цепочки iptables, и поÑтому оно не может +Ñодержать пробела или других Ñпециальных Ñимволов. + + + &Continue + Продолжить + + + + RuleOptionsDialog_q + + Rule Options for ipt + Опции правила Ð´Ð»Ñ ipt + + + Apply Changes + Применить + + + If rule action is 'Reject', this option defines firewall's reaction to the packet matching the rule + ЕÑли дейÑтвие правила уÑтановлено в 'Блокировать Ñ ÑƒÐ²ÐµÐ´Ð¾Ð¼Ð»ÐµÐ½Ð¸ÐµÐ¼', то Ñта Ð¾Ð¿Ñ†Ð¸Ñ Ð¾Ð¿Ñ€ÐµÐ´ÐµÐ»Ñет ответ межÑетевого Ñкрана + + + Log prefix: + Log prefix: + + + alert + alert + + + crit + crit + + + error + error + + + warning + warning + + + notice + notice + + + info + info + + + debug + debug + + + Netlink group +(if using ULOG): + Netlink group +(Ð´Ð»Ñ ULOG): + + + Log level: + Log level: + + + ICMP admin prohibited + ICMP admin prohibited + + + ICMP host prohibited + ICMP host prohibited + + + ICMP host unreachable + ICMP host unreachable + + + ICMP net prohibited + ICMP net prohibited + + + ICMP net unreachable + ICMP net unreachable + + + ICMP port unreachable + ICMP port unreachable + + + ICMP protocol unreachable + ICMP protocol unreachable + + + TCP RST + TCP RST + + + Normally policy compiler uses stateful inspection in each rule. Activating next option makes this rule stateless. + Отключить фильтрацию по ÑоÑтоÑнию (stateful) Ð´Ð»Ñ Ñтого правила. + + + Assume firewall is part +of 'any' (this setting only +affects code generated +for this rule) + Считать межÑетевой Ñкран +чаÑтью любого узла +(только Ð´Ð»Ñ Ñтого правила) + + + Burst: + ВерхнÑÑ Ð³Ñ€Ð°Ð½Ð¸Ñ†Ð° нормы: + + + /day + в день + + + /hour + в Ñ‡Ð°Ñ + + + /minute + в минуту + + + /second + в Ñекунду + + + Rule matches if it hits this often +or less: + УÑловие правила выполнÑетÑÑ, еÑли +оно вызываетÑÑ Ð¼ÐµÐ½ÑŒÑˆÐµ чем: + + + Stateless rule + Правило без фильтрации по ÑоÑтоÑнию + + + Log facility: + Log facility: + + + Send ICMP 'unreachable' packet +masquerading as being from +the original destination + ОтправлÑÑ‚ÑŒ ICMP unreachable пакет +иÑÐ¿Ð¾Ð»ÑŒÐ·ÑƒÑ Ð¼Ð°Ñкарадинг, чтобы он +выглÑдел, как отправленный от +оригинального узла Ð½Ð°Ð·Ð½Ð°Ñ‡ÐµÐ½Ð¸Ñ + + + Keep information on fragmented +packets, to be applied to later +fragments + Держать информацию о фрагментированных +пакетах Ð´Ð»Ñ ÐµÑ‘ иÑÐ¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ Ñ +поÑледующими фрагментами + + + When this limit is reached, further packets matching the rule that would create state are dropped, until existing states time out. + По доÑтижении Ñтого ограничениÑ, пакеты выполнÑющие уÑловие правила и Ñоздающие новую запиÑÑŒ в таблице ÑоÑтоÑний будут блокированы до тех пор, пока ÑущеÑтвующие запиÑи в таблице ÑоÑтоÑний не будут удалены по таймауту. + + + Maximum number of concurrent states this rule may create. (Unlimited if set to zero). + МакÑимальное количеÑтво запиÑей в таблице ÑоÑтоÑний, которое может Ñоздать Ñто правило (0 - неограничено). + + + Activate source tracking + Включить отÑлеживание иÑточника (source tracking) + + + When this option is checked, the number of states per source IP is tracked + При включении Ñтой опции будет отÑлеживатьÑÑ ÐºÐ¾Ð»Ð¸Ñ‡ÐµÑтво ÑоÑтоÑний на каждый IP иÑточника + + + Maximum number of source addresses which can simultaneously have state table entries: + МакÑимальное количеÑтво адреÑов иÑточников, которые могут быть одновременно запиÑаны в таблице ÑоÑтоÑний: + + + Maximum number of simultaneous state entries that a single source address can create with this rule: + МакÑимальное количеÑтво запиÑей в таблице ÑоÑтоÑний на один Ð°Ð´Ñ€ÐµÑ Ð¸Ñточника, которое может Ñоздать Ñто правило: + + + These options are only valid for PIX running software v6.3 or later + Эти опции дейÑтвительны только Ð´Ð»Ñ Ð¼ÐµÐ¶Ñетевого Ñкрана Cisco PIX верÑии 6.3 или выше + + + completely disable logging +for this rule + не протоколировать Ñто правило + + + Logging interval: + Интервал журналированиÑ: + + + Rule name for accounting. (white spaces and special characters are not allowed) + Ðазвание правила Ð´Ð»Ñ ÑƒÑ‡ÐµÑ‚Ð° (пробел или Ñпециальные Ñимволы не допуÑтимы) + + + fw/rule num + номер МЭ/правила + + + Assume firewall is part of 'any' (this setting only affects code generated for this rule) + Считать межÑетевой Ñкран чаÑтью любого узла (только Ð´Ð»Ñ Ñтого правила) + + + General + Общие + + + Netlink group (if using ULOG): + Netlink group (Ð´Ð»Ñ ULOG): + + + Logging + ЗапиÑÑŒ в журнал (протоколирование) + + + Rate (rule matches if it hits this often or less): + Отношение (уÑловие правила выполнÑетÑÑ, еÑли оно вызываетÑÑ Ð¼ÐµÐ½ÑŒÑˆÐµ или больше чем): + + + Module limit + Модуль limit + + + limit + limit + + + bit + бит + + + per network with netmask of + на подÑеть Ñ Ð¼Ð°Ñкой + + + Number of allowed connections per client host + КоличеÑтво разрешенных Ñоединений на клиентÑкий узел + + + Module connlimit + Модуль connlimit + + + connlimit + connlimit + + + Module hashlimit + Модуль hashlimit + + + Rate: + Отношение: + + + dstip + dstip + + + srcip + srcip + + + dstip,dstport + dstip,dstport + + + srcip,srcport + srcip,srcport + + + Mode: + Режим: + + + On some older systems this module has name 'dstlimit'. Check here if you need to use this name. + Ðа некоторых Ñтарых ÑиÑтемах Ñтот модуль имеет Ð¸Ð¼Ñ 'dstlimit'. Пометьте ниже, еÑли вам нужно иÑпользовать Ñто имÑ. + + + hashlimit + hashlimit + + + Send ICMP 'unreachable' packet masquerading as being from the original destination + ОтправлÑÑ‚ÑŒ пакет ICMP unreachable так, Ñловно он был отправлен оригинальным узлом Ð½Ð°Ð·Ð½Ð°Ñ‡ÐµÐ½Ð¸Ñ + + + Keep information on fragmented packets, to be applied to later fragments + Хранить информацию по фрагментированным пакетам Ð´Ð»Ñ Ñ‚Ð¾Ð³Ð¾, чтобы затем применÑÑ‚ÑŒ ее к Ñледующим фрагментам + + + Maximum number of source addresses which can simultaneously have state table entries (max-src-nodes): + МакÑимальное количеÑтво адреÑов иÑточника, которые могут одновременно иметь запиÑи в таблице ÑоÑтоÑний (max-src-nodes): + + + Maximum number of simultaneous state entries that a single source address can create with this rule (max-src-states): + МакÑимальное количеÑтво запиÑей в таблице ÑоÑтоÑний на один Ð°Ð´Ñ€ÐµÑ Ð¸Ñточника, которое может Ñоздать Ñто правило (max-src-states): + + + Tracking + ОтÑлеживание + + + overload table: + перегрузка таблицы: + + + flush + очиÑтить + + + Maximum number of simultaneous TCP connections that a single host can make (max-src-conn): + МакÑимальное количеÑтво одновременных TCP Ñоединений, которые может Ñоздать один узел (max-src-conn): + + + global + глобально + + + The limit of new connections over a time interval (max-src-conn-rate): + МакÑимальное чиÑло новых Ñоединений в единицу времени (max-src-conn-rate): + + + / + в + + + sec + Ñек + + + Maximum number of concurrent states this rule may create. Unlimited if set to zero (option 'max'). + МакÑимальное чиÑло различных ÑоÑтоÑний, которое может Ñоздать Ñто правило. 0 - неограниченно (max). + + + Limits + ÐžÐ³Ñ€Ð°Ð½Ð¸Ñ‡ÐµÐ½Ð¸Ñ + + + completely disable logging for this rule + полноÑтью отключить протоколирование Ð´Ð»Ñ Ñтого правила + + + + RuleSetView + + A Rule Set + Ðабор правил + + + Accounting + Учёт + + + Outbound + ИÑходÑщее + + + Original + ИÑходный + + + Insert Rule + Ð’Ñтавить правило + + + Paste Rule + Ð’Ñтавить правило из буфера обмена + + + Edit + Редактировать + + + Copy + Копировать + + + Cut + Вырезать + + + Paste + Ð’Ñтавить из буфера обмена + + + Delete + Удалить + + + Negate + Отрицание + + + Rules: %1-%2 + Правила: %1-%2 + + + Rule: %1 + Правило: %1 + + + Color Label: + Ð¦Ð²ÐµÑ‚Ð¾Ð²Ð°Ñ Ð¼ÐµÑ‚ÐºÐ°: + + + Add Rule Below + Добавить правило ниже + + + Remove Rule + Удалить правило + + + Remove Rules + Удалить правила + + + Move Rule + ПеремеÑтить правило + + + Move Rules + ПеремеÑтить правила + + + Copy Rule + Копировать правило + + + Cut Rule + Вырезать правило + + + Paste Rule Above + Ð’Ñтавить правило выше + + + Paste Rule Below + Ð’Ñтавить правило ниже + + + Enable Rule + Включить правило + + + Enable Rules + Включить правила + + + Disable Rule + Отключить правило + + + Disable Rules + Отключить правила + + + Comment Editor + Редактор комментариев + + + Any + Любой + + + Accept + Разрешить + + + Deny + Блокировать + + + Reject + Блокировать Ñ ÑƒÐ²ÐµÐ´Ð¾Ð¼Ð»ÐµÐ½Ð¸ÐµÐ¼ + + + Accounting + Учитывать + + + Inbound + ВходÑщее + + + Outbound + ИÑходÑщее + + + Both + Оба + + + Rule Options + Опции правила + + + Logging On + Включить протоколирование + + + Logging Off + Отключить протоколирование + + + Default + По-умолчанию + + + All + Ð’Ñе + + + Parameters + Параметры + + + Reveal in tree + Показывать в дереве + + + + SSHPIX + + *** Fatal error : + *** Ð¤Ð°Ñ‚Ð°Ð»ÑŒÐ½Ð°Ñ Ð¾ÑˆÐ¸Ð±ÐºÐ°: + + + +Logged in + +Вошли в ÑиÑтему + + + Switching to enable mode... + Переключение в режим включениÑ... + + + New RSA key + Ðовый RSA ключ + + + Yes + Да + + + No + Ðет + + + In enable mode. + ÐахожуÑÑŒ в режиме включениÑ. + + + Pushing firewall configuration + ПереÑылка конфигурации межÑетевого Ñкрана + + + *** End + *** Конец + + + Rule %1 + Правило %1 + + + Making backup copy of the firewall configuration + Создание резервной копии конфигурации межÑетевого Ñкрана + + + Reading current firewall configuration + Чтение текущей конфигурации межÑетевого Ñкрана + + + Generating configuration diff + Сравнение конфигураций + + + Fork failed for %1 + Ответвление не удалоÑÑŒ Ð´Ð»Ñ %1 + + + Not enough memory. + Ðе доÑтаточно памÑти. + + + Too many opened file descriptors in the system. + Слишком много открытых файловых деÑкрипторов в ÑиÑтеме. + + + Empty configuration diff + Конфигурации идентичны + + + Pushing firewall configuration + + ПереÑылка конфигурации межÑетевого Ñкрана + + + + Logged in + + Вход произведен + + + + Switching to enable mode... + + Переход в режим enable ... + + + + End + + Конец + + + + Save configuration + + Сохранение конфигурации + + + + Save configuration to standby unit + + Сохранение конфигурации в запаÑной PIX + + + + Exiting + + ОÑущеÑтвлÑетÑÑ Ð²Ñ‹Ñ…Ð¾Ð´ + + + + *** Clearing unused access lists + *** ОчищаютÑÑ Ð½ÐµÐ¸Ñпользуемые ÑпиÑки доÑтупа + + + *** Clearing unused object groups + *** ОчищаютÑÑ Ð½ÐµÐ¸Ñпользуемые группы объектов + + + +*** Fatal error : + +*** КритичеÑÐºÐ°Ñ Ð¾ÑˆÐ¸Ð±ÐºÐ°: + + + Logged in + Произведен вход + + + End + Конец + + + Save configuration + Сохранить конфигурацию + + + Save configuration to standby unit + Сохранить конфигурацию в резервном Ñлементе + + + Exiting + ВыполнÑетÑÑ Ð²Ñ‹Ñ…Ð¾Ð´ + + + + SSHSession + + You are connecting to the firewall <b>'%1'</b> for the first time. It has provided you its identification in a form of its host public key. The fingerprint of the host public key is: "%2" You can save the host key to the local database by pressing YES, or you can cancel connection by pressing NO. You should press YES only if you are sure you are really connected to the firewall <b>'%3'</b>. + Ð’Ñ‹ ÑоединÑетеÑÑŒ Ñ Ð¼ÐµÐ¶Ñетевым Ñкраном <b>%1</b> первый раз, его Ð¸Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ†Ð¸Ñ Ð¾ÑущеÑтвлÑетÑÑ Ñ Ð¿Ð¾Ð¼Ð¾Ñ‰ÑŒÑŽ открытого ключа. Открытый ключ Ñтого межÑетевого Ñкрана: %2. ЕÑли вы уверены, что Ñто открытый ключ межÑетевого Ñкрана %3, нажмите 'Да', иначе - нажмите 'Ðет'. + + + Failed to start ssh + Ðе удалоÑÑŒ запуÑтить ssh + + + SSH terminated, exit status: %1 + Работа программы ssh была прервана, код возврата: %1 + + + SSH session terminated, exit status: %1 + SSH ÑеÑÑÐ¸Ñ Ð¿Ñ€ÐµÑ€Ð²Ð°Ð»Ð°ÑÑŒ, ÑÑ‚Ð°Ñ‚ÑƒÑ Ð²Ñ‹Ñ…Ð¾Ð´Ð°: %1 + + + + SSHUnx + + *** Fatal error : + *** Ð¤Ð°Ñ‚Ð°Ð»ÑŒÐ½Ð°Ñ Ð¾ÑˆÐ¸Ð±ÐºÐ°: + + + +Logged in + + +Вошли в ÑиÑтему + + + + New RSA key + Ðовый RSA ключ + + + Yes + Да + + + No + Ðет + + + Error in SSH + Ошибка ssh + + + Logged in + + Вход произведен + + + + Done + Завершено + + + +*** Fatal error : + +*** КритичеÑÐºÐ°Ñ Ð¾ÑˆÐ¸Ð±ÐºÐ°: + + + Logged in + Произведен вход + + + + SimpleIntEditor_q + + Script Editor + Редактор Ñкриптов + + + Cancel + Отмена + + + OK + OK + + + + SimpleTextEditor + + Warning: loading from file discards current contents of the script. + Предупреждение: загрузка из файла удалит текущее Ñодержимое Ñкрипта. + + + Choose file that contains PIX commands + Выберите файл, Ñодержащий команды Cisco PIX + + + Could not open file %1 + Ðе могу открыть файл %1 + + + + SimpleTextEditor_q + + Script Editor + Редактор Ñкриптов + + + OK + OK + + + Cancel + Отмена + + + Import from file ... + Импорт из файла... + + + + SimpleTextView_q + + Text viewer + ПроÑмотр текÑта + + + Object Name + Ðазвание объекта + + + Close + Закрыть + + + + StartWizard + + Choose name and location for the new file + Выберите Ð¸Ð¼Ñ Ð¸ каталог Ð´Ð»Ñ Ð½Ð¾Ð²Ð¾Ð³Ð¾ файла + + + File %1 is read-only, you can not save changes to it. + Файл %1 доÑтупен только Ð´Ð»Ñ Ñ‡Ñ‚ÐµÐ½Ð¸Ñ, Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ Ð½Ðµ будут Ñохранены в нём. + + + Error adding file to RCS: +%1 + Ошибка при добавлении файла %1 в ÑиÑтему ÐºÐ¾Ð½Ñ‚Ñ€Ð¾Ð»Ñ Ð²ÐµÑ€Ñий + + + Error opening file: +%1 + Ошибка при открытии файла: +%1 + + + + TCPServiceDialog_q + + TCP + TCP + + + Name: + Ðазвание: + + + Library: + Библиотека: + + + Destination Port Range + Диапазон портов Ð½Ð°Ð·Ð½Ð°Ñ‡ÐµÐ½Ð¸Ñ + + + Start: + Ðачало: + + + End: + Конец: + + + Source Port Range + Диапазон портов иÑточника + + + Apply Changes + Применить + + + Comment: + Комментарий: + + + TCP Flags + Флаги TCP + + + A + A + + + U + U + + + Mask: + МаÑка: + + + Settings: + УÑтановки: + + + S + S + + + F + F + + + P + P + + + R + R + + + TCP Service + TCP ÑÐµÑ€Ð²Ð¸Ñ + + + + TagServiceDialog_q + + Form1 + Форма1 + + + Tag Service + Служба пометок + + + Comment: + Комментарий: + + + Library: + Библиотека: + + + Name: + Ðазвание: + + + Code: + Определение: + + + + TimeDialog + + Date (M/D/Y): + Дата (M/D/Y): + + + Date (D/M/Y): + Дата (D/M/Y): + + + Date (Y/M/D): + Дата (Y/M/D): + + + Date (Y/D/M): + Дата (Y/D/M): + + + + TimeDialog_q + + Time + Интервал времени + + + Comment: + Комментарий: + + + Apply Changes + Применить + + + Name: + Ðазвание: + + + Library: + Библиотека: + + + Date: + Дата: + + + Time: + ВремÑ: + + + Activate a rule on: + Включить правило в: + + + Day of week (0-6): + День недели (0 - 6): + + + Deactivate a rule on: + Отключить правило в: + + + Time Interval + Интервал времени + + + + UDPServiceDialog_q + + UDP + UDP + + + Name: + Ðазвание: + + + Library: + Библиотека: + + + Apply Changes + Применить + + + Comment: + Комментарий: + + + Destination Port Range + Диапазон портов Ð½Ð°Ð·Ð½Ð°Ñ‡ÐµÐ½Ð¸Ñ + + + Start: + Ðачало: + + + End: + Конец: + + + Source Port Range + Диапазон портов иÑточника + + + UDP Service + UDP ÑÐµÑ€Ð²Ð¸Ñ + + + + askRuleNumberDialog_q + + Enter New Position For The Rule + Введите новую позцию Ð´Ð»Ñ Ð¿Ñ€Ð°Ð²Ð¸Ð»Ð° + + + Enter new position for selected rules: + Введите новую позцию Ð´Ð»Ñ Ð²Ñ‹Ð±Ñ€Ð°Ð½Ð½Ñ‹Ñ… правил: + + + &Move + ПеремеÑтить + + + Alt+M + Alt+M + + + &Cancel + Отмена + + + Alt+C + Alt+C + + + + colorLabelMenuItem_q + + Orange + Оранжевый + + + Green + Зеленый + + + Purple + Пурпурный + + + Blue + Синий + + + Yellow + Желтый + + + Gray + Серый + + + Red + КраÑный + + + No color + Без цвета + + + + debugDialog_q + + Debugging Info + ÐžÑ‚Ð»Ð°Ð´Ð¾Ñ‡Ð½Ð°Ñ Ð¸Ð½Ñ„Ð¾Ñ€Ð¼Ð°Ñ†Ð¸Ñ + + + &Close + Закрыть + + + Alt+C + Alt+C + + + + execDialog + + Error: Failed to start program + Ошибка: не могу запуÑтить программу + + + + execDialog_q + + Executing external command + Выполнение внешней команды + + + &Close + Закрыть + + + Alt+C + Alt+C + + + Stop + ОÑтановить + + + Save log to file + Сохранить журнал в файл + + + + filePropDialog + + Opened read-only + Открыт только Ð´Ð»Ñ Ñ‡Ñ‚ÐµÐ½Ð¸Ñ + + + Revision %1 + РевизиÑ: %1 + + + + filePropDialog_q + + File Properties + +СвойÑтва файла + + + Location: + МеÑтоположение: + + + location + меÑтоположение + + + Revision history: + ИÑÑ‚Ð¾Ñ€Ð¸Ñ Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ð¹ верÑий: + + + RO + RO + + + Revision Control: + Управление верÑиÑми (ревизиÑми): + + + Time of last modification: + ПоÑледнÑÑ Ð¼Ð¾Ð´Ð¸Ñ„Ð¸ÐºÐ°Ñ†Ð¸Ñ: + + + rev + Ñ€ÐµÐ²Ð¸Ð·Ð¸Ñ + + + lockedBy + заблокирован + + + lastModified + поÑледнÑÑ Ð¼Ð¾Ð´Ð¸Ñ„Ð¸ÐºÐ°Ñ†Ð¸Ñ + + + Revision: + РевизиÑ: + + + Locked by user: + Заблокирован пользователем: + + + OK + OK + + + Print + Печать + + + + findDialog + + Search hit the end of the object tree. + ПоиÑк по дереву объектов завершен. + + + &Continue at top + Продолжить Ñ Ð½Ð°Ñ‡Ð°Ð»Ð° + + + &Stop + ОК + + + + findDialog_q + + Find Object + Ðайти объект + + + Text to be found in object names: + ТекÑÑ‚ Ð´Ð»Ñ Ð¿Ð¾Ð¸Ñка в названиÑÑ… объектов: + + + Recognize regular expressions in search pattern + Разрешить регулÑрные Ð²Ñ‹Ñ€Ð°Ð¶ÐµÐ½Ð¸Ñ Ð¿Ñ€Ð¸ поиÑке + + + Search in the tree + ИÑкать по дереву объектов + + + Search in policy rules + ИÑкать по наборам правил + + + Find + Ðайти + + + Matching attribute: + Ðтрибут ÑоответÑтвиÑ: + + + Address + ÐÐ´Ñ€ÐµÑ + + + TCP/UDP port + Порт TCP/UDP + + + Protocol number + Ðомер протокола + + + ICMP type + Тип ICMP + + + Search for substring using regular expressions + ПоиÑк подÑтроки Ñ Ð¸Ñпользованием регулÑрных выражений + + + + findObjectWidget_q + + Form1 + Форма1 + + + Find object + Ðайти объект + + + Name + Ðазвание + + + Address + ÐÐ´Ñ€ÐµÑ + + + TCP/UDP port + Порт TCP/UDP + + + Protocol number + Ðомер протокола + + + ICMP type + Тип ICMP + + + Replace object + Заменить объект + + + Replace && Find + Заменить и найти + + + Next + Следующий + + + Replace all + Заменить вÑе + + + Replace + Заменить + + + Scope for search and replace : + ОблаÑÑ‚ÑŒ поиÑка и замены: + + + Tree only + Только дерево + + + Tree and policy of all firewalls + Дерево и набор правил вÑех межÑетевых Ñкранов + + + Policy of all firewalls + Ðабор правил вÑех межÑетевых Ñкранов + + + policy of the opened firewall + Ðабор правил открытого межÑетевого Ñкрана + + + Close + Закрыть + + + + findWhereUsedWidget_q + + Parent Object + РодительÑкий объект + + + Details + ПодробноÑти + + + Form1 + Форма1 + + + Object: + Объект: + + + Object is found in : + Объект обнаружен в: + + + Find + Ðайти + + + Close + Закрыть + + + + freebsdAdvancedDialog_q + + FreeBSD: advanced settings + FreeBSD: раÑширенные наÑтройки + + + &OK + OK + + + &Cancel + Отмена + + + Options + Опции + + + Forward source routed packets + Маршрутизировать пакеты Ñ Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ð¸Ð·Ð°Ñ†Ð¸ÐµÐ¹ иÑточника + + + Generate ICMP redirects + ОтправлÑÑ‚ÑŒ ICMP redirect-Ñ‹ + + + Packet forwarding + ÐœÐ°Ñ€ÑˆÑ€ÑƒÑ‚Ð¸Ð·Ð°Ñ†Ð¸Ñ Ð¿Ð°ÐºÐµÑ‚Ð¾Ð² + + + No change + Без изменений + + + On + Включить + + + Off + Выключить + + + Path + Путь + + + ipf: + ipf: + + + ipnat: + ipnat: + + + sysctl: + sysctl: + + + Specify directory path and a file name for the following utilities on the OS your firewall machine is running. Leave these empty if you want to use default values. + Укажите полный путь к перечиÑленным утилитам в операционной ÑиÑтеме Ñтого межÑетевого Ñкрана. Ð”Ð»Ñ Ð½ÐµÐ·Ð°Ð¿Ð¾Ð»Ð½ÐµÐ½Ð½Ñ‹Ñ… полей будут иÑпользованы Ð·Ð½Ð°Ñ‡ÐµÐ½Ð¸Ñ Ð¿Ð¾-умолчанию. + + + ipfw: + ipfw: + + + + instBatchOptionsDialog + + Batch install options + Опции пакетной уÑтановки + + + + instDialog + + File %1 not found. + Ðе найден файл %1. + + + &Continue + Продолжить + + + +Copying %1 -> %2 + + +Копирование %1 -> %2 + + + + Running command '%1' + + + ВыполнÑетÑÑ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° %1 + + + ERROR: Terminating install sequence + + ОШИБКÐ: Прерывание уÑтановки + + + + Done + + Завершено + + + + Activating new policy + + Включение нового набора правил + + + + There is no firewalls to process. + ОтÑутÑтвуют межеÑетевые Ñкраны Ð´Ð»Ñ Ð¾Ð±Ñ€Ð°Ð±Ð¾Ñ‚ÐºÐ¸. + + + <p align="center"><b><font size="+2">Select firewalls for compilation.</font></b></p> + <p align="center"><b><font size="+2">Выберите межÑетевые Ñкраны Ð´Ð»Ñ ÐºÐ¾Ð¼Ð¿Ð¸Ð»Ñции.</font></b></p> + + + Unknown operation. + ÐеизвеÑÑ‚Ð½Ð°Ñ Ð¾Ð¿ÐµÑ€Ð°Ñ†Ð¸Ñ. + + + Show details + Показать подробноÑти + + + Hide details + Скрыть подробноÑти + + + Install options for firewall '%1' + Опции уÑтановки межÑетевого Ñкрана '%1' + + + +Copying %1 -> %2:%3 + + +Копирование %1 -> %2:%3 + + + + Success + УÑпешно + + + Error + Ошибка + + + Fatal error, terminating install sequence + + Ð¤Ð°Ñ‚Ð°Ð»ÑŒÐ½Ð°Ñ Ð¾ÑˆÐ¸Ð±ÐºÐ°, прерываетÑÑ ÑƒÑтановка + + + + Error: Failed to start program + Ошибка: не могу запуÑтить программу + + + Policy installer uses Secure Shell to communicate with the firewall. +Please configure directory path to the secure shell utility +installed on your machine using Preferences dialog + Программа уÑтановки политик иÑпользует SSH Ð´Ð»Ñ Ð²Ð·Ð°Ð¸Ð¼Ð¾Ð´ÐµÐ¹ÑÑ‚Ð²Ð¸Ñ +Ñ Ð¼ÐµÐ¶Ñетевым Ñкраном. Укажите путь к утилите ssh, уÑтановленной +в вашей ÑиÑтеме иÑÐ¿Ð¾Ð»ÑŒÐ·ÑƒÑ Ð´Ð¸Ð°Ð»Ð¾Ð³ ÐаÑтройка + + + Firewall isn't compiled. + Ðабор правил Ð´Ð»Ñ Ð¼ÐµÐ¶Ñетевого Ñкрана не Ñкомпилирован. + + + Firewall platform is not specified in this object. +Can't compile firewall policy. + Ðе указан межеÑетевой Ñкран Ð´Ð»Ñ Ñтого объекта. +Ðевозможно Ñкомпилировать набор правил межÑетевого Ñкрана. + + + Error: Terminating install sequence + + Ошибка: уÑтановка завершаетÑÑ + + + + Abnormal program termination + Ðекорректное завершение программы + + + Skipped + Пропущен + + + Compiling ... + КомпилÑÑ†Ð¸Ñ ... + + + Failure + Ошибка + + + Recompile + Перекомпилировать + + + Batch policy rules compilation + ÐŸÐ°ÐºÐµÑ‚Ð½Ð°Ñ ÐºÐ¾Ð¼Ð¿Ð¸Ð»ÑÑ†Ð¸Ñ Ð½Ð°Ð±Ð¾Ñ€Ð° правил + + + Stop + ОÑтановить + + + Install firewall: + УÑтановить межÑетевой Ñкран: + + + Installing firewalls + УÑтановка межÑетевых Ñкранов + + + Installing ... + УÑтановка ... + + + Show selected + Показать выбранные + + + Show all + Показать вÑе + + + + instDialog_q + + Firewall Builder: Policy Installer + Firewall Builder: уÑтановка набора правил + + + Installing policy rules on firewall '%1'. Logging in + УÑтановка набора правил на межÑетевой Ñкран %1. Подключение и вход в ÑиÑтему + + + Enter authentication information below and click 'Next' + Введите информацию необходимую Ð´Ð»Ñ Ð°ÑƒÑ‚ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ†Ð¸Ð¸ и нажмите 'Далее' + + + install only ACL, 'icmp', 'telnet', 'ssh', 'nat', 'global' and 'static' commands + иÑпользовать только Ñледующие команды ACL: icmp, telnet, ssh, nat, global and static + + + Calculate difference between current firewall state and generated configuration and install only those commands that update state of the firewall + Ðайти Ñ€Ð°Ð·Ð»Ð¸Ñ‡Ð¸Ñ Ð¼ÐµÐ¶Ð´Ñƒ уÑтанавливаемой и текущей конфигурацией межÑетевого Ñкрана и выполнить только команды Ð´Ð»Ñ Ð¿Ñ€Ð¸Ð²ÐµÐ´ÐµÐ½Ð¸Ñ Ð¼ÐµÐ¶Ñетевого Ñкрана к уÑтанавливаемой конфигурации + + + Quiet install: do not print anything as commands are executed on the firewall + Краткий режим: не показывать ничего при выполнении команд на межÑетевом Ñкране + + + Dry run (commands won't be executed on the firewall) + Проверка уÑтановки (команды не будут выполнÑÑ‚ÑŒÑÑ Ð½Ð° межÑетевом Ñкране) + + + Make a backup copy of the firewall configuration in this file: + Создать резервную копию конфигурации межÑетевого Ñкрана в файле: + + + Alternative address to communicate with the firewall: + ЗапаÑной Ð°Ð´Ñ€ÐµÑ Ð´Ð»Ñ ÑвÑзи Ñ Ð¼ÐµÐ¶Ñетевым Ñкраном: + + + Store configuration diff in a file + СохранÑÑ‚ÑŒ Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ ÐºÐ¾Ð½Ñ„Ð¸Ð³ÑƒÑ€Ð°Ñ†Ð¸Ð¸ в файле + + + Enable password: + Указать пароль: + + + Password or passphrase: + Пароль: + + + User name: + Ð˜Ð¼Ñ Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ: + + + Verbose: print all commands as they are executed on the firewall + Подробный режим: показывать вÑе команды, выполнÑемые на межÑетевом Ñкране + + + Remove comments from configuration + Удалить комментарии из конфигурации + + + Compress script + Сжать Ñкрипт + + + Test run: run the script on the firewall but do not store it permanently. +You can revert to the last working configuration by rebooting the firewall. + ТеÑтовый запуÑк: запуÑтить Ñкрипт на межÑетевом Ñкране, +но не пропиÑывать его в загрузочных Ñкриптах. +При необходимоÑти можно вернуть Ñтарую конфигурацию +межÑетевого Ñкрана путем его перезагрузки. + + + Schedule reboot in + Отложить перезагрузку до + + + Rebooting the firewall will restore its original policy. To cancel reboot, install the policy with "test run" option turned off + ПоÑле перезагрузки межÑетевого Ñкрана будет загружен Ñтарый набор правил, чтобы избежать Ñтого произведите уÑтановку набора правил Ñ Ð¾Ñ‚ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ð¾Ð¹ опцией 'ТеÑтовый запуÑк' + + + min + мин + + + Installing policy rules on firewall '%1'. + УÑтановка набора правил на межÑетевой Ñкран %1. + + + Progress: + ПрогреÑÑ: + + + Write configuration to standby PIX + ЗапиÑÑŒ конфигурации в запаÑной PIX + + + Compile + Компилировать + + + Install + УÑтановить + + + Firewall + МежÑетевой Ñкран + + + Library + Библиотека + + + Last Modified + ПоÑледнÑÑ Ð¼Ð¾Ð´Ð¸Ñ„Ð¸ÐºÐ°Ñ†Ð¸Ñ + + + Last Compiled + ПоÑледнÑÑ ÐºÐ¾Ð¼Ð¿Ð¸Ð»ÑÑ†Ð¸Ñ + + + Last Installed + ПоÑледнÑÑ ÑƒÑтановка + + + Progress + ПрогреÑÑ + + + Compile status + Ð¡Ñ‚Ð°Ñ‚ÑƒÑ ÐºÐ¾Ð¼Ð¿Ð¸Ð»Ñции + + + Install status + Ð¡Ñ‚Ð°Ñ‚ÑƒÑ ÑƒÑтановки + + + <p align="center"><b><font size="+2">Select firewalls to compile and install.</font></b></p> + <p align="center"><b><font size="+2">Выберите межÑетевые Ñкраны Ð´Ð»Ñ ÐºÐ¾Ð¼Ð¿Ð¸Ð»Ñции и уÑтановки.</font></b></p> + + + Perform batch install + Выполнить пакетную уÑтановку + + + Check this option if you want to install all selected firewalls automatically. This only works if you use the same user name and password to authenticate to all these firewalls. + Включите Ñту опцию Ð´Ð»Ñ Ð°Ð²Ñ‚Ð¾Ð¼Ð°Ñ‚Ð¸Ñ‡ÐµÑкой уÑтановки вÑех межÑетевых Ñкранов. Эта Ð¾Ð¿Ñ†Ð¸Ñ Ñ€Ð°Ð±Ð¾Ñ‚Ð°ÐµÑ‚ только в Ñлучае полного ÑÐ¾Ð²Ð¿Ð°Ð´ÐµÐ½Ð¸Ñ Ð¸Ñпользуемого имени Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ð¸ Ð¿Ð°Ñ€Ð¾Ð»Ñ Ð´Ð»Ñ Ð²Ñех выбранных межÑетевых Ñкранов. + + + All + Ð’Ñе + + + None + Ðичего + + + Show selected + Показать выбранные + + + Stop + ОÑтановить + + + Firewalls: + МежÑетевые Ñкраны: + + + firewall + межÑетевой Ñкран + + + Show Details + Показать подробноÑти + + + Process log + Журнал обработки + + + Save log to file + Сохранить журнал в файл + + + + instOptionsDialog_q + + Install options + Опции уÑтановки + + + <p align="center"><b><font size="+2">Install options for firewall '%1'</font></b></p> + <p align="center"><b><font size="+2">Опции уÑтановки Ð´Ð»Ñ Ð¼ÐµÐ¶Ñетевого Ñкрана '%1'</font></b></p> + + + Enter authentication information below and click 'Next' + Введите информацию Ð´Ð»Ñ Ð°ÑƒÑ‚ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ†Ð¸Ð¸ ниже и нажмите 'Далее' + + + Password or passphrase: + Пароль: + + + User name: + Ð˜Ð¼Ñ Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ: + + + Options for PIX and fwsm firewalls : + Опции Ð´Ð»Ñ Ð¼ÐµÐ¶Ñетевых Ñкранов PIX и FWSM: + + + Write configuration to standby PIX + ЗапиÑать конфигурацию в запаÑной PIX + + + Dry run (commands won't be executed on the firewall) + Проверка уÑтановки (команды не будут выполнÑÑ‚ÑŒÑÑ Ð½Ð° межÑетевом Ñкране) + + + Store configuration diff in a file + Сохранить Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ ÐºÐ¾Ð½Ñ„Ð¸Ð³ÑƒÑ€Ð°Ñ†Ð¸Ð¸ в файле + + + install only ACL, 'icmp', 'telnet', 'ssh', 'nat', 'global' and 'static' commands + уÑтановить только команды: ACL, icmp, telnet, ssh, nat, global и static + + + Calculate difference between current firewall state and generated configuration and install only those commands that update state of the firewall + Ðайти Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ Ð¼ÐµÐ¶Ð´Ñƒ текущей и генерируемой конфигурациÑми межеÑетевого Ñкрана, поÑле чего уÑтановить только те команды, которые обновÑÑ‚ текущую конфигурацию до генерируемой + + + Enable password: + Введите пароль: + + + Make a backup copy of the firewall configuration in this file: + Создать резервную копию конфигурации межÑетевого Ñкрана в файле: + + + Alternative address to communicate with the firewall: + Ðльтернативный Ð°Ð´Ñ€ÐµÑ Ð´Ð»Ñ ÑвÑзи Ñ Ð¼ÐµÐ¶ÐµÑетевым Ñкраном: + + + Schedule reboot in + Отложить перезагрузку до + + + Rebooting the firewall will restore its original policy. To cancel reboot, install the policy with "test run" option turned off + ПоÑле перезагрузки межÑетевого Ñкрана будет загружен Ñтарый набор правил, чтобы избежать Ñтого произведите уÑтановку набора правил Ñ Ð¾Ñ‚ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ð¾Ð¹ опцией 'ТеÑтовый запуÑк' + + + min + мин + + + If you install the policy in the test mode, you can revert to the last working configuration by rebooting the firewall + ЕÑли вы уÑтанавливаете набор правил в теÑтовом режиме, то вы можете воÑÑтановить поÑледнюю рабочую конфигурацию путем перезагрузки межÑетевого Ñкрана + + + Test run: run the script on the firewall but do not store it permanently. + ТеÑтовый запуÑк: запуÑтить Ñкрипт на межÑетевом Ñкране, не ÑохранÑÑ ÐµÐ³Ð¾ на нем. + + + Quiet install: do not print anything as commands are executed on the firewall + ÐžÐ±Ñ‹Ñ‡Ð½Ð°Ñ ÑƒÑтановка: не показывать команды по мере их Ð²Ñ‹Ð¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð½Ð° межÑетевом Ñкране + + + Verbose: print all commands as they are executed on the firewall + ÐŸÐ¾Ð´Ñ€Ð¾Ð±Ð½Ð°Ñ ÑƒÑтановка: показывать вÑе команды по мере их Ð²Ñ‹Ð¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð½Ð° межÑетевом Ñкране + + + Remove comments from configuration + Удалить комментарии из конфигурации + + + Compress script + Сжимать Ñкрипт + + + Store a copy of fwb file on the firewall + Сохранить копию fwb-файла на межÑетевом Ñкране + + + Ok + OK + + + Cancel + Отмена + + + + ipfAdvancedDialog + + Script Editor + Редактор Ñкриптов + + + + ipfAdvancedDialog_q + + ipf: advanced settings + ipf: раÑширенные наÑтройки + + + &OK + OK + + + &Cancel + Отмена + + + Compiler + КомпилÑтор + + + Compiler: + КомпилÑтор: + + + There are two ways compiler can generate code for rules in the Global Policy: it can either create two ipf rules to control both incoming and outgoing packets for each rule, or it can create only one ipf rule for incoming packets and permit all outgoing ones.You get more control over the packets crossing the firewall in the first mode, but generated script is going to be smaller if you choose the second. + КомпилÑÑ†Ð¸Ñ Ð¿Ñ€Ð°Ð²Ð¸Ð» глобальной политики может проходить Ð´Ð²ÑƒÐ¼Ñ Ð¿ÑƒÑ‚Ñми: или путем ÑÐ¾Ð·Ð´Ð°Ð½Ð¸Ñ Ð´Ð²ÑƒÑ… правил межÑетевого Ñкрана Ð´Ð»Ñ Ð²Ñ…Ð¾Ð´Ñщих и иÑходÑщих пакетов ÑоответÑтвенно Ð´Ð»Ñ ÐºÐ°Ð¶Ð´Ð¾Ð³Ð¾ правила политики или путем ÑÐ¾Ð·Ð´Ð°Ð½Ð¸Ñ Ð¾Ð´Ð½Ð¾Ð³Ð¾ правила Ð´Ð»Ñ Ð²Ñ…Ð¾Ð´Ñщих пакетов (в Ñтом Ñлучае вÑе иÑходÑщие пакеты будут разрешены). Ð’ первом Ñлучае вы лучше контролируете межÑетевой Ñкран, во втором - уменьшаетÑÑ Ñоздаваемый Ñкрипт. + + + Masquerade returned icmp as being from original +packet's destination + ОтправлÑÑ‚ÑŒ ICMP пакеты иÑÐ¿Ð¾Ð»ÑŒÐ·ÑƒÑ Ð¼Ð°Ñкарадинг, +чтобы они выглÑдели, как отправленные от +оригинального узла Ð½Ð°Ð·Ð½Ð°Ñ‡ÐµÐ½Ð¸Ñ + + + Generate both 'in' and 'out' rules + Генерировать правила как входÑщие, так и иÑходÑщие + + + Pass all outgoing + Разрешить вÑе иÑходÑщие + + + Accept TCP sessions opened prior to firewall restart + Ðе ÑбраÑывать TCP ÑеÑÑии открытые до загрузки нового набора правил межÑетевого Ñкрана + + + Find and eliminate duplicate rules + Ðаходить и упрощать вÑе дублирующие правила + + + Detect rule shadowing in policy + Ðаходить 'затенение' правил в наборе + + + Shadowing happens because a rule is a superset of a subsequent rule and any packets potentially matched by the subsequent rule have already been matched by the prior rule. + Затенение проиÑходит, когда одно правило идущее ранее делает одно или неÑколько Ñледующующих правил не рабочими. Это проиÑходит из-за того, что пакеты, которые должны попадать под уÑÐ»Ð¾Ð²Ð¸Ñ Ñледующих правил будут попадать под уÑловие первого правило. + + + Ignore empty groups in rules + Игнорировать пуÑтые группы в правилах + + + If the option is deactivated, compiler treats empty groups as an error and aborts processing the policy. If this option is activated, compiler removes all empty groups from all rule elements. If rule element becomes 'any' after the last empty group has been removed, the whole rule will be ignored. Use this option only if you fully understand how it works! + При выключении Ñтой опции компилÑтор будет воÑпринимать пуÑтые группы в наборе правил как ошибку, а при включении - будет удалÑÑ‚ÑŒ при компилÑции пуÑтые группы из вÑех правил. Во втором Ñлучае еÑли поÑле ÑƒÐ´Ð°Ð»ÐµÐ½Ð¸Ñ Ð³Ñ€ÑƒÐ¿Ð¿Ñ‹ правило окажетÑÑ Ð¿ÑƒÑтым в том меÑте, где была группа (окажетÑÑ Ñ Ð¿Ð¾Ð»ÐµÐ¼ любой), то такое правило будет игнорироватьÑÑ. ИÑпользуйте Ñту опцию очень внимательно и оÑторожно! + + + Always permit ssh access from +the management workstation +with this address: + Ð’Ñегда разрешать доÑтуп +по протоколу SSH Ñ ÑƒÐ¿Ñ€Ð°Ð²Ð»Ñющей +рабочей Ñтанции Ñ Ð°Ð´Ñ€ÐµÑом: + + + Default action on 'Reject': + Уведомление по-умолчанию Ð´Ð»Ñ Ð´ÐµÐ¹ÑÑ‚Ð²Ð¸Ñ 'Блокировать Ñ ÑƒÐ²ÐµÐ´Ð¾Ð¼Ð»ÐµÐ½Ð¸ÐµÐ¼': + + + ICMP admin prohibited + ICMP admin prohibited + + + ICMP host prohibited + ICMP host prohibited + + + ICMP host unreachable + ICMP host unreachable + + + ICMP net prohibited + ICMP net prohibited + + + ICMP net unreachable + ICMP net unreachable + + + ICMP port unreachable + ICMP port unreachable + + + ICMP protocol unreachable + ICMP protocol unreachable + + + TCP RST + TCP RST + + + Command line options for the compiler: + Опции командной Ñтроки Ð´Ð»Ñ ÐºÐ¾Ð¼Ð¿Ð¸Ð»Ñтора: + + + Output file name (if left blank, the file name is constructed of the firewall object name and extension ".fw") + Ð˜Ð¼Ñ Ñ„Ð°Ð¹Ð»Ð° (по-умолчанию, еÑли пуÑтое, Ð¸Ð¼Ñ Ð±ÑƒÐ´ÐµÑ‚ ÑоÑтоÑÑ‚ÑŒ из Ð½Ð°Ð·Ð²Ð°Ð½Ð¸Ñ Ð¾Ð±ÑŠÐµÐºÑ‚Ð° межÑетевого Ñкрана и раÑÑˆÐ¸Ñ€ÐµÐ½Ð¸Ñ '.fw') + + + Protocol Helpers + РаÑÑˆÐ¸Ñ€ÐµÐ½Ð½Ð°Ñ Ð¿Ð¾Ð´Ð´ÐµÑ€Ð¶ÐºÐ° протоколов + + + Some protocols involve multiple associated network connections. Firewall can keep track of such connections automatically if you activate one or all of the following options: + Ðекоторые протоколы допуÑкают наличие неÑкольких взаимоÑвÑзанных Ñоединений. МежÑетевой Ñкран может отÑлеживать такие ÑÐ¾ÐµÐ´Ð¸Ð½ÐµÐ½Ð¸Ñ Ð°Ð²Ñ‚Ð¾Ð¼Ð°Ñ‚Ð¸Ñ‡ÐµÑки, еÑли вы включите одну или неÑколько из Ñледующих опций: + + + Use raudio proxy in NAT rules + ИÑпользовать raudio прокÑи Ð´Ð»Ñ NAT правил + + + Use h323 proxy in NAT rules + ИÑпользовать h323 прокÑи Ð´Ð»Ñ NAT правил + + + Use ipsec proxy in NAT rules + ИÑпользовать ipsec прокÑи Ð´Ð»Ñ NAT правил + + + Use ftp proxy in NAT rules + ИÑпользовать ftp прокÑи Ð´Ð»Ñ NAT правил + + + Use rcmd proxy in NAT rules + ИÑпользовать rcmd прокÑи Ð´Ð»Ñ NAT правил + + + Installer + УÑтановщик + + + Command line options for the script: + Опции командной Ñтроки Ð´Ð»Ñ Ñкрипта: + + + Policy install script (using built-in installer if this field is blank): + Скрипт уÑтановки набора правил (не заполнÑйте Ð´Ð»Ñ Ð¸ÑÐ¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ Ð²Ñтроенного Ñкрипта уÑтановки): + + + Directory on the firewall where configuration files should be installed + Каталог на межÑетевом Ñкране, в который должны быть уÑтановлены файлы конфигурации + + + User name used to authenticate to the firewall (leave this empty if you use putty session): + Ð˜Ð¼Ñ Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ, иÑпользуемое Ð´Ð»Ñ Ð°ÑƒÑ‚ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ†Ð¸Ð¸ на межÑетевом Ñкране (не заполнÑйте, еÑли иÑпользуете putty ÑеÑÑию): + + + Alternative name or address used to communicate with the firewall (also putty session name on Windows) + Ðльтернативный Ð°Ð´Ñ€ÐµÑ Ð¸Ð»Ð¸ Ð¸Ð¼Ñ Ð¼ÐµÐ¶Ñетевого Ñкрана Ð´Ð»Ñ ÑвÑзи Ñ Ð½Ð¸Ð¼ (в Windows поддерживаютÑÑ Ð½Ð°Ð·Ð²Ð°Ð½Ð¸Ñ ÑеÑÑий putty) + + + A command that installer should execute on the firewall in order to activate the policy (if this field is blank, installer runs firewall script in the directory specified above; it uses sudo if user name is not 'root') + Команда, иÑÐ¿Ð¾Ð»ÑŒÐ·ÑƒÐµÐ¼Ð°Ñ ÑƒÑтановщиком Ð´Ð»Ñ Ð·Ð°Ð³Ñ€ÑƒÐ·ÐºÐ¸ нового набора правил (еÑли Ñто поле пуÑтое, уÑтановщик будет выполнÑÑ‚ÑŒ Ñкрипт межÑетевого Ñкрана в указанном выше каталоге, он также будет иÑпользовать sudo, еÑли Ð¸Ð¼Ñ Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ð½Ðµ root) + + + Logging + ЗапиÑÑŒ в журнал (протоколирование) + + + Log facility: + Log facility: + + + Log level: + Log level: + + + Log packet body + Протоколировать тело пакета + + + Block if can not log + Блокировать при невозможноÑти протоколировать + + + Script Options + Опции Ñкрипта + + + Add virtual addresses for NAT + ДобавлÑÑ‚ÑŒ виртуальные адреÑа Ð´Ð»Ñ NAT + + + Configure Interfaces of the firewall machine + Конфигурировать интерфейÑÑ‹ межÑетевого Ñкрана + + + Turn debugging on in generated script + Включить режим отладки в генерируемом Ñкрипте + + + Optimization + ÐžÐ¿Ñ‚Ð¸Ð¼Ð¸Ð·Ð°Ñ†Ð¸Ñ + + + If this option is on, policy compiler adds virtual addresses to the interfaces to make the firewall answer to ARP queries for addresses used in NAT rules. + При включении Ñтой опции, компилÑтор добавит виртуальные адреÑа к интерфейÑам межÑетевого Ñкрана Ð´Ð»Ñ Ñ‚Ð¾Ð³Ð¾, чтобы он отвечал на ARP-запроÑÑ‹ адреÑов, иÑпользуемых в правилах Ñетевой транÑлÑции адреÑов (NAT). + + + These options enable auxiliary sections in the generated shell script. + Эти опции подключают внешние Ñекции в генерируемом shell-Ñкрипте. + + + Prolog/Epilog + Prolog/Epilog + + + Edit + Редактировать + + + The following commands will be added verbatim on top of generated configuration + Следующие команду будут добавлены в начало генерируемого Ñкрипта конфигурации + + + The following commands will be added verbatim after generated configuration + Следующие команду будут добавлены в конец генерируемого Ñкрипта конфигурации + + + External install script + Внешний Ñкрипт Ð´Ð»Ñ ÑƒÑтановки + + + Built-in installer + Ð’Ñтроенный уÑтановщик + + + Additional command line parameters for ssh + Дполнительные опции командной Ñтроки Ð´Ð»Ñ ssh + + + Determine addresses of dynamic interfaces at run time + ОпределÑÑ‚ÑŒ адреÑа динамичеÑких интерфейÑов во Ð²Ñ€ÐµÐ¼Ñ Ð·Ð°Ð¿ÑƒÑка + + + Use PPTP proxy in NAT rules + ИÑпользовать pptp прокÑи Ð´Ð»Ñ NAT правил + + + Use IRC proxy in NAT rules for DCC + ИÑпользовать irc прокÑи Ð´Ð»Ñ DCC в NAT правилах + + + + ipfwAdvancedDialog + + Script Editor + Редактор Ñкриптов + + + + ipfwAdvancedDialog_q + + ipfw: advanced settings + ipfw: раÑширенные наÑтройки + + + &OK + OK + + + &Cancel + Отмена + + + Compiler + КомпилÑтор + + + Command line options for the compiler: + Опции командной Ñтроки Ð´Ð»Ñ ÐºÐ¾Ð¼Ð¿Ð¸Ð»Ñтора: + + + Compiler: + КомпилÑтор: + + + Always permit ssh access from +the management workstation +with this address: + Ð’Ñегда разрешать доÑтуп +по протоколу SSH Ñ ÑƒÐ¿Ñ€Ð°Ð²Ð»Ñющей +рабочей Ñтанции Ñ Ð°Ð´Ñ€ÐµÑом: + + + Ignore empty groups in rules + Игнорировать пуÑтые группы в правилах + + + If the option is deactivated, compiler treats empty groups as an error and aborts processing the policy. If this option is activated, compiler removes all empty groups from all rule elements. If rule element becomes 'any' after the last empty group has been removed, the whole rule will be ignored. Use this option only if you fully understand how it works! + При выключении Ñтой опции компилÑтор будет воÑпринимать пуÑтые группы в наборе правил как ошибку, а при включении - будет удалÑÑ‚ÑŒ при компилÑции пуÑтые группы из вÑех правил. Во втором Ñлучае еÑли поÑле ÑƒÐ´Ð°Ð»ÐµÐ½Ð¸Ñ Ð³Ñ€ÑƒÐ¿Ð¿Ñ‹ правило окажетÑÑ Ð¿ÑƒÑтым в том меÑте, где была группа (окажетÑÑ Ñ Ð¿Ð¾Ð»ÐµÐ¼ любой), то такое правило будет игнорироватьÑÑ. ИÑпользуйте Ñту опцию очень внимательно и оÑторожно! + + + Detect rule shadowing in policy + Ðаходить 'затенение' правил в наборе + + + Shadowing happens because a rule is a superset of a subsequent rule and any packets potentially matched by the subsequent rule have already been matched by the prior rule. + Затенение проиÑходит, когда одно правило идущее ранее делает одно или неÑколько Ñледующующих правил не рабочими. Это проиÑходит из-за того, что пакеты, которые должны попадать под уÑÐ»Ð¾Ð²Ð¸Ñ Ñледующих правил будут попадать под уÑловие первого правило. + + + Output file name (if left blank, the file name is constructed of the firewall object name and extension ".fw") + Ð˜Ð¼Ñ Ñ„Ð°Ð¹Ð»Ð° (по-умолчанию, еÑли пуÑтое, Ð¸Ð¼Ñ Ð±ÑƒÐ´ÐµÑ‚ ÑоÑтоÑÑ‚ÑŒ из Ð½Ð°Ð·Ð²Ð°Ð½Ð¸Ñ Ð¾Ð±ÑŠÐµÐºÑ‚Ð° межÑетевого Ñкрана и раÑÑˆÐ¸Ñ€ÐµÐ½Ð¸Ñ '.fw') + + + Installer + УÑтановщик + + + Command line options for the script: + Опции командной Ñтроки Ð´Ð»Ñ Ñкрипта: + + + Directory on the firewall where configuration files should be installed + Каталог на межÑетевом Ñкране, в которые должны быть уÑтановлены файлы конфигурации + + + User name used to authenticate to the firewall (leave this empty if you use putty session): + Ð˜Ð¼Ñ Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ, иÑпользуемое Ð´Ð»Ñ Ð°ÑƒÑ‚ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ†Ð¸Ð¸ на межÑетевом Ñкране (не заполнÑйте, еÑли иÑпользуете putty ÑеÑÑию): + + + Alternative name or address used to communicate with the firewall (also putty session name on Windows) + Ðльтернативный Ð°Ð´Ñ€ÐµÑ Ð¸Ð»Ð¸ Ð¸Ð¼Ñ Ð¼ÐµÐ¶Ñетевого Ñкрана Ð´Ð»Ñ ÑвÑзи Ñ Ð½Ð¸Ð¼ (в Windows поддерживаютÑÑ Ð½Ð°Ð·Ð²Ð°Ð½Ð¸Ñ ÑеÑÑий putty) + + + Policy install script (using built-in installer if this field is blank): + Скрипт уÑтановки набора правил (не заполнÑйте Ð´Ð»Ñ Ð¸ÑÐ¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ Ð²Ñтроенного Ñкрипта уÑтановки): + + + A command that installer should execute on the firewall in order to activate the policy (if this field is blank, installer runs firewall script in the directory specified above; it uses sudo if user name is not 'root') + Команда, иÑÐ¿Ð¾Ð»ÑŒÐ·ÑƒÐµÐ¼Ð°Ñ ÑƒÑтановщиком Ð´Ð»Ñ Ð·Ð°Ð³Ñ€ÑƒÐ·ÐºÐ¸ нового набора правил (еÑли Ñто поле пуÑтое, уÑтановщик будет выполнÑÑ‚ÑŒ Ñкрипт межÑетевого Ñкрана в указанном выше каталоге, он также будет иÑпользовать sudo, еÑли Ð¸Ð¼Ñ Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ð½Ðµ root) + + + Script Options + Опции Ñкрипта + + + Add virtual addresses for NAT + ДобавлÑÑ‚ÑŒ виртуальные адреÑа Ð´Ð»Ñ NAT + + + Configure Interfaces of the firewall machine + Конфигурировать интерфейÑÑ‹ межÑетевого Ñкрана + + + Turn debugging on in generated script + Включить режим отладки в генерируемом Ñкрипте + + + These options enable auxiliary sections in the generated shell script. + Эти опции подключают внешние Ñекции в генерируемом shell-Ñкрипте. + + + Prolog/Epilog + Prolog/Epilog + + + Edit + Редактировать + + + The following commands will be added verbatim after generated configuration + Следующие команду будут добавлены в конец генерируемого Ñкрипта конфигурации + + + The following commands will be added verbatim on top of generated configuration + Следующие команду будут добавлены в начало генерируемого Ñкрипта конфигурации + + + External install script + Внешний Ñкрипт Ð´Ð»Ñ ÑƒÑтановки + + + Built-in installer + Ð’Ñтроенный уÑтановщик + + + Directory on the firewall where script should be installed + Каталог на межÑетевом Ñкране, в которые должны быть уÑтановлены файлы конфигурации + + + Additional command line parameters for ssh + Дполнительные опции командной Ñтроки Ð´Ð»Ñ ssh + + + + iptAdvancedDialog + + Script Editor + Редактор Ñкриптов + + + + iptAdvancedDialog_q + + iptables: advanced settings + iptables: раÑширенные наÑтройки + + + &OK + OK + + + &Cancel + Отмена + + + Compiler + КомпилÑтор + + + Command line options for the compiler: + Опции командной Ñтроки Ð´Ð»Ñ ÐºÐ¾Ð¼Ð¿Ð¸Ð»Ñтора: + + + Always permit ssh access from +the management workstation +with this address: + Ð’Ñегда разрешать доÑтуп +по протоколу SSH Ñ ÑƒÐ¿Ñ€Ð°Ð²Ð»Ñющей +рабочей Ñтанции Ñ Ð°Ð´Ñ€ÐµÑом: + + + Accept ESTABLISHED and RELATED packets before the first rule + Добавить вначале набора Ñкрытое правило Ð´Ð»Ñ Ð¿Ñ€Ð¸ÐµÐ¼Ð° пакетов ÑÑоÑтоÑнием ÑÐ¾ÐµÐ´Ð¸ÐµÐ½Ð¸Ñ ESTABLISHED и RELATED + + + Bridging firewall + Поддержка режима моÑта + + + Detect shadowing in policy rules + Ðаходить 'затенение' правил в наборе + + + and log them + и протоколировать их + + + Assume firewall is part of 'any' + Считать межÑетевой Ñкран чаÑтью 'любого' + + + Accept TCP sessions opened prior to firewall restart + Ðе ÑбраÑывать TCP ÑеÑÑии открытые до загрузки нового набора правил межÑетевого Ñкрана + + + Drop packets that are associated with no known connection + Блокировать пакеты, которые не отноÑÑÑ‚ÑÑ Ðº разрешенным ÑоединениÑм + + + Clamp MSS to MTU + Выравнивать MSS до MTU + + + Enable support for NAT of locally originated connections + Разрешить NAT Ð´Ð»Ñ Ð»Ð¾ÐºÐ°Ð»ÑŒÐ½Ñ‹Ñ… Ñоединений + + + Ignore empty groups in rules + Игнорировать пуÑтые группы в правилах + + + Compiler: + КомпилÑтор: + + + Output file name (if left blank, the file name is constructed of the firewall object name and extension ".fw") + Ð˜Ð¼Ñ Ñ„Ð°Ð¹Ð»Ð° (по-умолчанию, еÑли пуÑтое, Ð¸Ð¼Ñ Ð±ÑƒÐ´ÐµÑ‚ ÑоÑтоÑÑ‚ÑŒ из Ð½Ð°Ð·Ð²Ð°Ð½Ð¸Ñ Ð¾Ð±ÑŠÐµÐºÑ‚Ð° межÑетевого Ñкрана и раÑÑˆÐ¸Ñ€ÐµÐ½Ð¸Ñ '.fw') + + + ICMP admin prohibited + ICMP admin prohibited + + + ICMP host prohibited + ICMP host prohibited + + + ICMP host unreachable + ICMP host unreachable + + + ICMP net prohibited + ICMP net prohibited + + + ICMP net unreachable + ICMP net unreachable + + + ICMP port unreachable + ICMP port unreachable + + + ICMP protocol unreachable + ICMP protocol unreachable + + + TCP RST + TCP RST + + + Default action on 'Reject': + Уведомление по-умолчанию Ð´Ð»Ñ Ð´ÐµÐ¹ÑÑ‚Ð²Ð¸Ñ 'Блокировать Ñ ÑƒÐ²ÐµÐ´Ð¾Ð¼Ð»ÐµÐ½Ð¸ÐµÐ¼': + + + Installer + УÑтановщик + + + Command line options for the script: + Опции командной Ñтроки Ð´Ð»Ñ Ñкрипта: + + + Directory on the firewall where script should be installed + Каталог на межÑетевом Ñкране, в которые должны быть уÑтановлены файлы конфигурации + + + User name used to authenticate to the firewall (leave this empty if you use putty session): + Ð˜Ð¼Ñ Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ, иÑпользуемое Ð´Ð»Ñ Ð°ÑƒÑ‚ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ†Ð¸Ð¸ на межÑетевом Ñкране (не заполнÑйте, еÑли иÑпользуете putty ÑеÑÑию): + + + Alternative name or address used to communicate with the firewall (also putty session name on Windows) + Ðльтернативный Ð°Ð´Ñ€ÐµÑ Ð¸Ð»Ð¸ Ð¸Ð¼Ñ Ð¼ÐµÐ¶Ñетевого Ñкрана Ð´Ð»Ñ ÑвÑзи Ñ Ð½Ð¸Ð¼ (в Windows поддерживаютÑÑ Ð½Ð°Ð·Ð²Ð°Ð½Ð¸Ñ ÑеÑÑий putty) + + + Policy install script (using built-in installer if this field is blank): + Скрипт уÑтановки набора правил (не заполнÑйте Ð´Ð»Ñ Ð¸ÑÐ¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ Ð²Ñтроенного Ñкрипта уÑтановки): + + + A command that installer should execute on the firewall in order to activate the policy (if this field is blank, installer runs firewall script in the directory specified above; it uses sudo if user name is not 'root') + Команда, иÑÐ¿Ð¾Ð»ÑŒÐ·ÑƒÐµÐ¼Ð°Ñ ÑƒÑтановщиком Ð´Ð»Ñ Ð·Ð°Ð³Ñ€ÑƒÐ·ÐºÐ¸ нового набора правил (еÑли Ñто поле пуÑтое, уÑтановщик будет выполнÑÑ‚ÑŒ Ñкрипт межÑетевого Ñкрана в указанном выше каталоге, он также будет иÑпользовать sudo, еÑли Ð¸Ð¼Ñ Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ð½Ðµ root) + + + Logging + ЗапиÑÑŒ в журнал (протоколирование) + + + use ULOG + иÑользовать ULOG + + + use LOG + иÑользовать LOG + + + log TCP seq. numbers + протоколировать номера поÑледовательноÑтей TCP + + + log IP options + Протоколировать опции IP + + + use numeric syslog levels + иÑпользовать цифры-номера уровней syslog + + + Log level: + Log level: + + + alert + alert + + + crit + crit + + + error + error + + + warning + warning + + + notice + notice + + + info + info + + + debug + debug + + + log TCP options + Протоколировать опции TCP + + + cprange + cprange + + + queue threshold: + queue threshold: + + + netlink group: + группа netlink: + + + Log prefix: + Log prefix: + + + Logging limit: + Ограничение протоколированиÑ: + + + /day + в день + + + /hour + в Ñ‡Ð°Ñ + + + /minute + в минуту + + + /second + в Ñекунду + + + Activate logging in all rules +(overrides rule options, use for debugging) + Включить протоколирование Ð´Ð»Ñ Ð²Ñех правил +(незавиÑимо от наÑтроек правил, иÑпользуетÑÑ Ð´Ð»Ñ Ð¾Ñ‚Ð»Ð°Ð´ÐºÐ¸) + + + Script Options + Опции Ñкрипта + + + These options enable auxiliary sections in the generated shell script. + Эти опции подключают внешние Ñекции в генерируемом shell-Ñкрипте. + + + Configure Interfaces of the firewall machine + Конфигурировать интерфейÑÑ‹ межÑетевого Ñкрана + + + Add virtual addresses for NAT + ДобавлÑÑ‚ÑŒ виртуальные адреÑа Ð´Ð»Ñ NAT + + + Turn debugging on in generated script + Включить режим отладки в генерируемом Ñкрипте + + + Verify interfaces before loading firewall policy + ПроверÑÑ‚ÑŒ наличие необходимых интерфейÑов межÑетевого Ñкрана перед загрузкой набора правил + + + Load modules + Загружать необходимые модули Ñдра + + + Drop packets that are associated with +no known connection + Блокировать пакеты, которые не отноÑÑÑ‚ÑÑ +к извеÑтным ÑоединениÑм + + + Prolog/Epilog + Prolog/Epilog + + + Edit + Редактировать + + + The following commands will be added verbatim after generated configuration + Следующие команду будут добавлены в конец генерируемого Ñкрипта конфигурации + + + The following commands will be added verbatim on top of generated configuration + Следующие команду будут добавлены в начало генерируемого Ñкрипта конфигурации + + + Insert prolog script + Ð’Ñтавить Ñкрипт пролога + + + on top of the script + в начало Ñкрипта + + + after interface configuration + поÑле ÐºÐ¾Ð½Ñ„Ð¸Ð³ÑƒÑ€Ð¸Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñов + + + after policy reset + поÑле ÑƒÐ´Ð°Ð»ÐµÐ½Ð¸Ñ Ñтрарого набора правил + + + Use iptables-restore to activate policy + ИÑпользовать команду iptables-restore Ð´Ð»Ñ Ð²ÐºÐ»ÑŽÑ‡ÐµÐ½Ð¸Ñ Ð½Ð°Ð±Ð¾Ñ€Ð° правил + + + iptables-restore replaces firewall policy in one atomic transaction + iptables-restore заменÑет набор правил межÑетевого Ñкрана единой атомарной транзакцией + + + External install script + Внешний Ñкрипт Ð´Ð»Ñ ÑƒÑтановки + + + Built-in installer + Ð’Ñтроенный уÑтановщик + + + Additional command line parameters for ssh + Дполнительные опции командной Ñтроки Ð´Ð»Ñ ssh + + + + linksysAdvancedDialog_q + + Linksys/Sveasoft: advanced settings + Linksys/Sveasoft: раÑширенные наÑтройки + + + &OK + OK + + + &Cancel + Отмена + + + Path + Путь + + + modprobe: + modprobe: + + + logger: + logger: + + + ip: + ip: + + + lsmod + lsmod + + + iptables: + iptables: + + + Specify directory path and a file name for each utility on your firewall machine. Leave these empty if you want to use default values. + Укажите полный путь к перечиÑленным утилитам в операционной ÑиÑтеме Ñтого межÑетевого Ñкрана. Ð”Ð»Ñ Ð½ÐµÐ·Ð°Ð¿Ð¾Ð»Ð½ÐµÐ½Ð½Ñ‹Ñ… полей будут иÑпользованы Ð·Ð½Ð°Ñ‡ÐµÐ½Ð¸Ñ Ð¿Ð¾-умолчанию. + + + Prompts + ÐŸÑ€Ð¸Ð³Ð»Ð°ÑˆÐµÐ½Ð¸Ñ + + + Policy installer relies on the shell prompt on the firewall to execute commands. Installer tries both prompt string patterns configured here; it assumes that the firewall is ready to accept a command if either prompt matches. You should only need to change these string patterns if Sveasoft changes the shell prompt in the future releases of the software. +<br> +<br> +The default strings work for Sveasoft Alchemy pre-5.1 and pre-5.2 + Программа уÑтановки набора правил выполнÑет команды только при наличии определенного Ð¿Ñ€Ð¸Ð³Ð»Ð°ÑˆÐµÐ½Ð¸Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð½Ð¾Ð¹ Ñтроки (она проверÑет наличие указанных здеÑÑŒ приглашений). ЕÑли программа уÑтановки видит указанные приглашениÑ, то она Ñчитает, что межÑетевой Ñкран готов Ð´Ð»Ñ Ð²Ñ‹Ð¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ñ‹. Изменение Ñтих Ñтрок приглашений может потребоватьÑÑ Ð² Ñлучае Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ Ð¿Ñ€Ð¸Ð³Ð»Ð°ÑˆÐµÐ½Ð¸Ð¹ командной Ñтроки в новых верÑиÑÑ… программного обеÑÐ¿ÐµÑ‡ÐµÐ½Ð¸Ñ Sveasoft. +<br> +<br> +По-умолчанию Ñтроки приглашений командной Ñтроки наÑтроены на Sveasoft Alchemy верÑий pre-5.1 и pre-5.2 + + + prompt 1 + приглашение 1 + + + prompt 2 + приглашение 2 + + + Use default prompts + ИÑпользовать Ð¿Ñ€Ð¸Ð³Ð»Ð°ÑˆÐµÐ½Ð¸Ñ Ð¿Ð¾ умолчанию + + + + linux24AdvancedDialog_q + + Linux 2.4: advanced settings + Linux 2.4/2.6: раÑширенные наÑтройки + + + &OK + OK + + + &Cancel + Отмена + + + Options + Опции + + + No change + Без изменений + + + On + Включить + + + Off + Выключить + + + Packet forwarding + ÐœÐ°Ñ€ÑˆÑ€ÑƒÑ‚Ð¸Ð·Ð°Ñ†Ð¸Ñ Ð¿Ð°ÐºÐµÑ‚Ð¾Ð² + + + Kernel anti-spoofing protection + Защита Ñдра от подмены адреÑа (anti-spoofing) + + + Ignore broadcast pings + Игнорировать широковещательные ICMP ping пакеты + + + Ignore all pings + Игнорировать вÑе ICMP ping пакеты + + + Accept source route + Принимать пакеты ICMP source route + + + Accept ICMP redirects + Принимать пакеты ICMP redirect + + + Ignore bogus ICMP errors + Игнорировать пакеты ICMP Ñо Ñтранными кодами ошибки + + + Allow dynamic addresses + Разрешить динамичнÑкие адреÑа + + + Log martians + ЗапиÑывать в журнал пакеты Ñ Ð¿Ð¾Ð´Ð¾Ð·Ñ€Ð¸Ñ‚ÐµÐ»ÑŒÐ½Ñ‹Ð¼Ð¸ адреÑами + + + TCP + TCP + + + These parameters make sense for connections to or from the firewall host + Эти параметры влиÑÑŽÑ‚ на ÑÐ¾ÐµÐ´Ð¸Ð½ÐµÐ½Ð¸Ñ Ð¸Ð´ÑƒÑ‰Ð¸Ðµ Ñ/на Ñам межÑетевой Ñкран + + + TCP sack + TCP sack + + + TCP window scaling + TCP window scaling + + + TCP ECN + TCP ECN + + + TCP SYN cookies + TCP SYN cookies + + + TCP keepalive time (sec) + TCP keepalive time (Ñекунд) + + + TCP fack + TCP fack + + + TCP timestamps + TCP timestamps + + + TCP FIN timeout (sec) + TCP FIN таймаут (Ñекунд) + + + Path + Путь + + + modprobe: + modprobe: + + + logger: + logger: + + + ip: + ip: + + + lsmod + lsmod + + + iptables: + iptables: + + + Specify directory path and a file name for each utility on your firewall machine. Leave these empty if you want to use default values. + Укажите полный путь к перечиÑленным утилитам в операционной ÑиÑтеме Ñтого межÑетевого Ñкрана. Ð”Ð»Ñ Ð½ÐµÐ·Ð°Ð¿Ð¾Ð»Ð½ÐµÐ½Ð½Ñ‹Ñ… полей будут иÑпользованы Ð·Ð½Ð°Ñ‡ÐµÐ½Ð¸Ñ Ð¿Ð¾-умолчанию. + + + iptables-restore: + iptables-restore: + + + + longTextDialog_q + + longTextDialog_q + longTextDialog_q + + + Continue + Продолжить + + + this is the error text + минут + + + + macosxAdvancedDialog_q + + MacOS X: advanced settings + MacOS X: раÑширенные наÑтройки + + + &OK + OK + + + &Cancel + Отмена + + + Options + Опции + + + Generate ICMP redirects + ОтправлÑÑ‚ÑŒ пакеты ICMP redirect + + + Packet forwarding + ÐœÐ°Ñ€ÑˆÑ€ÑƒÑ‚Ð¸Ð·Ð°Ñ†Ð¸Ñ Ð¿Ð°ÐºÐµÑ‚Ð¾Ð² + + + No change + Без изменений + + + On + Включить + + + Off + Выключить + + + Forward source routed packets + Маршрутизировать пакеты Ñ Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ð¸Ð·Ð°Ñ†Ð¸ÐµÐ¹ иÑточника + + + Path + Путь + + + ipfw: + ipfw: + + + sysctl: + sysctl: + + + Specify directory path and a file name for the following utilities on the OS your firewall machine is running. Leave these empty if you want to use default values. + Укажите полный путь к перечиÑленным утилитам в операционной ÑиÑтеме Ñтого межÑетевого Ñкрана. Ð”Ð»Ñ Ð½ÐµÐ·Ð°Ð¿Ð¾Ð»Ð½ÐµÐ½Ð½Ñ‹Ñ… полей будут иÑпользованы Ð·Ð½Ð°Ñ‡ÐµÐ½Ð¸Ñ Ð¿Ð¾-умолчанию. + + + + newFirewallDialog + + Missing SNMP community string. + Ðе указана Ñтрока SNMP community. + + + Address of %1 could not be obtained via DNS + Ð”Ð»Ñ Ð¸Ð¼ÐµÐ½Ð¸ %1 не может быть получен Ð°Ð´Ñ€ÐµÑ Ð¿Ñ€Ð¸ помощи DNS запроÑа + + + Interface: %1 (%2) + ИнтерфейÑ: %1 (%2) + + + Dynamic address + ДинамичеÑкий Ð°Ð´Ñ€ÐµÑ + + + Unnumbered interface + Ð˜Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð±ÐµÐ· адреÑа + + + Illegal address '%1/%2' + Ðекорректный Ð°Ð´Ñ€ÐµÑ %1/%2 + + + Check option 'dynamic address' for the interface that gets its IP address dynamically via DHCP or PPP protocol. + Включите опцию 'ДинамичеÑкий адреÑ' Ð´Ð»Ñ Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñов получающих IP Ð°Ð´Ñ€ÐµÑ Ð´Ð¸Ð½Ð°Ð¼Ð¸Ñ‡ÐµÑки. Чаще вÑего Ñто необходимо Ð´Ð»Ñ Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñов, которые получают Ð°Ð´Ñ€ÐµÑ Ñ‡ÐµÑ€ÐµÐ· DHCP Ð·Ð°Ð¿Ñ€Ð¾Ñ Ð¸Ð»Ð¸ иÑпользуют PPP. + + + Check option 'Unnumbered interface' for the interface that does not have an IP address. Examples of interfaces of this kind are those used to terminate PPPoE or VPN tunnels. + Включите опцию 'Ð˜Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð±ÐµÐ· адреÑа' Ð´Ð»Ñ Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñов не имеющих IP адреÑа. Чаще вÑего Ñто необходимо Ð´Ð»Ñ Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñов, которые иÑпользуютÑÑ Ð´Ð»Ñ ÑозданиÑ: PPPoE или VPN туннелей, моÑтов. + + + Bridge port + Порт моÑта + + + + newFirewallDialog_q + + New Firewall + Ðовый межÑетевой Ñкран + + + Enter the name of the new object below: + Ð˜Ð¼Ñ Ñоздаваемого объекта: + + + Choose firewall software it is running: + Тип межÑетевого Ñкрана: + + + Choose OS the new firewall runs on: + ÐžÐ¿ÐµÑ€Ð°Ñ†Ð¸Ð¾Ð½Ð½Ð°Ñ ÑиÑтема межÑетевого Ñкрана: + + + Use preconfigured template firewall objects + ИÑпользовать шаблоны межÑетевых Ñкранов + + + Next step is to add interfaces to the new firewall. There are two ways to do it: using SNMP query or manually. Adding them using SNMP query is fast and automatic, but is only possible if firewall runs SNMP agent and you know SNMP community string 'read'. + Теперь необходимо добавить интерфейÑÑ‹ Ð´Ð»Ñ Ñоздаваемого межÑетевого Ñкрана. Это можно Ñделать автоматичеÑки, иÑÐ¿Ð¾Ð»ÑŒÐ·ÑƒÑ SNMP Ð·Ð°Ð¿Ñ€Ð¾Ñ Ð¸Ð»Ð¸ вручную. SNMP Ð·Ð°Ð¿Ñ€Ð¾Ñ Ð²Ñ‹Ð¿Ð¾Ð»Ð½Ð¸Ñ‚ÑÑ Ñ‚Ð¾Ð»ÑŒÐºÐ¾ Ð´Ð»Ñ Ð¼ÐµÐ¶Ñетевых Ñкранов Ñ Ð²ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ‹Ð¼ SNMP ÑервиÑом и правильно указанной Ñтрокой community (Ð´Ð»Ñ Ñ‡Ñ‚ÐµÐ½Ð¸Ñ). + + + Configure interfaces manually + Сконфигурировать интерфейÑÑ‹ вручную + + + Use SNMP to discover interfaces of the firewall + ИÑпользовать SNMP Ð·Ð°Ð¿Ñ€Ð¾Ñ Ð´Ð»Ñ Ð¿Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð¸Ñ ÐºÐ¾Ð½Ñ„Ð¸Ð³ÑƒÑ€Ð°Ñ†Ð¸Ð¸ интерфейÑов + + + Discover Interfaces using SNMP + ИÑпользовать SNMP Ð·Ð°Ð¿Ñ€Ð¾Ñ Ð´Ð»Ñ Ð¿Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð¸Ñ ÐºÐ¾Ð½Ñ„Ð¸Ð³ÑƒÑ€Ð°Ñ†Ð¸Ð¸ интерфейÑов + + + SNMP 'read' community string: + SNMP Ñтрока community (Ð´Ð»Ñ Ñ‡Ñ‚ÐµÐ½Ð¸Ñ): + + + Check option 'Unnumbered interface' for the interface that does not have an IP address. Examples of interfaces of this kind are those used to terminate PPPoE or VPN tunnels and interfaces of the bridging firewall. + Включите опцию 'Ð˜Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð±ÐµÐ· адреÑа' Ð´Ð»Ñ Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñов не имеющих IP адреÑа. Чаще вÑего Ñто необходимо Ð´Ð»Ñ Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñов, которые иÑпользуютÑÑ Ð´Ð»Ñ ÑозданиÑ: PPPoE или VPN туннелей, моÑтов. + + + Check option 'dynamic address' for the interface that gets its IP address dynamically via DHCP or PPP protocol. + Включите опцию 'ДинамичеÑкий адреÑ' Ð´Ð»Ñ Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñов получающих IP Ð°Ð´Ñ€ÐµÑ Ð´Ð¸Ð½Ð°Ð¼Ð¸Ñ‡ÐµÑки. Чаще вÑего Ñто необходимо Ð´Ð»Ñ Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñов, которые получают Ð°Ð´Ñ€ÐµÑ Ñ‡ÐµÑ€ÐµÐ· DHCP Ð·Ð°Ð¿Ñ€Ð¾Ñ Ð¸Ð»Ð¸ иÑпользуют PPP. + + + Click 'Next' when done. + Ð”Ð»Ñ Ð¿Ñ€Ð¾Ð´Ð¾Ð»Ð¶ÐµÐ½Ð¸Ñ Ð½Ð°Ð¶Ð¼Ð¸Ñ‚Ðµ 'Далее'. + + + Name: + Ðазвание: + + + Label: + Метка: + + + Address: + ÐдреÑ: + + + Unnumbered interface + Ð˜Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð±ÐµÐ· адреÑа + + + This is unnumbered interface, that is, it does not have an IP address. You can use this for interfaces that terminate PPPoE or other VPN tunnels + Это Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð±ÐµÐ· адреÑа, то еÑÑ‚ÑŒ он не имеет IP адреÑа. Включаите Ñту опцию Ð´Ð»Ñ Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñов, которые иÑпользуютÑÑ Ð´Ð»Ñ ÑозданиÑ: PPPoE или VPN туннелей, моÑтов + + + Name + Ðазвание + + + Label + Метка + + + Address + ÐÐ´Ñ€ÐµÑ + + + Netmask + МаÑка подÑети + + + Dyn + Dyn + + + MAC + MAC + + + MAC: + MAC: + + + Dynamic address + ДинамичеÑкий Ð°Ð´Ñ€ÐµÑ + + + Address of this interface is assigned dynamically using DHCP or PPP protocol + Ð˜Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð¿Ð¾Ð»ÑƒÑ‡Ð°ÑŽÐµÑ‚ IP Ð°Ð´Ñ€ÐµÑ Ð´Ð¸Ð½Ð°Ð¼Ð¸Ñ‡ÐµÑки. Включаите Ñту опцию Ð´Ð»Ñ Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñов, которые получают Ð°Ð´Ñ€ÐµÑ Ñ‡ÐµÑ€ÐµÐ· DHCP Ð·Ð°Ð¿Ñ€Ð¾Ñ Ð¸Ð»Ð¸ иÑпользуют PPP + + + Netmask: + МаÑка подÑети: + + + Add + Добавить + + + Update + Обновить + + + Delete + Удалить + + + Here you can add or edit interfaces manually. 'Name' corresponds to the name of the physical interface, such as 'eth0', 'fxp0', 'ethernet0' etc. 'Label' is used to mark interface to reflect network topology, e.g. 'outside' or 'inside'. Label is mandatory for PIX firewall. + ЗдеÑÑŒ вы можете редактировать интерфейÑÑ‹ вручную. 'Ðазвание' ÑоответÑтвует названию физичеÑкого интерфейÑа, например: 'eth0' или 'fxp0'. Метка маркирует Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð´Ð»Ñ Ð¾Ñ‚Ñ€Ð°Ð¶ÐµÐ½Ð¸Ñ Ñетевой топологии (например 'внешний' или 'внутренний'). Указание метки обÑзательно Ð´Ð»Ñ Ð¼ÐµÐ¶Ñетевого Ñкрана PIX. + + + up + вверх + + + down + вниз + + + Security Level + Уровень безопаÑноÑти + + + Click 'Finish' when done. + Ð”Ð»Ñ Ð¿Ñ€Ð¾Ð´Ð¾Ð»Ð¶ÐµÐ½Ð¸Ñ Ð½Ð°Ð¶Ð¼Ð¸Ñ‚Ðµ 'Готово'. + + + In order to be able to build firewall policy properly, Firewall Builder needs information about 'security level' of the firewall's interfaces. Interface that connects it to the Internet is considered 'insecure' and has security level '0', while interface connected to the internal network is supposed to be 'secure' (security level '100'). You can arrange interfaces in the order of their security level below. + Каждому интерфейÑу межÑетевого Ñкрана должен быть назначен уровень безопаÑноÑти в диапазоне от 0 до 100. 0 означает меньшую безопаÑноÑÑ‚ÑŒ, 100 - бОльшую. Ðулевой уровень безопаÑноÑти чаще вÑего приÑваиваетÑÑ Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñу, подключенному к Ñети Internet. РаÑпределите интерфейÑÑ‹ в порÑдке их ÑƒÑ€Ð¾Ð²Ð½Ñ Ð±ÐµÐ·Ð¾Ð¿Ð°ÑноÑти ниже. + + + Choose template object in the list and click 'Finish' when ready. Template objects use generic interface names that will be iherited by the firewall object you create. You may need to rename them later to reflect real names of interfaces on your firewall machine. + Выберите объект - шаблон и нажмите 'Готово'. ПоÑле Ð´Ð¾Ð±Ð°Ð²Ð»ÐµÐ½Ð¸Ñ ÑˆÐ°Ð±Ð»Ð¾Ð½Ð° необходимо проверить и при необходимоÑти переименовать Ð½Ð°Ð·Ð²Ð°Ð½Ð¸Ñ Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñов межÑетевого Ñкрана. + + + Bridge port + Порт моÑта + + + Regular interface + Обычный Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ñ Ð°Ð´Ñ€ÐµÑом + + + + newGroupDialog_q + + New Group + ÐÐ¾Ð²Ð°Ñ Ð³Ñ€ÑƒÐ¿Ð¿Ð° + + + Library: + Библиотека: + + + Group Name: + Ðазвание группы: + + + This operation will create a new group and put selected objects in it + Эта Ð¾Ð¿ÐµÑ€Ð°Ñ†Ð¸Ñ ÑоздаÑÑ‚ группу и добавить в нее выбранные объекты + + + Create a group + ÐÐ¾Ð²Ð°Ñ Ð³Ñ€ÑƒÐ¿Ð¿Ð° + + + Cancel + Отмена + + + + newHostDialog + + Missing SNMP community string. + Ðе указана Ñтрока SNMP community. + + + Address of %1 could not be obtained via DNS + Ð”Ð»Ñ Ð¸Ð¼ÐµÐ½Ð¸ %1 не может быть получен Ð°Ð´Ñ€ÐµÑ Ð¿Ñ€Ð¸ помощи DNS запроÑа + + + Interface: %1 (%2) + ИнтерфейÑ: %1 (%2) + + + Dynamic address + ДинамичеÑкий Ð°Ð´Ñ€ÐµÑ + + + Unnumbered interface + Ð˜Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð±ÐµÐ· адреÑа + + + Illegal address '%1/%2' + Ðекорректный Ð°Ð´Ñ€ÐµÑ %1/%2 + + + + newHostDialog_q + + New Host + Ðовый узел + + + Enter the name of the new object below: + Ð˜Ð¼Ñ Ñоздаваемого объекта: + + + Use preconfigured template host objects + ИÑпользовать шаблоны межÑетевых Ñкранов + + + Next step is to add interfaces to the new host. There are two ways to do it: using SNMP query or manually. Adding them using SNMP query is fast and automatic, but is only possible if the host runs SNMP agent and you know SNMP community string 'read'. + Теперь необходимо добавить интерфейÑÑ‹ Ð´Ð»Ñ Ñоздаваемого межÑетевого Ñкрана. Это можно Ñделать автоматичеÑки, иÑÐ¿Ð¾Ð»ÑŒÐ·ÑƒÑ SNMP Ð·Ð°Ð¿Ñ€Ð¾Ñ Ð¸Ð»Ð¸ вручную. SNMP Ð·Ð°Ð¿Ñ€Ð¾Ñ Ð²Ñ‹Ð¿Ð¾Ð»Ð½Ð¸Ñ‚ÑÑ Ñ‚Ð¾Ð»ÑŒÐºÐ¾ Ð´Ð»Ñ Ð¼ÐµÐ¶Ñетевых Ñкранов Ñ Ð²ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ‹Ð¼ SNMP ÑервиÑом и правильно указанной Ñтрокой community (Ð´Ð»Ñ Ñ‡Ñ‚ÐµÐ½Ð¸Ñ). + + + Configure interfaces manually + Сконфигурировать интерфейÑÑ‹ вручную + + + Use SNMP to discover interfaces of the host + ИÑпользовать SNMP Ð·Ð°Ð¿Ñ€Ð¾Ñ Ð´Ð»Ñ Ð¿Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð¸Ñ ÐºÐ¾Ð½Ñ„Ð¸Ð³ÑƒÑ€Ð°Ñ†Ð¸Ð¸ интерфейÑов + + + Discover Interfaces using SNMP + ИÑпользовать SNMP Ð·Ð°Ð¿Ñ€Ð¾Ñ Ð´Ð»Ñ Ð¿Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð¸Ñ ÐºÐ¾Ð½Ñ„Ð¸Ð³ÑƒÑ€Ð°Ñ†Ð¸Ð¸ интерфейÑов + + + SNMP 'read' community string: + SNMP Ñтрока community (Ð´Ð»Ñ Ñ‡Ñ‚ÐµÐ½Ð¸Ñ): + + + Check option 'Unnumbered interface' for the interface that does not have an IP address. Examples of interfaces of this kind are those used to terminate PPPoE or VPN tunnels. + Включите опцию 'Ð˜Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð±ÐµÐ· адреÑа' Ð´Ð»Ñ Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñов не имеющих IP адреÑа. Чаще вÑего Ñто необходимо Ð´Ð»Ñ Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñов, которые иÑпользуютÑÑ Ð´Ð»Ñ ÑозданиÑ: PPPoE или VPN туннелей, моÑтов. + + + Check option 'dynamic address' for the interface that gets its IP address dynamically via DHCP or PPP protocol. + Включите опцию 'ДинамичеÑкий адреÑ' Ð´Ð»Ñ Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñов получающих IP Ð°Ð´Ñ€ÐµÑ Ð´Ð¸Ð½Ð°Ð¼Ð¸Ñ‡ÐµÑки. Чаще вÑего Ñто необходимо Ð´Ð»Ñ Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñов, которые получают Ð°Ð´Ñ€ÐµÑ Ñ‡ÐµÑ€ÐµÐ· DHCP Ð·Ð°Ð¿Ñ€Ð¾Ñ Ð¸Ð»Ð¸ иÑпользуют PPP. + + + Click 'Next' when done. + Ð”Ð»Ñ Ð¿Ñ€Ð¾Ð´Ð¾Ð»Ð¶ÐµÐ½Ð¸Ñ Ð½Ð°Ð¶Ð¼Ð¸Ñ‚Ðµ 'Далее'. + + + Name: + Ðазвание: + + + Label: + Метка: + + + Address: + ÐдреÑ: + + + Unnumbered interface + Ð˜Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð±ÐµÐ· адреÑа + + + This is unnumbered interface, that is, it does not have an IP address. You can use this for interfaces that terminate PPPoE or other VPN tunnels + Это Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð±ÐµÐ· адреÑа, то еÑÑ‚ÑŒ он не имеет IP адреÑа. Включаите Ñту опцию Ð´Ð»Ñ Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñов, которые иÑпользуютÑÑ Ð´Ð»Ñ ÑозданиÑ: PPPoE или VPN туннелей, моÑтов + + + Name + Ðазвание + + + Label + Метка + + + Address + ÐÐ´Ñ€ÐµÑ + + + Netmask + МаÑка подÑети + + + Dyn + Dyn + + + MAC + MAC + + + MAC: + MAC: + + + Dynamic address + ДинамичеÑкий Ð°Ð´Ñ€ÐµÑ + + + Address of this interface is assigned dynamically using DHCP or PPP protocol + Ð˜Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð¿Ð¾Ð»ÑƒÑ‡Ð°ÑŽÐµÑ‚ IP Ð°Ð´Ñ€ÐµÑ Ð´Ð¸Ð½Ð°Ð¼Ð¸Ñ‡ÐµÑки. Включите Ñту опцию Ð´Ð»Ñ Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñов, которые получают Ð°Ð´Ñ€ÐµÑ Ñ‡ÐµÑ€ÐµÐ· DHCP Ð·Ð°Ð¿Ñ€Ð¾Ñ Ð¸Ð»Ð¸ иÑпользуют PPP + + + Netmask: + МаÑка подÑети: + + + Add + Добавить + + + Update + Обновить + + + Delete + Удалить + + + Here you can add or edit interfaces manually. 'Name' corresponds to the name of the physical interface, such as 'eth0', 'fxp0', 'ethernet0' etc. 'Label' is used to mark interface to reflect network topology, e.g. 'outside' or 'inside'. + ЗдеÑÑŒ вы можете редактировать интерфейÑÑ‹ вручную. 'Ðазвание' ÑоответÑтвует названию физичеÑкого интерфейÑа, например: 'eth0' или 'fxp0'. Метка маркирует Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð´Ð»Ñ Ð¾Ñ‚Ñ€Ð°Ð¶ÐµÐ½Ð¸Ñ Ñетевой топологии (например 'внешний' или 'внутренний'). Указание метки обÑзательно Ð´Ð»Ñ Ð¼ÐµÐ¶Ñетевого Ñкрана PIX. + + + Choose template object in the list and click 'Finish' when ready. Template objects use generic interface names that will be iherited by the firewall object you create. You may need to rename them later to reflect real names of interfaces on your firewall machine. + Выберите объект - шаблон и нажмите 'Готово'. ПоÑле Ð´Ð¾Ð±Ð°Ð²Ð»ÐµÐ½Ð¸Ñ ÑˆÐ°Ð±Ð»Ð¾Ð½Ð° необходимо проверить и при необходимоÑти переименовать Ð½Ð°Ð·Ð²Ð°Ð½Ð¸Ñ Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñов межÑетевого Ñкрана. + + + + openbsdAdvancedDialog_q + + OpenBSD: advanced settings + OpenBSD: раÑширенные наÑтройки + + + &OK + OK + + + &Cancel + Отмена + + + Options + Опции + + + Forward source routed packets + Маршрутизировать пакеты Ñ Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ð¸Ð·Ð°Ñ†Ð¸ÐµÐ¹ иÑточника + + + Enable directed broadcast + Разрешить направленные широковещательные пакеты + + + No change + Без изменений + + + On + Включить + + + Off + Выключить + + + Packet forwarding + ÐœÐ°Ñ€ÑˆÑ€ÑƒÑ‚Ð¸Ð·Ð°Ñ†Ð¸Ñ Ð¿Ð°ÐºÐµÑ‚Ð¾Ð² + + + Generate ICMP redirects + ОтправлÑÑ‚ÑŒ ICMP redirect-Ñ‹ + + + Path + Путь + + + pfctl: + pfctl: + + + sysctl: + sysctl: + + + Specify directory path and a file name for the following utilities on the OS your firewall machine is running. Leave these empty if you want to use default values. + Укажите полный путь к перечиÑленным утилитам в операционной ÑиÑтеме Ñтого межÑетевого Ñкрана. Ð”Ð»Ñ Ð½ÐµÐ·Ð°Ð¿Ð¾Ð»Ð½ÐµÐ½Ð½Ñ‹Ñ… полей будут иÑпользованы Ð·Ð½Ð°Ñ‡ÐµÐ½Ð¸Ñ Ð¿Ð¾-умолчанию. + + + + pageSetupDialog_q + + Page Setup + ÐаÑтройка Ñтраницы + + + start each section on a new page + начинать каждую Ñекцию на новой Ñтранице + + + print header on every page + печатать заголовок на каждой Ñтранице + + + print legend + печатать уÑловные Ð¾Ð±Ð¾Ð·Ð½Ð°Ñ‡ÐµÐ½Ð¸Ñ + + + print objects used in rules + печатать объекты, иÑпользованные в правилах + + + &OK + OK + + + Alt+O + Alt-O + + + &Cancel + Отмена + + + Alt+C + Alt+C + + + Scale tables: + МаÑштаб: + + + 50% + 50% + + + 75% + 75% + + + 100% + 100% + + + 150% + 150% + + + 200% + 200% + + + + pfAdvancedDialog + + Script Editor + Редактор Ñкриптов + + + + pfAdvancedDialog_q + + pf: advanced settings + pf: раÑширенные наÑтройки + + + &OK + OK + + + &Cancel + Отмена + + + Compiler + КомпилÑтор + + + Compiler: + КомпилÑтор: + + + Command line options for the compiler: + Опции командной Ñтроки Ð´Ð»Ñ ÐºÐ¾Ð¼Ð¿Ð¸Ð»Ñтора: + + + Always permit ssh access from +the management workstation +with this address: + Ð’Ñегда разрешать доÑтуп +по протоколу SSH Ñ ÑƒÐ¿Ñ€Ð°Ð²Ð»Ñющей +рабочей Ñтанции Ñ Ð°Ð´Ñ€ÐµÑом: + + + Aggressive + ÐгреÑивный + + + Conservative + КонÑервативный + + + For high latency + С выÑокой латентноÑтью + + + Normal + Ðормальный + + + Optimization: + ОптимизациÑ: + + + state table size: + размер таблицы ÑоÑтоÑний: + + + maximum number of entries in the memory pool used for state table entries + макиÑмальное количеÑтво запиÑей в пуле памÑти, иÑпользуемого Ð´Ð»Ñ Ð·Ð°Ð¿Ð¸Ñей таблицы ÑоÑтоÑний + + + reassembly pool: + переÑобирающий пул: + + + maximum number of entries in the memory pool used for packet reassembly + макиÑмальное количеÑтво запиÑей в пуле памÑти, иÑпользуемого переÑборки пакетов + + + Accept TCP sessions opened prior to firewall restart + Ðе ÑбраÑывать TCP ÑеÑÑии открытые до загрузки нового набора правил межÑетевого Ñкрана + + + Modulate state for all stateful rules (applies only to TCP services) + Моделировать ÑоÑтоÑние Ð´Ð»Ñ Ð²Ñех правил Ñ Ñ„Ð¸Ð»ÑŒÑ‚Ñ€Ð°Ñ†Ð¸ÐµÐ¹ по ÑоÑтоÑнию (только Ð´Ð»Ñ TCP ÑервиÑов) + + + Detect rule shadowing in policy + Ðаходить 'затенение' правил в наборе + + + Shadowing happens because a rule is a superset of a subsequent rule and any packets potentially matched by the subsequent rule have already been matched by the prior rule. + Затенение проиÑходит, когда одно правило идущее ранее делает одно или неÑколько Ñледующующих правил не рабочими. Это проиÑходит из-за того, что пакеты, которые должны попадать под уÑÐ»Ð¾Ð²Ð¸Ñ Ñледующих правил будут попадать под уÑловие первого правило. + + + Ignore empty groups in rules + Игнорировать пуÑтые группы в правилах + + + If the option is deactivated, compiler treats empty groups as an error and aborts processing the policy. If this option is activated, compiler removes all empty groups from all rule elements. If rule element becomes 'any' after the last empty group has been removed, the whole rule will be ignored. Use this option only if you fully understand how it works! + При выключении Ñтой опции компилÑтор будет воÑпринимать пуÑтые группы в наборе правил как ошибку, а при включении - будет удалÑÑ‚ÑŒ при компилÑции пуÑтые группы из вÑех правил. Во втором Ñлучае еÑли поÑле ÑƒÐ´Ð°Ð»ÐµÐ½Ð¸Ñ Ð³Ñ€ÑƒÐ¿Ð¿Ñ‹ правило окажетÑÑ Ð¿ÑƒÑтым в том меÑте, где была группа (окажетÑÑ Ñ Ð¿Ð¾Ð»ÐµÐ¼ любой), то такое правило будет игнорироватьÑÑ. ИÑпользуйте Ñту опцию очень внимательно и оÑторожно! + + + Output file name (if left blank, the file name is constructed of the firewall object name and extension ".fw") + Ð˜Ð¼Ñ Ñ„Ð°Ð¹Ð»Ð° (по-умолчанию, еÑли пуÑтое, Ð¸Ð¼Ñ Ð±ÑƒÐ´ÐµÑ‚ ÑоÑтоÑÑ‚ÑŒ из Ð½Ð°Ð·Ð²Ð°Ð½Ð¸Ñ Ð¾Ð±ÑŠÐµÐºÑ‚Ð° межÑетевого Ñкрана и раÑÑˆÐ¸Ñ€ÐµÐ½Ð¸Ñ '.fw') + + + Pass all outgoing + Разрешить вÑе иÑходÑщие + + + Generate both 'in' and 'out' rules + Генерировать правила как входÑщие, так и иÑходÑщие + + + There are two ways compiler can generate code for rules in the Global Policy: it can either create two ipf rules to control both incoming and outgoing packets for each rule, or it can create only one ipf rule for incoming packets and permit all outgoing ones.You get more control over the packets crossing the firewall in the first mode, but generated script is going to be smaller if you choose the second. + КомпилÑÑ†Ð¸Ñ Ð¿Ñ€Ð°Ð²Ð¸Ð» глобальной политики может проходить Ð´Ð²ÑƒÐ¼Ñ Ð¿ÑƒÑ‚Ñми: или путем ÑÐ¾Ð·Ð´Ð°Ð½Ð¸Ñ Ð´Ð²ÑƒÑ… правил межÑетевого Ñкрана Ð´Ð»Ñ Ð²Ñ…Ð¾Ð´Ñщих и иÑходÑщих пакетов ÑоответÑтвенно Ð´Ð»Ñ ÐºÐ°Ð¶Ð´Ð¾Ð³Ð¾ правила политики или путем ÑÐ¾Ð·Ð´Ð°Ð½Ð¸Ñ Ð¾Ð´Ð½Ð¾Ð³Ð¾ правила Ð´Ð»Ñ Ð²Ñ…Ð¾Ð´Ñщих пакетов (в Ñтом Ñлучае вÑе иÑходÑщие пакеты будут разрешены). Ð’ первом Ñлучае вы лучше контролируете межÑетевой Ñкран, во втором - уменьшаетÑÑ Ñоздаваемый Ñкрипт. + + + Scrub rule options + Подчищать опции правил + + + Enforce Minimum TTL: + Задать минимальный TTL: + + + Enforce Maximum MSS: + Задать макÑимальный MSS: + + + Enforces a maximum Maximum Segment Size (MSS) in TCP packet headers. + Задает макÑимальный размер Ñегмента (MSS) в заголовках TCP пакетов. + + + Enforces a minimum Time To Live (TTL) in IP packet headers. + Задает минимальное Ð²Ñ€ÐµÐ¼Ñ Ð¶Ð¸Ð·Ð½Ð¸ (TTL) в заголовках IP пакетов. + + + Reassemble fragments + ПереÑобирать фрагменты + + + Clear DF bit + Очищать бит DF + + + Clears the don't fragment bit from the IP packet header. + Очищать бит не фрагментированный в заголовках IP-пакетов. + + + Use random ID + ИÑпользовать Ñлучайный ID + + + Replaces the IP identification field of outgoing packets with random values to compensate for operating systems that use predictable values. + Заменить значение Ð¿Ð¾Ð»Ñ Ð¸Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ†Ð¸Ð¸ иÑходÑщих IP пакетов на Ñлучайное значение Ð´Ð»Ñ Ð·Ð°Ñ‰Ð¸Ñ‚Ñ‹ от атак на операционные ÑиÑтемы, иÑпользующие легко предÑказуемые значениÑ. + + + Buffer and reassemble fragments (default) + Буферизовать и переÑобирать фрагменты (по-умолчанию) + + + Buffers incoming packet fragments and reassembles them into a complete packet before passing them to the filter engine. + Буферизовать входÑщие фрагменты пакетов и переÑобирать их в целый пакет перед отправкой в фильтр межÑетевого Ñкрана. + + + Drop duplicate fragments, do not buffer and reassemble + Блокировать дубликаты фрагментов, не буферизовать и не переÑобирать их + + + Causes duplicate fragments to be dropped and any overlaps to be cropped. + Блокировать дубликаты фрагментов и вырезать любые Ð½Ð°Ð»Ð¾Ð¶ÐµÐ½Ð¸Ñ Ñ„Ñ€Ð°Ð³Ð¼ÐµÐ½Ñ‚Ð¾Ð². + + + Drop duplicate and subsequent fragments + Блокировать дубликаты и поÑледующие за ними фрагменты + + + Similar to 'Drop duplicate fragments' except that all duplicate or overlapping fragments will be dropped as well as any further corresponding fragments. + То же, что и Блокировать дубликаты фрагментов, но также будут блокироватьÑÑ Ð²Ñе накладывающиеÑÑ Ð¸ вÑе поÑледующие за ними фрагменты. + + + Timeouts + Таймауты + + + When a packet matches a stateful connection, the seconds to live for the connection will be updated to the value which corresponds to the connection state. + При ÑоответÑтвии пакета фильруемому по ÑоÑтоÑнию Ñоединению, количеÑтво Ñекунд жизни ÑÐ¾ÐµÐ´Ð¸Ð½ÐµÐ½Ð¸Ñ Ð±ÑƒÐ´ÐµÑ‚ обновлено и уÑтановлено в значение, которое ÑоответÑтвует ÑоÑтоÑнию ÑоединениÑ. + + + TCP + TCP + + + first + first + + + The state after the first packet. + СоÑтоÑние поÑле первого пакета. + + + opening + opening + + + The state before the destination host ever sends a packet. + СоÑтоÑние перед тем, как узел Ð½Ð°Ð·Ð½Ð°Ñ‡ÐµÐ½Ð¸Ñ Ð¾Ñ‚Ð²ÐµÑ‚Ð¸Ð» на пакет. + + + established + established + + + The fully established state. + СоÑÑ‚Ñние уÑпешно уÑтановленного ÑоединениÑ. + + + The state after the first FIN has been sent. + СоÑтоÑние поÑле отправки первого пакета Ñ ÑƒÑтановленным флагом FIN. + + + closing + closing + + + The state after both FINs have been exchanged and the connection is closed. + СоÑтоÑние поÑле отправки обоих пакетов Ñ ÑƒÑтановленным флагом FIN и Ð·Ð°ÐºÑ€Ñ‹Ñ‚Ð¸Ñ ÑоединениÑ. + + + finwait + finwait + + + The state after one endpoint sends an RST. + СоÑтоÑние поÑле отправки одной из Ñторон пакета Ñ ÑƒÑтановленным флагом RST. + + + closed + closed + + + UDP + UDP + + + single + single + + + The state if the source host sends more than one packet but the destination host has never sent one back. + СоÑтоÑние поÑле отправики одной из Ñторон неÑкольких пакетов и неполучении от второй Ñтороны ни одного пакета в ответ. + + + multiple + multiple + + + The state if both hosts have sent packets. + СоÑтоÑние поÑле отправки обеими Ñторонами пакетов. + + + ICMP + ICMP + + + The state after an ICMP error came back in response to an ICMP packet. + СоÑтоÑние поÑле Ð¿Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð¸Ñ ICMP ÑÐ¾Ð¾Ð±Ñ‰ÐµÐ½Ð¸Ñ Ð¾Ð± ошибке в ответ на отправленный ICMP пакет. + + + error + ошибка + + + Other Protocols + Другие протоколы + + + Fragments + Фрагменты + + + reassembly timeout + таймаут переÑборки + + + state expiration timeout + таймаут Ð´Ð»Ñ ÑоÑтоÑÐ½Ð¸Ñ ÑÐ¾ÐµÐ´Ð¸Ð½ÐµÐ½Ð¸Ñ + + + seconds between purges of expired states and packet fragments. + количеÑтво Ñекунд Ð´Ð»Ñ Ñ‚Ð°Ð¹Ð¼Ð°ÑƒÑ‚Ð° очиÑтки ÑоÑтоÑÐ½Ð¸Ñ ÑÐ¾ÐµÐ´Ð¸Ð½ÐµÐ½Ð¸Ñ Ð¸ фрагментов пакетов. + + + seconds before an unassembled fragment is expired. + количеÑтво Ñекунд Ð´Ð»Ñ Ñ‚Ð°Ð¹Ð¼Ð°ÑƒÑ‚Ð° неÑобранных фрагментов. + + + Adaptive scaling + Ðдаптивное маÑштабирование + + + Timeout values can be reduced adaptively as the number of state table entries grows (see man page pf.conf(5) for details) + Ð—Ð½Ð°Ñ‡ÐµÐ½Ð¸Ñ Ñ‚Ð°Ð¹Ð¼Ð°ÑƒÑ‚Ð¾Ð² могут изменÑÑ‚ÑŒÑÑ Ð°Ð´Ð°Ð¿Ñ‚Ð¸Ð²Ð½Ð¾ в завиÑимоÑти от Ñитуации (количеÑтва запиÑей в таблице ÑоÑтоÑний Ñоединений, Ñм. Ñтраницу руководÑтва man pf.conf(5)) + + + adaptive start + начало адаптивного маÑÑˆÑ‚Ð°Ð±Ð¸Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ + + + When the number of state entries exceeds this value, adaptive scaling begins. + Когда, количеÑтво запиÑей в таблице Ñоединений превыÑит Ñто значение, включитÑÑ Ð°Ð´Ð°Ð¿Ñ‚Ð¸Ð²Ð½Ð¾Ðµ маÑштабирование. + + + adaptive end + конец адаптивного маÑÑˆÑ‚Ð°Ð±Ð¸Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ + + + When reaching this number of state entries, all timeout val- ues become zero, effectively purging all state entries imme- diately. + Когда, количеÑтво запиÑей в таблице Ñоединений доÑтигнет Ñтого значениÑ, вÑе таймауты запиÑей в таблице Ñоединений уÑтановÑÑ‚ÑÑ Ð² ноль, таким образом произойдет Ð½ÐµÐ¼ÐµÐ´Ð»ÐµÐ½Ð½Ð°Ñ Ð¸ ÑÑ„Ñ„ÐµÐºÑ‚Ð¸Ð²Ð½Ð°Ñ ÐµÑ‘ очиÑтка. + + + Activate adaptive timeout scaling + Включить адаптивное маÑштабирование таймаутов + + + Installer + УÑтановщик + + + Command line options for the script: + Опции командной Ñтроки Ð´Ð»Ñ Ñкрипта: + + + Directory on the firewall where configuration files should be installed + Каталог на межÑетевом Ñкране, в который должны быть уÑтановлены файлы конфигурации + + + User name used to authenticate to the firewall (leave this empty if you use putty session): + Ð˜Ð¼Ñ Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ, иÑпользуемое Ð´Ð»Ñ Ð°ÑƒÑ‚ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ†Ð¸Ð¸ на межÑетевом Ñкране (не заполнÑйте, еÑли иÑпользуете putty ÑеÑÑию): + + + Alternative name or address used to communicate with the firewall (also putty session name on Windows) + Ðльтернативный Ð°Ð´Ñ€ÐµÑ Ð¸Ð»Ð¸ Ð¸Ð¼Ñ Ð¼ÐµÐ¶Ñетевого Ñкрана Ð´Ð»Ñ ÑвÑзи Ñ Ð½Ð¸Ð¼ (в Windows поддерживаютÑÑ Ð½Ð°Ð·Ð²Ð°Ð½Ð¸Ñ ÑеÑÑий putty) + + + Policy install script (using built-in installer if this field is blank): + Скрипт уÑтановки набора правил (не заполнÑйте Ð´Ð»Ñ Ð¸ÑÐ¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ Ð²Ñтроенного Ñкрипта уÑтановки): + + + A command that installer should execute on the firewall in order to activate the policy (if this field is blank, installer runs firewall script in the directory specified above; it uses sudo if user name is not 'root') + Команда, иÑÐ¿Ð¾Ð»ÑŒÐ·ÑƒÐµÐ¼Ð°Ñ ÑƒÑтановщиком Ð´Ð»Ñ Ð·Ð°Ð³Ñ€ÑƒÐ·ÐºÐ¸ нового набора правил (еÑли Ñто поле пуÑтое, уÑтановщик будет выполнÑÑ‚ÑŒ Ñкрипт межÑетевого Ñкрана в указанном выше каталоге, он также будет иÑпользовать sudo, еÑли Ð¸Ð¼Ñ Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ð½Ðµ root) + + + Logging + ЗапиÑÑŒ в журнал (протоколирование) + + + Log Prefix + Log prefix + + + Fallback "deny all" rule should log blocked packets + ЗапиÑывать в журнал блокированные пакеты (только правилом по-умолчанию блокировать вÑе) + + + Script Options + Опции Ñкрипта + + + Add virtual addresses for NAT + ДобавлÑÑ‚ÑŒ виртуальные адреÑа Ð´Ð»Ñ NAT + + + Configure Interfaces of the firewall machine + Конфигурировать интерфейÑÑ‹ межÑетевого Ñкрана + + + Turn debugging on in generated script + Включить режим отладки в генерируемом Ñкрипте + + + These options enable auxiliary sections in the generated shell script. + Эти опции подключают внешние Ñекции в генерируемом shell-Ñкрипте. + + + Prolog/Epilog + Prolog/Epilog + + + Edit + Редактировать + + + The following commands will be added verbatim after generated configuration + Следующие команду будут добавлены в конец генерируемого Ñкрипта конфигурации + + + The following commands will be added verbatim on top of generated configuration + Следующие команду будут добавлены в начало генерируемого Ñкрипта конфигурации + + + External install script + Внешний Ñкрипт Ð´Ð»Ñ ÑƒÑтановки + + + Built-in installer + Ð’Ñтроенный уÑтановщик + + + Directory on the firewall where script should be installed + Каталог на межÑетевом Ñкране, в которые должны быть уÑтановлены файлы конфигурации + + + Additional command line parameters for ssh + Дполнительные опции командной Ñтроки Ð´Ð»Ñ ssh + + + state table size: + размер таблицы ÑоÑтоÑний: + + + reassembly pool: + пул переÑборки: + + + + pixAdvancedDialog + + Script Editor + Редактор Ñкриптов + + + Error: Policy compiler for PIX is not installed + Ошибка: компилÑтор наборов правил Ð´Ð»Ñ Ð¼ÐµÐ¶Ñетевого Ñкрана PIX не уÑтановлен + + + Compiler error + Ошибка компилÑции + + + + pixAdvancedDialog_q + + PIX Firewall Settings + ÐаÑтройки межÑетевого Ñкрана PIX + + + OK + OK + + + Cancel + Отмена + + + Compiler Options + Опции компилÑтора + + + Always permit ssh access from +the management workstation +with this address: + Ð’Ñегда разрешать доÑтуп +по протоколу SSH Ñ ÑƒÐ¿Ñ€Ð°Ð²Ð»Ñющей +рабочей Ñтанции Ñ Ð°Ð´Ñ€ÐµÑом: + + + Verification of NAT rules + Проверка NAT правил + + + Check for duplicate nat rules + ПроверÑÑ‚ÑŒ на наличие дублирующих правил Ñетевой транÑлÑции адреÑов (NAT) + + + Check for overlapping global pools + Проверка наложений глобальных пулов + + + Check for overlapping statics + Проверка Ð½Ð°Ð»Ð¾Ð¶ÐµÐ½Ð¸Ñ Ñтатики + + + Check for overlapping global pools and statics + Проверка наложений глобальных пулов и Ñтатики + + + Script formatting + Форматирование Ñкрипта + + + Comment the code + Комментировать код + + + Insert comments into generated PIX configuration file + Ð’Ñтавить комментарии в генерируемый файл конфигурации межÑетевого Ñкрана PIX + + + Use ACL remarks + ИÑпользовать ремарки ACL + + + Use ACL remarks to relate ACL commands and policy rules in the GUI + ИÑпользовать ремарки ACL Ð´Ð»Ñ Ð·Ð°Ð´Ð°Ð½Ð¸Ñ Ð¾Ñ‚Ð½Ð¾ÑˆÐµÐ½Ð¸Ð¹ между командами Ñкрипта и набором правил в GUI + + + Group similar commands together + Группировать Ñхожие команды вмеÑте + + + Group PIX commands in the script so that similar commands appear next to each other, just like PIX does it when you use 'show config' + Группировать команды в Ñкрипте, так чтобы Ñхожие команды шли друг за другом, подобно тому, как межÑетевой Ñкран PIX вывходит конфигурацию по команде show config + + + Policy Compiler Options + Опции компилÑтора набора правил + + + Emulate outbound ACLs + Эмулировать иÑходÑщие ACL + + + Normally PIX does not support ouotbound ACL, however policy compiler can emulate them if this option is turned on + Обычно межÑетевой Ñкран не поддерживает иÑходÑщих ACL, однако компилÑтор набора правил может Ñмулировать их, еÑли Ñта Ð¾Ð¿Ñ†Ð¸Ñ Ð²ÐºÐ»ÑŽÑ‡ÐµÐ½Ð° + + + Assume firewall is part of 'any' + Считать межÑетевой Ñкран чаÑтью 'любого' + + + Generate rules assuming the firewall is part of "Any". This makes a difference in rules that use services 'ssh' and 'telnet' since PIX uses special commands to control ssh and telnet access to the firewall machine + Генерировать правила ÑÑ‡Ð¸Ñ‚Ð°Ñ Ð¼ÐµÐ¶Ñетевой Ñкран чаÑтью любого. МежÑетевой Ñкран PIX иÑпользует Ñпециальные команды Ð´Ð»Ñ ÐºÐ¾Ð½Ñ‚Ñ€Ð¾Ð»Ñ Ð´Ð¾Ñтупа по протоколам ssh и telnet к Ñамому межÑетевому Ñкрану + + + Replace NAT'ted objects with their +translations in policy rules + Заменить транÑлируемые объекты (NAT) на +их траÑлÑции (другие объекты) в наборе правил + + + PIX inspects packets with ACLs before it does NAT, while many other firewalls do NAT first and then apply ACLs. Policy compiler can emulate the latter behaviour if this options is turned on. + МежÑетевой Ñкран PIX инÑпектирует пакеты Ñ Ð¸Ñпользованием ACL перед выполнением Ñетевой транÑлÑции адреÑов (NAT), тогда как многие другие Ñкраны дейÑтвуют наоборот. КомпилÑтор набора правил может Ñмулировать второй вариант Ð¿Ð¾Ð²ÐµÐ´ÐµÐ½Ð¸Ñ Ð¿Ñ€Ð¸ включении Ñтой опции. + + + Generate 'clear' commands + Генерировать команды clear + + + check this option to make compiler add 'clear' statements to remove all pre-existing ACLs and NAT commands + включите Ñту опцию, чтобы компилÑтор добавлÑл команды clear Ð´Ð»Ñ ÑƒÐ´Ð°Ð»ÐµÐ½Ð¸Ñ ÑƒÐ¶Ðµ ÑущеÑтвующих ACL и NAT команд + + + Optimize 'default nat' rules + Оптимизировать правила default nat + + + In nat rules where network zone object is used in OSrc, ODst and OSrv are 'any' and TSrc defines a global pool for the translation, replace object in OSrc with 'any' to produce PIX command "nat (interface) N 0.0.0.0 0.0.0.0" + Ð’ правилах Ñетевой транÑлÑции адреÑов, когда объект ÑÐµÑ‚ÐµÐ²Ð°Ñ Ð·Ð¾Ð½Ð° иÑпользуетÑÑ Ð² OSrc, ODst и OSrv ÑвлÑетÑÑ Ð»ÑŽÐ±Ñ‹Ð¼ и TSrc определÑет глобальный пул Ð´Ð»Ñ Ñ‚Ñ€Ð°ÑлÑции, заменÑÑ‚ÑŒ объект в OSrc на любой Ð´Ð»Ñ Ñ„Ð¾Ñ€Ð¼Ð¸Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ñ‹ PIX "nat (interface) N 0.0.0.0 0.0.0.0" + + + Ignore empty groups in rules + Игнорировать пуÑтые группы в правилах + + + If the option is deactivated, compiler treats empty groups as an error and aborts processing the policy. If this option is activated, compiler removes all empty groups from all rule elements. If rule element becomes 'any' after the last empty group has been removed, the whole rule will be ignored. Use this option only if you fully understand how it works! + При выключении Ñтой опции компилÑтор будет воÑпринимать пуÑтые группы в наборе правил как ошибку, а при включении - будет удалÑÑ‚ÑŒ при компилÑции пуÑтые группы из вÑех правил. Во втором Ñлучае еÑли поÑле ÑƒÐ´Ð°Ð»ÐµÐ½Ð¸Ñ Ð³Ñ€ÑƒÐ¿Ð¿Ñ‹ правило окажетÑÑ Ð¿ÑƒÑтым в том меÑте, где была группа (окажетÑÑ Ñ Ð¿Ð¾Ð»ÐµÐ¼ любой), то такое правило будет игнорироватьÑÑ. ИÑпользуйте Ñту опцию очень внимательно и оÑторожно! + + + Detect rule shadowing in the policy + Ðаходить 'затенение' правил в наборе + + + Shadowing happens because a rule is a superset of a subsequent rule and any packets potentially matched by the subsequent rule have already been matched by the prior rule. + Затенение проиÑходит, когда одно правило идущее ранее делает одно или неÑколько Ñледующующих правил не рабочими. Это проиÑходит из-за того, что пакеты, которые должны попадать под уÑÐ»Ð¾Ð²Ð¸Ñ Ñледующих правил будут попадать под уÑловие первого правило. + + + Output file name (if left blank, the file name is constructed of the firewall object name and extension ".fw") + Ð˜Ð¼Ñ Ñ„Ð°Ð¹Ð»Ð° (по-умолчанию, еÑли пуÑтое, Ð¸Ð¼Ñ Ð±ÑƒÐ´ÐµÑ‚ ÑоÑтоÑÑ‚ÑŒ из Ð½Ð°Ð·Ð²Ð°Ð½Ð¸Ñ Ð¾Ð±ÑŠÐµÐºÑ‚Ð° межÑетевого Ñкрана и раÑÑˆÐ¸Ñ€ÐµÐ½Ð¸Ñ '.fw') + + + Installer + УÑтановщик + + + User name used to authenticate to the firewall (leave this empty if you use putty session): + Ð˜Ð¼Ñ Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ, иÑпользуемое Ð´Ð»Ñ Ð°ÑƒÑ‚ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ†Ð¸Ð¸ на межÑетевом Ñкране (не заполнÑйте, еÑли иÑпользуете putty ÑеÑÑию): + + + Command line options for the script: + Опции командной Ñтроки Ð´Ð»Ñ Ñкрипта: + + + Policy install script (using built-in installer if this field is blank): + Скрипт уÑтановки набора правил (не заполнÑйте Ð´Ð»Ñ Ð¸ÑÐ¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ Ð²Ñтроенного Ñкрипта уÑтановки): + + + Alternative name or address used to communicate with the firewall (also putty session name on Windows) + Ðльтернативный Ð°Ð´Ñ€ÐµÑ Ð¸Ð»Ð¸ Ð¸Ð¼Ñ Ð¼ÐµÐ¶Ñетевого Ñкрана Ð´Ð»Ñ ÑвÑзи Ñ Ð½Ð¸Ð¼ (в Windows поддерживаютÑÑ Ð½Ð°Ð·Ð²Ð°Ð½Ð¸Ñ ÑеÑÑий putty) + + + Prolog/Epilog + Prolog/Epilog + + + Edit + Редактировать + + + The following commands will be added verbatim on top of generated configuration + Следующие команду будут добавлены в начало генерируемого Ñкрипта конфигурации + + + The following commands will be added verbatim after generated configuration + Следующие команду будут добавлены в конец генерируемого Ñкрипта конфигурации + + + Timeouts + Таймауты + + + Set all to defaults.. + УÑтановить вÑÑ‘ в Ð·Ð½Ð°Ñ‡ÐµÐ½Ð¸Ñ Ð¿Ð¾-умолчанию. + + + xlate + xlate + + + conn + conn + + + udp + udp + + + rpc + rpc + + + h323 + h323 + + + sip + sip + + + sip&media + sip&media + + + unauth + unauth + + + telnet + telnet + + + ssh + ssh + + + ss + Ñекунд + + + mm + минут + + + hh + чаÑов + + + half-closed + полузакрытое + + + Inactivity + Inactivity + + + Absolute + Absolute + + + Fixup + Fixup + + + ctiqbe + ctiqbe + + + skip + пропуÑтить + + + enable + включить + + + disable + отключить + + + Computer Telephony Interface Quick Buffer Encoding (CTIQBE) protocol inspection module that supports NAT, PAT, and bi-directional NAT. + ИнÑÐ¿ÐµÐºÑ†Ð¸Ñ Ð¿Ñ€Ð¾Ñ‚Ð¾ÐºÐ¾Ð»Ð° Computer Telephony Interface Quick Buffer Encoding (CTIQBE). Поддерживает NAT, PAT и двунаправленный NAT. + + + port: + порт: + + + dns + dns + + + Based on this maximum-length configured by the user, the DNS fixup checks to see if the DNS packet length is within this limit. Every UDP DNS packet (request/response) undergoes the above check. + Ð£ÐºÐ°Ð·Ð°Ð½Ð½Ð°Ñ Ð¼Ð°ÑÐ¸Ð¼Ð°Ð»ÑŒÐ½Ð°Ñ Ð´Ð»Ð¸Ð½Ð°, определÑет макÑимальный размер DNS пакета. Любой UDP DNS пакет будет проверÑÑ‚ÑŒÑÑ Ð½Ð° Ñто уÑловие иÑправлением DNS. + + + max length: + макÑÐ¸Ð¼Ð°Ð»ÑŒÐ½Ð°Ñ Ð´Ð»Ð¸Ð½Ð°: + + + esp ike + esp ike + + + Enables PAT for Encapsulating Security Payload (ESP), single tunnel. + Включить PAT Ð´Ð»Ñ Ð¾Ð´Ð½Ð¾Ð³Ð¾ Ñ‚ÑƒÐ½Ð½ÐµÐ»Ñ Encapsulating Security Payload (ESP). + + + ftp + ftp + + + strict: + strict: + + + Activated support for FTP protocol and allows to change the ftp control connection port number. + РаÑÑˆÐ¸Ñ€ÐµÐ½Ð½Ð°Ñ Ð¿Ð¾Ð´Ð´ÐµÑ€Ð¶ÐºÐ° FTP протокола, позволÑет изменÑÑ‚ÑŒ номер порта контролирующего ÑоединениÑ. + + + h323 h225 + h323 h225 + + + Specifies to use H.225, the ITU standard that governs H.225.0 session establishment and packetization, with H.323 + ИÑпользовать H.225 Ð´Ð»Ñ H.323 (H.225 - ITU Ñтандарт, который определÑет управление ÑеÑÑиÑми и пакетами H.225.0) + + + -- + -- + + + h323 ras + h323 ras + + + Specifies to use RAS with H.323 to enable dissimilar communication devices to communicate with each other. + ИÑпользовать RAS Ñ H.323 Ð´Ð»Ñ Ñ€Ð°Ð·Ñ€ÐµÑˆÐµÐ½Ð¸Ñ ÑвÑзи различных уÑтройÑтв друг Ñ Ð´Ñ€ÑƒÐ³Ð¾Ð¼. + + + http + http + + + The default port for HTTP is 80. Use the port option to change the HTTP port, or specify a range of HTTP ports. + Портом по-умолчанию Ð´Ð»Ñ Ð¿Ñ€Ð¾Ñ‚Ð¾ÐºÐ¾Ð»Ð° HTTP ÑвлÑетÑÑ 80. ИÑпользуйте опцию порт Ð´Ð»Ñ Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ Ð¿Ð¾Ñ€Ñ‚Ð° HTTP или ÑƒÐºÐ°Ð·Ð°Ð½Ð¸Ñ Ð´Ð¸Ð°Ð¿Ð°Ð·Ð¾Ð½Ð° HTTP портов. + + + icmp error + ошибка icmp + + + Enables NAT of ICMP error messages. This creates translations for intermediate hops based on the static or network address translation configuration on the firewall. + Включить NAT Ð´Ð»Ñ ICMP Ñообщений об ошибках. ÐšÐ¾Ð½Ñ„Ð¸Ð³ÑƒÑ€Ð°Ñ†Ð¸Ñ ÑоздаетÑÑ Ð¸ÑÑ…Ð¾Ð´Ñ Ð¸Ð· уже заданных Ñетевых транÑлÑций адреÑов Ð´Ð»Ñ Ð¼ÐµÐ¶Ñетевого Ñкрана. + + + ils + ils + + + Provides NAT support for Microsoft NetMeeting, SiteServer, and Active Directory products that use LightWeight Directory Access Protocol (LDAP) to exchange directory information with an for Internet Locator Service (ILS) server. + Включить NAT Ð´Ð»Ñ Ð¿Ñ€Ð¾Ð´ÑƒÐºÑ‚Ð¾Ð² Microsoft NetMeeting, SiteServer и Active Directory, которые иÑпользуют LightWeight Directory Access Protocol (LDAP) Ð´Ð»Ñ Ð¾Ð±Ð¼ÐµÐ½Ð° информацией Ñо Ñлужбой каталога Ñ/Ð´Ð»Ñ Ñервера Internet Locator Service (ILS). + + + mgcp + mgcp + + + Enables the Media Gateway Control Protocol (MGCP) fixup. + Включить иÑправление Ð´Ð»Ñ Media Gateway Control Protocol (MGCP). + + + Gateway Port: + Порт маршрутизатора: + + + Call Agent port: + Порт вызывающего агента: + + + pptp + pptp + + + Enables Point-to-Point Tunneling Protocol (PPTP) application inspection. + Включить инÑпекцию Ñоединений PPTP на уровне приложений OSI. + + + rsh + rsh + + + Enables inspection of RSH protocol. + Включить инÑпекцию Ñоединений по протоколу RSH. + + + rtsp + rtsp + + + Lets PIX Firewall pass Real Time Streaming Protocol (RTSP) packets. RTSP is used by RealAudio, RealNetworks, Apple QuickTime 4, RealPlayer, and Cisco IP/TV connections. + Разрешить прохождение пакетов протоколов Real Time Streaming Protocol (RTSP). RTSP иÑпользуетÑÑ Ð´Ð»Ñ Ñоединений RealAudio, RealNetworks, Apple QuickTime 4, RealPlayer, и Cisco IP/TV. + + + Enable or change the port assignment for the Session Initiation Protocol (SIP) for Voice over IP TCP connections. + Включить или изменить назначение порта Ð´Ð»Ñ Session Initiation Protocol (SIP) Ð´Ð»Ñ TCP Ñоединений VoIP. + + + sip udp + sip udp + + + Enable SIP-over-UDP application inspection. + Включить SIP-over-UDP инÑпекцию на уровне приложений. + + + skinny + skinny + + + Enable SCCP application inspection. SCCP protocol supports IP telephony and can coexist in an H.323 environment. An application layer ensures that all SCCP signaling and media packets can traverse the PIX Firewall and interoperate with H.323 terminals. + Включить SCCP инÑпекцию на уровне приложений. SCCP протокол поддерживает IP телефонию и может ÑоÑущеÑтвовать Ñ Ð¸Ð¼ÐµÑŽÑ‰ÐµÐ¹ÑÑ Ñредой H.323. Ðа уровне приложений проверÑетÑÑ, что управлÑющие и пакеты данных SCCP могут проходить через PIX и взаимодейÑтвовать Ñ H.323 терминалами. + + + smtp + smtp + + + Enables the Mail Guard feature, which only lets mail servers receive the RFC 821, section 4.5.1, commands of HELO, MAIL, RCPT, DATA, RSET, NOOP, and QUIT. All other commands are translated into X's which are rejected by the internal server. + Включить режим Mail Guard, который разрешает почтовым Ñерверам получать только команды, определенные в RFC821, Ñекции 4.5.1: HELO, MAIL, RCPT, DATA, RSET, NOOP и QUIT. Ð’Ñе другие команды транÑлируютÑÑ Ð½Ð° внутренний Ñервер PIX, который их блокирует. + + + sqlnet + sqlnet + + + Enables support for SQL*Net protocol. + Включить поддержку протокола SQL *Net. + + + tftp + tftp + + + Enable TFTP application inspection. + Включить инÑпекцию на уровне приложений Ð´Ð»Ñ Ð¿Ñ€Ð¾Ñ‚Ð¾ÐºÐ¾Ð»Ð° TFTP. + + + Generated fixup commands: + Генерировать команды-иÑправлениÑ: + + + Enable all protocols + Включить вÑе протоколы + + + Skip all protocols + ПропуÑтить вÑе протоколы + + + Disable all protocols + Отключить вÑе протоколы + + + Logging + ЗапиÑÑŒ в журнал (протоколирование) + + + Syslog + Syslog + + + Syslog host (name or IP address): + Ð˜Ð¼Ñ ÑƒÐ·Ð»Ð° syslog (Ð¸Ð¼Ñ Ð¸Ð»Ð¸ IP-адреÑ): + + + syslog facility: + syslog facility: + + + syslog level ('logging trap'): + syslog level (logging trap): + + + Syslog message queue size (messages): + Размер очереди Ñообщений syslog (кол-во Ñообщений): + + + Use 'EMBLEM' format for syslog messages + ИÑпользовать формат EMBLEM Ð´Ð»Ñ Ñообщений syslog + + + PIX Firewall Version 6.3 introduces support for EMBLEM format, which is required when using the CiscoWorks Resource Manager Essentials (RME) syslog analyzer. + ÐÐ°Ñ‡Ð¸Ð½Ð°Ñ Ñ Ð²ÐµÑ€Ñии 6.3 межÑетевого Ñкрана PIX добавлена поддержка формата EMBLEM, который требуетÑÑ Ð´Ð»Ñ Ð¸ÑÐ¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ Ð°Ð½Ð°Ð»Ð¸Ð·Ð°Ñ‚Ð¾Ñ€Ð° syslog из CiscoWorks Resource Manager Essentials (RME). + + + Set device id for syslog messages (v6.3 and later): + УÑтановить идентификатор Ð´Ð»Ñ Ñообщений syslog (Ð´Ð»Ñ PIX верÑий 6.3 и выше): + + + use address of interface + иÑпользовать Ð°Ð´Ñ€ÐµÑ Ð´Ð»Ñ Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñа + + + use text string + иÑпользовать тектовую Ñтроку + + + use hostname + иÑпользовать Ð¸Ð¼Ñ ÑƒÐ·Ð»Ð° + + + The logging timestamp command requires that the clock command be set. + Команда запиÑи в журнал времени Ð¿Ñ€Ð¾Ñ‚ÐºÐ¾Ð»Ð¸Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ Ñ‚Ñ€ÐµÐ±ÑƒÐµÑ‚ уÑтановки команды clock. + + + Enable logging timestamps on syslog file + Включить запиÑÑŒ в файл журнала syslog времени Ð¿Ñ€Ð¾Ñ‚Ð¾ÐºÐ¾Ð»Ð¸Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ + + + Other logging destinations and levels: + Другие Ð½Ð°Ð·Ð½Ð°Ñ‡ÐµÐ½Ð¸Ñ Ð¿Ñ€Ð¾Ñ‚Ð¾ÐºÐ¾Ð»Ð¸Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ Ð¸ уровни: + + + Internal buffer + Внутренний буфер + + + Console + КонÑоль + + + PIX Options + Опции PIX + + + Actively reset inbound TCP connections with RST + Ðктивно ÑбраÑывать входÑщие TCP ÑÐ¾ÐµÐ´Ð¸Ð½ÐµÐ½Ð¸Ñ Ð¿Ñ€Ð¸ помощи RST + + + Actively reset inbound TCP connections with RST on outside interface + Ðктивно ÑбраÑывать входÑщие TCP ÑÐ¾ÐµÐ´Ð¸Ð½ÐµÐ½Ð¸Ñ Ð¿Ñ€Ð¸ помощи RST на внешнем интерфейÑе + + + Force each TCP connection to linger in a shortened TIME&WAIT + УÑтановить каждое TCP Ñоединение в медленное ÑоÑтоÑние TIME&WAIT + + + Alt+W + Alt+W + + + Enable the IP Frag Guard feature (deprecated in v6.3 and later). + Включить IP Frag Guard (запрещено в PIX верÑии 6.3 и выше). + + + Enable TCP resource control for AAA Authentication Proxy + Включить контроль TCP реÑурÑов Ð´Ð»Ñ AAA аутентифицирующего прокÑи + + + Specify that when an incoming packet does a route lookup, +the incoming interface is used to determine which interface +the packet should go to, and which is the next hop +(deprecated in v6.3 and later). + Указывает, что когда Ð´Ð»Ñ Ð²Ñ…Ð¾Ð´Ñщего пакета принимаетÑÑ +решение о его маршрутизации, тогда входÑщий Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ +иÑпользуетÑÑ Ð´Ð»Ñ Ð¾Ð¿Ñ€ÐµÐ´ÐµÐ»ÐµÐ½Ð¸Ñ Ñ‡ÐµÑ€ÐµÐ· какой Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð¿Ð°ÐºÐµÑ‚ +должен идти дальше и какой маршрутизатор ÑвлÑетÑÑ Ñледующим +(запрещено в PIX верÑии 6.3 и выше). + + + Disable inbound embedded DNS A record fixups + Выключить иÑÐ¿Ñ€Ð°Ð²Ð»ÐµÐ½Ð¸Ñ Ð²Ñ…Ð¾Ð´Ñщих вложенных DNS A запиÑей + + + Disable outbound DNS A record replies + Выключить иÑходÑщие ответы Ñ DNS A запиÑÑми + + + maximum number of simultaneous TCP and UDP connections + макимальное чиÑло одновременных TCP и UDP Ñоединений + + + maximum number of embryonic connections per host + макимальное чиÑло порождаемых Ñоединений на узел + + + Specifies the maximum number of simultaneous TCP and UDP connections for the entire subnet. The default is 0, which means unlimited connections. (Idle connections are closed after the idle timeout specified by the timeout conn command.) + Указывает макÑимальное чиÑло одновременных TCP и UDP ÑÐ¾ÐµÐ´Ð¸Ð½ÐµÐ½Ð¸Ñ Ð´Ð»Ñ Ð²Ñей подÑети. По-умолчанию равно 0, что означает неограниченное чиÑло Ñоединений. (ПроÑтавивающие ÑÐ¾ÐµÐ´Ð¸Ð½ÐµÐ½Ð¸Ñ Ð·Ð°ÐºÑ€Ñ‹Ð²Ð°ÑŽÑ‚ÑÑ Ð¿Ð¾Ñле таймаута idle, указываемого в команде conn.) + + + Specifies the maximum number of embryonic connections per host. An embryonic connection is a connection request that has not finished the necessary handshake between source and destination. Set a small value for slower systems, and a higher value for faster systems. The default is 0, which means unlimited embryonic connections. + Указывает макÑимальное чиÑло порожденных Ñоединений Ð´Ð»Ñ ÑƒÐ·Ð»Ð°. По-умолчанию равно 0, что означает неограниченное чиÑло Ñоединений. Порожденным ÑвлÑетÑÑ Ñоединение, которое не было уÑтановлено (выполнен необходимый обмен пакетами между Ñторонами). УÑтановите маленькое значение Ð´Ð»Ñ Ð¼ÐµÐ´Ð»ÐµÐ½Ð½Ñ‹Ñ… ÑиÑтем и большое Ð´Ð»Ñ Ð±Ñ‹Ñтрых. + + + The following parameters are used for all NAT rules: + Следующие параметры иÑпользуютÑÑ Ð´Ð»Ñ Ð²Ñех правил NAT: + + + (The default for both parameters is 0, which means unlimited number of connections.) + (По-умолчанию оба параметра равны 0, что означает неограниченное чиÑло Ñоединений.) + + + Check for overlapping global +pools and statics + Проверка наложений глобальных +пулов и Ñтатики + + + Script Options + Опции Ñкрипта + + + Options + Опции + + + Access lists (requires Firewall Builder for PIX 1.1.6 and later) + СпиÑки доÑтупа (требуют Firewall Builder for PIX верÑии 1.1.6 и выше) + + + Clear all access lists then install new ones. This method may interrupt +access to the firewall if you manage it remotely via IPSEC tunnel. This +is the way access lists were generated in older versions of Firewall +Builder for PIX. + ОчиÑтить вÑе ÑпиÑки доÑтупа и уÑтановить новый. Этот метод может нарушить +доÑтуп к межÑетевому Ñкрану еÑли вы управлÑете им удаленно через IPSec, +он иÑпользовалÑÑ Ð² Ñтарых верÑиÑÑ… Firewall Builder for PIX. + + + Temporary access list should permit access from this address or subnet (use prefix notation to specify subnet, e.g. 192.0.2.0/24): + Временный ÑпиÑок доÑтупа должен разрешить доÑтуп Ñ ÑƒÐºÐ°Ð·Ð°Ð½Ð½Ð¾Ð³Ð¾ адреÑа узла или подÑети (иÑпользуйте нотацию Ñ Ð¿Ñ€ÐºÑ„Ð¸ÐºÐ¾Ñм Ð´Ð»Ñ ÑƒÐºÐ°Ð·Ð°Ð½Ð¸Ñ Ð¿Ð¾Ð´Ñети, например - 10.0.0.0/24): + + + "Safety net" method: + +First, create temporary access list to permit connections from the management +subnet specified below to the firewall and assign it to outside interface. This +temporary ACL helps maintain session between management station and +the firewall while access lists are reloaded in case connection comes over +IPSEC tunnel. Then clear permanent lists, recreate them and assign to +interfaces. This method ensures that remote access to the firewall is +maintained without interruption at a cost of slightly larger configuration. + "БезопаÑный метод": + +Сначала ÑоздаютÑÑ Ð²Ñ€ÐµÐ¼ÐµÐ½Ð½Ñ‹Ðµ ÑпиÑки доÑтупа Ð´Ð»Ñ Ñ€Ð°Ð·Ñ€ÐµÑˆÐµÐ½Ð¸Ñ Ñоединений +Ñ ÑƒÐ¿Ñ€Ð°Ð²Ð»Ñющего узла или подÑети, указанных ниже. Это необходимо Ð´Ð»Ñ +ÑÐ¾Ð·Ð´Ð°Ð½Ð¸Ñ Ð¸ Ð¿Ð¾Ð´Ð´ÐµÑ€Ð¶Ð°Ð½Ð¸Ñ Ð²Ñ€ÐµÐ¼ÐµÐ½Ð½Ð¾Ð³Ð¾ доÑтупа управлÑющей рабочей Ñтанции +к межÑетевому Ñкрану во Ð²Ñ€ÐµÐ¼Ñ ÑƒÑтановки набора правил (оÑобенно в Ñлучае, +еÑли управлÑющее Ñоединение идет через IPSec). ПоÑле уÑтановки набора +правил, временные ÑпиÑки доÑтупа удалÑÑŽÑ‚ÑÑ. Этот метод гарантирует +удаленный доÑтуп к межÑетевому Ñкрану без прерываний, за Ñчет немного +большего размера конфигурации. + + + Do not clear access lists and object group, just generate PIX commands +for the new ones. Use this optin if you have your own policy installation +scripts. + Ðе очищать ÑпиÑки доÑтупа и группы объектов, проÑто Ñгенерировать команды +PIX Ð´Ð»Ñ Ð½Ð¾Ð²Ñ‹Ñ… ÑпиÑков и групп. Эта Ð¾Ð¿Ñ†Ð¸Ñ Ð¿Ð¾Ð»ÐµÐ·Ð½Ð° при иÑпользовании Ñвоих +Ñкриптов уÑтановки набора правил. + + + External install script + Внешний Ñкрипт Ð´Ð»Ñ ÑƒÑтановки + + + Built-in installer + Ð’Ñтроенный уÑтановщик + + + Additional command line parameters for ssh + Дполнительные опции командной Ñтроки Ð´Ð»Ñ ssh + + + Use manual ACL commit on FWSM + ИÑпользовать ручное подтверждение ACL Ð´Ð»Ñ FWSM + + + Clear all access lists then install new ones. This method may interrupt access to the firewall if you manage it remotely via IPSEC tunnel. This is the way access lists were generated in older versions of Firewall Builder for PIX. + ОчиÑтить вÑе ÑпиÑки доÑтупа и уÑтановить новые. Этот метод может нарушить доÑтуп к межÑетевому Ñкрану еÑли вы управлÑете им удаленно через IPSec, он иÑпользовалÑÑ Ð² Ñтарых верÑиÑÑ… Firewall Builder for PIX. + + + Do not clear access lists and object group, just generate PIX commands for the new ones. Use this optin if you have your own policy installation scripts. + Ðе очищать ÑпиÑки доÑтупа и группы объектов, проÑто Ñгенерировать команды PIX Ð´Ð»Ñ Ð½Ð¾Ð²Ñ‹Ñ… ÑпиÑков и групп. Эта Ð¾Ð¿Ñ†Ð¸Ñ Ð¿Ð¾Ð»ÐµÐ·Ð½Ð° при иÑпользовании Ñвоих Ñкриптов уÑтановки набора правил. + + + "Safety net" method: + +First, create temporary access list to permit connections from the management subnet specified below to the firewall and assign it to outside interface. This temporary ACL helps maintain session between management station and the firewall while access lists are reloaded in case connection comes over IPSEC tunnel. Then clear permanent lists, recreate them and assign to interfaces. This method ensures that remote access to the firewall is maintained without interruption at a cost of slightly larger configuration. + "БезопаÑный метод": + +Сначала ÑоздаютÑÑ Ð²Ñ€ÐµÐ¼ÐµÐ½Ð½Ñ‹Ðµ ÑпиÑки доÑтупа Ð´Ð»Ñ Ñ€Ð°Ð·Ñ€ÐµÑˆÐµÐ½Ð¸Ñ Ñоединений Ñ ÑƒÐ¿Ñ€Ð°Ð²Ð»Ñющего узла или подÑети, указанных ниже. Это необходимо Ð´Ð»Ñ ÑÐ¾Ð·Ð´Ð°Ð½Ð¸Ñ Ð¸ Ð¿Ð¾Ð´Ð´ÐµÑ€Ð¶Ð°Ð½Ð¸Ñ Ð²Ñ€ÐµÐ¼ÐµÐ½Ð½Ð¾Ð³Ð¾ доÑтупа управлÑющей рабочей Ñтанции к межÑетевому Ñкрану во Ð²Ñ€ÐµÐ¼Ñ ÑƒÑтановки набора правил (оÑобенно в Ñлучае, еÑли управлÑющее Ñоединение идет через IPSec). ПоÑле уÑтановки набора +правил, временные ÑпиÑки доÑтупа удалÑÑŽÑ‚ÑÑ. Этот метод гарантирует удаленный доÑтуп к межÑетевому Ñкрану без прерываний, за Ñчет немного большего размера конфигурации. + + + Policy compiler generates 'fixup' commands for PIX v6.1-6.3 and FWSM v2.3. For PIX 7.0 it generates 'class-map' and 'inspect' commands assigned to the 'policy-map' under either default or custom inspection classes. + КомпилÑтор набора правил генерирует команды 'fixup' Ð´Ð»Ñ PIX верÑий 6.1-6.3 и FWSM верÑии 2.3, Ð´Ð»Ñ PIX верÑии 7.0 он генерирует команды 'class-map' и 'inspect' ÑвÑзанные Ñ 'policy-map' либо через Ñтандартные (по-умолчанию), либо через пользовательÑкие клаÑÑÑ‹ инÑпекций. + + + Display generated commands + Показывать генерируемые команды + + + Inspect + ИнÑпектировать + + + + pixosAdvancedDialog_q + + PIX Advanced Configuration Options + Раширенные наÑтройки конфигурации PIX + + + General + Общие + + + Set PIX host name using object's name + УÑтановить Ð¸Ð¼Ñ ÑƒÐ·Ð»Ð° межÑетевого Ñкрана PIX в название объекта + + + Generate commands to configure addresses for interfaces + Конфигурировать интерфейÑÑ‹ межÑетевого Ñкрана + + + NTP + NTP + + + NTP Servers: + NTP Ñерверы: + + + Server 1: + Сервер 1: + + + Server 2: + Сервер 2: + + + Server 3: + Сервер 3: + + + Preffered: + Предпочтительный: + + + IP address: + IP адреÑ: + + + SNMP + SNMP + + + Disable SNMP Agent + Отключить SNMP агента + + + Set SNMP communities using data from the firewall object dialog + УÑтановить SNMP Ñтроки community из диалога объекта межÑетевой Ñкран + + + SNMP servers + SNMP Ñерверы + + + Poll + Poll + + + Poll and Traps + Poll and Traps + + + Traps + Ловушки + + + Enable: + Включить: + + + SNMP Server 1: + SNMP Ñервер 1: + + + SNMP Server 2: + SNMP Ñервер 2: + + + Enable sending log messages as SNMP trap notifications + Включить протоколирование оповещением SNMP ловушек + + + Options + Опции + + + Change TCP MSS to + УÑтановить TCP MSS в + + + bytes + байт + + + OK + OK + + + Cancel + Отмена + + + + prefsDialog_q + + Preferences + ÐаÑтройки + + + &OK + OK + + + &Cancel + Отмена + + + General + Общие + + + Working directory: + Рабочий каталог: + + + Browse... + Выбрать... + + + On startup: + При запуÑке: + + + Load standard objects + Загрузить Ñтандартные объекты + + + Load last edited file + Загрузить поÑледний редактированный проект + + + Expand all branches in the object tree + РаÑкрыть вÑе дерево объектов + + + Tooltip delay: + Задержка вÑплывающей подÑказки: + + + Automatically save data in dialogs when switching between objects + ÐвтоматичеÑки ÑохранÑÑ‚ÑŒ данные в диалогах при переключении между объектами + + + Periodically save data to file every + ПериодичеÑки ÑохранÑÑ‚ÑŒ данные в файл, каждые + + + minutes + минут + + + Enable object tooltips + Включить вÑплывающие подÑказки Ð´Ð»Ñ Ð¾Ð±ÑŠÐµÐºÑ‚Ð¾Ð² + + + Show deleted objects + Показывать удаленные объекты + + + Revision Control + Управление верÑиÑми (ревизиÑми) + + + Do not ask for the log record when checking in new file revision. + Ð’Ñегда помещать файл в ÑиÑтему ÐºÐ¾Ð½Ñ‚Ñ€Ð¾Ð»Ñ Ð²ÐµÑ€Ñий Ñ Ð¿ÑƒÑтой запиÑью в журнал. + + + SSH + SSH + + + A full path to the Secure Copy utility (secure file copy; for example scp on Unix or pscp.exe or vcp.exe on Windows): + Полный путь к утилите SCP (например, scp Ð´Ð»Ñ Unix и pscp.exe или vcp.exe Ð´Ð»Ñ Windows): + + + A full path to the Secure Shell utility (remote command execution; for example ssh on Unix or plink.exe or vsh.exe on Windows): + Полный путь к утилите SSH (например, ssh Ð´Ð»Ñ Unix и plink.exe или vsh.exe Ð´Ð»Ñ Windows): + + + Libraries + Библиотеки + + + Add... + Добавить... + + + Remove + Удалить + + + If you remove libraries from the list, changes get in effect next time you start the program + При удалении библиотеки, Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ Ð²ÑтупÑÑ‚ в Ñилу поÑле перезапуÑка программы + + + Available libraries: + ДоÑтупные библиотеки: + + + Name + Ðазвание + + + Load + Загрузить + + + File Path + Путь к файлу + + + Labels + Метки + + + Use these labels to mark rules in the firewall policy + ИÑпользовать Ñти метки Ð´Ð»Ñ Ð¼Ð°Ñ€ÐºÐ¸Ñ€Ð¾Ð²ÐºÐ¸ правил в наборе + + + Green + Зеленый + + + Purple + Пурпурный + + + Red + КраÑный + + + Orange + Оранжевый + + + Blue + Синий + + + Gray + Серый + + + Yellow + Желтый + + + Data format + Формат данных + + + Do not save a copy of objects form add-on libraries in each data file + Ðе ÑохранÑÑ‚ÑŒ копии объктов из дополнительных библиотек в каждом проекте + + + This option is provisional and will change or disappear in future releases because we expect to make this a default behavior. + Это Ð²Ñ€ÐµÐ¼ÐµÐ½Ð½Ð°Ñ Ð¾Ð¿Ñ†Ð¸Ñ Ð¸ она может изменитьÑÑ Ð¸Ð»Ð¸ иÑчезнуть в Ñледующих верÑиÑÑ… программы (будет включена в них по-умолчанию). + + + Ask user what to do + СпроÑить, что делать дальше + + + + printingProgressDialog_q + + Printing + Идет печать + + + Cancel + Отмена + + + textLabel1 + textLabel1 + + + + solarisAdvancedDialog_q + + Solaris: advanced settings + Solaris: раÑширенные наÑтройки + + + &OK + OK + + + &Cancel + Отмена + + + Options + Опции + + + Ignore ICMP redirects + Игнорировать пакеты ICMP redirect + + + No change + Без изменений + + + On + Включить + + + Off + Выключить + + + Forward directed broadcasts + Маршрутизировать направленные широковещательные пакеты + + + Respond to echo broadcast + Отвечать на широковещательные ICMP ping пакеты + + + Packet forwarding + ÐœÐ°Ñ€ÑˆÑ€ÑƒÑ‚Ð¸Ð·Ð°Ñ†Ð¸Ñ Ð¿Ð°ÐºÐµÑ‚Ð¾Ð² + + + Forward source routed packets + Маршрутизировать пакеты Ñ Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ð¸Ð·Ð°Ñ†Ð¸ÐµÐ¹ иÑточника + + + Path + Путь + + + ipf: + ipf: + + + ipnat: + ipnat: + + + Specify directory path and a file name for the following utilities on the OS your firewall machine is running. Leave these empty if you want to use default values. + Укажите полный путь к перечиÑленным утилитам в операционной ÑиÑтеме Ñтого межÑетевого Ñкрана. Ð”Ð»Ñ Ð½ÐµÐ·Ð°Ð¿Ð¾Ð»Ð½ÐµÐ½Ð½Ñ‹Ñ… полей будут иÑпользованы Ð·Ð½Ð°Ñ‡ÐµÐ½Ð¸Ñ Ð¿Ð¾-умолчанию. + + + + startWizard_q + + Welcome to Firewall Builder + Добро пожаловать в программу Firewall Builder + + + <b>Firewall Builder 2.0.3</b> + <b>Firewall Builder 2.0.3</b> + + + Do you want to open existing project file or create a new one? + Хотите открыть ÑущеÑтвующий проект или Ñоздать новый? + + + Create new project file + Создать новый проект + + + Open existing file + Открыть ÑущеÑтвующий проект + + + File name: %1 + Ð˜Ð¼Ñ Ñ„Ð°Ð¹Ð»Ð°: %1 + + + Activate Revision Control System for this file +(if you do not do this now, you can always activate it later) + Ðктивизировать ÑиÑтему ÐºÐ¾Ð½Ñ‚Ñ€Ð¾Ð»Ñ Ð²ÐµÑ€Ñий Ð´Ð»Ñ Ñтого файла +(Ñто вÑегда можно Ñделать позже) + + + Let the program automatically open this file when I start it next time +(you can activate this option later using Preferences dialog) + Открывать Ñтот файл при Ñтарте программы +(Ñто вÑегда можно Ñделать позже) + + + <b>Firewall Builder 2.0.4</b> + <b>Firewall Builder 2.0.4</b> + + + <b>Firewall Builder 2.0.5</b> + <b>Firewall Builder 2.0.5</b> + + + <b>Firewall Builder N.N.N</b> + <b> Firewall Builder N.N.N</b> + + + diff --git a/po/sv.po b/po/sv.po new file mode 100644 index 000000000..1dbb8f9bd --- /dev/null +++ b/po/sv.po @@ -0,0 +1,7786 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR NetCitadel, LLC +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , YEAR. +# TRANSLATIONS +# +msgid "" +msgstr "" +"Project-Id-Version: fwbuilder 2.1.3\n" +"Report-Msgid-Bugs-To: vadim@fwbuilder.org\n" +"POT-Creation-Date: 2007-12-08 21:27-0800\n" +"PO-Revision-Date: 2005-12-13 18:05+0100\n" +"Last-Translator: Daniel Nylander \n" +"Language-Team: Swedish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#: src/gui/ActionsDialog.cpp:97 +msgid "" +"'Chabge inbound interface', 'Continue packet inspection' and 'Make a copy' " +"options are mutually exclusive" +msgstr "" + +#: src/gui/ActionsDialog.cpp:98 src/gui/ActionsDialog.cpp:123 +#: src/gui/AddressRangeDialog.cpp:108 src/gui/AddressRangeDialog.cpp:119 +#: src/gui/FirewallDialog.cpp:315 src/gui/FirewallDialog.cpp:340 +#: src/gui/FWWindow.cpp:724 src/gui/FWWindow.cpp:733 src/gui/FWWindow.cpp:858 +#: src/gui/FWWindow.cpp:1082 src/gui/FWWindow.cpp:1095 +#: src/gui/FWWindow.cpp:1111 src/gui/FWWindow.cpp:1149 +#: src/gui/FWWindow.cpp:1155 src/gui/FWWindow.cpp:1224 +#: src/gui/FWWindow.cpp:1318 src/gui/FWWindow.cpp:1360 +#: src/gui/FWWindow.cpp:1383 src/gui/FWWindow.cpp:1456 +#: src/gui/FWWindow.cpp:1474 src/gui/FWWindow.cpp:1537 +#: src/gui/FWWindow.cpp:1549 src/gui/FWWindowPrint.cpp:923 +#: src/gui/instDialog.cpp:719 src/gui/instDialog.cpp:1462 +#: src/gui/instDialog.cpp:1580 src/gui/IPv4Dialog.cpp:146 +#: src/gui/IPv4Dialog.cpp:160 src/gui/listOfLibraries.cpp:148 +#: src/gui/listOfLibraries.cpp:188 src/gui/listOfLibraries.cpp:215 +#: src/gui/NetworkDialog.cpp:109 src/gui/NetworkDialog.cpp:120 +#: src/gui/RCS.cpp:499 src/gui/RCS.cpp:688 src/gui/RCS.cpp:701 +#: src/gui/RCS.cpp:718 src/gui/RCS.cpp:801 src/gui/utils.cpp:198 +msgid "&Continue" +msgstr "&Fortsätt" + +#: src/gui/ActionsDialog.cpp:122 +msgid "" +"Rule name for accounting is converted to the iptables\n" +"chain name and therefore may not contain white space\n" +"and special characters." +msgstr "" +"Regelnamnet för redovisning är konverterad till iptables\n" +"kedjenamn och kan därför inte innehÃ¥lla mellanslag och\n" +"specialtecken." + +#: src/gui/ActionsDialog.cpp:222 src/gui/ActionsDialog.cpp:223 +#: src/gui/.ui/actionsdialog_q.cpp:470 +msgid "Emulation is currently ON, rule will be terminating" +msgstr "" + +#: src/gui/ActionsDialog.cpp:226 src/gui/ActionsDialog.cpp:227 +msgid "Emulation is currently OFF, rule will be non-terminating" +msgstr "" + +#: src/gui/AddressRangeDialog.cpp:107 src/gui/AddressRangeDialog.cpp:118 +#: src/gui/IPv4Dialog.cpp:145 src/gui/NetworkDialog.cpp:108 +#, qt-format +msgid "Illegal IP address '%1'" +msgstr "Ogiltig IP-adress \"%1\"" + +#: src/gui/ColorLabelMenuItem.cpp:48 +msgid "no color" +msgstr "ingen färg" + +#: src/gui/CommentEditorPanel.cpp:75 src/gui/SimpleTextEditor.cpp:66 +msgid "Warning: loading from file discards current contents of the script." +msgstr "Varning: läsning frÃ¥n filen förkastar nuvarande innehÃ¥ll av skriptet." + +#: src/gui/CommentEditorPanel.cpp:80 +msgid "Choose file that contains PIX commands" +msgstr "Välj fil som innehÃ¥ller PIX-kommandon" + +#: src/gui/CommentEditorPanel.cpp:88 src/gui/DiscoveryDruid.cpp:791 +#: src/gui/SimpleTextEditor.cpp:79 +#, qt-format +msgid "Could not open file %1" +msgstr "Kunde inte öppna filen %1" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:157 +#: src/gui/FindWhereUsedWidget.cpp:171 src/gui/FWWindow.cpp:2115 +#: src/gui/FWWindowPrint.cpp:369 +msgid "NAT" +msgstr "NAT" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:160 +#: src/gui/FindWhereUsedWidget.cpp:174 src/gui/FWWindow.cpp:2087 +msgid "Policy" +msgstr "Policy" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:163 +#: src/gui/FindWhereUsedWidget.cpp:177 src/gui/FWWindow.cpp:2130 +#: src/gui/FWWindowPrint.cpp:396 src/gui/platforms.cpp:559 +#, fuzzy +msgid "Routing" +msgstr "Redovisning" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:166 +#: src/gui/FindWhereUsedWidget.cpp:180 +msgid "Unknown rule set" +msgstr "" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:168 +#: src/gui/FindWhereUsedWidget.cpp:182 +#, fuzzy, qt-format +msgid "/Rule%1" +msgstr "Regel %1" + +#: src/gui/ConfirmDeleteObjectDialog.cpp:182 +#: src/gui/FindWhereUsedWidget.cpp:196 +#, fuzzy +msgid "Type: " +msgstr "typ: " + +#: src/gui/ConfirmDeleteObjectDialog.cpp:203 +msgid "Not used anywhere" +msgstr "" + +#: src/gui/DialogFactory.cpp:158 src/gui/DialogFactory.cpp:181 +#, qt-format +msgid "Support module for %1 is not available" +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:616 +#, fuzzy +msgid "Hosts file parsing ..." +msgstr "Inställningar för Värd-OS ..." + +#: src/gui/DiscoveryDruid.cpp:625 +msgid "DNS zone transfer ..." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:635 +msgid "Network discovery using SNMP ..." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:645 +#, fuzzy +msgid "Import configuration from file ..." +msgstr "* Läser in konfiguration frÃ¥n filen %1" + +#: src/gui/DiscoveryDruid.cpp:790 src/gui/DiscoveryDruid.cpp:1675 +#: src/gui/DiscoveryDruid.cpp:1722 +#, fuzzy +msgid "Discovery error" +msgstr "icmp-fel" + +#: src/gui/DiscoveryDruid.cpp:1086 src/gui/DiscoveryDruid.cpp:1158 +#, fuzzy +msgid "Adding objects ..." +msgstr " objekt" + +#: src/gui/DiscoveryDruid.cpp:1086 src/gui/DiscoveryDruid.cpp:1159 +#: src/gui/DiscoveryDruid.cpp:1362 src/gui/DiscoveryDruid.cpp:1507 +#: src/gui/DiscoveryDruid.cpp:1549 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:111 +#: src/gui/.ui/filterdialog_q.cpp:154 src/gui/.ui/instoptionsdialog_q.cpp:286 +#: src/gui/.ui/libexport_q.cpp:113 src/gui/.ui/newgroupdialog_q.cpp:102 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1826 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:310 +#: src/gui/.ui/printingprogressdialog_q.cpp:74 +#: src/gui/.ui/simpleinteditor_q.cpp:89 src/gui/.ui/simpletexteditor_q.cpp:96 +msgid "Cancel" +msgstr "Avbryt" + +#: src/gui/DiscoveryDruid.cpp:1362 +#, fuzzy +msgid "Prepare objects ..." +msgstr "Objektträd" + +#: src/gui/DiscoveryDruid.cpp:1507 src/gui/DiscoveryDruid.cpp:1548 +msgid "Copying results ..." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:1838 +msgid "Incomlete network specification." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:1917 +#, fuzzy +msgid "Empty community string" +msgstr "SNMP-communitysträng för \"read\":" + +#: src/gui/DiscoveryDruid.cpp:2132 +msgid "" +"Firewall Builder can import Cisco IOS access lists from the router " +"configuration saved using 'show run' or any other command that saves running " +"config. The name of the created firewall object, all of its interfaces and " +"their addresses will be configured automatically if this information can be " +"found in the configuration file." +msgstr "" + +#: src/gui/DiscoveryDruid.cpp:2143 +msgid "" +"Firewall Builder can import iptables rules from a file in iptables-save " +"format. Firewall name and addresses of its interfaces need to be configured " +"manually because iptables-save file does not have this information. " +msgstr "" + +#: src/gui/execDialog.cpp:101 src/gui/instDialog.cpp:1436 +#: src/gui/instDialog.cpp:2110 +msgid "Error: Failed to start program" +msgstr "Fel: Misslyckades att starta program" + +#: src/gui/filePropDialog.cpp:62 +msgid "Opened read-only" +msgstr "Öppnade skrivskyddad" + +#: src/gui/filePropDialog.cpp:80 +#, qt-format +msgid "Revision %1" +msgstr "Revision %1" + +#: src/gui/FilterDialog.cpp:102 +#, fuzzy +msgid "Filter error" +msgstr "icmp-fel" + +#: src/gui/FilterDialog.cpp:102 +msgid "Invalid RegExp." +msgstr "" + +#: src/gui/FilterDialog.cpp:404 src/gui/GroupObjectDialog.cpp:144 +#: src/gui/.ui/findobjectwidget_q.cpp:203 +#: src/gui/.ui/newfirewalldialog_q.cpp:171 +#: src/gui/.ui/newfirewalldialog_q.cpp:322 +#: src/gui/.ui/newfirewalldialog_q.cpp:501 +#: src/gui/.ui/newfirewalldialog_q.cpp:523 src/gui/.ui/newhostdialog_q.cpp:187 +#: src/gui/.ui/newhostdialog_q.cpp:397 src/gui/.ui/prefsdialog_q.cpp:210 +#: src/gui/.ui/prefsdialog_q.cpp:391 +msgid "Name" +msgstr "Namn" + +#: src/gui/FilterDialog.cpp:405 src/gui/FWWindowPrint.cpp:94 +#: src/gui/.ui/discoverydruid_q.cpp:1021 src/gui/.ui/finddialog_q.cpp:134 +#: src/gui/.ui/findobjectwidget_q.cpp:204 src/gui/.ui/ipv4dialog_q.cpp:170 +#: src/gui/.ui/newfirewalldialog_q.cpp:173 +#: src/gui/.ui/newfirewalldialog_q.cpp:324 +#: src/gui/.ui/newfirewalldialog_q.cpp:503 +#: src/gui/.ui/newfirewalldialog_q.cpp:525 src/gui/.ui/newhostdialog_q.cpp:189 +#: src/gui/.ui/newhostdialog_q.cpp:399 +msgid "Address" +msgstr "Adress" + +#: src/gui/FilterDialog.cpp:408 +#, fuzzy +msgid "Contains" +msgstr "InnehÃ¥ll" + +#: src/gui/FilterDialog.cpp:409 +msgid "Is equal to" +msgstr "" + +#: src/gui/FilterDialog.cpp:410 +msgid "Starts with" +msgstr "" + +#: src/gui/FilterDialog.cpp:411 +#, fuzzy +msgid "Ends with" +msgstr "Redigera" + +#: src/gui/FilterDialog.cpp:412 +msgid "Matches Wildcard" +msgstr "" + +#: src/gui/FilterDialog.cpp:413 +msgid "Matches RegExp" +msgstr "" + +#: src/gui/findDialog.cpp:269 src/gui/FindObjectWidget.cpp:324 +msgid "Search hit the end of the object tree." +msgstr "Sökning träffade botten av objektträdet." + +#: src/gui/findDialog.cpp:270 src/gui/FindObjectWidget.cpp:317 +#: src/gui/FindObjectWidget.cpp:325 +msgid "&Continue at top" +msgstr "&Fortsätt pÃ¥ toppen" + +#: src/gui/findDialog.cpp:270 src/gui/FindObjectWidget.cpp:317 +#: src/gui/FindObjectWidget.cpp:325 +msgid "&Stop" +msgstr "&Stopp" + +#: src/gui/FindObjectWidget.cpp:316 +#, fuzzy +msgid "Search hit the end of the policy rules." +msgstr "Sökning träffade botten av objektträdet." + +#: src/gui/FindObjectWidget.cpp:354 +msgid "Search or Replace object ind't specified." +msgstr "" + +#: src/gui/FindObjectWidget.cpp:364 +msgid "Cannot replace object by itself." +msgstr "" + +#: src/gui/FindObjectWidget.cpp:372 +msgid "Search and Replace objects are incompatible." +msgstr "" + +#: src/gui/FindObjectWidget.cpp:466 +#, fuzzy, qt-format +msgid "Replaced %1 objects." +msgstr "Ersätt med detta objekt" + +#: src/gui/FindObjectWidget.cpp:585 +msgid "Policy of firewall '" +msgstr "" + +#: src/gui/FirewallDialog.cpp:314 src/gui/FirewallDialog.cpp:339 +#, qt-format +msgid "FWBuilder API error: %1" +msgstr "" + +#: src/gui/freebsdAdvancedDialog.cpp:62 src/gui/linksysAdvancedDialog.cpp:68 +#: src/gui/linux24AdvancedDialog.cpp:62 src/gui/macosxAdvancedDialog.cpp:62 +#: src/gui/openbsdAdvancedDialog.cpp:62 src/gui/solarisAdvancedDialog.cpp:62 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:195 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:199 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:203 +#: src/gui/.ui/linux24advanceddialog_q.cpp:371 +#: src/gui/.ui/linux24advanceddialog_q.cpp:375 +#: src/gui/.ui/linux24advanceddialog_q.cpp:379 +#: src/gui/.ui/linux24advanceddialog_q.cpp:383 +#: src/gui/.ui/linux24advanceddialog_q.cpp:387 +#: src/gui/.ui/linux24advanceddialog_q.cpp:391 +#: src/gui/.ui/linux24advanceddialog_q.cpp:395 +#: src/gui/.ui/linux24advanceddialog_q.cpp:399 +#: src/gui/.ui/linux24advanceddialog_q.cpp:403 +#: src/gui/.ui/linux24advanceddialog_q.cpp:418 +#: src/gui/.ui/linux24advanceddialog_q.cpp:422 +#: src/gui/.ui/linux24advanceddialog_q.cpp:426 +#: src/gui/.ui/linux24advanceddialog_q.cpp:430 +#: src/gui/.ui/linux24advanceddialog_q.cpp:434 +#: src/gui/.ui/linux24advanceddialog_q.cpp:438 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:172 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:176 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:180 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:180 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:184 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:189 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:193 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:189 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:195 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:199 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:204 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:208 +msgid "No change" +msgstr "Ingen ändring" + +#: src/gui/freebsdAdvancedDialog.cpp:65 src/gui/linksysAdvancedDialog.cpp:71 +#: src/gui/linux24AdvancedDialog.cpp:65 src/gui/macosxAdvancedDialog.cpp:65 +#: src/gui/openbsdAdvancedDialog.cpp:65 src/gui/solarisAdvancedDialog.cpp:65 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:196 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:200 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:204 +#: src/gui/.ui/linux24advanceddialog_q.cpp:372 +#: src/gui/.ui/linux24advanceddialog_q.cpp:376 +#: src/gui/.ui/linux24advanceddialog_q.cpp:380 +#: src/gui/.ui/linux24advanceddialog_q.cpp:384 +#: src/gui/.ui/linux24advanceddialog_q.cpp:388 +#: src/gui/.ui/linux24advanceddialog_q.cpp:392 +#: src/gui/.ui/linux24advanceddialog_q.cpp:396 +#: src/gui/.ui/linux24advanceddialog_q.cpp:400 +#: src/gui/.ui/linux24advanceddialog_q.cpp:404 +#: src/gui/.ui/linux24advanceddialog_q.cpp:419 +#: src/gui/.ui/linux24advanceddialog_q.cpp:423 +#: src/gui/.ui/linux24advanceddialog_q.cpp:427 +#: src/gui/.ui/linux24advanceddialog_q.cpp:431 +#: src/gui/.ui/linux24advanceddialog_q.cpp:435 +#: src/gui/.ui/linux24advanceddialog_q.cpp:439 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:173 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:177 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:181 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:181 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:185 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:190 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:194 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:190 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:196 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:200 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:205 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:209 +msgid "On" +msgstr "PÃ¥" + +#: src/gui/freebsdAdvancedDialog.cpp:68 src/gui/linksysAdvancedDialog.cpp:74 +#: src/gui/linux24AdvancedDialog.cpp:68 src/gui/macosxAdvancedDialog.cpp:68 +#: src/gui/openbsdAdvancedDialog.cpp:68 src/gui/solarisAdvancedDialog.cpp:68 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:197 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:201 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:205 +#: src/gui/.ui/linux24advanceddialog_q.cpp:373 +#: src/gui/.ui/linux24advanceddialog_q.cpp:377 +#: src/gui/.ui/linux24advanceddialog_q.cpp:381 +#: src/gui/.ui/linux24advanceddialog_q.cpp:385 +#: src/gui/.ui/linux24advanceddialog_q.cpp:389 +#: src/gui/.ui/linux24advanceddialog_q.cpp:393 +#: src/gui/.ui/linux24advanceddialog_q.cpp:397 +#: src/gui/.ui/linux24advanceddialog_q.cpp:401 +#: src/gui/.ui/linux24advanceddialog_q.cpp:405 +#: src/gui/.ui/linux24advanceddialog_q.cpp:420 +#: src/gui/.ui/linux24advanceddialog_q.cpp:424 +#: src/gui/.ui/linux24advanceddialog_q.cpp:428 +#: src/gui/.ui/linux24advanceddialog_q.cpp:432 +#: src/gui/.ui/linux24advanceddialog_q.cpp:436 +#: src/gui/.ui/linux24advanceddialog_q.cpp:440 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:174 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:178 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:182 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:182 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:186 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:191 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:195 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:191 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:197 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:201 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:206 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:210 +msgid "Off" +msgstr "Av" + +#: src/gui/FWBSettings.cpp:150 +#, qt-format +msgid "" +"Working directory %1 does not exist and could not be created.\n" +"Ignoring this setting." +msgstr "" +"Arbetskatalogen %1 existerar inte och kunde inte skapas.\n" +"Ignorerar denna inställning." + +#: src/gui/FWBTree.cpp:399 +msgid "New Library" +msgstr "Nytt bibliotek" + +#: src/gui/FWObjectDropArea.cpp:103 +#, fuzzy +msgid "Drop object here." +msgstr "Objektgrupper" + +#: src/gui/FWObjectDropArea.cpp:141 src/gui/GroupObjectDialog.cpp:682 +#: src/gui/ObjectManipulator.cpp:916 src/gui/RuleSetView.cpp:1666 +#: src/gui/.ui/FWBMainWindow_q.cpp:476 +msgid "Paste" +msgstr "Klistra in" + +#: src/gui/FWObjectDropArea.cpp:143 src/gui/GroupObjectDialog.cpp:683 +#: src/gui/ObjConflictResolutionDialog.cpp:118 +#: src/gui/ObjConflictResolutionDialog.cpp:142 +#: src/gui/ObjectManipulator.cpp:921 src/gui/RuleSetView.cpp:1669 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:110 +#: src/gui/.ui/FWBMainWindow_q.cpp:542 src/gui/.ui/FWBMainWindow_q.cpp:543 +#: src/gui/.ui/newfirewalldialog_q.cpp:508 src/gui/.ui/newhostdialog_q.cpp:409 +msgid "Delete" +msgstr "Ta bort" + +#: src/gui/FWObjectPropertiesFactory.cpp:102 +msgid "DNS record: " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:106 +#, fuzzy +msgid "Address Table: " +msgstr "Adressrymd" + +#: src/gui/FWObjectPropertiesFactory.cpp:157 +msgid " objects" +msgstr " objekt" + +#: src/gui/FWObjectPropertiesFactory.cpp:173 +#, qt-format +msgid "protocol: %1" +msgstr "protokoll: %1" + +#: src/gui/FWObjectPropertiesFactory.cpp:177 +#, qt-format +msgid "type: %1" +msgstr "typ: %1" + +#: src/gui/FWObjectPropertiesFactory.cpp:179 +#, qt-format +msgid "code: %1" +msgstr "kod: %1" + +#: src/gui/FWObjectPropertiesFactory.cpp:238 +msgid "Library: " +msgstr "Bibliotek: " + +#: src/gui/FWObjectPropertiesFactory.cpp:243 +msgid "Object Id: " +msgstr "Objekt-ID: " + +#: src/gui/FWObjectPropertiesFactory.cpp:248 +msgid "Object Type: " +msgstr "Objekttyp: " + +#: src/gui/FWObjectPropertiesFactory.cpp:252 +msgid "Object Name: " +msgstr "Objektnamn: " + +#: src/gui/FWObjectPropertiesFactory.cpp:274 +#, fuzzy +msgid "DNS record:" +msgstr "Objekt-ID: " + +#: src/gui/FWObjectPropertiesFactory.cpp:277 +#: src/gui/FWObjectPropertiesFactory.cpp:285 +#, fuzzy +msgid "Run-time" +msgstr "Tid" + +#: src/gui/FWObjectPropertiesFactory.cpp:277 +#: src/gui/FWObjectPropertiesFactory.cpp:285 +#, fuzzy +msgid "Compile-time" +msgstr "Bygg" + +#: src/gui/FWObjectPropertiesFactory.cpp:282 +#, fuzzy +msgid "Table file:" +msgstr "Objektnamn: " + +#: src/gui/FWObjectPropertiesFactory.cpp:320 +#, qt-format +msgid "%1 objects
    \n" +msgstr "%1 objekt
    \n" + +#: src/gui/FWObjectPropertiesFactory.cpp:385 +#, fuzzy +msgid "Path: " +msgstr "Bibliotek: " + +#: src/gui/FWObjectPropertiesFactory.cpp:444 +msgid "protocol " +msgstr "protokoll " + +#: src/gui/FWObjectPropertiesFactory.cpp:449 +msgid "type: " +msgstr "typ: " + +#: src/gui/FWObjectPropertiesFactory.cpp:451 +msgid "code: " +msgstr "kod: " + +#: src/gui/FWObjectPropertiesFactory.cpp:471 +#, qt-format +msgid "Pattern: \"%1\"" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:605 +#, fuzzy +msgid "Action : " +msgstr "Objekt-ID: " + +#: src/gui/FWObjectPropertiesFactory.cpp:608 +#, fuzzy +msgid "Parameter: " +msgstr "Bibliotek: " + +#: src/gui/FWObjectPropertiesFactory.cpp:631 +#, fuzzy +msgid "Log prefix : " +msgstr "Loggprefix:" + +#: src/gui/FWObjectPropertiesFactory.cpp:637 +msgid "Log Level : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:644 +#, fuzzy +msgid "Netlink group : " +msgstr "Objekttyp: " + +#: src/gui/FWObjectPropertiesFactory.cpp:650 +#, fuzzy +msgid "Limit Value : " +msgstr "Bibliotek: " + +#: src/gui/FWObjectPropertiesFactory.cpp:656 +msgid "Limit suffix : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:663 +#, fuzzy +msgid "Limit burst : " +msgstr "Bibliotek: " + +#: src/gui/FWObjectPropertiesFactory.cpp:670 +msgid "
  • Part of Any
    • " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:676 +#: src/gui/FWObjectPropertiesFactory.cpp:706 +#: src/gui/FWObjectPropertiesFactory.cpp:735 +#: src/gui/FWObjectPropertiesFactory.cpp:758 +msgid "
  • Stateless
    • " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:685 +#, fuzzy +msgid "Log facility: " +msgstr "Loggfacilitet:" + +#: src/gui/FWObjectPropertiesFactory.cpp:692 +#: src/gui/FWObjectPropertiesFactory.cpp:775 +#, fuzzy +msgid "Log level : " +msgstr "Loggprefix:" + +#: src/gui/FWObjectPropertiesFactory.cpp:700 +msgid "
  • Send 'unreachable'
    • " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:712 +#, fuzzy +msgid "
  • Keep information on fragmented packets
    • " +msgstr "" +"BehÃ¥ll information om fragmenterade\n" +"paket för att tillämpas pÃ¥ senare\n" +"fragment" + +#: src/gui/FWObjectPropertiesFactory.cpp:722 +#, fuzzy +msgid "Log prefix : " +msgstr "Loggprefix:" + +#: src/gui/FWObjectPropertiesFactory.cpp:728 +#, fuzzy +msgid "Max state : " +msgstr "Bibliotek: " + +#: src/gui/FWObjectPropertiesFactory.cpp:741 +msgid "
  • Source tracking
    • " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:744 +msgid "Max src nodes : " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:747 +#, fuzzy +msgid "Max src states: " +msgstr "Bibliotek: " + +#: src/gui/FWObjectPropertiesFactory.cpp:767 +#, qt-format +msgid "Ver:%1
    \n" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:781 +#, fuzzy +msgid "Log interval : " +msgstr "Bibliotek: " + +#: src/gui/FWObjectPropertiesFactory.cpp:788 +#, fuzzy +msgid "
  • Disable logging for this rule
    • " +msgstr "" +"stäng av all loggning\n" +"för denna regel" + +#: src/gui/FWObjectPropertiesFactory.cpp:820 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:159 +#, fuzzy +msgid "bitmask" +msgstr "Nätmask" + +#: src/gui/FWObjectPropertiesFactory.cpp:821 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:160 +#, fuzzy +msgid "random" +msgstr "Använd slumpmässigt ID" + +#: src/gui/FWObjectPropertiesFactory.cpp:822 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:161 +msgid "source-hash" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:823 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:162 +msgid "round-robin" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:825 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:163 +msgid "static-port" +msgstr "" + +#: src/gui/FWWindow.cpp:175 +msgid "No firewalls defined" +msgstr "Inga brandväggar definierade" + +#: src/gui/FWWindow.cpp:379 +msgid "" +"Some objects have been modified but not saved.\n" +"Do you want to save changes now ?" +msgstr "" +"Vissa objekt har modifierats men inte sparats.\n" +"Vill du spara ändringarna nu ?" + +#: src/gui/FWWindow.cpp:381 src/gui/ObjectEditor.cpp:466 +#: src/gui/.ui/FWBMainWindow_q.cpp:453 +msgid "&Save" +msgstr "&Spara" + +#: src/gui/FWWindow.cpp:381 src/gui/ObjectEditor.cpp:466 +#: src/gui/.ui/FWBMainWindow_q.cpp:556 +msgid "&Discard" +msgstr "&Kasta" + +#: src/gui/FWWindow.cpp:381 src/gui/FWWindow.cpp:680 src/gui/RCS.cpp:748 +#: src/gui/.ui/askrulenumberdialog_q.cpp:91 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:189 +#: src/gui/.ui/ipfadvanceddialog_q.cpp:549 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:353 +#: src/gui/.ui/iptadvanceddialog_q.cpp:601 +#: src/gui/.ui/linksysadvanceddialog_q.cpp:198 +#: src/gui/.ui/linux24advanceddialog_q.cpp:368 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:167 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:175 +#: src/gui/.ui/pagesetupdialog_q.cpp:110 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1002 src/gui/.ui/prefsdialog_q.cpp:366 +#: src/gui/.ui/rcsfilesavedialog_q.cpp:104 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:185 +msgid "&Cancel" +msgstr "&Avbryt" + +#: src/gui/FWWindow.cpp:436 +msgid "FWB Files (*.fwb);;All Files (*)" +msgstr "FWB-filer (*.fwb);;Alla filer (*)" + +#: src/gui/FWWindow.cpp:447 src/gui/FWWindow.cpp:1805 +#, qt-format +msgid "" +"The file %1 already exists.\n" +"Do you want to overwrite it ?" +msgstr "" +"Filen %1 existerar redan.\n" +"Vill du skriva över den ?" + +#: src/gui/FWWindow.cpp:449 src/gui/FWWindow.cpp:1807 +#: src/gui/ObjectManipulator.cpp:510 src/gui/ObjectManipulator.cpp:539 +#: src/gui/ObjectManipulator.cpp:1752 src/gui/ObjectManipulator.cpp:1828 +msgid "&Yes" +msgstr "&Ja" + +#: src/gui/FWWindow.cpp:449 src/gui/FWWindow.cpp:1807 +#: src/gui/ObjectManipulator.cpp:510 src/gui/ObjectManipulator.cpp:539 +#: src/gui/ObjectManipulator.cpp:1752 src/gui/ObjectManipulator.cpp:1828 +msgid "&No" +msgstr "&Nej" + +#: src/gui/FWWindow.cpp:483 src/gui/FWWindow.cpp:1086 +#: src/gui/StartWizard.cpp:99 +msgid "Choose name and location for the new file" +msgstr "Välj namn och plats för den nya filen" + +#: src/gui/FWWindow.cpp:585 +msgid "Saving data to file..." +msgstr "Sparar data till fil..." + +#: src/gui/FWWindow.cpp:617 +msgid "Choose name and location for the file" +msgstr "Välj namn och plats för filen" + +#: src/gui/FWWindow.cpp:674 +msgid "" +"This operation discards all changes that have been saved\n" +"into the file so far, closes it and replaces it with a clean\n" +"copy of its head revision from RCS.\n" +"\n" +"All changes will be lost if you do this.\n" +"\n" +msgstr "" +"Denna operation kastar alla ändringar som har blivit sparats\n" +"i filen än sÃ¥ länge, stänger den och ersätter den med en\n" +"tom kopia av dess huvudrevision frÃ¥n RCS.\n" +"\n" +"Alla ändringar kommer att förloras om du göra detta.\n" +"\n" + +#: src/gui/FWWindow.cpp:679 src/gui/ObjectEditor.cpp:439 +msgid "&Discard changes" +msgstr "Kasta än&dringar" + +#: src/gui/FWWindow.cpp:723 +#, qt-format +msgid "File %1 has been added to RCS." +msgstr "Filen %1 har lagts till i RCS." + +#: src/gui/FWWindow.cpp:732 src/gui/StartWizard.cpp:157 +#, qt-format +msgid "" +"Error adding file to RCS:\n" +"%1" +msgstr "" +"Fel vid tilläggning av fil till RCS:\n" +"%1" + +#: src/gui/FWWindow.cpp:739 src/gui/FWWindow.cpp:1124 +msgid "(read-only)" +msgstr "(skrivskyddad)" + +#: src/gui/FWWindow.cpp:798 src/gui/FWWindow.cpp:908 +#, fuzzy +msgid "Loading system objects..." +msgstr "Läs in standardobjekt" + +#: src/gui/FWWindow.cpp:857 src/gui/FWWindow.cpp:1148 +#: src/gui/FWWindow.cpp:1154 +#, qt-format +msgid "" +"Error loading file:\n" +"%1" +msgstr "" +"Fel vid läsning av fil:\n" +"%1" + +#: src/gui/FWWindow.cpp:916 +#, fuzzy +msgid "Reading and parsing data file..." +msgstr "Sparar data till fil..." + +#: src/gui/FWWindow.cpp:986 +msgid "Merging with system objects..." +msgstr "" + +#: src/gui/FWWindow.cpp:1080 +#, qt-format +msgid "" +"Firewall Builder 2 uses file extension '.fwb' and \n" +"needs to rename old data file '%1' to '%2',\n" +"but file '%3' already exists.\n" +"Choose a different name for the new file." +msgstr "" +"Firewall Builder 2 använder filändelsen \".fwb\" och\n" +"behöver byta namn pÃ¥ äldre datafilen \"%1\" till\n" +"\"%2\" men filen \"%3\" existerar redan.\n" +"Välj ett annat namn för den nya filen." + +#: src/gui/FWWindow.cpp:1094 +msgid "Load operation cancelled and data file reverted to original version." +msgstr "" +"Inläsning av operation avbröts och datafilen Ã¥tergick till originalversionen." + +#: src/gui/FWWindow.cpp:1109 +#, qt-format +msgid "" +"Firewall Builder 2 uses file extension '.fwb'. Your data file '%1' \n" +"has been renamed '%2'" +msgstr "" +"Firewall Builder 2 använder filändelsen \".fwb\". Din datafil \"%1\"\n" +"har bytt namn till \"%2\"." + +#: src/gui/FWWindow.cpp:1140 +#, qt-format +msgid "Exception: %1" +msgstr "Undantag: %1" + +#: src/gui/FWWindow.cpp:1142 +#, qt-format +msgid "Failed transformation : %1" +msgstr "" + +#: src/gui/FWWindow.cpp:1144 +#, qt-format +msgid "XML element : %1" +msgstr "XML-element : %1" + +#: src/gui/FWWindow.cpp:1167 +#, fuzzy +msgid "Building object tree..." +msgstr "Sök objekt i trädet" + +#: src/gui/FWWindow.cpp:1172 +#, fuzzy +msgid "Indexing..." +msgstr "&Index..." + +#: src/gui/FWWindow.cpp:1197 +#, qt-format +msgid "Checking file %1 in RCS" +msgstr "Checkar in filen %1 i RCS" + +#: src/gui/FWWindow.cpp:1222 +#, qt-format +msgid "" +"Error checking in file %1:\n" +"%2" +msgstr "" +"Fel vid incheckning av fil %1:\n" +"%2" + +#: src/gui/FWWindow.cpp:1310 src/gui/FWWindow.cpp:1750 +msgid "File is read-only" +msgstr "Filen är skrivskyddad" + +#: src/gui/FWWindow.cpp:1316 src/gui/FWWindow.cpp:1754 +#, qt-format +msgid "Error saving file %1: %2" +msgstr "Fel vid skrivning av fil %1: %2" + +#: src/gui/FWWindow.cpp:1359 src/gui/listOfLibraries.cpp:214 +#, qt-format +msgid "Duplicate library '%1'" +msgstr "Duplicera bibliotek \"%1\"" + +#: src/gui/FWWindow.cpp:1381 src/gui/FWWindow.cpp:1454 +#: src/gui/FWWindow.cpp:1472 src/gui/listOfLibraries.cpp:186 +#, qt-format +msgid "" +"Error loading file %1:\n" +"%2" +msgstr "" +"Fel vid inläsning av fil %1:\n" +"%2" + +#: src/gui/FWWindow.cpp:1395 +msgid "Choose a file to import" +msgstr "Välj en fil att importera" + +#: src/gui/FWWindow.cpp:1413 +msgid "" +"This operation inspects two data files (either .fwb or .fwl) and finds " +"conflicting objects. Conflicting objects have the same internal ID but " +"different attributes. Two data files can not be merged, or one imported into " +"another, if they contain such objects. This operation also helps identify " +"changes made to objects in two copies of the same data file.

    This " +"operation does not find objects present in one file but not in the other, " +"such objects present no problem for merge or import operations.

    This " +"operation works with two external files, neither of which needs to be opened " +"in the program. Currently opened data file is not affected by this operation " +"and objects in the tree do not change.

    Do you want to proceed ?" +msgstr "" + +#: src/gui/FWWindow.cpp:1426 +msgid "Choose the first file" +msgstr "" + +#: src/gui/FWWindow.cpp:1433 +#, fuzzy +msgid "Choose the second file" +msgstr "Kommentera koden" + +#: src/gui/FWWindow.cpp:1496 +#, qt-format +msgid "" +"Total number of conflicting objects: %1.\n" +"Do you want to generate report?" +msgstr "" + +#: src/gui/FWWindow.cpp:1509 +#, fuzzy +msgid "TXT Files (*.txt);;All Files (*)" +msgstr "FWB-filer (*.fwb);;Alla filer (*)" + +#: src/gui/FWWindow.cpp:1511 +#, fuzzy +msgid "Choose name and location for the report file" +msgstr "Välj namn och plats för den nya filen" + +#: src/gui/FWWindow.cpp:1536 +#, qt-format +msgid "Can not open report file for writing. File '%1'" +msgstr "" + +#: src/gui/FWWindow.cpp:1547 +#, qt-format +msgid "" +"Unexpected error comparing files %1 and %2:\n" +"%3" +msgstr "" + +#: src/gui/FWWindow.cpp:1664 +#, qt-format +msgid "" +"Library %1: Firewall '%2' (global policy rule #%3) uses object '%4' from " +"library '%5'" +msgstr "" +"Bibliotek %1: Brandvägg \"%2\" (global policyregel #%3) använder objekt \"%4" +"\" från bibliotek \"%5\"" + +#: src/gui/FWWindow.cpp:1673 +#, qt-format +msgid "" +"Library %1: Firewall '%2' (interface %3 policy rule #%4) uses object '%5' " +"from library '%6'" +msgstr "" +"Bibliotek %1: Brandvägg \"%2\" (nätverksgränssnitt %3 policyregel #%4) " +"använder objekt \"%5\" från bibliotek \"%6\"" + +#: src/gui/FWWindow.cpp:1684 +#, qt-format +msgid "" +"Library %1: Firewall '%2' (NAT rule #%3) uses object '%4' from library '%5'" +msgstr "" +"Bibliotek %1: Brandvägg \"%2\" (NAT-regel #%3) använder objekt \"%4\" från " +"bibliotek \"%5\"" + +#: src/gui/FWWindow.cpp:1694 +#, qt-format +msgid "Library %1: Group '%2' uses object '%3' from library '%4'" +msgstr "" +"Bibliotek %1: Grupp \"%2\" använder objekt \"%3\" från bibliotek \"%4\"" + +#: src/gui/FWWindow.cpp:1709 +msgid "" +"A library that you are trying to export contains references\n" +"to objects in the other libraries and can not be exported.\n" +"The following objects need to be moved outside of it or\n" +"objects that they refer to moved in it:" +msgstr "" +"Ett bibliotek som du försöker att exportera innehåller referenser\n" +"till objekt i äldre bibliotek och kan inte exporteras.\n" +"Följande objekt behöver flyttas ut från den eller\n" +"objekt som de refererar till flyttas in i det:" + +#: src/gui/FWWindow.cpp:1780 +msgid "Please select a library you want to export." +msgstr "Vänligen välj ett bibliotek du vill exportera." + +#: src/gui/FWWindow.cpp:1999 +#, qt-format +msgid "%1" +msgstr "" + +#: src/gui/FWWindow.cpp:2011 +#, qt-format +msgid "Building branch policy view '%1'..." +msgstr "" + +#: src/gui/FWWindow.cpp:2081 +msgid "Building policy view..." +msgstr "" + +#: src/gui/FWWindow.cpp:2110 +msgid "Building NAT view..." +msgstr "" + +#: src/gui/FWWindow.cpp:2125 +msgid "Building routing view..." +msgstr "" + +#: src/gui/FWWindowPrint.cpp:92 src/gui/.ui/discoverydruid_q.cpp:1023 +#: src/gui/.ui/firewalldialog_q.cpp:209 src/gui/.ui/firewalldialog_q.cpp:210 +#: src/gui/.ui/instdialog_q.cpp:83 src/gui/.ui/instdialog_q.cpp:135 +#: src/gui/.ui/instdialog_q.cpp:224 src/gui/.ui/instdialog_q.cpp:269 +#: src/gui/.ui/instdialog_q.cpp:279 src/gui/.ui/instdialog_q.cpp:289 +msgid "Firewall" +msgstr "Brandvägg" + +#: src/gui/FWWindowPrint.cpp:93 src/gui/.ui/discoverydruid_q.cpp:1022 +#: src/gui/.ui/hostdialog_q.cpp:144 src/gui/.ui/hostdialog_q.cpp:145 +msgid "Host" +msgstr "Värd" + +#: src/gui/FWWindowPrint.cpp:95 +msgid "Addres Range" +msgstr "Adressrymd" + +#: src/gui/FWWindowPrint.cpp:96 src/gui/RuleSetView.cpp:3315 +#: src/gui/RuleSetView.cpp:3565 src/gui/.ui/interfacedialog_q.cpp:231 +#: src/gui/.ui/interfacedialog_q.cpp:232 +msgid "Interface" +msgstr "Nätverksgränssnitt" + +#: src/gui/FWWindowPrint.cpp:97 src/gui/.ui/networkdialog_q.cpp:163 +#: src/gui/.ui/networkdialog_q.cpp:164 +msgid "Network" +msgstr "Nätverk" + +#: src/gui/FWWindowPrint.cpp:98 +msgid "Group of objects" +msgstr "Objektgrupper" + +#: src/gui/FWWindowPrint.cpp:99 src/gui/.ui/customservicedialog_q.cpp:177 +#: src/gui/.ui/customservicedialog_q.cpp:178 +msgid "Custom Service" +msgstr "Egendefinierad tjänst" + +#: src/gui/FWWindowPrint.cpp:100 src/gui/.ui/ipservicedialog_q.cpp:209 +msgid "IP Service" +msgstr "IP-tjänst" + +#: src/gui/FWWindowPrint.cpp:101 src/gui/.ui/icmpservicedialog_q.cpp:168 +msgid "ICMP Service" +msgstr "ICMP-tjänst" + +#: src/gui/FWWindowPrint.cpp:102 src/gui/.ui/tcpservicedialog_q.cpp:371 +msgid "TCP Service" +msgstr "TCP-tjänst" + +#: src/gui/FWWindowPrint.cpp:103 src/gui/.ui/udpservicedialog_q.cpp:222 +msgid "UDP Service" +msgstr "UDP-tjänst" + +#: src/gui/FWWindowPrint.cpp:104 +msgid "Group of services" +msgstr "Tjänstegrupper" + +#: src/gui/FWWindowPrint.cpp:105 src/gui/.ui/timedialog_q.cpp:242 +msgid "Time Interval" +msgstr "Tidsintervall" + +#: src/gui/FWWindowPrint.cpp:281 +#, qt-format +msgid "Firewall name: %1" +msgstr "Brandväggens namn: %1" + +#: src/gui/FWWindowPrint.cpp:282 +msgid "Platform: " +msgstr "Plattform: " + +#: src/gui/FWWindowPrint.cpp:283 +msgid "Version: " +msgstr "Version: " + +#: src/gui/FWWindowPrint.cpp:284 +msgid "Host OS: " +msgstr "Värd-OS: " + +#: src/gui/FWWindowPrint.cpp:290 +msgid "Global Policy" +msgstr "Global policy" + +#: src/gui/FWWindowPrint.cpp:341 +#, qt-format +msgid "Interface %1" +msgstr "Nätverksgränssnitt %1" + +#: src/gui/FWWindowPrint.cpp:541 +msgid "Legend" +msgstr "Förklaring" + +#: src/gui/FWWindowPrint.cpp:632 src/gui/.ui/discoverydruid_q.cpp:1015 +msgid "Objects" +msgstr "Objekt" + +#: src/gui/FWWindowPrint.cpp:854 +msgid "Groups" +msgstr "Grupper" + +#: src/gui/FWWindowPrint.cpp:897 +msgid "EMPTY" +msgstr "TOM" + +#: src/gui/FWWindowPrint.cpp:919 src/gui/FWWindowPrint.cpp:922 +#: src/gui/FWWindowPrint.cpp:930 +msgid "Printing aborted" +msgstr "Utskrift avbruten" + +#: src/gui/FWWindowPrint.cpp:926 +msgid "Printing completed" +msgstr "Utskrift klar" + +#: src/gui/GroupObjectDialog.cpp:145 +msgid "Properties" +msgstr "Egenskaper" + +#: src/gui/GroupObjectDialog.cpp:675 src/gui/.ui/FWBMainWindow_q.cpp:449 +#: src/gui/.ui/FWBMainWindow_q.cpp:493 src/gui/.ui/FWBMainWindow_q.cpp:494 +msgid "Open" +msgstr "Öppna" + +#: src/gui/GroupObjectDialog.cpp:677 src/gui/ObjectManipulator.cpp:840 +#: src/gui/RuleSetView.cpp:1660 src/gui/RuleSetView.cpp:1789 +#: src/gui/RuleSetView.cpp:1793 src/gui/RuleSetView.cpp:1797 +#: src/gui/.ui/ipfadvanceddialog_q.cpp:593 +#: src/gui/.ui/ipfadvanceddialog_q.cpp:597 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:379 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:383 +#: src/gui/.ui/iptadvanceddialog_q.cpp:635 +#: src/gui/.ui/iptadvanceddialog_q.cpp:641 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1107 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1111 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1882 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1886 +msgid "Edit" +msgstr "Redigera" + +#: src/gui/GroupObjectDialog.cpp:680 src/gui/ObjectManipulator.cpp:912 +#: src/gui/RuleSetView.cpp:1663 src/gui/.ui/FWBMainWindow_q.cpp:473 +msgid "Copy" +msgstr "Kopiera" + +#: src/gui/GroupObjectDialog.cpp:681 src/gui/ObjectManipulator.cpp:914 +#: src/gui/RuleSetView.cpp:1665 src/gui/.ui/FWBMainWindow_q.cpp:470 +msgid "Cut" +msgstr "Klipp ut" + +#: src/gui/InstallFirewallViewItem.cpp:31 src/gui/instDialog.cpp:1893 +#: src/gui/instDialog.cpp:2045 src/gui/instDialog.cpp:2253 +#: src/gui/instDialog.cpp:2272 src/gui/instDialog.cpp:2286 +#: src/gui/instDialog.cpp:2298 +#, fuzzy +msgid "Failure" +msgstr "&Fil" + +#: src/gui/InstallFirewallViewItem.cpp:44 src/gui/instDialog.cpp:1149 +#: src/gui/instDialog.cpp:1150 src/gui/instDialog.cpp:1818 +#: src/gui/instDialog.cpp:1847 src/gui/instDialog.cpp:1848 +#, fuzzy +msgid "Success" +msgstr "Källa" + +#: src/gui/instBatchOptionsDialog.cpp:47 +msgid "Batch install options" +msgstr "" + +#: src/gui/instDialog.cpp:116 +msgid "There is no firewalls to process." +msgstr "" + +#: src/gui/instDialog.cpp:131 +msgid "" +"

    Select firewalls for compilation.

    " +msgstr "" + +#: src/gui/instDialog.cpp:145 +msgid "Unknown operation." +msgstr "" + +#: src/gui/instDialog.cpp:176 +msgid "Show details" +msgstr "" + +#: src/gui/instDialog.cpp:182 +msgid "Hide details" +msgstr "" + +#: src/gui/instDialog.cpp:286 +msgid "Unsupported exception" +msgstr "Undantag stöds ej" + +#: src/gui/instDialog.cpp:326 +msgid "Summary:" +msgstr "Sammandrag:" + +#: src/gui/instDialog.cpp:329 src/gui/instDialog.cpp:359 +#, qt-format +msgid "* firewall name : %1" +msgstr "* brandväggens namn : %1" + +#: src/gui/instDialog.cpp:331 +#, qt-format +msgid "* user name : %1" +msgstr "* användarnamn : %1" + +#: src/gui/instDialog.cpp:333 +#, qt-format +msgid "* management address : %1" +msgstr "* administrationsadress : %1" + +#: src/gui/instDialog.cpp:335 +#, qt-format +msgid "* platform : %1" +msgstr "* plattform : %1" + +#: src/gui/instDialog.cpp:337 +#, qt-format +msgid "* host OS : %1" +msgstr "* värd-OS : %1" + +#: src/gui/instDialog.cpp:339 +#, qt-format +msgid "* Loading configuration from file %1" +msgstr "* Läser in konfiguration från filen %1" + +#: src/gui/instDialog.cpp:344 +msgid "* Incremental install" +msgstr "* Inkrementell installation" + +#: src/gui/instDialog.cpp:349 +#, qt-format +msgid "* Configuration diff will be saved in file %1" +msgstr "* Konfigurationsskillnad kommer att sparas i filen %1" + +#: src/gui/instDialog.cpp:354 +msgid "* Commands will not be executed on the firewall" +msgstr "* Kommandon kommer inte att startas på brandväggen" + +#: src/gui/instDialog.cpp:656 +#, qt-format +msgid "" +"Only one interface of the firewall '%1' must be marked as management " +"interface." +msgstr "" +"Endast ett nätverksgränssnitt på brandväggen \"%1\" kan markeras som " +"administrationsgränssnitt." + +#: src/gui/instDialog.cpp:663 +#, qt-format +msgid "" +"One of the interfaces of the firewall '%1' must be marked as management " +"interface." +msgstr "" +"Ett av de nätverksgränssnitt på brandväggen \"%1\" måste markeras som " +"administrationsgränssnitt." + +#: src/gui/instDialog.cpp:670 +msgid "" +"Management interface does not have IP address, can not communicate with the " +"firewall." +msgstr "" +"Nätverksgränssnittet för administration har ingen IP-adress, kan inte " +"kommunicera med brandväggen." + +#: src/gui/instDialog.cpp:718 +#, qt-format +msgid "File %1 not found." +msgstr "Filen %1 hittades inte." + +#: src/gui/instDialog.cpp:1002 src/gui/SSHPIX.cpp:347 +#, qt-format +msgid "Can not open file %1" +msgstr "Kan inte öppna filen %1" + +#: src/gui/instDialog.cpp:1105 +#, qt-format +msgid "" +"\n" +"Copying %1 -> %2:%3\n" +msgstr "" +"\n" +"Kopierar %1 -> %2:%3\n" + +#: src/gui/instDialog.cpp:1139 +#, qt-format +msgid "" +"Running command '%1'\n" +"\n" +msgstr "" +"Kör kommando \"%1\"\n" +"\n" + +#: src/gui/instDialog.cpp:1154 src/gui/instDialog.cpp:1155 +#: src/gui/instDialog.cpp:1823 src/gui/instDialog.cpp:1859 +#: src/gui/instDialog.cpp:1860 +#, fuzzy +msgid "Error" +msgstr "error" + +#: src/gui/instDialog.cpp:1177 +#, fuzzy +msgid "Fatal error, terminating install sequence\n" +msgstr "FEL: Avslutar installationssekvens\n" + +#: src/gui/instDialog.cpp:1190 +msgid "Done\n" +msgstr "Klar\n" + +#: src/gui/instDialog.cpp:1253 +msgid "Activating new policy\n" +msgstr "Aktiverar ny policy\n" + +#: src/gui/instDialog.cpp:1421 +#, fuzzy, qt-format +msgid "Compiling rule sets for firewall: %1" +msgstr "Installerar policyregler på brandväggen \"%1\"." + +#: src/gui/instDialog.cpp:1459 +#, fuzzy +msgid "" +"Policy installer uses Secure Shell to communicate with the firewall.\n" +"Please configure directory path to the secure shell utility \n" +"installed on your machine using Preferences dialog" +msgstr "" +"Policyinstalleraren använder Secure Shell för att kommunicera med\n" +"brandväggen. Vänligen konfigurera sökvägen till verktygen för säker\n" +"filkopiering och skal som är installerade på din maskin via Inställningsmenyn" + +#: src/gui/instDialog.cpp:1483 +#, fuzzy +msgid "Firewall isn't compiled." +msgstr "Firewall Builder" + +#: src/gui/instDialog.cpp:1578 +msgid "" +"Firewall platform is not specified in this object.\n" +"Can't compile firewall policy." +msgstr "" +"Brandväggsplattform är inte angiven i detta objekt.\n" +"Kan inte bygga brandväggspolicy." + +#: src/gui/instDialog.cpp:1779 +#, fuzzy +msgid "Error: Terminating install sequence\n" +msgstr "FEL: Avslutar installationssekvens\n" + +#: src/gui/instDialog.cpp:1852 +msgid "Abnormal program termination" +msgstr "" + +#: src/gui/instDialog.cpp:1858 +msgid "Skipped" +msgstr "" + +#: src/gui/instDialog.cpp:1888 src/gui/instDialog.cpp:2040 +#, fuzzy +msgid "Compiling ..." +msgstr "Bygg" + +#: src/gui/instDialog.cpp:1901 +#, fuzzy +msgid "Recompile" +msgstr "Bygg" + +#: src/gui/instDialog.cpp:1987 +#, fuzzy +msgid "Batch policy rules compilation" +msgstr "Sök i policyregler" + +#: src/gui/instDialog.cpp:2016 src/gui/instDialog.cpp:2159 +#: src/gui/.ui/discoverydruid_q.cpp:992 src/gui/.ui/execdialog_q.cpp:94 +#: src/gui/.ui/instdialog_q.cpp:278 +msgid "Stop" +msgstr "Stopp" + +#: src/gui/instDialog.cpp:2170 +#, fuzzy +msgid "Install firewall: " +msgstr "Installera brandväggspolicy" + +#: src/gui/instDialog.cpp:2180 +#, fuzzy +msgid "Installing firewalls" +msgstr "Installera brandväggspolicy" + +#: src/gui/instDialog.cpp:2211 +#, fuzzy +msgid "Installing ..." +msgstr "Installera" + +#: src/gui/instDialog.cpp:2265 +#, qt-format +msgid "Installing policy rules on firewall '%1'." +msgstr "Installerar policyregler på brandväggen \"%1\"." + +#: src/gui/instDialog.cpp:2395 src/gui/.ui/instdialog_q.cpp:276 +#, fuzzy +msgid "Show selected" +msgstr "Visa borttagna objekt" + +#: src/gui/instDialog.cpp:2401 +msgid "Show all" +msgstr "" + +#: src/gui/instOptionsDialog.cpp:66 +#, fuzzy, qt-format +msgid "Install options for firewall '%1'" +msgstr "Installerar policyregler på brandväggen \"%1\"." + +#: src/gui/InterfaceDialog.cpp:193 +msgid "Group: " +msgstr "Grupp: " + +#: src/gui/InterfaceDialog.cpp:211 +msgid "Network: " +msgstr "Nätverk: " + +#: src/gui/ipfAdvancedDialog.cpp:170 src/gui/ipfAdvancedDialog.cpp:179 +#: src/gui/ipfwAdvancedDialog.cpp:144 src/gui/ipfwAdvancedDialog.cpp:153 +#: src/gui/iptAdvancedDialog.cpp:204 src/gui/iptAdvancedDialog.cpp:213 +#: src/gui/pfAdvancedDialog.cpp:278 src/gui/pfAdvancedDialog.cpp:287 +#: src/gui/pixAdvancedDialog.cpp:786 src/gui/pixAdvancedDialog.cpp:795 +#: src/gui/.ui/metriceditorpanel_q.cpp:76 src/gui/.ui/simpleinteditor_q.cpp:88 +#: src/gui/.ui/simpletexteditor_q.cpp:93 +msgid "Script Editor" +msgstr "Skriptredigerare" + +#: src/gui/IPv4Dialog.cpp:159 src/gui/NetworkDialog.cpp:119 +#, qt-format +msgid "Illegal netmask '%1'" +msgstr "Ogiltig nätmask \"%1\"" + +#: src/gui/IPv4Dialog.cpp:263 +#, qt-format +msgid "" +"DNS lookup failed for both names of the address object '%1' and the name of " +"the host '%2'." +msgstr "" +"DNS-uppslag misslyckades för båda namnen av adressobjektet \"%1\" och namnet " +"för värden \"%2\"." + +#: src/gui/IPv4Dialog.cpp:270 +#, qt-format +msgid "DNS lookup failed for name of the address object '%1'." +msgstr "DNS-uppslag misslyckades av namnet för adressobjektet \"%1\". " + +#: src/gui/LibraryDialog.cpp:151 +msgid "Pick the color for this library" +msgstr "Välj en färg för detta bibliotek" + +#: src/gui/listOfLibraries.cpp:142 +#, fuzzy +msgid "" +"The library file you are trying to open\n" +"has been saved in an older version of\n" +"Firewall Builder and needs to be upgraded.\n" +"To upgrade it, just load it in the Firewall\n" +"Builder GUI and save back to file again." +msgstr "" +"Biblioteksfilen du försöker att öppna\n" +"har sparats med en äldre version av\n" +"Firewall Builder och behöver uppgraderas.\n" +"För att uppgradera den, läs in den i Firewall\n" +"Builder och spara tillbaka till filen." + +#: src/gui/newFirewallDialog.cpp:99 src/gui/.ui/newhostdialog_q.cpp:390 +msgid "" +"Check option 'dynamic address' for the interface that gets its IP address " +"dynamically via DHCP or PPP protocol." +msgstr "" +"Kryssa i \"dynamisk adress\" för nätverksgränssnittet som får sin IP-adress " +"dynamiskt via DHCP eller PPP-protokollet." + +#: src/gui/newFirewallDialog.cpp:100 src/gui/.ui/newhostdialog_q.cpp:389 +msgid "" +"Check option 'Unnumbered interface' for the interface that does not have an " +"IP address. Examples of interfaces of this kind are those used to terminate " +"PPPoE or VPN tunnels." +msgstr "" +"Kryssa i \"Onumrerat gränssnitt\" för nätverksgränssnittet som inte har en " +"IP-adress. Exempel på gränssnitt av denna typ är de som används för att " +"terminera PPPoE eller VPN-tunnlar." + +#: src/gui/newFirewallDialog.cpp:229 src/gui/newHostDialog.cpp:222 +msgid "Missing SNMP community string." +msgstr "Saknar SNMP-communitysträng." + +#: src/gui/newFirewallDialog.cpp:248 src/gui/newHostDialog.cpp:241 +#, qt-format +msgid "Address of %1 could not be obtained via DNS" +msgstr "Adressen för %1 kunde inte hämtas via DNS" + +#: src/gui/newFirewallDialog.cpp:422 +msgid "dynamic" +msgstr "dynamisk" + +#: src/gui/newFirewallDialog.cpp:503 src/gui/newHostDialog.cpp:433 +#, qt-format +msgid "Interface: %1 (%2)" +msgstr "Nätverksgränssnitt: %1 (%2)" + +#: src/gui/newFirewallDialog.cpp:511 src/gui/newHostDialog.cpp:441 +#: src/gui/.ui/newfirewalldialog_q.cpp:514 src/gui/.ui/newhostdialog_q.cpp:404 +msgid "Dynamic address" +msgstr "Dynamisk adress" + +#: src/gui/newFirewallDialog.cpp:513 src/gui/newHostDialog.cpp:443 +#: src/gui/.ui/interfacedialog_q.cpp:254 +#: src/gui/.ui/newfirewalldialog_q.cpp:513 src/gui/.ui/newhostdialog_q.cpp:395 +msgid "Unnumbered interface" +msgstr "Onumrerat nätverksgränssnitt" + +#: src/gui/newFirewallDialog.cpp:515 src/gui/.ui/interfacedialog_q.cpp:259 +#: src/gui/.ui/newfirewalldialog_q.cpp:512 +msgid "Bridge port" +msgstr "" + +#: src/gui/newFirewallDialog.cpp:555 src/gui/newHostDialog.cpp:480 +#, qt-format +msgid "Illegal address '%1/%2'" +msgstr "Ogiltig adress \"%1/%2\"" + +#: src/gui/ObjConflictResolutionDialog.cpp:63 +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:152 +msgid "Keep current object" +msgstr "Behåll nuvarande objekt" + +#: src/gui/ObjConflictResolutionDialog.cpp:64 +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:157 +msgid "Replace with this object" +msgstr "Ersätt med detta objekt" + +#: src/gui/ObjConflictResolutionDialog.cpp:117 +#: src/gui/ObjConflictResolutionDialog.cpp:141 +#, fuzzy, qt-format +msgid "Object '%1' has been deleted" +msgstr "Objekt \"%1\" har tagits bort" + +#: src/gui/ObjConflictResolutionDialog.cpp:176 +#, fuzzy, qt-format +msgid "Object '%1' in the objects tree" +msgstr "Objekt \"%1\" i objektträdet" + +#: src/gui/ObjConflictResolutionDialog.cpp:178 +#: src/gui/ObjConflictResolutionDialog.cpp:180 +#, fuzzy, qt-format +msgid "Object '%1' in file %2" +msgstr "Objekt \"%1\" i filen %2" + +#: src/gui/ObjConflictResolutionDialog.cpp:297 +#: src/gui/.ui/findobjectwidget_q.cpp:191 +#, fuzzy +msgid "Next" +msgstr "Negativ" + +#: src/gui/ObjConflictResolutionDialog.cpp:299 +msgid "" +"The following two objects have the same internal ID but different attributes:" +msgstr "" + +#: src/gui/ObjConflictResolutionDialog.cpp:300 +msgid "Skip the rest but build report" +msgstr "" + +#: src/gui/ObjectEditor.cpp:437 +msgid "" +"Modifications done to this object can not be saved.\n" +"Do you want to continue editing it ?" +msgstr "" +"Modifieringar gjorde för detta objekt kan inte sparas.\n" +"Vill du fortsätta att redigera det ?" + +#: src/gui/ObjectEditor.cpp:438 src/gui/ObjectEditor.cpp:466 +#: src/gui/TCPServiceDialog.cpp:177 src/gui/TCPServiceDialog.cpp:185 +#: src/gui/UDPServiceDialog.cpp:119 src/gui/UDPServiceDialog.cpp:127 +#: src/gui/utils.cpp:221 +msgid "&Continue editing" +msgstr "Fortsätt &redigering" + +#: src/gui/ObjectEditor.cpp:465 +msgid "" +"This object has been modified but not saved.\n" +"Do you want to save it ?" +msgstr "" +"Detta objekt har modifierats men inte sparats.\n" +"Vill du spara det ?" + +#: src/gui/ObjectManipulator.cpp:145 +msgid "Object Manipulator" +msgstr "Objektmanipulator" + +#: src/gui/ObjectManipulator.cpp:161 +msgid "New &Library" +msgstr "Nytt &bibliotek" + +#: src/gui/ObjectManipulator.cpp:164 +msgid "New &Firewall" +msgstr "Ny &brandvägg" + +#: src/gui/ObjectManipulator.cpp:165 +msgid "New &Host" +msgstr "Ny &värd" + +#: src/gui/ObjectManipulator.cpp:166 +msgid "New &Interface" +msgstr "Nytt gränssn&itt" + +#: src/gui/ObjectManipulator.cpp:168 +msgid "New &Network" +msgstr "Nytt &nätverk" + +#: src/gui/ObjectManipulator.cpp:169 +msgid "New &Address" +msgstr "Ny &adress" + +#: src/gui/ObjectManipulator.cpp:170 +msgid "New &DNS Name" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:171 +#, fuzzy +msgid "New A&ddress Table" +msgstr "Ny adressrymd" + +#: src/gui/ObjectManipulator.cpp:172 +msgid "New Address &Range" +msgstr "Ny adress&rymd" + +#: src/gui/ObjectManipulator.cpp:173 +msgid "New &Object Group" +msgstr "Ny &objektgrupp" + +#: src/gui/ObjectManipulator.cpp:175 +msgid "New &Custom Service" +msgstr "Ny &egendefinierad tjänst" + +#: src/gui/ObjectManipulator.cpp:176 +msgid "New &IP Service" +msgstr "Ny &IP-tjänst" + +#: src/gui/ObjectManipulator.cpp:177 +msgid "New IC&MP Service" +msgstr "Ny IC&MP-tjänst" + +#: src/gui/ObjectManipulator.cpp:178 +msgid "New &TCP Service" +msgstr "Ny &TCP-tjänst" + +#: src/gui/ObjectManipulator.cpp:179 +msgid "New &UDP Service" +msgstr "Ny &UDP-tjänst" + +#: src/gui/ObjectManipulator.cpp:180 +#, fuzzy +msgid "New &TagService" +msgstr "Ny &TCP-tjänst" + +#: src/gui/ObjectManipulator.cpp:181 +msgid "New &Service Group" +msgstr "Ny &tjänstegrupp" + +#: src/gui/ObjectManipulator.cpp:183 +msgid "New Ti&me Interval" +msgstr "Nytt tidsi&ntervall" + +#: src/gui/ObjectManipulator.cpp:230 +msgid " ( read only )" +msgstr "( skrivskyddad )" + +#: src/gui/ObjectManipulator.cpp:498 +msgid "" +"The name of the object '%1' has changed. The program can also\n" +"rename IP address objects that belong to this object,\n" +"using standard naming scheme 'host_name:interface_name:ip'.\n" +"This makes it easier to distinguish what host or a firewall\n" +"given IP address object belongs to when it is used in \n" +"the policy or NAT rule. The program also renames MAC address\n" +"objects using scheme 'host_name:interface_name:mac'.\n" +"Do you want to rename child IP and MAC address objects now?\n" +"(If you click 'No', names of all address objects that belong to\n" +"%1 will stay the same.)" +msgstr "" +"Namnet på objektet \"%1\" har ändrats. Programmet kan också\n" +"byta namn på IP-adressobjekt som tillhör detta objekt med\n" +"standardnamnschemat \"värd_namn:nätverksgränssnitt_namn:ip\".\n" +"Detta gör det lättare att urskilja vilken värd eller en brandvägg\n" +"med angivet IP-adressobjekt som tillhör den när den används i\n" +"policyn eller NAT-regel. Programmet kan också byta namn på\n" +"MAC-adressobjekt med schemat \"värd_namn:nätverksgränssnitt_namn:mac\".\n" +"Vill du byta namn på barn IP och MAC-adressobjekt nu?\n" +"(Om du klickar \"Nej\" kommer namnen på alla adressobjekt som\n" +"tillhör %1 att kvarstå.)" + +#: src/gui/ObjectManipulator.cpp:527 +msgid "" +"The name of the interface '%1' has changed. The program can also\n" +"rename IP address objects that belong to this interface,\n" +"using standard naming scheme 'host_name:interface_name:ip'.\n" +"This makes it easier to distinguish what host or a firewall\n" +"given IP address object belongs to when it is used in \n" +"the policy or NAT rule. The program also renames MAC address\n" +"objects using scheme 'host_name:interface_name:mac'.\n" +"Do you want to rename child IP and MAC address objects now?\n" +"(If you click 'No', names of all address objects that belong to\n" +"%1 will stay the same.)" +msgstr "" +"Namnet på nätverksgränssnittet \"%1\" har ändrats. Programmet kan också\n" +"byta namn på IP-adressobjekt som tillhör detta nätverksgränssnitt med\n" +"standardnamnschemat \"värd_namn:nätverksgränssnitt_namn:ip\".\n" +"Detta gör det lättare att urskilja vilken värd eller en brandvägg\n" +"med angivet IP-adressobjekt som tillhör den när den används i\n" +"policyn eller NAT-regel. Programmet kan också byta namn på\n" +"MAC-adressobjekt med schemat \"värd_namn:nätverksgränssnitt_namn:mac\".\n" +"Vill du byta namn på barn IP och MAC-adressobjekt nu?\n" +"(Om du klickar \"Nej\" kommer namnen på alla adressobjekt som\n" +"tillhör %1 att kvarstå.)" + +#: src/gui/ObjectManipulator.cpp:874 +#, qt-format +msgid "place in library %1" +msgstr "placera i bibliotek %1" + +#: src/gui/ObjectManipulator.cpp:883 +#, qt-format +msgid "to library %1" +msgstr "till bibliotek %1" + +#: src/gui/ObjectManipulator.cpp:893 +msgid "place here" +msgstr "placera här" + +#: src/gui/ObjectManipulator.cpp:896 +msgid "Duplicate ..." +msgstr "Duplicera ..." + +#: src/gui/ObjectManipulator.cpp:901 src/gui/ObjectManipulator.cpp:904 +msgid "Move ..." +msgstr "Flytta ..." + +#: src/gui/ObjectManipulator.cpp:933 +msgid "Add Interface" +msgstr "Lägg till nätverksgränssnitt" + +#: src/gui/ObjectManipulator.cpp:938 +msgid "Add IP Address" +msgstr "Lägg till IP-adress" + +#: src/gui/ObjectManipulator.cpp:940 +msgid "Add MAC Address" +msgstr "Lägg till MAC-adress" + +#: src/gui/ObjectManipulator.cpp:945 src/gui/.ui/newfirewalldialog_q.cpp:486 +msgid "New Firewall" +msgstr "Ny brandvägg" + +#: src/gui/ObjectManipulator.cpp:950 src/gui/ObjectManipulator.cpp:2515 +#: src/gui/ObjectManipulator.cpp:2531 +msgid "New Address" +msgstr "Ny adress" + +#: src/gui/ObjectManipulator.cpp:955 src/gui/ObjectManipulator.cpp:2546 +#, fuzzy +msgid "New DNS Name" +msgstr "Ny RSA-nyckel" + +#: src/gui/ObjectManipulator.cpp:961 src/gui/ObjectManipulator.cpp:2557 +#, fuzzy +msgid "New Address Table" +msgstr "Ny adressrymd" + +#: src/gui/ObjectManipulator.cpp:966 src/gui/ObjectManipulator.cpp:2624 +msgid "New Address Range" +msgstr "Ny adressrymd" + +#: src/gui/ObjectManipulator.cpp:970 src/gui/.ui/newhostdialog_q.cpp:377 +msgid "New Host" +msgstr "Ny värd" + +#: src/gui/ObjectManipulator.cpp:974 src/gui/ObjectManipulator.cpp:2491 +msgid "New Network" +msgstr "Nytt nätverk" + +#: src/gui/ObjectManipulator.cpp:978 src/gui/ObjectManipulator.cpp:1006 +#: src/gui/.ui/newgroupdialog_q.cpp:97 +msgid "New Group" +msgstr "Ny grupp" + +#: src/gui/ObjectManipulator.cpp:982 src/gui/ObjectManipulator.cpp:2647 +msgid "New Custom Service" +msgstr "Ny egendefinierad tjänst" + +#: src/gui/ObjectManipulator.cpp:986 src/gui/ObjectManipulator.cpp:2658 +msgid "New IP Service" +msgstr "Ny IP-tjänst" + +#: src/gui/ObjectManipulator.cpp:990 src/gui/ObjectManipulator.cpp:2669 +msgid "New ICMP Service" +msgstr "Ny ICMP-tjänst" + +#: src/gui/ObjectManipulator.cpp:994 src/gui/ObjectManipulator.cpp:2680 +msgid "New TCP Service" +msgstr "Ny TCP-tjänst" + +#: src/gui/ObjectManipulator.cpp:998 src/gui/ObjectManipulator.cpp:2691 +msgid "New UDP Service" +msgstr "Ny UDP-tjänst" + +#: src/gui/ObjectManipulator.cpp:1002 src/gui/ObjectManipulator.cpp:2591 +#, fuzzy +msgid "New TagService" +msgstr "Ny TCP-tjänst" + +#: src/gui/ObjectManipulator.cpp:1010 src/gui/ObjectManipulator.cpp:2714 +msgid "New Time Interval" +msgstr "Nytt tidsintervall" + +#: src/gui/ObjectManipulator.cpp:1014 src/gui/.ui/finddialog_q.cpp:131 +#: src/gui/.ui/findwhereusedwidget_q.cpp:121 +msgid "Find" +msgstr "Sök" + +#: src/gui/ObjectManipulator.cpp:1015 src/gui/RuleSetView.cpp:1672 +msgid "Where used" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1027 src/gui/.ui/groupobjectdialog_q.cpp:186 +#: src/gui/.ui/groupobjectdialog_q.cpp:187 +msgid "Group" +msgstr "Grupp" + +#: src/gui/ObjectManipulator.cpp:1035 src/gui/.ui/FWBMainWindow_q.cpp:499 +#: src/gui/.ui/FWBMainWindow_q.cpp:500 src/gui/.ui/instdialog_q.cpp:79 +#: src/gui/.ui/instdialog_q.cpp:267 +msgid "Compile" +msgstr "Bygg" + +#: src/gui/ObjectManipulator.cpp:1036 src/gui/.ui/FWBMainWindow_q.cpp:502 +#: src/gui/.ui/FWBMainWindow_q.cpp:503 src/gui/.ui/instdialog_q.cpp:81 +#: src/gui/.ui/instdialog_q.cpp:268 +msgid "Install" +msgstr "Installera" + +#: src/gui/ObjectManipulator.cpp:1043 src/gui/.ui/FWBMainWindow_q.cpp:561 +#: src/gui/.ui/FWBMainWindow_q.cpp:562 +#, fuzzy +msgid "Lock" +msgstr "Låst av" + +#: src/gui/ObjectManipulator.cpp:1045 src/gui/.ui/FWBMainWindow_q.cpp:563 +#: src/gui/.ui/FWBMainWindow_q.cpp:564 +msgid "Unlock" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1054 +msgid "dump" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1087 +msgid "Undelete..." +msgstr "Ta tillbaka..." + +#: src/gui/ObjectManipulator.cpp:1576 +#, qt-format +msgid "" +"Impossible to insert object %1 (type %2) into %3\n" +"because of incompatible type." +msgstr "" +"Omöjligt att lägga till objektet %1 (typ %2) till %3\n" +"på grund av en inkompatibel typ." + +#: src/gui/ObjectManipulator.cpp:1743 +#, fuzzy +msgid "" +"Emptying the 'Deleted Objects' in a library file is not recommended.\n" +"When you remove deleted objects from a library file, Firewall Builder\n" +"loses ability to track them. If a group or a policy rule in some\n" +"data file still uses removed object from this library, you may encounter\n" +"unusual and unexpected behavior of the program.\n" +"Do you want to delete selected objects anyway ?" +msgstr "" +"Tömning av \"Borttagna objekt\" i en biblioteksfil är inte rekommenderat.\n" +"När du tar bort borttagna objekt från en biblioteksfil förlorar Firewall\n" +"Builder möjligheten att spåra dom. Om en grupp eller en policyregel i\n" +"någon datafil fortfarande använder borttagna objekt från detta bibliotek\n" +"kan du uppleva ett onormalt och oväntat beteende för programmet.\n" +"Vill du ändå ta bort valda objekt ?" + +#: src/gui/ObjectManipulator.cpp:1823 +#, qt-format +msgid "" +"When you delete a library, all objects that belong to it\n" +"disappear from the tree and all groups and rules that reference them.\n" +"You won't be able to reverse this operation later.\n" +"Do you still want to delete library %1?" +msgstr "" +"När du tar bort ett bibliotek kommer alla objekt som tillhör det\n" +"att försvinna från trädet och alla grupper och regler som refererar dit.\n" +"DU kommer inte att kunna återställa detta efter operationen.\n" +"Vill du fortfarande ta bort biblioteket %1?" + +#: src/gui/ObjectManipulator.cpp:2343 +#, qt-format +msgid "" +"Type '%1': new object can not be created because\n" +"corresponding branch is missing in the object tree.\n" +"Please repair the tree using command 'fwbedit -s -f file.fwb'." +msgstr "" + +#: src/gui/ObjectManipulator.cpp:2470 src/gui/ObjectManipulator.cpp:2473 +msgid "New Interface" +msgstr "Nytt nätverksgränssnitt" + +#: src/gui/ObjectManipulator.cpp:2635 +msgid "New Object Group" +msgstr "Ny objektgrupp" + +#: src/gui/ObjectManipulator.cpp:2702 +msgid "New Service Group" +msgstr "Ny tjänstegrupp" + +#: src/gui/ObjectManipulator.cpp:2821 +msgid "Searching for firewalls affected by the change..." +msgstr "" + +#: src/gui/ObjectTreeView.cpp:115 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:66 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:113 +#: src/gui/.ui/discoverydruid_q.cpp:748 src/gui/.ui/discoverydruid_q.cpp:1024 +#: src/gui/.ui/FWBMainWindow_q.cpp:575 +msgid "Object" +msgstr "Objekt" + +#: src/gui/pfAdvancedDialog.cpp:98 +msgid "Aggressive" +msgstr "Aggressiv" + +#: src/gui/pfAdvancedDialog.cpp:100 +msgid "Conservative" +msgstr "Konservativ" + +#: src/gui/pfAdvancedDialog.cpp:102 +msgid "For high latency" +msgstr "" + +#: src/gui/pfAdvancedDialog.cpp:104 +msgid "Normal" +msgstr "Normal" + +#: src/gui/pixAdvancedDialog.cpp:130 +msgid "0 - System Unusable" +msgstr "0 - Systemet oanvändbart" + +#: src/gui/pixAdvancedDialog.cpp:135 +msgid "1 - Take Immediate Action" +msgstr "1 - Vidtag omedelbara åtgärder" + +#: src/gui/pixAdvancedDialog.cpp:140 +msgid "2 - Critical Condition" +msgstr "2 - Kritiskt tillstånd" + +#: src/gui/pixAdvancedDialog.cpp:145 +msgid "3 - Error Message" +msgstr "3 - Felmeddelande" + +#: src/gui/pixAdvancedDialog.cpp:150 +msgid "4 - Warning Message" +msgstr "4 - Varningsmeddelande" + +#: src/gui/pixAdvancedDialog.cpp:155 +msgid "5 - Normal but significant condition" +msgstr "5 - Normal men meningsfullt tillstånd" + +#: src/gui/pixAdvancedDialog.cpp:160 +msgid "6 - Informational" +msgstr "6 - Information" + +#: src/gui/pixAdvancedDialog.cpp:165 +msgid "7 - Debug Message" +msgstr "7 - Debugmeddelande" + +#: src/gui/pixAdvancedDialog.cpp:679 src/gui/pixAdvancedDialog.cpp:717 +msgid "Error: Policy compiler for PIX is not installed" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:703 +#, fuzzy +msgid "Compiler error" +msgstr "Kompilator" + +#: src/gui/platforms.cpp:60 src/gui/.ui/ruleoptionsdialog_q.cpp:791 +msgid "alert" +msgstr "alert" + +#: src/gui/platforms.cpp:62 src/gui/.ui/ruleoptionsdialog_q.cpp:792 +msgid "crit" +msgstr "crit" + +#: src/gui/platforms.cpp:64 src/gui/.ui/pfadvanceddialog_q.cpp:1075 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:793 +msgid "error" +msgstr "error" + +#: src/gui/platforms.cpp:66 src/gui/.ui/ruleoptionsdialog_q.cpp:794 +msgid "warning" +msgstr "warning" + +#: src/gui/platforms.cpp:68 src/gui/.ui/ruleoptionsdialog_q.cpp:795 +msgid "notice" +msgstr "notice" + +#: src/gui/platforms.cpp:70 src/gui/.ui/ruleoptionsdialog_q.cpp:796 +msgid "info" +msgstr "info" + +#: src/gui/platforms.cpp:72 src/gui/.ui/ruleoptionsdialog_q.cpp:797 +msgid "debug" +msgstr "debug" + +#: src/gui/platforms.cpp:78 +msgid "kern" +msgstr "kern" + +#: src/gui/platforms.cpp:80 +msgid "user" +msgstr "användare" + +#: src/gui/platforms.cpp:82 +msgid "mail" +msgstr "mail" + +#: src/gui/platforms.cpp:84 +msgid "daemon" +msgstr "daemon" + +#: src/gui/platforms.cpp:86 +msgid "auth" +msgstr "auth" + +#: src/gui/platforms.cpp:88 +msgid "syslog" +msgstr "syslog" + +#: src/gui/platforms.cpp:90 +msgid "lpr" +msgstr "lpr" + +#: src/gui/platforms.cpp:92 +msgid "news" +msgstr "news" + +#: src/gui/platforms.cpp:94 +msgid "uucp" +msgstr "uucp" + +#: src/gui/platforms.cpp:96 +msgid "cron" +msgstr "cron" + +#: src/gui/platforms.cpp:98 +msgid "authpriv" +msgstr "authpriv" + +#: src/gui/platforms.cpp:100 src/gui/.ui/pixadvanceddialog_q.cpp:1945 +msgid "ftp" +msgstr "ftp" + +#: src/gui/platforms.cpp:102 +msgid "local0" +msgstr "local0" + +#: src/gui/platforms.cpp:104 +msgid "local1" +msgstr "local1" + +#: src/gui/platforms.cpp:106 +msgid "local2" +msgstr "local2" + +#: src/gui/platforms.cpp:108 +msgid "local3" +msgstr "local3" + +#: src/gui/platforms.cpp:110 +msgid "local4" +msgstr "local4" + +#: src/gui/platforms.cpp:112 +msgid "local5" +msgstr "local5" + +#: src/gui/platforms.cpp:114 +msgid "local6" +msgstr "local6" + +#: src/gui/platforms.cpp:116 +msgid "local7" +msgstr "local7" + +#: src/gui/platforms.cpp:121 +msgid "ICMP admin prohibited" +msgstr "ICMP admin prohibited" + +#: src/gui/platforms.cpp:123 +msgid "ICMP host prohibited" +msgstr "ICMP host prohibited" + +#: src/gui/platforms.cpp:125 +msgid "ICMP host unreachable" +msgstr "ICMP host unreachable" + +#: src/gui/platforms.cpp:127 +msgid "ICMP net prohibited" +msgstr "ICMP net prohibited" + +#: src/gui/platforms.cpp:129 +msgid "ICMP net unreachable" +msgstr "ICMP net unreachable" + +#: src/gui/platforms.cpp:131 +msgid "ICMP port unreachable" +msgstr "ICMP port unreachable" + +#: src/gui/platforms.cpp:133 +msgid "ICMP protocol unreachable" +msgstr "ICMP protocol unreachable" + +#: src/gui/platforms.cpp:135 +msgid "TCP RST" +msgstr "TCP RST" + +#: src/gui/platforms.cpp:138 src/gui/.ui/actionsdialog_q.cpp:476 +#: src/gui/.ui/actionsdialog_q.cpp:483 +msgid "Route through" +msgstr "" + +#: src/gui/platforms.cpp:140 src/gui/.ui/actionsdialog_q.cpp:477 +#: src/gui/.ui/actionsdialog_q.cpp:484 +msgid "Route reply through" +msgstr "" + +#: src/gui/platforms.cpp:142 src/gui/.ui/actionsdialog_q.cpp:478 +#: src/gui/.ui/actionsdialog_q.cpp:485 +msgid "Route a copy through" +msgstr "" + +#: src/gui/platforms.cpp:145 src/gui/.ui/iptadvanceddialog_q.cpp:644 +msgid "on top of the script" +msgstr "på toppen av skriptet" + +#: src/gui/platforms.cpp:147 src/gui/.ui/iptadvanceddialog_q.cpp:645 +msgid "after interface configuration" +msgstr "efter konfiguration av nätverksgränssnitt" + +#: src/gui/platforms.cpp:149 src/gui/.ui/iptadvanceddialog_q.cpp:646 +msgid "after policy reset" +msgstr "efter återställning av policy" + +#: src/gui/platforms.cpp:152 +#, fuzzy +msgid "in the activation shell script" +msgstr "på toppen av skriptet" + +#: src/gui/platforms.cpp:155 +msgid "in the pf rule file, at the very top" +msgstr "" + +#: src/gui/platforms.cpp:158 +msgid "in the pf rule file, after set comamnds" +msgstr "" + +#: src/gui/platforms.cpp:161 +msgid "in the pf rule file, after scrub comamnds" +msgstr "" + +#: src/gui/platforms.cpp:164 +msgid "in the pf rule file, after table definitions" +msgstr "" + +#: src/gui/platforms.cpp:169 src/gui/.ui/ruleoptionsdialog_q.cpp:807 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:823 +msgid "/day" +msgstr "/dag" + +#: src/gui/platforms.cpp:171 src/gui/.ui/ruleoptionsdialog_q.cpp:808 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:824 +msgid "/hour" +msgstr "/timma" + +#: src/gui/platforms.cpp:173 src/gui/.ui/ruleoptionsdialog_q.cpp:809 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:825 +msgid "/minute" +msgstr "/minut" + +#: src/gui/platforms.cpp:175 src/gui/.ui/ruleoptionsdialog_q.cpp:810 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:826 +msgid "/second" +msgstr "/sekund" + +#: src/gui/platforms.cpp:380 +msgid "- any -" +msgstr "- alla -" + +#: src/gui/platforms.cpp:381 +msgid "1.2.5 or earlier" +msgstr "1.2.5 eller tidigare" + +#: src/gui/platforms.cpp:382 +msgid "1.2.6 to 1.2.8" +msgstr "1.2.6 till 1.2.8" + +#: src/gui/platforms.cpp:383 +#, fuzzy +msgid "1.2.9 to 1.2.11" +msgstr "1.2.6 till 1.2.8" + +#: src/gui/platforms.cpp:384 +#, fuzzy +msgid "1.3.0 or later" +msgstr "1.2.9 eller senare" + +#: src/gui/platforms.cpp:401 +msgid "3.x" +msgstr "" + +#: src/gui/platforms.cpp:402 +msgid "4.x" +msgstr "" + +#: src/gui/platforms.cpp:518 +msgid "Accept" +msgstr "Tillåt" + +#: src/gui/platforms.cpp:520 +msgid "Deny" +msgstr "Neka" + +#: src/gui/platforms.cpp:522 +msgid "Reject" +msgstr "Vägra" + +#: src/gui/platforms.cpp:524 +msgid "Scrub" +msgstr "" + +#: src/gui/platforms.cpp:526 +#, fuzzy +msgid "Return" +msgstr "kern" + +#: src/gui/platforms.cpp:528 +#, fuzzy +msgid "Skip" +msgstr "hoppa över" + +#: src/gui/platforms.cpp:530 src/gui/.ui/longtextdialog_q.cpp:96 +msgid "Continue" +msgstr "Fortsätt" + +#: src/gui/platforms.cpp:532 +msgid "Modify" +msgstr "" + +#: src/gui/platforms.cpp:534 +msgid "Classify" +msgstr "" + +#: src/gui/platforms.cpp:536 +#, fuzzy +msgid "Custom" +msgstr "Klipp ut" + +#: src/gui/platforms.cpp:539 +#, fuzzy +msgid "Branch" +msgstr "Tillbaka" + +#: src/gui/platforms.cpp:540 +msgid "Chain" +msgstr "" + +#: src/gui/platforms.cpp:541 +#, fuzzy +msgid "Anchor" +msgstr "Upphovsman" + +#: src/gui/platforms.cpp:545 +msgid "Accounting" +msgstr "Redovisning" + +#: src/gui/platforms.cpp:546 +#, fuzzy +msgid "Count" +msgstr "Klipp ut" + +#: src/gui/platforms.cpp:550 +msgid "Tag" +msgstr "" + +#: src/gui/platforms.cpp:551 +#, fuzzy +msgid "Mark" +msgstr "Mask:" + +#: src/gui/platforms.cpp:555 +msgid "Pipe" +msgstr "" + +#: src/gui/platforms.cpp:556 +msgid "Queue" +msgstr "" + +#: src/gui/PrefsDialog.cpp:176 +msgid "Pick the color" +msgstr "Välj färg" + +#: src/gui/PrefsDialog.cpp:224 +msgid "Find working directory" +msgstr "Sök arbetskatalog" + +#: src/gui/PrefsDialog.cpp:233 +msgid "Find Secure Shell utility" +msgstr "Sök Secure Shell-verktyg" + +#: src/gui/PrefsDialog.cpp:284 +msgid "Find add-on library" +msgstr "Sök tilläggsbibliotek" + +#: src/gui/printerStream.cpp:132 +#, qt-format +msgid "Page %1" +msgstr "" + +#: src/gui/PrintingProgressDialog.cpp:48 +#, qt-format +msgid "Printing (page %1/%2)" +msgstr "" + +#: src/gui/PrintingProgressDialog.cpp:50 +#, fuzzy, qt-format +msgid "Printing page %1" +msgstr "Utskrift avbruten" + +#: src/gui/PrintingProgressDialog.cpp:67 +msgid "Aborting print operation" +msgstr "" + +#: src/gui/RCS.cpp:498 src/gui/RCS.cpp:717 src/gui/RCS.cpp:800 +#, qt-format +msgid "Error checking file out: %1" +msgstr "Fel vid utcheckning av fil: %1" + +#: src/gui/RCS.cpp:558 +#, qt-format +msgid "" +"Fatal error during initial RCS checkin of file %1 :\n" +" %2\n" +"Exit status %3" +msgstr "" +"Allvarligt fel under initial RCS-incheckning av fil %1 :\n" +" %2\n" +"Avslutsstatus %3" + +#: src/gui/RCS.cpp:687 +msgid "Error creating temporary file " +msgstr "Fel vid skapandet av temporär fil " + +#: src/gui/RCS.cpp:700 +msgid "Error writing to temporary file " +msgstr "Fel vid skrivning till temporär fil " + +#: src/gui/RCS.cpp:732 +#, qt-format +msgid "" +"File is opened and locked by %1.\n" +"You can only open it read-only." +msgstr "" +"Filen är öppen och låst av %1.\n" +"Du kan endast öppna den skrivskyddad." + +#: src/gui/RCS.cpp:745 +#, qt-format +msgid "" +"Revision %1 of this file has been checked out and locked by you earlier.\n" +"The file may be opened in another copy of Firewall Builder or was left " +"opened\n" +"after the program crashed." +msgstr "" +"Revision %1 av denna fil har checkats ut och låsts av dig tidigare.\n" +"FIlen kan vara öppnad i en annan kopia av Firewall Builder eller lämnades\n" +"öppen efter att programmet kraschade." + +#: src/gui/RCS.cpp:748 +msgid "Open &read-only" +msgstr "Öppna sk&rivskyddad" + +#: src/gui/RCS.cpp:748 +msgid "&Open and continue editing" +msgstr "Öppna &och fortsätt redigera" + +#: src/gui/RCS.cpp:991 +#, qt-format +msgid "Fatal error running rlog for %1" +msgstr "Allvarligt fel vid körning av rlog för %1" + +#: src/gui/RCS.cpp:1031 +#, qt-format +msgid "Fatal error running rcsdiff for file %1" +msgstr "Allvarligt fel vid körning av rcsdiff för filen %1" + +#: src/gui/RCSFilePreview.cpp:137 +msgid "File is not in RCS" +msgstr "Filen är inte i RCS" + +#: src/gui/RuleSetView.cpp:206 +msgid "A Rule Set" +msgstr "Ett regelverk" + +#: src/gui/RuleSetView.cpp:621 +msgid "Outbound " +msgstr "Utgående " + +#: src/gui/RuleSetView.cpp:707 +msgid "Original" +msgstr "Original" + +#: src/gui/RuleSetView.cpp:708 +#, fuzzy +msgid "Default" +msgstr "Ta bort" + +#: src/gui/RuleSetView.cpp:711 src/gui/.ui/instdialog_q.cpp:274 +msgid "All" +msgstr "" + +#: src/gui/RuleSetView.cpp:712 src/gui/RuleSetView.cpp:720 +#: src/gui/.ui/timedialog_q.cpp:245 src/gui/.ui/timedialog_q.cpp:262 +msgid "Any" +msgstr "Alla" + +#: src/gui/RuleSetView.cpp:1457 src/gui/RuleSetView.cpp:1717 +#: src/gui/RuleSetView.cpp:1745 src/gui/.ui/FWBMainWindow_q.cpp:521 +#: src/gui/.ui/FWBMainWindow_q.cpp:522 +msgid "Insert Rule" +msgstr "Lägg till regel" + +#: src/gui/RuleSetView.cpp:1459 src/gui/RuleSetView.cpp:1473 +msgid "Paste Rule" +msgstr "Klistra in regel" + +#: src/gui/RuleSetView.cpp:1603 +#, fuzzy +msgid "Parameters" +msgstr "Fragment" + +#: src/gui/RuleSetView.cpp:1620 +msgid "Inbound" +msgstr "Ingående" + +#: src/gui/RuleSetView.cpp:1624 +msgid "Outbound" +msgstr "Utgående" + +#: src/gui/RuleSetView.cpp:1628 +msgid "Both" +msgstr "Båda" + +#: src/gui/RuleSetView.cpp:1637 +msgid "Rule Options" +msgstr "Regelinställningar" + +#: src/gui/RuleSetView.cpp:1644 +msgid "Logging On" +msgstr "Loggning på" + +#: src/gui/RuleSetView.cpp:1648 +msgid "Logging Off" +msgstr "Loggning av" + +#: src/gui/RuleSetView.cpp:1674 +#, fuzzy +msgid "Reveal in tree" +msgstr "Sök i trädet" + +#: src/gui/RuleSetView.cpp:1677 +msgid "Negate" +msgstr "Negativ" + +#: src/gui/RuleSetView.cpp:1725 +#, qt-format +msgid "Rules: %1-%2" +msgstr "Regler: %1-%2" + +#: src/gui/RuleSetView.cpp:1728 +#, qt-format +msgid "Rule: %1" +msgstr "Regel: %1" + +#: src/gui/RuleSetView.cpp:1733 +msgid "Color Label:" +msgstr "Etikettfärg:" + +#: src/gui/RuleSetView.cpp:1747 src/gui/.ui/FWBMainWindow_q.cpp:527 +#: src/gui/.ui/FWBMainWindow_q.cpp:528 +msgid "Add Rule Below" +msgstr "Lägg till regel nedan" + +#: src/gui/RuleSetView.cpp:1750 src/gui/.ui/FWBMainWindow_q.cpp:529 +#: src/gui/.ui/FWBMainWindow_q.cpp:530 +msgid "Remove Rule" +msgstr "Ta bort regel" + +#: src/gui/RuleSetView.cpp:1751 +msgid "Remove Rules" +msgstr "Ta bort regler" + +#: src/gui/RuleSetView.cpp:1754 +msgid "Move Rule" +msgstr "Flytta regel" + +#: src/gui/RuleSetView.cpp:1755 +msgid "Move Rules" +msgstr "Flytta regler" + +#: src/gui/RuleSetView.cpp:1761 src/gui/.ui/FWBMainWindow_q.cpp:532 +#: src/gui/.ui/FWBMainWindow_q.cpp:533 +msgid "Copy Rule" +msgstr "Kopiera regel" + +#: src/gui/RuleSetView.cpp:1763 src/gui/.ui/FWBMainWindow_q.cpp:534 +#: src/gui/.ui/FWBMainWindow_q.cpp:535 +msgid "Cut Rule" +msgstr "Klipp ut regel" + +#: src/gui/RuleSetView.cpp:1765 src/gui/.ui/FWBMainWindow_q.cpp:536 +#: src/gui/.ui/FWBMainWindow_q.cpp:537 +msgid "Paste Rule Above" +msgstr "Klistra in regel ovan" + +#: src/gui/RuleSetView.cpp:1767 src/gui/.ui/FWBMainWindow_q.cpp:538 +#: src/gui/.ui/FWBMainWindow_q.cpp:539 +msgid "Paste Rule Below" +msgstr "Klistra in regel nedan" + +#: src/gui/RuleSetView.cpp:1774 +msgid "Enable Rule" +msgstr "Aktivera regel" + +#: src/gui/RuleSetView.cpp:1775 +msgid "Enable Rules" +msgstr "Aktivera regler" + +#: src/gui/RuleSetView.cpp:1779 +msgid "Disable Rule" +msgstr "Stäng av regel" + +#: src/gui/RuleSetView.cpp:1780 +msgid "Disable Rules" +msgstr "Stäng av regler" + +#: src/gui/RuleSetView.cpp:3306 src/gui/RuleSetView.cpp:3396 +msgid "Source" +msgstr "Källa" + +#: src/gui/RuleSetView.cpp:3309 src/gui/RuleSetView.cpp:3399 +#: src/gui/RuleSetView.cpp:3559 +msgid "Destination" +msgstr "Destination" + +#: src/gui/RuleSetView.cpp:3312 src/gui/RuleSetView.cpp:3402 +msgid "Service" +msgstr "Tjänst" + +#: src/gui/RuleSetView.cpp:3318 src/gui/RuleSetView.cpp:3405 +msgid "Direction" +msgstr "Riktning" + +#: src/gui/RuleSetView.cpp:3321 src/gui/RuleSetView.cpp:3408 +msgid "Action" +msgstr "Åtgärd" + +#: src/gui/RuleSetView.cpp:3326 src/gui/RuleSetView.cpp:3413 +#: src/gui/.ui/timedialog_q.cpp:241 +msgid "Time" +msgstr "Tid" + +#: src/gui/RuleSetView.cpp:3332 src/gui/RuleSetView.cpp:3419 +#: src/gui/RuleSetView.cpp:3499 src/gui/RuleSetView.cpp:3571 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:206 +#: src/gui/.ui/linux24advanceddialog_q.cpp:415 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:184 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:198 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1854 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:308 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:212 +msgid "Options" +msgstr "Inställningar" + +#: src/gui/RuleSetView.cpp:3336 src/gui/RuleSetView.cpp:3423 +#: src/gui/RuleSetView.cpp:3502 src/gui/RuleSetView.cpp:3574 +msgid "Comment" +msgstr "Kommentar" + +#: src/gui/RuleSetView.cpp:3481 +msgid "Original Src" +msgstr "Original källa" + +#: src/gui/RuleSetView.cpp:3484 +msgid "Original Dst" +msgstr "Original mål" + +#: src/gui/RuleSetView.cpp:3487 +msgid "Original Srv" +msgstr "Original tjänst" + +#: src/gui/RuleSetView.cpp:3490 +msgid "Translated Src" +msgstr "Översatt källa" + +#: src/gui/RuleSetView.cpp:3493 +msgid "Translated Dst" +msgstr "Översatt mål" + +#: src/gui/RuleSetView.cpp:3496 +msgid "Translated Srv" +msgstr "Översatt tjänst" + +#: src/gui/RuleSetView.cpp:3562 +msgid "Gateway" +msgstr "" + +#: src/gui/RuleSetView.cpp:3568 +#, fuzzy +msgid "Metric" +msgstr "Tjänst" + +#: src/gui/SimpleTextEditor.cpp:71 +#, fuzzy +msgid "Choose file" +msgstr "Välj en fil att importera" + +#: src/gui/SSHPIX.cpp:136 src/gui/SSHUnx.cpp:95 +msgid "" +"\n" +"*** Fatal error :" +msgstr "" +"\n" +"*** Allvarligt fel :" + +#: src/gui/SSHPIX.cpp:170 src/gui/SSHUnx.cpp:151 +#, fuzzy +msgid "Logged in" +msgstr "Inloggad\n" + +#: src/gui/SSHPIX.cpp:171 +#, fuzzy +msgid "Switching to enable mode..." +msgstr "Byter till \"enable\"-läge...\n" + +#: src/gui/SSHPIX.cpp:205 src/gui/SSHUnx.cpp:176 +msgid "New RSA key" +msgstr "Ny RSA-nyckel" + +#: src/gui/SSHPIX.cpp:206 src/gui/SSHUnx.cpp:177 +msgid "Yes" +msgstr "Ja" + +#: src/gui/SSHPIX.cpp:206 src/gui/SSHUnx.cpp:177 +msgid "No" +msgstr "Nej" + +#: src/gui/SSHPIX.cpp:252 +msgid "In enable mode." +msgstr "I \"enable\"-läge." + +#: src/gui/SSHPIX.cpp:387 src/gui/SSHPIX.cpp:783 +msgid "Pushing firewall configuration" +msgstr "Trycker ut brandväggskonfiguration" + +#: src/gui/SSHPIX.cpp:424 +#, qt-format +msgid "Rule %1" +msgstr "Regel %1" + +#: src/gui/SSHPIX.cpp:450 +#, fuzzy +msgid "End" +msgstr "Slut:" + +#: src/gui/SSHPIX.cpp:532 +msgid "Making backup copy of the firewall configuration" +msgstr "Skapar säkerhetskopia av brandväggskonfiguration" + +#: src/gui/SSHPIX.cpp:596 +msgid "*** Clearing unused access lists" +msgstr "*** Rensar oanvända tillgångslistor" + +#: src/gui/SSHPIX.cpp:661 +msgid "*** Clearing unused object groups" +msgstr "*** Rensar oanvända objektgrupper" + +#: src/gui/SSHPIX.cpp:681 +msgid "*** End " +msgstr "*** Slut " + +#: src/gui/SSHPIX.cpp:692 +msgid "Reading current firewall configuration" +msgstr "Läser nuvarande brandväggskonfiguration" + +#: src/gui/SSHPIX.cpp:717 +msgid "Generating configuration diff" +msgstr "Genererar konfigurationsskillnad" + +#: src/gui/SSHPIX.cpp:732 +#, qt-format +msgid "Fork failed for %1" +msgstr "Delning av process misslyckades för %1" + +#: src/gui/SSHPIX.cpp:738 +msgid "Not enough memory." +msgstr "Inte tillräckligt minne." + +#: src/gui/SSHPIX.cpp:743 +msgid "Too many opened file descriptors in the system." +msgstr "För många öppna filbeskrivare i systemet." + +#: src/gui/SSHPIX.cpp:769 +msgid "Empty configuration diff" +msgstr "Tom konfigurationsskillnad" + +#: src/gui/SSHSession.cpp:90 +#, qt-format +msgid "" +"You are connecting to the firewall '%1' for the first time. It has " +"provided you its identification in a form of its host public key. The " +"fingerprint of the host public key is: \"%2\" You can save the host key to " +"the local database by pressing YES, or you can cancel connection by pressing " +"NO. You should press YES only if you are sure you are really connected to " +"the firewall '%3'." +msgstr "" +"Du är ansluten till brandväggen \"%1\" för första gången. Den har " +"gett dig sin identifikation i form av en publik värdnyckel. Fingeravtrycket " +"för publika värdnyckeln är: \"%2\" Du kan spara värdnyckeln till den lokala " +"databasen genom att trycka JA eller du kan avbryta anslutningen genom att " +"tryck NEJ. Du bör endast trycka JA om du är säker att du verkligen är " +"ansluten till brandväggen \"%3\"." + +#: src/gui/SSHSession.cpp:180 +msgid "Failed to start ssh" +msgstr "Misslyckades att starta ssh" + +#: src/gui/SSHSession.cpp:498 +msgid "ERROR" +msgstr "FEL" + +#: src/gui/SSHSession.cpp:498 src/gui/.ui/filepropdialog_q.cpp:126 +#: src/gui/.ui/instoptionsdialog_q.cpp:285 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1825 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:309 +#: src/gui/.ui/simpleinteditor_q.cpp:91 src/gui/.ui/simpletexteditor_q.cpp:95 +msgid "OK" +msgstr "OK" + +#: src/gui/SSHSession.cpp:500 +#, qt-format +msgid "SSH session terminated, exit status: %1" +msgstr "SSH-sessionen avslutades, avslutsstatus: %1" + +#: src/gui/SSHUnx.cpp:236 +msgid "Done" +msgstr "Klar" + +#: src/gui/SSHUnx.cpp:248 +msgid "Error in SSH" +msgstr "Fel i SSH" + +#: src/gui/StartWizard.cpp:106 +#, qt-format +msgid "File %1 is read-only, you can not save changes to it." +msgstr "Filen %1 är skrivskyddad, du kan inte spara ändringar till den." + +#: src/gui/StartWizard.cpp:171 +#, qt-format +msgid "" +"Error opening file:\n" +"%1" +msgstr "" +"Fel vid öppning av fil:\n" +"%1" + +#: src/gui/TCPServiceDialog.cpp:176 src/gui/UDPServiceDialog.cpp:118 +msgid "Invalid range defined for the source port." +msgstr "" + +#: src/gui/TCPServiceDialog.cpp:184 src/gui/UDPServiceDialog.cpp:126 +msgid "Invalid range defined for the destination port." +msgstr "" + +#: src/gui/TimeDialog.cpp:68 src/gui/TimeDialog.cpp:69 +#: src/gui/.ui/timedialog_q.cpp:256 src/gui/.ui/timedialog_q.cpp:259 +#, fuzzy +msgid "(M/D/Y)" +msgstr "Datum (M/D/Å):" + +#: src/gui/TimeDialog.cpp:73 src/gui/TimeDialog.cpp:74 +#, fuzzy +msgid "(D/M/Y)" +msgstr "Datum (D/M/Å):" + +#: src/gui/TimeDialog.cpp:78 src/gui/TimeDialog.cpp:79 +#, fuzzy +msgid "(Y/M/D)" +msgstr "Datum (Å/M/D):" + +#: src/gui/TimeDialog.cpp:83 src/gui/TimeDialog.cpp:84 +#, fuzzy +msgid "(Y/D/M)" +msgstr "Datum (Å/D/M):" + +#: src/gui/.ui/aboutdialog_q.cpp:136 src/gui/.ui/aboutdialog_q.cpp:137 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:109 +#: src/gui/.ui/FWBMainWindow_q.cpp:439 +msgid "Firewall Builder" +msgstr "Firewall Builder" + +#: src/gui/.ui/aboutdialog_q.cpp:138 +msgid "Using libfwbuilder API v" +msgstr "Använder libfwbuilder API v" + +#: src/gui/.ui/aboutdialog_q.cpp:139 +msgid "Revision: " +msgstr "Revision: " + +#: src/gui/.ui/aboutdialog_q.cpp:140 +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:187 +#: src/gui/.ui/ipfadvanceddialog_q.cpp:547 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:351 +#: src/gui/.ui/iptadvanceddialog_q.cpp:599 +#: src/gui/.ui/linksysadvanceddialog_q.cpp:196 +#: src/gui/.ui/linux24advanceddialog_q.cpp:366 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:165 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:173 +#: src/gui/.ui/pagesetupdialog_q.cpp:108 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1000 src/gui/.ui/prefsdialog_q.cpp:364 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:183 +msgid "&OK" +msgstr "&OK" + +#: src/gui/.ui/aboutdialog_q.cpp:142 +#, fuzzy +msgid "Copyright 2002-2006 NetCitadel, LLC" +msgstr "Copyright 2002-2004 NetCitadel, LLC" + +#: src/gui/.ui/aboutdialog_q.cpp:143 +msgid "" +"

    http://www." +"fwbuilder.org

    " +msgstr "" +"

    http://www." +"fwbuilder.org

    " + +#: src/gui/.ui/actionsdialog_q.cpp:451 +msgid "Actions Dialog" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:452 +msgid "fw/rule num/action" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:453 +msgid "Tag string:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:454 +msgid "" +"If rule action is 'Reject', this option defines firewall's reaction to the " +"packet matching the rule" +msgstr "" +"Om regelåtgärden är \"Vägra\" kommer denna inställning definiera brandväggen " +"reaktion till paket som matchar denna regel" + +#: src/gui/.ui/actionsdialog_q.cpp:455 +msgid "This action has no parameters." +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:456 +msgid "Tag value:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:457 +msgid "Mark connections created by packets that match this rule" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:458 +msgid "Requires CONNMARK target" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:459 +msgid "" +"Note: this action translates into MARK target for iptables. Normally this " +"target is non-terminating, that is, other rules with Classify or Tag actions " +"belog this one will process the same packet. However, Firewall Builder can " +"emulate terminating behavior for this action. Option in the \"compiler\" tab " +"of the firewall object properties dialog activates emulation." +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:460 +msgid "Emulation is currently ON, the rule will be terminating" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:461 +msgid "" +"Rule name for accounting. (white spaces and special characters are not " +"allowed)" +msgstr "Regelnamn för redovisning. (mellanslag och specialtecken tillåts inte)" + +#: src/gui/.ui/actionsdialog_q.cpp:462 +msgid "Packet classification can be implemented in different ways:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:464 +msgid "use dummynet(4) 'pipe'" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:465 +msgid "use dummynet(4) 'queue'" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:466 +msgid "Pipe or queue number:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:467 +#, fuzzy +msgid "Custom string:" +msgstr "använd textsträng" + +#: src/gui/.ui/actionsdialog_q.cpp:468 +msgid "Classify string:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:469 +msgid "" +"Note: CLASSIFY target in iptables is non-terminating, that is other rules " +"with Classify or Mark target below this will process the same packet. " +"However, Firewall Builder can emulate terminating behavior for this action. " +"Emulation is activated by an option in the \"compiler\" tab of the firewall " +"object properties dialog." +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:471 +#, fuzzy +msgid "Divert socket port number:" +msgstr "Protokollnummer:" + +#: src/gui/.ui/actionsdialog_q.cpp:472 +msgid "User-defined chain name:" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:473 +msgid "" +"In addition to 'filter', create branching rule in 'mangle' table as well" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:474 +#, fuzzy +msgid "Anchor name:" +msgstr "Åtgärd" + +#: src/gui/.ui/actionsdialog_q.cpp:479 src/gui/.ui/actionsdialog_q.cpp:486 +#, fuzzy +msgid "interface" +msgstr "Nätverksgränssnitt" + +#: src/gui/.ui/actionsdialog_q.cpp:480 src/gui/.ui/actionsdialog_q.cpp:487 +msgid "next hop" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:481 +msgid "Fastroute" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:488 +#, fuzzy +msgid "Change inbound interface to" +msgstr "Nätverksgränssnitt för administration" + +#: src/gui/.ui/actionsdialog_q.cpp:489 +msgid "Route through gateway" +msgstr "" + +#: src/gui/.ui/actionsdialog_q.cpp:490 +#, fuzzy +msgid "Change outbound interface to" +msgstr "Nätverksgränssnitt för administration" + +#: src/gui/.ui/actionsdialog_q.cpp:491 +#, fuzzy +msgid "Continue packet inspection" +msgstr "&Fortsätt på toppen" + +#: src/gui/.ui/actionsdialog_q.cpp:492 +msgid "Make a copy" +msgstr "" + +#: src/gui/.ui/addressrangedialog_q.cpp:162 +#: src/gui/.ui/addressrangedialog_q.cpp:163 +msgid "Address Range" +msgstr "Adressrymd" + +#: src/gui/.ui/addressrangedialog_q.cpp:164 +#: src/gui/.ui/addresstabledialog_q.cpp:198 +#: src/gui/.ui/customservicedialog_q.cpp:179 +#: src/gui/.ui/dnsnamedialog_q.cpp:173 src/gui/.ui/firewalldialog_q.cpp:215 +#: src/gui/.ui/groupobjectdialog_q.cpp:188 src/gui/.ui/hostdialog_q.cpp:149 +#: src/gui/.ui/icmpservicedialog_q.cpp:169 +#: src/gui/.ui/interfacedialog_q.cpp:233 src/gui/.ui/ipservicedialog_q.cpp:210 +#: src/gui/.ui/ipv4dialog_q.cpp:171 src/gui/.ui/librarydialog_q.cpp:141 +#: src/gui/.ui/networkdialog_q.cpp:165 src/gui/.ui/physaddressdialog_q.cpp:154 +#: src/gui/.ui/tagservicedialog_q.cpp:149 +#: src/gui/.ui/tcpservicedialog_q.cpp:372 src/gui/.ui/timedialog_q.cpp:271 +#: src/gui/.ui/udpservicedialog_q.cpp:223 +msgid "Comment:" +msgstr "Kommentar:" + +#: src/gui/.ui/addressrangedialog_q.cpp:165 +msgid "Range End:" +msgstr "Rymd slut:" + +#: src/gui/.ui/addressrangedialog_q.cpp:166 +msgid "Range Start:" +msgstr "Rymd start:" + +#: src/gui/.ui/addressrangedialog_q.cpp:167 +#: src/gui/.ui/addresstabledialog_q.cpp:200 +#: src/gui/.ui/customservicedialog_q.cpp:180 +#: src/gui/.ui/dnsnamedialog_q.cpp:178 src/gui/.ui/firewalldialog_q.cpp:216 +#: src/gui/.ui/groupobjectdialog_q.cpp:193 src/gui/.ui/hostdialog_q.cpp:147 +#: src/gui/.ui/icmpservicedialog_q.cpp:170 +#: src/gui/.ui/interfacedialog_q.cpp:234 src/gui/.ui/ipservicedialog_q.cpp:219 +#: src/gui/.ui/ipv4dialog_q.cpp:172 src/gui/.ui/librarydialog_q.cpp:139 +#: src/gui/.ui/networkdialog_q.cpp:166 src/gui/.ui/newfirewalldialog_q.cpp:516 +#: src/gui/.ui/newhostdialog_q.cpp:392 src/gui/.ui/physaddressdialog_q.cpp:151 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:820 +#: src/gui/.ui/tagservicedialog_q.cpp:151 +#: src/gui/.ui/tcpservicedialog_q.cpp:398 src/gui/.ui/timedialog_q.cpp:272 +#: src/gui/.ui/udpservicedialog_q.cpp:231 +msgid "Name:" +msgstr "Namn:" + +#: src/gui/.ui/addressrangedialog_q.cpp:168 +#: src/gui/.ui/addresstabledialog_q.cpp:199 +#: src/gui/.ui/customservicedialog_q.cpp:181 +#: src/gui/.ui/dnsnamedialog_q.cpp:177 src/gui/.ui/firewalldialog_q.cpp:217 +#: src/gui/.ui/groupobjectdialog_q.cpp:192 src/gui/.ui/hostdialog_q.cpp:148 +#: src/gui/.ui/icmpservicedialog_q.cpp:171 +#: src/gui/.ui/interfacedialog_q.cpp:236 src/gui/.ui/ipservicedialog_q.cpp:218 +#: src/gui/.ui/ipv4dialog_q.cpp:173 src/gui/.ui/networkdialog_q.cpp:167 +#: src/gui/.ui/newgroupdialog_q.cpp:98 src/gui/.ui/physaddressdialog_q.cpp:152 +#: src/gui/.ui/tagservicedialog_q.cpp:150 +#: src/gui/.ui/tcpservicedialog_q.cpp:399 src/gui/.ui/timedialog_q.cpp:273 +#: src/gui/.ui/udpservicedialog_q.cpp:230 +msgid "Library:" +msgstr "Bibliotek:" + +#: src/gui/.ui/addresstabledialog_q.cpp:196 +#: src/gui/.ui/addresstabledialog_q.cpp:197 +#, fuzzy +msgid "Address Table" +msgstr "Adressrymd" + +#: src/gui/.ui/addresstabledialog_q.cpp:202 +#: src/gui/.ui/dnsnamedialog_q.cpp:175 +#, fuzzy +msgid "Compile Time" +msgstr "Bygg" + +#: src/gui/.ui/addresstabledialog_q.cpp:203 +#: src/gui/.ui/dnsnamedialog_q.cpp:176 +#, fuzzy +msgid "Run Time" +msgstr "Tid" + +#: src/gui/.ui/addresstabledialog_q.cpp:204 +#, fuzzy +msgid "File name:" +msgstr "Filnamn: %1" + +#: src/gui/.ui/addresstabledialog_q.cpp:205 +#: src/gui/.ui/addresstabledialog_q.cpp:206 +#, fuzzy +msgid "Browse" +msgstr "Bläddra..." + +#: src/gui/.ui/addresstabledialog_q.cpp:207 +#, fuzzy +msgid "Preview" +msgstr "RCSFilFörhandsvisning" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:87 +msgid "Enter New Position For The Rule" +msgstr "Ange ny position för regeln" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:88 +msgid "Enter new position for selected rules:" +msgstr "Ange ny position för valda regler:" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:89 +msgid "&Move" +msgstr "&Flytta" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:90 +msgid "Alt+M" +msgstr "Alt+M" + +#: src/gui/.ui/askrulenumberdialog_q.cpp:92 src/gui/.ui/debugdialog_q.cpp:76 +#: src/gui/.ui/execdialog_q.cpp:96 src/gui/.ui/pagesetupdialog_q.cpp:111 +msgid "Alt+C" +msgstr "Alt+C" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:108 src/gui/.ui/prefsdialog_q.cpp:401 +msgid "Orange" +msgstr "Orange" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:110 src/gui/.ui/prefsdialog_q.cpp:408 +msgid "Green" +msgstr "Grön" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:112 src/gui/.ui/prefsdialog_q.cpp:406 +msgid "Purple" +msgstr "Lila" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:114 src/gui/.ui/prefsdialog_q.cpp:398 +msgid "Blue" +msgstr "Blå" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:116 src/gui/.ui/prefsdialog_q.cpp:399 +msgid "Yellow" +msgstr "Gul" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:118 src/gui/.ui/prefsdialog_q.cpp:409 +msgid "Gray" +msgstr "Grå" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:120 src/gui/.ui/prefsdialog_q.cpp:397 +msgid "Red" +msgstr "Röd" + +#: src/gui/.ui/colorlabelmenuitem_q.cpp:122 +msgid "No color" +msgstr "Ingen färg" + +#: src/gui/.ui/commenteditorpanel_q.cpp:95 +#, fuzzy +msgid "Comment Editor Panel" +msgstr "Kommentarsredigerare" + +#: src/gui/.ui/commenteditorpanel_q.cpp:96 +#: src/gui/.ui/natruleoptionsdialog_q.cpp:155 +#: src/gui/.ui/routingruleoptionsdialog_q.cpp:119 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:784 +msgid "fw/rule num" +msgstr "" + +#: src/gui/.ui/commenteditorpanel_q.cpp:98 +#: src/gui/.ui/simpletexteditor_q.cpp:97 +msgid "Import from file ..." +msgstr "Importera från fil ..." + +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:67 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:114 +#, fuzzy +msgid "Parent" +msgstr "Skriv ut" + +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:68 +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:115 +#: src/gui/.ui/findwhereusedwidget_q.cpp:63 +#: src/gui/.ui/findwhereusedwidget_q.cpp:120 +#, fuzzy +msgid "Details" +msgstr "ils" + +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:112 +msgid "" +"Groups and firewall policy rules shown in the list below reference objects " +"you are about to delete. If you delete objects, they will be removed from " +"these groups and rules." +msgstr "" + +#: src/gui/.ui/confirmdeleteobjectdialog_q.cpp:116 +msgid "" +"Deleted objects are moved to the \"Deleted objects\" library. You can " +"recover them later by moving back to the user's library. However if you " +"delete an object already located in the \"Deleted objects\" library, it is " +"destroyed and can not be restored." +msgstr "" + +#: src/gui/.ui/customservicedialog_q.cpp:182 +msgid "" +"Custom service object has separate code string for each supported firewall " +"platform." +msgstr "" +"Egendefinierat tjänsteobjekt har separata kodsträngar för varje " +"brandväggsplattform som stöds." + +#: src/gui/.ui/customservicedialog_q.cpp:183 +#: src/gui/.ui/discoverydruid_q.cpp:940 src/gui/.ui/firewalldialog_q.cpp:218 +msgid "Platform:" +msgstr "Plattform:" + +#: src/gui/.ui/customservicedialog_q.cpp:184 +#: src/gui/.ui/tagservicedialog_q.cpp:152 +msgid "Code:" +msgstr "Kod:" + +#: src/gui/.ui/debugdialog_q.cpp:74 +msgid "Debugging Info" +msgstr "Debuginfo" + +#: src/gui/.ui/debugdialog_q.cpp:75 src/gui/.ui/execdialog_q.cpp:95 +#: src/gui/.ui/FWBMainWindow_q.cpp:498 +msgid "&Close" +msgstr "&Stäng" + +#: src/gui/.ui/discoverydruid_q.cpp:750 src/gui/.ui/discoverydruid_q.cpp:1025 +#, fuzzy +msgid "Interfaces" +msgstr "Nätverksgränssnitt" + +#: src/gui/.ui/discoverydruid_q.cpp:752 src/gui/.ui/discoverydruid_q.cpp:1026 +#: src/gui/.ui/filterdialog_q.cpp:91 src/gui/.ui/filterdialog_q.cpp:164 +#, fuzzy +msgid "Type" +msgstr "typ: " + +#: src/gui/.ui/discoverydruid_q.cpp:921 src/gui/.ui/FWBMainWindow_q.cpp:565 +#: src/gui/.ui/FWBMainWindow_q.cpp:566 +msgid "Discovery Druid" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:922 +msgid "" +"Choose discovery method used to collect information about network objects " +"from the list below and click 'Next' to continue." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:923 +msgid "Discovery method:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:924 +msgid "Read file in hosts format" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:925 src/gui/.ui/discoverydruid_q.cpp:948 +msgid "Import DNS zone" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:926 +msgid "Perform network discovery using SNMP" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:927 src/gui/.ui/discoverydruid_q.cpp:942 +#, fuzzy +msgid "Import configuration of a firewall or a router" +msgstr "Lagra skillnader i konfigurationen i en fil" + +#: src/gui/.ui/discoverydruid_q.cpp:928 +msgid "Discovery Method" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:929 +msgid "Enter full path and file name below or click \"Browse\" to find it:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:930 +msgid "File in hosts format" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:931 +#, fuzzy +msgid "Browse ..." +msgstr "Bläddra..." + +#: src/gui/.ui/discoverydruid_q.cpp:932 +msgid "Reading file in hosts format" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:933 +msgid "" +"All objects created during import will be placed in the library currently " +"opened in the tree." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:934 +msgid "" +"Policy import tries to parse given configuration file and preserve its logic " +"as close as possible. However, very often target firewall configuration " +"allows for more commands, options and their combinations than importer can " +"understand. Rules that importer could not parse exactly are colored red in " +"the rule sets it creates. Always inspect firewall policy created by the " +"importer and compare it with the original. Manual changes and corrections " +"may be required. Comments in the rules that could not be parsed show " +"fragments of the original configuration parser did not understand." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:935 +#, fuzzy +msgid "Import from file: " +msgstr "Importera från fil ..." + +#: src/gui/.ui/discoverydruid_q.cpp:936 src/gui/.ui/prefsdialog_q.cpp:380 +#: src/gui/.ui/prefsdialog_q.cpp:385 +msgid "Browse..." +msgstr "Bläddra..." + +#: src/gui/.ui/discoverydruid_q.cpp:938 +msgid "Cisco IOS" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:939 +#, fuzzy +msgid "iptables" +msgstr "iptables:" + +#: src/gui/.ui/discoverydruid_q.cpp:941 +#: src/gui/.ui/printingprogressdialog_q.cpp:75 +#, fuzzy +msgid "textLabel1" +msgstr "Etikett" + +#: src/gui/.ui/discoverydruid_q.cpp:943 +msgid "" +"This discovery method creates objects for all 'A' records found in DNS " +"domain. You will later have a chance to accept only those objects you wish " +"and ignore others.\n" +"Please enter the domain name below:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:945 +#, fuzzy +msgid "Domain name" +msgstr "Åtgärd" + +#: src/gui/.ui/discoverydruid_q.cpp:946 +msgid "" +"Objects created using this method may have long or short names. long name " +"consists of the host name and full domain name (this is called Fully " +"Qualified Domain Name). Short name consists of only host name. Check in " +"the box below if you wish to use long name, then click next to continue:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:947 +#, fuzzy +msgid "Use long names" +msgstr "Användarnamn:" + +#: src/gui/.ui/discoverydruid_q.cpp:949 +msgid "" +"DNS zone information has to be transferred from the name server " +"authoritative for the domain. Pick the name server:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:950 src/gui/.ui/discoverydruid_q.cpp:957 +#, fuzzy +msgid "Name server" +msgstr "SNMP-servrar" + +#: src/gui/.ui/discoverydruid_q.cpp:951 +msgid "choose name server from the list below" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:952 +msgid "server name or its IP address here if you wish to use different one:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:954 +#, fuzzy +msgid "DNS Query options" +msgstr "Regelinställningar" + +#: src/gui/.ui/discoverydruid_q.cpp:955 +#, fuzzy +msgid "Timeout (sec)" +msgstr "TCP FIN timeout (sek)" + +#: src/gui/.ui/discoverydruid_q.cpp:956 +#, fuzzy +msgid "Retries" +msgstr "Tjänst" + +#: src/gui/.ui/discoverydruid_q.cpp:958 +msgid "" +"This discovery method scans networks looking for hosts or gateways " +"responding to SNMP queries. It pulls host's ARP table and uses all the " +"entries found in it to create objects. Scan starts from the host called " +"\"seed\". Enter \"seed\" host name or address below:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:959 +msgid "'Seed' host" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:961 +#, fuzzy +msgid "Enter a valid host name or address." +msgstr "Syslogvärd (namn eller IP-adress):" + +#: src/gui/.ui/discoverydruid_q.cpp:962 +msgid "" +"The scanner process can be confined to a certain network, so it won't " +"discover hosts on adjacent networks. If you leave these fields blank, " +"scanner will visit all networks it can find:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:963 +msgid "Confine scan to this network:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:964 src/gui/.ui/ipv4dialog_q.cpp:175 +#: src/gui/.ui/networkdialog_q.cpp:168 src/gui/.ui/newfirewalldialog_q.cpp:518 +#: src/gui/.ui/newhostdialog_q.cpp:406 +msgid "Netmask:" +msgstr "Nätmask:" + +#: src/gui/.ui/discoverydruid_q.cpp:965 src/gui/.ui/ipv4dialog_q.cpp:174 +#: src/gui/.ui/networkdialog_q.cpp:169 src/gui/.ui/newfirewalldialog_q.cpp:517 +#: src/gui/.ui/newhostdialog_q.cpp:394 +msgid "Address:" +msgstr "Adress:" + +#: src/gui/.ui/discoverydruid_q.cpp:967 +#, fuzzy +msgid "Network discovery using SNMP" +msgstr "Identifiera nätverksgränssnitt via SNMP" + +#: src/gui/.ui/discoverydruid_q.cpp:968 +msgid "" +"The scanner process can repeat its algorithm recursively using each new host " +"it finds as a new \"seed\". This allows it to find as many objects on your " +"network as possible. On the other hand, it takes more time and may find some " +"objects you do not really need. You can turn recursive scanning on below:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:969 +msgid "Run network scan recursively" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:970 +msgid "" +"The scanner process can find nodes beyond the boundaries of your network by " +"following point-to-point links connecting it to the Internet or other parts " +"of WAN." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:971 +msgid "Follow point-to-point links" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:972 +msgid "" +"The scanner process can distinguish virtual IP addresses created on hosts as " +"static \"published\" ARP entries or as secondary addresses on interfaces." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:973 +#, fuzzy +msgid "Include virtual addresses" +msgstr "Lägg till virtuella adresser för NAT" + +#: src/gui/.ui/discoverydruid_q.cpp:974 +msgid "" +"Analysis of ARP table yields IP addresses for hosts on your network. In " +"order to determine their names, scanner can run reverse name lookup queries " +"using your name servers (DNS):" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:975 +msgid "Run reverse name lookup DNS queries to determine host names" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:976 +#, fuzzy +msgid "Network scan options" +msgstr "Nätverkszon:" + +#: src/gui/.ui/discoverydruid_q.cpp:977 +msgid "" +"Enter parameters for SNMP and DNS reverse lookup queries below. (If unsure, " +"just leave default values):" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:978 +#, fuzzy +msgid "SNMP query parameters:" +msgstr "Fragment" + +#: src/gui/.ui/discoverydruid_q.cpp:979 +#: src/gui/.ui/newfirewalldialog_q.cpp:497 src/gui/.ui/newhostdialog_q.cpp:386 +msgid "SNMP 'read' community string:" +msgstr "SNMP-communitysträng för \"read\":" + +#: src/gui/.ui/discoverydruid_q.cpp:980 src/gui/.ui/discoverydruid_q.cpp:984 +msgid "number of retries:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:981 +#, fuzzy +msgid "timeout (sec):" +msgstr "TCP FIN timeout (sek)" + +#: src/gui/.ui/discoverydruid_q.cpp:982 +msgid "public" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:983 +#, fuzzy +msgid "DNS parameters:" +msgstr "Fragment" + +#: src/gui/.ui/discoverydruid_q.cpp:985 +#, fuzzy +msgid "timeout (sec) :" +msgstr "TCP FIN timeout (sek)" + +#: src/gui/.ui/discoverydruid_q.cpp:986 +msgid "Number of threads:" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:988 +msgid "SNMP and DNS reverse lookup queries parameters" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:990 +msgid "Process name" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:993 +#, fuzzy +msgid "Save scan log to file" +msgstr "Sparar data till fil..." + +#: src/gui/.ui/discoverydruid_q.cpp:994 +#, fuzzy +msgid "Process log:" +msgstr "Förlopp:" + +#: src/gui/.ui/discoverydruid_q.cpp:995 +msgid "Discovery is in progress" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:996 +msgid "" +"These are the networks found by the scanner process. Choose the ones you " +"wish to use from the list below, then click 'Next':" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:997 src/gui/.ui/discoverydruid_q.cpp:1003 +#: src/gui/.ui/discoverydruid_q.cpp:1008 src/gui/.ui/discoverydruid_q.cpp:1013 +#: src/gui/.ui/discoverydruid_q.cpp:1019 +msgid "Select All" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:998 src/gui/.ui/discoverydruid_q.cpp:1009 +#: src/gui/.ui/discoverydruid_q.cpp:1018 +#, fuzzy +msgid "Filter ..." +msgstr "Duplicera ..." + +#: src/gui/.ui/discoverydruid_q.cpp:999 src/gui/.ui/discoverydruid_q.cpp:1004 +#: src/gui/.ui/discoverydruid_q.cpp:1010 src/gui/.ui/discoverydruid_q.cpp:1014 +#: src/gui/.ui/discoverydruid_q.cpp:1016 +msgid "Unselect All" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1000 src/gui/.ui/discoverydruid_q.cpp:1007 +#: src/gui/.ui/discoverydruid_q.cpp:1017 +#, fuzzy +msgid "Remove Filter" +msgstr "Ta bort regel" + +#: src/gui/.ui/discoverydruid_q.cpp:1001 src/gui/.ui/discoverydruid_q.cpp:1011 +msgid "->" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1002 src/gui/.ui/discoverydruid_q.cpp:1012 +msgid "<-" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1005 +#, fuzzy +msgid "Networks" +msgstr "Nätverk" + +#: src/gui/.ui/discoverydruid_q.cpp:1006 +msgid "Choose objects you wish to use, then click 'Next':" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1020 +#, fuzzy +msgid "Change type of selected objects:" +msgstr "Visa borttagna objekt" + +#: src/gui/.ui/discoverydruid_q.cpp:1027 +msgid "" +"Here you can change type of the objects to be created for each address " +"discovered by the scanner. By default, an \"Address\" object is created for " +"the host with just one interface with single IP address and \"Host\" object " +"is created for the host with multiple interfaces, however you can change " +"their types on this page." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1028 +msgid "Adjust Object types" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1029 +msgid "Select target library" +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1030 +#, fuzzy +msgid "Target library" +msgstr "till bibliotek %1" + +#: src/gui/.ui/discoverydruid_q.cpp:1031 +msgid "Adding new objects to library ..." +msgstr "" + +#: src/gui/.ui/discoverydruid_q.cpp:1032 +#, fuzzy +msgid "Creatnig objects" +msgstr "Skapa nytt objekt" + +#: src/gui/.ui/dnsnamedialog_q.cpp:171 src/gui/.ui/dnsnamedialog_q.cpp:172 +#, fuzzy +msgid "DNS Name" +msgstr "Namn" + +#: src/gui/.ui/dnsnamedialog_q.cpp:179 +msgid "DNS Record:" +msgstr "" + +#: src/gui/.ui/execdialog_q.cpp:92 +msgid "Executing external command" +msgstr "Startar externt kommando" + +#: src/gui/.ui/execdialog_q.cpp:93 src/gui/.ui/instdialog_q.cpp:287 +#, fuzzy +msgid "Save log to file" +msgstr "Sparar data till fil..." + +#: src/gui/.ui/filepropdialog_q.cpp:114 +msgid "File Properties" +msgstr "Filegenskaper" + +#: src/gui/.ui/filepropdialog_q.cpp:115 +msgid "Location:" +msgstr "Plats:" + +#: src/gui/.ui/filepropdialog_q.cpp:116 +msgid "RO" +msgstr "RO" + +#: src/gui/.ui/filepropdialog_q.cpp:117 +msgid "Revision Control:" +msgstr "Revisionskontroll:" + +#: src/gui/.ui/filepropdialog_q.cpp:118 +msgid "Time of last modification:" +msgstr "Tid för senaste modifiering:" + +#: src/gui/.ui/filepropdialog_q.cpp:119 +msgid "Revision:" +msgstr "Revision:" + +#: src/gui/.ui/filepropdialog_q.cpp:120 +msgid "Locked by user:" +msgstr "Låst av användare:" + +#: src/gui/.ui/filepropdialog_q.cpp:121 +msgid "location" +msgstr "plats" + +#: src/gui/.ui/filepropdialog_q.cpp:122 +msgid "lastModified" +msgstr "senastModifierad" + +#: src/gui/.ui/filepropdialog_q.cpp:123 +msgid "rev" +msgstr "rev" + +#: src/gui/.ui/filepropdialog_q.cpp:124 +msgid "lockedBy" +msgstr "låstAv" + +#: src/gui/.ui/filepropdialog_q.cpp:125 +msgid "Revision history:" +msgstr "Revisionshistorik:" + +#: src/gui/.ui/filepropdialog_q.cpp:127 src/gui/.ui/FWBMainWindow_q.cpp:458 +msgid "Print" +msgstr "Skriv ut" + +#: src/gui/.ui/filterdialog_q.cpp:89 src/gui/.ui/filterdialog_q.cpp:163 +msgid "Target" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:93 src/gui/.ui/filterdialog_q.cpp:165 +#, fuzzy +msgid "Pattern" +msgstr "Klistra in" + +#: src/gui/.ui/filterdialog_q.cpp:150 +#, fuzzy +msgid "Filter" +msgstr "&Fil" + +#: src/gui/.ui/filterdialog_q.cpp:151 src/gui/.ui/FWBMainWindow_q.cpp:452 +#: src/gui/.ui/FWBMainWindow_q.cpp:495 src/gui/.ui/FWBMainWindow_q.cpp:496 +msgid "Save" +msgstr "Spara" + +#: src/gui/.ui/filterdialog_q.cpp:152 src/gui/.ui/prefsdialog_q.cpp:213 +#: src/gui/.ui/prefsdialog_q.cpp:392 +msgid "Load" +msgstr "Läs in" + +#: src/gui/.ui/filterdialog_q.cpp:153 src/gui/.ui/libexport_q.cpp:112 +msgid "Ok" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:155 +#, fuzzy +msgid "Match" +msgstr "Sökväg" + +#: src/gui/.ui/filterdialog_q.cpp:157 +#, fuzzy +msgid "all" +msgstr "Installera" + +#: src/gui/.ui/filterdialog_q.cpp:158 src/gui/.ui/icmpservicedialog_q.cpp:173 +#: src/gui/.ui/icmpservicedialog_q.cpp:175 +msgid "any" +msgstr "alla" + +#: src/gui/.ui/filterdialog_q.cpp:159 +msgid "of the following:" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:161 +msgid "+" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:162 +msgid "Add a new pattern" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:166 +msgid "Case sensitive" +msgstr "" + +#: src/gui/.ui/filterdialog_q.cpp:167 +#, fuzzy +msgid "-" +msgstr "--" + +#: src/gui/.ui/filterdialog_q.cpp:168 +msgid "Remove a pattern" +msgstr "" + +#: src/gui/.ui/finddialog_q.cpp:127 src/gui/.ui/FWBMainWindow_q.cpp:513 +msgid "Find Object" +msgstr "Sök objekt" + +#: src/gui/.ui/finddialog_q.cpp:128 +msgid "Text to be found in object names:" +msgstr "Text att leta efter i objektnamn:" + +#: src/gui/.ui/finddialog_q.cpp:129 +msgid "Search in policy rules" +msgstr "Sök i policyregler" + +#: src/gui/.ui/finddialog_q.cpp:130 +msgid "Search in the tree" +msgstr "Sök i trädet" + +#: src/gui/.ui/finddialog_q.cpp:132 +msgid "Matching attribute:" +msgstr "Matchande attribut:" + +#: src/gui/.ui/finddialog_q.cpp:135 src/gui/.ui/findobjectwidget_q.cpp:205 +msgid "TCP/UDP port" +msgstr "TCP/UDP-port" + +#: src/gui/.ui/finddialog_q.cpp:136 src/gui/.ui/findobjectwidget_q.cpp:206 +msgid "Protocol number" +msgstr "Protokollnummer" + +#: src/gui/.ui/finddialog_q.cpp:137 src/gui/.ui/findobjectwidget_q.cpp:207 +msgid "ICMP type" +msgstr "ICMP-typ" + +#: src/gui/.ui/finddialog_q.cpp:138 src/gui/.ui/findobjectwidget_q.cpp:208 +msgid "Search for substring using regular expressions" +msgstr "Sök efter understrängar med reguljära uttryck" + +#: src/gui/.ui/findobjectwidget_q.cpp:187 +#: src/gui/.ui/findwhereusedwidget_q.cpp:116 +#: src/gui/.ui/fwobjectdroparea_q.cpp:49 +#: src/gui/.ui/tagservicedialog_q.cpp:147 +msgid "Form1" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:188 +#, fuzzy +msgid " Replace object " +msgstr "Ersätt med detta objekt" + +#: src/gui/.ui/findobjectwidget_q.cpp:189 +msgid "Replace && Find" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:192 +msgid "Replace all" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:193 +#, fuzzy +msgid "Replace" +msgstr "Mallar" + +#: src/gui/.ui/findobjectwidget_q.cpp:194 +msgid "Scope for search and replace :" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:196 +#, fuzzy +msgid "Tree only" +msgstr "( skrivskyddad )" + +#: src/gui/.ui/findobjectwidget_q.cpp:197 +msgid "Tree and policy of all firewalls" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:198 +msgid "Policy of all firewalls" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:199 +msgid "policy of the opened firewall" +msgstr "" + +#: src/gui/.ui/findobjectwidget_q.cpp:200 +#: src/gui/.ui/findwhereusedwidget_q.cpp:122 +#: src/gui/.ui/FWBMainWindow_q.cpp:446 src/gui/.ui/FWBMainWindow_q.cpp:497 +#: src/gui/.ui/simpletextview_q.cpp:94 +msgid "Close" +msgstr "Stäng" + +#: src/gui/.ui/findobjectwidget_q.cpp:201 +#, fuzzy +msgid " Find object" +msgstr "Sök objekt" + +#: src/gui/.ui/findwhereusedwidget_q.cpp:62 +#: src/gui/.ui/findwhereusedwidget_q.cpp:119 +#, fuzzy +msgid "Parent Object" +msgstr "Nuvarande objekt " + +#: src/gui/.ui/findwhereusedwidget_q.cpp:117 +#, fuzzy +msgid "Object:" +msgstr "Objekt" + +#: src/gui/.ui/findwhereusedwidget_q.cpp:118 +msgid "Object is found in :" +msgstr "" + +#: src/gui/.ui/firewalldialog_q.cpp:211 +msgid "Host OS Settings ..." +msgstr "Inställningar för Värd-OS ..." + +#: src/gui/.ui/firewalldialog_q.cpp:212 +#, fuzzy +msgid "Inactive firewall" +msgstr "Ny brandvägg" + +#: src/gui/.ui/firewalldialog_q.cpp:213 +msgid "Skip this firewall for batch compile and install operations" +msgstr "" + +#: src/gui/.ui/firewalldialog_q.cpp:214 +msgid "Firewall Settings ..." +msgstr "Brandväggsinställningar ..." + +#: src/gui/.ui/firewalldialog_q.cpp:219 +msgid "Version:" +msgstr "Version:" + +#: src/gui/.ui/firewalldialog_q.cpp:220 +msgid "Host OS:" +msgstr "Värd-OS:" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:186 +msgid "FreeBSD: advanced settings" +msgstr "FreeBSD: avancerade inställningar" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:191 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:183 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:177 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:211 +msgid "Forward source routed packets" +msgstr "" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:192 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:169 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:197 +msgid "Generate ICMP redirects" +msgstr "Generera ICMP-omdirigeringar" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:193 +#: src/gui/.ui/linux24advanceddialog_q.cpp:406 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:170 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:187 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:202 +msgid "Packet forwarding" +msgstr "" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:207 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:187 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:201 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:215 +msgid "" +"Specify directory path and a file name for the following utilities on the OS " +"your firewall machine is running. Leave these empty if you want to use " +"default values." +msgstr "" +"Ange katalogsökväg och ett filnamn för följande verktyg för operativsystemet " +"som din brandväggsmaskin kör. Lämna detta blankt om du vill använda " +"standardvärden." + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:208 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:214 +msgid "ipnat:" +msgstr "ipnat:" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:209 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:186 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:200 +msgid "sysctl:" +msgstr "sysctl:" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:210 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:213 +msgid "ipf:" +msgstr "ipf:" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:211 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:185 +msgid "ipfw:" +msgstr "ipfw:" + +#: src/gui/.ui/freebsdadvanceddialog_q.cpp:212 +#: src/gui/.ui/linksysadvanceddialog_q.cpp:206 +#: src/gui/.ui/linux24advanceddialog_q.cpp:457 +#: src/gui/.ui/macosxadvanceddialog_q.cpp:188 +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:202 +#: src/gui/.ui/solarisadvanceddialog_q.cpp:216 +msgid "Path" +msgstr "Sökväg" + +#: src/gui/.ui/FWBMainWindow_q.cpp:441 +msgid "" +"Click here to change amount of information shown about object selected in " +"the tree" +msgstr "" +"Klicka här för att ändra mängden information som visas om valt objekt i " +"trädet" + +#: src/gui/.ui/FWBMainWindow_q.cpp:442 +msgid "Firewall Name" +msgstr "Brandväggsnamn" + +#: src/gui/.ui/FWBMainWindow_q.cpp:443 src/gui/.ui/instdialog_q.cpp:281 +msgid "Firewalls:" +msgstr "Brandväggar:" + +#: src/gui/.ui/FWBMainWindow_q.cpp:444 +msgid "Tab 1" +msgstr "Tab 1" + +#: src/gui/.ui/FWBMainWindow_q.cpp:445 +msgid "Apply" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:447 +msgid "New Object File" +msgstr "Ny objektfil" + +#: src/gui/.ui/FWBMainWindow_q.cpp:448 +msgid "&New Object File" +msgstr "&Ny objektfil" + +#: src/gui/.ui/FWBMainWindow_q.cpp:450 +msgid "&Open..." +msgstr "Ö&ppna..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:451 +msgid "Ctrl+O" +msgstr "Ctrl+P" + +#: src/gui/.ui/FWBMainWindow_q.cpp:454 +msgid "Ctrl+S" +msgstr "Ctrl+S" + +#: src/gui/.ui/FWBMainWindow_q.cpp:455 +msgid "Save As" +msgstr "Spara som" + +#: src/gui/.ui/FWBMainWindow_q.cpp:456 +msgid "Save &As..." +msgstr "Spar&a som..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:459 +msgid "&Print..." +msgstr "Skriv &ut..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:460 +msgid "Ctrl+P" +msgstr "Ctrl+U" + +#: src/gui/.ui/FWBMainWindow_q.cpp:461 +msgid "Exit" +msgstr "Avsluta" + +#: src/gui/.ui/FWBMainWindow_q.cpp:462 +msgid "E&xit" +msgstr "A&vsluta" + +#: src/gui/.ui/FWBMainWindow_q.cpp:464 +msgid "Undo" +msgstr "Ångra" + +#: src/gui/.ui/FWBMainWindow_q.cpp:465 +msgid "&Undo" +msgstr "&Ångra" + +#: src/gui/.ui/FWBMainWindow_q.cpp:466 +msgid "Ctrl+Z" +msgstr "Ctrl+Z" + +#: src/gui/.ui/FWBMainWindow_q.cpp:467 +msgid "Redo" +msgstr "Gör om" + +#: src/gui/.ui/FWBMainWindow_q.cpp:468 +msgid "&Redo" +msgstr "&Gör om" + +#: src/gui/.ui/FWBMainWindow_q.cpp:469 +msgid "Ctrl+Y" +msgstr "Ctrl+Y" + +#: src/gui/.ui/FWBMainWindow_q.cpp:471 +msgid "&Cut" +msgstr "&Klipp ut" + +#: src/gui/.ui/FWBMainWindow_q.cpp:472 +msgid "Ctrl+X" +msgstr "Ctrl+V" + +#: src/gui/.ui/FWBMainWindow_q.cpp:474 +msgid "C&opy" +msgstr "K&opiera" + +#: src/gui/.ui/FWBMainWindow_q.cpp:475 +msgid "Ctrl+C" +msgstr "Ctrl+C" + +#: src/gui/.ui/FWBMainWindow_q.cpp:477 +msgid "&Paste" +msgstr "Klist&ra in" + +#: src/gui/.ui/FWBMainWindow_q.cpp:478 +msgid "Ctrl+V" +msgstr "Ctrl+V" + +#: src/gui/.ui/FWBMainWindow_q.cpp:481 src/gui/.ui/FWBMainWindow_q.cpp:517 +msgid "Ctrl+F" +msgstr "Ctrl+F" + +#: src/gui/.ui/FWBMainWindow_q.cpp:482 +msgid "Contents" +msgstr "Innehåll" + +#: src/gui/.ui/FWBMainWindow_q.cpp:483 +msgid "&Contents..." +msgstr "&Innehåll..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:485 +msgid "Index" +msgstr "Index" + +#: src/gui/.ui/FWBMainWindow_q.cpp:486 +msgid "&Index..." +msgstr "&Index..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:488 +msgid "About" +msgstr "Om" + +#: src/gui/.ui/FWBMainWindow_q.cpp:489 +msgid "&About" +msgstr "&Om" + +#: src/gui/.ui/FWBMainWindow_q.cpp:491 src/gui/.ui/FWBMainWindow_q.cpp:492 +msgid "New" +msgstr "Ny" + +#: src/gui/.ui/FWBMainWindow_q.cpp:501 +msgid "Compile rules" +msgstr "Bygg regler" + +#: src/gui/.ui/FWBMainWindow_q.cpp:504 +msgid "Install firewall policy" +msgstr "Installera brandväggspolicy" + +#: src/gui/.ui/FWBMainWindow_q.cpp:505 src/gui/.ui/FWBMainWindow_q.cpp:506 +#: src/gui/.ui/objectmanipulator_q.cpp:111 +msgid "Back" +msgstr "Tillbaka" + +#: src/gui/.ui/FWBMainWindow_q.cpp:507 src/gui/.ui/FWBMainWindow_q.cpp:508 +msgid "Move back to the previous object" +msgstr "Flytta tillbaks till föregående objekt" + +#: src/gui/.ui/FWBMainWindow_q.cpp:509 +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:155 +#: src/gui/.ui/objectmanipulator_q.cpp:114 +msgid "New Object" +msgstr "Nytt objekt" + +#: src/gui/.ui/FWBMainWindow_q.cpp:510 +msgid "&New Object" +msgstr "&Nytt objekt" + +#: src/gui/.ui/FWBMainWindow_q.cpp:511 src/gui/.ui/objectmanipulator_q.cpp:115 +msgid "Create New Object" +msgstr "Skapa nytt objekt" + +#: src/gui/.ui/FWBMainWindow_q.cpp:512 +msgid "Ctrl+N" +msgstr "Ctrl+N" + +#: src/gui/.ui/FWBMainWindow_q.cpp:514 +msgid "&Find Object" +msgstr "&Sök objekt" + +#: src/gui/.ui/FWBMainWindow_q.cpp:515 src/gui/.ui/FWBMainWindow_q.cpp:516 +msgid "Find object in the tree" +msgstr "Sök objekt i trädet" + +#: src/gui/.ui/FWBMainWindow_q.cpp:518 +msgid "Preferences..." +msgstr "Inställningar..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:519 +msgid "P&references..." +msgstr "Inställninga&r..." + +#: src/gui/.ui/FWBMainWindow_q.cpp:520 +msgid "Edit Preferences" +msgstr "Redigera inställningar" + +#: src/gui/.ui/FWBMainWindow_q.cpp:523 src/gui/.ui/FWBMainWindow_q.cpp:524 +msgid "Move Rule Up" +msgstr "Flytta regel upp" + +#: src/gui/.ui/FWBMainWindow_q.cpp:525 src/gui/.ui/FWBMainWindow_q.cpp:526 +msgid "Move Rule Down" +msgstr "Flytta regel ned" + +#: src/gui/.ui/FWBMainWindow_q.cpp:531 +msgid "Ctrl+Del" +msgstr "Ctrl+Del" + +#: src/gui/.ui/FWBMainWindow_q.cpp:540 +msgid "Add File to RCS" +msgstr "Lägg till fil i RCS" + +#: src/gui/.ui/FWBMainWindow_q.cpp:541 +msgid "Add File to &RCS" +msgstr "Lägg till fil i &RCS" + +#: src/gui/.ui/FWBMainWindow_q.cpp:544 +msgid "Export Library To a File" +msgstr "Exportera bibliotek till en fil" + +#: src/gui/.ui/FWBMainWindow_q.cpp:545 +msgid "&Export Library" +msgstr "&Exportera bibliotek" + +#: src/gui/.ui/FWBMainWindow_q.cpp:546 +msgid "Import Library From a File" +msgstr "Importera bibliotek från en fil" + +#: src/gui/.ui/FWBMainWindow_q.cpp:547 +msgid "&Import Library" +msgstr "&Importera bibliotek" + +#: src/gui/.ui/FWBMainWindow_q.cpp:548 +msgid "Debug" +msgstr "Debug" + +#: src/gui/.ui/FWBMainWindow_q.cpp:549 +msgid "&Debug" +msgstr "&Debug" + +#: src/gui/.ui/FWBMainWindow_q.cpp:550 src/gui/.ui/FWBMainWindow_q.cpp:551 +msgid "&Properties" +msgstr "Egenska&per" + +#: src/gui/.ui/FWBMainWindow_q.cpp:552 +msgid "Show File Properties" +msgstr "Visa filegenskaper" + +#: src/gui/.ui/FWBMainWindow_q.cpp:553 src/gui/.ui/FWBMainWindow_q.cpp:554 +msgid "Move Selected Rules" +msgstr "Flytta valda regler" + +#: src/gui/.ui/FWBMainWindow_q.cpp:555 +msgid "Discard" +msgstr "Kasta" + +#: src/gui/.ui/FWBMainWindow_q.cpp:557 +msgid "" +"Discard Changes and Overwrite With Clean Copy Of The Head Revision From RCS" +msgstr "" +"Kasta ändringar och skriv över med en ren kopia från huvudrevisionen från RCS" + +#: src/gui/.ui/FWBMainWindow_q.cpp:558 +msgid "Commit" +msgstr "Verställ" + +#: src/gui/.ui/FWBMainWindow_q.cpp:559 +#, fuzzy +msgid "Co&mmit" +msgstr "Verställ" + +#: src/gui/.ui/FWBMainWindow_q.cpp:560 +msgid "Commit Opened File to RCS and Continue Editing" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:567 src/gui/.ui/FWBMainWindow_q.cpp:568 +#, fuzzy +msgid "new item" +msgstr "Ny post" + +#: src/gui/.ui/FWBMainWindow_q.cpp:569 src/gui/.ui/FWBMainWindow_q.cpp:570 +msgid "Find Conflicting Objects in Two Files" +msgstr "" + +#: src/gui/.ui/FWBMainWindow_q.cpp:571 +#, fuzzy +msgid "Import Po&licy" +msgstr "&Importera bibliotek" + +#: src/gui/.ui/FWBMainWindow_q.cpp:572 +msgid "Toolbar" +msgstr "Verktygslist" + +#: src/gui/.ui/FWBMainWindow_q.cpp:573 +msgid "&File" +msgstr "&Fil" + +#: src/gui/.ui/FWBMainWindow_q.cpp:574 +msgid "&Edit" +msgstr "R&edigera" + +#: src/gui/.ui/FWBMainWindow_q.cpp:576 +msgid "Rules" +msgstr "Regler" + +#: src/gui/.ui/FWBMainWindow_q.cpp:577 +#, fuzzy +msgid "Tools" +msgstr "Verktygslist" + +#: src/gui/.ui/FWBMainWindow_q.cpp:578 +msgid "&Help" +msgstr "&Hjälp" + +#: src/gui/.ui/groupobjectdialog_q.cpp:190 +msgid "I" +msgstr "I" + +#: src/gui/.ui/groupobjectdialog_q.cpp:191 +msgid "L" +msgstr "L" + +#: src/gui/.ui/hostdialog_q.cpp:146 +msgid "MAC matching" +msgstr "MAC-matchning" + +#: src/gui/.ui/icmpservicedialog_q.cpp:167 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1071 +msgid "ICMP" +msgstr "ICMP" + +#: src/gui/.ui/icmpservicedialog_q.cpp:172 +msgid "ICMP Type:" +msgstr "ICMP-typ:" + +#: src/gui/.ui/icmpservicedialog_q.cpp:174 +msgid "ICMP Code:" +msgstr "ICMP-kod:" + +#: src/gui/.ui/instdialog_q.cpp:85 src/gui/.ui/instdialog_q.cpp:270 +#: src/gui/.ui/librarydialog_q.cpp:136 src/gui/.ui/librarydialog_q.cpp:137 +msgid "Library" +msgstr "Bibliotek" + +#: src/gui/.ui/instdialog_q.cpp:87 src/gui/.ui/instdialog_q.cpp:271 +#, fuzzy +msgid "Last Modified" +msgstr "senastModifierad" + +#: src/gui/.ui/instdialog_q.cpp:89 src/gui/.ui/instdialog_q.cpp:272 +#, fuzzy +msgid "Last Compiled" +msgstr "Bygg" + +#: src/gui/.ui/instdialog_q.cpp:91 src/gui/.ui/instdialog_q.cpp:273 +#, fuzzy +msgid "Last Installed" +msgstr "Installerare" + +#: src/gui/.ui/instdialog_q.cpp:136 src/gui/.ui/instdialog_q.cpp:280 +#, fuzzy +msgid "Progress" +msgstr "Förlopp:" + +#: src/gui/.ui/instdialog_q.cpp:225 src/gui/.ui/instdialog_q.cpp:290 +#, fuzzy +msgid "Compile status" +msgstr "Bygg regler" + +#: src/gui/.ui/instdialog_q.cpp:226 src/gui/.ui/instdialog_q.cpp:291 +#, fuzzy +msgid "Install status" +msgstr "Installera" + +#: src/gui/.ui/instdialog_q.cpp:263 +msgid "Firewall Builder: Policy Installer" +msgstr "Firewall Builder: Policyinstallerare" + +#: src/gui/.ui/instdialog_q.cpp:264 +msgid "" +"

    Select firewalls to compile and " +"install.

    " +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:265 +msgid "Perform batch install" +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:266 +msgid "" +"Check this option if you want to install all selected firewalls " +"automatically. This only works if you use the same user name and password to " +"authenticate to all these firewalls. " +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:275 +#, fuzzy +msgid "None" +msgstr "Klar" + +#: src/gui/.ui/instdialog_q.cpp:282 +#, fuzzy +msgid "firewall" +msgstr "Brandvägg" + +#: src/gui/.ui/instdialog_q.cpp:283 +msgid "Progress:" +msgstr "Förlopp:" + +#: src/gui/.ui/instdialog_q.cpp:285 +msgid "Show Details" +msgstr "" + +#: src/gui/.ui/instdialog_q.cpp:286 +#, fuzzy +msgid "Process log" +msgstr "Förlopp:" + +#: src/gui/.ui/instoptionsdialog_q.cpp:283 +#, fuzzy +msgid "Install options" +msgstr "Ignorera alla ping" + +#: src/gui/.ui/instoptionsdialog_q.cpp:284 +#, qt-format +msgid "" +"

    Install options for firewall '%1'

    " +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:287 +msgid "min" +msgstr "min" + +#: src/gui/.ui/instoptionsdialog_q.cpp:288 +#, fuzzy +msgid "" +"Test run: run the script on the firewall but do not store it permanently." +msgstr "" +"Testkörning: kör skriptet på brandväggen men lagra det inte permanent.\n" +"Du kan återställa till senaste fungerande konfiguration genom att starta om " +"brandväggen." + +#: src/gui/.ui/instoptionsdialog_q.cpp:289 +msgid "Schedule reboot in " +msgstr "Schemalägg omstart om " + +#: src/gui/.ui/instoptionsdialog_q.cpp:290 +msgid "" +"Rebooting the firewall will restore its original policy. To cancel reboot, " +"install the policy with \"test run\" option turned off" +msgstr "" +"Omstart av brandväggen kommer att återställa policyn till originalet. För " +"att avbryta omstart, installera policyn med flaggan \"testkörning\" avslagen." + +#: src/gui/.ui/instoptionsdialog_q.cpp:291 +#, fuzzy +msgid "" +"If you install the policy in test mode, it will not be saved permanently, so " +"you can revert to the last working configuration by rebooting the firewall" +msgstr "" +"Testkörning: kör skriptet på brandväggen men lagra det inte permanent.\n" +"Du kan återställa till senaste fungerande konfiguration genom att starta om " +"brandväggen." + +#: src/gui/.ui/instoptionsdialog_q.cpp:292 +msgid "Cancel reboot if policy activation was successfull" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:293 +msgid "" +"Quiet install: do not print anything as commands are executed on the firewall" +msgstr "" +"Tyst installation: skriv inte ut något när kommandon startas på brandväggen" + +#: src/gui/.ui/instoptionsdialog_q.cpp:294 +msgid "Verbose: print all commands as they are executed on the firewall" +msgstr "Informativ: skriv ut alla kommandon när de startas på brandväggen" + +#: src/gui/.ui/instoptionsdialog_q.cpp:295 +msgid "Remove comments from configuration" +msgstr "Ta bort kommentarer från konfigurationen" + +#: src/gui/.ui/instoptionsdialog_q.cpp:296 +msgid "Compress script" +msgstr "Packa skript" + +#: src/gui/.ui/instoptionsdialog_q.cpp:297 +msgid "Store a copy of fwb file on the firewall" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:298 +msgid "Alternative address to communicate with the firewall:" +msgstr "Alternativ adress att kommunicera med brandväggen:" + +#: src/gui/.ui/instoptionsdialog_q.cpp:299 +msgid "Options for PIX and fwsm firewalls :" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:300 +msgid "Write configuration to standby PIX" +msgstr "" + +#: src/gui/.ui/instoptionsdialog_q.cpp:301 +msgid "Dry run (commands won't be executed on the firewall)" +msgstr "Torr körning (kommandon kommer inte att köras på brandväggen)" + +#: src/gui/.ui/instoptionsdialog_q.cpp:302 +msgid "Store configuration diff in a file" +msgstr "Lagra skillnader i konfigurationen i en fil" + +#: src/gui/.ui/instoptionsdialog_q.cpp:303 +msgid "" +"install only ACL, 'icmp', 'telnet', 'ssh', 'nat', 'global' and 'static' " +"commands" +msgstr "" +"installera endast tillgångskontroll, kommandona: 'icmp', 'telnet', 'ssh', " +"'nat', 'global' och 'static'" + +#: src/gui/.ui/instoptionsdialog_q.cpp:304 +msgid "" +"Calculate difference between current firewall state and generated " +"configuration and install only those commands that update state of the " +"firewall" +msgstr "" +"Beräkna skillnaden mellan nuvarande brandväggsstatus och genererade " +"konfigurationen och installera endast de kommandon som uppdaterar statusen " +"för brandväggen" + +#: src/gui/.ui/instoptionsdialog_q.cpp:305 +msgid "Make a backup copy of the firewall configuration in this file:" +msgstr "Gör en säkerhetskopia av brandväggens konfiguration i denna fil:" + +#: src/gui/.ui/instoptionsdialog_q.cpp:306 +msgid "Password or passphrase:" +msgstr "Lösenord eller lösenfras:" + +#: src/gui/.ui/instoptionsdialog_q.cpp:307 +msgid "User name:" +msgstr "Användarnamn:" + +#: src/gui/.ui/instoptionsdialog_q.cpp:308 +msgid "Enable password:" +msgstr "\"Enable\"-lösenord:" + +#: src/gui/.ui/interfacedialog_q.cpp:235 +#: src/gui/.ui/newfirewalldialog_q.cpp:507 src/gui/.ui/newhostdialog_q.cpp:393 +msgid "Label:" +msgstr "Etikett:" + +#: src/gui/.ui/interfacedialog_q.cpp:237 +msgid "Security level:" +msgstr "Säkerhetsnivå:" + +#: src/gui/.ui/interfacedialog_q.cpp:238 +msgid "" +"

    Each interface of the firewall must have security level associated with " +"it.
    Security level can be any number between 0 and 100, 0 being least " +"secure and 100 being most secure levels. Interface with security level 0 " +"ususally serves Internet connection.

    " +msgstr "" +"

    Varje nätverksgränssnitt på brandväggen måste ha en säkerhetsnivå " +"förknippad med sig.
    Säkerhetsnivån kan vara ett nummer mellan 0 och 100 " +"där 0 är minst säkert och 100 är mest säker. Gränssnitt med säkerhetsnivå 0 " +"är normalt sett satta för Internet-anslutningar.

    " + +#: src/gui/.ui/interfacedialog_q.cpp:239 +msgid "" +"

    Each interface of the firewall must have security level associated with " +"it.
    \n" +"Security level can be any number between 0 and 100, 0 being least secure and " +"100 being most secure levels. Interface with security level 0 ususally " +"serves Internet connection.

    " +msgstr "" +"

    Varje nätverksgränssnitt på brandväggen måste ha en säkerhetsnivå " +"förknippad med sig.
    \n" +"Säkerhetsnivån kan vara ett nummer mellan 0 och 100 där 0 är minst säkert " +"och 100 är mest säker. Gränssnitt med säkerhetsnivå 0 är normalt sett satta " +"för Internet-anslutningar.

    " + +#: src/gui/.ui/interfacedialog_q.cpp:241 src/gui/.ui/interfacedialog_q.cpp:244 +msgid "" +"

    Network zone consists of hosts and networks that can be reached through " +"this interface of the firewall. Subnet to which this interface is directly " +"attached must be part of its network zone. Other subnets reachable by means " +"of routing should alse be added to the network zone.\n" +"
    \n" +"If network zone for this interface consists of only one subnet, you can " +"simply choose that network's object in the pull-down below. If your network " +"zone should include multiple subnets, you need to create an Object Group, " +"then put all hosts and networks which are going to be part of the network " +"zone into that group and finally choose this group in the pull-down below." +msgstr "" +"

    Nätverkszoner innehåller värdar och nätverk som kan nås genom detta " +"nätverksgränssnitt på brandväggen. Subnät till vilka detta gränssnitt är " +"direkt ansluten måste vara en del av dess nätverkszon. Andra subnät nåbara " +"genom routing bör också läggas till i nätverkszonen.\n" +"
    \n" +"Om nätverkszonen för detta gränssnitt innehåller endast ett subnät kan du " +"helt enkelt välja nätverkets objekt i menyn nedan. Om din nätverkszon bör " +"inkludera multipla subnät behöver du skapa en Objektgrupp, lägg sedan alla " +"värdar och nätverk som ska vara en del av nätverkszonen i den gruppen och " +"välj sedan denna grupp i menyn nedan.

    " + +#: src/gui/.ui/interfacedialog_q.cpp:247 +msgid "Network zone:" +msgstr "Nätverkszon:" + +#: src/gui/.ui/interfacedialog_q.cpp:249 +#, fuzzy +msgid "This interface is external (insecure)" +msgstr "" +"Detta nätverksgränssnitt är\n" +"externt (osäkert)" + +#: src/gui/.ui/interfacedialog_q.cpp:250 +msgid "" +"

    One interface of the firewall must be marked as 'external'. This " +"interface should be connected to the least secure network, usually the " +"Internet.

    " +msgstr "" +"

    Ett nätverksgränssnitt på brandväggen måste vara markerat som \"externt" +"\". Detta gränssnitt bör vara anslutet till det minst säkra nätverket, " +"normalt sett Internet.

    " + +#: src/gui/.ui/interfacedialog_q.cpp:251 +msgid "" +"One interface of the firewall must be marked as 'external'. This interface " +"should be connected to the least secure network, usually the Internet." +msgstr "" +"Ett nätverksgränssnitt på brandväggen måste markeras som \"extern\". Detta " +"gränssnitt bör vara ansluten till det minst säkra nätverket, normalt sett " +"Internet." + +#: src/gui/.ui/interfacedialog_q.cpp:252 +msgid "Management interface" +msgstr "Nätverksgränssnitt för administration" + +#: src/gui/.ui/interfacedialog_q.cpp:253 +msgid "" +"

    Check if this interface is used for management (SNMP queries, remote " +"policy install etc.)

    " +msgstr "" +"

    Kryssa i om detta nätverksgränssnitt används för administration (SNMP-" +"frågor, fjärrinstallation av policy etc.)

    " + +#: src/gui/.ui/interfacedialog_q.cpp:255 +#, fuzzy +msgid "Address is assigned dynamically" +msgstr "" +"Adress är dynamiskt\n" +"tilldelad" + +#: src/gui/.ui/interfacedialog_q.cpp:256 +#: src/gui/.ui/newfirewalldialog_q.cpp:515 +msgid "Regular interface" +msgstr "Normalt nätverksgränssnitt" + +#: src/gui/.ui/interfacedialog_q.cpp:257 +#, fuzzy +msgid "Unprotected interface" +msgstr "Onumrerat nätverksgränssnitt" + +#: src/gui/.ui/interfacedialog_q.cpp:258 +msgid "Skip this interface while assigning policy rules" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:546 +msgid "ipf: advanced settings" +msgstr "ipf: avancerade inställningar" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:551 +msgid "Use raudio proxy in NAT rules" +msgstr "Använd raudio-proxy i NAT-regler" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:552 +msgid "Use h323 proxy in NAT rules" +msgstr "Använd h323-proxy i NAT-regler" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:553 +msgid "Use ipsec proxy in NAT rules" +msgstr "Använd ipsec-proxy i NAT-regler" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:554 +msgid "Use ftp proxy in NAT rules" +msgstr "Använd ftp-proxy i NAT-regler" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:555 +msgid "Use rcmd proxy in NAT rules" +msgstr "Använd rcmd-proxy i NAT-regler" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:556 +#, fuzzy +msgid "Use Kerberos rcmd proxy in NAT rules" +msgstr "Använd rcmd-proxy i NAT-regler" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:557 +#, fuzzy +msgid "Use Kerberos ekshell proxy in NAT rules" +msgstr "Använd ipsec-proxy i NAT-regler" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:558 +msgid "" +"Some protocols involve multiple associated network connections. Firewall can " +"keep track of such connections automatically if you activate one or all of " +"the following options:" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:559 +#, fuzzy +msgid "Use PPTP proxy in NAT rules" +msgstr "Använd ftp-proxy i NAT-regler" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:560 +#, fuzzy +msgid "Use IRC proxy in NAT rules for DCC" +msgstr "Använd ftp-proxy i NAT-regler" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:561 +msgid "Protocol Helpers" +msgstr "Protokollhjälp" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:562 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:356 +#: src/gui/.ui/iptadvanceddialog_q.cpp:610 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1004 +msgid "Compiler:" +msgstr "Kompilator:" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:563 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1019 +msgid "" +"There are two ways compiler can generate code for rules in the Global " +"Policy: it can either create two ipf rules to control both incoming and " +"outgoing packets for each rule, or it can create only one ipf rule for " +"incoming packets and permit all outgoing ones.You get more control over the " +"packets crossing the firewall in the first mode, but generated script is " +"going to be smaller if you choose the second." +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:564 +msgid "" +"Masquerade returned icmp as being from original\n" +"packet's destination" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:567 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1018 +msgid "Generate both 'in' and 'out' rules" +msgstr "Generera både \"in\" och \"ut\"-regler" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:568 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1017 +msgid "Pass all outgoing" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:569 +#: src/gui/.ui/iptadvanceddialog_q.cpp:608 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1009 +msgid "Accept TCP sessions opened prior to firewall restart" +msgstr "Tillåt TCP-sessioner öppnade före omstart av brandväggen" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:570 +msgid "Find and eliminate duplicate rules" +msgstr "Hitta och eliminera dubblettregler" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:571 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:360 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1011 +msgid "Detect rule shadowing in policy" +msgstr "Identifiera regelskuggning i policy" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:572 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:361 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1012 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1846 +msgid "" +"Shadowing happens because a rule is a superset of a subsequent rule and any " +"packets potentially matched by the subsequent rule have already been matched " +"by the prior rule." +msgstr "" +"Skuggning händer därför att en regel är ett superset av en efterföljande " +"regel och alla paket som kan tänkas matchas av den efterföljande regeln " +"redan har matchas av den föregående regeln." + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:573 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:358 +#: src/gui/.ui/iptadvanceddialog_q.cpp:616 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1013 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1841 +msgid "Ignore empty groups in rules" +msgstr "Ignorerar tomma grupper i regler" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:574 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:359 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1014 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1842 +msgid "" +"If the option is deactivated, compiler treats empty groups as an error and " +"aborts processing the policy. If this option is activated, compiler removes " +"all empty groups from all rule elements. If rule element becomes 'any' after " +"the last empty group has been removed, the whole rule will be ignored. Use " +"this option only if you fully understand how it works!" +msgstr "" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:575 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:364 +#: src/gui/.ui/iptadvanceddialog_q.cpp:617 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1006 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1828 +msgid "" +"Always permit ssh access from\n" +"the management workstation\n" +"with this address:" +msgstr "" +"Tillåt alltid ssh-tillgång från\n" +"arbetsstationen för administration\n" +"med denna adress:" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:578 +#: src/gui/.ui/iptadvanceddialog_q.cpp:620 +msgid "Default action on 'Reject':" +msgstr "Standardåtgärd för \"Vägra\":" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:579 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:355 +#: src/gui/.ui/iptadvanceddialog_q.cpp:603 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1005 +msgid "Command line options for the compiler:" +msgstr "Kommandoradsflaggor för kompilatorn:" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:580 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:357 +#: src/gui/.ui/iptadvanceddialog_q.cpp:611 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1015 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1827 +msgid "" +"Output file name (if left blank, the file name is constructed of the " +"firewall object name and extension \".fw\")" +msgstr "" +"Filnamn för utdata (om lämnad blank kommer filnamnet att konstrueras av " +"brandväggens objektnamn och ändelsen \".fw\")" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:581 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:367 +#: src/gui/.ui/iptadvanceddialog_q.cpp:623 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1021 +msgid "Compiler" +msgstr "Kompilator" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:582 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:368 +#: src/gui/.ui/iptadvanceddialog_q.cpp:624 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1096 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1873 +msgid "External install script" +msgstr "Externt installationsskript" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:583 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:369 +#: src/gui/.ui/iptadvanceddialog_q.cpp:625 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1097 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1874 +msgid "" +"Policy install script (using built-in installer if this field is blank):" +msgstr "" +"Installationsskript för policy (använder inbyggd installerare om detta fält " +"lämnas blankt):" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:584 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:370 +#: src/gui/.ui/iptadvanceddialog_q.cpp:626 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1098 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1875 +msgid "Command line options for the script:" +msgstr "Kommandoradsflaggor för skriptet:" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:585 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:371 +#: src/gui/.ui/iptadvanceddialog_q.cpp:627 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1099 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1876 +msgid "Built-in installer" +msgstr "Inbyggd installerare" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:586 +msgid "Directory on the firewall where configuration files should be installed" +msgstr "Katalog på brandväggen där konfigurationsfiler bör installeras" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:587 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:376 +#: src/gui/.ui/iptadvanceddialog_q.cpp:632 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1104 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1879 +msgid "Additional command line parameters for ssh" +msgstr "Ytterligare kommandoradsparametrar för ssh" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:588 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:375 +#: src/gui/.ui/iptadvanceddialog_q.cpp:631 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1103 +msgid "" +"A command that installer should execute on the firewall in order to activate " +"the policy (if this field is blank, installer runs firewall script in the " +"directory specified above; it uses sudo if user name is not 'root')" +msgstr "" +"Ett kommando som installeraren bör starta på brandväggen för att aktivera " +"policyn (om detta fält lämnas blankt kommer installeraren köra " +"brandväggsskriptet i den katalog som angivits ovan; den använder sudo om " +"användarnamnet inte är \"root\")" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:589 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:372 +#: src/gui/.ui/iptadvanceddialog_q.cpp:628 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1100 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1877 +msgid "" +"Alternative name or address used to communicate with the firewall (also " +"putty session name on Windows)" +msgstr "" +"Alternativt namn eller adress som används för att kommunicera med " +"brandväggen (även puttys sessionsnamn på Windows)" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:590 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:373 +#: src/gui/.ui/iptadvanceddialog_q.cpp:629 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1101 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1878 +msgid "" +"User name used to authenticate to the firewall (leave this empty if you use " +"putty session):" +msgstr "" +"Användarnamn som används för autentisering mot brandväggen (lämna blankt om " +"du använder putty-session):" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:591 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:377 +#: src/gui/.ui/iptadvanceddialog_q.cpp:633 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1105 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1880 +msgid "Installer" +msgstr "Installerare" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:594 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:384 +#: src/gui/.ui/iptadvanceddialog_q.cpp:640 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1113 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1883 +msgid "" +"The following commands will be added verbatim on top of generated " +"configuration" +msgstr "" +"Följande kommandon kommer att läggas till exakt som angivna på toppen av den " +"genererade konfigurationen" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:599 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:381 +#: src/gui/.ui/iptadvanceddialog_q.cpp:637 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1109 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1888 +msgid "" +"The following commands will be added verbatim after generated configuration" +msgstr "" +"Följande kommandon kommer att läggas till exakt som angivna på slutet av den " +"genererade konfigurationen" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:600 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:386 +#: src/gui/.ui/iptadvanceddialog_q.cpp:647 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1118 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1889 +msgid "Prolog/Epilog" +msgstr "Prolog/Epilog" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:601 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:849 +msgid "Log facility:" +msgstr "Loggfacilitet:" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:602 +#: src/gui/.ui/iptadvanceddialog_q.cpp:654 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:799 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:850 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:881 +msgid "Log level:" +msgstr "Loggnivå:" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:603 +msgid "Log packet body" +msgstr "Logga paketkropp" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:604 +msgid "Block if can not log" +msgstr "Blockera om loggning inte sker" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:605 +#: src/gui/.ui/iptadvanceddialog_q.cpp:663 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1121 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2076 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:801 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:851 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:858 +msgid "Logging" +msgstr "Loggning" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:606 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:387 +#: src/gui/.ui/iptadvanceddialog_q.cpp:669 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1122 +msgid "Add virtual addresses for NAT" +msgstr "Lägg till virtuella adresser för NAT" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:607 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:388 +#: src/gui/.ui/iptadvanceddialog_q.cpp:665 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1123 +msgid "Configure Interfaces of the firewall machine" +msgstr "Konfigurera nätverksgränssnitt på brandväggsmaskinen" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:608 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:389 +#: src/gui/.ui/iptadvanceddialog_q.cpp:666 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1124 +msgid "Turn debugging on in generated script" +msgstr "Aktivera debuggning i genererade skript" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:609 +msgid "Optimization" +msgstr "Optimering" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:610 +msgid "" +"If this option is on, policy compiler adds virtual addresses to the " +"interfaces to make the firewall answer to ARP queries for addresses used in " +"NAT rules." +msgstr "" +"Om denna flagga är påslagen kommer policykompilatorn att lägga till " +"virtuella adresser till nätverksgränssnitten för att göra så brandväggen " +"svarar på ARP-frågor för adresser som används i NAT-regler." + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:611 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:390 +#: src/gui/.ui/iptadvanceddialog_q.cpp:664 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1125 +msgid "These options enable auxiliary sections in the generated shell script." +msgstr "" +"Dessa inställningar aktiverar hjälpsektioner i det genererade skalskriptet." + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:612 +msgid "Determine addresses of dynamic interfaces at run time" +msgstr "Fastställ adresser för dynamiska nätverksgränssnitt vid körning" + +#: src/gui/.ui/ipfadvanceddialog_q.cpp:613 +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:391 +#: src/gui/.ui/iptadvanceddialog_q.cpp:672 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1126 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1872 +msgid "Script Options" +msgstr "Skriptinställningar" + +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:350 +msgid "ipfw: advanced settings" +msgstr "ipfw: avancerade inställningar" + +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:362 +msgid "" +"Add rule to accept packets matching dynamic rules created for\n" +"known sessions on top of the policy (action 'check-state')" +msgstr "" + +#: src/gui/.ui/ipfwadvanceddialog_q.cpp:374 +#: src/gui/.ui/iptadvanceddialog_q.cpp:630 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1102 +msgid "Directory on the firewall where script should be installed" +msgstr "Katalog på brandväggen där skript bör installeras" + +#: src/gui/.ui/ipservicedialog_q.cpp:208 +msgid "IP" +msgstr "IP" + +#: src/gui/.ui/ipservicedialog_q.cpp:212 +msgid "all fragments" +msgstr "alla fragment" + +#: src/gui/.ui/ipservicedialog_q.cpp:213 +msgid "rr (record route)" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:214 +msgid "timestamp" +msgstr "tidsstämpel" + +#: src/gui/.ui/ipservicedialog_q.cpp:215 +msgid "ssrr (strict source route)" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:216 +msgid "'short' fragments" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:217 +msgid "lsrr (loose source route)" +msgstr "" + +#: src/gui/.ui/ipservicedialog_q.cpp:220 +msgid "Protocol number:" +msgstr "Protokollnummer:" + +#: src/gui/.ui/ipservicedialog_q.cpp:221 +msgid "( 0 - any protocol )" +msgstr "( 0 - alla protokoll )" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:598 +msgid "iptables: advanced settings" +msgstr "iptables: avancerade inställningar" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:604 +msgid "Accept ESTABLISHED and RELATED packets before the first rule" +msgstr "Acceptera ESTABLISHED och RELATED-paket före första regeln" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:605 +msgid "Bridging firewall" +msgstr "Bryggad brandvägg" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:606 +msgid "Detect shadowing in policy rules" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:607 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1832 +msgid "Assume firewall is part of 'any'" +msgstr "Anta att brandväggen är en del av \"alla\"" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:609 +msgid "Enable support for NAT of locally originated connections" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:612 +msgid "" +"Drop packets that are associated with\n" +"no known connection" +msgstr "" +"Kasta paket som är associerade med\n" +"ej kända anslutningar" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:614 +msgid "and log them" +msgstr "och logga dem" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:615 +msgid "Clamp MSS to MTU" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:621 +msgid "Make Tag and Classify actions terminating" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:622 +msgid "Do not set default policy for ipv6" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:642 +msgid "Insert prolog script " +msgstr "Lägg till prolog-skript " + +#: src/gui/.ui/iptadvanceddialog_q.cpp:649 +msgid "use ULOG" +msgstr "använd ULOG" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:650 +msgid "use LOG" +msgstr "använd LOG" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:651 +msgid "log TCP seq. numbers" +msgstr "logga TCP-seq. nummer" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:652 +msgid "log IP options" +msgstr "logga IP-flaggor" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:653 +msgid "use numeric syslog levels" +msgstr "använd numeriska syslognivåer" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:655 +msgid "log TCP options" +msgstr "logga TCP-flaggor" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:656 +msgid "cprange" +msgstr "cprange" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:657 +msgid "queue threshold:" +msgstr "tröskelvärde för kö:" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:658 +msgid "netlink group:" +msgstr "" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:659 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:798 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:857 +msgid "Log prefix:" +msgstr "Loggprefix:" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:660 +msgid "Logging limit:" +msgstr "Loggbegränsning:" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:661 +msgid "" +"Activate logging in all rules\n" +"(overrides rule options, use for debugging)" +msgstr "" +"Aktivera loggning för alla regler\n" +"(kör över regelinställningar, använd för debug)" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:667 +msgid "Verify interfaces before loading firewall policy" +msgstr "Verifiera nätverksgränssnitt före inläsning av brandväggspolicy" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:668 +msgid "Load modules" +msgstr "Läs in moduler" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:670 +msgid "Use iptables-restore to activate policy" +msgstr "Använd iptables-restore för att aktivera policy" + +#: src/gui/.ui/iptadvanceddialog_q.cpp:671 +msgid "iptables-restore replaces firewall policy in one atomic transaction" +msgstr "" + +#: src/gui/.ui/ipv4dialog_q.cpp:169 +msgid "IPv4" +msgstr "IPv4" + +#: src/gui/.ui/ipv4dialog_q.cpp:176 +msgid "DNS Lookup..." +msgstr "DNS-uppslag..." + +#: src/gui/.ui/libexport_q.cpp:106 +msgid "Export" +msgstr "Exportera" + +#: src/gui/.ui/libexport_q.cpp:107 +msgid "" +"This will export a library to a file which can later be imported back into " +"Firewall Builder" +msgstr "" +"Detta kommer att exportera ett bibliotek till en fil som senare kan " +"importeras tillbaka in i Firewall Builder" + +#: src/gui/.ui/libexport_q.cpp:109 +msgid "New Item" +msgstr "Ny post" + +#: src/gui/.ui/libexport_q.cpp:110 +msgid "Make exported libraries read-only" +msgstr "Skrivskydda exporterade bibliotek" + +#: src/gui/.ui/libexport_q.cpp:111 +msgid "Choose libraries to be exported:" +msgstr "Välj bibliotek att exportera:" + +#: src/gui/.ui/librarydialog_q.cpp:138 +msgid "Color:" +msgstr "Färg:" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:195 +msgid "Linksys/Sveasoft: advanced settings" +msgstr "Linksys/Sveasoft: avancerade inställningar" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:200 +#: src/gui/.ui/linux24advanceddialog_q.cpp:450 +msgid "modprobe:" +msgstr "modprobe:" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:201 +#: src/gui/.ui/linux24advanceddialog_q.cpp:451 +msgid "logger:" +msgstr "logger:" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:202 +#: src/gui/.ui/linux24advanceddialog_q.cpp:452 +msgid "ip:" +msgstr "ip:" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:203 +#: src/gui/.ui/linux24advanceddialog_q.cpp:453 +msgid "lsmod" +msgstr "lsmod" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:204 +#: src/gui/.ui/linux24advanceddialog_q.cpp:455 +msgid "iptables:" +msgstr "iptables:" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:205 +#: src/gui/.ui/linux24advanceddialog_q.cpp:454 +msgid "" +"Specify directory path and a file name for each utility on your firewall " +"machine. Leave these empty if you want to use default values." +msgstr "" +"Ange sökväg och filnamn för varje verktyg på din brandväggsmaskin. Lämna " +"dessa blanka om du vill använda standardvärden." + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:207 +msgid "" +"Policy installer relies on the shell prompt on the firewall to execute " +"commands. Installer tries both prompt string patterns configured here; it " +"assumes that the firewall is ready to accept a command if either prompt " +"matches. You should only need to change these string patterns if Sveasoft " +"changes the shell prompt in the future releases of the software.\n" +"
    \n" +"
    \n" +"The default strings work for Sveasoft Alchemy pre-5.1 and pre-5.2" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:211 +msgid "Use default prompts" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:212 +msgid "prompt 2" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:213 +msgid "prompt 1" +msgstr "" + +#: src/gui/.ui/linksysadvanceddialog_q.cpp:214 +msgid "Prompts" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:365 +msgid "Linux 2.4: advanced settings" +msgstr "Linux 2.4: avancerade inställningar" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:407 +msgid "Kernel anti-spoofing protection" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:408 +msgid "Ignore broadcast pings" +msgstr "Ignorera broadcast ping" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:409 +msgid "Ignore all pings" +msgstr "Ignorera alla ping" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:410 +msgid "Accept source route" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:411 +msgid "Accept ICMP redirects" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:412 +msgid "Ignore bogus ICMP errors" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:413 +msgid "Allow dynamic addresses" +msgstr "Tillåt dynamiska adresser" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:414 +msgid "Log martians" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:416 +msgid "" +"These parameters make sense for connections to or from the firewall host" +msgstr "" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:441 +msgid "TCP sack" +msgstr "TCP sack" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:442 +msgid "TCP window scaling" +msgstr "TCP window scaling" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:443 +msgid "TCP ECN" +msgstr "TCP ECN" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:444 +msgid "TCP SYN cookies" +msgstr "TCP SYN-kakor" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:445 +msgid "TCP keepalive time (sec)" +msgstr "TCP tid för keepalive (sek)" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:446 +msgid "TCP fack" +msgstr "TCP fack" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:447 +msgid "TCP timestamps" +msgstr "TCP tidsstämplar" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:448 +msgid "TCP FIN timeout (sec)" +msgstr "TCP FIN timeout (sek)" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:449 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1051 +#: src/gui/.ui/tcpservicedialog_q.cpp:370 +msgid "TCP" +msgstr "TCP" + +#: src/gui/.ui/linux24advanceddialog_q.cpp:456 +msgid "iptables-restore:" +msgstr "iptables-restore:" + +#: src/gui/.ui/longtextdialog_q.cpp:95 +msgid "longTextDialog_q" +msgstr "longTextDialog_q" + +#: src/gui/.ui/longtextdialog_q.cpp:97 +msgid "this is the error text" +msgstr "detta är feltexten" + +#: src/gui/.ui/macosxadvanceddialog_q.cpp:164 +msgid "MacOS X: advanced settings" +msgstr "MacOS X: avancerade inställningar" + +#: src/gui/.ui/metriceditorpanel_q.cpp:78 +#, fuzzy +msgid "textLabel2" +msgstr "Etikett" + +#: src/gui/.ui/natruleoptionsdialog_q.cpp:154 +#, fuzzy +msgid "NAT Rule Options" +msgstr "Regelinställningar" + +#: src/gui/.ui/natruleoptionsdialog_q.cpp:156 +msgid "No options are available for this firewall platform" +msgstr "" + +#: src/gui/.ui/natruleoptionsdialog_q.cpp:157 +#, fuzzy +msgid "Pool type" +msgstr "ICMP-typ" + +#: src/gui/.ui/natruleoptionsdialog_q.cpp:158 +#, fuzzy +msgid "default" +msgstr "Ta bort" + +#: src/gui/.ui/newfirewalldialog_q.cpp:172 +#: src/gui/.ui/newfirewalldialog_q.cpp:323 +#: src/gui/.ui/newfirewalldialog_q.cpp:502 +#: src/gui/.ui/newfirewalldialog_q.cpp:524 src/gui/.ui/newhostdialog_q.cpp:188 +#: src/gui/.ui/newhostdialog_q.cpp:398 +msgid "Label" +msgstr "Etikett" + +#: src/gui/.ui/newfirewalldialog_q.cpp:174 +#: src/gui/.ui/newfirewalldialog_q.cpp:504 src/gui/.ui/newhostdialog_q.cpp:190 +#: src/gui/.ui/newhostdialog_q.cpp:400 +msgid "Netmask" +msgstr "Nätmask" + +#: src/gui/.ui/newfirewalldialog_q.cpp:175 +#: src/gui/.ui/newfirewalldialog_q.cpp:505 src/gui/.ui/newhostdialog_q.cpp:191 +#: src/gui/.ui/newhostdialog_q.cpp:401 +msgid "Dyn" +msgstr "Dyn" + +#: src/gui/.ui/newfirewalldialog_q.cpp:176 +#: src/gui/.ui/newfirewalldialog_q.cpp:506 src/gui/.ui/newhostdialog_q.cpp:192 +#: src/gui/.ui/newhostdialog_q.cpp:402 +msgid "MAC" +msgstr "MAC" + +#: src/gui/.ui/newfirewalldialog_q.cpp:325 +#: src/gui/.ui/newfirewalldialog_q.cpp:526 +msgid "Security Level" +msgstr "Säkerhetsnivå" + +#: src/gui/.ui/newfirewalldialog_q.cpp:487 src/gui/.ui/newhostdialog_q.cpp:378 +msgid "Enter the name of the new object below:" +msgstr "Ange namnet för det nya objektet nedan:" + +#: src/gui/.ui/newfirewalldialog_q.cpp:488 +msgid "Choose firewall software it is running:" +msgstr "Välj brandväggsprogramvara som körs:" + +#: src/gui/.ui/newfirewalldialog_q.cpp:489 +msgid "Choose OS the new firewall runs on:" +msgstr "Välj OS som den nya brandväggen körs på:" + +#: src/gui/.ui/newfirewalldialog_q.cpp:490 +msgid "Use preconfigured template firewall objects" +msgstr "Använd förkonfigurerade mallar för brandväggsobjekt" + +#: src/gui/.ui/newfirewalldialog_q.cpp:492 +msgid "" +"Next step is to add interfaces to the new firewall. There are two ways to do " +"it: using SNMP query or manually. Adding them using SNMP query is fast and " +"automatic, but is only possible if firewall runs SNMP agent and you know " +"SNMP community string 'read'." +msgstr "" +"Nästa steg är att lägga till nätverksgränssnitt till den nya brandväggen. " +"Det finns två sätt att göra det på: använda SNMP-frågor eller manuellt. " +"Lägga till dom via SNMP-frågor är snabbt och automatiskt men är endast " +"möjligt om brandväggen kör en SNMP-agent och du känner till SNMP-" +"communitysträngen \"read\"." + +#: src/gui/.ui/newfirewalldialog_q.cpp:494 src/gui/.ui/newhostdialog_q.cpp:383 +msgid "Configure interfaces manually" +msgstr "Konfigurera nätverksgränssnitt manuellt" + +#: src/gui/.ui/newfirewalldialog_q.cpp:495 +msgid "Use SNMP to discover interfaces of the firewall" +msgstr "Använd SNMP för att identifiera nätverksgränssnitt på brandväggen" + +#: src/gui/.ui/newfirewalldialog_q.cpp:496 src/gui/.ui/newhostdialog_q.cpp:385 +msgid "Discover Interfaces using SNMP" +msgstr "Identifiera nätverksgränssnitt via SNMP" + +#: src/gui/.ui/newfirewalldialog_q.cpp:499 +msgid "" +"Here you can add or edit interfaces manually. 'Name' corresponds to the name " +"of the physical interface, such as 'eth0', 'fxp0', 'ethernet0' etc. 'Label' " +"is used to mark interface to reflect network topology, e.g. 'outside' or " +"'inside'. Label is mandatory for PIX firewall." +msgstr "" +"Här kan du lägga till eller redigera nätverksgränssnitt manuellt. \"Namn\" " +"gäller för namnet av det fysiska nätverksgränssnittet, såsom \"eth0\", \"fxp0" +"\", \"ethernet0\" etc. \"Etikett\" används för att markera " +"nätverksgränssnittet i nätverkstopologin, till exempel \"insida\" eller " +"\"utsida\". Etiketten är obligatorisk för PIX-brandväggar." + +#: src/gui/.ui/newfirewalldialog_q.cpp:500 src/gui/.ui/newhostdialog_q.cpp:391 +msgid "Click 'Next' when done." +msgstr "Klicka \"Nästa\" när du är klar." + +#: src/gui/.ui/newfirewalldialog_q.cpp:509 src/gui/.ui/newhostdialog_q.cpp:408 +msgid "Update" +msgstr "Uppdatera" + +#: src/gui/.ui/newfirewalldialog_q.cpp:510 src/gui/.ui/newhostdialog_q.cpp:407 +msgid "Add" +msgstr "Lägg till" + +#: src/gui/.ui/newfirewalldialog_q.cpp:519 src/gui/.ui/newhostdialog_q.cpp:403 +msgid "MAC:" +msgstr "MAC:" + +#: src/gui/.ui/newfirewalldialog_q.cpp:521 +msgid "up" +msgstr "upp" + +#: src/gui/.ui/newfirewalldialog_q.cpp:522 +msgid "down" +msgstr "ned" + +#: src/gui/.ui/newfirewalldialog_q.cpp:527 +msgid "Click 'Finish' when done." +msgstr "Klicka \"Klar\" är du är klar." + +#: src/gui/.ui/newfirewalldialog_q.cpp:528 +msgid "" +"In order to be able to build firewall policy properly, Firewall Builder " +"needs information about 'security level' of the firewall's interfaces. " +"Interface that connects it to the Internet is considered 'insecure' and has " +"security level '0', while interface connected to the internal network is " +"supposed to be 'secure' (security level '100'). You can arrange interfaces " +"in the order of their security level below." +msgstr "" +"För att kunna bygga en brandväggspolicy korrekt behöver Firewall Builder " +"information om \"säkerhetsnivån\" för brandväggens nätverksgränssnitt. " +"Gränssnitt som ansluter den till Internet är ansedda som \"osäkra\" och har " +"säkerhetsnivå \"0\" medans gränssnitt som är anslutna till interna nätverk " +"anses vara \"säkra\" (säkerhetsnivå \"100\"). Du kan sortera gränssnitten " +"efter deras säkerhetsnivå nedan." + +#: src/gui/.ui/newfirewalldialog_q.cpp:530 src/gui/.ui/newhostdialog_q.cpp:411 +msgid "" +"Choose template object in the list and click 'Finish' when ready. Template " +"objects use generic interface names that will be iherited by the firewall " +"object you create. You may need to rename them later to reflect real names " +"of interfaces on your firewall machine." +msgstr "" +"Välj mallobjekt i listan och klicka på \"Klar\" när du är klar. Mallobjekten " +"använder allmänna namn för nätverksgränssnitten som kommer att ärvas av " +"brandväggsobjektet du skapar. Du kan behöva att byta namn på dom senare för " +"att passa riktiga namn för nätverksgränssnitten på din brandväggsmaskin." + +#: src/gui/.ui/newgroupdialog_q.cpp:99 +msgid "Group Name:" +msgstr "Gruppnamn:" + +#: src/gui/.ui/newgroupdialog_q.cpp:100 +msgid "This operation will create a new group and put selected objects in it" +msgstr "" +"Denna operation kommer att skapa en ny grupp och lägga in valda objekt i den" + +#: src/gui/.ui/newgroupdialog_q.cpp:101 +msgid "Create a group" +msgstr "Skapa en grupp" + +#: src/gui/.ui/newhostdialog_q.cpp:379 +msgid "Use preconfigured template host objects" +msgstr "Använd förkonfigurerade mallar för värdobjekt" + +#: src/gui/.ui/newhostdialog_q.cpp:381 +msgid "" +"Next step is to add interfaces to the new host. There are two ways to do it: " +"using SNMP query or manually. Adding them using SNMP query is fast and " +"automatic, but is only possible if the host runs SNMP agent and you know " +"SNMP community string 'read'." +msgstr "" +"Nästa steg är att lägga till nätverksgränssnitt till den nya värden. Det " +"finns två sätt att göra det på: använda SNMP-frågor eller manuellt. Lägga " +"till dom via SNMP-frågor går snabb och automatiskt men är endast möjligt om " +"värden kör en SNMP-agent och du känner till SNMP-communitysträngen \"read\"." + +#: src/gui/.ui/newhostdialog_q.cpp:384 +msgid "Use SNMP to discover interfaces of the host" +msgstr "Använd SNMP för att identifiera nätverksgränssnitt på värden" + +#: src/gui/.ui/newhostdialog_q.cpp:388 +msgid "" +"Here you can add or edit interfaces manually. 'Name' corresponds to the name " +"of the physical interface, such as 'eth0', 'fxp0', 'ethernet0' etc. 'Label' " +"is used to mark interface to reflect network topology, e.g. 'outside' or " +"'inside'." +msgstr "" +"Här kan du lägga till eller redigera nätverksgränssnitt manuellt. \"Namn\" " +"gäller för namnet av det fysiska nätverksgränssnittet, såsom \"eth0\", \"fxp0" +"\", \"ethernet0\" etc. \"Etikett\" används för att markera " +"nätverksgränssnittet i nätverkstopologin, till exempel \"insida\" eller " +"\"utsida\"." + +#: src/gui/.ui/newhostdialog_q.cpp:396 +msgid "" +"This is unnumbered interface, that is, it does not have an IP address. You " +"can use this for interfaces that terminate PPPoE or other VPN tunnels" +msgstr "" +"Detta är en onumrerat nätverksgränssnitt, alltså, det har ingen IP-adress. " +"Du kan använda detta för gränssnitt som terminerar PPPoE eller andra VPN-" +"tunnlar." + +#: src/gui/.ui/newhostdialog_q.cpp:405 +msgid "" +"Address of this interface is assigned dynamically using DHCP or PPP protocol" +msgstr "" +"Adressen för detta nätverksgränssnitt tilldelas dynamiskt via DHCP eller PPP-" +"protokollet" + +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:148 +msgid "Conflict Resolution" +msgstr "Konfliktlösning" + +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:149 +msgid "" +"There is a conflict between an object in your tree and object in the file " +"you are trying to open. Choose which version of this object you want to use:" +msgstr "" +"Det finns en konflikt mellan ett objekt i ditt träd och objekt i filen du " +"försöker öppna. Välj vilken version av detta objekt du vill använda:" + +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:150 +msgid "Current Object " +msgstr "Nuvarande objekt " + +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:153 +#: src/gui/.ui/objconflictresolutiondialog_q.cpp:158 +msgid "" +"Always choose this\n" +"object if there is a conflict" +msgstr "" +"Välj alltid detta\n" +"objekt om det finns en konflikt" + +#: src/gui/.ui/objectmanipulator_q.cpp:108 +msgid "Tree of Objects" +msgstr "Objektträd" + +#: src/gui/.ui/objectmanipulator_q.cpp:112 +msgid "Go back to the previous object" +msgstr "Gå tillbaka till föregående objekt" + +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:172 +msgid "OpenBSD: advanced settings" +msgstr "OpenBSD: avancerade inställningar" + +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:178 +msgid "Enable directed broadcast" +msgstr "Aktivera riktad broadcast" + +#: src/gui/.ui/openbsdadvanceddialog_q.cpp:199 +msgid "pfctl:" +msgstr "pfctl:" + +#: src/gui/.ui/pagesetupdialog_q.cpp:103 +msgid "Page Setup" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:104 +msgid "start each section on a new page" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:105 +msgid "print header on every page" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:106 +#, fuzzy +msgid "print legend" +msgstr "Utskrift klar" + +#: src/gui/.ui/pagesetupdialog_q.cpp:107 +#, fuzzy +msgid "print objects used in rules" +msgstr "Sök objekt i trädet" + +#: src/gui/.ui/pagesetupdialog_q.cpp:109 +#, fuzzy +msgid "Alt+O" +msgstr "Alt+M" + +#: src/gui/.ui/pagesetupdialog_q.cpp:112 +#, fuzzy +msgid "Scale tables: " +msgstr "iptables:" + +#: src/gui/.ui/pagesetupdialog_q.cpp:114 +msgid "50%" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:115 +msgid "75%" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:116 +msgid "100%" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:117 +msgid "150%" +msgstr "" + +#: src/gui/.ui/pagesetupdialog_q.cpp:118 +msgid "200%" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:999 +msgid "pf: advanced settings" +msgstr "pf: avancerade inställningar" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1010 +msgid "Modulate state for all stateful rules (applies only to TCP services)" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1020 +msgid "Optimization:" +msgstr "Optimering:" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1022 +msgid "Enforce Minimum TTL:" +msgstr "Tvinga Minimum TTL:" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1023 +msgid "Enforce Maximum MSS:" +msgstr "Tvinga Maximum MSS:" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1024 +msgid "Enforces a maximum Maximum Segment Size (MSS) in TCP packet headers." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1025 +msgid "Enforces a minimum Time To Live (TTL) in IP packet headers." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1026 +msgid "Reassemble fragments" +msgstr "Sammanfoga fragment" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1027 +msgid "Clear DF bit" +msgstr "Rensa DF-bit" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1028 +msgid "Clears the don't fragment bit from the IP packet header." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1029 +msgid "Use random ID" +msgstr "Använd slumpmässigt ID" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1030 +msgid "" +"Replaces the IP identification field of outgoing packets with random values " +"to compensate for operating systems that use predictable values." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1032 +msgid "Buffer and reassemble fragments (default)" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1033 +msgid "" +"Buffers incoming packet fragments and reassembles them into a complete " +"packet before passing them to the filter engine." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1034 +msgid "Drop duplicate fragments, do not buffer and reassemble" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1035 +msgid "" +"Causes duplicate fragments to be dropped and any overlaps to be cropped." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1036 +msgid "Drop duplicate and subsequent fragments" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1037 +msgid "" +"Similar to 'Drop duplicate fragments' except that all duplicate or " +"overlapping fragments will be dropped as well as any further corresponding " +"fragments." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1038 +msgid "Scrub rule options" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1039 +msgid "maximum number of entries in the memory pool used for packet reassembly" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1040 +#, fuzzy +msgid "table-entries" +msgstr "iptables-restore:" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1041 +msgid "maximum number of addresses that canbe stored in tables" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1042 +msgid "" +"maximum number of entries in the memory pool used for state table entries" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1043 +msgid "state table size: " +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1044 +msgid "reassembly pool: " +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1045 +msgid "" +"maximum number of entries in the memory pool used for tracking source IP " +"addresses" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1046 +msgid "maximum number of tables that can exist in the memory simultaneously" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1047 +#, fuzzy +msgid "tables" +msgstr "iptables:" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1048 +msgid "src-nodes" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1049 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:876 +#, fuzzy +msgid "Limits" +msgstr "minuter" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1050 +msgid "" +"When a packet matches a stateful connection, the seconds to live for the " +"connection will be updated to the value which corresponds to the connection " +"state." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1052 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1065 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1074 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1077 +msgid "first" +msgstr "första" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1053 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1066 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1072 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1078 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1081 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1082 +msgid "The state after the first packet." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1054 +msgid "opening" +msgstr "öppnar" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1055 +msgid " The state before the destination host ever sends a packet." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1056 +msgid "established" +msgstr "etablerad" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1057 +msgid "The fully established state." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1058 +msgid "The state after the first FIN has been sent." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1059 +msgid "closing" +msgstr "stänger" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1060 +msgid "" +"The state after both FINs have been exchanged and the connection is closed." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1061 +msgid "finwait" +msgstr "finwait" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1062 +msgid "The state after one endpoint sends an RST." +msgstr "Status efter en ändpunkt skickar en RST." + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1063 +msgid "closed" +msgstr "stängd" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1064 +#: src/gui/.ui/udpservicedialog_q.cpp:221 +msgid "UDP" +msgstr "UDP" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1067 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1079 +msgid "single" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1068 +msgid "" +"The state if the source host sends more than one packet but the destination " +"host has never sent one back." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1069 +#: src/gui/.ui/pfadvanceddialog_q.cpp:1080 +msgid "multiple" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1070 +msgid " The state if both hosts have sent packets." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1073 +msgid "The state after an ICMP error came back in response to an ICMP packet." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1076 +msgid "Other Protocols" +msgstr "Andra protokoll" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1083 +msgid "Fragments" +msgstr "Fragment" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1084 +msgid "reassembly timeout" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1085 +msgid "state expiration timeout" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1086 +msgid "seconds between purges of expired states and packet fragments." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1087 +msgid "seconds before an unassembled fragment is expired." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1088 +msgid "Adaptive scaling" +msgstr "Adaptiv skalning" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1089 +msgid "" +"Timeout values can be reduced adaptively as the number of state table " +"entries grows (see man page pf.conf(5) for details)" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1090 +msgid "adaptive start" +msgstr "adaptiv start" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1091 +msgid "" +"When the number of state entries exceeds this value, adaptive scaling begins." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1092 +msgid "adaptive end" +msgstr "adaptivt slut" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1093 +msgid "" +"When reaching this number of state entries, all timeout val- ues become " +"zero, effectively purging all state entries imme- diately." +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1094 +msgid "Activate adaptive timeout scaling" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1095 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1910 +msgid "Timeouts" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1114 +#, fuzzy +msgid "Insert prolog and epilog scripts" +msgstr "Lägg till prolog-skript " + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1116 +#, fuzzy +msgid "in the activation shell script (.fw file)" +msgstr "på toppen av skriptet" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1117 +msgid "in the pf rule file (.conf file)" +msgstr "" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1119 +msgid "Log Prefix" +msgstr "Loggprefix" + +#: src/gui/.ui/pfadvanceddialog_q.cpp:1120 +msgid "Fallback \"deny all\" rule should log blocked packets" +msgstr "Falla tillbaka på \"vägra alla\"-regeln bör logga blockerade paket" + +#: src/gui/.ui/physaddressdialog_q.cpp:149 +msgid "physAddress" +msgstr "fysAdress" + +#: src/gui/.ui/physaddressdialog_q.cpp:150 +#, fuzzy +msgid "MAC Address" +msgstr "Lägg till MAC-adress" + +#: src/gui/.ui/physaddressdialog_q.cpp:153 +msgid "Physical address (MAC):" +msgstr "Fysisk adress (MAC):" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1824 +msgid "PIX Firewall Settings" +msgstr "Inställning för PIX-brandvägg" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1831 +msgid "Policy Compiler Options" +msgstr "Flaggor för policykompilator" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1833 +msgid "" +"Generate rules assuming the firewall is part of \"Any\". This makes a " +"difference in rules that use services 'ssh' and 'telnet' since PIX uses " +"special commands to control ssh and telnet access to the firewall machine" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1834 +msgid "" +"Replace NAT'ted objects with their \n" +"translations in policy rules" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1836 +msgid "" +"PIX inspects packets with ACLs before it does NAT, while many other " +"firewalls do NAT first and then apply ACLs. Policy compiler can emulate the " +"latter behaviour if this options is turned on." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1837 +msgid "Emulate outbound ACLs" +msgstr "Emulera utgående tillgångskontrollistor (ACL)" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1838 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1840 +msgid "" +"Normally PIX does not support ouotbound ACL, however policy compiler can " +"emulate them if this option is turned on" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1839 +#, fuzzy +msgid "Generate outbound ACLs" +msgstr "Emulera utgående tillgångskontrollistor (ACL)" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1843 +msgid "Optimize 'default nat' rules" +msgstr "Optimera \"förvalda NAT\"-regler" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1844 +msgid "" +"In nat rules where network zone object is used in OSrc, ODst and OSrv are " +"'any' and TSrc defines a global pool for the translation, replace object in " +"OSrc with 'any' to produce PIX command \"nat (interface) N 0.0.0.0 0.0.0.0\"" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1845 +msgid "Detect rule shadowing in the policy" +msgstr "Identifiera regelskuggning i policyn" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1847 +msgid "Verification of NAT rules" +msgstr "Verifiering av NAT-regler" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1848 +msgid "Check for duplicate nat rules" +msgstr "Leta efter dubletta NAT-regler" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1849 +msgid "Check for overlapping global pools" +msgstr "Leta efter överlappande globala pooler" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1850 +msgid "Check for overlapping statics" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1851 +msgid "" +"Check for overlapping global\n" +"pools and statics" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1853 +msgid "Compiler Options" +msgstr "Kompilatorflaggor" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1855 +msgid "Comment the code" +msgstr "Kommentera koden" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1856 +msgid "Insert comments into generated PIX configuration file" +msgstr "Lägg till kommentarer till genererad PIX-konfigurationsfil" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1857 +msgid "Use ACL remarks" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1858 +msgid "Use ACL remarks to relate ACL commands and policy rules in the GUI" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1859 +msgid "Group similar commands together" +msgstr "Gruppera liknande kommandon" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1860 +msgid "" +"Group PIX commands in the script so that similar commands appear next to " +"each other, just like PIX does it when you use 'show config'" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1861 +msgid "Use manual ACL commit on FWSM" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1862 +msgid "Access lists (requires Firewall Builder for PIX 1.1.6 and later)" +msgstr "" +"Tillgångskontrollistor (kräver Firewall Builder för PIX 1.1.6 eller senare)" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1863 +msgid "" +"Clear all access lists then install new ones. This method may interrupt " +"access to the firewall if you manage it remotely via IPSEC tunnel. This is " +"the way access lists were generated in older versions of Firewall Builder " +"for PIX." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1864 +msgid "" +"Do not clear access lists and object group, just generate PIX commands for " +"the new ones. Use this optin if you have your own policy installation " +"scripts." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1865 +msgid "" +"\"Safety net\" method:\n" +"\n" +"First, create temporary access list to permit connections from the " +"management subnet specified below to the firewall and assign it to outside " +"interface. This temporary ACL helps maintain session between management " +"station and the firewall while access lists are reloaded in case connection " +"comes over IPSEC tunnel. Then clear permanent lists, recreate them and " +"assign to interfaces. This method ensures that remote access to the firewall " +"is maintained without interruption at a cost of slightly larger " +"configuration." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1868 +msgid "" +"Temporary access list should permit access from this address or subnet (use " +"prefix notation to specify subnet, e.g. 192.0.2.0/24):" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1890 +msgid "Set all to defaults.." +msgstr "Sätt alla till förvalda värden.." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1891 +msgid "xlate" +msgstr "xlate" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1892 +msgid "conn" +msgstr "conn" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1893 +msgid "udp" +msgstr "udp" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1894 +msgid "rpc" +msgstr "rpc" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1895 +msgid "h323" +msgstr "h323" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1896 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2020 +msgid "sip" +msgstr "sip" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1897 +msgid "sip&media" +msgstr "sip&media" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1898 +msgid "unauth" +msgstr "unauth" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1899 +msgid "telnet" +msgstr "telnet" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1900 +msgid "ssh" +msgstr "ssh" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1901 +msgid "ss" +msgstr "ss" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1902 +msgid "mm" +msgstr "mm" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1903 +msgid "hh" +msgstr "hh" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1904 +msgid "half-closed" +msgstr "half-closed" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1906 +msgid "Inactivity" +msgstr "Inaktivitet" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1907 +msgid "Absolute" +msgstr "Absolut" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1911 +msgid "" +"Policy compiler generates 'fixup' commands for PIX v6.1-6.3 and FWSM v2.3. " +"For PIX 7.0 it generates 'class-map' and 'inspect' commands assigned to the " +"'policy-map' under either default or custom inspection classes." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1913 +msgid "Enable all protocols" +msgstr "Aktivera alla protokoll" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1914 +msgid "Disable all protocols" +msgstr "Stäng av alla protokoll" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1915 +msgid "Skip all protocols" +msgstr "Hoppa över alla protokoll" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1916 +msgid "Display generated commands" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1918 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1927 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1933 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1941 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1950 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1958 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1966 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1972 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1980 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1988 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1995 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2002 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2009 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2017 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2024 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2032 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2040 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2048 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2055 +msgid "skip" +msgstr "hoppa över" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1919 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1928 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1934 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1942 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1951 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1959 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1967 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1973 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1981 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1989 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1996 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2003 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2010 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2018 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2025 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2033 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2041 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2049 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2056 +msgid "enable" +msgstr "aktivera" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1920 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1929 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1935 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1943 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1952 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1960 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1968 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1974 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1982 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1990 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1997 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2004 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2011 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2019 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2026 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2034 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2042 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2050 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2057 +msgid "disable" +msgstr "stäng av" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1921 +msgid "" +"Computer Telephony Interface Quick Buffer Encoding (CTIQBE) protocol " +"inspection module that supports NAT, PAT, and bi-directional NAT." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1922 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1938 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1947 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1956 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1964 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1977 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1993 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2000 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2007 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2014 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2022 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2030 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2037 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2045 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2053 +msgid "port:" +msgstr "port:" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1923 +msgid "ctiqbe" +msgstr "ctiqbe" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1924 +msgid "" +"Based on this maximum-length configured by the user, the DNS fixup checks to " +"see if the DNS packet length is within this limit. Every UDP DNS packet " +"(request/response) undergoes the above check." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1925 +msgid "max length:" +msgstr "max längd:" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1930 +msgid "dns" +msgstr "dns" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1931 +msgid "Enables PAT for Encapsulating Security Payload (ESP), single tunnel." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1936 +msgid "esp ike" +msgstr "esp ike" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1939 +msgid "strict:" +msgstr "strikt:" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1944 +msgid "" +"Activated support for FTP protocol and allows to change the ftp control " +"connection port number." +msgstr "" +"Aktiverar stöd för FTP-protokollet och tillåter ändringar i portnumret för " +"kontrollanslutningen." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1946 +msgid "" +"Specifies to use H.225, the ITU standard that governs H.225.0 session " +"establishment and packetization, with H.323" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1948 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1955 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1963 +#: src/gui/.ui/pixadvanceddialog_q.cpp:1978 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2015 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2029 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2038 +#: src/gui/.ui/pixadvanceddialog_q.cpp:2046 +msgid "--" +msgstr "--" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1953 +msgid "h323 h225" +msgstr "h323 h225" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1954 +msgid "" +"Specifies to use RAS with H.323 to enable dissimilar communication devices " +"to communicate with each other." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1961 +msgid "h323 ras" +msgstr "h323 ras" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1962 +msgid "" +"The default port for HTTP is 80. Use the port option to change the HTTP " +"port, or specify a range of HTTP ports." +msgstr "" +"Den förvalda porten för HTTP är 80. Använd portinställning för att ändra " +"HTTP-port eller ange en rymd för HTTP-portar." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1969 +msgid "http" +msgstr "http" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1970 +msgid "" +"Enables NAT of ICMP error messages. This creates translations for " +"intermediate hops based on the static or network address translation " +"configuration on the firewall." +msgstr "" +"Aktiverar NAT för ICMP-felmeddelanden. Detta skapar översättningar för " +"mellanliggande hopp baserade på statisk konfiguration eller för översättning " +"av nätverksadresser på brandväggen." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1975 +msgid "icmp error" +msgstr "icmp-fel" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1976 +msgid "" +"Provides NAT support for Microsoft NetMeeting, SiteServer, and Active " +"Directory products that use LightWeight Directory Access Protocol (LDAP) to " +"exchange directory information with an for Internet Locator Service (ILS) " +"server." +msgstr "" +"Ger NAT-stöd för Microsoft NetMeeting, SiteServer och Active Directory-" +"produkter som använder LightWeight Directory Access Protocol (LDAP) för att " +"utbyta kataloginformation med en server som kör Internet Locator Service " +"(ILS)." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1983 +msgid "ils" +msgstr "ils" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1984 +msgid "Enables the Media Gateway Control Protocol (MGCP) fixup." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1985 +msgid "Gateway Port:" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1986 +msgid "Call Agent port:" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1991 +msgid "mgcp" +msgstr "mgcp" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1992 +msgid "" +"Enables Point-to-Point Tunneling Protocol (PPTP) application inspection." +msgstr "Aktiverar inspektion av Point-to-Point Tunneling Protocol (PPTP)." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1998 +msgid "pptp" +msgstr "pptp" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:1999 +msgid "Enables inspection of RSH protocol." +msgstr "Aktiverar inspektering av RSH-protokoll." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2005 +msgid "rsh" +msgstr "rsh" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2006 +msgid "" +"Lets PIX Firewall pass Real Time Streaming Protocol (RTSP) packets. RTSP is " +"used by RealAudio, RealNetworks, Apple QuickTime 4, RealPlayer, and Cisco IP/" +"TV connections." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2012 +msgid "rtsp" +msgstr "rtsp" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2013 +msgid "" +"Enable or change the port assignment for the Session Initiation Protocol " +"(SIP) for Voice over IP TCP connections." +msgstr "" +"Aktivera eller ändra tilldelning av port för Session Initiation Protocol " +"(SIP) för IP-telefoni (Voice over IP) över TCP." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2021 +msgid "Enable SIP-over-UDP application inspection." +msgstr "Aktivera inspektering av SIP-over-UDP." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2027 +msgid "sip udp" +msgstr "sip udp" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2028 +msgid "" +"Enable SCCP application inspection. SCCP protocol supports IP telephony and " +"can coexist in an H.323 environment. An application layer ensures that all " +"SCCP signaling and media packets can traverse the PIX Firewall and " +"interoperate with H.323 terminals." +msgstr "" +"Aktivera inspektion av SCCP. SCCP-protokollet har stöd för IP-telefoni och " +"kan samleva i en H.323-miljö. Ett applikationslager ser till att alla SCCP-" +"signaler och mediapaket kan ta sig igenom en PIX-brandvägg och interagera " +"med H.323-terminaler." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2035 +msgid "skinny" +msgstr "skinny" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2036 +msgid "" +"Enables the Mail Guard feature, which only lets mail servers receive the RFC " +"821, section 4.5.1, commands of HELO, MAIL, RCPT, DATA, RSET, NOOP, and " +"QUIT. All other commands are translated into X's which are rejected by the " +"internal server." +msgstr "" +"Aktiverar funktionen Mail Guard som endast låter e-postservrar ta emot " +"kommandon angivna i RFC 821, sektion 4.5.1: HELO, MAIL, RCPT, DATA, RSET, " +"NOOP och QUIT. Alla andra kommandon översätts till ett flertal X som interna " +"servern vägrar ta emot. " + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2043 +msgid "smtp" +msgstr "smtp" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2044 +msgid "Enables support for SQL*Net protocol." +msgstr "Aktiverar stöd för SQL*Net-protokoll." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2051 +msgid "sqlnet" +msgstr "sqlnet" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2052 +msgid "Enable TFTP application inspection." +msgstr "Aktiverar inspektering av TFTP." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2058 +msgid "tftp" +msgstr "tftp" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2059 +msgid "Inspect" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2060 +msgid "Syslog" +msgstr "Syslog" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2061 +msgid "Syslog host (name or IP address):" +msgstr "Syslogvärd (namn eller IP-adress):" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2062 +msgid "syslog facility:" +msgstr "syslogfacilitet:" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2063 +msgid "syslog level ('logging trap'):" +msgstr "syslognivå ('logging trap'):" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2064 +msgid "Syslog message queue size (messages):" +msgstr "Storlek för meddelandekö för Syslog (meddelanden):" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2065 +msgid "Use 'EMBLEM' format for syslog messages" +msgstr "Använd formatet \"EMBLEM\" för syslog-meddelanden" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2066 +msgid "" +"PIX Firewall Version 6.3 introduces support for EMBLEM format, which is " +"required when using the CiscoWorks Resource Manager Essentials (RME) syslog " +"analyzer." +msgstr "" +"PIX Firewall version 6.3 introducerar stöd för EMBLEM-formatet som krävs när " +"du använder sysloganalysatorn i CiscoWorks Resource Manager Essentials (RME)." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2067 +msgid "Set device id for syslog messages (v6.3 and later):" +msgstr "Ställ in enhets-ID för syslogmeddelanden (v6.3 eller senare):" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2068 +msgid "use address of interface" +msgstr "använd adress för nätverksgränssnitt" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2069 +msgid "use text string" +msgstr "använd textsträng" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2070 +msgid "use hostname" +msgstr "använd värdnamn" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2071 +msgid "The logging timestamp command requires that the clock command be set." +msgstr "" +"Kommandot för loggning av tidsstämplar kräver att kommandot för klockan är " +"satt. " + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2072 +msgid "Enable logging timestamps on syslog file" +msgstr "Aktivera loggning av tidsstämplar för syslogfilen" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2073 +msgid "Other logging destinations and levels:" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2074 +msgid "Internal buffer" +msgstr "Intern buffert" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2075 +msgid "Console" +msgstr "Konsoll" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2077 +msgid "Actively reset inbound TCP connections with RST" +msgstr "Aktivt återställ ingående TCP-anslutningar med RST" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2079 +msgid "Actively reset inbound TCP connections with RST on outside interface" +msgstr "" +"Aktivt återställ ingående TCP-anslutningar med RST på utsidans " +"nätverksgränssnitt" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2081 +msgid "Force each TCP connection to linger in a shortened TIME&WAIT" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2082 +msgid "Alt+W" +msgstr "Alt+W" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2083 +msgid "Enable the IP Frag Guard feature (deprecated in v6.3 and later)." +msgstr "Aktivera funktionen IP Frag Guard (föråldrad i v6.3 och senare)." + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2084 +msgid "Enable TCP resource control for AAA Authentication Proxy" +msgstr "Aktivera TCP-resurskontroll för AAA Authentication Proxy" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2085 +msgid "" +"Specify that when an incoming packet does a route lookup,\n" +"the incoming interface is used to determine which interface\n" +"the packet should go to, and which is the next hop\n" +"(deprecated in v6.3 and later)." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2089 +msgid "Disable inbound embedded DNS A record fixups" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2090 +msgid "Disable outbound DNS A record replies" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2091 +msgid "maximum number of simultaneous TCP and UDP connections" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2092 +msgid "maximum number of embryonic connections per host" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2093 +msgid "" +"Specifies the maximum number of simultaneous TCP and UDP connections for the " +"entire subnet. The default is 0, which means unlimited connections. (Idle " +"connections are closed after the idle timeout specified by the timeout conn " +"command.)" +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2094 +msgid "" +"Specifies the maximum number of embryonic connections per host. An embryonic " +"connection is a connection request that has not finished the necessary " +"handshake between source and destination. Set a small value for slower " +"systems, and a higher value for faster systems. The default is 0, which " +"means unlimited embryonic connections." +msgstr "" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2095 +msgid "The following parameters are used for all NAT rules:" +msgstr "Följande parametrar används för alla NAT-regler:" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2096 +msgid "" +"(The default for both parameters is 0, which means unlimited number of " +"connections.)" +msgstr "" +"(Förval för båda parametrarna är 0 vilket betyder oändligt antal " +"anslutningar.)" + +#: src/gui/.ui/pixadvanceddialog_q.cpp:2097 +msgid "PIX Options" +msgstr "PIX-inställningar" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:275 +msgid "PIX Advanced Configuration Options" +msgstr "Inställningar för avancerad konfiguration av PIX" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:276 +msgid "Set PIX host name using object's name" +msgstr "Ställ in PIX-värdnamnet med objektets namn" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:277 +msgid "Generate commands to configure addresses for interfaces" +msgstr "Generera kommandon för att konfigurera adresser för nätverksgränssnitt" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:278 src/gui/.ui/prefsdialog_q.cpp:381 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:788 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:848 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:856 +msgid "General" +msgstr "Allmänt" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:279 +msgid "NTP Servers:" +msgstr "NTP-servrar:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:282 +msgid "Server 1:" +msgstr "Server 1:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:283 +msgid "Server 2:" +msgstr "Server 2:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:284 +msgid "Server 3:" +msgstr "Server 3:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:286 +msgid "Preffered:" +msgstr "Föredragen:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:287 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:301 +msgid "IP address:" +msgstr "IP-adress:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:288 +msgid "NTP" +msgstr "NTP" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:289 +msgid "Disable SNMP Agent" +msgstr "Stäng av SNMP-agent" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:290 +msgid "Set SNMP communities using data from the firewall object dialog" +msgstr "Ställ in SNMP-communities med data från brandväggens objektdialog" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:291 +msgid "SNMP servers" +msgstr "SNMP-servrar" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:293 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:297 +msgid "Poll" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:294 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:298 +msgid "Poll and Traps" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:295 +#: src/gui/.ui/pixosadvanceddialog_q.cpp:299 +msgid "Traps" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:300 +msgid "Enable:" +msgstr "Aktivera:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:302 +msgid "SNMP Server 1:" +msgstr "SNMP Server 1:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:303 +msgid "SNMP Server 2:" +msgstr "SNMP Server 2:" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:304 +msgid "Enable sending log messages as SNMP trap notifications" +msgstr "" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:305 +msgid "SNMP" +msgstr "SNMP" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:306 +msgid "Change TCP MSS to" +msgstr "Ändra TCP MSS till" + +#: src/gui/.ui/pixosadvanceddialog_q.cpp:307 +msgid "bytes" +msgstr "byte" + +#: src/gui/.ui/prefsdialog_q.cpp:214 src/gui/.ui/prefsdialog_q.cpp:393 +msgid "File Path" +msgstr "Filsökväg" + +#: src/gui/.ui/prefsdialog_q.cpp:363 +msgid "Preferences" +msgstr "Egenskaper" + +#: src/gui/.ui/prefsdialog_q.cpp:368 +msgid "minutes" +msgstr "minuter" + +#: src/gui/.ui/prefsdialog_q.cpp:369 +msgid "Periodically save data to file every " +msgstr "Spara data med jämna mellanrum till fil varje " + +#: src/gui/.ui/prefsdialog_q.cpp:370 +msgid "Tooltip delay:" +msgstr "Fördröjning för verktygstips:" + +#: src/gui/.ui/prefsdialog_q.cpp:371 +msgid "Enable object tooltips" +msgstr "Aktivera verktygstips för objekt" + +#: src/gui/.ui/prefsdialog_q.cpp:372 +msgid "Show deleted objects" +msgstr "Visa borttagna objekt" + +#: src/gui/.ui/prefsdialog_q.cpp:373 +msgid "Automatically save data in dialogs when switching between objects" +msgstr "Spara automatiskt data i dialoger när byte mellan objekt sker" + +#: src/gui/.ui/prefsdialog_q.cpp:374 +msgid "On startup: " +msgstr "Vid uppstart: " + +#: src/gui/.ui/prefsdialog_q.cpp:376 +msgid "Load standard objects" +msgstr "Läs in standardobjekt" + +#: src/gui/.ui/prefsdialog_q.cpp:377 +msgid "Load last edited file" +msgstr "Läs in senast redigerad fil" + +#: src/gui/.ui/prefsdialog_q.cpp:378 +msgid "Expand all branches in the object tree" +msgstr "Expandera alla grenar i objektträdet" + +#: src/gui/.ui/prefsdialog_q.cpp:379 +msgid "Working directory:" +msgstr "Arbetskatalog:" + +#: src/gui/.ui/prefsdialog_q.cpp:382 +msgid "Do not ask for the log record when checking in new file revision." +msgstr "Fråga inte efter loggpost när incheckning av ny filrevision." + +#: src/gui/.ui/prefsdialog_q.cpp:383 +msgid "Revision Control" +msgstr "Revisionskontroll" + +#: src/gui/.ui/prefsdialog_q.cpp:384 +msgid "" +"A full path to the Secure Shell utility (remote command execution; for " +"example ssh on Unix or plink.exe or vsh.exe on Windows):" +msgstr "" +"Ange full sökväg till verktyget för Secure Shell (kommando för fjärrstart; " +"till exempel ssh för Unix eller plink.exe / vsh.exe för WIndows):" + +#: src/gui/.ui/prefsdialog_q.cpp:386 +msgid "SSH" +msgstr "SSH" + +#: src/gui/.ui/prefsdialog_q.cpp:387 +msgid "Add..." +msgstr "Lägg till..." + +#: src/gui/.ui/prefsdialog_q.cpp:388 +msgid "Remove" +msgstr "Ta bort" + +#: src/gui/.ui/prefsdialog_q.cpp:389 +msgid "" +"If you remove libraries from the list, changes get in effect next time you " +"start the program" +msgstr "" +"Om du tar bort bibliotek från listan kommer ändringar att bli aktiva nästa " +"gång du startar programmet" + +#: src/gui/.ui/prefsdialog_q.cpp:390 +msgid "Available libraries:" +msgstr "Tillgängliga bibliotek:" + +#: src/gui/.ui/prefsdialog_q.cpp:394 +msgid "Libraries" +msgstr "Bibliotek" + +#: src/gui/.ui/prefsdialog_q.cpp:395 +msgid "Use these labels to mark rules in the firewall policy" +msgstr "Använd dessa etiketter för att markera regler i brandväggspolicyn" + +#: src/gui/.ui/prefsdialog_q.cpp:410 +msgid "Labels" +msgstr "Etiketter" + +#: src/gui/.ui/printingprogressdialog_q.cpp:73 +#, fuzzy +msgid "Printing" +msgstr "Skriv ut" + +#: src/gui/.ui/rcsfilepreview_q.cpp:49 src/gui/.ui/rcsfilepreview_q.cpp:122 +msgid "Revision" +msgstr "Revision" + +#: src/gui/.ui/rcsfilepreview_q.cpp:52 src/gui/.ui/rcsfilepreview_q.cpp:123 +msgid "Date" +msgstr "Datum" + +#: src/gui/.ui/rcsfilepreview_q.cpp:55 src/gui/.ui/rcsfilepreview_q.cpp:124 +msgid "Author" +msgstr "Upphovsman" + +#: src/gui/.ui/rcsfilepreview_q.cpp:58 src/gui/.ui/rcsfilepreview_q.cpp:125 +msgid "Locked by" +msgstr "Låst av" + +#: src/gui/.ui/rcsfilepreview_q.cpp:120 +msgid "RCSFilePreview" +msgstr "RCSFilFörhandsvisning" + +#: src/gui/.ui/rcsfilepreview_q.cpp:121 +msgid "Open read-only" +msgstr "Öppna skrivskyddad" + +#: src/gui/.ui/rcsfilepreview_q.cpp:126 +msgid "RCS log:" +msgstr "RCS-logg:" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:100 +msgid "Log record for the new revision" +msgstr "Logga post för ny revision" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:101 +msgid "Do not ask me anymore, always check files in with empty log" +msgstr "Fråga mig inte igen, checka alltid in filer med tom logg" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:102 +msgid "Check file &in" +msgstr "Checka &in fil" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:103 +msgid "Alt+I" +msgstr "Alt+I" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:106 +#, qt-format +msgid "Checking file %1 into RCS" +msgstr "Checkar in fil %1 till RCS" + +#: src/gui/.ui/rcsfilesavedialog_q.cpp:107 +msgid "Log record for this revision: " +msgstr "Logga post för denna revision: " + +#: src/gui/.ui/routingruleoptionsdialog_q.cpp:118 +#, fuzzy +msgid "Routing Rule Options" +msgstr "Regelinställningar" + +#: src/gui/.ui/routingruleoptionsdialog_q.cpp:120 +msgid "If installation of this routing rule fails, just carry on" +msgstr "" + +#: src/gui/.ui/routingruleoptionsdialog_q.cpp:121 +msgid "No options available for routing rules of this firewall platform" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:783 +msgid "Rule Options for ipt" +msgstr "Regelinställningar för ipt" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:785 +#, fuzzy +msgid "" +"Assume firewall is part of 'any' (this setting only affects code generated " +"for this rule)" +msgstr "" +"Anta att brandväggen är\n" +"en del av \"alla\" (denna\n" +"inställning inverkar endast\n" +"på kodgenerering för\n" +"denna regel)" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:786 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:845 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:853 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:877 +msgid "Stateless rule" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:787 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:844 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:852 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:878 +msgid "" +"Normally policy compiler uses stateful inspection in each rule. Activating " +"next option makes this rule stateless." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:800 +msgid "Netlink group (if using ULOG): " +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:802 +#, fuzzy +msgid "Rate (rule matches if it hits this often or less):" +msgstr "" +"Regel matchas om den träffar denna\n" +"ofta eller mindre: " + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:803 +msgid "Module limit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:804 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:827 +msgid "Burst:" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:811 +msgid "limit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:812 +msgid "bit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:813 +msgid "per network with netmask of " +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:814 +msgid "Number of allowed connections per client host" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:815 +msgid "Module connlimit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:816 +#, fuzzy +msgid "connlimit" +msgstr "conn" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:817 +msgid "Module hashlimit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:818 +msgid "" +"On some older systems this module has name 'dstlimit'. Check here if you " +"need to use this name." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:819 +#, fuzzy +msgid "Rate:" +msgstr "Datum:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:828 +#, fuzzy +msgid "Mode:" +msgstr "Kod:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:830 +#, fuzzy +msgid "dstip" +msgstr "sip" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:831 +#, fuzzy +msgid "srcip" +msgstr "sip" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:832 +msgid "dstip,dstport" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:833 +msgid "srcip,srcport" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:834 +#, fuzzy +msgid "htable-size:" +msgstr "iptables:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:835 +msgid "" +"The number of buckets of the hash table (omit this option in generated " +"script if set to 0)" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:836 +msgid "htable-max:" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:837 +msgid "" +"Maximum number of entries in the hash (omit this option in generated script " +"if set to 0)" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:838 +#, fuzzy +msgid "htable-expire:" +msgstr "iptables-restore:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:839 +msgid "" +"After how many milliseconds do hash entries expire (omit this option in the " +"generated script if set to 0)" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:840 +msgid "htable-gcinterval:" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:841 +msgid "" +"How many milliseconds between garbage collection intervals (omit this option " +"in generated script if set to 0)" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:842 +msgid "" +"Options below control size of the hash table and expiration time. They will " +"be omitted from the generated script if set to zero." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:843 +msgid "hashlimit" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:846 +#, fuzzy +msgid "" +"Send ICMP 'unreachable' packet masquerading as being from the original " +"destination" +msgstr "" +"Skicka ICMP \"unreachable\"-paket\n" +"maskerad som om det kom från\n" +"ursprungliga destinationen" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:847 +#, fuzzy +msgid "" +"Keep information on fragmented packets, to be applied to later fragments" +msgstr "" +"Behåll information om fragmenterade\n" +"paket för att tillämpas på senare\n" +"fragment" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:854 +msgid "" +"In PF 4.x \"flags S/SA keep state\" is the default. Compiler will omit these " +"flags while generating code for stateful rules matching tcp services. " +"However, according to the PF FAQ, care should be taken while dealing with " +"states and interface enc0. To avoid leaking unencrypted traffic out, the FAQ " +"recommends setting 'keep state' explicitly in all rules on the enc0 " +"interface. This option applies only if version is set to 4.x." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:855 +msgid "Add 'keep state' " +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:859 +msgid "Activate source tracking" +msgstr "Aktivera källspårning" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:860 +msgid "" +"When this option is checked, the number of states per source IP is tracked " +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:861 +msgid "" +"Maximum number of source addresses which can simultaneously have state table " +"entries (max-src-nodes):" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:862 +msgid "" +"Maximum number of simultaneous state entries that a single source address " +"can create with this rule (max-src-states):" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:863 +msgid "Tracking" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:864 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:872 +msgid "overload table:" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:865 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:871 +msgid "flush" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:866 +msgid "" +"Maximum number of simultaneous TCP connections that a single host can make " +"(max-src-conn):" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:867 +#: src/gui/.ui/ruleoptionsdialog_q.cpp:870 +#, fuzzy +msgid "global" +msgstr "local7" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:868 +msgid "The limit of new connections over a time interval (max-src-conn-rate):" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:869 +msgid "/" +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:873 +#, fuzzy +msgid "sec" +msgstr "/sekund" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:874 +msgid "" +"When this limit is reached, further packets matching the rule that would " +"create state are dropped, until existing states time out." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:875 +msgid "" +"Maximum number of concurrent states this rule may create. Unlimited if set " +"to zero (option 'max')." +msgstr "" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:879 +msgid "These options are only valid for PIX running software v6.3 or later" +msgstr "" +"Dessa inställningar är endast giltiga för PIX som kör programvaran v6.3 " +"eller senare" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:880 +#, fuzzy +msgid "completely disable logging for this rule" +msgstr "" +"stäng av all loggning\n" +"för denna regel" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:882 +msgid "Logging interval:" +msgstr "Loggintervall:" + +#: src/gui/.ui/ruleoptionsdialog_q.cpp:883 +msgid "Tere are no options for this firewall platform" +msgstr "" + +#: src/gui/.ui/simpletextview_q.cpp:92 +msgid "Text viewer" +msgstr "" + +#: src/gui/.ui/simpletextview_q.cpp:93 +#, fuzzy +msgid "Object Name" +msgstr "Objektnamn: " + +#: src/gui/.ui/solarisadvanceddialog_q.cpp:182 +msgid "Solaris: advanced settings" +msgstr "Solaris: avancerade inställningar" + +#: src/gui/.ui/solarisadvanceddialog_q.cpp:187 +msgid "Ignore ICMP redirects" +msgstr "Ignorera omdirigeringar via ICMP" + +#: src/gui/.ui/solarisadvanceddialog_q.cpp:192 +msgid "Forward directed broadcasts" +msgstr "Skicka vidare riktade broadcasts" + +#: src/gui/.ui/solarisadvanceddialog_q.cpp:193 +msgid "Respond to echo broadcast" +msgstr "Svara på echo broadcast" + +#: src/gui/.ui/tagservicedialog_q.cpp:148 +#, fuzzy +msgid "Tag Service" +msgstr "TCP-tjänst" + +#: src/gui/.ui/tcpservicedialog_q.cpp:375 +msgid "Use option \"established\" if supported by the target firewall platform" +msgstr "" + +#: src/gui/.ui/tcpservicedialog_q.cpp:377 +msgid "Settings:" +msgstr "Inställningar:" + +#: src/gui/.ui/tcpservicedialog_q.cpp:390 +msgid "U" +msgstr "U" + +#: src/gui/.ui/tcpservicedialog_q.cpp:391 +msgid "A" +msgstr "A" + +#: src/gui/.ui/tcpservicedialog_q.cpp:392 +msgid "P" +msgstr "P" + +#: src/gui/.ui/tcpservicedialog_q.cpp:393 +msgid "R" +msgstr "R" + +#: src/gui/.ui/tcpservicedialog_q.cpp:394 +msgid "S" +msgstr "S" + +#: src/gui/.ui/tcpservicedialog_q.cpp:395 +msgid "F" +msgstr "F" + +#: src/gui/.ui/tcpservicedialog_q.cpp:396 +msgid "Mask:" +msgstr "Mask:" + +#: src/gui/.ui/tcpservicedialog_q.cpp:397 +#, fuzzy +msgid "Flags:" +msgstr "TCP-flaggor" + +#: src/gui/.ui/tcpservicedialog_q.cpp:400 +#: src/gui/.ui/udpservicedialog_q.cpp:224 +msgid "Source Port Range" +msgstr "Rymd för källportar" + +#: src/gui/.ui/tcpservicedialog_q.cpp:401 +#: src/gui/.ui/tcpservicedialog_q.cpp:404 +#: src/gui/.ui/udpservicedialog_q.cpp:225 +#: src/gui/.ui/udpservicedialog_q.cpp:228 +msgid "Start:" +msgstr "Start:" + +#: src/gui/.ui/tcpservicedialog_q.cpp:402 +#: src/gui/.ui/tcpservicedialog_q.cpp:405 +#: src/gui/.ui/udpservicedialog_q.cpp:226 +#: src/gui/.ui/udpservicedialog_q.cpp:229 +msgid "End:" +msgstr "Slut:" + +#: src/gui/.ui/tcpservicedialog_q.cpp:403 +#: src/gui/.ui/udpservicedialog_q.cpp:227 +msgid "Destination Port Range" +msgstr "Rymd för destinationsportar" + +#: src/gui/.ui/timedialog_q.cpp:246 src/gui/.ui/timedialog_q.cpp:263 +msgid "Sunday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:247 src/gui/.ui/timedialog_q.cpp:264 +msgid "Monday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:248 src/gui/.ui/timedialog_q.cpp:265 +msgid "Tuesday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:249 src/gui/.ui/timedialog_q.cpp:266 +msgid "Wednesday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:250 src/gui/.ui/timedialog_q.cpp:267 +msgid "Thursday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:251 src/gui/.ui/timedialog_q.cpp:268 +msgid "Friday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:252 src/gui/.ui/timedialog_q.cpp:269 +msgid "Saturday" +msgstr "" + +#: src/gui/.ui/timedialog_q.cpp:253 +#, fuzzy +msgid "Start day of week:" +msgstr "Dag i veckan (0-6):" + +#: src/gui/.ui/timedialog_q.cpp:254 +#, fuzzy +msgid "Start time:" +msgstr "Start:" + +#: src/gui/.ui/timedialog_q.cpp:255 +#, fuzzy +msgid "Start date:" +msgstr "Start:" + +#: src/gui/.ui/timedialog_q.cpp:258 +#, fuzzy +msgid "End date:" +msgstr "Aktivera:" + +#: src/gui/.ui/timedialog_q.cpp:260 +#, fuzzy +msgid "End time:" +msgstr "Slut:" + +#: src/gui/.ui/timedialog_q.cpp:270 +#, fuzzy +msgid "End day of week:" +msgstr "Dag i veckan (0-6):" + +#: src/gui/utils.cpp:197 +msgid "" +"Impossible to apply changes because object is located in read-only\n" +"part of the tee or data file was opened read-only" +msgstr "" + +#: src/gui/utils.cpp:219 +#, qt-format +msgid "Object with name '%1' already exists, please choose different name." +msgstr "Objekt med namnet \"%1\" existerar redan, välj ett annat namn." + +#: src/gui/aboutdialog_q.ui.h:14 +msgid "Revision: %1 ( Build: %2 )" +msgstr "" + +#: src/gui/aboutdialog_q.ui.h:16 +#, fuzzy +msgid "Using Firewall Builder API %1" +msgstr "Använder libfwbuilder API v" + +#: src/gui/aboutdialog_q.ui.h:19 +msgid "Registered" +msgstr "" + +#: src/gui/aboutdialog_q.ui.h:20 +msgid "Unregistered" +msgstr "" + +#: src/gui/upgradePredicate.h:45 +msgid "" +"The data file you are trying to open has been\n" +"saved with an older version of Firewall Builder.\n" +"Opening it in this version will cause it to be\n" +"upgraded, which may prevent older versions of\n" +"the program from reading it. Backup copy of your\n" +"file in the old format will be made in the same\n" +"directory with extension '.bak'.\n" +"Are you sure you want to open it?" +msgstr "" +"Datafilen du försökte öppna har sparats med\n" +"en äldre version av Firewall Builder. Öppna den\n" +"i denna version kan orsaka att den blir uppgrad-\n" +"erad vilket kan innebära att äldre versioner av\n" +"programmet inte kan läsa den. En säkerhetskopia\n" +"av din äldre fil kommer att göras i samma \n" +"katalog med ändelsen \".bak\".\n" +"Är du säker att du vill öppna den?" + +#: src/gui/upgradePredicate.h:53 +msgid "&Upgrade" +msgstr "&Uppgradera" + +#: src/gui/upgradePredicate.h:54 +msgid "&Do not load the file" +msgstr "Läs &inte in filen" + +#, fuzzy +#~ msgid "Policy/%1" +#~ msgstr "Policy" + +#, fuzzy +#~ msgid "Save configuration" +#~ msgstr "Spara konfiguration\n" + +#, fuzzy +#~ msgid "Save configuration to standby unit" +#~ msgstr "Spara konfiguration\n" + +#, fuzzy +#~ msgid "Exiting" +#~ msgstr "Avslutar\n" + +#~ msgid "C&ommit" +#~ msgstr "Verkstä&ll" + +#~ msgid "Enter authentication information below and click 'Next'" +#~ msgstr "Ange autentiseringsinformation nedan och klicka \"Nästa\"" + +#~ msgid "Activate a rule on:" +#~ msgstr "Aktivera en regel den:" + +#~ msgid "Date:" +#~ msgstr "Datum:" + +#~ msgid "Time:" +#~ msgstr "Tid:" + +#~ msgid "Deactivate a rule on:" +#~ msgstr "Stäng av en regel den:" + +#~ msgid "" +#~ "Some objects have been modified since\n" +#~ "you compiled the policy last time.\n" +#~ "Do you want to recompile it before you install ?" +#~ msgstr "" +#~ "Vissa objekt har modifierats efter att du\n" +#~ "byggde policyn senaste gången.\n" +#~ "Vill du bygga om den före du installerar ?" + +#~ msgid "&Compile" +#~ msgstr "&Bygg" + +#~ msgid "&Install old copy" +#~ msgstr "&Installera gammal kopia" + +#~ msgid "" +#~ "When you delete an object, it is removed from the tree and\n" +#~ "all groups and firewall policy rules that reference it.\n" +#~ "Do you want to delete selected objects ?" +#~ msgstr "" +#~ "När du tar bort ett objekt tas det bort från trädet och alla\n" +#~ "grupper och brandväggens policyregler som refererar till det.\n" +#~ "Vill du ta bort valda objekt ?" + +#~ msgid "Find Secure File Transfer utility" +#~ msgstr "Sök verktyg för säker filöverföring" + +#~ msgid "Accounting " +#~ msgstr "Redovisning " + +#, fuzzy +#~ msgid "Metric Editor" +#~ msgstr "Skriptredigerare" + +#~ msgid "End\n" +#~ msgstr "Slut\n" + +#~ msgid "Pushing firewall configuration\n" +#~ msgstr "Tryck ut brandväggskonfiguration\n" + +#~ msgid "Apply Changes" +#~ msgstr "Verkställ ändringar" + +#, fuzzy +#~ msgid "..." +#~ msgstr "Lägg till..." + +#, fuzzy +#~ msgid "File preview:" +#~ msgstr "RCSFilFörhandsvisning" + +#~ msgid "" +#~ "Drop here firewall objects that should be used as policy templates for " +#~ "this firewall. Rules will be added on top of the rules of this firewall " +#~ "and will be taken from policies of the template objects in the order they " +#~ "were added, from top to bottom:" +#~ msgstr "" +#~ "Släpp brandväggsobjekt som bör användas som policymallar för denna " +#~ "brandvägg. Regler kommer att läggas till på toppen av dessa regler för " +#~ "denna brandvägg och kommer att tas från policies från mallobjekten i den " +#~ "ordning de lades till, från topp till botten:" + +#~ msgid "SNMP community:" +#~ msgstr "SNMP-community:" + +#~ msgid "Contact:" +#~ msgstr "Kontakt:" + +#~ msgid "SNMP Get" +#~ msgstr "SNMP Get" + +#~ msgid "Description:" +#~ msgstr "Beskrivning:" + +#~ msgid "Del" +#~ msgstr "Del" + +#~ msgid "Installing policy rules on firewall '%1'. Logging in" +#~ msgstr "Installerar policyregler på brandväggen \"%1\". Loggar in" + +#~ msgid "" +#~ "Check option 'Unnumbered interface' for the interface that does not have " +#~ "an IP address. Examples of interfaces of this kind are those used to " +#~ "terminate PPPoE or VPN tunnels and interfaces of the bridging firewall." +#~ msgstr "" +#~ "Kryssa i \"Onumrerat gränssnitt\" för nätverksgränssnittet som inte har " +#~ "en IP-adress. Exempel på gränssnitt av denna typ är de som används för " +#~ "att terminera PPPoE eller VPN-tunnlar och gränssnitt för bryggade " +#~ "brandväggar." + +#~ msgid "Ask user what to do" +#~ msgstr "Fråga användaren vad som ska göras" + +#~ msgid "" +#~ "A full path to the Secure Copy utility (secure file copy; for example scp " +#~ "on Unix or pscp.exe or vcp.exe on Windows):" +#~ msgstr "" +#~ "Ange full sökväg till verktyget för Secure Copy (säker filkopering; till " +#~ "exempel scp för Unix eller pscp.exe / vcp.exe för Windows):" + +#~ msgid "" +#~ "Do not save a copy of objects form add-on libraries in each data file" +#~ msgstr "" +#~ "Spara inte kopior av objekt som bildar tilläggsbibliotek för varje datafil" + +#~ msgid "Data format" +#~ msgstr "Dataformat" + +#~ msgid "Welcome to Firewall Builder" +#~ msgstr "Välkommen till Firewall Builder" + +#~ msgid "Firewall Builder N.N.N" +#~ msgstr "Firewall Builder N.N.N" + +#~ msgid "Do you want to open existing project file or create a new one?" +#~ msgstr "Vill du öppna en existerande projektfil eller skapa en ny?" + +#~ msgid "Create new project file" +#~ msgstr "Skapa ny projektfil" + +#~ msgid "Open existing file" +#~ msgstr "Öppna existerande fil" + +#~ msgid "File name: %1" +#~ msgstr "Filnamn: %1" + +#~ msgid "" +#~ "Activate Revision Control System for this file\n" +#~ "(if you do not do this now, you can always activate it later)" +#~ msgstr "" +#~ "Aktivera Revisionskontroll (RCS) för denna fil\n" +#~ "(om du inte gör det nu kan du alltid aktivera det senare)" + +#~ msgid "" +#~ "Let the program automatically open this file when I start it next time\n" +#~ "(you can activate this option later using Preferences dialog)" +#~ msgstr "" +#~ "Låt programmet automatiskt öppna denna fil när jag startar den nästa " +#~ "gång\n" +#~ "(du kan aktivera denna inställningar senare via Inställningsdialogen)" diff --git a/po/sv.qm b/po/sv.qm new file mode 100644 index 000000000..658408c3d Binary files /dev/null and b/po/sv.qm differ diff --git a/po/vi.po b/po/vi.po new file mode 100644 index 000000000..196140e3b --- /dev/null +++ b/po/vi.po @@ -0,0 +1,4478 @@ +# Vietnamese translations for PACKAGE package. +# Copyright (C) 2004 NetCitadel, LLC +# This file is distributed under the same license as the PACKAGE package. +# root , 2004. +# +msgid "" +msgstr "" +"Project-Id-Version: fwbuilder 2.0\n" +"Report-Msgid-Bugs-To: vadim@fwbuilder.org\n" +"POT-Creation-Date: 2004-08-04 23:08-0700\n" +"PO-Revision-Date: 2004-06-24 10:54+0700\n" +"Last-Translator: root \n" +"Language-Team: Vietnamese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#: src/gui/utils.cpp:157 +msgid "" +"Impossible to apply changes because object is located in read-only\n" +"part of the tee or data file was opened read-only" +msgstr "" + +#: src/gui/utils.cpp:158 src/gui/RCS.cpp:342 src/gui/RCS.cpp:523 +#: src/gui/RCS.cpp:536 src/gui/RCS.cpp:553 src/gui/RCS.cpp:635 +#: src/gui/FWWindow.cpp:1433 src/gui/AddressRangeDialog.cpp:103 +#: src/gui/AddressRangeDialog.cpp:114 src/gui/IPv4Dialog.cpp:141 +#: src/gui/IPv4Dialog.cpp:155 src/gui/NetworkDialog.cpp:104 +#: src/gui/NetworkDialog.cpp:115 src/gui/instDialog.cpp:178 +msgid "&Continue" +msgstr "" + +#: src/gui/utils.cpp:179 +#, qt-format +msgid "Object with name '%1' already exists, please choose different name." +msgstr "" + +#: src/gui/utils.cpp:181 src/gui/ObjectEditor.cpp:309 +msgid "&Continue editing" +msgstr "" + +#: src/gui/filePropDialog.cpp:57 +msgid "Opened read-only" +msgstr "" + +#: src/gui/filePropDialog.cpp:75 +#, qt-format +msgid "Revision %1" +msgstr "" + +#: src/gui/findDialog.cpp:167 +msgid "Search hit the end of the object tree." +msgstr "" + +#: src/gui/execDialog.cpp:92 +msgid "Error: Failed to start program" +msgstr "" + +#: src/gui/SimpleTextEditor.cpp:65 +msgid "Warning: loading from file discards current contents of the script." +msgstr "" + +#: src/gui/SimpleTextEditor.cpp:70 +msgid "Choose file that contains PIX commands" +msgstr "" + +#: src/gui/SimpleTextEditor.cpp:78 +#, qt-format +msgid "Could not open file %1" +msgstr "" + +#: src/gui/FWBSettings.cpp:137 +#, qt-format +msgid "" +"Working directory %1 does not seem to exist.\n" +"Do you want to create it ?" +msgstr "" + +#: src/gui/FWBTree.cpp:228 +#, qt-format +msgid "" +"Impossible to insert object %1 (type %2) into %3\n" +"because of incompatible type." +msgstr "" + +#: src/gui/FWBTree.cpp:252 +msgid "New Library" +msgstr "" + +#: src/gui/RCS.cpp:341 src/gui/RCS.cpp:552 src/gui/RCS.cpp:634 +#, qt-format +msgid "Error checking file out: %1" +msgstr "" + +#: src/gui/RCS.cpp:399 +#, qt-format +msgid "" +"Fatal error during initial RCS checkin of file %1 :\n" +" %2\n" +"Exit status %3" +msgstr "" + +#: src/gui/RCS.cpp:522 +msgid "Error creating temporary file " +msgstr "" + +#: src/gui/RCS.cpp:535 +msgid "Error writing to temporary file " +msgstr "" + +#: src/gui/RCS.cpp:567 +#, qt-format +msgid "" +"File is opened and locked by %1.\n" +"You can only open it read-only." +msgstr "" + +#: src/gui/RCS.cpp:580 +#, qt-format +msgid "" +"Revision %1 of this file has been checked out and locked by you earlier.\n" +"The file may be opened in another copy of Firewall Builder or was left " +"opened\n" +"after the program crashed." +msgstr "" + +#: src/gui/RCS.cpp:583 +msgid "Open &read-only" +msgstr "" + +#: src/gui/RCS.cpp:583 +msgid "&Open and continue editing" +msgstr "" + +#: src/gui/RCS.cpp:583 src/gui/FWWindow.cpp:247 src/gui/FWWindow.cpp:482 +#: src/gui/FWWindow.cpp:1468 src/gui/ui/askrulenumberdialog_q.cpp:91 +#: src/gui/ui/freebsdadvanceddialog_q.cpp:177 +#: src/gui/ui/ipfadvanceddialog_q.cpp:399 +#: src/gui/ui/ipfwadvanceddialog_q.cpp:241 +#: src/gui/ui/iptadvanceddialog_q.cpp:462 +#: src/gui/ui/linux24advanceddialog_q.cpp:359 +#: src/gui/ui/macosxadvanceddialog_q.cpp:167 +#: src/gui/ui/openbsdadvanceddialog_q.cpp:175 +#: src/gui/ui/pfadvanceddialog_q.cpp:507 src/gui/ui/prefsdialog_q.cpp:411 +#: src/gui/ui/rcsfilesavedialog_q.cpp:101 +#: src/gui/ui/solarisadvanceddialog_q.cpp:185 +msgid "&Cancel" +msgstr "" + +#: src/gui/RCS.cpp:717 +#, qt-format +msgid "Fatal error running rlog for %1" +msgstr "" + +#: src/gui/RCS.cpp:756 +#, qt-format +msgid "Fatal error running rcsdiff for file %1" +msgstr "" + +#: src/gui/RCSFilePreview.cpp:128 +msgid "File is not in RCS" +msgstr "" + +#: src/gui/platforms.cpp:123 src/gui/platforms.cpp:142 +#: src/gui/platforms.cpp:148 src/gui/platforms.cpp:154 +#: src/gui/platforms.cpp:157 +msgid "- any -" +msgstr "" + +#: src/gui/platforms.cpp:126 +msgid "1.2.9 or later" +msgstr "" + +#: src/gui/FWWindow.cpp:245 +msgid "" +"Some objects have been modified but not saved.\n" +"Do you want to save changes now ?" +msgstr "" + +#: src/gui/FWWindow.cpp:247 src/gui/ObjectEditor.cpp:309 +#: src/gui/ui/FWBMainWindow_q.cpp:370 +msgid "&Save" +msgstr "" + +#: src/gui/FWWindow.cpp:247 src/gui/ObjectEditor.cpp:309 +#: src/gui/ui/FWBMainWindow_q.cpp:455 +msgid "&Discard" +msgstr "" + +#: src/gui/FWWindow.cpp:272 src/gui/StartWizard.cpp:112 +#, qt-format +msgid "" +"The file %1 already exists.\n" +"Do you want to overwrite it ?" +msgstr "" + +#: src/gui/FWWindow.cpp:314 src/gui/StartWizard.cpp:103 +msgid "Choose name and folder for the new file" +msgstr "" + +#: src/gui/FWWindow.cpp:415 +msgid "Saving data to file..." +msgstr "" + +#: src/gui/FWWindow.cpp:441 +msgid "FWB Files (*.fwb);;All Files (*)" +msgstr "" + +#: src/gui/FWWindow.cpp:476 +msgid "" +"This operation discards all changes that have been saved\n" +"into the file so far, closes it and replaces it with a clean\n" +"copy of its head revision from RCS.\n" +"\n" +"All changes will be lost if you do this.\n" +"\n" +msgstr "" + +#: src/gui/FWWindow.cpp:481 +msgid "&Discard changes" +msgstr "" + +#: src/gui/FWWindow.cpp:509 +#, qt-format +msgid "File %1 has been added to RCS." +msgstr "" + +#: src/gui/FWWindow.cpp:518 src/gui/StartWizard.cpp:183 +#, qt-format +msgid "" +"Error adding file to RCS:\n" +"%1" +msgstr "" + +#: src/gui/FWWindow.cpp:525 src/gui/FWWindow.cpp:765 +msgid "(read-only)" +msgstr "" + +#: src/gui/FWWindow.cpp:620 src/gui/FWWindow.cpp:788 src/gui/FWWindow.cpp:794 +#, qt-format +msgid "" +"Error loading file:\n" +"%1" +msgstr "" + +#: src/gui/FWWindow.cpp:755 +#, qt-format +msgid "" +"Firewall Builder 2 uses file extension '.fwb'. Your data file '%1' \n" +"has been renamed '%2'" +msgstr "" + +#: src/gui/FWWindow.cpp:780 +#, qt-format +msgid "Exception: %1" +msgstr "" + +#: src/gui/FWWindow.cpp:782 +#, qt-format +msgid "Failed transformation : %1" +msgstr "" + +#: src/gui/FWWindow.cpp:784 +#, qt-format +msgid "XML element : %1" +msgstr "" + +#: src/gui/FWWindow.cpp:846 +#, qt-format +msgid "" +"Error checking in file %1:\n" +"%2" +msgstr "" + +#: src/gui/FWWindow.cpp:924 src/gui/LibExportDialog.cpp:309 +msgid "File is read-only" +msgstr "" + +#: src/gui/FWWindow.cpp:930 src/gui/LibExportDialog.cpp:313 +#, qt-format +msgid "Error saving file %1: %2" +msgstr "" + +#: src/gui/FWWindow.cpp:956 +#, qt-format +msgid "" +"Error loading file %1:\n" +"%2" +msgstr "" + +#: src/gui/FWWindow.cpp:970 +msgid "Choose a file to import" +msgstr "" + +#: src/gui/FWWindow.cpp:1017 +msgid "No firewalls defined" +msgstr "" + +#: src/gui/FWWindow.cpp:1150 +msgid "Policy" +msgstr "" + +#: src/gui/FWWindow.cpp:1169 +msgid "NAT" +msgstr "" + +#: src/gui/FWWindow.cpp:1337 +msgid "" +"Firewall platform is not specified in this object.\n" +"Can't compile firewall policy." +msgstr "" + +#: src/gui/FWWindow.cpp:1430 +msgid "" +"Policy installer uses Secure Shell to communicate with the firewall.\n" +"Please configure directory path to the secure file copy and secure \n" +"shell utilities installed on your machine using Preferences dialog" +msgstr "" + +#: src/gui/FWWindow.cpp:1465 +msgid "" +"Some objects have been modified since\n" +"you compiled the policy last time.\n" +"Do you want to recompile it before you install ?" +msgstr "" + +#: src/gui/FWWindow.cpp:1468 +msgid "&Compile" +msgstr "" + +#: src/gui/FWWindow.cpp:1468 +msgid "&Install old copy" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:115 +msgid " objects" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:131 +#, qt-format +msgid "protocol: %1" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:135 +#, qt-format +msgid "type: %1" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:137 +#, qt-format +msgid "code: %1" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:244 +#, qt-format +msgid "%1 objects
    \n" +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:318 +msgid "protocol " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:323 +msgid "type: " +msgstr "" + +#: src/gui/FWObjectPropertiesFactory.cpp:325 +msgid "code: " +msgstr "" + +#: src/gui/ObjectManipulator.cpp:132 +msgid "Object Manipulator" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:148 +msgid "New &Library" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:151 +msgid "New &Firewall" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:152 +msgid "New &Host" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:153 +msgid "New &Interface" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:155 +msgid "New &Network" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:156 +msgid "New &Address" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:157 +msgid "New Address &Range" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:158 +msgid "New &Object Group" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:160 +msgid "New &Custom Service" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:161 +msgid "New &IP Service" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:162 +msgid "New IC&MP Service" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:163 +msgid "New &TCP Service" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:164 +msgid "New &UDP Service" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:165 +msgid "New &Service Group" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:167 +msgid "New Ti&me Interval" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:212 +msgid " ( read only )" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:443 +msgid "" +"The name of the object '%1' has changed. The program can also\n" +"rename IP address objects that belong to this object,\n" +"using standard naming scheme 'host_name:interface_name:ip'.\n" +"This makes it easier to distinguish what host or a firewall\n" +"given IP address object belongs to when it is used in \n" +"the policy or NAT rule. The program also renames MAC address\n" +"objects using scheme 'host_name:interface_name:mac'.\n" +"Do you want to rename child IP and MAC address objects now?\n" +"(If you click 'No', names of all address objects that belong to\n" +"%1 will stay the same.)" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:472 +msgid "" +"The name of the interface '%1' has changed. The program can also\n" +"rename IP address objects that belong to this interface,\n" +"using standard naming scheme 'host_name:interface_name:ip'.\n" +"This makes it easier to distinguish what host or a firewall\n" +"given IP address object belongs to when it is used in \n" +"the policy or NAT rule. The program also renames MAC address\n" +"objects using scheme 'host_name:interface_name:mac'.\n" +"Do you want to rename child IP and MAC address objects now?\n" +"(If you click 'No', names of all address objects that belong to\n" +"%1 will stay the same.)" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:759 src/gui/GroupObjectDialog.cpp:583 +#: src/gui/RuleSetView.cpp:1013 src/gui/RuleSetView.cpp:1134 +#: src/gui/RuleSetView.cpp:1138 src/gui/ui/pixadvanceddialog_q.cpp:1690 +#: src/gui/ui/pixadvanceddialog_q.cpp:1694 +msgid "Edit" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:784 +#, qt-format +msgid "place in library %1" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:791 +#, qt-format +msgid "to library %1" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:800 +msgid "place here" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:803 +msgid "Duplicate ..." +msgstr "" + +#: src/gui/ObjectManipulator.cpp:804 +msgid "Move ..." +msgstr "" + +#: src/gui/ObjectManipulator.cpp:808 src/gui/GroupObjectDialog.cpp:586 +#: src/gui/RuleSetView.cpp:1015 src/gui/ui/FWBMainWindow_q.cpp:390 +msgid "Copy" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:810 src/gui/GroupObjectDialog.cpp:587 +#: src/gui/RuleSetView.cpp:1016 src/gui/ui/FWBMainWindow_q.cpp:387 +msgid "Cut" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:812 src/gui/GroupObjectDialog.cpp:588 +#: src/gui/RuleSetView.cpp:1017 src/gui/ui/FWBMainWindow_q.cpp:393 +msgid "Paste" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:817 src/gui/GroupObjectDialog.cpp:589 +#: src/gui/RuleSetView.cpp:1019 src/gui/ObjConflictResolutionDialog.cpp:91 +#: src/gui/ObjConflictResolutionDialog.cpp:103 +#: src/gui/ui/FWBMainWindow_q.cpp:444 src/gui/ui/newfirewalldialog_q.cpp:482 +#: src/gui/ui/newhostdialog_q.cpp:402 +msgid "Delete" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:829 +msgid "Add Interface" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:834 +msgid "Add IP Address" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:836 +msgid "Add MAC Address" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:841 src/gui/ui/newfirewalldialog_q.cpp:449 +msgid "New Firewall" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:845 src/gui/ObjectManipulator.cpp:1947 +msgid "New Address" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:849 src/gui/ObjectManipulator.cpp:1971 +msgid "New Address Range" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:853 src/gui/ObjectManipulator.cpp:1898 +#: src/gui/ui/newhostdialog_q.cpp:371 +msgid "New Host" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:857 src/gui/ObjectManipulator.cpp:1928 +msgid "New Network" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:861 src/gui/ObjectManipulator.cpp:885 +#: src/gui/ui/newgroupdialog_q.cpp:97 +msgid "New Group" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:865 src/gui/ObjectManipulator.cpp:1988 +msgid "New Custom Service" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:869 src/gui/ObjectManipulator.cpp:1996 +msgid "New IP Service" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:873 src/gui/ObjectManipulator.cpp:2004 +msgid "New ICMP Service" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:877 src/gui/ObjectManipulator.cpp:2012 +msgid "New TCP Service" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:881 src/gui/ObjectManipulator.cpp:2020 +msgid "New UDP Service" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:889 src/gui/ObjectManipulator.cpp:2037 +msgid "New Time Interval" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:893 src/gui/ui/finddialog_q.cpp:100 +msgid "Find" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:898 src/gui/ui/FWBMainWindow_q.cpp:413 +msgid "Compile" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:899 src/gui/ui/FWBMainWindow_q.cpp:415 +msgid "Install" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:904 src/gui/ui/groupobjectdialog_q.cpp:180 +msgid "Group" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:912 +msgid "dump" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:961 +msgid "Undelete..." +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1353 +msgid "" +"Emptying of the 'Deleted Objects' in a library file is not recommended.\n" +"When you remove deleted objects from a library file, Firewall Builder\n" +"loses ability to track them. If a group or a policy rule in some\n" +"data file still uses removed object from this library, you may encounter\n" +"unusual and unexpected behavior of the program.\n" +"Do you want to delete selected objects anyway ?" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1362 +msgid "" +"When you delete an object, it is removed from the tree and\n" +"all groups and firewall policy rules that reference it.\n" +"Do you want to delete selected objects ?" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1393 +#, qt-format +msgid "" +"When you delete a library, all objects that belong to it\n" +"disappear from the tree and all groups and rules that reference them.\n" +"You won't be able to reverse this operation later.\n" +"Do you still want to delete library %1?" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1911 src/gui/ObjectManipulator.cpp:1914 +msgid "New Interface" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:1979 +msgid "New Object Group" +msgstr "" + +#: src/gui/ObjectManipulator.cpp:2028 +msgid "New Service Group" +msgstr "" + +#: src/gui/ObjectEditor.cpp:308 +msgid "" +"This object has been modified but not saved.\n" +"Do you want to save it before switching to another object?" +msgstr "" + +#: src/gui/ObjectTreeView.cpp:80 src/gui/ui/FWBMainWindow_q.cpp:460 +msgid "Object" +msgstr "" + +#: src/gui/InterfaceDialog.cpp:170 +msgid "Group: " +msgstr "" + +#: src/gui/InterfaceDialog.cpp:188 +msgid "Network: " +msgstr "" + +#: src/gui/AddressRangeDialog.cpp:102 src/gui/AddressRangeDialog.cpp:113 +#: src/gui/IPv4Dialog.cpp:140 src/gui/NetworkDialog.cpp:103 +#, qt-format +msgid "Illegal IP address '%1'" +msgstr "" + +#: src/gui/IPv4Dialog.cpp:154 src/gui/NetworkDialog.cpp:114 +#, qt-format +msgid "Illegal netmask '%1'" +msgstr "" + +#: src/gui/IPv4Dialog.cpp:265 +#, qt-format +msgid "" +"DNS lookup failed for both names of the address object '%1' and the name of " +"the host '%2'." +msgstr "" + +#: src/gui/IPv4Dialog.cpp:272 +#, qt-format +msgid "DNS lookup failed for name of the address object '%1'." +msgstr "" + +#: src/gui/LibraryDialog.cpp:139 +msgid "Pick the color for this library" +msgstr "" + +#: src/gui/GroupObjectDialog.cpp:140 src/gui/ui/newfirewalldialog_q.cpp:196 +#: src/gui/ui/newfirewalldialog_q.cpp:285 +#: src/gui/ui/newfirewalldialog_q.cpp:470 +#: src/gui/ui/newfirewalldialog_q.cpp:487 src/gui/ui/newhostdialog_q.cpp:177 +#: src/gui/ui/newhostdialog_q.cpp:390 src/gui/ui/prefsdialog_q.cpp:216 +#: src/gui/ui/prefsdialog_q.cpp:438 +msgid "Name" +msgstr "" + +#: src/gui/GroupObjectDialog.cpp:141 +msgid "Properties" +msgstr "" + +#: src/gui/GroupObjectDialog.cpp:581 src/gui/ui/FWBMainWindow_q.cpp:366 +#: src/gui/ui/FWBMainWindow_q.cpp:409 +msgid "Open" +msgstr "" + +#: src/gui/TimeDialog.cpp:67 src/gui/TimeDialog.cpp:68 +msgid "Date (M/D/Y):" +msgstr "" + +#: src/gui/TimeDialog.cpp:72 src/gui/TimeDialog.cpp:73 +msgid "Date (D/M/Y):" +msgstr "" + +#: src/gui/TimeDialog.cpp:77 src/gui/TimeDialog.cpp:78 +msgid "Date (Y/M/D):" +msgstr "" + +#: src/gui/TimeDialog.cpp:82 src/gui/TimeDialog.cpp:83 +msgid "Date (Y/D/M):" +msgstr "" + +#: src/gui/RuleSetView.cpp:164 +msgid "A Rule Set" +msgstr "" + +#: src/gui/RuleSetView.cpp:456 +msgid "Accounting " +msgstr "" + +#: src/gui/RuleSetView.cpp:470 +msgid "Outbound " +msgstr "" + +#: src/gui/RuleSetView.cpp:538 +msgid "Original" +msgstr "" + +#: src/gui/RuleSetView.cpp:946 src/gui/RuleSetView.cpp:1062 +#: src/gui/RuleSetView.cpp:1090 src/gui/ui/FWBMainWindow_q.cpp:432 +msgid "Insert Rule" +msgstr "" + +#: src/gui/RuleSetView.cpp:948 src/gui/RuleSetView.cpp:962 +msgid "Paste Rule" +msgstr "" + +#: src/gui/RuleSetView.cpp:1021 +msgid "Negate" +msgstr "" + +#: src/gui/RuleSetView.cpp:1070 +#, qt-format +msgid "Rules: %1-%2" +msgstr "" + +#: src/gui/RuleSetView.cpp:1073 +#, qt-format +msgid "Rule: %1" +msgstr "" + +#: src/gui/RuleSetView.cpp:1078 +msgid "Color Label:" +msgstr "" + +#: src/gui/RuleSetView.cpp:1092 src/gui/ui/FWBMainWindow_q.cpp:435 +msgid "Add Rule Below" +msgstr "" + +#: src/gui/RuleSetView.cpp:1095 src/gui/ui/FWBMainWindow_q.cpp:436 +msgid "Remove Rule" +msgstr "" + +#: src/gui/RuleSetView.cpp:1096 +msgid "Remove Rules" +msgstr "" + +#: src/gui/RuleSetView.cpp:1099 +msgid "Move Rule" +msgstr "" + +#: src/gui/RuleSetView.cpp:1100 +msgid "Move Rules" +msgstr "" + +#: src/gui/RuleSetView.cpp:1106 src/gui/ui/FWBMainWindow_q.cpp:438 +msgid "Copy Rule" +msgstr "" + +#: src/gui/RuleSetView.cpp:1108 src/gui/ui/FWBMainWindow_q.cpp:439 +msgid "Cut Rule" +msgstr "" + +#: src/gui/RuleSetView.cpp:1110 src/gui/ui/FWBMainWindow_q.cpp:440 +msgid "Paste Rule Above" +msgstr "" + +#: src/gui/RuleSetView.cpp:1112 src/gui/ui/FWBMainWindow_q.cpp:441 +msgid "Paste Rule Below" +msgstr "" + +#: src/gui/RuleSetView.cpp:1119 +msgid "Enable Rule" +msgstr "" + +#: src/gui/RuleSetView.cpp:1120 +msgid "Enable Rules" +msgstr "" + +#: src/gui/RuleSetView.cpp:1124 +msgid "Disable Rule" +msgstr "" + +#: src/gui/RuleSetView.cpp:1125 +msgid "Disable Rules" +msgstr "" + +#: src/gui/RuleSetView.cpp:1463 +msgid "Comment Editor" +msgstr "" + +#: src/gui/RuleSetView.cpp:2338 src/gui/RuleSetView.cpp:2420 +msgid "Source" +msgstr "" + +#: src/gui/RuleSetView.cpp:2341 src/gui/RuleSetView.cpp:2423 +msgid "Destination" +msgstr "" + +#: src/gui/RuleSetView.cpp:2344 src/gui/RuleSetView.cpp:2426 +msgid "Service" +msgstr "" + +#: src/gui/RuleSetView.cpp:2347 src/gui/RuleSetView.cpp:2432 +msgid "Action" +msgstr "" + +#: src/gui/RuleSetView.cpp:2352 src/gui/RuleSetView.cpp:2437 +#: src/gui/ui/timedialog_q.cpp:214 +msgid "Time" +msgstr "" + +#: src/gui/RuleSetView.cpp:2358 src/gui/RuleSetView.cpp:2443 +#: src/gui/ui/freebsdadvanceddialog_q.cpp:194 +#: src/gui/ui/linux24advanceddialog_q.cpp:406 +#: src/gui/ui/macosxadvanceddialog_q.cpp:184 +#: src/gui/ui/openbsdadvanceddialog_q.cpp:198 +#: src/gui/ui/pixosadvanceddialog_q.cpp:308 +#: src/gui/ui/solarisadvanceddialog_q.cpp:212 +msgid "Options" +msgstr "" + +#: src/gui/RuleSetView.cpp:2362 src/gui/RuleSetView.cpp:2447 +#: src/gui/RuleSetView.cpp:2523 +msgid "Comment" +msgstr "" + +#: src/gui/RuleSetView.cpp:2429 +msgid "Direction" +msgstr "" + +#: src/gui/RuleSetView.cpp:2505 +msgid "Original Src" +msgstr "" + +#: src/gui/RuleSetView.cpp:2508 +msgid "Original Dst" +msgstr "" + +#: src/gui/RuleSetView.cpp:2511 +msgid "Original Srv" +msgstr "" + +#: src/gui/RuleSetView.cpp:2514 +msgid "Translated Src" +msgstr "" + +#: src/gui/RuleSetView.cpp:2517 +msgid "Translated Dst" +msgstr "" + +#: src/gui/RuleSetView.cpp:2520 +msgid "Translated Srv" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:74 +msgid "0 - System Unusable" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:79 +msgid "1 - Take Immediate Action" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:84 +msgid "2 - Critical Condition" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:89 +msgid "3 - Error Message" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:94 +msgid "4 - Warning Message" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:99 +msgid "5 - Normal but significant condition" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:104 +msgid "6 - Informational" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:109 +msgid "7 - Debug Message" +msgstr "" + +#: src/gui/pixAdvancedDialog.cpp:692 src/gui/pixAdvancedDialog.cpp:700 +#: src/gui/ui/simpletexteditor_q.cpp:87 +msgid "Script Editor" +msgstr "" + +#: src/gui/StartWizard.cpp:129 +#, qt-format +msgid "File %1 is read-only, you can not save changes to it." +msgstr "" + +#: src/gui/StartWizard.cpp:197 +#, qt-format +msgid "" +"Error opening file:\n" +"%1" +msgstr "" + +#: src/gui/LibExportDialog.cpp:162 +msgid "Please select a library you want to export." +msgstr "" + +#: src/gui/LibExportDialog.cpp:229 +#, qt-format +msgid "" +"Library %1: Firewall '%2' (global policy rule #%3) uses object '%4' from " +"library '%5'" +msgstr "" + +#: src/gui/LibExportDialog.cpp:238 +#, qt-format +msgid "" +"Library %1: Firewall '%2' (interface %3 policy rule #%4) uses object '%5' " +"from library '%6'" +msgstr "" + +#: src/gui/LibExportDialog.cpp:249 +#, qt-format +msgid "" +"Library %1: Firewall '%2' (NAT rule #%3) uses object '%4' from library '%5'" +msgstr "" + +#: src/gui/LibExportDialog.cpp:259 +#, qt-format +msgid "Library %1: Group '%2' uses object '%3' from library '%4'" +msgstr "" + +#: src/gui/LibExportDialog.cpp:274 +msgid "" +"A library that you are trying to export contains references\n" +"to objects in the other libraries and can not be exported.\n" +"The following objects need to be moved outside of it or\n" +"objects that they refer to moved in it:" +msgstr "" + +#: src/gui/PrefsDialog.cpp:152 +msgid "Find working directory" +msgstr "" + +#: src/gui/PrefsDialog.cpp:161 +msgid "Find Secure File Transfer utility" +msgstr "" + +#: src/gui/PrefsDialog.cpp:170 +msgid "Find Secure Shell utility" +msgstr "" + +#: src/gui/PrefsDialog.cpp:207 +msgid "Find add-on library" +msgstr "" + +#: src/gui/instDialog.cpp:75 +msgid "" +"Data file has been created in the old version of Firewall Builder. Use " +"fwbuilder GUI to convert it.\n" +msgstr "" + +#: src/gui/instDialog.cpp:177 +#, qt-format +msgid "File %1 not found." +msgstr "" + +#: src/gui/instDialog.cpp:185 +#, qt-format +msgid "" +"You are connecting to the firewall '%1' for the first time. It has " +"provided you its identification in a form of its host public key. The " +"fingerprint of the host public key is: \"%2\" You can save the host key to " +"the local database by pressing YES, or you can cancel connection by pressing " +"NO. You should press YES only if you are sure you are really connected to " +"the firewall '%3'." +msgstr "" + +#: src/gui/instDialog.cpp:317 +msgid "Unsupported exception" +msgstr "" + +#: src/gui/instDialog.cpp:348 +msgid "Summary:" +msgstr "" + +#: src/gui/instDialog.cpp:349 +#, qt-format +msgid "* firewall name : %1" +msgstr "" + +#: src/gui/instDialog.cpp:351 +#, qt-format +msgid "* user name : %1" +msgstr "" + +#: src/gui/instDialog.cpp:353 +#, qt-format +msgid "* management address : %1" +msgstr "" + +#: src/gui/instDialog.cpp:355 +#, qt-format +msgid "* platform : %1" +msgstr "" + +#: src/gui/instDialog.cpp:357 +#, qt-format +msgid "* host OS : %1" +msgstr "" + +#: src/gui/instDialog.cpp:359 +#, qt-format +msgid "* Loading configuration from file %1" +msgstr "" + +#: src/gui/instDialog.cpp:364 +msgid "* Incremental install" +msgstr "" + +#: src/gui/instDialog.cpp:369 +#, qt-format +msgid "* Configuration diff will be saved in file %1" +msgstr "" + +#: src/gui/instDialog.cpp:374 +msgid "* Test run, commands will not be executed on the firewall" +msgstr "" + +#: src/gui/instDialog.cpp:463 +#, qt-format +msgid "" +"Only one interface of the firewall '%1' must be marked as management " +"interface." +msgstr "" + +#: src/gui/instDialog.cpp:470 +#, qt-format +msgid "" +"One of the interfaces of the firewall '%1' must be marked as management " +"interface." +msgstr "" + +#: src/gui/instDialog.cpp:478 +msgid "" +"Management interface does not have IP address, can not communicate with the " +"firewall." +msgstr "" + +#: src/gui/instDialog.cpp:565 +#, qt-format +msgid "" +"Running command '%1'\n" +"\n" +msgstr "" + +#: src/gui/instDialog.cpp:612 +msgid "Failed to start ssh" +msgstr "" + +#: src/gui/instDialog.cpp:648 +#, qt-format +msgid "SSH terminated, exit status: %1" +msgstr "" + +#: src/gui/instDialog2.cpp:86 src/gui/instDialog3.cpp:78 +msgid "*** Fatal error :" +msgstr "" + +#: src/gui/instDialog2.cpp:115 +msgid "Logged in" +msgstr "" + +#: src/gui/instDialog2.cpp:117 +msgid "Switching to enable mode..." +msgstr "" + +#: src/gui/instDialog2.cpp:137 src/gui/instDialog3.cpp:134 +msgid "New RSA key" +msgstr "" + +#: src/gui/instDialog2.cpp:138 src/gui/instDialog3.cpp:135 +msgid "Yes" +msgstr "" + +#: src/gui/instDialog2.cpp:138 src/gui/instDialog3.cpp:135 +msgid "No" +msgstr "" + +#: src/gui/instDialog2.cpp:177 +msgid "In enable mode." +msgstr "" + +#: src/gui/instDialog2.cpp:227 +#, qt-format +msgid "Can not open file %1" +msgstr "" + +#: src/gui/instDialog2.cpp:253 +msgid "Pushing firewall configuration" +msgstr "" + +#: src/gui/instDialog2.cpp:273 +msgid "*** End " +msgstr "" + +#: src/gui/instDialog2.cpp:296 +#, qt-format +msgid "Rule %1" +msgstr "" + +#: src/gui/instDialog2.cpp:361 +msgid "Making backup copy of the firewall configuration" +msgstr "" + +#: src/gui/instDialog2.cpp:391 +msgid "Reading current firewall configuration" +msgstr "" + +#: src/gui/instDialog2.cpp:417 +msgid "Generating configuration diff" +msgstr "" + +#: src/gui/instDialog2.cpp:433 +#, qt-format +msgid "Fork failed for %1" +msgstr "" + +#: src/gui/instDialog2.cpp:439 +msgid "Not enough memory." +msgstr "" + +#: src/gui/instDialog2.cpp:444 +msgid "Too many opened file descriptors in the system." +msgstr "" + +#: src/gui/instDialog2.cpp:471 +msgid "Empty configuration diff" +msgstr "" + +#: src/gui/instDialog2.cpp:485 +msgid "Pushing firewall configuration\n" +msgstr "" + +#: src/gui/instDialog3.cpp:115 +msgid "Logged in\n" +msgstr "" + +#: src/gui/instDialog3.cpp:231 +msgid "Running command on the firewall: " +msgstr "" + +#: src/gui/instDialog3.cpp:243 src/gui/instDialog3.cpp:261 +msgid "Error activating firewall policy" +msgstr "" + +#: src/gui/newFirewallDialog.cpp:209 src/gui/newHostDialog.cpp:206 +msgid "Missing SNMP community string." +msgstr "" + +#: src/gui/newFirewallDialog.cpp:224 src/gui/newHostDialog.cpp:221 +#, qt-format +msgid "Address of %1 could not be obtained via DNS" +msgstr "" + +#: src/gui/newFirewallDialog.cpp:372 +msgid "dynamic" +msgstr "" + +#: src/gui/newFirewallDialog.cpp:453 src/gui/newHostDialog.cpp:387 +#, qt-format +msgid "Interface: %1 (%2)" +msgstr "" + +#: src/gui/newFirewallDialog.cpp:461 src/gui/newHostDialog.cpp:395 +#: src/gui/ui/newfirewalldialog_q.cpp:477 src/gui/ui/newhostdialog_q.cpp:397 +msgid "Dynamic address" +msgstr "" + +#: src/gui/newFirewallDialog.cpp:463 src/gui/newHostDialog.cpp:397 +#: src/gui/ui/interfacedialog_q.cpp:223 src/gui/ui/newfirewalldialog_q.cpp:468 +#: src/gui/ui/newhostdialog_q.cpp:388 +msgid "Unnumbered interface" +msgstr "" + +#: src/gui/newFirewallDialog.cpp:500 src/gui/newHostDialog.cpp:434 +#, qt-format +msgid "Illegal address '%1/%2'" +msgstr "" + +#: src/gui/ObjConflictResolutionDialog.cpp:77 +#: src/gui/ui/objconflictresolutiondialog_q.cpp:150 +msgid "Keep current object" +msgstr "" + +#: src/gui/ObjConflictResolutionDialog.cpp:78 +#: src/gui/ui/objconflictresolutiondialog_q.cpp:155 +msgid "Replace with this object" +msgstr "" + +#: src/gui/ObjConflictResolutionDialog.cpp:90 +#: src/gui/ObjConflictResolutionDialog.cpp:102 +#, qt-format +msgid "Object '%1' has been deleted" +msgstr "" + +#: src/gui/ObjConflictResolutionDialog.cpp:121 +#, qt-format +msgid "Object '%1' in the objects tree" +msgstr "" + +#: src/gui/ObjConflictResolutionDialog.cpp:123 +#: src/gui/ObjConflictResolutionDialog.cpp:125 +#, qt-format +msgid "Object '%1' in file %2" +msgstr "" + +#: src/gui/listOfLibraries.cpp:131 +#, qt-format +msgid "Library file %1 is corrupted." +msgstr "" + +#: src/gui/ui/aboutdialog_q.cpp:125 src/gui/ui/aboutdialog_q.cpp:126 +#: src/gui/ui/FWBMainWindow_q.cpp:359 +msgid "Firewall Builder" +msgstr "" + +#: src/gui/ui/aboutdialog_q.cpp:127 +msgid "Using libfwbuilder API v" +msgstr "" + +#: src/gui/ui/aboutdialog_q.cpp:128 +msgid "Revision: " +msgstr "" + +#: src/gui/ui/aboutdialog_q.cpp:129 src/gui/ui/freebsdadvanceddialog_q.cpp:175 +#: src/gui/ui/ipfadvanceddialog_q.cpp:397 +#: src/gui/ui/ipfwadvanceddialog_q.cpp:239 +#: src/gui/ui/iptadvanceddialog_q.cpp:460 +#: src/gui/ui/linux24advanceddialog_q.cpp:357 +#: src/gui/ui/macosxadvanceddialog_q.cpp:165 +#: src/gui/ui/openbsdadvanceddialog_q.cpp:173 +#: src/gui/ui/pfadvanceddialog_q.cpp:505 src/gui/ui/prefsdialog_q.cpp:409 +#: src/gui/ui/solarisadvanceddialog_q.cpp:183 +msgid "&OK" +msgstr "" + +#: src/gui/ui/aboutdialog_q.cpp:131 +msgid "Copyright 2002-2004 NetCitadel, LLC" +msgstr "" + +#: src/gui/ui/aboutdialog_q.cpp:132 +msgid "http://www.fwbuilder.org" +msgstr "" + +#: src/gui/ui/addressrangedialog_q.cpp:150 +msgid "Address Range" +msgstr "" + +#: src/gui/ui/addressrangedialog_q.cpp:151 +#: src/gui/ui/customservicedialog_q.cpp:151 +#: src/gui/ui/firewalldialog_q.cpp:276 src/gui/ui/groupobjectdialog_q.cpp:184 +#: src/gui/ui/hostdialog_q.cpp:143 src/gui/ui/icmpservicedialog_q.cpp:159 +#: src/gui/ui/interfacedialog_q.cpp:216 src/gui/ui/ipservicedialog_q.cpp:202 +#: src/gui/ui/ipv4dialog_q.cpp:157 src/gui/ui/librarydialog_q.cpp:120 +#: src/gui/ui/networkdialog_q.cpp:152 src/gui/ui/newfirewalldialog_q.cpp:465 +#: src/gui/ui/newhostdialog_q.cpp:385 src/gui/ui/physaddressdialog_q.cpp:136 +#: src/gui/ui/tcpservicedialog_q.cpp:335 src/gui/ui/timedialog_q.cpp:217 +#: src/gui/ui/udpservicedialog_q.cpp:201 +msgid "Name:" +msgstr "" + +#: src/gui/ui/addressrangedialog_q.cpp:152 +#: src/gui/ui/customservicedialog_q.cpp:152 +#: src/gui/ui/firewalldialog_q.cpp:277 src/gui/ui/groupobjectdialog_q.cpp:185 +#: src/gui/ui/hostdialog_q.cpp:144 src/gui/ui/icmpservicedialog_q.cpp:160 +#: src/gui/ui/interfacedialog_q.cpp:217 src/gui/ui/ipservicedialog_q.cpp:203 +#: src/gui/ui/ipv4dialog_q.cpp:158 src/gui/ui/networkdialog_q.cpp:153 +#: src/gui/ui/newgroupdialog_q.cpp:98 src/gui/ui/physaddressdialog_q.cpp:137 +#: src/gui/ui/tcpservicedialog_q.cpp:336 src/gui/ui/timedialog_q.cpp:218 +#: src/gui/ui/udpservicedialog_q.cpp:202 +msgid "Library:" +msgstr "" + +#: src/gui/ui/addressrangedialog_q.cpp:153 +#: src/gui/ui/customservicedialog_q.cpp:157 +#: src/gui/ui/firewalldialog_q.cpp:278 src/gui/ui/groupobjectdialog_q.cpp:187 +#: src/gui/ui/hostdialog_q.cpp:145 src/gui/ui/icmpservicedialog_q.cpp:166 +#: src/gui/ui/interfacedialog_q.cpp:231 src/gui/ui/ipservicedialog_q.cpp:192 +#: src/gui/ui/ipv4dialog_q.cpp:159 src/gui/ui/librarydialog_q.cpp:121 +#: src/gui/ui/networkdialog_q.cpp:154 src/gui/ui/physaddressdialog_q.cpp:138 +#: src/gui/ui/tcpservicedialog_q.cpp:344 src/gui/ui/timedialog_q.cpp:215 +#: src/gui/ui/udpservicedialog_q.cpp:204 +msgid "Comment:" +msgstr "" + +#: src/gui/ui/addressrangedialog_q.cpp:154 +msgid "Range End:" +msgstr "" + +#: src/gui/ui/addressrangedialog_q.cpp:155 +msgid "Range Start:" +msgstr "" + +#: src/gui/ui/addressrangedialog_q.cpp:156 +#: src/gui/ui/customservicedialog_q.cpp:155 +#: src/gui/ui/firewalldialog_q.cpp:293 src/gui/ui/groupobjectdialog_q.cpp:186 +#: src/gui/ui/hostdialog_q.cpp:148 src/gui/ui/icmpservicedialog_q.cpp:161 +#: src/gui/ui/interfacedialog_q.cpp:230 src/gui/ui/ipservicedialog_q.cpp:204 +#: src/gui/ui/ipv4dialog_q.cpp:162 src/gui/ui/librarydialog_q.cpp:124 +#: src/gui/ui/networkdialog_q.cpp:157 src/gui/ui/physaddressdialog_q.cpp:140 +#: src/gui/ui/ruleoptionsdialog_q.cpp:445 +#: src/gui/ui/tcpservicedialog_q.cpp:343 src/gui/ui/timedialog_q.cpp:216 +#: src/gui/ui/udpservicedialog_q.cpp:203 +msgid "Apply Changes" +msgstr "" + +#: src/gui/ui/askrulenumberdialog_q.cpp:87 +msgid "Enter New Position For The Rule" +msgstr "" + +#: src/gui/ui/askrulenumberdialog_q.cpp:88 +msgid "Enter new position for selected rules:" +msgstr "" + +#: src/gui/ui/askrulenumberdialog_q.cpp:89 +msgid "&Move" +msgstr "" + +#: src/gui/ui/askrulenumberdialog_q.cpp:90 +msgid "Alt+M" +msgstr "" + +#: src/gui/ui/askrulenumberdialog_q.cpp:92 src/gui/ui/debugdialog_q.cpp:76 +#: src/gui/ui/execdialog_q.cpp:89 +msgid "Alt+C" +msgstr "" + +#: src/gui/ui/colorlabelmenuitem_q.cpp:108 src/gui/ui/prefsdialog_q.cpp:446 +msgid "Orange" +msgstr "" + +#: src/gui/ui/colorlabelmenuitem_q.cpp:110 src/gui/ui/prefsdialog_q.cpp:443 +msgid "Green" +msgstr "" + +#: src/gui/ui/colorlabelmenuitem_q.cpp:112 src/gui/ui/prefsdialog_q.cpp:444 +msgid "Purple" +msgstr "" + +#: src/gui/ui/colorlabelmenuitem_q.cpp:114 src/gui/ui/prefsdialog_q.cpp:447 +msgid "Blue" +msgstr "" + +#: src/gui/ui/colorlabelmenuitem_q.cpp:116 src/gui/ui/prefsdialog_q.cpp:449 +msgid "Yellow" +msgstr "" + +#: src/gui/ui/colorlabelmenuitem_q.cpp:118 src/gui/ui/prefsdialog_q.cpp:448 +msgid "Gray" +msgstr "" + +#: src/gui/ui/colorlabelmenuitem_q.cpp:120 src/gui/ui/prefsdialog_q.cpp:445 +msgid "Red" +msgstr "" + +#: src/gui/ui/colorlabelmenuitem_q.cpp:122 +msgid "No color" +msgstr "" + +#: src/gui/ui/customservicedialog_q.cpp:150 +msgid "Custom Service" +msgstr "" + +#: src/gui/ui/customservicedialog_q.cpp:153 +msgid "" +"Custom service object has separate code string for each supported firewall " +"platform." +msgstr "" + +#: src/gui/ui/customservicedialog_q.cpp:154 +#: src/gui/ui/firewalldialog_q.cpp:281 +msgid "Platform:" +msgstr "" + +#: src/gui/ui/customservicedialog_q.cpp:156 +msgid "Code:" +msgstr "" + +#: src/gui/ui/debugdialog_q.cpp:74 +msgid "Debugging Info" +msgstr "" + +#: src/gui/ui/debugdialog_q.cpp:75 src/gui/ui/execdialog_q.cpp:88 +#: src/gui/ui/FWBMainWindow_q.cpp:412 +msgid "&Close" +msgstr "" + +#: src/gui/ui/execdialog_q.cpp:87 +msgid "Executing external command" +msgstr "" + +#: src/gui/ui/execdialog_q.cpp:90 +msgid "Stop" +msgstr "" + +#: src/gui/ui/filepropdialog_q.cpp:114 +msgid "File Properties" +msgstr "" + +#: src/gui/ui/filepropdialog_q.cpp:115 src/gui/ui/firewalldialog_q.cpp:289 +msgid "Location:" +msgstr "" + +#: src/gui/ui/filepropdialog_q.cpp:116 +msgid "location" +msgstr "" + +#: src/gui/ui/filepropdialog_q.cpp:117 +msgid "Revision history:" +msgstr "" + +#: src/gui/ui/filepropdialog_q.cpp:118 +msgid "RO" +msgstr "" + +#: src/gui/ui/filepropdialog_q.cpp:119 +msgid "Revision Control:" +msgstr "" + +#: src/gui/ui/filepropdialog_q.cpp:120 +msgid "Time of last modification:" +msgstr "" + +#: src/gui/ui/filepropdialog_q.cpp:121 +msgid "rev" +msgstr "" + +#: src/gui/ui/filepropdialog_q.cpp:122 +msgid "lockedBy" +msgstr "" + +#: src/gui/ui/filepropdialog_q.cpp:123 +msgid "lastModified" +msgstr "" + +#: src/gui/ui/filepropdialog_q.cpp:124 +msgid "Revision:" +msgstr "" + +#: src/gui/ui/filepropdialog_q.cpp:125 +msgid "Locked by user:" +msgstr "" + +#: src/gui/ui/finddialog_q.cpp:95 src/gui/ui/FWBMainWindow_q.cpp:424 +msgid "Find Object" +msgstr "" + +#: src/gui/ui/finddialog_q.cpp:96 +msgid "Text to be found in object names:" +msgstr "" + +#: src/gui/ui/finddialog_q.cpp:97 +msgid "Recognize regular expressions in search pattern" +msgstr "" + +#: src/gui/ui/finddialog_q.cpp:98 +msgid "Search in the tree" +msgstr "" + +#: src/gui/ui/finddialog_q.cpp:99 +msgid "Search in policy rules" +msgstr "" + +#: src/gui/ui/firewalldialog_q.cpp:275 +msgid "Firewall" +msgstr "" + +#: src/gui/ui/firewalldialog_q.cpp:279 +msgid "Firewall Settings ..." +msgstr "" + +#: src/gui/ui/firewalldialog_q.cpp:280 +msgid "Host OS Settings ..." +msgstr "" + +#: src/gui/ui/firewalldialog_q.cpp:282 +msgid "Version:" +msgstr "" + +#: src/gui/ui/firewalldialog_q.cpp:283 +msgid "Host OS:" +msgstr "" + +#: src/gui/ui/firewalldialog_q.cpp:284 +#: src/gui/ui/pixosadvanceddialog_q.cpp:278 src/gui/ui/prefsdialog_q.cpp:426 +msgid "General" +msgstr "" + +#: src/gui/ui/firewalldialog_q.cpp:285 +msgid "" +"Drop here firewall objects that should be used as policy templates for this " +"firewall. Rules will be added on top of the rules of this firewall and will " +"be taken from policies of the template objects in the order they were added, " +"from top to bottom:" +msgstr "" + +#: src/gui/ui/firewalldialog_q.cpp:286 +msgid "Templates" +msgstr "" + +#: src/gui/ui/firewalldialog_q.cpp:287 src/gui/ui/hostdialog_q.cpp:146 +msgid "SNMP community:" +msgstr "" + +#: src/gui/ui/firewalldialog_q.cpp:288 +msgid "Contact:" +msgstr "" + +#: src/gui/ui/firewalldialog_q.cpp:290 +msgid "SNMP Get" +msgstr "" + +#: src/gui/ui/firewalldialog_q.cpp:291 +msgid "Description:" +msgstr "" + +#: src/gui/ui/firewalldialog_q.cpp:292 +#: src/gui/ui/pixosadvanceddialog_q.cpp:305 +msgid "SNMP" +msgstr "" + +#: src/gui/ui/freebsdadvanceddialog_q.cpp:174 +msgid "FreeBSD: advanced settings" +msgstr "" + +#: src/gui/ui/freebsdadvanceddialog_q.cpp:179 +#: src/gui/ui/macosxadvanceddialog_q.cpp:183 +#: src/gui/ui/openbsdadvanceddialog_q.cpp:177 +#: src/gui/ui/solarisadvanceddialog_q.cpp:211 +msgid "Forward source routed packets" +msgstr "" + +#: src/gui/ui/freebsdadvanceddialog_q.cpp:180 +#: src/gui/ui/macosxadvanceddialog_q.cpp:169 +#: src/gui/ui/openbsdadvanceddialog_q.cpp:197 +msgid "Generate ICMP redirects" +msgstr "" + +#: src/gui/ui/freebsdadvanceddialog_q.cpp:181 +#: src/gui/ui/linux24advanceddialog_q.cpp:397 +#: src/gui/ui/macosxadvanceddialog_q.cpp:170 +#: src/gui/ui/openbsdadvanceddialog_q.cpp:187 +#: src/gui/ui/solarisadvanceddialog_q.cpp:202 +msgid "Packet forwarding" +msgstr "" + +#: src/gui/ui/freebsdadvanceddialog_q.cpp:183 +#: src/gui/ui/freebsdadvanceddialog_q.cpp:187 +#: src/gui/ui/freebsdadvanceddialog_q.cpp:191 +#: src/gui/ui/linux24advanceddialog_q.cpp:362 +#: src/gui/ui/linux24advanceddialog_q.cpp:366 +#: src/gui/ui/linux24advanceddialog_q.cpp:370 +#: src/gui/ui/linux24advanceddialog_q.cpp:374 +#: src/gui/ui/linux24advanceddialog_q.cpp:378 +#: src/gui/ui/linux24advanceddialog_q.cpp:382 +#: src/gui/ui/linux24advanceddialog_q.cpp:386 +#: src/gui/ui/linux24advanceddialog_q.cpp:390 +#: src/gui/ui/linux24advanceddialog_q.cpp:394 +#: src/gui/ui/linux24advanceddialog_q.cpp:409 +#: src/gui/ui/linux24advanceddialog_q.cpp:413 +#: src/gui/ui/linux24advanceddialog_q.cpp:417 +#: src/gui/ui/linux24advanceddialog_q.cpp:421 +#: src/gui/ui/linux24advanceddialog_q.cpp:425 +#: src/gui/ui/linux24advanceddialog_q.cpp:429 +#: src/gui/ui/macosxadvanceddialog_q.cpp:172 +#: src/gui/ui/macosxadvanceddialog_q.cpp:176 +#: src/gui/ui/macosxadvanceddialog_q.cpp:180 +#: src/gui/ui/openbsdadvanceddialog_q.cpp:180 +#: src/gui/ui/openbsdadvanceddialog_q.cpp:184 +#: src/gui/ui/openbsdadvanceddialog_q.cpp:189 +#: src/gui/ui/openbsdadvanceddialog_q.cpp:193 +#: src/gui/ui/solarisadvanceddialog_q.cpp:189 +#: src/gui/ui/solarisadvanceddialog_q.cpp:195 +#: src/gui/ui/solarisadvanceddialog_q.cpp:199 +#: src/gui/ui/solarisadvanceddialog_q.cpp:204 +#: src/gui/ui/solarisadvanceddialog_q.cpp:208 +msgid "No change" +msgstr "" + +#: src/gui/ui/freebsdadvanceddialog_q.cpp:184 +#: src/gui/ui/freebsdadvanceddialog_q.cpp:188 +#: src/gui/ui/freebsdadvanceddialog_q.cpp:192 +#: src/gui/ui/linux24advanceddialog_q.cpp:363 +#: src/gui/ui/linux24advanceddialog_q.cpp:367 +#: src/gui/ui/linux24advanceddialog_q.cpp:371 +#: src/gui/ui/linux24advanceddialog_q.cpp:375 +#: src/gui/ui/linux24advanceddialog_q.cpp:379 +#: src/gui/ui/linux24advanceddialog_q.cpp:383 +#: src/gui/ui/linux24advanceddialog_q.cpp:387 +#: src/gui/ui/linux24advanceddialog_q.cpp:391 +#: src/gui/ui/linux24advanceddialog_q.cpp:395 +#: src/gui/ui/linux24advanceddialog_q.cpp:410 +#: src/gui/ui/linux24advanceddialog_q.cpp:414 +#: src/gui/ui/linux24advanceddialog_q.cpp:418 +#: src/gui/ui/linux24advanceddialog_q.cpp:422 +#: src/gui/ui/linux24advanceddialog_q.cpp:426 +#: src/gui/ui/linux24advanceddialog_q.cpp:430 +#: src/gui/ui/macosxadvanceddialog_q.cpp:173 +#: src/gui/ui/macosxadvanceddialog_q.cpp:177 +#: src/gui/ui/macosxadvanceddialog_q.cpp:181 +#: src/gui/ui/openbsdadvanceddialog_q.cpp:181 +#: src/gui/ui/openbsdadvanceddialog_q.cpp:185 +#: src/gui/ui/openbsdadvanceddialog_q.cpp:190 +#: src/gui/ui/openbsdadvanceddialog_q.cpp:194 +#: src/gui/ui/solarisadvanceddialog_q.cpp:190 +#: src/gui/ui/solarisadvanceddialog_q.cpp:196 +#: src/gui/ui/solarisadvanceddialog_q.cpp:200 +#: src/gui/ui/solarisadvanceddialog_q.cpp:205 +#: src/gui/ui/solarisadvanceddialog_q.cpp:209 +msgid "On" +msgstr "" + +#: src/gui/ui/freebsdadvanceddialog_q.cpp:185 +#: src/gui/ui/freebsdadvanceddialog_q.cpp:189 +#: src/gui/ui/freebsdadvanceddialog_q.cpp:193 +#: src/gui/ui/linux24advanceddialog_q.cpp:364 +#: src/gui/ui/linux24advanceddialog_q.cpp:368 +#: src/gui/ui/linux24advanceddialog_q.cpp:372 +#: src/gui/ui/linux24advanceddialog_q.cpp:376 +#: src/gui/ui/linux24advanceddialog_q.cpp:380 +#: src/gui/ui/linux24advanceddialog_q.cpp:384 +#: src/gui/ui/linux24advanceddialog_q.cpp:388 +#: src/gui/ui/linux24advanceddialog_q.cpp:392 +#: src/gui/ui/linux24advanceddialog_q.cpp:396 +#: src/gui/ui/linux24advanceddialog_q.cpp:411 +#: src/gui/ui/linux24advanceddialog_q.cpp:415 +#: src/gui/ui/linux24advanceddialog_q.cpp:419 +#: src/gui/ui/linux24advanceddialog_q.cpp:423 +#: src/gui/ui/linux24advanceddialog_q.cpp:427 +#: src/gui/ui/linux24advanceddialog_q.cpp:431 +#: src/gui/ui/macosxadvanceddialog_q.cpp:174 +#: src/gui/ui/macosxadvanceddialog_q.cpp:178 +#: src/gui/ui/macosxadvanceddialog_q.cpp:182 +#: src/gui/ui/openbsdadvanceddialog_q.cpp:182 +#: src/gui/ui/openbsdadvanceddialog_q.cpp:186 +#: src/gui/ui/openbsdadvanceddialog_q.cpp:191 +#: src/gui/ui/openbsdadvanceddialog_q.cpp:195 +#: src/gui/ui/solarisadvanceddialog_q.cpp:191 +#: src/gui/ui/solarisadvanceddialog_q.cpp:197 +#: src/gui/ui/solarisadvanceddialog_q.cpp:201 +#: src/gui/ui/solarisadvanceddialog_q.cpp:206 +#: src/gui/ui/solarisadvanceddialog_q.cpp:210 +msgid "Off" +msgstr "" + +#: src/gui/ui/freebsdadvanceddialog_q.cpp:195 +#: src/gui/ui/solarisadvanceddialog_q.cpp:213 +msgid "ipf:" +msgstr "" + +#: src/gui/ui/freebsdadvanceddialog_q.cpp:196 +#: src/gui/ui/solarisadvanceddialog_q.cpp:214 +msgid "ipnat:" +msgstr "" + +#: src/gui/ui/freebsdadvanceddialog_q.cpp:197 +#: src/gui/ui/macosxadvanceddialog_q.cpp:186 +#: src/gui/ui/openbsdadvanceddialog_q.cpp:200 +msgid "sysctl:" +msgstr "" + +#: src/gui/ui/freebsdadvanceddialog_q.cpp:198 +#: src/gui/ui/macosxadvanceddialog_q.cpp:187 +#: src/gui/ui/openbsdadvanceddialog_q.cpp:201 +#: src/gui/ui/solarisadvanceddialog_q.cpp:215 +msgid "" +"Specify directory path and a file name for the following utilities on the OS " +"your firewall machine is running. Leave these empty if you want to use " +"default values." +msgstr "" + +#: src/gui/ui/freebsdadvanceddialog_q.cpp:199 +#: src/gui/ui/linux24advanceddialog_q.cpp:447 +#: src/gui/ui/macosxadvanceddialog_q.cpp:188 +#: src/gui/ui/openbsdadvanceddialog_q.cpp:202 +#: src/gui/ui/solarisadvanceddialog_q.cpp:216 +msgid "Path" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:361 +msgid "" +"Click here to change amount of information shown about object selected in " +"the tree" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:362 +msgid "Firewalls:" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:363 +msgid "Tab 1" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:364 +msgid "New Object File" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:365 +msgid "&New Object File" +msgstr "&Thêm đối tượng mới" + +#: src/gui/ui/FWBMainWindow_q.cpp:367 +msgid "&Open..." +msgstr "&Mở" + +#: src/gui/ui/FWBMainWindow_q.cpp:368 +msgid "Ctrl+O" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:369 src/gui/ui/FWBMainWindow_q.cpp:410 +msgid "Save" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:371 +msgid "Ctrl+S" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:372 +msgid "Save As" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:373 +msgid "Save &As..." +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:375 +msgid "Print" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:376 +msgid "&Print..." +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:377 +msgid "Ctrl+P" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:378 +msgid "Exit" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:379 +msgid "E&xit" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:381 +msgid "Undo" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:382 +msgid "&Undo" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:383 +msgid "Ctrl+Z" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:384 +msgid "Redo" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:385 +msgid "&Redo" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:386 +msgid "Ctrl+Y" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:388 +msgid "&Cut" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:389 +msgid "Ctrl+X" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:391 +msgid "C&opy" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:392 +msgid "Ctrl+C" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:394 +msgid "&Paste" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:395 +msgid "Ctrl+V" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:398 src/gui/ui/FWBMainWindow_q.cpp:428 +msgid "Ctrl+F" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:399 +msgid "Contents" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:400 +msgid "&Contents..." +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:402 +msgid "Index" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:403 +msgid "&Index..." +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:405 +msgid "About" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:406 +msgid "&About" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:408 +msgid "New" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:411 +msgid "Close" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:414 +msgid "Compile rules" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:416 +msgid "Install firewall policy" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:417 +msgid "Back" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:418 src/gui/ui/FWBMainWindow_q.cpp:419 +msgid "Move back to the previous object" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:420 +#: src/gui/ui/objconflictresolutiondialog_q.cpp:153 +msgid "New Object" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:421 +msgid "&New Object" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:422 +msgid "Create New Object" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:423 +msgid "Ctrl+N" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:425 +msgid "&Find Object" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:426 src/gui/ui/FWBMainWindow_q.cpp:427 +msgid "Find object in the tree" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:429 +msgid "Preferences..." +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:430 +msgid "P&references..." +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:431 +msgid "Edit Preferences" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:433 +msgid "Move Rule Up" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:434 +msgid "Move Rule Down" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:437 +msgid "Ctrl+Del" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:442 +msgid "Add File to RCS" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:443 +msgid "Add File to &RCS" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:445 +msgid "Del" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:446 +msgid "Export Library To a File" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:447 +msgid "&Export Library" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:448 +msgid "Import Library From a File" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:449 +msgid "&Import Library" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:450 +msgid "Debug" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:451 +msgid "&Debug" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:452 +msgid "&Properties" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:453 +msgid "Move Selected Rules" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:454 +msgid "Discard" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:456 +msgid "" +"Discard Changes and Overwrite With Clean Copy Of The Head Revision From RCS" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:457 +msgid "Toolbar" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:458 +msgid "&File" +msgstr "&Tệp" + +#: src/gui/ui/FWBMainWindow_q.cpp:459 +msgid "&Edit" +msgstr "Biên tập" + +#: src/gui/ui/FWBMainWindow_q.cpp:461 +msgid "Rules" +msgstr "" + +#: src/gui/ui/FWBMainWindow_q.cpp:462 +msgid "&Help" +msgstr "" + +#: src/gui/ui/groupobjectdialog_q.cpp:182 +msgid "L" +msgstr "" + +#: src/gui/ui/groupobjectdialog_q.cpp:183 +msgid "I" +msgstr "" + +#: src/gui/ui/hostdialog_q.cpp:142 +msgid "Host" +msgstr "" + +#: src/gui/ui/hostdialog_q.cpp:147 +msgid "MAC matching" +msgstr "" + +#: src/gui/ui/icmpservicedialog_q.cpp:158 +msgid "ICMP" +msgstr "" + +#: src/gui/ui/icmpservicedialog_q.cpp:162 +msgid "ICMP Type:" +msgstr "" + +#: src/gui/ui/icmpservicedialog_q.cpp:163 +#: src/gui/ui/icmpservicedialog_q.cpp:165 +msgid "any" +msgstr "" + +#: src/gui/ui/icmpservicedialog_q.cpp:164 +msgid "ICMP Code:" +msgstr "" + +#: src/gui/ui/instdialog_q.cpp:181 +msgid "Firewall Builder: Policy Installer" +msgstr "" + +#: src/gui/ui/instdialog_q.cpp:182 +msgid "Enter authentication information below and click 'Next'" +msgstr "" + +#: src/gui/ui/instdialog_q.cpp:183 +msgid "Incremental install" +msgstr "" + +#: src/gui/ui/instdialog_q.cpp:184 +msgid "" +"Calculate difference between current firewall state and generated " +"configuration and install only those commands that update state of the " +"firewall" +msgstr "" + +#: src/gui/ui/instdialog_q.cpp:185 +msgid "" +"Quiet install: do not print anything as commands are executed on the firewall" +msgstr "" + +#: src/gui/ui/instdialog_q.cpp:186 +msgid "Test run (commands won't be executed on the firewall)" +msgstr "" + +#: src/gui/ui/instdialog_q.cpp:187 +msgid "Make a backup copy of the firewall configuration in this file:" +msgstr "" + +#: src/gui/ui/instdialog_q.cpp:188 +msgid "Alternative address to communicate with the firewall:" +msgstr "" + +#: src/gui/ui/instdialog_q.cpp:189 +msgid "Store configuration diff in a file" +msgstr "" + +#: src/gui/ui/instdialog_q.cpp:190 +msgid "Enable password:" +msgstr "" + +#: src/gui/ui/instdialog_q.cpp:191 +msgid "Password or passphrase:" +msgstr "" + +#: src/gui/ui/instdialog_q.cpp:192 +msgid "User name:" +msgstr "" + +#: src/gui/ui/instdialog_q.cpp:193 +msgid "Verbose: print all commands as they are executed on the firewall" +msgstr "" + +#: src/gui/ui/instdialog_q.cpp:194 +msgid "Remove comments from configuration" +msgstr "" + +#: src/gui/ui/instdialog_q.cpp:195 +#, qt-format +msgid "Installing policy rules on firewall '%1'. Logging in" +msgstr "" + +#: src/gui/ui/instdialog_q.cpp:196 +msgid "Progress:" +msgstr "" + +#: src/gui/ui/instdialog_q.cpp:197 +#, qt-format +msgid "Installing policy rules on firewall '%1'." +msgstr "" + +#: src/gui/ui/interfacedialog_q.cpp:215 +msgid "Interface" +msgstr "" + +#: src/gui/ui/interfacedialog_q.cpp:218 src/gui/ui/newfirewalldialog_q.cpp:466 +#: src/gui/ui/newhostdialog_q.cpp:386 +msgid "Label:" +msgstr "" + +#: src/gui/ui/interfacedialog_q.cpp:220 +msgid "" +"Address is assigned\n" +"dynamically" +msgstr "" + +#: src/gui/ui/interfacedialog_q.cpp:222 +msgid "Regular interface" +msgstr "" + +#: src/gui/ui/interfacedialog_q.cpp:224 +msgid "Management interface" +msgstr "" + +#: src/gui/ui/interfacedialog_q.cpp:225 +msgid "" +"

    Check if this interface is used for management (SNMP queries, remote " +"policy install etc.)

    " +msgstr "" + +#: src/gui/ui/interfacedialog_q.cpp:226 +msgid "" +"This interface is\n" +"external (insecure)" +msgstr "" + +#: src/gui/ui/interfacedialog_q.cpp:228 +msgid "" +"

    One interface of the firewall must be marked as 'external'. This " +"interface should be connected to the least secure network, usually the " +"Internet.

    " +msgstr "" + +#: src/gui/ui/interfacedialog_q.cpp:229 +msgid "" +"One interface of the firewall must be marked as 'external'. This interface " +"should be connected to the least secure network, usually the Internet." +msgstr "" + +#: src/gui/ui/interfacedialog_q.cpp:232 src/gui/ui/interfacedialog_q.cpp:235 +msgid "" +"

    Network zone consists of hosts and networks that can be reached through " +"this interface of the firewall. Subnet to which this interface is directly " +"attached must be part of its network zone. Other subnets reachable by means " +"of routing should alse be added to the network zone.\n" +"
    \n" +"If network zone for this interface consists of only one subnet, you can " +"simply choose that network's object in the pull-down below. If your network " +"zone should include multiple subnets, you need to create an Object Group, " +"then put all hosts and networks which are going to be part of the network " +"zone into that group and finally choose this group in the pull-down below." +msgstr "" + +#: src/gui/ui/interfacedialog_q.cpp:238 +msgid "Network zone:" +msgstr "" + +#: src/gui/ui/interfacedialog_q.cpp:239 +msgid "Security level:" +msgstr "" + +#: src/gui/ui/interfacedialog_q.cpp:240 +msgid "" +"

    Each interface of the firewall must have security level associated with " +"it.
    Security level can be any number between 0 and 100, 0 being least " +"secure and 100 being most secure levels. Interface with security level 0 " +"ususally serves Internet connection.

    " +msgstr "" + +#: src/gui/ui/interfacedialog_q.cpp:241 +msgid "" +"

    Each interface of the firewall must have security level associated with " +"it.
    \n" +"Security level can be any number between 0 and 100, 0 being least secure and " +"100 being most secure levels. Interface with security level 0 ususally " +"serves Internet connection.

    " +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:396 +msgid "ipf: advanced settings" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:401 +#: src/gui/ui/ipfwadvanceddialog_q.cpp:243 +#: src/gui/ui/iptadvanceddialog_q.cpp:464 +#: src/gui/ui/pfadvanceddialog_q.cpp:539 +msgid "Command line options for the compiler:" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:402 +#: src/gui/ui/ipfwadvanceddialog_q.cpp:244 +#: src/gui/ui/iptadvanceddialog_q.cpp:465 +#: src/gui/ui/pfadvanceddialog_q.cpp:538 +msgid "Compiler:" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:403 +#: src/gui/ui/pfadvanceddialog_q.cpp:509 +msgid "" +"There are two ways compiler can generate code for rules in the Global " +"Policy: it can either create two ipf rules to control both incoming and " +"outgoing packets for each rule, or it can create only one ipf rule for " +"incoming packets and permit all outgoing ones.You get more control over the " +"packets crossing the firewall in the first mode, but generated script is " +"going to be smaller if you choose the second." +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:404 +msgid "" +"Masquerade returned icmp as being from original\n" +"packet's destination" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:407 +#: src/gui/ui/pfadvanceddialog_q.cpp:516 +msgid "Generate both 'in' and 'out' rules" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:408 +#: src/gui/ui/pfadvanceddialog_q.cpp:517 +msgid "Pass all outgoing" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:409 +#: src/gui/ui/iptadvanceddialog_q.cpp:480 +msgid "Accept TCP sessions opened prior to firewall restart" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:410 +msgid "Find and eliminate duplicate rules" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:411 +#: src/gui/ui/ipfwadvanceddialog_q.cpp:245 +#: src/gui/ui/pfadvanceddialog_q.cpp:510 +msgid "Detect rule shadowing in policy" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:412 +#: src/gui/ui/ipfwadvanceddialog_q.cpp:246 +#: src/gui/ui/pfadvanceddialog_q.cpp:511 +#: src/gui/ui/pixadvanceddialog_q.cpp:1656 +msgid "" +"Shadowing happens because a rule is a superset of a subsequent rule and any " +"packets potentially matched by the subsequent rule have already been matched " +"by the prior rule." +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:413 +#: src/gui/ui/ipfwadvanceddialog_q.cpp:247 +#: src/gui/ui/iptadvanceddialog_q.cpp:483 +#: src/gui/ui/pfadvanceddialog_q.cpp:512 +#: src/gui/ui/pixadvanceddialog_q.cpp:1674 +msgid "Ignore empty groups in rules" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:414 +#: src/gui/ui/ipfwadvanceddialog_q.cpp:248 +#: src/gui/ui/pfadvanceddialog_q.cpp:513 +#: src/gui/ui/pixadvanceddialog_q.cpp:1675 +msgid "" +"If the option is deactivated, compiler treats empty groups as an error and " +"aborts processing the policy. If this option is activated, compiler removes " +"all empty groups from all rule elements. If rule element becomes 'any' after " +"the last empty group has been removed, the whole rule will be ignored. Use " +"this option only if you fully understand how it works!" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:415 +#: src/gui/ui/ipfwadvanceddialog_q.cpp:249 +#: src/gui/ui/iptadvanceddialog_q.cpp:477 +#: src/gui/ui/pfadvanceddialog_q.cpp:540 +msgid "" +"Always permit ssh access from\n" +"the management workstation\n" +"with this address:" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:418 +#: src/gui/ui/iptadvanceddialog_q.cpp:466 +msgid "Default action on 'Reject':" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:421 +#: src/gui/ui/iptadvanceddialog_q.cpp:469 +#: src/gui/ui/ruleoptionsdialog_q.cpp:462 +#: src/gui/ui/ruleoptionsdialog_q.cpp:508 +#: src/gui/ui/ruleoptionsdialog_q.cpp:527 +#: src/gui/ui/ruleoptionsdialog_q.cpp:541 +msgid "ICMP admin prohibited" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:422 +#: src/gui/ui/iptadvanceddialog_q.cpp:470 +#: src/gui/ui/ruleoptionsdialog_q.cpp:463 +#: src/gui/ui/ruleoptionsdialog_q.cpp:509 +#: src/gui/ui/ruleoptionsdialog_q.cpp:528 +#: src/gui/ui/ruleoptionsdialog_q.cpp:542 +msgid "ICMP host prohibited" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:423 +#: src/gui/ui/iptadvanceddialog_q.cpp:471 +#: src/gui/ui/ruleoptionsdialog_q.cpp:464 +#: src/gui/ui/ruleoptionsdialog_q.cpp:510 +#: src/gui/ui/ruleoptionsdialog_q.cpp:529 +#: src/gui/ui/ruleoptionsdialog_q.cpp:543 +msgid "ICMP host unreachable" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:424 +#: src/gui/ui/iptadvanceddialog_q.cpp:472 +#: src/gui/ui/ruleoptionsdialog_q.cpp:465 +#: src/gui/ui/ruleoptionsdialog_q.cpp:511 +#: src/gui/ui/ruleoptionsdialog_q.cpp:530 +#: src/gui/ui/ruleoptionsdialog_q.cpp:544 +msgid "ICMP net prohibited" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:425 +#: src/gui/ui/iptadvanceddialog_q.cpp:473 +#: src/gui/ui/ruleoptionsdialog_q.cpp:466 +#: src/gui/ui/ruleoptionsdialog_q.cpp:512 +#: src/gui/ui/ruleoptionsdialog_q.cpp:531 +#: src/gui/ui/ruleoptionsdialog_q.cpp:545 +msgid "ICMP net unreachable" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:426 +#: src/gui/ui/iptadvanceddialog_q.cpp:474 +#: src/gui/ui/ruleoptionsdialog_q.cpp:467 +#: src/gui/ui/ruleoptionsdialog_q.cpp:513 +#: src/gui/ui/ruleoptionsdialog_q.cpp:532 +#: src/gui/ui/ruleoptionsdialog_q.cpp:546 +msgid "ICMP port unreachable" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:427 +#: src/gui/ui/iptadvanceddialog_q.cpp:475 +#: src/gui/ui/ruleoptionsdialog_q.cpp:468 +#: src/gui/ui/ruleoptionsdialog_q.cpp:514 +#: src/gui/ui/ruleoptionsdialog_q.cpp:533 +#: src/gui/ui/ruleoptionsdialog_q.cpp:547 +msgid "ICMP protocol unreachable" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:428 +#: src/gui/ui/iptadvanceddialog_q.cpp:476 +#: src/gui/ui/ruleoptionsdialog_q.cpp:469 +#: src/gui/ui/ruleoptionsdialog_q.cpp:515 +#: src/gui/ui/ruleoptionsdialog_q.cpp:534 +#: src/gui/ui/ruleoptionsdialog_q.cpp:548 +msgid "TCP RST" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:429 +#: src/gui/ui/ipfwadvanceddialog_q.cpp:252 +#: src/gui/ui/iptadvanceddialog_q.cpp:489 +#: src/gui/ui/pfadvanceddialog_q.cpp:543 +msgid "Compiler" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:430 +msgid "" +"Some protocols involve multiple associated network connections. Firewall can " +"keep track of such connections automatically if you activate one or all of " +"the following options:" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:431 +msgid "Use raudio proxy in NAT rules" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:432 +msgid "Use h323 proxy in NAT rules" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:433 +msgid "Use ipsec proxy in NAT rules" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:434 +msgid "Use ftp proxy in NAT rules" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:435 +msgid "Use rcmd proxy in NAT rules" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:436 +msgid "Protocol Helpers" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:437 +#: src/gui/ui/ipfwadvanceddialog_q.cpp:253 +#: src/gui/ui/iptadvanceddialog_q.cpp:490 +#: src/gui/ui/pfadvanceddialog_q.cpp:561 +#: src/gui/ui/pixadvanceddialog_q.cpp:1685 +msgid "Command line options for the script:" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:438 +#: src/gui/ui/ipfwadvanceddialog_q.cpp:257 +#: src/gui/ui/iptadvanceddialog_q.cpp:494 +#: src/gui/ui/pfadvanceddialog_q.cpp:565 +#: src/gui/ui/pixadvanceddialog_q.cpp:1686 +msgid "" +"Policy install script (using built-in installer if this field is blank):" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:439 +#: src/gui/ui/ipfwadvanceddialog_q.cpp:254 +#: src/gui/ui/pfadvanceddialog_q.cpp:562 +msgid "Directory on the firewall where configuration files should be installed" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:440 +#: src/gui/ui/ipfwadvanceddialog_q.cpp:255 +#: src/gui/ui/iptadvanceddialog_q.cpp:492 +#: src/gui/ui/pfadvanceddialog_q.cpp:563 +#: src/gui/ui/pixadvanceddialog_q.cpp:1684 +msgid "" +"User name used to authenticate to the firewall (leave this empty if you use " +"putty session):" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:441 +#: src/gui/ui/ipfwadvanceddialog_q.cpp:256 +#: src/gui/ui/iptadvanceddialog_q.cpp:493 +#: src/gui/ui/pfadvanceddialog_q.cpp:564 +#: src/gui/ui/pixadvanceddialog_q.cpp:1687 +msgid "" +"Alternative name or address used to communicate with the firewall (also " +"putty session name on Windows)" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:442 +#: src/gui/ui/ipfwadvanceddialog_q.cpp:258 +#: src/gui/ui/iptadvanceddialog_q.cpp:495 +#: src/gui/ui/pfadvanceddialog_q.cpp:566 +msgid "" +"A command that installer should execute on the firewall in order to activate " +"the policy (if this field is blank, installer runs firewall script in the " +"directory specified above; it uses sudo if user name is not 'root')" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:443 +#: src/gui/ui/ipfwadvanceddialog_q.cpp:259 +#: src/gui/ui/iptadvanceddialog_q.cpp:496 +#: src/gui/ui/pfadvanceddialog_q.cpp:567 +#: src/gui/ui/pixadvanceddialog_q.cpp:1688 +msgid "Installer" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:444 +#: src/gui/ui/ruleoptionsdialog_q.cpp:485 +msgid "Log facility:" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:445 +#: src/gui/ui/iptadvanceddialog_q.cpp:503 +#: src/gui/ui/ruleoptionsdialog_q.cpp:459 +#: src/gui/ui/ruleoptionsdialog_q.cpp:486 +#: src/gui/ui/ruleoptionsdialog_q.cpp:554 +msgid "Log level:" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:446 +msgid "Log packet body" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:447 +msgid "Block if can not log" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:448 +#: src/gui/ui/iptadvanceddialog_q.cpp:527 +#: src/gui/ui/pfadvanceddialog_q.cpp:569 +#: src/gui/ui/pixadvanceddialog_q.cpp:1883 +msgid "Logging" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:449 +#: src/gui/ui/ipfwadvanceddialog_q.cpp:260 +#: src/gui/ui/iptadvanceddialog_q.cpp:530 +#: src/gui/ui/pfadvanceddialog_q.cpp:570 +msgid "Add virtual addresses for NAT" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:450 +#: src/gui/ui/ipfwadvanceddialog_q.cpp:261 +#: src/gui/ui/iptadvanceddialog_q.cpp:529 +#: src/gui/ui/pfadvanceddialog_q.cpp:571 +msgid "Configure Interfaces of the firewall machine" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:451 +#: src/gui/ui/ipfwadvanceddialog_q.cpp:262 +#: src/gui/ui/iptadvanceddialog_q.cpp:531 +#: src/gui/ui/pfadvanceddialog_q.cpp:572 +msgid "Turn debugging on in generated script" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:452 +msgid "Optimization" +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:453 +msgid "" +"If this option is on, policy compiler adds virtual addresses to the " +"interfaces to make the firewall answer to ARP queries for addresses used in " +"NAT rules." +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:454 +#: src/gui/ui/ipfwadvanceddialog_q.cpp:263 +#: src/gui/ui/iptadvanceddialog_q.cpp:528 +#: src/gui/ui/pfadvanceddialog_q.cpp:573 +msgid "These options enable auxiliary sections in the generated shell script." +msgstr "" + +#: src/gui/ui/ipfadvanceddialog_q.cpp:455 +#: src/gui/ui/ipfwadvanceddialog_q.cpp:264 +#: src/gui/ui/iptadvanceddialog_q.cpp:534 +#: src/gui/ui/pfadvanceddialog_q.cpp:574 +msgid "Script Options" +msgstr "" + +#: src/gui/ui/ipfwadvanceddialog_q.cpp:238 +msgid "ipfw: advanced settings" +msgstr "" + +#: src/gui/ui/ipservicedialog_q.cpp:191 +msgid "IP" +msgstr "" + +#: src/gui/ui/ipservicedialog_q.cpp:194 +msgid "all fragments" +msgstr "" + +#: src/gui/ui/ipservicedialog_q.cpp:195 +msgid "rr (record route)" +msgstr "" + +#: src/gui/ui/ipservicedialog_q.cpp:196 +msgid "timestamp" +msgstr "" + +#: src/gui/ui/ipservicedialog_q.cpp:197 +msgid "ssrr (strict source route)" +msgstr "" + +#: src/gui/ui/ipservicedialog_q.cpp:198 +msgid "'short' fragments" +msgstr "" + +#: src/gui/ui/ipservicedialog_q.cpp:199 +msgid "lsrr (loose source route)" +msgstr "" + +#: src/gui/ui/ipservicedialog_q.cpp:200 +msgid "Protocol number:" +msgstr "" + +#: src/gui/ui/ipservicedialog_q.cpp:201 +msgid "( 0 - any protocol )" +msgstr "" + +#: src/gui/ui/iptadvanceddialog_q.cpp:459 +msgid "iptables: advanced settings" +msgstr "" + +#: src/gui/ui/iptadvanceddialog_q.cpp:481 +msgid "" +"These options control algorithms used by the policy compiler to generate " +"iptables commands." +msgstr "" + +#: src/gui/ui/iptadvanceddialog_q.cpp:482 +#: src/gui/ui/pixadvanceddialog_q.cpp:1665 +msgid "Assume firewall is part of 'any'" +msgstr "" + +#: src/gui/ui/iptadvanceddialog_q.cpp:484 +msgid "Accept ESTABLISHED and RELATED packets before the first rule" +msgstr "" + +#: src/gui/ui/iptadvanceddialog_q.cpp:485 +msgid "Detect shadowing in policy rules" +msgstr "" + +#: src/gui/ui/iptadvanceddialog_q.cpp:486 +msgid "Bridging firewall" +msgstr "" + +#: src/gui/ui/iptadvanceddialog_q.cpp:487 +msgid "Enable support for NAT of locally originated connections" +msgstr "" + +#: src/gui/ui/iptadvanceddialog_q.cpp:488 +msgid "Clamp MSS to MTU" +msgstr "" + +#: src/gui/ui/iptadvanceddialog_q.cpp:491 +msgid "Directory on the firewall where script should be installed" +msgstr "" + +#: src/gui/ui/iptadvanceddialog_q.cpp:498 +msgid "use ULOG" +msgstr "" + +#: src/gui/ui/iptadvanceddialog_q.cpp:499 +msgid "use LOG" +msgstr "" + +#: src/gui/ui/iptadvanceddialog_q.cpp:500 +msgid "log TCP seq. numbers" +msgstr "" + +#: src/gui/ui/iptadvanceddialog_q.cpp:501 +msgid "log IP options" +msgstr "" + +#: src/gui/ui/iptadvanceddialog_q.cpp:502 +msgid "use numeric syslog levels" +msgstr "" + +#: src/gui/ui/iptadvanceddialog_q.cpp:506 +#: src/gui/ui/ruleoptionsdialog_q.cpp:450 +#: src/gui/ui/ruleoptionsdialog_q.cpp:489 +#: src/gui/ui/ruleoptionsdialog_q.cpp:498 +#: src/gui/ui/ruleoptionsdialog_q.cpp:557 +msgid "alert" +msgstr "" + +#: src/gui/ui/iptadvanceddialog_q.cpp:507 +#: src/gui/ui/ruleoptionsdialog_q.cpp:451 +#: src/gui/ui/ruleoptionsdialog_q.cpp:490 +#: src/gui/ui/ruleoptionsdialog_q.cpp:499 +#: src/gui/ui/ruleoptionsdialog_q.cpp:558 +msgid "crit" +msgstr "" + +#: src/gui/ui/iptadvanceddialog_q.cpp:508 +#: src/gui/ui/ruleoptionsdialog_q.cpp:452 +#: src/gui/ui/ruleoptionsdialog_q.cpp:491 +#: src/gui/ui/ruleoptionsdialog_q.cpp:500 +#: src/gui/ui/ruleoptionsdialog_q.cpp:559 +msgid "error" +msgstr "" + +#: src/gui/ui/iptadvanceddialog_q.cpp:509 +#: src/gui/ui/ruleoptionsdialog_q.cpp:453 +#: src/gui/ui/ruleoptionsdialog_q.cpp:492 +#: src/gui/ui/ruleoptionsdialog_q.cpp:501 +#: src/gui/ui/ruleoptionsdialog_q.cpp:560 +msgid "warning" +msgstr "" + +#: src/gui/ui/iptadvanceddialog_q.cpp:510 +#: src/gui/ui/ruleoptionsdialog_q.cpp:454 +#: src/gui/ui/ruleoptionsdialog_q.cpp:493 +#: src/gui/ui/ruleoptionsdialog_q.cpp:502 +#: src/gui/ui/ruleoptionsdialog_q.cpp:561 +msgid "notice" +msgstr "" + +#: src/gui/ui/iptadvanceddialog_q.cpp:511 +#: src/gui/ui/ruleoptionsdialog_q.cpp:455 +#: src/gui/ui/ruleoptionsdialog_q.cpp:494 +#: src/gui/ui/ruleoptionsdialog_q.cpp:503 +#: src/gui/ui/ruleoptionsdialog_q.cpp:562 +msgid "info" +msgstr "" + +#: src/gui/ui/iptadvanceddialog_q.cpp:512 +#: src/gui/ui/ruleoptionsdialog_q.cpp:456 +#: src/gui/ui/ruleoptionsdialog_q.cpp:495 +#: src/gui/ui/ruleoptionsdialog_q.cpp:504 +#: src/gui/ui/ruleoptionsdialog_q.cpp:563 +msgid "debug" +msgstr "" + +#: src/gui/ui/iptadvanceddialog_q.cpp:513 +msgid "log TCP options" +msgstr "" + +#: src/gui/ui/iptadvanceddialog_q.cpp:514 +msgid "cprange" +msgstr "" + +#: src/gui/ui/iptadvanceddialog_q.cpp:515 +msgid "queue threshold:" +msgstr "" + +#: src/gui/ui/iptadvanceddialog_q.cpp:516 +msgid "netlink group:" +msgstr "" + +#: src/gui/ui/iptadvanceddialog_q.cpp:517 +#: src/gui/ui/ruleoptionsdialog_q.cpp:447 +#: src/gui/ui/ruleoptionsdialog_q.cpp:535 +msgid "Log prefix:" +msgstr "" + +#: src/gui/ui/iptadvanceddialog_q.cpp:518 +msgid "Logging limit:" +msgstr "" + +#: src/gui/ui/iptadvanceddialog_q.cpp:521 +#: src/gui/ui/ruleoptionsdialog_q.cpp:478 +msgid "/day" +msgstr "" + +#: src/gui/ui/iptadvanceddialog_q.cpp:522 +#: src/gui/ui/ruleoptionsdialog_q.cpp:479 +msgid "/hour" +msgstr "" + +#: src/gui/ui/iptadvanceddialog_q.cpp:523 +#: src/gui/ui/ruleoptionsdialog_q.cpp:480 +msgid "/minute" +msgstr "" + +#: src/gui/ui/iptadvanceddialog_q.cpp:524 +#: src/gui/ui/ruleoptionsdialog_q.cpp:481 +msgid "/second" +msgstr "" + +#: src/gui/ui/iptadvanceddialog_q.cpp:525 +msgid "" +"Activate logging in all rules\n" +"(overrides rule options, use for debugging)" +msgstr "" + +#: src/gui/ui/iptadvanceddialog_q.cpp:532 +msgid "Verify interfaces before loading firewall policy" +msgstr "" + +#: src/gui/ui/iptadvanceddialog_q.cpp:533 +msgid "Load modules" +msgstr "" + +#: src/gui/ui/ipv4dialog_q.cpp:156 +msgid "IPv4" +msgstr "" + +#: src/gui/ui/ipv4dialog_q.cpp:160 src/gui/ui/networkdialog_q.cpp:156 +#: src/gui/ui/newfirewalldialog_q.cpp:467 src/gui/ui/newhostdialog_q.cpp:387 +msgid "Address:" +msgstr "" + +#: src/gui/ui/ipv4dialog_q.cpp:161 src/gui/ui/networkdialog_q.cpp:155 +#: src/gui/ui/newfirewalldialog_q.cpp:479 src/gui/ui/newhostdialog_q.cpp:399 +msgid "Netmask:" +msgstr "" + +#: src/gui/ui/ipv4dialog_q.cpp:163 +msgid "DNS Lookup..." +msgstr "" + +#: src/gui/ui/libexport_q.cpp:73 +msgid "Export" +msgstr "" + +#: src/gui/ui/libexport_q.cpp:74 +msgid "" +"This will export a library to a file which can later be imported back into " +"Firewall Builder" +msgstr "" + +#: src/gui/ui/libexport_q.cpp:75 +msgid "Choose libraries to be exported:" +msgstr "" + +#: src/gui/ui/libexport_q.cpp:77 +msgid "New Item" +msgstr "" + +#: src/gui/ui/librarydialog_q.cpp:119 +msgid "Library" +msgstr "" + +#: src/gui/ui/librarydialog_q.cpp:123 +msgid "Color:" +msgstr "" + +#: src/gui/ui/linux24advanceddialog_q.cpp:356 +msgid "Linux 2.4: advanced settings" +msgstr "" + +#: src/gui/ui/linux24advanceddialog_q.cpp:398 +msgid "Kernel anti-spoofing protection" +msgstr "" + +#: src/gui/ui/linux24advanceddialog_q.cpp:399 +msgid "Ignore broadcast pings" +msgstr "" + +#: src/gui/ui/linux24advanceddialog_q.cpp:400 +msgid "Ignore all pings" +msgstr "" + +#: src/gui/ui/linux24advanceddialog_q.cpp:401 +msgid "Accept source route" +msgstr "" + +#: src/gui/ui/linux24advanceddialog_q.cpp:402 +msgid "Accept ICMP redirects" +msgstr "" + +#: src/gui/ui/linux24advanceddialog_q.cpp:403 +msgid "Ignore bogus ICMP errors" +msgstr "" + +#: src/gui/ui/linux24advanceddialog_q.cpp:404 +msgid "Allow dynamic addresses" +msgstr "" + +#: src/gui/ui/linux24advanceddialog_q.cpp:405 +msgid "Log martians" +msgstr "" + +#: src/gui/ui/linux24advanceddialog_q.cpp:407 +msgid "" +"These parameters make sense for connections to or from the firewall host" +msgstr "" + +#: src/gui/ui/linux24advanceddialog_q.cpp:432 +msgid "TCP sack" +msgstr "" + +#: src/gui/ui/linux24advanceddialog_q.cpp:433 +msgid "TCP window scaling" +msgstr "" + +#: src/gui/ui/linux24advanceddialog_q.cpp:434 +msgid "TCP ECN" +msgstr "" + +#: src/gui/ui/linux24advanceddialog_q.cpp:435 +msgid "TCP SYN cookies" +msgstr "" + +#: src/gui/ui/linux24advanceddialog_q.cpp:436 +msgid "TCP keepalive time (sec)" +msgstr "" + +#: src/gui/ui/linux24advanceddialog_q.cpp:437 +msgid "TCP fack" +msgstr "" + +#: src/gui/ui/linux24advanceddialog_q.cpp:438 +msgid "TCP timestamps" +msgstr "" + +#: src/gui/ui/linux24advanceddialog_q.cpp:439 +msgid "TCP FIN timeout (sec)" +msgstr "" + +#: src/gui/ui/linux24advanceddialog_q.cpp:440 +#: src/gui/ui/tcpservicedialog_q.cpp:333 +msgid "TCP" +msgstr "" + +#: src/gui/ui/linux24advanceddialog_q.cpp:441 +msgid "modprobe:" +msgstr "" + +#: src/gui/ui/linux24advanceddialog_q.cpp:442 +msgid "logger:" +msgstr "" + +#: src/gui/ui/linux24advanceddialog_q.cpp:443 +msgid "ip:" +msgstr "" + +#: src/gui/ui/linux24advanceddialog_q.cpp:444 +msgid "lsmod" +msgstr "" + +#: src/gui/ui/linux24advanceddialog_q.cpp:445 +msgid "iptables:" +msgstr "" + +#: src/gui/ui/linux24advanceddialog_q.cpp:446 +msgid "" +"Specify directory path and a file name for each utility on your firewall " +"machine. Leave these empty if you want to use default values." +msgstr "" + +#: src/gui/ui/macosxadvanceddialog_q.cpp:164 +msgid "MacOS X: advanced settings" +msgstr "" + +#: src/gui/ui/macosxadvanceddialog_q.cpp:185 +msgid "ipfw:" +msgstr "" + +#: src/gui/ui/networkdialog_q.cpp:151 +msgid "Network" +msgstr "" + +#: src/gui/ui/newfirewalldialog_q.cpp:197 +#: src/gui/ui/newfirewalldialog_q.cpp:286 +#: src/gui/ui/newfirewalldialog_q.cpp:471 +#: src/gui/ui/newfirewalldialog_q.cpp:488 src/gui/ui/newhostdialog_q.cpp:178 +#: src/gui/ui/newhostdialog_q.cpp:391 +msgid "Label" +msgstr "" + +#: src/gui/ui/newfirewalldialog_q.cpp:198 +#: src/gui/ui/newfirewalldialog_q.cpp:287 +#: src/gui/ui/newfirewalldialog_q.cpp:472 +#: src/gui/ui/newfirewalldialog_q.cpp:489 src/gui/ui/newhostdialog_q.cpp:179 +#: src/gui/ui/newhostdialog_q.cpp:392 +msgid "Address" +msgstr "" + +#: src/gui/ui/newfirewalldialog_q.cpp:199 +#: src/gui/ui/newfirewalldialog_q.cpp:473 src/gui/ui/newhostdialog_q.cpp:180 +#: src/gui/ui/newhostdialog_q.cpp:393 +msgid "Netmask" +msgstr "" + +#: src/gui/ui/newfirewalldialog_q.cpp:200 +#: src/gui/ui/newfirewalldialog_q.cpp:474 src/gui/ui/newhostdialog_q.cpp:181 +#: src/gui/ui/newhostdialog_q.cpp:394 +msgid "Dyn" +msgstr "" + +#: src/gui/ui/newfirewalldialog_q.cpp:201 +#: src/gui/ui/newfirewalldialog_q.cpp:475 src/gui/ui/newhostdialog_q.cpp:182 +#: src/gui/ui/newhostdialog_q.cpp:395 +msgid "MAC" +msgstr "" + +#: src/gui/ui/newfirewalldialog_q.cpp:288 +#: src/gui/ui/newfirewalldialog_q.cpp:490 +msgid "Security Level" +msgstr "" + +#: src/gui/ui/newfirewalldialog_q.cpp:450 src/gui/ui/newhostdialog_q.cpp:372 +msgid "Enter the name of the new object below:" +msgstr "" + +#: src/gui/ui/newfirewalldialog_q.cpp:451 +msgid "Choose firewall software it is running:" +msgstr "" + +#: src/gui/ui/newfirewalldialog_q.cpp:452 +msgid "Choose OS the new firewall runs on:" +msgstr "" + +#: src/gui/ui/newfirewalldialog_q.cpp:453 +msgid "Use preconfigured template firewall objects" +msgstr "" + +#: src/gui/ui/newfirewalldialog_q.cpp:455 +msgid "" +"Next step is to add interfaces to the new firewall. There are two ways to do " +"it: using SNMP query or manually. Adding them using SNMP query is fast and " +"automatic, but is only possible if firewall runs SNMP agent and you know " +"SNMP community string 'read'." +msgstr "" + +#: src/gui/ui/newfirewalldialog_q.cpp:457 src/gui/ui/newhostdialog_q.cpp:377 +msgid "Configure interfaces manually" +msgstr "" + +#: src/gui/ui/newfirewalldialog_q.cpp:458 +msgid "Use SNMP to discover interfaces of the firewall" +msgstr "" + +#: src/gui/ui/newfirewalldialog_q.cpp:459 src/gui/ui/newhostdialog_q.cpp:379 +msgid "Discover Interfaces using SNMP" +msgstr "" + +#: src/gui/ui/newfirewalldialog_q.cpp:460 src/gui/ui/newhostdialog_q.cpp:380 +msgid "SNMP 'read' community string:" +msgstr "" + +#: src/gui/ui/newfirewalldialog_q.cpp:462 +msgid "" +"Check option 'Unnumbered interface' for the interface that does not have an " +"IP address. Examples of interfaces of this kind are those used to terminate " +"PPPoE or VPN tunnels and interfaces of the bridging firewall." +msgstr "" + +#: src/gui/ui/newfirewalldialog_q.cpp:463 src/gui/ui/newhostdialog_q.cpp:383 +msgid "" +"Check option 'dynamic address' for the interface that gets its IP address " +"dynamically via DHCP or PPP protocol." +msgstr "" + +#: src/gui/ui/newfirewalldialog_q.cpp:464 src/gui/ui/newhostdialog_q.cpp:384 +msgid "Click 'Next' when done." +msgstr "" + +#: src/gui/ui/newfirewalldialog_q.cpp:469 src/gui/ui/newhostdialog_q.cpp:389 +msgid "" +"This is unnumbered interface, that is, it does not have an IP address. You " +"can use this for interfaces that terminate PPPoE or other VPN tunnels" +msgstr "" + +#: src/gui/ui/newfirewalldialog_q.cpp:476 src/gui/ui/newhostdialog_q.cpp:396 +msgid "MAC:" +msgstr "" + +#: src/gui/ui/newfirewalldialog_q.cpp:478 src/gui/ui/newhostdialog_q.cpp:398 +msgid "" +"Address of this interface is assigned dynamically using DHCP or PPP protocol" +msgstr "" + +#: src/gui/ui/newfirewalldialog_q.cpp:480 src/gui/ui/newhostdialog_q.cpp:400 +msgid "Add" +msgstr "" + +#: src/gui/ui/newfirewalldialog_q.cpp:481 src/gui/ui/newhostdialog_q.cpp:401 +msgid "Update" +msgstr "" + +#: src/gui/ui/newfirewalldialog_q.cpp:483 +msgid "" +"Here you can add or edit interfaces manually. 'Name' corresponds to the name " +"of the physical interface, such as 'eth0', 'fxp0', 'ethernet0' etc. 'Label' " +"is used to mark interface to reflect network topology, e.g. 'outside' or " +"'inside'. Label is mandatory for PIX firewall." +msgstr "" + +#: src/gui/ui/newfirewalldialog_q.cpp:485 +msgid "up" +msgstr "" + +#: src/gui/ui/newfirewalldialog_q.cpp:486 +msgid "down" +msgstr "" + +#: src/gui/ui/newfirewalldialog_q.cpp:491 +msgid "Click 'Finish' when done." +msgstr "" + +#: src/gui/ui/newfirewalldialog_q.cpp:492 +msgid "" +"In order to be able to build firewall policy properly, Firewall Builder " +"needs information about 'security level' of the firewall's interfaces. " +"Interface that connects it to the Internet is considered 'insecure' and has " +"security level '0', while interface connected to the internal network is " +"supposed to be 'secure' (security level '100'). You can arrange interfaces " +"in the order of their security level below." +msgstr "" + +#: src/gui/ui/newfirewalldialog_q.cpp:494 src/gui/ui/newhostdialog_q.cpp:405 +msgid "" +"Choose template object in the list and click 'Finish' when ready. Template " +"objects use generic interface names that will be iherited by the firewall " +"object you create. You may need to rename them later to reflect real names " +"of interfaces on your firewall machine." +msgstr "" + +#: src/gui/ui/newgroupdialog_q.cpp:99 +msgid "Group Name:" +msgstr "" + +#: src/gui/ui/newgroupdialog_q.cpp:100 +msgid "This operation will create a new group and put selected objects in it" +msgstr "" + +#: src/gui/ui/newgroupdialog_q.cpp:101 +msgid "Create a group" +msgstr "" + +#: src/gui/ui/newgroupdialog_q.cpp:102 src/gui/ui/pixadvanceddialog_q.cpp:1653 +#: src/gui/ui/pixosadvanceddialog_q.cpp:310 +#: src/gui/ui/simpletexteditor_q.cpp:90 +msgid "Cancel" +msgstr "" + +#: src/gui/ui/newhostdialog_q.cpp:373 +msgid "Use preconfigured template host objects" +msgstr "" + +#: src/gui/ui/newhostdialog_q.cpp:375 +msgid "" +"Next step is to add interfaces to the new host. There are two ways to do it: " +"using SNMP query or manually. Adding them using SNMP query is fast and " +"automatic, but is only possible if the host runs SNMP agent and you know " +"SNMP community string 'read'." +msgstr "" + +#: src/gui/ui/newhostdialog_q.cpp:378 +msgid "Use SNMP to discover interfaces of the host" +msgstr "" + +#: src/gui/ui/newhostdialog_q.cpp:382 +msgid "" +"Check option 'Unnumbered interface' for the interface that does not have an " +"IP address. Examples of interfaces of this kind are those used to terminate " +"PPPoE or VPN tunnels." +msgstr "" + +#: src/gui/ui/newhostdialog_q.cpp:403 +msgid "" +"Here you can add or edit interfaces manually. 'Name' corresponds to the name " +"of the physical interface, such as 'eth0', 'fxp0', 'ethernet0' etc. 'Label' " +"is used to mark interface to reflect network topology, e.g. 'outside' or " +"'inside'." +msgstr "" + +#: src/gui/ui/objconflictresolutiondialog_q.cpp:146 +msgid "Conflict Resolution" +msgstr "" + +#: src/gui/ui/objconflictresolutiondialog_q.cpp:147 +msgid "" +"There is a conflict between an object in your tree and object in the file " +"you are trying to open. Choose which version of this object you want to use:" +msgstr "" + +#: src/gui/ui/objconflictresolutiondialog_q.cpp:148 +msgid "Current Object " +msgstr "" + +#: src/gui/ui/objconflictresolutiondialog_q.cpp:151 +#: src/gui/ui/objconflictresolutiondialog_q.cpp:156 +msgid "" +"Always choose this\n" +"object if there is a conflict" +msgstr "" + +#: src/gui/ui/objectmanipulator_q.cpp:107 +msgid "Tree of Objects" +msgstr "" + +#: src/gui/ui/openbsdadvanceddialog_q.cpp:172 +msgid "OpenBSD: advanced settings" +msgstr "" + +#: src/gui/ui/openbsdadvanceddialog_q.cpp:178 +msgid "Enable directed broadcast" +msgstr "" + +#: src/gui/ui/openbsdadvanceddialog_q.cpp:199 +msgid "pfctl:" +msgstr "" + +#: src/gui/ui/pfadvanceddialog_q.cpp:504 +msgid "pf: advanced settings" +msgstr "" + +#: src/gui/ui/pfadvanceddialog_q.cpp:514 +msgid "Modulate state for all stateful rules (applies only to TCP services)" +msgstr "" + +#: src/gui/ui/pfadvanceddialog_q.cpp:518 +msgid "Optimization:" +msgstr "" + +#: src/gui/ui/pfadvanceddialog_q.cpp:521 +msgid "Aggressive" +msgstr "" + +#: src/gui/ui/pfadvanceddialog_q.cpp:522 +msgid "Conservative" +msgstr "" + +#: src/gui/ui/pfadvanceddialog_q.cpp:523 +msgid "For high latency" +msgstr "" + +#: src/gui/ui/pfadvanceddialog_q.cpp:524 +msgid "Normal" +msgstr "" + +#: src/gui/ui/pfadvanceddialog_q.cpp:525 +msgid "Use tables" +msgstr "" + +#: src/gui/ui/pfadvanceddialog_q.cpp:526 +msgid "reassembly pool:" +msgstr "" + +#: src/gui/ui/pfadvanceddialog_q.cpp:527 +msgid "maximum number of entries in the memory pool used for packet reassembly" +msgstr "" + +#: src/gui/ui/pfadvanceddialog_q.cpp:529 +msgid "state table size:" +msgstr "" + +#: src/gui/ui/pfadvanceddialog_q.cpp:530 +msgid "" +"maximum number of entries in the memory pool used for state table entries" +msgstr "" + +#: src/gui/ui/pfadvanceddialog_q.cpp:532 +msgid "state expiration timeout:" +msgstr "" + +#: src/gui/ui/pfadvanceddialog_q.cpp:533 +msgid "seconds between purges of expired states and packet fragments." +msgstr "" + +#: src/gui/ui/pfadvanceddialog_q.cpp:535 +msgid "seconds before an unassembled fragment is expired." +msgstr "" + +#: src/gui/ui/pfadvanceddialog_q.cpp:537 +msgid "reassembly timeout:" +msgstr "" + +#: src/gui/ui/pfadvanceddialog_q.cpp:544 +msgid "Enforce Minimum TTL:" +msgstr "" + +#: src/gui/ui/pfadvanceddialog_q.cpp:545 +msgid "Enforce Maximum MSS:" +msgstr "" + +#: src/gui/ui/pfadvanceddialog_q.cpp:546 +msgid "Enforces a maximum Maximum Segment Size (MSS) in TCP packet headers." +msgstr "" + +#: src/gui/ui/pfadvanceddialog_q.cpp:547 +msgid "Enforces a minimum Time To Live (TTL) in IP packet headers." +msgstr "" + +#: src/gui/ui/pfadvanceddialog_q.cpp:548 +msgid "Reassemble fragments" +msgstr "" + +#: src/gui/ui/pfadvanceddialog_q.cpp:549 +msgid "Clear DF bit" +msgstr "" + +#: src/gui/ui/pfadvanceddialog_q.cpp:550 +msgid "Clears the don't fragment bit from the IP packet header." +msgstr "" + +#: src/gui/ui/pfadvanceddialog_q.cpp:551 +msgid "Use random ID" +msgstr "" + +#: src/gui/ui/pfadvanceddialog_q.cpp:552 +msgid "" +"Replaces the IP identification field of outgoing packets with random values " +"to compensate for operating systems that use predictable values." +msgstr "" + +#: src/gui/ui/pfadvanceddialog_q.cpp:554 +msgid "Buffer and reassemble fragments (default)" +msgstr "" + +#: src/gui/ui/pfadvanceddialog_q.cpp:555 +msgid "" +"Buffers incoming packet fragments and reassembles them into a complete " +"packet before passing them to the filter engine." +msgstr "" + +#: src/gui/ui/pfadvanceddialog_q.cpp:556 +msgid "Drop duplicate fragments, do not buffer and reassemble" +msgstr "" + +#: src/gui/ui/pfadvanceddialog_q.cpp:557 +msgid "" +"Causes duplicate fragments to be dropped and any overlaps to be cropped." +msgstr "" + +#: src/gui/ui/pfadvanceddialog_q.cpp:558 +msgid "Drop duplicate and subsequent fragments" +msgstr "" + +#: src/gui/ui/pfadvanceddialog_q.cpp:559 +msgid "" +"Similar to 'Drop duplicate fragments' except that all duplicate or " +"overlapping fragments will be dropped as well as any further corresponding " +"fragments." +msgstr "" + +#: src/gui/ui/pfadvanceddialog_q.cpp:560 +msgid "Scrub rule options" +msgstr "" + +#: src/gui/ui/pfadvanceddialog_q.cpp:568 +msgid "Log Prefix" +msgstr "" + +#: src/gui/ui/physaddressdialog_q.cpp:135 +msgid "physAddress" +msgstr "" + +#: src/gui/ui/physaddressdialog_q.cpp:139 +msgid "Physical address (MAC):" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1651 +msgid "PIX Firewall Settings" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1652 +#: src/gui/ui/pixosadvanceddialog_q.cpp:309 +#: src/gui/ui/simpletexteditor_q.cpp:89 +msgid "OK" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1654 +msgid "Verification of policy rules" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1655 +msgid "Detect rule shadowing in the policy" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1657 +msgid "Verification of NAT rules" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1658 +msgid "Check for duplicate nat rules" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1659 +msgid "Check for overlapping global pools" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1660 +msgid "Check for overlapping statics" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1661 +msgid "Check for overlapping global pools and statics" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1662 +msgid "Policy Compiler Options" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1663 +msgid "Emulate outbound ACLs" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1664 +msgid "" +"Normally PIX does not support ouotbound ACL, however policy compiler can " +"emulate them if this option is turned on" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1666 +msgid "" +"Generate rules assuming the firewall is part of \"Any\". This makes a " +"difference in rules that use services 'ssh' and 'telnet' since PIX uses " +"special commands to control ssh and telnet access to the firewall machine" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1667 +msgid "" +"Replace NAT'ted objects with their \n" +"translations in policy rules" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1669 +msgid "" +"PIX inspects packets with ACLs before it does NAT, while many other " +"firewalls do NAT first and then apply ACLs. Policy compiler can emulate the " +"latter behaviour if this options is turned on." +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1670 +msgid "Generate 'clear' commands" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1671 +msgid "" +"check this option to make compiler add 'clear' statements to remove all pre-" +"existing ACLs and NAT commands" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1672 +msgid "Optimize 'default nat' rules" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1673 +msgid "" +"In nat rules where network zone object is used in OSrc, ODst and OSrv are " +"'any' and TSrc defines a global pool for the translation, replace object in " +"OSrc with 'any' to produce PIX command \"nat (interface) N 0.0.0.0 0.0.0.0\"" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1676 +msgid "Script formatting" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1677 +msgid "Comment the code" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1678 +msgid "Insert comments into generated PIX configuration file" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1679 +msgid "Use ACL remarks" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1680 +msgid "Use ACL remarks to relate ACL commands and policy rules in the GUI" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1681 +msgid "Group similar commands together" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1682 +msgid "" +"Group PIX commands in the script so that similar commands appear next to " +"each other, just like PIX does it when you use 'show config'" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1683 +msgid "Compiler Options" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1691 +msgid "" +"The following commands will be added verbatim on top of generated " +"configuration" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1696 +msgid "" +"The following commands will be added verbatim after generated configuration" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1697 +msgid "Prolog/Epilog" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1698 +msgid "Set all to defaults.." +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1699 +msgid "xlate" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1700 +msgid "conn" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1701 +msgid "udp" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1702 +msgid "rpc" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1703 +msgid "h323" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1704 +#: src/gui/ui/pixadvanceddialog_q.cpp:1822 +msgid "sip" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1705 +msgid "sip&media" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1706 +msgid "unauth" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1707 +msgid "telnet" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1708 +msgid "ssh" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1709 +msgid "ss" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1710 +msgid "mm" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1711 +msgid "hh" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1712 +msgid "half-closed" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1714 +msgid "Inactivity" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1715 +msgid "Absolute" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1718 +msgid "Timeouts" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1720 +#: src/gui/ui/pixadvanceddialog_q.cpp:1729 +#: src/gui/ui/pixadvanceddialog_q.cpp:1735 +#: src/gui/ui/pixadvanceddialog_q.cpp:1743 +#: src/gui/ui/pixadvanceddialog_q.cpp:1752 +#: src/gui/ui/pixadvanceddialog_q.cpp:1760 +#: src/gui/ui/pixadvanceddialog_q.cpp:1768 +#: src/gui/ui/pixadvanceddialog_q.cpp:1774 +#: src/gui/ui/pixadvanceddialog_q.cpp:1782 +#: src/gui/ui/pixadvanceddialog_q.cpp:1790 +#: src/gui/ui/pixadvanceddialog_q.cpp:1797 +#: src/gui/ui/pixadvanceddialog_q.cpp:1804 +#: src/gui/ui/pixadvanceddialog_q.cpp:1811 +#: src/gui/ui/pixadvanceddialog_q.cpp:1819 +#: src/gui/ui/pixadvanceddialog_q.cpp:1826 +#: src/gui/ui/pixadvanceddialog_q.cpp:1834 +#: src/gui/ui/pixadvanceddialog_q.cpp:1842 +#: src/gui/ui/pixadvanceddialog_q.cpp:1850 +#: src/gui/ui/pixadvanceddialog_q.cpp:1857 +msgid "skip" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1721 +#: src/gui/ui/pixadvanceddialog_q.cpp:1730 +#: src/gui/ui/pixadvanceddialog_q.cpp:1736 +#: src/gui/ui/pixadvanceddialog_q.cpp:1744 +#: src/gui/ui/pixadvanceddialog_q.cpp:1753 +#: src/gui/ui/pixadvanceddialog_q.cpp:1761 +#: src/gui/ui/pixadvanceddialog_q.cpp:1769 +#: src/gui/ui/pixadvanceddialog_q.cpp:1775 +#: src/gui/ui/pixadvanceddialog_q.cpp:1783 +#: src/gui/ui/pixadvanceddialog_q.cpp:1791 +#: src/gui/ui/pixadvanceddialog_q.cpp:1798 +#: src/gui/ui/pixadvanceddialog_q.cpp:1805 +#: src/gui/ui/pixadvanceddialog_q.cpp:1812 +#: src/gui/ui/pixadvanceddialog_q.cpp:1820 +#: src/gui/ui/pixadvanceddialog_q.cpp:1827 +#: src/gui/ui/pixadvanceddialog_q.cpp:1835 +#: src/gui/ui/pixadvanceddialog_q.cpp:1843 +#: src/gui/ui/pixadvanceddialog_q.cpp:1851 +#: src/gui/ui/pixadvanceddialog_q.cpp:1858 +msgid "enable" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1722 +#: src/gui/ui/pixadvanceddialog_q.cpp:1731 +#: src/gui/ui/pixadvanceddialog_q.cpp:1737 +#: src/gui/ui/pixadvanceddialog_q.cpp:1745 +#: src/gui/ui/pixadvanceddialog_q.cpp:1754 +#: src/gui/ui/pixadvanceddialog_q.cpp:1762 +#: src/gui/ui/pixadvanceddialog_q.cpp:1770 +#: src/gui/ui/pixadvanceddialog_q.cpp:1776 +#: src/gui/ui/pixadvanceddialog_q.cpp:1784 +#: src/gui/ui/pixadvanceddialog_q.cpp:1792 +#: src/gui/ui/pixadvanceddialog_q.cpp:1799 +#: src/gui/ui/pixadvanceddialog_q.cpp:1806 +#: src/gui/ui/pixadvanceddialog_q.cpp:1813 +#: src/gui/ui/pixadvanceddialog_q.cpp:1821 +#: src/gui/ui/pixadvanceddialog_q.cpp:1828 +#: src/gui/ui/pixadvanceddialog_q.cpp:1836 +#: src/gui/ui/pixadvanceddialog_q.cpp:1844 +#: src/gui/ui/pixadvanceddialog_q.cpp:1852 +#: src/gui/ui/pixadvanceddialog_q.cpp:1859 +msgid "disable" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1723 +msgid "" +"Computer Telephony Interface Quick Buffer Encoding (CTIQBE) protocol " +"inspection module that supports NAT, PAT, and bi-directional NAT." +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1724 +#: src/gui/ui/pixadvanceddialog_q.cpp:1740 +#: src/gui/ui/pixadvanceddialog_q.cpp:1749 +#: src/gui/ui/pixadvanceddialog_q.cpp:1758 +#: src/gui/ui/pixadvanceddialog_q.cpp:1766 +#: src/gui/ui/pixadvanceddialog_q.cpp:1779 +#: src/gui/ui/pixadvanceddialog_q.cpp:1795 +#: src/gui/ui/pixadvanceddialog_q.cpp:1802 +#: src/gui/ui/pixadvanceddialog_q.cpp:1809 +#: src/gui/ui/pixadvanceddialog_q.cpp:1816 +#: src/gui/ui/pixadvanceddialog_q.cpp:1824 +#: src/gui/ui/pixadvanceddialog_q.cpp:1832 +#: src/gui/ui/pixadvanceddialog_q.cpp:1839 +#: src/gui/ui/pixadvanceddialog_q.cpp:1847 +#: src/gui/ui/pixadvanceddialog_q.cpp:1855 +msgid "port:" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1725 +msgid "ctiqbe" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1726 +msgid "" +"Based on this maximum-length configured by the user, the DNS fixup checks to " +"see if the DNS packet length is within this limit. Every UDP DNS packet " +"(request/response) undergoes the above check." +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1727 +msgid "max length:" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1732 +msgid "dns" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1733 +msgid "Enables PAT for Encapsulating Security Payload (ESP), single tunnel." +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1738 +msgid "esp ike" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1741 +msgid "strict:" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1746 +msgid "" +"Activated support for FTP protocol and allows to change the ftp control " +"connection port number." +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1747 +msgid "ftp" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1748 +msgid "" +"Specifies to use H.225, the ITU standard that governs H.225.0 session " +"establishment and packetization, with H.323" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1750 +#: src/gui/ui/pixadvanceddialog_q.cpp:1757 +#: src/gui/ui/pixadvanceddialog_q.cpp:1765 +#: src/gui/ui/pixadvanceddialog_q.cpp:1780 +#: src/gui/ui/pixadvanceddialog_q.cpp:1817 +#: src/gui/ui/pixadvanceddialog_q.cpp:1831 +#: src/gui/ui/pixadvanceddialog_q.cpp:1840 +#: src/gui/ui/pixadvanceddialog_q.cpp:1848 +msgid "--" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1755 +msgid "h323 h225" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1756 +msgid "" +"Specifies to use RAS with H.323 to enable dissimilar communication devices " +"to communicate with each other." +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1763 +msgid "h323 ras" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1764 +msgid "" +"The default port for HTTP is 80. Use the port option to change the HTTP " +"port, or specify a range of HTTP ports." +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1771 +msgid "http" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1772 +msgid "" +"Enables NAT of ICMP error messages. This creates translations for " +"intermediate hops based on the static or network address translation " +"configuration on the firewall." +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1777 +msgid "icmp error" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1778 +msgid "" +"Provides NAT support for Microsoft NetMeeting, SiteServer, and Active " +"Directory products that use LightWeight Directory Access Protocol (LDAP) to " +"exchange directory information with an for Internet Locator Service (ILS) " +"server." +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1785 +msgid "ils" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1786 +msgid "Enables the Media Gateway Control Protocol (MGCP) fixup." +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1787 +msgid "Gateway Port:" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1788 +msgid "Call Agent port:" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1793 +msgid "mgcp" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1794 +msgid "" +"Enables Point-to-Point Tunneling Protocol (PPTP) application inspection." +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1800 +msgid "pptp" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1801 +msgid "Enables inspection of RSH protocol." +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1807 +msgid "rsh" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1808 +msgid "" +"Lets PIX Firewall pass Real Time Streaming Protocol (RTSP) packets. RTSP is " +"used by RealAudio, RealNetworks, Apple QuickTime 4, RealPlayer, and Cisco IP/" +"TV connections." +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1814 +msgid "rtsp" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1815 +msgid "" +"Enable or change the port assignment for the Session Initiation Protocol " +"(SIP) for Voice over IP TCP connections." +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1823 +msgid "Enable SIP-over-UDP application inspection." +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1829 +msgid "sip udp" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1830 +msgid "" +"Enable SCCP application inspection. SCCP protocol supports IP telephony and " +"can coexist in an H.323 environment. An application layer ensures that all " +"SCCP signaling and media packets can traverse the PIX Firewall and " +"interoperate with H.323 terminals." +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1837 +msgid "skinny" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1838 +msgid "" +"Enables the Mail Guard feature, which only lets mail servers receive the RFC " +"821, section 4.5.1, commands of HELO, MAIL, RCPT, DATA, RSET, NOOP, and " +"QUIT. All other commands are translated into X's which are rejected by the " +"internal server." +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1845 +msgid "smtp" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1846 +msgid "Enables support for SQL*Net protocol." +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1853 +msgid "sqlnet" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1854 +msgid "Enable TFTP application inspection." +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1860 +msgid "tftp" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1862 +msgid "Generated fixup commands:" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1863 +msgid "Enable all protocols" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1864 +msgid "Skip all protocols" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1865 +msgid "Disable all protocols" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1866 +msgid "Fixup" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1867 +msgid "Syslog" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1868 +msgid "Syslog host (name or IP address):" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1869 +msgid "syslog facility:" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1870 +msgid "syslog level ('logging trap'):" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1871 +msgid "Syslog message queue size (messages):" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1872 +msgid "Use 'EMBLEM' format for syslog messages" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1873 +msgid "" +"PIX Firewall Version 6.3 introduces support for EMBLEM format, which is " +"required when using the CiscoWorks Resource Manager Essentials (RME) syslog " +"analyzer." +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1874 +msgid "Set device id for syslog messages (v6.3 and later):" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1875 +msgid "use address of interface" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1876 +msgid "use text string" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1877 +msgid "use hostname" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1878 +msgid "The logging timestamp command requires that the clock command be set." +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1879 +msgid "Enable logging timestamps on syslog file" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1880 +msgid "Other logging destinations and levels:" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1881 +msgid "Internal buffer" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1882 +msgid "Console" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1884 +msgid "Actively reset inbound TCP connections with RST" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1886 +msgid "Actively reset inbound TCP connections with RST on outside interface" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1888 +msgid "Force each TCP connection to linger in a shortened TIME&WAIT" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1889 +msgid "Alt+W" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1890 +msgid "Enable the IP Frag Guard feature (deprecated in v6.3 and later)." +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1891 +msgid "Enable TCP resource control for AAA Authentication Proxy" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1892 +msgid "" +"Specify that when an incoming packet does a route lookup,\n" +"the incoming interface is used to determine which interface\n" +"the packet should go to, and which is the next hop\n" +"(deprecated in v6.3 and later)." +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1896 +msgid "Disable inbound embedded DNS A record fixups" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1897 +msgid "Disable outbound DNS A record replies" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1898 +msgid "maximum number of simultaneous TCP and UDP connections" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1899 +msgid "maximum number of embryonic connections per host" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1900 +msgid "" +"Specifies the maximum number of simultaneous TCP and UDP connections for the " +"entire subnet. The default is 0, which means unlimited connections. (Idle " +"connections are closed after the idle timeout specified by the timeout conn " +"command.)" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1901 +msgid "" +"Specifies the maximum number of embryonic connections per host. An embryonic " +"connection is a connection request that has not finished the necessary " +"handshake between source and destination. Set a small value for slower " +"systems, and a higher value for faster systems. The default is 0, which " +"means unlimited embryonic connections." +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1902 +msgid "The following parameters are used for all NAT rules:" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1903 +msgid "" +"(The default for both parameters is 0, which means unlimited number of " +"connections.)" +msgstr "" + +#: src/gui/ui/pixadvanceddialog_q.cpp:1904 +msgid "PIX Options" +msgstr "" + +#: src/gui/ui/pixosadvanceddialog_q.cpp:275 +msgid "PIX Advanced Configuration Options" +msgstr "" + +#: src/gui/ui/pixosadvanceddialog_q.cpp:276 +msgid "Set PIX host name using object's name" +msgstr "" + +#: src/gui/ui/pixosadvanceddialog_q.cpp:277 +msgid "Generate commands to configure addresses for interfaces" +msgstr "" + +#: src/gui/ui/pixosadvanceddialog_q.cpp:279 +msgid "NTP Servers:" +msgstr "" + +#: src/gui/ui/pixosadvanceddialog_q.cpp:282 +msgid "Server 1:" +msgstr "" + +#: src/gui/ui/pixosadvanceddialog_q.cpp:283 +msgid "Server 2:" +msgstr "" + +#: src/gui/ui/pixosadvanceddialog_q.cpp:284 +msgid "Server 3:" +msgstr "" + +#: src/gui/ui/pixosadvanceddialog_q.cpp:286 +msgid "Preffered:" +msgstr "" + +#: src/gui/ui/pixosadvanceddialog_q.cpp:287 +#: src/gui/ui/pixosadvanceddialog_q.cpp:301 +msgid "IP address:" +msgstr "" + +#: src/gui/ui/pixosadvanceddialog_q.cpp:288 +msgid "NTP" +msgstr "" + +#: src/gui/ui/pixosadvanceddialog_q.cpp:289 +msgid "Disable SNMP Agent" +msgstr "" + +#: src/gui/ui/pixosadvanceddialog_q.cpp:290 +msgid "Set SNMP communities using data from the firewall object dialog" +msgstr "" + +#: src/gui/ui/pixosadvanceddialog_q.cpp:291 +msgid "SNMP servers" +msgstr "" + +#: src/gui/ui/pixosadvanceddialog_q.cpp:293 +#: src/gui/ui/pixosadvanceddialog_q.cpp:297 +msgid "Poll" +msgstr "" + +#: src/gui/ui/pixosadvanceddialog_q.cpp:294 +#: src/gui/ui/pixosadvanceddialog_q.cpp:298 +msgid "Poll and Traps" +msgstr "" + +#: src/gui/ui/pixosadvanceddialog_q.cpp:295 +#: src/gui/ui/pixosadvanceddialog_q.cpp:299 +msgid "Traps" +msgstr "" + +#: src/gui/ui/pixosadvanceddialog_q.cpp:300 +msgid "Enable:" +msgstr "" + +#: src/gui/ui/pixosadvanceddialog_q.cpp:302 +msgid "SNMP Server 1:" +msgstr "" + +#: src/gui/ui/pixosadvanceddialog_q.cpp:303 +msgid "SNMP Server 2:" +msgstr "" + +#: src/gui/ui/pixosadvanceddialog_q.cpp:304 +msgid "Enable sending log messages as SNMP trap notifications" +msgstr "" + +#: src/gui/ui/pixosadvanceddialog_q.cpp:306 +msgid "Change TCP MSS to" +msgstr "" + +#: src/gui/ui/pixosadvanceddialog_q.cpp:307 +msgid "bytes" +msgstr "" + +#: src/gui/ui/prefsdialog_q.cpp:219 src/gui/ui/prefsdialog_q.cpp:439 +msgid "Load" +msgstr "" + +#: src/gui/ui/prefsdialog_q.cpp:220 src/gui/ui/prefsdialog_q.cpp:440 +msgid "File Path" +msgstr "" + +#: src/gui/ui/prefsdialog_q.cpp:408 +msgid "Preferences" +msgstr "" + +#: src/gui/ui/prefsdialog_q.cpp:413 +msgid "Working directory:" +msgstr "" + +#: src/gui/ui/prefsdialog_q.cpp:414 src/gui/ui/prefsdialog_q.cpp:431 +#: src/gui/ui/prefsdialog_q.cpp:432 +msgid "Browse..." +msgstr "" + +#: src/gui/ui/prefsdialog_q.cpp:415 +msgid "On startup: " +msgstr "" + +#: src/gui/ui/prefsdialog_q.cpp:417 +msgid "Load standard objects" +msgstr "" + +#: src/gui/ui/prefsdialog_q.cpp:418 +msgid "Load last edited file" +msgstr "" + +#: src/gui/ui/prefsdialog_q.cpp:419 +msgid "Expand all branches in the object tree" +msgstr "" + +#: src/gui/ui/prefsdialog_q.cpp:420 +msgid "Tooltip delay:" +msgstr "" + +#: src/gui/ui/prefsdialog_q.cpp:421 +msgid "Automatically save data in dialogs when switching between objects" +msgstr "" + +#: src/gui/ui/prefsdialog_q.cpp:422 +msgid "Periodically save data to file every " +msgstr "" + +#: src/gui/ui/prefsdialog_q.cpp:423 +msgid "minutes" +msgstr "" + +#: src/gui/ui/prefsdialog_q.cpp:424 +msgid "Enable object tooltips" +msgstr "" + +#: src/gui/ui/prefsdialog_q.cpp:425 +msgid "Show deleted objects" +msgstr "" + +#: src/gui/ui/prefsdialog_q.cpp:427 +msgid "Do not ask for the log record when checking in new file revision." +msgstr "" + +#: src/gui/ui/prefsdialog_q.cpp:428 +msgid "Revision Control" +msgstr "" + +#: src/gui/ui/prefsdialog_q.cpp:429 +msgid "" +"A full path to the Secure Copy utility (secure file copy; for example scp on " +"Unix or pscp.exe or vcp.exe on Windows):" +msgstr "" + +#: src/gui/ui/prefsdialog_q.cpp:430 +msgid "" +"A full path to the Secure Shell utility (remote command execution; for " +"example ssh on Unix or plink.exe or vsh.exe on Windows):" +msgstr "" + +#: src/gui/ui/prefsdialog_q.cpp:433 +msgid "SSH" +msgstr "" + +#: src/gui/ui/prefsdialog_q.cpp:434 +msgid "Add..." +msgstr "" + +#: src/gui/ui/prefsdialog_q.cpp:435 +msgid "Remove" +msgstr "" + +#: src/gui/ui/prefsdialog_q.cpp:436 +msgid "" +"If you remove libraries from the list, changes get in effect next time you " +"start the program" +msgstr "" + +#: src/gui/ui/prefsdialog_q.cpp:437 +msgid "Available libraries:" +msgstr "" + +#: src/gui/ui/prefsdialog_q.cpp:441 +msgid "Libraries" +msgstr "" + +#: src/gui/ui/prefsdialog_q.cpp:442 +msgid "Use these labels to mark rules in the firewall policy" +msgstr "" + +#: src/gui/ui/prefsdialog_q.cpp:450 +msgid "Labels" +msgstr "" + +#: src/gui/ui/prefsdialog_q.cpp:451 +msgid "Do not save a copy of objects form add-on libraries in each data file" +msgstr "" + +#: src/gui/ui/prefsdialog_q.cpp:452 +msgid "" +"This option is provisional and will change or disappear in future releases " +"because we expect to make this a default behavior." +msgstr "" + +#: src/gui/ui/prefsdialog_q.cpp:453 +msgid "Data format" +msgstr "" + +#: src/gui/ui/rcsfilepreview_q.cpp:49 src/gui/ui/rcsfilepreview_q.cpp:122 +msgid "Revision" +msgstr "" + +#: src/gui/ui/rcsfilepreview_q.cpp:52 src/gui/ui/rcsfilepreview_q.cpp:123 +msgid "Date" +msgstr "" + +#: src/gui/ui/rcsfilepreview_q.cpp:55 src/gui/ui/rcsfilepreview_q.cpp:124 +msgid "Author" +msgstr "" + +#: src/gui/ui/rcsfilepreview_q.cpp:58 src/gui/ui/rcsfilepreview_q.cpp:125 +msgid "Locked by" +msgstr "" + +#: src/gui/ui/rcsfilepreview_q.cpp:120 +msgid "RCSFilePreview" +msgstr "" + +#: src/gui/ui/rcsfilepreview_q.cpp:121 +msgid "Open read-only" +msgstr "" + +#: src/gui/ui/rcsfilepreview_q.cpp:126 +msgid "RCS log:" +msgstr "" + +#: src/gui/ui/rcsfilesavedialog_q.cpp:96 +msgid "Log record for the new revision" +msgstr "" + +#: src/gui/ui/rcsfilesavedialog_q.cpp:97 +msgid "Log record for this revision: " +msgstr "" + +#: src/gui/ui/rcsfilesavedialog_q.cpp:98 +msgid "Do not ask me anymore, always check files in with empty log" +msgstr "" + +#: src/gui/ui/rcsfilesavedialog_q.cpp:99 +msgid "Check file &in" +msgstr "" + +#: src/gui/ui/rcsfilesavedialog_q.cpp:100 +msgid "Alt+I" +msgstr "" + +#: src/gui/ui/ruleoptionsdialog_q.cpp:444 +msgid "Rule Options for ipt" +msgstr "" + +#: src/gui/ui/ruleoptionsdialog_q.cpp:446 +#: src/gui/ui/ruleoptionsdialog_q.cpp:505 +#: src/gui/ui/ruleoptionsdialog_q.cpp:524 +#: src/gui/ui/ruleoptionsdialog_q.cpp:538 +msgid "" +"If rule action is 'Reject', this option defines firewall's reaction to the " +"packet matching the rule" +msgstr "" + +#: src/gui/ui/ruleoptionsdialog_q.cpp:457 +msgid "" +"Netlink group\n" +"(if using ULOG): " +msgstr "" + +#: src/gui/ui/ruleoptionsdialog_q.cpp:470 +#: src/gui/ui/ruleoptionsdialog_q.cpp:519 +#: src/gui/ui/ruleoptionsdialog_q.cpp:536 +#: src/gui/ui/ruleoptionsdialog_q.cpp:549 +msgid "" +"Normally policy compiler uses stateful inspection in each rule. Activating " +"next option makes this rule stateless." +msgstr "" + +#: src/gui/ui/ruleoptionsdialog_q.cpp:471 +msgid "" +"Assume firewall is part\n" +"of 'any' (this setting only\n" +"affects code generated\n" +"for this rule)" +msgstr "" + +#: src/gui/ui/ruleoptionsdialog_q.cpp:475 +msgid "Burst:" +msgstr "" + +#: src/gui/ui/ruleoptionsdialog_q.cpp:482 +msgid "" +"Rule matches if it hits this often\n" +"or less: " +msgstr "" + +#: src/gui/ui/ruleoptionsdialog_q.cpp:484 +#: src/gui/ui/ruleoptionsdialog_q.cpp:520 +#: src/gui/ui/ruleoptionsdialog_q.cpp:537 +#: src/gui/ui/ruleoptionsdialog_q.cpp:550 +msgid "Stateless rule" +msgstr "" + +#: src/gui/ui/ruleoptionsdialog_q.cpp:516 +msgid "" +"Send ICMP 'unreachable' packet\n" +"masquerading as being from\n" +"the original destination" +msgstr "" + +#: src/gui/ui/ruleoptionsdialog_q.cpp:521 +msgid "" +"Keep information on fragmented\n" +"packets, to be applied to later\n" +"fragments" +msgstr "" + +#: src/gui/ui/ruleoptionsdialog_q.cpp:551 +msgid "These options are only valid for PIX running software v6.3 or later" +msgstr "" + +#: src/gui/ui/ruleoptionsdialog_q.cpp:552 +msgid "" +"completely disable logging\n" +"for this rule" +msgstr "" + +#: src/gui/ui/ruleoptionsdialog_q.cpp:564 +msgid "Logging interval:" +msgstr "" + +#: src/gui/ui/simpletexteditor_q.cpp:91 +msgid "Import from file ..." +msgstr "" + +#: src/gui/ui/solarisadvanceddialog_q.cpp:182 +msgid "Solaris: advanced settings" +msgstr "" + +#: src/gui/ui/solarisadvanceddialog_q.cpp:187 +msgid "Ignore ICMP redirects" +msgstr "" + +#: src/gui/ui/solarisadvanceddialog_q.cpp:192 +msgid "Forward directed broadcasts" +msgstr "" + +#: src/gui/ui/solarisadvanceddialog_q.cpp:193 +msgid "Respond to echo broadcast" +msgstr "" + +#: src/gui/ui/startwizard_q.cpp:114 +msgid "Welcome to Firewall Builder" +msgstr "" + +#: src/gui/ui/startwizard_q.cpp:115 +msgid "Firewall Builder 2.0" +msgstr "" + +#: src/gui/ui/startwizard_q.cpp:116 +msgid "Do you want to open existing project file or create a new one?" +msgstr "" + +#: src/gui/ui/startwizard_q.cpp:117 +msgid "Create new project file" +msgstr "" + +#: src/gui/ui/startwizard_q.cpp:118 +msgid "Open existing file" +msgstr "" + +#: src/gui/ui/startwizard_q.cpp:120 +#, qt-format +msgid "File name: %1" +msgstr "" + +#: src/gui/ui/startwizard_q.cpp:121 +msgid "" +"Activate Revision Control System for this file\n" +"(if you do not do this now, you can always activate it later)" +msgstr "" + +#: src/gui/ui/startwizard_q.cpp:123 +msgid "" +"Let the program automatically open this file when I start it next time\n" +"(you can activate this option later using Preferences dialog)" +msgstr "" + +#: src/gui/ui/tcpservicedialog_q.cpp:337 src/gui/ui/udpservicedialog_q.cpp:205 +msgid "Destination Port Range" +msgstr "" + +#: src/gui/ui/tcpservicedialog_q.cpp:338 src/gui/ui/tcpservicedialog_q.cpp:341 +#: src/gui/ui/udpservicedialog_q.cpp:206 src/gui/ui/udpservicedialog_q.cpp:209 +msgid "Start:" +msgstr "" + +#: src/gui/ui/tcpservicedialog_q.cpp:339 src/gui/ui/tcpservicedialog_q.cpp:342 +#: src/gui/ui/udpservicedialog_q.cpp:207 src/gui/ui/udpservicedialog_q.cpp:210 +msgid "End:" +msgstr "" + +#: src/gui/ui/tcpservicedialog_q.cpp:340 src/gui/ui/udpservicedialog_q.cpp:208 +msgid "Source Port Range" +msgstr "" + +#: src/gui/ui/tcpservicedialog_q.cpp:345 +msgid "TCP Flags" +msgstr "" + +#: src/gui/ui/tcpservicedialog_q.cpp:347 +msgid "A" +msgstr "" + +#: src/gui/ui/tcpservicedialog_q.cpp:352 +msgid "U" +msgstr "" + +#: src/gui/ui/tcpservicedialog_q.cpp:355 +msgid "Mask:" +msgstr "" + +#: src/gui/ui/tcpservicedialog_q.cpp:357 +msgid "Settings:" +msgstr "" + +#: src/gui/ui/tcpservicedialog_q.cpp:358 +msgid "S" +msgstr "" + +#: src/gui/ui/tcpservicedialog_q.cpp:360 +msgid "F" +msgstr "" + +#: src/gui/ui/tcpservicedialog_q.cpp:361 +msgid "P" +msgstr "" + +#: src/gui/ui/tcpservicedialog_q.cpp:362 +msgid "R" +msgstr "" + +#: src/gui/ui/timedialog_q.cpp:219 src/gui/ui/timedialog_q.cpp:222 +msgid "Date:" +msgstr "" + +#: src/gui/ui/timedialog_q.cpp:220 src/gui/ui/timedialog_q.cpp:224 +msgid "Time:" +msgstr "" + +#: src/gui/ui/timedialog_q.cpp:221 +msgid "Activate a rule on:" +msgstr "" + +#: src/gui/ui/timedialog_q.cpp:223 src/gui/ui/timedialog_q.cpp:226 +msgid "Day of week (0-6):" +msgstr "" + +#: src/gui/ui/timedialog_q.cpp:225 +msgid "Deactivate a rule on:" +msgstr "" + +#: src/gui/ui/udpservicedialog_q.cpp:200 +msgid "UDP" +msgstr "" diff --git a/po/vi.qm b/po/vi.qm new file mode 100644 index 000000000..09eb5a355 Binary files /dev/null and b/po/vi.qm differ diff --git a/qmake.inc.in b/qmake.inc.in new file mode 100644 index 000000000..f447ca53b --- /dev/null +++ b/qmake.inc.in @@ -0,0 +1,77 @@ +#-*- mode: makefile; tab-width: 4; -*- +# +######### libfwbuilder/qmake.inc.in +# +QTDIR = $$(QTDIR) + +TEMPLATE = app + +SO_VERSION = @LIBFWBUILDER_SOLIB_VERSION@ + +DEFINES += $$(DEFINES) +INCLUDEPATH += .. ../.. $$(INCLUDEPATH) @LIBFWBUILDER_INCLUDEPATH@ +LANGUAGE = C++ +UI_DIR = ui +MANDIR = @MANDIR@ +DOCDIR = @DOCDIR@ + +HAVE_ANTLR_RUNTIME = @HAVE_ANTLR_RUNTIME@ +HAVE_EXTERNAL_ANTLR = @HAVE_EXTERNAL_ANTLR@ + +unix { + ANTLR_INCLUDEPATH = @ANTLR_INCLUDEPATH@ + ANTLR_LIBS = @ANTLR_LIBS@ + FWBPARSER_LIB = ../parsers/libfwbparser.a +} + + +unix { +!macx { + UI_DIR = .ui + MOC_DIR = .moc + OBJECTS_DIR = .obj + + PREFIX = @PREFIX@ + exec_prefix = @EXEC_PREFIX@ + DESTDIR = + + LIBS_FWCOMPILER = @LIBFWBUILDER_LIBS_FWCOMPILER@ + LIBS_FWBUILDER = @LIBFWBUILDER_LIBS_FWBUILDER@ + + target.path = $$PREFIX/bin + dtd.path = @TEMPLATE_DIR@/ + migration.path = @TEMPLATE_DIR@/migration + doc.path = @DOCDIR@ + +# win32:target.path = $$PREFIX/ +# unix:target.path = $$PREFIX/share/fwbuilder/ +# macx:target.path = $$PREFIX/ + + res.files = src/res/objects_init.xml src/res/templates.xml src/res/resources.xml + res.path = @RES_DIR@ + res_os.files = src/res/os/*.xml + res_os.path = @RES_DIR@/os/ + res_platform.files = src/res/platform/*.xml + res_platform.path = @RES_DIR@/platform/ + + INSTALLS += res + INSTALLS += res_os + INSTALLS += res_platform +# INSTALLS += icns + LIBS += $$LIBS_FWBUILDER @LIBS@ + + PKGLOCALEDIR = $$res.path/locale + + CONFIG += warn_on debug + QMAKE_CFLAGS_DEBUG += -Wno-unused-parameter + QMAKE_CFLAGS_RELEASE += -Wno-unused-parameter + QMAKE_CXXFLAGS_DEBUG += -Wno-unused-parameter @CXXFLAGS@ + QMAKE_CXXFLAGS_RELEASE += -Wno-unused-parameter @CXXFLAGS@ +} +} + +exists(qmake2.inc) { + include( qmake2.inc) +} + +INSTALLS += target diff --git a/runqmake.sh b/runqmake.sh new file mode 100644 index 000000000..b00f38160 --- /dev/null +++ b/runqmake.sh @@ -0,0 +1,57 @@ +#!/bin/sh + +if test -f qtdir ; then + QTDIR=`cat qtdir` + export QTDIR +fi + +test -z "${QMAKE}" && QMAKE="qmake" + +echo "Running qmake: ${QMAKE}" + +${QMAKE} + +${QMAKE} -o src/Makefile src/src.pro +${QMAKE} -o src/res/Makefile src/res/res.pro +${QMAKE} -o src/tools/Makefile src/tools/tools.pro +${QMAKE} -o doc/Makefile doc/doc.pro +${QMAKE} -o po/Makefile po/po.pro + +if test -n "$CCACHE"; then + +${QMAKE} 'QMAKE_CXX=ccache g++' -o src/antlr/Makefile src/antlr/antlr.pro + +${QMAKE} 'QMAKE_CXX=ccache g++' -o src/gui/Makefile src/gui/gui.pro +${QMAKE} 'QMAKE_CXX=ccache g++' -o src/fwblookup/Makefile src/fwblookup/fwblookup.pro +${QMAKE} 'QMAKE_CXX=ccache g++' -o src/fwbedit/Makefile src/fwbedit/fwbedit.pro +${QMAKE} 'QMAKE_CXX=ccache g++' -o src/ipt/Makefile src/ipt/ipt.pro +${QMAKE} 'QMAKE_CXX=ccache g++' -o src/pflib/Makefile src/pflib/pflib.pro +${QMAKE} 'QMAKE_CXX=ccache g++' -o src/pf/Makefile src/pf/pf.pro +${QMAKE} 'QMAKE_CXX=ccache g++' -o src/ipf/Makefile src/ipf/ipf.pro +${QMAKE} 'QMAKE_CXX=ccache g++' -o src/ipfw/Makefile src/ipfw/ipfw.pro + +${QMAKE} 'QMAKE_CXX=ccache g++' -o src/parsers/Makefile src/parsers/parsers.pro + +test -d src/unit_tests && ${QMAKE} 'QMAKE_CXX=ccache g++' -o src/unit_tests/importer/Makefile \ +src/unit_tests/importer/importer.pro + +else + +${QMAKE} -o src/antlr/Makefile src/antlr/antlr.pro + +${QMAKE} -o src/gui/Makefile src/gui/gui.pro +${QMAKE} -o src/fwblookup/Makefile src/fwblookup/fwblookup.pro +${QMAKE} -o src/fwbedit/Makefile src/fwbedit/fwbedit.pro +${QMAKE} -o src/ipt/Makefile src/ipt/ipt.pro +${QMAKE} -o src/pflib/Makefile src/pflib/pflib.pro +${QMAKE} -o src/pf/Makefile src/pf/pf.pro +${QMAKE} -o src/ipf/Makefile src/ipf/ipf.pro +${QMAKE} -o src/ipfw/Makefile src/ipfw/ipfw.pro + +${QMAKE} -o src/parsers/Makefile src/parsers/parsers.pro + +test -d src/unit_tests && ${QMAKE} -o src/unit_tests/importer/Makefile \ +src/unit_tests/importer/importer.pro + +fi + diff --git a/someproj.kdevelop b/someproj.kdevelop new file mode 100644 index 000000000..bac8b4cba --- /dev/null +++ b/someproj.kdevelop @@ -0,0 +1,202 @@ + + + + + root@abs + 1 + KDevTrollProject + C++ + + Qt + + someproj + + . + false + + + + + + + + + + + + *.o,*.lo,CVS + false + + + + + bash + bash_bugs + clanlib + w3c-dom-level2-html + fortran_bugs_gcc + gnome1 + gnustep + gtk + gtk_bugs + haskell + haskell_bugs_ghc + java_bugs_gcc + java_bugs_sun + kde2book + opengl + pascal_bugs_fp + php + php_bugs + perl + perl_bugs + python + python_bugs + qt-kdev3 + ruby + ruby_bugs + sdl + stl + w3c-svg + sw + w3c-uaag10 + wxwidgets_bugs + + + KDE Libraries (Doxygen) + + + + + + + + + + true + false + false + + + + false + true + 10 + + + + + 3 + true + 3 + ExternalDesigner + /usr/lib/qt + /usr/lib/qt/bin/qmake + /usr/lib/qt/bin/designer + + + + false + true + true + 250 + 400 + 250 + false + 0 + true + true + false + std=_GLIBCXX_STD;__gnu_cxx=std + true + false + false + false + false + true + true + false + .; + true + true + true + false + + + + set + m_,_ + theValue + true + true + + + false + true + Vertical + + + + + + + + + + + + + + + + build + + + + + + /svejak/svejak/someproj + /svejak/svejak/someproj + + + + + + fwbuilder4 + + + /svejak/svejak/someproj + true + false + false + false + false + + / + + + true + false + 1 + false + + 0 + + + + 2 + false + true + + + + + .h + .cpp + + + + + + + diff --git a/someproj.kdevelop.pcs b/someproj.kdevelop.pcs new file mode 100644 index 000000000..07fe1d0b0 Binary files /dev/null and b/someproj.kdevelop.pcs differ diff --git a/someproj.kdevses b/someproj.kdevses new file mode 100644 index 000000000..e8b4aed95 --- /dev/null +++ b/someproj.kdevses @@ -0,0 +1,33 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/someproj.old b/someproj.old new file mode 100644 index 000000000..b04f8a4ce --- /dev/null +++ b/someproj.old @@ -0,0 +1,14 @@ +###################################################################### +# Automatically generated by qmake (2.01a) Sun Aug 12 19:41:49 2007 +###################################################################### + +TEMPLATE = app +TARGET = +DEPENDPATH += . +INCLUDEPATH += . /home/krava/work/extlibs/libxml/libxml2-2.6.23/include /usr/include/Qt /home/krava/work/libfwbuilder/src +QT += network qt3support + +# Input +HEADERS += ./src/gui/utils_no_qt.h ./src/gui/FWBTree.h ./src/gui/utils.h VERSION.h ./src/gui/FWWindow.h ./src/gui/FWBMainWindow_q.h +SOURCES += ./src/gui/utils_no_qt.cpp ./src/gui/FWBTree.cpp ./src/gui/utils.cpp ./src/gui/main.cpp ./src/gui/FWWindow.cpp +LIBS += /usr/local/lib/libfwbuilder.so diff --git a/src/.cvsignore b/src/.cvsignore new file mode 100644 index 000000000..0dcff5a7a --- /dev/null +++ b/src/.cvsignore @@ -0,0 +1,5 @@ +.cvsignore +Makefile +.moc +.ui + diff --git a/src/antlr/ANTLRException.hpp b/src/antlr/ANTLRException.hpp new file mode 100644 index 000000000..124e5e5cc --- /dev/null +++ b/src/antlr/ANTLRException.hpp @@ -0,0 +1,59 @@ +#ifndef INC_ANTLRException_hpp__ +#define INC_ANTLRException_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: ANTLRException.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +class ANTLR_API ANTLRException +{ +public: + /// Create ANTLR base exception without error message + ANTLRException() : text("") + { + } + /// Create ANTLR base exception with error message + ANTLRException(const ANTLR_USE_NAMESPACE(std)string& s) + : text(s) + { + } + virtual ~ANTLRException() throw() + { + } + + /** Return complete error message with line/column number info (if present) + * @note for your own exceptions override this one. Call getMessage from + * here to get the 'clean' error message stored in the text attribute. + */ + virtual ANTLR_USE_NAMESPACE(std)string toString() const + { + return text; + } + + /** Return error message without additional info (if present) + * @note when making your own exceptions classes override toString + * and call in toString getMessage which relays the text attribute + * from here. + */ + virtual ANTLR_USE_NAMESPACE(std)string getMessage() const + { + return text; + } +private: + ANTLR_USE_NAMESPACE(std)string text; +}; +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_ANTLRException_hpp__ diff --git a/src/antlr/ANTLRUtil.cpp b/src/antlr/ANTLRUtil.cpp new file mode 100644 index 000000000..96d60175e --- /dev/null +++ b/src/antlr/ANTLRUtil.cpp @@ -0,0 +1,163 @@ +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: ANTLRUtil.cpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include + +#include +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +/** Eat whitespace from the input stream + * @param is the stream to read from + */ +ANTLR_USE_NAMESPACE(std)istream& eatwhite( ANTLR_USE_NAMESPACE(std)istream& is ) +{ + char c; + while( is.get(c) ) + { +#ifdef ANTLR_CCTYPE_NEEDS_STD + if( !ANTLR_USE_NAMESPACE(std)isspace(c) ) +#else + if( !isspace(c) ) +#endif + { + is.putback(c); + break; + } + } + return is; +} + +/** Read a string enclosed by '"' from a stream. Also handles escaping of \". + * Skips leading whitespace. + * @param in the istream to read from. + * @returns the string read from file exclusive the '"' + * @throws IOException if string is badly formatted + */ +ANTLR_USE_NAMESPACE(std)string read_string( ANTLR_USE_NAMESPACE(std)istream& in ) +{ + char ch; + ANTLR_USE_NAMESPACE(std)string ret(""); + // States for a simple state machine... + enum { START, READING, ESCAPE, FINISHED }; + int state = START; + + eatwhite(in); + + while( state != FINISHED && in.get(ch) ) + { + switch( state ) + { + case START: + // start state: check wether starting with " then switch to READING + if( ch != '"' ) + throw IOException("string must start with '\"'"); + state = READING; + continue; + case READING: + // reading state: look out for escape sequences and closing " + if( ch == '\\' ) // got escape sequence + { + state = ESCAPE; + continue; + } + if( ch == '"' ) // close quote -> stop + { + state = FINISHED; + continue; + } + ret += ch; // else append... + continue; + case ESCAPE: + switch(ch) + { + case '\\': + ret += ch; + state = READING; + continue; + case '"': + ret += ch; + state = READING; + continue; + case '0': + ret += '\0'; + state = READING; + continue; + default: // unrecognized escape is not mapped + ret += '\\'; + ret += ch; + state = READING; + continue; + } + } + } + if( state != FINISHED ) + throw IOException("badly formatted string: "+ret); + + return ret; +} + +/* Read a ([A-Z][0-9][a-z]_)* kindoff thing. Skips leading whitespace. + * @param in the istream to read from. + */ +ANTLR_USE_NAMESPACE(std)string read_identifier( ANTLR_USE_NAMESPACE(std)istream& in ) +{ + char ch; + ANTLR_USE_NAMESPACE(std)string ret(""); + + eatwhite(in); + + while( in.get(ch) ) + { +#ifdef ANTLR_CCTYPE_NEEDS_STD + if( ANTLR_USE_NAMESPACE(std)isupper(ch) || + ANTLR_USE_NAMESPACE(std)islower(ch) || + ANTLR_USE_NAMESPACE(std)isdigit(ch) || + ch == '_' ) +#else + if( isupper(ch) || islower(ch) || isdigit(ch) || ch == '_' ) +#endif + ret += ch; + else + { + in.putback(ch); + break; + } + } + return ret; +} + +/** Read a attribute="value" thing. Leading whitespace is skipped. + * Between attribute and '=' no whitespace is allowed. After the '=' it is + * permitted. + * @param in the istream to read from. + * @param attribute string the attribute name is put in + * @param value string the value of the attribute is put in + * @throws IOException if something is fishy. E.g. malformed quoting + * or missing '=' + */ +void read_AttributeNValue( ANTLR_USE_NAMESPACE(std)istream& in, + ANTLR_USE_NAMESPACE(std)string& attribute, + ANTLR_USE_NAMESPACE(std)string& value ) +{ + attribute = read_identifier(in); + + char ch; + if( in.get(ch) && ch == '=' ) + value = read_string(in); + else + throw IOException("invalid attribute=value thing "+attribute); +} + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif diff --git a/src/antlr/ANTLRUtil.hpp b/src/antlr/ANTLRUtil.hpp new file mode 100644 index 000000000..7460a96f6 --- /dev/null +++ b/src/antlr/ANTLRUtil.hpp @@ -0,0 +1,53 @@ +#ifndef INC_ANTLRUtil_hpp__ +#define INC_ANTLRUtil_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: ANTLRUtil.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +/** Eat whitespace from the input stream + * @param is the stream to read from + */ +ANTLR_USE_NAMESPACE(std)istream& eatwhite( ANTLR_USE_NAMESPACE(std)istream& is ); + +/** Read a string enclosed by '"' from a stream. Also handles escaping of \". + * Skips leading whitespace. + * @param in the istream to read from. + * @returns the string read from file exclusive the '"' + * @throws ios_base::failure if string is badly formatted + */ +ANTLR_USE_NAMESPACE(std)string read_string( ANTLR_USE_NAMESPACE(std)istream& in ); + +/* Read a ([A-Z][0-9][a-z]_)* kindoff thing. Skips leading whitespace. + * @param in the istream to read from. + */ +ANTLR_USE_NAMESPACE(std)string read_identifier( ANTLR_USE_NAMESPACE(std)istream& in ); + +/** Read a attribute="value" thing. Leading whitespace is skipped. + * Between attribute and '=' no whitespace is allowed. After the '=' it is + * permitted. + * @param in the istream to read from. + * @param attribute string the attribute name is put in + * @param value string the value of the attribute is put in + * @throws ios_base::failure if something is fishy. E.g. malformed quoting + * or missing '=' + */ +void read_AttributeNValue( ANTLR_USE_NAMESPACE(std)istream& in, + ANTLR_USE_NAMESPACE(std)string& attribute, + ANTLR_USE_NAMESPACE(std)string& value ); + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif diff --git a/src/antlr/AST.hpp b/src/antlr/AST.hpp new file mode 100644 index 000000000..b1232f395 --- /dev/null +++ b/src/antlr/AST.hpp @@ -0,0 +1,166 @@ +#ifndef INC_AST_hpp__ +#define INC_AST_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: AST.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include +#include +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +struct ASTRef; + +class ANTLR_API AST { +public: + AST() : ref(0) {} + AST(const AST&) : ref(0) {} + virtual ~AST() {} + + /// Return the type name for this AST node. (for XML output) + virtual const char* typeName( void ) const = 0; + /// Clone this AST node. + virtual RefAST clone( void ) const = 0; + /// Is node t equal to this in terms of token type and text? + virtual bool equals(RefAST t) const = 0; + /** Is t an exact structural and equals() match of this tree. The + * 'this' reference is considered the start of a sibling list. + */ + virtual bool equalsList(RefAST t) const = 0; + + /** Is 't' a subtree of this list? The siblings of the root are NOT ignored. + */ + virtual bool equalsListPartial(RefAST t) const = 0; + /** Is tree rooted at 'this' equal to 't'? The siblings of 'this' are + * ignored. + */ + virtual bool equalsTree(RefAST t) const = 0; + /** Is 't' a subtree of the tree rooted at 'this'? The siblings of + * 'this' are ignored. + */ + virtual bool equalsTreePartial(RefAST t) const = 0; + + /** Walk the tree looking for all exact subtree matches. Return + * a vector of RefAST that lets the caller walk the list + * of subtree roots found herein. + */ + virtual ANTLR_USE_NAMESPACE(std)vector findAll(RefAST t) = 0; + + /** Walk the tree looking for all subtrees. Return + * a vector of RefAST that lets the caller walk the list + * of subtree roots found herein. + */ + virtual ANTLR_USE_NAMESPACE(std)vector findAllPartial(RefAST t) = 0; + + /// Add a node to the end of the child list for this node + virtual void addChild(RefAST c) = 0; + /// Get the number of children. Returns 0 if the node is a leaf + virtual size_t getNumberOfChildren() const = 0; + + /// Get the first child of this node; null if no children + virtual RefAST getFirstChild() const = 0; + /// Get the next sibling in line after this one + virtual RefAST getNextSibling() const = 0; + + /// Get the token text for this node + virtual ANTLR_USE_NAMESPACE(std)string getText() const = 0; + /// Get the token type for this node + virtual int getType() const = 0; + + /** Various initialization routines. Used by several factories to initialize + * an AST element. + */ + virtual void initialize(int t, const ANTLR_USE_NAMESPACE(std)string& txt) = 0; + virtual void initialize(RefAST t) = 0; + virtual void initialize(RefToken t) = 0; + +#ifdef ANTLR_SUPPORT_XML + /** initialize this node from the contents of a stream. + * @param in the stream to read the AST attributes from. + */ + virtual void initialize( ANTLR_USE_NAMESPACE(std)istream& in ) = 0; +#endif + + /// Set the first child of a node. + virtual void setFirstChild(RefAST c) = 0; + /// Set the next sibling after this one. + virtual void setNextSibling(RefAST n) = 0; + + /// Set the token text for this node + virtual void setText(const ANTLR_USE_NAMESPACE(std)string& txt) = 0; + /// Set the token type for this node + virtual void setType(int type) = 0; + + /// Return this AST node as a string + virtual ANTLR_USE_NAMESPACE(std)string toString() const = 0; + + /// Print out a child-sibling tree in LISP notation + virtual ANTLR_USE_NAMESPACE(std)string toStringList() const = 0; + virtual ANTLR_USE_NAMESPACE(std)string toStringTree() const = 0; + +#ifdef ANTLR_SUPPORT_XML + /** get attributes of this node to 'out'. Override to customize XML + * output. + * @param out the stream to write the AST attributes to. + * @returns if a explicit closetag should be written + */ + virtual bool attributesToStream( ANTLR_USE_NAMESPACE(std)ostream& out ) const = 0; + + /** Print a symbol over ostream. Overload this one to customize the XML + * output for AST derived AST-types + * @param output stream + */ + virtual void toStream( ANTLR_USE_NAMESPACE(std)ostream &out ) const = 0; + + /** Dump AST contents in XML format to output stream. + * Works in conjunction with to_stream method. Overload that one is + * derived classes to customize behaviour. + * @param output stream to write to string to put the stuff in. + * @param ast RefAST object to write. + */ + friend ANTLR_USE_NAMESPACE(std)ostream& operator<<( ANTLR_USE_NAMESPACE(std)ostream& output, const RefAST& ast ); +#endif + +private: + friend struct ASTRef; + ASTRef* ref; + + AST(RefAST other); + AST& operator=(const AST& other); + AST& operator=(RefAST other); +}; + +#ifdef ANTLR_SUPPORT_XML +inline ANTLR_USE_NAMESPACE(std)ostream& operator<<( ANTLR_USE_NAMESPACE(std)ostream& output, const RefAST& ast ) +{ + ast->toStream(output); + return output; +} +#endif + +extern ANTLR_API RefAST nullAST; +extern ANTLR_API AST* const nullASTptr; + +#ifdef NEEDS_OPERATOR_LESS_THAN +// RK: apparently needed by MSVC and a SUN CC, up to and including +// 2.7.2 this was undefined ? +inline bool operator<( RefAST l, RefAST r ) +{ + return nullAST == l ? ( nullAST == r ? false : true ) : l->getType() < r->getType(); +} +#endif + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_AST_hpp__ diff --git a/src/antlr/ASTArray.hpp b/src/antlr/ASTArray.hpp new file mode 100644 index 000000000..237087ab6 --- /dev/null +++ b/src/antlr/ASTArray.hpp @@ -0,0 +1,45 @@ +#ifndef INC_ASTArray_hpp__ +#define INC_ASTArray_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: ASTArray.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +/** ASTArray is a class that allows ANTLR to + * generate code that can create and initialize an array + * in one expression, like: + * (new ASTArray(3))->add(x)->add(y)->add(z) + */ +class ANTLR_API ASTArray { +public: + int size; // = 0; + ANTLR_USE_NAMESPACE(std)vector array; + + ASTArray(int capacity) + : size(0) + , array(capacity) + { + } + + ASTArray* add(RefAST node) + { + array[size++] = node; + return this; + } +}; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_ASTArray_hpp__ diff --git a/src/antlr/ASTFactory.cpp b/src/antlr/ASTFactory.cpp new file mode 100644 index 000000000..387f341ee --- /dev/null +++ b/src/antlr/ASTFactory.cpp @@ -0,0 +1,504 @@ +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: ASTFactory.cpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include "antlr/CommonAST.hpp" +#include "antlr/ANTLRException.hpp" +#include "antlr/IOException.hpp" +#include "antlr/ASTFactory.hpp" +#include "antlr/ANTLRUtil.hpp" + +#include +#include + +using namespace std; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +/** AST Support code shared by TreeParser and Parser. + * We use delegation to share code (and have only one + * bit of code to maintain) rather than subclassing + * or superclassing (forces AST support code to be + * loaded even when you don't want to do AST stuff). + * + * This class collects all factories of AST types used inside the code. + * New AST node types are registered with the registerFactory method. + * On creation of an ASTFactory object a default AST node factory may be + * specified. + * + * When registering types gaps between different types are filled with entries + * for the default factory. + */ + +/// Initialize factory +ASTFactory::ASTFactory() +: default_factory_descriptor(ANTLR_USE_NAMESPACE(std)make_pair(CommonAST::TYPE_NAME,&CommonAST::factory)) +{ + nodeFactories.resize( Token::MIN_USER_TYPE, &default_factory_descriptor ); +} + +/** Initialize factory with a non default node type. + * factory_node_name should be the name of the AST node type the factory + * generates. (should exist during the existance of this ASTFactory instance) + */ +ASTFactory::ASTFactory( const char* factory_node_name, factory_type fact ) +: default_factory_descriptor(ANTLR_USE_NAMESPACE(std)make_pair(factory_node_name, fact)) +{ + nodeFactories.resize( Token::MIN_USER_TYPE, &default_factory_descriptor ); +} + +/// Delete ASTFactory +ASTFactory::~ASTFactory() +{ + factory_descriptor_list::iterator i = nodeFactories.begin(); + + while( i != nodeFactories.end() ) + { + if( *i != &default_factory_descriptor ) + delete *i; + i++; + } +} + +/// Register a factory for a given AST type +void ASTFactory::registerFactory( int type, const char* ast_name, factory_type factory ) +{ + // check validity of arguments... + if( type < Token::MIN_USER_TYPE ) + throw ANTLRException("Internal parser error invalid type passed to RegisterFactory"); + if( factory == 0 ) + throw ANTLRException("Internal parser error 0 factory passed to RegisterFactory"); + + // resize up to and including 'type' and initalize any gaps to default + // factory. + if( nodeFactories.size() < (static_cast(type)+1) ) + nodeFactories.resize( type+1, &default_factory_descriptor ); + + // And add new thing.. + nodeFactories[type] = new ANTLR_USE_NAMESPACE(std)pair( ast_name, factory ); +} + +void ASTFactory::setMaxNodeType( int type ) +{ + if( nodeFactories.size() < (static_cast(type)+1) ) + nodeFactories.resize( type+1, &default_factory_descriptor ); +} + +/** Create a new empty AST node; if the user did not specify + * an AST node type, then create a default one: CommonAST. + */ +RefAST ASTFactory::create() +{ + RefAST node = nodeFactories[0]->second(); + node->setType(Token::INVALID_TYPE); + return node; +} + +RefAST ASTFactory::create(int type) +{ + RefAST t = nodeFactories[type]->second(); + t->initialize(type,""); + return t; +} + +RefAST ASTFactory::create(int type, const ANTLR_USE_NAMESPACE(std)string& txt) +{ + RefAST t = nodeFactories[type]->second(); + t->initialize(type,txt); + return t; +} + +#ifdef ANTLR_SUPPORT_XML +RefAST ASTFactory::create(const ANTLR_USE_NAMESPACE(std)string& type_name, ANTLR_USE_NAMESPACE(std)istream& infile ) +{ + factory_descriptor_list::iterator fact = nodeFactories.begin(); + + while( fact != nodeFactories.end() ) + { + if( type_name == (*fact)->first ) + { + RefAST t = (*fact)->second(); + t->initialize(infile); + return t; + } + fact++; + } + + string error = "ASTFactory::create: Unknown AST type '" + type_name + "'"; + throw ANTLRException(error); +} +#endif + +/** Create a new empty AST node; if the user did not specify + * an AST node type, then create a default one: CommonAST. + */ +RefAST ASTFactory::create(RefAST tr) +{ + if (!tr) + return nullAST; + +// cout << "create(tr)" << endl; + + RefAST t = nodeFactories[tr->getType()]->second(); + t->initialize(tr); + return t; +} + +RefAST ASTFactory::create(RefToken tok) +{ +// cout << "create( tok="<< tok->getType() << ", " << tok->getText() << ")" << nodeFactories.size() << endl; + RefAST t = nodeFactories[tok->getType()]->second(); + t->initialize(tok); + return t; +} + +/** Add a child to the current AST */ +void ASTFactory::addASTChild(ASTPair& currentAST, RefAST child) +{ + if (child) + { + if (!currentAST.root) + { + // Make new child the current root + currentAST.root = child; + } + else + { + if (!currentAST.child) + { + // Add new child to current root + currentAST.root->setFirstChild(child); + } + else + { + currentAST.child->setNextSibling(child); + } + } + // Make new child the current child + currentAST.child = child; + currentAST.advanceChildToEnd(); + } +} + +/** Deep copy a single node. This function the new clone() methods in the AST + * interface. Returns nullAST if t is null. + */ +RefAST ASTFactory::dup(RefAST t) +{ + if( t ) + return t->clone(); + else + return RefAST(nullASTptr); +} + +/** Duplicate tree including siblings of root. */ +RefAST ASTFactory::dupList(RefAST t) +{ + RefAST result = dupTree(t); // if t == null, then result==null + RefAST nt = result; + + while( t ) + { // for each sibling of the root + t = t->getNextSibling(); + nt->setNextSibling(dupTree(t)); // dup each subtree, building new tree + nt = nt->getNextSibling(); + } + return result; +} + +/** Duplicate a tree, assuming this is a root node of a tree + * duplicate that node and what's below; ignore siblings of root node. + */ +RefAST ASTFactory::dupTree(RefAST t) +{ + RefAST result = dup(t); // make copy of root + // copy all children of root. + if( t ) + result->setFirstChild( dupList(t->getFirstChild()) ); + return result; +} + +/** Make a tree from a list of nodes. The first element in the + * array is the root. If the root is null, then the tree is + * a simple list not a tree. Handles null children nodes correctly. + * For example, make(a, b, null, c) yields tree (a b c). make(null,a,b) + * yields tree (nil a b). + */ +RefAST ASTFactory::make(ANTLR_USE_NAMESPACE(std)vector& nodes) +{ + if ( nodes.size() == 0 ) + return RefAST(nullASTptr); + + RefAST root = nodes[0]; + RefAST tail = RefAST(nullASTptr); + + if( root ) + root->setFirstChild(RefAST(nullASTptr)); // don't leave any old pointers set + + // link in children; + for( unsigned int i = 1; i < nodes.size(); i++ ) + { + if ( nodes[i] == 0 ) // ignore null nodes + continue; + + if ( root == 0 ) // Set the root and set it up for a flat list + root = tail = nodes[i]; + else if ( tail == 0 ) + { + root->setFirstChild(nodes[i]); + tail = root->getFirstChild(); + } + else + { + tail->setNextSibling(nodes[i]); + tail = tail->getNextSibling(); + } + + if( tail ) // RK: I cannot fathom why this missing check didn't bite anyone else... + { + // Chase tail to last sibling + while (tail->getNextSibling()) + tail = tail->getNextSibling(); + } + } + + return root; +} + +/** Make a tree from a list of nodes, where the nodes are contained + * in an ASTArray object + */ +RefAST ASTFactory::make(ASTArray* nodes) +{ + RefAST ret = make(nodes->array); + delete nodes; + return ret; +} + +/// Make an AST the root of current AST +void ASTFactory::makeASTRoot( ASTPair& currentAST, RefAST root ) +{ + if (root) + { + // Add the current root as a child of new root + root->addChild(currentAST.root); + // The new current child is the last sibling of the old root + currentAST.child = currentAST.root; + currentAST.advanceChildToEnd(); + // Set the new root + currentAST.root = root; + } +} + +void ASTFactory::setASTNodeFactory( const char* factory_node_name, + factory_type factory ) +{ + default_factory_descriptor.first = factory_node_name; + default_factory_descriptor.second = factory; +} + +#ifdef ANTLR_SUPPORT_XML +bool ASTFactory::checkCloseTag( ANTLR_USE_NAMESPACE(std)istream& in ) +{ + char ch; + + if( in.get(ch) ) + { + if( ch == '<' ) + { + char ch2; + if( in.get(ch2) ) + { + if( ch2 == '/' ) + { + in.putback(ch2); + in.putback(ch); + return true; + } + in.putback(ch2); + in.putback(ch); + return false; + } + } + in.putback(ch); + return false; + } + return false; +} + +void ASTFactory::loadChildren( ANTLR_USE_NAMESPACE(std)istream& infile, + RefAST current ) +{ + char ch; + + for(;;) // for all children of this node.... + { + eatwhite(infile); + + infile.get(ch); // '<' + if( ch != '<' ) + { + string error = "Invalid XML file... no '<' found ("; + error += ch + ")"; + throw IOException(error); + } + + infile.get(ch); // / or text.... + + if( ch == '/' ) // check for close tag... + { + string temp; + + // read until '>' and see if it matches the open tag... if not trouble + temp = read_identifier( infile ); + + if( strcmp(temp.c_str(), current->typeName() ) != 0 ) + { + string error = "Invalid XML file... close tag does not match start tag: "; + error += current->typeName(); + error += " closed by " + temp; + throw IOException(error); + } + + infile.get(ch); // must be a '>' + + if( ch != '>' ) + { + string error = "Invalid XML file... no '>' found ("; + error += ch + ")"; + throw IOException(error); + } + // close tag => exit loop + break; + } + + // put our 'look ahead' back where it came from + infile.putback(ch); + infile.putback('<'); + + // and recurse into the tree... + RefAST child = LoadAST(infile); + + current->addChild( child ); + } +} + +void ASTFactory::loadSiblings(ANTLR_USE_NAMESPACE(std)istream& infile, + RefAST current ) +{ + for(;;) + { + eatwhite(infile); + + if( infile.eof() ) + break; + + if( checkCloseTag(infile) ) + break; + + RefAST sibling = LoadAST(infile); + current->setNextSibling(sibling); + } +} + +RefAST ASTFactory::LoadAST( ANTLR_USE_NAMESPACE(std)istream& infile ) +{ + RefAST current = nullAST; + char ch; + + eatwhite(infile); + + if( !infile.get(ch) ) + return nullAST; + + if( ch != '<' ) + { + string error = "Invalid XML file... no '<' found ("; + error += ch + ")"; + throw IOException(error); + } + + string ast_type = read_identifier(infile); + + // create the ast of type 'ast_type' + current = create( ast_type, infile ); + if( current == nullAST ) + { + string error = "Unsuported AST type: " + ast_type; + throw IOException(error); + } + + eatwhite(infile); + + infile.get(ch); + + // now if we have a '/' here it's a single node. If it's a '>' we get + // a tree with children + + if( ch == '/' ) + { + infile.get(ch); // get the closing '>' + if( ch != '>' ) + { + string error = "Invalid XML file... no '>' found after '/' ("; + error += ch + ")"; + throw IOException(error); + } + + // get the rest on this level + loadSiblings( infile, current ); + + return current; + } + + // and finaly see if we got the close tag... + if( ch != '>' ) + { + string error = "Invalid XML file... no '>' found ("; + error += ch + ")"; + throw IOException(error); + } + + // handle the ones below this level.. + loadChildren( infile, current ); + + // load the rest on this level... + loadSiblings( infile, current ); + + return current; +} +#endif // ANTLR_SUPPORT_XML + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +/* Heterogeneous AST/XML-I/O ramblings... + * + * So there is some heterogeneous AST support.... + * basically in the code generators a new custom ast is generated without + * going throug the factory. It also expects the RefXAST to be defined. + * + * Is it maybe better to register all AST types with the ASTFactory class + * together with the respective factory methods. + * + * More and more I get the impression that hetero ast was a kindoff hack + * on top of ANTLR's normal AST system. + * + * The heteroast stuff will generate trouble for all astFactory.create( ... ) + * invocations. Most of this is handled via getASTCreateString methods in the + * codegenerator. At the moment getASTCreateString(GrammarAtom, String) has + * slightly to little info to do it's job (ok the hack that is in now + * works, but it's an ugly hack) + * + * An extra caveat is the 'nice' action.g thing. Which also judiciously calls + * getASTCreateString methods because it handles the #( ... ) syntax. + * And converts that to ASTFactory calls. + * + * + */ diff --git a/src/antlr/ASTFactory.hpp b/src/antlr/ASTFactory.hpp new file mode 100644 index 000000000..36d1a5bd1 --- /dev/null +++ b/src/antlr/ASTFactory.hpp @@ -0,0 +1,165 @@ +#ifndef INC_ASTFactory_hpp__ +#define INC_ASTFactory_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: ASTFactory.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include +#include +#include + +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +// Using these extra types to appease MSVC +typedef RefAST (*factory_type_)(); +typedef ANTLR_USE_NAMESPACE(std)pair< const char*, factory_type_ > factory_descriptor_; +typedef ANTLR_USE_NAMESPACE(std)vector< factory_descriptor_* > factory_descriptor_list_; + +/** AST Super Factory shared by TreeParser and Parser. + * This super factory maintains a map of all AST node types to their respective + * AST factories. One instance should be shared among a parser/treeparser + * chain. + * + * @todo check all this code for possible use of references in + * stead of RefAST's. + */ +class ANTLR_API ASTFactory { +public: + typedef factory_type_ factory_type; + typedef factory_descriptor_ factory_descriptor; + typedef factory_descriptor_list_ factory_descriptor_list; +protected: + /* The mapping of AST node type to factory.. + */ + factory_descriptor default_factory_descriptor; + factory_descriptor_list nodeFactories; +public: + /// Make new factory. Per default (Ref)CommonAST instances are generated. + ASTFactory(); + /** Initialize factory with a non default node type. + * factory_node_name should be the name of the AST node type the factory + * generates. (should exist during the existance of this ASTFactory + * instance) + */ + ASTFactory( const char* factory_node_name, factory_type factory ); + /// Destroy factory + virtual ~ASTFactory(); + + /// Register a node factory for the node type type with name ast_name + void registerFactory( int type, const char* ast_name, factory_type factory ); + /// Set the maximum node (AST) type this factory may encounter + void setMaxNodeType( int type ); + + /// Add a child to the current AST + void addASTChild(ASTPair& currentAST, RefAST child); + /// Create new empty AST node. The right default type shou + virtual RefAST create(); + /// Create AST node of the right type for 'type' + RefAST create(int type); + /// Create AST node of the right type for 'type' and initialize with txt + RefAST create(int type, const ANTLR_USE_NAMESPACE(std)string& txt); + /// Create duplicate of tr + RefAST create(RefAST tr); + /// Create new AST node and initialize contents from a token. + RefAST create(RefToken tok); + /// Create new AST node and initialize contents from a stream. + RefAST create(const ANTLR_USE_NAMESPACE(std)string& txt, ANTLR_USE_NAMESPACE(std)istream& infile ); + /** Deep copy a single node. This function the new clone() methods in the + * AST interface. Returns a new RefAST(nullASTptr) if t is null. + */ + RefAST dup(RefAST t); + /// Duplicate tree including siblings of root. + RefAST dupList(RefAST t); + /** Duplicate a tree, assuming this is a root node of a tree-- + * duplicate that node and what's below; ignore siblings of root node. + */ + RefAST dupTree(RefAST t); + /** Make a tree from a list of nodes. The first element in the + * array is the root. If the root is null, then the tree is + * a simple list not a tree. Handles null children nodes correctly. + * For example, make(a, b, null, c) yields tree (a b c). make(null,a,b) + * yields tree (nil a b). + */ + RefAST make(ANTLR_USE_NAMESPACE(std)vector& nodes); + /** Make a tree from a list of nodes, where the nodes are contained + * in an ASTArray object. The ASTArray is deleted after use. + * @todo FIXME! I have a feeling we can get rid of this ugly ASTArray thing + */ + RefAST make(ASTArray* nodes); + /// Make an AST the root of current AST + void makeASTRoot(ASTPair& currentAST, RefAST root); + + /** Set a new default AST type. + * factory_node_name should be the name of the AST node type the factory + * generates. (should exist during the existance of this ASTFactory + * instance). + * Only change factory between parser runs. You might get unexpected results + * otherwise. + */ + void setASTNodeFactory( const char* factory_node_name, factory_type factory ); + +#ifdef ANTLR_SUPPORT_XML + /** Load a XML AST from stream. Make sure you have all the factories + * registered before use. + * @note this 'XML' stuff is quite rough still. YMMV. + */ + RefAST LoadAST( ANTLR_USE_NAMESPACE(std)istream& infile ); +#endif +protected: + void loadChildren( ANTLR_USE_NAMESPACE(std)istream& infile, RefAST current ); + void loadSiblings( ANTLR_USE_NAMESPACE(std)istream& infile, RefAST current ); + bool checkCloseTag( ANTLR_USE_NAMESPACE(std)istream& infile ); + +#ifdef ANTLR_VECTOR_HAS_AT + /// construct a node of 'type' + inline RefAST getNodeOfType( unsigned int type ) + { + return RefAST(nodeFactories.at(type)->second()); + } + /// get the name of the node 'type' + const char* getASTNodeType( unsigned int type ) + { + return nodeFactories.at(type)->first; + } + /// get the factory used for node 'type' + factory_type getASTNodeFactory( unsigned int type ) + { + return nodeFactories.at(type)->second; + } +#else + inline RefAST getNodeOfType( unsigned int type ) + { + return RefAST(nodeFactories[type]->second()); + } + /// get the name of the node 'type' + const char* getASTNodeType( unsigned int type ) + { + return nodeFactories[type]->first; + } + factory_type getASTNodeFactory( unsigned int type ) + { + return nodeFactories[type]->second; + } +#endif + +private: + // no copying and such.. + ASTFactory( const ASTFactory& ); + ASTFactory& operator=( const ASTFactory& ); +}; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_ASTFactory_hpp__ diff --git a/src/antlr/ASTNULLType.cpp b/src/antlr/ASTNULLType.cpp new file mode 100644 index 000000000..6247b45f5 --- /dev/null +++ b/src/antlr/ASTNULLType.cpp @@ -0,0 +1,157 @@ +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: ASTNULLType.cpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include "antlr/config.hpp" +#include "antlr/AST.hpp" +#include "antlr/ASTNULLType.hpp" + +#include + +ANTLR_USING_NAMESPACE(std) + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +RefAST ASTNULLType::clone( void ) const +{ + return RefAST(this); +} + +void ASTNULLType::addChild( RefAST ) +{ +} + +size_t ASTNULLType::getNumberOfChildren() const +{ + return 0; +} + +bool ASTNULLType::equals( RefAST ) const +{ + return false; +} + +bool ASTNULLType::equalsList( RefAST ) const +{ + return false; +} + +bool ASTNULLType::equalsListPartial( RefAST ) const +{ + return false; +} + +bool ASTNULLType::equalsTree( RefAST ) const +{ + return false; +} + +bool ASTNULLType::equalsTreePartial( RefAST ) const +{ + return false; +} + +vector ASTNULLType::findAll( RefAST ) +{ + return vector(); +} + +vector ASTNULLType::findAllPartial( RefAST ) +{ + return vector(); +} + +RefAST ASTNULLType::getFirstChild() const +{ + return this; +} + +RefAST ASTNULLType::getNextSibling() const +{ + return this; +} + +string ASTNULLType::getText() const +{ + return ""; +} + +int ASTNULLType::getType() const +{ + return Token::NULL_TREE_LOOKAHEAD; +} + +void ASTNULLType::initialize( int, const string& ) +{ +} + +void ASTNULLType::initialize( RefAST ) +{ +} + +void ASTNULLType::initialize( RefToken ) +{ +} + +#ifdef ANTLR_SUPPORT_XML +void ASTNULLType::initialize( istream& ) +{ +} +#endif + +void ASTNULLType::setFirstChild( RefAST ) +{ +} + +void ASTNULLType::setNextSibling( RefAST ) +{ +} + +void ASTNULLType::setText( const string& ) +{ +} + +void ASTNULLType::setType( int ) +{ +} + +string ASTNULLType::toString() const +{ + return getText(); +} + +string ASTNULLType::toStringList() const +{ + return getText(); +} + +string ASTNULLType::toStringTree() const +{ + return getText(); +} + +#ifdef ANTLR_SUPPORT_XML +bool ASTNULLType::attributesToStream( ostream& ) const +{ + return false; +} + +void ASTNULLType::toStream( ostream& out ) const +{ + out << "" << endl; +} +#endif + +const char* ASTNULLType::typeName( void ) const +{ + return "ASTNULLType"; +} + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif diff --git a/src/antlr/ASTNULLType.hpp b/src/antlr/ASTNULLType.hpp new file mode 100644 index 000000000..720b93eb8 --- /dev/null +++ b/src/antlr/ASTNULLType.hpp @@ -0,0 +1,64 @@ +#ifndef INC_ASTNULLType_hpp__ +#define INC_ASTNULLType_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: ASTNULLType.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +/** There is only one instance of this class **/ +class ANTLR_API ASTNULLType : public AST { +public: + const char* typeName( void ) const; + RefAST clone( void ) const; + + void addChild(RefAST c); + size_t getNumberOfChildren() const; + void setFirstChild(RefAST c); + void setNextSibling(RefAST n); + + bool equals(RefAST t) const; + bool equalsList(RefAST t) const; + bool equalsListPartial(RefAST t) const; + bool equalsTree(RefAST t) const; + bool equalsTreePartial(RefAST t) const; + + ANTLR_USE_NAMESPACE(std)vector findAll(RefAST tree); + ANTLR_USE_NAMESPACE(std)vector findAllPartial(RefAST subtree); + + RefAST getFirstChild() const; + RefAST getNextSibling() const; + + ANTLR_USE_NAMESPACE(std)string getText() const; + int getType() const; + + void initialize(int t, const ANTLR_USE_NAMESPACE(std)string& txt); + void initialize(RefAST t); + void initialize(RefToken t); + void initialize(ANTLR_USE_NAMESPACE(std)istream& infile); + + void setText(const ANTLR_USE_NAMESPACE(std)string& text); + void setType(int ttype); + ANTLR_USE_NAMESPACE(std)string toString() const; + ANTLR_USE_NAMESPACE(std)string toStringList() const; + ANTLR_USE_NAMESPACE(std)string toStringTree() const; + + bool attributesToStream( ANTLR_USE_NAMESPACE(std)ostream &out ) const; + void toStream( ANTLR_USE_NAMESPACE(std)ostream &out ) const; +}; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_ASTNULLType_hpp__ diff --git a/src/antlr/ASTPair.hpp b/src/antlr/ASTPair.hpp new file mode 100644 index 000000000..d845b9b6d --- /dev/null +++ b/src/antlr/ASTPair.hpp @@ -0,0 +1,57 @@ +#ifndef INC_ASTPair_hpp__ +#define INC_ASTPair_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: ASTPair.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +/** ASTPair: utility class used for manipulating a pair of ASTs + * representing the current AST root and current AST sibling. + * This exists to compensate for the lack of pointers or 'var' + * arguments in Java. + * + * OK, so we can do those things in C++, but it seems easier + * to stick with the Java way for now. + */ +class ANTLR_API ASTPair { +public: + RefAST root; // current root of tree + RefAST child; // current child to which siblings are added + + /** Make sure that child is the last sibling */ + void advanceChildToEnd() { + if (child) { + while (child->getNextSibling()) { + child = child->getNextSibling(); + } + } + } +// /** Copy an ASTPair. Don't call it clone() because we want type-safety */ +// ASTPair copy() { +// ASTPair tmp = new ASTPair(); +// tmp.root = root; +// tmp.child = child; +// return tmp; +// } + ANTLR_USE_NAMESPACE(std)string toString() const { + ANTLR_USE_NAMESPACE(std)string r = !root ? ANTLR_USE_NAMESPACE(std)string("null") : root->getText(); + ANTLR_USE_NAMESPACE(std)string c = !child ? ANTLR_USE_NAMESPACE(std)string("null") : child->getText(); + return "["+r+","+c+"]"; + } +}; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_ASTPair_hpp__ diff --git a/src/antlr/ASTRefCount.cpp b/src/antlr/ASTRefCount.cpp new file mode 100644 index 000000000..b4971fb75 --- /dev/null +++ b/src/antlr/ASTRefCount.cpp @@ -0,0 +1,41 @@ +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: ASTRefCount.cpp 1361 2007-06-07 02:34:05Z vkurland $ + */ +#include "antlr/ASTRefCount.hpp" +#include "antlr/AST.hpp" + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +ASTRef::ASTRef(AST* p) +: ptr(p), count(1) +{ + if (p && !p->ref) + p->ref = this; +} + +ASTRef::~ASTRef() +{ + delete ptr; +} + +ASTRef* ASTRef::getRef(const AST* p) +{ + if (p) { + AST* pp = const_cast(p); + if (pp->ref) + return pp->ref->increment(); + else + return new ASTRef(pp); + } else + return 0; +} + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + diff --git a/src/antlr/ASTRefCount.hpp b/src/antlr/ASTRefCount.hpp new file mode 100644 index 000000000..1f030da59 --- /dev/null +++ b/src/antlr/ASTRefCount.hpp @@ -0,0 +1,98 @@ +#ifndef INC_ASTRefCount_hpp__ +# define INC_ASTRefCount_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: ASTRefCount.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +# include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + + class AST; + +struct ANTLR_API ASTRef +{ + AST* const ptr; + unsigned int count; + + ASTRef(AST* p); + ~ASTRef(); + ASTRef* increment() + { + ++count; + return this; + } + bool decrement() + { + return (--count==0); + } + + static ASTRef* getRef(const AST* p); +private: + ASTRef( const ASTRef& ); + ASTRef& operator=( const ASTRef& ); +}; + +template + class ANTLR_API ASTRefCount +{ +private: + ASTRef* ref; + +public: + ASTRefCount(const AST* p=0) + : ref(p ? ASTRef::getRef(p) : 0) + { + } + ASTRefCount(const ASTRefCount& other) + : ref(other.ref ? other.ref->increment() : 0) + { + } + ~ASTRefCount() + { + if (ref && ref->decrement()) + delete ref; + } + ASTRefCount& operator=(AST* other) + { + ASTRef* tmp = ASTRef::getRef(other); + + if (ref && ref->decrement()) + delete ref; + + ref=tmp; + + return *this; + } + ASTRefCount& operator=(const ASTRefCount& other) + { + if( other.ref != ref ) + { + ASTRef* tmp = other.ref ? other.ref->increment() : 0; + + if (ref && ref->decrement()) + delete ref; + + ref=tmp; + } + return *this; + } + + operator T* () const { return ref ? static_cast(ref->ptr) : 0; } + T* operator->() const { return ref ? static_cast(ref->ptr) : 0; } + T* get() const { return ref ? static_cast(ref->ptr) : 0; } +}; + +typedef ASTRefCount RefAST; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_ASTRefCount_hpp__ diff --git a/src/antlr/BaseAST.cpp b/src/antlr/BaseAST.cpp new file mode 100644 index 000000000..f25efa80e --- /dev/null +++ b/src/antlr/BaseAST.cpp @@ -0,0 +1,281 @@ +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: BaseAST.cpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include "antlr/config.hpp" + +#include + +#include "antlr/AST.hpp" +#include "antlr/BaseAST.hpp" + +ANTLR_USING_NAMESPACE(std) +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +size_t BaseAST::getNumberOfChildren() const +{ + RefBaseAST t = this->down; + size_t n = 0; + if( t ) + { + n = 1; + while( t->right ) + { + t = t->right; + n++; + } + return n; + } + return n; +} + +void BaseAST::doWorkForFindAll( + ANTLR_USE_NAMESPACE(std)vector& v, + RefAST target,bool partialMatch) +{ + // Start walking sibling lists, looking for matches. + for (RefAST sibling=this; + sibling; + sibling=sibling->getNextSibling()) + { + if ( (partialMatch && sibling->equalsTreePartial(target)) || + (!partialMatch && sibling->equalsTree(target)) ) { + v.push_back(sibling); + } + // regardless of match or not, check any children for matches + if ( sibling->getFirstChild() ) { + RefBaseAST(sibling->getFirstChild())->doWorkForFindAll(v, target, partialMatch); + } + } +} + +/** Is t an exact structural and equals() match of this tree. The + * 'this' reference is considered the start of a sibling list. + */ +bool BaseAST::equalsList(RefAST t) const +{ + // the empty tree is not a match of any non-null tree. + if (!t) + return false; + + // Otherwise, start walking sibling lists. First mismatch, return false. + RefAST sibling=this; + for (;sibling && t; + sibling=sibling->getNextSibling(), t=t->getNextSibling()) { + // as a quick optimization, check roots first. + if (!sibling->equals(t)) + return false; + // if roots match, do full list match test on children. + if (sibling->getFirstChild()) { + if (!sibling->getFirstChild()->equalsList(t->getFirstChild())) + return false; + } + // sibling has no kids, make sure t doesn't either + else if (t->getFirstChild()) + return false; + } + + if (!sibling && !t) + return true; + + // one sibling list has more than the other + return false; +} + +/** Is 'sub' a subtree of this list? + * The siblings of the root are NOT ignored. + */ +bool BaseAST::equalsListPartial(RefAST sub) const +{ + // the empty tree is always a subset of any tree. + if (!sub) + return true; + + // Otherwise, start walking sibling lists. First mismatch, return false. + RefAST sibling=this; + for (;sibling && sub; + sibling=sibling->getNextSibling(), sub=sub->getNextSibling()) { + // as a quick optimization, check roots first. + if (!sibling->equals(sub)) + return false; + // if roots match, do partial list match test on children. + if (sibling->getFirstChild()) + if (!sibling->getFirstChild()->equalsListPartial(sub->getFirstChild())) + return false; + } + + if (!sibling && sub) + // nothing left to match in this tree, but subtree has more + return false; + + // either both are null or sibling has more, but subtree doesn't + return true; +} + +/** Is tree rooted at 'this' equal to 't'? The siblings + * of 'this' are ignored. + */ +bool BaseAST::equalsTree(RefAST t) const +{ + // check roots first + if (!equals(t)) + return false; + // if roots match, do full list match test on children. + if (getFirstChild()) { + if (!getFirstChild()->equalsList(t->getFirstChild())) + return false; + } + // sibling has no kids, make sure t doesn't either + else if (t->getFirstChild()) + return false; + + return true; +} + +/** Is 'sub' a subtree of the tree rooted at 'this'? The siblings + * of 'this' are ignored. + */ +bool BaseAST::equalsTreePartial(RefAST sub) const +{ + // the empty tree is always a subset of any tree. + if (!sub) + return true; + + // check roots first + if (!equals(sub)) + return false; + // if roots match, do full list partial match test on children. + if (getFirstChild()) + if (!getFirstChild()->equalsListPartial(sub->getFirstChild())) + return false; + + return true; +} + +/** Walk the tree looking for all exact subtree matches. Return + * an ASTEnumerator that lets the caller walk the list + * of subtree roots found herein. + */ +ANTLR_USE_NAMESPACE(std)vector BaseAST::findAll(RefAST target) +{ + ANTLR_USE_NAMESPACE(std)vector roots; + + // the empty tree cannot result in an enumeration + if (target) { + doWorkForFindAll(roots,target,false); // find all matches recursively + } + + return roots; +} + +/** Walk the tree looking for all subtrees. Return + * an ASTEnumerator that lets the caller walk the list + * of subtree roots found herein. + */ +ANTLR_USE_NAMESPACE(std)vector BaseAST::findAllPartial(RefAST target) +{ + ANTLR_USE_NAMESPACE(std)vector roots; + + // the empty tree cannot result in an enumeration + if (target) + doWorkForFindAll(roots,target,true); // find all matches recursively + + return roots; +} + +ANTLR_USE_NAMESPACE(std)string BaseAST::toStringList() const +{ + ANTLR_USE_NAMESPACE(std)string ts=""; + + if (getFirstChild()) + { + ts+=" ( "; + ts+=toString(); + ts+=getFirstChild()->toStringList(); + ts+=" )"; + } + else + { + ts+=" "; + ts+=toString(); + } + + if (getNextSibling()) + ts+=getNextSibling()->toStringList(); + + return ts; +} + +ANTLR_USE_NAMESPACE(std)string BaseAST::toStringTree() const +{ + ANTLR_USE_NAMESPACE(std)string ts = ""; + + if (getFirstChild()) + { + ts+=" ( "; + ts+=toString(); + ts+=getFirstChild()->toStringList(); + ts+=" )"; + } + else + { + ts+=" "; + ts+=toString(); + } + return ts; +} + +#ifdef ANTLR_SUPPORT_XML +/* This whole XML output stuff needs a little bit more thought + * I'd like to store extra XML data in the node. e.g. for custom ast's + * with for instance symboltable references. This + * should be more pluggable.. + * @returns boolean value indicating wether a closetag should be produced. + */ +bool BaseAST::attributesToStream( ANTLR_USE_NAMESPACE(std)ostream& out ) const +{ + out << "text=\"" << this->getText() + << "\" type=\"" << this->getType() << "\""; + + return false; +} + +void BaseAST::toStream( ANTLR_USE_NAMESPACE(std)ostream& out ) const +{ + for( RefAST node = this; node != 0; node = node->getNextSibling() ) + { + out << "<" << this->typeName() << " "; + + // Write out attributes and if there is extra data... + bool need_close_tag = node->attributesToStream( out ); + + if( need_close_tag ) + { + // got children so write them... + if( node->getFirstChild() != 0 ) + node->getFirstChild()->toStream( out ); + + // and a closing tag.. + out << "typeName() << ">" << endl; + } + } +} +#endif + +// this is nasty, but it makes the code generation easier +ANTLR_API RefAST nullAST; + +#if defined(_MSC_VER) && !defined(__ICL) // Microsoft Visual C++ +extern ANTLR_API AST* const nullASTptr = 0; +#else +ANTLR_API AST* const nullASTptr = 0; +#endif + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif diff --git a/src/antlr/BaseAST.hpp b/src/antlr/BaseAST.hpp new file mode 100644 index 000000000..665001364 --- /dev/null +++ b/src/antlr/BaseAST.hpp @@ -0,0 +1,193 @@ +#ifndef INC_BaseAST_hpp__ +#define INC_BaseAST_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: BaseAST.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include + +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +class ANTLR_API BaseAST; +typedef ASTRefCount RefBaseAST; + +class ANTLR_API BaseAST : public AST { +public: + BaseAST() : AST() + { + } + BaseAST(const BaseAST& other) + : AST(other) + { + } + virtual ~BaseAST() + { + } + + /// Return the class name + virtual const char* typeName( void ) const = 0; + + /// Clone this AST node. + virtual RefAST clone( void ) const = 0; + + /// Is node t equal to this in terms of token type and text? + virtual bool equals(RefAST t) const; + + /** Is t an exact structural and equals() match of this tree. The + * 'this' reference is considered the start of a sibling list. + */ + virtual bool equalsList(RefAST t) const; + + /** Is 't' a subtree of this list? The siblings of the root are NOT ignored. + */ + virtual bool equalsListPartial(RefAST t) const; + + /** Is tree rooted at 'this' equal to 't'? The siblings of 'this' are + * ignored. + */ + virtual bool equalsTree(RefAST t) const; + + /** Is 't' a subtree of the tree rooted at 'this'? The siblings of + * 'this' are ignored. + */ + virtual bool equalsTreePartial(RefAST t) const; + + /** Walk the tree looking for all exact subtree matches. Return + * an ASTEnumerator that lets the caller walk the list + * of subtree roots found herein. + */ + virtual ANTLR_USE_NAMESPACE(std)vector findAll(RefAST t); + + /** Walk the tree looking for all subtrees. Return + * an ASTEnumerator that lets the caller walk the list + * of subtree roots found herein. + */ + virtual ANTLR_USE_NAMESPACE(std)vector findAllPartial(RefAST t); + + /// Add a node to the end of the child list for this node + virtual void addChild(RefAST c) + { + if( !c ) + return; + + RefBaseAST tmp = down; + + if (tmp) + { + while (tmp->right) + tmp = tmp->right; + tmp->right = c; + } + else + down = c; + } + + /** Get the number of child nodes of this node (shallow e.g. not of the + * whole tree it spans). + */ + virtual size_t getNumberOfChildren() const; + + /// Get the first child of this node; null if no children + virtual RefAST getFirstChild() const + { + return RefAST(down); + } + /// Get the next sibling in line after this one + virtual RefAST getNextSibling() const + { + return RefAST(right); + } + + /// Get the token text for this node + virtual ANTLR_USE_NAMESPACE(std)string getText() const + { + return ""; + } + /// Get the token type for this node + virtual int getType() const + { + return 0; + } + + /// Remove all children + virtual void removeChildren() + { + down = static_cast(static_cast(nullAST)); + } + + /// Set the first child of a node. + virtual void setFirstChild(RefAST c) + { + down = static_cast(static_cast(c)); + } + + /// Set the next sibling after this one. + virtual void setNextSibling(RefAST n) + { + right = static_cast(static_cast(n)); + } + + /// Set the token text for this node + virtual void setText(const ANTLR_USE_NAMESPACE(std)string& txt) + { + } + + /// Set the token type for this node + virtual void setType(int type) + { + } + +#ifdef ANTLR_SUPPORT_XML + /** print attributes of this node to 'out'. Override to customize XML + * output. + * @param out the stream to write the AST attributes to. + */ + virtual bool attributesToStream( ANTLR_USE_NAMESPACE(std)ostream& out ) const; + /** Write this subtree to a stream. Overload this one to customize the XML + * output for AST derived AST-types + * @param output stream + */ + virtual void toStream( ANTLR_USE_NAMESPACE(std)ostream &out ) const; +#endif + + /// Return string representation for the AST + virtual ANTLR_USE_NAMESPACE(std)string toString() const + { + return getText(); + } + + /// Print out a child sibling tree in LISP notation + virtual ANTLR_USE_NAMESPACE(std)string toStringList() const; + virtual ANTLR_USE_NAMESPACE(std)string toStringTree() const; +protected: + RefBaseAST down; + RefBaseAST right; +private: + void doWorkForFindAll(ANTLR_USE_NAMESPACE(std)vector& v, + RefAST target, + bool partialMatch); +}; + +/** Is node t equal to this in terms of token type and text? + */ +inline bool BaseAST::equals(RefAST t) const +{ + if (!t) + return false; + return ((getType() == t->getType()) && (getText() == t->getText())); +} + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_BaseAST_hpp__ diff --git a/src/antlr/BitSet.cpp b/src/antlr/BitSet.cpp new file mode 100644 index 000000000..989b31dfa --- /dev/null +++ b/src/antlr/BitSet.cpp @@ -0,0 +1,62 @@ +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: BitSet.cpp 1361 2007-06-07 02:34:05Z vkurland $ + */ +#include "antlr/BitSet.hpp" +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +BitSet::BitSet(unsigned int nbits) +: storage(nbits) +{ + for (unsigned int i = 0; i < nbits ; i++ ) + storage[i] = false; +} + +BitSet::BitSet( const unsigned long* bits_, unsigned int nlongs ) +: storage(nlongs*32) +{ + for ( unsigned int i = 0 ; i < (nlongs * 32); i++) + storage[i] = (bits_[i>>5] & (1UL << (i&31))) ? true : false; +} + +BitSet::~BitSet() +{ +} + +void BitSet::add(unsigned int el) +{ + if( el >= storage.size() ) + storage.resize( el+1, false ); + + storage[el] = true; +} + +bool BitSet::member(unsigned int el) const +{ + if ( el >= storage.size()) + return false; + + return storage[el]; +} + +ANTLR_USE_NAMESPACE(std)vector BitSet::toArray() const +{ + ANTLR_USE_NAMESPACE(std)vector elems; + for (unsigned int i = 0; i < storage.size(); i++) + { + if (storage[i]) + elems.push_back(i); + } + + return elems; +} + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif diff --git a/src/antlr/BitSet.hpp b/src/antlr/BitSet.hpp new file mode 100644 index 000000000..79053b195 --- /dev/null +++ b/src/antlr/BitSet.hpp @@ -0,0 +1,60 @@ +#ifndef INC_BitSet_hpp__ +#define INC_BitSet_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: BitSet.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +/** A BitSet to replace java.util.BitSet. + * Primary differences are that most set operators return new sets + * as opposed to oring and anding "in place". Further, a number of + * operations were added. I cannot contain a BitSet because there + * is no way to access the internal bits (which I need for speed) + * and, because it is final, I cannot subclass to add functionality. + * Consider defining set degree. Without access to the bits, I must + * call a method n times to test the ith bit...ack! + * + * Also seems like or() from util is wrong when size of incoming set is bigger + * than this.length. + * + * This is a C++ version of the Java class described above, with only + * a handful of the methods implemented, because we don't need the + * others at runtime. It's really just a wrapper around vector, + * which should probably be changed to a wrapper around bitset, once + * bitset is more widely available. + * + * @author Terence Parr, MageLang Institute + * @author
    Pete Wells + */ +class ANTLR_API BitSet { +private: + ANTLR_USE_NAMESPACE(std)vector storage; + +public: + BitSet( unsigned int nbits=64 ); + BitSet( const unsigned long* bits_, unsigned int nlongs); + ~BitSet(); + + void add( unsigned int el ); + + bool member( unsigned int el ) const; + + ANTLR_USE_NAMESPACE(std)vector toArray() const; +}; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_BitSet_hpp__ diff --git a/src/antlr/CharBuffer.cpp b/src/antlr/CharBuffer.cpp new file mode 100644 index 000000000..a77a6ae7d --- /dev/null +++ b/src/antlr/CharBuffer.cpp @@ -0,0 +1,52 @@ +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: CharBuffer.cpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include "antlr/CharBuffer.hpp" +#include + +//#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +/* RK: Per default istream does not throw exceptions. This can be + * enabled with: + * stream.exceptions(ios_base::badbit|ios_base::failbit|ios_base::eofbit); + * + * We could try catching the bad/fail stuff. But handling eof via this is + * not a good idea. EOF is best handled as a 'normal' character. + * + * So this does not work yet with gcc... Comment it until I get to a platform + * that does.. + */ + +/** Create a character buffer. Enable fail and bad exceptions, if supported + * by platform. */ +CharBuffer::CharBuffer(ANTLR_USE_NAMESPACE(std)istream& input_) +: input(input_) +{ +// input.exceptions(ANTLR_USE_NAMESPACE(std)ios_base::badbit| +// ANTLR_USE_NAMESPACE(std)ios_base::failbit); +} + +/** Get the next character from the stream. May throw CharStreamIOException + * when something bad happens (not EOF) (if supported by platform). + */ +int CharBuffer::getChar() +{ +// try { + return input.get(); +// } +// catch (ANTLR_USE_NAMESPACE(std)ios_base::failure& e) { +// throw CharStreamIOException(e); +// } +} + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif diff --git a/src/antlr/CharBuffer.hpp b/src/antlr/CharBuffer.hpp new file mode 100644 index 000000000..6488b7d96 --- /dev/null +++ b/src/antlr/CharBuffer.hpp @@ -0,0 +1,56 @@ +#ifndef INC_CharBuffer_hpp__ +#define INC_CharBuffer_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: CharBuffer.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include + +#include + +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +/**A Stream of characters fed to the lexer from a InputStream that can + * be rewound via mark()/rewind() methods. + *

    + * A dynamic array is used to buffer up all the input characters. Normally, + * "k" characters are stored in the buffer. More characters may be stored + * during guess mode (testing syntactic predicate), or when LT(i>k) is + * referenced. + * Consumption of characters is deferred. In other words, reading the next + * character is not done by consume(), but deferred until needed by LA or LT. + *

    + * + * @see antlr.CharQueue + */ + +class ANTLR_API CharBuffer : public InputBuffer { +public: + /// Create a character buffer + CharBuffer( ANTLR_USE_NAMESPACE(std)istream& input ); + /// Get the next character from the stream + int getChar(); + +protected: + // character source + ANTLR_USE_NAMESPACE(std)istream& input; + +private: + // NOTE: Unimplemented + CharBuffer(const CharBuffer& other); + CharBuffer& operator=(const CharBuffer& other); +}; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_CharBuffer_hpp__ diff --git a/src/antlr/CharInputBuffer.hpp b/src/antlr/CharInputBuffer.hpp new file mode 100644 index 000000000..f9bb323b0 --- /dev/null +++ b/src/antlr/CharInputBuffer.hpp @@ -0,0 +1,77 @@ +#ifndef INC_CharInputBuffer_hpp__ +# define INC_CharInputBuffer_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: CharInputBuffer.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +# include +# include + +# ifdef HAS_NOT_CCTYPE_H +# include +# else +# include +# endif + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +/** CharInputBuffer.hpp provides an InputBuffer for plain character arrays (buffers). + */ +class CharInputBuffer : public InputBuffer +{ +public: + /** Construct a CharInputBuffer.hpp object with a char* buffer of 'size' + * if 'owner' is true, then the buffer will be delete[]-ed on destruction. + * @note it is assumed the buffer was allocated with new[]! + */ + CharInputBuffer( unsigned char* buf, size_t size, bool owner = false ) + : buffer(buf) + , ptr(buf) + , end(buf + size) + , delete_buffer(owner) + { + } + + /** Destructor + * @note If you're using malloced data, then you probably need to change + * this destructor. Or better use this class as template for your own. + */ + ~CharInputBuffer( void ) + { + if( delete_buffer && buffer ) + delete [] buffer; + } + + /** Reset the CharInputBuffer to initial state + * Called from LexerInputState::reset. + * @see LexerInputState + */ + virtual inline void reset( void ) + { + InputBuffer::reset(); + ptr = buffer; + } + + virtual int getChar( void ) + { + return (ptr < end) ? *ptr++ : EOF; + } + +protected: + unsigned char* buffer; ///< the buffer with data + unsigned char* ptr; ///< position ptr into the buffer + unsigned char* end; ///< end sentry for buffer + bool delete_buffer; ///< flag signifying if we have to delete the buffer +}; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif diff --git a/src/antlr/CharScanner.cpp b/src/antlr/CharScanner.cpp new file mode 100644 index 000000000..d6f80b720 --- /dev/null +++ b/src/antlr/CharScanner.cpp @@ -0,0 +1,108 @@ +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: CharScanner.cpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include + +#include "antlr/CharScanner.hpp" +#include "antlr/CommonToken.hpp" + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif +ANTLR_C_USING(exit) + +CharScanner::CharScanner(InputBuffer& cb, bool case_sensitive ) + : saveConsumedInput(true) //, caseSensitiveLiterals(true) + , caseSensitive(case_sensitive) + , literals(CharScannerLiteralsLess(this)) + , inputState(new LexerInputState(cb)) + , commitToPath(false) + , tabsize(8) + , traceDepth(0) +{ + setTokenObjectFactory(&CommonToken::factory); +} + +CharScanner::CharScanner(InputBuffer* cb, bool case_sensitive ) + : saveConsumedInput(true) //, caseSensitiveLiterals(true) + , caseSensitive(case_sensitive) + , literals(CharScannerLiteralsLess(this)) + , inputState(new LexerInputState(cb)) + , commitToPath(false) + , tabsize(8) + , traceDepth(0) +{ + setTokenObjectFactory(&CommonToken::factory); +} + +CharScanner::CharScanner( const LexerSharedInputState& state, bool case_sensitive ) + : saveConsumedInput(true) //, caseSensitiveLiterals(true) + , caseSensitive(case_sensitive) + , literals(CharScannerLiteralsLess(this)) + , inputState(state) + , commitToPath(false) + , tabsize(8) + , traceDepth(0) +{ + setTokenObjectFactory(&CommonToken::factory); +} + +/** Report exception errors caught in nextToken() */ +void CharScanner::reportError(const RecognitionException& ex) +{ + ANTLR_USE_NAMESPACE(std)cerr << ex.toString().c_str() << ANTLR_USE_NAMESPACE(std)endl; +} + +/** Parser error-reporting function can be overridden in subclass */ +void CharScanner::reportError(const ANTLR_USE_NAMESPACE(std)string& s) +{ + if (getFilename() == "") + ANTLR_USE_NAMESPACE(std)cerr << "error: " << s.c_str() << ANTLR_USE_NAMESPACE(std)endl; + else + ANTLR_USE_NAMESPACE(std)cerr << getFilename().c_str() << ": error: " << s.c_str() << ANTLR_USE_NAMESPACE(std)endl; +} + +/** Parser warning-reporting function can be overridden in subclass */ +void CharScanner::reportWarning(const ANTLR_USE_NAMESPACE(std)string& s) +{ + if (getFilename() == "") + ANTLR_USE_NAMESPACE(std)cerr << "warning: " << s.c_str() << ANTLR_USE_NAMESPACE(std)endl; + else + ANTLR_USE_NAMESPACE(std)cerr << getFilename().c_str() << ": warning: " << s.c_str() << ANTLR_USE_NAMESPACE(std)endl; +} + +void CharScanner::traceIndent() +{ + for( int i = 0; i < traceDepth; i++ ) + ANTLR_USE_NAMESPACE(std)cout << " "; +} + +void CharScanner::traceIn(const char* rname) +{ + traceDepth++; + traceIndent(); + ANTLR_USE_NAMESPACE(std)cout << "> lexer " << rname + << "; c==" << LA(1) << ANTLR_USE_NAMESPACE(std)endl; +} + +void CharScanner::traceOut(const char* rname) +{ + traceIndent(); + ANTLR_USE_NAMESPACE(std)cout << "< lexer " << rname + << "; c==" << LA(1) << ANTLR_USE_NAMESPACE(std)endl; + traceDepth--; +} + +#ifndef NO_STATIC_CONSTS +const int CharScanner::NO_CHAR; +const int CharScanner::EOF_CHAR; +#endif + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + diff --git a/src/antlr/CharScanner.hpp b/src/antlr/CharScanner.hpp new file mode 100644 index 000000000..41bed4236 --- /dev/null +++ b/src/antlr/CharScanner.hpp @@ -0,0 +1,574 @@ +#ifndef INC_CharScanner_hpp__ +#define INC_CharScanner_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: CharScanner.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include + +#include + +#ifdef HAS_NOT_CCTYPE_H +#include +#else +#include +#endif + +#if ( _MSC_VER == 1200 ) +// VC6 seems to need this +// note that this is not a standard C++ include file. +# include +#endif + +#include +#include +#include +#include +#include +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +class ANTLR_API CharScanner; + +ANTLR_C_USING(tolower) + +#ifdef ANTLR_REALLY_NO_STRCASECMP +// Apparently, neither strcasecmp nor stricmp is standard, and Codewarrior +// on the mac has neither... +inline int strcasecmp(const char *s1, const char *s2) +{ + while (true) + { + char c1 = tolower(*s1++), + c2 = tolower(*s2++); + if (c1 < c2) return -1; + if (c1 > c2) return 1; + if (c1 == 0) return 0; + } +} +#else +#ifdef NO_STRCASECMP +ANTLR_C_USING(stricmp) +#else +ANTLR_C_USING(strcasecmp) +#endif +#endif + +/** Functor for the literals map + */ +class ANTLR_API CharScannerLiteralsLess : public ANTLR_USE_NAMESPACE(std)binary_function { +private: + const CharScanner* scanner; +public: +#ifdef NO_TEMPLATE_PARTS + CharScannerLiteralsLess() {} // not really used, definition to appease MSVC +#endif + CharScannerLiteralsLess(const CharScanner* theScanner) + : scanner(theScanner) + { + } + bool operator() (const ANTLR_USE_NAMESPACE(std)string& x,const ANTLR_USE_NAMESPACE(std)string& y) const; +// defaults are good enough.. + // CharScannerLiteralsLess(const CharScannerLiteralsLess&); + // CharScannerLiteralsLess& operator=(const CharScannerLiteralsLess&); +}; + +/** Superclass of generated lexers + */ +class ANTLR_API CharScanner : public TokenStream { +protected: + typedef RefToken (*factory_type)(); +public: + CharScanner(InputBuffer& cb, bool case_sensitive ); + CharScanner(InputBuffer* cb, bool case_sensitive ); + CharScanner(const LexerSharedInputState& state, bool case_sensitive ); + + virtual ~CharScanner() + { + } + + virtual int LA(unsigned int i); + + virtual void append(char c) + { + if (saveConsumedInput) + { + size_t l = text.length(); + + if ((l%256) == 0) + text.reserve(l+256); + + text.replace(l,0,&c,1); + } + } + + virtual void append(const ANTLR_USE_NAMESPACE(std)string& s) + { + if( saveConsumedInput ) + text += s; + } + + virtual void commit() + { + inputState->getInput().commit(); + } + + /** called by the generated lexer to do error recovery, override to + * customize the behaviour. + */ + virtual void recover(const RecognitionException& ex, const BitSet& tokenSet) + { + consume(); + consumeUntil(tokenSet); + } + + virtual void consume() + { + if (inputState->guessing == 0) + { + int c = LA(1); + if (caseSensitive) + { + append(c); + } + else + { + // use input.LA(), not LA(), to get original case + // CharScanner.LA() would toLower it. + append(inputState->getInput().LA(1)); + } + + // RK: in a sense I don't like this automatic handling. + if (c == '\t') + tab(); + else + inputState->column++; + } + inputState->getInput().consume(); + } + + /** Consume chars until one matches the given char */ + virtual void consumeUntil(int c) + { + for(;;) + { + int la_1 = LA(1); + if( la_1 == EOF_CHAR || la_1 == c ) + break; + consume(); + } + } + + /** Consume chars until one matches the given set */ + virtual void consumeUntil(const BitSet& set) + { + for(;;) + { + int la_1 = LA(1); + if( la_1 == EOF_CHAR || set.member(la_1) ) + break; + consume(); + } + } + + /// Mark the current position and return a id for it + virtual unsigned int mark() + { + return inputState->getInput().mark(); + } + /// Rewind the scanner to a previously marked position + virtual void rewind(unsigned int pos) + { + inputState->getInput().rewind(pos); + } + + /// See if input contains character 'c' throw MismatchedCharException if not + virtual void match(int c) + { + int la_1 = LA(1); + if ( la_1 != c ) + throw MismatchedCharException(la_1, c, false, this); + consume(); + } + + /** See if input contains element from bitset b + * throw MismatchedCharException if not + */ + virtual void match(const BitSet& b) + { + int la_1 = LA(1); + + if ( !b.member(la_1) ) + throw MismatchedCharException( la_1, b, false, this ); + consume(); + } + + /** See if input contains string 's' throw MismatchedCharException if not + * @note the string cannot match EOF + */ + virtual void match( const char* s ) + { + while( *s != '\0' ) + { + // the & 0xFF is here to prevent sign extension lateron + int la_1 = LA(1), c = (*s++ & 0xFF); + + if ( la_1 != c ) + throw MismatchedCharException(la_1, c, false, this); + + consume(); + } + } + /** See if input contains string 's' throw MismatchedCharException if not + * @note the string cannot match EOF + */ + virtual void match(const ANTLR_USE_NAMESPACE(std)string& s) + { + size_t len = s.length(); + + for (size_t i = 0; i < len; i++) + { + // the & 0xFF is here to prevent sign extension lateron + int la_1 = LA(1), c = (s[i] & 0xFF); + + if ( la_1 != c ) + throw MismatchedCharException(la_1, c, false, this); + + consume(); + } + } + /** See if input does not contain character 'c' + * throw MismatchedCharException if not + */ + virtual void matchNot(int c) + { + int la_1 = LA(1); + + if ( la_1 == c ) + throw MismatchedCharException(la_1, c, true, this); + + consume(); + } + /** See if input contains character in range c1-c2 + * throw MismatchedCharException if not + */ + virtual void matchRange(int c1, int c2) + { + int la_1 = LA(1); + + if ( la_1 < c1 || la_1 > c2 ) + throw MismatchedCharException(la_1, c1, c2, false, this); + + consume(); + } + + virtual bool getCaseSensitive() const + { + return caseSensitive; + } + + virtual void setCaseSensitive(bool t) + { + caseSensitive = t; + } + + virtual bool getCaseSensitiveLiterals() const=0; + + /// Get the line the scanner currently is in (starts at 1) + virtual int getLine() const + { + return inputState->line; + } + + /// set the line number + virtual void setLine(int l) + { + inputState->line = l; + } + + /// Get the column the scanner currently is in (starts at 1) + virtual int getColumn() const + { + return inputState->column; + } + /// set the column number + virtual void setColumn(int c) + { + inputState->column = c; + } + + /// get the filename for the file currently used + virtual const ANTLR_USE_NAMESPACE(std)string& getFilename() const + { + return inputState->filename; + } + /// Set the filename the scanner is using (used in error messages) + virtual void setFilename(const ANTLR_USE_NAMESPACE(std)string& f) + { + inputState->filename = f; + } + + virtual bool getCommitToPath() const + { + return commitToPath; + } + + virtual void setCommitToPath(bool commit) + { + commitToPath = commit; + } + + /** return a copy of the current text buffer */ + virtual const ANTLR_USE_NAMESPACE(std)string& getText() const + { + return text; + } + + virtual void setText(const ANTLR_USE_NAMESPACE(std)string& s) + { + text = s; + } + + virtual void resetText() + { + text = ""; + inputState->tokenStartColumn = inputState->column; + inputState->tokenStartLine = inputState->line; + } + + virtual RefToken getTokenObject() const + { + return _returnToken; + } + + /** Used to keep track of line breaks, needs to be called from + * within generated lexers when a \n \r is encountered. + */ + virtual void newline() + { + ++inputState->line; + inputState->column = 1; + } + + /** Advance the current column number by an appropriate amount according + * to the tabsize. This method needs to be explicitly called from the + * lexer rules encountering tabs. + */ + virtual void tab() + { + int c = getColumn(); + int nc = ( ((c-1)/tabsize) + 1) * tabsize + 1; // calculate tab stop + setColumn( nc ); + } + /// set the tabsize. Returns the old tabsize + int setTabsize( int size ) + { + int oldsize = tabsize; + tabsize = size; + return oldsize; + } + /// Return the tabsize used by the scanner + int getTabSize() const + { + return tabsize; + } + + /** Report exception errors caught in nextToken() */ + virtual void reportError(const RecognitionException& e); + + /** Parser error-reporting function can be overridden in subclass */ + virtual void reportError(const ANTLR_USE_NAMESPACE(std)string& s); + + /** Parser warning-reporting function can be overridden in subclass */ + virtual void reportWarning(const ANTLR_USE_NAMESPACE(std)string& s); + + virtual InputBuffer& getInputBuffer() + { + return inputState->getInput(); + } + + virtual LexerSharedInputState getInputState() + { + return inputState; + } + + /** set the input state for the lexer. + * @note state is a reference counted object, hence no reference */ + virtual void setInputState(LexerSharedInputState state) + { + inputState = state; + } + + /// Set the factory for created tokens + virtual void setTokenObjectFactory(factory_type factory) + { + tokenFactory = factory; + } + + /** Test the token text against the literals table + * Override this method to perform a different literals test + */ + virtual int testLiteralsTable(int ttype) const + { + ANTLR_USE_NAMESPACE(std)map::const_iterator i = literals.find(text); + if (i != literals.end()) + ttype = (*i).second; + return ttype; + } + + /** Test the text passed in against the literals table + * Override this method to perform a different literals test + * This is used primarily when you want to test a portion of + * a token + */ + virtual int testLiteralsTable(const ANTLR_USE_NAMESPACE(std)string& txt,int ttype) const + { + ANTLR_USE_NAMESPACE(std)map::const_iterator i = literals.find(txt); + if (i != literals.end()) + ttype = (*i).second; + return ttype; + } + + /// Override this method to get more specific case handling + virtual int toLower(int c) const + { + // test on EOF_CHAR for buggy (?) STLPort tolower (or HPUX tolower?) + // also VC++ 6.0 does this. (see fix 422 (is reverted by this fix) + // this one is more structural. Maybe make this configurable. + return (c == EOF_CHAR ? EOF_CHAR : tolower(c)); + } + + /** This method is called by YourLexer::nextToken() when the lexer has + * hit EOF condition. EOF is NOT a character. + * This method is not called if EOF is reached during + * syntactic predicate evaluation or during evaluation + * of normal lexical rules, which presumably would be + * an IOException. This traps the "normal" EOF condition. + * + * uponEOF() is called after the complete evaluation of + * the previous token and only if your parser asks + * for another token beyond that last non-EOF token. + * + * You might want to throw token or char stream exceptions + * like: "Heh, premature eof" or a retry stream exception + * ("I found the end of this file, go back to referencing file"). + */ + virtual void uponEOF() + { + } + + /// Methods used to change tracing behavior + virtual void traceIndent(); + virtual void traceIn(const char* rname); + virtual void traceOut(const char* rname); + +#ifndef NO_STATIC_CONSTS + static const int EOF_CHAR = EOF; +#else + enum { + EOF_CHAR = EOF + }; +#endif +protected: + ANTLR_USE_NAMESPACE(std)string text; ///< Text of current token + /// flag indicating wether consume saves characters + bool saveConsumedInput; + factory_type tokenFactory; ///< Factory for tokens + bool caseSensitive; ///< Is this lexer case sensitive + ANTLR_USE_NAMESPACE(std)map literals; // set by subclass + + RefToken _returnToken; ///< used to return tokens w/o using return val + + /// Input state, gives access to input stream, shared among different lexers + LexerSharedInputState inputState; + + /** Used during filter mode to indicate that path is desired. + * A subsequent scan error will report an error as usual + * if acceptPath=true; + */ + bool commitToPath; + + int tabsize; ///< tab size the scanner uses. + + /// Create a new RefToken of type t + virtual RefToken makeToken(int t) + { + RefToken tok = tokenFactory(); + tok->setType(t); + tok->setColumn(inputState->tokenStartColumn); + tok->setLine(inputState->tokenStartLine); + return tok; + } + + /** Tracer class, used when -traceLexer is passed to antlr + */ + class Tracer { + private: + CharScanner* parser; + const char* text; + + Tracer(const Tracer& other); // undefined + Tracer& operator=(const Tracer& other); // undefined + public: + Tracer( CharScanner* p,const char* t ) + : parser(p), text(t) + { + parser->traceIn(text); + } + ~Tracer() + { + parser->traceOut(text); + } + }; + + int traceDepth; +private: + CharScanner( const CharScanner& other ); // undefined + CharScanner& operator=( const CharScanner& other ); // undefined + +#ifndef NO_STATIC_CONSTS + static const int NO_CHAR = 0; +#else + enum { + NO_CHAR = 0 + }; +#endif +}; + +inline int CharScanner::LA(unsigned int i) +{ + int c = inputState->getInput().LA(i); + + if ( caseSensitive ) + return c; + else + return toLower(c); // VC 6 tolower bug caught in toLower. +} + +inline bool CharScannerLiteralsLess::operator() (const ANTLR_USE_NAMESPACE(std)string& x,const ANTLR_USE_NAMESPACE(std)string& y) const +{ + if (scanner->getCaseSensitiveLiterals()) + return ANTLR_USE_NAMESPACE(std)less()(x,y); + else + { +#ifdef NO_STRCASECMP + return (stricmp(x.c_str(),y.c_str())<0); +#else + return (strcasecmp(x.c_str(),y.c_str())<0); +#endif + } +} + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_CharScanner_hpp__ diff --git a/src/antlr/CharStreamException.hpp b/src/antlr/CharStreamException.hpp new file mode 100644 index 000000000..544d1ed04 --- /dev/null +++ b/src/antlr/CharStreamException.hpp @@ -0,0 +1,29 @@ +#ifndef INC_CharStreamException_hpp__ +#define INC_CharStreamException_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: CharStreamException.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +class ANTLR_API CharStreamException : public ANTLRException { +public: + CharStreamException(const ANTLR_USE_NAMESPACE(std)string& s) + : ANTLRException(s) {} + ~CharStreamException() throw() {} +}; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_CharStreamException_hpp__ diff --git a/src/antlr/CharStreamIOException.hpp b/src/antlr/CharStreamIOException.hpp new file mode 100644 index 000000000..003cacb5d --- /dev/null +++ b/src/antlr/CharStreamIOException.hpp @@ -0,0 +1,31 @@ +#ifndef INC_CharStreamIOException_hpp__ +#define INC_CharStreamIOException_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: CharStreamIOException.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +class ANTLR_API CharStreamIOException : public CharStreamException { +public: + ANTLR_USE_NAMESPACE(std)exception io; + + CharStreamIOException(ANTLR_USE_NAMESPACE(std)exception& e) + : CharStreamException(e.what()), io(e) {} + ~CharStreamIOException() throw() {} +}; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_CharStreamIOException_hpp__ diff --git a/src/antlr/CircularQueue.hpp b/src/antlr/CircularQueue.hpp new file mode 100644 index 000000000..5d1db3e86 --- /dev/null +++ b/src/antlr/CircularQueue.hpp @@ -0,0 +1,100 @@ +#ifndef INC_CircularQueue_hpp__ +#define INC_CircularQueue_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: CircularQueue.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +// Resize every 5000 items +#define OFFSET_MAX_RESIZE 5000 + +template +class ANTLR_API CircularQueue { +public: + CircularQueue() + : storage() + , m_offset(0) + { + } + ~CircularQueue() + { + } + + /// Clear the queue + inline void clear( void ) + { + m_offset = 0; + storage.clear(); + } + + /// @todo this should use at or should have a check + inline T elementAt( size_t idx ) const + { + return storage[idx+m_offset]; + } + void removeFirst() + { + if (m_offset >= OFFSET_MAX_RESIZE) + { + storage.erase( storage.begin(), storage.begin() + m_offset + 1 ); + m_offset = 0; + } + else + ++m_offset; + } + inline void removeItems( size_t nb ) + { + // it would be nice if we would not get called with nb > entries + // (or to be precise when entries() == 0) + // This case is possible when lexer/parser::recover() calls + // consume+consumeUntil when the queue is empty. + // In recover the consume says to prepare to read another + // character/token. Then in the subsequent consumeUntil the + // LA() call will trigger + // syncConsume which calls this method *before* the same queue + // has been sufficiently filled. + if( nb > entries() ) + nb = entries(); + + if (m_offset >= OFFSET_MAX_RESIZE) + { + storage.erase( storage.begin(), storage.begin() + m_offset + nb ); + m_offset = 0; + } + else + m_offset += nb; + } + inline void append(const T& t) + { + storage.push_back(t); + } + inline size_t entries() const + { + return storage.size() - m_offset; + } + +private: + ANTLR_USE_NAMESPACE(std)vector storage; + size_t m_offset; + + CircularQueue(const CircularQueue&); + const CircularQueue& operator=(const CircularQueue&); +}; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_CircularQueue_hpp__ diff --git a/src/antlr/CommonAST.cpp b/src/antlr/CommonAST.cpp new file mode 100644 index 000000000..198d0f74a --- /dev/null +++ b/src/antlr/CommonAST.cpp @@ -0,0 +1,49 @@ +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: CommonAST.cpp 1361 2007-06-07 02:34:05Z vkurland $ + */ +#include "antlr/config.hpp" + +#include +#include + +#include "antlr/CommonAST.hpp" +#include "antlr/ANTLRUtil.hpp" + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +const char* const CommonAST::TYPE_NAME = "CommonAST"; + +#ifdef ANTLR_SUPPORT_XML +void CommonAST::initialize( ANTLR_USE_NAMESPACE(std)istream& in ) +{ + ANTLR_USE_NAMESPACE(std)string t1, t2, text; + + // text + read_AttributeNValue( in, t1, text ); + + read_AttributeNValue( in, t1, t2 ); +#ifdef ANTLR_ATOI_IN_STD + int type = ANTLR_USE_NAMESPACE(std)atoi(t2.c_str()); +#else + int type = atoi(t2.c_str()); +#endif + + // initialize first part of AST. + this->initialize( type, text ); +} +#endif + +RefAST CommonAST::factory() +{ + return RefAST(new CommonAST); +} + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + diff --git a/src/antlr/CommonAST.hpp b/src/antlr/CommonAST.hpp new file mode 100644 index 000000000..ac9e15ca0 --- /dev/null +++ b/src/antlr/CommonAST.hpp @@ -0,0 +1,110 @@ +#ifndef INC_CommonAST_hpp__ +#define INC_CommonAST_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: CommonAST.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +class ANTLR_API CommonAST : public BaseAST { +public: + CommonAST() + : BaseAST() + , ttype( Token::INVALID_TYPE ) + , text() + { + } + + CommonAST( RefToken t ) + : BaseAST() + , ttype( t->getType() ) + , text( t->getText() ) + { + } + + CommonAST( const CommonAST& other ) + : BaseAST(other) + , ttype(other.ttype) + , text(other.text) + { + } + + virtual ~CommonAST() + { + } + + virtual const char* typeName( void ) const + { + return CommonAST::TYPE_NAME; + } + + /// Clone this AST node. + virtual RefAST clone( void ) const + { + CommonAST *ast = new CommonAST( *this ); + return RefAST(ast); + } + + virtual ANTLR_USE_NAMESPACE(std)string getText() const + { + return text; + } + virtual int getType() const + { + return ttype; + } + + virtual void initialize( int t, const ANTLR_USE_NAMESPACE(std)string& txt ) + { + setType(t); + setText(txt); + } + + virtual void initialize( RefAST t ) + { + setType(t->getType()); + setText(t->getText()); + } + virtual void initialize( RefToken t ) + { + setType(t->getType()); + setText(t->getText()); + } + +#ifdef ANTLR_SUPPORT_XML + virtual void initialize( ANTLR_USE_NAMESPACE(std)istream& in ); +#endif + + virtual void setText( const ANTLR_USE_NAMESPACE(std)string& txt ) + { + text = txt; + } + virtual void setType( int type ) + { + ttype = type; + } + + static RefAST factory(); + + static const char* const TYPE_NAME; +protected: + int ttype; + ANTLR_USE_NAMESPACE(std)string text; +}; + +typedef ASTRefCount RefCommonAST; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_CommonAST_hpp__ diff --git a/src/antlr/CommonASTWithHiddenTokens.cpp b/src/antlr/CommonASTWithHiddenTokens.cpp new file mode 100644 index 000000000..abbac9316 --- /dev/null +++ b/src/antlr/CommonASTWithHiddenTokens.cpp @@ -0,0 +1,64 @@ +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: CommonASTWithHiddenTokens.cpp 1361 2007-06-07 02:34:05Z vkurland $ + */ +#include "antlr/config.hpp" +#include "antlr/AST.hpp" +#include "antlr/BaseAST.hpp" +#include "antlr/CommonAST.hpp" +#include "antlr/CommonASTWithHiddenTokens.hpp" +#include "antlr/CommonHiddenStreamToken.hpp" + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +const char* const CommonASTWithHiddenTokens::TYPE_NAME = "CommonASTWithHiddenTokens"; +// RK: Do not put constructor and destructor into the header file here.. +// this triggers something very obscure in gcc 2.95.3 (and 3.0) +// missing vtables and stuff. +// Although this may be a problem with with binutils. +CommonASTWithHiddenTokens::CommonASTWithHiddenTokens() +: CommonAST() +{ +} + +CommonASTWithHiddenTokens::~CommonASTWithHiddenTokens() +{ +} + +void CommonASTWithHiddenTokens::initialize(int t,const ANTLR_USE_NAMESPACE(std)string& txt) +{ + CommonAST::initialize(t,txt); +} + +void CommonASTWithHiddenTokens::initialize(RefAST t) +{ + CommonAST::initialize(t); + hiddenBefore = RefCommonASTWithHiddenTokens(t)->getHiddenBefore(); + hiddenAfter = RefCommonASTWithHiddenTokens(t)->getHiddenAfter(); +} + +void CommonASTWithHiddenTokens::initialize(RefToken t) +{ + CommonAST::initialize(t); + hiddenBefore = static_cast(t.get())->getHiddenBefore(); + hiddenAfter = static_cast(t.get())->getHiddenAfter(); +} + +RefAST CommonASTWithHiddenTokens::factory() +{ + return RefAST(new CommonASTWithHiddenTokens); +} + +RefAST CommonASTWithHiddenTokens::clone( void ) const +{ + CommonASTWithHiddenTokens *ast = new CommonASTWithHiddenTokens( *this ); + return RefAST(ast); +} + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif diff --git a/src/antlr/CommonASTWithHiddenTokens.hpp b/src/antlr/CommonASTWithHiddenTokens.hpp new file mode 100644 index 000000000..a2356d2a8 --- /dev/null +++ b/src/antlr/CommonASTWithHiddenTokens.hpp @@ -0,0 +1,60 @@ +#ifndef INC_CommonASTWithHiddenTokens_hpp__ +#define INC_CommonASTWithHiddenTokens_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: CommonASTWithHiddenTokens.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +/** A CommonAST whose initialization copies hidden token + * information from the Token used to create a node. + */ +class ANTLR_API CommonASTWithHiddenTokens : public CommonAST { +public: + CommonASTWithHiddenTokens(); + virtual ~CommonASTWithHiddenTokens(); + virtual const char* typeName( void ) const + { + return CommonASTWithHiddenTokens::TYPE_NAME; + } + /// Clone this AST node. + virtual RefAST clone( void ) const; + + // Borland C++ builder seems to need the decl's of the first two... + virtual void initialize(int t,const ANTLR_USE_NAMESPACE(std)string& txt); + virtual void initialize(RefAST t); + virtual void initialize(RefToken t); + + virtual RefToken getHiddenAfter() const + { + return hiddenAfter; + } + + virtual RefToken getHiddenBefore() const + { + return hiddenBefore; + } + + static RefAST factory(); + + static const char* const TYPE_NAME; +protected: + RefToken hiddenBefore,hiddenAfter; // references to hidden tokens +}; + +typedef ASTRefCount RefCommonASTWithHiddenTokens; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_CommonASTWithHiddenTokens_hpp__ diff --git a/src/antlr/CommonHiddenStreamToken.cpp b/src/antlr/CommonHiddenStreamToken.cpp new file mode 100644 index 000000000..b95138bc7 --- /dev/null +++ b/src/antlr/CommonHiddenStreamToken.cpp @@ -0,0 +1,56 @@ +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: CommonHiddenStreamToken.cpp 1361 2007-06-07 02:34:05Z vkurland $ + */ +#include "antlr/CommonHiddenStreamToken.hpp" + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +CommonHiddenStreamToken::CommonHiddenStreamToken() +: CommonToken() +{ +} + +CommonHiddenStreamToken::CommonHiddenStreamToken(int t, const ANTLR_USE_NAMESPACE(std)string& txt) +: CommonToken(t,txt) +{ +} + +CommonHiddenStreamToken::CommonHiddenStreamToken(const ANTLR_USE_NAMESPACE(std)string& s) +: CommonToken(s) +{ +} + +RefToken CommonHiddenStreamToken::getHiddenAfter() +{ + return hiddenAfter; +} + +RefToken CommonHiddenStreamToken::getHiddenBefore() +{ + return hiddenBefore; +} + +RefToken CommonHiddenStreamToken::factory() +{ + return RefToken(new CommonHiddenStreamToken); +} + +void CommonHiddenStreamToken::setHiddenAfter(RefToken t) +{ + hiddenAfter = t; +} + +void CommonHiddenStreamToken::setHiddenBefore(RefToken t) +{ + hiddenBefore = t; +} + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + diff --git a/src/antlr/CommonHiddenStreamToken.hpp b/src/antlr/CommonHiddenStreamToken.hpp new file mode 100644 index 000000000..cb9be2fed --- /dev/null +++ b/src/antlr/CommonHiddenStreamToken.hpp @@ -0,0 +1,41 @@ +#ifndef INC_CommonHiddenStreamToken_hpp__ +#define INC_CommonHiddenStreamToken_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: CommonHiddenStreamToken.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +class ANTLR_API CommonHiddenStreamToken : public CommonToken { +protected: + RefToken hiddenBefore; + RefToken hiddenAfter; + +public: + CommonHiddenStreamToken(); + CommonHiddenStreamToken(int t, const ANTLR_USE_NAMESPACE(std)string& txt); + CommonHiddenStreamToken(const ANTLR_USE_NAMESPACE(std)string& s); + + RefToken getHiddenAfter(); + RefToken getHiddenBefore(); + + static RefToken factory(); + + void setHiddenAfter(RefToken t); + void setHiddenBefore(RefToken t); +}; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_CommonHiddenStreamToken_hpp__ diff --git a/src/antlr/CommonToken.cpp b/src/antlr/CommonToken.cpp new file mode 100644 index 000000000..de671b610 --- /dev/null +++ b/src/antlr/CommonToken.cpp @@ -0,0 +1,45 @@ +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: CommonToken.cpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include "antlr/CommonToken.hpp" +#include "antlr/String.hpp" + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +CommonToken::CommonToken() : Token(), line(1), col(1), text("") +{} + +CommonToken::CommonToken(int t, const ANTLR_USE_NAMESPACE(std)string& txt) +: Token(t) +, line(1) +, col(1) +, text(txt) +{} + +CommonToken::CommonToken(const ANTLR_USE_NAMESPACE(std)string& s) +: Token() +, line(1) +, col(1) +, text(s) +{} + +ANTLR_USE_NAMESPACE(std)string CommonToken::toString() const +{ + return "[\""+getText()+"\",<"+getType()+">,line="+getLine()+",column="+getColumn()+"]"; +} + +RefToken CommonToken::factory() +{ + return RefToken(new CommonToken); +} + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + diff --git a/src/antlr/CommonToken.hpp b/src/antlr/CommonToken.hpp new file mode 100644 index 000000000..a384a0169 --- /dev/null +++ b/src/antlr/CommonToken.hpp @@ -0,0 +1,83 @@ +#ifndef INC_CommonToken_hpp__ +#define INC_CommonToken_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: CommonToken.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +class ANTLR_API CommonToken : public Token { +public: + CommonToken(); + CommonToken(int t, const ANTLR_USE_NAMESPACE(std)string& txt); + CommonToken(const ANTLR_USE_NAMESPACE(std)string& s); + + /// return contents of token + virtual ANTLR_USE_NAMESPACE(std)string getText() const + { + return text; + } + + /// set contents of token + virtual void setText(const ANTLR_USE_NAMESPACE(std)string& s) + { + text = s; + } + + /** get the line the token is at (starting at 1) + * @see CharScanner::newline() + * @see CharScanner::tab() + */ + virtual int getLine() const + { + return line; + } + /** gt the column the token is at (starting at 1) + * @see CharScanner::newline() + * @see CharScanner::tab() + */ + virtual int getColumn() const + { + return col; + } + + /// set line for token + virtual void setLine(int l) + { + line = l; + } + /// set column for token + virtual void setColumn(int c) + { + col = c; + } + + virtual ANTLR_USE_NAMESPACE(std)string toString() const; + static RefToken factory(); + +protected: + // most tokens will want line and text information + int line; + int col; + ANTLR_USE_NAMESPACE(std)string text; + +private: + CommonToken(const CommonToken&); + const CommonToken& operator=(const CommonToken&); +}; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_CommonToken_hpp__ diff --git a/src/antlr/IOException.hpp b/src/antlr/IOException.hpp new file mode 100644 index 000000000..3aac1704f --- /dev/null +++ b/src/antlr/IOException.hpp @@ -0,0 +1,45 @@ +#ifndef INC_IOException_hpp__ +#define INC_IOException_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: IOException.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +/** Generic IOException used inside support code. (thrown by XML I/O routs) + * basically this is something I'm using since a lot of compilers don't + * support ios_base::failure. + */ +class ANTLR_API IOException : public ANTLRException +{ +public: + ANTLR_USE_NAMESPACE(std)exception io; + + IOException( ANTLR_USE_NAMESPACE(std)exception& e ) + : ANTLRException(e.what()) + { + } + IOException( const ANTLR_USE_NAMESPACE(std)string& mesg ) + : ANTLRException(mesg) + { + } + virtual ~IOException() throw() + { + } +}; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_IOException_hpp__ diff --git a/src/antlr/InputBuffer.cpp b/src/antlr/InputBuffer.cpp new file mode 100644 index 000000000..3c20bffd9 --- /dev/null +++ b/src/antlr/InputBuffer.cpp @@ -0,0 +1,81 @@ +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: InputBuffer.cpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include "antlr/config.hpp" +#include "antlr/InputBuffer.hpp" + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +/** Ensure that the character buffer is sufficiently full */ +void InputBuffer::fill(unsigned int amount) +{ + syncConsume(); + // Fill the buffer sufficiently to hold needed characters + while (queue.entries() < amount + markerOffset) + { + // Append the next character + queue.append(getChar()); + } +} + +/** get the current lookahead characters as a string + * @warning it may treat 0 and EOF values wrong + */ +ANTLR_USE_NAMESPACE(std)string InputBuffer::getLAChars( void ) const +{ + ANTLR_USE_NAMESPACE(std)string ret; + + for(unsigned int i = markerOffset; i < queue.entries(); i++) + ret += queue.elementAt(i); + + return ret; +} + +/** get the current marked characters as a string + * @warning it may treat 0 and EOF values wrong + */ +ANTLR_USE_NAMESPACE(std)string InputBuffer::getMarkedChars( void ) const +{ + ANTLR_USE_NAMESPACE(std)string ret; + + for(unsigned int i = 0; i < markerOffset; i++) + ret += queue.elementAt(i); + + return ret; +} + +/** Return an integer marker that can be used to rewind the buffer to + * its current state. + */ +unsigned int InputBuffer::mark() +{ + syncConsume(); + nMarkers++; + return markerOffset; +} + +/** Rewind the character buffer to a marker. + * @param mark Marker returned previously from mark() + */ +void InputBuffer::rewind(unsigned int mark) +{ + syncConsume(); + markerOffset = mark; + nMarkers--; +} + +unsigned int InputBuffer::entries() const +{ + //assert(queue.entries() >= markerOffset); + return queue.entries() - markerOffset; +} + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif diff --git a/src/antlr/InputBuffer.hpp b/src/antlr/InputBuffer.hpp new file mode 100644 index 000000000..6c482a827 --- /dev/null +++ b/src/antlr/InputBuffer.hpp @@ -0,0 +1,146 @@ +#ifndef INC_InputBuffer_hpp__ +#define INC_InputBuffer_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: InputBuffer.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +/** A Stream of characters fed to the lexer from a InputStream that can + * be rewound via mark()/rewind() methods. + *

    + * A dynamic array is used to buffer up all the input characters. Normally, + * "k" characters are stored in the buffer. More characters may be stored during + * guess mode (testing syntactic predicate), or when LT(i>k) is referenced. + * Consumption of characters is deferred. In other words, reading the next + * character is not done by conume(), but deferred until needed by LA or LT. + *

    + * + * @see antlr.CharQueue + */ +class ANTLR_API InputBuffer { +public: + /** Create a character buffer */ + InputBuffer() + : nMarkers(0) + , markerOffset(0) + , numToConsume(0) + { + } + + virtual ~InputBuffer() + { + } + + /// Reset the input buffer to empty state + virtual inline void reset( void ) + { + nMarkers = 0; + markerOffset = 0; + numToConsume = 0; + queue.clear(); + } + + /** This method updates the state of the input buffer so that + * the text matched since the most recent mark() is no longer + * held by the buffer. So, you either do a mark/rewind for + * failed predicate or mark/commit to keep on parsing without + * rewinding the input. + */ + inline void commit( void ) + { + nMarkers--; + } + + /** Mark another character for deferred consumption */ + virtual inline void consume() + { + numToConsume++; + } + + /** Ensure that the character buffer is sufficiently full */ + virtual void fill(unsigned int amount); + + /** Override this in subclasses to get the next character */ + virtual int getChar()=0; + + /** Get a lookahead character */ + virtual inline int LA(unsigned int i) + { + fill(i); + return queue.elementAt(markerOffset + i - 1); + } + + /** Return an integer marker that can be used to rewind the buffer to + * its current state. + */ + virtual unsigned int mark(); + /// Are there any marks active in the InputBuffer + virtual inline bool isMarked() const + { + return (nMarkers != 0); + } + /** Rewind the character buffer to a marker. + * @param mark Marker returned previously from mark() + */ + virtual void rewind(unsigned int mark); + + /** Get the number of non-consumed characters + */ + virtual unsigned int entries() const; + + ANTLR_USE_NAMESPACE(std)string getLAChars() const; + + ANTLR_USE_NAMESPACE(std)string getMarkedChars() const; + +protected: + // char source + // leave to subclasses + + // Number of active markers + unsigned int nMarkers; // = 0; + + // Additional offset used when markers are active + unsigned int markerOffset; // = 0; + + // Number of calls to consume() since last LA() or LT() call + unsigned int numToConsume; // = 0; + + // Circular queue + CircularQueue queue; + + /** Sync up deferred consumption */ + void syncConsume(); + +private: + InputBuffer(const InputBuffer& other); + InputBuffer& operator=(const InputBuffer& other); +}; + +/** Sync up deferred consumption */ +inline void InputBuffer::syncConsume() { + if (numToConsume > 0) + { + if (nMarkers > 0) + markerOffset += numToConsume; + else + queue.removeItems( numToConsume ); + numToConsume = 0; + } +} + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_InputBuffer_hpp__ diff --git a/src/antlr/LLkParser.cpp b/src/antlr/LLkParser.cpp new file mode 100644 index 000000000..3dbcf4246 --- /dev/null +++ b/src/antlr/LLkParser.cpp @@ -0,0 +1,85 @@ +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: LLkParser.cpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include "antlr/LLkParser.hpp" +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +ANTLR_USING_NAMESPACE(std) + +/**An LL(k) parser. + * + * @see antlr.Token + * @see antlr.TokenBuffer + * @see antlr.LL1Parser + */ + +// LLkParser(int k_); + +LLkParser::LLkParser(const ParserSharedInputState& state, int k_) +: Parser(state), k(k_) +{ +} + +LLkParser::LLkParser(TokenBuffer& tokenBuf, int k_) +: Parser(tokenBuf), k(k_) +{ +} + +LLkParser::LLkParser(TokenStream& lexer, int k_) +: Parser(new TokenBuffer(lexer)), k(k_) +{ +} + +void LLkParser::trace(const char* ee, const char* rname) +{ + traceIndent(); + + cout << ee << rname << ((inputState->guessing>0)?"; [guessing]":"; "); + + for (int i = 1; i <= k; i++) + { + if (i != 1) { + cout << ", "; + } + cout << "LA(" << i << ")=="; + + string temp; + + try { + temp = LT(i)->getText().c_str(); + } + catch( ANTLRException& ae ) + { + temp = "[error: "; + temp += ae.toString(); + temp += ']'; + } + cout << temp; + } + + cout << endl; +} + +void LLkParser::traceIn(const char* rname) +{ + traceDepth++; + trace("> ",rname); +} + +void LLkParser::traceOut(const char* rname) +{ + trace("< ",rname); + traceDepth--; +} + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif diff --git a/src/antlr/LLkParser.hpp b/src/antlr/LLkParser.hpp new file mode 100644 index 000000000..228b1326e --- /dev/null +++ b/src/antlr/LLkParser.hpp @@ -0,0 +1,67 @@ +#ifndef INC_LLkParser_hpp__ +#define INC_LLkParser_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: LLkParser.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +/**An LL(k) parser. + * + * @see antlr.Token + * @see antlr.TokenBuffer + * @see antlr.LL1Parser + */ +class ANTLR_API LLkParser : public Parser { +public: + LLkParser(const ParserSharedInputState& lexer, int k_); + + LLkParser(TokenBuffer& tokenBuf, int k_); + + LLkParser(TokenStream& lexer, int k_); + + /** Consume another token from the input stream. Can only write sequentially! + * If you need 3 tokens ahead, you must consume() 3 times. + *

    + * Note that it is possible to overwrite tokens that have not been matched. + * For example, calling consume() 3 times when k=2, means that the first token + * consumed will be overwritten with the 3rd. + */ + virtual inline void consume() + { + inputState->getInput().consume(); + } + + virtual inline int LA(unsigned int i) + { + return inputState->getInput().LA(i); + } + + virtual inline RefToken LT(unsigned int i) + { + return inputState->getInput().LT(i); + } +protected: + /// the lookahead this LL(k) parser is using. + int k; +private: + void trace(const char* ee, const char* rname); +public: + virtual void traceIn(const char* rname); + virtual void traceOut(const char* rname); +}; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_LLkParser_hpp__ diff --git a/src/antlr/LexerSharedInputState.hpp b/src/antlr/LexerSharedInputState.hpp new file mode 100644 index 000000000..160e2feb8 --- /dev/null +++ b/src/antlr/LexerSharedInputState.hpp @@ -0,0 +1,156 @@ +#ifndef INC_LexerSharedInputState_hpp__ +#define INC_LexerSharedInputState_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: LexerSharedInputState.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include +#include +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +/** This object contains the data associated with an + * input stream of characters. Multiple lexers + * share a single LexerSharedInputState to lex + * the same input stream. + */ +class ANTLR_API LexerInputState { +public: + /** Construct a new LexerInputState + * @param inbuf the InputBuffer to read from. The object is deleted together + * with the LexerInputState object. + */ + LexerInputState(InputBuffer* inbuf) + : column(1) + , line(1) + , tokenStartColumn(1) + , tokenStartLine(1) + , guessing(0) + , filename("") + , input(inbuf) + , inputResponsible(true) + { + } + + /** Construct a new LexerInputState + * @param inbuf the InputBuffer to read from. + */ + LexerInputState(InputBuffer& inbuf) + : column(1) + , line(1) + , tokenStartColumn(1) + , tokenStartLine(1) + , guessing(0) + , filename("") + , input(&inbuf) + , inputResponsible(false) + { + } + + /** Construct a new LexerInputState + * @param in an istream to read from. + * @see antlr.CharBuffer + */ + LexerInputState(ANTLR_USE_NAMESPACE(std)istream& in) + : column(1) + , line(1) + , tokenStartColumn(1) + , tokenStartLine(1) + , guessing(0) + , filename("") + , input(new CharBuffer(in)) + , inputResponsible(true) + { + } + + /** Reset the LexerInputState with a specified stream and filename. + * This method is a hack, dunno what I was thinking when I added it. + * This should actually be done in a subclass. + * @deprecated + */ + virtual void initialize( ANTLR_USE_NAMESPACE(std)istream& in, const char* file = "" ) + { + column = 1; + line = 1; + tokenStartColumn = 1; + tokenStartLine = 1; + guessing = 0; + filename = file; + + if( input && inputResponsible ) + delete input; + + input = new CharBuffer(in); + inputResponsible = true; + } + + /** Reset the LexerInputState to initial state. + * The underlying InputBuffer is also reset. + */ + virtual void reset( void ) + { + column = 1; + line = 1; + tokenStartColumn = 1; + tokenStartLine = 1; + guessing = 0; + input->reset(); + } + + /** Set the file position of the SharedLexerInputState. + * @param line_ line number to be set + * @param column_ column number to be set + */ + void setPosition( int line_, int column_ ) + { + line = line_; + column = column_; + } + + virtual ~LexerInputState() + { + if (inputResponsible) + delete input; + } + + int column; + int line; + int tokenStartColumn; + int tokenStartLine; + int guessing; + /** What file (if known) caused the problem? */ + ANTLR_USE_NAMESPACE(std)string filename; + InputBuffer& getInput(); +private: + /// Input buffer we use + InputBuffer* input; + /// Who is responsible for cleaning up the InputBuffer? + bool inputResponsible; + + // we don't want these: + LexerInputState(const LexerInputState&); + LexerInputState& operator=(const LexerInputState&); +}; + +inline InputBuffer& LexerInputState::getInput() +{ + return *input; +} + +/// A reference counted LexerInputState object +typedef RefCount LexerSharedInputState; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_LexerSharedInputState_hpp__ diff --git a/src/antlr/MismatchedCharException.cpp b/src/antlr/MismatchedCharException.cpp new file mode 100644 index 000000000..d9254f976 --- /dev/null +++ b/src/antlr/MismatchedCharException.cpp @@ -0,0 +1,120 @@ +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: MismatchedCharException.cpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include "antlr/CharScanner.hpp" +#include "antlr/MismatchedCharException.hpp" +#include "antlr/String.hpp" + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +MismatchedCharException::MismatchedCharException() + : RecognitionException("Mismatched char") +{} + +// Expected range / not range +MismatchedCharException::MismatchedCharException( + int c, + int lower, + int upper_, + bool matchNot, + CharScanner* scanner_ +) : RecognitionException("Mismatched char", + scanner_->getFilename(), + scanner_->getLine(), scanner_->getColumn()) + , mismatchType(matchNot ? NOT_RANGE : RANGE) + , foundChar(c) + , expecting(lower) + , upper(upper_) + , scanner(scanner_) +{ +} + +// Expected token / not token +MismatchedCharException::MismatchedCharException( + int c, + int expecting_, + bool matchNot, + CharScanner* scanner_ +) : RecognitionException("Mismatched char", + scanner_->getFilename(), + scanner_->getLine(), scanner_->getColumn()) + , mismatchType(matchNot ? NOT_CHAR : CHAR) + , foundChar(c) + , expecting(expecting_) + , scanner(scanner_) +{ +} + +// Expected BitSet / not BitSet +MismatchedCharException::MismatchedCharException( + int c, + BitSet set_, + bool matchNot, + CharScanner* scanner_ +) : RecognitionException("Mismatched char", + scanner_->getFilename(), + scanner_->getLine(), scanner_->getColumn()) + , mismatchType(matchNot ? NOT_SET : SET) + , foundChar(c) + , set(set_) + , scanner(scanner_) +{ +} + +ANTLR_USE_NAMESPACE(std)string MismatchedCharException::getMessage() const +{ + ANTLR_USE_NAMESPACE(std)string s; + + switch (mismatchType) { + case CHAR : + s += "expecting '" + charName(expecting) + "', found '" + charName(foundChar) + "'"; + break; + case NOT_CHAR : + s += "expecting anything but '" + charName(expecting) + "'; got it anyway"; + break; + case RANGE : + s += "expecting token in range: '" + charName(expecting) + "'..'" + charName(upper) + "', found '" + charName(foundChar) + "'"; + break; + case NOT_RANGE : + s += "expecting token NOT in range: " + charName(expecting) + "'..'" + charName(upper) + "', found '" + charName(foundChar) + "'"; + break; + case SET : + case NOT_SET : + { + s += ANTLR_USE_NAMESPACE(std)string("expecting ") + (mismatchType == NOT_SET ? "NOT " : "") + "one of ("; + ANTLR_USE_NAMESPACE(std)vector elems = set.toArray(); + for ( unsigned int i = 0; i < elems.size(); i++ ) + { + s += " '"; + s += charName(elems[i]); + s += "'"; + } + s += "), found '" + charName(foundChar) + "'"; + } + break; + default : + s += RecognitionException::getMessage(); + break; + } + + return s; +} + +#ifndef NO_STATIC_CONSTS +const int MismatchedCharException::CHAR; +const int MismatchedCharException::NOT_CHAR; +const int MismatchedCharException::RANGE; +const int MismatchedCharException::NOT_RANGE; +const int MismatchedCharException::SET; +const int MismatchedCharException::NOT_SET; +#endif + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif diff --git a/src/antlr/MismatchedCharException.hpp b/src/antlr/MismatchedCharException.hpp new file mode 100644 index 000000000..9d39ecc2c --- /dev/null +++ b/src/antlr/MismatchedCharException.hpp @@ -0,0 +1,102 @@ +#ifndef INC_MismatchedCharException_hpp__ +#define INC_MismatchedCharException_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: MismatchedCharException.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +class CharScanner; + +class ANTLR_API MismatchedCharException : public RecognitionException { +public: + // Types of chars +#ifndef NO_STATIC_CONSTS + static const int CHAR = 1; + static const int NOT_CHAR = 2; + static const int RANGE = 3; + static const int NOT_RANGE = 4; + static const int SET = 5; + static const int NOT_SET = 6; +#else + enum { + CHAR = 1, + NOT_CHAR = 2, + RANGE = 3, + NOT_RANGE = 4, + SET = 5, + NOT_SET = 6 + }; +#endif + +public: + // One of the above + int mismatchType; + + // what was found on the input stream + int foundChar; + + // For CHAR/NOT_CHAR and RANGE/NOT_RANGE + int expecting; + + // For RANGE/NOT_RANGE (expecting is lower bound of range) + int upper; + + // For SET/NOT_SET + BitSet set; + +protected: + // who knows...they may want to ask scanner questions + CharScanner* scanner; + +public: + MismatchedCharException(); + + // Expected range / not range + MismatchedCharException( + int c, + int lower, + int upper_, + bool matchNot, + CharScanner* scanner_ + ); + + // Expected token / not token + MismatchedCharException( + int c, + int expecting_, + bool matchNot, + CharScanner* scanner_ + ); + + // Expected BitSet / not BitSet + MismatchedCharException( + int c, + BitSet set_, + bool matchNot, + CharScanner* scanner_ + ); + + ~MismatchedCharException() throw() {} + + /** + * Returns a clean error message (no line number/column information) + */ + ANTLR_USE_NAMESPACE(std)string getMessage() const; +}; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_MismatchedCharException_hpp__ diff --git a/src/antlr/MismatchedTokenException.cpp b/src/antlr/MismatchedTokenException.cpp new file mode 100644 index 000000000..faff4c4fa --- /dev/null +++ b/src/antlr/MismatchedTokenException.cpp @@ -0,0 +1,196 @@ +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: MismatchedTokenException.cpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include "antlr/MismatchedTokenException.hpp" +#include "antlr/String.hpp" + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +MismatchedTokenException::MismatchedTokenException() + : RecognitionException("Mismatched Token: expecting any AST node","",-1,-1) + , token(0) + , node(nullASTptr) + , tokenNames(0) + , numTokens(0) +{ +} + +// Expected range / not range +MismatchedTokenException::MismatchedTokenException( + const char* const* tokenNames_, + const int numTokens_, + RefAST node_, + int lower, + int upper_, + bool matchNot +) : RecognitionException("Mismatched Token","",-1,-1) + , token(0) + , node(node_) + , tokenText( (node_ ? node_->toString(): ANTLR_USE_NAMESPACE(std)string("")) ) + , mismatchType(matchNot ? NOT_RANGE : RANGE) + , expecting(lower) + , upper(upper_) + , tokenNames(tokenNames_) + , numTokens(numTokens_) +{ +} + +// Expected token / not token +MismatchedTokenException::MismatchedTokenException( + const char* const* tokenNames_, + const int numTokens_, + RefAST node_, + int expecting_, + bool matchNot +) : RecognitionException("Mismatched Token","",-1,-1) + , token(0) + , node(node_) + , tokenText( (node_ ? node_->toString(): ANTLR_USE_NAMESPACE(std)string("")) ) + , mismatchType(matchNot ? NOT_TOKEN : TOKEN) + , expecting(expecting_) + , tokenNames(tokenNames_) + , numTokens(numTokens_) +{ +} + +// Expected BitSet / not BitSet +MismatchedTokenException::MismatchedTokenException( + const char* const* tokenNames_, + const int numTokens_, + RefAST node_, + BitSet set_, + bool matchNot +) : RecognitionException("Mismatched Token","",-1,-1) + , token(0) + , node(node_) + , tokenText( (node_ ? node_->toString(): ANTLR_USE_NAMESPACE(std)string("")) ) + , mismatchType(matchNot ? NOT_SET : SET) + , set(set_) + , tokenNames(tokenNames_) + , numTokens(numTokens_) +{ +} + +// Expected range / not range +MismatchedTokenException::MismatchedTokenException( + const char* const* tokenNames_, + const int numTokens_, + RefToken token_, + int lower, + int upper_, + bool matchNot, + const ANTLR_USE_NAMESPACE(std)string& fileName_ +) : RecognitionException("Mismatched Token",fileName_,token_->getLine(),token_->getColumn()) + , token(token_) + , node(nullASTptr) + , tokenText(token_->getText()) + , mismatchType(matchNot ? NOT_RANGE : RANGE) + , expecting(lower) + , upper(upper_) + , tokenNames(tokenNames_) + , numTokens(numTokens_) +{ +} + +// Expected token / not token +MismatchedTokenException::MismatchedTokenException( + const char* const* tokenNames_, + const int numTokens_, + RefToken token_, + int expecting_, + bool matchNot, + const ANTLR_USE_NAMESPACE(std)string& fileName_ +) : RecognitionException("Mismatched Token",fileName_,token_->getLine(),token_->getColumn()) + , token(token_) + , node(nullASTptr) + , tokenText(token_->getText()) + , mismatchType(matchNot ? NOT_TOKEN : TOKEN) + , expecting(expecting_) + , tokenNames(tokenNames_) + , numTokens(numTokens_) +{ +} + +// Expected BitSet / not BitSet +MismatchedTokenException::MismatchedTokenException( + const char* const* tokenNames_, + const int numTokens_, + RefToken token_, + BitSet set_, + bool matchNot, + const ANTLR_USE_NAMESPACE(std)string& fileName_ +) : RecognitionException("Mismatched Token",fileName_,token_->getLine(),token_->getColumn()) + , token(token_) + , node(nullASTptr) + , tokenText(token_->getText()) + , mismatchType(matchNot ? NOT_SET : SET) + , set(set_) + , tokenNames(tokenNames_) + , numTokens(numTokens_) +{ +} + +ANTLR_USE_NAMESPACE(std)string MismatchedTokenException::getMessage() const +{ + ANTLR_USE_NAMESPACE(std)string s; + switch (mismatchType) { + case TOKEN: + s += "expecting " + tokenName(expecting) + ", found '" + tokenText + "'"; + break; + case NOT_TOKEN: + s += "expecting anything but " + tokenName(expecting) + "; got it anyway"; + break; + case RANGE: + s += "expecting token in range: " + tokenName(expecting) + ".." + tokenName(upper) + ", found '" + tokenText + "'"; + break; + case NOT_RANGE: + s += "expecting token NOT in range: " + tokenName(expecting) + ".." + tokenName(upper) + ", found '" + tokenText + "'"; + break; + case SET: + case NOT_SET: + { + s += ANTLR_USE_NAMESPACE(std)string("expecting ") + (mismatchType == NOT_SET ? "NOT " : "") + "one of ("; + ANTLR_USE_NAMESPACE(std)vector elems = set.toArray(); + for ( unsigned int i = 0; i < elems.size(); i++ ) + { + s += " "; + s += tokenName(elems[i]); + } + s += "), found '" + tokenText + "'"; + } + break; + default: + s = RecognitionException::getMessage(); + break; + } + return s; +} + +ANTLR_USE_NAMESPACE(std)string MismatchedTokenException::tokenName(int tokenType) const +{ + if (tokenType == Token::INVALID_TYPE) + return ""; + else if (tokenType < 0 || tokenType >= numTokens) + return ANTLR_USE_NAMESPACE(std)string("<") + tokenType + ">"; + else + return tokenNames[tokenType]; +} + +#ifndef NO_STATIC_CONSTS +const int MismatchedTokenException::TOKEN; +const int MismatchedTokenException::NOT_TOKEN; +const int MismatchedTokenException::RANGE; +const int MismatchedTokenException::NOT_RANGE; +const int MismatchedTokenException::SET; +const int MismatchedTokenException::NOT_SET; +#endif + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif diff --git a/src/antlr/MismatchedTokenException.hpp b/src/antlr/MismatchedTokenException.hpp new file mode 100644 index 000000000..243d81052 --- /dev/null +++ b/src/antlr/MismatchedTokenException.hpp @@ -0,0 +1,144 @@ +#ifndef INC_MismatchedTokenException_hpp__ +#define INC_MismatchedTokenException_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: MismatchedTokenException.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include +#include +#include +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +class ANTLR_API MismatchedTokenException : public RecognitionException { +public: + MismatchedTokenException(); + + /// Expected range / not range + MismatchedTokenException( + const char* const* tokenNames_, + const int numTokens_, + RefAST node_, + int lower, + int upper_, + bool matchNot + ); + + // Expected token / not token + MismatchedTokenException( + const char* const* tokenNames_, + const int numTokens_, + RefAST node_, + int expecting_, + bool matchNot + ); + + // Expected BitSet / not BitSet + MismatchedTokenException( + const char* const* tokenNames_, + const int numTokens_, + RefAST node_, + BitSet set_, + bool matchNot + ); + + // Expected range / not range + MismatchedTokenException( + const char* const* tokenNames_, + const int numTokens_, + RefToken token_, + int lower, + int upper_, + bool matchNot, + const ANTLR_USE_NAMESPACE(std)string& fileName_ + ); + + // Expected token / not token + MismatchedTokenException( + const char* const* tokenNames_, + const int numTokens_, + RefToken token_, + int expecting_, + bool matchNot, + const ANTLR_USE_NAMESPACE(std)string& fileName_ + ); + + // Expected BitSet / not BitSet + MismatchedTokenException( + const char* const* tokenNames_, + const int numTokens_, + RefToken token_, + BitSet set_, + bool matchNot, + const ANTLR_USE_NAMESPACE(std)string& fileName_ + ); + ~MismatchedTokenException() throw() {} + + /** + * Returns a clean error message (no line number/column information) + */ + ANTLR_USE_NAMESPACE(std)string getMessage() const; + +public: + /// The token that was encountered + const RefToken token; + /// The offending AST node if tree walking + const RefAST node; + /// taken from node or token object + ANTLR_USE_NAMESPACE(std)string tokenText; + + /// Types of tokens +#ifndef NO_STATIC_CONSTS + static const int TOKEN = 1; + static const int NOT_TOKEN = 2; + static const int RANGE = 3; + static const int NOT_RANGE = 4; + static const int SET = 5; + static const int NOT_SET = 6; +#else + enum { + TOKEN = 1, + NOT_TOKEN = 2, + RANGE = 3, + NOT_RANGE = 4, + SET = 5, + NOT_SET = 6 + }; +#endif + +public: + /// One of the above + int mismatchType; + + /// For TOKEN/NOT_TOKEN and RANGE/NOT_RANGE + int expecting; + + /// For RANGE/NOT_RANGE (expecting is lower bound of range) + int upper; + + /// For SET/NOT_SET + BitSet set; + +private: + /// Token names array for formatting + const char* const* tokenNames; + /// Max number of tokens in tokenNames + const int numTokens; + /// Return token name for tokenType + ANTLR_USE_NAMESPACE(std)string tokenName(int tokenType) const; +}; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_MismatchedTokenException_hpp__ diff --git a/src/antlr/NoViableAltException.cpp b/src/antlr/NoViableAltException.cpp new file mode 100644 index 000000000..ecfb82888 --- /dev/null +++ b/src/antlr/NoViableAltException.cpp @@ -0,0 +1,52 @@ +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: NoViableAltException.cpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include "antlr/NoViableAltException.hpp" +#include "antlr/String.hpp" + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +ANTLR_USING_NAMESPACE(std) + +NoViableAltException::NoViableAltException(RefAST t) + : RecognitionException("NoViableAlt","",-1,-1), + token(0), node(t) +{ +} + +NoViableAltException::NoViableAltException( + RefToken t, + const ANTLR_USE_NAMESPACE(std)string& fileName_ +) : RecognitionException("NoViableAlt",fileName_,t->getLine(),t->getColumn()), + token(t), node(nullASTptr) +{ +} + +ANTLR_USE_NAMESPACE(std)string NoViableAltException::getMessage() const +{ + if (token) + { + if( token->getType() == Token::EOF_TYPE ) + return string("unexpected end of file"); + else if( token->getType() == Token::NULL_TREE_LOOKAHEAD ) + return string("unexpected end of tree"); + else + return string("unexpected token: ")+token->getText(); + } + + // must a tree parser error if token==null + if (!node) + return "unexpected end of subtree"; + + return string("unexpected AST node: ")+node->toString(); +} + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif diff --git a/src/antlr/NoViableAltException.hpp b/src/antlr/NoViableAltException.hpp new file mode 100644 index 000000000..4e459f436 --- /dev/null +++ b/src/antlr/NoViableAltException.hpp @@ -0,0 +1,40 @@ +#ifndef INC_NoViableAltException_hpp__ +#define INC_NoViableAltException_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: NoViableAltException.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +class ANTLR_API NoViableAltException : public RecognitionException { +public: + const RefToken token; + const RefAST node; // handles parsing and treeparsing + + NoViableAltException(RefAST t); + NoViableAltException(RefToken t,const ANTLR_USE_NAMESPACE(std)string& fileName_); + + ~NoViableAltException() throw() {} + + /** + * Returns a clean error message (no line number/column information) + */ + ANTLR_USE_NAMESPACE(std)string getMessage() const; +}; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_NoViableAltException_hpp__ diff --git a/src/antlr/NoViableAltForCharException.cpp b/src/antlr/NoViableAltForCharException.cpp new file mode 100644 index 000000000..d4625c96d --- /dev/null +++ b/src/antlr/NoViableAltForCharException.cpp @@ -0,0 +1,39 @@ +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: NoViableAltForCharException.cpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include "antlr/NoViableAltForCharException.hpp" +#include "antlr/String.hpp" + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +NoViableAltForCharException::NoViableAltForCharException(int c, CharScanner* scanner) + : RecognitionException("NoViableAlt", + scanner->getFilename(), + scanner->getLine(),scanner->getColumn()), + foundChar(c) +{ +} + +NoViableAltForCharException::NoViableAltForCharException( + int c, + const ANTLR_USE_NAMESPACE(std)string& fileName_, + int line_, int column_) + : RecognitionException("NoViableAlt",fileName_,line_,column_), + foundChar(c) +{ +} + +ANTLR_USE_NAMESPACE(std)string NoViableAltForCharException::getMessage() const +{ + return ANTLR_USE_NAMESPACE(std)string("unexpected char: ")+charName(foundChar); +} + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif diff --git a/src/antlr/NoViableAltForCharException.hpp b/src/antlr/NoViableAltForCharException.hpp new file mode 100644 index 000000000..c0f130e69 --- /dev/null +++ b/src/antlr/NoViableAltForCharException.hpp @@ -0,0 +1,41 @@ +#ifndef INC_NoViableAltForCharException_hpp__ +# define INC_NoViableAltForCharException_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: NoViableAltForCharException.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +# include +# include +# include + +# ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr +{ +# endif + +class ANTLR_API NoViableAltForCharException : public RecognitionException +{ +public: + NoViableAltForCharException(int c, CharScanner* scanner); + NoViableAltForCharException(int c, const ANTLR_USE_NAMESPACE(std)string& fileName_, + int line_, int column_); + + virtual ~NoViableAltForCharException() throw() + { + } + + /// Returns a clean error message (no line number/column information) + ANTLR_USE_NAMESPACE(std)string getMessage() const; +protected: + int foundChar; +}; + +# ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +# endif + +#endif //INC_NoViableAltForCharException_hpp__ diff --git a/src/antlr/Parser.cpp b/src/antlr/Parser.cpp new file mode 100644 index 000000000..f726ece6e --- /dev/null +++ b/src/antlr/Parser.cpp @@ -0,0 +1,113 @@ +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: Parser.cpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include "antlr/Parser.hpp" + +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +/** A generic ANTLR parser (LL(k) for k>=1) containing a bunch of + * utility routines useful at any lookahead depth. We distinguish between + * the LL(1) and LL(k) parsers because of efficiency. This may not be + * necessary in the near future. + * + * Each parser object contains the state of the parse including a lookahead + * cache (the form of which is determined by the subclass), whether or + * not the parser is in guess mode, where tokens come from, etc... + * + *

    + * During guess mode, the current lookahead token(s) and token type(s) + * cache must be saved because the token stream may not have been informed + * to save the token (via mark) before the try block. + * Guessing is started by: + *

      + *
    1. saving the lookahead cache. + *
    2. marking the current position in the TokenBuffer. + *
    3. increasing the guessing level. + *
    + * + * After guessing, the parser state is restored by: + *
      + *
    1. restoring the lookahead cache. + *
    2. rewinding the TokenBuffer. + *
    3. decreasing the guessing level. + *
    + * + * @see antlr.Token + * @see antlr.TokenBuffer + * @see antlr.TokenStream + * @see antlr.LL1Parser + * @see antlr.LLkParser + */ + +bool DEBUG_PARSER = false; + +/** Parser error-reporting function can be overridden in subclass */ +void Parser::reportError(const RecognitionException& ex) +{ + ANTLR_USE_NAMESPACE(std)cerr << ex.toString().c_str() << ANTLR_USE_NAMESPACE(std)endl; +} + +/** Parser error-reporting function can be overridden in subclass */ +void Parser::reportError(const ANTLR_USE_NAMESPACE(std)string& s) +{ + if ( getFilename()=="" ) + ANTLR_USE_NAMESPACE(std)cerr << "error: " << s.c_str() << ANTLR_USE_NAMESPACE(std)endl; + else + ANTLR_USE_NAMESPACE(std)cerr << getFilename().c_str() << ": error: " << s.c_str() << ANTLR_USE_NAMESPACE(std)endl; +} + +/** Parser warning-reporting function can be overridden in subclass */ +void Parser::reportWarning(const ANTLR_USE_NAMESPACE(std)string& s) +{ + if ( getFilename()=="" ) + ANTLR_USE_NAMESPACE(std)cerr << "warning: " << s.c_str() << ANTLR_USE_NAMESPACE(std)endl; + else + ANTLR_USE_NAMESPACE(std)cerr << getFilename().c_str() << ": warning: " << s.c_str() << ANTLR_USE_NAMESPACE(std)endl; +} + +/** Set or change the input token buffer */ +// void setTokenBuffer(TokenBuffer* t); + +void Parser::traceIndent() +{ + for( int i = 0; i < traceDepth; i++ ) + ANTLR_USE_NAMESPACE(std)cout << " "; +} + +void Parser::traceIn(const char* rname) +{ + traceDepth++; + + for( int i = 0; i < traceDepth; i++ ) + ANTLR_USE_NAMESPACE(std)cout << " "; + + ANTLR_USE_NAMESPACE(std)cout << "> " << rname + << "; LA(1)==" << LT(1)->getText().c_str() + << ((inputState->guessing>0)?" [guessing]":"") + << ANTLR_USE_NAMESPACE(std)endl; +} + +void Parser::traceOut(const char* rname) +{ + for( int i = 0; i < traceDepth; i++ ) + ANTLR_USE_NAMESPACE(std)cout << " "; + + ANTLR_USE_NAMESPACE(std)cout << "< " << rname + << "; LA(1)==" << LT(1)->getText().c_str() + << ((inputState->guessing>0)?" [guessing]":"") + << ANTLR_USE_NAMESPACE(std)endl; + + traceDepth--; +} + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif diff --git a/src/antlr/Parser.hpp b/src/antlr/Parser.hpp new file mode 100644 index 000000000..1815f5507 --- /dev/null +++ b/src/antlr/Parser.hpp @@ -0,0 +1,319 @@ +#ifndef INC_Parser_hpp__ +#define INC_Parser_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: Parser.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include + +#include +#include + +#include +#include +#include +#include +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +extern bool DEBUG_PARSER; + +/** A generic ANTLR parser (LL(k) for k>=1) containing a bunch of + * utility routines useful at any lookahead depth. We distinguish between + * the LL(1) and LL(k) parsers because of efficiency. This may not be + * necessary in the near future. + * + * Each parser object contains the state of the parse including a lookahead + * cache (the form of which is determined by the subclass), whether or + * not the parser is in guess mode, where tokens come from, etc... + * + *

    + * During guess mode, the current lookahead token(s) and token type(s) + * cache must be saved because the token stream may not have been informed + * to save the token (via mark) before the try block. + * Guessing is started by: + *

      + *
    1. saving the lookahead cache. + *
    2. marking the current position in the TokenBuffer. + *
    3. increasing the guessing level. + *
    + * + * After guessing, the parser state is restored by: + *
      + *
    1. restoring the lookahead cache. + *
    2. rewinding the TokenBuffer. + *
    3. decreasing the guessing level. + *
    + * + * @see antlr.Token + * @see antlr.TokenBuffer + * @see antlr.TokenStream + * @see antlr.LL1Parser + * @see antlr.LLkParser + * + * @todo add constructors with ASTFactory. + */ +class ANTLR_API Parser { +protected: + Parser(TokenBuffer& input) + : inputState(new ParserInputState(input)), astFactory(0), traceDepth(0) + { + } + Parser(TokenBuffer* input) + : inputState(new ParserInputState(input)), astFactory(0), traceDepth(0) + { + } + Parser(const ParserSharedInputState& state) + : inputState(state), astFactory(0), traceDepth(0) + { + } +public: + virtual ~Parser() + { + } + + /** Return the token type of the ith token of lookahead where i=1 + * is the current token being examined by the parser (i.e., it + * has not been matched yet). + */ + virtual int LA(unsigned int i)=0; + + /// Return the i-th token of lookahead + virtual RefToken LT(unsigned int i)=0; + + /** DEPRECATED! Specify the factory to be used during tree building. (Compulsory) + * Setting the factory is nowadays compulsory. + * @see setASTFactory + */ + virtual void setASTNodeFactory( ASTFactory *factory ) + { + astFactory = factory; + } + /** Specify the factory to be used during tree building. (Compulsory) + * Setting the factory is nowadays compulsory. + */ + virtual void setASTFactory( ASTFactory *factory ) + { + astFactory = factory; + } + /** Return a pointer to the ASTFactory used. + * So you might use it in subsequent treewalkers or to reload AST's + * from disk. + */ + virtual ASTFactory* getASTFactory() + { + return astFactory; + } + /** Get the root AST node of the generated AST. When using a custom AST type + * or heterogenous AST's, you'll have to convert it to the right type + * yourself. + */ + virtual RefAST getAST() = 0; + + /// Return the filename of the input file. + virtual inline ANTLR_USE_NAMESPACE(std)string getFilename() const + { + return inputState->filename; + } + /// Set the filename of the input file (used for error reporting). + virtual void setFilename(const ANTLR_USE_NAMESPACE(std)string& f) + { + inputState->filename = f; + } + + virtual void setInputState(ParserSharedInputState state) + { + inputState = state; + } + virtual inline ParserSharedInputState getInputState() const + { + return inputState; + } + + /// Get another token object from the token stream + virtual void consume()=0; + /// Consume tokens until one matches the given token + virtual void consumeUntil(int tokenType) + { + while (LA(1) != Token::EOF_TYPE && LA(1) != tokenType) + consume(); + } + + /// Consume tokens until one matches the given token set + virtual void consumeUntil(const BitSet& set) + { + while (LA(1) != Token::EOF_TYPE && !set.member(LA(1))) + consume(); + } + + /** Make sure current lookahead symbol matches token type t. + * Throw an exception upon mismatch, which is catch by either the + * error handler or by the syntactic predicate. + */ + virtual void match(int t) + { + if ( DEBUG_PARSER ) + { + traceIndent(); + ANTLR_USE_NAMESPACE(std)cout << "enter match(" << t << ") with LA(1)=" << LA(1) << ANTLR_USE_NAMESPACE(std)endl; + } + if ( LA(1) != t ) + { + if ( DEBUG_PARSER ) + { + traceIndent(); + ANTLR_USE_NAMESPACE(std)cout << "token mismatch: " << LA(1) << "!=" << t << ANTLR_USE_NAMESPACE(std)endl; + } + throw MismatchedTokenException(getTokenNames(), getNumTokens(), LT(1), t, false, getFilename()); + } + else + { + // mark token as consumed -- fetch next token deferred until LA/LT + consume(); + } + } + + virtual void matchNot(int t) + { + if ( LA(1)==t ) + { + // Throws inverted-sense exception + throw MismatchedTokenException(getTokenNames(), getNumTokens(), LT(1), t, true, getFilename()); + } + else + { + // mark token as consumed -- fetch next token deferred until LA/LT + consume(); + } + } + + /** Make sure current lookahead symbol matches the given set + * Throw an exception upon mismatch, which is catch by either the + * error handler or by the syntactic predicate. + */ + virtual void match(const BitSet& b) + { + if ( DEBUG_PARSER ) + { + traceIndent(); + ANTLR_USE_NAMESPACE(std)cout << "enter match(" << "bitset" /*b.toString()*/ + << ") with LA(1)=" << LA(1) << ANTLR_USE_NAMESPACE(std)endl; + } + if ( !b.member(LA(1)) ) + { + if ( DEBUG_PARSER ) + { + traceIndent(); + ANTLR_USE_NAMESPACE(std)cout << "token mismatch: " << LA(1) << " not member of " + << "bitset" /*b.toString()*/ << ANTLR_USE_NAMESPACE(std)endl; + } + throw MismatchedTokenException(getTokenNames(), getNumTokens(), LT(1), b, false, getFilename()); + } + else + { + // mark token as consumed -- fetch next token deferred until LA/LT + consume(); + } + } + + /** Mark a spot in the input and return the position. + * Forwarded to TokenBuffer. + */ + virtual inline unsigned int mark() + { + return inputState->getInput().mark(); + } + /// rewind to a previously marked position + virtual inline void rewind(unsigned int pos) + { + inputState->getInput().rewind(pos); + } + /** called by the generated parser to do error recovery, override to + * customize the behaviour. + */ + virtual void recover(const RecognitionException& ex, const BitSet& tokenSet) + { + consume(); + consumeUntil(tokenSet); + } + + /// Parser error-reporting function can be overridden in subclass + virtual void reportError(const RecognitionException& ex); + /// Parser error-reporting function can be overridden in subclass + virtual void reportError(const ANTLR_USE_NAMESPACE(std)string& s); + /// Parser warning-reporting function can be overridden in subclass + virtual void reportWarning(const ANTLR_USE_NAMESPACE(std)string& s); + + /// get the token name for the token number 'num' + virtual const char* getTokenName(int num) const = 0; + /// get a vector with all token names + virtual const char* const* getTokenNames() const = 0; + /** Get the number of tokens defined. + * This one should be overridden in subclasses. + */ + virtual int getNumTokens(void) const = 0; + + /** Set or change the input token buffer */ +// void setTokenBuffer(TokenBuffer* t); + + virtual void traceIndent(); + virtual void traceIn(const char* rname); + virtual void traceOut(const char* rname); +protected: +// void setTokenNames(const char** tokenNames_); + + ParserSharedInputState inputState; + +// /// AST return value for a rule is squirreled away here +// RefAST returnAST; + + /// AST support code; parser and treeparser delegate to this object + ASTFactory *astFactory; + + // used to keep track of the indentation for the trace + int traceDepth; + + /** Utility class which allows tracing to work even when exceptions are + * thrown. + */ + class Tracer { /*{{{*/ + private: + Parser* parser; + const char* text; + public: + Tracer(Parser* p,const char * t) + : parser(p), text(t) + { + parser->traceIn(text); + } + ~Tracer() + { +#ifdef ANTLR_CXX_SUPPORTS_UNCAUGHT_EXCEPTION + // Only give trace if there's no uncaught exception.. + if(!ANTLR_USE_NAMESPACE(std)uncaught_exception()) +#endif + parser->traceOut(text); + } + private: + Tracer(const Tracer&); // undefined + const Tracer& operator=(const Tracer&); // undefined + /*}}}*/ + }; +private: + Parser(const Parser&); // undefined + const Parser& operator=(const Parser&); // undefined +}; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_Parser_hpp__ diff --git a/src/antlr/ParserSharedInputState.hpp b/src/antlr/ParserSharedInputState.hpp new file mode 100644 index 000000000..0d9aa87bf --- /dev/null +++ b/src/antlr/ParserSharedInputState.hpp @@ -0,0 +1,92 @@ +#ifndef INC_ParserSharedInputState_hpp__ +#define INC_ParserSharedInputState_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: ParserSharedInputState.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +/** This object contains the data associated with an + * input stream of tokens. Multiple parsers + * share a single ParserSharedInputState to parse + * the same stream of tokens. + */ +class ANTLR_API ParserInputState { +public: + /** Construct a new ParserInputState + * @param in the TokenBuffer to read from. The object is deleted together + * with the ParserInputState object. + */ + ParserInputState( TokenBuffer* in ) + : guessing(0) + , filename() + , input(in) + , inputResponsible(true) + { + } + /** Construct a new ParserInputState + * @param in the TokenBuffer to read from. + */ + ParserInputState( TokenBuffer& in ) + : guessing(0) + , filename("") + , input(&in) + , inputResponsible(false) + { + } + + virtual ~ParserInputState() + { + if (inputResponsible) + delete input; + } + + TokenBuffer& getInput( void ) + { + return *input; + } + + /// Reset the ParserInputState and the underlying TokenBuffer + void reset( void ) + { + input->reset(); + guessing = 0; + } + +public: + /** Are we guessing (guessing>0)? */ + int guessing; + /** What file (if known) caused the problem? + * @todo wrap this one.. + */ + ANTLR_USE_NAMESPACE(std)string filename; +private: + /** Where to get token objects */ + TokenBuffer* input; + /// Do we need to free the TokenBuffer or is it owned by another.. + bool inputResponsible; + + // we don't want these: + ParserInputState(const ParserInputState&); + ParserInputState& operator=(const ParserInputState&); +}; + +/// A reference counted ParserInputState +typedef RefCount ParserSharedInputState; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_ParserSharedInputState_hpp__ diff --git a/src/antlr/RecognitionException.cpp b/src/antlr/RecognitionException.cpp new file mode 100644 index 000000000..787cc3cc7 --- /dev/null +++ b/src/antlr/RecognitionException.cpp @@ -0,0 +1,71 @@ +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: RecognitionException.cpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include "antlr/RecognitionException.hpp" +#include "antlr/String.hpp" + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +RecognitionException::RecognitionException() +: ANTLRException("parsing error") +, line(-1) +, column(-1) +{ +} + +RecognitionException::RecognitionException(const ANTLR_USE_NAMESPACE(std)string& s) +: ANTLRException(s) +, line(-1) +, column(-1) +{ +} + +RecognitionException::RecognitionException(const ANTLR_USE_NAMESPACE(std)string& s, + const ANTLR_USE_NAMESPACE(std)string& fileName_, + int line_,int column_) +: ANTLRException(s) +, fileName(fileName_) +, line(line_) +, column(column_) +{ +} + +ANTLR_USE_NAMESPACE(std)string RecognitionException::getFileLineColumnString() const +{ + ANTLR_USE_NAMESPACE(std)string fileLineColumnString; + + if ( fileName.length() > 0 ) + fileLineColumnString = fileName + ":"; + + if ( line != -1 ) + { + if ( fileName.length() == 0 ) + fileLineColumnString = fileLineColumnString + "line "; + + fileLineColumnString = fileLineColumnString + line; + + if ( column != -1 ) + fileLineColumnString = fileLineColumnString + ":" + column; + + fileLineColumnString = fileLineColumnString + ":"; + } + + fileLineColumnString = fileLineColumnString + " "; + + return fileLineColumnString; +} + +ANTLR_USE_NAMESPACE(std)string RecognitionException::toString() const +{ + return getFileLineColumnString()+getMessage(); +} + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif diff --git a/src/antlr/RecognitionException.hpp b/src/antlr/RecognitionException.hpp new file mode 100644 index 000000000..d474faebe --- /dev/null +++ b/src/antlr/RecognitionException.hpp @@ -0,0 +1,66 @@ +#ifndef INC_RecognitionException_hpp__ +# define INC_RecognitionException_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: RecognitionException.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +# include +# include + +# ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr +{ +# endif + class ANTLR_API RecognitionException : public ANTLRException + { + public: + RecognitionException(); + RecognitionException(const ANTLR_USE_NAMESPACE(std)string& s); + RecognitionException(const ANTLR_USE_NAMESPACE(std)string& s, + const ANTLR_USE_NAMESPACE(std)string& fileName, + int line, int column ); + + virtual ~RecognitionException() throw() + { + } + + /// Return file where mishap occurred. + virtual ANTLR_USE_NAMESPACE(std)string getFilename() const throw() + { + return fileName; + } + /** + * @return the line number that this exception happened on. + */ + virtual int getLine() const throw() + { + return line; + } + /** + * @return the column number that this exception happened on. + */ + virtual int getColumn() const throw() + { + return column; + } + + /// Return complete error message with line/column number info (if present) + virtual ANTLR_USE_NAMESPACE(std)string toString() const; + + /// See what file/line/column info is present and return it as a string + virtual ANTLR_USE_NAMESPACE(std)string getFileLineColumnString() const; + protected: + ANTLR_USE_NAMESPACE(std)string fileName; // not used by treeparsers + int line; // not used by treeparsers + int column; // not used by treeparsers + }; + +# ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +# endif + +#endif //INC_RecognitionException_hpp__ diff --git a/src/antlr/RefCount.hpp b/src/antlr/RefCount.hpp new file mode 100644 index 000000000..a3572c3f9 --- /dev/null +++ b/src/antlr/RefCount.hpp @@ -0,0 +1,80 @@ +#ifndef INC_RefCount_hpp__ +#define INC_RefCount_hpp__ +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: RefCount.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +template +class ANTLR_API RefCount { +private: + struct Ref { + T* const ptr; + unsigned int count; + + Ref(T* p) : ptr(p), count(1) {} + ~Ref() {delete ptr;} + Ref* increment() {++count;return this;} + bool decrement() {return (--count==0);} + private: + Ref(const Ref&); + Ref& operator=(const Ref&); + }* ref; + +public: + explicit RefCount(T* p = 0) + : ref(p ? new Ref(p) : 0) + { + } + RefCount(const RefCount& other) + : ref(other.ref ? other.ref->increment() : 0) + { + } + ~RefCount() + { + if (ref && ref->decrement()) + delete ref; + } + RefCount& operator=(const RefCount& other) + { + Ref* tmp = other.ref ? other.ref->increment() : 0; + if (ref && ref->decrement()) + delete ref; + ref = tmp; + return *this; + } + + operator T* () const + { + return ref ? ref->ptr : 0; + } + + T* operator->() const + { + return ref ? ref->ptr : 0; + } + + T* get() const + { + return ref ? ref->ptr : 0; + } + + template operator RefCount() + { + return RefCount(ref); + } +}; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_RefCount_hpp__ diff --git a/src/antlr/SemanticException.hpp b/src/antlr/SemanticException.hpp new file mode 100644 index 000000000..7822e641d --- /dev/null +++ b/src/antlr/SemanticException.hpp @@ -0,0 +1,40 @@ +#ifndef INC_SemanticException_hpp__ +#define INC_SemanticException_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: SemanticException.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +class ANTLR_API SemanticException : public RecognitionException { +public: + SemanticException(const ANTLR_USE_NAMESPACE(std)string& s) + : RecognitionException(s) + { + } + SemanticException(const ANTLR_USE_NAMESPACE(std)string& s, + const ANTLR_USE_NAMESPACE(std)string& fileName_, + int line_,int column_) + : RecognitionException(s,fileName_,line_,column_) + { + } + + ~SemanticException() throw() + { + } +}; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_SemanticException_hpp__ diff --git a/src/antlr/String.cpp b/src/antlr/String.cpp new file mode 100644 index 000000000..deb7b1108 --- /dev/null +++ b/src/antlr/String.cpp @@ -0,0 +1,90 @@ +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: String.cpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include "antlr/String.hpp" + +#include + +#ifdef HAS_NOT_CSTDIO_H +#include +#else +#include +#endif + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +// wh: hack for Borland C++ 5.6 +#if __BORLANDC__ + using std::sprintf; +#endif + + +// RK: should be using snprintf actually... (or stringstream) +ANTLR_C_USING(sprintf) + +ANTLR_USE_NAMESPACE(std)string operator+( const ANTLR_USE_NAMESPACE(std)string& lhs, const int rhs ) +{ + char tmp[100]; + sprintf(tmp,"%d",rhs); + return lhs+tmp; +} + +ANTLR_USE_NAMESPACE(std)string operator+( const ANTLR_USE_NAMESPACE(std)string& lhs, size_t rhs ) +{ + char tmp[100]; + sprintf(tmp,"%u",rhs); + return lhs+tmp; +} + +/** Convert character to readable string + */ +ANTLR_USE_NAMESPACE(std)string charName(int ch) +{ + if (ch == EOF) + return "EOF"; + else + { + ANTLR_USE_NAMESPACE(std)string s; + + // when you think you've seen it all.. an isprint that crashes... + ch = ch & 0xFF; +#ifdef ANTLR_CCTYPE_NEEDS_STD + if( ANTLR_USE_NAMESPACE(std)isprint( ch ) ) +#else + if( isprint( ch ) ) +#endif + { + s.append("'"); + s += ch; + s.append("'"); +// s += "'"+ch+"'"; + } + else + { + s += "0x"; + + unsigned int t = ch >> 4; + if( t < 10 ) + s += t | 0x30; + else + s += t + 0x37; + t = ch & 0xF; + if( t < 10 ) + s += t | 0x30; + else + s += t + 0x37; + } + return s; + } +} + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + diff --git a/src/antlr/String.hpp b/src/antlr/String.hpp new file mode 100644 index 000000000..4b13c75d7 --- /dev/null +++ b/src/antlr/String.hpp @@ -0,0 +1,27 @@ +#ifndef INC_String_hpp__ +#define INC_String_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: String.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +ANTLR_API ANTLR_USE_NAMESPACE(std)string operator+( const ANTLR_USE_NAMESPACE(std)string& lhs, const int rhs ); +ANTLR_API ANTLR_USE_NAMESPACE(std)string operator+( const ANTLR_USE_NAMESPACE(std)string& lhs, size_t rhs ); + +ANTLR_API ANTLR_USE_NAMESPACE(std)string charName( int ch ); + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_String_hpp__ diff --git a/src/antlr/Token.cpp b/src/antlr/Token.cpp new file mode 100644 index 000000000..319834893 --- /dev/null +++ b/src/antlr/Token.cpp @@ -0,0 +1,80 @@ +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: Token.cpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include "antlr/Token.hpp" +#include "antlr/String.hpp" + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +int Token::getColumn() const +{ + return 0; +} + +int Token::getLine() const +{ + return 0; +} + +ANTLR_USE_NAMESPACE(std)string Token::getText() const +{ + return ""; +} + +int Token::getType() const +{ + return type; +} + +void Token::setColumn(int) +{ +} + +void Token::setLine(int) +{ +} + +void Token::setText(const ANTLR_USE_NAMESPACE(std)string&) +{ +} + +void Token::setType(int t) +{ + type = t; +} + +void Token::setFilename(const ANTLR_USE_NAMESPACE(std)string&) +{ +} + +ANTLR_USE_NAMESPACE(std)string emptyString(""); + +const ANTLR_USE_NAMESPACE(std)string& Token::getFilename() const +{ + return emptyString; +} + +ANTLR_USE_NAMESPACE(std)string Token::toString() const +{ + return "[\""+getText()+"\",<"+type+">]"; +} + +ANTLR_API RefToken nullToken; + +#ifndef NO_STATIC_CONSTS +const int Token::MIN_USER_TYPE; +const int Token::NULL_TREE_LOOKAHEAD; +const int Token::INVALID_TYPE; +const int Token::EOF_TYPE; +const int Token::SKIP; +#endif + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif diff --git a/src/antlr/Token.hpp b/src/antlr/Token.hpp new file mode 100644 index 000000000..35b929134 --- /dev/null +++ b/src/antlr/Token.hpp @@ -0,0 +1,108 @@ +#ifndef INC_Token_hpp__ +#define INC_Token_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: Token.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +struct TokenRef; + +/** A token is minimally a token type. Subclasses can add the text matched + * for the token and line info. + */ +class ANTLR_API Token +{ +public: + // constants +#ifndef NO_STATIC_CONSTS + static const int MIN_USER_TYPE = 4; + static const int NULL_TREE_LOOKAHEAD = 3; + static const int INVALID_TYPE = 0; + static const int EOF_TYPE = 1; + static const int SKIP = -1; +#else + enum { + MIN_USER_TYPE = 4, + NULL_TREE_LOOKAHEAD = 3, + INVALID_TYPE = 0, + EOF_TYPE = 1, + SKIP = -1 + }; +#endif + + Token() + : ref(0) + , type(INVALID_TYPE) + { + } + Token(int t) + : ref(0) + , type(t) + { + } + Token(int t, const ANTLR_USE_NAMESPACE(std)string& txt) + : ref(0) + , type(t) + { + setText(txt); + } + virtual ~Token() + { + } + + virtual int getColumn() const; + virtual int getLine() const; + virtual ANTLR_USE_NAMESPACE(std)string getText() const; + virtual const ANTLR_USE_NAMESPACE(std)string& getFilename() const; + virtual int getType() const; + + virtual void setColumn(int c); + + virtual void setLine(int l); + virtual void setText(const ANTLR_USE_NAMESPACE(std)string& t); + virtual void setType(int t); + + virtual void setFilename( const std::string& file ); + + virtual ANTLR_USE_NAMESPACE(std)string toString() const; + +private: + friend struct TokenRef; + TokenRef* ref; + + int type; ///< the type of the token + + Token(RefToken other); + Token& operator=(const Token& other); + Token& operator=(RefToken other); + + Token(const Token&); +}; + +extern ANTLR_API RefToken nullToken; + +#ifdef NEEDS_OPERATOR_LESS_THAN +// RK: Added after 2.7.2 previously it was undefined. +// AL: what to return if l and/or r point to nullToken??? +inline bool operator<( RefToken l, RefToken r ) +{ + return nullToken == l ? ( nullToken == r ? false : true ) : l->getType() < r->getType(); +} +#endif + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_Token_hpp__ diff --git a/src/antlr/TokenBuffer.cpp b/src/antlr/TokenBuffer.cpp new file mode 100644 index 000000000..a0278f250 --- /dev/null +++ b/src/antlr/TokenBuffer.cpp @@ -0,0 +1,96 @@ +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: TokenBuffer.cpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include "antlr/TokenBuffer.hpp" + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +/**A Stream of Token objects fed to the parser from a TokenStream that can + * be rewound via mark()/rewind() methods. + *

    + * A dynamic array is used to buffer up all the input tokens. Normally, + * "k" tokens are stored in the buffer. More tokens may be stored during + * guess mode (testing syntactic predicate), or when LT(i>k) is referenced. + * Consumption of tokens is deferred. In other words, reading the next + * token is not done by conume(), but deferred until needed by LA or LT. + *

    + * + * @see antlr.Token + * @see antlr.TokenStream + * @see antlr.TokenQueue + */ + +/** Create a token buffer */ +TokenBuffer::TokenBuffer( TokenStream& inp ) +: input(inp) +, nMarkers(0) +, markerOffset(0) +, numToConsume(0) +{ +} + +TokenBuffer::~TokenBuffer( void ) +{ +} + +/** Ensure that the token buffer is sufficiently full */ +void TokenBuffer::fill(unsigned int amount) +{ + syncConsume(); + // Fill the buffer sufficiently to hold needed tokens + while (queue.entries() < (amount + markerOffset)) + { + // Append the next token + queue.append(input.nextToken()); + } +} + +/** Get a lookahead token value */ +int TokenBuffer::LA(unsigned int i) +{ + fill(i); + return queue.elementAt(markerOffset+i-1)->getType(); +} + +/** Get a lookahead token */ +RefToken TokenBuffer::LT(unsigned int i) +{ + fill(i); + return queue.elementAt(markerOffset+i-1); +} + +/** Return an integer marker that can be used to rewind the buffer to + * its current state. + */ +unsigned int TokenBuffer::mark() +{ + syncConsume(); + nMarkers++; + return markerOffset; +} + +/**Rewind the token buffer to a marker. + * @param mark Marker returned previously from mark() + */ +void TokenBuffer::rewind(unsigned int mark) +{ + syncConsume(); + markerOffset=mark; + nMarkers--; +} + +/// Get number of non-consumed tokens +unsigned int TokenBuffer::entries() const +{ + return queue.entries() - markerOffset; +} + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE + } +#endif diff --git a/src/antlr/TokenBuffer.hpp b/src/antlr/TokenBuffer.hpp new file mode 100644 index 000000000..ba77b1d63 --- /dev/null +++ b/src/antlr/TokenBuffer.hpp @@ -0,0 +1,121 @@ +#ifndef INC_TokenBuffer_hpp__ +#define INC_TokenBuffer_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: TokenBuffer.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +/**A Stream of Token objects fed to the parser from a TokenStream that can + * be rewound via mark()/rewind() methods. + *

    + * A dynamic array is used to buffer up all the input tokens. Normally, + * "k" tokens are stored in the buffer. More tokens may be stored during + * guess mode (testing syntactic predicate), or when LT(i>k) is referenced. + * Consumption of tokens is deferred. In other words, reading the next + * token is not done by conume(), but deferred until needed by LA or LT. + *

    + * + * @todo: see if we can integrate this one with InputBuffer into one template + * or so. + * + * @see antlr.Token + * @see antlr.TokenStream + * @see antlr.TokenQueue + */ +class ANTLR_API TokenBuffer { +public: + /** Create a token buffer */ + TokenBuffer(TokenStream& input_); + virtual ~TokenBuffer(); + + /// Reset the input buffer to empty state + inline void reset( void ) + { + nMarkers = 0; + markerOffset = 0; + numToConsume = 0; + queue.clear(); + } + + /** Get a lookahead token value */ + int LA( unsigned int i ); + + /** Get a lookahead token */ + RefToken LT( unsigned int i ); + + /** Return an integer marker that can be used to rewind the buffer to + * its current state. + */ + unsigned int mark(); + + /**Rewind the token buffer to a marker. + * @param mark Marker returned previously from mark() + */ + void rewind(unsigned int mark); + + /** Mark another token for deferred consumption */ + inline void consume() + { + numToConsume++; + } + + /// Return the number of entries in the TokenBuffer + virtual unsigned int entries() const; + +private: + /** Ensure that the token buffer is sufficiently full */ + void fill(unsigned int amount); + /** Sync up deferred consumption */ + void syncConsume(); + +protected: + /// Token source + TokenStream& input; + + /// Number of active markers + unsigned int nMarkers; + + /// Additional offset used when markers are active + unsigned int markerOffset; + + /// Number of calls to consume() since last LA() or LT() call + unsigned int numToConsume; + + /// Circular queue with Tokens + CircularQueue queue; + +private: + TokenBuffer(const TokenBuffer& other); + const TokenBuffer& operator=(const TokenBuffer& other); +}; + +/** Sync up deferred consumption */ +inline void TokenBuffer::syncConsume() +{ + if (numToConsume > 0) + { + if (nMarkers > 0) + markerOffset += numToConsume; + else + queue.removeItems( numToConsume ); + + numToConsume = 0; + } +} + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_TokenBuffer_hpp__ diff --git a/src/antlr/TokenRefCount.cpp b/src/antlr/TokenRefCount.cpp new file mode 100644 index 000000000..dd74fd69e --- /dev/null +++ b/src/antlr/TokenRefCount.cpp @@ -0,0 +1,41 @@ +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: TokenRefCount.cpp 1361 2007-06-07 02:34:05Z vkurland $ + */ +#include "antlr/TokenRefCount.hpp" +#include "antlr/Token.hpp" + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +TokenRef::TokenRef(Token* p) +: ptr(p), count(1) +{ + if (p && !p->ref) + p->ref = this; +} + +TokenRef::~TokenRef() +{ + delete ptr; +} + +TokenRef* TokenRef::getRef(const Token* p) +{ + if (p) { + Token* pp = const_cast(p); + if (pp->ref) + return pp->ref->increment(); + else + return new TokenRef(pp); + } else + return 0; +} + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + diff --git a/src/antlr/TokenRefCount.hpp b/src/antlr/TokenRefCount.hpp new file mode 100644 index 000000000..7cad12924 --- /dev/null +++ b/src/antlr/TokenRefCount.hpp @@ -0,0 +1,98 @@ +#ifndef INC_TokenRefCount_hpp__ +# define INC_TokenRefCount_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: TokenRefCount.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +# include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +class Token; + +struct ANTLR_API TokenRef +{ + Token* const ptr; + unsigned int count; + + TokenRef(Token* p); + ~TokenRef(); + TokenRef* increment() + { + ++count; + return this; + } + bool decrement() + { + return (--count==0); + } + + static TokenRef* getRef(const Token* p); +private: + TokenRef( const TokenRef& ); + TokenRef& operator=( const TokenRef& ); +}; + +template + class ANTLR_API TokenRefCount +{ +private: + TokenRef* ref; + +public: + TokenRefCount(const Token* p=0) + : ref(p ? TokenRef::getRef(p) : 0) + { + } + TokenRefCount(const TokenRefCount& other) + : ref(other.ref ? other.ref->increment() : 0) + { + } + ~TokenRefCount() + { + if (ref && ref->decrement()) + delete ref; + } + TokenRefCount& operator=(Token* other) + { + TokenRef* tmp = TokenRef::getRef(other); + + if (ref && ref->decrement()) + delete ref; + + ref=tmp; + + return *this; + } + TokenRefCount& operator=(const TokenRefCount& other) + { + if( other.ref != ref ) + { + TokenRef* tmp = other.ref ? other.ref->increment() : 0; + + if (ref && ref->decrement()) + delete ref; + + ref=tmp; + } + return *this; + } + + operator T* () const { return ref ? static_cast(ref->ptr) : 0; } + T* operator->() const { return ref ? static_cast(ref->ptr) : 0; } + T* get() const { return ref ? static_cast(ref->ptr) : 0; } +}; + +typedef TokenRefCount RefToken; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_TokenRefCount_hpp__ diff --git a/src/antlr/TokenStream.hpp b/src/antlr/TokenStream.hpp new file mode 100644 index 000000000..eb09db643 --- /dev/null +++ b/src/antlr/TokenStream.hpp @@ -0,0 +1,34 @@ +#ifndef INC_TokenStream_hpp__ +#define INC_TokenStream_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: TokenStream.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +/** This interface allows any object to pretend it is a stream + * of tokens. + * @author Terence Parr, MageLang Institute + */ +class ANTLR_API TokenStream { +public: + virtual RefToken nextToken()=0; + virtual ~TokenStream() + { + } +}; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_TokenStream_hpp__ diff --git a/src/antlr/TokenStreamBasicFilter.cpp b/src/antlr/TokenStreamBasicFilter.cpp new file mode 100644 index 000000000..721aa2890 --- /dev/null +++ b/src/antlr/TokenStreamBasicFilter.cpp @@ -0,0 +1,44 @@ +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: TokenStreamBasicFilter.cpp 1361 2007-06-07 02:34:05Z vkurland $ + */ +#include "antlr/TokenStreamBasicFilter.hpp" + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +/** This object is a TokenStream that passes through all + * tokens except for those that you tell it to discard. + * There is no buffering of the tokens. + */ +TokenStreamBasicFilter::TokenStreamBasicFilter(TokenStream& input_) +: input(&input_) +{ +} + +void TokenStreamBasicFilter::discard(int ttype) +{ + discardMask.add(ttype); +} + +void TokenStreamBasicFilter::discard(const BitSet& mask) +{ + discardMask = mask; +} + +RefToken TokenStreamBasicFilter::nextToken() +{ + RefToken tok = input->nextToken(); + while ( tok && discardMask.member(tok->getType()) ) { + tok = input->nextToken(); + } + return tok; +} + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + diff --git a/src/antlr/TokenStreamBasicFilter.hpp b/src/antlr/TokenStreamBasicFilter.hpp new file mode 100644 index 000000000..e53524a50 --- /dev/null +++ b/src/antlr/TokenStreamBasicFilter.hpp @@ -0,0 +1,46 @@ +#ifndef INC_TokenStreamBasicFilter_hpp__ +#define INC_TokenStreamBasicFilter_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: TokenStreamBasicFilter.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +/** This object is a TokenStream that passes through all + * tokens except for those that you tell it to discard. + * There is no buffering of the tokens. + */ +class ANTLR_API TokenStreamBasicFilter : public TokenStream { + /** The set of token types to discard */ +protected: + BitSet discardMask; + + /** The input stream */ +protected: + TokenStream* input; + +public: + TokenStreamBasicFilter(TokenStream& input_); + + void discard(int ttype); + + void discard(const BitSet& mask); + + RefToken nextToken(); +}; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_TokenStreamBasicFilter_hpp__ diff --git a/src/antlr/TokenStreamException.hpp b/src/antlr/TokenStreamException.hpp new file mode 100644 index 000000000..c21ac4477 --- /dev/null +++ b/src/antlr/TokenStreamException.hpp @@ -0,0 +1,41 @@ +#ifndef INC_TokenStreamException_hpp__ +#define INC_TokenStreamException_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: TokenStreamException.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +/** Baseclass for exceptions thrown by classes implementing the TokenStream + * interface. + * @see TokenStream + */ +class ANTLR_API TokenStreamException : public ANTLRException { +public: + TokenStreamException() + : ANTLRException() + { + } + TokenStreamException(const ANTLR_USE_NAMESPACE(std)string& s) + : ANTLRException(s) + { + } + virtual ~TokenStreamException() throw() + { + } +}; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_TokenStreamException_hpp__ diff --git a/src/antlr/TokenStreamHiddenTokenFilter.cpp b/src/antlr/TokenStreamHiddenTokenFilter.cpp new file mode 100644 index 000000000..7a605fc59 --- /dev/null +++ b/src/antlr/TokenStreamHiddenTokenFilter.cpp @@ -0,0 +1,156 @@ +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: TokenStreamHiddenTokenFilter.cpp 1361 2007-06-07 02:34:05Z vkurland $ + */ +#include "antlr/TokenStreamHiddenTokenFilter.hpp" +#include "antlr/CommonHiddenStreamToken.hpp" + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +/**This object filters a token stream coming from a lexer + * or another TokenStream so that only certain token channels + * get transmitted to the parser. + * + * Any of the channels can be filtered off as "hidden" channels whose + * tokens can be accessed from the parser. + */ + +TokenStreamHiddenTokenFilter::TokenStreamHiddenTokenFilter(TokenStream& input) +: TokenStreamBasicFilter(input) +{ +} + +void TokenStreamHiddenTokenFilter::consume() +{ + nextMonitoredToken = input->nextToken(); +} + +void TokenStreamHiddenTokenFilter::consumeFirst() +{ + consume(); + + // Handle situation where hidden or discarded tokens + // appear first in input stream + RefToken p; + // while hidden or discarded scarf tokens + while ( hideMask.member(LA(1)->getType()) || discardMask.member(LA(1)->getType()) ) { + if ( hideMask.member(LA(1)->getType()) ) { + if ( !p ) { + p = LA(1); + } + else { + static_cast(p.get())->setHiddenAfter(LA(1)); + static_cast(LA(1).get())->setHiddenBefore(p); // double-link + p = LA(1); + } + lastHiddenToken = p; + if (!firstHidden) + firstHidden = p; // record hidden token if first + } + consume(); + } +} + +BitSet TokenStreamHiddenTokenFilter::getDiscardMask() const +{ + return discardMask; +} + +/** Return a ptr to the hidden token appearing immediately after + * token t in the input stream. + */ +RefToken TokenStreamHiddenTokenFilter::getHiddenAfter(RefToken t) +{ + return static_cast(t.get())->getHiddenAfter(); +} + +/** Return a ptr to the hidden token appearing immediately before + * token t in the input stream. + */ +RefToken TokenStreamHiddenTokenFilter::getHiddenBefore(RefToken t) +{ + return static_cast(t.get())->getHiddenBefore(); +} + +BitSet TokenStreamHiddenTokenFilter::getHideMask() const +{ + return hideMask; +} + +/** Return the first hidden token if one appears + * before any monitored token. + */ +RefToken TokenStreamHiddenTokenFilter::getInitialHiddenToken() +{ + return firstHidden; +} + +void TokenStreamHiddenTokenFilter::hide(int m) +{ + hideMask.add(m); +} + +void TokenStreamHiddenTokenFilter::hide(const BitSet& mask) +{ + hideMask = mask; +} + +RefToken TokenStreamHiddenTokenFilter::LA(int) +{ + return nextMonitoredToken; +} + +/** Return the next monitored token. +* Test the token following the monitored token. +* If following is another monitored token, save it +* for the next invocation of nextToken (like a single +* lookahead token) and return it then. +* If following is unmonitored, nondiscarded (hidden) +* channel token, add it to the monitored token. +* +* Note: EOF must be a monitored Token. +*/ +RefToken TokenStreamHiddenTokenFilter::nextToken() +{ + // handle an initial condition; don't want to get lookahead + // token of this splitter until first call to nextToken + if ( !LA(1) ) { + consumeFirst(); + } + + // we always consume hidden tokens after monitored, thus, + // upon entry LA(1) is a monitored token. + RefToken monitored = LA(1); + // point to hidden tokens found during last invocation + static_cast(monitored.get())->setHiddenBefore(lastHiddenToken); + lastHiddenToken = nullToken; + + // Look for hidden tokens, hook them into list emanating + // from the monitored tokens. + consume(); + RefToken p = monitored; + // while hidden or discarded scarf tokens + while ( hideMask.member(LA(1)->getType()) || discardMask.member(LA(1)->getType()) ) { + if ( hideMask.member(LA(1)->getType()) ) { + // attach the hidden token to the monitored in a chain + // link forwards + static_cast(p.get())->setHiddenAfter(LA(1)); + // link backwards + if (p != monitored) { //hidden cannot point to monitored tokens + static_cast(LA(1).get())->setHiddenBefore(p); + } + p = lastHiddenToken = LA(1); + } + consume(); + } + return monitored; +} + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + diff --git a/src/antlr/TokenStreamHiddenTokenFilter.hpp b/src/antlr/TokenStreamHiddenTokenFilter.hpp new file mode 100644 index 000000000..74a87b080 --- /dev/null +++ b/src/antlr/TokenStreamHiddenTokenFilter.hpp @@ -0,0 +1,95 @@ +#ifndef INC_TokenStreamHiddenTokenFilter_hpp__ +#define INC_TokenStreamHiddenTokenFilter_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: TokenStreamHiddenTokenFilter.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +/**This object filters a token stream coming from a lexer + * or another TokenStream so that only certain token channels + * get transmitted to the parser. + * + * Any of the channels can be filtered off as "hidden" channels whose + * tokens can be accessed from the parser. + */ +class ANTLR_API TokenStreamHiddenTokenFilter : public TokenStreamBasicFilter { + // protected BitSet discardMask; +protected: + BitSet hideMask; + +private: + RefToken nextMonitoredToken; + +protected: + /** track tail of hidden list emanating from previous + * monitored token + */ + RefToken lastHiddenToken; + + RefToken firstHidden; // = null; + +public: + TokenStreamHiddenTokenFilter(TokenStream& input); + +protected: + void consume(); + +private: + void consumeFirst(); + +public: + BitSet getDiscardMask() const; + + /** Return a ptr to the hidden token appearing immediately after + * token t in the input stream. + */ + RefToken getHiddenAfter(RefToken t); + + /** Return a ptr to the hidden token appearing immediately before + * token t in the input stream. + */ + RefToken getHiddenBefore(RefToken t); + + BitSet getHideMask() const; + + /** Return the first hidden token if one appears + * before any monitored token. + */ + RefToken getInitialHiddenToken(); + + void hide(int m); + + void hide(const BitSet& mask); + +protected: + RefToken LA(int i); + +public: +/** Return the next monitored token. + * Test the token following the monitored token. + * If following is another monitored token, save it + * for the next invocation of nextToken (like a single + * lookahead token) and return it then. + * If following is unmonitored, nondiscarded (hidden) + * channel token, add it to the monitored token. + * + * Note: EOF must be a monitored Token. + */ + RefToken nextToken(); +}; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_TokenStreamHiddenTokenFilter_hpp__ diff --git a/src/antlr/TokenStreamIOException.hpp b/src/antlr/TokenStreamIOException.hpp new file mode 100644 index 000000000..c30034bf0 --- /dev/null +++ b/src/antlr/TokenStreamIOException.hpp @@ -0,0 +1,40 @@ +#ifndef INC_TokenStreamIOException_hpp__ +#define INC_TokenStreamIOException_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: TokenStreamIOException.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +class TokenStreamIOException : public TokenStreamException { +public: + TokenStreamIOException() + : TokenStreamException() + { + } + TokenStreamIOException(const ANTLR_USE_NAMESPACE(std)exception& e) + : TokenStreamException(e.what()) + , io(e) + { + } + ~TokenStreamIOException() throw() + { + } +private: + ANTLR_USE_NAMESPACE(std)exception io; +}; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_TokenStreamIOException_hpp__ diff --git a/src/antlr/TokenStreamRecognitionException.hpp b/src/antlr/TokenStreamRecognitionException.hpp new file mode 100644 index 000000000..3b5f5719d --- /dev/null +++ b/src/antlr/TokenStreamRecognitionException.hpp @@ -0,0 +1,57 @@ +#ifndef INC_TokenStreamRecognitionException_hpp__ +#define INC_TokenStreamRecognitionException_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: TokenStreamRecognitionException.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +/** Exception thrown from generated lexers when there's no default error + * handler specified. + * @see TokenStream + */ +class TokenStreamRecognitionException : public TokenStreamException { +public: + TokenStreamRecognitionException(RecognitionException& re) + : TokenStreamException(re.getMessage()) + , recog(re) + { + } + virtual ~TokenStreamRecognitionException() throw() + { + } + virtual ANTLR_USE_NAMESPACE(std)string toString() const + { + return recog.getFileLineColumnString()+getMessage(); + } + + virtual ANTLR_USE_NAMESPACE(std)string getFilename() const throw() + { + return recog.getFilename(); + } + virtual int getLine() const throw() + { + return recog.getLine(); + } + virtual int getColumn() const throw() + { + return recog.getColumn(); + } +private: + RecognitionException recog; +}; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_TokenStreamRecognitionException_hpp__ diff --git a/src/antlr/TokenStreamRetryException.hpp b/src/antlr/TokenStreamRetryException.hpp new file mode 100644 index 000000000..1db719549 --- /dev/null +++ b/src/antlr/TokenStreamRetryException.hpp @@ -0,0 +1,28 @@ +#ifndef INC_TokenStreamRetryException_hpp__ +#define INC_TokenStreamRetryException_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: TokenStreamRetryException.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +class TokenStreamRetryException : public TokenStreamException { +public: + TokenStreamRetryException() {} + ~TokenStreamRetryException() throw() {} +}; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_TokenStreamRetryException_hpp__ diff --git a/src/antlr/TokenStreamRewriteEngine.cpp b/src/antlr/TokenStreamRewriteEngine.cpp new file mode 100644 index 000000000..2f171eb6e --- /dev/null +++ b/src/antlr/TokenStreamRewriteEngine.cpp @@ -0,0 +1,214 @@ +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +#ifndef NO_STATIC_CONSTS +const size_t TokenStreamRewriteEngine::MIN_TOKEN_INDEX = 0; +const int TokenStreamRewriteEngine::PROGRAM_INIT_SIZE = 100; +#endif + +const char* TokenStreamRewriteEngine::DEFAULT_PROGRAM_NAME = "default"; + +namespace { + + struct compareOperationIndex { + typedef TokenStreamRewriteEngine::RewriteOperation RewriteOperation; + bool operator() ( const RewriteOperation* a, const RewriteOperation* b ) const + { + return a->getIndex() < b->getIndex(); + } + }; + struct dumpTokenWithIndex { + dumpTokenWithIndex( ANTLR_USE_NAMESPACE(std)ostream& o ) : out(o) {} + void operator() ( const RefTokenWithIndex& t ) { + out << "[txt='" << t->getText() << "' tp=" << t->getType() << " idx=" << t->getIndex() << "]\n"; + } + ANTLR_USE_NAMESPACE(std)ostream& out; + }; +} + +TokenStreamRewriteEngine::TokenStreamRewriteEngine(TokenStream& upstream) +: stream(upstream) +, index(MIN_TOKEN_INDEX) +, tokens() +, programs() +, discardMask() +{ +} + +TokenStreamRewriteEngine::TokenStreamRewriteEngine(TokenStream& upstream, size_t initialSize ) +: stream(upstream) +, index(MIN_TOKEN_INDEX) +, tokens(initialSize) +, programs() +, discardMask() +{ +} + +RefToken TokenStreamRewriteEngine::nextToken( void ) +{ + RefTokenWithIndex t; + // suck tokens until end of stream or we find a non-discarded token + do { + t = RefTokenWithIndex(stream.nextToken()); + if ( t ) + { + t->setIndex(index); // what is t's index in list? + if ( t->getType() != Token::EOF_TYPE ) { + tokens.push_back(t); // track all tokens except EOF + } + index++; // move to next position + } + } while ( t && discardMask.member(t->getType()) ); + return RefToken(t); +} + +void TokenStreamRewriteEngine::rollback( const std::string& programName, + size_t instructionIndex ) +{ + program_map::iterator rewrite = programs.find(programName); + if( rewrite != programs.end() ) + { + operation_list& prog = rewrite->second; + operation_list::iterator + j = prog.begin(), + end = prog.end(); + + std::advance(j,instructionIndex); + if( j != end ) + prog.erase(j, end); + } +} + +void TokenStreamRewriteEngine::originalToStream( std::ostream& out, + size_t start, + size_t end ) const +{ + token_list::const_iterator s = tokens.begin(); + std::advance( s, start ); + token_list::const_iterator e = s; + std::advance( e, end-start ); + std::for_each( s, e, tokenToStream(out) ); +} + +void TokenStreamRewriteEngine::toStream( std::ostream& out, + const std::string& programName, + size_t firstToken, + size_t lastToken ) const +{ + if( tokens.size() == 0 ) + return; + + program_map::const_iterator rewriter = programs.find(programName); + + if ( rewriter == programs.end() ) + return; + + // get the prog and some iterators in it... + const operation_list& prog = rewriter->second; + operation_list::const_iterator + rewriteOpIndex = prog.begin(), + rewriteOpEnd = prog.end(); + + size_t tokenCursor = firstToken; + // make sure we don't run out of the tokens we have... + if( lastToken > (tokens.size() - 1) ) + lastToken = tokens.size() - 1; + + while ( tokenCursor <= lastToken ) + { +// std::cout << "tokenCursor = " << tokenCursor << " first prog index = " << (*rewriteOpIndex)->getIndex() << std::endl; + + if( rewriteOpIndex != rewriteOpEnd ) + { + size_t up_to_here = std::min(lastToken,(*rewriteOpIndex)->getIndex()); + while( tokenCursor < up_to_here ) + out << tokens[tokenCursor++]->getText(); + } + while ( rewriteOpIndex != rewriteOpEnd && + tokenCursor == (*rewriteOpIndex)->getIndex() && + tokenCursor <= lastToken ) + { + tokenCursor = (*rewriteOpIndex)->execute(out); + ++rewriteOpIndex; + } + if( tokenCursor <= lastToken ) + out << tokens[tokenCursor++]->getText(); + } + // std::cout << "Handling tail operations # left = " << std::distance(rewriteOpIndex,rewriteOpEnd) << std::endl; + // now see if there are operations (append) beyond last token index + std::for_each( rewriteOpIndex, rewriteOpEnd, executeOperation(out) ); + rewriteOpIndex = rewriteOpEnd; +} + +void TokenStreamRewriteEngine::toDebugStream( std::ostream& out, + size_t start, + size_t end ) const +{ + token_list::const_iterator s = tokens.begin(); + std::advance( s, start ); + token_list::const_iterator e = s; + std::advance( e, end-start ); + std::for_each( s, e, dumpTokenWithIndex(out) ); +} + +void TokenStreamRewriteEngine::addToSortedRewriteList( const std::string& programName, + RewriteOperation* op ) +{ + program_map::iterator rewrites = programs.find(programName); + // check if we got the program already.. + if ( rewrites == programs.end() ) + { + // no prog make a new one... + operation_list ops; + ops.push_back(op); + programs.insert(std::make_pair(programName,ops)); + return; + } + operation_list& prog = rewrites->second; + + if( prog.empty() ) + { + prog.push_back(op); + return; + } + + operation_list::iterator i, end = prog.end(); + i = end; + --i; + // if at or beyond last op's index, just append + if ( op->getIndex() >= (*i)->getIndex() ) { + prog.push_back(op); // append to list of operations + return; + } + i = prog.begin(); + + if( i != end ) + { + operation_list::iterator pos = std::upper_bound( i, end, op, compareOperationIndex() ); + prog.insert(pos,op); + } + else + prog.push_back(op); +} + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif diff --git a/src/antlr/TokenStreamRewriteEngine.hpp b/src/antlr/TokenStreamRewriteEngine.hpp new file mode 100644 index 000000000..9fab08c28 --- /dev/null +++ b/src/antlr/TokenStreamRewriteEngine.hpp @@ -0,0 +1,439 @@ +#ifndef INC_TokenStreamRewriteEngine_hpp__ +#define INC_TokenStreamRewriteEngine_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +/** This token stream tracks the *entire* token stream coming from + * a lexer, but does not pass on the whitespace (or whatever else + * you want to discard) to the parser. + * + * This class can then be asked for the ith token in the input stream. + * Useful for dumping out the input stream exactly after doing some + * augmentation or other manipulations. Tokens are index from 0..n-1 + * + * You can insert stuff, replace, and delete chunks. Note that the + * operations are done lazily--only if you convert the buffer to a + * String. This is very efficient because you are not moving data around + * all the time. As the buffer of tokens is converted to strings, the + * toString() method(s) check to see if there is an operation at the + * current index. If so, the operation is done and then normal String + * rendering continues on the buffer. This is like having multiple Turing + * machine instruction streams (programs) operating on a single input tape. :) + * + * Since the operations are done lazily at toString-time, operations do not + * screw up the token index values. That is, an insert operation at token + * index i does not change the index values for tokens i+1..n-1. + * + * Because operations never actually alter the buffer, you may always get + * the original token stream back without undoing anything. Since + * the instructions are queued up, you can easily simulate transactions and + * roll back any changes if there is an error just by removing instructions. + * For example, + * + * TokenStreamRewriteEngine rewriteEngine = + * new TokenStreamRewriteEngine(lexer); + * JavaRecognizer parser = new JavaRecognizer(rewriteEngine); + * ... + * rewriteEngine.insertAfter("pass1", t, "foobar");} + * rewriteEngine.insertAfter("pass2", u, "start");} + * System.out.println(rewriteEngine.toString("pass1")); + * System.out.println(rewriteEngine.toString("pass2")); + * + * You can also have multiple "instruction streams" and get multiple + * rewrites from a single pass over the input. Just name the instruction + * streams and use that name again when printing the buffer. This could be + * useful for generating a C file and also its header file--all from the + * same buffer. + * + * If you don't use named rewrite streams, a "default" stream is used. + * + * Terence Parr, parrt@cs.usfca.edu + * University of San Francisco + * February 2004 + */ +class TokenStreamRewriteEngine : public TokenStream +{ +public: + typedef ANTLR_USE_NAMESPACE(std)vector token_list; + static const char* DEFAULT_PROGRAM_NAME; +#ifndef NO_STATIC_CONSTS + static const size_t MIN_TOKEN_INDEX; + static const int PROGRAM_INIT_SIZE; +#else + enum { + MIN_TOKEN_INDEX = 0, + PROGRAM_INIT_SIZE = 100 + }; +#endif + + struct tokenToStream { + tokenToStream( ANTLR_USE_NAMESPACE(std)ostream& o ) : out(o) {} + template void operator() ( const T& t ) { + out << t->getText(); + } + ANTLR_USE_NAMESPACE(std)ostream& out; + }; + + class RewriteOperation { + protected: + RewriteOperation( size_t idx, const ANTLR_USE_NAMESPACE(std)string& txt ) + : index(idx), text(txt) + { + } + public: + virtual ~RewriteOperation() + { + } + /** Execute the rewrite operation by possibly adding to the buffer. + * Return the index of the next token to operate on. + */ + virtual size_t execute( ANTLR_USE_NAMESPACE(std)ostream& /* out */ ) { + return index; + } + virtual size_t getIndex() const { + return index; + } + virtual const char* type() const { + return "RewriteOperation"; + } + protected: + size_t index; + ANTLR_USE_NAMESPACE(std)string text; + }; + + struct executeOperation { + ANTLR_USE_NAMESPACE(std)ostream& out; + executeOperation( ANTLR_USE_NAMESPACE(std)ostream& s ) : out(s) {} + void operator () ( RewriteOperation* t ) { + t->execute(out); + } + }; + + /// list of rewrite operations + typedef ANTLR_USE_NAMESPACE(std)list operation_list; + /// map program name to tuple + typedef ANTLR_USE_NAMESPACE(std)map program_map; + + class InsertBeforeOp : public RewriteOperation + { + public: + InsertBeforeOp( size_t index, const ANTLR_USE_NAMESPACE(std)string& text ) + : RewriteOperation(index, text) + { + } + virtual ~InsertBeforeOp() {} + virtual size_t execute( ANTLR_USE_NAMESPACE(std)ostream& out ) + { + out << text; + return index; + } + virtual const char* type() const { + return "InsertBeforeOp"; + } + }; + + class ReplaceOp : public RewriteOperation + { + public: + ReplaceOp(size_t from, size_t to, ANTLR_USE_NAMESPACE(std)string text) + : RewriteOperation(from,text) + , lastIndex(to) + { + } + virtual ~ReplaceOp() {} + virtual size_t execute( ANTLR_USE_NAMESPACE(std)ostream& out ) { + out << text; + return lastIndex+1; + } + virtual const char* type() const { + return "ReplaceOp"; + } + protected: + size_t lastIndex; + }; + + class DeleteOp : public ReplaceOp { + public: + DeleteOp(size_t from, size_t to) + : ReplaceOp(from,to,"") + { + } + virtual const char* type() const { + return "DeleteOp"; + } + }; + + TokenStreamRewriteEngine(TokenStream& upstream); + + TokenStreamRewriteEngine(TokenStream& upstream, size_t initialSize); + + RefToken nextToken( void ); + + void rollback(size_t instructionIndex) { + rollback(DEFAULT_PROGRAM_NAME, instructionIndex); + } + + /** Rollback the instruction stream for a program so that + * the indicated instruction (via instructionIndex) is no + * longer in the stream. UNTESTED! + */ + void rollback(const ANTLR_USE_NAMESPACE(std)string& programName, + size_t instructionIndex ); + + void deleteProgram() { + deleteProgram(DEFAULT_PROGRAM_NAME); + } + + /** Reset the program so that no instructions exist */ + void deleteProgram(const ANTLR_USE_NAMESPACE(std)string& programName) { + rollback(programName, MIN_TOKEN_INDEX); + } + + void insertAfter( RefTokenWithIndex t, + const ANTLR_USE_NAMESPACE(std)string& text ) + { + insertAfter(DEFAULT_PROGRAM_NAME, t, text); + } + + void insertAfter(size_t index, const ANTLR_USE_NAMESPACE(std)string& text) { + insertAfter(DEFAULT_PROGRAM_NAME, index, text); + } + + void insertAfter( const ANTLR_USE_NAMESPACE(std)string& programName, + RefTokenWithIndex t, + const ANTLR_USE_NAMESPACE(std)string& text ) + { + insertAfter(programName, t->getIndex(), text); + } + + void insertAfter( const ANTLR_USE_NAMESPACE(std)string& programName, + size_t index, + const ANTLR_USE_NAMESPACE(std)string& text ) + { + // to insert after, just insert before next index (even if past end) + insertBefore(programName,index+1, text); + } + + void insertBefore( RefTokenWithIndex t, + const ANTLR_USE_NAMESPACE(std)string& text ) + { + // std::cout << "insertBefore index " << t->getIndex() << " " << text << std::endl; + insertBefore(DEFAULT_PROGRAM_NAME, t, text); + } + + void insertBefore(size_t index, const ANTLR_USE_NAMESPACE(std)string& text) { + insertBefore(DEFAULT_PROGRAM_NAME, index, text); + } + + void insertBefore( const ANTLR_USE_NAMESPACE(std)string& programName, + RefTokenWithIndex t, + const ANTLR_USE_NAMESPACE(std)string& text ) + { + insertBefore(programName, t->getIndex(), text); + } + + void insertBefore( const ANTLR_USE_NAMESPACE(std)string& programName, + size_t index, + const ANTLR_USE_NAMESPACE(std)string& text ) + { + addToSortedRewriteList(programName, new InsertBeforeOp(index,text)); + } + + void replace(size_t index, const ANTLR_USE_NAMESPACE(std)string& text) + { + replace(DEFAULT_PROGRAM_NAME, index, index, text); + } + + void replace( size_t from, size_t to, + const ANTLR_USE_NAMESPACE(std)string& text) + { + replace(DEFAULT_PROGRAM_NAME, from, to, text); + } + + void replace( RefTokenWithIndex indexT, + const ANTLR_USE_NAMESPACE(std)string& text ) + { + replace(DEFAULT_PROGRAM_NAME, indexT->getIndex(), indexT->getIndex(), text); + } + + void replace( RefTokenWithIndex from, + RefTokenWithIndex to, + const ANTLR_USE_NAMESPACE(std)string& text ) + { + replace(DEFAULT_PROGRAM_NAME, from, to, text); + } + + void replace(const ANTLR_USE_NAMESPACE(std)string& programName, + size_t from, size_t to, + const ANTLR_USE_NAMESPACE(std)string& text ) + { + addToSortedRewriteList(programName,new ReplaceOp(from, to, text)); + } + + void replace( const ANTLR_USE_NAMESPACE(std)string& programName, + RefTokenWithIndex from, + RefTokenWithIndex to, + const ANTLR_USE_NAMESPACE(std)string& text ) + { + replace(programName, + from->getIndex(), + to->getIndex(), + text); + } + + void remove(size_t index) { + remove(DEFAULT_PROGRAM_NAME, index, index); + } + + void remove(size_t from, size_t to) { + remove(DEFAULT_PROGRAM_NAME, from, to); + } + + void remove(RefTokenWithIndex indexT) { + remove(DEFAULT_PROGRAM_NAME, indexT, indexT); + } + + void remove(RefTokenWithIndex from, RefTokenWithIndex to) { + remove(DEFAULT_PROGRAM_NAME, from, to); + } + + void remove( const ANTLR_USE_NAMESPACE(std)string& programName, + size_t from, size_t to) + { + replace(programName,from,to,""); + } + + void remove( const ANTLR_USE_NAMESPACE(std)string& programName, + RefTokenWithIndex from, RefTokenWithIndex to ) + { + replace(programName,from,to,""); + } + + void discard(int ttype) { + discardMask.add(ttype); + } + + RefToken getToken( size_t i ) + { + return RefToken(tokens.at(i)); + } + + size_t getTokenStreamSize() const { + return tokens.size(); + } + + void originalToStream( ANTLR_USE_NAMESPACE(std)ostream& out ) const { + ANTLR_USE_NAMESPACE(std)for_each( tokens.begin(), tokens.end(), tokenToStream(out) ); + } + + void originalToStream( ANTLR_USE_NAMESPACE(std)ostream& out, + size_t start, size_t end ) const; + + void toStream( ANTLR_USE_NAMESPACE(std)ostream& out ) const { + toStream( out, MIN_TOKEN_INDEX, getTokenStreamSize()); + } + + void toStream( ANTLR_USE_NAMESPACE(std)ostream& out, + const ANTLR_USE_NAMESPACE(std)string& programName ) const + { + toStream( out, programName, MIN_TOKEN_INDEX, getTokenStreamSize()); + } + + void toStream( ANTLR_USE_NAMESPACE(std)ostream& out, + size_t start, size_t end ) const + { + toStream(out, DEFAULT_PROGRAM_NAME, start, end); + } + + void toStream( ANTLR_USE_NAMESPACE(std)ostream& out, + const ANTLR_USE_NAMESPACE(std)string& programName, + size_t firstToken, size_t lastToken ) const; + + void toDebugStream( ANTLR_USE_NAMESPACE(std)ostream& out ) const { + toDebugStream( out, MIN_TOKEN_INDEX, getTokenStreamSize()); + } + + void toDebugStream( ANTLR_USE_NAMESPACE(std)ostream& out, + size_t start, size_t end ) const; + + size_t getLastRewriteTokenIndex() const { + return getLastRewriteTokenIndex(DEFAULT_PROGRAM_NAME); + } + + /** Return the last index for the program named programName + * return 0 if the program does not exist or the program is empty. + * (Note this is different from the java implementation that returns -1) + */ + size_t getLastRewriteTokenIndex(const ANTLR_USE_NAMESPACE(std)string& programName) const { + program_map::const_iterator rewrites = programs.find(programName); + + if( rewrites == programs.end() ) + return 0; + + const operation_list& prog = rewrites->second; + if( !prog.empty() ) + { + operation_list::const_iterator last = prog.end(); + --last; + return (*last)->getIndex(); + } + return 0; + } + +protected: + /** If op.index > lastRewriteTokenIndexes, just add to the end. + * Otherwise, do linear */ + void addToSortedRewriteList(RewriteOperation* op) { + addToSortedRewriteList(DEFAULT_PROGRAM_NAME, op); + } + + void addToSortedRewriteList( const ANTLR_USE_NAMESPACE(std)string& programName, + RewriteOperation* op ); + +protected: + /** Who do we suck tokens from? */ + TokenStream& stream; + /** track index of tokens */ + size_t index; + + /** Track the incoming list of tokens */ + token_list tokens; + + /** You may have multiple, named streams of rewrite operations. + * I'm calling these things "programs." + * Maps String (name) -> rewrite (List) + */ + program_map programs; + + /** Which (whitespace) token(s) to throw out */ + BitSet discardMask; +}; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif diff --git a/src/antlr/TokenStreamSelector.cpp b/src/antlr/TokenStreamSelector.cpp new file mode 100644 index 000000000..1f5db8cf8 --- /dev/null +++ b/src/antlr/TokenStreamSelector.cpp @@ -0,0 +1,107 @@ +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: TokenStreamSelector.cpp 1361 2007-06-07 02:34:05Z vkurland $ + */ +#include "antlr/TokenStreamSelector.hpp" +#include "antlr/TokenStreamRetryException.hpp" + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +/** A token stream MUX (multiplexor) knows about n token streams + * and can multiplex them onto the same channel for use by token + * stream consumer like a parser. This is a way to have multiple + * lexers break up the same input stream for a single parser. + * Or, you can have multiple instances of the same lexer handle + * multiple input streams; this works great for includes. + */ + +TokenStreamSelector::TokenStreamSelector() +: input(0) +{ +} + +TokenStreamSelector::~TokenStreamSelector() +{ +} + +void TokenStreamSelector::addInputStream(TokenStream* stream, const ANTLR_USE_NAMESPACE(std)string& key) +{ + inputStreamNames[key] = stream; +} + +TokenStream* TokenStreamSelector::getCurrentStream() const +{ + return input; +} + +TokenStream* TokenStreamSelector::getStream(const ANTLR_USE_NAMESPACE(std)string& sname) const +{ + inputStreamNames_coll::const_iterator i = inputStreamNames.find(sname); + if (i == inputStreamNames.end()) { + throw ANTLR_USE_NAMESPACE(std)string("TokenStream ")+sname+" not found"; + } + return (*i).second; +} + +RefToken TokenStreamSelector::nextToken() +{ + // keep looking for a token until you don't + // get a retry exception + for (;;) { + try { + return input->nextToken(); + } + catch (TokenStreamRetryException&) { + // just retry "forever" + } + } +} + +TokenStream* TokenStreamSelector::pop() +{ + TokenStream* stream = streamStack.top(); + streamStack.pop(); + select(stream); + return stream; +} + +void TokenStreamSelector::push(TokenStream* stream) +{ + streamStack.push(input); + select(stream); +} + +void TokenStreamSelector::push(const ANTLR_USE_NAMESPACE(std)string& sname) +{ + streamStack.push(input); + select(sname); +} + +void TokenStreamSelector::retry() +{ + throw TokenStreamRetryException(); +} + +/** Set the stream without pushing old stream */ +void TokenStreamSelector::select(TokenStream* stream) +{ + input = stream; +} + +void TokenStreamSelector::select(const ANTLR_USE_NAMESPACE(std)string& sname) +{ + inputStreamNames_coll::const_iterator i = inputStreamNames.find(sname); + if (i == inputStreamNames.end()) { + throw ANTLR_USE_NAMESPACE(std)string("TokenStream ")+sname+" not found"; + } + input = (*i).second; +} + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + diff --git a/src/antlr/TokenStreamSelector.hpp b/src/antlr/TokenStreamSelector.hpp new file mode 100644 index 000000000..cdb7493d0 --- /dev/null +++ b/src/antlr/TokenStreamSelector.hpp @@ -0,0 +1,87 @@ +#ifndef INC_TokenStreamSelector_hpp__ +#define INC_TokenStreamSelector_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: TokenStreamSelector.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +/** A token stream MUX (multiplexor) knows about n token streams + * and can multiplex them onto the same channel for use by token + * stream consumer like a parser. This is a way to have multiple + * lexers break up the same input stream for a single parser. + * Or, you can have multiple instances of the same lexer handle + * multiple input streams; this works great for includes. + */ +class ANTLR_API TokenStreamSelector : public TokenStream { +protected: + /** The set of inputs to the MUX */ +#ifdef OS_NO_ALLOCATOR + typedef ANTLR_USE_NAMESPACE(std)less lessp; + typedef ANTLR_USE_NAMESPACE(std)map inputStreamNames_coll; +#else + typedef ANTLR_USE_NAMESPACE(std)map inputStreamNames_coll; +#endif + inputStreamNames_coll inputStreamNames; + + /** The currently-selected token stream input */ + TokenStream* input; + + /** Used to track stack of input streams */ +#ifdef OS_NO_ALLOCATOR + typedef ANTLR_USE_NAMESPACE(std)stack > streamStack_coll; +#else + typedef ANTLR_USE_NAMESPACE(std)stack streamStack_coll; +#endif + streamStack_coll streamStack; + +public: + TokenStreamSelector(); + ~TokenStreamSelector(); + + void addInputStream(TokenStream* stream, const ANTLR_USE_NAMESPACE(std)string& key); + + /// Return the stream from which tokens are being pulled at the moment. + TokenStream* getCurrentStream() const; + + TokenStream* getStream(const ANTLR_USE_NAMESPACE(std)string& sname) const; + + RefToken nextToken(); + + TokenStream* pop(); + + void push(TokenStream* stream); + + void push(const ANTLR_USE_NAMESPACE(std)string& sname); + + /** Abort recognition of current Token and try again. + * A stream can push a new stream (for include files + * for example, and then retry(), which will cause + * the current stream to abort back to this.nextToken(). + * this.nextToken() then asks for a token from the + * current stream, which is the new "substream." + */ + void retry(); + + /** Set the stream without pushing old stream */ + void select(TokenStream* stream); + + void select(const ANTLR_USE_NAMESPACE(std)string& sname); +}; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_TokenStreamSelector_hpp__ diff --git a/src/antlr/TokenWithIndex.hpp b/src/antlr/TokenWithIndex.hpp new file mode 100644 index 000000000..94503d7ce --- /dev/null +++ b/src/antlr/TokenWithIndex.hpp @@ -0,0 +1,84 @@ +#ifndef INC_TokenWithIndex_hpp__ +#define INC_TokenWithIndex_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: TokenWithIndex.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +class ANTLR_API TokenWithIndex : public ANTLR_USE_NAMESPACE(antlr)CommonToken { +public: + // static size_t count; + TokenWithIndex() : CommonToken(), index(0) + { + // std::cout << __PRETTY_FUNCTION__ << std::endl; + // count++; + } + TokenWithIndex(int t, const ANTLR_USE_NAMESPACE(std)string& txt) + : CommonToken(t,txt) + , index(0) + { + // std::cout << __PRETTY_FUNCTION__ << std::endl; + // count++; + } + TokenWithIndex(const ANTLR_USE_NAMESPACE(std)string& s) + : CommonToken(s) + , index(0) + { + // std::cout << __PRETTY_FUNCTION__ << std::endl; + // count++; + } + ~TokenWithIndex() + { + // count--; + } + void setIndex( size_t idx ) + { + index = idx; + } + size_t getIndex( void ) const + { + return index; + } + + ANTLR_USE_NAMESPACE(std)string toString() const + { + return ANTLR_USE_NAMESPACE(std)string("[")+ + index+ + ":\""+ + getText()+"\",<"+ + getType()+">,line="+ + getLine()+",column="+ + getColumn()+"]"; + } + + static RefToken factory() + { + return RefToken(new TokenWithIndex()); + } + +protected: + size_t index; + +private: + TokenWithIndex(const TokenWithIndex&); + const TokenWithIndex& operator=(const TokenWithIndex&); +}; + +typedef TokenRefCount RefTokenWithIndex; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_CommonToken_hpp__ diff --git a/src/antlr/TreeParser.cpp b/src/antlr/TreeParser.cpp new file mode 100644 index 000000000..8f5cb40b4 --- /dev/null +++ b/src/antlr/TreeParser.cpp @@ -0,0 +1,72 @@ +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: TreeParser.cpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include "antlr/TreeParser.hpp" +#include "antlr/ASTNULLType.hpp" + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +/** The AST Null object; the parsing cursor is set to this when + * it is found to be null. This way, we can test the + * token type of a node without having to have tests for null + * everywhere. + */ +RefAST TreeParser::ASTNULL(new ASTNULLType); + +/** Parser error-reporting function can be overridden in subclass */ +void TreeParser::reportError(const RecognitionException& ex) +{ + ANTLR_USE_NAMESPACE(std)cerr << ex.toString().c_str() << ANTLR_USE_NAMESPACE(std)endl; +} + +/** Parser error-reporting function can be overridden in subclass */ +void TreeParser::reportError(const ANTLR_USE_NAMESPACE(std)string& s) +{ + ANTLR_USE_NAMESPACE(std)cerr << "error: " << s.c_str() << ANTLR_USE_NAMESPACE(std)endl; +} + +/** Parser warning-reporting function can be overridden in subclass */ +void TreeParser::reportWarning(const ANTLR_USE_NAMESPACE(std)string& s) +{ + ANTLR_USE_NAMESPACE(std)cerr << "warning: " << s.c_str() << ANTLR_USE_NAMESPACE(std)endl; +} + +/** Procedure to write out an indent for traceIn and traceOut */ +void TreeParser::traceIndent() +{ + for( int i = 0; i < traceDepth; i++ ) + ANTLR_USE_NAMESPACE(std)cout << " "; +} + +void TreeParser::traceIn(const char* rname, RefAST t) +{ + traceDepth++; + traceIndent(); + + ANTLR_USE_NAMESPACE(std)cout << "> " << rname + << "(" << (t ? t->toString().c_str() : "null") << ")" + << ((inputState->guessing>0)?" [guessing]":"") + << ANTLR_USE_NAMESPACE(std)endl; +} + +void TreeParser::traceOut(const char* rname, RefAST t) +{ + traceIndent(); + + ANTLR_USE_NAMESPACE(std)cout << "< " << rname + << "(" << (t ? t->toString().c_str() : "null") << ")" + << ((inputState->guessing>0)?" [guessing]":"") + << ANTLR_USE_NAMESPACE(std)endl; + + traceDepth--; +} + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif diff --git a/src/antlr/TreeParser.hpp b/src/antlr/TreeParser.hpp new file mode 100644 index 000000000..8a682166e --- /dev/null +++ b/src/antlr/TreeParser.hpp @@ -0,0 +1,155 @@ +#ifndef INC_TreeParser_hpp__ +#define INC_TreeParser_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: TreeParser.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include +#include +#include +#include +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +class ANTLR_API TreeParser { +public: + TreeParser() + : astFactory(0) + , inputState(new TreeParserInputState()) + , traceDepth(0) + { + } + + TreeParser(const TreeParserSharedInputState& state) + : astFactory(0) + , inputState(state) + , traceDepth(0) + { + } + + virtual ~TreeParser() + { + } + + /// Get the AST return value squirreled away in the parser + virtual RefAST getAST() = 0; + + /** Make sure current lookahead symbol matches the given set + * Throw an exception upon mismatch, which is caught by either the + * error handler or by a syntactic predicate. + */ + virtual void match(RefAST t, const BitSet& b) + { + if ( !t || t==ASTNULL || !b.member(t->getType()) ) + throw MismatchedTokenException( getTokenNames(), getNumTokens(), + t, b, false ); + } + + /** Specify the AST factory to be used during tree building. (Compulsory) + * Setting the factory is compulsory (if you intend to modify + * the tree in the treeparser). The AST Factory is shared between + * parser (who builds the initial AST) and treeparser. + * @see Parser::getASTFactory() + */ + virtual void setASTFactory(ASTFactory* factory) + { + astFactory = factory; + } + /// Return pointer to ASTFactory + virtual ASTFactory* getASTFactory() const + { + return astFactory; + } + /// Get the name for token 'num' + virtual const char* getTokenName(int num) const = 0; + /// Return the number of tokens defined + virtual int getNumTokens() const = 0; + /// Return an array of getNumTokens() token names + virtual const char* const* getTokenNames() const = 0; + + /// Parser error-reporting function can be overridden in subclass + virtual void reportError(const RecognitionException& ex); + /// Parser error-reporting function can be overridden in subclass + virtual void reportError(const ANTLR_USE_NAMESPACE(std)string& s); + /// Parser warning-reporting function can be overridden in subclass + virtual void reportWarning(const ANTLR_USE_NAMESPACE(std)string& s); + + /// These are used during when traceTreeParser commandline option is passed. + virtual void traceIndent(); + virtual void traceIn(const char* rname, RefAST t); + virtual void traceOut(const char* rname, RefAST t); + + /** The AST Null object; the parsing cursor is set to this when + * it is found to be null. This way, we can test the + * token type of a node without having to have tests for 0 + * everywhere. + */ + static RefAST ASTNULL; + +protected: + virtual void match(RefAST t, int ttype) + { + if (!t || t == ASTNULL || t->getType() != ttype ) + throw MismatchedTokenException( getTokenNames(), getNumTokens(), + t, ttype, false ); + } + + virtual void matchNot(RefAST t, int ttype) + { + if ( !t || t == ASTNULL || t->getType() == ttype ) + throw MismatchedTokenException( getTokenNames(), getNumTokens(), + t, ttype, true ); + } + + /** AST support code; parser and treeparser delegate to this object */ + ASTFactory* astFactory; + + /// The input state of this tree parser. + TreeParserSharedInputState inputState; + + /** Used to keep track of indent depth with -traceTreeParser */ + int traceDepth; + + /** Utility class which allows tracing to work even when exceptions are + * thrown. + */ + class Tracer { + private: + TreeParser* parser; + const char* text; + RefAST tree; + public: + Tracer(TreeParser* p, const char* t, RefAST a) + : parser(p), text(t), tree(a) + { + parser->traceIn(text,tree); + } + ~Tracer() + { + parser->traceOut(text,tree); + } + private: + Tracer(const Tracer&); // undefined + const Tracer& operator=(const Tracer&); // undefined + }; + +private: + // no copying of treeparser instantiations... + TreeParser(const TreeParser& other); + TreeParser& operator=(const TreeParser& other); +}; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_TreeParser_hpp__ diff --git a/src/antlr/TreeParserSharedInputState.hpp b/src/antlr/TreeParserSharedInputState.hpp new file mode 100644 index 000000000..16112d4e3 --- /dev/null +++ b/src/antlr/TreeParserSharedInputState.hpp @@ -0,0 +1,45 @@ +#ifndef INC_TreeParserSharedInputState_hpp__ +#define INC_TreeParserSharedInputState_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: TreeParserSharedInputState.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +#include +#include + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +/** This object contains the data associated with an + * input AST. Multiple parsers + * share a single TreeParserSharedInputState to parse + * the same tree or to have the parser walk multiple + * trees. + */ +class ANTLR_API TreeParserInputState { +public: + TreeParserInputState() : guessing(0) {} + virtual ~TreeParserInputState() {} + +public: + /** Are we guessing (guessing>0)? */ + int guessing; //= 0; + +private: + // we don't want these: + TreeParserInputState(const TreeParserInputState&); + TreeParserInputState& operator=(const TreeParserInputState&); +}; + +typedef RefCount TreeParserSharedInputState; + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +#endif //INC_TreeParserSharedInputState_hpp__ diff --git a/src/antlr/antlr.pro b/src/antlr/antlr.pro new file mode 100644 index 000000000..716c85004 --- /dev/null +++ b/src/antlr/antlr.pro @@ -0,0 +1,98 @@ +#-*- mode: makefile; tab-width: 4; -*- +# +include(../../qmake.inc) +# +TEMPLATE = lib +# +SOURCES = ANTLRUtil.cpp \ + ASTFactory.cpp \ + ASTNULLType.cpp \ + ASTRefCount.cpp \ + BaseAST.cpp \ + BitSet.cpp \ + CharBuffer.cpp \ + CharScanner.cpp \ + CommonAST.cpp \ + CommonASTWithHiddenTokens.cpp \ + CommonHiddenStreamToken.cpp \ + CommonToken.cpp \ + InputBuffer.cpp \ + LLkParser.cpp \ + MismatchedCharException.cpp \ + MismatchedTokenException.cpp \ + NoViableAltException.cpp \ + NoViableAltForCharException.cpp \ + Parser.cpp \ + RecognitionException.cpp \ + String.cpp \ + TokenBuffer.cpp \ + Token.cpp \ + TokenRefCount.cpp \ + TokenStreamBasicFilter.cpp \ + TokenStreamHiddenTokenFilter.cpp \ + TokenStreamRewriteEngine.cpp \ + TokenStreamSelector.cpp \ + TreeParser.cpp + +# dll.cpp \ + + +HEADERS = ANTLRException.hpp \ + ANTLRUtil.hpp \ + ASTArray.hpp \ + ASTFactory.hpp \ + AST.hpp \ + ASTNULLType.hpp \ + ASTPair.hpp \ + ASTRefCount.hpp \ + BaseAST.hpp \ + BitSet.hpp \ + CharBuffer.hpp \ + CharInputBuffer.hpp \ + CharScanner.hpp \ + CharStreamException.hpp \ + CharStreamIOException.hpp \ + CircularQueue.hpp \ + CommonAST.hpp \ + CommonASTWithHiddenTokens.hpp \ + CommonHiddenStreamToken.hpp \ + CommonToken.hpp \ + config.hpp \ + InputBuffer.hpp \ + IOException.hpp \ + LexerSharedInputState.hpp \ + LLkParser.hpp \ + MismatchedCharException.hpp \ + MismatchedTokenException.hpp \ + NoViableAltException.hpp \ + NoViableAltForCharException.hpp \ + Parser.hpp \ + ParserSharedInputState.hpp \ + RecognitionException.hpp \ + RefCount.hpp \ + SemanticException.hpp \ + String.hpp \ + TokenBuffer.hpp \ + Token.hpp \ + TokenRefCount.hpp \ + TokenStreamBasicFilter.hpp \ + TokenStreamException.hpp \ + TokenStreamHiddenTokenFilter.hpp \ + TokenStream.hpp \ + TokenStreamIOException.hpp \ + TokenStreamRecognitionException.hpp \ + TokenStreamRetryException.hpp \ + TokenStreamRewriteEngine.hpp \ + TokenStreamSelector.hpp \ + TokenWithIndex.hpp \ + TreeParser.hpp \ + TreeParserSharedInputState.hpp + +CONFIG += staticlib + +INCLUDEPATH += $$ANTLR_INCLUDEPATH +DEFINES += $$ANTLR_DEFINES + +TARGET = antlr + +INSTALLS -= target diff --git a/src/antlr/config.hpp b/src/antlr/config.hpp new file mode 100644 index 000000000..47add5202 --- /dev/null +++ b/src/antlr/config.hpp @@ -0,0 +1,290 @@ +#ifndef INC_config_hpp__ +#define INC_config_hpp__ + +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: config.hpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +/* + * Just a simple configuration file to differentiate between the + * various compilers used and reconfigure stuff for any oddities of the + * compiler in question. + * + * These are the defaults. Per compiler these are amended. + */ +#define ANTLR_USE_NAMESPACE(_x_) _x_:: +#define ANTLR_USING_NAMESPACE(_x_) using namespace _x_; +#define ANTLR_CXX_SUPPORTS_NAMESPACE 1 +#define ANTLR_C_USING(_x_) +#define ANTLR_API +#ifndef CUSTOM_API +# define CUSTOM_API +#endif +#define ANTLR_IOS_BASE ios_base +/** define if cctype functions/macros need a std:: prefix. A lot of compilers + * define these as macros, in which case something barfs. + */ +#define ANTLR_CCTYPE_NEEDS_STD + +/// Define if C++ compiler supports std::uncaught_exception +#define ANTLR_CXX_SUPPORTS_UNCAUGHT_EXCEPTION + +#define ANTLR_ATOI_IN_STD + +/******************************************************************************/ +/*{{{ Microsoft Visual C++ */ +// NOTE: If you provide patches for a specific MSVC version guard them for +// the specific version!!!! +// _MSC_VER == 1100 for Microsoft Visual C++ 5.0 +// _MSC_VER == 1200 for Microsoft Visual C++ 6.0 +// _MSC_VER == 1300 for Microsoft Visual C++ 7.0 +#if defined(_MSC_VER) + +# if _MSC_VER < 1300 +# define NOMINMAX +# pragma warning(disable : 4786) +# define min _cpp_min +# endif + +// This warning really gets on my nerves. +// It's the one about symbol longer than 256 chars, and it happens +// all the time with STL. +# pragma warning( disable : 4786 4231 ) +// this shuts up some DLL interface warnings for STL +# pragma warning( disable : 4251 ) + +# ifdef ANTLR_CXX_USE_STLPORT +# undef ANTLR_CXX_SUPPORTS_UNCAUGHT_EXCEPTION +# endif + +# if ( _MSC_VER < 1300 ) && ( defined(ANTLR_EXPORTS) || defined(ANTLR_IMPORTS) ) +# error "DLL Build not supported on these MSVC versions." +// see comment in lib/cpp/src/dll.cpp +# endif + +// For the DLL support originally contributed by Stephen Naughton +// If you are building statically leave ANTLR_EXPORTS/ANTLR_IMPORTS undefined +// If you are building the DLL define ANTLR_EXPORTS +// If you are compiling code to be used with the DLL define ANTLR_IMPORTS +# ifdef ANTLR_EXPORTS +# undef ANTLR_API +# define ANTLR_API __declspec(dllexport) +# endif + +# ifdef ANTLR_IMPORTS +# undef ANTLR_API +# define ANTLR_API __declspec(dllimport) +# endif + +# if ( _MSC_VER < 1200 ) +// supposedly only for MSVC5 and before... +// Using vector requires operator<(X,X) to be defined +# define NEEDS_OPERATOR_LESS_THAN +# endif + +// VC6 +# if ( _MSC_VER == 1200 ) +# undef ANTLR_ATOI_IN_STD +# endif + +# if ( _MSC_VER < 1310 ) +// Supposedly only for MSVC7 and before... +// Not allowed to put 'static const int XXX=20;' in a class definition +# define NO_STATIC_CONSTS +# define NO_TEMPLATE_PARTS +# endif + +// No strcasecmp in the C library (so use stricmp instead) +// - Anyone know which is in which standard? +# define NO_STRCASECMP +# undef ANTLR_CCTYPE_NEEDS_STD +# define NO_STATIC_CONSTS +#endif // End of Microsoft Visual C++ + +/*}}}*/ +/******************************************************************************/ +/*{{{ SunPro Compiler (Using OBJECTSPACE STL) + *****************************************************************************/ +#ifdef __SUNPRO_CC + +# if (__SUNPRO_CC >= 0x500) + +# define NEEDS_OPERATOR_LESS_THAN +# define NO_TEMPLATE_PARTS + +# else + +# undef namespace +# define namespace + +# if (__SUNPRO_CC == 0x420) + +/* This code is specif to SunWspro Compiler 4.2, and will compile with + the objectspace 2.1 toolkit for Solaris2.6 */ +# define HAS_NOT_CASSERT_H +# define HAS_NOT_CSTRING_H +# define HAS_NOT_CCTYPE_H +# define HAS_NOT_CSTDIO_H +# define HAS_OSTREAM_H + +/* #define OS_SOLARIS_2_6 + #define OS_NO_WSTRING + #define OS_NO_ALLOCATORS + #define OS_MULTI_THREADED + #define OS_SOLARIS_NATIVE + #define OS_REALTIME + #define __OSVERSION__=5 + #define SVR4 + */ + +// ObjectSpace + some specific templates constructions with stl. +/* #define OS_NO_ALLOCATOR */ + +// This great compiler does not have the namespace feature. +# undef ANTLR_USE_NAMESPACE +# define ANTLR_USE_NAMESPACE(_x_) +# undef ANTLR_USING_NAMESPACE +# define ANTLR_USING_NAMESPACE(_x_) +# undef ANTLR_CXX_SUPPORTS_NAMESPACE +# endif // End __SUNPRO_CC == 0x420 + +# undef explicit +# define explicit + +# define exception os_exception +# define bad_exception os_bad_exception + +// Not allowed to put 'static const int XXX=20;' in a class definition +# define NO_STATIC_CONSTS +// Using vector requires operator<(X,X) to be defined +# define NEEDS_OPERATOR_LESS_THAN + +# endif + +# undef ANTLR_CCTYPE_NEEDS_STD + +#endif // end __SUNPRO_CC +/*}}}*/ +/*****************************************************************************/ +/*{{{ Inprise C++ Builder 3.0 + *****************************************************************************/ +#ifdef __BCPLUSPLUS__ +# define NO_TEMPLATE_PARTS +# define NO_STRCASECMP +# undef ANTLR_CCTYPE_NEEDS_STD +#endif // End of C++ Builder 3.0 +/*}}}*/ +/*****************************************************************************/ +/*{{{ IBM VisualAge C++ ( which includes the Dinkumware C++ Library ) + *****************************************************************************/ +#ifdef __IBMCPP__ + +// No strcasecmp in the C library (so use stricmp instead) +// - Anyone know which is in which standard? +#if (defined(_AIX) && (__IBMCPP__ >= 600)) +# define NO_STATIC_CONSTS +#else +# define NO_STRCASECMP +# undef ANTLR_CCTYPE_NEEDS_STD +#endif + +#endif // end IBM VisualAge C++ +/*}}}*/ +/*****************************************************************************/ +/*{{{ Metrowerks Codewarrior + *****************************************************************************/ +#ifdef __MWERKS__ +# if (__MWERKS__ <= 0x2201) +# define NO_TEMPLATE_PARTS +# endif + +// CW 6.0 and 7.0 still do not have it. +# define ANTLR_REALLY_NO_STRCASECMP + +# undef ANTLR_C_USING +# define ANTLR_C_USING(_x_) using std:: ## _x_; + +# define ANTLR_CCTYPE_NEEDS_STD +# undef ANTLR_CXX_SUPPORTS_UNCAUGHT_EXCEPTION + +#endif // End of Metrowerks Codewarrior +/*}}}*/ +/*****************************************************************************/ +/*{{{ SGI Irix 6.5.10 MIPSPro compiler + *****************************************************************************/ +// (contributed by Anna Winkler) +// Note: you can't compile ANTLR with the MIPSPro compiler on +// anything < 6.5.10 because SGI just fixed a big bug dealing with +// namespaces in that release. +#ifdef __sgi +# define HAS_NOT_CCTYPE_H +# define HAS_NOT_CSTRING_H +# define HAS_NOT_CSTDIO_H +# undef ANTLR_CCTYPE_NEEDS_STD +#endif // End IRIX MIPSPro +/*}}}*/ +/*****************************************************************************/ +/*{{{ G++ in various incarnations + *****************************************************************************/ +// With the gcc-2.95 and 3.0 being in the near future we should start handling +// incompatabilities between the various libstdc++'s. +#if defined(__GNUC__) || defined(__GNUG__) +// gcc 2 branch.. +# if (__GNUC__ == 2 ) +# if (__GNUC_MINOR__ <= 8 ) +# undef ANTLR_USE_NAMESPACE +# define ANTLR_USE_NAMESPACE(_x_) +# undef ANTLR_USING_NAMESPACE +# define ANTLR_USING_NAMESPACE(_x_) +# undef ANTLR_CXX_SUPPORTS_NAMESPACE +# endif +# if (__GNUC_MINOR__ > 8 && __GNUC_MINOR__ <= 95 ) +# undef ANTLR_IOS_BASE +# define ANTLR_IOS_BASE ios +# undef ANTLR_CCTYPE_NEEDS_STD +// compiling with -ansi ? +# ifdef __STRICT_ANSI__ +# undef ANTLR_REALLY_NO_STRCASECMP +# define ANTLR_REALLY_NO_STRCASECMP +# endif +# else +// experimental .96 .97 branches.. +# undef ANTLR_CCTYPE_NEEDS_STD +# endif +# endif +#endif // ! __GNUC__ +/*}}}*/ +/*****************************************************************************/ +/*{{{ Digital CXX (Tru64) + *****************************************************************************/ +#ifdef __DECCXX +#define __USE_STD_IOSTREAM +#endif +/*}}}*/ +/*****************************************************************************/ +#ifdef __BORLANDC__ +# if __BORLANDC__ >= 560 +# include +# include +# define ANTLR_CCTYPE_NEEDS_STD +# else +# error "sorry, compiler is too old - consider an update." +# endif +#endif + +// Redefine these for backwards compatability.. +#undef ANTLR_BEGIN_NAMESPACE +#undef ANTLR_END_NAMESPACE + +#if ANTLR_CXX_SUPPORTS_NAMESPACE == 1 +# define ANTLR_BEGIN_NAMESPACE(_x_) namespace _x_ { +# define ANTLR_END_NAMESPACE } +#else +# define ANTLR_BEGIN_NAMESPACE(_x_) +# define ANTLR_END_NAMESPACE +#endif + +#endif //INC_config_hpp__ diff --git a/src/antlr/dll.cpp b/src/antlr/dll.cpp new file mode 100644 index 000000000..cdd695353 --- /dev/null +++ b/src/antlr/dll.cpp @@ -0,0 +1,138 @@ +/* ANTLR Translator Generator + * Project led by Terence Parr at http://www.jGuru.com + * Software rights: http://www.antlr.org/license.html + * + * $Id: dll.cpp 1361 2007-06-07 02:34:05Z vkurland $ + */ + +/* + * DLL stub for MSVC++. Based upon versions of Stephen Naughton and Michael + * T. Richter + */ + +// RK: Uncommented by instruction of Alexander Lenski +//#if _MSC_VER > 1000 +//# pragma once +//#endif // _MSC_VER > 1000 + +// Exclude rarely-used stuff from Windows headers +#define WIN32_LEAN_AND_MEAN + +#include + +#if defined( _MSC_VER ) && ( _MSC_VER < 1300 ) +# error "DLL Build not supported on old MSVC's" +// Ok it seems to be possible with STLPort in stead of the vanilla MSVC STL +// implementation. This needs some work though. (and don't try it if you're +// not that familiar with compilers/building C++ DLL's in windows) +#endif + +#include +#include "antlr/config.hpp" +#include "antlr/Token.hpp" +#include "antlr/CircularQueue.hpp" + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +namespace antlr { +#endif + +// Take care of necessary implicit instantiations of templates from STL + +// This should take care of MSVC 7.0 +#if defined( _MSC_VER ) && ( _MSC_VER == 1300 ) + +// these come from AST.hpp +template class ANTLR_API ASTRefCount< AST >; +template class ANTLR_API ANTLR_USE_NAMESPACE(std)allocator< RefAST >; +template class ANTLR_API ANTLR_USE_NAMESPACE(std)vector< RefAST >; +//template ANTLR_API int operator<( ASTRefCount< AST >, ASTRefCount< AST > ); + +// ASTFactory.hpp +template class ANTLR_API ANTLR_USE_NAMESPACE(std)allocator< factory_descriptor_* >; +template class ANTLR_API ANTLR_USE_NAMESPACE(std)allocator< ANTLR_USE_NAMESPACE(std)pair< const char*, factory_type_ > >; +template struct ANTLR_API ANTLR_USE_NAMESPACE(std)pair< const char*, factory_type_ >; +template class ANTLR_API ANTLR_USE_NAMESPACE(std)_Vector_val< factory_descriptor_*, ANTLR_USE_NAMESPACE(std)allocator< factory_descriptor_* > >; +template class ANTLR_API ANTLR_USE_NAMESPACE(std)vector< factory_descriptor_* >; + +// BitSet.hpp +template class ANTLR_API ANTLR_USE_NAMESPACE(std)allocator< bool >; +template class ANTLR_API ANTLR_USE_NAMESPACE(std)_Vector_val< bool, ANTLR_USE_NAMESPACE(std)allocator< bool > >; +template class ANTLR_API ANTLR_USE_NAMESPACE(std)vector< bool >; + +// CharScanner.hpp +template class ANTLR_API ANTLR_USE_NAMESPACE(std)allocator< ANTLR_USE_NAMESPACE(std)pair< ANTLR_USE_NAMESPACE(std)string, int > >; +template class ANTLR_API ANTLR_USE_NAMESPACE(std)allocator< ANTLR_USE_NAMESPACE(std)pair< const ANTLR_USE_NAMESPACE(std)string, int > >; +template class ANTLR_API ANTLR_USE_NAMESPACE(std)allocator< ANTLR_USE_NAMESPACE(std)_Tree_nod< ANTLR_USE_NAMESPACE(std)_Tmap_traits< ANTLR_USE_NAMESPACE(std)string, int, CharScannerLiteralsLess, ANTLR_USE_NAMESPACE(std)allocator< ANTLR_USE_NAMESPACE(std)pair< const ANTLR_USE_NAMESPACE(std)string, int > >, false > >::_Node >; +template class ANTLR_API ANTLR_USE_NAMESPACE(std)allocator< ANTLR_USE_NAMESPACE(std)_Tree_ptr< ANTLR_USE_NAMESPACE(std)_Tmap_traits< ANTLR_USE_NAMESPACE(std)string, int, CharScannerLiteralsLess, ANTLR_USE_NAMESPACE(std)allocator< ANTLR_USE_NAMESPACE(std)pair< const ANTLR_USE_NAMESPACE(std)string, int > >, false > >::_Nodeptr >; +template struct ANTLR_API ANTLR_USE_NAMESPACE(std)pair< ANTLR_USE_NAMESPACE(std)string, int >; +template class ANTLR_API ANTLR_USE_NAMESPACE(std)_Tmap_traits< ANTLR_USE_NAMESPACE(std)string, int, CharScannerLiteralsLess, ANTLR_USE_NAMESPACE(std)allocator< ANTLR_USE_NAMESPACE(std)pair< const ANTLR_USE_NAMESPACE(std)string, int > >,false >; +template class ANTLR_API ANTLR_USE_NAMESPACE(std)_Tree_nod< ANTLR_USE_NAMESPACE(std)_Tmap_traits< ANTLR_USE_NAMESPACE(std)string, int, CharScannerLiteralsLess, ANTLR_USE_NAMESPACE(std)allocator< ANTLR_USE_NAMESPACE(std)pair< const ANTLR_USE_NAMESPACE(std)string, int > >,false > >; +template class ANTLR_API ANTLR_USE_NAMESPACE(std)_Tree_ptr< ANTLR_USE_NAMESPACE(std)_Tmap_traits< ANTLR_USE_NAMESPACE(std)string, int, CharScannerLiteralsLess, ANTLR_USE_NAMESPACE(std)allocator< ANTLR_USE_NAMESPACE(std)pair< const ANTLR_USE_NAMESPACE(std)string, int > >,false > >; +template class ANTLR_API ANTLR_USE_NAMESPACE(std)_Tree_val< ANTLR_USE_NAMESPACE(std)_Tmap_traits< ANTLR_USE_NAMESPACE(std)string, int, CharScannerLiteralsLess, ANTLR_USE_NAMESPACE(std)allocator< ANTLR_USE_NAMESPACE(std)pair< const ANTLR_USE_NAMESPACE(std)string, int > >,false > >; +template class ANTLR_API ANTLR_USE_NAMESPACE(std)_Tree< ANTLR_USE_NAMESPACE(std)_Tmap_traits< ANTLR_USE_NAMESPACE(std)string, int, CharScannerLiteralsLess, ANTLR_USE_NAMESPACE(std)allocator< ANTLR_USE_NAMESPACE(std)pair< const ANTLR_USE_NAMESPACE(std)string, int > >,false > >; +template class ANTLR_API ANTLR_USE_NAMESPACE(std)map< ANTLR_USE_NAMESPACE(std)string, int, CharScannerLiteralsLess >; + +// CircularQueue.hpp +// RK: it might well be that a load of these ints need to be unsigned ints +// (made some more stuff unsigned) +template class ANTLR_API ANTLR_USE_NAMESPACE(std)allocator< int >; +template class ANTLR_API ANTLR_USE_NAMESPACE(std)_Vector_val< int, ANTLR_USE_NAMESPACE(std)allocator< int > >; +template class ANTLR_API ANTLR_USE_NAMESPACE(std)vector< int >; +template class ANTLR_API ANTLR_USE_NAMESPACE(std)vector< int, ANTLR_USE_NAMESPACE(std)allocator< int > >; +// template ANTLR_API inline int CircularQueue< int >::entries() const; + +template class ANTLR_API ANTLR_USE_NAMESPACE(std)allocator< RefToken >; +template class ANTLR_API ANTLR_USE_NAMESPACE(std)_Vector_val< RefToken, ANTLR_USE_NAMESPACE(std)allocator< RefToken > >; +template class ANTLR_API ANTLR_USE_NAMESPACE(std)vector< RefToken >; +template class ANTLR_API ANTLR_USE_NAMESPACE(std)vector< RefToken, ANTLR_USE_NAMESPACE(std)allocator< RefToken > >; +// template ANTLR_API inline int CircularQueue< RefToken >::entries() const; + +// CommonAST.hpp +template class ANTLR_API ASTRefCount< CommonAST >; + +// CommonASTWithHiddenTokenTypes.hpp +template class ANTLR_API ASTRefCount< CommonASTWithHiddenTokens >; + +// LexerSharedInputState.hpp +template class ANTLR_API RefCount< LexerInputState >; + +// ParserSharedInputState.hpp +template class ANTLR_API RefCount< ParserInputState >; + +// TokenStreamSelector.hpp +template class ANTLR_API ANTLR_USE_NAMESPACE(std)allocator< ANTLR_USE_NAMESPACE(std)pair< ANTLR_USE_NAMESPACE(std)string, TokenStream* > >; +template class ANTLR_API ANTLR_USE_NAMESPACE(std)allocator< ANTLR_USE_NAMESPACE(std)pair< const ANTLR_USE_NAMESPACE(std)string, TokenStream* > >; +template class ANTLR_API ANTLR_USE_NAMESPACE(std)allocator< ANTLR_USE_NAMESPACE(std)_Tree_nod< ANTLR_USE_NAMESPACE(std)_Tmap_traits< ANTLR_USE_NAMESPACE(std)string, TokenStream*, ANTLR_USE_NAMESPACE(std)less< ANTLR_USE_NAMESPACE(std)string >, ANTLR_USE_NAMESPACE(std)allocator< ANTLR_USE_NAMESPACE(std)pair< const ANTLR_USE_NAMESPACE(std)string, TokenStream* > >, false > >::_Node >; +template class ANTLR_API ANTLR_USE_NAMESPACE(std)allocator< ANTLR_USE_NAMESPACE(std)_Tree_ptr< ANTLR_USE_NAMESPACE(std)_Tmap_traits< ANTLR_USE_NAMESPACE(std)string, TokenStream*, ANTLR_USE_NAMESPACE(std)less< ANTLR_USE_NAMESPACE(std)string >, ANTLR_USE_NAMESPACE(std)allocator< ANTLR_USE_NAMESPACE(std)pair< const ANTLR_USE_NAMESPACE(std)string, TokenStream* > >, false > >::_Nodeptr >; +template struct ANTLR_API ANTLR_USE_NAMESPACE(std)pair< ANTLR_USE_NAMESPACE(std)string, TokenStream* >; +template class ANTLR_API ANTLR_USE_NAMESPACE(std)_Tmap_traits< ANTLR_USE_NAMESPACE(std)string, TokenStream*, ANTLR_USE_NAMESPACE(std)less< ANTLR_USE_NAMESPACE(std)string >, ANTLR_USE_NAMESPACE(std)allocator< ANTLR_USE_NAMESPACE(std)pair< const ANTLR_USE_NAMESPACE(std)string, TokenStream* > >,false >; +template class ANTLR_API ANTLR_USE_NAMESPACE(std)_Tree_nod< ANTLR_USE_NAMESPACE(std)_Tmap_traits< ANTLR_USE_NAMESPACE(std)string, TokenStream*, ANTLR_USE_NAMESPACE(std)less< ANTLR_USE_NAMESPACE(std)string >, ANTLR_USE_NAMESPACE(std)allocator< ANTLR_USE_NAMESPACE(std)pair< const ANTLR_USE_NAMESPACE(std)string, TokenStream* > >,false > >; +template class ANTLR_API ANTLR_USE_NAMESPACE(std)_Tree_ptr< ANTLR_USE_NAMESPACE(std)_Tmap_traits< ANTLR_USE_NAMESPACE(std)string, TokenStream*, ANTLR_USE_NAMESPACE(std)less< ANTLR_USE_NAMESPACE(std)string >, ANTLR_USE_NAMESPACE(std)allocator< ANTLR_USE_NAMESPACE(std)pair< const ANTLR_USE_NAMESPACE(std)string, TokenStream* > >,false > >; +template class ANTLR_API ANTLR_USE_NAMESPACE(std)_Tree_val< ANTLR_USE_NAMESPACE(std)_Tmap_traits< ANTLR_USE_NAMESPACE(std)string, TokenStream*, ANTLR_USE_NAMESPACE(std)less< ANTLR_USE_NAMESPACE(std)string >, ANTLR_USE_NAMESPACE(std)allocator< ANTLR_USE_NAMESPACE(std)pair< const ANTLR_USE_NAMESPACE(std)string, TokenStream* > >,false > >; +template class ANTLR_API ANTLR_USE_NAMESPACE(std)_Tree< ANTLR_USE_NAMESPACE(std)_Tmap_traits< ANTLR_USE_NAMESPACE(std)string, TokenStream*, ANTLR_USE_NAMESPACE(std)less< ANTLR_USE_NAMESPACE(std)string >, ANTLR_USE_NAMESPACE(std)allocator< ANTLR_USE_NAMESPACE(std)pair< const ANTLR_USE_NAMESPACE(std)string, TokenStream* > >,false > >; +template class ANTLR_API ANTLR_USE_NAMESPACE(std)map< ANTLR_USE_NAMESPACE(std)string, TokenStream* >; + +template class ANTLR_API ANTLR_USE_NAMESPACE(std)allocator< TokenStream* >; +template class ANTLR_API ANTLR_USE_NAMESPACE(std)allocator< ANTLR_USE_NAMESPACE(std)_Deque_map< TokenStream* , ANTLR_USE_NAMESPACE(std)allocator< TokenStream* > >::_Tptr >; +template class ANTLR_API ANTLR_USE_NAMESPACE(std)_Deque_map< TokenStream*, ANTLR_USE_NAMESPACE(std)allocator< TokenStream* > >; +template class ANTLR_API ANTLR_USE_NAMESPACE(std)_Deque_val< TokenStream*, ANTLR_USE_NAMESPACE(std)allocator< TokenStream* > >; +template class ANTLR_API ANTLR_USE_NAMESPACE(std)deque< TokenStream*, ANTLR_USE_NAMESPACE(std)allocator< TokenStream* > >; +template class ANTLR_API ANTLR_USE_NAMESPACE(std)stack< TokenStream*, ANTLR_USE_NAMESPACE(std)deque >; + +#elif defined( _MSC_VER ) && ( _MSC_VER == 1310 ) +// Instantiations for MSVC 7.1 +template class ANTLR_API CircularQueue< int >; +template class ANTLR_API CircularQueue< RefToken >; + +// #else future msvc's + +#endif + +#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE +} +#endif + +BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) +{ + return TRUE; +} diff --git a/src/common/commoninit.h b/src/common/commoninit.h new file mode 100644 index 000000000..f27bdcc50 --- /dev/null +++ b/src/common/commoninit.h @@ -0,0 +1,6 @@ +#ifndef COMMON_INIT_H +#define COMMON_INIT_H +#include + +void init(char * const *argv); +#endif diff --git a/src/common/init.cpp b/src/common/init.cpp new file mode 100644 index 000000000..6f8c73b2f --- /dev/null +++ b/src/common/init.cpp @@ -0,0 +1,164 @@ + +#include "config.h" + +#ifdef _WIN32 +# include +#endif + +#ifndef _WIN32 +# include +# include +#endif + +#ifdef Q_OS_MACX +# include +# include +#endif + +#include +#include +#include "fwbuilder/libfwbuilder-config.h" +#include "fwbuilder/Tools.h" +#include "fwbuilder/Resources.h" +#include "commoninit.h" + +std::string appRootDir; +std::string userDataDir; +std::string respath; +std::string localepath; +std::string librespath; +std::string sysfname; +std::string tempfname; +std::string argv0; +std::string ee; + +extern int fwbdebug; + +using namespace std; +using namespace libfwbuilder; + + +string guessExecPath(const char *argv0) +{ + +#ifdef Q_OS_MACX +// see http://doc.trolltech.com/3.3/mac-differences.html#7-1 +// except that article explains how to get path to bundle, while +// we need path to executable here. Using CFBundleCopyExecutableURL +// instead of CFBundleCopyBundleURL +// + CFURLRef bundleURL = CFBundleCopyExecutableURL(CFBundleGetMainBundle()); + CFStringRef macPath = CFURLCopyFileSystemPath(bundleURL, + kCFURLPOSIXPathStyle); + const char *pathPtr = CFStringGetCStringPtr(macPath, + CFStringGetSystemEncoding()); + CFRelease(bundleURL); + CFRelease(macPath); + + return pathPtr; + +#else + + QString s = argv0; + + if (s[0]=='/') return argv0; + if (s.indexOf('/')!=-1) return s.toLatin1().constData(); + +// argv0 does not start with '/' and contains no '/' - use PATH + QString path = getenv("PATH"); + int i1=0; + + while ( !(s=path.section(':',i1,i1)).isEmpty() ) + { + s=s+"/"+argv0; + if (access(s.toLatin1().constData(),F_OK|X_OK)==0) return s.toLatin1().constData(); + i1++; + } + return argv0; +#endif +} + + +string findExecutable(const char *argv0) +{ +#ifdef _WIN32 +/* see explanation about _pgmptr here: +http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/getmodulefilename.asp +*/ + string res; + + res = _pgmptr; + return res; +#else + +#ifdef OS_LINUX +/* on modern Linux systems full path to the executable is available in + * /proc/self/exec. + */ + char buf[PATH_MAX]; + if ( readlink( "/proc/self/exec", buf, sizeof(buf) )<0 ) + { + return guessExecPath(argv0); + } else + return buf; +#else + return guessExecPath(argv0); +#endif +#endif +} + + + +void init(char * const *argv) +{ + argv0=findExecutable(argv[0]); + + string::size_type n0=argv0.find_last_of("/\\"); + if (n0!=string::npos) appRootDir=argv0.substr(0,n0) + FS_SEPARATOR; + else appRootDir=""; + + if (fwbdebug) + { + qDebug(QString("argv0=%1").arg(argv0.c_str()).toAscii().constData()); + qDebug(QString("appRootDir=%1").arg(appRootDir.c_str()).toAscii().constData()); + } + + libfwbuilder::init(); + +#if defined(Q_OS_WIN32) || defined(Q_OS_MACX) + +/* On windows and mac we install API resources (DTD etc) in the + * dir right above the one where we install resources for the GUI and compilers + */ + if (respath=="") respath = appRootDir+RES_DIR; + n0=respath.find_last_of("/\\"); + librespath = respath.substr(0,n0); + + sysfname = respath+FS_SEPARATOR+"objects_init.xml"; + tempfname = respath+FS_SEPARATOR+"templates.xml"; + +#else + +/* On Unix RES_DIR and LIBFWBUILDER_TEMPLATE_DIR are absolute paths */ + + if (respath=="") respath = RES_DIR; + librespath = LIBFWBUILDER_TEMPLATE_DIR; + + sysfname = respath+ FS_SEPARATOR + "objects_init.xml"; + tempfname = respath+ FS_SEPARATOR + "templates.xml"; + +#endif + +/* define localepath the same way as we define PKGLOCALEDIR in qmake.inc */ + localepath = respath + "/locale"; + +/* default directory where the user may want to save files */ +#if defined(Q_OS_WIN32) + userDataDir = string(getenv("USERPROFILE"))+"\\Documents"; +#elif defined(Q_OS_MACX) + userDataDir = string(getenv("HOME"))+"/Documents"; +#else + userDataDir = string(getenv("HOME")); +#endif + +} diff --git a/src/fwbedit/.cvsignore b/src/fwbedit/.cvsignore new file mode 100644 index 000000000..7b4aea461 --- /dev/null +++ b/src/fwbedit/.cvsignore @@ -0,0 +1,5 @@ +Makefile +.moc +.ui +*.app + diff --git a/src/fwbedit/fwbedit.cpp b/src/fwbedit/fwbedit.cpp new file mode 100644 index 000000000..1ff821f2a --- /dev/null +++ b/src/fwbedit/fwbedit.cpp @@ -0,0 +1,1024 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: fwbedit.cpp 1450 2007-12-05 16:53:10Z vk $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "fwbuilder/libfwbuilder-config.h" +#include "fwbuilder/Constants.h" + +#include +#include + +#ifdef HAVE_LOCALE_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include + + +#ifndef _WIN32 +# include +#endif + +#include +#include +#include +#include +#include + +#ifdef HAVE_GETOPT_H +# include +#else +# ifdef _WIN32 +# include +# else +# include +# endif +#endif + +#include "fwbuilder/Resources.h" + +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/XMLTools.h" +#include "fwbuilder/FWException.h" +#include "fwbuilder/Group.h" + +#include "fwbuilder/Library.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Host.h" +#include "fwbuilder/Network.h" +#include "fwbuilder/IPv4.h" +#include "fwbuilder/DNSName.h" +#include "fwbuilder/AddressTable.h" +#include "fwbuilder/AddressRange.h" +#include "fwbuilder/ObjectGroup.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/CustomService.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/ServiceGroup.h" +#include "fwbuilder/Interval.h" +#include "fwbuilder/IntervalGroup.h" +#include "fwbuilder/InterfacePolicy.h" + +#include "../common/init.cpp" +#include + +using namespace libfwbuilder; +using namespace std; + +// can't use 'DELETE' in this enum because it is degined somewhere on windows +typedef enum { NONE, ADDGRP, REMGRP, DELOBJECT, OBJECT, LIST, STRUCT,ATTR, UPGRADE} command; + +// need to qualify deque even though we use "using namespace std;" +// to make it compile on windows +typedef std::deque operands; + +static command cmd = NONE; + +bool autoupgrade_flag = false; + +string filename=""; +string object; +string group; +string objtype; +string addr1; +string addr2; +string dnsrec; +string runtime; +string name; +string path; +string lib; +string time1; +string time2; +string date1; +string date2; +string day1; +string day2; +string platform; +string hostOS; +string management; +string addr3; +string addr4; +string mask; +string settings; +string protocol; +string bitmap; +string ICMPtype; +string ICMPcode; +string security; +string addrtype; +string parent; + +vector platforms; + +std::map systemGroupPaths; + +FWObjectDatabase *objdb = NULL; + +int fwbdebug = 0; + +class UpgradePredicate: public XMLTools::UpgradePredicate +{ + public: + virtual bool operator()(const string &msg) const + { + bool res=false; + cout << _("Data file has been created in the old version of Firewall Builder.") << endl << flush; + if (autoupgrade_flag) + { + cout << _("Do you want to convert it? (Y)") << endl; + int a = getchar(); + if (a=='y' || a=='Y' || a=='\n' ) res= true; + } + else + { + cout << _("Use option '-u' to upgrade the file. Alternatively,\nfwbuilder GUI can convert it.") << endl; + } + if (res) cout << _("Upgrading the file now ...") << endl; + return res; + } +}; +void initConstants ( void) +{ + systemGroupPaths[Library::TYPENAME] = ""; + + systemGroupPaths[IPv4::TYPENAME] = "Objects/Addresses"; + systemGroupPaths[DNSName::TYPENAME] = "Objects/DNS Names"; + systemGroupPaths[AddressTable::TYPENAME] = "Objects/Address Tables"; + systemGroupPaths[AddressRange::TYPENAME] = "Objects/Address Ranges"; + systemGroupPaths[ObjectGroup::TYPENAME] = "Objects/Groups"; + systemGroupPaths[Host::TYPENAME] = "Objects/Hosts"; + systemGroupPaths[Network::TYPENAME] = "Objects/Networks"; + + systemGroupPaths[ServiceGroup::TYPENAME] = "Services/Groups"; + systemGroupPaths[CustomService::TYPENAME] = "Services/Custom"; + systemGroupPaths[IPService::TYPENAME] = "Services/IP"; + systemGroupPaths[ICMPService::TYPENAME] = "Services/ICMP"; + systemGroupPaths[TCPService::TYPENAME] = "Services/TCP"; + systemGroupPaths[UDPService::TYPENAME] = "Services/UDP"; + + systemGroupPaths[Firewall::TYPENAME] = "Firewalls"; + + systemGroupPaths[Interval::TYPENAME] = "Time"; +} +void usage(const char *name) +{ + cout << _("Firewall Builder: general purpose object tree editing tool") << endl; + cout << _("Version ") << VERSION << "-" << RELEASE_NUM << endl; + cout << _("Usage: ") << name + << _(" -f filename.fwb -u [-a obj,grp] [-r obj,grp] [-d obj] [-s] [-l path] [(-p parent|-L library) -t objtype -n objname [-o object attributes]] ") << endl; + cout << endl; + cout << " " << _("-t objtype : create an object of this type") << endl; + cout << " " << _("-L library : specify library when creating a new object") << endl; + cout << " " << _("-p obj : specify parent object when creating a new object") << endl; + cout << " " << _("-n name : specify a name of the new object") << endl; + cout << " " << _("-o attribute1[,attribute2...] : specify attributes when creating a new object") << endl; + cout << " " << _("-a obj,grp : create reference to object 'obj' in the group 'grp'") << endl; + cout << " " << _("-r obj,grp : remove reference to object 'obj' from the group 'grp'") << endl; + cout << " " << _("-d obj : delete object 'obj' and remove references to it from") << endl; + cout << " " << _(" all rules and groups") << endl; + cout << " " << _("-l path : print list of objects for 'path'") << endl; + cout << " " << _("-s : test and repair object tree structure") << endl; + cout << " " << _("-u : autoupgrade of file") << endl; + cout << endl; + cout << _("An object and a group can be defined by their ID or ") << endl; + cout << _("by the full path and name in the XML tree") << endl; + cout << endl; + cout << _("Object creation syntax:") << endl; + cout << endl; + cout << " " << "-t " <begin(), root->end(), + FWObjectNameEQPredicate(tree_node)); + if (j==root->end()) return NULL; + if ((*j)->getName()==obj_path) return (*j); + else return find_object( path.substr(n+1) , (*j) ); +} + +bool testIPv4(string s) +{ + bool res=false; + try + { + IPAddress( s.c_str() ); + res=true; + } catch (FWException &ex) + { } + return res; +} + +FWObject *getObject(const char *objstr) throw (FWException) +{ + char errstr[128]; + FWObject *obj=NULL; + if (strchr(objstr,'/')!=NULL) + { +/* got full path to the object */ + string path=objstr; + string::size_type n=path.find("/",0); + if (n==0 || + path.substr(0,n)=="FWObjectDatabase" || + path.substr(0,n)=="User") + obj= find_object( path.substr(n+1) ); + else + obj= find_object( path ); + if (obj==NULL) + { + SNPRINTF(errstr,sizeof(errstr),_("Object %s not found"),objstr ); + throw FWException(errstr); + } + } else { +/* got object ID */ + obj=objdb->getById(objstr,true); + if (obj==NULL) + { + SNPRINTF(errstr,sizeof(errstr),_("Object with ID='%s' not found"),objstr ); + throw FWException(errstr); + } + } + return obj; +} +int splitStr(char ch,string s, operands * ops) +{ + int res=0; + string::size_type pos; + ops->clear(); + if (s.length()>0) + { + while((pos=s.find_first_of(ch))!=string::npos) + { + ops->push_back(s.substr(0,pos)); + s=s.substr(pos+1); + res++; + } + ops->push_back(s); + res++; + } + + return res; +} +FWObject* createObject(string type,string path) +{ + FWObject* obj=objdb->create(type); + FWObject* parent=getObject(path.c_str()); + if (parent != NULL) + { + parent->add(obj); + } + return obj; +} +string getNextOpt(operands &ops) +{ + string s=*ops.begin(); + ops.pop_front(); + return s; +} +bool testPlatform(string pl,string os) +{ + platforms=Resources::getListOfPlatforms(); + operands lst; + string str; + if (platforms.empty() || ( platforms.size()==1 && platforms.front()=="unknown" )) + { + cout << _("Failed to load list of supported platforms") << endl; + exit(1); + } + for (vector::iterator i=platforms.begin();i!=platforms.end();i++) + { + + string sos=Resources::platform_res[*i]->getResourceStr("/FWBuilderResources/Target/supported_os"); + if (sos.empty()) return false; + if (*i!="unknown") + { + if (*i==pl ) + { + int n=splitStr(',',sos,&lst); + for (int i=0;icreate(t.c_str()); + res->setName(n); + root->add(res); + cout << _("( Fixed )"); + } + else + { + cout << _("Ok"); + } + cout << endl; + return res; +} + +void invalidIPv4(string s) +{ + if (!testIPv4(s)) + { + cout << "\"" << s << "\" - invalid IPv4 address." << endl; + + exit(0); + } +} + +int main(int argc, char * const *argv) +{ + operands ops; + +#ifdef ENABLE_NLS + setlocale (LC_ALL, ""); + + bindtextdomain (PACKAGE, LOCALEDIR); + textdomain (PACKAGE); +#else +# ifdef HAVE_SETLOCALE + setlocale (LC_ALL, ""); +# endif +#endif + initConstants(); + if (argc<=1) + { + usage(argv[0]); + exit(1); + } + + int opt; + + while( (opt=getopt(argc,argv,"f:a:r:d:o:l:L:p:t:n:su")) != EOF ) + { + int num=0; + if (optarg!=NULL) + { + string str=optarg; + num=splitStr(',',str,&ops); + } + switch(opt) + { + case 'f': filename=getNextOpt(ops); break; + case 'L': lib=getNextOpt(ops); break; + case 'p': parent=getNextOpt(ops); break; + case 't': objtype=getNextOpt(ops);cmd=OBJECT; break; + case 'n': name=getNextOpt(ops); break; + case 'a': cmd=ADDGRP; break; + case 'r': cmd=REMGRP; break; + case 'd': cmd=DELOBJECT; break; + case 'o': cmd=ATTR; break; + case 'l': cmd=LIST; break; + case 's': cmd=STRUCT; break; + case 'u': + { + cmd=(cmd==NONE)?UPGRADE:cmd; + autoupgrade_flag=true; break; + } + default : usage(argv[0]); exit(1); + + } + + if (cmd==ADDGRP || cmd==REMGRP) + { + if (num!=2) + { + usage(argv[0]); + exit(1); + } + object=getNextOpt(ops); + group=getNextOpt(ops); + break; + } + if (cmd==DELOBJECT) + { + object=getNextOpt(ops); + break; + } + if (cmd==LIST) + { + if (num==1) + { + path=getNextOpt(ops); + } + else + { + usage(argv[0]); + exit(1); + } + break; + } + if (cmd==ATTR) + { + if (name=="" || objtype=="" || + (parent=="" && lib=="")) + { + usage(argv[0]); + exit(1); + } + cmd=OBJECT; + + if (objtype==IPv4::TYPENAME && num==1) + { + addr1=getNextOpt(ops); + invalidIPv4(addr1); + + } + else if (objtype==DNSName::TYPENAME && num==2) + { + dnsrec=getNextOpt(ops); + runtime=getNextOpt(ops); + } + else if ((objtype==AddressRange::TYPENAME || objtype==Network::TYPENAME) && num==2) + { + addr1=getNextOpt(ops);invalidIPv4(addr1); + addr2=getNextOpt(ops);invalidIPv4(addr2); + } + else if (objtype==ObjectGroup::TYPENAME && num==0) + {} + else if (objtype==Firewall::TYPENAME && num==2) + { + platform=getNextOpt(ops); + hostOS=getNextOpt(ops); + } + else if (objtype==Interval::TYPENAME && num==6) + { + time1=getNextOpt(ops); + date1=getNextOpt(ops); + day1=getNextOpt(ops); + time2=getNextOpt(ops); + date2=getNextOpt(ops); + day2=getNextOpt(ops); + } + else if (objtype==Interface::TYPENAME && num==3) + { + security=getNextOpt(ops); + addrtype=getNextOpt(ops); + management=getNextOpt(ops); + } + else if (objtype==Host::TYPENAME && num==0) + { + } + else if (objtype==TCPService::TYPENAME && num==6) + { + addr1=getNextOpt(ops); + addr2=getNextOpt(ops); + addr3=getNextOpt(ops); + addr4=getNextOpt(ops); + mask=getNextOpt(ops); + settings=getNextOpt(ops); + } + else if (objtype==UDPService::TYPENAME && num==4) + { + addr1=getNextOpt(ops); + addr2=getNextOpt(ops); + addr3=getNextOpt(ops); + addr4=getNextOpt(ops); + } + else if (objtype==IPService::TYPENAME && num==2) + { + protocol=getNextOpt(ops); + bitmap=getNextOpt(ops); + } + else if (objtype==ICMPService::TYPENAME && num==2) + { + ICMPtype=getNextOpt(ops); + ICMPcode=getNextOpt(ops); + } + + else + { + cout << "Adding objects of the type '" << objtype << "' is not supported or object's attributes are invalid." << endl; + cmd=NONE; + } + break; + } + } + + + if(cmd==NONE || filename=="") + { + usage(argv[0]); + exit(1); + } + + init(argv); + + try + { + new Resources(respath+FS_SEPARATOR+"resources.xml"); + + //new Resources(respath); // creates singleton Resources::global_res + + /* create database */ + objdb = new FWObjectDatabase(); + + /* load the data file */ + UpgradePredicate upgrade_predicate; + + objdb->load(filename, &upgrade_predicate, librespath); + + if (cmd == STRUCT) + { + cout << _("Test/repair the structure:") << endl; + FWObject *root=objdb; + FWObject *nlib; + FWObject *grp; + string lib; + bool ro_flag; + + for (FWObject::iterator i=root->begin(); + i!=root->end(); + ++i) + { + nlib=*i; + lib=nlib->getName(); + if (nlib->getId()!="sysid99") + { + ro_flag=nlib->isReadOnly(); + cout << _("Library: ") << lib << ((ro_flag)?"(Read only)":" ") << endl; + nlib->setReadOnly(false); + + grp=testAndFix("Objects", ObjectGroup::TYPENAME,nlib); + testAndFix("Addresses", ObjectGroup::TYPENAME,grp); + testAndFix("DNS Names", ObjectGroup::TYPENAME,grp); + testAndFix("Address Tables",ObjectGroup::TYPENAME,grp); + testAndFix("Groups", ObjectGroup::TYPENAME,grp); + testAndFix("Hosts", ObjectGroup::TYPENAME,grp); + testAndFix("Networks", ObjectGroup::TYPENAME,grp); + testAndFix("Address Ranges",ObjectGroup::TYPENAME,grp); + + grp=testAndFix("Services", ServiceGroup::TYPENAME,nlib); + testAndFix("Groups", ServiceGroup::TYPENAME,grp); + testAndFix("ICMP", ServiceGroup::TYPENAME,grp); + testAndFix("IP", ServiceGroup::TYPENAME,grp); + testAndFix("TCP", ServiceGroup::TYPENAME,grp); + testAndFix("UDP", ServiceGroup::TYPENAME,grp); + testAndFix("Custom", ServiceGroup::TYPENAME,grp); + testAndFix("TagServices", ServiceGroup::TYPENAME,grp); + + testAndFix("Firewalls", ObjectGroup::TYPENAME,nlib); + testAndFix("Time", IntervalGroup::TYPENAME,nlib); + + nlib->setReadOnly(ro_flag); + } + } + } + else if (cmd == LIST) + { + FWObject *root=getObject(path.c_str()); + + cout << _("Objects list for '"<< path << "' :") << endl; + for(FWObject::iterator i=root->begin(); + i!=root->end(); + ++i) + { + cout << (*i)->getName() << _(" ( ") << (*i)->getId() << _(" ) ") << endl; + } + return(0); + } + else if (cmd == UPGRADE) + { + cout << _("File upgraded; current version: ") << libfwbuilder::Constants::getLibraryVersion() << endl; + } + else if (cmd == OBJECT) + { + cout << _("Adding a new object into '"<< ((lib!="")?lib:parent) <<"': ") << endl + << _("Type: ") << objtype << endl + << _("Name: ") << name << endl; + if (objtype==IPv4::TYPENAME) + { + cout << _("Address: ") << addr1 << endl; + FWObject *nobj = NULL; + if (lib!="") + { + nobj=createObject(objtype,"/"+lib+"/"+systemGroupPaths[objtype]); + } + else if (parent!="") + { + FWObject *target = getObject(parent.c_str()); + + if (Interface::isA(target)) + { + nobj = objdb->create(objtype); + target->add(nobj); + } + } + else + { + cout << _("Parent for the object is missing.") << endl; + exit(1); + } + + if (nobj!=NULL) + { + IPv4 *o=IPv4::cast(nobj); + o->setName(name); + o->setAddress(addr1); + } + + } + else if (objtype==DNSName::TYPENAME) + { + cout << _("DNS Record: ") << dnsrec << endl; + cout << _("Run time: ") << runtime << endl; + + FWObject *nobj=createObject(objtype,"/"+lib+"/"+systemGroupPaths[objtype]); + DNSName *o=DNSName::cast(nobj); + o->setName(name); + o->setSourceName(dnsrec); + o->setRunTime(getBool(runtime)); + + } + else if (objtype==AddressRange::TYPENAME) + { + cout << _("Range start: ") << addr1 << endl + << _("Range end: ") << addr2 << endl; + FWObject *nobj=createObject(objtype,"/"+lib+"/"+systemGroupPaths[objtype]); + AddressRange *o=AddressRange::cast(nobj); + o->setName(name); + o->setRangeStart(IPAddress(addr1)); + o->setRangeEnd(IPAddress(addr2)); + + } + else if (objtype==ObjectGroup::TYPENAME) + { + FWObject *nobj=createObject(objtype,"/"+lib+"/"+systemGroupPaths[objtype]); + ObjectGroup *o=ObjectGroup::cast(nobj); + o->setName(name); + + } + else if (objtype==Network::TYPENAME) + { + cout << _("Address: ") << addr1 << endl + << _("Netmask: ") << addr2 << endl; + FWObject *nobj=createObject(objtype,"/"+lib+"/"+systemGroupPaths[objtype]); + Network *o=Network::cast(nobj); + o->setName(name); + o->setAddress(addr1); + o->setNetmask(addr2); + } + else if (objtype==Firewall::TYPENAME) + { + cout << _("Platform: ") << platform << endl + << _("Host OS: ") << hostOS << endl; + if (testPlatform(platform,hostOS)) + { + FWObject *nobj=createObject(objtype,"/"+lib+"/"+systemGroupPaths[objtype]); + Firewall *o=Firewall::cast(nobj); + o->setName(name); + o->setStr("platform",platform); + o->setStr("host_OS",hostOS); + } + else + { + cout << _("Platform and Host OS combination is invalid.") << endl; + } + + } + else if (objtype==Interval::TYPENAME) + { + QTime time; + QDate date; + int m,h,d,mn,y,dw; + + cout << _("Activate a rule on:") << endl + << _("Time: ") << time1 << endl + << _("Date: ") << date1 << endl + << _("Day of week:") << day1 << endl + << _("Deactivate a rule on:") << endl + << _("Time: ") << time2 << endl + << _("Date: ") << date2 << endl + << _("Day of week:") << day2 << endl; + FWObject *nobj=createObject(objtype,"/"+lib+"/"+systemGroupPaths[objtype]); + Interval *o=Interval::cast(nobj); + o->setName(name); + if (time1 == "") + { + m=0; h=0; + } + else + { + time=QTime::fromString(time1.c_str()); + m=time.minute(); + h=time.hour(); + } + if (date1 == "") + { + mn=2; d=28; y=2935093; + } + else + { + date=QDate::fromString(date1.c_str(),Qt::ISODate); + mn=date.month(); + d=date.day(); + y=date.year(); + } + if (day1 == "") + { + dw=-1; + } + else + { + dw=atoi(day1.c_str()); + } + o->setStartTime(m,h,d,mn,y,dw); + + if (time2 == "") + { + m=0; h=0; + } + else + { + time=QTime::fromString(time2.c_str()); + m=time.minute(); + h=time.hour(); + } + if (date2 == "") + { + mn=2; d=28; y=2935093; + } + else + { + date=QDate::fromString(date2.c_str(),Qt::ISODate); + mn=date.month(); + d=date.day(); + y=date.year(); + } + if (day2 == "") + { + dw=-1; + } + else + { + dw=atoi(day2.c_str()); + } + o->setEndTime(m,h,d,mn,y,dw); + } + else if (objtype==Interface::TYPENAME) + { + if (security=="") + { + cout << _("Security level is an obligatory attribute.") << endl; + } + else + { + cout << _("Security level: ") << security << endl + << _("Address type: ") << addrtype << endl + << _("Management interface: ") << management << endl; + FWObject *target = getObject(parent.c_str()); + if (Host::isA(target) || Firewall::isA(target)) + { + FWObject *nobj = objdb->create(objtype); + Interface *o=Interface::cast(nobj); + o->setName(name); + int sl=atoi(security.c_str()); + o->setSecurityLevel(sl); + o->setExt((sl==0)?true:false); + o->setDyn(addrtype=="dynamic"); + o->setUnnumbered(addrtype=="unnumbered"); + o->setManagement(getBool(management)); + + target->add(o); + if (Firewall::isA(target)) + { + o->add(new InterfacePolicy()); + + } + } + else + { + cout << lib << " - " << "invalid parent for an Interface" << endl; + } + } + } + else if (objtype==Host::TYPENAME) + { + FWObject *nobj=createObject(objtype,"/"+lib+"/"+systemGroupPaths[objtype]); + Host *o=Host::cast(nobj); + o->setName(name); + } + else if (objtype==TCPService::TYPENAME) + { + cout << _("Source port range:") << endl + << _("Start: ") << addr1 << endl + << _("End: ") << addr2 << endl + << _("Destination port range:") << endl + << _("Start: ") << addr3 << endl + << _("End: ") << addr4 << endl + << _("TCP Flags: ") << endl + << _("Mask: ") << mask << endl + << _("Settings: ") << settings << endl; + FWObject *nobj=createObject(objtype,"/"+lib+"/"+systemGroupPaths[objtype]); + TCPService *o=TCPService::cast(nobj); + o->setName(name); + o->setInt("src_range_start",atoi(addr1.c_str())); + o->setInt("src_range_end",atoi(addr2.c_str())); + o->setInt("dst_range_start",atoi(addr3.c_str())); + o->setInt("dst_range_end",atoi(addr4.c_str())); + + o->setBool("urg_flag_mask",mask.find('u')!=string::npos || mask.find('U')!=string::npos); + o->setBool("ack_flag_mask",mask.find('a')!=string::npos || mask.find('A')!=string::npos); + o->setBool("psh_flag_mask",mask.find('p')!=string::npos || mask.find('P')!=string::npos); + o->setBool("rst_flag_mask",mask.find('r')!=string::npos || mask.find('R')!=string::npos); + o->setBool("syn_flag_mask",mask.find('s')!=string::npos || mask.find('S')!=string::npos); + o->setBool("fin_flag_mask",mask.find('f')!=string::npos || mask.find('F')!=string::npos); + + o->setBool("urg_flag",settings.find('u')!=string::npos || settings.find('U')!=string::npos); + o->setBool("ack_flag",settings.find('a')!=string::npos || settings.find('A')!=string::npos); + o->setBool("psh_flag",settings.find('p')!=string::npos || settings.find('P')!=string::npos); + o->setBool("rst_flag",settings.find('r')!=string::npos || settings.find('R')!=string::npos); + o->setBool("syn_flag",settings.find('s')!=string::npos || settings.find('S')!=string::npos); + o->setBool("fin_flag",settings.find('f')!=string::npos || settings.find('F')!=string::npos); + } + else if (objtype==UDPService::TYPENAME) + { + cout << _("Source port range:") << endl + << _("Start: ") << addr1 << endl + << _("End: ") << addr2 << endl + << _("Destination port range:") << endl + << _("Start: ") << addr3 << endl + << _("End: ") << addr4 << endl; + FWObject *nobj=createObject(objtype,"/"+lib+"/"+systemGroupPaths[objtype]); + UDPService *o=UDPService::cast(nobj); + o->setName(name); + o->setInt("src_range_start",atoi(addr1.c_str())); + o->setInt("src_range_end",atoi(addr2.c_str())); + o->setInt("dst_range_start",atoi(addr3.c_str())); + o->setInt("dst_range_end",atoi(addr4.c_str())); + + } + else if (objtype==ICMPService::TYPENAME) + { + cout << _("ICMP type: ") << ICMPtype << endl + << _("ICMP code: ") << ICMPcode << endl; + FWObject *nobj=createObject(objtype,"/"+lib+"/"+systemGroupPaths[objtype]); + ICMPService *o=ICMPService::cast(nobj); + o->setName(name); + o->setInt("type",atoi(ICMPtype.c_str())); + o->setInt("code",atoi(ICMPcode.c_str())); + } + else if (objtype==IPService::TYPENAME) + { + cout << _("Protocol number: ") << protocol << endl + << _("Flags: ") << bitmap << endl; + FWObject *nobj=createObject(objtype,"/"+lib+"/"+systemGroupPaths[objtype]); + IPService *o=IPService::cast(nobj); + o->setName(name); + o->setInt("protocol_num",atoi(protocol.c_str())); + + o->setBool("lsrr",false); + o->setBool("ssrr",false); + o->setBool("rr",false); + o->setBool("ts",false); + o->setBool("fragm",false); + o->setBool("short_fragm",false); + + operands flags; + int n=splitStr('/',bitmap,&flags); + string tt; + for (int i=0; isetBool(tt,true); + } else if (tt=="ssrr") + { + o->setBool(tt,true); + } else if (tt=="rr") + { + o->setBool(tt,true); + } else if (tt=="ts") + { + o->setBool(tt,true); + } else if (tt=="fragm") + { + o->setBool(tt,true); + } else if (tt=="short_fragm") + { + o->setBool(tt,true); + } + } + + } + + cout << endl; + } + else + { + FWObject *obj=getObject(object.c_str()); + if (cmd==DELOBJECT) + { + cout << _("Removing object '") << obj->getName() + << _("' from the tree.") << endl; + objdb->removeAllInstances(obj); + } + if (cmd==ADDGRP) + { + Group *grp=Group::cast(getObject(group.c_str())); + cout << _("Adding object '") << obj->getName() + << _("' to the group '") << grp->getName() + << "'" << endl; + grp->addRef(obj); + } + if (cmd==REMGRP) + { + Group *grp=Group::cast(getObject(group.c_str())); + cout << _("Removing object '") << obj->getName() + << _("' from the group '") << grp->getName() + << "'" << endl; + grp->removeRef(obj); + } + } + + string bakfile=filename+".bak"; + + rename(filename.c_str(),bakfile.c_str()); + objdb->saveFile(filename); + + } catch(FWException &ex) { + cerr << ex.toString() << endl; + exit(1); + } catch (std::string s) { + cerr << s; + exit(1); + } catch (std::exception ex) { + cerr << ex.what(); + exit(1); + } catch (...) { + cerr << _("Unsupported exception"); + exit(1); + } + + return(0); +} + diff --git a/src/fwbedit/fwbedit.pro b/src/fwbedit/fwbedit.pro new file mode 100644 index 000000000..86de02226 --- /dev/null +++ b/src/fwbedit/fwbedit.pro @@ -0,0 +1,14 @@ +#-*- mode: makefile; tab-width: 4; -*- +# +include(../../qmake.inc) +# +# +SOURCES = fwbedit.cpp +HEADERS = ../../config.h + +TARGET = fwbedit + +QMAKE_COPY = ../../install.sh -m 0755 -s + +win32:CONFIG += console + diff --git a/src/fwblookup/.cvsignore b/src/fwblookup/.cvsignore new file mode 100644 index 000000000..641d40f7f --- /dev/null +++ b/src/fwblookup/.cvsignore @@ -0,0 +1,4 @@ +Makefile +.moc +.ui +*.app diff --git a/src/fwblookup/fwblookup.cpp b/src/fwblookup/fwblookup.cpp new file mode 100644 index 000000000..f2f74844a --- /dev/null +++ b/src/fwblookup/fwblookup.cpp @@ -0,0 +1,362 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: fwblookup.cpp 1450 2007-12-05 16:53:10Z vk $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "fwbuilder/libfwbuilder-config.h" + +#include + +#ifdef HAVE_LOCALE_H +#include +#endif + +#include +#include +#include +#include + +// #include +#include +#include +#include +#include + +#include "fwbuilder/Resources.h" + +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/XMLTools.h" +#include "fwbuilder/FWException.h" +#include "fwbuilder/FWReference.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Interface.h" + +#ifdef HAVE_GETOPT_H +# include +#else +# ifdef _WIN32 +# include +# else +# include +# endif +#endif + + +#include "../common/init.cpp" + +using namespace libfwbuilder; +using namespace std; + +static char *filename = NULL; +static char *object = NULL; +static char *attr = NULL; +static char *optn = NULL; +static bool dump = false; /* -D */ +static bool recursive = false; /* -r */ +static bool print_path = false; /* -P */ +static bool print_id = false; /* -I */ +static bool print_type = false; /* -T */ +static bool print_name = false; /* -N */ +static bool print_label = false; /* -L */ +static bool print_addr = false; /* -A */ +static bool print_mgmt_addr = false; /* -M */ +static bool list_children = false; /* -l */ + +FWObjectDatabase *objdb = NULL; + +int fwbdebug = 0; + +class UpgradePredicate: public XMLTools::UpgradePredicate +{ + public: + virtual bool operator()(const string &msg) const + { + cout << _("Data file has been created in the old version of Firewall Builder. Use fwbuilder GUI to convert it.") << endl; + return false; + } +}; + +void usage(const char *name) +{ + cout << _("Firewall Builder: general purpose object lookup tool") << endl; + cout << _("Version ") << VERSION << "-" << RELEASE_NUM << endl; + cout << _("Usage: ") << name + << _(" [-V] -f filename.xml [-a attribute] [-o option_name] [-rADIlLMNPT] object_id | full_path_to_object") << endl; +} + +FWObject *find_object(const string &obj_path, + FWObject *root=objdb) +{ + string path=obj_path; + string::size_type n=path.find("/",0); + string tree_node=path.substr(0,n); + + FWObject::iterator j=std::find_if(root->begin(), root->end(), + FWObjectNameEQPredicate(tree_node)); + + if (j==root->end()) return NULL; + if ((*j)->getName()==obj_path) return (*j); + else return find_object( path.substr(n+1) , (*j) ); +} + +void simplePrint(FWObject *o) +{ + if ( print_id ) cout << o->getId() << "\t"; + if ( print_name ) cout << o->getName() << "\t"; + if ( print_path ) + { + FWObject *o1=o; + string path=o1->getName(); + if (path.empty()) path=o1->getTypeName(); + while (o1->getParent()!=NULL) + { + path=o1->getParent()->getName()+"/"+path; + o1=o1->getParent(); + } + cout << path << "\t"; + } + if ( print_type ) cout << o->getTypeName() << "\t"; + cout << endl; +} + +void listObject(FWObject *obj,bool recursive) +{ + for (FWObject::iterator i=obj->begin(); i!=obj->end(); i++) + { + FWObject *o=*i; + if (FWReference::cast(o)==NULL) + { + simplePrint(o); + if (recursive) listObject(o,recursive); + } + } +} + +int main(int argc, char * const *argv) +{ + char errstr[1024]; + +#ifdef ENABLE_NLS + setlocale (LC_ALL, ""); + + bindtextdomain (PACKAGE, LOCALEDIR); + textdomain (PACKAGE); +#else +# ifdef HAVE_SETLOCALE + setlocale (LC_ALL, ""); +# endif +#endif + + if (argc<=1) + { + usage(argv[0]); + exit(1); + } + + int opt; + + while( (opt=getopt(argc,argv,"rADIlLMNPTVf:a:o:")) != EOF ) + { + switch(opt) + { + case 'l': list_children=true; break; + case 'D': dump=true; break; + case 'r': recursive=true; break; + case 'A': print_addr=true; break; + case 'I': print_id=true; break; + case 'L': print_label=true; break; + case 'M': print_mgmt_addr=true; break; + case 'N': print_name=true; break; + case 'P': print_path=true; break; + case 'T': print_type=true; break; + case 'f': filename = strdup(optarg); break; + case 'a': attr = strdup(optarg); break; + case 'o': optn = strdup(optarg); break; + case 'V': usage(argv[0]); exit(1); + } + } + + if((argc-1) != optind) + { + usage(argv[0]); + exit(1); + } + + object = strdup( argv[optind++] ); + + init(argv); + + try { + + new Resources(respath+FS_SEPARATOR+"resources.xml"); + + /* create database */ + objdb = new FWObjectDatabase(); + + /* load the data file */ + UpgradePredicate upgrade_predicate; + + objdb->load(filename, &upgrade_predicate, librespath); + FWObject *obj; + + if (strchr(object,'/')!=NULL) + { +/* got full path to the object */ + string path=object; + string::size_type n=path.find("/",0); + if (n==0 || + path.substr(0,n)=="FWObjectDatabase" || + path.substr(0,n)=="User") + obj= find_object( path.substr(n+1) ); + else + obj= find_object( path ); + if (obj==NULL) + { + SNPRINTF(errstr,sizeof(errstr),_("Object %s not found"),object ); + throw FWException(errstr); + } + } else { +/* got object ID */ + obj=objdb->getById(object,true); + if (obj==NULL) + { + SNPRINTF(errstr,sizeof(errstr),_("Object with ID='%s' not found"),object ); + throw FWException(errstr); + } + } + + if (attr!=NULL) + { + if (obj->exists(attr)) + cout << obj->getStr(attr) << endl; + else + { + SNPRINTF(errstr,sizeof(errstr), + _("Object %s (ID='%s') does not have attribute %s"), + obj->getName().c_str(), + obj->getId().c_str(), + attr ); + throw FWException(errstr); + } + exit(0); + } else + { + if (optn!=NULL) + { + if (Host::isA(obj) || Firewall::isA(obj)) + { + FWOptions *opt=Host::cast(obj)->getOptionsObject(); + if (opt!=NULL) + { + cout << opt->getStr(optn); + } else + { + SNPRINTF(errstr,sizeof(errstr), + _("Object %s (ID='%s') has no options"), + obj->getName().c_str(), + obj->getId().c_str() ); + throw FWException(errstr); + } + } else + { + SNPRINTF(errstr,sizeof(errstr), + _("Can not print management address for %s (ID='%s'): only Host and Firewall objects have management interface"), + obj->getName().c_str(), + obj->getId().c_str() ); + throw FWException(errstr); + } + + } + if ( print_addr ) + { + if (Address::cast(obj)!=NULL) + cout << Address::cast(obj)->getAddress().toString() << endl; + else { + SNPRINTF(errstr,sizeof(errstr), + _("Can not print address for %s (ID='%s'): objects of this type do not have address"), + obj->getName().c_str(), + obj->getId().c_str() ); + throw FWException(errstr); + } + } + if ( print_label ) + { + if (Interface::isA(obj)) + cout << Interface::cast(obj)->getLabel() << endl; + else { + SNPRINTF(errstr,sizeof(errstr), + _("Can not print label for %s (ID='%s'): only Interface object has label"), + obj->getName().c_str(), + obj->getId().c_str() ); + throw FWException(errstr); + } + } + if ( print_mgmt_addr ) + { + if (Host::isA(obj) || Firewall::isA(obj)) + { + IPAddress ma=Host::cast(obj)->getManagementAddress(); + if (ma!=IPAddress("0.0.0.0")) cout << ma.toString() << endl; + else { + SNPRINTF(errstr,sizeof(errstr), + _("Object %s (ID='%s') does not have management interface"), + obj->getName().c_str(), + obj->getId().c_str() ); + throw FWException(errstr); + } + } else { + SNPRINTF(errstr,sizeof(errstr), + _("Can not print management address for %s (ID='%s'): only Host and Firewall objects have management interface"), + obj->getName().c_str(), + obj->getId().c_str() ); + throw FWException(errstr); + } + } + if ( list_children ) + { + simplePrint(obj); + listObject(obj,recursive); + exit(0); + } + simplePrint(obj); + if (dump ) obj->dump(cout,recursive,false); + } + + } catch(FWException &ex) { + cerr << ex.toString() << endl; + exit(1); + } catch (std::string s) { + cerr << s; + exit(1); + } catch (std::exception ex) { + cerr << ex.what(); + exit(1); + } catch (...) { + cerr << _("Unsupported exception"); + exit(1); + } + + return(0); +} + diff --git a/src/fwblookup/fwblookup.pro b/src/fwblookup/fwblookup.pro new file mode 100644 index 000000000..6154abc1c --- /dev/null +++ b/src/fwblookup/fwblookup.pro @@ -0,0 +1,14 @@ +#-*- mode: makefile; tab-width: 4; -*- +# +include(../../qmake.inc) +# +# +SOURCES = fwblookup.cpp +HEADERS = ../../config.h + +TARGET = fwblookup + +QMAKE_COPY = ../../install.sh -m 0755 -s + +win32:CONFIG += console + diff --git a/src/gui/.cvsignore b/src/gui/.cvsignore new file mode 100644 index 000000000..02e4aaf01 --- /dev/null +++ b/src/gui/.cvsignore @@ -0,0 +1,8 @@ +Makefile +.moc +.ui +*.app +*.fw +*.fwb +*.fwl +*.tbl diff --git a/src/gui/ActionsDialog.cpp b/src/gui/ActionsDialog.cpp new file mode 100644 index 000000000..831ad14cc --- /dev/null +++ b/src/gui/ActionsDialog.cpp @@ -0,0 +1,363 @@ +/* + + Firewall Builder + + Copyright (C) 2006 NetCitadel, LLC + + Author: Illiya Yalovoy + + $Id: ActionsDialog.cpp,v 1.29 2007/06/14 02:55:29 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "utils.h" +#include "platforms.h" +#include "definitions.h" + +#include "ActionsDialog.h" +#include "ObjectManipulator.h" +#include "FWWindow.h" + +#include "fwbuilder/Library.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/FWException.h" +#include "fwbuilder/Rule.h" +#include "fwbuilder/Firewall.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +using namespace std; +using namespace libfwbuilder; + +void ActionsDialog::loadFWObject(FWObject *o) +{ + setRule(PolicyRule::cast(o)); + +} + +void ActionsDialog::changed() +{ + //apply->setEnabled( true ); + emit changed_sign(); +} + +void ActionsDialog::validate(bool *res) +{ + FWOptions *ruleopt =rule->getOptionsObject(); + + *res=true; + + if (platform=="iptables") + { + /* + * http://www.netfilter.org/projects/patch-o-matic/pom-extra.html#pom-extra-ROUTE + * says: + * + * "Note that --iif, --continue, and --tee, are mutually exclusive." + */ + + string iif = ruleopt->getStr("ipt_iif"); + int cont = ruleopt->getBool("ipt_continue"); + int tee = ruleopt->getBool("ipt_tee"); + + if ( (int(!iif.empty()) + cont + tee) > 1) + { + *res=false; + QMessageBox::critical(this, "Firewall Builder", + tr("'Chabge inbound interface', 'Continue packet inspection' and 'Make a copy' options are mutually exclusive"), + tr("&Continue"), 0, 0, + 0 ); + } + } +} + +void ActionsDialog::isChanged(bool *res) +{ + //*res=apply->isEnabled(); +} + + +void ActionsDialog::applyChanges() +{ + if (platform=="iptables" && editor=="AccountingStr") + { + QString rn = m_dialog->accountingvalue_str->text(); +/* rule name for accounting may contain only alphanumeric characters + * and no white spaces or spec. characters + */ + if (rn.contains(QRegExp("[^a-zA-Z0-9_]"))!=0) + { + QMessageBox::information( + this,"Firewall Builder", + tr("Rule name for accounting is converted to the iptables\nchain name and therefore may not contain white space\nand special characters."), + tr("&Continue"), QString::null,QString::null, + 0, 1 ); + + return; + } + } + + + data.saveAll(); + + FWOptions *ropt = rule->getOptionsObject(); + + if (editor=="BranchChain" || editor=="BranchAnchor") + { + mw->setPolicyBranchTabName(rule->getBranch()); + } + + if (m_dialog->useDummyNetPipe->isChecked()) + ropt->setInt("ipfw_classify_method",DUMMYNETPIPE); + else + ropt->setInt("ipfw_classify_method",DUMMYNETQUEUE); + + + + om->updateLastModifiedTimestampForAllFirewalls(rule); +} + +void ActionsDialog::discardChanges() +{ +} + +void ActionsDialog::tagvalueChanged(int) +{ + QString buf; + buf.setNum(m_dialog->tagvalue_int->value()); + m_dialog->tagvalue_str->setText(buf); +} + +void ActionsDialog::iptRouteContinueToggled() +{ + if (m_dialog->ipt_continue->isChecked()) + { + m_dialog->ipt_iif->setCurrentIndex(0); + m_dialog->ipt_tee->setChecked(false); + } + m_dialog->ipt_iif->setEnabled( ! m_dialog->ipt_continue->isChecked() ); + m_dialog->ipt_tee->setEnabled( ! m_dialog->ipt_continue->isChecked() ); +} + +void ActionsDialog::setRule(PolicyRule *r ) +{ + rule=r; + FWObject *o = rule; + while (o!=NULL && Firewall::cast(o)==NULL) o=o->getParent(); + assert(o!=NULL); + + FWOptions *ropt = rule->getOptionsObject(); + + Firewall *f=Firewall::cast(o); + firewall=f; + + platform=f->getStr("platform"); + QString title=QString("%1 / %2 (%3)") + .arg(QString::fromUtf8(f->getName().c_str())) + .arg(rule->getPosition()) + .arg(rule->getActionAsString().c_str()); + m_dialog->action->setText(title); + + string act=rule->getActionAsString(); + + QStringList actionsOnReject=getActionsOnReject( platform.c_str() ); + m_dialog->rejectvalue->clear(); + m_dialog->rejectvalue->addItems( getScreenNames( actionsOnReject ) ); + + fillInterfaces(m_dialog->ipt_iif); + fillInterfaces(m_dialog->ipt_oif); + fillInterfaces(m_dialog->ipf_route_opt_if); + fillInterfaces(m_dialog->pf_route_opt_if); + + editor = Resources::getActionEditor(platform,act); + + branchNameInput = NULL; + + if (ropt->getInt("ipfw_classify_method") == DUMMYNETPIPE) + { + m_dialog->useDummyNetPipe->setChecked(1); + } else { + m_dialog->useDummyNetQueue->setChecked(1); + } + + if (platform=="iptables") + { + m_dialog->classify_txt_1->show(); + m_dialog->classify_terminating->show(); + m_dialog->tag_txt_1->show(); + m_dialog->tag_terminating->show(); + + if (firewall->getOptionsObject()->getBool ("classify_mark_terminating")) + { + m_dialog->classify_terminating->setText(tr("Emulation is currently ON, rule will be terminating") ); + m_dialog->tag_terminating->setText(tr("Emulation is currently ON, rule will be terminating") ); + } else + { + m_dialog->classify_terminating->setText(tr("Emulation is currently OFF, rule will be non-terminating") ); + m_dialog->tag_terminating->setText(tr("Emulation is currently OFF, rule will be non-terminating") ); + } + + } else + { + m_dialog->classify_txt_1->hide(); + m_dialog->classify_terminating->hide(); + m_dialog->tag_txt_1->hide(); + m_dialog->tag_terminating->hide(); + } + + data.clear(); + + data.registerOption ( m_dialog->ipt_mark_connections, ropt , "ipt_mark_connections"); +// data.registerOption ( ipt_mark_prerouting , ropt , "ipt_mark_prerouting"); + data.registerOption ( m_dialog->accountingvalue_str , ropt , "rule_name_accounting"); + data.registerOption ( m_dialog->usePortNum , ropt , "ipfw_pipe_queue_num"); + data.registerOption ( m_dialog->divertPortNum , ropt , "ipfw_pipe_port_num"); + data.registerOption ( m_dialog->classify_str , ropt , "classify_str"); + data.registerOption ( m_dialog->custom_str , ropt , "custom_str"); + + // ROUTE action: + + // build a map for combobox so visible combobox items can be localized + QStringList route_options = getRouteOptions_pf_ipf( platform.c_str() ); + + // iptables + data.registerOption ( m_dialog->ipt_iif , ropt , "ipt_iif" ); + data.registerOption ( m_dialog->ipt_oif , ropt , "ipt_oif" ); + data.registerOption ( m_dialog->ipt_gw , ropt , "ipt_gw" ); + data.registerOption ( m_dialog->ipt_continue , ropt , "ipt_continue" ); + data.registerOption ( m_dialog->ipt_tee , ropt , "ipt_tee"); + + // ipfilter + data.registerOption ( m_dialog->ipf_route_option , ropt , "ipf_route_option", + route_options); + data.registerOption ( m_dialog->ipf_route_opt_if , ropt , "ipf_route_opt_if"); + data.registerOption ( m_dialog->ipf_route_opt_addr , ropt , "ipf_route_opt_addr"); + + // pf + data.registerOption ( m_dialog->pf_fastroute , ropt , "pf_fastroute" ); + data.registerOption ( m_dialog->pf_route_option , ropt , "pf_route_option", + route_options); + data.registerOption ( m_dialog->pf_route_opt_if , ropt , "pf_route_opt_if" ); + data.registerOption ( m_dialog->pf_route_opt_addr , ropt , "pf_route_opt_addr"); + + // REJECT action: + data.registerOption ( m_dialog->rejectvalue , ropt , "action_on_reject"); + + QWidget *w=m_dialog->NonePage; + if (editor=="Reject") + { + w=m_dialog->RejectPage; + } + else if (editor=="TagInt") + { + w=m_dialog->TagIntPage; + data.registerOption(m_dialog->tagvalue_int , ropt , "tagvalue"); + } + else if (editor=="TagStr") + { + w=m_dialog->TagStrPage; + data.registerOption(m_dialog->tagvalue_str , ropt , "tagvalue"); + } + else if (editor=="AccountingStr") + { + w=m_dialog->AccountingStrPage; + } + else if (editor=="ClassifyArgsIPFW") + { + w=m_dialog->ClassifyArgsIPFW; + } + else if (editor=="PipeArgsIPFW") + { + w=m_dialog->PipeArgsIPFW; + } + else if (editor=="ClassifyStr") + { + w=m_dialog->ClassifyStrPage; + } + else if (editor=="CustomStr") + { + w=m_dialog->CustomStrPage; + } + else if (editor=="BranchChain") + { + w=m_dialog->BranchChainPage; + data.registerOption ( m_dialog->branchChainName , ropt , "branch_name" ); + data.registerOption ( m_dialog->ipt_branch_in_mangle, ropt , "ipt_branch_in_mangle" ); + } + else if (editor=="BranchAnchor") + { + w=m_dialog->BranchAnchorPage; + data.registerOption ( m_dialog->branchAnchorName , ropt , "branch_name" ); + } + else if (editor=="RouteIPT") + { + w=m_dialog->RouteIPTPage; + } + else if (editor=="RouteIPF") + { + w=m_dialog->RouteIPFPage; + } + else if (editor=="RoutePF") + { + w=m_dialog->RoutePFPage; + } + + m_dialog->widgetStack->setCurrentWidget ( w ); + + //rejectvalue->setCurrentText( ropt->getStr("action_on_reject") ); + data.loadAll(); + + iptRouteContinueToggled(); +} + +void ActionsDialog::fillInterfaces(QComboBox* cb) +{ + cb->clear(); + cb->addItem(""); + + FWObjectTypedChildIterator j=firewall->findByType(Interface::TYPENAME); + for ( ; j!=j.end(); ++j ) + { + cb->addItem(QString::fromUtf8( (*j)->getName().c_str()) ); + } + +} + +void ActionsDialog::closeEvent(QCloseEvent *e) +{ + if (fwbdebug) + qDebug("ActionsDialog::closeEvent got close event: %p",e); + emit close_sign(e); + //hide(); +} + diff --git a/src/gui/ActionsDialog.h b/src/gui/ActionsDialog.h new file mode 100644 index 000000000..e22e5278c --- /dev/null +++ b/src/gui/ActionsDialog.h @@ -0,0 +1,95 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Illiya Yalovoy + + $Id: ActionsDialog.h,v 1.8 2006/09/13 15:46:46 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __ACTIONSDIALOG_H_ +#define __ACTIONSDIALOG_H_ + +#include "config.h" +#include +#include "DialogData.h" +#include + +#include "fwbuilder/FWObject.h" +#include "fwbuilder/Rule.h" +#include "fwbuilder/Resources.h" + +namespace libfwbuilder +{ + class PolicyRule; + class Firewall; +} + +class QLineEdit; +class QComboBox; + +class ActionsDialog : public QWidget +{ + Q_OBJECT + private: + libfwbuilder::Firewall *firewall; + libfwbuilder::PolicyRule *rule; + std::string editor; + std::string platform; + QLineEdit *branchNameInput; + + DialogData data; + public: + Ui::ActionsDialog_q *m_dialog; + + ActionsDialog(QWidget *parent) : QWidget(parent) + { + m_dialog = new Ui::ActionsDialog_q; + m_dialog->setupUi(this); + }; + + ~ActionsDialog() { delete m_dialog; }; + virtual void closeEvent(QCloseEvent *e); + void fillInterfaces(QComboBox *); + + +public slots: + virtual void changed(); + virtual void applyChanges(); + virtual void discardChanges(); + virtual void tagvalueChanged(int); + virtual void iptRouteContinueToggled(); + virtual void loadFWObject(libfwbuilder::FWObject *obj); + virtual void validate(bool*); + virtual void isChanged(bool*); + void setRule(libfwbuilder::PolicyRule*); + + signals: +/** + * This signal is emitted from closeEvent, ObjectEditor connects + * to this signal to make checks before the object editor can be closed + * and to store its position on the screen + */ + void close_sign(QCloseEvent *e); + void changed_sign(); + +}; + +#endif diff --git a/src/gui/AddressRangeDialog.cpp b/src/gui/AddressRangeDialog.cpp new file mode 100644 index 000000000..4d5efab04 --- /dev/null +++ b/src/gui/AddressRangeDialog.cpp @@ -0,0 +1,195 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: AddressRangeDialog.cpp,v 1.23 2007/04/14 00:18:43 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "FWBTree.h" +#include "AddressRangeDialog.h" +#include "ObjectManipulator.h" + +#include "fwbuilder/Library.h" +#include "fwbuilder/AddressRange.h" +#include "fwbuilder/FWException.h" + +#include +#include +#include +#include +#include +#include +#include + +using namespace std; +using namespace libfwbuilder; + +AddressRangeDialog::AddressRangeDialog(QWidget *parent): + QWidget(parent) +{ + m_dialog = new Ui::AddressRangeDialog_q; + m_dialog->setupUi(this); + + obj=NULL; + +} + +AddressRangeDialog::~AddressRangeDialog() +{ + delete m_dialog; +} + +void AddressRangeDialog::loadFWObject(FWObject *o) +{ + obj=o; + AddressRange *s = dynamic_cast(obj); + assert(s!=NULL); + + init=true; + + fillLibraries(m_dialog->libs,obj); + + m_dialog->obj_name->setText( QString::fromUtf8(s->getName().c_str()) ); + m_dialog->rangeStart->setText( s->getRangeStart().toString().c_str() ); + m_dialog->rangeEnd->setText( s->getRangeEnd().toString().c_str() ); + m_dialog->comment->setText( QString::fromUtf8(s->getComment().c_str()) ); + //apply->setEnabled( false ); + + m_dialog->obj_name->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->obj_name); + + m_dialog->libs->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->libs); + + m_dialog->rangeStart->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->rangeStart); + + m_dialog->rangeEnd->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->rangeEnd); + + m_dialog->comment->setReadOnly(o->isReadOnly()); + setDisabledPalette(m_dialog->comment); + + + init=false; +} + +void AddressRangeDialog::changed() +{ + //apply->setEnabled( true ); + emit changed_sign(); +} + +void AddressRangeDialog::validate(bool *res) +{ + *res=true; + + if (!isTreeReadWrite(this,obj)) { *res=false; return; } + if (!validateName(this,obj,m_dialog->obj_name->text())) { *res=false; return; } + + AddressRange *s = dynamic_cast(obj); + assert(s!=NULL); + try + { + IPAddress(m_dialog->rangeStart->text().toLatin1().constData()); + } catch (FWException &ex) + { + *res=false; + QMessageBox::critical(this, "Firewall Builder", + tr("Illegal IP address '%1'").arg(m_dialog->rangeStart->text()), + tr("&Continue"), 0, 0, + 0 ); + } + try + { + IPAddress(m_dialog->rangeEnd->text().toLatin1().constData()); + } catch (FWException &ex) + { + *res=false; + QMessageBox::critical(this, "Firewall Builder", + tr("Illegal IP address '%1'").arg(m_dialog->rangeEnd->text()), + tr("&Continue"), 0, 0, + 0 ); + } +} + +void AddressRangeDialog::isChanged(bool *res) +{ + //*res=(!init && apply->isEnabled()); +} + +void AddressRangeDialog::libChanged() +{ + changed(); +} + + +void AddressRangeDialog::applyChanges() +{ + AddressRange *s = dynamic_cast(obj); + assert(s!=NULL); + + string oldname=obj->getName(); + obj->setName( string(m_dialog->obj_name->text().toUtf8().constData()) ); + obj->setComment( string(m_dialog->comment->toPlainText().toUtf8().constData()) ); + try + { + s->setRangeStart( IPAddress(m_dialog->rangeStart->text().toLatin1().constData()) ); + s->setRangeEnd( IPAddress(m_dialog->rangeEnd->text().toLatin1().constData()) ); + } catch (FWException &ex) + { + + } + om->updateObjName(obj,QString::fromUtf8(oldname.c_str())); + + init=true; + +/* move to another lib if we have to */ + if (! FWBTree::isSystem(obj) && m_dialog->libs->currentText() != QString(obj->getLibrary()->getName().c_str())) + om->moveObject(m_dialog->libs->currentText(), obj); + + init=false; + + //apply->setEnabled( false ); + om->updateLastModifiedTimestampForAllFirewalls(obj); +} + +void AddressRangeDialog::discardChanges() +{ + loadFWObject(obj); +} + + + +/* ObjectEditor class connects its slot to this signal and does all + * the verification for us, then accepts (or not) the event. So we do + * nothing here and defer all the processing to ObjectEditor + */ +void AddressRangeDialog::closeEvent(QCloseEvent *e) +{ + emit close_sign(e); + +} + diff --git a/src/gui/AddressRangeDialog.h b/src/gui/AddressRangeDialog.h new file mode 100644 index 000000000..1845adb83 --- /dev/null +++ b/src/gui/AddressRangeDialog.h @@ -0,0 +1,71 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: AddressRangeDialog.h,v 1.7 2006/05/13 06:53:05 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __ADDRESSRANGEDIALOG_H_ +#define __ADDRESSRANGEDIALOG_H_ + +#include "config.h" +#include +#include + +#include "fwbuilder/FWObject.h" + + +class AddressRangeDialog : public QWidget +{ + Q_OBJECT + + libfwbuilder::FWObject *obj; + bool init; + + Ui::AddressRangeDialog_q *m_dialog; + + public: + AddressRangeDialog(QWidget *parent); + ~AddressRangeDialog(); + +public slots: + virtual void changed(); + virtual void libChanged(); + virtual void applyChanges(); + virtual void discardChanges(); + virtual void loadFWObject(libfwbuilder::FWObject *obj); + virtual void validate(bool*); + virtual void isChanged(bool*); + virtual void closeEvent(QCloseEvent *e); + + signals: +/** + * This signal is emitted from closeEvent, ObjectEditor connects + * to this signal to make checks before the object editor can be closed + * and to store its position on the screen + */ + void close_sign(QCloseEvent *e); + void changed_sign(); + +}; + +#endif // ADDRESSRANGEDIALOG_H diff --git a/src/gui/AddressTableDialog.cpp b/src/gui/AddressTableDialog.cpp new file mode 100644 index 000000000..13187b7ff --- /dev/null +++ b/src/gui/AddressTableDialog.cpp @@ -0,0 +1,227 @@ +/* + + Firewall Builder + + Copyright (C) 2006 NetCitadel, LLC + + Author: Illiya Yalovoy + + $Id: AddressTableDialog.cpp,v 1.12 2007/04/14 00:18:43 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "AddressTableDialog.h" +#include "SimpleTextView.h" +#include "ObjectManipulator.h" +#include "FWBSettings.h" +#include "FWWindow.h" + +#include "fwbuilder/Library.h" +#include "fwbuilder/AddressTable.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/FWException.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + + +#include + +using namespace std; +using namespace libfwbuilder; + +AddressTableDialog::AddressTableDialog(QWidget *parent) : QWidget(parent) +{ + m_dialog = new Ui::AddressTableDialog_q; + m_dialog->setupUi(this); + obj=NULL; +} + +AddressTableDialog::~AddressTableDialog() +{ + delete m_dialog; +} + +void AddressTableDialog::loadFWObject(FWObject *o) +{ + obj=o; + AddressTable *s = dynamic_cast(obj); + assert(s!=NULL); + + + init=true; + + fillLibraries(m_dialog->libs,obj); + + m_dialog->obj_name->setText( QString::fromUtf8(s->getName().c_str()) ); + m_dialog->comment->setText( QString::fromUtf8(s->getComment().c_str()) ); + + m_dialog->filename->setText( s->getSourceName().c_str() ); + m_dialog->r_compiletime->setChecked(s->isCompileTime() ); + m_dialog->r_runtime->setChecked(s->isRunTime() ); + + //BrowseButton->setEnabled(s->isCompileTime() ); + + //apply->setEnabled( false ); + + m_dialog->obj_name->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->obj_name); + + m_dialog->libs->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->libs); + + m_dialog->filename->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->filename); + + m_dialog->comment->setReadOnly(o->isReadOnly()); + setDisabledPalette(m_dialog->comment); + + init=false; +} + +void AddressTableDialog::changed() +{ + //BrowseButton->setEnabled(r_compiletime->isChecked() ); + //apply->setEnabled( true ); + emit changed_sign(); + +} + +void AddressTableDialog::validate(bool *res) +{ + *res=true; + AddressTable *s = dynamic_cast(obj); + assert(s!=NULL); + + if (!isTreeReadWrite(this,obj)) { *res=false; return; } + if (!validateName(this,obj,m_dialog->obj_name->text())) { *res=false; return; } +} + +void AddressTableDialog::isChanged(bool *res) +{ + //*res=(!init && apply->isEnabled()); +} + +void AddressTableDialog::libChanged() +{ + changed(); +} + +void AddressTableDialog::applyChanges() +{ + AddressTable *s = dynamic_cast(obj); + assert(s!=NULL); + + string oldname=obj->getName(); + obj->setName( string(m_dialog->obj_name->text().toUtf8().constData()) ); + obj->setComment( string(m_dialog->comment->toPlainText().toUtf8().constData()) ); + QByteArray cs=m_dialog->filename->text().toLocal8Bit(); + s->setSourceName( (const char *)cs ); + s->setRunTime(m_dialog->r_runtime->isChecked() ); + + om->updateObjName(obj,QString::fromUtf8(oldname.c_str())); + + init=true; + +/* move to another lib if we have to */ + if ( ! Interface::isA( obj->getParent() ) && + m_dialog->libs->currentText() != QString(obj->getLibrary()->getName().c_str())) + om->moveObject(m_dialog->libs->currentText(), obj); + + init=false; + + //apply->setEnabled( false ); + om->updateLastModifiedTimestampForAllFirewalls(obj); +} + +void AddressTableDialog::discardChanges() +{ + loadFWObject(obj); +} + + +void AddressTableDialog::closeEvent(QCloseEvent *e) +{ + if (fwbdebug) + qDebug("AddressTableDialog::closeEvent got close event: %p",e); + emit close_sign(e); +} + +void AddressTableDialog::browse() +{ + + QString dir; + dir=st->getWDir(); + if (dir.isEmpty()) dir=st->getOpenFileDir(); + if (dir.isEmpty()) dir="~"; + + QString s = QFileDialog::getOpenFileName(this, + "Choose a file", + dir, + "All files (*.*)"); + + if (!s.isEmpty()) + { + m_dialog->filename->setText(s); + } +} +void AddressTableDialog::preview( void ) +{ + SimpleTextView tv(this); + tv.setName(m_dialog->obj_name->text()); + + QFile f; + QTextStream ts; + QString filePath = m_dialog->filename->text(); + + if (QDir::isRelativePath(filePath)) + f.setFileName(getFileDir(mw->getCurrentFileName()) + "/" + filePath); + else + f.setFileName(filePath); + + if (f.exists()) + { + if(f.open(QIODevice::ReadOnly )) + { + ts.setDevice(&f); + tv.setText(ts.readAll()); + f.close(); + } + } + else + { + tv.setText("File not found."); + } + tv.exec(); +} + diff --git a/src/gui/AddressTableDialog.h b/src/gui/AddressTableDialog.h new file mode 100644 index 000000000..9e02227ab --- /dev/null +++ b/src/gui/AddressTableDialog.h @@ -0,0 +1,71 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Illiya Yalovoy + + $Id: AddressTableDialog.h,v 1.4 2006/05/13 06:53:05 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __ADDRESSTABLEDIALOG_H_ +#define __ADDRESSTABLEDIALOG_H_ + +#include "config.h" +#include +#include + +#include "fwbuilder/FWObject.h" + + +class AddressTableDialog : public QWidget +{ + Q_OBJECT + + libfwbuilder::FWObject *obj; + bool init; + Ui::AddressTableDialog_q *m_dialog; + + public: + AddressTableDialog(QWidget *parent); + ~AddressTableDialog(); + virtual void closeEvent(QCloseEvent *e); + +public slots: + virtual void changed(); + virtual void libChanged(); + virtual void applyChanges(); + virtual void discardChanges(); + virtual void loadFWObject(libfwbuilder::FWObject *obj); + virtual void validate(bool*); + virtual void isChanged(bool*); + virtual void browse(); + virtual void preview( void ); + signals: +/** + * This signal is emitted from closeEvent, ObjectEditor connects + * to this signal to make checks before the object editor can be closed + * and to store its position on the screen + */ + void close_sign(QCloseEvent *e); + void changed_sign(); + +}; + +#endif diff --git a/src/gui/ColorCheckViewItem.cpp b/src/gui/ColorCheckViewItem.cpp new file mode 100644 index 000000000..d10b7ef3e --- /dev/null +++ b/src/gui/ColorCheckViewItem.cpp @@ -0,0 +1,25 @@ + +#include "global.h" + +#include "ColorCheckViewItem.h" + +#include "fwbuilder/Firewall.h" + +#include +#include + +using namespace std; +using namespace libfwbuilder; + +void ColorCheckViewItem::paintCell ( QPainter * p, const QColorGroup & cg, int column, int width, int align ) +{ + if (!p) return; + QColorGroup c=cg; + + if (checkState() == Qt::Checked) + { + c.setBrush(QColorGroup::Base,QColor(240,255,240)); + } + //QListWidgetItem::paintCell(p,c,column,width,align); TAPIR: this one was commented when no such method had been found for the QListWidgetItem class +} + diff --git a/src/gui/ColorCheckViewItem.h b/src/gui/ColorCheckViewItem.h new file mode 100644 index 000000000..b32bf1b75 --- /dev/null +++ b/src/gui/ColorCheckViewItem.h @@ -0,0 +1,58 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Illiya Yalovoy + + $Id$ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + + +#ifndef COLORCHECKVIEWITEM_H +#define COLORCHECKVIEWITEM_H + +#include + +#include +#include + +namespace libfwbuilder { + class FWObject; +} + +//class QListWidgetItem; + +class ColorCheckViewItem : public QListWidgetItem +{ + + + public: + + ColorCheckViewItem(QListWidget * parent, const QString & text ) + : QListWidgetItem(parent) + { + setText(text); + setFlags(Qt::ItemIsUserCheckable);/*define that this is a sort of CheckBox item*/ + } + + void paintCell ( QPainter * p, const QColorGroup & cg, int column, int width, int align ); +}; + +#endif diff --git a/src/gui/ColorLabelMenuItem.cpp b/src/gui/ColorLabelMenuItem.cpp new file mode 100644 index 000000000..36fb40c11 --- /dev/null +++ b/src/gui/ColorLabelMenuItem.cpp @@ -0,0 +1,150 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: ColorLabelMenuItem.cpp,v 1.2 2006/10/22 04:39:36 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "ColorLabelMenuItem.h" +#include "FWBSettings.h" + +#include +#include +#include +#include +#include + +#include + +using namespace std; + + +ColorLabelMenuItem::ColorLabelMenuItem(QWidget *parent) : + QWidget(parent) +{ + m_widget = new Ui::colorLabelMenuItem_q; + m_widget->setupUi(this); + + setup( m_widget->noneBtn, "#FFFFFF", tr("no color") ); + setup( m_widget->redBtn, + st->getLabelColor(FWBSettings::RED ), + st->getLabelText(FWBSettings::RED )); + setup( m_widget->orangeBtn, + st->getLabelColor(FWBSettings::ORANGE), + st->getLabelText(FWBSettings::ORANGE)); + setup( m_widget->yellowBtn, + st->getLabelColor(FWBSettings::YELLOW), + st->getLabelText(FWBSettings::YELLOW)); + setup( m_widget->greenBtn, + st->getLabelColor(FWBSettings::GREEN ), + st->getLabelText(FWBSettings::GREEN )); + setup( m_widget->blueBtn, + st->getLabelColor(FWBSettings::BLUE ), + st->getLabelText(FWBSettings::BLUE )); + setup( m_widget->purpleBtn, + st->getLabelColor(FWBSettings::PURPLE), + st->getLabelText(FWBSettings::PURPLE)); + setup( m_widget->grayBtn, + st->getLabelColor(FWBSettings::GRAY ), + st->getLabelText(FWBSettings::GRAY )); +} + +void ColorLabelMenuItem::setup(QToolButton *btn, + const QString &c, const QString &t) +{ + QPixmap pm(8,8); + pm.fill( QColor(c) ); + QPainter p( &pm ); + p.drawRect( pm.rect() ); + btn->setIcon(QIcon(pm)); + btn->setToolTip(t); +} + +void ColorLabelMenuItem::colorClicked() +{ + if (isVisible() && + parentWidget() && + parentWidget()->inherits("QPopupMenu") ) parentWidget()->close(); + + emit returnColor(color); // signal +} + + +void ColorLabelMenuItem::noneColorClicked() +{ + color=""; + colorClicked(); +} + +void ColorLabelMenuItem::redColorClicked() +{ + color=st->getLabelColor(FWBSettings::RED); + colorClicked(); +} + + +void ColorLabelMenuItem::orangeColorClicked() +{ + color=st->getLabelColor(FWBSettings::ORANGE); + colorClicked(); +} + + +void ColorLabelMenuItem::yellowColorClicked() +{ + color=st->getLabelColor(FWBSettings::YELLOW); + colorClicked(); +} + + +void ColorLabelMenuItem::greenColorClicked() +{ + color=st->getLabelColor(FWBSettings::GREEN); + colorClicked(); +} + + +void ColorLabelMenuItem::blueColorClicked() +{ + color=st->getLabelColor(FWBSettings::BLUE); + colorClicked(); +} + + +void ColorLabelMenuItem::purpleColorClicked() +{ + color=st->getLabelColor(FWBSettings::PURPLE); + colorClicked(); +} + + +void ColorLabelMenuItem::grayColorClicked() +{ + color=st->getLabelColor(FWBSettings::GRAY); + colorClicked(); +} + + diff --git a/src/gui/ColorLabelMenuItem.h b/src/gui/ColorLabelMenuItem.h new file mode 100644 index 000000000..cf6bde556 --- /dev/null +++ b/src/gui/ColorLabelMenuItem.h @@ -0,0 +1,63 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: ColorLabelMenuItem.h,v 1.1 2004/05/15 01:28:31 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __COLORLABELMENUITEM_H_ +#define __COLORLABELMENUITEM_H_ + +#include "config.h" +#include + +class QToolButton; + +class ColorLabelMenuItem : public QWidget +{ + Q_OBJECT + + void setup(QToolButton *btn, const QString &c, const QString &t); + QString color; + + public: + Ui::colorLabelMenuItem_q *m_widget; + ColorLabelMenuItem(QWidget *parent); + ~ColorLabelMenuItem() { delete m_widget; }; + +public slots: + virtual void colorClicked(); + + virtual void noneColorClicked(); + virtual void redColorClicked(); + virtual void orangeColorClicked(); + virtual void yellowColorClicked(); + virtual void greenColorClicked(); + virtual void blueColorClicked(); + virtual void purpleColorClicked(); + virtual void grayColorClicked(); + +signals: + void returnColor(const QString &c); +}; + +#endif // __COLORLABELMENUITEM_H diff --git a/src/gui/CommentEditorPanel.cpp b/src/gui/CommentEditorPanel.cpp new file mode 100644 index 000000000..152901ddf --- /dev/null +++ b/src/gui/CommentEditorPanel.cpp @@ -0,0 +1,150 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: CommentEditorPanel.cpp,v 1.2 2006/08/08 21:25:37 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + + +#include "config.h" +#include "global.h" + +#include "CommentEditorPanel.h" +#include "FWBSettings.h" +#include "ObjectManipulator.h" +#include "FWWindow.h" + +#include +#include +#include +#include +#include + +#include + +using namespace std; +using namespace libfwbuilder; + +CommentEditorPanel::~CommentEditorPanel() +{ + delete m_widget; +} + +CommentEditorPanel::CommentEditorPanel(QWidget *p, + bool enableLoadFromFile):QWidget(p) +{ + m_widget = new Ui::CommentEditorPanel_q; + m_widget->setupUi(this); + + if (enableLoadFromFile) m_widget->inputFromFileButton->show(); + else m_widget->inputFromFileButton->hide(); + + //m_widget->editor->setTextFormat(QTextEdit::PlainText); + rule=NULL; + //editor->setText(txt); +} + +QString CommentEditorPanel::text() +{ + return m_widget->editor->toPlainText(); +} +void CommentEditorPanel::setText(QString s) +{ + m_widget->editor->setText(s); +} +void CommentEditorPanel::setTitle(QString s) +{ + m_widget->editorTitle->setText(s); +} + +void CommentEditorPanel::loadFromFile() +{ + if ( QMessageBox::warning( + this,"Firewall Builder", + tr("Warning: loading from file discards current contents of the script."), + "&Load", "&Cancel", QString::null, 0, 1 )==0) + { + QString filename = QFileDialog::getOpenFileName( + this, tr("Choose file that contains PIX commands"), st->getWDir()); + if (filename!="") + { + ifstream ifile(filename.toLatin1().constData()); + if (!ifile) + { + QMessageBox::warning( + this,"Firewall Builder", + tr("Could not open file %1").arg(filename), + "&Continue", QString::null, QString::null, 0, 1 ); + return; + } + + char buf[1024]; + while (ifile.getline(buf,1024)) + { + m_widget->editor->append( buf ); + } + } + } +} +void CommentEditorPanel::changed() +{ + emit changed_sign(); +} +void CommentEditorPanel::applyChanges() +{ + om->updateLastModifiedTimestampForAllFirewalls(rule); + rule->setComment( string(m_widget->editor->toPlainText().toUtf8().constData()) ); + +} +void CommentEditorPanel::loadFWObject(FWObject *obj) +{ + Rule *r=Rule::cast(obj); + + rule=r; + + FWObject *o = r; + while (o!=NULL && Firewall::cast(o)==NULL) o=o->getParent(); + assert(o!=NULL); + Firewall *f=Firewall::cast(o); + + setText(QString::fromUtf8(r->getComment().c_str())); + setTitle(QString("%1 / %2 / %3 ( Comment )") + .arg(QString::fromUtf8(f->getName().c_str())) + .arg(r->getTypeName().c_str()) + .arg(r->getPosition())); +} +void CommentEditorPanel::discardChanges() +{ +} +void CommentEditorPanel::validate(bool* b) +{ + *b=true; +} +void CommentEditorPanel::isChanged(bool*) +{ + +} +void CommentEditorPanel::closeEvent(QCloseEvent *e) +{ + emit close_sign(e); + +} diff --git a/src/gui/CommentEditorPanel.h b/src/gui/CommentEditorPanel.h new file mode 100644 index 000000000..5810d1b1a --- /dev/null +++ b/src/gui/CommentEditorPanel.h @@ -0,0 +1,76 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: CommentEditorPanel.h,v 1.1 2006/05/24 15:54:52 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#ifndef __COMMENTEDITORPANEL_H__ +#define __COMMENTEDITORPANEL_H__ + +#include "config.h" +#include +#include + +#include "fwbuilder/FWObject.h" +#include "fwbuilder/Rule.h" +#include "fwbuilder/Firewall.h" + + +class CommentEditorPanel : public QWidget +{ + Q_OBJECT + Ui::CommentEditorPanel_q *m_widget; + + public: + + CommentEditorPanel(QWidget *p,bool enableLoadFromFile); + ~CommentEditorPanel(); + libfwbuilder::Rule *rule; + + QString text(); + void setText(QString s); + void setTitle(QString s); + +public slots: + virtual void loadFromFile(); + + + virtual void changed(); + virtual void applyChanges(); + virtual void discardChanges(); + virtual void loadFWObject(libfwbuilder::FWObject *obj); + virtual void validate(bool*); + virtual void isChanged(bool*); + + virtual void closeEvent(QCloseEvent *e); + + signals: +/** + * This signal is emitted from closeEvent, ObjectEditor connects + * to this signal to make checks before the object editor can be closed + * and to store its position on the screen + */ + void close_sign(QCloseEvent *e); + void changed_sign(); +}; + +#endif diff --git a/src/gui/ConfirmDeleteObjectDialog.cpp b/src/gui/ConfirmDeleteObjectDialog.cpp new file mode 100644 index 000000000..c4a49c5bc --- /dev/null +++ b/src/gui/ConfirmDeleteObjectDialog.cpp @@ -0,0 +1,209 @@ +/* + + Firewall Builder + + Copyright (C) 2006 NetCitadel, LLC + + Author: Illiya Yalovoy + + $Id: ConfirmDeleteObjectDialog.cpp,v 1.6 2007/05/23 03:05:50 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "utils.h" +#include "utils_no_qt.h" +#include "platforms.h" +#include "definitions.h" + +#include "ConfirmDeleteObjectDialog.h" +#include "FindWhereUsedWidget.h" +#include "ObjectManipulator.h" +#include "FWWindow.h" +#include "FWBTree.h" + + +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/FWObject.h" +#include "fwbuilder/RuleSet.h" +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/Resources.h" +#include "fwbuilder/NAT.h" +#include "fwbuilder/Routing.h" +#include "fwbuilder/Policy.h" +#include "fwbuilder/Library.h" + + +//#include +#include +#include +#include + +#include + +using namespace std; +using namespace libfwbuilder; + +ConfirmDeleteObjectDialog::ConfirmDeleteObjectDialog(QWidget*p) : QDialog(p) +{ + m_dialog = new Ui::ConfirmDeleteObjectDialog_q; + m_dialog->setupUi(this); + //QVBoxLayout *b=new QVBoxLayout((QWidget*)FrameForList); + //fwu = new FindWhereUsedWidget((QWidget*)FrameForList,0,0, true); + //b->addWidget(fwu); + + //connect(objectsList, SIGNAL(selectionChanged(QListBoxItem *)), this, SLOT(listItemSelected(QListBoxItem *))); +} + +ConfirmDeleteObjectDialog::~ConfirmDeleteObjectDialog() +{ + delete m_dialog; +} + +void ConfirmDeleteObjectDialog::load(vector objs) +{ + if (objs.size()==0) return; + + vector::iterator i; + for( i=objs.begin(); i!=objs.end(); ++i) + { + findForObject(*i); + } +} + +void ConfirmDeleteObjectDialog::findForObject(FWObject *obj) +{ + set resset; + //objectsView->clear(); + //mapping.clear(); + //resset.clear(); + + QPixmap pm0; + QString icn_file = (":/Icons/" + obj->getTypeName() + "/icon-tree").c_str(); + + if ( ! QPixmapCache::find( icn_file, pm0) ) + { + pm0.load( icn_file ); + QPixmapCache::insert( icn_file, pm0); + } + + mw->db()->findWhereUsed(obj,mw->db(),resset); + + if (fwbdebug) + { + qDebug(QString("ConfirmDeleteObjectDialog::findForObject deleting obj=%1"). + arg(obj->getName().c_str()).toAscii().constData()); + qDebug(QString("resset.size()==%1").arg(resset.size()).toAscii().constData()); + } + + set::iterator i=resset.begin(); + QTreeWidgetItem *item; + QString c1; + QString c2; + FWObject* o; + Rule* r; + RuleSet* rs; + FWObject* fw=NULL; + + int itemCounter = 0; + + for(;i!=resset.end();++i) + { + o=*i; + fw=NULL; + r=NULL; + rs=NULL; + + if (findRef(obj,o)==NULL) continue; + + if (RuleElement::cast(o)!=NULL) + { + fw=o->getParent(); + + while (fw!=NULL && !Firewall::isA(fw)) + { + if (Rule::cast(fw)) + { + r=Rule::cast(fw); + } else if (RuleSet::cast(fw)) + { + rs=RuleSet::cast(fw); + } + + fw=fw->getParent(); + } + if (fw==NULL || r==NULL || rs==NULL) continue; + + c1=QString::fromUtf8(fw->getName().c_str()); + + if (NAT::isA(rs)) + { + c2=tr("NAT"); + } else if (Policy::isA(rs)) + { + c2=tr("Policy"); + } else if (Routing::isA(rs)) + { + c2=tr("Routing"); + } else + { + c2=tr("Unknown rule set"); + } + c2+=tr("/Rule%1").arg(r->getPosition()); + + } else if ( + FWBTree::isSystem(o) || + Rule::cast(o) || + RuleSet::cast(o) || + Firewall::cast(o) || + Library::cast(o)) + { + continue; + } + else + { + c1=QString::fromUtf8(o->getName().c_str()); + c2=tr("Type: ")+QString::fromUtf8(o->getTypeName().c_str()); + } + + string icn="icon-tree"; +// FWObject *pixobj=(fw==NULL)?o:fw; +// QPixmap pm = QPixmap::fromMimeSource( +// Resources::global_res->getObjResourceStr(pixobj, icn).c_str() ); + + QStringList qsl; + qsl << QString::fromUtf8( obj->getName().c_str()) << c1 << c2; + item = new QTreeWidgetItem(m_dialog->objectsView, qsl); + item->setIcon(0,QIcon(pm0)); + + itemCounter++; + } + + if (itemCounter==0) + { + QStringList qsl; + qsl << QString::fromUtf8( obj->getName().c_str()) + << tr("Not used anywhere") << ""; + item = new QTreeWidgetItem(m_dialog->objectsView, qsl); + item->setIcon(0,QIcon(pm0)); + } +} diff --git a/src/gui/ConfirmDeleteObjectDialog.h b/src/gui/ConfirmDeleteObjectDialog.h new file mode 100644 index 000000000..04fbf6cf2 --- /dev/null +++ b/src/gui/ConfirmDeleteObjectDialog.h @@ -0,0 +1,62 @@ +/* + + Firewall Builder + + Copyright (C) 2006 NetCitadel, LLC + + Author: Illiya Yalovoy + + $Id: ConfirmDeleteObjectDialog.h,v 1.2 2006/08/26 17:11:28 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __CONFIRMDELETEOBJECTDIALOG_H_ +#define __CONFIRMDELETEOBJECTDIALOG_H_ + +#include "config.h" +#include +#include + +#include +#include + +namespace libfwbuilder { + class FWObject; +} + +class QListWidgetItem; + +class ConfirmDeleteObjectDialog : public QDialog +{ + Q_OBJECT + private: + libfwbuilder::FWObject *object; + FindWhereUsedWidget * fwu; + std::map listItemsMapping; + Ui::ConfirmDeleteObjectDialog_q *m_dialog; + public: + ConfirmDeleteObjectDialog(QWidget*p ); + ~ConfirmDeleteObjectDialog(); + +public slots: + void load(std::vector objs); + void findForObject(libfwbuilder::FWObject *obj); + + signals: +}; + +#endif diff --git a/src/gui/CustomServiceDialog.cpp b/src/gui/CustomServiceDialog.cpp new file mode 100644 index 000000000..d16c9a71a --- /dev/null +++ b/src/gui/CustomServiceDialog.cpp @@ -0,0 +1,207 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: CustomServiceDialog.cpp,v 1.21 2007/04/14 00:18:43 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "FWBTree.h" +#include "CustomServiceDialog.h" +#include "ObjectManipulator.h" +#include "FWBSettings.h" + +#include "fwbuilder/Library.h" +#include "fwbuilder/CustomService.h" +#include "fwbuilder/Resources.h" + +#include +#include +#include +#include + +#include + +using namespace libfwbuilder; +using namespace std; + +CustomServiceDialog::CustomServiceDialog(QWidget *parent) : QWidget(parent) +{ + m_dialog = new Ui::CustomServiceDialog_q; + m_dialog->setupUi(this); + obj=NULL; +} + +CustomServiceDialog::~CustomServiceDialog() +{ + delete m_dialog; +} + +void CustomServiceDialog::loadFWObject(FWObject *o) +{ + obj=o; + CustomService *s = dynamic_cast(obj); + assert(s!=NULL); + + init=true; + + fillLibraries(m_dialog->libs,obj); + + m_dialog->obj_name->setText( QString::fromUtf8(s->getName().c_str()) ); + m_dialog->comment->setText( QString::fromUtf8(s->getComment().c_str()) ); + +/* fill in m_dialog->platform */ + m_dialog->platform->clear(); + + int cp=0; + showPlatform=st->value("/FirewallBuilder2/CustomService/Platform").toString(); + QMap platforms = getAllPlatforms(); + QMap::iterator i; + for (i=platforms.begin(); i!=platforms.end(); i++,cp++) + { +// cerr << "m_dialog->platform: key=" << i.key() << " data=" << i.data() << endl; + +/* here i.key is m_dialog->platform m_dialog->code ( "ipf", "ipfw", "iptables", "pf") + * while i.data is human readable name ("ipfilter", "PF" ) + */ + platformReverseMap[i.value()]=i.key(); + + m_dialog->platform->addItem( i.value() ); + if (showPlatform=="") showPlatform = i.key(); + if (showPlatform==i.key()) m_dialog->platform->setCurrentIndex( cp ); + allCodes[ i.key() ]=s->getCodeForPlatform( i.key().toLatin1().constData() ).c_str(); + } + + m_dialog->code->setText( allCodes[showPlatform] ); //fromUtf8 + + //apply->setEnabled( false ); + + m_dialog->obj_name->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->obj_name); + + m_dialog->libs->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->libs); + + m_dialog->comment->setReadOnly(o->isReadOnly()); + setDisabledPalette(m_dialog->comment); + +// m_dialog->platform->setEnabled(!o->isReadOnly()); + + m_dialog->code->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->code); + + + init=false; +} + +void CustomServiceDialog::changed() +{ + if (!init) + { + QString pl = platformReverseMap[m_dialog->platform->currentText()]; + allCodes[pl] = m_dialog->code->text().toUtf8().constData(); + + //apply->setEnabled( true ); + emit changed_sign(); + + } +} + +void CustomServiceDialog::validate(bool *res) +{ + *res=true; + if (!isTreeReadWrite(this,obj)) { *res=false; return; } + if (!validateName(this,obj,m_dialog->obj_name->text())) { *res=false; return; } +} + +void CustomServiceDialog::isChanged(bool *res) +{ + //*res=(!init && apply->isEnabled()); +} + +void CustomServiceDialog::libChanged() +{ + changed(); +} + +void CustomServiceDialog::platformChanged() +{ + init=true; + QString npl = platformReverseMap[m_dialog->platform->currentText()]; + m_dialog->code->setText( allCodes[ npl ] ); //fromUtf8 + showPlatform = npl; + st->setValue("/FirewallBuilder2/CustomService/Platform",showPlatform); + init=false; +// changed(); +} + +void CustomServiceDialog::applyChanges() +{ + CustomService *s = dynamic_cast(obj); + assert(s!=NULL); + + string oldname=obj->getName(); + obj->setName( string(m_dialog->obj_name->text().toUtf8().constData()) ); + string commText = string(m_dialog->comment->toPlainText().toUtf8().constData()); + obj->setComment( commText ); + + QMap::iterator i; + for (i=allCodes.begin(); i!=allCodes.end(); ++i) + { + string code = string(i.value().toUtf8().constData()); + if (fwbdebug) + qDebug("Storing custom service m_dialog->code %s :: %s", + i.key().toLatin1().constData(),code.c_str()); + s->setCodeForPlatform( i.key().toLatin1().constData(), code ); + } + om->updateObjName(obj,QString::fromUtf8(oldname.c_str())); + + init=true; + +/* move to another lib if we have to */ + if (! FWBTree::isSystem(obj) && m_dialog->libs->currentText() != QString(obj->getLibrary()->getName().c_str())) + om->moveObject(m_dialog->libs->currentText(), obj); + + init=false; + + //apply->setEnabled( false ); + om->updateLastModifiedTimestampForAllFirewalls(obj); +} + +void CustomServiceDialog::discardChanges() +{ + loadFWObject(obj); +} + +/* ObjectEditor class connects its slot to this signal and does all + * the verification for us, then accepts (or not) the event. So we do + * nothing here and defer all the processing to ObjectEditor + */ +void CustomServiceDialog::closeEvent(QCloseEvent *e) +{ + emit close_sign(e); + +} + diff --git a/src/gui/CustomServiceDialog.h b/src/gui/CustomServiceDialog.h new file mode 100644 index 000000000..bb9b33445 --- /dev/null +++ b/src/gui/CustomServiceDialog.h @@ -0,0 +1,78 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: CustomServiceDialog.h,v 1.7 2006/05/13 06:53:05 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __CUSTOMSERVICEDIALOG_H_ +#define __CUSTOMSERVICEDIALOG_H_ + +#include "config.h" +#include +#include + +#include +#include + +namespace libfwbuilder { + class FWObject; +}; + +class CustomServiceDialog : public QWidget +{ + Q_OBJECT + + libfwbuilder::FWObject *obj; + bool init; + QMap platformReverseMap; + QMap allCodes; + QString showPlatform; + Ui::CustomServiceDialog_q *m_dialog; + + public: + CustomServiceDialog(QWidget *parent); + ~CustomServiceDialog(); + +public slots: + virtual void changed(); + virtual void libChanged(); + virtual void platformChanged(); + virtual void applyChanges(); + virtual void discardChanges(); + virtual void loadFWObject(libfwbuilder::FWObject *obj); + virtual void validate(bool*); + virtual void isChanged(bool*); + virtual void closeEvent(QCloseEvent *e); + + signals: +/** + * This signal is emitted from closeEvent, ObjectEditor connects + * to this signal to make checks before the object editor can be closed + * and to store its position on the screen + */ + void close_sign(QCloseEvent *e); + void changed_sign(); + +}; + +#endif // CUSTOMSERVICEDIALOG_H diff --git a/src/gui/DNSNameDialog.cpp b/src/gui/DNSNameDialog.cpp new file mode 100644 index 000000000..a0ed58bdc --- /dev/null +++ b/src/gui/DNSNameDialog.cpp @@ -0,0 +1,169 @@ +/* + + Firewall Builder + + Copyright (C) 2006 NetCitadel, LLC + + Author: Illiya Yalovoy + + $Id: DNSNameDialog.cpp,v 1.7 2007/04/14 00:18:43 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "DNSNameDialog.h" +#include "ObjectManipulator.h" + +#include "fwbuilder/Library.h" +#include "fwbuilder/DNSName.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/FWException.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +using namespace std; +using namespace libfwbuilder; + +DNSNameDialog::DNSNameDialog(QWidget *parent) : QWidget(parent) +{ + m_dialog = new Ui::DNSNameDialog_q; + m_dialog->setupUi(this); + + obj=NULL; +} + +DNSNameDialog::~DNSNameDialog() +{ + delete m_dialog; +} + +void DNSNameDialog::loadFWObject(FWObject *o) +{ + obj=o; + DNSName *s = dynamic_cast(obj); + assert(s!=NULL); + + + init=true; + + fillLibraries(m_dialog->libs,obj); + + m_dialog->obj_name->setText( QString::fromUtf8(s->getName().c_str()) ); + m_dialog->comment->setText( QString::fromUtf8(s->getComment().c_str()) ); + + m_dialog->dnsrec->setText( s->getSourceName().c_str() ); + m_dialog->r_compiletime->setChecked(s->isCompileTime() ); + m_dialog->r_runtime->setChecked(s->isRunTime() ); + + //apply->setEnabled( false ); + + m_dialog->obj_name->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->obj_name); + + m_dialog->libs->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->libs); + + m_dialog->dnsrec->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->dnsrec); + + m_dialog->comment->setReadOnly(o->isReadOnly()); + setDisabledPalette(m_dialog->comment); + + + + init=false; +} + +void DNSNameDialog::changed() +{ + //apply->setEnabled( true ); + emit changed_sign(); +} + +void DNSNameDialog::validate(bool *res) +{ + *res=true; + DNSName *s = dynamic_cast(obj); + assert(s!=NULL); + + if (!isTreeReadWrite(this,obj)) { *res=false; return; } + if (!validateName(this,obj,m_dialog->obj_name->text())) { *res=false; return; } +} + +void DNSNameDialog::isChanged(bool *res) +{ + // *res=(!init && apply->isEnabled()); +} + +void DNSNameDialog::libChanged() +{ + changed(); +} + +void DNSNameDialog::applyChanges() +{ + DNSName *s = dynamic_cast(obj); + assert(s!=NULL); + + string oldname=obj->getName(); + obj->setName( string(m_dialog->obj_name->text().toUtf8().constData()) ); + obj->setComment( string(m_dialog->comment->toPlainText().toUtf8().constData()) ); + + s->setSourceName( m_dialog->dnsrec->text().toLatin1().constData() ); + s->setRunTime(m_dialog->r_runtime->isChecked() ); + + om->updateObjName(obj,QString::fromUtf8(oldname.c_str())); + + init=true; + +/* move to another lib if we have to */ + if (m_dialog->libs->currentText() != QString(obj->getLibrary()->getName().c_str())) + om->moveObject(m_dialog->libs->currentText(), obj); + + init=false; + + //apply->setEnabled( false ); + om->updateLastModifiedTimestampForAllFirewalls(obj); +} + +void DNSNameDialog::discardChanges() +{ + loadFWObject(obj); +} + + +void DNSNameDialog::closeEvent(QCloseEvent *e) +{ + if (fwbdebug) + qDebug("DNSNameDialog::closeEvent got close event: %p",e); + emit close_sign(e); +} + diff --git a/src/gui/DNSNameDialog.h b/src/gui/DNSNameDialog.h new file mode 100644 index 000000000..b5431f007 --- /dev/null +++ b/src/gui/DNSNameDialog.h @@ -0,0 +1,70 @@ +/* + + Firewall Builder + + Copyright (C) 2006 NetCitadel, LLC + + Author: Illiya Yalovoy + + $Id: DNSNameDialog.h,v 1.3 2006/06/14 07:03:15 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __DNSNAMEDIALOG_H_ +#define __DNSNAMEDIALOG_H_ + +#include "config.h" +#include +#include + +#include "fwbuilder/FWObject.h" + + +class DNSNameDialog : public QWidget +{ + Q_OBJECT + + libfwbuilder::FWObject *obj; + bool init; + Ui::DNSNameDialog_q *m_dialog; + + public: + DNSNameDialog(QWidget *parent); + ~DNSNameDialog(); + virtual void closeEvent(QCloseEvent *e); + +public slots: + virtual void changed(); + virtual void libChanged(); + virtual void applyChanges(); + virtual void discardChanges(); + virtual void loadFWObject(libfwbuilder::FWObject *obj); + virtual void validate(bool*); + virtual void isChanged(bool*); + + signals: +/** + * This signal is emitted from closeEvent, ObjectEditor connects + * to this signal to make checks before the object editor can be closed + * and to store its position on the screen + */ + void close_sign(QCloseEvent *e); + void changed_sign(); + +}; + +#endif diff --git a/src/gui/DialogData.cpp b/src/gui/DialogData.cpp new file mode 100644 index 000000000..8a05c4533 --- /dev/null +++ b/src/gui/DialogData.cpp @@ -0,0 +1,301 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: DialogData.cpp,v 1.8 2007/05/22 22:59:31 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "utils.h" +#include "global.h" + +#include "DialogData.h" + +#include "fwbuilder/FWObject.h" + +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +using namespace std; +using namespace libfwbuilder; + +DialogOption::DialogOption(QWidget *_w, FWObject *_o, const char* _a) +{ + w = _w; + obj = _o; + attr = _a; + + dtype = Unknown; + + if (dynamic_cast(w)!=NULL) dtype=String; + if (dynamic_cast(w)!=NULL) dtype=Bool; + if (dynamic_cast(w)!=NULL) dtype=String; + if (dynamic_cast(w)!=NULL) dtype=String; + if (dynamic_cast(w)!=NULL) dtype=Bool; + if (dynamic_cast(w)!=NULL) dtype=Int; +} + +DialogOption::DialogOption(QWidget *_w, FWObject *_o, const char* _a,QStringList _m) +{ + w = _w; + obj = _o; + attr = _a; + mapping = _m; + + dtype = Unknown; + + if (dynamic_cast(w)!=NULL) dtype=String; + if (dynamic_cast(w)!=NULL) dtype=Bool; + if (dynamic_cast(w)!=NULL) dtype=String; + if (dynamic_cast(w)!=NULL) dtype=String; + if (dynamic_cast(w)!=NULL) dtype=Bool; + if (dynamic_cast(w)!=NULL) dtype=Int; +} + + +DialogData::DialogData() {} +DialogData::~DialogData() +{ + options.clear(); +} + +void DialogData::clear() +{ + options.clear(); +} + +void DialogData::registerOption(QWidget *widget, libfwbuilder::FWObject *obj, const char* attr) +{ + options.push_back( DialogOption(widget,obj,attr) ); +} + +void DialogData::registerOption(QWidget *widget, libfwbuilder::FWObject *obj, const char* attr,QStringList mapping) +{ + options.push_back( DialogOption(widget,obj,attr,mapping) ); +} + +void DialogData::loadToWidget( DialogOption &dopt , bool override) +{ + if (dynamic_cast(dopt.w)!=NULL) + { + QComboBox *cbx = dynamic_cast(dopt.w); + QString s = (override) ? dopt.override_str_val : QString(dopt.obj->getStr(dopt.attr.toLatin1().constData()).c_str()); + + QStringList slist; + + int current_item = 0; + if (!dopt.mapping.empty()) + { +/* + * REMINDER: + * Mapping is defined by an array of strings in the following format: + * + * "Linux 2.4" , "linux24", + * "IPFilter" , "ipf", + * "Cisco PIX" , "pix", + * NULL, NULL + * + * Odd strings correspond to the data in the widget, while even + * strings define what is stored in the object (counting strings in + * the array from 1). + */ + slist.clear(); + + unsigned idx = 0; + QStringList::iterator i1 = dopt.mapping.begin(); + QStringList::iterator i2 = dopt.mapping.begin(); + ++i2; + + if (fwbdebug) + { + qDebug("loadToWidget -- QComboBox dopt.mapping.count()=%d",dopt.mapping.count()); + qDebug("loadToWidget -- QComboBox s=%s",s.toAscii().constData()); + } + + while ( idx < dopt.mapping.count()/2 ) + { + if (fwbdebug) + { + qDebug("loadToWidget -- QComboBox (*i1)=%s",(*i1).toAscii().constData()); + qDebug("loadToWidget -- QComboBox (*i2)=%s",(*i2).toAscii().constData()); + } + + slist.insert( idx, (*i1) ); + if (s== (*i2)) { current_item = idx; } + i1++; i1++; + i2++; i2++; + idx++; + } + } else { +// no mapping, just scan items and find current + for (int i = 0; i < slist.size(); i++) + if (slist[i] == s) + { + current_item = i; //lbx->index( lbx->findItem(s,Qt::ExactMatch) ); + break; + } + } + cbx->setCurrentIndex( current_item ); + } + if (dynamic_cast(dopt.w)!=NULL) + { + QCheckBox *cbx=dynamic_cast(dopt.w); + cbx->setChecked( (override)?dopt.override_int_val:dopt.obj->getBool(dopt.attr.toLatin1().constData()) ); + } + if (dynamic_cast(dopt.w)!=NULL) + { + QLineEdit *edit=dynamic_cast(dopt.w); + edit->setText( (override) ? dopt.override_str_val : QString(dopt.obj->getStr(dopt.attr.toLatin1().constData()).c_str()) ); + } + if (dynamic_cast(dopt.w)!=NULL) + { + QTextEdit *edit=dynamic_cast(dopt.w); + edit->setText( (override) ? dopt.override_str_val : QString(dopt.obj->getStr(dopt.attr.toLatin1().constData()).c_str()) ); + } + if (dynamic_cast(dopt.w)!=NULL) + { + QRadioButton *rbtn=dynamic_cast(dopt.w); + rbtn->setChecked( (override)?dopt.override_int_val:dopt.obj->getBool(dopt.attr.toLatin1().constData()) ); + } + if (dynamic_cast(dopt.w)!=NULL) + { + QSpinBox *sbx = dynamic_cast(dopt.w); + sbx->setValue( (override)?dopt.override_int_val:dopt.obj->getInt(dopt.attr.toLatin1().constData()) ); + } +} + + +void DialogData::loadAll() +{ + for (list::iterator i=options.begin(); i!=options.end(); ++i) + loadToWidget( *i ); +} + +void DialogData::saveAll() +{ + for (list::iterator i=options.begin(); i!=options.end(); ++i) + { + + if (dynamic_cast(i->w)!=NULL) + { + QComboBox *cbx = dynamic_cast(i->w); + QString s = cbx->currentText(); + if (fwbdebug) + qDebug(QString("DialogData::saveAll() QComboBox %1 (i->mapping.empty()=%2) s=%3").arg(i->w->objectName()).arg(i->mapping.empty()).arg(s).toAscii().constData()); + + if ( !i->mapping.empty() && !s.isNull() ) + { + if (fwbdebug) qDebug("Remapping..."); +/* + * REMINDER: + * Mapping is defined by an array of strings in the following format: + * + * char *mapping[] = { + * "Linux 2.4" , "linux24", + * "IPFilter" , "ipf", + * "Cisco PIX" , "pix", + * NULL, NULL + * }; + * + * Odd strings correspond to the data in the widget, while even + * strings define what is stored in the object (counting strings in + * the array from 1). + */ + QStringList::iterator i1 = i->mapping.begin(); + QStringList::iterator i2 = i->mapping.begin(); + ++i2; + while (i2!=i->mapping.end()) + { + if (fwbdebug) qDebug(QString(" (*i1)=%1").arg(*i1).toAscii().constData()); + + if (s== (*i1)) { s= *i2; break; } + i1++; i1++; + i2++; i2++; + } + } + if (s.isEmpty()) s=""; + i->obj->setStr(i->attr.toLatin1().constData(), s.toLatin1().constData()); + } + if (dynamic_cast(i->w)!=NULL) + { + QCheckBox *cbx=dynamic_cast(i->w); + i->obj->setBool(i->attr.toLatin1().constData(), cbx->isChecked() ); + } + if (dynamic_cast(i->w)!=NULL) + { + QLineEdit *edit=dynamic_cast(i->w); + i->obj->setStr(i->attr.toLatin1().constData(), edit->text().toLatin1().constData() ); + } + if (dynamic_cast(i->w)!=NULL) + { + QTextEdit *edit=dynamic_cast(i->w); + i->obj->setStr(i->attr.toLatin1().constData(), edit->toPlainText().toLatin1().constData() ); + } + if (dynamic_cast(i->w)!=NULL) + { + QRadioButton *rbtn=dynamic_cast(i->w); + i->obj->setBool(i->attr.toLatin1().constData(), rbtn->isChecked() ); + } + if (dynamic_cast(i->w)!=NULL) + { + QSpinBox *sbx = dynamic_cast(i->w); + i->obj->setInt( i->attr.toLatin1().constData(), sbx->value() ); + } + + } +} + +void DialogData::setWidgetValue(const char *attr,const QString &val) +{ + for (list::iterator i=options.begin(); i!=options.end(); ++i) + { + if (i->attr == attr) + { + i->overrideValue(val); + loadToWidget( *i , true ); + break; + } + } +} + + +void DialogData::setWidgetValue(const char *attr,int val) +{ + for (list::iterator i=options.begin(); i!=options.end(); ++i) + { + if (i->attr == attr) + { + i->overrideValue(val); + loadToWidget( *i , true ); + break; + } + } +} + + diff --git a/src/gui/DialogData.h b/src/gui/DialogData.h new file mode 100644 index 000000000..1eacee1f3 --- /dev/null +++ b/src/gui/DialogData.h @@ -0,0 +1,134 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id$ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __DIALOGOPTIONS_H_ +#define __DIALOGOPTIONS_H_ + +#include "config.h" + +#include + +class QWidget; +#include +#include + +namespace libfwbuilder { + class FWObject; +}; + +class DialogData; + +class DialogOption { + friend class DialogData; + + public: + enum DataType { Unknown, String, Int, Bool }; + + private: + QWidget *w; + libfwbuilder::FWObject *obj; + QString attr; + QStringList mapping; + QString override_str_val; + int override_int_val; + DataType dtype; + + public: + DialogOption(QWidget *widget, libfwbuilder::FWObject *obj, const char* attr); + DialogOption(QWidget *widget, libfwbuilder::FWObject *obj, const char* attr, QStringList mapping); + + void overrideValue(const QString &val) { override_str_val=val; } + void overrideValue(int val) { override_int_val=val; } + + DataType type() { return dtype; } + +}; + + +class DialogData { + + std::list options; + + + void loadToWidget( DialogOption &dopt , bool override=false ); + + public: + DialogData(); + ~DialogData(); + +/** + * destroy all registered options, prepare for reuse + */ + void clear(); + +/** + * registers an option that is stored in object 'obj' as an attribute + * 'attr' and controlled by widget 'widget' in the dialog. + */ + void registerOption(QWidget *widget, + libfwbuilder::FWObject *obj, + const char *attr); + + +/** + * like the method above, plus adds a maping between option value + * rendered in the widget and value stored in the object + * attribute. This is mostly used for combo boxes. Mapping is defined + * by an array of strings in the following format: + * + * "Linux 2.4" , "linux24", + * "IPFilter" , "ipf", + * "Cisco PIX" , "pix", + * NULL, NULL + * + * Odd strings correspond to the data in the widget, while even + * strings define what is stored in the object (counting strings in + * the array from 1). + */ + void registerOption(QWidget *widget, + libfwbuilder::FWObject *obj, + const char *attr, + QStringList map); + +/** + * sets value 'val' in the widget that corresponds to attribute 'attr' + */ + void setWidgetValue(const char *attr,const QString &val); + void setWidgetValue(const char *attr,int val); + +/** + * loads all options from their respective object attributes to widgets + */ + void loadAll(); + +/** + * saves all options from their widgets to object attributes + */ + void saveAll(); + +}; + +#endif diff --git a/src/gui/DialogFactory.cpp b/src/gui/DialogFactory.cpp new file mode 100644 index 000000000..6abebcbd4 --- /dev/null +++ b/src/gui/DialogFactory.cpp @@ -0,0 +1,201 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: DialogFactory.cpp,v 1.15 2007/05/09 04:18:18 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "DialogFactory.h" + +#include "LibraryDialog.h" +#include "AddressRangeDialog.h" +#include "IPv4Dialog.h" +#include "PhysicalAddressDialog.h" +#include "DNSNameDialog.h" +#include "AddressTableDialog.h" +#include "NetworkDialog.h" +#include "CustomServiceDialog.h" +#include "ICMPServiceDialog.h" +#include "IPServiceDialog.h" +#include "TCPServiceDialog.h" +#include "UDPServiceDialog.h" +#include "GroupObjectDialog.h" +#include "HostDialog.h" +#include "FirewallDialog.h" +#include "InterfaceDialog.h" +#include "TimeDialog.h" +#include "TagServiceDialog.h" + +#include "iptAdvancedDialog.h" +#include "ipfAdvancedDialog.h" +#include "ipfwAdvancedDialog.h" +#include "pfAdvancedDialog.h" +#include "pixAdvancedDialog.h" +#include "iosaclAdvancedDialog.h" + +#include "linux24AdvancedDialog.h" +#include "linksysAdvancedDialog.h" +#include "freebsdAdvancedDialog.h" +#include "openbsdAdvancedDialog.h" +#include "solarisAdvancedDialog.h" +#include "macosxAdvancedDialog.h" +#include "pixosAdvancedDialog.h" +#include "iosAdvancedDialog.h" + +#include "RuleOptionsDialog.h" +#include "RoutingRuleOptionsDialog.h" +#include "NATRuleOptionsDialog.h" + + +#include "fwbuilder/Library.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Host.h" +#include "fwbuilder/Network.h" +#include "fwbuilder/IPv4.h" +#include "fwbuilder/DNSName.h" +#include "fwbuilder/AddressTable.h" +#include "fwbuilder/AddressRange.h" +#include "fwbuilder/ObjectGroup.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/CustomService.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/ServiceGroup.h" +#include "fwbuilder/Interval.h" +#include "fwbuilder/IntervalGroup.h" +#include "fwbuilder/Rule.h" +#include "fwbuilder/Resources.h" +#include "fwbuilder/TagService.h" + +#include + +using namespace std; +using namespace libfwbuilder; + +QWidget *DialogFactory::createDialog(QWidget *parent,const QString &objType) +{ + + if (objType==Library::TYPENAME) return new LibraryDialog(parent); + + if (objType==IPv4::TYPENAME) return new IPv4Dialog(parent); + + if (objType==physAddress::TYPENAME) return new PhysicalAddressDialog(parent); + + if (objType==DNSName::TYPENAME) return new DNSNameDialog(parent); + + if (objType==AddressTable::TYPENAME) return new AddressTableDialog(parent); + + if (objType==AddressRange::TYPENAME) return new AddressRangeDialog(parent); + + if (objType==Firewall::TYPENAME) return new FirewallDialog(parent); + + if (objType==Host::TYPENAME) return new HostDialog(parent); + + if (objType==Interface::TYPENAME) return new InterfaceDialog(parent); + + if (objType==Network::TYPENAME) return new NetworkDialog(parent); + + if (objType==CustomService::TYPENAME) return new CustomServiceDialog(parent); + + if (objType==IPService::TYPENAME) return new IPServiceDialog(parent); + + if (objType==ICMPService::TYPENAME) return new ICMPServiceDialog(parent); + + if (objType==TCPService::TYPENAME) return new TCPServiceDialog(parent); + + if (objType==UDPService::TYPENAME) return new UDPServiceDialog(parent); + + if (objType==ObjectGroup::TYPENAME) return new GroupObjectDialog(parent); + + if (objType==ServiceGroup::TYPENAME) return new GroupObjectDialog(parent); + + if (objType==TagService::TYPENAME) return new TagServiceDialog(parent); + + if (objType==IntervalGroup::TYPENAME) return new GroupObjectDialog(parent); + + if (objType==Interval::TYPENAME) return new TimeDialog(parent); + + if (objType==RoutingRule::TYPENAME) return new RoutingRuleOptionsDialog(parent); + if (objType==Rule::TYPENAME) return new RuleOptionsDialog(parent); + if (objType==PolicyRule::TYPENAME) return new RuleOptionsDialog(parent); + if (objType==NATRule::TYPENAME) return new NATRuleOptionsDialog(parent); + + return NULL; +} + + +QWidget *DialogFactory::createFWDialog(QWidget *parent,FWObject *o) + throw(FWException) +{ + Resources* platform = Resources::platform_res[o->getStr("platform")]; + if (platform==NULL) + throw FWException((const char*)(QObject::tr("Support module for %1 is not available").arg(o->getStr("platform").c_str()).toLocal8Bit().constData())); + + string dlgname=platform->Resources::getResourceStr("/FWBuilderResources/Target/dialog"); + +// string pl=o->getStr("platform"); + if (dlgname=="iptables") return new iptAdvancedDialog(parent,o); + if (dlgname=="ipf") return new ipfAdvancedDialog(parent,o); + if (dlgname=="ipfw") return new ipfwAdvancedDialog(parent,o); + if (dlgname=="pf") return new pfAdvancedDialog(parent,o); + if (dlgname=="pix") return new pixAdvancedDialog(parent,o); + if (dlgname=="iosacl") return new iosaclAdvancedDialog(parent,o); + + cerr << "Firewall settings dialog for " << dlgname + << " is not implemented" << endl; + return NULL; +} + + +QWidget *DialogFactory::createOSDialog(QWidget *parent,FWObject *o) + throw(FWException) +{ + Resources *os = Resources::os_res[o->getStr("host_OS")]; + if (os==NULL) + throw FWException((const char*)(QObject::tr("Support module for %1 is not available").arg(o->getStr("host_OS").c_str()).toLocal8Bit().constData())); + + string dlgname=os->Resources::getResourceStr("/FWBuilderResources/Target/dialog"); + +// string os=o->getStr("host_OS"); + if (dlgname=="linux24") return new linux24AdvancedDialog(parent,o); + if (dlgname=="linksys") return new linksysAdvancedDialog(parent,o); + if (dlgname=="freebsd") return new freebsdAdvancedDialog(parent,o); + if (dlgname=="openbsd") return new openbsdAdvancedDialog(parent,o); + if (dlgname=="solaris") return new solarisAdvancedDialog(parent,o); + if (dlgname=="macosx") return new macosxAdvancedDialog(parent,o); + if (dlgname=="pix_os") return new pixosAdvancedDialog(parent,o); + if (dlgname=="ios") return new iosAdvancedDialog(parent,o); + + cerr << "OS settings dialog for " << dlgname + << " is not implemented" << endl; + + return NULL; +} + + diff --git a/src/gui/DialogFactory.h b/src/gui/DialogFactory.h new file mode 100644 index 000000000..3d2f76323 --- /dev/null +++ b/src/gui/DialogFactory.h @@ -0,0 +1,43 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id$ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include + +namespace libfwbuilder { + class FWObject; + class FWException; +}; + +class DialogFactory { + + public: + + static QWidget *createDialog(QWidget *parent,const QString &objType); + static QWidget *createFWDialog(QWidget *parent,libfwbuilder::FWObject *o) + throw(libfwbuilder::FWException); + static QWidget *createOSDialog(QWidget *parent,libfwbuilder::FWObject *o) + throw(libfwbuilder::FWException); + +}; diff --git a/src/gui/DiscoveryDruid.cpp b/src/gui/DiscoveryDruid.cpp new file mode 100644 index 000000000..4c78e5163 --- /dev/null +++ b/src/gui/DiscoveryDruid.cpp @@ -0,0 +1,2455 @@ +/* + + Firewall Builder + + Copyright (C) 2005, 2006 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + Illiya Yalovoy + + $Id: DiscoveryDruid.cpp,v 1.37 2007/06/13 02:58:48 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "DiscoveryDruid.h" + +#include +#include +#include +#include + +#include "fwbuilder/HostsFile.h" +#include "fwbuilder/IPv4.h" +#include "fwbuilder/Host.h" +#include "fwbuilder/Network.h" +#include "fwbuilder/IPAddress.h" +#include "fwbuilder/Firewall.h" + +#include "fwbuilder/dns.h" +#include "fwbuilder/snmp.h" + +#include "FWBSettings.h" +#include "ObjectManipulator.h" +#include "FWWindow.h" + +#include "IOSImporter.h" +#include "IPTImporter.h" + +using namespace std; +using namespace libfwbuilder; + +DiscoveryDruid::DiscoveryDruid(QWidget *parent, bool start_with_import) : + QDialog(parent) +{ + m_dialog = new Ui::DiscoveryDruid_q; + m_dialog->setupUi(this); + + setControlWidgets(this, m_dialog->stackedWidget, + m_dialog->nextButton, + m_dialog->finishButton, + m_dialog->backButton, + m_dialog->cancelButton, + m_dialog->titleLabel); + + dm_method = new QButtonGroup; + dm_method->addButton(m_dialog->dm_fromfile,0); + dm_method->addButton(m_dialog->dm_importdns,1); + dm_method->addButton(m_dialog->dm_usesnmp,2); + dm_method->addButton(m_dialog->dm_import_config,3); + + connect(dm_method, SIGNAL( buttonClicked(int) ), this, SLOT( changedDiscoveryMethod(int) ) ); + connect(m_dialog->dnsfromlist, SIGNAL( clicked(bool) ), this, SLOT( changedNameServer() ) ); + connect(m_dialog->dnscustom, SIGNAL( clicked(bool) ), this, SLOT( changedNameServer() ) ); + connect(m_dialog->nameserverlist, SIGNAL( editTextChanged(QString) ), this, SLOT( changedNameServer() ) ); + connect(m_dialog->nameserverline, SIGNAL( textChanged(QString) ), this, SLOT( changedNameServer() ) ); + + thread=NULL; + + timer=new QTimer(this); + prg_timer=new QTimer(this); + unBar=NULL; + unProg=0; + + connect(prg_timer,SIGNAL(timeout()),this,SLOT(updatePrg())); + + setDiscoveryMethod_file(); + + flt_obj = new Filter(); + flt_obj_d = new FilterDialog(this); + flt_obj_d->setFilter(flt_obj); + + flt_last = new Filter(); + flt_last_d = new FilterDialog(this); + flt_last_d->setFilter(flt_last); + + flt_net = new Filter(); + flt_net_d = new FilterDialog(this); + flt_net_d->setFilter(flt_net); + + fillLibraries(m_dialog->libs,mw->db()); + m_dialog->libs->setEditable(true); + m_dialog->libs->lineEdit()->setText(om->getCurrentLib()->getName().c_str()); + + m_dialog->DNSprogress->hide(); + m_dialog->DNSprogress_2->hide(); + +#ifndef HAVE_GOODLIBRESOLV + m_dialog->dm_importdns->hide(); + m_dialog->snmpdnsparameters->hide(); +#endif + +#ifndef HAVE_LIBSNMP + m_dialog->dm_usesnmp->setEnabled(false); +#endif + +#ifndef HAVE_ANTLR_RUNTIME + m_dialog->dm_import_config->setEnabled(false); +#endif + + restore(); + + importPlatformChanged(m_dialog->import_platform->currentIndex()); + +#ifdef HAVE_ANTLR_RUNTIME + if (start_with_import) + { + m_dialog->dm_import_config->setDown(true); + setDiscoveryMethod_Import(); + setAppropriate( 0, false ); + // show the first page of the "import policy" track of the wizard + showPage( 2 ); + cancelButton->show(); + } +#endif + + showPage(0); + setNextEnabled(0, true); + prg_timer->start(100); +} + +void DiscoveryDruid::nextClicked() +{ + if (nextRelevant( currentPage() ) > -1) + showPage(nextRelevant( currentPage() )); +} + +void DiscoveryDruid::backClicked() +{ + if (previousRelevant( currentPage() ) > -1) + showPage(previousRelevant( currentPage() )); +} + +void DiscoveryDruid::finishClicked() +{ + QDialog::accept(); +} + +void DiscoveryDruid::cancelClicked() +{ + QDialog::reject(); +} + +DiscoveryDruid::~DiscoveryDruid() +{ + save(); + + delete flt_obj; + delete flt_last; + delete flt_net; + delete flt_obj_d; + delete flt_last_d; + delete flt_net_d; + + delete m_dialog; + delete dm_method; +} + +const char * DISCOVERY_DRUID_PREFIX="DiscoveryDruid/"; + +const char * DISCOVERY_DRUID_DISCOVERYMETHOD="DiscoveryMethod"; +const char * DISCOVERY_DRUID_FILENAME ="Filename"; +const char * DISCOVERY_DRUID_DOMAINNAME ="Domainname"; +const char * DISCOVERY_DRUID_USELONGNAME ="UseLongName"; +const char * DISCOVERY_DRUID_NAMESERVER ="NameServer"; +const char * DISCOVERY_DRUID_DNSTIMEOUT ="DNSTimeout"; +const char * DISCOVERY_DRUID_DNSRETRIES ="DNSRetries"; +const char * DISCOVERY_DRUID_SEEDHOST ="SeedHost"; +const char * DISCOVERY_DRUID_SNMPINADDR ="SNMPInAddr"; +const char * DISCOVERY_DRUID_SNMPINMASK ="SNMPInMask"; +const char * DISCOVERY_DRUID_SNMPRECURSIVE ="SNMPRecursive"; +const char * DISCOVERY_DRUID_SNMPFOLLOWP2P ="SNMPFollowP2P"; +const char * DISCOVERY_DRUID_SNMPINCLUDEVIRT="SNMPIncludeVirt"; +const char * DISCOVERY_DRUID_SNMPDODNS ="SNMPDoDNS"; +const char * DISCOVERY_DRUID_SNMPCOMMUNITY ="SNMPCommunity"; +const char * DISCOVERY_DRUID_SNMPRETRIES ="SNMPRetries"; +const char * DISCOVERY_DRUID_SNMPTIMEOUT ="SNMPTimeout"; +const char * DISCOVERY_DRUID_SNMPDNSRETRIES ="DNSRetries"; +const char * DISCOVERY_DRUID_SNMPDNSTIMEOUT ="DNSTimeout"; +const char * DISCOVERY_DRUID_SNMPDNSTHREADS ="SNMPDnsThreads"; +const char * DISCOVERY_DRUID_IMPORRT_CONFIG_PLATFORM = "ImportPlatform"; + + +void DiscoveryDruid::restore() +{ + int i; + QString s; + //Restore from settings + dm_method->button(st->getInt( + QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_DISCOVERYMETHOD))->setChecked(true); + changedDiscoveryMethod(dm_method->checkedId()); + + //m_dialog->filename->setText(st->getStr( + // QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_FILENAME)); + //m_dialog->domainname->setText(st->getStr( + // QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_DOMAINNAME)); + m_dialog->uselongname->setChecked(st->getBool( + QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_USELONGNAME)); + //m_dialog->nameserverline->setText(st->getStr( + // QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_NAMESERVER)); + i=st->getInt(QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_DNSTIMEOUT); + m_dialog->dnstimeout->setValue((i)?i:2); + i=st->getInt(QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_DNSRETRIES); + m_dialog->dnsretries->setValue((i)?i:1); + //m_dialog->seedhostname->setText(st->getStr( + // QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_SEEDHOST)); + m_dialog->snmpinaddr->setText(st->getStr( + QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_SNMPINADDR)); + m_dialog->snmpinmask->setText(st->getStr( + QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_SNMPINMASK)); + m_dialog->snmprecursive->setChecked(st->getBool( + QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_SNMPRECURSIVE)); + m_dialog->snmpfollowp2p->setChecked(st->getBool( + QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_SNMPFOLLOWP2P)); + m_dialog->snmpincludevirt->setChecked(st->getBool( + QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_SNMPINCLUDEVIRT)); + m_dialog->snmpdodns->setChecked(st->getBool( + QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_SNMPDODNS)); + s=st->getStr(QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_SNMPCOMMUNITY); + m_dialog->snmpcommunity->setText((s.isEmpty())?"public":s); + i=st->getInt(QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_SNMPRETRIES); + m_dialog->snmpretries->setValue((i)?i:1); + i=st->getInt(QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_SNMPTIMEOUT); + m_dialog->snmptimeout->setValue((i)?i:2); + i=st->getInt(QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_SNMPDNSRETRIES); + m_dialog->snmpdnsretries->setValue((i)?i:1); + i=st->getInt(QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_SNMPDNSTIMEOUT); + m_dialog->snmpdnstimeout->setValue((i)?i:2); + i=st->getInt(QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_SNMPDNSTHREADS); + m_dialog->snmpdnsthreads->setValue((i)?i:5); + + m_dialog->import_platform->setCurrentIndex(st->getInt( + QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_IMPORRT_CONFIG_PLATFORM)); +} + +void DiscoveryDruid::save() +{ + // Save to settings + st->setInt( + QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_DISCOVERYMETHOD, + dm_method->checkedId()); + st->setBool( + QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_USELONGNAME, + m_dialog->uselongname->isChecked()); + if (current_task==BT_DNS) + { + st->setInt( + QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_DNSTIMEOUT, + m_dialog->dnstimeout->value()); + st->setInt( + QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_DNSRETRIES, + m_dialog->dnsretries->value()); + } + else + { + st->setInt( + QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_SNMPDNSRETRIES, + m_dialog->snmpdnsretries->value()); + st->setInt( + QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_SNMPDNSTIMEOUT, + m_dialog->snmpdnstimeout->value()); + } + //st->setStr( + // QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_SEEDHOST, + // m_dialog->seedhostname->text()); + st->setStr( + QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_SNMPINADDR, + m_dialog->snmpinaddr->text()); + st->setStr( + QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_SNMPINMASK, + m_dialog->snmpinmask->text()); + st->setBool( + QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_SNMPRECURSIVE, + m_dialog->snmprecursive->isChecked()); + st->setBool( + QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_SNMPFOLLOWP2P, + m_dialog->snmpfollowp2p->isChecked()); + st->setBool( + QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_SNMPINCLUDEVIRT, + m_dialog->snmpincludevirt->isChecked()); + st->setBool( + QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_SNMPDODNS, + m_dialog->snmpdodns->isChecked()); + st->setStr( + QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_SNMPCOMMUNITY, + m_dialog->snmpcommunity->text()); + st->setInt( + QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_SNMPRETRIES, + m_dialog->snmpretries->value()); + st->setInt( + QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_SNMPTIMEOUT, + m_dialog->snmptimeout->value()); + st->setInt( + QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_SNMPDNSTHREADS, + m_dialog->snmpdnsthreads->value()); + st->setInt( + QString(DISCOVERY_DRUID_PREFIX) + DISCOVERY_DRUID_IMPORRT_CONFIG_PLATFORM, + m_dialog->import_platform->currentIndex()); + +} + +void DiscoveryDruid::dnsFinish(QHostInfo host) +{ + QList list = host.addresses(); + + unBar->hide(); + + if (userIsTyping) + { + //abandon the test result + if (current_task==BT_DNS) + { + changedNameServer(); + } + else + { + changedSeedHost(); + } + } + else + { + //get the test result + if (list.isEmpty()) + { + QPalette palette = errMessage->palette(); + palette.setColor(errMessage->foregroundRole(), Qt::darkRed); + errMessage->setPalette(palette); + + errMessage->setText( "host name not found"); + isSeedHostOK=false; + } + else + { + QPalette palette = errMessage->palette(); + palette.setColor(errMessage->foregroundRole(), Qt::darkGreen); + errMessage->setPalette(palette); + + errMessage->setText( "host name verified"); + isSeedHostOK=true; + + } + nextButton->setEnabled(isSNMPInclNetOK && isSeedHostOK); + } + +} + +void DiscoveryDruid::changedSelected( const int &page ) +{ + switch (page) + { + + case 1: // Reading file in hosts format + { + setNextEnabled(page,false); + changedHostsFileName(); + m_dialog->filename->setFocus(); + break; + } + + case 2: // import config + { + m_dialog->import_filename->setFocus(); + setBackEnabled(page,true); + setFinishEnabled(page,false); + break; + } + + case 3: // Import DNS zone + { + changedDomainName(); + m_dialog->domainname->setFocus(); + //setNextEnabled(page,false); + break; + } + + case 4: // Name server + { + if (page>FromPage) + getNameServers(); + disconnect(timer,SIGNAL(timeout()),0,0); + connect(timer,SIGNAL(timeout()),this,SLOT(checkHostName())); + changedNameServer(); + m_dialog->nameserverline->setFocus(); + + //setNextEnabled(page,false); + break; + } + + case 5: // Network discovery using SNMP + { + disconnect(timer,SIGNAL(timeout()),0,0); + connect(timer,SIGNAL(timeout()),this,SLOT(checkHostName())); + + isSeedHostOK=false; + isSNMPInclNetOK=false; + + changedSeedHost(); + changedInclNet(); + m_dialog->seedhostname->setFocus(); + break; + } + + case 6: // Network scan options + { + m_dialog->snmprecursive->setFocus(); + //setNextEnabled(page,false); + break; + } + + case 7: // SNMP and DNS reverse lookup queries parameters + { + checkSNMPCommunity(); + m_dialog->snmpcommunity->setFocus(); + break; + } + + case 8: // Background process (import from hosts and from config file) + { + m_dialog->discoveryprogress->setValue(-1); + m_dialog->discoverylog->clear(); + m_dialog->discoveryStopButton->setEnabled(true); + m_dialog->logSaveButton->setEnabled(false); + + QApplication::processEvents(QEventLoop::ExcludeUserInputEvents,100); + + setNextEnabled(page,false); + cancelButton->hide(); + setBackEnabled(page,false); + disconnect(timer,SIGNAL(timeout()),0,0); + connect(timer,SIGNAL(timeout()),this,SLOT(updateLog())); + timer->setSingleShot(false); + timer->start(1000); + + startBackgroundProcess(); + break; + } + + case 9: // Networks + { + fillListOfNetworks(); + fillNetworks(); + backButton->setEnabled(false); + nextButton->setEnabled(m_dialog->networklist->count ()>0 || Objects.size()>0); + break; + } + + case 10: // Objects + { + if (Networks.size()==0) + setBackEnabled(page,false); + + fillListOfObjects(); + fillObjects(); + nextButton->setEnabled(m_dialog->objectlist->count ()>0 || m_dialog->networklist->count()>0); + break; + } + + case 11: // Adjust Object type + { + setBackEnabled(page,true); + fillTypeChangingList(); + break; + } + + case 12: // Target library + { + break; + } + + case 13: // Objects creation ... + { + setBackEnabled(page,false); + cancelButton->hide(); + createRealObjects(); + setFinishEnabled(page,true); + finishButton->setFocus(); + break; + } + + default : {} + + } + FromPage=page; +} + +void DiscoveryDruid::startBackgroundProcess() +{ + switch (current_task) + { + case BT_HOSTS: + case BT_IMPORT: + { + m_dialog->discoveryprogress->setMaximum(100); + m_dialog->discoveryprogress->setValue(0); + m_dialog->discoveryprogress->setEnabled(false); + m_dialog->discoveryStopButton->setEnabled(false); + break; + } + case BT_DNS: + case BT_SNMP: + { + m_dialog->discoveryprogress->setMaximum(0); + m_dialog->discoveryprogress->setValue(-1); + break; + } + default: + {} + } + + switch (current_task) + { + case BT_HOSTS: startHostsScan(); break; + case BT_DNS: startDNSScan(); break; + case BT_SNMP: startSNMPScan(); break; + case BT_IMPORT: startConfigImport(); break; + default: + {} + } + +} + +void DiscoveryDruid::browseHostsFile() +{ + QString dir; + dir=st->getWDir(); + if (dir.isEmpty()) dir=st->getOpenFileDir(); + if (dir.isEmpty()) dir="~"; + + QString s = QFileDialog::getOpenFileName( + this, + "Choose a file", + dir, + "All files (*.*)"); + + if (!s.isEmpty()) + { + m_dialog->filename->setText(s); + } + +} + +void DiscoveryDruid::browseForImport() +{ + QString dir; + dir=st->getWDir(); + if (dir.isEmpty()) dir=st->getOpenFileDir(); + if (dir.isEmpty()) dir="~"; + + QString s = QFileDialog::getOpenFileName( + this, + "Choose a file", + dir, + "All files (*.*)"); + + if (!s.isEmpty()) + { + m_dialog->import_filename->setText(s); + } + +} + +void DiscoveryDruid::updatePrg() +{ + if (unBar!=NULL) + { + unBar->setValue(unProg++); + } + +} + +void DiscoveryDruid::getNameServers() +{ + multimap ns_records; + + string domain_name=m_dialog->domainname->text().toLatin1().constData(); + DNS_getNS_query *dns=new DNS_getNS_query(domain_name); + int n; + try + { + NullLogger nl; + SyncFlag stop_program(false); + ns_records=dns->getNS(domain_name, &nl, &stop_program); + m_dialog->dnsfromlist->setChecked(true); + + } catch (FWException &ex) + { + //string(_("Could not find name servers for the domain: '"))+ + //domain_name+"' ", ex.toString(), this); + delete dns; + m_dialog->nameserverlist->setEnabled(false); + m_dialog->dnsfromlist->setEnabled(false); + m_dialog->dnscustom->setChecked(true); + return ; + } + multimap::iterator i; + m_dialog->nameserverlist->clear(); + NameServers.clear(); + + for (n=0,i=ns_records.begin(); i!=ns_records.end(); ++n,++i) + { + + string s = (*i).first + " (" + ((*i).second).toString() + ")"; + QString qs = s.c_str(); + m_dialog->nameserverlist->addItem(qs); + + IPAddress *na=new IPAddress( (*i).second ); + NameServers[qs] = *na; + } +} + +void DiscoveryDruid::setDiscoveryMethod_file() +{ + current_task=BT_HOSTS; + m_dialog->processname->setText(tr("Hosts file parsing ...")); + for (int i=0;iprocessname->setText(tr("DNS zone transfer ...")); + current_task=BT_DNS; + for (int i=0;iprocessname->setText(tr("Network discovery using SNMP ...")); + current_task=BT_SNMP; + for (int i=0;iprocessname->setText(tr("Import configuration from file ...")); + current_task=BT_IMPORT; + for (int i=0;igetWDir(); + if (dir.isEmpty()) dir=st->getOpenFileDir(); + if (dir.isEmpty()) dir="~"; + + QString s = QFileDialog::getSaveFileName( + this, + "Choose a file", + dir, + "Text file (*.txt)"); + + + if (!s.isEmpty()) + { + if (s.endsWith(".txt")) + { + s+=".txt"; + } + QFile f(s); + if (f.open(QIODevice::WriteOnly)) + { + if (fwbdebug) + { + qDebug("Saving crawler log to file: %d chars", + m_dialog->discoverylog->toPlainText().length()); + qDebug("--------------------------------"); + } + QTextStream strm(&f); + QString txt = m_dialog->discoverylog->toPlainText(); + strm << txt << endl; + if (fwbdebug) qDebug("%s",txt.toAscii().constData()); + if (fwbdebug) + qDebug("--------------------------------"); + f.close(); + } + } +} + +void DiscoveryDruid::startHostsScan() +{ + if (thread!=NULL) + { + delete thread; + } + + thread = new HostsFileImport(m_dialog->filename->text()); + thread->setTargetWidget(this); + thread->start(); +} + +void DiscoveryDruid::startConfigImport() +{ + if (thread!=NULL) + { + delete thread; + } + + QFile cf( m_dialog->import_filename->text() ); + if (cf.open( QIODevice::ReadOnly ) ) + { + QTextStream stream(&cf); + QString s = stream.readAll(); + cf.close(); + std::string *buffer = new std::string( s.toLatin1().constData() ); + //if (fwbdebug) qDebug(buffer->c_str()); + + // count lines, gather some general stats on the config file. + + std::string::size_type pos, n; + pos = 0; + int line_count = 0; + while ( (n=buffer->find('\n', pos))!=std::string::npos) + { + line_count++; + pos = n+1; + } + m_dialog->discoveryprogress->setMaximum(line_count); + + // need to pick right platform string based on + // m_dialog->import_platform->currentItem() + string platform = ""; + switch (m_dialog->import_platform->currentIndex()) + { + case 0: platform = "iosacl"; break; + case 1: platform = "iptables"; break; + } + + // + // ConfigImport "owns" buffer - it is deleted + // in destructor of ConfigImport + // + thread = new ConfigImport(buffer, platform); + thread->setTargetWidget(this); + thread->start(); + } else + { + QMessageBox::critical(this, tr("Discovery error"), + tr("Could not open file %1").arg(m_dialog->import_filename->text())); + setBackEnabled(currentPage(),true); + } +} + +IPAddress DiscoveryDruid::getNS() +{ + string ns; + if (m_dialog->dnscustom->isChecked()) + { + ns=m_dialog->nameserverline->text().toLatin1().constData(); + + try + { + return IPAddress(ns); + } catch (FWException &ex) + { + /* perhaps not address but host name */ + list addr; + try + { + addr=DNS::getHostByName(ns); + } catch (FWException &ex) + { + return IPAddress(); + } + + return addr.front(); + } + } + + return NameServers[m_dialog->nameserverlist->currentText()]; +} + +void DiscoveryDruid::startDNSScan() +{ + IPAddress ns=getNS(); + string domain_name=m_dialog->domainname->text().toLatin1().constData(); + + DNS_findA_query *q=new DNS_findA_query(); + q->init( + domain_name, ns, + m_dialog->dnsretries->value(), + m_dialog->dnstimeout->value() + ); + bop=q; + + m_dialog->discoveryprogress->setMaximum(0); + unBar=m_dialog->discoveryprogress; + try + { + logger=bop->start_operation(); + + m_dialog->discoverylog->append("Reading DNS zone ..."); + + } catch(const FWException &ex) + { + delete q; + q=NULL; + qDebug(ex.toString().c_str()); + } +} + +IPAddress DiscoveryDruid::getSeedHostAddress() +{ + libfwbuilder::IPAddress seed_host_addr; + if (!m_dialog->seedhostname->text().isEmpty()) + { + try + { + seed_host_addr=IPAddress(m_dialog->seedhostname->text().toLatin1().constData()); + return seed_host_addr; + } catch(const FWException &ex) + { + } + + try + { + QString a = getAddrByName( m_dialog->seedhostname->text() ); + return IPAddress( a.toLatin1().constData() ); +#if 0 + list v=DNS::getHostByName( m_dialog->seedhostname->text().toLatin1().constData() ); + seed_host_addr = v.front(); + return seed_host_addr; +#endif + } catch(const FWException &ex) + { + } + } + return seed_host_addr; +} + +void DiscoveryDruid::startSNMPScan() +{ +#ifdef HAVE_LIBSNMP + + + bool use_incl=!m_dialog->snmpinaddr->text().isEmpty() && !m_dialog->snmpinmask->text().isEmpty(); + if (use_incl) + { + try + { + IPNetwork in( + IPAddress(m_dialog->snmpinaddr->text().toLatin1().constData()), + Netmask(m_dialog->snmpinmask->text().toLatin1().constData()) + ); + include_networks.push_back(in); + } + catch (const FWException &ex) + { + //TODO: to do something usefull + } + } + libfwbuilder::SNMPCrawler *q=new SNMPCrawler(); + q->init(getSeedHostAddress(), + m_dialog->snmpcommunity->text().toLatin1().constData(), + m_dialog->snmprecursive->isChecked(), + ! m_dialog->snmpincludevirt->isChecked(), + false, + m_dialog->snmpfollowp2p->isChecked(), + 0, + m_dialog->snmpretries->value(), + 1000000L*m_dialog->snmptimeout->value(), + 0, + 0, + (use_incl) ? &include_networks : NULL); + + m_dialog->discoveryprogress->setMaximum(0); + unBar=m_dialog->discoveryprogress; + + bop=q; + try + { + logger=bop->start_operation(); + m_dialog->discoverylog->append("Collecting data ..."); + + } catch(const FWException &ex) + { + delete q; + q=NULL; + } + + +#endif +} + +void DiscoveryDruid::changedDomainName() +{ + if (m_dialog->domainname->text().isEmpty()) + { + nextButton->setEnabled(false); + } + else + { + nextButton->setEnabled(true); + } +} + +void DiscoveryDruid::changedNameServer() +{ + userIsTyping=true; + isSNMPInclNetOK=true; + + if(m_dialog->dnscustom->isChecked()) + { + nextButton->setEnabled(false); + QString s=m_dialog->nameserverline->text(); + HostName=s; + + if (s.isEmpty()) + { + timer->stop(); + m_dialog->DNSprogress_2->hide(); + + QPalette palette = m_dialog->nameserver_error->palette(); + palette.setColor(m_dialog->nameserver_error->foregroundRole(), Qt::darkRed); + m_dialog->nameserver_error->setPalette(palette); + + m_dialog->nameserver_error->setText("Enter valid host name or address."); + nextButton->setEnabled(false); + return; + } + + if(isIPAddress(s)) + { + timer->stop(); + m_dialog->DNSprogress_2->hide(); + + QString rs=testIPAddress(s); + if (rs.isEmpty()) + { + m_dialog->nameserver_error->setText(" "); + nextButton->setEnabled(true); + } + else + { + QPalette palette = m_dialog->nameserver_error->palette(); + palette.setColor(m_dialog->nameserver_error->foregroundRole(), Qt::darkRed); + m_dialog->nameserver_error->setPalette(palette); + + m_dialog->nameserver_error->setText(rs); + nextButton->setEnabled(false); + } + } + else + { + unBar=m_dialog->DNSprogress_2; + + unBar->show(); + timer->setSingleShot(true); + timer->start(1000); + errMessage=m_dialog->nameserver_error; + userIsTyping=false; + + QPalette palette = errMessage->palette(); + palette.setColor(errMessage->foregroundRole(), Qt::black); + errMessage->setPalette(palette); + + errMessage->setText("DNS resolution in progress..."); + + unProg = 0; + } + } + else + { + timer->stop(); + m_dialog->DNSprogress_2->hide(); + m_dialog->nameserver_error->setText(" "); + nextButton->setEnabled(true); + } +} + +void DiscoveryDruid::typedCustomNS() +{ + if(!m_dialog->dnscustom->isChecked()) + { + m_dialog->dnscustom->setChecked(true); + } +} + +bool DiscoveryDruid::isIPAddress(const QString s) +{ + QRegExp r=QRegExp("^(\\d|\\.)+$",Qt::CaseInsensitive); //non wildcard + return r.exactMatch(s); +} + +QString DiscoveryDruid::testIPAddress(const QString s) +{ + QString res; + QRegExp r=QRegExp("^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$",Qt::CaseInsensitive); //non wildcard + if (r.exactMatch(s)) + { + try + { + IPAddress(s.toLatin1().constData()); + } catch(const FWException &ex) + { + res=ex.toString().c_str(); + } + } + else + { + res="Wrong IPv4 format"; + } + return res; +} + +void DiscoveryDruid::changedHostsFileName() +{ + QFile f; + f.setFileName(m_dialog->filename->text()); + if (f.exists()) + { + setNextEnabled(currentPage(),true); + } + else + { + setNextEnabled(currentPage(),false); + } +} + +void DiscoveryDruid::changedSNMPOptions() +{ + +} + +void DiscoveryDruid::stopBackgroundProcess() +{ + if (fwbdebug) + qDebug("stopBackgroundProcess bop=%p isRunning=%d", + bop,(bop!=NULL)?bop->isRunning():-1); + + if (bop!=NULL && bop->isRunning()) + { + m_dialog->discoverylog->append("Terminating task. Please wait..."); + + bop->stop_operation(); + m_dialog->discoveryStopButton->setEnabled(false); + } +} + +void DiscoveryDruid::addNetwork() +{ + + + int count = m_dialog->networkresultlist->count(); + int upd_max=(count > 10)?count/10:1; + int updc=upd_max; + int t=0; + QProgressDialog pd(tr("Adding objects ..."), tr("Cancel"), 0, count,this); + + QListWidgetItem* item=(QListWidgetItem*)m_dialog->networkresultlist->item(0); + int i = 0; + + while (item) + { + + if (item->isSelected()) + { + QString k=item->text(); + if (!Networks[k].isSelected) + { + Networks[k].isSelected=true; + m_dialog->networklist->addItem(item->text()); + } + } + + i++; + item=(QListWidgetItem*)m_dialog->networkresultlist->item(i); + + if (updc--<=0) + { + pd.setValue(t); + qApp->processEvents(); + + if (pd.wasCanceled()) + { + break; + } + updc=upd_max; + } + t++; + } + nextButton->setEnabled(m_dialog->networklist->count ()>0 || Objects.size()>0); + +} + +void DiscoveryDruid::removeNetwork() +{ + QListWidgetItem* item1=m_dialog->networklist->item(0); + QListWidgetItem* item2; + + while (item1!=0) + { + item2=m_dialog->networklist->item( + m_dialog->networklist->row(item1)+1); + if (item1->isSelected()) + { + Networks[item1->text()].isSelected=false; + delete item1; + } + item1=item2; + } + nextButton->setEnabled(m_dialog->networklist->count ()>0 || Objects.size()>0); +} + +void DiscoveryDruid::setNetworkFilter() +{ + flt_net_d->exec(); + fillListOfNetworks(); +} + +void DiscoveryDruid::removeNetworkFilter() +{ + flt_net->clear(); + fillListOfNetworks(); +} + +void DiscoveryDruid::addObject() +{ + int count = m_dialog->objectresultlist->count(); + int upd_max=(count > 10)?count/10:1; + int updc=upd_max; + int t=0; + QProgressDialog pd(tr("Adding objects ..."), + tr("Cancel"), 0, count,this); + + QListWidgetItem* item=(QListWidgetItem*)m_dialog->objectresultlist->item(0); + int i = 0; + + while (item) + { + if (item->isSelected()) + { + QString k=item->text(); + if (!Objects[k].isSelected) + { + Objects[k].isSelected=true; + m_dialog->objectlist->addItem(item->text()); + } + } + + i++; + item=(QListWidgetItem*)m_dialog->objectresultlist->item(i); + + if (updc--<=0) + { + pd.setValue(t); + qApp->processEvents(); + + if (pd.wasCanceled()) + { + break; + } + updc=upd_max; + } + t++; + } + nextButton->setEnabled(m_dialog->objectlist->count ()>0 || m_dialog->networklist->count()>0); +} + +void DiscoveryDruid::removeObject() +{ + QListWidgetItem* item1=m_dialog->objectlist->item(0); + QListWidgetItem* item2; + + while (item1!=0) + { + item2=m_dialog->objectlist->item( + m_dialog->objectlist->row(item1)+1); + if (item1->isSelected()) + { + Objects[item1->text()].isSelected=false; + delete item1; + } + item1=item2; + } + nextButton->setEnabled(m_dialog->objectlist->count ()>0 || m_dialog->networklist->count()>0); +} + +void DiscoveryDruid::setLastFilter() +{ + flt_last_d->exec(); + fillTypeChangingList(); +} + +void DiscoveryDruid::setObjectFilter() +{ + flt_obj_d->exec(); + fillListOfObjects(); +} + +void DiscoveryDruid::removeLastFilter() +{ + flt_last->clear(); + fillTypeChangingList(); +} + +void DiscoveryDruid::removeObjectFilter() +{ + flt_obj->clear(); + fillListOfObjects(); +} + +void DiscoveryDruid::selectAllResNets() +{ + m_dialog->networkresultlist->selectAll(); +} + +void DiscoveryDruid::selectAllNets() +{ + m_dialog->networklist->selectAll(); +} + +void DiscoveryDruid::selectAllResObjs() +{ + m_dialog->objectresultlist->selectAll(); +} + +void DiscoveryDruid::selectAllObjs() +{ + m_dialog->objectlist->selectAll(); +} + +void DiscoveryDruid::fillNetworks() +{ + ObjectDescriptor buf; + + m_dialog->networklist->clear(); + bool f=false; + QMap::iterator i; + for(i=Networks.begin(); + i!=Networks.end(); + ++i) + { + buf=i.value(); + if (buf.isSelected) + { + m_dialog->networklist->addItem(new QListWidgetItem(i.key())); + f=true; + } + } + nextButton->setEnabled(f); +} + +void DiscoveryDruid::fillObjects() +{ + ObjectDescriptor buf; + + m_dialog->objectlist->clear(); + bool f=false; + QMap::iterator i; + for(i=Objects.begin(); i!=Objects.end(); ++i) + { + buf=i.value(); + if (buf.isSelected) + { + m_dialog->objectlist->addItem(new QListWidgetItem(i.key())); + f=true; + } + } + nextButton->setEnabled(f); +} + +void DiscoveryDruid::fillTypeChangingList() +{ + + ObjectDescriptor buf; + + m_dialog->typeChangingList->clear(); + + QMap::iterator i; + for(i=Objects.begin(); i!=Objects.end(); ++i) + { + buf=i.value(); + if (buf.isSelected) + { + QString ins; + if ( flt_last->test(buf) ) + { + ins=(buf.interfaces.size())? + QString("%1").arg(buf.interfaces.size()):""; + QStringList sl; + sl << buf.toString().c_str() << ins << buf.type.c_str(); + new QTreeWidgetItem( m_dialog->typeChangingList, sl ); + } + } + } + + m_dialog->typeChangingList->resizeColumnToContents(0); + m_dialog->typeChangingList->resizeColumnToContents(1); +} + +void DiscoveryDruid::loadDataFromDNS() +{ + DNS_findA_query *q=(DNS_findA_query*)bop; + Objects.clear(); + + map > t = q->getResult(); + + for(map >::iterator j = t.begin(); j!=t.end(); ++j) + { + ObjectDescriptor od; + od.addr = *((*j).second.begin()); + od.sysname = (*j).first; + if (!m_dialog->uselongname->isChecked()) + { + string::size_type p=od.sysname.rfind(m_dialog->domainname->text().toLatin1().constData()); + if (p!=string::npos) + { + od.sysname=od.sysname.substr(0,p-1); + } + } + od.type =IPv4::TYPENAME; + od.isSelected=false; + + if (od.sysname.empty()) + { + od.sysname=string("h-") + od.addr.toString(); + } + + Objects[od.toString().c_str()]=od; + } +} + +void DiscoveryDruid::loadDataFromFile() +{ + m_dialog->objectresultlist->clear(); + int t=0; + HostsFileImport *himport = dynamic_cast(thread); + assert(himport!=NULL); + int count = himport->hosts.size(); + if (count > 0) + { + int upd_max=(count > 10)?count/10:1; + + int updc=upd_max; + + QProgressDialog pd(tr("Prepare objects ..."), tr("Cancel"), 0, count,this); + + vector::iterator i; + for(i = himport->hosts.begin(); i != himport->hosts.end(); ++i) + { + if (i->type.empty()) + { + i->type=IPv4::TYPENAME; + } + i->isSelected=false; + + Objects[i->toString().c_str()] = *i; + if (updc--<=0) + { + pd.setValue(t); + qApp->processEvents(); + + if (pd.wasCanceled()) + { + break; + } + updc=upd_max; + } + t++; + } + } +} + +void DiscoveryDruid::loadDataFromImporter() +{ + ConfigImport *confimp = dynamic_cast(thread); + assert(confimp!=NULL); + Importer *imp = confimp->getImporterObject(); + if (imp!=NULL) + { + Firewall *fw = imp->finalize(); + + om->loadObjects(); + + if (fw) + { + om->updateObjName(fw,"", false); + mw->addFirewallToList(fw); + mw->showFirewall(fw); + om->editObject(fw); + } + } +} + +void DiscoveryDruid::loadDataFromCrawler() +{ +#ifdef HAVE_LIBSNMP + SNMPCrawler *q=(SNMPCrawler*)bop; + Objects.clear(); + Networks.clear(); + + set::iterator m; + set s = q->getNetworks(); + + if (fwbdebug) + qDebug(QString("got %1 networks").arg(s.size()).toAscii().constData()); + + for (m=s.begin(); m!=s.end(); ++m) + { + ObjectDescriptor od; + + od.sysname=(string)*m; + od.addr=m->getAddress(); + od.netmask=m->getNetmask(); + od.type=Network::TYPENAME; + od.isSelected=false; + + Networks[od.sysname.c_str()]= od ; + } + + map t = q->getAllIPs(); + + if (fwbdebug) + qDebug(QString("got %1 addresses").arg(t.size()).toAscii().constData()); + + m_dialog->discoveryprogress->setMaximum( t.size() ); + m_dialog->discoveryprogress->setValue(0); + + int cntr = 0; + map::iterator j; + for(j = t.begin(); j!=t.end(); ++j,++cntr) + { + m_dialog->discoveryprogress->setValue( cntr ); + + ObjectDescriptor od( (*j).second ); + od.addr = (*j).first; + od.type=(od.interfaces.size()>1)? + (Host::TYPENAME):(IPv4::TYPENAME); + + od.isSelected=false; + + if (od.sysname.empty()) + { + od.sysname = string("h-") + od.addr.toString(); + if (m_dialog->snmpdodns->isChecked()) + { + QString hostName = getNameByAddr( od.addr.toString().c_str() ); + if (!hostName.isEmpty()) + od.sysname = hostName.toLatin1().constData(); + } + + QString buf; + + buf = QString(od.addr.toString().c_str()) + " : " + od.sysname.c_str(); + m_dialog->discoverylog->append(buf); + + } + + Objects[od.toString().c_str()]=od; + + set::iterator si; + for(si=od.dns_info.aliases.begin(); + si!=od.dns_info.aliases.end(); + ++si) + { + od.sysname=(*si); + Objects[od.toString().c_str()]=od; + } + } +#endif +/* + (arg==0) ? + _("Network scan completed, click 'Next' to continue") : + _("There has been an error running the network scan. You can continue but data gathered by the scanner may be incomplete") +*/ +} + + + +void DiscoveryDruid::fillListOfNetworks() +{ + m_dialog->networkresultlist->clear(); + int t=0; + int count = Networks.size(); + if (count > 0) + { + int upd_max=(count > 10)?count/10:1; + + int updc=upd_max; + + QProgressDialog pd(tr("Copying results ..."), tr("Cancel"), 0, count,this); + + QMap::iterator i; + for(i=Networks.begin(); + i!=Networks.end(); + ++i) + { + + if ( flt_net->test(i.value()) ) + { + + m_dialog->networkresultlist->addItem(new QListWidgetItem(i.key())); + if (updc--<=0) + { + pd.setValue(t); + qApp->processEvents(); + + if (pd.wasCanceled()) + { + break; + } + updc=upd_max; + } + } + t++; + } + } +} + +void DiscoveryDruid::fillListOfObjects() +{ + + m_dialog->objectresultlist->clear(); + int t=0; + int count = Objects.size(); + if (count > 0) + { + int upd_max=(count > 10)?count/10:1; + + int updc=upd_max; + + QProgressDialog pd(tr("Copying results ..."), + tr("Cancel"), 0,count,this); + + QMap::iterator i; + for(i=Objects.begin(); i!=Objects.end(); ++i) + { + if ( flt_obj->test(i.value()) ) + { + + m_dialog->objectresultlist->addItem(new QListWidgetItem(i.key())); + if (updc--<=0) + { + pd.setValue(t); + qApp->processEvents(); + + if (pd.wasCanceled()) + { + break; + } + updc=upd_max; + } + } + t++; + } + } +} + +void DiscoveryDruid::customEvent(QEvent *event) +{ + int evtype=(int)event->type(); + if (evtype == ProgressEv) + { + ProgressEvent *e = (ProgressEvent*)event; + m_dialog->discoveryprogress->setValue(e->value); + } else if (evtype == DoneEv) + { + cancelButton->show(); + + timer->stop(); + disconnect(timer,SIGNAL(timeout()),0,0); + + updateLog(); + m_dialog->logSaveButton->setEnabled(true); + + // actually create objects + switch (current_task) + { + case BT_HOSTS: + loadDataFromFile(); + break; + case BT_IMPORT: + loadDataFromImporter(); + break; + default: + break; + } + + thread->wait(); + QString er = thread->getError(); + delete thread; + thread=NULL; + + switch (current_task) + { + case BT_HOSTS: + if (Objects.size()>0) + { + nextButton->setDefault(true); + nextButton->setFocus(); + nextButton->setEnabled(true); + backButton->setEnabled(false); + } + else + { + backButton->setEnabled(true); + nextButton->setEnabled(false); + } + break; + case BT_IMPORT: + setFinishEnabled(currentPage(),true); + finishButton->setFocus(); + break; + default: + break; + } + + } +} + +void DiscoveryDruid::updateLog() +{ + if (current_task==BT_HOSTS || current_task==BT_IMPORT) + { + QString buf; + if (thread!=NULL) + { + while(thread->Log->ready()) + { + buf = thread->Log->getLine().c_str(); + m_dialog->discoverylog->insertPlainText(buf); + } + } + } + else if (current_task==BT_SNMP) + { + if (monitorOperation() > 0) + { + + //m_dialog->discoveryprogress->setValue(prg++); + } + else + { + timer->stop(); + disconnect(timer,SIGNAL(timeout()),0,0); + + if (fwbdebug) qDebug("Crawler finished"); + + loadDataFromCrawler(); + + cancelButton->show(); + + FWException * ex=bop->get_latest_error(); + if (ex!=NULL) + { + QMessageBox::critical(this,tr("Discovery error"), ex->toString().c_str()); + //m_dialog->discoverylog->append(QString("\nLast exception: ")+ex->toString().c_str()+"\n"); + } + if (Objects.size()>0 || Networks.size()>0) + { + if (Networks.size()==0) + setAppropriate( 8,0); + nextButton->setEnabled(true); + nextButton->setDefault(true); + nextButton->setFocus(); + backButton->setEnabled(false); + } + else + { + nextButton->setEnabled(false); + backButton->setEnabled(true); + } + + m_dialog->logSaveButton->setEnabled(true); + + delete bop; + bop=NULL; + unBar=NULL; + m_dialog->discoveryprogress->setMaximum(100); + m_dialog->discoveryprogress->setValue(100); + m_dialog->discoveryStopButton->setEnabled(false); + } + } + else if (current_task==BT_DNS) + { + if (monitorOperation() > 0) + { + //m_dialog->discoveryprogress->setMaximum(0); + //m_dialog->discoveryprogress->setValue( + // m_dialog->discoveryprogress->progress()+1); + } + else + { + timer->stop(); + disconnect(timer,SIGNAL(timeout()),0,0); + + loadDataFromDNS(); + + cancelButton->show(); + FWException * ex=bop->get_latest_error(); + if (ex!=NULL) + { + QMessageBox::critical(this,tr("Discovery error"), ex->toString().c_str()); + //m_dialog->discoverylog->append(QString("\nLast exception: ")+ex->toString().c_str()+"\n"); + } + if (Objects.size()>0) + { + nextButton->setEnabled(true); + nextButton->setDefault(true); + nextButton->setFocus(); + backButton->setEnabled(false); + } + else + { + nextButton->setEnabled(false); + backButton->setEnabled(true); + } + m_dialog->logSaveButton->setEnabled(true); + delete bop; + bop=NULL; + unBar=NULL; + m_dialog->discoveryprogress->setMaximum(100); + m_dialog->discoveryprogress->setValue(100); + m_dialog->discoveryStopButton->setEnabled(false); + } + } +} + +void DiscoveryDruid::changedSeedHost() +{ + m_dialog->seedhosterror_message->setText(" "); + userIsTyping=true; + errMessage=m_dialog->seedhosterror_message; + HostName=m_dialog->seedhostname->text(); + + if (HostName.isEmpty()) + { + timer->stop(); + m_dialog->DNSprogress->hide(); + QPalette palette = m_dialog->seedhosterror_message->palette(); + palette.setColor(m_dialog->seedhosterror_message->foregroundRole(), Qt::darkRed); + m_dialog->seedhosterror_message->setPalette(palette); + + m_dialog->seedhosterror_message->setText("Enter a valid host name or address."); + isSeedHostOK=false; + } + else + { + if(isIPAddress(HostName)) + { // seems to be an IP Address + m_dialog->DNSprogress->hide(); + timer->stop(); + QRegExp r=QRegExp("^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$",Qt::CaseInsensitive); //non wildcard + if (r.exactMatch(HostName)) + { + try + { + IPAddress(HostName.toLatin1().constData()); + + QPalette palette = m_dialog->seedhosterror_message->palette(); + palette.setColor(m_dialog->seedhosterror_message->foregroundRole(), Qt::darkGreen); + m_dialog->seedhosterror_message->setPalette(palette); + + m_dialog->seedhosterror_message->setText("Address verified"); + isSeedHostOK=true; + } catch(const FWException &ex) + { + QPalette palette = m_dialog->seedhosterror_message->palette(); + palette.setColor(m_dialog->seedhosterror_message->foregroundRole(), Qt::darkRed); + m_dialog->seedhosterror_message->setPalette(palette); + + m_dialog->seedhosterror_message->setText(ex.toString().c_str()); + // need to return focus to the input field in case of error + //m_dialog->seedhostname->setFocus(); + isSeedHostOK=false; + } + } + else + { + QPalette palette = m_dialog->seedhosterror_message->palette(); + palette.setColor(m_dialog->seedhosterror_message->foregroundRole(), Qt::darkRed); + m_dialog->seedhosterror_message->setPalette(palette); + + m_dialog->seedhosterror_message->setText("Wrong IPv4 format"); + isSeedHostOK=false; + + } + } + else + {// it looks like a DNS name + isSeedHostOK=false; + + QPalette palette = m_dialog->seedhosterror_message->palette(); + palette.setColor(m_dialog->seedhosterror_message->foregroundRole(), Qt::black); + m_dialog->seedhosterror_message->setPalette(palette); + + m_dialog->seedhosterror_message->setText("DNS resolution in progress..."); + unProg = 0; + unBar=m_dialog->DNSprogress; + + errMessage=m_dialog->seedhosterror_message; + m_dialog->DNSprogress->show(); + timer->setSingleShot(true); + timer->start(1000); + } + } + nextButton->setEnabled(isSNMPInclNetOK && isSeedHostOK); +} + +void DiscoveryDruid::changedInclNet() +{ + setNextEnabled(currentPage(),false); + m_dialog->confineerror_message->setText(" "); + bool use_incl=!m_dialog->snmpinaddr->text().isEmpty() && !m_dialog->snmpinmask->text().isEmpty(); + if (use_incl) + { + try + { + + IPAddress a(m_dialog->snmpinaddr->text().toLatin1().constData()); + Netmask n(m_dialog->snmpinmask->text().toLatin1().constData()); + IPNetwork(a,n); + + m_dialog->confineerror_message->setText(" "); + isSNMPInclNetOK=true; + } catch (const FWException &ex) + { + isSNMPInclNetOK=false; + m_dialog->confineerror_message->setText(ex.toString().c_str()); + } + + } + else + { + if (!m_dialog->snmpinaddr->text().isEmpty() || !m_dialog->snmpinmask->text().isEmpty()) + { + isSNMPInclNetOK=false; + m_dialog->confineerror_message->setText(tr("Incomlete network specification.")); + } + else + { + m_dialog->confineerror_message->setText(" "); + isSNMPInclNetOK=true; + } + } + nextButton->setEnabled(isSNMPInclNetOK && isSeedHostOK); +} + +int DiscoveryDruid::monitorOperation() +{ + QString buf; + bool fl; + + if (fwbdebug) qDebug("monitorOperation bop=%p isRunning=%d", + bop,(bop!=NULL)?bop->isRunning():-1); + + + fl=false; + while( logger->ready() ) + { + buf= logger->getLine().c_str(); + if (buf.endsWith('\n')) + buf = buf.left(buf.length() - 1); + + m_dialog->discoverylog->append(buf); + + /*if (fwbdebug) qDebug("monitorOperation appending the following buf: (1)"); + if (fwbdebug) qDebug(buf.toAscii().constData()); + if (fwbdebug) qDebug("----------------------------------------------");*/ + + fl=true; + } + if (fl) + { + return 1; + } + if (bop==NULL) + { + + return 0; // BackgroundOp has been disconnected + } + + if (bop->isRunning()) + { + return 1; + } + // send signal "completed", argument is 0 if ok and -1 if error + + + FWException *ex=bop->get_latest_error(); + if (ex) + { + buf= ex->toString().c_str(); + if (buf.endsWith('\n')) + buf = buf.left(buf.length() - 1); + + m_dialog->discoverylog->append(buf); + + /*if (fwbdebug) qDebug("monitorOperation appending the following buf: (2)"); + if (fwbdebug) qDebug(buf.toAscii().constData()); + if (fwbdebug) qDebug("----------------------------------------------");*/ + + // completed(-1); // this sends signal to another widget + } else + { + // completed(0); // this sends signal to another widget + } + return 0; + +} + +void DiscoveryDruid::checkHostName() +{ + if (!HostName.isEmpty()) + { + userIsTyping=false; + QHostInfo::lookupHost(HostName, + this, SLOT(dnsFinish(QHostInfo))); + } +} + +void DiscoveryDruid::checkSNMPCommunity() +{ + if (m_dialog->snmpcommunity->text().isEmpty()) + { + m_dialog->snmpcommunity_message->setText(tr("Empty community string")); + setNextEnabled(currentPage(),false); + } + else + { + m_dialog->snmpcommunity_message->setText(""); + setNextEnabled(currentPage(),true); + } +} + +void DiscoveryDruid::changeTargetObject(const QString &buf) +{ + + QTreeWidgetItem* item=m_dialog->typeChangingList->topLevelItem(0); + + while (item!=0) + { + if (item->isSelected()) + { + Objects[item->text(0)].type=buf.toLatin1().constData(); + item->setText(2,buf); + } + item=m_dialog->typeChangingList->topLevelItem( + m_dialog->typeChangingList->indexOfTopLevelItem(item)+1); + } +} + +void DiscoveryDruid::selectAllLast() +{ + m_dialog->typeChangingList->selectAll(); +} + +void DiscoveryDruid::unselectAllLast() +{ + m_dialog->typeChangingList->selectAll(); +} + +void DiscoveryDruid::typeAddress() +{ + changeTargetObject(IPv4::TYPENAME); +} + +void DiscoveryDruid::typeHost() +{ + changeTargetObject(Host::TYPENAME); +} + +void DiscoveryDruid::typeFirewall() +{ + changeTargetObject(Firewall::TYPENAME); +} + +void DiscoveryDruid::createRealObjects() +{ + + ObjectDescriptor od; + string type,name,a; + + int t=0; + m_dialog->lastprogress->setValue(0); + m_dialog->lastprogress->setMaximum( Objects.size()); + + QMap::iterator i; + for(i=Networks.begin(); + i!=Networks.end(); + ++i) + { + od=i.value(); + if (od.isSelected) + { + type = od.type; + name=od.sysname; + a = od.addr.toString().c_str(); + + Network *net=dynamic_cast( + om->createObject(type.c_str(),name.c_str()) + ); + assert(net!=NULL); + net->setName(name); + net->setAddress(IPAddress(a)); + net->setNetmask(Netmask(IPAddress(a))); + om->moveObject(m_dialog->libs->currentText(), net); + } + } + + for(i=Objects.begin(); + i!=Objects.end(); + ++i) + { + od=i.value(); + type=od.type; + + name=od.sysname; + a=od.addr.toString(); + + if(od.isSelected) + { + if (type==Host::TYPENAME || type==Firewall::TYPENAME) + { + FWObject *o=NULL; + + o=om->createObject(type.c_str(),name.c_str()); + o->setName(name); + + if (od.interfaces.size()==0) + { + Interface *itf= Interface::cast( + om->createObject(o,Interface::TYPENAME,"nic1") + ); + IPv4 *ipv4= IPv4::cast( + om->createObject(itf,IPv4::TYPENAME,a.c_str()) + ); + + + ipv4->setAddress(a); + ipv4->setNetmask("255.255.255.255"); + } else + { + map::const_iterator i; + for (i=od.interfaces.begin(); i!=od.interfaces.end(); ++i) + { + Interface in=i->second; + Interface *itf= + Interface::cast(om->createObject( + o, + Interface::TYPENAME, + (i->second).getName().c_str(), + &in)); + om->autorename(itf,IPv4::TYPENAME,"ip"); + om->autorename(itf,physAddress::TYPENAME,"mac"); + } + } + if (!od.descr.empty()) + { + FWOptions* opt=(dynamic_cast(o))->getOptionsObject(); + opt->setStr("snmp_description",od.descr); + opt->setStr("snmp_location", od.location); + opt->setStr("snmp_contact", od.contact); + } + om->moveObject(m_dialog->libs->currentText(), o); + if (type==Firewall::TYPENAME) + { + map platforms = Resources::getPlatforms(); + map::iterator i; + for (i=platforms.begin(); i!=platforms.end(); i++) + Resources::setDefaultTargetOptions( i->first, + Firewall::cast(o) ); + + map OSs = Resources::getOS(); + for (i=OSs.begin(); i!=OSs.end(); i++) + Resources::setDefaultTargetOptions( i->first, + Firewall::cast(o) ); + + mw->addFirewallToList(o); + } + }else if (type==Network::TYPENAME) + { + Network *net=dynamic_cast( + om->createObject(type.c_str(),name.c_str()) + ); + assert(net!=NULL); + net->setName(name); + net->setAddress(IPAddress(a)); + net->setNetmask(Netmask(IPAddress(a))); + om->moveObject(m_dialog->libs->currentText(), net); + }else if (type==IPv4::TYPENAME) + { + IPv4 *obj=dynamic_cast( + om->createObject(type.c_str(),name.c_str()) + ); + assert(obj!=NULL); + obj->setName(name); + obj->setAddress(IPAddress(a)); + obj->setNetmask("255.255.255.255"); + om->moveObject(m_dialog->libs->currentText(), obj); + } + } + m_dialog->lastprogress->setValue(t++); + qApp->processEvents(); + } + m_dialog->lastprogress->setValue(Objects.size()); +} + +void DiscoveryDruid::autorename(FWObject *obj, + const string &objtype, + const string &namesuffix) +{ + FWObject *hst = obj->getParent(); + list ol = obj->getByType(objtype); + int sfxn = 1; + + for (list::iterator j=ol.begin(); j!=ol.end(); ++j,sfxn++) + { + QString sfx; + if (ol.size()==1) sfx=""; + else sfx.setNum(sfxn); + QString nn = QString("%1:%2:%3%4") + .arg(QString::fromUtf8(hst->getName().c_str())) + .arg(QString::fromUtf8(obj->getName().c_str())) + .arg(namesuffix.c_str()) + .arg(sfx); + + (*j)->setName(string(nn.toUtf8().constData())); + } + ol.clear(); +} + +void DiscoveryDruid::importPlatformChanged(int cp) +{ + if (fwbdebug) + qDebug("DiscoveryDruid::importPlatformChanged(): %d",cp); + + switch (cp) + { + case 0: + m_dialog->import_text->setText( + QObject::tr("Firewall Builder can import Cisco IOS access lists " + "from the router configuration saved using 'show run' " + "or any other command that saves running config. The name " + "of the created firewall object, all of its interfaces " + "and their addresses will be configured automatically if " + "this information can be found in the configuration file." + ) + ); + break; + case 1: + m_dialog->import_text->setText( + QObject::tr("Firewall Builder can import iptables rules " + "from a file in iptables-save format. Firewall " + "name and addresses of its interfaces need " + "to be configured manually because iptables-save " + "file does not have this information. " + ) + ); + break; + } + +} + +//---------------------------------------------------------------------- +ObjectDescriptor::ObjectDescriptor() {} + +ObjectDescriptor::ObjectDescriptor(const ObjectDescriptor& od) { + have_snmpd = od.have_snmpd; + descr = od.descr; + contact = od.contact; + location = od.location; + sysname = od.sysname; + interfaces = od.interfaces; + MAC_addr = od.MAC_addr; + dns_info.name = od.dns_info.name; + dns_info.aliases = od.dns_info.aliases; + addr = od.addr; + type = od.type; + isSelected = od.isSelected; + netmask = od.netmask; + +} + +#ifdef HAVE_LIBSNMP +ObjectDescriptor::ObjectDescriptor(const libfwbuilder::CrawlerFind& cf) { + have_snmpd = cf.have_snmpd; + descr = cf.descr; + contact = cf.contact; + location = cf.location; + sysname = cf.sysname; + interfaces = cf.interfaces; + MAC_addr = cf.found_phys_addr; + dns_info.name = cf.name; + dns_info.aliases = cf.aliases; +} +#endif + +ObjectDescriptor::~ObjectDescriptor() {}; + +ObjectDescriptor& ObjectDescriptor::operator=(const ObjectDescriptor& od) { + have_snmpd = od.have_snmpd; + descr = od.descr; + contact = od.contact; + location = od.location; + sysname = od.sysname; + interfaces = od.interfaces; + MAC_addr = od.MAC_addr; + dns_info.name = od.dns_info.name; + dns_info.aliases = od.dns_info.aliases; + addr = od.addr; + type = od.type; + isSelected = od.isSelected; + netmask = od.netmask; + + return *this; +} + +// ================================================================ + +WorkerThread::WorkerThread() : QThread() +{ + Log=new QueueLogger(); +} + +WorkerThread::~WorkerThread() +{ + delete Log; +} + +void WorkerThread::setProgress(int p) +{ + ProgressEvent *event=new ProgressEvent(); + event->value=p; + + QApplication::postEvent(Widget,event); +} + +void WorkerThread::done() +{ + DoneEvent *event=new DoneEvent(); + + QApplication::postEvent(Widget,event); +} + +QString WorkerThread::getError() +{ + return last_error; +} + +void WorkerThread::run() +{ + done(); +} + +// ================================================================ + +HostsFileImport::HostsFileImport(const QString &f) : + WorkerThread() +{ + file_name = f; +} + +void HostsFileImport::run() +{ + *Log << "Discovery method:" + << "Read file in hosts format. \n"; + + map > reverse_hosts; + HostsFile *hf; +/* + * read hosts file here + */ + hf=new HostsFile(); + last_error=""; + setProgress(10); + + *Log << "Parsing file: " << file_name.toLatin1().constData() << "\n"; + if (!file_name.isEmpty()) + { + try + { + hf->parse( file_name.toAscii().constData() ); + } catch ( FWException &ex ) + { + last_error = ex.toString().c_str(); + *Log << "Exception: " << last_error.toAscii().constData() << "\n"; + + delete hf; + done(); + return; + } + reverse_hosts=hf->getAll(); + delete hf; + + setProgress(50); + *Log << "Loading the list ...\n"; + /* + * convert map format + */ + hosts.clear(); + + map >::iterator i; + int count=reverse_hosts.size(); + int t=0; + for (i=reverse_hosts.begin(); i!=reverse_hosts.end(); ++i) + { + + ObjectDescriptor od; + od.addr = (*i).first; + od.sysname = ((*i).second).front(); + + hosts.push_back( od ); + + setProgress(50+(t++)*50/count); + } + } + *Log << "done.\n"; + setProgress(100); + + done(); +} + +// ================================================================ + +ConfigImport::ConfigImport(string *b, const std::string &p) : WorkerThread() +{ + buffer = b; + platform = p; +} + +ConfigImport::~ConfigImport() +{ + if (imp) delete imp; + if (buffer) delete buffer; +} + +void ConfigImport::run() +{ + *Log << "Discovery method:" + << "Import firewall configuration. \n"; + + std::istringstream instream(*buffer); + imp = NULL; + if (platform == "iosacl") imp = new IOSImporter(om->getCurrentLib(), + instream, + Log); + if (platform == "iptables") imp = new IPTImporter(om->getCurrentLib(), + instream, + Log); + + // add other platforms here when available + + if (imp) + { + try + { + imp->run(); + } catch(ImporterException &e) + { + last_error = e.toString().c_str(); + *Log << "Parser error:\n"; + *Log << e.toString() << "\n"; + } + + } else + { + *Log << "Can not import configuration for choosen platform\n"; + } + + done(); +} diff --git a/src/gui/DiscoveryDruid.h b/src/gui/DiscoveryDruid.h new file mode 100644 index 000000000..9a8ebc2bd --- /dev/null +++ b/src/gui/DiscoveryDruid.h @@ -0,0 +1,306 @@ +/* + + Firewall Builder + + Copyright (C) 2005 NetCitadel, LLC + + Author: Illiya Yalovoy + + $Id: DiscoveryDruid.h,v 1.17 2007/06/13 02:58:48 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __DISCOVERYDRUID_H_ +#define __DISCOVERYDRUID_H_ + +#include "config.h" +#include +#include + +#include +#include +#include + +#include "fwbuilder/Interface.h" +#include "fwbuilder/dns.h" +#include "fwbuilder/snmp.h" +#include "fwbuilder/IPAddress.h" +#include "fwbuilder/Logger.h" + +#include "FilterDialog.h" +#include "fakeWizard.h" + +#include +#include + + +using namespace std; +using namespace libfwbuilder; + +class Importer; + +// ---------------- OBJECT DESCRIPTOR ------------------ // + +class ObjectDescriptor +{ + public: + + bool have_snmpd ; + string descr, contact, location, sysname ; + string type; + bool isSelected; + + + map interfaces ; + + string MAC_addr ; + libfwbuilder::HostEnt dns_info ; + libfwbuilder::IPAddress addr ; + libfwbuilder::Netmask netmask ; + + + ObjectDescriptor(); + ObjectDescriptor(const ObjectDescriptor& od); + + std::string toString() + { + ostringstream ost; + ost << sysname; + //if(interfaces.size()>1) + // ost <<" [" <(ProgressEv)) {value=0;} + int value; +}; + +class DoneEvent : public QEvent +{ + public: + DoneEvent():QEvent(static_cast(DoneEv)) {} +}; + + +// ---------------- WORKER THREAD ------------------ // + +typedef enum {BT_NONE,BT_HOSTS,BT_DNS,BT_SNMP,BT_IMPORT} BackgroundTask; + +class WorkerThread : public QThread, QObject +{ + QWidget *Widget; + +protected: + QString last_error; + +public: + Logger *Log; + + void setProgress(int p); + void done(); + void setTargetWidget(QWidget *w) {Widget=w;} + QString getError(); + WorkerThread(); + virtual ~WorkerThread(); + + virtual void run(); +}; + +class HostsFileImport : public WorkerThread +{ + QString file_name; + +public: + vector hosts; + + HostsFileImport(const QString &f); + + virtual void run(); +}; + +class ConfigImport : public WorkerThread +{ + std::string *buffer; + Importer *imp; + std::string platform; + +public: + ConfigImport(std::string *buffer, const std::string &platform); + virtual ~ConfigImport(); + + virtual void run(); + Importer* getImporterObject() { return imp; } +}; + +// ---------------- DISCOVERY DRUID ------------------ // + +class DiscoveryDruid : public QDialog, public FakeWizard +{ + Q_OBJECT +private: + WorkerThread *thread; + BackgroundTask current_task; + Filter * flt_obj; + Filter * flt_last; + Filter * flt_net; + FilterDialog * flt_obj_d; + FilterDialog * flt_last_d; + FilterDialog * flt_net_d; + Ui::DiscoveryDruid_q * m_dialog; + QButtonGroup * dm_method; + + bool isSeedHostOK; + bool isSNMPInclNetOK; + bool userIsTyping; + + //QueueLogger * logger; + Logger * logger; + BackgroundOp *bop; + + QHostInfo *dns; + + int FromPage; + QMap Objects; + QMap Networks; + QMap NameServers; + vector include_networks; + + QTimer* timer; + QTimer* prg_timer; + int unProg; + QProgressBar *unBar; + QLabel *errMessage; + QString HostName; + + void setDiscoveryMethod_file(); + void setDiscoveryMethod_DNS(); + void setDiscoveryMethod_SNMP(); + void setDiscoveryMethod_Import(); + + void startBackgroundProcess(); + void DataFromCrawler(); + int monitorOperation(); + void autorename(FWObject *obj,const string &objtype,const string &namesuffix); + void restore(); + void save(); + +public: + + DiscoveryDruid(QWidget *parent, bool start_with_import=false); + virtual ~DiscoveryDruid(); + void fillListOfObjects(); + void fillTypeChangingList(); + void fillObjects(); + void fillNetworks(); + void loadDataFromFile(); + void loadDataFromImporter(); + void loadDataFromCrawler(); + void loadDataFromDNS(); + void fillListOfNetworks(); + void createRealObjects(); +// void stripObjects(); + void getNameServers(); + IPAddress getNS(); + IPAddress getSeedHostAddress(); + bool isIPAddress(const QString s); + QString testIPAddress(const QString s); + + virtual void customEvent(QEvent *event); + + +public slots: + virtual void changedSelected( const int &page ); + virtual void changedDiscoveryMethod(int); + virtual void browseHostsFile(); + virtual void browseForImport(); + virtual void saveScanLog(); + virtual void startHostsScan(); + virtual void startDNSScan(); + virtual void startSNMPScan(); + virtual void startConfigImport(); + virtual void importPlatformChanged(int cp); + + virtual void changedDomainName(); + virtual void changedHostsFileName(); + virtual void changedSNMPOptions(); + virtual void changedSeedHost(); + virtual void changedInclNet(); + virtual void stopBackgroundProcess(); + virtual void addNetwork(); + virtual void removeNetwork(); + virtual void setNetworkFilter(); + virtual void removeNetworkFilter(); + virtual void setLastFilter(); + virtual void removeLastFilter(); + virtual void addObject(); + virtual void removeObject(); + virtual void setObjectFilter(); + virtual void removeObjectFilter(); + virtual void updateLog(); + virtual void updatePrg(); + virtual void checkHostName(); + virtual void checkSNMPCommunity(); + virtual void selectAllResNets(); + virtual void selectAllNets(); + virtual void selectAllResObjs(); + virtual void selectAllObjs(); + virtual void selectAllLast(); + virtual void unselectAllLast(); + virtual void changeTargetObject(const QString &buf); + virtual void typeAddress(); + virtual void typeHost(); + virtual void typeFirewall(); + virtual void dnsFinish(QHostInfo); + virtual void changedNameServer(); + virtual void typedCustomNS(); +// virtual void createObjects(const QString &buf); + + virtual void nextClicked(); + virtual void backClicked(); + virtual void cancelClicked(); + virtual void finishClicked(); + signals: + + +}; +const int WIZARD_PAGES=13; +const bool WIZARD_FILE_PAGES[] = {1,1,0,0,0,0,0,0,1,0,1,0,1,1}; +const bool WIZARD_DNS_PAGES[] = {1,0,0,1,1,0,0,0,1,0,1,0,1,1}; +const bool WIZARD_SNMP_PAGES[] = {1,0,0,0,0,1,1,1,1,1,1,1,1,1}; +const bool WIZARD_IMPORT_PAGES[] = {1,0,1,0,0,0,0,0,1,0,0,0,0,0}; + + + +#endif diff --git a/src/gui/FWBAboutDialog.h b/src/gui/FWBAboutDialog.h new file mode 100644 index 000000000..7976734e5 --- /dev/null +++ b/src/gui/FWBAboutDialog.h @@ -0,0 +1,38 @@ +/**************************************************************************** +*****************************************************************************/ + +#include +#include "fwbuilder/Constants.h" +#include "VERSION.h" +#include "build_num" + +class FWBAboutDialog: public QDialog { + Q_OBJECT + +public: + Ui::AboutDialog_q *m_aboutDialog; + + FWBAboutDialog() + { + m_aboutDialog = new Ui::AboutDialog_q; + + m_aboutDialog->setupUi(this); + + //it was the "init" method of AboutDialog_q: + m_aboutDialog->titleLbl->setText( QString("Firewall Builder v%1").arg(VERSION) ); + m_aboutDialog->revLbl->setText( tr("Revision: %1 ( Build: %2 )").arg(RELEASE_NUM).arg(BUILD_NUM) ); + + m_aboutDialog->apiLbl->setText( tr("Using Firewall Builder API %1").arg(libfwbuilder::Constants::getLibraryVersion().c_str() ) ); + +#ifdef ELC + // TODO(vadim): add UI element to print 'Registered' or 'Unregistered' + // to the About dialog. + //if (registered) reg->setText(tr("Registered")); + //else reg->setText(tr("Unregistered")); +#endif + + setWindowTitle(QString("Firewall Builder: About...")); + adjustSize(); + }; + ~FWBAboutDialog() { delete m_aboutDialog; }; +}; diff --git a/src/gui/FWBMainWindow_q.ui b/src/gui/FWBMainWindow_q.ui new file mode 100644 index 000000000..ed96e57da --- /dev/null +++ b/src/gui/FWBMainWindow_q.ui @@ -0,0 +1,1970 @@ + + FWBMainWindow_q + + + true + + + + 0 + 0 + 741 + 756 + + + + + 7 + 5 + 0 + 0 + + + + + 0 + 0 + + + + Firewall Builder + + + + + + + + 0 + + + 0 + + + + + + 3 + 5 + 0 + 0 + + + + QFrame::StyledPanel + + + QFrame::Sunken + + + + 0 + + + 0 + + + + + + 5 + 5 + 0 + 0 + + + + + 100 + 16 + + + + QFrame::Plain + + + 0 + + + Qt::Horizontal + + + + + 150 + 16 + + + + QFrame::NoFrame + + + QFrame::Plain + + + + 0 + + + 0 + + + + + QFrame::StyledPanel + + + QFrame::Raised + + + + 2 + + + 0 + + + + + + 0 + 0 + 0 + 0 + + + + Click here to change amount of information shown about object selected in the tree + + + + + + :/Icons/info_25.png + + + true + + + + + + + Qt::Horizontal + + + QSizePolicy::Fixed + + + + 8 + 20 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + + + + 7 + 7 + 0 + 0 + + + + + 1 + 10 + + + + Qt::Vertical + + + + + 7 + 7 + 0 + 0 + + + + QFrame::StyledPanel + + + QFrame::Raised + + + + + + 7 + 7 + 0 + 0 + + + + QFrame::StyledPanel + + + QFrame::Raised + + + + + + + + + + 3 + 5 + 0 + 0 + + + + + 16 + 16 + + + + QFrame::NoFrame + + + QFrame::Plain + + + + 0 + + + 0 + + + + + 0 + + + 0 + + + + + + 7 + 5 + 0 + 0 + + + + + 75 + true + + + + Firewall Name + + + Qt::AlignCenter + + + false + + + + + + + Qt::Horizontal + + + QSizePolicy::Fixed + + + + 20 + 20 + + + + + + + + + 1 + 5 + 0 + 0 + + + + Firewalls: + + + false + + + + + + + + 0 + 0 + 0 + 0 + + + + + 200 + 0 + + + + + + + + + + + + + + 5 + 7 + 0 + 0 + + + + + Tab 1 + + + + + + + + + 5 + 0 + 0 + 0 + + + + + 0 + 160 + + + + + 32767 + 160 + + + + QFrame::Box + + + QFrame::Plain + + + + 11 + + + 0 + + + + + + + + + 5 + 5 + 0 + 0 + + + + QFrame::NoFrame + + + QFrame::Plain + + + + 0 + + + 0 + + + + + + 5 + 0 + 0 + 0 + + + + Qt::StrongFocus + + + QFrame::NoFrame + + + + + + + + 0 + + + 10 + + + + + Qt::Horizontal + + + QSizePolicy::Fixed + + + + 40 + 20 + + + + + + + + + 0 + 0 + 0 + 0 + + + + + 0 + 0 + + + + Apply + + + + + + + + 0 + 0 + 0 + 0 + + + + Close + + + + + + + Qt::Horizontal + + + QSizePolicy::MinimumExpanding + + + + 400 + 20 + + + + + + + + + + + + + + + + + + + + QFrame::HLine + + + QFrame::Sunken + + + 1 + + + Qt::Horizontal + + + + + + + + Qt::Horizontal + + + 4 + + + + + + + + + + + + + 0 + 0 + 741 + 32 + + + + + &Edit + + + + + + + + + + + + + + + Object + + + + + + + + + + Tools + + + + + + + &Help + + + + + + + Rules + + + + + + + + + + + + + + + + + &File + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + &New Object File + + + New Object File + + + + + + + + &Open... + + + Open + + + Ctrl+O + + + + + + + + &Save + + + Save + + + Ctrl+S + + + + + Save &As... + + + Save As + + + + + + + + true + + + &Print... + + + Print + + + Ctrl+P + + + + + E&xit + + + Exit + + + + + + + + false + + + &Undo + + + Undo + + + Ctrl+Z + + + + + false + + + &Redo + + + Redo + + + Ctrl+Y + + + + + &Cut + + + Cut + + + Ctrl+X + + + + + false + + + C&opy + + + Copy + + + Ctrl+C + + + + + &Paste + + + Paste + + + Ctrl+V + + + + + + + + + + + Ctrl+F + + + + + &Contents... + + + Contents + + + + + + + + &Index... + + + Index + + + + + + + + &About + + + About + + + + + + + + newfile_25.png + + + New + + + New + + + + + :/Icons/openfile_25.png + + + Open + + + Open + + + + + :/Icons/save_25.png + + + Save + + + Save + + + + + &Close + + + Close + + + + + :/Icons/compile_25.png + + + Compile + + + Compile + + + Compile rules + + + + + :/Icons/install_25.png + + + Install + + + Install + + + Install firewall policy + + + + + false + + + back_25.png + + + Back + + + Back + + + Move back to the previous object + + + Move back to the previous object + + + + + + + + &New Object + + + New Object + + + Create New Object + + + Ctrl+N + + + + + :/Icons/search_25.png + + + &Find Object + + + Find Object + + + Find object in the tree + + + Find object in the tree + + + Ctrl+F + + + + + P&references... + + + Preferences... + + + Edit Preferences + + + + + Insert Rule + + + Insert Rule + + + + + Move Rule Up + + + Move Rule Up + + + + + Move Rule Down + + + Move Rule Down + + + + + Add Rule Below + + + Add Rule Below + + + + + Remove Rule + + + Remove Rule + + + Ctrl+Del + + + + + Copy Rule + + + Copy Rule + + + + + Cut Rule + + + Cut Rule + + + + + Paste Rule Above + + + Paste Rule Above + + + + + Paste Rule Below + + + Paste Rule Below + + + + + Add File to &RCS + + + Add File to RCS + + + + + Delete + + + Delete + + + + + &Export Library + + + Export Library To a File + + + + + &Import Library + + + Import Library From a File + + + + + &Debug + + + Debug + + + + + &Properties + + + &Properties + + + Show File Properties + + + + + Move Selected Rules + + + Move Selected Rules + + + + + &Discard + + + Discard + + + Discard Changes and Overwrite With Clean Copy Of The Head Revision From RCS + + + + + Co&mmit + + + Commit + + + Commit Opened File to RCS and Continue Editing + + + + + Lock + + + Lock + + + + + Unlock + + + Unlock + + + + + Discovery Druid + + + Discovery Druid + + + + + new item + + + new item + + + + + Find Conflicting Objects in Two Files + + + Find Conflicting Objects in Two Files + + + + + Import Po&licy + + + + + + + + + + addRuleAfterCurrentAction + triggered() + FWBMainWindow_q + addRuleAfterCurrent() + + + -1 + -1 + + + 20 + 20 + + + + + addToRCSAction + triggered() + FWBMainWindow_q + fileAddToRCS() + + + -1 + -1 + + + 20 + 20 + + + + + compileAction + triggered() + FWBMainWindow_q + compile() + + + -1 + -1 + + + 20 + 20 + + + + + copyRuleAction + triggered() + FWBMainWindow_q + copyRule() + + + -1 + -1 + + + 20 + 20 + + + + + cutRuleAction + triggered() + FWBMainWindow_q + cutRule() + + + -1 + -1 + + + 20 + 20 + + + + + debugAction + triggered() + FWBMainWindow_q + debug() + + + -1 + -1 + + + 20 + 20 + + + + + DiscoveryDruidAction + triggered() + FWBMainWindow_q + toolsDiscoveryDruid() + + + -1 + -1 + + + 20 + 20 + + + + + editCopyAction + triggered() + FWBMainWindow_q + editCopy() + + + -1 + -1 + + + 20 + 20 + + + + + editCutAction + triggered() + FWBMainWindow_q + editCut() + + + -1 + -1 + + + 20 + 20 + + + + + editDeleteAction + triggered() + FWBMainWindow_q + editDelete() + + + -1 + -1 + + + 20 + 20 + + + + + editFindAction + triggered() + FWBMainWindow_q + editFind() + + + -1 + -1 + + + 20 + 20 + + + + + editPasteAction + triggered() + FWBMainWindow_q + editPaste() + + + -1 + -1 + + + 20 + 20 + + + + + editPrefsAction + triggered() + FWBMainWindow_q + editPrefs() + + + -1 + -1 + + + 20 + 20 + + + + + editRedoAction + triggered() + FWBMainWindow_q + editRedo() + + + -1 + -1 + + + 20 + 20 + + + + + editUndoAction + triggered() + FWBMainWindow_q + editUndo() + + + -1 + -1 + + + 20 + 20 + + + + + fileCloseAction + triggered() + FWBMainWindow_q + fileClose() + + + -1 + -1 + + + 20 + 20 + + + + + fileCommitAction + triggered() + FWBMainWindow_q + fileCommit() + + + -1 + -1 + + + 20 + 20 + + + + + fileCompareAction + triggered() + FWBMainWindow_q + fileCompare() + + + -1 + -1 + + + 20 + 20 + + + + + fileDiscardAction + triggered() + FWBMainWindow_q + fileDiscard() + + + -1 + -1 + + + 20 + 20 + + + + + fileExitAction + triggered() + FWBMainWindow_q + fileExit() + + + -1 + -1 + + + 20 + 20 + + + + + fileNewAction + triggered() + FWBMainWindow_q + fileNew() + + + -1 + -1 + + + 20 + 20 + + + + + fileOpenAction + triggered() + FWBMainWindow_q + fileOpen() + + + -1 + -1 + + + 20 + 20 + + + + + filePrintAction + triggered() + FWBMainWindow_q + filePrint() + + + -1 + -1 + + + 20 + 20 + + + + + filePropAction + triggered() + FWBMainWindow_q + fileProp() + + + -1 + -1 + + + 20 + 20 + + + + + fileSaveAction + triggered() + FWBMainWindow_q + fileSave() + + + -1 + -1 + + + 20 + 20 + + + + + fileSaveAsAction + triggered() + FWBMainWindow_q + fileSaveAs() + + + -1 + -1 + + + 20 + 20 + + + + + fwList + activated(int) + FWBMainWindow_q + openFirewall(int) + + + 20 + 20 + + + 20 + 20 + + + + + helpAboutAction + triggered() + FWBMainWindow_q + helpAbout() + + + -1 + -1 + + + 20 + 20 + + + + + helpContentsAction + triggered() + FWBMainWindow_q + helpContents() + + + -1 + -1 + + + 20 + 20 + + + + + helpIndexAction + triggered() + FWBMainWindow_q + helpIndex() + + + -1 + -1 + + + 20 + 20 + + + + + infoStyleButton + clicked() + FWBMainWindow_q + changeInfoStyle() + + + 20 + 20 + + + 20 + 20 + + + + + insertRuleAction + triggered() + FWBMainWindow_q + insertRule() + + + -1 + -1 + + + 20 + 20 + + + + + installAction + triggered() + FWBMainWindow_q + install() + + + -1 + -1 + + + 20 + 20 + + + + + libExportAction + triggered() + FWBMainWindow_q + fileExport() + + + -1 + -1 + + + 20 + 20 + + + + + libImportAction + triggered() + FWBMainWindow_q + fileImport() + + + -1 + -1 + + + 20 + 20 + + + + + moveRuleAction + triggered() + FWBMainWindow_q + moveRule() + + + -1 + -1 + + + 20 + 20 + + + + + moveRuleUpAction + triggered() + FWBMainWindow_q + moveRuleUp() + + + -1 + -1 + + + 20 + 20 + + + + + newObjectAction + triggered() + FWBMainWindow_q + newObject() + + + -1 + -1 + + + 20 + 20 + + + + + ObjectLockAction + triggered() + FWBMainWindow_q + lockObject() + + + -1 + -1 + + + 20 + 20 + + + + + ObjectUnlockAction + triggered() + FWBMainWindow_q + unlockObject() + + + -1 + -1 + + + 20 + 20 + + + + + pasteRuleAboveAction + triggered() + FWBMainWindow_q + pasteRuleAbove() + + + -1 + -1 + + + 20 + 20 + + + + + pasteRuleBelowAction + triggered() + FWBMainWindow_q + pasteRuleBelow() + + + -1 + -1 + + + 20 + 20 + + + + + removeRuleAction + triggered() + FWBMainWindow_q + removeRule() + + + -1 + -1 + + + 20 + 20 + + + + + ruleSets + currentChanged(int) + FWBMainWindow_q + ruleSetTabChanged(int) + + + 20 + 20 + + + 20 + 20 + + + + + toolbarFileNew + triggered() + FWBMainWindow_q + fileNew() + + + -1 + -1 + + + 20 + 20 + + + + + toolbarFileOpen + triggered() + FWBMainWindow_q + fileOpen() + + + -1 + -1 + + + 20 + 20 + + + + + toolbarFileSave + triggered() + FWBMainWindow_q + fileSave() + + + -1 + -1 + + + 20 + 20 + + + + + policyImportAction + triggered() + FWBMainWindow_q + importPolicy() + + + -1 + -1 + + + 20 + 20 + + + + + diff --git a/src/gui/FWBSettings.cpp b/src/gui/FWBSettings.cpp new file mode 100644 index 000000000..fe83291a4 --- /dev/null +++ b/src/gui/FWBSettings.cpp @@ -0,0 +1,531 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: FWBSettings.cpp,v 1.47 2006/06/26 03:21:00 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "../../config.h" +#include "global.h" + +#include "FWBSettings.h" +#include "FWWindow.h" +#include "ObjectManipulator.h" + +#include "fwbuilder/FWObjectDatabase.h" + +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#ifdef _WIN32 +# include +# include +# include +#else +# include // for access(2) +#endif + +#include + +using namespace std; +using namespace libfwbuilder; + +/* + * Note: + * + * We need to keep installation data and program settings in registry + * folders with different names. QSettings always looks into Current + * User registry first, so if the folders have the same names, then we + * store evaluation key in Current User, while it is better to put it + * in the Local Machine branch. + * + * So, installation data goes to HKLM Software\NetCitadel\FirewallBuilder + * and settings to HKCU Software\NetCitadel\FirewallBuilder2 + * + * fwbuilder-lm determines folder path for the license file by + * reading key Install_Dir under HKLM Software\NetCitadel\FirewallBuilder + */ + +const char* DTDSetpath = SETTINGS_PATH_PREFIX "/System/DTDPath"; +const char* ResSetpath = SETTINGS_PATH_PREFIX "/System/ResPath"; +const char* wdirSetpath = SETTINGS_PATH_PREFIX "/Environment/WDir"; +const char* ofdirSetpath = SETTINGS_PATH_PREFIX "/Environment/OpenFileDir"; +const char* sfdirSetpath = SETTINGS_PATH_PREFIX "/Environment/SaveFileDir"; +const char* startupActionSetpath = SETTINGS_PATH_PREFIX "/Environment/StartupAction"; +const char* labelColorPath = SETTINGS_PATH_PREFIX "/ColorLabels/color_"; +const char* labelTextPath = SETTINGS_PATH_PREFIX "/ColorLabels/text_"; +const char* lastEditedSetpath = SETTINGS_PATH_PREFIX "/Environment/LastEdited"; +const char* autoSave = SETTINGS_PATH_PREFIX "/Environment/autoSave"; +const char* expandTreeSetpath = SETTINGS_PATH_PREFIX "/UI/ExpandTree"; +const char* MergeLibsSetpath = SETTINGS_PATH_PREFIX "/UI/MergeLibraries"; +const char* infoStyleSetpath = SETTINGS_PATH_PREFIX "/UI/InfoWindowStyle"; +const char* infoWindowHSetpath = SETTINGS_PATH_PREFIX "/UI/InfoWindowHeight"; +const char* groupModeSetpath = SETTINGS_PATH_PREFIX "/UI/GroupViewMode"; +const char* groupColsSetpath = SETTINGS_PATH_PREFIX "/UI/GroupViewColumns"; +const char* objTooltips = SETTINGS_PATH_PREFIX "/UI/objTooltips"; +const char* tooltipDelay = SETTINGS_PATH_PREFIX "/UI/tooltipDelay"; +const char* emptyRCSLog = SETTINGS_PATH_PREFIX "/RCS/emptyLog"; +const char* dontSaveStdLib = SETTINGS_PATH_PREFIX "/DataFormat/dontSaveStdLib"; +const char* WindowGeometrySetpath= SETTINGS_PATH_PREFIX "/Layout/"; +const char* screenPositionSetpath= SETTINGS_PATH_PREFIX "/ScreenPos/"; + +const char* SSHPath = SETTINGS_PATH_PREFIX "/SSH/SSHPath"; + +FWBSettings::FWBSettings() : QSettings(QSettings::UserScope, "netcitadel.com", "Firewall Builder") +{ +// writeEntry( DTDSetpath, librespath.c_str() ); +// writeEntry( ResSetpath, respath.c_str() ); +} + +/** + * to preserve behavior of the old versions of fwbuilder on Unix, the + * default working dir is set to "." - current dir. + * + * On Windows default working dir is set to + * "Documents and settings/USERNAME/Firewalls" + */ +void FWBSettings::init() +{ + bool ok=false; +/* + QString defwd = +#ifdef _WIN32 + QString(getenv("HOMEPATH"))+"/Firewalls"; +#else + ""; +#endif + QString wd = readEntry(wdirSetpath,defwd, &ok); + if (!ok) writeEntry(wdirSetpath, defwd ); +*/ + + ok = contains(infoStyleSetpath); + if (!ok) setValue(infoStyleSetpath,2); + + ok = contains(infoWindowHSetpath); + if (!ok) setValue(infoWindowHSetpath,200); + + ok = contains(dontSaveStdLib); + if (!ok) setDontSaveStdLib(true); + + ok = contains(startupActionSetpath); + if (!ok) setStartupAction(2); + +#ifdef _WIN32 + QString wd = getWDir().replace('/','\\'); +#else + QString wd = getWDir(); +#endif + if ( ! wd.isEmpty()) + { + QDir wdir(wd); + if (!wdir.exists() && !wdir.mkdir(wd)) + { + QString err= QString(QObject::tr("Working directory %1 does not exist and could not be created.\nIgnoring this setting.")).arg(wd.toLatin1().constData()); + + if (app != NULL) + { + QMessageBox::critical( 0,"Firewall Builder", err, + "&Continue", 0, 0, 0 ); + } else + { + qDebug( err.toAscii().constData() ); + } + setWDir(""); + } + } + + QString c; + if (getLabelColor(RED ).isEmpty()) + { setLabelColor(RED ,"#C86E6E"); setLabelText(RED ,"Red"); } + if (getLabelColor(ORANGE).isEmpty()) + { setLabelColor(ORANGE,"#C08B5A"); setLabelText(ORANGE,"Orange"); } + if (getLabelColor(YELLOW).isEmpty()) + { setLabelColor(YELLOW,"#C0BA44"); setLabelText(YELLOW,"Yellow"); } + if (getLabelColor(GREEN ).isEmpty()) + { setLabelColor(GREEN ,"#8BC065"); setLabelText(GREEN ,"Green"); } + if (getLabelColor(BLUE ).isEmpty()) + { setLabelColor(BLUE ,"#7694C0"); setLabelText(BLUE ,"Blue"); } + if (getLabelColor(PURPLE).isEmpty()) + { setLabelColor(PURPLE,"#A37EC0"); setLabelText(PURPLE,"Purple"); } + if (getLabelColor(GRAY ).isEmpty()) + { setLabelColor(GRAY ,"#C0C0C0"); setLabelText(GRAY ,"Gray"); } + +#ifndef _WIN32 + if (getSSHPath().isEmpty()) setSSHPath("ssh"); +#endif +} + +QString FWBSettings::getStr(const QString &attribute) +{ + QString path=SETTINGS_PATH_PREFIX "/"+attribute; + return value(path).toString(); +} + +void FWBSettings::setStr(const QString &attribute, + const QString &val) +{ + QString path=SETTINGS_PATH_PREFIX "/"+attribute; + setValue(path,val); +} + +bool FWBSettings::getBool(const QString &attribute) +{ + QString path=SETTINGS_PATH_PREFIX "/"+attribute; + return value(path).toBool(); +} + +void FWBSettings::setBool(const QString &attribute, bool val ) +{ + QString path=SETTINGS_PATH_PREFIX "/"+attribute; + setValue(path,val); +} + + +int FWBSettings::getInt(const QString &attribute) +{ + QString path=SETTINGS_PATH_PREFIX "/"+attribute; + return value(path).toInt(); +} + +void FWBSettings::setInt(const QString &attribute, int val ) +{ + QString path=SETTINGS_PATH_PREFIX "/"+attribute; + setValue(path,val); +} + + + +QString FWBSettings::getWDir() { return value(wdirSetpath).toString();} +void FWBSettings::setWDir( const QString &wd ) { setValue(wdirSetpath,wd);} +int FWBSettings::getInfoStyle() { return value(infoStyleSetpath).toInt();} +void FWBSettings::setInfoStyle(int s) { setValue(infoStyleSetpath,s);} +int FWBSettings::getInfoWindowHeight() { return value(infoWindowHSetpath).toInt();} +void FWBSettings::setInfoWindowHeight(int h) { setValue(infoWindowHSetpath,h);} + +QString FWBSettings::getGroupViewMode() { return value(groupModeSetpath).toString();} +void FWBSettings::setGroupViewMode(const QString &m) { setValue(groupModeSetpath,m);} + +QString FWBSettings::getGroupViewColumns() { return value(groupColsSetpath).toString();} +void FWBSettings::setGroupViewColumns(const QString &m) { setValue(groupColsSetpath,m);} + + +int FWBSettings::getStartupAction() { return value(startupActionSetpath).toInt();} +void FWBSettings::setStartupAction(int sa) { setValue( startupActionSetpath , sa );} + +int FWBSettings::getExpandTree() { return value(expandTreeSetpath).toInt(); } +void FWBSettings::setExpandTree(int f) { setValue( expandTreeSetpath , f ); } + +int FWBSettings::getMergeLibs() { return value(MergeLibsSetpath).toInt(); } +void FWBSettings::setMergeLibs(int f) { setValue( MergeLibsSetpath , f ); } + +bool FWBSettings::getObjTooltips() { return value( objTooltips ).toBool();} +void FWBSettings::setObjTooltips(bool f) { setValue( objTooltips, f); } + +int FWBSettings::getTooltipDelay() { return value( tooltipDelay ).toInt(); } +void FWBSettings::setTooltipDelay(int v) { setValue( tooltipDelay, v); } + + +QString FWBSettings::getLastEdited() { return value(lastEditedSetpath).toString();} +void FWBSettings::setLastEdited(const QString &file) { setValue(lastEditedSetpath,file);} + +QString FWBSettings::getOpenFileDir() +{ + return value(ofdirSetpath).toString(); +} + +void FWBSettings::setOpenFileDir( const QString &d ) +{ + setValue(ofdirSetpath,d); +} + +QString FWBSettings::getSaveFileDir() +{ + return value(sfdirSetpath).toString(); +} + +void FWBSettings::setSaveFileDir( const QString &d ) +{ + setValue(sfdirSetpath,d); +} + + +void FWBSettings::save() +{ + setLastEdited( mw->db()->getFileName().c_str() ); + + if (getInfoStyle()!=0) setInfoWindowHeight(oi->geometry().height()); +} + +bool FWBSettings::getRCSLogState() { return value( emptyRCSLog ).toBool(); } +void FWBSettings::setRCSLogState(bool f) { setValue( emptyRCSLog , f ); } + +bool FWBSettings::getAutoSave() { return value( autoSave ).toBool(); } +void FWBSettings::setAutoSave(bool f) { setValue( autoSave, f); } + +bool FWBSettings::getDontSaveStdLib() {return value(dontSaveStdLib).toBool();} +void FWBSettings::setDontSaveStdLib( bool f) { setValue(dontSaveStdLib,f);} + +bool FWBSettings::haveScreenPosition(const QString &wname) +{ + QString val = value(QString(screenPositionSetpath)+wname ).toString(); + bool res=(!val.isEmpty()); + + if (fwbdebug) + { + qDebug("FWBSettings::haveScreenPosition wname '%s' ret=%d", + wname.toLatin1().constData(), res); + } + + return res; +} + +QPoint FWBSettings::getScreenPosition(const QString &wname) +{ + QString val = value(QString(screenPositionSetpath)+wname ).toString(); + int x = val.section(',',0,0).toInt(); + int y = val.section(',',1,1).toInt(); + int width = 150; // won't get closer to the screen edge than this + int height = 150; + + QDesktopWidget *d = QApplication::desktop(); +// get geometry of the screen that contains mw + QRect sg = d->screenGeometry(mw); + + if (x+width > sg.width()) x=sg.width()-width; + if (y+height > sg.height()) y=sg.height()-height; + if (x<0) x=(sg.width()-width)/2; + if (y<0) y=(sg.height()-height)/2; + + if (fwbdebug) + { + qDebug("FWBSettings::getScreenPosition wname '%s' x=%d y=%d", + wname.toLatin1().constData(), x,y ); + } + + return QPoint(x,y); +} + +void FWBSettings::saveScreenPosition(const QString &wname, const QPoint &p) +{ + int x = p.x(); + int y = p.y(); + if (x<0) x=0; + if (y<0) y=0; + + QString val =QString("%1,%2").arg(x).arg(y); + + if (fwbdebug) + { + qDebug("FWBSettings::saveScreenPosition wname '%s' x=%d y=%d", + wname.toLatin1().constData(), x,y ); + } + + setValue(QString(screenPositionSetpath)+wname, val ); +} + +bool FWBSettings::haveGeometry(QWidget *w) +{ + QString name=w->objectName(); + QString val = value(QString(WindowGeometrySetpath)+name,"").toString(); + return (!val.isEmpty()); +} + +void FWBSettings::restoreGeometry(QWidget *w) +{ + QString name=w->objectName(); + QString val = value(QString(WindowGeometrySetpath)+name ).toString(); + int x = val.section(',',0,0).toInt(); + int y = val.section(',',1,1).toInt(); + int width = val.section(',',2,2).toInt(); + int height = val.section(',',3,3).toInt(); + + QDesktopWidget *d = QApplication::desktop(); +// get geometry of the screen that contains mw + QRect sg = d->screenGeometry(mw); + + if (x+width > sg.width()) x=sg.width()-width; + if (y+height > sg.height()) y=sg.height()-height; + if (x<0) x=(sg.width()-width)/2; + if (y<0) y=(sg.height()-height)/2; + + if (fwbdebug) + { + qDebug("FWBSettings::restoreGeometry widget '%s' vis=%d x=%d y=%d", + name.toAscii().constData(), w->isVisible(), x,y); + } + + w->resize( QSize(width,height) ); + w->move( QPoint(x,y) ); +} + +void FWBSettings::restoreGeometry(QWidget *w, const QRect &dg) +{ + QString name=w->objectName(); + QString defval =QString("%1,%2,%3,%4") + .arg(dg.x()).arg(dg.y()).arg(dg.width()).arg(dg.height()); + + QString val = value(QString(WindowGeometrySetpath)+name , defval ).toString(); + int x = val.section(',',0,0).toInt(); + int y = val.section(',',1,1).toInt(); + int width = val.section(',',2,2).toInt(); + int height = val.section(',',3,3).toInt(); + + QDesktopWidget *d = QApplication::desktop(); +// get geometry of the screen that contains mw + QRect sg = d->screenGeometry(mw); + + if (x+width > sg.width()) x=sg.width()-width; + if (y+height > sg.height()) y=sg.height()-height; + if (x<0) x=(sg.width()-width)/2; + if (y<0) y=(sg.height()-height)/2; + + if (fwbdebug) + { + qDebug("FWBSettings::restoreGeometry widget '%s' vis=%d x=%d y=%d", + name.toAscii().constData(), w->isVisible(), x,y); + } + +// w->setGeometry( QRect(x,y,width,height) ); + + w->resize( QSize(width,height) ); + w->move( QPoint(x,y) ); +} + +void FWBSettings::saveGeometry(QWidget *w) +{ + QString name = w->objectName(); +// QRect g = w->geometry(); +// g.moveTopLeft(w->frameGeometry().topLeft()); + QPoint p = w->pos(); + QSize s = w->size(); + + int x = p.x(); + int y = p.y(); + if (x<0) x=0; + if (y<0) y=0; + + QString val =QString("%1,%2,%3,%4") + .arg(p.x()) + .arg(p.y()) + .arg(s.width()) + .arg(s.height()); + + if (fwbdebug) + { + qDebug("FWBSettings::saveGeometry widget '%s' vis=%d val=%s", + name.toAscii().constData(), w->isVisible(), val.toAscii().constData()); + } + + setValue(QString(WindowGeometrySetpath)+name, val); +} + + +QString FWBSettings::getLabelColorStr(enum LabelColors c) +{ + switch (c) + { + case RED: return "red"; + case ORANGE: return "orange"; + case YELLOW: return "yellow"; + case GREEN: return "green"; + case BLUE: return "blue"; + case PURPLE: return "purple"; + case GRAY: return "gray"; + default: return "default"; + } +} + +QString FWBSettings::getLabelColor(enum LabelColors c) +{ + return value(QString(labelColorPath) + getLabelColorStr(c)).toString(); +} + +void FWBSettings::setLabelColor(enum LabelColors c,const QString &s) +{ + setValue(QString(labelColorPath) + getLabelColorStr(c), s); +} + +QString FWBSettings::getLabelText(enum LabelColors c) +{ + return value(QString(labelTextPath) + getLabelColorStr(c)).toString(); +} + +void FWBSettings::setLabelText(enum LabelColors c, const QString &s) +{ + setValue(QString(labelTextPath) + getLabelColorStr(c),s); +} + +QString FWBSettings::getSSHPath() +{ + return value(SSHPath).toString(); +} + +void FWBSettings::setSSHPath(const QString &path) +{ + setValue(SSHPath,path); +} + +void FWBSettings::getPrinterOptions(QPrinter *printer,int &pageWidth,int &pageHeight) +{ + printer->setPrinterName(getStr("PrintSetup/printerName")); + printer->setPrinterSelectionOption(getStr("PrintSetup/printerSelectionOption")); + printer->setOutputFileName(getStr("PrintSetup/outputFileName")); + printer->setOrientation(QPrinter::Orientation(getInt("PrintSetup/orientation"))); + printer->setPageSize(QPrinter::PageSize(getInt("PrintSetup/pageSize"))); + printer->setPageOrder(QPrinter::PageOrder(getInt("PrintSetup/pageOrder"))); +// int res = getInt("PrintSetup/resolution"); +// if (res>0) printer->setResolution(res); + printer->setColorMode(QPrinter::ColorMode(getInt("PrintSetup/colorMode"))); + printer->setFullPage(getBool("PrintSetup/fullPage")); +// printer->setFromTo(getInt("PrintSetup/fromPage"),getInt("PrintSetup/toPage")); +// printer->setNumCopies(getInt("PrintSetup/numCopies")); + + pageWidth = getInt("PrintSetup/pageWidth"); + pageHeight = getInt("PrintSetup/pageHeight"); +} + +void FWBSettings::setPrinterOptions(QPrinter *printer,int pageWidth,int pageHeight) +{ + setStr("PrintSetup/printerName",printer->printerName()); + setStr("PrintSetup/printerSelectionOption",printer->printerSelectionOption()); + setStr("PrintSetup/outputFileName",printer->outputFileName()); + setInt("PrintSetup/orientation",printer->orientation()); + setInt("PrintSetup/pageSize",printer->pageSize()); + setInt("PrintSetup/pageOrder",printer->pageOrder()); +// setInt("PrintSetup/resolution",printer->resolution()); + setInt("PrintSetup/colorMode",printer->colorMode()); + setBool("PrintSetup/fullPage",printer->fullPage()); +// setInt("PrintSetup/fromPage",printer->fromPage()); +// setInt("PrintSetup/toPage",printer->toPage()); +// setInt("PrintSetup/numCopies",printer->numCopies()); + + setInt("PrintSetup/pageWidth",pageWidth); + setInt("PrintSetup/pageHeight",pageHeight); +} + diff --git a/src/gui/FWBSettings.h b/src/gui/FWBSettings.h new file mode 100644 index 000000000..af9fe3988 --- /dev/null +++ b/src/gui/FWBSettings.h @@ -0,0 +1,140 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id$ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#ifndef __FWBSETTINGS_H_ +#define __FWBSETTINGS_H_ + +#include +#include +#include + +class QWidget; + +/* + * startup actions. I know, enum would be better, but QComboBox + * operates with integers and it is much simpler to just store item + * numbers in preferences. + */ +#define LoadStandardObjects 0 +#define LoadLastEditedFile 1 + +#define SETTINGS_PATH_PREFIX "/FirewallBuilder2_1" + +class FWBSettings : public QSettings { + + public: + + enum LabelColors { RED, ORANGE, YELLOW, GREEN, BLUE, PURPLE, GRAY }; + + private: + QString getLabelColorStr(enum LabelColors c); + + public: + + FWBSettings(); + + void init(); + void save(); + + QString getWDir(); + void setWDir( const QString &wd ); + + QString getOpenFileDir(); + void setOpenFileDir( const QString &d ); + + QString getSaveFileDir(); + void setSaveFileDir( const QString &d ); + + int getInfoStyle(); + void setInfoStyle(int s); + + QString getGroupViewMode(); + void setGroupViewMode(const QString &mode); + + QString getGroupViewColumns(); + void setGroupViewColumns(const QString &mode); + + int getStartupAction(); + void setStartupAction(int sa); + + int getExpandTree(); + void setExpandTree(int sa); + + int getMergeLibs(); + void setMergeLibs(int sa); + + bool getObjTooltips(); + void setObjTooltips(bool f); + + int getTooltipDelay(); + void setTooltipDelay(int v); + + QString getLastEdited(); + void setLastEdited(const QString &file); + + int getInfoWindowHeight(); + void setInfoWindowHeight(int h); + + bool getRCSLogState(); + void setRCSLogState(bool f); + + bool getAutoSave(); + void setAutoSave(bool f); + + bool getDontSaveStdLib(); + void setDontSaveStdLib( bool f); + + QString getStr(const QString &attribute); + void setStr(const QString &attribute, const QString &val); + + bool getBool(const QString &attribute); + void setBool(const QString &attribute, bool f ); + + int getInt(const QString &attribute); + void setInt(const QString &attribute, int v ); + + bool haveGeometry(QWidget *w); + void restoreGeometry(QWidget *w); + void restoreGeometry(QWidget *w, const QRect &defaultGeometry); + void saveGeometry(QWidget *w); + + bool haveScreenPosition(const QString &wname); + QPoint getScreenPosition(const QString &wname); + void saveScreenPosition(const QString &wname, const QPoint &p); + + QString getLabelColor(enum LabelColors c); + void setLabelColor(enum LabelColors c,const QString &s); + QString getLabelText(enum LabelColors c); + void setLabelText(enum LabelColors c, const QString &s); + + QString getSSHPath(); + void setSSHPath(const QString &path); + + void getPrinterOptions(QPrinter *printer,int &pageWidth,int &pageHeight); + void setPrinterOptions(QPrinter *printer,int pageWidth,int pageHeight); +}; + +#endif + diff --git a/src/gui/FWBTree.cpp b/src/gui/FWBTree.cpp new file mode 100644 index 000000000..1073c84e5 --- /dev/null +++ b/src/gui/FWBTree.cpp @@ -0,0 +1,474 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id$ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" + +#include +#include + +#include "FWBTree.h" + +#include "fwbuilder/FWObjectDatabase.h" + +#include "fwbuilder/Library.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Host.h" +#include "fwbuilder/Network.h" +#include "fwbuilder/IPv4.h" +#include "fwbuilder/DNSName.h" +#include "fwbuilder/AddressTable.h" +#include "fwbuilder/AddressRange.h" +#include "fwbuilder/ObjectGroup.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/CustomService.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/ServiceGroup.h" +#include "fwbuilder/Interval.h" +#include "fwbuilder/IntervalGroup.h" +#include + +#include +#include + +using namespace std; +using namespace libfwbuilder; + +FWBTree *FWBTree::standardObjectTreeFormat=NULL; + +const char* systemObjects[] = { + "Objects", + "Objects/Addresses", + "Objects/DNS Names", + "Objects/Address Tables", + "Objects/Address Ranges", + "Objects/Groups", + "Objects/Hosts", + "Objects/Networks", + + "Services", + "Services/Custom", + "Services/Groups", + "Services/IP", + "Services/ICMP", + "Services/TCP", + "Services/UDP", + "Services/TagServices", + + "Firewalls", + + "Time", + + NULL +}; + +map standardIDs; + +FWBTree::FWBTree() +{ + assert(standardObjectTreeFormat==NULL); + standardObjectTreeFormat=this; + + systemGroupPaths[Library::TYPENAME] = ""; + + systemGroupPaths[IPv4::TYPENAME] = "Objects/Addresses"; + systemGroupPaths[DNSName::TYPENAME] = "Objects/DNS Names"; + systemGroupPaths[AddressTable::TYPENAME] = "Objects/Address Tables"; + systemGroupPaths[AddressRange::TYPENAME] = "Objects/Address Ranges"; + systemGroupPaths[ObjectGroup::TYPENAME] = "Objects/Groups"; + systemGroupPaths[Host::TYPENAME] = "Objects/Hosts"; + systemGroupPaths[Network::TYPENAME] = "Objects/Networks"; + + systemGroupPaths[ServiceGroup::TYPENAME] = "Services/Groups"; + systemGroupPaths[CustomService::TYPENAME] = "Services/Custom"; + systemGroupPaths[IPService::TYPENAME] = "Services/IP"; + systemGroupPaths[ICMPService::TYPENAME] = "Services/ICMP"; + systemGroupPaths[TCPService::TYPENAME] = "Services/TCP"; + systemGroupPaths[UDPService::TYPENAME] = "Services/UDP"; + systemGroupPaths[TagService::TYPENAME] = "Services/TagServices"; + + systemGroupPaths[Firewall::TYPENAME] = "Firewalls"; + + systemGroupPaths[Interval::TYPENAME] = "Time"; + + + + systemGroupTypes[Firewall::TYPENAME]= ObjectGroup::TYPENAME; + systemGroupNames[Firewall::TYPENAME]= "Firewalls" ; + + systemGroupTypes[Host::TYPENAME]= ObjectGroup::TYPENAME; + systemGroupNames[Host::TYPENAME]= "Hosts" ; + + systemGroupTypes[Network::TYPENAME]= ObjectGroup::TYPENAME; + systemGroupNames[Network::TYPENAME]= "Networks" ; + + systemGroupTypes[IPv4::TYPENAME]= ObjectGroup::TYPENAME; + systemGroupNames[IPv4::TYPENAME]= "Addresses" ; + + systemGroupTypes[DNSName::TYPENAME]= ObjectGroup::TYPENAME; + systemGroupNames[DNSName::TYPENAME]= "DNS Names" ; + + systemGroupTypes[AddressTable::TYPENAME]= ObjectGroup::TYPENAME; + systemGroupNames[AddressTable::TYPENAME]= "Address Tables" ; + + systemGroupTypes[AddressRange::TYPENAME]= ObjectGroup::TYPENAME; + systemGroupNames[AddressRange::TYPENAME]= "Address Ranges" ; + + systemGroupTypes[ObjectGroup::TYPENAME]= ObjectGroup::TYPENAME; + systemGroupNames[ObjectGroup::TYPENAME]= "Groups" ; + + systemGroupTypes[CustomService::TYPENAME]= ServiceGroup::TYPENAME; + systemGroupNames[CustomService::TYPENAME]= "Custom"; + + systemGroupTypes[IPService::TYPENAME]= ServiceGroup::TYPENAME; + systemGroupNames[IPService::TYPENAME]= "IP" ; + + systemGroupTypes[ICMPService::TYPENAME]= ServiceGroup::TYPENAME; + systemGroupNames[ICMPService::TYPENAME]= "ICMP" ; + + systemGroupTypes[TCPService::TYPENAME]= ServiceGroup::TYPENAME; + systemGroupNames[TCPService::TYPENAME]= "TCP" ; + + systemGroupTypes[UDPService::TYPENAME]= ServiceGroup::TYPENAME; + systemGroupNames[UDPService::TYPENAME]= "UDP" ; + + systemGroupTypes[TagService::TYPENAME]= ServiceGroup::TYPENAME; + systemGroupNames[TagService::TYPENAME]= "TagService" ; + + systemGroupTypes[ServiceGroup::TYPENAME]= ServiceGroup::TYPENAME; + systemGroupNames[ServiceGroup::TYPENAME]= "Groups" ; + + systemGroupTypes[Interval::TYPENAME]= IntervalGroup::TYPENAME; + systemGroupNames[Interval::TYPENAME]= "Time" ; + + systemGroupTypes[Interface::TYPENAME]= ""; + systemGroupNames[Interface::TYPENAME]= ""; + + systemGroupTypes[Library::TYPENAME]= FWObjectDatabase::TYPENAME; + systemGroupNames[Library::TYPENAME]= "FWObjectDatabase"; + + standardIDs["syslib000"]=true; + standardIDs["syslib001"]=true; + + standardIDs["sysid0"] =true; + standardIDs["sysid1"] =true; + standardIDs["sysid2"] =true; + standardIDs["sysid99"] =true; + + standardIDs["stdid01"] =true; + standardIDs["stdid01_1"]=true; + standardIDs["stdid02"] =true; + standardIDs["stdid02_1"]=true; + standardIDs["stdid03"] =true; + standardIDs["stdid03_1"]=true; + standardIDs["stdid04"] =true; + standardIDs["stdid04_1"]=true; + standardIDs["stdid05"] =true; + standardIDs["stdid05_1"]=true; + standardIDs["stdid06"] =true; + standardIDs["stdid06_1"]=true; + standardIDs["stdid07"] =true; + standardIDs["stdid07_1"]=true; + standardIDs["stdid08"] =true; + standardIDs["stdid08_1"]=true; + standardIDs["stdid09"] =true; + standardIDs["stdid09_1"]=true; + standardIDs["stdid10"] =true; + standardIDs["stdid10_1"]=true; + standardIDs["stdid11"] =true; + standardIDs["stdid11_1"]=true; + standardIDs["stdid12"] =true; + standardIDs["stdid12_1"]=true; + standardIDs["stdid13"] =true; + standardIDs["stdid13_1"]=true; + standardIDs["stdid14"] =true; + standardIDs["stdid14_1"]=true; + standardIDs["stdid15"] =true; + standardIDs["stdid15_1"]=true; + standardIDs["stdid16"] =true; + standardIDs["stdid16_1"]=true; + standardIDs["stdid17"] =true; + standardIDs["stdid17_1"]=true; + standardIDs["stdid18"] =true; + standardIDs["stdid18_1"]=true; + standardIDs["stdid19"] =true; + standardIDs["stdid19_1"]=true; + + + copyMenuState[""] = false; + copyMenuState["Firewalls"] = false; + copyMenuState["Objects"] = false; + copyMenuState["Objects/Addresses"] = false; + copyMenuState["Objects/DNS Names"] = false; + copyMenuState["Objects/Address Tables"] = false; + copyMenuState["Objects/Address Ranges"] = false; + copyMenuState["Objects/Groups"] = false; + copyMenuState["Objects/Hosts"] = false; + copyMenuState["Objects/Networks"] = false; + copyMenuState["Services"] = false; + copyMenuState["Services/Custom"] = false; + copyMenuState["Services/Groups"] = false; + copyMenuState["Services/ICMP"] = false; + copyMenuState["Services/IP"] = false; + copyMenuState["Services/TCP"] = false; + copyMenuState["Services/UDP"] = false; + copyMenuState["Services/TagServices"] = false; + copyMenuState["Time"] = false; + + cutMenuState[""] = true; + cutMenuState["Firewalls"] = false; + cutMenuState["Objects"] = false; + cutMenuState["Objects/Addresses"] = false; + cutMenuState["Objects/DNS Names"] = false; + cutMenuState["Objects/Address Tables"] = false; + cutMenuState["Objects/Address Ranges"] = false; + cutMenuState["Objects/Groups"] = false; + cutMenuState["Objects/Hosts"] = false; + cutMenuState["Objects/Networks"] = false; + cutMenuState["Services"] = false; + cutMenuState["Services/Custom"] = false; + cutMenuState["Services/Groups"] = false; + cutMenuState["Services/ICMP"] = false; + cutMenuState["Services/IP"] = false; + cutMenuState["Services/TCP"] = false; + cutMenuState["Services/UDP"] = false; + cutMenuState["Services/TagServices"] = false; + cutMenuState["Time"] = false; + + pasteMenuState[""] = false; + pasteMenuState["Firewalls"] = true; + pasteMenuState["Objects"] = false; + pasteMenuState["Objects/Addresses"] = true; + pasteMenuState["Objects/DNS Names"] = true; + pasteMenuState["Objects/Address Tables"] = true; + pasteMenuState["Objects/Address Ranges"] = true; + pasteMenuState["Objects/Groups"] = true; + pasteMenuState["Objects/Hosts"] = true; + pasteMenuState["Objects/Networks"] = true; + pasteMenuState["Services"] = false; + pasteMenuState["Services/Custom"] = true; + pasteMenuState["Services/Groups"] = true; + pasteMenuState["Services/ICMP"] = true; + pasteMenuState["Services/IP"] = true; + pasteMenuState["Services/TCP"] = true; + pasteMenuState["Services/UDP"] = true; + pasteMenuState["Services/TagServices"] = true; + pasteMenuState["Time"] = true; + + deleteMenuState[""] = true; + deleteMenuState["Firewalls"] = false; + deleteMenuState["Objects"] = false; + deleteMenuState["Objects/Addresses"] = false; + deleteMenuState["Objects/DNS Names"] = false; + deleteMenuState["Objects/Address Tables"] = false; + deleteMenuState["Objects/Address Ranges"] = false; + deleteMenuState["Objects/Groups"] = false; + deleteMenuState["Objects/Hosts"] = false; + deleteMenuState["Objects/Networks"] = false; + deleteMenuState["Services"] = false; + deleteMenuState["Services/Custom"] = false; + deleteMenuState["Services/Groups"] = false; + deleteMenuState["Services/ICMP"] = false; + deleteMenuState["Services/IP"] = false; + deleteMenuState["Services/TCP"] = false; + deleteMenuState["Services/UDP"] = false; + deleteMenuState["Services/TagServices"] = false; + deleteMenuState["Time"] = false; + +} + +/** + * returns true if object 'obj' is a system group. System groups are + * those that hold other objects. Unlike user-defined groups, system + * groups always contain only objects themselves and never contain + * references to objects. User-defined groups, on the other hand, + * always contain only references to objects. + * + */ +bool FWBTree::isSystem(FWObject *obj) +{ + if (Library::isA(obj)) + return (obj->getId()==STANDARD_LIB || obj->getId()==DELETED_LIB); + + if (FWObjectDatabase::isA(obj)) return true; + + string path=obj->getPath(true); // relative path + + for (const char **cptr=systemObjects; *cptr!=NULL; cptr++) + if (path== *cptr) return true; + + + return false; +} + +bool FWBTree::isStandardId(FWObject *obj) +{ + return standardIDs[ obj->getId() ]; +} + +bool FWBTree::validateForInsertion(FWObject *target,FWObject *obj) +{ + if (fwbdebug) qDebug("FWBTree::validateForInsertion target %s obj %s", + target->getTypeName().c_str(), + obj->getTypeName().c_str()); + + if (Host::isA(target) && Interface::isA(obj)) return true; + if (Firewall::isA(target) && Interface::isA(obj)) return true; + if (Interface::isA(target) && IPv4::isA(obj)) return true; + if (Interface::isA(target) && physAddress::isA(obj)) return true; + + QString parentType = standardObjectTreeFormat->systemGroupTypes[obj->getTypeName().c_str()]; + QString parentName = standardObjectTreeFormat->systemGroupNames[obj->getTypeName().c_str()]; + +/* parentType or/and parentName are going to be empty if information + * about object obj is missing in systemGroupTypes/Names tables + */ + if (parentType.isEmpty() || parentName.isEmpty()) return false; + + if (target->getTypeName() == string(parentType.toLatin1()) && + target->getName() == string(parentName.toLatin1()) ) + return true; + + return false; +} + +void FWBTree::getStandardSlotForObject(const QString &objType, + QString &parentType, + QString &parentName) +{ + parentType = standardObjectTreeFormat->systemGroupTypes[objType]; + parentName = standardObjectTreeFormat->systemGroupNames[objType]; +} + +/** + * this method finds standard system folder for an object of a given + * type in a given library. This method implemented our standard tree + * structure (the one that is created in the method createNewLibrary) + */ +FWObject* FWBTree::getStandardSlotForObject(FWObject* lib,const QString &objType) +{ + QString path = standardObjectTreeFormat->systemGroupPaths[objType]; + + if (path.isEmpty()) return lib; + + QString level1 = path.section('/',0,0); + QString level2 = path.section('/',1,1); + + FWObject::iterator i=std::find_if(lib->begin(),lib->end(), + FWObjectNameEQPredicate(static_cast(level1.toAscii()))); + if (i==lib->end()) return NULL; + FWObject *l1obj = *i; + if (level2.isEmpty()) return l1obj; + + i=std::find_if(l1obj->begin(),l1obj->end(), + FWObjectNameEQPredicate(static_cast(level2.toAscii()))); + if (i==l1obj->end()) return NULL; + return (*i); +} + +FWObject* FWBTree::createNewLibrary(FWObjectDatabase *db) +{ + + FWObject *nlib = db->create(Library::TYPENAME); + db->add(nlib); + nlib->setName( string(QObject::tr("New Library").toUtf8()) ); + + FWObject *o1 = db->create(ObjectGroup::TYPENAME); + o1->setName("Objects"); + nlib->add(o1); + + FWObject *o2 = db->create(ObjectGroup::TYPENAME); + o2->setName("Addresses"); + o1->add(o2); + + o2 = db->create(ObjectGroup::TYPENAME); + o2->setName("DNS Names"); + o1->add(o2); + + o2 = db->create(ObjectGroup::TYPENAME); + o2->setName("Address Tables"); + o1->add(o2); + + o2 = db->create(ObjectGroup::TYPENAME); + o2->setName("Groups"); + o1->add(o2); + + o2 = db->create(ObjectGroup::TYPENAME); + o2->setName("Hosts"); + o1->add(o2); + + o2 = db->create(ObjectGroup::TYPENAME); + o2->setName("Networks"); + o1->add(o2); + + o2 = db->create(ObjectGroup::TYPENAME); + o2->setName("Address Ranges"); + o1->add(o2); + + o1 = db->create(ServiceGroup::TYPENAME); + o1->setName("Services"); + nlib->add(o1); + + o2 = db->create(ServiceGroup::TYPENAME); + o2->setName("Groups"); + o1->add(o2); + + o2 = db->create(ServiceGroup::TYPENAME); + o2->setName("ICMP"); + o1->add(o2); + + o2 = db->create(ServiceGroup::TYPENAME); + o2->setName("IP"); + o1->add(o2); + + o2 = db->create(ServiceGroup::TYPENAME); + o2->setName("TCP"); + o1->add(o2); + + o2 = db->create(ServiceGroup::TYPENAME); + o2->setName("UDP"); + o1->add(o2); + + o2 = db->create(ServiceGroup::TYPENAME); + o2->setName("Custom"); + o1->add(o2); + + o2 = db->create(ServiceGroup::TYPENAME); + o2->setName("TagServices"); + o1->add(o2); + + o1 = db->create(ObjectGroup::TYPENAME); + o1->setName("Firewalls"); + nlib->add(o1); + + o1 = db->create(IntervalGroup::TYPENAME); + o1->setName("Time"); + nlib->add(o1); + + return nlib; +} diff --git a/src/gui/FWBTree.h b/src/gui/FWBTree.h new file mode 100644 index 000000000..44ad75c6e --- /dev/null +++ b/src/gui/FWBTree.h @@ -0,0 +1,95 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id$ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include + +#include + +namespace libfwbuilder { + class FWObject; + class FWObjectDatabase; +}; + +class FWBTree { + + std::map systemGroupTypes; + std::map systemGroupNames; + std::map systemGroupPaths; + std::map copyMenuState; + std::map cutMenuState; + std::map pasteMenuState; + std::map deleteMenuState; + + public: + + FWBTree(); + + static bool isSystem(libfwbuilder::FWObject *obj); + static bool isStandardId(libfwbuilder::FWObject *obj); + + static bool validateForInsertion(libfwbuilder::FWObject *target,libfwbuilder::FWObject *obj); + + /** + * returns boolean value that defines whether menu item "Copy" + * should be enabled when object with a path objPath is selected + * in the tree. By default menu items are enabled, so this method + * returns True if object path is unknown. + */ + static bool getCopyMenuState(const QString &objPath) { + if (standardObjectTreeFormat->copyMenuState.count(objPath)!=0) + return standardObjectTreeFormat->copyMenuState[objPath]; + else + return true; + } + static bool getCutMenuState(const QString &objPath) { + if (standardObjectTreeFormat->cutMenuState.count(objPath)!=0) + return standardObjectTreeFormat->cutMenuState[objPath]; + else + return true; + } + static bool getPasteMenuState(const QString &objPath) { + if (standardObjectTreeFormat->pasteMenuState.count(objPath)!=0) + return standardObjectTreeFormat->pasteMenuState[objPath]; + else + return true; + } + static bool getDeleteMenuState(const QString &objPath) { + if (standardObjectTreeFormat->deleteMenuState.count(objPath)!=0) + return standardObjectTreeFormat->deleteMenuState[objPath]; + else + return true; + } + + static void getStandardSlotForObject(const QString &objType, + QString &parentType, + QString &parentName); + static libfwbuilder::FWObject* getStandardSlotForObject(libfwbuilder::FWObject* lib, + const QString &objType); + static libfwbuilder::FWObject* createNewLibrary(libfwbuilder::FWObjectDatabase *db); + + static FWBTree *standardObjectTreeFormat; + +}; + diff --git a/src/gui/FWObjectClipboard.cpp b/src/gui/FWObjectClipboard.cpp new file mode 100644 index 000000000..0287fe7b8 --- /dev/null +++ b/src/gui/FWObjectClipboard.cpp @@ -0,0 +1,84 @@ +/* + + Firewall Builder + + Copyright (C) 2000-2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id$ + + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#include "config.h" +#include "global.h" + +#include "fwbuilder/FWReference.h" +#include "fwbuilder/FWObjectDatabase.h" + +#include "FWObjectClipboard.h" +#include "FWWindow.h" + + +using namespace std; +using namespace libfwbuilder; + +FWObjectClipboard* FWObjectClipboard::obj_clipboard=NULL; + +FWObjectClipboard::FWObjectClipboard() +{ + assert(obj_clipboard==NULL); + obj_clipboard=this; +} + +FWObjectClipboard::~FWObjectClipboard() +{ + clear(); + obj_clipboard=NULL; +} + +void FWObjectClipboard::clear() +{ + for (vector::iterator i=ids.begin(); i!=ids.end(); ++i) + { + FWObject *obj= mw->db()->findInIndex(*i); + if (obj) obj->unref(); + } + ids.clear(); +} + +void FWObjectClipboard::add(FWObject *_obj) +{ + if (fwbdebug) + { + qDebug("FWObjectClipboard::add adding _obj=%p (id=%s)", + _obj,_obj->getId().c_str()); + } + + _obj->ref(); + ids.push_back(_obj->getId()); +} + +FWObject* FWObjectClipboard::getObject() +{ + if (ids.size()>0) + return mw->db()->findInIndex( ids.back() ); + else + return NULL; +} + diff --git a/src/gui/FWObjectClipboard.h b/src/gui/FWObjectClipboard.h new file mode 100644 index 000000000..1ee963e25 --- /dev/null +++ b/src/gui/FWObjectClipboard.h @@ -0,0 +1,72 @@ +/* + + Firewall Builder + + Copyright (C) 2000-2006 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id$ + + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + + +#ifndef _FWOBJECT_CLIPBOARD_H +#define _FWOBJECT_CLIPBOARD_H + +#include +#include + +class libfwbuilder::FWObject; + +class FWObjectClipboard { + + std::vector ids; + +public: + + FWObjectClipboard(); + ~FWObjectClipboard(); + + /** + * adds an object to the clipboard + */ + void add(libfwbuilder::FWObject*); + + /** + * returns the last added object + */ + libfwbuilder::FWObject* getObject(); + + /** + * clear the clipboard + */ + void clear(); + + std::vector::iterator begin() { return ids.begin(); } + std::vector::iterator end() { return ids.end(); } + std::vector::reverse_iterator rbegin() { return ids.rbegin(); } + std::vector::reverse_iterator rend() { return ids.rend(); } + int size() { return ids.size(); } + + static FWObjectClipboard *obj_clipboard; +}; + + +#endif + diff --git a/src/gui/FWObjectDrag.cpp b/src/gui/FWObjectDrag.cpp new file mode 100644 index 000000000..588850647 --- /dev/null +++ b/src/gui/FWObjectDrag.cpp @@ -0,0 +1,121 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: FWObjectDrag.cpp,v 1.5 2004/07/06 05:11:58 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" + +#include + +#include +//Added by qt3to4: +#include + +using namespace std; +using namespace libfwbuilder; + + + +/***************************************************************************** + * + * Class FWObjectDrag + * + *****************************************************************************/ + +QString FWObjectDrag::FWB_MIME_TYPE="x-fwobject/pointer"; + +FWObjectDrag::FWObjectDrag(list ol, + QWidget *dragSource, + const char* /*name*/) + : QDrag( dragSource ) +{ + objlist=ol; + QMimeData *mime = new QMimeData; + mime->setData(FWB_MIME_TYPE, encodedData()); + setMimeData(mime); +} + +FWObjectDrag::~FWObjectDrag() +{ +} + +QByteArray FWObjectDrag::encodedData() const +{ + QByteArray a; + + //if (QString(mime)==FWB_MIME_TYPE) + + QDataStream stream(&a, QIODevice::WriteOnly); + + int n = objlist.size(); + stream << n; + for (list::const_iterator i=objlist.begin(); i!=objlist.end(); ++i) + { + FWObject *o = *i; + stream.writeRawData( (const char*)(&o) , sizeof(FWObject*) ); + } + +#if 0 + a.resize( sizeof(FWObject*) * objlist.size() + sizeof(int) ); + void *dst = a.data(); + int n = objlist.size(); + memcpy( dst, &n, sizeof(int) ); + dst += sizeof(int); + for (list::iterator i=objlist.begin(); i!=objlist.end(); ++i) + { + FWObject *o = *i; + memcpy( dst, &o, sizeof(FWObject*) ); + dst += sizeof(FWObject*); + } +#endif + + return a; +} + +bool FWObjectDrag::decode( QDropEvent *ev, list &ol) +{ + QByteArray rawdata = ev->encodedData( static_cast(FWB_MIME_TYPE.toLatin1()) ); + + ol.clear(); + QDataStream stream(&rawdata, QIODevice::ReadOnly); + + int n = 0; + stream >> n; + + for (int i=0; iaccept(); + return true; +} + +Qt::DropAction FWObjectDrag::start(Qt::DropActions action) +{ + if (fwbdebug) qDebug("FWObjectDrag::start"/*, action*/); + return QDrag::start(action); +} diff --git a/src/gui/FWObjectDrag.h b/src/gui/FWObjectDrag.h new file mode 100644 index 000000000..d5ffe3f9c --- /dev/null +++ b/src/gui/FWObjectDrag.h @@ -0,0 +1,68 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: FWObjectDrag.h,v 1.5 2004/07/06 05:11:58 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __FWOBJECTDRAG_H_ +#define __FWOBJECTDRAG_H_ + +//#include +//Added by qt3to4: +#include +#include +#include +#include + +namespace libfwbuilder { + class FWObject; +}; + +/***************************************************************************** + * + * Class FWObjectDrag + * + *****************************************************************************/ + +class FWObjectDrag : public QDrag { + +private: + + std::list objlist; + +public: + + static QString FWB_MIME_TYPE; + + FWObjectDrag(std::list ol, + QWidget *dragSource = 0, const char* name = 0); + ~FWObjectDrag(); + + virtual Qt::DropAction start(Qt::DropActions action = Qt::CopyAction); + + QByteArray encodedData() const; + static bool decode( QDropEvent *ev, std::list &ol); +}; + +#endif + diff --git a/src/gui/FWObjectDropArea.cpp b/src/gui/FWObjectDropArea.cpp new file mode 100644 index 000000000..a5b8666b6 --- /dev/null +++ b/src/gui/FWObjectDropArea.cpp @@ -0,0 +1,199 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Illiya Yalovoy + + $Id: FWObjectDropArea.cpp,v 1.3 2006/10/22 04:39:36 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "utils.h" +#include "platforms.h" +#include "definitions.h" + +#include "FWObjectDropArea.h" +#include "FWObjectDrag.h" +#include "FWObjectClipboard.h" +#include "FWWindow.h" + +#include "fwbuilder/Resources.h" + +#include +#include +#include +#include +#include +#include +//Added by qt3to4: +#include +#include +#include +#include + +#include +#include + +using namespace std; +using namespace libfwbuilder; + +FWObjectDropArea::~FWObjectDropArea() +{ + delete m_objectDropArea; +} + +FWObjectDropArea::FWObjectDropArea(QWidget*p, const char * n, Qt::WFlags f): + QWidget(p) +{ + setObjectName( QString(n) ); + setWindowFlags( f ); + m_objectDropArea = new Ui::FWObjectDropArea_q; + m_objectDropArea->setupUi(this); + object=NULL; + +} +void FWObjectDropArea::paintEvent(QPaintEvent *ev) +{ + int w=width(); + int h=height(); + + QPainter p(this); + + QPixmap bufferpixmap; + bufferpixmap = QPixmap( w , h ); + bufferpixmap.fill( Qt::white ); + QPainter tp( &bufferpixmap ); + + tp.setBrush(Qt::black); + tp.drawLine(0,0,w-1,0); + tp.drawLine(w-1,0,w-1,h-1); + tp.drawLine(w-1,h-1,0,h-1); + tp.drawLine(0,h-1,0,0); + tp.fillRect(1, 1, w-2, h-2, Qt::white); + + if (object!=NULL) + { + + QPixmap pm; + QString icn_file = (":/Icons/"+object->getTypeName()+"/icon-tree").c_str(); + + if ( ! QPixmapCache::find( icn_file, pm) ) + { + pm.load( icn_file ); + QPixmapCache::insert( icn_file, pm); + } + + tp.drawPixmap( ((w-pm.width())/2), (h/2)-(2+pm.height()) , pm ); + + QString t=QString::fromUtf8(object->getName().c_str()); + + int t_x=2; + int t_y=2+h/2; + int t_w=w-4; + int t_h=h/2-4; + + tp.drawText( t_x, t_y , t_w, t_h , + Qt::AlignHCenter|Qt::AlignTop|Qt::TextWordWrap, t ); + } + else + { + QString t=tr("Drop object here."); + + int t_x=2; + int t_y=2; + int t_w=w-4; + int t_h=h-4; + + tp.drawText( t_x, t_y , t_w, t_h , + Qt::AlignHCenter|Qt::AlignVCenter|Qt::TextWordWrap, t ); + + + } + tp.end(); + p.drawPixmap( 0, 0, bufferpixmap ); + +} +void FWObjectDropArea::insertObject(libfwbuilder::FWObject *o) +{ + if (object!=o) + { + object=o; + update(); + emit objectInserted(); + } +} + +void FWObjectDropArea::deleteObject() +{ + object=NULL; + update(); + emit objectDeleted(); +} + +void FWObjectDropArea::contextMenuEvent (QContextMenuEvent * e) +{ + QMenu *popup; + + popup=new QMenu(this); + QAction *psAct = popup->addAction( tr("Paste") , this , SLOT( pasteObject( )) ); + popup->addSeparator(); + QAction *dlAct = popup->addAction( tr("Delete") , this , SLOT( deleteObject( )) ); + + dlAct->setEnabled(object!=NULL); + psAct->setEnabled(FWObjectClipboard::obj_clipboard->size()>0); + + popup->exec(e->globalPos ()); + delete popup; +} + +void FWObjectDropArea::dropEvent( QDropEvent *ev) +{ + if (fwbdebug) + { + qDebug("FWObjectDropArea::dropEvent drop event mode=%d", ev->dropAction()); + qDebug(" src widget = %p", ev->source()); + } + + list dragol; + if (FWObjectDrag::decode(ev, dragol)) + { + if (dragol.size()>0) + { + insertObject(dragol.front()); + } + } +} + +void FWObjectDropArea::dragEnterEvent( QDragEnterEvent *ev) +{ + ev->setAccepted( ev->mimeData()->hasFormat(FWObjectDrag::FWB_MIME_TYPE) ); +} + +void FWObjectDropArea::pasteObject() +{ + vector::iterator i; + for( i= FWObjectClipboard::obj_clipboard->begin(); + i!=FWObjectClipboard::obj_clipboard->end(); ++i) + { + FWObject *co= mw->db()->findInIndex(*i); + insertObject(co); + } + +} diff --git a/src/gui/FWObjectDropArea.h b/src/gui/FWObjectDropArea.h new file mode 100644 index 000000000..63d9931ad --- /dev/null +++ b/src/gui/FWObjectDropArea.h @@ -0,0 +1,78 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Illiya Yalovoy + + $Id: FWObjectDropArea.h,v 1.2 2006/10/22 04:39:36 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __FWOBJECTDROPAREA_H_ +#define __FWOBJECTDROPAREA_H_ + +#include "config.h" +#include + +#include "fwbuilder/FWObject.h" +#include +#include +#include +#include +#include +#include + +class QWidget; +class QPixmap; +class QMenu; +class QContextMenuEvent; +class QDropEvent; +class QDragEnterEvent; + +class FWObjectDropArea : public QWidget//Ui::FWObjectDropArea_q +{ + Q_OBJECT + private: + libfwbuilder::FWObject *object; + protected: + void paintEvent(QPaintEvent *ev); + void contextMenuEvent (QContextMenuEvent * e); + void dropEvent( QDropEvent *ev); + void dragEnterEvent( QDragEnterEvent *ev); + + public: + Ui::FWObjectDropArea_q *m_objectDropArea; + FWObjectDropArea(QWidget*p, const char * n = 0, Qt::WFlags f = 0); + ~FWObjectDropArea(); + libfwbuilder::FWObject * getObject(){return object;}; + + bool isEmpty() {return object==NULL;}; + +public slots: + void insertObject(libfwbuilder::FWObject *o); + void deleteObject(); + void pasteObject(); + + signals: + void objectDeleted(); + void objectInserted(); + +}; + +#endif diff --git a/src/gui/FWObjectPropertiesFactory.cpp b/src/gui/FWObjectPropertiesFactory.cpp new file mode 100644 index 000000000..29d564301 --- /dev/null +++ b/src/gui/FWObjectPropertiesFactory.cpp @@ -0,0 +1,831 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id$ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "utils_no_qt.h" +#include "utils.h" +#include "definitions.h" + +#include +#include +#include +#include + +#include "FWObjectPropertiesFactory.h" +#include "platforms.h" + +#include "fwbuilder/FWException.h" + +#include "fwbuilder/Library.h" +#include "fwbuilder/Group.h" + +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Host.h" +#include "fwbuilder/Network.h" +#include "fwbuilder/IPv4.h" +#include "fwbuilder/physAddress.h" +#include "fwbuilder/DNSName.h" +#include "fwbuilder/AddressTable.h" +#include "fwbuilder/AddressRange.h" +#include "fwbuilder/ObjectGroup.h" +#include "fwbuilder/Rule.h" +#include "fwbuilder/Policy.h" + +#include "fwbuilder/FWReference.h" +#include "fwbuilder/Interface.h" + +#include "fwbuilder/CustomService.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/TagService.h" + +#include "fwbuilder/Interval.h" + +#include "fwbuilder/Resources.h" + +#include +#include +#include + + +using namespace std; +using namespace libfwbuilder; + +/* + * API methods return STL string, so it is easier to use STL class + * ostringstream to assemble text and then convert it to QString + * rather than convert piece by piece. + */ +QString FWObjectPropertiesFactory::getObjectProperties(FWObject *obj) +{ + QString res; + QTextStream str(&res, QIODevice::WriteOnly); + + try { + + if (IPv4::isA(obj)) + { + str << Address::cast(obj)->getAddress().toString().c_str(); + str << "/"; + str << Address::cast(obj)->getNetmask().toString().c_str(); + + } else if (physAddress::isA(obj)) + { + str << physAddress::cast(obj)->getPhysAddress().c_str(); + } else if (DNSName::isA(obj)) + { + str << QObject::tr("DNS record: ") + << DNSName::cast(obj)->getSourceName().c_str(); + } else if (AddressTable::isA(obj)) + { + str << QObject::tr("Address Table: ") + << AddressTable::cast(obj)->getSourceName().c_str(); + } else if (AddressRange::isA(obj)) + { + AddressRange *ar=AddressRange::cast(obj); + str << ar->getRangeStart().toString().c_str(); + str << " - "; + str << ar->getRangeEnd().toString().c_str(); + } else if (Firewall::isA(obj)) + { + QString platform = obj->getStr("platform").c_str(); + QString version = obj->getStr("version").c_str(); + QString readableVersion = getVersionString(platform,version); + QString hostOS = obj->getStr("host_OS").c_str(); + + QDateTime dt; + time_t t; + + t=obj->getInt("lastModified");dt.setTime_t(t); + QString t_modified = (t)? dt.toString():"-"; + + t=obj->getInt("lastCompiled");dt.setTime_t(t); + QString t_compiled = (t)? dt.toString():"-"; + + t=obj->getInt("lastInstalled");dt.setTime_t(t); + QString t_installed = (t)? dt.toString():"-"; + + str << platform << "(" << readableVersion << ") / " << hostOS; + + } else if (Host::isA(obj)) + { + str << Address::cast(obj)->getAddress().toString().c_str(); + + FWObject *co=obj->getFirstByType("Interface"); + if (co!=NULL) + { + physAddress *paddr=(Interface::cast(co))->getPhysicalAddress(); + if (paddr!=NULL) + str << " " << paddr->getPhysAddress().c_str(); + } + + } else if (Network::isA(obj)) + { + Network *n=Network::cast(obj); + str << n->getAddress().toString().c_str(); + str << "/"; + str << n->getNetmask().toString().c_str(); + + } else if (Group::cast(obj)!=NULL) // just any group + { + Group *g=Group::cast(obj); + str << g->size() << " " << QObject::tr(" objects"); + + } else if (Firewall::isA(obj)) + { + + } else if (Interface::isA(obj)) + { + physAddress *paddr=(Interface::cast(obj))->getPhysicalAddress(); + if (paddr!=NULL) + { + str << " "; + str << paddr->getPhysAddress().c_str(); + } + + } else if (IPService::isA(obj)) + { + str << QObject::tr("protocol: %1").arg(obj->getStr("protocol_num").c_str()); + + } else if (ICMPService::isA(obj)) + { + str << QObject::tr("type: %1").arg(obj->getStr("type").c_str()) + << " " + << QObject::tr("code: %1").arg(obj->getStr("code").c_str()); + + } else if (TCPService::isA(obj) || UDPService::isA(obj)) + { + int sps,spe,dps,dpe; + + sps=obj->getInt("src_range_start"); + spe=obj->getInt("src_range_end"); + dps=obj->getInt("dst_range_start"); + dpe=obj->getInt("dst_range_end"); + + str << sps << ":" << spe << " / "; + str << dps << ":" << dpe; + } else if (TagService::isA(obj)) + { + str << "Pattern: \"" << obj->getStr("tagcode").c_str() << "\"" ; + } else if (Interval::isA(obj)) + { + + } + } catch (FWException &ex) + { + cerr << ex.toString() << endl; + } + + return res; +} + + +QString FWObjectPropertiesFactory::stripHTML(const QString &str) +{ + // note that str may contain multiple lines + // separated by
    and/or '\n' + + QRegExp htmltag1 = QRegExp("<[^>]+>"); + QRegExp htmltag2 = QRegExp("]+>"); + QRegExp htmltd = QRegExp("

    "); + + QString res = str; + res = res.replace(htmltd,": "); + res = res.remove(htmltag1); + res = res.remove(htmltag2); + return res; +} + + +QString FWObjectPropertiesFactory::getObjectPropertiesDetailed(FWObject *obj, + bool showPath, + bool tooltip, + bool accentName, + bool richText) +{ + QString str; + + QString path = obj->getPath().c_str(); + path = path.section('/',2,-1); + + if (showPath) + { + str += QObject::tr("Library: "); + str += QString::fromUtf8(obj->getLibrary()->getName().c_str()) + "
    \n"; + + if (!tooltip) + { + str += QObject::tr("Object Id: "); + str += QString(obj->getId().c_str()) + "
    \n"; + } + } + + str += QObject::tr("Object Type: "); + string d = Resources::global_res->getObjResourceStr(obj,"description"); + str += QString(d.c_str()) + "
    \n"; + + str += QObject::tr("Object Name: "); + if (accentName) str += ""; + str += QString::fromUtf8(obj->getName().c_str()); + if (accentName) str += ""; + str += "
    \n"; + + try { + + if (IPv4::isA(obj)) + { + if (showPath && !tooltip) str += "Path: " + path + "
    \n"; + str += Address::cast(obj)->getAddress().toString().c_str(); + str += "/"; + str += Address::cast(obj)->getNetmask().toString().c_str(); + + } else if (physAddress::isA(obj)) + { + if (showPath && !tooltip) str += "Path: " + path + "
    \n"; + str += physAddress::cast(obj)->getPhysAddress().c_str(); + } else if (DNSName::isA(obj)) + { + if (showPath && !tooltip) str += "Path: " + path + "
    \n"; + str += QObject::tr("DNS record:"); + str += MultiAddress::cast(obj)->getSourceName().c_str(); + str += "
    \n"; + str += (MultiAddress::cast(obj)->isRunTime())?QObject::tr("Run-time"):QObject::tr("Compile-time"); + + } else if (AddressTable::isA(obj)) + { + if (showPath && !tooltip) str += "Path: " + path + "
    \n"; + str += QObject::tr("Table file:"); + str += MultiAddress::cast(obj)->getSourceName().c_str(); + str += "
    \n"; + str += (MultiAddress::cast(obj)->isRunTime())?QObject::tr("Run-time"):QObject::tr("Compile-time"); + + } else if (AddressRange::isA(obj)) + { + if (showPath && !tooltip) str += "Path: " + path + "
    \n"; + AddressRange *ar=AddressRange::cast(obj); + str += ar->getRangeStart().toString().c_str(); + str += " - "; + str += ar->getRangeEnd().toString().c_str(); + } else if (Host::isA(obj)) + { + if (showPath && !tooltip) str += "Path: " + path + "
    \n"; + + str += Address::cast(obj)->getAddress().toString().c_str() ; + + FWObject *co=obj->getFirstByType("Interface"); + if (co!=NULL) + { + physAddress *paddr=(Interface::cast(co))->getPhysicalAddress(); + if (paddr!=NULL) + str += QString(" ") + paddr->getPhysAddress().c_str() ; + } + + } else if (Network::isA(obj)) + { + if (showPath && !tooltip) str += "Path: " + path + "
    \n"; + Network *n=Network::cast(obj); + str += n->getAddress().toString().c_str(); + str += "/"; + str += n->getNetmask().toString().c_str(); + + } else if (Group::cast(obj)!=NULL) // just any group + { + if (showPath && !tooltip) str += "Path: " + path + "
    \n"; + Group *g=Group::cast(obj); + str += QObject::tr("%1 objects
    \n").arg(g->size()); + int n = 0; + list ll = *g; + ll.sort(FWObjectNameCmpPredicate()); + + for (FWObject::iterator i=ll.begin(); i!=ll.end(); ++i,++n) + { + if (n>20) // arbitrary number + { + str += "       . . . "; + break; + } else + { + FWObject *o1=*i; + if (FWReference::cast(o1)!=NULL) + o1=FWReference::cast(o1)->getPointer(); + str += QString(o1->getTypeName().c_str()) + + " " + QString::fromUtf8(o1->getName().c_str()) + "
    \n"; + } + } + } else if (Firewall::isA(obj)) + { + QString platform = obj->getStr("platform").c_str(); + QString version = obj->getStr("version").c_str(); + QString readableVersion = getVersionString(platform,version); + QString hostOS = obj->getStr("host_OS").c_str(); + + QDateTime dt; + time_t lm=obj->getInt("lastModified"); + time_t lc=obj->getInt("lastCompiled"); + time_t li=obj->getInt("lastInstalled"); + + dt.setTime_t(lm); + QString t_modified = (lm)? dt.toString():"-"; + if (lm>lc && lm>li) t_modified=QString("")+t_modified+""; + + dt.setTime_t(lc); + QString t_compiled = (lc)? dt.toString():"-"; + if (lc>lm && lc>li) t_compiled=QString("")+t_compiled+""; + + dt.setTime_t(li); + QString t_installed = (li)? dt.toString():"-"; + if (li>lc && li>lm) t_installed=QString("")+t_installed+""; + + + + if (showPath && !tooltip) str += "Path: " + path + "
    \n"; + str += ""; + str += QString("\n"; + str += QString("\n"; + str += QString("\n"; + + str += QString("\n"; + str += QString("\n"; + str += QString("\n"; + + str += "
    Platform:") + + platform + "
    Version:") + + readableVersion + "
    Host OS:") + + hostOS + "
    Modified:") + + t_modified + "
    Compiled:") + + t_compiled + "
    Installed:") + + t_installed + "
    "; + } else if (Interface::isA(obj)) + { + str+=QObject::tr("Path: ")+ path +"
    \n"; + QString q; + if (Interface::constcast(obj)->isDyn()) q=" dyn"; + if (Interface::constcast(obj)->isUnnumbered()) q=" unnum"; + if (Interface::constcast(obj)->isBridgePort()) q=" bridge port"; + + FWObject *p=obj; + while (p!=NULL && !Firewall::isA(p)) p=p->getParent(); + if (p!=NULL && (p->getStr("platform")=="pix" || p->getStr("platform")=="fwsm")) + { + int sl=Interface::constcast(obj)->getSecurityLevel(); + q=q+QString("sec.level %1").arg(sl); + } else + { + if (Interface::constcast(obj)->isExt()) q=q+" ext"; + } + + if (Interface::constcast(obj)->isUnprotected()) q=q+" unp"; + + if (q!="") str += " (" + q + ")"; + str += "
    \n"; + if (showPath && !tooltip) str += "Path: " + path + "
    \n"; + + physAddress *paddr=(Interface::cast(obj))->getPhysicalAddress(); + if (paddr!=NULL) + { + str += " "; + str += paddr->getPhysAddress().c_str() ; + } + + + } else if (CustomService::isA(obj)) + { + + if (showPath && !tooltip) str += "Path: " + path + "
    \n"; + + CustomService *s = dynamic_cast(obj); + bool first=true; + + map platforms = Resources::getPlatforms(); + for (map::iterator i=platforms.begin(); i!=platforms.end(); i++) + { + string c=s->getCodeForPlatform( (*i).first ); + if ( c!="" ) + { + if (first) + { + str += ""; + first=false; + } + str += QString("\n") + .arg((*i).second.c_str()).arg(c.c_str()); + } + } + if (!first) str += "
    %1%2
    "; + + } else if (IPService::isA(obj)) + { + if (showPath && !tooltip) str += "Path: " + path + "
    \n"; + str += QObject::tr("protocol ") + obj->getStr("protocol_num").c_str(); + + } else if (ICMPService::isA(obj)) + { + if (showPath && !tooltip) str += "Path: " + path + "
    \n"; + str += QObject::tr("type: ") + obj->getStr("type").c_str() + + " " + + QObject::tr("code: ") + obj->getStr("code").c_str(); + + } else if (TCPService::isA(obj) || UDPService::isA(obj)) + { + int sps,spe,dps,dpe; + + sps=obj->getInt("src_range_start"); + spe=obj->getInt("src_range_end"); + dps=obj->getInt("dst_range_start"); + dpe=obj->getInt("dst_range_end"); + + if (showPath && !tooltip) str += "Path: " + path + "
    \n"; + str += ""; + str += QString("\n") + .arg(sps).arg(spe); + str += QString("\n") + .arg(dps).arg(dpe); + str += "
    source port range%1:%2
    destination port range%1:%2
    "; + } else if (TagService::isA(obj)) + { + str += QObject::tr("Pattern: \"%1\"").arg(obj->getStr("tagcode").c_str()); + } else if (Interval::isA(obj)) + { + + } + } catch (FWException &ex) + { + cerr << ex.toString() << endl; + } + + if (richText) return str; + + return FWObjectPropertiesFactory::stripHTML(str); +} + +/* + * Do not translate literals 'pipe', 'queue', 'divert' below, these refer + * to actual ipfw parameters and should not be localized. + */ +QString FWObjectPropertiesFactory::getRuleActionProperties(PolicyRule *rule) +{ + QString par = ""; + + if (rule!=NULL) + { + string act = rule->getActionAsString(); + + FWObject *o = rule; + while (o!=NULL && Firewall::cast(o)==NULL) o=o->getParent(); + assert(o!=NULL); + Firewall *f=Firewall::cast(o); + string platform=f->getStr("platform"); + + FWOptions *ropt = rule->getOptionsObject(); + string editor=Resources::getActionEditor(platform,act); + + if (editor!="None") + { + switch (rule->getAction()) + { + case PolicyRule::Reject : + par = ropt->getStr("action_on_reject").c_str(); + break; + case PolicyRule::Tag : + par = ropt->getStr("tagvalue").c_str(); + break; + case PolicyRule::Accounting : + par = ropt->getStr("rule_name_accounting").c_str(); + break; + case PolicyRule::Custom : + par = ropt->getStr("custom_str").c_str(); + break; + case PolicyRule::Branch : + par = ropt->getStr("branch_name").c_str(); + break; + case PolicyRule::Classify : + if (platform=="ipfw") + { + if (ropt->getInt("ipfw_classify_method") == DUMMYNETPIPE) + { + par = "pipe"; + } else { + par = "queue"; + } + par = par + " " + ropt->getStr("ipfw_pipe_queue_num").c_str(); + } else + { + par = ropt->getStr("classify_str").c_str(); + } + break; + case PolicyRule::Pipe : + if (platform=="ipfw") + { + par = QString("divert ") + + ropt->getStr("ipfw_pipe_port_num").c_str(); + } + break; + case PolicyRule::Route : + if (platform=="iptables") + { + string a; + a = ropt->getStr("ipt_gw"); + if (!a.empty()) par = par + " gw: " + a.c_str(); + a = ropt->getStr("ipt_iif"); + if (!a.empty()) par = par + " iif: " + a.c_str(); + a = ropt->getStr("ipt_oif"); + if (!a.empty()) par = par + " oif: " + a.c_str(); + } + if (platform=="ipf") + { + string a; + a = ropt->getStr("ipf_route_option"); + if (!a.empty()) + { + par = par + " "+ + getScreenName(a.c_str(), + getRouteOptions_pf_ipf( platform.c_str() )); + } + a = ropt->getStr("ipf_route_opt_if"); + if (!a.empty()) par = par + " "+ a.c_str(); + a = ropt->getStr("ipf_route_opt_addr"); + if (!a.empty()) par = par + " "+ a.c_str(); + } + if (platform=="pf") + { + string a; + a = ropt->getStr("pf_route_option"); + if (!a.empty()) par = par + " "+ a.c_str(); + a = ropt->getStr("pf_route_opt_if"); + if (!a.empty()) par = par + " "+ a.c_str(); + a = ropt->getStr("pf_route_opt_addr"); + if (!a.empty()) par = par + " "+ a.c_str(); + } + break; + + + default : {} + } + } + + } + + return par; +} + +QString FWObjectPropertiesFactory::getRuleActionPropertiesRich(PolicyRule *rule) +{ + FWObject *p=rule; + while (p!=NULL && !Firewall::isA(p)) p=p->getParent(); + assert(p!=NULL); + string platform=p->getStr("platform"); + QString act = getActionNameForPlatform(rule->getAction(),platform.c_str()); + + QString par = getRuleActionProperties(rule); + QString res = QObject::tr("Action : ")+act+"
    \n"; + if (!par.isEmpty()) + { + res+=QObject::tr("Parameter: ")+par; + } + return res; +} + +QString FWObjectPropertiesFactory::getPolicyRuleOptions(Rule *rule) +{ + QString res; + + if (rule!=NULL) + { + res=""; + FWObject *o = rule; + while (o!=NULL && Firewall::cast(o)==NULL) o=o->getParent(); + assert(o!=NULL); + Firewall *f=Firewall::cast(o); + string platform=f->getStr("platform"); + FWOptions *ropt = rule->getOptionsObject(); + + if (platform=="iptables") + { + if (!ropt->getStr("log_prefix").empty()) + { + res+=QObject::tr("Log prefix : "); + res+=QString(ropt->getStr("log_prefix").c_str())+"
    \n"; + } + + if (!ropt->getStr("log_level").empty()) + { + res+=QObject::tr("Log Level : "); + res+=getScreenName(ropt->getStr("log_level").c_str(), + getLogLevels(platform.c_str()))+"
    \n"; + } + + if (ropt->getInt("ulog_nlgroup")>1) + { + res+=QObject::tr("Netlink group : "); + res+=QString(ropt->getStr("ulog_nlgroup").c_str())+"
    \n"; + } + + if (ropt->getInt("limit_value")>0) + { + res+=QObject::tr("Limit Value : "); + res+=QString(ropt->getStr("limit_value").c_str())+"
    \n"; + } + + if (!ropt->getStr("limit_suffix").empty()) + { + res+=QObject::tr("Limit suffix : "); + res+=getScreenName(ropt->getStr("limit_suffix").c_str(), + getLimitSuffixes(platform.c_str()))+"
    \n"; + } + + if (ropt->getInt("limit_burst")>0) + { + res+=QObject::tr("Limit burst : "); + res+=QString(ropt->getStr("limit_burst").c_str())+"
    \n"; + } + + res+="
      "; + if (ropt->getBool("firewall_is_part_of_any_and_networks")) + { + res+=QObject::tr("
    • Part of Any
      • "); + res+="
      \n"; + } + + if (ropt->getBool("stateless")) + { + res+=QObject::tr("
    • Stateless
      • "); + res+="
      \n"; + } + res+="
    "; + + }else if (platform=="ipf") + { + if (!ropt->getStr("ipf_log_facility").empty()) + { + res+=QObject::tr("Log facility: "); + res+=getScreenName(ropt->getStr("ipf_log_facility").c_str(), + getLogFacilities(platform.c_str()))+"
    \n"; + } + + if (!ropt->getStr("log_level").empty()) + { + res+=QObject::tr("Log level : "); + res+=getScreenName(ropt->getStr("log_level").c_str(), + getLogLevels(platform.c_str()))+"
    \n"; + } + + res+="
      "; + if (ropt->getBool("ipf_return_icmp_as_dest")) + { + res+=QObject::tr("
    • Send 'unreachable'
      • "); + res+="
      \n"; + } + + if (ropt->getBool("stateless")) + { + res+=QObject::tr("
    • Stateless
      • "); + res+="
      \n"; + } + + if (ropt->getBool("ipf_keep_frags")) + { + res+=QObject::tr("
    • Keep information on fragmented packets
      • "); + res+="
      \n"; + } + res+="
    "; + + }else if (platform=="pf") + { + + if (!ropt->getStr("log_prefix").empty()) + { + res+=QObject::tr("Log prefix : "); + res+=QString(ropt->getStr("log_prefix").c_str())+"
    \n"; + } + + if (ropt->getInt("pf_rule_max_state")>0) + { + res+=QObject::tr("Max state : "); + res+=QString(ropt->getStr("pf_rule_max_state").c_str())+"
    \n"; + } + + res+="
      "; + if (ropt->getBool("stateless")) + { + res+=QObject::tr("
    • Stateless
      • "); + res+="
      \n"; + } + + if (ropt->getBool("pf_source_tracking")) + { + res+=QObject::tr("
    • Source tracking
      • "); + res+="
      \n"; + + res+=QObject::tr("Max src nodes : "); + res+=QString(ropt->getStr("pf_max_src_nodes").c_str())+"
      \n"; + + res+=QObject::tr("Max src states: "); + res+=QString(ropt->getStr("pf_max_src_states").c_str())+"
      \n"; + + } + res+="
    "; + + }else if (platform=="ipfw") + { + res+="
      "; + if (ropt->getBool("stateless")) + { + res+=QObject::tr("
    • Stateless
      • "); + res+="
      \n"; + } + res+="
    "; + + }else if (platform=="pix" || platform=="fwsm") + { + string vers="version_"+f->getStr("version"); + + res+=QObject::tr("Ver:%1
    \n").arg(vers.c_str()); + + if ( Resources::platform_res[platform]->getResourceBool( + "/FWBuilderResources/Target/options/"+vers+"/pix_rule_syslog_settings")) + { + + if (!ropt->getStr("log_level").empty()) + { + res+=QObject::tr("Log level : "); + res+=getScreenName(ropt->getStr("log_level").c_str(), + getLogLevels(platform.c_str()))+"
    \n"; + } + if (ropt->getInt("log_interval")>0) + { + res+=QObject::tr("Log interval : "); + res+=QString(ropt->getStr("log_interval").c_str())+"
    \n"; + } + + res+="
      "; + if (ropt->getBool("disable_logging_for_this_rule")) + { + res+=QObject::tr("
    • Disable logging for this rule
      • "); + res+="
      \n"; + } + res+="
    "; + + } + } + + } + + return res; +} + +QString FWObjectPropertiesFactory::getNATRuleOptions(Rule *rule) +{ + QString res; + + if (rule!=NULL) + { + res=""; + FWObject *o = rule; + while (o!=NULL && Firewall::cast(o)==NULL) o=o->getParent(); + assert(o!=NULL); + Firewall *f=Firewall::cast(o); + string platform=f->getStr("platform"); + FWOptions *ropt = rule->getOptionsObject(); + + if (fwbdebug) + qDebug(QString("getNATRuleOptions: platform: %2").arg(platform.c_str()).toAscii().constData()); + + if (platform=="pf") + { + if (ropt->getBool("pf_bitmask")) res+=QObject::tr("bitmask"); + if (ropt->getBool("pf_random")) res+=QObject::tr("random"); + if (ropt->getBool("pf_source_hash")) res+=QObject::tr("source-hash"); + if (ropt->getBool("pf_round_robin")) res+=QObject::tr("round-robin"); + if (!res.isEmpty()) res += ","; + if (ropt->getBool("pf_static_port")) res+=QObject::tr("static-port"); + } + } + + return res; +} + diff --git a/src/gui/FWObjectPropertiesFactory.h b/src/gui/FWObjectPropertiesFactory.h new file mode 100644 index 000000000..1d822c01e --- /dev/null +++ b/src/gui/FWObjectPropertiesFactory.h @@ -0,0 +1,62 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id$ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#ifndef __FWOBJECTPROPERTIESFACTORY_H +#define __FWOBJECTPROPERTIESFACTORY_H + +#include + +namespace libfwbuilder { + class FWObject; + class PolicyRule; + class Rule; +} + +class FWObjectPropertiesFactory { + + public: + +/** + * returns a one line property of the object for the second column of + * the tree view + */ + static QString getObjectProperties(libfwbuilder::FWObject *obj); + + static QString getObjectPropertiesDetailed(libfwbuilder::FWObject *obj, + bool showPath=false, + bool tooltip=false, + bool accentName=true, + bool richText=true); + static QString getRuleActionProperties(libfwbuilder::PolicyRule *rule); + static QString getRuleActionPropertiesRich(libfwbuilder::PolicyRule *rule); + static QString getPolicyRuleOptions(libfwbuilder::Rule *rule); + static QString getNATRuleOptions(libfwbuilder::Rule *rule); + + static QString stripHTML(const QString &str); + +}; + +#endif + diff --git a/src/gui/FWWindow.cpp b/src/gui/FWWindow.cpp new file mode 100644 index 000000000..9f3e0a067 --- /dev/null +++ b/src/gui/FWWindow.cpp @@ -0,0 +1,2812 @@ +/* + + Firewall Builder + + Copyright (C) 2003, 2006 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: FWWindow.cpp,v 1.220 2007/07/07 05:39:33 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#include "config.h" +#include "global.h" +#include "utils.h" +#include "utils_no_qt.h" + +#include "FWWindow.h" +#include "ObjectTreeView.h" +#include "ObjectManipulator.h" +#include "FWObjectClipboard.h" +#include "FWBTree.h" +#include "FWBSettings.h" +#include "FWObjectPropertiesFactory.h" +#include "upgradePredicate.h" +#include "listOfLibraries.h" +#include "ObjConflictResolutionDialog.h" +#include "RuleSetView.h" +#include "RCSFileDialog.h" +#include "RCSFilePreview.h" +#include "ObjectEditor.h" +#include "execDialog.h" +#include "PrefsDialog.h" +#include "LibExportDialog.h" +#include "findDialog.h" +#include "DiscoveryDruid.h" +#include "FindObjectWidget.h" +#include "FindWhereUsedWidget.h" +#include "longTextDialog.h" + +#include +#include "FWBAboutDialog.h" +#include "debugDialog.h" +#include "filePropDialog.h" + +#include "instConf.h" +#include "instDialog.h" + +#include "fwbuilder/FWReference.h" +#include "fwbuilder/Policy.h" +#include "fwbuilder/InterfacePolicy.h" +#include "fwbuilder/NAT.h" +#include "fwbuilder/Routing.h" +#include "fwbuilder/Tools.h" +#include "fwbuilder/dns.h" +//#include "fwbuilder/crypto.h" +#include "fwbuilder/XMLTools.h" +#include "fwbuilder/Resources.h" +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/FWException.h" +#include "fwbuilder/Management.h" +#include "fwbuilder/RuleElement.h" + +#include "fwbuilder/Library.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Host.h" +#include "fwbuilder/Network.h" +#include "fwbuilder/IPv4.h" +#include "fwbuilder/AddressRange.h" +#include "fwbuilder/ObjectGroup.h" + +#include "fwbuilder/Resources.h" +#include "fwbuilder/FWReference.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/RuleSet.h" + +#include "fwbuilder/CustomService.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/ServiceGroup.h" + +#include "fwbuilder/Interval.h" +#include "fwbuilder/IntervalGroup.h" + + +#include +#include +#include +#include +#include + +#include + +#ifndef _WIN32 +# include // for access(2) +#else +# undef index +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +using namespace libfwbuilder; +using namespace std; +using namespace Ui; + +FWWindow::FWWindow() +{ + if (fwbdebug) + qDebug("FWWindow constructor"); + + m_mainWindow = new Ui::FWBMainWindow_q(); + m_mainWindow->setupUi(dynamic_cast(this)); + + rcs = NULL; + systemFile = true; + visibleFirewall = NULL; + shownInInfo = NULL; + ruleSetTabIndex = 0; + lastFirewallIdx = -2; + delete m_mainWindow->treeFrame; + + instd = NULL; + + changingTabs = false; + ruleSetRedrawPending = false; + + setSafeMode(false); + setStartupFileName(""); + + printer = new QPrinter(QPrinter::HighResolution); + + noFirewalls = tr("No firewalls defined"); + + autosaveTimer = new QTimer(static_cast(this)); + instDialogOnScreenTimer = new QTimer(static_cast(this)); + + connect(instDialogOnScreenTimer, SIGNAL(timeout()), this, SLOT(killInstDialog())); + instDialogOnScreenTimer->start(1000); + + // om is a global var + + om=new ObjectManipulator( m_mainWindow->objInfoSplitter ); + + QSizePolicy policy(QSizePolicy::Expanding, QSizePolicy::Expanding); + policy.setHorizontalStretch(0); + policy.setVerticalStretch(0); + policy.setHeightForWidth(om->sizePolicy().hasHeightForWidth()); + + om->setSizePolicy( policy ); + + m_mainWindow->objInfoSplitter->insertWidget( 0, om ); + //m_mainWindow->frame16->setMinimumSize(QSize(100,0)); + m_mainWindow->rightFrame->setMinimumSize(QSize(0,0)); + + connect( m_mainWindow->newObjectAction, SIGNAL( triggered() ), + om, SLOT( newObject() ) ); + + connect( m_mainWindow->backAction, SIGNAL( triggered() ), + om, SLOT( back() ) ); + + connect( m_mainWindow->findAction, SIGNAL( triggered() ), + this, SLOT( search() ) ); + + connect( m_mainWindow->ObjectMenu, SIGNAL (aboutToShow() ), + this, SLOT( prepareObjectMenu() )); + + delete m_mainWindow->infoFrame; + + oi=new QTextEdit( m_mainWindow->objInfoSplitter ); + oi->setReadOnly(true); + + m_mainWindow->objInfoSplitter->setStretchFactor(m_mainWindow->objInfoSplitter->indexOf(oi), 0); + + policy.setHeightForWidth(oi->sizePolicy().hasHeightForWidth()); + oi->setSizePolicy( policy ); + + m_mainWindow->objInfoSplitter->addWidget( oi ); + + + oi->setGeometry( oi->geometry().x(), oi->geometry().y(), + oi->geometry().width(), st->getInfoWindowHeight() ); + + if (st->getInfoStyle()!=0) oi->show(); + else oi->hide(); + + findObjectWidget = new FindObjectWidget( m_mainWindow->auxiliaryPanel, "findObjectWidget" ); + findObjectWidget->setFocusPolicy( Qt::NoFocus ); + m_mainWindow->auxiliaryPanel->layout()->addWidget( findObjectWidget ); + connect( findObjectWidget, SIGNAL( close() ), this, SLOT( closeAuxiliaryPanel() ) ); + + findWhereUsedWidget = new FindWhereUsedWidget(m_mainWindow->auxiliaryPanel, "findWhereUsedWidget"); + findWhereUsedWidget->setFocusPolicy( Qt::NoFocus ); + m_mainWindow->auxiliaryPanel->layout()->addWidget( findWhereUsedWidget ); + findWhereUsedWidget->hide(); + connect( findWhereUsedWidget, SIGNAL( close() ), this, SLOT( closeAuxiliaryPanel() ) ); + m_mainWindow->auxiliaryPanel->hide(); + om->show(); + + if (fwbdebug) + qDebug("/FWWindow constructor"); + + +// findObject->setMinimumSize( QSize( 0, 0 ) ); +} + +FWWindow::~FWWindow() +{ + if (rcs!=NULL) delete rcs; + delete m_mainWindow; +} + +void FWWindow::killInstDialog() +{ + if (instd!=NULL && !instd->isVisible()) + { + if (fwbdebug) qDebug("killing instDialog..."); + delete instd; + instd = NULL; + } +} + +void FWWindow::startupLoad() +{ + if (fwbdebug) qDebug("startup: load everything ..."); + + int sa = st->getStartupAction(); + + if (safeMode) mw->load(NULL); + else + { + if (startupFileName.isEmpty() && sa==1) // load last edited + { + startupFileName = st->getLastEdited(); + } + + if ( !startupFileName.isEmpty() ) + { + try + { + RCS *rcs=new RCS(startupFileName); + rcs->co(); + load(NULL,rcs); + } catch (FWException &ex) + { + qDebug("Exception: %s",ex.toString().c_str()); + load(NULL); + } + } else + { + load(NULL); // load standard objects + } + } + + QString id = st->getStr("UI/visibleFirewall"); + FWObject *show_fw=NULL; + if ( !id.isEmpty() ) show_fw = mw->db()->getById(id.toLatin1().constData(),true); + + id = st->getStr("UI/visibleObject"); + FWObject *show_obj=NULL; + if ( !id.isEmpty() ) show_obj = mw->db()->getById(id.toLatin1().constData(),true); + + showFirewalls( show_fw==NULL ); + + if ( sa==1 && !safeMode ) + { + if (show_fw) + { + if (fwbdebug) + qDebug("open firewall %s",show_fw->getName().c_str()); + showFirewall( show_fw ); + } + + if (show_obj) + { + if (fwbdebug) + qDebug("open object %s",show_obj->getName().c_str()); + om->openObject( show_obj ); + } + } + +} + +void FWWindow::clearFirewallTabs() +{ + if (fwbdebug) qDebug("FWWindow::clearFirewallTabs"); + + m_mainWindow->ruleSets->hide(); + + while (m_mainWindow->ruleSets->count()!=0) + { + QWidget *p = m_mainWindow->ruleSets->widget(0); + m_mainWindow->ruleSets->removeTab(m_mainWindow->ruleSets->indexOf(p)); + delete p; + } + m_mainWindow->ruleSets->show(); + return; +} + +void FWWindow::helpAbout() +{ + FWBAboutDialog ad; + ad.exec(); +} + +void FWWindow::debug() +{ + debugDialog dd(this); + dd.exec(); +} + +void FWWindow::info(FWObject *obj, bool forced) +{ + if (fwbdebug) + qDebug("FWWindow::info called"); + + if (st->getInfoStyle()!=0 && (shownInInfo!=obj || forced)) + { + oi->clear(); + + QString s=""; + if (st->getInfoStyle()==2) + { + s=FWObjectPropertiesFactory::getObjectPropertiesDetailed(obj) + + QString("
    "); + oi->setText(s); + } + + oi->setFontWeight(QFont::Normal); + oi->setFontItalic(false); + oi->setFontUnderline(false); + oi->setTextColor(Qt::black); + s=QString::fromUtf8(obj->getComment().c_str()); + oi->append(s); + oi->moveCursor(QTextCursor::Start); + + shownInInfo = obj; + } + +// mw->unselectRules(); +} + +bool FWWindow::saveIfModified() +{ + if (db()->isDirty()) + { + switch (QMessageBox::information(this, "Firewall Builder", + tr("Some objects have been modified but not saved.\n" + "Do you want to save changes now ?"), + tr("&Save"), tr("&Discard"), tr("&Cancel"), + 0, // Enter = button 0 + 2 ) ) { // Escape == button 2 + + case 0: + save(); + break; + case 1: // discard + db()->setDirty(false); + break; + case 2: // cancel + return(false); + } + } + return true; +} + +QString FWWindow::getDestDir(const QString &fname) +{ + QString destdir = ""; + + if (st->getWDir().isEmpty()) + { + if (fname.isEmpty()) + { +/* need some reasonable default working directory. + * on Unix will use current dir. + * on Windows will use user's document dir. + */ +#if defined(Q_OS_WIN32) || defined(Q_OS_MACX) + destdir = userDataDir.c_str(); +#else + destdir = ""; +#endif + } else + { + if (QFileInfo(fname).isDir()) destdir=fname; + else + destdir = fname.left( fname.lastIndexOf('/',-1) ); + } + } else + { + destdir=st->getWDir(); + } + return destdir; +} + + + +QString FWWindow::chooseNewFileName(const QString &fname, + bool checkPresence,const QString &title) +{ + QString destdir = getDestDir(fname); + + QString fn = QFileDialog::getSaveFileName( this, title, destdir, + tr( "FWB Files (*.fwb);;All Files (*)" ) ); + if ( fn.isEmpty() ) return ""; + + QFileInfo finfo(fn); + + //if (finfo.extension(false)!="fwb") fn=fn+".fwb"; + if (finfo.suffix()!="fwb") fn=fn+".fwb"; + + finfo.setFile(fn); + + if ( ! checkPresence || ! finfo.exists() || + QMessageBox::warning( + this,"Firewall Builder", + tr("The file %1 already exists.\nDo you want to overwrite it ?") + .arg(fn.toLatin1().constData()), + tr("&Yes"), tr("&No"), QString::null, + 0, 1 )==0 ) + { + return fn; + } + + return ""; +} + +void FWWindow::setFileName(const QString &fname) +{ + systemFile=false; + rcs->setFileName(fname); + db()->setFileName(fname.toLatin1().constData()); + + QString caption = rcs->getFileName().section("/",-1,-1); + if (rcs->isInRCS()) caption = caption + ", rev " + rcs->getSelectedRev(); + + setWindowTitle( QString("Firewall Builder: ")+caption ); +} + +void FWWindow::fileProp() +{ + if (rcs!=NULL) + { + filePropDialog fpd(this,rcs); + fpd.setPrinter(printer); + fpd.exec(); + } +} + +void FWWindow::fileNew() +{ + QString nfn=chooseNewFileName(st->getWDir(),true, + tr("Choose name and location for the new file")); + if ( !nfn.isEmpty() ) + { + if (!saveIfModified() || !checkin(true)) return; + if (!systemFile && rcs!=NULL) fileClose(); // fileClose calls load(this) + else load(this); + + visibleFirewall = NULL; + showFirewalls( false ); + + + setFileName(nfn); + + save(); + + m_mainWindow->addToRCSAction->setEnabled( !rcs->isInRCS() && !rcs->isRO() && !rcs->isTemp()); + m_mainWindow->fileDiscardAction->setEnabled( rcs->isInRCS() && !rcs->isRO() && !rcs->isTemp()); + m_mainWindow->fileCommitAction->setEnabled( rcs->isInRCS() && !rcs->isRO() && !rcs->isTemp()); + m_mainWindow->fileSaveAction->setEnabled( !rcs->isRO() && !rcs->isTemp() ); + + setupAutoSave(); + } +} + +void FWWindow::fileOpen() +{ + if (fwbdebug) qDebug("FWWindow::fileOpen(): start"); + + RCSFileDialog fd(this, 0, true); + RCSFilePreview fp(this); + + if ( fd.exec() != QDialog::Accepted ) + return; + + bool hasRCS = fp.showFileRLog( fd.selectedFiles()[0] ); + + if ( (!hasRCS) || (fp.exec() == QDialog::Accepted) ) + { + if (!saveIfModified() || !checkin(true)) return; + if (!systemFile && rcs!=NULL) fileClose(); + + //try to get simple rcs instance from RCS preview + RCS *rcs = fp.getSelectedRev(); + + //if (by some matter) preview cannot give RCS, + //get a new RCS from file dialog + if (rcs==NULL) + rcs = fd.getSelectedRev(); + + //if RCS isn't still formed, it's an error + if (rcs==NULL) + return; + +/*********************************************************************** + * TODO : add an option "RCS support" + * + * if opening read-only, do not checkout + * checkout may throw exception, need to catch it + */ + try + { + rcs->co(); + + } catch (FWException &ex) + { +/* if there was an exception, abort operation. E.g. RCS::co may throw + * exception */ + return; + } +/***********************************************************************/ + + load(this, rcs ); + showFirewalls( true ); + + if (rcs->isTemp()) unlink(rcs->getFileName().toLatin1().constData()); + } +} + +void FWWindow::fileClose() +{ + if (fwbdebug) qDebug("FWWindow::fileClose(): start"); + + findObjectWidget->init(); + if (oe->isVisible()) oe->hide(); + + if (!saveIfModified() || !checkin(true)) return; + + if (rcs) delete rcs; + rcs=NULL; + + if (fwbdebug) qDebug("FWWindow::fileClose(): clearing widgets"); + + firewalls.clear(); + m_mainWindow->fwList->clear(); + visibleFirewall = NULL; + clearFirewallTabs(); + ruleSetViews.clear(); + om->clearObjects(); + FWObjectClipboard::obj_clipboard->clear(); + + if (fwbdebug) qDebug("FWWindow::fileClose(): loading standard objects"); + + load(this); + + if (fwbdebug) qDebug("FWWindow::fileClose(): show firewalls"); + + showFirewalls( false ); + + if (fwbdebug) qDebug("FWWindow::fileClose(): all done"); + + setupAutoSave(); +} + +void FWWindow::fileSave() +{ + QStatusBar *sb = statusBar(); + sb->showMessage( tr("Saving data to file...") ); + QApplication::processEvents(QEventLoop::ExcludeUserInputEvents,100); + save(); + sb->clearMessage(); + QApplication::processEvents(QEventLoop::ExcludeUserInputEvents,100); +} + +void FWWindow::fileSaveAs() +{ + if (oe->isVisible()) oe->hide(); + +/* we need to save data into the current file before we save it into a + * new file, provided we do have current file + if (!systemFile && rcs && + !rcs->isRO() && !rcs->isTemp() && !rcs->getFileName().isEmpty() && + (!saveIfModified() || !checkin(true)) + ) return; + + */ + + +/* need to close the file without asking and saving, then reopen it again */ + + db()->setDirty(false); // so it wont ask if user wants to save + rcs->abandon(); + + QString oldFileName = rcs->getFileName(); + if (rcs!=NULL) delete rcs; + + rcs = new RCS(""); + + QString nfn=chooseNewFileName(oldFileName,true, + tr("Choose name and location for the file")); + + if (!nfn.isEmpty()) + { + setFileName(nfn); + + save(); + + m_mainWindow->addToRCSAction->setEnabled( !rcs->isInRCS() && !rcs->isRO() && !rcs->isTemp()); + m_mainWindow->fileDiscardAction->setEnabled( rcs->isInRCS() && !rcs->isRO() && !rcs->isTemp()); + m_mainWindow->fileCommitAction->setEnabled( rcs->isInRCS() && !rcs->isRO() && !rcs->isTemp()); + m_mainWindow->fileSaveAction->setEnabled( !rcs->isRO() && !rcs->isTemp() ); +} +} + +void FWWindow::fileExit() +{ + if (saveIfModified() && checkin(true)) + { + if (rcs) delete rcs; + qApp->quit(); + } +} + +void FWWindow::fileCommit() +{ + // Steps: + // 1.save the file + // 2.checkin (checkin() returns false when user hits Cancel) + // 3. close file + // 4. reopen it + + QString fname = rcs->getFileName(); + save(); + if (!checkin(true)) return; + fileClose(); + try + { + RCS *rcs = new RCS(fname); + if (rcs==NULL) return; + rcs->co(); + load(this,rcs); + } catch (FWException &ex) + { + load(this); + return; + } + showFirewalls( true ); +} + +/* + * discard changes done to the file and check out clean copy of the + * head revision from RCS + */ +void FWWindow::fileDiscard() +{ + if (QMessageBox::warning(this, "Firewall Builder", + tr("This operation discards all changes that have been saved\n" + "into the file so far, closes it and replaces it with a clean\n" + "copy of its head revision from RCS.\n" + "\n" + "All changes will be lost if you do this.\n\n"), + tr("&Discard changes"), + tr("&Cancel"), QString::null, + 1 )==0 ) + { +/* need to close the file without asking and saving, then reopen it again */ + + QString fname = rcs->getFileName(); + + db()->setDirty(false); // so it wont ask if user wants to save + rcs->abandon(); + fileClose(); + + try + { + RCS *rcs = new RCS(fname); + if (rcs==NULL) return; + rcs->co(); + load(this, rcs ); + } catch (FWException &ex) + { +/* if there was an exception, abort operation. E.g. RCS::co may throw + * exception */ + load(this); + return; + } +/***********************************************************************/ + + showFirewalls( true ); + } +} + +void FWWindow::fileAddToRCS() +{ + if (!saveIfModified()) return; + if (rcs && rcs->isCheckedOut()) return; + + try + { + if (!rcs->isInRCS() && !rcs->isRO()) + { + rcs->add(); + rcs->co(); + QMessageBox::information( + this,"Firewall Builder", + tr("File %1 has been added to RCS.").arg(rcs->getFileName()), + tr("&Continue"), QString::null,QString::null, + 0, 1 ); + } + } + catch (FWException &ex) + { + QMessageBox::critical( + this,"Firewall Builder", + tr("Error adding file to RCS:\n%1").arg(ex.toString().c_str()), + tr("&Continue"), QString::null,QString::null, + 0, 1 ); + } + + QString caption = rcs->getFileName().section("/",-1,-1); + if (rcs->isInRCS()) caption = caption + ", rev " + rcs->getSelectedRev(); + if (rcs->isRO()) caption = caption + " " + tr("(read-only)"); + + setWindowTitle( QString("Firewall Builder: ")+caption ); + + m_mainWindow->addToRCSAction->setEnabled( !rcs->isInRCS() && !rcs->isRO()); + m_mainWindow->fileDiscardAction->setEnabled( rcs->isInRCS() && !rcs->isRO() && !rcs->isTemp()); + m_mainWindow->fileCommitAction->setEnabled( rcs->isInRCS() && !rcs->isRO() && !rcs->isTemp()); +} + +bool FWWindow::editingLibrary() +{ + return (rcs!=NULL && + ( rcs->getFileName().endsWith(".fwl")) ); +} + +void FWWindow::toolsDiscoveryDruid() +{ + DiscoveryDruid druid(this); + druid.exec(); +} + +void FWWindow::importPolicy() +{ + DiscoveryDruid druid(this, true); + druid.exec(); +} + +void FWWindow::load(QWidget *dialogs_parent) +{ + if (fwbdebug) qDebug("FWWindow::load(): start"); + QStatusBar *sb = statusBar(); + + editingStandardLib = false; + editingTemplateLib = false; + + QWidget *dlgp=NULL; + if (dialogs_parent==NULL) + { + if (isVisible()) dlgp=this; + } else + { + dlgp=dialogs_parent; + } + + MessageBoxUpgradePredicate upgrade_predicate(dlgp); + + fd->reset(); + + if (fwbdebug) qDebug("FWWindow::load(): start 2"); + + try + { +// need to drop read-only flag on the database before I load new objects + + objdb = new FWObjectDatabase(); + objdb->setReadOnly( false ); + + if (fwbdebug) qDebug("FWWindow::load(): loading objects"); + + sb->showMessage( tr("Loading system objects...") ); + QApplication::processEvents(QEventLoop::ExcludeUserInputEvents,100); + +// always loading system objects + if (fwbdebug) qDebug("FWWindow::load(): sysfname = %s",sysfname.c_str()); + objdb->load( sysfname, &upgrade_predicate, librespath); + objdb->setFileName(""); + + if (fwbdebug) qDebug("FWWindow::load(): create User library"); + + FWObject *userLib=FWBTree::createNewLibrary( objdb ); + userLib->setName("User"); + userLib->setStr("color","#d2ffd0"); + + if (fwbdebug) qDebug("FWWindow::load(): loading libraries"); + + for (list::iterator i=addOnLibs->begin(); i!=addOnLibs->end(); ++i) + { + string libfname = i->path.toLatin1().constData(); + if (libfname!=sysfname && i->load) + { + if (fwbdebug) qDebug("FWWindow::load(): libfname = %s",libfname.c_str()); + FWObjectDatabase *ndb = new FWObjectDatabase(); + ndb->load(libfname, &upgrade_predicate,librespath); + FWObject *dobj = + ndb->findInIndex( FWObjectDatabase::getDeletedObjectsId()); + if (dobj) ndb->remove(dobj, false); + + MergeConflictRes mcr(dlgp); + objdb->merge(ndb, &mcr); + + delete ndb; + } + } + + if (fwbdebug) qDebug("FWWindow::load(): done loading"); + + objdb->setDirty(false); + objdb->setFileName(""); + + if (fwbdebug) qDebug("FWWindow::load(): create RCS"); + + rcs = new RCS(""); + systemFile=true; +/* + * TODO: we should create new FWObjectDatabase object and assign db + * instead of using singleton + */ +// objdb = FWObjectDatabase::db; + + setWindowTitle( "Firewall Builder" ); + + m_mainWindow->fileSaveAction->setEnabled( false ); + m_mainWindow->addToRCSAction->setEnabled( false ); + m_mainWindow->fileDiscardAction->setEnabled( false ); + m_mainWindow->fileCommitAction->setEnabled( false ); + + if (fwbdebug) qDebug("FWWindow::load(): done"); + + } catch(FWException &ex) + { + QMessageBox::warning( + this,"Firewall Builder", + tr("Error loading file:\n%1").arg(ex.toString().c_str()), + tr("&Continue"), QString::null,QString::null, + 0, 1 ); + } + + if (fwbdebug) qDebug("FWWindow::load(): load objects in ObjectManager"); + + om->loadObjects(); + + if (fwbdebug) qDebug("FWWindow::load(): all done"); + + setupAutoSave(); +} + +void FWWindow::load(QWidget *dialogs_parent,RCS *_rcs) +{ + QStatusBar *sb = statusBar(); + + fd->reset(); + + editingStandardLib = false; + editingTemplateLib = false; + + bool forceSave=false; // use this flag to force 'save' operation if file should be renamed + + QWidget *dlgp=NULL; + if (dialogs_parent==NULL) + { + if (isVisible()) dlgp=this; + } else + { + dlgp=dialogs_parent; + } + + MessageBoxUpgradePredicate upgrade_predicate(dlgp); + + assert(_rcs!=NULL); + + rcs = _rcs; + + try + { + /* load the data file */ + systemFile=false; + + objdb = new FWObjectDatabase(); + +// need to drop read-only flag on the database before I load new objects + objdb->setReadOnly( false ); + +// always loading system objects + sb->showMessage( tr("Loading system objects...") ); + QCoreApplication::processEvents(QEventLoop::ExcludeUserInputEvents); + + objdb->load( sysfname, &upgrade_predicate, librespath); + objdb->setFileName(""); + +// objects from a data file are in database ndb + + sb->showMessage( tr("Reading and parsing data file...") ); + QCoreApplication::processEvents(QEventLoop::ExcludeUserInputEvents); + //QApplication::eventLoop()->processEvents(QEventLoop::ExcludeUserInput,100); + + FWObjectDatabase *ndb = new FWObjectDatabase(); + ndb->load(rcs->getFileName().toLatin1().constData(), &upgrade_predicate,librespath); + time_t oldtimestamp = ndb->getTimeLastModified(); + + sb->clearMessage(); + QCoreApplication::processEvents(QEventLoop::ExcludeUserInputEvents); + +/* loadingLib is true if user wants to open a library or master library file */ + bool loadingLib = editingLibrary(); + + if (fwbdebug) + { + list ll = ndb->getByType(Library::TYPENAME); + for (FWObject::iterator i=ll.begin(); i!=ll.end(); i++) + { + qDebug("* Found library %s %s in the data file", + (*i)->getId().c_str(),(*i)->getName().c_str() ); + } + } + +/* if user opens library file, clear read-only flag so they can edit it */ + if (loadingLib) + { + list ll = ndb->getByType(Library::TYPENAME); + for (FWObject::iterator i=ll.begin(); i!=ll.end(); i++) + { + if ((*i)->getId()==STANDARD_LIB) editingStandardLib=true; + if ((*i)->getId()==TEMPLATE_LIB) editingTemplateLib=true; + (*i)->setReadOnly( false ); + } + } else + { +/* preload libraries only if we do not edit a library file */ + for (list::iterator i=addOnLibs->begin(); + i!=addOnLibs->end(); ++i) + { + string libfname = i->path.toLatin1().constData(); + if (libfname!=sysfname && i->load) + { + if (fwbdebug) + qDebug("* Adding library %s",i->name.toLatin1().constData()); + + FWObjectDatabase *ndb1 = new FWObjectDatabase(); + ndb1->load(libfname, &upgrade_predicate,librespath); + FWObject *nlib1 = ndb1->getFirstByType(Library::TYPENAME); + if(nlib1==NULL) + { + qDebug("Error preloading library from file %s", + libfname.c_str()); + assert(nlib1!=NULL); + } + string nlib1ID = nlib1->getId(); + FWObject *dobj = + ndb1->findInIndex(FWObjectDatabase::getDeletedObjectsId()); + if (dobj) ndb1->remove(dobj, false); + + MergeConflictRes mcr(dlgp); + objdb->merge(ndb1, &mcr); + +/* preloaded libraries are always read-only */ + objdb->findInIndex(nlib1ID)->setReadOnly(true); + + delete ndb1; + } + } + } + + sb->showMessage( tr("Merging with system objects...") ); + QCoreApplication::processEvents(QEventLoop::ExcludeUserInputEvents, 100); + //QApplication::eventLoop()->processEvents(QEventLoop::ExcludeUserInput,100); + + MergeConflictRes mcr(dlgp); + objdb->merge(ndb, &mcr); + + delete ndb; + + objdb->setFileName(rcs->getFileName().toLatin1().constData()); + objdb->resetTimeLastModified(oldtimestamp); + objdb->setDirty(false); + + sb->clearMessage(); + QCoreApplication::processEvents(QEventLoop::ExcludeUserInputEvents, 100); + //QApplication::eventLoop()->processEvents(QEventLoop::ExcludeUserInput,100); + +/* + * TODO: we should create new FWObjectDatabase object and assign db + * instead of using singleton + */ +// objdb = FWObjectDatabase::db; + + if (fwbdebug) + { + qDebug("* Merge is done"); + list ll = db()->getByType(Library::TYPENAME); + for (FWObject::iterator i=ll.begin(); i!=ll.end(); i++) + { + qDebug("* Library %s %s in the data file", + (*i)->getId().c_str(),(*i)->getName().c_str() ); + } + } + + +/* this is a hack: 'Standard' library should be read-only. I have too + * many files I already converted to the new API/DTD and I am too lazy + * to convert them again, so I patch it up here. + * + * However, if I am editing standard library, it should not be read-only. + */ + FWObject *slib = objdb->findInIndex("syslib000"); + if (fwbdebug) + qDebug("standard library read-only status: %d, editingStandardLib: %d", + slib->isReadOnly(), editingStandardLib); + + if (slib!=NULL ) slib->setReadOnly(! editingStandardLib); + +/* if the file name has an old extension .xml, change it to .fwb and + * warn the user + */ + QString fn = rcs->getFileName(); + QFileInfo ofinfo(fn); + + if ( ofinfo.suffix()=="xml") + { + if (fwbdebug) + { + qDebug("Need to rename file: %s",fn.toAscii().constData()); + qDebug(" dirPath: %s",ofinfo.dir().absolutePath().toAscii().constData()); + qDebug(" filePath: %s",ofinfo.absoluteFilePath().toAscii().constData()); + } + QString nfn=ofinfo.dir().absolutePath() + "/" + ofinfo.completeBaseName() + ".fwb"; + + bool needToRename = true; + +/* need these dances with symlinks to fix bug #1008956: "Existing .fwb + * file gets overwritten if has wrong extension" + */ + QFileInfo nfinfo(nfn); + if (nfinfo.exists() && ofinfo.isSymLink() && ofinfo.readLink()==nfn) + { +// .xml file is a symlink pointing at .fwb file +// no need to rename + needToRename = false; + } + + if (needToRename) + { + if (nfinfo.exists()) + { +/* .fwb file exists but .xml is not a symlink + * .fwb is a separate file with the same name. + * + * tell the user we need to rename old file but the new file exists, + * then ask them to choose a new name. If the user chooses the same + * name and agrees to overwrite the file, just use this name. If the + * user hits cancel, tell them they need to choose a new name and open + * "file save" dialog again. + * + * Show the first dialog only once. If user hits Cancel, they see + * shorted version of the dialog and will be presented with "save + * file" dialog again. + */ + QMessageBox::warning( + this,"Firewall Builder", + tr("Firewall Builder 2 uses file extension '.fwb' and \nneeds to rename old data file '%1' to '%2',\nbut file '%3' already exists.\nChoose a different name for the new file.") + .arg(fn).arg(nfn).arg(nfn), + tr("&Continue"), QString::null,QString::null, + 0, 1 ); + + nfn=chooseNewFileName(fn,true, + tr("Choose name and location for the new file")); + if (nfn.isEmpty()) + { + QString oldFileName = ofinfo.absoluteFilePath() + ".bak"; + rename(oldFileName.toLatin1().constData(), fn.toLatin1().constData()); + + QMessageBox::warning( + this,"Firewall Builder", + tr("Load operation cancelled and data file reverted to original version."), + tr("&Continue"), QString::null,QString::null, + 0, 1 ); + + load(this); + return; + } + nfinfo.setFile(nfn); + } + + rename(fn.toLatin1().constData(), nfn.toLatin1().constData()); + + + QMessageBox::warning( + this,"Firewall Builder", + tr("Firewall Builder 2 uses file extension '.fwb'. Your data file '%1' \nhas been renamed '%2'") + .arg(fn).arg(nfn), + tr("&Continue"), QString::null,QString::null, + 0, 1 ); + + } + + fn = nfn; + } + + rcs->setFileName(fn); + db()->setFileName(fn.toLatin1().constData()); + + QString caption = rcs->getFileName().section("/",-1,-1); + if (rcs->isInRCS()) caption = caption + ", rev " + rcs->getSelectedRev(); + if (rcs->isRO()) caption = caption + " " + tr("(read-only)"); + + setWindowTitle( QString("Firewall Builder: ")+caption ); + + m_mainWindow->fileSaveAction->setEnabled( !rcs->isRO() && !rcs->isTemp()); + m_mainWindow->addToRCSAction->setEnabled( !rcs->isInRCS() && !rcs->isRO()); + m_mainWindow->fileDiscardAction->setEnabled( rcs->isInRCS() && !rcs->isRO()); + m_mainWindow->fileCommitAction->setEnabled( rcs->isInRCS() && !rcs->isRO()); + + } catch(FWException &ex) + { + string trans = ex.getProperties()["failed_transformation"]; + string elem = ex.getProperties()["failed_element"]; + + if(!trans.empty() || !elem.empty()) + { + QString msg = tr("Exception: %1").arg(ex.toString().c_str()); + if (!trans.empty()) + msg+="\n"+tr("Failed transformation : %1").arg(trans.c_str()); + if (!elem.empty()) + msg+="\n"+tr("XML element : %1").arg(elem.c_str()); + + QMessageBox::warning( + this,"Firewall Builder", + tr("Error loading file:\n%1").arg(msg), + tr("&Continue"), QString::null,QString::null, + 0, 1 ); + } else + QMessageBox::warning( + this,"Firewall Builder", + tr("Error loading file:\n%1").arg(ex.toString().c_str()), + tr("&Continue"), QString::null,QString::null, + 0, 1 ); + + load(this); + return; + } + + db()->setReadOnly( rcs->isRO() || rcs->isTemp() ); + +// clear dirty flag for all objects, recursively + if (!forceSave) db()->setDirty(false); + + sb->showMessage( tr("Building object tree...") ); + QCoreApplication::processEvents(QEventLoop::ExcludeUserInputEvents, 100); + + om->loadObjects(); + QCoreApplication::processEvents(QEventLoop::ExcludeUserInputEvents, 100); + + sb->showMessage( tr("Indexing...") ); + QCoreApplication::processEvents(QEventLoop::ExcludeUserInputEvents, 100); + db()->reIndex(); + + sb->clearMessage(); + QCoreApplication::processEvents(QEventLoop::ExcludeUserInputEvents, 100); + + setupAutoSave(); +} + +bool FWWindow::checkin(bool unlock) +{ +/* doing checkin only if we did checkout so rcs!=NULL */ + QString rlog=""; + + if (systemFile || rcs==NULL || !rcs->isCheckedOut() || rcs->isTemp()) + return true; + + if (rcs->isDiff()) // if the file hasn't changed, do not need to ask for the comment + { + if ( ! st->getRCSLogState()) + { + RCSFileSaveDialog_q fsd; + QDialog *fsd_dialog = new QDialog(this); + fsd.setupUi(fsd_dialog); + fsd.checkinDialogTitle->setText( + QString("")+tr("Checking file %1 in RCS").arg(rcs->getFileName())+QString("") + ); + if ( fsd_dialog->exec()== QDialog::Rejected ) + { + delete fsd_dialog; + return false; + } + + bool empty_rcslog = fsd.nolog->isChecked(); + if (empty_rcslog) + { + rlog = ""; + st->setRCSLogState(true); + } else + rlog = fsd.rcslog->toPlainText(); + + delete fsd_dialog; + } + } + + +/***********************************************************************/ + try + { + if (fwbdebug) qDebug("about to check the file in"); + rcs->ci(rlog,unlock); + if (fwbdebug) qDebug("done"); + } + catch (FWException &ex) + { + QMessageBox::warning( + this,"Firewall Builder", + tr("Error checking in file %1:\n%2") + .arg(rcs->getFileName()).arg(ex.toString().c_str()), + tr("&Continue"), QString::null, QString::null, + 0, 1 ); + } +/***********************************************************************/ + return true; +} + +void FWWindow::save() +{ + if (fwbdebug) + qDebug("FWWindow::save: rcs=%p rcs->isRO=%d rcs->isTemp=%d rcs->getFileName=%s", + rcs, rcs->isRO(), rcs->isTemp(), rcs->getFileName().toLatin1().constData()); + + if (!rcs->isRO() && !rcs->isTemp()) + { + try + { + if (rcs->getFileName().isEmpty()) + fileSaveAs(); // eventually calls this method again + else + { +/* editingLibfile is true if user edits a library or master library file */ + bool editingLibfile=editingLibrary(); + + if (st->getDontSaveStdLib()) // this is now default + { + list userLibs; + list ll = mw->db()->getByType(Library::TYPENAME); + for (FWObject::iterator i=ll.begin(); i!=ll.end(); i++) + { + if (fwbdebug) qDebug("FWWindow::save() lib %s", + (*i)->getName().c_str() ); +/* if we are not editing a library file, skip preloaded libraries */ + if (!editingLibfile && + addOnLibs->isLoaded((*i)->getName().c_str())) + { + if (fwbdebug) qDebug(" skip"); + continue; + } +/* skip standard and template libraries unless we edit them */ + QString s=(*i)->getId().c_str(); + if (s==STANDARD_LIB && !editingStandardLib) continue; + if (s==TEMPLATE_LIB && !editingTemplateLib) continue; + + if (fwbdebug) qDebug(" add"); + userLibs.push_back( *i ); + } + + QApplication::setOverrideCursor(QCursor( Qt::WaitCursor)); + + FWObjectDatabase *ndb = mw->db()->exportSubtree(userLibs); + + if (editingLibfile) + { +/* exported libraries are always read-only */ + list ll = ndb->getByType(Library::TYPENAME); + for (FWObject::iterator i=ll.begin(); i!=ll.end(); i++) + if ((*i)->getId()!=STANDARD_LIB && + (*i)->getId()!=DELETED_LIB) (*i)->setReadOnly( true ); + } + + ndb->resetTimeLastModified( db()->getTimeLastModified() ); + ndb->saveFile( rcs->getFileName().toLatin1().constData() ); + + delete ndb; + + QApplication::restoreOverrideCursor(); + + } else + { + QApplication::setOverrideCursor(QCursor( Qt::WaitCursor)); + db()->saveFile( rcs->getFileName().toLatin1().constData() ); + QApplication::restoreOverrideCursor(); + } + } + db()->setDirty(false); + } + catch (FWException &ex) + { + QApplication::restoreOverrideCursor(); + +/* error saving the file. Since XMLTools does not return any useful + * error message in the exception, let's check for obvious problems here + */ + QString err; + if (access( rcs->getFileName().toLatin1().constData(), W_OK)!=0 && errno==EACCES) + err=tr("File is read-only"); + else + err=ex.toString().c_str(); + + QMessageBox::warning( + this,"Firewall Builder", + tr("Error saving file %1: %2") + .arg(rcs->getFileName()).arg(err), + tr("&Continue"), QString::null, QString::null, + 0, 1 ); + } + } +} + +void FWWindow::loadLibrary(const string &libfpath) +{ + MessageBoxUpgradePredicate upgrade_predicate; + + try + { + FWObjectDatabase *ndb = new FWObjectDatabase(); + ndb->load(libfpath, &upgrade_predicate, librespath); + + FWObject *dobj = ndb->findInIndex(FWObjectDatabase::getDeletedObjectsId()); + if (dobj) ndb->remove(dobj, false); + +#if 0 + list newLibs; + newLibs= ndb->getByType(Library::TYPENAME); + + list currentLibs; + currentLibs= db()->getByType(Library::TYPENAME); + + list duplicateLibs; + + for (list::iterator i=newLibs.begin(); i!=newLibs.end(); i++) + { + string newLibID = (*i)->getId(); + if (newLibID==STANDARD_LIB) + { + duplicateLibs.push_back(*i); + continue; + } + QString name = (*i)->getName().c_str(); + if (std::find_if(currentLibs.begin(),currentLibs.end(), + findFWObjectIDPredicate(newLibID))!=currentLibs.end() ) + { + QMessageBox::warning( + NULL,"Firewall Builder", + QObject::tr("Duplicate library '%1'").arg(QString::fromUtf8(name)), + QObject::tr("&Continue"), QString::null,QString::null, + 0, 1 ); + duplicateLibs.push_back(*i); + } + } + + if (!duplicateLibs.empty()) + { + for (list::iterator i=duplicateLibs.begin(); i!=duplicateLibs.end(); i++) + ndb->remove(*i,false); + } +#endif + MergeConflictRes mcr(this); + db()->merge(ndb, &mcr); + + delete ndb; + + } catch(FWException &ex) + { + QMessageBox::warning( + this,"Firewall Builder", + tr("Error loading file %1:\n%2"). + arg(libfpath.c_str()).arg(ex.toString().c_str()), + tr("&Continue"), QString::null,QString::null, + 0, 1 ); + } +} + +void FWWindow::fileImport() +{ + fd->reset(); + + QString fname = QFileDialog::getOpenFileName( this, + tr("Choose a file to import"), + st->getWDir(), + "Firewall Builder 4 (2) files (*.fwl);;FWB Files (*.fwb);;All Files (*)"); + + if (fname.isEmpty()) return; // Cancel - keep working with old file + + loadLibrary( fname.toLatin1().constData() ); + + om->loadObjects(); + showFirewalls( true ); + +// addOnLibs->add( fname.toLatin1().constData() ); +} + + +void FWWindow::fileCompare() +{ + fd->reset(); // fd : find dialog + + QMessageBox initial_question( QMessageBox::Information, "Firewall Builder", + tr("This operation inspects two data files (either .fwb or .fwl) and finds conflicting objects. Conflicting objects have the same internal ID but different attributes. Two data files can not be merged, or one imported into another, if they contain such objects. This operation also helps identify changes made to objects in two copies of the same data file.

    This operation does not find objects present in one file but not in the other, such objects present no problem for merge or import operations.

    This operation works with two external files, neither of which needs to be opened in the program. Currently opened data file is not affected by this operation and objects in the tree do not change.

    Do you want to proceed ?"), + QMessageBox::Yes | QMessageBox::No); + + initial_question.setTextFormat( Qt::RichText ); + if (initial_question.exec() != QMessageBox::Yes) return; + + + QString fname1 = QFileDialog::getOpenFileName( this, + tr("Choose the first file"), + st->getWDir(), + "Firewall Builder 4 (2) files (*.fwb);;FWB Library Files (*.fwl);;All Files (*)"); + + if (fname1.isEmpty()) return; // Cancel + + QString fname2 = QFileDialog::getOpenFileName( this, + tr("Choose the second file"), + st->getWDir(), + "Firewall Builder 4 (2) files (*.fwb);;FWB Library Files (*.fwl);;All Files (*)"); + + if (fname2.isEmpty()) return; // Cancel + + MessageBoxUpgradePredicate upgrade_predicate; + + FWObjectDatabase *db1; + FWObjectDatabase *db2; + FWObject *dobj; + + try + { + db1 = new FWObjectDatabase(); + db1->load(fname1.toLatin1().constData(), &upgrade_predicate, librespath); + + dobj = db1->findInIndex(FWObjectDatabase::getDeletedObjectsId()); + if (dobj) db1->remove(dobj, false); + } catch(FWException &ex) + { + QMessageBox::warning( + this,"Firewall Builder", + tr("Error loading file %1:\n%2"). + arg(fname1).arg(ex.toString().c_str()), + tr("&Continue"), QString::null,QString::null, + 0, 1 ); + return; + } + + try + { + db2 = new FWObjectDatabase(); + db2->load(fname2.toLatin1().constData(), &upgrade_predicate, librespath); + + dobj = db2->findInIndex(FWObjectDatabase::getDeletedObjectsId()); + if (dobj) db2->remove(dobj, false); + } catch(FWException &ex) + { + QMessageBox::warning( + this,"Firewall Builder", + tr("Error loading file %1:\n%2"). + arg(fname2).arg(ex.toString().c_str()), + tr("&Continue"), QString::null,QString::null, + 0, 1 ); + return; + } + + try + { + // CompareObjectsDialog is just like ObjConflictResolutionDialog + // except it always returns 'accepted' and keeps record + // of all object differences so we can print report in the end + + CompareObjectsDialog cod(this); + db1->merge(db2, &cod); + list report = cod.getReport(); + + delete db1; + delete db2; + + ostringstream str; + str << cod.getNumberOfConflicts(); + + QMessageBox mb( QMessageBox::Information, "Firewall Builder", + tr("Total number of conflicting objects: %1.\nDo you want to generate report?").arg(str.str().c_str()), + QMessageBox::Yes | QMessageBox::No); + + if (mb.exec() == QMessageBox::Yes) + { + // save report to a file + + QString destdir = getDestDir(fname1); + + QString fn = QFileDialog::getSaveFileName( this, + tr("Choose name and location for the report file"), + destdir, + tr( "TXT Files (*.txt);;All Files (*)" )); + + if (fwbdebug) + qDebug( QString("Saving report to %1").arg(fn).toAscii().constData() ); + + if (fn.isEmpty() ) return ; // Cancel + + if (!fn.endsWith(".txt")) + { + fn+=".txt"; + } + + QFile report_file(fn); + if (report_file.open(QIODevice::WriteOnly)) + { + QTextStream report_stream(&report_file); + for (list::iterator i=report.begin(); i!=report.end(); ++i) + { + report_stream << *i; + } + report_file.close(); + } else + { + QMessageBox::critical( + this,"Firewall Builder", + tr("Can not open report file for writing. File '%1'").arg(fn), + tr("&Continue"), QString::null,QString::null, + 0, 1 ); + } + + } + + } catch(FWException &ex) + { + QMessageBox::warning( + this,"Firewall Builder", + tr("Unexpected error comparing files %1 and %2:\n%3"). + arg(fname1).arg(fname2).arg(ex.toString().c_str()), + tr("&Continue"), QString::null,QString::null, + 0, 1 ); + } + +} + +void FWWindow::findExternalRefs(FWObject *lib, + FWObject *root, + list &extRefs) +{ + FWReference *ref=FWReference::cast(root); + if (ref!=NULL) + { + FWObject *plib = ref->getPointer()->getLibrary(); + if ( plib->getId()!=STANDARD_LIB && + plib->getId()!=DELETED_LIB && + plib!=lib ) + extRefs.push_back(ref); + return; + } else + { + for (FWObject::iterator i=root->begin(); i!=root->end(); i++) + findExternalRefs(lib, *i, extRefs); + + } +} +bool FWWindow::exportLibraryTest(list &selectedLibs) +{ +/* VERY IMPORTANT: External library file must be self-contained, + * otherwise it can not be exported. + * + * check if selected libraries have references to objects in other + * libraries (not exported to the same file). Exporting such libraries + * pulls in other ones because of these references. This is confusing + * because it means we end up with multiple copies of such objects (in + * exported library file and in user's data file). When user imports + * this library and opens their file, it is impossible to say which + * library an object belongs to. + * + * This is prohibited. We check if exported set of libraries has such + * references and refuse to export it. The user is supposed to clean + * it up by either moving objects into the library they are trying to + * export, or by rearranging objects. The only exception for this is + * library "Standard", which is assumed to be always present so we can + * have references to objects in it. + */ + QApplication::setOverrideCursor( QCursor( Qt::WaitCursor) ); + + list externalRefs; + for (list::iterator i=selectedLibs.begin(); i!=selectedLibs.end(); ++i) + findExternalRefs( *i, *i, externalRefs); + + QApplication::restoreOverrideCursor(); + + if (fwbdebug) qDebug("LibExportDialog::accept externalRefs.size()=%d", + externalRefs.size() ); + +/* + * if externalRefs.size()!=0, then there were some references pointing + * outside of the libraries we export. Some of these references may + * point at other libraries we export, lets find these. + */ + list externalRefs2; + for (list::iterator i=externalRefs.begin(); i!=externalRefs.end(); ++i) + { + FWObject *tgt = (*i)->getPointer(); + FWObject *tgtlib = tgt->getLibrary(); + + if (std::find(selectedLibs.begin(),selectedLibs.end(),tgtlib)!=selectedLibs.end()) continue; + externalRefs2.push_back(*i); + } + + if (externalRefs2.size()!=0) + { + QString objlist = ""; + QString s = ""; + + for (list::iterator i=externalRefs2.begin(); i!=externalRefs2.end(); ++i) + { + FWReference *robj = *i; + FWObject *selLib = robj->getLibrary(); + FWObject *pp = robj->getParent(); + FWObject *tgt = robj->getPointer(); + FWObject *tgtlib = tgt->getLibrary(); + + if (fwbdebug) + { + qDebug("LibExportDialog::accept tgt: %s pp_type: %s lib: %s", + tgt->getName().c_str(), + pp->getTypeName().c_str(), + tgtlib->getName().c_str()); + } + + if (std::find(selectedLibs.begin(),selectedLibs.end(),tgtlib)!=selectedLibs.end()) continue; + + if (RuleElement::cast(pp)!=NULL) + { + FWObject *fw = pp; + FWObject *rule = pp; + FWObject *ruleset = pp; + FWObject *iface = pp; + + while (rule!=NULL && Rule::cast(rule)==NULL) + rule=rule->getParent(); + while (ruleset!=NULL && RuleSet::cast(ruleset)==NULL) + ruleset=ruleset->getParent(); + while (iface!=NULL && Interface::cast(iface)==NULL) + iface=iface->getParent(); + while (fw!=NULL && Firewall::cast(fw)==NULL) + fw=fw->getParent(); + + QString rsname; + if (Policy::cast(ruleset)!=NULL) + { + s = + QObject::tr("Library %1: Firewall '%2' (global policy rule #%3) uses object '%4' from library '%5'") + .arg(selLib->getName().c_str()) + .arg(fw->getName().c_str()) + .arg(Rule::cast(rule)->getPosition()) + .arg(tgt->getName().c_str()) + .arg(tgtlib->getName().c_str()); + } + if (InterfacePolicy::cast(ruleset)!=NULL) + { + QObject::tr("Library %1: Firewall '%2' (interface %3 policy rule #%4) uses object '%5' from library '%6'") + .arg(selLib->getName().c_str()) + .arg(fw->getName().c_str()) + .arg(iface->getName().c_str()) + .arg(Rule::cast(rule)->getPosition()) + .arg(tgt->getName().c_str()) + .arg(tgtlib->getName().c_str()); + } + if (NAT::cast(ruleset)!=NULL) + { + s = + QObject::tr("Library %1: Firewall '%2' (NAT rule #%3) uses object '%4' from library '%5'") + .arg(selLib->getName().c_str()) + .arg(fw->getName().c_str()) + .arg(Rule::cast(rule)->getPosition()) + .arg(tgt->getName().c_str()) + .arg(tgtlib->getName().c_str()); + } + } else + { + s = + QObject::tr("Library %1: Group '%2' uses object '%3' from library '%4'") + .arg(selLib->getName().c_str()) + .arg(pp->getName().c_str()) + .arg(tgt->getName().c_str()) + .arg(tgtlib->getName().c_str()); + } + s = s + "\n"; + + if (fwbdebug) qDebug(s.toAscii().constData()); + + objlist = objlist + s; + } + + longTextDialog ltd( this, + + tr("A library that you are trying to export contains references\n" + "to objects in the other libraries and can not be exported.\n" + "The following objects need to be moved outside of it or\n" + "objects that they refer to moved in it:"), + objlist ); + + ltd.exec(); + return false; + } + return true; +} + +void FWWindow::exportLibraryTo(QString fname,list &selectedLibs, bool rof) +{ + QApplication::setOverrideCursor( QCursor( Qt::WaitCursor) ); + + FWObjectDatabase *ndb = mw->db()->exportSubtree( selectedLibs ); + + QApplication::restoreOverrideCursor(); + + if (rof) + { + for (list::iterator i=selectedLibs.begin(); i!=selectedLibs.end(); ++i) + { + FWObject *nlib= ndb->findInIndex( (*i)->getId() ); + if (nlib && nlib->getId()!=DELETED_LIB) + nlib->setReadOnly( true ); + } + } + + try + { + ndb->saveFile( fname.toLatin1().constData() ); + } + catch (FWException &ex) + { +/* error saving the file. Since XMLTools does not return any useful + * error message in the exception, let's check for obvious problems here + */ + QString err; + if (access( fname.toLatin1().constData(), W_OK)!=0 && errno==EACCES) + err=QObject::tr("File is read-only"); + + QMessageBox::warning( + this,"Firewall Builder", + QObject::tr("Error saving file %1: %2") + .arg(fname).arg(err), + "&Continue", QString::null, QString::null, + 0, 1 ); + } +} + +void FWWindow::fileExport() +{ + LibExportDialog ed; + list selectedLibs; + map::iterator i; + QString path=""; + int lib_idx = -1; + do + { + if (ed.exec()!=QDialog::Accepted) return; + + QList selitems = ed.m_dialog->libs->selectedItems(); + + for (i=ed.mapOfLibs.begin(); i!=ed.mapOfLibs.end(); i++) + if (selitems.contains(ed.m_dialog->libs->item(i->first))) + selectedLibs.push_back(i->second); + + lib_idx=ed.m_dialog->libs->currentRow (); + + if (lib_idx<0 || selectedLibs.size()==0) + { + QMessageBox::critical( + this,"Firewall Builder", + tr("Please select a library you want to export."), + "&Continue", QString::null,QString::null, + 0, 1 ); + + return; + } + } while (!exportLibraryTest(selectedLibs)); + + FWObject *selLib = ed.mapOfLibs[ lib_idx ]; + path=st->getWDir()+QString::fromUtf8(selLib->getName().c_str())+".fwl"; + + fd->reset(); + QString fname; + fname = QFileDialog::getSaveFileName( + this, + "Choose a filename to save under", + path, + "Firewall Builder 2 files (*.fwl)"); + + if (fname.isEmpty()) return; + if (QFile::exists(fname) && + QMessageBox::warning( + this,"Firewall Builder", + tr("The file %1 already exists.\nDo you want to overwrite it ?") + .arg(fname), + tr("&Yes"), tr("&No"), QString::null, + 0, 1 )==1 ) return; + exportLibraryTo(fname,selectedLibs,ed.m_dialog->exportRO->isChecked()); +} + +void FWWindow::showFirewalls(bool open_first_firewall) +{ + if (fwbdebug) qDebug("FWWindow::showFirewalls"); + + list fl; + findFirewalls(db(), fl); + fl.sort(FWObjectNameCmpPredicate()); + + firewalls.clear(); + m_mainWindow->fwList->clear(); + clearFirewallTabs(); + ruleSetViews.clear(); + m_mainWindow->firewallName->setText(""); + + m_mainWindow->insertRuleAction->setEnabled( fl.size()!=0 ); + m_mainWindow->moveRuleAction->setEnabled( fl.size()!=0 ); + m_mainWindow->moveRuleUpAction->setEnabled( fl.size()!=0 ); + m_mainWindow->moveRuleDownAction->setEnabled( fl.size()!=0 ); + m_mainWindow->addRuleAfterCurrentAction->setEnabled( fl.size()!=0 ); + m_mainWindow->removeRuleAction->setEnabled( fl.size()!=0 ); + m_mainWindow->copyRuleAction->setEnabled( fl.size()!=0 ); + m_mainWindow->cutRuleAction->setEnabled( fl.size()!=0 ); + m_mainWindow->pasteRuleAboveAction->setEnabled( fl.size()!=0 ); + m_mainWindow->pasteRuleBelowAction->setEnabled( fl.size()!=0 ); + + m_mainWindow->compileAction->setEnabled( fl.size()!=0 ); + m_mainWindow->installAction->setEnabled( fl.size()!=0 ); + + if (fl.size()==0) + { + m_mainWindow->fwList->addItem( noFirewalls ); + return; + } + + for (list::iterator m=fl.begin(); m!=fl.end(); m++) + addFirewallToList( *m ); + + if (open_first_firewall) + { + m_mainWindow->fwList->setCurrentIndex( 0 ); + openFirewall( 0 ); + } + if (fwbdebug) qDebug("end of FWWindow::showFirewalls"); +} + +int FWWindow::findFirewallInList(FWObject *f) +{ + vector::iterator i; + int n=0; + for (i=firewalls.begin(); i!=firewalls.end(); i++,n++) + { + if ( (*i)->getId()==f->getId() ) return n; + } + return -1; +} + +void FWWindow::addFirewallToList(FWObject *o) +{ + QString icn_filename = + ( ":/Icons/"+o->getTypeName()+"icon-tree" ).c_str(); + + int n=m_mainWindow->fwList->count(); + + if (fwbdebug) qDebug("FWWindow::addFirewallToList %d %p %s", + n, o, o->getName().c_str() ); + + if (m_mainWindow->fwList->currentText() == noFirewalls ) + { + m_mainWindow->fwList->removeItem(0); + } + + QPixmap pm; + if ( ! QPixmapCache::find( icn_filename, pm) ) + { + pm.load( icn_filename ); + QPixmapCache::insert( icn_filename, pm); + } + m_mainWindow->fwList->addItem( pm, QString::fromUtf8(o->getName().c_str()) ); + + firewalls.push_back(o); + + m_mainWindow->fwList->setCurrentIndex( n ); +// openFirewall( n ); +} + +void FWWindow::removeFirewallFromList(FWObject *o) +{ + if (fwbdebug) qDebug("FWWindow::removeFirewallFromList %p %s", + o, o->getName().c_str() ); + + vector::iterator i; + int n=0; + for (i=firewalls.begin(); i!=firewalls.end(); i++,n++) + { + if ( (*i)->getId()==o->getId() ) + { + m_mainWindow->fwList->removeItem(n); + firewalls.erase( i ); + break; + } + } +} + +void FWWindow::ensureObjectVisibleInRules(FWReference *obj) +{ + FWObject *p=obj; + while (p && Firewall::cast(p)==NULL ) p=p->getParent(); + if (p==NULL) return; // something is broken + + if (p!=getVisibleFirewall()) showFirewall(p); + + p=obj; + + while (p && RuleSet::cast(p)==NULL ) p=p->getParent(); + if (p==NULL) return; // something is broken + + RuleSetView *rsv = ruleSetViews[p]; + + if (rsv==NULL) + { + if (fwbdebug) + qDebug("FWWindow::ensureObjectVisible : orphan rule set found"); + return; + } + + m_mainWindow->ruleSets->setCurrentIndex( + m_mainWindow->ruleSets->indexOf(rsv)); + rsv->selectRE( obj ); +} + +void FWWindow::updateRuleSetViewSelection() +{ + RuleSetView* rv=dynamic_cast(m_mainWindow->ruleSets->currentWidget()); + if (rv!=NULL) + rv->repaintSelection(); +} + +void FWWindow::updateTreeViewItemOrder() +{ + //this is for case when tree becomes to be resorted + //if we do not reopen parent item, some of child + //items mix incorrectly (maybe bug of QT?) + om->reopenCurrentItemParent(); +} + +void FWWindow::updateRuleSetView() +{ +// ruleSets->repaint(); + RuleSetView* rv=dynamic_cast(m_mainWindow->ruleSets->currentWidget()); + if (rv!=NULL) rv->updateAll(); +} + +void FWWindow::updateRuleOptions() +{ + RuleSetView* rv=dynamic_cast(m_mainWindow->ruleSets->currentWidget()); + if (rv!=NULL) rv->updateCurrentCell(); +} + +void FWWindow::updateFirewallName(FWObject *obj,const QString &) +{ + if (fwbdebug) qDebug("FWWindow::updateFirewallName "); + + QString icn_filename = + Resources::global_res->getObjResourceStr(obj, "icon-tree").c_str(); + + vector::iterator i; + int n = 0; + for (i=firewalls.begin(); i!=firewalls.end(); i++,n++) + { + if ( (*i)->getId()==obj->getId()) + { + QPixmap pm; + if ( ! QPixmapCache::find( icn_filename, pm) ) + { + pm.load( icn_filename ); + QPixmapCache::insert( icn_filename, pm); + } + m_mainWindow->fwList->setItemIcon( n, QIcon(pm) ); + m_mainWindow->fwList->setItemText( n, + QString::fromUtf8(obj->getName().c_str())); + if (n==m_mainWindow->fwList->currentIndex ()) + m_mainWindow->firewallName->setText(QString::fromUtf8(obj->getName().c_str())); + return; + } + } +} + +void FWWindow::deleteFirewall(FWObject *fw) +{ + if (fwbdebug) qDebug("FWWindow::deleteFirewall - fw %s %s", + fw->getName().c_str(), fw->getId().c_str()); + + removeFirewallFromList(fw); + if (visibleFirewall==fw) visibleFirewall=NULL; +} + +void FWWindow::setPolicyBranchTabName(RuleSet *subset) +{ + assert(subset!=NULL); + PolicyRule *rule = PolicyRule::cast(subset->getParent()); + RuleSetView *rsv = ruleSetViews[subset]; + assert(rsv); + FWOptions *ropt = rule->getOptionsObject(); + QString branchName = ropt->getStr("branch_name").c_str(); + m_mainWindow->ruleSets->setTabText(m_mainWindow->ruleSets->indexOf(rsv), + tr("%1").arg(branchName) ); +} + +void FWWindow::addPolicyBranchTab(RuleSet *subset) +{ + assert(subset!=NULL); + + PolicyRule *rule = PolicyRule::cast(subset->getParent()); + FWOptions *ropt = rule->getOptionsObject(); + QString branchName = ropt->getStr("branch_name").c_str(); + + QStatusBar *sb = statusBar(); + sb->showMessage( tr("Building branch policy view '%1'...").arg(branchName) ); + QApplication::processEvents(QEventLoop::ExcludeUserInputEvents,1000); + if (fwbdebug) qDebug("FWWindow::reopenFirewall() adding branch tab"); + +// if (subset==NULL) +// { +// subset = new Policy(); +// rule->add(subset); +// } + if (ruleSetViews.count(subset)==0) + { + RuleSetView *rsv = new PolicyView(Policy::cast(subset),NULL); + m_mainWindow->ruleSets->addTab(rsv,"Branch"); // temporary name + ruleSetViews[subset]=rsv; + } + setPolicyBranchTabName(subset); + + for (FWObject::iterator i=subset->begin(); i!=subset->end(); i++) + { + PolicyRule *srule = PolicyRule::cast(*i); + if (srule->getAction() == PolicyRule::Branch) + addPolicyBranchTab(srule->getBranch()); + } + +} + +void FWWindow::removePolicyBranchTab(RuleSet *subset) +{ + if (subset==NULL) return; + RuleSetView *rsv = ruleSetViews[subset]; + assert(rsv); + m_mainWindow->ruleSets->removeTab(m_mainWindow->ruleSets->indexOf(rsv)); + ruleSetViews.erase(subset); +} + +void FWWindow::scheduleRuleSetRedraw() +{ + if (!ruleSetRedrawPending) + { + ruleSetRedrawPending = true; + QTimer::singleShot( 0, this, SLOT(redrawRuleSets()) ); + } +} + +void FWWindow::redrawRuleSets() +{ + ruleSetRedrawPending = false; + reopenFirewall(); +} + +void FWWindow::reopenFirewall() +{ + if (fwbdebug) qDebug("FWWindow::reopenFirewall()"); + + if (ruleSetRedrawPending) return; + + int currentPage = m_mainWindow->ruleSets->currentIndex(); + + changingTabs=true; + + clearFirewallTabs(); + ruleSetViews.clear(); + + if (firewalls.size()==0 || visibleFirewall==NULL) + { + changingTabs=false; + return; + } + + QStatusBar *sb = statusBar(); + sb->showMessage( tr("Building policy view...") ); + QApplication::processEvents(QEventLoop::ExcludeUserInputEvents,100); + if (fwbdebug) qDebug("FWWindow::reopenFirewall() adding Policy tab"); + + RuleSetView *rsv; + Policy *pol=Policy::cast(visibleFirewall->getFirstByType(Policy::TYPENAME)); + m_mainWindow->ruleSets->addTab( rsv=new PolicyView(pol,NULL) , tr("Policy") ); + ruleSetViews[pol]=rsv; + +// let the GUI process events to display new tab + QApplication::processEvents(QEventLoop::ExcludeUserInputEvents,100); + +// as of 2.1.5 we have rule branches :-) +// so far branches are only supported in policy rules because only there +// we have action which we use to define branching rules + + for (FWObject::iterator i=pol->begin(); i!=pol->end(); i++) + { + PolicyRule *rule = PolicyRule::cast(*i); + if (rule->getAction() == PolicyRule::Branch) + addPolicyBranchTab(rule->getBranch()); + } + +// let the GUI process events to display new tab(s) + QApplication::processEvents(QEventLoop::ExcludeUserInputEvents,100); + + if (Resources::getTargetCapabilityBool(visibleFirewall->getStr("platform"), + "supports_nat")) + { + sb->showMessage( tr("Building NAT view...") ); + QApplication::processEvents(QEventLoop::ExcludeUserInputEvents,100); + if (fwbdebug) qDebug("FWWindow::reopenFirewall() adding NAT tab"); + + NAT *nat = NAT::cast(visibleFirewall->getFirstByType(NAT::TYPENAME)); + m_mainWindow->ruleSets->addTab( rsv=new NATView(nat,NULL) , tr("NAT") ); + ruleSetViews[nat]=rsv; + } + +// let the GUI process events to display new tab + QApplication::processEvents(QEventLoop::ExcludeUserInputEvents,100); + + if (Resources::getTargetCapabilityBool(visibleFirewall->getStr("host_OS"), + "supports_routing")) + { + sb->showMessage( tr("Building routing view...") ); + QApplication::processEvents(QEventLoop::ExcludeUserInputEvents,100); + if (fwbdebug) qDebug("FWWindow::reopenFirewall() adding Routing tab"); + + Routing *r = Routing::cast(visibleFirewall->getFirstByType(Routing::TYPENAME)); + m_mainWindow->ruleSets->addTab( rsv=new RoutingView(r,NULL) , tr("Routing") ); + ruleSetViews[r]=rsv; + } + + sb->clearMessage(); + QApplication::processEvents(QEventLoop::ExcludeUserInputEvents,100); + if (fwbdebug) qDebug("FWWindow::reopenFirewall() all tabs are done"); + + m_mainWindow->ruleSets->setCurrentIndex( currentPage ); + + changingTabs=false; + + m_mainWindow->insertRuleAction->setEnabled( true ); + m_mainWindow->moveRuleAction->setEnabled( true ); + m_mainWindow->moveRuleUpAction->setEnabled( true ); + m_mainWindow->moveRuleDownAction->setEnabled( true ); + m_mainWindow->addRuleAfterCurrentAction->setEnabled( false ); + m_mainWindow->removeRuleAction->setEnabled( false ); + m_mainWindow->copyRuleAction->setEnabled( false ); + m_mainWindow->cutRuleAction->setEnabled( false ); + m_mainWindow->pasteRuleAboveAction->setEnabled( false ); + m_mainWindow->pasteRuleBelowAction->setEnabled( false ); + + m_mainWindow->compileAction->setEnabled( true ); + m_mainWindow->installAction->setEnabled( true ); + + m_mainWindow->ruleSets->show(); +} + +void FWWindow::showFirewall(FWObject *obj) +{ + if (firewalls.size()>0) + { + vector::iterator i; + int n=0; + for (i=firewalls.begin(); i!=firewalls.end(); i++,n++) + { + if ( (*i)->getId()==obj->getId() ) + { + m_mainWindow->fwList->setCurrentIndex( n ); + openFirewall( n ); + return; + } + } + } +} + +void FWWindow::openFirewall( int idx ) +{ + if (fwbdebug) + qDebug("FWWindow::openFirewall"); + + if (firewalls.size()>0) + { + if (!oe->isVisible() || + requestEditorOwnership(NULL,NULL,ObjectEditor::optNone,true)) + { + oe->blank(); + FWObject *fw = firewalls[idx]; + showFirewallRuleSets(fw); + visibleFirewall = fw; + om->openObject(fw); + lastFirewallIdx=idx; + } else + m_mainWindow->fwList->setCurrentIndex( lastFirewallIdx ); + } else + visibleFirewall = NULL; +} + +void FWWindow::showFirewallRuleSets( FWObject *fw ) +{ + if (fwbdebug) + qDebug("FWWindow::showFirewallRuleSets"); + + if (fw==NULL) return; + + visibleFirewall = fw; + findObjectWidget->firewallOpened(Firewall::cast(fw)); + m_mainWindow->firewallName->setText(QString::fromUtf8(fw->getName().c_str())); + scheduleRuleSetRedraw(); + //reopenFirewall(); +} + +void FWWindow::selectRules() +{ +// om->unselect(); + + m_mainWindow->insertRuleAction->setEnabled( true ); + m_mainWindow->moveRuleAction->setEnabled( true ); + m_mainWindow->moveRuleUpAction->setEnabled( true ); + m_mainWindow->moveRuleDownAction->setEnabled( true ); + m_mainWindow->addRuleAfterCurrentAction->setEnabled( true ); + m_mainWindow->removeRuleAction->setEnabled( true ); + m_mainWindow->copyRuleAction->setEnabled( true ); + m_mainWindow->cutRuleAction->setEnabled( true ); + m_mainWindow->pasteRuleAboveAction->setEnabled( true ); + m_mainWindow->pasteRuleBelowAction->setEnabled( true ); + + m_mainWindow->compileAction->setEnabled( true ); + m_mainWindow->installAction->setEnabled( true ); + + RuleSetView* rv=dynamic_cast(m_mainWindow->ruleSets->currentWidget()); + rv->setFocus(); +} + +void FWWindow::unselectRules() +{ + bool havePolicies = (m_mainWindow->ruleSets->count()!=0); + +/* commented this out so that when I hit "Edit" in the object's pop-down + * menu in a rule, ruleset wont lose focus when object editor is opened. + * If rule set loses focus, the object's background turns from "selected" color + * to white and user loses context (which object is shown in the object editor) + */ + if (havePolicies) + { + RuleSetView* rv=dynamic_cast(m_mainWindow->ruleSets->currentWidget()); + + if (rv && rv->getSelectedObject()!=om->getSelectedObject()) + { + rv->unselect(); + rv->clearFocus(); + } + } + + m_mainWindow->insertRuleAction->setEnabled( havePolicies ); // enabled if there are policies + m_mainWindow->moveRuleAction->setEnabled( false ); + m_mainWindow->moveRuleUpAction->setEnabled( false ); + m_mainWindow->moveRuleDownAction->setEnabled( false ); + m_mainWindow->addRuleAfterCurrentAction->setEnabled( false ); + m_mainWindow->removeRuleAction->setEnabled( false ); + m_mainWindow->copyRuleAction->setEnabled( false ); + m_mainWindow->cutRuleAction->setEnabled( false ); + m_mainWindow->pasteRuleAboveAction->setEnabled( false ); + m_mainWindow->pasteRuleBelowAction->setEnabled( false ); + + m_mainWindow->compileAction->setEnabled( havePolicies ); + m_mainWindow->installAction->setEnabled( havePolicies ); + +} + +void FWWindow::editCopy() +{ + if (om->isSelected()) om->copyObj(); + else + if (m_mainWindow->ruleSets->count()!=0) + dynamic_cast(m_mainWindow->ruleSets->currentWidget())->copySelectedObject(); +} + +void FWWindow::editCut() +{ + if (om->isSelected()) om->cutObj(); + else + if (m_mainWindow->ruleSets->count()!=0) + dynamic_cast(m_mainWindow->ruleSets->currentWidget())->cutSelectedObject(); +} + +void FWWindow::editDelete() +{ + if (om->isSelected()) om->deleteObj(); + //else + // if (ruleSets->count()!=0) + // dynamic_cast(m_mainWindow->ruleSets->currentWidget())->deleteSelectedObject(); +} + +void FWWindow::editPaste() +{ + if (om->isSelected()) om->pasteObj(); + else + if (m_mainWindow->ruleSets->count()!=0) + dynamic_cast(m_mainWindow->ruleSets->currentWidget())->pasteObject(); +} + +void FWWindow::editPrefs() +{ + PrefsDialog pd(this); + pd.exec(); +} + +void FWWindow::closeEvent( QCloseEvent * ev) +{ + if (saveIfModified() && checkin(true)) + { + if (rcs) delete rcs; + } else + { + ev->ignore(); + return; + } + QMainWindow::closeEvent(ev); +// emit closed(); +} + +void FWWindow::compile() +{ + if (fwbdebug) qDebug("FWWindow::compile"); + + if (oe->isVisible() && + !requestEditorOwnership(NULL,NULL,ObjectEditor::optNone,true)) + return; + + fileSave(); + + std::set emp; + + instd = new instDialog(NULL,BATCH_COMPILE,emp); + instd->show(); + +// id->exec(); +// delete id; +} + +void FWWindow::compile(set vf) +{ + if (fwbdebug) + qDebug("FWWindow::compile preselected %d firewalls",vf.size()); + + if (oe->isVisible() && + !requestEditorOwnership(NULL,NULL,ObjectEditor::optNone,true)) + return; + + fileSave(); + + instDialog *id = new instDialog(NULL,BATCH_COMPILE,vf); + + instd = id; + instd->show(); + +// id->exec(); +// delete id; +} + +void FWWindow::install(set vf) +{ + instDialog *id=new instDialog(NULL,BATCH_INSTALL, vf); + + instd = id; + instd->show(); + +// id->exec(); +// delete id; +} + +void FWWindow::install() +{ + std::set emp; + instd = new instDialog(NULL, BATCH_INSTALL, emp); + + instd->show(); + +// id->exec(); +// delete id; +} + +/* + * info styles go like this: + * 0 - collapsed + * 1 - opened + * 2 - opened, more information + * etc. + * + */ +void FWWindow::changeInfoStyle() +{ + shownInInfo = NULL; + switch (st->getInfoStyle()) + { + case 0: + st->setInfoStyle(1); + oi->show(); + break; + case 1: + st->setInfoStyle(2); + oi->show(); + break; + case 2: + st->setInfoStyle(0); + oi->hide(); + break; + } + +/* TODO: now need to send signal to the dialog telling it to change + * according to the style + */ + + om->info(); +} + +void FWWindow::insertRule() +{ + if (visibleFirewall==NULL || m_mainWindow->ruleSets->count()==0) return; + dynamic_cast(m_mainWindow->ruleSets->currentWidget())->insertRule(); +} + +void FWWindow::addRuleAfterCurrent() +{ + if (visibleFirewall==NULL || m_mainWindow->ruleSets->count()==0) return; + dynamic_cast(m_mainWindow->ruleSets->currentWidget())->addRuleAfterCurrent(); +} + +void FWWindow::removeRule() +{ + if (visibleFirewall==NULL || m_mainWindow->ruleSets->count()==0) return; + dynamic_cast(m_mainWindow->ruleSets->currentWidget())->removeRule(); +} + +void FWWindow::moveRule() +{ + if (visibleFirewall==NULL || m_mainWindow->ruleSets->count()==0) return; + dynamic_cast(m_mainWindow->ruleSets->currentWidget())->moveRule(); +} + +void FWWindow::moveRuleUp() +{ + if (visibleFirewall==NULL || m_mainWindow->ruleSets->count()==0) return; + dynamic_cast(m_mainWindow->ruleSets->currentWidget())->moveRuleUp(); +} + +void FWWindow::moveRuleDown() +{ + if (visibleFirewall==NULL || m_mainWindow->ruleSets->count()==0) return; + dynamic_cast(m_mainWindow->ruleSets->currentWidget())->moveRuleDown(); +} + +void FWWindow::copyRule() +{ + if (visibleFirewall==NULL || m_mainWindow->ruleSets->count()==0) return; + dynamic_cast(m_mainWindow->ruleSets->currentWidget())->copyRule(); +} + +void FWWindow::cutRule() +{ + if (visibleFirewall==NULL || m_mainWindow->ruleSets->count()==0) return; + dynamic_cast(m_mainWindow->ruleSets->currentWidget())->cutRule(); +} + +void FWWindow::pasteRuleAbove() +{ + if (visibleFirewall==NULL || m_mainWindow->ruleSets->count()==0) return; + dynamic_cast(m_mainWindow->ruleSets->currentWidget())->pasteRuleAbove(); +} + +void FWWindow::pasteRuleBelow() +{ + if (visibleFirewall==NULL || m_mainWindow->ruleSets->count()==0) return; + dynamic_cast(m_mainWindow->ruleSets->currentWidget())->pasteRuleBelow(); +} + +void FWWindow::search() +{ + findWhereUsedWidget->hide(); + m_mainWindow->auxiliaryPanel->show(); + findObjectWidget->show(); +} + +void FWWindow::findWhereUsed(FWObject * obj) +{ + findObjectWidget->hide(); + m_mainWindow->auxiliaryPanel->show(); + findWhereUsedWidget->find(obj); +} + +void FWWindow::showEvent( QShowEvent *ev) +{ + QString val = st->getStr("Layout/MainWindowSplitter"); + if (!val.isEmpty()) + { + int w1 = val.section(',',0,0).toInt(); + int w2 = val.section(',',1,1).toInt(); + + QList sl; + sl.push_back(w1); + sl.push_back(w2); + m_mainWindow->mainSplitter->setSizes( sl ); + } + + val = st->getStr("Layout/ObjInfoSplitter"); + if (!val.isEmpty()) + { + int w1 = val.section(',',0,0).toInt(); + int w2 = val.section(',',1,1).toInt(); + + QList sl; + sl.push_back(w1); + sl.push_back(w2); + m_mainWindow->objInfoSplitter->setSizes( sl ); + } + + st->restoreGeometry(this, QRect(100,100,750,600) ); + QMainWindow::showEvent(ev); +} + +void FWWindow::hideEvent( QHideEvent *ev) +{ + st->saveGeometry(this); + QList sl = m_mainWindow->mainSplitter->sizes(); + QString arg = QString("%1,%2").arg(sl[0]).arg(sl[1]); + st->setStr("Layout/MainWindowSplitter", arg ); + + sl = m_mainWindow->objInfoSplitter->sizes(); + arg = QString("%1,%2").arg(sl[0]).arg(sl[1]); + st->setStr("Layout/ObjInfoSplitter", arg ); + + QMainWindow::hideEvent(ev); +} + +void FWWindow::newObject() +{ + om->newObject(); +} + +void FWWindow::lockObject() +{ + om->lockObject(); +} + +void FWWindow::unlockObject() +{ + om->unlockObject(); +} + +void FWWindow::prepareObjectMenu() +{ + ObjectTreeView* otv =om->getCurrentObjectTree(); + m_mainWindow->ObjectUnlockAction->setEnabled(otv->isUnlockable()); + m_mainWindow->ObjectLockAction->setEnabled(otv->isLockable()); +} + + +void FWWindow::setupAutoSave() +{ + if ( st->getBool("Environment/autoSaveFile") && + rcs!=NULL && rcs->getFileName()!="") + { + int p = st->getInt("Environment/autoSaveFilePeriod"); + autosaveTimer->start( p*1000*60 ); + connect( autosaveTimer, SIGNAL(timeout()), this, SLOT(fileSave()) ); + } else + autosaveTimer->stop(); +} + +QString FWWindow::getCurrentFileName() +{ + if (rcs!=NULL) return rcs->getFileName(); + return ""; +} + +RCS * FWWindow::getRCS() +{ + return rcs; +} + +void FWWindow::findObject(FWObject *o) +{ + findWhereUsedWidget->hide(); + if (fwbdebug) qDebug("FWWindow::findObject"); + findObjectWidget->findObject(o); + m_mainWindow->auxiliaryPanel->show(); + +} + +void FWWindow::closeAuxiliaryPanel() +{ + m_mainWindow->auxiliaryPanel->hide(); +} + +void FWWindow::closeEditorPanel() +{ + m_mainWindow->objectEditorFrame->hide(); +} + +void FWWindow::openEditorPanel() +{ + m_mainWindow->objectEditorFrame->show(); +} + +void FWWindow::ruleSetTabChanged(int tab) +{ + QWidget *w = m_mainWindow->ruleSets->widget(tab); + + if (fwbdebug) + qDebug("FWWindow::ruleSetTabChanged: w=%p ruleSetTabIndex=%d changingTabs=%d", + w,ruleSetTabIndex,changingTabs); + + if (changingTabs) return; + + if (!oe->isVisible()) + { + ruleSetTabIndex = tab; + return; + } + + RuleSetView* rv=dynamic_cast(m_mainWindow->ruleSets->currentWidget()); + + if ((ruleSetTabIndex != m_mainWindow->ruleSets->indexOf(w)) && + !requestEditorOwnership(rv,NULL,ObjectEditor::optNone,true)) + { + // this causes recursive call to ruleSetTabChanged + changingTabs = true; + m_mainWindow->ruleSets->setCurrentIndex(ruleSetTabIndex); + changingTabs = false; + return; + } + ruleSetTabIndex = tab; + rv->editSelected(); +// rollBackSelectionDifferentWidget(); // make widget reopen the same object +} + +/* + * reset tab via callback because calling setCurrentPage from + * ruleSetTabChanged causes recursive call to ruleSetTabChanged + */ +void FWWindow::restoreRuleSetTab() +{ + if (fwbdebug) qDebug("FWWindow::restoreRuleSetTab()"); + m_mainWindow->ruleSets->setCurrentIndex(ruleSetTabIndex); +} + +void FWWindow::releaseEditor() +{ + disconnect( SIGNAL(restoreSelection_sign(bool)) ); +} + +void FWWindow::connectEditor(QWidget *w) +{ + connect(this, + SIGNAL(restoreSelection_sign(bool)), + w, + SLOT(restoreSelection(bool))); +} + +/* + * w - widget that requests editor ownership (ruleset view or tree) + * obj - object to be opened in the editor + * otype - editor type in case obj is a rule + * validate - validate and save editor contents + * + * if w==NULL, then request is done by the same widget that owns editor. + * just need to run validateAndSave and return result + * + * if obj==NULL, then no new object is to be opened in the editor + * + */ +bool FWWindow::requestEditorOwnership(QWidget *w, + FWObject *obj, + ObjectEditor::OptType otype, + bool validate) +{ + if (!oe->isVisible()) return false; + + if(obj==oe->getOpened() && + otype==oe->getOpenedOpt() && + w == editorOwner ) + { + releaseEditor(); + editorOwner = w; + connectEditor(editorOwner); + return true; + } + + if (validate && !oe->validateAndSave()) + { + /* + * roll back selection in the widget that currently + * owns the editor. Signal restoreSelection_sign + * is still connected to the previous owner + */ + if (w == editorOwner ) + QTimer::singleShot( 0, this, SLOT(rollBackSelectionSameWidget()) ); + else + QTimer::singleShot( 0, this, SLOT(rollBackSelectionDifferentWidget()) ); + return false; + } + + if (w) + { + releaseEditor(); + editorOwner = w; + connectEditor(editorOwner); + } + return true; +} + + +void FWWindow::rollBackSelectionSameWidget() +{ + editorOwner->setFocus(); + emit restoreSelection_sign(true); +} + +void FWWindow::rollBackSelectionDifferentWidget() +{ + editorOwner->setFocus(); + emit restoreSelection_sign(false); +} + +void FWWindow::editFind() +{ +} + +void FWWindow::editRedo() +{ +} + +void FWWindow::editUndo() +{ +} + +void FWWindow::helpContents() +{ +} + +void FWWindow::helpContentsAction() +{ +} + +void FWWindow::helpIndex() +{ +} diff --git a/src/gui/FWWindow.h b/src/gui/FWWindow.h new file mode 100644 index 000000000..4152e4f0b --- /dev/null +++ b/src/gui/FWWindow.h @@ -0,0 +1,283 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: FWWindow.h,v 1.80 2007/06/13 02:58:48 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __FWWINDOW_H_ +#define __FWWINDOW_H_ + +#include +#include "RCS.h" +#include "ObjectEditor.h" +#include "FindObjectWidget.h" +#include "FindWhereUsedWidget.h" + +#include "fwbuilder/FWObject.h" + +#include +#include +#include +#include + +#include +#include + +namespace libfwbuilder { + class FWObjectDatabase; + class Firewall; + class PolicyRule; + class RuleSet; +}; + +class QTabWidget; +class RuleSetView; +class QTimer; +class QPrinter; + +class FWWindow : public QMainWindow { + + Q_OBJECT + + RCS *rcs; + bool systemFile; + bool editingStandardLib; + bool editingTemplateLib; + bool changingTabs; + bool safeMode; + bool ruleSetRedrawPending; + + QString startupFileName; + + std::vector firewalls; + std::map ruleSetViews; + int ruleSetTabIndex; + + libfwbuilder::FWObject *visibleFirewall; + libfwbuilder::FWObjectDatabase *objdb; + libfwbuilder::FWObject *shownInInfo; + + QWidget *editorOwner; + QWidget *instd; + + QTimer *autosaveTimer; + QTimer *instDialogOnScreenTimer; + QString noFirewalls; + QPrinter *printer; + libfwbuilder::FWObject *searchObject; + libfwbuilder::FWObject *replaceObject; + int lastFirewallIdx; + + void clearFirewallTabs(); + + public slots: + + virtual void search(); + + virtual void openFirewall( int idx ); + virtual void reopenFirewall(); + virtual void redrawRuleSets(); + virtual void deleteFirewall(libfwbuilder::FWObject *fw); + virtual void changeInfoStyle(); + virtual void ruleSetTabChanged(int tab); + virtual void restoreRuleSetTab(); + + virtual void editFind(); + virtual void editRedo(); + virtual void editUndo(); + virtual void helpContents(); + virtual void helpContentsAction(); + virtual void helpIndex(); + + virtual void fileNew(); + virtual void fileOpen(); + virtual void fileClose(); + virtual void fileSave(); + virtual void fileSaveAs(); + virtual void fileDiscard(); + virtual void fileCommit(); + virtual void fileImport(); + virtual void fileExport(); + virtual void filePrint(); + virtual void fileExit(); + virtual void fileProp(); + virtual void fileAddToRCS(); + virtual void fileCompare(); + virtual void editCopy(); + virtual void editCut(); + virtual void editDelete(); + virtual void editPaste(); + virtual void editPrefs(); + virtual void importPolicy(); + + virtual void startupLoad(); + + virtual void helpAbout(); + virtual void debug(); + + virtual void compile(std::set vf); + virtual void compile(); + virtual void install(std::set vf); + virtual void install(); + + virtual void insertRule(); + virtual void addRuleAfterCurrent(); + virtual void moveRule(); + virtual void moveRuleUp(); + virtual void moveRuleDown(); + virtual void removeRule(); + + virtual void copyRule(); + virtual void cutRule(); + virtual void pasteRuleAbove(); + virtual void pasteRuleBelow(); + + virtual void newObject(); + virtual void lockObject(); + virtual void unlockObject(); + virtual void prepareObjectMenu(); + virtual void toolsDiscoveryDruid(); + virtual void closeAuxiliaryPanel(); + virtual void closeEditorPanel(); + virtual void openEditorPanel(); + + virtual void rollBackSelectionSameWidget(); + virtual void rollBackSelectionDifferentWidget(); + + virtual void killInstDialog(); + + signals: + void restoreSelection_sign(bool same_widget); + + public: + Ui::FWBMainWindow_q *m_mainWindow; + + FindObjectWidget *findObjectWidget; + FindWhereUsedWidget *findWhereUsedWidget; + + FWWindow(); + ~FWWindow(); + + virtual void closeEvent( QCloseEvent * ); + RCS * getRCS(); + + void load(QWidget *dialogs_parent,RCS *rcs); + void load(QWidget *dialogs_parent); + void loadLibrary(const std::string &libfpath); + void save(); + bool checkin(bool unlock); + void showFirewalls(bool open_first_firewall=true); + void showFirewall(libfwbuilder::FWObject *f); + void addFirewallToList(libfwbuilder::FWObject *f); + void removeFirewallFromList(libfwbuilder::FWObject *f); + int findFirewallInList(libfwbuilder::FWObject *f); + void updateTreeViewItemOrder(); + + bool editingLibrary(); + + void ensureObjectVisibleInRules(libfwbuilder::FWReference *obj); + + QString chooseNewFileName(const QString &fname, + bool checkPresence, const QString &title); + void setFileName(const QString &fname); + + bool saveIfModified(); + + void showFirewallRuleSets( libfwbuilder::FWObject *fw ); + + void updateFirewallName(libfwbuilder::FWObject *obj,const QString &oldName); + void updateRuleSetView(); + void updateRuleOptions(); + void updateRuleSetViewSelection(); + + /** + * unselects whatever is selected in policy + */ + void unselectRules(); + + /** + * selects whatever is current in rules + */ + void selectRules(); + + libfwbuilder::FWObjectDatabase* db() { return objdb; } + + libfwbuilder::FWObject* getVisibleFirewall() { return visibleFirewall; } + QString getCurrentFileName(); + + void info(libfwbuilder::FWObject *o, bool forced = false); + + void setupAutoSave(); + void findObject(libfwbuilder::FWObject *); + void findWhereUsed(libfwbuilder::FWObject *); + RuleSetView* getRuleSetViews(libfwbuilder::FWObject *o) + {return ruleSetViews[o];}; + + void addPolicyBranchTab(libfwbuilder::RuleSet *subset); + void removePolicyBranchTab(libfwbuilder::RuleSet *subset); + void setPolicyBranchTabName(libfwbuilder::RuleSet *subset); + + /** + * panel that wants to open an object in the editor + * uses this method to request permission to do so and + * to register itself as an owner of the editor + */ + bool requestEditorOwnership(QWidget *w, + libfwbuilder::FWObject *o, + ObjectEditor::OptType otype, + bool validate = true); + void releaseEditor(); + void connectEditor(QWidget *w); + bool exportLibraryTest(std::list &selectedLibs); + void exportLibraryTo(QString fname,std::list &selectedLibs, bool rof); + + void findExternalRefs(libfwbuilder::FWObject *lib, + libfwbuilder::FWObject *root, + std::list &extRefs); + + void setSafeMode(bool f) { safeMode=f; } + void setStartupFileName(const QString &fn) { startupFileName = fn; } + + void scheduleRuleSetRedraw(); + + // semi-intelligent way to guess most appropriate + // destination directory for various file save or file open + // operations. If working directory is configured in + // preferences, then getDestDir returns that. If it is not + // configured and file name is given on the command line, + // directory where that file is located is returned. If + // parameter filename is empty, then current directory + // is returned (however on windows and mac userDataDir is returned) + + QString getDestDir(const QString &filename); + + protected: + + virtual void showEvent( QShowEvent *ev); + virtual void hideEvent( QHideEvent *ev); + +}; + +#endif + + diff --git a/src/gui/FWWindowPrint.cpp b/src/gui/FWWindowPrint.cpp new file mode 100644 index 000000000..e94de448e --- /dev/null +++ b/src/gui/FWWindowPrint.cpp @@ -0,0 +1,957 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: FWWindowPrint.cpp,v 1.24 2007/06/21 05:43:26 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#include "config.h" +#include "global.h" +#include "utils.h" +#include "platforms.h" + +#include "FWWindow.h" +#include "RuleSetView.h" +#include "FWBSettings.h" +#include "PrintingProgressDialog.h" +#include "FWObjectPropertiesFactory.h" +#include +#include "printerStream.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "fwbuilder/Policy.h" +#include "fwbuilder/InterfacePolicy.h" +#include "fwbuilder/NAT.h" +#include "fwbuilder/Routing.h" +#include "fwbuilder/Interface.h" + +#include "fwbuilder/Library.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Host.h" +#include "fwbuilder/Network.h" +#include "fwbuilder/IPv4.h" +#include "fwbuilder/AddressRange.h" +#include "fwbuilder/ObjectGroup.h" + +#include "fwbuilder/Resources.h" +#include "fwbuilder/FWReference.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/RuleSet.h" + +#include "fwbuilder/CustomService.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/ServiceGroup.h" +#include "fwbuilder/Interval.h" +#include "fwbuilder/IntervalGroup.h" +#include "fwbuilder/RuleElement.h" + +#include + +using namespace libfwbuilder; +using namespace std; + +QString legendList[] = { + Firewall::TYPENAME, QObject::tr("Firewall"), + Host::TYPENAME, QObject::tr("Host"), + IPv4::TYPENAME, QObject::tr("Address"), + AddressRange::TYPENAME, QObject::tr("Addres Range"), + Interface::TYPENAME, QObject::tr("Interface"), + Network::TYPENAME, QObject::tr("Network"), + ObjectGroup::TYPENAME, QObject::tr("Group of objects"), + CustomService::TYPENAME, QObject::tr("Custom Service"), + IPService::TYPENAME, QObject::tr("IP Service"), + ICMPService::TYPENAME, QObject::tr("ICMP Service"), + TCPService::TYPENAME, QObject::tr("TCP Service"), + UDPService::TYPENAME, QObject::tr("UDP Service"), + ServiceGroup::TYPENAME, QObject::tr("Group of services"), + Interval::TYPENAME, QObject::tr("Time Interval"), + "", "" +}; + + +class pixmapOrText { + public: + + QString text; + QPixmap pixmap; + + pixmapOrText(const QString &t,const QPixmap &w); +}; + + + +pixmapOrText::pixmapOrText(const QString &t,const QPixmap &w) : text(t), pixmap(w) +{ } + + +list findAllUsedByType(list &result,FWObject *obj,const string &typeName) +{ + if (RuleElement::cast(obj)!=NULL) + { + for (list::iterator m=obj->begin(); m!=obj->end(); m++) + { + FWObject *o=*m; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + if (o->getTypeName()==typeName) + result.push_back(o); + } + } + + if (RuleSet::cast(obj)!=NULL) + { + for (list::iterator m=obj->begin(); m!=obj->end(); m++) + { + if (Rule::cast(*m)!=NULL) + { + for (list::iterator n=(*m)->begin(); n!=(*m)->end(); n++) + { + if (RuleElement::cast(*n)!=NULL) + { + findAllUsedByType(result,*n,typeName); + } + } + } + } + } + + if (Firewall::isA(obj)) + { + FWObject *ruleSet; + + ruleSet = obj->getFirstByType(Policy::TYPENAME); + findAllUsedByType(result,ruleSet,typeName); + + FWObjectTypedChildIterator j=obj->findByType(Interface::TYPENAME); + for ( ; j!=j.end(); ++j ) + { + if ((ruleSet = (*j)->getFirstByType(InterfacePolicy::TYPENAME))!=NULL) + findAllUsedByType(result,ruleSet,typeName); + } + + ruleSet = obj->getFirstByType(NAT::TYPENAME); + findAllUsedByType(result,ruleSet,typeName); + + ruleSet = obj->getFirstByType(Routing::TYPENAME); + findAllUsedByType(result,ruleSet,typeName); + + result.sort(); + result.unique(); + } + + return result; +} + +int addObjectsToTable(list &objects, + QTableWidget *tbl, + int &row, + int &col) +{ + int added =0; + string icon_path="/FWBuilderResources/Type/"; + + QPixmap bfr(32,32); + QPainter bfrp(&bfr); + + for (list::iterator i=objects.begin(); i!=objects.end(); ++i) + { + if (Address::cast(*i)!=NULL && Address::cast(*i)->isAny()) continue; + if (Service::cast(*i)!=NULL && Service::cast(*i)->isAny()) continue; + if (Interval::cast(*i)!=NULL && Interval::cast(*i)->isAny()) continue; + + if (col>=tbl->columnCount()) + { + col = 0; + row++; + tbl->insertRow(row); + } + + string typeName = (*i)->getTypeName(); + + QString icn = (":/Icons/"+typeName+"/icon").c_str(); + QPixmap pm; + if ( ! QPixmapCache::find( icn, pm) ) + { + pm.load( icn ); + QPixmapCache::insert( icn, pm); + } + + bfrp.fillRect(0,0,32,32,QColor("white")); + bfrp.drawPixmap(4,4,pm); + + tbl->setItem(row,col, new QTableWidgetItem(QIcon(bfr), + QString::fromUtf8((*i)->getName().c_str()))); + + QString descr = FWObjectPropertiesFactory::getObjectProperties(*i); + QString comment = QString::fromUtf8((*i)->getComment().c_str()); + + // collapse paragraphs + //comment.replace("\n\n", " "); + //comment.replace("\n", ""); + //comment.replace(" ", "\n"); + + + tbl->setItem(row,col+1, new QTableWidgetItem(descr)); + tbl->setItem(row,col+2, new QTableWidgetItem(comment)); + + //tbl->item(row,col+2)->setWordWrap(true); + + added++; + + if (fwbdebug) + qDebug("objTbl: row=%d col=%d '%s'", + row, col, (*i)->getName().c_str()); + + col = col+3; + } + return added; +} + +void findAllGroups(list &objects,list &groups) +{ + if (fwbdebug) qDebug("findAllGroups: arg1 size %d",objects.size()); + for (FWObject::iterator obj=objects.begin(); obj!=objects.end(); ++obj) + { + if (fwbdebug) qDebug(" %s",(*obj)->getName().c_str()); + FWObject *o = *obj; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + if (Group::cast(o)!=NULL && + std::find(groups.begin(),groups.end(),o)==groups.end()) + { + groups.push_back(o); + if (fwbdebug) qDebug("Add group %s to groups",o->getName().c_str()); + findAllGroups(*o,groups); + } + } +} + +void printFirewall(FWObject *fw, + printerStream &pr, + PrintingProgressDialog *ppd, + bool newPageForSection) +{ + + list listPT; + + QString txt; + + QString platform = fw->getStr("platform").c_str(); + QString version = fw->getStr("version").c_str(); + QString readableVersion = getVersionString(platform,version); + QString hostOS = fw->getStr("host_OS").c_str(); + + pr.beginPage(); // resets yPos + + pr.printText(QObject::tr("Firewall name: %1").arg(QString::fromUtf8(fw->getName().c_str()))); + pr.printText(QObject::tr("Platform: ") + platform); + pr.printText(QObject::tr("Version: ") + readableVersion); + pr.printText(QObject::tr("Host OS: ") + hostOS); + pr.printText(" "); + +// ppd->genericProgressIndicator(ppdCounter++,QObject::tr("Processing global policy")); + if (fwbdebug) qDebug("******** Global policy"); + + pr.printText(QObject::tr("Global Policy")); + + RuleSetView *ruleView=new PolicyView( + Policy::cast(fw->getFirstByType(Policy::TYPENAME)),NULL); + ruleView->setSizePolicy( QSizePolicy( (QSizePolicy::Policy)7, + (QSizePolicy::Policy)7) ); + ruleView->setHorizontalScrollBarPolicy(Qt::ScrollBarAlwaysOff); + ruleView->setVerticalScrollBarPolicy(Qt::ScrollBarAlwaysOff); + + /*if (fwbdebug) qDebug("Contents: %dx%d", + ruleView->contentsWidth(),ruleView->contentsHeight()); + if (fwbdebug) qDebug("Visible: %dx%d", + ruleView->visibleWidth(),ruleView->visibleHeight());*/ + if (fwbdebug) qDebug("Viewport: %dx%d", + ruleView->viewport()->width(),ruleView->viewport()->height()); + /*if (fwbdebug) qDebug("Clipper: %dx%d", + ruleView->clipper()->width(),ruleView->clipper()->height());*/ + + if (fwbdebug) qDebug("Size: %dx%d",ruleView->width(),ruleView->height()); + +// pr.printPixmap(QPixmap::grabWidget(ruleView,0,0)); + pr.printQTable(ruleView); + + delete ruleView; + + + FWObjectTypedChildIterator j=fw->findByType(Interface::TYPENAME); + for ( ; j!=j.end(); ++j ) + { + Interface *intf = Interface::cast(*j); + InterfacePolicy *ip = InterfacePolicy::cast((*j)->getFirstByType(InterfacePolicy::TYPENAME)); + if (ip) + { + QString tabName; + if ( !intf->getLabel().empty() ) + tabName=QString::fromUtf8(intf->getLabel().c_str()); + else + tabName=QString::fromUtf8(intf->getName().c_str()); + +// ppd->genericProgressIndicator(ppdCounter++,QObject::tr("Processing policy for interface %1").arg(tabName)); + if (fwbdebug) + qDebug("******** Interface policy for %s",tabName.toLatin1().constData()); + + + if (newPageForSection) + { + pr.flushPage(); + pr.beginPage(); // resets yPos + } else + pr.printText(" "); + + pr.printText(QObject::tr("Interface %1").arg(tabName)); + + ruleView=new InterfacePolicyView(ip,NULL); + ruleView->setSizePolicy( QSizePolicy( (QSizePolicy::Policy)7, + (QSizePolicy::Policy)7) ); + ruleView->setHorizontalScrollBarPolicy(Qt::ScrollBarAlwaysOff); + ruleView->setVerticalScrollBarPolicy(Qt::ScrollBarAlwaysOff); + + if (fwbdebug) qDebug("%dx%d",ruleView->width(),ruleView->height()); + + pr.printQTable(ruleView); + // pr.printPixmap(QPixmap::grabWidget(ruleView,0,0)); + delete ruleView; + } + } + +// ppd->genericProgressIndicator(ppdCounter++,QObject::tr("Processing NAT rules")); + if (fwbdebug) qDebug("******** NAT"); + NAT *nat = NAT::cast(fw->getFirstByType(NAT::TYPENAME)); + if (nat && nat->size()!=0) + { + if (newPageForSection) + { + pr.flushPage(); + pr.beginPage(); // resets yPos + } else + pr.printText(" "); + + pr.printText(QObject::tr("NAT")); + + ruleView=new NATView(nat,NULL); + + ruleView->setSizePolicy( QSizePolicy( (QSizePolicy::Policy)7, + (QSizePolicy::Policy)7) ); + ruleView->setHorizontalScrollBarPolicy(Qt::ScrollBarAlwaysOff); + ruleView->setVerticalScrollBarPolicy(Qt::ScrollBarAlwaysOff); + + if (fwbdebug) qDebug("%dx%d",ruleView->width(),ruleView->height()); + + pr.printQTable(ruleView); +// pr.printPixmap(QPixmap::grabWidget(ruleView,0,0)); + delete ruleView; + } + + if (fwbdebug) qDebug("******** Routing"); + Routing *routing = Routing::cast(fw->getFirstByType(Routing::TYPENAME)); + if (routing && routing->size()!=0) + { + if (newPageForSection) + { + pr.flushPage(); + pr.beginPage(); // resets yPos + } else + pr.printText(" "); + + pr.printText(QObject::tr("Routing")); + + ruleView=new RoutingView(routing,NULL); + + ruleView->setSizePolicy( QSizePolicy( (QSizePolicy::Policy)7, + (QSizePolicy::Policy)7) ); + ruleView->setHorizontalScrollBarPolicy(Qt::ScrollBarAlwaysOff); + ruleView->setVerticalScrollBarPolicy(Qt::ScrollBarAlwaysOff); + + if (fwbdebug) qDebug("%dx%d",ruleView->width(),ruleView->height()); + + pr.printQTable(ruleView); +// pr.printPixmap(QPixmap::grabWidget(ruleView,0,0)); + delete ruleView; + } +} + +void FWWindow::filePrint() +{ + int pageWidth = 0; + int pageHeight = 0; + bool fullPage = false; + + float margin; +#if defined(Q_OS_MACX) || defined(Q_OS_WIN32) + margin=1.5; +#else + margin=0; +#endif + int resolution = 150; + bool printHeader = true; + bool printLegend = true; + bool printObjects = true; + bool newPageForSection = false; + int tableResolution = 2; // 50%, 75%, 100%, 150%, 200%, default 100% + + if (!st->getStr("PrintSetup/newPageForSection").isEmpty()) + newPageForSection = st->getBool("PrintSetup/newPageForSection"); + + if (!st->getStr("PrintSetup/printHeader").isEmpty()) + printHeader = st->getBool("PrintSetup/printHeader"); + + if (!st->getStr("PrintSetup/printLegend").isEmpty()) + printLegend = st->getBool("PrintSetup/printLegend"); + + if (!st->getStr("PrintSetup/printObjects").isEmpty()) + printObjects = st->getBool("PrintSetup/printObjects"); + + if (!st->getStr("PrintSetup/tableResolution").isEmpty()) + tableResolution = st->getInt("PrintSetup/tableResolution"); + + Ui::pageSetupDialog_q psd; + QDialog dlg; + + psd.setupUi(&dlg); + + psd.newPageForSection->setChecked(newPageForSection); + psd.printHeader->setChecked(printHeader); + psd.printLegend->setChecked(printLegend); + psd.printObjects->setChecked(printObjects); + psd.tableResolution->setCurrentIndex(tableResolution); + + if ( dlg.exec() == QDialog::Accepted ) + { + newPageForSection = psd.newPageForSection->isChecked(); + printHeader = psd.printHeader->isChecked(); + printLegend = psd.printLegend->isChecked(); + printObjects = psd.printObjects->isChecked(); + tableResolution = psd.tableResolution->currentIndex(); + + st->setBool("PrintSetup/newPageForSection",newPageForSection); + st->setBool("PrintSetup/printHeader", printHeader ); + st->setBool("PrintSetup/printLegend", printLegend ); + st->setBool("PrintSetup/printObjects", printObjects ); + st->setInt("PrintSetup/tableResolution", tableResolution ); + + switch (tableResolution) + { + case 0: resolution = 300; break; + case 1: resolution = 225; break; + case 2: resolution = 150; break; + case 3: resolution = 100; break; + case 4: resolution = 75; break; + } + + st->getPrinterOptions(printer,pageWidth,pageHeight); + + printer->setResolution(resolution); + printer->setFullPage(fullPage); + + QPrintDialog pdialog(printer, this); + + pdialog.addEnabledOption(QAbstractPrintDialog::PrintPageRange); + pdialog.setMinMax(1,9999); + pdialog.setPrintRange(QAbstractPrintDialog::AllPages); + + if (pdialog.exec()) + { + int fromPage = printer->fromPage(); + int toPage = printer->toPage(); + if (fromPage==0) fromPage=1; + if (toPage==0) toPage=9999; + + statusBar()->showMessage( "Printing..." ); + + PrintingProgressDialog *ppd = new PrintingProgressDialog(this,printer,0,false); + + QString headerText = rcs->getFileName().section("/",-1,-1); + if (rcs->isInRCS()) headerText = headerText + ", rev " + rcs->getSelectedRev(); + +#if defined(Q_OS_MACX) + printerStream pr(printer,margin,printHeader,headerText,NULL); +#else + printerStream pr(printer,margin,printHeader,headerText,ppd); + ppd->show(); +#endif + pr.setFromTo(fromPage,toPage); + + if ( !pr.begin()) + { + ppd->hide(); + delete ppd; + return; + } + + int leftMargin = printer->paperRect().left() - printer->pageRect().left(); + int topMargin = printer->paperRect().top() - printer->pageRect().top(); + + if (fwbdebug) + { + qDebug("Margins: %d,%d",leftMargin,topMargin); + } + +// int ppdCounter = 1; + + printFirewall(visibleFirewall,pr,ppd,newPageForSection); + + if (printLegend) + { + if (fwbdebug) qDebug("******** Legend"); + + if (newPageForSection) + { + pr.flushPage(); + pr.beginPage(); // resets yPos + } else + pr.printText("\n"); + + pr.printText(tr("Legend")); + pr.printText(" "); + + QTableWidget legendTbl(1,2); + legendTbl.resize(pr.getWorkspaceWidth(), + pr.getWorkspaceHeight()); + legendTbl.setSizePolicy( QSizePolicy( (QSizePolicy::Policy)7, + (QSizePolicy::Policy)7) ); + legendTbl.setShowGrid(false); + legendTbl.setFrameStyle(QFrame::NoFrame | QFrame::Plain); + + legendTbl.horizontalHeader()->hide(); + legendTbl.verticalHeader()->hide(); + //legendTbl.setTopMargin(0); + //legendTbl.setLeftMargin(0); + + legendTbl.setHorizontalScrollBarPolicy(Qt::ScrollBarAlwaysOff); + legendTbl.setVerticalScrollBarPolicy(Qt::ScrollBarAlwaysOff); + + + string icon_path="/FWBuilderResources/Type/"; + int row=0; + int col=0; + + QPixmap pm; + + QPixmap bfr(32,32); + QPainter bfrp(&bfr); + + for (int i=0; !legendList[i].isEmpty(); ++i,++i) + { + if (row>=legendTbl.rowCount()) legendTbl.insertRow(row); + + QString typeName=legendList[i]; + QString objName=legendList[i+1]; + + if (typeName==CustomService::TYPENAME) + { + col++; + row=0; + } + + if (fwbdebug) + qDebug("Legend table: row=%d col=%d %s %s", + row,col,typeName.toAscii().constData(),objName.toAscii().constData()); + +// pm.load( Resources::global_res->getResourceStr( +// icon_path+string(typeName.toLatin1().constData())+"/icon").c_str() ); + + QString icn = ":/Icons/"+typeName+"/icon"; + QPixmap pm; + if ( ! QPixmapCache::find( icn, pm) ) + { + pm.load( icn ); + QPixmapCache::insert( icn, pm); + } + + bfrp.fillRect(0,0,32,32,QColor(Qt::white)); + bfrp.drawPixmap(4,4,pm); + + QTableWidgetItem *itm = new QTableWidgetItem; + itm->setIcon(QIcon(bfr)); + itm->setText(objName); + legendTbl.setItem(row, col, itm); + + row++; + } + + legendTbl.resizeColumnToContents(0); + legendTbl.resizeColumnToContents(1); + + for (int i=0; ihide(); + fwObjTbl.verticalHeader()->hide(); + fwObjTbl.setContentsMargins(0,0,0,0); + + fwObjTbl.setHorizontalScrollBarPolicy(Qt::ScrollBarAlwaysOff); + fwObjTbl.setVerticalScrollBarPolicy(Qt::ScrollBarAlwaysOff); + fwObjTbl.resize(pr.getWorkspaceWidth(), + pr.getWorkspaceHeight()); + + list objects; + QString descr; + + int row = 0; + int col = 0; + int added = 0; + + objects.clear(); + findAllUsedByType(objects,visibleFirewall,Firewall::TYPENAME); + added = addObjectsToTable(objects, &fwObjTbl, row, col); + if (fwbdebug) qDebug("Objects table: added %d firewalls",added); + + for (int i=0; ihide(); + objTbl.verticalHeader()->hide(); + setContentsMargins ( 0,0,0,0 ); + + objTbl.setHorizontalScrollBarPolicy(Qt::ScrollBarAlwaysOff); + objTbl.setVerticalScrollBarPolicy(Qt::ScrollBarAlwaysOff); + + row = 0; + col = 0; + added = 0; + + objects.clear(); + findAllUsedByType(objects,visibleFirewall,Host::TYPENAME); + added=addObjectsToTable(objects,&objTbl,row,col); + if (fwbdebug) qDebug("Objects table: added %d hosts",added); + if (added) + { + if (col!=0) + { + row++; col=0; + objTbl.insertRow(row); + } + } + + objects.clear(); + findAllUsedByType(objects,visibleFirewall,Network::TYPENAME); + added=addObjectsToTable(objects,&objTbl,row,col); + if (fwbdebug) qDebug("Objects table: added %d networks",added); + if (added) + { + if (col!=0) + { + row++; col=0; + objTbl.insertRow(row); + } + } + + objects.clear(); + findAllUsedByType(objects,visibleFirewall,IPv4::TYPENAME); + added=addObjectsToTable(objects,&objTbl,row,col); + if (fwbdebug) qDebug("Objects table: added %d addresses",added); + if (added) + { + if (col!=0) + { + row++; col=0; + objTbl.insertRow(row); + } + } + + objects.clear(); + findAllUsedByType(objects,visibleFirewall,AddressRange::TYPENAME); + added=addObjectsToTable(objects,&objTbl,row,col); + if (fwbdebug) qDebug("Objects table: added %d address ranges",added); + if (added) + { + if (col!=0) + { + row++; col=0; + objTbl.insertRow(row); + } + } + + objects.clear(); + findAllUsedByType(objects,visibleFirewall,ObjectGroup::TYPENAME); + added=addObjectsToTable(objects,&objTbl,row,col); + if (fwbdebug) qDebug("Objects table: added %d obj groups",added); + if (added) + { + if (col!=0) + { + row++; col=0; + objTbl.insertRow(row); + } + haveObjGroups = true; + } + + objects.clear(); + findAllUsedByType(objects,visibleFirewall,IPService::TYPENAME); + added=addObjectsToTable(objects,&objTbl,row,col); + if (fwbdebug) qDebug("Objects table: added %d ip services",added); + if (added) + { + if (col!=0) + { + row++; col=0; + objTbl.insertRow(row); + } + } + + objects.clear(); + findAllUsedByType(objects,visibleFirewall,ICMPService::TYPENAME); + added=addObjectsToTable(objects,&objTbl,row,col); + if (fwbdebug) qDebug("Objects table: added %d icmp services",added); + if (added) + { + if (col!=0) + { + row++; col=0; + objTbl.insertRow(row); + } + } + + objects.clear(); + findAllUsedByType(objects,visibleFirewall,TCPService::TYPENAME); + added=addObjectsToTable(objects,&objTbl,row,col); + if (fwbdebug) qDebug("Objects table: added %d tcp services",added); + if (added) + { + if (col!=0) + { + row++; col=0; + objTbl.insertRow(row); + } + } + + objects.clear(); + findAllUsedByType(objects,visibleFirewall,UDPService::TYPENAME); + added=addObjectsToTable(objects,&objTbl,row,col); + if (fwbdebug) qDebug("Objects table: added %d udp services",added); + if (added) + { + if (col!=0) + { + row++; col=0; + objTbl.insertRow(row); + } + } + + objects.clear(); + findAllUsedByType(objects,visibleFirewall,CustomService::TYPENAME); + added=addObjectsToTable(objects,&objTbl,row,col); + if (fwbdebug) qDebug("Objects table: added %d custom services",added); + if (added) + { + if (col!=0) + { + row++; col=0; + objTbl.insertRow(row); + } + } + + objects.clear(); + findAllUsedByType(objects,visibleFirewall,ServiceGroup::TYPENAME); + added=addObjectsToTable(objects,&objTbl,row,col); + if (fwbdebug) qDebug("Objects table: added %d srv groups",added); + if (added) + { + if (col!=0) + { + row++; col=0; + objTbl.insertRow(row); + } + haveSrvGroups = true; + } + + objects.clear(); + findAllUsedByType(objects,visibleFirewall,Interval::TYPENAME); + added=addObjectsToTable(objects,&objTbl,row,col); + if (fwbdebug) qDebug("Objects table: added %d time intervals",added); + if (added) + { + if (col!=0) + { + row++; col=0; + objTbl.insertRow(row); + } + } + + for (int i=0; i groups; + + objects.clear(); + findAllUsedByType(objects,visibleFirewall,ObjectGroup::TYPENAME); + findAllGroups(objects,groups); + + objects.clear(); + findAllUsedByType(objects,visibleFirewall,ServiceGroup::TYPENAME); + findAllGroups(objects,groups); + + for (FWObject::iterator obj=groups.begin(); obj!=groups.end(); ++obj) + { + QTableWidget objTbl(1,6); + objTbl.setSizePolicy( QSizePolicy( (QSizePolicy::Policy)7, + (QSizePolicy::Policy)7) ); + objTbl.setFrameStyle(QFrame::NoFrame | QFrame::Plain); + + objTbl.setContentsMargins(0,0,0,0); + objTbl.horizontalHeader()->hide(); + objTbl.verticalHeader()->hide(); + + objTbl.setHorizontalScrollBarPolicy(Qt::ScrollBarAlwaysOff); + objTbl.setVerticalScrollBarPolicy(Qt::ScrollBarAlwaysOff); + + row = 0; + col = 0; + list groupMembers; + + for (FWObject::iterator j=(*obj)->begin(); + j!=(*obj)->end(); ++j) + { + FWObject *o = *j; + if (FWReference::cast(o)!=NULL) + o=FWReference::cast(o)->getPointer(); + groupMembers.push_back(o); + } + + added=addObjectsToTable(groupMembers,&objTbl,row,col); + if (fwbdebug) qDebug("Group %s: added %d group members", + (*obj)->getName().c_str(),added); + + if (added == 0) + { + objTbl.setItem(row,col, new QTableWidgetItem(tr("EMPTY")) ); + } + + for (int i=0; igetName().c_str()); + pr.printQTable(&objTbl, false, false); + pr.printText("\n"); + } + } + } + + ppd->hide(); + delete ppd; + + pr.end(); + + if (printer->printerState() == QPrinter::Aborted) + { + statusBar()->showMessage( tr("Printing aborted"), 2000 ); + QMessageBox::information( + this,"Firewall Builder", + tr("Printing aborted"), + tr("&Continue"), QString::null,QString::null, + 0, 1 ); + } else + statusBar()->showMessage( tr("Printing completed"), 2000 ); + + } else + { + statusBar()->showMessage( tr("Printing setPrinterOptions(printer,pageWidth,pageHeight); + } + +} + + diff --git a/src/gui/FilterDialog.cpp b/src/gui/FilterDialog.cpp new file mode 100644 index 000000000..5a4f270c5 --- /dev/null +++ b/src/gui/FilterDialog.cpp @@ -0,0 +1,612 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Illiya Yalovoy + + $Id: FilterDialog.cpp,v 1.8 2006/05/15 04:26:33 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "utils.h" +#include "platforms.h" +#include "VERSION.h" + +#include "FilterDialog.h" +#include "DiscoveryDruid.h" +#include "ObjectManipulator.h" +#include "FWBSettings.h" + +#include "fwbuilder/Library.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/FWException.h" +#include "fwbuilder/Rule.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/XMLTools.h" + + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +using namespace std; +using namespace libfwbuilder; + +FilterDialog::FilterDialog(QWidget *parent) : QDialog(parent) +{ + m_dialog = new Ui::FilterDialog_q; + m_dialog->setupUi(this); +} + +FilterDialog::~FilterDialog() +{ + delete m_dialog; +} + +void FilterDialog::setFilter(Filter * f) +{ + flt=f; + + /* + QString p_n; + QString p_a; + int f_a,f_n,f_w,f_c; + + f_w=flt->isWildcard(); + f_c=flt->isCaseSens(); + f_a=flt->flt_addr; + f_n=flt->flt_name; + p_a=flt->getAddrPattern(); + p_n=flt->getNamePattern(); + + init(f_w,f_c,f_a,f_n,p_a,p_n); + */ + //table->setColumnStretchable(2,true); +} +void FilterDialog::apply() +{ + updateData(); + if (validate()) + { + update(); + accept(); + } + else + { + QMessageBox::critical(this,tr("Filter error"),tr("Invalid RegExp.") ); + } +} + +void FilterDialog::save() +{ + QString dir; + if (LastFile.isEmpty()) + { + dir=st->getWDir(); + if (dir.isEmpty()) dir=st->getOpenFileDir(); + if (dir.isEmpty()) dir="~"; + } + else + { + dir=LastFile; + } + QString s = QFileDialog::getSaveFileName( + this, + "Save file dialog", + dir, + "FWBuilder filter files (*.fwf)"); + + + if (!s.isEmpty()) + { + if (!s.endsWith(".fwf")) + { + s+=".fwf"; + } + + xmlDocPtr doc; + + xmlNodePtr node; + //xmlNodePtr tree; + + doc = xmlNewDoc(TOXMLCAST("1.0")); + doc->children = xmlNewDocNode(doc, NULL, TOXMLCAST("FWB_FILTER"), NULL); + + xmlSetProp(doc->children, TOXMLCAST("version"), + TOXMLCAST( VERSION )); + xmlSetProp(doc->children, TOXMLCAST("CaseSensitive"), + TOXMLCAST( ((m_dialog->case_sensitive->isChecked())?"1":"0") )); + xmlSetProp(doc->children, TOXMLCAST("Match"), + TOXMLCAST( QString("%1").arg(m_dialog->combo->currentIndex()).toLatin1().constData() )); + + QString buf; + int n=m_dialog->table->rowCount(); + for (int i=0;ichildren , NULL , TOXMLCAST("FWB_FILTER_ITEM"), NULL); + + buf=QString("%1").arg(((QComboBox*)m_dialog->table->cellWidget(i,0))->currentIndex()); + xmlSetProp(node,(const xmlChar*) "Target", + TOXMLCAST(buf.toLatin1().constData()) ); + + buf=QString("%1").arg(((QComboBox*)m_dialog->table->cellWidget(i,1))->currentIndex()); + xmlSetProp(node, (const xmlChar*) "Type", + TOXMLCAST(buf.toLatin1().constData()) ); + + xmlSetProp(node, (const xmlChar*) "Pattern", + TOXMLCAST(m_dialog->table->item(i,2)->text().toLatin1().constData())); + } + + + xmlSaveFile(s.toLatin1().constData(),doc); + xmlFreeDoc(doc); + + } +} +void FilterDialog::load() +{ + QString dir; + dir=st->getWDir(); + if (dir.isEmpty()) dir=st->getOpenFileDir(); + if (dir.isEmpty()) dir="~"; + + QString s = QFileDialog::getOpenFileName( + this, + "Open file dialog", + dir, + "FWBuilder filter files (*.fwf)"); + + + if (!s.isEmpty()) + { + + xmlDocPtr doc=xmlParseFile(s.toLatin1().constData()); + //TODO: use local codepage + if (doc == NULL) + { + qDebug("Document not parsed successfully."); + return; + } + + xmlNodePtr node= xmlDocGetRootElement(doc); + + if (node == NULL) + { + qDebug("empty document"); + xmlFreeDoc(doc); + return; + } + + if (xmlStrcmp(node->name,(const xmlChar*) "FWB_FILTER")) + { + qDebug("document of the wrong type. (FWB_FILTER)"); + xmlFreeDoc(doc); + return; + } + + xmlChar *xmlbuf; + QString qbuf; + + xmlbuf=xmlGetProp(node,(const xmlChar*) "CaseSensitive"); + qbuf=FROMXMLCAST(xmlbuf); + FREEXMLBUFF(xmlbuf); + m_dialog->case_sensitive->setChecked(qbuf.toInt()); + + xmlbuf=xmlGetProp(node,(const xmlChar*) "Match"); + qbuf=FROMXMLCAST(xmlbuf); + FREEXMLBUFF(xmlbuf); + m_dialog->combo->setCurrentIndex(qbuf.toInt()); + + + node=node->xmlChildrenNode; + while (node != NULL) + { + if (xmlStrcmp(node->name,(const xmlChar*) "FWB_FILTER_ITEM")) + { + qDebug("document of the wrong type. (FWB_FILTER_ITEM)"); + xmlFreeDoc(doc); + return; + } + + addPattern(); + int n=m_dialog->table->rowCount()-1; + + + xmlbuf=xmlGetProp(node,(const xmlChar*) "Target"); + qbuf=FROMXMLCAST(xmlbuf); + FREEXMLBUFF(xmlbuf); + ((QComboBox*)m_dialog->table->cellWidget(n,0))->setCurrentIndex( + qbuf.toInt()); + + xmlbuf=xmlGetProp(node,(const xmlChar*) "Type"); + qbuf=FROMXMLCAST(xmlbuf); + FREEXMLBUFF(xmlbuf); + ((QComboBox*)m_dialog->table->cellWidget(n,1))->setCurrentIndex( + qbuf.toInt()); + + + xmlbuf=xmlGetProp(node,(const xmlChar*) "Pattern"); + qbuf=FROMXMLCAST(xmlbuf); + FREEXMLBUFF(xmlbuf); + m_dialog->table->item(n,2)->setText(qbuf); + + node=node->next; + } + LastFile=s; + } +} + +void FilterDialog::update() +{ + QRegExp r; + Filter newflt; + + newflt.setMatchAny(m_dialog->combo->currentIndex()); + newflt.setCaseSens(m_dialog->case_sensitive->isChecked()); + newflt.clear(); + + int n=m_dialog->table->rowCount(); + for(int i=0; itable->cellWidget(i,0))->currentIndex()) + { + case FWF_ADDRESS: + { + newflt.addAddrRegExp(r); + break; + } + case FWF_NAME: + { + newflt.addNameRegExp(r); + break; + } + default : + { + } + } + } + + if (newflt.isValid()) + { + *flt=newflt; + } + /* + bool res=false; + + Filter newflt; + + newflt.setAddrPattern( addresspattern->text()); + newflt.setNamePattern( namepattern->text()); + + newflt.setWildcard( radioButton1->isChecked()); + newflt.setCaseSens( casesens->isChecked()); + + newflt.flt_name = name_checkbox->isChecked(); + newflt.flt_addr = addr_checkbox->isChecked(); + + if (newflt.isValid()) + { + *flt=newflt; + res=true; + } + + return res; + */ +} +bool FilterDialog::validate() +{ + bool res=true; + QRegExp r; + + int n=m_dialog->table->rowCount(); + for(int i=0; itable->selectRow(i); + return res; + } + + } + + return res; +} +QRegExp FilterDialog::constructRegExp(int p) +{ + QRegExp r; + QString buf; + r.setCaseSensitivity((m_dialog->case_sensitive->isChecked())? + Qt::CaseSensitive:Qt::CaseInsensitive); + switch(((QComboBox*)m_dialog->table->cellWidget(p,1))->currentIndex()) + { + case FWF_CONTAINS: + { + r.setPatternSyntax(QRegExp::Wildcard); + buf=m_dialog->table->item(p,2)->text().toLatin1().constData(); + break; + } + case FWF_IS_EQUAL_TO: + { + r.setPatternSyntax(QRegExp::RegExp); + buf="^"; + buf+=m_dialog->table->item(p,2)->text().toLatin1().constData(); + buf+="$"; + break; + } + case FWF_STARTS_WITH: + { + r.setPatternSyntax(QRegExp::RegExp); + buf="^"; + buf+=m_dialog->table->item(p,2)->text().toLatin1().constData(); + break; + } + case FWF_ENDS_WITH: + { + r.setPatternSyntax(QRegExp::RegExp); + buf=m_dialog->table->item(p,2)->text().toLatin1().constData(); + buf+="$"; + break; + } + case FWF_MATCHES_WILDCARD: + { + r.setPatternSyntax(QRegExp::Wildcard); + buf=m_dialog->table->item(p,2)->text().toLatin1().constData(); + break; + } + case FWF_MATCHES_REGEXP: + { + r.setPatternSyntax(QRegExp::RegExp); + buf=m_dialog->table->item(p,2)->text().toLatin1().constData(); + break; + } + default : + { + } + } + r.setPattern(buf); + return r; +} +void FilterDialog::addPattern() +{ + updateData(); + + QStringList trg; + trg+=tr("Name"); + trg+=tr("Address"); + + QStringList tp; + tp+=tr("Contains"); + tp+=tr("Is equal to"); + tp+=tr("Starts with"); + tp+=tr("Ends with"); + tp+=tr("Matches Wildcard"); + tp+=tr("Matches RegExp"); + + int n=m_dialog->table->rowCount(); + m_dialog->table->setRowCount(n+1); + + QComboBox *cb = new QComboBox(m_dialog->table); + cb->addItems(trg); + m_dialog->table->setCellWidget(n,0,cb); + + cb = new QComboBox(m_dialog->table); + cb->addItems(tp); + m_dialog->table->setCellWidget(n,1,cb); + + QTableWidgetItem *itm = new QTableWidgetItem; + itm->setFlags(itm->flags() | Qt::ItemIsEditable); + m_dialog->table->setItem(n,2,itm); + + /*m_dialog->table->setItem(n,0,new QTableWidgetItem(m_dialog->table,trg)); + m_dialog->table->setItem(n,1,new QTableWidgetItem(m_dialog->table,tp)); + //table->setItem(n,2,new QTableWidgetItem(table,QTableWidgetItem::Always)); + m_dialog->table->setItem(n,2,new QTableWidgetItem(m_dialog->table,QTableWidgetItem::WhenCurrent,""));*/ +} +void FilterDialog::removePattern() +{ + int r=m_dialog->table->currentRow(); + m_dialog->table->removeRow(r); +} +void FilterDialog::clearPatterns() +{ + m_dialog->table->setRowCount(0); +// for (int i=table->rowCount()-1;i>0;i--) +// table->removeRow(i); +} +void FilterDialog::updateData() +{ + int row=m_dialog->table->currentRow(); + QTableWidgetItem * item=m_dialog->table->item(row,2); + QWidget * w =m_dialog->table->cellWidget (row,2 ); + if (w) item->setText ( ((QComboBox*)w)->currentText() ); +} +//------------------------------------------------------------------ +bool Filter::isCaseSens() +{ + return CaseSensitive; +} +void Filter::addNameRegExp(const QRegExp &r) +{ + name_patterns.push_back(r); +} +void Filter::addAddrRegExp(const QRegExp &r) +{ + addr_patterns.push_back(r); +} + +QString Filter::getNamePatternString(int p) +{ + return name_patterns[p].pattern(); +} +QString Filter::getAddrPatternString(int p) +{ + return addr_patterns[p].pattern(); +} + +int Filter::getNamePatternsNumber() +{ + return name_patterns.size(); +} +int Filter::getAddrPatternsNumber() +{ + return addr_patterns.size(); +} + +bool Filter::isNameWildcard(int p) +{ + return name_patterns[p].patternSyntax() == QRegExp::Wildcard; +} +bool Filter::isAddrWildcard(int p) +{ + return addr_patterns[p].patternSyntax() == QRegExp::Wildcard; +} + +Filter & Filter::operator=(const Filter& f) +{ + addr_patterns=f.addr_patterns; + name_patterns=f.name_patterns; + CaseSensitive=f.CaseSensitive; + MatchAny=f.MatchAny; + + return *this; +} +/* +void FilterDialog::closeEvent(QCloseEvent *e) +{ + if (fwbdebug) + qDebug("FilterDialog::closeEvent got close event: %p",e); + hide(); +} +*/ + +Filter::Filter() +{ + CaseSensitive=true; + MatchAny=true; +} +Filter::~Filter() +{ +} +void Filter::addNamePattern(const QString &s,bool wc) +{ + name_patterns.push_back(QRegExp(s,Qt::CaseSensitive,wc?QRegExp::Wildcard:QRegExp::RegExp)); +} +void Filter::addAddrPattern(const QString &s,bool wc) +{ + addr_patterns.push_back(QRegExp(s,Qt::CaseSensitive,wc?QRegExp::Wildcard:QRegExp::RegExp)); +} +void Filter::clear() +{ + name_patterns.clear(); + addr_patterns.clear(); +} +void Filter::setCaseSens(bool b) +{ + CaseSensitive=b; +} +void Filter::setMatchAny(bool b) +{ + MatchAny=b; +} +bool Filter::isMatchAny () +{ + return MatchAny; +} +bool Filter::testName(const QString &s) +{ + int cmp; + if (name_patterns.isEmpty()) + { + return addr_patterns.isEmpty() || !MatchAny; + } + for (int i=0;i=0) return true; + } + else + { + if(cmp<0) return false; + } + } + return !MatchAny; +} +bool Filter::testAddr(const QString &s) +{ + int cmp; + if (addr_patterns.isEmpty()) + { + return (name_patterns.isEmpty() || !MatchAny); + } + + for (int i=0;i=0) return true; + } + else + { + if(cmp<0) return false; + } + } + return !MatchAny; +} +bool Filter::test(const ObjectDescriptor &od) +{ + QString name=od.sysname.c_str(); + QString addr=od.addr.toString().c_str(); + return (MatchAny)? testAddr(addr) || testName(name): + testAddr(addr) && testName(name); +} + +bool Filter::isValid() +{ + bool res=true; + //TODO: Filter validity test + return res; +} diff --git a/src/gui/FilterDialog.h b/src/gui/FilterDialog.h new file mode 100644 index 000000000..8f3ba2261 --- /dev/null +++ b/src/gui/FilterDialog.h @@ -0,0 +1,134 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Illiya Yalovoy + + $Id: FilterDialog.h,v 1.5 2006/02/09 17:11:30 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __FILTERDIALOG_H_ +#define __FILTERDIALOG_H_ + +#include "config.h" +#include + +#include "fwbuilder/FWObject.h" +#include "fwbuilder/Resources.h" +#include +#include + +class QRegExp; +class ObjectDescriptor; + +enum {FWF_ANY = 0, FWF_ALL = 1}; +enum {FWF_NAME = 0,FWF_ADDRESS = 1}; +enum {FWF_CONTAINS = 0, + FWF_IS_EQUAL_TO = 1, + FWF_STARTS_WITH = 2, + FWF_ENDS_WITH =3, + FWF_MATCHES_WILDCARD = 4, + FWF_MATCHES_REGEXP = 5}; + +class Filter +{ + private: + + bool CaseSensitive; + bool MatchAny; + QVector addr_patterns; + QVector name_patterns; + + +public: + + Filter(); + ~Filter(); + + void addNamePattern(const QString &s,bool wc); + void addNameRegExp(const QRegExp &r); + void addAddrPattern(const QString &s,bool wc); + void addAddrRegExp(const QRegExp &r); + + void setCaseSens(bool b); + bool isCaseSens (); + + void setMatchAny(bool b); + bool isMatchAny (); + + bool testName(const QString &s); + bool testAddr(const QString &s); + bool test(const ObjectDescriptor &od); + bool isValid(); + + void clear(); + + int getNamePatternsNumber(); + int getAddrPatternsNumber(); + + QString getNamePatternString(int p); + QString getAddrPatternString(int p); + bool isNameWildcard(int p); + bool isAddrWildcard(int p); + + Filter& operator=(const Filter& f); +}; + +class FilterDialog : public QDialog +{ + Q_OBJECT + private: + Filter * flt; + + Ui::FilterDialog_q *m_dialog; + + bool validate(); + void update(); + QString LastFile; + QRegExp constructRegExp(int p); + public: + FilterDialog(QWidget *parent); + ~FilterDialog(); + void setFilter(Filter *); + + //virtual void closeEvent(QCloseEvent *e); + + +public slots: + virtual void apply(); + virtual void save(); + virtual void load(); + virtual void addPattern(); + virtual void removePattern(); + virtual void clearPatterns(); + virtual void updateData(); + + + signals: +/** + * This signal is emitted from closeEvent, ObjectEditor connects + * to this signal to make checks before the object editor can be closed + * and to store its position on the screen + */ + // void close_sign(QCloseEvent *e); + +}; + +#endif diff --git a/src/gui/FindObjectWidget.cpp b/src/gui/FindObjectWidget.cpp new file mode 100644 index 000000000..2cc255e58 --- /dev/null +++ b/src/gui/FindObjectWidget.cpp @@ -0,0 +1,608 @@ +/* + + Firewall Builder + + Copyright (C) 2006 NetCitadel, LLC + + Author: Illiya Yalovoy + + $Id: FindObjectWidget.cpp,v 1.9 2007/04/24 05:00:47 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "utils.h" +#include "platforms.h" +#include "definitions.h" + +#include +#include "FindObjectWidget.h" +#include "ObjectManipulator.h" +#include "FWWindow.h" +#include "FWObjectDropArea.h" +#include "ObjectManipulator.h" +#include "FWBTree.h" +#include "FWBSettings.h" +#include "ObjectTreeView.h" +#include "RuleSetView.h" +#include "ObjectEditor.h" + + +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/FWReference.h" +#include "fwbuilder/RuleSet.h" +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +using namespace std; +using namespace libfwbuilder; + +#define MAX_SEARCH_ITEMS_COUNT 10 + +FindObjectWidget::FindObjectWidget(QWidget*p, const char * n, Qt::WindowFlags f) : QWidget(p,f) +{ + m_widget = new Ui::findObjectWidget_q; + m_widget->setupUi(this); + + setObjectName(n); + + replaceDisable(); + m_widget->srScope->setCurrentIndex(st->getInt("/FirewallBuilder2/Search/Scope")); +} +void FindObjectWidget::findObject(FWObject *o) +{ + if (fwbdebug) qDebug("FindObjectWidget::findObject"); + show(); + m_widget->findDropArea->insertObject(o); + +} + + +void FindObjectWidget::enableAll() +{ + m_widget->useRegexp->setEnabled (true); + m_widget->findAttr->setEnabled (true); + m_widget->attribute->setEnabled (true); +} + +void FindObjectWidget::disableAll() +{ + m_widget->useRegexp->setEnabled (false); + m_widget->findAttr->setEnabled (false); + m_widget->attribute->setEnabled (false); +} + +void FindObjectWidget::objectInserted() +{ + FWObject *o=m_widget->findDropArea->getObject(); + if (o==NULL) return; + disableAll(); + + QString n=QString::fromUtf8(o->getName().c_str()); + + if (m_widget->findAttr->count()>=MAX_SEARCH_ITEMS_COUNT) + m_widget->findAttr->removeItem(MAX_SEARCH_ITEMS_COUNT-1); + + m_widget->findAttr->lineEdit()->setText (n); + + reset(); +} + + +void FindObjectWidget::reset() +{ + lastFound=NULL; + lastAttrSearch=""; + treeSeeker=mw->db()->tree_begin(); +} + + +void FindObjectWidget::findAttrChanged(const QString &ns) +{ + if (ns!=lastAttrSearch) reset(); + lastAttrSearch=ns; +} + +void FindObjectWidget::find() +{ + if (m_widget->findAttr->currentText().isEmpty() && + m_widget->findDropArea->isEmpty()) return; + + if (m_widget->findAttr->currentText() != m_widget->findAttr->itemText(0)) + { + if (m_widget->findAttr->count()>=MAX_SEARCH_ITEMS_COUNT) + m_widget->findAttr->removeItem(MAX_SEARCH_ITEMS_COUNT-1); + + m_widget->findAttr->insertItem( 0, m_widget->findAttr->lineEdit()->text() ); + + if (fwbdebug) + qDebug("FindObjectWidget::find() : m_widget->findAttr->text(0)=%s", + m_widget->findAttr->itemText(0).toLatin1().constData()); + } + findNext(); +} + +bool FindObjectWidget::matchID(const QString &id) +{ + if (m_widget->findDropArea->isEmpty()) return true; + QString s=QString::fromUtf8(m_widget->findDropArea->getObject()->getId().c_str() ); + + return s==id; +} +bool FindObjectWidget::matchAttr(libfwbuilder::FWObject *obj) +{ + if (!m_widget->findDropArea->isEmpty()) return true; + QString s=m_widget->findAttr->currentText(); + if (s.isEmpty()) return true; + + bool res=false; + int attrN = m_widget->attribute->currentIndex(); + + switch (attrN) { + case 0: // Name + { + QString name=QString::fromUtf8( obj->getName().c_str() ); + + if (m_widget->useRegexp->isChecked()) res= ( name.indexOf( QRegExp(s) )!=-1 ); + else res= ( name == s ); + + //res= ( name == s ); + break; + + } + case 1: // Address + { + Address *a = Address::cast(obj); + if (a!=NULL) + { + QString addr = a->getAddress().toString().c_str(); + + if (m_widget->useRegexp->isChecked()) res= ( addr.indexOf( QRegExp(s) )!=-1 ); + else res= ( addr == s ); + + //res= ( addr == s ); + } + break; + } + case 2: // port + if (TCPService::cast(obj)!=NULL || UDPService::cast(obj)!=NULL) + { + if (m_widget->useRegexp->isChecked()) + { + QString port; + port.setNum(obj->getInt("src_range_start")); + res |= ( port.indexOf( QRegExp(s) )!=-1 ); + port.setNum(obj->getInt("src_range_end")); + res |= ( port.indexOf( QRegExp(s) )!=-1 ); + port.setNum(obj->getInt("dst_range_start")); + res |= ( port.indexOf( QRegExp(s) )!=-1 ); + port.setNum(obj->getInt("dst_range_end")); + res |= ( port.indexOf( QRegExp(s) )!=-1 ); + } else + { + bool conversion_status = false; + int port = s.toInt(&conversion_status); + res |= (conversion_status && (port == obj->getInt("src_range_start"))); + res |= (conversion_status && (port == obj->getInt("src_range_end"))); + res |= (conversion_status && (port == obj->getInt("dst_range_start"))); + res |= (conversion_status && (port == obj->getInt("dst_range_end"))); + } + break; + } + break; + case 3: // protocol num. + if (IPService::cast(obj)!=NULL) + { + if (m_widget->useRegexp->isChecked()) + { + QString proto; + proto.setNum(obj->getInt("protocol_num")); + res |= ( proto.indexOf( QRegExp(s) )!=-1 ); + } else + { + bool conversion_status = false; + int proto = s.toInt(&conversion_status); + res |= (conversion_status && (proto == obj->getInt("protocol_num"))); + } + break; + } + break; + case 4: // icmp type + if (ICMPService::cast(obj)!=NULL) + { + if (m_widget->useRegexp->isChecked()) + { + QString icmptype; + icmptype.setNum(obj->getInt("type")); + res |= ( icmptype.indexOf( QRegExp(s) )!=-1 ); + } else + { + bool conversion_status = false; + int icmptype = s.toInt(&conversion_status); + res |= (conversion_status && (icmptype == obj->getInt("type"))); + } + break; + } + break; + } + + return res; +} + +void FindObjectWidget::findNext() +{ + if (fwbdebug) qDebug("FindObjectWidget::findNext"); + if ( + m_widget->findAttr->currentText().isEmpty() && + m_widget->findDropArea->isEmpty()) return; + + if (m_widget->findAttr->count()>MAX_SEARCH_ITEMS_COUNT) + m_widget->findAttr->removeItem(0); + + FWObject *o=NULL; + +loop: + + QApplication::setOverrideCursor( QCursor( Qt::WaitCursor) ); + + for (; treeSeeker!=mw->db()->tree_end(); ++treeSeeker) + { + o = *treeSeeker; + + if( RuleElement::cast(o->getParent())!=NULL) + { + if (m_widget->srScope->currentIndex()==3) // scope == selected firewalls + { + if ( !inSelectedFirewall(RuleElement::cast(o->getParent())) ) + { + continue; + + } + } else if (m_widget->srScope->currentIndex()==0) continue ; // scope == tree only + } else + { +/* if not in rules, then in the tree. */ + if (m_widget->srScope->currentIndex()>1) continue; // scope in (firewalls only , selected firewalls) + } + + if (FWReference::cast(o)!=NULL) + { + FWReference *r=FWReference::cast(o); + if ( + matchAttr( r->getPointer() ) && + matchID( QString::fromUtf8(r->getPointer()->getId().c_str()) )) break; + } else + { + if ( + matchAttr( o ) && + matchID( QString::fromUtf8(o->getId().c_str()) )) break; + } + } + + QApplication::restoreOverrideCursor(); + + if (treeSeeker==mw->db()->tree_end()) + { + reset(); + if (m_widget->srScope->currentIndex()==3) // scope ==selected firewalls + { + if ( QMessageBox::warning( + this,"Firewall Builder", + tr("Search hit the end of the policy rules."), + tr("&Continue at top"), tr("&Stop"), QString::null, 0, 1 )==0 ) goto loop; + } + else + { + if (fwbdebug) qDebug("widget that has focus: %p",mw->focusWidget()); + bool r= ( QMessageBox::warning( + this,"Firewall Builder", + tr("Search hit the end of the object tree."), + tr("&Continue at top"), tr("&Stop"), QString::null, 0, 1 )==0 ); + if (fwbdebug) qDebug("widget that has focus: %p",mw->focusWidget()); + if (r) goto loop; + } + return; + } + assert(o!=NULL); + lastFound=o; +/* found object. Shift iterator so it does not return the same object + * when user hits 'find next' + */ + + ++treeSeeker; + + showObject(o); + + if (fwbdebug) + { + qDebug("Found object: o=%p id=%s name=%s type=%s", + o, o->getId().c_str(),o->getName().c_str(),o->getTypeName().c_str()); + } +} + +bool FindObjectWidget::validateReplaceObject() +{ + if (m_widget->findDropArea->isEmpty() || m_widget->replaceDropArea->isEmpty()) + { + QMessageBox::warning( + this,"Firewall Builder", + tr("Search or Replace object ind't specified.")); + return false; + } + FWObject *findObj, *replObj; + findObj=m_widget->findDropArea->getObject(); + replObj=m_widget->replaceDropArea->getObject(); + if (findObj==replObj || findObj->getId() == replObj->getId()) + { + QMessageBox::warning( + this,"Firewall Builder", + tr("Cannot replace object by itself.")); + return false; + } + if (!((Address::cast(findObj)!=NULL && Address::cast(replObj)) || + (Service::cast(findObj)!=NULL && Service::cast(replObj)))) + { + QMessageBox::warning( + this,"Firewall Builder", + tr("Search and Replace objects are incompatible.")); + + return false; + } + return true; +} +void FindObjectWidget::replace() +{ + if(!validateReplaceObject()) return; + + + if (lastFound==NULL) + { + find(); + return; + } + + QApplication::setOverrideCursor( QCursor( Qt::WaitCursor) ); + FWObject *res=_replaceCurrent(); + mw->updateRuleSetView(); + om->info(); + if (res) + { + showObject(res); + } + else + { + // object isn't inserted + qDebug("object isn't inserted"); + } + + QApplication::restoreOverrideCursor(); +} + +void FindObjectWidget::replaceAll() +{ + if(!validateReplaceObject()) return; + reset(); + FWObject *o=NULL; + int count=0; + bool f=true; + + QApplication::setOverrideCursor( QCursor( Qt::WaitCursor) ); + while (f) + { + for (; treeSeeker!=mw->db()->tree_end(); ++treeSeeker) + { + o = *treeSeeker; + if( RuleElement::cast(o->getParent())!=NULL) + { + if (m_widget->srScope->currentIndex()==3) // scope == selected firewalls + { + if ( !inSelectedFirewall(RuleElement::cast(o->getParent())) ) + { + continue; + + } + } else if (m_widget->srScope->currentIndex()==0) continue ; // scope == tree only + } else + { + /* if not in rules, then in the tree. */ + if (m_widget->srScope->currentIndex()>1) continue; // scope in (firewalls only , selected firewalls) + } + + if (FWReference::cast(o)!=NULL) + { + FWReference *r=FWReference::cast(o); + if ( + matchAttr( r->getPointer() ) && + matchID( QString::fromUtf8(r->getPointer()->getId().c_str()) )) break; + } else + { + if ( + matchAttr( o ) && + matchID( QString::fromUtf8(o->getId().c_str()) )) break; + } + } + if (treeSeeker==mw->db()->tree_end()) + { + f=false; + + } else + { + lastFound=o; + ++treeSeeker; + count++; + _replaceCurrent(); + } + } + mw->updateRuleSetView(); + om->info(); + QApplication::restoreOverrideCursor(); + QMessageBox::information( + this,"Firewall Builder", + tr("Replaced %1 objects.").arg(count)); + +} +FWObject* FindObjectWidget::_replaceCurrent() +{ + FWObject *o=lastFound; + FWObject *p=lastFound->getParent(); + + if (p==NULL || o==NULL) return NULL; + if (FWReference::cast(o)==NULL) return NULL; + + p->removeRef(FWReference::cast(o)->getPointer()); + //chack for duplicates -------- + + FWObject *ro=m_widget->replaceDropArea->getObject(); + if (RuleElement::cast(p)==NULL || !RuleElement::cast(p)->isAny()) + { +/* avoid duplicates */ + string cp_id=ro->getId(); + FWObject *oo; + FWReference *ref; + + list::iterator j; + for(j=p->begin(); j!=p->end(); ++j) + { + oo=*j; + if(cp_id==oo->getId()) return NULL; + + if( (ref=FWReference::cast(oo))!=NULL && + cp_id==ref->getPointerId()) return NULL; + } + } + + p->addRef(ro); + FWObject *to; + FWReference *ref; + list::iterator i; + string id=m_widget->replaceDropArea->getObject()->getId(); + for (i=p->begin();i!=p->end();++i) + { + to=*i; + ref=FWReference::cast(to); + if(ref && ref->getPointerId()==id) + { + return to; + } + + } + return NULL; + +} +bool FindObjectWidget::inSelectedFirewall( RuleElement* r) +{ + + FWObject *f=r; + while (f!=NULL && !Firewall::isA(f)) f=f->getParent(); + if (f==NULL) return false; + + return selectedFirewall==(Firewall::cast(f)); +} + +void FindObjectWidget::replaceEnable() +{ + m_widget->replaceButton->setEnabled (true); + m_widget->repNextButton->setEnabled (true); + m_widget->replaceAllButton->setEnabled(true); + +} + +void FindObjectWidget::replaceDisable() +{ + m_widget->replaceButton->setEnabled (false); + m_widget->repNextButton->setEnabled (false); + m_widget->replaceAllButton->setEnabled(false); + +} + +void FindObjectWidget::showObject(FWObject* o) +{ + if (fwbdebug) qDebug("FindObjectWidget::showObject"); + + FWReference* ref=FWReference::cast(o); + if (ref!=NULL && RuleElement::cast(o->getParent())!=NULL) + { + oe->close(); + om->clearFocus(); + mw->ensureObjectVisibleInRules( ref ); + mw->selectRules(); + return; + } + + mw->unselectRules(); + + if (Group::cast(o->getParent())!=NULL && + !FWBTree::isSystem(o->getParent())) + { + om->openObject( o->getParent() ); + om->editObject( o->getParent() ); + oe->selectObject( (ref) ? ref->getPointer() : o ); + //oe->setFocus(); + return; + } + + oe->close(); + om->openObject( o ); + om->select(); // selects an item in the tree and assigns kbd focus to it +} + +void FindObjectWidget::init() +{ + m_widget->findDropArea->deleteObject(); + m_widget->replaceDropArea->deleteObject(); + hidePanel(); +} + +void FindObjectWidget::firewallOpened(Firewall *f) +{ + if (f==NULL) return; + selectedFirewall=f; + m_widget->srScope->setItemText( 3, tr("Policy of firewall '")+f->getName().c_str()+"'" ); +} + +void FindObjectWidget::findPrev() +{ + +} + +void FindObjectWidget::replaceNext() +{ + replace(); + findNext(); +} +void FindObjectWidget::scopeChanged() +{ + st->setValue("/FirewallBuilder2/Search/Scope",m_widget->srScope->currentIndex ()); + +} diff --git a/src/gui/FindObjectWidget.h b/src/gui/FindObjectWidget.h new file mode 100644 index 000000000..aad21da93 --- /dev/null +++ b/src/gui/FindObjectWidget.h @@ -0,0 +1,91 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Illiya Yalovoy + + $Id: FindObjectWidget.h,v 1.2 2006/05/16 18:50:01 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __FINDOBJECTWIDGET_H_ +#define __FINDOBJECTWIDGET_H_ + +#include "config.h" +#include + +#include "fwbuilder/FWObject.h" +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/Firewall.h" + +class QRegExp; +class ObjectDescriptor; +class QWidget; + +class FindObjectWidget : public QWidget +{ + Q_OBJECT + private: + + QString lastAttrSearch; + libfwbuilder::FWObject *lastFound; + libfwbuilder::FWObject::tree_iterator treeSeeker; + libfwbuilder::Firewall* selectedFirewall; + + bool matchName(const QString &name); + bool matchID(const QString &name); + bool matchAttr(libfwbuilder::FWObject* obj); + bool validateReplaceObject(); + libfwbuilder::FWObject* _replaceCurrent(); + bool inSelectedFirewall( libfwbuilder::RuleElement* r); + + public: + Ui::findObjectWidget_q *m_widget; + FindObjectWidget(QWidget*p, const char * n = 0, Qt::WindowFlags f = 0); + ~FindObjectWidget() { delete m_widget; }; + void findObject (libfwbuilder::FWObject *o); + + +public slots: + virtual void hidePanel() {reset();emit close();}; + virtual void enableAll(); + virtual void disableAll(); + virtual void objectInserted(); + + virtual void find(); + virtual void findNext(); + virtual void reset(); + virtual void findAttrChanged(const QString&); + virtual void findPrev(); + virtual void replaceNext(); + + virtual void replace(); + virtual void replaceAll(); + virtual void replaceEnable(); + virtual void replaceDisable(); + void showObject(libfwbuilder::FWObject* o); + void init(); + void firewallOpened(libfwbuilder::Firewall *f); + void scopeChanged(); + + signals: + void close(); +}; + +#endif diff --git a/src/gui/FindWhereUsedWidget.cpp b/src/gui/FindWhereUsedWidget.cpp new file mode 100644 index 000000000..20034797d --- /dev/null +++ b/src/gui/FindWhereUsedWidget.cpp @@ -0,0 +1,284 @@ +/* + + Firewall Builder + + Copyright (C) 2006 NetCitadel, LLC + + Author: Illiya Yalovoy + + $Id: FindWhereUsedWidget.cpp,v 1.6 2007/05/23 03:05:50 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "utils.h" +#include "utils_no_qt.h" +#include "platforms.h" +#include "definitions.h" + +#include "FindWhereUsedWidget.h" +#include "ObjectManipulator.h" +#include "FWWindow.h" +#include "FWObjectDropArea.h" +#include "ObjectManipulator.h" +#include "FWBTree.h" +#include "FWBSettings.h" +#include "ObjectTreeView.h" +#include "RuleSetView.h" + +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/FWReference.h" +#include "fwbuilder/RuleSet.h" +#include "fwbuilder/NAT.h" +#include "fwbuilder/Routing.h" +#include "fwbuilder/Policy.h" +#include "fwbuilder/Rule.h" +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Library.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/Resources.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +using namespace std; +using namespace libfwbuilder; + + +FindWhereUsedWidget::FindWhereUsedWidget(QWidget*p, const char * n, Qt::WindowFlags f, bool f_mini) : QWidget(p) +{ + m_widget = new Ui::findWhereUsedWidget_q; + m_widget->setupUi(this); + + setObjectName(n); + setWindowFlags(f); + + flShowObject=true; + if (f_mini) + { + m_widget->buttonsBox->hide(); + m_widget->dropBox->hide(); + } + else + { + //connect (m_widget->dropArea,SIGNAL(objectInserted()),this,SLOT(findFromDrop())); + connect (m_widget->dropArea,SIGNAL(objectDeleted()),this,SLOT(init())); + } +} + +FindWhereUsedWidget::~FindWhereUsedWidget() +{ + delete m_widget; +} + +void FindWhereUsedWidget::setShowObject(bool fl) +{ + flShowObject=fl; +} + +void FindWhereUsedWidget::itemActivated(QTreeWidgetItem* item) +{ + FWObject *o; + o=mapping[item]; + + if (flShowObject && o!=NULL) + { + showObject(o); + } +} + +void FindWhereUsedWidget::find() +{ + findFromDrop(); +} + +void FindWhereUsedWidget::find(FWObject *obj) +{ + m_widget->dropArea->insertObject(obj); + find(); +} + +void FindWhereUsedWidget::_find(FWObject *obj) +{ + object=obj; + m_widget->resListView->clear(); + mapping.clear(); + resset.clear(); + + + mw->db()->findWhereUsed(obj,mw->db(),resset); + + set::iterator i=resset.begin(); + QTreeWidgetItem *item; + QString c1; + QString c2; + FWObject* o; + Rule* r; + RuleSet* rs; + FWObject* fw=NULL; + for(;i!=resset.end();++i) + { + o=*i; + fw=NULL; + r=NULL; + rs=NULL; + + if (findRef(object,o)==NULL) continue; + if (RuleElement::cast(o)!=NULL) + { + fw=o->getParent(); + + while (fw!=NULL && !Firewall::isA(fw)) + { + if (Rule::cast(fw)) + { + r=Rule::cast(fw); + } else if (RuleSet::cast(fw)) + { + rs=RuleSet::cast(fw); + } + + fw=fw->getParent(); + } + if (fw==NULL || r==NULL || rs==NULL) continue; + + c1=QString::fromUtf8(fw->getName().c_str()); + + if (NAT::isA(rs)) + { + c2=tr("NAT"); + } else if (Policy::isA(rs)) + { + c2=tr("Policy"); + } else if (Routing::isA(rs)) + { + c2=tr("Routing"); + } else + { + c2=tr("Unknown rule set"); + } + c2+=tr("/Rule%1").arg(r->getPosition()); + + } else if ( + FWBTree::isSystem(o) || + Rule::cast(o) || + RuleSet::cast(o) || + Firewall::cast(o) || + Library::cast(o)) + { + continue; + } + else + { + c1=QString::fromUtf8(o->getName().c_str()); + c2=tr("Type: ")+QString::fromUtf8(o->getTypeName().c_str()); + } + + FWObject *pixobj=(fw==NULL)?o:fw; + + QString icn_file = (":/Icons/"+pixobj->getTypeName()+"/icon-tree").c_str(); + + QPixmap pm; + if ( ! QPixmapCache::find( icn_file, pm) ) + { + pm.load( icn_file ); + QPixmapCache::insert( icn_file, pm); + } + + QStringList qsl; + qsl << c1 << c2; + item=new QTreeWidgetItem(m_widget->resListView, qsl); + item->setIcon(0,QIcon(pm)); + mapping[item]=o; + } + show(); +} + +void FindWhereUsedWidget::init() +{ + object=NULL; + m_widget->resListView->clear(); + mapping.clear(); + resset.clear(); + +} + +void FindWhereUsedWidget::findFromDrop() +{ + _find(m_widget->dropArea->getObject()); +} + +void FindWhereUsedWidget::showObject(FWObject* o) +{ + if (fwbdebug) qDebug("FindWhereUsedWidget::showObject"); + + if (object==NULL || o==NULL) return; + + FWReference* ref=NULL; + + + if (RuleElement::cast(o)!=NULL) + { + ref=findRef(object,o); + if (ref==NULL) return; + + om->clearFocus(); + mw->ensureObjectVisibleInRules( ref ); + mw->selectRules(); + if (oe->isVisible()) + { + om->editObject( object ); + } + return; + } + mw->unselectRules(); + + if (Group::cast(o)!=NULL) + { + + om->openObject( o ); + mw->unselectRules(); + + if (oe->isVisible()) + { + om->editObject( o ); + oe->selectObject( object); + } + return; + } + + //oe->close(); + //om->openObject( o ); + //om->select(); // selects an item in the tree and assigns kbd focus to it +} diff --git a/src/gui/FindWhereUsedWidget.h b/src/gui/FindWhereUsedWidget.h new file mode 100644 index 000000000..05d7d6274 --- /dev/null +++ b/src/gui/FindWhereUsedWidget.h @@ -0,0 +1,78 @@ +/* + + Firewall Builder + + Copyright (C) 2006 NetCitadel, LLC + + Author: Illiya Yalovoy + + $Id: FindWhereUsedWidget.h,v 1.3 2006/08/26 17:11:28 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __FINDWHEREUSEDWIDGET_H_ +#define __FINDWHEREUSEDWIDGET_H_ + +#include "config.h" +#include + +#include "fwbuilder/FWObject.h" +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/Firewall.h" + +#include +#include + +class QRegExp; +class ObjectDescriptor; +class QWidget; + +namespace libfwbuilder { + class FWReference; +} + +class FindWhereUsedWidget : public QWidget +{ + Q_OBJECT + private: + bool flShowObject; + libfwbuilder::FWObject* object; + std::set resset; + std::map mapping; + Ui::findWhereUsedWidget_q *m_widget; + + void showObject(libfwbuilder::FWObject*); + public: + FindWhereUsedWidget(QWidget*p, const char * n = 0, Qt::WindowFlags f = 0, bool f_mini=false); + ~FindWhereUsedWidget(); + void setShowObject(bool fl); + +public slots: + virtual void hidePanel() {emit close();}; + + virtual void find(); + virtual void find(libfwbuilder::FWObject *obj); + virtual void _find(libfwbuilder::FWObject *obj); + void init(); + void itemActivated(QTreeWidgetItem*); + void findFromDrop(); + + signals: + void close(); +}; + +#endif diff --git a/src/gui/FirewallDialog.cpp b/src/gui/FirewallDialog.cpp new file mode 100644 index 000000000..061c425a2 --- /dev/null +++ b/src/gui/FirewallDialog.cpp @@ -0,0 +1,366 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: FirewallDialog.cpp,v 1.42 2007/04/14 00:18:43 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "utils.h" +#include "platforms.h" + +#include "FWBTree.h" +#include "FirewallDialog.h" +#include "ObjectManipulator.h" +#include "DialogFactory.h" +#include "FWWindow.h" + +#include "fwbuilder/Library.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/Management.h" +#include "fwbuilder/FWException.h" +#include "fwbuilder/Resources.h" + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +using namespace std; +using namespace libfwbuilder; + +FirewallDialog::~FirewallDialog() +{ + delete m_dialog; +} + +FirewallDialog::FirewallDialog(QWidget *parent) : QWidget(parent) +{ + m_dialog = new Ui::FirewallDialog_q; + m_dialog->setupUi(this); + obj=NULL; +} + +void FirewallDialog::loadFWObject(FWObject *o) +{ + obj=o; + Firewall *s = dynamic_cast(obj); + assert(s!=NULL); + + init=true; + + fillLibraries(m_dialog->libs,obj); + +/* fill in platform */ + setPlatform(m_dialog->platform, obj->getStr("platform").c_str() ); + + fillVersion(); + +/* fill in host OS */ + setHostOS(m_dialog->hostOS, obj->getStr("host_OS").c_str() ); + +/* ---------------- */ + + Management *mgmt=s->getManagementObject(); + assert(mgmt!=NULL); + +// FWOptions *opt =s->getOptionsObject(); + + m_dialog->obj_name->setText( QString::fromUtf8(s->getName().c_str()) ); +// snmpCommunity->setText( mgmt->getSNMPManagement()->getReadCommunity().c_str() ); + + //comment->setTextFormat(QTextEdit::PlainText); + + m_dialog->comment->setText( QString::fromUtf8(s->getComment().c_str()) ); + + m_dialog->inactive->setChecked(s->getInactive()); + + //apply->setEnabled( false ); + + + m_dialog->obj_name->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->obj_name); + + m_dialog->libs->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->libs); + + m_dialog->platform->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->platform); + + m_dialog->version->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->version); + + m_dialog->hostOS->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->hostOS); + + m_dialog->fwAdvanced->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->fwAdvanced); + + m_dialog->osAdvanced->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->osAdvanced); + + m_dialog->comment->setReadOnly(o->isReadOnly()); + setDisabledPalette(m_dialog->comment); + +// snmpCommunity->setEnabled(!o->isReadOnly()); +// setDisabledPalette(snmpCommunity); + + m_dialog->inactive->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->inactive); + + + init=false; +} + +/* fill in version */ +void FirewallDialog::fillVersion() +{ + m_dialog->version->clear(); + + list vl=getVersionsForPlatform( readPlatform(m_dialog->platform) ); + QString v=obj->getStr("version").c_str(); + int cp=0; + for (list::iterator i1=vl.begin(); i1!=vl.end(); i1++,cp++) + { + if (fwbdebug) + qDebug(QString("Adding version %1").arg(i1->second).toAscii().constData()); + + m_dialog->version->addItem( i1->second ); + if ( v == i1->first ) m_dialog->version->setCurrentIndex( cp ); + } +} + +void FirewallDialog::saveVersion() +{ + QString pl = readPlatform(m_dialog->platform); + + list vl=getVersionsForPlatform( pl.toLatin1().constData() ); + QString v = m_dialog->version->currentText(); + list::iterator li = + std::find_if(vl.begin(),vl.end(),findSecondInQStringPair(v)); + if (li!=vl.end()) + obj->setStr("version", li->first.toLatin1().constData() ); + +#if 0 + int cp=0; + for (list::iterator i1=vl.begin(); i1!=vl.end(); i1++,cp++) + { + if ( v == i1.data() ) + { + obj->setStr("version", i1.key().toLatin1().constData() ); + break; + } + } +#endif +} + +void FirewallDialog::platformChanged() +{ + fillVersion(); + changed(); + + QString so=Resources::platform_res[readPlatform(m_dialog->platform).toLatin1().constData()]->getResourceStr("/FWBuilderResources/Target/supported_os").c_str(); + if (so.isEmpty()) return; + + QString ho=so.section(",",0); + setHostOS( m_dialog->hostOS, ho.toLatin1().constData() ); + + QString pl = readPlatform(m_dialog->platform); + m_dialog->fwAdvanced->setEnabled( pl!="unknown" ); +} + +void FirewallDialog::hostOSChanged() +{ + changed(); + QString ho = readHostOS(m_dialog->hostOS); + m_dialog->osAdvanced->setEnabled( ho!="unknown_os" ); +} + +void FirewallDialog::changed() +{ + //apply->setEnabled( true ); + emit changed_sign(); +} + +void FirewallDialog::validate(bool *res) +{ + *res=true; + if (!isTreeReadWrite(this,obj)) { *res=false; return; } + if (!validateName(this,obj,m_dialog->obj_name->text())) { *res=false; return; } +} + +void FirewallDialog::isChanged(bool *res) +{ + if (fwbdebug) + qDebug("FirewallDialog::isChanged"); + //*res=(!init && apply->isEnabled()); +} + +void FirewallDialog::libChanged() +{ + changed(); +} + +void FirewallDialog::applyChanges() +{ + Firewall *s = dynamic_cast(obj); + Management *mgmt=s->getManagementObject(); + assert(mgmt!=NULL); + +// FWOptions *opt =s->getOptionsObject(); + + assert(s!=NULL); + + string oldname=obj->getName(); + string newname=string(m_dialog->obj_name->text().toUtf8().constData()); + string oldplatform=obj->getStr("platform"); + + string oldVer=obj->getStr("version"); + + obj->setName( newname ); + obj->setComment( string(m_dialog->comment->toPlainText().toUtf8().constData()) ); +// mgmt->getSNMPManagement()->setReadCommunity( snmpCommunity->text().toLatin1().constData() ); + + string pl = readPlatform(m_dialog->platform).toLatin1().constData(); + obj->setStr("platform", pl ); + + obj->setStr("host_OS", readHostOS(m_dialog->hostOS).toLatin1().constData() ); + + s->setInactive(m_dialog->inactive->isChecked()); + + saveVersion(); + + string newVer=obj->getStr("version"); + + om->updateObjName(obj,QString::fromUtf8(oldname.c_str())); + + if (oldplatform!=pl || oldname!=newname || oldVer!=newVer) + { + if (fwbdebug) + qDebug("FirewallDialog::applyChanges() scheduling call to reopenFirewall()"); + //mw->reopenFirewall(); + //QTimer::singleShot( 0, mw, SLOT(reopenFirewall()) ); + mw->scheduleRuleSetRedraw(); + } + + if (oldplatform!=pl) + { + if (fwbdebug) + qDebug("FirewallDialog::applyChanges() platform has changed - clear option 'compiler'"); + Firewall *s = Firewall::cast(obj); + assert(s!=NULL); + FWOptions *opt =s->getOptionsObject(); + opt->setStr("compiler",""); + } + + init=true; + +/* move to another lib if we have to */ + if (! FWBTree::isSystem(obj) && m_dialog->libs->currentText() != QString(obj->getLibrary()->getName().c_str())) + om->moveObject(m_dialog->libs->currentText(), obj); + + init=false; + + //apply->setEnabled( false ); + om->updateLastModifiedTimestampForAllFirewalls(s); + +} + +void FirewallDialog::discardChanges() +{ + loadFWObject(obj); +} + +void FirewallDialog::openFWDialog() +{ + /*if (apply->isEnabled())*/ applyChanges(); + + if (obj->getStr("version").empty()) saveVersion(); + + try + { + QWidget *w = DialogFactory::createFWDialog(this,obj); + if (w==NULL) return; // some dialogs may not be implemented yet + QDialog *d=dynamic_cast(w); + assert(d!=NULL); + + d->exec(); // modal dialog, dialog saves data into the object + } + catch (FWException &ex) + { + QMessageBox::critical( + this,"Firewall Builder", + tr("FWBuilder API error: %1").arg(ex.toString().c_str()), + tr("&Continue"), QString::null,QString::null, + 0, 1 ); + return; + } +} + + +void FirewallDialog::openOSDialog() +{ + /*if (apply->isEnabled())*/ applyChanges(); + + try + { + QWidget *w = DialogFactory::createOSDialog(this,obj); + if (w==NULL) return; // some dialogs may not be implemented yet + QDialog *d=dynamic_cast(w); + assert(d!=NULL); + + d->exec(); // modal dialog, dialog saves data into the object + } + catch (FWException &ex) + { + QMessageBox::critical( + this,"Firewall Builder", + tr("FWBuilder API error: %1").arg(ex.toString().c_str()), + tr("&Continue"), QString::null,QString::null, + 0, 1 ); + return; + } +} + +/* ObjectEditor class connects its slot to this signal and does all + * the verification for us, then accepts (or not) the event. So we do + * nothing here and defer all the processing to ObjectEditor + */ +void FirewallDialog::closeEvent(QCloseEvent *e) +{ + emit close_sign(e); + +} + diff --git a/src/gui/FirewallDialog.h b/src/gui/FirewallDialog.h new file mode 100644 index 000000000..8c7dcaf0e --- /dev/null +++ b/src/gui/FirewallDialog.h @@ -0,0 +1,78 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: FirewallDialog.h,v 1.12 2006/05/13 06:53:05 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __FIREWALLDIALOG_H_ +#define __FIREWALLDIALOG_H_ + +#include "config.h" +#include +#include + +#include "fwbuilder/FWObject.h" + + +class FirewallDialog : public QWidget +{ + Q_OBJECT + + libfwbuilder::FWObject *obj; + Ui::FirewallDialog_q *m_dialog; + bool init; + + void fillVersion(); + void saveVersion(); + + + public: + FirewallDialog(QWidget *parent); + ~FirewallDialog(); + +public slots: + virtual void changed(); + virtual void libChanged(); + virtual void applyChanges(); + virtual void discardChanges(); + virtual void platformChanged(); + virtual void hostOSChanged(); + virtual void loadFWObject(libfwbuilder::FWObject *obj); + virtual void validate(bool*); + virtual void isChanged(bool*); + virtual void openFWDialog(); + virtual void openOSDialog(); + virtual void closeEvent(QCloseEvent *e); + + signals: +/** + * This signal is emitted from closeEvent, ObjectEditor connects + * to this signal to make checks before the object editor can be closed + * and to store its position on the screen + */ + void close_sign(QCloseEvent *e); + void changed_sign(); + +}; + +#endif // FIREWALLDIALOG_H diff --git a/src/gui/GroupObjectDialog.cpp b/src/gui/GroupObjectDialog.cpp new file mode 100644 index 000000000..79a736f4f --- /dev/null +++ b/src/gui/GroupObjectDialog.cpp @@ -0,0 +1,743 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: GroupObjectDialog.cpp,v 1.58 2007/04/14 00:18:43 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "fwbuilder/FWObjectDatabase.h" +#include "FWWindow.h" +#include "FWBTree.h" +#include "FWBSettings.h" +#include "FWObjectPropertiesFactory.h" +#include "GroupObjectDialog.h" +#include "ObjectListViewItem.h" +#include "ObjectIconViewItem.h" +#include "ObjectManipulator.h" +#include "FWObjectDrag.h" +#include "FWObjectClipboard.h" +#include "ObjectTreeView.h" + +#include "fwbuilder/Library.h" +#include "fwbuilder/Group.h" +#include "fwbuilder/Resources.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +using namespace std; +using namespace libfwbuilder; + +enum GroupObjectDialog::viewType GroupObjectDialog::vt = GroupObjectDialog::Icon; + +#define LIST_VIEW_MODE "list" +#define ICON_VIEW_MODE "icon" + + +GroupObjectDialog::GroupObjectDialog(QWidget *parent) : + QWidget(parent) +{ + m_dialog = new Ui::GroupObjectDialog_q; + m_dialog->setupUi(this); + + obj=NULL; + selectedObject=NULL; + + listView = new ObjectListView( m_dialog->objectViewsStack, "listView" ); + QStringList sl; + sl << "Name" << "Properties"; + listView->setHeaderLabels (sl); + listView->setAcceptDrops( true ); + listView->setDragDropMode( QAbstractItemView::DragDrop ); + listView->setContextMenuPolicy ( Qt::CustomContextMenu ); + + iconView = new ObjectIconView( m_dialog->objectViewsStack, "iconView" ); + iconView->setContextMenuPolicy ( Qt::CustomContextMenu ); + + m_dialog->objectViewsStack->addWidget(iconView); + m_dialog->objectViewsStack->addWidget(listView); + m_dialog->objectViewsStack->setCurrentWidget(iconView); + + + setTabOrder( m_dialog->obj_name, iconView ); + setTabOrder( iconView, listView ); + setTabOrder( listView, m_dialog->comment ); + + listView->setSelectionMode(QAbstractItemView::ExtendedSelection); + iconView->setSelectionMode(QAbstractItemView::ExtendedSelection); + + m_dialog->iconViewBtn->setCheckable(true); + m_dialog->listViewBtn->setCheckable(true); + + //listView->hide(); + //iconView->show(); + + + m_dialog->iconViewBtn->setAutoRaise(false); + m_dialog->listViewBtn->setAutoRaise(false); + + //apply->setEnabled( false ); + + connect( iconView, SIGNAL( itemActivated(QListWidgetItem*) ), + this, SLOT( openObject(QListWidgetItem*) ) ); + + connect( iconView, SIGNAL( currentItemChanged(QListWidgetItem*,QListWidgetItem*) ), + this, SLOT( iconViewCurrentChanged(QListWidgetItem*) ) ); + + connect( iconView, SIGNAL (itemSelectionChanged()), + this, SLOT (iconViewSelectionChanged())); + + connect( iconView, SIGNAL( dropped(QDropEvent*) ), + this, SLOT( dropped(QDropEvent*) ) ); + + connect( iconView, SIGNAL( customContextMenuRequested(const QPoint&) ), + this, SLOT( iconContextMenu(const QPoint&) ) ); + + connect( iconView, SIGNAL( delObject_sign() ), + this, SLOT( deleteObj() ) ); + + + connect( listView, SIGNAL( itemActivated(QTreeWidgetItem*,int) ), + this, SLOT( openObject(QTreeWidgetItem*) ) ); + connect( listView, SIGNAL( currentItemChanged(QTreeWidgetItem*,QTreeWidgetItem*) ), + this, SLOT( listViewCurrentChanged(QTreeWidgetItem*) ) ); + connect( listView, SIGNAL (itemSelectionChanged()), + this, SLOT (listViewSelectionChanged())); + + connect( listView, SIGNAL( dropped(QDropEvent*) ), + this, SLOT( dropped(QDropEvent*) ) ); + connect( listView, SIGNAL( customContextMenuRequested(const QPoint&) ), + this, SLOT( listContextMenu(const QPoint&) ) ); + connect( listView, SIGNAL( delObject_sign() ), + this, SLOT( deleteObj() ) ); + + QString s = st->getGroupViewColumns(); + int col0 = s.section(',',0,0).toInt(); + int col1 = s.section(',',1,1).toInt(); + + if (col0 == 0) + col0 = listView->width()/2; + + listView->setColumnWidth(0,col0); + listView->setColumnWidth(1,col1); + + QString mode=st->getGroupViewMode(); + if (mode==ICON_VIEW_MODE) switchToIconView(); + if (mode==LIST_VIEW_MODE) switchToListView(); +} + +GroupObjectDialog::~GroupObjectDialog() +{ + delete m_dialog; +} + +void GroupObjectDialog::iconViewSelectionChanged() +{ + selectedObjects.clear(); + + for ( int itemn = 0; itemn < iconView->count(); itemn++ ) + { + QListWidgetItem *item = iconView->item(itemn); + if(item->isSelected()) + { + ObjectIconViewItem *oivi=dynamic_cast(item); + assert(oivi!=NULL); + FWObject *o = oivi->getFWObject(); + if (o!=NULL) + selectedObjects.push_back(o); + } + + } + +} +void GroupObjectDialog::listViewSelectionChanged() +{ + selectedObjects.clear(); + //QTreeWidgetItemIterator it(listView); + + for ( int i = 0; i < listView->topLevelItemCount(); i++) + { + QTreeWidgetItem *itm= listView->topLevelItem(i); + if(itm->isSelected()) + { + ObjectListViewItem *otvi=dynamic_cast(itm); + assert(otvi!=NULL); + + FWObject *o=otvi->getFWObject(); + assert(o!=NULL); + selectedObjects.push_back(o); + } + } +} + +void GroupObjectDialog::iconViewCurrentChanged(QListWidgetItem *itm) +{ + if (itm==NULL) + { + selectedObject=NULL; + return; + } + + ObjectIconViewItem *oivi=dynamic_cast(itm); + assert(oivi!=NULL); + + FWObject *o = oivi->getFWObject(); + if (o!=NULL) + selectedObject=o; + +} + + +void GroupObjectDialog::listViewCurrentChanged(QTreeWidgetItem *itm) +{ + if (itm==NULL) + { + selectedObject=NULL; + return; + } + + ObjectListViewItem *otvi=dynamic_cast(itm); + assert(otvi!=NULL); + + FWObject *o = otvi->getFWObject(); + if (o!=NULL) + selectedObject=o; + +} + +/* + * used to add an object for paste and drop operations + */ +void GroupObjectDialog::insertObject(FWObject *o) +{ + assert(o!=NULL); + Group *g = dynamic_cast(obj); + assert(g!=NULL); + + if ( ! g->validateChild(o) || g->isReadOnly() ) return; + + if (fwbdebug) + qDebug("Adding object %s to the group %s", + o->getName().c_str(), g->getName().c_str()); + +/* avoid duplicates */ + string cp_id=o->getId(); + + map::iterator i; + for (i=allListViewItems.begin(); i!=allListViewItems.end(); ++i) + { + string go=(*i).first; + //if (FWReference::cast(go)!=NULL) go=FWReference::cast(go)->getPointer(); + //if (o==go || o->getId()==go->getId()) return; + if(go==cp_id) return; + } + + addIcon(o, ! FWBTree::isSystem(obj) ); + + + changed(); +} + +void GroupObjectDialog::addIcon(FWObject *fwo) +{ + FWObject *o=fwo; + bool ref=false; + if (FWReference::cast(o)!=NULL) + { + o=FWReference::cast(o)->getPointer(); + ref=true; + } + + addIcon(o,ref); +} + +void GroupObjectDialog::addIcon(FWObject *o,bool ref) +{ + if (Resources::global_res->getResourceBool( + string("/FWBuilderResources/Type/") + + o->getTypeName() + "/hidden") ) return; + + QString obj_name=QString::fromUtf8(o->getName().c_str()); + + QString icn_filename = + (":/Icons/"+o->getTypeName()+((ref)?"/icon-ref":"/icon")).c_str(); + + QPixmap pm; + if ( ! QPixmapCache::find( icn_filename, pm) ) + { + pm.load( icn_filename ); + QPixmapCache::insert( icn_filename, pm); + } + + ObjectIconViewItem *ivitm = new ObjectIconViewItem(iconView,obj_name,pm ); + ivitm->setProperty("id", o->getId().c_str() ); + ivitm->setProperty("type", o->getTypeName().c_str() ); + ivitm->setFWObject( o ); + + allIconViewItems[o->getId()]=ivitm; + + icn_filename = Resources::global_res->getObjResourceStr(o, "icon-tree").c_str(); + + ObjectListViewItem *tvitm=new ObjectListViewItem( listView ); + tvitm->setText( 0, obj_name ); + tvitm->setText( 1, FWObjectPropertiesFactory::getObjectProperties(o) ); + tvitm->setIcon( 0, QIcon(pm) ); + + tvitm->setProperty("id", o->getId().c_str() ); + tvitm->setProperty("type", o->getTypeName().c_str() ); + tvitm->setFWObject( o ); + + allListViewItems[o->getId()]=tvitm; +} + +void GroupObjectDialog::loadFWObject(FWObject *o) +{ + obj=o; + Group *g = Group::cast(obj); + assert(g!=NULL); + + init=true; + + allIconViewItems.clear(); + allListViewItems.clear(); + + fillLibraries(m_dialog->libs,obj); + + m_dialog->obj_name->setText( QString::fromUtf8(g->getName().c_str()) ); + m_dialog->comment->setText( QString::fromUtf8(g->getComment().c_str()) ); + + m_dialog->obj_name->setEnabled( !FWBTree::isSystem(obj) ); + m_dialog->libs->setEnabled( !FWBTree::isSystem(obj) ); + m_dialog->comment->setEnabled( !FWBTree::isSystem(obj) ); + + listView->clear(); + + iconView->clear(); + + iconView->setResizeMode( QListWidget::Adjust ); + iconView->setGridSize ( QSize(50, 40) ); + + switch (vt) + { + case Icon: + if ( ! m_dialog->iconViewBtn->isChecked() ) m_dialog->iconViewBtn->toggle(); + iconView->raise(); + break; + + case List: + if ( ! m_dialog->listViewBtn->isChecked() ) m_dialog->listViewBtn->toggle(); + listView->raise(); + break; + } + + for (FWObject::iterator i=g->begin(); i!=g->end(); i++) + addIcon( *i ); + + + //apply->setEnabled( false ); + + m_dialog->obj_name->setEnabled(!o->isReadOnly() && !FWBTree::isSystem(o)); + setDisabledPalette(m_dialog->obj_name); + + m_dialog->comment->setEnabled(!o->isReadOnly() && !FWBTree::isSystem(o)); + setDisabledPalette(m_dialog->comment); + + m_dialog->libs->setEnabled(!o->isReadOnly() && !FWBTree::isSystem(o)); + setDisabledPalette(m_dialog->libs); + +// listView->setEnabled(!o->isReadOnly()); + setDisabledPalette(listView); + +// iconView->setEnabled(!o->isReadOnly()); + setDisabledPalette(iconView); + + + init=false; +} + +void GroupObjectDialog::changed() +{ + //if (!init) apply->setEnabled( true ); + + emit changed_sign(); +} + +void GroupObjectDialog::validate(bool *res) +{ + *res=true; + if (!isTreeReadWrite(this,obj)) { *res=false; return; } + if (!validateName(this,obj,m_dialog->obj_name->text())) { *res=false; return; } +} + +void GroupObjectDialog::isChanged(bool *res) +{ + //*res=(!init && apply->isEnabled()); +} + +void GroupObjectDialog::libChanged() +{ + changed(); +} + +void GroupObjectDialog::applyChanges() +{ + if (fwbdebug) + qDebug("GroupObjectDialog::applyChanges"); + + string oldname=obj->getName(); + obj->setName( string(m_dialog->obj_name->text().toUtf8().constData()) ); + obj->setComment( string(m_dialog->comment->toPlainText().toUtf8().constData()) ); + + init=true; + + set oldobj; + set newobj; + map::iterator i; + for (i=allListViewItems.begin(); i!=allListViewItems.end(); ++i) + { + newobj.insert( mw->db()->findInIndex((*i).first) ); + } + + for (FWObject::iterator j=obj->begin(); j!=obj->end(); ++j) + { + FWObject *o= *j; + if (FWReference::cast(o)!=NULL) + o=FWReference::cast(o)->getPointer(); + oldobj.insert( o ); + } + + set diff; + set_difference( oldobj.begin(), oldobj.end(), + newobj.begin(), newobj.end(), + inserter(diff,diff.begin())); +/* diff contains objects present in oldobj but not in newobj - these objects + were deleted from the group */ + + for (set::iterator k=diff.begin(); k!=diff.end(); ++k) + { + if (FWBTree::isSystem(obj)) om->delObj(*k, false); + else obj->removeRef( *k ); + } + + diff.clear(); + + set_difference( newobj.begin(), newobj.end(), + oldobj.begin(), oldobj.end(), + inserter(diff,diff.begin())); +/* diff contains objects present in newobj but not in oldobj - these objects + were added to the group */ + + for (set::iterator k1=diff.begin(); k1!=diff.end(); ++k1) + { + if (FWBTree::isSystem(obj)) om->pasteTo(obj,*k1, false); + else obj->addRef( *k1); + } + + om->updateObjName(obj,QString::fromUtf8(oldname.c_str())); + + init=true; + +/* move to another lib if we have to */ + if (! FWBTree::isSystem(obj) && m_dialog->libs->currentText() != QString(obj->getLibrary()->getName().c_str())) + om->moveObject(m_dialog->libs->currentText(), obj); + + init=false; + + //apply->setEnabled( false ); + om->updateLastModifiedTimestampForAllFirewalls(obj); + + if (fwbdebug) + qDebug("GroupObjectDialog::applyChanges done"); +} + +void GroupObjectDialog::discardChanges() +{ + loadFWObject(obj); +} + +void GroupObjectDialog::switchToIconView() +{ + if (vt == Icon) return; + vt = Icon; + + if ( ! m_dialog->iconViewBtn->isChecked() ) m_dialog->iconViewBtn->toggle(); + + m_dialog->objectViewsStack->setCurrentWidget(iconView); + + st->setGroupViewMode(ICON_VIEW_MODE); +} + +void GroupObjectDialog::switchToListView() +{ + if (vt == List) return; + vt = List; + + if ( ! m_dialog->listViewBtn->isChecked() ) m_dialog->listViewBtn->toggle(); + + m_dialog->objectViewsStack->setCurrentWidget(listView); + + st->setGroupViewMode(LIST_VIEW_MODE); +} + +void GroupObjectDialog::openObject() +{ + if (selectedObject!=NULL) + { + om->openObject( selectedObject ); + om->editObject( selectedObject ); + } +} + +void GroupObjectDialog::openObject(QTreeWidgetItem *itm) +{ + ObjectListViewItem *otvi=dynamic_cast(itm); + assert(otvi!=NULL); + + FWObject *o = otvi->getFWObject(); + if (o!=NULL) + { + om->openObject( o ); + om->editObject( o ); + } +} + +void GroupObjectDialog::openObject(QListWidgetItem *itm) +{ + ObjectIconViewItem *oivi=dynamic_cast(itm); + assert(oivi!=NULL); + + FWObject *o = oivi->getFWObject(); + if (o!=NULL) + { + om->openObject( o ); + om->editObject( o ); + } +} + +void GroupObjectDialog::dropped(QDropEvent *ev) +{ + if (fwbdebug) qDebug("GroupObjectDialog::dropped"); + + list ol; + if (FWObjectDrag::decode(ev, ol)) + { + if (ol.size()==0) return; + for (list::iterator i=ol.begin(); i!=ol.end(); ++i) + insertObject( *i ); + if (fwbdebug) qDebug("GroupObjectDialog::dropped ev->acceptAction()"); + ev->setAccepted(true); + + // see comment in ObjectTreeView.cpp explaining the purpose of + // flag process_mouse_release_event + ObjectTreeView *otv = om->getCurrentObjectTree(); + otv->ignoreNextMouseReleaseEvent(); + + } + if (fwbdebug) qDebug("GroupObjectDialog::dropped done"); +} + +void GroupObjectDialog::iconContextMenu(const QPoint & pos) +{ + FWObject *o=NULL; + ObjectIconViewItem *oivi=dynamic_cast( + iconView->itemAt(pos)); + if (oivi!=NULL) o = oivi->getFWObject(); + selectedObject=o; + + setupPopupMenu(iconView->mapToGlobal(pos)); +} + + +void GroupObjectDialog::listContextMenu(const QPoint & pos) +{ + FWObject *o=NULL; + ObjectListViewItem *otvi=dynamic_cast( + listView->itemAt(pos)); + if (otvi!=NULL) o = otvi->getFWObject(); + selectedObject=o; + + setupPopupMenu(listView->viewport()->mapToGlobal(pos)); +} + +void GroupObjectDialog::setupPopupMenu(const QPoint &pos) +{ + QMenu *popup=new QMenu(this); + + if (selectedObject!=NULL) + { + if (selectedObject->isReadOnly() ) + popup->addAction( tr("Open") , this , SLOT( openObject()) ); + else + popup->addAction( tr("Edit") , this , SLOT( openObject()) ); + } + + QAction *copyID =popup->addAction( tr("Copy") , this , SLOT( copyObj()) ); + QAction *cutID =popup->addAction( tr("Cut") , this , SLOT( cutObj()) ); + QAction *pasteID=popup->addAction( tr("Paste") , this , SLOT( pasteObj()) ); + QAction *delID =popup->addAction( tr("Delete") ,this , SLOT( deleteObj()) ); + + copyID->setEnabled(selectedObject!=NULL && + ! FWBTree::isSystem(selectedObject) ); + cutID->setEnabled(selectedObject!=NULL && + ! FWBTree::isSystem(obj) && + ! obj->isReadOnly() ); + pasteID->setEnabled(! FWBTree::isSystem(obj) && + ! obj->isReadOnly() ); + delID->setEnabled(selectedObject!=NULL && + ! FWBTree::isSystem(obj) && + ! obj->isReadOnly() ); + + popup->exec( pos ); +} + +void GroupObjectDialog::copyObj() +{ + FWObjectClipboard::obj_clipboard->clear(); + for(vector::iterator it=selectedObjects.begin(); + it!=selectedObjects.end(); ++it) + { + FWObject* selectedObject=*it; + + if (selectedObject!=NULL && ! FWBTree::isSystem(selectedObject) ) + { + FWObject *o=selectedObject; + if (FWReference::cast(o)!=NULL) + o=FWReference::cast(o)->getPointer(); + + + FWObjectClipboard::obj_clipboard->add( o ); + } + + } +} + +void GroupObjectDialog::cutObj() +{ + copyObj(); + deleteObj(); +} + +void GroupObjectDialog::pasteObj() +{ + vector::iterator i; + + for (i= FWObjectClipboard::obj_clipboard->begin(); + i!=FWObjectClipboard::obj_clipboard->end(); ++i) + { + insertObject( mw->db()->findInIndex(*i) ); + } + +// if (FWObjectClipboard::obj_clipboard->getObject()==NULL) return; +// insertObject( FWObjectClipboard::obj_clipboard->getObject() ); +} + +void GroupObjectDialog::deleteObj() +{ + vector tv; + FWObject* selectedObject; + copy (selectedObjects.begin(),selectedObjects.end(),inserter(tv,tv.begin())); + + for(vector::iterator it=tv.begin(); + it!=tv.end(); ++it) + { + selectedObject=(*it); + + if (selectedObject!=NULL && ! FWBTree::isSystem(obj) ) + { + Group *g = dynamic_cast(obj); + assert(g!=NULL); + + FWObject *o=selectedObject; + assert(o!=NULL); + if (FWReference::cast(o)!=NULL) + o=FWReference::cast(o)->getPointer(); + + selectedObject=NULL; + + // g->removeRef(o); + + assert(allListViewItems[o->getId()]!=NULL); + delete allListViewItems[o->getId()]; + allListViewItems.erase(o->getId()); + + assert(allIconViewItems[o->getId()]!=NULL); + delete allIconViewItems[o->getId()]; + allIconViewItems.erase(o->getId()); + + } + } + changed(); +} + +void GroupObjectDialog::saveColumnWidths() +{ + if (fwbdebug) + qDebug("GroupObjectDialog::saveColumnWidths()"); + + QString s = QString("%1,%2") + .arg(listView->columnWidth(0)) + .arg(listView->columnWidth(1)); + + st->setGroupViewColumns(s); +} + +/* ObjectEditor class connects its slot to this signal and does all + * the verification for us, then accepts (or not) the event. So we do + * nothing here and defer all the processing to ObjectEditor + */ +void GroupObjectDialog::closeEvent(QCloseEvent *e) +{ + saveColumnWidths(); + emit close_sign(e); +} + +void GroupObjectDialog::hideEvent(QHideEvent *) +{ + saveColumnWidths(); +} + +void GroupObjectDialog::selectObject(FWObject *o) +{ +// ObjectListViewItem* list_item=allListViewItems[o->getId()]; + ObjectIconViewItem* icon_item=allIconViewItems[o->getId()]; + + iconView->setCurrentItem (icon_item); +} diff --git a/src/gui/GroupObjectDialog.h b/src/gui/GroupObjectDialog.h new file mode 100644 index 000000000..5a755b9a9 --- /dev/null +++ b/src/gui/GroupObjectDialog.h @@ -0,0 +1,126 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: GroupObjectDialog.h,v 1.16 2006/08/18 04:10:33 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __GROUPOBJECTDIALOG_H_ +#define __GROUPOBJECTDIALOG_H_ + +#include "config.h" +#include + +#include +#include + +#include "fwbuilder/FWObject.h" +#include "ObjectListView.h" +#include "ObjectIconView.h" +#include + +class ObjectIconViewItem; +class ObjectListViewItem; + +class GroupObjectDialog : public QWidget +{ + Q_OBJECT + + libfwbuilder::FWObject *obj; + + Ui::GroupObjectDialog_q*m_dialog; + ObjectIconView *iconView; + ObjectListView *listView; + + std::vector selectedObjects; + + libfwbuilder::FWObject *selectedObject; + std::map allIconViewItems; + std::map allListViewItems; + + bool init; + + void addIcon(libfwbuilder::FWObject *o); + void addIcon(libfwbuilder::FWObject *o, bool ref); + + void insertObject(libfwbuilder::FWObject *o); + + void setupPopupMenu(const QPoint&); + void saveColumnWidths(); + + public: + GroupObjectDialog(QWidget *parent); + ~GroupObjectDialog(); + + enum viewType { Icon, List }; + + public slots: + virtual void changed(); + virtual void libChanged(); + virtual void applyChanges(); + virtual void discardChanges(); + virtual void loadFWObject(libfwbuilder::FWObject *obj); + virtual void validate(bool*); + virtual void isChanged(bool*); + virtual void switchToIconView(); + virtual void switchToListView(); + virtual void openObject(); + virtual void openObject(QListWidgetItem *itm); + virtual void openObject(QTreeWidgetItem *itm); + virtual void dropped(QDropEvent *ev); + virtual void iconContextMenu(const QPoint & pos); + virtual void listContextMenu(const QPoint & pos); + virtual void closeEvent(QCloseEvent *e); + virtual void hideEvent(QHideEvent *e); + + void copyObj(); + void cutObj(); + void pasteObj(); + void deleteObj(); + + void iconViewCurrentChanged(QListWidgetItem *itm); + void listViewCurrentChanged(QTreeWidgetItem *itm); + + void iconViewSelectionChanged(); + void listViewSelectionChanged(); + + void selectObject(libfwbuilder::FWObject *o); + + signals: +/** + * This signal is emitted from closeEvent, ObjectEditor connects + * to this signal to make checks before the object editor can be closed + * and to store its position on the screen + */ + void close_sign(QCloseEvent *e); + void changed_sign(); + + private: + + static enum viewType vt; + + public: + + +}; + +#endif // GROUPOBJECTDIALOG_H diff --git a/src/gui/HostDialog.cpp b/src/gui/HostDialog.cpp new file mode 100644 index 000000000..b2aa421dd --- /dev/null +++ b/src/gui/HostDialog.cpp @@ -0,0 +1,174 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: HostDialog.cpp,v 1.20 2007/04/14 00:18:43 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "FWBTree.h" +#include "HostDialog.h" +#include "ObjectManipulator.h" + +#include "fwbuilder/Library.h" +#include "fwbuilder/Host.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/Management.h" +#include "fwbuilder/FWException.h" + +#include +#include +#include +#include +#include +#include +#include + +using namespace std; +using namespace libfwbuilder; + +HostDialog::HostDialog(QWidget *parent) : QWidget(parent) +{ + m_dialog = new Ui::HostDialog_q; + m_dialog->setupUi(this); + obj=NULL; +} + +HostDialog::~HostDialog() +{ + delete m_dialog; +} + +void HostDialog::loadFWObject(FWObject *o) +{ + obj=o; + Host *s = dynamic_cast(obj); + assert(s!=NULL); + + init=true; + + fillLibraries(m_dialog->libs,obj); + + Management *mgmt=s->getManagementObject(); + assert(mgmt!=NULL); + + FWOptions *opt =s->getOptionsObject(); + + m_dialog->obj_name->setText( QString::fromUtf8(s->getName().c_str()) ); +// snmpCommunity->setText( mgmt->getSNMPManagement()->getReadCommunity().c_str() ); + m_dialog->MACmatching->setChecked( opt->getBool("use_mac_addr_filter") ); + + m_dialog->comment->setText( QString::fromUtf8(s->getComment().c_str()) ); + + //apply->setEnabled( false ); + + m_dialog->obj_name->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->obj_name); + + m_dialog->libs->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->libs); + +// snmpCommunity->setEnabled(!o->isReadOnly()); +// setDisabledPalette(snmpCommunity); + + m_dialog->MACmatching->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->MACmatching); + + m_dialog->comment->setReadOnly(o->isReadOnly()); + setDisabledPalette(m_dialog->comment); + + + init=false; +} + +void HostDialog::changed() +{ + //apply->setEnabled( true ); + emit changed_sign(); +} + +void HostDialog::validate(bool *res) +{ + *res=true; + if (!isTreeReadWrite(this,obj)) { *res=false; return; } + if (!validateName(this,obj,m_dialog->obj_name->text())) { *res=false; return; } +} + +void HostDialog::isChanged(bool *res) +{ + //*res=(!init && apply->isEnabled()); +} + +void HostDialog::libChanged() +{ + changed(); +} + +void HostDialog::applyChanges() +{ + Host *s = dynamic_cast(obj); + assert(s!=NULL); + + Management *mgmt=s->getManagementObject(); + assert(mgmt!=NULL); + + FWOptions *opt =s->getOptionsObject(); + + string oldname=obj->getName(); + obj->setName( string(m_dialog->obj_name->text().toUtf8().constData()) ); + obj->setComment( string(m_dialog->comment->toPlainText().toUtf8().constData()) ); +// mgmt->getSNMPManagement()->setReadCommunity( snmpCommunity->text().latin1() ); + opt->setBool("use_mac_addr_filter", m_dialog->MACmatching->isChecked() ); + + om->updateObjName(obj,QString::fromUtf8(oldname.c_str())); + + init=true; + +/* move to another lib if we have to */ + if (! FWBTree::isSystem(obj) && + m_dialog->libs->currentText() != QString(obj->getLibrary()->getName().c_str())) + om->moveObject(m_dialog->libs->currentText(), obj); + + init=false; + + //apply->setEnabled( false ); + om->updateLastModifiedTimestampForAllFirewalls(obj); +} + +void HostDialog::discardChanges() +{ + loadFWObject(obj); +} + + +/* ObjectEditor class connects its slot to this signal and does all + * the verification for us, then accepts (or not) the event. So we do + * nothing here and defer all the processing to ObjectEditor + */ +void HostDialog::closeEvent(QCloseEvent *e) +{ + emit close_sign(e); + +} + diff --git a/src/gui/HostDialog.h b/src/gui/HostDialog.h new file mode 100644 index 000000000..dd4b07192 --- /dev/null +++ b/src/gui/HostDialog.h @@ -0,0 +1,69 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: HostDialog.h,v 1.6 2006/05/13 06:53:05 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __HOSTDIALOG_H_ +#define __HOSTDIALOG_H_ + +#include "config.h" +#include +#include + +#include "fwbuilder/FWObject.h" + + +class HostDialog : public QWidget +{ + Q_OBJECT + + libfwbuilder::FWObject *obj; + bool init; + Ui::HostDialog_q *m_dialog; + + public: + HostDialog(QWidget *parent); + ~HostDialog(); + +public slots: + virtual void changed(); + virtual void libChanged(); + virtual void applyChanges(); + virtual void discardChanges(); + virtual void loadFWObject(libfwbuilder::FWObject *obj); + virtual void validate(bool*); + virtual void isChanged(bool*); + virtual void closeEvent(QCloseEvent *e); + + signals: +/** + * This signal is emitted from closeEvent, ObjectEditor connects + * to this signal to make checks before the object editor can be closed + * and to store its position on the screen + */ + void close_sign(QCloseEvent *e); + void changed_sign(); +}; + +#endif // HOSTDIALOG_H diff --git a/src/gui/ICMPServiceDialog.cpp b/src/gui/ICMPServiceDialog.cpp new file mode 100644 index 000000000..7dbaa7d7a --- /dev/null +++ b/src/gui/ICMPServiceDialog.cpp @@ -0,0 +1,160 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: ICMPServiceDialog.cpp,v 1.26 2007/04/14 00:18:43 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "FWBTree.h" +#include "ICMPServiceDialog.h" +#include "ObjectManipulator.h" + +#include "fwbuilder/Library.h" +#include "fwbuilder/ICMPService.h" + +#include +#include +#include +#include +#include +#include + +#include + +using namespace std; +using namespace libfwbuilder; + +ICMPServiceDialog::ICMPServiceDialog(QWidget *parent) : + QWidget(parent) +{ + m_dialog = new Ui::ICMPServiceDialog_q; + m_dialog->setupUi(this); + obj=NULL; +} + +ICMPServiceDialog::~ICMPServiceDialog() +{ + delete m_dialog; +} + +void ICMPServiceDialog::loadFWObject(FWObject *o) +{ + obj=o; + ICMPService *s = dynamic_cast(obj); + assert(s!=NULL); + + init=true; + + fillLibraries(m_dialog->libs,obj); + + m_dialog->obj_name->setText( QString::fromUtf8(s->getName().c_str()) ); + m_dialog->icmpType->setValue( s->getInt("type") ); + m_dialog->icmpCode->setValue( s->getInt("code") ); + m_dialog->comment->setText( QString::fromUtf8(s->getComment().c_str()) ); + + //apply->setEnabled( false ); + + m_dialog->obj_name->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->obj_name); + + m_dialog->libs->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->libs); + + m_dialog->icmpType->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->icmpType); + + m_dialog->icmpCode->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->icmpCode); + + m_dialog->comment->setReadOnly(o->isReadOnly()); + setDisabledPalette(m_dialog->comment); + + init=false; +} + +void ICMPServiceDialog::changed() +{ + //apply->setEnabled( true ); + emit changed_sign(); +} + +void ICMPServiceDialog::validate(bool *res) +{ + *res=true; + if (!isTreeReadWrite(this,obj)) { *res=false; return; } + if (!validateName(this,obj,m_dialog->obj_name->text())) { *res=false; return; } +} + +void ICMPServiceDialog::isChanged(bool *res) +{ + //*res=(!init && apply->isEnabled()); +} + +void ICMPServiceDialog::libChanged() +{ + changed(); +} + +void ICMPServiceDialog::applyChanges() +{ + string oldname=obj->getName(); + obj->setName( string(m_dialog->obj_name->text().toUtf8().constData()) ); + obj->setComment( string(m_dialog->comment->toPlainText().toUtf8().constData()) ); + + obj->setInt("type", m_dialog->icmpType->value() ); + obj->setInt("code", m_dialog->icmpCode->value() ); + + om->updateObjName(obj,QString::fromUtf8(oldname.c_str())); + + init=true; + +/* move to another lib if we have to */ + if (! FWBTree::isSystem(obj) && m_dialog->libs->currentText() != QString(obj->getLibrary()->getName().c_str())) + om->moveObject(m_dialog->libs->currentText(), obj); + + init=false; + + //apply->setEnabled( false ); + om->updateLastModifiedTimestampForAllFirewalls(obj); +} + +void ICMPServiceDialog::discardChanges() +{ + loadFWObject(obj); +} + + +/* ObjectEditor class connects its slot to this signal and does all + * the verification for us, then accepts (or not) the event. So we do + * nothing here and defer all the processing to ObjectEditor + */ +void ICMPServiceDialog::closeEvent(QCloseEvent *e) +{ + emit close_sign(e); + +} + + diff --git a/src/gui/ICMPServiceDialog.h b/src/gui/ICMPServiceDialog.h new file mode 100644 index 000000000..bfac0473d --- /dev/null +++ b/src/gui/ICMPServiceDialog.h @@ -0,0 +1,70 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: ICMPServiceDialog.h,v 1.11 2006/05/13 06:53:05 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __ICMPSERVICEDIALOG_H_ +#define __ICMPSERVICEDIALOG_H_ + +#include "config.h" +#include +#include + +#include "fwbuilder/FWObject.h" + + +class ICMPServiceDialog : public QWidget +{ + Q_OBJECT + + libfwbuilder::FWObject *obj; + bool init; + Ui::ICMPServiceDialog_q *m_dialog; + + public: + ICMPServiceDialog(QWidget *parent); + ~ICMPServiceDialog(); + +public slots: + virtual void changed(); + virtual void libChanged(); + virtual void applyChanges(); + virtual void discardChanges(); + virtual void loadFWObject(libfwbuilder::FWObject *obj); + virtual void validate(bool*); + virtual void isChanged(bool*); + virtual void closeEvent(QCloseEvent *e); + + signals: +/** + * This signal is emitted from closeEvent, ObjectEditor connects + * to this signal to make checks before the object editor can be closed + * and to store its position on the screen + */ + void close_sign(QCloseEvent *e); + void changed_sign(); + +}; + +#endif // ICMPSERVICEDIALOG_H diff --git a/src/gui/IOSImporter.cpp b/src/gui/IOSImporter.cpp new file mode 100644 index 000000000..abca08734 --- /dev/null +++ b/src/gui/IOSImporter.cpp @@ -0,0 +1,529 @@ +/* + + Firewall Builder + + Copyright (C) 2007 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: IOSImporter.cpp,v 1.11 2007/08/06 07:07:22 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "utils_no_qt.h" +#include "platforms.h" + + +#include "IOSImporter.h" + +#include +#include +#include + +#include "fwbuilder/Resources.h" +#include "fwbuilder/Network.h" +#include "fwbuilder/Address.h" +#include "fwbuilder/IPAddress.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/Policy.h" +#include "fwbuilder/RuleElement.h" + +using namespace libfwbuilder; + +IOSImporter::IOSImporter(FWObject *lib, + std::istringstream &input, + Logger *log) : Importer(lib, "iosacl", input, log) +{ + ios_icmp_specs["echo-reply"] = std::pair(0, 0); + ios_icmp_specs["unreachable"] = std::pair(3, -1); // all "unreachables" + ios_icmp_specs["net-unreachable"] = std::pair(3, 0); + ios_icmp_specs["host-unreachable"] = std::pair(3, 1); + ios_icmp_specs["protocol-unreachable"] = std::pair(3, 2); + ios_icmp_specs["port-unreachable"] = std::pair(3, 3); + ios_icmp_specs["packet-too-big"] = std::pair(3, 4); + ios_icmp_specs["source-route-failed"] = std::pair(3, 5); + ios_icmp_specs["network-unknown"] = std::pair(3, 6); + ios_icmp_specs["host-unknown"] = std::pair(3, 7); + ios_icmp_specs["host-isolated"] = std::pair(3, 8); + ios_icmp_specs["dod-net-prohibited"] = std::pair(3, 9); + ios_icmp_specs["dod-host-prohibited"] = std::pair(3, 10); + ios_icmp_specs["net-tos-unreachable"] = std::pair(3, 11); + ios_icmp_specs["host-tos-unreachable"] = std::pair(3, 12); + ios_icmp_specs["administratively-prohibited"] = std::pair(3, 13); + ios_icmp_specs["host-precedence-unreachable"] = std::pair(3, 14); + ios_icmp_specs["precedence-unreachable"] = std::pair(3, 15); + ios_icmp_specs["source-quench"] = std::pair(4, 0); + ios_icmp_specs["net-redirect"] = std::pair(5, 0); + ios_icmp_specs["host-redirect"] = std::pair(5, 1); + ios_icmp_specs["net-tos-redirect"] = std::pair(5, 2); + ios_icmp_specs["host-tos-redirect"] = std::pair(5, 3); + ios_icmp_specs["echo"] = std::pair(8, 0); + ios_icmp_specs["router-advertisement"] = std::pair(9, 0); + ios_icmp_specs["router-solicitation"] = std::pair(10, 0); + ios_icmp_specs["ttl-exceeded"] = std::pair(11, 0); + ios_icmp_specs["reassembly-timeout"] = std::pair(11, 1); + ios_icmp_specs["general-parameter-problem"] = std::pair(12, 0); + ios_icmp_specs["option-missing"] = std::pair(12, 1); + ios_icmp_specs["timestamp-request"] = std::pair(13, 0); + ios_icmp_specs["timestamp-reply"] = std::pair(14, 0); + ios_icmp_specs["information-request"] = std::pair(15, 0); + ios_icmp_specs["information-reply"] = std::pair(16, 0); + ios_icmp_specs["mask-request"] = std::pair(17, 0); + ios_icmp_specs["mask-reply"] = std::pair(18, 0); + + ios_proto_specs["ah"] = 51; + ios_proto_specs["ahp"] = 51; + ios_proto_specs["eigrp"] = 88; + ios_proto_specs["esp"] = 50; + ios_proto_specs["gre"] = 47; + ios_proto_specs["igmp"] = 2; + ios_proto_specs["igrp"] = 9; + ios_proto_specs["ip"] = 0; + ios_proto_specs["ipinip"] = 4; + ios_proto_specs["nos"] = 94; + ios_proto_specs["ospf"] = 89; + ios_proto_specs["pim"] = 103; + ios_proto_specs["pcp"] = 108; + ios_proto_specs["snp"] = 109; + + ios_tcp_specs["bgp"] = 179; + ios_tcp_specs["chargen"] = 19; + ios_tcp_specs["cmd"] = 514; + ios_tcp_specs["daytime"] = 13; + ios_tcp_specs["discard"] = 9; + ios_tcp_specs["domain"] = 53; + ios_tcp_specs["echo"] = 7; + ios_tcp_specs["exec"] = 512; + ios_tcp_specs["finger"] = 79; + ios_tcp_specs["ftp"] = 21; + ios_tcp_specs["ftp-data"] = 20; + ios_tcp_specs["gopher"] = 70; + ios_tcp_specs["hostname"] = 101; + ios_tcp_specs["ident"] = 113; + ios_tcp_specs["irc"] = 194; + ios_tcp_specs["klogin"] = 543; + ios_tcp_specs["kshell"] = 544; + ios_tcp_specs["login"] = 513; + ios_tcp_specs["lpd"] = 515; + ios_tcp_specs["nntp"] = 119; + ios_tcp_specs["pop2"] = 109; + ios_tcp_specs["pop3"] = 110; + ios_tcp_specs["smtp"] = 25; + ios_tcp_specs["sunrpc"] = 111; + ios_tcp_specs["syslog"] = 514; + ios_tcp_specs["tacacs"] = 49; + ios_tcp_specs["tacacs-ds"] = 63; + ios_tcp_specs["talk"] = 517; + ios_tcp_specs["telnet"] = 23; + ios_tcp_specs["time"] = 37; + ios_tcp_specs["uucp"] = 540; + ios_tcp_specs["whois"] = 43; + ios_tcp_specs["www"] = 80; + + ios_udp_specs["biff"] = 512; + ios_udp_specs["bootpc"] = 68; + ios_udp_specs["bootps"] = 67; + ios_udp_specs["discard"] = 9; + ios_udp_specs["dnsix"] = 195; + ios_udp_specs["domain"] = 53; + ios_udp_specs["echo"] = 7; + ios_udp_specs["isakmp"] = 500; + ios_udp_specs["mobile-ip"] = 434; + ios_udp_specs["nameserver"] = 42; + ios_udp_specs["netbios-dgm"] = 138; + ios_udp_specs["netbios-ns"] = 137; + ios_udp_specs["netbios-ss"] = 139; + ios_udp_specs["ntp"] = 123; + ios_udp_specs["pim-auto-rp"] = 496; + ios_udp_specs["rip"] = 520; + ios_udp_specs["snmp"] = 161; + ios_udp_specs["snmptrap"] = 162; + ios_udp_specs["sunrpc"] = 111; + ios_udp_specs["syslog"] = 514; + ios_udp_specs["tacacs"] = 49; + ios_udp_specs["talk"] = 517; + ios_udp_specs["tftp"] = 69; + ios_udp_specs["time"] = 37; + ios_udp_specs["who"] = 513; + ios_udp_specs["xdmcp"] = 177; + +} + + + +IOSImporter::~IOSImporter() +{ + all_rulesets.clear(); + all_interfaces.clear(); +} + +void IOSImporter::setInterfaceAndDirectionForRuleSet( + const std::string &ruleset_name, + const std::string &_intf_name, + const std::string &_dir) +{ + Importer::setInterfaceAndDirectionForRuleSet( + ruleset_name, _intf_name, _dir); + +} + +FWObject* IOSImporter::createAddress(const std::string &addr, + const std::string &netmask) +{ + std::string correct_nm = netmask; + + // invert netmask (this is IOS) + try + { + IPAddress orig_nm(netmask); + long nm = orig_nm.to32BitInt(); + struct in_addr na; + na.s_addr = ~nm; + correct_nm = IPAddress(&na).toString(); + return Importer::createAddress(addr, correct_nm); + } catch (FWException &ex) + { + markCurrentRuleBad( + std::string("Error converting netmask '") + netmask + "' (address " + addr + ")"); + return Importer::createAddress(addr, "255.255.255.255"); + } + +} + +FWObject* IOSImporter::createICMPService() +{ + std::string icmpspec = strip(icmp_spec); + if (!icmpspec.empty()) + { + // Cisco is trying to be too helpful, they translate many + // icmp type/code combinations into stings + if (ios_icmp_specs.count(icmpspec)!=0) + { + std::pair pp = ios_icmp_specs[icmpspec]; + std::ostringstream s1, s2; + s1 << pp.first; + icmp_type = s1.str(); + s2 << pp.second; + icmp_code = s2.str(); + } else + { + markCurrentRuleBad( + std::string("Import of icmp protocol '") + icmp_spec + "' failed"); + icmp_code = "-1"; + icmp_type = "-1"; + } + } + icmp_spec = ""; + + return Importer::createICMPService(); +} + +FWObject* IOSImporter::createIPService() +{ + if (ios_proto_specs.count(protocol)!=0) + { + std::ostringstream s; + s << ios_proto_specs[protocol]; + protocol = s.str(); + } + return Importer::createIPService(); +} + +int IOSImporter::convertPort(const std::string &port_str, + std::map &port_map) +{ + int port = 0; + std::string ps = strip(port_str); + if (port_map.count(ps)>0) port = port_map[ps]; + else + { + if (ps=="") return 0; + std::istringstream str1(ps); + str1.exceptions(std::ios::failbit); + try + { + str1 >> port; + } catch (const std::exception &ex) { + // could not convert port_spec to an integer + markCurrentRuleBad(std::string("Port spec '") + port_str + + "' unknown. Error " + ex.what()); + } + } + return port; +} + +std::pair IOSImporter::convertPortSpec(const std::string &port_op, + const std::string &port_spec, + std::map &port_map) +{ + int range_start; + int range_end; + std::string s1,s2; + std::string portop = strip(port_op); + std::string portspec = strip(port_spec); + + if (fwbdebug) + qDebug(QString("Convert TCP/UDP port spec: port_op=%1 port_spec=%2"). + arg(port_op.c_str()).arg(port_spec.c_str()).toAscii().constData()); + + if (portop=="" && portspec=="") return std::pair(0, 0); + + std::string::size_type n = portspec.find(' '); + if (n!=std::string::npos) + { + s1 = portspec.substr(0, n); + s2 = portspec.substr(n); + } else + { + s1 = portspec; + s2 = portspec; + } + range_start = convertPort(s1, port_map); + range_end = convertPort(s2, port_map); + + if (portop=="lt") range_start = 0; + if (portop=="gt") range_end = 65535; + if (portop=="eq") + { + range_start = range_end; + } + if (portop=="range") + { + // range_start and range_end have been set + ; + } + + return std::pair(range_start, range_end); +} + +FWObject* IOSImporter::createTCPService() +{ + // use src_port_op, src_port_spec, dst_port_op, dst_port_spec + // port_op can be: lt (less than), gt (greater than), eq (equal), + // neq (not equal), and range (inclusive range). + // here we assume src_port_spec and dst_port_spec are + // both numeric and represent a single port. + + std::string name = "tcp " + src_port_spec + " " + dst_port_spec; + + std::pair pr = + convertPortSpec(src_port_op, src_port_spec, ios_tcp_specs); + int srs = pr.first; + int sre = pr.second; + + pr = convertPortSpec(dst_port_op, dst_port_spec, ios_tcp_specs); + int drs = pr.first; + int dre = pr.second; + + return getTCPService(srs,sre, + drs,dre, + established,tcp_flags_mask,tcp_flags_comp); +} + +FWObject* IOSImporter::createUDPService() +{ + // use src_port_op, src_port_spec, dst_port_op, dst_port_spec + // port_op can be: lt (less than), gt (greater than), eq (equal), + // neq (not equal), and range (inclusive range). + // here we assume src_port_spec and dst_port_spec are + // both numeric and represent a single port. + + std::string name = "udp " + src_port_spec + " " + dst_port_spec; + + std::pair pr = + convertPortSpec(src_port_op, src_port_spec, ios_udp_specs); + int srs = pr.first; + int sre = pr.second; + + pr = convertPortSpec(dst_port_op, dst_port_spec, ios_udp_specs); + int drs = pr.first; + int dre = pr.second; + + return getUDPService(srs,sre,drs,dre); +} + +void IOSImporter::merge_rule::operator()(FWObject* r) +{ + PolicyRule *rule = PolicyRule::cast(r); + assert(rule!=NULL); + + target_ruleset->add(rule); +// target_ruleset->renumberRules(); + + RuleElementItf* re =rule->getItf(); + re->addRef(intf); + rule->setDirection(dir); + + std::string prev_comment = rule->getComment(); + rule->setComment( + std::string("Imported from ") + ruleset_name + "\n" + prev_comment); +} + +Firewall* IOSImporter::finalize() +{ + // scan all UnidirectionalRuleSet objects, set interface and + // direction in all rules of corresponding RuleSet and merge all + // UnidirectionalRuleSet into one RuleSet object. Attach this + // object to the firewall. + + if (fwbdebug) qDebug("IPTImporter::finalize()"); + + if (haveFirewallObject()) + { + FWObject *f = getFirewallObject(); + f->setStr("host_OS", "ios"); + + FWObject *policy = + getFirewallObject()->getFirstByType(Policy::TYPENAME); + assert( policy!=NULL ); + + if (all_rulesets.size()!=0) + { + if (fwbdebug) + { + qDebug("Setting interface and direction for all rules"); + qDebug(QString("all_rulesets.size()=%1"). + arg(all_rulesets.size()).toAscii().constData()); + } + + std::map::iterator i; + for (i=all_rulesets.begin(); i!=all_rulesets.end(); ++i) + { + UnidirectionalRuleSet *irs = (*i).second; + + if (fwbdebug) + { + qDebug(QString(" irs->name=%1"). + arg(irs->name.c_str()).toAscii().constData()); + qDebug(QString(" irs->intf_dir.size()=%1"). + arg(irs->intf_dir.size()).toAscii().constData()); + qDebug(QString(" irs->ruleset->size()=%1"). + arg(irs->ruleset->size()).toAscii().constData()); + } + + // optimization: If we have several interfaces for + // the ruleset, create a group + // But first group interfaces by direction so + // that later we can merge rules into the policy + // with proper combination of interface group and + // direction. Remember that the same access list + // can be used with multiple interfaces with different + // directions each time. The same list can be applied + // to the same interface both in and out (although in + // this case we have already switched direction to "both") + // + if (irs->intf_dir.size()>1) + { + std::list all_in; + std::list all_out; + std::list all_both; + + std::map::iterator i; + for (i = irs->intf_dir.begin(); + i != irs->intf_dir.end(); ++i) + { + if ( (*i).second=="in") + all_in.push_back( (*i).first ); + if ( (*i).second=="out") + all_out.push_back( (*i).first ); + if ( (*i).second=="both") + all_both.push_back( (*i).first ); + } + FWObject *og; + if (all_in.size()>0) + { + og = createGroupOfInterfaces(irs->name, all_in); + std::for_each(irs->ruleset->begin(), + irs->ruleset->end(), + merge_rule(irs->name, + og, + PolicyRule::Inbound, + policy) + ); + } + + if (all_out.size()>0) + { + og = createGroupOfInterfaces(irs->name, all_out); + std::for_each(irs->ruleset->begin(), + irs->ruleset->end(), + merge_rule(irs->name, + og, + PolicyRule::Outbound, + policy) + ); + } + + if (all_both.size()>0) + { + og = createGroupOfInterfaces(irs->name, all_both); + std::for_each(irs->ruleset->begin(), + irs->ruleset->end(), + merge_rule(irs->name, + og, + PolicyRule::Both, + policy) + ); + } + + } + else + { + std::map::iterator j; + for (j=irs->intf_dir.begin(); j!=irs->intf_dir.end(); ++j) + { + Interface *intf = all_interfaces[ (*j).first ]; + std::string _dir = (*j).second; + PolicyRule::Direction direction = PolicyRule::Both; + if (_dir=="in") direction = PolicyRule::Inbound; + if (_dir=="out") direction = PolicyRule::Outbound; + + // not all access lists are associated with interfaces + if (intf!=NULL) + { + if (fwbdebug) + qDebug(QString(" interface=%1"). + arg(intf->getName().c_str()).toAscii().constData()); + std::for_each(irs->ruleset->begin(), + irs->ruleset->end(), + merge_rule(irs->name, + intf, + direction, + policy) + ); + } + } + } + qDebug("ruleset done"); + + // call clearChidren() not recursive because children objects + // of all rules should not be deleted + irs->ruleset->clearChildren(false); + getFirewallObject()->remove(irs->ruleset, false); + delete irs->ruleset; + } + } + + return getFirewallObject(); + } + else + return NULL; +} diff --git a/src/gui/IOSImporter.h b/src/gui/IOSImporter.h new file mode 100644 index 000000000..80c9a966d --- /dev/null +++ b/src/gui/IOSImporter.h @@ -0,0 +1,98 @@ +/* + + Firewall Builder + + Copyright (C) 2007 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: IOSImporter.h,v 1.8 2007/05/28 05:17:55 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef _FWB_POLICY_IMPORTER_IOS_H_ +#define _FWB_POLICY_IMPORTER_IOS_H_ + +#include +#include +#include +#include +#include + +#include "Importer.h" +#include "fwbuilder/Logger.h" + +class IOSImporter : public Importer { + + libfwbuilder::Logger *logger; + + std::map > ios_icmp_specs; + std::map ios_proto_specs; + std::map ios_tcp_specs; + std::map ios_udp_specs; + + virtual libfwbuilder::FWObject* createAddress(const std::string &a, + const std::string &nm); + virtual libfwbuilder::FWObject* createIPService(); + virtual libfwbuilder::FWObject* createICMPService(); + virtual libfwbuilder::FWObject* createTCPService(); + virtual libfwbuilder::FWObject* createUDPService(); + + int convertPort(const std::string &port, + std::map &port_map); + + std::pair convertPortSpec(const std::string &port_op, + const std::string &port_spec, + std::map &port_map); + + public: + + IOSImporter(libfwbuilder::FWObject *lib, + std::istringstream &input, + libfwbuilder::Logger *log); + ~IOSImporter(); + + virtual void run(); + + virtual void setInterfaceAndDirectionForRuleSet(const std::string &ruleset_name, + const std::string &interface_name, + const std::string &dir); + + // this method actually adds interfaces to the firewall object + // and does final clean up. + virtual libfwbuilder::Firewall* finalize(); + + + class merge_rule : public std::unary_function + { + std::string ruleset_name; + libfwbuilder::FWObject *intf; + libfwbuilder::PolicyRule::Direction dir; + libfwbuilder::FWObject *target_ruleset; + public: + merge_rule(const std::string &_n, + libfwbuilder::FWObject *i, + libfwbuilder::PolicyRule::Direction d, + libfwbuilder::FWObject *_rs) + { ruleset_name = _n; intf = i; dir = d; target_ruleset = _rs; } + void operator()(libfwbuilder::FWObject* r); + }; + + +}; + +#endif diff --git a/src/gui/IOSImporterRun.cpp b/src/gui/IOSImporterRun.cpp new file mode 100644 index 000000000..25f5d5ad3 --- /dev/null +++ b/src/gui/IOSImporterRun.cpp @@ -0,0 +1,86 @@ +/* + + Firewall Builder + + Copyright (C) 2007 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: IOSImporterRun.cpp,v 1.3 2007/08/06 07:07:22 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" + +#include "IOSImporter.h" + +#include + +#include +#include +#include + +#ifdef HAVE_ANTLR_RUNTIME +#include + +// parser and lexer for Cisco IOS access lists +#include "../parsers/IOSCfgLexer.hpp" +#include "../parsers/IOSCfgParser.hpp" + +#endif + +/* + * Only this module depends on IOSCfgLexer and IOSCfgParser, + * so only this file is recompiled when we change grammar + */ + +void IOSImporter::run() +{ +#ifdef HAVE_ANTLR_RUNTIME +// it is probably safer to create an empty firewall if we do not have +// ANTLR on the system rather than try to #ifdef out chunks of code +// here and there in this module +// +// Obviously we should disable GUI elements that activate this importer +// if ANTLR runtime is not available. +// + + std::string err; + std::ostringstream parser_debug; + + IOSCfgLexer lexer(input); + IOSCfgParser parser(lexer); + parser.importer = this; + if (fwbdebug) parser.dbg = &std::cerr; + else parser.dbg = &parser_debug; + + try + { + parser.cfgfile(); + } catch(ANTLR_USE_NAMESPACE(antlr)ANTLRException &e) + { + err = e.toString().c_str(); + } catch(std::exception& e) + { + err = e.what() ; + } + + if (!err.empty()) throw ImporterException(err); + +#endif +} + diff --git a/src/gui/IPServiceDialog.cpp b/src/gui/IPServiceDialog.cpp new file mode 100644 index 000000000..2a85f43d1 --- /dev/null +++ b/src/gui/IPServiceDialog.cpp @@ -0,0 +1,186 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: IPServiceDialog.cpp,v 1.24 2007/04/14 00:18:43 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "FWBTree.h" +#include "IPServiceDialog.h" +#include "ObjectManipulator.h" + +#include "fwbuilder/Library.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ServiceGroup.h" + +#include +#include +#include +#include +#include +#include + +#include + +using namespace libfwbuilder; +using namespace std; + +IPServiceDialog::IPServiceDialog(QWidget *parent) : QWidget(parent) +{ + m_dialog = new Ui::IPServiceDialog_q; + m_dialog->setupUi(this); + obj=NULL; +} + +IPServiceDialog::~IPServiceDialog() +{ + delete m_dialog; +} + +void IPServiceDialog::loadFWObject(FWObject *o) +{ + obj=o; + IPService *s = dynamic_cast(obj); + assert(s!=NULL); + + init=true; + + fillLibraries(m_dialog->libs,obj); + + m_dialog->obj_name->setText( QString::fromUtf8(s->getName().c_str()) ); + m_dialog->protocolNum->setValue( s->getProtocolNumber() ); + m_dialog->lsrr->setChecked( s->getBool("m_dialog->lsrr") ); + m_dialog->ssrr->setChecked( s->getBool("m_dialog->ssrr") ); + m_dialog->rr->setChecked( s->getBool("m_dialog->rr") ); + m_dialog->timestamp->setChecked( s->getBool("ts") ); + m_dialog->all_fragments->setChecked( s->getBool("fragm") ); + m_dialog->short_fragments->setChecked( s->getBool("short_fragm") ); + + m_dialog->comment->setText( QString::fromUtf8(s->getComment().c_str()) ); + + //apply->setEnabled( false ); + + m_dialog->obj_name->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->obj_name); + + m_dialog->libs->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->libs); + + m_dialog->protocolNum->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->protocolNum); + + m_dialog->lsrr->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->lsrr); + + m_dialog->ssrr->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->ssrr); + + m_dialog->rr->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->rr); + + m_dialog->timestamp->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->timestamp); + + m_dialog->all_fragments->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->all_fragments); + + m_dialog->short_fragments->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->short_fragments); + + m_dialog->comment->setReadOnly(o->isReadOnly()); + setDisabledPalette(m_dialog->comment); + + + init=false; +} + +void IPServiceDialog::changed() +{ + //apply->setEnabled( true ); + emit changed_sign(); +} + +void IPServiceDialog::validate(bool *res) +{ + *res=true; + if (!isTreeReadWrite(this,obj)) { *res=false; return; } + if (!validateName(this,obj,m_dialog->obj_name->text())) { *res=false; return; } +} + +void IPServiceDialog::isChanged(bool *res) +{ + //*res=(!init && apply->isEnabled()); +} + +void IPServiceDialog::libChanged() +{ + changed(); +} + +void IPServiceDialog::applyChanges() +{ + string oldname=obj->getName(); + obj->setName( string(m_dialog->obj_name->text().toUtf8().constData()) ); + obj->setComment( string(m_dialog->comment->toPlainText().toUtf8().constData()) ); + + obj->setInt("protocol_num", m_dialog->protocolNum->value() ); + obj->setBool("m_dialog->lsrr", m_dialog->lsrr->isChecked() ); + obj->setBool("m_dialog->ssrr", m_dialog->ssrr->isChecked() ); + obj->setBool("m_dialog->rr", m_dialog->rr->isChecked() ); + obj->setBool("ts", m_dialog->timestamp->isChecked() ); + obj->setBool("fragm", m_dialog->all_fragments->isChecked() ); + obj->setBool("short_fragm", m_dialog->short_fragments->isChecked() ); + + om->updateObjName(obj,QString::fromUtf8(oldname.c_str())); + + init=true; + +/* move to another lib if we have to */ + if (! FWBTree::isSystem(obj) && m_dialog->libs->currentText() != QString(obj->getLibrary()->getName().c_str())) + om->moveObject(m_dialog->libs->currentText(), obj); + + init=false; + + //apply->setEnabled( false ); + om->updateLastModifiedTimestampForAllFirewalls(obj); +} + +void IPServiceDialog::discardChanges() +{ + loadFWObject(obj); +} + + +/* ObjectEditor class connects its slot to this signal and does all + * the verification for us, then accepts (or not) the event. So we do + * nothing here and defer all the processing to ObjectEditor + */ +void IPServiceDialog::closeEvent(QCloseEvent *e) +{ + emit close_sign(e); + +} + diff --git a/src/gui/IPServiceDialog.h b/src/gui/IPServiceDialog.h new file mode 100644 index 000000000..722d9c2e7 --- /dev/null +++ b/src/gui/IPServiceDialog.h @@ -0,0 +1,71 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: IPServiceDialog.h,v 1.10 2006/05/13 06:53:05 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __IPSERVICEDIALOG_H_ +#define __IPSERVICEDIALOG_H_ + +#include "config.h" + +#include +#include + +#include "fwbuilder/FWObject.h" + + +class IPServiceDialog : public QWidget +{ + Q_OBJECT + + libfwbuilder::FWObject *obj; + bool init; + Ui::IPServiceDialog_q *m_dialog; + + public: + IPServiceDialog(QWidget *parent); + ~IPServiceDialog(); + +public slots: + virtual void changed(); + virtual void libChanged(); + virtual void applyChanges(); + virtual void discardChanges(); + virtual void loadFWObject(libfwbuilder::FWObject *obj); + virtual void validate(bool*); + virtual void isChanged(bool*); + virtual void closeEvent(QCloseEvent *e); + + signals: +/** + * This signal is emitted from closeEvent, ObjectEditor connects + * to this signal to make checks before the object editor can be closed + * and to store its position on the screen + */ + void close_sign(QCloseEvent *e); + void changed_sign(); + +}; + +#endif // IPSERVICEDIALOG_H diff --git a/src/gui/IPTImporter.cpp b/src/gui/IPTImporter.cpp new file mode 100644 index 000000000..d77318f17 --- /dev/null +++ b/src/gui/IPTImporter.cpp @@ -0,0 +1,896 @@ +/* + + Firewall Builder + + Copyright (C) 2007 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: IPTImporter.cpp,v 1.9 2007/08/06 07:07:22 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "utils_no_qt.h" +#include "platforms.h" + + +#include "IPTImporter.h" + +#include +#include +#include + +#ifndef _WIN32 +# include +# include +#else +# include +#endif + +#include "fwbuilder/Resources.h" +#include "fwbuilder/Network.h" +#include "fwbuilder/Address.h" +#include "fwbuilder/AddressRange.h" +#include "fwbuilder/IPAddress.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/TagService.h" +#include "fwbuilder/Policy.h" +#include "fwbuilder/NAT.h" +#include "fwbuilder/RuleElement.h" + +using namespace libfwbuilder; + +IPTImporter::IPTImporter(FWObject *lib, + std::istringstream &input, + Logger *log) : Importer(lib, "iptables", input, log) +{ + service_group_name_seed = 0; + current_ruleset = NULL; + current_rule = NULL; + last_mark_rule = NULL; + + clear(); + + icmp_specs["echo-reply"] = std::pair(0, 0); + + // all "unreachables" + icmp_specs["destination-unreachable"] = std::pair(3, -1); + icmp_specs["network-unreachable"] = std::pair(3, 0); + icmp_specs["host-unreachable"] = std::pair(3, 1); + icmp_specs["protocol-unreachable"] = std::pair(3, 2); + icmp_specs["port-unreachable"] = std::pair(3, 3); + icmp_specs["fragmentation-needed"] = std::pair(3, 4); + icmp_specs["source-route-failed"] = std::pair(3, 5); + icmp_specs["network-unknown"] = std::pair(3, 6); + icmp_specs["host-unknown"] = std::pair(3, 7); + icmp_specs["host-isolated"] = std::pair(3, 8); + icmp_specs["network-prohibited"] = std::pair(3, 9); + icmp_specs["host-prohibited"] = std::pair(3, 10); + icmp_specs["TOS-network-unreachable"] = std::pair(3, 11); + icmp_specs["TOS-host-unreachable"] = std::pair(3, 12); + icmp_specs["communication-prohibited"] = std::pair(3, 13); + icmp_specs["host-precedence-violation"] = std::pair(3, 14); + icmp_specs["precedence-cutoff"] = std::pair(3, 15); + + icmp_specs["source-quench"] = std::pair(4, 0); + + icmp_specs["redirect"] = std::pair(5, -1); + icmp_specs["network-redirect"] = std::pair(5, 0); + icmp_specs["host-redirect"] = std::pair(5, 1); + icmp_specs["TOS-network-redirect"] = std::pair(5, 2); + icmp_specs["TOS-host-redirect"] = std::pair(5, 3); + + icmp_specs["echo-request"] = std::pair(8, 0); + + icmp_specs["router-advertisement"] = std::pair(9, 0); + + icmp_specs["router-solicitation"] = std::pair(10, 0); + + icmp_specs["ttl-exceeded"] = std::pair(11, 0); + icmp_specs["time-exceeded"] = std::pair(11, 0); + icmp_specs["ttl-zero-during-transit"] = std::pair(11, 0); + icmp_specs["ttl-zero-during-reassembly"] = std::pair(11, 1); + + icmp_specs["parameter-problem"] = std::pair(12, 0); + icmp_specs["ip-header-bad"] = std::pair(12, 0); + icmp_specs["required-option-missing"] = std::pair(12, 1); + + icmp_specs["timestamp-request"] = std::pair(13, 0); + + icmp_specs["timestamp-reply"] = std::pair(14, 0); + + icmp_specs["information-request"] = std::pair(15, 0); + + icmp_specs["information-reply"] = std::pair(16, 0); + + icmp_specs["address-mask-request"] = std::pair(17, 0); + + icmp_specs["address-mask-reply"] = std::pair(18, 0); +} + + + +IPTImporter::~IPTImporter() +{ + clear(); +} + +void IPTImporter::clear() +{ + Importer::clear(); + if (!src_port_list.empty()) src_port_list.clear(); + if (!dst_port_list.empty()) dst_port_list.clear(); + current_state = ""; + i_intf = ""; + o_intf = ""; + target = ""; + tmp_port_range_start = ""; + tmp_port_range_end = ""; + src_neg = dst_neg = srv_neg = intf_neg = false; + match_mark = ""; + limit_val = ""; + limit_suffix = ""; + limit_burst = ""; + if (!action_params.empty()) action_params.clear(); + nat_addr1 = ""; + nat_addr2 = ""; + nat_nm = ""; + nat_port_range_start = ""; + nat_port_range_end = ""; + +} + +void IPTImporter::startSrcMultiPort() +{ + src_port_list.clear(); +} + +void IPTImporter::pushTmpPortSpecToSrcPortList() +{ + src_port_list.push_back( + str_tuple( tmp_port_range_start, tmp_port_range_end ) ); +} + +void IPTImporter::startDstMultiPort() +{ + dst_port_list.clear(); +} + +void IPTImporter::pushTmpPortSpecToDstPortList() +{ + dst_port_list.push_back( + str_tuple( tmp_port_range_start, tmp_port_range_end ) ); +} + + +FWObject* IPTImporter::createAddress(const std::string &addr, + const std::string &netmask) +{ + return Importer::createAddress(addr, netmask); +} + +FWObject* IPTImporter::createICMPService() +{ + std::string icmpspec = strip(icmp_spec); + if (!icmpspec.empty()) + { + // Cisco is trying to be too helpful, they translate many + // icmp type/code combinations into stings + if (icmp_specs.count(icmpspec)!=0) + { + std::pair pp = icmp_specs[icmpspec]; + std::ostringstream s1, s2; + s1 << pp.first; + icmp_type = s1.str(); + s2 << pp.second; + icmp_code = s2.str(); + } else + { + markCurrentRuleBad( + std::string("Import of icmp protocol '") + icmp_spec + "' failed"); + icmp_code = "-1"; + icmp_type = "-1"; + } + } + icmp_spec = ""; + + return Importer::createICMPService(); +} + +FWObject* IPTImporter::createIPService() +{ + struct protoent *pe = getprotobyname(protocol.c_str()); + if (pe!=NULL) + { + std::ostringstream s; + s << pe->p_proto; + protocol = s.str(); + //free(pe); + } + return Importer::createIPService(); +} + +std::pair IPTImporter::convertPortRange(str_tuple &range, + const char *proto) +{ + return std::pair(convertPort(range.first,proto), + convertPort(range.second,proto)); +} + +int IPTImporter::convertPort(const std::string &port_spec, + const char *proto) +{ + int port = 0; + std::string ps = strip(port_spec); + if (ps=="") return 0; + + struct servent *se = getservbyname(ps.c_str(), proto); + if (se!=NULL) + { + port = ntohs(se->s_port); + //free(se); + return port; + } + + std::istringstream str1(ps); + str1.exceptions(std::ios::failbit); + try + { + str1 >> port; + } catch (const std::exception &ex) { + // could not convert port_spec to an integer + markCurrentRuleBad(std::string("Port spec '") + port_spec + + "' unknown. Error " + ex.what()); + } + return port; +} + +FWObject* IPTImporter::createTCPUDPService(str_tuple &src_range, + str_tuple &dst_range, + const std::string &proto) +{ + if (fwbdebug) + { + qDebug(QString("Creating %1 service").arg(proto.c_str()).toAscii().constData()); + qDebug(QString("src range: %1 - %2") + .arg(src_range.first.c_str()) + .arg(src_range.second.c_str()).toAscii().constData()); + qDebug(QString("dst range: %1 - %2") + .arg(dst_range.first.c_str()) + .arg(dst_range.second.c_str()).toAscii().constData()); + } + +// std::string name = proto + " " +// + src_range.first + "-" + src_range.second + +// + ":" +// + dst_range.first + "-" + dst_range.second; + + std::pair pr = convertPortRange(src_range, proto.c_str()); + int srs = pr.first; + int sre = pr.second; + + pr = convertPortRange(dst_range, proto.c_str()); + int drs = pr.first; + int dre = pr.second; + + FWObject *o; + if (proto=="tcp") + { + o = getTCPService(srs,sre, + drs,dre, + established, + tcp_flags_mask,tcp_flags_comp); + } else + o = getUDPService(srs,sre,drs,dre); + return o; +} + +FWObject* IPTImporter::createTCPUDPService(const std::string &proto) +{ + str_tuple empty_range("0","0"); + + // use src_port_list and dst_port_list + // if this is multiport, should only be either src or dst port + // + if (src_port_list.size()>1 || dst_port_list.size()>1) + { + std::list olist; + std::list list_names; + std::list::iterator i; + + std::list *list_ptr; + if (src_port_list.size()>1) list_ptr = &src_port_list; + else list_ptr = &dst_port_list; + + std::string sig; + if (src_port_list.size()>1) sig = proto + " src "; + else sig = proto + " dst "; + for (i = list_ptr->begin(); i != list_ptr->end(); ++i) + { + sig += (*i).first + ":" + (*i).second + "_"; + } + if (all_objects.count(sig)!=0) return all_objects[sig]; + + for (i = list_ptr->begin(); i != list_ptr->end(); ++i) + { + FWObject *o; + + o = createTCPUDPService( + (list_ptr == &src_port_list) ? *i : empty_range, + (list_ptr == &dst_port_list) ? *i : empty_range, + proto); + + olist.push_back(o); + list_names.push_back(o->getName()); + } + + std::ostringstream s; + s << service_group_name_seed; + service_group_name_seed++; + std::string name = proto + " group " + s.str(); + + if (fwbdebug) + qDebug(QString("Group of %1 services with name '%2', sig '%3'").arg(proto.c_str()).arg(name.c_str()).arg(sig.c_str()).toAscii().constData()); + + ServiceGroup *sg = ServiceGroup::cast(createObject(ServiceGroup::TYPENAME, name)); + for (FWObject::iterator j=olist.begin(); j!=olist.end(); ++j) + { + sg->addRef(*j); + } + all_objects[sig] = sg; + return sg; + + } else // single tcp/udp object + { + return createTCPUDPService( + (src_port_list.size()>0) ? src_port_list.front() : empty_range, + (dst_port_list.size()>0) ? dst_port_list.front() : empty_range, + proto); + } +} + +FWObject* IPTImporter::createTCPService() +{ + return createTCPUDPService("tcp"); +} + +FWObject* IPTImporter::createUDPService() +{ + return createTCPUDPService("udp"); +} + +void IPTImporter::addSrv() +{ + PolicyRule *rule = PolicyRule::cast(current_rule); + RuleElementSrv* srv = rule->getSrv(); + assert(srv!=NULL); + + if (match_mark.empty()) + { + Importer::addSrv(); + return; + } + + srv->addRef( getTagService(match_mark) ); +} + +void IPTImporter::pushRule() +{ + assert(current_ruleset!=NULL); + if (current_rule==NULL) return; + + if (current_table=="nat") pushNATRule(); + else pushPolicyRule(); +} + +void IPTImporter::pushPolicyRule() +{ + // populate all elements of the rule + + PolicyRule *rule = PolicyRule::cast(current_rule); + rule->setLogging(false); + + FWOptions *fwopt = getFirewallObject()->getOptionsObject(); + assert(fwopt!=NULL); + + FWOptions *ropt = current_rule->getOptionsObject(); + assert(ropt!=NULL); + + bool skip_rule = false; + + PolicyRule::Action action = PolicyRule::Unknown; + + if (target=="ACCEPT") action = PolicyRule::Accept; + if (target=="DROP") action = PolicyRule::Deny; + if (target=="REJECT") + { + action = PolicyRule::Reject; + if (action_params["reject_with"]=="tcp-reset") + ropt->setStr("action_on_reject", "TCP RST"); + else + ropt->setStr("action_on_reject", action_params["reject_with"]); + } + if (target=="QUEUE") action = PolicyRule::Pipe; + if (target=="CLASSIFY") action = PolicyRule::Classify; + if (target=="LOG") + { + action = PolicyRule::Continue; + rule->setLogging(true); + ropt->setStr("log_prefix", action_params["log_prefix"]); + ropt->setStr("log_tcp_seq", action_params["log_tcp_seq"]); + ropt->setStr("log_tcp_options", action_params["log_tcp_options"]); + ropt->setStr("log_ip_options", action_params["log_ip_options"]); + ropt->setStr("log_level", action_params["log_level"]); + if (!limit_val.empty()) + { + ropt->setStr("limit_value", limit_val); + ropt->setStr("limit_suffix", std::string("/")+limit_suffix); + if (!limit_burst.empty()) + ropt->setStr("limit_burst", limit_burst); + } + } + if (target=="ULOG") + { + action = PolicyRule::Continue; + rule->setLogging(true); + fwopt->setBool("use_ULOG", true); + ropt->setStr("log_prefix", action_params["log_prefix"]); + } + if (target=="MARK") + { + action = PolicyRule::Tag; + last_mark_rule = rule; + ropt->setStr("tagvalue", action_params["set_mark"]); +// if (current_chain=="PREROUTING") +// ropt->setBool("ipt_mark_prerouting",true); + } + if (target=="CONNMARK") action = PolicyRule::Continue; + + if (target=="ROUTE") + { + action = PolicyRule::Route; + + if (!action_params["route_iif"].empty()) + newInterface(action_params["route_iif"]); + if (!action_params["route_oif"].empty()) + newInterface(action_params["route_oif"]); + + ropt->setStr("ipt_iif", action_params["route_iif"]); + ropt->setStr("ipt_oif", action_params["route_oif"]); + ropt->setStr("ipt_gw", action_params["route_gw"]); + ropt->setBool("ipt_continue", !action_params["route_continue"].empty()); + ropt->setBool("ipt_tee", !action_params["route_tee"].empty()); + } + if (target=="RETURN") + { + action = PolicyRule::Continue; + } + + if (action==PolicyRule::Unknown) + { + // unknown target, consider it a branch + // NOTE: + // as of fwbuilder v2.1, branch ruleset is a child object of + // PolicyRule. This means two different rules can not point at the same + // branch ruleset. This is unfortunate. To fix this we need + // to change XML DTD and API. Will do this in 3.0 + // Meanwhile, have to check if branch ruleset with requested name + // already exists and change the name by adding suffix '1', '2' etc + // to make it different. + // + std::string branch_ruleset_name = target; + bool duplicate_branch = false; + int cntr = 0; + action = PolicyRule::Branch; + UnidirectionalRuleSet *rs = NULL; + while (true) + { + rs = branch_rulesets[branch_ruleset_name]; + if (rs==NULL) + { + rs = getUnidirRuleSet(branch_ruleset_name); + break; + } else + { + std::ostringstream ostr; + ostr << ++cntr; + branch_ruleset_name = target + ostr.str(); + duplicate_branch = true; + } + } + + current_rule->add(rs->ruleset); + ropt->setStr("branch_name", branch_ruleset_name); + getFirewallObject()->remove(rs->ruleset, false); + branch_rulesets[branch_ruleset_name] = rs; + + if (duplicate_branch) + markCurrentRuleBad( + std::string("Rule passes control to branch ") + target + + std::string( + " which \n" + "is already used by some rule prior to this one. \n" + "fwbuilder 2.1 does not support multiple rules \n" + "passing control to the same branch. This will \n" + "be fixed in the next major release (v3.0)")); + + } + + rule->setAction(action); + + if (target!="LOG" && !limit_val.empty()) + { + ropt->setStr("limit_value", limit_val); + ropt->setStr("limit_suffix", std::string("/") + limit_suffix); + if (!limit_burst.empty()) + ropt->setStr("limit_burst", limit_burst); + } + + addSrc(); + addDst(); + addSrv(); + +/* Recognize some typical rule patterns and set firewall and rule + * options appropriately + */ + if (current_state=="NEW") + { + ropt->setBool("stateless", false); + } + RuleElementSrc *nsrc; + RuleElementDst *ndst; + + rule->getSrc()->setNeg(src_neg); + rule->getDst()->setNeg(dst_neg); + rule->getSrv()->setNeg(srv_neg); + rule->getItf()->setNeg(intf_neg); + + if (rule->getSrc()->isAny() && + rule->getDst()->isAny() && + rule->getSrv()->isAny() && + current_state == "RELATED,ESTABLISHED") + { + fwopt->setBool("accept_established", true); + skip_rule = true; + *Importer::logger + << "Using automatic rule controlled by option " + << "'Accept established,related states' to match " + << "states RELATED,ESTABLISHED" + << "\n"; + } + + if (rule->getSrc()->isAny() && + rule->getDst()->isAny() && + rule->getSrv()->isAny() && + current_state == "INVALID") + { + if (target=="DROP") fwopt->setBool("drop_invalid", true); + if (target=="LOG") fwopt->setBool("log_invalid", true); + skip_rule = true; + *Importer::logger + << "Using automatic rule controlled by option " + << "'Drop packet that do not match any known connection' to match " + << "state INVALID" + << "\n"; + } + + if (target=="CONNMARK" && + last_mark_rule != NULL && + !action_params["connmark_save_mark"].empty()) + { + FWOptions *lmr_ropt = last_mark_rule->getOptionsObject(); + assert(lmr_ropt!=NULL); + lmr_ropt->setBool("ipt_mark_connections", true); + skip_rule = true; + *Importer::logger + << "Turned option on in previous rule with action Mark " + << "for '-j CONNMARK --save-mark' " + << "\n"; + } + + if (target=="CONNMARK" && + !action_params["connmark_restore_mark"].empty()) + { + // this rule is added automatically in + // MangleTableCompiler_ipt::flushAndSetDefaultPolicy() + // if we have at least one rule with CONNMARK target in the policy + skip_rule = true; + *Importer::logger + << "Skip command with '-j CONNMARK --restore-mark' " + << "This rule is generated automatically." + << "\n"; + } + + if (!skip_rule) + { +/* we set "firewall_is_part_of_any_and_networks" to False */ + rule_comment += std::string("\n") + "Chain " + current_chain + ". "; + + if (current_chain=="INPUT") + { + ndst = rule->getDst(); + if (ndst->isAny()) ndst->addRef(getFirewallObject()); + else + rule_comment += "Does DST match one of the firewall's addresses?"; + } + + if (current_chain=="OUTPUT") + { + nsrc = rule->getSrc(); + if (nsrc->isAny()) nsrc->addRef(getFirewallObject()); + else + rule_comment += "Does SRC match one of the firewall's addresses?"; + } + + // add rule to the right ruleset + std::string ruleset_name = ""; + if (current_chain=="INPUT" || + current_chain=="OUTPUT" || + current_chain=="FORWARD" || + current_chain=="PREROUTING" || + current_chain=="POSTROUTING") ruleset_name = "filter"; + else + ruleset_name = current_chain; + + UnidirectionalRuleSet *rs = getUnidirRuleSet(ruleset_name); + assert(rs!=NULL); + rs->ruleset->add(current_rule); + + rule->setDirection(PolicyRule::Both); + + if ( !i_intf.empty() && !o_intf.empty()) + { + markCurrentRuleBad( + std::string("Can not set inbound and outbound interface simultaneously. Was: -i ") + i_intf + " -o " + o_intf); + } else + { + if ( !i_intf.empty()) + { + rule->setDirection(PolicyRule::Inbound); + newInterface(i_intf); + Interface *intf = all_interfaces[i_intf]; + RuleElementItf* re =rule->getItf(); + re->addRef(intf); + } + + if ( !o_intf.empty()) + { + rule->setDirection(PolicyRule::Outbound); + newInterface(o_intf); + Interface *intf = all_interfaces[o_intf]; + RuleElementItf* re =rule->getItf(); + re->addRef(intf); + } + } + + current_rule->setComment(rule_comment); + + } + +// *Importer::logger << "Rule: " << rule->getActionAsString() << " " +// << "protocol=" << protocol << " " +// << "src=" << src_a << "/" << src_nm << " "; +// if (dst_a!="") +// *Importer::logger << "dst=" << dst_a << "/" << dst_nm << " "; +// *Importer::logger << "\n"; + + current_rule = NULL; + rule_comment = ""; + + clear(); +} + +void IPTImporter::pushNATRule() +{ + // populate all elements of the rule + + NATRule *rule = NATRule::cast(current_rule); + + FWOptions *fwopt = getFirewallObject()->getOptionsObject(); + assert(fwopt!=NULL); + + FWOptions *ropt = current_rule->getOptionsObject(); + assert(ropt!=NULL); + + addOSrc(); + addODst(); + addOSrv(); + + if (src_nm.empty()) src_nm = "255.255.255.255"; + if (dst_nm.empty()) dst_nm = "255.255.255.255"; + if (nat_nm.empty()) nat_nm = "255.255.255.255"; + + if (target=="ACCEPT") + { + rule->setRuleType(NATRule::NONAT); + } + if (target=="MASQUERADE") + { + rule->setRuleType(NATRule::Masq); + RuleElementTSrc *re = rule->getTSrc(); + assert(re!=NULL); + if ( !o_intf.empty() ) + { + newInterface(o_intf); + Interface *intf = all_interfaces[o_intf]; + re->addRef(intf); + } else + { + re->addRef(getFirewallObject()); + } + } + if (target=="SNAT") + { + rule->setRuleType(NATRule::SNAT); + FWObject *tsrc = NULL; + if (nat_addr1!=nat_addr2) + tsrc = createAddressRange(nat_addr1, nat_addr2); + else + tsrc = createAddress(nat_addr1, nat_nm); + + RuleElementTSrc *re = rule->getTSrc(); + assert(re!=NULL); + re->addRef(tsrc); + + if (!nat_port_range_start.empty()) + { + str_tuple empty_range("0", "0"); + str_tuple nat_port_range(nat_port_range_start, nat_port_range_end); + FWObject *s = createTCPUDPService(nat_port_range, empty_range, + protocol); + RuleElementTSrv *re = rule->getTSrv(); + assert(re!=NULL); + re->addRef(s); + } + if (!o_intf.empty()) + markCurrentRuleBad( + std::string("Original rule defines outbound interface '") + o_intf + "'.\n Replace address in TSrc with matching interface of the firewall."); + + } + if (target=="DNAT") + { + rule->setRuleType(NATRule::DNAT); + FWObject *tdst = NULL; + if (nat_addr1!=nat_addr2) + tdst = createAddressRange(nat_addr1, nat_addr2); + else + tdst = createAddress(nat_addr1, nat_nm); + + RuleElementTDst *re = rule->getTDst(); + assert(re!=NULL); + re->addRef(tdst); + + if (!nat_port_range_start.empty()) + { + str_tuple empty_range("0", "0"); + str_tuple nat_port_range(nat_port_range_start, nat_port_range_end); + FWObject *s = createTCPUDPService(empty_range, nat_port_range, + protocol); + RuleElementTSrv *re = rule->getTSrv(); + assert(re!=NULL); + re->addRef(s); + } + if (!i_intf.empty()) + markCurrentRuleBad( + std::string("Original rule defines inbound interface '") + i_intf + "'.\n Replace address in ODst with matching interface of the firewall."); + + } + if (target=="NETMAP") + { + FWObject *o = NULL; + if (!src_a.empty()) + { + rule->setRuleType(NATRule::SNetnat); + o = createAddress(src_a, src_nm); + RuleElementOSrc *osrc = rule->getOSrc(); + osrc->addRef(o); + RuleElementTSrc *tsrc = rule->getTSrc(); + assert(tsrc!=NULL); + o = createAddress(nat_addr1, nat_nm); + tsrc->addRef(o); + } + if (!dst_a.empty()) + { + rule->setRuleType(NATRule::DNetnat); + o = createAddress(dst_a, dst_nm); + RuleElementOSrc *odst = rule->getOSrc(); + odst->addRef(o); + RuleElementTDst *tdst = rule->getTDst(); + assert(tdst!=NULL); + o = createAddress(nat_addr1, nat_nm); + tdst->addRef(o); + } + } + + current_rule->setComment(rule_comment); + + UnidirectionalRuleSet *rs = getUnidirRuleSet("nat"); + assert(rs!=NULL); + rs->ruleset->add(current_rule); + + + current_rule = NULL; + rule_comment = ""; + + clear(); +} + +Firewall* IPTImporter::finalize() +{ + // scan all UnidirectionalRuleSet objects, set interface and + // direction in all rules of corresponding RuleSet and merge all + // UnidirectionalRuleSet into one RuleSet object. Attach this + // object to the firewall. + + if (fwbdebug) qDebug("IPTImporter::finalize()"); + + if (haveFirewallObject()) + { + FWObject *f = getFirewallObject(); + f->setStr("host_OS", "linux24"); + + FWOptions *fwopt = Firewall::cast(f)->getOptionsObject(); + assert(fwopt!=NULL); + + fwopt->setBool("firewall_is_part_of_any_and_networks", false); + + FWObject *policy = + getFirewallObject()->getFirstByType(Policy::TYPENAME); + assert( policy!=NULL ); + + UnidirectionalRuleSet *rs = getUnidirRuleSet("filter"); + assert(rs!=NULL); + + FWObject::iterator i; + for (i=rs->ruleset->begin(); i!=rs->ruleset->end(); ++i) + { + policy->add(*i); + } + + // call clearChidren() not recursive because children objects + // of all rules should not be deleted + rs->ruleset->clearChildren(false); + getFirewallObject()->remove(rs->ruleset, false); + delete rs->ruleset; + + + FWObject *nat = + getFirewallObject()->getFirstByType(NAT::TYPENAME); + assert( nat!=NULL ); + + rs = getUnidirRuleSet("nat"); + if (rs!=NULL) + { + for (i=rs->ruleset->begin(); i!=rs->ruleset->end(); ++i) + { + nat->add(*i); + } + + rs->ruleset->clearChildren(false); + getFirewallObject()->remove(rs->ruleset, false); + delete rs->ruleset; + } + + return getFirewallObject(); + } + else + return NULL; +} diff --git a/src/gui/IPTImporter.h b/src/gui/IPTImporter.h new file mode 100644 index 000000000..fd29faf40 --- /dev/null +++ b/src/gui/IPTImporter.h @@ -0,0 +1,137 @@ +/* + + Firewall Builder + + Copyright (C) 2007 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: IPTImporter.h,v 1.6 2007/08/06 07:07:22 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef _FWB_POLICY_IMPORTER_IPT_H_ +#define _FWB_POLICY_IMPORTER_IPT_H_ + +#include +#include +#include +#include +#include + +#include "Importer.h" +#include "fwbuilder/Logger.h" + + +typedef std::pair str_tuple; + +class IPTImporter : public Importer { + + libfwbuilder::Logger *logger; + + std::map > icmp_specs; + + + libfwbuilder::FWObject* createTCPUDPService(str_tuple &src_range, + str_tuple &dst_range, + const std::string &proto); + + libfwbuilder::FWObject* createTCPUDPService(const std::string &proto); + + virtual libfwbuilder::FWObject* createAddress(const std::string &a, + const std::string &nm); + virtual libfwbuilder::FWObject* createIPService(); + virtual libfwbuilder::FWObject* createICMPService(); + virtual libfwbuilder::FWObject* createTCPService(); + virtual libfwbuilder::FWObject* createUDPService(); + + std::pair convertPortRange(str_tuple &range, const char *proto); + int convertPort(const std::string &port_spec, const char *proto); + + virtual void addSrv(); + + public: + + int service_group_name_seed; + + std::string current_table; + std::string current_chain; + std::string current_state; + + std::string i_intf; + std::string o_intf; + std::string target; + + std::string tmp_port_range_start; + std::string tmp_port_range_end; + + std::list src_port_list; + std::list dst_port_list; + + std::map action_params; + + // need to keep track of branches in 2.1 + // should not be neccessary in 3.0 when multiple + // rule can refer to the same branch ruleset + std::map branch_rulesets; + + std::string match_mark; + + bool src_neg; + bool dst_neg; + bool srv_neg; + bool intf_neg; + + std::string limit_val; + std::string limit_suffix; + std::string limit_burst; + + std::string nat_addr1; + std::string nat_addr2; + std::string nat_nm; + std::string nat_port_range_start; + std::string nat_port_range_end; + + + libfwbuilder::PolicyRule *last_mark_rule; + + IPTImporter(libfwbuilder::FWObject *lib, + std::istringstream &input, + libfwbuilder::Logger *log); + ~IPTImporter(); + + virtual void run(); + virtual void clear(); + + void startSrcMultiPort(); + void pushTmpPortSpecToSrcPortList(); + + void startDstMultiPort(); + void pushTmpPortSpecToDstPortList(); + + void pushPolicyRule(); + void pushNATRule(); + + virtual void pushRule(); + + // this method actually adds interfaces to the firewall object + // and does final clean up. + virtual libfwbuilder::Firewall* finalize(); + +}; + +#endif diff --git a/src/gui/IPTImporterRun.cpp b/src/gui/IPTImporterRun.cpp new file mode 100644 index 000000000..08bc6fcf3 --- /dev/null +++ b/src/gui/IPTImporterRun.cpp @@ -0,0 +1,88 @@ +/* + + Firewall Builder + + Copyright (C) 2007 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: IPTImporterRun.cpp,v 1.2 2007/08/06 07:07:22 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" + +#include "IPTImporter.h" + +#include + +#include +#include +#include + +#ifdef HAVE_ANTLR_RUNTIME +#include + +// parser and lexer for files produced by iptables-save +#include "../parsers/IPTCfgLexer.hpp" +#include "../parsers/IPTCfgParser.hpp" + +#endif + +/* + * Only this module depends on IPTCfgLexer and IPTCfgParser, + * so only this file is recompiled when we change grammar + */ + +void IPTImporter::run() +{ +#ifdef HAVE_ANTLR_RUNTIME +// it is probably safer to create an empty firewall if we do not have +// ANTLR on the system rather than try to #ifdef out chunks of code +// here and there in this module +// +// Obviously we should disable GUI elements that activate this importer +// if ANTLR runtime is not available. +// + + std::string err; + std::ostringstream parser_debug; + + IPTCfgLexer lexer(input); + IPTCfgParser parser(lexer); + parser.importer = this; + if (fwbdebug) parser.dbg = &std::cerr; + else parser.dbg = &parser_debug; + + try + { + current_ruleset = getUnidirRuleSet("Policy"); // creates if new + + parser.cfgfile(); + } catch(ANTLR_USE_NAMESPACE(antlr)ANTLRException &e) + { + err = e.toString().c_str(); + } catch(std::exception& e) + { + err = e.what() ; + } + + if (!err.empty()) throw ImporterException(err); + +#endif +} + diff --git a/src/gui/IPv4Dialog.cpp b/src/gui/IPv4Dialog.cpp new file mode 100644 index 000000000..3836de365 --- /dev/null +++ b/src/gui/IPv4Dialog.cpp @@ -0,0 +1,295 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: IPv4Dialog.cpp,v 1.28 2007/04/14 00:18:43 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "IPv4Dialog.h" +#include "ObjectManipulator.h" + +#include "fwbuilder/Library.h" +#include "fwbuilder/IPv4.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/FWException.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +using namespace std; +using namespace libfwbuilder; + +IPv4Dialog::IPv4Dialog(QWidget *parent) : QWidget(parent) +{ + m_dialog = new Ui::IPv4Dialog_q; + m_dialog->setupUi(this); + obj=NULL; +} + +IPv4Dialog::~IPv4Dialog() +{ + delete m_dialog; +} + +void IPv4Dialog::loadFWObject(FWObject *o) +{ + obj=o; + IPv4 *s = dynamic_cast(obj); + assert(s!=NULL); + + dnsBusy=false; + init=true; + + fillLibraries(m_dialog->libs,obj); + + m_dialog->obj_name->setText( QString::fromUtf8(s->getName().c_str()) ); + m_dialog->comment->setText( QString::fromUtf8(s->getComment().c_str()) ); + +/* + * if this is an address that belongs to an interface, we can't move + * it from library to library just like that. Only IPv4 objects that + * belong to the standard group "Addresses" can be moved. + */ + if ( Interface::isA( obj->getParent() ) ) + { + showNetmask=true; + m_dialog->libs->setEnabled( false ); + m_dialog->netmaskLabel->show(); + m_dialog->netmask->show(); + } else + { + showNetmask=false; + m_dialog->libs->setEnabled( true ); + m_dialog->netmaskLabel->hide(); + m_dialog->netmask->hide(); + } + +/* catch exceptions separately so even if we have a bad address, we + * still can show netmask */ + try + { + m_dialog->address->setText( s->getAddress().toString().c_str() ); + } catch (FWException &ex) {} + + try + { + if ( Interface::isA( obj->getParent() ) ) + m_dialog->netmask->setText( s->getNetmask().toString().c_str() ); + } catch (FWException &ex) {} + + //apply->setEnabled( false ); + + m_dialog->obj_name->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->obj_name); + + m_dialog->libs->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->libs); + + m_dialog->address->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->address); + + m_dialog->netmask->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->netmask); + + m_dialog->comment->setReadOnly(o->isReadOnly()); + setDisabledPalette(m_dialog->comment); + + + + init=false; +} + +void IPv4Dialog::changed() +{ + //apply->setEnabled( true ); + emit changed_sign(); +} + +void IPv4Dialog::validate(bool *res) +{ + *res=true; + + if (!isTreeReadWrite(this,obj)) { *res=false; return; } + if (!validateName(this,obj,m_dialog->obj_name->text())) { *res=false; return; } + + IPv4 *s = dynamic_cast(obj); + assert(s!=NULL); + try + { + IPAddress( m_dialog->address->text().toLatin1().constData() ); + } catch (FWException &ex) + { + *res=false; + QMessageBox::critical(this, "Firewall Builder", + tr("Illegal IP address '%1'").arg(m_dialog->address->text()), + tr("&Continue"), 0, 0, + 0 ); + } + + if ( showNetmask ) + { + try + { + Netmask( m_dialog->netmask->text().toLatin1().constData() ); + } catch (FWException &ex) + { + *res=false; + QMessageBox::critical(this, "Firewall Builder", + tr("Illegal netmask '%1'").arg(m_dialog->netmask->text()), + tr("&Continue"), 0, 0, + 0 ); + } + } +} + +void IPv4Dialog::isChanged(bool *res) +{ + //*res=(!init && apply->isEnabled()); + +} + +void IPv4Dialog::libChanged() +{ + changed(); +} + +void IPv4Dialog::applyChanges() +{ + IPv4 *s = dynamic_cast(obj); + assert(s!=NULL); + + string oldname=obj->getName(); + obj->setName( string(m_dialog->obj_name->text().toUtf8().constData()) ); + obj->setComment( string(m_dialog->comment->toPlainText().toUtf8().constData()) ); + + try + { + s->setAddress( m_dialog->address->text().toLatin1().constData() ); + } catch (FWException &ex) { } + + if ( showNetmask ) + { + try + { + s->setNetmask( m_dialog->netmask->text().toLatin1().constData() ); + } catch (FWException &ex) { } + } else + s->setNetmask( "255.255.255.255" ); + + om->updateObjName(obj,QString::fromUtf8(oldname.c_str())); + + init=true; + +/* move to another lib if we have to */ + if ( ! Interface::isA( obj->getParent() ) && + m_dialog->libs->currentText() != QString(obj->getLibrary()->getName().c_str())) + om->moveObject(m_dialog->libs->currentText(), obj); + + init=false; + + //apply->setEnabled( false ); + om->updateLastModifiedTimestampForAllFirewalls(obj); +} + +void IPv4Dialog::discardChanges() +{ + loadFWObject(obj); +} + +void IPv4Dialog::DNSlookup() +{ + if (fwbdebug) + qDebug("IPv4Dialog::DNSlookup() dnsBusy=%d", dnsBusy); + + if (!dnsBusy) + { + QString name = m_dialog->obj_name->text(); + if (fwbdebug) qDebug("IPv4Dialog::DNSlookup() name=%s", name.toAscii().constData()); + dnsBusy=true; + QApplication::setOverrideCursor( QCursor( Qt::WaitCursor) ); + QString addr = getAddrByName(name); + QApplication::restoreOverrideCursor(); + dnsBusy=false; + if (fwbdebug) qDebug("IPv4Dialog::DNSlookup() done"); + + if (! addr.isEmpty()) + { + m_dialog->address->setText( addr ); + return; + } + + if ( Interface::isA(obj->getParent()) ) + { + FWObject *host = obj->getParent()->getParent(); + assert(host!=NULL); + name = host->getName().c_str(); + + if (fwbdebug) qDebug("IPv4Dialog::DNSlookup() name=%s", + name.toAscii().constData()); + dnsBusy=true; + QApplication::setOverrideCursor( QCursor( Qt::WaitCursor) ); + QString addr = getAddrByName(name); + QApplication::restoreOverrideCursor(); + dnsBusy=false; + if (fwbdebug) qDebug("IPv4Dialog::DNSlookup() done"); + if ( ! addr.isEmpty()) + { + m_dialog->address->setText( addr ); + return; + } + QMessageBox::warning( + this,"Firewall Builder", + tr("DNS lookup failed for both names of the address object '%1' and the name of the host '%2'.") + .arg(m_dialog->obj_name->text()).arg(name), + "&Continue", QString::null,QString::null, 0, 1 ); + return; + } + QMessageBox::warning( + this,"Firewall Builder", + tr("DNS lookup failed for name of the address object '%1'.") + .arg(name), + "&Continue", QString::null,QString::null, 0, 1 ); + return; + } +} + +void IPv4Dialog::closeEvent(QCloseEvent *e) +{ + if (fwbdebug) + qDebug("IPv4Dialog::closeEvent got close event: %p",e); + emit close_sign(e); +} + diff --git a/src/gui/IPv4Dialog.h b/src/gui/IPv4Dialog.h new file mode 100644 index 000000000..fd6060cfe --- /dev/null +++ b/src/gui/IPv4Dialog.h @@ -0,0 +1,75 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: IPv4Dialog.h,v 1.11 2006/05/13 06:53:05 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __IPV4DIALOG_H_ +#define __IPV4DIALOG_H_ + +#include "config.h" +#include +#include + +#include "fwbuilder/FWObject.h" + +class QDns; + +class IPv4Dialog : public QWidget +{ + Q_OBJECT + + libfwbuilder::FWObject *obj; + bool init; + bool showNetmask; + bool dnsBusy; + //QDns *lookup; + Ui::IPv4Dialog_q *m_dialog; + + public: + IPv4Dialog(QWidget *parent); + ~IPv4Dialog(); + virtual void closeEvent(QCloseEvent *e); + +public slots: + virtual void changed(); + virtual void libChanged(); + virtual void applyChanges(); + virtual void discardChanges(); + virtual void loadFWObject(libfwbuilder::FWObject *obj); + virtual void validate(bool*); + virtual void isChanged(bool*); + virtual void DNSlookup(); + + signals: +/** + * This signal is emitted from closeEvent, ObjectEditor connects + * to this signal to make checks before the object editor can be closed + * and to store its position on the screen + */ + void close_sign(QCloseEvent *e); + void changed_sign(); + +}; + +#endif // IPV4DIALOG_H diff --git a/src/gui/Icons/accept_25.png b/src/gui/Icons/accept_25.png new file mode 100644 index 000000000..c09afd8a6 Binary files /dev/null and b/src/gui/Icons/accept_25.png differ diff --git a/src/gui/Icons/accounting_25.png b/src/gui/Icons/accounting_25.png new file mode 100644 index 000000000..878339b12 Binary files /dev/null and b/src/gui/Icons/accounting_25.png differ diff --git a/src/gui/Icons/address-neg_25.png b/src/gui/Icons/address-neg_25.png new file mode 100644 index 000000000..481f551b3 Binary files /dev/null and b/src/gui/Icons/address-neg_25.png differ diff --git a/src/gui/Icons/address-ref_25.png b/src/gui/Icons/address-ref_25.png new file mode 100644 index 000000000..546e514b4 Binary files /dev/null and b/src/gui/Icons/address-ref_25.png differ diff --git a/src/gui/Icons/address_16.png b/src/gui/Icons/address_16.png new file mode 100644 index 000000000..5fb9cacb6 Binary files /dev/null and b/src/gui/Icons/address_16.png differ diff --git a/src/gui/Icons/address_25.png b/src/gui/Icons/address_25.png new file mode 100644 index 000000000..850d70bdb Binary files /dev/null and b/src/gui/Icons/address_25.png differ diff --git a/src/gui/Icons/addresstable-neg_25.png b/src/gui/Icons/addresstable-neg_25.png new file mode 100644 index 000000000..9464ba70a Binary files /dev/null and b/src/gui/Icons/addresstable-neg_25.png differ diff --git a/src/gui/Icons/addresstable-ref_25.png b/src/gui/Icons/addresstable-ref_25.png new file mode 100644 index 000000000..fd97da6c9 Binary files /dev/null and b/src/gui/Icons/addresstable-ref_25.png differ diff --git a/src/gui/Icons/addresstable_16.png b/src/gui/Icons/addresstable_16.png new file mode 100644 index 000000000..49b3c7a66 Binary files /dev/null and b/src/gui/Icons/addresstable_16.png differ diff --git a/src/gui/Icons/addresstable_25.png b/src/gui/Icons/addresstable_25.png new file mode 100644 index 000000000..acc58c637 Binary files /dev/null and b/src/gui/Icons/addresstable_25.png differ diff --git a/src/gui/Icons/apply.png b/src/gui/Icons/apply.png new file mode 100644 index 000000000..58a64cfc4 Binary files /dev/null and b/src/gui/Icons/apply.png differ diff --git a/src/gui/Icons/back_25.png b/src/gui/Icons/back_25.png new file mode 100644 index 000000000..2e09c9875 Binary files /dev/null and b/src/gui/Icons/back_25.png differ diff --git a/src/gui/Icons/back_32.png b/src/gui/Icons/back_32.png new file mode 100644 index 000000000..c3cb70048 Binary files /dev/null and b/src/gui/Icons/back_32.png differ diff --git a/src/gui/Icons/big-down-arrow.png b/src/gui/Icons/big-down-arrow.png new file mode 100644 index 000000000..f181a7131 Binary files /dev/null and b/src/gui/Icons/big-down-arrow.png differ diff --git a/src/gui/Icons/big-left-arrow.png b/src/gui/Icons/big-left-arrow.png new file mode 100644 index 000000000..5a1fe9203 Binary files /dev/null and b/src/gui/Icons/big-left-arrow.png differ diff --git a/src/gui/Icons/big-right-arrow.png b/src/gui/Icons/big-right-arrow.png new file mode 100644 index 000000000..d16216cad Binary files /dev/null and b/src/gui/Icons/big-right-arrow.png differ diff --git a/src/gui/Icons/big-up-arrow.png b/src/gui/Icons/big-up-arrow.png new file mode 100644 index 000000000..4bb674b4b Binary files /dev/null and b/src/gui/Icons/big-up-arrow.png differ diff --git a/src/gui/Icons/binoculars64.png b/src/gui/Icons/binoculars64.png new file mode 100644 index 000000000..9f216506b Binary files /dev/null and b/src/gui/Icons/binoculars64.png differ diff --git a/src/gui/Icons/blank.png b/src/gui/Icons/blank.png new file mode 100644 index 000000000..5f83c1d8d Binary files /dev/null and b/src/gui/Icons/blank.png differ diff --git a/src/gui/Icons/blank_2x16.png b/src/gui/Icons/blank_2x16.png new file mode 100644 index 000000000..ea0d76c83 Binary files /dev/null and b/src/gui/Icons/blank_2x16.png differ diff --git a/src/gui/Icons/books1.png b/src/gui/Icons/books1.png new file mode 100644 index 000000000..33b77ab89 Binary files /dev/null and b/src/gui/Icons/books1.png differ diff --git a/src/gui/Icons/both.png b/src/gui/Icons/both.png new file mode 100644 index 000000000..0a28c6bd2 Binary files /dev/null and b/src/gui/Icons/both.png differ diff --git a/src/gui/Icons/branch_25.png b/src/gui/Icons/branch_25.png new file mode 100644 index 000000000..1812ba811 Binary files /dev/null and b/src/gui/Icons/branch_25.png differ diff --git a/src/gui/Icons/cancel.png b/src/gui/Icons/cancel.png new file mode 100644 index 000000000..2d7c194c8 Binary files /dev/null and b/src/gui/Icons/cancel.png differ diff --git a/src/gui/Icons/cert_druid_logo.png b/src/gui/Icons/cert_druid_logo.png new file mode 100644 index 000000000..dbee5e6cd Binary files /dev/null and b/src/gui/Icons/cert_druid_logo.png differ diff --git a/src/gui/Icons/check.png b/src/gui/Icons/check.png new file mode 100644 index 000000000..cc702beac Binary files /dev/null and b/src/gui/Icons/check.png differ diff --git a/src/gui/Icons/classify_25.png b/src/gui/Icons/classify_25.png new file mode 100644 index 000000000..f39ca09dd Binary files /dev/null and b/src/gui/Icons/classify_25.png differ diff --git a/src/gui/Icons/clock-group-neg_25.png b/src/gui/Icons/clock-group-neg_25.png new file mode 100644 index 000000000..803dbe76f Binary files /dev/null and b/src/gui/Icons/clock-group-neg_25.png differ diff --git a/src/gui/Icons/clock-group-ref_25.png b/src/gui/Icons/clock-group-ref_25.png new file mode 100644 index 000000000..769fa89c4 Binary files /dev/null and b/src/gui/Icons/clock-group-ref_25.png differ diff --git a/src/gui/Icons/clock-group_16.png b/src/gui/Icons/clock-group_16.png new file mode 100644 index 000000000..303cbd2ed Binary files /dev/null and b/src/gui/Icons/clock-group_16.png differ diff --git a/src/gui/Icons/clock-group_25.png b/src/gui/Icons/clock-group_25.png new file mode 100644 index 000000000..14c9df34e Binary files /dev/null and b/src/gui/Icons/clock-group_25.png differ diff --git a/src/gui/Icons/clock-neg_25.png b/src/gui/Icons/clock-neg_25.png new file mode 100644 index 000000000..f9b09117e Binary files /dev/null and b/src/gui/Icons/clock-neg_25.png differ diff --git a/src/gui/Icons/clock-ref_25.png b/src/gui/Icons/clock-ref_25.png new file mode 100644 index 000000000..e486e2087 Binary files /dev/null and b/src/gui/Icons/clock-ref_25.png differ diff --git a/src/gui/Icons/clock_16.png b/src/gui/Icons/clock_16.png new file mode 100644 index 000000000..42792f75f Binary files /dev/null and b/src/gui/Icons/clock_16.png differ diff --git a/src/gui/Icons/clock_25.png b/src/gui/Icons/clock_25.png new file mode 100644 index 000000000..432b1da7a Binary files /dev/null and b/src/gui/Icons/clock_25.png differ diff --git a/src/gui/Icons/close.png b/src/gui/Icons/close.png new file mode 100644 index 000000000..9b7577e6a Binary files /dev/null and b/src/gui/Icons/close.png differ diff --git a/src/gui/Icons/compile_25.png b/src/gui/Icons/compile_25.png new file mode 100644 index 000000000..c2ee2d9f7 Binary files /dev/null and b/src/gui/Icons/compile_25.png differ diff --git a/src/gui/Icons/continue_25.png b/src/gui/Icons/continue_25.png new file mode 100644 index 000000000..69fd6177a Binary files /dev/null and b/src/gui/Icons/continue_25.png differ diff --git a/src/gui/Icons/custom_25.png b/src/gui/Icons/custom_25.png new file mode 100644 index 000000000..b7c0af58c Binary files /dev/null and b/src/gui/Icons/custom_25.png differ diff --git a/src/gui/Icons/deny_25.png b/src/gui/Icons/deny_25.png new file mode 100644 index 000000000..2d2b500a9 Binary files /dev/null and b/src/gui/Icons/deny_25.png differ diff --git a/src/gui/Icons/domainname-neg_25.png b/src/gui/Icons/domainname-neg_25.png new file mode 100644 index 000000000..10273d4ae Binary files /dev/null and b/src/gui/Icons/domainname-neg_25.png differ diff --git a/src/gui/Icons/domainname-ref_25.png b/src/gui/Icons/domainname-ref_25.png new file mode 100644 index 000000000..0a2fdf0ed Binary files /dev/null and b/src/gui/Icons/domainname-ref_25.png differ diff --git a/src/gui/Icons/domainname_16.png b/src/gui/Icons/domainname_16.png new file mode 100644 index 000000000..6f2a12928 Binary files /dev/null and b/src/gui/Icons/domainname_16.png differ diff --git a/src/gui/Icons/domainname_25.png b/src/gui/Icons/domainname_25.png new file mode 100644 index 000000000..a58a599b8 Binary files /dev/null and b/src/gui/Icons/domainname_25.png differ diff --git a/src/gui/Icons/down-arrow.png b/src/gui/Icons/down-arrow.png new file mode 100644 index 000000000..8a3dd5c91 Binary files /dev/null and b/src/gui/Icons/down-arrow.png differ diff --git a/src/gui/Icons/drag_object.png b/src/gui/Icons/drag_object.png new file mode 100644 index 000000000..4c1ca206c Binary files /dev/null and b/src/gui/Icons/drag_object.png differ diff --git a/src/gui/Icons/error.png b/src/gui/Icons/error.png new file mode 100644 index 000000000..912ff03bd Binary files /dev/null and b/src/gui/Icons/error.png differ diff --git a/src/gui/Icons/firewall-neg_25.png b/src/gui/Icons/firewall-neg_25.png new file mode 100644 index 000000000..eaf383bdd Binary files /dev/null and b/src/gui/Icons/firewall-neg_25.png differ diff --git a/src/gui/Icons/firewall-ref_25.png b/src/gui/Icons/firewall-ref_25.png new file mode 100644 index 000000000..a79178e95 Binary files /dev/null and b/src/gui/Icons/firewall-ref_25.png differ diff --git a/src/gui/Icons/firewall_16.png b/src/gui/Icons/firewall_16.png new file mode 100644 index 000000000..b18a8cee1 Binary files /dev/null and b/src/gui/Icons/firewall_16.png differ diff --git a/src/gui/Icons/firewall_25.png b/src/gui/Icons/firewall_25.png new file mode 100644 index 000000000..38b19b0e8 Binary files /dev/null and b/src/gui/Icons/firewall_25.png differ diff --git a/src/gui/Icons/firewall_64.png b/src/gui/Icons/firewall_64.png new file mode 100644 index 000000000..75db925a6 Binary files /dev/null and b/src/gui/Icons/firewall_64.png differ diff --git a/src/gui/Icons/firewall_64.xpm b/src/gui/Icons/firewall_64.xpm new file mode 100644 index 000000000..104caf63a --- /dev/null +++ b/src/gui/Icons/firewall_64.xpm @@ -0,0 +1,1666 @@ +/* XPM */ +static char *firewall_64[] = { +/* width height ncolors chars_per_pixel */ +"64 64 1595 2", +/* colors */ +" c #000000", +" . c #B1B1B1", +" X c #D2C2B7", +" o c #653114", +" O c #ECE5E1", +" + c #376099", +" @ c #5272A3", +" # c #983F0E", +" $ c #6A6868", +" % c #3A5271", +" & c #AFAFAF", +" * c #365E98", +" = c #C54E0C", +" - c #1A4C8D", +" ; c #9E9D9B", +" : c #355E97", +" > c #973D0D", +" , c #903E10", +" < c #6581AF", +" 1 c #C44C0B", +" 2 c #ADADAD", +" 3 c #903C10", +" 4 c #C5AB9D", +" 5 c #496FA4", +" 6 c #916349", +" 7 c #7F93B8", +" 8 c #184A8B", +" 9 c #BC4B0D", +" 0 c #302F2F", +" q c #ABABAB", +" w c #BB4B0C", +" e c #873B11", +" r c #BB490C", +" t c #7F858D", +" y c #803A14", +" u c #A7846F", +" i c #863910", +" p c #A9A9A9", +" a c #793B17", +" s c #7E3A12", +" d c #7F3813", +" f c #607BAA", +" g c #B2480D", +" h c #295795", +" j c #A7A7A7", +" k c #929499", +" l c #B2460D", +" z c #7D3811", +" x c #753913", +" c c #BDA595", +" v c #42679D", +" b c #215497", +" n c #265592", +" m c #996D54", +" M c #A9450E", +" N c #734832", +" B c #B2907D", +" V c #743512", +" C c #40659B", +" Z c #77492C", +" A c #A3A3A3", +" S c #A7430C", +" D c #446495", +" F c #878F98", +" G c #A0420F", +" H c #6B3413", +" J c #A1A1A1", +" K c #9F420E", +" L c #6E86B1", +" P c #A34308", +" I c #6D86B0", +" U c #6B778D", +" Y c #9F9F9F", +" T c #974110", +" R c #8E8D8B", +" E c #6B84AE", +" W c #963F0F", +" Q c #9D9D9D", +" ! c #963D0F", +" ~ c #5F5153", +" ^ c #4E70A2", +" / c #174C8D", +" ( c #285CA1", +" ) c #335C98", +" _ c #C24C0C", +" ` c #9B9B9B", +" ' c #325C97", +" ] c #315C96", +" [ c #C14A0B", +" { c #8C3C0F", +" } c #BFBEBB", +" | c #685E69", +". c #999999", +".. c #7F3C16", +".X c #843D11", +".o c #853B12", +".O c #8B3A0E", +".+ c #2F5A94", +".@ c #B9490D", +".# c #B8490C", +".$ c #CDCCCC", +".% c #979797", +".& c #B8470C", +".* c #798FB5", +".= c #124688", +".- c #6C717A", +".; c #4369A1", +".: c #82390F", +".> c #833710", +"., c #004594", +".< c #ABA8A4", +".1 c #5D7BAA", +".2 c #959595", +".3 c #0B346A", +".4 c #7B3812", +".5 c #8F5C40", +".6 c #AF460D", +".7 c #643623", +".8 c #96A0B7", +".9 c #7A3611", +".0 c #939393", +".q c #5B77A8", +".w c #BAC3D7", +".e c #596A85", +".r c #723713", +".t c #A6450E", +".y c #235392", +".u c #723513", +".i c #A6430E", +".p c #814725", +".a c #713512", +".s c #919191", +".d c #A5430D", +".f c #B8C1D5", +".g c #C6C6C5", +".h c #693614", +".j c #215190", +".k c #3C639A", +".l c #E1D6CF", +".z c #8C9BB7", +".x c #AFB3B5", +".c c #20518F", +".v c #8F8F8F", +".b c #898E93", +".n c #9BABC9", +".m c #8698BB", +".M c #6084BA", +".N c #9C400E", +".B c #8D8D8D", +".V c #4B4049", +".C c #704328", +".Z c #335E9B", +".A c #8C8B8C", +".S c #C84D0B", +".D c #8E3E14", +".F c #8B8B8B", +".G c #943D10", +".H c #6882AE", +".J c #B0AEAC", +".K c #983E0A", +".L c #6782AD", +".P c #415F8B", +".I c #97A7C5", +".U c #B0ACAC", +".Y c #7C93BB", +".T c #793F1D", +".R c #898989", +".E c #BF4C0C", +".W c #724020", +".Q c #6680AC", +".! c #913B0D", +".~ c #4A6EA1", +".^ c #BF4A0C", +"./ c #95A5C3", +".( c #893C0F", +".) c #8A3A10", +"._ c #878787", +".` c #BE480B", +".' c #BCBCBB", +".] c #823B12", +".[ c #804E31", +".{ c #536C96", +".} c #B6490D", +".| c #823912", +"X c #858585", +"X. c #B6470D", +"XX c #104689", +"Xo c #494F54", +"XO c #B29483", +"X+ c #803910", +"X@ c #9AA3B4", +"X# c #838383", +"X$ c #758DB4", +"X% c #CAB7AB", +"X& c #783812", +"X* c #758BB4", +"X= c #AC460D", +"X- c #AD440E", +"X; c #783612", +"X: c #5979A9", +"X> c #A57F69", +"X, c #818181", +"X< c #773611", +"X1 c #4B4C4C", +"X2 c #A3B0CA", +"X3 c #64575E", +"X4 c #495475", +"X5 c #889CC0", +"X6 c #6F3513", +"X7 c #A1AEC8", +"X8 c #A4A2A0", +"X9 c #7187B0", +"X0 c #CBD2E4", +"Xq c #6E3312", +"Xw c #A3A29F", +"Xe c #A2410D", +"Xr c #9B4210", +"Xt c #97684E", +"Xy c #1E4F90", +"Xu c #A2A09E", +"Xi c #39619A", +"Xp c #5473A4", +"Xa c #1D4F8F", +"Xs c #B4BDD4", +"Xd c #A1A09D", +"Xf c #9A400F", +"Xg c #1C4F8E", +"Xh c #9F7963", +"Xj c #7B7B7B", +"Xk c #ECE4E0", +"Xl c #A09E9C", +"Xz c #375F98", +"Xx c #8296BA", +"Xc c #1B4D8D", +"Xv c #7A4121", +"Xb c #9F9E9B", +"Xn c #B79C8B", +"Xm c #8196B9", +"XM c #C64D0C", +"XN c #1A4D8C", +"XB c #9C3F07", +"XV c #C54D0B", +"XC c #D0BFB4", +"XZ c #E4E3E2", +"XA c #AEAEAD", +"XS c #9E9C9A", +"XD c #926449", +"XF c #C54B0B", +"XG c #194B8B", +"XH c #AB8772", +"XJ c #8A3C13", +"XK c #98999E", +"XL c #777777", +"XP c #2D5A98", +"XI c #BC4A0C", +"XU c #11488D", +"XY c #667284", +"XT c #7B3C18", +"XR c #757575", +"XE c #9B9897", +"XW c #3F4040", +"XQ c #627EAB", +"X! c #DCCDC3", +"X~ c #873A10", +"X^ c #71819C", +"X/ c #456A9F", +"X( c #737373", +"X) c #824D2C", +"X_ c #90A1C1", +"X` c #B3470D", +"X' c #838386", +"X] c #8C5E43", +"X[ c #7E3711", +"X{ c #763A13", +"X} c #43689D", +"X| c #717171", +"o c #7D3710", +"o. c #0C4488", +"oX c #275692", +"oo c #A6A6A5", +"oO c #763813", +"o+ c #AA460E", +"o@ c #A3B0CD", +"o# c #757F8C", +"o$ c #7F8182", +"o% c #885C3F", +"o& c #753612", +"o* c #5F5D5C", +"o= c #A9440D", +"o- c #A4A4A3", +"o; c #6D3714", +"o: c #A9420D", +"o> c #65789A", +"o, c #6D6D6D", +"o< c #A1430F", +"o1 c #A0430E", +"o2 c #6F87B1", +"o3 c #A1410F", +"o4 c #A6420A", +"o5 c #6C3313", +"o6 c #5375A6", +"o7 c #A0410E", +"o8 c #6B6B6B", +"o9 c #6C85AE", +"o0 c #8296BD", +"oq c #9CAAC6", +"ow c #6F7986", +"oe c #97400F", +"or c #696969", +"ot c #5171A4", +"oy c #5071A3", +"ou c #5E6572", +"oi c #676767", +"op c #183C6C", +"oa c #C34D0C", +"os c #C4CCE0", +"od c #335D97", +"of c #174B8C", +"og c #8E3D10", +"oh c #DDCFC7", +"oj c #ADB9D0", +"ok c #883C14", +"ol c #9B9A9A", +"oz c #325B96", +"ox c #DCCFC6", +"oc c #7D92B8", +"ov c #16498B", +"ob c #A1A8B7", +"on c #9A9A99", +"om c #7C92B7", +"oM c #ACB7CF", +"oN c #C1AA9B", +"oB c #BA4A0D", +"oV c #8B3B0D", +"oC c #15478A", +"oZ c #B94A0C", +"oA c #DACDC4", +"oS c #7B90B6", +"oD c #144789", +"oF c #CECDCC", +"oG c #8A7365", +"oH c #B9480C", +"oJ c #395B89", +"oK c #BFA899", +"oL c #B8460B", +"oP c #703B1A", +"oI c #CCCBCA", +"oU c #B0470D", +"oY c #7C3712", +"oT c #5D7AA9", +"oR c #0B448A", +"oE c #4D6896", +"oW c #B0450D", +"oQ c #7B3711", +"o! c #8C9FC0", +"o~ c #743814", +"o^ c #949493", +"o/ c #5C78A8", +"o( c #733813", +"o) c #5B78A7", +"o_ c #7D492A", +"o` c #8B9DBF", +"o' c #5D5D5D", +"o] c #A7440E", +"o[ c #723612", +"o{ c #3F649C", +"o} c #713611", +"o| c #235291", +"O c #723412", +"O. c #225290", +"OX c #12407D", +"Oo c #713411", +"OO c #5B5B5B", +"O+ c #889BBC", +"O@ c #A5420C", +"O# c #E1D5CE", +"O$ c #9E410F", +"O% c #AD8D7A", +"O& c #693313", +"O* c #E0D5CD", +"O= c #9D410E", +"O- c #9E9EA0", +"O; c #8D8C8C", +"O: c #575757", +"O> c #C94E0B", +"O, c #735641", +"O< c #6983AE", +"O1 c #C3AEA0", +"O2 c #754122", +"O3 c #555555", +"O4 c #734120", +"O5 c #6781AC", +"O6 c #8C3D11", +"O7 c #76849D", +"O8 c #C04B0C", +"O9 c #96A6C3", +"O0 c #9D745D", +"Oq c #4B6DA1", +"Ow c #8A3D0F", +"Oe c #8B3B10", +"Or c #BEBDBC", +"Ot c #4A6DA0", +"Oy c #BF490B", +"Ou c #98989A", +"Oi c #703F1D", +"Op c #8E3C09", +"Oa c #B74A0D", +"Os c #2E5995", +"Od c #515151", +"Of c #2D5994", +"Og c #693E20", +"Oh c #B7480D", +"Oj c #6F3D1C", +"Ok c #804D30", +"Ol c #114789", +"Oz c #82726A", +"Ox c #2C5993", +"Oc c #B6480C", +"Ov c #7C3915", +"Ob c #753A18", +"On c #BBB9B9", +"Om c #473A3A", +"OM c #4F4F4F", +"ON c #778EB5", +"OB c #BCC6DB", +"OV c #7A828D", +"OC c #9A9592", +"OZ c #E5DBD5", +"OA c #838282", +"OS c #793712", +"OD c #758CB3", +"OF c #AD450D", +"OG c #AFB3C1", +"OH c #783711", +"OJ c #713814", +"OK c #4A4654", +"OL c #723615", +"OP c #783511", +"OI c #5978A8", +"OU c #AC430C", +"OY c #956C55", +"OT c #18417C", +"OR c #703613", +"OE c #5876A7", +"OW c #484452", +"OQ c #703413", +"O! c #A4420E", +"O~ c #7F4625", +"O^ c #6F3412", +"O/ c #7F7E7E", +"O( c #5676A5", +"O) c #9CACCC", +"O_ c #948F8C", +"O` c #673514", +"O' c #A3A19E", +"O] c #3A629A", +"O[ c #73330C", +"O{ c #456291", +"O} c #B5BED4", +"O| c #A17A64", +"+ c #5D6977", +"+. c #573022", +"+X c #474747", +"+o c #9A3F0E", +"+O c #7B7A7A", +"++ c #454545", +"+@ c #98A8C8", +"+# c #94654A", +"+$ c #C64E0B", +"+% c #923E10", +"+& c #C64C0B", +"+* c #79401F", +"+= c #9D7660", +"+- c #B69B89", +"+; c #434343", +"+: c #913C0F", +"+> c #926348", +"+, c #ADADAB", +"+< c #88888A", +"+1 c #BD4B0C", +"+2 c #414141", +"+3 c #647FAC", +"+4 c #BCBDBD", +"+5 c #795236", +"+6 c #637FAB", +"+7 c #CDBCB0", +"+8 c #93A4C3", +"+9 c #883B10", +"+0 c #BC490B", +"+q c #883910", +"+w c #476BA0", +"+e c #643B28", +"+r c #3F3F3F", +"+t c #627DAA", +"+y c #803A12", +"+u c #778EB8", +"+i c #91A2C1", +"+p c #B4480D", +"+a c #46699F", +"+s c #453A3B", +"+d c #45699E", +"+f c #3D3D3D", +"+g c #7F3811", +"+h c #0E4589", +"+j c #90A0C0", +"+k c #EEEEEE", +"+l c #B3460C", +"+z c #7E3810", +"+x c #6E7E98", +"+c c #56372E", +"+v c #773913", +"+b c #295593", +"+n c #07448C", +"+m c #0D4388", +"+M c #285592", +"+N c #773713", +"+B c #717070", +"+V c #7A4B2D", +"+C c #ECECEC", +"+Z c #AB450E", +"+A c #763712", +"+S c #97A0B3", +"+D c #AB430E", +"+F c #A5A5A3", +"+G c #4D362F", +"+H c #909095", +"+J c #753511", +"+K c #4C5670", +"+L c #393939", +"+P c #EAEAEA", +"+I c #8E9093", +"+U c #5576A7", +"+Y c #A1440E", +"+T c #7088B1", +"+R c #A2420F", +"+E c #BAA190", +"+W c #6D6C6C", +"+Q c #D4C4BA", +"+! c #9FADC8", +"+~ c #E8E8E8", +"+^ c #A9AFBE", +"+/ c #653515", +"+( c #A1400E", +"+) c #3E5276", +"+_ c #6C3212", +"+` c #653315", +"+' c #A0400D", +"+] c #9EABC7", +"+[ c #814320", +"+{ c #353535", +"+} c #9F400C", +"+| c #8D99B3", +"@ c #734526", +"@. c #5272A4", +"@X c #919AAD", +"@o c #983F0F", +"@O c #5172A3", +"@+ c #696868", +"@@ c #E4E4E4", +"@# c #1A4C8E", +"@$ c #9E9D9C", +"@% c #355E98", +"@& c #973D0E", +"@* c #5070A2", +"@= c #65432C", +"@- c #903E11", +"@; c #9D9D9B", +"@: c #345E97", +"@> c #888A8D", +"@, c #4A6FA6", +"@< c #78787A", +"@1 c #7F95B9", +"@2 c #C44C0C", +"@3 c #95A6C8", +"@4 c #AFBAD1", +"@5 c #8F3E10", +"@6 c #313131", +"@7 c #C34C0B", +"@8 c #E2E2E2", +"@9 c #8F3C10", +"@0 c #9C9B9A", +"@q c #823E17", +"@w c #174A8B", +"@e c #7D93B7", +"@r c #164A8A", +"@t c #863D11", +"@y c #E0E0E0", +"@u c #3D3A4A", +"@i c #6D3D20", +"@p c #2D2D2D", +"@a c #853910", +"@s c #713C1A", +"@d c #5F7BAA", +"@f c #A4B3D0", +"@g c #B1480D", +"@h c #5E7BA9", +"@j c #DCDCDC", +"@k c #7C3811", +"@l c #8DA0C0", +"@z c #B0460C", +"@x c #42679E", +"@c c #7B3810", +"@v c #7C3611", +"@b c #8D9EC0", +"@n c #743913", +"@m c #41679D", +"@M c #784B2E", +"@N c #5F5E5E", +"@B c #292929", +"@V c #0A4388", +"@C c #8C9EBF", +"@Z c #DADADA", +"@A c #255592", +"@S c #743713", +"@D c #A8450E", +"@F c #733712", +"@G c #40659C", +"@H c #79360E", +"@J c #A8430E", +"@K c #C8C8C5", +"@L c #76492C", +"@P c #5D5C5C", +"@I c #D8D8D8", +"@U c #235390", +"@Y c #723511", +"@T c #899CBC", +"@R c #6B3614", +"@E c #3E639A", +"@W c #6B3414", +"@Q c #9F420F", +"@! c #6A3413", +"@~ c #D6D6D6", +"@^ c #8B8E93", +"@/ c #9F400F", +"@( c #E0D4CC", +"@) c #3F5370", +"@_ c #D4D4D4", +"@` c #898C91", +"@' c #755742", +"@] c #9D3E0D", +"@[ c #9AA9C6", +"@{ c #C3C0C0", +"@} c #888A90", +"@| c #DED2CA", +"# c #A3ABBB", +"#. c #D2D2D2", +"#X c #AEBAD3", +"#o c #6C7685", +"#O c #943D0E", +"#+ c #993E09", +"#@ c #754021", +"## c #D8DEEF", +"#$ c #933D0D", +"#% c #8B8989", +"#& c #4D6EA2", +"#* c #555454", +"#= c #C14C0C", +"#- c #873D15", +"#; c #164A8D", +"#: c #D0D0D0", +"#> c #8C3C10", +"#, c #BFBEBC", +"#< c #913D0B", +"#1 c #7B93B8", +"#2 c #793D1B", +"#3 c #AEACA8", +"#4 c #834E32", +"#5 c #14488B", +"#6 c #8A94A9", +"#7 c #2F5A95", +"#8 c #7E3C16", +"#9 c #525251", +"#0 c #843B12", +"#q c #8A3A0E", +"#w c #B8490D", +"#e c #B7490C", +"#r c #515050", +"#t c #798FB6", +"#y c #833911", +"#u c #124689", +"#i c #CCCCCC", +"#p c #B7470C", +"#a c #788FB5", +"#s c #6F3C1B", +"#d c #A8B4CD", +"#f c #7B838D", +"#g c #8D3907", +"#h c #778DB4", +"#j c #516A92", +"#k c #86380A", +"#l c #CACACA", +"#z c #5C4A47", +"#x c #04448F", +"#c c #8B9EC1", +"#v c #E4DAD3", +"#b c #793611", +"#n c #03428E", +"#m c #C8C8C8", +"#M c #7B4A2A", +"#N c #AC440B", +"#B c #5977A7", +"#V c #919192", +"#C c #E2D8D1", +"#Z c #5877A6", +"#A c #C6C6C6", +"#S c #5C697F", +"#D c #703512", +"#F c #693615", +"#G c #A5410E", +"#H c #703312", +"#J c #3C639B", +"#K c #683614", +"#L c #205190", +"#P c #5675A4", +"#I c #A3410C", +"#U c #A43F0D", +"#Y c #6F7A8B", +"#T c #C4C4C4", +"#R c #747B86", +"#E c #3B619A", +"#W c #484847", +"#Q c #81573D", +"#! c #0E4E9C", +"#~ c #9C400F", +"#^ c #8598BB", +"#/ c #673213", +"#( c #1E4F8E", +"#) c #4F72A7", +"#_ c #7F97BF", +"#` c #5E7598", +"#' c #C2C2C2", +"#] c #7B7B79", +"#[ c #6882AF", +"#{ c #C74D0B", +"#} c #C0C0C0", +"#| c #8A8B8B", +"$ c #734222", +"$. c #6782AE", +"$X c #8F8A86", +"$o c #6682AD", +"$O c #8C3C13", +"$+ c #BEBEBE", +"$@ c #7C5138", +"$# c #4B3D40", +"$$ c #6580AC", +"$% c #95A5C4", +"$& c #5A6F94", +"$* c #ADACAA", +"$= c #BE4A0C", +"$- c #7D8592", +"$; c #8F3B0C", +"$: c #943C07", +"$> c #7B4F37", +"$, c #893A10", +"$< c #BCBCBC", +"$1 c #81868C", +"$2 c #486CA0", +"$3 c #813D12", +"$4 c #943A07", +"$5 c #A8B6D0", +"$6 c #96979A", +"$7 c #476A9F", +"$8 c #813912", +"$9 c #BABABA", +"$0 c #2B5894", +"$q c #B5470D", +"$w c #466A9E", +"$e c #803911", +"$r c #0F4689", +"$t c #CBB9AD", +"$y c #B9BAB9", +"$u c #2A5893", +"$i c #9BA3B6", +"$p c #85380C", +"$a c #295692", +"$s c #7B4C2D", +"$d c #AC440E", +"$f c #A7A4A4", +"$g c #773612", +"$h c #A3B0CB", +"$j c #AB440D", +"$k c #B6B6B6", +"$l c #3D659F", +"$z c #6F3714", +"$x c #79482B", +"$c c #879CC0", +"$v c #7289B2", +"$b c #6E3713", +"$n c #7189B1", +"$m c #6E3513", +"$M c #B4B4B4", +"$N c #74340F", +"$B c #6E3313", +"$V c #7087B0", +"$C c #A2410E", +"$Z c #8D8F91", +"$A c #B2B2B2", +"$S c #9A4210", +"$D c #928E8C", +"$F c #5473A5", +"$G c #D3C3B8", +"$H c #5373A4", +"$J c #8B8D8F", +"$K c #B89E8D", +"$L c #99400F", +"$P c #5273A3", +"$I c #B2BDD3", +"$U c #B0B0B0", +"$Y c #375F99", +"$T c #9E3F0A", +"$R c #1B4D8E", +"$E c #365F98", +"$W c #983E0E", +"$Q c #8196BA", +"$! c #C6CEE0", +"$~ c #C54D0C", +"$^ c #B0BBD1", +"$/ c #AEAEAE", +"$( c #C44D0B", +"$) c #903D10", +"$_ c #7F94B8", +"$` c #ACACAC", +"$' c #873E11", +"$] c #426DA7", +"$[ c #823B16", +"${ c #BB4A0C", +"$} c #4F6175", +"$| c #A1A6B5", +"% c #AAAAAA", +"%. c #863A10", +"%X c #913A07", +"%o c #834D2E", +"%O c #607CAA", +"%+ c #A8A8A8", +"%@ c #5F7CA9", +"%# c #BFC6D9", +"%$ c #B2470D", +"%% c #7D3911", +"%& c #B2450D", +"%* c #014492", +"%= c #43689E", +"%- c #A6A6A6", +"%; c #B1450C", +"%: c #564C47", +"%> c #656F7A", +"%, c #B0450B", +"%< c #BDA495", +"%1 c #004291", +"%2 c #4D3731", +"%3 c #BCA494", +"%4 c #753613", +"%5 c #41669C", +"%6 c #255491", +"%7 c #A4A4A4", +"%8 c #743612", +"%9 c #40669B", +"%0 c #A8440D", +"%q c #733611", +"%w c #6C3714", +"%e c #6C3514", +"%r c #A2A2A2", +"%t c #262625", +"%y c #6B3513", +"%u c #735949", +"%i c #A0410F", +"%p c #A5420A", +"%a c #9F410E", +"%s c #818B9C", +"%d c #A0A0A0", +"%f c #58433F", +"%g c #9CAAC7", +"%h c #6B85AE", +"%j c #9BAAC6", +"%k c #9E9E9E", +"%l c #714426", +"%z c #6B83AE", +"%x c #194D8F", +"%c c #888B8F", +"%v c #AFBBD3", +"%b c #903D13", +"%n c #A89C94", +"%m c #224D84", +"%M c #9C9C9C", +"%N c #4E6FA2", +"%B c #C24D0C", +"%V c #D1D1D0", +"%C c #C3AC9E", +"%Z c #9B9C9B", +"%A c #4D6FA1", +"%S c #325B97", +"%D c #DCCFC7", +"%F c #9E745C", +"%G c #8D3B10", +"%H c #9A9A9A", +"%J c #7D5235", +"%K c #305B95", +"%L c #853C12", +"%P c #14498A", +"%I c #C0AA9B", +"%U c #AAB7CE", +"%Y c #989898", +"%T c #B84A0C", +"%R c #843A11", +"%E c #B8480C", +"%W c #5F7CAC", +"%Q c #833A10", +"%! c #124788", +"%~ c #B7480B", +"%^ c #314B6B", +"%/ c #82380F", +"%( c #997057", +"%) c #8D3806", +"%_ c #AF470D", +"%` c #BAB9B6", +"%' c #1A569D", +"%] c #AF450D", +"%[ c #7A808B", +"%{ c #7A3711", +"%} c #69361E", +"%| c #C9C9C8", +"& c #858FA3", +"&. c #B1917F", +"&X c #5B78A8", +"&o c #723813", +"&O c #AFB3BF", +"&+ c #5A78A7", +"&@ c #929292", +"&# c #754A2D", +"&$ c #4C4B4A", +"&% c #A6440E", +"&& c #A6420E", +"&* c #8C8F96", +"&= c #713412", +"&- c #3D649B", +"&; c #889BBD", +"&: c #215290", +"&> c #703411", +"&, c #879BBC", +"&< c #C7B2A5", +"&1 c #B5B3B1", +"&2 c #163F78", +"&3 c #8799BC", +"&4 c #20508F", +"&5 c #926A50", +"&6 c #8699BB", +"&7 c #C4C3C3", +"&8 c #A14209", +"&9 c #2F60A1", +"&0 c #683113", +"&q c #9C3F0E", +"&w c #C2C1C1", +"&e c #944010", +"&r c #8C8C8C", +"&t c #233C67", +"&y c #933E0F", +"&u c #4D6FA4", +"&i c #744122", +"&p c #C0BFBF", +"&a c #85898F", +"&s c #8A8A8A", +"&d c #6781AD", +"&f c #973D09", +"&g c #96A6C4", +"&h c #8B3D11", +"&j c #BF4B0C", +"&k c #888888", +"&l c #4A6DA1", +"&z c #8A3B10", +"&x c #4C5257", +"&c c #496DA0", +"&v c #B59786", +"&b c #94A4C2", +"&n c #8A3910", +"&m c #E8DFD9", +"&M c #22599E", +"&N c #BCBBBB", +"&B c #2D5995", +"&V c #868686", +"&C c #505151", +"&Z c #2C5994", +"&A c #433941", +"&S c #B6480D", +"&D c #6E3D1C", +"&F c #B5480C", +"&G c #004497", +"&H c #813811", +"&J c #104589", +"&K c #2B5793", +"&L c #848484", +"&P c #B5460C", +"&I c #768EB5", +"&U c #CBB8AC", +"&Y c #A5B3CC", +"&T c #783912", +"&R c #793713", +"&E c #7C4B2D", +"&W c #3D3B3B", +"&Q c #758CB4", +"&! c #A6806A", +"&~ c #828282", +"&^ c #A4B1CB", +"&/ c #AC450D", +"&( c #493733", +"&) c #703814", +"&_ c #773511", +"&` c #873603", +"&' c #808080", +"&] c #6F3613", +"&[ c #B5B5B4", +"&{ c #10407F", +"&} c #6F3413", +"&| c #5676A6", +"* c #7188B0", +"*. c #CBD3E4", +"*X c #808BA1", +"*o c #7E7E7E", +"*O c #CBB1A2", +"*+ c #5574A5", +"*@ c #663514", +"*# c #7C7C7C", +"*$ c #39609A", +"*% c #386099", +"*& c #9A3F0F", +"** c #1C4E8E", +"*= c #7E563C", +"*- c #376098", +"*; c #81411E", +"*: c #993F0E", +"*> c #D2C0B6", +"*, c #C0C1C2", +"*< c #924011", +"*1 c #7A7A7A", +"*2 c #D1C0B5", +"*3 c #7B879C", +"*4 c #1B4C8D", +"*5 c #AFAFAE", +"*6 c #9F9D9B", +"*7 c #93654A", +"*8 c #C54E0B", +"*9 c #8195B9", +"*0 c #1A4C8C", +"*q c #913E10", +"*w c #EAE3DE", +"*e c #8095B8", +"*r c #8B3D14", +"*t c #E4E2E2", +"*y c #AEADAD", +"*u c #605150", +"*i c #787878", +"*p c #CFBEB3", +"*a c #903C0F", +"*s c #8F3C0E", +"*d c #82878F", +"*f c #767676", +"*g c #637FAC", +"*h c #883B11", +"*j c #637DAC", +"*k c #563F2F", +"*l c #627DAB", +"*z c #747474", +"*x c #617DAA", +"*c c #91A2C2", +"*v c #383E43", +"*b c #803813", +"*n c #B3480D", +"*m c #44699E", +"*M c #727272", +"*N c #7E3811", +"*B c #DDDCDB", +"*V c #B2460C", +"*C c #8EA0BF", +"*Z c #B1460B", +"*A c #43679D", +"*S c #0C4388", +"*D c #275592", +"*F c #A6A5A5", +"*G c #707070", +"*H c #794B2D", +"*J c #AA450E", +"*K c #F1EBE8", +"*L c #A5A5A4", +"*P c #784B2C", +"*I c #F0EBE7", +"*U c #7A7F87", +"*Y c #656C79", +"*T c #6D3814", +"*R c #743511", +"*E c #6E6E6E", +"*W c #A8430C", +"*Q c #6D3614", +"*! c #72370F", +"*~ c #76492A", +"*^ c #87593E", +"*/ c #2F5386", +"*( c #23446D", +"*) c #78340B", +"*_ c #A1420F", +"*` c #39629D", +"*' c #6C6C6C", +"*] c #A0420E", +"*[ c #8C8E92", +"*{ c #744728", +"*} c #6E86B0", +"*| c #B3BED6", +"= c #9EABC8", +"=. c #6B3212", +"=X c #6D86AF", +"=o c #252323", +"=O c #6A6A6A", +"=+ c #724526", +"=@ c #734327", +"=# c #973F0F", +"=$ c #724326", +"=% c #885435", +"=& c #686868", +"=* c #5070A3", +"== c #9D9D9C", +"=- c #91654B", +"=; c #4F70A2", +"=: c #7484A2", +"=> c #7D3F1D", +"=, c #4E70A1", +"=< c #C34C0C", +"=1 c #865233", +"=2 c #335C97", +"=3 c #174A8C", +"=4 c #D1D0CF", +"=5 c #8E3C10", +"=6 c #9B9B9A", +"=7 c #325C96", +"=8 c #6E4122", +"=9 c #ADB8D0", +"=0 c #315C95", +"=q c #7C8496", +"=w c #863D12", +"=e c #AAABAC", +"=r c #747677", +"=t c #BA4B0D", +"=y c #7C91B7", +"=u c #7B91B6", +"=i c #723E1C", +"=p c #C0A99A", +"=a c #8C6146", +"=s c #B9490C", +"=d c #989797", +"=f c #626262", +"=g c #5F7BAB", +"=h c #6E7E9C", +"=j c #537BB3", +"=k c #698CC2", +"=l c #7C3A12", +"=z c #5E7BAA", +"=x c #3D68A4", +"=c c #969595", +"=v c #606060", +"=b c #7C3812", +"=n c #CBCAC9", +"=m c #B0460D", +"=M c #05448E", +"=N c #5D79A9", +"=B c #8690A3", +"=V c #8C3704", +"=C c #5C79A8", +"=Z c #80370C", +"=A c #733913", +"=S c #8F9298", +"=D c #7A3610", +"=F c #094388", +"=G c #4B6794", +"=H c #A7450E", +"=J c #3F659C", +"=K c #A7430E", +"=L c #235391", +"=P c #C8C6C6", +"=I c #723512", +"=U c #3E659B", +"=Y c #929191", +"=T c #02408B", +"=R c #713511", +"=E c #3E639B", +"=W c #5B3323", +"=Q c #6A3614", +"=! c #3D639A", +"=~ c #908F8F", +"=^ c #E1D6CE", +"=/ c #5A5A5A", +"=( c #C5C4C3", +"=) c #8F8F8E", +"=_ c #9E400F", +"=` c #A3410A", +"=' c #9D400E", +"=] c #C4AFA1", +"=[ c #953F10", +"={ c #99A9C6", +"=} c #7C411F", +"=| c #943F0F", +"- c #989AA4", +"-. c #8C8B8B", +"-X c #565656", +"-o c #6982AE", +"-O c #8E3E13", +"-+ c #943D0F", +"-@ c #8C3E11", +"-# c #74787A", +"-$ c #C04C0C", +"-% c #8C3C11", +"-& c #8D634A", +"-* c #5C4F52", +"-= c #4B6EA1", +"-- c #72401F", +"-; c #71401E", +"-: c #9FA7B8", +"-> c #8B3A10", +"-, c #2F5A96", +"-< c #7E3C17", +"-1 c #4A6CA0", +"-2 c #525252", +"-3 c #8A3A0F", +"-4 c #703E1D", +"-5 c #833B12", +"-6 c #814E31", +"-7 c #893A0E", +"-8 c #B7490D", +"-9 c #2E5895", +"-0 c #2D5894", +"-q c #868585", +"-w c #B7470D", +"-e c #505050", +"-r c #7F4E2F", +"-t c #788FB6", +"-y c #823911", +"-u c #114689", +"-i c #BBBAB9", +"-p c #2C5893", +"-a c #B6470C", +"-s c #E6DCD6", +"-d c #844B2A", +"-f c #4E4E4E", +"-g c #768DB4", +"-h c #BBC5DA", +"-j c #6B7C9C", +"-k c #8B3706", +"-l c #CAB7AA", +"-z c #AD460D", +"-x c #AE440E", +"-c c #AC440C", +"-v c #A7A4A2", +"-b c #4D688F", +"-n c #5877A7", +"-m c #486594", +"-M c #703513", +"-N c #4A4A4A", +"-B c #A4430E", +"-V c #6C7993", +"-C c #B5B4B3", +"-Z c #A4410E", +"-A c #8B7D76", +"-S c #5675A5", +"-D c #673614", +"-F c #B3B2B1", +"-G c #3A619A", +"-H c #1E4F8F", +"-J c #9B400F", +"-K c #8498BB", +"-L c #1D4F8E", +"-P c #B1B0AF", +"-I c #1C4D8D", +"-U c #A09E9B", +"-Y c #81401D", +"-T c #8296B9", +"-R c #C74D0C", +"-E c #7D553A", +"-W c #80401C", +"-Q c #444444", +"-! c #C64D0B", +"-~ c #D1BFB4", +"-^ c #8C3E14", +"-/ c #D0BFB3", +"-( c #A5AAB7", +"-) c #913D0F", +"-_ c #EAE2DD", +"-` c #89898B", +"-' c #8B654B", +"-] c #BEBEBF", +"-[ c #7E3E1A", +"-{ c #424242", +"-} c #893E11", +"-| c #9C3B06", +"; c #777776", +";. c #833D15", +";X c #6480AC", +";o c #ACACAA", +";O c #BD4A0C", +";+ c #A9B6D2", +";@ c #7F5032", +";# c #404040", +";$ c #637EAB", +";% c #883A10", +";& c #8F6045", +";* c #92A3C2", +";= c #AAAAA8", +";- c #803B12", +";; c #949799", +";: c #B4490D", +";> c #95959A", +";, c #466A9F", +";< c #3E3E3E", +";1 c #91A1C1", +";2 c #EFEFEF", +";3 c #2A5894", +";4 c #A9A8A7", +";5 c #949599", +";6 c #B4470D", +";7 c #85380D", +";8 c #B3470C", +";9 c #773A13", +";0 c #44689D", +";q c #0D4488", +";w c #EDEDED", +";e c #285692", +";r c #A7A6A5", +";t c #773813", +";y c #763612", +";u c #EBEBEB", +";i c #AA440D", +";p c #B5B6B6", +";a c #DBD9D8", +";s c #A5A4A3", +";d c #753611", +";f c #784A2B", +";g c #6E3714", +";h c #A9440C", +";j c #503828", +";k c #B6C1D8", +";l c #383838", +";z c #7089B1", +";x c #A0AEC9", +";c c #E9E9E9", +";v c #A1430E", +";b c #7087B1", +";n c #1E5192", +";m c #EEE8E4", +";M c #5A453F", +";N c #A1410E", +";B c #57697E", +";V c #6C3312", +";C c #D8D5D5", +";Z c #363636", +";A c #48648D", +";S c #744627", +";D c #5373A5", +";F c #1C4F90", +";G c #5273A4", +";H c #624533", +";J c #98400F", +";K c #5271A4", +";L c #343434", +";P c #E5E5E5", +";I c #983E0F", +";U c #263C65", +";Y c #898B8E", +";T c #5071A2", +";R c #784121", +";E c #7E401D", +";W c #355D98", +";Q c #323232", +";! c #C44D0C", +";~ c #5A7198", +";^ c #E3E3E3", +";/ c #5A80B9", +";( c #345D97", +";) c #C34D0B", +";_ c #7F94B9", +";` c #184B8C", +";' c #8F3D10", +";] c #865132", +";[ c #8E3D0F", +";{ c #9C9A9A", +";} c #303030", +";| c #873E12", +": c #7E92B8", +":. c #7D92B7", +":X c #C2CADD", +":o c #16498A", +":O c #473D40", +":+ c #863C11", +":@ c #00367B", +":# c #CFCFCC", +":$ c #913C08", +":% c #BA4A0C", +":& c #2E2E2E", +":* c #BA480C", +":= c #556D93", +":- c #CECDCB", +":; c #B9480B", +":: c #7D3B12", +":> c #4A3A39", +":, c #D9CBC2", +":< c #2C2C2C", +":1 c #DDDDDD", +":2 c #B1490D", +":3 c #A7A8A8", +":4 c #CCCBC9", +":5 c #B1470D", +":6 c #B1450D", +":7 c #7C3711", +":8 c #5D7AA8", +":9 c #8D9FC0", +":0 c #82360D", +":q c #DBDBDB", +":w c #909398", +":e c #7B3710", +":r c #743813", +":t c #AF450B", +":y c #5C78A7", +":u c #8C9DBF", +":i c #255492", +":p c #282828", +":a c #7189B5", +":s c #8B9DBE", +":d c #A8440E", +":f c #D9D9D9", +":g c #245491", +":h c #8E9196", +":j c #99918D", +":k c #6F89B3", +":l c #A7420D", +":z c #8D8F95", +":x c #723411", +":c c #262626", +":v c #D7D7D7", +":b c #A1A2A2", +":n c #9F430F", +":m c #878C99", +":M c #9F410F", +":N c #7A4526", +":B c #002E67", +":V c #8298BF", +":C c #9FA0A0", +":Z c #9BAAC7", +":A c #DFD3CB", +":S c #222222", +":D c #D3D3D3", +":F c #C4AEA0", +":G c #953E0F", +":H c #99A8C5", +":J c #DDD1C9", +":K c #A98975", +":L c #D1D1D1", +":P c #86898E", +":I c #4D6FA2", +":U c #555554", +":Y c #C14B0C", +":T c #646566", +":R c #1E1E1E", +":E c #8C3B10", +":W c #305B96", +":Q c #747579", +":! c #7F3D17", +":~ c #7A3A1C", +":^ c #B4B9C5", +":/ c #2F5995", +":( c #454A62", +":) c #843A12", +":_ c #13478A", +":` c #CDCDCD", +":' c #2E5994", +":] c #B8480D", +":[ c #8FA1C5", +":{ c #798EB6", +":} c #A8B5CD", +":| c #ABA9A5", +"> c #CBCBCB", +">. c #004495", +">X c #B6460B", +">o c #AF470E", +">O c #365788", +">+ c #A6B3CB", +">@ c #AE470D", +"># c #C9C9C9", +">$ c #5F6C82", +">% c #793711", +">& c #A0B0CF", +">* c #CAB6A9", +">= c #723814", +">- c #AD450C", +">; c #E4D9D3", +">: c #5A78A8", +">> c #5978A7", +">, c #0E3064", +">< c #AC430B", +">1 c #919292", +">2 c #939DB5", +">3 c #B6B5B3", +">4 c #713413", +">5 c #3D649C", +">6 c #A5420E", +">7 c #AA4309", +">8 c #3763A0", +">9 c #703412", +">0 c #807E7E", +">q c #5776A5", +">w c #A4420D", +">e c #C5C5C5", +">r c #683514", +">t c #A4A19E", +">y c #3B629A", +">u c #002C6A", +">i c #A3400C", +">p c #A84107", +">a c #1F508F", +">s c #3A6299", +">d c #8E8E8F", +">f c #9C410F", +">g c #1E508E", +">h c #C3C3C3", +">j c #6A85B1", +">k c #736964", +">l c #9B3F0E", +">z c #865538", +">x c #8497BA", +">c c #828A97", +">v c #944011", +">b c #C84E0C", +">n c #C74E0B", +">m c #933E10", +">M c #703E29", +">N c #2C3C5D", +">B c #8A8A8B", +">V c #3A506E", +">C c #BFBFBF", +">Z c #AEADAB", +">A c #6581AC", +">S c #783E1D", +">D c #7C5038", +">F c #BE4B0C", +">G c #BDBDBD", +">H c #82878D", +">J c #403A49", +">K c #777675", +">L c #BE490C", +">P c #94A4C3", +">I c #BD490B", +">U c #643D27", +">Y c #868687", +">T c #BBBBBB", +">R c #476B9F", +">E c #87390E", +">W c #2B5994", +">Q c #B5480D", +">! c #7E4D30", +">~ c #91A2C0", +">^ c #B4480C", +">/ c #B5460D", +">( c #803811", +">) c #0F4589", +">_ c #B9B9B9", +">` c #2A5793", +">' c #295792", +">] c #8E939C", +">[ c #B3460B", +">{ c #783913", +">} c #7C4B2E", +">| c #AC470E", +", c #0E4388", +",. c #8E919C", +",X c #07448B", +",o c #748CB4", +",O c #B7B7B7", +",+ c #773712", +",@ c #ECECEB", +",# c #AB450D", +",$ c #B14409", +",% c #7A492C", +",& c #6F3814", +",* c #AB430D", +",= c #763511", +",- c #79492B", +",; c #728AB2", +",: c #B7C2D8", +",> c #7F4827", +",, c #B5B5B5", +",< c #15529C", +",1 c #718AB1", +",2 c #A8430A", +",3 c #BBA190", +",4 c #B3B3B3", +",5 c #8E8E92", +",6 c #6D6C6B", +",7 c #764728", +",8 c #A1420D", +",9 c #6D3212", +",0 c #EEE7E3", +",q c #5C6978", +",w c None", +/* pixels */ +",w,w,w,w,w,w,w,w,w,w,w,w,w,w,w,w,w,w,w,w,w,w,w,w,w,w,w,w,w,w,w,w,w,w@Z$9>C#' .*EX(X(*M+{@6;Q@p:S:p:<@B:R.2,w,w,w,w,w,w,w,w,w,w,w", +",w,w,w,w,w,w,w,w,w,w,w,w,w,w,w,w,w#.#m> #T.0X#&~X =&-Q+f-{:c:<+L;Z@6;e#A$+$k . 2 j A%r%r Y `%H%H `. %Y%H `%H%H%H%H%H p-2&L,w,w,w,w,w,w,w,w,w,w,w", +",w,w,w,w,w,w,w-Qo'%Y%d%k%k%r% $A$<>#:D:v:1;P+C,w+C@@@8:q:D#i>e>C>_$M & q%+%7%r%d Y Q%M%H%H. . . . . %--X.R,w,w,w,w,w,w,w,w,w,w,w", +",w,w,w,w,w,w.R@6-Q%H$<$k$k>_#':`@~@j;^+~,w,w,w,w,w+P@y:v#:>##'>G,O$A$/% j A J Y%k%M `%H%H. . . . . %--X&s,w,w,w,w,w,w,w,w,w,w,w", +",w,w,w,w,w$MX1;<:&.F$9$A$A,,$+#m:L@I@y;P;u,w,w,w,w;c@y:v#:#l>e>C>_$M & q:3*F;4*L;sX8XwXdO'>tXuol. . j-X&L,w,w,w,w,w,w,w,w,w,w,w", +",w,w,w,w,wo,#W&$%tX >T$A$A,,$+>#@_:q;^;u,w,w,w,w,w,w,@XZ*B=nOr%`&1.J#3:|.*Y+ $},q+I@0. %7or*',w,w,w,w,w,w,w,w,w,w,w", +",w,w,w,w,w+O#r#*=oOA>T$A,4$y.g%|=(oI=4oF:-:#:4 }:bOu#V*[.b$1*U#Row#oXY>$#S.e#j-b;A.PoJ>O*/%m%^:P@;. J*foi+C,w,w,w,w,w,w,w,w,w,w", +",w,w,w,w,w=c@P@N 0&s>G,4XAO-$6;;$Z+HXK:w>],.:m>c& *X*3O7X^=h-jo>#`;~.{=GO{ D@,.;$l*`.ZXP h b*(>H ;. JXLor,w,w,w,w,w,w,w,w,w,w,w", +",w,w,w,w,w$M@+ $++*#$U$koo,5- &O-($|obX@.8>2+|.z+@@3:[X5o0.Y+u:a>j <%WX:o6&uX/ C#E *%K&K%6;nop t*6. JXLor,w,w,w,w,w,w,w,w,w,w,w", +",w,w,w,w,w,wX|+Bo'=v%M$9o-;5:^##X0osOB;k%v$5o@.n+8o!&3*9=y-gX9%z;X@d#B;G=,>R v#J$Y 'Ox n&:;F.3#f-U. JXLor,w,w,w,w,w,w,w,w,w,w,w", +",w,w,w,w,w,w=/>K>0OM.F>Go-;>OG*.%#.f$I=9>+;x@[&b*C&;XxocON,1o9.Q f&+Xp%N&c*A@E*%%S-9;e.j#(%x:BOVXl. JXLor,w,w,w,w,w,w,w,w,w,w,w", +",w,w,w,w$k&r@po* R:U&k>G;s k+^$!.wXsoj#dX7:Z$%X_@T>x: #t,; I&d*x=C*+=;-1*m=UXiodOs$a=L-HXN#;>uo#Xb. JXLor,w,w,w,w,w,w,w,w,w,w,w", +",w,w,w@~@p;};}&W#%=f.F>G+F=S# :XO}@4:}X2oq&g;1o`#^;_#tX**}.H;$:8>q@OOq+a%9O] :-,;3%6>aXc@rOl:@;Bo^=6 JXLor,w,w,w,w,w,w,w,w,w,w,w", +",w,w,w,w-Q+;+;XWon,6O;>G*L:h-:-h$^%U&^+].I;*@C&6*e=uX$+T-o+3%@#Z$P%A>R v.k$Eoz-p:i#L-I 8%!+m#n>V+<@$ JXLor,w,w,w,w,w,w,w,w,w,w,w", +",w,w,w,w*zOOo'-{$*XE=c,,;r:z$i,:oM&Y+!:H>P@lO+Xm@e&I$n E.Q%O>>Xp%N$2X}=!*-=7-0*D&:-L;`oC+m@V=T@)>B== JXLor,w,w,w,w,w,w,w,w,w,w,w", +",w,w,w,w%Y*M*z-N#,@{-.%r;=&*+S*|#dX7%j./+jO+>x:..*,; I$.+t:y*+@*Ot*mo{*$od:'+bo|Xa*0#5+h@V@V=T@)>B== JXLor,w,w,w,w,w,w,w,w,w,w,w", +",w,w,w,w$A&~&ko8On;C.v.%+,@^@X#X$h%gO9;1:s-K 7:{OD L.H*j=N&|otOq+d@G-G;W#7>`.yXy@#ov-u=F@V@V=T@)>B== JXLor,w,w,w,w,w,w,w,w,w,w,w", +",w,w,w,w:f&V. %k.B,w&@X,-P@}#6;+= .I*c:u.m@1=u&Q$VO<*g=zOE$H:I+w@x#J$Y ]>W@A.c$R=3#uo.@V@V@V=T@)>B== JXLor,w,w,w,w,w,w,w,w,w,w,w", +",w,w,w,w,w.v$A+4 J*t=~>Y-F%c=B@f={+8:9&,$Q#1&I;z%h>A=g>:;D ^&cX}&- + '&BoX&:-Lof:_;q@V@V@V@V=T@)>B==%rXR=O,w,w,w,w,w,w,w,w,w,w,w", +",w,w,w,w,w 2>h#.$f;a=)&k-C@>%s>&$%+jO+>xoc-t,; I.L*lo/-S=*&l*m=J-G;(:/$a@U#( -#5$r@V@V@V@V@V=T@)>B==%-=/*i,w,w,w,w,w,w,w,w,w,w,w", +",w,w,w,w,w p>h:D Q> . &@&[-`=qO)+io`-K 7:{,o*}.H;$oT&|;KOq$w%5>y@%:W>`=L>a*4:o&J@V@V@V@V@V@V=T@)>B==%-=/&~,w,w,w,w,w,w,w,w,w,w,w", +",w,w,w,w,w,4$+:L.s&N.U;{*5>1$->~@b.m$_oS&Qo2-o+6@h-n@.#&$7@m#JXz=0$0:i&4-I@w#uo.@V@V@V@V@V@V=T@)>B==%-O:.R,w,w,w,w,w,w,w,w,w,w,w", +",w,w,w,w,w>T &#}.F;p*y-q J;o*d=:#c-Tom#h* E.Q%Oo)$F=;-1;0=E*%=2Os+M&:XgXGoD, @V@V@V@V@V@V@V=T@)>B==%-O:.R,w,w,w,w,w,w,w,w,w,w,w", +",w,w,w,w,w$`%r$U&'$`@K#]&k>3&a+x$c@e#a,; I$o+t&X#P;T.~+d@G>s@:.+>'@U>gXN%P>)=F@V@V@V@V@V@V@V=T@)>B==%-O:&s,w,w,w,w,w,w,w,w,w,w,w", +",w,w,w,w,w#'.s YXR%7%V; *o-i@`-V:V#t,o*}#[XQ:8O( @-=;,%5>y@%%K$u:g>aXc@rXX@V@V@V@V@V@V@V@V@V=T@)>B== j#9X',w,w,w,w,w,w,w,w,w,w,w", +",w,w,w,w,w,w*1&s=& Q.$*f*o.'$J U#_&Q;b-o*g.1-n@.:I+w@m.kXz ]&Z n#L** 8.=*S@V@V@V@V@V@V@V@V,X%1 %;Y:C=eXo:j,w,w,w,w,w,w,w,w,w,w,w", +",w,w,w,w,w,w*zXjo'=d=P*iX,&p%Z#Y=X$v E$$@dOI$F ^&c%=>5*% )Of;eO.-L /XUoR+n=M=M#x%*%*.,>.&GOX>,ou$XO_OC%:oGX!XC XX%XOXH B@|,w,w,w", +",w,w,w,w,w,w+Wo,&C=Y&wO/#|&7>Z%[$&:kO5+t.q+U#) 5$]=x>8&9 (&M%',<#!XUOT&{&2;U&t>N>J@u&AOm+s+c+. N>D$>$@@i#@=%;]=1%o#2&R+*&v,w,w,w", +",w,w,w,w,w,w:T=v-Q>d-].Ao$.x*, F:==k.M;/=joyoE-m+KX4+):(OKOW.V$#:O:>%2&(+G=W.7%}oY.|;7Op#+*)@H+},2o4%p;h+Z M M M M*J&%;. m,w,w,w", +",w,w,w,w,w,w*G&x*v=r-v$D>k-A%nOz*u |X3 ~-*#z;M%f>U+e>M:~ d*b:0#g$::$.K P&8=`>7,2-c%,@z>^;O%/$g>^-!@7@7oaoa=<=<=<=<@2XI-O+#,w,w,w", +",w,w,w*> 4*O%u*k;j;H@'O,@=.C-6;ROP>(=Z&`=V%)$4XB*!O[>p,$:t:t>-;6:*%E$=+$XVXVoaoa=< _ _#= =-7.9oU#=>F>F>F>F>F>F>F>F&j.#-%>z,w,w,w", +",w,w,w.[-<$[>($poV#k-k%X#<&f-|$TO@><#N;8%E%EOy.S=A#H&S$~ _ _ _#=-$-$.E>F>F>F>F>F>F>F>F>F _#q#D>@ _>F>F>F>F>F>F>F>F&j=s.G&i,w,w,w", +",w,w,w*T:G%0o=%&OhOh:Y#{-!XV$($(;) _ _#=-$-$.EO8o~&0:5#=>F>F>F>F>F>F>F>F>F>F>F>F>F>F>F>F#= >>ro+ _>F>F>F>F>F>F>F>F&j${@/O4,w,w,w", +",w,w,woP&q-$;!#=-$-$&j>F>F>F>F>F>F>F>F>F>F>F>FO8 z ooU#=>F>F>F>F>F>F>F>F>F>F>F>F>F>F>F>F#=#U*Q M _>F>F>F>F>F>F>F>F&j${:M--,w,w,w", +",w,w,w#4$):%&j>F>F>F>F>F>F>F>F>F>F>F>F>F>F>F>F&j e#/.6#=>F>F>F>F>F>F>F>F>F>F>F>F>F>F>F>F#=>i$b%i$=&j>F>F>F>F>F>F>F>F+1o]-4=^,w,w", +",w,w,w.5@-:%&j>F>F>F>F>F>F>F>F>F>F>F>F>F>F>F>F&j*hO&&&>F>F>F>F>F>F>F>F>F>F>F>F>F>F>F>F>F-$*Z&o=[ r#=-$-$-$-$-$#=#=#=oa=t&D:A,w,w", +",w,w,w+>.o.#&j>F>F>F>F>F>F>F>F>F>F>F>F>F>F>F>F&j+%#D#~${&j>F>F>F&j&j&j&j&j&j&j-$-$-$#=#=&jXV;9>m&F#w&S&S&S&S+p%_oUoUX`*J#s+Q,w,w", +",w,w,w:K#8.#&j>F>F>F>F>F>F>F>F>F>F>F>F>F>F>F>FO8*&.a-J${O8O8O8O8&jXIXI${.#.##e+p+p+p@g@gOF$C.r-y&y#>;%$,$,->-y%8$g$g+N a#M,3,w,w", +",w,w,wXn:!.#&j>F>F>F>F&j&j&j&j&j&j&j&j&j&jXIXIXI=#>9=5:5Oa>Q*n;:&/o7O$$L {:E$,+A$g$g+/*@>r#K&=&]o;,&@So&;yOH>%%%+zo OLX]>*#v,w,w", +",w,w,w$KOb.}O8>F>F;O;OXI${${${:%oZoZ#w#w&S*_+R=_$e;g.a#b:7;d%y.h@R@Ro;;gOR=R#D.aOQ>4o[=DX+.: ,$W@&&&-x+DOh;! _ _;!oB.D%(,w,w,w,w", +",w,w,w$GOj gXI w+l:l>6.N-)+:.)*N@kX&-D.h=Q%wo;;g.a=Ro&@Y:x&_@v#yOe.!@]$d#G.>$8oW#p#=#=#=#=#=-$-$-$&j&j&j&j>F>F>F-$Oh$O m,w,w,w,w", +",w,w,woA=i;y$zo;o;o;o;o;$mOQ-MO^o5o5o5@WX6$;*:@J@JOUXI&j>F>F>F>F>F>F>F-$+p+q%R$(>F>F>F>F>F>F>F>F>F>F>F>F>F>F>F>F-$.#;[+V,w,w,w,w", +",w,w,w O=-o_@s%e@W@! H,+&H.)#O='o:%;${>fOJ-$+1>F>F>F>F>F>F>F>F>F>F>F>F-$Oc+9X{XV>F>F>F>F>F>F>F>F>F>F>F>F>F>F>F>F&j${#~*H,w,w,w,w", +",w,w,w,w*7..*s@/#GX`.@%T:%${${XI;O>F${#~&).&>F>F>F>F>F>F>F>F>F>F>F>F>F&j r=[ xXV>F>F>F>F>F>F>F>F>F>F>F>F>F>F>F>F&j${#~;f,w,w,w,w", +",w,w,w,w 6Ov%$;O;O>F&j&j&j&j>F>F>F>F$=,*;gX->F>F>F>F>F>F>F>F>F>F>F>F>F&j r=[@n [>F>F>F>F>F>F>F>F>F>F>F>F>F>F>F>F&jXI+';S>;,w,w,w", +",w,w,w,w+--W>Q-$>F>F>F>F>F>F>F>F>F>FO8:5o;X->F>F>F>F>F>F>F>F>F>F>F>F>F&j;O='&) l&j>F>F>F>F>F>F>F>F>F>F>F>F>F>F>F>FO8%_=+O#,w,w,w", +",w,w,w,w%3-Y>Q-$>F>F>F>F>F>F>F>F>F>F-$ g@Ro7>F>F>F>F>F>F>F>F>F>F>F>F>F>F#=@D$z:6&j>F>F>F>F>F>F>F>F>F.E-$-$#= _ _ _>n#e=$%D,w,w,w", +",w,w,w,woNO4 g-$>F>F>F>F>F>F>F>F>F>F-$+p%4;I>F>F>F>F>F>F>F>F>F>F>F>F>F>Foa>|%w$j%B#=oaoaoaXVXV-!#{O>Oy&P>/%]>w-Z@/*qO6.WoK,w,w,w", +",w,w,w,w:,%l@g#=>F>F>F>F>F>F>F>F>F>F-$>Q:7;I>F>F-$-$-$%Boaoa$(XVXV#{.SXF.`-B#D+o-w:6O!O!*_=[=|og.X$3::>{+vo(&]O Xq#/,9O2-~,w,w,w", +",w,w,w,w.l=+.6O8>F>F>F>F>F>F>F>F&j-$oaoB@k@9#{#{-wX.-w;i=K.i>foe=|-@;|=w;-;t;V>=>{oOOQ+J*R&>&}XqOoOH*N i&z&e+Yo1;v%a%G,-,w,w,w,w", +",w,w,w,w>;;S$C;O-$-$%Boa$(XV-!+&>L$q l$C zX<$'$' s-5;- VO o[+_+_=.=.o}%q>%-3>EOwXr$S>f K*] !.uX[Xe@z*V>X:;.^XV;!$~#=:M;f,w,w,w,w", +",w,w,w,w,w*~:M 1;OoHoW:d*_Xf>v-@:+ s.4,=*R$N-5-5+y#F&T=5 W;J #>l.N,8*W S-coL>[%~-!XVXV;!$~&j@k%.-8XM#=-$-$.E>F>F&jXI+(*{&m,w,w,w", +",w,w,w,w,w$s%L T-}.]:7oQ@c:e=b=l#0&h*< W-J#IoHoH-aOJ@o>IXVXV$~$~$~;!oaoa%B-$#=#=>F>F>F>F>F+$%%OS%_ _>F>F>F>F>F>F>F&jOF=+@(,w,w,w", +",w,w,w,w,w&5-'Og@F@t@5 WO=.dOF;6:* [#{-!XV;!-$-$-R=A-JXI&j>F>F>F>F>F>F>F>F>F>F>F>F>F>F>F>F$~@k=I-z _>F>F>F>F>F>F>F#=:2%l:A,w,w,w", +",w,w,w,w,w:J*I#Q.O+0O>XV;!;!%B-$-$.E>F>F>F>F>F>F=<:r*a.#.E>F>F>F>F>F>F>F>F>F>F>F>F>F>F>F>F;!$e$B+Z _>F>F>F>F>F>F>F-$@g$ &U,w,w,w", +",w,w,w,w,w,w,wOY i%$#=>F>F>F>F>F>F>F>F>F>F>F>F>F _ z$,>Q-$>F>F>F>F>F>F>F>F>F>F>F>F>F>F>F>F;!X~+`=H*8-$#= _ _ _ _=<$~Oh>S+E,w,w,w", +",w,w,w,w,w,w,w&!ok%$#=>F>F>F>F>F>F>F>F>F>F>F>F>F _+9Oe>Q-$>F>F>F>F>F>F>F>F&j&j.E-$-$-$#=#=>b:EO`@Q:];6=mX=-zX=@D.t=H:n.T+-,w,w,w", +",w,w,w,w,w,w,w u@q%_#=>F>F>F>F>F>F>F>F>F>F>F>F>F _.(%Q+p#=&j-$-$-$-$#=#=&j:%${=s&S&S+p:5:5X`@a@R+gXJ-^ y=}-d,> Z+5*=-E=a:F,w,w,w", +",w,w,w,w,w,w,w%F&j&j&j&j&j&j-$-$-$-$-$&j>F#$%{,#oB-8>Q g g@g>@>o M@oXf-+X~*r#-=>.p:N$x;@-&XhX>O|Xn*p-l-/#C;m,0,w,w,w,w,w", +",w,w,w,w,w,w,w$tX),#=<$=XIXI${oZ=s.#.}.}.}*n*nOF G&nX;@5 3%G:)-[+[Xv=@&#@L@M%J%J*^O0%F&.O1=]*2*w,w,w,w,w,w,w,w,w,w,w,w,w,w,w,w,w", +",w,w,w,w,w,w,w+7>}o< 9OF;No3-J;'%bXJXT*;;E=8=+@ ,7,%&E*P>!Ok;&O%oN%I-/-_OZXk,w,w,w,w,w,w,w,w,w,w,w,w,w,w,w,w,w,w,w,w,w,w,w,w,w,w", +",w,w,w,w,w,w,w-so%@ROjOj-;O4Oi-rXtXD+==p c& c #3369A2", +" , c #879BC3", +" < c #6E6E6F", +" 1 c #164875", +" 2 c #4F77AD", +" 3 c #A3A3A3", +" 4 c #B4B3B7", +" 5 c #6A87B7", +" 6 c #6C6C6D", +" 7 c #A1A1A1", +" 8 c #B2BCD6", +" 9 c #9F9F9F", +" 0 c #4A6287", +" q c #26649F", +" w c #9D9D9D", +" e c #9B9B9B", +" r c #656666", +" t c #C1C9DE", +" y c #999999", +" u c #AAA9AD", +" i c #6F737D", +" p c #3E6EA6", +" a c #A9A9AC", +" s c #3D6EA5", +" d c #989798", +" f c #758EBB", +" g c #979797", +" h c #2B2D2D", +" j c #748EBA", +" k c #175D9A", +" l c #165D99", +" z c #DBDADD", +" x c #949394", +" c c #939393", +" v c #A0ADCE", +" b c #5C5C5D", +" n c #919191", +" m c #395876", +" M c #8F8F8F", +" N c #114673", +" B c #8B8B8B", +" V c #21629D", +" C c #898989", +" Z c #878787", +" A c #505051", +" S c #858585", +" D c #396CA4", +" F c #838383", +" G c #547AAE", +" H c #BAC3DA", +" J c #C8C6CA", +" K c #818181", +" L c #4A4A4B", +" P c #7F7F7F", +" I c #7D7D7D", +" U c #7B7B7B", +" Y c #9DA8C4", +" T c #7A797A", +" R c #C0BEC2", +" E c #797979", +" W c #6081B3", +" Q c #777777", +" ! c #295173", +" ~ c #1D609C", +" ^ c #757575", +" / c #737373", +" ( c #EEEDEF", +" ) c #727172", +" _ c #6C7076", +" ` c #717171", +" ' c #888FA2", +" ] c #899CC4", +" [ c #346AA2", +" { c #889CC3", +" } c #393A3A", +" | c #5078AD", +". c #7F7F82", +".. c #6B88B7", +".X c #6D6D6D", +".o c #6B6B6B", +".O c #E6E5E7", +".+ c #27659F", +".@ c #696969", +".# c #676767", +".$ c #72767F", +".% c #767779", +".& c #C3CADF", +".* c #656565", +".= c #AAAAAC", +".- c #2E2E2F", +".; c #737576", +".: c #636363", +".> c #636E84", +"., c #616161", +".< c #5F5F5F", +".1 c #A5A4A7", +".2 c #A4A4A6", +".3 c #6D6F70", +".4 c #5D5D5D", +".5 c #A3A2A5", +".6 c #5B5B5B", +".7 c #A1A0A3", +".8 c #6786B6", +".9 c #595959", +".0 c #575757", +".q c #AFB9D5", +".w c #23639E", +".e c #555555", +".r c #556476", +".t c #9B9A9D", +".y c #535353", +".u c #90A1C7", +".i c #245E95", +".p c #969698", +".a c #4F4F4F", +".s c #959497", +".d c #949496", +".f c #435C78", +".g c #4D4D4D", +".h c #939295", +".j c #4B4B4B", +".k c #909092", +".l c #494949", +".z c #9CAACC", +".x c #C4C3C5", +".c c #8E8E90", +".v c #474747", +".b c #C3C1C4", +".n c #5B6775", +".m c #454545", +".M c #F6F6F6", +".N c #4672A9", +".B c #434343", +".V c #BDBDBE", +".C c #414141", +".Z c #F2F2F2", +".A c #A9B5D2", +".S c #3F3F3F", +".D c #B9B9BA", +".F c #8990A2", +".G c #366BA3", +".H c #8A9DC4", +".J c #EDECED", +".K c #3B3B3B", +".L c #818083", +".P c #6D89B8", +".I c #6C89B7", +".U c #EAEAEA", +".Y c #E8E8E8", +".T c #353535", +".R c #AFAFB0", +".E c #333333", +".W c #CBCEDC", +".Q c #315573", +".! c #96A6C9", +".~ c #ADADAE", +".^ c #E2E2E2", +"./ c #C4CBDF", +".( c #6D7483", +".) c #4170A7", +"._ c #ABABAC", +".` c #2F2F2F", +".' c #7890BC", +".] c #DFDEDF", +".[ c #2D2D2D", +".{ c #2B2B2B", +".} c #DCDCDC", +".| c #818286", +"X c #292929", +"X. c #D8D8D8", +"XX c #536787", +"Xo c #8499C1", +"XO c #A1A1A2", +"X+ c #6C778F", +"X@ c #9F9FA0", +"X# c #25649F", +"X$ c #D2D2D2", +"X% c #77787C", +"X& c #666668", +"X* c #9B9B9C", +"X= c #CFCECF", +"X- c #636465", +"X; c #526372", +"X: c #CECECE", +"X> c #5E6E8B", +"X, c #CCCCCC", +"X< c #587CB0", +"X1 c #959596", +"X2 c #CACACA", +"X3 c #5E5E60", +"X4 c #C8C8C8", +"X5 c #C6C6C6", +"X6 c #908F91", +"X7 c #2E67A1", +"X8 c #C4C4C4", +"X9 c #D5D4D8", +"X0 c #8E8D8F", +"Xq c #C2C2C2", +"Xw c #565858", +"Xe c #4773A9", +"Xr c #8C8B8D", +"Xt c #6383B4", +"Xy c #C0C0C0", +"Xu c #D1D0D4", +"Xi c #8A898B", +"Xp c #BEBEBE", +"Xa c #ABB6D3", +"Xs c #888789", +"Xd c #878788", +"Xf c #BCBCBC", +"Xg c #868587", +"Xh c #858586", +"Xj c #BABABA", +"Xk c #8B9EC4", +"Xl c #B8B8B8", +"Xz c #828383", +"Xx c #537AAE", +"Xc c #6E8AB8", +"Xv c #B6B6B6", +"Xb c #4A4C4C", +"Xn c #B8C1D9", +"Xm c #6A6E72", +"XM c #B5B4B5", +"XN c #B4B4B4", +"XB c #7E7D7F", +"XV c #B2B2B2", +"XC c #888C96", +"XZ c #7B7B7C", +"XA c #B0B0B0", +"XS c #444646", +"XD c #98A7CA", +"XF c #56729D", +"XG c #74787F", +"XH c #586674", +"XJ c #AEAEAE", +"XK c #424444", +"XL c #4371A8", +"XP c #5F81B3", +"XI c #787779", +"XU c #7A91BD", +"XY c #135186", +"XT c #ACACAC", +"XR c #404242", +"XE c #677286", +"XW c #757576", +"XQ c #AAAAAA", +"X! c #BABABD", +"X~ c #747375", +"X^ c #A6B2D1", +"X/ c #A8A8A8", +"X( c #A5B2D0", +"X) c #A6A6A6", +"X_ c #A4A4A4", +"X` c #A4A2A4", +"X' c #A2A2A2", +"X] c #6C6D6D", +"X[ c #7C7D80", +"X{ c #6B6B6C", +"X} c #B3BDD7", +"X| c #A0A0A0", +"o c #B1B0B4", +"o. c #9F9E9F", +"oX c #9E9E9E", +"oo c #676768", +"oO c #9C9C9C", +"o+ c #ADACB0", +"o@ c #9A9A9A", +"o# c #989898", +"o$ c #5A7DB1", +"o% c #597DB0", +"o& c #969696", +"o* c #949494", +"o= c #DAD9DC", +"o- c #D0D5E6", +"o; c #929292", +"o: c #2F68A1", +"o> c #909090", +"o, c #7C88A4", +"o< c #5F6977", +"o1 c #4A74AB", +"o2 c #8E8E8E", +"o3 c #9F9EA2", +"o4 c #8196C0", +"o5 c #4974AA", +"o6 c #9E9EA1", +"o7 c #6484B4", +"o8 c #575758", +"o9 c #8C8C8C", +"o0 c #5A6772", +"oq c #8A8A8A", +"ow c #ACB7D3", +"oe c #888888", +"or c #868686", +"ot c #8D9FC5", +"oy c #CBC9CD", +"ou c #848484", +"oi c #386BA3", +"op c #708BB9", +"oa c #636D7E", +"os c #828282", +"od c #818081", +"of c #808080", +"og c #C6C5C8", +"oh c #506689", +"oj c #7E7E7E", +"ok c #7C7C7C", +"ol c #99A8CA", +"oz c #767980", +"ox c #7A7A7A", +"oc c #787878", +"ov c #7B92BD", +"ob c #767676", +"on c #BCBBBE", +"om c #F1F0F2", +"oM c #747474", +"oN c #A7B3D1", +"oB c #727272", +"oV c #707070", +"oC c #B6B5B8", +"oZ c #3E5A77", +"oA c #6E6E6E", +"oS c #6D6C6D", +"oD c #B5BED8", +"oF c #6C6C6C", +"oG c #B1B1B3", +"oH c #6A6A6A", +"oJ c #B0AFB2", +"oK c #E5E4E6", +"oL c #797A7C", +"oP c #686868", +"oI c #E3E2E4", +"oU c #666666", +"oY c #94A4C8", +"oT c #646464", +"oR c #5B7EB1", +"oE c #636263", +"oW c #646F85", +"oQ c #626262", +"o! c #A8A7AA", +"o~ c #415C7D", +"o^ c #185D9A", +"o/ c #606060", +"o( c #D2D6E7", +"o) c #5E5E5E", +"o_ c #5C5C5C", +"o` c #D7D6D8", +"o' c #5A5A5A", +"o] c #4B75AB", +"o[ c #A09FA2", +"o{ c #8297C0", +"o} c #585858", +"o| c #9D9D9F", +"O c #AFBAD5", +"O. c #565656", +"OX c #545454", +"Oo c #526373", +"OO c #525252", +"O+ c #98979A", +"O@ c #727478", +"O# c #577CB0", +"O$ c #3A6CA4", +"O% c #4E4E4E", +"O& c #718CB9", +"O* c #FFFFFF", +"O= c #6D7073", +"O- c #4C4C4C", +"O; c #194973", +"O: c #7389B1", +"O> c #FCFBFC", +"O, c #8B8E97", +"O< c #C5C4C6", +"O1 c #9BA9CB", +"O2 c #CAD0E2", +"O3 c #F7F7F7", +"O4 c #444444", +"O5 c #7C93BD", +"O6 c #BEBEBF", +"O7 c #878789", +"O8 c #404040", +"O9 c #BCBABD", +"O0 c #A8B4D1", +"Oq c #BBBABC", +"Ow c #EFEFEF", +"Oe c #3C3C3C", +"Or c #898FA2", +"Ot c #807F82", +"Oy c #B4B4B5", +"Ou c #383838", +"Oi c #B6BFD8", +"Op c #E7E7E7", +"Oa c #E5E5E5", +"Os c #323232", +"Od c #C5CCE0", +"Of c #303030", +"Og c #5D7FB2", +"Oh c #5C7FB1", +"Oj c #1A5E9B", +"Ok c #A8A8A9", +"Ol c #DCDBDC", +"Oz c #D3D7E7", +"Ox c #A3B0CF", +"Oc c #DBDBDB", +"Ov c #D9D9D9", +"Ob c #A3A2A4", +"On c #859AC2", +"Om c #787C87", +"OM c #D7D7D7", +"ON c #4D76AC", +"OB c #838B9F", +"OV c #4C76AB", +"OC c #6886B6", +"OZ c #D3D3D3", +"OA c #24639E", +"OS c #9A9A9B", +"OD c #CFCFCF", +"OF c #506E9B", +"OG c #CDCDCD", +"OH c #3B6DA4", +"OJ c #BEC6DC", +"OK c #CBCBCB", +"OL c #959496", +"OP c #5F5F61", +"OI c #949495", +"OU c #939294", +"OY c #385880", +"OT c #C7C7C7", +"OR c #5B5D5D", +"OE c #CDD3E4", +"OW c #909091", +"OQ c #C5C5C5", +"O! c #8F8E90", +"O~ c #8C8C8D", +"O^ c #565758", +"O/ c #C1C1C1", +"O( c #7E94BE", +"O) c #BFBFBF", +"O_ c #D0CFD3", +"O` c #20619D", +"O' c #496FA1", +"O] c #BDBDBD", +"O[ c #BBBBBB", +"O{ c #848485", +"O} c #214D73", +"O| c #B9B9B9", +"+ c #7A808F", +"+. c #B7B7B7", +"+X c #C8C7CB", +"+o c #818082", +"+O c #808081", +"++ c #B5B5B5", +"+@ c #48494A", +"+# c #B3B3B3", +"+$ c #2A66A0", +"+% c None", +/* pixels */ +"+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%", +"+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%", +"+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%", +"+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+% P P PoV.o.o.o.o.j.C+%+%+%+%+%+%+%+%+%+%", +"+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+% P P P P.oob /oBO%.,o)o_oUor S FosXTXT % % %XTXTXTXT g+%+%+%+%+%+%+%+%+%+%", +"+%+%+%+%+%+%+%+%+%+%+%+%+% PoFoVoVoVo/oFoFoMoM+%XvXlO|.YO3.UOaOcOMOGX2X5O/O]XlXv+# OXJXTXT % % %XTXTXTXTXT P+%+%+%+%+%+%+%+%+%", +"+%+%+%+%+%+%+%+%+%+%+%+%XKO/O/O/O/O/O/OMOMOpOpOw.Z.MO3O3O3.UOaOcOMOGX2X5O/O]XlXv+# OXJXTXT % % %XTXTXTXTXT P+%+%+%+%+%+%+%+%+%", +"+%+%+%+%+%+%+%+%+%+%+%XS hO/O/O/O/O/O/OMOMOpOpOw.Z.MO3O3O3.UOaOcOMOGX2X5O/O]XlXv+# OXJXTXT % % %XTXTXTXTXT.*+%+%+%+%+%+%+%+%+%", +"+%+%+%+%+%+%+%+%+%+%X]XwXR wO/O/O/O/O/OMOMOpOpOw.Z.MO3O3O3.UOaOcOMOGX2X5O/O]XlXv+# OXJXTXQX)X)X) 3XQXTXTXT.o+%+%+%+%+%+%+%+%+%", +"+%+%+%+%+%+%+%+%+%+%XbOROR nO/O/O/O/O/OMOMOpOpOw.Z.MO3O3O3.UOaOcOZXyXpXj $XQX/ 7o9oc ^O=o<.n.noZ mokX'XTXTXT.o+%+%+%+%+%+%+%+%+%", +"+%+%+%+%+%+%+%+%+%+%X-.3.3oPO/O/O/O/O/ODOTOZX:X8OQOTXA coqocO@.$ i iXEoW.>XXoh 0OFo$ONo]XLO$oi.+ qoB 7XTXTXT.o+%+%+%+%+%+%+%+%+%", +"+%+%+%+%+%+%+%+%+%+%Xz.;.; rO/O/O/o#.%.|X%O,XC ..FOrOB YX^olXD.u.H {O5ovO&..OCoRoR |o]XeO$O$+$ q VOo wXTXTXT.o+%+%+%+%+%+%+%+%+%", +"+%+%+%+%+%+%+%+%+%+%+%.c.c qX#Oj k k l l l l l l l l l l l.Qo#XTXT K+%+%+%+%+%+%+%+%+%+%", +"+%+%+%+%+%+%+%+%+%+%+%.*.*oE R R #O/XfokO:XU.P..XtoRo$OVo].)O$.G.+ q ~ k k l l l l l l l l l l l l.Qo#XTXT K+%+%+%+%+%+%+%+%+%+%", +"+%+%+%+%+%+%+%+%+%+%+%OXOXo8 4 4X~O/O/X|X>op...8oRoR 2o].NO$ D+$ qO` k k l l l l l l l l l l l l l.Qo#XTXTob+%+%+%+%+%+%+%+%+%+%", +"+%+%+%+%+%+%+%+%+%+%+%.K.K L 4 4X&O/O/XAoa.. 5OhoRXxo]o5OHO$X7 q.wo^ k l l l l l l l l lXY N !.QX;Xmo#XTXTO.+%+%+%+%+%+%+%+%+%+%", +"+%+%+%+%+%+%+%+%+%+%+%.EOs.- u uOt++O/O) _..XPoRO#o]o] sO$ > qX#Oj k k l lXY N !.QX;o0oB So#o@ wX|X' =XTXTO.+%+%+%+%+%+%+%+%+%+%", +"+%+%+%+%+%+%+%+%+%+%+%+%o9X u u.s nO/OD SXFoRo%OVo].)O$.G.+.i 1O} +X;o0oB So# e 9 3X_X/X/XT % % %XTXTXTXT.6+%+%+%+%+%+%+%+%+%+%", +"+%+%+%+%+%+%+%+%+%+%+%+%+%+%+% u u.XO/OMX_ XoRO'OYo~.f.rXHoBoko#oO ; % OXN++XlXv+# OXJXTXT g nou =XTXTXT.o+%+%+%+%+%+%+%+%+%+%", +"+%+%+%+%+%+%+%+%+%+%+%+%+%+%+% u u+OO/OMXNXGoBoko#oXXAXfX4ODX$OcOMOGX2X5O/O]XlXv+# OXJXTXTo2o* ;XT g KO..*+%+%+%+%+%+%+%+%+%+%", +"+%+%+%+%+%+%+%+%+%+%+%+%+% FOeXB.c bO/OMODXyX:Ov.Z.MO3O3O3.UOaOcOMOGX2X5O/O]XlXv+# OXJXT K.oo)o'.0.@ S+%+%+%+%+%+%+%+%+%+%+%+%", +"+%+%+%+%+%+%+%+%+%+%+%+%+%.*.EO8Xh.6O/OMOMOpOpOw.Z.MO3O3O3.UOaOcOMOGX2X5O/O]XlXQoroQ.4.:O.oBo#o#+% SoBo9+%+%+%+%+%+%+%+%+%+%+%+%", +"+%+%+%+%+%+%+%+%+%+%+%+%+%oB.EOfO^+@O/OMOMOpOpOw.Z.MO3O3O3.UOaOcOMOGX_ok I.X*o|OL.7oCoGoGOy.= a a+%+%+%+%+%+%+%+%+%+%+%+%+%+%", +"+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%.*o#o# Fo;o#o#o#o#o#o#o#o#o#o# ; ;o9OWOIXO.5+XX9Oom (oKoI zo=X9X9XhO-oo T.koJo+ u u a a+%+%+%+%+%+%+%+%+%+%+%+%+%+%", +"+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%o9o#o#XpOPo6 u u.b :.JO*O*O*O>om (oKoI zo=X9X9XuX9ogogon -o u u a a+%+%+%+%+%+%+%+%+%+%+%+%+%+%", +"+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%o#XpO7 a u u.b :.JO*O*O*O>om (oKoI zo=X9X9X9X9ogOU Pod.h u u a a+%+%+%+%+%+%+%+%+%+%+%+%+%+%", +"+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%o9o#XpO7 a u u.b :.JO*O*O*O>.Oo`X=oI zo=X9X9X9X9Oq. ;+#+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%", +"+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%oV a u+%X0+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%", +"+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%", +"+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%", +"+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%", +"+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%", +"+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%" +}; diff --git a/src/gui/Icons/inbound.png b/src/gui/Icons/inbound.png new file mode 100644 index 000000000..c23294c5b Binary files /dev/null and b/src/gui/Icons/inbound.png differ diff --git a/src/gui/Icons/info_25.png b/src/gui/Icons/info_25.png new file mode 100644 index 000000000..2d4d0ad70 Binary files /dev/null and b/src/gui/Icons/info_25.png differ diff --git a/src/gui/Icons/install_25.png b/src/gui/Icons/install_25.png new file mode 100644 index 000000000..038cda16a Binary files /dev/null and b/src/gui/Icons/install_25.png differ diff --git a/src/gui/Icons/interface-neg_25.png b/src/gui/Icons/interface-neg_25.png new file mode 100644 index 000000000..5194dd2ca Binary files /dev/null and b/src/gui/Icons/interface-neg_25.png differ diff --git a/src/gui/Icons/interface-ref_25.png b/src/gui/Icons/interface-ref_25.png new file mode 100644 index 000000000..b67abb7d5 Binary files /dev/null and b/src/gui/Icons/interface-ref_25.png differ diff --git a/src/gui/Icons/interface_16.png b/src/gui/Icons/interface_16.png new file mode 100644 index 000000000..6a85bef0f Binary files /dev/null and b/src/gui/Icons/interface_16.png differ diff --git a/src/gui/Icons/interface_25.png b/src/gui/Icons/interface_25.png new file mode 100644 index 000000000..8d9cfd2fc Binary files /dev/null and b/src/gui/Icons/interface_25.png differ diff --git a/src/gui/Icons/key.png b/src/gui/Icons/key.png new file mode 100644 index 000000000..5612b1924 Binary files /dev/null and b/src/gui/Icons/key.png differ diff --git a/src/gui/Icons/left-arrow.png b/src/gui/Icons/left-arrow.png new file mode 100644 index 000000000..41be3ec83 Binary files /dev/null and b/src/gui/Icons/left-arrow.png differ diff --git a/src/gui/Icons/library_16.png b/src/gui/Icons/library_16.png new file mode 100644 index 000000000..e00356816 Binary files /dev/null and b/src/gui/Icons/library_16.png differ diff --git a/src/gui/Icons/library_25.png b/src/gui/Icons/library_25.png new file mode 100644 index 000000000..02efe125d Binary files /dev/null and b/src/gui/Icons/library_25.png differ diff --git a/src/gui/Icons/lock.png b/src/gui/Icons/lock.png new file mode 100644 index 000000000..cdeed2031 Binary files /dev/null and b/src/gui/Icons/lock.png differ diff --git a/src/gui/Icons/log.png b/src/gui/Icons/log.png new file mode 100644 index 000000000..941255598 Binary files /dev/null and b/src/gui/Icons/log.png differ diff --git a/src/gui/Icons/log_25.png b/src/gui/Icons/log_25.png new file mode 100644 index 000000000..4d2154203 Binary files /dev/null and b/src/gui/Icons/log_25.png differ diff --git a/src/gui/Icons/neg.png b/src/gui/Icons/neg.png new file mode 100644 index 000000000..65235e30f Binary files /dev/null and b/src/gui/Icons/neg.png differ diff --git a/src/gui/Icons/network-neg_25.png b/src/gui/Icons/network-neg_25.png new file mode 100644 index 000000000..9e573182d Binary files /dev/null and b/src/gui/Icons/network-neg_25.png differ diff --git a/src/gui/Icons/network-ref_25.png b/src/gui/Icons/network-ref_25.png new file mode 100644 index 000000000..3e5340cf2 Binary files /dev/null and b/src/gui/Icons/network-ref_25.png differ diff --git a/src/gui/Icons/network_16.png b/src/gui/Icons/network_16.png new file mode 100644 index 000000000..73d049557 Binary files /dev/null and b/src/gui/Icons/network_16.png differ diff --git a/src/gui/Icons/network_25.png b/src/gui/Icons/network_25.png new file mode 100644 index 000000000..c66d03f7e Binary files /dev/null and b/src/gui/Icons/network_25.png differ diff --git a/src/gui/Icons/newfile_25.png b/src/gui/Icons/newfile_25.png new file mode 100644 index 000000000..4c99a914f Binary files /dev/null and b/src/gui/Icons/newfile_25.png differ diff --git a/src/gui/Icons/newobject_25.png b/src/gui/Icons/newobject_25.png new file mode 100644 index 000000000..e4e9f747f Binary files /dev/null and b/src/gui/Icons/newobject_25.png differ diff --git a/src/gui/Icons/newobject_32.png b/src/gui/Icons/newobject_32.png new file mode 100644 index 000000000..7c19327a6 Binary files /dev/null and b/src/gui/Icons/newobject_32.png differ diff --git a/src/gui/Icons/no.png b/src/gui/Icons/no.png new file mode 100644 index 000000000..635e4c0b1 Binary files /dev/null and b/src/gui/Icons/no.png differ diff --git a/src/gui/Icons/object-group-neg_25.png b/src/gui/Icons/object-group-neg_25.png new file mode 100644 index 000000000..6a961de4f Binary files /dev/null and b/src/gui/Icons/object-group-neg_25.png differ diff --git a/src/gui/Icons/object-group-ref_25.png b/src/gui/Icons/object-group-ref_25.png new file mode 100644 index 000000000..8f5e8479d Binary files /dev/null and b/src/gui/Icons/object-group-ref_25.png differ diff --git a/src/gui/Icons/object-group_16.png b/src/gui/Icons/object-group_16.png new file mode 100644 index 000000000..1d36ad385 Binary files /dev/null and b/src/gui/Icons/object-group_16.png differ diff --git a/src/gui/Icons/object-group_25.png b/src/gui/Icons/object-group_25.png new file mode 100644 index 000000000..24708aab5 Binary files /dev/null and b/src/gui/Icons/object-group_25.png differ diff --git a/src/gui/Icons/ok.png b/src/gui/Icons/ok.png new file mode 100644 index 000000000..918f25c7f Binary files /dev/null and b/src/gui/Icons/ok.png differ diff --git a/src/gui/Icons/openfile_25.png b/src/gui/Icons/openfile_25.png new file mode 100644 index 000000000..248455279 Binary files /dev/null and b/src/gui/Icons/openfile_25.png differ diff --git a/src/gui/Icons/options_25.png b/src/gui/Icons/options_25.png new file mode 100644 index 000000000..be34fffb8 Binary files /dev/null and b/src/gui/Icons/options_25.png differ diff --git a/src/gui/Icons/outbound.png b/src/gui/Icons/outbound.png new file mode 100644 index 000000000..a2857eff9 Binary files /dev/null and b/src/gui/Icons/outbound.png differ diff --git a/src/gui/Icons/physaddress-neg_25.png b/src/gui/Icons/physaddress-neg_25.png new file mode 100644 index 000000000..a52f7cf17 Binary files /dev/null and b/src/gui/Icons/physaddress-neg_25.png differ diff --git a/src/gui/Icons/physaddress-ref_25.png b/src/gui/Icons/physaddress-ref_25.png new file mode 100644 index 000000000..d436b399c Binary files /dev/null and b/src/gui/Icons/physaddress-ref_25.png differ diff --git a/src/gui/Icons/physaddress_16.png b/src/gui/Icons/physaddress_16.png new file mode 100644 index 000000000..e556b2f7d Binary files /dev/null and b/src/gui/Icons/physaddress_16.png differ diff --git a/src/gui/Icons/physaddress_25.png b/src/gui/Icons/physaddress_25.png new file mode 100644 index 000000000..e01be4fc7 Binary files /dev/null and b/src/gui/Icons/physaddress_25.png differ diff --git a/src/gui/Icons/pipe_25.png b/src/gui/Icons/pipe_25.png new file mode 100644 index 000000000..f72f0e550 Binary files /dev/null and b/src/gui/Icons/pipe_25.png differ diff --git a/src/gui/Icons/protect_host.png b/src/gui/Icons/protect_host.png new file mode 100644 index 000000000..a3448256b Binary files /dev/null and b/src/gui/Icons/protect_host.png differ diff --git a/src/gui/Icons/protect_net.png b/src/gui/Icons/protect_net.png new file mode 100644 index 000000000..2021c7ffe Binary files /dev/null and b/src/gui/Icons/protect_net.png differ diff --git a/src/gui/Icons/protect_net_and_dmz.png b/src/gui/Icons/protect_net_and_dmz.png new file mode 100644 index 000000000..3fb6b3fb2 Binary files /dev/null and b/src/gui/Icons/protect_net_and_dmz.png differ diff --git a/src/gui/Icons/question.png b/src/gui/Icons/question.png new file mode 100644 index 000000000..2afbc7a87 Binary files /dev/null and b/src/gui/Icons/question.png differ diff --git a/src/gui/Icons/rangeaddress-neg_25.png b/src/gui/Icons/rangeaddress-neg_25.png new file mode 100644 index 000000000..e3775e05d Binary files /dev/null and b/src/gui/Icons/rangeaddress-neg_25.png differ diff --git a/src/gui/Icons/rangeaddress-ref_25.png b/src/gui/Icons/rangeaddress-ref_25.png new file mode 100644 index 000000000..9627fddeb Binary files /dev/null and b/src/gui/Icons/rangeaddress-ref_25.png differ diff --git a/src/gui/Icons/rangeaddress_16.png b/src/gui/Icons/rangeaddress_16.png new file mode 100644 index 000000000..2813beff8 Binary files /dev/null and b/src/gui/Icons/rangeaddress_16.png differ diff --git a/src/gui/Icons/rangeaddress_25.png b/src/gui/Icons/rangeaddress_25.png new file mode 100644 index 000000000..433dda752 Binary files /dev/null and b/src/gui/Icons/rangeaddress_25.png differ diff --git a/src/gui/Icons/redo.png b/src/gui/Icons/redo.png new file mode 100644 index 000000000..1ae101f18 Binary files /dev/null and b/src/gui/Icons/redo.png differ diff --git a/src/gui/Icons/ref.png b/src/gui/Icons/ref.png new file mode 100644 index 000000000..fc33f30cb Binary files /dev/null and b/src/gui/Icons/ref.png differ diff --git a/src/gui/Icons/reject_25.png b/src/gui/Icons/reject_25.png new file mode 100644 index 000000000..826ca976c Binary files /dev/null and b/src/gui/Icons/reject_25.png differ diff --git a/src/gui/Icons/right-arrow.png b/src/gui/Icons/right-arrow.png new file mode 100644 index 000000000..4c520ce03 Binary files /dev/null and b/src/gui/Icons/right-arrow.png differ diff --git a/src/gui/Icons/route_25.png b/src/gui/Icons/route_25.png new file mode 100644 index 000000000..22f21460e Binary files /dev/null and b/src/gui/Icons/route_25.png differ diff --git a/src/gui/Icons/rules_druid_logo.png b/src/gui/Icons/rules_druid_logo.png new file mode 100644 index 000000000..b2bf253f9 Binary files /dev/null and b/src/gui/Icons/rules_druid_logo.png differ diff --git a/src/gui/Icons/save_25.png b/src/gui/Icons/save_25.png new file mode 100644 index 000000000..99486e71b Binary files /dev/null and b/src/gui/Icons/save_25.png differ diff --git a/src/gui/Icons/search_25.png b/src/gui/Icons/search_25.png new file mode 100644 index 000000000..8e1a67e71 Binary files /dev/null and b/src/gui/Icons/search_25.png differ diff --git a/src/gui/Icons/service-custom-neg_25.png b/src/gui/Icons/service-custom-neg_25.png new file mode 100644 index 000000000..a9dba0d15 Binary files /dev/null and b/src/gui/Icons/service-custom-neg_25.png differ diff --git a/src/gui/Icons/service-custom-ref_25.png b/src/gui/Icons/service-custom-ref_25.png new file mode 100644 index 000000000..1a17c4d17 Binary files /dev/null and b/src/gui/Icons/service-custom-ref_25.png differ diff --git a/src/gui/Icons/service-custom_16.png b/src/gui/Icons/service-custom_16.png new file mode 100644 index 000000000..3b495e163 Binary files /dev/null and b/src/gui/Icons/service-custom_16.png differ diff --git a/src/gui/Icons/service-custom_25.png b/src/gui/Icons/service-custom_25.png new file mode 100644 index 000000000..c4e4e9a62 Binary files /dev/null and b/src/gui/Icons/service-custom_25.png differ diff --git a/src/gui/Icons/service-group-neg_25.png b/src/gui/Icons/service-group-neg_25.png new file mode 100644 index 000000000..dc94829d6 Binary files /dev/null and b/src/gui/Icons/service-group-neg_25.png differ diff --git a/src/gui/Icons/service-group-ref_25.png b/src/gui/Icons/service-group-ref_25.png new file mode 100644 index 000000000..a99a952c2 Binary files /dev/null and b/src/gui/Icons/service-group-ref_25.png differ diff --git a/src/gui/Icons/service-group_16.png b/src/gui/Icons/service-group_16.png new file mode 100644 index 000000000..7b607ab07 Binary files /dev/null and b/src/gui/Icons/service-group_16.png differ diff --git a/src/gui/Icons/service-group_25.png b/src/gui/Icons/service-group_25.png new file mode 100644 index 000000000..b143150c3 Binary files /dev/null and b/src/gui/Icons/service-group_25.png differ diff --git a/src/gui/Icons/service-icmp-neg_25.png b/src/gui/Icons/service-icmp-neg_25.png new file mode 100644 index 000000000..82b199c3a Binary files /dev/null and b/src/gui/Icons/service-icmp-neg_25.png differ diff --git a/src/gui/Icons/service-icmp-ref_25.png b/src/gui/Icons/service-icmp-ref_25.png new file mode 100644 index 000000000..625efbbf8 Binary files /dev/null and b/src/gui/Icons/service-icmp-ref_25.png differ diff --git a/src/gui/Icons/service-icmp_16.png b/src/gui/Icons/service-icmp_16.png new file mode 100644 index 000000000..2ab6533f8 Binary files /dev/null and b/src/gui/Icons/service-icmp_16.png differ diff --git a/src/gui/Icons/service-icmp_25.png b/src/gui/Icons/service-icmp_25.png new file mode 100644 index 000000000..5807df698 Binary files /dev/null and b/src/gui/Icons/service-icmp_25.png differ diff --git a/src/gui/Icons/service-ip-neg_25.png b/src/gui/Icons/service-ip-neg_25.png new file mode 100644 index 000000000..81d9f4992 Binary files /dev/null and b/src/gui/Icons/service-ip-neg_25.png differ diff --git a/src/gui/Icons/service-ip-ref_25.png b/src/gui/Icons/service-ip-ref_25.png new file mode 100644 index 000000000..91bbf7e7b Binary files /dev/null and b/src/gui/Icons/service-ip-ref_25.png differ diff --git a/src/gui/Icons/service-ip_16.png b/src/gui/Icons/service-ip_16.png new file mode 100644 index 000000000..321b23ad8 Binary files /dev/null and b/src/gui/Icons/service-ip_16.png differ diff --git a/src/gui/Icons/service-ip_25.png b/src/gui/Icons/service-ip_25.png new file mode 100644 index 000000000..dc4a4d0ab Binary files /dev/null and b/src/gui/Icons/service-ip_25.png differ diff --git a/src/gui/Icons/service-tag-neg_25.png b/src/gui/Icons/service-tag-neg_25.png new file mode 100644 index 000000000..2839360ac Binary files /dev/null and b/src/gui/Icons/service-tag-neg_25.png differ diff --git a/src/gui/Icons/service-tag-ref_25.png b/src/gui/Icons/service-tag-ref_25.png new file mode 100644 index 000000000..f1d00ccd0 Binary files /dev/null and b/src/gui/Icons/service-tag-ref_25.png differ diff --git a/src/gui/Icons/service-tag_16.png b/src/gui/Icons/service-tag_16.png new file mode 100644 index 000000000..4a57c8a41 Binary files /dev/null and b/src/gui/Icons/service-tag_16.png differ diff --git a/src/gui/Icons/service-tag_25.png b/src/gui/Icons/service-tag_25.png new file mode 100644 index 000000000..53bbbc49c Binary files /dev/null and b/src/gui/Icons/service-tag_25.png differ diff --git a/src/gui/Icons/service-tcp-neg_25.png b/src/gui/Icons/service-tcp-neg_25.png new file mode 100644 index 000000000..6d32db4bc Binary files /dev/null and b/src/gui/Icons/service-tcp-neg_25.png differ diff --git a/src/gui/Icons/service-tcp-ref_25.png b/src/gui/Icons/service-tcp-ref_25.png new file mode 100644 index 000000000..41324e83e Binary files /dev/null and b/src/gui/Icons/service-tcp-ref_25.png differ diff --git a/src/gui/Icons/service-tcp_16.png b/src/gui/Icons/service-tcp_16.png new file mode 100644 index 000000000..f6eea8590 Binary files /dev/null and b/src/gui/Icons/service-tcp_16.png differ diff --git a/src/gui/Icons/service-tcp_25.png b/src/gui/Icons/service-tcp_25.png new file mode 100644 index 000000000..5eb4b5688 Binary files /dev/null and b/src/gui/Icons/service-tcp_25.png differ diff --git a/src/gui/Icons/service-udp-neg_25.png b/src/gui/Icons/service-udp-neg_25.png new file mode 100644 index 000000000..abfd0875e Binary files /dev/null and b/src/gui/Icons/service-udp-neg_25.png differ diff --git a/src/gui/Icons/service-udp-ref_25.png b/src/gui/Icons/service-udp-ref_25.png new file mode 100644 index 000000000..42c17b610 Binary files /dev/null and b/src/gui/Icons/service-udp-ref_25.png differ diff --git a/src/gui/Icons/service-udp_16.png b/src/gui/Icons/service-udp_16.png new file mode 100644 index 000000000..e02af5746 Binary files /dev/null and b/src/gui/Icons/service-udp_16.png differ diff --git a/src/gui/Icons/service-udp_25.png b/src/gui/Icons/service-udp_25.png new file mode 100644 index 000000000..0f0a5a610 Binary files /dev/null and b/src/gui/Icons/service-udp_25.png differ diff --git a/src/gui/Icons/stop.png b/src/gui/Icons/stop.png new file mode 100644 index 000000000..e8fb15dc0 Binary files /dev/null and b/src/gui/Icons/stop.png differ diff --git a/src/gui/Icons/tag_25.png b/src/gui/Icons/tag_25.png new file mode 100644 index 000000000..d625b32c3 Binary files /dev/null and b/src/gui/Icons/tag_25.png differ diff --git a/src/gui/Icons/uncheck.png b/src/gui/Icons/uncheck.png new file mode 100644 index 000000000..7e0646f0f Binary files /dev/null and b/src/gui/Icons/uncheck.png differ diff --git a/src/gui/Icons/undo.png b/src/gui/Icons/undo.png new file mode 100644 index 000000000..2d452f6fd Binary files /dev/null and b/src/gui/Icons/undo.png differ diff --git a/src/gui/Icons/up-arrow.png b/src/gui/Icons/up-arrow.png new file mode 100644 index 000000000..dae28d8ec Binary files /dev/null and b/src/gui/Icons/up-arrow.png differ diff --git a/src/gui/Icons/warning.png b/src/gui/Icons/warning.png new file mode 100644 index 000000000..49e21d883 Binary files /dev/null and b/src/gui/Icons/warning.png differ diff --git a/src/gui/Icons/yes.png b/src/gui/Icons/yes.png new file mode 100644 index 000000000..a2ac8dd62 Binary files /dev/null and b/src/gui/Icons/yes.png differ diff --git a/src/gui/Images/designer_dataview.png b/src/gui/Images/designer_dataview.png new file mode 100644 index 000000000..d39224063 Binary files /dev/null and b/src/gui/Images/designer_dataview.png differ diff --git a/src/gui/Images/designer_searchfind.png b/src/gui/Images/designer_searchfind.png new file mode 100644 index 000000000..5dcb443f0 Binary files /dev/null and b/src/gui/Images/designer_searchfind.png differ diff --git a/src/gui/Images/editcopy b/src/gui/Images/editcopy new file mode 100644 index 000000000..7a39f755d Binary files /dev/null and b/src/gui/Images/editcopy differ diff --git a/src/gui/Images/editcut b/src/gui/Images/editcut new file mode 100644 index 000000000..212ad0c16 Binary files /dev/null and b/src/gui/Images/editcut differ diff --git a/src/gui/Images/editpaste b/src/gui/Images/editpaste new file mode 100644 index 000000000..64a69f259 Binary files /dev/null and b/src/gui/Images/editpaste differ diff --git a/src/gui/Images/filenew b/src/gui/Images/filenew new file mode 100644 index 000000000..8709b729f Binary files /dev/null and b/src/gui/Images/filenew differ diff --git a/src/gui/Images/fileopen b/src/gui/Images/fileopen new file mode 100644 index 000000000..dc9332ff6 Binary files /dev/null and b/src/gui/Images/fileopen differ diff --git a/src/gui/Images/filesave b/src/gui/Images/filesave new file mode 100644 index 000000000..77486ec63 Binary files /dev/null and b/src/gui/Images/filesave differ diff --git a/src/gui/Images/library.png b/src/gui/Images/library.png new file mode 100644 index 000000000..a62aa3a93 Binary files /dev/null and b/src/gui/Images/library.png differ diff --git a/src/gui/Images/print b/src/gui/Images/print new file mode 100644 index 000000000..f0f6fec60 Binary files /dev/null and b/src/gui/Images/print differ diff --git a/src/gui/Images/redo b/src/gui/Images/redo new file mode 100644 index 000000000..881910416 Binary files /dev/null and b/src/gui/Images/redo differ diff --git a/src/gui/Images/searchfind b/src/gui/Images/searchfind new file mode 100644 index 000000000..1a596ae82 Binary files /dev/null and b/src/gui/Images/searchfind differ diff --git a/src/gui/Images/tabwidget.png b/src/gui/Images/tabwidget.png new file mode 100644 index 000000000..48d075720 Binary files /dev/null and b/src/gui/Images/tabwidget.png differ diff --git a/src/gui/Images/undo b/src/gui/Images/undo new file mode 100644 index 000000000..ebe3f1127 Binary files /dev/null and b/src/gui/Images/undo differ diff --git a/src/gui/Importer.cpp b/src/gui/Importer.cpp new file mode 100644 index 000000000..9118f105e --- /dev/null +++ b/src/gui/Importer.cpp @@ -0,0 +1,939 @@ +/* + + Firewall Builder + + Copyright (C) 2007 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: Importer.cpp,v 1.17 2007/08/06 07:07:22 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "utils_no_qt.h" +#include "platforms.h" + + +#include "Importer.h" + +#include +#include +#include + +#include + +#include "fwbuilder/FWObject.h" +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/Network.h" +#include "fwbuilder/Address.h" +#include "fwbuilder/AddressRange.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/TagService.h" +#include "fwbuilder/Resources.h" +#include "fwbuilder/Policy.h" +#include "fwbuilder/NAT.h" +#include "fwbuilder/RuleElement.h" + +#include "FWBTree.h" + +using namespace libfwbuilder; + +FWObject* Importer::createObject(const std::string &objType, + const std::string &objName) +{ + assert(library!=NULL); + FWObject *slot = FWBTree::getStandardSlotForObject(library, + objType.c_str()); + return createObject(slot, objType, objName); +} + +FWObject* Importer::createObject(FWObject *parent, + const std::string &objType, + const std::string &objName) +{ + assert(library!=NULL); + FWObject* o = library->getRoot()->create(objType); + if (parent != NULL) + { + parent->add(o); + } + o->setName(objName); + return o; +} + +std::string Importer::getBadRuleColor() +{ + return "#C86E6E"; +} + +void Importer::SaveTmpAddrToSrc() +{ + src_a = tmp_a; + src_nm = tmp_nm; +} + +void Importer::SaveTmpAddrToDst() +{ + dst_a = tmp_a; + dst_nm = tmp_nm; +} + +void Importer::SaveTmpPortToSrc() +{ + src_port_op = tmp_port_op; + src_port_spec = tmp_port_spec; +} + +void Importer::SaveTmpPortToDst() +{ + dst_port_op = tmp_port_op; + dst_port_spec = tmp_port_spec; +} + +Importer::Importer(FWObject *_lib, + const std::string &_platform, + std::istringstream &_input, + Logger *log) : input(_input) +{ + library = _lib; + fw = NULL; + error_counter = 0; + logger = log; + platform = _platform; + clear(); + + current_interface = NULL; + current_ruleset = NULL; + current_rule = NULL; + + tcp_flag_names[libfwbuilder::TCPService::URG]="u"; + tcp_flag_names[libfwbuilder::TCPService::ACK]="a"; + tcp_flag_names[libfwbuilder::TCPService::PSH]="p"; + tcp_flag_names[libfwbuilder::TCPService::RST]="r"; + tcp_flag_names[libfwbuilder::TCPService::SYN]="s"; + tcp_flag_names[libfwbuilder::TCPService::FIN]="f"; + tcp_flag_names[98]="N"; // NONE + tcp_flag_names[99]="A"; // ALL + +} + +void Importer::run() +{ + // create and run parsers in derived classes +} + + +Importer::~Importer() +{ + all_rulesets.clear(); + all_interfaces.clear(); +} + +void Importer::clear() +{ + action = ""; + + protocol = ""; + + src_a = ""; + src_nm = ""; + src_port_op = ""; + src_port_spec = ""; + + dst_a = ""; + dst_nm = ""; + dst_port_op = ""; + dst_port_spec = ""; + + tmp_a = ""; + tmp_nm = ""; + tmp_port_op = ""; + tmp_port_spec = ""; + + logging = false; + established = false; + fragments = false; + + icmp_spec = ""; + icmp_code = ""; + icmp_type = ""; + + time_range_name = ""; + + if (!tcp_flags_mask.empty()) tcp_flags_mask.clear(); + if (!tcp_flags_comp.empty()) tcp_flags_comp.clear(); + if (!tmp_tcp_flags_list.empty()) tmp_tcp_flags_list.clear(); +} + + +Firewall* Importer::getFirewallObject() +{ + if (fw!=NULL) return fw; + + FWObject *nobj = createObject(Firewall::TYPENAME, "New Firewall"); + + fw = Firewall::cast(nobj); + + fw->setStr("platform", platform); + + std::map platforms = Resources::getPlatforms(); + std::map::iterator i; + for (i=platforms.begin(); i!=platforms.end(); i++) + Resources::setDefaultTargetOptions( i->first , fw ); + + std::map OSs = Resources::getOS(); + for (i=OSs.begin(); i!=OSs.end(); i++) + Resources::setDefaultTargetOptions( i->first , fw ); + + //o->setStr("platform", readPlatform(platform).latin1() ); + //o->setStr("host_OS", readHostOS(hostOS).latin1() ); + + return fw; +} + +/* + * Creates firewall object and sets its name + * + * This assumes that configuration clase that declares host name + * comes first (true for Ciscos, but may not be true for others) + * + */ +void Importer::setHostName(const std::string &hn) +{ + getFirewallObject()->setName(hn); + *logger << "Host name: " << hn << "\n"; +} + +void Importer::newInterface(const std::string &name) +{ + if (all_interfaces.count(name)>0) return; + FWObject *nobj = createObject(fw, Interface::TYPENAME, name); + current_interface = Interface::cast(nobj); + current_interface->setUnnumbered(true); + all_interfaces[name] = current_interface; + + *logger << "Interface: " << name << "\n"; +} + +void Importer::addInterfaceAddress(const std::string &a, + const std::string &nm) +{ + if (current_interface!=NULL) + { + std::string aname = getFirewallObject()->getName() + ":" + + current_interface->getName() + ":ip"; + FWObject *nobj = createObject(current_interface, + IPv4::TYPENAME, + aname); + current_interface->setUnnumbered(false); + IPv4::cast(nobj)->setAddress( a ); + IPv4::cast(nobj)->setNetmask( nm ); + + *logger << "Interface address: " << a << "/" << nm << "\n"; + } +} + +void Importer::addInterfaceComment(const std::string &descr) +{ + assert(current_interface!=NULL); + current_interface->setComment(descr); + *logger << "Interface comment: " << descr << "\n"; +} + +void Importer::addRuleComment(const std::string &comm) +{ + rule_comment += comm; + *logger << "Rule comment: " << comm << "\n"; +} + +UnidirectionalRuleSet* Importer::checkUnidirRuleSet( + const std::string &ruleset_name) +{ + return all_rulesets[ruleset_name]; +} + +UnidirectionalRuleSet* Importer::getUnidirRuleSet( + const std::string &ruleset_name) +{ + UnidirectionalRuleSet *rs = all_rulesets[ruleset_name]; + if (rs==NULL) + { + // got 'ip access-group' command before the access list was defined + + rs = new UnidirectionalRuleSet(); + rs->name = ruleset_name; + FWObjectDatabase *dbroot = getFirewallObject()->getRoot(); + if (ruleset_name == "nat") + rs->ruleset = RuleSet::cast(dbroot->create(NAT::TYPENAME)); + else + rs->ruleset = RuleSet::cast(dbroot->create(Policy::TYPENAME)); + + all_rulesets[ruleset_name] = rs; + + // add this ruleset to the firewall temporarily + // because ruleset must belong to the tree somewhere in + // order for other objects to be added properly. + getFirewallObject()->add(rs->ruleset); + } + return rs; +} + +/* + * associate ruleset with interface + * and direction + * + * if is empty, use current_interface + * + * Note that a ruleset may be associated with multiple interfaces + * and each association can have different direction. + */ +void Importer::setInterfaceAndDirectionForRuleSet(const std::string &ruleset_name, + const std::string &_intf_name, + const std::string &_dir) +{ + UnidirectionalRuleSet *rs = getUnidirRuleSet(ruleset_name); + std::string intf; + if ( !_intf_name.empty()) intf = _intf_name; + else intf = current_interface->getName(); + + if (rs->intf_dir.count(intf)==0) + rs->intf_dir[intf] = _dir; + else + { + // already have this interface with some direction + // compare direction, if different, switcht to "both" + if (rs->intf_dir[intf] != "both" && rs->intf_dir[intf] != _dir) + rs->intf_dir[intf] = "both"; + } + *logger << "Interface " << _intf_name + << " ruleset " << ruleset_name + << " direction '" << _dir << "' " + << "(set to '" << rs->intf_dir[intf] << "')" + << "\n"; +} + +void Importer::newUnidirRuleSet(const std::string &ruleset_name) +{ + current_ruleset = getUnidirRuleSet(ruleset_name); // creates if new + + *logger << "Ruleset: " << ruleset_name << "\n"; +} + + +void Importer::newPolicyRule() +{ + FWObjectDatabase *dbroot = getFirewallObject()->getRoot(); + FWObject *nobj = dbroot->create(PolicyRule::TYPENAME); + current_rule = Rule::cast(nobj); + + // check if all child objects were populated properly + FWOptions *ropt = current_rule->getOptionsObject(); + assert(ropt!=NULL); + ropt->setBool("stateless",true); +} + +void Importer::newNATRule() +{ + FWObjectDatabase *dbroot = getFirewallObject()->getRoot(); + FWObject *nobj = dbroot->create(NATRule::TYPENAME); + current_rule = Rule::cast(nobj); +} + +void Importer::pushRule() +{ + assert(current_ruleset!=NULL); + assert(current_rule!=NULL); + // populate all elements of the rule + + PolicyRule *rule = PolicyRule::cast(current_rule); + + if (action=="permit") rule->setAction(PolicyRule::Accept); + if (action=="deny") rule->setAction(PolicyRule::Deny); + + addSrc(); + addDst(); + addSrv(); + + rule->setLogging(logging); + + // then add it to the current ruleset + current_ruleset->ruleset->add(current_rule); + current_rule->setComment(rule_comment); + +// *logger << "Rule: " << action << " " +// << protocol << " " +// << src_a << "/" << src_nm << " "; +// if (dst_a!="") +// *logger << dst_a << "/" << dst_nm << " "; +// *logger << "\n"; + + current_rule = NULL; + rule_comment = ""; + + clear(); +} + +FWObject* Importer::makeSrcObj() +{ + if ( (src_a=="" && src_nm=="") || (src_a=="0.0.0.0" && src_nm=="0.0.0.0")) + return NULL; // this is 'any' + if (src_nm=="") src_nm="255.255.255.255"; + return createAddress(src_a, src_nm); +} + +FWObject* Importer::makeDstObj() +{ + if ( (dst_a=="" && dst_nm=="") || (dst_a=="0.0.0.0" && dst_nm=="0.0.0.0")) + return NULL; // this is 'any' + if (dst_nm=="") dst_nm="255.255.255.255"; + return createAddress(dst_a, dst_nm); +} + +FWObject* Importer::makeSrvObj() +{ + if (protocol=="") return NULL; // this is 'any' + FWObject *s; + if (protocol=="icmp") s = createICMPService(); + else + if (protocol=="tcp") s = createTCPService(); + else + if (protocol=="udp") s = createUDPService(); + else + s = createIPService(); + // if create*Service returns NULL, this is 'any' + return s; +} + +void Importer::addSrc() +{ + PolicyRule *rule = PolicyRule::cast(current_rule); + RuleElementSrc* src = rule->getSrc(); + assert(src!=NULL); + FWObject *s = makeSrcObj(); + if (s) src->addRef( s ); +} + +void Importer::addDst() +{ + PolicyRule *rule = PolicyRule::cast(current_rule); + RuleElementDst* dst = rule->getDst(); + assert(dst!=NULL); + FWObject *s = makeDstObj(); + if (s) dst->addRef( s ); +} + +void Importer::addSrv() +{ + PolicyRule *rule = PolicyRule::cast(current_rule); + RuleElementSrv* srv = rule->getSrv(); + assert(srv!=NULL); + FWObject *s = makeSrvObj(); + if (s) srv->addRef( s ); +} + +void Importer::addOSrc() +{ + NATRule *rule = NATRule::cast(current_rule); + RuleElementOSrc* src = rule->getOSrc(); + assert(src!=NULL); + FWObject *s = makeSrcObj(); + if (s) src->addRef( s ); +} + +void Importer::addODst() +{ + NATRule *rule = NATRule::cast(current_rule); + RuleElementODst* dst = rule->getODst(); + assert(dst!=NULL); + FWObject *s = makeDstObj(); + if (s) dst->addRef( s ); +} + +void Importer::addOSrv() +{ + NATRule *rule = NATRule::cast(current_rule); + RuleElementOSrv* srv = rule->getOSrv(); + assert(srv!=NULL); + FWObject *s= makeSrvObj(); + if (s) srv->addRef( s ); +} + +Firewall* Importer::finalize() +{ + return fw; +} + +FWObject* Importer::getIPService(int proto) +{ + // this assumes protocol is represented by a number + std::ostringstream nstr, cstr, sstr; + nstr << "ip-" << proto; + sstr << "ip-" << proto; + if (fragments) + { + nstr << " fragm"; + sstr << "-fragm"; + } + cstr << "Imported from " << getFirewallObject()->getName() << "\n" + << "protocol " << proto; + + if (all_objects.count(sstr.str())!=0) return all_objects[sstr.str()]; + + if ( proto==0 && !fragments) + return NULL; // any + + IPService *s = IPService::cast(createObject(IPService::TYPENAME, nstr.str())); + s->setInt("protocol_num", proto); + s->setBool("fragm", fragments); + s->setComment(cstr.str()); + all_objects[sstr.str()] = s; + + *logger << "IP Service object: " << nstr.str() << "\n"; + return s; +} + +FWObject* Importer::getICMPService(int type, int code) +{ + std::ostringstream nstr; + nstr << "icmp " << type << "/" << code; + + std::ostringstream cstr; + cstr << "Imported from " << getFirewallObject()->getName() + << " type " << type << " code " << code; + + std::ostringstream sstr; + sstr << "icmp-" << type << "/" << code; + + if (all_objects.count(sstr.str())!=0) return all_objects[sstr.str()]; + + ICMPService *s = ICMPService::cast( createObject(ICMPService::TYPENAME,nstr.str())); + s->setInt("type", type); + s->setInt("code", code); + s->setComment(cstr.str()); + all_objects[sstr.str()] = s; + *logger << "ICMP Service object: " << nstr.str() << "\n"; + return s; +} + +FWObject* Importer::getTCPService(int srs, int sre, + int drs, int dre, + bool established, + std::list &flags_mask, + std::list &flags_comp) +{ + std::list::iterator li; + + std::ostringstream sstr; + sstr << "tcp-" << srs << "-" << sre << ":" << drs << "-" << dre; + if (established) sstr << "-est"; + + if (!flags_mask.empty() && !flags_comp.empty()) + { + // TCP flags + for (li = flags_mask.begin(); li != flags_mask.end(); ++li) + sstr << "f" << *li; + + for (li = flags_comp.begin(); li != flags_comp.end(); ++li) + sstr << "f" << *li; + } + + if (all_objects.count(sstr.str())!=0) return all_objects[sstr.str()]; + + std::ostringstream cstr; + cstr << "Imported from " << getFirewallObject()->getName() << "\n" + << srs << "-" << sre << ":" << drs << "-" << dre; + if (established) cstr << " est"; + if (!flags_mask.empty() && !flags_comp.empty()) cstr << " flags"; + + std::ostringstream nstr; + nstr << "tcp " ; + if (srs!=0 || sre!=0) nstr << srs << "-" << sre << ":"; + if (drs!=0 || dre!=0) nstr << drs << "-" << dre; + if (established) nstr << " est"; + if (!flags_mask.empty() && !flags_comp.empty()) + { + for (li = flags_mask.begin(); li != flags_mask.end(); ++li) + nstr << tcp_flag_names[*li]; + nstr << "/"; + for (li = flags_comp.begin(); li != flags_comp.end(); ++li) + nstr << tcp_flag_names[*li]; + } + + TCPService* s = TCPService::cast( + createObject(TCPService::TYPENAME, nstr.str())); + s->setInt("src_range_start", srs); + s->setInt("src_range_end", sre); + s->setInt("dst_range_start", drs); + s->setInt("dst_range_end", dre); + + if (!flags_mask.empty() && !flags_comp.empty()) + { + // TCP flags + for (li = flags_mask.begin(); li != flags_mask.end(); ++li) + { + switch (*li) + { + case 99: // ALL + s->setAllTCPFlagMasks(); + break; + case 98: // NONE + s->clearAllTCPFlagMasks(); + break; + default: + s->setTCPFlagMask( TCPService::TCPFlag(*li), true); + } + } + for (li = flags_comp.begin(); li != flags_comp.end(); ++li) + { + switch (*li) + { + case 99: // ALL + s->setTCPFlag( TCPService::URG, true); + s->setTCPFlag( TCPService::ACK, true); + s->setTCPFlag( TCPService::PSH, true); + s->setTCPFlag( TCPService::RST, true); + s->setTCPFlag( TCPService::SYN, true); + s->setTCPFlag( TCPService::FIN, true); + break; + case 98: // NONE + s->clearAllTCPFlags(); + break; + default: + s->setTCPFlag( TCPService::TCPFlag(*li), true); + } + } + } + + s->setEstablished(established); + s->setComment(cstr.str()); + all_objects[sstr.str()] = s; + *logger << "TCP Service object: " << nstr.str() << "\n"; + return s; +} + +FWObject* Importer::getUDPService(int srs, int sre, int drs, int dre) +{ + std::ostringstream sstr; + sstr << "udp-" << srs << "-" << sre << ":" << drs << "-" << dre; + if (all_objects.count(sstr.str())!=0) return all_objects[sstr.str()]; + + std::ostringstream cstr; + cstr << "Imported from " << getFirewallObject()->getName() << "\n" + << srs << "-" << sre << ":" << drs << "-" << dre; + + std::ostringstream nstr; + nstr << "udp " + << srs << "-" << sre << ":" << drs << "-" << dre; + + UDPService* s = UDPService::cast(createObject(UDPService::TYPENAME, nstr.str())); + s->setInt("src_range_start", srs); + s->setInt("src_range_end", sre); + s->setInt("dst_range_start", drs); + s->setInt("dst_range_end", dre); + + s->setComment(cstr.str()); + all_objects[sstr.str()] = s; + *logger << "UDP Service object: " << nstr.str() << "\n"; + return s; +} + +FWObject* Importer::getTagService(const std::string &tagcode) +{ + TagService *s = NULL; + + std::ostringstream nstr, cstr, sstr; + nstr << "tag-" << tagcode; + sstr << "tag-" << tagcode; + cstr << "Imported from " << getFirewallObject()->getName() << "\n" + << "mark " << tagcode; + + if (all_objects.count(sstr.str())!=0) return TagService::cast(all_objects[sstr.str()]); + + s = TagService::cast(createObject(TagService::TYPENAME, nstr.str())); + assert(s!=NULL); + s->setCode(tagcode); + s->setComment(cstr.str()); + all_objects[sstr.str()] = s; + *logger << "Tag Service object: " << nstr.str() << "\n"; + return s; +} + +FWObject* Importer::createICMPService() +{ + int type, code; + std::istringstream s1(icmp_type), s2(icmp_code); + s1.exceptions(std::ios::failbit); + s2.exceptions(std::ios::failbit); + + if (strip(icmp_type).empty()) type = -1; + else + { + try + { + s1 >> type; + } catch (std::exception& e) + { + // could not convert + type = -1; + markCurrentRuleBad(std::string("ICMP type '") + icmp_type + "' unknown"); + } + } + + if (strip(icmp_code).empty()) code = -1; + else + { + try + { + s2 >> code; + } catch (std::exception& e) + { + // could not convert + code = -1; + markCurrentRuleBad(std::string("ICMP code '") + icmp_code + "' unknown"); + } + } + + return getICMPService(type,code); +} + +FWObject* Importer::createIPService() +{ + // this assumes protocol is represented by a number + std::istringstream str(protocol); + str.exceptions(std::ios::failbit); + int proto_num; + try + { + str >> proto_num; + } catch (std::exception& e) + { + // could not convert protocol number + proto_num = 0; + markCurrentRuleBad(std::string("Protocol '") + protocol + "' unknown"); + } + return getIPService(proto_num); +} + +FWObject* Importer::createTCPService() +{ + // Default implementation + // + // use src_port_spec, dst_port_spec + // + // here we assume src_port_spec and dst_port_spec are + // both numeric and represent a single port. + + std::string name = "tcp " + src_port_spec + " " + dst_port_spec; + + std::istringstream src_str(src_port_spec); + std::istringstream dst_str(dst_port_spec); + int sport, dport; + + src_str >> sport; + dst_str >> dport; + + return getTCPService(sport,sport, + dport,dport, + established,tcp_flags_mask,tcp_flags_comp); +} + +FWObject* Importer::createUDPService() +{ + // Default implementation + // + // use src_port_spec, dst_port_spec + // + // here we assume src_port_spec and dst_port_spec are + // both numeric and represent a single port. + + std::string name = "udp " + src_port_spec + " " + dst_port_spec; + + std::istringstream src_str(src_port_spec); + std::istringstream dst_str(dst_port_spec); + int sport, dport; + + src_str >> sport; + dst_str >> dport; + + return getUDPService(sport,sport,dport,dport); +} + +FWObject* Importer::createGroupOfInterfaces( + const std::string &ruleset_name, std::list &interfaces) +{ + std::string name = "intf-" + ruleset_name; + // by including ruleset name (==acl name) into the signature we + // force import to create separate interface group for each access list + // even if interface set is the same as for some other access list. + // This decision is rather arbitrary but it feels less confusing + // compared to the case when interface groups cretaed from different + // access lists are merged. If they are merged, the name refers to one + // access list which looks weird in the GUI since rules may have been + // imported from another access list. + std::string sig = ruleset_name + "_"; + std::for_each(interfaces.begin(), interfaces.end(), join(&sig, "_")); + + if (fwbdebug) + qDebug(QString("Interface group with name '%1', sig '%2'").arg(name.c_str()).arg(sig.c_str()).toAscii().constData()); + + if (all_objects.count(sig)!=0) return all_objects[sig]; + + ObjectGroup *og = ObjectGroup::cast(createObject(ObjectGroup::TYPENAME, name)); + for (std::list::iterator j=interfaces.begin(); j!=interfaces.end(); ++j) + { + Interface *intf = all_interfaces[*j]; + og->addRef(intf); + } + all_objects[sig] = og; + return og; +} + +FWObject* Importer::createAddress(const std::string &addr, + const std::string &netmask) +{ + std::string comment = "Imported from " + getFirewallObject()->getName() + + " " + addr + "/" + netmask; + std::string sig = std::string("addr-") + addr + "/" + netmask; + if (all_objects.count(sig)!=0) return all_objects[sig]; + + if ( netmask == "255.255.255.255" ) + { + Address *a; + std::string name = std::string("h-") + addr; + a = Address::cast(createObject(IPv4::TYPENAME, name)); + a->setAddress( addr ); + a->setNetmask( "255.255.255.255" ); + a->setComment(comment); + all_objects[sig] = a; + *logger << "Address object: " << name << "\n"; + return a; + } else + { + Network *net; + std::string name = std::string("net-") + addr + "/" + netmask; + net = Network::cast(createObject(Network::TYPENAME, name)); + try + { + net->setAddress( addr ); + } catch (FWException &ex) + { + markCurrentRuleBad( + std::string("Error converting address '") + addr + "'"); + } + + try + { + net->setNetmask( netmask ); + } catch (FWException &ex) + { + if (netmask.find('.')!=std::string::npos) + { + // netmask has '.' in it but conversion failed. + markCurrentRuleBad( + std::string("Error converting netmask '") + netmask + "'"); + } else + { + // no dot in netmask, perhaps it is specified by its length? + // if netmask is specified by length, need to use special + // constructor for class Netmask to convert + std::istringstream str(netmask); + str.exceptions(std::ios::failbit); + int nm_len; + try + { + str >> nm_len; + net->setNetmask( Netmask(nm_len) ); + } catch (std::exception& e) + { + // could not convert netmask as simple integer + markCurrentRuleBad( + std::string("Error converting netmask '") + netmask + "'"); + } + } + } + + net->setComment(comment); + all_objects[sig] = net; + *logger << "Network object: " << name << "\n"; + return net; + } + return NULL; +} + +FWObject* Importer::createAddressRange(const std::string &addr1, + const std::string &addr2) +{ + std::string comment = "Imported from " + getFirewallObject()->getName() + + " " + addr1 + "-" + addr2; + std::string sig = std::string("ar-") + addr1 + "-" + addr2; + if (all_objects.count(sig)!=0) return all_objects[sig]; + + AddressRange *ar; + std::string name = std::string("range-") + addr1 + "-" + addr2; + ar = AddressRange::cast(createObject(AddressRange::TYPENAME, name)); + + try + { + ar->setRangeStart( IPAddress(addr1) ); + } catch (FWException &ex) + { + markCurrentRuleBad( + std::string("Error converting address '") + addr1 + "'"); + } + + try + { + ar->setRangeEnd( IPAddress(addr2) ); + } catch (FWException &ex) + { + markCurrentRuleBad( + std::string("Error converting address '") + addr2 + "'"); + } + + ar->setComment(comment); + all_objects[sig] = ar; + *logger << "AddressRange object: " << name << "\n"; + return ar; +} + +/** + * set color of the current rule (use red) and add comment + * to indicate that the rule could not be properly parsed + */ +void Importer::markCurrentRuleBad(const std::string &comment) +{ + FWOptions *ropt = current_rule->getOptionsObject(); + assert(ropt!=NULL); + + QString color = getBadRuleColor().c_str(); + + ropt->setStr("color", color.toLatin1().constData()); + + if (!rule_comment.empty()) rule_comment += "\n"; + rule_comment += comment; + //current_rule->setComment(comment); + + *logger << "Parser error: " << comment << "\n"; + + error_counter++; +} + + diff --git a/src/gui/Importer.h b/src/gui/Importer.h new file mode 100644 index 000000000..97946f126 --- /dev/null +++ b/src/gui/Importer.h @@ -0,0 +1,294 @@ +/* + + Firewall Builder + + Copyright (C) 2007 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: Importer.h,v 1.14 2007/08/06 07:07:22 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef _FWB_POLICY_IMPORTER_H_ +#define _FWB_POLICY_IMPORTER_H_ + +#include +#include +#include +#include +#include + +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/Rule.h" +#include "fwbuilder/RuleSet.h" +#include "fwbuilder/Logger.h" + +class Importer; + +/* + * Used for platforms where interface and direction are set for the + * whole ruleset (like in router access lists), as opposed to + * platforms where interface and direction are set on a per-rule basis + * (iptables) + */ + + +class UnidirectionalRuleSet { + +public: + UnidirectionalRuleSet() {} + libfwbuilder::RuleSet* ruleset; + std::string name; + // interface names and directions + std::map intf_dir; +}; + +class ImporterException : public std::exception +{ + std::string err; +public: + ImporterException(const std::string &e) { err = e; } + virtual ~ImporterException() throw() {} + std::string toString() { return err; } +}; + +class Importer { + + // firewall object + // one instance of Importer creates only one firewall object. + // + // Do not access this member directly, always use getFirewallObject() + // This ensures the object is created only when it is needed + // so that if we get ane xception in parser early, we do not + // create unnecessary object + + libfwbuilder::Firewall *fw; + +protected: + + int error_counter; + + libfwbuilder::FWObject *library; + libfwbuilder::Logger *logger; + + std::istringstream &input; + + std::string platform; + + libfwbuilder::Interface* current_interface; + + // map : ruleset name : ruleset + // in case of IOS ACls or PIX policy ruleset name == acl name + // all other platforms have single ruleset for policy + // and another for NAT + std::map all_rulesets; + + // map : interface name : interface + std::map all_interfaces; + + // map : object signature : object + // use this to quickly find objects to avoid creating duplicates + std::map all_objects; + + UnidirectionalRuleSet* current_ruleset; + + libfwbuilder::Rule* current_rule; + + libfwbuilder::FWObject* createObject(const std::string &objType, + const std::string &objName); + libfwbuilder::FWObject* createObject(libfwbuilder::FWObject *parent, + const std::string &objType, + const std::string &objName); + std::string getBadRuleColor(); + + // this method returns fw. It is created if fw==NULL + // Using getFirewallObject() instead of accessing fw directly + // provides a way to create firewall object only when + // it is really needed. + libfwbuilder::Firewall* getFirewallObject(); + + + // need to be able to tell if firewall object has really + // been created during import. If the file is empty or in case of + // a parser error firewall object may not have been created. + // However in other cases there could have been an error after + // the object was created. This method allows us to tell one + // situation from another. + bool haveFirewallObject() { return (fw!=NULL); } + + // checks if ruleset "rsname" exists. Returns pointer if yes, + // otherwise returns NULL + UnidirectionalRuleSet* checkUnidirRuleSet(const std::string &rsname); + + // finds and rturns pointer to ruleset "rsname". If it does not + // exists, it is created + UnidirectionalRuleSet* getUnidirRuleSet(const std::string &rsname); + + virtual libfwbuilder::FWObject* getIPService(int proto); + virtual libfwbuilder::FWObject* getICMPService(int type, int code); + + virtual libfwbuilder::FWObject* getTCPService(int srs, int sre, + int drs, int dre, + bool established, + std::list &flags_mask, + std::list &flags_comp); + + virtual libfwbuilder::FWObject* getUDPService(int srs, int sre, + int drs, int dre); + + virtual libfwbuilder::FWObject* getTagService(const std::string &tagcode); + + + virtual libfwbuilder::FWObject* createAddress(const std::string &a, + const std::string &nm); + virtual libfwbuilder::FWObject* createAddressRange(const std::string &a1, + const std::string &a2); + virtual libfwbuilder::FWObject* createIPService(); + virtual libfwbuilder::FWObject* createICMPService(); + virtual libfwbuilder::FWObject* createTCPService(); + virtual libfwbuilder::FWObject* createUDPService(); + + // create libfwbuilder::ObjectGroup and place all interfaces in it + // argument represents a list of interface names + virtual libfwbuilder::FWObject* createGroupOfInterfaces( + const std::string &ruleset_name, std::list &interfaces); + + virtual libfwbuilder::FWObject* makeSrcObj(); + virtual libfwbuilder::FWObject* makeDstObj(); + virtual libfwbuilder::FWObject* makeSrvObj(); + + // importer may need to create multiple objects for + // either rule element for some platforms. It is more convenient to + // make these special virtual methods rather than use createAddress + // and createService every time. + virtual void addSrc(); + virtual void addDst(); + virtual void addSrv(); + + virtual void addOSrc(); + virtual void addODst(); + virtual void addOSrv(); + +public: + + // temporary variables used by parser to store values + // Importer converts these into a proper rule using method + // pushRule() + // Method clear() resets all these variables to their defaults. + // + // TODO: need to add more variables to cover everything needed + // for NAT rules + + std::string action; + std::string protocol; + std::string rule_comment; + + std::string src_a; + std::string src_nm; + std::string src_port_op; + std::string src_port_spec; + + std::string dst_a; + std::string dst_nm; + std::string dst_port_op; + std::string dst_port_spec; + + std::string tmp_a; + std::string tmp_nm; + std::string tmp_port_op; + std::string tmp_port_spec; + + int tmp_tcp_flag_code; + std::list tmp_tcp_flags_list; + std::list tcp_flags_mask; + std::list tcp_flags_comp; + std::map tcp_flag_names; + + bool logging; + bool established; + bool fragments; + + std::string icmp_spec; + std::string icmp_code; + std::string icmp_type; + + std::string time_range_name; + + void SaveTmpAddrToSrc(); + void SaveTmpAddrToDst(); + + void SaveTmpPortToSrc(); + void SaveTmpPortToDst(); + + virtual void clear(); + + Importer(libfwbuilder::FWObject *lib, + const std::string &platform, + std::istringstream &input, + libfwbuilder::Logger *log); + virtual ~Importer(); + + virtual void run(); + + int errorCounter() { return error_counter; } + + virtual void setHostName(const std::string &hn); + virtual void newInterface(const std::string &interface_name); + virtual void clearCurrentInterface() { current_interface = NULL; } + virtual void addInterfaceAddress(const std::string &a, + const std::string &nm); + virtual void addInterfaceComment(const std::string &descr); + virtual void addRuleComment(const std::string &comm); + + /** + * create new unidirectional ruleset. Unidirectional ruleset + * has interface association and direction that apply to all rules + * in the set. + */ + virtual void newUnidirRuleSet(const std::string &name); + + /** + * add interface and direction setting to a ruleset. Note that the + * same ruleset may be associated with multiple interfaces and + * each association may have its own direction. + */ + virtual void setInterfaceAndDirectionForRuleSet( + const std::string &ruleset_name, + const std::string &interface_name, + const std::string &dir); + + virtual void newPolicyRule(); + virtual void newNATRule(); + virtual void pushRule(); + + void markCurrentRuleBad(const std::string &comment); + + + // this method actually adds interfaces to the firewall object + // and does final clean up. + virtual libfwbuilder::Firewall* finalize(); + + // statistics + int getNumberOfRuleSets(); + int getTotalNumberOfRules(); + int getNumberOfInterfaces(); + +}; + +#endif diff --git a/src/gui/InstallFirewallViewItem.cpp b/src/gui/InstallFirewallViewItem.cpp new file mode 100644 index 000000000..52a4a9233 --- /dev/null +++ b/src/gui/InstallFirewallViewItem.cpp @@ -0,0 +1,64 @@ + +#include "global.h" + +#include "InstallFirewallViewItem.h" + +#include "fwbuilder/Firewall.h" + +#include + +using namespace std; +using namespace libfwbuilder; + +InstallFirewallViewItem::InstallFirewallViewItem(QTreeWidget* parent, + const QString & st, bool slt ): + QTreeWidgetItem(parent,QStringList(st)) +{ + showLastTimes=slt; +} + +QVariant InstallFirewallViewItem::data (int column, int role) const +{ + /*int statCol=(showLastTimes)?4:1; + + if (role == Qt::FontRole) + { + QFont usual = QTreeWidgetItem::data(column, role).value(); + + if (text(statCol).contains("...")) + { + usual.setBold (true); + return QVariant(usual); + } else if (text(statCol)==QObject::tr("Failure")) + return QVariant(usual); + + if (column==statCol) + { + usual.setBold (true); + return QVariant(usual); + } + } + + if (role == Qt::ForegroundRole) + { + QBrush usual = QTreeWidgetItem::data(column, role).value(); + + if (text(statCol)==QObject::tr("Failure")) + { + usual.setColor(Qt::red); + return QVariant(usual); + } + + if ((column==statCol) && (text(statCol)==QObject::tr("Success"))) + { + usual.setColor(Qt::green); + return QVariant(usual); + } + }*/ + + return QTreeWidgetItem::data(column, role); +} + + + + diff --git a/src/gui/InstallFirewallViewItem.h b/src/gui/InstallFirewallViewItem.h new file mode 100644 index 000000000..493fbc3ed --- /dev/null +++ b/src/gui/InstallFirewallViewItem.h @@ -0,0 +1,50 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Illiya Yalovoy + + $Id: InstallFirewallViewItem.h,v 1.1 2006/04/08 06:28:14 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + + +#ifndef INSTALLFIREWALLVIEWITEM_H +#define INSTALLFIREWALLVIEWITEM_H + +#include + +#include +#include + +namespace libfwbuilder { + class FWObject; +} + +class InstallFirewallViewItem : public QTreeWidgetItem +{ +public: + InstallFirewallViewItem(QTreeWidget * parent, const QString & text, bool slt ); + + bool showLastTimes; + QVariant data (int column, int role) const; +}; + + +#endif diff --git a/src/gui/InterfaceData.cpp b/src/gui/InterfaceData.cpp new file mode 100644 index 000000000..be88cfa94 --- /dev/null +++ b/src/gui/InterfaceData.cpp @@ -0,0 +1,183 @@ +/* + + Firewall Builder + + Copyright (C) 2001 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: InterfaceData.cpp,v 1.2 2006/03/06 03:02:57 vkurland Exp $ + + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#include "InterfaceData.h" + +#include "fwbuilder/Resources.h" +#include "fwbuilder/IPAddress.h" + +using namespace libfwbuilder; +using namespace std; + +void InterfaceData::guessLabel(const string &platform) +{ +/* + * some firewalls report fairly regular names for interfaces through + * their built-in SNMP agent. We can use this to assign labels + * automatically. + * + * in PIX interfaces have names like "PIX Firewall 'inside' interface" + * + */ + string pat1="PIX Firewall '"; + string pat2="' interface"; + string::size_type p2; + if ( name.find(pat1)==0 && (p2=name.find(pat2))!=string::npos ) + label=name.substr( pat1.size() , p2-pat1.size() ); + + if (!isDyn && + !isUnnumbered && + !isBridgePort && + address=="127.0.0.1") label="loopback"; +} + + + +void InterfaceData::guessSecurityLevel(const string &platform) +{ + IPNetwork n10(IPAddress("10.0.0.0"),Netmask("255.0.0.0")); + IPNetwork n172(IPAddress("172.16.0.0"),Netmask("255.240.0.0")); + IPNetwork n192(IPAddress("192.168.0.0"),Netmask("255.255.0.0")); + + securityLevel=-1; + + string llbl=label; + + for (string::size_type i=0; i &ifaces) +{ +// first pass - try to find internal and external interfaces and +// assign sec. levels and labels + +// bool supports_security_levels=Resources::getTargetCapabilityBool(platform, +// "security_levels"); + + list res; + + if (ifaces.size()==1) + { + ifaces.front().guessSecurityLevel(platform); + return; + } + + if (ifaces.size()==2) + { + if (ifaces.front().address=="127.0.0.1") + { + ifaces.front().securityLevel=100; + ifaces.back().securityLevel=0; + } else + { + if (ifaces.back().address=="127.0.0.1") + { + ifaces.front().securityLevel=0; + ifaces.back().securityLevel=100; + } else + { + ifaces.front().guessSecurityLevel(platform); + ifaces.back().guessSecurityLevel(platform); + } + } + ifaces.sort(sort_order_func_adaptor()); + return; + } + else + { + for (list::iterator i=ifaces.begin(); i!=ifaces.end(); i++) + { + i->guessSecurityLevel(platform); + } + } + + ifaces.sort(sort_order_func_adaptor()); + +// second pass - Assign sec. levels evenly if it is pix, or all zeros in all other cases. + + int sec_level_step= 100 / ( ifaces.size() - 1 ); + int sec_level = 0; + + for (list::iterator i=ifaces.begin(); i!=ifaces.end(); i++) + { + i->securityLevel=sec_level; + sec_level += sec_level_step; + } +} + + diff --git a/src/gui/InterfaceData.h b/src/gui/InterfaceData.h new file mode 100644 index 000000000..4533502d7 --- /dev/null +++ b/src/gui/InterfaceData.h @@ -0,0 +1,101 @@ +/* + + Firewall Builder + + Copyright (C) 2001 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: InterfaceData.h,v 1.2 2006/03/06 03:02:57 vkurland Exp $ + + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + + +#ifndef __INTERFACE_DATA_HH_ +#define __INTERFACE_DATA_HH_ + + +#include "fwbuilder/Interface.h" +#include "fwbuilder/physAddress.h" + +struct InterfaceData +{ + std::string id; + std::string name; + std::string address; + std::string netmask; + int securityLevel; + bool isDyn; + bool isUnnumbered; + bool isBridgePort; + std::string physicalAddress; + std::string label; + std::string networkZone; + + InterfaceData() + { + isDyn = false; + isUnnumbered = false; + isBridgePort = false; + securityLevel = 0; + } + + InterfaceData(const libfwbuilder::Interface &iface) + { + id = iface.getId(); + name = iface.getName(); + address = iface.getAddress().toString(); + netmask = iface.getNetmask().toString(); + securityLevel = iface.getSecurityLevel(); + isDyn = iface.isDyn(); + isUnnumbered = iface.isUnnumbered(); + isBridgePort = iface.isBridgePort(); + libfwbuilder::physAddress *pa = iface.getPhysicalAddress(); + if (pa!=NULL) + physicalAddress = pa->getPhysAddress(); + label = iface.getLabel(); + networkZone = iface.getStr("network_zone"); + } + +/** + * this method is a collection of heuristics that allow us to assign + * a reasonable label to the interface based on firewall platform, + * name of the interface, its label and other parameters. + */ + void guessLabel(const std::string &platform); + +/** + * this method is a collection of heuristics that allow us to make an + * educated guess about interface's security level based on the + * firewall platform, name of the interface, its label and other + * parameters. + */ + void guessSecurityLevel(const std::string &platform); + +/** + * This method is a collection of heuristics that allow us to assign + * a reasonable security level to many interfaces based on firewall + * platform, their names and labels and other parameters. This method + * compares parameters of many interfaces and in certain cases can + * guess their relative security levels. + */ + static void guessSecurityLevel(const std::string &platform, + std::list &interfaces); + +}; +#endif diff --git a/src/gui/InterfaceDialog.cpp b/src/gui/InterfaceDialog.cpp new file mode 100644 index 000000000..554fcbb12 --- /dev/null +++ b/src/gui/InterfaceDialog.cpp @@ -0,0 +1,380 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: InterfaceDialog.cpp,v 1.30 2007/05/10 01:35:52 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "InterfaceDialog.h" +#include "ObjectManipulator.h" +#include "FWWindow.h" + +#include "fwbuilder/Library.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/Management.h" +#include "fwbuilder/FWException.h" +#include "fwbuilder/Host.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/ObjectGroup.h" +#include "fwbuilder/Resources.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +using namespace std; +using namespace libfwbuilder; + +InterfaceDialog::InterfaceDialog(QWidget *parent) : + QWidget(parent) +{ + m_dialog = new Ui::InterfaceDialog_q; + m_dialog->setupUi(this); +/* + seclevel->hide(); seclevelLabel->hide(); + netzone->hide(); netzoneLabel->hide(); +*/ + obj=NULL; +} + +InterfaceDialog::~InterfaceDialog() +{ + delete m_dialog; +} + +void InterfaceDialog::loadFWObject(FWObject *o) +{ + obj=o; + Interface *s = dynamic_cast(obj); + assert(s!=NULL); + + init=true; + + fillLibraries(m_dialog->libs,obj); + + m_dialog->obj_name->setText( QString::fromUtf8(s->getName().c_str()) ); + m_dialog->label->setText( QString::fromUtf8(s->getLabel().c_str()) ); + + m_dialog->regular->setChecked( ! s->isDyn() && + ! s->isUnnumbered() && + ! s->isBridgePort() ); + m_dialog->dynamic->setChecked( s->isDyn() ); + m_dialog->unnumbered->setChecked( s->isUnnumbered() ); + m_dialog->bridgeport->setChecked( s->isBridgePort() ); + + m_dialog->management->setChecked( s->isManagement() ); + + m_dialog->comment->setText( QString::fromUtf8(s->getComment().c_str()) ); + +/* interface should always belong to the host or firewall so we can't + * move them from library to library */ + m_dialog->libs->setEnabled( false ); + + FWObject *f=obj->getParent(); + +/* if parent is a host, hide checkbox 'external', security level and netzone */ + if (Host::isA( f )) + { + m_dialog->ext->setEnabled( false ); + m_dialog->ext->hide(); + m_dialog->seclevel->hide(); + m_dialog->seclevelLabel->hide(); + m_dialog->netzone->hide(); + m_dialog->netzoneLabel->hide(); + } + + bool supports_security_levels = false; + bool supports_network_zones = false; + bool supports_unprotected = false; + + try { + supports_security_levels = + Resources::getTargetCapabilityBool(f->getStr("platform"), "security_levels"); + supports_network_zones = + Resources::getTargetCapabilityBool(f->getStr("platform"), "network_zones"); + supports_unprotected = + Resources::getTargetCapabilityBool(f->getStr("platform"), "unprotected_interfaces"); + } catch (FWException &ex) { } + +/* if parent is a firewall, it is more complex ... */ + if (Firewall::isA( f )) + { + if (supports_security_levels) + { + m_dialog->seclevel->show(); + m_dialog->seclevelLabel->show(); + m_dialog->ext->hide(); + m_dialog->seclevel->setValue( obj->getInt("security_level") ); + } else + { + m_dialog->seclevel->hide(); + m_dialog->seclevelLabel->hide(); + m_dialog->ext->show(); + m_dialog->ext->setChecked( obj->getInt("security_level")==0 ); + } + + if (supports_unprotected) + { + m_dialog->unprotected->show(); + m_dialog->unprotected->setChecked( obj->getBool("unprotected") ); + } else + { + m_dialog->unprotected->hide(); + } + + if (supports_network_zones) + { + m_dialog->netzone->show(); + m_dialog->netzoneLabel->show(); + + netzoneObjectIDs.clear(); + netzoneObjectNos.clear(); + + QStringList netzoneObjectNames; + + int n=0; + + netzoneObjectIDs["sysid0"]=n; + netzoneObjectNos[n]="sysid0"; + netzoneObjectNames.push_back(" Any "); + + ++n; + +/* TODO: try to make this widget show object with appropriate icon */ + + list libs=mw->db()->getByType( Library::TYPENAME ); + for (list::iterator l=libs.begin(); l!=libs.end(); ++l) + { + FWObject *library= *l; + FWObject *o1,*o2; + + if ( library->getId()==DELETED_LIB ) continue; + + o1=library->findObjectByName(ObjectGroup::TYPENAME,"Objects"); + assert(o1!=NULL); + o2=o1->findObjectByName(ObjectGroup::TYPENAME,"Groups"); + if (o2==NULL) + { + if (fwbdebug) + qDebug("InterfaceDialog::loadFWObject missing Groups group in %s",o1->getId().c_str()); + continue; + } +// assert(o2!=NULL); + + for (FWObject::iterator i=o2->begin(); i!=o2->end(); ++i) + { + netzoneObjectIDs[ (*i)->getId().c_str() ]=n; + netzoneObjectNos[n]= (*i)->getId().c_str(); + netzoneObjectNames.push_back( + tr("Group: ")+ (*i)->getName().c_str() ); + ++n; + } + + o2=o1->findObjectByName(ObjectGroup::TYPENAME,"Networks"); + if (o2==NULL) + { + if (fwbdebug) + qDebug("InterfaceDialog::loadFWObject missing Networks group in %s",o1->getId().c_str()); + continue; + } +// assert(o2!=NULL); + + for (FWObject::iterator i1=o2->begin(); i1!=o2->end(); ++i1) + { + netzoneObjectIDs[ (*i1)->getId().c_str() ]=n; + netzoneObjectNos[n]= (*i1)->getId().c_str(); + netzoneObjectNames.push_back( + tr("Network: ")+ (*i1)->getName().c_str() ); + ++n; + } + } + + m_dialog->netzone->clear(); + m_dialog->netzone->addItems( netzoneObjectNames ); + + QString id=obj->getStr("network_zone").c_str(); + if (id=="") id="sysid0"; // any network + m_dialog->netzone->setCurrentIndex( netzoneObjectIDs[id] ); + } + else + { + m_dialog->netzone->hide(); + m_dialog->netzoneLabel->hide(); + } + } + + //apply->setEnabled( false ); + + m_dialog->obj_name->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->obj_name); + + m_dialog->libs->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->libs); + + m_dialog->comment->setReadOnly(o->isReadOnly()); + setDisabledPalette(m_dialog->comment); + + m_dialog->label->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->label); + + m_dialog->regular->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->regular); + + m_dialog->dynamic->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->dynamic); + + m_dialog->unnumbered->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->unnumbered); + + m_dialog->bridgeport->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->bridgeport); + + m_dialog->management->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->management); + + m_dialog->unprotected->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->unprotected); + + m_dialog->ext->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->ext); + + m_dialog->seclevel->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->seclevel); + + m_dialog->netzone->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->netzone); + + + init=false; +} + +void InterfaceDialog::changed() +{ + if (fwbdebug) + qDebug("InterfaceDialog::changed()"); + + //apply->setEnabled( true ); + emit changed_sign(); +} + +void InterfaceDialog::validate(bool *res) +{ + *res=true; + if (!isTreeReadWrite(this,obj)) *res=false; + if (!validateName(this,obj,m_dialog->obj_name->text())) *res=false; +} + +void InterfaceDialog::isChanged(bool *res) +{ + //*res=(!init && apply->isEnabled()); +} + +void InterfaceDialog::libChanged() +{ + changed(); +} + +void InterfaceDialog::applyChanges() +{ + Interface *s = dynamic_cast(obj); + assert(s!=NULL); + + string oldname=obj->getName(); + string oldlabel=s->getLabel(); + obj->setName( string(m_dialog->obj_name->text().toUtf8().constData()) ); + obj->setComment( string(m_dialog->comment->toPlainText().toUtf8().constData()) ); + + s->setLabel( string(m_dialog->label->text().toUtf8().constData()) ); + s->setDyn( m_dialog->dynamic->isChecked() ); + s->setUnnumbered( m_dialog->unnumbered->isChecked() ); + s->setBridgePort( m_dialog->bridgeport->isChecked() ); + + FWObject *f = obj->getParent(); + bool supports_security_levels = false; + bool supports_network_zones = false; + bool supports_unprotected = false; + + try { + supports_security_levels= + Resources::getTargetCapabilityBool(f->getStr("platform"), "security_levels"); + supports_network_zones= + Resources::getTargetCapabilityBool(f->getStr("platform"), "network_zones"); + supports_unprotected = + Resources::getTargetCapabilityBool(f->getStr("platform"), "unprotected_interfaces"); + } catch (FWException &ex) { } + + + if (Firewall::isA( f )) + { + if (supports_security_levels) + obj->setInt("security_level", m_dialog->seclevel->value() ); + else + obj->setInt("security_level", (m_dialog->ext->isChecked()) ? 0 : 100 ); + + if (supports_unprotected) + obj->setBool("unprotected", m_dialog->unprotected->isChecked() ); + + if (supports_network_zones) + obj->setStr("network_zone", + netzoneObjectNos[ m_dialog->netzone->currentIndex() ].toLatin1().constData() ); + + s->setManagement( m_dialog->management->isChecked() ); + + } + + om->updateObjName(obj, + QString::fromUtf8(oldname.c_str()), + QString::fromUtf8(oldlabel.c_str())); + + //apply->setEnabled( false ); + om->updateLastModifiedTimestampForAllFirewalls(obj); +} + +void InterfaceDialog::discardChanges() +{ + loadFWObject(obj); +} + + +/* ObjectEditor class connects its slot to this signal and does all + * the verification for us, then accepts (or not) the event. So we do + * nothing here and defer all the processing to ObjectEditor + */ +void InterfaceDialog::closeEvent(QCloseEvent *e) +{ + if (fwbdebug) + qDebug("InterfaceDialog::coseEvent got close event: %p",e); + emit close_sign(e); +} + diff --git a/src/gui/InterfaceDialog.h b/src/gui/InterfaceDialog.h new file mode 100644 index 000000000..d673f5a4d --- /dev/null +++ b/src/gui/InterfaceDialog.h @@ -0,0 +1,76 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: InterfaceDialog.h,v 1.10 2006/05/13 06:53:05 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __INTERFACEDIALOG_H_ +#define __INTERFACEDIALOG_H_ + +#include "config.h" +#include +#include + +#include "fwbuilder/FWObject.h" + +#include +#include + +class InterfaceDialog : public QWidget +{ + Q_OBJECT + + libfwbuilder::FWObject *obj; + bool init; + QMap netzoneObjectIDs; + QMap netzoneObjectNos; + + Ui::InterfaceDialog_q *m_dialog; + + public: + InterfaceDialog(QWidget *parent); + ~InterfaceDialog(); + + virtual void closeEvent(QCloseEvent *e); + +public slots: + virtual void changed(); + virtual void libChanged(); + virtual void applyChanges(); + virtual void discardChanges(); + virtual void loadFWObject(libfwbuilder::FWObject *obj); + virtual void validate(bool*); + virtual void isChanged(bool*); + + signals: +/** + * This signal is emitted from closeEvent, ObjectEditor connects + * to this signal to make checks before the object editor can be closed + * and to store its position on the screen + */ + void close_sign(QCloseEvent *e); + void changed_sign(); + +}; + +#endif // INTERFACEDIALOG_H diff --git a/src/gui/LibExportDialog.cpp b/src/gui/LibExportDialog.cpp new file mode 100644 index 000000000..6f8aeff31 --- /dev/null +++ b/src/gui/LibExportDialog.cpp @@ -0,0 +1,123 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: LibExportDialog.cpp,v 1.18 2006/10/22 04:39:36 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "FWWindow.h" +#include "LibExportDialog.h" +#include "FWBSettings.h" +#include "longTextDialog.h" + +#include "fwbuilder/FWObject.h" +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/Library.h" +#include "fwbuilder/Resources.h" +#include "fwbuilder/Rule.h" +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/RuleSet.h" +#include "fwbuilder/Policy.h" +#include "fwbuilder/InterfacePolicy.h" +#include "fwbuilder/NAT.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Interface.h" + +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +#ifndef _WIN32 +# include // for access(2) +#endif + +#include +#include + +using namespace std; +using namespace libfwbuilder; + +LibExportDialog::~LibExportDialog() +{ + delete m_dialog; +} + +LibExportDialog::LibExportDialog( QWidget* parent, const char* name, bool modal ) + : QDialog(parent) +{ + setWindowTitle(name); + m_dialog = new Ui::LibExport_q; + m_dialog->setupUi(this); + + init(); +} + +void LibExportDialog::init() +{ +// resize( QSize(500, 450) ); + m_dialog->exportRO->setChecked(true); + + m_dialog->libs->clear(); + list ll = mw->db()->getRoot()->getByType( Library::TYPENAME ); + int n=0; + string libicn; + + for (FWObject::iterator i=ll.begin(); i!=ll.end(); i++,n++) + { + /*if (libicn.empty()) + libicn=Resources::global_res->getObjResourceStr(*i,"icon-tree").c_str();*/ + + mapOfLibs[n]= (*i); + + QPixmap pm; + QString icn = (":/Icons/" + (*i)->getTypeName() + "/icon-tree").c_str(); + //QString icn = libicn.c_str(); + if ( ! QPixmapCache::find( icn, pm) ) + { + pm.load( icn ); + QPixmapCache::insert( icn, pm); + } + + QListWidgetItem *item = new QListWidgetItem(QString::fromUtf8((*i)->getName().c_str())); + item->setIcon(QIcon(pm)); + /*m_dialog->libs->addItem(QIcon(pm), + QString::fromUtf8((*i)->getName().c_str()), + n);*/ + m_dialog->libs->addItem(item); + } + +} + + + + diff --git a/src/gui/LibExportDialog.h b/src/gui/LibExportDialog.h new file mode 100644 index 000000000..f92f04f7a --- /dev/null +++ b/src/gui/LibExportDialog.h @@ -0,0 +1,63 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: LibExportDialog.h,v 1.5 2006/07/13 04:59:22 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __LIBEXPORTDIALOG_H_ +#define __LIBEXPORTDIALOG_H_ + +#include + +#include + + + +#include +#include + +class RCSFilePreview; + +namespace libfwbuilder { + class FWObject; + class FWReference; +}; + +class LibExportDialog : public QDialog{ + + Q_OBJECT + + void init(); + + + public: + std::map mapOfLibs; + LibExportDialog(QWidget* parent=0, const char* name=0, bool modal = FALSE ); + ~LibExportDialog(); + + Ui::LibExport_q *m_dialog; + protected slots: + +}; + +#endif diff --git a/src/gui/LibraryDialog.cpp b/src/gui/LibraryDialog.cpp new file mode 100644 index 000000000..54dfa6074 --- /dev/null +++ b/src/gui/LibraryDialog.cpp @@ -0,0 +1,183 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: LibraryDialog.cpp,v 1.30 2007/04/14 00:18:43 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "FWBTree.h" +#include "LibraryDialog.h" +#include "ObjectManipulator.h" + +#include "fwbuilder/Library.h" + +#include +#include +#include +#include +#include +#include +#include +#include + +using namespace std; +using namespace libfwbuilder; + +LibraryDialog::LibraryDialog(QWidget *parent) : QWidget(parent) +{ + m_dialog = new Ui::LibraryDialog_q; + m_dialog->setupUi(this); + + obj=NULL; + + Qt::WindowFlags flags = windowFlags(); + flags &= ~Qt::WindowMaximizeButtonHint; + flags &= ~Qt::WindowMinimizeButtonHint; + setWindowFlags(flags); +} + +LibraryDialog::~LibraryDialog() +{ + delete m_dialog; +} + +void LibraryDialog::loadFWObject(FWObject *o) +{ + obj=o; + Library *s = dynamic_cast(obj); + assert(s!=NULL); + + init=true; + m_dialog->obj_name->setText( QString::fromUtf8(s->getName().c_str()) ); + m_dialog->comment->setText( QString::fromUtf8(s->getComment().c_str()) ); + + m_dialog->obj_name->setEnabled( obj->getId() != "syslib000" ); +// apply->setEnabled( obj->getId() != "syslib000" ); +// comment->setEnabled( !FWBTree::isSystem(obj) ); + + color=obj->getStr("color").c_str(); + if (color=="") color="#FFFFFF"; // white is the default + + fillColor(); + + //apply->setEnabled( false ); + + m_dialog->obj_name->setEnabled(!o->isReadOnly()); + + m_dialog->colorButton->setEnabled(!o->isReadOnly()); + + m_dialog->comment->setReadOnly(o->isReadOnly()); + + init=false; +} + +void LibraryDialog::changed() +{ + //apply->setEnabled( true ); + emit changed_sign(); +} + +void LibraryDialog::changeIds(FWObject *root) +{ + if (FWBTree::isStandardId(root)) + root->setId(FWObjectDatabase::generateUniqueId()); + + for (FWObject::iterator i=root->begin(); i!=root->end(); i++) + changeIds( *i ); +} + +void LibraryDialog::applyChanges() +{ + string oldname=obj->getName(); + QString oldcolor=obj->getStr("color").c_str(); + obj->setName( string(m_dialog->obj_name->text().toUtf8().constData()) ); + obj->setComment( string(m_dialog->comment->toPlainText().toUtf8().constData()) ); + obj->setStr("color", color.toLatin1().constData()); + +/* just for fool-proof'ness, do not allow changing name of the 'Standard' lib */ + if (oldname!=obj->getName() && obj->getId()=="syslib000") + { + obj->setName( oldname ); + } + + om->updateObjName(obj,QString::fromUtf8(oldname.c_str())); + om->updateLibName(obj); + if (color!=oldcolor) om->updateLibColor(obj); + + //apply->setEnabled( false ); +} + +void LibraryDialog::discardChanges() +{ + loadFWObject(obj); +} + +void LibraryDialog::validate(bool *res) +{ + *res=true; + if (!isTreeReadWrite(this,obj)) { *res=false; return; } + if (!validateName(this,obj,m_dialog->obj_name->text())) { *res=false; return; } +} + +void LibraryDialog::isChanged(bool *res) +{ + //*res=(!init && apply->isEnabled()); +} + +void LibraryDialog::changeColor() +{ + if (!isTreeReadWrite(this,obj)) return; + + QColor clr = QColorDialog::getColor( + QColor(color), this ); + if (!clr.isValid()) return; + + color = clr.name(); + fillColor(); + + changed(); +} + +void LibraryDialog::fillColor() +{ + QPixmap pm(40,14); + pm.fill( QColor(color) ); + QPainter p( &pm ); + p.drawRect( pm.rect() ); + m_dialog->colorButton->setIcon(QIcon(pm)); +} + + +/* ObjectEditor class connects its slot to this signal and does all + * the verification for us, then accepts (or not) the event. So we do + * nothing here and defer all the processing to ObjectEditor + */ +void LibraryDialog::closeEvent(QCloseEvent *e) +{ + emit close_sign(e); + +} + diff --git a/src/gui/LibraryDialog.h b/src/gui/LibraryDialog.h new file mode 100644 index 000000000..94e13a3f9 --- /dev/null +++ b/src/gui/LibraryDialog.h @@ -0,0 +1,75 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: LibraryDialog.h,v 1.10 2006/05/13 06:53:05 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __LIBRARYDIALOG_H_ +#define __LIBRARYDIALOG_H_ + +#include "config.h" +#include +#include + +#include "fwbuilder/FWObject.h" + + +class LibraryDialog : public QWidget +{ + Q_OBJECT + + libfwbuilder::FWObject *obj; + bool init; + QString color; + + void fillColor(); + void changeIds(libfwbuilder::FWObject *root); + + public: + Ui::LibraryDialog_q *m_dialog; + + LibraryDialog(QWidget *parent); + ~LibraryDialog(); + +public slots: + virtual void changed(); + virtual void applyChanges(); + virtual void discardChanges(); + virtual void loadFWObject(libfwbuilder::FWObject *obj); + virtual void validate(bool*); + virtual void isChanged(bool*); + virtual void changeColor(); + virtual void closeEvent(QCloseEvent *e); + + signals: +/** + * This signal is emitted from closeEvent, ObjectEditor connects + * to this signal to make checks before the object editor can be closed + * and to store its position on the screen + */ + void close_sign(QCloseEvent *e); + void changed_sign(); + +}; + +#endif // LIBRARYDIALOG_H diff --git a/src/gui/MainRes.qrc b/src/gui/MainRes.qrc new file mode 100644 index 000000000..5d04da60f --- /dev/null +++ b/src/gui/MainRes.qrc @@ -0,0 +1,168 @@ + + + Icons/accept_25.png + Icons/accounting_25.png + Icons/address-neg_25.png + Icons/address-ref_25.png + Icons/address_16.png + Icons/address_25.png + Icons/addresstable-neg_25.png + Icons/addresstable-ref_25.png + Icons/addresstable_16.png + Icons/addresstable_25.png + Icons/apply.png + Icons/back_25.png + Icons/back_32.png + Icons/big-down-arrow.png + Icons/big-left-arrow.png + Icons/big-right-arrow.png + Icons/big-up-arrow.png + Icons/binoculars64.png + Icons/blank.png + Icons/blank_2x16.png + Icons/books1.png + Icons/both.png + Icons/branch_25.png + Icons/cancel.png + Icons/cert_druid_logo.png + Icons/check.png + Icons/classify_25.png + Icons/clock-group-neg_25.png + Icons/clock-group-ref_25.png + Icons/clock-group_16.png + Icons/clock-group_25.png + Icons/clock-neg_25.png + Icons/clock-ref_25.png + Icons/clock_16.png + Icons/clock_25.png + Icons/close.png + Icons/compile_25.png + Icons/continue_25.png + Icons/custom_25.png + Icons/deny_25.png + Icons/domainname-neg_25.png + Icons/domainname-ref_25.png + Icons/domainname_16.png + Icons/domainname_25.png + Icons/down-arrow.png + Icons/drag_object.png + Icons/error.png + Icons/firewall-neg_25.png + Icons/firewall-ref_25.png + Icons/firewall_16.png + Icons/firewall_25.png + Icons/firewall_64.png + Icons/firewall_64.xpm + Icons/floppy.png + Icons/folder1.png + Icons/generic.png + Icons/host-neg_25.png + Icons/host-ref_25.png + Icons/host_16.png + Icons/host_25.png + Icons/host_64.png + Icons/host_64.xpm + Icons/inbound.png + Icons/info_25.png + Icons/install_25.png + Icons/interface-neg_25.png + Icons/interface-ref_25.png + Icons/interface_16.png + Icons/interface_25.png + Icons/key.png + Icons/left-arrow.png + Icons/library_16.png + Icons/library_25.png + Icons/lock.png + Icons/log.png + Icons/log_25.png + Icons/neg.png + Icons/network-neg_25.png + Icons/network-ref_25.png + Icons/network_16.png + Icons/network_25.png + Icons/newfile_25.png + Icons/newobject_25.png + Icons/newobject_32.png + Icons/no.png + Icons/object-group-neg_25.png + Icons/object-group-ref_25.png + Icons/object-group_16.png + Icons/object-group_25.png + Icons/ok.png + Icons/openfile_25.png + Icons/options_25.png + Icons/outbound.png + Icons/physaddress-neg_25.png + Icons/physaddress-ref_25.png + Icons/physaddress_16.png + Icons/physaddress_25.png + Icons/pipe_25.png + Icons/protect_host.png + Icons/protect_net.png + Icons/protect_net_and_dmz.png + Icons/question.png + Icons/rangeaddress-neg_25.png + Icons/rangeaddress-ref_25.png + Icons/rangeaddress_16.png + Icons/rangeaddress_25.png + Icons/redo.png + Icons/ref.png + Icons/reject_25.png + Icons/right-arrow.png + Icons/route_25.png + Icons/rules_druid_logo.png + Icons/save_25.png + Icons/search_25.png + Icons/service-custom-neg_25.png + Icons/service-custom-ref_25.png + Icons/service-custom_16.png + Icons/service-custom_25.png + Icons/service-group-neg_25.png + Icons/service-group-ref_25.png + Icons/service-group_16.png + Icons/service-group_25.png + Icons/service-icmp-neg_25.png + Icons/service-icmp-ref_25.png + Icons/service-icmp_16.png + Icons/service-icmp_25.png + Icons/service-ip-neg_25.png + Icons/service-ip-ref_25.png + Icons/service-ip_16.png + Icons/service-ip_25.png + Icons/service-tag-neg_25.png + Icons/service-tag-ref_25.png + Icons/service-tag_16.png + Icons/service-tag_25.png + Icons/service-tcp-neg_25.png + Icons/service-tcp-ref_25.png + Icons/service-tcp_16.png + Icons/service-tcp_25.png + Icons/service-udp-neg_25.png + Icons/service-udp-ref_25.png + Icons/service-udp_16.png + Icons/service-udp_25.png + Icons/stop.png + Icons/tag_25.png + Icons/uncheck.png + Icons/undo.png + Icons/up-arrow.png + Icons/warning.png + Icons/yes.png + + Images/designer_dataview.png + Images/designer_searchfind.png + Images/editcopy + Images/editcut + Images/editpaste + Images/filenew + Images/fileopen + Images/filesave + Images/library.png + Images/print + Images/redo + Images/searchfind + Images/tabwidget.png + Images/undo + + diff --git a/src/gui/MetricEditorPanel.cpp b/src/gui/MetricEditorPanel.cpp new file mode 100644 index 000000000..dfa4bf8fe --- /dev/null +++ b/src/gui/MetricEditorPanel.cpp @@ -0,0 +1,115 @@ +/* + + Firewall Builder Routing add-on + + Copyright (C) 2004 Compal GmbH, Germany + + Author: Tidei Maurizio + + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies + of the Software, and to permit persons to whom the Software is furnished to do + so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in all + copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, + INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A + PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE + OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +*/ + + + +#include "config.h" +#include "global.h" + +#include "MetricEditorPanel.h" +#include "FWBSettings.h" +#include "ObjectManipulator.h" +#include "FWWindow.h" + +#include +#include +#include +#include + +#include + +using namespace std; +using namespace libfwbuilder; + +MetricEditorPanel::~MetricEditorPanel() +{ + delete m_widget; +} + +MetricEditorPanel::MetricEditorPanel(QWidget *p):QWidget(p) +{ + m_widget = new Ui::MetricEditorPanel_q; + m_widget->setupUi(this); + + //spin_box->setMinValue( minValue); + //spin_box->setMaxValue( maxValue); + //spin_box->setValue( value); +} + +int MetricEditorPanel::value() +{ + return m_widget->spin_box->value(); +} +void MetricEditorPanel::changed() +{ + emit changed_sign(); +} +void MetricEditorPanel::applyChanges() +{ + om->updateLastModifiedTimestampForAllFirewalls(rule); + rule->setMetric( value() ); + mw->updateRuleSetView(); +} +void MetricEditorPanel::discardChanges() +{ +} +void MetricEditorPanel::loadFWObject(libfwbuilder::FWObject *obj) +{ + RoutingRule *r=RoutingRule::cast(obj); + if (r==NULL) return; + rule=r; + + FWObject *o = r; + while (o!=NULL && Firewall::cast(o)==NULL) o=o->getParent(); + assert(o!=NULL); + Firewall *f=Firewall::cast(o); + + m_widget->spin_box->setMinimum( 0); + m_widget->spin_box->setMaximum( 255); + m_widget->spin_box->setValue( r->getMetric()); + + setTitle(QString("%1 / %2 / %3 ( Metric )") + .arg(QString::fromUtf8(f->getName().c_str())) + .arg(r->getTypeName().c_str()) + .arg(r->getPosition())); +} +void MetricEditorPanel::setTitle(QString s) +{ + m_widget->editorTitle->setText(s); +} +void MetricEditorPanel::validate(bool* b ) +{ + *b=true; +} +void MetricEditorPanel::isChanged(bool *) +{ +} + +void MetricEditorPanel::closeEvent(QCloseEvent *) +{ +} + diff --git a/src/gui/MetricEditorPanel.h b/src/gui/MetricEditorPanel.h new file mode 100644 index 000000000..911720b40 --- /dev/null +++ b/src/gui/MetricEditorPanel.h @@ -0,0 +1,75 @@ +/* + + Firewall Builder Routing add-on + + Copyright (C) 2004 Compal GmbH, Germany + + Author: Tidei Maurizio + + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies + of the Software, and to permit persons to whom the Software is furnished to do + so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in all + copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, + INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A + PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE + OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +*/ + +#ifndef __METRICEDITORPANEL_H__ +#define __METRICEDITORPANEL_H__ + +#include "config.h" +#include + +#include "fwbuilder/FWObject.h" +#include "fwbuilder/Rule.h" +#include "fwbuilder/Firewall.h" + +class MetricEditorPanel : public QWidget +{ + Q_OBJECT + + libfwbuilder::RoutingRule *rule; + Ui::MetricEditorPanel_q *m_widget; + + public: + + MetricEditorPanel(QWidget* p); + ~MetricEditorPanel(); + + + int value(); + void setTitle(QString s); + +public slots: + + virtual void changed(); + virtual void applyChanges(); + virtual void discardChanges(); + virtual void loadFWObject(libfwbuilder::FWObject *obj); + virtual void validate(bool*); + virtual void isChanged(bool*); + + virtual void closeEvent(QCloseEvent *e); + + signals: +/** + * This signal is emitted from closeEvent, ObjectEditor connects + * to this signal to make checks before the object editor can be closed + * and to store its position on the screen + */ + void close_sign(QCloseEvent *e); + void changed_sign(); +}; + +#endif diff --git a/src/gui/NATRuleOptionsDialog.cpp b/src/gui/NATRuleOptionsDialog.cpp new file mode 100644 index 000000000..a24a9fe92 --- /dev/null +++ b/src/gui/NATRuleOptionsDialog.cpp @@ -0,0 +1,156 @@ +/* + + Firewall Builder + + Copyright (C) 2006 NetCitadel, LLC + + Author: Illiya Yalovoy + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#include "config.h" +#include "global.h" +#include "utils.h" +#include "platforms.h" + +#include "NATRuleOptionsDialog.h" +#include "ObjectManipulator.h" +#include "RuleSetView.h" +#include "FWWindow.h" + +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Rule.h" +#include "fwbuilder/FWOptions.h" +#include "fwbuilder/Resources.h" + +#include +#include +#include +#include + +#include + +using namespace libfwbuilder; +using namespace std; + +NATRuleOptionsDialog::~NATRuleOptionsDialog() +{ + delete m_dialog; +} + +NATRuleOptionsDialog::NATRuleOptionsDialog(QWidget *parent) : QWidget(parent) +{ + m_dialog = new Ui::NATRuleOptionsDialog_q; + m_dialog->setupUi(this); + + init=false; +} + +void NATRuleOptionsDialog::loadFWObject(FWObject *o) +{ + obj=o; + + FWObject *p=obj; + while ( !Firewall::isA(p) ) p=p->getParent(); + platform=p->getStr("platform").c_str(); + + Rule *rule = dynamic_cast(o); + FWOptions *ropt = rule->getOptionsObject(); + + m_dialog->editorTitle->setText(QString("%1 / %2 / %3 ") + .arg(QString::fromUtf8(p->getName().c_str())) + .arg(rule->getTypeName().c_str()) + .arg(rule->getPosition())); + + int wid=0; + if (platform=="iptables") wid=0; + if (platform=="ipf") wid=0; + if (platform=="pf") wid=1; + if (platform=="ipfw") wid=0; + if (platform=="pix" || platform=="fwsm") wid=0; + + m_dialog->widgetStack->setCurrentIndex(wid); + m_dialog->widgetStack->widget(wid)->raise(); + + data.clear(); + + if (platform=="pf") + { + data.registerOption( m_dialog->pf_pool_type_none , ropt, "pf_pool_type_none" ); + data.registerOption( m_dialog->pf_bitmask , ropt, "pf_bitmask" ); + data.registerOption( m_dialog->pf_random , ropt, "pf_random" ); + data.registerOption( m_dialog->pf_source_hash , ropt, "pf_source_hash" ); + data.registerOption( m_dialog->pf_round_robin , ropt, "pf_round_robin" ); + data.registerOption( m_dialog->pf_static_port , ropt, "pf_static_port" ); + } + + init=true; + data.loadAll(); + //apply->setEnabled( false ); + init=false; +} + +void NATRuleOptionsDialog::changed() +{ + //apply->setEnabled( true ); + emit changed_sign(); +} + +void NATRuleOptionsDialog::validate(bool *res) +{ + *res=true; +} + +void NATRuleOptionsDialog::isChanged(bool *res) +{ + //*res=(!init && apply->isEnabled()); +} + +void NATRuleOptionsDialog::libChanged() +{ + changed(); +} + +void NATRuleOptionsDialog::applyChanges() +{ + if (!isTreeReadWrite(this,obj)) return; + + init=true; + data.saveAll(); + init=false; + + mw->updateRuleOptions(); + + //apply->setEnabled( false ); +} + +void NATRuleOptionsDialog::discardChanges() +{ + loadFWObject(obj); +} + + +/* ObjectEditor class connects its slot to this signal and does all + * the verification for us, then accepts (or not) the event. So we do + * nothing here and defer all the processing to ObjectEditor + */ +void NATRuleOptionsDialog::closeEvent(QCloseEvent *e) +{ + emit close_sign(e); + +} + diff --git a/src/gui/NATRuleOptionsDialog.h b/src/gui/NATRuleOptionsDialog.h new file mode 100644 index 000000000..cb99e6b29 --- /dev/null +++ b/src/gui/NATRuleOptionsDialog.h @@ -0,0 +1,75 @@ +/* + + Firewall Builder + + Copyright (C) 2006 NetCitadel, LLC + + Author: Illiya Yalovoy + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __NATRULEOPTIONSDIALOG_H_ +#define __NATRULEOPTIONSDIALOG_H_ + +#include "../../config.h" +#include +#include + +#include "DialogData.h" + +#include "fwbuilder/FWObject.h" + +class RuleSetView; + +class NATRuleOptionsDialog : public QWidget +{ + Q_OBJECT + + libfwbuilder::FWObject *obj; + DialogData data; + QString platform; + RuleSetView *rsv; + Ui::NATRuleOptionsDialog_q *m_dialog; + + bool init; + + public: + NATRuleOptionsDialog(QWidget *parent); + ~NATRuleOptionsDialog(); + +public slots: + virtual void changed(); + virtual void libChanged(); + virtual void applyChanges(); + virtual void discardChanges(); + virtual void loadFWObject(libfwbuilder::FWObject *obj); + virtual void validate(bool*); + virtual void isChanged(bool*); + virtual void closeEvent(QCloseEvent *e); + + signals: +/** + * This signal is emitted from closeEvent, ObjectEditor connects + * to this signal to make checks before the object editor can be closed + * and to store its position on the screen + */ + void close_sign(QCloseEvent *e); + void changed_sign(); + +}; + +#endif // __NATRULEOPTIONSDIALOG_H diff --git a/src/gui/NetworkDialog.cpp b/src/gui/NetworkDialog.cpp new file mode 100644 index 000000000..b938bdea6 --- /dev/null +++ b/src/gui/NetworkDialog.cpp @@ -0,0 +1,189 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: NetworkDialog.cpp,v 1.22 2007/04/14 00:18:43 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "FWBTree.h" +#include "NetworkDialog.h" +#include "ObjectManipulator.h" + +#include "fwbuilder/Library.h" +#include "fwbuilder/Network.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/FWException.h" + +#include +#include +#include +#include +#include +#include +#include + +using namespace std; +using namespace libfwbuilder; + +NetworkDialog::NetworkDialog(QWidget *parent) : QWidget(parent) +{ + m_dialog = new Ui::NetworkDialog_q; + m_dialog->setupUi(this); + obj=NULL; +} + +NetworkDialog::~NetworkDialog() { delete m_dialog; } + +void NetworkDialog::loadFWObject(FWObject *o) +{ + obj=o; + Network *s = dynamic_cast(obj); + assert(s!=NULL); + + init=true; + + fillLibraries(m_dialog->libs,obj); + + m_dialog->obj_name->setText( QString::fromUtf8(s->getName().c_str()) ); + m_dialog->address->setText( s->getAddress().toString().c_str() ); + m_dialog->netmask->setText( s->getNetmask().toString().c_str() ); + m_dialog->comment->setText( QString::fromUtf8(s->getComment().c_str()) ); + + //apply->setEnabled( false ); + + m_dialog->obj_name->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->obj_name); + + m_dialog->libs->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->libs); + + m_dialog->address->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->address); + + m_dialog->netmask->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->netmask); + + m_dialog->comment->setReadOnly(o->isReadOnly()); + setDisabledPalette(m_dialog->comment); + + + init=false; +} + +void NetworkDialog::changed() +{ + //apply->setEnabled( true ); + emit changed_sign(); +} + +void NetworkDialog::validate(bool *res) +{ + *res=true; + + if (!isTreeReadWrite(this,obj)) { *res=false; return; } + if (!validateName(this,obj,m_dialog->obj_name->text())) { *res=false; return; } + + Network *s = dynamic_cast(obj); + assert(s!=NULL); + try + { + IPAddress( m_dialog->address->text().toLatin1().constData() ); + } catch (FWException &ex) + { + *res=false; + QMessageBox::critical(this, "Firewall Builder", + tr("Illegal IP address '%1'").arg(m_dialog->address->text()), + tr("&Continue"), 0, 0, + 0 ); + } + try + { + Netmask( m_dialog->netmask->text().toLatin1().constData() ); + } catch (FWException &ex) + { + *res=false; + QMessageBox::critical(this, "Firewall Builder", + tr("Illegal netmask '%1'").arg( m_dialog->netmask->text() ), + tr("&Continue"), 0, 0, + 0 ); + } +} + +void NetworkDialog::isChanged(bool *res) +{ + //*res=(!init && apply->isEnabled()); +} + +void NetworkDialog::libChanged() +{ + changed(); +} + +void NetworkDialog::applyChanges() +{ + Network *s = dynamic_cast(obj); + assert(s!=NULL); + + string oldname=obj->getName(); + obj->setName( string(m_dialog->obj_name->text().toUtf8().constData()) ); + obj->setComment( string(m_dialog->comment->toPlainText().toUtf8().constData()) ); + try + { + s->setAddress( m_dialog->address->text().toLatin1().constData() ); + s->setNetmask( m_dialog->netmask->text().toLatin1().constData() ); + } catch (FWException &ex) + { +/* exception thrown if user types illegal m_dialog->address or m_dialog->netmask */ + + } + om->updateObjName(obj,QString::fromUtf8(oldname.c_str())); + + init=true; + +/* move to another lib if we have to */ + if (! FWBTree::isSystem(obj) && m_dialog->libs->currentText() != QString(obj->getLibrary()->getName().c_str())) + om->moveObject(m_dialog->libs->currentText(), obj); + + init=false; + //apply->setEnabled( false ); + om->updateLastModifiedTimestampForAllFirewalls(obj); +} + +void NetworkDialog::discardChanges() +{ + loadFWObject(obj); +} + + +/* ObjectEditor class connects its slot to this signal and does all + * the verification for us, then accepts (or not) the event. So we do + * nothing here and defer all the processing to ObjectEditor + */ +void NetworkDialog::closeEvent(QCloseEvent *e) +{ + emit close_sign(e); + +} + diff --git a/src/gui/NetworkDialog.h b/src/gui/NetworkDialog.h new file mode 100644 index 000000000..0ba9e8ca7 --- /dev/null +++ b/src/gui/NetworkDialog.h @@ -0,0 +1,70 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: NetworkDialog.h,v 1.7 2006/05/13 06:53:05 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __NETWORKDIALOG_H_ +#define __NETWORKDIALOG_H_ + +#include "config.h" +#include +#include + +#include "fwbuilder/FWObject.h" + + +class NetworkDialog : public QWidget +{ + Q_OBJECT + + libfwbuilder::FWObject *obj; + Ui::NetworkDialog_q *m_dialog; + bool init; + + public: + NetworkDialog(QWidget *parent); + ~NetworkDialog(); + +public slots: + virtual void changed(); + virtual void libChanged(); + virtual void applyChanges(); + virtual void discardChanges(); + virtual void loadFWObject(libfwbuilder::FWObject *obj); + virtual void validate(bool*); + virtual void isChanged(bool*); + virtual void closeEvent(QCloseEvent *e); + + signals: +/** + * This signal is emitted from closeEvent, ObjectEditor connects + * to this signal to make checks before the object editor can be closed + * and to store its position on the screen + */ + void close_sign(QCloseEvent *e); + void changed_sign(); + +}; + +#endif // NETWORKDIALOG_H diff --git a/src/gui/ObjConflictResolutionDialog.cpp b/src/gui/ObjConflictResolutionDialog.cpp new file mode 100644 index 000000000..907967464 --- /dev/null +++ b/src/gui/ObjConflictResolutionDialog.cpp @@ -0,0 +1,497 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: ObjConflictResolutionDialog.cpp,v 1.19 2007/02/04 03:58:59 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "fwbuilder/FWObject.h" +#include "fwbuilder/FWObjectDatabase.h" + +#include "ObjConflictResolutionDialog.h" +#include "FWObjectPropertiesFactory.h" +#include "FWBSettings.h" + + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +using namespace std; +using namespace libfwbuilder; + + +ObjConflictResolutionDialog::ObjConflictResolutionDialog(QWidget *parent): QDialog(parent) +{ + m_dialog = new Ui::ObjConflictResolutionDialog_q; + m_dialog->setupUi(this); + setObjectName("ObjConflictResolutionDialog"); + + alwaysCurrent=false; + alwaysNew =false; + m_dialog->dlgIcon->setPixmap( QMessageBox::standardIcon( QMessageBox::Warning ) ); + + defaultLeftButtonText = tr("Keep current object"); + defaultRightButtonText = tr("Replace with this object"); + + if (st->haveGeometry(this)) st->restoreGeometry(this); + + richText = true; +} + +ObjConflictResolutionDialog::~ObjConflictResolutionDialog() +{ + saveGeometry(); +} + +QString ObjConflictResolutionDialog::makeBold(const QString &str) +{ + QString bold = (richText)?QString(""):""; + QString unbold = (richText)?QString(""):""; + return QString("%1%2%3").arg(bold).arg(str).arg(unbold); +} + +int ObjConflictResolutionDialog::run( FWObject *o1, + FWObject *o2) +{ + + // fill in dialogs even though the user might have + // checked checkbox that makes decision without + // them having to click a button. This is so that + // classes that inherit from ObjConflictResolutionDialog + // can use data collected in this method. Particularly + // CompareObjectsDialog::run needs it + + + QString leftBtnTxt, rightBtnTxt; + bool leftCB, rightCB, leftBtn, rightBtn; + + leftBtnTxt = defaultLeftButtonText; + rightBtnTxt = defaultRightButtonText; + leftCB=rightCB=leftBtn=rightBtn=true; + + QString p1, p2; + + FWObject *delObjLib1 = o1->getRoot()->getById( DELETED_LIB ); + FWObject *delObjLib2 = o2->getRoot()->getById( DELETED_LIB ); + + if (delObjLib1!=NULL && o1->isChildOf(delObjLib1)) + { + /* This is the case when an object present in the file we are + * trying to load has been deleted in the tree. We can not + * just ignore deleted object in the tree and load a copy from + * the file because it will create a conflict (two objects + * with the same ID). I am not sur eI can delete object from + * here either. It is unclear how to solve this problem + * correctly. Defer to the user. */ + + p1=tr("Object '%1' has been deleted").arg(makeBold(o1->getName().c_str())); + rightBtnTxt = tr("Delete"); + leftCB = rightCB = leftBtn = false; + } else + p1= FWObjectPropertiesFactory::getObjectPropertiesDetailed(o1, + true, + false, + false); + + if (delObjLib2!=NULL && o2->isChildOf(delObjLib2)) + { + /* This is the case where object o2 has been deleted in the + * file we are trying to load but is present in the tree. One + * situation when this occurs is when we preloaded bunch of + * libraries and this object is in one of them but has been + * deleted in the file. We should ignore deleted objects in + * the file and use copy present in the tree. + */ + + cerr << "Deleted object found: o2 " + << o2->getId() << " " << o2->getName() << endl; + + return QDialog::Rejected; + + p2=tr("Object '%1' has been deleted").arg(makeBold(o2->getName().c_str())); + leftBtnTxt = tr("Delete"); + leftCB = rightCB = rightBtn = false; + } else + p2= FWObjectPropertiesFactory::getObjectPropertiesDetailed(o2, + true, + false, + false); + + + m_dialog->useCurrentObj->setText(leftBtnTxt); + m_dialog->useNewObj->setText(rightBtnTxt); + + m_dialog->useNewObj->setEnabled(rightBtn); + m_dialog->newAll->setEnabled(rightCB); + m_dialog->useCurrentObj->setEnabled(leftBtn); + m_dialog->currentAll->setEnabled(leftCB); + + if (leftBtn) m_dialog->useCurrentObj->setFocus(); + else m_dialog->useNewObj->setFocus(); + + QString f1= FWObjectDatabase::cast(o1->getRoot())->getFileName().c_str(); + QString f2= FWObjectDatabase::cast(o2->getRoot())->getFileName().c_str(); + + current_filename = f1; + new_filename = f2; + + current_objname = o1->getName().c_str(); + new_objname = o2->getName().c_str(); + + current_properties = p1; + new_properties = p2; + + + if (f1.isEmpty()) + f1=tr("Object '%1' in the objects tree").arg(makeBold(o1->getName().c_str())); + else + f1=tr("Object '%1' in file %2").arg(makeBold(o1->getName().c_str())).arg(f1); + + f2=tr("Object '%1' in file %2").arg(makeBold(o2->getName().c_str())).arg(f2); + + + m_dialog->currentObjLbl->setText(f1); + m_dialog->newObjLbl->setText(f2); + + m_dialog->currentObj->clear(); + m_dialog->newObj->clear(); + + QString s; + s="\n"; + s+=p1; + s+="
    "; + s+=o1->getComment().c_str(); + + m_dialog->currentObj->moveCursor(QTextCursor::Start); + m_dialog->currentObj->append( s ); + m_dialog->currentObj->scrollToAnchor("top"); + + s="    \n"; + s+=p2; + s+="
    "; + s+=o2->getComment().c_str(); + + m_dialog->newObj->moveCursor( QTextCursor::Start ); + m_dialog->newObj->append( s ); + m_dialog->newObj->scrollToAnchor("top"); + + + if (alwaysCurrent) return QDialog::Rejected; + if (alwaysNew) return QDialog::Accepted; + + return QDialog::exec(); +} + +void ObjConflictResolutionDialog::saveGeometry() +{ + st->saveGeometry(this); +} + +/* + * Important + * + * normally close event is sent when user clicks "close window" button + * on the window titlebar. When this event is processed in this method, + * the window is still visible so it is safe to retrieve and use its + * geometry (it is bad to get geometry of the window when it is hidden + * because at that time window manager decorations do not exist + * anymore, so window's position on the screen is shiften up and to + * the left). + * + * It seems under certain window manager (at this time it is unknown + * which one) in Gnome "close event" is generated after the window is + * closed by clicking one of the buttons at the bottom (choosing which + * objects to keep). We call saveGeometry from accept and reject to + * get size and position when user clicks those buttons. Window is + * then closed and (it seems) window manager sends "close" event to + * it. By the time when we get control in this method, the window is + * already closed and geometry returned for it would be incorrect. + * + * Finally, I decided to make it so the user can not close conflict + * resolution dialog using titlebar button. The user is suppposed to + * make a decision, and although closing dialog was equivalent to + * clicking one of the choice buttons, it wasn't obvious. So it is + * better to disable this completely and make it obvious for the user + * that they must make a choice. + */ +void ObjConflictResolutionDialog::closeEvent(QCloseEvent *e) +{ + if (fwbdebug) qDebug("ObjConflictResolutionDialog::closeEvent"); + + e->ignore(); +} + +void ObjConflictResolutionDialog::setFlags() +{ + alwaysCurrent = m_dialog->currentAll->isChecked(); + alwaysNew = m_dialog->newAll->isChecked(); +} + +void ObjConflictResolutionDialog::accept() +{ + if (fwbdebug) + qDebug("ObjConflictResolutionDialog::accept(): isVisible=%d", + isVisible()); + + QDialog::accept(); +} + +void ObjConflictResolutionDialog::reject() +{ + if (fwbdebug) + qDebug("ObjConflictResolutionDialog::reject(): isVisible=%d", + isVisible()); + + QDialog::reject(); +} + +// ################################################################ + +CompareObjectsDialog::CompareObjectsDialog(QWidget *p) : + ObjConflictResolutionDialog(p) +{ + richText = false; + num_conflicts = 0; + column_width[0] = 30; + column_width[1] = 30; + column_width[2] = 30; + column_width[3] = 30; + + m_dialog->currentAll->hide(); + m_dialog->useCurrentObj->hide(); + + defaultLeftButtonText = ""; + defaultRightButtonText = tr("Next"); + + m_dialog->dialogHeading->setText( tr("The following two objects have the same internal ID but different attributes:") ); + m_dialog->newAll->setText( tr("Skip the rest but build report") ); + + clearReport(); + + // Note : these keys match strings generated by + // FWObjectPropertyFactory::getObjectPropertiesDetailed + // That is, getObjectPropertiesDetailed generates text like this: + // + // Library: TestLibrary + // Object Id: id3F3D04676 + // Object Type: Firewall + // Object Name: guardian + // + // Keys in report_attributes must match strings before ':' exactly + + report_attributes.push_back("Name"); + report_attributes.push_back("Library"); + report_attributes.push_back("Object Id"); + report_attributes.push_back("Object Type"); + report_attributes.push_back("Object Name"); + report_attributes.push_back("Path"); + +} + +void CompareObjectsDialog::writeColumn(ostringstream &sstr, + int column_num, + const QString &txt) +{ + int col_width = column_width[column_num]; + + sstr << txt.toLatin1().constData() << setw(col_width-txt.length()) << setfill(' ') << ' '; +} + +int CompareObjectsDialog::run(FWObject *o1,FWObject *o2) +{ + ostringstream str; + + int res = ObjConflictResolutionDialog::run(o1,o2); + +/* + currentObj->setTextFormat(Qt::PlainText); + QString l_text = currentObj->text(0); + // QTextEdit returns whole paragraph as one line + // Since we enforce PlainText, all html formatting + // is lost and individual lines are glued together + // with some character that prints as '?' + // Could be chr(0) ? + + if (fwbdebug) qDebug("%s",l_text.ascii()); + + newObj->setTextFormat(Qt::PlainText); + QString r_text = newObj->text(0); + + if (fwbdebug) qDebug("%s",r_text.ascii()); + + str << l_text << endl; + str << r_text << endl; + str << endl; +*/ + + num_conflicts++; + + QString prop1 = FWObjectPropertiesFactory::stripHTML(current_properties); + QString prop2 = FWObjectPropertiesFactory::stripHTML(new_properties); + + + QStringList proplist1 = prop1.split("\n"); + QStringList proplist2 = prop2.split("\n"); + + QMap propdict1; + QMap propdict2; + + int n = 0; + QStringList::Iterator i1 = proplist1.begin(); + for ( ; i1!=proplist1.end(); ++i1,++n) + { + ostringstream tstr; + tstr << "key_" << n; + + QString k = (*i1).section(':',0,0).trimmed(); + QString v = (*i1).section(':',1).trimmed(); + if (v=="") + { + v = k; + k = tstr.str().c_str(); + } + + if (fwbdebug) qDebug(QString("proplist1: k='%1' v='%2'").arg(k).arg(v).toAscii().constData()); + + propdict1[k] = v; + } + + n = 0; + QStringList::Iterator i2 = proplist2.begin(); + for ( ; i2!=proplist2.end(); ++i2,++n) + { + ostringstream tstr; + tstr << "key_" << n; + + QString k = (*i2).section(':',0,0).trimmed(); + QString v = (*i2).section(':',1).trimmed(); + if (v=="") + { + v = k; + k = tstr.str().c_str(); + } + + if (fwbdebug) qDebug(QString("proplist2: k='%1' v='%2'").arg(k).arg(v).toAscii().constData()); + + propdict2[k] = v; + } + + + QStringList::Iterator i3 = report_attributes.begin(); + for ( ; i3!=report_attributes.end(); ++i3) + { + QString attr = *i3; + + if (fwbdebug) qDebug(QString("report_attributes: attr=%1 ").arg(attr).toAscii().constData()); + + if (!propdict1.contains(attr) || !propdict2.contains(attr)) continue; + + writeColumn(str, 1, attr); + writeColumn(str, 2, propdict1[attr]); + writeColumn(str, 3, propdict2[attr]); + str << endl; + + propdict1[attr] = ""; + propdict2[attr] = ""; + } + + QMap::Iterator mi1 = propdict1.begin(); + for ( ; mi1!=propdict1.end(); ++mi1) + { + QString key = mi1.key(); + QString val = mi1.value(); + + if (fwbdebug) qDebug(QString("propdict1: key=%1 val=%2").arg(key).arg(val).toAscii().constData()); + + if (val=="") continue; + + if (key.startsWith("key_")) writeColumn(str, 1, " "); + else writeColumn(str, 1, key); + if (propdict1.contains(key)) writeColumn(str, 2, propdict1[key]); + else writeColumn(str, 2, " "); + if (propdict2.contains(key)) writeColumn(str, 3, propdict2[key]); + else writeColumn(str, 3, " "); + str << endl; + + propdict1[key] = ""; + propdict2[key] = ""; + } + + QMap::Iterator mi2 = propdict2.begin(); + for ( ; mi2!=propdict2.end(); ++mi2) + { + QString key = mi2.key(); + QString val = mi2.value(); + + if (fwbdebug) qDebug(QString("propdict2: key=%1 val=%2").arg(key).arg(val).toAscii().constData()); + + if (val=="") continue; + + if (key.startsWith("key_")) writeColumn(str, 1, " "); + else writeColumn(str, 1, key); + if (propdict1.contains(key)) writeColumn(str, 2, propdict1[key]); + else writeColumn(str, 2, " "); + if (propdict2.contains(key)) writeColumn(str, 3, propdict2[key]); + else writeColumn(str, 3, " "); + str << endl; + } + + str << setw(78) << setfill('-') << '-' << endl; + + report.push_back( QString(str.str().c_str()) ); + + return res; +} + +void CompareObjectsDialog::clearReport() +{ + report.clear(); +} + +list CompareObjectsDialog::getReport() +{ + ostringstream str; + + str << "File 1: " << current_filename.toLatin1().constData() << endl; + str << "File 2: " << new_filename.toLatin1().constData() << endl; + str << setw(78) << setfill('-') << '-' << endl; + + report.push_front( QString(str.str().c_str()) ); + + return report; +} + diff --git a/src/gui/ObjConflictResolutionDialog.h b/src/gui/ObjConflictResolutionDialog.h new file mode 100644 index 000000000..6fde8d18d --- /dev/null +++ b/src/gui/ObjConflictResolutionDialog.h @@ -0,0 +1,130 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: ObjConflictResolutionDialog.h,v 1.8 2007/02/04 03:58:59 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __OBJCONFLICTRESOLUTIONDIALOG_H_ +#define __OBJCONFLICTRESOLUTIONDIALOG_H_ + +#include + +#include "fwbuilder/FWObjectDatabase.h" + +#include + +namespace libfwbuilder { + class FWObject; +}; + +class ObjConflictResolutionDialog : public QDialog +{ + Q_OBJECT + + bool alwaysCurrent; + bool alwaysNew; + +protected: + + QString current_filename; + QString new_filename; + QString current_objname; + QString new_objname; + QString current_properties; + QString new_properties; + + QString defaultLeftButtonText; + QString defaultRightButtonText; + + bool richText; + + void saveGeometry(); + QString makeBold(const QString &str); + +public: + Ui::ObjConflictResolutionDialog_q *m_dialog; + + ObjConflictResolutionDialog(QWidget *parent); + virtual ~ObjConflictResolutionDialog(); + + virtual int run( libfwbuilder::FWObject *o1, + libfwbuilder::FWObject *o2); + +public slots: + virtual void closeEvent(QCloseEvent *e); + void setFlags(); + +protected slots: + virtual void accept(); + virtual void reject(); + +}; + + +class MergeConflictRes : + public libfwbuilder::FWObjectDatabase::ConflictResolutionPredicate, + ObjConflictResolutionDialog +{ + public: + MergeConflictRes(QWidget *p) : ObjConflictResolutionDialog(p) {} + virtual bool askUser(libfwbuilder::FWObject *o1,libfwbuilder::FWObject *o2) + { + int res=run(o1,o2); + return (res==QDialog::Accepted); + } +}; + + +class CompareObjectsDialog : + public libfwbuilder::FWObjectDatabase::ConflictResolutionPredicate, + ObjConflictResolutionDialog +{ + std::list report; + QStringList report_attributes; + int num_conflicts; + int column_width[]; + + void writeColumn(std::ostringstream &sstr, + int column_num, + const QString &txt); + + +public: + CompareObjectsDialog(QWidget *p); + + virtual int run( libfwbuilder::FWObject *o1, + libfwbuilder::FWObject *o2); + + void clearReport(); + std::list getReport(); + int getNumberOfConflicts() { return num_conflicts; } + + + virtual bool askUser(libfwbuilder::FWObject *o1,libfwbuilder::FWObject *o2) + { + run(o1,o2); + return QDialog::Accepted; + } +}; + +#endif diff --git a/src/gui/ObjectEditor.cpp b/src/gui/ObjectEditor.cpp new file mode 100644 index 000000000..a12e99f42 --- /dev/null +++ b/src/gui/ObjectEditor.cpp @@ -0,0 +1,570 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: ObjectEditor.cpp,v 1.44 2007/04/14 00:18:43 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "ObjectEditor.h" + +#include +#include +#include +#include +#include +#include +#include + +#include "DialogFactory.h" +#include "FWBTree.h" +#include "FWWindow.h" +#include "FWBSettings.h" +#include "GroupObjectDialog.h" +#include "ActionsDialog.h" +#include "MetricEditorPanel.h" +#include "CommentEditorPanel.h" + +#include "fwbuilder/Library.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Host.h" +#include "fwbuilder/Network.h" +#include "fwbuilder/IPv4.h" +#include "fwbuilder/DNSName.h" +#include "fwbuilder/AddressTable.h" +#include "fwbuilder/AddressRange.h" +#include "fwbuilder/ObjectGroup.h" + +#include "fwbuilder/Resources.h" +#include "fwbuilder/FWReference.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/RuleSet.h" +#include "fwbuilder/Rule.h" + +#include "fwbuilder/CustomService.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/ServiceGroup.h" +#include "fwbuilder/TagService.h" + +#include "fwbuilder/Interval.h" +#include "fwbuilder/IntervalGroup.h" + +#include + +using namespace std; +using namespace libfwbuilder; + +#define OBJTREEVIEW_WIDGET_NAME "ObjTreeView" + + + +ObjectEditor::ObjectEditor( QWidget *parent ): QObject(parent) +{ + opened = NULL; + openedOpt = optNone; + visible = -1; + +#if defined(Q_WS_X11) +/* do something that makes sense only on X11 */ + +#elif defined(Q_OS_WIN32) || defined(Q_OS_CYGWIN) +/* do something that only works on windows */ + +#elif defined(Q_OS_MAC) + +#endif + + parentWidget=(QStackedWidget*)parent; + QWidget *w; + w= DialogFactory::createDialog(parent,Library::TYPENAME); + stackIds[Library::TYPENAME] = parentWidget->addWidget(w); + dialogs[stackIds[Library::TYPENAME]] = w; + + w= DialogFactory::createDialog(parent,IPv4::TYPENAME); + stackIds[IPv4::TYPENAME] = parentWidget->addWidget(w); + dialogs[stackIds[IPv4::TYPENAME]] = w; + + w= DialogFactory::createDialog(parent,physAddress::TYPENAME); + stackIds[physAddress::TYPENAME] = parentWidget->addWidget(w); + dialogs[stackIds[physAddress::TYPENAME]] = w; + + w= DialogFactory::createDialog(parent,AddressRange::TYPENAME); + stackIds[AddressRange::TYPENAME] = parentWidget->addWidget(w); + dialogs[stackIds[AddressRange::TYPENAME]] = w; + + w= DialogFactory::createDialog(parent,Firewall::TYPENAME); + stackIds[Firewall::TYPENAME] = parentWidget->addWidget(w); + dialogs[stackIds[Firewall::TYPENAME]] = w; + + w= DialogFactory::createDialog(parent,Host::TYPENAME); + stackIds[Host::TYPENAME] = parentWidget->addWidget(w); + dialogs[stackIds[Host::TYPENAME]] = w; + + w= DialogFactory::createDialog(parent,Interface::TYPENAME); + stackIds[Interface::TYPENAME] = parentWidget->addWidget(w); + dialogs[stackIds[Interface::TYPENAME]] = w; + + w= DialogFactory::createDialog(parent,Network::TYPENAME); + stackIds[Network::TYPENAME] = parentWidget->addWidget(w); + dialogs[stackIds[Network::TYPENAME]] = w; + + w= DialogFactory::createDialog(parent,CustomService::TYPENAME); + stackIds[CustomService::TYPENAME] = parentWidget->addWidget(w); + dialogs[stackIds[CustomService::TYPENAME]] = w; + + w= DialogFactory::createDialog(parent,IPService::TYPENAME); + stackIds[IPService::TYPENAME] = parentWidget->addWidget(w); + dialogs[stackIds[IPService::TYPENAME]] = w; + + w= DialogFactory::createDialog(parent,ICMPService::TYPENAME); + stackIds[ICMPService::TYPENAME] = parentWidget->addWidget(w); + dialogs[stackIds[ICMPService::TYPENAME]] = w; + + w= DialogFactory::createDialog(parent,TCPService::TYPENAME); + stackIds[TCPService::TYPENAME] = parentWidget->addWidget(w); + dialogs[stackIds[TCPService::TYPENAME]] = w; + + w= DialogFactory::createDialog(parent,UDPService::TYPENAME); + stackIds[UDPService::TYPENAME] = parentWidget->addWidget(w); + dialogs[stackIds[UDPService::TYPENAME]] = w; + + w= DialogFactory::createDialog(parent,ObjectGroup::TYPENAME); + stackIds[ObjectGroup::TYPENAME] = parentWidget->addWidget(w); + dialogs[stackIds[ObjectGroup::TYPENAME]] = w; + + w= DialogFactory::createDialog(parent,ServiceGroup::TYPENAME); + stackIds[ServiceGroup::TYPENAME] = parentWidget->addWidget(w); + dialogs[stackIds[ServiceGroup::TYPENAME]] = w; + + w= DialogFactory::createDialog(parent,IntervalGroup::TYPENAME); + stackIds[IntervalGroup::TYPENAME] = parentWidget->addWidget(w); + dialogs[stackIds[IntervalGroup::TYPENAME]] = w; + + w= DialogFactory::createDialog(parent,Interval::TYPENAME); + stackIds[Interval::TYPENAME] = parentWidget->addWidget(w); + dialogs[stackIds[Interval::TYPENAME]] = w; + + w= DialogFactory::createDialog(parent,Rule::TYPENAME); + stackIds[Rule::TYPENAME] = parentWidget->addWidget(w); + dialogs[stackIds[Rule::TYPENAME]] = w; + + w= DialogFactory::createDialog(parent,RoutingRule::TYPENAME); + stackIds[RoutingRule::TYPENAME] = parentWidget->addWidget(w); + dialogs[stackIds[RoutingRule::TYPENAME]] = w; + + w= DialogFactory::createDialog(parent,PolicyRule::TYPENAME); + stackIds[PolicyRule::TYPENAME] = parentWidget->addWidget(w); + dialogs[stackIds[PolicyRule::TYPENAME]] = w; + + w= DialogFactory::createDialog(parent,NATRule::TYPENAME); + stackIds[NATRule::TYPENAME] = parentWidget->addWidget(w); + dialogs[stackIds[NATRule::TYPENAME]] = w; + + + w= DialogFactory::createDialog(parent,DNSName::TYPENAME); + stackIds[DNSName::TYPENAME] = parentWidget->addWidget(w); + dialogs[stackIds[DNSName::TYPENAME]] = w; + + w= DialogFactory::createDialog(parent,AddressTable::TYPENAME); + stackIds[AddressTable::TYPENAME] = parentWidget->addWidget(w); + dialogs[stackIds[AddressTable::TYPENAME]] = w; + + w= DialogFactory::createDialog(parent,TagService::TYPENAME); + stackIds[TagService::TYPENAME] = parentWidget->addWidget(w); + dialogs[stackIds[TagService::TYPENAME]] = w; + + + w= new ActionsDialog(parent); + stackIds[getOptDialogName(optAction)] = parentWidget->addWidget(w); + dialogs[stackIds[getOptDialogName(optAction)]] = w; + + w= new CommentEditorPanel(parent,false); + stackIds[getOptDialogName(optComment)] = parentWidget->addWidget(w); + dialogs[stackIds[getOptDialogName(optComment)]] = w; + + + w= new MetricEditorPanel(parent); + stackIds[getOptDialogName(optMetric)] = parentWidget->addWidget(w); + dialogs[stackIds[getOptDialogName(optMetric)]] = w; + + w=new QWidget(parent); + stackIds["BLANK"] = parentWidget->addWidget(w); + dialogs[stackIds["BLANK"]] = w; + + +} + +void ObjectEditor::show() +{ + //dialogs[ visible ]->adjustSize(); + //if (st->haveGeometry(dialogs[ visible ])) + // st->restoreGeometry(dialogs[ visible ]); + //if (st->haveScreenPosition("Object Editor")) + // dialogs[ visible ]->move(st->getScreenPosition("Object Editor")); + //dialogs[ visible ]->show(); + parentWidget->setCurrentIndex(visible); + mw->openEditorPanel(); +} + +void ObjectEditor::hide() +{ +// if (visible==-1) +// { +// QMap::iterator i; +// for (i=stackIds.begin(); i!=stackIds.end(); ++i) +// dialogs[ i.data() ]->hide(); +// } else +// { +// st->saveGeometry(dialogs[ visible ]); +//// QPoint p = dialogs[ visible ]->pos(); +// QRect g = dialogs[ visible ]->geometry(); +// g.moveTopLeft(dialogs[ visible ]->frameGeometry().topLeft()); +// +// if (g.x()!=0 && g.y()!=0) +// st->saveScreenPosition("Object Editor",g.topLeft()); +// +// dialogs[ visible ]->hide(); +// } + mw->closeEditorPanel(); + visible=-1; +} + +bool ObjectEditor::isVisible() +{ + //return (visible!=-1 && dialogs[visible]->isVisible()); + return (parentWidget->isVisible()); +} + +bool ObjectEditor::isModified() +{ + return applyButton->isEnabled(); +} + +QString ObjectEditor::getOptDialogName(OptType t) +{ + return QString("OptionDialog_%1").arg(t); +} + +void ObjectEditor::openOpt(FWObject *obj,OptType t) +{ + if (Rule::cast(obj)==NULL) return; + + disconnectSignals(); + + int wid= stackIds[getOptDialogName(t)]; + + visible=wid; + + show(); + + connect(this, SIGNAL(loadObject_sign(libfwbuilder::FWObject*)), + dialogs[ wid ], + SLOT(loadFWObject(libfwbuilder::FWObject*))); + + connect(this, SIGNAL(validate_sign(bool*)), + dialogs[ wid ], + SLOT(validate(bool*))); + + connect(this, SIGNAL(applyChanges_sign()), + dialogs[ wid ], + SLOT(applyChanges())); + + connect(this, SIGNAL(discardChanges_sign()), + dialogs[ wid ], + SLOT(discardChanges())); + + connect(dialogs[ wid ], SIGNAL(close_sign(QCloseEvent*)), + this, + SLOT(validateAndClose(QCloseEvent*))); + connect(dialogs[ wid ], SIGNAL(changed_sign()), + this, + SLOT(changed())); + + emit loadObject_sign(obj); + + opened = obj; + openedOpt = t; + applyButton->setEnabled(false); + +} + +void ObjectEditor::open(FWObject *obj) +{ + openedOpt = optNone; + if (stackIds.count(obj->getTypeName().c_str())!=0) + { + disconnectSignals(); + + int wid= stackIds[obj->getTypeName().c_str()]; + +// disconnect( SIGNAL(loadObject_sign(libfwbuilder::FWObject*)) ); +// disconnect( SIGNAL(validate_sign(bool*)) ); +// disconnect( SIGNAL(isChanged_sign(bool*)) ); +// disconnect( SIGNAL(applyChanges_sign()) ); +// disconnect( SIGNAL(discardChanges_sign()) ); +// disconnect( SIGNAL(close_sign(QCloseEvent*)) ); + + //hide(); + + + visible=wid; + + show(); + + connect(this, SIGNAL(loadObject_sign(libfwbuilder::FWObject*)), + dialogs[ wid ], + SLOT(loadFWObject(libfwbuilder::FWObject*))); + + connect(this, SIGNAL(validate_sign(bool*)), + dialogs[ wid ], + SLOT(validate(bool*))); + + //connect(this, SIGNAL(isChanged_sign(bool*)), + // dialogs[ wid ], + // SLOT(isChanged(bool*))); + + connect(this, SIGNAL(applyChanges_sign()), + dialogs[ wid ], + SLOT(applyChanges())); + + connect(this, SIGNAL(discardChanges_sign()), + dialogs[ wid ], + SLOT(discardChanges())); + + connect(dialogs[ wid ], SIGNAL(close_sign(QCloseEvent*)), + this, + SLOT(validateAndClose(QCloseEvent*))); + connect(dialogs[ wid ], SIGNAL(changed_sign()), + this, + SLOT(changed())); + + emit loadObject_sign(obj); + } + + opened = obj; + applyButton->setEnabled(false); +} + +void ObjectEditor::disconnectSignals() +{ + disconnect( SIGNAL(loadObject_sign(libfwbuilder::FWObject*)) ); + disconnect( SIGNAL(validate_sign(bool*)) ); + //disconnect( SIGNAL(isChanged_sign(bool*)) ); + disconnect( SIGNAL(applyChanges_sign()) ); + disconnect( SIGNAL(discardChanges_sign()) ); + if (visible>=0) dialogs[visible]->disconnect( this ); +} + +void ObjectEditor::purge() +{ + if (fwbdebug) qDebug("ObjectEditor::purge"); + + applyButton->setEnabled(false); + int wid = stackIds["BLANK"]; + visible = wid; + opened = NULL; + openedOpt = optNone; +} + +/* editor window needs to close. Check if something changed in it and + * accept or ignore closing event + */ +void ObjectEditor::validateAndClose(QCloseEvent *e) +{ + if (fwbdebug) qDebug("ObjectEditor::validateAndClose"); + + if (validateAndSave()) + { + if (e) e->accept(); + //disconnectSignals(); // all signals will be disconnected + // in next open(...) + hide(); + return; + } + if (e) e->ignore(); +} + +bool ObjectEditor::validateAndSave() +{ + if (fwbdebug) qDebug("ObjectEditor::validateAndSave"); + if (visible==stackIds["BLANK"]) return true; + bool ischanged=false; + ischanged = isModified(); + //emit isChanged_sign(&ischanged); + +/* if nothing changed or tree is read-only, just close dialog */ + if (!ischanged || !isTreeReadWrite(dialogs[ visible ],mw->db())) + { + if (fwbdebug) + qDebug("ObjectEditor::validateAndSave: no changes"); + return true; + } + +/* there are changes and the tree is writable */ + bool isgood=true; + emit validate_sign( &isgood ); + if (!isgood) + { + switch ( QMessageBox::warning(dialogs[ visible ], + "Firewall Builder", + tr("Modifications done to this object can not be saved.\nDo you want to continue editing it ?"), + tr("&Continue editing"), + tr("&Discard changes"), + QString::null, + 0, 1 ) ) + { + case 0: + if (fwbdebug) + qDebug("ObjectEditor::validateAndSave: return false, can not switch to another object"); + return false; + + default: + if (fwbdebug) + qDebug("ObjectEditor::validateAndSave return true, discard changes, can switch to another object"); + discard(); + return true; + } + return false; + } + +/* changes have been validated, need to save now */ + if (st->getAutoSave()) + { + emit applyChanges_sign(); + } else + { + switch ( QMessageBox::warning(dialogs[ visible ], + "Firewall Builder", + tr("This object has been modified but not saved.\nDo you want to save it ?"), + tr("&Save"), tr("&Discard"), tr("&Continue editing"), + 0, 2 ) ) + { + case 0: + apply(); + return true; + + case 1: + discard(); + return true; + + case 2: + return false; + } + } + return true; +} + +void ObjectEditor::setCloseButton(QPushButton * b) +{ + closeButton=b; + connect((QWidget*)closeButton,SIGNAL(clicked()),this,SLOT(close())); +} + +void ObjectEditor::setApplyButton(QPushButton * b) +{ + applyButton=b; + applyButton->setEnabled(false); + connect((QWidget*)applyButton,SIGNAL(clicked()),this,SLOT(apply())); + +} + +void ObjectEditor::close() +{ + if (fwbdebug) qDebug("ObjectEditor::close"); + + validateAndClose(NULL); +} + +void ObjectEditor::apply() +{ + bool isgood=true; + emit validate_sign( &isgood ); + if (isgood) + { + emit applyChanges_sign(); + applyButton->setEnabled(false); + mw->updateRuleSetView( ); + + mw->updateTreeViewItemOrder(); + } +} + +void ObjectEditor::discard() +{ + emit discardChanges_sign(); + applyButton->setEnabled(false); +} + +void ObjectEditor::changed() +{ + applyButton->setEnabled(true); +} + +void ObjectEditor::selectObject(FWObject *o) +{ + qDebug("ObjectEditor::selectObject"); + if (Group::cast(opened)==NULL || visible==-1) return; + ((GroupObjectDialog *) dialogs[ visible ])->selectObject(o); +} + +void ObjectEditor::selectionChanged(FWObject *o) +{ + /* + if (visible==-1) return; + //if (opened==o) return; + open (o); + show(); + */ +} + +void ObjectEditor::actionChanged(FWObject *o) +{ + if (visible==-1) + { + purge(); + return; + } + //if (opened==o) return; + openOpt (o,ObjectEditor::optAction); + + show(); +} + +void ObjectEditor::blank() +{ + if (isVisible()) + { + applyButton->setEnabled(false); + int wid= stackIds["BLANK"]; + + visible=wid; + opened=NULL; + show(); + } +} diff --git a/src/gui/ObjectEditor.h b/src/gui/ObjectEditor.h new file mode 100644 index 000000000..5fcc8c93f --- /dev/null +++ b/src/gui/ObjectEditor.h @@ -0,0 +1,136 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: ObjectEditor.h,v 1.21 2006/09/07 15:42:12 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __OBJECTEDITOR_H_ +#define __OBJECTEDITOR_H_ + +#include "config.h" +#include "global.h" + +#include "qdialog.h" + +#include "fwbuilder/FWObject.h" +#include "fwbuilder/FWObjectDatabase.h" + +#include +#include + +class ObjectTreeViewItem; +class QComboBox; +class QMenu; +class QStackedWidget; + +class ObjectEditor : public QObject { + + Q_OBJECT + + QMap stackIds; + QMap dialogs; + + libfwbuilder::FWObject *opened; + int visible; + QStackedWidget *parentWidget; + QPushButton *closeButton; + QPushButton *applyButton; + + void disconnectSignals(); + +public: + enum OptType{optAction,optComment,optMetric,optNone}; +private: + OptType openedOpt; + + +public: + + ObjectEditor( QWidget *parent ); + virtual ~ObjectEditor() {} + + + QString getOptDialogName(OptType t); + void open(libfwbuilder::FWObject *o); + void openOpt(libfwbuilder::FWObject *, OptType t); + void show(); + void hide(); + bool isVisible(); + bool isModified(); + + libfwbuilder::FWObject* getOpened() { return opened; }; + OptType getOpenedOpt() {return openedOpt;}; + + void purge(); + + bool validateAndSave(); + void setCloseButton(QPushButton * b); + void setApplyButton(QPushButton * b); + void selectObject(libfwbuilder::FWObject *o); + void selectionChanged(libfwbuilder::FWObject *o); + void actionChanged(libfwbuilder::FWObject *o); + + +public slots: + void validateAndClose(QCloseEvent *e); + void apply(); + void discard(); + void close(); + void changed(); + void blank(); +signals: + +/** + * the dialog class should have a slot that can load object's data + * into dialog elements when ObjectEditor emits this signal + */ + void loadObject_sign(libfwbuilder::FWObject *); + +/** + * the dialog class should have a slot that can verify data entered by + * user in the dialog elements when ObjectEditor emits this + * signal. The validation result is returned in variable "bool *res" + */ + void validate_sign(bool *res); + +/** + * the dialog class should have a slot that can verify if the data in + * dialog has been edited. + */ + void isChanged_sign(bool *res); + +/** + * the dialog class should have a slot that applies changes made by + * the user and saves data in the object. + */ + void applyChanges_sign(); + +/** + * the dialog class should have a slot that discards changes made by + * the user + */ + void discardChanges_sign(); + +}; + +#endif diff --git a/src/gui/ObjectIconView.cpp b/src/gui/ObjectIconView.cpp new file mode 100644 index 000000000..9773f7485 --- /dev/null +++ b/src/gui/ObjectIconView.cpp @@ -0,0 +1,200 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: ObjectIconView.cpp,v 1.10 2006/10/22 04:39:36 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#include "config.h" +#include "global.h" + +#include "fwbuilder/FWObjectDatabase.h" +#include "FWWindow.h" +#include "ObjectIconView.h" +#include "ObjectIconViewItem.h" +#include "FWObjectDrag.h" +#include "FWBSettings.h" + +#include "FWObjectPropertiesFactory.h" +#include "fwbuilder/FWObject.h" +#include "fwbuilder/Resources.h" + +#include +#include +#include +#include + +#include + +using namespace std; +using namespace libfwbuilder; + +/**************************************************************************** + * + * class ObjectIconView + * + ****************************************************************************/ + +ObjectIconView::ObjectIconView(QWidget* parent, const char * name, Qt::WindowFlags f) : + QListWidget(parent) +{ + //setWindowFlags(f); + + setDragEnabled(true); + setViewMode(QListView::IconMode); + setSpacing(10); + setAcceptDrops(true); + + //startingDrag = false; +} + +bool ObjectIconView::event ( QEvent * event ) +{ + if (event->type() == QEvent::ToolTip) + { + QHelpEvent *he = (QHelpEvent*) event; + QPoint pos = he->pos(); + + if (st->getObjTooltips()) + { + int cx = pos.x(), cy = pos.y(); + + //viewportToContents(pos.x(),pos.y(),cx,cy); + + FWObject *obj=NULL; + QRect cr; + + QListWidgetItem *itm = itemAt( QPoint(cx,cy) ); + QModelIndex ind = indexAt( QPoint(cx,cy) ); + if (itm==NULL) return false; + ObjectIconViewItem *oivi = dynamic_cast(itm); + assert(oivi!=NULL); + obj = oivi->getFWObject(); + + if (obj==NULL) return false; + + cr = rectForIndex(ind); + cr = QRect( + cr.left() - horizontalOffset(), + cr.top() - verticalOffset(), + cr.width(), + cr.height()); + + QRect global = QRect( + viewport()->mapToGlobal(cr.topLeft()), viewport()->mapToGlobal(cr.bottomRight())); + + + QToolTip::showText(mapToGlobal( he->pos() ), + FWObjectPropertiesFactory::getObjectPropertiesDetailed(obj,true,true), + this, global); + } + + return true; + } + + return QListWidget::event(event); +} + +QDrag* ObjectIconView::dragObject() +{ + QListWidgetItem *ivi = currentItem(); + ObjectIconViewItem *oivi = dynamic_cast(ivi); + if (!oivi) + return NULL; + //assert(oivi!=NULL); + + FWObject *obj = oivi->getFWObject(); + QString icn = + Resources::global_res->getObjResourceStr(obj, "icon-ref").c_str(); + list dragobj; + dragobj.push_back(obj); + + FWObjectDrag *drag = new FWObjectDrag(dragobj, this); + //QPixmap pm = QPixmap::fromMimeSource( icn_filename ); + + QPixmap pm; + if ( ! QPixmapCache::find( icn, pm) ) + { + pm.load( icn ); + QPixmapCache::insert( icn, pm); + } + + drag->setPixmap( pm ); + drag->setHotSpot(QPoint( pm.rect().width() / 2, + pm.rect().height() / 2 )); + return drag; +} + +void ObjectIconView::dragEnterEvent( QDragEnterEvent *ev) +{ + if (fwbdebug) + qDebug("ObjectIconView::dragEnterEvent"); + ev->setAccepted( ev->mimeData()->hasFormat(FWObjectDrag::FWB_MIME_TYPE) ); +} + +void ObjectIconView::dragMoveEvent( QDragMoveEvent *ev) +{ + if (fwbdebug) + qDebug("ObjectIconView::dragMoveEvent"); + ev->setAccepted( ev->mimeData()->hasFormat(FWObjectDrag::FWB_MIME_TYPE) ); +} + +void ObjectIconView::dropEvent(QDropEvent *ev) +{ + if (fwbdebug) + qDebug("ObjectIconView::dropEvent"); +// QListWidget::dropEvent(ev); + emit dropped(ev); +} + +void ObjectIconView::keyPressEvent( QKeyEvent* ev ) +{ + if (ev->key()==Qt::Key_Delete) + { + emit delObject_sign(); + } + QListWidget::keyPressEvent(ev); +} + +void ObjectIconView::mousePressEvent ( QMouseEvent * event ) +{ + if (fwbdebug) + qDebug("ObjectIconView::mousePressEvent"); + + startingDrag = true; + QListWidget::mousePressEvent(event); +} + +void ObjectIconView::mouseMoveEvent ( QMouseEvent * event ) +{ + if (startingDrag) + { + startingDrag = false; + QDrag *dr = dragObject(); + + if (dr) + dr->start(); + } + QListWidget::mouseMoveEvent(event); +} + + diff --git a/src/gui/ObjectIconView.h b/src/gui/ObjectIconView.h new file mode 100644 index 000000000..20006557d --- /dev/null +++ b/src/gui/ObjectIconView.h @@ -0,0 +1,68 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: ObjectIconView.h,v 1.2 2004/05/30 00:12:12 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __OBJECTICONVIEW_H_ +#define __OBJECTICONVIEW_H_ + +#include +#include + +namespace libfwbuilder { + class FWObject; +}; + +class ObjectIconView : public QListWidget { + + Q_OBJECT + + bool startingDrag; + + protected: + + virtual QDrag* dragObject(); + virtual void dragEnterEvent( QDragEnterEvent *ev); + virtual void dropEvent(QDropEvent *ev); + virtual void dragMoveEvent( QDragMoveEvent *ev); + virtual void keyPressEvent( QKeyEvent* ev ); + void mousePressEvent ( QMouseEvent * event ); + void mouseMoveEvent ( QMouseEvent * event ); + + + bool event ( QEvent * event ); + + public: + + ObjectIconView(QWidget* parent = 0, const char * name = 0, Qt::WindowFlags f = 0); + + signals: + + void delObject_sign(); + void dropped(QDropEvent *ev); +}; + + +#endif + diff --git a/src/gui/ObjectIconViewItem.h b/src/gui/ObjectIconViewItem.h new file mode 100644 index 000000000..30fe83ea2 --- /dev/null +++ b/src/gui/ObjectIconViewItem.h @@ -0,0 +1,74 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: ObjectIconViewItem.h,v 1.4 2005/09/07 16:40:50 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + + +#ifndef __OBJECTICONVIEWITEM_H +#define __OBJECTICONVIEWITEM_H + +#include + +#include +#include +#include + +namespace libfwbuilder { + class FWObject; +} + +class ObjectIconViewItem : public QListWidgetItem { + + libfwbuilder::FWObject *objptr; + QMap props; + std::string ID; + + public: + + ObjectIconViewItem(QListWidget *parent) : QListWidgetItem(parent) { + objptr=NULL; +// setDropEnabled(false); + ID=""; + } + + ObjectIconViewItem(QListWidget *parent, const QString &text, const QPixmap &icon ) : QListWidgetItem(parent) + { + objptr=NULL; + setText(text); + setIcon(QIcon(icon)); +// setDropEnabled(false); + ID=""; + } + + libfwbuilder::FWObject *getFWObject() { return mw->db()->getById(ID,true); } + std::string getFWObjectID() {return ID; } + void setFWObject(libfwbuilder::FWObject *obj) {ID=obj->getId(); } + + QString getProperty(const QString &name) { return props[name]; } + void setProperty(const QString &name,const QString &val) { + props[name]=val; + } +}; + +#endif diff --git a/src/gui/ObjectListView.cpp b/src/gui/ObjectListView.cpp new file mode 100644 index 000000000..551dc7869 --- /dev/null +++ b/src/gui/ObjectListView.cpp @@ -0,0 +1,191 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: ObjectListView.cpp,v 1.12 2006/10/22 04:39:36 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#include "config.h" +#include "global.h" + +#include "fwbuilder/FWObject.h" +#include "fwbuilder/Resources.h" +#include "fwbuilder/FWObjectDatabase.h" +#include "FWBSettings.h" + +#include "FWObjectPropertiesFactory.h" +#include "FWWindow.h" +#include "ObjectListView.h" +#include "ObjectListViewItem.h" +#include "FWObjectDrag.h" + +#include +#include +#include +#include +#include + +#include + +using namespace std; +using namespace libfwbuilder; + +/**************************************************************************** + * + * class ObjectListView + * + ****************************************************************************/ + +ObjectListView::ObjectListView(QWidget* parent, const char * name, Qt::WindowFlags f) : + QTreeWidget(parent) +{ + setWindowFlags(f); + /*setColumnWidthMode(0, QTreeWidget::Maximum); + setColumnWidthMode(1, QTreeWidget::Maximum); + setItemMargin( 2 );*/ + setFocusPolicy( Qt::StrongFocus ); + setFocus(); +} + +bool ObjectListView::event ( QEvent * event ) +{ + if (event->type() == QEvent::ToolTip) + { + QHelpEvent *he = (QHelpEvent*) event; + QPoint pos = he->pos(); + + if (st->getObjTooltips()) + { + int cx = pos.x(), cy = pos.y(); + + //viewportToContents(pos.x(),pos.y(),cx,cy); + + FWObject *obj=NULL; + QRect cr; + + QTreeWidgetItem *itm = itemAt( QPoint(cx,cy - header()->height()) ); + if (itm==NULL) return false; + ObjectListViewItem *oivi = dynamic_cast(itm); + assert(oivi!=NULL); + obj = oivi->getFWObject(); + + if (obj==NULL) return false; + + cr = visualItemRect(itm); + + QRect global = QRect( + viewport()->mapToGlobal(cr.topLeft()), viewport()->mapToGlobal(cr.bottomRight())); + + //finally stretch rect up to component's width and even more + //(it fixes bug with horizontal scroll) + global.setWidth(width() + horizontalOffset()); + + QToolTip::showText(mapToGlobal( he->pos() ), + FWObjectPropertiesFactory::getObjectPropertiesDetailed(obj,true,true), + this, global); + } + + return true; + } + + return QTreeWidget::event(event); +} + +QDrag* ObjectListView::dragObject() +{ + QTreeWidgetItem *ovi = currentItem(); + ObjectListViewItem *otvi=dynamic_cast(ovi); + assert(otvi!=NULL); + + FWObject *obj = otvi->getFWObject(); + QString icn = (":/Icons/"+obj->getTypeName()+"/icon-ref").c_str(); + //Resources::global_res->getObjResourceStr(obj, "icon-ref").c_str(); + + list dragobj; + dragobj.push_back(obj); + + FWObjectDrag *drag = new FWObjectDrag(dragobj, this); + //QPixmap pm = QPixmap::fromMimeSource( icn_filename ); + + QPixmap pm; + if ( ! QPixmapCache::find( icn, pm) ) + { + pm.load( icn ); + QPixmapCache::insert( icn, pm); + } + + drag->setPixmap( pm ); + drag->setHotSpot( QPoint( pm.rect().width() / 2, + pm.rect().height() / 2 ) ); + + return drag; +} + +void ObjectListView::dragMoveEvent( QDragMoveEvent *ev) +{ + if (fwbdebug) + qDebug("ObjectListView::dragMoveEvent"); + ev->setAccepted( ev->mimeData()->hasFormat(FWObjectDrag::FWB_MIME_TYPE) ); +} + +void ObjectListView::dragEnterEvent( QDragEnterEvent *ev) +{ + if (fwbdebug) + qDebug("ObjectListView::dragEnterEvent"); + ev->setAccepted( ev->mimeData()->hasFormat(FWObjectDrag::FWB_MIME_TYPE) ); +} + +void ObjectListView::dropEvent(QDropEvent *ev) +{ + if (fwbdebug) + qDebug("ObjectListView::dropEvent"); + emit dropped(ev); +} + +void ObjectListView::keyPressEvent( QKeyEvent* ev ) +{ + if (ev->key()==Qt::Key_Delete) + { + emit delObject_sign(); + } + QTreeWidget::keyPressEvent(ev); +} + +void ObjectListView::mousePressEvent ( QMouseEvent * event ) +{ + startingDrag = true; + QTreeWidget::mousePressEvent(event); +} + +void ObjectListView::mouseMoveEvent ( QMouseEvent * event ) +{ + if (startingDrag) + { + QDrag *dr = dragObject(); + dr->start(); + + startingDrag = false; + } + QTreeWidget::mouseMoveEvent(event); +} + + diff --git a/src/gui/ObjectListView.h b/src/gui/ObjectListView.h new file mode 100644 index 000000000..51ade9079 --- /dev/null +++ b/src/gui/ObjectListView.h @@ -0,0 +1,66 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: ObjectListView.h,v 1.2 2004/05/30 00:12:12 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __OBJECTLISTVIEW_H_ +#define __OBJECTLISTVIEW_H_ + +#include +#include + +namespace libfwbuilder { + class FWObject; +}; + +class ObjectListView : public QTreeWidget { + + Q_OBJECT + + bool startingDrag; + + protected: + + virtual QDrag* dragObject(); + virtual void dragEnterEvent( QDragEnterEvent *ev); + virtual void dragMoveEvent( QDragMoveEvent *ev); + virtual void dropEvent(QDropEvent *ev); + virtual void keyPressEvent( QKeyEvent* ev ); + void mousePressEvent ( QMouseEvent * event ); + void mouseMoveEvent ( QMouseEvent * event ); + + bool event ( QEvent * event ); + public: + + ObjectListView(QWidget* parent = 0, const char * name = 0, Qt::WindowFlags f = 0); + + signals: + + void delObject_sign(); + void dropped(QDropEvent *ev); +}; + + +#endif + diff --git a/src/gui/ObjectListViewItem.h b/src/gui/ObjectListViewItem.h new file mode 100644 index 000000000..19416a2dd --- /dev/null +++ b/src/gui/ObjectListViewItem.h @@ -0,0 +1,76 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Illiya Yalovoy + + $Id: ObjectListViewItem.h,v 1.1 2005/09/07 16:40:50 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + + +#ifndef OBJECTLISTVIEWITEM_H +#define OBJECTLISTVIEWITEM_H + +#include + +#include +#include + +namespace libfwbuilder { + class FWObject; +} + +class ObjectTreeView; + +class ObjectListViewItem : public QTreeWidgetItem { + + libfwbuilder::FWObject *objptr; + QMap props; + QString lib; + std::string ID; + + public: + + ObjectListViewItem(QTreeWidget *parent) : QTreeWidgetItem(parent) { + objptr=NULL; + ID=""; + } + + ObjectListViewItem(QTreeWidgetItem *parent) : QTreeWidgetItem(parent){ + objptr=NULL; + ID=""; + } + + libfwbuilder::FWObject *getFWObject() {return mw->db()->getById(ID,true); } + std::string getFWObjectID() {return ID; } + void setFWObject(libfwbuilder::FWObject *obj) { ID=obj->getId(); } + + ObjectTreeView* getTree(); + + QString getLib() { return lib; } + void setLib(const QString &l) { lib=l; } + + QString getProperty(const QString &name) { return props[name]; } + void setProperty(const QString &name,const QString &val) { + props[name]=val; + } +}; + +#endif diff --git a/src/gui/ObjectManipulator.cpp b/src/gui/ObjectManipulator.cpp new file mode 100644 index 000000000..1c4f1a07a --- /dev/null +++ b/src/gui/ObjectManipulator.cpp @@ -0,0 +1,2971 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: ObjectManipulator.cpp,v 1.164 2007/07/07 05:39:34 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + + +#include "config.h" +#include "global.h" +#include "utils.h" +#include "utils_no_qt.h" + +#include "ObjectManipulator.h" +#include "ObjectEditor.h" +#include "ObjectTreeViewItem.h" +#include "ObjectTreeView.h" +#include "FWObjectClipboard.h" +#include "FWObjectPropertiesFactory.h" +#include "FWBSettings.h" +#include "listOfLibraries.h" +#include "newFirewallDialog.h" +#include "newHostDialog.h" +#include "findDialog.h" +#include "newGroupDialog.h" +#include "FindObjectWidget.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + + +#include "DialogFactory.h" +#include "FWBTree.h" +#include "FWWindow.h" +#include "ConfirmDeleteObjectDialog.h" + +#include "fwbuilder/Library.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Host.h" +#include "fwbuilder/Network.h" +#include "fwbuilder/IPv4.h" +#include "fwbuilder/DNSName.h" +#include "fwbuilder/AddressTable.h" +#include "fwbuilder/AddressRange.h" +#include "fwbuilder/ObjectGroup.h" + +#include "fwbuilder/Resources.h" +#include "fwbuilder/FWReference.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/RuleSet.h" +#include "fwbuilder/RuleElement.h" + +#ifdef USE_INTERFACE_POLICY +# include "fwbuilder/InterfacePolicy.h" +#endif + +#include "fwbuilder/CustomService.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/ServiceGroup.h" +#include "fwbuilder/TagService.h" + +#include "fwbuilder/Interval.h" +#include "fwbuilder/IntervalGroup.h" +#include "fwbuilder/Management.h" + +#include +#include + +using namespace std; +using namespace libfwbuilder; + +#define OBJTREEVIEW_WIDGET_NAME "ObjTreeView" + + +HistoryItem::~HistoryItem() {} + +ObjectManipulator::~ObjectManipulator() +{ + delete m_objectManipulator; +} + +ObjectManipulator::ObjectManipulator( QWidget *parent ): QWidget(parent) +{ + m_objectManipulator = new Ui::ObjectManipulator_q; + m_objectManipulator->setupUi(this); + setObjectName(tr("Object Manipulator")); + + treeWidth = -1; + treeHeight = -1; + currentObj = NULL; + active = false; + current_tree_view=NULL; + +// setFocusPolicy( QWidget::StrongFocus ); + +/* Adding pop-down menu to the button "New" */ + + QString icon_path=":/Icons/"; + + QMenu* newObjectPopup = new QMenu( this ); + + newObjectPopup->addAction(QIcon(icon_path+Library::TYPENAME+"/icon-tree"), tr( "New &Library" ), this, SLOT( newLibrary() )); + + newObjectPopup->addSeparator(); + + newObjectPopup->addAction(QIcon(icon_path+Firewall::TYPENAME+"/icon-tree"), tr( "New &Firewall" ), this, SLOT( newFirewall() )); + newObjectPopup->addAction(QIcon(icon_path+Host::TYPENAME+"/icon-tree"), tr( "New &Host" ), this, SLOT( newHost() )); + newObjectPopup->addAction(QIcon(icon_path+Interface::TYPENAME+"/icon-tree"), tr( "New &Interface" ), this, SLOT( newInterface() )); + newObjectPopup->addAction(QIcon(icon_path+Network::TYPENAME+"/icon-tree"), tr( "New &Host" ), this, SLOT( newNetwork() )); + newObjectPopup->addAction(QIcon(icon_path+IPv4::TYPENAME+"/icon-tree"), tr( "New &Address" ), this, SLOT( newAddress() )); + newObjectPopup->addAction(QIcon(icon_path+DNSName::TYPENAME+"/icon-tree"), tr( "New &DNS Name" ), this, SLOT( newDNSName() )); + newObjectPopup->addAction(QIcon(icon_path+AddressTable::TYPENAME+"/icon-tree"), tr( "New A&ddress Table" ), this, SLOT( newAddressTable() )); + newObjectPopup->addAction(QIcon(icon_path+AddressRange::TYPENAME+"/icon-tree"), tr( "New Address &Range" ), this, SLOT( newAddressRange() )); + newObjectPopup->addAction(QIcon(icon_path+ObjectGroup::TYPENAME+"/icon-tree"), tr( "New &Object Group" ), this, SLOT( newObjectGroup() )); + newObjectPopup->addSeparator(); + newObjectPopup->addAction(QIcon(icon_path+CustomService::TYPENAME+"/icon-tree"), tr( "New &Custom Service" ), this, SLOT( newCustom() )); + newObjectPopup->addAction(QIcon(icon_path+IPService::TYPENAME+"/icon-tree"), tr( "New &IP Service" ), this, SLOT( newIP() )); + newObjectPopup->addAction(QIcon(icon_path+ICMPService::TYPENAME+"/icon-tree"), tr( "New IC&MP Service" ), this, SLOT( newICMP() )); + newObjectPopup->addAction(QIcon(icon_path+TCPService::TYPENAME+"/icon-tree"), tr( "New &TCP Serivce" ), this, SLOT( newTCP() )); + newObjectPopup->addAction(QIcon(icon_path+UDPService::TYPENAME+"/icon-tree"), tr( "New &UDP Service" ), this, SLOT( newUDP() )); + newObjectPopup->addAction(QIcon(icon_path+TagService::TYPENAME+"/icon-tree"), tr( "New &TagService" ), this, SLOT( newTagService() )); + newObjectPopup->addAction(QIcon(icon_path+ServiceGroup::TYPENAME+"/icon-tree"), tr( "New &Service Group" ), this, SLOT( newServiceGroup() )); + newObjectPopup->addSeparator(); + newObjectPopup->addAction(QIcon(icon_path+Interval::TYPENAME+"/icon-tree"), tr( "New Ti&me Interval" ), this, SLOT( newInterval() )); + +// QToolButton *btn = (QToolButton*)toolBar->child("newObjectAction_action_button"); + + m_objectManipulator->newButton->setMenu( newObjectPopup ); + +#if defined(Q_WS_X11) +/* do something that makes sense only on X11 */ + +#elif defined(Q_OS_WIN32) || defined(Q_OS_CYGWIN) +/* do something that only works on windows */ + +#elif defined(Q_OS_MAC) + +#endif + +// backwardAction->setEnabled( false ); + +// setMinimumSize( QSize( 0, 174 ) ); +// splitter3->setMinimumSize( QSize( 0, 118 ) ); +// treeFrame->setMinimumSize( QSize( 200, 0 ) ); +// splitter3->setResizeMode( treeFrame, QSplitter::KeepSize ); +} + + +QString ObjectManipulator::getTreeLabel( FWObject *obj ) +{ + QString name; + + if (Interface::isA(obj)) + { + name=Interface::constcast(obj)->getLabel().c_str(); + if (name=="") name=QString::fromUtf8(obj->getName().c_str()); + QString q; + if (Interface::constcast(obj)->isDyn()) q=" dyn"; + if (Interface::constcast(obj)->isUnnumbered()) q=" unnum"; + if (Interface::constcast(obj)->isBridgePort()) q=" bridge port"; + if (Interface::constcast(obj)->isExt()) q=q+" ext"; + if (Interface::constcast(obj)->isUnprotected())q=q+" unp"; + if (q!="") name=name+" ("+q+")"; + } + else + { + name=QString::fromUtf8(obj->getName().c_str()); + if (Library::isA(obj) && obj->isReadOnly()) + name=name+QObject::tr(" ( read only )"); + } + +#if 0 + if (name=="") + { // no name, use type description string instead + name= Resources::global_res->getObjResourceStr(obj,"description").c_str(); + } +#endif + return name; +} + +ObjectTreeViewItem* ObjectManipulator::insertObject( ObjectTreeViewItem *itm, + FWObject *obj ) +{ + if (FWReference::cast(obj)!=NULL) return NULL; + if (Resources::global_res->getObjResourceBool(obj,"hidden") ) return NULL; + if (RuleSet::cast(obj)!=NULL) return NULL; + + ObjectTreeViewItem *nitm=NULL; + + QString icn_filename; + + if (FWBTree::isSystem(obj)) icn_filename=":/Icons/folder1.png"; + else + icn_filename=(":/Icons/"+obj->getTypeName()+"/icon-tree").c_str(); + //icn_filename=Resources::global_res->getObjResourceStr(obj, "icon-tree").c_str(); + + if (obj->getBool("ro")) icn_filename = ":/Icons/lock.png"; + + if (Resources::global_res->getResourceBool( + string("/FWBuilderResources/Type/") + + obj->getTypeName() + "/hidden") ) return NULL; + + nitm=new ObjectTreeViewItem( itm ); + nitm->setLib(""); + nitm->setText( 0, getTreeLabel(obj) ); + QPixmap pm; + if ( ! QPixmapCache::find( icn_filename, pm) ) + { + pm.load( icn_filename ); + QPixmapCache::insert( icn_filename, pm); + } + nitm->setIcon( 0, QIcon(pm) ); + nitm->setIcon( 1, QIcon(pm) ); + nitm->setFlags(nitm->flags() | Qt::ItemIsDragEnabled); + + nitm->setProperty("id", obj->getId().c_str() ); + nitm->setProperty("type", obj->getTypeName().c_str() ); + nitm->setFWObject( obj ); + + allItems[obj] = nitm; + + return nitm; +} + + +void ObjectManipulator::insertSubtree( ObjectTreeViewItem *itm, + FWObject *obj ) +{ + ObjectTreeViewItem *nitm = insertObject(itm, obj); + + if (nitm==NULL) return; + if ( FWBTree::isSystem(obj) ) nitm->setExpanded( st->getExpandTree() ); + + for (list::iterator m=obj->begin(); m!=obj->end(); m++) + { + FWObject *o1=*m; + if (FWReference::cast(o1)!=NULL) continue; + insertSubtree( nitm, o1 ); + } +} + +void ObjectManipulator::showDeletedObjects(bool f) +{ + try + { + FWObject *dobj = mw->db()->findInIndex( FWObjectDatabase::getDeletedObjectsId()); + + if (fwbdebug) + qDebug("ObjectManipulator::showDeletedObjects f=%d dobj=%p",f, dobj); + + if (dobj==NULL) + { + dobj=mw->db()->create(Library::TYPENAME); + dobj->setId(mw->db()->getDeletedObjectsId()); + dobj->setName("Deleted Objects"); + dobj->setReadOnly(false); + mw->db()->add(dobj); + } + + int idx = getIdxForLib(dobj); + + if (fwbdebug) + qDebug("ObjectManipulator::showDeletedObjects idx=%d",idx); + + if (f) + { + if (idx>=0) return; + addTreePage( dobj ); + openLib( dobj ); + } else + { + if (idx<0) return; + + QTreeWidget *otv = idxToTrees[idx]; + + if (fwbdebug) + qDebug("ObjectManipulator::showDeletedObjects otv=%p",otv); + + assert(otv!=NULL); + m_objectManipulator->widgetStack->removeWidget( otv ); + removeLib(idx); + } + } + catch(FWException &ex) + { +/* we get exception if file is opened read-only and there is no "deleted + * objects" library yet + */ + } +} + +void ObjectManipulator::removeObjectFromTreeView(FWObject *obj ) +{ + QTreeWidget *objTreeView = idxToTrees[ getIdxForLib(getCurrentLib()) ]; + dynamic_cast(objTreeView)->clearLastSelected(); + + ObjectTreeViewItem *itm = allItems[obj]; + allItems[obj]=NULL; +// allItems.erase(obj); + + itm->parent()->takeChild( itm->parent()->indexOfChild(itm) ); + delete itm; +} + +void ObjectManipulator::updateLibColor(FWObject *lib) +{ + QTreeWidget *objTreeView = idxToTrees[ getIdxForLib(lib) ]; + + QString clr=lib->getStr("color").c_str(); + if (clr=="" || clr=="#000000" || clr=="black") clr="#FFFFFF"; + + QPalette palette = objTreeView->palette(); + palette.setColor(QPalette::Active, QPalette::Base, QColor( clr )); + objTreeView->setPalette(palette); +} + +int ObjectManipulator::getIdxForLib(FWObject* lib) +{ + for (int i=0; ilibs->count(); i++) + if ( idxToLibs[i]->getId() == lib->getId() ) return i; + + return -1; +} + +void ObjectManipulator::updateLibName(FWObject *lib) +{ + int oldidx = getIdxForLib(lib); + QTreeWidget *objTreeView = idxToTrees[oldidx]; + QString newlibname = QString::fromUtf8(lib->getName().c_str()); + + if (m_objectManipulator->libs->itemText(oldidx)!=newlibname) + { + removeLib(oldidx); +// libs->removeItem( oldidx ); +// idxToLibs.erase(oldidx); +// idxToTrees.erase(oldidx); + + addLib(lib,objTreeView); + + } +} + + +/* + * TODO: make this signal/slot. Dialogs just emit signal + * 'updateObject_sign', which objectManipulator should have connected + * to its slot which would do what updateObjName does now, and more. + */ +void ObjectManipulator::updateObjName(FWObject *obj, + const QString &oldName, + bool askForAutorename) +{ + info(); // need to update info in case user edited comments and other attributes. + + if (oldName == obj->getName().c_str()) return; + + if (obj!=currentObj) openObject(obj); + + QTreeWidgetItem *itm = allItems[obj]; + assert(itm!=NULL); + + if (fwbdebug) + { + qDebug("ObjectManipulator::updateObjName changing name %s -> %s", + oldName.toLatin1().constData(), QString::fromUtf8(obj->getName().c_str()).toLatin1().constData()); + } + + if ((QString::fromUtf8(obj->getName().c_str())!=oldName) && + (Host::isA(obj) || Firewall::isA(obj) || Interface::isA(obj))) + { + if (fwbdebug) + qDebug("ObjectManipulator::updateObjName autorename"); + autorename(obj,askForAutorename); + if (fwbdebug) + qDebug("ObjectManipulator::updateObjName autorename done"); + } + + itm->setText(0, getTreeLabel( obj ) ); + + if (!Library::isA(obj)) itm->parent()->sortChildren(0, Qt::AscendingOrder); + +/* need to update name of the firewall in the drop-down list */ + if (Firewall::isA(obj)) + { + mw->updateFirewallName(obj,oldName); + } + + // reopenFirewalls is called from FirewallDialog::applyChanges() + //if (QString::fromUtf8(obj->getName().c_str())!=oldName) + //{ + // QTimer::singleShot( 0, mw, SLOT(reopenFirewall()) ); + //} + + +} + +/* + * variant specifically used for interfaces that have name and a label + */ +void ObjectManipulator::updateObjName(FWObject *obj, + const QString &oldName, + const QString &oldLabel, + bool askForAutorename) +{ + if (obj!=currentObj) openObject(obj); + + QTreeWidgetItem *itm = allItems[obj]; + assert(itm!=NULL); + + if (fwbdebug) + { + qDebug("ObjectManipulator::updateObjName changing name %s -> %s", + oldName.toLatin1().constData(), QString::fromUtf8(obj->getName().c_str()).toLatin1().constData()); + } + + if ((QString::fromUtf8(obj->getName().c_str())!=oldName) && Interface::isA(obj)) + autorename(obj,askForAutorename); + + itm->setText(0, getTreeLabel( obj ) ); + itm->parent()->sortChildren(0, Qt::AscendingOrder);//(); + + Interface *i = Interface::cast(obj); + if ((i!=NULL && i->getLabel()!=oldLabel.toLatin1().constData()) || + (QString::fromUtf8(obj->getName().c_str())!=oldName)) + { + //mw->reopenFirewall(); + mw->scheduleRuleSetRedraw(); + } + + info(); // need to update info in case user edited comments and other attributes. +} + +void ObjectManipulator::autorename(FWObject *obj,bool ask) +{ + if (Host::isA(obj) || Firewall::isA(obj)) + { + if (!ask || QMessageBox::warning( + this,"Firewall Builder", + tr( +"The name of the object '%1' has changed. The program can also\n" +"rename IP address objects that belong to this object,\n" +"using standard naming scheme 'host_name:interface_name:ip'.\n" +"This makes it easier to distinguish what host or a firewall\n" +"given IP address object belongs to when it is used in \n" +"the policy or NAT rule. The program also renames MAC address\n" +"objects using scheme 'host_name:interface_name:mac'.\n" +"Do you want to rename child IP and MAC address objects now?\n" +"(If you click 'No', names of all address objects that belong to\n" +"%1 will stay the same.)") + .arg(QString::fromUtf8(obj->getName().c_str())) + .arg(QString::fromUtf8(obj->getName().c_str())), + tr("&Yes"), tr("&No"), QString::null, + 0, 1 )==0 ) + { + list il = obj->getByType(Interface::TYPENAME); + for (list::iterator i=il.begin(); i!=il.end(); ++i) + { + autorename(*i,IPv4::TYPENAME,"ip"); + autorename(*i,physAddress::TYPENAME,"mac"); + } + } + } + + if (Interface::isA(obj)) + { + if (!ask || QMessageBox::warning( + this,"Firewall Builder", + tr( +"The name of the interface '%1' has changed. The program can also\n" +"rename IP address objects that belong to this interface,\n" +"using standard naming scheme 'host_name:interface_name:ip'.\n" +"This makes it easier to distinguish what host or a firewall\n" +"given IP address object belongs to when it is used in \n" +"the policy or NAT rule. The program also renames MAC address\n" +"objects using scheme 'host_name:interface_name:mac'.\n" +"Do you want to rename child IP and MAC address objects now?\n" +"(If you click 'No', names of all address objects that belong to\n" +"%1 will stay the same.)") + .arg(QString::fromUtf8(obj->getName().c_str())) + .arg(QString::fromUtf8(obj->getName().c_str())), + tr("&Yes"), tr("&No"), QString::null, + 0, 1 )==0 ) + { + autorename(obj,IPv4::TYPENAME,"ip"); + autorename(obj,physAddress::TYPENAME,"mac"); + } + } +} + +void ObjectManipulator::autorename(FWObject *obj, + const string &objtype, + const string &namesuffix) +{ + FWObject *hst = obj->getParent(); + list ol = obj->getByType(objtype); + int sfxn = 1; + + for (list::iterator j=ol.begin(); j!=ol.end(); ++j,sfxn++) + { + QString sfx; + if (ol.size()==1) sfx=""; + else sfx.setNum(sfxn); + QString nn = QString("%1:%2:%3%4") + .arg(QString::fromUtf8(hst->getName().c_str())) + .arg(QString::fromUtf8(obj->getName().c_str())) + .arg(namesuffix.c_str()) + .arg(sfx); + + (*j)->setName(string(nn.toUtf8())); + QTreeWidgetItem *itm1 = allItems[ *j ]; + assert(itm1!=NULL); + itm1->setText(0, getTreeLabel( *j ) ); + itm1->parent()->sortChildren(0, Qt::AscendingOrder);//(); + } + ol.clear(); +} + +void ObjectManipulator::clearObjects() +{ + if (fwbdebug) qDebug("ObjectManipulator::clearObjects start"); + + invalidateDialog(); + while (history.size()!=0) history.pop(); + + if (fwbdebug) qDebug("ObjectManipulator::clearObjects history size: %d", + history.size()); + + int N=m_objectManipulator->libs->count(); + + if (fwbdebug) qDebug("ObjectManipulator::clearObjects %d libs", N); + + for (int i=N-1; i>=0; i--) + { + QTreeWidget *otv = idxToTrees[i]; + assert(otv!=NULL); + m_objectManipulator->widgetStack->removeWidget( otv ); + delete otv; + removeLib(i); + } + + if (fwbdebug) qDebug("ObjectManipulator::clearObjects idxToLibs size: %d", + idxToLibs.size()); + if (fwbdebug) qDebug("ObjectManipulator::clearObjects idxToTrees size: %d", + idxToTrees.size()); + + idxToLibs.clear(); + idxToTrees.clear(); + + if (fwbdebug) qDebug("ObjectManipulator::clearObjects done"); +} + +void ObjectManipulator::loadObjects() +{ + loadObjects( mw->db() ); +} + +void ObjectManipulator::loadObjects(FWObjectDatabase *) +{ + if (fwbdebug) qDebug("ObjectManipulator::loadObjects start"); + + if (m_objectManipulator->libs->count()!=0) clearObjects(); + + FWObject *firstUserLib=NULL; + list ll = mw->db()->getByType( Library::TYPENAME ); + +// ll.sort(FWObjectNameCmpPredicate()); + + for (FWObject::iterator i=ll.begin(); i!=ll.end(); i++) + { + FWObject *lib = (*i); + + if (fwbdebug) + qDebug("ObjectManipulator::loadObjects lib %p %s %s", + lib, lib->getId().c_str(), lib->getName().c_str() ); + + if ( lib->getId()==DELETED_LIB && + ! st->getBool("UI/ShowDeletedObjects")) continue; + + if ( lib->getId()!=STANDARD_LIB && + lib->getId()!=TEMPLATE_LIB && + firstUserLib==NULL) firstUserLib=*i; + + addTreePage( lib ); + + if (fwbdebug) qDebug("ObjectManipulator::loadObjects added lib %s", + lib->getName().c_str()); + } + + if (firstUserLib==NULL) firstUserLib=ll.front(); + openLib( firstUserLib ); +} + +void ObjectManipulator::addLib( FWObject *lib,QTreeWidget* otv) +{ + QString newlibname = QString::fromUtf8(lib->getName().c_str()); + int N = m_objectManipulator->libs->count(); + int idx = 0; + vector::iterator i1=idxToLibs.begin(); + vector::iterator i2=idxToTrees.begin(); + for ( ; idxlibs->itemText(idx) > newlibname ) break; + + string icn=":/Icons/"+lib->getTypeName()+"/icon-tree"; + //Resources::global_res->getObjResourceStr(lib,"icon-tree").c_str(); + QPixmap pm; + if ( ! QPixmapCache::find( icn.c_str(), pm) ) + { + pm.load( icn.c_str() ); + QPixmapCache::insert( icn.c_str(), pm); + } + m_objectManipulator->libs->insertItem( idx, pm, newlibname); +// idx=libs->count()-1; + + m_objectManipulator->libs->setCurrentIndex(idx); + + idxToLibs.insert(i1,lib); + if (otv!=NULL) idxToTrees.insert(i2,otv); + +} + +void ObjectManipulator::addTreePage( FWObject *lib) +{ + if (fwbdebug) qDebug("Object Manipulator::addTreePage"); + + ObjectTreeView *objTreeView = new ObjectTreeView( m_objectManipulator->widgetStack, + OBJTREEVIEW_WIDGET_NAME ); + + addLib(lib,objTreeView); + + QSizePolicy policy(QSizePolicy::Expanding, QSizePolicy::Expanding); + policy.setHorizontalStretch(0); + policy.setVerticalStretch(0); + policy.setHeightForWidth(objTreeView->sizePolicy().hasHeightForWidth()); + + objTreeView->setSizePolicy(policy); + + m_objectManipulator->widgetStack->addWidget( objTreeView ); + m_objectManipulator->widgetStack->show(); + objTreeView->show(); + +// objTreeView->setSelectionMode( QListView::Extended ); + + updateLibColor( lib ); +// updateLibName( lib ); + + //objTreeView->setContextMenuPolicy( Qt::CustomContextMenu ); + + connect(m_objectManipulator->widgetStack, SIGNAL( currentChanged(int) ), + this, SLOT( currentTreePageChanged(int) ) ); + + connect(objTreeView,SIGNAL( editCurrentObject_sign() ), + this, SLOT( editSelectedObject()) ); + + connect(objTreeView,SIGNAL( editCurrentObject_sign() ), + this, SLOT( editSelectedObject()) ); + + connect(objTreeView,SIGNAL( switchObjectInEditor_sign(libfwbuilder::FWObject*) ), + this, SLOT( switchObjectInEditor(libfwbuilder::FWObject*)) ); + + connect( objTreeView, SIGNAL( deleteObject_sign(libfwbuilder::FWObject*) ), + this, SLOT( deleteObj() ) ); + + connect( objTreeView, SIGNAL( objectDropped_sign(libfwbuilder::FWObject*) ), + this, SLOT( openObject(libfwbuilder::FWObject*) ) ); + + connect( objTreeView, SIGNAL( contextMenuRequested_sign(const QPoint&) ), + this, SLOT( contextMenuRequested(const QPoint&) ) ); + + connect( objTreeView, SIGNAL( currentItemChanged(QTreeWidgetItem*,QTreeWidgetItem*) ), + this, SLOT( selectionChanged(QTreeWidgetItem*) ) ); + + + ObjectTreeViewItem *itm1=new ObjectTreeViewItem( objTreeView ); + + itm1->setLib(""); + itm1->setExpanded(TRUE); + +/* need to enable dragging in order to avoid object highlighting in + * the tree when user drags mouse cursor */ + + itm1->setFlags(itm1->flags() | Qt::ItemIsDragEnabled); + + itm1->setText( 0 , getTreeLabel( lib ) ); + if (lib->isReadOnly()) + { + QPixmap pm; + if ( ! QPixmapCache::find( ":/Icons/lock.png", pm) ) + { + pm.load( ":/Icons/lock.png" ); + QPixmapCache::insert( ":/Icons/lock.png", pm); + } + itm1->setIcon(0, pm ); + } else + { + string icn=":/Icons/"+lib->getTypeName()+"/icon-tree"; + //Resources::global_res->getObjResourceStr(lib,"icon-tree").c_str(); + QPixmap pm; + if ( ! QPixmapCache::find( icn.c_str(), pm) ) + { + pm.load( icn.c_str() ); + QPixmapCache::insert( icn.c_str(), pm); + } + itm1->setIcon( 0, pm); + } + + itm1->setProperty("id", lib->getId().c_str() ); + itm1->setProperty("type", lib->getTypeName().c_str() ); + itm1->setFWObject( lib ); + allItems[lib] = itm1; + +// objTreeView->setSelected( itm1, true ); + + for (list::iterator m=lib->begin(); m!=lib->end(); m++) + insertSubtree( itm1, (*m) ); + objTreeView->updateTreeItems(); + objTreeView->sortByColumn(0,Qt::AscendingOrder); +} + +void ObjectManipulator::removeLib(FWObject* lib) +{ + removeLib( getIdxForLib(lib) ); +} + +void ObjectManipulator::removeLib(int id) +{ + int N = m_objectManipulator->libs->count(); + int idx = 0; + vector::iterator i1=idxToLibs.begin(); + vector::iterator i2=idxToTrees.begin(); + for ( ; idxlibs->removeItem( idx ); + idxToLibs.erase(i1); + idxToTrees.erase(i2); + } + } +} + +void ObjectManipulator::currentTreePageChanged(int i) +{ + QWidget *w = m_objectManipulator->widgetStack->widget(i); + switchingTrees(w); +} + +void ObjectManipulator::switchingTrees(QWidget* w) +{ + ObjectTreeView *new_otv = dynamic_cast(w); + + if (fwbdebug) + qDebug("ObjectManipulator::switchingTrees current_otv=%p new_otv=%p", + (void*)(current_tree_view),(void*)(new_otv)); + + if (!new_otv) + return;//assert(new_otv) + + + if (current_tree_view!=NULL) current_tree_view->becomingHidden(); + new_otv->becomingVisible(); + current_tree_view = new_otv; + +} + +void ObjectManipulator::makeNameUnique(FWObject* parent,FWObject* obj) +{ + int suffix=1; + QString basename=QString::fromUtf8(obj->getName().c_str()); + QString newname=basename; + +/* check if there is another object with the same name */ + while (parent->findObjectByName(obj->getTypeName(),newname.toLatin1().constData())!=NULL) + { +/* there is a duplicate */ + newname=QString("%1-%2").arg(basename).arg(suffix); + suffix++; + } + obj->setName(string(newname.toUtf8())); +} + +void ObjectManipulator::contextMenuRequested(const QPoint &pos) +{ +/* in extended selection mode there may be several selected items */ + + QTreeWidget *objTreeView = getCurrentObjectTree(); + QTreeWidgetItem *item = objTreeView->itemAt(pos);//clicked item + + if (fwbdebug) + qDebug("ObjectManipulator::contextMenu selectedObjects.size=%d", + getCurrentObjectTree()->getNumSelected()); + + ObjectTreeViewItem *otvi=dynamic_cast(item); + if (otvi==NULL) return; // happens when user clicks outside an item + + if (!getCurrentObjectTree()->isSelected(otvi->getFWObject())) + openObject( otvi , true ); + + if (currentObj==NULL) currentObj=otvi->getFWObject(); + + QMenu *popup=new QMenu(this); + + QAction *edtID =popup->addAction( tr("Edit"), this, SLOT( editSelectedObject())); + + QMenu *duptargets = new QMenu(popup); + QMenu *movetargets = new QMenu(popup); + + connect ( movetargets, SIGNAL ( triggered(QAction*) ), + this, SLOT( moveObj(QAction*) ) ); + connect ( duptargets, SIGNAL ( triggered(QAction*) ), + this, SLOT( duplicateObj(QAction*) ) ); + +/* we add " ... to library ..." submenu to the "Move " menu item only + * if user did not select a library, or if they selected several + * objects. Method moveObj knows that library should not be moved + * into another library. + */ + bool libSelected = + (getCurrentObjectTree()->getNumSelected()==1 && + Library::isA(getCurrentObjectTree()->getSelectedObjects().front())); + + int libid = 0; + + FWObject *cl=getCurrentLib(); + int moveTargets=0; + vector::iterator i; + for (i=idxToLibs.begin(); i!=idxToLibs.end(); ++i,++libid) + { + FWObject *lib = *i; + + /* can't move to the same library. Will use menu item 'create + * here' to duplicate to the same library + */ + if (lib==cl) continue; + + if ( lib->getId()==STANDARD_LIB || + lib->getId()==TEMPLATE_LIB || + lib->getId()==DELETED_LIB || + lib->isReadOnly()) + continue; + QAction* dact=duptargets->addAction( + tr("place in library %1").arg(QString::fromUtf8(lib->getName().c_str()))/*,this, SLOT( duplicateObj(libid))*/ + ); + + //duptargets->connectItem( did, this, SLOT( duplicateObj(int)) ); replaced with preprevious string + //duptargets->setItemParameter(did, libid ); replaced with next: + dact->setData(libid); + + if (!libSelected) + { + QAction* mact=movetargets->addAction( + tr("to library %1").arg(QString::fromUtf8(lib->getName().c_str()))); + + mact->setData(libid); + + moveTargets++; + } + } + + duptargets->addAction(tr("place here"), this, SLOT( duplicateObjUnderSameParent())); + + QAction *dupID = duptargets->addAction( tr("Duplicate ...") ); + QAction *movID; + + if (moveTargets!=0) + { + movID=movetargets->addAction( tr("Move ...") ); + } else + { + movID=popup->addAction( tr("Move ...") ); + movID->setData(-1); + } + + + popup->addSeparator(); + + QAction *copyID = popup->addAction( tr("Copy") , this , + SLOT( copyObj() ) ); + QAction *cutID =popup->addAction( tr("Cut") , this , + SLOT( cutObj() ) ); + QAction *pasteID =popup->addAction( tr("Paste") , this , + SLOT( pasteObj() ) ); + + popup->addSeparator(); + + QAction * delID =popup->addAction( tr("Delete") , this , + SLOT( deleteObj() ) ); + + QAction *newID1=NULL; + QAction *newID2=NULL; + + if (getCurrentObjectTree()->getNumSelected()==1) + { + popup->addSeparator(); + + if ( (Firewall::isA(currentObj) || Host::isA(currentObj)) && + ! currentObj->isReadOnly() ) + newID1=popup->addAction( tr("Add Interface"), this , + SLOT( newInterface() ) ); + + if (Interface::isA(currentObj) && ! currentObj->isReadOnly()) + { + newID1=popup->addAction( tr("Add IP Address"), this , + SLOT( newInterfaceAddress() ) ); + newID2=popup->addAction( tr("Add MAC Address"), this , + SLOT( newPhysicalAddress() ) ); + } + + if (currentObj->getPath(true)=="Firewalls") + newID1=popup->addAction( tr("New Firewall"), this , + SLOT( newFirewall() ) ); + + if (currentObj->getPath(true)=="Objects/Addresses") + { + newID1=popup->addAction( tr("New Address"), this , + SLOT( newAddress() ) ); + } + if (currentObj->getPath(true)=="Objects/DNS Names") + { + newID1=popup->addAction( tr("New DNS Name"), this , + SLOT( newDNSName() ) ); + } + + if (currentObj->getPath(true)=="Objects/Address Tables") + { + newID1=popup->addAction( tr("New Address Table"), this , + SLOT( newAddressTable() ) ); + } + + if (currentObj->getPath(true)=="Objects/Address Ranges") + newID1=popup->addAction( tr("New Address Range"), this , + SLOT( newAddressRange() ) ); + + if (currentObj->getPath(true)=="Objects/Hosts") + newID1=popup->addAction( tr("New Host"), this , + SLOT( newHost() ) ); + + if (currentObj->getPath(true)=="Objects/Networks") + newID1=popup->addAction( tr("New Network"), this , + SLOT( newNetwork() ) ); + + if (currentObj->getPath(true)=="Objects/Groups") + newID1=popup->addAction( tr("New Group"), this , + SLOT( newObjectGroup() ) ); + + if (currentObj->getPath(true)=="Services/Custom") + newID1=popup->addAction( tr("New Custom Service"),this , + SLOT( newCustom() ) ); + + if (currentObj->getPath(true)=="Services/IP") + newID1=popup->addAction( tr("New IP Service"), this , + SLOT( newIP() ) ); + + if (currentObj->getPath(true)=="Services/ICMP") + newID1=popup->addAction( tr("New ICMP Service"), this , + SLOT( newICMP() ) ); + + if (currentObj->getPath(true)=="Services/TCP") + newID1=popup->addAction( tr("New TCP Service"), this , + SLOT( newTCP() ) ); + + if (currentObj->getPath(true)=="Services/UDP") + newID1=popup->addAction( tr("New UDP Service"), this , + SLOT( newUDP() ) ); + + if (currentObj->getPath(true)=="Services/TagServices") + newID1=popup->addAction( tr("New TagService"), this , + SLOT( newTagService() ) ); + + if (currentObj->getPath(true)=="Services/Groups") + newID1=popup->addAction( tr("New Group"), this , + SLOT( newServiceGroup() ) ); + + if (currentObj->getPath(true)=="Time") + newID1=popup->addAction( tr("New Time Interval"), this , + SLOT( newInterval() ) ); + + popup->addSeparator(); + popup->addAction( tr("Find") , this , SLOT( findObject())); + popup->addAction( tr("Where used") , this , SLOT( findWhereUsedSlot())); +/* + if (Firewall::cast(currentObj)!=NULL) + { + popup->addSeparator(); + popup->addAction( tr("Compile") , this , SLOT( compile())); + popup->addAction( tr("Install") , this , SLOT( install())); + } + */ + } else + { + + popup->addAction( tr("Group"), this , + SLOT( groupObjects() ) ); + + } + + if (Firewall::cast(currentObj)!=NULL || ObjectGroup::cast(currentObj)!=NULL) + { + popup->addSeparator(); + popup->addAction( tr("Compile") , this , SLOT( compile())); + popup->addAction( tr("Install") , this , SLOT( install())); + +// popup->addSeparator(); +// popup->addAction( tr("Simulate install") , this , SLOT( simulateInstall())); + } + + popup->addSeparator(); + QAction* lcID=popup->addAction( tr("Lock"), this , + SLOT( lockObject() ) ); + QAction* unlcID=popup->addAction( tr("Unlock"), this , + SLOT( unlockObject() ) ); + lcID->setEnabled(getCurrentObjectTree()->isLockable()); + unlcID->setEnabled(getCurrentObjectTree()->isUnlockable()); + + if (fwbdebug) + { +/* keep this for debugging */ + popup->addSeparator(); + popup->addAction( tr("dump") , this , SLOT( dumpObj())); + } + + if (getCurrentObjectTree()->getNumSelected()==1) + { + edtID->setEnabled(! FWBTree::isSystem(currentObj) ); + } else + edtID->setEnabled(false); + + bool dupMenuItem=true; + bool moveMenuItem=true; + bool copyMenuItem=true; + bool pasteMenuItem=true; + bool delMenuItem=true; + bool newMenuItem=true; + bool inDeletedObjects = false; + + getMenuState( (moveTargets>0), + dupMenuItem,moveMenuItem,copyMenuItem,pasteMenuItem, + delMenuItem,newMenuItem,inDeletedObjects); + + dupID->setEnabled(dupMenuItem); + movID->setEnabled(moveMenuItem); + copyID->setEnabled(copyMenuItem); + pasteID->setEnabled(pasteMenuItem); + + cutID->setEnabled(copyMenuItem); + delID->setEnabled(delMenuItem); + + if (newID1) + newID1->setEnabled(newMenuItem); + if (newID2) + newID2->setEnabled(newMenuItem); + + + if (inDeletedObjects) movID->setText( tr("Undelete...") ); + + popup->exec( objTreeView->mapToGlobal( pos ) ); +} + +void ObjectManipulator::getMenuState(bool haveMoveTargets, + bool &dupMenuItem, + bool &moveMenuItem, + bool ©MenuItem, + bool &pasteMenuItem, + bool &delMenuItem, + bool &newMenuItem, + bool &inDeletedObjects) +{ + dupMenuItem=true; + moveMenuItem=true; + copyMenuItem=true; + pasteMenuItem=true; + delMenuItem=true; + newMenuItem=true; + + inDeletedObjects = false; + + FWObject *delObjLib = + mw->db()->findInIndex( FWObjectDatabase::getDeletedObjectsId()); + + vector so = getCurrentObjectTree()->getSelectedObjects(); + for (vector::iterator i=so.begin(); i!=so.end(); ++i) + { + FWObject *obj= *i; + + QString objPath = obj->getPath(true).c_str(); + + copyMenuItem = copyMenuItem && FWBTree::getCopyMenuState(objPath); + pasteMenuItem = pasteMenuItem && + FWBTree::getPasteMenuState(objPath) && + (FWObjectClipboard::obj_clipboard->size()!=0); + delMenuItem = delMenuItem && FWBTree::getDeleteMenuState(objPath); + + if (pasteMenuItem) + { + /* + * enable Paste menu item only if object can be pasted + */ + vector::iterator i; + for (i= FWObjectClipboard::obj_clipboard->begin(); + i!=FWObjectClipboard::obj_clipboard->end(); ++i) + { + FWObject *co= mw->db()->findInIndex(*i); + FWObject *nobj=pasteTo( obj , co , false, true); + pasteMenuItem = pasteMenuItem && (nobj!=NULL); + } + } + + dupMenuItem= + (dupMenuItem && ! FWBTree::isSystem(obj) && ! Library::isA(obj) ); + + inDeletedObjects = (delObjLib!=NULL && obj->isChildOf(delObjLib)); + dupMenuItem = dupMenuItem && !inDeletedObjects; + +// can't move system objects + moveMenuItem = moveMenuItem && ! FWBTree::isSystem(obj); + +// can't move interfaces unless parent host object is also selected + if ( Interface::isA(obj) && + std::find(so.begin(),so.end(),obj->getParent())==so.end()) + moveMenuItem = false; + +// can't move ip addresses if parent is interface + if (IPv4::isA(obj) && Interface::isA(obj->getParent())) + moveMenuItem = false; + +// can't move physAddress objects + moveMenuItem = moveMenuItem && ! physAddress::isA(obj); + +// can't move read-only objects + moveMenuItem = moveMenuItem && ! obj->isReadOnly(); + +// can't move libraries unless in deleted objects + if (Library::isA(obj) && ! inDeletedObjects) moveMenuItem = false; + +// can't move if there is only one user-defined library in the tree +// but we dont care about number of libraries if this will become +// 'undelete' operation + if (!haveMoveTargets && ! inDeletedObjects) moveMenuItem = false; + +// copyMenuItem= (copyMenuItem && +// ! FWBTree::isSystem(currentObj) && +// ! Library::isA(currentObj)); +// delMenuItem= (delMenuItem && ! FWBTree::isSystem(currentObj)); + + newMenuItem= (newMenuItem && ! obj->isReadOnly() ); + Interface *intf = Interface::cast(obj); + if (intf && + (intf->isDyn() || + intf->isUnnumbered() || + intf->isBridgePort()) + ) + newMenuItem = false; + + } +} + +void ObjectManipulator::find() +{ + if (getCurrentObjectTree()->getNumSelected()==0) return; + + FWObject *obj=getCurrentObjectTree()->getSelectedObjects().front(); + if (obj==NULL) return; + fd->setObject( obj ); + fd->show(); +} +void ObjectManipulator::findObject() +{ + if (getCurrentObjectTree()->getNumSelected()==0) return; + + FWObject *obj=getCurrentObjectTree()->getSelectedObjects().front(); + if (obj==NULL) return; + mw->findObject( obj ); +} + +void ObjectManipulator::dumpObj() +{ + if (getCurrentObjectTree()->getNumSelected()==0) return; + + FWObject *obj=getCurrentObjectTree()->getSelectedObjects().front(); + if (obj==NULL) return; + obj->dump(false,false); +} + +void ObjectManipulator::compile() +{ + if (getCurrentObjectTree()->getNumSelected()==0) return; + + vector so = getCurrentObjectTree()->getSimplifiedSelection(); + + set fo; + filterFirewallsFromSelection(so,fo); + + //FWObject *obj=getCurrentObjectTree()->getSelectedObjects().front(); + //if (obj==NULL) return; + //mw->showFirewall(obj); + if (fwbdebug) + qDebug("ObjectManipulator::compile filtered %d firewalls",fo.size()); + mw->compile(fo); +} +void ObjectManipulator::filterFirewallsFromSelection(vector &so,set &fo) +{ + Firewall *fw; + ObjectGroup *gr; + for (vector::iterator i=so.begin(); i!=so.end(); ++i) + { + fw= Firewall::cast( *i ); + if (fw!=NULL) + { + fo.insert(fw); + continue; + } + gr=ObjectGroup::cast( *i); + if (gr!=NULL) + { + extractFirewallsFromGroup(gr,fo); + } + } + +} +void ObjectManipulator::extractFirewallsFromGroup(ObjectGroup *gr,set &fo) +{ + Firewall *f; + set oset; + mw->db()->findObjectsInGroup(gr,oset); + + set::iterator i; + for(i=oset.begin();i!=oset.end();++i) + { + f=Firewall::cast(*i); + if (f!=NULL) fo.insert(f); + } +} +void ObjectManipulator::install() +{ + if (getCurrentObjectTree()->getNumSelected()==0) return; + + //FWObject *obj=getCurrentObjectTree()->getSelectedObjects().front(); + //if (obj==NULL) return; + //mw->showFirewall(obj); + + vector so = getCurrentObjectTree()->getSimplifiedSelection(); + set fo; + filterFirewallsFromSelection(so,fo); + + + + mw->install(fo); +} + +FWObject* ObjectManipulator::duplicateObject(FWObject *targetLib, + FWObject *obj, + const QString &name, + bool askForAutorename) +{ + if (!isTreeReadWrite(this, targetLib)) return NULL; + + openLib(targetLib); + + FWObject *o=NULL; + + QString n; + if (!name.isEmpty()) n=name; + else n=QString::fromUtf8(obj->getName().c_str()); + + o=createObject(obj->getTypeName().c_str(), n, obj); + if (o) + { + openObject(o); + if (!o->isReadOnly() && (Host::isA(o) || Firewall::isA(o) || Interface::isA(o)) ) + autorename(o,askForAutorename); + } + return o; +} + +void ObjectManipulator::duplicateObj(QAction *action) +{ + int libid = action->data().toInt(); + if (getCurrentObjectTree()->getNumSelected()==0) return; + + ObjectTreeView* ot=getCurrentObjectTree(); + ot->freezeSelection(true); + FWObject *obj; + FWObject *nobj = NULL; + vector so = getCurrentObjectTree()->getSimplifiedSelection(); + for (vector::iterator i=so.begin(); i!=so.end(); ++i) + { + obj= *i; + + if ( FWBTree::isSystem(obj) || Interface::isA(obj) ) continue; + + FWObject *cl = idxToLibs[libid]; + + nobj = duplicateObject(cl,obj,"",false); + + if (nobj->getTypeName()==Firewall::TYPENAME) + { + mw->addFirewallToList(nobj); + mw->showFirewall(nobj); + } + } + editObject(nobj); + ot->freezeSelection(false); +} + +void ObjectManipulator::duplicateObjUnderSameParent() +{ + if (getCurrentObjectTree()->getNumSelected()==0) return; + + ObjectTreeView* ot=getCurrentObjectTree(); + ot->freezeSelection(true); + FWObject *obj; + FWObject *o = NULL; + vector so = getCurrentObjectTree()->getSimplifiedSelection(); + for (vector::iterator i=so.begin(); i!=so.end(); ++i) + { + obj= *i; + + o=NULL; + + QString n=QString::fromUtf8(obj->getName().c_str()); + + openObject(o=createObject(obj->getParent(), + obj->getTypeName().c_str(), n, obj)); + + if (Host::isA(o) || Firewall::isA(o) || Interface::isA(o)) + autorename(o,false); + + if (Firewall::isA(o)) + { + mw->addFirewallToList(o); + mw->showFirewall(o); + } + } + if (o!=NULL) editObject(o); + ot->freezeSelection(false); +} + +void ObjectManipulator::moveObject(FWObject *targetLib, FWObject *obj) +{ + FWObject *cl=getCurrentLib(); + if (cl==targetLib) return; + +// bool inDeletedObjects = (obj->getParent()->getId()==FWObjectDatabase::getDeletedObjectsId()); + +// QString parentType; +// QString parentName; + FWObject *grp = NULL; + + if (FWObjectDatabase::isA(targetLib)) grp = targetLib; + else + { + grp=FWBTree::getStandardSlotForObject(targetLib, + obj->getTypeName().c_str()); + } + + if (fwbdebug) + qDebug("ObjectManipulator::moveObject grp= %p", grp); + + if (grp==NULL) grp=targetLib; + + if (fwbdebug) + qDebug("ObjectManipulator::moveObject grp= %s",grp->getName().c_str()); + + if (!grp->isReadOnly()) + { + obj->ref(); + obj->ref(); + + if (fwbdebug) + qDebug("ObjectManipulator::moveObject removing from the widget"); + + ObjectTreeViewItem *itm = allItems[obj]; + if (itm->parent()==NULL) return; + + itm->parent()->takeChild(itm->parent()->indexOfChild(itm)); + + if (fwbdebug) + qDebug("ObjectManipulator::moveObject removing from the tree"); + + obj->getParent()->remove(obj); + + if (fwbdebug) + qDebug("ObjectManipulator::moveObject adding to the tree"); + + grp->add(obj); + obj->unref(); + + if (fwbdebug) + qDebug("ObjectManipulator::moveObject adding to the widget"); + + if (allItems[grp]==NULL) + { +/* adding to the root, there is not such tree item */ + if (Library::isA(obj)) + { + addTreePage(obj); + openLib(obj); + } else + { +/* it screwed up, just print debugging message */ + if (fwbdebug) + qDebug("ObjectManipulator::moveObject no place in the tree corresponding to the object %p %s",grp,grp->getName().c_str()); + } + } else + allItems[grp]->addChild(itm); + + if (Firewall::cast(obj)!=NULL) + { + mw->addFirewallToList(obj); + mw->showFirewall(obj); + } + } + +// if (fwbdebug) +// qDebug("ObjectManipulator::moveObject open lib cl %s", +// cl->getName().c_str()); +// openLib(cl); + + if (fwbdebug) + qDebug("ObjectManipulator::moveObject all done"); +} + +/* + * targetLibName is the name of the target library in Unicode + */ +void ObjectManipulator::moveObject(const QString &targetLibName, + FWObject *obj) +{ + list ll = mw->db()->getByType( Library::TYPENAME ); + for (FWObject::iterator i=ll.begin(); i!=ll.end(); i++) + { + FWObject *lib=*i; + if (targetLibName==QString::fromUtf8(lib->getName().c_str())) + { + if (fwbdebug) + qDebug("ObjectManipulator::moveObject found lib %s", + lib->getName().c_str() ); + + moveObject(lib,obj); + } + } +} + +void ObjectManipulator::moveObj(QAction* action) +{ + int libid = action->data().toInt(); + + if (getCurrentObjectTree()->getNumSelected()==0) return; + + ObjectTreeView* ot=getCurrentObjectTree(); + ot->freezeSelection(true); + FWObject *obj; + + FWObject *targetLib = idxToLibs[libid]; + + vector so = getCurrentObjectTree()->getSimplifiedSelection(); + for (vector::iterator i=so.begin(); i!=so.end(); ++i) + { + obj= *i; + + if (fwbdebug) + { + qDebug("ObjectManipulator::moveObj obj=%p obj: %s", + obj, obj->getName().c_str() ); + } + if (Library::isA(obj)) + { +/* We can only move library to the root of the tree. This case only + * happens when user tries to undelete a library. + */ + moveObject(mw->db(),obj); + } else + { + if (obj->isChildOf(targetLib)) continue; + + if ( FWBTree::isSystem(obj) || + Interface::isA(obj) || + Interface::isA(obj->getParent())) continue; + + moveObject(targetLib,obj); + } + } + ot->freezeSelection(false); +} + +void ObjectManipulator::copyObj() +{ + if (getCurrentObjectTree()->getNumSelected()==0) return; + FWObject *obj; + FWObjectClipboard::obj_clipboard->clear(); + + vector so = getCurrentObjectTree()->getSimplifiedSelection(); + + for (vector::iterator i=so.begin(); i!=so.end(); ++i) + { + obj= *i; + if ( ! FWBTree::isSystem(obj) ) + FWObjectClipboard::obj_clipboard->add( obj ); + } +} + +void ObjectManipulator::cutObj() +{ + copyObj(); + deleteObj(); // works with the list getCurrentObjectTree()->getSelectedObjects() +} + +void ObjectManipulator::pasteObj() +{ + if (getCurrentObjectTree()->getNumSelected()==0) return; + FWObject *obj=getCurrentObjectTree()->getSelectedObjects().front(); + if (obj==NULL) return; + + vector::iterator i; + for (i= FWObjectClipboard::obj_clipboard->begin(); + i!=FWObjectClipboard::obj_clipboard->end(); ++i) + { + FWObject *co= mw->db()->findInIndex(*i); + FWObject *nobj=pasteTo( obj , co ); + if (nobj!=NULL) + { + if (Firewall::isA(nobj)) mw->addFirewallToList(nobj); + if (Firewall::isA(obj)) mw->showFirewall(obj); + } + } +} + +FWObject* ObjectManipulator::pasteTo(FWObject *target,FWObject *obj, + bool openobj,bool validateOnly) +{ + FWObject *ta=target; + if (IPv4::isA(ta)) ta=ta->getParent(); + try + { +/* clipboard holds a copy of the object */ +// if (ta->getTypeName()==obj->getTypeName()) ta=ta->getParent(); + + Host *hst = Host::cast(ta); // works for firewall, too + Interface *intf = Interface::cast(ta); + + if (FWBTree::isSystem(ta)) + { + if (!FWBTree::validateForInsertion(ta,obj)) + { + if (validateOnly) return NULL; + + QMessageBox::warning( + this,"Firewall Builder", + QObject::tr("Impossible to insert object %1 (type %2) into %3\nbecause of incompatible type.") + .arg(obj->getName().c_str()) + .arg(obj->getTypeName().c_str()) + .arg(target->getName().c_str()), + "&Continue", QString::null, QString::null, + 0, 1 ); + + return obj; + } + } + + if ( FWBTree::isSystem(ta) || + (hst!=NULL && hst->validateChild(obj)) || + (intf!=NULL && intf->validateChild(obj)) + ) + { + if (validateOnly) return obj; + +/* add a copy of the object to system group */ + + FWObject *nobj= + mw->db()->create(obj->getTypeName()); + assert (nobj!=NULL); + nobj->ref(); + nobj->duplicate(obj,true); // creates new object ID + + makeNameUnique(ta,nobj); + ta->add( nobj ); + insertSubtree( allItems[ta], nobj); + + if (openobj) openObject(nobj); + + return nobj; + } + + Group *grp=Group::cast(ta); + + if (grp!=NULL && grp->validateChild(obj)) + { + if (validateOnly) return obj; + +/* check for duplicates. We just won't add an object if it is already there */ + string cp_id=obj->getId(); + list::iterator j; + for(j=grp->begin(); j!=grp->end(); ++j) + { + FWObject *o1=*j; + if(cp_id==o1->getId()) return o1; + + FWReference *ref; + if( (ref=FWReference::cast(o1))!=NULL && + cp_id==ref->getPointerId()) return o1; + } + + grp->addRef(obj); + if (openobj) openObject(grp); + } + } + catch(FWException &ex) + { + if (validateOnly) return NULL; + + QMessageBox::warning( + this,"Firewall Builder", + ex.toString().c_str(), + "&Continue", QString::null,QString::null, + 0, 1 ); + } + + if (validateOnly) return NULL; + return obj; +} + +void ObjectManipulator::lockObject() +{ + + if (fwbdebug) + qDebug("ObjectManipulator::lockObject selected %d objects ", + getCurrentObjectTree()->getNumSelected()); + + if (getCurrentObjectTree()->getNumSelected()==0) return; + + FWObject *obj; + + vector so = getCurrentObjectTree()->getSimplifiedSelection(); + for (vector::iterator i=so.begin(); i!=so.end(); ++i) + { + obj= *i; + FWObject *lib = obj->getLibrary(); + // these lbraries are locked anyway, do not let the user + // lock objects inside because they won't be able to unlock them. + if (lib->getId()!=STANDARD_LIB && lib->getId()!=TEMPLATE_LIB) + obj->setReadOnly(true); + } + getCurrentObjectTree()->setLockFlags(); + getCurrentObjectTree()->updateTreeItems(); +} + +void ObjectManipulator::unlockObject() +{ + if (fwbdebug) + qDebug("ObjectManipulator::unlockObject selected %d objects ", + getCurrentObjectTree()->getNumSelected()); + + if (getCurrentObjectTree()->getNumSelected()==0) return; + + FWObject *obj; + + vector so = getCurrentObjectTree()->getSimplifiedSelection(); + for (vector::iterator i=so.begin(); i!=so.end(); ++i) + { + obj= *i; + FWObject *lib = obj->getLibrary(); + if (lib->getId()!=STANDARD_LIB && lib->getId()!=TEMPLATE_LIB) + obj->setReadOnly(false); + } + getCurrentObjectTree()->setLockFlags(); + getCurrentObjectTree()->updateTreeItems(); +} + +void ObjectManipulator::deleteObj() +{ + if (fwbdebug) + qDebug("ObjectManipulator::deleteObj selected %d objects ", + getCurrentObjectTree()->getNumSelected()); + + if (getCurrentObjectTree()->getNumSelected()==0) return; + + FWObject *obj; + bool emptyingTrash = false; + bool emptyingTrashInLib = false; + + FWObject *delObjLib = mw->db()->findInIndex(FWObjectDatabase::getDeletedObjectsId()); + if (fwbdebug) + qDebug("ObjectManipulator::deleteObj delObjLib=%p",delObjLib); + + vector so = getCurrentObjectTree()->getSimplifiedSelection(); + + if (delObjLib!=NULL) + { + for (vector::iterator i=so.begin(); i!=so.end(); ++i) + { + obj= *i; + emptyingTrash |= obj->isChildOf(delObjLib); + } + } + + emptyingTrashInLib = emptyingTrash && mw->editingLibrary(); + +/* Ask user iff: + * + * we are emptying trash while editing library file (.fwl) + * else + * + * if we are not emptying Trash (i.e. not deleting "Deleted objects" library) + * and + * (we delete more than one object + * or + * we delete one object and it is not a library (because in this case + * we ask them later anyway)) + */ + + QString msg; + + if (emptyingTrashInLib) + { + msg = tr( + "Emptying the 'Deleted Objects' in a library file is not recommended.\n" + "When you remove deleted objects from a library file, Firewall Builder\n" + "loses ability to track them. If a group or a policy rule in some\n" + "data file still uses removed object from this library, you may encounter\n" + "unusual and unexpected behavior of the program.\n" + "Do you want to delete selected objects anyway ?" + ); + if (QMessageBox::warning( + this,"Firewall Builder", msg, + tr("&Yes"), tr("&No"), QString::null, + 0, 1 )!=0) return; + } else + { + + if (fwbdebug) + qDebug("ObjectManipulator::deleteObj emptyingTrash=%d so.size=%d so.front()->type=%s", + emptyingTrash, + so.size(), + so.front()->getTypeName().c_str() ); + + + if (!emptyingTrash && (so.size()>1 || !Library::isA(so.front()))) + { + /* + msg = tr( + "When you delete an object, it is removed from the tree and\n" + "all groups and firewall policy rules that reference it.\n" + "Do you want to delete selected objects ?" + ); + if (QMessageBox::warning( + this,"Firewall Builder", msg, + tr("&Yes"), tr("&No"), QString::null, + 0, 1 )!=0) return; + */ + QApplication::setOverrideCursor( QCursor( Qt::WaitCursor) ); + ConfirmDeleteObjectDialog * dlg= new ConfirmDeleteObjectDialog(this); + + dlg->load(so); + + QApplication::restoreOverrideCursor(); + if(dlg->exec()==QDialog::Rejected ) return; + } + } + + +/* need to work with a copy of the list of selected objects because + * some of the methods we call below clear list + * getCurrentObjectTree()->getSelectedObjects() + */ + + vector so2 = so; + + if (fwbdebug) + { + for (vector::iterator i=so2.begin(); i!=so2.end(); ++i) + { + obj= *i; + qDebug("ObjectManipulator::deleteObj will delete obj=%p ( %s %s ) ", + obj, obj->getTypeName().c_str(), obj->getName().c_str()); + } + } + + try + { + for (vector::iterator i=so2.begin(); i!=so2.end(); ++i) + { + obj= *i; + +// openObject(obj,false); + + if ( ! FWBTree::isSystem(obj) ) + { + if (Library::isA(obj)) + { + list ll=mw->db()->getByType(Library::TYPENAME); + if (ll.size()==1) return; + + if (QMessageBox::warning( + this,"Firewall Builder", + tr( +"When you delete a library, all objects that belong to it\n" +"disappear from the tree and all groups and rules that reference them.\n" +"You won't be able to reverse this operation later.\n" +"Do you still want to delete library %1?") + .arg(QString::fromUtf8(obj->getName().c_str())), + tr("&Yes"), tr("&No"), QString::null, + 0, 1 )!=0 ) continue; + } + + if (oe->isVisible() && oe->getOpened()==obj) oe->hide(); + + delObj(obj); + } + } + } + catch(FWException &ex) + { + } +} + +void ObjectManipulator::delObj(FWObject *obj,bool openobj) +{ + if (obj->getId()==STANDARD_LIB || obj->getId()==DELETED_LIB) return; + + mw->findObjectWidget->reset(); + try + { + if (fwbdebug) + qDebug("ObjectManipulator::delObj delete obj %p %s openobj=%d", + obj,obj->getName().c_str(),openobj); + + FWObject *parent=obj->getParent(); + FWObject *delObjLib = mw->db()->findInIndex( DELETED_LIB ); + + if (fwbdebug) + qDebug("ObjectManipulator::delObj deleted obj lib %p", + delObjLib); + + bool islib = Library::isA(obj); +// bool isintf = (Interface::isA(obj) && Firewall::isA(parent)); + bool isfw = Firewall::isA(obj); + bool isDelObj = (delObjLib!=NULL && obj->isChildOf(delObjLib)); + + if (!islib && !isDelObj && obj->getId()!=TEMPLATE_LIB) + updateLastModifiedTimestampForAllFirewalls(obj); + + if (fwbdebug) + qDebug("ObjectManipulator::delObj delete islib=%d isfw=%d isDelObj=%d",islib,isfw,isDelObj); + +/* + * TODO: we have to remove not only the object, but also all its child + * objects from the database, as well as all references to them. This + * logic should really be in FWObject::removeAllInstances(FWObject*); + */ + +/* remove from our internal tables before it is removed from the + * object tree so we could use obj->getId() + */ + if (islib && !isDelObj) + { + int idx = getIdxForLib(obj); + QTreeWidget *otv = idxToTrees[idx]; + assert(otv!=NULL); + m_objectManipulator->widgetStack->removeWidget( otv ); + removeLib(idx); + + list fl; + findFirewalls(obj, fl); + for (list::iterator i=fl.begin(); i!=fl.end(); i++) + mw->deleteFirewall( *i ); + } + + if (isfw && !isDelObj) mw->deleteFirewall(obj); + + +// removeObjectFromTreeView(obj); + + QApplication::setOverrideCursor( QCursor( Qt::WaitCursor) ); + + if (islib && obj->isReadOnly()) obj->setReadOnly(false); + + if (obj->getId()==TEMPLATE_LIB) // special case + { + if (fwbdebug) qDebug("ObjectManipulator::delObj: special case: deleting template library"); + mw->db()->removeAllInstances(obj); + } else + { + if (fwbdebug) qDebug("ObjectManipulator::delObj: recursively deleting library and all its objects"); + mw->db()->recursivelyRemoveObjFromTree(obj, false); + if (islib) parent=mw->db()->getFirstByType(Library::TYPENAME); + } + + QApplication::restoreOverrideCursor(); + if (fwbdebug) qDebug("ObjectManipulator::delObj: done"); + + removeObjectFromTreeView(obj); + mw->scheduleRuleSetRedraw(); + + if (!isDelObj) + { + if (allItems[delObjLib]!=NULL) + insertSubtree( allItems[delObjLib], obj ); + } else + FWObjectClipboard::obj_clipboard->clear(); + + if (openobj) + { + if (isfw && !isDelObj) + { + std::list fwlist; + findAllFirewalls(fwlist); + if (fwlist.size()>0) + { + FWObject *first_fw = fwlist.front(); + if (first_fw!=NULL) + { + mw->showFirewall( first_fw ); + openObject( first_fw ); + } + } + //QTimer::singleShot( 0, mw, SLOT(reopenFirewall()) ); + } else { + openObject(parent); + } + } + } + catch(FWException &ex) + { + if (fwbdebug) qDebug("ObjectManipulator::delObj: catch: restoreOverrideCursor"); + QApplication::restoreOverrideCursor(); + QMessageBox::warning( + this,"Firewall Builder", + ex.toString().c_str(), + "&Continue", QString::null,QString::null, + 0, 1 ); + throw(ex); + } +} + +void ObjectManipulator::groupObjects() +{ + if (getCurrentObjectTree()->getNumSelected()==0) return; + + FWObject *co = getCurrentObjectTree()->getSelectedObjects().front(); + + newGroupDialog ngd( this ); + + if (ngd.exec()==QDialog::Accepted) + { + QString objName = ngd.m_dialog->obj_name->text(); + QString libName = ngd.m_dialog->libs->currentText(); + + QString type = ObjectGroup::TYPENAME; + if (Service::cast(co)!=NULL) type=ServiceGroup::TYPENAME; + if (Interval::cast(co)!=NULL) type=IntervalGroup::TYPENAME; + + FWObject *newgrp=NULL; + + list ll = mw->db()->getByType( Library::TYPENAME ); + for (FWObject::iterator i=ll.begin(); i!=ll.end(); i++) + { + FWObject *lib=*i; + if (libName==QString::fromUtf8(lib->getName().c_str())) + { +/* TODO: need to show a dialog and say that chosen library is read-only. + * this is not critical though since newGroupDialog fills the pull-down + * only with names of read-write libraries + */ + if (lib->isReadOnly()) return; + FWObject *parent = FWBTree::getStandardSlotForObject(lib,type); + if (parent==NULL) + { + if (fwbdebug) + qDebug("ObjectManipulator::groupObjects(): could not find standard slot for object of type %s in library %s", + type.toAscii().constData(),lib->getName().c_str()); + return; + } + newgrp = createObject(parent,type,objName); + + break; + } + } + if (newgrp==NULL) return; + + FWObject *obj; + + ObjectTreeView* ot=getCurrentObjectTree(); + ot->freezeSelection(true); + + vector so = getCurrentObjectTree()->getSimplifiedSelection(); + + for (vector::iterator i=so.begin(); i!=so.end(); ++i) + { + obj= *i; + newgrp->addRef(obj); + } + ot->freezeSelection(false); + + openObject(newgrp); + editObject(newgrp); + } +} + +void ObjectManipulator::info() +{ + if (fwbdebug) qDebug("ObjectManipulator::info()"); + + if (currentObj) + { + mw->info(currentObj, true); //forcing info window update + active=true; + } +} + + +void ObjectManipulator::restoreSelection(bool same_widget) +{ + if (fwbdebug) + qDebug("ObjectManipulator::restoreSelection same_widget=%d",same_widget); + + select(); + openObject( oe->getOpened(), false); +} + +void ObjectManipulator::editSelectedObject() +{ + if (getCurrentObjectTree()->getNumSelected()==0) return; + + FWObject *obj=getCurrentObjectTree()->getSelectedObjects().front(); + if (obj==NULL) return; + editObject(obj); +} + +bool ObjectManipulator::editObject(FWObject *obj) +{ + if (!oe->isVisible()) oe->show(); + return switchObjectInEditor(obj); +} + +bool ObjectManipulator::switchObjectInEditor(FWObject *obj) +{ + if (fwbdebug) qDebug("ObjectManipulator::switchObjectInEditor"); + + mw->unselectRules(); + + if (!oe->isVisible()) return false; + + if (!mw->requestEditorOwnership(this, + obj, + ObjectEditor::optNone, + true)) + return false; + + select(); + + if (obj!=oe->getOpened()) + { + oe->open(obj); + currentObj=obj; + active=true; + openObject(obj); // position the tree so that obj is visible + } + return true; // successfully (re)opened obj in the editor +} + + +void ObjectManipulator::openObject(ObjectTreeViewItem *otvi, + bool register_in_history) +{ + openObject(otvi->getFWObject(),register_in_history); +} + +/* This method is called from the GroupObjectDialog when user double + * clicks on the object in a group, so first we should check if this + * object is shown in the tree and if not, find and open it. + */ +void ObjectManipulator::openObject(FWObject *obj, bool /*register_in_history*/) +{ + if (fwbdebug) + qDebug("ObjectManipulator::openObject obj=%s", + (obj)?obj->getName().c_str():"NULL"); + + if (obj==NULL) return; + + raise(); + FWObject *o=obj; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + + ObjectTreeViewItem *otvi=allItems[o]; +// this changes selection and thus calls slot slectionChanged + showObjectInTree(otvi); + + m_objectManipulator->libs->setCurrentIndex( getIdxForLib( obj->getLibrary() ) ); + updateCreateObjectMenu( obj->getLibrary() ); +} + +void ObjectManipulator::selectionChanged(QTreeWidgetItem *cur) +{ + if (fwbdebug) + qDebug("ObjectManipulator::selectionChanged"); + + QTreeWidget *qlv= getCurrentObjectTree(); + if (qlv==NULL) return; + + ObjectTreeViewItem* otvi=dynamic_cast(cur); + + if (otvi==NULL) return; + + FWObject *obj=otvi->getFWObject(); + if (obj==NULL) return; + + FWObject *o=obj; +// if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + + if (history.empty() || otvi!=history.top().item() ) + { + mw->m_mainWindow->backAction->setEnabled( true ); + history.push( HistoryItem(otvi,o->getId().c_str()) ); + } + + currentObj = obj; + + bool dupMenuItem=true; + bool moveMenuItem=true; + bool copyMenuItem=true; + bool pasteMenuItem=true; + bool delMenuItem=true; + bool newMenuItem=true; + bool inDeletedObjects = false; + + getMenuState(false, + dupMenuItem,moveMenuItem,copyMenuItem,pasteMenuItem, + delMenuItem,newMenuItem,inDeletedObjects); + + mw->m_mainWindow->editCopyAction->setEnabled(copyMenuItem); + mw->m_mainWindow->editDeleteAction->setEnabled(delMenuItem); + mw->m_mainWindow->editCutAction->setEnabled(copyMenuItem); + mw->m_mainWindow->editPasteAction->setEnabled(pasteMenuItem); + + active=true; + +/* + mw->unselectRules(); + if (oe->validateAndSave()) + { + oe->selectionChanged(obj); + } +*/ + info(); + select(); +} + +/* + * I could use default value for the parameter register_in_history, + * but that caused problems when this method was used as a slot + */ +void ObjectManipulator::openObject(QTreeWidgetItem *item) +{ + ObjectTreeViewItem *otvi=dynamic_cast(item); + openObject(otvi,true); +} + +void ObjectManipulator::openObject(FWObject *obj) +{ + openObject(obj,true); +} + +void ObjectManipulator::showObjectInTree(ObjectTreeViewItem *otvi) +{ + if (fwbdebug) qDebug("ObjectManipulator::showObjectInTree"); + if (otvi==NULL) return; + + ObjectTreeView* otv = otvi->getTree(); + + if (fwbdebug) qDebug("ObjectManipulator::showObjectInTree current_tree_view=%p new_otv=%p",current_tree_view,otv); + + otv->raise(); + m_objectManipulator->widgetStack->setCurrentWidget(otv); + + otvi->getTree()->clearSelection(); + otvi->getTree()->scrollToItem( otvi ); + otvi->getTree()->setCurrentItem( otvi ); + otvi->setSelected( true ); +} + +void ObjectManipulator::invalidateDialog() +{ + currentObj=NULL; +} + +void ObjectManipulator::libChanged(int ln) +{ + QTreeWidget *lv = idxToTrees[ln]; + assert(lv!=NULL); + + ObjectTreeViewItem *otvi=dynamic_cast(lv->currentItem()); + + if (otvi == NULL) + if (lv->invisibleRootItem()->childCount() > 0) + otvi = dynamic_cast(lv->invisibleRootItem()->child(0)); + else + assert(FALSE); + + currentObj=otvi->getFWObject(); + showObjectInTree( otvi ); + + info(); + + updateCreateObjectMenu( idxToLibs[ln] ); + return; +} + +void ObjectManipulator::updateCreateObjectMenu(FWObject* lib) +{ + bool f = + lib->getId()==STANDARD_LIB || + lib->getId()==TEMPLATE_LIB || + lib->getId()==DELETED_LIB || + lib->isReadOnly(); + + m_objectManipulator->newButton->setEnabled( !f ); + QAction *noa = (QAction*)(mw->findChild("newObjectAction")); + noa->setEnabled( !f ); +} + +void ObjectManipulator::back() +{ +// if (!validateDialog()) return; + + if (!history.empty()) + { + history.pop(); + +/* skip objects that have been deleted */ + while ( ! history.empty()) + { + if (mw->db()->findInIndex( history.top().id().toLatin1().constData() )!=NULL) break; + history.pop(); + } + + if (history.empty()) + { + mw->m_mainWindow->backAction->setEnabled( false ); + return; + } + + openObject( history.top().item(), false ); + + if (oe->isVisible()) + { + ObjectTreeViewItem *otvi=history.top().item(); + switchObjectInEditor(otvi->getFWObject()); + } + } +} + +FWObject* ObjectManipulator::getCurrentLib() +{ + return idxToLibs[ m_objectManipulator->libs->currentIndex() ]; +} + +ObjectTreeView* ObjectManipulator::getCurrentObjectTree() +{ + return current_tree_view; +} + +void ObjectManipulator::openLib(FWObject *obj) +{ + openObject(obj->getLibrary(),false); +} + +void ObjectManipulator::newObject() +{ +// QToolButton *btn = (QToolButton*)(mw->toolBar)->child("newObjectAction_action_button"); + m_objectManipulator->newButton->showMenu(); +} + +FWObject* ObjectManipulator::createObject(const QString &objType, + const QString &objName, + FWObject *copyFrom) +{ + if (!validateDialog()) return NULL; + + if (fwbdebug) qDebug("ObjectManipulator::createObject check 1"); + + FWObject *lib = getCurrentLib(); + int i = 0; + + if (fwbdebug) + { + qDebug("lib: %s %s",lib->getName().c_str(), lib->getId().c_str()); + qDebug("lib: isReadOnly=%d isLoaded=%d", + lib->isReadOnly(), addOnLibs->isLoaded( lib->getName().c_str() ) ); + qDebug("libs->count()=%d", m_objectManipulator->libs->count() ); + } + + while ( lib->getId()==STANDARD_LIB || + lib->getId()==TEMPLATE_LIB || + lib->getId()==DELETED_LIB || + lib->isReadOnly() ) + { + if (i>=m_objectManipulator->libs->count()) + { +// if (fwbdebug) +// qDebug("ObjectManipulator::createObject return NULL"); +// return NULL; + lib = getCurrentLib(); + break; + } + + lib= idxToLibs[i]; + + if (fwbdebug) + { + qDebug("i=%d",i); + qDebug("lib: %s %s",lib->getName().c_str(), lib->getId().c_str()); + qDebug("lib: isReadOnly=%d isLoaded=%d", + lib->isReadOnly(), addOnLibs->isLoaded( lib->getName().c_str() ) ); + } + i++; + } + + FWObject *parent=FWBTree::getStandardSlotForObject(lib, objType); + if (parent==NULL) + { + + QMessageBox::warning(this,"Firewall Builder", + QObject::tr( +"Type '%1': new object can not be created because\n" +"corresponding branch is missing in the object tree.\n" +"Please repair the tree using command 'fwbedit -s -f file.fwb'.") + .arg(objType), + "&Continue", QString::null, QString::null, + 0, 1 ); + + + return NULL; + } + return actuallyCreateObject(parent,objType,objName,copyFrom); +} + +FWObject* ObjectManipulator::createObject(FWObject *parent, + const QString &objType, + const QString &objName, + FWObject *copyFrom) +{ + if (!validateDialog()) return NULL; + + FWObject *lib = getCurrentLib(); + int i = 0; + + assert(parent!=NULL); + + if (fwbdebug) + { + qDebug("ObjectManipulator::createObject 2: parent=%s", + parent->getName().c_str()); + qDebug("ObjectManipulator::createObject 2: objType=%s objName=%s", + objType.toLatin1().constData(), objName.toLatin1().constData()); + } + + while ( lib->getId()==STANDARD_LIB || + lib->getId()==TEMPLATE_LIB || + lib->getId()==DELETED_LIB || + lib->isReadOnly() ) + { + if (i>=m_objectManipulator->libs->count()) + { + lib=getCurrentLib(); + break; + } + lib= idxToLibs[i]; + i++; + } + + if (parent==NULL) parent=lib; + + return actuallyCreateObject(parent,objType,objName,copyFrom); +} + +FWObject* ObjectManipulator::actuallyCreateObject(FWObject *parent, + const QString &objType, + const QString &objName, + FWObject *copyFrom) +{ + if (!isTreeReadWrite(this, parent)) return NULL; + FWObject *nobj = mw->db()->create(objType.toLatin1().constData()); + assert(nobj!=NULL); + + if (copyFrom!=NULL) nobj->duplicate(copyFrom,true); + if (nobj->isReadOnly()) nobj->setReadOnly(false); + + nobj->setName( string(objName.toUtf8().constData()) ); + makeNameUnique(parent,nobj); + + parent->add(nobj); + insertSubtree(allItems[parent], nobj); + + return nobj; +} + +void ObjectManipulator::newLibrary() +{ + if (!validateDialog()) return; + + FWObject *nlib = FWBTree::createNewLibrary(mw->db()); + + addTreePage( nlib ); + + openObject( nlib ); + editObject(nlib); +} + +void ObjectManipulator::newFirewall() +{ + newFirewallDialog *nfd=new newFirewallDialog(); + if (oe->isVisible()) oe->hide(); + nfd->exec(); + FWObject *o = nfd->getNewFirewall(); + delete nfd; + + if (o!=NULL) + { + openObject(o); + + mw->addFirewallToList(o); + mw->showFirewall(o); +// updateLastModifiedTimestampForAllFirewalls(o); + + editObject(o); + } +} + +void ObjectManipulator::newHost() +{ + newHostDialog *nhd=new newHostDialog(); + if (oe->isVisible()) oe->hide(); + nhd->exec(); + FWObject *o = nhd->getNewHost(); + delete nhd; + + if (o!=NULL) + { + openObject(o); + editObject(o); + } +} + +void ObjectManipulator::newInterface() +{ + if ( currentObj->isReadOnly() ) return; + + FWObject *i=NULL; + + if (Host::isA(currentObj) || Firewall::isA(currentObj)) + i=createObject(currentObj,Interface::TYPENAME,tr("New Interface")); + + if (Interface::isA(currentObj)) + i=createObject(currentObj->getParent(),Interface::TYPENAME,tr("New Interface")); + + if (i==NULL) return; + +#ifdef USE_INTERFACE_POLICY + if (Firewall::isA(i->getParent())) i->add(new InterfacePolicy()); +#endif + + openObject( i ); + + if (Firewall::isA(i->getParent())) mw->showFirewall(i->getParent()); + updateLastModifiedTimestampForAllFirewalls(i); + + editObject(i); +} + +void ObjectManipulator::newNetwork() +{ + FWObject *o=createObject(Network::TYPENAME,tr("New Network")); + if (o!=NULL) + { + openObject(o); + editObject(o); + } +} + +void ObjectManipulator::newAddress() +{ + if ( currentObj->isReadOnly() ) return; + + FWObject *o; +/* + * Oleg reports that his expectation was that "New Address" should + * always create an address object even if current selected object in + * the tree is an interface. I tend to agree with him, this was a + * usability issue because behavior of the program was different + * depending on which object was selected in the tree. I am changing + * it and will make it so "New Address" will always create a new + * Address object uner Objects/Addresses. Interface address can be + * created using context pop-up menu. + * 12/19/04 --vk + */ + o=createObject(IPv4::TYPENAME,tr("New Address")); + +#if 0 + if (Interface::isA(currentObj)) + { + Interface *intf = Interface::cast(currentObj); + if (intf && + (intf->isDyn() || intf->isUnnumbered() || intf->isBridgePort()) + ) return; + QString iname=QString("%1:%2:ip") + .arg(QString::fromUtf8(currentObj->getParent()->getName().c_str())) + .arg(QString::fromUtf8(currentObj->getName().c_str())); + o=createObject(currentObj, IPv4::TYPENAME, iname); + } + else + { + o=createObject(IPv4::TYPENAME,tr("New Address")); + } +#endif + + + if (o!=NULL) + { + openObject(o); + editObject(o); + } +} + +void ObjectManipulator::newDNSName() +{ + FWObject *o; + o=createObject(DNSName::TYPENAME,tr("New DNS Name")); + if (o!=NULL) + { + openObject(o); + editObject(o); + } +} + +void ObjectManipulator::newAddressTable() +{ + FWObject *o; + o=createObject(AddressTable::TYPENAME,tr("New Address Table")); + if (o!=NULL) + { + openObject(o); + editObject(o); + } +} + +void ObjectManipulator::newInterfaceAddress() +{ + if ( currentObj->isReadOnly() ) return; + + if (Interface::isA(currentObj)) + { + Interface *intf = Interface::cast(currentObj); + if (intf && + (intf->isDyn() || intf->isUnnumbered() || intf->isBridgePort()) + ) return; + QString iname=QString("%1:%2:ip") + .arg(QString::fromUtf8(currentObj->getParent()->getName().c_str())) + .arg(QString::fromUtf8(currentObj->getName().c_str())); + FWObject *o=createObject(currentObj, IPv4::TYPENAME, iname); + if (o!=NULL) + { + openObject(o); + editObject(o); + updateLastModifiedTimestampForAllFirewalls(o); + } + } +} + +void ObjectManipulator::newTagService() +{ + FWObject *o; + o=createObject(TagService::TYPENAME,tr("New TagService")); + if (o!=NULL) + { + openObject(o); + editObject(o); + } +} +void ObjectManipulator::newPhysicalAddress() +{ + if ( currentObj->isReadOnly() ) return; + + if (Interface::isA(currentObj)) + { + Interface *intf = Interface::cast(currentObj); + if (intf->getByType(physAddress::TYPENAME).empty()) + { + QString iname=QString("%1:%2:mac") + .arg(QString::fromUtf8(currentObj->getParent()->getName().c_str())) + .arg(QString::fromUtf8(currentObj->getName().c_str())); + FWObject *o=createObject(currentObj,physAddress::TYPENAME,iname); + if (o!=NULL) + { + openObject(o); + editObject(o); + updateLastModifiedTimestampForAllFirewalls(o); + } + } + } +} + +void ObjectManipulator::newAddressRange() +{ + FWObject *o; + o=createObject(AddressRange::TYPENAME,tr("New Address Range")); + if (o!=NULL) + { + openObject(o); + editObject(o); + } +} + +void ObjectManipulator::newObjectGroup() +{ + FWObject *o; + o=createObject(ObjectGroup::TYPENAME,tr("New Object Group")); + if (o!=NULL) + { + openObject(o); + editObject(o); + } +} + + +void ObjectManipulator::newCustom() +{ + FWObject *o; + o=createObject(CustomService::TYPENAME,tr("New Custom Service")); + if (o!=NULL) + { + openObject(o); + editObject(o); + } +} + +void ObjectManipulator::newIP() +{ + FWObject *o; + o=createObject(IPService::TYPENAME,tr("New IP Service")); + if (o!=NULL) + { + openObject(o); + editObject(o); + } +} + +void ObjectManipulator::newICMP() +{ + FWObject *o; + o=createObject(ICMPService::TYPENAME,tr("New ICMP Service")); + if (o!=NULL) + { + openObject(o); + editObject(o); + } +} + +void ObjectManipulator::newTCP() +{ + FWObject *o; + o=createObject(TCPService::TYPENAME,tr("New TCP Service")); + if (o!=NULL) + { + openObject(o); + editObject(o); + } +} + +void ObjectManipulator::newUDP() +{ + FWObject *o; + o=createObject(UDPService::TYPENAME,tr("New UDP Service")); + if (o!=NULL) + { + openObject(o); + editObject(o); + } +} + +void ObjectManipulator::newServiceGroup() +{ + FWObject *o; + o=createObject(ServiceGroup::TYPENAME,tr("New Service Group")); + if (o!=NULL) + { + openObject(o); + editObject(o); + } +} + + +void ObjectManipulator::newInterval() +{ + FWObject *o; + o=createObject(Interval::TYPENAME,tr("New Time Interval")); + if (o!=NULL) + { + openObject(o); + editObject(o); + } +} + + + +bool ObjectManipulator::validateDialog() +{ + if (currentObj==NULL) return true; + if (!oe->isVisible()) return true; + return oe->validateAndSave(); +} + +void ObjectManipulator::select() +{ + if (fwbdebug) + qDebug("ObjectManipulator::select()"); + + if (currentObj==NULL) return; + ObjectTreeViewItem *otvi=allItems[currentObj]; + if (otvi) + { + otvi->setSelected(true); + active=true; + otvi->treeWidget()->setFocus(); + otvi->treeWidget()->update(); + } + + mw->updateRuleSetViewSelection(); +} + +void ObjectManipulator::unselect() +{ + if (currentObj==NULL) return; + + for (int i=0; ilibs->count(); i++) + idxToTrees[i]->clearSelection(); + + active=false; +} + +bool ObjectManipulator::isSelected() +{ + return active; +} + +list ObjectManipulator::findFirewallsForObject(FWObject *o) +{ + if (fwbdebug) + qDebug("ObjectManipulator::findFirewallsForObject"); + + list fws; + set resset; + QTime tt; + tt.start(); + FWObject *f=o; + while (f!=NULL && !Firewall::isA(f)) f=f->getParent(); + if (f) fws.push_back(Firewall::cast(f)); + mw->db()->findWhereUsed(o,mw->db(),resset); + + set::iterator i=resset.begin(); + for ( ;i!=resset.end();++i) + { + RuleElement *re=RuleElement::cast(*i); + if (re==NULL) continue; + + Rule *r=Rule::cast(re->getParent()); + if (r && !r->isDisabled()) + { + f=r; + while (f!=NULL && !Firewall::isA(f)) f=f->getParent(); + if (f && std::find(fws.begin(),fws.end(),f)==fws.end()) + fws.push_back(Firewall::cast(f)); + } + } + + if (fwbdebug) + qDebug(QString("Program spent %1 ms searching for firewalls.") + .arg(tt.elapsed()).toAscii().constData()); + + return fws; +} + +void ObjectManipulator::updateLastModifiedTimestampForOneFirewall(FWObject *o) +{ + if (fwbdebug) qDebug("ObjectManipulator::updateLastModifiedTimestampForOneFirewall"); + + if (o==NULL) return; + + Firewall *f = Firewall::cast(o); + if (f==NULL) return; + + f->updateLastModifiedTimestamp(); + getCurrentObjectTree()->updateTreeItems (); + info(); +} + + +void ObjectManipulator::updateLastModifiedTimestampForAllFirewalls(FWObject *o) +{ + if (fwbdebug) qDebug("ObjectManipulator::updateLastModifiedTimestampForAllFirewalls"); + + if (o==NULL) return; + + QStatusBar *sb = mw->statusBar(); + sb->showMessage( tr("Searching for firewalls affected by the change...") ); + + QApplication::processEvents(QEventLoop::ExcludeUserInputEvents,100); + + if (fwbdebug) qDebug("ObjectManipulator::updateLastModifiedTimestampForAllFirewalls: setOverrideCursor"); + QApplication::setOverrideCursor(QCursor( Qt::WaitCursor)); + + list fws = findFirewallsForObject(o); + if (fws.size()) + { + Firewall *f; + for (list::iterator i=fws.begin(); + i!=fws.end(); + ++i) + { + f=*i; + f->updateLastModifiedTimestamp(); + } + + getCurrentObjectTree()->updateTreeItems (); + info(); + } + if (fwbdebug) qDebug("ObjectManipulator::updateLastModifiedTimestampForAllFirewalls: restoreOverrideCursor"); + QApplication::restoreOverrideCursor(); + sb->clearMessage(); + + QApplication::processEvents(QEventLoop::ExcludeUserInputEvents,100); +} + +void ObjectManipulator::updateLastInstalledTimestamp(FWObject *o) +{ + if (fwbdebug) qDebug("ObjectManipulator::updateLastInstalledTimestamp"); + if (o==NULL) return; + Firewall * f=(Firewall *)o; + if (f!=NULL) + { + bool visualUpdate=f->needsInstall(); + f->updateLastInstalledTimestamp(); + if (visualUpdate) + { + getCurrentObjectTree()->updateTreeItems (); + } + info(); + } +} +void ObjectManipulator::updateLastCompiledTimestamp(FWObject *o) +{ + if (fwbdebug) qDebug("ObjectManipulator::updateLastCompiledTimestamp"); + + if (o==NULL) return; + Firewall * f=(Firewall *)o; + if (f!=NULL) + { + f->updateLastCompiledTimestamp(); + info(); + } +} + +void ObjectManipulator::simulateInstall() +{ + if (fwbdebug) qDebug("ObjectManipulator::simulateInstall"); + + if (getCurrentObjectTree()->getNumSelected()==0) return; + + Firewall *fw; + + vector so = getCurrentObjectTree()->getSimplifiedSelection(); + for (vector::iterator i=so.begin(); i!=so.end(); ++i) + { + fw= Firewall::cast( *i ); + if (fw!=NULL) + { + fw->updateLastCompiledTimestamp(); + fw->updateLastInstalledTimestamp(); + } + } + getCurrentObjectTree()->updateTreeItems (); + +} + +void ObjectManipulator::findAllFirewalls (list &fws) +{ + if (fwbdebug) qDebug("ObjectManipulator::findAllFirewalls"); + + std::list fwlist; + findByObjectType(mw->db(),Firewall::TYPENAME,fwlist); + for (list::iterator m=fwlist.begin(); m!=fwlist.end(); m++) + fws.push_back( Firewall::cast(*m) ); +} + +FWObject* ObjectManipulator::getSelectedObject() +{ + return currentObj; +} + +void ObjectManipulator::findWhereUsedSlot() +{ + if (getCurrentObjectTree()->getNumSelected()==0) return; + + FWObject *obj=getCurrentObjectTree()->getSelectedObjects().front(); + if (obj==NULL) return; + mw->findWhereUsed(obj); + +} + +void ObjectManipulator::reopenCurrentItemParent() +{ + QTreeWidgetItem *itm = current_tree_view->currentItem(); + if (itm) + itm = itm->parent(); + if (!itm) + return; + itm->parent()->setExpanded(false); + itm->parent()->setExpanded(true); + + current_tree_view->scrollToItem(itm); +} + + + + + + diff --git a/src/gui/ObjectManipulator.h b/src/gui/ObjectManipulator.h new file mode 100644 index 000000000..5637ef8b6 --- /dev/null +++ b/src/gui/ObjectManipulator.h @@ -0,0 +1,357 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: ObjectManipulator.h,v 1.58 2007/01/08 02:11:48 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __OBJECTMANIPULATOR_H_ +#define __OBJECTMANIPULATOR_H_ + +#include "config.h" +#include "global.h" + +#include +#include +#include +#include + +#include + +#include "fwbuilder/FWObject.h" +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/ObjectGroup.h" + +#include +#include + +class ObjectTreeView; +class ObjectTreeViewItem; +class QComboBox; +class QMenu; +namespace libfwbuilder +{ + class Firewall; + class Library; +} +class HistoryItem { + ObjectTreeViewItem *itm; + QString objId; + + public: + HistoryItem(ObjectTreeViewItem *oi,const QString &id) { itm=oi; objId=id; } + ~HistoryItem(); + ObjectTreeViewItem* item() { return itm; } + QString id() { return objId; } +}; + +/*class ObjToolTip : public QToolTip { + + ObjectTreeView *otv; + public: + ObjToolTip(ObjectTreeView *widget); + virtual ~ObjToolTip() {} + virtual void maybeTip(const QPoint &p); +};*/ + +class ObjectManipulator : public QWidget/*ObjectManipulator_q*/ { + + Q_OBJECT + + std::vector idxToLibs; + std::vector idxToTrees; + + std::stack history; + int cacheHits; + + libfwbuilder::FWObject *currentObj; + ObjectTreeView *current_tree_view; + + int treeWidth; + int treeHeight; + + bool active; + +/* this is a reverse idex of all objects in all trees. We use it to + * quickly locate given object in the tree and open it + */ + std::map allItems; + + + ObjectTreeViewItem* insertObject( ObjectTreeViewItem *itm,libfwbuilder::FWObject *obj ); + void insertSubtree( ObjectTreeViewItem *itm,libfwbuilder::FWObject *obj ); + + void removeObjectFromTreeView(libfwbuilder::FWObject *obj ); + + QString getTreeLabel( libfwbuilder::FWObject *obj ); + + void addTreePage(libfwbuilder::FWObject *lib); + void showObjectInTree(ObjectTreeViewItem *otvi); + + int getIdxForLib(libfwbuilder::FWObject*); + void addLib( libfwbuilder::FWObject *lib, QTreeWidget* otv=NULL); + void removeLib(libfwbuilder::FWObject*); + void removeLib(int idx); + void updateCreateObjectMenu(libfwbuilder::FWObject* lib); + void makeNameUnique(libfwbuilder::FWObject* p,libfwbuilder::FWObject* obj); + + libfwbuilder::FWObject* actuallyCreateObject(libfwbuilder::FWObject *parent, + const QString &objType, + const QString &objName, + libfwbuilder::FWObject *copyFrom=NULL); + void autorename(libfwbuilder::FWObject *obj,bool ask=true); + void extractFirewallsFromGroup( + libfwbuilder::ObjectGroup *gr, + std::set &fo); + +public slots: + virtual void libChanged(int l); + virtual void switchingTrees(QWidget* w); + virtual void currentTreePageChanged(int i); + + void selectionChanged(QTreeWidgetItem *cur); + + void info(); + + /** + * open object obj in the editor. Does not open editor panel + * if it is closed. Asks FWWindow permission to own editor. + */ + bool switchObjectInEditor(libfwbuilder::FWObject *obj); + + /** + * same as above but opens editor panel if it is closed. This is + * an entry point for menu items 'edit', all 'new object' as well + * as doubleclick + */ + bool editObject(libfwbuilder::FWObject *obj); + + void editSelectedObject(); + + void contextMenuRequested(const QPoint &pos); + + + libfwbuilder::FWObject* createObject(const QString &objType, + const QString &objName, + libfwbuilder::FWObject *copyFrom=NULL); + + libfwbuilder::FWObject* createObject(libfwbuilder::FWObject *parent, + const QString &objType, + const QString &objName, + libfwbuilder::FWObject *copyFrom=NULL); + + void newLibrary(); + void newObject(); + void newFirewall(); + void newHost(); + void newInterface(); + void newNetwork(); + void newAddress(); + void newInterfaceAddress(); + void newPhysicalAddress(); + void newAddressRange(); + void newObjectGroup(); + void newDNSName(); + void newAddressTable(); + + void newCustom(); + void newIP(); + void newICMP(); + void newTCP(); + void newUDP(); + void newTagService(); + void newServiceGroup(); + + void newInterval(); + + void duplicateObj(QAction*); + void duplicateObjUnderSameParent(); + void moveObj(QAction*); + void copyObj(); + void cutObj(); + void pasteObj(); + void deleteObj(); + void dumpObj(); + void compile(); + void install(); + + void groupObjects(); + + void openObject(QTreeWidgetItem *otvi); + void openObject(libfwbuilder::FWObject *obj); + void restoreSelection(bool same_widget); + + void find(); + void findObject(); + + virtual void back(); + virtual void lockObject(); + virtual void unlockObject(); + virtual void simulateInstall(); + virtual void findWhereUsedSlot(); + + + public: + Ui::ObjectManipulator_q *m_objectManipulator; + void filterFirewallsFromSelection( + std::vector &so, + std::set &fo); + void autorename(libfwbuilder::FWObject *obj, + const std::string &objtype, + const std::string &namesuffix); + + ObjectManipulator( QWidget *parent ); + ~ObjectManipulator(); + void loadObjects(); + void loadObjects(libfwbuilder::FWObjectDatabase *db); + void clearObjects(); + + bool validateDialog(); + void invalidateDialog(); + + void reopenCurrentItemParent(); + + void openObject(libfwbuilder::FWObject *obj, bool register_in_history); + void openObject(ObjectTreeViewItem *otvi, bool register_in_history); + + libfwbuilder::FWObject* duplicateObject(libfwbuilder::FWObject *target, + libfwbuilder::FWObject *obj, + const QString &name = QString::null, + bool askForAutorename=true); + void moveObject(libfwbuilder::FWObject *target, + libfwbuilder::FWObject *obj); + + void moveObject(const QString &targetLibName, + libfwbuilder::FWObject *obj); + + libfwbuilder::FWObject* getOpened() { return currentObj; } + + void updateLibColor(libfwbuilder::FWObject *lib); + void updateLibName(libfwbuilder::FWObject *lib); + + void updateObjName(libfwbuilder::FWObject *obj, + const QString &oldName, + bool askForAutorename=true); + void updateObjName(libfwbuilder::FWObject *obj, + const QString &oldName, + const QString &oldLabel, + bool askForAutorename=true); + + ObjectTreeView* getCurrentObjectTree(); + libfwbuilder::FWObject* getSelectedObject(); + + /** + * this method opens given library in the tree + */ + void openLib(libfwbuilder::FWObject *lib); + + /** + * returns pointer at a library that is currently opened in the tree + */ + libfwbuilder::FWObject* getCurrentLib(); + + /** + * this method makes sure the system library is NOT opened in the + * tree. If it is, it switches to the 'User' library. If one of + * the user's libraries is already opened, it does nothing. + */ + void closeSystemLib(); + + libfwbuilder::FWObject* pasteTo(libfwbuilder::FWObject *target, + libfwbuilder::FWObject *obj, + bool openobj=true, + bool validateOnly=false); + void delObj(libfwbuilder::FWObject *obj,bool openobj=true); + + /** + * select whatever object is current in the tree (used to restore + * selected state of the tree item after it was unselected) + */ + void select(); + + /** + * unselect whatever object is currently selected + */ + void unselect(); + + /** + * returns true if anything is selected in the tree + */ + bool isSelected(); + + /** + * controls whether "Deleted Objects" library is shown + */ + void showDeletedObjects(bool f); + + + /** + * get boolean flags that describe state of the menu items. + * Can be used for both pop-up context menu and the main menu. + */ + void getMenuState(bool haveMoveTargets, + bool &dupMenuItem, + bool &moveMenuItem, + bool ©MenuItem, + bool &pasteMenuItem, + bool &delMenuItem, + bool &newMenuItem, + bool &inDeletedObjects); + + void updateLastModifiedTimestampForOneFirewall(libfwbuilder::FWObject *o); + void updateLastModifiedTimestampForAllFirewalls(libfwbuilder::FWObject *o); + void updateLastInstalledTimestamp(libfwbuilder::FWObject *o); + void updateLastCompiledTimestamp(libfwbuilder::FWObject *o); + + std::list findFirewallsForObject(libfwbuilder::FWObject *o); + void findAllFirewalls (std::list &fws); + + + signals: +/** + * the dialog class should have a slot that can load object's data + * into dialog elements when ObjectManipulator emits this signal + */ + void loadObject_sign(libfwbuilder::FWObject *); + +/** + * the dialog class should have a slot that can verify data entered by + * user in the dialog elements when ObjectManipulator emits this + * signal. The validation result is returned in variable "bool *res" + */ + void validate_sign(bool *res); + +/** + * the dialog class should have a slot that can verify if the data in + * dialog has been edited. + */ + void isChanged_sign(bool *res); + +/** + * the dialog class should have a slot that applies changes made by + * the user and saves data in the object. + */ + void applyChanges_sign(); + +}; + +#endif diff --git a/src/gui/ObjectTreeView.cpp b/src/gui/ObjectTreeView.cpp new file mode 100644 index 000000000..4b77f58ad --- /dev/null +++ b/src/gui/ObjectTreeView.cpp @@ -0,0 +1,881 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: ObjectTreeView.cpp,v 1.43 2007/07/07 05:39:34 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "FWBTree.h" +#include "ObjectTreeView.h" +#include "ObjectTreeViewItem.h" +#include "ObjectManipulator.h" +#include "FWObjectDrag.h" +#include "FWWindow.h" +#include "FWBSettings.h" + +#include "FWObjectPropertiesFactory.h" +#include "fwbuilder/FWObject.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Resources.h" +#include "fwbuilder/Group.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +using namespace std; +using namespace libfwbuilder; + +ObjectTreeView* ObjectTreeViewItem::getTree() +{ + return dynamic_cast(treeWidget()); +} + +/**************************************************************************** + * + * class ObjectTreeView + * + ****************************************************************************/ + +ObjectTreeView::ObjectTreeView(QWidget* parent, const char * name, Qt::WFlags f) : + QTreeWidget(parent), + singleClickTimer(this) +{ + setObjectName(name); + this->setParent(parent, f); +// setAcceptDrops( TRUE ); + item_before_drag_started=NULL; + lastSelected = NULL; + second_click = false; + selectionFrozen = false; + expandOrCollapse = false; + Lockable = false; + Unlockable = false; + visible = false; + /* + * note about process_mouse_release_event + * + * we use mouseReleaseEvent event to switch object opened in the + * editor panel (i.e. we open new object when mouse button is + * released rather than when it is pressed). This allows us to + * start drag without switching object in the editor. The problem + * is that mouseReleaseEvent is received in this widget after the + * d&d ends with a drop somewhere else, which triggers call to + * mouseReleaseEvent which switches object in the + * editor. This is undesired when the editor shows a group and we + * try to drag and drop an object into that group. Flag + * process_mouse_release_event is used to suppress object + * switching when mouseReleaseEvent is called after + * successfull drop. + */ + process_mouse_release_event = true; + + connect( this, SIGNAL(currentItemChanged(QTreeWidgetItem*, QTreeWidgetItem*)), + this, SLOT(currentItemChanged(QTreeWidgetItem*)) ); + + connect( this, SIGNAL( itemSelectionChanged() ), + this, SLOT( itemSelectionChanged() ) ); + + connect(this, SIGNAL( itemCollapsed(QTreeWidgetItem*)), + this, SLOT( itemCollapsed(QTreeWidgetItem*)) ); + + connect(this, SIGNAL( itemExpanded(QTreeWidgetItem*)), + this, SLOT( itemExpanded(QTreeWidgetItem*)) ); + + connect( &singleClickTimer, SIGNAL( timeout() ), + this, SLOT( resetSelection() ) ); + + connect( this, SIGNAL( itemActivated(QTreeWidgetItem *, int)), + this, SLOT( itemOpened() )); + + setColumnCount(1); + + QStringList qsl; + qsl.push_back(tr("Object")); + setHeaderLabels(qsl); + + header()->hide(); + + setMinimumSize( QSize( 100, 0 ) ); + +// QFont objTreeView_font( font() ); +// setFont( objTreeView_font ); +// setCursor( QCursor( 0 ) ); + +// setColumnWidthMode(0, QTreeWidget::Maximum); +// setItemMargin( 2 ); + + setAutoScroll( TRUE ); + setAllColumnsShowFocus( TRUE ); + setSelectionMode( ExtendedSelection ); + setAcceptDrops( true ); + setDragDropMode( QAbstractItemView::DragDrop ); + setRootIsDecorated( TRUE ); +} + +bool ObjectTreeView::event( QEvent *event ) +{ + if (event->type() == QEvent::ToolTip) + { + QHelpEvent *he = (QHelpEvent*) event; + QPoint pos = he->pos(); + + if (st->getObjTooltips()) + { + int cx = pos.x(), cy = pos.y(); + + FWObject *obj=NULL; + QRect cr; + + QTreeWidgetItem *itm = itemAt( QPoint(cx,cy - header()->height()) ); + if (itm==NULL) return false; + ObjectTreeViewItem *oivi = dynamic_cast(itm); + assert(oivi!=NULL); + obj = oivi->getFWObject(); + + if (obj==NULL) return false; + + cr = visualItemRect(itm); + + QRect global = QRect( + viewport()->mapToGlobal(cr.topLeft()), viewport()->mapToGlobal(cr.bottomRight())); + + //finally stretch rect up to component's width and even more + //(it fixes bug with horizontal scroll) + global.setWidth(width() + horizontalOffset()); + + QToolTip::showText(mapToGlobal( he->pos() ), + FWObjectPropertiesFactory::getObjectPropertiesDetailed(obj,true,true), + this, global); + } + + return true; + } + + return QTreeWidget::event(event); +} + + +void ObjectTreeView::currentItemChanged(QTreeWidgetItem *cur) +{ + if (fwbdebug) + qDebug("ObjectTreeView::currentChanged itm=%s",cur->text(0).toAscii().constData()); + expandOrCollapse = false; + +// lastSelected = ovi; +// lastSelected = currentItem(); +} + +void ObjectTreeView::itemCollapsed(QTreeWidgetItem* itm) +{ + if (fwbdebug) + qDebug("ObjectTreeView::collapsed itm=%s",itm->text(0).toAscii().constData()); + expandOrCollapse = true; +} + +void ObjectTreeView::itemExpanded(QTreeWidgetItem* itm) +{ + if (fwbdebug) + qDebug("ObjectTreeView::expanded itm=%s",itm->text(0).toAscii().constData()); + expandOrCollapse = true; +} + +/* + * This method makes list selectedObjects flat. If user selects + * several objects in the tree, and some of them have children, QT + * puts all the children in the selected objects list even if + * corresponding subtrees are collapsed. This method eliminates these + * selected children objects. + * + */ +std::vector ObjectTreeView::getSimplifiedSelection() +{ + vector so = selectedObjects; + vector so2 = selectedObjects; + for (vector::iterator i=so2.begin(); i!=so2.end(); ++i) + { + for (vector::iterator j=i; j!=so2.end(); ++j) + { + vector::iterator k=std::find(so.begin(),so.end(),*j); + if ( (*j)->isChildOf( *i ) && k!=so.end()) + so.erase( k ); + } + } + return so; +} + +FWObject* ObjectTreeView::getCurrentObject() +{ + QTreeWidgetItem *ovi = currentItem(); + ObjectTreeViewItem *otvi=dynamic_cast(ovi); + assert(otvi!=NULL); + return otvi->getFWObject(); +} + +bool ObjectTreeView::isLockable() +{ + return Lockable; +} + +bool ObjectTreeView::isUnlockable() +{ + return Unlockable; +} + +void ObjectTreeView::focusInEvent(QFocusEvent* ev) +{ + if (fwbdebug) qDebug("ObjectTreeView::focusInEvent 1"); + QTreeWidget::focusInEvent(ev); + QTreeWidgetItem *ci = currentItem(); + if (ci) repaint(); + if (fwbdebug) qDebug("ObjectTreeView::focusInEvent 2"); +} + +void ObjectTreeView::focusOutEvent(QFocusEvent* ev) +{ + if (fwbdebug) qDebug("ObjectTreeView::focusOutEvent 1"); + QTreeWidget::focusOutEvent(ev); + QTreeWidgetItem *ci = currentItem(); + if (ci) repaint(); + if (fwbdebug) qDebug("ObjectTreeView::focusOutEvent 2"); +} + +void ObjectTreeView::updateTreeItems() +{ + if (fwbdebug) qDebug("ObjectTreeView::updateTreeItems 1"); + QTreeWidgetItemIterator it(this); + QTreeWidgetItem *itm; + ObjectTreeViewItem *otvi; + FWObject *obj; + QString icn; + + QPixmap pm_lock; + if ( ! QPixmapCache::find( ":/Icons/lock.png", pm_lock) ) + { + pm_lock.load( ":/Icons/lock.png" ); + QPixmapCache::insert( ":/Icons/lock.png", pm_lock); + } + + while ( *it ) + { + itm= *it; + otvi=dynamic_cast(itm); + obj=otvi->getFWObject(); + + if (FWBTree::isSystem(obj)) + icn=":/Icons/folder1.png"; + else + icn=(":/Icons/"+obj->getTypeName()+"/icon-tree").c_str(); + + QPixmap pm_obj; + if ( ! QPixmapCache::find( icn, pm_obj) ) + { + pm_obj.load( icn ); + QPixmapCache::insert( icn, pm_obj); + } + + if (obj->getBool("ro")) itm->setIcon(0, pm_lock);//setPixmap(0, pm_lock ); + else itm->setIcon(0, pm_obj ); + + Firewall *fw=Firewall::cast(obj); + if (fw!=NULL) + { + itm->setText(0,(fw->needsInstall())? + QString::fromUtf8(fw->getName().c_str())+" *": + QString::fromUtf8(fw->getName().c_str())); + } + + ++it; + } + + update(); //for replacement as previous string + if (fwbdebug) qDebug("ObjectTreeView::updateTreeItems 2"); +} + +void ObjectTreeView::startDrag(Qt::DropActions supportedActions) +{ + if (fwbdebug) qDebug("ObjectTreeView::dragObject"); + + QTreeWidgetItem *ovi = currentItem(); + ObjectTreeViewItem *otvi=dynamic_cast(ovi); + + FWObject *current_obj = getCurrentObject(); + +/* can't drag system folders + + in fact, I have to allow to drag system folders because otherwise + QListView triggers highlighting of objects in the tree when user + drags mouse cursor across them. This is weird behavior and there + does not seem to be any way to turn it off. It happens close to + the end of void QListView::mouseMoveEvent( QMouseEvent * e) + (See code after they decided that they do not need to call startDrag()) + + if (FWBTree::isSystem(obj)) return NULL; +*/ + QString icn = (":/Icons/"+current_obj->getTypeName()+"/icon-ref").c_str(); + + vector so = getSimplifiedSelection(); + + list dragobj; + for (vector::iterator v=so.begin(); v!=so.end(); v++) + dragobj.push_back( *v ); + + FWObjectDrag *drag = new FWObjectDrag(dragobj, this); + + QPixmap pm; + if ( ! QPixmapCache::find( icn, pm) ) + { + pm.load( icn ); + QPixmapCache::insert( icn, pm); + } + + if (dragobj.size()>1) + { + QPixmap npm(32,32); + QPainter p( &npm ); + p.fillRect( 0,0,32,32, QBrush( QColor("white"),Qt::SolidPattern ) ); + p.setBackgroundMode( Qt::TransparentMode ); + p.drawPixmap( 0, 32-pm.rect().height(), pm); + p.setPen( QColor("red") ); + p.setBrush( QBrush( QColor("red"),Qt::SolidPattern ) ); + p.drawPie( 16, 0, 16,16, 0, 5760 ); + QString txt; + txt.setNum(dragobj.size()); + QRect br=p.boundingRect(0, 0, 1000, 1000, + Qt::AlignLeft|Qt::AlignVCenter, + txt ); + p.setPen( QColor("white") ); + p.drawText( 24-br.width()/2 , 4+br.height()/2, txt ); + p.end(); + npm.setMask( npm.createHeuristicMask() ); + drag->setPixmap( npm ); + } else + drag->setPixmap( pm ); + +/* + * This fragment returns selection in the tree back to the object that + * was selected before drag operation has started. This help in the + * following case: + * + * - open a group for editing (group is selected in the tree) + * - left-click on another object in the tree, start dragging it + * + * at this point selection in the tree returns to the group, so when + * user finishes d&d operation, the selection in the tree is consisten + * with object currently opened in the editor panel. + * + * There is a problem with this however. If user wants to put an + * object from a different library into the group, they have to switch + * to that library before doing d&d. When they switch, ObjectTree + * shown in the left panel becomes different from the tree in which + * the group is located. When d&d finishes, the ObjectTree object + * receives mouseReleaseEvent event. Since it is not the right + * tree object, it can not properly restore selection and choses an + * object that was previously opened in that tree, which in turn + * changes the object opened in the editor panel. To make things + * worse, this event is only delivered to the tree object on Mac OS X. + * + * + */ + if (fwbdebug) qDebug("ObjectTreeView::dragObject() this=%p visible=%d", + this,visible); + + FWObject *edit_obj = oe->getOpened(); + + if (oe->isVisible() && + dragobj.size()==1 && + edit_obj!=NULL && + current_obj->getLibrary()==edit_obj->getLibrary() ) + { + if (fwbdebug) qDebug("ObjectTreeView::dragObject() reset selection"); + otvi->setSelected(false); + resetSelection(); + } + +#if 0 + /* + * need to reset selection if: + * + * object editor is opened, and + * we are dragging one object, and + * object opened in editor is not the same as the one we are dragging + */ + if (oe->isVisible() && dragobj.size()==1 && oe->getOpened()!=obj) + { + setSelected(otvi,false); + resetSelection(); + } +#endif + if (fwbdebug) qDebug("ObjectTreeView::dragObject() returns !NULL"); + + drag->start(supportedActions); +} + +void ObjectTreeView::dragEnterEvent( QDragEnterEvent *ev) +{ + ev->setAccepted( ev->mimeData()->hasFormat(FWObjectDrag::FWB_MIME_TYPE) ); + ev->setDropAction(Qt::MoveAction); +} + +void ObjectTreeView::dragMoveEvent( QDragMoveEvent *ev) +{ + bool acceptE = false; + + if (ev->mimeData()->hasFormat(FWObjectDrag::FWB_MIME_TYPE)) + { + + int hy; + +// hy=header()->height(); // if header is shown + hy=0; + + QTreeWidgetItem *ovi = itemAt( ev->pos() ); + + ObjectTreeViewItem *otvi=dynamic_cast(ovi); + if (otvi==NULL) + { + ev->setAccepted(acceptE); + return; + } + + FWObject *trobj = otvi->getFWObject(); + +/* the tree can accept drop only if it goes into a group and if that group + * validates the object and tree is not read-only + */ + if (Group::cast(trobj)!=NULL && + !FWBTree::isSystem(trobj) && + !trobj->isReadOnly() + ) + { + acceptE = true; + + Group *g = Group::cast(trobj); + list dragol; + if (FWObjectDrag::decode(ev, dragol)) + { + for (list::iterator i=dragol.begin(); + i!=dragol.end(); ++i) + { + FWObject *dragobj = *i; + assert(dragobj!=NULL); + + if (FWBTree::isSystem(dragobj)) + { +/* can not drop system folder anywhere */ + acceptE = false; + break; + } + + bool t= g->validateChild(dragobj); + if (!t) + { + acceptE = false; + break; + } + + if (g->getPath(true) == "Services/Groups" && t) + ovi->setExpanded(true); + + if (g->getPath(true) == "Objects/Groups" && t) + ovi->setExpanded(true); + } + } + } + } + ev->setAccepted(acceptE); +} + +void ObjectTreeView::dropEvent(QDropEvent *ev) +{ + QTreeWidgetItem *ovi = itemAt( ev->pos() ); + ObjectTreeViewItem *otvi=dynamic_cast(ovi); + if (otvi==NULL) return; + FWObject *trobj = otvi->getFWObject(); + +/* the tree can accept drop only if it goes into a group and if that group + * validates the object and the tree is not read-only + */ + if (Group::cast(trobj)!=NULL && + !FWBTree::isSystem(trobj) && + !trobj->isReadOnly() + ) + { + Group *g=Group::cast(trobj); + + item_before_drag_started=NULL; + + list dragol; + if (FWObjectDrag::decode(ev, dragol)) + { + for (list::iterator i=dragol.begin(); + i!=dragol.end(); ++i) + { + FWObject *dragobj = *i; + assert(dragobj!=NULL); + +/* check for duplicates */ + string cp_id=dragobj->getId(); + list::iterator j; + for(j=g->begin(); j!=g->end(); ++j) + { + FWObject *o1=*j; + if(cp_id==o1->getId()) continue; + + FWReference *ref; + if( (ref=FWReference::cast(o1))!=NULL && + cp_id==ref->getPointerId()) return; + } + + g->addRef(dragobj); + } + + clearSelection(); + setCurrentItem(ovi); + ovi->setSelected(true); + +// emit objectDropped_sign(g); + } + } +} + +void ObjectTreeView::dragLeaveEvent( QDragLeaveEvent *ev) +{ + QTreeWidget::dragLeaveEvent(ev); + + clearSelection(); +} + +void ObjectTreeView::mouseMoveEvent( QMouseEvent * e ) +{ + /*if (startingDrag) + { + QDrag *drag = dragObject(); + drag->start(); + } + else*/ + QTreeWidget::mouseMoveEvent(e); + + if (e==NULL) return; +} + +void ObjectTreeView::mousePressEvent( QMouseEvent *e ) +{ + if (fwbdebug) + qDebug("ObjectTreeView::mousePressEvent"); + + second_click = false; + process_mouse_release_event = true; + + if (fwbdebug) + { + qDebug(QString("ObjectTreeView::mousePressEvent :: currentItem=%1") + .arg((currentItem())?currentItem()->text(0):"nil").toAscii().constData() + ); + qDebug(QString("ObjectTreeView::mousePressEvent :: lastSelected=%2") + .arg((lastSelected)?lastSelected->text(0):"nil").toAscii().constData() + ); + } + + lastSelected = currentItem(); + + QTreeWidget::mousePressEvent(e); + + if (e->button() == Qt::LeftButton) + { + startingDrag = true; + } + + if (e->button() == Qt::RightButton) + emit contextMenuRequested_sign(e->pos()); +} + +/* + * Two modes of operation of this widget: + * + * 1. this widget can intercept single mouse click and return + * selection back to the object that was current before it. If user + * double ckicks mouse button, then this reset is not done and new + * object is selected. This is done using timer. + * + * 2. this widget can act as usual QListView does, that is, select an object + * on a single click. + * + * uncomment the line that starts timer for mode #1. + * + * + * we use mouseReleaseEvent event to switch object opened in the + * editor panel (i.e. we open new object when mouse button is released + * rather than when it is pressed). This allows us to start drag + * without switching object in the editor. The problem is that + * mouseReleaseEvent is received in this widget after the d&d ends + * with a drop somewhere else, which triggers call to + * mouseReleaseEvent which switches object in the editor. This + * is undesired when the editor shows a group and we try to drag and + * drop an object into that group. Flag process_mouse_release_event is + * used to suppress object switching when mouseReleaseEvent is + * called after successfull drop. + * + */ +void ObjectTreeView::mouseReleaseEvent( QMouseEvent *e ) +{ + if (fwbdebug) + qDebug("ObjectTreeView::mouseReleaseEvent 1 this=%p process_mouse_release_event=%d", + this,process_mouse_release_event); + + QTreeWidget::mouseReleaseEvent(e); + + + if (!process_mouse_release_event) + { + // just do not switch object in the editor, otherwise + // process this event as usual + process_mouse_release_event = true; + return; + } + + if (fwbdebug) + qDebug("ObjectTreeView::mouseReleaseEvent 2 selectedObjects.size()=%d getCurrentObject()=%p current object %s", + selectedObjects.size(), + getCurrentObject(), + (getCurrentObject()!=NULL)?getCurrentObject()->getName().c_str():"nil"); + + if (expandOrCollapse) return; // user expanded or collapsed subtree, + // no need to change object in the editor + + if (selectedObjects.size()==1) + emit switchObjectInEditor_sign( getCurrentObject() ); + else + { + // user selected multiple objects + // do not let them if editor has unsaved changes + // + if (oe->isVisible() && oe->isModified()) + emit switchObjectInEditor_sign( getCurrentObject() ); + else + oe->blank(); + } +} + +/* + * sends signal that should be connected to a slot in + * ObjectManipulator which opens editor panel if it is closed and then + * opens current object in it + */ +void ObjectTreeView::editCurrentObject() +{ + if (fwbdebug) + qDebug("ObjectTreeView::editCurrentObject"); + + emit editCurrentObject_sign(); + + if (fwbdebug) + qDebug("ObjectTreeView::editCurrentObject done"); +} + +void ObjectTreeView::mouseDoubleClickEvent( QMouseEvent *e ) +{ + if (fwbdebug) + qDebug("ObjectTreeView::mouseDoubleClickEvent"); + + second_click=true; + singleClickTimer.stop(); + + FWObject *obj = getCurrentObject(); + +/* system folders open on doubleclick, while for regular objects it + * opens an editor + */ + if (FWBTree::isSystem(obj)) + QTreeWidget::mouseDoubleClickEvent(e); + else + editCurrentObject(); +} + +void ObjectTreeView::keyPressEvent( QKeyEvent* ev ) +{ + FWObject *obj = getCurrentObject(); + + if (ev->key()==Qt::Key_Enter || ev->key()==Qt::Key_Return) + { + editCurrentObject(); + ev->accept(); + return; + } + if (ev->key()==Qt::Key_Delete) + { + emit deleteObject_sign(obj); + ev->accept(); + return; + } + QTreeWidget::keyPressEvent(ev); +} + +void ObjectTreeView::keyReleaseEvent( QKeyEvent* ev ) +{ + if (fwbdebug) + qDebug("ObjectTreeView::keyReleaseEvent"); + + QTreeWidget::keyReleaseEvent(ev); + + if (selectedObjects.size()==1) + emit switchObjectInEditor_sign( getCurrentObject() ); + else + { + // user selected multiple objects + // do not let them if editor has unsaved changes + // + if (oe->isVisible() && oe->isModified()) + emit switchObjectInEditor_sign( getCurrentObject() ); + else + oe->blank(); + } +} + +/*void ObjectTreeView::keyPressEvent(QKeyEvent *ke) +{ + if (ke->key() == Qt::Key_Enter) + { + if (fwbdebug) + qDebug("ObjectTreeView::keyPressed"); + + editCurrentObject(); + } + + QTreeWidget::returnPressed(ke); +}*/ + +void ObjectTreeView::itemOpened () +{ + if (fwbdebug) + qDebug("ObjectTreeView::itemOpened"); + + editCurrentObject(); +} + +void ObjectTreeView::clearLastSelected() +{ + lastSelected = NULL; +} + + +void ObjectTreeView::resetSelection() +{ + if (fwbdebug) + qDebug(QString("ObjectTreeView::resetSelection :: lastSelected=%1").arg(lastSelected->text(0)).toAscii().constData()); + + setCurrentItem(lastSelected); + lastSelected->setSelected(true); +} + +void ObjectTreeView::itemSelectionChanged() +{ + if (fwbdebug) + qDebug("ObjectTreeView::itemSelectionChanged selectionFrozen=%d", + selectionFrozen); + + if (selectionFrozen) return; + +/* in extended selection mode there may be several selected items */ + + selectedObjects.clear(); + + QTreeWidgetItemIterator it(this); + while ( *it ) + { + if ((*it)->isSelected()) + { + QTreeWidgetItem *itm= (*it); + ObjectTreeViewItem *otvi=dynamic_cast(itm); + + selectedObjects.push_back(otvi->getFWObject()); + + if (fwbdebug) + qDebug("ObjectTreeView::selectionChanged: selected otvi=%p object %s", otvi, otvi->getFWObject()->getName().c_str()); + } + ++it; + } + setLockFlags(); + + if (fwbdebug) + qDebug("ObjectTreeView::itemSelectionChanged completed"); +/* now list selectedObjects holds all selected items */ +} + +void ObjectTreeView::setLockFlags() +{ + QTreeWidgetItemIterator it(this); + Lockable=false; + Unlockable=false; + while ( *it ) + { + if ((*it)->isSelected()) + { + QTreeWidgetItem *itm = *it; + ObjectTreeViewItem *otvi=dynamic_cast(itm); + + FWObject *lib = otvi->getFWObject()->getLibrary(); + // these lbraries are locked anyway, do not let the user + // lock objects inside because they won't be able to unlock them. + if (lib->getId()!=STANDARD_LIB && lib->getId()!=TEMPLATE_LIB) + { + if (otvi->getFWObject()->getBool("ro")) Unlockable=true; + else Lockable=true; + } + } + ++it; + } +} + +bool ObjectTreeView::isSelected(FWObject* obj) +{ + for (vector::iterator i=selectedObjects.begin(); + i!=selectedObjects.end(); ++i) + { + if ( (*i)==obj) return true; + } + return false; +} + +int ObjectTreeView::getNumSelected() +{ + return selectedObjects.size(); +} + diff --git a/src/gui/ObjectTreeView.h b/src/gui/ObjectTreeView.h new file mode 100644 index 000000000..1a53996a0 --- /dev/null +++ b/src/gui/ObjectTreeView.h @@ -0,0 +1,151 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: ObjectTreeView.h,v 1.22 2007/01/08 03:37:53 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __OBJECTTREEVIEW_H_ +#define __OBJECTTREEVIEW_H_ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +namespace libfwbuilder { + class FWObject; +}; + +class ObjectTreeView : public QTreeWidget { + + Q_OBJECT + + QTreeWidgetItem *item_before_drag_started; + QTreeWidgetItem *lastSelected; + QItemSelection lastSelection; + QTimer singleClickTimer; + bool second_click; + + bool selectionFrozen; + bool expandOrCollapse; + bool Lockable; + bool Unlockable; + bool startingDrag; + + bool visible; + + bool process_mouse_release_event; + + std::vector selectedObjects; + + protected: + + bool event( QEvent *event ); + + virtual void dragEnterEvent( QDragEnterEvent *ev); + virtual void dragMoveEvent( QDragMoveEvent *ev); + virtual void dropEvent(QDropEvent *ev); + virtual void dragLeaveEvent( QDragLeaveEvent *ev); + + virtual void keyPressEvent( QKeyEvent* ev ); + virtual void mousePressEvent( QMouseEvent *e ); + virtual void mouseReleaseEvent( QMouseEvent *e ); + virtual void mouseDoubleClickEvent( QMouseEvent *e ); + virtual void mouseMoveEvent( QMouseEvent *e ); + + virtual void keyReleaseEvent( QKeyEvent* ev ); + + virtual void focusInEvent(QFocusEvent*); + virtual void focusOutEvent(QFocusEvent*); + + void startDrag(Qt::DropActions supportedActions); + + public: + + ObjectTreeView(QWidget* parent = 0, const char * name = 0, Qt::WFlags f = 0); + + void freezeSelection(bool f) { selectionFrozen=f; } + + std::vector& getSelectedObjects() + { return selectedObjects; } + + bool isSelected(libfwbuilder::FWObject* obj); + int getNumSelected(); + bool isLockable(); + bool isUnlockable(); + void setLockFlags(); + + libfwbuilder::FWObject* getCurrentObject(); + + void editCurrentObject(); + + void clearLastSelected(); + + void becomingVisible() { visible=true; } + void becomingHidden() { visible=false; } + +/* Under some circumstances, user may select several host or fw + * objects so that their children objects are selected as well + * (e.g. when shift-click is used). "Delete objects" or "group + * objects" operations will work on all children objects, which leads + * to unexpected results since it is not obvious to the user that + * children objects were selected (since they are invisible). We need + * to remove them from the list before we delete or perform other + * actions. + */ + std::vector getSimplifiedSelection(); + + void ignoreNextMouseReleaseEvent() { process_mouse_release_event = false; } + + public slots: + + void itemSelectionChanged(); + void resetSelection(); + void currentItemChanged(QTreeWidgetItem *cur); + void itemCollapsed(QTreeWidgetItem *itm); + void itemExpanded(QTreeWidgetItem *itm); + void itemOpened (); + virtual void updateTreeItems(); + + signals: + +// void showObjectInfo_sign(libfwbuilder::FWObject *); + void editCurrentObject_sign(); + void switchObjectInEditor_sign(libfwbuilder::FWObject*); + void objectDropped_sign(libfwbuilder::FWObject *); + void deleteObject_sign(libfwbuilder::FWObject *); + void contextMenuRequested_sign(const QPoint&); +}; + + +#endif + diff --git a/src/gui/ObjectTreeViewItem.cpp b/src/gui/ObjectTreeViewItem.cpp new file mode 100644 index 000000000..7ae36483a --- /dev/null +++ b/src/gui/ObjectTreeViewItem.cpp @@ -0,0 +1,39 @@ + +#include "global.h" + +#include "ObjectTreeViewItem.h" + +#include "fwbuilder/Firewall.h" + +#include +#include + +using namespace std; +using namespace libfwbuilder; + +QVariant ObjectTreeViewItem::data (int column, int role) const +{ + if (role == Qt::FontRole) + { + QFont usual = QTreeWidgetItem::data(column, role).value(); + + FWObject * obj=getFWObject(); + Firewall * o=NULL; + + if (obj!=NULL || getProperty("type")==Firewall::TYPENAME) + { + o=Firewall::cast( obj ); + } + + if (o!=NULL) + { + bool mf= !o->getInactive() && (o->needsInstall()) ; + usual.setBold (mf); + return QVariant(usual); + } + else + return QVariant(usual); + } + return QTreeWidgetItem::data(column, role); +} + diff --git a/src/gui/ObjectTreeViewItem.h b/src/gui/ObjectTreeViewItem.h new file mode 100644 index 000000000..970540411 --- /dev/null +++ b/src/gui/ObjectTreeViewItem.h @@ -0,0 +1,75 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: ObjectTreeViewItem.h,v 1.7 2006/02/26 09:24:18 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + + +#ifndef OBJECTTREEVIEWITEM_H +#define OBJECTTREEVIEWITEM_H + +#include +#include + +#include +#include + +namespace libfwbuilder { + class FWObject; +} + +class ObjectTreeView; + +class ObjectTreeViewItem : public QTreeWidgetItem { + + libfwbuilder::FWObject *objptr; + QMap props; + QString lib; + + public: + + ObjectTreeViewItem(QTreeWidget *parent) : QTreeWidgetItem(parent) { + objptr=NULL; + } + + ObjectTreeViewItem(QTreeWidgetItem *parent) : QTreeWidgetItem(parent){ + objptr=NULL; + } + + libfwbuilder::FWObject *getFWObject() const { return objptr; } + void setFWObject(libfwbuilder::FWObject *obj) { objptr=obj; } + + ObjectTreeView* getTree(); + + QString getLib() { return lib; } + void setLib(const QString &l) { lib=l; } + + QString getProperty(const QString &name) const { return props[name]; } + void setProperty(const QString &name,const QString &val) { + props[name]=val; + } + + QVariant data (int column, int role) const; +}; + +#endif diff --git a/src/gui/PhysicalAddressDialog.cpp b/src/gui/PhysicalAddressDialog.cpp new file mode 100644 index 000000000..a0a38e83a --- /dev/null +++ b/src/gui/PhysicalAddressDialog.cpp @@ -0,0 +1,162 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: PhysicalAddressDialog.cpp,v 1.20 2007/04/14 00:18:43 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "FWBTree.h" +#include "PhysicalAddressDialog.h" +#include "ObjectManipulator.h" + +#include "fwbuilder/Library.h" +#include "fwbuilder/physAddress.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/FWException.h" + +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +using namespace std; +using namespace libfwbuilder; + +PhysicalAddressDialog::PhysicalAddressDialog(QWidget *parent) : QWidget(parent) +{ + m_dialog = new Ui::PhysAddressDialog_q; + m_dialog->setupUi(this); + obj=NULL; +} + +PhysicalAddressDialog::~PhysicalAddressDialog() +{ + delete m_dialog; +} + +void PhysicalAddressDialog::loadFWObject(FWObject *o) +{ + obj=o; + physAddress *s = dynamic_cast(obj); + assert(s!=NULL); + + init=true; + + fillLibraries(m_dialog->libs,obj); + + m_dialog->obj_name->setText( QString::fromUtf8(s->getName().c_str()) ); + m_dialog->pAddress->setText( s->getPhysAddress().c_str() ); + m_dialog->comment->setText( QString::fromUtf8(s->getComment().c_str()) ); + + m_dialog->libs->setEnabled( false ); + + //apply->setEnabled( false ); + + m_dialog->obj_name->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->obj_name); + + m_dialog->libs->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->libs); + + m_dialog->pAddress->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->pAddress); + + m_dialog->comment->setReadOnly(o->isReadOnly()); + setDisabledPalette(m_dialog->comment); + + + init=false; +} + +void PhysicalAddressDialog::changed() +{ + //apply->setEnabled( true ); + emit changed_sign(); +} + +void PhysicalAddressDialog::validate(bool *res) +{ + *res=true; + + if (!isTreeReadWrite(this,obj)) { *res=false; return; } + if (!validateName(this,obj,m_dialog->obj_name->text())) { *res=false; return; } +} + +void PhysicalAddressDialog::isChanged(bool *res) +{ + //*res=(!init && apply->isEnabled()); +} + +void PhysicalAddressDialog::libChanged() +{ + changed(); +} + +void PhysicalAddressDialog::applyChanges() +{ + physAddress *s = dynamic_cast(obj); + assert(s!=NULL); + + string oldname=obj->getName(); + obj->setName( string(m_dialog->obj_name->text().toUtf8().constData()) ); + obj->setComment( string(m_dialog->comment->toPlainText().toUtf8().constData()) ); + s->setPhysAddress( m_dialog->pAddress->text().toLatin1().constData() ); + + om->updateObjName(obj,QString::fromUtf8(oldname.c_str())); + + init=true; + +/* move to another lib if we have to */ + if (! FWBTree::isSystem(obj) && m_dialog->libs->currentText() != QString(obj->getLibrary()->getName().c_str())) + om->moveObject(m_dialog->libs->currentText(), obj); + + init=false; + + //apply->setEnabled( false ); + om->updateLastModifiedTimestampForAllFirewalls(obj); +} + +void PhysicalAddressDialog::discardChanges() +{ + loadFWObject(obj); +} + + +/* ObjectEditor class connects its slot to this signal and does all + * the verification for us, then accepts (or not) the event. So we do + * nothing here and defer all the processing to ObjectEditor + */ +void PhysicalAddressDialog::closeEvent(QCloseEvent *e) +{ + emit close_sign(e); + +} + diff --git a/src/gui/PhysicalAddressDialog.h b/src/gui/PhysicalAddressDialog.h new file mode 100644 index 000000000..d14b62067 --- /dev/null +++ b/src/gui/PhysicalAddressDialog.h @@ -0,0 +1,71 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: PhysicalAddressDialog.h,v 1.6 2006/05/13 06:53:05 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __PHYSICALADDRESSDIALOG_H_ +#define __PHYSICALADDRESSDIALOG_H_ + +#include "config.h" +#include +#include + +#include "fwbuilder/FWObject.h" + + +class PhysicalAddressDialog : public QWidget +{ + Q_OBJECT + + libfwbuilder::FWObject *obj; + bool init; + bool showNetmask; + Ui::PhysAddressDialog_q *m_dialog; + + public: + PhysicalAddressDialog(QWidget *parent); + ~PhysicalAddressDialog(); + +public slots: + virtual void changed(); + virtual void libChanged(); + virtual void applyChanges(); + virtual void discardChanges(); + virtual void loadFWObject(libfwbuilder::FWObject *obj); + virtual void validate(bool*); + virtual void isChanged(bool*); + virtual void closeEvent(QCloseEvent *e); + + signals: +/** + * This signal is emitted from closeEvent, ObjectEditor connects + * to this signal to make checks before the object editor can be closed + * and to store its position on the screen + */ + void close_sign(QCloseEvent *e); + void changed_sign(); + +}; + +#endif // PHYSICALADDRESSDIALOG_H diff --git a/src/gui/PixmapFactory.cpp b/src/gui/PixmapFactory.cpp new file mode 100644 index 000000000..9195fa58c --- /dev/null +++ b/src/gui/PixmapFactory.cpp @@ -0,0 +1,64 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: PixmapFactory.cpp,v 1.1 2006/10/22 02:29:53 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + + + + This class is a simple wrapper for QPixmapCache, it automatically + creates pixmap if it is not found in the cache + +*/ + + + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "PixmapFactory.h" + +#include +#include + +#include + +using namespace std; + + +QPixmap PixmapFactory::getPixmap(const std::string &icn_filename) +{ + QPixmap pm; + if ( ! QPixmapCache::find( icn_filename.c_str(), pm) ) { + pm.load( icn_filename.c_str() ); + QPixmapCache::insert( icn_filename.c_str(), pm); + if (fwbdebug) + qDebug("Created new pixmap from file %s: isNull=%d w=%d h=%d hasAlpha=%d", + icn_filename.c_str(), + pm.isNull(), + pm.width(), + pm.height(), + pm.hasAlpha() + ); + } + return pm; +} + diff --git a/src/gui/PixmapFactory.h b/src/gui/PixmapFactory.h new file mode 100644 index 000000000..113b9f6b3 --- /dev/null +++ b/src/gui/PixmapFactory.h @@ -0,0 +1,42 @@ +/* + + Firewall Builder + + Copyright (C) 2006 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: PixmapFactory.h,v 1.1 2006/10/22 02:29:54 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + + +#include +#include + +#include +#include + +class PixmapFactory { + +public: + + PixmapFactory() {} + + static QPixmap getPixmap(const std::string &icn_name); + +}; diff --git a/src/gui/PrefsDialog.cpp b/src/gui/PrefsDialog.cpp new file mode 100644 index 000000000..4cb7f0692 --- /dev/null +++ b/src/gui/PrefsDialog.cpp @@ -0,0 +1,398 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: PrefsDialog.cpp,v 1.29 2007/02/04 04:20:26 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "PrefsDialog.h" +#include "FWBSettings.h" +#include "listOfLibraries.h" +#include "FWWindow.h" +#include "ObjectManipulator.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* + +#include +#include +#include +#include + +#ifdef _WIN32 +# include +# include +# include +#else +# include +#endif +*/ + +#include + +using namespace std; + +void PrefsDialog::setButtonColor(QPushButton *btn,const QString &colorCode) +{ + QPixmap pm(40,14); + pm.fill( QColor(colorCode) ); + QPainter p( &pm ); + p.drawRect( pm.rect() ); + btn->setIcon(QIcon(pm)); +} + +PrefsDialog::~PrefsDialog() +{ + delete m_dialog; +} + +PrefsDialog::PrefsDialog(QWidget *parent) : QDialog(parent) +{ + m_dialog = new Ui::prefsDialog_q; + m_dialog->setupUi(this); + + m_dialog->wDir->setText( st->getWDir() ); + m_dialog->startupAction->setCurrentIndex( st->getStartupAction() ); + m_dialog->expandTree->setChecked( st->getExpandTree() ); +// mergeLibs->setChecked( st->getMergeLibs() ); + + m_dialog->objTooltips->setChecked( st->getObjTooltips() ); + m_dialog->tooltipDelay->setValue( st->getTooltipDelay() ); + + m_dialog->deletedObj->setChecked( st->getBool("UI/ShowDeletedObjects") ); + + m_dialog->emptyRCSLog->setChecked( st->getRCSLogState() ); + m_dialog->autosave->setChecked( st->getAutoSave() ); + + m_dialog->autosaveFile->setChecked( st->getBool("Environment/autoSaveFile") ); + m_dialog->autosaveInterval->setValue( st->getInt("Environment/autoSaveFilePeriod")); + +// dontSaveStdLib->setChecked( st->getDontSaveStdLib() ); + + m_dialog->sshPath->setText( st->getSSHPath() ); + + for (list::iterator i=addOnLibs->begin(); i!=addOnLibs->end(); ++i) + { + QStringList qsl; + qsl << i->name << "" << i->path; //fromUtf8 + QTreeWidgetItem *itm = new QTreeWidgetItem( m_dialog->avLibs, qsl ); + if (i->load) + { + //itm->setPixmap(1, QPixmap::fromMimeSource( "apply.png" ) ); + + QPixmap pm; + QString icn = ":/Icons/apply.png"; + if ( ! QPixmapCache::find( icn, pm) ) + { + pm.load( icn ); + QPixmapCache::insert( icn, pm); + } + itm->setIcon(1, QIcon(pm)); + } + } + +// set label icons colors and text strings using user's settings + + QString t; + colors[FWBSettings::RED]=st->getLabelColor(FWBSettings::RED); + t=st->getLabelText (FWBSettings::RED); + + setButtonColor(m_dialog->redBtn,colors[FWBSettings::RED]); + m_dialog->redText->setText(t); + + colors[FWBSettings::ORANGE]=st->getLabelColor(FWBSettings::ORANGE); + t=st->getLabelText (FWBSettings::ORANGE); + + setButtonColor(m_dialog->orangeBtn,colors[FWBSettings::ORANGE]); + m_dialog->orangeText->setText(t); + + colors[FWBSettings::YELLOW]=st->getLabelColor(FWBSettings::YELLOW); + t=st->getLabelText (FWBSettings::YELLOW); + + setButtonColor(m_dialog->yellowBtn,colors[FWBSettings::YELLOW]); + m_dialog->yellowText->setText(t); + + colors[FWBSettings::GREEN]=st->getLabelColor(FWBSettings::GREEN); + t=st->getLabelText (FWBSettings::GREEN); + + setButtonColor(m_dialog->greenBtn,colors[FWBSettings::GREEN]); + m_dialog->greenText->setText(t); + + colors[FWBSettings::BLUE]=st->getLabelColor(FWBSettings::BLUE); + t=st->getLabelText (FWBSettings::BLUE); + + setButtonColor(m_dialog->blueBtn,colors[FWBSettings::BLUE]); + m_dialog->blueText->setText(t); + + colors[FWBSettings::PURPLE]=st->getLabelColor(FWBSettings::PURPLE); + t=st->getLabelText (FWBSettings::PURPLE); + + setButtonColor(m_dialog->purpleBtn,colors[FWBSettings::PURPLE]); + m_dialog->purpleText->setText(t); + + colors[FWBSettings::GRAY]=st->getLabelColor(FWBSettings::GRAY); + t=st->getLabelText (FWBSettings::GRAY); + + setButtonColor(m_dialog->grayBtn,colors[FWBSettings::GRAY]); + m_dialog->grayText->setText(t); + +} + +void PrefsDialog::changeColor(QPushButton *btn, + FWBSettings::LabelColors colorCode) +{ + QColor clr = QColorDialog::getColor( + QColor(colors[colorCode]), this); + + if (!clr.isValid()) return; + colors[colorCode]= clr.name(); + setButtonColor(btn,colors[colorCode]); +} + + +void PrefsDialog::changeRedColor() +{ + changeColor(m_dialog->redBtn, FWBSettings::RED); +} + +void PrefsDialog::changeOrangeColor() +{ + changeColor(m_dialog->orangeBtn, FWBSettings::ORANGE); +} + +void PrefsDialog::changeYellowColor() +{ + changeColor(m_dialog->yellowBtn, FWBSettings::YELLOW); +} + +void PrefsDialog::changeGreenColor() +{ + changeColor(m_dialog->greenBtn, FWBSettings::GREEN); +} + +void PrefsDialog::changeBlueColor() +{ + changeColor(m_dialog->blueBtn, FWBSettings::BLUE); +} + +void PrefsDialog::changePurpleColor() +{ + changeColor(m_dialog->purpleBtn, FWBSettings::PURPLE); +} + +void PrefsDialog::changeGrayColor() +{ + changeColor(m_dialog->grayBtn, FWBSettings::GRAY); +} + + +void PrefsDialog::findWDir() +{ + QString wd = st->getWDir(); + QString dir = QFileDialog::getExistingDirectory( + this, tr("Find working directory"), wd, QFileDialog::ShowDirsOnly ); + + if (!dir.isEmpty()) m_dialog->wDir->setText(dir); +} + +void PrefsDialog::findSSH() +{ + QString fp = QFileDialog::getOpenFileName( + this, + tr("Find Secure Shell utility") ); + + if (!fp.isEmpty()) m_dialog->sshPath->setText(fp); +} + +void PrefsDialog::libClick(QTreeWidgetItem* itm, int col) +{ + if (itm && col==1) + { + if (itm->text(0)=="Standard") return; + + for (list::iterator i=addOnLibs->begin(); + i!=addOnLibs->end(); ++i) + { + if (i->name == itm->text(0)) //fromUtf8 + { + if (i->load) itm->setIcon(1, QIcon()); + else + { + //itm->setPixmap(1, QPixmap::fromMimeSource( "apply.png" ) ); + QPixmap pm; + QString icn = ":/Icons/apply.png"; + if ( ! QPixmapCache::find( icn, pm) ) + { + pm.load( icn ); + QPixmapCache::insert( icn, pm); + } + itm->setIcon(1, QIcon(pm)); + } + + i->load = !i->load; + +#if 0 +// commented out for bug #1620284 + if (i->load) + { + mw->loadLibrary( i->path.latin1() ); + om->loadObjects(); + } +#endif + break; + } + } + } +} + +void PrefsDialog::addLibrary() +{ + QString fp = QFileDialog::getOpenFileName( + this, + tr("Find add-on library"), + st->getWDir(), + "Firewall Builder 2 files (*.fwl)"); + + if (!fp.isEmpty()) + { + list::iterator i = addOnLibs->add( fp.toLatin1().constData(), true ); + if (i==addOnLibs->end()) + { + if (fwbdebug) + qDebug("PrefsDialog::addLibrary(): library addition failed"); + return; + } + QString libname = i->name; //fromUtf8 + QStringList qsl; + qsl << libname << "" << fp; + QTreeWidgetItem *itm = new QTreeWidgetItem( m_dialog->avLibs, qsl ); + + QPixmap pm; + QString icn = ":/Icons/apply.png"; + if ( ! QPixmapCache::find( icn, pm) ) + { + pm.load( icn ); + QPixmapCache::insert( icn, pm); + } + itm->setIcon(1, QIcon(pm)); + + // commented out for bug #1620284 + // + //mw->loadLibrary( i->path.latin1() ); + //om->loadObjects(); + } +} + +/* when user removes library from the list, the change gets in effect + * next time they start the program. There is a warning in the dialog + * that says so + */ +void PrefsDialog::remLibrary() +{ + QTreeWidgetItem *itm = m_dialog->avLibs->currentItem(); + if (itm==NULL) return; + + if (itm->text(0)=="Standard") return; + + for (list::iterator i=addOnLibs->begin(); i!=addOnLibs->end(); ++i) + { + if (i->name == itm->text(0)) //fromUtf8 + { + addOnLibs->erase(i); + delete itm; + break; + } + } +} + +void PrefsDialog::accept() +{ + QString wd=m_dialog->wDir->text(); + +/* check if the default working directory does not exist yet */ + + st->setWDir( wd ); + st->setStartupAction( m_dialog->startupAction->currentIndex() ); + st->setExpandTree( m_dialog->expandTree->isChecked() ); +// st->setMergeLibs( mergeLibs->isChecked() ); + + st->setObjTooltips( m_dialog->objTooltips->isChecked() ); + st->setTooltipDelay( m_dialog->tooltipDelay->value() ); + + st->setBool("UI/ShowDeletedObjects", m_dialog->deletedObj->isChecked() ); + +// QToolTip::setWakeUpDelay( st->getTooltipDelay()*1000 ); + + st->setRCSLogState( m_dialog->emptyRCSLog->isChecked() ); + st->setAutoSave( m_dialog->autosave->isChecked() ); + + st->setBool("Environment/autoSaveFile", m_dialog->autosaveFile->isChecked() ); + st->setInt("Environment/autoSaveFilePeriod", m_dialog->autosaveInterval->value() ); + +// st->setDontSaveStdLib( dontSaveStdLib->isChecked() ); + + st->setLabelColor(FWBSettings::RED, colors[FWBSettings::RED]); + st->setLabelColor(FWBSettings::ORANGE, colors[FWBSettings::ORANGE]); + st->setLabelColor(FWBSettings::YELLOW, colors[FWBSettings::YELLOW]); + st->setLabelColor(FWBSettings::GREEN, colors[FWBSettings::GREEN]); + st->setLabelColor(FWBSettings::BLUE, colors[FWBSettings::BLUE]); + st->setLabelColor(FWBSettings::PURPLE, colors[FWBSettings::PURPLE]); + st->setLabelColor(FWBSettings::GRAY, colors[FWBSettings::GRAY]); + + st->setLabelText (FWBSettings::RED, m_dialog->redText->text() ); + st->setLabelText (FWBSettings::ORANGE, m_dialog->orangeText->text() ); + st->setLabelText (FWBSettings::YELLOW, m_dialog->yellowText->text() ); + st->setLabelText (FWBSettings::GREEN, m_dialog->greenText->text() ); + st->setLabelText (FWBSettings::BLUE, m_dialog->blueText->text() ); + st->setLabelText (FWBSettings::PURPLE, m_dialog->purpleText->text() ); + st->setLabelText (FWBSettings::GRAY, m_dialog->grayText->text() ); + + st->setSSHPath( m_dialog->sshPath->text() ); + + QDir d; + d.mkdir( wd ); + + mw->setupAutoSave(); + om->showDeletedObjects(st->getBool("UI/ShowDeletedObjects")); + + QDialog::accept(); +} + diff --git a/src/gui/PrefsDialog.h b/src/gui/PrefsDialog.h new file mode 100644 index 000000000..0c069b831 --- /dev/null +++ b/src/gui/PrefsDialog.h @@ -0,0 +1,75 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: PrefsDialog.h,v 1.6 2006/05/08 01:26:18 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __PREFSDIALOG_H_ +#define __PREFSDIALOG_H_ + +#include "config.h" +#include + +#include "FWBSettings.h" +#include "listOfLibraries.h" + +#include +#include +#include + +#include + +class QPushButton; + +class PrefsDialog : public QDialog +{ + Q_OBJECT + + void setButtonColor(QPushButton *btn,const QString &colorCode); + void changeColor(QPushButton *btn,FWBSettings::LabelColors colorCode); + + std::map colors; + Ui::prefsDialog_q *m_dialog; + + public: + PrefsDialog(QWidget *parent); + ~PrefsDialog(); + +public slots: + virtual void accept(); + virtual void findWDir(); + virtual void addLibrary(); + virtual void remLibrary(); + virtual void findSSH(); + virtual void libClick(QTreeWidgetItem* itm, int col); + virtual void changeRedColor(); + virtual void changeOrangeColor(); + virtual void changeYellowColor(); + virtual void changeGreenColor(); + virtual void changeBlueColor(); + virtual void changePurpleColor(); + virtual void changeGrayColor(); + +}; + +#endif // __PREFSDIALOG_H diff --git a/src/gui/PrintingProgressDialog.cpp b/src/gui/PrintingProgressDialog.cpp new file mode 100644 index 000000000..dff885af1 --- /dev/null +++ b/src/gui/PrintingProgressDialog.cpp @@ -0,0 +1,93 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: PrintingProgressDialog.cpp,v 1.3 2005/01/27 09:35:53 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#include "PrintingProgressDialog.h" + +#include +#include +#include +#include +#include +#include + +PrintingProgressDialog::PrintingProgressDialog(QWidget *parent,QPrinter *p,int nPages,bool disableCancel) : + QDialog(parent) +{ + m_dialog = new Ui::printingProgressDialog_q; + m_dialog->setupUi(this); + + connect( m_dialog->Cancel, SIGNAL( clicked() ), + this, SLOT( abortPrinting() ) ); + + printer=p; + + setNPages(nPages); + m_dialog->text->setText(""); + if (disableCancel) m_dialog->Cancel->hide(); +} + +PrintingProgressDialog::~PrintingProgressDialog() +{ + delete m_dialog; +} + +void PrintingProgressDialog::setCurrentPageNo(int n) +{ + if (totalPages) + m_dialog->text->setText(tr( "Printing (page %1/%2)" ).arg(n).arg(totalPages)); + else + m_dialog->text->setText(tr( "Printing page %1" ).arg(n) ); + + m_dialog->progressBar->setValue(n); + + QApplication::processEvents(QEventLoop::AllEvents,50); +} + +void PrintingProgressDialog::genericProgressIndicator(int n,const QString &txt) +{ + m_dialog->text->setText(txt); + m_dialog->progressBar->setValue(n); + + QApplication::processEvents(QEventLoop::ExcludeUserInputEvents,10); +} + +void PrintingProgressDialog::abortPrinting() +{ + if (printer->abort()) + m_dialog->text->setText( tr("Aborting print operation") ); + else + m_dialog->text->setText( tr("Cannot abort printing") ); +} + +void PrintingProgressDialog::setNPages(int n) +{ + totalPages=n; + m_dialog->progressBar->setMinimum(0); + m_dialog->progressBar->setMaximum(totalPages); + m_dialog->progressBar->reset(); + //m_dialog->progressBar->setTotalSteps(totalPages); +} + diff --git a/src/gui/PrintingProgressDialog.h b/src/gui/PrintingProgressDialog.h new file mode 100644 index 000000000..fb468a221 --- /dev/null +++ b/src/gui/PrintingProgressDialog.h @@ -0,0 +1,62 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: PrintingProgressDialog.h,v 1.2 2005/01/23 05:32:06 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __PRINTINGPROGRESSDIALOG_H_ +#define __PRINTINGPROGRESSDIALOG_H_ + +#include + +#include +#include +#include + +#include + +class PrintingProgressDialog : public QDialog { + + Q_OBJECT + + QPrinter *printer; + int totalPages; + Ui::printingProgressDialog_q *m_dialog; + + public: + + PrintingProgressDialog(QWidget *parent,QPrinter *p,int nPages,bool disableCancel); + ~PrintingProgressDialog(); + + void setCurrentPageNo(int n); + void genericProgressIndicator(int n,const QString &txt); + void setNPages(int n); + + public slots: + + void abortPrinting(); + +}; + + +#endif diff --git a/src/gui/PrototypeDialogClass.cpp b/src/gui/PrototypeDialogClass.cpp new file mode 100644 index 000000000..73bcc21fe --- /dev/null +++ b/src/gui/PrototypeDialogClass.cpp @@ -0,0 +1,107 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: PrototypeDialogClass.cpp,v 1.9 2004/06/17 06:37:01 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "PrototypeDialog.h" +#include "ObjectManipulator.h" + +#include "fwbuilder/Library.h" +#include "fwbuilder/Prototype.h" // should be an include file for the object type + +#include +#include +#include +#include + +#include + +using namespace libfwbuilder; +using namespace std; + +void PrototypeDialog::loadFWObject(FWObject *o) +{ + obj=o; + Prototype *s = dynamic_cast(obj); + assert(s!=NULL); + + init=true; + + fillLibraries(libs,obj); + + obj_name->setText( QString::fromUtf8(s->getName().c_str()) ); + comment->setText( QString::fromUtf8(s->getComment().c_str()) ); + + + + apply->setEnabled( false ); + init=false; +} + +void PrototypeDialog::changed() +{ + apply->setEnabled( true ); +} + +void PrototypeDialog::validate(bool *res) +{ + *res=true; +} + +void PrototypeDialog::isChanged(bool *res) +{ + *res=(!init && apply->isEnabled()); +} + +void PrototypeDialog::libChanged() +{ + changed(); +} + +void PrototypeDialog::applyChanges() +{ + if (!isTreeReadWrite(this,obj)) return; + + string oldname=obj->getName(); + obj->setName( string(obj_name->text().utf8()) ); + obj->setComment( string(comment->text().utf8()) ); + + + om->updateObjName(obj,QString::fromUtf8(oldname.c_str())); + + init=true; + +/* move to another lib if we have to */ + if (! FWBTree::isSystem(obj) && libs->currentText() != QString(obj->getLibrary()->getName().c_str())) + om->moveObject(libs->currentText(), obj); + + init=false; + + apply->setEnabled( false ); +} + diff --git a/src/gui/PrototypeDialogClass.h b/src/gui/PrototypeDialogClass.h new file mode 100644 index 000000000..f7c67e5ab --- /dev/null +++ b/src/gui/PrototypeDialogClass.h @@ -0,0 +1,66 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: PrototypeDialogClass.h,v 1.3 2004/06/06 20:45:49 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __PROTOTYPEDIALOG_H_ +#define __PROTOTYPEDIALOG_H_ + +#include "config.h" +#include + +#include "fwbuilder/FWObject.h" + + +class PrototypeDialog : public PrototypeDialog_q +{ + Q_OBJECT + + libfwbuilder::FWObject *obj; + bool init; + + public: + PrototypeDialog() : PrototypeDialog_q() { obj=NULL; } + +public slots: + virtual void changed(); + virtual void libChanged(); + virtual void applyChanges(); + virtual void discardChanges(); + virtual void loadFWObject(libfwbuilder::FWObject *obj); + virtual void validate(bool*); + virtual void isChanged(bool*); + virtual void closeEvent(QCloseEvent *e); + + signals: +/** + * This signal is emitted from closeEvent, ObjectEditor connects + * to this signal to make checks before the object editor can be closed + * and to store its position on the screen + */ + void close_sign(QCloseEvent *e); + +}; + +#endif // __PROTOTYPEDIALOG_H diff --git a/src/gui/RCS.cpp b/src/gui/RCS.cpp new file mode 100644 index 000000000..2312370ee --- /dev/null +++ b/src/gui/RCS.cpp @@ -0,0 +1,1026 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: RCS.cpp,v 1.62 2006/10/21 06:53:25 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "utils.h" + +// need this for FS_SEPARATOR +#include "fwbuilder/libfwbuilder-config.h" +#include "fwbuilder/Tools.h" + +//#include "FWWindow.h" + +#include +#include +#include +#include +#include +#include +#include + +#include + +#if defined(_WIN32) +# include +# include +# include +# include +# include +#else +# include +# include +# include +# if defined(TM_IN_SYS_TIME) +# include +# else +# include +# endif +#endif + +#include + +using namespace std; +using namespace libfwbuilder; + +QString RCS::rcs_file_name = ""; +QString RCS::rlog_file_name = ""; +QString RCS::rcsdiff_file_name = ""; +QString RCS::ci_file_name = ""; +QString RCS::co_file_name = ""; + +RCSEnvFix* RCS::rcsenvfix = NULL; + +/*********************************************************************** + * + * class Revision + * + ***********************************************************************/ +Revision::Revision() +{ +} + +Revision::Revision(const QString &file, const QString &r) +{ + filename = file; + rev = r; +} + +Revision::Revision(const Revision &r) +{ + filename = r.filename ; + rev = r.rev ; + date = r.date ; + author = r.author ; + locked_by = r.locked_by; + log = r.log ; +} + +void Revision::operator=(const Revision &r) +{ + filename = r.filename ; + rev = r.rev ; + date = r.date ; + author = r.author ; + locked_by = r.locked_by; + log = r.log ; +} + +bool Revision::operator<(const Revision &r) +{ + for(int i=1; ; i++) + { + QString v1= rev.section(".",i,i); + QString v2=r.rev.section(".",i,i); + if (v1=="" && v2=="") return false; + if (v1==v2) continue; + if (v1=="" && v2!="") return true; + if (v1!="" && v2=="") return false; + if (v1.toInt()>v2.toInt()) return false; + if (v1.toInt()tm_gmtoff/60; + if (tzoffset<0) + { + tzoffset = -1*tzoffset; + tzsign = "-"; + } else { + tzsign = "+"; + } + +#else +// global variable timezone has seconds West of GMT (positive in +// timezones west of GMT) + + tzoffset = ((ltm->tm_isdst>0)?timezone-3600:timezone)/60; + if (tzoffset<0) + { + tzoffset = -1*tzoffset; + tzsign = "+"; + } else { + tzsign = "-"; + } + +#endif + + TZOffset.sprintf("%02d:%02d",tzoffset/60,tzoffset%60); + TZOffset = tzsign + TZOffset; + + if (fwbdebug) + qDebug("tzoffset: %d TZOffset: '%s'",tzoffset,TZOffset.toAscii().constData()); + +#ifdef _WIN32 +/* need this crap because Windows does not set environment variable TZ + * by default, but rcs absolutely requires it. Even though I am using + * option "-z" with all RCS commands, stupid RCS on windows does not + * work if env var TZ is not set + */ + env.push_back( QString("TZ=GMT")+TZOffset ); + +/* + * NB: need to prepend installation directory in front of PATH on + * windows, otherwise ci fails when GUI is launched by windows + * explorer through file extension association. When the program is + * launched from menu "Start", its working directory is the dir. where + * it is installed. Since windows implies a '.' in front of PATH, + * everything works. When the program is started with some other + * directory as current dir, RCS tools fail without any error message. + */ + env.push_back( QString("PATH=%1;%2").arg(appRootDir.c_str()).arg(getenv("PATH")) ); +#endif + +/* also need to set env variable USER for rcs tools, but if the user name + * contains spaces, replace them with underscores (like "John Smith") + */ + QString uname=getUserName(); + + env.push_back( QString("USER=")+uname); + env.push_back( QString("LOGNAME=")+uname); +} + +QStringList* RCSEnvFix::getEnv() +{ + if (env.empty()) return NULL; + return &env; +} + +/*********************************************************************** + * + * class RCS + * + ***********************************************************************/ +RCS::RCS(const QString &file) +{ + if (rcsenvfix==NULL) rcsenvfix = new RCSEnvFix(); + + if (rcs_file_name=="") + { +#ifdef _WIN32 + string ts; + ts = appRootDir+FS_SEPARATOR+RCS_FILE_NAME ; + rcs_file_name = ts.c_str(); + + ts = appRootDir+FS_SEPARATOR+RLOG_FILE_NAME ; + rlog_file_name = ts.c_str(); + + ts = appRootDir+FS_SEPARATOR+RCSDIFF_FILE_NAME ; + rcsdiff_file_name = ts.c_str(); + + ts = appRootDir+FS_SEPARATOR+CI_FILE_NAME ; + ci_file_name = ts.c_str(); + + ts = appRootDir+FS_SEPARATOR+CO_FILE_NAME ; + co_file_name = ts.c_str(); +#else + rcs_file_name = RCS_FILE_NAME ; + rlog_file_name = RLOG_FILE_NAME ; + rcsdiff_file_name = RCSDIFF_FILE_NAME ; + ci_file_name = CI_FILE_NAME ; + co_file_name = CO_FILE_NAME ; +#endif + } + + filename = file; + checked_out = false; + locked = false; + inrcs = false; + tracking_file = false; + ro = false; + temp = false; + + ciproc = new QProcess(); + proc = new QProcess(); + + connect(proc, SIGNAL(readyReadStandardOutput()), this, SLOT(readFromStdout() ) ); + connect(proc, SIGNAL(readyReadStandardError()), this, SLOT(readFromStderr() ) ); + + + try + { + QString rcspath=filename.left( filename.lastIndexOf("/") ); + QDir rcsdir; + rcsdir.cd(rcspath); + +/* + * rlog is started with environment defined by RCSEnvFix, which does + * not have env. var LANG so it always runs in english + */ + QString rl = rlog(); + QStringList split_log = rl.split(QRegExp("------|======")); + + QString head_section = split_log[0]; + + QRegExp head_rx("head:\\s+([0-9\\.]+)\\s*\\n"); + int pos = head_rx.indexIn( head_section ); + if (pos>-1) head = head_rx.cap(1); + + QStringList::iterator i; + for (i=split_log.begin(),++i; i!=split_log.end(); ++i) + { + QString section = *i; + if (section.length()==0) continue; + + int match = -1; + + Revision r(filename); + r.rev = ""; + r.log = ""; + + QRegExp rev_rx("revision\\s+([0-9\\.]+)"); + match = rev_rx.indexIn( section ); + if (match>-1) + { + r.rev = rev_rx.cap(1); + } + + QRegExp lock_rx("revision\\s+([0-9\\.]+)\\s+locked by:\\s+(\\S+);"); + lock_rx.setMinimal(true); + match = lock_rx.indexIn( section ); + if (match>-1) + { + r.locked_by = lock_rx.cap(2); + locked = true; + locked_by = lock_rx.cap(2); + locked_rev = r.rev; + } + +// older implementation copied revision and "locked by" to r.log +// we'll do the same here to maintain compatibility + QRegExp rev2_rx("(revision.+)\\n"); + rev2_rx.setMinimal(true); + match = rev2_rx.indexIn( section ); + if (match>-1) + { + r.log += rev2_rx.cap(1) + "\n"; + } + + + QRegExp date_rx("date:\\s+([^;]+);\\s+author:\\s+(\\S+);"); + date_rx.setMinimal(true); + match = date_rx.indexIn( section ); + if (match>-1) + { + r.date = date_rx.cap(1); + r.author = date_rx.cap(2); + } + + QRegExp log_rx("date:.*\\n(.*)$"); + log_rx.setMinimal(true); + match = log_rx.indexIn( section ); + if (match>-1) + r.log += log_rx.cap(1); + + r.log.replace('\r',""); + + if (r.rev != "") + { + revisions.push_back(r); + if (fwbdebug) qDebug("revision %s: '%s'",r.rev.toAscii().constData(),r.log.toAscii().constData()); + } + + } + +#if 0 + for () + { + if ( (*i).find("head: ")==0) + { + head=(*i).section(QRegExp("\\s+"),1,1); + continue; + } + + if ( (*i).find(QRegExp("^=========="))==0 ) break; + + if ((*i).find(QRegExp("^revision\\s+[0-9\\.]+"))==0) + { + if (fwbdebug) qDebug("revision '%s'",(*i).ascii()); + + Revision r(filename); + + r.rev = (*i).section(QRegExp("\\s+"),1,1); + QString lb = (*i).section(QRegExp("[\\s;]+"),4,4); + if (lb!="") + { + r.locked_by = lb; + locked = true; + locked_by = lb; + locked_rev = r.rev; + } + + r.log=""; + + for ( ; (*i).find(QRegExp("^=========="))==-1 && + (*i).find(QRegExp("^----------"))==-1 && + i!=rcslog.end(); ++i ) + { + if ((*i).find(QRegExp("^date:.*author:.*state:"))==0) + { + r.date = (*i).section(QRegExp("[\\s;]+"),1,2); + r.author = QString(" ")+(*i).section(QRegExp("[\\s;]+"),4,4); + continue; + } + if ((*i).find(QRegExp("^branches:"))==0) continue; + r.log= r.log + *i + "\n"; + } + r.log.replace('\r',""); + revisions.push_back(r); + if (fwbdebug) qDebug("revision %s: '%s'",r.rev.ascii(),r.log.ascii()); + + if (i==rcslog.end()) break; + } + } +// qBubbleSort( revisions.begin() , revisions.end() ); +#endif + + inrcs = true; + tracking_file = true; + selectedRev = head; + } + catch (FWException &ex) + { + inrcs = false; + tracking_file = true; + } +} + +RCS::~RCS() +{ + delete proc; +} + +QStringList* RCS::getEnv() +{ + if (rcsenvfix==NULL) rcsenvfix = new RCSEnvFix(); + return rcsenvfix->getEnv(); +} + +RCSEnvFix* RCS::getRCSEnvFix() +{ + if (rcsenvfix==NULL) rcsenvfix = new RCSEnvFix(); + return rcsenvfix; +} + + +void RCS::readFromStdout() +{ + QString s = QString(proc->readAllStandardOutput()); + //qDebug("RCS::readFromStdout() reads: %s",s.toAscii().constData()); + stdoutBuffer=stdoutBuffer + s; +} + +void RCS::readFromStderr() +{ + QString s = QString(proc->readAllStandardError()); + //qDebug("RCS::readFromStderr() reads: %s", s.toAscii().constData()); + stderrBuffer=stderrBuffer + s; +} + +void RCS::setFileName(const QString &fn) +{ + filename=fn; + if (fwbdebug) qDebug("RCS::setFileName fn = %s",fn.toAscii().constData()); +} + +/********************************************************************* + * trivial RCS integration + */ + +void RCS::abandon() +{ + if (!isInRCS()) return; + +/* check out head revision and unlock it */ + QStringList arglist; + + arglist << "-q" << "-f" << QString("-z") + rcsenvfix->getTZOffset() << QString("-u") << filename ; + + stdoutBuffer=""; + stderrBuffer=""; + + if (fwbdebug) qDebug("starting co with environment '%s'", + rcsenvfix->getEnv()->join(" ").toAscii().constData()); + if (fwbdebug) qDebug("executing command '%s %s'", + co_file_name.toAscii().constData(), + arglist.join(" ").toAscii().constData()); + + proc->setEnvironment(*rcsenvfix->getEnv()); + proc->start( co_file_name, arglist ); + proc->waitForStarted(); + + if (fwbdebug) qDebug("running co"); + + if (proc->state() == QProcess::Running) + { + proc->waitForFinished(); + if (proc->exitCode() == 0 && proc->state() == QProcess::NotRunning) + { + if (fwbdebug) qDebug("finished successfully"); + checked_out = false; + locked = false; + selectedRev = head; + return; + } + } +/* error. */ + + selectedRev = ""; + + checked_out=false; + + QString err = tr("Error checking file out: %1").arg(stderrBuffer); + QMessageBox::critical(app->activeWindow(), "Firewall Builder", err, tr("&Continue") ); + + throw(FWException(err.toLatin1().constData())); +} + +/** + * initial RCS checkin + */ +void RCS::add() throw(libfwbuilder::FWException) +{ + int i=filename.lastIndexOf("/"); + QString rcspath=filename.left(i); + QDir rcsdir; + rcsdir.cd(rcspath); + + if (!rcsdir.exists("RCS")) rcsdir.mkdir("RCS"); + + QStringList arglist; + + arglist << "-q" << "-i" << "-kb" << QString("-z") + rcsenvfix->getTZOffset() << "-t-\"Initial checkin\"" << filename; + + stdoutBuffer=""; + stderrBuffer=""; + + proc->setEnvironment(*rcsenvfix->getEnv()); + proc->start( rcs_file_name, arglist ); + proc->waitForStarted(); + + if (proc->state() == QProcess::Running) + { + proc->waitForFinished(); + if (proc->state() == QProcess::NotRunning && proc->exitCode()==0) + { + arglist.clear(); + + arglist << "-q" << "-u" << QString("-z") + rcsenvfix->getTZOffset() << filename; + + stdoutBuffer=""; + stderrBuffer=""; + + proc->setEnvironment(*rcsenvfix->getEnv()); + proc->start( ci_file_name, arglist ); + proc->waitForStarted(); + + if (proc->state() == QProcess::Running) + { + proc->waitForFinished(); + if (proc->state() == QProcess::NotRunning && proc->exitCode()==0) + { + inrcs = true; + selectedRev = "1.1"; + head = "1.1"; + return; + } + } + } + } + QByteArray outp = proc->readAllStandardOutput(); + QString msg=QObject::tr("Fatal error during initial RCS checkin of file %1 :\n %2\nExit status %3") + .arg(filename).arg(outp.data()).arg(proc->exitCode()); + throw(FWException( msg.toLatin1().constData() )); +} + +bool RCS::isInRCS() +{ + if (tracking_file) return inrcs; + + QStringList arglist; + + arglist << QString("-z") + rcsenvfix->getTZOffset() << "-R" << filename; + + stdoutBuffer=""; + stderrBuffer=""; + + proc->setEnvironment(*rcsenvfix->getEnv()); + + proc->start( rlog_file_name, arglist ); + proc->waitForStarted(); + if (proc->state() != QProcess::Running) + throw(FWException("Fatal error running rlog ")); + + while (proc->state() == QProcess::Running) ; // cxx_sleep(1); + + if (proc->state() == QProcess::NotRunning && proc->exitCode()==1) + { +/* exist status '1' means the file is not in RCS */ + inrcs=false; + if (fwbdebug) + { + QByteArray outp = proc->readAllStandardOutput(); + qDebug("Error running rlog: %s",outp.data()); + } + return false; + } + inrcs=true; + return true; +} + +bool RCS::co(bool force) throw(libfwbuilder::FWException) +{ + return co(selectedRev,force); +} + +/** + * RCS checkout + * + * possible situations: + * + * 1. file is not in RCS - do nothing, return false + * + * 2. need to open file read-only + * + * 2.1 requested revision is emty or the head: no need to + * checkout, just return true + * + * 2.2 need to open read-only, older revision: do checkout of that + * revision into temporary file without locking, change file name, + * set flag 'temp' + * + * 3. need to open read-write, but file is locked + * + * 3.1 file is locked by the same user: offer user a choice + * open read-only or continue editing or cancel + * + * 3.2 file is locked by another user: offer a choice open read-only + * or cancel + * + * 4. need to open read-write, any revision: do normal checkout and + * lock + * + */ +bool RCS::co(const QString &rev,bool force) throw(libfwbuilder::FWException) +{ +/* first check if filename is already in RCS */ + + if (!isInRCS()) return false; + + if (ro) + { + if (rev==head || rev=="") return true; + +/* check out requested revision to stdout + * + * TODO: right now it loads the whole file into memory, then writes it + * to the temp file. It should be more efficient to read and write in + * chunks. + * + */ + QStringList arglist; + + arglist << QString("-q") << QString("-kb") << + QString("-z") + rcsenvfix->getTZOffset() << QString("-p")+rev << filename; + + stdoutBuffer=""; + stderrBuffer=""; + + if (fwbdebug) qDebug("starting co with environment '%s'", + rcsenvfix->getEnv()->join("\n").toAscii().constData()); + if (fwbdebug) qDebug("executing command '%s %s'", + co_file_name.toAscii().constData(), + arglist.join(" ").toAscii().constData()); + + proc->setEnvironment(*rcsenvfix->getEnv()); + proc->start( co_file_name, arglist ); + proc->waitForStarted(); + + if (fwbdebug) qDebug("running co"); + + if (proc->state() == QProcess::Running) + { + proc->waitForFinished(); + + if (proc->state() == QProcess::NotRunning && proc->exitCode()==0) + { + if (fwbdebug) qDebug("finished successfully"); +#ifdef _WIN32 + char tname[1024]; + strncpy(tname, filename.left(filename.lastIndexOf("/")+1).toLatin1().constData(),sizeof(tname)-20); + strcat(tname,"tmpXXXXXX"); + _mktemp(tname); + int fd = _open(tname, _O_RDWR|_O_CREAT|_O_EXCL|_O_BINARY , _S_IREAD|_S_IWRITE ); +#else + char tname[PATH_MAX]; + strncpy(tname, filename.toLatin1().constData(), sizeof(tname)-20 ); + strcat(tname,"_temp_XXXXXX"); + int fd = mkstemp(tname); +#endif + if (fd<0) + { + QString err = tr("Error creating temporary file ")+tname+QString(" :\n")+strerror(errno); + QMessageBox::critical(app->activeWindow(), "Firewall Builder", err, tr("&Continue") ); + throw(FWException(err.toLatin1().constData())); + } +#ifdef _WIN32 + if (_write(fd,stdoutBuffer.toLatin1().constData(),stdoutBuffer.length() )<0) + { + _close(fd); +#else + if ( write(fd,stdoutBuffer.toLatin1().constData(),stdoutBuffer.length() )<0) + { + close(fd); +#endif + QString err = tr("Error writing to temporary file ")+tname+QString(" :\n")+strerror(errno); + QMessageBox::critical(app->activeWindow(), "Firewall Builder", err, tr("&Continue") ); + throw(FWException(err.toLatin1().constData())); + } + close(fd); + + filename = tname; + temp = true; + checked_out = false; + locked = false; + selectedRev = rev; + return true; + } + } + + selectedRev = head; + + QString err = tr("Error checking file out: %1").arg(stderrBuffer); + QMessageBox::critical(app->activeWindow(), "Firewall Builder", err, tr("&Continue") ); + throw(FWException(err.toLatin1().constData())); + + } else + { + QString me=getUserName(); + if (locked) + { +/* the file is already locked, can not just check it out like that */ + + if (me!=locked_by) + { + switch (QMessageBox::warning( + app->activeWindow(),"Firewall Builder", + tr("File is opened and locked by %1.\nYou can only open it read-only.") + .arg(locked_by), + "Open &read-only", "&Cancel", QString::null, + 0, 1 ) ) + { + case 0: ro=true; return false; + case 1: throw(FWException("cancel opening file")); break; + } + } + + if (force) goto checkout; + + switch ( QMessageBox::warning(app->activeWindow(), "Firewall Builder", + tr("Revision %1 of this file has been checked out and locked by you earlier.\n\ +The file may be opened in another copy of Firewall Builder or was left opened\n\ +after the program crashed.").arg(locked_rev), + tr("Open &read-only"), tr("&Open and continue editing"), tr("&Cancel"), + 0, 2 ) ) + { + case 0: ro=true; return false; + case 1: +/* continue working with the file */ + checked_out = true; + locked = true; + selectedRev = locked_rev; + return true; + case 2: throw(FWException("cancel opening file")); break; + } + } + +/* if the user wanted specific revision and it should be opened + * read-only, we need to check it out into a temporary file without + * locking + */ + + checkout: + +/* check out and lock */ + QStringList arglist; + arglist.clear(); + + arglist << "-q"; + if (force) arglist << "-f"; + arglist << QString("-l")+rev << QString("-z") + rcsenvfix->getTZOffset() << filename; + + stdoutBuffer=""; + stderrBuffer=""; + + if (fwbdebug) qDebug("starting co with environment '%s'", + rcsenvfix->getEnv()->join("\n").toAscii().constData()); + if (fwbdebug) qDebug("executing command '%s %s'", + co_file_name.toAscii().constData(), + arglist.join(" ").toAscii().constData()); + + proc->setEnvironment(*rcsenvfix->getEnv()); + proc->start( co_file_name, arglist ); + proc->waitForStarted(); + + if (fwbdebug) qDebug("running co"); + + if (proc->state() == QProcess::Running) + { + proc->waitForFinished(); + if (proc->state() == QProcess::NotRunning && proc->exitCode()==0) + { + if (fwbdebug) qDebug("finished successfully"); + checked_out = true; + locked = true; + selectedRev = rev; + return true; + } + } +/* error. */ + + selectedRev = head; + + QString err = tr("Error checking file out: %1").arg(stderrBuffer); + QMessageBox::critical(app->activeWindow(), "Firewall Builder", err, tr("&Continue") ); + + throw(FWException(err.toLatin1().constData())); + } + return false; +} + + +bool RCS::ci( const QString &_lm, + bool unlock) throw(libfwbuilder::FWException) +{ +/* first check if filename is already in RCS */ + if (!isInRCS()) return false; + + QString logmsg = _lm; + + if (logmsg.isEmpty()) logmsg="_"; // otherwise ci adds "*** empty log message ***" + + if (fwbdebug) + qDebug("RCS::ci log message (%d characters): '%s'", + logmsg.length(), logmsg.toAscii().constData()); + + QStringList arglist; + + if (unlock) arglist << "-u"; + else arglist << "-l"; + arglist << QString("-z") + rcsenvfix->getTZOffset(); + arglist << filename; + + stdoutBuffer=""; + stderrBuffer=""; + + if (fwbdebug) qDebug("starting ci with environment '%s'", + rcsenvfix->getEnv()->join("\n").toAscii().constData()); + + QByteArray rcslog = logmsg.toUtf8(); + + QString obuf; + + +/* + * under some circumstances, ci may exit immediately (e.g. when there + * were no changes done to the file and it won't expect any rcs log + * record on stdin). In this case slot completeCI is called + * immediately, even before we have a chance to enter event loop. We + * need to make sure we do not enter event loop if this happens. We + * use flag ciRunning to check for that. + * + * Also it seems on windows all data is sent to the process and slot + * is called while we still are inside launch, so that once we exit + * from it, all is done and there is no need to enter event loop. + */ + ciRunning=true; + ciproc->setEnvironment(*rcsenvfix->getEnv()); + ciproc->start( ci_file_name, arglist ); + ciproc->waitForStarted(); + if (ciproc->state() != QProcess::Running) + {//if not started + if (fwbdebug) qDebug("Checkin error: file=%s error=%s", + filename.toLatin1().constData(),obuf.toLatin1().constData()); + + throw( FWException( (obuf+"\n"+ + arglist.join(" ")+"\n"+ + rcsenvfix->getEnv()->join("\n")).toAscii().constData() ) ); + } + +/* make a copy, omitting trailing '\0' so it won't get sent to ci */ + QByteArray rcslogCopy; + rcslogCopy = rcslog; + + ciproc->write((const char*)rcslogCopy, rcslog.length()); + + QByteArray arr; + arr = "\n.\n"; + ciproc->write((const char*)(arr),arr.length()); + + if (fwbdebug) qDebug("all data sent to ci"); + + ciproc->waitForFinished(); + + if (fwbdebug) qDebug("ci exited"); + + if (ciproc->state() == QProcess::NotRunning && ciproc->exitCode()==0) + { + if (fwbdebug) qDebug("ci exited normally"); + if (unlock) + { + checked_out = false; + locked = false; + } + return true; + } + + return true; +} + +/** + * rlog - run rlog in the background and collect RCS log + * + * As it turns out, we can not trust rlog option "-zLT" to properly + * convert timezone information on Windows. This might be abug in the + * ported rlog. When timezone is east of GMT, ci properly converts + * when file is checked in, but rlog uses wrong sing and substracts + * offset instead of adding it. Suppose we are in Japan time zone + * (GMT+9), and file is checked in at 15:00 local time. Ci properly + * writes checkin time as 6:00 GMT, but rlog reports it as 21:00 on a + * previous day (it does -9 hours instead of +9 hours ). Option + * "-z+09:00" works properly + * + */ +QString RCS::rlog() throw(libfwbuilder::FWException) +{ + QStringList arglist; + + arglist << QString("-z") + rcsenvfix->getTZOffset() << filename; +// proc->addArgument( "-zLT" ); + + if (fwbdebug) + qDebug("Running rlog: %s %s",rlog_file_name.toAscii().constData(),arglist.join(" ").toAscii().constData()); + + stdoutBuffer=""; + stderrBuffer=""; + + //proc->setEnvironment(*rcsenvfix->getEnv()); + proc->start( rlog_file_name, arglist ); + proc->waitForStarted(); + + if (proc->state() != QProcess::Running) + throw(FWException("Fatal error running rlog ")); + + if (fwbdebug) qDebug("Running rlog"); + + proc->waitForFinished(); + + if (fwbdebug) qDebug("Running rlog: finished reading"); + + QString rlogTxt = QString::fromUtf8(stdoutBuffer.toAscii().constData()); + + if (proc->state() == QProcess::NotRunning && proc->exitCode()==0) + return rlogTxt; + + QString msg=QObject::tr("Fatal error running rlog for %1").arg(filename); + throw( FWException( msg.toLatin1().constData() ) ); +} + +QStringList RCS::rcsdiff(const QString &rev) throw(libfwbuilder::FWException) +{ + isDiff(); + QString temp = stdoutBuffer; + return temp.split("\n"); +} + +bool RCS::isDiff(const QString &rev) throw(libfwbuilder::FWException) +{ + QStringList arglist; + + arglist << "-q"; + if (rev!="") arglist << QString("-r")+rev; + else + { + if (selectedRev!="") arglist << QString("-r")+selectedRev; + } + arglist << QString("-z") + rcsenvfix->getTZOffset() << filename; + + stdoutBuffer=""; + stderrBuffer=""; + + proc->setEnvironment(*rcsenvfix->getEnv()); + proc->start( rcsdiff_file_name, arglist ); + proc->waitForStarted(); + + + if (proc->state() == QProcess::Running) + { + proc->waitForFinished(); + /*while (proc->state() == QProcess::Running) + { + QByteArray ba = proc->readAllStandardOutput(); + if (ba.size()!=0) stdoutBuffer=stdoutBuffer + QString(ba); + }*/ + } else + throw(FWException("Fatal error running rcsdiff ")); + +// while (proc->state() == QProcess::Running) ; // cxx_sleep(1); + + if (proc->state() == QProcess::NotRunning) return (proc->exitCode()!=0); + QString msg=QObject::tr("Fatal error running rcsdiff for file %1").arg(filename); + throw( FWException( msg.toLatin1().constData() ) ); +} + +QString RCS::getHead() +{ + if (isInRCS()) return head; + return ""; +} + +QString RCS::getSelectedRev() +{ + if (isInRCS()) return selectedRev; + return ""; +} + diff --git a/src/gui/RCS.h b/src/gui/RCS.h new file mode 100644 index 000000000..930142b10 --- /dev/null +++ b/src/gui/RCS.h @@ -0,0 +1,225 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: RCS.h,v 1.21 2006/07/19 06:21:08 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __RCS_H_FLAG__ +#define __RCS_H_FLAG__ + + +#include +#include +#include + + +#include "fwbuilder/FWException.h" + +class RCS; +class RCSFilePreview; + +class Revision { + + friend class RCS; + + public: + + QString filename; + QString rev; + QString date; + QString author; + QString locked_by; + QString log; + + Revision(); + Revision(const Revision &r); + Revision(const QString &file, const QString &rev=""); + + bool operator<(const Revision &r); + bool operator==(const Revision &r); + bool operator!=(const Revision &r); + + void operator=(const Revision &r); +}; + +/* + * this class just sets environment variable TZ on Windows if it is not set + */ +class RCSEnvFix { + QStringList env; + QString TZOffset; + public: + RCSEnvFix(); + QStringList* getEnv(); + QString getTZOffset() { return TZOffset; } +}; + +class RCS : public QObject { + + friend class RCSFilePreview; + + Q_OBJECT + + /* + * RCSEnvFix object should be initialized in constructor of RCS so + * it is created _after_ we complete initialization and assign + * appRootDir because it needs appRootDir to set up PATH on + * Windows. + */ + static RCSEnvFix *rcsenvfix; + + static QString rcs_file_name ; + static QString rcsdiff_file_name ; + static QString rlog_file_name ; + static QString ci_file_name ; + static QString co_file_name ; + + QString stdoutBuffer; + QString stderrBuffer; + QProcess *proc; + QProcess *ciproc; + bool ciRunning;; + bool tracking_file; + bool inrcs; + bool checked_out; + bool locked; + QString locked_by; + QString locked_rev; + QString head; // head revision + QString selectedRev; // selected revision + bool ro; // if file is to be opened read-only + + QString filename; + bool temp; // if filename is a temporary file + QList revisions; + + /** + * Retrieves RCS log. + */ + QString rlog() throw(libfwbuilder::FWException); + + public: + + RCS( const QString &filename ); + virtual ~RCS(); + + /** + * returns head revision of the file + */ + QString getFileName() { return filename; } + void setFileName(const QString &fn); + + QList::iterator begin() { return revisions.begin(); } + QList::iterator end() { return revisions.end(); } + + void add() throw(libfwbuilder::FWException); + + /** + * this makes RCS object "forget" about the file + */ + void abandon(); + + /** + * tells whether the file associated with RCS object is in RCS + */ + bool isInRCS(); + + /** + * RCS checkout. Returns true if successfull and false if file is + * not in RCS. In case of error throws exception + */ + bool co(const QString &rev,bool force=false) throw(libfwbuilder::FWException); + + /** + * checks out currently selected revision (set using setSelectedRev) + */ + bool co(bool force=false) throw(libfwbuilder::FWException); + + /** + * RCS checkin. Returns true if successfull and false if file is + * not in RCS. In case of error throws exception + */ + bool ci(const QString &logmsg =" ", bool unlock=false) throw(libfwbuilder::FWException); + + /** + * Retrieves RCS diff. + */ + QStringList rcsdiff(const QString &rev="") throw(libfwbuilder::FWException); + + /** + * checks if the working copy of the file is different from RCS + * revision 'rev'. If rev is empty string, selected revision is + * used. If no revision has been selected, the latest revision of + * the default branch is used. + * + * This is essentially just a code returned by rcsdiff with all + * its output ignored. + */ + bool isDiff(const QString &rev="") throw(libfwbuilder::FWException); + + /** + * these two methods just return status + */ + bool isCheckedOut() { return checked_out; } + bool isLocked() { return locked; } + QString getLockedBy() { return locked_by; } + + /** + * class RCS helps carry flag 'read-only' together with the rest + * of the file info + */ + void setRO(bool f) { ro=f; } + bool isRO() { return ro; } + + /** + * flag 'temp' indicates checkout has been done into temporary file + */ + bool isTemp() { return temp; } + + /** + * returns head revision of the file + */ + QString getHead(); + + /** + * returns selected revision of the file. If the file has been + * checked out, this is the revision that was chosen for checkout; + * if the file is not in RCS, this method returns an empty string; + * if file was not checked out, or a head revision was checked + * out, this method returns the head. + */ + QString getSelectedRev(); + + void setSelectedRev(const QString &rev) { selectedRev=rev; } + + static QStringList* getEnv(); + static RCSEnvFix* getRCSEnvFix(); + + public slots: + + virtual void readFromStdout(); + virtual void readFromStderr(); +}; + + +#endif diff --git a/src/gui/RCSFileDialog.cpp b/src/gui/RCSFileDialog.cpp new file mode 100644 index 000000000..bc5e26078 --- /dev/null +++ b/src/gui/RCSFileDialog.cpp @@ -0,0 +1,108 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: RCSFileDialog.cpp,v 1.16 2006/10/22 00:09:08 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" + +#include "FWBSettings.h" +#include "RCSFileDialog.h" +#include "RCSFilePreview.h" +#include "RCS.h" + +#include + +#include + +using namespace std; + +RCSFileDialog::RCSFileDialog( const QString& dirName, const QString& filter, + QWidget* parent, const char* name, bool modal ) + : QFileDialog( parent, name, dirName, filter ) +{ + if (fwbdebug) qDebug("RCSFileDialog: constructor 1"); + + QStringList qsl; + + qsl << "Firewall Builder 4 (2) files (*.fwb)" + << "Firewall Builder 4 (2) library files (*.fwl)" + << "Old Firewall Builder files (*.xml)"; + + setFilters(qsl); + + setFileMode( QFileDialog::ExistingFile ); + + resize( QSize(700, 350) ); + + QString dir; + dir=st->getWDir(); + if (dir.isEmpty()) dir=st->getOpenFileDir(); + if (!dir.isEmpty()) setDirectory( dir ); + + if (fwbdebug) qDebug("RCSFileDialog: checkpoint 1"); + +/*************************************/ + if (fwbdebug) qDebug("RCSFileDialog: constructor done"); +} + +RCSFileDialog::RCSFileDialog( QWidget* parent, const char* name, bool modal ) + : QFileDialog(parent, "Open file")// name +{ + if (fwbdebug) qDebug("RCSFileDialog: constructor 2"); + + QStringList qsl; + + qsl << "Firewall Builder 4 (2) files (*.fwb)" + << "Firewall Builder 4 (2) library files (*.fwl)" + << "Old Firewall Builder files (*.xml)"; + + setFilters(qsl); + + resize( QSize(700, 350) ); + + QString dir; + dir=st->getWDir(); + if (dir.isEmpty()) dir=st->getOpenFileDir(); + if (dir.isEmpty()) dir=userDataDir.c_str(); + if (!dir.isEmpty()) setDirectory( dir ); + + if (fwbdebug) qDebug("RCSFileDialog: constructor done"); +} + +void RCSFileDialog::accept() +{ + st->setOpenFileDir( directory().absolutePath() ); + + QFileDialog::accept(); +} + +RCS* RCSFileDialog::getSelectedRev() +{ + /*RCS *preview_rcs = preview->getSelectedRev(); + if (preview_rcs!=NULL && preview_rcs->getFileName()==selectedFile()) + return preview_rcs; */ + + RCS *rcs = new RCS(selectedFiles()[0]); + return rcs; +} diff --git a/src/gui/RCSFileDialog.h b/src/gui/RCSFileDialog.h new file mode 100644 index 000000000..26b89eb07 --- /dev/null +++ b/src/gui/RCSFileDialog.h @@ -0,0 +1,52 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: RCSFileDialog.h,v 1.3 2006/10/17 06:09:25 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __RCSFILEDIALOG_H_ +#define __RCSFILEDIALOG_H_ + +#include "RCS.h" + +#include +#include + +class RCSFileDialog : public QFileDialog { + + Q_OBJECT + + public: + + RCSFileDialog( const QString& dirName, const QString& filter = QString::null, + QWidget* parent=0, const char* name=0, bool modal = FALSE ); + RCSFileDialog( QWidget* parent=0, const char* name=0, bool modal = FALSE ); + + RCS* getSelectedRev(); + + protected slots: + + virtual void accept(); +}; + +#endif diff --git a/src/gui/RCSFilePreview.cpp b/src/gui/RCSFilePreview.cpp new file mode 100644 index 000000000..614ed9199 --- /dev/null +++ b/src/gui/RCSFilePreview.cpp @@ -0,0 +1,214 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: RCSFilePreview.cpp,v 1.18 2006/10/21 15:12:11 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" + +#include +#include +#include + +#include "fwbuilder/libfwbuilder-config.h" +#include "fwbuilder/FWException.h" + +#include +#include +#include +// #include + +#include +#include + +using namespace std; +using namespace libfwbuilder; + +int RCSViewItem::compare(QTreeWidgetItem *itm, int col, bool ascending) const +{ + QString rev1 = text(col); + QString rev2 = itm->text(col); + + for(int i=1; ; i++) + { + QString v1 = rev1.section(".",i,i); + QString v2 = rev2.section(".",i,i); + if (v1=="" && v2=="") return 0; + if (v1==v2) continue; + if (v1=="" && v2!="") return -1; + if (v1!="" && v2=="") return 1; + if (v1.toInt()>v2.toInt()) return 1; + if (v1.toInt()setupUi(this); + + + connect( m_widget->cancelButton, SIGNAL( clicked() ), + this, SLOT( reject() ) ); + connect( m_widget->RCSTreeView, SIGNAL( itemActivated( QTreeWidgetItem*, int ) ), + this, SLOT( accept() ) ); + + m_widget->RCSTreeView->setAllColumnsShowFocus( true ); + m_widget->RCSTreeView->setSelectionMode( QAbstractItemView::SingleSelection ); + m_widget->RCSTreeView->setRootIsDecorated( FALSE ); + m_widget->RCSTreeView->sortByColumn( 0, Qt::AscendingOrder ); + + if (fwbdebug) qDebug("RCSFilePreview: constructor done"); + + rcs=NULL; + RO = false; +} + +RCSFilePreview::~RCSFilePreview() +{ + if (fwbdebug) qDebug("~RCSFilePreview() rcs=%p",rcs); +// if (rcs!=NULL) delete rcs; +} + +void RCSFilePreview::openReadOnly() +{ + if (rcs!=NULL) rcs->setRO(true); + RO = true; + accept(); +} + +void RCSFilePreview::openFile() +{ + accept(); +} + +void RCSFilePreview::selectedRevision(QTreeWidgetItem *itm) +{ + if (itm == m_widget->RCSTreeView->topLevelItem(0)) return; + + QString rev=itm->text(0); + assert(rcs!=NULL); + rcs->setSelectedRev(rev); + m_widget->comment->setText( rcsComments[rev] ); + if (fwbdebug) qDebug("RCSFilePreview::selectedRevision : %s",rev.toAscii().constData()); +} + +bool RCSFilePreview::showFileRLog( const QString &filename ) +{ + if (fwbdebug) qDebug("RCSFilePreview::showFileRLog filename=%s rcs=%p", + filename.toAscii().constData(),rcs); + + m_widget->RCSTreeView->clear(); + + if (rcs!=NULL) delete rcs; + rcs = new RCS(filename); + + if (rcs->revisions.size()==0) + { + QTreeWidgetItem *itm=new QTreeWidgetItem(m_widget->RCSTreeView); + itm->setText( 0, tr("File is not in RCS") ); +// addToRCS->setEnabled(true); + m_widget->comment->setText(""); + + return false; + } +// addToRCS->setEnabled(false); + + QTreeWidgetItem *rootItm=new QTreeWidgetItem( m_widget->RCSTreeView ); + rootItm->setText(0, filename.right( filename.length()-filename.lastIndexOf("/")-1 ) ); + rootItm->setExpanded(true); + + rcsComments.clear(); + + QList::iterator i; + QList itemList; + QList::iterator ili; + RCSViewItem* lastItem = NULL; + + for (i=rcs->revisions.begin(); i!=rcs->revisions.end(); ++i) + { + rcsComments[(*i).rev]=(*i).log; + + if ((*i).rev.indexOf(QRegExp("^[0-9]+\\.[0-9]+$"))!=-1) + { + RCSViewItem *itm=new RCSViewItem( rootItm ); + itm->setText( 0, (*i).rev ); + itm->setText( 1, (*i).date ); + itm->setText( 2, (*i).author ); + itm->setText( 3, QString(" ")+(*i).locked_by ); + + itemList.push_back(itm); + if (!lastItem) + lastItem = itm; + } + + if ((*i).rev.indexOf(QRegExp("^[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+"))!=-1) + { + QString branch_root = (*i).rev.section(".",0,1); + for (ili=itemList.begin(); ili!=itemList.end(); ++ili) + if ((*ili)->text(0) == branch_root) + { + QTreeWidgetItem *br = *ili; + if (br!=NULL) + { + RCSViewItem *itm=new RCSViewItem(br); + itm->setText( 0, (*i).rev ); + itm->setText( 1, (*i).date ); + itm->setText( 2, (*i).author ); + itm->setText( 3, QString(" ")+(*i).locked_by ); + } + } + } + } + + m_widget->RCSTreeView->scrollToItem( lastItem ); + + m_widget->RCSTreeView->expandAll(); + m_widget->RCSTreeView->sortByColumn(0, Qt::AscendingOrder); + m_widget->RCSTreeView->resizeColumnToContents ( 0 ); + m_widget->RCSTreeView->resizeColumnToContents ( 1 ); + + + lastItem->setSelected( true ); + m_widget->RCSTreeView->setCurrentItem( lastItem ); + + return true; +} + +RCS* RCSFilePreview::getSelectedRev() +{ + + if (fwbdebug) qDebug("RCSFilePreview::getSelectedRev rcs=%p",rcs); + + return rcs; + +} + + + + diff --git a/src/gui/RCSFilePreview.h b/src/gui/RCSFilePreview.h new file mode 100644 index 000000000..e34c083f8 --- /dev/null +++ b/src/gui/RCSFilePreview.h @@ -0,0 +1,73 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: RCSFilePreview.h,v 1.6 2004/06/13 21:20:37 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#ifndef __RCSFILEPREVIEW_H_ +#define __RCSFILEPREVIEW_H_ + +#include +#include "RCS.h" + +#include +#include + +#include + +class RCSFileDialog; + +class RCSViewItem : public QTreeWidgetItem { + + public: + + RCSViewItem(QTreeWidget *parent) : QTreeWidgetItem(parent) {} + RCSViewItem(QTreeWidgetItem *parent) : QTreeWidgetItem(parent) {} + virtual int compare(QTreeWidgetItem *i, int col, bool ascending) const; + +}; + +class RCSFilePreview : public QDialog +{ + Q_OBJECT + + Ui::RCSFilePreview_q *m_widget; + RCS *rcs; + QString current_file; + std::map rcsComments; + bool RO; + + public: + RCSFilePreview(QWidget *parent); + ~RCSFilePreview(); + RCS* getSelectedRev(); + bool showFileRLog( const QString &filename ); + +public slots: + + virtual void openReadOnly(); + virtual void selectedRevision(QTreeWidgetItem *itm); + virtual void openFile(); + +}; + +#endif diff --git a/src/gui/RoutingRuleOptionsDialog.cpp b/src/gui/RoutingRuleOptionsDialog.cpp new file mode 100644 index 000000000..1cb2d8db7 --- /dev/null +++ b/src/gui/RoutingRuleOptionsDialog.cpp @@ -0,0 +1,160 @@ +/* + + Copyright (C) 2005 Compal GmbH, Germany + + Author: Roman Hoog Antink + + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies + of the Software, and to permit persons to whom the Software is furnished to do + so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in all + copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, + INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A + PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE + OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +*/ + + +#include "config.h" +#include "global.h" +#include "utils.h" +#include "platforms.h" + +#include "RoutingRuleOptionsDialog.h" +#include "ObjectManipulator.h" +#include "RuleSetView.h" +#include "FWWindow.h" + +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Rule.h" +#include "fwbuilder/FWOptions.h" +#include "fwbuilder/Resources.h" + +#include +#include +#include +#include +#include +#include +#include + +#include + +using namespace libfwbuilder; +using namespace std; + +RoutingRuleOptionsDialog::~RoutingRuleOptionsDialog() +{ + delete m_dialog; +} + +RoutingRuleOptionsDialog::RoutingRuleOptionsDialog(QWidget *parent) : QWidget(parent) +{ + m_dialog = new Ui::RoutingRuleOptionsDialog_q; + m_dialog->setupUi(this); +} + +void RoutingRuleOptionsDialog::loadFWObject(FWObject *o) +{ + obj=o; +// rsv=rv; + + FWObject *p=obj; + while ( !Firewall::isA(p) ) p=p->getParent(); + platform=p->getStr("platform").c_str(); + + Rule *rule = dynamic_cast(o); + FWOptions *ropt = rule->getOptionsObject(); + + m_dialog->editorTitle->setText(QString("%1 / %2 / %3 ") + .arg(QString::fromUtf8(p->getName().c_str())) + .arg(rule->getTypeName().c_str()) + .arg(rule->getPosition())); + + int wid=0; + if (platform=="iptables") wid=0; + if (platform=="pix") wid=1; +/* + if (platform=="ipf") wid=1; + if (platform=="pf") wid=2; + if (platform=="ipfw") wid=3; +*/ + + m_dialog->wStack->setCurrentIndex( wid ); + m_dialog->wStack->widget(wid)->raise(); + + data.clear(); + + if (platform=="iptables") + { + data.registerOption( m_dialog->routing_non_critical_rule, ropt, "no_fail" ); + //data.registerOption( ipt_stateless , ropt, "stateless" ); + } + + init=true; + data.loadAll(); + + //apply->setEnabled( false ); + init=false; +} + +void RoutingRuleOptionsDialog::changed() +{ + //apply->setEnabled( true ); + emit changed_sign(); +} + +void RoutingRuleOptionsDialog::validate(bool *res) +{ + *res=true; +} + +void RoutingRuleOptionsDialog::isChanged(bool *res) +{ + //*res=(!init && apply->isEnabled()); +} + +void RoutingRuleOptionsDialog::libChanged() +{ + changed(); +} + +void RoutingRuleOptionsDialog::applyChanges() +{ + if (!isTreeReadWrite(this,obj)) return; + + init=true; + data.saveAll(); + init=false; + + mw->updateRuleOptions(); + + //apply->setEnabled( false ); + om->updateLastModifiedTimestampForAllFirewalls(obj); +} + +void RoutingRuleOptionsDialog::discardChanges() +{ + loadFWObject(obj); +} + + +/* ObjectEditor class connects its slot to this signal and does all + * the verification for us, then accepts (or not) the event. So we do + * nothing here and defer all the processing to ObjectEditor + */ +void RoutingRuleOptionsDialog::closeEvent(QCloseEvent *e) +{ + emit close_sign(e); + +} + diff --git a/src/gui/RoutingRuleOptionsDialog.h b/src/gui/RoutingRuleOptionsDialog.h new file mode 100644 index 000000000..bcacf82e2 --- /dev/null +++ b/src/gui/RoutingRuleOptionsDialog.h @@ -0,0 +1,77 @@ +/* + + Copyright (C) 2005 Compal GmbH, Germany + + Author: Roman Hoog Antink + + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies + of the Software, and to permit persons to whom the Software is furnished to do + so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in all + copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, + INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A + PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE + OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +*/ + + +#ifndef __ROUTINGRULEOPTIONSDIALOG_H_ +#define __ROUTINGRULEOPTIONSDIALOG_H_ + +#include "../../config.h" +#include +#include + +#include "DialogData.h" + +#include "fwbuilder/FWObject.h" + +class RuleSetView; + +class RoutingRuleOptionsDialog : public QWidget +{ + Q_OBJECT + + libfwbuilder::FWObject *obj; + DialogData data; + QString platform; + RuleSetView *rsv; + Ui::RoutingRuleOptionsDialog_q *m_dialog; + + bool init; + + public: + RoutingRuleOptionsDialog(QWidget *parent); + ~RoutingRuleOptionsDialog(); + +public slots: + virtual void changed(); + virtual void libChanged(); + virtual void applyChanges(); + virtual void discardChanges(); + virtual void loadFWObject(libfwbuilder::FWObject *obj); + virtual void validate(bool*); + virtual void isChanged(bool*); + virtual void closeEvent(QCloseEvent *e); + + signals: +/** + * This signal is emitted from closeEvent, ObjectEditor connects + * to this signal to make checks before the object editor can be closed + * and to store its position on the screen + */ + void close_sign(QCloseEvent *e); + void changed_sign(); + +}; + +#endif // __ROUTINGRULEOPTIONSDIALOG_H diff --git a/src/gui/RuleOptionsDialog.cpp b/src/gui/RuleOptionsDialog.cpp new file mode 100644 index 000000000..889ca56de --- /dev/null +++ b/src/gui/RuleOptionsDialog.cpp @@ -0,0 +1,284 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: RuleOptionsDialog.cpp,v 1.24 2007/07/14 21:08:42 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#include "config.h" +#include "global.h" +#include "utils.h" +#include "platforms.h" + +#include "RuleOptionsDialog.h" +#include "ObjectManipulator.h" +#include "RuleSetView.h" +#include "FWWindow.h" + +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Rule.h" +#include "fwbuilder/FWOptions.h" +#include "fwbuilder/Resources.h" +#include "fwbuilder/Rule.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +using namespace libfwbuilder; +using namespace std; + +RuleOptionsDialog::~RuleOptionsDialog() +{ + delete m_dialog; +} + +RuleOptionsDialog::RuleOptionsDialog(QWidget *parent) : QWidget(parent) +{ + m_dialog = new Ui::RuleOptionsDialog_q; + m_dialog->setupUi(this); + + init=false; +} + +void RuleOptionsDialog::loadFWObject(FWObject *o) +{ + obj=o; +// rsv=rv; + + FWObject *p=obj; + while ( !Firewall::isA(p) ) p=p->getParent(); + platform=p->getStr("platform").c_str(); + + + Rule *rule = dynamic_cast(o); + FWOptions *ropt = rule->getOptionsObject(); + + m_dialog->editorTitle->setText(QString("%1 / %2 / %3 ") + .arg(QString::fromUtf8(p->getName().c_str())) + .arg(rule->getTypeName().c_str()) + .arg(rule->getPosition())); + + int wid=0; + if (platform=="iptables") wid=0; + if (platform=="ipf") wid=1; + if (platform=="pf") wid=2; + if (platform=="ipfw") wid=3; + if (platform=="pix" || platform=="fwsm") wid=4; + if (platform=="iosacl") wid=5; + + m_dialog->wStack->widget(wid)->raise(); + m_dialog->wStack->setCurrentWidget(m_dialog->wStack->widget(wid)); + + QStringList logLevels=getLogLevels( obj->getStr("platform").c_str() ); + m_dialog->ipt_logLevel->clear(); + m_dialog->ipt_logLevel->addItems(getScreenNames(logLevels)); + m_dialog->ipf_logLevel->clear(); + m_dialog->ipf_logLevel->addItems(getScreenNames(logLevels)); + m_dialog->pix_logLevel->clear(); + m_dialog->pix_logLevel->addItems(getScreenNames(logLevels)); + + QStringList logFacilities=getLogFacilities( obj->getStr("platform").c_str() ); + m_dialog->ipf_logFacility->clear(); + m_dialog->ipf_logFacility->addItems(getScreenNames(logFacilities)); + QStringList limitSuffixes=getLimitSuffixes( obj->getStr("platform").c_str() ); + m_dialog->ipt_limitSuffix->clear(); + m_dialog->ipt_limitSuffix->addItems(getScreenNames(limitSuffixes)); + + + data.clear(); + + if (platform=="iptables") + { + data.registerOption( m_dialog->ipt_logPrefix , ropt, "log_prefix" ); + data.registerOption( m_dialog->ipt_logLevel , ropt, "log_level", logLevels ); + data.registerOption( m_dialog->ipt_nlgroup , ropt, "ulog_nlgroup" ); + data.registerOption( m_dialog->ipt_limit , ropt, "limit_value" ); + data.registerOption( m_dialog->ipt_limitSuffix , ropt, "limit_suffix", limitSuffixes); + data.registerOption( m_dialog->ipt_burst , ropt, "limit_burst" ); + + data.registerOption( m_dialog->ipt_connlimit , ropt, "connlimit_value" ); + data.registerOption( m_dialog->ipt_connlimit_masklen , ropt, "connlimit_masklen" ); + + data.registerOption( m_dialog->ipt_hashlimit , ropt, "hashlimit_value" ); + data.registerOption( m_dialog->ipt_hashlimit_suffix , ropt, "hashlimit_suffix" ); + data.registerOption( m_dialog->ipt_hashlimit_burst , ropt, "hashlimit_burst" ); + data.registerOption( m_dialog->ipt_hashlimit_mode , ropt, "hashlimit_mode" ); + data.registerOption( m_dialog->ipt_hashlimit_dstlimit , ropt, "hashlimit_dstlimit"); + data.registerOption( m_dialog->ipt_hashlimit_name , ropt, "hashlimit_name"); + data.registerOption( m_dialog->ipt_hashlimit_size , ropt, "hashlimit_size"); + data.registerOption( m_dialog->ipt_hashlimit_max , ropt, "hashlimit_max"); + data.registerOption( m_dialog->ipt_hashlimit_expire , ropt, "hashlimit_expire"); + data.registerOption( m_dialog->ipt_hashlimit_gcinterval , ropt, "hashlimit_gcinterval"); + + data.registerOption( m_dialog->ipt_assumeFwIsPartOfAny , ropt, "firewall_is_part_of_any_and_networks" ); + data.registerOption( m_dialog->ipt_stateless , ropt, "stateless" ); + } + + + if (platform=="ipf") + { + data.registerOption( m_dialog->ipf_logFacility , ropt, "ipf_log_facility", logFacilities); + data.registerOption( m_dialog->ipf_logLevel , ropt, "log_level" , logLevels); + data.registerOption( m_dialog->ipf_masq_icmp , ropt, "ipf_return_icmp_as_dest"); + data.registerOption( m_dialog->ipf_stateless , ropt, "stateless" ); + data.registerOption( m_dialog->ipf_keep_frags , ropt, "ipf_keep_frags" ); + } + + if (platform=="pf") + { + data.registerOption( m_dialog->pf_logPrefix , ropt, "log_prefix" ); + data.registerOption( m_dialog->pf_stateless , ropt, "stateless" ); + data.registerOption( m_dialog->pf_keep_state , ropt, "pf_keep_state" ); + data.registerOption( m_dialog->pf_rule_max_state , ropt, "pf_rule_max_state" ); + data.registerOption( m_dialog->pf_source_tracking , ropt, "pf_source_tracking" ); + data.registerOption( m_dialog->pf_max_src_nodes , ropt, "pf_max_src_nodes" ); + data.registerOption( m_dialog->pf_max_src_states , ropt, "pf_max_src_states" ); + + data.registerOption( m_dialog->pf_max_src_conn , ropt, "pf_max_src_conn" ); + data.registerOption( m_dialog->pf_max_src_conn_overload_table , + ropt, "pf_max_src_conn_overload_table" ); + data.registerOption( m_dialog->pf_max_src_conn_flush, ropt, "pf_max_src_conn_flush" ); + data.registerOption( m_dialog->pf_max_src_conn_global, ropt, "pf_max_src_conn_global" ); + + data.registerOption( m_dialog->pf_max_src_conn_rate_num , ropt, "pf_max_src_conn_rate_num" ); + data.registerOption( m_dialog->pf_max_src_conn_rate_seconds , ropt, "pf_max_src_conn_rate_seconds" ); + data.registerOption( m_dialog->pf_max_src_conn_rate_overload_table , + ropt, "pf_max_src_conn_rate_overload_table" ); + data.registerOption( m_dialog->pf_max_src_conn_rate_flush, ropt, "pf_max_src_conn_rate_flush" ); + data.registerOption( m_dialog->pf_max_src_conn_rate_global, ropt, "pf_max_src_conn_rate_global" ); + } + + if (platform=="ipfw") + { + data.registerOption( m_dialog->ipfw_stateless , ropt,"stateless" ); + } + + if (platform=="pix" || platform=="fwsm") + { + string vers="version_"+p->getStr("version"); + if ( Resources::platform_res[platform.toAscii().constData()]->getResourceBool( + "/FWBuilderResources/Target/options/"+vers+"/pix_rule_syslog_settings")) + { + m_dialog->pix_disable_rule_log->setEnabled(true); + m_dialog->pix_logLevel->setEnabled(true); + m_dialog->pix_log_interval->setEnabled(true); + + data.registerOption( m_dialog->pix_disable_rule_log, ropt,"disable_logging_for_this_rule" ); + data.registerOption( m_dialog->pix_logLevel , ropt,"log_level" ,logLevels); + data.registerOption( m_dialog->pix_log_interval , ropt,"log_interval" ); + } else + { + m_dialog->pix_disable_rule_log->setEnabled(false); + m_dialog->pix_logLevel->setEnabled(false); + m_dialog->pix_log_interval->setEnabled(false); + } + + } + + init=true; + data.loadAll(); + + m_dialog->pf_max_src_nodes->setEnabled( m_dialog->pf_source_tracking->isChecked() ); + m_dialog->pf_max_src_states->setEnabled( m_dialog->pf_source_tracking->isChecked() ); + + //apply->setEnabled( false ); + init=false; +} + +void RuleOptionsDialog::changed() +{ + //apply->setEnabled( true ); + + m_dialog->pf_max_src_nodes->setEnabled( m_dialog->pf_source_tracking->isChecked() ); + m_dialog->pf_max_src_states->setEnabled( m_dialog->pf_source_tracking->isChecked() ); + + m_dialog->pf_max_src_conn_overload_table->setEnabled( m_dialog->pf_max_src_conn->value()>0 ); + m_dialog->pf_max_src_conn_flush->setEnabled( m_dialog->pf_max_src_conn->value()>0 ); + m_dialog->pf_max_src_conn_global->setEnabled( m_dialog->pf_max_src_conn->value()>0 ); + + m_dialog->pf_max_src_conn_rate_overload_table->setEnabled( m_dialog->pf_max_src_conn_rate_num->value()>0 && m_dialog->pf_max_src_conn_rate_seconds->value()>0); + m_dialog->pf_max_src_conn_rate_flush->setEnabled( m_dialog->pf_max_src_conn_rate_num->value()>0 && m_dialog->pf_max_src_conn_rate_seconds->value()>0 ); + m_dialog->pf_max_src_conn_rate_global->setEnabled( m_dialog->pf_max_src_conn_rate_num->value()>0 && m_dialog->pf_max_src_conn_rate_seconds->value()>0 ); + + emit changed_sign(); +} + +void RuleOptionsDialog::validate(bool *res) +{ + *res=true; +} + +void RuleOptionsDialog::isChanged(bool *res) +{ + //*res=(!init && apply->isEnabled()); +} + +void RuleOptionsDialog::libChanged() +{ + changed(); +} + +void RuleOptionsDialog::applyChanges() +{ + if (!isTreeReadWrite(this,obj)) return; + + init=true; + data.saveAll(); + init=false; + + mw->updateRuleOptions(); + + //apply->setEnabled( false ); + om->updateLastModifiedTimestampForAllFirewalls(obj); +} + +void RuleOptionsDialog::cancelChanges() +{ + //apply->setEnabled( false ); + close(); +} + +void RuleOptionsDialog::discardChanges() +{ + loadFWObject(obj); +} + + +/* ObjectEditor class connects its slot to this signal and does all + * the verification for us, then accepts (or not) the event. So we do + * nothing here and defer all the processing to ObjectEditor + */ +void RuleOptionsDialog::closeEvent(QCloseEvent *e) +{ + emit close_sign(e); + +} + diff --git a/src/gui/RuleOptionsDialog.h b/src/gui/RuleOptionsDialog.h new file mode 100644 index 000000000..d02d531a8 --- /dev/null +++ b/src/gui/RuleOptionsDialog.h @@ -0,0 +1,78 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: RuleOptionsDialog.h,v 1.5 2006/05/13 06:53:05 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __RULEOPTIONSDIALOG_H_ +#define __RULEOPTIONSDIALOG_H_ + +#include "../../config.h" +#include +#include + +#include "DialogData.h" + +#include "fwbuilder/FWObject.h" + +class RuleSetView; + +class RuleOptionsDialog : public QWidget +{ + Q_OBJECT + + libfwbuilder::FWObject *obj; + DialogData data; + QString platform; + RuleSetView *rsv; + Ui::RuleOptionsDialog_q*m_dialog; + + bool init; + + public: + RuleOptionsDialog(QWidget *parent); + ~RuleOptionsDialog(); + +public slots: + virtual void changed(); + virtual void libChanged(); + virtual void applyChanges(); + virtual void cancelChanges(); + virtual void discardChanges(); + virtual void loadFWObject(libfwbuilder::FWObject *obj); + virtual void validate(bool*); + virtual void isChanged(bool*); + virtual void closeEvent(QCloseEvent *e); + + signals: +/** + * This signal is emitted from closeEvent, ObjectEditor connects + * to this signal to make checks before the object editor can be closed + * and to store its position on the screen + */ + void close_sign(QCloseEvent *e); + void changed_sign(); + +}; + +#endif // __RULEOPTIONSDIALOG_H diff --git a/src/gui/RuleSetView.cpp b/src/gui/RuleSetView.cpp new file mode 100644 index 000000000..4877ff916 --- /dev/null +++ b/src/gui/RuleSetView.cpp @@ -0,0 +1,3803 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: RuleSetView.cpp,v 1.163 2007/05/30 04:24:55 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#include "config.h" +#include "global.h" +#include "utils.h" +#include "FWWindow.h" +#include "RuleSetView.h" +#include "ObjectManipulator.h" +#include "ObjectEditor.h" +#include "platforms.h" +#include "FWObjectDrag.h" +#include "FWObjectClipboard.h" +#include "findDialog.h" +#include "FWBSettings.h" +#include "SimpleTextEditor.h" +#include "SimpleIntEditor.h" +#include "ActionsDialog.h" +#include "FWObjectPropertiesFactory.h" +#include "ObjectTreeView.h" +#include "FindObjectWidget.h" + +#include + +#include +#include + +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Resources.h" +#include "fwbuilder/Policy.h" + +#include "fwbuilder/InterfacePolicy.h" + +#include "fwbuilder/NAT.h" +#include "fwbuilder/Routing.h" +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/Interface.h" + + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +using namespace libfwbuilder; +using namespace std; + +int QMAX(int a, int b) +{ + return (a>b)?a:b; +} + +int QMIN(int a, int b) +{ + return (a(ruleView)), m_rowCount(rows), m_columnCount(columns), + ruleSetView(ruleView) +{}; +RuleTableModel::~RuleTableModel() {}; + +int RuleTableModel::rowCount ( const QModelIndex & ) const +{ + return m_rowCount; +} + +int RuleTableModel::columnCount ( const QModelIndex & ) const +{ + return m_columnCount; +} + +void RuleTableModel::setColumnCount ( const int &value ) +{ + m_columnCount = value; + reset(); + //need to reset model for RuleSetView::init (one i) +} + +void RuleTableModel::setRowCount ( const int &value ) +{ + m_rowCount = value; + reset(); + //need to reset model for RuleSetView::iinit (two is) +} + +QVariant RuleTableModel::data ( const QModelIndex &, int ) const +{ + return QVariant(); +} + +QVariant RuleTableModel::headerData(int section, Qt::Orientation orientation, int role ) const +{ + if (orientation == Qt::Horizontal) + { + if (role == Qt::SizeHintRole) + return QSize(40, 25); + if (role == Qt::DisplayRole) + return QString(header.value(section)); + } + + if (orientation == Qt::Vertical) + { + if (role == Qt::SizeHintRole) + return QSize(45, ruleSetView->getRowHeight(section)); + if (role == Qt::DisplayRole) + return QString::number(section); + if (role == Qt::FontRole) + { + QFont f = QAbstractTableModel::headerData(section, orientation, role ).value(); + + if ((section >= ruleSetView->firstSelectedRule) && (section <= ruleSetView->lastSelectedRule)) + f.setBold(true); + + return f; + } + if (role == Qt::DecorationRole) + if (ruleSetView->rulesDisabled[section]) + return QVariant(ruleSetView->negIcon); + else + return QVariant(QIcon()); + } + + return QAbstractTableModel::headerData(section, orientation, role ); +} + +bool RuleTableModel::setHeader ( QStringList qsl ) +{ + header = qsl; + m_columnCount = qsl.size(); + return true; +} + +void RuleTableModel::insertRow( const int before_pos ) +{ + m_rowCount++; + + ruleSetView->freezeRowSizing(); + + ruleSetView->rowHeights.push_back(0); + for (int i = static_cast(ruleSetView->rowHeights.size())-1; i >= before_pos; i--) + ruleSetView->rowHeights[i+1] = ruleSetView->rowHeights[i]; + ruleSetView->rowHeights[before_pos] = 30; //standard size + + //we add a row here and system resets below rows' sizes + //so we had to freeze our sizes for restoring them later + + QAbstractTableModel::beginInsertRows( QModelIndex(), before_pos, before_pos ); + QAbstractTableModel::insertRow(before_pos); + QAbstractTableModel::endInsertRows(); + + //somehow QAbstractItemModel breaks all the sizes after "before_pos" row + //so we restore them + if (before_pos > 0) + for (int i = before_pos-1; i < m_rowCount; i++) + //step back a little because of another QTableView bug + ruleSetView->verticalHeader()->resizeSection(i, + ruleSetView->rowHeights[i]); + else + for (int i = before_pos; i < m_rowCount; i++) + ruleSetView->verticalHeader()->resizeSection(i, + ruleSetView->rowHeights[i]); + + ruleSetView->unfreezeRowSizing(); + //after this all we have to do is to set final size for row + //number "before_pos" and update() the table +} + +void RuleTableModel::swapRows( const int row1, const int row2 ) +{ + int h = ruleSetView->rowHeights[row1]; + ruleSetView->rowHeights[row1] = ruleSetView->rowHeights[row2]; + ruleSetView->rowHeights[row2] = h; + + //just swap rules' sizes and then update() the table by yourself +} + +void RuleTableModel::removeRows ( const int row1, const int row2 ) +{ + //(row2-row1)+1 rows deleted + m_rowCount -= (row2-row1)+1; + + ruleSetView->freezeRowSizing(); + + for (int i = row1; i < static_cast(ruleSetView->rowHeights.size())-((row2-row1)+1); i++) + ruleSetView->rowHeights[i] = ruleSetView->rowHeights[i+1+(row2-row1)]; + for (int i = row1; i <= row2; i++) + ruleSetView->rowHeights.pop_back(); + + QAbstractTableModel::beginRemoveRows( QModelIndex(), row1, row2 ); + QAbstractTableModel::removeRows(row1, (row2-row1)+1); + QAbstractTableModel::endRemoveRows(); + + for (int i = row1; i < m_rowCount; i++) + ruleSetView->verticalHeader()->resizeSection(i, + ruleSetView->rowHeights[i]); + + ruleSetView->unfreezeRowSizing(); +} + + + +RuleDelegate::RuleDelegate(RuleSetView *parent): QAbstractItemDelegate(parent), + ruleSetView(parent) +{ +} + +QRect RuleDelegate::cellGeometry(const int row, const int col) const +{ + if ((row < 0) || (col < 0)) + return QRect(-1,-1,-1,-1); + + int left = 0; + int top = 0; + QRect cr; + + for (int i = 0; i < row; i++) + top += ruleSetView->getRowHeight(i); + cr.setTop(top); + cr.setHeight(ruleSetView->getRowHeight(row) - 0); //-0 for fitting purposes + + for (int i = 0; i < col; i++) + left += ruleSetView->getColumnWidth(i); + cr.setLeft(left); + cr.setWidth(ruleSetView->getColumnWidth(col)); + + return cr; +} + +QRect RuleDelegate::cellRect(const int row, const int col) const +{ + return QRect(QPoint(0,0),cellGeometry(row,col).size()); +} + +void RuleDelegate::paint(QPainter *painter, const QStyleOptionViewItem &, + const QModelIndex &index) const +{ + ruleSetView->paintCell( painter, + index.row(), + index.column(), + cellGeometry(index.row(), index.column()), + ruleSetView->itemSelectionRange.contains(index), + QPalette() ); +} + +QSize RuleDelegate::sizeHint(const QStyleOptionViewItem &, + const QModelIndex & ) const +{ + //return QSize(getColumnWidth(index.column()), getRowHeight(index.row())); + return QSize(30, 19); +} + +void RuleSetView::setColumnWidth( const int col, const int width ) +{ + if (col < 0) + return; + while (static_cast(col+1) > columnWidths.size()) + columnWidths.push_back(30); + columnWidths[col] = width; +} + +int RuleSetView::getColumnWidth( const int col ) const +{ + if (col < 0) + return -1; + if (static_cast(col+1) > columnWidths.size()) + return 30; + return columnWidths[col]; +} + +void RuleSetView::setRowHeight( const int row, const int height ) +{ + if (row < 0) + return; + while (static_cast(row+1) > rowHeights.size()) + rowHeights.push_back(30); + rowHeights[row] = height; +} + +int RuleSetView::getRowHeight( const int row ) const +{ + if (row < 0) + return -1; + if (static_cast(row+1) > rowHeights.size()) + return 14; + return rowHeights[row]; +} + +class mouseEventFilter : public QObject +{ + protected: + bool eventFilter( QObject *, QEvent *event) + { + if (event->type() == QEvent::MouseButtonPress ) + { + cerr << "event type=" << event->type() << endl; + return true; + } + else + return false; + } +}; + +mouseEventFilter mef; + +bool headerMouseEventInterceptor::eventFilter( QObject *, QEvent *event) +{ + if (event->type() == QEvent::ContextMenu ) + { + QContextMenuEvent *e = (QContextMenuEvent*)(event); + + int row = rsv->rowAt( e->pos().y() ); + + rsv->contextMenu(row, -1, e->globalPos()); + } + + return false; +} + +void RuleSetView::freezeRowSizing() +{ + rowSizingFrozen = true; +} + +void RuleSetView::unfreezeRowSizing() +{ + rowSizingFrozen = false; +} + +void RuleSetView::horzSectionResized( int index, int /*oldsize*/, int newsize ) +{ + if (rowSizingFrozen) return; //we don't change sizes while they're frozen + setColumnWidth(index, newsize); +} + +void RuleSetView::vertSectionResized( int index, int /*oldsize*/, int newsize ) +{ + setRowHeight(index, newsize); +} + +void LoadPixmap(const QString path, QPixmap &where) +{ + if ( ! QPixmapCache::find( path, where ) ) + { + where.load( path ); + if (fwbdebug) qDebug("Loading pixmap %s", path.toAscii().constData()); + if (where.width() == 0) + if (fwbdebug) qDebug("Loading failed"); + QPixmapCache::insert( path, where ); + } +} + +QPixmap LoadPixmap(const QString path) +{ + QPixmap p; + LoadPixmap(path, p); + return p; +} + + + + + + +RuleSetView::RuleSetView( int r, int c, QWidget *parent ) : QTableView( /*r, c,*/ parent ), hme(this) +{ + firstSelectedRule = -1; + lastSelectedRule = -1; + + rowSizingFrozen = false; + + ruleModel = new RuleTableModel(r, c, this); + setModel(ruleModel); + + ruleDelegate = new RuleDelegate(this); + setItemDelegate(ruleDelegate); + + setCurrentCell(0,0); + + kbdGoingUp = false; + RuleElementSpacing=4; + changingSelection = false; + changingRules = false; + + setDragEnabled(true); + setAcceptDrops(true); + + ncols=c; + selectedObject = NULL; + + setFocusPolicy( Qt::StrongFocus ); + + setSelectionMode( QAbstractItemView::ContiguousSelection ); + setSelectionBehavior( QAbstractItemView::SelectRows ); + + int lm, tm, rm, bm; + getContentsMargins(&lm, &tm, &rm, &bm); + setContentsMargins(fontMetrics().width( "W999W" ), tm, rm, bm); + + horizontalHeader()->setResizeMode(QHeaderView::Interactive); + verticalHeader()->setResizeMode(QHeaderView::Fixed); + + horizontalHeader()->setClickable(false); + verticalHeader()->setClickable(true); + + horizontalHeader()->setMovable(false); + + setContextMenuPolicy( Qt::CustomContextMenu ); + + setDragDropMode(QAbstractItemView::DragDrop); + + QString icn_file = ":/Icons/neg"; + + QPixmap pm; + LoadPixmap(icn_file, pm); + negIcon = QIcon(pm); + + connect( horizontalHeader(), SIGNAL( sectionResized ( int, int, int ) ), + this, SLOT( horzSectionResized ( int, int, int ) ) ); + + connect( verticalHeader(), SIGNAL( sectionResized ( int, int, int ) ), + this, SLOT( vertSectionResized ( int, int, int ) ) ); + + connect( this, SIGNAL( customContextMenuRequested(const QPoint&) ), + this, SLOT( contextMenuRequested(const QPoint&) ) ); + + connect( this, SIGNAL( doubleClicked(const QModelIndex&) ), + this, SLOT( itemDoubleClicked(const QModelIndex&) ) ); + + verticalHeader()->installEventFilter( &hme ); + unselect(); +} + +RuleSetView::~RuleSetView() +{ +} + +bool RuleSetView::event ( QEvent * event ) +{ + if (event->type() == QEvent::ToolTip) + { + QHelpEvent *he = (QHelpEvent*) event; + QPoint pos = he->pos(); + + if ((st->getObjTooltips()) && (pos.y() >= horizontalHeader()->height())) + { + int row = rowAt(pos.y() - horizontalHeader()->height()); + int col = columnAt(pos.x() - verticalHeader()->width()); + + if ((row < 0) || (col < 0)) return true; + + QRect cr; + QString t=""; + + QPoint contentsMouse = viewport()->mapFromGlobal(mapToGlobal(pos)); + contentsMouse.setY(contentsMouse.y() + verticalOffset() + 3);//+3 for fitting purposed + + cr=ruleDelegate->cellGeometry(row,col); + + if ( RuleSetView::Options == getColType(col) ) + { + Rule *rule = getRule(row); + if (PolicyRule::cast(rule)!=NULL ) + { + if (! isDefaultPolicyRuleOptions( rule->getOptionsObject() )) + t= FWObjectPropertiesFactory::getPolicyRuleOptions(rule); + } + if (NATRule::cast(rule)!=NULL ) + { + if (! isDefaultNATRuleOptions( rule->getOptionsObject() )) + t= FWObjectPropertiesFactory::getNATRuleOptions(rule); + } + } + else if( RuleSetView::Direction == getColType(col) ) + { + PolicyRule *rule = PolicyRule::cast( getRule(row) ); + if (rule!=NULL) + t = rule->getDirectionAsString().c_str(); + } + else if( RuleSetView::Action == getColType(col) ) + { + PolicyRule *rule = PolicyRule::cast( getRule(row) ); + if (rule!=NULL) + t= FWObjectPropertiesFactory::getRuleActionPropertiesRich(rule); + } + else + { + FWObject *obj = getObj(row,col,contentsMouse.y(),&cr); + if (obj==NULL) + return true; + t=FWObjectPropertiesFactory::getObjectPropertiesDetailed(obj,true,true); + } + + cr = QRect( + cr.left() - horizontalOffset() - 2, + cr.top() - verticalOffset() - 2, + cr.width() + 4, + cr.height() + 4); + + QRect global = QRect( + viewport()->mapToGlobal(cr.topLeft()), viewport()->mapToGlobal(cr.bottomRight())); + + QToolTip::showText(mapToGlobal( he->pos() ), t, this, global); + } + + return true; + } + + return QTableView::event(event); +} + +void RuleSetView::contextMenuRequested ( const QPoint &p ) +{ + if (fwbdebug) + qDebug("RuleSetView::contextMenuRequested at %d x %d",p.x(),p.y()); + contextMenu(rowAt(p.y()), columnAt(p.x()), viewport()->mapToGlobal(p)); +} + +void RuleSetView::currentChanged( const QModelIndex ¤t ) +{ + if (fwbdebug) + qDebug("RuleSetView::currentChanged to row %d, col %d",current.row(),current.column()); + changeCurrentCell(current.row(), current.column()); +} + +void RuleSetView::updateCell( const int row, const int col ) +{ + if ((row < 0) || (col < 0)) + return; + + /*QRect r = ruleDelegate->cellGeometry(row,col); + setDirtyRegion( QRegion( r.left() - horizontalOffset(), r.top() - verticalOffset(), + r.right() - horizontalOffset(), r.bottom() - verticalOffset() ) ); + update();*/ + + QModelIndex ind = ruleModel->index(row,col); + setCurrentCell(row, col); + dataChanged(ind, ind); +} + +void RuleSetView::setName(QString) +{ + //do nothing +} + +int RuleSetView::currentRow() const +{ + return m_currentRow; +} + +int RuleSetView::currentColumn() const +{ + return m_currentColumn; +} + +void RuleSetView::setCurrentRow(const int value) +{ + m_currentRow = value; +} + +void RuleSetView::setCurrentColumn(const int value) +{ + m_currentColumn = value; +} + +void RuleSetView::setCurrentCell(const int row, const int col) +{ + setCurrentRow(row); + setCurrentColumn(col); +} + +void RuleSetView::changeCurrentCell(const int row, const int col, bool fullrefresh) +{ + QModelIndex ind = ruleModel->index(currentRow(),currentColumn()); + setCurrentCell(row, col); + dataChanged(ind, ind); + + ind = ruleModel->index(currentRow(),currentColumn()); + selectRow(row); + selectionModel()->setCurrentIndex(ind, QItemSelectionModel::NoUpdate); + dataChanged(ind, ind); + + if (fullrefresh) + setCurrentIndex(ruleModel->index(row,col)); +} + +void RuleSetView::unselect() +{ + clearSelection(); + selectedObject=NULL; + + updateCell(currentRow(),currentColumn()); +} + +Firewall* RuleSetView::getFirewall() +{ + FWObject *f=ruleset; + while (f!=NULL && !Firewall::isA(f)) f=f->getParent(); + assert(f!=NULL); + return Firewall::cast(f); +} + +void RuleSetView::hideEvent(QHideEvent *) +{ + QString k = settingsKey(); + QString v; + + for (int col=0; colsetStr(k,v); + + mw->unselectRules(); +} + +QString RuleSetView::settingsKey() +{ + return QString("/RuleSets/") + objectName() + "_Columns"; +} + +void RuleSetView::setRuleNumber(int row, libfwbuilder::Rule *rule) +{ + QIcon icn; + + if (rule!=NULL && rule->isDisabled()) + rulesDisabled[row] = true; + else + rulesDisabled[row] = false; + + verticalHeader()->headerDataChanged(Qt::Vertical, row, row); +} + +void RuleSetView::fixRulePosition(Rule *rule, FWObject *parent, int pos) +{ + if ( rule->isReadOnly()) + { + // need to temporary break the lock + // since several parents could be read-only, do it recursively + FWObject *o = (parent!=NULL) ? parent : rule; + while ( o!=NULL && !o->getBool("ro") ) o = o->getParent(); + if (o) + { + o->setReadOnly(false); + fixRulePosition(rule, o, pos); + o->setReadOnly(true); + } else + { + rule->checkReadOnly(); // should be read-write by now + rule->setPosition(pos); + } + } else + rule->setPosition(pos); +} + +void RuleSetView::init() +{ + QApplication::setOverrideCursor( QCursor( Qt::WaitCursor) ); + + //horizontalHeader()->adjustSize(); + + int row=0; + map colW; + bool userColWidth=false; + + QFontMetrics p(font()); + + QString k = settingsKey(); + QString v = st->getStr(k); + if (!v.isEmpty()) + { + userColWidth=true; + for (int col=0; colheaderData(col, Qt::Horizontal, Qt::DisplayRole).toString();//horzHeaderLabels->stringList()[col]; + + QRect br=p.boundingRect(QRect(0,0,1000,1000), + Qt::AlignLeft|Qt::AlignVCenter, + lbl ); + colW[col]=br.width() + 10; + } + } + + for (FWObject::iterator i=ruleset->begin(); i!=ruleset->end(); i++,row++) + { + ruleIndex[row] = *i; + + setRuleNumber(row, Rule::cast( *i )); + if (Rule::cast( *i )->getPosition()!=row) + { + fixRulePosition(Rule::cast( *i ), NULL, row); + } +// adjustRow(row); + + int h=20; + for (int col=0; colsetColumnWidth(col,colW[col]); + horizontalHeader()->resizeSection(col, colW[col]); + } + + //updateContents(); + update(); + + QApplication::restoreOverrideCursor(); +} + +void RuleSetView::iinit() +{ + ruleModel->setRowCount( ruleset->size() ); + + QString icn = ":/Icons/Accept"; + + if (fwbdebug) + qDebug("RuleSetView::iinit() icn=%s",icn.toAscii().constData()); + + QPixmap pm; + LoadPixmap(icn, pm); + + pixmap_h = pm.height(); + pixmap_w = pm.width(); + + QFontMetrics p(font()); + QRect br = p.boundingRect(QRect(0, 0, 1000, 1000), + Qt::AlignLeft|Qt::AlignVCenter,"WMWM" ); + text_h = br.height(); + item_h = ( (pixmap_h>text_h)?pixmap_h:text_h ) + RuleElementSpacing; + + FWObject *f = getFirewall(); + +// f is a pointer at firewall object + supports_logging =false; + supports_rule_options =false; + supports_time =false; + + try { + supports_logging= + Resources::getTargetCapabilityBool(f->getStr("platform"), + "logging_in_policy"); + supports_rule_options= + Resources::getTargetCapabilityBool(f->getStr("platform"), + "options_in_policy"); + supports_time= + Resources::getTargetCapabilityBool(f->getStr("platform"), + "supports_time"); + } catch (FWException &ex) { } + + update(); + + return; +} + +void RuleSetView::clear() +{ + + +} + + +QRect RuleSetView::calculateCellSize( int row, int col ) +{ + int h = 20; + int re_size; + +// if (fwbdebug) +// qDebug("RuleSetView::calculateCellSize: row=%d col=%d", +// row,col); + + //QPainter p(this); + QFontMetrics p(font()); + + Rule *rule = Rule::cast( ruleIndex[row] ); + + int hc=0; + int wc=0; + switch (getColType(col)) + { + case Time: + { + RuleElement *re = getRE(rule,col); + if (re==NULL) + { + /* broken rule element, fix it */ + FWObject *nre=mw->db()->create("When"); + assert(nre!=NULL); + rule->add(nre); + } + } + /* continue in Object */ + + case Object: + { + RuleElement *re = getRE(rule,col); + if (re==NULL) return QRect(0,0,0,0); + re_size = re->size(); + for (FWObject::iterator j=re->begin(); j!=re->end(); j++) + { + FWObject *o1= *j; + FWObject *o2 = o1; + string o1ref = ""; + if (FWReference::cast(o1)!=NULL) + { + o1ref = FWReference::cast(o1)->getPointerId(); + o2=FWReference::cast(o1)->getPointer(); + } + QString ot = objectText(re,o2); + QRect br=p.boundingRect(QRect(0, 0, 1000, 1000), + Qt::AlignLeft|Qt::AlignVCenter, + ot); + hc += item_h; + int itmW = RuleElementSpacing/2 + pixmap_w + + RuleElementSpacing + br.width(); + wc = QMAX(wc, itmW); + } + break; + } + + case Action: + { +/* possible actions: + "Accept", "Deny", "Reject", "Accounting", "Tag", + "Pipe", "Classify", "Custom", "Continue" +*/ + QString ac = + FWObjectPropertiesFactory::getRuleActionProperties( + PolicyRule::cast(rule)); + QRect br=p.boundingRect(QRect(0, 0, 1000, 1000), + Qt::AlignLeft|Qt::AlignVCenter, ac ); + hc = item_h; + wc = RuleElementSpacing/2 + pixmap_w + RuleElementSpacing + br.width(); + break; + } + + case Direction: + { + hc = item_h; + wc = RuleElementSpacing/2 + pixmap_w + RuleElementSpacing; + break; +#if 0 + /* possible directions: "Inbound", "Outbound" , "Both" */ + QRect br=p.boundingRect(0, 0, 1000, 1000, + Qt::AlignLeft|Qt::AlignVCenter,tr("Outbound ") ); + hc = item_h; + wc = RuleElementSpacing/2 + pixmap_w + RuleElementSpacing + br.width(); + break; +#endif + } + + case Options: + hc = item_h; + wc = RuleElementSpacing/2 + pixmap_w + RuleElementSpacing + pixmap_w; + break; + + case Comment: + { + QRect br=p.boundingRect(QRect(0,0,1000,1000), + Qt::AlignLeft|Qt::AlignVCenter, + QString::fromUtf8(rule->getComment().c_str()) ); + + hc = br.height() + RuleElementSpacing; + wc = RuleElementSpacing/2 + br.width(); + break; + } + + case Metric: + { + QRect br=p.boundingRect(QRect(0, 0, 1000, 1000), + Qt::AlignLeft|Qt::AlignVCenter, + QString::fromUtf8(RoutingRule::cast(rule)->getMetricAsString().c_str()) ); + hc = br.height() + RuleElementSpacing; + wc = RuleElementSpacing/2 + br.width(); + break; + } + + default: + break; + } + + h = QMAX(h, hc); + + wc = QMAX(wc, QApplication::globalStrut().width()); + wc += RuleElementSpacing/2; // some padding + + return QRect(0,0,wc,h); +} + +RuleSetView::REType RuleSetView::getColType(int col) const +{ + map::const_iterator i = colTypes.find(col); + return i->second; +} + + +QString RuleSetView::objectText(RuleElement *re,FWObject *obj) +{ + if (re->isAny()) + { + if (RuleElementTSrc::isA(re) || + RuleElementTDst::isA(re) || + RuleElementTSrv::isA(re)) return QString(tr("Original")); + if (RuleElementRDst::isA(re)) return QString(tr("Default")); + if (RuleElementRGtw::isA(re) || + RuleElementRItf::isA(re)) return QString(""); + if (RuleElementItf::isA(re)) return QString(tr("All")); + return QString(tr("Any")); + } + + if (Interface::isA(obj)) + { + QString lbl= Interface::cast(obj)->getLabel().c_str(); + if ( !lbl.isEmpty() ) return lbl; + } + if (obj->getName() == "Any") return QString(tr("Any")); + else return QString::fromUtf8(obj->getName().c_str()); +} + +QPixmap RuleSetView::getPixmap(FWObject *obj, PixmapAttr pmattr) const +{ +// QPixmap pm; + string icn = "icon"; + if (pmattr == Neg) icn="icon-neg"; + if (pmattr == Ref) icn="icon-ref"; + if (pmattr == Tree) icn="icon-tree"; + +// return QPixmap::fromMimeSource( +// Resources::global_res->getObjResourceStr(obj, icn).c_str() ); + + QString icn_file = (":/Icons/"+obj->getTypeName()+"/"+icn).c_str();// = Resources::global_res->getObjResourceStr(obj, icn).c_str(); + QPixmap pm; + LoadPixmap(icn_file, pm); + + return pm; +} + +void RuleSetView::repaintSelection() +{ + setDirtyRegion( QRegion( 0, 0, width(), height() ) ); +} + +void RuleSetView::paintCell(QPainter *pntr, + int row, + int col, + const QRect &cr, + bool, + const QPalette &cg) +{ + int re_size; + +/* row may point at an empty row where there is no rule yet. This + * happens if this method is called to redraw the table when we call + * setNumRows + */ + + /*if (fwbdebug) + qDebug("Draw cell: row=%d col=%d current palette=%d", + row,col,palette().serialNumber());*/ + + if (ruleIndex.count(row)==0) return; + + QString rclr; + Rule *rule = Rule::cast( ruleIndex[row] ); + if (rule==NULL) return; + + FWOptions *ropt = rule->getOptionsObject(); + assert(ropt!=NULL); + rclr = ropt->getStr("color").c_str(); + + QPixmap bufferpixmap; + QString bpmname = QString("rulesetcell_%1_%2").arg(cr.width()).arg(cr.height()); + if ( ! QPixmapCache::find( bpmname, bufferpixmap) ) + { + bufferpixmap = QPixmap( cr.width() , cr.height() ); + QPixmapCache::insert( bpmname, bufferpixmap); + } + + //bufferpixmap.resize( cr.width() , cr.height() ); + bufferpixmap.fill( cg.base().color() ); + + QPainter p( &bufferpixmap ); + + QRect r = ruleDelegate->cellRect(row,col); + + static int lastrow = 0; + if (lastrow != row) + { + lastrow = row; + /*if (fwbdebug) + qDebug("RuleSetView::paintCell real row %d height is %d", row, r.height());*/ + } + + int x = r.left() + RuleElementSpacing/2; + int y = r.top(); + + if (!rclr.isEmpty()) + { + QRect rect(0, y, cr.width(), cr.height() ); + p.fillRect(rect, QColor(rclr)); + } + + p.drawLine( cr.width()-1, 0, cr.width()-1, cr.height()-1 ); + p.drawLine( 0, cr.height()-1, cr.width()-1, cr.height()-1 ); + + p.drawLine( cr.width(), 1, cr.width(), cr.height() ); + p.drawLine( 1, cr.height(), cr.width(), cr.height() ); + + /*const BackgroundMode bgmode = backgroundMode(); + const QColorGroup::ColorRole crole = QPalette::backgroundRoleFromMode( bgmode );*/ + + bool sel = (row==currentRow() && col==currentColumn()); + + if (getColType(col)==Object || getColType(col)==Time) + { + RuleElement *re = getRE(row,col); + if (re==NULL) return; + re_size = re->size(); + + for (FWObject::iterator i=re->begin(); i!=re->end(); i++) + { + FWObject *o1= *i; + if (FWReference::cast(o1)!=NULL) + o1=FWReference::cast(o1)->getPointer(); + QRect rect(0, y, cr.width()-1, item_h-1 ); + if (sel && o1==selectedObject) + { + if (hasFocus()) + { + p.fillRect(rect, cg.brush( QPalette::Highlight )); + p.setPen( cg.highlightedText().color() ); + } else + { + p.fillRect(rect, cg.brush( QPalette::Base ));//cg.brush( crole )); + p.setPen( cg.text().color() ); + } + } else + { + p.setPen( cg.text().color() ); + } + x = r.left()+1; + + //QPixmap pm = getPixmap(o1 , re->getNeg()?Neg:Normal ); + + string icn = "icon"; + if (re->getNeg()) icn = "icon-neg"; + + QString icn_file = (":/Icons/"+o1->getTypeName()+"/"+icn).c_str(); + + QPixmap pm; + + LoadPixmap(icn_file, pm); + + if (!re->isAny()) + p.drawPixmap( x, y + RuleElementSpacing/2, pm ); + + x += pm.width()+1; + + p.drawText( x, y + RuleElementSpacing/2, + cr.width()-pm.width()-1, item_h, + Qt::AlignLeft|Qt::AlignVCenter, objectText(re,o1) ); + + FWObject *mwSelObj = selectedObject; + std::vector om_selected_objects = + om->getCurrentObjectTree()->getSelectedObjects(); + + if (mwSelObj==NULL && om_selected_objects.size()!=0) + mwSelObj = om_selected_objects.front(); + + if ( (!sel) && + mwSelObj!= NULL && + mwSelObj->getId() != "sysid0" && + mwSelObj->getId() != "sysid1" && + mwSelObj->getId() != "sysid2" && + mwSelObj == o1) + { + p.setPen(Qt::red); + p.drawLine( 1, y+1, cr.width()-3, y+1 ); + p.drawLine( cr.width()-3, y+1, cr.width()-3, y+item_h-3 ); + + p.drawLine( 1, y+item_h-3, cr.width()-3, y+item_h-3 ); + p.drawLine( 1, y+1, 1, y+item_h-3 ); + + } + + y += item_h; + } + } else + { + QRect rect(0, 0, cr.width()-1, cr.height()-1 ); + if (sel) + { + if (hasFocus()) + { + p.fillRect(rect, cg.brush( QPalette::Highlight )); + p.setPen( cg.highlightedText().color() ); + } else + { + p.fillRect(rect, cg.brush( QPalette::Base )); // crole + p.setPen( cg.text().color() ); + } + } else + { + p.setPen( cg.text().color() ); + } + + switch (getColType(col)) + { + case Action: + { + PolicyRule *rule = PolicyRule::cast( ruleIndex[row] ); + if (rule==NULL) return; + + QString platform=getPlatform(); + string act = rule->getActionAsString(); + + QString icn = (":/Icons/" + act).c_str(); //for example :/Icons/Continue + QString res=""; + //FWOptions *ropt = rule->getOptionsObject(); + res = FWObjectPropertiesFactory::getRuleActionProperties(rule); + + assert(icn!=""); + QPixmap pm; + LoadPixmap(icn, pm); + + p.drawPixmap( x,y + RuleElementSpacing/2, pm ); + x += pm.width()+1; + QRect br=p.boundingRect(QRect(x, y, 1000, 1000), + Qt::AlignLeft|Qt::AlignVCenter, + res.toAscii().constData() ); + p.drawText( x, y, br.width(), pm.height(), + Qt::AlignLeft|Qt::AlignVCenter, res.toAscii().constData() ); + break; + } + case Direction: + { + PolicyRule *rule = PolicyRule::cast( ruleIndex[row] ); + if (rule==NULL) return; + + string dir = rule->getDirectionAsString(); + if (dir.empty()) dir = "Both"; + QString icn = (":/Icons/" + dir).c_str(); + assert(icn!=""); + QPixmap pm; + LoadPixmap(icn, pm); + + p.drawPixmap( x,y + RuleElementSpacing/2, pm ); + x += pm.width()+1; + + break; + } + case Options: + { + /* both policy and routing rules have options. so cast to Rule here. */ + Rule *rule = Rule::cast( ruleIndex[row] ); + if (rule==NULL) return; + + /* is this a policy rule? only policy rules have the logging option. */ + PolicyRule *policyRule = PolicyRule::cast( rule ); + NATRule *natRule = NATRule::cast( rule ); + RoutingRule *routingRule = RoutingRule::cast( rule ); + + if (policyRule && policyRule->getLogging()) + { + QString icn = Resources::global_res->getResourceStr("/FWBuilderResources/UI/Icons/Log" ).c_str(); + assert(icn!=""); + + QPixmap pm; + LoadPixmap(icn, pm); + + p.drawPixmap( x,y + RuleElementSpacing/2, pm ); + x += pm.width()+2; + } + if ( + (policyRule && ! isDefaultPolicyRuleOptions( rule->getOptionsObject())) || + (routingRule && ! isDefaultRoutingRuleOptions( rule->getOptionsObject())) || + (natRule && ! isDefaultNATRuleOptions( rule->getOptionsObject())) + ) + { + QString icn = ":/Icons/Options"; + + QPixmap pm; + LoadPixmap(icn, pm); + + p.drawPixmap( x,y + RuleElementSpacing/2, pm ); + } + break; + } + case Comment: + { + /* comments are found in both policy and nat rules, so we cast to Rule here */ + Rule *rule = Rule::cast( ruleIndex[row] ); + if (rule==NULL) return; + + QRect br=p.boundingRect(QRect(x, y, 1000, 1000), + Qt::AlignLeft|Qt::AlignVCenter, + QString::fromUtf8(rule->getComment().c_str()) ); + p.drawText( x, y + RuleElementSpacing/2, + br.width(), + br.height(), + Qt::AlignLeft|Qt::AlignVCenter, + QString::fromUtf8(rule->getComment().c_str()) ); + + break; + } + case Metric: + { + RoutingRule *rule = RoutingRule::cast( ruleIndex[row] ); + if (rule==NULL) return; + + p.drawText( x, y, cr.width()-2, RuleElementSpacing*2+pixmap_h, + Qt::AlignHCenter|Qt::AlignVCenter, + QString::fromUtf8(rule->getMetricAsString().c_str()) ); + + break; + } + default: + break; + } // switch + } + + p.end(); + + pntr->drawPixmap( cr.left() - horizontalOffset(), cr.top() - verticalOffset(), bufferpixmap ); + + return; +} + +QString RuleSetView::getPlatform() +{ + return getFirewall()->getStr("platform").c_str(); +} + + +libfwbuilder::PolicyRule* RuleSetView::getRule(int row) +{ + return PolicyRule::cast( ruleIndex[row] ); +} + +void RuleSetView::selectRE( int row, int col) +{ + mw->selectRules(); + + if (row!=currentRow() || col!=currentColumn()) + { + selectedObject = NULL; + updateCell(currentRow(),currentColumn()); + } +} + +void RuleSetView::selectRE(libfwbuilder::FWReference *ref) +{ + mw->selectRules(); + + setSelectedObject( ref->getPointer() ); + + /* need to find row and column this object is in and show it */ + FWObject *re = ref->getParent(); + Rule *r = Rule::cast(re->getParent()); + assert(r!=NULL); + + int row = r->getPosition(); + int col; + for (col=0; colindex(row,col), QAbstractItemView::EnsureVisible); + updateCell(row,col); + break; + } +} + +void RuleSetView::itemDoubleClicked(const QModelIndex & index) +{ + if (!index.isValid()) return; + if (index.row()<0) return; + editSelected(); +} + +void RuleSetView::selectionChanged(const QItemSelection &, const QItemSelection &) +{ + if (selectionModel()->selection().empty()) + { + if (fwbdebug) qDebug("RuleSetView::selectionChanged We've just got an empty selection :("); + + firstSelectedRule = -1; + lastSelectedRule = -1; + + //unselect(); + setCurrentIndex(QModelIndex()); + + mw->unselectRules(); + + return; + } + + itemSelectionRange = selectionModel()->selection()[0]; + + firstSelectedRule=itemSelectionRange.top(); + lastSelectedRule=itemSelectionRange.bottom(); + + if (fwbdebug) qDebug("RuleSetView::selectionChanged New selection rows: %d - %d", firstSelectedRule, lastSelectedRule); + + if (lastSelectedRule < firstSelectedRule) + { + int i = lastSelectedRule; + lastSelectedRule = firstSelectedRule; + firstSelectedRule = i; + } + + int selectionSize=lastSelectedRule-firstSelectedRule+1; + + mw->m_mainWindow->editCopyAction->setEnabled(true); + mw->m_mainWindow->editCutAction->setEnabled(true); + mw->m_mainWindow->editPasteAction->setEnabled(true); + mw->m_mainWindow->editDeleteAction->setEnabled(true); + + mw->m_mainWindow->copyRuleAction->setEnabled( selectionSize==1 ); + mw->m_mainWindow->cutRuleAction->setEnabled( selectionSize==1 ); + mw->m_mainWindow->pasteRuleAboveAction->setEnabled( selectionSize==1 ); + mw->m_mainWindow->pasteRuleBelowAction->setEnabled( selectionSize==1 ); + + mw->selectRules(); +} + +void RuleSetView::adjustColumn( int col ) +{ + QString lbl = ruleModel->headerData(col, Qt::Horizontal, Qt::DisplayRole).toString(); + + QFontMetrics p(font());//(this); + QRect br=p.boundingRect(QRect(0, 0, 1000, 1000), + Qt::AlignLeft|Qt::AlignVCenter, + lbl ); + + int w = br.width() + 10; + + int row=0; + for (FWObject::iterator i=ruleset->begin(); i!=ruleset->end(); i++,row++) + { + QRect cr = calculateCellSize(row,col); + w=QMAX(w,cr.width()); + } + + horizontalHeader()->resizeSection(col, w); +} + +void RuleSetView::adjustRow_int( int row, int h ) +{ +/* make sure the row is no smaller than a label in the left header, + * and no smaller than the "strut" (the minimal size of the gui + * element as defined in QApplication) + */ + QHeaderView * leftHeader = verticalHeader(); + + h = QMAX(h, leftHeader->fontMetrics().height() + 2); + h = QMAX(h, QApplication::globalStrut().height()); + + verticalHeader()->resizeSection(row, h); +} + +void RuleSetView::adjustRow( int row ) +{ + int h = 20; + + for (int col=0; colresizeSection(col, w); + + } + + adjustRow_int(row,h); +} + +Rule* RuleSetView::insertRule(int pos, FWObject *r) +{ + if (r!=NULL && + ruleset->getTypeName()==Policy::TYPENAME && + r->getTypeName()!=PolicyRule::TYPENAME) return NULL; + if (r!=NULL && + ruleset->getTypeName()==NAT::TYPENAME && + r->getTypeName()!=NATRule::TYPENAME ) return NULL; + + if (pos<0) pos=0; + + + Rule *newrule=NULL; + if ( ruleset->getRuleSetSize()==0) newrule=ruleset->insertRuleAtTop(); + else + { + if (pos==ruleset->getRuleSetSize()) + { + newrule=ruleset->appendRuleAtBottom(); + } else + newrule=ruleset->insertRuleBefore(pos); + assert(newrule!=NULL); + } + + if (fwbdebug && PolicyRule::cast(r)!=NULL) + qDebug(QString("RuleSetView::insertRule: r->direction=%1") + .arg(PolicyRule::cast(r)->getDirectionAsString().c_str()).toAscii().constData()); + + PolicyRule *newrule_as_policy_rule = PolicyRule::cast(newrule); + + if (newrule_as_policy_rule) + { + newrule_as_policy_rule->setLogging(supports_logging); + newrule_as_policy_rule->setAction(PolicyRule::Deny); + newrule_as_policy_rule->setDirection(PolicyRule::Both); + FWOptions *ruleopt = newrule_as_policy_rule->getOptionsObject(); + ruleopt->setBool("stateless", + getStatelessFlagForAction(newrule_as_policy_rule)); + } + + if (r!=NULL) copyRuleContent(newrule,Rule::cast(r)); + + for (int i=ruleIndex.size(); i>pos; --i) ruleIndex[i]=ruleIndex[i-1]; + ruleIndex[pos] = newrule; + + if (fwbdebug && PolicyRule::cast(r)!=NULL) + qDebug(QString("RuleSetView::insertRule: newrule->direction=%1") + .arg(PolicyRule::cast(newrule)->getDirectionAsString().c_str()).toAscii().constData()); + + + for (int i=ruleIndex.size(); i>=pos; --i) + setRuleNumber(i, Rule::cast(ruleIndex[i])); + + if (newrule_as_policy_rule!=NULL && + newrule_as_policy_rule->getAction()==PolicyRule::Branch ) + addRuleBranch( newrule_as_policy_rule ); + + ruleModel->insertRow(pos); + adjustRow(pos); + update(); + + setCurrentCell( pos, currentColumn() ); + updateCell(pos,currentColumn()); + + if (fwbdebug) qDebug("Firewall changed: insertRule"); + + return newrule; +} + +void RuleSetView::insertRule() +{ +// if (!hasFocus()) return; // <-- can insert rule even if does not have focus + if (!isTreeReadWrite(this,ruleset)) return; + + changingRules = true; + if (firstSelectedRule > -1) + { + insertRule(firstSelectedRule,NULL); + changeCurrentCell(firstSelectedRule+1,currentColumn(), true); + } + else + insertRule(0,NULL); + + changingRules = false; + om->updateLastModifiedTimestampForOneFirewall(getFirewall()); +} + +FWObject* RuleSetView::getSelectedObject() +{ + return selectedObject; +} + +void RuleSetView::addRuleBranch(PolicyRule *rule) +{ + if (fwbdebug) qDebug("RuleSetView::addRuleBranch"); + + FWOptions *ropt = rule->getOptionsObject(); + QString branchName = ropt->getStr("branch_name").c_str(); + if (branchName.isEmpty()) + { + QString bn = QString("rule%1_branch").arg(rule->getPosition()); + ropt->setStr("branch_name",bn.toAscii().constData()); + } + RuleSet *subset = rule->getBranch(); + if (subset==NULL) + { + // can change action only for the policy rule, therefore + // branch can only be a Policy (i.e. can not be NAT) + subset = new Policy(); + rule->add(subset); + } + mw->addPolicyBranchTab(subset); +} + +void RuleSetView::copyRuleContent(Rule *dst, Rule *src) +{ + string id=dst->getId(); + int p=dst->getPosition(); + + if ( src->isDisabled() ) dst->disable(); + else dst->enable(); + + dst->shallowDuplicate(src,false); + +// map::const_iterator i; +// for(i=dst->dataBegin(); i!=dst->dataEnd(); ++i) { +// string f= (*i).first; +// dst->setStr(f, src->getStr(f) ); +// } + + dst->setComment( src->getComment() ); + + list::iterator j; + for(j=dst->begin(); j!=dst->end(); ++j) + { + string dtype= (*j)->getTypeName(); + FWObject *selem= src->getFirstByType(dtype); + if (selem!=NULL) + (*j)->duplicate(selem); + } + + if (id!="") dst->setId(id); + dst->setPosition(p); +} + +FWObject* RuleSetView::getObj(int row, int col, int mouse_y_pos, QRect *objr) +{ + RuleElement *re = getRE(row,col); + if (re==NULL) return NULL; + + QRect cr=ruleDelegate->cellGeometry(row,col); + +/* + * n is the number of objects in the cell + * y_rel is a distance of the mouse cursor from the top of the cell + * h is the cell height + */ + int y_rel = mouse_y_pos-cr.top(); + int y_obj = cr.top(); + int on=0; + int oy=0; + FWObject *o1=NULL; + FWObject *obj=NULL; + FWObject *prev=NULL; + for (FWObject::iterator i=re->begin(); i!=re->end(); i++,on++) + { + o1= *i; + if (FWReference::cast(o1)!=NULL) o1=FWReference::cast(o1)->getPointer(); + if (y_rel>oy && y_relstart(Qt::CopyAction | Qt::MoveAction); //just start dragging + + startingDrag = false; + + return; + } + + QTableView::mouseMoveEvent(ev); +} + +void RuleSetView::mousePressEvent( QMouseEvent* ev ) +{ + if (fwbdebug) + qDebug("RuleSetView::contentsMousePressEvent"); + + int row=rowAt(ev->y()); + int col=columnAt(ev->x()); + + FWObject *obj=getObj(row,col,ev->y()+verticalOffset()); + bool needUpdate= (row==currentRow() && col==currentColumn() && selectedObject!=obj); + + if (fwbdebug) + qDebug("RuleSetView::contentsMousePressEvent obj=%s row=%d col=%d needUpdate=%d", + (obj)?obj->getName().c_str():"NULL",row,col,needUpdate); + + if (fwbdebug) + qDebug("RuleSetView::contentsMousePressEvent 1 currentRow=%d currentColumn=%d", + currentRow(),currentColumn()); + + QTableView::mousePressEvent(ev); + + if ((row > 0) && (col > 0)) + mw->selectRules(); + else + { + mw->unselectRules(); + setCurrentIndex(QModelIndex()); + //unselect(); + } + + if (fwbdebug) + qDebug("RuleSetView::contentsMousePressEvent 2 currentRow=%d currentColumn=%d", + currentRow(),currentColumn()); + + startingDrag = (row==currentRow() && col==currentColumn() && selectedObject==obj); + + changeCurrentCell(row, col, true); //forget old selection by setting View's current cell + setSelectedObject(obj); + + //verticalHeader()->update(); +} + +void RuleSetView::mouseReleaseEvent( QMouseEvent* ev ) +{ + QTableView::mouseReleaseEvent(ev); + + if (fwbdebug) + qDebug("RuleSetView::contentsMouseReleaseEvent"); + + if (oe->isVisible() && !switchObjectInEditor( columnAt(ev->x()) )) + { + ev->accept(); + }; +} + +void RuleSetView::setSelectedObject(FWObject* obj) +{ + if (fwbdebug) + qDebug("RuleSetView::setSelectedObject obj='%s' currentRow()=%d currentColumn()=%d", + (obj)?obj->getName().c_str():"", + currentRow(), + currentColumn()); + + prevSelectedObject = selectedObject; + prevSelectedObjectRow = selectedObjectRow; + prevSelectedObjectCol = selectedObjectCol; + + selectedObject = obj; + selectedObjectRow = currentRow(); + selectedObjectCol = currentColumn(); + + openObjectInTree(selectedObject); +} + +void RuleSetView::openObjectInTree(FWObject *obj) +{ + if (fwbdebug) + qDebug("RuleSetView::openObjectInTree happens"); + + if (gui_experiment1) return; + + FWObject *oo = obj; + if (obj==NULL || Rule::cast(obj)!=NULL) + oo = getFirewall(); + selectedObject=oo; + mw->info(oo); + + setUpdatesEnabled(false); + //bool f = hasFocus(); + om->setFocus(); + om->openObject(oo); + om->clearFocus(); + setFocus(); + setUpdatesEnabled(true); + update(); +} + +void RuleSetView::contextMenu(int row, int col, const QPoint &pos) +{ + if (fwbdebug) + qDebug("RuleSetView::contextMenu() at row=%d, col=%d", row, col); + + if (fwbdebug) + qDebug("RuleSetView::contextMenu() selected rows: %d - %d", firstSelectedRule, lastSelectedRule); + + if (col > 0) + setCurrentCell(row,col); + else + setCurrentCell(row,0); + + //if the row is not selected actually, we select it + if ((row < firstSelectedRule) || (row > lastSelectedRule)) + { + selectRow(row); + firstSelectedRule = row; + lastSelectedRule = row; + } + + if (row<0 && ruleset->size()==0) + { + QMenu *popup=new QMenu(this); + + popup->addAction( tr("Insert Rule"), this, SLOT( insertRule() )); + popup->addAction( tr("Paste Rule"), this, SLOT( pasteRuleAbove() )); + + popup->exec( pos ); + delete popup; + return; + } + + if (row<0 && ruleset->size()!=0) + { + /* this is when user clicks under the last rule */ + + setCurrentCell(ruleset->size()-1,0); + + QMenu *popup=new QMenu(this); + popup->addAction( tr("Paste Rule"), this, SLOT( pasteRuleBelow() )); + + popup->exec( pos ); + delete popup; + return; + } + +// QPoint rp = mapFromGlobal( pos); +// QHeader *hh = horizontalHeader(); +// QHeader *vh = verticalHeader(); +// int nx = rp.x()-vh->width()-1; +// int ny = rp.y()-hh->height()-1; +// objectClicked(row,col,0,QPoint(nx,ny)); + + lastPopupMenuAction=None; + + QMenu *popup=new QMenu(this); + + switch (getColType(col)) + { + case Action: + { + Firewall *f = getFirewall(); + string platform=f->getStr("platform"); + QString action_name; + + if (Resources::isTargetActionSupported(platform,"Accept")) + { + action_name = getActionNameForPlatform(PolicyRule::Accept, + platform.c_str()); + popup->addAction( QIcon(LoadPixmap(":/Icons/Accept")), + action_name, this, SLOT( changeActionToAccept() )); + } + if (Resources::isTargetActionSupported(platform,"Deny")) + { + action_name = getActionNameForPlatform(PolicyRule::Deny, + platform.c_str()); + popup->addAction( QIcon(LoadPixmap(":/Icons/Deny")), + action_name, this, SLOT( changeActionToDeny() )); + } + if (Resources::isTargetActionSupported(platform,"Reject")) + { + action_name = getActionNameForPlatform(PolicyRule::Reject, + platform.c_str()); + popup->addAction( QIcon(LoadPixmap(":/Icons/Reject")), + action_name, this, SLOT( changeActionToReject() )); + } + if (Resources::isTargetActionSupported(platform,"Accounting")) + { + action_name = getActionNameForPlatform(PolicyRule::Accounting, + platform.c_str()); + popup->addAction( QIcon(LoadPixmap(":/Icons/Accounting")), + action_name, this, SLOT( changeActionToAccounting() )); + } + if (Resources::isTargetActionSupported(platform,"Pipe")) + { + action_name = getActionNameForPlatform(PolicyRule::Pipe, + platform.c_str()); + popup->addAction( QIcon(LoadPixmap(":/Icons/Pipe")), + action_name, this, SLOT( changeActionToPipe() )); + } + if (Resources::isTargetActionSupported(platform,"Tag")) + { + action_name = getActionNameForPlatform(PolicyRule::Tag, + platform.c_str()); + popup->addAction( QIcon(LoadPixmap(":/Icons/Tag")), + action_name, this, SLOT( changeActionToTag() )); + } + if (Resources::isTargetActionSupported(platform,"Classify")) + { + action_name = getActionNameForPlatform(PolicyRule::Classify, + platform.c_str()); + popup->addAction( QIcon(LoadPixmap(":/Icons/Classify")), + action_name, this, SLOT( changeActionToClassify() )); + } + if (Resources::isTargetActionSupported(platform,"Custom")) + { + action_name = getActionNameForPlatform(PolicyRule::Custom, + platform.c_str()); + popup->addAction( QIcon(LoadPixmap(":/Icons/Custom")), + action_name, this, SLOT( changeActionToCustom() )); + } + if (Resources::isTargetActionSupported(platform,"Branch")) + { + action_name = getActionNameForPlatform(PolicyRule::Branch, + platform.c_str()); + popup->addAction( QIcon(LoadPixmap(":/Icons/Branch")), + action_name, this, SLOT( changeActionToBranch() )); + } + if (Resources::isTargetActionSupported(platform,"Route")) + { + action_name = getActionNameForPlatform(PolicyRule::Route, + platform.c_str()); + popup->addAction( QIcon(LoadPixmap(":/Icons/Route")), + action_name, this, SLOT( changeActionToRoute() )); + } + if (Resources::isTargetActionSupported(platform,"Continue")) + { + action_name = getActionNameForPlatform(PolicyRule::Continue, + platform.c_str()); + popup->addAction( QIcon(LoadPixmap(":/Icons/Continue")), + action_name, this, SLOT( changeActionToContinue() )); + } + + popup->addSeparator (); + QAction *paramID; + paramID = popup->addAction( tr("Parameters"), this, SLOT( editSelected() )); + + PolicyRule *rule = PolicyRule::cast( ruleIndex[row] ); + if (rule!=NULL) + { + string act = rule->getActionAsString(); + if (Resources::getActionEditor(platform,act)=="None") + paramID->setEnabled(false); + } + + break; + } + case Direction: + { + popup->addAction( QIcon(LoadPixmap(":/Icons/Inbound")), + tr("Inbound"), this, SLOT( changeDirectionToIn() )); + popup->addAction( QIcon(LoadPixmap(":/Icons/Outbound")), + tr("Outbound"), this, SLOT( changeDirectionToOut() )); + popup->addAction( QIcon(LoadPixmap(":/Icons/Both")), + tr("Both"), this, SLOT( changeDirectionToBoth() )); + + break; + } + case Options: + { + popup->addAction( QIcon(LoadPixmap(":/Icons/Options")), + tr("Rule Options"), this, SLOT( editSelected() )); + + if (fwbdebug) qDebug(ruleset->getTypeName().c_str()); + if (ruleset->getTypeName() == Policy::TYPENAME) { + + popup->addAction( QIcon(LoadPixmap(":/Icons/Log")), + tr("Logging On"), this, SLOT( changeLogToOn() )); + popup->addAction( QIcon(LoadPixmap(":/Icons/Blank")), + tr("Logging Off"), this, SLOT( changeLogToOff() )); + } + break; + } + case Object: + case Time: + { + RuleElement *re = getRE(row,col); + if(re==NULL) return; + + QAction *editID = popup->addAction( + tr("Edit") , this , SLOT( editSelected() ) ); + popup->addSeparator(); + QAction *copyID = popup->addAction( + tr("Copy") , this , SLOT( copySelectedObject() ) ); + QAction *cutID = popup->addAction( + tr("Cut") , this , SLOT( cutSelectedObject() ) ); + popup->addAction( tr("Paste") , this , SLOT( pasteObject() ) ); +// popup->addSeparator(); + QAction *delID =popup->addAction( + tr("Delete") , this , SLOT( deleteSelectedObject() ) ); + popup->addSeparator(); + QAction *fndID = popup->addAction( + tr("Where used") , this , SLOT( findWhereUsedSlot())); + QAction *revID = popup->addAction( + tr("Reveal in tree") ,this , SLOT( revealObjectInTree() ) ); + popup->addSeparator(); + QAction *negID = popup->addAction( + tr("Negate") , this , SLOT( negateRE() ) ); + + if (selectedObject == NULL || re->isAny()) + editID->setEnabled(false); + copyID->setEnabled(!re->isAny()); + cutID->setEnabled(!re->isAny()); + delID->setEnabled(!re->isAny()); + + string cap_name; + if (InterfacePolicy::cast(ruleset)!=NULL) cap_name="negation_in_interface_policy"; + if (Policy::cast(ruleset)!=NULL) cap_name="negation_in_policy"; + if (NAT::cast(ruleset)!=NULL) cap_name="negation_in_nat"; + + Firewall *f = getFirewall(); + + bool supports_neg=false; + try { + supports_neg=Resources::getTargetCapabilityBool(f->getStr("platform"), + cap_name); + } catch (FWException &ex) + { + QMessageBox::critical( NULL , "Firewall Builder", + ex.toString().c_str(), + QString::null,QString::null); + } + negID->setEnabled(supports_neg && !re->isAny()); + fndID->setEnabled(!re->isAny()); + revID->setEnabled(!re->isAny()); + + break; + } + + case RuleOp: + { +// setCurrentCell(row,0); + setFocus(); + + Rule *rule = Rule::cast(ruleIndex[row]); + if (rule==NULL) + { + popup->addAction( tr("Insert Rule"), this, SLOT( insertRule() ) ); + } else + { + //int rn = rule->getPosition(); + int selectionSize=lastSelectedRule-firstSelectedRule+1; + + if (lastSelectedRule > firstSelectedRule) + popup->addAction( tr("Rules %1-%2"). + arg(firstSelectedRule).arg(lastSelectedRule) )->setEnabled(false); + else + popup->addAction( tr("Rule %1"). + arg(firstSelectedRule) )->setEnabled(false); + + QMenu *subcolor = popup->addMenu( tr("Change color") ); + + QPixmap pcolor(16,16); + pcolor.fill(QColor(255,255,255)); + subcolor->addAction( QIcon(pcolor), tr("No color"), this, SLOT ( setColorEmpty() )); + + pcolor.fill(st->getLabelColor(FWBSettings::RED)); + subcolor->addAction( QIcon(pcolor), tr("Red"), this, SLOT ( setColorRed() )); + + pcolor.fill(st->getLabelColor(FWBSettings::ORANGE)); + subcolor->addAction( QIcon(pcolor), tr("Orange"), this, SLOT ( setColorOrange() )); + + pcolor.fill(st->getLabelColor(FWBSettings::YELLOW)); + subcolor->addAction( QIcon(pcolor), tr("Yellow"), this, SLOT ( setColorYellow() )); + + pcolor.fill(st->getLabelColor(FWBSettings::GREEN)); + subcolor->addAction( QIcon(pcolor), tr("Green"), this, SLOT ( setColorGreen() )); + + pcolor.fill(st->getLabelColor(FWBSettings::BLUE)); + subcolor->addAction( QIcon(pcolor), tr("Blue"), this, SLOT ( setColorBlue() )); + + pcolor.fill(st->getLabelColor(FWBSettings::PURPLE)); + subcolor->addAction( QIcon(pcolor), tr("Purple"), this, SLOT ( setColorPurple() )); + + pcolor.fill(st->getLabelColor(FWBSettings::GRAY)); + subcolor->addAction( QIcon(pcolor), tr("Gray"), this, SLOT ( setColorGray() )); + + popup->addSeparator(); + + QString itemLbl; + + popup->addAction( tr("Insert Rule"), this, + SLOT( insertRule() ) ); + popup->addAction( tr("Add Rule Below"), this, + SLOT( addRuleAfterCurrent() ) ); + + if (selectionSize==1) itemLbl=tr("Remove Rule"); + else itemLbl=tr("Remove Rules"); + popup->addAction( itemLbl, this, + SLOT( removeRule())); + if (selectionSize==1) itemLbl=tr("Move Rule"); + else itemLbl=tr("Move Rules"); + popup->addAction( itemLbl, this, + SLOT( moveRule())); + + popup->addSeparator(); + + popup->addAction( tr("Copy Rule"), this, + SLOT( copyRule() ) ); + popup->addAction( tr("Cut Rule"), this, + SLOT( cutRule() ) ); + popup->addAction( tr("Paste Rule Above"), this, + SLOT( pasteRuleAbove() ) ); + popup->addAction( tr("Paste Rule Below"), this, + SLOT( pasteRuleBelow() ) ); + + popup->addSeparator(); + Rule *r = Rule::cast( ruleIndex[row] ); + if (r->isDisabled()) + { + if (selectionSize==1) itemLbl=tr("Enable Rule"); + else itemLbl=tr("Enable Rules"); + popup->addAction( itemLbl, this, + SLOT( enableRule() ) ); + }else{ + if (selectionSize==1) itemLbl=tr("Disable Rule"); + else itemLbl=tr("Disable Rules"); + popup->addAction( itemLbl, this, + SLOT( disableRule() ) ); + } + } + break; + } + + case Comment: + popup->addAction( tr("Edit") , this , SLOT( editSelected() ) ); + break; + + case Metric: + popup->addAction( tr("Edit") , this , SLOT( editSelected() ) ); + break; + + default: + popup->addAction( tr("Edit") , this , SLOT( editRE() ) ); + break; + } + + + + popup->exec( pos ); + + delete popup; +} + +void RuleSetView::revealObjectInTree() +{ + if ( selectedObject!=NULL) + om->openObject(selectedObject); +} + +void RuleSetView::findWhereUsedSlot() +{ + if ( selectedObject!=NULL) + mw->findWhereUsed(selectedObject); +} + +void RuleSetView::setColorEmpty() +{ + setRuleColor(""); +} + +void RuleSetView::setColorRed() +{ + setRuleColor(st->getLabelColor(FWBSettings::RED)); +} + +void RuleSetView::setColorBlue() +{ + setRuleColor(st->getLabelColor(FWBSettings::BLUE)); +} + +void RuleSetView::setColorOrange() +{ + setRuleColor(st->getLabelColor(FWBSettings::ORANGE)); +} + +void RuleSetView::setColorPurple() +{ + setRuleColor(st->getLabelColor(FWBSettings::PURPLE)); +} + +void RuleSetView::setColorGray() +{ + setRuleColor(st->getLabelColor(FWBSettings::GRAY)); +} + +void RuleSetView::setColorYellow() +{ + setRuleColor(st->getLabelColor(FWBSettings::YELLOW)); +} + +void RuleSetView::setColorGreen() +{ + setRuleColor(st->getLabelColor(FWBSettings::GREEN)); +} + +void RuleSetView::setRuleColor(const QString &c) +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if ( firstSelectedRule!=-1 ) + { + for (int i=firstSelectedRule; i<=lastSelectedRule; ++i) + { + Rule *rule = Rule::cast( ruleIndex[i] ); + FWOptions *ropt = rule->getOptionsObject(); + ropt->setStr("color",c.toLatin1().constData()); + + adjustRow(i); // this causes repaint + } + } +} + +void RuleSetView::changeAction(PolicyRule::Action act) +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if ( currentRow()!=-1 && currentColumn()!=-1 ) + { + PolicyRule *rule = PolicyRule::cast( ruleIndex[currentRow()] ); + FWOptions *ruleopt = rule->getOptionsObject(); + PolicyRule::Action old_act=rule->getAction(); + RuleSet *subset = NULL; + if (old_act==PolicyRule::Branch) + subset = rule->getBranch(); + + if (act!=old_act) + { + if (old_act==PolicyRule::Branch) + mw->removePolicyBranchTab( subset ); + + rule->setAction( act ); + if (!changingRules) + om->updateLastModifiedTimestampForOneFirewall(getFirewall()); + } + + ruleopt->setBool("stateless", getStatelessFlagForAction(rule)); + + oe->actionChanged(rule); + } +} + +void RuleSetView::changeActionToAccept() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if (fwbdebug) qDebug("Firewall action: changeActionToAccept"); + changeAction( PolicyRule::Accept ); +} + +void RuleSetView::changeActionToDeny() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if (fwbdebug) qDebug("Firewall changed: changeActionToDeny"); + changeAction( PolicyRule::Deny ); +} + +void RuleSetView::changeActionToReject() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if (fwbdebug) qDebug("Firewall changed: changeActionToReject"); + changeAction( PolicyRule::Reject ); +} + +void RuleSetView::changeActionToAccounting() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if (fwbdebug) qDebug("Firewall changed: changeActionToAccounting"); + changeAction( PolicyRule::Accounting ); +} + +void RuleSetView::changeActionToPipe() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if (fwbdebug) qDebug("Firewall changed: changeActionToPipe"); + changeAction( PolicyRule::Pipe ); +} + +void RuleSetView::changeActionToTag() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if (fwbdebug) qDebug("Firewall changed: changeActionToTag"); + changeAction( PolicyRule::Tag ); +} + +void RuleSetView::changeActionToClassify() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if (fwbdebug) qDebug("Firewall changed: changeActionToClassify"); + changeAction( PolicyRule::Classify ); +} + +void RuleSetView::changeActionToCustom() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if (fwbdebug) qDebug("Firewall changed: changeActionToCustom"); + changeAction( PolicyRule::Custom ); +} + +void RuleSetView::changeActionToRoute() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if (fwbdebug) qDebug("Firewall changed: changeActionToRoute"); + changeAction( PolicyRule::Route ); +} + +void RuleSetView::changeActionToContinue() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if (fwbdebug) qDebug("Firewall changed: changeActionToContinue"); + changeAction( PolicyRule::Continue ); +} + +void RuleSetView::changeActionToBranch() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if ( currentRow()!=-1 && currentColumn()!=-1 ) + { + if (fwbdebug) qDebug("Firewall action: changeActionToBranch"); + changeAction( PolicyRule::Branch ); + + addRuleBranch( PolicyRule::cast( ruleIndex[currentRow()] ) ); + } +} + +void RuleSetView::changeDitection(PolicyRule::Direction dir) +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if ( currentRow()!=-1 && currentColumn()!=-1 ) + { + PolicyRule *rule = PolicyRule::cast( ruleIndex[currentRow()] ); + PolicyRule::Direction old_dir=rule->getDirection(); + if (dir!=old_dir) + { + if (!changingRules) + om->updateLastModifiedTimestampForOneFirewall(getFirewall()); + rule->setDirection( dir ); + } + } +} + +void RuleSetView::changeDirectionToIn() +{ + if (fwbdebug) qDebug("Firewall changed: changeDirectionToIn"); + changeDitection( PolicyRule::Inbound ); +} + +void RuleSetView::changeDirectionToOut() +{ + if (fwbdebug) qDebug("Firewall changed: changeDirectionToOut"); + changeDitection( PolicyRule::Outbound ); +} + +void RuleSetView::changeDirectionToBoth() +{ + if (fwbdebug) qDebug("Firewall changed: changeDirectionToBoth"); + changeDitection( PolicyRule::Both ); +} + +void RuleSetView::changeLogToOn() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if ( currentRow()!=-1 && currentColumn()!=-1 ) + { + PolicyRule *rule = PolicyRule::cast( ruleIndex[currentRow()] ); + if (fwbdebug) qDebug("Firewall changed: changeLogToOn"); + if (!changingRules) + om->updateLastModifiedTimestampForOneFirewall(getFirewall()); + rule->setLogging( true ); + } +} + +void RuleSetView::changeLogToOff() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if ( currentRow()!=-1 && currentColumn()!=-1 ) + { + PolicyRule *rule = PolicyRule::cast( ruleIndex[currentRow()] ); + if (fwbdebug) qDebug("Firewall changed: changeLogToOff"); + if (!changingRules) + om->updateLastModifiedTimestampForOneFirewall(getFirewall()); + rule->setLogging( false ); + } +} + +void RuleSetView::copySelectedObject() +{ + if ( selectedObject!=NULL) + { + FWObjectClipboard::obj_clipboard->clear(); + FWObjectClipboard::obj_clipboard->add( selectedObject ); + } +} + +void RuleSetView::cutSelectedObject() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if ( selectedObject!=NULL) + { + FWObjectClipboard::obj_clipboard->clear(); + FWObjectClipboard::obj_clipboard->add( selectedObject ); + deleteSelectedObject(); + } +} + +void RuleSetView::deleteSelectedObject() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if ( selectedObject!=NULL) + { + deleteObject(currentRow(),currentColumn(),selectedObject); + setSelectedObject(NULL); + } +} + +void RuleSetView::deleteObject(int row, int col, FWObject *obj) +{ + RuleElement *re = getRE(row,col); + if (re==NULL || re->isAny()) return; + string id = obj->getId(); + + if (fwbdebug) + { + qDebug("RuleSetView::deleteObject row=%d col=%d id=%s", + row,col,id.c_str()); + qDebug("obj = %p",re->getRoot()->findInIndex(id)); + int rc = obj->ref()-1; obj->unref(); + qDebug("obj->ref_counter=%d",rc); + } + + if (!changingRules) + om->updateLastModifiedTimestampForOneFirewall(getFirewall()); + + re->removeRef(obj); + + if (re->isAny()) re->setNeg(false); + + if (fwbdebug) + { + qDebug("RuleSetView::deleteObject re->size()=%d",re->size()); + qDebug("obj = %p",re->getRoot()->findInIndex(id)); + int rc = obj->ref()-1; obj->unref(); + qDebug("obj->ref_counter=%d",rc); + } + + adjustColumn(col); + adjustRow(row); + updateCell(row,col); + mw->findObjectWidget->reset(); +} + +bool RuleSetView::insertObject(int row, int col, FWObject *obj) +{ + if (fwbdebug) + qDebug("RuleSetView::insertObject -- insert object %s", + obj->getName().c_str()); + + if (!isTreeReadWrite(this,ruleset)) return false; + + if (getColType(col)!=Object && getColType(col)!=Time) return false; + + RuleElement *re = getRE(row,col); + assert (re!=NULL); + + if (fwbdebug) + qDebug("RuleSetView::insertObject -- validate"); + + if (! re->validateChild(obj) ) + { + if (fwbdebug) + qDebug("RuleSetView::insertObject -- validation failed"); + + if (RuleElementRItf::cast(re)) + + QMessageBox::information( NULL , "Firewall Builder", + "A single interface belonging to this firewall is expected in this field.", + QString::null,QString::null); + + else if (RuleElementRGtw::cast(re)) + + QMessageBox::information( NULL , "Firewall Builder", + "A single ip adress is expected here. You may also insert a host or a network adapter leading to a single ip adress.", + QString::null,QString::null); + + return false; + } + + if (re->getAnyElementId()==obj->getId()) return false; + + if (fwbdebug) + qDebug("RuleSetView::insertObject -- check for duplicates"); + + if (! re->isAny()) + { + /* avoid duplicates */ + string cp_id=obj->getId(); + list::iterator j; + for(j=re->begin(); j!=re->end(); ++j) + { + FWObject *o=*j; + if(cp_id==o->getId()) return false; + + FWReference *ref; + if( (ref=FWReference::cast(o))!=NULL && + cp_id==ref->getPointerId()) return false; + } + } + + if (fwbdebug) + qDebug("RuleSetView::insertObject -- add reference"); + + re->addRef(obj); + + if (fwbdebug) + qDebug("RuleSetView::insertObject -- adjust and update table cell"); + + adjustColumn(col); + adjustRow(row); + updateCell(row, col); + + if (fwbdebug) qDebug("Firewall changed: insertObject"); + if (!changingRules) + om->updateLastModifiedTimestampForOneFirewall(getFirewall()); + return true; +} + +void RuleSetView::pasteObject() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + vector::iterator i; + for (i= FWObjectClipboard::obj_clipboard->begin(); + i!=FWObjectClipboard::obj_clipboard->end(); ++i) + { + FWObject *co= mw->db()->findInIndex(*i); + if (Rule::cast(co)!=NULL) pasteRuleAbove(); + else + { + if (currentRow()>=0) + insertObject(currentRow(),currentColumn(),co); + } + } + +/* + if (FWObjectClipboard::obj_clipboard->getObject()!=NULL) + insertObject(currentRow(),currentColumn(), + FWObjectClipboard::obj_clipboard->getObject() ); +*/ +} + +void RuleSetView::negateRE() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if ( currentRow()!=-1 && currentColumn()!=-1 ) + { + RuleElement *re = getRE(currentRow(),currentColumn()); + if (re==NULL) return; + if (fwbdebug) qDebug("Firewall changed: negateRE"); + re->toggleNeg(); + if (!changingRules) + om->updateLastModifiedTimestampForOneFirewall(getFirewall()); + + updateCell(currentRow(),currentColumn()); + } +} + +void RuleSetView::editRE() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if (fwbdebug) + qDebug("RuleSetView::editRE no special editor found for current cell"); + + openPersistentEditor ( ruleModel->index(currentRow(),currentColumn()) ); +} + +void RuleSetView::keyPressEvent( QKeyEvent* ev ) +{ + mw->selectRules(); + + RuleElement *re; + + int oldRow = currentRow(); + int oldColumn = currentColumn(); + + if (ev->key()==Qt::Key_Left || ev->key()==Qt::Key_Right) + { + int shift= (ev->key()==Qt::Key_Left) ? -1 : 1; + if ((currentColumn() + shift < 0) || (currentColumn() + shift >= ruleModel->columnCount())) + return; + +/* keyboard 'Left' or 'Right', switch to the object with the same + * number in the cell to the left or to the right + */ + int objno=0; + re = getRE(currentRow(),currentColumn()); + if (re!=NULL) + { + // in this loop we count objects in objno + for (FWObject::iterator i=re->begin(); i!=re->end(); ++i,++objno) + { + FWObject *o1= *i; + if (FWReference::cast(o1)!=NULL) o1=FWReference::cast(o1)->getPointer(); + if (o1==selectedObject) break; + } + } + re = getRE(currentRow(),currentColumn() + shift); + if (re==NULL) + { + if (oe->isVisible() && !switchObjectInEditor(currentColumn() + shift)) + { + ev->accept(); + } else + //QTableView::keyPressEvent(ev); + changeCurrentCell(currentRow(), currentColumn()+shift); + + openObjectInTree(getFirewall()); + + return; + } + + FWObject *newObj = NULL; + int n=0; + for (FWObject::iterator i=re->begin(); i!=re->end(); ++i,++n) + { + FWObject *o1= *i; + if (FWReference::cast(o1)!=NULL) o1=FWReference::cast(o1)->getPointer(); + if (n==objno) + { + newObj = o1; + break; + } + } + if (newObj==NULL) + { + FWObject *o1=re->back(); + if (FWReference::cast(o1)!=NULL) o1=FWReference::cast(o1)->getPointer(); + newObj = o1; + } + + setSelectedObject(newObj); + + changeCurrentCell(currentRow(),currentColumn() + shift); + + if (oe->isVisible() && !switchObjectInEditor(currentColumn())) + { + ev->accept(); + } /*else + QTableView::keyPressEvent(ev);*/ + return; + } + + if (ev->key()==Qt::Key_Down || ev->key()==Qt::Key_Up || + ev->key()==Qt::Key_PageDown || ev->key()==Qt::Key_PageUp || + ev->key()==Qt::Key_End || ev->key()==Qt::Key_Home) + { + re = getRE(currentRow(),currentColumn()); + + FWObject *prev=NULL; + FWObject *o1 =NULL; + FWObject::iterator i; + + int newrow = currentRow(); + if (ev->key()==Qt::Key_Up) + newrow--; + if (ev->key()==Qt::Key_Down) + newrow++; + + if (ev->key()==Qt::Key_PageUp) + { + newrow = rowAt(rowViewportPosition(newrow) - viewport()->height()); + if (newrow == -1) + newrow = 0; + } + + if (ev->key()==Qt::Key_PageDown) + { + newrow = rowAt(rowViewportPosition(newrow) + viewport()->height())-1; + if (newrow < 0) + newrow = ruleModel->rowCount()-1; + } + + if (ev->key()==Qt::Key_Home) + newrow = 0; + if (ev->key()==Qt::Key_End) + newrow = ruleModel->rowCount()-1; + + if ((newrow < 0) || (newrow >= ruleModel->rowCount())) + return; + + if (ev->key()==Qt::Key_PageDown || ev->key()==Qt::Key_PageUp || + ev->key()==Qt::Key_End || ev->key()==Qt::Key_Home) + { + re = getRE(newrow,currentColumn()); + if (re!=NULL) // can be NULL if currentRow is 0 + { + o1=re->front(); + if (FWReference::cast(o1)!=NULL) o1=FWReference::cast(o1)->getPointer(); + setSelectedObject(o1); + if (oe->isVisible() && !switchObjectInEditor(currentColumn())) + { + ev->accept(); + return; + } + } + changeCurrentCell(newrow, currentColumn()); + return; + } + + if (re) + { + for (i=re->begin(); i!=re->end(); ++i) + { + o1= *i; + if (FWReference::cast(o1)!=NULL) o1=FWReference::cast(o1)->getPointer(); + if (ev->key()==Qt::Key_Up && o1==selectedObject) break; + if (ev->key()==Qt::Key_Down && prev==selectedObject) break; + prev=o1; + } + } else + { + /* going up and down in a column that does not contain objects (action/direction etc) */ + //QTableView::keyPressEvent(ev); // to make new row current + changeCurrentCell(newrow, currentColumn()); + if (oe->isVisible() && !switchObjectInEditor(currentColumn())) + { + ev->accept(); + } + openObjectInTree(getFirewall()); + return; + } + + if (ev->key()==Qt::Key_Up && prev==NULL) + { + /* keyboard 'Up', switch to the last object in the cell above */ + if (currentRow()-1<0) + { + return; + } + + re = getRE(currentRow()-1,currentColumn()); + if (re!=NULL) // can be NULL if currentRow is 0 + { + o1=re->back(); + if (FWReference::cast(o1)!=NULL) o1=FWReference::cast(o1)->getPointer(); + setSelectedObject(o1); + if (oe->isVisible() && !switchObjectInEditor(currentColumn())) + { + ev->accept(); + return; + } + } + changeCurrentCell(newrow, currentColumn()); + //QTableView::keyPressEvent(ev); + return; + } + + if (ev->key()==Qt::Key_Down && i==re->end()) + { + /* keyboard 'Down', switch to the first object in the cell below */ + if (currentRow()+1>=int(ruleset->size())) + { + return; + } + + re = getRE(currentRow()+1,currentColumn()); + if (re!=NULL) + { + o1=re->front(); + if (FWReference::cast(o1)!=NULL) o1=FWReference::cast(o1)->getPointer(); + setSelectedObject(o1); + if (oe->isVisible() && !switchObjectInEditor(currentColumn())) + { + ev->accept(); + return; + } + } + changeCurrentCell(newrow, currentColumn()); + //QTableView::keyPressEvent(ev); + return; + } + /* switching to another object in the same cell */ + setSelectedObject((ev->key()==Qt::Key_Up) ? prev : o1); + if (oe->isVisible() && !switchObjectInEditor(currentColumn())) + { + ev->accept(); + return; + } + + //updateCell(currentRow(),currentColumn()); + + ev->accept(); + return; + } + + if (ev->key()==Qt::Key_Delete) + { + deleteSelectedObject(); + } + + updateCell(currentRow(),currentColumn()); + updateCell(oldRow,oldColumn); + + QTableView::keyPressEvent(ev); +} + +QDrag* RuleSetView::dragObject() +{ + FWObject *obj = selectedObject; + if (obj==NULL) return NULL; + + QString icn = (":/Icons/"+obj->getTypeName()+"/icon").c_str(); + + list dragobj; + dragobj.push_back(obj); + + FWObjectDrag *drag = new FWObjectDrag(dragobj, this, NULL); + + QPixmap pm = LoadPixmap(icn); + + drag->setPixmap( pm ); + + return drag; +} + +void RuleSetView::dragEnterEvent( QDragEnterEvent *ev) +{ + if (fwbdebug) + qDebug("RuleSetView::dragEnterEvent"); + ev->setAccepted( ev->mimeData()->hasFormat(FWObjectDrag::FWB_MIME_TYPE) ); +} + +void RuleSetView::dragMoveEvent( QDragMoveEvent *ev) +{ + if (fwbdebug) + qDebug("RuleSetView::dragMoveEvent"); + QWidget *fromWidget = ev->source(); + + // The source of DnD object must be the same instance of fwbuilder + if (fromWidget) + { + if (ev->mimeData()->hasFormat(FWObjectDrag::FWB_MIME_TYPE) && !ruleset->isReadOnly()) + { + if (ev->keyboardModifiers() & Qt::ControlModifier) + ev->setDropAction(Qt::CopyAction); + else + ev->setDropAction(Qt::MoveAction); + + int row = rowAt( ev->pos().y() ); + int col = columnAt( ev->pos().x() ); + + if (col<0 || ( getColType(col)!=Object && getColType(col)!=Time) ) + { + ev->setAccepted(false); + return; + } + + RuleElement *re = getRE(row,col); + if (re==NULL) + { + ev->setAccepted(false); + return; + } + + bool acceptE = true; + list dragol; + + /* + * See bug 1226069 Segfault: Drag&Drop between two instances + * + * There is a problem with this code: Since we pass "live" pointer to + * FWObject* object in the drag event, drag&drop should not be used to + * pass objects between different instances of the GUI running at the + * same time. Trying to do so causes receiving program to crash + * because it tries to access an object using memory pointer that it + * obtained from another program. Apparently C++ standard does not + * define behavior of the program in case it tries to access memory + * using bad pointer, so it does not throw any exception we could + * catch. Real solution, of course, is to pass object's ID together + * with some identification for the data file in the drag event and + * then on receiving end scan the tree looking for this + * object. Unfortunately this is too slow with our current API desing. + * + * TODO: The problem requires more detailed investigation, possibly + * including API redesign. + */ + + if (FWObjectDrag::decode(ev, dragol)) + { + for (list::iterator i=dragol.begin(); + i!=dragol.end(); ++i) + { + FWObject *dragobj = NULL; + dragobj = dynamic_cast(*i); + if(dragobj!=NULL) + acceptE &= re->validateChild(dragobj); + } + ev->setAccepted( acceptE ); + return; + } + } + } + + ev->setAccepted(false); +} + + +void RuleSetView::dropEvent( QDropEvent *ev) +{ + if (fwbdebug) + qDebug("RuleSetView::dropEvent"); + if (!isTreeReadWrite(this,ruleset)) return; + + int row = rowAt( ev->pos().y() ); + int col = columnAt( ev->pos().x() ); + + int oldRow = currentRow(), oldCol = currentColumn(); + + if (row<0 || col<0) return; + +/* without this check the user can drag and drop an object inside the + * same rule element. This is bad because it is considered a change, + * even though nothing really changes. With this check, we can not + * drag and drop an object from the tree into a selected cell... + + if (row==currentRow() && col==currentColumn()) return; + */ + + if (fwbdebug) + { + qDebug("RuleSetView::dropEvent drop event mode=%d", ev->proposedAction()); + qDebug(" src widget = %p", ev->source()); + qDebug(" this = %p", this ); + } + + list dragol; + if (!FWObjectDrag::decode(ev, dragol)) return; + + for (list::iterator i=dragol.begin(); + i!=dragol.end(); ++i) + { + FWObject *dragobj = *i; + assert(dragobj!=NULL); + + if (ev->source()!=this) + { + insertObject(row,col,dragobj); + } else + { + clearSelection(); + if (ev->keyboardModifiers() & Qt::ControlModifier) + { + insertObject(row,col,dragobj); //copy + + changeCurrentCell(row, col, true); + } + else //move + { + if (insertObject(row,col,dragobj) ) + { + deleteObject(oldRow,oldCol,dragobj); + + changeCurrentCell(row, col, true); + } + } + + } + } + ev->accept(); +} + +void RuleSetView::removeRule() +{ + if (!hasFocus()) return; + if (!isTreeReadWrite(this,ruleset)) return; +/* we call removeRule in a loop. Set flag changingRules to true to prevent + * removeRule from calling updateLastModifiedTimestampForAllFirewalls each time + */ + changingRules = true; + + mw->findObjectWidget->reset(); + + /* remove rules firstSelectedRule through lastSelectedRule */ + + if ( firstSelectedRule!=-1 ) + { + if (fwbdebug) qDebug("Firewall changed: removeRule"); + + setUpdatesEnabled(false); + for (int rn=lastSelectedRule; rn>=firstSelectedRule; --rn) + { + if (oe->isVisible() && oe->getOpened()==ruleIndex[rn]) oe->close(); + + bool delete_branch_tab = false; + PolicyRule *r = PolicyRule::cast( ruleIndex[rn] ); + RuleSet *subset = NULL; + if (r) + { + if (r->getAction()==PolicyRule::Branch) + { + subset = r->getBranch(); + delete_branch_tab = true; + } + } + + if ( ruleset->deleteRule(rn) ) + { + if (delete_branch_tab) + mw->removePolicyBranchTab( subset ); + + int lastN=ruleIndex.size()-1; + ruleIndex.erase(rn); + + for (int i=rn; iremoveRows( firstSelectedRule, lastSelectedRule ); + + setUpdatesEnabled(true); + + clearSelection(); + + setCurrentCell( firstSelectedRule, currentColumn() ); + update(); + + changingRules = false; + om->updateLastModifiedTimestampForOneFirewall(getFirewall()); + } +} + +void RuleSetView::addRuleAfterCurrent() +{ + if (!hasFocus()) return; + if (!isTreeReadWrite(this,ruleset)) return; + + changingRules = true; + insertRule(lastSelectedRule+1,NULL); + changingRules = false; + om->updateLastModifiedTimestampForOneFirewall(getFirewall()); +} + +void RuleSetView::moveRule() +{ + if (!hasFocus()) return; + + int selectionSize=lastSelectedRule-firstSelectedRule+1; + + /* calculate acceptable range of rule numbers for the dialog */ + int minRN=0; + int maxRN=ruleset->size()-selectionSize; + + Ui::askRuleNumberDialog_q d; + QDialog ddialog; + d.setupUi(&ddialog); + d.newRuleNum->setMinimum(minRN); + d.newRuleNum->setMaximum(maxRN); + + if (ddialog.exec()==QDialog::Accepted) + { + int newN = d.newRuleNum->value(); + int nn = newN; + if (firstSelectedRule==nn) return; + + setUpdatesEnabled(false); + + if (firstSelectedRule>nn) + { // moving block of rules up + for (int i=firstSelectedRule; i<=lastSelectedRule; i++) + { + int j=i; + while (j!=nn) + { + if (!ruleset->moveRuleUp(j)) return; + + FWObject *r=ruleIndex[j]; + ruleIndex[j]=ruleIndex[j-1]; + ruleIndex[j-1]=r; + + //swapping row sizes j-1 and j + int t = verticalHeader()->sectionSize(j); + verticalHeader()->resizeSection(j, + verticalHeader()->sectionSize(j-1)); + verticalHeader()->resizeSection(j-1, t); + + Rule *rule = Rule::cast( ruleIndex[j-1] ); + setRuleNumber(j-1,rule); + rule = Rule::cast( ruleIndex[j] ); + setRuleNumber(j,rule); + + --j; + } + nn++; + } + } else + { // moving block of rules down + for (int i=lastSelectedRule; i>=firstSelectedRule; i--) + { + int j=i; + while (j!=nn+selectionSize-1) + { + if (!ruleset->moveRuleDown(j)) return; + + FWObject *r=ruleIndex[j]; + ruleIndex[j]=ruleIndex[j+1]; + ruleIndex[j+1]=r; + + //swapping row sizes j+1 and j + int t = verticalHeader()->sectionSize(j+1); + verticalHeader()->resizeSection(j+1, + verticalHeader()->sectionSize(j)); + verticalHeader()->resizeSection(j, t); + + Rule *rule = Rule::cast( ruleIndex[j+1] ); + setRuleNumber(j+1,rule); + rule = Rule::cast( ruleIndex[j] ); + setRuleNumber(j,rule); + + ++j; + } + nn--; + } + } + + setUpdatesEnabled(true); + + selectRE( newN , currentColumn() ); + changeCurrentCell( newN, currentColumn(), true ); + + changingRules = false; + om->updateLastModifiedTimestampForOneFirewall(getFirewall()); + } +} + +void RuleSetView::moveRuleUp() +{ + if (!hasFocus()) return; + int rn=currentRow(); + /* swap rule rn and rn-1 */ + + if (rn==0) return; + + if (ruleset->moveRuleUp(rn)) + { + FWObject *r=ruleIndex[rn]; + ruleIndex[rn]=ruleIndex[rn-1]; + ruleIndex[rn-1]=r; + + ruleModel->swapRows(rn-1,rn); + + setCurrentCell( rn-1, currentColumn() ); + selectRE( rn-1 , currentColumn() ); + + update(); + } +} + +void RuleSetView::moveRuleDown() +{ + if (!hasFocus()) return; + int rn=currentRow(); + /* swap rule rn and rn+1 */ + + if (rn==ruleset->getRuleSetSize()-1) return; + + if (ruleset->moveRuleDown(rn)) + { + FWObject *r=ruleIndex[rn]; + ruleIndex[rn]=ruleIndex[rn+1]; + ruleIndex[rn+1]=r; + + ruleModel->swapRows(rn+1,rn); + + setCurrentCell( rn+1, currentColumn() ); + selectRE( rn+1 , currentColumn() ); + + update(); + } +} + + +void RuleSetView::copyRule() +{ + if (!hasFocus()) return; + + /*int firstSelectedRule=-1; + int lastSelectedRule=-1; + + QTableSelection sel=selection(0); + if (sel.isActive()) + { + firstSelectedRule=sel.topRow(); + lastSelectedRule=sel.bottomRow(); +// removeSelection(0); +// verticalHeader()->update(); + } else + { + firstSelectedRule=currentRow(); + lastSelectedRule=currentRow(); + }*/ + + if ( firstSelectedRule!=-1 ) + { + FWObjectClipboard::obj_clipboard->clear(); + for (int i=firstSelectedRule; i<=lastSelectedRule; ++i) + { + FWObject *rule = ruleIndex[i]; + + if (fwbdebug && PolicyRule::cast(rule)!=NULL) + qDebug(QString("RuleSetView::copyRule: direction=%1") + .arg(PolicyRule::cast(rule)->getDirectionAsString().c_str()) + .toAscii().constData()); + + FWObjectClipboard::obj_clipboard->add( rule ); + } + } +} + +void RuleSetView::cutRule() +{ + copyRule(); + removeRule(); +} + +void RuleSetView::pasteRuleAbove() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + /*int firstSelectedRule=-1; + int lastSelectedRule=-1;*/ + + changingRules = true; + + if (fwbdebug) qDebug("Firewall: pasteRuleAbove"); + + /* pick rules in reverse order */ + vector::reverse_iterator i; + for (i= FWObjectClipboard::obj_clipboard->rbegin(); + i!=FWObjectClipboard::obj_clipboard->rend(); ++i) + { + FWObject *co= mw->db()->findInIndex(*i); + if (!Rule::cast(co)) continue; + insertRule( firstSelectedRule, co); + } + + changingRules = false; + om->updateLastModifiedTimestampForOneFirewall(getFirewall()); +} + + +void RuleSetView::pasteRuleBelow() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + /*int firstSelectedRule=-1; + int lastSelectedRule=-1;*/ + + changingRules = true; + + /*QTableSelection sel=selection(0); + if (sel.isActive()) + { + firstSelectedRule=sel.topRow(); + lastSelectedRule=sel.bottomRow(); + removeSelection(0); + verticalHeader()->update(); + } else + { + firstSelectedRule=currentRow(); + lastSelectedRule=currentRow(); + }*/ + + int position; + if (lastSelectedRule != -1) + position = lastSelectedRule; + else + position = currentRow(); + + int n=0; + vector::iterator i; + for (i= FWObjectClipboard::obj_clipboard->begin(); + i!=FWObjectClipboard::obj_clipboard->end(); ++i,++n) + { + FWObject *co= mw->db()->findInIndex(*i); + if (!Rule::cast(co)) continue; + insertRule( position+1+n, co); + } + + changingRules = false; + om->updateLastModifiedTimestampForOneFirewall(getFirewall()); + +// if (FWObjectClipboard::obj_clipboard->getObject()!=NULL) +// insertRule( rn+1, Rule::cast(FWObjectClipboard::obj_clipboard->getObject()) ); +} + +void RuleSetView::enableRule() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if ( firstSelectedRule!=-1 ) + { + for (int rn=lastSelectedRule; rn>=firstSelectedRule; --rn) + { + Rule *r = Rule::cast( ruleIndex[rn] ); + if (fwbdebug) qDebug("Firewall changed: enableRule"); + r->enable(); + setRuleNumber(rn,r); + } + } + + //changingRules = false; + om->updateLastModifiedTimestampForOneFirewall(getFirewall()); +} + +void RuleSetView::disableRule() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + + if ( firstSelectedRule!=-1 ) + { + for (int rn=lastSelectedRule; rn>=firstSelectedRule; --rn) + { + Rule *r = Rule::cast( ruleIndex[rn] ); + if (fwbdebug) qDebug("Firewall changed: disableRule"); + r->disable(); + setRuleNumber(rn,r); + } + } + + //changingRules = false; + om->updateLastModifiedTimestampForOneFirewall(getFirewall()); +} + +void RuleSetView::editSelected() +{ + if (!oe->isVisible()) oe->show(); + switchObjectInEditor(currentColumn()); +} + +bool RuleSetView::switchObjectInEditor(int col,bool validate) +{ + if (fwbdebug) + qDebug("RuleSetView::switchObjectInEditor col=%d validate=%d",col,validate); + + + if (!isTreeReadWrite(this,ruleset)) return false; + if ( currentRow()==-1 || currentColumn()==-1 ) return false; + + FWObject *Object=NULL; + ObjectEditor::OptType Operation=ObjectEditor::optNone; + + /* + * We need to know WHAT we are going to edit + + 1. Object + 2. OptType + + * Object == null, OptType = optNone => blank + * Object == Rule, OptType = optNone => Rule Options + * Object == Rule, OptType != optNone => Virtual Object (Action, Comment ...) + * Object != Rule, OptType = optNone => Regular Object Editor + + Then we compare our object 'obj' and OptType with what we already + have in ObjectEditor/ If they are the same, then we do nothing, + otherwise we open obj in the Object Editor + + */ + + int crn=currentRow(); + switch (getColType(col)) + { + case Comment: + Object=ruleIndex[crn]; + Operation=ObjectEditor::optComment; + break; + + case Metric: + Object=ruleIndex[crn]; + Operation=ObjectEditor::optMetric; + break; + + case Direction: + break; + + case Action: + { + PolicyRule *rule = PolicyRule::cast( ruleIndex[currentRow()] ); + Object=rule; + Operation=ObjectEditor::optAction; + break; + } + case Options: + { + /* both policy and routing rules have options. so cast to Rule here. */ + Rule *rule = Rule::cast( ruleIndex[currentRow()] ); + assert(rule); + Object=rule; + Operation=ObjectEditor::optNone; + break; + } + + default: + { + if ( selectedObject!=NULL) + { + Object=selectedObject; + break; + } + } + } + + if (!mw->requestEditorOwnership(this,Object,Operation,validate)) + return false; + + if (fwbdebug) + qDebug("RuleSetView::switchObjectInEditor editor ownership granted"); + + if (Object==oe->getOpened() && Operation==oe->getOpenedOpt()) + { + if (fwbdebug) + qDebug("RuleSetView::switchObjectInEditor same object is already opened in the editor"); + return true; + } + + if (fwbdebug) + qDebug("RuleSetView::switchObjectInEditor opening object in the editor"); + + if (Object == NULL) + { + oe->blank(); + } else if (Operation==ObjectEditor::optNone) + { + oe->open(Object); + } else if(Rule::cast(Object)!=NULL) + { + oe->openOpt(Object,Operation); + } + + return true; +} + +void RuleSetView::restoreSelection(bool same_widget) +{ + if (fwbdebug) + { + if (prevSelectedObject) + qDebug("RuleSetView::restoreSelection() same_widget=%d prevSelectedObject=%s prevSelectedObjectRow=%d prevSelectedObjectCol=%d", + same_widget, + prevSelectedObject->getName().c_str(), + prevSelectedObjectRow, + prevSelectedObjectCol); + else + qDebug("RuleSetView::restoreSelection() prevSelectedObject==NULL"); + FWObject *o = oe->getOpened(); + qDebug("RuleSetView::restoreSelection() oe->getOpened=%s", + (o)?o->getName().c_str():"NULL"); + } + + if (same_widget) + { + selectedObject = prevSelectedObject; + selectedObjectRow = prevSelectedObjectRow; + selectedObjectCol = prevSelectedObjectCol; + } + changeCurrentCell(selectedObjectRow,selectedObjectCol); + + openObjectInTree(selectedObject); +} + +void RuleSetView::updateAll() +{ + int r=0; + for (FWObject::iterator i=ruleset->begin(); i!=ruleset->end(); i++,r++) + adjustRow(r); + //dirtyRows[r] = 1; + + repaint(); +// update(); +} + +void RuleSetView::updateCurrentCell() +{ + updateCell(m_currentRow, m_currentColumn); +} + + + + + + + + +PolicyView::PolicyView(Policy *p, QWidget *parent) : RuleSetView(1, 7, parent) +{ + setName("PolicyView"); + ruleset=p; + iinit(); + init(); +} + +void PolicyView::init() +{ + ncols=7 + + ((supports_time)?1:0) + + ((supports_logging && supports_rule_options)?1:0); + + ruleModel->setColumnCount(ncols); + + colTypes[-1]=RuleOp; + + int col=0; + QStringList qsl; + + qsl << "Source"; // 0 + colTypes[col++]=Object; + + qsl << "Destination"; // 1 + colTypes[col++]=Object; + + qsl << "Service"; // 2 + colTypes[col++]=Object; + + qsl << "Interface"; // 3 + colTypes[col++]=Object; + + qsl << "Direction"; // 4 + colTypes[col++]=Direction; + + qsl << "Action"; // 5 + colTypes[col++]=Action; + + if (supports_time) + { + qsl << "Time"; // 6 + colTypes[col++]=Time; + } + + if (supports_logging && supports_rule_options) + { + qsl << "Options"; + colTypes[col++]=Options; + } + + qsl << "Comment"; + colTypes[col]=Comment; + + ruleModel->setHeader(qsl); + + /*horizontalHeader()->setModel(static_cast(horzHeaderLabels)); + verticalHeader()->setModel(static_cast(vertHeaderLabels));*/ +// setColumnStretchable(col, true); + + RuleSetView::init(); +} + +RuleElement* PolicyView::getRE( int row, int col ) +{ + if (row<0) return NULL; + + if (ruleIndex.count(row)==0) return NULL; + PolicyRule *r = PolicyRule::cast( ruleIndex[row] ); + if(r==NULL) return NULL; + return getRE(r, col); +} + +RuleElement* PolicyView::getRE( Rule* r, int col ) +{ + string ret; + + switch (getColType(col)) + { + case Object: + switch (col) + { + case 0: ret=RuleElementSrc::TYPENAME; break; + case 1: ret=RuleElementDst::TYPENAME; break; + case 2: ret=RuleElementSrv::TYPENAME; break; + case 3: ret=RuleElementItf::TYPENAME; break; + } + break; + case Time: + ret=RuleElementInterval::TYPENAME; break; + default: return NULL; + } + + return RuleElement::cast( r->getFirstByType(ret) ); +} + +InterfacePolicyView::InterfacePolicyView(InterfacePolicy *p, QWidget *parent) : + RuleSetView(1,7,parent) +{ + setName("InterfacePolicyView"); + ruleset=p; + iinit(); + init(); +} + +void InterfacePolicyView::init() +{ + ncols=6 + + ((supports_time)?1:0) + + ((supports_logging && supports_rule_options)?1:0); + + ruleModel->setColumnCount(ncols); + + colTypes[-1]=RuleOp; + + int col=0; + QStringList qsl; + qsl << "Source"; // 0 + colTypes[col++]=Object; + + qsl << "Destination"; // 1 + colTypes[col++]=Object; + + qsl << "Service"; // 2 + colTypes[col++]=Object; + + qsl << "Direction"; // 3 + colTypes[col++]=Direction; + + qsl << "Action"; // 4 + colTypes[col++]=Action; + + if (supports_time) + { + qsl << "Time"; // 5 + colTypes[col++]=Time; + } + + if (supports_logging && supports_rule_options) + { + qsl << "Options"; + colTypes[col++]=Options; + } + + qsl << "Comment"; + colTypes[col]=Comment; + + ruleModel->setHeader(qsl); +// setColumnStretchable(col, true); + +// ncols=col; + + RuleSetView::init(); +} + +RuleElement* InterfacePolicyView::getRE( int row, int col ) +{ + if (row<0) return NULL; + PolicyRule *r = PolicyRule::cast( ruleIndex[row] ); + assert(r!=NULL); + return getRE(r,col); +} + +RuleElement* InterfacePolicyView::getRE( Rule *r, int col ) +{ + string ret; + + switch (getColType(col)) + { + case Object: + switch (col) + { + case 0: ret=RuleElementSrc::TYPENAME; break; + case 1: ret=RuleElementDst::TYPENAME; break; + case 2: ret=RuleElementSrv::TYPENAME; break; + } + break; + case Time: + ret=RuleElementInterval::TYPENAME; break; + default: return NULL; + } + + return RuleElement::cast( r->getFirstByType(ret) ); +} + + + + +NATView::NATView(NAT *p, QWidget *parent) : RuleSetView(1,8,parent) +{ + setName("NATView"); + ruleset=p; + iinit(); + init(); +} + +void NATView::init() +{ + colTypes[-1]=RuleOp; + + ncols=8; + ruleModel->setColumnCount(8); + + int col=0; + QStringList qsl; + qsl << "Original Src"; + colTypes[col++]=Object; + + qsl << "Original Dst"; + colTypes[col++]=Object; + + qsl << "Original Srv"; + colTypes[col++]=Object; + + qsl << "Translated Src"; + colTypes[col++]=Object; + + qsl << "Translated Dst"; + colTypes[col++]=Object; + + qsl << "Translated Srv"; + colTypes[col++]=Object; + + qsl << "Options"; + colTypes[col++]=Options; + + qsl << "Comment"; + colTypes[col]=Comment; + + ruleModel->setHeader(qsl); +// setColumnStretchable(col, true); + +// ncols=col; + + RuleSetView::init(); +} + +RuleElement* NATView::getRE( int row, int col ) +{ + if (row<0) return NULL; + NATRule *r = NATRule::cast( ruleIndex[row] ); + assert(r!=NULL); + return getRE(r,col); +} + +RuleElement* NATView::getRE( Rule *r, int col ) +{ + string ret; + + switch (getColType(col)) + { + case Object: + switch (col) + { + case 0: ret=RuleElementOSrc::TYPENAME; break; + case 1: ret=RuleElementODst::TYPENAME; break; + case 2: ret=RuleElementOSrv::TYPENAME; break; + case 3: ret=RuleElementTSrc::TYPENAME; break; + case 4: ret=RuleElementTDst::TYPENAME; break; + case 5: ret=RuleElementTSrv::TYPENAME; break; + } + break; + default: return NULL; + } + + return RuleElement::cast( r->getFirstByType(ret) ); +} + + + +RoutingView::RoutingView(Routing *p, QWidget *parent) : RuleSetView(1,5,parent) +{ + setName("RoutingView"); + ruleset=p; + iinit(); + init(); +} + +void RoutingView::init() +{ + colTypes[-1]=RuleOp; + ncols=6; + ruleModel->setColumnCount(ncols); + + int col=0; + + QStringList qsl; + qsl << "Destination"; + colTypes[col++]=Object; + + qsl << "Gateway"; + colTypes[col++]=Object; + + qsl << "Interface"; + colTypes[col++]=Object; + + qsl << "Metric"; + colTypes[col++]=Metric; + + qsl << "Options"; + colTypes[col++]=Options; + + qsl << "Comment"; + colTypes[col]=Comment; + + ruleModel->setHeader(qsl); +// setColumnStretchable(col, true); + +// ncols=col; + + RuleSetView::init(); +} + +RuleElement* RoutingView::getRE( int row, int col ) +{ + if (row<0) return NULL; + RoutingRule *r = RoutingRule::cast( ruleIndex[row] ); + assert(r!=NULL); + return getRE(r,col); +} + +RuleElement* RoutingView::getRE( Rule *r, int col ) +{ + string ret; + + switch (getColType(col)) + { + case Object: + switch (col) + { + case 0: ret=RuleElementRDst::TYPENAME; break; + case 1: ret=RuleElementRGtw::TYPENAME; break; + case 2: ret=RuleElementRItf::TYPENAME; break; + } + break; + default: return NULL; + } + + return RuleElement::cast( r->getFirstByType(ret) ); +} + + + diff --git a/src/gui/RuleSetView.h b/src/gui/RuleSetView.h new file mode 100644 index 000000000..33a97066c --- /dev/null +++ b/src/gui/RuleSetView.h @@ -0,0 +1,488 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: SimpleTextEditor.h,v 1.4 2007/01/06 22:03:25 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "fwbuilder/Rule.h" + +#include +#include +#include +#include +#include +#include +#include +//#include +#include +#include +#include +#include +#include +#include + +#include +#include + +class QMenu; + +using namespace std; + +namespace libfwbuilder { + class FWObject; + class Firewall; + class FWReference; + class RuleElement; + class Rule; + class RuleSet; + class Policy; + class InterfacePolicy; + class NAT; + class Routing; + class RuleElement; + class NATRule; + class RoutingRule; +}; + +class RuleSetView; + +/** + * this class is used to intercept mouse clicks on the vertical header + * of the table so we could open a context menu + */ +class headerMouseEventInterceptor : public QObject +{ + RuleSetView *rsv; + + public: + headerMouseEventInterceptor(RuleSetView *_rsv) { rsv=_rsv; } + + protected: + bool eventFilter( QObject *object, QEvent *event); +}; + +class RuleTableModel; + +class RuleDelegate : public QAbstractItemDelegate +{ + Q_OBJECT + + friend class RuleSetView; + friend class RuleTableModel; + +public: + RuleDelegate(RuleSetView *parent); + + QRect cellRect(const int row, const int col) const; + QRect cellGeometry(const int row, const int col) const; + void paint(QPainter *painter, const QStyleOptionViewItem &option, + const QModelIndex &index) const; + QSize sizeHint(const QStyleOptionViewItem &option, + const QModelIndex &index ) const; + +public slots: + + +private: + RuleSetView *ruleSetView; +}; + +class RuleTableModel : public QAbstractTableModel +{ + friend class RuleSetView; + friend class RuleDelegate; + +public: + + RuleTableModel(const int rows, const int columns, RuleSetView *ruleView); + ~RuleTableModel(); + + int rowCount ( const QModelIndex & parent = QModelIndex() ) const; + int columnCount ( const QModelIndex & parent = QModelIndex() ) const; + + void setRowCount ( const int &value ); + void setColumnCount ( const int &value ); + + QVariant data ( const QModelIndex & index, int role = Qt::DisplayRole ) const; + QVariant headerData(int section, Qt::Orientation orientation, int role = Qt::DisplayRole) const; + bool setHeader ( QStringList qsl ); + + void removeRows( const int row1, const int row2 ); + void swapRows( const int row1, const int row2 ); + void insertRow( const int before_pos ); + +protected: + int m_rowCount; + int m_columnCount; + QStringList header; + RuleSetView *ruleSetView; +}; + +class RuleSetView : public QTableView +{ + friend class headerMouseEventInterceptor; + friend class RuleTableModel; + friend class RuleDelegate; + + Q_OBJECT + + public slots: + void selectionChanged(const QItemSelection&, const QItemSelection&); + void restoreSelection(bool same_widget); + void currentChanged( const QModelIndex ¤t ); + + void itemDoubleClicked(const QModelIndex & index); + void contextMenu(int row, int col, const QPoint &pos); + void contextMenuRequested ( const QPoint &p ); + + void editSelected(); + void copySelectedObject(); + void cutSelectedObject(); + void deleteSelectedObject(); + void pasteObject(); + void findWhereUsedSlot(); + void revealObjectInTree(); + + void negateRE(); + void editRE(); + + void changeActionToAccept(); + void changeActionToDeny(); + void changeActionToReject(); + void changeActionToAccounting(); + void changeActionToPipe(); + void changeActionToTag(); + void changeActionToClassify(); + void changeActionToCustom(); + void changeActionToBranch(); + void changeActionToRoute(); + void changeActionToContinue(); + + void changeDirectionToIn(); + void changeDirectionToOut(); + void changeDirectionToBoth(); + void changeLogToOn(); + void changeLogToOff(); + + void setColorEmpty(); + void setColorRed(); + void setColorBlue(); + void setColorOrange(); + void setColorPurple(); + void setColorGray(); + void setColorYellow(); + void setColorGreen(); + + void insertRule(); + void removeRule(); + void addRuleAfterCurrent(); + void moveRule(); + void moveRuleUp(); + void moveRuleDown(); + + void copyRule(); + void cutRule(); + void pasteRuleAbove(); + void pasteRuleBelow(); + + + void enableRule(); + void disableRule(); + + void setRuleColor(const QString &c); + void setRuleNumber(int row, libfwbuilder::Rule *rule); + + void horzSectionResized ( int logicalIndex, int oldSize, int newSize ); + void vertSectionResized ( int logicalIndex, int oldSize, int newSize ); + + public: + + int firstSelectedRow, previousLastSelectedRow; + + QItemSelectionRange itemSelectionRange; + + virtual void paintCell(QPainter *p,int row,int col, const QRect &cr, bool selected, const QPalette &cg); + + libfwbuilder::RuleSet *ruleset; + + void setName(QString qs); + void setCurrentCell(const int row, const int col); + void changeCurrentCell(const int row, const int col, bool fullrefresh = false); + //set new current cell and update new and old cells + //fullrefresh forces method to change QTableView's currentIndex + //which interrupts any kind of selection (with shift and others) + + + int currentRow() const; + int currentColumn() const; + + void setCurrentRow(const int value); + void setCurrentColumn(const int value); + + + enum REType { RuleOp, + Object, + Action, + Direction, + Options, + Time, + Comment, + Metric }; + + protected: + + //these functions are added in the porting process + //they are needed to work with stored cell sizes (columnWidths, + //rowHeights) + void freezeRowSizing(); + void unfreezeRowSizing(); + + bool rowSizingFrozen; //is vertical sizing freezed? + //it is needed when we insert a row to the table + + int getColumnWidth( const int col ) const; + int getRowHeight( const int row ) const; + + void setColumnWidth( const int col, const int width ); + void setRowHeight( const int row, const int height ); + + bool event ( QEvent * event ); + + vector columnWidths; + vector rowHeights; + map rulesDisabled; + QIcon negIcon; + + int m_currentRow, m_currentColumn; + + enum PixmapAttr { Normal, Neg, Ref, Tree }; + enum PopupMenuAction { None, EditObj, EditRE, NegateRE }; + + headerMouseEventInterceptor hme; + + + +/* + * ruleIndex should provide for a fast direct access to elements, as + * well as for a reasonably fast adding and removal in an arbitrary + * place so that all element would shift up or down correspondingly. A + * map is a compromise, it provides for fast direct access but slow + * adding and removal (because I need to manually shift elements in a + * loop). + */ + std::map ruleIndex; + int ncols; + + //this bool var is needed for starting drag when user moves the mouse + //but not when he just clicks selected record + bool startingDrag; + + bool supports_time; + bool supports_logging; + bool supports_rule_options; + + int RuleElementSpacing; + + int pixmap_h; + int pixmap_w; + int text_h; + int item_h; + std::map dirtyRows; + + std::map colTypes; + + libfwbuilder::FWObject *selectedObject; + int selectedObjectRow; + int selectedObjectCol; + + libfwbuilder::FWObject *prevSelectedObject; + int prevSelectedObjectRow; + int prevSelectedObjectCol; + + bool kbdGoingUp; + bool changingSelection; + bool changingRules; + + PopupMenuAction lastPopupMenuAction; + + void iinit(); + QString settingsKey(); + + void adjustRow_int( int row, int h ); + + virtual void mousePressEvent( QMouseEvent* ev ); + virtual void mouseMoveEvent( QMouseEvent* ev ); + virtual void mouseReleaseEvent( QMouseEvent* ev ); + + virtual QDrag* dragObject(); + + virtual void keyPressEvent( QKeyEvent* ev ); + virtual void dragMoveEvent( QDragMoveEvent *ev); + virtual void dragEnterEvent( QDragEnterEvent *ev); + //virtual void contentsDragEnterEvent( QDragEnterEvent *ev); + virtual void dropEvent( QDropEvent *ev); + virtual void hideEvent(QHideEvent *ev); + + virtual void adjustRow( int row ); + virtual void adjustColumn( int col ); + + void addRuleBranch(libfwbuilder::PolicyRule *rule); + + QString getPlatform(); + + QRect calculateCellSize( int row, int col ); + +// RuleSetOptions* getOpt() const { return opt; } + + bool insertObject(int row, int col, libfwbuilder::FWObject *obj); + void deleteObject(int row, int col, libfwbuilder::FWObject *obj); + + void copyRuleContent(libfwbuilder::Rule *dst, libfwbuilder::Rule *src); + + void headerMousePressEvent(const QPoint &pos); + void changeDitection(libfwbuilder::PolicyRule::Direction dir); + void changeAction(libfwbuilder::PolicyRule::Action act); + + void setSelectedObject(libfwbuilder::FWObject* obj); + + public: + + RuleSetView( int r, int c, QWidget *parent); + virtual ~RuleSetView(); + virtual void init(); + + int firstSelectedRule; + int lastSelectedRule; + + RuleTableModel *ruleModel; + RuleDelegate *ruleDelegate; + + //this function is very special for updating selection + //it don't needs a focus on RuleSetView and repaints all the widget + void repaintSelection(); + + void clear(); + void unselect(); + + libfwbuilder::FWObject* getSelectedObject(); + libfwbuilder::Firewall* getFirewall(); + + libfwbuilder::Rule* insertRule(int pos, libfwbuilder::FWObject *r); + + libfwbuilder::FWObject* getObj(int row, int col, + int mouse_y_pos, QRect *cr=NULL); + libfwbuilder::PolicyRule* getRule(int row); + + void selectRE( int row, int col); + + /** + * selects rule element a reference 'ref' belongs to + */ + void selectRE(libfwbuilder::FWReference *ref); + + void updateCell( const int row, const int col ); + void updateAll(); + void updateCurrentCell(); + + void editCurrentObject(); + bool switchObjectInEditor(int col,bool validate=true); + + /** + * shows and selects object obj in the tree, or, if obj is a rule, + * shows corresponding firewall object. Makes sure keyboard focus + * returns back to the ruleset. + */ + void openObjectInTree(libfwbuilder::FWObject *obj); + + REType getColType(int col) const; + +private: + + virtual libfwbuilder::RuleElement* getRE( int row, int col ) = 0; + virtual libfwbuilder::RuleElement* getRE( libfwbuilder::Rule* r, int col ) = 0; + + QPixmap getPixmap(libfwbuilder::FWObject *obj, PixmapAttr pmattr = Normal) const; + QString objectText(libfwbuilder::RuleElement *re,libfwbuilder::FWObject *obj); + + void fixRulePosition(libfwbuilder::Rule *r, libfwbuilder::FWObject *parent, int pos); +}; + + +class PolicyView : public RuleSetView +{ + virtual libfwbuilder::RuleElement* getRE( int row, int col ) ; + virtual libfwbuilder::RuleElement* getRE( libfwbuilder::Rule* r, int col ) ; + + public: + + PolicyView(libfwbuilder::Policy *p, QWidget *parent); + virtual ~PolicyView() {} + + virtual void init(); + +}; + +class InterfacePolicyView : public RuleSetView +{ + virtual libfwbuilder::RuleElement* getRE( int row, int col ) ; + virtual libfwbuilder::RuleElement* getRE( libfwbuilder::Rule* r, int col ) ; + + public: + + InterfacePolicyView(libfwbuilder::InterfacePolicy *p, QWidget *parent); + virtual ~InterfacePolicyView() {} + + virtual void init(); + + +}; + +class NATView : public RuleSetView +{ + virtual libfwbuilder::RuleElement* getRE( int row, int col ) ; + virtual libfwbuilder::RuleElement* getRE( libfwbuilder::Rule* r, int col ) ; + + public: + + NATView(libfwbuilder::NAT *p, QWidget *parent); + virtual ~NATView() {} + + virtual void init(); + + +}; + +class RoutingView : public RuleSetView +{ + virtual libfwbuilder::RuleElement* getRE( int row, int col ) ; + virtual libfwbuilder::RuleElement* getRE( libfwbuilder::Rule* r, int col ) ; + + public: + + RoutingView(libfwbuilder::Routing *p, QWidget *parent); + virtual ~RoutingView() {} + + virtual void init(); + + +}; + diff --git a/src/gui/SSHIOS.cpp b/src/gui/SSHIOS.cpp new file mode 100644 index 000000000..04ac5e136 --- /dev/null +++ b/src/gui/SSHIOS.cpp @@ -0,0 +1,138 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: SSHIOS.cpp,v 1.3 2007/05/11 05:58:39 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "SSHIOS.h" + +#include + +#include +#ifndef errno +extern int errno; +#endif + +using namespace std; + +SSHIOS::SSHIOS(QWidget *_par, + const QString &_h, + const QStringList &args, + const QString &_p, + const QString &_ep, + const std::list &_in) : SSHPIX(_par,_h,args,_p,_ep,_in) +{ + normal_prompt=">$"; + fwb_prompt="--**--**--"; + enable_prompt="#$"; + pwd_prompt="'s password: $"; + epwd_prompt="Password: "; + ssh_pwd_prompt="'s password: "; + ssoft_config_prompt="> "; + sudo_pwd_prompt="Password:"; + putty_pwd_prompt="Password: "; + passphrase_prompt="Enter passphrase for key "; + + errorsInit.clear(); + errorsInit.push_back("Permission denied"); + errorsInit.push_back("Invalid password"); + errorsInit.push_back("Access denied"); + errorsInit.push_back("Unable to authenticate"); + errorsInit.push_back("Too many authentication failures"); + + errorsLoggedin.clear(); + errorsLoggedin.push_back("Invalid password"); + errorsLoggedin.push_back("ERROR: "); + errorsLoggedin.push_back("Not enough arguments"); + errorsLoggedin.push_back("cannot find"); + + errorsEnabledState.clear(); + errorsEnabledState.push_back("ERROR: "); + errorsEnabledState.push_back("Type help"); + errorsEnabledState.push_back("Not enough arguments"); + errorsEnabledState.push_back("invalid input detected"); + errorsEnabledState.push_back("Invalid"); + errorsEnabledState.push_back("cannot find"); + +} + +SSHIOS::~SSHIOS() +{ +} + +// IOS state machine needs to be able to deal with +// "reload in ... " command + +void SSHIOS::stateMachine() +{ + if (checkForErrors()) return; + + switch (state) + { + case ENABLE: + if ( cmpPrompt(stdoutBuffer,QRegExp(enable_prompt)) ) + { + if (pre_config_commands.size()>0) + { + stdoutBuffer=""; + + QString cmd = pre_config_commands.front(); + pre_config_commands.pop_front(); + + if (cmd.indexOf("reload in")!=-1) + state = SCHEDULE_RELOAD_DIALOG; + + proc->write( cmd.toAscii() ); + proc->write( "\n" ); + break; + } else + SSHPIX::stateMachine(); + } + break; + + case SCHEDULE_RELOAD_DIALOG: + if ( cmpPrompt(stdoutBuffer,QRegExp("System config.* modified\\. Save?")) ) + { + stdoutBuffer=""; + proc->write( "no\n" ); + break; + } + if ( cmpPrompt(stdoutBuffer,QRegExp("Proceed with reload?")) ) + { + stdoutBuffer=""; + proc->write( "y\n" ); + state = ENABLE; + break; + } + break; + + default: + SSHPIX::stateMachine(); + break; + } +} diff --git a/src/gui/SSHIOS.h b/src/gui/SSHIOS.h new file mode 100644 index 000000000..1c60348c9 --- /dev/null +++ b/src/gui/SSHIOS.h @@ -0,0 +1,52 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: SSHIOS.h,v 1.1 2007/05/11 03:42:16 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __SSHIOS_H_ +#define __SSHIOS_H_ + +#include "../../config.h" +#include "global.h" + +#include "SSHPIX.h" + +class SSHIOS : public SSHPIX { + + Q_OBJECT + +public: + + SSHIOS(QWidget *parent, + const QString &host, + const QStringList &args, + const QString &pwd, + const QString &epwd, + const std::list &in); + virtual ~SSHIOS(); + + virtual void stateMachine(); +}; + +#endif diff --git a/src/gui/SSHPIX.cpp b/src/gui/SSHPIX.cpp new file mode 100644 index 000000000..54a124e45 --- /dev/null +++ b/src/gui/SSHPIX.cpp @@ -0,0 +1,788 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: SSHPIX.cpp,v 1.23 2007/07/13 05:32:55 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "SSHPIX.h" + +#include +#include +#include +#include +#include +#include + +#include + +#include +#ifndef errno +extern int errno; +#endif + +using namespace std; + +SSHPIX::SSHPIX(QWidget *_par, + const QString &_h, + const QStringList &args, + const QString &_p, + const QString &_ep, + const std::list &_in) : SSHSession(_par,_h,args,_p,_ep,_in) +{ + normal_prompt="> $"; + fwb_prompt="--**--**--"; + enable_prompt="# $|# *Access Rules Download Complete"; + pwd_prompt="'s password: $"; + epwd_prompt="Password: "; + ssh_pwd_prompt="'s password: "; + ssoft_config_prompt="> "; + sudo_pwd_prompt="Password:"; + putty_pwd_prompt="Password: "; + passphrase_prompt="Enter passphrase for key "; + + errorsInit.push_back("Permission denied"); + errorsInit.push_back("Invalid password"); + errorsInit.push_back("Access denied"); + errorsInit.push_back("Unable to authenticate"); + errorsInit.push_back("Too many authentication failures"); + + errorsLoggedin.push_back("Invalid password"); + errorsLoggedin.push_back("ERROR: "); + errorsLoggedin.push_back("Not enough arguments"); + errorsLoggedin.push_back("cannot find"); + + errorsEnabledState.push_back("ERROR: "); + errorsEnabledState.push_back("Type help"); + errorsEnabledState.push_back("Not enough arguments"); + errorsEnabledState.push_back("Invalid"); + errorsEnabledState.push_back("invalid"); + errorsEnabledState.push_back("cannot find"); + errorsEnabledState.push_back("An object-group with the same id but different type"); +} + +void SSHPIX::loadPreConfigCommands(const QStringList &cl) +{ + pre_config_commands = cl; +} + +void SSHPIX::loadPostConfigCommands(const QStringList &cl) +{ + post_config_commands = cl; +} + +SSHPIX::~SSHPIX() +{ +} + +QString SSHPIX::cmd(QProcess *proc,const QString &cmd) +{ + stdoutBuffer=""; + + proc->write( (cmd + "\n").toAscii() ); +// proc->write( "\n" ); + + state=EXECUTING_COMMAND; + qApp->processEvents(); +// QApplication::eventLoop()->enterLoop(); + + return stdoutBuffer; +} + + +bool SSHPIX::checkForErrors() +{ + QStringList *errptr; + + switch (state) + { + case LOGGEDIN: errptr= &errorsLoggedin; break; + case ENABLE: errptr= &errorsEnabledState; break; + default: errptr= &errorsInit; break; + } + + for (QStringList::const_iterator i=errptr->begin(); + i!=errptr->end(); ++i) + { + if ( stdoutBuffer.lastIndexOf(*i,-1)!=-1 ) + { + if (fwbdebug) + qDebug(QString("Got known error message: %1").arg(stdoutBuffer).toAscii().constData()); + + emit printStdout_sign( tr("\n*** Fatal error :") ); + emit printStdout_sign( stdoutBuffer+"\n" ); + stdoutBuffer=""; +// terminate(); + sessionComplete(true); // finish with error status + return true; + } + } + return false; +} + +void SSHPIX::stateMachine() +{ + if (checkForErrors()) return; + + switch (state) + { + case NONE: + { + if ( cmpPrompt(stdoutBuffer,QRegExp(pwd_prompt)) ) + { + stdoutBuffer=""; + proc->write( (pwd + "\n").toAscii() ); + // proc->write( "\n" ); + break; + } +/* we may get to LOGGEDIN state directly from NONE, for example when + * password is supplied on command line to plink.exe + */ + if (cmpPrompt(stdoutBuffer,QRegExp(normal_prompt)) ) + { + stdoutBuffer=""; + state=LOGGEDIN; + emit printStdout_sign( "\n"); + emit printStdout_sign( tr("Logged in") + "\n" ); + emit printStdout_sign( tr("Switching to enable mode...") + "\n"); + stdoutBuffer=""; + proc->write( "enable\n" ); + //proc->write( "\n" ); + } + +/* we may even get straight to the enable prompt, e.g. if + * user account is configured with "privilege 15" + */ + if ( cmpPrompt(stdoutBuffer,QRegExp(enable_prompt)) ) + { + state=WAITING_FOR_ENABLE; + stateMachine(); + break; + } + + QString fingerprint; + //int n1,n2; + if (stdoutBuffer.indexOf(newKeyOpenSSH)!=-1 || + stdoutBuffer.indexOf(newKeyPlink)!=-1 || + stdoutBuffer.indexOf(newKeySSHComm)!=-1) + { +/* new key */ + bool unix_y_n = (stdoutBuffer.indexOf(newKeyOpenSSH)!=-1 || + stdoutBuffer.indexOf(newKeySSHComm)!=-1); + + if (fwbdebug) qDebug("New host key message detected"); + + fingerprint = findKeyFingerprint(stdoutBuffer); + + QString msg = newKeyMsg.arg(host).arg(fingerprint).arg(host); + + stopHeartBeat(); + + int res =QMessageBox::warning( parent, tr("New RSA key"), msg, + tr("Yes"), tr("No"), 0, + 0, -1 ); + + if (fwbdebug) + qDebug("User said: res=%d", res); + + startHeartBeat(); + + stdoutBuffer=""; + if (res==0) + { + if (unix_y_n) proc->write( "yes\n" ); + else proc->write( "y\n" ); + break; + } else + { + sessionComplete(true); // finish with error status + return; +// state=EXIT; +// goto entry; + } + } + } + break; + + case LOGGEDIN: + if ( cmpPrompt(stdoutBuffer,QRegExp(epwd_prompt)) ) + { + stdoutBuffer=""; + if (!epwd.isEmpty()) proc->write( (epwd + "\n").toAscii() ); + else proc->write( "\n" ); + state=WAITING_FOR_ENABLE; + } + break; + + case WAITING_FOR_ENABLE: + if ( cmpPrompt(stdoutBuffer,QRegExp(epwd_prompt)) ) + { + stdoutBuffer=""; + if (!epwd.isEmpty()) proc->write( (epwd + "\n").toAscii() ); + else proc->write( "\n" ); + state=WAITING_FOR_ENABLE; + break; + } + if ( cmpPrompt(stdoutBuffer,QRegExp(enable_prompt)) ) + { + emit printStdout_sign( tr("In enable mode.")); + emit printStdout_sign( "\n"); + state=ENABLE; // and go to ENABLE target in switch + + /* give classes derived from SSHPIX a chance to do + * something before we switch to config mode. If is + * SSHPIX class, the stateMachine method will simply call + * itself and will fall through to the ENABLE state. + */ + stateMachine(); + break; + } + + case ENABLE: + if ( cmpPrompt(stdoutBuffer,QRegExp(enable_prompt)) ) + { + if (pre_config_commands.size()>0) + { + stdoutBuffer=""; + + QString cmd = pre_config_commands.front(); + pre_config_commands.pop_front(); + + if (cmd.indexOf("reload in")!=-1) + state = SCHEDULE_RELOAD_DIALOG; + + proc->write( (cmd + "\n").toAscii() ); + // proc->write( "\n" ); + break; + } + + stdoutBuffer=""; + + if (backup) + { + /* the problem is that QProcess uses select and thus + * is tightly integrated into event loop. QT uses + * internal private flag inside QProcess to + * specifically prevent recursive calls to + * readyReadStdout (look for d->socketReadCalled in + * kernel/qprocess_unix.cpp ). So, I _must_ exit this + * callback before I can send commands to the process + * and collect the output. + */ + QTimer::singleShot( 0, this, SLOT(PIXbackup()) ); + break; + } + + proc->write( "config t\n" ); + //proc->write( "\n" ); + state=WAITING_FOR_CONFIG_PROMPT; + } + break; + + case SCHEDULE_RELOAD_DIALOG: + if ( cmpPrompt(stdoutBuffer,QRegExp("System config.* modified\\. Save?")) ) + { + stdoutBuffer=""; + proc->write( "n" ); // no \n needed + break; + } + if ( cmpPrompt(stdoutBuffer,QRegExp("Proceed with reload?")) ) + { + stdoutBuffer=""; + proc->write( "y" ); // no \n needed + break; + } + if ( cmpPrompt(stdoutBuffer,QRegExp("SHUTDOWN")) ) + { + stdoutBuffer=""; + proc->write( "\n" ); + state = ENABLE; + break; + } + break; + + case EXECUTING_COMMAND: + if ( cmpPrompt(stdoutBuffer,QRegExp(enable_prompt)) ) + { + //QApplication::eventLoop()->exitLoop(); + QCoreApplication::exit(); + state=COMMAND_DONE; + } + break; + + case WAITING_FOR_CONFIG_PROMPT: + if ( cmpPrompt(stdoutBuffer,QRegExp(enable_prompt)) ) + { + state=CONFIG; + +/* install full policy */ + QString ff = wdir+"/"+conffile; + config_file = new ifstream(ff.toLatin1().constData()); + if ( ! *config_file) + { + emit printStdout_sign( + QObject::tr("Can not open file %1").arg(ff) + "\n" + ); + state=FINISH; + break; + } else + { +/* read the whole file */ + string s0; + nLines =0; + bool store=!incremental; + while ( !config_file->eof() ) + { + getline( *config_file, s0); + if (!store) + { + store=(s0.find("!################")==0); + } + if (store) + { + QString s(s0.c_str()); + s = s.trimmed(); + allConfig.push_back(s); + nLines++; +/* + * store names of access-lists and object-groups actually used in the config + */ + if (s.indexOf("access-list ")==0) + newAcls.push_back(s.section(' ',1,1)); + if (s.indexOf("object-group ")==0) + newObjectGroups.push_back(s.section(' ',1,1)); + } + } + config_file->close(); + delete config_file; + config_file=NULL; + + emit updateProgressBar_sign(nLines,true); + } + state=PUSHING_CONFIG; // and drop to PUSHING_CONFIG case + if (!dry_run) + emit printStdout_sign(tr("Pushing firewall configuration")); + emit printStdout_sign( "\n"); + ncmd=0; + } +#if 0 + else + { +/* install incrementally */ + + QTimer::singleShot( 1, this, SLOT(PIXincrementalInstall()) ); + break; + } +#endif + + case PUSHING_CONFIG: + if ( cmpPrompt(stdoutBuffer,QRegExp(enable_prompt)) ) + { + loop1: + if ( allConfig.size()!=0 ) + { + QString s; + + do { + s = allConfig.front(); + allConfig.pop_front(); + } while (stripComments && s[0]=='!'); + + emit updateProgressBar_sign(allConfig.size(),false); + + s.replace('\"','\''); + + if (!verbose) + { + QString rl=""; + if (s.indexOf("! Rule ")!=-1) rl=s.mid(7); + if ( !rl.isEmpty()) + { + emit printStdout_sign( tr("Rule %1").arg(rl) + "\n" ); + //emit printStdout_sign( "\n"); + } + } + + if (!dry_run) + { + if ( !s.isEmpty()) ncmd++; + stdoutBuffer=""; + proc->write( (s+"\n").toAscii() ); // send even if s is empty + qApp->processEvents(); + break; + } else + { + emit printStdout_sign( s+"\n" ); + goto loop1; + } + break; + } else + { + /* allConfig.size()==0 */ + +// state=GET_ACLS; +// goto entry; + + state=EXIT_FROM_CONFIG; + emit printStdout_sign( tr("End") + "\n" ); + proc->write( "exit\n" ); + } + } + break; + + case GET_ACLS: + if ( cmpPrompt(stdoutBuffer,QRegExp(enable_prompt)) ) + { + QTimer::singleShot( 0, this, SLOT(getACLs()) ); + } + break; + + case GET_OG: + if ( cmpPrompt(stdoutBuffer,QRegExp(enable_prompt)) ) + { + QTimer::singleShot( 0, this, SLOT(getObjectGroups()) ); + } + break; + + + case CLEAR_ACLS: + if ( cmpPrompt(stdoutBuffer,QRegExp(enable_prompt)) ) + { + QTimer::singleShot( 0, this, SLOT(clearACLs()) ); + } + break; + + case CLEAR_OG: + if ( cmpPrompt(stdoutBuffer,QRegExp(enable_prompt)) ) + { + QTimer::singleShot( 0, this, SLOT(clearObjectGroups()) ); + } + break; + + + case EXIT_FROM_CONFIG: + if ( cmpPrompt(stdoutBuffer,QRegExp(enable_prompt)) ) + { + /* + * NOTE: at this point we are still in the config mode! + * + * Execute post_config_commands and exit from config mode. + */ + if (post_config_commands.size()>0) + { + stdoutBuffer=""; + + QString cmd = post_config_commands.front(); + post_config_commands.pop_front(); + + proc->write( (cmd + "\n").toAscii() ); + //proc->write( "\n" ); + break; + } + + stdoutBuffer=""; + state=EXIT; + proc->write( "exit\n"); + } + break; + + case EXIT: +// emit printStdout_sign( tr("Terminating session\n") ); +// terminate(); +// state=FINISH; + break; + + case FINISH: + break; + + default: break; + } +} + +void SSHPIX::PIXbackup() +{ + if (fwbdebug) qDebug("SSHPIX::PIXbackup "); + + bool sv=verbose; + verbose=false; + + emit printStdout_sign(tr("Making backup copy of the firewall configuration")); + emit printStdout_sign( "\n"); + + QString cfg=cmd(proc,"show run"); + + verbose=sv; + +/* if state changed to FINISH, there was an error and ssh terminated */ + if (state==FINISH) return; + if (state==COMMAND_DONE) + { + ofstream ofs(backupFile.toLatin1().constData()); + ofs << cfg.toAscii().constData(); + ofs.close(); + + backup=false; // backup is done + state=ENABLE; + } + + proc->write( "\n" ); +} + +void SSHPIX::getACLs() +{ + if (fwbdebug) qDebug("SSHPIX::getACLs "); + + bool sv=verbose; + bool sq=quiet; + verbose=false; + quiet=true; + + QString sa=cmd(proc,"show access-list"); + + QStringList showAcls; + showAcls=sa.split("\n"); + + verbose=sv; + quiet=sq; + +/* if state changed to FINISH, there was an error and ssh terminated */ + if (state==FINISH) return; + if (state==COMMAND_DONE) + { + for (QStringList::iterator i=showAcls.begin(); i!=showAcls.end(); i++) + { +// if (fwbdebug) qDebug("%s",(*i).ascii()); + if ((*i).indexOf("access-list ")==0 && (*i).indexOf(";")==-1) + { + QString an=(*i).section(' ',1,1); + if (an!="cached" && currentAcls.indexOf(an)==-1) + currentAcls.push_back(an); + } + } + state=GET_OG; + } + + proc->write( "\n" ); +} + +void SSHPIX::clearACLs() +{ + if (fwbdebug) qDebug("SSHPIX::clearACLs "); + + emit printStdout_sign( "\n"); + emit printStdout_sign(tr("*** Clearing unused access lists")); + emit printStdout_sign( "\n"); + + QString ca; + + while (currentAcls.size()!=0) + { + ca=currentAcls.front(); + currentAcls.pop_front(); + if (newAcls.indexOf(ca)==-1)//newAcls.end()) + { + if (fwbdebug) qDebug("clear access-list %s",ca.toAscii().constData()); + cmd(proc,QString("clear access-list %1").arg(ca)); + +/* if state changed to FINISH, there was an error and ssh terminated */ + if (state==FINISH) return; + } + } + + state=CLEAR_OG; + proc->write( "\n" ); +} + +void SSHPIX::getObjectGroups() +{ + if (fwbdebug) qDebug("SSHPIX::getObjectGroups "); + + bool sv=verbose; + bool sq=quiet; + verbose=false; + quiet=true; + + QString sog=cmd(proc,"show object-group"); + + QStringList showOG; + showOG=sog.split("\n"); + + verbose=sv; + quiet=sq; + +/* if state changed to FINISH, there was an error and ssh terminated */ + if (state==FINISH) return; + if (state==COMMAND_DONE) + { + for (QStringList::iterator i=showOG.begin(); i!=showOG.end(); i++) + { +// if (fwbdebug) qDebug("%s",(*i).ascii()); + if ((*i).indexOf("object-group ")==0) + { + QString ogn=(*i).section(' ',1,1); + if (currentObjectGroups.indexOf(ogn)==-1)//currentObjectGroups.end()) + currentObjectGroups.push_back(ogn); + } + } + state=CLEAR_ACLS; + } + + proc->write( "\n" ); +} + +void SSHPIX::clearObjectGroups() +{ + if (fwbdebug) qDebug("SSHPIX::clearObjectGroups "); + + emit printStdout_sign( "\n"); + emit printStdout_sign(tr("*** Clearing unused object groups")); + emit printStdout_sign( "\n"); + + QString ca; + + while (currentObjectGroups.size()!=0) + { + ca=currentObjectGroups.front(); + currentObjectGroups.pop_front(); + if (newObjectGroups.indexOf(ca)==-1)//==newObjectGroups.end()) + { + if (fwbdebug) qDebug("clear object-group %s",ca.toAscii().constData()); + cmd(proc,QString("clear object-group %1").arg(ca)); + +/* if state changed to FINISH, there was an error and ssh terminated */ + if (state==FINISH) return; + } + } + + state=EXIT_FROM_CONFIG; + emit printStdout_sign( tr("*** End ") + "\n" ); + proc->write( "exit\n" ); +} + +void SSHPIX::PIXincrementalInstall() +{ + QString current_config; + + bool sv=verbose; + verbose=false; + + emit printStdout_sign(tr("Reading current firewall configuration")); + emit printStdout_sign( "\n"); + + current_config =cmd(proc,"show run | grep ^telnet|^ssh|^icmp"); + if (state==FINISH) return; + current_config+=cmd(proc,"show object-group"); + if (state==FINISH) return; + current_config+=cmd(proc,"show access-list"); + if (state==FINISH) return; + current_config+=cmd(proc,"show global"); + if (state==FINISH) return; + current_config+=cmd(proc,"show nat"); + if (state==FINISH) return; + current_config+=cmd(proc,"show static"); + if (state==FINISH) return; + + verbose=sv; + + if (state==COMMAND_DONE) + { + QString statefile = wdir+"/"+conffile + "_current"; + ofstream ofs(statefile.toLatin1().constData()); + ofs << current_config.toAscii().constData(); + ofs.close(); + + emit printStdout_sign(tr("Generating configuration diff")); + emit printStdout_sign( "\n"); + + QString cm = diff_pgm + " \"" + statefile + "\" \"" + wdir+"/"+conffile + "\""; + +// emit printStdout_sign(tr("Running command: %1\n").arg(cm)); + +#ifdef _WIN32 + FILE *f = _popen( cm.toLatin1().constData(), "r"); +#else + FILE *f = popen( cm.toLatin1().constData(), "r"); +#endif + if (f==NULL) + { + emit printStdout_sign( + tr("Fork failed for %1").arg(diff_pgm)); + emit printStdout_sign( "\n"); + switch (errno) + { + case EAGAIN: + case ENOMEM: + emit printStdout_sign(tr("Not enough memory.") + "\n"); + break; + case EMFILE: + case ENFILE: + emit printStdout_sign( + tr("Too many opened file descriptors in the system.") + "\n"); + break; + + } + emit printStdout_sign( "\n"); + state=FINISH; + proc->write( "\n" ); + return; + } + + char buf[1024]; + int nLines=0; + while (fgets(buf,1024,f)) + { + allConfig += buf; + nLines++; + } +#ifdef _WIN32 + _pclose(f); +#else + pclose(f); +#endif + + if (allConfig.isEmpty()) + { + allConfig=QStringList(); + emit printStdout_sign(tr("Empty configuration diff")); + emit printStdout_sign( "\n"); + } + + if (save_diff) + { + ofstream odiff((wdir+"/"+diff_file).toLatin1().constData()); + odiff << allConfig.join("").toAscii().constData(); + odiff.close(); + } + + state=PUSHING_CONFIG; + emit updateProgressBar_sign(nLines,true); + if (!dry_run) + emit printStdout_sign(tr("Pushing firewall configuration") + "\n"); + } + proc->write( "\n" ); +} + diff --git a/src/gui/SSHPIX.h b/src/gui/SSHPIX.h new file mode 100644 index 000000000..a39f57ca2 --- /dev/null +++ b/src/gui/SSHPIX.h @@ -0,0 +1,91 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: SSHPIX.h,v 1.7 2007/05/11 02:14:28 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __SSHPIX_H_ +#define __SSHPIX_H_ + +#include "../../config.h" +#include "global.h" + +#include "SSHSession.h" + +#include +#include + +#include +#include + + + +class SSHPIX : public SSHSession { + + Q_OBJECT + + int nLines; + int ncmd; + QStringList allConfig; + + QStringList newAcls; + QStringList currentAcls; + + QStringList newObjectGroups; + QStringList currentObjectGroups; + + std::ifstream *config_file; + +protected: + QStringList pre_config_commands; + QStringList post_config_commands; + +public: + + SSHPIX(QWidget *parent, + const QString &host, + const QStringList &args, + const QString &pwd, + const QString &epwd, + const std::list &in); + virtual ~SSHPIX(); + + virtual bool checkForErrors(); + virtual void stateMachine(); + + QString cmd(QProcess *proc,const QString &cmd); + + void loadPreConfigCommands(const QStringList &cl); + void loadPostConfigCommands(const QStringList &cl); + +public slots: + void PIXbackup(); + void getACLs(); + void clearACLs(); + void getObjectGroups(); + void clearObjectGroups(); + void PIXincrementalInstall(); + +}; + +#endif diff --git a/src/gui/SSHSession.cpp b/src/gui/SSHSession.cpp new file mode 100644 index 000000000..4dff3d564 --- /dev/null +++ b/src/gui/SSHSession.cpp @@ -0,0 +1,548 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: SSHSession.cpp,v 1.27 2007/07/13 05:32:55 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "SSHSession.h" +#include "instConf.h" + +#include +#include +#include +#include +#include +#include +//#include +#include +#include +#include + +#include + +#ifdef _WIN32 +# include +#endif + + +using namespace std; + +char *SSHSession::newKeyOpenSSH ="Are you sure you want to continue connecting (yes/no)?"; +char *SSHSession::newKeyPlink ="Store key in cache? (y/n)"; +char *SSHSession::newKeyVsh ="Accept and save? (y/n)"; +char *SSHSession::newKeySSHComm ="You can get a public key's fingerprint by running"; + + +char *SSHSession::fingerprintPrompt1="key fingerprint is"; +char *SSHSession::fingerprintPrompt2="Key fingerprint:"; + + + +SSHSession::SSHSession(QWidget *_par, + const QString &_h, + const QStringList &_args, + const QString &_p, + const QString &_ep, + const list &_in) +{ + parent = _par; + host = _h; + args = _args; + pwd = _p; + epwd = _ep; + input = _in; + quiet = false; + verbose = false; + closeStdin = false; + error = false; + endOfCopy = false; + + proc = NULL; + retcode = 0; + heartBeatTimer = new QTimer(this); + connect(heartBeatTimer, SIGNAL(timeout()), this, SLOT(heartBeat()) ); + + newKeyMsg = tr("You are connecting to the firewall '%1' for the first time. It has provided you its identification in a form of its host public key. The fingerprint of the host public key is: \"%2\" You can save the host key to the local database by pressing YES, or you can cancel connection by pressing NO. You should press YES only if you are sure you are really connected to the firewall '%3'."); + + + fwb_prompt=""; + quiet=false; + verbose=false; + backup=false; + incremental=false; + dry_run=false; + testRun=false; + stripComments=false; + wdir=""; + conffile=""; + backupFile=""; + save_diff=""; + diff_pgm=""; + diff_file=""; + +} + +QString SSHSession::findKeyFingerprint(QString &buffer) +{ + char *fp = fingerprintPrompt1; + int n1,n2; + + if ( (n1=buffer.indexOf(fp))==-1) + { + fp = fingerprintPrompt2; + if ( (n1=buffer.indexOf(fp))==-1) + return QString(""); + } + + n1 += strlen(fp)+1; + n2 = buffer.indexOf("\n", n1+4); + return buffer.mid(n1,n2-n1); +} + +void SSHSession::startSession() +{ + proc = new QProcess(); + retcode = -1; + + startHeartBeat(); + + if (fwbdebug) + qDebug("SSHSession::startSession this=%p proc=%p heartBeatTimer=%p", + this,proc,heartBeatTimer); + + connect(proc,SIGNAL(readyReadStandardOutput()), this, SLOT(readFromStdout() ) ); + connect(proc,SIGNAL(readyReadStandardError()), this, SLOT(readFromStderr() ) ); + connect(proc,SIGNAL(finished( int, QProcess::ExitStatus )), this, SLOT(finished( int ) ) ); + + QTextCodec::setCodecForCStrings(QTextCodec::codecForName("latin1")); + + QStringList arguments; + + for (QStringList::const_iterator i=args.begin(); i!=args.end(); ++i) + { + arguments << *i; + //proc->addArgument( *i ); + cmd += *i; + } + + QStringList env; + +#ifdef _WIN32 + env.push_back( QString("APPDATA=")+getenv("APPDATA") ); + env.push_back( QString("HOMEPATH=")+getenv("HOMEPATH") ); + env.push_back( QString("HOMEDRIVE=")+getenv("HOMEDRIVE") ); + env.push_back( QString("ProgramFiles=")+getenv("ProgramFiles") ); +/* NB: putty absolutely needs SystemRoot env. var. */ + env.push_back( QString("SystemRoot=")+getenv("SystemRoot") ); + env.push_back( QString("TEMP=")+getenv("TEMP") ); + env.push_back( QString("USERNAME=")+getenv("USERNAME") ); + env.push_back( QString("USERPROFILE=")+getenv("USERPROFILE") ); + + env.push_back( QString("HOME=")+getenv("HOMEPATH") ); + env.push_back( QString("USER=")+getenv("USERNAME") ); +#else + env.push_back( QString("HOME=")+getenv("HOME") ); + env.push_back( QString("USER=")+getenv("USER") ); +#endif + + env.push_back( QString("TMP=")+getenv("TMP") ); + env.push_back( QString("PATH=")+getenv("PATH") ); + env.push_back( QString("SSH_AUTH_SOCK=")+getenv("SSH_AUTH_SOCK") ); + +// emit printStdout_sign( tr("Running command %1\n").arg(cmd) ); + + proc->setEnvironment(env); + + assert(arguments.size() > 0); //i suppose first argument is the program to start + QString program = arguments[0]; //if it isn't so, we'll fail here + + proc->start(program, arguments); + + if ( !proc->waitForStarted() ) + { + emit printStdout_sign( tr("Failed to start ssh") + "\n" ); + return; + } + + if (fwbdebug) + qDebug("SSHSession::startSession started child process"); + + + logged_in = false; + enable = false; + configure = false; + state = NONE; +} + +SSHSession::~SSHSession() +{ + terminate(); +} + +/* + * this is redundant and wrong. Should just copy a pointer to instConf + * object and use that instead of making local copy of each flag. + */ +void SSHSession::setOptions(instConf *cnf) +{ + setQuiet(cnf->quiet); + setVerbose(cnf->verbose); + setBackup(cnf->backup); + setBackupFile(cnf->backup_file); + setIncr(cnf->incremental); + setDryRun(cnf->dry_run); + setSaveStandby(cnf->saveStandby); + setTestRun(cnf->testRun); + setStripComments(cnf->stripComments); + setWDir(cnf->wdir); + setConfFile(cnf->conffile); + setSaveDiff(cnf->save_diff); + setDiffPgm(cnf->diff_pgm); + setDiffFile(cnf->diff_file); +} + +void SSHSession::terminate() +{ + if (fwbdebug) + qDebug("SSHSession::terminate this=%p proc=%p heartBeatTimer=%p", + this,proc,heartBeatTimer); + + stopHeartBeat(); + + if (proc!=NULL) + { + disconnect(proc,SIGNAL(readyReadStdout()), + this,SLOT(readFromStdout() ) ); + disconnect(proc,SIGNAL(readyReadStderr()), + this,SLOT(readFromStderr() ) ); + disconnect(proc,SIGNAL(finished(int, QProcess::ExitStatus)), + this,SLOT(finished(int) ) ); + + if (fwbdebug) + qDebug("SSHSession::terminate terminating child process"); +#ifdef _WIN32 + if (proc->pid() != NULL) +#else + if (proc->pid() != -1) +#endif + { + // process is stll alive, killing + QString s=QString(proc->readAllStandardOutput()); + if (!quiet) + { + s.replace('\r',""); + emit printStdout_sign(s); + } + proc->kill(); + delete proc; + proc=NULL; + retcode=-1; +// processExited(); + } + } + if (fwbdebug) qDebug("SSHSession::terminate done"); +} + +bool SSHSession::checkForErrors() +{ + return true; +} + +void SSHSession::stateMachine() +{ +} + +/* + * signal wroteToStdin is connected to slot readyToSend. Can not send + * next line in this slot because on win32 it emits the signal and + * thus calls the same slot recursively, without exiting first. On + * Linux and Mac it seems to exit and then emit the signal and call + * slot on the next pass of the even loop. Since on win32 this does + * not happen, need to schedule sending next line via single shot + * timer instead of calling it directly. + */ +void SSHSession::readyToSend() +{ + QTimer::singleShot( 0, this, SLOT(sendLine()) ); +} + +void SSHSession::sendLine() +{ + int n=0; + while (input.size()!=0 && n<10) + { + string s = input.front(); + s = s + "\n"; + if (fwbdebug) + qDebug("SSHSession::sendLine : %d lines to go -- %s",input.size(),s.c_str()); + input.pop_front(); + + stdoutBuffer=""; + +/* it is important that we use writeToStdin(QByteArray &) rather than + * writeToStdin(QString &) because the latter performs implicit + * conversion into local locale assuming the string is in Unicode. The + * string in our case is actually in whatever encoding the firewall + * script is written to the local filesystem, which may or may not be + * UTF-8 but is definitely not Unicode. The conversion not only breaks + * comments that were entered in UTF-8, it makes QProcess miscalculate + * number of characters in comment lines using UTF-8 which in turns + * breaks the script even worse because it glues consequitive lines + * together. Apparently this has been fixed in latest versions of QT + * 3.x but this is still broken in QT 3.1 which is shipping with + * RedHat 9 and some other still popular distributions. Since we need + * to support old QT 3.x, the code must work around this problem. + */ + QByteArray buf; + buf = s.c_str(); + proc->write/*ToStdin*/(buf); + + n++; + } + emit updateProgressBar_sign(input.size(),false); + + if (input.size()==0) + { + if (fwbdebug) qDebug("SSHUnx::sendLine - entire file sent, closeStdin=%d", + closeStdin); + endOfCopy = true; + } +} + +void SSHSession::allDataSent() +{ + if (fwbdebug) + qDebug("SSHSession::allDataSent closing stdin"); + + disconnect(proc,SIGNAL(bytesWritten(qint64)),this,SLOT(readyToSend())); + +#ifdef _WIN32 + Sleep(2000); +#endif + proc->closeWriteChannel(); +#ifdef _WIN32 + Sleep(1000); +#endif + readFromStdout(); +} + +void SSHSession::startHeartBeat() +{ + if (fwbdebug) qDebug("SSHSession::startHeartBeat"); + heartBeatTimer->start(1000); +} + +void SSHSession::stopHeartBeat() +{ + if (fwbdebug) qDebug("SSHSession::stopHeartBeat"); + heartBeatTimer->stop(); +} + +void SSHSession::heartBeat() +{ + if (fwbdebug) qDebug("SSHSession::heartBeat"); + readFromStderr(); + readFromStdout(); + if (endOfCopy && closeStdin) + { + allDataSent(); + endOfCopy = false; + } +} + +void SSHSession::readFromStdout() +{ + if (proc) + { + if (fwbdebug) + { + QTime t = QTime::currentTime(); + qDebug(QString("SSHSession::readFromStdout() on entry: %1"). + arg(t.toString("hh:mm:ss.zzz")).toAscii().constData()); + } + + QByteArray ba = proc->readAllStandardOutput(); + int basize = ba.size(); + if (basize==0) return; + + QString buf(ba); + + stdoutBuffer.append(buf); + + bool endsWithLF = buf.endsWith("\n"); + QString lastLine = ""; + + // split on LF + QStringList bufLines = buf.split("\n", QString::KeepEmptyParts); + + if (fwbdebug) + { + QTime t = QTime::currentTime(); + qDebug(QString("SSHSession::readFromStdout() on check 1: %1"). + arg(t.toString("hh:mm:ss.zzz")).toAscii().constData()); + } + +#if 0 + if (fwbdebug) + { + qDebug("- - - - - - - - - - - - - - - - - - - - - - - - - -"); + qDebug("basize='%d'",basize); + qDebug("buffer='%s'",buf.toAscii().constData()); + qDebug("endsWithLF=%d",endsWithLF); + qDebug("bufLines.size()=%d",bufLines.size()); + } +#endif + + // if buf ends with a LF character, the last element in the list is + // an empty string + if (endsWithLF && bufLines.last().isEmpty()) bufLines.pop_back(); + + // if buf does not end with LF, last element in the list is + // incomplete line of text + if (!endsWithLF) + { + lastLine = bufLines.last(); + bufLines.pop_back(); + } + + // elements that are left in the list are all complete lines of text + for (QStringList::Iterator i=bufLines.begin(); i!=bufLines.end(); ++i) + { + QString s = pendingLogLine + *i + "\n"; + if (!quiet) + { + s.replace('\r',""); + emit printStdout_sign(s); + } + pendingLogLine = ""; + } + + pendingLogLine += lastLine; + + if (fwbdebug) + { + QTime t = QTime::currentTime(); + qDebug(QString("SSHSession::readFromStdout() on check 2: %1"). + arg(t.toString("hh:mm:ss.zzz")).toAscii().constData()); + } + + stateMachine(); + + if (fwbdebug) + { + QTime t = QTime::currentTime(); + qDebug(QString("SSHSession::readFromStdout() finish: %1"). + arg(t.toString("hh:mm:ss.zzz")).toAscii().constData()); + } + + } +} + +void SSHSession::readFromStderr() +{ + if (proc) + { + QByteArray ba = proc->readAllStandardError(); + if (ba.size()!=0) + { + QString s=QString(ba); + emit printStdout_sign(s); + stderrBuffer=stderrBuffer + QString(s); + } + } +} + +void SSHSession::sessionComplete(bool err) +{ + if (fwbdebug) + qDebug(QString("SSHSession::sessionComplete err=%1").arg(err).toAscii().constData()); + + error = err; + if (error) + emit sessionFatalError_sign(); + else + emit sessionFinished_sign(); +} + +void SSHSession::finished(int retcode) +{ + if (fwbdebug) qDebug("SSHSession::processExited"); + + if (fwbdebug) qDebug("SSHSession::processExited proc=%p retcode=%d",proc,retcode); + + // background process has exited now, we do not need proc object anymore + delete proc; + proc=NULL; + + QString exitStatus = (retcode)?QObject::tr("ERROR"):QObject::tr("OK"); + + emit printStdout_sign(tr("SSH session terminated, exit status: %1").arg(retcode) + "\n"); + sessionComplete( retcode!=0 ); +// if (retcode) error=true; +// emit sessionFinished_sign(); +} + +bool SSHSession::cmpPrompt(const QString &str,const QString &prompt) +{ + if (fwbdebug) + qDebug("SSHSession::cmpPrompt: str='%s' prompt='%s'", + str.toAscii().constData(),prompt.toAscii().constData()); + + if (str.isEmpty()) return false; + + bool res=(str.lastIndexOf(prompt,-1)!=-1); + if (!res) + { + QString s=str.trimmed(); + res=(s.lastIndexOf(prompt,-1)!=-1); + } + + if (fwbdebug) + qDebug("SSHSession::cmpPrompt: res=%d",res); + + return res; +} + +bool SSHSession::cmpPrompt(const QString &str,const QRegExp &prompt) +{ + if (fwbdebug) + qDebug("SSHSession::cmpPrompt: str='%s' prompt='%s' (regexp)", + str.toAscii().constData(),prompt.pattern().toAscii().constData()); + + if (str.isEmpty()) return false; + + bool res=(str.lastIndexOf(prompt,-1)!=-1); + + if (fwbdebug) + qDebug("SSHSession::cmpPrompt: res=%d",res); + + return res; +} + + + diff --git a/src/gui/SSHSession.h b/src/gui/SSHSession.h new file mode 100644 index 000000000..24ccb3ed8 --- /dev/null +++ b/src/gui/SSHSession.h @@ -0,0 +1,216 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: SSHSession.h,v 1.18 2007/07/13 05:32:55 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __SSHSESSION_H_ +#define __SSHSESSION_H_ + +#include "../../config.h" +#include "global.h" + +#include +#include +#include +#include +#include + +#include +#include +#include + +class QTimer; +class instConf; +class QWidget; + +class SSHSession : public QObject { + + Q_OBJECT + + protected: + + QWidget *parent; + QProcess *proc; + int retcode; + QTimer *heartBeatTimer; + QString stdoutBuffer; + QString stderrBuffer; + QString ssh; + QString cmd; + QStringList args; + + std::list input; + + bool closeStdin; + bool logged_in; + bool enable; + bool configure; + bool endOfCopy; + + enum State { NONE, + LOGGEDIN, + WAITING_FOR_ENABLE, + PRE_CONFIG_COMMANDS, + SCHEDULE_RELOAD_DIALOG, + ENABLE, + CONFIG, + COMMAND_SENT, + WAITING_FOR_SHOW_RUN, + WAITING_FOR_CONFIG_PROMPT, + CLEAR_CONFIG, + PUSHING_CONFIG, + GET_ACLS, + CLEAR_ACLS, + GET_OG, + CLEAR_OG, + EXIT_FROM_CONFIG, + SAVE_CONFIG, + SAVE_STANDBY, + RUN_SCRIPT, + EXIT, + FINISH, + EXECUTING_COMMAND, + COMMAND_DONE + }; + + enum State state; + int phase; + bool verbose; + bool quiet; + + bool error; + + bool backup; + bool incremental; + bool dry_run; + bool saveStandby; + bool stripComments; + bool testRun; + QString wdir; + QString conffile; + QString backupFile; + QString diff_pgm; + bool save_diff; + QString diff_file; + + QString normal_prompt; + QString fwb_prompt; + QString enable_prompt; + QString pwd_prompt; + QString putty_pwd_prompt; + QString ssh_pwd_prompt; + QString ssoft_prompt1; + QString ssoft_prompt2; + QString ssoft_config_prompt; + QString sudo_pwd_prompt; + QString passphrase_prompt; + QString epwd_prompt; + + QStringList errorsInit; + QStringList errorsLoggedin; + QStringList errorsEnabledState; + + QString pendingLogLine; + + QString pwd; + QString epwd; + QString host; + + static char* newKeyOpenSSH; + static char* newKeyPlink; + static char* newKeyVsh; + static char* newKeySSHComm; + static char* fingerprintPrompt1; + static char* fingerprintPrompt2; + + QString newKeyMsg; + + + bool cmpPrompt(const QString &str,const QString &prompt); + bool cmpPrompt(const QString &str,const QRegExp &prompt); + + void startHeartBeat(); + void stopHeartBeat(); + +public: + + SSHSession(QWidget *parent, + const QString &host, + const QStringList &args, + const QString &pwd, + const QString &epwd, + const std::list &in); + virtual ~SSHSession(); + + virtual bool checkForErrors(); + virtual void stateMachine(); + + void startSession(); + void terminate(); + + void setOptions(instConf *cnf); + + void setCloseStdin(bool f) { closeStdin=f; } + + void setFWBPrompt(const QString &p) { fwb_prompt=p; } + void setQuiet(bool f) { quiet=f; } + void setVerbose(bool f) { verbose=f; } + void setBackup(bool f) { backup=f; } + void setIncr(bool f) { incremental=f; } + void setDryRun(bool f) { dry_run=f; } + void setSaveStandby(bool f) { saveStandby=f; } + void setTestRun(bool f) { testRun=f; } + void setStripComments(bool f) { stripComments=f; } + void setWDir(const QString &wd) { wdir=wd; } + void setConfFile(const QString &cf) { conffile=cf; } + void setBackupFile(const QString &cf) { backupFile=cf; } + void setSaveDiff(bool f) { save_diff=f; } + void setDiffPgm(const QString &v) { diff_pgm=v; } + void setDiffFile(const QString &v) { diff_file=v; } + bool getErrorStatus() { return error; } + + void sessionComplete(bool err); + + QString findKeyFingerprint(QString &buffer); + +public slots: + void readFromStdout(); + void readFromStderr(); + void finished( int code ); + void readyToSend(); + void sendLine(); + void allDataSent(); + void heartBeat(); + + signals: + + void printStdout_sign(const QString &line); + void sessionFinished_sign(); + void sessionFatalError_sign(); + void updateProgressBar_sign(int n,bool setsize); + + +}; + +#endif diff --git a/src/gui/SSHUnx.cpp b/src/gui/SSHUnx.cpp new file mode 100644 index 000000000..bd3ac5649 --- /dev/null +++ b/src/gui/SSHUnx.cpp @@ -0,0 +1,262 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: SSHUnx.cpp,v 1.24 2007/07/13 05:32:55 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "SSHUnx.h" + +#include +#include +#include +#include +#include +#include + +#include + +using namespace std; + +SSHUnx::SSHUnx(QWidget *_par, + const QString &_h, + const QStringList &args, + const QString &_p, + const QString &_ep, + const list &_in) : SSHSession(_par,_h,args,_p,_ep,_in) +{ + normal_prompt="> "; + enable_prompt="# "; + pwd_prompt="'s password: "; + epwd_prompt="Password: "; + ssh_pwd_prompt="'s password: "; + ssoft_config_prompt="> "; + sudo_pwd_prompt="Password:"; + putty_pwd_prompt="Password: "; + passphrase_prompt="Enter passphrase for key "; + + errorsInit.push_back("Permission denied"); + errorsInit.push_back("Invalid password"); + errorsInit.push_back("Unable to authenticate"); + errorsInit.push_back("Sorry, try again"); + errorsInit.push_back("Too many authentication failures"); + + errorsLoggedin.push_back("No such file or directory"); + errorsLoggedin.push_back("Cannot allocate memory"); + errorsLoggedin.push_back("pfctl: Syntax error in config file:"); + + iptables_errors.push_back("'iptables --help' for more information."); + iptables_errors.push_back("'iptables-restore --help' for more information."); +} + +SSHUnx::~SSHUnx() +{ +} + +bool SSHUnx::checkForErrors(QStringList *errptr) +{ + if (fwbdebug) + qDebug(QString("SSHUnx::stateMachine: Checking for errors. Buffer='%1'").arg(stdoutBuffer).toAscii().constData()); + + for (QStringList::const_iterator i=errptr->begin(); i!=errptr->end(); ++i) + { + if (fwbdebug) + qDebug(QString("SSHUnx::stateMachine: error='%1'").arg(*i).toAscii().constData()); + + if ( stdoutBuffer.lastIndexOf(*i,-1)!=-1 ) + { + if (fwbdebug) + qDebug("SSHUnx::stateMachine: MATCH. Error detected."); + + emit printStdout_sign( tr("\n*** Fatal error :") ); + emit printStdout_sign( stdoutBuffer+"\n" ); + stdoutBuffer=""; + sessionComplete(true); // finish with error status + return true; + } + } + return false; +} + +bool SSHUnx::checkForErrors() +{ + switch (state) + { + case LOGGEDIN: + if (checkForErrors(&errorsLoggedin)) return true; + break; + + default: + if (checkForErrors(&errorsInit)) return true; + break; + } + + if (checkForErrors(&iptables_errors)) return true; + + return false; +} + +void SSHUnx::stateMachine() +{ + if (checkForErrors()) return; + + //entry: + switch (state) + { + case NONE: + { + if ( cmpPrompt(stdoutBuffer,ssh_pwd_prompt) || + cmpPrompt(stdoutBuffer,putty_pwd_prompt) || + stdoutBuffer.lastIndexOf(passphrase_prompt,-1)!=-1 || + + cmpPrompt(stdoutBuffer,sudo_pwd_prompt) || + cmpPrompt(stderrBuffer,sudo_pwd_prompt) ) + { + stdoutBuffer=""; + proc->write( pwd.toAscii() ); + proc->write( "\n" ); + break; + } +/* we may get to LOGGEDIN state directly from NONE, for example when + * password is supplied on command line to plink.exe + */ + if (cmpPrompt(stdoutBuffer,normal_prompt) || + cmpPrompt(stdoutBuffer,fwb_prompt)) + { + state=PUSHING_CONFIG; + if (!quiet) emit printStdout_sign( tr("Logged in") + "\n" ); + if (fwbdebug) + qDebug("SSHUnx::stateMachine logged in"); +// proc->write( "\n" ); +// stdoutBuffer=""; + goto push_files; + } + + QString fingerprint; + //int n1,n2; + if (stdoutBuffer.indexOf(newKeyOpenSSH)!=-1 || + stdoutBuffer.indexOf(newKeyPlink)!=-1 || + stdoutBuffer.indexOf(newKeyVsh)!=-1 || + stdoutBuffer.indexOf(newKeySSHComm)!=-1) + { +/* new key */ + bool unix_y_n = (stdoutBuffer.indexOf(newKeyOpenSSH)!=-1 || + stdoutBuffer.indexOf(newKeySSHComm)!=-1); + + fingerprint = findKeyFingerprint(stdoutBuffer); + + QString msg = newKeyMsg.arg(host).arg(fingerprint).arg(host); + + stopHeartBeat(); + + int res =QMessageBox::warning( parent, tr("New RSA key"), msg, + tr("Yes"), tr("No"), 0, + 0, -1 ); + + if (fwbdebug) + qDebug("User said: res=%d", res); + + startHeartBeat(); + + stdoutBuffer=""; + if (res==0) + { + if (unix_y_n) proc->write( "yes\n" ); + else proc->write( "y\n" ); + break; + } else + { + sessionComplete(true); // finish with error status + return; +// state=EXIT; +// goto entry; + } + } + } + break; + +/* in this state we may need to enter sudo password */ + case PUSHING_CONFIG: + push_files: + if ( cmpPrompt(stdoutBuffer,sudo_pwd_prompt) || + cmpPrompt(stderrBuffer,sudo_pwd_prompt) ) + { + stdoutBuffer=""; + proc->write( pwd.toAscii() ); + proc->write( "\n" ); + break; + } +/* + if (!quiet && !verbose) + { + emit printStdout_sign( stdoutBuffer ); + } +*/ + stdoutBuffer=""; + + if (input.size()!=0) + { + if (fwbdebug) qDebug("SSHUnx::stateMachine - sending a file"); + emit updateProgressBar_sign(input.size(),true); + connect(proc,SIGNAL(wroteToStdin()),this,SLOT(readyToSend())); + sendLine(); + break; + } + break; + +/* we get to this state when previous ssh or scp command terminates */ + case FINISH: + if ( (proc->state()==QProcess::NotRunning) && (proc->exitStatus()==QProcess::NormalExit)) + { + emit printStdout_sign( "\n"); + emit printStdout_sign( tr("Done") ); + emit printStdout_sign( "\n"); + + delete proc; + proc=NULL; + + state=NONE; + + break; + } else + { + emit printStdout_sign( "\n"); + emit printStdout_sign( tr("Error in SSH") ); + emit printStdout_sign( "\n"); + +// terminate(); + sessionComplete(true); // finish with error status + proc=NULL; + } + + emit sessionFinished_sign(); + break; + + default: break; + } +} + diff --git a/src/gui/SSHUnx.h b/src/gui/SSHUnx.h new file mode 100644 index 000000000..b8403240e --- /dev/null +++ b/src/gui/SSHUnx.h @@ -0,0 +1,62 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: SSHUnx.h,v 1.6 2007/05/11 02:14:29 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __SSHUNX_H_ +#define __SSHUNX_H_ + +#include "../../config.h" +#include "global.h" + +#include "SSHSession.h" + +#include +#include + + +class SSHUnx : public SSHSession { + + Q_OBJECT + + QStringList iptables_errors; + + +public: + + SSHUnx(QWidget *parent, + const QString &host, + const QStringList &args, + const QString &pwd, + const QString &epwd, + const std::list &in); + virtual ~SSHUnx(); + + virtual bool checkForErrors(); + virtual void stateMachine(); + + bool checkForErrors(QStringList *errptr); +}; + +#endif diff --git a/src/gui/SimpleIntEditor.cpp b/src/gui/SimpleIntEditor.cpp new file mode 100644 index 000000000..a9300b5e2 --- /dev/null +++ b/src/gui/SimpleIntEditor.cpp @@ -0,0 +1,60 @@ +/* + + Firewall Builder Routing add-on + + Copyright (C) 2004 Compal GmbH, Germany + + Author: Tidei Maurizio + + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies + of the Software, and to permit persons to whom the Software is furnished to do + so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in all + copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, + INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A + PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE + OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +*/ + + + +#include "config.h" +#include "global.h" + +#include "SimpleIntEditor.h" +#include "FWBSettings.h" + +#include +#include +#include + +#include + +using namespace std; + +SimpleIntEditor::SimpleIntEditor(int minValue, int maxValue, int value, const QString &title): QDialog() +{ + m_dialog = new Ui::SimpleIntEditor_q; + m_dialog->setupUi(static_cast(this)); + + if (!title.isEmpty()) setWindowTitle(title); + + m_dialog->spin_box->setMinimum( minValue); + m_dialog->spin_box->setMaximum( maxValue); + m_dialog->spin_box->setValue( value); +} + +int SimpleIntEditor::value() +{ + return m_dialog->spin_box->value(); +} + diff --git a/src/gui/SimpleIntEditor.h b/src/gui/SimpleIntEditor.h new file mode 100644 index 000000000..a93f7fc0a --- /dev/null +++ b/src/gui/SimpleIntEditor.h @@ -0,0 +1,51 @@ +/* + + Firewall Builder Routing add-on + + Copyright (C) 2004 Compal GmbH, Germany + + Author: Tidei Maurizio + + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies + of the Software, and to permit persons to whom the Software is furnished to do + so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in all + copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, + INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A + PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE + OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +*/ + +#ifndef __SIMPLEINTEDITOR_H__ +#define __SIMPLEINTEDITOR_H__ + +#include "config.h" +#include + +class SimpleIntEditor : public QDialog +{ + Q_OBJECT + + public: + + Ui::SimpleIntEditor_q *m_dialog; + + SimpleIntEditor(int minValue, int maxValue, int value, const QString &title); + ~SimpleIntEditor() { delete m_dialog; }; + + int value(); + +//public slots: +// virtual void loadFromFile(); +}; + +#endif diff --git a/src/gui/SimpleTextEditor.cpp b/src/gui/SimpleTextEditor.cpp new file mode 100644 index 000000000..e675eacc3 --- /dev/null +++ b/src/gui/SimpleTextEditor.cpp @@ -0,0 +1,101 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: SimpleTextEditor.cpp,v 1.6 2007/01/07 01:00:30 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + + +#include "config.h" +#include "global.h" + +#include "SimpleTextEditor.h" +#include "FWBSettings.h" + +#include +#include +#include +#include + +#include + +using namespace std; + +SimpleTextEditor::SimpleTextEditor(QWidget *parent, + const QString &txt, + bool enableLoadFromFile, + const QString &title) : QDialog(parent) +{ + m_dialog = new Ui::SimpleTextEditor_q; + m_dialog->setupUi(static_cast(this)); + + if (enableLoadFromFile) m_dialog->inputFromFileButton->show(); + else m_dialog->inputFromFileButton->hide(); + + if (!title.isEmpty()) setWindowTitle(title); + //editor->setTextFormat(QTextEdit::PlainText); + m_dialog->editor->setPlainText(txt); +} + +SimpleTextEditor::~SimpleTextEditor() +{ + delete m_dialog; +} + +QString SimpleTextEditor::text() +{ + return m_dialog->editor->toPlainText(); +} + + +void SimpleTextEditor::loadFromFile() +{ + if ( QMessageBox::warning( + this,"Firewall Builder", + tr("Warning: loading from file discards current contents of the script."), + "&Load", "&Cancel", QString::null, 0, 1 )==0) + { + QString filename = QFileDialog::getOpenFileName( this, tr("Choose file"), + st->getWDir()); + + if (filename!="") + { + ifstream ifile(filename.toLatin1().constData()); + if (!ifile) + { + QMessageBox::warning( + this,"Firewall Builder", + tr("Could not open file %1").arg(filename), + "&Continue", QString::null, QString::null, 0, 1 ); + return; + } + + m_dialog->editor->clear(); + char buf[1024]; + while (ifile.getline(buf,1024)) + { + m_dialog->editor->append( buf ); + } + } + } +} + diff --git a/src/gui/SimpleTextEditor.h b/src/gui/SimpleTextEditor.h new file mode 100644 index 000000000..68f8da426 --- /dev/null +++ b/src/gui/SimpleTextEditor.h @@ -0,0 +1,51 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: SimpleTextEditor.h,v 1.4 2007/01/06 22:03:25 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#ifndef __SIMPLETEXTEDITOR_H__ +#define __SIMPLETEXTEDITOR_H__ + +#include "config.h" +#include + +class SimpleTextEditor : public QDialog +{ + Q_OBJECT + + public: + Ui::SimpleTextEditor_q *m_dialog; + + SimpleTextEditor(QWidget *parent, + const QString &txt, + bool enableLoadFromFile=true, + const QString &title=""); + ~SimpleTextEditor(); + + QString text(); + +public slots: + virtual void loadFromFile(); +}; + +#endif diff --git a/src/gui/SimpleTextView.cpp b/src/gui/SimpleTextView.cpp new file mode 100644 index 000000000..cd0bd1ec3 --- /dev/null +++ b/src/gui/SimpleTextView.cpp @@ -0,0 +1,64 @@ +/* + + Firewall Builder + + Copyright (C) 2005 NetCitadel, LLC + + Author: Illiya Yalovoy + + $Id: SimpleTextView.cpp,v 1.1 2005/12/17 20:59:45 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "SimpleTextView.h" +#include "config.h" +#include "global.h" +#include "utils.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + + + + +using namespace std; +using namespace libfwbuilder; + + +void SimpleTextView::setText(QString s) +{ + m_dialog->textview->setText(s); + +} + +void SimpleTextView::setName(QString s) +{ + m_dialog->objectname->setText(s); + +} + + + + + diff --git a/src/gui/SimpleTextView.h b/src/gui/SimpleTextView.h new file mode 100644 index 000000000..ed546a704 --- /dev/null +++ b/src/gui/SimpleTextView.h @@ -0,0 +1,61 @@ +/* + + Firewall Builder + + Copyright (C) 2005 NetCitadel, LLC + + Author: Illiya Yalovoy + + $Id: SimpleTextView.h,v 1.1 2005/12/17 20:59:45 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __SIMPLETEXTVIEW_H_ +#define __SIMPLETEXTVIEW_H_ + +#include "config.h" +#include +#include + + + +class SimpleTextView : public QDialog +{ + Q_OBJECT + private: + + public: + Ui::SimpleTextView_q *m_dialog; + + SimpleTextView(QWidget *parent) : QDialog(parent) + { + m_dialog = new Ui::SimpleTextView_q; + m_dialog->setupUi(this); + }; + + ~SimpleTextView() { delete m_dialog; }; + virtual void setText(QString s); + virtual void setName(QString s); + + +public slots: + + signals: + +}; + +#endif diff --git a/src/gui/StartWizard.cpp b/src/gui/StartWizard.cpp new file mode 100644 index 000000000..771a4eaf6 --- /dev/null +++ b/src/gui/StartWizard.cpp @@ -0,0 +1,205 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: StartWizard.cpp,v 1.12 2005/01/03 01:43:50 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "../../config.h" +#include "global.h" + +#include "StartWizard.h" +#include "RCSFileDialog.h" +#include "FWWindow.h" +#include "FWBSettings.h" +#include "VERSION.h" + +#include +#include +#include +#include +#include +#include + +#include +#include + +using namespace std; +using namespace libfwbuilder; + +StartWizard::~StartWizard() +{ + delete m_dialog; +} + +StartWizard::StartWizard() +{ + m_dialog = new Ui::startWizard_q; + m_dialog->setupUi(this); + + setControlWidgets(this, m_dialog->stackedWidget, + m_dialog->nextButton, + m_dialog->finishButton, + m_dialog->backButton, + m_dialog->cancelButton, + m_dialog->titleLabel); + + /*connect( m_dialog->nextButton, SIGNAL( clicked() ), + this, SLOT( nextClicked() )); + connect( m_dialog->backButton, SIGNAL( clicked() ), + this, SLOT( backClicked() )); + connect( m_dialog->finishButton, SIGNAL( clicked() ), + this, SLOT( finishClicked() )); + connect( m_dialog->cancelButton, SIGNAL( clicked() ), + this, SLOT( cancelClicked() ));*/ + + wantRCS=false; + oldfile=false; + newfile=false; + + cancelButton->hide(); + + m_dialog->programName->setText( QString("Firewall Builder %1").arg(VERSION) ); + + setNextEnabled( 0, false ); +} + +void StartWizard::openFile() +{ + RCSFileDialog fd(this, 0, true); + + if ( fd.exec()== QDialog::Accepted ) + { + RCS *rcs = fd.getSelectedRev(); + + if (rcs==NULL) return; + + try + { + rcs->co(); + + } catch (FWException &ex) + { +/* if there was an exception, abort operation. */ + return; + } +/***********************************************************************/ + + mw->load( this, rcs ); + mw->showFirewalls(); + + if (rcs->isTemp()) QFile(rcs->getFileName()).remove(); + + setFinishEnabled( 0, true ); + oldfile=true; + + finishClicked(); + } +} + +void StartWizard::newFile() +{ + fname=mw->chooseNewFileName(st->getWDir(),true, + tr("Choose name and location for the new file")); + if (fname.isEmpty()) return; + + if (QFileInfo(fname).exists() && ! QFileInfo(fname).isWritable() ) + { + QMessageBox::warning( + this,"Firewall Builder", + tr("File %1 is read-only, you can not save changes to it.") + .arg(fname), + "&Continue", QString::null, QString::null, + 0, 1 ); + return; + } + + mw->load(this); + + mw->setFileName(fname); + +// save blank data into the new file ("initialize" it) + mw->save(); + mw->fileClose(); + + setNextEnabled( 0, true ); + newfile=true; +} + +void StartWizard::selected(const QString &title) +{ + int p = currentPage(); + + if (p==1 && newfile && !fname.isEmpty()) + { + m_dialog->fileLbl->setText( m_dialog->fileLbl->text().arg(fname) ); + setFinishEnabled( 1, true ); + } +} + +void StartWizard::finishClicked() +{ + if (newfile && !fname.isEmpty()) + { + if (m_dialog->autoopenBtn->isChecked()) + { + st->setStartupAction(1); + st->setLastEdited(fname); + } + + RCS *rcs=new RCS(fname); + if (m_dialog->rcsBtn->isChecked()) + { + try + { + rcs->add(); + } + catch (FWException &ex) + { + QMessageBox::warning( + this,"Firewall Builder", + tr("Error adding file to RCS:\n%1").arg(ex.toString().c_str()), + "&Continue", QString::null,QString::null, + 0, 1 ); + } + } + try + { + rcs->co(); + mw->load( this, rcs ); + } + catch (FWException &ex) + { + QMessageBox::warning( + this,"Firewall Builder", + tr("Error opening file:\n%1").arg(ex.toString().c_str()), + "&Continue", QString::null,QString::null, + 0, 1 ); + } + } + QDialog::accept(); +} + +void StartWizard::cancelClicked() +{ + QDialog::reject(); +} + diff --git a/src/gui/StartWizard.h b/src/gui/StartWizard.h new file mode 100644 index 000000000..f1a010d18 --- /dev/null +++ b/src/gui/StartWizard.h @@ -0,0 +1,64 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: StartWizard.h,v 1.1 2004/04/03 23:21:39 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __STARTWIZARD_H_ +#define __STARTWIZARD_H_ + +#include +#include "RCS.h" +#include "fakeWizard.h" +#include + +#include + +class StartWizard : public QDialog, public FakeWizard +{ + + Q_OBJECT + + bool wantRCS; + bool oldfile; + bool newfile; + QString fname; + + Ui::startWizard_q *m_dialog; + + public: + + StartWizard(); + ~StartWizard(); + + public slots: + + virtual void openFile(); + virtual void newFile(); + virtual void selected(const QString &title); + virtual void finishClicked(); + virtual void cancelClicked(); + +}; + +#endif diff --git a/src/gui/TCPServiceDialog.cpp b/src/gui/TCPServiceDialog.cpp new file mode 100644 index 000000000..ee0628263 --- /dev/null +++ b/src/gui/TCPServiceDialog.cpp @@ -0,0 +1,303 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: TCPServiceDialog.cpp,v 1.25 2007/05/08 02:11:39 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "FWBTree.h" +#include "TCPServiceDialog.h" +#include "ObjectManipulator.h" + +#include "fwbuilder/Library.h" +#include "fwbuilder/TCPService.h" + +#include +#include +#include +#include +#include +#include +#include +#include + +using namespace std; +using namespace libfwbuilder; + +TCPServiceDialog::TCPServiceDialog(QWidget *parent) : QWidget(parent) +{ + m_dialog = new Ui::TCPServiceDialog_q; + m_dialog->setupUi(this); + + obj=NULL; +} + +TCPServiceDialog::~TCPServiceDialog() +{ + delete m_dialog; +} + +void TCPServiceDialog::loadFWObject(FWObject *o) +{ + obj=o; + TCPService *s = dynamic_cast(obj); + assert(s!=NULL); + + init=true; + + fillLibraries(m_dialog->libs,obj); + + m_dialog->obj_name->setText( QString::fromUtf8(s->getName().c_str()) ); + m_dialog->ss->setValue( s->getInt("src_range_start") ); + m_dialog->se->setValue( s->getInt("src_range_end") ); + m_dialog->ds->setValue( s->getInt("dst_range_start") ); + m_dialog->de->setValue( s->getInt("dst_range_end") ); + + m_dialog->urg_m->setChecked( s->getBool("urg_flag_mask") ); + m_dialog->ack_m->setChecked( s->getBool("ack_flag_mask") ); + m_dialog->psh_m->setChecked( s->getBool("psh_flag_mask") ); + m_dialog->rst_m->setChecked( s->getBool("rst_flag_mask") ); + m_dialog->syn_m->setChecked( s->getBool("syn_flag_mask") ); + m_dialog->fin_m->setChecked( s->getBool("fin_flag_mask") ); + + m_dialog->urg_s->setChecked( s->getBool("urg_flag") ); + m_dialog->ack_s->setChecked( s->getBool("ack_flag") ); + m_dialog->psh_s->setChecked( s->getBool("psh_flag") ); + m_dialog->rst_s->setChecked( s->getBool("rst_flag") ); + m_dialog->syn_s->setChecked( s->getBool("syn_flag") ); + m_dialog->fin_s->setChecked( s->getBool("fin_flag") ); + + m_dialog->established->setChecked( s->getBool("established") ); + + m_dialog->comment->setText( QString::fromUtf8(s->getComment().c_str()) ); + + toggleEstablished(); + + //apply->setEnabled( false ); + + m_dialog->obj_name->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->obj_name); + + m_dialog->libs->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->libs); + + m_dialog->ss->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->ss); + + m_dialog->se->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->se); + + m_dialog->ds->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->ds); + + m_dialog->de->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->de); + + m_dialog->urg_m->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->urg_m); + + m_dialog->ack_m->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->ack_m); + + m_dialog->psh_m->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->psh_m); + + m_dialog->rst_m->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->rst_m); + + m_dialog->syn_m->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->syn_m); + + m_dialog->fin_m->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->fin_m); + + m_dialog->urg_s->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->urg_s); + + m_dialog->ack_s->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->ack_s); + + m_dialog->psh_s->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->psh_s); + + m_dialog->rst_s->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->rst_s); + + m_dialog->syn_s->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->syn_s); + + m_dialog->fin_s->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->fin_s); + + m_dialog->established->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->established); + + m_dialog->comment->setReadOnly(o->isReadOnly()); + setDisabledPalette(m_dialog->comment); + + + init=false; +} + +void TCPServiceDialog::changed() +{ + //apply->setEnabled( true ); + emit changed_sign(); +} + +void TCPServiceDialog::validate(bool *res) +{ + if (fwbdebug) qDebug("TCPServiceDialog::validate"); + + *res=true; + + if (!isTreeReadWrite(this,obj)) { *res=false; return; } + if (!validateName(this,obj,m_dialog->obj_name->text())) { *res=false; return; } + + // check port ranges (bug #1695481, range start must be <= range end) + int sps = m_dialog->ss->value(); + int spe = m_dialog->se->value(); + int dps = m_dialog->ds->value(); + int dpe = m_dialog->de->value(); + + if (sps > spe) + { + QMessageBox::warning(this, "Firewall Builder", + QObject::tr("Invalid range defined for the source port."), + QObject::tr("&Continue editing"), NULL, NULL, 0, 2 ); + *res = false; + return; + } + if (dps > dpe) + { + QMessageBox::warning(this, "Firewall Builder", + QObject::tr("Invalid range defined for the destination port."), + QObject::tr("&Continue editing"), NULL, NULL, 0, 2 ); + *res = false; + return; + } +} + +void TCPServiceDialog::isChanged(bool *res) +{ + //*res=(!init && apply->isEnabled()); +} + +void TCPServiceDialog::libChanged() +{ + changed(); +} + +void TCPServiceDialog::applyChanges() +{ + string oldname=obj->getName(); + obj->setName( string(m_dialog->obj_name->text().toUtf8().constData()) ); + obj->setComment( string(m_dialog->comment->toPlainText().toUtf8().constData()) ); + + if (m_dialog->ss->value()!=0 && m_dialog->se->value()==0) m_dialog->se->setValue( m_dialog->ss->value() ); + if (m_dialog->ds->value()!=0 && m_dialog->de->value()==0) m_dialog->de->setValue( m_dialog->ds->value() ); + + obj->setInt("src_range_start", m_dialog->ss->value() ); + obj->setInt("src_range_end", m_dialog->se->value() ); + obj->setInt("dst_range_start", m_dialog->ds->value() ); + obj->setInt("dst_range_end", m_dialog->de->value() ); + + obj->setBool("urg_flag_mask", m_dialog->urg_m->isChecked() ); + obj->setBool("ack_flag_mask", m_dialog->ack_m->isChecked() ); + obj->setBool("psh_flag_mask", m_dialog->psh_m->isChecked() ); + obj->setBool("rst_flag_mask", m_dialog->rst_m->isChecked() ); + obj->setBool("syn_flag_mask", m_dialog->syn_m->isChecked() ); + obj->setBool("fin_flag_mask", m_dialog->fin_m->isChecked() ); + + obj->setBool("urg_flag", m_dialog->urg_s->isChecked() ); + obj->setBool("ack_flag", m_dialog->ack_s->isChecked() ); + obj->setBool("psh_flag", m_dialog->psh_s->isChecked() ); + obj->setBool("rst_flag", m_dialog->rst_s->isChecked() ); + obj->setBool("syn_flag", m_dialog->syn_s->isChecked() ); + obj->setBool("fin_flag", m_dialog->fin_s->isChecked() ); + + obj->setBool("established", m_dialog->established->isChecked()); + + om->updateObjName(obj,QString::fromUtf8(oldname.c_str())); + + init=true; + +/* move to another lib if we have to */ + if (! FWBTree::isSystem(obj) && m_dialog->libs->currentText() != QString(obj->getLibrary()->getName().c_str())) + om->moveObject(m_dialog->libs->currentText(), obj); + + init=false; + + //apply->setEnabled( false ); + om->updateLastModifiedTimestampForAllFirewalls(obj); +} + +void TCPServiceDialog::discardChanges() +{ + loadFWObject(obj); +} + + +/* ObjectEditor class connects its slot to this signal and does all + * the verification for us, then accepts (or not) the event. So we do + * nothing here and defer all the processing to ObjectEditor + */ +void TCPServiceDialog::closeEvent(QCloseEvent *e) +{ + emit close_sign(e); + +} + +void TCPServiceDialog::toggleEstablished() +{ + bool using_established = m_dialog->established->isChecked(); + + m_dialog->urg_m->setEnabled( !using_established ); + m_dialog->ack_m->setEnabled( !using_established ); + m_dialog->psh_m->setEnabled( !using_established ); + m_dialog->rst_m->setEnabled( !using_established ); + m_dialog->syn_m->setEnabled( !using_established ); + m_dialog->fin_m->setEnabled( !using_established ); + + m_dialog->urg_s->setEnabled( !using_established ); + m_dialog->ack_s->setEnabled( !using_established ); + m_dialog->psh_s->setEnabled( !using_established ); + m_dialog->rst_s->setEnabled( !using_established ); + m_dialog->syn_s->setEnabled( !using_established ); + m_dialog->fin_s->setEnabled( !using_established ); + + m_dialog->flags_lbl_1->setEnabled( !using_established ); + m_dialog->flags_lbl_2->setEnabled( !using_established ); + m_dialog->flags_lbl_3->setEnabled( !using_established ); + m_dialog->flags_lbl_u->setEnabled( !using_established ); + m_dialog->flags_lbl_a->setEnabled( !using_established ); + m_dialog->flags_lbl_p->setEnabled( !using_established ); + m_dialog->flags_lbl_r->setEnabled( !using_established ); + m_dialog->flags_lbl_s->setEnabled( !using_established ); + m_dialog->flags_lbl_f->setEnabled( !using_established ); + +} + diff --git a/src/gui/TCPServiceDialog.h b/src/gui/TCPServiceDialog.h new file mode 100644 index 000000000..fc5abaa45 --- /dev/null +++ b/src/gui/TCPServiceDialog.h @@ -0,0 +1,71 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: TCPServiceDialog.h,v 1.11 2007/05/08 02:11:39 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __TCPSERVICEDIALOG_H_ +#define __TCPSERVICEDIALOG_H_ + +#include "config.h" +#include +#include + +#include "fwbuilder/FWObject.h" + + +class TCPServiceDialog : public QWidget +{ + Q_OBJECT + + libfwbuilder::FWObject *obj; + Ui::TCPServiceDialog_q *m_dialog; + bool init; + + public: + TCPServiceDialog(QWidget *parent); + ~TCPServiceDialog(); + +public slots: + virtual void changed(); + virtual void libChanged(); + virtual void applyChanges(); + virtual void discardChanges(); + virtual void loadFWObject(libfwbuilder::FWObject *obj); + virtual void validate(bool*); + virtual void isChanged(bool*); + virtual void closeEvent(QCloseEvent *e); + virtual void toggleEstablished(); + + signals: +/** + * This signal is emitted from closeEvent, ObjectEditor connects + * to this signal to make checks before the object editor can be closed + * and to store its position on the screen + */ + void close_sign(QCloseEvent *e); + void changed_sign(); + +}; + +#endif // TCPSERVICEDIALOG_H diff --git a/src/gui/TagServiceDialog.cpp b/src/gui/TagServiceDialog.cpp new file mode 100644 index 000000000..b7ddaa592 --- /dev/null +++ b/src/gui/TagServiceDialog.cpp @@ -0,0 +1,166 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Illiya Yalovoy + + $Id: TagServiceDialog.cpp,v 1.5 2007/04/14 00:18:43 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "TagServiceDialog.h" +#include "ObjectManipulator.h" + +#include "fwbuilder/Library.h" +#include "fwbuilder/TagService.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/FWException.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +using namespace std; +using namespace libfwbuilder; + +TagServiceDialog::~TagServiceDialog() +{ + delete m_dialog; +} + +TagServiceDialog::TagServiceDialog(QWidget *parent) : QWidget(parent) +{ + m_dialog = new Ui::TagServiceDialog_q; + m_dialog->setupUi(this); + obj=NULL; +} + +void TagServiceDialog::loadFWObject(FWObject *o) +{ + obj=o; + TagService *s = dynamic_cast(obj); + assert(s!=NULL); + + + init=true; + + fillLibraries(m_dialog->libs,obj); + + m_dialog->obj_name->setText( QString::fromUtf8(s->getName().c_str()) ); + m_dialog->comment->setText( QString::fromUtf8(s->getComment().c_str()) ); + + m_dialog->tagcode->setText( s->getCode().c_str() ); + + //apply->setEnabled( false ); + + m_dialog->obj_name->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->obj_name); + + m_dialog->libs->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->libs); + + m_dialog->tagcode->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->tagcode); + + m_dialog->comment->setReadOnly(o->isReadOnly()); + setDisabledPalette(m_dialog->comment); + + + + init=false; +} + +void TagServiceDialog::changed() +{ + //apply->setEnabled( true ); + emit changed_sign(); +} + +void TagServiceDialog::validate(bool *res) +{ + *res=true; + TagService *s = dynamic_cast(obj); + assert(s!=NULL); + + if (!isTreeReadWrite(this,obj)) { *res=false; return; } + if (!validateName(this,obj,m_dialog->obj_name->text())) { *res=false; return; } +} + +void TagServiceDialog::isChanged(bool *res) +{ + //*res=(!init && apply->isEnabled()); +} + +void TagServiceDialog::libChanged() +{ + changed(); +} + +void TagServiceDialog::applyChanges() +{ + TagService *s = dynamic_cast(obj); + assert(s!=NULL); + + string oldname=obj->getName(); + obj->setName( string(m_dialog->obj_name->text().toUtf8().constData()) ); + obj->setComment( string(m_dialog->comment->toPlainText().toUtf8().constData()) ); + + s->setCode( m_dialog->tagcode->text().toLatin1().constData() ); + + om->updateObjName(obj,QString::fromUtf8(oldname.c_str())); + + init=true; + +/* move to another lib if we have to */ + if ( ! Interface::isA( obj->getParent() ) && + m_dialog->libs->currentText() != QString(obj->getLibrary()->getName().c_str())) + om->moveObject(m_dialog->libs->currentText(), obj); + + init=false; + + //apply->setEnabled( false ); + om->updateLastModifiedTimestampForAllFirewalls(obj); +} + +void TagServiceDialog::discardChanges() +{ + loadFWObject(obj); +} + + +void TagServiceDialog::closeEvent(QCloseEvent *e) +{ + if (fwbdebug) + qDebug("TagServiceDialog::closeEvent got close event: %p",e); + emit close_sign(e); +} + diff --git a/src/gui/TagServiceDialog.h b/src/gui/TagServiceDialog.h new file mode 100644 index 000000000..574ca677f --- /dev/null +++ b/src/gui/TagServiceDialog.h @@ -0,0 +1,70 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Illiya Yalovoy + + $Id: TagServiceDialog.h,v 1.2 2006/05/13 06:53:05 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __TAGSERVICEDIALOG_H_ +#define __TAGSERVICEDIALOG_H_ + +#include "config.h" +#include +#include + +#include "fwbuilder/FWObject.h" + + +class TagServiceDialog : public QWidget +{ + Q_OBJECT + + libfwbuilder::FWObject *obj; + Ui::TagServiceDialog_q *m_dialog; + bool init; + + public: + ~TagServiceDialog(); + TagServiceDialog(QWidget *parent); + virtual void closeEvent(QCloseEvent *e); + +public slots: + virtual void changed(); + virtual void libChanged(); + virtual void applyChanges(); + virtual void discardChanges(); + virtual void loadFWObject(libfwbuilder::FWObject *obj); + virtual void validate(bool*); + virtual void isChanged(bool*); + + signals: +/** + * This signal is emitted from closeEvent, ObjectEditor connects + * to this signal to make checks before the object editor can be closed + * and to store its position on the screen + */ + void close_sign(QCloseEvent *e); + void changed_sign(); + +}; + +#endif diff --git a/src/gui/TimeDialog.cpp b/src/gui/TimeDialog.cpp new file mode 100644 index 000000000..8d04284b4 --- /dev/null +++ b/src/gui/TimeDialog.cpp @@ -0,0 +1,265 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: TimeDialog.cpp,v 1.16 2007/03/14 05:08:11 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "FWBTree.h" +#include "TimeDialog.h" +#include "ObjectManipulator.h" + +#include "fwbuilder/Library.h" +#include "fwbuilder/Interval.h" + +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +using namespace libfwbuilder; +using namespace std; + +TimeDialog::TimeDialog(QWidget *parent) : QWidget(parent) +{ + m_dialog = new Ui::TimeDialog_q; + m_dialog->setupUi(this); + + obj=NULL; +} + +TimeDialog::~TimeDialog() +{ + delete m_dialog; +} + +void TimeDialog::loadFWObject(FWObject *o) +{ + obj=o; + Interval *s = dynamic_cast(obj); + assert(s!=NULL); + + init=true; + + fillLibraries(m_dialog->libs,obj); + + m_dialog->obj_name->setText( QString::fromUtf8(s->getName().c_str()) ); + m_dialog->comment->setPlainText( QString::fromUtf8(s->getComment().c_str()) ); + + /*switch (m_dialog->startDate->order()) + { + case QDateEdit::MDY: + m_dialog->startDateLabel->setText( tr("(M/D/Y)") ); + m_dialog->endDateLabel->setText( tr("(M/D/Y)") ); + break; + + case QDateEdit::DMY: + m_dialog->startDateLabel->setText( tr("(D/M/Y)") ); + m_dialog->endDateLabel->setText( tr("(D/M/Y)") ); + break; + + case QDateEdit::YMD: + m_dialog->startDateLabel->setText( tr("(Y/M/D)") ); + m_dialog->endDateLabel->setText( tr("(Y/M/D)") ); + break; + + case QDateEdit::YDM: + m_dialog->startDateLabel->setText( tr("(Y/D/M)") ); + m_dialog->endDateLabel->setText( tr("(Y/D/M)") ); + break; + + }*/ + int fromH = obj->getInt("from_hour"); + int fromM = obj->getInt("from_minute"); + if (fromH<0) fromH=0; + if (fromM<0) fromM=0; + m_dialog->startTime->setTime( QTime( fromH, fromM ) ); + + int y=obj->getInt("from_year"); + int m=obj->getInt("from_month"); + int d=obj->getInt("from_day"); + bool using_start_date = (y>0 && m>0 && d>0); + m_dialog->startDate->setDate( (using_start_date)?QDate( y, m, d ):QDate() ); + m_dialog->useStartDate->setChecked(using_start_date); + + // from_weekday is -1 for "All days" + m_dialog->startDOW->setCurrentIndex( obj->getInt("from_weekday") + 1 ); + + int toH = obj->getInt("to_hour"); + int toM = obj->getInt("to_minute"); + if (toH<0) toH=0; + if (toM<0) toM=0; + m_dialog->endTime->setTime( QTime( toH, toM ) ); + + y=obj->getInt("to_year"); + m=obj->getInt("to_month"); + d=obj->getInt("to_day"); + bool using_end_date = (y>0 && m>0 && d>0); + m_dialog->endDate->setDate( (using_end_date)?QDate( y, m, d ):QDate() ); + m_dialog->useEndDate->setChecked(using_end_date); + + // to_weekday is -1 for "All days" + m_dialog->endDOW->setCurrentIndex( obj->getInt("to_weekday") + 1 ); + + + setDisabledPalette(m_dialog->obj_name); + setDisabledPalette(m_dialog->libs); + setDisabledPalette(m_dialog->comment); + setDisabledPalette(m_dialog->startTime); + setDisabledPalette(m_dialog->useStartDate); + setDisabledPalette(m_dialog->startDate); + //setDisabledPalette(startDOW); + setDisabledPalette(m_dialog->endTime); + setDisabledPalette(m_dialog->useEndDate); + setDisabledPalette(m_dialog->endDate); + //setDisabledPalette(endDOW); + + enableAllWidgets(); + + //apply->setEnabled( false ); + + + init=false; +} + +void TimeDialog::enableAllWidgets() +{ + m_dialog->obj_name->setEnabled(!obj->isReadOnly()); + m_dialog->libs->setEnabled(!obj->isReadOnly()); + m_dialog->comment->setReadOnly(obj->isReadOnly()); + + m_dialog->startTime->setEnabled(!obj->isReadOnly()); + m_dialog->useStartDate->setEnabled(!obj->isReadOnly()); + m_dialog->startDate->setEnabled(!obj->isReadOnly() && m_dialog->useStartDate->isChecked()); + m_dialog->startDOW->setEnabled(!obj->isReadOnly() && !m_dialog->useStartDate->isChecked()); + + m_dialog->endTime->setEnabled(!obj->isReadOnly()); + m_dialog->useEndDate->setEnabled(!obj->isReadOnly()); + m_dialog->endDate->setEnabled(!obj->isReadOnly() && m_dialog->useEndDate->isChecked()); + m_dialog->endDOW->setEnabled(!obj->isReadOnly() && !m_dialog->useEndDate->isChecked()); +} + +void TimeDialog::changed() +{ + //apply->setEnabled( true ); + emit changed_sign(); +} + +void TimeDialog::useStartOrEndDate() +{ + enableAllWidgets(); + changed(); +} + +void TimeDialog::validate(bool *res) +{ + *res=true; +} + +void TimeDialog::isChanged(bool *res) +{ + //*res=(!init && apply->isEnabled()); +} + +void TimeDialog::libChanged() +{ + changed(); +} + +void TimeDialog::applyChanges() +{ + if (!isTreeReadWrite(this,obj)) return; + + string oldname=obj->getName(); + obj->setName( string(m_dialog->obj_name->text().toUtf8().constData()) ); + obj->setComment( string(m_dialog->comment->toPlainText().toUtf8().constData()) ); + + if (m_dialog->useStartDate->isChecked()) + { + obj->setInt( "from_day" , m_dialog->startDate->date().day() ); + obj->setInt( "from_month" , m_dialog->startDate->date().month() ); + obj->setInt( "from_year" , m_dialog->startDate->date().year() ); + } else + { + obj->setInt( "from_day" , -1 ); + obj->setInt( "from_month" , -1 ); + obj->setInt( "from_year" , -1 ); + } + obj->setInt( "from_minute" , m_dialog->startTime->time().minute()); + obj->setInt( "from_hour" , m_dialog->startTime->time().hour() ); + obj->setInt( "from_weekday" , m_dialog->startDOW->currentIndex() -1); + + + if (m_dialog->useEndDate->isChecked()) + { + obj->setInt( "to_day" , m_dialog->endDate->date().day() ); + obj->setInt( "to_month" , m_dialog->endDate->date().month() ); + obj->setInt( "to_year" , m_dialog->endDate->date().year() ); + } else + { + obj->setInt( "to_day" , -1 ); + obj->setInt( "to_month" , -1 ); + obj->setInt( "to_year" , -1 ); + } + obj->setInt( "to_minute" , m_dialog->endTime->time().minute() ); + obj->setInt( "to_hour" , m_dialog->endTime->time().hour() ); + obj->setInt( "to_weekday" , m_dialog->endDOW->currentIndex() - 1 ); + + om->updateObjName(obj,QString::fromUtf8(oldname.c_str())); + + init=true; + +/* move to another lib if we have to */ + if (! FWBTree::isSystem(obj) && m_dialog->libs->currentText() != QString(obj->getLibrary()->getName().c_str())) + om->moveObject(m_dialog->libs->currentText(), obj); + + init=false; + + //apply->setEnabled( false ); + om->updateLastModifiedTimestampForAllFirewalls(obj); +} + +void TimeDialog::discardChanges() +{ + loadFWObject(obj); +} + +/* ObjectEditor class connects its slot to this signal and does all + * the verification for us, then accepts (or not) the event. So we do + * nothing here and defer all the processing to ObjectEditor + */ +void TimeDialog::closeEvent(QCloseEvent *e) +{ + emit close_sign(e); + +} + diff --git a/src/gui/TimeDialog.h b/src/gui/TimeDialog.h new file mode 100644 index 000000000..c0c6de4b3 --- /dev/null +++ b/src/gui/TimeDialog.h @@ -0,0 +1,73 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: TimeDialog.h,v 1.6 2007/03/14 05:08:11 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __TIMEDIALOG_H_ +#define __TIMEDIALOG_H_ + +#include "config.h" +#include +#include + +#include "fwbuilder/FWObject.h" + + +class TimeDialog : public QWidget +{ + Q_OBJECT + + libfwbuilder::FWObject *obj; + bool init; + Ui::TimeDialog_q *m_dialog; + + void enableAllWidgets(); + + public: + TimeDialog(QWidget *parent); + ~TimeDialog(); + +public slots: + virtual void changed(); + virtual void libChanged(); + virtual void applyChanges(); + virtual void useStartOrEndDate(); + virtual void discardChanges(); + virtual void loadFWObject(libfwbuilder::FWObject *obj); + virtual void validate(bool*); + virtual void isChanged(bool*); + virtual void closeEvent(QCloseEvent *e); + + signals: +/** + * This signal is emitted from closeEvent, ObjectEditor connects + * to this signal to make checks before the object editor can be closed + * and to store its position on the screen + */ + void close_sign(QCloseEvent *e); + void changed_sign(); + +}; + +#endif // __TIMEDIALOG_H diff --git a/src/gui/UDPServiceDialog.cpp b/src/gui/UDPServiceDialog.cpp new file mode 100644 index 000000000..6c8c3fdc1 --- /dev/null +++ b/src/gui/UDPServiceDialog.cpp @@ -0,0 +1,199 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: UDPServiceDialog.cpp,v 1.25 2007/04/14 00:18:43 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "FWBTree.h" +#include "UDPServiceDialog.h" +#include "ObjectManipulator.h" + +#include "fwbuilder/Library.h" +#include "fwbuilder/UDPService.h" + +#include +#include +#include +#include +#include +#include +#include + +using namespace std; +using namespace libfwbuilder; + +UDPServiceDialog::UDPServiceDialog(QWidget *parent) : QWidget(parent) +{ + m_dialog = new Ui::UDPServiceDialog_q; + m_dialog->setupUi(this); + + obj=NULL; +} + +UDPServiceDialog::~UDPServiceDialog() +{ + delete m_dialog; +} + +void UDPServiceDialog::loadFWObject(FWObject *o) +{ + obj=o; + UDPService *s = dynamic_cast(obj); + assert(s!=NULL); + + init=true; + + fillLibraries(m_dialog->libs,obj); + + m_dialog->obj_name->setText( QString::fromUtf8(s->getName().c_str()) ); + m_dialog->ss->setValue( s->getInt("src_range_start") ); + m_dialog->se->setValue( s->getInt("src_range_end") ); + m_dialog->ds->setValue( s->getInt("dst_range_start") ); + m_dialog->de->setValue( s->getInt("dst_range_end") ); + + m_dialog->comment->setText( QString::fromUtf8(s->getComment().c_str()) ); + + //apply->setEnabled( false ); + + m_dialog->obj_name->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->obj_name); + + m_dialog->libs->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->libs); + + m_dialog->ss->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->ss); + + m_dialog->se->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->se); + + m_dialog->ds->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->ds); + + m_dialog->de->setEnabled(!o->isReadOnly()); + setDisabledPalette(m_dialog->de); + + m_dialog->comment->setReadOnly(o->isReadOnly()); + setDisabledPalette(m_dialog->comment); + + + init=false; +} + +void UDPServiceDialog::changed() +{ + //apply->setEnabled( true ); + emit changed_sign(); +} + +void UDPServiceDialog::validate(bool *res) +{ + if (fwbdebug) qDebug("UDPServiceDialog::validate"); + + *res=true; + + if (!isTreeReadWrite(this,obj)) { *res=false; return; } + if (!validateName(this,obj,m_dialog->obj_name->text())) { *res=false; return; } + + // check port ranges (bug #1695481, range start must be <= range end) + int sps = m_dialog->ss->value(); + int spe = m_dialog->se->value(); + int dps = m_dialog->ds->value(); + int dpe = m_dialog->de->value(); + + if (sps > spe) + { + QMessageBox::warning(this, "Firewall Builder", + QObject::tr("Invalid range defined for the source port."), + QObject::tr("&Continue editing"), NULL, NULL, 0, 2 ); + *res = false; + return; + } + if (dps > dpe) + { + QMessageBox::warning(this, "Firewall Builder", + QObject::tr("Invalid range defined for the destination port."), + QObject::tr("&Continue editing"), NULL, NULL, 0, 2 ); + *res = false; + return; + } +} + +void UDPServiceDialog::isChanged(bool *res) +{ + //*res=(!init && apply->isEnabled()); +} + +void UDPServiceDialog::libChanged() +{ + changed(); +} + +void UDPServiceDialog::applyChanges() +{ + string oldname=obj->getName(); + obj->setName( string(m_dialog->obj_name->text().toUtf8().constData()) ); + obj->setComment( string(m_dialog->comment->toPlainText().toUtf8().constData()) ); + + if (m_dialog->ss->value()!=0 && m_dialog->se->value()==0) m_dialog->se->setValue( m_dialog->ss->value() ); + if (m_dialog->ds->value()!=0 && m_dialog->de->value()==0) m_dialog->de->setValue( m_dialog->ds->value() ); + + obj->setInt("src_range_start", m_dialog->ss->value() ); + obj->setInt("src_range_end", m_dialog->se->value() ); + obj->setInt("dst_range_start", m_dialog->ds->value() ); + obj->setInt("dst_range_end", m_dialog->de->value() ); + + om->updateObjName(obj,QString::fromUtf8(oldname.c_str())); + + init=true; + +/* move to another lib if we have to */ + if (! FWBTree::isSystem(obj) && m_dialog->libs->currentText() != QString(obj->getLibrary()->getName().c_str())) + om->moveObject(m_dialog->libs->currentText(), obj); + + init=false; + + //apply->setEnabled( false ); + om->updateLastModifiedTimestampForAllFirewalls(obj); +} + +void UDPServiceDialog::discardChanges() +{ + loadFWObject(obj); +} + + +/* ObjectEditor class connects its slot to this signal and does all + * the verification for us, then accepts (or not) the event. So we do + * nothing here and defer all the processing to ObjectEditor + */ +void UDPServiceDialog::closeEvent(QCloseEvent *e) +{ + emit close_sign(e); + +} + diff --git a/src/gui/UDPServiceDialog.h b/src/gui/UDPServiceDialog.h new file mode 100644 index 000000000..eb87b281e --- /dev/null +++ b/src/gui/UDPServiceDialog.h @@ -0,0 +1,70 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: UDPServiceDialog.h,v 1.10 2006/05/13 06:53:05 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __UDPSERVICEDIALOG_H_ +#define __UDPSERVICEDIALOG_H_ + +#include "config.h" +#include +#include + +#include "fwbuilder/FWObject.h" + + +class UDPServiceDialog : public QWidget +{ + Q_OBJECT + + libfwbuilder::FWObject *obj; + bool init; + Ui::UDPServiceDialog_q *m_dialog; + + public: + UDPServiceDialog(QWidget *parent); + ~UDPServiceDialog(); + +public slots: + virtual void changed(); + virtual void libChanged(); + virtual void applyChanges(); + virtual void discardChanges(); + virtual void loadFWObject(libfwbuilder::FWObject *obj); + virtual void validate(bool*); + virtual void isChanged(bool*); + virtual void closeEvent(QCloseEvent *e); + + signals: +/** + * This signal is emitted from closeEvent, ObjectEditor connects + * to this signal to make checks before the object editor can be closed + * and to store its position on the screen + */ + void close_sign(QCloseEvent *e); + void changed_sign(); + +}; + +#endif // UDPSERVICEDIALOG_H diff --git a/src/gui/aboutdialog_q.ui b/src/gui/aboutdialog_q.ui new file mode 100644 index 000000000..6418c8966 --- /dev/null +++ b/src/gui/aboutdialog_q.ui @@ -0,0 +1,641 @@ + + AboutDialog_q + + + true + + + + 0 + 0 + 269 + 242 + + + + + + + + + 0 + 0 + 0 + + + + + + + 255 + 255 + 255 + + + + + + + 255 + 255 + 255 + + + + + + + 255 + 255 + 255 + + + + + + + 127 + 127 + 127 + + + + + + + 170 + 170 + 170 + + + + + + + 0 + 0 + 0 + + + + + + + 255 + 255 + 255 + + + + + + + 0 + 0 + 0 + + + + + + + 255 + 255 + 255 + + + + + + + 255 + 255 + 255 + + + + + + + 0 + 0 + 0 + + + + + + + 255 + 255 + 255 + + + + + + + + + 0 + 0 + 0 + + + + + + + 255 + 255 + 255 + + + + + + + 255 + 255 + 255 + + + + + + + 255 + 255 + 255 + + + + + + + 127 + 127 + 127 + + + + + + + 170 + 170 + 170 + + + + + + + 0 + 0 + 0 + + + + + + + 255 + 255 + 255 + + + + + + + 0 + 0 + 0 + + + + + + + 255 + 255 + 255 + + + + + + + 255 + 255 + 255 + + + + + + + 0 + 0 + 0 + + + + + + + 255 + 255 + 255 + + + + + + + + + 127 + 127 + 127 + + + + + + + 255 + 255 + 255 + + + + + + + 255 + 255 + 255 + + + + + + + 255 + 255 + 255 + + + + + + + 127 + 127 + 127 + + + + + + + 170 + 170 + 170 + + + + + + + 127 + 127 + 127 + + + + + + + 255 + 255 + 255 + + + + + + + 127 + 127 + 127 + + + + + + + 255 + 255 + 255 + + + + + + + 255 + 255 + 255 + + + + + + + 0 + 0 + 0 + + + + + + + 255 + 255 + 255 + + + + + + + + Firewall Builder + + + :/Icons/src/gui/icons/firewall_16.png + + + true + + + + 11 + + + 6 + + + + + + 7 + 5 + 0 + 0 + + + + + Aharoni + 24 + 75 + true + true + + + + Firewall Builder + + + false + + + Qt::AlignCenter + + + false + + + 0 + + + + + + + + 7 + 5 + 0 + 0 + + + + Using libfwbuilder API v + + + Qt::AlignCenter + + + false + + + + + + + Revision: + + + Qt::AlignCenter + + + false + + + + + + + 0 + + + 6 + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + &OK + + + + + + true + + + true + + + + + + + + + + 1 + 0 + 0 + 0 + + + + QFrame::HLine + + + QFrame::Sunken + + + Qt::Horizontal + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 40 + + + + + + + + + 7 + 5 + 0 + 0 + + + + Copyright 2002-2006 NetCitadel, LLC + + + Qt::AlignCenter + + + false + + + + + + + + 7 + 7 + 0 + 20 + + + + + 32767 + 20 + + + + QFrame::NoFrame + + + QFrame::Plain + + + -3 + + + Qt::ScrollBarAlwaysOff + + + Qt::ScrollBarAlwaysOff + + + + + + true + + + <html><head><meta name="qrichtext" content="1" /><style type="text/css"> +p, li { white-space: pre-wrap; } +</style></head><body style=" font-family:'Sans Serif'; font-size:9pt; font-weight:400; font-style:normal; text-decoration:none;"> +<p align="center" style=" margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;"><a href="http://www.fwbuilder.org/"><span style=" text-decoration: underline; color:#0000ff;">http://www.fwbuilder.org</span></a></p></body></html> + + + + + + + + + + false + + + + + + + + + + + + buttonOk + clicked() + AboutDialog_q + accept() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/actionsdialog_q.ui b/src/gui/actionsdialog_q.ui new file mode 100644 index 000000000..4931857e8 --- /dev/null +++ b/src/gui/actionsdialog_q.ui @@ -0,0 +1,1744 @@ + + ActionsDialog_q + + + + 0 + 0 + 635 + 356 + + + + Actions Dialog + + + + 11 + + + 11 + + + 11 + + + 11 + + + + + + + + 0 + 0 + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 11 + + + 11 + + + 11 + + + + + + 0 + 0 + + + + + 75 + true + + + + fw/rule num/action + + + false + + + + + + + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 11 + + + 11 + + + 11 + + + + + + 320 + 0 + + + + QFrame::NoFrame + + + QFrame::Plain + + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + + + + Tag string: + + + false + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 40 + + + + + + + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + If rule action is 'Reject', this option defines firewall's reaction to the packet matching the rule + + + Qt::AlignVCenter + + + true + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + + 300 + 0 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + This action has no parameters. + + + Qt::AlignCenter + + + true + + + + + + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + + + Tag value: + + + false + + + + + + + + 0 + 0 + + + + + 80 + 0 + + + + 65535 + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + + Requires CONNMARK target + + + Mark connections created by packets that match this rule + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + Note: this action translates into MARK target for iptables. Normally this target is non-terminating, that is, other rules with Classify or Tag actions belog this one will process the same packet. However, Firewall Builder can emulate terminating behavior for this action. Option in the "compiler" tab of the firewall object properties dialog activates emulation. + + + Qt::AlignVCenter + + + true + + + + + + + Emulation is currently ON, the rule will be terminating + + + Qt::AlignCenter + + + false + + + + + + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + Rule name for accounting. (white spaces and special characters are not allowed) + + + Qt::AlignVCenter + + + true + + + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 40 + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 40 + + + + + + + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + Packet classification can be implemented in different ways: + + + Qt::AlignVCenter + + + true + + + + + + + + + + + 5 + + + 5 + + + 5 + + + 5 + + + 2 + + + 2 + + + + + use dummynet(4) 'pipe' + + + + + + + use dummynet(4) 'queue' + + + + + + + + + + Pipe or queue number: + + + false + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + 80 + 0 + + + + 999999 + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 40 + + + + + + + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 21 + + + + + + + + Custom string: + + + false + + + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 41 + + + + + + + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + Classify string: + + + false + + + + + + + + + + Note: CLASSIFY target in iptables is non-terminating, that is other rules with Classify or Mark target below this will process the same packet. However, Firewall Builder can emulate terminating behavior for this action. Emulation is activated by an option in the "compiler" tab of the firewall object properties dialog. + + + Qt::AlignVCenter + + + true + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + Emulation is currently ON, rule will be terminating + + + Qt::AlignCenter + + + false + + + + + + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + Divert socket port number: + + + false + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + 80 + 0 + + + + 999999 + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 40 + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 40 + + + + + + + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + User-defined chain name: + + + false + + + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + In addition to 'filter', create branching rule in 'mangle' table as well + + + + + + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + Anchor name: + + + false + + + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 40 + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 40 + + + + + + + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 50 + + + + + + + + + + + Route through + + + + + Route reply through + + + + + Route a copy through + + + + + + + + interface + + + false + + + + + + + + + + next hop + + + false + + + + + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 40 + + + + + + + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + Fastroute + + + + + + + + + + Route through + + + + + Route reply through + + + + + Route a copy through + + + + + + + + interface + + + false + + + + + + + + + + next hop + + + false + + + + + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 30 + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 40 + + + + + + + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + Change inbound interface to + + + false + + + + + + + Route through gateway + + + false + + + + + + + + + + Change outbound interface to + + + false + + + + + + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 170 + 20 + + + + + + + + Continue packet inspection + + + + + + + Make a copy + + + + + + + + + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + + + + usePortNum + valueChanged(int) + ActionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + useDummyNetQueue + toggled(bool) + ActionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + useDummyNetPipe + toggled(bool) + ActionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + tagvalue_str + textChanged(QString) + ActionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + tagvalue_int + valueChanged(int) + ActionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + tagvalue_int + valueChanged(int) + ActionsDialog_q + tagvalueChanged(int) + + + 20 + 20 + + + 20 + 20 + + + + + tagvalue_int + valueChanged(QString) + ActionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + rejectvalue + activated(QString) + ActionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + pf_route_option + activated(int) + ActionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + pf_route_opt_if + activated(int) + ActionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + pf_route_opt_addr + textChanged(QString) + ActionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + pf_fastroute + stateChanged(int) + ActionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ipt_tee + released() + ActionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ipt_oif + activated(int) + ActionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ipt_mark_connections + toggled(bool) + ActionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ipt_iif + activated(int) + ActionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ipt_gw + textChanged(QString) + ActionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ipt_continue + stateChanged(int) + ActionsDialog_q + iptRouteContinueToggled() + + + 20 + 20 + + + 20 + 20 + + + + + ipt_continue + stateChanged(int) + ActionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ipt_branch_in_mangle + toggled(bool) + ActionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ipf_route_option + activated(int) + ActionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ipf_route_opt_if + activated(int) + ActionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ipf_route_opt_addr + textChanged(QString) + ActionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + divertPortNum + valueChanged(int) + ActionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + custom_str + textChanged(QString) + ActionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + classify_str + textChanged(QString) + ActionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + branchChainName + textChanged(QString) + ActionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + branchAnchorName + textChanged(QString) + ActionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + accountingvalue_str + textChanged(QString) + ActionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/addressrangedialog_q.ui b/src/gui/addressrangedialog_q.ui new file mode 100644 index 000000000..3e85bd964 --- /dev/null +++ b/src/gui/addressrangedialog_q.ui @@ -0,0 +1,428 @@ + + AddressRangeDialog_q + + + true + + + + 0 + 0 + 633 + 412 + + + + + 5 + 5 + 0 + 0 + + + + Address Range + + + + 9 + + + 6 + + + + + 0 + + + 6 + + + + + + 5 + 0 + 0 + 0 + + + + QFrame::Box + + + QFrame::Sunken + + + + 4 + + + 6 + + + + + + 0 + 0 + 0 + 0 + + + + + 6 + 5 + + + + + + + true + + + false + + + + + + + + 5 + 5 + 0 + 0 + + + + + 0 + 0 + + + + + 75 + true + + + + Address Range + + + false + + + + + + + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 10 + + + + + + 7 + 7 + 0 + 100 + + + + + 200 + 0 + + + + true + + + + + + + QFrame::NoFrame + + + QFrame::Plain + + + Comment: + + + false + + + + + + + Qt::Horizontal + + + QSizePolicy::Preferred + + + + 101 + 20 + + + + + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 6 + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 32 + + + + + + + + + 5 + 0 + 0 + 0 + + + + + + + + + 5 + 0 + 0 + 0 + + + + + + + + Range End: + + + false + + + + + + + Range Start: + + + false + + + + + + + Name: + + + false + + + + + + + Library: + + + false + + + + + + + + 5 + 0 + 0 + 0 + + + + + + + + + 5 + 0 + 0 + 0 + + + + + + + + + + + + + + + + Qt::Horizontal + + + QSizePolicy::MinimumExpanding + + + + 16 + 234 + + + + + + + + + obj_name + libs + rangeStart + rangeEnd + comment + + + + + obj_name + textChanged(QString) + AddressRangeDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + libs + activated(int) + AddressRangeDialog_q + libChanged() + + + 20 + 20 + + + 20 + 20 + + + + + rangeStart + textChanged(QString) + AddressRangeDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + rangeEnd + textChanged(QString) + AddressRangeDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + comment + textChanged() + AddressRangeDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/addresstabledialog_q.ui b/src/gui/addresstabledialog_q.ui new file mode 100644 index 000000000..99d381034 --- /dev/null +++ b/src/gui/addresstabledialog_q.ui @@ -0,0 +1,550 @@ + + AddressTableDialog_q + + + + 0 + 0 + 765 + 287 + + + + + 500 + 500 + + + + Address Table + + + + 11 + + + 6 + + + + + 0 + + + 6 + + + + + + 5 + 0 + 0 + 0 + + + + QFrame::Box + + + QFrame::Sunken + + + + 5 + + + 6 + + + + + + 75 + true + + + + Address Table + + + false + + + + + + + + 0 + 0 + 0 + 0 + + + + + + + true + + + false + + + + + + + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 6 + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + Comment: + + + false + + + + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 6 + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + QFrame::NoFrame + + + QFrame::Plain + + + Library: + + + false + + + + + + + Name: + + + false + + + + + + + + 5 + 0 + 0 + 0 + + + + + + + + + 5 + 0 + 0 + 0 + + + + + + + + + + + + + + + 7 + + + 6 + + + + + + 7 + 0 + 0 + 0 + + + + Compile Time + + + + + + + + 7 + 0 + 0 + 0 + + + + Run Time + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + File name: + + + false + + + + + + + 0 + + + 6 + + + + + + 0 + 0 + 0 + 0 + + + + Browse + + + Browse + + + + + + + Preview + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 10 + 20 + + + + + + + + + + + 7 + 0 + 0 + 0 + + + + + 250 + 0 + + + + + + + + + + + + 7 + 7 + 0 + 100 + + + + + 200 + 0 + + + + true + + + + + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + obj_name + libs + r_compiletime + r_runtime + filename + BrowseButton + previewButton + comment + + + + + libs + activated(int) + AddressTableDialog_q + libChanged() + + + 20 + 20 + + + 20 + 20 + + + + + comment + textChanged() + AddressTableDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + obj_name + textChanged(QString) + AddressTableDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + r_compiletime + toggled(bool) + AddressTableDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + r_runtime + toggled(bool) + AddressTableDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + filename + textChanged(QString) + AddressTableDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + BrowseButton + clicked() + AddressTableDialog_q + browse() + + + 20 + 20 + + + 20 + 20 + + + + + previewButton + clicked() + AddressTableDialog_q + preview() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/askrulenumberdialog_q.ui b/src/gui/askrulenumberdialog_q.ui new file mode 100644 index 000000000..173a99c0d --- /dev/null +++ b/src/gui/askrulenumberdialog_q.ui @@ -0,0 +1,156 @@ + + askRuleNumberDialog_q + + + + 0 + 0 + 279 + 119 + + + + Enter New Position For The Rule + + + + + + Enter new position for selected rules: + + + false + + + + + + + 10000 + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 80 + 20 + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 80 + 20 + + + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 80 + 20 + + + + + + + + &Move + + + Alt+M + + + true + + + true + + + + + + + &Cancel + + + Alt+C + + + true + + + true + + + + + + + + + + + + + buttonOk + clicked() + askRuleNumberDialog_q + accept() + + + 20 + 20 + + + 20 + 20 + + + + + buttonCancel + clicked() + askRuleNumberDialog_q + reject() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/colorlabelmenuitem_q.ui b/src/gui/colorlabelmenuitem_q.ui new file mode 100644 index 000000000..bd2755693 --- /dev/null +++ b/src/gui/colorlabelmenuitem_q.ui @@ -0,0 +1,231 @@ + + + + + colorLabelMenuItem_q + + + + 0 + 0 + 124 + 16 + + + + + + + + 4 + + + 4 + + + + + + 8 + 8 + + + + + + + true + + + Orange + + + + + + + + 8 + 8 + + + + + + + true + + + Green + + + + + + + + 8 + 8 + + + + + + + true + + + Purple + + + + + + + + 8 + 8 + + + + + + + true + + + Blue + + + + + + + + 8 + 8 + + + + + + + true + + + Yellow + + + + + + + + 8 + 8 + + + + + + + true + + + Gray + + + + + + + + 8 + 8 + + + + + + + true + + + Red + + + + + + + + 8 + 8 + + + + + + + true + + + No color + + + + + + + + + + redBtn + clicked() + colorLabelMenuItem_q + redColorClicked() + + + orangeBtn + clicked() + colorLabelMenuItem_q + orangeColorClicked() + + + yellowBtn + clicked() + colorLabelMenuItem_q + yellowColorClicked() + + + greenBtn + clicked() + colorLabelMenuItem_q + greenColorClicked() + + + blueBtn + clicked() + colorLabelMenuItem_q + blueColorClicked() + + + purpleBtn + clicked() + colorLabelMenuItem_q + purpleColorClicked() + + + grayBtn + clicked() + colorLabelMenuItem_q + grayColorClicked() + + + noneBtn + clicked() + colorLabelMenuItem_q + noneColorClicked() + + + diff --git a/src/gui/commenteditorpanel_q.ui b/src/gui/commenteditorpanel_q.ui new file mode 100644 index 000000000..0b42b0fe0 --- /dev/null +++ b/src/gui/commenteditorpanel_q.ui @@ -0,0 +1,179 @@ + + CommentEditorPanel_q + + + true + + + + 0 + 0 + 643 + 254 + + + + Comment Editor Panel + + + + 11 + + + 6 + + + + + 6 + + + 6 + + + + + + 5 + 0 + 0 + 0 + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 6 + + + + + + 75 + true + + + + fw/rule num + + + false + + + + + + + + + + + 500 + 0 + + + + + + + + + 1 + 0 + 0 + 0 + + + + QFrame::HLine + + + QFrame::Sunken + + + Qt::Horizontal + + + + + + + 6 + + + 6 + + + + + Import from file ... + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 211 + 20 + + + + + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + + + editor + textChanged() + CommentEditorPanel_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/confirmdeleteobjectdialog_q.ui b/src/gui/confirmdeleteobjectdialog_q.ui new file mode 100644 index 000000000..34e9ba52c --- /dev/null +++ b/src/gui/confirmdeleteobjectdialog_q.ui @@ -0,0 +1,191 @@ + + ConfirmDeleteObjectDialog_q + + + + 0 + 0 + 599 + 1510 + + + + Firewall Builder + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + Delete + + + + + + + Cancel + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 51 + 20 + + + + + + + + + + + 0 + 0 + + + + Groups and firewall policy rules shown in the list below reference objects you are about to delete. If you delete objects, they will be removed from these groups and rules. + + + Qt::AlignVCenter + + + true + + + + + + + + 500 + 200 + + + + QFrame::NoFrame + + + QFrame::Plain + + + + + + true + + + QAbstractItemView::NoSelection + + + + Object + + + + + Parent + + + + + Details + + + + + + + + + + + + 0 + 0 + + + + Deleted objects are moved to the "Deleted objects" library. You can recover them later by moving back to the user's library. However if you delete an object already located in the "Deleted objects" library, it is destroyed and can not be restored. + + + Qt::AlignVCenter + + + true + + + + + + + + objectsView + pushButton1 + pushButton2 + + + + + + pushButton1 + clicked() + ConfirmDeleteObjectDialog_q + accept() + + + 20 + 20 + + + 20 + 20 + + + + + pushButton2 + clicked() + ConfirmDeleteObjectDialog_q + reject() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/customservicedialog_q.ui b/src/gui/customservicedialog_q.ui new file mode 100644 index 000000000..9412834fa --- /dev/null +++ b/src/gui/customservicedialog_q.ui @@ -0,0 +1,386 @@ + + + + + CustomServiceDialog_q + + + true + + + + 0 + 0 + 822 + 277 + + + + Custom Service + + + + + + 0 + + + + + + 5 + 0 + 0 + 0 + + + + Box + + + Sunken + + + + 5 + + + + + + true + + + + Custom Service + + + false + + + + + + + + 0 + 0 + 0 + 0 + + + + custom_25.png + + + true + + + false + + + + + + + + + + Box + + + Sunken + + + + 10 + + + + + Comment: + + + false + + + + + + + + 0 + 20 + + + + Expanding + + + Horizontal + + + + + + + + 7 + 7 + 0 + 90 + + + + + 200 + 0 + + + + true + + + + + + + Box + + + Sunken + + + + + + + 20 + 30 + + + + Expanding + + + Vertical + + + + + + + Name: + + + false + + + + + + + + 5 + 0 + 0 + 0 + + + + + + + + Library: + + + false + + + + + + + + 5 + 0 + 0 + 0 + + + + + + + + + + + + 5 + 5 + 0 + 0 + + + + Box + + + Sunken + + + + + + + 20 + 16 + + + + Expanding + + + Vertical + + + + + + + + 7 + 1 + 0 + 0 + + + + + 0 + 0 + + + + + 32767 + 60 + + + + Custom service object has separate code string for each supported firewall platform. + + + Qt::AlignVCenter + + + true + + + + + + + Platform: + + + false + + + + + + + + + + Code: + + + false + + + + + + + + 250 + 0 + + + + Qt::AlignLeft + + + + + + + + + + + + + + + + 40 + 20 + + + + Expanding + + + Horizontal + + + + + + + + + obj_name + libs + platform + code + comment + + + + obj_name + textChanged(QString) + CustomServiceDialog_q + changed() + + + libs + activated(int) + CustomServiceDialog_q + libChanged() + + + platform + activated(int) + CustomServiceDialog_q + platformChanged() + + + code + textChanged(QString) + CustomServiceDialog_q + changed() + + + comment + textChanged() + CustomServiceDialog_q + changed() + + + diff --git a/src/gui/debugDialog.cpp b/src/gui/debugDialog.cpp new file mode 100644 index 000000000..7831c17b0 --- /dev/null +++ b/src/gui/debugDialog.cpp @@ -0,0 +1,114 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: debugDialog.cpp,v 1.11 2006/10/22 05:24:28 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#include "config.h" +#include "global.h" +#include "utils.h" +#include "VERSION.h" +#include "build_num" + +#include "debugDialog.h" +#include "RCS.h" +#include "FWWindow.h" + +#include +#include +#include +#include +#include + +#include "fwbuilder/Constants.h" +#include "fwbuilder/FWObjectDatabase.h" + +#include + +using namespace std; + + +debugDialog::debugDialog(QWidget *parent) : QDialog(parent) +{ + m_dialog = new Ui::debugDialog_q; + m_dialog->setupUi(this); + +/* + * some variables used for remote debugging (so I can ask the user to + * send me a screenshot of the "about" dialog and get the idea about + * their environment etc.) + */ + m_dialog->debugText->append( QString("Path to executable: %1").arg(argv0.c_str()) ); + m_dialog->debugText->append( QString("Path to resources: %1").arg(respath.c_str()) ); + m_dialog->debugText->append( QString("Path to locale: %1").arg(localepath.c_str()) ); + m_dialog->debugText->append( QString("Path to lib resources: %1").arg(librespath.c_str()) ); + m_dialog->debugText->append( QString("appRootDir: %1").arg(appRootDir.c_str()) ); + m_dialog->debugText->append( "\n" ); + m_dialog->debugText->append( QString("sysfname: %1").arg(sysfname.c_str()) ); + m_dialog->debugText->append( QString("tempfname: %1").arg(tempfname.c_str()) ); + m_dialog->debugText->append( "\n" ); + m_dialog->debugText->append( QString("Path to rcs: %1").arg(RCS_FILE_NAME) ); + m_dialog->debugText->append( QString("Path to rcsdiff: %1").arg(RCSDIFF_FILE_NAME) ); + m_dialog->debugText->append( QString("Path to rlog: %1").arg(RLOG_FILE_NAME) ); + m_dialog->debugText->append( QString("Path to ci: %1").arg(CI_FILE_NAME) ); + m_dialog->debugText->append( QString("Path to co: %1").arg(CO_FILE_NAME) ); + m_dialog->debugText->append( "\n" ); + + m_dialog->debugText->append( "RCS timezone setting:" ); + m_dialog->debugText->append( RCS::getRCSEnvFix()->getTZOffset() ); + m_dialog->debugText->append( "\n" ); + m_dialog->debugText->append( "RCS environment:" ); + m_dialog->debugText->append( RCS::getEnv()->join("\n").toAscii() ); + m_dialog->debugText->append( "\n" ); + + m_dialog->debugText->append( QString("Current locale: %1").arg(QLocale::system().name()) ); + m_dialog->debugText->append( "\n" ); + m_dialog->debugText->append( QString("Versions:") ); + m_dialog->debugText->append( QString(" Firewall Builder %1").arg(VERSION) ); + m_dialog->debugText->append( QString(" Release %1 Build %2").arg(RELEASE_NUM).arg(BUILD_NUM) ); + m_dialog->debugText->append( QString(" Using libfwbuilder %1") + .arg( libfwbuilder::Constants::getLibraryVersion().c_str() ) ); + m_dialog->debugText->append( QString(" Built with QT %1").arg(QT_VERSION_STR) ); + m_dialog->debugText->append( QString(" Using QT %1").arg( qVersion() ) ); + m_dialog->debugText->append( QString(" Built with libxml2 %1").arg(LIBXML_DOTTED_VERSION) ); +#if !defined(Q_OS_MACX) + m_dialog->debugText->append( QString(" Using libxml2 %1").arg(xmlParserVersion) ); +#endif + m_dialog->debugText->append( "\n" ); + + m_dialog->debugText->append( QString("FWObjectDatabase index statistics:") ); + + int s,h,m; + mw->db()->getIndexStats(s,h,m); + m_dialog->debugText->append( QString(" index size: %1 records").arg(s) ); + m_dialog->debugText->append( QString(" hits: %1").arg(h) ); + m_dialog->debugText->append( QString(" misses: %1").arg(m) ); + m_dialog->debugText->append( "\n" ); + + m_dialog->debugText->append( QString("QPixmapCache limit: %1 kb").arg(QPixmapCache::cacheLimit())); +} + +debugDialog::~debugDialog() +{ + delete m_dialog; +} \ No newline at end of file diff --git a/src/gui/debugDialog.h b/src/gui/debugDialog.h new file mode 100644 index 000000000..85cd8e740 --- /dev/null +++ b/src/gui/debugDialog.h @@ -0,0 +1,47 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: debugDialog.h,v 1.1 2004/05/23 20:32:06 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __DEBUGDIALOG_H_ +#define __DEBUGDIALOG_H_ + +#include "config.h" +#include +#include + + +class debugDialog : public QDialog +{ + Q_OBJECT + + Ui::debugDialog_q *m_dialog; + + public: + debugDialog(QWidget *parent); + ~debugDialog(); + +}; + +#endif // __DEBUGDIALOG_H diff --git a/src/gui/debugdialog_q.ui b/src/gui/debugdialog_q.ui new file mode 100644 index 000000000..0d4b3661f --- /dev/null +++ b/src/gui/debugdialog_q.ui @@ -0,0 +1,80 @@ + + + + + debugDialog_q + + + + 0 + 0 + 494 + 280 + + + + Debugging Info + + + + + + 0 + + + 6 + + + + + + 20 + 20 + + + + Expanding + + + Horizontal + + + + + + + &Close + + + Alt+C + + + true + + + true + + + + + + + + + + + + + + debugText + buttonOk + + + + buttonOk + clicked() + debugDialog_q + close() + + + diff --git a/src/gui/discoverydruid_q.ui b/src/gui/discoverydruid_q.ui new file mode 100644 index 000000000..286a88936 --- /dev/null +++ b/src/gui/discoverydruid_q.ui @@ -0,0 +1,3431 @@ + + DiscoveryDruid_q + + + + 0 + 0 + 557 + 670 + + + + + 6 + + + 9 + + + 9 + + + 9 + + + 9 + + + + + + 0 + 0 + + + + + 0 + 25 + + + + + Sans Serif + 14 + 75 + false + true + + + + TextLabel + + + Qt::AlignCenter + + + + + + + 0 + + + + + 0 + + + 0 + + + 0 + + + 0 + + + 6 + + + 6 + + + + + + 0 + 0 + + + + Choose discovery method used to collect information about network objects from the list below and click 'Next' to continue. + + + Qt::AlignVCenter + + + true + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 30 + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 70 + + + + + + + + Discovery method: + + + + 6 + + + 6 + + + 6 + + + 6 + + + 6 + + + 6 + + + + + Read file in hosts format + + + true + + + + + + + Import DNS zone + + + + + + + Perform network discovery using SNMP + + + + + + + Import configuration of a firewall or a router + + + + + + + + + + + + 6 + + + 0 + + + 0 + + + 0 + + + 0 + + + + + Enter full path and file name below or click "Browse" to find it: + + + Qt::AlignVCenter + + + true + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 31 + + + + + + + + File in hosts format + + + + 6 + + + 6 + + + 6 + + + 6 + + + 6 + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + 6 + + + 0 + + + 0 + + + 0 + + + 0 + + + + + + + + Browse ... + + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 41 + + + + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 181 + + + + + + + + + + 0 + + + 0 + + + 0 + + + 0 + + + 6 + + + 6 + + + + + All objects created during import will be placed in the library currently opened in the tree. + + + Qt::AlignVCenter + + + true + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + Policy import tries to parse given configuration file and preserve its logic as close as possible. However, very often target firewall configuration allows for more commands, options and their combinations than importer can understand. Rules that importer could not parse exactly are colored red in the rule sets it creates. Always inspect firewall policy created by the importer and compare it with the original. Manual changes and corrections may be required. Comments in the rules that could not be parsed show fragments of the original configuration parser did not understand. + + + Qt::AlignVCenter + + + true + + + + + + + Import from file: + + + false + + + + + + + + + + + 0 + 0 + + + + Browse... + + + + + + + + Cisco IOS + + + + + iptables + + + + + + + + Platform: + + + false + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 110 + 20 + + + + + + + + + 0 + 100 + + + + textLabel1 + + + Qt::AlignVCenter + + + true + + + + + + + Qt::Vertical + + + QSizePolicy::Fixed + + + + 20 + 10 + + + + + + + + Qt::Vertical + + + QSizePolicy::Fixed + + + + 20 + 10 + + + + + + + + Qt::Vertical + + + QSizePolicy::Fixed + + + + 20 + 10 + + + + + + + + + + 6 + + + 0 + + + 0 + + + 0 + + + 0 + + + + + This discovery method creates objects for all 'A' records found in DNS domain. You will later have a chance to accept only those objects you wish and ignore others. +Please enter the domain name below: + + + Qt::AlignVCenter + + + true + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 21 + + + + + + + + Domain name + + + + 6 + + + 6 + + + 6 + + + 6 + + + 6 + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 21 + + + + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 21 + + + + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + Objects created using this method may have long or short names. long name consists of the host name and full domain name (this is called <i>Fully Qualified Domain Name</i>). Short name consists of only host name. Check in the box below if you wish to use long name, then click next to continue: + + + Qt::AlignVCenter + + + true + + + + + + + Use long names + + + + + + + + + 6 + + + 0 + + + 0 + + + 0 + + + 0 + + + + + DNS zone information has to be transferred from the name server authoritative for the domain. Pick the name server: + + + Qt::AlignVCenter + + + true + + + + + + + Name server + + + + 6 + + + 6 + + + 6 + + + 6 + + + 6 + + + 6 + + + + + choose name server from the list below + + + + + + + + + + + + + server name or its IP address here if you wish to use different one: + + + + + + + 6 + + + 0 + + + 0 + + + 0 + + + 0 + + + + + + 200 + 20 + + + + + + + false + + + + + + + + 0 + 0 + + + + + 32767 + 20 + + + + Qt::Horizontal + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 50 + 20 + + + + + + + + + + + + + DNS Query options + + + + 0 + + + 0 + + + 0 + + + 0 + + + 6 + + + 6 + + + + + Timeout (sec) + + + false + + + + + + + Retries + + + false + + + + + + + 1 + + + 1 + + + + + + + 1 + + + 2 + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 160 + 20 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 170 + 20 + + + + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 131 + + + + + + + + + + 6 + + + 0 + + + 0 + + + 0 + + + 0 + + + + + This discovery method scans networks looking for hosts or gateways responding to SNMP queries. It pulls host's ARP table and uses all the entries found in it to create objects. Scan starts from the host called "seed". Enter "seed" host name or address below: + + + Qt::AlignVCenter + + + true + + + + + + + 'Seed' host + + + + 6 + + + 6 + + + 6 + + + 6 + + + 6 + + + 6 + + + + + 6 + + + 0 + + + 0 + + + 0 + + + 0 + + + + + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 211 + 21 + + + + + + + + + + 6 + + + 0 + + + 0 + + + 0 + + + 0 + + + + + true + + + + 0 + 20 + + + + Enter a valid host name or address. + + + false + + + + + + + + 0 + 0 + + + + + 32767 + 20 + + + + Qt::Horizontal + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + + + + + The scanner process can be confined to a certain network, so it won't discover hosts on adjacent networks. If you leave these fields blank, scanner will visit all networks it can find: + + + Qt::AlignVCenter + + + true + + + + + + + Confine scan to this network: + + + + 6 + + + 6 + + + 6 + + + 6 + + + 6 + + + 6 + + + + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 271 + 20 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 271 + 20 + + + + + + + + Netmask: + + + false + + + + + + + Address: + + + false + + + + + + + + + + false + + + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 70 + + + + + + + + + + 6 + + + 0 + + + 0 + + + 0 + + + 0 + + + + + The scanner process can repeat its algorithm recursively using each new host it finds as a new "seed". This allows it to find as many objects on your network as possible. On the other hand, it takes more time and may find some objects you do not really need. You can turn recursive scanning on below: + + + Qt::AlignVCenter + + + true + + + + + + + Run network scan recursively + + + + + + + QFrame::HLine + + + QFrame::Sunken + + + Qt::Horizontal + + + + + + + The scanner process can find nodes beyond the boundaries of your network by following point-to-point links connecting it to the Internet or other parts of WAN. + + + Qt::AlignVCenter + + + true + + + + + + + Follow point-to-point links + + + + + + + QFrame::HLine + + + QFrame::Sunken + + + Qt::Horizontal + + + + + + + The scanner process can distinguish virtual IP addresses created on hosts as static "published" ARP entries or as secondary addresses on interfaces. + + + Qt::AlignVCenter + + + true + + + + + + + Include virtual addresses + + + + + + + QFrame::HLine + + + QFrame::Sunken + + + Qt::Horizontal + + + + + + + Analysis of ARP table yields IP addresses for hosts on your network. In order to determine their names, scanner can run reverse name lookup queries using your name servers (DNS): + + + Qt::AlignVCenter + + + true + + + + + + + Run reverse name lookup DNS queries to determine host names + + + false + + + + + + + + + 6 + + + 0 + + + 0 + + + 0 + + + 0 + + + + + Enter parameters for SNMP and DNS reverse lookup queries below. (If unsure, just leave default values): + + + Qt::AlignVCenter + + + true + + + + + + + SNMP query parameters: + + + + 6 + + + 6 + + + 6 + + + 6 + + + 6 + + + 6 + + + + + SNMP 'read' community string: + + + false + + + + + + + number of retries: + + + false + + + + + + + timeout (sec): + + + false + + + + + + + 1 + + + 1 + + + + + + + 1 + + + 2 + + + + + + + public + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 190 + 20 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 250 + 20 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 250 + 20 + + + + + + + + + + + DNS parameters: + + + + 6 + + + 6 + + + 6 + + + 6 + + + 6 + + + 6 + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 300 + 20 + + + + + + + + number of retries: + + + false + + + + + + + timeout (sec) : + + + false + + + + + + + Number of threads: + + + false + + + + + + + 1 + + + 1 + + + + + + + 1 + + + 10000 + + + 2 + + + + + + + 1 + + + 5 + + + + + + + + + + + + + false + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 80 + + + + + + + + + + 6 + + + 0 + + + 0 + + + 0 + + + 0 + + + + + + + + + 6 + + + 0 + + + 0 + + + 0 + + + 0 + + + + + + 16 + 75 + true + + + + Process name + + + false + + + + + + + + + + + + + + 6 + + + 6 + + + 6 + + + 6 + + + 6 + + + 6 + + + + + Qt::Horizontal + + + + + + + Stop + + + + + + + Save scan log to file + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 141 + 20 + + + + + + + + + + + Process log: + + + + 6 + + + 0 + + + 0 + + + 0 + + + 0 + + + + + true + + + + + + + + + + + + 6 + + + 0 + + + 0 + + + 0 + + + 0 + + + + + These are the networks found by the scanner process. Choose the ones you wish to use from the list below, then click 'Next': + + + Qt::AlignVCenter + + + true + + + + + + + 6 + + + 6 + + + 6 + + + 6 + + + 6 + + + + + 6 + + + 6 + + + 6 + + + 6 + + + 6 + + + + + QAbstractItemView::MultiSelection + + + + + + + 6 + + + 6 + + + 6 + + + 6 + + + 6 + + + 6 + + + + + Select All + + + + + + + Filter ... + + + + + + + Unselect All + + + + + + + Remove Filter + + + + + + + + + + + 6 + + + 6 + + + 6 + + + 6 + + + 6 + + + + + -> + + + + + + + <- + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 300 + + + + + + + + + + 6 + + + 6 + + + 6 + + + 6 + + + 6 + + + + + QAbstractItemView::MultiSelection + + + + + + + 6 + + + 6 + + + 6 + + + 6 + + + 6 + + + + + Select All + + + + + + + Unselect All + + + + + + + + + + + + + + + 6 + + + 0 + + + 0 + + + 0 + + + 0 + + + + + Choose objects you wish to use, then click 'Next': + + + Qt::AlignVCenter + + + true + + + + + + + 6 + + + 6 + + + 6 + + + 6 + + + 6 + + + + + 6 + + + 6 + + + 6 + + + 6 + + + 6 + + + + + QAbstractItemView::MultiSelection + + + + + + + 6 + + + 6 + + + 6 + + + 6 + + + 6 + + + 6 + + + + + Remove Filter + + + + + + + Select All + + + + + + + Filter ... + + + + + + + Unselect All + + + + + + + + + + + 6 + + + 6 + + + 6 + + + 6 + + + 6 + + + + + -> + + + + + + + <- + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 240 + + + + + + + + + + 6 + + + 6 + + + 6 + + + 6 + + + 6 + + + + + QAbstractItemView::MultiSelection + + + + + + + 6 + + + 6 + + + 6 + + + 6 + + + 6 + + + + + Select All + + + + + + + Unselect All + + + + + + + + + + + + + + + 0 + + + 0 + + + 0 + + + 0 + + + 6 + + + 6 + + + + + 0 + + + 0 + + + 0 + + + 0 + + + 6 + + + 6 + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 30 + 20 + + + + + + + + Unselect All + + + + + + + Remove Filter + + + + + + + Filter ... + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + Select All + + + + + + + Change type of selected objects: + + + + 6 + + + 6 + + + 6 + + + 6 + + + 6 + + + + + Address + + + + + + + Host + + + + + + + Firewall + + + + + + + + + + + + QAbstractItemView::ExtendedSelection + + + true + + + + Object + + + + + Interfaces + + + + + Type + + + + + + + + Here you can change type of the objects to be created for each address discovered by the scanner. By default, an "Address" object is created for the host with just one interface with single IP address and "Host" object is created for the host with multiple interfaces, however you can change their types on this page. + + + Qt::AlignVCenter + + + true + + + + + + + + + 6 + + + 0 + + + 0 + + + 0 + + + 0 + + + + + Select target library + + + + 6 + + + 6 + + + 6 + + + 6 + + + 6 + + + + + + 0 + 0 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 71 + 20 + + + + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 340 + + + + + + + + + + 6 + + + 0 + + + 0 + + + 0 + + + 0 + + + + + Adding new objects to library ... + + + Qt::AlignTop + + + true + + + + + + + Qt::Horizontal + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 241 + + + + + + + + + + + + + 1 + 0 + + + + + 400 + 50 + + + + QFrame::StyledPanel + + + QFrame::Raised + + + + 6 + + + 9 + + + 9 + + + 9 + + + 9 + + + + + Qt::Horizontal + + + + 40 + 20 + + + + + + + + < &Back + + + + + + + &Next > + + + false + + + + + + + &Finish + + + false + + + + + + + &Cancel + + + + + + + + + + + dm_fromfile + filename + browseButton + import_filename + import_browse + import_platform + domainname + uselongname + dnsfromlist + nameserverlist + nameserverline + dnscustom + dnsretries + dnstimeout + seedhostname + snmpinaddr + snmpinmask + snmprecursive + snmpfollowp2p + snmpincludevirt + snmpdodns + snmpretries + snmptimeout + snmpcommunity + snmpdnsretries + snmpdnstimeout + snmpdnsthreads + discoveryStopButton + logSaveButton + discoverylog + networkresultlist + selAllResNetButton + netFilterButton + pushButton7_2 + remNetFilterButton + addNetButton + remNetButton + networklist + selAllNetButton + pushButton7_2_2 + objectresultlist + remObjFilterButton + selAllResButton + objFilterButton + unselAllResButton + addObjButton + remObjButton + objectlist + selAllObjButton + unselAllObjButton + unselAllLastButton + removeLastFilterButton + addLastFilterButton + selAllLastButton + addresTypeButton + hostTypeButton + pushButton26 + typeChangingList + libs + + + + + addLastFilterButton + clicked() + DiscoveryDruid_q + setLastFilter() + + + 20 + 20 + + + 20 + 20 + + + + + addNetButton + clicked() + DiscoveryDruid_q + addNetwork() + + + 20 + 20 + + + 20 + 20 + + + + + addObjButton + clicked() + DiscoveryDruid_q + addObject() + + + 20 + 20 + + + 20 + 20 + + + + + addresTypeButton + clicked() + DiscoveryDruid_q + typeAddress() + + + 20 + 20 + + + 20 + 20 + + + + + browseButton + clicked() + DiscoveryDruid_q + browseHostsFile() + + + 20 + 20 + + + 20 + 20 + + + + + stackedWidget + currentChanged(int) + DiscoveryDruid_q + changedSelected(int) + + + 20 + 20 + + + 20 + 20 + + + + + discoveryStopButton + clicked() + DiscoveryDruid_q + stopBackgroundProcess() + + + 20 + 20 + + + 20 + 20 + + + + + domainname + textChanged(QString) + DiscoveryDruid_q + changedDomainName() + + + 20 + 20 + + + 20 + 20 + + + + + filename + textChanged(QString) + DiscoveryDruid_q + changedHostsFileName() + + + 20 + 20 + + + 20 + 20 + + + + + hostTypeButton + clicked() + DiscoveryDruid_q + typeHost() + + + 20 + 20 + + + 20 + 20 + + + + + import_browse + clicked() + DiscoveryDruid_q + browseForImport() + + + 20 + 20 + + + 20 + 20 + + + + + import_platform + activated(int) + DiscoveryDruid_q + importPlatformChanged(int) + + + 20 + 20 + + + 20 + 20 + + + + + logSaveButton + clicked() + DiscoveryDruid_q + saveScanLog() + + + 20 + 20 + + + 20 + 20 + + + + + nameserverline + textChanged(QString) + DiscoveryDruid_q + typedCustomNS() + + + 20 + 20 + + + 20 + 20 + + + + + nameserverline + textChanged(QString) + DiscoveryDruid_q + changedNameServer() + + + 20 + 20 + + + 20 + 20 + + + + + nameserverlist + activated(int) + dnsfromlist + animateClick() + + + 20 + 20 + + + 20 + 20 + + + + + netFilterButton + clicked() + DiscoveryDruid_q + setNetworkFilter() + + + 20 + 20 + + + 20 + 20 + + + + + networkresultlist + itemDoubleClicked(QListWidgetItem*) + DiscoveryDruid_q + addNetwork() + + + 20 + 20 + + + 20 + 20 + + + + + objectresultlist + itemDoubleClicked(QListWidgetItem*) + DiscoveryDruid_q + addObject() + + + 20 + 20 + + + 20 + 20 + + + + + objFilterButton + clicked() + DiscoveryDruid_q + setObjectFilter() + + + 20 + 20 + + + 20 + 20 + + + + + pushButton26 + clicked() + DiscoveryDruid_q + typeFirewall() + + + 20 + 20 + + + 20 + 20 + + + + + pushButton7_2 + clicked() + networkresultlist + clearSelection() + + + 20 + 20 + + + 20 + 20 + + + + + pushButton7_2_2 + clicked() + networklist + clearSelection() + + + 20 + 20 + + + 20 + 20 + + + + + remNetButton + clicked() + DiscoveryDruid_q + removeNetwork() + + + 20 + 20 + + + 20 + 20 + + + + + remNetFilterButton + clicked() + DiscoveryDruid_q + removeNetworkFilter() + + + 20 + 20 + + + 20 + 20 + + + + + remObjButton + clicked() + DiscoveryDruid_q + removeObject() + + + 20 + 20 + + + 20 + 20 + + + + + remObjFilterButton + clicked() + DiscoveryDruid_q + removeObjectFilter() + + + 20 + 20 + + + 20 + 20 + + + + + removeLastFilterButton + clicked() + DiscoveryDruid_q + removeLastFilter() + + + 20 + 20 + + + 20 + 20 + + + + + seedhostname + textChanged(QString) + DiscoveryDruid_q + changedSeedHost() + + + 20 + 20 + + + 20 + 20 + + + + + selAllLastButton + clicked() + DiscoveryDruid_q + selectAllLast() + + + 20 + 20 + + + 20 + 20 + + + + + selAllNetButton + clicked() + DiscoveryDruid_q + selectAllNets() + + + 20 + 20 + + + 20 + 20 + + + + + selAllObjButton + clicked() + DiscoveryDruid_q + selectAllObjs() + + + 20 + 20 + + + 20 + 20 + + + + + selAllResButton + clicked() + DiscoveryDruid_q + selectAllResObjs() + + + 20 + 20 + + + 20 + 20 + + + + + selAllResNetButton + clicked() + DiscoveryDruid_q + selectAllResNets() + + + 20 + 20 + + + 20 + 20 + + + + + snmpcommunity + textChanged(QString) + DiscoveryDruid_q + checkSNMPCommunity() + + + 20 + 20 + + + 20 + 20 + + + + + snmpinaddr + textChanged(QString) + DiscoveryDruid_q + changedInclNet() + + + 20 + 20 + + + 20 + 20 + + + + + snmpinmask + textChanged(QString) + DiscoveryDruid_q + changedInclNet() + + + 20 + 20 + + + 20 + 20 + + + + + unselAllLastButton + clicked() + DiscoveryDruid_q + unselectAllLast() + + + 20 + 20 + + + 20 + 20 + + + + + unselAllObjButton + clicked() + objectlist + clearSelection() + + + 20 + 20 + + + 20 + 20 + + + + + unselAllResButton + clicked() + objectresultlist + clearSelection() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/dnsnamedialog_q.ui b/src/gui/dnsnamedialog_q.ui new file mode 100644 index 000000000..e80dc8222 --- /dev/null +++ b/src/gui/dnsnamedialog_q.ui @@ -0,0 +1,346 @@ + + + + + DNSNameDialog_q + + + + 0 + 0 + 630 + 260 + + + + DNS Name + + + + + + 0 + + + + + + 5 + 0 + 0 + 0 + + + + Box + + + Sunken + + + + 5 + + + + + + true + + + + DNS Name + + + false + + + + + + + + 0 + 0 + 0 + 0 + + + + domainname_25.png + + + true + + + false + + + + + + + + + + Box + + + Sunken + + + + + + Comment: + + + false + + + + + + + + 7 + 7 + 0 + 100 + + + + + 200 + 0 + + + + true + + + + + + + + + + + 0 + + + + + Compile Time + + + + + + + Run Time + + + + + + + + 20 + 21 + + + + Expanding + + + Vertical + + + + + + + + + + + 0 + 20 + + + + Expanding + + + Horizontal + + + + + + + Box + + + Sunken + + + + + + + 20 + 16 + + + + Expanding + + + Vertical + + + + + + + Library: + + + false + + + + + + + Name: + + + false + + + + + + + DNS Record: + + + false + + + + + + + + 5 + 0 + 0 + 0 + + + + + + + + + 5 + 0 + 0 + 0 + + + + + + + + + 5 + 0 + 0 + 0 + + + + + + + + + + + + + + + + + 40 + 20 + + + + Expanding + + + Horizontal + + + + + + + + + obj_name + libs + dnsrec + r_compiletime + r_runtime + comment + + + + obj_name + textChanged(QString) + DNSNameDialog_q + changed() + + + libs + activated(int) + DNSNameDialog_q + libChanged() + + + comment + textChanged() + DNSNameDialog_q + changed() + + + dnsrec + textChanged(QString) + DNSNameDialog_q + changed() + + + r_compiletime + toggled(bool) + DNSNameDialog_q + changed() + + + r_runtime + toggled(bool) + DNSNameDialog_q + changed() + + + diff --git a/src/gui/execDialog.cpp b/src/gui/execDialog.cpp new file mode 100644 index 000000000..ca2bb5ab5 --- /dev/null +++ b/src/gui/execDialog.cpp @@ -0,0 +1,153 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: execDialog.cpp,v 1.10 2006/02/18 05:26:30 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" + +#include "execDialog.h" + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "FWBSettings.h" + +#if defined(Q_OS_WIN32) +# include +# include +# include +#endif + +#include + +using namespace std; + +execDialog::~execDialog() +{ + delete m_dialog; +} + +execDialog::execDialog(QWidget *parent,const QStringList &args, const QString &closeButtonText) + : QDialog(parent), proc(parent) +{ + m_dialog = new Ui::execDialog_q; + m_dialog->setupUi(this); + + m_dialog->output->setWordWrapMode( QTextOption::NoWrap ); + res=-1; + + if (! closeButtonText.isEmpty()) m_dialog->buttonOk->setText(closeButtonText); + + proc.setProcessChannelMode(QProcess::MergedChannels); + + connect(&proc, SIGNAL(readyReadStdout()), this, SLOT(readFromStdout()) ); + connect(&proc, SIGNAL(processExited()), this, SLOT(processExited()) ); + + arguments = args; + + m_dialog->stopButton->hide(); + m_dialog->saveLogButton->hide(); +} + +void execDialog::readFromStdout() +{ +// output->append( proc.readStdout() ); + m_dialog->output->moveCursor( QTextCursor::End ); + m_dialog->output->insertPlainText( proc.readAllStandardOutput() ); +} + +void execDialog::stopProcess() +{ + proc.terminate(); + QTimer::singleShot( 1000, &proc, SLOT( kill() ) ); +} + +void execDialog::processExited() +{ + m_dialog->stopButton->hide(); + m_dialog->saveLogButton->show(); + m_dialog->buttonOk->setEnabled( true ); + m_dialog->buttonOk->setFocus(); + res=proc.exitStatus(); +} + +int execDialog::run() +{ + m_dialog->output->append( arguments.join(" ") ); + m_dialog->output->append("\n"); + + QStringList args = arguments; + + assert(!args.empty()); + QString command = args[0]; + args.pop_front(); + + proc.start(command, args); + + if ( !proc.waitForStarted() ) + { + m_dialog->output->append( tr("Error: Failed to start program") ); + return exec(); + } + m_dialog->saveLogButton->hide(); + m_dialog->stopButton->show(); + m_dialog->stopButton->setFocus(); + m_dialog->buttonOk->setEnabled( false ); + exec(); + return res; +} +void execDialog::saveLog() +{ + QString dir; + dir=st->getWDir(); + if (dir.isEmpty()) dir=st->getOpenFileDir(); + if (dir.isEmpty()) dir="~"; + + QString s = QFileDialog::getSaveFileName( + this, + "Choose a file", + dir, + "Text file (*.txt)"); + + + if (!s.isEmpty()) + { + if (!s.endsWith(".txt")) + { + s+=".txt"; + } + QFile f(s); + if (f.open(QIODevice::WriteOnly)) + { + QTextStream (&f) << m_dialog->output->toPlainText(); + f.close(); + } + } +} diff --git a/src/gui/execDialog.h b/src/gui/execDialog.h new file mode 100644 index 000000000..17de23564 --- /dev/null +++ b/src/gui/execDialog.h @@ -0,0 +1,59 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: execDialog.h,v 1.4 2006/02/18 05:26:30 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __EXECDIALOG_H_ +#define __EXECDIALOG_H_ + +#include + +#include +#include +#include +#include + +class execDialog : public QDialog +{ + Q_OBJECT + + QProcess proc; + int res; + Ui::execDialog_q *m_dialog; + QStringList arguments; + +public: + execDialog(QWidget *parent,const QStringList &args, const QString &closeButtonText=""); + ~execDialog(); + int run(); + +public slots: + + virtual void readFromStdout(); + virtual void stopProcess(); + virtual void processExited(); + virtual void saveLog(); +}; + +#endif diff --git a/src/gui/execdialog_q.ui b/src/gui/execdialog_q.ui new file mode 100644 index 000000000..251fb2e93 --- /dev/null +++ b/src/gui/execdialog_q.ui @@ -0,0 +1,195 @@ + + execDialog_q + + + true + + + + 0 + 0 + 513 + 297 + + + + Executing external command + + + true + + + + 11 + + + 6 + + + + + + + + 0 + + + 6 + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 60 + 20 + + + + + + + + Save log to file + + + + + + + + 0 + 28 + + + + Stop + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 120 + 20 + + + + + + + + + + 0 + + + 6 + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + &Close + + + Alt+C + + + true + + + true + + + + + + + + + + output + saveLogButton + stopButton + buttonOk + + + + + buttonOk + clicked() + execDialog_q + accept() + + + 20 + 20 + + + 20 + 20 + + + + + stopButton + clicked() + execDialog_q + stopProcess() + + + 20 + 20 + + + 20 + 20 + + + + + saveLogButton + clicked() + execDialog_q + saveLog() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/fakeWizard.cpp b/src/gui/fakeWizard.cpp new file mode 100644 index 000000000..f942e45de --- /dev/null +++ b/src/gui/fakeWizard.cpp @@ -0,0 +1,155 @@ +#include "fakeWizard.h" + +FakeWizard::FakeWizard() +{ +} + +FakeWizard::~FakeWizard() +{ +} + +void FakeWizard::setControlWidgets(QWidget *_mainWidget, + QStackedWidget *_stackedWidget, + QPushButton *_nextButton, + QPushButton *_finishButton, + QPushButton *_backButton, + QPushButton *_cancelButton, + QLabel *_titleLabel) +{ + mainWidget = _mainWidget; + stackedWidget = _stackedWidget; + nextButton = _nextButton; + finishButton = _finishButton; + backButton =_backButton; + titleLabel = _titleLabel; + cancelButton = _cancelButton; + + m_pageCount = stackedWidget->count(); + + QObject::connect( nextButton, SIGNAL( clicked() ), + mainWidget, SLOT( nextClicked() )); + QObject::connect( backButton, SIGNAL( clicked() ), + mainWidget, SLOT( backClicked() )); + QObject::connect( finishButton, SIGNAL( clicked() ), + mainWidget, SLOT( finishClicked() )); + QObject::connect( cancelButton, SIGNAL( clicked() ), + mainWidget, SLOT( cancelClicked() )); + + for (int i = 0; i < m_pageCount; i++) + { + appropriates.push_back(true); + backEnabled.push_back(true); + nextEnabled.push_back(true); + finishEnabled.push_back(false); + pageTitles.push_back(QString()); + } + backEnabled[0] = false; + nextEnabled[m_pageCount-1] = false; + + m_currentPage = 0; +} + +void FakeWizard::setAppropriate(const int page, const bool value) +{ + if (page >= m_pageCount) return; + appropriates[page] = value; +} + +void FakeWizard::setNextEnabled(const int page, const bool enabled) +{ + if (page >= m_pageCount) return; + nextEnabled[page] = enabled; + if (page == currentPage()) + nextButton->setEnabled(enabled); +} + +void FakeWizard::setBackEnabled(const int page, const bool enabled) +{ + if (page >= m_pageCount) return; + backEnabled[page] = enabled; + if (page == currentPage()) + backButton->setEnabled(enabled); +} + +void FakeWizard::setFinishEnabled(const int page, const bool enabled) +{ + if (page >= m_pageCount) return; + finishEnabled[page] = enabled; + if (page == currentPage()) + { + if (enabled) + finishButton->show(); + else + finishButton->hide(); + } +} + +void FakeWizard::setTitle(const int page, const QString title) +{ + if (page >= m_pageCount) return; + pageTitles[page] = title; + if (page == currentPage()) + if (titleLabel) + titleLabel->setText(title); +} + +int FakeWizard::pageCount() const +{ + return stackedWidget->count(); +} + +int FakeWizard::previousRelevant(const int page) const +{ + for (int i = page-1; i >= 0; i--) + if (appropriates[i] && appropriate(i)) + return i; + + return -1; +} + +int FakeWizard::nextRelevant(const int page) const +{ + for (int i = page+1; i < m_pageCount; i++) + if (appropriates[i] && appropriate(i)) + return i; + + return -1; +} + +void FakeWizard::showPage(const int page) +{ + if (page >= m_pageCount) return; + + if (finishEnabled[page]) + finishButton->show(); + else + finishButton->hide(); + + nextButton->setEnabled( nextEnabled[page] && + (nextRelevant(page) > -1) ); + backButton->setEnabled( backEnabled[page] && + (previousRelevant(page) > -1) ); + + if (titleLabel) + if (!pageTitles[page].isEmpty()) + { + titleLabel->setText(pageTitles[page]); + titleLabel->show(); + } + else + titleLabel->hide(); + + setCurrentPage(page); + + stackedWidget->setCurrentIndex(page); +} + +int FakeWizard::currentPage() const +{ + return m_currentPage; +} + +void FakeWizard::setCurrentPage(const int page) +{ + m_currentPage = page; +} diff --git a/src/gui/fakeWizard.h b/src/gui/fakeWizard.h new file mode 100644 index 000000000..3a19fdc5d --- /dev/null +++ b/src/gui/fakeWizard.h @@ -0,0 +1,63 @@ +#ifndef __FAKEWIZARD_H__ +#define __FAKEWIZARD_H__ + +#include +#include +#include +#include +#include + +class FakeWizard +{ +protected: + QWidget *mainWidget; + QStackedWidget *stackedWidget; + QPushButton *nextButton; + QPushButton *backButton; + QPushButton *finishButton; + QPushButton *cancelButton; + QLabel *titleLabel; + + int m_currentPage; + int m_pageCount; + + std::vector nextEnabled; + std::vector backEnabled; + std::vector appropriates; + std::vector finishEnabled; + std::vector pageTitles; + + int nextRelevant(const int page) const; + int previousRelevant(const int page) const; + +public : + + FakeWizard(); + virtual ~FakeWizard(); + + void setControlWidgets(QWidget *_mainWidget, + QStackedWidget *_stackedWidget, + QPushButton *_nextButton, + QPushButton *_finishButton, + QPushButton *_backButton, + QPushButton *_cancelButton, + QLabel *_titleLabel = NULL); + + int pageCount() const; + int currentPage() const; + void showPage(const int page); + void setCurrentPage(const int page); + void setNextEnabled(const int page, const bool enabled); + void setBackEnabled(const int page, const bool enabled); + void setAppropriate(const int page, const bool value); + void setFinishEnabled(const int page, const bool enabled); + void setTitle(const int page, const QString title); + + virtual bool appropriate(const int) const + { return true; } + + /*virtual void backClicked(); + virtual void nextClicked();*/ +}; + +#endif diff --git a/src/gui/filePropDialog.cpp b/src/gui/filePropDialog.cpp new file mode 100644 index 000000000..ac4d894a8 --- /dev/null +++ b/src/gui/filePropDialog.cpp @@ -0,0 +1,186 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: filePropDialog.cpp,v 1.7 2007/05/22 22:59:31 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "fwbuilder/FWObjectDatabase.h" + +#include "filePropDialog.h" +#include "FWWindow.h" +#include "PrintingProgressDialog.h" +#include "printerStream.h" + +#include "RCS.h" + +#include +#include +#include + +#include + +#ifndef _WIN32 +# include // for access(2) +#endif + + +#include + +using namespace std; + +filePropDialog::~filePropDialog() +{ + delete m_dialog; +} + +filePropDialog::filePropDialog(QWidget *parent, RCS *rcs) : + QDialog(parent) +{ + m_dialog = new Ui::filePropDialog_q; + m_dialog->setupUi(this); + + // we have to get a reference to the printer + // or we can create a new one ... + + m_dialog->fileLocation->setText( rcs->getFileName() ); + if (rcs->isRO()) m_dialog->fileRO->setText( tr("Opened read-only") ); + else m_dialog->fileRO->setText(""); + + time_t lm = mw->db()->getTimeLastModified(); + QString s = ctime( &lm ); + s.truncate( s.length()-1 ); // chop newline + + m_dialog->lastModified->setText( QString("%1 (%2)").arg(s).arg(lm) ); + + if (rcs->isInRCS()) + { + m_dialog->fileRev->setText( rcs->getSelectedRev() ); + m_dialog->fileLockedBy->setText( rcs->getLockedBy() ); + + QList::iterator i; + for (i=rcs->begin(); i!=rcs->end(); ++i) + { + Revision r= *i; + m_dialog->fileRevHistory->append( tr("Revision %1").arg(r.rev) ); + m_dialog->fileRevHistory->append( r.log ); + m_dialog->fileRevHistory->append("\n"); + m_dialog->fileRevHistory->moveCursor(QTextCursor::Start); + } + } else + { + m_dialog->fileRev->setText(""); + m_dialog->fileLockedBy->setText(""); + m_dialog->fileRevHistory->setText(""); + } + +} +void filePropDialog::setPrinter(QPrinter *p) +{ + printer=p; +} + +void filePropDialog::printRevHistory() +{ + // Revision history printing: + // + // 1. setup printer properties + // 2. create a stream + // 3. split text from the QTextBrowser (fileRevHistory) into the lines + // 4. send lines to the stream + // + + //int pageWidth = 0; + //int pageHeight = 0; + bool fullPage = false; + + float margin; +#if defined(Q_OS_MACX) || defined(Q_OS_WIN32) + margin=1.5; +#else + margin=0; +#endif + int resolution = 150; + bool printHeader = true; + //bool printLegend = true; + //bool printObjects = true; + //bool newPageForSection = false; + //int tableResolution = 2; // 50%, 75%, 100%, 150%, 200%, default 100% + + QPrintDialog printDialog(printer, this); + +#if (QT_VERSION > 0x030200) + printDialog.addEnabledOption(QAbstractPrintDialog::PrintPageRange); + printDialog.setPrintRange(QAbstractPrintDialog::AllPages); + printDialog.setMinMax(1,9999); +#endif + + printer->setResolution(resolution); + printer->setFullPage(fullPage); + + if (printDialog.exec() == QDialog::Accepted) + { + int fromPage = printer->fromPage(); + int toPage = printer->toPage(); + if (fromPage==0) fromPage=1; + if (toPage==0) toPage=9999; + + PrintingProgressDialog *ppd = new PrintingProgressDialog(this,printer,0,false); + QString headerText = "Revision History:"; + +#if defined(Q_OS_MACX) + printerStream pr(printer,margin,printHeader,headerText,NULL); +#else + printerStream pr(printer,margin,printHeader,headerText,ppd); + ppd->show(); +#endif + pr.setFromTo(fromPage,toPage); + if ( !pr.begin()) + { + ppd->hide(); + delete ppd; + return; + } + + //QSize margins = printer->margins(); + + pr.beginPage(); // resets yPos + QStringList sl; + sl=m_dialog->fileRevHistory->toPlainText().split('\n'); + + for ( QStringList::Iterator it = sl.begin(); it != sl.end(); ++it ) + { + pr.printText(*it); + } + + ppd->hide(); + delete ppd; + + pr.end(); + + + } +} diff --git a/src/gui/filePropDialog.h b/src/gui/filePropDialog.h new file mode 100644 index 000000000..a40b86ab0 --- /dev/null +++ b/src/gui/filePropDialog.h @@ -0,0 +1,57 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: filePropDialog.h,v 1.2 2005/05/28 21:16:18 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __FILEPROPDIALOG_H_ +#define __FILEPROPDIALOG_H_ + +#include +#include +#include + +#include "config.h" +#include + +class RCS; +class QPrinter; + +class filePropDialog : public QDialog +{ + Q_OBJECT + + Ui::filePropDialog_q *m_dialog; + + public: + filePropDialog(QWidget *parent, RCS *rcs); + ~filePropDialog(); + void setPrinter(QPrinter *printer); + + private: + QPrinter *printer; + public slots: + virtual void printRevHistory( ); +}; + +#endif // __FILEPROPDIALOG_H diff --git a/src/gui/filepropdialog_q.ui b/src/gui/filepropdialog_q.ui new file mode 100644 index 000000000..3a43c4f5d --- /dev/null +++ b/src/gui/filepropdialog_q.ui @@ -0,0 +1,315 @@ + + filePropDialog_q + + + + 0 + 0 + 415 + 438 + + + + File Properties + + + + + 11 + 11 + 92 + 16 + + + + Location: + + + false + + + + + true + + + + 11 + 160 + 393 + 238 + + + + + + + 11 + 71 + 393 + 16 + + + + QFrame::HLine + + + QFrame::Sunken + + + Qt::Horizontal + + + + + + 11 + 31 + 393 + 16 + + + + RO + + + false + + + + + + 11 + 80 + 393 + 16 + + + + Revision Control: + + + false + + + + + + 11 + 51 + 189 + 16 + + + + Time of last modification: + + + false + + + + + + 11 + 100 + 189 + 16 + + + + Revision: + + + false + + + + + + 11 + 120 + 189 + 16 + + + + Locked by user: + + + false + + + + + + 109 + 11 + 295 + 16 + + + + + 7 + 5 + 0 + 0 + + + + location + + + false + + + + + + 206 + 51 + 198 + 16 + + + + lastModified + + + false + + + + + + 206 + 100 + 198 + 16 + + + + + 7 + 5 + 0 + 0 + + + + rev + + + false + + + + + + 206 + 120 + 198 + 16 + + + + + 7 + 5 + 0 + 0 + + + + lockedBy + + + false + + + + + + 11 + 140 + 393 + 16 + + + + Revision history: + + + false + + + + + + 310 + 400 + 93 + 30 + + + + OK + + + + + + 10 + 400 + 93 + 30 + + + + Print + + + + + + fileRevHistory + bt_print + bt_OK + + + + + bt_OK + released() + filePropDialog_q + close() + + + 20 + 20 + + + 20 + 20 + + + + + bt_print + released() + filePropDialog_q + printRevHistory() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/filterdialog_q.ui b/src/gui/filterdialog_q.ui new file mode 100644 index 000000000..655ea2583 --- /dev/null +++ b/src/gui/filterdialog_q.ui @@ -0,0 +1,344 @@ + + FilterDialog_q + + + + 0 + 0 + 527 + 407 + + + + Filter + + + + 11 + + + 6 + + + + + 0 + + + 6 + + + + + Save + + + + + + + Load + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 96 + 20 + + + + + + + + Ok + + + true + + + + + + + Cancel + + + + + + + + + Match + + + false + + + + + + + + all + + + + + any + + + + + + + + of the following: + + + false + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 51 + 20 + + + + + + + + + + + + 0 + + + 6 + + + + + + 48 + 32767 + + + + Add a new pattern + + + + + + + + + + + 0 + + + 6 + + + + + 2 + + + + Target + + + + + Type + + + + + Pattern + + + + + + + + Case sensitive + + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 140 + + + + + + + + + 48 + 32767 + + + + Remove a pattern + + + - + + + + + + + + + + + combo + table + addButton + remButton + case_sensitive + saveButton + loadButton + okButton + cancelButton + + + + + okButton + clicked() + FilterDialog_q + apply() + + + 20 + 20 + + + 20 + 20 + + + + + cancelButton + clicked() + FilterDialog_q + reject() + + + 20 + 20 + + + 20 + 20 + + + + + loadButton + clicked() + FilterDialog_q + load() + + + 20 + 20 + + + 20 + 20 + + + + + saveButton + clicked() + FilterDialog_q + save() + + + 20 + 20 + + + 20 + 20 + + + + + addButton + clicked() + FilterDialog_q + addPattern() + + + 20 + 20 + + + 20 + 20 + + + + + remButton + clicked() + FilterDialog_q + removePattern() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/findDialog.cpp b/src/gui/findDialog.cpp new file mode 100644 index 000000000..4ef26dd1d --- /dev/null +++ b/src/gui/findDialog.cpp @@ -0,0 +1,339 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: findDialog.cpp,v 1.13 2006/06/13 06:54:24 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "findDialog.h" +#include "ObjectManipulator.h" +#include "FWWindow.h" +#include "FWBTree.h" +#include "FWBSettings.h" + +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/FWReference.h" +#include "fwbuilder/RuleSet.h" +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +using namespace libfwbuilder; +using namespace std; + +#define MAX_SEARCH_ITEMS_COUNT 10 + +findDialog::findDialog(QWidget *p) : QDialog(p), treeSeeker() +{ + m_dialog = new Ui::findDialog_q; + m_dialog->setupUi(this); + + lastFound=NULL; + lastTextSearch=""; + lastAttrSearch=""; + + m_dialog->findText->setFocus(); +} + +void findDialog::setObject(FWObject *o) +{ + reset(); + m_dialog->findText->lineEdit()->setText( QString::fromUtf8(o->getName().c_str()) ); +} + +void findDialog::reset() +{ + lastFound=NULL; + lastTextSearch=""; + treeSeeker=mw->db()->tree_begin(); +} + +void findDialog::findTextChanged(const QString &ns) +{ + if (ns!=lastTextSearch) reset(); + lastTextSearch=ns; +} + +void findDialog::findAttrChanged(const QString &ns) +{ + if (ns!=lastAttrSearch) reset(); + lastAttrSearch=ns; +} + +void findDialog::find() +{ + if (m_dialog->findText->currentText().isEmpty() && m_dialog->findAttr->currentText().isEmpty()) return; + + if (m_dialog->findText->currentText() != m_dialog->findText->itemText(0)) + { + if (m_dialog->findText->count()>=MAX_SEARCH_ITEMS_COUNT) + m_dialog->findText->removeItem(MAX_SEARCH_ITEMS_COUNT-1); + + m_dialog->findText->insertItem( 0, m_dialog->findText->currentText() ); + + if (fwbdebug) + { + qDebug("findDialog::find() : findText->text(0)=%s", + m_dialog->findText->itemText(0).toLatin1().constData()); + } + } + + if (m_dialog->findAttr->currentText() != m_dialog->findAttr->itemText(0)) + { + if (m_dialog->findAttr->count()>=MAX_SEARCH_ITEMS_COUNT) + m_dialog->findAttr->removeItem(MAX_SEARCH_ITEMS_COUNT-1); + + m_dialog->findAttr->insertItem( 0, m_dialog->findAttr->currentText() ); + + if (fwbdebug) + qDebug("findDialog::find() : findAttr->text(0)=%s", + m_dialog->findAttr->itemText(0).toLatin1().constData()); + } + + findNext(); +} + +bool findDialog::matchName(const QString &name) +{ + QString s=m_dialog->findText->currentText(); + if (s.isEmpty()) return true; + + bool res=false; + + if (m_dialog->useRegexp->isChecked()) res= ( name.indexOf( QRegExp(s) )!=-1 ); + else res= ( name == s ); + + return res; +} + +bool findDialog::matchAttr(libfwbuilder::FWObject *obj) +{ + QString s=m_dialog->findAttr->currentText(); + if (s.isEmpty()) return true; + + bool res=false; + int attrN = m_dialog->attribute->currentIndex(); + + switch (attrN) { + case 0: // Address + { + Address *a = Address::cast(obj); + if (a!=NULL) + { + QString addr = a->getAddress().toString().c_str(); + if (m_dialog->useRegexp->isChecked()) res= ( addr.indexOf( QRegExp(s) )!=-1 ); + else res= ( addr == s ); + } + break; + } + case 1: // port + if (TCPService::cast(obj)!=NULL || UDPService::cast(obj)!=NULL) + { + if (m_dialog->useRegexp->isChecked()) + { + QString port; + port.setNum(obj->getInt("src_range_start")); + res |= ( port.indexOf( QRegExp(s) )!=-1 ); + port.setNum(obj->getInt("src_range_end")); + res |= ( port.indexOf( QRegExp(s) )!=-1 ); + port.setNum(obj->getInt("dst_range_start")); + res |= ( port.indexOf( QRegExp(s) )!=-1 ); + port.setNum(obj->getInt("dst_range_end")); + res |= ( port.indexOf( QRegExp(s) )!=-1 ); + } else + { + int port = s.toInt(); + res |= (port == obj->getInt("src_range_start")); + res |= (port == obj->getInt("src_range_end")); + res |= (port == obj->getInt("dst_range_start")); + res |= (port == obj->getInt("dst_range_end")); + } + break; + } + case 2: // protocol num. + if (IPService::cast(obj)!=NULL) + { + if (m_dialog->useRegexp->isChecked()) + { + QString proto; + proto.setNum(obj->getInt("protocol_num")); + res |= ( proto.indexOf( QRegExp(s) )!=-1 ); + } else + { + int proto = s.toInt(); + res |= (proto == obj->getInt("protocol_num")); + } + break; + } + case 3: // icmp type + if (ICMPService::cast(obj)!=NULL) + { + if (m_dialog->useRegexp->isChecked()) + { + QString icmptype; + icmptype.setNum(obj->getInt("type")); + res |= ( icmptype.indexOf( QRegExp(s) )!=-1 ); + } else + { + int icmptype = s.toInt(); + res |= (icmptype == obj->getInt("type")); + } + break; + } + } + + return res; +} + +void findDialog::findNext() +{ + if (m_dialog->findText->currentText().isEmpty() && + m_dialog->findAttr->currentText().isEmpty()) return; + + if (m_dialog->findText->count()>10) m_dialog->findText->removeItem(0); + if (m_dialog->findAttr->count()>10) m_dialog->findAttr->removeItem(0); + + FWObject *o=NULL; + +loop: + QApplication::setOverrideCursor( QCursor( Qt::WaitCursor) ); + + for (; treeSeeker!=mw->db()->tree_end(); ++treeSeeker) + { + o = *treeSeeker; + + if( RuleElement::cast(o->getParent())!=NULL) + { + if (! m_dialog->searchInRules->isChecked()) continue; + } else + { +/* if not in rules, then in the tree. */ + if (! m_dialog->searchInTree->isChecked()) continue; + } + + if (FWReference::cast(o)!=NULL) + { + FWReference *r=FWReference::cast(o); + if ( matchName( QString::fromUtf8(r->getPointer()->getName().c_str()) ) && + matchAttr( r->getPointer() )) break; + } else + { + if (matchName( QString::fromUtf8(o->getName().c_str())) && + matchAttr( o )) break; + } + } + + QApplication::restoreOverrideCursor(); + + if (treeSeeker==mw->db()->tree_end()) + { + reset(); + + if ( QMessageBox::warning( + this,"Firewall Builder", + tr("Search hit the end of the object tree."), + tr("&Continue at top"), tr("&Stop"), QString::null, 0, 1 )==0 ) goto loop; + + return; + } + assert(o!=NULL); + +/* found object. Shift iterator so it does not return the same object + * when user hits 'find next' + */ + + ++treeSeeker; + + if (FWReference::cast(o)!=NULL && RuleElement::cast(o->getParent())!=NULL) + { + mw->ensureObjectVisibleInRules( FWReference::cast(o) ); + QTimer::singleShot(200, this, SLOT(makeActive()) ); + return; + } + + if (Group::cast(o->getParent())!=NULL && + !FWBTree::isSystem(o->getParent())) + { + om->openObject( o->getParent() ); + om->editObject( o->getParent() ); + QTimer::singleShot(200, this, SLOT(makeActive()) ); + return; + } + + if (fwbdebug) + { + qDebug("Found object: o=%p id=%s name=%s type=%s", + o, o->getId().c_str(),o->getName().c_str(),o->getTypeName().c_str()); + } + + om->openObject( o ); + om->editObject( o ); + + QTimer::singleShot(200, this, SLOT(makeActive()) ); +} + +void findDialog::makeActive() +{ + activateWindow(); +} + +void findDialog::showEvent( QShowEvent *ev) +{ + st->restoreGeometry(this, QRect(200,100,330,140) ); + QDialog::showEvent(ev); + + m_dialog->useRegexp->setChecked( st->getBool("Search/useRegexp") ); + m_dialog->searchInTree->setChecked( st->getBool("Search/findInTree" ) ); + m_dialog->searchInRules->setChecked( st->getBool("Search/findInRules") ); + + m_dialog->findText->setFocus(); +} + +void findDialog::hideEvent( QHideEvent *ev) +{ + st->saveGeometry(this); + QDialog::hideEvent(ev); + + st->setBool("Search/useRegexp", m_dialog->useRegexp->isChecked() ); + st->setBool("Search/findInTree", m_dialog->searchInTree->isChecked() ); + st->setBool("Search/findInRules", m_dialog->searchInRules->isChecked() ); +} + diff --git a/src/gui/findDialog.h b/src/gui/findDialog.h new file mode 100644 index 000000000..463380676 --- /dev/null +++ b/src/gui/findDialog.h @@ -0,0 +1,71 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: findDialog.h,v 1.4 2005/04/17 21:58:55 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __FINDDIALOG_H_ +#define __FINDDIALOG_H_ + +#include "config.h" +#include + +#include "fwbuilder/FWObject.h" + + +class findDialog : public QDialog +{ + Q_OBJECT + + QString lastTextSearch; + QString lastAttrSearch; + libfwbuilder::FWObject *lastFound; + libfwbuilder::FWObject::tree_iterator treeSeeker; + + bool matchName(const QString &name); + bool matchAttr(libfwbuilder::FWObject* obj); + + public: + Ui::findDialog_q *m_dialog; + findDialog(QWidget *p); + + void setObject(libfwbuilder::FWObject *o); + ~findDialog() { delete m_dialog; }; + +public slots: + virtual void find(); + virtual void findNext(); + virtual void reset(); + virtual void findTextChanged(const QString&); + virtual void findAttrChanged(const QString&); + + void makeActive(); + + protected: + + virtual void showEvent( QShowEvent *ev); + virtual void hideEvent( QHideEvent *ev); + +}; + +#endif // __FINDDIALOG_H diff --git a/src/gui/finddialog_q.ui b/src/gui/finddialog_q.ui new file mode 100644 index 000000000..655a6b28e --- /dev/null +++ b/src/gui/finddialog_q.ui @@ -0,0 +1,261 @@ + + findDialog_q + + + + 0 + 0 + 424 + 196 + + + + + 0 + 0 + + + + Qt::StrongFocus + + + Find Object + + + + + + true + + + QComboBox::InsertAtTop + + + false + + + + + + + Text to be found in object names: + + + false + + + + + + + Search in policy rules + + + + + + + Search in the tree + + + true + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 30 + + + + + + + + Find + + + true + + + + + + + QFrame::HLine + + + QFrame::Sunken + + + + + + + true + + + + + + + Matching attribute: + + + false + + + + + + + + Address + + + + + TCP/UDP port + + + + + Protocol number + + + + + ICMP type + + + + + + + + Search for substring using regular expressions + + + + + + + + findText + attribute + findAttr + useRegexp + searchInTree + searchInRules + findBtn + + + + + + findBtn + clicked() + findDialog_q + find() + + + 20 + 20 + + + 20 + 20 + + + + + findText + activated(QString) + findDialog_q + findTextChanged(QString) + + + 20 + 20 + + + 20 + 20 + + + + + findText + editTextChanged(QString) + findDialog_q + findTextChanged(QString) + + + 20 + 20 + + + 20 + 20 + + + + + findAttr + activated(QString) + findDialog_q + findAttrChanged(QString) + + + 20 + 20 + + + 20 + 20 + + + + + findAttr + editTextChanged(QString) + findDialog_q + findAttrChanged(QString) + + + 20 + 20 + + + 20 + 20 + + + + + attribute + activated(QString) + findDialog_q + findAttrChanged(QString) + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/findobjectwidget_q.ui b/src/gui/findobjectwidget_q.ui new file mode 100644 index 000000000..f9d60ba15 --- /dev/null +++ b/src/gui/findobjectwidget_q.ui @@ -0,0 +1,593 @@ + + findObjectWidget_q + + + + 0 + 0 + 919 + 184 + + + + + + + Form1 + + + + 9 + + + 6 + + + + + Qt::Vertical + + + QSizePolicy::MinimumExpanding + + + + 75 + 1 + + + + + + + + Replace && Find + + + + + + + + + + + 5 + 5 + 0 + 0 + + + + + 9 + + + + Replace object + + + + 6 + + + 6 + + + + + + 0 + 0 + 0 + 0 + + + + + 100 + 80 + + + + + 9 + + + + + + + + + + + + 1 + 0 + 0 + 0 + + + + Close + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 110 + 20 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 100 + 20 + + + + + + + + + 7 + 5 + 0 + 0 + + + + + 9 + + + + Scope for search and replace : + + + + 4 + + + 6 + + + + + + Tree only + + + + + Tree and policy of all firewalls + + + + + Policy of all firewalls + + + + + policy of the opened firewall + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + + + Replace + + + + + + + Replace all + + + + + + + Next + + + true + + + + + + + + 7 + 5 + 0 + 0 + + + + + 9 + + + + Find object + + + + 9 + + + 6 + + + + + + 0 + 0 + 0 + 0 + + + + + 100 + 80 + + + + + 9 + + + + + + + + + 9 + + + + + Name + + + + + Address + + + + + TCP/UDP port + + + + + Protocol number + + + + + ICMP type + + + + + + + + + 9 + + + + true + + + + + + + Use regular expressions + + + + + + + + + + + + FWObjectDropArea + QWidget +
    FWObjectDropArea.h
    + 1 +     +     + + attribute + findAttr + srScope + replaceAllButton + replaceButton + repNextButton + findButton + closeButton + + + + + closeButton + clicked() + findObjectWidget_q + hidePanel() + + + 20 + 20 + + + 20 + 20 + + + + + findDropArea + objectDeleted() + findObjectWidget_q + enableAll() + + + 20 + 20 + + + 20 + 20 + + + + + findDropArea + objectInserted() + findObjectWidget_q + objectInserted() + + + 20 + 20 + + + 20 + 20 + + + + + findButton + clicked() + findObjectWidget_q + find() + + + 20 + 20 + + + 20 + 20 + + + + + findAttr + activated(QString) + findObjectWidget_q + findAttrChanged(QString) + + + 20 + 20 + + + 20 + 20 + + + + + findAttr + editTextChanged(QString) + findObjectWidget_q + findAttrChanged(QString) + + + 20 + 20 + + + 20 + 20 + + + + + attribute + activated(QString) + findObjectWidget_q + findAttrChanged(QString) + + + 20 + 20 + + + 20 + 20 + + + + + replaceButton + clicked() + findObjectWidget_q + replace() + + + 20 + 20 + + + 20 + 20 + + + + + replaceAllButton + clicked() + findObjectWidget_q + replaceAll() + + + 20 + 20 + + + 20 + 20 + + + + + srScope + activated(int) + findObjectWidget_q + reset() + + + 20 + 20 + + + 20 + 20 + + + + + replaceDropArea + objectDeleted() + findObjectWidget_q + replaceDisable() + + + 20 + 20 + + + 20 + 20 + + + + + replaceDropArea + objectInserted() + findObjectWidget_q + replaceEnable() + + + 20 + 20 + + + 20 + 20 + + + + + repNextButton + clicked() + findObjectWidget_q + replaceNext() + + + 20 + 20 + + + 20 + 20 + + + + + srScope + activated(int) + findObjectWidget_q + scopeChanged() + + + 20 + 20 + + + 20 + 20 + + + + +     diff --git a/src/gui/findwhereusedwidget_q.ui b/src/gui/findwhereusedwidget_q.ui new file mode 100644 index 000000000..da1398099 --- /dev/null +++ b/src/gui/findwhereusedwidget_q.ui @@ -0,0 +1,237 @@ + + findWhereUsedWidget_q + + + + 0 + 0 + 735 + 169 + + + + + 1 + 5 + 0 + 0 + + + + Form1 + + + + 6 + + + 6 + + + + + Object: + + + + 6 + + + 6 + + + + + + 0 + 0 + 0 + 0 + + + + + 100 + 80 + + + + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 31 + + + + + + + + + + + + 3 + 7 + 0 + 0 + + + + Object is found in : + + + + 6 + + + 6 + + + + + true + + + + Parent Object + + + + + Details + + + + + + + + + + + QFrame::NoFrame + + + QFrame::Raised + + + + 0 + + + 6 + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + Find + + + + + + + Close + + + + + + + + + + + + FWObjectDropArea + QWidget +
    FWObjectDropArea.h
    + 1 +     +     + + resListView + pushButton8 + pushButton2 + + + + + pushButton8 + clicked() + findWhereUsedWidget_q + hidePanel() + + + 20 + 20 + + + 20 + 20 + + + + + resListView + itemActivated(QTreeWidgetItem*, int) + findWhereUsedWidget_q + itemActivated(QTreeWidgetItem*) + + + 20 + 20 + + + 20 + 20 + + + + + pushButton2 + clicked() + findWhereUsedWidget_q + find() + + + 20 + 20 + + + 20 + 20 + + + + +     diff --git a/src/gui/firewalldialog_q.ui b/src/gui/firewalldialog_q.ui new file mode 100644 index 000000000..cf7d23d77 --- /dev/null +++ b/src/gui/firewalldialog_q.ui @@ -0,0 +1,660 @@ + + FirewallDialog_q + + + true + + + + 0 + 0 + 810 + 368 + + + + Firewall + + + + 9 + + + 6 + + + + + 0 + + + 6 + + + + + + 5 + 0 + 0 + 0 + + + + QFrame::Box + + + QFrame::Sunken + + + + 5 + + + 6 + + + + + + 75 + true + + + + Firewall + + + false + + + + + + + + 0 + 0 + 0 + 0 + + + + + + + true + + + false + + + + + + + + + + QFrame::Box + + + QFrame::Sunken + + + + 9 + + + 6 + + + + + 0 + + + 6 + + + + + + 0 + 0 + 0 + 0 + + + + + 200 + 0 + + + + + 32767 + 32767 + + + + Host OS Settings ... + + + + + + + + 0 + 0 + 0 + 0 + + + + + 200 + 0 + + + + + 32767 + 32767 + + + + Firewall Settings ... + + + + + + + + 1 + 0 + 0 + 0 + + + + Skip this firewall for batch compile and install operations + + + Inactive firewall + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 200 + 91 + + + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + 5 + 5 + 0 + 0 + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 6 + + + + + + 5 + 5 + 0 + 0 + + + + + 150 + 32767 + + + + Name: + + + false + + + + + + + + 1 + 0 + 0 + 0 + + + + + + + + + 1 + 0 + 0 + 0 + + + + + + + + + 5 + 5 + 0 + 0 + + + + + 150 + 32767 + + + + Library: + + + false + + + + + + + + 5 + 5 + 0 + 0 + + + + + 150 + 32767 + + + + Platform: + + + false + + + + + + + + 1 + 0 + 0 + 0 + + + + + + + + + 5 + 5 + 0 + 0 + + + + + 150 + 32767 + + + + Version: + + + false + + + + + + + + 1 + 0 + 0 + 0 + + + + + + + + + 1 + 0 + 0 + 0 + + + + + + + + + 5 + 5 + 0 + 0 + + + + + 150 + 32767 + + + + Host OS: + + + false + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 40 + + + + + + + + + + + Comment: + + + false + + + + + + + + 7 + 7 + 0 + 100 + + + + + 200 + 0 + + + + true + + + + + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 16 + 302 + + + + + + + + + obj_name + libs + platform + version + hostOS + osAdvanced + fwAdvanced + inactive + comment + + + + + fwAdvanced + clicked() + FirewallDialog_q + openFWDialog() + + + 20 + 20 + + + 20 + 20 + + + + + osAdvanced + clicked() + FirewallDialog_q + openOSDialog() + + + 20 + 20 + + + 20 + 20 + + + + + inactive + toggled(bool) + FirewallDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + comment + textChanged() + FirewallDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + obj_name + textChanged(QString) + FirewallDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + libs + activated(int) + FirewallDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + platform + activated(int) + FirewallDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + version + activated(int) + FirewallDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + hostOS + activated(int) + FirewallDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/freebsdAdvancedDialog.cpp b/src/gui/freebsdAdvancedDialog.cpp new file mode 100644 index 000000000..00366a826 --- /dev/null +++ b/src/gui/freebsdAdvancedDialog.cpp @@ -0,0 +1,120 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: freebsdAdvancedDialog.cpp,v 1.4 2006/03/16 05:38:14 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "platforms.h" + +#include "freebsdAdvancedDialog.h" +#include "ObjectManipulator.h" + +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Management.h" + +#include +#include +#include +#include +#include +#include + + +using namespace std; +using namespace libfwbuilder; + +freebsdAdvancedDialog::~freebsdAdvancedDialog() +{ + delete m_dialog; +} + +freebsdAdvancedDialog::freebsdAdvancedDialog(QWidget *parent,FWObject *o) + : QDialog(parent) +{ + m_dialog = new Ui::freebsdAdvancedDialog_q; + m_dialog->setupUi(this); + + obj=o; + + FWOptions *fwopt=(Firewall::cast(obj))->getOptionsObject(); + assert(fwopt!=NULL); + + Management *mgmt=(Firewall::cast(obj))->getManagementObject(); + assert(mgmt!=NULL); + + QStringList threeStateMapping; + + threeStateMapping.push_back(QObject::tr("No change")); + threeStateMapping.push_back(""); + + threeStateMapping.push_back(QObject::tr("On")); + threeStateMapping.push_back("1"); + + threeStateMapping.push_back(QObject::tr("Off")); + threeStateMapping.push_back("0"); + + + data.registerOption( m_dialog->freebsd_ip_sourceroute, + fwopt, "freebsd_ip_sourceroute", threeStateMapping); + data.registerOption( m_dialog->freebsd_ip_redirect, + fwopt, "freebsd_ip_redirect", threeStateMapping); + data.registerOption( m_dialog->freebsd_ip_forward, + fwopt, "freebsd_ip_forward", threeStateMapping); + + data.registerOption( m_dialog->freebsd_path_ipnat, + fwopt, "freebsd_path_ipnat"); + data.registerOption( m_dialog->freebsd_path_sysctl, + fwopt,"freebsd_path_sysctl"); + data.registerOption( m_dialog->freebsd_path_ipf, + fwopt, "freebsd_path_ipf"); + data.registerOption( m_dialog->freebsd_path_ipfw, + fwopt, "freebsd_path_ipfw"); + + + data.loadAll(); +} + +/* + * store all data in the object + */ +void freebsdAdvancedDialog::accept() +{ + FWOptions *fwopt=(Firewall::cast(obj))->getOptionsObject(); + assert(fwopt!=NULL); + + Management *mgmt=(Firewall::cast(obj))->getManagementObject(); + assert(mgmt!=NULL); + + data.saveAll(); + om->updateLastModifiedTimestampForAllFirewalls(obj); + + QDialog::accept(); +} + +void freebsdAdvancedDialog::reject() +{ + QDialog::reject(); +} + + diff --git a/src/gui/freebsdAdvancedDialog.h b/src/gui/freebsdAdvancedDialog.h new file mode 100644 index 000000000..488eb14aa --- /dev/null +++ b/src/gui/freebsdAdvancedDialog.h @@ -0,0 +1,59 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: freebsdAdvancedDialog.h,v 1.1 2004/05/11 04:45:38 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __FREEBSDADVANCEDDIALOG_H_ +#define __FREEBSDADVANCEDDIALOG_H_ + +#include +#include "DialogData.h" +#include + +namespace libfwbuilder { + class FWObject; +}; + +class freebsdAdvancedDialog : public QDialog +{ + Q_OBJECT + + libfwbuilder::FWObject *obj; + DialogData data; + Ui::freebsdAdvancedDialog_q *m_dialog; + + public: + freebsdAdvancedDialog(QWidget *parent,libfwbuilder::FWObject *o); + ~freebsdAdvancedDialog(); + +protected slots: + + virtual void accept(); + virtual void reject(); + + +}; + +#endif // __FREEBSDADVANCEDDIALOG_H + diff --git a/src/gui/freebsdadvanceddialog_q.ui b/src/gui/freebsdadvanceddialog_q.ui new file mode 100644 index 000000000..2c1df2964 --- /dev/null +++ b/src/gui/freebsdadvanceddialog_q.ui @@ -0,0 +1,499 @@ + + freebsdAdvancedDialog_q + + + + 0 + 0 + 401 + 320 + + + + FreeBSD: advanced settings + + + + 11 + + + 6 + + + + + 0 + + + 6 + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + &OK + + + + + + true + + + true + + + + + + + &Cancel + + + + + + true + + + + + + + + + QTabWidget::Rounded + + + 0 + + + + Options + + + + 6 + + + 6 + + + + + Forward source routed packets + + + Qt::AlignCenter + + + false + + + + + + + Generate ICMP redirects + + + Qt::AlignCenter + + + false + + + + + + + Packet forwarding + + + Qt::AlignCenter + + + false + + + + + + + + No change + + + + + On + + + + + Off + + + + + + + + + No change + + + + + On + + + + + Off + + + + + + + + Qt::Horizontal + + + QSizePolicy::Fixed + + + + 151 + 20 + + + + + + + + + No change + + + + + On + + + + + Off + + + + + + + + Qt::Vertical + + + QSizePolicy::Fixed + + + + 20 + 20 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 40 + + + + + + + + + Path + + + + 6 + + + 6 + + + + + + 5 + 0 + 0 + 0 + + + + Specify directory path and a file name for the following utilities on the OS your firewall machine is running. Leave these empty if you want to use default values. + + + Qt::AlignCenter + + + true + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 40 + + + + + + + + + 0 + 0 + 0 + 0 + + + + + 200 + 0 + + + + + + + + ipnat: + + + Qt::AlignCenter + + + false + + + + + + + sysctl: + + + Qt::AlignCenter + + + false + + + + + + + + 200 + 0 + + + + + + + + ipf: + + + Qt::AlignCenter + + + false + + + + + + + + 200 + 0 + + + + + + + + ipfw: + + + Qt::AlignCenter + + + false + + + + + + + + 0 + 0 + 0 + 0 + + + + + 200 + 0 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + + + + + tabWidget5 + freebsd_ip_forward + freebsd_ip_sourceroute + freebsd_ip_redirect + buttonOk + buttonCancel + freebsd_path_ipf + freebsd_path_ipnat + freebsd_path_sysctl + + + + + buttonOk + clicked() + freebsdAdvancedDialog_q + accept() + + + 20 + 20 + + + 20 + 20 + + + + + buttonCancel + clicked() + freebsdAdvancedDialog_q + reject() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/fwobjectdroparea_q.ui b/src/gui/fwobjectdroparea_q.ui new file mode 100644 index 000000000..b9c512641 --- /dev/null +++ b/src/gui/fwobjectdroparea_q.ui @@ -0,0 +1,37 @@ + + + + + FWObjectDropArea_q + + + + 0 + 0 + 142 + 102 + + + + + 1 + 1 + 0 + 0 + + + + + 100 + 100 + + + + Form1 + + + true + + + + diff --git a/src/gui/global.h b/src/gui/global.h new file mode 100644 index 000000000..164e3b414 --- /dev/null +++ b/src/gui/global.h @@ -0,0 +1,81 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: global.h,v 1.25 2006/06/14 03:46:38 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#ifndef __GLOBAL_DEFS_ +#define __GLOBAL_DEFS_ + +#include + +class QApplication; +class FWWindow; +class ObjectManipulator; +class ObjectEditor; +class ObjectInfo; +class QTextEdit; +class FWBSettings; +class findDialog; +class listOfLibraries; +class ActionsDialog; + +extern QApplication *app; +extern FWWindow *mw; +extern ObjectManipulator *om; +extern ObjectEditor *oe; +extern ActionsDialog *ap; +extern QTextEdit *oi; +extern FWBSettings *st; +extern findDialog *fd; + +extern listOfLibraries *addOnLibs; + + +extern std::string appRootDir; +extern std::string userDataDir; +extern std::string respath; +extern std::string localepath; +extern std::string librespath; +extern std::string sysfname; +extern std::string tempfname; +extern std::string argv0; +extern std::string ee; +extern int fwbdebug; +extern bool registered; +extern bool gui_experiment1; + +#define STANDARD_LIB "syslib000" +#define USER_LIB "syslib001" +#define TEMPLATE_LIB "syslib100" +#define DELETED_LIB "sysid99" + + +#ifdef NDEBUG +# undef NDEBUG +# include +# define NDEBUG +#else +# include +#endif + +#endif diff --git a/src/gui/groupobjectdialog_q.ui b/src/gui/groupobjectdialog_q.ui new file mode 100644 index 000000000..0849d2d29 --- /dev/null +++ b/src/gui/groupobjectdialog_q.ui @@ -0,0 +1,482 @@ + + GroupObjectDialog_q + + + true + + + + 0 + 0 + 924 + 253 + + + + + 1 + 5 + 0 + 0 + + + + Group + + + + 11 + + + 6 + + + + + 0 + + + 6 + + + + + + 5 + 0 + 0 + 0 + + + + QFrame::Box + + + QFrame::Sunken + + + + 5 + + + 6 + + + + + + 75 + true + + + + Group + + + false + + + + + + + + 0 + 0 + 0 + 0 + + + + + + + true + + + false + + + + + + + + + + + 7 + 7 + 0 + 0 + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 10 + + + + + Comment: + + + false + + + + + + + + 2 + + + 2 + + + + + + 0 + 5 + 0 + 0 + + + + + 20 + 0 + + + + I + + + true + + + true + + + true + + + false + + + + + + + + 0 + 5 + 0 + 0 + + + + + 20 + 0 + + + + L + + + true + + + true + + + 100 + + + false + + + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 230 + 20 + + + + + + + + + 5 + 7 + 0 + 0 + + + + + 200 + 0 + + + + true + + + + + + + + 5 + 7 + 0 + 0 + + + + + 250 + 100 + + + + true + + + + + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 6 + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 31 + + + + + + + + Library: + + + false + + + + + + + + 5 + 0 + 0 + 0 + + + + + 120 + 0 + + + + 0 + + + + + + + + 5 + 0 + 0 + 0 + + + + + 120 + 0 + + + + + + + + Name: + + + false + + + + + + + + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + obj_name + libs + comment + + + ObjectListView.h + + + + + obj_name + textChanged(QString) + GroupObjectDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + comment + textChanged() + GroupObjectDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + libs + activated(int) + GroupObjectDialog_q + libChanged() + + + 20 + 20 + + + 20 + 20 + + + + + iconViewBtn + clicked() + GroupObjectDialog_q + switchToIconView() + + + 20 + 20 + + + 20 + 20 + + + + + listViewBtn + clicked() + GroupObjectDialog_q + switchToListView() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/gui.cw b/src/gui/gui.cw new file mode 100644 index 000000000..411c9626d --- /dev/null +++ b/src/gui/gui.cw @@ -0,0 +1,41 @@ + + + + findObjectWidget_q +
    findobjectwidget_q.h
    + + 1 + 0 + + 1 + + 0 + 0 + + + 789c7dd2c98eda401080e13b4f618d6f28626c8c37453960cf35518e91a21cbabbbab159bc2f4094774f55616066d04c09097e7dd0edb6799e5bbf7e7eb7e6cfb3b6135dae2c9589c69a437f389c7efff9f677f6b4f42d7c794bcb7dfa327b5a58cafa51169a3ea7f8d9f642cff3984a4a3ff2a4ab28cf9c2650317fd9a60c9c48a88072cde9862bb9a23c51864134e59133f65dc7a36c29232102e0dff69c3a3697a546cad8151242ca827319f9a14f59737a42a898f2c01907e02c29334e255d60dd520a470a059486d39311706a4e21b57628f79472192d1d3e7ec5b95281e6236c387d2520a2dc512a37761cfe2d5c121ccdfb2ace107ccdb74e7202c49af71594e0025c32e7f4c1185e2ae1947a65f8440da576f1eef0650c9c421bc397d1519ac04486377ae1c489f93216b7b1a799f21d0aa9406b233ec5cd8768b27cb37d8dbbfd7e7f3814256265ea46e9fa8ebba2acdaae4355aa32fd90c3b6be229a1063d70da4885d23406f6d46b46618cc3034f9119730fde97c5e9f4e8cfba21c86ae6b9b2497702c525dbfc50e97a4070d156295f5279a37080015a3ceeabeaf2f7898b0aa2a6d10153e429cf68a035e8c8d4fc26488522af21b264992db59968d2322ee4ddcaef9287467a46ac7716cd1923c2796132ef07450b5386829ad427e45523d595a3609fb0d17479e22edd2f4a56c1af23b4e8f0c8f545eb4691e90f625a5f707b4d738a4f4fe0ea7217dfc9bdc352d3fc445597e828b3425fcf775f61fb8fe4c11 + + enableAll() + public + disableAll() +     + + FWObjectDropArea +
    FWObjectDropArea.h
    + + -1 + 2 + + 1 + + 0 + 5 + + + 789c7dd14baf9a4014c0f1bd9f82c8ce345e1c6084345d7075dba6cb264d17675ebc45117cdca6dfbd738e7a0bdcd4890bfffe9c17bc2c9c1fdfbf3a8b97d9b1832e978ecca07516aaafebebcf5f5f7ecfe62c74ecc767ce6afe6936771de97c6b761abf2fed77373411488e79c4e41ed7b1c1dcde72ed8b107347c979c415668bb90ea29560981d66c4e295a0b91b4a00ae68e59ad2c42178980d66ecc14a469825e51a40fa98052670c1a5c034f78c95c44c31852f99a25369ca40721d60e694462a458754f7d49a36929832528106cc8452b280c59882522bd0b4ef89d2f88cd19f7b4cb50a3c460a94bed29aee7ba60cc390d1212f94c00da36364b7d4bea16775a5b48f9dd1dc374ced29ae492b4adfbe04bae02b65a0bddba9f694c278866e74c03481e18674f96fb8a34108c23e176d4f6cc43384f4096679f1016551a6886525d3728a79bd2b119b3de4a69cce4ccb141f6173a8204f8be5103390f81a2db6c763dbb5631469912396168fed0465bd2bf0c045d7b61f6716756a57d669d1374d33c62a13b994a87d6f8ce92698010821e5e9d4f7fdf97cb95caed7777c4b92c46a92a0ded132e1fe151192095e6f58d9dfedd28876ebcd18f7fbaaa28d4fbd1062b31d2e7b786896f500b0d9ba2eda1def4a9c6588ee005189ab07ba031c7075c3c73d379331c2e5763206e8fe6f3cc73f9f677f01b5d841ae + + objectInserted() + objectDeleted() +     +     +     diff --git a/src/gui/gui.pro b/src/gui/gui.pro new file mode 100644 index 000000000..053ccc72d --- /dev/null +++ b/src/gui/gui.pro @@ -0,0 +1,314 @@ +#-*- mode: makefile; tab-width: 4; -*- +# +# +TEMPLATE = app +LANGUAGE = C++ +QT += network + +HEADERS += ../../config.h \ + utils.h \ + utils_no_qt.h \ + Importer.h \ + IOSImporter.h \ + SSHSession.h \ + SSHUnx.h \ + SSHPIX.h \ + SSHIOS.h \ + debugDialog.h \ + findDialog.h \ + longTextDialog.h \ + newGroupDialog.h \ + filePropDialog.h \ + DialogData.h \ + InterfaceData.h \ + execDialog.h \ + SimpleTextEditor.h \ + SimpleIntEditor.h \ + FWBSettings.h \ + FWBTree.h \ + RCS.h \ + RCSFileDialog.h \ + RCSFilePreview.h \ + FWObjectClipboard.h \ + platforms.h \ + global.h \ + FWWindow.h \ + printerStream.h \ + PrintingProgressDialog.h \ + FWObjectPropertiesFactory.h \ + ObjectManipulator.h \ + ObjectEditor.h \ + FWObjectDrag.h \ + ObjectTreeView.h \ + ObjectListView.h \ + ObjectIconView.h \ + ObjectTreeViewItem.h \ + InstallFirewallViewItem.h \ + DialogFactory.h \ + HostDialog.h \ + FirewallDialog.h \ + InterfaceDialog.h \ + AddressRangeDialog.h \ + AddressTableDialog.h \ + IPv4Dialog.h \ + PhysicalAddressDialog.h \ + NetworkDialog.h \ + LibraryDialog.h \ + CustomServiceDialog.h \ + IPServiceDialog.h \ + ICMPServiceDialog.h \ + TCPServiceDialog.h \ + UDPServiceDialog.h \ + GroupObjectDialog.h \ + ObjectIconViewItem.h \ + TimeDialog.h \ + RuleSetView.h \ + inplaceComboBox.h \ + iptAdvancedDialog.h \ + ipfAdvancedDialog.h \ + ipfwAdvancedDialog.h \ + pfAdvancedDialog.h \ + pixAdvancedDialog.h \ + pixosAdvancedDialog.h \ + iosaclAdvancedDialog.h \ + iosAdvancedDialog.h \ + linux24AdvancedDialog.h \ + linksysAdvancedDialog.h \ + freebsdAdvancedDialog.h \ + openbsdAdvancedDialog.h \ + solarisAdvancedDialog.h \ + macosxAdvancedDialog.h \ + RuleOptionsDialog.h \ + RoutingRuleOptionsDialog.h \ + NATRuleOptionsDialog.h \ + LibExportDialog.h \ + PrefsDialog.h \ + instConf.h \ + instDialog.h \ + newFirewallDialog.h \ + newHostDialog.h \ + ObjConflictResolutionDialog.h \ + listOfLibraries.h \ + ColorLabelMenuItem.h \ + TagServiceDialog.h \ + ActionsDialog.h \ + SimpleTextView.h \ + DiscoveryDruid.h \ + DNSNameDialog.h \ + instOptionsDialog.h \ + instBatchOptionsDialog.h \ + FilterDialog.h \ + FindObjectWidget.h \ + FWObjectDropArea.h \ + CommentEditorPanel.h \ + MetricEditorPanel.h \ + FindWhereUsedWidget.h \ + ConfirmDeleteObjectDialog.h \ + FakeWizard.h \ + FWBAboutDialog.h +# ..\common\commoninit.h + +SOURCES += main.cpp \ + utils.cpp \ + utils_no_qt.cpp \ + Importer.cpp \ + IOSImporter.cpp \ + IOSImporterRun.cpp \ + SSHSession.cpp \ + SSHUnx.cpp \ + SSHPIX.cpp \ + SSHIOS.cpp \ + debugDialog.cpp \ + findDialog.cpp \ + longTextDialog.cpp \ + newGroupDialog.cpp \ + filePropDialog.cpp \ + DialogData.cpp \ + InterfaceData.cpp \ + execDialog.cpp \ + SimpleTextEditor.cpp \ + SimpleIntEditor.cpp \ + FWBSettings.cpp \ + FWBTree.cpp \ + RCS.cpp \ + RCSFileDialog.cpp \ + RCSFilePreview.cpp \ + FWObjectClipboard.cpp \ + platforms.cpp \ + FWWindow.cpp \ + FWWindowPrint.cpp \ + printerStream.cpp \ + PrintingProgressDialog.cpp \ + FWObjectPropertiesFactory.cpp \ + ObjectManipulator.cpp \ + ObjectEditor.cpp \ + FWObjectDrag.cpp \ + ObjectTreeView.cpp \ + ObjectListView.cpp \ + ObjectIconView.cpp \ + DialogFactory.cpp \ + HostDialog.cpp \ + FirewallDialog.cpp \ + InterfaceDialog.cpp \ + AddressRangeDialog.cpp \ + AddressTableDialog.cpp \ + IPv4Dialog.cpp \ + PhysicalAddressDialog.cpp \ + NetworkDialog.cpp \ + LibraryDialog.cpp \ + CustomServiceDialog.cpp \ + IPServiceDialog.cpp \ + ICMPServiceDialog.cpp \ + TCPServiceDialog.cpp \ + UDPServiceDialog.cpp \ + GroupObjectDialog.cpp \ + TimeDialog.cpp \ + RuleSetView.cpp \ + inplaceComboBox.cpp \ + iptAdvancedDialog.cpp \ + ipfAdvancedDialog.cpp \ + ipfwAdvancedDialog.cpp \ + pfAdvancedDialog.cpp \ + pixAdvancedDialog.cpp \ + pixosAdvancedDialog.cpp \ + iosaclAdvancedDialog.cpp \ + iosAdvancedDialog.cpp \ + linux24AdvancedDialog.cpp \ + linksysAdvancedDialog.cpp \ + freebsdAdvancedDialog.cpp \ + openbsdAdvancedDialog.cpp \ + solarisAdvancedDialog.cpp \ + macosxAdvancedDialog.cpp \ + RuleOptionsDialog.cpp \ + RoutingRuleOptionsDialog.cpp \ + NATRuleOptionsDialog.cpp \ + LibExportDialog.cpp \ + PrefsDialog.cpp \ + instConf.cpp \ + instDialog.cpp \ + newFirewallDialog.cpp \ + newHostDialog.cpp \ + ObjConflictResolutionDialog.cpp \ + listOfLibraries.cpp \ + ColorLabelMenuItem.cpp \ + TagServiceDialog.cpp \ + ActionsDialog.cpp \ + SimpleTextView.cpp \ + DiscoveryDruid.cpp \ + DNSNameDialog.cpp \ + ObjectTreeViewItem.cpp \ + InstallFirewallViewItem.cpp \ + instOptionsDialog.cpp \ + instBatchOptionsDialog.cpp \ + FilterDialog.cpp \ + FindObjectWidget.cpp \ + FWObjectDropArea.cpp \ + CommentEditorPanel.cpp \ + MetricEditorPanel.cpp \ + FindWhereUsedWidget.cpp \ + ConfirmDeleteObjectDialog.cpp \ + FakeWizard.cpp + +FORMS = FWBMainWindow_q.ui \ + execdialog_q.ui \ + customservicedialog_q.ui \ + ipservicedialog_q.ui \ + icmpservicedialog_q.ui \ + tcpservicedialog_q.ui \ + udpservicedialog_q.ui \ + groupobjectdialog_q.ui \ + librarydialog_q.ui \ + ipv4dialog_q.ui \ + addressrangedialog_q.ui \ + addresstabledialog_q.ui \ + networkdialog_q.ui \ + hostdialog_q.ui \ + firewalldialog_q.ui \ + interfacedialog_q.ui \ + physaddressdialog_q.ui \ + timedialog_q.ui \ + rcsfilepreview_q.ui \ + rcsfilesavedialog_q.ui \ + iptadvanceddialog_q.ui \ + objectmanipulator_q.ui \ + prefsdialog_q.ui \ + pixadvanceddialog_q.ui \ + pixosadvanceddialog_q.ui \ + iosacladvanceddialog_q.ui \ + iosadvanceddialog_q.ui \ + simpletexteditor_q.ui \ + simpleinteditor_q.ui \ + aboutdialog_q.ui \ + libexport_q.ui \ + ruleoptionsdialog_q.ui \ + routingruleoptionsdialog_q.ui \ + instdialog_q.ui \ + objconflictresolutiondialog_q.ui \ + newfirewalldialog_q.ui \ + finddialog_q.ui \ + ipfadvanceddialog_q.ui \ + ipfwadvanceddialog_q.ui \ + pfadvanceddialog_q.ui \ + linux24advanceddialog_q.ui \ + solarisadvanceddialog_q.ui \ + freebsdadvanceddialog_q.ui \ + openbsdadvanceddialog_q.ui \ + macosxadvanceddialog_q.ui \ + colorlabelmenuitem_q.ui \ + debugdialog_q.ui \ + filepropdialog_q.ui \ + askrulenumberdialog_q.ui \ + newgroupdialog_q.ui \ + newhostdialog_q.ui \ + longtextdialog_q.ui \ + linksysadvanceddialog_q.ui \ + printingprogressdialog_q.ui \ + pagesetupdialog_q.ui \ + dnsnamedialog_q.ui \ + tagservicedialog_q.ui \ + actionsdialog_q.ui \ + simpletextview_q.ui \ + discoverydruid_q.ui \ + filterdialog_q.ui \ + natruleoptionsdialog_q.ui \ + instoptionsdialog_q.ui \ + findobjectwidget_q.ui \ + fwobjectdroparea_q.ui \ + commenteditorpanel_q.ui \ + metriceditorpanel_q.ui \ + findwhereusedwidget_q.ui \ + confirmdeleteobjectdialog_q.ui + + HEADERS += IPTImporter.h + SOURCES += IPTImporter.cpp IPTImporterRun.cpp + +# +include(../../qmake.inc) +# +exists(qmake.inc) { + include( qmake.inc) +} + +# +# +# +# +TARGET = fwbuilder4 +# + +contains( HAVE_ANTLR_RUNTIME, 1 ) { + INCLUDEPATH += $$ANTLR_INCLUDEPATH + LIBS += $$FWBPARSER_LIB $$ANTLR_LIBS + DEFINES += $$ANTLR_DEFINES +} + +#unix { +# !macx { +# # } +#} + +QMAKE_COPY = ../../install.sh -m 0755 -s + +RESOURCES += MainRes.qrc + + diff --git a/src/gui/hostdialog_q.ui b/src/gui/hostdialog_q.ui new file mode 100644 index 000000000..ec00537f8 --- /dev/null +++ b/src/gui/hostdialog_q.ui @@ -0,0 +1,355 @@ + + HostDialog_q + + + true + + + + 0 + 0 + 563 + 247 + + + + Host + + + + 11 + + + 11 + + + 11 + + + 11 + + + + + + + + 0 + 0 + + + + QFrame::Box + + + QFrame::Sunken + + + + 5 + + + 5 + + + 5 + + + 5 + + + + + + 75 + true + + + + Host + + + false + + + + + + + + 0 + 0 + + + + + + + true + + + false + + + + + + + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 11 + + + 11 + + + 11 + + + 10 + + + 10 + + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 11 + + + 11 + + + 11 + + + + + MAC matching + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 30 + + + + + + + + Name: + + + false + + + + + + + Library: + + + false + + + + + + + + 0 + 0 + + + + + + + + + 0 + 0 + + + + + + + + + + + + 0 + 100 + + + + + 200 + 0 + + + + true + + + + + + + Comment: + + + false + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 0 + 20 + + + + + + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + obj_name + libs + MACmatching + comment + + + + + + obj_name + textChanged(QString) + HostDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + libs + activated(int) + HostDialog_q + libChanged() + + + 20 + 20 + + + 20 + 20 + + + + + MACmatching + stateChanged(int) + HostDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + comment + textChanged() + HostDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/icmpservicedialog_q.ui b/src/gui/icmpservicedialog_q.ui new file mode 100644 index 000000000..127e0167b --- /dev/null +++ b/src/gui/icmpservicedialog_q.ui @@ -0,0 +1,436 @@ + + ICMPServiceDialog_q + + + true + + + + 0 + 0 + 562 + 261 + + + + + 1 + 5 + 0 + 0 + + + + ICMP + + + + 11 + + + 6 + + + + + 0 + + + 6 + + + + + + 5 + 0 + 0 + 0 + + + + QFrame::Box + + + QFrame::Sunken + + + + 5 + + + 6 + + + + + + 75 + true + + + + ICMP Service + + + false + + + + + + + + 0 + 0 + 0 + 0 + + + + + + + true + + + false + + + + + + + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 10 + + + + + + 7 + 7 + 0 + 0 + + + + + 200 + 0 + + + + true + + + + + + + Comment: + + + false + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 0 + 20 + + + + + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 6 + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + + 5 + 5 + 0 + 0 + + + + Name: + + + false + + + + + + + + 7 + 0 + 0 + 0 + + + + + + + + Library: + + + false + + + + + + + + + + ICMP Type: + + + false + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 55 + 20 + + + + + + + + any + + + 255 + + + -1 + + + + + + + ICMP Code: + + + false + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 53 + 20 + + + + + + + + any + + + 255 + + + -1 + + + + + + + + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + + obj_name + libs + icmpType + icmpCode + comment + + + + + obj_name + textChanged(QString) + ICMPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + icmpType + valueChanged(int) + ICMPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + icmpCode + valueChanged(int) + ICMPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + comment + textChanged() + ICMPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + libs + activated(int) + ICMPServiceDialog_q + libChanged() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/inplaceComboBox.cpp b/src/gui/inplaceComboBox.cpp new file mode 100644 index 000000000..45deb4310 --- /dev/null +++ b/src/gui/inplaceComboBox.cpp @@ -0,0 +1,88 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: inplaceComboBox.cpp,v 1.2 2006/10/22 04:39:36 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "inplaceComboBox.h" + +#include +#include +#include "qcombobox.h" +#include "qlayout.h" + +inplaceComboBox::inplaceComboBox( QWidget* parent, const char* name, Qt::WindowFlags fl ) + : QFrame( parent, fl ) +{ + + if ( !name ) + setObjectName( "inplaceComboBox" ); + else + setObjectName(name); + +// setPaletteBackgroundColor( QColor( 255, 255, 255 ) ); + setFocusPolicy( Qt::StrongFocus ); + qLayout = new QGridLayout( this ); + qLayout->setObjectName("qLayout"); + qLayout->setMargin( 0 ); + qLayout->setSpacing( 0 ); + + layout1 = new QVBoxLayout( 0 ); + layout1->setMargin( 0 ); + layout1->setSpacing( 0 ); + layout1->setObjectName( "layout1" ); + + comboBox = new QComboBox( this ); + comboBox->setEditable( FALSE ); + comboBox->setObjectName( "comboBox" ); + + QSizePolicy p = QSizePolicy( QSizePolicy::Preferred, QSizePolicy::Preferred ); //5, 5 + p.setHorizontalStretch(0); + p.setVerticalStretch(0); + p.setHeightForWidth(comboBox->sizePolicy().hasHeightForWidth()); + + comboBox->setSizePolicy( p ); + + comboBox->setFocusPolicy( Qt::WheelFocus ); + + layout1->addWidget( comboBox ); + QSpacerItem* spacer = new QSpacerItem( 20, 40, QSizePolicy::Minimum, QSizePolicy::Expanding ); + layout1->addItem( spacer ); + + qLayout->addLayout( layout1, 0, 0 ); + //setWindowState( WState_Polished ); + ensurePolished(); +} + +void inplaceComboBox::insertItem( const QPixmap &pm, const QString &txt, int index) +{ + if (index > -1) + comboBox->insertItem(index, QIcon(pm), txt); + else + comboBox->addItem(QIcon(pm), txt); + + comboBox->setFixedHeight(pm.height()+4); +} + +int inplaceComboBox::currentIndex() { return comboBox->currentIndex(); } + +void inplaceComboBox::setCurrentIndex( int index ) { comboBox->setCurrentIndex(index); } diff --git a/src/gui/inplaceComboBox.h b/src/gui/inplaceComboBox.h new file mode 100644 index 000000000..e67bc0c31 --- /dev/null +++ b/src/gui/inplaceComboBox.h @@ -0,0 +1,59 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: inplaceComboBox.h,v 1.2 2004/01/13 07:21:18 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __INPLACECOMBOBOX_H_ +#define __INPLACECOMBOBOX_H_ + +#include "qframe.h" + +class QVBoxLayout; +class QHBoxLayout; +class QGridLayout; +class QComboBox; +class QPixmap; + +class inplaceComboBox : public QFrame +{ + + QComboBox *comboBox; + + protected: + QGridLayout* qLayout; + QVBoxLayout* layout1; + + public: + + inplaceComboBox(QWidget *p=0, const char* name = 0, Qt::WindowFlags f = 0); + + void insertItem( const QPixmap &pm, const QString &txt, int index=-1); + + + int currentIndex(); + void setCurrentIndex( int index ); + +}; + +#endif diff --git a/src/gui/instBatchOptionsDialog.cpp b/src/gui/instBatchOptionsDialog.cpp new file mode 100644 index 000000000..f8be37ff7 --- /dev/null +++ b/src/gui/instBatchOptionsDialog.cpp @@ -0,0 +1,58 @@ +/* + + Firewall Builder + + Copyright (C) 2006 NetCitadel, LLC + + Author: Illiya Yalovoy + + $Id: instBatchOptionsDialog.cpp,v 1.5 2007/05/11 02:14:29 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "utils.h" +#include "platforms.h" +#include "definitions.h" + +#include "instBatchOptionsDialog.h" + +#include +#include +#include + +#include + +using namespace std; +using namespace libfwbuilder; + +instBatchOptionsDialog::instBatchOptionsDialog(QWidget *parent, instConf *_cnf) : + instOptionsDialog(parent, _cnf) +{ + m_dialog->dialogTitleLine->setText(QString("

    ")+ + tr("Batch install options")+ + QString("

    ") + ); + // must reset alt address in the dialog even though it is + // hidden. This is because we read it in instDialog::doInstallPage + // regardless of wether we perform batch install or not. + m_dialog->altAddress->setText(""); + m_dialog->altAddressLabel->hide(); + m_dialog->altAddress->hide(); + +} + diff --git a/src/gui/instBatchOptionsDialog.h b/src/gui/instBatchOptionsDialog.h new file mode 100644 index 000000000..e728d89e1 --- /dev/null +++ b/src/gui/instBatchOptionsDialog.h @@ -0,0 +1,46 @@ +/* + + Firewall Builder + + Copyright (C) 2006 NetCitadel, LLC + + Author: Illiya Yalovoy + + $Id: instBatchOptionsDialog.h,v 1.3 2007/05/11 02:14:29 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __INSTBATCHOPTIONSDIALOG_H_ +#define __INSTBATCHOPTIONSDIALOG_H_ + +#include "config.h" +#include + +class instConf; + +class instBatchOptionsDialog : public instOptionsDialog +{ + Q_OBJECT + private: + + public: + instBatchOptionsDialog(QWidget *parent, instConf *_cnf); + + +}; + +#endif diff --git a/src/gui/instConf.cpp b/src/gui/instConf.cpp new file mode 100644 index 000000000..be14f2c82 --- /dev/null +++ b/src/gui/instConf.cpp @@ -0,0 +1,89 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: instConf.cpp,v 1.5 2007/05/11 03:39:25 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + + +#include "../../config.h" +#include "global.h" +#include "utils.h" + +#include "instConf.h" + +#include "fwbuilder/Resources.h" +#include "fwbuilder/FWException.h" +#include "fwbuilder/Firewall.h" + +#include + +#include +#include +#include + +using namespace std; +using namespace libfwbuilder; + +instConf::instConf() +{ + quiet=false; + verbose=false; + debug=0; + incremental=false; + dry_run=false; + saveStandby=false; + save_diff=false; + diff_pgm=""; + no_gui=false; + backup=false; + backup_file=""; + wdir="./"; + fwobj=NULL; + maddr=""; + user=""; + batchInstall=false; +} + +QString instConf::getCmdFromResource(const QString &resource_name) +{ + if (fwbdebug) + qDebug(QString("instConf::getCmdFromResource testRun=%1 resource_name=%2"). + arg(testRun).arg(resource_name).toAscii().constData()); + + string optpath_root = "activation/reg_user/"; + string optpath; + + if (testRun) + optpath_root = optpath_root + "test"; + else + optpath_root = optpath_root + "run"; + optpath = optpath_root + "/" + resource_name.toAscii().constData(); + QString cmd = Resources::getTargetOptionStr(fwobj->getStr("host_OS"), + optpath).c_str(); + cmd = cmd.trimmed(); + if (fwbdebug) + qDebug(QString("instConf::getCmdFromResource cmd=%1").arg(cmd).toAscii().constData()); + + return cmd; +} + diff --git a/src/gui/instConf.h b/src/gui/instConf.h new file mode 100644 index 000000000..3399cd200 --- /dev/null +++ b/src/gui/instConf.h @@ -0,0 +1,84 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: instConf.h,v 1.12 2007/05/11 02:14:29 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __INSTCONF_H_ +#define __INSTCONF_H_ + +#include +#include + +namespace libfwbuilder { + class Firewall; +}; + +class instConf { + + public: + bool quiet; + bool verbose; + int debug; + bool incremental; + bool dry_run; + bool save_diff; + bool no_gui; + bool backup; + bool stripComments; + bool compressScript; + bool copyFWB; + bool testRun; + bool rollback; + bool cancelRollbackIfSuccess; + bool saveStandby; + bool batchInstall; + + QString pgm; + QString wdir; + QString diff_pgm; + QString user; + QString activationCmd; + QString pwd; + QString epwd; + QString maddr; + QString sshArgs; + QString fwdir; + int rollbackTime; + QString rollbackTimeUnit; + + libfwbuilder::Firewall *fwobj; + + QString fwbfile; + QString conffile; + QString backup_file; + QString diff_file; + + instConf(); + + QString getCmdFromResource(const QString &resource_name); + + +}; + +#endif diff --git a/src/gui/instDialog.cpp b/src/gui/instDialog.cpp new file mode 100644 index 000000000..d7a672940 --- /dev/null +++ b/src/gui/instDialog.cpp @@ -0,0 +1,2660 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: instDialog.cpp,v 1.108 2007/07/13 05:32:55 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "../../config.h" +#include "global.h" +#include "utils.h" +#include "utils_no_qt.h" + +#include "instDialog.h" +#include "FWBSettings.h" +#include "SSHUnx.h" +#include "SSHPIX.h" +#include "SSHIOS.h" +#include "ObjectManipulator.h" +#include "FWWindow.h" +#include "InstallFirewallViewItem.h" +#include "instOptionsDialog.h" +#include "instBatchOptionsDialog.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "fwbuilder/Resources.h" +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/XMLTools.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/Management.h" + +#ifndef _WIN32 +# include // for access(2) and getdomainname +#endif + +#include +#include + +using namespace std; +using namespace libfwbuilder; + + +instDialog::instDialog(QWidget* p, BatchOperation op, t_fwSet reqFirewalls_) : QDialog(p) +{ + m_dialog = new Ui::instDialog_q; + m_dialog->setupUi(this); + + setControlWidgets(this, m_dialog->stackedWidget, + m_dialog->nextButton, + m_dialog->finishButton, + m_dialog->backButton, + m_dialog->cancelButton, + m_dialog->titleLabel); + + setWindowFlags(Qt::Dialog | Qt::WindowSystemMenuHint); + + session=NULL; + dlg=NULL; + currentLog = NULL; + currentSaveButton = NULL; + currentStopButton = NULL; + showSelectedFlag=false; + pendingLogLine = ""; + rejectDialogFlag=false; + + connect(&proc, SIGNAL(readyReadStandardOutput()), this, SLOT(readFromStdout()) ); + //connect(&proc, SIGNAL(readyReadStandardError()), this, SLOT(readFromStderr()) ); + connect(&proc, SIGNAL(finished(int,QProcess::ExitStatus)), this, SLOT(processExited(int)) ); + + proc.setProcessChannelMode(QProcess::MergedChannels); + + m_dialog->listView4->setSortingEnabled(false); + + setFinishEnabled(pageCount()-1,true); + + lastPage=-1; + reqFirewalls = reqFirewalls_; + + findFirewalls(); + if (firewalls.size()==0) + { + setTitle( pageCount()-1, tr("There is no firewalls to process.") ); + for (int i=0;ibatchInstall->setEnabled(false); + // setup wizard appropriate pages + operation=op; + + creatingTable = false; + + showPage(0); + + switch(op) + { + case BATCH_COMPILE: + { // only compilation's requested + m_dialog->selectInfoLabel->setText(tr("

    Select firewalls for compilation.

    ")); + m_dialog->batchInstFlagFrame->hide(); + setAppropriate(2,false); + + + m_dialog->selectTable->hideColumn(1); + break; + } + case BATCH_INSTALL: + { // full cycle's requested + break; + } + default : + { + setTitle( pageCount()-1, tr("Unknown operation.") ); + for (int i=0;ivalue("/FirewallBuilder2/Installer/ShowDetails" ).toBool(); + if (fs) + m_dialog->detailMCframe->show(); + else + m_dialog->detailMCframe->hide(); + + togleDetailMC(); + +} + +instDialog::~instDialog() +{ + delete m_dialog; + if (dlg) + { + delete dlg; + dlg=NULL; + } +} + +void setSuccessState(QTreeWidgetItem *item) +{ + QBrush b = item->foreground(1); + b.setColor(Qt::green); + item->setForeground(1,b); + item->setForeground(0,b); + + QFont f = item->font(1); + f.setBold(false); + item->setFont(1,f); + item->setFont(0,f); +} + +void setFailureState(QTreeWidgetItem *item) +{ + QBrush b = item->foreground(1); + b.setColor(Qt::red); + item->setForeground(1,b); + item->setForeground(0,b); + + QFont f = item->font(1); + f.setBold(false); + item->setFont(1,f); + item->setFont(0,f); +} + +void setErrorState(QTreeWidgetItem *item) +{ + QFont f = item->font(1); + f.setBold(false); + item->setFont(1,f); + item->setFont(0,f); +} + +void setInProcessState(QTreeWidgetItem *item) +{ + QFont f = item->font(1); + f.setBold(true); + item->setFont(1,f); + item->setFont(0,f); +} + +void instDialog::nextClicked() +{ + if (nextRelevant( currentPage() ) > -1) + showPage(nextRelevant( currentPage() )); +} + +void instDialog::backClicked() +{ + if (previousRelevant( currentPage() ) > -1) + showPage(previousRelevant( currentPage() )); +} + +void instDialog::togleDetailMC() +{ + if (m_dialog->detailMCframe->isVisible()) + { + m_dialog->detailsButton->setText(tr("Show details")); + m_dialog->detailMCframe->hide(); + st->setValue("/FirewallBuilder2/Installer/ShowDetails",false); + } + else + { + m_dialog->detailsButton->setText(tr("Hide details")); + m_dialog->detailMCframe->show(); + st->setValue("/FirewallBuilder2/Installer/ShowDetails",true); + } +} + +void instDialog::prepareInstConf(Firewall *) +{ + if (fwbdebug) qDebug("instDialog::prepareInstConf"); + +} + +void instDialog::prepareInstallerOptions() +{ + if (fwbdebug) qDebug("instDialog::prepareInstallerOptions"); + ready=false; + activationCommandDone=false; + FWOptions *fwopt = cnf.fwobj->getOptionsObject(); + + fwb_prompt="--**--**--"; + session = NULL; + + cnf.batchInstall = m_dialog->batchInstall->isChecked(); + + cnf.incremental = st->value("/FirewallBuilder2/Installer/incr" ).toBool(); + cnf.save_diff = st->value("/FirewallBuilder2/Installer/savediff").toBool(); + cnf.saveStandby = st->value("/FirewallBuilder2/Installer/saveStandby").toBool(); + cnf.dry_run = st->value("/FirewallBuilder2/Installer/dryrun" ).toBool(); + cnf.quiet = st->value("/FirewallBuilder2/Installer/quiet" ).toBool(); + cnf.verbose = st->value("/FirewallBuilder2/Installer/verbose" ).toBool(); + cnf.stripComments = st->value("/FirewallBuilder2/Installer/stripComments" ).toBool(); + cnf.compressScript = st->value("/FirewallBuilder2/Installer/compressScript" ).toBool(); + cnf.copyFWB = st->value("/FirewallBuilder2/Installer/copyFWB" ).toBool(); + cnf.testRun = st->value("/FirewallBuilder2/Installer/testRun" ).toBool(); + cnf.rollback = st->value("/FirewallBuilder2/Installer/rollback" ).toBool(); + cnf.rollbackTime = st->value("/FirewallBuilder2/Installer/rollbackTime").toInt(); + cnf.cancelRollbackIfSuccess = + st->value("/FirewallBuilder2/Installer/canceRollbackIfSuccess" ).toBool(); +/* TODO: set cnf.pgm to ssh path here */ + + QString platform = cnf.fwobj->getStr("platform").c_str(); + + //bool f = dlg->testRun->isChecked(); + + //QSize pix_options_frame_size = dlg->PIXgroupBox->sizeHint(); + + cnf.rollbackTimeUnit= + Resources::getTargetOptionStr(cnf.fwobj->getStr("host_OS"), + "activation/timeout_units").c_str(); + + +/* we initialize these in FWBSettings constructor on Unix, but do not + * do it on Windows since there is no standard ssh package there. User + * is supposed to fill these in in the Preferences dialog, otherwise + * they can't use installer + */ + + ssh = st->getSSHPath(); + +/* as of v2.0.3, build 437, incremental install actually installs only + * ACL and nat commands on PIX. It does not use fwb_pix_diff so there + * is no need to disable it anymore + * + if ( access(cnf.diff_pgm.latin1(), F_OK|X_OK)!=0 ) + { + cerr << "could not access " << cnf.diff_pgm << endl; + + incr->setChecked(false); + incr->setEnabled(false); + saveDiff->setChecked(false); + saveDiff->setEnabled(false); + } +*/ + + try + { + if (cnf.fwobj!=NULL && ! cnf.fwbfile.isEmpty()) + { + QString aaddr = fwopt->getStr("altAddress").c_str(); + if (!aaddr.isEmpty()) + cnf.maddr = aaddr; + else + cnf.maddr = + cnf.fwobj->getManagementAddress().toString().c_str(); + } + + setReady(true); + + } catch(FWException &ex) + { + setReady(false); + //showPage( page(1) ); + currentLog->append( ex.toString().c_str() ); + } catch (std::string s) { + setReady(false); + //showPage( page(1) ); + currentLog->append( s.c_str() ); + } catch (std::exception ex) { + setReady(false); + //showPage( page(1) ); + currentLog->append( ex.what() ); + } catch (...) { + setReady(false); + //showPage( page(1) ); + currentLog->append( QObject::tr("Unsupported exception") ); + } + +} + + +void instDialog::storeInstallerOptions() +{ + st->setValue("/FirewallBuilder2/Installer/incr", cnf.incremental); + st->setValue("/FirewallBuilder2/Installer/savediff",cnf.save_diff ); + st->setValue("/FirewallBuilder2/Installer/saveStandby",cnf.saveStandby); + st->setValue("/FirewallBuilder2/Installer/dryrun" ,cnf.dry_run ); + st->setValue("/FirewallBuilder2/Installer/quiet", cnf.quiet ); + st->setValue("/FirewallBuilder2/Installer/verbose", cnf.verbose ); + st->setValue("/FirewallBuilder2/Installer/stripComments", cnf.stripComments); + st->setValue("/FirewallBuilder2/Installer/compressScript", cnf.compressScript); + st->setValue("/FirewallBuilder2/Installer/copyFWB", cnf.copyFWB); + st->setValue("/FirewallBuilder2/Installer/testRun", cnf.testRun); + st->setValue("/FirewallBuilder2/Installer/rollback", cnf.rollback); + st->setValue("/FirewallBuilder2/Installer/rollbackTime", cnf.rollbackTime); + st->setValue("/FirewallBuilder2/Installer/canceRollbackIfSuccess", + cnf.cancelRollbackIfSuccess); +} + +void instDialog::append(const QString &s) +{ +// currentLog->moveCursor( QTextEdit::MoveEnd , false ); +// currentLog->insert( s ); + + currentLog->append( s ); +} + +void instDialog::appendRich(const QString &s) +{ + if (currentLog) currentLog->append(s); +} + + +void instDialog::summary() +{ + appendRich( "
    " + QObject::tr("Summary:") ); + if (!customScriptFlag) + { + appendRich( QObject::tr("* firewall name : %1") + .arg(cnf.fwobj->getName().c_str()) ); + appendRich( QObject::tr("* user name : %1") + .arg(cnf.user) ); + appendRich( QObject::tr("* management address : %1") + .arg(cnf.maddr) ); + appendRich( QObject::tr("* platform : %1") + .arg(cnf.fwobj->getStr("platform").c_str()) ); + appendRich( QObject::tr("* host OS : %1") + .arg(cnf.fwobj->getStr("host_OS").c_str()) ); + appendRich( QObject::tr("* Loading configuration from file %1") + .arg(cnf.fwbfile)); + + if (cnf.incremental) + { + appendRich( QObject::tr("* Incremental install")); + } + if (cnf.save_diff && cnf.incremental) + { + appendRich( + QObject::tr("* Configuration diff will be saved in file %1").arg(cnf.diff_file)); + } + if (cnf.dry_run) + { + appendRich( + QObject::tr("* Commands will not be executed on the firewall")); + } + } + else + { + appendRich( QObject::tr("* firewall name : %1") + .arg( (*opListIterator)->getName().c_str()) ); + } + appendRich("
    \n"); +} + + +void instDialog::fillCompileSelectList() +{ + if (fwbdebug) qDebug("instDialog::fillCompileSelectList"); + + compileMapping.clear(); + installMapping.clear(); + + m_dialog->selectTable->setRowCount(firewalls.size()); + + + QTableWidgetItem * citem; + + Firewall* f; + QDateTime dt; + int row=0; + + bool show_library=false; + string tmp_libname=""; + + if (fwbdebug && reqFirewalls.empty()) + qDebug("instDialog::fillCompileSelectList reqFirewalls is empty"); + + creatingTable = true; + for (std::list::iterator i=firewalls.begin(); + i!=firewalls.end(); ++i) + { + f=*i; + + time_t lm=f->getInt("lastModified"); + time_t lc=f->getInt("lastCompiled"); + time_t li=f->getInt("lastInstalled"); + + citem=new QTableWidgetItem; + citem->setText(QString::fromUtf8(f->getName().c_str())); + m_dialog->selectTable->setItem(row,2,citem); + //m_dialog->selectTable->setColumnReadOnly(2,true); + + // in fact, if someone use same names for several libraries, + // additional collumn with library names doesn't help to + // identify a firewall + if (!show_library && tmp_libname != "" && tmp_libname != f->getLibraryName()) + show_library = true; + tmp_libname = f->getLibraryName(); + + citem=new QTableWidgetItem; + citem->setText(QString::fromUtf8(tmp_libname.c_str())); + m_dialog->selectTable->setItem(row,3,citem); + //m_dialog->selectTable->setColumnReadOnly(3,true); + + citem=new QTableWidgetItem; //usual type + bool checked = (f->needsCompile() && reqFirewalls.empty() && !f->getInactive()) || + (!reqFirewalls.empty() && reqFirewalls.find(f)!=reqFirewalls.end()); + citem->setCheckState(checked?Qt::Checked:Qt::Unchecked); + m_dialog->selectTable->setItem(row,0,citem); + compileMapping[f]=citem; + + citem=new QTableWidgetItem; //usual type + checked = (operation==BATCH_INSTALL) && + ((f->needsInstall() && reqFirewalls.empty() && !f->getInactive()) || + (!reqFirewalls.empty() && reqFirewalls.find(f)!=reqFirewalls.end())); + citem->setCheckState(checked?Qt::Checked:Qt::Unchecked); + m_dialog->selectTable->setItem(row,1,citem); + installMapping[f]=citem; + + + QLabel *l; + QFont font; + + + dt.setTime_t(lm); + l=new QLabel(m_dialog->selectTable); + QPalette temp = l->palette(); + temp.setColor(QPalette::Window, Qt::white); + l->setPalette(temp); + + if (lm>lc && lm>li) {font=l->font();font.setBold(true);l->setFont(font);} + l->setText((lm)?dt.toString():QString("---")); + m_dialog->selectTable->setCellWidget(row,4,l); + + dt.setTime_t(lc); + l=new QLabel(m_dialog->selectTable); + temp = l->palette(); + temp.setColor(QPalette::Window, Qt::white); + l->setPalette(temp); + if (lc>lm && lc>li) {font=l->font();font.setBold(true);l->setFont(font);} + l->setText((lm)?dt.toString():QString("---")); + m_dialog->selectTable->setCellWidget(row,5,l); + + dt.setTime_t(li); + l=new QLabel(m_dialog->selectTable); + temp = l->palette(); + temp.setColor(QPalette::Window, Qt::white); + l->setPalette(temp); + if (li>lc && li>lm) {font=l->font();font.setBold(true);l->setFont(font);} + l->setText((lm)?dt.toString():QString("---")); + m_dialog->selectTable->setCellWidget(row,6,l); + + row++; + } + creatingTable = false; + if (show_library) + m_dialog->selectTable->showColumn(3); + else + m_dialog->selectTable->hideColumn(3); + + for (int i=0;iselectTable->columnCount();i++) + { + if (i<4) + m_dialog->selectTable->resizeColumnToContents (i); + else + m_dialog->selectTable->setColumnWidth(i,200); + } + + //selectTable->setColumnStretchable(2,true); + //selectTable->sortColumn(2,true,true); +} + +void instDialog::showPage(const int page) +{ + FakeWizard::showPage(page); + + if (fwbdebug && reqFirewalls.empty()) + qDebug("instDialog::showPage reqFirewalls is empty"); + + if (fwbdebug) qDebug("instDialog::showPage"); + int p = page; + if (fwbdebug) + qDebug(QString("to page: %1 from page: %2").arg(p).arg(lastPage).toAscii().constData()); + + switch (p) + { + case 0: // select firewalls for compiling and installing + { + if (lastPage<0) fillCompileSelectList(); + setNextEnabled(0, isTableHasChecked()); + break; + } + case 1: // compiling (installing) firewalls + { + setBackEnabled(1,false); + setNextEnabled(1,false); + if (lastPage<1) + { // starting process + fillCompileOpList(); + opListIterator=opList.begin(); + if (opList.size()==0) + {// there are no firewalls for compilation + // what about installation? + + compileFlag=false; + + fillInstallOpList(); + opListIterator=opList.begin(); + if(opList.size()==0) + {//there are no firewalls for installation + showPage(2); + } + else + { + lastPage=p; + initInstall(); + installSelected(); + if (stopProcessFlag) return; + } + } + else + { + compileSelected(); + } + } + else + { + if (opList.size()==0) + { + showPage(2); + } + else + { + installSelected(); + if (stopProcessFlag) return; + } + } + + break; + } + case 2: // fin + { + setBackEnabled(2,false); + if (compileFlag && operation==BATCH_INSTALL) + { + fillInstallOpList(); + initInstall(); + compileFlag=false; + if (opList.size()>0) + { + opListIterator=opList.begin(); + showPage(1); + } + else + { + fillLastList(); + } + break; + } + + if ( + !compileFlag && + opList.end()!=opListIterator && + operation==BATCH_INSTALL && + !stopProcessFlag) + { + showPage(1); + break; + } + fillLastList(); + break; + } + default: { } + } + + lastPage = currentPage(); + setCurrentPage(page); +} + +QString instDialog::getFullPath(instConf &cnf, const QString &file ) +{ + if (QDir::isRelativePath(file)) return cnf.wdir + "/" + file; + else return file; +} + +bool instDialog::doInstallPage(Firewall* f) +{ + if (fwbdebug) qDebug("instDialog::doInstallPage"); + +/* change of the page when flag ready is 'true' means we should start + * operation */ + cnf.fwobj = f; + + if (fwbdebug) qDebug(QString("instDialog::doInstallPage: firewall: %1") + .arg(f->getName().c_str()).toAscii().constData()); + cnf.incremental = dlg->m_dialog->incr->isChecked(); + cnf.dry_run = dlg->m_dialog->test->isChecked(); + cnf.backup_file = dlg->m_dialog->backupConfigFile->text(); + cnf.backup = !cnf.backup_file.isEmpty(); + cnf.save_diff = dlg->m_dialog->saveDiff->isChecked(); + cnf.saveStandby = dlg->m_dialog->saveStandby->isChecked(); + +/* Alternative address: + - first, check dialog. User could have overriden it using dialog + - then check firewall options, user could have set it in the "Install" + tab of firewall settings dialog + - last, if all overrides are empty, take it from the management interface + */ + + QString aaddr = dlg->m_dialog->altAddress->text(); + if (!aaddr.isEmpty()) + { +/* alternative address can also be putty session name. In any case, + * leave it up to ssh to resolve it and signal an error if it can't be + * resolved ( Putty session name does not have to be in DNS at all ). + */ + cnf.maddr = aaddr; + if (fwbdebug) + qDebug( + QString("instDialog::doInstallPage: alternative address %1") + .arg(aaddr).toAscii().constData()); + + } else + { + FWOptions *fwopt = cnf.fwobj->getOptionsObject(); + aaddr = fwopt->getStr("altAddress").c_str(); + if (!aaddr.isEmpty()) + cnf.maddr = aaddr; + else + cnf.maddr = + cnf.fwobj->getManagementAddress().toString().c_str(); + } + + if (fwbdebug) + qDebug( + QString("instDialog::doInstallPage: management address: %1") + .arg(cnf.maddr).toAscii().constData()); + +// cnf.maddr = altAddress->text(); + cnf.user = dlg->m_dialog->uname->text(); + cnf.pwd = dlg->m_dialog->pwd->text(); + cnf.epwd = dlg->m_dialog->epwd->text(); + cnf.quiet = dlg->m_dialog->quiet->isChecked(); + cnf.verbose = dlg->m_dialog->verbose->isChecked(); + cnf.stripComments = dlg->m_dialog->stripComments->isChecked(); + cnf.compressScript= dlg->m_dialog->compressScript->isChecked(); + cnf.copyFWB = dlg->m_dialog->copyFWB->isChecked(); + cnf.testRun = dlg->m_dialog->testRun->isChecked(); + cnf.rollback = dlg->m_dialog->rollback->isChecked(); + cnf.rollbackTime = dlg->m_dialog->rollbackTime->value(); + cnf.cancelRollbackIfSuccess = dlg->m_dialog->cancelRollbackIfSuccess->isChecked(); + + storeInstallerOptions(); +/* check for a common error when multiple interfaces are marked as + * 'management' + */ + int nmi = 0; + list ll = cnf.fwobj->getByType(Interface::TYPENAME); + for (FWObject::iterator i=ll.begin(); i!=ll.end(); i++) + { + Interface *intf = Interface::cast( *i ); + if (intf->isManagement()) nmi++; + } + if (nmi>1) + { + addToLog( + QObject::tr("Only one interface of the firewall '%1' must be marked as management interface.") + .arg(cnf.fwobj->getName().c_str()).toLatin1().constData() ); + return false; + } + if (nmi==0) + { + addToLog( + QObject::tr("One of the interfaces of the firewall '%1' must be marked as management interface.") + .arg(cnf.fwobj->getName().c_str()).toLatin1().constData() ); + return false; + } + if ((cnf.maddr == "" || cnf.maddr == "0.0.0.0")) + { + addToLog( + QObject::tr("Management interface does not have IP address, can not communicate with the firewall.") ); + return false; + } + + confScript=""; + + confFiles.clear(); + if (cnf.copyFWB) + { + QFileInfo fwbfile_base(cnf.fwbfile); + + if (fwbdebug) + qDebug( QString("Will copy data file: %1").arg(fwbfile_base.fileName()).toAscii().constData()); + + confFiles.push_back( fwbfile_base.fileName() ); + } +/* read manifest from the conf file */ + + QString conffile_path = getFullPath(cnf,cnf.conffile); + QFile cf( conffile_path ); + if (cf.open( QIODevice::ReadOnly ) ) + { + QTextStream stream(&cf); + QString line; + while (!stream.atEnd()) + { + line = stream.readLine(); + int pos = -1; + if ( (pos=line.indexOf(MANIFEST_MARKER))!=-1 ) + { + int n = pos + QString(MANIFEST_MARKER).length(); +// if (line[n]=='*') confScript=line.mid(n+2); +// else confFiles.push_back( line.mid(n+2) ); + + confFiles.push_back( line.mid(n+2) ); + + if (fwbdebug) + qDebug("instDialog: adding %c %s", + line[n].toLatin1(), + line.mid(n+2).toAscii().constData()); + + } + line = ""; + } + cf.close(); + } else + { + QMessageBox::critical(this, "Firewall Builder", + tr("File %1 not found.").arg(conffile_path), + tr("&Continue") ); + return false; + } + +// if (confScript.isEmpty()) confScript=cnf.conffile; + if (confFiles.size()==0) confFiles.push_back(cnf.conffile); + + currentProgressBar->setValue(0); + + summary(); + + QStringList args; + + if (cnf.fwobj->getStr("platform")=="pix" || + cnf.fwobj->getStr("platform")=="fwsm" || + cnf.fwobj->getStr("platform")=="iosacl" + ) + { +#ifdef _WIN32 + args.push_back(ssh); + +/* + * putty ignores protocol and port specified in the session file if + * command line option -ssh is given. + * + * On the other hand,the sign of session usage is an empty user name, + * so we can check for that. If user name is empty, then putty will + * use current Windows account name to log in to the firewall and this + * is unlikely to work anyway. This seems to be a decent workaround. + */ + if (!cnf.user.isEmpty() && ssh.find(QString("plink.exe"),0,false)!=-1) + { + args.push_back("-ssh"); + args.push_back("-pw"); + args.push_back(cnf.pwd); + } + + if (!cnf.sshArgs.isEmpty()) + args += cnf.sshArgs.split(" ", QString::SkipEmptyParts); + + if (cnf.verbose) args.push_back("-v"); + if (!cnf.user.isEmpty()) + { + args.push_back("-l"); + args.push_back(cnf.user); + args.push_back(cnf.maddr); + } else + args.push_back(cnf.maddr); +#else + args.push_back(argv0.c_str()); + args.push_back("-X"); // fwbuilder works as ssh wrapper +// args.push_back("-d"); + args.push_back("-t"); + args.push_back("-t"); + + if (!cnf.sshArgs.isEmpty()) + args += cnf.sshArgs.split(" ", QString::SkipEmptyParts); + + if (cnf.verbose) args.push_back("-v"); + if (!cnf.user.isEmpty()) + { + args.push_back("-l"); + args.push_back(cnf.user); + args.push_back(cnf.maddr); + } else + args.push_back(cnf.maddr); +#endif + + if (cnf.verbose) displayCommand(args); + + phase=1; + + SSHPIX *ssh_object = NULL; + if (cnf.fwobj->getStr("platform")=="pix" || + cnf.fwobj->getStr("platform")=="fwsm") + { + ssh_object = new SSHPIX(this, + cnf.fwobj->getName().c_str(), + args, + cnf.pwd, + cnf.epwd, + list()); + } else // ios + { + ssh_object = new SSHIOS(this, + cnf.fwobj->getName().c_str(), + args, + cnf.pwd, + cnf.epwd, + list()); + } + + /* + * TODO: + * the structure of scriptlets (command templates) for PIX and + * IOS is nice and generic, it uses generalized "pre_config" + * and "post_config" hooks in SSHPIX / SSHIOS classes. Need to + * do the same for Unix firewalls. + */ + + QString cmd = ""; + QStringList pre_config_commands; + QStringList post_config_commands; + + cmd = cnf.getCmdFromResource("pre_config_commands"); + pre_config_commands = replaceMacrosInCommand(cmd).split("\n", QString::SkipEmptyParts); + + if (cnf.rollback) + { + cmd = cnf.getCmdFromResource("schedule_rollback"); + pre_config_commands = pre_config_commands + + replaceMacrosInCommand(cmd).split("\n", QString::SkipEmptyParts); + } + + cmd = cnf.getCmdFromResource("post_config_commands"); + post_config_commands = replaceMacrosInCommand(cmd).split("\n", QString::SkipEmptyParts); + + if (cnf.cancelRollbackIfSuccess) + { + cmd = cnf.getCmdFromResource("cancel_rollback"); + post_config_commands = post_config_commands + + replaceMacrosInCommand(cmd).split("\n", QString::SkipEmptyParts); + } + + if (cnf.saveStandby) + { + cmd = cnf.getCmdFromResource("save_standby"); + post_config_commands = post_config_commands + + replaceMacrosInCommand(cmd).split("\n", QString::SkipEmptyParts); + } + + ssh_object->loadPreConfigCommands( pre_config_commands ); + ssh_object->loadPostConfigCommands( post_config_commands ); + + runSSH(ssh_object); + return true; + } + // all other Unix-based platforms + +/* + * if user requested test run, store firewall script in a temp file. + * Always store it in a temp file on linksys + */ + QString s; + +/* user_can_change_install_dir */ + bool uccid=Resources::getTargetOptionBool( + cnf.fwobj->getStr("host_OS"),"user_can_change_install_dir"); + + if (uccid) + s=cnf.fwobj->getOptionsObject()->getStr("firewall_dir").c_str(); + + if (s.isEmpty()) s=Resources::getTargetOptionStr( + cnf.fwobj->getStr("host_OS"), + "activation/fwdir").c_str(); + + cnf.fwdir = s; + + continueRun(); + + return true; +} + +void instDialog::resetInstallSSHSession() +{ + if (fwbdebug) qDebug("instDialog::resetInstallSSHSession"); + + if (session!=NULL) + { + disconnect(session,SIGNAL(printStdout_sign(const QString&)), + this,SLOT(append(const QString&))); + + disconnect(session,SIGNAL(sessionFinished_sign()), + this,SLOT(installerFinished())); + + disconnect(session,SIGNAL(sessionFatalError_sign()), + this,SLOT(installerError())); + + disconnect(session,SIGNAL(updateProgressBar_sign(int,bool)), + this,SLOT(updateProgressBar(int,bool))); + + session->terminate(); + + delete session; + session=NULL; + } + + activationCommandDone=false; +} + +/* + * This method builds and returns activation command + * This method is used for all firewall platforms but PIX + */ +QString instDialog::getActivationCmd() +{ + if (!cnf.activationCmd.isEmpty()) + { + return cnf.activationCmd; + } + + QString cmd=""; + + string optpath="activation/"; + + if (cnf.user=="root") optpath += "root/"; + else optpath += "reg_user/"; + + if (cnf.testRun) + { + optpath += "test/"; + if (cnf.rollback) optpath += "rollback/"; + else optpath += "no_rollback/"; + } else + { + optpath += "run/"; + if (cnf.compressScript) optpath += "compression/"; + else optpath += "no_compression/"; + } + + cmd=Resources::getTargetOptionStr(cnf.fwobj->getStr("host_OS"), + optpath).c_str(); + return replaceMacrosInCommand(cmd); +} + +QString instDialog::replaceMacrosInCommand(const QString &ocmd) +{ + +/* replace macros in activation command: + * + * %FWSCRIPT%, %FWDIR%, %FWBPROMPT%, %RBTIMEOUT% + * + * check if cnf.conffile is a full path. If it is, strip the path part + * and use only the file name for %FWSCRIPT% + */ + QString cmd = ocmd; + + QString clean_conffile = cnf.conffile.section(QDir::separator(),-1); + if (fwbdebug) + { + qDebug("Macro substitutions:"); + qDebug(QString(" cnf.conffile=%1").arg(cnf.conffile).toAscii().constData()); + qDebug(QString(" %%FWSCRIPT%%=%1").arg(clean_conffile).toAscii().constData()); + qDebug(QString(" %%FWDIR%%=%1").arg(cnf.fwdir).toAscii().constData()); + } + + cmd.replace("%FWSCRIPT%",clean_conffile); + cmd.replace("%FWDIR%",cnf.fwdir); + cmd.replace("%FWBPROMPT%",fwb_prompt); + + int r = cnf.rollbackTime; + if (cnf.rollbackTimeUnit=="sec") r = r*60; + + QString rbt; + rbt.setNum(r); + cmd.replace("%RBTIMEOUT%",rbt); + return cmd; +} + +void instDialog::initiateCopy(const QString &file) +{ + QStringList args; + list allConfig; + + if (fwbdebug) + qDebug("instDialog::initiateCopy for the file %s",file.toAscii().constData()); + + QString platform=cnf.fwobj->getStr("platform").c_str(); + //if (platform!="pix" && platform!="fwsm") progressBar->show(); + + QTextCodec::setCodecForCStrings(QTextCodec::codecForName("latin1")); + + std::ifstream *wfile; + + QString file_with_path = getFullPath(cnf,file); + + wfile = new ifstream(file_with_path.toLatin1().constData()); + if ( ! *wfile) + { + file_with_path = file; // .fwb file path already includes wdir + wfile = new ifstream(file_with_path.toLatin1().constData()); + if ( ! *wfile) + { + addToLog(QObject::tr("Can not open file %1").arg(file_with_path)); + delete wfile; + return; + } + } + + /* need to convert strings of the config file from Utf-8 to + * internal presentation of QT (unicode) so we can process them + * using methods of QString; will convert them back to Utf-8 + * before sending to the installer process + */ + string s0; + while ( !wfile->eof() ) + { + getline( *wfile, s0); +// QString s = QString::fromUtf8(s0.c_str()); +// QString s = s0.c_str(); +// s.stripWhiteSpace(); + + if (fwbdebug) qDebug("instDialog::initiateCopy s='%s'",s0.c_str()); + + allConfig.push_back(s0); + } + wfile->close(); + delete wfile; + wfile=NULL; + +// allConfig.push_back("\004"); + +#ifdef _WIN32 + args.push_back(ssh); + + if (!cnf.user.isEmpty() && ssh.find(QString("plink.exe"),0,false)!=-1) + { + args.push_back("-ssh"); + args.push_back("-pw"); + args.push_back(cnf.pwd); + } + +#else + args.push_back(argv0.c_str()); + args.push_back("-X"); // fwbuilder works as ssh wrapper +// if (fwbdebug>1) args.push_back("-d"); +// args.push_back("-t"); +// args.push_back("-t"); +#endif +/* do not change destination, we do chmod on it later */ +// args.push_back( cnf.wdir+"/"+file); + + if (!cnf.sshArgs.isEmpty()) + args += cnf.sshArgs.split(" ", QString::SkipEmptyParts); + + if (cnf.verbose) args.push_back("-v"); + if (!cnf.user.isEmpty()) + { + args.push_back("-l"); + args.push_back(cnf.user); + args.push_back(cnf.maddr); + } else + args.push_back(cnf.maddr); + + string optpath="activation/"; + + if (cnf.user=="root") optpath += "root/"; + else optpath += "reg_user/"; + + if (cnf.testRun) optpath += "test/"; + else optpath += "run/"; + + optpath+="copy"; + + QString cmd=Resources::getTargetOptionStr(cnf.fwobj->getStr("host_OS"), + optpath).c_str(); + +/* replace macros in activation command: + * + * %FWSCRIPT%, %FWDIR%, %FWBPROMPT%, %RBTIMEOUT% + * + * check if cnf.conffile is a full path. If it is, strip the path part + * and use only the file name for %FWSCRIPT% + */ + QString file_name_no_spaces = file; + if (file_name_no_spaces.indexOf(" ")!=-1) + { + file_name_no_spaces.replace(" ","\\ "); + } + + QString clean_file = file_with_path.section(QDir::separator(),-1); + if (fwbdebug) + { + qDebug("Macro substitutions:"); + qDebug(QString(" cnf.conffile=%1").arg(cnf.conffile).toAscii().constData()); + qDebug(QString(" %%FWSCRIPT%%=%1").arg(file_name_no_spaces).toAscii().constData()); + qDebug(QString(" %%FWDIR%%=%1").arg(cnf.fwdir).toAscii().constData()); + } + + cmd.replace("\n",""); + cmd.replace("%FWSCRIPT%", file_name_no_spaces); + cmd.replace("%FWDIR%", cnf.fwdir); + cmd.replace("%FWBPROMPT%", fwb_prompt); + + args.push_back(cmd); + + addToLog( tr("\nCopying %1 -> %2:%3\n") + .arg(file_with_path).arg(cnf.maddr).arg(cnf.fwdir) ); + + if (cnf.verbose) displayCommand(args); + + phase=1; + + QTextCodec::setCodecForCStrings(QTextCodec::codecForName("latin1")); + + SSHSession *s= new SSHUnx(this, + cnf.fwobj->getName().c_str(), + args, + cnf.pwd, + "", + allConfig); + + s->setCloseStdin(true); + runSSH(s); +} + +void instDialog::displayCommand(const QStringList &args) +{ + QStringList a1 = args; + + for (QStringList::iterator i=a1.begin(); i!=a1.end(); i++) + { + if ( (*i)=="-pw" ) + { + i++; + *i = "XXXXXX"; + break; + } + } + QString s=a1.join(" "); + addToLog( tr("Running command '%1'\n\n").arg(s) ); +} + +void instDialog::finishInstall(bool success) +{ + if (fwbdebug) qDebug("instDialog::finishInstall"); + + if (success) + { + om->updateLastInstalledTimestamp(*opListIterator); + opListMapping[*opListIterator]->setText(1,tr("Success")); + processedFirewalls[*opListIterator].second=tr("Success"); + setSuccessState(opListMapping[*opListIterator]); + } + else + { + opListMapping[*opListIterator]->setText(1,tr("Error")); + processedFirewalls[*opListIterator].second=tr("Error"); + setErrorState(opListMapping[*opListIterator]); + } + + opListIterator++; + + if(opListIterator!=opList.end() && m_dialog->batchInstall->isChecked() && !stopProcessFlag) + { + installSelected(); + return; + } + setNextEnabled( 1, true); +} + +void instDialog::continueRun() +{ + if (fwbdebug) qDebug("instDialog::continueRun"); + + if (session) + { + if (session->getErrorStatus()) + { + if (fwbdebug) qDebug("session error"); + addToLog( tr("Fatal error, terminating install sequence\n") ); + finishInstall(false); + //setFinishEnabled( page(1), true ); + return; + } + + delete session; + session=NULL; + } + + if (activationCommandDone) + { + if (fwbdebug) qDebug("activationCommandDone"); + addToLog( tr("Done\n") ); + finishInstall(); + return; + } + + if (cnf.fwobj->getStr("platform")=="pix" || + cnf.fwobj->getStr("platform")=="fwsm" || + cnf.fwobj->getStr("platform")=="iosacl" + ) + { + finishInstall(); + return; + } else + { + + if (!confFiles.empty()) + { + QString cnffile = confFiles.front(); + confFiles.pop_front(); + initiateCopy( cnffile ); + } else + { + QStringList args; + + //progressBar->hide(); + +#ifdef _WIN32 + args.push_back(ssh); + + if (!cnf.user.isEmpty() && + ssh.find(QString("plink.exe"),0,false)!=-1) args.push_back("-ssh"); + + args.push_back("-pw"); + args.push_back(cnf.pwd); +#else + args.push_back(argv0.c_str()); + args.push_back("-X"); // fwbuilder works as ssh wrapper + args.push_back("-t"); + args.push_back("-t"); +#endif + if (!cnf.sshArgs.isEmpty()) + args += cnf.sshArgs.split(" "); + + if (cnf.verbose) args.push_back("-v"); + + if (!cnf.user.isEmpty()) + { + args.push_back("-l"); + args.push_back(cnf.user); + args.push_back(cnf.maddr); + } else + args.push_back(cnf.maddr); +#if 0 + if (!cnf.user.isEmpty()) + args.push_back(cnf.user + "@" + cnf.maddr); + else + args.push_back(cnf.maddr); +#endif + + QString cmd = getActivationCmd(); + args.push_back( cmd ); + + addToLog( tr("Activating new policy\n") ); + addToLog( "\n"); + + if (cnf.verbose) displayCommand(args); + + activationCommandDone=true; + + runSSH( new SSHUnx(this, + cnf.fwobj->getName().c_str(), + args, + cnf.pwd, + "", + list()) ); + } + + } +} + +void instDialog::runSSH(SSHSession *s) +{ + if (fwbdebug) qDebug("instDialog::runSSH()"); + + session = s; + + session->setOptions(&cnf); + session->setFWBPrompt(fwb_prompt); + + connect(session,SIGNAL(printStdout_sign(const QString&)), + this,SLOT(append(const QString&))); + + connect(session,SIGNAL(sessionFinished_sign()), + this,SLOT(installerFinished())); + + connect(session,SIGNAL(sessionFatalError_sign()), + this,SLOT(installerError())); + + connect(session,SIGNAL(updateProgressBar_sign(int,bool)), + this,SLOT(updateProgressBar(int,bool))); + + session->startSession(); +} + +void instDialog::updateProgressBar(int n,bool setsize) +{ + if (fwbdebug) + qDebug("instDialog::updateProgressBar n=%d setsize=%d",n,setsize); + + if (setsize) currentProgressBar->setMaximum(n); + else + currentProgressBar->setValue(currentProgressBar->maximum()-n); +} + +void instDialog::finishClicked() +{ + accept(); +} + +/* user clicked 'Cancel' */ +void instDialog::cancelClicked() +{ + if (fwbdebug) qDebug("instDialog::cancelClicked()"); + if (session!=NULL) + { + if (fwbdebug) + qDebug("instDialog::reject() killing ssh session"); + + disconnect(session,SIGNAL(printStdout_sign(const QString&)), + this,SLOT(append(const QString&))); + + disconnect(session,SIGNAL(sessionFinished_sign()), + this,SLOT(installerFinished())); + + disconnect(session,SIGNAL(sessionFatalError_sign()), + this,SLOT(installerError())); + + disconnect(session,SIGNAL(updateProgressBar_sign(int,bool)), + this,SLOT(updateProgressBar(int,bool))); + + session->terminate(); + + delete session; + session=NULL; + } + + if (proc.state() == QProcess::Running) + { + rejectDialogFlag = true; + proc.kill(); + } + else + QDialog::reject(); +} + + +void instDialog::showEvent( QShowEvent *ev) +{ + st->restoreGeometry(this, QRect(200,100,480,500) ); + QDialog::showEvent(ev); +} + +void instDialog::hideEvent( QHideEvent *ev) +{ + st->saveGeometry(this); + QDialog::hideEvent(ev); +} + +void instDialog::testRunRequested() +{ +#if 0 +#endif +} + +void instDialog::saveLog() +{ + QString dir; + if (currentLog==NULL) return; + dir=st->getWDir(); + if (dir.isEmpty()) dir=st->getOpenFileDir(); + if (dir.isEmpty()) dir="~"; + + /* + * We use QTextEdit::append to add lines to the log buffer, each + append creates a new paragraph so QTextEdit::text returns only + contents of the last paragraph. Need to reassemble the whole text + adding text from each paragraph separately. + */ + QString logText; + logText = currentLog->toPlainText(); + + QString s = QFileDialog::getSaveFileName( + this, + "Choose a file", + dir, + "Text file (*.txt)"); + + if (fwbdebug) + qDebug( "Saving log to file %s", s.toAscii().constData() ); + + if (!s.isEmpty()) + { + if (!s.endsWith(".txt")) + { + s+=".txt"; + } + + QFile f(s); + if (f.open( QIODevice::WriteOnly )) + { + QTextStream str( &f ); + str << logText; + f.close(); + } + } +} + +void instDialog::findFirewalls() +{ + firewalls.clear(); + om->findAllFirewalls(firewalls); + firewalls.sort(FWObjectNameCmpPredicate()); + m_dialog->saveMCLogButton->setEnabled(true); +} + + +bool instDialog::runCompile(Firewall *fw) +{ + if (fwbdebug) + { + qDebug("instDialog::runCompile"); + qDebug(("Firewall:"+fw->getName()).c_str()); + } + + + addToLog( QString("\n") + + QObject::tr("Compiling rule sets for firewall: %1").arg( + fw->getName().c_str() + ) + ); + prepareArgForCompiler(fw); + + currentLog->append( args.join(" ") ); + + QString path = args.at(0); + args.pop_front(); + proc.start(path, args); + + if ( !proc.waitForStarted() ) + { + currentLog->append( tr("Error: Failed to start program") ); + return false; + } + args.push_front(path); + + return true; +} + + +bool instDialog::testFirewall(Firewall *fw) +{ + if (fwbdebug) qDebug("instDialog::testFirewall"); + FWOptions *fwopt=fw->getOptionsObject(); + customScriptFlag=false; + + Management *mgmt=fw->getManagementObject(); + assert(mgmt!=NULL); + PolicyInstallScript *pis = mgmt->getPolicyInstallScript(); + +/* we don't care about ssh settings if external installer is to be used */ + + if ( (/* ! pis->isEnabled() || */ pis->getCommand()=="") && + st->getSSHPath().isEmpty()) + { + QMessageBox::critical(this, "Firewall Builder", + tr("Policy installer uses Secure Shell to communicate with the firewall.\n" + "Please configure directory path to the secure shell utility \n" + "installed on your machine using Preferences dialog"), + tr("&Continue") ); + addToLog("Please configure directory path to the secure \n shell utility installed on your machine using Preferences dialog"); + return false; + } + +/* need to save settings so that if the user just changed ssh/scp, the + * wrapper will pick changes up + */ + st->save(); + + QString ofname = fwopt->getStr("output_file").c_str(); + if (ofname.isEmpty()) ofname = QString(fw->getName().c_str()) + ".fw"; + + QString fwfname = getFileDir( mw->getRCS()->getFileName() ) + "/" + ofname; + +/* bug #1617501: "Install fails after compile". Check ofname, just in + * case user put full path name for the output script name in options + */ + if ( !QFile::exists(fwfname) && !QFile::exists(ofname)) + { +/* need to recompile */ + addToLog(tr("Firewall isn't compiled.")); + if (fwbdebug) qDebug("Firewall isn't compiled."); + return false; + } + + + args.clear(); + + + if ( /*! pis->isEnabled() || */ pis->getCommand()=="" ) + { + //instConf cnf; + + cnf.user = fwopt->getStr("admUser").c_str(); + cnf.maddr = fwopt->getStr("altAddress").c_str(); + cnf.sshArgs = fwopt->getStr("sshArgs").c_str(); + cnf.activationCmd = fwopt->getStr("activationCmd").c_str(); + + cnf.fwobj = fw; + cnf.fwbfile = mw->db()->getFileName().c_str(); + cnf.conffile = ofname; + cnf.diff_file = QString(fw->getName().c_str())+".diff"; + cnf.wdir = getFileDir( mw->getRCS()->getFileName() ); + cnf.diff_pgm = Resources::platform_res[fw->getStr("platform")]-> + getResourceStr("/FWBuilderResources/Target/diff").c_str(); + +/* set this in instDialog now + + QString s=fwopt->getStr("firewall_dir").c_str(); + if (s.isEmpty()) s="/etc/fw"; + cnf.fwdir = s; +*/ + + cnf.diff_pgm = QString(appRootDir.c_str()) + cnf.diff_pgm; + +#ifdef _WIN32 + cnf.diff_pgm = cnf.diff_pgm + ".exe"; +#endif + + //instDialog *id = new instDialog( &cnf ); + + //int exec_result=id->exec(); + + } else + { + customScriptFlag=true; + string inst_script=pis->getCommand(); + + QString wdir = getFileDir( mw->getRCS()->getFileName() ); + + + args.push_back(inst_script.c_str()); + + QString qs = pis->getArguments().c_str(); + args += qs.split(" ", QString::SkipEmptyParts); + + args.push_back("-f"); + args.push_back(mw->db()->getFileName().c_str()); + + if (wdir!="") + { + args.push_back("-d"); + args.push_back(wdir); + } + + args.push_back( QString("/%1/%2") + .arg(QString::fromUtf8(fw->getLibrary()->getName().c_str())) + .arg(fw->getPath(true).c_str() ) ); + + //execDialog dlg(this, args ); + + //int exec_result=dlg.run(); + //qDebug(QString("Result: %1").arg(exec_result)); + //if (exec_result==0) om->updateLastInstalledTimestamp(fw); + } + return true; +} + +bool instDialog::prepareArgForCompiler(Firewall *fw) +{ + FWOptions *fwopt=fw->getOptionsObject(); + +/* + * I should be able to specify custom compiler for firewall with + * no platform (e.g. for experiments) + */ + string compiler=fwopt->getStr("compiler"); + if (compiler=="") + { + compiler=Resources::platform_res[fw->getStr("platform")]->getCompiler(); + } + + if (compiler=="") + { + QMessageBox::warning( + this,"Firewall Builder", + tr("Firewall platform is not specified in this object.\n\ +Can't compile firewall policy."), + tr("&Continue"), QString::null,QString::null, + 0, 1 ); + return false; + } + +/* + * On Unix compilers are installed in the standard place and are + * accessible via PATH. On Windows and Mac they get installed in + * unpredictable directories and need to be found + * + * first, check if user specified an absolute path for the compiler, + * then check if compiler is registsred in preferences, and if not, + * look for it in appRootDir and if it is not there, rely on PATH + */ +#if defined(Q_OS_WIN32) || defined(Q_OS_MACX) + + if ( ! QFile::exists( compiler.c_str() ) ) + { + string ts = string("Compilers/")+compiler; + QString cmppath = st->getStr( ts.c_str() ); + if (!cmppath.isEmpty()) compiler=cmppath.toLatin1().constData(); + else + { + /* try to find compiler in appRootDir. */ + string ts = appRootDir + FS_SEPARATOR + compiler; + if ( QFile::exists( ts.c_str() ) ) + compiler = appRootDir + FS_SEPARATOR + compiler; + } + } +#endif + +#if 0 +// if we use WDir for the "-d" option for compiler + QString wdir; + if (st->getWDir().isEmpty()) + { + QString of = rcs->getFileName(); + wdir = of.left( of.findRev('/',-1) ); + } else + { + wdir=st->getWDir(); + } +#endif + + QString wdir = getFileDir(mw->getRCS()->getFileName() ); + + args.clear(); + + args.push_back(compiler.c_str()); + + QString qs = fwopt->getStr("cmdline").c_str(); + args += qs.split(" ", QString::SkipEmptyParts); + + args.push_back("-f"); + args.push_back(mw->db()->getFileName().c_str()); + + if (wdir!="") + { + args.push_back("-d"); + args.push_back(wdir); + } + + QString ofname = QString::fromUtf8(fwopt->getStr("output_file").c_str()); + if (!ofname.isEmpty()) + { + args.push_back("-o"); + args.push_back(ofname); + } + +/* there has been a change in v2.1: now resources are installed in + * directory /usr/share/fwbuilder-2.1 (it used to be just + * /usr/share/fwbuilder) Compilers that are packaged separately need + * to know about this but I do not want to hard-code it. It is easier + * to pass the path on the command line + * + * Update 01/16/06: + * + * We now package a copy of resource files with externally packaged + * compilers (such as fwbuilder-pix), therefore flag "-r" is not + * needed anyore + */ + +#if 0 + args.push_back("-r"); + args.push_back(respath); +#endif + + args.push_back( QString::fromUtf8(fw->getName().c_str()) ); + return true; +} + +/* + * Adds one line of text to the log + * + */ +void instDialog::addToLog(const QString &line) +{ + if (fwbdebug) + qDebug("instDialog::addToLog"); + + if (currentLog) + { + if (line.isEmpty()) return; + +// currentLog->moveCursor( QTextEdit::MoveEnd , false ); + + QStringList words=line.split(" "); + +#if 0 +// although it is nice to be able to print errors in red, this +// will break because of localization + QColor oc=currentLog->color(); + if (words.first().find("Error")>=0) currentLog->setColor(Qt::red); + if (words.first().find("Abnormal")>=0) currentLog->setColor(Qt::red); + if (words.first().find("Warning")>=0) currentLog->setColor(Qt::blue); +#endif +// currentLog->insert( line ); + currentLog->append( line ); + + if (words.first().indexOf("rule")>=0) + { + currentProgressBar->setValue(++processedRules); + } else + { + if (words.first().indexOf("processing")>=0) + { + currentProgressBar->reset(); + totalRules=words[1].toInt(); + currentProgressBar->setMaximum(totalRules); + processedRules=0; + } else + { + if (words.first().indexOf("Compiling")>=0) + { + currentLabel->setText(line.trimmed()); + currentProgressBar->reset(); + } else + { + if (line.indexOf("Compiled successfully")>=0) + { + currentLabel->setText(line.trimmed()); + currentProgressBar->setValue(currentProgressBar->maximum()); + } + } + } + } + QApplication::processEvents(QEventLoop::ExcludeUserInputEvents,1); + + if (fwbdebug) + qDebug( QString("instDialog::addToLog Current log buffer contents %3"). + arg(currentLog->toPlainText()).toAscii().constData() ); + + } +} + +void instDialog::readFromStdout() +{ + QString buf = proc.readAllStandardOutput(); + bool endsWithLF = buf.endsWith("\n"); + QString lastLine = ""; + + if (buf.isEmpty()) + { + addToLog( pendingLogLine ); + pendingLogLine = ""; + return; + } + + if (buf.isEmpty()) return; + + // split on LF + QStringList bufLines = buf.split("\n"); + + if (bufLines.empty()) return; + + if (fwbdebug) + { + qDebug("buf=%s",buf.toAscii().constData()); + qDebug("endsWithLF=%d",endsWithLF); + qDebug("bufLines.size()=%d",bufLines.size()); + } + + // if buf ends with a LF character, the last element in the list is + // an empty string + if (endsWithLF && bufLines.last().isEmpty()) bufLines.pop_back(); + + // if buf does not end with LF, last element in the list is + // incomplete line of text + if (!endsWithLF) + { + lastLine = bufLines.last(); + bufLines.pop_back(); + } + + // elements that are left in the list are all complete lines of text + for (QStringList::Iterator i=bufLines.begin(); i!=bufLines.end(); ++i) + { + addToLog( pendingLogLine + *i ); + pendingLogLine = ""; + } + + pendingLogLine += lastLine; +} + +void instDialog::installerError() +{ + if (fwbdebug) qDebug("instDialog::installerError"); + + addToLog( tr("Error: Terminating install sequence\n") ); + finishInstall(false); + + resetInstallSSHSession(); + //setFinishEnabled( page(1), true ); + + if (session) delete session; + session=NULL; +} + +void instDialog::installerFinished() +{ + if( fwbdebug) qDebug("instDialog::installerFinished"); + + if (session->getErrorStatus()) + { + installerError(); + } + + if (session) delete session; + session=NULL; + + QTimer::singleShot( 0, this, SLOT(continueRun()) ); +} + +void instDialog::processExited(int res) +{ + if( fwbdebug) qDebug("instDialog::processExited exit code = %d", res); + + readFromStdout(); + + if (rejectDialogFlag) + { + rejectDialogFlag = false; + QDialog::reject(); + return; + } + + if (!compileFlag && customScriptFlag) + { + if( fwbdebug) qDebug("Custom script installer"); + + if(res==0) + { + om->updateLastInstalledTimestamp(*opListIterator); + processedFirewalls[*opListIterator].second="Success"; + opListMapping[*opListIterator]->setText(1,tr("Success")); + setSuccessState(opListMapping[*opListIterator]); + } + else + { + processedFirewalls[*opListIterator].second="Error"; + opListMapping[*opListIterator]->setText(1,tr("Error")); + setErrorState(opListMapping[*opListIterator]); + } + currentProgressBar->setValue(currentProgressBar->maximum () ); + qApp->processEvents(); + + opListIterator++; + + if (opListIterator!=opList.end() && m_dialog->batchInstall->isChecked() && !stopProcessFlag) + { + installSelected(); + } + else + { + currentSaveButton->setEnabled(true); + setNextEnabled(1, true); + m_dialog->saveMCLogButton->setEnabled(true); + } + return; + } + + + if(res==0 && proc.state()==QProcess::NotRunning && !stopProcessFlag) + { + om->updateLastCompiledTimestamp(*opListIterator); + processedFirewalls[*opListIterator].first=tr("Success"); + opListMapping[*opListIterator]->setText(1,tr("Success")); + setSuccessState(opListMapping[*opListIterator]); + } + else + { + if (!stopProcessFlag) + addToLog( tr("Abnormal program termination") ); + else + addToLog( tr("Program terminated by user") ); + + // WARNING: + // If compilation of the firewall failed we should not + // install it + // + installMapping[*opListIterator]->setCheckState(Qt::Unchecked); + processedFirewalls[*opListIterator].second=tr("Skipped"); + processedFirewalls[*opListIterator].first=tr("Error"); + opListMapping[*opListIterator]->setText(1,tr("Error")); + setErrorState(opListMapping[*opListIterator]); + } + + if (fwbdebug) + qDebug( QString(" Current log buffer contents: '%1'"). + arg(currentLog->toPlainText()).toAscii().constData() ); + + + + Firewall *f; + QTreeWidgetItem* item; + + opListIterator++; + + while (opListIterator!=opList.end() && !stopProcessFlag) + { + if (currentFirewallsBar) currentFirewallsBar->setValue(++progress); + qApp->processEvents(); + + f=*opListIterator; + item=opListMapping[f]; + currentFWLabel->setText(QString::fromUtf8(f->getName().c_str())); + + + m_dialog->listView4->scrollToItem( opListMapping[f] ); + + if(runCompile(f)) + { + item->setText(1,tr("Compiling ...")); + + setInProcessState(item); + + return; + } + else + { + item->setText(1,tr("Failure")); + + setFailureState(item); + + } + ++opListIterator; + } + if (currentFirewallsBar) currentFirewallsBar->setValue(currentFirewallsBar->maximum()); + + if (currentStopButton) + { + currentStopButton->setText(tr("Recompile")); + disconnect (currentStopButton , SIGNAL(clicked()), this ,SLOT(stopCompile())); + connect(currentStopButton,SIGNAL(clicked()),this,SLOT(compileSelected())); + currentStopButton->setEnabled(true); + + } + currentSaveButton->setEnabled(true); + if (operation==BATCH_COMPILE) + setFinishEnabled(1, true); + else + setNextEnabled(1, true); + + currentSaveButton->setEnabled(true); + +} + +void instDialog::selectAllFirewalls() +{ + if (fwbdebug) qDebug("instDialog::selectAllFirewalls"); + if (operation==BATCH_INSTALL)selectAll(installMapping); + selectAll(compileMapping); + tableValueChanged(0,0); +} + + +void instDialog::deselectAllFirewalls() +{ + if (operation==BATCH_INSTALL)deselectAll(installMapping); + deselectAll(compileMapping); + tableValueChanged(0,0); +} + +void instDialog::selectAll(t_tableMap &mapping) +{ + if (fwbdebug) qDebug("instDialog::selectAll"); + + t_tableMap::iterator i; + + QTableWidgetItem *item; + + for(i=mapping.begin();i!=mapping.end();++i) + { + item=(*i).second; + item->setCheckState(Qt::Checked); + } +} +void instDialog::deselectAll(t_tableMap &mapping) +{ + if (fwbdebug) qDebug("instDialog::deselectAll"); + t_tableMap::iterator i; + QTableWidgetItem *item; + for(i=mapping.begin();i!=mapping.end();++i) + { + item=(*i).second; + item->setCheckState(Qt::Unchecked); + } +} +void instDialog::fillCompileOpList() +{ + m_dialog->listView4->clear(); + opList.clear(); + processedFirewalls.clear(); + opListMapping.clear(); + + Firewall * f; + InstallFirewallViewItem * item; + t_fwList::reverse_iterator i; + for(i=firewalls.rbegin();i!=firewalls.rend();++i) + { + if(compileMapping[(*i)]->checkState() == Qt::Checked) + { + f=(*i); + opList.push_front(f); + item=new InstallFirewallViewItem(NULL,//m_dialog->listView4, + QString::fromUtf8(f->getName().c_str()), + false); + m_dialog->listView4->insertTopLevelItem(0, item); + + opListMapping[f]=item; + + processedFirewalls[f]=make_pair("",""); + } + } + +} +void instDialog::compileSelected() +{ + if (fwbdebug) qDebug("instDialog::compileSelected"); + setTitle(1,tr("Batch policy rules compilation")); + + currentLog = m_dialog->procLogDisplay; + currentSaveButton = m_dialog->saveMCLogButton; + currentSaveButton->setEnabled(true); + currentStopButton = m_dialog->controlMCButton; + currentProgressBar = m_dialog->compProgress; + currentFirewallsBar = m_dialog->compFirewallProgress; + currentLabel = m_dialog->infoMCLabel; + currentFWLabel = m_dialog->fwMCLabel; + currentSearchString="Compiling rule sets for firewall: "; + setNextEnabled(0,false); + + mw->fileSave(); + compileFlag=true; + + currentProgressBar->reset(); + currentFirewallsBar->reset(); + currentFirewallsBar->setMaximum(opList.size()); + progress=0; + stopProcessFlag=false; + + + currentLog->clear(); + + if (currentStopButton) + { + disconnect(currentStopButton,SIGNAL(clicked()),this,SLOT(compileSelected())); + connect(currentStopButton,SIGNAL(clicked()),this,SLOT(stopCompile())); + currentStopButton->setText(tr("Stop")); + currentStopButton->setEnabled(true); + + } + + Firewall *f; + QTreeWidgetItem* item; + + opListIterator=opList.begin(); + + while (opListIterator!=opList.end() && !stopProcessFlag) + { + if (currentFirewallsBar) currentFirewallsBar->setValue(++progress); + qApp->processEvents(); + + f=*opListIterator; + item=opListMapping[f]; + currentFWLabel->setText(QString::fromUtf8(f->getName().c_str())); + + + m_dialog->listView4->scrollToItem( opListMapping[f] ); + + if(runCompile(f)) + { + setInProcessState(item); + item->setText(1,tr("Compiling ...")); + + return; + } + else + { + item->setText(1,tr("Failure")); + setFailureState(item); + } + ++opListIterator; + + m_dialog->listView4->update(); + /*m_dialog->listView4->dataChanged ( m_dialog->listView4->indexFromItem(item,0), m_dialog->listView4->indexFromItem(item,1) );*/ + } + +} +void instDialog::stopCompile() +{ + if( fwbdebug) qDebug("instDialog::stopCompile"); + stopProcessFlag=true; + + currentStopButton->setEnabled(false); + + proc.terminate(); //try to close proc. + QTimer::singleShot( 1000, &proc, SLOT( kill() ) ); //if it doesn't respond, kill it +} + +void instDialog::stopInstall() +{ + currentStopButton->setEnabled(false); + stopProcessFlag=true; +} + +void instDialog::fillLastList() +{ + m_dialog->lastListView->clear(); + + QTreeWidgetItem *item; + Firewall* f; + t_procMess m; + + for (map::iterator i=processedFirewalls.begin(); + i!=processedFirewalls.end(); ++i) + { + f=(*i).first; + m=(*i).second; + + item=new QTreeWidgetItem(m_dialog->lastListView, + QStringList(QString::fromUtf8(f->getName().c_str()))); + + + item->setText(1,m.first); + item->setText(2,m.second); + + } + + m_dialog->lastListView->setSortingEnabled(true); + m_dialog->lastListView->sortByColumn(0, Qt::AscendingOrder); +} + +bool instDialog::runInstall(Firewall *fw) +{ + if (fwbdebug) qDebug("instDialog::runInstall"); + if (customScriptFlag) + { + if (fwbdebug) qDebug("custom script"); + summary(); + + addToLog( args.join(" ") ); + + QString path = args[0]; + args.pop_front(); + proc.start(path, args); + + if ( !proc.waitForStarted() ) + { + addToLog( tr("Error: Failed to start program") ); + return false; + } + + args.push_front(path); //return to previous state + + } + else + { + if (fwbdebug) qDebug("build-in installer"); + return doInstallPage(fw); + } + return true; +} + +void instDialog::fillInstallOpList() +{ + if (fwbdebug) qDebug("instDialog::fillInstallOpList"); + m_dialog->listView4->clear(); + opListMapping.clear(); + opList.clear(); + + InstallFirewallViewItem * item; + Firewall * f; + + t_fwList::reverse_iterator i; + for(i=firewalls.rbegin();i!=firewalls.rend();++i) + { + f=(*i); + + if (installMapping[f]->checkState() == Qt::Checked) + { + opList.push_front(f); + item=new InstallFirewallViewItem(NULL, + QString::fromUtf8(f->getName().c_str()), + false); + + m_dialog->listView4->insertTopLevelItem(0, item); + + opListMapping[f]=item; + if (processedFirewalls.find(f)==processedFirewalls.end()) + processedFirewalls[f]=make_pair("",""); + } + } +} +void instDialog::initInstall() +{ + if (fwbdebug) + qDebug("instDialog::initInstall()"); + + currentFirewallsBar = m_dialog->compFirewallProgress; + currentFirewallsBar->reset(); + currentFirewallsBar->setMaximum(opList.size()); + currentStopButton = m_dialog->controlMCButton; + currentStopButton->setText(tr("Stop")); + + disconnect(currentStopButton,SIGNAL(clicked())); + connect(currentStopButton,SIGNAL(clicked()),this,SLOT(stopInstall())); + + currentSaveButton = m_dialog->saveMCLogButton; + currentLog = m_dialog->procLogDisplay; + currentProgressBar = m_dialog->compProgress; + currentLabel = m_dialog->fwMCLabel; + currentLog->clear(); + currentSearchString=tr("Install firewall: "); + m_dialog->infoMCLabel->setText(""); + progress=0; + stopProcessFlag=false; +} + +void instDialog::installSelected() +{ + if (fwbdebug) qDebug("instDialog::installSelected"); + if (fwbdebug) qDebug(("firewall:"+(*opListIterator)->getName()).c_str()); + setTitle(1,tr("Installing firewalls")); + setNextEnabled(1,false); + + bool fPix=false,fCustInst=true; + + if (opListIterator==opList.begin() && m_dialog->batchInstall->isChecked()) + { + // check if this is PIX and if we use custom + // install script, set flags fPix and fCustInst accordingly + analyseInstallQueue(fPix,fCustInst); + } + while ( opListIterator!=opList.end()) + { + currentSaveButton->setEnabled(true); + currentProgressBar->reset(); + currentProgressBar->setMaximum(100); + + currentLabel->setText(QString::fromUtf8((*opListIterator)->getName().c_str())); + compileFlag=false; + + resetInstallSSHSession(); + currentFirewallsBar->setValue(++progress); + + appendRich("
    "); + appendRich(QString("")+currentSearchString+ + QString::fromUtf8((*opListIterator)->getName().c_str())+""); + appendRich("\n"); + //qApp->processEvents(); + + + if (testFirewall(*opListIterator)) + { + opListMapping[*opListIterator]->setText(1,tr("Installing ...")); + setInProcessState(opListMapping[*opListIterator]); + //qApp->processEvents(); + + if (customScriptFlag && fCustInst) + { // custom installer + if (fwbdebug) qDebug("custom install script."); + + } + else + { // buildin installer + if (fwbdebug) qDebug("buildin installer"); + // Show options dialog + if (!m_dialog->batchInstall->isChecked() || + opListIterator==opList.begin()) + { + if (dlg) + { + delete dlg; + dlg=NULL; + } + + prepareInstallerOptions(); + + if (m_dialog->batchInstall->isChecked()) + dlg=new instBatchOptionsDialog(this, &cnf); + else + dlg=new instOptionsDialog(this, &cnf); + + if (dlg->exec()==QDialog::Rejected) + { + delete dlg; + dlg=NULL; + + if (m_dialog->batchInstall->isChecked()) + { + stopProcessFlag=true; + showPage(0); + return; + } + else + { + processedFirewalls[*opListIterator].second="Cancelled"; + opListMapping[*opListIterator]->setText(1,tr("Failure")); + setFailureState(opListMapping[*opListIterator]); + opListIterator++; + setNextEnabled(1,true); + m_dialog->saveMCLogButton->setEnabled(true); + //if (opList.end()!=opListIterator && batchInstall->isChecked()) + // showPage(page(2)); + return; + + } + } + // clear aternative address in the dialog if this is batch install. + if (m_dialog->batchInstall->isChecked()) + dlg->m_dialog->altAddress->setText(""); + setTitle(1, + QObject::tr("Installing policy rules on firewall '%1'.").arg( + (*opListIterator)->getName().c_str() )); + //qApp->processEvents(); + if (!runInstall(*opListIterator)) + { + if (fwbdebug) qDebug("start error"); + processedFirewalls[*opListIterator].second="start error"; + opListMapping[*opListIterator]->setText(1,tr("Failure")); + setFailureState(opListMapping[*opListIterator]); + opListIterator++; + setNextEnabled(1,true); + m_dialog->saveMCLogButton->setEnabled(true); + if (opList.end()!=opListIterator && m_dialog->batchInstall->isChecked()) + showPage(2); + return; + + } + + return; + } + } + if (!runInstall(*opListIterator)) + { + processedFirewalls[*opListIterator].second="start error"; + opListMapping[*opListIterator]->setText(1,tr("Failure")); + setFailureState(opListMapping[*opListIterator]); + opListIterator++; + setNextEnabled(1,true); + } + else + { + return; + } + } + else + { + processedFirewalls[*opListIterator].second="init error"; + opListMapping[*opListIterator]->setText(1,tr("Failure")); + setFailureState(opListMapping[*opListIterator]); + opListIterator++; + setNextEnabled(1,true); + } + } +} + +void instDialog::findFirewallInCompileLog(QTreeWidgetItem* item) +{ + if (fwbdebug) qDebug("instDialog::findFirewallInCompileLog"); + Firewall *fw; + //int p=1,i=0; + + m_dialog->detailMCframe->show(); + qApp->processEvents(); + fw=findFirewallbyListItem(item); + m_dialog->procLogDisplay->moveCursor( QTextCursor::End ); + m_dialog->procLogDisplay->find(currentSearchString + + QString::fromUtf8(fw->getName().c_str()), + QTextDocument::FindWholeWords | + QTextDocument::FindCaseSensitively | + QTextDocument::FindBackward); +} + +Firewall * instDialog::findFirewallbyListItem(QTreeWidgetItem *item) +{ + Firewall * res=NULL; + t_listMap::iterator i; + + for(i=opListMapping.begin();i!=opListMapping.end();++i) + { + if ((*i).second==item) + { + res=(*i).first; + break; + } + } + return res; +} + +Firewall * instDialog::findFirewallbyTableItem(QTableWidgetItem *item) +{ + Firewall * res=NULL; + t_tableMap::iterator i; + + for(i=compileMapping.begin();i!=compileMapping.end();++i) + { + if ((*i).second==item) + { + res=(*i).first; + return res; + } + } + + for(i=installMapping.begin();i!=installMapping.end();++i) + { + if ((*i).second==item) + { + res=(*i).first; + return res; + } + } + + return res; +} +void instDialog::showSelected() +{ + + QTableWidgetItem* item; + Firewall *f; + + t_fwList::iterator i; + bool sel; + + for(i=firewalls.begin();i!=firewalls.end();++i) + { + sel=false; + + f=(*i); + item=compileMapping[f]; + sel|=item->checkState()==Qt::Checked; + + item=installMapping[f]; + sel|=item->checkState()==Qt::Checked; + + if(!sel ) + { + if (showSelectedFlag) + { + m_dialog->selectTable->showRow(item->row()); + } + else + { + m_dialog->selectTable->hideRow(item->row()); + } + } + } + if (showSelectedFlag) + { + m_dialog->showSelButton->setText(tr("Show selected")); + m_dialog->pushButton16->setEnabled(true); + m_dialog->pushButton17->setEnabled(true); + } + else + { + m_dialog->showSelButton->setText(tr("Show all")); + m_dialog->pushButton16->setEnabled(false); + m_dialog->pushButton17->setEnabled(false); + } + showSelectedFlag=!showSelectedFlag; + +} + +void instDialog::tableValueChanged(int row, int col) +{ + if (creatingTable) return; + if (fwbdebug) qDebug("instDialog::tableValueChanged"); + QTableWidgetItem *item; + Firewall *f; + + item=m_dialog->selectTable->item(row,col); + f=findFirewallbyTableItem(item); + + + if (col==0) + { // Compilation flag has been changed + if ( + (item->checkState()==Qt::Unchecked) && + f->getInt("lastCompiled")==0 && + (installMapping[f]->checkState()==Qt::Checked)) + { + installMapping[f]->setCheckState(Qt::Unchecked); + } + } + else if (col==1) + { // Installation flag has been changed + if ( + (item->checkState()==Qt::Checked) && + f->getInt("lastCompiled")==0) + { + compileMapping[f]->setCheckState(Qt::Checked); + } + + } + + setNextEnabled(0, isTableHasChecked()); +} + +bool instDialog::isTableHasChecked() +{ + QTableWidgetItem *item; + Firewall *f; + + t_fwList::iterator i; + + bool res=false; + + for(i=firewalls.begin();i!=firewalls.end();++i) + { + f=(*i); + item=compileMapping[f]; + if(!item) return false; + if(item->checkState()==Qt::Checked) res = true; + + item=installMapping[f]; + if(!item) return false; + if(item->checkState()==Qt::Checked) res = true; + } + return res; +} + +void instDialog::analyseInstallQueue(bool &fPix, bool &fCustInst) +{ + if (fwbdebug) qDebug("instDialog::analyseInstallQueue"); + Firewall *f; + //FWOptions *fwopt; + Management *mgmt; + PolicyInstallScript *pis; + + fPix=false; + fCustInst=true; + + t_fwList::iterator i; + for(i=opList.begin(); i!=opList.end(); ++i) + { + f=(*i); + //fwopt=f->getOptionsObject(); + mgmt=f->getManagementObject(); + pis = mgmt->getPolicyInstallScript(); + + fPix = fPix || f->getStr("platform")=="pix" || f->getStr("platform")=="fwsm" || f->getStr("platform")=="iosacl"; + fCustInst = fCustInst && !( pis->getCommand()=="" ); + + if (fwbdebug) + { + qDebug(("f:"+f->getName()).c_str()); + qDebug(("p:"+f->getStr("platform")).c_str()); + qDebug((QString("fPix:")+(fPix?"true":"false")).toAscii().constData()); + } + + if (fPix && !fCustInst) return;// nothing can change if we continue loop + } +} + +void instDialog::clearReqFirewalls() +{ + reqFirewalls.clear(); +} + +void instDialog::addReqFirewall(Firewall *f) +{ + reqFirewalls.insert(f); +} diff --git a/src/gui/instDialog.h b/src/gui/instDialog.h new file mode 100644 index 000000000..fccde3b0f --- /dev/null +++ b/src/gui/instDialog.h @@ -0,0 +1,234 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: instDialog.h,v 1.35 2007/05/11 02:14:30 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __INSTDIALOG_H_ +#define __INSTDIALOG_H_ + + +#include "../../config.h" + +#include +#include "instConf.h" +#include "fakeWizard.h" + +#include "instOptionsDialog.h" + +#include +#include +#include + +#include +#include +#include +#include + +class QEventLoop; +class SSHSession; +class QTextEdit; +class QListViewItem; +class QCheckListItem; +class QPushButton; +class QProgressBar; +class QStringList; +//class QCheckTableItem; + +namespace libfwbuilder +{ + class Firewall; +} + +enum BatchOperation {BATCH_INSTALL,BATCH_COMPILE} ; + +typedef std::map t_listMap; +typedef std::map t_tableMap; +typedef std::list t_fwList; +typedef std::pair t_procMess; // first - compilation result, second - installation result; +typedef std::set t_fwSet; + + +class instDialog : public QDialog, public FakeWizard +{ + + Q_OBJECT + + Ui::instDialog_q *m_dialog; + bool ready; + bool activationCommandDone; + instConf cnf; + + QString ssh; + + QString confScript; + QStringList confFiles; + + QString fwb_prompt; + + QString newKeyMsg; + + int phase; + + QString replaceMacrosInCommand(const QString &cmd); + QString getActivationCmd(); + //libfwbuilder::Firewall * firewall; + t_fwSet reqFirewalls; + + + // session is used when e run built-in installer + SSHSession *session; + + // proc is used to launch external oprocess, such as compiler or + // user-defined installer script + QProcess proc; + + std::map processedFirewalls; + + t_fwList firewalls; + t_fwList opList; + + t_fwList::iterator opListIterator; + + t_listMap opListMapping; + t_tableMap compileMapping; + t_tableMap installMapping; + + QString path; //path of the program to execute + QStringList args; //arguments for that program + + QTextEdit *currentLog; + QPushButton *currentSaveButton; + QPushButton *currentStopButton; + QProgressBar *currentProgressBar; + QProgressBar *currentFirewallsBar; + QLabel *currentLabel; + QLabel *currentFWLabel; + QString currentSearchString; + bool creatingTable; + + BatchOperation operation; + instOptionsDialog *dlg; + QString pendingLogLine; + + int progress; + int totalRules; + int processedRules; + int lastPage; + bool stopProcessFlag; + bool rejectDialogFlag; + bool compileFlag; + bool customScriptFlag; + bool showSelectedFlag; + + void fillCompileSelectList(); + void selectAll(t_tableMap &mapping); + void deselectAll(t_tableMap &mappin); + void fillCompileOpList(); + void fillLastList(); + bool doInstallPage(libfwbuilder::Firewall*); + void resetInstallSSHSession(); + bool testFirewall(libfwbuilder::Firewall*); + void finishInstall(bool success=true); + void fillInstallOpList(); + void installSelected(); + void initInstall(); + void analyseInstallQueue(bool &fPix, bool &fCustInst); + libfwbuilder::Firewall *findFirewallbyListItem(QTreeWidgetItem* item); + libfwbuilder::Firewall *findFirewallbyTableItem(QTableWidgetItem *item); + + + public: + instDialog(QWidget* p, BatchOperation op, t_fwSet reqFirewalls_); + virtual ~instDialog(); + + void setReady(bool f) { ready=f; } + + void summary(); + + + QWidget* page(int n) { return m_dialog->stackedWidget->widget(n); } + + void initiateCopy(const QString &file); + void runSSH(SSHSession *s); + void displayCommand(const QStringList &args); + bool runCompile(libfwbuilder::Firewall *fw); + bool runInstall(libfwbuilder::Firewall *fw); + bool prepareArgForCompiler(libfwbuilder::Firewall *fw); + bool isTableHasChecked(); + void clearReqFirewalls(); + void addReqFirewall(libfwbuilder::Firewall *f); + void addToLog(const QString &buf); + +protected: + + virtual void showEvent( QShowEvent *ev); + virtual void hideEvent( QHideEvent *ev); + virtual void prepareInstallerOptions(); + + virtual void prepareInstConf(libfwbuilder::Firewall *fw); + virtual void storeInstallerOptions(); + virtual void findFirewalls(); + + QString getFullPath(instConf &cnf, const QString &file ); + + protected slots: + void processExited(int code); + void installerFinished(); + void installerError(); + void showPage(const int page); + + void finishClicked(); + void cancelClicked(); + + void testRunRequested(); + + void append(const QString &line); + void appendRich(const QString &line); + void updateProgressBar(int n,bool setsize); + + void continueRun(); + virtual void saveLog(); + virtual void togleDetailMC(); + + virtual void readFromStdout(); + //virtual void readFromStderr(); + virtual void selectAllFirewalls(); + virtual void deselectAllFirewalls(); + + virtual void nextClicked(); + virtual void backClicked(); + + + void compileSelected(); + void stopCompile(); + void stopInstall(); + void findFirewallInCompileLog(QTreeWidgetItem*); + void showSelected(); + void tableValueChanged(int row, int col); + + +}; + + +#endif diff --git a/src/gui/instOptionsDialog.cpp b/src/gui/instOptionsDialog.cpp new file mode 100644 index 000000000..c52da68db --- /dev/null +++ b/src/gui/instOptionsDialog.cpp @@ -0,0 +1,196 @@ +/* + + Firewall Builder + + Copyright (C) 2006 NetCitadel, LLC + + Author: Illiya Yalovoy + + $Id: instOptionsDialog.cpp,v 1.6 2007/05/11 04:33:29 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "utils.h" +#include "platforms.h" +#include "definitions.h" + +#include "instOptionsDialog.h" +#include "instConf.h" + +#include "fwbuilder/Firewall.h" + +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +using namespace std; +using namespace libfwbuilder; + +instOptionsDialog::instOptionsDialog(QWidget *parent, instConf *_cnf) : + QDialog(parent) +{ + m_dialog = new Ui::instOptionsDialog_q; + m_dialog->setupUi(this); + cnf = _cnf; + + QString platform = cnf->fwobj->getStr("platform").c_str(); + + m_dialog->pwd->setEchoMode( QLineEdit::Password ); + m_dialog->epwd->setEchoMode( QLineEdit::Password ); + + QString fwname = QString::fromUtf8(cnf->fwobj->getName().c_str()); + if (!cnf->batchInstall) + m_dialog->dialogTitleLine->setText( + QString("

    ")+ + tr("Install options for firewall '%1'").arg(fwname)+ + QString("

    ") + ); + + m_dialog->uname->setFocus(); + m_dialog->uname->setText( cnf->user ); + m_dialog->incr->setChecked( cnf->incremental ); + m_dialog->test->setChecked( cnf->dry_run ); + m_dialog->backupConfigFile->setText( cnf->backup_file ); + m_dialog->saveDiff->setChecked( cnf->save_diff ); + m_dialog->saveStandby->setChecked( cnf->saveStandby ); + m_dialog->altAddress->setText( cnf->maddr ); + m_dialog->quiet->setChecked( cnf->quiet ); + m_dialog->verbose->setChecked( cnf->verbose ); + m_dialog->stripComments->setChecked( cnf->stripComments ); + m_dialog->compressScript->setChecked( cnf->compressScript ); + m_dialog->copyFWB->setChecked( cnf->copyFWB ); + m_dialog->testRun->setChecked( cnf->testRun ); + m_dialog->rollback->setChecked( cnf->rollback ); + m_dialog->rollbackTime->setValue( cnf->rollbackTime ); + m_dialog->cancelRollbackIfSuccess->setChecked( cnf->cancelRollbackIfSuccess ); + + if (platform=="pix" || platform=="fwsm" || platform=="iosacl") + { + m_dialog->copyFWB->hide(); + + // Hide elements of installOptions dialog for which we do not have commands + QString cmd = cnf->getCmdFromResource("schedule_rollback"); + // option "schedule_rollback" is currently used to control rollback + // behavior only for pix, fwsm and ios + if (cmd.isEmpty()) + { + m_dialog->rollback->hide(); + m_dialog->rollbackTime->hide(); + m_dialog->rollbackTimeUnit->hide(); + m_dialog->cancelRollbackIfSuccess->hide(); + } + + if (platform=="iosacl") + { + m_dialog->PIXgroupBox->hide(); +/* + incr->hide(); + test->hide(); + saveStandby->hide(); + backupConfigFile->hide(); + backupConfigFileLbl->hide(); +*/ + } + + if (cnf->batchInstall) + { + m_dialog->backupConfigFile->hide(); + m_dialog->backupConfigFileLbl->hide(); + } + + } else + { + m_dialog->epwd->hide(); + m_dialog->PIXgroupBox->hide(); + // cancelling rollback at the end of activation is currently + // only supported on pix,fwsm and ios + m_dialog->cancelRollbackIfSuccess->hide(); + } + + + +/* hide anyway, diff does not work for pix 6.3(3) */ + //dlg->hideOption( dlg->saveDiff ); + m_dialog->saveDiff->hide(); + + //progressBar->hide(); + //dlg->hideOption( dlg->stripComments ); + m_dialog->stripComments->hide(); + //dlg->compressScript->hide(); + + //if (platform=="pix" || platform=="fwsm") + //{ + // progressBar->show(); + // stripComments->show(); + //} + + if (cnf->fwobj->getStr("host_OS")!="linksys") + { + m_dialog->compressScript->hide(); + //dlg->hideOption( dlg->compressScript ); + } + + m_dialog->PIXgroupBox->adjustSize(); + m_dialog->generalOptionsBox->adjustSize(); + m_dialog->testOptionsBox->adjustSize(); + m_dialog->mainBox->adjustSize(); + + adjustSize(); + + if (fwbdebug) + { + QSize sz = sizeHint(); + qDebug(QString("instOptionsDialog: sizeHint: %1x%2").arg(sz.width()).arg(sz.height()).toAscii().constData()); + sz = minimumSizeHint(); + qDebug(QString("instOptionsDialog: minimumSizeHint: %1x%2"). + arg(sz.width()).arg(sz.height()).toAscii().constData()); + + QRect bfr; + + bfr = m_dialog->titleFrame->geometry(); + qDebug(QString("instOptionsDialog: titleFrame: top=%1 bottom=%2"). + arg(bfr.top()).arg(bfr.bottom()).toAscii().constData()); + bfr = m_dialog->buttonsFrame->geometry(); + qDebug(QString("instOptionsDialog: buttonsFrame: top=%1 bottom=%2"). + arg(bfr.top()).arg(bfr.bottom()).toAscii().constData()); + } + + //resize( minimumSizeHint() ); + + //adjustSize(); + + //dlg->setFixedHeight( dlg->minimumSizeHint().height() ); +} + +instOptionsDialog::~instOptionsDialog() +{ + delete m_dialog; +} + + +QString instOptionsDialog::getUName() { return m_dialog->uname->text(); } +QString instOptionsDialog::getPWD() { return m_dialog->pwd->text(); } +QString instOptionsDialog::getEPWD() { return m_dialog->epwd->text(); } + diff --git a/src/gui/instOptionsDialog.h b/src/gui/instOptionsDialog.h new file mode 100644 index 000000000..3c432617f --- /dev/null +++ b/src/gui/instOptionsDialog.h @@ -0,0 +1,64 @@ +/* + + Firewall Builder + + Copyright (C) 2006 NetCitadel, LLC + + Author: Illiya Yalovoy + + $Id: instOptionsDialog.h,v 1.4 2007/05/11 02:14:30 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __INSTOPTIONSDIALOG_H_ +#define __INSTOPTIONSDIALOG_H_ + +#include "config.h" +#include + +class instConf; + +class instOptionsDialog : public QDialog +{ + Q_OBJECT + private: + int delta_y; + instConf *cnf; + + public: + instOptionsDialog(QWidget *parent, instConf *_cnf); + ~instOptionsDialog(); + + QString getUName(); + QString getPWD(); + QString getEPWD(); + + Ui::instOptionsDialog_q *m_dialog; + + public slots: + + signals: +/** + * This signal is emitted from closeEvent, ObjectEditor connects + * to this signal to make checks before the object editor can be closed + * and to store its position on the screen + */ + // void close_sign(QCloseEvent *e); + +}; + +#endif diff --git a/src/gui/instdialog_q.ui b/src/gui/instdialog_q.ui new file mode 100644 index 000000000..098a47a38 --- /dev/null +++ b/src/gui/instdialog_q.ui @@ -0,0 +1,876 @@ + + instDialog_q + + + + 0 + 0 + 564 + 663 + + + + + 5 + 5 + 0 + 0 + + + + true + + + + 9 + + + 6 + + + + + + 3 + 0 + 0 + 0 + + + + + 0 + 25 + + + + + Sans Serif + 14 + 75 + false + true + + + + TextLabel + + + Qt::AlignCenter + + + + + + + + 7 + 3 + 0 + 0 + + + + 0 + + + + + 3 + 3 + 0 + 0 + + + + Qt::LeftToRight + + + + 1 + + + 6 + + + + + 2 + + + 6 + + + + + + 3 + 5 + 0 + 0 + + + + QFrame::Box + + + QFrame::Plain + + + + 11 + + + 6 + + + + + <p align="center"><b><font size="+2">Select firewalls to compile and install.</font></b></p> + + + false + + + + + + + + + + + 3 + 5 + 0 + 0 + + + + QFrame::Box + + + QFrame::Plain + + + + 11 + + + 6 + + + + + + 1 + 0 + 0 + 0 + + + + Perform batch install + + + + + + + Check this option if you want to install all selected firewalls automatically. This only works if you use the same user name and password to authenticate to all these firewalls. + + + Qt::AlignVCenter + + + true + + + + + + + + + + + 3 + 5 + 0 + 0 + + + + QFrame::Box + + + QFrame::Plain + + + + 11 + + + 6 + + + + + QAbstractItemView::NoSelection + + + + Compile + + + + + Install + + + + + Firewall + + + + + Library + + + + + Last Modified + + + + + Last Compiled + + + + + Last Installed + + + + + + + + QFrame::Box + + + QFrame::Plain + + + + 11 + + + 6 + + + + + All + + + + + + + None + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 100 + 20 + + + + + + + + Show selected + + + + + + + + + + + + + + + + + 9 + + + 6 + + + + + QFrame::Box + + + QFrame::Plain + + + + 11 + + + 6 + + + + + Stop + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 112 + 20 + + + + + + + + false + + + + Firewall + + + + + Progress + + + + + + + + + + + + 7 + 5 + 1 + 0 + + + + QFrame::Box + + + QFrame::Plain + + + + 11 + + + 6 + + + + + 0 + + + 6 + + + + + Firewalls: + + + false + + + + + + + + 7 + 5 + 0 + 0 + + + + + 75 + true + + + + firewall + + + false + + + + + + + + + Qt::Horizontal + + + + + + + 0 + + + 6 + + + + + Progress: + + + false + + + + + + + + 7 + 5 + 0 + 0 + + + + + 75 + true + + + + + + + false + + + + + + + + + Qt::Horizontal + + + + + + + 0 + + + 6 + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 180 + 20 + + + + + + + + Show Details + + + false + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 101 + 20 + + + + + + + + + + 0 + + + 6 + + + + + Process log + + + + 0 + + + 6 + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 131 + 20 + + + + + + + + Save log to file + + + + + + + true + + + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 16 + 210 + + + + + + + + + + + + + + + 9 + + + 6 + + + + + Qt::ScrollBarAlwaysOn + + + 20 + + + false + + + + Firewall + + + + + Compile + + + + + Install + + + + + + + + + + + + + 3 + 0 + 1 + 0 + + + + + 400 + 50 + + + + QFrame::StyledPanel + + + QFrame::Raised + + + + 9 + + + 6 + + + + + Qt::Horizontal + + + + 40 + 20 + + + + + + + + < &Back + + + + + + + &Next > + + + false + + + + + + + &Finish + + + false + + + + + + + &Cancel + + + + + + + + + + + + + detailsButton + clicked(bool) + instDialog_q + togleDetailMC() + + + 20 + 20 + + + 20 + 20 + + + + + saveMCLogButton + clicked(bool) + instDialog_q + saveLog() + + + 20 + 20 + + + 20 + 20 + + + + + listView4 + itemActivated(QTreeWidgetItem*, int) + instDialog_q + findFirewallInCompileLog(QTreeWidgetItem*) + + + 20 + 20 + + + 20 + 20 + + + + + pushButton16 + clicked(bool) + instDialog_q + selectAllFirewalls() + + + 20 + 20 + + + 20 + 20 + + + + + pushButton17 + clicked(bool) + instDialog_q + deselectAllFirewalls() + + + 20 + 20 + + + 20 + 20 + + + + + showSelButton + clicked(bool) + instDialog_q + showSelected() + + + 20 + 20 + + + 20 + 20 + + + + + selectTable + cellChanged(int,int) + instDialog_q + tableValueChanged(int,int) + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/instoptionsdialog_q.ui b/src/gui/instoptionsdialog_q.ui new file mode 100644 index 000000000..4f0d05f0d --- /dev/null +++ b/src/gui/instoptionsdialog_q.ui @@ -0,0 +1,587 @@ + + instOptionsDialog_q + + + + 0 + 0 + 578 + 819 + + + + + 0 + 0 + + + + + 32767 + 32767 + + + + + + + Qt::StrongFocus + + + Install options + + + false + + + + 4 + + + 4 + + + 4 + + + 4 + + + + + + 0 + 0 + + + + + 32767 + 32767 + + + + QFrame::NoFrame + + + QFrame::Plain + + + + + + <p align="center"><b><font size="+2">Install options for firewall '%1'</font></b></p> + + + false + + + + + + + + + + + 0 + 0 + + + + + 32767 + 32767 + + + + QFrame::NoFrame + + + QFrame::Plain + + + + + + OK + + + + + + + Cancel + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 230 + 20 + + + + + + + + + + + + 0 + 0 + + + + QFrame::NoFrame + + + QFrame::Plain + + + + + + + 0 + 0 + + + + QFrame::NoFrame + + + QFrame::Plain + + + + + + min + + + false + + + + + + + 99999 + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 140 + 20 + + + + + + + + Test run: run the script on the firewall but do not store it permanently. + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 30 + 20 + + + + + + + + Rebooting the firewall will restore its original policy. To cancel reboot, install the policy with "test run" option turned off + + + Schedule reboot in + + + + + + + If you install the policy in test mode, it will not be saved permanently, so you can revert to the last working configuration by rebooting the firewall + + + Qt::AlignVCenter + + + true + + + + + + + Cancel reboot if policy activation was successfull + + + + + + + + + + + 0 + 0 + + + + QFrame::NoFrame + + + QFrame::Plain + + + + + + Quiet install: do not print anything as commands are executed on the firewall + + + + + + + Verbose: print all commands as they are executed on the firewall + + + + + + + Remove comments from configuration + + + + + + + Compress script + + + + + + + Store a copy of fwb file on the firewall + + + + + + + + + + + 0 + 0 + + + + Alternative address to communicate with the firewall: + + + Qt::AlignVCenter + + + true + + + + + + + + 200 + 0 + + + + + 32767 + 32767 + + + + + + + + + 0 + 0 + + + + Options for PIX and fwsm firewalls : + + + false + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + Write configuration to standby PIX + + + + + + + Dry run (commands won't be executed on the firewall) + + + + + + + Store configuration diff in a file + + + + + + + Calculate difference between current firewall state and generated configuration and install only those commands that update state of the firewall + + + install only ACL, 'icmp', 'telnet', 'ssh', 'nat', 'global' and 'static' commands + + + + + + + + 0 + 0 + + + + Make a backup copy of the firewall configuration in this file: + + + Qt::AlignVCenter + + + true + + + + + + + + 0 + 0 + + + + + + + + + + + + 0 + 0 + + + + QFrame::NoFrame + + + QFrame::Plain + + + + + + + + + Password or passphrase: + + + false + + + + + + + User name: + + + false + + + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + + + Enable password: + + + false + + + + + + + + + + + + + + uname + pwd + epwd + backupConfigFile + incr + saveDiff + test + saveStandby + altAddress + quiet + verbose + stripComments + compressScript + copyFWB + testRun + rollback + rollbackTime + cancelRollbackIfSuccess + okButton + cancelButton + + + + + + okButton + clicked() + instOptionsDialog_q + accept() + + + 20 + 20 + + + 20 + 20 + + + + + cancelButton + clicked() + instOptionsDialog_q + reject() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/interfacedialog_q.ui b/src/gui/interfacedialog_q.ui new file mode 100644 index 000000000..830dd4fb4 --- /dev/null +++ b/src/gui/interfacedialog_q.ui @@ -0,0 +1,683 @@ + + InterfaceDialog_q + + + true + + + + 0 + 0 + 780 + 437 + + + + + 0 + 0 + + + + Interface + + + + 11 + + + 11 + + + 11 + + + 11 + + + + + + + + 0 + 0 + + + + QFrame::Box + + + QFrame::Sunken + + + + 5 + + + 5 + + + 5 + + + 5 + + + + + + 75 + true + + + + Interface + + + false + + + + + + + + 0 + 0 + + + + + + + true + + + false + + + + + + + + + + + 0 + 0 + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 11 + + + 11 + + + 11 + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 16 + 20 + + + + + + + + Comment: + + + false + + + + + + + + 0 + 100 + + + + + 200 + 0 + + + + true + + + + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 11 + + + 11 + + + 11 + + + + + Name: + + + false + + + + + + + Label: + + + false + + + + + + + Library: + + + false + + + + + + + Security level: + + + false + + + + + + + <p>Each interface of the firewall must have security level associated with it.<br>Security level can be any number between 0 and 100, 0 being least secure and 100 being most secure levels. Interface with security level 0 ususally serves Internet connection.</p> + + + <p>Each interface of the firewall must have security level associated with it.<br> +Security level can be any number between 0 and 100, 0 being least secure and 100 being most secure levels. Interface with security level 0 ususally serves Internet connection.</p> + + + QAbstractSpinBox::PlusMinus + + + 100 + + + + + + + + + + + 0 + 0 + + + + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 16 + + + + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + <p>Network zone consists of hosts and networks that can be reached through this interface of the firewall. Subnet to which this interface is directly attached must be part of its network zone. Other subnets reachable by means of routing should alse be added to the network zone. +<br> +If network zone for this interface consists of only one subnet, you can simply choose that network's object in the pull-down below. If your network zone should include multiple subnets, you need to create an Object Group, then put all hosts and networks which are going to be part of the network zone into that group and finally choose this group in the pull-down below.</p> + + + <p>Network zone consists of hosts and networks that can be reached through this interface of the firewall. Subnet to which this interface is directly attached must be part of its network zone. Other subnets reachable by means of routing should alse be added to the network zone. +<br> +If network zone for this interface consists of only one subnet, you can simply choose that network's object in the pull-down below. If your network zone should include multiple subnets, you need to create an Object Group, then put all hosts and networks which are going to be part of the network zone into that group and finally choose this group in the pull-down below.</p> + + + + + + + Network zone: + + + false + + + + + + + + 0 + 0 + + + + + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + <p>One interface of the firewall must be marked as 'external'. This interface should be connected to the least secure network, usually the Internet.</p> + + + One interface of the firewall must be marked as 'external'. This interface should be connected to the least secure network, usually the Internet. + + + This interface is external (insecure) + + + + + + + <p>Check if this interface is used for management (SNMP queries, remote policy install etc.)<p> + + + Management interface + + + + + + + Unnumbered interface + + + + + + + Address is assigned dynamically + + + + + + + Regular interface + + + + + + + Skip this interface while assigning policy rules + + + Unprotected interface + + + + + + + Bridge port + + + + + + + + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + obj_name + libs + label + seclevel + management + ext + regular + dynamic + unnumbered + bridgeport + comment + netzone + + + + + + bridgeport + toggled(bool) + InterfaceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + comment + textChanged() + InterfaceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + dynamic + toggled(bool) + InterfaceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ext + clicked() + InterfaceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + label + textChanged(QString) + InterfaceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + libs + editTextChanged(QString) + InterfaceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + management + clicked() + InterfaceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + netzone + activated(int) + InterfaceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + obj_name + textChanged(QString) + InterfaceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + regular + toggled(bool) + InterfaceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + seclevel + valueChanged(int) + InterfaceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + unnumbered + toggled(bool) + InterfaceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + unprotected + toggled(bool) + InterfaceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/iosAdvancedDialog.cpp b/src/gui/iosAdvancedDialog.cpp new file mode 100644 index 000000000..a6e85e8ab --- /dev/null +++ b/src/gui/iosAdvancedDialog.cpp @@ -0,0 +1,90 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: iosAdvancedDialog.cpp,v 1.1 2007/05/09 04:18:18 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "iosAdvancedDialog.h" +#include "ObjectManipulator.h" + +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Management.h" + +#include +#include +#include +#include +#include +#include +#include + + +using namespace std; +using namespace libfwbuilder; + +iosAdvancedDialog::~iosAdvancedDialog() +{ + delete m_dialog; +} + +iosAdvancedDialog::iosAdvancedDialog(QWidget *parent,FWObject *o) + : QDialog(parent) +{ + m_dialog = new Ui::iosAdvancedDialog_q; + m_dialog->setupUi(this); + obj=o; + + FWOptions *fwoptions=(Firewall::cast(obj))->getOptionsObject(); + assert(fwoptions!=NULL); + + Management *mgmt=(Firewall::cast(obj))->getManagementObject(); + assert(mgmt!=NULL); + +/* Page "General" */ + data.registerOption( m_dialog->ios_set_host_name , fwoptions, "ios_set_host_name" ); + data.registerOption( m_dialog->ios_ip_address , fwoptions, "ios_ip_address" ); + + data.loadAll(); +} + +/* + * store all data in the object + */ +void iosAdvancedDialog::accept() +{ + data.saveAll(); + om->updateLastModifiedTimestampForAllFirewalls(obj); + QDialog::accept(); +} + +void iosAdvancedDialog::reject() +{ + QDialog::reject(); +} + + diff --git a/src/gui/iosAdvancedDialog.h b/src/gui/iosAdvancedDialog.h new file mode 100644 index 000000000..b69975d59 --- /dev/null +++ b/src/gui/iosAdvancedDialog.h @@ -0,0 +1,61 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: iosAdvancedDialog.h,v 1.1 2007/05/09 04:18:18 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + + +#ifndef __IOSADVANCEDDIALOG_H_ +#define __IOSADVANCEDDIALOG_H_ + +#include +#include "DialogData.h" + +namespace libfwbuilder { + class FWObject; +}; + +class iosAdvancedDialog : public QDialog +{ + Q_OBJECT + + libfwbuilder::FWObject *obj; + DialogData data; + Ui::iosAdvancedDialog_q*m_dialog; + + public: + iosAdvancedDialog(QWidget *parent,libfwbuilder::FWObject *o); + ~iosAdvancedDialog(); + +protected slots: + + virtual void accept(); + virtual void reject(); + + +public slots: + +}; + +#endif // __IOSADVANCEDDIALOG_H + diff --git a/src/gui/iosaclAdvancedDialog.cpp b/src/gui/iosaclAdvancedDialog.cpp new file mode 100644 index 000000000..d2e45cc99 --- /dev/null +++ b/src/gui/iosaclAdvancedDialog.cpp @@ -0,0 +1,378 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: iosaclAdvancedDialog.cpp,v 1.1 2007/05/09 04:18:18 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "iosaclAdvancedDialog.h" +#include "SimpleTextEditor.h" +#include "ObjectManipulator.h" +#include "FWWindow.h" +#include "FWBSettings.h" + +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Management.h" +#include "fwbuilder/Resources.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/XMLTools.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#include + +using namespace std; +using namespace libfwbuilder; + +iosaclAdvancedDialog::~iosaclAdvancedDialog() +{ + delete m_dialog; +} + +iosaclAdvancedDialog::iosaclAdvancedDialog(QWidget *parent,FWObject *o) + : QDialog(parent) +{ + m_dialog = new Ui::iosaclAdvancedDialog_q; + m_dialog->setupUi(this); + + obj=o; + + Firewall *fw=Firewall::cast(obj); + FWOptions *fwopt=fw->getOptionsObject(); + string compiler=fwopt->getStr("compiler"); + if (compiler=="") + { + compiler=Resources::platform_res[fw->getStr("platform")]->getCompiler(); + } +/* + * On Unix compilers are installed in the standard place and are + * accessible via PATH. On Windows and Mac they get installed in + * unpredictable directories and need to be found + * + * first, check if user specified an absolute path for the compiler, + * then check if compiler is registsred in preferences, and if not, + * look for it in appRootDir and if it is not there, rely on PATH + */ +#if defined(Q_OS_WIN32) || defined(Q_OS_MACX) + + if ( ! QFile::exists( compiler.c_str() ) ) + { + string ts = string("Compilers/")+compiler; + QString cmppath = st->getStr( ts.c_str() ); + if (!cmppath.isEmpty()) compiler = cmppath.toLatin1().constData(); + else + { + /* try to find compiler in appRootDir. */ + string ts = appRootDir + FS_SEPARATOR + compiler; + if ( QFile::exists( ts.c_str() ) ) + compiler = appRootDir + FS_SEPARATOR + compiler; + } + } +#endif + + string vers="version_"+obj->getStr("version"); + string platform = obj->getStr("platform"); // should be 'iosacl' + + QString s; + QStringList logLevels; + QStringList logLevelMapping; + logLevelMapping.push_back(""); + logLevelMapping.push_back(""); + +/* filling pop-down menu and pushing the same strings to the mapping + * list at the same time so we could use translation + */ + s=QObject::tr("0 - System Unusable"); + logLevels.push_back(s); + logLevelMapping.push_back(s); + logLevelMapping.push_back("0"); + + s=QObject::tr("1 - Take Immediate Action"); + logLevels.push_back(s); + logLevelMapping.push_back(s); + logLevelMapping.push_back("1"); + + s=QObject::tr("2 - Critical Condition"); + logLevels.push_back(s); + logLevelMapping.push_back(s); + logLevelMapping.push_back("2"); + + s=QObject::tr("3 - Error Message"); + logLevels.push_back(s); + logLevelMapping.push_back(s); + logLevelMapping.push_back("3"); + + s=QObject::tr("4 - Warning Message"); + logLevels.push_back(s); + logLevelMapping.push_back(s); + logLevelMapping.push_back("4"); + + s=QObject::tr("5 - Normal but significant condition"); + logLevels.push_back(s); + logLevelMapping.push_back(s); + logLevelMapping.push_back("5"); + + s=QObject::tr("6 - Informational"); + logLevels.push_back(s); + logLevelMapping.push_back(s); + logLevelMapping.push_back("6"); + + s=QObject::tr("7 - Debug Message"); + logLevels.push_back(s); + logLevelMapping.push_back(s); + logLevelMapping.push_back("7"); + +/* do not need to translate syslog facilities, but will use the same + * method just in case */ + + QStringList syslogFacilities; + QStringList syslogFacilityMapping; + syslogFacilities.push_back(""); + syslogFacilityMapping.push_back(""); + syslogFacilityMapping.push_back(""); + + syslogFacilities.push_back("LOCAL0"); + syslogFacilityMapping.push_back("LOCAL0"); + syslogFacilityMapping.push_back("16"); + + syslogFacilities.push_back("LOCAL1"); + syslogFacilityMapping.push_back("LOCAL1"); + syslogFacilityMapping.push_back("17"); + + syslogFacilities.push_back("LOCAL2"); + syslogFacilityMapping.push_back("LOCAL2"); + syslogFacilityMapping.push_back("18"); + + syslogFacilities.push_back("LOCAL3"); + syslogFacilityMapping.push_back("LOCAL3"); + syslogFacilityMapping.push_back("19"); + + syslogFacilities.push_back("LOCAL4"); + syslogFacilityMapping.push_back("LOCAL4"); + syslogFacilityMapping.push_back("20"); + + syslogFacilities.push_back("LOCAL5"); + syslogFacilityMapping.push_back("LOCAL5"); + syslogFacilityMapping.push_back("21"); + + syslogFacilities.push_back("LOCAL6"); + syslogFacilityMapping.push_back("LOCAL6"); + syslogFacilityMapping.push_back("22"); + + syslogFacilities.push_back("LOCAL7"); + syslogFacilityMapping.push_back("LOCAL7"); + syslogFacilityMapping.push_back("23"); + + FWOptions *fwoptions=(Firewall::cast(obj))->getOptionsObject(); + assert(fwoptions!=NULL); + + bool f1=fwoptions->getBool("iosacl_acl_basic"); + bool f2=fwoptions->getBool("iosacl_acl_no_clear"); + bool f3=fwoptions->getBool("iosacl_acl_substitution"); + bool f4=fwoptions->getBool("iosacl_add_clear_statements"); + + /* + * If none of the new iosacl_acl_* options is set and old iosacl_add_clear_statements + * option is true, set iosacl_acl_basic to true. + * + * If old option iosacl_add_clear_statements iss false, set + * iosacl_acl_no_clear to true + */ + if (!f1 && !f2 && !f3) + { + if ( f4 ) fwoptions->setBool("iosacl_acl_basic",true); + else fwoptions->setBool("iosacl_acl_no_clear",true); + } + + Management *mgmt=(Firewall::cast(obj))->getManagementObject(); + assert(mgmt!=NULL); + +/* Page "Compiler Options" */ + + data.registerOption( m_dialog->outputFileName , fwoptions, + "output_file" ); + + data.registerOption( m_dialog->iosacl_acl_basic , fwoptions, + "iosacl_acl_basic" ); + +/* + data.registerOption( m_dialog->iosacl_acl_alwaysNew , fwoptions, + "iosacl_acl_always_new" ); +*/ + + data.registerOption( m_dialog->iosacl_acl_no_clear , fwoptions, + "iosacl_acl_no_clear" ); + + data.registerOption( m_dialog->iosacl_acl_substitution , fwoptions, + "iosacl_acl_substitution" ); + + data.registerOption( m_dialog->iosacl_acl_temp_addr , fwoptions, + "iosacl_acl_temp_addr" ); + + data.registerOption( m_dialog->iosacl_include_comments , fwoptions, + "iosacl_include_comments" ); + + data.registerOption( m_dialog->iosacl_regroup_commands , fwoptions, + "iosacl_regroup_commands" ); + + data.registerOption( m_dialog->iosacl_check_shadowing , fwoptions, + "check_shading" ); + + data.registerOption( m_dialog->iosacl_ignore_empty_groups , fwoptions, + "ignore_empty_groups" ); + + data.registerOption( m_dialog->mgmt_ssh , fwoptions, "mgmt_ssh" ); + data.registerOption( m_dialog->mgmt_addr , fwoptions, "mgmt_addr" ); + +/* page Installer */ + + data.registerOption( m_dialog->user ,fwoptions, "admUser" ); + data.registerOption( m_dialog->altAddress ,fwoptions, "altAddress" ); + data.registerOption( m_dialog->sshArgs ,fwoptions, "sshArgs" ); + + PolicyInstallScript *pis = mgmt->getPolicyInstallScript(); + + m_dialog->installScript->setText( pis->getCommand().c_str() ); + m_dialog->installScriptArgs->setText( pis->getArguments().c_str() ); + + +/* page "Prolog/Epilog" */ + data.registerOption( m_dialog->iosacl_prolog_script , fwoptions, + "iosacl_prolog_script" ); + + data.registerOption( m_dialog->iosacl_epilog_script , fwoptions, + "iosacl_epilog_script" ); + +/* page Logging */ + + data.registerOption( m_dialog->syslog_host, fwoptions, "iosacl_syslog_host"); + + m_dialog->syslog_facility->clear(); + m_dialog->syslog_facility->addItems( syslogFacilities ); + data.registerOption( m_dialog->syslog_facility, fwoptions, + "iosacl_syslog_facility", syslogFacilityMapping); + + m_dialog->logging_trap_level->clear(); + m_dialog->logging_trap_level->addItems(logLevels); + + data.registerOption( m_dialog->logging_trap_level, fwoptions, + "iosacl_logging_trap_level", logLevelMapping); + + data.registerOption( m_dialog->logging_timestamp, fwoptions, "iosacl_logging_timestamp"); + + data.registerOption( m_dialog->logging_buffered, fwoptions, "iosacl_logging_buffered"); + + m_dialog->logging_buffered_level->clear(); + m_dialog->logging_buffered_level->addItems(logLevels); + data.registerOption( m_dialog->logging_buffered_level, fwoptions, + "iosacl_logging_buffered_level", logLevelMapping); + + data.registerOption( m_dialog->logging_console, fwoptions, "iosacl_logging_console"); + + m_dialog->logging_console_level->clear(); + m_dialog->logging_console_level->addItems(logLevels); + data.registerOption( m_dialog->logging_console_level,fwoptions, + "iosacl_logging_console_level", logLevelMapping); + + data.loadAll(); + scriptACLModeChanged(); +} + +/* + * store all data in the object + */ +void iosaclAdvancedDialog::accept() +{ + FWOptions *options=(Firewall::cast(obj))->getOptionsObject(); + assert(options!=NULL); + + Management *mgmt=(Firewall::cast(obj))->getManagementObject(); + assert(mgmt!=NULL); + + data.saveAll(); + +// PolicyInstallScript *pis = mgmt->getPolicyInstallScript(); +// pis->setCommand( installScript->text() ); +// pis->setArguments( installScriptArgs->text() ); + + mgmt->setAddress( (Firewall::cast(obj))->getAddress() ); + + + PolicyInstallScript *pis = mgmt->getPolicyInstallScript(); + pis->setCommand( m_dialog->installScript->text().toLatin1().constData() ); + pis->setArguments( m_dialog->installScriptArgs->text().toLatin1().constData() ); + + om->updateLastModifiedTimestampForAllFirewalls(obj); + QDialog::accept(); +} + +void iosaclAdvancedDialog::reject() +{ + QDialog::reject(); +} + +void iosaclAdvancedDialog::editProlog() +{ + SimpleTextEditor edt(this, + m_dialog->iosacl_prolog_script->toPlainText(), + true, tr( "Script Editor" ) ); + if ( edt.exec() == QDialog::Accepted ) + m_dialog->iosacl_prolog_script->setText( edt.text() ); +} + +void iosaclAdvancedDialog::editEpilog() +{ + SimpleTextEditor edt(this, + m_dialog->iosacl_epilog_script->toPlainText(), + true, tr( "Script Editor" ) ); + if ( edt.exec() == QDialog::Accepted ) + m_dialog->iosacl_epilog_script->setText( edt.text() ); +} + +void iosaclAdvancedDialog::scriptACLModeChanged() +{ + m_dialog->iosacl_acl_temp_lbl->setEnabled(m_dialog->iosacl_acl_substitution->isChecked()); + m_dialog->iosacl_acl_temp_addr->setEnabled(m_dialog->iosacl_acl_substitution->isChecked()); +} + + + diff --git a/src/gui/iosaclAdvancedDialog.h b/src/gui/iosaclAdvancedDialog.h new file mode 100644 index 000000000..1f2c8c021 --- /dev/null +++ b/src/gui/iosaclAdvancedDialog.h @@ -0,0 +1,72 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: iosaclAdvancedDialog.h,v 1.1 2007/05/09 04:18:18 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + + +#ifndef __IOSACLADVANCEDDIALOG_H_ +#define __IOSACLADVANCEDDIALOG_H_ + +#include +#include "DialogData.h" +#include + +#include + +class QWidget; +class QSpinBox; +class QComboBox; +class QCheckBox; +class QProcess; + +namespace libfwbuilder { + class FWObject; +}; + +class iosaclAdvancedDialog : public QDialog +{ + Q_OBJECT + + libfwbuilder::FWObject *obj; + DialogData data; + Ui::iosaclAdvancedDialog_q *m_dialog; + + public: + iosaclAdvancedDialog(QWidget *parent,libfwbuilder::FWObject *o); + ~iosaclAdvancedDialog(); + +protected slots: + + virtual void accept(); + virtual void reject(); + + virtual void editProlog(); + virtual void editEpilog(); + + virtual void scriptACLModeChanged(); + +}; + +#endif // __IOSACLADVANCEDDIALOG_H + diff --git a/src/gui/iosacladvanceddialog_q.ui b/src/gui/iosacladvanceddialog_q.ui new file mode 100644 index 000000000..e37dd9bd5 --- /dev/null +++ b/src/gui/iosacladvanceddialog_q.ui @@ -0,0 +1,1164 @@ + + iosaclAdvancedDialog_q + + + true + + + + 0 + 0 + 713 + 775 + + + + IOS ACL Firewall Settings + + + false + + + + 11 + + + 6 + + + + + 0 + + + 6 + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + 0 + + + 6 + + + + + OK + + + + + + + Qt::AlignCenter + + + false + + + + + + + Cancel + + + + + + + + + + + 0 + + + + Compiler Options + + + + 6 + + + 6 + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 170 + + + + + + + + + 7 + 5 + 0 + 0 + + + + Output file name (if left blank, the file name is constructed of the firewall object name and extension ".fw") + + + Qt::AlignVCenter + + + true + + + + + + + + 32767 + 32767 + + + + + + + + + 7 + 0 + 0 + 0 + + + + + 32767 + 32767 + + + + + + + + Always permit ssh access from +the management workstation +with this address: + + + + + + + Qt::Horizontal + + + QSizePolicy::Fixed + + + + 40 + 50 + + + + + + + + + 7 + 5 + 0 + 0 + + + + Policy Compiler Options + + + + 6 + + + 6 + + + + + If the option is deactivated, compiler treats empty groups as an error and aborts processing the policy. If this option is activated, compiler removes all empty groups from all rule elements. If rule element becomes 'any' after the last empty group has been removed, the whole rule will be ignored. Use this option only if you fully understand how it works! + + + Ignore empty groups in rules + + + + + + + Shadowing happens because a rule is a superset of a subsequent rule and any packets potentially matched by the subsequent rule have already been matched by the prior rule. + + + Detect rule shadowing in the policy + + + + + + + + + + + Script Options + + + + 6 + + + 6 + + + + + + 7 + 7 + 0 + 0 + + + + Options + + + + 6 + + + 6 + + + + + Insert comments into generated IOSACL configuration file + + + Comment the code + + + + + + + Group IOSACL commands in the script so that similar commands appear next to each other, just like IOSACL does it when you use 'show config' + + + Group similar commands together + + + + + + + + + + + 5 + 7 + 0 + 0 + + + + Access lists (requires Firewall Builder for IOS ACL 2.1.12 and later) + + + + 6 + + + 20 + + + + + Clear all access lists then install new ones. This method may interrupt access to the firewall if you manage it remotely via IPSEC tunnel. This is the way access lists were generated in older versions of Firewall Builder for IOSACL. + + + Qt::AlignVCenter + + + true + + + iosacl_acl_basic + + + + + + + Qt::ClickFocus + + + Do not clear access lists and object group, just generate IOSACL commands for the new ones. Use this optin if you have your own policy installation scripts. + + + Qt::AlignVCenter + + + true + + + iosacl_acl_no_clear + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + "Safety net" method: + +First, create temporary access list to permit connections from the management subnet specified below to the firewall and assign it to outside interface. This temporary ACL helps maintain session between management station and the firewall while access lists are reloaded in case connection comes over IPSEC tunnel. Then clear permanent lists, recreate them and assign to interfaces. This method ensures that remote access to the firewall is maintained without interruption at a cost of slightly larger configuration. + + + Qt::AlignVCenter + + + true + + + iosacl_acl_substitution + + + + + + + QFrame::StyledPanel + + + QFrame::Sunken + + + + 11 + + + 6 + + + + + Temporary access list should permit access from this address or subnet (use prefix notation to specify subnet, e.g. 192.0.2.0/24): + + + Qt::AlignVCenter + + + true + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 120 + 20 + + + + + + + + + 0 + 0 + 0 + 0 + + + + + 200 + 0 + + + + + 120 + 32767 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 110 + 20 + + + + + + + + + + + + 0 + 0 + 0 + 0 + + + + + + + + + + + + 0 + 0 + 0 + 0 + + + + + + + + + + + + 0 + 0 + 0 + 0 + + + + + + + + + + + + + + + Installer + + + + 6 + + + 6 + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + External install script + + + + 6 + + + 6 + + + + + + 0 + 0 + 0 + 0 + + + + + + + + + 7 + 5 + 0 + 0 + + + + Policy install script (using built-in installer if this field is blank): + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + false + + + + + + + + 7 + 5 + 0 + 0 + + + + Command line options for the script: + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + false + + + + + + + + 0 + 0 + 0 + 0 + + + + + + + + + + + Built-in installer + + + + 6 + + + 6 + + + + + Alternative name or address used to communicate with the firewall (also putty session name on Windows) + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignTop + + + true + + + + + + + User name used to authenticate to the firewall (leave this empty if you use putty session): + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + + + + + + 0 + 0 + 0 + 0 + + + + + + + + + 0 + 0 + 0 + 0 + + + + + + + + 0 + + + 6 + + + + + Additional command line parameters for ssh + + + false + + + + + + + + 7 + 0 + 0 + 0 + + + + + + + + + + + + + + Prolog/Epilog + + + + 6 + + + 6 + + + + + + + + + 6 + + + 6 + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + Edit + + + + + + + The following commands will be added verbatim on top of generated configuration + + + Qt::AlignVCenter + + + true + + + + + + + + + + + + + + + + + 6 + + + 6 + + + + + Edit + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + + + The following commands will be added verbatim after generated configuration + + + Qt::RichText + + + Qt::AlignVCenter + + + true + + + 0 + + + + + + + + + + + Logging + + + + 6 + + + 6 + + + + + Syslog + + + + 6 + + + 6 + + + + + + + + Syslog host (name or IP address): + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + syslog facility: + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + syslog level ('logging trap'): + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + + + + + + + QFrame::HLine + + + QFrame::Sunken + + + Qt::Horizontal + + + + + + + QFrame::HLine + + + QFrame::Sunken + + + Qt::Horizontal + + + + + + + The logging timestamp command requires that the clock command be set. + + + Qt::AlignVCenter + + + true + + + + + + + Enable logging timestamps on syslog file + + + + + + + + + + Other logging destinations and levels: + + + + 6 + + + 6 + + + + + Internal buffer + + + + + + + Console + + + + + + + + + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 40 + + + + + + + + + + + + + notebook304 + outputFileName + iosacl_ignore_empty_groups + iosacl_check_shadowing + mgmt_ssh + mgmt_addr + ok_button + cancel_button + iosacl_prolog_script + edit_prolog_button + iosacl_epilog_script + edit_epilog_button + syslog_host + syslog_facility + logging_trap_level + logging_timestamp + logging_buffered + logging_buffered_level + logging_console + logging_console_level + iosacl_include_comments + iosacl_regroup_commands + textLabel3 + iosacl_acl_temp_addr + iosacl_acl_basic + iosacl_acl_no_clear + iosacl_acl_substitution + installScript + installScriptArgs + user + altAddress + sshArgs + + + + + ok_button + clicked() + iosaclAdvancedDialog_q + accept() + + + 20 + 20 + + + 20 + 20 + + + + + cancel_button + clicked() + iosaclAdvancedDialog_q + reject() + + + 20 + 20 + + + 20 + 20 + + + + + edit_prolog_button + clicked() + iosaclAdvancedDialog_q + editProlog() + + + 20 + 20 + + + 20 + 20 + + + + + edit_epilog_button + clicked() + iosaclAdvancedDialog_q + editEpilog() + + + 20 + 20 + + + 20 + 20 + + + + + iosacl_acl_basic + clicked() + iosaclAdvancedDialog_q + scriptACLModeChanged() + + + 20 + 20 + + + 20 + 20 + + + + + iosacl_acl_substitution + clicked() + iosaclAdvancedDialog_q + scriptACLModeChanged() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/iosadvanceddialog_q.ui b/src/gui/iosadvanceddialog_q.ui new file mode 100644 index 000000000..b8e638919 --- /dev/null +++ b/src/gui/iosadvanceddialog_q.ui @@ -0,0 +1,162 @@ + + iosAdvancedDialog_q + + + true + + + + 0 + 0 + 500 + 402 + + + + IOS Advanced Configuration Options + + + + + + + General + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + Set router name using object's name + + + + + + + Generate commands to configure addresses for interfaces + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 40 + + + + + + + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + OK + + + + + + + Qt::AlignCenter + + + false + + + + + + + Cancel + + + + + + + + + + notebook305 + ios_set_host_name + ios_ip_address + ok_button + cancel_button + + + + + + ok_button + clicked() + iosAdvancedDialog_q + accept() + + + 20 + 20 + + + 20 + 20 + + + + + cancel_button + clicked() + iosAdvancedDialog_q + reject() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/ipfAdvancedDialog.cpp b/src/gui/ipfAdvancedDialog.cpp new file mode 100644 index 000000000..75321bcc9 --- /dev/null +++ b/src/gui/ipfAdvancedDialog.cpp @@ -0,0 +1,190 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: ipfAdvancedDialog.cpp,v 1.16 2007/01/06 22:03:25 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "platforms.h" + +#include "ipfAdvancedDialog.h" +#include "SimpleTextEditor.h" +#include "ObjectManipulator.h" + +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Management.h" +#include "fwbuilder/Resources.h" + +#include +#include +#include +#include +#include +#include +#include +//#include + + +using namespace std; +using namespace libfwbuilder; + +ipfAdvancedDialog::~ipfAdvancedDialog() +{ + delete m_dialog; +} + +ipfAdvancedDialog::ipfAdvancedDialog(QWidget *parent,FWObject *o) + : QDialog(parent) +{ + m_dialog = new Ui::ipfAdvancedDialog_q; + m_dialog->setupUi(this); + + obj=o; + QStringList slm; + + FWOptions *fwopt=(Firewall::cast(obj))->getOptionsObject(); + assert(fwopt!=NULL); + + Management *mgmt=(Firewall::cast(obj))->getManagementObject(); + assert(mgmt!=NULL); + + if (fwbdebug) + qDebug("%s",Resources::getTargetOptionStr( + obj->getStr("host_OS"),"user_can_change_install_dir").c_str()); + + if (!Resources::getTargetOptionBool( + obj->getStr("host_OS"),"user_can_change_install_dir")) + { + m_dialog->ipf_fw_dir->setEnabled(false); + fwopt->setStr("firewall_dir",""); + } + + data.registerOption( m_dialog->ipf_log_or_block ,fwopt, "ipf_log_or_block" ); + data.registerOption( m_dialog->ipf_log_body ,fwopt, "ipf_log_body" ); + data.registerOption( m_dialog->ipf_check_shadowing ,fwopt, "check_shading" ); + data.registerOption( m_dialog->ipf_eliminate_duplicates ,fwopt, "eliminate_duplicates"); + data.registerOption( m_dialog->ipf_accept_new_tcp_with_no_syn ,fwopt, "accept_new_tcp_with_no_syn"); + data.registerOption( m_dialog->ipf_in_out_code ,fwopt, "in_out_code" ); + data.registerOption( m_dialog->ipf_pass_all_out ,fwopt, "pass_all_out" ); + data.registerOption( m_dialog->ipf_ignore_empty_groups ,fwopt, "ignore_empty_groups"); + data.registerOption( m_dialog->ipf_return_icmp_as_dest ,fwopt, "ipf_return_icmp_as_dest"); + data.registerOption( m_dialog->ipf_nat_raudio_proxy ,fwopt, "ipf_nat_raudio_proxy"); + data.registerOption( m_dialog->ipf_nat_h323_proxy ,fwopt, "ipf_nat_h323_proxy"); + data.registerOption( m_dialog->ipf_nat_ipsec_proxy ,fwopt, "ipf_nat_ipsec_proxy"); + data.registerOption( m_dialog->ipf_nat_pptp_proxy ,fwopt, "ipf_nat_pptp_proxy"); + data.registerOption( m_dialog->ipf_nat_irc_proxy ,fwopt, "ipf_nat_irc_proxy"); + data.registerOption( m_dialog->ipf_nat_ftp_proxy ,fwopt, "ipf_nat_ftp_proxy"); + data.registerOption( m_dialog->ipf_nat_rcmd_proxy ,fwopt, "ipf_nat_rcmd_proxy"); + data.registerOption( m_dialog->ipf_fw_dir ,fwopt, "firewall_dir" ); + data.registerOption( m_dialog->ipf_user ,fwopt, "admUser" ); + data.registerOption( m_dialog->altAddress ,fwopt, "altAddress" ); + data.registerOption( m_dialog->sshArgs ,fwopt, "sshArgs" ); + data.registerOption( m_dialog->activationCmd ,fwopt, "activationCmd" ); + + data.registerOption( m_dialog->ipf_manage_virtual_addr ,fwopt, "manage_virtual_addr"); + data.registerOption( m_dialog->ipf_configure_interfaces ,fwopt, "configure_interfaces"); + data.registerOption( m_dialog->ipf_debug ,fwopt, "debug" ); + data.registerOption( m_dialog->ipf_optimize ,fwopt, "optimize" ); + data.registerOption( m_dialog->ipf_dynAddr ,fwopt, "dynAddr" ); + + slm = getLogLevels( obj->getStr("platform").c_str() ); + m_dialog->logLevel->clear(); + m_dialog->logLevel->addItems( getScreenNames( slm )); + data.registerOption( m_dialog->logLevel , fwopt, "ipf_log_level" , slm); + + slm = getLogFacilities( obj->getStr("platform").c_str() ); + m_dialog->logFacility->clear(); + m_dialog->logFacility->addItems( getScreenNames( slm )); + data.registerOption( m_dialog->logFacility , fwopt, "ipf_log_facility", slm); + + data.registerOption( m_dialog->compiler , fwopt, "compiler" ); + data.registerOption( m_dialog->compilerArgs , fwopt, "cmdline" ); + data.registerOption( m_dialog->outputFileName , fwopt, "output_file" ); + + slm=getActionsOnReject( obj->getStr("platform").c_str() ); + m_dialog->actionOnReject->clear(); + m_dialog->actionOnReject->addItems(getScreenNames(slm)); + + data.registerOption( m_dialog->actionOnReject , fwopt, "action_on_reject",slm); + data.registerOption( m_dialog->mgmt_ssh , fwopt, "mgmt_ssh" ); + data.registerOption( m_dialog->mgmt_addr , fwopt, "mgmt_addr" ); + + PolicyInstallScript *pis = mgmt->getPolicyInstallScript(); + + m_dialog->installScript->setText( pis->getCommand().c_str() ); + m_dialog->installScriptArgs->setText( pis->getArguments().c_str() ); + +/* page "Prolog/Epilog" */ + data.registerOption( m_dialog->prolog_script , fwopt, "prolog_script" ); + + data.registerOption( m_dialog->epilog_script , fwopt, "epilog_script" ); + + data.loadAll(); +} + +/* + * store all data in the object + */ +void ipfAdvancedDialog::accept() +{ + FWOptions *fwopt=(Firewall::cast(obj))->getOptionsObject(); + assert(fwopt!=NULL); + + Management *mgmt=(Firewall::cast(obj))->getManagementObject(); + assert(mgmt!=NULL); + + data.saveAll(); + + PolicyInstallScript *pis = mgmt->getPolicyInstallScript(); + pis->setCommand( m_dialog->installScript->text().toLatin1().constData() ); + pis->setArguments( m_dialog->installScriptArgs->text().toLatin1().constData() ); + + om->updateLastModifiedTimestampForAllFirewalls(obj); + QDialog::accept(); +} + +void ipfAdvancedDialog::reject() +{ + QDialog::reject(); +} + +void ipfAdvancedDialog::editProlog() +{ + SimpleTextEditor edt(this, + m_dialog->prolog_script->toPlainText(), + true, tr( "Script Editor" ) ); + if ( edt.exec() == QDialog::Accepted ) + m_dialog->prolog_script->setText( edt.text() ); +} + +void ipfAdvancedDialog::editEpilog() +{ + SimpleTextEditor edt(this, + m_dialog->epilog_script->toPlainText(), + true, tr( "Script Editor" ) ); + if ( edt.exec() == QDialog::Accepted ) + m_dialog->epilog_script->setText( edt.text() ); +} + + + diff --git a/src/gui/ipfAdvancedDialog.h b/src/gui/ipfAdvancedDialog.h new file mode 100644 index 000000000..1abc4f25e --- /dev/null +++ b/src/gui/ipfAdvancedDialog.h @@ -0,0 +1,61 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: ipfAdvancedDialog.h,v 1.2 2004/10/18 05:06:55 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __IPFADVANCEDDIALOG_H_ +#define __IPFADVANCEDDIALOG_H_ + +#include +#include "DialogData.h" +#include + +namespace libfwbuilder { + class FWObject; +}; + +class ipfAdvancedDialog : public QDialog +{ + Q_OBJECT + + libfwbuilder::FWObject *obj; + DialogData data; + Ui::ipfAdvancedDialog_q *m_dialog; + + public: + ipfAdvancedDialog(QWidget *parent,libfwbuilder::FWObject *o); + ~ipfAdvancedDialog(); + +protected slots: + + virtual void accept(); + virtual void reject(); + + virtual void editProlog(); + virtual void editEpilog(); + +}; + +#endif // __IPFADVANCEDDIALOG_H + diff --git a/src/gui/ipfadvanceddialog_q.ui b/src/gui/ipfadvanceddialog_q.ui new file mode 100644 index 000000000..b0db303a5 --- /dev/null +++ b/src/gui/ipfadvanceddialog_q.ui @@ -0,0 +1,1335 @@ + + ipfAdvancedDialog_q + + + + 0 + 0 + 708 + 734 + + + + ipf: advanced settings + + + false + + + + 11 + + + 6 + + + + + 0 + + + 6 + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + &OK + + + + + + true + + + true + + + + + + + &Cancel + + + + + + true + + + + + + + + + 0 + + + + Protocol Helpers + + + + 6 + + + 6 + + + + + Qt::Vertical + + + QSizePolicy::Fixed + + + + 20 + 20 + + + + + + + + Use raudio proxy in NAT rules + + + + + + + Use h323 proxy in NAT rules + + + + + + + Use ipsec proxy in NAT rules + + + + + + + Qt::Horizontal + + + QSizePolicy::Fixed + + + + 40 + 100 + + + + + + + + Use ftp proxy in NAT rules + + + + + + + Use rcmd proxy in NAT rules + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 270 + + + + + + + + Use PPTP proxy in NAT rules + + + + + + + Use IRC proxy in NAT rules for DCC + + + + + + + + 5 + 0 + 0 + 0 + + + + Some protocols involve multiple associated network connections. Firewall can keep track of such connections automatically if you activate one or all of the following options: + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + + + + + + Compiler + + + + 6 + + + 6 + + + + + Compiler: + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + There are two ways compiler can generate code for rules in the Global Policy: it can either create two ipf rules to control both incoming and outgoing packets for each rule, or it can create only one ipf rule for incoming packets and permit all outgoing ones.You get more control over the packets crossing the firewall in the first mode, but generated script is going to be smaller if you choose the second. + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + + + + + Masquerade returned icmp as being from original +packet's destination + + + + + + + + + + + 6 + + + 6 + + + + + Generate both 'in' and 'out' rules + + + + + + + Pass all outgoing + + + + + + + + + + Accept TCP sessions opened prior to firewall restart + + + + + + + Find and eliminate duplicate rules + + + + + + + Shadowing happens because a rule is a superset of a subsequent rule and any packets potentially matched by the subsequent rule have already been matched by the prior rule. + + + Detect rule shadowing in policy + + + + + + + If the option is deactivated, compiler treats empty groups as an error and aborts processing the policy. If this option is activated, compiler removes all empty groups from all rule elements. If rule element becomes 'any' after the last empty group has been removed, the whole rule will be ignored. Use this option only if you fully understand how it works! + + + Ignore empty groups in rules + + + + + + + Qt::Horizontal + + + QSizePolicy::Fixed + + + + 20 + 30 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Fixed + + + + 20 + 30 + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 16 + + + + + + + + Always permit ssh access from +the management workstation +with this address: + + + + + + + + 400 + 32767 + + + + Default action on 'Reject': + + + Qt::AlignVCenter + + + true + + + + + + + + 7 + 0 + 0 + 0 + + + + + 400 + 32767 + + + + + + + + QFrame::HLine + + + QFrame::Sunken + + + Qt::Horizontal + + + + + + + + 7 + 0 + 0 + 0 + + + + + 32767 + 32767 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Fixed + + + + 20 + 130 + + + + + + + + QFrame::HLine + + + QFrame::Sunken + + + Qt::Horizontal + + + + + + + QFrame::HLine + + + QFrame::Sunken + + + Qt::Horizontal + + + + + + + + 7 + 5 + 0 + 0 + + + + Command line options for the compiler: + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + + 7 + 5 + 0 + 0 + + + + Output file name (if left blank, the file name is constructed of the firewall object name and extension ".fw") + + + Qt::AlignVCenter + + + true + + + + + + + + 32767 + 32767 + + + + + + + + + 32767 + 32767 + + + + + + + + + 32767 + 32767 + + + + + + + + + Installer + + + + 6 + + + 6 + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + Qt::Vertical + + + QSizePolicy::Fixed + + + + 20 + 20 + + + + + + + + External install script + + + + 6 + + + 6 + + + + + + 0 + 0 + 0 + 0 + + + + + + + + + 7 + 5 + 0 + 0 + + + + Policy install script (using built-in installer if this field is blank): + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + + + + + + 7 + 5 + 0 + 0 + + + + Command line options for the script: + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + + + + + + 0 + 0 + 0 + 0 + + + + + + + + + + + Built-in installer + + + + 6 + + + 6 + + + + + Directory on the firewall where configuration files should be installed + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + + + + + + 0 + 0 + 0 + 0 + + + + + + + + 0 + + + 6 + + + + + Additional command line parameters for ssh + + + false + + + + + + + + 7 + 0 + 0 + 0 + + + + + + + + + + A command that installer should execute on the firewall in order to activate the policy (if this field is blank, installer runs firewall script in the directory specified above; it uses sudo if user name is not 'root') + + + Qt::AlignVCenter + + + true + + + + + + + + 0 + 0 + 0 + 0 + + + + + + + + Alternative name or address used to communicate with the firewall (also putty session name on Windows) + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignTop + + + true + + + + + + + + 0 + 0 + 0 + 0 + + + + + + + + + 0 + 0 + 0 + 0 + + + + + + + + User name used to authenticate to the firewall (leave this empty if you use putty session): + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + + + + + + + + + Prolog/Epilog + + + + 6 + + + 6 + + + + + + + + + 6 + + + 6 + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + Edit + + + + + + + The following commands will be added verbatim on top of generated configuration + + + Qt::AlignVCenter + + + true + + + + + + + Qt::ScrollBarAlwaysOn + + + Qt::ScrollBarAlwaysOff + + + + + + + + + + + + + + 6 + + + 6 + + + + + Edit + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + Qt::ScrollBarAlwaysOn + + + Qt::ScrollBarAlwaysOff + + + + + + + The following commands will be added verbatim after generated configuration + + + Qt::AlignVCenter + + + true + + + + + + + + + + + Logging + + + + 6 + + + 6 + + + + + Qt::Vertical + + + QSizePolicy::Fixed + + + + 20 + 20 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Fixed + + + + 130 + 20 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 120 + 20 + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 240 + + + + + + + + Log facility: + + + false + + + + + + + + + + Log level: + + + false + + + + + + + + + + Log packet body + + + + + + + Block if can not log + + + + + + + Qt::Vertical + + + QSizePolicy::Fixed + + + + 20 + 20 + + + + + + + + + Script Options + + + + 6 + + + 6 + + + + + Qt::Horizontal + + + QSizePolicy::Fixed + + + + 40 + 70 + + + + + + + + Add virtual addresses for NAT + + + + + + + Configure Interfaces of the firewall machine + + + + + + + Turn debugging on in generated script + + + + + + + If this option is on, policy compiler adds virtual addresses to the interfaces to make the firewall answer to ARP queries for addresses used in NAT rules. + + + Optimization + + + + + + + These options enable auxiliary sections in the generated shell script. + + + Qt::AlignVCenter + + + true + + + + + + + Qt::Vertical + + + QSizePolicy::Fixed + + + + 20 + 20 + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 200 + + + + + + + + Determine addresses of dynamic interfaces at run time + + + + + + + + + + + + tabWidget3 + ipf_nat_ftp_proxy + ipf_nat_rcmd_proxy + ipf_nat_raudio_proxy + ipf_nat_h323_proxy + ipf_nat_ipsec_proxy + ipf_nat_pptp_proxy + ipf_nat_irc_proxy + compiler + compilerArgs + outputFileName + ipf_in_out_code + ipf_pass_all_out + ipf_accept_new_tcp_with_no_syn + ipf_eliminate_duplicates + ipf_check_shadowing + ipf_ignore_empty_groups + actionOnReject + ipf_return_icmp_as_dest + mgmt_ssh + mgmt_addr + ipf_fw_dir + ipf_user + altAddress + activationCmd + sshArgs + installScript + installScriptArgs + prolog_script + edit_prolog_button + epilog_script + edit_epilog_button + logFacility + logLevel + ipf_log_or_block + ipf_log_body + ipf_debug + ipf_configure_interfaces + ipf_manage_virtual_addr + ipf_optimize + ipf_dynAddr + buttonOk + buttonCancel + + + + + buttonOk + clicked() + ipfAdvancedDialog_q + accept() + + + 20 + 20 + + + 20 + 20 + + + + + buttonCancel + clicked() + ipfAdvancedDialog_q + reject() + + + 20 + 20 + + + 20 + 20 + + + + + edit_epilog_button + clicked() + ipfAdvancedDialog_q + editEpilog() + + + 20 + 20 + + + 20 + 20 + + + + + edit_prolog_button + clicked() + ipfAdvancedDialog_q + editProlog() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/ipfwAdvancedDialog.cpp b/src/gui/ipfwAdvancedDialog.cpp new file mode 100644 index 000000000..09ea8b529 --- /dev/null +++ b/src/gui/ipfwAdvancedDialog.cpp @@ -0,0 +1,166 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: ipfwAdvancedDialog.cpp,v 1.13 2007/01/06 22:03:25 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "platforms.h" + +#include "ipfwAdvancedDialog.h" +#include "SimpleTextEditor.h" +#include "ObjectManipulator.h" + +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Management.h" +#include "fwbuilder/Resources.h" + +#include +#include +#include +#include +#include +#include +#include + + +using namespace std; +using namespace libfwbuilder; + +ipfwAdvancedDialog::~ipfwAdvancedDialog() +{ + delete m_dialog; +} + +ipfwAdvancedDialog::ipfwAdvancedDialog(QWidget *parent,FWObject *o) + : QDialog(parent) +{ + m_dialog = new Ui::ipfwAdvancedDialog_q; + m_dialog->setupUi(this); + + obj=o; + + FWOptions *fwopt=(Firewall::cast(obj))->getOptionsObject(); + assert(fwopt!=NULL); + + Management *mgmt=(Firewall::cast(obj))->getManagementObject(); + assert(mgmt!=NULL); + + if (fwbdebug) + qDebug("%s",Resources::getTargetOptionStr( + obj->getStr("host_OS"),"user_can_change_install_dir").c_str()); + + if (!Resources::getTargetOptionBool( + obj->getStr("host_OS"),"user_can_change_install_dir")) + { + m_dialog->ipfw_fw_dir->setEnabled(false); + fwopt->setStr("firewall_dir",""); + } + + if (fwopt->getStr("add_check_state_rule").empty()) + fwopt->setBool("add_check_state_rule",true); + + data.registerOption( m_dialog->ipfw_add_check_state_rule ,fwopt, "add_check_state_rule"); + data.registerOption( m_dialog->ipfw_check_shadowing ,fwopt, "check_shading" ); + data.registerOption( m_dialog->ipfw_ignore_empty_groups ,fwopt, "ignore_empty_groups" ); + data.registerOption( m_dialog->ipfw_fw_dir ,fwopt, "firewall_dir" ); + data.registerOption( m_dialog->ipfw_user ,fwopt, "admUser" ); + data.registerOption( m_dialog->altAddress ,fwopt, "altAddress" ); + data.registerOption( m_dialog->sshArgs ,fwopt, "sshArgs" ); + data.registerOption( m_dialog->activationCmd ,fwopt, "activationCmd" ); + + data.registerOption( m_dialog->ipfw_manage_virtual_addr ,fwopt, "manage_virtual_addr" ); + data.registerOption( m_dialog->ipfw_configure_interfaces ,fwopt, "configure_interfaces" ); + data.registerOption( m_dialog->ipfw_debug ,fwopt, "debug" ); + + data.registerOption( m_dialog->compiler ,fwopt, "compiler" ); + data.registerOption( m_dialog->compilerArgs ,fwopt, "cmdline" ); + data.registerOption( m_dialog->outputFileName , fwopt, "output_file" ); + + data.registerOption( m_dialog->mgmt_ssh , fwopt, "mgmt_ssh" ); + data.registerOption( m_dialog->mgmt_addr , fwopt, "mgmt_addr" ); + + PolicyInstallScript *pis = mgmt->getPolicyInstallScript(); + + m_dialog->installScript->setText( pis->getCommand().c_str() ); + m_dialog->installScriptArgs->setText( pis->getArguments().c_str() ); + +/* page "Prolog/Epilog" */ + data.registerOption( m_dialog->prolog_script , fwopt, + "prolog_script" ); + + data.registerOption( m_dialog->epilog_script , fwopt, + "epilog_script" ); + + + + data.loadAll(); +} + +/* + * store all data in the object + */ +void ipfwAdvancedDialog::accept() +{ + FWOptions *fwopt=(Firewall::cast(obj))->getOptionsObject(); + assert(fwopt!=NULL); + + Management *mgmt=(Firewall::cast(obj))->getManagementObject(); + assert(mgmt!=NULL); + + data.saveAll(); + + PolicyInstallScript *pis = mgmt->getPolicyInstallScript(); + pis->setCommand( m_dialog->installScript->text().toLatin1().constData() ); + pis->setArguments( m_dialog->installScriptArgs->text().toLatin1().constData() ); + + om->updateLastModifiedTimestampForAllFirewalls(obj); + QDialog::accept(); +} + +void ipfwAdvancedDialog::reject() +{ + QDialog::reject(); +} + +void ipfwAdvancedDialog::editProlog() +{ + SimpleTextEditor edt(this, + m_dialog->prolog_script->toPlainText(), + true, tr( "Script Editor" ) ); + if ( edt.exec() == QDialog::Accepted ) + m_dialog->prolog_script->setText( edt.text() ); +} + +void ipfwAdvancedDialog::editEpilog() +{ + SimpleTextEditor edt(this, + m_dialog->epilog_script->toPlainText(), + true, tr( "Script Editor" ) ); + if ( edt.exec() == QDialog::Accepted ) + m_dialog->epilog_script->setText( edt.text() ); +} + + + + diff --git a/src/gui/ipfwAdvancedDialog.h b/src/gui/ipfwAdvancedDialog.h new file mode 100644 index 000000000..2fd9e5038 --- /dev/null +++ b/src/gui/ipfwAdvancedDialog.h @@ -0,0 +1,61 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: ipfwAdvancedDialog.h,v 1.2 2004/10/18 05:06:55 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __IPFWADVANCEDDIALOG_H_ +#define __IPFWADVANCEDDIALOG_H_ + +#include +#include "DialogData.h" +#include + +namespace libfwbuilder { + class FWObject; +}; + +class ipfwAdvancedDialog : public QDialog +{ + Q_OBJECT + + libfwbuilder::FWObject *obj; + DialogData data; + Ui::ipfwAdvancedDialog_q *m_dialog; + + public: + ipfwAdvancedDialog(QWidget *parent,libfwbuilder::FWObject *o); + ~ipfwAdvancedDialog(); + +protected slots: + + virtual void accept(); + virtual void reject(); + + virtual void editProlog(); + virtual void editEpilog(); + +}; + +#endif // __IPFWADVANCEDDIALOG_H + diff --git a/src/gui/ipfwadvanceddialog_q.ui b/src/gui/ipfwadvanceddialog_q.ui new file mode 100644 index 000000000..198ad016f --- /dev/null +++ b/src/gui/ipfwadvanceddialog_q.ui @@ -0,0 +1,870 @@ + + ipfwAdvancedDialog_q + + + + 0 + 0 + 624 + 571 + + + + ipfw: advanced settings + + + false + + + + 11 + + + 6 + + + + + 0 + + + 6 + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + &OK + + + + + + true + + + true + + + + + + + &Cancel + + + + + + true + + + + + + + + + 0 + + + + Compiler + + + + 6 + + + 6 + + + + + Qt::Horizontal + + + QSizePolicy::Fixed + + + + 40 + 30 + + + + + + + + Qt::Vertical + + + QSizePolicy::Fixed + + + + 20 + 20 + + + + + + + + + 7 + 5 + 0 + 0 + + + + Command line options for the compiler: + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + Compiler: + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + + 7 + 5 + 0 + 0 + + + + Output file name (if left blank, the file name is constructed of the firewall object name and extension ".fw") + + + Qt::AlignVCenter + + + true + + + + + + + + 32767 + 32767 + + + + + + + + + 32767 + 32767 + + + + + + + + + 32767 + 32767 + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 40 + + + + + + + + + 7 + 0 + 0 + 0 + + + + + 32767 + 32767 + + + + + + + + + 7 + 0 + 0 + 0 + + + + If the option is deactivated, compiler treats empty groups as an error and aborts processing the policy. If this option is activated, compiler removes all empty groups from all rule elements. If rule element becomes 'any' after the last empty group has been removed, the whole rule will be ignored. Use this option only if you fully understand how it works! + + + Ignore empty groups in rules + + + + + + + + 7 + 0 + 0 + 0 + + + + Shadowing happens because a rule is a superset of a subsequent rule and any packets potentially matched by the subsequent rule have already been matched by the prior rule. + + + Detect rule shadowing in policy + + + + + + + + 1 + 0 + 0 + 0 + + + + Add rule to accept packets matching dynamic rules created for +known sessions on top of the policy (action 'check-state') + + + + + + + Always permit ssh access from +the management workstation +with this address: + + + + + + + + Installer + + + + 6 + + + 6 + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + External install script + + + + 6 + + + 6 + + + + + + 0 + 0 + 0 + 0 + + + + + + + + + 7 + 5 + 0 + 0 + + + + Policy install script (using built-in installer if this field is blank): + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + false + + + + + + + + 7 + 5 + 0 + 0 + + + + Command line options for the script: + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + false + + + + + + + + 0 + 0 + 0 + 0 + + + + + + + + + + + Built-in installer + + + + 6 + + + 6 + + + + + Alternative name or address used to communicate with the firewall (also putty session name on Windows) + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignTop + + + true + + + + + + + User name used to authenticate to the firewall (leave this empty if you use putty session): + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + + + + + Directory on the firewall where script should be installed + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + + + + + + 0 + 0 + 0 + 0 + + + + + + + + + 0 + 0 + 0 + 0 + + + + + + + + + 0 + 0 + 0 + 0 + + + + + + + + + 0 + 0 + 0 + 0 + + + + + + + + A command that installer should execute on the firewall in order to activate the policy (if this field is blank, installer runs firewall script in the directory specified above; it uses sudo if user name is not 'root') + + + Qt::AlignVCenter + + + true + + + + + + + 0 + + + 6 + + + + + Additional command line parameters for ssh + + + false + + + + + + + + 7 + 0 + 0 + 0 + + + + + + + + + + + + + + Prolog/Epilog + + + + 6 + + + 6 + + + + + + + + + 6 + + + 6 + + + + + Edit + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + + + The following commands will be added verbatim after generated configuration + + + Qt::AlignVCenter + + + true + + + + + + + + + + + + + + 6 + + + 6 + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + Edit + + + + + + + The following commands will be added verbatim on top of generated configuration + + + Qt::AlignVCenter + + + true + + + + + + + + + + + + + + Script Options + + + + 6 + + + 6 + + + + + Qt::Horizontal + + + QSizePolicy::Fixed + + + + 40 + 70 + + + + + + + + Add virtual addresses for NAT + + + + + + + Configure Interfaces of the firewall machine + + + + + + + Turn debugging on in generated script + + + + + + + These options enable auxiliary sections in the generated shell script. + + + Qt::AlignVCenter + + + true + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 230 + + + + + + + + Qt::Vertical + + + QSizePolicy::Fixed + + + + 20 + 20 + + + + + + + + + + + + + tabWidget3 + compiler + compilerArgs + outputFileName + ipfw_check_shadowing + ipfw_ignore_empty_groups + mgmt_ssh + mgmt_addr + buttonOk + buttonCancel + ipfw_debug + ipfw_configure_interfaces + ipfw_manage_virtual_addr + + + + + buttonOk + clicked() + ipfwAdvancedDialog_q + accept() + + + 20 + 20 + + + 20 + 20 + + + + + buttonCancel + clicked() + ipfwAdvancedDialog_q + reject() + + + 20 + 20 + + + 20 + 20 + + + + + edit_epilog_button + clicked() + ipfwAdvancedDialog_q + editEpilog() + + + 20 + 20 + + + 20 + 20 + + + + + edit_prolog_button + clicked() + ipfwAdvancedDialog_q + editProlog() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/ipservicedialog_q.ui b/src/gui/ipservicedialog_q.ui new file mode 100644 index 000000000..2858d62d3 --- /dev/null +++ b/src/gui/ipservicedialog_q.ui @@ -0,0 +1,536 @@ + + IPServiceDialog_q + + + true + + + + 0 + 0 + 762 + 267 + + + + + 1 + 5 + 0 + 0 + + + + IP + + + + 11 + + + 6 + + + + + 0 + + + 6 + + + + + + 5 + 0 + 0 + 0 + + + + QFrame::Box + + + QFrame::Sunken + + + + 5 + + + 6 + + + + + + 75 + true + + + + IP Service + + + false + + + + + + + + 0 + 0 + 0 + 0 + + + + + + + true + + + false + + + + + + + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 10 + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 0 + 20 + + + + + + + + + 7 + 7 + 0 + 100 + + + + + 200 + 0 + + + + true + + + + + + + Comment: + + + false + + + + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 6 + + + + + + + + + 6 + + + 6 + + + + + all fragments + + + + + + + rr (record route) + + + + + + + timestamp + + + + + + + ssrr (strict source route) + + + + + + + 'short' fragments + + + + + + + lsrr (loose source route) + + + + + + + + + + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 6 + + + + + 255 + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 30 + + + + + + + + Library: + + + false + + + + + + + + + + Name: + + + false + + + + + + + + 7 + 0 + 0 + 0 + + + + + + + + Protocol number: + + + false + + + + + + + ( 0 - any protocol ) + + + false + + + + + + + + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + obj_name + libs + protocolNum + lsrr + ssrr + rr + timestamp + all_fragments + short_fragments + comment + + + + + obj_name + textChanged(QString) + IPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + protocolNum + valueChanged(int) + IPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + lsrr + stateChanged(int) + IPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ssrr + stateChanged(int) + IPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + rr + stateChanged(int) + IPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + timestamp + stateChanged(int) + IPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + all_fragments + stateChanged(int) + IPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + short_fragments + stateChanged(int) + IPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + comment + textChanged() + IPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + libs + activated(int) + IPServiceDialog_q + libChanged() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/iptAdvancedDialog.cpp b/src/gui/iptAdvancedDialog.cpp new file mode 100644 index 000000000..4f74e93f2 --- /dev/null +++ b/src/gui/iptAdvancedDialog.cpp @@ -0,0 +1,247 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: iptAdvancedDialog.cpp,v 1.29 2007/07/07 19:29:05 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ +#include "stdio.h" + +#include "config.h" +#include "global.h" +#include "platforms.h" + +#include "iptAdvancedDialog.h" +#include "SimpleTextEditor.h" +#include "ObjectManipulator.h" + +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Management.h" +#include "fwbuilder/Resources.h" + +#include +#include +#include +#include +#include +#include +#include +#include + + +using namespace std; +using namespace libfwbuilder; + +iptAdvancedDialog::~iptAdvancedDialog() +{ + delete m_dialog; +} + +iptAdvancedDialog::iptAdvancedDialog(QWidget *parent,FWObject *o) + : QDialog(parent) +{ + m_dialog = new Ui::iptAdvancedDialog_q; + m_dialog->setupUi(this); + + obj=o; + QStringList slm; + + FWOptions *fwoptions=(Firewall::cast(obj))->getOptionsObject(); + assert(fwoptions!=NULL); + + Management *mgmt=(Firewall::cast(obj))->getManagementObject(); + assert(mgmt!=NULL); + + if (fwbdebug) + qDebug("%s",Resources::getTargetOptionStr( + obj->getStr("host_OS"),"user_can_change_install_dir").c_str()); + + if (!Resources::getTargetOptionBool( + obj->getStr("host_OS"),"user_can_change_install_dir")) + { + m_dialog->ipt_fw_dir->setEnabled(false); + fwoptions->setStr("firewall_dir",""); + } + + data.registerOption(m_dialog->logTCPseq, fwoptions, "log_tcp_seq" ); + data.registerOption(m_dialog->logTCPopt, fwoptions, "log_tcp_opt" ); + data.registerOption(m_dialog->logIPopt, fwoptions, "log_ip_opt" ); + data.registerOption(m_dialog->logNumsyslog, fwoptions, "use_numeric_log_levels" ); + + slm = getLogLevels( obj->getStr("platform").c_str() ); + m_dialog->logLevel->clear(); + m_dialog->logLevel->addItems( getScreenNames(slm)); + data.registerOption(m_dialog-> logLevel, fwoptions, "log_level", slm); + + data.registerOption(m_dialog->useULOG, fwoptions, "use_ULOG" ); + data.registerOption(m_dialog->cprange, fwoptions, "ulog_cprange" ); + data.registerOption(m_dialog->qthreshold, fwoptions, "ulog_qthreshold" ); + data.registerOption(m_dialog->nlgroup, fwoptions, "ulog_nlgroup" ); + data.registerOption(m_dialog->logprefix, fwoptions, "log_prefix" ); + + slm=getLimitSuffixes( obj->getStr("platform").c_str() ); + m_dialog->logLimitSuffix->clear(); + m_dialog->logLimitSuffix->addItems(getScreenNames(slm)); + data.registerOption(m_dialog-> logLimitSuffix, fwoptions, "limit_suffix", slm); + + data.registerOption(m_dialog->logLimitVal, fwoptions, "limit_value"); + data.registerOption(m_dialog->logAll, fwoptions, "log_all"); + data.registerOption(m_dialog->compiler, fwoptions, "compiler"); + data.registerOption(m_dialog->compilerArgs, fwoptions, "cmdline"); + data.registerOption(m_dialog->outputFileName, fwoptions, "output_file"); + data.registerOption(m_dialog->assumeFwIsPartOfAny, + fwoptions, "firewall_is_part_of_any_and_networks"); + data.registerOption(m_dialog->acceptSessions, + fwoptions, "accept_new_tcp_with_no_syn"); + data.registerOption(m_dialog->dropInvalid, fwoptions, "drop_invalid"); + data.registerOption(m_dialog->logInvalid, fwoptions, "log_invalid"); + data.registerOption(m_dialog->acceptESTBeforeFirst, fwoptions, "accept_established"); + data.registerOption(m_dialog->bridge, fwoptions, "bridging_fw"); + data.registerOption(m_dialog->shadowing, fwoptions, "check_shading"); + data.registerOption(m_dialog->emptyGroups, fwoptions, "ignore_empty_groups"); + data.registerOption(m_dialog->localNAT, fwoptions, "local_nat"); + data.registerOption(m_dialog->clampMSStoMTU, fwoptions, "clamp_mss_to_mtu"); + data.registerOption(m_dialog->makeTagClassifyTerminating, + fwoptions, "classify_mark_terminating"); + data.registerOption(m_dialog->skipIPv6, + fwoptions, "no_ipv6_default_policy"); + slm=getActionsOnReject( obj->getStr("platform").c_str() ); + m_dialog->actionOnReject->clear(); + m_dialog->actionOnReject->addItems(getScreenNames(slm)); + data.registerOption(m_dialog-> actionOnReject, + fwoptions,"action_on_reject", slm); + + data.registerOption(m_dialog->mgmt_ssh, fwoptions, "mgmt_ssh" ); + data.registerOption(m_dialog->mgmt_addr, fwoptions, "mgmt_addr" ); + data.registerOption(m_dialog->addVirtualsforNAT, + fwoptions, "manage_virtual_addr" ); + data.registerOption(m_dialog->configureInterfaces, + fwoptions, "configure_interfaces" ); + data.registerOption(m_dialog->iptDebug, fwoptions, "debug" ); + data.registerOption(m_dialog->verifyInterfaces, fwoptions, "verify_interfaces" ); + data.registerOption(m_dialog->loadModules, fwoptions, "load_modules" ); + data.registerOption(m_dialog->iptablesRestoreActivation, + fwoptions, "use_iptables_restore" ); + data.registerOption(m_dialog->ipt_fw_dir, fwoptions, "firewall_dir" ); + data.registerOption(m_dialog->ipt_user, fwoptions, "admUser" ); + data.registerOption(m_dialog->altAddress, fwoptions, "altAddress" ); + data.registerOption(m_dialog->sshArgs, fwoptions, "sshArgs" ); + data.registerOption(m_dialog->activationCmd, fwoptions, "activationCmd" ); + + + PolicyInstallScript *pis = mgmt->getPolicyInstallScript(); + + m_dialog->installScript->setText( pis->getCommand().c_str() ); + m_dialog->installScriptArgs->setText( pis->getArguments().c_str() ); + + + /* page "Prolog/Epilog" */ + + data.registerOption(m_dialog->prolog_script ,fwoptions, "prolog_script" ); + + slm = getPrologPlaces( obj->getStr("platform").c_str() ); + m_dialog->prologPlace->clear(); + m_dialog->prologPlace->addItems(getScreenNames(slm)); + data.registerOption(m_dialog-> prologPlace, fwoptions, "prolog_place", slm); + + data.registerOption(m_dialog->epilog_script ,fwoptions, "epilog_script" ); + + data.loadAll(); + switchLOG_ULOG(); + +#ifdef HAVE_LIBSSL + +// int port=fwbdm->getPort(); +// if (port==-1) +// port= Resources::global_res->getResourceInt("/FWBuilderResources/FWBD/port"); +// mgmt_fwbd_port->set_value( port ); +// +// fillListOfCertificates(); +// +// const Key *key=fwbdm->getPublicKey(); +// if (key) mgmt_fw_key->set_text( key->getFingerprint() ); +// +// if (pis->isEnabled()) mgmt_use_install_script->set_active(true); +// else mgmt_use_fwbd->set_active(true); + +#else +// mgmt_use_fwbd->set_sensitive(false); +// mgmt_use_install_script->set_active(true); +// +// disableFWBDoptions(); +#endif + +} + +void iptAdvancedDialog::switchLOG_ULOG() +{ + m_dialog->useLOG->setChecked(!m_dialog->useULOG->isChecked()); + if (m_dialog->useLOG->isChecked()) m_dialog->logTargetStack->setCurrentIndex(0); + else m_dialog->logTargetStack->setCurrentIndex(1); +} +/* + * store all data in the object + */ +void iptAdvancedDialog::accept() +{ + FWOptions *fwoptions=(Firewall::cast(obj))->getOptionsObject(); + assert(fwoptions!=NULL); + + Management *mgmt=(Firewall::cast(obj))->getManagementObject(); + assert(mgmt!=NULL); + + data.saveAll(); + +/********************* data for fwbd and install script **************/ + PolicyInstallScript *pis = mgmt->getPolicyInstallScript(); + + mgmt->setAddress( (Firewall::cast(obj))->getAddress() ); + + pis->setCommand( m_dialog->installScript->text().toLatin1().constData() ); + pis->setArguments( m_dialog->installScriptArgs->text().toLatin1().constData() ); + + om->updateLastModifiedTimestampForAllFirewalls(obj); + QDialog::accept(); +} + +void iptAdvancedDialog::reject() +{ + QDialog::reject(); +} + +void iptAdvancedDialog::editProlog() +{ + SimpleTextEditor edt(this, + m_dialog->prolog_script->toPlainText(), + true, tr( "Script Editor" ) ); + if ( edt.exec() == QDialog::Accepted ) + m_dialog->prolog_script->setText( edt.text() ); +} + +void iptAdvancedDialog::editEpilog() +{ + SimpleTextEditor edt(this, + m_dialog->epilog_script->toPlainText(), + true, tr( "Script Editor" ) ); + if ( edt.exec() == QDialog::Accepted ) + m_dialog->epilog_script->setText( edt.text() ); +} + + diff --git a/src/gui/iptAdvancedDialog.h b/src/gui/iptAdvancedDialog.h new file mode 100644 index 000000000..a91417c67 --- /dev/null +++ b/src/gui/iptAdvancedDialog.h @@ -0,0 +1,64 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: iptAdvancedDialog.h,v 1.5 2005/07/22 04:08:15 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __IPTADVANCEDDIALOG_H_ +#define __IPTADVANCEDDIALOG_H_ + +#include +#include "DialogData.h" + +namespace libfwbuilder { + class FWObject; +}; + +class iptAdvancedDialog : public QDialog +{ + Q_OBJECT + + libfwbuilder::FWObject *obj; + DialogData data; + Ui::iptAdvancedDialog_q *m_dialog; + + public: + iptAdvancedDialog(QWidget *parent,libfwbuilder::FWObject *o); + ~iptAdvancedDialog(); + +protected slots: + + virtual void accept(); + virtual void reject(); + + virtual void editProlog(); + virtual void editEpilog(); + + +public slots: + virtual void switchLOG_ULOG(); + +}; + +#endif // __IPTADVANCEDDIALOG_H + diff --git a/src/gui/iptadvanceddialog_q.ui b/src/gui/iptadvanceddialog_q.ui new file mode 100644 index 000000000..7333f1c3d --- /dev/null +++ b/src/gui/iptadvanceddialog_q.ui @@ -0,0 +1,1435 @@ + + iptAdvancedDialog_q + + + true + + + + 0 + 0 + 677 + 739 + + + + + 5 + 5 + 0 + 0 + + + + iptables: advanced settings + + + false + + + + 9 + + + 6 + + + + + + 7 + 7 + 0 + 0 + + + + 0 + + + + Compiler + + + + 6 + + + 6 + + + + + + 7 + 5 + 0 + 0 + + + + Command line options for the compiler: + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + + 1 + 0 + 0 + 0 + + + + Accept ESTABLISHED and RELATED packets before the first rule + + + + + + + + 1 + 0 + 0 + 0 + + + + Bridging firewall + + + + + + + Qt::Horizontal + + + QSizePolicy::Maximum + + + + 30 + 150 + + + + + + + + + 1 + 0 + 0 + 0 + + + + Detect shadowing in policy rules + + + + + + + + 1 + 0 + 0 + 0 + + + + Assume firewall is part of 'any' + + + + + + + + 1 + 0 + 0 + 0 + + + + Accept TCP sessions opened prior to firewall restart + + + + + + + + 1 + 0 + 0 + 0 + + + + Enable support for NAT of locally originated connections + + + + + + + Compiler: + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + + 7 + 5 + 0 + 0 + + + + Output file name (if left blank, the file name is constructed of the firewall object name and extension ".fw") + + + Qt::AlignVCenter + + + true + + + + + + + QFrame::HLine + + + QFrame::Sunken + + + Qt::Horizontal + + + + + + + Drop packets that are associated with +no known connection + + + + + + + and log them + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 80 + 20 + + + + + + + + + 32767 + 32767 + + + + + + + + + 32767 + 32767 + + + + + + + + + 32767 + 32767 + + + + + + + + + 1 + 0 + 0 + 0 + + + + Clamp MSS to MTU + + + + + + + + 1 + 0 + 0 + 0 + + + + Ignore empty groups in rules + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + + 7 + 0 + 0 + 0 + + + + + 32767 + 32767 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Fixed + + + + 30 + 50 + + + + + + + + Always permit ssh access from +the management workstation +with this address: + + + + + + + QFrame::HLine + + + QFrame::Sunken + + + Qt::Horizontal + + + + + + + + + + Default action on 'Reject': + + + false + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 72 + 20 + + + + + + + + Make Tag and Classify actions terminating + + + + + + + Do not set default policy for ipv6 + + + + + + + + Installer + + + + 6 + + + 6 + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 100 + + + + + + + + External install script + + + + 6 + + + 6 + + + + + + 0 + 0 + 0 + 0 + + + + + + + + + 7 + 5 + 0 + 0 + + + + Policy install script (using built-in installer if this field is blank): + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + false + + + + + + + + 7 + 5 + 0 + 0 + + + + Command line options for the script: + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + false + + + + + + + + 0 + 0 + 0 + 0 + + + + + + + + + + + Built-in installer + + + + 6 + + + 6 + + + + + Alternative name or address used to communicate with the firewall (also putty session name on Windows) + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignTop + + + true + + + + + + + User name used to authenticate to the firewall (leave this empty if you use putty session): + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + + + + + Directory on the firewall where script should be installed + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + + + + + + 0 + 0 + 0 + 0 + + + + + + + + + 0 + 0 + 0 + 0 + + + + + + + + + 0 + 0 + 0 + 0 + + + + + + + + + 0 + 0 + 0 + 0 + + + + + + + + A command that installer should execute on the firewall in order to activate the policy (if this field is blank, installer runs firewall script in the directory specified above; it uses sudo if user name is not 'root') + + + Qt::AlignVCenter + + + true + + + + + + + 0 + + + 6 + + + + + Additional command line parameters for ssh + + + false + + + + + + + + 7 + 0 + 0 + 0 + + + + + + + + + + + + + + Prolog/Epilog + + + + 6 + + + 6 + + + + + + + + + 6 + + + 6 + + + + + Edit + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + + + The following commands will be added verbatim after generated configuration + + + Qt::AlignVCenter + + + true + + + + + + + + + + + + + + 6 + + + 6 + + + + + + + + The following commands will be added verbatim on top of generated configuration + + + Qt::AlignVCenter + + + true + + + + + + + Edit + + + + + + + Insert prolog script + + + false + + + + + + + + 7 + 0 + 0 + 0 + + + + + on top of the script + + + + + after interface configuration + + + + + after policy reset + + + + + + + + + + + + Logging + + + + 20 + + + 6 + + + + + + + + + 6 + + + 6 + + + + + use ULOG + + + + + + + use LOG + + + + + + + + + 0 + + + 10 + + + + + log TCP seq. numbers + + + + + + + log IP options + + + + + + + use numeric syslog levels + + + + + + + Log level: + + + false + + + + + + + + + + log TCP options + + + + + + + + + 0 + + + 10 + + + + + 1500 + + + + + + + cprange + + + false + + + + + + + 1 + + + + + + + queue threshold: + + + false + + + + + + + netlink group: + + + false + + + + + + + 32 + + + 1 + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 16 + + + + + + + + + + + + + + + + 0 + 1 + 0 + 0 + + + + QFrame::VLine + + + QFrame::Sunken + + + Qt::Vertical + + + + + + + + 5 + 5 + 0 + 0 + + + + Log prefix: + + + false + + + + + + + 32 + + + + + + + Logging limit: + + + false + + + + + + + 10000 + + + + + + + + 5 + 0 + 0 + 0 + + + + + + + + Activate logging in all rules +(overrides rule options, use for debugging) + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 40 + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 16 + + + + + + + + + Script Options + + + + 6 + + + 6 + + + + + These options enable auxiliary sections in the generated shell script. + + + Qt::AlignVCenter + + + true + + + + + + + Qt::Horizontal + + + QSizePolicy::MinimumExpanding + + + + 40 + 20 + + + + + + + + iptables-restore replaces firewall policy in one atomic transaction + + + Use iptables-restore to activate policy + + + + + + + Add virtual addresses for NAT + + + + + + + Qt::Horizontal + + + QSizePolicy::Maximum + + + + 30 + 120 + + + + + + + + Load modules + + + + + + + Verify interfaces before loading firewall policy + + + + + + + Turn debugging on in generated script + + + + + + + Configure Interfaces of the firewall machine + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 200 + + + + + + + + + + + + 0 + + + 6 + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + &OK + + + + + + true + + + true + + + + + + + &Cancel + + + + + + true + + + + + + + + + + tabWidget2 + compiler + compilerArgs + outputFileName + assumeFwIsPartOfAny + acceptSessions + acceptESTBeforeFirst + dropInvalid + logInvalid + bridge + shadowing + emptyGroups + localNAT + clampMSStoMTU + actionOnReject + mgmt_ssh + mgmt_addr + buttonOk + buttonCancel + useLOG + useULOG + cprange + qthreshold + nlgroup + logTCPseq + logTCPopt + logIPopt + logNumsyslog + logLevel + logprefix + logLimitVal + logLimitSuffix + logAll + loadModules + verifyInterfaces + iptDebug + configureInterfaces + addVirtualsforNAT + + + + + buttonOk + clicked() + iptAdvancedDialog_q + accept() + + + 20 + 20 + + + 20 + 20 + + + + + buttonCancel + clicked() + iptAdvancedDialog_q + reject() + + + 20 + 20 + + + 20 + 20 + + + + + useLOG + clicked(bool) + iptAdvancedDialog_q + switchLOG_ULOG() + + + 20 + 20 + + + 20 + 20 + + + + + edit_prolog_button + clicked() + iptAdvancedDialog_q + editProlog() + + + 20 + 20 + + + 20 + 20 + + + + + edit_epilog_button + clicked() + iptAdvancedDialog_q + editEpilog() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/ipv4dialog_q.ui b/src/gui/ipv4dialog_q.ui new file mode 100644 index 000000000..8bcd61e1d --- /dev/null +++ b/src/gui/ipv4dialog_q.ui @@ -0,0 +1,354 @@ + + + + + IPv4Dialog_q + + + true + + + + 0 + 0 + 562 + 297 + + + + IPv4 + + + + + + 0 + + + + + + 5 + 0 + 0 + 0 + + + + Box + + + Sunken + + + + 5 + + + + + + true + + + + Address + + + false + + + + + + + + 0 + 0 + 0 + 0 + + + + address_25.png + + + true + + + false + + + + + + + + + + + 5 + 5 + 0 + 0 + + + + Box + + + Sunken + + + + 10 + + + + + Comment: + + + false + + + + + + + + 7 + 7 + 0 + 100 + + + + + 200 + 0 + + + + true + + + + + + + + 0 + 20 + + + + Expanding + + + Horizontal + + + + + + + Box + + + Sunken + + + + + + + 5 + 0 + 0 + 0 + + + + + + + + Name: + + + false + + + + + + + + 5 + 0 + 0 + 0 + + + + + + + + Library: + + + false + + + + + + + + 5 + 0 + 0 + 0 + + + + + + + + Address: + + + false + + + + + + + + 5 + 0 + 0 + 0 + + + + + + + + Netmask: + + + false + + + + + + + 0 + + + + + + 30 + 20 + + + + Expanding + + + Horizontal + + + + + + + DNS Lookup... + + + + + + + + + + + + + + + + + + 40 + 20 + + + + Expanding + + + Horizontal + + + + + + + + + obj_name + libs + address + netmask + dnsLookup + comment + + + + comment + textChanged() + IPv4Dialog_q + changed() + + + address + textChanged(QString) + IPv4Dialog_q + changed() + + + libs + activated(int) + IPv4Dialog_q + changed() + + + netmask + textChanged(QString) + IPv4Dialog_q + changed() + + + obj_name + textChanged(QString) + IPv4Dialog_q + changed() + + + dnsLookup + clicked() + IPv4Dialog_q + DNSlookup() + + + diff --git a/src/gui/libexport_q.ui b/src/gui/libexport_q.ui new file mode 100644 index 000000000..c60d005c3 --- /dev/null +++ b/src/gui/libexport_q.ui @@ -0,0 +1,222 @@ + + LibExport_q + + + + 0 + 0 + 578 + 502 + + + + + 5 + 5 + 0 + 0 + + + + Export + + + true + + + + 11 + + + 6 + + + + + + 7 + 7 + 0 + 0 + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 6 + + + + + + 5 + 0 + 0 + 0 + + + + This will export a library to a file which can later be imported back into Firewall Builder + + + Qt::AlignVCenter + + + true + + + + + + + QAbstractItemView::ExtendedSelection + + + + New Item + + + + + + + + Make exported libraries read-only + + + + + + + Choose libraries to be exported: + + + Qt::AlignTop + + + false + + + + + + + Qt::Vertical + + + QSizePolicy::Fixed + + + + 20 + 20 + + + + + + + + + + + + 7 + 5 + 0 + 0 + + + + QFrame::NoFrame + + + QFrame::Sunken + + + + 11 + + + 6 + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 41 + 20 + + + + + + + + Ok + + + + + + + Cancel + + + + + + + + + + + + + okButton + clicked() + LibExport_q + accept() + + + 20 + 20 + + + 20 + 20 + + + + + cancelButton + clicked() + LibExport_q + reject() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/librarydialog_q.ui b/src/gui/librarydialog_q.ui new file mode 100644 index 000000000..dab5a2305 --- /dev/null +++ b/src/gui/librarydialog_q.ui @@ -0,0 +1,319 @@ + + LibraryDialog_q + + + true + + + + 0 + 0 + 657 + 263 + + + + Library + + + + 11 + + + 6 + + + + + 0 + + + 6 + + + + + + 5 + 0 + 0 + 0 + + + + QFrame::Box + + + QFrame::Sunken + + + + 5 + + + 6 + + + + + + 75 + true + + + + Library + + + false + + + + + + + + 0 + 0 + 0 + 0 + + + + + + + true + + + false + + + + + + + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 10 + + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 6 + + + + + + 5 + 0 + 0 + 0 + + + + + + + + Color: + + + false + + + + + + + Name: + + + false + + + + + + + + 5 + 0 + 0 + 0 + + + + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 71 + + + + + + + + + + + + 7 + 7 + 0 + 100 + + + + + 200 + 0 + + + + true + + + + + + + Comment: + + + false + + + + + + + Qt::Horizontal + + + QSizePolicy::Fixed + + + + 91 + 20 + + + + + + + + + + + + + Qt::Horizontal + + + QSizePolicy::Fixed + + + + 40 + 20 + + + + + + + + + obj_name + colorButton + comment + + + + + colorButton + clicked() + LibraryDialog_q + changeColor() + + + 20 + 20 + + + 20 + 20 + + + + + obj_name + textChanged(QString) + LibraryDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + comment + textChanged() + LibraryDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/linksysAdvancedDialog.cpp b/src/gui/linksysAdvancedDialog.cpp new file mode 100644 index 000000000..3b7f8fd61 --- /dev/null +++ b/src/gui/linksysAdvancedDialog.cpp @@ -0,0 +1,150 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: linksysAdvancedDialog.cpp,v 1.5 2006/03/16 05:38:14 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "platforms.h" + +#include "linksysAdvancedDialog.h" +#include "ObjectManipulator.h" + +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Management.h" +#include "fwbuilder/Resources.h" + +#include +#include +#include +#include +#include +#include +#include + +using namespace std; +using namespace libfwbuilder; + +linksysAdvancedDialog::~linksysAdvancedDialog() +{ + delete m_dialog; +} + +linksysAdvancedDialog::linksysAdvancedDialog(QWidget *parent,FWObject *o) + : QDialog(parent) +{ + m_dialog = new Ui::linksysAdvancedDialog_q; + m_dialog->setupUi(this); + + obj=o; + + FWOptions *fwopt=(Firewall::cast(obj))->getOptionsObject(); + assert(fwopt!=NULL); + + Management *mgmt=(Firewall::cast(obj))->getManagementObject(); + assert(mgmt!=NULL); +/* + * since v2.0.3 we do not need to know shell prompt on linksys. Will + * remove the page completely when code becomes stable. + */ + m_dialog->tabWidget3->removeTab( 1 ); + + QStringList threeStateMapping; + + threeStateMapping.push_back(QObject::tr("No change")); + threeStateMapping.push_back(""); + + threeStateMapping.push_back(QObject::tr("On")); + threeStateMapping.push_back("1"); + + threeStateMapping.push_back(QObject::tr("Off")); + threeStateMapping.push_back("0"); + +/* set default prompts */ + if (fwopt->getStr("prompt1").empty()) + Resources::os_res["linksys"]->Resources::setDefaultOption(fwopt, + "/FWBuilderResources/Target/options/default/prompt1"); + + if (fwopt->getStr("prompt2").empty()) + Resources::os_res["linksys"]->Resources::setDefaultOption(fwopt, + "/FWBuilderResources/Target/options/default/prompt2"); + + data.registerOption( m_dialog->linksys_prompt1, + fwopt, + "prompt1" ); + data.registerOption( m_dialog->linksys_prompt2, + fwopt, + "prompt2" ); + + data.registerOption( m_dialog->linksys_path_iptables, + fwopt, + "linux24_path_iptables" ); + data.registerOption( m_dialog->linksys_path_ip, + fwopt, + "linux24_path_ip" ); + data.registerOption( m_dialog->linksys_path_lsmod, + fwopt, + "linux24_path_lsmod" ); + data.registerOption( m_dialog->linksys_path_logger, + fwopt, + "linux24_path_logger" ); + data.registerOption( m_dialog->linksys_path_modprobe, + fwopt, + "linux24_path_modprobe" ); + + + data.loadAll(); +} + +/* + * store all data in the object + */ +void linksysAdvancedDialog::accept() +{ + FWOptions *fwopt=(Firewall::cast(obj))->getOptionsObject(); + assert(fwopt!=NULL); + + Management *mgmt=(Firewall::cast(obj))->getManagementObject(); + assert(mgmt!=NULL); + + data.saveAll(); + + om->updateLastModifiedTimestampForAllFirewalls(obj); + QDialog::accept(); +} + +void linksysAdvancedDialog::reject() +{ + QDialog::reject(); +} + +void linksysAdvancedDialog::setDefaultPrompts() +{ + FWOptions *fwopt=(Firewall::cast(obj))->getOptionsObject(); + assert(fwopt!=NULL); + m_dialog->linksys_prompt1->setText( + Resources::getTargetOptionStr("linksys","default/prompt1").c_str() ); + m_dialog->linksys_prompt2->setText( + Resources::getTargetOptionStr("linksys","default/prompt2").c_str() ); +} + diff --git a/src/gui/linksysAdvancedDialog.h b/src/gui/linksysAdvancedDialog.h new file mode 100644 index 000000000..5b74d8dd9 --- /dev/null +++ b/src/gui/linksysAdvancedDialog.h @@ -0,0 +1,60 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: linksysAdvancedDialog.h,v 1.1 2004/08/22 02:52:42 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __LINKSYSADVANCEDDIALOG_H_ +#define __LINKSYSADVANCEDDIALOG_H_ + +#include +#include "DialogData.h" +#include + +namespace libfwbuilder { + class FWObject; +}; + +class linksysAdvancedDialog : public QDialog +{ + Q_OBJECT + + libfwbuilder::FWObject *obj; + DialogData data; + Ui::linksysAdvancedDialog_q *m_dialog; + + public: + linksysAdvancedDialog(QWidget *parent,libfwbuilder::FWObject *o); + ~linksysAdvancedDialog(); + +protected slots: + + virtual void accept(); + virtual void reject(); + +public slots: + virtual void setDefaultPrompts(); +}; + +#endif // __LINKSYSADVANCEDDIALOG_H + diff --git a/src/gui/linksysadvanceddialog_q.ui b/src/gui/linksysadvanceddialog_q.ui new file mode 100644 index 000000000..b28fbb6ef --- /dev/null +++ b/src/gui/linksysadvanceddialog_q.ui @@ -0,0 +1,471 @@ + + linksysAdvancedDialog_q + + + + 0 + 0 + 562 + 578 + + + + Linksys/Sveasoft: advanced settings + + + + 11 + + + 6 + + + + + 0 + + + 6 + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + &OK + + + + + + true + + + true + + + + + + + &Cancel + + + + + + true + + + + + + + + + QTabWidget::Rounded + + + 1 + + + + Path + + + + 6 + + + 6 + + + + + modprobe: + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + logger: + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + ip: + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + lsmod + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + iptables: + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + Qt::Horizontal + + + QSizePolicy::Fixed + + + + 150 + 20 + + + + + + + + + + + + + + + + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 40 + + + + + + + + Specify directory path and a file name for each utility on your firewall machine. Leave these empty if you want to use default values. + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + + + + + Qt::Vertical + + + QSizePolicy::Fixed + + + + 20 + 20 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + Prompts + + + + 6 + + + 6 + + + + + + 7 + 0 + 0 + 0 + + + + Policy installer relies on the shell prompt on the firewall to execute commands. Installer tries both prompt string patterns configured here; it assumes that the firewall is ready to accept a command if either prompt matches. You should only need to change these string patterns if Sveasoft changes the shell prompt in the future releases of the software. +<br> +<br> +The default strings work for Sveasoft Alchemy pre-5.1 and pre-5.2 + + + Qt::RichText + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + 4 + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 80 + + + + + + + + Use default prompts + + + + + + + + + + prompt 2 + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 30 + 20 + + + + + + + + prompt 1 + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + Qt::Horizontal + + + QSizePolicy::Fixed + + + + 150 + 20 + + + + + + + + Qt::Vertical + + + QSizePolicy::Fixed + + + + 20 + 20 + + + + + + + + + + + + + + tabWidget3 + linksys_path_iptables + linksys_path_ip + linksys_path_logger + linksys_path_modprobe + linksys_path_lsmod + linksys_prompt1 + linksys_prompt2 + useDefaultPrompts + buttonOk + buttonCancel + + + + + buttonOk + clicked() + linksysAdvancedDialog_q + accept() + + + 20 + 20 + + + 20 + 20 + + + + + buttonCancel + clicked() + linksysAdvancedDialog_q + reject() + + + 20 + 20 + + + 20 + 20 + + + + + useDefaultPrompts + clicked() + linksysAdvancedDialog_q + setDefaultPrompts() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/linux24AdvancedDialog.cpp b/src/gui/linux24AdvancedDialog.cpp new file mode 100644 index 000000000..2b805a82f --- /dev/null +++ b/src/gui/linux24AdvancedDialog.cpp @@ -0,0 +1,175 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: linux24AdvancedDialog.cpp,v 1.4 2006/03/16 05:38:14 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "platforms.h" + +#include "linux24AdvancedDialog.h" +#include "ObjectManipulator.h" + +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Management.h" + +#include +#include +#include +#include +#include +#include +#include + + +using namespace std; +using namespace libfwbuilder; + +linux24AdvancedDialog::~linux24AdvancedDialog() +{ + delete m_dialog; +} + +linux24AdvancedDialog::linux24AdvancedDialog(QWidget *parent,FWObject *o) + : QDialog(parent) +{ + m_dialog = new Ui::linux24AdvancedDialog_q; + m_dialog->setupUi(this); + obj=o; + + FWOptions *fwopt=(Firewall::cast(obj))->getOptionsObject(); + assert(fwopt!=NULL); + + Management *mgmt=(Firewall::cast(obj))->getManagementObject(); + assert(mgmt!=NULL); + + QStringList threeStateMapping; + + threeStateMapping.push_back(QObject::tr("No change")); + threeStateMapping.push_back(""); + + threeStateMapping.push_back(QObject::tr("On")); + threeStateMapping.push_back("1"); + + threeStateMapping.push_back(QObject::tr("Off")); + threeStateMapping.push_back("0"); + + + + data.registerOption( m_dialog->linux24_log_martians, + fwopt, + "linux24_log_martians", threeStateMapping); + data.registerOption( m_dialog->linux24_accept_redirects, + fwopt, + "linux24_accept_redirects", threeStateMapping); + data.registerOption( m_dialog->linux24_icmp_echo_ignore_all, + fwopt, + "linux24_icmp_echo_ignore_all", threeStateMapping); + data.registerOption( m_dialog->linux24_icmp_echo_ignore_broadcasts, + fwopt, + "linux24_icmp_echo_ignore_broadcasts", threeStateMapping); + data.registerOption( m_dialog->linux24_icmp_ignore_bogus_error_responses, + fwopt, + "linux24_icmp_ignore_bogus_error_responses", threeStateMapping); + data.registerOption( m_dialog->linux24_ip_dynaddr, + fwopt, + "linux24_ip_dynaddr", threeStateMapping); + data.registerOption( m_dialog->linux24_rp_filter, + fwopt, + "linux24_rp_filter", threeStateMapping); + data.registerOption( m_dialog->linux24_accept_source_route, + fwopt, + "linux24_accept_source_route", threeStateMapping); + data.registerOption( m_dialog->linux24_ip_forward, + fwopt, + "linux24_ip_forward", threeStateMapping); + data.registerOption( m_dialog->linux24_tcp_fin_timeout, + fwopt, + "linux24_tcp_fin_timeout" ); + data.registerOption( m_dialog->linux24_tcp_keepalive_interval, + fwopt, + "linux24_tcp_keepalive_interval"); + data.registerOption( m_dialog->linux24_tcp_window_scaling, + fwopt, + "linux24_tcp_window_scaling", threeStateMapping); + data.registerOption( m_dialog->linux24_tcp_sack, + fwopt, + "linux24_tcp_sack", threeStateMapping); + data.registerOption( m_dialog->linux24_tcp_fack, + fwopt, + "linux24_tcp_fack", threeStateMapping); + data.registerOption( m_dialog->linux24_tcp_ecn, + fwopt, + "linux24_tcp_ecn", threeStateMapping); + data.registerOption( m_dialog->linux24_tcp_syncookies, + fwopt, + "linux24_tcp_syncookies", threeStateMapping); + data.registerOption( m_dialog->linux24_tcp_timestamps, + fwopt, + "linux24_tcp_timestamps", threeStateMapping); + data.registerOption( m_dialog->linux24_path_iptables, + fwopt, + "linux24_path_iptables" ); + data.registerOption( m_dialog->linux24_path_ip, + fwopt, + "linux24_path_ip" ); + data.registerOption( m_dialog->linux24_path_lsmod, + fwopt, + "linux24_path_lsmod" ); + data.registerOption( m_dialog->linux24_path_logger, + fwopt, + "linux24_path_logger" ); + data.registerOption( m_dialog->linux24_path_modprobe, + fwopt, + "linux24_path_modprobe" ); + data.registerOption( m_dialog->linux24_path_iptables_restore, + fwopt, + "linux24_path_iptables_restore" ); + + + data.loadAll(); +} + +/* + * store all data in the object + */ +void linux24AdvancedDialog::accept() +{ + FWOptions *fwopt=(Firewall::cast(obj))->getOptionsObject(); + assert(fwopt!=NULL); + + Management *mgmt=(Firewall::cast(obj))->getManagementObject(); + assert(mgmt!=NULL); + + data.saveAll(); + + om->updateLastModifiedTimestampForAllFirewalls(obj); + QDialog::accept(); +} + +void linux24AdvancedDialog::reject() +{ + QDialog::reject(); +} + + diff --git a/src/gui/linux24AdvancedDialog.h b/src/gui/linux24AdvancedDialog.h new file mode 100644 index 000000000..629dc04b0 --- /dev/null +++ b/src/gui/linux24AdvancedDialog.h @@ -0,0 +1,59 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: linux24AdvancedDialog.h,v 1.1 2004/05/11 04:45:38 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __LINUX24ADVANCEDDIALOG_H_ +#define __LINUX24ADVANCEDDIALOG_H_ + +#include +#include "DialogData.h" +#include + +namespace libfwbuilder { + class FWObject; +}; + +class linux24AdvancedDialog : public QDialog +{ + Q_OBJECT + + libfwbuilder::FWObject *obj; + DialogData data; + Ui::linux24AdvancedDialog_q *m_dialog; + + public: + linux24AdvancedDialog(QWidget *parent,libfwbuilder::FWObject *o); + ~linux24AdvancedDialog(); + +protected slots: + + virtual void accept(); + virtual void reject(); + + +}; + +#endif // __LINUX24ADVANCEDDIALOG_H + diff --git a/src/gui/linux24advanceddialog_q.ui b/src/gui/linux24advanceddialog_q.ui new file mode 100644 index 000000000..62d416099 --- /dev/null +++ b/src/gui/linux24advanceddialog_q.ui @@ -0,0 +1,1037 @@ + + linux24AdvancedDialog_q + + + + 0 + 0 + 385 + 393 + + + + Linux 2.4: advanced settings + + + + 11 + + + 6 + + + + + 0 + + + 6 + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + &OK + + + + + + true + + + true + + + + + + + &Cancel + + + + + + true + + + + + + + + + QTabWidget::Rounded + + + 0 + + + + Options + + + + 6 + + + 6 + + + + + + No change + + + + + On + + + + + Off + + + + + + + + + No change + + + + + On + + + + + Off + + + + + + + + + No change + + + + + On + + + + + Off + + + + + + + + + No change + + + + + On + + + + + Off + + + + + + + + + No change + + + + + On + + + + + Off + + + + + + + + + No change + + + + + On + + + + + Off + + + + + + + + + No change + + + + + On + + + + + Off + + + + + + + + + No change + + + + + On + + + + + Off + + + + + + + + + No change + + + + + On + + + + + Off + + + + + + + + Packet forwarding + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + Kernel anti-spoofing protection + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + Ignore broadcast pings + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + Ignore all pings + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + Accept source route + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + Accept ICMP redirects + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + Ignore bogus ICMP errors + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + Allow dynamic addresses + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + Log martians + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + Qt::Vertical + + + QSizePolicy::Fixed + + + + 20 + 20 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 150 + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 40 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Fixed + + + + 151 + 20 + + + + + + + + + TCP + + + + 6 + + + 6 + + + + + These parameters make sense for connections to or from the firewall host + + + Qt::AlignCenter + + + true + + + + + + + Qt::Vertical + + + QSizePolicy::Fixed + + + + 20 + 20 + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 30 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 100 + 50 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Fixed + + + + 150 + 20 + + + + + + + + 1000 + + + 0 + + + 30 + + + + + + + 10000 + + + 0 + + + 1800 + + + + + + + + No change + + + + + On + + + + + Off + + + + + + + + + No change + + + + + On + + + + + Off + + + + + + + + + No change + + + + + On + + + + + Off + + + + + + + + + No change + + + + + On + + + + + Off + + + + + + + + + No change + + + + + On + + + + + Off + + + + + + + + + No change + + + + + On + + + + + Off + + + + + + + + TCP sack + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + TCP window scaling + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + TCP ECN + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + TCP SYN cookies + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + TCP keepalive time (sec) + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + TCP fack + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + TCP timestamps + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + TCP FIN timeout (sec) + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + + Path + + + + 6 + + + 6 + + + + + modprobe: + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + logger: + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + ip: + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + lsmod + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + Qt::Horizontal + + + QSizePolicy::Fixed + + + + 150 + 20 + + + + + + + + + + + + + + + + + + + + Specify directory path and a file name for each utility on your firewall machine. Leave these empty if you want to use default values. + + + Qt::AlignCenter + + + true + + + + + + + Qt::Vertical + + + QSizePolicy::Fixed + + + + 20 + 20 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 60 + + + + + + + + iptables: + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + + + + + + + iptables-restore: + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + + + + + + linux24_ip_forward + linux24_rp_filter + linux24_icmp_echo_ignore_broadcasts + linux24_icmp_echo_ignore_all + linux24_accept_source_route + linux24_accept_redirects + linux24_icmp_ignore_bogus_error_responses + linux24_ip_dynaddr + linux24_log_martians + buttonOk + buttonCancel + linux24_tcp_fin_timeout + linux24_tcp_keepalive_interval + linux24_tcp_window_scaling + linux24_tcp_sack + linux24_tcp_fack + linux24_tcp_ecn + linux24_tcp_syncookies + linux24_tcp_timestamps + linux24_path_iptables + linux24_path_ip + linux24_path_logger + linux24_path_modprobe + linux24_path_lsmod + tabWidget3 + + + + + buttonOk + clicked() + linux24AdvancedDialog_q + accept() + + + 20 + 20 + + + 20 + 20 + + + + + buttonCancel + clicked() + linux24AdvancedDialog_q + reject() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/listOfLibraries.cpp b/src/gui/listOfLibraries.cpp new file mode 100644 index 000000000..90024e12b --- /dev/null +++ b/src/gui/listOfLibraries.cpp @@ -0,0 +1,264 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id$ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "fwbuilder/Library.h" +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/XMLTools.h" + +#include "FWWindow.h" +#include "FWBSettings.h" +#include "upgradePredicate.h" +#include "listOfLibraries.h" + +#include "qobject.h" +#include +#include + +#include +#include + +using namespace std; +using namespace libfwbuilder; + +listOfLibraries::listOfLibraries() +{ +// build list of available libraries + +/* first read user's preferences. User may want to load some libraries + * that we usually find but do not load by default (e.g. templates) + */ + + add(sysfname.c_str(),true); + add(tempfname.c_str()); + +#ifdef _WIN32 + string ts = appRootDir + "/lib"; + QString dir = ts.c_str(); +#else + QString dir = QString(getenv("HOME")) + "/.fwbuilder/lib"; +#endif + + QDir d(dir, "*.fwb" ); + for (unsigned int i=0; igetInt("Libraries/num"); + for (int i=0; igetStr( lp ); + + lp = QString("Libraries/lib%1_load").arg(i); + l = st->getBool( lp ); + + add( s.toLatin1().constData() , l ); + } +} + +void listOfLibraries::save() +{ + st->setInt("Libraries/num", size() ); + + int n = 0; + for (list::iterator i=begin(); i!=end(); ++i,++n) + { + QString lp; + + lp = QString("Libraries/lib%1_path").arg(n); + st->setStr( lp , i->path ); + + lp = QString("Libraries/lib%1_load").arg(n); + st->setBool( lp , i->load ); + } +} + +class findPathPredicate { + QString p; + public: + findPathPredicate(const QString &_p):p(_p){} + bool operator()(const libData &ld) { return ld.path==p; } +}; + +class findNamePredicate { + QString p; + public: + findNamePredicate(const QString &_p):p(_p){} + bool operator()(const libData &ld) { return ld.name==p; } +}; + +class findIdPredicate { + QString p; + public: + findIdPredicate(const QString &_p):p(_p){} + bool operator()(const libData &ld) { return ld.id==p; } +}; + + + +class MessageBoxNeverUpgradePredicate: public libfwbuilder::XMLTools::UpgradePredicate +{ + public: + MessageBoxNeverUpgradePredicate() {} + + virtual bool operator()(const std::string &msg) const + { + QMessageBox::information( NULL , "Firewall Builder", + QObject::tr( +"The library file you are trying to open\n\ +has been saved in an older version of\n\ +Firewall Builder and needs to be upgraded.\n\ +To upgrade it, just load it in the Firewall\n\ +Builder GUI and save back to file again." + ), + QObject::tr("&Continue"), + QString::null, + QString::null, + 0, 1 ); + return false; + } +}; + +list::iterator listOfLibraries::add(const QString &path, bool load) +{ + QString name; + QString id; + + if ( ! QFile::exists(path) ) return end(); + + MessageBoxNeverUpgradePredicate dont_upgrade_predicate; + + try + { + FWObjectDatabase *ndb = new FWObjectDatabase(); + ndb->load(path.toAscii().constData(), &dont_upgrade_predicate, librespath); + list libs = ndb->getByType(Library::TYPENAME); + for (list::iterator i=libs.begin(); i!=libs.end(); i++) + { + name = (*i)->getName().c_str(); + id = (*i)->getId().c_str(); + if ((*i)->getId() == STANDARD_LIB) continue; + if ((*i)->getId() == DELETED_LIB) continue; + if ((*i)->getId() == TEMPLATE_LIB) continue; + break; + } + + delete ndb; + + } catch(FWException &ex) + { + QMessageBox::warning( + NULL,"Firewall Builder", + QObject::tr("Error loading file %1:\n%2"). + arg(path).arg(ex.toString().c_str()), + QObject::tr("&Continue"), QString::null,QString::null, + 0, 1 ); + return end(); + } + + if (id.isEmpty()) return end(); + if (name.isEmpty()) return end(); + +#if 0 + // commented out for bug #1620284 + // +/* + * mw is NULL at this point if this method is called to preload + * libraries on startup + */ + list currentLibs; + if (mw) currentLibs= mw->db()->getByType(Library::TYPENAME); + + if ( std::find_if(begin(),end(),findIdPredicate(id))!=end() || + (!currentLibs.empty() && + std::find_if(currentLibs.begin(),currentLibs.end(), + findFWObjectIDPredicate(id.ascii()))!=currentLibs.end() ) + ) + { + QMessageBox::warning( + NULL,"Firewall Builder", + QObject::tr("Duplicate library '%1'").arg(QString::fromUtf8(name)), + QObject::tr("&Continue"), QString::null,QString::null, + 0, 1 ); + return end(); + } +#endif + + if (id == STANDARD_LIB) return end(); + if (id == DELETED_LIB) return end(); + if (id == TEMPLATE_LIB) return end(); + + list::iterator i1=insert(end(),libData( id, name, path, false) ); + i1->load=load; + + return i1; +} + +void listOfLibraries::setLoad(const QString &libPath, bool f) +{ + list::iterator it; + if ( (it=std::find_if(begin(),end(),findPathPredicate(libPath)))!=end()) + it->load=f; +} + +bool listOfLibraries::getLoad(const QString &libPath) +{ + list::iterator it; + if ( (it=std::find_if(begin(),end(),findPathPredicate(libPath)))!=end()) + return it->load; + + return false; +} + +bool listOfLibraries::isLoaded(const QString &libName) +{ + list::iterator it; + if ( (it=std::find_if(begin(),end(),findNamePredicate(libName)))!=end()) + return it->load; + + return false; +} + +bool listOfLibraries::isKnown(const QString &id) +{ + list::iterator it; + if ( (it=std::find_if(begin(),end(),findIdPredicate(id)))!=end()) + return it->load; + + return false; +} + diff --git a/src/gui/listOfLibraries.h b/src/gui/listOfLibraries.h new file mode 100644 index 000000000..11c1e0965 --- /dev/null +++ b/src/gui/listOfLibraries.h @@ -0,0 +1,79 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id$ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#ifndef __LISTOFLIBRARIES_H_ +#define __LISTOFLIBRARIES_H_ + +#include "config.h" + +#include +#include + +/* + * name - name of the library object + * path - a full path for the file + * + */ +class libData +{ + public: + QString id; + QString name; + QString path; + bool mandatory; + bool load; + + libData(const QString &i,const QString &n,const QString &p,bool f) + { id=i; name=n; path=p; mandatory=f; load=false; } +}; + +class listOfLibraries : public std::list +{ +// I could use map (with a full path to a library file being a +// key) but I do not want this list to be sorted by path. The list is +// likely to be short so simple linear search in isn't going to be a +// problem. + + + public: + listOfLibraries(); + + /** + * this method adds a library from the file 'path' to the list and + * returns iterator that points at the new object in the list avLibs + */ + std::list::iterator add(const QString &path, bool load=false); + + void setLoad(const QString &libPath, bool f); + bool getLoad(const QString &libPath); + + bool isLoaded(const QString &libName); + bool isKnown(const QString &id); + + void load(); + void save(); +}; + +#endif diff --git a/src/gui/longTextDialog.cpp b/src/gui/longTextDialog.cpp new file mode 100644 index 000000000..9ef471207 --- /dev/null +++ b/src/gui/longTextDialog.cpp @@ -0,0 +1,62 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: longTextDialog.cpp,v 1.1 2004/06/26 22:41:10 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "longTextDialog.h" + +#include +#include +#include +#include + +#include + +using namespace libfwbuilder; +using namespace std; + +longTextDialog::~longTextDialog() +{ + delete m_dialog; +} + +longTextDialog::longTextDialog(QWidget *p, + const QString &txt,const QString <xt) + : QDialog(p) +{ + m_dialog = new Ui::longTextDialog_q; + m_dialog->setupUi(this); + + setWindowTitle("Firewall Builder"); + + m_dialog->dlgText->setText(txt); + + m_dialog->icn->setPixmap( QMessageBox::standardIcon(QMessageBox::Critical) ); + + m_dialog->dlgLongText->setText(ltxt); +} diff --git a/src/gui/longTextDialog.h b/src/gui/longTextDialog.h new file mode 100644 index 000000000..ee6e37c31 --- /dev/null +++ b/src/gui/longTextDialog.h @@ -0,0 +1,44 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: longTextDialog.h,v 1.1 2004/06/26 22:41:10 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __LONGTEXTDIALOG_H_ +#define __LONGTEXTDIALOG_H_ + +#include "config.h" +#include + +class longTextDialog : public QDialog +{ + Q_OBJECT + Ui::longTextDialog_q *m_dialog; + + public: + longTextDialog(QWidget *p,const QString &txt,const QString <xt); + ~longTextDialog(); + +}; + +#endif // __LONGTEXTDIALOG_H diff --git a/src/gui/longtextdialog_q.ui b/src/gui/longtextdialog_q.ui new file mode 100644 index 000000000..c3ba0e58e --- /dev/null +++ b/src/gui/longtextdialog_q.ui @@ -0,0 +1,150 @@ + + longTextDialog_q + + + + 0 + 0 + 368 + 291 + + + + longTextDialog_q + + + + 11 + + + 6 + + + + + Continue + + + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 100 + 20 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 120 + 20 + + + + + + + + + 0 + 0 + 0 + 0 + + + + QFrame::NoFrame + + + QFrame::Raised + + + + 11 + + + 6 + + + + + + + + true + + + false + + + + + + + + + + + 7 + 5 + 0 + 0 + + + + this is the error text + + + true + + + false + + + + + + + + dlgLongText + closeBtn + + + + + closeBtn + clicked() + longTextDialog_q + accept() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/macosxAdvancedDialog.cpp b/src/gui/macosxAdvancedDialog.cpp new file mode 100644 index 000000000..21b2c5e44 --- /dev/null +++ b/src/gui/macosxAdvancedDialog.cpp @@ -0,0 +1,119 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: macosxAdvancedDialog.cpp,v 1.3 2006/03/16 05:38:14 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "platforms.h" + +#include "macosxAdvancedDialog.h" +#include "ObjectManipulator.h" + +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Management.h" + +#include +#include +#include +#include +#include +#include + + +using namespace std; +using namespace libfwbuilder; + +macosxAdvancedDialog::~macosxAdvancedDialog() +{ + delete m_dialog; +} + +macosxAdvancedDialog::macosxAdvancedDialog(QWidget *parent,FWObject *o) + : QDialog(parent) +{ + m_dialog = new Ui::macosxAdvancedDialog_q; + m_dialog->setupUi(this); + + obj=o; + + FWOptions *fwopt=(Firewall::cast(obj))->getOptionsObject(); + assert(fwopt!=NULL); + + Management *mgmt=(Firewall::cast(obj))->getManagementObject(); + assert(mgmt!=NULL); + + QStringList threeStateMapping; + + threeStateMapping.push_back(QObject::tr("No change")); + threeStateMapping.push_back(""); + + threeStateMapping.push_back(QObject::tr("On")); + threeStateMapping.push_back("1"); + + threeStateMapping.push_back(QObject::tr("Off")); + threeStateMapping.push_back("0"); + + data.registerOption( m_dialog->macosx_ip_forward, + fwopt, + "macosx_ip_forward", threeStateMapping); + data.registerOption( m_dialog->macosx_ip_redirect, + fwopt, + "macosx_ip_redirect", threeStateMapping); + data.registerOption( m_dialog->macosx_ip_sourceroute, + fwopt, + "macosx_ip_sourceroute", threeStateMapping); + data.registerOption( m_dialog->macosx_path_ipfw, + fwopt, + "macosx_path_ipfw"); + data.registerOption( m_dialog->macosx_path_sysctl, + fwopt, + "macosx_path_sysctl"); + + + data.loadAll(); +} + +/* + * store all data in the object + */ +void macosxAdvancedDialog::accept() +{ + FWOptions *fwopt=(Firewall::cast(obj))->getOptionsObject(); + assert(fwopt!=NULL); + + Management *mgmt=(Firewall::cast(obj))->getManagementObject(); + assert(mgmt!=NULL); + + data.saveAll(); + + om->updateLastModifiedTimestampForAllFirewalls(obj); + QDialog::accept(); +} + +void macosxAdvancedDialog::reject() +{ + QDialog::reject(); +} + + diff --git a/src/gui/macosxAdvancedDialog.h b/src/gui/macosxAdvancedDialog.h new file mode 100644 index 000000000..c7130cafd --- /dev/null +++ b/src/gui/macosxAdvancedDialog.h @@ -0,0 +1,59 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: macosxAdvancedDialog.h,v 1.1 2004/05/11 04:45:38 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __MACOSXADVANCEDDIALOG_H_ +#define __MACOSXADVANCEDDIALOG_H_ + +#include +#include "DialogData.h" +#include + +namespace libfwbuilder { + class FWObject; +}; + +class macosxAdvancedDialog : public QDialog +{ + Q_OBJECT + + libfwbuilder::FWObject *obj; + DialogData data; + Ui::macosxAdvancedDialog_q *m_dialog; + + public: + macosxAdvancedDialog(QWidget *parent,libfwbuilder::FWObject *o); + ~macosxAdvancedDialog(); + +protected slots: + + virtual void accept(); + virtual void reject(); + + +}; + +#endif // __MACOSXADVANCEDDIALOG_H + diff --git a/src/gui/macosxadvanceddialog_q.ui b/src/gui/macosxadvanceddialog_q.ui new file mode 100644 index 000000000..c6c2cf040 --- /dev/null +++ b/src/gui/macosxadvanceddialog_q.ui @@ -0,0 +1,412 @@ + + + + + macosxAdvancedDialog_q + + + + 0 + 0 + 389 + 237 + + + + MacOS X: advanced settings + + + + + + 0 + + + 6 + + + + + + 20 + 20 + + + + Expanding + + + Horizontal + + + + + + + &OK + + + + + + true + + + true + + + + + + + &Cancel + + + + + + true + + + + + + + + + QTabWidget::Rounded + + + + Options + + + + 0 + + + + + Generate ICMP redirects + + + Qt::AlignCenter + + + false + + + + + + + Packet forwarding + + + Qt::AlignCenter + + + false + + + + + + + + No change + + + + + On + + + + + Off + + + + + + + + + No change + + + + + On + + + + + Off + + + + + + + + + No change + + + + + On + + + + + Off + + + + + + + + Forward source routed packets + + + Qt::AlignCenter + + + false + + + + + + + + 151 + 20 + + + + Fixed + + + Horizontal + + + + + + + + 20 + 20 + + + + Fixed + + + Vertical + + + + + + + + 40 + 20 + + + + Expanding + + + Horizontal + + + + + + + + 20 + 40 + + + + Expanding + + + Vertical + + + + + + + + Path + + + + 0 + + + + + ipfw: + + + Qt::AlignCenter + + + false + + + + + + + sysctl: + + + Qt::AlignCenter + + + false + + + + + + + Specify directory path and a file name for the following utilities on the OS your firewall machine is running. Leave these empty if you want to use default values. + + + Qt::AlignCenter + + + true + + + + + + + + 0 + 0 + 0 + 0 + + + + + 200 + 0 + + + + + + + + + 0 + 0 + 0 + 0 + + + + + 200 + 0 + + + + + + + + + 40 + 20 + + + + Expanding + + + Horizontal + + + + + + + + 40 + 20 + + + + Expanding + + + Horizontal + + + + + + + + 20 + 40 + + + + Expanding + + + Vertical + + + + + + + + + + + + + macosx_ip_forward + macosx_ip_sourceroute + macosx_ip_redirect + buttonOk + buttonCancel + macosx_path_ipfw + macosx_path_sysctl + tabWidget7 + + + + buttonOk + clicked() + macosxAdvancedDialog_q + accept() + + + buttonCancel + clicked() + macosxAdvancedDialog_q + reject() + + + diff --git a/src/gui/main.cpp b/src/gui/main.cpp new file mode 100644 index 000000000..f66afd97f --- /dev/null +++ b/src/gui/main.cpp @@ -0,0 +1,731 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: main.cpp,v 1.121 2007/06/03 03:36:42 vkurland Exp $ + + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#include "config.h" +#include "global.h" +#include "VERSION.h" +#include "../common/commoninit.h" + +#ifdef HAVE_GETOPT_H +# include +#else +# ifdef _WIN32 +# include +# else +# include +# endif +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +//Added by qt3to4: +#include + +/* +#ifdef _WIN32 +# include +#endif +*/ + +#include "FWBSettings.h" +#include "RCS.h" +#include "FWWindow.h" +#include "ObjectManipulator.h" +#include "FWObjectClipboard.h" +#include "FWBTree.h" +#include "platforms.h" +#include "listOfLibraries.h" +#include "ObjectEditor.h" +#include "findDialog.h" + +#include "fwbuilder/FWObject.h" +#include "fwbuilder/Tools.h" +#include "fwbuilder/dns.h" +//#include "fwbuilder/crypto.h" +#include "fwbuilder/XMLTools.h" +#include "fwbuilder/Resources.h" +#include "fwbuilder/FWException.h" + +#ifndef _WIN32 +# include +# include +# include +# include +# include +# include +#else +# include +#endif + +#ifdef HAVE_SIGNAL_H +#include +#endif + +#ifdef HAVE_PTY_H +#include +#endif + +#ifdef HAVE_LIBUTIL_H +#include +#endif + +#ifdef HAVE_UTIL_H +#include +#endif + +//#ifdef Q_OS_MACX +//# include +//#endif + +#include +#include +#include + +#include "../common/init.cpp" + +#ifdef ELC +extern bool init2(const std::string &a1, + const std::string &moduleName, + const std::string &rp, + const std::string &rp1, + bool f1, bool f2); +#endif + +using namespace libfwbuilder; +using namespace std; + +static QString filename; +static QString objid; + +QApplication *app = NULL; +FWWindow *mw = NULL; +ObjectManipulator *om = NULL; +ObjectEditor *oe = NULL; +QTextEdit *oi = NULL; +FWBSettings *st = NULL; +findDialog *fd = NULL; +int fwbdebug = 0; +bool safemode = false; +bool registered = false; +bool gui_experiment1 = false; + +listOfLibraries *addOnLibs; + + +#ifndef _WIN32 + +#ifndef HAVE_CFMAKERAW +static inline void cfmakeraw(struct termios *termios_p) +{ + termios_p->c_iflag &= ~(IGNBRK|BRKINT|PARMRK|ISTRIP|INLCR|IGNCR|ICRNL|IXON); + termios_p->c_oflag &= ~OPOST; + termios_p->c_lflag &= ~(ECHO|ECHONL|ICANON|ISIG|IEXTEN); + termios_p->c_cflag &= ~(CSIZE|PARENB); + termios_p->c_cflag |= CS8; +} +#endif + +#ifndef HAVE_FORKPTY + +#include +#include +#include +//#include +#include + +/* fork_pty() remplacement for Solaris. +* ignore the last two arguments +* for the moment +*/ +int forkpty (int *amaster, char *name, void *unused1, void *unused2) +{ + int master, slave; + char *slave_name; + pid_t pid; + + master = open("/dev/ptmx", O_RDWR); + if (master < 0) + return -1; + + if (grantpt (master) < 0) + { + close (master); + return -1; + } + + if (unlockpt (master) < 0) + { + close (master); + return -1; + } + + slave_name = ptsname (master); + if (slave_name == NULL) + { + close (master); + return -1; + } + + slave = open (slave_name, O_RDWR); + if (slave < 0) + { + close (master); + return -1; + } + + if (ioctl (slave, I_PUSH, "ptem") < 0 + || ioctl (slave, I_PUSH, "ldterm") < 0) + { + close (slave); + close (master); + return -1; + } + + if (amaster) + *amaster = master; + + if (name) + strcpy (name, slave_name); + + pid = fork (); + switch (pid) + { + case -1: /* Error */ + return -1; + case 0: /* Child */ + close (master); + dup2 (slave, STDIN_FILENO); + dup2 (slave, STDOUT_FILENO); + dup2 (slave, STDERR_FILENO); + return 0; + default: /* Parent */ + close (slave); + return pid; + } + + return -1; +} + +#endif + +static struct termios save_termios; +static int ttysavefd = -1; + +int tty_raw(int fd) +{ + struct termios buf; + + if (tcgetattr(fd, &save_termios) < 0) + { + qDebug("Can not switch terminal to raw mode, tcgetattr error '%s'",strerror(errno)); + exit(1); + } + + buf = save_termios; + + cfmakeraw(&buf); + +// this used to use TCSAFLUSH, but that caused stall which I did not +// completely understand. Apparently there was some data in the output +// buffer at the moment when we try to switch tty to raw mode, but I +// could not figure out where this data comes from and why it could +// not be written to the tty. Anyway, this caused semi-random stalls +// in the installer because whenever it called fwbuilder -X, the child +// process would block in this place and stall installer. I had to +// switch to TCSANOW to fix. + + if (tcsetattr(fd, TCSANOW, &buf) < 0) + { + qDebug("Can not switch terminal to raw mode, tcsetattr error '%s'",strerror(errno)); + exit(1); + } + + ttysavefd = fd; + return 0; +} + +int echo_off(int fd) +{ + struct stat statbuf; + if (fstat(fd,&statbuf)!=0) return 0; + + struct termios stermios; + if (tcgetattr(fd, &stermios)<0) + { + qDebug("Can not turn terminal echo off, tcgetattr error '%s'",strerror(errno)); + exit(1); + } + + stermios.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL); + stermios.c_oflag &= ~(ONLCR); + + if (tcsetattr(fd, TCSANOW, &stermios)<0) + { + qDebug("Can not turn terminal echo off, tcsetattr error '%s'",strerror(errno)); + exit(1); + } + + return 0; +} + +ssize_t writen(int fd,const void *vptr, size_t n) +{ + size_t nleft; + ssize_t nwritten; + const char *ptr; + + ptr = (const char*)(vptr); + nleft = n; + if (fwbdebug) qDebug("need to write %d bytes",int(nleft)); + while (nleft > 0) + { + if ( (nwritten = write(fd,ptr,nleft )) <= 0) + return nwritten; + + if (fwbdebug) qDebug("%d bytes written",int(nwritten)); + + nleft -= nwritten; + ptr += nwritten; + } + return n; +} + + +#ifndef strndup +char* strndup(const char* s,int n) +{ + char *tbuf = (char*)malloc(n); + if (tbuf) memcpy(tbuf,s,n); + return tbuf; +} +#endif +#endif + +void usage() +{ + cerr << "Usage: fwbuilder [-?hv] [filename]\n"; +} + + +int main( int argc, char ** argv ) +{ + + + bool ssh_wrapper=false; + const char *arg[64]; + int i, j; + + filename=""; + objid=""; + fwbdebug=0; + safemode=false; + + bool desktopaware = true; + +/* + * I am using njamd a lot, but gtkmm and probably some other libs + * generate trap in their global static initialization code. Therefore + * I need to start the program with env. var. NJAMD_PROT set to "none" + * and then reset it to something useful here. + */ +#ifdef HAVE_SETENV + setenv("NJAMD_PROT","strict",1); +#else +# ifdef HAVE_PUTENV + putenv("NJAMD_PROT=strict"); +# endif +#endif + + +#ifndef _WIN32 + + i=1; + j=1; + + for ( ; argv[i]!=NULL; i++) + { + if (strncmp(argv[i], "-X", 2)==0) { ssh_wrapper=true; continue; } + else + if (strncmp(argv[i], "-d", 2)==0) { fwbdebug++; continue; } + else + arg[j]=strdup(argv[i]); + j++; + } + arg[j]=NULL; + + if (ssh_wrapper) + { + +/* need to create and initialize settings to be able to use ssh/scp + * configuration in the wrapper + * + * Note: + * + * We need to keep installation data and program settings in registry + * folders with different names. QSettings always looks into Current + * User registry first, so if the folders have the same names, then we + * store evaluation key in Current User, while it is better to put it + * in the Local Machine branch. + * + * So, installation data goes to HKLM Software\NetCitadel\FirewallBuilder + * and settings to HKCU Software\NetCitadel\FirewallBuilder2 + * + * fwbuilder-lm determines folder path for the license file by + * reading key Install_Dir under HKLM Software\NetCitadel\FirewallBuilder + */ + st = new FWBSettings(); + +/* initialize preferences */ + st->init(); + + QString sshcmd=st->getSSHPath(); + + if (sshcmd.isEmpty()) sshcmd="ssh"; + + arg[0]=strdup( sshcmd.toLatin1().constData() ); + + if (fwbdebug) + qDebug("cmd: %s",arg[0]); + + +/* forks ssh with a pty and proxies its communication on stdin/stdout + * to avoid having to deal with pty. This is only needed on Unix. + */ + pid_t pid; + int mfd; + char slave_name[64]; +// char *pgm; + + pid=forkpty(&mfd,slave_name,NULL,NULL); + if (pid<0) + { + qDebug("Fork failed: %s", strerror(errno)); + exit(1); + } + if (pid==0) + { // child + +// turn echo off on stdin + echo_off(STDIN_FILENO); + + tty_raw(STDIN_FILENO); + + signal(1,SIG_IGN); + + execvp(arg[0],(char* const*)arg); + +// if we've got here there was an error + qDebug("Exec error: %s %s",strerror(errno),arg[0]); + exit(1); + } + + tty_raw(mfd); + + fd_set rfds; + struct timeval tv; + int retval; + + #define BUFFSIZE 512 + +#ifdef DEBUG_INSTALLER + int debug_file = open("installer.dbg",O_CREAT|O_WRONLY); +#endif + char ibuf[BUFFSIZE]; + char obuf[BUFFSIZE]; + bool endOfStream = false; + + while (true) + { + tv.tv_sec = 2; + tv.tv_usec = 0; + + FD_ZERO(&rfds); + FD_SET(mfd, &rfds); + if (!endOfStream) FD_SET(STDIN_FILENO , &rfds); + + retval = select( max(STDIN_FILENO,mfd)+1 , &rfds, NULL, NULL, &tv); + if (retval==0) // timeout + { + if (fwbdebug) qDebug("timeout"); + if (endOfStream) + { + if (fwbdebug) qDebug("Closing mfd"); + close(mfd); + break; + } + } + if (retval) + { + if (FD_ISSET(STDIN_FILENO, &rfds)) + { + int n=read(0,ibuf,sizeof(ibuf)); + if (fwbdebug) qDebug("Read %d bytes from stdin",n); + if (n<0) + { + if (fwbdebug) qDebug("Error on stdin"); + break; + } + if (n==0) + { +// eof on stdin + if (fwbdebug) qDebug("EOF on stdin"); + endOfStream = true; + } else + { + int r=writen(mfd,ibuf,n); +#ifdef DEBUG_INSTALLER + write(debug_file,ibuf,n); +#endif + if (fwbdebug) qDebug("Wrote %d bytes to mfd",r); + } + } + if (FD_ISSET(mfd, &rfds)) + { + int n; + obuf[0]='\0'; + n=read(mfd,obuf,sizeof(obuf)); + if (fwbdebug) qDebug("Read %d bytes from mfd",n); + if (n<=0) + { +/* eof on mfd - this means ssh process has died */ + if (fwbdebug) qDebug("EOF on mfd"); + break; + } else + { + obuf[n]='\0'; + int r=writen(1,obuf,n); + if (fwbdebug) qDebug("Wrote %d bytes to stdout",r); + } + } + } + } + +#ifdef DEBUG_INSTALLER + close(debug_file); +#endif + int status; + waitpid(pid, &status, 0); + if (WIFEXITED(status)) exit(WEXITSTATUS(status)); + exit(0); + } +#endif + + + + int c; + while ((c = getopt (argc , argv , "hvf:o:p:dxsg")) != EOF ) + switch (c) { + case 'h': + usage(); + exit(0); + + case 'f': + filename=optarg; + break; + + case 'o': + objid=optarg; + break; + + case 'd': + fwbdebug++; + break; + + case 'v': + cout << VERSION << endl; + exit(0); + + case 'x': + desktopaware=!desktopaware; + break; + + case 's': + safemode = true; + break; + + case 'g': + gui_experiment1 = true; + break; + } + + if ( (argc-1)==optind) + filename = strdup( argv[optind++] ); + + try + { + + if (fwbdebug) qDebug("initializing ..."); + +/* need to initialize in order to be able to use FWBSettings */ + init(argv); + init_platforms(); + + if (fwbdebug) qDebug("creating app ..."); + + QApplication::setDesktopSettingsAware(desktopaware); + app = new QApplication( argc, argv ); + + if (fwbdebug) qDebug("reading settings ..."); + + st = new FWBSettings(); + + if (fwbdebug) qDebug("creating pixmap factory ..."); + +/* initialize preferences */ + st->init(); + + if (fwbdebug) qDebug("done"); + + QPixmapCache::setCacheLimit(4096); + +#ifdef ELC + registered=init2(argv0, "Firewall Builder","fwb_gui","FirewallBuilder/2.1",true,true); +#endif + + if (fwbdebug) qDebug("reading resources ..."); + + //respath = RES_DIR; + new Resources(respath+FS_SEPARATOR+"resources.xml"); + if (fwbdebug) qDebug("done"); + +#if 0 + QApplication::setDesktopSettingsAware(desktopaware); + app = new QApplication( argc, argv ); +#endif + + vector platforms=Resources::getListOfPlatforms(); + if (platforms.empty() || ( platforms.size()==1 && platforms.front()=="unknown" )) + { + qDebug("Failed to load list of supported platforms"); + exit(1); + } + + if (fwbdebug) qDebug("creating widgets ..."); + + new FWBTree(); + new FWObjectDatabase(); + new FWObjectClipboard(); + +// cerr << "*** Current locale: " << QTextCodec::locale() << endl; + + if (fwbdebug) qDebug("loading translation for the current locale ..."); + +/* this is an ugly hack to work around broken qt_es.qm translation + * file shipped with QT 3.3 for Fedora-C4 and possibly other + * distros. Only Spanish translation seems to be affected. Trolltech + * support req. N80793 (although I never got any suggestions for the + * workaround, nor did they clearly admit the problem despite my + * sending a simple example program to them to illustrate the + * bug). They did not seem to care since Spanish translation file that + * support guy had on his computer was fine, but he admitted it was + * different from the one shipped with QT 3.3.4 for Fedora-C4 and for + * Mac OS X. All I got from them was a promise to look into packaging + * process. + */ + QString local = QLocale::system().name(); + + if (QString(local).indexOf("es")!=0) + { + QTranslator qt1(0); + qt1.load( QString( "qt_" ) + local, QTTRANSLATIONSDIR ); + app->installTranslator( &qt1 ); + + QTranslator qt2(0); + qt2.load( QString( "qt_" ) + local, localepath.c_str() ); + app->installTranslator( &qt2 ); + } + + QTranslator translator(0); + translator.load(QString("fwbuilder_")+QString(local),localepath.c_str()); + app->installTranslator (&translator); + +/* must build list of available libraries _after_ creation of + * FWObjectDatabase and settings */ + + if (fwbdebug) qDebug("loading libraries ..."); + + addOnLibs = new listOfLibraries(); + + mw = new FWWindow(); + oe = new ObjectEditor((QWidget*)mw->m_mainWindow->objectEditorStack); +// oe->open(mw->db()); + oe->setCloseButton(mw->m_mainWindow->closeObjectEditorButton); + oe->setApplyButton(mw->m_mainWindow->applyObjectEditorButton); + oe->hide(); + fd = new findDialog(mw); + fd->hide(); + + mw->setSafeMode(safemode); + mw->setStartupFileName(filename); + + //QToolTip::setWakeUpDelay( st->getTooltipDelay()*1000 ); + + mw->show(); + + app->connect( app, SIGNAL( lastWindowClosed() ), app, SLOT( quit() ) ); + +// setup single shot timer to call loadEverything() + + QTimer::singleShot( 500, mw, SLOT(startupLoad()) ); + + app->exec(); + + + oe->hide(); + fd->hide(); + mw->hide(); // must do this before settings object is destroyed + + addOnLibs->save(); // ditto + + if ( st->getStartupAction()==1 ) + { +/* save the state of the GUI (opened firewall, opened object tree page, etc */ + FWObject *o=mw->getVisibleFirewall(); + if (fwbdebug) + qDebug("Main: closing. VisibleFirewall = %p",o); + + if (o) st->setStr("UI/visibleFirewall", o->getId().c_str() ); + + o=om->getOpened(); + if (o) st->setStr("UI/visibleObject", o->getId().c_str() ); + } + + + st->save(); + delete st; + } + catch (FWException &ex) + { + qDebug("Exception: %s",ex.toString().c_str()); + } +} diff --git a/src/gui/metriceditorpanel_q.ui b/src/gui/metriceditorpanel_q.ui new file mode 100644 index 000000000..4d163992d --- /dev/null +++ b/src/gui/metriceditorpanel_q.ui @@ -0,0 +1,113 @@ + + + + + MetricEditorPanel_q + + + true + + + + 0 + 0 + 313 + 154 + + + + Script Editor + + + + + + true + + + + + + QAbstractSpinBox::PlusMinus + + + 255 + + + 1 + + + + + + + + 20 + 40 + + + + Expanding + + + Vertical + + + + + + + + 40 + 20 + + + + Expanding + + + Horizontal + + + + + + + + 1 + 0 + 0 + 0 + + + + QFrame::HLine + + + QFrame::Sunken + + + + + + + textLabel2 + + + false + + + + + + + + + + spin_box + valueChanged(int) + MetricEditorPanel_q + changed() + + + diff --git a/src/gui/natruleoptionsdialog_q.ui b/src/gui/natruleoptionsdialog_q.ui new file mode 100644 index 000000000..f205d7e3b --- /dev/null +++ b/src/gui/natruleoptionsdialog_q.ui @@ -0,0 +1,398 @@ + + NATRuleOptionsDialog_q + + + + 0 + 0 + 562 + 289 + + + + NAT Rule Options + + + + 11 + + + 6 + + + + + 0 + + + 6 + + + + + + 5 + 0 + 0 + 0 + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 6 + + + + + + 75 + true + + + + fw/rule num + + + false + + + + + + + + + + QFrame::Box + + + QFrame::Sunken + + + + + 6 + + + 6 + + + + + QFrame::NoFrame + + + QFrame::Raised + + + + 11 + + + 6 + + + + + No options are available for this firewall platform + + + false + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + + + + + + 6 + + + 6 + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + + 5 + 1 + 0 + 0 + + + + Pool type + + + + 0 + + + 6 + + + + + default + + + true + + + + + + + bitmask + + + + + + + random + + + + + + + source-hash + + + + + + + round-robin + + + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 81 + 20 + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 130 + + + + + + + + static-port + + + + + + + Qt::Vertical + + + QSizePolicy::Fixed + + + + 20 + 10 + + + + + + + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + + + pf_bitmask + toggled(bool) + NATRuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + pf_random + toggled(bool) + NATRuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + pf_source_hash + toggled(bool) + NATRuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + pf_round_robin + toggled(bool) + NATRuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + pf_static_port + toggled(bool) + NATRuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + pf_pool_type_none + toggled(bool) + NATRuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/networkdialog_q.ui b/src/gui/networkdialog_q.ui new file mode 100644 index 000000000..af6b3fcca --- /dev/null +++ b/src/gui/networkdialog_q.ui @@ -0,0 +1,417 @@ + + NetworkDialog_q + + + true + + + + 0 + 0 + 562 + 279 + + + + + 1 + 1 + 0 + 0 + + + + Network + + + + 11 + + + 6 + + + + + 0 + + + 6 + + + + + + 5 + 0 + 0 + 0 + + + + QFrame::Box + + + QFrame::Sunken + + + + 5 + + + 6 + + + + + + 75 + true + + + + QFrame::NoFrame + + + QFrame::Plain + + + Network + + + false + + + + + + + + 0 + 0 + 0 + 0 + + + + + + + true + + + false + + + + + + + + + + + 7 + 7 + 0 + 0 + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 10 + + + + + + 7 + 7 + 0 + 100 + + + + + 200 + 0 + + + + true + + + + + + + Comment: + + + false + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 0 + 20 + + + + + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 6 + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + Name: + + + false + + + + + + + Library: + + + false + + + + + + + Netmask: + + + false + + + + + + + + 5 + 0 + 0 + 0 + + + + + + + + + 5 + 0 + 0 + 0 + + + + + + + + Address: + + + false + + + + + + + + 5 + 0 + 0 + 0 + + + + + + + + + 5 + 0 + 0 + 0 + + + + + + + + + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + + obj_name + libs + address + netmask + comment + + + + + obj_name + textChanged(QString) + NetworkDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + libs + activated(int) + NetworkDialog_q + libChanged() + + + 20 + 20 + + + 20 + 20 + + + + + address + textChanged(QString) + NetworkDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + netmask + textChanged(QString) + NetworkDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + comment + textChanged() + NetworkDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/newFirewallDialog.cpp b/src/gui/newFirewallDialog.cpp new file mode 100644 index 000000000..4f037217b --- /dev/null +++ b/src/gui/newFirewallDialog.cpp @@ -0,0 +1,854 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: newFirewallDialog.cpp,v 1.32 2007/05/23 03:05:51 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "utils.h" +#include "utils_no_qt.h" +#include "platforms.h" + +#include "newFirewallDialog.h" +#include "InterfaceData.h" +#include "ObjectManipulator.h" +#include "FWWindow.h" +#include "ObjConflictResolutionDialog.h" +#include "upgradePredicate.h" + +#include "fwbuilder/Library.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Resources.h" +#include "fwbuilder/Policy.h" +#include "fwbuilder/InterfacePolicy.h" +#include "fwbuilder/BackgroundOp.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +// must be the last for win +#include "fwbuilder/snmp.h" + +using namespace libfwbuilder; +using namespace std; + + + +newFirewallDialog::newFirewallDialog() : QDialog() +{ + m_dialog = new Ui::newFirewallDialog_q; + m_dialog->setupUi(this); + + setControlWidgets(this, m_dialog->stackedWidget, + m_dialog->nextButton, + m_dialog->finishButton, + m_dialog->backButton, + m_dialog->cancelButton, + m_dialog->titleLabel); + + /*connect( m_dialog->nextButton, SIGNAL( clicked() ), + this, SLOT( nextClicked() )); + connect( m_dialog->backButton, SIGNAL( clicked() ), + this, SLOT( backClicked() )); + connect( m_dialog->finishButton, SIGNAL( clicked() ), + this, SLOT( finishClicked() )); + connect( m_dialog->cancelButton, SIGNAL( clicked() ), + this, SLOT( cancelClicked() ));*/ + + nfw = NULL; + tmpldb = NULL; + snmpPollCompleted = false; + q = NULL; + unloadTemplatesLib = false; + getInterfacesBusy = false; + + timer = new QTimer(this); + connect( timer, SIGNAL(timeout()), this, SLOT(monitor()) ); + +/* fill in platform */ + setPlatform(m_dialog->platform, "" ); + +/* fill in host OS */ + setHostOS(m_dialog->hostOS, "" ); + + setNextEnabled( 0, false ); + /*for (int i=0; iiface_list->setItemMargin( 1 ); + m_dialog->iface_list->setAllColumnsShowFocus( true ); + + //m_dialog->iface_sl_list->setItemMargin( 1 ); + m_dialog->iface_sl_list->setAllColumnsShowFocus( true ); + m_dialog->iface_dyn->setToolTip(wordWrap(tr("Check option 'dynamic address' for the interface that gets its IP address dynamically via DHCP or PPP protocol.") ,80 )); + m_dialog->iface_unnum->setToolTip(wordWrap(tr("Check option 'Unnumbered interface' for the interface that does not have an IP address. Examples of interfaces of this kind are those used to terminate PPPoE or VPN tunnels.") ,80 )); + m_dialog->obj_name->setFocus(); + + showPage(0); +} + +newFirewallDialog::~newFirewallDialog() +{ + delete m_dialog; + if (timer!=NULL) delete timer; +#ifdef HAVE_LIBSNMP + if (q!=NULL) delete q; +#endif +} + +void newFirewallDialog::changed() +{ + int p = currentPage(); + if (p==0) + { + setNextEnabled( p, !m_dialog->obj_name->text().isEmpty() ); + } + + if (p==1) + { + + bool f; + +#ifdef HAVE_LIBSNMP + f = m_dialog->use_snmp->isChecked(); +#else + f = false; + m_dialog->use_snmp->setEnabled( f ); +#endif + + m_dialog->snmp_community->setEnabled( f ); + m_dialog->snmpQuery->setEnabled( f ); + m_dialog->snmpProgress->setEnabled( f ); + if (f) m_dialog->snmp_community->setFocus(); + + f = m_dialog->use_manual->isChecked() || snmpPollCompleted; + setNextEnabled( 1, f ); + } + + if (p==2) + { + if (m_dialog->iface_dyn->isChecked() || + m_dialog->iface_unnum->isChecked() || + m_dialog->iface_bridgeport->isChecked()) + { + m_dialog->iface_addr->clear(); + m_dialog->iface_addr->setEnabled(false); + m_dialog->iface_netmask->clear(); + m_dialog->iface_netmask->setEnabled(false); + } else + { + m_dialog->iface_addr->setEnabled(true); + m_dialog->iface_netmask->setEnabled(true); + } + } +} + +void newFirewallDialog::monitor() +{ + if (logger==NULL || q==NULL) return; + +#ifdef HAVE_LIBSNMP + + if( logger->ready() ) + { + QString str = logger->getLine().c_str(); + m_dialog->snmpProgress->moveCursor( QTextCursor::End ); + m_dialog->snmpProgress->insertPlainText( str ); + return; + } + + if (q->isRunning()) return; + + timer->stop(); + + const map &intf = q->getInterfaces(); + for(map::const_iterator i=intf.begin();i!=intf.end(); ++i) + { + if ( i->second.isUp() ) + { + InterfaceData idata( i->second ); + + idata.guessLabel( readPlatform(m_dialog->platform).toLatin1().constData() ); + + QString dn; + if (idata.isDyn) dn+="dyn"; + if (idata.isUnnumbered) dn+="unn"; + if (idata.isBridgePort) dn+="bridge"; + + QStringList qsl; + qsl << idata.name.c_str() + << idata.label.c_str() + << idata.address.c_str() + << idata.netmask.c_str() + << dn + << idata.physicalAddress.c_str(); + new QTreeWidgetItem(m_dialog->iface_list, qsl); + +// cerr << "Added interface " << idata.name << endl; + + } + } + + delete q; + q=NULL; + +#endif + + snmpPollCompleted=true; + setNextEnabled( 1, true ); +} + +void newFirewallDialog::getInterfacesViaSNMP() +{ +#ifdef HAVE_LIBSNMP + +// need to protect from reentry because getAddrByName processes events + if (q!=NULL || getInterfacesBusy) return; + + snmpPollCompleted=false; + m_dialog->iface_list->clear(); + + string rcomm=m_dialog->snmp_community->text().toLatin1().constData(); + + if ( rcomm.empty() ) + { + QMessageBox::warning( + this,"Firewall Builder", + tr("Missing SNMP community string."), + "&Continue", QString::null, QString::null, 0, 1 ); + return ; + } + + getInterfacesBusy = true; + + IPAddress addr; + QString name=m_dialog->obj_name->text().toLatin1().constData(); + try + { + QApplication::setOverrideCursor( QCursor( Qt::WaitCursor) ); + QString a = getAddrByName(name); + QApplication::restoreOverrideCursor(); + addr = a.toAscii().constData(); + } catch (FWException &ex) + { + QMessageBox::warning( + this,"Firewall Builder", + tr("Address of %1 could not be obtained via DNS") + .arg(m_dialog->obj_name->text()), + "&Continue", QString::null, QString::null, 0, 1 ); + getInterfacesBusy = false; + return ; + } + + logger=NULL; + m_dialog->snmpProgress->clear(); + + if (q!=NULL) delete q; + q=new SNMP_interface_query(); + q->init(addr.toString(),rcomm,SNMP_DEFAULT_RETRIES,SNMP_DEFAULT_TIMEOUT); + + timer->setSingleShot(false); + timer->start(0); + + try + { + logger = q->start_operation(); + + } catch(const FWException &ex) + { + //do nothing + } + + getInterfacesBusy = false; + +#endif +} + +bool newFirewallDialog::appropriate(const int page) const +{ + int p = page; + + if (fwbdebug) + { + qDebug("newFirewallDialog::appropriate p=%d",p); + } + + switch (p) + { + case 0: + case 4: + return true; + + case 1: + case 2: + case 3: + return (!m_dialog->useTemplate->isChecked()); + } + return true; +} + +void newFirewallDialog::nextClicked() +{ + if (nextRelevant( currentPage() ) > -1) + showPage(nextRelevant( currentPage() )); +} + +void newFirewallDialog::backClicked() +{ + if (previousRelevant( currentPage() ) > -1) + showPage(previousRelevant( currentPage() )); +} + +void newFirewallDialog::showPage(const int page) +{ + FakeWizard::showPage(page); + + int p = page; + +// p is a page number _after_ it changed + switch (p) + { + case 1: + { + changed(); // to properly enable/disable widgets + break; + } + + case 2: + { + m_dialog->iface_name->setFocus(); + + if (!Resources::getTargetCapabilityBool(readPlatform(m_dialog->platform).toLatin1().constData(), + "security_levels") ) + { +/* if chosen fw platform does not support security levels, + * this is the last page + */ + setNextEnabled( 2, false ); + setFinishEnabled( 2, true ); + } + break; + } + + case 3: + { + if (m_dialog->useTemplate->isChecked()) + { + showPage( 0 ); + return; + } + + fillInterfaceSLList(); + + setFinishEnabled( 3, true ); + break; + } + + case 4: + { + setFinishEnabled( 4, true ); +/* load templates if not loaded */ + if (tmpldb==NULL) + { + + MessageBoxUpgradePredicate upgrade_predicate(this); + + tmpldb = new FWObjectDatabase(); + tmpldb->setReadOnly( false ); + tmpldb->load( tempfname, &upgrade_predicate, librespath); + } + FWObject *tlib = tmpldb->getById(TEMPLATE_LIB); + +#if 0 + FWObject *tlib = mw->db()->getById(TEMPLATE_LIB); + if (tlib==NULL) + { + FWObject *cl = om->getCurrentLib(); + mw->loadLibrary(tempfname); + unloadTemplatesLib = true; + om->loadObjects(); + tlib = mw->db()->getById(TEMPLATE_LIB); +/* restore library that was opened prior loading templates */ + om->openLib(cl); + } +#endif + + list fl; + findFirewalls(tlib, fl, false); + + QString icn = QString( Resources::global_res->getObjResourceStr(fl.front(), "icon-tree").c_str() ); + + m_dialog->templateList->clear(); + + int n=0; + for (list::iterator m=fl.begin(); m!=fl.end(); m++,n++) + { + FWObject *o=*m; + + QPixmap pm; + if ( ! QPixmapCache::find( icn, pm) ) + { + pm.load( icn ); + QPixmapCache::insert( icn, pm); + } + + QListWidgetItem *twi = new QListWidgetItem; + twi->setIcon( QIcon(pm) ); + twi->setText( QString(o->getName().c_str()) ); + + m_dialog->templateList->addItem( twi ); + templates[ m_dialog->templateList->item( m_dialog->templateList->count()-1 ) ]=o; + } + m_dialog->templateList->setCurrentItem(0); + m_dialog->templateList->setFocus(); + break; + } + } +} + +void newFirewallDialog::fillInterfaceSLList() +{ + + QTreeWidgetItem *itm = m_dialog->iface_list->topLevelItem(0);// firstChild(); + + int itm_index = 0; + + m_dialog->iface_sl_list->clear(); + + while (itm!=NULL) + { + InterfaceData idata; + + idata.name = itm->text(0).toLatin1().constData(); + idata.label = itm->text(1).toLatin1().constData(); + idata.isDyn = itm->text(4).indexOf("Dyn")!=-1; + idata.isUnnumbered = itm->text(4).indexOf("Unn")!=-1; + idata.isBridgePort = itm->text(4).indexOf("Bridge")!=-1; + + if (!idata.isDyn && !idata.isUnnumbered && !idata.isBridgePort) + idata.address = itm->text(2).toLatin1().constData(); + else + idata.address = QObject::tr("dynamic").toLatin1().constData(); + + try + { + idata.guessSecurityLevel( readPlatform(m_dialog->platform).toLatin1().constData() ); + } + catch (FWException &ex) + { + QMessageBox::warning( + this,"Firewall Builder", ex.toString().c_str(), + "&Continue", QString::null, QString::null, 0, 1 ); + + showPage( 2 ); + return; + } + + QStringList qsl; + qsl << idata.name.c_str() + << idata.label.c_str() + << idata.address.c_str() + << QString::number(idata.securityLevel); + new QTreeWidgetItem(m_dialog->iface_sl_list, qsl); + + itm_index++; + itm=m_dialog->iface_list->topLevelItem(itm_index); + } +} + +void newFirewallDialog::templateSelected(QListWidgetItem *itm) +{ + FWObject *o=templates[itm]; + assert (o!=NULL); + + Firewall *fw = Firewall::cast(o); + + m_dialog->templateComment->clear(); + QString s=QString("    \n") + fw->getComment().c_str(); + m_dialog->templateComment->append( s ); + m_dialog->templateComment->scrollToAnchor("top"); + + bool haveOutside = false; + bool haveInside = false; + bool haveDMZ = false; + list ll = fw->getByType(Interface::TYPENAME); + for (FWObject::iterator i=ll.begin(); i!=ll.end(); i++) + { + Interface *intf = Interface::cast( *i ); + if (intf->getLabel()=="outside") + { + haveOutside=true; + m_dialog->intfOutsideLine->show(); + m_dialog->intfOutsideText->show(); + fillInterfaceData(intf,m_dialog->intfOutsideText); + } + if (intf->getLabel()=="inside") + { + haveInside=true; + m_dialog->intfInsideLine->show(); + m_dialog->intfInsideText->show(); + fillInterfaceData(intf,m_dialog->intfInsideText); + } + if (intf->getLabel()=="dmz") + { + haveDMZ=true; + m_dialog->intfDMZLine->show(); + m_dialog->intfDMZText->show(); + fillInterfaceData(intf,m_dialog->intfDMZText); + } + } + + if (!haveOutside) { m_dialog->intfOutsideLine->hide(); m_dialog->intfOutsideText->hide(); } + if (!haveInside) { m_dialog->intfInsideLine->hide(); m_dialog->intfInsideText->hide(); } + if (!haveDMZ) { m_dialog->intfDMZLine->hide(); m_dialog->intfDMZText->hide(); } +} + +void newFirewallDialog::fillInterfaceData(Interface *intf, QTextBrowser *qte) +{ + qte->clear(); + QString s; + + s += ""; + + s += ""; + s += ""; + s += ""; + + s += ""; + s += ""; + s += ""; + s += "
    "; + s += tr("Interface: %1 (%2)") + .arg(intf->getName().c_str()) + .arg(intf->getLabel().c_str()); + s += "
    "; + if (intf->isDyn()) s += tr("Dynamic address"); + else + if (intf->isUnnumbered()) s += tr("Unnumbered interface"); + else + if (intf->isBridgePort()) s += tr("Bridge port"); + else + s += QString("%1/%2") + .arg(intf->getAddress().toString().c_str()) + .arg( intf->getNetmask().toString().c_str()); + s += "
    "; + qte->setText(s); +} + +void newFirewallDialog::addInterface() +{ + QString dn = ""; + if (m_dialog->iface_dyn->isChecked()) dn+="Dyn"; + if (m_dialog->iface_unnum->isChecked()) dn+="Unn"; + if (m_dialog->iface_bridgeport->isChecked()) dn+="Bridge"; + + QString addr; + QString netm; + + if (!m_dialog->iface_dyn->isChecked() && + !m_dialog->iface_unnum->isChecked() && + !m_dialog->iface_bridgeport->isChecked()) + { + addr = m_dialog->iface_addr->text(); + netm = m_dialog->iface_netmask->text(); + + if (addr.isEmpty()) addr="0.0.0.0"; + if (netm.isEmpty()) netm="0.0.0.0"; + + try + { + IPAddress(addr.toLatin1().constData()); + Netmask(netm.toLatin1().constData()); + } + catch (FWException &ex) + { + QMessageBox::warning( + this,"Firewall Builder", + tr("Illegal address '%1/%2'").arg(addr).arg(netm), + "&Continue", QString::null, QString::null, 0, 1 ); + return; + } + } + QStringList qsl; + qsl << m_dialog->iface_name->text() + << m_dialog->iface_label->text() + << addr << netm << dn + << m_dialog->iface_physaddr->text(); + + new QTreeWidgetItem(m_dialog->iface_list, qsl); +} + +void newFirewallDialog::selectedInterface(QTreeWidgetItem*cur,QTreeWidgetItem*) +{ + QTreeWidgetItem *itm = cur; //current item + + m_dialog->iface_name->setText( itm->text(0) ); + m_dialog->iface_label->setText( itm->text(1) ); + m_dialog->iface_addr->setText( itm->text(2) ); + m_dialog->iface_netmask->setText( itm->text(3) ); + m_dialog->iface_reg->setChecked( itm->text(4).isEmpty() ); + m_dialog->iface_dyn->setChecked( itm->text(4).indexOf("Dyn")!=-1 ); + m_dialog->iface_unnum->setChecked( itm->text(4).indexOf("Unn")!=-1 ); + m_dialog->iface_bridgeport->setChecked( itm->text(4).indexOf("Bridge")!=-1 ); + m_dialog->iface_physaddr->setText( itm->text(5) ); +} + +void newFirewallDialog::updateInterface() +{ + QString dn = ""; + if (m_dialog->iface_dyn->isChecked()) dn+="Dyn"; + if (m_dialog->iface_unnum->isChecked()) dn+="Unn"; + if (m_dialog->iface_bridgeport->isChecked()) dn+="Bridge"; + + QTreeWidgetItem *itm = m_dialog->iface_list->currentItem(); + if (itm==NULL) return; + + itm->setText( 0 , m_dialog->iface_name->text() ); + itm->setText( 1 , m_dialog->iface_label->text() ); + itm->setText( 2 , m_dialog->iface_addr->text() ); + itm->setText( 3 , m_dialog->iface_netmask->text() ); + itm->setText( 4 , dn ); + itm->setText( 5 , m_dialog->iface_physaddr->text() ); +} + +void newFirewallDialog::deleteInterface() +{ + QTreeWidgetItem *itm = m_dialog->iface_list->currentItem(); + if (itm==NULL) return; + m_dialog->iface_list->takeTopLevelItem( + m_dialog->iface_list->indexOfTopLevelItem(itm) ); +} + +void newFirewallDialog::adjustSL(QTreeWidgetItem *itm1) +{ +// interface 1 is above 2. Adjust their security levels accordingly + int sl1 = itm1->text(3).toInt(); + + int index = itm1->treeWidget()->indexOfTopLevelItem(itm1); + + QTreeWidgetItem *itm2 = itm1->treeWidget()->topLevelItem(index+1); + QTreeWidgetItem *itm3 = itm1->treeWidget()->topLevelItem(index-1); + + if (itm2==NULL) sl1=100; + else + { + if (itm3==NULL) sl1=0; + else + { + int sl2 = itm2->text(3).toInt(); + int sl3 = itm3->text(3).toInt(); + sl1 = (sl2+sl3)/2; + } + } + itm1->setText( 3 , QString("%1").arg(sl1) ); +} + +void newFirewallDialog::upInterface() +{ + QTreeWidgetItem *itm1 = m_dialog->iface_sl_list->currentItem(); + if (itm1==NULL) return; + int index = m_dialog->iface_sl_list->indexOfTopLevelItem(itm1); + + QTreeWidgetItem *itm2 = m_dialog->iface_sl_list->topLevelItem(index-1); + if (itm2==NULL) return; + m_dialog->iface_sl_list->takeTopLevelItem(index); + m_dialog->iface_sl_list->insertTopLevelItem(index-1, itm1); + adjustSL(itm1); +} + +void newFirewallDialog::downInterface() +{ + + QTreeWidgetItem *itm1 = m_dialog->iface_sl_list->currentItem(); + if (itm1==NULL) return; + int index = m_dialog->iface_sl_list->indexOfTopLevelItem(itm1); + + QTreeWidgetItem *itm2 = m_dialog->iface_sl_list->topLevelItem(index+1); + if (itm2==NULL) return; + m_dialog->iface_sl_list->takeTopLevelItem(index); + m_dialog->iface_sl_list->insertTopLevelItem(index+1, itm1); + adjustSL(itm1); +} + +void newFirewallDialog::cancelClicked() +{ + reject(); +} + +void newFirewallDialog::finishClicked() +{ + int p = currentPage(); + + if (p==2) fillInterfaceSLList(); + + if (p==4) + { + QListWidgetItem *itm = m_dialog->templateList->currentItem(); + FWObject *template_fw=templates[itm]; + assert (template_fw!=NULL); + + FWObject *no = om->duplicateObject(om->getCurrentLib(), + template_fw, + m_dialog->obj_name->text(), + false ); // do not ask to autorename + if (no==NULL) + { + QDialog::accept(); + return; + } + + map platforms = Resources::getPlatforms(); + map::iterator i; + for (i=platforms.begin(); i!=platforms.end(); i++) + Resources::setDefaultTargetOptions( i->first , Firewall::cast(no) ); + + map OSs = Resources::getOS(); + for (i=OSs.begin(); i!=OSs.end(); i++) + Resources::setDefaultTargetOptions( i->first , Firewall::cast(no) ); + + no->setStr("platform", readPlatform(m_dialog->platform).toLatin1().constData() ); + no->setStr("host_OS", readHostOS(m_dialog->hostOS).toLatin1().constData() ); + + nfw=Firewall::cast(no); + } else + { + FWObject *o; + o=om->createObject(Firewall::TYPENAME, m_dialog->obj_name->text() ); + + if (o==NULL) + { + QDialog::accept(); + return; + } + + map platforms = Resources::getPlatforms(); + map::iterator i; + for (i=platforms.begin(); i!=platforms.end(); i++) + Resources::setDefaultTargetOptions( i->first , Firewall::cast(o) ); + + map OSs = Resources::getOS(); + for (i=OSs.begin(); i!=OSs.end(); i++) + Resources::setDefaultTargetOptions( i->first , Firewall::cast(o) ); + + o->setStr("platform", readPlatform(m_dialog->platform).toLatin1().constData() ); + o->setStr("host_OS", readHostOS(m_dialog->hostOS).toLatin1().constData() ); + + nfw=Firewall::cast(o); + +/* create interfaces */ + + int itm_index = 0; + QTreeWidgetItem *itm = m_dialog->iface_list->topLevelItem(itm_index); + + while (itm!=NULL) + { + QString name = itm->text(0); + QString label = itm->text(1); + QString addr = itm->text(2); + QString netmask = itm->text(3); + bool dyn = itm->text(4).indexOf("Dyn")!=-1; + bool unnum = itm->text(4).indexOf("Unn")!=-1; + bool bridgeport = itm->text(4).indexOf("Bridge")!=-1; + QString physaddr= itm->text(5); + + QList ltwi = m_dialog->iface_sl_list->findItems( name , Qt::MatchExactly ); + assert(!ltwi.empty()); + QTreeWidgetItem *itm2 = ltwi[0]; + assert(itm2!=NULL); + + int sl = itm2->text(3).toInt(); + + Interface *oi = Interface::cast(om->createObject(nfw,Interface::TYPENAME, + name)); +#ifdef USE_INTERFACE_POLICY + oi->add(new InterfacePolicy()); +#endif + oi->setLabel( label.toLatin1().constData() ); + + oi->setDyn(dyn); + oi->setUnnumbered(unnum); + oi->setBridgePort(bridgeport); + oi->setSecurityLevel(sl); + + if (!dyn && !unnum && !bridgeport) + { + QString addrname=QString("%1:%2:ip").arg(m_dialog->obj_name->text()).arg(name); + IPv4 *oa = IPv4::cast(om->createObject(oi, IPv4::TYPENAME,addrname)); + oa->setAddress( addr.toLatin1().constData() ); + oa->setNetmask( netmask.toLatin1().constData() ); + } + // updateObjName has a side effect: it causes redraw of the ruleset + // views in the main window + om->updateObjName(oi,"","",false); + + itm_index++; + itm=m_dialog->iface_list->topLevelItem(itm_index); + } + } + if (unloadTemplatesLib) + { +#if 0 + FWObject *tlib = mw->db()->getById(TEMPLATE_LIB); + assert (tlib!=NULL); + string tlibID = tlib->getId(); + if (fwbdebug) + qDebug("newFirewallDialog::accept Delete template library"); + om->delObj(tlib,false); + +/* + * deleting an object places it in the "Deleted objects" library, so + * we need to remove "templates" library from there. + * + * TODO: need to add flags to the API to be able to delete objects + * without placing them in "Deleted objects" automatically + */ + FWObject *delObjLib = mw->db()->getById( DELETED_LIB ); + if (delObjLib!=NULL && delObjLib->getById(tlibID)!=NULL) + { + if (fwbdebug) qDebug("newFirewallDialog::accept Delete library of templates from 'Deleted objects'"); + om->delObj(tlib,false); // this time from deleted objects lib + } +#endif + + delete tmpldb; + tmpldb = NULL; + unloadTemplatesLib=false; + } + QDialog::accept(); +} + + diff --git a/src/gui/newFirewallDialog.h b/src/gui/newFirewallDialog.h new file mode 100644 index 000000000..5d72a1164 --- /dev/null +++ b/src/gui/newFirewallDialog.h @@ -0,0 +1,102 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: newFirewallDialog.h,v 1.8 2006/06/16 04:33:13 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __NEWFIREWALLDIALOG_H_ +#define __NEWFIREWALLDIALOG_H_ + +#include "../../config.h" +#include + +#include "InterfaceData.h" +#include "fakeWizard.h" + +#include + +namespace libfwbuilder { + class FWObject; + class FWObjectDatabase; + class Firewall; + class Interface; + class Logger; + class SNMP_interface_query; +}; + +class QTreeWidgetItem; +class QTimer; +class QTextEdit; + +class newFirewallDialog : public QDialog, public FakeWizard +{ + Q_OBJECT + + Ui::newFirewallDialog_q *m_dialog; + + libfwbuilder::Firewall *nfw; + bool snmpPollCompleted; + libfwbuilder::Logger *logger; + libfwbuilder::SNMP_interface_query *q; + QTimer *timer; + libfwbuilder::FWObjectDatabase *tmpldb; + std::map templates; + bool unloadTemplatesLib; + bool getInterfacesBusy; + + void adjustSL(QTreeWidgetItem *itm1); + void fillInterfaceData(libfwbuilder::Interface *intf, QTextBrowser *qte); + void fillInterfaceSLList(); + + public: + newFirewallDialog(); + virtual ~newFirewallDialog(); + + libfwbuilder::Firewall* getNewFirewall() { return nfw; }; + + virtual bool appropriate(const int page) const; + + void showPage(const int page); //it was "selected(QString)" + +public slots: + virtual void addInterface(); + virtual void updateInterface(); + virtual void deleteInterface(); + virtual void upInterface(); + virtual void downInterface(); + virtual void changed(); + virtual void selectedInterface(QTreeWidgetItem*,QTreeWidgetItem*); + virtual void getInterfacesViaSNMP(); + virtual void monitor(); + virtual void templateSelected(QListWidgetItem *itm); + + protected slots: + + void finishClicked(); + void cancelClicked(); + void nextClicked(); + void backClicked(); + +}; + +#endif // __NEWFIREWALLDIALOG_H diff --git a/src/gui/newGroupDialog.cpp b/src/gui/newGroupDialog.cpp new file mode 100644 index 000000000..2764b4c60 --- /dev/null +++ b/src/gui/newGroupDialog.cpp @@ -0,0 +1,68 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: newGroupDialog.cpp,v 1.2 2004/06/07 05:38:40 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "newGroupDialog.h" +#include "FWWindow.h" + +#include "fwbuilder/FWObjectDatabase.h" + +#include +#include + +#include + +using namespace libfwbuilder; +using namespace std; + +newGroupDialog::~newGroupDialog() +{ + delete m_dialog; +} + +newGroupDialog::newGroupDialog(QWidget *parent) : QDialog(parent) +{ + m_dialog = new Ui::newGroupDialog_q; + m_dialog->setupUi(this); + + fillLibraries(m_dialog->libs,mw->db(),true); // only read-write libs + m_dialog->obj_name->setFocus(); +} + +void newGroupDialog::accept() +{ +/* create a group */ + + if (m_dialog->obj_name->text().isEmpty()) + { + app->beep(); + return; + } + QDialog::accept(); +} diff --git a/src/gui/newGroupDialog.h b/src/gui/newGroupDialog.h new file mode 100644 index 000000000..3b256b4c7 --- /dev/null +++ b/src/gui/newGroupDialog.h @@ -0,0 +1,53 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: newGroupDialog.h,v 1.1 2004/06/07 04:02:55 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __NEWGROUPDIALOG_H_ +#define __NEWGROUPDIALOG_H_ + +#include "config.h" +#include +#include + +#include "fwbuilder/FWObject.h" + + +class newGroupDialog : public QDialog +{ + Q_OBJECT + + + public: + newGroupDialog(QWidget *parent); + ~newGroupDialog(); + + Ui::newGroupDialog_q *m_dialog; + +public slots: + virtual void accept(); + +}; + +#endif // __NEWGROUPDIALOG_H diff --git a/src/gui/newHostDialog.cpp b/src/gui/newHostDialog.cpp new file mode 100644 index 000000000..095f69e8e --- /dev/null +++ b/src/gui/newHostDialog.cpp @@ -0,0 +1,669 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: newHostDialog.cpp,v 1.13 2007/05/23 03:05:51 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#include "config.h" +#include "global.h" +#include "utils.h" +#include "utils_no_qt.h" +#include "platforms.h" + +#include "newHostDialog.h" +#include "InterfaceData.h" +#include "ObjectManipulator.h" +#include "FWWindow.h" +#include "ObjConflictResolutionDialog.h" +#include "upgradePredicate.h" + +#include "fwbuilder/Library.h" +#include "fwbuilder/Host.h" +#include "fwbuilder/Resources.h" +#include "fwbuilder/Policy.h" +#include "fwbuilder/InterfacePolicy.h" +#include "fwbuilder/BackgroundOp.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +// must be the last for win +#include "fwbuilder/snmp.h" + +using namespace libfwbuilder; +using namespace std; + +#define OBJECT_NAME_PAGE 0 +#define SNMP_PAGE 1 +#define MANUAL_PAGE 2 +#define TEMPLATES_PAGE 3 + +newHostDialog::newHostDialog() : QDialog() +{ + m_dialog = new Ui::newHostDialog_q; + m_dialog->setupUi(this); + + setControlWidgets(this, m_dialog->stackedWidget, + m_dialog->nextButton, + m_dialog->finishButton, + m_dialog->backButton, + m_dialog->cancelButton, + m_dialog->titleLabel); + + nhst=NULL; + tmpldb = NULL; + snmpPollCompleted=false; + q=NULL; + unloadTemplatesLib = false; + getInterfacesBusy = false; + + timer = new QTimer(this); + connect( timer, SIGNAL(timeout()), this, SLOT(monitor()) ); + + setNextEnabled( OBJECT_NAME_PAGE, false ); + + m_dialog->iface_list->setAllColumnsShowFocus( true ); + + m_dialog->obj_name->setFocus(); + + showPage(0); +} + +newHostDialog::~newHostDialog() +{ + delete m_dialog; + if (timer!=NULL) delete timer; +#ifdef HAVE_LIBSNMP + if (q!=NULL) delete q; +#endif +} + +void newHostDialog::nextClicked() +{ + if (nextRelevant( currentPage() ) > -1) + showPage(nextRelevant( currentPage() )); +} + +void newHostDialog::backClicked() +{ + if (previousRelevant( currentPage() ) > -1) + showPage(previousRelevant( currentPage() )); +} + + +void newHostDialog::changed() +{ + int p = currentPage(); + if (p==OBJECT_NAME_PAGE) + { + setNextEnabled( p, !m_dialog->obj_name->text().isEmpty() ); + } + + if (p==SNMP_PAGE) + { + + bool f; + +#ifdef HAVE_LIBSNMP + f = m_dialog->use_snmp->isChecked(); +#else + f = false; + m_dialog->use_snmp->setEnabled( f ); +#endif + + m_dialog->snmp_community->setEnabled( f ); + m_dialog->snmpQuery->setEnabled( f ); + m_dialog->snmpProgress->setEnabled( f ); + if (f) m_dialog->snmp_community->setFocus(); + + f = m_dialog->use_manual->isChecked() || snmpPollCompleted; + setNextEnabled( SNMP_PAGE, f ); + } + + if (p==MANUAL_PAGE) + { + if (m_dialog->iface_dyn->isChecked() || m_dialog->iface_unnum->isChecked()) + { + m_dialog->iface_addr->clear(); + m_dialog->iface_addr->setEnabled(false); + m_dialog->iface_netmask->clear(); + m_dialog->iface_netmask->setEnabled(false); + } else + { + m_dialog->iface_addr->setEnabled(true); + m_dialog->iface_netmask->setEnabled(true); + } + } +} + +void newHostDialog::monitor() +{ + if (logger==NULL || q==NULL) return; + +#ifdef HAVE_LIBSNMP + + if( logger->ready() ) + { + QString str = logger->getLine().c_str(); + m_dialog->snmpProgress->moveCursor( QTextCursor::End ); + m_dialog->snmpProgress->insertPlainText( str ); + return; + } + + if (q->isRunning()) return; + + timer->stop(); + + const map &intf = q->getInterfaces(); + for(map::const_iterator i=intf.begin();i!=intf.end(); ++i) + { + if ( i->second.isUp() ) + { + InterfaceData idata( i->second ); + + idata.guessLabel(""); + + QString dn; + if (idata.isDyn) dn+="dyn"; + if (idata.isUnnumbered) dn+="unn"; + + QStringList qsl; + qsl << idata.name.c_str() + << idata.label.c_str() + << idata.address.c_str() + << idata.netmask.c_str() + << dn + << idata.physicalAddress.c_str(); + new QTreeWidgetItem(m_dialog->iface_list, qsl); + +// cerr << "Added interface " << idata.name << endl; + + } + } + + delete q; + q=NULL; + +#endif + + snmpPollCompleted=true; + setNextEnabled( SNMP_PAGE, true ); +} + +void newHostDialog::getInterfacesViaSNMP() +{ +#ifdef HAVE_LIBSNMP + +// need to protect from reentry because getAddrByName processes events + if (q!=NULL || getInterfacesBusy) return; + + snmpPollCompleted=false; + m_dialog->iface_list->clear(); + + string rcomm=m_dialog->snmp_community->text().toLatin1().constData(); + + if ( rcomm.empty() ) + { + QMessageBox::warning( + this,"Firewall Builder", + tr("Missing SNMP community string."), + "&Continue", QString::null, QString::null, 0, 1 ); + return ; + } + + getInterfacesBusy = true; + + IPAddress addr; + QString name=m_dialog->obj_name->text().toLatin1().constData(); + try + { + QApplication::setOverrideCursor( QCursor( Qt::WaitCursor) ); + QString a = getAddrByName(name); + QApplication::restoreOverrideCursor(); + addr = a.toAscii().constData(); + } catch (FWException &ex) + { + QMessageBox::warning( + this,"Firewall Builder", + tr("Address of %1 could not be obtained via DNS") + .arg(m_dialog->obj_name->text()), + "&Continue", QString::null, QString::null, 0, 1 ); + getInterfacesBusy = false; + return ; + } + + logger=NULL; + m_dialog->snmpProgress->clear(); + + if (q!=NULL) delete q; + q=new SNMP_interface_query(); + q->init(addr.toString(),rcomm,SNMP_DEFAULT_RETRIES,SNMP_DEFAULT_TIMEOUT); + + timer->setSingleShot(false); + timer->start(0); + + try + { + logger = q->start_operation(); + + } catch(const FWException &ex) + { + //do nothing + } + + getInterfacesBusy = false; + +#endif +} + +bool newHostDialog::appropriate(const int page) const +{ + int p = page; + + if (fwbdebug) + { + qDebug("newHostDialog::appropriate p=%d",p); + } + + switch (p) + { + case OBJECT_NAME_PAGE: + case TEMPLATES_PAGE: + return true; + + case SNMP_PAGE: + case MANUAL_PAGE: + return (!m_dialog->useTemplate->isChecked()); + } + return true; +} + + +void newHostDialog::showPage(const int page) +{ + FakeWizard::showPage(page); + + int p = currentPage(); + + if (fwbdebug) qDebug("newHostDialog::selected p=%d",p); + +// p is a page number _after_ it changed + + switch (p) + { + case SNMP_PAGE: + changed(); // to properly enable/disable widgets + break; + + case MANUAL_PAGE: + { + m_dialog->iface_name->setFocus(); + + setNextEnabled( MANUAL_PAGE, false ); + setFinishEnabled( MANUAL_PAGE, true ); + break; + } + + case TEMPLATES_PAGE: + { + setFinishEnabled( TEMPLATES_PAGE, true ); +/* load templates if not loaded */ + + if (tmpldb==NULL) + { + + MessageBoxUpgradePredicate upgrade_predicate(this); + + tmpldb = new FWObjectDatabase(); + tmpldb->setReadOnly( false ); + tmpldb->load( tempfname, &upgrade_predicate, librespath); + } + FWObject *tlib = tmpldb->getById(TEMPLATE_LIB); + +#if 0 + FWObject *tlib = mw->db()->getById(TEMPLATE_LIB); + if (tlib==NULL) + { + FWObject *cl = om->getCurrentLib(); + mw->loadLibrary(tempfname); + unloadTemplatesLib = true; + om->loadObjects(); + tlib = mw->db()->getById(TEMPLATE_LIB); +/* restore library that was opened prior loading templates */ + om->openLib(cl); + } +#endif + + list fl; + findHosts(tlib, fl, false); + + QString icn = QString( Resources::global_res->getObjResourceStr(fl.front(), "icon-tree").c_str() ); + + m_dialog->templateList->clear(); + + int n=0; + for (list::iterator m=fl.begin(); m!=fl.end(); m++,n++) + { + FWObject *o=*m; + + QPixmap pm; + if ( ! QPixmapCache::find( icn, pm) ) + { + pm.load( icn ); + QPixmapCache::insert( icn, pm); + } + + QListWidgetItem *item = new QListWidgetItem( + QIcon(pm), QString(o->getName().c_str())); + m_dialog->templateList->addItem(item); + + templates[ m_dialog->templateList->item( m_dialog->templateList->count()-1 ) ]=o; + } + m_dialog->templateList->setCurrentItem(0); + m_dialog->templateList->setFocus(); + break; + } + } +} + +void newHostDialog::templateSelected(QListWidgetItem *cur) +{ + QListWidgetItem *itm = cur; + if (fwbdebug) qDebug("newHostDialog::templateSelected "); + + FWObject *o=templates[itm]; + assert (o!=NULL); + + Host *fw = Host::cast(o); + + m_dialog->templateComment->clear(); + m_dialog->templateComment->append( fw->getComment().c_str() ); + m_dialog->templateComment->moveCursor(QTextCursor::Start); + + bool haveOutside = false; + bool haveInside = false; + bool haveDMZ = false; + list ll = fw->getByType(Interface::TYPENAME); + for (FWObject::iterator i=ll.begin(); i!=ll.end(); i++) + { + Interface *intf = Interface::cast( *i ); + QString nam = intf->getName().c_str(); + QString lbl = intf->getLabel().c_str(); + + if (lbl=="outside" || + nam.indexOf(QRegExp(".*0$"))!=-1 || + nam.indexOf(QRegExp(".*0/0$"))!=-1 ) + { + haveOutside=true; + m_dialog->intfOutsideLine->show(); + m_dialog->intfOutsideText->show(); + fillInterfaceData(intf,m_dialog->intfOutsideText); + } + if (lbl=="inside" || + nam.indexOf(QRegExp(".*1$"))!=-1 || + nam.indexOf(QRegExp(".*0/1$"))!=-1 ) + { + haveInside=true; + m_dialog->intfInsideLine->show(); + m_dialog->intfInsideText->show(); + fillInterfaceData(intf,m_dialog->intfInsideText); + } + } + + if (!haveOutside) { m_dialog->intfOutsideLine->hide(); m_dialog->intfOutsideText->hide(); } + if (!haveInside) { m_dialog->intfInsideLine->hide(); m_dialog->intfInsideText->hide(); } + if (!haveDMZ) { m_dialog->intfDMZLine->hide(); m_dialog->intfDMZText->hide(); } +} + +void newHostDialog::fillInterfaceData(Interface *intf, QTextBrowser *qte) +{ + qte->clear(); + QString s; + + s += ""; + + s += ""; + s += ""; + s += ""; + + s += ""; + s += ""; + s += ""; + s += "
    "; + s += tr("Interface: %1 (%2)") + .arg(intf->getName().c_str()) + .arg(intf->getLabel().c_str()); + s += "
    "; + if (intf->isDyn()) s += tr("Dynamic address"); + else + if (intf->isUnnumbered()) s += tr("Unnumbered interface"); + else + s += QString("%1/%2") + .arg(intf->getAddress().toString().c_str()) + .arg( intf->getNetmask().toString().c_str()); + s += "
    "; + qte->setText(s); +} + +void newHostDialog::addInterface() +{ + QString dn = ""; + if (m_dialog->iface_dyn->isChecked()) dn+="Dyn"; + if (m_dialog->iface_unnum->isChecked()) dn+="Unn"; + + QString addr; + QString netm; + + if (!m_dialog->iface_dyn->isChecked() && !m_dialog->iface_unnum->isChecked()) + { + addr = m_dialog->iface_addr->text(); + netm = m_dialog->iface_netmask->text(); + + if (addr.isEmpty()) addr="0.0.0.0"; + if (netm.isEmpty()) netm="0.0.0.0"; + + try + { + IPAddress(addr.toLatin1().constData()); + Netmask(netm.toLatin1().constData()); + } + catch (FWException &ex) + { + QMessageBox::warning( + this,"Firewall Builder", + tr("Illegal address '%1/%2'").arg(addr).arg(netm), + "&Continue", QString::null, QString::null, 0, 1 ); + return; + } + } + QStringList sl; + sl << m_dialog->iface_name->text() + << m_dialog->iface_label->text() + << addr + << netm + << m_dialog->iface_physaddr->text(); + + new QTreeWidgetItem(m_dialog->iface_list, sl); +} + +void newHostDialog::selectedInterface(QTreeWidgetItem *cur) +{ + QTreeWidgetItem *itm = cur; + m_dialog->iface_name->setText( itm->text(0) ); + m_dialog->iface_label->setText( itm->text(1) ); + m_dialog->iface_addr->setText( itm->text(2) ); + m_dialog->iface_netmask->setText( itm->text(3) ); + m_dialog->iface_dyn->setChecked( itm->text(4).indexOf("Dyn")!=-1 ); + m_dialog->iface_unnum->setChecked( itm->text(4).indexOf("Unn")!=-1 ); + m_dialog->iface_physaddr->setText( itm->text(5) ); +} + +void newHostDialog::updateInterface() +{ + QString dn = ""; + if (m_dialog->iface_dyn->isChecked()) dn+="Dyn"; + if (m_dialog->iface_unnum->isChecked()) dn+="Unn"; + + QTreeWidgetItem *itm = m_dialog->iface_list->currentItem(); + if (itm==NULL) return; + + itm->setText( 0 , m_dialog->iface_name->text() ); + itm->setText( 1 , m_dialog->iface_label->text() ); + itm->setText( 2 , m_dialog->iface_addr->text() ); + itm->setText( 3 , m_dialog->iface_netmask->text() ); + itm->setText( 4 , dn ); + itm->setText( 5 , m_dialog->iface_physaddr->text() ); +} + +void newHostDialog::deleteInterface() +{ + QTreeWidgetItem *itm = m_dialog->iface_list->currentItem(); + if (itm==NULL) return; + m_dialog->iface_list->takeTopLevelItem( + m_dialog->iface_list->indexOfTopLevelItem(itm) ); +} + +void newHostDialog::cancelClicked() +{ + QDialog::reject(); +} + +void newHostDialog::finishClicked() +{ + int p = currentPage(); + + if (p==TEMPLATES_PAGE) + { + QListWidgetItem *itm = m_dialog->templateList->currentItem(); + FWObject *o=templates[itm]; + assert (o!=NULL); + + FWObject *no = om->duplicateObject(om->getCurrentLib(), + o, + m_dialog->obj_name->text(), + false ); // do not ask to autorename + if (no==NULL) + { + QDialog::accept(); + return; + } + nhst=Host::cast(no); + } else + { + FWObject *o; + o=om->createObject(Host::TYPENAME, m_dialog->obj_name->text() ); + if (o==NULL) + { + QDialog::accept(); + return; + } + + nhst=Host::cast(o); + +/* create interfaces */ + + for (int i = 0; i < m_dialog->iface_list->topLevelItemCount(); i++) + { + QTreeWidgetItem *itm = m_dialog->iface_list->topLevelItem(i); + QString name = itm->text(0); + QString label = itm->text(1); + QString addr = itm->text(2); + QString netmask = itm->text(3); + bool dyn = itm->text(4).indexOf("Dyn")!=-1; + bool unnum = itm->text(4).indexOf("Unn")!=-1; + QString physaddr= itm->text(5); + + Interface *oi = Interface::cast( + om->createObject(nhst,Interface::TYPENAME, name) + ); +#ifdef USE_INTERFACE_POLICY + oi->add(new InterfacePolicy()); +#endif + oi->setLabel( label.toLatin1().constData() ); + + if (dyn) oi->setDyn(true); + if (unnum) oi->setUnnumbered(true); + oi->setSecurityLevel(0); + + if (!dyn && !unnum) + { + QString addrname=QString("%1:%2:ip") + .arg(m_dialog->obj_name->text()).arg(name); + IPv4 *oa = IPv4::cast( + om->createObject(oi, IPv4::TYPENAME,addrname) + ); + oa->setAddress( addr.toLatin1().constData() ); + oa->setNetmask( netmask.toLatin1().constData() ); + } + + om->updateObjName(oi,"","",false); + } + } + if (unloadTemplatesLib) + { +#if 0 + FWObject *tlib = mw->db()->getById(TEMPLATE_LIB); + assert (tlib!=NULL); + string tlibID = tlib->getId(); + if (fwbdebug) qDebug(" Delete library of templates"); + om->delObj(tlib,false); + +/* + * deleting an object places it in the "Deleted objects" library, so + * we need to remove "templates" library from there. + * + * TODO: need to add flags to the API to be able to delete objects + * without placing them in "Deleted objects" automatically + */ + FWObject *delObjLib = mw->db()->getById( DELETED_LIB ); + if (delObjLib!=NULL && delObjLib->getById(tlibID)!=NULL) + { + if (fwbdebug) qDebug(" Delete library of templates from 'Deleted objects'"); + om->delObj(tlib,false); // this time from deleted objects lib + } +#endif + + delete tmpldb; + tmpldb = NULL; + + unloadTemplatesLib=false; + } + QDialog::accept(); +} + + + diff --git a/src/gui/newHostDialog.h b/src/gui/newHostDialog.h new file mode 100644 index 000000000..cac72df3d --- /dev/null +++ b/src/gui/newHostDialog.h @@ -0,0 +1,97 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: newHostDialog.h,v 1.5 2006/06/16 04:33:13 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __NEWHOSTDIALOG_H_ +#define __NEWHOSTDIALOG_H_ + +#include "../../config.h" +#include + +#include "InterfaceData.h" +#include "fakeWizard.h" +#include + +#include + +namespace libfwbuilder { + class FWObject; + class Host; + class Interface; + class Logger; + class SNMP_interface_query; +}; + +class QTimer; +class QTextEdit; +class QTreeWidgetItem; +class QListWidgetItem; + +class newHostDialog : public QDialog, public FakeWizard +{ + Q_OBJECT + + libfwbuilder::Host *nhst; + bool snmpPollCompleted; + libfwbuilder::Logger *logger; + libfwbuilder::SNMP_interface_query *q; + QTimer *timer; + libfwbuilder::FWObjectDatabase *tmpldb; + std::map templates; + bool unloadTemplatesLib; + bool getInterfacesBusy; + Ui::newHostDialog_q *m_dialog; + + + void fillInterfaceData(libfwbuilder::Interface *intf, QTextBrowser *qte); + + public: + newHostDialog(); + virtual ~newHostDialog(); + + libfwbuilder::Host* getNewHost() { return nhst; }; + + virtual bool appropriate(const int page) const; + void showPage(const int page); + +public slots: + virtual void addInterface(); + virtual void updateInterface(); + virtual void deleteInterface(); + virtual void changed(); + virtual void selectedInterface(QTreeWidgetItem *cur); + virtual void getInterfacesViaSNMP(); + virtual void monitor(); + virtual void templateSelected(QListWidgetItem *cur); + + protected slots: + virtual void finishClicked(); + virtual void cancelClicked(); + virtual void nextClicked(); + virtual void backClicked(); + +}; + +#endif // __NEWHOSTDIALOG_H diff --git a/src/gui/newfirewalldialog_q.ui b/src/gui/newfirewalldialog_q.ui new file mode 100644 index 000000000..3dd1a19dc --- /dev/null +++ b/src/gui/newfirewalldialog_q.ui @@ -0,0 +1,1538 @@ + + newFirewallDialog_q + + + + 0 + 0 + 551 + 609 + + + + + 9 + + + 6 + + + + + + 3 + 0 + 0 + 0 + + + + + 0 + 25 + + + + + Sans Serif + 14 + 75 + false + true + + + + TextLabel + + + Qt::AlignCenter + + + + + + + + 500 + 450 + + + + 4 + + + + + 0 + + + 6 + + + + + Enter the name of the new object below: + + + Qt::AlignCenter + + + false + + + + + + + + + + Choose firewall software it is running: + + + Qt::AlignCenter + + + false + + + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 30 + 20 + + + + + + + + Qt::Vertical + + + QSizePolicy::Fixed + + + + 20 + 20 + + + + + + + + Choose OS the new firewall runs on: + + + Qt::AlignCenter + + + false + + + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 150 + + + + + + + + + 1 + 0 + 0 + 0 + + + + + 0 + 20 + + + + QFrame::HLine + + + QFrame::Sunken + + + Qt::Horizontal + + + + + + + Use preconfigured template firewall objects + + + + + + + + + 0 + + + 6 + + + + + Next step is to add interfaces to the new firewall. There are two ways to do it: using SNMP query or manually. Adding them using SNMP query is fast and automatic, but is only possible if firewall runs SNMP agent and you know SNMP community string 'read'. + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + + + + + Qt::Vertical + + + QSizePolicy::Fixed + + + + 20 + 20 + + + + + + + + + + + + 0 + + + 6 + + + + + Configure interfaces manually + + + true + + + + + + + Use SNMP to discover interfaces of the firewall + + + + + + + + + + 0 + + + 6 + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + + + Discover Interfaces using SNMP + + + + + + + SNMP 'read' community string: + + + Qt::AlignCenter + + + false + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 140 + 20 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + + + + + + + 9 + + + 6 + + + + + + 5 + 0 + 0 + 255 + + + + Here you can add or edit interfaces manually. 'Name' corresponds to the name of the physical interface, such as 'eth0', 'fxp0', 'ethernet0' etc. 'Label' is used to mark interface to reflect network topology, e.g. 'outside' or 'inside'. Label is mandatory for PIX firewall. + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + + + + + Click 'Next' when done. + + + Qt::AlignCenter + + + false + + + + + + + QFrame::Box + + + QFrame::Sunken + + + + 9 + + + 6 + + + + + + 0 + 82 + + + + + Name + + + + + Label + + + + + Address + + + + + Netmask + + + + + Dyn + + + + + MAC + + + + + + + + 0 + + + 6 + + + + + 0 + + + 6 + + + + + + 5 + 0 + 0 + 0 + + + + + 50 + 0 + + + + + 100 + 32767 + + + + + + + + + 5 + 0 + 0 + 0 + + + + + 50 + 0 + + + + + 100 + 32767 + + + + + + + + Name: + + + Qt::AlignCenter + + + false + + + + + + + + 5 + 0 + 0 + 0 + + + + + 50 + 0 + + + + + 100 + 32767 + + + + + + + + Address: + + + Qt::AlignCenter + + + false + + + + + + + Netmask: + + + Qt::AlignCenter + + + false + + + + + + + MAC: + + + Qt::AlignCenter + + + false + + + + + + + + 5 + 0 + 0 + 0 + + + + + 50 + 0 + + + + + 100 + 32767 + + + + + + + + + + 0 + + + 6 + + + + + 0 + + + 6 + + + + + Label: + + + Qt::AlignCenter + + + false + + + + + + + + 5 + 0 + 0 + 0 + + + + + 50 + 0 + + + + + 100 + 32767 + + + + + + + + + + + + + + 0 + + + 0 + + + + + Bridge port + + + + + + + Unnumbered interface + + + + + + + Dynamic address + + + + + + + Regular interface + + + true + + + + + + + + + + + + 0 + + + 3 + + + + + Qt::Vertical + + + QSizePolicy::Preferred + + + + 20 + 21 + + + + + + + + + 7 + 0 + 0 + 0 + + + + Delete + + + + + + + + 7 + 0 + 0 + 0 + + + + Update + + + + + + + + 7 + 0 + 0 + 0 + + + + Add + + + + + + + + + + + + + + + + 0 + + + 6 + + + + + Qt::AlignCenter + + + true + + + + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 6 + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 190 + + + + + + + + up + + + + + + + down + + + + + + + + Name + + + + + Label + + + + + Address + + + + + Security Level + + + + + + + + + + + Click 'Finish' when done. + + + Qt::AlignCenter + + + false + + + + + + + In order to be able to build firewall policy properly, Firewall Builder needs information about 'security level' of the firewall's interfaces. Interface that connects it to the Internet is considered 'insecure' and has security level '0', while interface connected to the internal network is supposed to be 'secure' (security level '100'). You can arrange interfaces in the order of their security level below. + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + + + + + Qt::AlignCenter + + + true + + + + + + + + + 0 + + + 6 + + + + + + 0 + 5 + 0 + 0 + + + + + 280 + 210 + + + + QFrame::StyledPanel + + + QFrame::Sunken + + + + + 79 + 77 + 20 + 52 + + + + + 1 + 0 + 0 + 0 + + + + + 20 + 20 + + + + QFrame::HLine + + + QFrame::Sunken + + + Qt::Horizontal + + + + + + 38 + 28 + 20 + 30 + + + + + 0 + 1 + 0 + 0 + + + + + 20 + 20 + + + + QFrame::VLine + + + QFrame::Sunken + + + Qt::Vertical + + + + + + 38 + 148 + 20 + 30 + + + + + 0 + 1 + 0 + 0 + + + + + 20 + 20 + + + + QFrame::VLine + + + QFrame::Sunken + + + Qt::Vertical + + + + + + 68 + 8 + 200 + 52 + + + + QFrame::Panel + + + QFrame::Raised + + + + + + 88 + 78 + 180 + 52 + + + + QFrame::Panel + + + QFrame::Raised + + + + + + 68 + 148 + 200 + 52 + + + + QFrame::Panel + + + QFrame::Raised + + + + + + 10 + 70 + 64 + 64 + + + + :/Icons/firewall_64.png + + + false + + + false + + + + + + + + Choose template object in the list and click 'Finish' when ready. Template objects use generic interface names that will be iherited by the firewall object you create. You may need to rename them later to reflect real names of interfaces on your firewall machine. + + + Qt::AlignVCenter + + + true + + + + + + + + + + + + + + + + + + 3 + 0 + 1 + 0 + + + + + 400 + 50 + + + + QFrame::StyledPanel + + + QFrame::Raised + + + + 9 + + + 6 + + + + + Qt::Horizontal + + + + 161 + 37 + + + + + + + + < &Back + + + + + + + &Next > + + + false + + + + + + + &Finish + + + false + + + + + + + &Cancel + + + + + + + + + + + + obj_name + platform + hostOS + useTemplate + use_manual + snmp_community + snmpQuery + snmpProgress + iface_list + iface_name + iface_label + iface_addr + iface_netmask + iface_physaddr + addBtn + updBtn + delBtn + iface_sl_list + upBtn + downBtn + templateList + intfOutsideText + intfDMZText + intfInsideText + templateComment + + + + + + + addBtn + clicked() + newFirewallDialog_q + addInterface() + + + 20 + 20 + + + 20 + 20 + + + + + updBtn + clicked() + newFirewallDialog_q + updateInterface() + + + 20 + 20 + + + 20 + 20 + + + + + delBtn + clicked() + newFirewallDialog_q + deleteInterface() + + + 20 + 20 + + + 20 + 20 + + + + + upBtn + clicked() + newFirewallDialog_q + upInterface() + + + 20 + 20 + + + 20 + 20 + + + + + downBtn + clicked() + newFirewallDialog_q + downInterface() + + + 20 + 20 + + + 20 + 20 + + + + + obj_name + textChanged(QString) + newFirewallDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + platform + activated(int) + newFirewallDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + hostOS + activated(int) + newFirewallDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + iface_list + currentItemChanged(QTreeWidgetItem*,QTreeWidgetItem*) + newFirewallDialog_q + selectedInterface(QTreeWidgetItem*,QTreeWidgetItem*) + + + 20 + 20 + + + 20 + 20 + + + + + use_manual + toggled(bool) + newFirewallDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + use_snmp + toggled(bool) + newFirewallDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + snmpQuery + clicked() + newFirewallDialog_q + getInterfacesViaSNMP() + + + 20 + 20 + + + 20 + 20 + + + + + templateList + currentItemChanged(QListWidgetItem*,QListWidgetItem*) + newFirewallDialog_q + templateSelected(QListWidgetItem*) + + + 20 + 20 + + + 20 + 20 + + + + + iface_reg + toggled(bool) + newFirewallDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + iface_dyn + toggled(bool) + newFirewallDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + iface_unnum + toggled(bool) + newFirewallDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + iface_bridgeport + toggled(bool) + newFirewallDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/newgroupdialog_q.ui b/src/gui/newgroupdialog_q.ui new file mode 100644 index 000000000..420550cb0 --- /dev/null +++ b/src/gui/newgroupdialog_q.ui @@ -0,0 +1,129 @@ + + + + + newGroupDialog_q + + + + 0 + 0 + 314 + 156 + + + + + 1 + 1 + 0 + 0 + + + + New Group + + + + + + Library: + + + false + + + + + + + + 7 + 0 + 0 + 0 + + + + + + + + + + + Group Name: + + + false + + + + + + + This operation will create a new group and put selected objects in it + + + Qt::AlignVCenter + + + true + + + + + + + + 55 + 20 + + + + Expanding + + + Horizontal + + + + + + + Create a group + + + + + + + Cancel + + + + + + + + + obj_name + libs + applyBtn + cancelBtn + + + + cancelBtn + clicked() + newGroupDialog_q + reject() + + + applyBtn + clicked() + newGroupDialog_q + accept() + + + diff --git a/src/gui/newhostdialog_q.ui b/src/gui/newhostdialog_q.ui new file mode 100644 index 000000000..2491a1e6e --- /dev/null +++ b/src/gui/newhostdialog_q.ui @@ -0,0 +1,1119 @@ + + newHostDialog_q + + + + 0 + 0 + 486 + 701 + + + + + 9 + + + 6 + + + + + + 3 + 0 + 0 + 0 + + + + + 0 + 25 + + + + + Sans Serif + 14 + 75 + false + true + + + + TextLabel + + + Qt::AlignCenter + + + + + + + + 5 + 5 + 0 + 0 + + + + 3 + + + + + 0 + + + 6 + + + + + Enter the name of the new object below: + + + Qt::AlignCenter + + + false + + + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 30 + 20 + + + + + + + + Qt::Vertical + + + QSizePolicy::Fixed + + + + 20 + 20 + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 150 + + + + + + + + + 1 + 0 + 0 + 0 + + + + + 0 + 20 + + + + QFrame::HLine + + + QFrame::Sunken + + + Qt::Horizontal + + + + + + + Use preconfigured template host objects + + + + + + + + + 0 + + + 6 + + + + + Next step is to add interfaces to the new host. There are two ways to do it: using SNMP query or manually. Adding them using SNMP query is fast and automatic, but is only possible if the host runs SNMP agent and you know SNMP community string 'read'. + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + + + + + Qt::Vertical + + + QSizePolicy::Fixed + + + + 20 + 20 + + + + + + + + + + + + 0 + + + 6 + + + + + Configure interfaces manually + + + true + + + + + + + Use SNMP to discover interfaces of the host + + + + + + + + + + 0 + + + 6 + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + Discover Interfaces using SNMP + + + + + + + SNMP 'read' community string: + + + Qt::AlignCenter + + + false + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 140 + 20 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + + + + + + + + + + 0 + + + 6 + + + + + + 5 + 0 + 0 + 0 + + + + Here you can add or edit interfaces manually. 'Name' corresponds to the name of the physical interface, such as 'eth0', 'fxp0', 'ethernet0' etc. 'Label' is used to mark interface to reflect network topology, e.g. 'outside' or 'inside'. + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + + + + + + 5 + 0 + 0 + 0 + + + + Check option 'Unnumbered interface' for the interface that does not have an IP address. Examples of interfaces of this kind are those used to terminate PPPoE or VPN tunnels. + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + + + + + + 5 + 0 + 0 + 0 + + + + Check option 'dynamic address' for the interface that gets its IP address dynamically via DHCP or PPP protocol. + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + + + + + Click 'Next' when done. + + + Qt::AlignCenter + + + false + + + + + + + + 7 + 7 + 0 + 0 + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 6 + + + + + Name: + + + Qt::AlignCenter + + + false + + + + + + + Label: + + + Qt::AlignCenter + + + false + + + + + + + Address: + + + Qt::AlignCenter + + + false + + + + + + + This is unnumbered interface, that is, it does not have an IP address. You can use this for interfaces that terminate PPPoE or other VPN tunnels + + + Unnumbered interface + + + + + + + + 0 + 100 + + + + + Name + + + + + Label + + + + + Address + + + + + Netmask + + + + + Dyn + + + + + MAC + + + + + + + + + + + + + + + + + + + + + + + MAC: + + + Qt::AlignCenter + + + false + + + + + + + Address of this interface is assigned dynamically using DHCP or PPP protocol + + + Dynamic address + + + + + + + Netmask: + + + Qt::AlignCenter + + + false + + + + + + + 0 + + + 6 + + + + + Add + + + + + + + Update + + + + + + + Delete + + + + + + + + + + + + + + 0 + + + 6 + + + + + + 0 + 0 + 0 + 0 + + + + + 280 + 210 + + + + QFrame::StyledPanel + + + QFrame::Sunken + + + + + 79 + 77 + 20 + 52 + + + + + 1 + 0 + 0 + 0 + + + + + 20 + 20 + + + + QFrame::HLine + + + QFrame::Sunken + + + Qt::Horizontal + + + + + + 38 + 148 + 20 + 30 + + + + + 0 + 1 + 0 + 0 + + + + + 20 + 20 + + + + QFrame::VLine + + + QFrame::Sunken + + + Qt::Vertical + + + + + + 68 + 8 + 200 + 52 + + + + QFrame::Panel + + + QFrame::Raised + + + + + + 88 + 78 + 180 + 52 + + + + QFrame::Panel + + + QFrame::Raised + + + + + + 68 + 148 + 200 + 52 + + + + QFrame::Panel + + + QFrame::Raised + + + + + + 10 + 70 + 64 + 64 + + + + :/Icons/host_64.xpm + + + false + + + false + + + + + + 38 + 28 + 20 + 30 + + + + + 0 + 1 + 0 + 0 + + + + + 20 + 20 + + + + QFrame::VLine + + + QFrame::Sunken + + + Qt::Vertical + + + + + + + + + + + Choose template object in the list and click 'Finish' when ready. Template objects use generic interface names that will be iherited by the firewall object you create. You may need to rename them later to reflect real names of interfaces on your firewall machine. + + + Qt::AlignVCenter + + + true + + + + + + + + + + + + + + + 3 + 0 + 1 + 0 + + + + + 400 + 50 + + + + QFrame::StyledPanel + + + QFrame::Raised + + + + 9 + + + 6 + + + + + Qt::Horizontal + + + + 40 + 20 + + + + + + + + < &Back + + + + + + + &Next > + + + false + + + + + + + &Finish + + + false + + + + + + + &Cancel + + + + + + + + + + + obj_name + useTemplate + use_manual + snmp_community + snmpQuery + snmpProgress + iface_list + iface_name + iface_label + iface_addr + iface_unnum + iface_netmask + iface_dyn + iface_physaddr + addBtn + updBtn + delBtn + templateList + intfOutsideText + intfDMZText + intfInsideText + templateComment + + + + + + + addBtn + clicked() + newHostDialog_q + addInterface() + + + 20 + 20 + + + 20 + 20 + + + + + updBtn + clicked() + newHostDialog_q + updateInterface() + + + 20 + 20 + + + 20 + 20 + + + + + delBtn + clicked() + newHostDialog_q + deleteInterface() + + + 20 + 20 + + + 20 + 20 + + + + + obj_name + textChanged(QString) + newHostDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + iface_list + currentItemChanged(QTreeWidgetItem*,QTreeWidgetItem*) + newHostDialog_q + selectedInterface(QTreeWidgetItem*,QTreeWidgetItem*) + + + 20 + 20 + + + 20 + 20 + + + + + iface_dyn + clicked() + newHostDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + iface_unnum + clicked() + newHostDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + use_manual + toggled(bool) + newHostDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + use_snmp + toggled(bool) + newHostDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + snmpQuery + clicked() + newHostDialog_q + getInterfacesViaSNMP() + + + 20 + 20 + + + 20 + 20 + + + + + templateList + currentItemChanged(QListWidgetItem*,QListWidgetItem*) + newHostDialog_q + templateSelected(QListWidgetItem*,QListWidgetItem*) + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/objconflictresolutiondialog_q.ui b/src/gui/objconflictresolutiondialog_q.ui new file mode 100644 index 000000000..c9bfd8052 --- /dev/null +++ b/src/gui/objconflictresolutiondialog_q.ui @@ -0,0 +1,309 @@ + + ObjConflictResolutionDialog_q + + + + 0 + 0 + 850 + 436 + + + + Conflict Resolution + + + + 11 + + + 6 + + + + + + 0 + 0 + 0 + 0 + + + + + + + true + + + false + + + + + + + + 7 + 5 + 0 + 0 + + + + There is a conflict between an object in your tree and object in the file you are trying to open. Choose which version of this object you want to use: + + + Qt::AlignVCenter + + + true + + + + + + + Qt::Horizontal + + + + + 0 + + + 6 + + + + + Current Object + + + Qt::AlignVCenter + + + true + + + + + + + + 5 + 7 + 0 + 0 + + + + + + + + 5 + + + 6 + + + + + + + + Keep current object + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + Always choose this +object if there is a conflict + + + + + + + + + + + + 0 + + + 6 + + + + + New Object + + + Qt::AlignVCenter + + + true + + + + + + + + 5 + 7 + 0 + 0 + + + + + + + + 5 + + + 6 + + + + + + + + Replace with this object + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + Always choose this +object if there is a conflict + + + + + + + + + + + + + + + currentObj + newObj + currentAll + useCurrentObj + newAll + useNewObj + + + + + useCurrentObj + clicked() + ObjConflictResolutionDialog_q + reject() + + + 20 + 20 + + + 20 + 20 + + + + + useNewObj + clicked() + ObjConflictResolutionDialog_q + accept() + + + 20 + 20 + + + 20 + 20 + + + + + currentAll + toggled(bool) + ObjConflictResolutionDialog_q + setFlags() + + + 20 + 20 + + + 20 + 20 + + + + + newAll + toggled(bool) + ObjConflictResolutionDialog_q + setFlags() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/objecteditor_q.ui b/src/gui/objecteditor_q.ui new file mode 100644 index 000000000..cc1f964c2 --- /dev/null +++ b/src/gui/objecteditor_q.ui @@ -0,0 +1,119 @@ + + ObjectEditor_q + + + true + + + + 0 + 0 + 202 + 119 + + + + + 5 + 5 + 0 + 0 + + + + Firewall Builder + + + + + + true + + + + 0 + + + 6 + + + + + 0 + + + 6 + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + &Close + + + Alt+C + + + true + + + true + + + + + + + + + + 200 + 0 + + + + QFrame::StyledPanel + + + QFrame::Raised + + + + + + + + + + buttonOk + clicked() + ObjectEditor_q + accept() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/objectmanipulator_q.ui b/src/gui/objectmanipulator_q.ui new file mode 100644 index 000000000..9a216d141 --- /dev/null +++ b/src/gui/objectmanipulator_q.ui @@ -0,0 +1,207 @@ + + ObjectManipulator_q + + + true + + + + 0 + 0 + 248 + 289 + + + + + 5 + 7 + 0 + 0 + + + + Tree of Objects + + + + 0 + + + 2 + + + + + + + + + + + 5 + 0 + 0 + 0 + + + + + 2 + + + 0 + + + + + Back + + + Go back to the previous object + + + + + + :/Icons/Return + + + true + + + + + + + + 0 + 1 + 0 + 0 + + + + + 32767 + 16 + + + + QFrame::VLine + + + QFrame::Plain + + + 1 + + + Qt::Vertical + + + + + + + + 7 + 0 + 0 + 0 + + + + + + + + New Object + + + Create New Object + + + :/Icons/newobject_25.png + + + true + + + + + + + + + + + + + + + libs + activated(int) + ObjectManipulator_q + libChanged(int) + + + 20 + 20 + + + 20 + 20 + + + + + backButton + clicked() + ObjectManipulator_q + back() + + + 20 + 20 + + + 20 + 20 + + + + + newButton + clicked() + ObjectManipulator_q + newObject() + + + 20 + 20 + + + 20 + 20 + + + + + widgetStack + currentChanged(int) + ObjectManipulator_q + currentTreePageChanged(int) + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/oldRuleSetView.cpp b/src/gui/oldRuleSetView.cpp new file mode 100644 index 000000000..37ef5cd14 --- /dev/null +++ b/src/gui/oldRuleSetView.cpp @@ -0,0 +1,3614 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: RuleSetView.cpp,v 1.163 2007/05/30 04:24:55 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + + + +#include "config.h" +#include "global.h" +#include "utils.h" +#include "FWWindow.h" +#include "RuleSetView.h" +#include "ObjectManipulator.h" +//#include "ObjectEditor.h" CWP +#include "platforms.h" +#include "inplaceComboBox.h" +#include "FWObjectDrag.h" +#include "FWObjectClipboard.h" +#include "findDialog.h" +#include "ColorLabelMenuItem.h" +#include "FWBSettings.h" +#include "SimpleTextEditor.h" +#include "SimpleIntEditor.h" +#include "ActionsDialog.h" +#include "FWObjectPropertiesFactory.h" +#include "ObjectTreeView.h" +#include "FindObjectWidget.h" + +//#include "askrulenumberdialog_q.h" CWP + +#include +#include + +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Resources.h" +#include "fwbuilder/Policy.h" + +#include "fwbuilder/InterfacePolicy.h" + +#include "fwbuilder/NAT.h" +#include "fwbuilder/Routing.h" +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/Interface.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +using namespace libfwbuilder; +using namespace std; + + +class mouseEventFilter : public QObject +{ + protected: + bool eventFilter( QObject *object, QEvent *event) + { + if (event->type() == QEvent::MouseButtonPress ) + { + cerr << "event type=" << event->type() << endl; + return true; + } + else + return false; + } +}; + +mouseEventFilter mef; + +bool headerMouseEventInterceptor::eventFilter( QObject *object, QEvent *event) +{ + if (event->type() == QEvent::ContextMenu ) + { + QContextMenuEvent *e = (QContextMenuEvent*)(event); + + int row = rsv->rowAt( rsv->contentsY()+e->pos().y() ); + rsv->contextMenu(row, -1, e->globalPos()); + +// rsv->headerMousePressEvent(e->globalPos()); + } + return false; +} + +/** CWP skipped from here +RuleObjToolTip::RuleObjToolTip(RuleSetView *w) : QToolTip(w->viewport(),0) +{ + rsv=w; +} + +void RuleObjToolTip::maybeTip(const QPoint &pos) +{ + if (st->getObjTooltips()) + { + int cx,cy; + + rsv->viewportToContents(pos.x(),pos.y(),cx,cy); + + int row = rsv->rowAt(cy); + int col = rsv->columnAt(cx); + + QRect cr; + QString t=""; + + cr=rsv->cellGeometry(row,col); + + if ( RuleSetView::Options == rsv->getColType(col) ) + { + Rule *rule = rsv->getRule(row); + if (PolicyRule::cast(rule)!=NULL ) + { + if (! isDefaultPolicyRuleOptions( rule->getOptionsObject() )) + t= FWObjectPropertiesFactory::getPolicyRuleOptions(rule); + } + if (NATRule::cast(rule)!=NULL ) + { + if (! isDefaultNATRuleOptions( rule->getOptionsObject() )) + t= FWObjectPropertiesFactory::getNATRuleOptions(rule); + } + } + else if( RuleSetView::Direction == rsv->getColType(col) ) + { + PolicyRule *rule = PolicyRule::cast( rsv->getRule(row) ); + if (rule!=NULL) + t = rule->getDirectionAsString().c_str(); + } + else if( RuleSetView::Action == rsv->getColType(col) ) + { + PolicyRule *rule = PolicyRule::cast( rsv->getRule(row) ); + if (rule!=NULL) + t= FWObjectPropertiesFactory::getRuleActionPropertiesRich(rule); + } + else + { + FWObject *obj = rsv->getObj(row,col,cy,&cr); + if (obj==NULL) + return; + t=FWObjectPropertiesFactory::getObjectPropertiesDetailed(obj,true,true); + } + cr.moveTopLeft( rsv->contentsToViewport( cr.topLeft() ) ); + tip(cr,t); + } +} to here */ + + +RuleSetView::RuleSetView( int r, int c, QWidget *parent ) : QTable( r, c, parent ), hme(this) +{ + kbdGoingUp = false; + RuleElementSpacing=4; + changingSelection = false; + dragging = false; + changingRules = false; + +// verticalHeader()->setLabel(0, "0"); +// horizontalHeader()->setLabel(0, "0"); + + new RuleObjToolTip(this); + + setDragEnabled(true); + + ncols=c; + selectedObject = NULL; + + setFocusPolicy( StrongFocus ); + + items.setAutoDelete( TRUE ); + widgets.setAutoDelete( TRUE ); + + setSelectionMode( MultiRow ); + + setAcceptDrops( TRUE ); + + setCaption( tr( "A Rule Set" ) ); + setLeftMargin( fontMetrics().width( "W999W" ) ); + + horizontalHeader()->setStretchEnabled(false); + verticalHeader()->setStretchEnabled(false); + + horizontalHeader()->setResizeEnabled(true); + verticalHeader()->setResizeEnabled(false); + + horizontalHeader()->setClickEnabled(false); + verticalHeader()->setClickEnabled(true); + + horizontalHeader()->setMovingEnabled(true); +/* + connect( horizontalHeader(), SIGNAL( clicked(int) ), + this, SLOT( horizontalHeaderClicked(int) ) ); + + connect( verticalHeader(), SIGNAL( clicked(int) ), + this, SLOT( verticalHeaderClicked(int) ) ); +*/ + + connect( this, SIGNAL( contextMenuRequested(int,int,const QPoint&) ), + this, SLOT( contextMenu(int,int,const QPoint&) ) ); + + connect( this, SIGNAL( doubleClicked(int,int,int,const QPoint&) ), + this, SLOT( doubleClicked(int,int,int,const QPoint&) ) ); + + connect( this, SIGNAL( selectionChanged() ), + this, SLOT( selectionChanged() ) ); + + connect( this, SIGNAL( contentsMoving(int,int) ), + this, SLOT( contentsMoving(int,int) ) ); + + verticalHeader()->installEventFilter( &hme ); + unselect(); +} + +RuleSetView::~RuleSetView() +{ +} + +Firewall* RuleSetView::getFirewall() +{ + FWObject *f=ruleset; + while (f!=NULL && !Firewall::isA(f)) f=f->getParent(); + assert(f!=NULL); + return Firewall::cast(f); +} + +void RuleSetView::contentsMoving(int x, int y) +{ + if (fwbdebug) qDebug("RuleSetView::contentsMoving x=%d y=%d",x,y); +} + +void RuleSetView::drawContents(QPainter *p, int cx, int cy, int cw, int ch) +{ + +// if (fwbdebug) +// qDebug("RuleSetView::drawContents cx=%d cy=%d cw=%d ch=%d",cx,cy,cw,ch); + + QTable::drawContents(p,cx,cy,cw,ch); +} + +void RuleSetView::hideEvent(QHideEvent *ev) +{ + QString k = settingsKey(); + QString v; + + for (int col=0; colsetStr(k,v); +} + + +QString RuleSetView::settingsKey() +{ + return QString("/RuleSets/") + name() + "_Columns"; +} + +void RuleSetView::setRuleNumber(int row, libfwbuilder::Rule *rule) +{ + QIconSet icn; + + if (rule!=NULL && rule->isDisabled()) + { +// icn = QPixmap::fromMimeSource( Resources::global_res->getResourceStr( +// "/FWBuilderResources/UI/Icons/neg").c_str()); + + QString icn_file = Resources::global_res->getResourceStr( + "/FWBuilderResources/UI/Icons/neg").c_str(); + QPixmap pm; + if ( ! QPixmapCache::find( icn_file, pm) ) + { + pm = QPixmap::fromMimeSource( icn_file ); + QPixmapCache::insert( icn_file, pm); + } + icn = QIconSet(pm); + } else + icn = QIconSet(); + + int s = verticalHeader()->sectionSize(row); + verticalHeader()->setLabel( row, icn, QString::number(row) ); + verticalHeader()->resizeSection( row , s ); +} + +void RuleSetView::fixRulePosition(Rule *rule, FWObject *parent, int pos) +{ + if ( rule->isReadOnly()) + { + // need to temporary break the lock + // since several parents could be read-only, do it recursively + FWObject *o = (parent!=NULL) ? parent : rule; + while ( o!=NULL && !o->getBool("ro") ) o = o->getParent(); + if (o) + { + o->setReadOnly(false); + fixRulePosition(rule, o, pos); + o->setReadOnly(true); + } else + { + rule->checkReadOnly(); // should be read-write by now + rule->setPosition(pos); + } + } else + rule->setPosition(pos); +} + + +void RuleSetView::init() +{ + QApplication::setOverrideCursor( QCursor( Qt::WaitCursor) ); + + horizontalHeader()->adjustHeaderSize(); + + int row=0; + map colW; + bool userColWidth=false; + + QPainter p(this); + + QString k = settingsKey(); + QString v = st->getStr(k); + if (!v.isEmpty()) + { + userColWidth=true; + for (int col=0; collabel(col); + QRect br=p.boundingRect(0, 0, 1000, 1000, + Qt::AlignLeft|Qt::AlignVCenter, + lbl ); + colW[col]=br.width() + 10; + } + } + + for (FWObject::iterator i=ruleset->begin(); i!=ruleset->end(); i++,row++) + { + ruleIndex[row] = *i; + dirtyRows[row] = 1; + + setRuleNumber(row, Rule::cast( *i )); + if (Rule::cast( *i )->getPosition()!=row) + { + fixRulePosition(Rule::cast( *i ), NULL, row); + } +// adjustRow(row); + + int h=20; + for (int col=0; colsize() ); + + QString icn = Resources::global_res->getResourceStr("/FWBuilderResources/UI/Icons/Accept").c_str(); + + if (fwbdebug) + qDebug("RuleSetView::iinit() icn=%s",icn.ascii()); + + QPixmap pm; + if ( ! QPixmapCache::find( icn, pm) ) + { + pm = QPixmap::fromMimeSource( icn ); + QPixmapCache::insert( icn, pm); + } + + pixmap_h = pm.height(); + pixmap_w = pm.width(); + + QPainter p(this); + QRect br = p.boundingRect(0, 0, 1000, 1000, + Qt::AlignLeft|Qt::AlignVCenter,"WMWM" ); + text_h = br.height(); + item_h = ( (pixmap_h>text_h)?pixmap_h:text_h ) + RuleElementSpacing; + + FWObject *f = getFirewall(); + +// f is a pointer at firewall object + supports_logging =false; + supports_rule_options =false; + supports_time =false; + + try { + supports_logging= + Resources::getTargetCapabilityBool(f->getStr("platform"), + "logging_in_policy"); + supports_rule_options= + Resources::getTargetCapabilityBool(f->getStr("platform"), + "options_in_policy"); + supports_time= + Resources::getTargetCapabilityBool(f->getStr("platform"), + "supports_time"); + } catch (FWException &ex) { } + + return; +} + +void RuleSetView::clear() +{ + + +} + + +/* CWP skipped from here +void RuleSetView::focusInEvent(QFocusEvent* ev) +{ + if (fwbdebug) qDebug("RuleSetView::focusInEvent"); + + //om->unselect(); + QTable::focusInEvent(ev); + repaintSelections(); + + if ( + (ev->reason()==QFocusEvent::Tab || + ev->reason()==QFocusEvent::Backtab) && + oe->isVisible() + ) + mw->requestEditorOwnership(this,NULL,ObjectEditor::optNone,true); +} + +void RuleSetView::focusOutEvent(QFocusEvent* ev) +{ + if (fwbdebug) + { + qDebug("RuleSetView::focusOutEvent. QStyle::SH_ItemView_ChangeHighlightOnFocus=%d backgroundMode=%d", + style().styleHint( QStyle::SH_ItemView_ChangeHighlightOnFocus, this ), + backgroundMode()); + + } + + QTable::focusOutEvent(ev); + repaintSelections(); +} + + +and to here*/ + +void RuleSetView::adjustColumn( int col ) +{ +// int w = horizontalHeader()->sectionSize(col); + QString lbl = horizontalHeader()->label(col); + QPainter p(this); + QRect br=p.boundingRect(0, 0, 1000, 1000, + Qt::AlignLeft|Qt::AlignVCenter, + lbl ); + + int w = br.width() + 10; + + int row=0; + for (FWObject::iterator i=ruleset->begin(); i!=ruleset->end(); i++,row++) + { + QRect cr = calculateCellSize(row,col); + w=QMAX(w,cr.width()); + } + setColumnWidth(col,w); +} + +void RuleSetView::adjustRow_int( int row, int h ) +{ + +/ * make sure the row is no smaller than a label in the left header, + * and no smaller than the "strut" (the minimal size of the gui + * element as defined in QApplication) + * / + QHeader * leftHeader = verticalHeader(); + h = QMAX(h, leftHeader->fontMetrics().height() + 2); + h = QMAX(h, QApplication::globalStrut().height()); + +/ * setRowHeight causes redraw. Beware of loops 'cause we call adjustRow from + * cellPaint! * / + setRowHeight(row, h); + + dirtyRows[row]=0; +} + +void RuleSetView::adjustRow( int row ) +{ + int h = 20; + + for (int col=0; coldb()->create("When"); + assert(nre!=NULL); + rule->add(nre); + } + } +/* continue in Object */ + + case Object: + { + RuleElement *re = getRE(rule,col); + if (re==NULL) return QRect(0,0,0,0); + re_size = re->size(); + for (FWObject::iterator j=re->begin(); j!=re->end(); j++) + { + FWObject *o1= *j; + FWObject *o2 = o1; + string o1ref = ""; + if (FWReference::cast(o1)!=NULL) + { + o1ref = FWReference::cast(o1)->getPointerId(); + o2=FWReference::cast(o1)->getPointer(); + } + QString ot = objectText(re,o2); + QRect br=p.boundingRect(0, 0, 1000, 1000, + Qt::AlignLeft|Qt::AlignVCenter, + ot); + hc += item_h; + int itmW = RuleElementSpacing/2 + pixmap_w + + RuleElementSpacing + br.width(); + wc = QMAX(wc, itmW); + } + break; + } + + case Action: + { +/* possible actions: + "Accept", "Deny", "Reject", "Accounting", "Tag", + "Pipe", "Classify", "Custom", "Continue" +*/ + QString ac = + FWObjectPropertiesFactory::getRuleActionProperties( + PolicyRule::cast(rule)); + QRect br=p.boundingRect(0, 0, 1000, 1000, + Qt::AlignLeft|Qt::AlignVCenter,ac ); + hc = item_h; + wc = RuleElementSpacing/2 + pixmap_w + RuleElementSpacing + br.width(); + break; + } + + case Direction: + { + hc = item_h; + wc = RuleElementSpacing/2 + pixmap_w + RuleElementSpacing; + break; +#if 0 +/* possible directions: "Inbound", "Outbound" , "Both" */ + QRect br=p.boundingRect(0, 0, 1000, 1000, + Qt::AlignLeft|Qt::AlignVCenter,tr("Outbound ") ); + hc = item_h; + wc = RuleElementSpacing/2 + pixmap_w + RuleElementSpacing + br.width(); + break; +#endif + } + + case Options: + hc = item_h; + wc = RuleElementSpacing/2 + pixmap_w + RuleElementSpacing + pixmap_w; + break; + + case Comment: + { + QRect br=p.boundingRect(0, 0, 1000, 1000, + Qt::AlignLeft|Qt::AlignVCenter, + QString::fromUtf8(rule->getComment().c_str()) ); + hc = br.height() + RuleElementSpacing; + wc = RuleElementSpacing/2 + br.width(); + break; + } + + case Metric: + { + QRect br=p.boundingRect(0, 0, 1000, 1000, + Qt::AlignLeft|Qt::AlignVCenter, + QString::fromUtf8(RoutingRule::cast(rule)->getMetricAsString().c_str()) ); + hc = br.height() + RuleElementSpacing; + wc = RuleElementSpacing/2 + br.width(); + break; + } + + default: + break; + } + + h = QMAX(h, hc); + + wc = QMAX(wc, QApplication::globalStrut().width()); + wc += RuleElementSpacing/2; // some padding + + return QRect(0,0,wc,h); +} + +QPixmap RuleSetView::getPixmap(FWObject *obj, PixmapAttr pmattr) const +{ +// QPixmap pm; + string icn = "icon"; + if (pmattr == Neg) icn="icon-neg"; + if (pmattr == Ref) icn="icon-ref"; + if (pmattr == Tree) icn="icon-tree"; + +// return QPixmap::fromMimeSource( +// Resources::global_res->getObjResourceStr(obj, icn).c_str() ); + + QString icn_file = Resources::global_res->getObjResourceStr(obj, icn).c_str(); + QPixmap pm; + if ( ! QPixmapCache::find( icn_file, pm) ) + { + pm = QPixmap::fromMimeSource( icn_file ); + QPixmapCache::insert( icn_file, pm); + } + + return pm; +} + +/* + * insertWidget and cellwidget are only used when widgets are put in + * cells, which only happens if we enable cell editing. Which we do not. + */ +void RuleSetView::insertWidget( int r, int c, QWidget *w ) +{ + widgets.replace( indexOf( r, c ), w ); +} + +QWidget* RuleSetView::cellWidget( int r, int c ) const +{ + return widgets.find( indexOf( r, c ) ); +} + +/* CWP DONE +QString RuleSetView::objectText(RuleElement *re,FWObject *obj) +{ + if (re->isAny()) + { + if (RuleElementTSrc::isA(re) || + RuleElementTDst::isA(re) || + RuleElementTSrv::isA(re)) return QString(tr("Original")); + if (RuleElementRDst::isA(re)) return QString(tr("Default")); + if (RuleElementRGtw::isA(re) || + RuleElementRItf::isA(re)) return QString(""); + if (RuleElementItf::isA(re)) return QString(tr("All")); + return QString(tr("Any")); + } + + if (Interface::isA(obj)) + { + QString lbl= Interface::cast(obj)->getLabel().c_str(); + if ( !lbl.isEmpty() ) return lbl; + } + if (obj->getName() == "Any") return QString(tr("Any")); + else return QString::fromUtf8(obj->getName().c_str()); +}*/ + +void RuleSetView::paintCell(QPainter *pntr, + int row, + int col, + const QRect &cr, + bool selected, + const QColorGroup &cg) +{ + int re_size; + +/* row may point at an empty row where there is no rule yet. This + * happens if this method is called to redraw the table when we call + * setNumRows + */ + +// if (fwbdebug) +// qDebug("Draw cell: row=%d col=%d current palette=%d", +// row,col,palette().serialNumber()); + + if (ruleIndex.count(row)==0) return; + + if (dirtyRows[row]!=0) + { +// if (fwbdebug) qDebug("RuleSetView::paintCell dirty row %d",row); + + dirtyRows[row]=0; + adjustRow(row); // this causes repaint + return; + } + + QString rclr; + Rule *rule = Rule::cast( ruleIndex[row] ); + if (rule==NULL) return; + + FWOptions *ropt = rule->getOptionsObject(); + assert(ropt!=NULL); + rclr = ropt->getStr("color").c_str(); + + QPixmap bufferpixmap; + QString bpmname = QString("rulesetcell_%1_%2").arg(cr.width()).arg(cr.height()); + if ( ! QPixmapCache::find( bpmname, bufferpixmap) ) + { + bufferpixmap = QPixmap( cr.width() , cr.height() ); + QPixmapCache::insert( bpmname, bufferpixmap); + } + + //bufferpixmap.resize( cr.width() , cr.height() ); + bufferpixmap.fill( cg.base() ); + + QPainter p( &bufferpixmap ); + + QRect r = cellRect(row,col); + + int x = r.left() + RuleElementSpacing/2; + int y = r.top(); + + if (!rclr.isEmpty()) + { + QRect rect(0, y, cr.width(), cr.height() ); + p.fillRect(rect, QColor(rclr)); + } + + p.drawLine( cr.width()-1, 0, cr.width()-1, cr.height()-1 ); + p.drawLine( 0, cr.height()-1, cr.width()-1, cr.height()-1 ); + + p.drawLine( cr.width(), 1, cr.width(), cr.height() ); + p.drawLine( 1, cr.height(), cr.width(), cr.height() ); + +// if (selected) penColor=cg.highlightedText(); +// else penColor=cg.text(); + + const BackgroundMode bgmode = backgroundMode(); + const QColorGroup::ColorRole crole = QPalette::backgroundRoleFromMode( bgmode ); + + bool sel = (row==currentRow() && col==currentColumn()); + + if (getColType(col)==Object || getColType(col)==Time) + { + RuleElement *re = getRE(row,col); + if (re==NULL) return; + re_size = re->size(); + for (FWObject::iterator i=re->begin(); i!=re->end(); i++) + { + FWObject *o1= *i; + if (FWReference::cast(o1)!=NULL) + o1=FWReference::cast(o1)->getPointer(); + if (sel && o1==selectedObject) + { + QRect rect(0, y, cr.width(), item_h ); + if (hasFocus()) + { + p.fillRect(rect, cg.brush( QColorGroup::Highlight )); + p.setPen( cg.highlightedText() ); + } else + { + p.fillRect(rect, cg.brush( crole )); + p.setPen( cg.text() ); + } + } else + { + p.setPen( cg.text() ); + } + x = r.left()+1; + + //QPixmap pm = getPixmap(o1 , re->getNeg()?Neg:Normal ); + + string icn = "icon"; + if (re->getNeg()) icn = "icon-neg"; + + QString icn_file = + Resources::global_res->getObjResourceStr(o1, icn).c_str(); + QPixmap pm; + if ( ! QPixmapCache::find( icn_file, pm) ) + { + pm = QPixmap::fromMimeSource( icn_file ); + QPixmapCache::insert( icn_file, pm); + } + + p.drawPixmap( x, y + RuleElementSpacing/2, pm ); + + x += pm.width()+1; + + p.drawText( x, y + RuleElementSpacing/2, + cr.width()-pm.width()-1, item_h, + Qt::AlignLeft|Qt::AlignVCenter, objectText(re,o1) ); + + FWObject *mwSelObj = selectedObject; + std::vector om_selected_objects = + om->getCurrentObjectTree()->getSelectedObjects(); + + if (mwSelObj==NULL && om_selected_objects.size()!=0) + mwSelObj = om_selected_objects.front(); + + if ( (!sel || numSelections()==0) && + mwSelObj!= NULL && + mwSelObj->getId() != "sysid0" && + mwSelObj->getId() != "sysid1" && + mwSelObj->getId() != "sysid2" && + mwSelObj == o1) + { + p.setPen(Qt::red); + p.drawLine( 1, y+1, cr.width()-3, y+1 ); + p.drawLine( cr.width()-3, y+1, cr.width()-3, y+item_h-3 ); + + p.drawLine( 1, y+item_h-3, cr.width()-3, y+item_h-3 ); + p.drawLine( 1, y+1, 1, y+item_h-3 ); + + } + + y += item_h; + } + } else + { + if (sel) + { + QRect rect(0, 0, cr.width(), cr.height() ); + if (hasFocus()) + { + p.fillRect(rect, cg.brush( QColorGroup::Highlight )); + p.setPen( cg.highlightedText() ); + } else + { + p.fillRect(rect, cg.brush( crole )); + p.setPen( cg.text() ); + } + } else + { + p.setPen( cg.text() ); + } + + switch (getColType(col)) + { + case Action: + { + PolicyRule *rule = PolicyRule::cast( ruleIndex[row] ); + if (rule==NULL) return; + + QString platform=getPlatform(); + string act = rule->getActionAsString(); + QString icn = Resources::global_res->getResourceStr("/FWBuilderResources/UI/Icons/"+ act ).c_str(); + QString res=""; + //FWOptions *ropt = rule->getOptionsObject(); + res = FWObjectPropertiesFactory::getRuleActionProperties(rule); + + assert(icn!=""); + QPixmap pm; + if ( ! QPixmapCache::find( icn, pm) ) + { + pm = QPixmap::fromMimeSource( icn ); + QPixmapCache::insert( icn, pm); + } + + p.drawPixmap( x,y + RuleElementSpacing/2, pm ); + x += pm.width()+1; + QRect br=p.boundingRect(x, y, 1000, 1000, + Qt::AlignLeft|Qt::AlignVCenter, + res.ascii() ); + p.drawText( x, y, br.width(), pm.height(), + Qt::AlignLeft|Qt::AlignVCenter, res.ascii() ); + break; + } + case Direction: + { + PolicyRule *rule = PolicyRule::cast( ruleIndex[row] ); + if (rule==NULL) return; + + string dir = rule->getDirectionAsString(); + if (dir.empty()) dir = "Both"; + QString icn = Resources::global_res->getResourceStr( + "/FWBuilderResources/UI/Icons/"+ dir ).c_str(); + assert(icn!=""); + QPixmap pm; + if ( ! QPixmapCache::find( icn, pm) ) + { + pm = QPixmap::fromMimeSource( icn ); + QPixmapCache::insert( icn, pm); + } + + p.drawPixmap( x,y + RuleElementSpacing/2, pm ); + x += pm.width()+1; +// QRect br=p.boundingRect(x, y, 1000, 1000, +// Qt::AlignLeft|Qt::AlignVCenter,dir.c_str() ); +// p.drawText( x, y, br.width(), pm.height(), +// Qt::AlignLeft|Qt::AlignVCenter, dir.c_str() ); + break; + } + case Options: + { + /* both policy and routing rules have options. so cast to Rule here. */ + Rule *rule = Rule::cast( ruleIndex[row] ); + if (rule==NULL) return; + + /* is this a policy rule? only policy rules have the logging option. */ + PolicyRule *policyRule = PolicyRule::cast( rule ); + NATRule *natRule = NATRule::cast( rule ); + RoutingRule *routingRule = RoutingRule::cast( rule ); + + if (policyRule && policyRule->getLogging()) + { + QString icn = Resources::global_res->getResourceStr("/FWBuilderResources/UI/Icons/Log" ).c_str(); + assert(icn!=""); +// QPixmap pm = QPixmap::fromMimeSource( icn.c_str() ); + QPixmap pm; + if ( ! QPixmapCache::find( icn, pm) ) + { + pm = QPixmap::fromMimeSource( icn ); + QPixmapCache::insert( icn, pm); + } + + p.drawPixmap( x,y + RuleElementSpacing/2, pm ); + x += pm.width()+2; + } + if ( + (policyRule && ! isDefaultPolicyRuleOptions( rule->getOptionsObject())) || + (routingRule && ! isDefaultRoutingRuleOptions( rule->getOptionsObject())) || + (natRule && ! isDefaultNATRuleOptions( rule->getOptionsObject())) + ) + { + QString icn = Resources::global_res->getResourceStr("/FWBuilderResources/UI/Icons/Options" ).c_str(); + assert(icn!=""); +// QPixmap pm = QPixmap::fromMimeSource( icn.c_str() ); + QPixmap pm; + if ( ! QPixmapCache::find( icn, pm) ) + { + pm = QPixmap::fromMimeSource( icn ); + QPixmapCache::insert( icn, pm); + } + + p.drawPixmap( x,y + RuleElementSpacing/2, pm ); + } + break; + } + case Comment: + { +/* comments are found in both policy and nat rules, so we cast to Rule here */ + Rule *rule = Rule::cast( ruleIndex[row] ); + if (rule==NULL) return; + + QRect br=p.boundingRect(x, y, 1000, 1000, + Qt::AlignLeft|Qt::AlignVCenter, + QString::fromUtf8(rule->getComment().c_str()) ); + p.drawText( x, y + RuleElementSpacing/2, + br.width(), + br.height(), + Qt::AlignLeft|Qt::AlignVCenter, + QString::fromUtf8(rule->getComment().c_str()) ); + + break; + } + case Metric: + { + RoutingRule *rule = RoutingRule::cast( ruleIndex[row] ); + if (rule==NULL) return; + + p.drawText( x, y, cr.width()-2, RuleElementSpacing*2+pixmap_h, + Qt::AlignHCenter|Qt::AlignVCenter, + QString::fromUtf8(rule->getMetricAsString().c_str()) ); + + break; + } + default: + break; + } // switch + } + + p.end(); + + pntr->drawPixmap( 0, 0, bufferpixmap ); +// bitBlt(pntr->device(), 0, 0, &bufferpixmap, 0, 0, bufferpixmap.width(), bufferpixmap.height()); + return; +} + +QString RuleSetView::getPlatform() +{ + return getFirewall()->getStr("platform").c_str(); +} + + +libfwbuilder::PolicyRule* RuleSetView::getRule(int row) +{ + return PolicyRule::cast( ruleIndex[row] ); +} +/* CWP DONE +RuleSetView::REType RuleSetView::getColType(int col) const +{ + map::const_iterator i = colTypes.find(col); + return i->second; +}*/ + +/*********************************************************** + * I do not use in-place editing anymore, + */ +QWidget *RuleSetView::createEditor( int row, int col, bool initFromCell ) const +{ + return NULL; +} + +void RuleSetView::selectRE( int row, int col) +{ + mw->selectRules(); + + if (row!=currentRow() || col!=currentColumn()) + { + selectedObject = NULL; + updateCell(currentRow(),currentColumn()); + } +} + +void RuleSetView::selectRE(libfwbuilder::FWReference *ref) +{ + mw->selectRules(); + +// selectedObject = ref->getPointer(); + setSelectedObject( ref->getPointer() ); + +/* need to find row and column this object is in and show it */ + FWObject *re = ref->getParent(); + Rule *r = Rule::cast(re->getParent()); + assert(r!=NULL); + + int row = r->getPosition(); + int col; + for (col=0; col1) + { + for (int i=0; ieditCopyAction->setEnabled(true); + mw->editCutAction->setEnabled(true); + mw->editPasteAction->setEnabled(true); + mw->editDeleteAction->setEnabled(true); + + mw->copyRuleAction->setEnabled( selectionSize==1 ); + mw->cutRuleAction->setEnabled( selectionSize==1 ); + mw->pasteRuleAboveAction->setEnabled( selectionSize==1 ); + mw->pasteRuleBelowAction->setEnabled( selectionSize==1 ); + + } + +} +/*CWP DONE +FWObject* RuleSetView::getSelectedObject() +{ + return selectedObject; +} + + +void RuleSetView::openObjectInTree(FWObject *obj) +{ + if (gui_experiment1) return; + + FWObject *oo = obj; + if (obj==NULL || Rule::cast(obj)!=NULL) + oo = getFirewall(); + selectedObject=oo; + mw->info(oo); + + setUpdatesEnabled(false); + //bool f = hasFocus(); + om->setFocus(); + om->openObject(oo); + om->clearFocus(); + setFocus(); + setUpdatesEnabled(true); + updateContents(); +} + +void RuleSetView::setSelectedObject(FWObject* obj) +{ + if (fwbdebug) + qDebug("RuleSetView::setSelectedObject obj='%s' currentRow()=%d currentColumn()=%d", + (obj)?obj->getName().c_str():"", + currentRow(), + currentColumn()); + + prevSelectedObject = selectedObject; + prevSelectedObjectRow = selectedObjectRow; + prevSelectedObjectCol = selectedObjectCol; + + selectedObject = obj; + selectedObjectRow = currentRow(); + selectedObjectCol = currentColumn(); + + openObjectInTree(selectedObject); +}*/ + +void RuleSetView::restoreSelection(bool same_widget) +{ + if (fwbdebug) + { + if (prevSelectedObject) + qDebug("RuleSetView::restoreSelection() same_widget=%d prevSelectedObject=%s prevSelectedObjectRow=%d prevSelectedObjectCol=%d", + same_widget, + prevSelectedObject->getName().c_str(), + prevSelectedObjectRow, + prevSelectedObjectCol); + else + qDebug("RuleSetView::restoreSelection() prevSelectedObject==NULL"); + FWObject *o = oe->getOpened(); + qDebug("RuleSetView::restoreSelection() oe->getOpened=%s", + (o)?o->getName().c_str():"NULL"); + } + + if (same_widget) + { + selectedObject = prevSelectedObject; + selectedObjectRow = prevSelectedObjectRow; + selectedObjectCol = prevSelectedObjectCol; + } + setCurrentCell(selectedObjectRow,selectedObjectCol); + updateCell(selectedObjectRow, selectedObjectCol); + + openObjectInTree(selectedObject); +} + + +/* + * Entry point for all menu items 'edit' and doubleclick + */ +void RuleSetView::editSelected() +{ + if (!oe->isVisible()) oe->show(); + switchObjectInEditor(currentColumn()); +} + +bool RuleSetView::switchObjectInEditor(int col,bool validate) +{ + if (fwbdebug) + qDebug("RuleSetView::switchObjectInEditor col=%d validate=%d",col,validate); + + + if (!isTreeReadWrite(this,ruleset)) return false; + if ( currentRow()==-1 || currentColumn()==-1 ) return false; + + FWObject *Object=NULL; + ObjectEditor::OptType Operation=ObjectEditor::optNone; + + /* + * We need to know WHAT we are going to edit + + 1. Object + 2. OptType + + * Object == null, OptType = optNone => blank + * Object == Rule, OptType = optNone => Rule Options + * Object == Rule, OptType != optNone => Virtual Object (Action, Comment ...) + * Object != Rule, OptType = optNone => Regular Object Editor + + Then we compare our object 'obj' and OptType with what we already + have in ObjectEditor/ If they are the same, then we do nothing, + otherwise we open obj in the Object Editor + + */ + + int crn=currentRow(); + switch (getColType(col)) + { + case Comment: + Object=ruleIndex[crn]; + Operation=ObjectEditor::optComment; + break; + + case Metric: + Object=ruleIndex[crn]; + Operation=ObjectEditor::optMetric; + break; + + case Direction: + break; + + case Action: + { + PolicyRule *rule = PolicyRule::cast( ruleIndex[currentRow()] ); + Object=rule; + Operation=ObjectEditor::optAction; + break; + } + case Options: + { + /* both policy and routing rules have options. so cast to Rule here. */ + Rule *rule = Rule::cast( ruleIndex[currentRow()] ); + assert(rule); + Object=rule; + Operation=ObjectEditor::optNone; + break; + } + + default: + { + if ( selectedObject!=NULL) + { + Object=selectedObject; + break; + } + } + } + + if (!mw->requestEditorOwnership(this,Object,Operation,validate)) + return false; + + if (fwbdebug) + qDebug("RuleSetView::switchObjectInEditor editor ownership granted"); + + if (Object==oe->getOpened() && Operation==oe->getOpenedOpt()) + { + if (fwbdebug) + qDebug("RuleSetView::switchObjectInEditor same object is already opened in the editor"); + return true; + } + + if (fwbdebug) + qDebug("RuleSetView::switchObjectInEditor opening object in the editor"); + + if (Object == NULL) + { + oe->blank(); + } else if (Operation==ObjectEditor::optNone) + { + oe->open(Object); + } else if(Rule::cast(Object)!=NULL) + { + oe->openOpt(Object,Operation); + } + + return true; +} + +/* CWP DONE +void RuleSetView::contextMenu(int row, int col, const QPoint &pos) +{ + QTableSelection sel=selection(0); + + if (fwbdebug) +{ + qDebug("RuleSetView::contextMenu()"); + qDebug("Selection: isActive=%d",sel.isActive()); + qDebug(" topRow=%d",sel.topRow()); + qDebug(" bottomRow=%d",sel.bottomRow()); + qDebug(" leftCol=%d",sel.leftCol()); + qDebug(" rightCol=%d",sel.rightCol()); +} + + int firstSelectedRule=-1; + int lastSelectedRule=-1; + + if (sel.isActive()) +{ +/ * if we have an active selection but user called context menu + * outside selected rows, reset selection. Otherwise work with existing + * selection which may include several rows. + * / + if (rowsel.bottomRow()) +{ + clearSelection(); + sel= QTableSelection(row,0,row,ncols-1); + addSelection( sel ); + setCurrentCell(row,0); + updateHeaderStates(); +} +} else +{ + clearSelection(); + sel= QTableSelection(row,0,row,ncols-1); + addSelection( sel ); + setCurrentCell(row,0); + updateHeaderStates(); +} + + firstSelectedRule=sel.topRow(); + lastSelectedRule=sel.bottomRow(); + + if (row<0 && ruleset->size()==0) +{ + QPopupMenu *popup=new QPopupMenu(this); + addPopupMenuItem( this, popup, "", tr("Insert Rule"), + SLOT( insertRule() ) ); + addPopupMenuItem( this, popup, "", tr("Paste Rule"), + SLOT( pasteRuleAbove() ) ); + popup->exec( pos ); + delete popup; + return; +} + + if (row<0 && ruleset->size()!=0) +{ + / * this is when user clicks under the last rule * / + + setCurrentCell(ruleset->size()-1,0); + + QPopupMenu *popup=new QPopupMenu(this); + addPopupMenuItem( this, popup, "", tr("Paste Rule"), + SLOT( pasteRuleBelow() ) ); + popup->exec( pos ); + delete popup; + return; +} + +// QPoint rp = mapFromGlobal( pos); +// QHeader *hh = horizontalHeader(); +// QHeader *vh = verticalHeader(); +// int nx = rp.x()-vh->width()-1; +// int ny = rp.y()-hh->height()-1; +// objectClicked(row,col,0,QPoint(nx,ny)); + + lastPopupMenuAction=None; + + QPopupMenu *popup=new QPopupMenu(this); + + switch (getColType(col)) +{ + case Action: + { + Firewall *f = getFirewall(); + string platform=f->getStr("platform"); + QString action_name; + + if (Resources::isTargetActionSupported(platform,"Accept")) + { + action_name = getActionNameForPlatform(PolicyRule::Accept, + platform.c_str()); + addPopupMenuItem( this, popup, + "/FWBuilderResources/UI/Icons/Accept", + action_name, + SLOT( changeActionToAccept() ) ); + } + if (Resources::isTargetActionSupported(platform,"Deny")) + { + action_name = getActionNameForPlatform(PolicyRule::Deny, + platform.c_str()); + addPopupMenuItem( this, popup, + "/FWBuilderResources/UI/Icons/Deny", + action_name, + SLOT( changeActionToDeny() ) ); + } + if (Resources::isTargetActionSupported(platform,"Reject")) + { + action_name = getActionNameForPlatform(PolicyRule::Reject, + platform.c_str()); + addPopupMenuItem( this, popup, + "/FWBuilderResources/UI/Icons/Reject", + action_name, + SLOT( changeActionToReject() ) ); + } + if (Resources::isTargetActionSupported(platform,"Accounting")) + { + action_name = getActionNameForPlatform(PolicyRule::Accounting, + platform.c_str()); + addPopupMenuItem( this, popup, + "/FWBuilderResources/UI/Icons/Accounting", + action_name, + SLOT( changeActionToAccounting() ) ); + } + if (Resources::isTargetActionSupported(platform,"Pipe")) + { + action_name = getActionNameForPlatform(PolicyRule::Pipe, + platform.c_str()); + addPopupMenuItem( this, popup, + "/FWBuilderResources/UI/Icons/Pipe", + action_name, + SLOT( changeActionToPipe() ) ); + } + if (Resources::isTargetActionSupported(platform,"Tag")) + { + action_name = getActionNameForPlatform(PolicyRule::Tag, + platform.c_str()); + addPopupMenuItem( this, popup, + "/FWBuilderResources/UI/Icons/Tag", + action_name, + SLOT( changeActionToTag() ) ); + } + if (Resources::isTargetActionSupported(platform,"Classify")) + { + action_name = getActionNameForPlatform(PolicyRule::Classify, + platform.c_str()); + addPopupMenuItem( this, popup, + "/FWBuilderResources/UI/Icons/Classify", + action_name, + SLOT( changeActionToClassify() ) ); + } + if (Resources::isTargetActionSupported(platform,"Custom")) + { + action_name = getActionNameForPlatform(PolicyRule::Custom, + platform.c_str()); + addPopupMenuItem( this, popup, + "/FWBuilderResources/UI/Icons/Custom", + action_name, + SLOT( changeActionToCustom() ) ); + } + if (Resources::isTargetActionSupported(platform,"Branch")) + { + action_name = getActionNameForPlatform(PolicyRule::Branch, + platform.c_str()); + addPopupMenuItem( this, popup, + "/FWBuilderResources/UI/Icons/Branch", + action_name, + SLOT( changeActionToBranch() ) ); + } + if (Resources::isTargetActionSupported(platform,"Route")) + { + action_name = getActionNameForPlatform(PolicyRule::Route, + platform.c_str()); + addPopupMenuItem( this, popup, + "/FWBuilderResources/UI/Icons/Route", + action_name, + SLOT( changeActionToRoute() ) ); + } + if (Resources::isTargetActionSupported(platform,"Continue")) + { + action_name = getActionNameForPlatform(PolicyRule::Continue, + platform.c_str()); + addPopupMenuItem( this, popup, + "/FWBuilderResources/UI/Icons/Continue", + action_name, + SLOT( changeActionToContinue() ) ); + } + + popup->insertSeparator (); + int paramID; + paramID = addPopupMenuItem( this, popup, + "", + tr("Parameters"), + SLOT( editSelected() ) ); + + PolicyRule *rule = PolicyRule::cast( ruleIndex[row] ); + if (rule!=NULL) + { + string act = rule->getActionAsString(); + if (Resources::getActionEditor(platform,act)=="None") + popup->setItemEnabled(paramID, false); + } + + break; + } + case Direction: + { + addPopupMenuItem( this, popup, + "/FWBuilderResources/UI/Icons/Inbound", + tr("Inbound"), + SLOT( changeDirectionToIn() ) ); + addPopupMenuItem( this, popup, + "/FWBuilderResources/UI/Icons/Outbound", + tr("Outbound"), + SLOT( changeDirectionToOut() ) ); + addPopupMenuItem( this, popup, + "/FWBuilderResources/UI/Icons/Both", + tr("Both"), + SLOT( changeDirectionToBoth() ) ); + + break; + } + case Options: + { + addPopupMenuItem( this, popup, + "/FWBuilderResources/UI/Icons/Options", + tr("Rule Options"), + SLOT( editSelected() ) ); + if (fwbdebug) qDebug(ruleset->getTypeName().c_str()); + if (ruleset->getTypeName() == Policy::TYPENAME) { + + addPopupMenuItem( this, popup, + "/FWBuilderResources/UI/Icons/Log", + tr("Logging On"), + SLOT( changeLogToOn() ) ); + addPopupMenuItem( this, popup, + "/FWBuilderResources/UI/Icons/Blank", + tr("Logging Off"), + SLOT( changeLogToOff() ) ); + } + break; + } + case Object: + case Time: + { + RuleElement *re = getRE(row,col); + if(re==NULL) return; + + int editID = popup->insertItem( + tr("Edit") , this , SLOT( editSelected() ) ); + popup->insertSeparator(); + int copyID = popup->insertItem( + tr("Copy") , this , SLOT( copySelectedObject() ) ); + int cutID = popup->insertItem( + tr("Cut") , this , SLOT( cutSelectedObject() ) ); + popup->insertItem( tr("Paste") , this , SLOT( pasteObject() ) ); +// popup->insertSeparator(); + int delID =popup->insertItem( + tr("Delete") , this , SLOT( deleteSelectedObject() ) ); + popup->insertSeparator(); + int fndID = popup->insertItem( + tr("Where used") , this , SLOT( findWhereUsedSlot())); + int revID = popup->insertItem( + tr("Reveal in tree") ,this , SLOT( revealObjectInTree() ) ); + popup->insertSeparator(); + int negID = popup->insertItem( + tr("Negate") , this , SLOT( negateRE() ) ); + + if (selectedObject == NULL || re->isAny()) + popup->setItemEnabled(editID, false); + popup->setItemEnabled(copyID, !re->isAny()); + popup->setItemEnabled(cutID, !re->isAny()); + popup->setItemEnabled(delID, !re->isAny()); + + string cap_name; + if (InterfacePolicy::cast(ruleset)!=NULL) cap_name="negation_in_interface_policy"; + if (Policy::cast(ruleset)!=NULL) cap_name="negation_in_policy"; + if (NAT::cast(ruleset)!=NULL) cap_name="negation_in_nat"; + + Firewall *f = getFirewall(); + + bool supports_neg=false; + try { + supports_neg=Resources::getTargetCapabilityBool(f->getStr("platform"), + cap_name); + } catch (FWException &ex) + { + QMessageBox::critical( NULL , "Firewall Builder", + ex.toString().c_str(), + QString::null,QString::null); + } + popup->setItemEnabled(negID, supports_neg && !re->isAny()); + popup->setItemEnabled(fndID, !re->isAny()); + popup->setItemEnabled(revID, !re->isAny()); + + break; + } + + case RuleOp: + { +// setCurrentCell(row,0); + setFocus(); + + Rule *rule = Rule::cast(ruleIndex[row]); + if (rule==NULL) + { + addPopupMenuItem( this, popup, "", tr("Insert Rule"), SLOT( insertRule() ) ); + } else + { + int rn = rule->getPosition(); + int selectionSize=lastSelectedRule-firstSelectedRule+1; + QLabel *l; + if (selectionSize!=1) + { + l=new QLabel(QString(" ")+tr("Rules: %1-%2").arg(firstSelectedRule).arg(lastSelectedRule), popup); + } else + { + l=new QLabel(QString(" ")+tr("Rule: %1").arg(rn), popup); + } + l->setAlignment( Qt::AlignHCenter ); + popup->insertItem( l ); + popup->insertSeparator(); + l=new QLabel(QString(" ")+tr("Color Label:"), popup); + popup->insertItem( l ); + ColorLabelMenuItem *cl = new ColorLabelMenuItem(popup); + popup->insertItem(cl); + + connect( cl, SIGNAL( returnColor(const QString&) ), + this, SLOT( setRuleColor(const QString&) ) ); + + popup->insertSeparator(); + + QString itemLbl; + + addPopupMenuItem( this, popup, "", tr("Insert Rule"), + SLOT( insertRule() ) ); + addPopupMenuItem( this, popup, "", tr("Add Rule Below"), + SLOT( addRuleAfterCurrent() ) ); + + if (selectionSize==1) itemLbl=tr("Remove Rule"); + else itemLbl=tr("Remove Rules"); + addPopupMenuItem( this, popup, "", itemLbl, + SLOT( removeRule())); + if (selectionSize==1) itemLbl=tr("Move Rule"); + else itemLbl=tr("Move Rules"); + addPopupMenuItem( this, popup, "", itemLbl, + SLOT( moveRule())); + + popup->insertSeparator(); + + addPopupMenuItem( this, popup, "", tr("Copy Rule"), + SLOT( copyRule() ) ); + addPopupMenuItem( this, popup, "", tr("Cut Rule"), + SLOT( cutRule() ) ); + addPopupMenuItem( this, popup, "", tr("Paste Rule Above"), + SLOT( pasteRuleAbove() ) ); + addPopupMenuItem( this, popup, "", tr("Paste Rule Below"), + SLOT( pasteRuleBelow() ) ); + + popup->insertSeparator(); + Rule *r = Rule::cast( ruleIndex[row] ); + if (r->isDisabled()) + { + if (selectionSize==1) itemLbl=tr("Enable Rule"); + else itemLbl=tr("Enable Rules"); + addPopupMenuItem( this, popup, "", itemLbl, + SLOT( enableRule() ) ); + }else{ + if (selectionSize==1) itemLbl=tr("Disable Rule"); + else itemLbl=tr("Disable Rules"); + addPopupMenuItem( this, popup, "", itemLbl, + SLOT( disableRule() ) ); + } + } + break; + } + + case Comment: + popup->insertItem( tr("Edit") , this , SLOT( editSelected() ) ); + break; + + case Metric: + popup->insertItem( tr("Edit") , this , SLOT( editSelected() ) ); + break; + + default: + popup->insertItem( tr("Edit") , this , SLOT( editRE() ) ); + break; +} + + + + popup->exec( pos ); + + delete popup; +}*/ + + +void RuleSetView::revealObjectInTree() +{ + if ( selectedObject!=NULL) + om->openObject(selectedObject); +} + +void RuleSetView::findWhereUsedSlot() +{ + if ( selectedObject!=NULL) + mw->findWhereUsed(selectedObject); +} + +void RuleSetView::setRuleColor(const QString &c) +{ + if (!isTreeReadWrite(this,ruleset)) return; + + int firstSelectedRule=-1; + int lastSelectedRule=-1; + + QTableSelection sel=selection(0); + if (sel.isActive()) + { + firstSelectedRule=sel.topRow(); + lastSelectedRule=sel.bottomRow(); +// removeSelection(0); +// verticalHeader()->update(); + } else + { + firstSelectedRule=currentRow(); + lastSelectedRule=currentRow(); + } + + if ( firstSelectedRule!=-1 ) + { + for (int i=firstSelectedRule; i<=lastSelectedRule; ++i) + { + Rule *rule = Rule::cast( ruleIndex[i] ); + FWOptions *ropt = rule->getOptionsObject(); + ropt->setStr("color",c.latin1()); + dirtyRows[i]=1; + adjustRow(i); // this causes repaint + } + } +} + +void RuleSetView::changeAction(PolicyRule::Action act) +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if ( currentRow()!=-1 && currentColumn()!=-1 ) + { + PolicyRule *rule = PolicyRule::cast( ruleIndex[currentRow()] ); + FWOptions *ruleopt = rule->getOptionsObject(); + PolicyRule::Action old_act=rule->getAction(); + RuleSet *subset = NULL; + if (old_act==PolicyRule::Branch) + subset = rule->getBranch(); + + if (act!=old_act) + { + if (old_act==PolicyRule::Branch) + mw->removePolicyBranchTab( subset ); + + rule->setAction( act ); + if (!changingRules) + om->updateLastModifiedTimestampForOneFirewall(getFirewall()); + } + + ruleopt->setBool("stateless", getStatelessFlagForAction(rule)); + + oe->actionChanged(rule); + } +} + +void RuleSetView::changeActionToAccept() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if (fwbdebug) qDebug("Firewall action: changeActionToAccept"); + changeAction( PolicyRule::Accept ); +} + +void RuleSetView::changeActionToDeny() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if (fwbdebug) qDebug("Firewall changed: changeActionToDeny"); + changeAction( PolicyRule::Deny ); +} + +void RuleSetView::changeActionToReject() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if (fwbdebug) qDebug("Firewall changed: changeActionToReject"); + changeAction( PolicyRule::Reject ); +} + +void RuleSetView::changeActionToAccounting() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if (fwbdebug) qDebug("Firewall changed: changeActionToAccounting"); + changeAction( PolicyRule::Accounting ); +} + +void RuleSetView::changeActionToPipe() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if (fwbdebug) qDebug("Firewall changed: changeActionToPipe"); + changeAction( PolicyRule::Pipe ); +} + +void RuleSetView::changeActionToTag() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if (fwbdebug) qDebug("Firewall changed: changeActionToTag"); + changeAction( PolicyRule::Tag ); +} + +void RuleSetView::changeActionToClassify() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if (fwbdebug) qDebug("Firewall changed: changeActionToClassify"); + changeAction( PolicyRule::Classify ); +} + +void RuleSetView::changeActionToCustom() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if (fwbdebug) qDebug("Firewall changed: changeActionToCustom"); + changeAction( PolicyRule::Custom ); +} + +void RuleSetView::changeActionToRoute() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if (fwbdebug) qDebug("Firewall changed: changeActionToRoute"); + changeAction( PolicyRule::Route ); +} + +void RuleSetView::changeActionToContinue() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if (fwbdebug) qDebug("Firewall changed: changeActionToContinue"); + changeAction( PolicyRule::Continue ); +} + +void RuleSetView::changeActionToBranch() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if ( currentRow()!=-1 && currentColumn()!=-1 ) + { + if (fwbdebug) qDebug("Firewall action: changeActionToBranch"); + changeAction( PolicyRule::Branch ); + + addRuleBranch( PolicyRule::cast( ruleIndex[currentRow()] ) ); + } +} + +void RuleSetView::addRuleBranch(PolicyRule *rule) +{ + if (fwbdebug) qDebug("RuleSetView::addRuleBranch"); + + FWOptions *ropt = rule->getOptionsObject(); + QString branchName = ropt->getStr("branch_name").c_str(); + if (branchName.isEmpty()) + { + QString bn = QString("rule%1_branch").arg(rule->getPosition()); + ropt->setStr("branch_name",bn.ascii()); + } + RuleSet *subset = rule->getBranch(); + if (subset==NULL) + { + // can change action only for the policy rule, therefore + // branch can only be a Policy (i.e. can not be NAT) + subset = new Policy(); + rule->add(subset); + } + mw->addPolicyBranchTab(subset); +} + + +void RuleSetView::changeDitection(PolicyRule::Direction dir) +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if ( currentRow()!=-1 && currentColumn()!=-1 ) + { + PolicyRule *rule = PolicyRule::cast( ruleIndex[currentRow()] ); + PolicyRule::Direction old_dir=rule->getDirection(); + if (dir!=old_dir) + { + if (!changingRules) + om->updateLastModifiedTimestampForOneFirewall(getFirewall()); + rule->setDirection( dir ); + } + } +} + +void RuleSetView::changeDirectionToIn() +{ + if (fwbdebug) qDebug("Firewall changed: changeDirectionToIn"); + changeDitection( PolicyRule::Inbound ); +} + +void RuleSetView::changeDirectionToOut() +{ + if (fwbdebug) qDebug("Firewall changed: changeDirectionToOut"); + changeDitection( PolicyRule::Outbound ); +} + +void RuleSetView::changeDirectionToBoth() +{ + if (fwbdebug) qDebug("Firewall changed: changeDirectionToBoth"); + changeDitection( PolicyRule::Both ); +} + +void RuleSetView::updateCurrentCell() +{ +// setCurrentCell( currentRow(), currentColumn() ); + updateCell( currentRow(),currentColumn()); +} + +void RuleSetView::updateAll() +{ + int r=0; + for (FWObject::iterator i=ruleset->begin(); i!=ruleset->end(); i++,r++) + dirtyRows[r] = 1; + + updateContents(); +} + +void RuleSetView::changeLogToOn() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if ( currentRow()!=-1 && currentColumn()!=-1 ) + { + PolicyRule *rule = PolicyRule::cast( ruleIndex[currentRow()] ); + if (fwbdebug) qDebug("Firewall changed: changeLogToOn"); + if (!changingRules) + om->updateLastModifiedTimestampForOneFirewall(getFirewall()); + rule->setLogging( true ); + } +} + +void RuleSetView::changeLogToOff() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if ( currentRow()!=-1 && currentColumn()!=-1 ) + { + PolicyRule *rule = PolicyRule::cast( ruleIndex[currentRow()] ); + if (fwbdebug) qDebug("Firewall changed: changeLogToOff"); + if (!changingRules) + om->updateLastModifiedTimestampForOneFirewall(getFirewall()); + rule->setLogging( false ); + } +} +//done till here +void RuleSetView::copySelectedObject() +{ + if ( selectedObject!=NULL) + { + FWObjectClipboard::obj_clipboard->clear(); + FWObjectClipboard::obj_clipboard->add( selectedObject ); + } +} + +void RuleSetView::cutSelectedObject() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if ( selectedObject!=NULL) + { + FWObjectClipboard::obj_clipboard->clear(); + FWObjectClipboard::obj_clipboard->add( selectedObject ); + deleteSelectedObject(); + } +} + +void RuleSetView::deleteSelectedObject() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if ( selectedObject!=NULL) + { + deleteObject(currentRow(),currentColumn(),selectedObject); + setSelectedObject(NULL); + } +} + +void RuleSetView::deleteObject(int row, int col, FWObject *obj) +{ + RuleElement *re = getRE(row,col); + if (re==NULL || re->isAny()) return; + string id = obj->getId(); + + if (fwbdebug) + { + qDebug("RuleSetView::deleteObject row=%d col=%d id=%s", + row,col,id.c_str()); + qDebug("obj = %p",re->getRoot()->findInIndex(id)); + int rc = obj->ref()-1; obj->unref(); + qDebug("obj->ref_counter=%d",rc); + } + + if (!changingRules) + om->updateLastModifiedTimestampForOneFirewall(getFirewall()); + + re->removeRef(obj); + + if (re->isAny()) re->setNeg(false); + + if (fwbdebug) + { + qDebug("RuleSetView::deleteObject re->size()=%d",re->size()); + qDebug("obj = %p",re->getRoot()->findInIndex(id)); + int rc = obj->ref()-1; obj->unref(); + qDebug("obj->ref_counter=%d",rc); + } + + dirtyRows[row]=1; + adjustColumn(col); + adjustRow(row); + updateCell(row,col); + mw->findObjectWidget->reset(); +} + +bool RuleSetView::insertObject(int row, int col, FWObject *obj) +{ + if (fwbdebug) + qDebug("RuleSetView::insertObject -- insert object %s", + obj->getName().c_str()); + + if (!isTreeReadWrite(this,ruleset)) return false; + + if (getColType(col)!=Object && getColType(col)!=Time) return false; + + RuleElement *re = getRE(row,col); + assert (re!=NULL); + + if (fwbdebug) + qDebug("RuleSetView::insertObject -- validate"); + + if (! re->validateChild(obj) ) + { + if (fwbdebug) + qDebug("RuleSetView::insertObject -- validation failed"); + + if (RuleElementRItf::cast(re)) + + QMessageBox::information( NULL , "Firewall Builder", + "A single interface belonging to this firewall is expected in this field.", + QString::null,QString::null); + + else if (RuleElementRGtw::cast(re)) + + QMessageBox::information( NULL , "Firewall Builder", + "A single ip adress is expected here. You may also insert a host or a network adapter leading to a single ip adress.", + QString::null,QString::null); + + return false; + } + + if (re->getAnyElementId()==obj->getId()) return false; + + if (fwbdebug) + qDebug("RuleSetView::insertObject -- check for duplicates"); + + if (! re->isAny()) + { +/* avoid duplicates */ + string cp_id=obj->getId(); + list::iterator j; + for(j=re->begin(); j!=re->end(); ++j) + { + FWObject *o=*j; + if(cp_id==o->getId()) return false; + + FWReference *ref; + if( (ref=FWReference::cast(o))!=NULL && + cp_id==ref->getPointerId()) return false; + } + } + + if (fwbdebug) + qDebug("RuleSetView::insertObject -- add reference"); + + re->addRef(obj); + dirtyRows[row]=1; + + if (fwbdebug) + qDebug("RuleSetView::insertObject -- adjust and update table cell"); + + adjustColumn(col); + adjustRow(row); + updateCell(row,col); + + if (fwbdebug) qDebug("Firewall changed: insertObject"); + if (!changingRules) + om->updateLastModifiedTimestampForOneFirewall(getFirewall()); + return true; +} + +void RuleSetView::pasteObject() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + vector::iterator i; + for (i= FWObjectClipboard::obj_clipboard->begin(); + i!=FWObjectClipboard::obj_clipboard->end(); ++i) + { + FWObject *co= mw->db()->findInIndex(*i); + if (Rule::cast(co)!=NULL) pasteRuleAbove(); + else + { + if (currentRow()>=0) + insertObject(currentRow(),currentColumn(),co); + } + } + +/* + if (FWObjectClipboard::obj_clipboard->getObject()!=NULL) + insertObject(currentRow(),currentColumn(), + FWObjectClipboard::obj_clipboard->getObject() ); +*/ +} + +void RuleSetView::negateRE() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + if ( currentRow()!=-1 && currentColumn()!=-1 ) + { + RuleElement *re = getRE(currentRow(),currentColumn()); + if (re==NULL) return; + if (fwbdebug) qDebug("Firewall changed: negateRE"); + re->toggleNeg(); + if (!changingRules) + om->updateLastModifiedTimestampForOneFirewall(getFirewall()); + + updateCell(currentRow(),currentColumn()); + } +} + +void RuleSetView::editRE() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + editCell(currentRow(),currentColumn()); +} + + +/* CWP DONE +FWObject* RuleSetView::getObj(int row, int col, int mouse_y_pos, QRect *objr) +{ + RuleElement *re = getRE(row,col); + if (re==NULL) return NULL; + + QRect cr=cellGeometry(row,col); + +/ * + * n is the number of objects in the cell + * y_rel is a distance of the mouse cursor from the top of the cell + * h is the cell height + * / + int y_rel = mouse_y_pos-cr.y(); + int y_obj = cr.y(); + int on=0; + int oy=0; + FWObject *o1=NULL; + FWObject *obj=NULL; + FWObject *prev=NULL; + for (FWObject::iterator i=re->begin(); i!=re->end(); i++,on++) + { + o1= *i; + if (FWReference::cast(o1)!=NULL) o1=FWReference::cast(o1)->getPointer(); + if (y_rel>oy && y_relselectRules(); + + int row=rowAt(ev->y()); + int col=columnAt(ev->x()); + + FWObject *obj=getObj(row,col,ev->y()); + bool needUpdate= (row==currentRow() && col==currentColumn() && selectedObject!=obj); + + if (fwbdebug) + qDebug("RuleSetView::contentsMousePressEvent obj=%s row=%d col=%d needUpdate=%d", + (obj)?obj->getName().c_str():"NULL",row,col,needUpdate); + + if (fwbdebug) + qDebug("RuleSetView::contentsMousePressEvent 1 currentRow=%d currentColumn=%d", + currentRow(),currentColumn()); + + QTable::contentsMousePressEvent(ev); + + if (fwbdebug) + qDebug("RuleSetView::contentsMousePressEvent 2 currentRow=%d currentColumn=%d", + currentRow(),currentColumn()); + + setSelectedObject(obj); + updateCell(row,col); +} + + +void RuleSetView::contentsMouseReleaseEvent( QMouseEvent* ev ) +{ + if (fwbdebug) + qDebug("RuleSetView::contentsMouseReleaseEvent"); + + if (oe->isVisible() && !switchObjectInEditor( columnAt(ev->x()) )) + { + ev->accept(); + } else + QTable::contentsMouseReleaseEvent(ev); +} + + +void RuleSetView::contentsMouseMoveEvent( QMouseEvent* ev ) +{ + QTable::contentsMouseMoveEvent(ev); + return; + + if (dragging) + { + QDragObject* d = dragObject(); + d->dragMove(); + dragging =false; + } +}*/ + +void RuleSetView::keyPressEvent( QKeyEvent* ev ) +{ + mw->selectRules(); + + RuleElement *re; + + if (ev->key()==Qt::Key_Left || ev->key()==Qt::Key_Right) + { + int shift= (ev->key()==Qt::Key_Left) ? -1 : 1; + +/* keyboard 'Left' or 'Right', switch to the object with the same + * number in the cell to the left or to the right + */ + int objno=0; + re = getRE(currentRow(),currentColumn()); + if (re!=NULL) + { + // in this loop we count objects in objno + for (FWObject::iterator i=re->begin(); i!=re->end(); ++i,++objno) + { + FWObject *o1= *i; + if (FWReference::cast(o1)!=NULL) o1=FWReference::cast(o1)->getPointer(); + if (o1==selectedObject) break; + } + } + re = getRE(currentRow(),currentColumn() + shift); + if (re==NULL) + { + if (oe->isVisible() && !switchObjectInEditor(currentColumn() + shift)) + { + ev->accept(); + } else + QTable::keyPressEvent(ev); + openObjectInTree(getFirewall()); + + return; + } + + FWObject *newObj = NULL; + int n=0; + for (FWObject::iterator i=re->begin(); i!=re->end(); ++i,++n) + { + FWObject *o1= *i; + if (FWReference::cast(o1)!=NULL) o1=FWReference::cast(o1)->getPointer(); + if (n==objno) + { + newObj = o1; + break; + } + } + if (newObj==NULL) + { + FWObject *o1=re->back(); + if (FWReference::cast(o1)!=NULL) o1=FWReference::cast(o1)->getPointer(); + newObj = o1; + } + + setSelectedObject(newObj); + if (oe->isVisible() && !switchObjectInEditor(currentColumn()+shift)) + { + ev->accept(); + } else + QTable::keyPressEvent(ev); + return; + } + + if (ev->key()==Qt::Key_Down || ev->key()==Qt::Key_Up) + { + re = getRE(currentRow(),currentColumn()); + + FWObject *prev=NULL; + FWObject *o1 =NULL; + FWObject::iterator i; + if (re) + { + for (i=re->begin(); i!=re->end(); ++i) + { + o1= *i; + if (FWReference::cast(o1)!=NULL) o1=FWReference::cast(o1)->getPointer(); + if (ev->key()==Qt::Key_Up && o1==selectedObject) break; + if (ev->key()==Qt::Key_Down && prev==selectedObject) break; + prev=o1; + } + } else + { +/* going up and down in a column that does not contain objects (action/direction etc) */ + QTable::keyPressEvent(ev); // to make new row current + if (oe->isVisible() && !switchObjectInEditor(currentColumn())) + { + ev->accept(); + } + openObjectInTree(getFirewall()); + return; + } + + if (ev->key()==Qt::Key_Up && prev==NULL) + { +/* keyboard 'Up', switch to the last object in the cell above */ + if (currentRow()-1<0) + { + return; + } + + re = getRE(currentRow()-1,currentColumn()); + if (re!=NULL) // can be NULL if currentRow is 0 + { + o1=re->back(); + if (FWReference::cast(o1)!=NULL) o1=FWReference::cast(o1)->getPointer(); + setSelectedObject(o1); + if (oe->isVisible() && !switchObjectInEditor(currentColumn())) + { + ev->accept(); + return; + } + } + QTable::keyPressEvent(ev); + return; + } + + if (ev->key()==Qt::Key_Down && i==re->end()) + { +/* keyboard 'Down', switch to the first object in the cell below */ + if (currentRow()+1>=int(ruleset->size())) + { + return; + } + + re = getRE(currentRow()+1,currentColumn()); + if (re!=NULL) + { + o1=re->front(); + if (FWReference::cast(o1)!=NULL) o1=FWReference::cast(o1)->getPointer(); + setSelectedObject(o1); + if (oe->isVisible() && !switchObjectInEditor(currentColumn())) + { + ev->accept(); + return; + } + } + QTable::keyPressEvent(ev); + return; + } +/* switching to another object in the same cell */ + setSelectedObject((ev->key()==Qt::Key_Up) ? prev : o1); + if (oe->isVisible() && !switchObjectInEditor(currentColumn())) + { + ev->accept(); + return; + } + + updateCell(currentRow(),currentColumn()); + + ev->accept(); + return; + } + + if (ev->key()==Qt::Key_Delete) + { + deleteSelectedObject(); + } + + QTable::keyPressEvent(ev); +} + +QDragObject* RuleSetView::dragObject() +{ + FWObject *obj = selectedObject; + if (obj==NULL) return NULL; + + QString icn = + Resources::global_res->getObjResourceStr(obj, "icon").c_str(); + + list dragobj; + dragobj.push_back(obj); + + FWObjectDrag *drag = new FWObjectDrag(dragobj, this, NULL); + +// QPixmap pm = QPixmap::fromMimeSource( icn_filename ); + QPixmap pm; + if ( ! QPixmapCache::find( icn, pm) ) + { + pm = QPixmap::fromMimeSource( icn ); + QPixmapCache::insert( icn, pm); + } + + drag->setPixmap( pm, + QPoint( pm.rect().width() / 2, + pm.rect().height() / 2 ) ); + + return drag; +} + +void RuleSetView::dragEnterEvent( QDragEnterEvent *ev) +{ + ev->acceptAction( QTextDrag::canDecode(ev) ); +} + +void RuleSetView::contentsDragEnterEvent( QDragEnterEvent *ev) +{ + ev->acceptAction( QTextDrag::canDecode(ev) ); +} + +void RuleSetView::dragMoveEvent( QDragMoveEvent *ev) +{ + QWidget *fromWidget = ev->source(); + // The source of DnD object must be the same instance of fwbuilder + if (fromWidget) + { + if (FWObjectDrag::canDecode(ev) && !ruleset->isReadOnly()) + { + QHeader *hh = horizontalHeader(); + QHeader *vh = verticalHeader(); + + int row = rowAt( ev->pos().y() + contentsY() - hh->height() ); + int col = columnAt( ev->pos().x() + contentsX() - vh->width() ); + + if (col<0 || ( getColType(col)!=Object && getColType(col)!=Time) ) + { + ev->acceptAction(false); + return; + } + + RuleElement *re = getRE(row,col); + if (re==NULL) + { + ev->acceptAction(false); + return; + } + + bool acceptE = true; + list dragol; + + /* + * See bug 1226069 Segfault: Drag&Drop between two instances + * + * There is a problem with this code: Since we pass "live" pointer to + * FWObject* object in the drag event, drag&drop should not be used to + * pass objects between different instances of the GUI running at the + * same time. Trying to do so causes receiving program to crash + * because it tries to access an object using memory pointer that it + * obtained from another program. Apparently C++ standard does not + * define behavior of the program in case it tries to access memory + * using bad pointer, so it does not throw any exception we could + * catch. Real solution, of course, is to pass object's ID together + * with some identification for the data file in the drag event and + * then on receiving end scan the tree looking for this + * object. Unfortunately this is too slow with our current API desing. + * + * TODO: The problem requires more detailed investigation, possibly + * including API redesign. + */ + + if (FWObjectDrag::decode(ev, dragol)) + { + for (list::iterator i=dragol.begin(); + i!=dragol.end(); ++i) + { + FWObject *dragobj = NULL; + dragobj = dynamic_cast(*i); + if(dragobj!=NULL) + acceptE &= re->validateChild(dragobj); + } + ev->acceptAction( acceptE ); + return; + } + } + } + ev->accept(false); +} + + +void RuleSetView::dropEvent( QDropEvent *ev) +{ + if (!isTreeReadWrite(this,ruleset)) return; + + QHeader *hh = horizontalHeader(); + QHeader *vh = verticalHeader(); + + int row = rowAt( ev->pos().y() + contentsY() - hh->height() ); + int col = columnAt( ev->pos().x() + contentsX() - vh->width() ); + + if (row<0 || col<0) return; + +/* without this check the user can drag and drop an object inside the + * same rule element. This is bad because it is considered a change, + * even though nothing really changes. With this check, we can not + * drag and drop an object from the tree into a selected cell... + + if (row==currentRow() && col==currentColumn()) return; + */ + + if (fwbdebug) + { + qDebug("RuleSetView::dropEvent drop event mode=%d", ev->action()); + qDebug(" src widget = %p", ev->source()); + qDebug(" this = %p", this ); + } + + list dragol; + if (FWObjectDrag::decode(ev, dragol)) + { + for (list::iterator i=dragol.begin(); + i!=dragol.end(); ++i) + { + FWObject *dragobj = *i; + assert(dragobj!=NULL); + + if (ev->source()!=this) + { + insertObject(row,col,dragobj); + } else + { + switch (ev->action()) + { + case QDropEvent::Move: + if (insertObject(row,col,dragobj) ) + deleteObject(currentRow(),currentColumn(),dragobj); + break; + + default: + insertObject(row,col,dragobj); + break; + } + } + } + ev->acceptAction(); + } +} + +void RuleSetView::removeRule() +{ + if (!hasFocus()) return; + if (!isTreeReadWrite(this,ruleset)) return; +/* we call removeRule in a loop. Set flag changingRules to true to prevent + * removeRule from calling updateLastModifiedTimestampForAllFirewalls each time + */ + changingRules = true; + + mw->findObjectWidget->reset(); + + int firstSelectedRule=-1; + int lastSelectedRule=-1; + + QTableSelection sel=selection(0); + if (sel.isActive()) + { + firstSelectedRule=sel.topRow(); + lastSelectedRule=sel.bottomRow(); + clearSelection(); +// removeSelection(0); + verticalHeader()->update(); + } else + { + firstSelectedRule=currentRow(); + lastSelectedRule=currentRow(); + } + +/* remove rules firstSelectedRule through lastSelectedRule */ + + if ( firstSelectedRule!=-1 ) + { + clearSelection(); + verticalHeader()->update(); + if (fwbdebug) qDebug("Firewall changed: removeRule"); + + setUpdatesEnabled(false); + for (int rn=lastSelectedRule; rn>=firstSelectedRule; --rn) + { + if (oe->isVisible() && oe->getOpened()==ruleIndex[rn]) oe->close(); + + bool delete_branch_tab = false; + PolicyRule *r = PolicyRule::cast( ruleIndex[rn] ); + RuleSet *subset = NULL; + if (r) + { + if (r->getAction()==PolicyRule::Branch) + { + subset = r->getBranch(); + delete_branch_tab = true; + } + } + + if ( ruleset->deleteRule(rn) ) + { + if (delete_branch_tab) + mw->removePolicyBranchTab( subset ); + + int lastN=ruleIndex.size()-1; + ruleIndex.erase(rn); + + for (int i=rn; iupdateLastModifiedTimestampForOneFirewall(getFirewall()); + } +} + +/*CWP DONE: +void RuleSetView::insertRule() +{ +// if (!hasFocus()) return; // <-- can insert rule even if does not have focus + if (!isTreeReadWrite(this,ruleset)) return; + + int firstSelectedRule=-1; + int lastSelectedRule=-1; + + QTableSelection sel=selection(0); + if (sel.isActive()) + { + firstSelectedRule=sel.topRow(); + lastSelectedRule=sel.bottomRow(); + removeSelection(0); + verticalHeader()->update(); + } else + { + firstSelectedRule=currentRow(); + lastSelectedRule=currentRow(); + } + + changingRules = true; + insertRule(firstSelectedRule,NULL); + changingRules = false; + om->updateLastModifiedTimestampForOneFirewall(getFirewall()); +}*/ + +void RuleSetView::addRuleAfterCurrent() +{ + if (!hasFocus()) return; + if (!isTreeReadWrite(this,ruleset)) return; + + int firstSelectedRule=-1; + int lastSelectedRule=-1; + + QTableSelection sel=selection(0); + if (sel.isActive()) + { + firstSelectedRule=sel.topRow(); + lastSelectedRule=sel.bottomRow(); + removeSelection(0); + verticalHeader()->update(); + } else + { + firstSelectedRule=currentRow(); + lastSelectedRule=currentRow(); + } + + changingRules = true; + insertRule(lastSelectedRule+1,NULL); + changingRules = false; + om->updateLastModifiedTimestampForOneFirewall(getFirewall()); +} + +/*CWP DONE: +Rule* RuleSetView::insertRule(int pos, FWObject *r) +{ + if (r!=NULL && + ruleset->getTypeName()==Policy::TYPENAME && + r->getTypeName()!=PolicyRule::TYPENAME) return NULL; + if (r!=NULL && + ruleset->getTypeName()==NAT::TYPENAME && + r->getTypeName()!=NATRule::TYPENAME ) return NULL; + + if (pos<0) pos=0; + +// insertRows( pos , 1 ); + + Rule *newrule=NULL; + if ( ruleset->getRuleSetSize()==0) newrule=ruleset->insertRuleAtTop(); + else + { + if (pos==ruleset->getRuleSetSize()) + { + newrule=ruleset->appendRuleAtBottom(); + } else + newrule=ruleset->insertRuleBefore(pos); + assert(newrule!=NULL); + } + + if (fwbdebug && PolicyRule::cast(r)!=NULL) + qDebug(QString("RuleSetView::insertRule: r->direction=%1") + .arg(PolicyRule::cast(r)->getDirectionAsString().c_str())); + + PolicyRule *newrule_as_policy_rule = PolicyRule::cast(newrule); + + if (newrule_as_policy_rule) + { + newrule_as_policy_rule->setLogging(supports_logging); + newrule_as_policy_rule->setAction(PolicyRule::Deny); + newrule_as_policy_rule->setDirection(PolicyRule::Both); + FWOptions *ruleopt = newrule_as_policy_rule->getOptionsObject(); + ruleopt->setBool("stateless", + getStatelessFlagForAction(newrule_as_policy_rule)); + } + + if (r!=NULL) copyRuleContent(newrule,Rule::cast(r)); + + for (int i=ruleIndex.size(); i>pos; --i) ruleIndex[i]=ruleIndex[i-1]; + ruleIndex[pos] = newrule; + + if (fwbdebug && PolicyRule::cast(r)!=NULL) + qDebug(QString("RuleSetView::insertRule: newrule->direction=%1") + .arg(PolicyRule::cast(newrule)->getDirectionAsString().c_str())); + + + insertRows( pos , 1 ); + + for (int i=ruleIndex.size(); i>=pos; --i) + setRuleNumber(i, Rule::cast(ruleIndex[i])); + + if (newrule_as_policy_rule!=NULL && + newrule_as_policy_rule->getAction()==PolicyRule::Branch ) + addRuleBranch( newrule_as_policy_rule ); + + dirtyRows[pos]=1; +//// adjustRow(pos); + + setCurrentCell( pos, currentColumn() ); + updateCell(pos,currentColumn()); + + if (fwbdebug) qDebug("Firewall changed: insertRule"); + + return newrule; +} + +void RuleSetView::copyRuleContent(Rule *dst, Rule *src) +{ + string id=dst->getId(); + int p=dst->getPosition(); + + if ( src->isDisabled() ) dst->disable(); + else dst->enable(); + + dst->shallowDuplicate(src,false); + +// map::const_iterator i; +// for(i=dst->dataBegin(); i!=dst->dataEnd(); ++i) { +// string f= (*i).first; +// dst->setStr(f, src->getStr(f) ); +// } + + dst->setComment( src->getComment() ); + + list::iterator j; + for(j=dst->begin(); j!=dst->end(); ++j) + { + string dtype= (*j)->getTypeName(); + FWObject *selem= src->getFirstByType(dtype); + if (selem!=NULL) + (*j)->duplicate(selem); + } + + if (id!="") dst->setId(id); + dst->setPosition(p); +} */ + +void RuleSetView::moveRule() +{ + if (!hasFocus()) return; + + int firstSelectedRule=-1; + int lastSelectedRule=-1; + + QTableSelection sel=selection(0); + if (sel.isActive()) + { + firstSelectedRule=sel.topRow(); + lastSelectedRule=sel.bottomRow(); + } else + { + firstSelectedRule=currentRow(); + lastSelectedRule=currentRow(); + } + int selectionSize=lastSelectedRule-firstSelectedRule+1; + +/* calculate acceptable range of rule numbers for the dialog */ + int minRN=0; + int maxRN=ruleset->size()-selectionSize; + + askRuleNumberDialog_q d(this); + d.newRuleNum->setMinValue(minRN); + d.newRuleNum->setMaxValue(maxRN); + + if (d.exec()==QDialog::Accepted) + { + int newN = d.newRuleNum->value(); + int nn = newN; + if (firstSelectedRule==nn) return; + + clearSelection(); +// removeSelection(0); + verticalHeader()->update(); + + setUpdatesEnabled(false); + + if (firstSelectedRule>nn) + { // moving block of rules up + for (int i=firstSelectedRule; i<=lastSelectedRule; i++) + { + int j=i; + while (j!=nn) + { + if (!ruleset->moveRuleUp(j)) return; + + FWObject *r=ruleIndex[j]; + ruleIndex[j]=ruleIndex[j-1]; + ruleIndex[j-1]=r; + + swapRows(j-1,j); + + dirtyRows[j-1]=1; + dirtyRows[j]=1; + + Rule *rule = Rule::cast( ruleIndex[j-1] ); + setRuleNumber(j-1,rule); + rule = Rule::cast( ruleIndex[j] ); + setRuleNumber(j,rule); + + --j; + } + nn++; + } + } else + { // moving block of rules down + for (int i=lastSelectedRule; i>=firstSelectedRule; i--) + { + int j=i; + while (j!=nn+selectionSize-1) + { + if (!ruleset->moveRuleDown(j)) return; + + FWObject *r=ruleIndex[j]; + ruleIndex[j]=ruleIndex[j+1]; + ruleIndex[j+1]=r; + + swapRows(j+1,j); + + dirtyRows[j+1]=1; + dirtyRows[j]=1; + + Rule *rule = Rule::cast( ruleIndex[j+1] ); + setRuleNumber(j+1,rule); + rule = Rule::cast( ruleIndex[j] ); + setRuleNumber(j,rule); + + ++j; + } + nn--; + } + } + + + setUpdatesEnabled(true); + + setCurrentCell( newN, currentColumn() ); + selectRE( newN , currentColumn() ); + updateContents(); + + changingRules = false; + om->updateLastModifiedTimestampForOneFirewall(getFirewall()); + } +} + +void RuleSetView::moveRuleUp() +{ + if (!hasFocus()) return; + int rn=currentRow(); +/* swap rule rn and rn-1 */ + + if (rn==0) return; + + if (ruleset->moveRuleUp(rn)) + { + FWObject *r=ruleIndex[rn]; + ruleIndex[rn]=ruleIndex[rn-1]; + ruleIndex[rn-1]=r; + + swapRows(rn-1,rn); + + dirtyRows[rn-1]=1; + dirtyRows[rn]=1; + + setCurrentCell( rn-1, currentColumn() ); + selectRE( rn-1 , currentColumn() ); + } +} + +void RuleSetView::moveRuleDown() +{ + if (!hasFocus()) return; + int rn=currentRow(); +/* swap rule rn and rn+1 */ + + if (rn==ruleset->getRuleSetSize()-1) return; + + if (ruleset->moveRuleDown(rn)) + { + FWObject *r=ruleIndex[rn]; + ruleIndex[rn]=ruleIndex[rn+1]; + ruleIndex[rn+1]=r; + + swapRows(rn+1,rn); + + dirtyRows[rn+1]=1; + dirtyRows[rn]=1; + + setCurrentCell( rn+1, currentColumn() ); + selectRE( rn+1 , currentColumn() ); + } +} + + +void RuleSetView::copyRule() +{ + if (!hasFocus()) return; + + int firstSelectedRule=-1; + int lastSelectedRule=-1; + + QTableSelection sel=selection(0); + if (sel.isActive()) + { + firstSelectedRule=sel.topRow(); + lastSelectedRule=sel.bottomRow(); +// removeSelection(0); +// verticalHeader()->update(); + } else + { + firstSelectedRule=currentRow(); + lastSelectedRule=currentRow(); + } + + if ( firstSelectedRule!=-1 ) + { + FWObjectClipboard::obj_clipboard->clear(); + for (int i=firstSelectedRule; i<=lastSelectedRule; ++i) + { + FWObject *rule = ruleIndex[i]; + + if (fwbdebug && PolicyRule::cast(rule)!=NULL) + qDebug(QString("RuleSetView::copyRule: direction=%1") + .arg(PolicyRule::cast(rule)->getDirectionAsString().c_str())); + + FWObjectClipboard::obj_clipboard->add( rule ); + } + } +} + +void RuleSetView::cutRule() +{ + copyRule(); + removeRule(); +} + +void RuleSetView::pasteRuleAbove() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + int firstSelectedRule=-1; + int lastSelectedRule=-1; + + changingRules = true; + + QTableSelection sel=selection(0); + if (sel.isActive()) + { + firstSelectedRule=sel.topRow(); + lastSelectedRule=sel.bottomRow(); + removeSelection(0); + verticalHeader()->update(); + } else + { + firstSelectedRule=currentRow(); + lastSelectedRule=currentRow(); + } + if (fwbdebug) qDebug("Firewall: pasteRuleAbove"); + +/* pick rules in reverse order */ + vector::reverse_iterator i; + for (i= FWObjectClipboard::obj_clipboard->rbegin(); + i!=FWObjectClipboard::obj_clipboard->rend(); ++i) + { + FWObject *co= mw->db()->findInIndex(*i); + if (!Rule::cast(co)) continue; + insertRule( firstSelectedRule, co); + } + + changingRules = false; + om->updateLastModifiedTimestampForOneFirewall(getFirewall()); +} + + +void RuleSetView::pasteRuleBelow() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + int firstSelectedRule=-1; + int lastSelectedRule=-1; + + changingRules = true; + + QTableSelection sel=selection(0); + if (sel.isActive()) + { + firstSelectedRule=sel.topRow(); + lastSelectedRule=sel.bottomRow(); + removeSelection(0); + verticalHeader()->update(); + } else + { + firstSelectedRule=currentRow(); + lastSelectedRule=currentRow(); + } + + int n=0; + vector::iterator i; + for (i= FWObjectClipboard::obj_clipboard->begin(); + i!=FWObjectClipboard::obj_clipboard->end(); ++i,++n) + { + FWObject *co= mw->db()->findInIndex(*i); + if (!Rule::cast(co)) continue; + insertRule( lastSelectedRule+1+n, co); + } + + changingRules = false; + om->updateLastModifiedTimestampForOneFirewall(getFirewall()); + +// if (FWObjectClipboard::obj_clipboard->getObject()!=NULL) +// insertRule( rn+1, Rule::cast(FWObjectClipboard::obj_clipboard->getObject()) ); +} + +void RuleSetView::enableRule() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + int firstSelectedRule=-1; + int lastSelectedRule=-1; + + changingRules = true; + + QTableSelection sel=selection(0); + if (sel.isActive()) + { + firstSelectedRule=sel.topRow(); + lastSelectedRule=sel.bottomRow(); + } else + { + firstSelectedRule=currentRow(); + lastSelectedRule=currentRow(); + } + + if ( firstSelectedRule!=-1 ) + { + for (int rn=lastSelectedRule; rn>=firstSelectedRule; --rn) + { + Rule *r = Rule::cast( ruleIndex[rn] ); + if (fwbdebug) qDebug("Firewall changed: enableRule"); + r->enable(); + setRuleNumber(rn,r); + } + } + + changingRules = false; + om->updateLastModifiedTimestampForOneFirewall(getFirewall()); +} + +void RuleSetView::disableRule() +{ + if (!isTreeReadWrite(this,ruleset)) return; + + int firstSelectedRule=-1; + int lastSelectedRule=-1; + + changingRules = true; + + QTableSelection sel=selection(0); + if (sel.isActive()) + { + firstSelectedRule=sel.topRow(); + lastSelectedRule=sel.bottomRow(); + } else + { + firstSelectedRule=currentRow(); + lastSelectedRule=currentRow(); + } + + if ( firstSelectedRule!=-1 ) + { + for (int rn=lastSelectedRule; rn>=firstSelectedRule; --rn) + { + Rule *r = Rule::cast( ruleIndex[rn] ); + if (fwbdebug) qDebug("Firewall changed: disableRule"); + r->disable(); + setRuleNumber(rn,r); + } + } + + changingRules = false; + om->updateLastModifiedTimestampForOneFirewall(getFirewall()); +} + + + + + +PolicyView::PolicyView(Policy *p, QWidget *parent) : RuleSetView(1, 7, parent) +{ + setName("PolicyView"); + ruleset=p; + iinit(); + init(); +} + +void PolicyView::init() +{ + ncols=7 + + ((supports_time)?1:0) + + ((supports_logging && supports_rule_options)?1:0); + + setNumCols(ncols); + + colTypes[-1]=RuleOp; + + int col=0; + horizontalHeader()->setLabel( col, tr( "Source" ) ); // 0 + colTypes[col++]=Object; + + horizontalHeader()->setLabel( col, tr( "Destination" ) ); // 1 + colTypes[col++]=Object; + + horizontalHeader()->setLabel( col, tr( "Service" ) ); // 2 + colTypes[col++]=Object; + + horizontalHeader()->setLabel( col, tr( "Interface" ) ); // 3 + colTypes[col++]=Object; + + horizontalHeader()->setLabel( col, tr( "Direction" ) ); // 4 + colTypes[col++]=Direction; + + horizontalHeader()->setLabel( col, tr( "Action" ) ); // 5 + colTypes[col++]=Action; + + if (supports_time) + { + horizontalHeader()->setLabel( col, tr( "Time" ) ); // 6 + colTypes[col++]=Time; + } + + if (supports_logging && supports_rule_options) + { + horizontalHeader()->setLabel( col, tr( "Options" ) ); + colTypes[col++]=Options; + } + + horizontalHeader()->setLabel( col, tr( "Comment" ) ); + colTypes[col]=Comment; +// setColumnStretchable(col, true); + + RuleSetView::init(); +} + +RuleElement* PolicyView::getRE( int row, int col ) +{ + if (row<0) return NULL; + + if (ruleIndex.count(row)==0) return NULL; + PolicyRule *r = PolicyRule::cast( ruleIndex[row] ); + if(r==NULL) return NULL; + return getRE(r, col); +} + +RuleElement* PolicyView::getRE( Rule* r, int col ) +{ + string ret; + + switch (getColType(col)) + { + case Object: + switch (col) + { + case 0: ret=RuleElementSrc::TYPENAME; break; + case 1: ret=RuleElementDst::TYPENAME; break; + case 2: ret=RuleElementSrv::TYPENAME; break; + case 3: ret=RuleElementItf::TYPENAME; break; + } + break; + case Time: + ret=RuleElementInterval::TYPENAME; break; + default: return NULL; + } + + return RuleElement::cast( r->getFirstByType(ret) ); +} + +InterfacePolicyView::InterfacePolicyView(InterfacePolicy *p, QWidget *parent) : + RuleSetView(1,7,parent) +{ + setName("InterfacePolicyView"); + ruleset=p; + iinit(); + init(); +} + +void InterfacePolicyView::init() +{ + ncols=6 + + ((supports_time)?1:0) + + ((supports_logging && supports_rule_options)?1:0); + + setNumCols(ncols); + + colTypes[-1]=RuleOp; + + int col=0; + horizontalHeader()->setLabel( col, tr( "Source" ) ); // 0 + colTypes[col++]=Object; + + horizontalHeader()->setLabel( col, tr( "Destination" ) ); // 1 + colTypes[col++]=Object; + + horizontalHeader()->setLabel( col, tr( "Service" ) ); // 2 + colTypes[col++]=Object; + + horizontalHeader()->setLabel( col, tr( "Direction" ) ); // 3 + colTypes[col++]=Direction; + + horizontalHeader()->setLabel( col, tr( "Action" ) ); // 4 + colTypes[col++]=Action; + + if (supports_time) + { + horizontalHeader()->setLabel( col, tr( "Time" ) ); // 5 + colTypes[col++]=Time; + } + + if (supports_logging && supports_rule_options) + { + horizontalHeader()->setLabel( col, tr( "Options" ) ); + colTypes[col++]=Options; + } + + horizontalHeader()->setLabel( col, tr( "Comment" ) ); + colTypes[col]=Comment; +// setColumnStretchable(col, true); + +// ncols=col; + + RuleSetView::init(); +} + +RuleElement* InterfacePolicyView::getRE( int row, int col ) +{ + if (row<0) return NULL; + PolicyRule *r = PolicyRule::cast( ruleIndex[row] ); + assert(r!=NULL); + return getRE(r,col); +} + +RuleElement* InterfacePolicyView::getRE( Rule *r, int col ) +{ + string ret; + + switch (getColType(col)) + { + case Object: + switch (col) + { + case 0: ret=RuleElementSrc::TYPENAME; break; + case 1: ret=RuleElementDst::TYPENAME; break; + case 2: ret=RuleElementSrv::TYPENAME; break; + } + break; + case Time: + ret=RuleElementInterval::TYPENAME; break; + default: return NULL; + } + + return RuleElement::cast( r->getFirstByType(ret) ); +} + + + + + +NATView::NATView(NAT *p, QWidget *parent) : RuleSetView(1,8,parent) +{ + setName("NATView"); + ruleset=p; + iinit(); + init(); +} + +void NATView::init() +{ + colTypes[-1]=RuleOp; + + ncols=8; + + int col=0; + horizontalHeader()->setLabel( col, tr( "Original Src" ) ); + colTypes[col++]=Object; + + horizontalHeader()->setLabel( col, tr( "Original Dst" ) ); + colTypes[col++]=Object; + + horizontalHeader()->setLabel( col, tr( "Original Srv" ) ); + colTypes[col++]=Object; + + horizontalHeader()->setLabel( col, tr( "Translated Src" ) ); + colTypes[col++]=Object; + + horizontalHeader()->setLabel( col, tr( "Translated Dst" ) ); + colTypes[col++]=Object; + + horizontalHeader()->setLabel( col, tr( "Translated Srv" ) ); + colTypes[col++]=Object; + + horizontalHeader()->setLabel( col, tr( "Options" ) ); + colTypes[col++]=Options; + + horizontalHeader()->setLabel( col, tr( "Comment" ) ); + colTypes[col]=Comment; +// setColumnStretchable(col, true); + +// ncols=col; + + RuleSetView::init(); +} + +RuleElement* NATView::getRE( int row, int col ) +{ + if (row<0) return NULL; + NATRule *r = NATRule::cast( ruleIndex[row] ); + assert(r!=NULL); + return getRE(r,col); +} + +RuleElement* NATView::getRE( Rule *r, int col ) +{ + string ret; + + switch (getColType(col)) + { + case Object: + switch (col) + { + case 0: ret=RuleElementOSrc::TYPENAME; break; + case 1: ret=RuleElementODst::TYPENAME; break; + case 2: ret=RuleElementOSrv::TYPENAME; break; + case 3: ret=RuleElementTSrc::TYPENAME; break; + case 4: ret=RuleElementTDst::TYPENAME; break; + case 5: ret=RuleElementTSrv::TYPENAME; break; + } + break; + default: return NULL; + } + + return RuleElement::cast( r->getFirstByType(ret) ); +} + + + +RoutingView::RoutingView(Routing *p, QWidget *parent) : RuleSetView(1,5,parent) +{ + setName("RoutingView"); + ruleset=p; + iinit(); + init(); +} + +void RoutingView::init() +{ + colTypes[-1]=RuleOp; + ncols=6; + setNumCols(ncols); + + int col=0; + horizontalHeader()->setLabel( col, tr( "Destination" ) ); + colTypes[col++]=Object; + + horizontalHeader()->setLabel( col, tr( "Gateway" ) ); + colTypes[col++]=Object; + + horizontalHeader()->setLabel( col, tr( "Interface" ) ); + colTypes[col++]=Object; + + horizontalHeader()->setLabel( col, tr( "Metric" ) ); + colTypes[col++]=Metric; + + horizontalHeader()->setLabel( col, tr( "Options" ) ); + colTypes[col++]=Options; + + horizontalHeader()->setLabel( col, tr( "Comment" ) ); + colTypes[col]=Comment; + +// setColumnStretchable(col, true); + +// ncols=col; + + RuleSetView::init(); +} + +RuleElement* RoutingView::getRE( int row, int col ) +{ + if (row<0) return NULL; + RoutingRule *r = RoutingRule::cast( ruleIndex[row] ); + assert(r!=NULL); + return getRE(r,col); +} + +RuleElement* RoutingView::getRE( Rule *r, int col ) +{ + string ret; + + switch (getColType(col)) + { + case Object: + switch (col) + { + case 0: ret=RuleElementRDst::TYPENAME; break; + case 1: ret=RuleElementRGtw::TYPENAME; break; + case 2: ret=RuleElementRItf::TYPENAME; break; + } + break; + default: return NULL; + } + + return RuleElement::cast( r->getFirstByType(ret) ); +} + diff --git a/src/gui/oldRuleSetView.h b/src/gui/oldRuleSetView.h new file mode 100644 index 000000000..72c11bc76 --- /dev/null +++ b/src/gui/oldRuleSetView.h @@ -0,0 +1,369 @@ + +#include "fwbuilder/Rule.h" + +#include +#include +#include +#include + +#include +#include + +class QPopupMenu; + +namespace libfwbuilder { + class FWObject; + class Firewall; + class FWReference; + class RuleElement; + class Rule; + class RuleSet; + class Policy; + class InterfacePolicy; + class NAT; + class Routing; + class RuleElement; + class NATRule; + class RoutingRule; +}; + +class RuleSetView; + +/** + * this class is used to intercept mouse clicks on the vertical header + * of the table so we could open a context menu + */ +class headerMouseEventInterceptor : public QObject +{ + RuleSetView *rsv; + + public: + headerMouseEventInterceptor(RuleSetView *_rsv) { rsv=_rsv; } + + protected: + bool eventFilter( QObject *object, QEvent *event); +}; + + +class RuleObjToolTip : public QToolTip { + + RuleSetView *rsv; + public: + RuleObjToolTip(RuleSetView *w); + virtual ~RuleObjToolTip() {} + virtual void maybeTip(const QPoint &p); +}; + + +class RuleSetView : public QTableWidget +{ + friend class headerMouseEventInterceptor; + + Q_OBJECT + + public slots: + + void contentsMoving(int x, int y); + void horizontalHeaderClicked(int col); + void verticalHeaderClicked(int row); + void selectionChanged(); + void restoreSelection(bool same_widget); + + void contextMenu(int row, int col, const QPoint &pos); + void doubleClicked(int row,int col,int btn,const QPoint &pos); + + void editSelected(); + void copySelectedObject(); + void cutSelectedObject(); + void deleteSelectedObject(); + void pasteObject(); + void findWhereUsedSlot(); + void revealObjectInTree(); + + void negateRE(); + void editRE(); + + void changeActionToAccept(); + void changeActionToDeny(); + void changeActionToReject(); + void changeActionToAccounting(); + void changeActionToPipe(); + void changeActionToTag(); + void changeActionToClassify(); + void changeActionToCustom(); + void changeActionToBranch(); + void changeActionToRoute(); + void changeActionToContinue(); + + void changeDirectionToIn(); + void changeDirectionToOut(); + void changeDirectionToBoth(); + void changeLogToOn(); + void changeLogToOff(); + + void insertRule(); + void addRuleAfterCurrent(); + void removeRule(); + void moveRule(); + void moveRuleUp(); + void moveRuleDown(); + + void copyRule(); + void cutRule(); + void pasteRuleAbove(); + void pasteRuleBelow(); + + + void enableRule(); + void disableRule(); + + void setRuleColor(const QString &c); + void setRuleNumber(int row, libfwbuilder::Rule *rule); + + public: + + enum REType { RuleOp, + Object, + Action, + Direction, + Options, + Time, + Comment, + Metric }; + + protected: + + enum PixmapAttr { Normal, Neg, Ref, Tree }; + enum PopupMenuAction { None, EditObj, EditRE, NegateRE }; + + headerMouseEventInterceptor hme; + + libfwbuilder::RuleSet *ruleset; + +/* + * ruleIndex should provide for a fast direct access to elements, as + * well as for a reasonably fast adding and removal in an arbitrary + * place so that all element would shift up or down correspondingly. A + * map is a compromise, it provides for fast direct access but slow + * adding and removal (because I need to manually shift elements in a + * loop). + */ + std::map ruleIndex; + int ncols; + + bool supports_time; + bool supports_logging; + bool supports_rule_options; + + int RuleElementSpacing; + + int pixmap_h; + int pixmap_w; + int text_h; + int item_h; + std::map dirtyRows; + + std::map colTypes; + + libfwbuilder::FWObject *selectedObject; + int selectedObjectRow; + int selectedObjectCol; + + libfwbuilder::FWObject *prevSelectedObject; + int prevSelectedObjectRow; + int prevSelectedObjectCol; + + bool kbdGoingUp; + bool changingSelection; + bool dragging; + bool changingRules; + + PopupMenuAction lastPopupMenuAction; + + void iinit(); + QString settingsKey(); + + void adjustRow_int( int row, int h ); + + virtual void drawContents(QPainter *p, int cx, int cy, int cw, int ch); + + virtual QDrag* dragObject(); + virtual void contentsMousePressEvent( QMouseEvent* ev ); + virtual void contentsMouseMoveEvent( QMouseEvent* ev ); + virtual void contentsMouseReleaseEvent( QMouseEvent* ev ); + virtual void keyPressEvent( QKeyEvent* ev ); + virtual void dragMoveEvent( QDragMoveEvent *ev); + virtual void dragEnterEvent( QDragEnterEvent *ev); + virtual void contentsDragEnterEvent( QDragEnterEvent *ev); + virtual void dropEvent( QDropEvent *ev); + virtual void hideEvent(QHideEvent *ev); + + virtual void focusInEvent(QFocusEvent*); + virtual void focusOutEvent(QFocusEvent*); + + virtual void adjustRow( int row ); + virtual void adjustColumn( int col ); + + void addRuleBranch(libfwbuilder::PolicyRule *rule); + + bool isDirection (int col); + bool isAction (int col); + bool isOptions (int col); + + QString getPlatform(); + + QRect calculateCellSize( int row, int col ); + + virtual void resizeData( int ) {} + virtual QTableItem *item( int r, int c ) const { return items.find( c( r, c ) ); } + virtual void setItem( int r, int c, QTableItem *i ) { items.replace( indexOf( r, c ), i ); } + virtual void clearCell( int r, int c ) { items.remove( indexOf( r, c ) ); } + virtual void takeItem( QTableItem *item ) + { + items.setAutoDelete( FALSE ); + items.remove( indexOf( item->row(), item->col() ) ); + items.setAutoDelete( TRUE ); + } + virtual void insertWidget( int r, int c, QWidget *w ); + virtual QWidget *cellWidget( int r, int c ) const; + virtual void clearCellWidget( int r, int c ) + { + QWidget *w = widgets.take( indexOf( r, c ) ); + if ( w ) + w->deleteLater(); + } + virtual void paintCell(QPainter *p,int row,int col, const QRect &cr,bool selected, const QColorGroup &cg); + + virtual QWidget *createEditor( int row, int col, bool initFromCell ) const; + +// RuleSetOptions* getOpt() const { return opt; } + + bool insertObject(int row, int col, libfwbuilder::FWObject *obj); + void deleteObject(int row, int col, libfwbuilder::FWObject *obj); + + void copyRuleContent(libfwbuilder::Rule *dst, libfwbuilder::Rule *src); + + void headerMousePressEvent(const QPoint &pos); + void changeDitection(libfwbuilder::PolicyRule::Direction dir); + void changeAction(libfwbuilder::PolicyRule::Action act); + + void setSelectedObject(libfwbuilder::FWObject* obj); + + public: + + RuleSetView( int r, int c, QWidget *parent); + virtual ~RuleSetView(); + virtual void init(); + + void clear(); + + void unselect(); + bool isSelected(); + libfwbuilder::FWObject* getSelectedObject(); + libfwbuilder::Firewall* getFirewall(); + + libfwbuilder::Rule* insertRule(int pos, libfwbuilder::FWObject *r); + + libfwbuilder::FWObject* getObj(int row, int col, + int mouse_y_pos, QRect *cr=NULL); + libfwbuilder::PolicyRule* getRule(int row); + + void selectRE( int row, int col); + + /** + * selects rule element a reference 'ref' belongs to + */ + void selectRE(libfwbuilder::FWReference *ref); + + void updateCurrentCell(); + void updateAll(); + + void editCurrentObject(); + bool switchObjectInEditor(int col,bool validate=true); + + /** + * shows and selects object obj in the tree, or, if obj is a rule, + * shows corresponding firewall object. Makes sure keyboard focus + * returns back to the ruleset. + */ + void openObjectInTree(libfwbuilder::FWObject *obj); + + REType getColType(int col) const; + +private: + + QIntDict items; + QIntDict widgets; + +// virtual libfwbuilder::RuleElement* getRE( int row, int col ) const = 0; +// virtual libfwbuilder::RuleElement* getRE( libfwbuilder::Rule* r, int col ) const = 0; + virtual libfwbuilder::RuleElement* getRE( int row, int col ) = 0; + virtual libfwbuilder::RuleElement* getRE( libfwbuilder::Rule* r, int col ) = 0; + + QPixmap getPixmap(libfwbuilder::FWObject *obj, PixmapAttr pmattr = Normal) const; + QString objectText(libfwbuilder::RuleElement *re,libfwbuilder::FWObject *obj); + + void fixRulePosition(libfwbuilder::Rule *r, libfwbuilder::FWObject *parent, int pos); +}; + + + +class PolicyView : public RuleSetView +{ + virtual libfwbuilder::RuleElement* getRE( int row, int col ) ; + virtual libfwbuilder::RuleElement* getRE( libfwbuilder::Rule* r, int col ) ; + + public: + + PolicyView(libfwbuilder::Policy *p, QWidget *parent); + virtual ~PolicyView() {} + + virtual void init(); + +}; + +class InterfacePolicyView : public RuleSetView +{ + virtual libfwbuilder::RuleElement* getRE( int row, int col ) ; + virtual libfwbuilder::RuleElement* getRE( libfwbuilder::Rule* r, int col ) ; + + public: + + InterfacePolicyView(libfwbuilder::InterfacePolicy *p, QWidget *parent); + virtual ~InterfacePolicyView() {} + + virtual void init(); + + +}; + +class NATView : public RuleSetView +{ + virtual libfwbuilder::RuleElement* getRE( int row, int col ) ; + virtual libfwbuilder::RuleElement* getRE( libfwbuilder::Rule* r, int col ) ; + + public: + + NATView(libfwbuilder::NAT *p, QWidget *parent); + virtual ~NATView() {} + + virtual void init(); + + +}; + +class RoutingView : public RuleSetView +{ + virtual libfwbuilder::RuleElement* getRE( int row, int col ) ; + virtual libfwbuilder::RuleElement* getRE( libfwbuilder::Rule* r, int col ) ; + + public: + + RoutingView(libfwbuilder::Routing *p, QWidget *parent); + virtual ~RoutingView() {} + + virtual void init(); + + +}; + diff --git a/src/gui/openbsdAdvancedDialog.cpp b/src/gui/openbsdAdvancedDialog.cpp new file mode 100644 index 000000000..5799b8982 --- /dev/null +++ b/src/gui/openbsdAdvancedDialog.cpp @@ -0,0 +1,122 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: openbsdAdvancedDialog.cpp,v 1.3 2006/03/16 05:38:14 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "platforms.h" + +#include "openbsdAdvancedDialog.h" +#include "ObjectManipulator.h" + +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Management.h" + +#include +#include +#include +#include +#include +#include +#include + + +using namespace std; +using namespace libfwbuilder; + +openbsdAdvancedDialog::~openbsdAdvancedDialog() +{ + delete m_dialog; +} + +openbsdAdvancedDialog::openbsdAdvancedDialog(QWidget *parent,FWObject *o) + : QDialog(parent) +{ + m_dialog = new Ui::openbsdAdvancedDialog_q; + m_dialog->setupUi(this); + obj=o; + + FWOptions *fwopt=(Firewall::cast(obj))->getOptionsObject(); + assert(fwopt!=NULL); + + Management *mgmt=(Firewall::cast(obj))->getManagementObject(); + assert(mgmt!=NULL); + + QStringList threeStateMapping; + + threeStateMapping.push_back(QObject::tr("No change")); + threeStateMapping.push_back(""); + + threeStateMapping.push_back(QObject::tr("On")); + threeStateMapping.push_back("1"); + + threeStateMapping.push_back(QObject::tr("Off")); + threeStateMapping.push_back("0"); + + data.registerOption( m_dialog->openbsd_ip_sourceroute, + fwopt, + "openbsd_ip_sourceroute", threeStateMapping); + data.registerOption( m_dialog->openbsd_ip_redirect, + fwopt, + "openbsd_ip_redirect", threeStateMapping); + data.registerOption( m_dialog->openbsd_ip_directed_broadcast, + fwopt, + "openbsd_ip_directed_broadcast", threeStateMapping); + data.registerOption( m_dialog->openbsd_ip_forward, + fwopt, + "openbsd_ip_forward", threeStateMapping); + data.registerOption( m_dialog->openbsd_path_pfctl, + fwopt, + "openbsd_path_pfctl"); + data.registerOption( m_dialog->openbsd_path_sysctl, + fwopt, + "openbsd_path_sysctl"); + + + data.loadAll(); +} + +/* + * store all data in the object + */ +void openbsdAdvancedDialog::accept() +{ + FWOptions *fwopt=(Firewall::cast(obj))->getOptionsObject(); + assert(fwopt!=NULL); + + Management *mgmt=(Firewall::cast(obj))->getManagementObject(); + assert(mgmt!=NULL); + + data.saveAll(); + + om->updateLastModifiedTimestampForAllFirewalls(obj); + QDialog::accept(); +} + +void openbsdAdvancedDialog::reject() +{ + QDialog::reject(); +} + + diff --git a/src/gui/openbsdAdvancedDialog.h b/src/gui/openbsdAdvancedDialog.h new file mode 100644 index 000000000..b217bf75f --- /dev/null +++ b/src/gui/openbsdAdvancedDialog.h @@ -0,0 +1,59 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: openbsdAdvancedDialog.h,v 1.1 2004/05/11 04:45:39 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __OPENBSDADVANCEDDIALOG_H_ +#define __OPENBSDADVANCEDDIALOG_H_ + +#include +#include "DialogData.h" +#include + +namespace libfwbuilder { + class FWObject; +}; + +class openbsdAdvancedDialog : public QDialog +{ + Q_OBJECT + + libfwbuilder::FWObject *obj; + DialogData data; + Ui::openbsdAdvancedDialog_q *m_dialog; + + public: + openbsdAdvancedDialog(QWidget *parent,libfwbuilder::FWObject *o); + ~openbsdAdvancedDialog(); + +protected slots: + + virtual void accept(); + virtual void reject(); + + +}; + +#endif // __OPENBSDADVANCEDDIALOG_H + diff --git a/src/gui/openbsdadvanceddialog_q.ui b/src/gui/openbsdadvanceddialog_q.ui new file mode 100644 index 000000000..ccc9ea5f3 --- /dev/null +++ b/src/gui/openbsdadvanceddialog_q.ui @@ -0,0 +1,458 @@ + + openbsdAdvancedDialog_q + + + + 0 + 0 + 387 + 262 + + + + OpenBSD: advanced settings + + + + 11 + + + 6 + + + + + 0 + + + 6 + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + &OK + + + + + + true + + + true + + + + + + + &Cancel + + + + + + true + + + + + + + + + + Options + + + + 6 + + + 6 + + + + + Forward source routed packets + + + Qt::AlignCenter + + + false + + + + + + + Enable directed broadcast + + + Qt::AlignCenter + + + false + + + + + + + + No change + + + + + On + + + + + Off + + + + + + + + + No change + + + + + On + + + + + Off + + + + + + + + Packet forwarding + + + Qt::AlignCenter + + + false + + + + + + + + No change + + + + + On + + + + + Off + + + + + + + + 0 + + + + No change + + + + + On + + + + + Off + + + + + + + + Generate ICMP redirects + + + Qt::AlignCenter + + + false + + + + + + + Qt::Horizontal + + + QSizePolicy::Fixed + + + + 151 + 20 + + + + + + + + Qt::Vertical + + + QSizePolicy::Fixed + + + + 20 + 20 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 40 + + + + + + + + + Path + + + + 6 + + + 6 + + + + + pfctl: + + + Qt::AlignCenter + + + false + + + + + + + + 200 + 0 + + + + + + + + + 200 + 0 + + + + + + + + sysctl: + + + Qt::AlignCenter + + + false + + + + + + + Specify directory path and a file name for the following utilities on the OS your firewall machine is running. Leave these empty if you want to use default values. + + + Qt::AlignCenter + + + true + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 40 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + + + + + openbsd_ip_forward + openbsd_ip_directed_broadcast + openbsd_ip_sourceroute + openbsd_ip_redirect + buttonOk + buttonCancel + openbsd_path_pfctl + openbsd_path_sysctl + tabWidget9 + + + + + buttonOk + clicked() + openbsdAdvancedDialog_q + accept() + + + 20 + 20 + + + 20 + 20 + + + + + buttonCancel + clicked() + openbsdAdvancedDialog_q + reject() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/pagesetupdialog_q.ui b/src/gui/pagesetupdialog_q.ui new file mode 100644 index 000000000..7a3fbd6b6 --- /dev/null +++ b/src/gui/pagesetupdialog_q.ui @@ -0,0 +1,182 @@ + + + + + pageSetupDialog_q + + + + 0 + 0 + 248 + 199 + + + + Page Setup + + + + + + start each section on a new page + + + + + + + print header on every page + + + + + + + print legend + + + + + + + print objects used in rules + + + + + + + 0 + + + + + + 40 + 20 + + + + Expanding + + + Horizontal + + + + + + + &OK + + + Alt+O + + + true + + + true + + + + + + + &Cancel + + + Alt+C + + + false + + + false + + + + + + + + + 0 + + + + + Scale tables: + + + false + + + + + + + + 50% + + + + + 75% + + + + + 100% + + + + + 150% + + + + + 200% + + + + + + + + + 40 + 20 + + + + Expanding + + + Horizontal + + + + + + + + + + + + buttonOk + clicked() + pageSetupDialog_q + accept() + + + buttonCancel + clicked() + pageSetupDialog_q + reject() + + + diff --git a/src/gui/pfAdvancedDialog.cpp b/src/gui/pfAdvancedDialog.cpp new file mode 100644 index 000000000..ba2afc354 --- /dev/null +++ b/src/gui/pfAdvancedDialog.cpp @@ -0,0 +1,300 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: pfAdvancedDialog.cpp,v 1.22 2007/07/14 18:17:45 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "platforms.h" + +#include "pfAdvancedDialog.h" +#include "SimpleTextEditor.h" +#include "ObjectManipulator.h" + +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Management.h" +#include "fwbuilder/Resources.h" + +#include +#include +#include +#include +#include +#include +#include +#include + + +using namespace std; +using namespace libfwbuilder; + +pfAdvancedDialog::pfAdvancedDialog(QWidget *parent,FWObject *o) + : QDialog(parent) +{ + m_dialog = new Ui::pfAdvancedDialog_q; + m_dialog->setupUi(this); + obj=o; + QStringList slm; + + FWOptions *fwopt=(Firewall::cast(obj))->getOptionsObject(); + assert(fwopt!=NULL); + + Management *mgmt=(Firewall::cast(obj))->getManagementObject(); + assert(mgmt!=NULL); + + if (fwbdebug) + qDebug("%s",Resources::getTargetOptionStr( + obj->getStr("host_OS"),"user_can_change_install_dir").c_str()); + + if (!Resources::getTargetOptionBool( + obj->getStr("host_OS"),"user_can_change_install_dir")) + { + m_dialog->pf_fw_dir->setEnabled(false); + fwopt->setStr("firewall_dir",""); + } + + data.registerOption( m_dialog->pf_log_prefix ,fwopt, "log_prefix" ); + data.registerOption( m_dialog->pf_fallback_log ,fwopt, "fallback_log" ); + data.registerOption( m_dialog->pf_do_timeout_interval,fwopt,"pf_do_timeout_interval"); + data.registerOption( m_dialog->pf_timeout_interval ,fwopt, "pf_timeout_interval" ); + data.registerOption( m_dialog->pf_do_timeout_frag ,fwopt, "pf_do_timeout_frag" ); + data.registerOption( m_dialog->pf_timeout_frag ,fwopt, "pf_timeout_frag" ); + data.registerOption( m_dialog->pf_do_limit_frags ,fwopt, "pf_do_limit_frags" ); + data.registerOption( m_dialog->pf_limit_frags ,fwopt, "pf_limit_frags" ); + data.registerOption( m_dialog->pf_do_limit_states ,fwopt, "pf_do_limit_states" ); + data.registerOption( m_dialog->pf_limit_states ,fwopt, "pf_limit_states" ); + data.registerOption( m_dialog->pf_do_limit_src_nodes ,fwopt, + "pf_do_limit_src_nodes" ); + data.registerOption( m_dialog->pf_limit_src_nodes, fwopt, "pf_limit_src_nodes" ); + data.registerOption( m_dialog->pf_do_limit_tables, fwopt, "pf_do_limit_tables" ); + data.registerOption( m_dialog->pf_limit_tables ,fwopt, "pf_limit_tables" ); + data.registerOption( m_dialog->pf_do_limit_table_entries,fwopt, + "pf_do_limit_table_entries"); + data.registerOption( m_dialog->pf_limit_table_entries,fwopt,"pf_limit_table_entries"); + +// Prepare mapping for pf_optimization: + slm.clear(); + slm.push_back(""); + slm.push_back(""); + slm.push_back(QObject::tr("Aggressive")); + slm.push_back("Aggressive"); + slm.push_back(QObject::tr("Conservative")); + slm.push_back("Conservative"); + slm.push_back(QObject::tr("For high latency")); + slm.push_back("For high latency"); + slm.push_back(QObject::tr("Normal")); + slm.push_back("Normal"); + m_dialog->pf_optimization->clear(); + m_dialog->pf_optimization->addItems(getScreenNames(slm)); + data.registerOption( m_dialog->pf_optimization, fwopt, "pf_optimization", slm); + + data.registerOption( m_dialog->pf_check_shadowing ,fwopt, "check_shading" ); + data.registerOption( m_dialog->pf_pass_all_out ,fwopt, "pass_all_out" ); + data.registerOption( m_dialog->pf_in_out_code ,fwopt, "in_out_code" ); + data.registerOption( m_dialog->pf_ignore_empty_groups ,fwopt, "ignore_empty_groups" ); +// data.registerOption( pf_use_tables , fwopt, "use_tables" ); + data.registerOption( m_dialog->pf_accept_new_tcp_with_no_syn ,fwopt, "accept_new_tcp_with_no_syn"); + data.registerOption( m_dialog->pf_modulate_state ,fwopt, "modulate_state" ); + data.registerOption( m_dialog->pf_scrub_random_id ,fwopt, "pf_scrub_random_id" ); + + data.registerOption( m_dialog->pf_do_scrub ,fwopt, "pf_do_scrub" ); + +// radio buttons + data.registerOption( m_dialog->pf_scrub_reassemble ,fwopt, "pf_scrub_reassemble" ); + data.registerOption( m_dialog->pf_scrub_fragm_crop ,fwopt, "pf_scrub_fragm_crop" ); + data.registerOption( m_dialog->pf_scrub_fragm_drop_ovl,fwopt, "pf_scrub_fragm_drop_ovl" ); + + + data.registerOption( m_dialog->pf_scrub_use_minttl ,fwopt, "pf_scrub_use_minttl" ); + data.registerOption( m_dialog->pf_scrub_use_maxmss ,fwopt, "pf_scrub_use_maxmss" ); + data.registerOption( m_dialog->pf_scrub_maxmss ,fwopt, "pf_scrub_maxmss" ); + data.registerOption( m_dialog->pf_scrub_minttl ,fwopt, "pf_scrub_minttl" ); + data.registerOption( m_dialog->pf_scrub_no_df ,fwopt, "pf_scrub_no_df" ); + data.registerOption( m_dialog->pf_fw_dir ,fwopt, "firewall_dir" ); + data.registerOption( m_dialog->pf_user ,fwopt, "admUser" ); + data.registerOption( m_dialog->altAddress ,fwopt, "altAddress" ); + data.registerOption( m_dialog->sshArgs ,fwopt, "sshArgs" ); + data.registerOption( m_dialog->activationCmd ,fwopt, "activationCmd" ); + + data.registerOption( m_dialog->pf_manage_virtual_addr ,fwopt, "manage_virtual_addr" ); + data.registerOption( m_dialog->pf_configure_interfaces,fwopt, "configure_interfaces"); + data.registerOption( m_dialog->pf_debug ,fwopt, "debug" ); + + data.registerOption( m_dialog->compiler ,fwopt, "compiler" ); + data.registerOption( m_dialog->compilerArgs ,fwopt, "cmdline" ); + data.registerOption( m_dialog->outputFileName , fwopt, "output_file" ); + + data.registerOption( m_dialog->mgmt_ssh ,fwopt, "mgmt_ssh" ); + data.registerOption( m_dialog->mgmt_addr ,fwopt, "mgmt_addr" ); + + data.registerOption( m_dialog->pf_set_tcp_first ,fwopt, "pf_set_tcp_first" ); + data.registerOption( m_dialog->pf_tcp_first ,fwopt, "pf_tcp_first" ); + data.registerOption( m_dialog->pf_set_tcp_opening ,fwopt, "pf_set_tcp_opening" ); + data.registerOption( m_dialog->pf_tcp_opening ,fwopt, "pf_tcp_opening" ); + data.registerOption( m_dialog->pf_set_tcp_established ,fwopt, "pf_set_tcp_established" ); + data.registerOption( m_dialog->pf_tcp_established ,fwopt, "pf_tcp_established" ); + data.registerOption( m_dialog->pf_set_tcp_closing ,fwopt, "pf_set_tcp_closing" ); + data.registerOption( m_dialog->pf_tcp_closing ,fwopt, "pf_tcp_closing" ); + data.registerOption( m_dialog->pf_set_tcp_finwait ,fwopt, "pf_set_tcp_finwait" ); + data.registerOption( m_dialog->pf_tcp_finwait ,fwopt, "pf_tcp_finwait" ); + data.registerOption( m_dialog->pf_set_tcp_closed ,fwopt, "pf_set_tcp_closed" ); + data.registerOption( m_dialog->pf_tcp_closed ,fwopt, "pf_tcp_closed" ); + data.registerOption( m_dialog->pf_set_udp_first ,fwopt, "pf_set_udp_first" ); + data.registerOption( m_dialog->pf_udp_first ,fwopt, "pf_udp_first" ); + data.registerOption( m_dialog->pf_set_udp_single ,fwopt, "pf_set_udp_single" ); + data.registerOption( m_dialog->pf_udp_single ,fwopt, "pf_udp_single" ); + data.registerOption( m_dialog->pf_set_udp_multiple ,fwopt, "pf_set_udp_multiple" ); + data.registerOption( m_dialog->pf_udp_multiple ,fwopt, "pf_udp_multiple" ); + data.registerOption( m_dialog->pf_set_icmp_first ,fwopt, "pf_set_icmp_first" ); + data.registerOption( m_dialog->pf_icmp_first ,fwopt, "pf_icmp_first" ); + data.registerOption( m_dialog->pf_set_icmp_error ,fwopt, "pf_set_icmp_error" ); + data.registerOption( m_dialog->pf_icmp_error ,fwopt, "pf_icmp_error" ); + data.registerOption( m_dialog->pf_set_other_first ,fwopt, "pf_set_other_first" ); + data.registerOption( m_dialog->pf_other_first ,fwopt, "pf_other_first" ); + data.registerOption( m_dialog->pf_set_other_single ,fwopt, "pf_set_other_single" ); + data.registerOption( m_dialog->pf_other_single ,fwopt, "pf_other_single" ); + data.registerOption( m_dialog->pf_set_other_multiple ,fwopt, "pf_set_other_multiple" ); + data.registerOption( m_dialog->pf_other_multiple ,fwopt, "pf_other_multiple" ); + + data.registerOption( m_dialog->pf_set_adaptive ,fwopt, "pf_set_adaptive" ); + data.registerOption( m_dialog->pf_adaptive_start ,fwopt, "pf_adaptive_start" ); + data.registerOption( m_dialog->pf_adaptive_end ,fwopt, "pf_adaptive_end" ); + + PolicyInstallScript *pis = mgmt->getPolicyInstallScript(); + + m_dialog->installScript->setText( pis->getCommand().c_str() ); + m_dialog->installScriptArgs->setText( pis->getArguments().c_str() ); + +/* page "Prolog/Epilog" */ + + slm = getPrologPlaces( obj->getStr("platform").c_str() ); + m_dialog->prologPlace->clear(); + m_dialog->prologPlace->addItems(getScreenNames(slm)); + data.registerOption( m_dialog->prologPlace, fwopt, "prolog_place", slm); + + data.registerOption( m_dialog->prolog_script , fwopt, "prolog_script" ); + data.registerOption( m_dialog->epilog_script , fwopt, "epilog_script" ); + + + + data.loadAll(); + + doScrubToggled(); + ltToggled(); +} + +pfAdvancedDialog::~pfAdvancedDialog() +{ + delete m_dialog; +} + +void pfAdvancedDialog::doScrubToggled() +{ + bool f=m_dialog->pf_do_scrub->isChecked(); + + m_dialog->pf_scrub_reassemble->setEnabled(f); + m_dialog->pf_scrub_fragm_crop->setEnabled(f); + m_dialog->pf_scrub_fragm_drop_ovl->setEnabled(f); + + if (!m_dialog->pf_scrub_reassemble->isChecked() && + !m_dialog->pf_scrub_fragm_crop->isChecked() && + !m_dialog->pf_scrub_fragm_drop_ovl->isChecked()) m_dialog->pf_scrub_reassemble->setChecked(true); +} + +void pfAdvancedDialog::ltToggled() +{ + m_dialog->pf_limit_frags->setEnabled( m_dialog->pf_do_limit_frags->isChecked() ); + m_dialog->pf_limit_states->setEnabled( m_dialog->pf_do_limit_states->isChecked() ); + m_dialog->pf_limit_src_nodes->setEnabled( m_dialog->pf_do_limit_src_nodes->isChecked() ); + m_dialog->pf_limit_tables->setEnabled( m_dialog->pf_do_limit_tables->isChecked() ); + m_dialog->pf_limit_table_entries->setEnabled( m_dialog->pf_do_limit_table_entries->isChecked()); + + m_dialog->pf_timeout_interval->setEnabled( m_dialog->pf_do_timeout_interval->isChecked() ); + m_dialog->pf_timeout_frag->setEnabled( m_dialog->pf_do_timeout_frag->isChecked() ); + + m_dialog->pf_tcp_first->setEnabled( m_dialog->pf_set_tcp_first->isChecked() ); + m_dialog->pf_tcp_opening->setEnabled( m_dialog->pf_set_tcp_opening->isChecked() ); + m_dialog->pf_tcp_established->setEnabled( m_dialog->pf_set_tcp_established->isChecked() ); + m_dialog->pf_tcp_closing->setEnabled( m_dialog->pf_set_tcp_closing->isChecked() ); + m_dialog->pf_tcp_finwait->setEnabled( m_dialog->pf_set_tcp_finwait->isChecked() ); + m_dialog->pf_tcp_closed->setEnabled( m_dialog->pf_set_tcp_closed->isChecked() ); + m_dialog->pf_udp_first->setEnabled( m_dialog->pf_set_udp_first->isChecked() ); + m_dialog->pf_udp_single->setEnabled( m_dialog->pf_set_udp_single->isChecked() ); + m_dialog->pf_udp_multiple->setEnabled( m_dialog->pf_set_udp_multiple->isChecked() ); + m_dialog->pf_icmp_first->setEnabled( m_dialog->pf_set_icmp_first->isChecked() ); + m_dialog->pf_icmp_error->setEnabled( m_dialog->pf_set_icmp_error->isChecked() ); + m_dialog->pf_other_first->setEnabled( m_dialog->pf_set_other_first->isChecked() ); + m_dialog->pf_other_single->setEnabled( m_dialog->pf_set_other_single->isChecked() ); + m_dialog->pf_other_multiple->setEnabled( m_dialog->pf_set_other_multiple->isChecked() ); + + m_dialog->pf_adaptive_start->setEnabled( m_dialog->pf_set_adaptive->isChecked() ); + m_dialog->pf_adaptive_end->setEnabled( m_dialog->pf_set_adaptive->isChecked() ); +} + +/* + * store all data in the object + */ +void pfAdvancedDialog::accept() +{ + FWOptions *fwopt=(Firewall::cast(obj))->getOptionsObject(); + assert(fwopt!=NULL); + + Management *mgmt=(Firewall::cast(obj))->getManagementObject(); + assert(mgmt!=NULL); + + data.saveAll(); + + PolicyInstallScript *pis = mgmt->getPolicyInstallScript(); + pis->setCommand( m_dialog->installScript->text().toLatin1().constData() ); + pis->setArguments( m_dialog->installScriptArgs->text().toLatin1().constData() ); + + om->updateLastModifiedTimestampForAllFirewalls(obj); + QDialog::accept(); +} + +void pfAdvancedDialog::reject() +{ + QDialog::reject(); +} + +void pfAdvancedDialog::editProlog() +{ + SimpleTextEditor edt(this, + m_dialog->prolog_script->toPlainText(), + true, tr( "Script Editor" ) ); + if ( edt.exec() == QDialog::Accepted ) + m_dialog->prolog_script->setText( edt.text() ); +} + +void pfAdvancedDialog::editEpilog() +{ + SimpleTextEditor edt(this, + m_dialog->epilog_script->toPlainText(), + true, tr( "Script Editor" ) ); + if ( edt.exec() == QDialog::Accepted ) + m_dialog->epilog_script->setText( edt.text() ); +} + + + + diff --git a/src/gui/pfAdvancedDialog.h b/src/gui/pfAdvancedDialog.h new file mode 100644 index 000000000..d888593ac --- /dev/null +++ b/src/gui/pfAdvancedDialog.h @@ -0,0 +1,63 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: pfAdvancedDialog.h,v 1.5 2004/10/18 05:06:55 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __PFADVANCEDDIALOG_H_ +#define __PFADVANCEDDIALOG_H_ + +#include +#include "DialogData.h" +#include + +namespace libfwbuilder { + class FWObject; +}; + +class pfAdvancedDialog : public QDialog +{ + Q_OBJECT + + libfwbuilder::FWObject *obj; + DialogData data; + Ui::pfAdvancedDialog_q *m_dialog; + + public: + pfAdvancedDialog(QWidget *parent,libfwbuilder::FWObject *o); + ~pfAdvancedDialog(); + +protected slots: + + virtual void accept(); + virtual void reject(); + + virtual void doScrubToggled(); + virtual void ltToggled(); + virtual void editProlog(); + virtual void editEpilog(); + +}; + +#endif // __PFADVANCEDDIALOG_H + diff --git a/src/gui/pfadvanceddialog_q.ui b/src/gui/pfadvanceddialog_q.ui new file mode 100644 index 000000000..43ea1854b --- /dev/null +++ b/src/gui/pfadvanceddialog_q.ui @@ -0,0 +1,2874 @@ + + pfAdvancedDialog_q + + + + 0 + 0 + 679 + 662 + + + + pf: advanced settings + + + false + + + + 11 + + + 11 + + + 11 + + + 11 + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + &OK + + + + + + true + + + true + + + + + + + &Cancel + + + + + + true + + + + + + + + + 0 + + + + Compiler + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + Compiler: + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + + 0 + 0 + + + + Command line options for the compiler: + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 16 + + + + + + + + + 0 + 0 + + + + + 32767 + 32767 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Fixed + + + + 40 + 20 + + + + + + + + + 0 + 0 + + + + Always permit ssh access from +the management workstation +with this address: + + + + + + + Accept TCP sessions opened prior to firewall restart + + + + + + + + 0 + 0 + + + + Modulate state for all stateful rules (applies only to TCP services) + + + + + + + + 0 + 0 + + + + Shadowing happens because a rule is a superset of a subsequent rule and any packets potentially matched by the subsequent rule have already been matched by the prior rule. + + + Detect rule shadowing in policy + + + + + + + + 0 + 0 + + + + If the option is deactivated, compiler treats empty groups as an error and aborts processing the policy. If this option is activated, compiler removes all empty groups from all rule elements. If rule element becomes 'any' after the last empty group has been removed, the whole rule will be ignored. Use this option only if you fully understand how it works! + + + Ignore empty groups in rules + + + + + + + + 0 + 0 + + + + Output file name (if left blank, the file name is constructed of the firewall object name and extension ".fw") + + + Qt::AlignVCenter + + + true + + + + + + + + 32767 + 32767 + + + + + + + + + 32767 + 32767 + + + + + + + + + 32767 + 32767 + + + + + + + + + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + Pass all outgoing + + + + + + + Generate both 'in' and 'out' rules + + + + + + + + + + Qt::Horizontal + + + QSizePolicy::Fixed + + + + 40 + 30 + + + + + + + + There are two ways compiler can generate code for rules in the Global Policy: it can either create two ipf rules to control both incoming and outgoing packets for each rule, or it can create only one ipf rule for incoming packets and permit all outgoing ones.You get more control over the packets crossing the firewall in the first mode, but generated script is going to be smaller if you choose the second. + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + + + + + QFrame::HLine + + + QFrame::Sunken + + + Qt::Horizontal + + + + + + + QFrame::HLine + + + QFrame::Sunken + + + Qt::Horizontal + + + + + + + Optimization: + + + Qt::AlignCenter + + + false + + + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 107 + 20 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Fixed + + + + 40 + 150 + + + + + + + + QFrame::HLine + + + QFrame::Sunken + + + Qt::Horizontal + + + + + + + + Scrub rule options + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + Qt::Vertical + + + QSizePolicy::Fixed + + + + 20 + 20 + + + + + + + + Enforce Minimum TTL: + + + + + + + Enforce Maximum MSS: + + + + + + + Enforces a maximum Maximum Segment Size (MSS) in TCP packet headers. + + + 536 + + + 10000 + + + 1460 + + + + + + + Enforces a minimum Time To Live (TTL) in IP packet headers. + + + 0 + + + 100 + + + 1 + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 110 + + + + + + + + QFrame::HLine + + + QFrame::Sunken + + + Qt::Horizontal + + + + + + + Reassemble fragments + + + + + + + Qt::Horizontal + + + QSizePolicy::Fixed + + + + 40 + 100 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Fixed + + + + 60 + 20 + + + + + + + + Clears the don't fragment bit from the IP packet header. + + + Clear DF bit + + + + + + + Replaces the IP identification field of outgoing packets with random values to compensate for operating systems that use predictable values. + + + Use random ID + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 140 + 20 + + + + + + + + + 0 + 0 + + + + + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + + 0 + 0 + + + + Buffers incoming packet fragments and reassembles them into a complete packet before passing them to the filter engine. + + + Buffer and reassemble fragments (default) + + + + + + + + 0 + 0 + + + + Causes duplicate fragments to be dropped and any overlaps to be cropped. + + + Drop duplicate fragments, do not buffer and reassemble + + + + + + + + 0 + 0 + + + + Similar to 'Drop duplicate fragments' except that all duplicate or overlapping fragments will be dropped as well as any further corresponding fragments. + + + Drop duplicate and subsequent fragments + + + + + + + + + + + Limits + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + + 0 + 0 + + + + maximum number of entries in the memory pool used for packet reassembly + + + 0 + + + 100000 + + + 10 + + + 5000 + + + + + + + table-entries + + + + + + + + 0 + 0 + + + + maximum number of addresses that canbe stored in tables + + + 0 + + + 100000000 + + + 10 + + + 100000 + + + + + + + + 0 + 0 + + + + maximum number of entries in the memory pool used for state table entries + + + 0 + + + 100000 + + + 10 + + + 20000 + + + + + + + state table size: + + + + + + + reassembly pool: + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 310 + 20 + + + + + + + + + 0 + 0 + + + + maximum number of entries in the memory pool used for tracking source IP addresses + + + 0 + + + 100000 + + + 10 + + + 2000 + + + + + + + + 0 + 0 + + + + maximum number of tables that can exist in the memory simultaneously + + + 0 + + + 100000 + + + 10 + + + 1000 + + + + + + + tables + + + + + + + src-nodes + + + + + + + Qt::Horizontal + + + QSizePolicy::Fixed + + + + 40 + 99 + + + + + + + + Qt::Vertical + + + QSizePolicy::Fixed + + + + 20 + 20 + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 40 + + + + + + + + + Timeouts + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + When a packet matches a stateful connection, the seconds to live for the connection will be updated to the value which corresponds to the connection state. + + + Qt::AlignVCenter + + + true + + + + + + + TCP + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + + 0 + 0 + + + + first + + + + + + + + 0 + 0 + + + + The state after the first packet. + + + 0 + + + 100000 + + + 0 + + + + + + + opening + + + + + + + + 0 + 0 + + + + The state before the destination host ever sends a packet. + + + 0 + + + 100000 + + + 0 + + + + + + + established + + + + + + + + 0 + 0 + + + + The fully established state. + + + 0 + + + 100000 + + + 1 + + + 0 + + + + + + + + 0 + 0 + + + + The state after the first FIN has been sent. + + + 0 + + + 100000 + + + 0 + + + + + + + closing + + + + + + + + 0 + 0 + + + + The state after both FINs have been exchanged and the connection is closed. + + + 0 + + + 100000 + + + 0 + + + + + + + finwait + + + + + + + + 0 + 0 + + + + The state after one endpoint sends an RST. + + + 0 + + + 100000 + + + 0 + + + + + + + closed + + + + + + + + + + UDP + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + first + + + + + + + + 0 + 0 + + + + The state after the first packet. + + + 0 + + + 100000 + + + 0 + + + + + + + single + + + + + + + + 0 + 0 + + + + The state if the source host sends more than one packet but the destination host has never sent one back. + + + 0 + + + 100000 + + + 0 + + + + + + + multiple + + + + + + + + 0 + 0 + + + + The state if both hosts have sent packets. + + + 0 + + + 100000 + + + 0 + + + + + + + + + + ICMP + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + + 0 + 0 + + + + The state after the first packet. + + + 0 + + + 100000 + + + 0 + + + + + + + + 0 + 0 + + + + The state after an ICMP error came back in response to an ICMP packet. + + + 0 + + + 100000 + + + 0 + + + + + + + first + + + + + + + error + + + + + + + + + + Other Protocols + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + + 0 + 0 + + + + first + + + + + + + + 0 + 0 + + + + The state after the first packet. + + + 0 + + + 100000 + + + 0 + + + + + + + single + + + + + + + multiple + + + + + + + + 0 + 0 + + + + The state after the first packet. + + + 0 + + + 100000 + + + 0 + + + + + + + + 0 + 0 + + + + The state after the first packet. + + + 0 + + + 100000 + + + 0 + + + + + + + + + + Fragments + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + reassembly timeout + + + + + + + state expiration timeout + + + + + + + + 0 + 0 + + + + seconds between purges of expired states and packet fragments. + + + 1 + + + 1000 + + + 10 + + + + + + + + 0 + 0 + + + + seconds before an unassembled fragment is expired. + + + 1 + + + 1000 + + + 30 + + + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + Adaptive scaling + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + Timeout values can be reduced adaptively as the number of state table entries grows (see man page pf.conf(5) for details) + + + Qt::AlignVCenter + + + true + + + + + + + + 0 + 0 + + + + adaptive start + + + false + + + + + + + + 0 + 0 + + + + When the number of state entries exceeds this value, adaptive scaling begins. + + + 0 + + + 100000 + + + 0 + + + + + + + + 0 + 0 + + + + adaptive end + + + false + + + + + + + + 0 + 0 + + + + When reaching this number of state entries, all timeout val- ues become zero, effectively purging all state entries imme- diately. + + + 0 + + + 100000 + + + 0 + + + + + + + Activate adaptive timeout scaling + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + + + + Installer + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 80 + + + + + + + + External install script + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + + 0 + 0 + + + + + + + + + 0 + 0 + + + + Policy install script (using built-in installer if this field is blank): + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + false + + + + + + + + 0 + 0 + + + + Command line options for the script: + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + false + + + + + + + + 0 + 0 + + + + + + + + + + + Built-in installer + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + Alternative name or address used to communicate with the firewall (also putty session name on Windows) + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignTop + + + true + + + + + + + User name used to authenticate to the firewall (leave this empty if you use putty session): + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + + + + + Directory on the firewall where script should be installed + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + + + + + + 0 + 0 + + + + + + + + + 0 + 0 + + + + + + + + + 0 + 0 + + + + + + + + + 0 + 0 + + + + + + + + A command that installer should execute on the firewall in order to activate the policy (if this field is blank, installer runs firewall script in the directory specified above; it uses sudo if user name is not 'root') + + + Qt::AlignVCenter + + + true + + + + + + + + + Additional command line parameters for ssh + + + false + + + + + + + + 0 + 0 + + + + + + + + + + + + + + Prolog/Epilog + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + Edit + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + Qt::ScrollBarAlwaysOn + + + Qt::ScrollBarAlwaysOff + + + + + + + The following commands will be added verbatim after generated configuration + + + Qt::AlignVCenter + + + true + + + + + + + + + + + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + Edit + + + + + + + Qt::ScrollBarAlwaysOn + + + Qt::ScrollBarAlwaysOff + + + + + + + The following commands will be added verbatim on top of generated configuration + + + Qt::AlignVCenter + + + true + + + + + + + Insert prolog and epilog scripts + + + false + + + + + + + + 0 + 0 + + + + + in the activation shell script (.fw file) + + + + + in the pf rule file (.conf file) + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 410 + 20 + + + + + + + + + + + + Logging + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + Qt::Vertical + + + QSizePolicy::Fixed + + + + 20 + 20 + + + + + + + + Log Prefix + + + Qt::AlignCenter + + + false + + + + + + + Qt::Horizontal + + + QSizePolicy::Fixed + + + + 70 + 20 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 130 + 20 + + + + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 320 + + + + + + + + Fallback "deny all" rule should log blocked packets + + + + + + + + Script Options + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + Qt::Horizontal + + + QSizePolicy::Fixed + + + + 40 + 70 + + + + + + + + Add virtual addresses for NAT + + + + + + + Configure Interfaces of the firewall machine + + + + + + + Turn debugging on in generated script + + + + + + + These options enable auxiliary sections in the generated shell script. + + + Qt::AlignVCenter + + + true + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 230 + + + + + + + + Qt::Vertical + + + QSizePolicy::Fixed + + + + 20 + 20 + + + + + + + + + + + + + tabWidget3 + compiler + compilerArgs + outputFileName + pf_in_out_code + pf_pass_all_out + pf_accept_new_tcp_with_no_syn + pf_modulate_state + pf_check_shadowing + pf_ignore_empty_groups + pf_optimization + mgmt_ssh + mgmt_addr + buttonOk + buttonCancel + pf_scrub_no_df + pf_scrub_random_id + pf_scrub_use_minttl + pf_scrub_minttl + pf_scrub_use_maxmss + pf_scrub_maxmss + pf_do_scrub + pf_scrub_reassemble + pf_scrub_fragm_crop + pf_scrub_fragm_drop_ovl + pf_do_limit_frags + pf_limit_frags + pf_do_limit_states + pf_limit_states + pf_do_limit_src_nodes + pf_limit_src_nodes + pf_do_limit_tables + pf_limit_tables + pf_do_limit_table_entries + pf_limit_table_entries + pf_set_tcp_first + pf_tcp_first + pf_set_tcp_opening + pf_tcp_opening + pf_set_tcp_established + pf_tcp_established + pf_set_tcp_closing + pf_tcp_closing + pf_set_tcp_finwait + pf_tcp_finwait + pf_set_tcp_closed + pf_tcp_closed + pf_set_udp_first + pf_udp_first + pf_set_udp_single + pf_udp_single + pf_set_udp_multiple + pf_udp_multiple + pf_set_icmp_first + pf_icmp_first + pf_set_icmp_error + pf_icmp_error + pf_set_other_first + pf_other_first + pf_set_other_single + pf_other_single + pf_set_other_multiple + pf_other_multiple + pf_do_timeout_interval + pf_timeout_interval + pf_do_timeout_frag + pf_timeout_frag + pf_set_adaptive + pf_adaptive_start + pf_adaptive_end + pf_fw_dir + pf_user + altAddress + activationCmd + sshArgs + installScript + installScriptArgs + prologPlace + prolog_script + edit_prolog_button + epilog_script + edit_epilog_button + pf_log_prefix + pf_fallback_log + pf_debug + pf_configure_interfaces + pf_manage_virtual_addr + + + + + + buttonOk + clicked() + pfAdvancedDialog_q + accept() + + + 20 + 20 + + + 20 + 20 + + + + + buttonCancel + clicked() + pfAdvancedDialog_q + reject() + + + 20 + 20 + + + 20 + 20 + + + + + pf_do_scrub + toggled(bool) + pfAdvancedDialog_q + doScrubToggled() + + + 20 + 20 + + + 20 + 20 + + + + + pf_set_tcp_first + toggled(bool) + pfAdvancedDialog_q + ltToggled() + + + 20 + 20 + + + 20 + 20 + + + + + pf_set_tcp_opening + toggled(bool) + pfAdvancedDialog_q + ltToggled() + + + 20 + 20 + + + 20 + 20 + + + + + pf_set_tcp_established + toggled(bool) + pfAdvancedDialog_q + ltToggled() + + + 20 + 20 + + + 20 + 20 + + + + + pf_set_tcp_closing + toggled(bool) + pfAdvancedDialog_q + ltToggled() + + + 20 + 20 + + + 20 + 20 + + + + + pf_set_tcp_finwait + toggled(bool) + pfAdvancedDialog_q + ltToggled() + + + 20 + 20 + + + 20 + 20 + + + + + pf_set_tcp_closed + toggled(bool) + pfAdvancedDialog_q + ltToggled() + + + 20 + 20 + + + 20 + 20 + + + + + pf_set_udp_first + toggled(bool) + pfAdvancedDialog_q + ltToggled() + + + 20 + 20 + + + 20 + 20 + + + + + pf_set_udp_single + toggled(bool) + pfAdvancedDialog_q + ltToggled() + + + 20 + 20 + + + 20 + 20 + + + + + pf_set_udp_multiple + toggled(bool) + pfAdvancedDialog_q + ltToggled() + + + 20 + 20 + + + 20 + 20 + + + + + pf_set_icmp_first + toggled(bool) + pfAdvancedDialog_q + ltToggled() + + + 20 + 20 + + + 20 + 20 + + + + + pf_set_icmp_error + toggled(bool) + pfAdvancedDialog_q + ltToggled() + + + 20 + 20 + + + 20 + 20 + + + + + pf_set_other_first + toggled(bool) + pfAdvancedDialog_q + ltToggled() + + + 20 + 20 + + + 20 + 20 + + + + + pf_set_other_single + toggled(bool) + pfAdvancedDialog_q + ltToggled() + + + 20 + 20 + + + 20 + 20 + + + + + pf_set_other_multiple + toggled(bool) + pfAdvancedDialog_q + ltToggled() + + + 20 + 20 + + + 20 + 20 + + + + + pf_set_adaptive + toggled(bool) + pfAdvancedDialog_q + ltToggled() + + + 20 + 20 + + + 20 + 20 + + + + + edit_epilog_button + clicked() + pfAdvancedDialog_q + editEpilog() + + + 20 + 20 + + + 20 + 20 + + + + + edit_prolog_button + clicked() + pfAdvancedDialog_q + editProlog() + + + 20 + 20 + + + 20 + 20 + + + + + pf_do_limit_frags + toggled(bool) + pfAdvancedDialog_q + ltToggled() + + + 20 + 20 + + + 20 + 20 + + + + + pf_do_limit_states + toggled(bool) + pfAdvancedDialog_q + ltToggled() + + + 20 + 20 + + + 20 + 20 + + + + + pf_do_limit_src_nodes + toggled(bool) + pfAdvancedDialog_q + ltToggled() + + + 20 + 20 + + + 20 + 20 + + + + + pf_do_limit_tables + toggled(bool) + pfAdvancedDialog_q + ltToggled() + + + 20 + 20 + + + 20 + 20 + + + + + pf_do_limit_table_entries + toggled(bool) + pfAdvancedDialog_q + ltToggled() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/physaddressdialog_q.ui b/src/gui/physaddressdialog_q.ui new file mode 100644 index 000000000..072147841 --- /dev/null +++ b/src/gui/physaddressdialog_q.ui @@ -0,0 +1,366 @@ + + PhysAddressDialog_q + + + true + + + + 0 + 0 + 562 + 272 + + + + physAddress + + + + 11 + + + 6 + + + + + 0 + + + 6 + + + + + + 5 + 0 + 0 + 0 + + + + QFrame::Box + + + QFrame::Sunken + + + + 5 + + + 6 + + + + + + 75 + true + + + + MAC Address + + + false + + + + + + + + 0 + 0 + 0 + 0 + + + + + + + true + + + false + + + + + + + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 10 + + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 6 + + + + + 0 + + + 6 + + + + + + 5 + 0 + 0 + 0 + + + + + + + + Name: + + + false + + + + + + + Library: + + + false + + + + + + + + 1 + 0 + 0 + 0 + + + + + + + + + + Physical address (MAC): + + + false + + + + + + + + 5 + 0 + 0 + 0 + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + + + + + 7 + 7 + 0 + 100 + + + + + 200 + 0 + + + + true + + + + + + + Comment: + + + false + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 41 + 20 + + + + + + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + + obj_name + libs + pAddress + comment + + + + + obj_name + textChanged(QString) + PhysAddressDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + libs + activated(int) + PhysAddressDialog_q + libChanged() + + + 20 + 20 + + + 20 + 20 + + + + + pAddress + textChanged(QString) + PhysAddressDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + comment + textChanged() + PhysAddressDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/pixAdvancedDialog.cpp b/src/gui/pixAdvancedDialog.cpp new file mode 100644 index 000000000..b1ee3bbf8 --- /dev/null +++ b/src/gui/pixAdvancedDialog.cpp @@ -0,0 +1,882 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: pixAdvancedDialog.cpp,v 1.30 2007/01/06 22:03:25 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "pixAdvancedDialog.h" +#include "SimpleTextEditor.h" +#include "ObjectManipulator.h" +#include "FWWindow.h" +#include "FWBSettings.h" + +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Management.h" +#include "fwbuilder/Resources.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/XMLTools.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#include + +using namespace std; +using namespace libfwbuilder; + + +pixAdvancedDialog::pixAdvancedDialog(QWidget *parent,FWObject *o)//(parent) +{ + m_dialog = new Ui::pixAdvancedDialog_q; + m_dialog->setupUi(static_cast(this)); + obj=o; + + Firewall *fw=Firewall::cast(obj); + FWOptions *fwopt=fw->getOptionsObject(); + string compiler=fwopt->getStr("compiler"); + if (compiler=="") + { + compiler=Resources::platform_res[fw->getStr("platform")]->getCompiler(); + } +/* + * On Unix compilers are installed in the standard place and are + * accessible via PATH. On Windows and Mac they get installed in + * unpredictable directories and need to be found + * + * first, check if user specified an absolute path for the compiler, + * then check if compiler is registsred in preferences, and if not, + * look for it in appRootDir and if it is not there, rely on PATH + */ +#if defined(Q_OS_WIN32) || defined(Q_OS_MACX) + + if ( ! QFile::exists( compiler.c_str() ) ) + { + string ts = string("Compilers/")+compiler; + QString cmppath = st->getStr( ts.c_str() ); + if (!cmppath.isEmpty()) compiler=cmppath.toLatin1().constData(); + else + { + /* try to find compiler in appRootDir. */ + string ts = appRootDir + FS_SEPARATOR + compiler; + if ( QFile::exists( ts.c_str() ) ) + compiler = appRootDir + FS_SEPARATOR + compiler; + } + } +#endif + + fwb_pix_proc = new QProcess(); + + connect(fwb_pix_proc, SIGNAL(readyReadStandardOutput()), this, SLOT(readFromStdout() ) ); + connect(fwb_pix_proc, SIGNAL(readyReadStandardError()), this, SLOT(readFromStderr() ) ); + connect(fwb_pix_proc, SIGNAL(stateChanged( QProcess::ProcessState )), this, SLOT(fwb_pix_Finished( QProcess::ProcessState ) ) ); + connect(fwb_pix_proc, SIGNAL(bytesWritten(qint64)), this, SLOT(allXMLSent() ) ); + + compilerPath = compiler.c_str(); + argumentList << "-f" << "-" << "-i" << fw->getName().c_str(); + + string vers="version_"+obj->getStr("version"); + string platform = obj->getStr("platform"); // could be 'pix' or 'fwsm' + + QString s; + QStringList logLevels; + QStringList logLevelMapping; + logLevelMapping.push_back(""); + logLevelMapping.push_back(""); + +/* filling pop-down menu and pushing the same strings to the mapping + * list at the same time so we could use translation + */ + s=QObject::tr("0 - System Unusable"); + logLevels.push_back(s); + logLevelMapping.push_back(s); + logLevelMapping.push_back("0"); + + s=QObject::tr("1 - Take Immediate Action"); + logLevels.push_back(s); + logLevelMapping.push_back(s); + logLevelMapping.push_back("1"); + + s=QObject::tr("2 - Critical Condition"); + logLevels.push_back(s); + logLevelMapping.push_back(s); + logLevelMapping.push_back("2"); + + s=QObject::tr("3 - Error Message"); + logLevels.push_back(s); + logLevelMapping.push_back(s); + logLevelMapping.push_back("3"); + + s=QObject::tr("4 - Warning Message"); + logLevels.push_back(s); + logLevelMapping.push_back(s); + logLevelMapping.push_back("4"); + + s=QObject::tr("5 - Normal but significant condition"); + logLevels.push_back(s); + logLevelMapping.push_back(s); + logLevelMapping.push_back("5"); + + s=QObject::tr("6 - Informational"); + logLevels.push_back(s); + logLevelMapping.push_back(s); + logLevelMapping.push_back("6"); + + s=QObject::tr("7 - Debug Message"); + logLevels.push_back(s); + logLevelMapping.push_back(s); + logLevelMapping.push_back("7"); + +/* do not need to translate syslog facilities, but will use the same + * method just in case */ + + QStringList syslogFacilities; + QStringList syslogFacilityMapping; + syslogFacilities.push_back(""); + syslogFacilityMapping.push_back(""); + syslogFacilityMapping.push_back(""); + + syslogFacilities.push_back("LOCAL0"); + syslogFacilityMapping.push_back("LOCAL0"); + syslogFacilityMapping.push_back("16"); + + syslogFacilities.push_back("LOCAL1"); + syslogFacilityMapping.push_back("LOCAL1"); + syslogFacilityMapping.push_back("17"); + + syslogFacilities.push_back("LOCAL2"); + syslogFacilityMapping.push_back("LOCAL2"); + syslogFacilityMapping.push_back("18"); + + syslogFacilities.push_back("LOCAL3"); + syslogFacilityMapping.push_back("LOCAL3"); + syslogFacilityMapping.push_back("19"); + + syslogFacilities.push_back("LOCAL4"); + syslogFacilityMapping.push_back("LOCAL4"); + syslogFacilityMapping.push_back("20"); + + syslogFacilities.push_back("LOCAL5"); + syslogFacilityMapping.push_back("LOCAL5"); + syslogFacilityMapping.push_back("21"); + + syslogFacilities.push_back("LOCAL6"); + syslogFacilityMapping.push_back("LOCAL6"); + syslogFacilityMapping.push_back("22"); + + syslogFacilities.push_back("LOCAL7"); + syslogFacilityMapping.push_back("LOCAL7"); + syslogFacilityMapping.push_back("23"); + + + + FWOptions *fwoptions=(Firewall::cast(obj))->getOptionsObject(); + assert(fwoptions!=NULL); + + bool f1=fwoptions->getBool("pix_acl_basic"); + bool f2=fwoptions->getBool("pix_acl_no_clear"); + bool f3=fwoptions->getBool("pix_acl_substitution"); + bool f4=fwoptions->getBool("pix_add_clear_statements"); + + /* + * If none of the new pix_acl_* options is set and old pix_add_clear_statements + * option is true, set pix_acl_basic to true. + * + * If old option pix_add_clear_statements iss false, set + * pix_acl_no_clear to true + */ + if (!f1 && !f2 && !f3) + { + if ( f4 ) fwoptions->setBool("pix_acl_basic",true); + else fwoptions->setBool("pix_acl_no_clear",true); + } + + Management *mgmt=(Firewall::cast(obj))->getManagementObject(); + assert(mgmt!=NULL); + +/* Page "Compiler Options" */ + + bool outboundACLSupported= (Resources::platform_res[platform]->getResourceBool( + "/FWBuilderResources/Target/options/"+vers+"/pix_outbound_acl_supported") ); + + if (outboundACLSupported) + m_dialog->pix_emulate_out_acl->hide(); + else + m_dialog->pix_generate_out_acl->hide(); + + data.registerOption( m_dialog->outputFileName , fwoptions, + "output_file" ); + + data.registerOption( m_dialog->pix_assume_fw_part_of_any , fwoptions, + "pix_assume_fw_part_of_any" ); + + data.registerOption( m_dialog->pix_replace_natted_objects , fwoptions, + "pix_replace_natted_objects" ); + + data.registerOption( m_dialog->pix_emulate_out_acl , fwoptions, + "pix_emulate_out_acl" ); + + data.registerOption( m_dialog->pix_generate_out_acl , fwoptions, + "pix_generate_out_acl" ); + + + data.registerOption( m_dialog->pix_acl_basic , fwoptions, + "pix_acl_basic" ); + +/* + data.registerOption( m_dialog->pix_acl_alwaysNew , fwoptions, + "pix_acl_always_new" ); +*/ + + data.registerOption( m_dialog->pix_acl_no_clear , fwoptions, + "pix_acl_no_clear" ); + + data.registerOption( m_dialog->pix_acl_substitution , fwoptions, + "pix_acl_substitution" ); + + data.registerOption( m_dialog->pix_acl_temp_addr , fwoptions, + "pix_acl_temp_addr" ); + + + data.registerOption( m_dialog->pix_include_comments , fwoptions, + "pix_include_comments" ); + + data.registerOption( m_dialog->pix_use_acl_remarks , fwoptions, + "pix_use_acl_remarks" ); + + data.registerOption( m_dialog->pix_regroup_commands , fwoptions, + "pix_regroup_commands" ); + + data.registerOption( m_dialog->pix_use_manual_commit , fwoptions, + "pix_use_manual_commit" ); + + m_dialog->pix_use_manual_commit->setEnabled(platform=="fwsm"); +/* + data.registerOption( m_dialog->pix_add_clear_statements , fwoptions, + "pix_add_clear_statements" ); +*/ + + data.registerOption( m_dialog->pix_optimize_default_nat , fwoptions, + "pix_optimize_default_nat" ); + + data.registerOption( m_dialog->pix_check_shadowing , fwoptions, + "check_shading" ); + + data.registerOption( m_dialog->pix_ignore_empty_groups , fwoptions, + "ignore_empty_groups" ); + + + data.registerOption( m_dialog->pix_check_duplicate_nat , fwoptions, + "pix_check_duplicate_nat" ); + + data.registerOption( m_dialog->pix_check_overlapping_global_pools , fwoptions, + "pix_check_overlapping_global_pools" ); + + data.registerOption( m_dialog->pix_check_overlapping_statics , fwoptions, + "pix_check_overlapping_statics" ); + + data.registerOption( m_dialog->pix_check_overlapping_global_statics , fwoptions, + "pix_check_overlapping_global_statics" ); + + data.registerOption( m_dialog->mgmt_ssh , fwoptions, "mgmt_ssh" ); + data.registerOption( m_dialog->mgmt_addr , fwoptions, "mgmt_addr" ); + +/* page Installer */ + + data.registerOption( m_dialog->user ,fwoptions, "admUser" ); + data.registerOption( m_dialog->altAddress ,fwoptions, "altAddress" ); + data.registerOption( m_dialog->sshArgs ,fwoptions, "sshArgs" ); + + PolicyInstallScript *pis = mgmt->getPolicyInstallScript(); + + m_dialog->installScript->setText( pis->getCommand().c_str() ); + m_dialog->installScriptArgs->setText( pis->getArguments().c_str() ); + + +/* page "Prolog/Epilog" */ + data.registerOption( m_dialog->pix_prolog_script , fwoptions, + "pix_prolog_script" ); + + data.registerOption( m_dialog->pix_epilog_script , fwoptions, + "pix_epilog_script" ); + +/* page "Timeouts" */ + data.registerOption( m_dialog->xlate_hh , fwoptions, "xlate_hh" ); + data.registerOption( m_dialog->xlate_mm , fwoptions, "xlate_mm" ); + data.registerOption( m_dialog->xlate_ss , fwoptions, "xlate_ss" ); + + data.registerOption( m_dialog->conn_hh , fwoptions, "conn_hh" ); + data.registerOption( m_dialog->conn_mm , fwoptions, "conn_mm" ); + data.registerOption( m_dialog->conn_ss , fwoptions, "conn_ss" ); + + data.registerOption( m_dialog->udp_hh , fwoptions, "udp_hh" ); + data.registerOption( m_dialog->udp_mm , fwoptions, "udp_mm" ); + data.registerOption( m_dialog->udp_ss , fwoptions, "udp_ss" ); + + data.registerOption( m_dialog->rpc_hh , fwoptions, "rpc_hh" ); + data.registerOption( m_dialog->rpc_mm , fwoptions, "rpc_mm" ); + data.registerOption( m_dialog->rpc_ss , fwoptions, "rpc_ss" ); + + data.registerOption( m_dialog->h323_hh , fwoptions, "h323_hh" ); + data.registerOption( m_dialog->h323_mm , fwoptions, "h323_mm" ); + data.registerOption( m_dialog->h323_ss , fwoptions, "h323_ss" ); + + data.registerOption( m_dialog->sip_hh , fwoptions, "sip_hh" ); + data.registerOption( m_dialog->sip_mm , fwoptions, "sip_mm" ); + data.registerOption( m_dialog->sip_ss , fwoptions, "sip_ss" ); + + data.registerOption( m_dialog->sip_media_hh , fwoptions, "sip_media_hh" ); + data.registerOption( m_dialog->sip_media_mm , fwoptions, "sip_media_mm" ); + data.registerOption( m_dialog->sip_media_ss , fwoptions, "sip_media_ss" ); + + data.registerOption( m_dialog->half_closed_hh , fwoptions, "half-closed_hh"); + data.registerOption( m_dialog->half_closed_mm , fwoptions, "half-closed_mm"); + data.registerOption( m_dialog->half_closed_ss , fwoptions, "half-closed_ss"); + + data.registerOption( m_dialog->uauth_hh , fwoptions, "uauth_hh" ); + data.registerOption( m_dialog->uauth_mm , fwoptions, "uauth_mm" ); + data.registerOption( m_dialog->uauth_ss , fwoptions, "uauth_ss" ); + data.registerOption( m_dialog->uauth_abs , fwoptions, "uauth_abs" ); + data.registerOption( m_dialog->uauth_inact , fwoptions, "uauth_inact" ); + + data.registerOption( m_dialog->telnet_timeout , fwoptions, "pix_telnet_timeout"); + data.registerOption( m_dialog->ssh_timeout , fwoptions, "pix_ssh_timeout" ); + +/* page Fixups */ + + allFixups.push_back(fixupControl( m_dialog->pix_ctiqbe_switch, m_dialog->pix_ctiqbe_port, NULL, NULL, "ctiqbe_fixup" , "ctiqbe" , 0)); + allFixups.push_back(fixupControl( m_dialog->pix_dns_switch, m_dialog->pix_dns_max_length, NULL, NULL, "dns_fixup" , "dns" , 1)); + allFixups.push_back(fixupControl( m_dialog->pix_espike_switch, NULL, NULL, NULL, "espike_fixup" , "esp-ike" , 2)); + allFixups.push_back(fixupControl( m_dialog->pix_ftp_switch, m_dialog->pix_ftp_port, NULL, m_dialog->pix_ftp_strict, "ftp_fixup" , "ftp" , 3)); + allFixups.push_back(fixupControl( m_dialog->pix_h323h225_switch, m_dialog->pix_h323h225_port1, m_dialog->pix_h323h225_port2, NULL, "h323_h225_fixup" , "h323 h225" , 4)); + allFixups.push_back(fixupControl( m_dialog->pix_h323ras_switch, m_dialog->pix_h323ras_port1, m_dialog->pix_h323ras_port2, NULL, "h323_ras_fixup" , "h323 ras" , 5)); + allFixups.push_back(fixupControl( m_dialog->pix_http_switch, m_dialog->pix_http_port1, m_dialog->pix_http_port2, NULL, "http_fixup" , "http" , 6)); + allFixups.push_back(fixupControl( m_dialog->pix_icmperror_switch, NULL, NULL, NULL, "icmp_error_fixup", "icmp error", 7)); + allFixups.push_back(fixupControl( m_dialog->pix_ils_switch, m_dialog->pix_ils_port1, m_dialog->pix_ils_port2, NULL, "ils_fixup" , "ils" , 8)); + allFixups.push_back(fixupControl( m_dialog->pix_mgcp_switch, m_dialog->pix_mgcp_gateway_port, m_dialog->pix_mgcp_call_agent_port, NULL, "mgcp_fixup" , "mgcp" , 9)); + allFixups.push_back(fixupControl( m_dialog->pix_pptp_switch, m_dialog->pix_pptp_port, NULL, NULL, "pptp_fixup" , "pptp" , 10)); + allFixups.push_back(fixupControl( m_dialog->pix_rsh_switch, m_dialog->pix_rsh_port1, NULL, NULL, "rsh_fixup" , "rsh" , 11)); + allFixups.push_back(fixupControl( m_dialog->pix_rtsp_switch, m_dialog->pix_rtsp_port, NULL, NULL, "rtsp_fixup" , "rtsp" , 12)); + allFixups.push_back(fixupControl( m_dialog->pix_sip_switch, m_dialog->pix_sip_port1, m_dialog->pix_sip_port2, NULL, "sip_fixup" , "sip" , 13)); + allFixups.push_back(fixupControl( m_dialog->pix_sipudp_switch, m_dialog->pix_sip_udp_port1, NULL, NULL, "sip_udp_fixup" , "sip udp" , 14)); + allFixups.push_back(fixupControl( m_dialog->pix_skinny_switch, m_dialog->pix_skinny_port1, m_dialog->pix_skinny_port2, NULL, "skinny_fixup" , "skinny" , 15)); + allFixups.push_back(fixupControl( m_dialog->pix_smtp_switch, m_dialog->pix_smtp_port1, m_dialog->pix_smtp_port2, NULL, "smtp_fixup" , "smtp" , 16)); + allFixups.push_back(fixupControl( m_dialog->pix_sqlnet_switch, m_dialog->pix_sqlnet_port1, m_dialog->pix_sqlnet_port2, NULL, "sqlnet_fixup" , "sqlnet" , 17)); + allFixups.push_back(fixupControl( m_dialog->pix_tftp_switch, m_dialog->pix_tftp_port, NULL, NULL, "tftp_fixup" , "tftp" , 18)); + + string lst=Resources::platform_res[platform]->getResourceStr( + "/FWBuilderResources/Target/options/"+vers+"/fixups/list"); + + if (fwbdebug) + qDebug("pixAdvancedDialog::pixAdvancedDialog lst = %s",lst.c_str()); + + + for (list::iterator fi=allFixups.begin(); fi!=allFixups.end(); fi++) + { + qDebug("pixAdvancedDialog::pixAdvancedDialog fwo = %s",fi->fwoption.toAscii().constData()); + + if (fi->switch_widget!=NULL) connect( fi->switch_widget, SIGNAL(activated(int)), + this, SLOT(fixupCmdChanged()) ); + + if (fi->arg1!=NULL) connect( fi->arg1, SIGNAL(valueChanged(int)), + this, SLOT(fixupCmdChanged()) ); + + if (fi->arg2!=NULL) connect( fi->arg2, SIGNAL(valueChanged(int)), + this, SLOT(fixupCmdChanged()) ); + + if (fi->arg3!=NULL) connect( fi->arg3, SIGNAL(clicked()), + this, SLOT(fixupCmdChanged()) ); + + string::size_type i,j; + i=0; + bool present=false; + while ( ifwoption) + { present=true; break; } + if (j==string::npos) break; + i=j+1; + } + if (!present) + { + fi->active=false; + m_dialog->fixup_notebook->setTabEnabled( fi->page, false ); + } + } + +/* page Logging */ + + m_dialog->emblem_log_format->setEnabled( + Resources::platform_res[platform]->getResourceBool( + "/FWBuilderResources/Target/options/"+vers+"/pix_emblem_log_format") ); + + + syslogDeviceIdSupported= (Resources::platform_res[platform]->getResourceBool( + "/FWBuilderResources/Target/options/"+vers+"/pix_syslog_device_id_supported") ); + + m_dialog->syslog_device_id_hostname->setEnabled(syslogDeviceIdSupported); + m_dialog->syslog_device_id_interface->setEnabled(syslogDeviceIdSupported); + m_dialog->syslog_device_id_interface_val->setEnabled(syslogDeviceIdSupported); + m_dialog->syslog_device_id_string->setEnabled(syslogDeviceIdSupported); + m_dialog->syslog_device_id_string_val->setEnabled(syslogDeviceIdSupported); + + + data.registerOption( m_dialog->syslog_host, fwoptions, "pix_syslog_host"); + data.registerOption( m_dialog->syslog_queue_size, fwoptions, "pix_syslog_queue_size" ); + + m_dialog->syslog_facility->clear(); + m_dialog->syslog_facility->addItems( syslogFacilities ); + data.registerOption( m_dialog->syslog_facility, fwoptions, + "pix_syslog_facility", syslogFacilityMapping); + + m_dialog->logging_trap_level->clear(); + m_dialog->logging_trap_level->addItems(logLevels); + + data.registerOption( m_dialog->logging_trap_level, fwoptions, + "pix_logging_trap_level", logLevelMapping); + + + data.registerOption( m_dialog->emblem_log_format, fwoptions, "pix_emblem_log_format"); + + + + QStringList interfaces; + list l2=obj->getByType(Interface::TYPENAME); + for (list::iterator i=l2.begin(); i!=l2.end(); ++i) + interfaces.push_back( (Interface::cast(*i))->getLabel().c_str() ); + + m_dialog->syslog_device_id_interface_val->addItems(interfaces); + + if (syslogDeviceIdSupported) + { + string s=fwoptions->getStr("pix_syslog_device_id_opt"); + string v=fwoptions->getStr("pix_syslog_device_id_val"); + if (s=="hostname") m_dialog->syslog_device_id_hostname->setChecked(true); + if (s=="interface") + { + m_dialog->syslog_device_id_interface->setChecked(true); + m_dialog->syslog_device_id_interface_val->setCurrentIndex( + m_dialog->syslog_device_id_interface_val->findText(v.c_str())); + } + if (s=="string") + { + m_dialog->syslog_device_id_string->setChecked(true); + m_dialog->syslog_device_id_string_val->setText(v.c_str()); + } + } + + data.registerOption( m_dialog->logging_timestamp, fwoptions, "pix_logging_timestamp"); + + data.registerOption( m_dialog->logging_buffered, fwoptions, "pix_logging_buffered"); + + m_dialog->logging_buffered_level->clear(); + m_dialog->logging_buffered_level->addItems(logLevels); + data.registerOption( m_dialog->logging_buffered_level, fwoptions, + "pix_logging_buffered_level", logLevelMapping); + + data.registerOption( m_dialog->logging_console, fwoptions, "pix_logging_console"); + + m_dialog->logging_console_level->clear(); + m_dialog->logging_console_level->addItems(logLevels); + data.registerOption( m_dialog->logging_console_level,fwoptions, + "pix_logging_console_level", logLevelMapping); + + +/* page Options */ + + m_dialog->fragguard->setEnabled( + Resources::platform_res[platform]->getResourceBool( + "/FWBuilderResources/Target/options/"+vers+"/pix_security_fragguard_supported") ); + + m_dialog->route_dnat->setEnabled( + Resources::platform_res[platform]->getResourceBool( + "/FWBuilderResources/Target/options/"+vers+"/pix_route_dnat_supported") ); + + data.registerOption( m_dialog->fragguard, fwoptions, "pix_fragguard" ); + data.registerOption( m_dialog->route_dnat, fwoptions, "pix_route_dnat" ); + + data.registerOption( m_dialog->resetinbound, fwoptions, "pix_resetinbound" ); + data.registerOption( m_dialog->resetoutside, fwoptions, "pix_resetoutside" ); + + data.registerOption( m_dialog->connection_timewait, fwoptions, "pix_connection_timewait" ); + data.registerOption( m_dialog->floodguard, fwoptions, "pix_floodguard" ); + data.registerOption( m_dialog->nodnsalias_inbound, fwoptions, "pix_nodnsalias_inbound" ); + data.registerOption( m_dialog->nodnsalias_outbound, fwoptions, "pix_nodnsalias_outbound" ); + + data.registerOption( m_dialog->max_conns, fwoptions, "pix_max_conns" ); + data.registerOption( m_dialog->emb_limit, fwoptions, "pix_emb_limit" ); + + data.loadAll(); + loadFixups(); + updateFixupCommandsDisplay(); + scriptACLModeChanged(); +} + +pixAdvancedDialog::~pixAdvancedDialog() +{ + delete m_dialog; +} + +/* + * items in the switch_widget (QComboBox) are layed out as follows: + * + * Skip - item 0 + * Enable - item 1 + * Disable - item 2 + * + * values in the attribute in the FirewallOptions object are as follows: + * + * 0 - enable + * 1 - disable + * 2 - skip + * + * this is historical. + */ +static int fixupOpt2Widget[] = { 1, 2, 0 }; +static int fixupWidget2Opt[] = { 2, 0, 1 }; + +int pixAdvancedDialog::translateFixupSwitchFromOptionToWidget(int o) +{ + return fixupOpt2Widget[o]; +} + +int pixAdvancedDialog::translateFixupSwitchFromWidgetToOption(int w) +{ + return fixupWidget2Opt[w]; +} + +void pixAdvancedDialog::enableAllFixups() { changeAllFixups(0); } +void pixAdvancedDialog::disableAllFixups() { changeAllFixups(1); } +void pixAdvancedDialog::skipAllFixups() { changeAllFixups(2); } + +void pixAdvancedDialog::changeAllFixups(int state) +{ + for (list::iterator fi=allFixups.begin(); fi!=allFixups.end(); fi++) + { + if (!fi->active) continue; + + fi->switch_widget->setCurrentIndex( + translateFixupSwitchFromOptionToWidget(state) ); + } + updateFixupCommandsDisplay(); +} + +void pixAdvancedDialog::loadFixups() +{ + FWOptions *options=(Firewall::cast(obj))->getOptionsObject(); + assert(options!=NULL); + + for (list::iterator fi=allFixups.begin(); fi!=allFixups.end(); fi++) + { + if (!fi->active) continue; + string f=options->getStr(fi->fwoption.toLatin1().constData()); + if (!f.empty()) + { +// "0" means "fixup" or "enable" in a pop-down menu (historical) +// "1" means "no fixup" or "disable" in a pop-down menu (historical) + int sw; + + int p1,p2; // two port numbers + string arg3n; // option name + bool arg3v; // option state (on/off) + + istringstream str(f); + + str >> sw >> p1 >> p2 >> arg3n >> arg3v; + + if (arg3n=="nil") arg3n=""; + + fi->switch_widget->setCurrentIndex( + translateFixupSwitchFromOptionToWidget(sw) ); + +/* if values are 0 in the data file, we stick with defaults. Defaults are preconfigured + * in the GUI (via appropriate settings in pix.glade file */ + if (fi->arg1 && p1!=0) fi->arg1->setValue(p1); + if (fi->arg2 && p2!=0) fi->arg2->setValue(p2); + if (fi->arg3) fi->arg3->setChecked(arg3v); + + } else { + fi->switch_widget->setCurrentIndex(0); + } + } +} + +void pixAdvancedDialog::saveFixups() +{ + FWOptions *options=(Firewall::cast(obj))->getOptionsObject(); + assert(options!=NULL); + + for (list::iterator fi=allFixups.begin(); fi!=allFixups.end(); fi++) + { + string name=fi->fwoption.toLatin1().constData(); + int sw=translateFixupSwitchFromWidgetToOption( + fi->switch_widget->currentIndex()); + + int p1 =(fi->arg1)?fi->arg1->value():0; + int p2 =(fi->arg2)?fi->arg2->value():0; + string on =(name=="ftp_fixup")?"strict":"nil"; + bool ov =(fi->arg3)?fi->arg3->isChecked():false; + + if (!fi->active) sw=2; + + ostringstream str; + str << sw << " " << p1 << " " << p2 << " " << on << " " << int(ov); + + options->setStr( fi->fwoption.toLatin1().constData() , str.str() ); + } +} + +void pixAdvancedDialog::displayCommands() +{ + m_dialog->pix_generated_fixup->setText(""); + +/* + * need to copy information from widgets that control fixups into + * firewall object's options, so that when we dump the database into + * memory buffer, we get updated info + */ + saveFixups(); + + xmlChar *buffer; + int bufsize; + mw->db()->saveToBuffer(&buffer,&bufsize); + proc_buffer = (char*)buffer; + FREEXMLBUFF(buffer); + + fwb_pix_proc->start(compilerPath, argumentList); + if ( !fwb_pix_proc->waitForStarted() ) + { + m_dialog->pix_generated_fixup->append( + tr("Error: Policy compiler for PIX is not installed") ); + } + + fwb_pix_proc->write(proc_buffer.toAscii()); +} + +void pixAdvancedDialog::allXMLSent() +{ + fwb_pix_proc->closeWriteChannel(); +} + +void pixAdvancedDialog::readFromStdout() +{ + m_dialog->pix_generated_fixup->append( QString( fwb_pix_proc->readAllStandardOutput() ) ); +} + +void pixAdvancedDialog::readFromStderr() +{ + m_dialog->pix_generated_fixup->append( QString( fwb_pix_proc->readAllStandardError() ) ); +} + +void pixAdvancedDialog::fwb_pix_Finished( QProcess::ProcessState newState ) +{ + if (newState != QProcess::NotRunning) return; + + if (fwb_pix_proc->exitStatus() != QProcess::NormalExit) + m_dialog->pix_generated_fixup->append( tr("Compiler error") ); +} + + +void pixAdvancedDialog::updateFixupCommandsDisplay() +{ + + m_dialog->pix_generated_fixup->setText(""); + return; + + QString stdoutBuffer; + + fwb_pix_proc->start(compilerPath, argumentList); + if ( !fwb_pix_proc->waitForStarted() ) + { + m_dialog->pix_generated_fixup->append( tr("Error: Policy compiler for PIX is not installed") ); + } + return; +} + +void pixAdvancedDialog::fixupCmdChanged() +{ + updateFixupCommandsDisplay(); +} + +/* + * store all data in the object + */ +void pixAdvancedDialog::accept() +{ + FWOptions *options=(Firewall::cast(obj))->getOptionsObject(); + assert(options!=NULL); + + Management *mgmt=(Firewall::cast(obj))->getManagementObject(); + assert(mgmt!=NULL); + + data.saveAll(); + saveFixups(); + +// PolicyInstallScript *pis = mgmt->getPolicyInstallScript(); +// pis->setCommand( installScript->text() ); +// pis->setArguments( installScriptArgs->text() ); + + mgmt->setAddress( (Firewall::cast(obj))->getAddress() ); + + + if (syslogDeviceIdSupported) + { + QString s,v; + s=""; + v=""; + if (m_dialog->syslog_device_id_hostname->isChecked()) s="hostname"; + if (m_dialog->syslog_device_id_interface->isChecked()) + { + s="interface"; + v=m_dialog->syslog_device_id_interface_val->currentText(); + } + if (m_dialog->syslog_device_id_string->isChecked()) + { + s="string"; + v=m_dialog->syslog_device_id_string_val->text(); + } + + options->setStr("pix_syslog_device_id_opt",s.toLatin1().constData()); + options->setStr("pix_syslog_device_id_val",v.toLatin1().constData()); + } + + PolicyInstallScript *pis = mgmt->getPolicyInstallScript(); + pis->setCommand( m_dialog->installScript->text().toLatin1().constData() ); + pis->setArguments( m_dialog->installScriptArgs->text().toLatin1().constData() ); + + om->updateLastModifiedTimestampForAllFirewalls(obj); + QDialog::accept(); +} + +void pixAdvancedDialog::reject() +{ + QDialog::reject(); +} + +void pixAdvancedDialog::editProlog() +{ + SimpleTextEditor edt(this, + m_dialog->pix_prolog_script->toPlainText(), + true, tr( "Script Editor" ) ); + if ( edt.exec() == QDialog::Accepted ) + m_dialog->pix_prolog_script->setText( edt.text() ); +} + +void pixAdvancedDialog::editEpilog() +{ + SimpleTextEditor edt(this, + m_dialog->pix_epilog_script->toPlainText(), + true, tr( "Script Editor" ) ); + if ( edt.exec() == QDialog::Accepted ) + m_dialog->pix_epilog_script->setText( edt.text() ); +} + +void pixAdvancedDialog::setDefaultTimeoutValue(const QString &option) +{ + string platform = obj->getStr("platform"); // could be 'pix' or 'fwsm' + FWOptions *fwoptions=(Firewall::cast(obj))->getOptionsObject(); + assert(fwoptions!=NULL); + + string vers="version_"+obj->getStr("version"); + + if (option=="uauth_abs" || option=="uauth_inact") + data.setWidgetValue(option.toAscii().constData(), + Resources::platform_res[platform]->getResourceBool( + "/FWBuilderResources/Target/options/"+vers+"/timeouts/"+option.toLatin1().constData())); + else + data.setWidgetValue(option.toAscii().constData(), + Resources::platform_res[platform]->getResourceInt( + "/FWBuilderResources/Target/options/"+vers+"/timeouts/"+option.toLatin1().constData())); +} + +void pixAdvancedDialog::defaultTimeouts() +{ + FWOptions *fwoptions=(Firewall::cast(obj))->getOptionsObject(); + assert(fwoptions!=NULL); + + string vers="version_"+obj->getStr("version"); + + setDefaultTimeoutValue("xlate_hh" ); + setDefaultTimeoutValue("xlate_mm" ); + setDefaultTimeoutValue("xlate_ss" ); + setDefaultTimeoutValue("conn_hh" ); + setDefaultTimeoutValue("conn_mm" ); + setDefaultTimeoutValue("conn_ss" ); + setDefaultTimeoutValue("udp_hh" ); + setDefaultTimeoutValue("udp_mm" ); + setDefaultTimeoutValue("udp_ss" ); + setDefaultTimeoutValue("rpc_hh" ); + setDefaultTimeoutValue("rpc_mm" ); + setDefaultTimeoutValue("rpc_ss" ); + setDefaultTimeoutValue("h323_hh" ); + setDefaultTimeoutValue("h323_mm" ); + setDefaultTimeoutValue("h323_ss" ); + setDefaultTimeoutValue("sip_hh" ); + setDefaultTimeoutValue("sip_mm" ); + setDefaultTimeoutValue("sip_ss" ); + setDefaultTimeoutValue("sip_media_hh" ); + setDefaultTimeoutValue("sip_media_mm" ); + setDefaultTimeoutValue("sip_media_ss" ); + setDefaultTimeoutValue("half-closed_hh" ); + setDefaultTimeoutValue("half-closed_mm" ); + setDefaultTimeoutValue("half-closed_ss" ); + setDefaultTimeoutValue("uauth_hh" ); + setDefaultTimeoutValue("uauth_mm" ); + setDefaultTimeoutValue("uauth_abs" ); + setDefaultTimeoutValue("uauth_inact" ); + + setDefaultTimeoutValue("telnet_timeout" ); + setDefaultTimeoutValue("ssh_timeout" ); +} + +void pixAdvancedDialog::regenerateFixups() +{ +} + +void pixAdvancedDialog::scriptACLModeChanged() +{ + m_dialog->pix_acl_temp_lbl->setEnabled(m_dialog->pix_acl_substitution->isChecked()); + m_dialog->pix_acl_temp_addr->setEnabled(m_dialog->pix_acl_substitution->isChecked()); +} + + + diff --git a/src/gui/pixAdvancedDialog.h b/src/gui/pixAdvancedDialog.h new file mode 100644 index 000000000..67fcb8a3c --- /dev/null +++ b/src/gui/pixAdvancedDialog.h @@ -0,0 +1,122 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: pixAdvancedDialog.h,v 1.5 2006/04/23 22:15:26 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + + +#ifndef __PIXADVANCEDDIALOG_H_ +#define __PIXADVANCEDDIALOG_H_ + +#include +#include "DialogData.h" +#include + +#include + +class QWidget; +class QSpinBox; +class QComboBox; +class QCheckBox; +class QProcess; + +namespace libfwbuilder { + class FWObject; +}; + +struct fixupControl { + class QComboBox *switch_widget; + class QSpinBox *arg1; + class QSpinBox *arg2; + class QCheckBox *arg3; + QString fwoption; + QString fixup_cmd; + int page; // number of the notebook page in fixup_notebook widget + bool active; // if false, then this fixup is not supported on the given version of PIX OS + fixupControl(QComboBox *s, + QSpinBox *w1, + QSpinBox *w2, + QCheckBox *w3, + const QString &o, + const QString &f, + int p) + { switch_widget=s; arg1=w1; arg2=w2; arg3=w3; fwoption=o; fixup_cmd=f; page=p; active=true; } +}; + + + + +class pixAdvancedDialog : public QDialog +{ + Q_OBJECT + + libfwbuilder::FWObject *obj; + DialogData data; + std::list allFixups; + bool syslogDeviceIdSupported; + QProcess *fwb_pix_proc; + QString proc_buffer; + QStringList argumentList; + QString compilerPath; + + Ui::pixAdvancedDialog_q *m_dialog; + + public: + pixAdvancedDialog(QWidget *parent,libfwbuilder::FWObject *o); + ~pixAdvancedDialog(); + + void setDefaultTimeoutValue(const QString &option); + void updateFixupCommandsDisplay(); + void loadFixups(); + void saveFixups(); + + int translateFixupSwitchFromOptionToWidget(int o); + int translateFixupSwitchFromWidgetToOption(int o); + void changeAllFixups(int state); + +protected slots: + + virtual void accept(); + virtual void reject(); + + virtual void editProlog(); + virtual void editEpilog(); + virtual void defaultTimeouts(); + virtual void regenerateFixups(); + + virtual void fixupCmdChanged(); + virtual void enableAllFixups(); + virtual void disableAllFixups(); + virtual void skipAllFixups(); + virtual void scriptACLModeChanged(); + virtual void displayCommands(); + +public slots: + virtual void readFromStdout(); + virtual void readFromStderr(); + virtual void fwb_pix_Finished( QProcess::ProcessState ); + virtual void allXMLSent(); +}; + +#endif // __PIXADVANCEDDIALOG_H + diff --git a/src/gui/pixadvanceddialog_q.ui b/src/gui/pixadvanceddialog_q.ui new file mode 100644 index 000000000..ecba92d92 --- /dev/null +++ b/src/gui/pixadvanceddialog_q.ui @@ -0,0 +1,4837 @@ + + pixAdvancedDialog_q + + + true + + + + 0 + 0 + 1106 + 775 + + + + PIX Firewall Settings + + + false + + + + 11 + + + 11 + + + 11 + + + 11 + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + + + OK + + + + + + + Qt::AlignCenter + + + false + + + + + + + Cancel + + + + + + + + + + + 0 + + + + Compiler Options + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 170 + + + + + + + + + 0 + 0 + + + + Output file name (if left blank, the file name is constructed of the firewall object name and extension ".fw") + + + Qt::AlignVCenter + + + true + + + + + + + + 32767 + 32767 + + + + + + + + + 0 + 0 + + + + + 32767 + 32767 + + + + + + + + Always permit ssh access from +the management workstation +with this address: + + + + + + + Qt::Horizontal + + + QSizePolicy::Fixed + + + + 40 + 50 + + + + + + + + + 0 + 0 + + + + Policy Compiler Options + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + Generate rules assuming the firewall is part of "Any". This makes a difference in rules that use services 'ssh' and 'telnet' since PIX uses special commands to control ssh and telnet access to the firewall machine + + + Assume firewall is part of 'any' + + + + + + + + 0 + 0 + + + + PIX inspects packets with ACLs before it does NAT, while many other firewalls do NAT first and then apply ACLs. Policy compiler can emulate the latter behaviour if this options is turned on. + + + Replace NAT'ted objects with their +translations in policy rules + + + + + + + Normally PIX does not support ouotbound ACL, however policy compiler can emulate them if this option is turned on + + + Emulate outbound ACLs + + + + + + + Normally PIX does not support ouotbound ACL, however policy compiler can emulate them if this option is turned on + + + Generate outbound ACLs + + + + + + + If the option is deactivated, compiler treats empty groups as an error and aborts processing the policy. If this option is activated, compiler removes all empty groups from all rule elements. If rule element becomes 'any' after the last empty group has been removed, the whole rule will be ignored. Use this option only if you fully understand how it works! + + + Ignore empty groups in rules + + + + + + + In nat rules where network zone object is used in OSrc, ODst and OSrv are 'any' and TSrc defines a global pool for the translation, replace object in OSrc with 'any' to produce PIX command "nat (interface) N 0.0.0.0 0.0.0.0" + + + Optimize 'default nat' rules + + + + + + + Shadowing happens because a rule is a superset of a subsequent rule and any packets potentially matched by the subsequent rule have already been matched by the prior rule. + + + Detect rule shadowing in the policy + + + + + + + + + + + 0 + 0 + + + + Verification of NAT rules + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + Check for duplicate nat rules + + + + + + + Check for overlapping global pools + + + + + + + Check for overlapping statics + + + + + + + + 0 + 0 + + + + Check for overlapping global +pools and statics + + + + + + + + + + + Script Options + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + + 0 + 0 + + + + Options + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + Insert comments into generated PIX configuration file + + + Comment the code + + + + + + + Use ACL remarks to relate ACL commands and policy rules in the GUI + + + Use ACL remarks + + + + + + + Group PIX commands in the script so that similar commands appear next to each other, just like PIX does it when you use 'show config' + + + Group similar commands together + + + + + + + Use manual ACL commit on FWSM + + + + + + + + + + + 0 + 0 + + + + Access lists (requires Firewall Builder for PIX 1.1.6 and later) + + + + 6 + + + 6 + + + 6 + + + 6 + + + 20 + + + 20 + + + + + Clear all access lists then install new ones. This method may interrupt access to the firewall if you manage it remotely via IPSEC tunnel. This is the way access lists were generated in older versions of Firewall Builder for PIX. + + + Qt::AlignVCenter + + + true + + + pix_acl_basic + + + + + + + Qt::ClickFocus + + + Do not clear access lists and object group, just generate PIX commands for the new ones. Use this optin if you have your own policy installation scripts. + + + Qt::AlignVCenter + + + true + + + pix_acl_no_clear + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + "Safety net" method: + +First, create temporary access list to permit connections from the management subnet specified below to the firewall and assign it to outside interface. This temporary ACL helps maintain session between management station and the firewall while access lists are reloaded in case connection comes over IPSEC tunnel. Then clear permanent lists, recreate them and assign to interfaces. This method ensures that remote access to the firewall is maintained without interruption at a cost of slightly larger configuration. + + + Qt::AlignVCenter + + + true + + + pix_acl_substitution + + + + + + + QFrame::StyledPanel + + + QFrame::Sunken + + + + 11 + + + 11 + + + 11 + + + 11 + + + + + Temporary access list should permit access from this address or subnet (use prefix notation to specify subnet, e.g. 192.0.2.0/24): + + + Qt::AlignVCenter + + + true + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 120 + 20 + + + + + + + + + 0 + 0 + + + + + 200 + 0 + + + + + 120 + 32767 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 110 + 20 + + + + + + + + + + + + 0 + 0 + + + + + + + + + + + + 0 + 0 + + + + + + + + + + + + 0 + 0 + + + + + + + + + + + + + + + Installer + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + External install script + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + + 0 + 0 + + + + + + + + + 0 + 0 + + + + Policy install script (using built-in installer if this field is blank): + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + false + + + + + + + + 0 + 0 + + + + Command line options for the script: + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + false + + + + + + + + 0 + 0 + + + + + + + + + + + Built-in installer + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + Alternative name or address used to communicate with the firewall (also putty session name on Windows) + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignTop + + + true + + + + + + + User name used to authenticate to the firewall (leave this empty if you use putty session): + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + + + + + + 0 + 0 + + + + + + + + + 0 + 0 + + + + + + + + + + Additional command line parameters for ssh + + + false + + + + + + + + 0 + 0 + + + + + + + + + + + + + + Prolog/Epilog + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + Edit + + + + + + + The following commands will be added verbatim on top of generated configuration + + + Qt::AlignVCenter + + + true + + + + + + + Qt::ScrollBarAlwaysOn + + + Qt::ScrollBarAlwaysOn + + + + + + + + + + + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + Edit + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + Qt::ScrollBarAlwaysOn + + + Qt::ScrollBarAlwaysOn + + + + + + + The following commands will be added verbatim after generated configuration + + + Qt::AlignVCenter + + + true + + + + + + + + + + + Timeouts + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 30 + + + + + + + + Set all to defaults.. + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + QFrame::NoFrame + + + QFrame::Sunken + + + + 11 + + + 11 + + + 11 + + + 11 + + + + + xlate + + + Qt::AlignCenter + + + false + + + + + + + conn + + + Qt::AlignCenter + + + false + + + + + + + udp + + + Qt::AlignCenter + + + false + + + + + + + rpc + + + Qt::AlignCenter + + + false + + + + + + + h323 + + + Qt::AlignCenter + + + false + + + + + + + sip + + + Qt::AlignCenter + + + false + + + + + + + sip&media + + + Qt::AlignCenter + + + false + + + sip_media_hh + + + + + + + unauth + + + Qt::AlignCenter + + + false + + + + + + + 0 + + + 100 + + + 0 + + + + + + + 0 + + + 100 + + + 0 + + + + + + + 0 + + + 100 + + + 0 + + + + + + + 0 + + + 100 + + + 0 + + + + + + + 0 + + + 100 + + + 0 + + + + + + + 0 + + + 100 + + + 0 + + + + + + + 0 + + + 100 + + + 0 + + + + + + + 0 + + + 100 + + + 0 + + + + + + + 0 + + + 59 + + + 0 + + + + + + + 0 + + + 59 + + + 0 + + + + + + + 0 + + + 59 + + + 0 + + + + + + + 0 + + + 59 + + + 0 + + + + + + + 0 + + + 59 + + + 0 + + + + + + + 0 + + + 59 + + + 0 + + + + + + + 0 + + + 59 + + + 0 + + + + + + + 0 + + + 59 + + + 0 + + + + + + + 0 + + + 59 + + + 0 + + + + + + + 0 + + + 59 + + + 0 + + + + + + + 0 + + + 59 + + + 0 + + + + + + + 0 + + + 59 + + + 0 + + + + + + + 0 + + + 59 + + + 0 + + + + + + + 0 + + + 59 + + + 0 + + + + + + + 0 + + + 59 + + + 0 + + + + + + + 0 + + + 59 + + + 0 + + + + + + + telnet + + + Qt::AlignCenter + + + false + + + + + + + ssh + + + Qt::AlignCenter + + + false + + + + + + + ss + + + Qt::AlignCenter + + + false + + + + + + + mm + + + Qt::AlignCenter + + + false + + + + + + + hh + + + Qt::AlignCenter + + + false + + + + + + + 0 + + + 59 + + + 0 + + + + + + + 0 + + + 59 + + + 0 + + + + + + + 0 + + + 100 + + + 0 + + + + + + + half-closed + + + Qt::AlignCenter + + + false + + + + + + + 0 + + + 59 + + + 0 + + + + + + + 0 + + + 59 + + + 0 + + + + + + + QFrame::HLine + + + QFrame::Sunken + + + Qt::Horizontal + + + + + + + + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + Inactivity + + + Qt::AlignCenter + + + false + + + + + + + Absolute + + + Qt::AlignCenter + + + false + + + + + + + + + + + + + + + + + + + + + + + + + + + + Inspect + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + Policy compiler generates 'fixup' commands for PIX v6.1-6.3 and FWSM v2.3. For PIX 7.0 it generates 'class-map' and 'inspect' commands assigned to the 'policy-map' under either default or custom inspection classes. + + + Qt::AlignVCenter + + + true + + + 12 + + + + + + + Qt::ScrollBarAlwaysOn + + + Qt::ScrollBarAlwaysOn + + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + Enable all protocols + + + + + + + Disable all protocols + + + + + + + Skip all protocols + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 170 + 20 + + + + + + + + Display generated commands + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + + + 0 + 0 + + + + QTabWidget::Triangular + + + 0 + + + + ctiqbe + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + + skip + + + + + enable + + + + + disable + + + + + + + + Computer Telephony Interface Quick Buffer Encoding (CTIQBE) protocol inspection module that supports NAT, PAT, and bi-directional NAT. + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + + + + + port: + + + Qt::AlignCenter + + + false + + + pix_ctiqbe_port + + + + + + + 1 + + + 65535 + + + 2748 + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 80 + 20 + + + + + + + + + dns + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + Based on this maximum-length configured by the user, the DNS fixup checks to see if the DNS packet length is within this limit. Every UDP DNS packet (request/response) undergoes the above check. + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + + + + + max length: + + + Qt::AlignCenter + + + false + + + pix_dns_max_length + + + + + + + 512 + + + 65535 + + + 65535 + + + + + + + + skip + + + + + enable + + + + + disable + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + esp ike + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + Enables PAT for Encapsulating Security Payload (ESP), single tunnel. + + + Qt::AlignCenter + + + true + + + + + + + + skip + + + + + enable + + + + + disable + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + ftp + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + + + + + + + + 1 + + + 65535 + + + 21 + + + + + + + port: + + + Qt::AlignCenter + + + false + + + pix_ftp_port + + + + + + + strict: + + + Qt::AlignCenter + + + false + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + skip + + + + + enable + + + + + disable + + + + + + + + Activated support for FTP protocol and allows to change the ftp control connection port number. + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + + + + + + h323 h225 + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + Specifies to use H.225, the ITU standard that governs H.225.0 session establishment and packetization, with H.323 + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + + + + + port: + + + Qt::AlignCenter + + + false + + + pix_ctiqbe_port + + + + + + + -- + + + Qt::AlignCenter + + + false + + + + + + + 1 + + + 65535 + + + 1720 + + + + + + + 1 + + + 65535 + + + 1720 + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 30 + 20 + + + + + + + + + skip + + + + + enable + + + + + disable + + + + + + + + + h323 ras + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + Specifies to use RAS with H.323 to enable dissimilar communication devices to communicate with each other. + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + + + + + 1 + + + 65535 + + + 1718 + + + + + + + -- + + + Qt::AlignCenter + + + false + + + + + + + port: + + + Qt::AlignCenter + + + false + + + pix_ctiqbe_port + + + + + + + 1 + + + 65535 + + + 1719 + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + skip + + + + + enable + + + + + disable + + + + + + + + + http + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + The default port for HTTP is 80. Use the port option to change the HTTP port, or specify a range of HTTP ports. + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + + + + + -- + + + Qt::AlignCenter + + + false + + + + + + + port: + + + Qt::AlignCenter + + + false + + + pix_ctiqbe_port + + + + + + + 1 + + + 65535 + + + 80 + + + + + + + 1 + + + 65535 + + + 80 + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + skip + + + + + enable + + + + + disable + + + + + + + + + icmp error + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + Enables NAT of ICMP error messages. This creates translations for intermediate hops based on the static or network address translation configuration on the firewall. + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + + + + + + skip + + + + + enable + + + + + disable + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + ils + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + Provides NAT support for Microsoft NetMeeting, SiteServer, and Active Directory products that use LightWeight Directory Access Protocol (LDAP) to exchange directory information with an for Internet Locator Service (ILS) server. + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + + + + + 1 + + + 65535 + + + 389 + + + + + + + port: + + + Qt::AlignCenter + + + false + + + pix_ctiqbe_port + + + + + + + 1 + + + 65535 + + + 389 + + + + + + + -- + + + Qt::AlignCenter + + + false + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + skip + + + + + enable + + + + + disable + + + + + + + + + mgcp + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + Enables the Media Gateway Control Protocol (MGCP) fixup. + + + Qt::AlignCenter + + + true + + + + + + + Gateway Port: + + + Qt::AlignCenter + + + false + + + pix_ctiqbe_port + + + + + + + Call Agent port: + + + Qt::AlignCenter + + + false + + + + + + + 1 + + + 65535 + + + 2427 + + + + + + + 1 + + + 65535 + + + 2727 + + + + + + + + skip + + + + + enable + + + + + disable + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 160 + 20 + + + + + + + + + pptp + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + Enables Point-to-Point Tunneling Protocol (PPTP) application inspection. + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + + + + + 1 + + + 65535 + + + 1723 + + + + + + + port: + + + Qt::AlignCenter + + + false + + + pix_ftp_port + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + skip + + + + + enable + + + + + disable + + + + + + + + + rsh + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + Enables inspection of RSH protocol. + + + Qt::AlignCenter + + + true + + + + + + + port: + + + Qt::AlignCenter + + + false + + + + + + + 1 + + + 65535 + + + 514 + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + skip + + + + + enable + + + + + disable + + + + + + + + + rtsp + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + Lets PIX Firewall pass Real Time Streaming Protocol (RTSP) packets. RTSP is used by RealAudio, RealNetworks, Apple QuickTime 4, RealPlayer, and Cisco IP/TV connections. + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + + + + + 1 + + + 65535 + + + 554 + + + + + + + port: + + + Qt::AlignCenter + + + false + + + pix_ctiqbe_port + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + skip + + + + + enable + + + + + disable + + + + + + + + + sip + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + Enable or change the port assignment for the Session Initiation Protocol (SIP) for Voice over IP TCP connections. + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + + + + + 1 + + + 65535 + + + 5060 + + + + + + + 1 + + + 65535 + + + 5060 + + + + + + + port: + + + Qt::AlignCenter + + + false + + + pix_ctiqbe_port + + + + + + + -- + + + Qt::AlignCenter + + + false + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + skip + + + + + enable + + + + + disable + + + + + + + + + sip udp + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + Enable SIP-over-UDP application inspection. + + + Qt::AlignCenter + + + true + + + + + + + 1 + + + 65535 + + + 5060 + + + + + + + port: + + + Qt::AlignCenter + + + false + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + skip + + + + + enable + + + + + disable + + + + + + + + + skinny + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + Enable SCCP application inspection. SCCP protocol supports IP telephony and can coexist in an H.323 environment. An application layer ensures that all SCCP signaling and media packets can traverse the PIX Firewall and interoperate with H.323 terminals. + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + + + + + -- + + + Qt::AlignCenter + + + false + + + + + + + 1 + + + 65535 + + + 2000 + + + + + + + 1 + + + 65535 + + + 2000 + + + + + + + port: + + + Qt::AlignCenter + + + false + + + pix_ctiqbe_port + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + skip + + + + + enable + + + + + disable + + + + + + + + + smtp + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + Enables the Mail Guard feature, which only lets mail servers receive the RFC 821, section 4.5.1, commands of HELO, MAIL, RCPT, DATA, RSET, NOOP, and QUIT. All other commands are translated into X's which are rejected by the internal server. + + + Qt::AlignCenter + + + true + + + + + + + port: + + + Qt::AlignCenter + + + false + + + pix_ctiqbe_port + + + + + + + -- + + + Qt::AlignCenter + + + false + + + + + + + 1 + + + 65535 + + + 25 + + + + + + + 1 + + + 65535 + + + 25 + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + skip + + + + + enable + + + + + disable + + + + + + + + + sqlnet + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + Enables support for SQL*Net protocol. + + + Qt::AlignCenter + + + true + + + + + + + 1 + + + 65535 + + + 1521 + + + + + + + port: + + + Qt::AlignCenter + + + false + + + pix_ctiqbe_port + + + + + + + -- + + + Qt::AlignCenter + + + false + + + + + + + 1 + + + 65535 + + + 1521 + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + skip + + + + + enable + + + + + disable + + + + + + + + + tftp + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + Enable TFTP application inspection. + + + Qt::AlignCenter + + + true + + + + + + + 1 + + + 65535 + + + 69 + + + + + + + port: + + + Qt::AlignCenter + + + false + + + pix_ctiqbe_port + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + skip + + + + + enable + + + + + disable + + + + + + + + + + + + Qt::Vertical + + + QSizePolicy::Fixed + + + + 20 + 10 + + + + + + + + + Logging + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + Syslog + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + + + + 0 + + + 10000 + + + 0 + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + Syslog host (name or IP address): + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + syslog facility: + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + syslog level ('logging trap'): + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + + + + + + + Syslog message queue size (messages): + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + PIX Firewall Version 6.3 introduces support for EMBLEM format, which is required when using the CiscoWorks Resource Manager Essentials (RME) syslog analyzer. + + + Use 'EMBLEM' format for syslog messages + + + + + + + QFrame::HLine + + + QFrame::Sunken + + + Qt::Horizontal + + + + + + + Set device id for syslog messages (v6.3 and later): + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + + + + + + + use address of interface + + + + + + + use text string + + + + + + + use hostname + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + + + QFrame::HLine + + + QFrame::Sunken + + + Qt::Horizontal + + + + + + + The logging timestamp command requires that the clock command be set. + + + Qt::AlignVCenter + + + true + + + + + + + Enable logging timestamps on syslog file + + + + + + + + + + Other logging destinations and levels: + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + Internal buffer + + + + + + + Console + + + + + + + + + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 40 + + + + + + + + + PIX Options + + + + 6 + + + 6 + + + 6 + + + 6 + + + + + QFrame::NoFrame + + + QFrame::Plain + + + + 11 + + + 11 + + + 11 + + + 11 + + + + + Actively reset inbound TCP connections with RST + + + + + + + + + + Actively reset inbound TCP connections with RST on outside interface + + + + + + + + + + Force each TCP connection to linger in a shortened TIME&WAIT + + + Alt+W + + + + + + + Enable the IP Frag Guard feature (deprecated in v6.3 and later). + + + + + + + Enable TCP resource control for AAA Authentication Proxy + + + + + + + Specify that when an incoming packet does a route lookup, +the incoming interface is used to determine which interface +the packet should go to, and which is the next hop +(deprecated in v6.3 and later). + + + + + + + QFrame::HLine + + + QFrame::Sunken + + + Qt::Horizontal + + + + + + + Disable inbound embedded DNS A record fixups + + + + + + + Disable outbound DNS A record replies + + + + + + + QFrame::HLine + + + QFrame::Sunken + + + Qt::Horizontal + + + + + + + maximum number of simultaneous TCP and UDP connections + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + max_conns + + + + + + + maximum number of embryonic connections per host + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + emb_limit + + + + + + + Specifies the maximum number of simultaneous TCP and UDP connections for the entire subnet. The default is 0, which means unlimited connections. (Idle connections are closed after the idle timeout specified by the timeout conn command.) + + + 0 + + + 100000 + + + 0 + + + + + + + Specifies the maximum number of embryonic connections per host. An embryonic connection is a connection request that has not finished the necessary handshake between source and destination. Set a small value for slower systems, and a higher value for faster systems. The default is 0, which means unlimited embryonic connections. + + + 0 + + + 100000 + + + 0 + + + + + + + The following parameters are used for all NAT rules: + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + false + + + + + + + (The default for both parameters is 0, which means unlimited number of connections.) + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + true + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + + + + + + + + + notebook304 + outputFileName + pix_assume_fw_part_of_any + pix_replace_natted_objects + pix_emulate_out_acl + pix_generate_out_acl + pix_optimize_default_nat + pix_ignore_empty_groups + pix_check_shadowing + pix_check_duplicate_nat + pix_check_overlapping_global_pools + pix_check_overlapping_statics + pix_check_overlapping_global_statics + mgmt_ssh + mgmt_addr + ok_button + cancel_button + pix_prolog_script + edit_prolog_button + pix_epilog_script + edit_epilog_button + xlate_hh + xlate_mm + xlate_ss + conn_hh + conn_mm + conn_ss + udp_hh + udp_mm + udp_ss + rpc_hh + rpc_mm + rpc_ss + h323_hh + h323_mm + h323_ss + sip_hh + sip_mm + sip_ss + sip_media_hh + sip_media_mm + sip_media_ss + half_closed_hh + half_closed_mm + half_closed_ss + uauth_hh + uauth_mm + uauth_ss + uauth_abs + uauth_inact + telnet_timeout + ssh_timeout + defaultTimeoutsButton + fixup_notebook + pix_ctiqbe_switch + pix_ctiqbe_port + enableAllFixupsButton + disableAllFixupsButton + skipAllFixupsButton + pix_generated_fixup + syslog_host + syslog_queue_size + syslog_facility + logging_trap_level + emblem_log_format + syslog_device_id_hostname + syslog_device_id_interface + syslog_device_id_interface_val + syslog_device_id_string + syslog_device_id_string_val + logging_timestamp + logging_buffered + logging_buffered_level + logging_console + logging_console_level + resetinbound + resetoutside + connection_timewait + fragguard + floodguard + route_dnat + nodnsalias_inbound + nodnsalias_outbound + max_conns + emb_limit + pix_ils_switch + pix_ils_port1 + pix_dns_switch + pix_dns_max_length + pix_espike_switch + pix_ftp_switch + pix_ftp_port + pix_ftp_strict + pix_h323h225_switch + pix_h323h225_port1 + pix_h323h225_port2 + pix_h323ras_switch + pix_h323ras_port1 + pix_h323ras_port2 + pix_http_switch + pix_http_port1 + pix_http_port2 + pix_icmperror_switch + pix_ils_port2 + pix_mgcp_gateway_port + pix_mgcp_call_agent_port + pix_mgcp_switch + pix_pptp_port + pix_pptp_switch + pix_rsh_port1 + pix_rsh_switch + pix_rtsp_port + pix_rtsp_switch + pix_sip_port2 + pix_sip_port1 + pix_sip_switch + pix_sip_udp_port1 + pix_sipudp_switch + pix_skinny_port1 + pix_skinny_port2 + pix_skinny_switch + pix_smtp_port2 + pix_smtp_port1 + pix_smtp_switch + pix_sqlnet_port1 + pix_sqlnet_port2 + pix_sqlnet_switch + pix_tftp_port + pix_tftp_switch + pix_include_comments + pix_use_acl_remarks + pix_regroup_commands + pix_use_manual_commit + textLabel3 + pix_acl_temp_addr + pix_acl_basic + pix_acl_no_clear + pix_acl_substitution + installScript + installScriptArgs + user + altAddress + sshArgs + displayCommandsButton + + + + + + ok_button + clicked() + pixAdvancedDialog_q + accept() + + + 20 + 20 + + + 20 + 20 + + + + + cancel_button + clicked() + pixAdvancedDialog_q + reject() + + + 20 + 20 + + + 20 + 20 + + + + + edit_prolog_button + clicked() + pixAdvancedDialog_q + editProlog() + + + 20 + 20 + + + 20 + 20 + + + + + edit_epilog_button + clicked() + pixAdvancedDialog_q + editEpilog() + + + 20 + 20 + + + 20 + 20 + + + + + defaultTimeoutsButton + clicked() + pixAdvancedDialog_q + defaultTimeouts() + + + 20 + 20 + + + 20 + 20 + + + + + enableAllFixupsButton + clicked() + pixAdvancedDialog_q + enableAllFixups() + + + 20 + 20 + + + 20 + 20 + + + + + disableAllFixupsButton + clicked() + pixAdvancedDialog_q + disableAllFixups() + + + 20 + 20 + + + 20 + 20 + + + + + skipAllFixupsButton + clicked() + pixAdvancedDialog_q + skipAllFixups() + + + 20 + 20 + + + 20 + 20 + + + + + pix_acl_basic + clicked() + pixAdvancedDialog_q + scriptACLModeChanged() + + + 20 + 20 + + + 20 + 20 + + + + + pix_acl_substitution + clicked() + pixAdvancedDialog_q + scriptACLModeChanged() + + + 20 + 20 + + + 20 + 20 + + + + + displayCommandsButton + clicked() + pixAdvancedDialog_q + displayCommands() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/pixosAdvancedDialog.cpp b/src/gui/pixosAdvancedDialog.cpp new file mode 100644 index 000000000..21798b741 --- /dev/null +++ b/src/gui/pixosAdvancedDialog.cpp @@ -0,0 +1,118 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: pixosAdvancedDialog.cpp,v 1.4 2006/03/16 05:38:14 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "pixosAdvancedDialog.h" +#include "ObjectManipulator.h" + +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Management.h" + +#include +#include +#include +#include +#include +#include +#include + + +using namespace std; +using namespace libfwbuilder; + +pixosAdvancedDialog::~pixosAdvancedDialog() +{ + delete m_dialog; +} + +pixosAdvancedDialog::pixosAdvancedDialog(QWidget *parent,FWObject *o) + : QDialog(parent) +{ + m_dialog = new Ui::pixosAdvancedDialog_q; + m_dialog->setupUi(this); + + obj=o; + + FWOptions *fwoptions=(Firewall::cast(obj))->getOptionsObject(); + assert(fwoptions!=NULL); + + Management *mgmt=(Firewall::cast(obj))->getManagementObject(); + assert(mgmt!=NULL); + +/* Page "General" */ + data.registerOption( m_dialog->pix_set_host_name , fwoptions, "pix_set_host_name" ); + data.registerOption( m_dialog->pix_ip_address , fwoptions, "pix_ip_address" ); + +/* Page NTP */ + + data.registerOption( m_dialog->ntp1, fwoptions, "pix_ntp1" ); + data.registerOption( m_dialog->ntp1_pref, fwoptions, "pix_ntp1_pref" ); + data.registerOption( m_dialog->ntp2, fwoptions, "pix_ntp2" ); + data.registerOption( m_dialog->ntp2_pref, fwoptions, "pix_ntp2_pref" ); + data.registerOption( m_dialog->ntp3, fwoptions, "pix_ntp3" ); + data.registerOption( m_dialog->ntp3_pref, fwoptions, "pix_ntp3_pref" ); + +/* Page SNMP */ + + data.registerOption( m_dialog->disable_snmp_agent, fwoptions, "pix_disable_snmp_agent"); + + data.registerOption( m_dialog->set_communities, fwoptions, "pix_set_communities_from_object_data" ); + data.registerOption( m_dialog->enable_traps, fwoptions, "pix_enable_snmp_traps" ); + + data.registerOption( m_dialog->snmp_server1, fwoptions, "pix_snmp_server1" ); + data.registerOption( m_dialog->snmp_server2, fwoptions, "pix_snmp_server2" ); + + data.registerOption( m_dialog->snmp_poll_traps_1, fwoptions, "pix_snmp_poll_traps_1" ); + data.registerOption( m_dialog->snmp_poll_traps_2, fwoptions, "pix_snmp_poll_traps_2" ); + +/* Page Options */ + + data.registerOption( m_dialog->tcpmss, fwoptions, "pix_tcpmss"); + data.registerOption( m_dialog->tcpmss_value, fwoptions, "pix_tcpmss_value"); + + data.loadAll(); +} + +/* + * store all data in the object + */ +void pixosAdvancedDialog::accept() +{ + data.saveAll(); + om->updateLastModifiedTimestampForAllFirewalls(obj); + QDialog::accept(); +} + +void pixosAdvancedDialog::reject() +{ + QDialog::reject(); +} + + diff --git a/src/gui/pixosAdvancedDialog.h b/src/gui/pixosAdvancedDialog.h new file mode 100644 index 000000000..7bb67c402 --- /dev/null +++ b/src/gui/pixosAdvancedDialog.h @@ -0,0 +1,62 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: pixosAdvancedDialog.h,v 1.1 2004/03/21 03:17:53 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + + +#ifndef __PIXOSADVANCEDDIALOG_H_ +#define __PIXOSADVANCEDDIALOG_H_ + +#include +#include "DialogData.h" +#include + +namespace libfwbuilder { + class FWObject; +}; + +class pixosAdvancedDialog : public QDialog +{ + Q_OBJECT + + libfwbuilder::FWObject *obj; + DialogData data; +Ui::pixosAdvancedDialog_q *m_dialog; + + public: + pixosAdvancedDialog(QWidget *parent,libfwbuilder::FWObject *o); + ~pixosAdvancedDialog(); + +protected slots: + + virtual void accept(); + virtual void reject(); + + +public slots: + +}; + +#endif // __PIXOSADVANCEDDIALOG_H + diff --git a/src/gui/pixosadvanceddialog_q.ui b/src/gui/pixosadvanceddialog_q.ui new file mode 100644 index 000000000..0eb83de90 --- /dev/null +++ b/src/gui/pixosadvanceddialog_q.ui @@ -0,0 +1,574 @@ + + pixosAdvancedDialog_q + + + true + + + + 0 + 0 + 400 + 402 + + + + PIX Advanced Configuration Options + + + + 11 + + + 6 + + + + + 0 + + + + General + + + + 6 + + + 6 + + + + + Set PIX host name using object's name + + + + + + + Generate commands to configure addresses for interfaces + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 40 + + + + + + + + + NTP + + + + 6 + + + 6 + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 30 + + + + + + + + NTP Servers: + + + + 6 + + + 6 + + + + + + + + + + + + + + + + + + + + + + + + + + + + Server 1: + + + Qt::AlignCenter + + + false + + + + + + + Server 2: + + + Qt::AlignCenter + + + false + + + + + + + Server 3: + + + Qt::AlignCenter + + + false + + + + + + + + + + + + + + Preffered: + + + Qt::AlignCenter + + + false + + + + + + + IP address: + + + Qt::AlignCenter + + + false + + + + + + + + + + + SNMP + + + + 6 + + + 6 + + + + + Disable SNMP Agent + + + + + + + Set SNMP communities using data from the firewall object dialog + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 40 + + + + + + + + SNMP servers + + + + 6 + + + 6 + + + + + + + + + + + + Poll + + + + + Poll and Traps + + + + + Traps + + + + + + + + + Poll + + + + + Poll and Traps + + + + + Traps + + + + + + + + Enable: + + + Qt::AlignCenter + + + false + + + + + + + + 7 + 5 + 0 + 0 + + + + IP address: + + + Qt::AlignCenter + + + false + + + + + + + SNMP Server 1: + + + Qt::AlignCenter + + + false + + + + + + + SNMP Server 2: + + + Qt::AlignCenter + + + false + + + + + + + + + + Enable sending log messages as SNMP trap notifications + + + + + + + + Options + + + + 6 + + + 6 + + + + + Change TCP MSS to + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 162 + + + + + + + + 4096 + + + 0 + + + 10 + + + 1380 + + + + + + + bytes + + + Qt::AlignCenter + + + false + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + + + + + 0 + + + 6 + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + OK + + + + + + + Qt::AlignCenter + + + false + + + + + + + Cancel + + + + + + + + + + notebook305 + pix_set_host_name + pix_ip_address + ok_button + cancel_button + ntp1 + ntp1_pref + ntp2 + ntp2_pref + ntp3 + ntp3_pref + disable_snmp_agent + set_communities + enable_traps + snmp_server1 + snmp_poll_traps_1 + snmp_server2 + snmp_poll_traps_2 + tcpmss + tcpmss_value + + + + + ok_button + clicked() + pixosAdvancedDialog_q + accept() + + + 20 + 20 + + + 20 + 20 + + + + + cancel_button + clicked() + pixosAdvancedDialog_q + reject() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/platforms.cpp b/src/gui/platforms.cpp new file mode 100644 index 000000000..14778f56a --- /dev/null +++ b/src/gui/platforms.cpp @@ -0,0 +1,587 @@ +/* + + Firewall Builder + + Copyright (C) 2000 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id$ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" + +#include "platforms.h" + +#include +#include + +#include "fwbuilder/Firewall.h" +#include "fwbuilder/FWOptions.h" +#include "fwbuilder/Management.h" +#include "fwbuilder/Resources.h" +#include "fwbuilder/Rule.h" +#include "fwbuilder/Policy.h" + +#include + +using namespace std; +using namespace libfwbuilder; + +QStringList emptyList; + +QStringList logLevels; +QStringList logFacilities; +QStringList actionsOnReject; +QStringList routeOptions_pf_ipf; +QStringList prologPlaces_ipt; +QStringList prologPlaces_pf; +QStringList limitSuffixes; + +void init_platforms() +{ + logLevels.push_back(""); + logLevels.push_back(""); + logLevels.push_back(QObject::tr( "alert" )); + logLevels.push_back( "alert" ); + logLevels.push_back(QObject::tr( "crit" )); + logLevels.push_back( "crit" ); + logLevels.push_back(QObject::tr( "error" )); + logLevels.push_back( "error" ); + logLevels.push_back(QObject::tr( "warning")); + logLevels.push_back( "warning"); + logLevels.push_back(QObject::tr( "notice" )); + logLevels.push_back( "notice" ); + logLevels.push_back(QObject::tr( "info" )); + logLevels.push_back( "info" ); + logLevels.push_back(QObject::tr( "debug" )); + logLevels.push_back( "debug" ); + + + logFacilities.push_back(""); + logFacilities.push_back(""); + logFacilities.push_back(QObject::tr( "kern" )); + logFacilities.push_back( "kern" ); + logFacilities.push_back(QObject::tr( "user" )); + logFacilities.push_back( "user" ); + logFacilities.push_back(QObject::tr( "mail" )); + logFacilities.push_back( "mail" ); + logFacilities.push_back(QObject::tr( "daemon" )); + logFacilities.push_back( "daemon" ); + logFacilities.push_back(QObject::tr( "auth" )); + logFacilities.push_back( "auth" ); + logFacilities.push_back(QObject::tr( "syslog" )); + logFacilities.push_back( "syslog" ); + logFacilities.push_back(QObject::tr( "lpr" )); + logFacilities.push_back( "lpr" ); + logFacilities.push_back(QObject::tr( "news" )); + logFacilities.push_back( "news" ); + logFacilities.push_back(QObject::tr( "uucp" )); + logFacilities.push_back( "uucp" ); + logFacilities.push_back(QObject::tr( "cron" )); + logFacilities.push_back( "cron" ); + logFacilities.push_back(QObject::tr( "authpriv" )); + logFacilities.push_back( "authpriv"); + logFacilities.push_back(QObject::tr( "ftp" )); + logFacilities.push_back( "ftp" ); + logFacilities.push_back(QObject::tr( "local0" )); + logFacilities.push_back( "local0" ); + logFacilities.push_back(QObject::tr( "local1" )); + logFacilities.push_back( "local1" ); + logFacilities.push_back(QObject::tr( "local2" )); + logFacilities.push_back( "local2" ); + logFacilities.push_back(QObject::tr( "local3" )); + logFacilities.push_back( "local3" ); + logFacilities.push_back(QObject::tr( "local4" )); + logFacilities.push_back( "local4" ); + logFacilities.push_back(QObject::tr( "local5" )); + logFacilities.push_back( "local5" ); + logFacilities.push_back(QObject::tr( "local6" )); + logFacilities.push_back( "local6" ); + logFacilities.push_back(QObject::tr( "local7" )); + logFacilities.push_back( "local7" ); + + actionsOnReject.push_back(""); + actionsOnReject.push_back(""); + actionsOnReject.push_back(QObject::tr("ICMP admin prohibited")); + actionsOnReject.push_back("ICMP admin prohibited"); + actionsOnReject.push_back(QObject::tr("ICMP host prohibited")); + actionsOnReject.push_back("ICMP host prohibited"); + actionsOnReject.push_back(QObject::tr("ICMP host unreachable")); + actionsOnReject.push_back("ICMP host unreachable"); + actionsOnReject.push_back(QObject::tr("ICMP net prohibited")); + actionsOnReject.push_back("ICMP net prohibited"); + actionsOnReject.push_back(QObject::tr("ICMP net unreachable")); + actionsOnReject.push_back("ICMP net unreachable"); + actionsOnReject.push_back(QObject::tr("ICMP port unreachable")); + actionsOnReject.push_back("ICMP port unreachable"); + actionsOnReject.push_back(QObject::tr("ICMP protocol unreachable")); + actionsOnReject.push_back("ICMP protocol unreachable"); + actionsOnReject.push_back(QObject::tr("TCP RST")); + actionsOnReject.push_back("TCP RST"); + + routeOptions_pf_ipf.push_back(QObject::tr("Route through")); + routeOptions_pf_ipf.push_back("route_through"); + routeOptions_pf_ipf.push_back(QObject::tr("Route reply through")); + routeOptions_pf_ipf.push_back("route_reply_through"); + routeOptions_pf_ipf.push_back(QObject::tr("Route a copy through")); + routeOptions_pf_ipf.push_back("route_copy_through"); + + prologPlaces_ipt.push_back(QObject::tr("on top of the script")); + prologPlaces_ipt.push_back("top"); + prologPlaces_ipt.push_back(QObject::tr("after interface configuration")); + prologPlaces_ipt.push_back("after_interfaces"); + prologPlaces_ipt.push_back(QObject::tr("after policy reset")); + prologPlaces_ipt.push_back("after_flush"); + + prologPlaces_pf.push_back(QObject::tr("in the activation shell script")); + prologPlaces_pf.push_back("fw_file"); + + prologPlaces_pf.push_back(QObject::tr("in the pf rule file, at the very top")); + prologPlaces_pf.push_back("pf_file_top"); + + prologPlaces_pf.push_back(QObject::tr("in the pf rule file, after set comamnds")); + prologPlaces_pf.push_back("pf_file_after_set"); + + prologPlaces_pf.push_back(QObject::tr("in the pf rule file, after scrub comamnds")); + prologPlaces_pf.push_back("pf_file_after_scrub"); + + prologPlaces_pf.push_back(QObject::tr("in the pf rule file, after table definitions")); + prologPlaces_pf.push_back("pf_file_after_tables"); + + limitSuffixes.push_back(""); + limitSuffixes.push_back(""); + limitSuffixes.push_back(QObject::tr("/day")); + limitSuffixes.push_back("/day"); + limitSuffixes.push_back(QObject::tr("/hour")); + limitSuffixes.push_back("/hour"); + limitSuffixes.push_back(QObject::tr("/minute")); + limitSuffixes.push_back("/minute"); + limitSuffixes.push_back(QObject::tr("/second")); + limitSuffixes.push_back("/second"); +} + + +bool isUsingNetZone(Firewall *fw) +{ + string platform=fw->getStr("platform"); + return (platform=="pix" || platform=="fwsm"); +} + +bool isDefaultPolicyRuleOptions(FWOptions *opt) +{ + bool res=true; + FWObject *p; + PolicyRule *rule = NULL; + + p=opt; + do { + p=p->getParent(); + if (PolicyRule::cast(p)!=NULL) rule = PolicyRule::cast(p); + } while ( p!=NULL && Firewall::cast(p)==NULL ); + + assert(p!=NULL); + + QString platform = p->getStr("platform").c_str(); + +// if (fwbdebug) +// qDebug(QString("Options object type: %1").arg(opt->getTypeName())); + + if (PolicyRuleOptions::isA(opt)) + { + + if (platform=="iptables") + { + res= ( opt->getStr("log_prefix").empty() && + opt->getStr("log_level").empty() && + opt->getInt("limit_value")<=0 && + opt->getInt("limit_burst")<=0 && + opt->getInt("connlimit_value")<=0 && + opt->getInt("connlimit_masklen")<=0 && + + opt->getStr("hashlimit_name").empty() && + opt->getInt("hashlimit_value")<=0 && + opt->getInt("hashlimit_burst")<=0 && + opt->getInt("hashlimit_size")<=0 && + opt->getInt("hashlimit_max")<=0 && + opt->getInt("hashlimit_expire")<=0 && + opt->getInt("hashlimit_gcinterval")<=0 && + + opt->getInt("ulog_nlgroup")<=1 && + opt->getStr("limit_suffix").empty() && + ! opt->getBool("firewall_is_part_of_any_and_networks")); + } + + if (platform=="pix" || platform=="fwsm") + { + string vers="version_"+p->getStr("version"); + if ( Resources::platform_res[platform.toAscii().constData()]->getResourceBool( + "/FWBuilderResources/Target/options/"+vers+"/pix_rule_syslog_settings")) + { + res= ( opt->getStr("log_level").empty() && + opt->getInt("log_interval")<=0 && + ! opt->getBool("disable_logging_for_this_rule") ); + } + else + { + res=true; + } + } + + if (platform=="pf") + { + string vers=p->getStr("version"); + if (vers=="4.x") + { + res= ( opt->getStr("log_prefix").empty() && + opt->getInt("pf_rule_max_state")<=0 && + ! opt->getBool("pf_source_tracking") && + opt->getInt("pf_max_src_conn")<=0 && + opt->getInt("pf_max_src_conn_rate_num")<=0 && + opt->getInt("pf_max_src_conn_rate_seconds")<=0 && + ! opt->getBool("pf_keep_state") + ); + }else + { + res= ( opt->getStr("log_prefix").empty() && + opt->getInt("pf_rule_max_state")<=0 && + ! opt->getBool("pf_source_tracking") && + opt->getInt("pf_max_src_conn")<=0 && + opt->getInt("pf_max_src_conn_rate_num")<=0 && + opt->getInt("pf_max_src_conn_rate_seconds")<=0 + ); + } + } + + if (platform=="ipf") + { + res= ( opt->getStr("ipf_log_facility").empty() && + opt->getStr("log_level").empty() && + ! opt->getBool("ipf_keep_frags") && + ! opt->getBool("ipf_return_icmp_as_dest") ); + } + + if (platform=="ipfw") + { + //res= ( ! opt->getBool("stateless") ); + res = true; + } + + if (rule!=NULL) + { + PolicyRule::Action act=rule->getAction(); + if (act==PolicyRule::Accept || act==PolicyRule::Tag || act==PolicyRule::Route) + { + // by default, these actions are not stateless + res = res && (!opt->getBool("stateless")); + } else + { + // other actions are stateless by default + res = res && opt->getBool("stateless"); + } + } + + // all rules are stateless for IOS ACL + if (platform=="iosacl") + { + res = true; // ignore "stateless" option + } + + } + return res; +} + +bool isDefaultNATRuleOptions(FWOptions *opt) +{ + bool res=true; + FWObject *p; + + p=opt; + do { p=p->getParent(); + } while ( p!=NULL && Firewall::cast(p)==NULL ); + + assert(p!=NULL); + + QString platform = p->getStr("platform").c_str(); + +// if (fwbdebug) +// qDebug(QString("Options object type: %1 platform: %2 pf_pool_type_none: '%3'").arg(opt->getTypeName()).arg(platform).arg(opt->getStr("pf_pool_type_none").c_str())); + + if (NATRuleOptions::isA(opt)) + { + if (platform=="pf") + { + // if "pf_pool_type_none" is undefined, then all others + // should not be defined too because they all are set by + // the same dialog + // In this case consider options default. + res = (opt->getStr("pf_pool_type_none") == "" || + ( opt->getBool("pf_pool_type_none") && + ! opt->getBool("pf_bitmask") && + ! opt->getBool("pf_random") && + ! opt->getBool("pf_source_hash") && + ! opt->getBool("pf_round_robin") && + ! opt->getBool("pf_static_port") ) ); + } + } + return res; +} + +bool isDefaultRoutingRuleOptions(FWOptions *opt) +{ + bool res=true; + +// if (fwbdebug) +// qDebug(QString("Options object type: %1").arg(opt->getTypeName())); + + if (RoutingRuleOptions::isA(opt)) + { + res= ( ! opt->getBool("no_fail") ); + } + return res; +} + +QString getVersionString(const QString &platform,const QString &version) +{ + list vl = getVersionsForPlatform(platform); + list::iterator li = + std::find_if(vl.begin(),vl.end(),findFirstInQStringPair(version)); + QString readableVersion = (li!=vl.end())?li->second:""; + return readableVersion; +} + +list getVersionsForPlatform(const QString &platform) +{ + list res; + +/* versions are defined here instead of the resource files so that + * strings could be localized. We use strings that can be localized + * only for iptables but define versions for all platforms here for + * uniformity + */ + + if (platform=="iptables") + { + res.push_back(QStringPair("", QObject::tr("- any -"))); + res.push_back(QStringPair("lt_1.2.6", QObject::tr("1.2.5 or earlier"))); + res.push_back(QStringPair("ge_1.2.6", QObject::tr("1.2.6 to 1.2.8"))); + res.push_back(QStringPair("1.2.9", QObject::tr("1.2.9 to 1.2.11"))); + res.push_back(QStringPair("1.3.0", QObject::tr("1.3.0 or later"))); + } else + { + if (platform=="pix" || platform=="fwsm" || platform=="iosacl") + { + QString lst=Resources::platform_res[platform.toAscii().constData()]->getResourceStr( + "/FWBuilderResources/Target/versions").c_str(); + + QStringList ll=lst.split(','); + + for (QStringList::iterator i=ll.begin(); i!=ll.end(); ++i) + res.push_back(QStringPair(*i,*i)); + } else + { + if (platform=="pf") + { + res.push_back(QStringPair("","- any -")); + res.push_back(QStringPair("3.x", QObject::tr("3.x"))); + res.push_back(QStringPair("ge_3.7", QObject::tr("3.7 to 3.9"))); + res.push_back(QStringPair("4.x", QObject::tr("4.x"))); +/* add pf versions here */ + } else + { + if (platform=="ipf") + { + res.push_back(QStringPair("","- any -")); +/* add ipf versions here */ + } else + { + if (platform=="ipfw") + { + res.push_back(QStringPair("","- any -")); +/* add ipfw versions here */ + } else + res.push_back(QStringPair("","- any -")); + } + } + } + } + + return res; +} + +/* currently we return the same list for all platforms */ +const QStringList& getLogLevels(const QString &platform) +{ + return logLevels; +} + +const QStringList& getLogFacilities(const QString &platform) +{ + return logFacilities; +} + +const QStringList& getActionsOnReject(const QString &platform) +{ + return actionsOnReject; +} + +/* + * need to return mapping list for the parameter 'route_option' of + * action 'Routing' regardless of the firewall platform even though + * it only makes sense and is needed for pf and ipf. This is because + * ActionsDialog is designed with widget stack and therefore must + * always initialize widgets for all platforms. Worse, it always + * saves all parameters into rule options object, regardless of the + * platform. So, if we return an empty mapping list from this method + * because platform is not pf or ipf while user is editing action + * parameters for iptables, parameters for pf and ipf get saved + * uninitizalized and unmapped. QComboBox::currentText() returns the + * first item which goes straight into rule options object. This is + * ok in English locale, but breaks XML if the item has been + * translated and the program runs under national locale. Sigh. + */ +const QStringList& getRouteOptions_pf_ipf(const QString &platform) +{ + return routeOptions_pf_ipf; +} + +const QStringList& getPrologPlaces(const QString &platform) +{ + if (platform=="pf") + return prologPlaces_pf; + else + return prologPlaces_ipt; +} + +const QStringList& getLimitSuffixes(const QString &platform) +{ + return limitSuffixes; +} + + +QStringList getScreenNames(const QStringList &sl) +{ + QStringList res; + + for( QStringList::const_iterator it = sl.begin(); + it!=sl.end(); + ++it,++it) + { + res.push_back(*it); + } + return res; +} + +QString getScreenName(QString s, const QStringList &sl) +{ + QString res; + for( QStringList::const_iterator it = sl.begin(); + it!=sl.end(); + ++it) + { + res=(*it); + ++it; + if ((*it)==s) break; + } + return res; +} + +/* + * will remap names of some actions to make it clear what commands or + * configuration language keywords they will be translated to for the + * target firewall platform. This should help users who are familiar + * with the platform. There are very few places where such mapping is + * necessary, plus we need to provide for localization of the mapped + * names. That is why action names are not stored in platform resource + * files and are not pulled using Rule::getActionAsString. + */ + +QString getActionNameForPlatform(PolicyRule::Action action,const QString &platform) +{ + QString action_name = ""; + switch (action) + { + case PolicyRule::Accept: action_name = QObject::tr("Accept"); break; + + case PolicyRule::Deny: action_name = QObject::tr("Deny"); break; + + case PolicyRule::Reject: action_name = QObject::tr("Reject"); break; + + case PolicyRule::Scrub: action_name = QObject::tr("Scrub"); break; + + case PolicyRule::Return: action_name = QObject::tr("Return"); break; + + case PolicyRule::Skip: action_name = QObject::tr("Skip"); break; + + case PolicyRule::Continue: action_name = QObject::tr("Continue"); break; + + case PolicyRule::Modify: action_name = QObject::tr("Modify"); break; + + case PolicyRule::Classify: action_name = QObject::tr("Classify"); break; + + case PolicyRule::Custom: action_name = QObject::tr("Custom"); break; + + case PolicyRule::Branch: + action_name = QObject::tr("Branch"); + if (platform=="iptables") action_name = QObject::tr("Chain"); + if (platform=="pf") action_name = QObject::tr("Anchor"); + break; + + case PolicyRule::Accounting: + action_name = QObject::tr("Accounting"); + if (platform=="ipf" || platform=="ipfw") action_name = QObject::tr("Count"); + break; + + case PolicyRule::Tag: + action_name = QObject::tr("Tag"); + if (platform=="iptables") action_name = QObject::tr("Mark"); + break; + + case PolicyRule::Pipe: + action_name = QObject::tr("Pipe"); + if (platform=="iptables") action_name = QObject::tr("Queue"); + break; + case PolicyRule::Route: + action_name = QObject::tr("Routing"); + break; + default: + ; + } + return action_name; +} + +/* + * this function provides logic for the decision whether the rule + * should be stateless by default. Currently it only depends on the + * action, but may depend on the platform as well. + * + * actions Accept, Tag and Route by default assume the rule is + * stateful. Other actions by default assume it is stateless + * and set rule option accordingly + * + * See bugs #1676635 and 1671910 + */ +bool getStatelessFlagForAction(PolicyRule *rule) +{ + PolicyRule::Action act = rule->getAction(); + if (act==PolicyRule::Accept || + act==PolicyRule::Tag || + act==PolicyRule::Route) return false; + else + return true; +} diff --git a/src/gui/platforms.h b/src/gui/platforms.h new file mode 100644 index 000000000..337847a76 --- /dev/null +++ b/src/gui/platforms.h @@ -0,0 +1,113 @@ +/* + + Firewall Builder + + Copyright (C) 2000 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id$ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#ifndef _PLATFORMS_HH +#define _PLATFORMS_HH + +#include "config.h" + +// among other things, utils.h defines list which we need here +#include "utils.h" + +#include +#include + +#include +#include + +#include + +namespace libfwbuilder { + class FWOptions; + class Firewall; + class PolicyRule; +}; + +void init_platforms(); + +bool isUsingNetZone(libfwbuilder::Firewall *fw); + +bool isDefaultPolicyRuleOptions(libfwbuilder::FWOptions *opt); +bool isDefaultNATRuleOptions(libfwbuilder::FWOptions *opt); +bool isDefaultRoutingRuleOptions(libfwbuilder::FWOptions *opt); + +// using list of pairs instead of a map or QMap because maps are dictionaries +// and do not preserve order of elements +std::list getVersionsForPlatform(const QString &platform); + +QString getVersionString(const QString &platform,const QString &version); + +/** + * !!! returns a list of log levels that can be used to populate qcombobox + * !!! widget. I do not see how log levels can be different for various + * !!! fw platforms, but who knows. + */ +const QStringList& getLogLevels(const QString &platform); + +/** + * like the above, except returns a list of log facilities. + */ +const QStringList& getLogFacilities(const QString &platform); + +/** + * returns a list of Actions on reject (mapping list) + * + */ +const QStringList& getActionsOnReject(const QString &platform); + +/** + * returns a list of options for Route action + * + */ +const QStringList& getRouteOptions_pf_ipf(const QString &platform); + +/** + * returns a list of Prolog places (mapping list) + */ +const QStringList& getPrologPlaces(const QString &platform); + +/** + * returns a list of Limit Suffixes (mapping list) + */ +const QStringList& getLimitSuffixes(const QString &platform); + +/** + * returns a list of screen names from the mapping list that can be + * used to populate qcombobox. + */ +QStringList getScreenNames(const QStringList &sl); + +/** + * finds screen name (i.e. string that can be localized) for the + * internal item name s in the mapping list sl + */ +QString getScreenName(QString s,const QStringList &sl); + +QString getActionNameForPlatform(libfwbuilder::PolicyRule::Action action,const QString &platform); + +bool getStatelessFlagForAction(libfwbuilder::PolicyRule *rule); + +#endif + diff --git a/src/gui/portinglog.txt b/src/gui/portinglog.txt new file mode 100644 index 000000000..973548905 --- /dev/null +++ b/src/gui/portinglog.txt @@ -0,0 +1,110 @@ +Log for qt3to4 on Wed Aug 15 20:07:00 2007. Number of log entries: 45 +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 51 column 21: qobjectlist.h -> qobject.h +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 52 column 19: qlistview.h -> q3listview.h +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 55 column 17: qheader.h -> q3header.h +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 56 column 22: qwidgetstack.h -> q3widgetstack.h +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 67 column 20: qpopupmenu.h -> q3popupmenu.h +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 68 column 22: qtextbrowser.h -> q3textbrowser.h +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 135 column 21: QListViewItem -> Q3ListViewItem +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 162 column 14: QPopupMenu -> Q3PopupMenu +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 162 column 47: QPopupMenu -> Q3PopupMenu +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 272 column 36: QPixmap::fromMimeSource -> qPixmapFromMimeSource +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 342 column 21: QListView -> Q3ListView +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 360 column 13: QListView -> Q3ListView +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 371 column 13: QListView -> Q3ListView +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 389 column 13: QListView -> Q3ListView +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 414 column 17: QListViewItem -> Q3ListViewItem +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 460 column 17: QListViewItem -> Q3ListViewItem +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 563 column 21: QListViewItem -> Q3ListViewItem +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 587 column 17: QListView -> Q3ListView +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 646 column 55: QListView -> Q3ListView +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 652 column 20: QListView -> Q3ListView +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 660 column 36: QPixmap::fromMimeSource -> qPixmapFromMimeSource +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 708 column 68: QListViewItem -> Q3ListViewItem +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 709 column 57: QListViewItem -> Q3ListViewItem +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 733 column 40: QPixmap::fromMimeSource -> qPixmapFromMimeSource +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 743 column 40: QPixmap::fromMimeSource -> qPixmapFromMimeSource +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 771 column 20: QListView -> Q3ListView +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 815 column 49: QListViewItem -> Q3ListViewItem +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 832 column 14: QPopupMenu -> Q3PopupMenu +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 832 column 36: QPopupMenu -> Q3PopupMenu +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 836 column 14: QPopupMenu -> Q3PopupMenu +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 836 column 44: QPopupMenu -> Q3PopupMenu +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 837 column 14: QPopupMenu -> Q3PopupMenu +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 837 column 44: QPopupMenu -> Q3PopupMenu +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 1829 column 21: QListView -> Q3ListView +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 2062 column 13: QListView -> Q3ListView +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 2107 column 48: QListViewItem -> Q3ListViewItem +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp at line 2142 column 13: QListView -> Q3ListView +In file /home/krava/work/someproj/src/gui/ObjectManipulator.cpp: Added the following include directives: + #include #include +In file /home/krava/work/someproj/src/gui/ObjectManipulator.h at line 36 column 19: qlistview.h -> q3listview.h +In file /home/krava/work/someproj/src/gui/ObjectManipulator.h at line 51 column 16: QPopupMenu -> Q3PopupMenu +In file /home/krava/work/someproj/src/gui/ObjectManipulator.h at line 82 column 25: QListView -> Q3ListView +In file /home/krava/work/someproj/src/gui/ObjectManipulator.h at line 110 column 55: QListView -> Q3ListView +In file /home/krava/work/someproj/src/gui/ObjectManipulator.h at line 141 column 35: QListViewItem -> Q3ListViewItem +In file /home/krava/work/someproj/src/gui/ObjectManipulator.h at line 190 column 34: QListViewItem -> Q3ListViewItem +In file /home/krava/work/someproj/src/gui/ObjectManipulator.h: Added the following include directives: + #include + +Log for qt3to4 on Wed Aug 15 20:16:20 2007. Number of log entries: 57 +In file /home/krava/work/someproj/src/gui/ObjectTreeView.h at line 38 column 19: qlistview.h -> q3listview.h +In file /home/krava/work/someproj/src/gui/ObjectTreeView.h at line 39 column 21: qdragobject.h -> q3dragobject.h +In file /home/krava/work/someproj/src/gui/ObjectTreeView.h at line 40 column 19: qiconview.h -> q3iconview.h +In file /home/krava/work/someproj/src/gui/ObjectTreeView.h at line 49 column 39: QListView -> Q3ListView +In file /home/krava/work/someproj/src/gui/ObjectTreeView.h at line 53 column 17: QListViewItem -> Q3ListViewItem +In file /home/krava/work/someproj/src/gui/ObjectTreeView.h at line 54 column 17: QListViewItem -> Q3ListViewItem +In file /home/krava/work/someproj/src/gui/ObjectTreeView.h at line 74 column 23: QDragObject -> Q3DragObject +In file /home/krava/work/someproj/src/gui/ObjectTreeView.h at line 89 column 69: WFlags -> Qt::WFlags +In file /home/krava/work/someproj/src/gui/ObjectTreeView.h at line 120 column 37: QListViewItem -> Q3ListViewItem +In file /home/krava/work/someproj/src/gui/ObjectTreeView.h at line 121 column 38: QListViewItem -> Q3ListViewItem +In file /home/krava/work/someproj/src/gui/ObjectTreeView.h at line 122 column 33: QListViewItem -> Q3ListViewItem +In file /home/krava/work/someproj/src/gui/ObjectTreeView.h at line 123 column 32: QListViewItem -> Q3ListViewItem +In file /home/krava/work/someproj/src/gui/ObjectTreeView.h: Added the following include directives: + #include #include #include #include #include #include #include +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 53 column 21: qdragobject.h -> q3dragobject.h +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 54 column 19: qlistview.h -> q3listview.h +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 55 column 17: qheader.h -> q3header.h +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 72 column 73: WFlags -> Qt::WFlags +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 73 column 13: QListView -> Q3ListView +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 88 column 54: QListViewItem -> Q3ListViewItem +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 89 column 52: QListViewItem -> Q3ListViewItem +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 94 column 49: QListViewItem -> Q3ListViewItem +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 95 column 47: QListViewItem -> Q3ListViewItem +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 97 column 48: QListViewItem -> Q3ListViewItem +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 98 column 46: QListViewItem -> Q3ListViewItem +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 114 column 30: QListView -> Q3ListView +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 116 column 35: QListView -> Q3ListView +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 121 column 31: QListView -> Q3ListView +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 124 column 28: QListView -> Q3ListView +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 130 column 49: QListViewItem -> Q3ListViewItem +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 140 column 44: QListViewItem -> Q3ListViewItem +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 147 column 43: QListViewItem -> Q3ListViewItem +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 173 column 17: QListViewItem -> Q3ListViewItem +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 192 column 13: QListView -> Q3ListView +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 193 column 17: QListViewItem -> Q3ListViewItem +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 201 column 13: QListView -> Q3ListView +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 202 column 17: QListViewItem -> Q3ListViewItem +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 210 column 25: QListViewItemIterator -> Q3ListViewItemIterator +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 211 column 17: QListViewItem -> Q3ListViewItem +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 259 column 11: QDragObject -> Q3DragObject +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 263 column 17: QListViewItem -> Q3ListViewItem +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 346 column 17: QListViewItem -> Q3ListViewItem +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 361 column 21: QListViewItem -> Q3ListViewItem +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 418 column 17: QListViewItem -> Q3ListViewItem +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 467 column 13: QListView -> Q3ListView +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 480 column 13: QListView -> Q3ListView +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 504 column 13: QListView -> Q3ListView +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 514 column 13: QListView -> Q3ListView +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 572 column 17: QListView -> Q3ListView +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 593 column 13: QListView -> Q3ListView +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 601 column 13: QListView -> Q3ListView +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 617 column 48: QListViewItem -> Q3ListViewItem +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 624 column 13: QListView -> Q3ListView +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 654 column 25: QListViewItemIterator -> Q3ListViewItemIterator +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 659 column 25: QListViewItem -> Q3ListViewItem +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 674 column 25: QListViewItemIterator -> Q3ListViewItemIterator +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp at line 681 column 25: QListViewItem -> Q3ListViewItem +In file /home/krava/work/someproj/src/gui/ObjectTreeView.cpp: Added the following include directives: + #include #include #include #include #include #include #include #include + diff --git a/src/gui/prefsdialog_q.ui b/src/gui/prefsdialog_q.ui new file mode 100644 index 000000000..150abc5c0 --- /dev/null +++ b/src/gui/prefsdialog_q.ui @@ -0,0 +1,1024 @@ + + prefsDialog_q + + + true + + + + 0 + 0 + 544 + 364 + + + + Preferences + + + true + + + + 4 + + + 6 + + + + + 0 + + + 6 + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + &OK + + + + + + true + + + true + + + + + + + &Cancel + + + + + + true + + + + + + + + + + General + + + + 6 + + + 6 + + + + + Qt::Vertical + + + QSizePolicy::Fixed + + + + 20 + 16 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 16 + 20 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 16 + 20 + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 16 + 20 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 70 + 20 + + + + + + + + minutes + + + false + + + + + + + 120 + + + 1 + + + + + + + Periodically save data to file every + + + + + + + 1 + + + + + + + Tooltip delay: + + + false + + + + + + + Enable object tooltips + + + + + + + Show deleted objects + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 30 + 20 + + + + + + + + Automatically save data in dialogs when switching between objects + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 16 + 20 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + QFrame::StyledPanel + + + QFrame::Sunken + + + + 11 + + + 6 + + + + + On startup: + + + false + + + + + + + + Load standard objects + + + + + Load last edited file + + + + + + + + Expand all branches in the object tree + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + + + + 1 + 5 + 0 + 0 + + + + Working directory: + + + false + + + + + + + + 7 + 0 + 0 + 0 + + + + + + + + + 5 + 0 + 0 + 0 + + + + Browse... + + + + + + + + Revision Control + + + + 6 + + + 6 + + + + + Do not ask for the log record when checking in new file revision. + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 40 + + + + + + + + + SSH + + + + 6 + + + 6 + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 40 + + + + + + + + A full path to the Secure Shell utility (remote command execution; for example ssh on Unix or plink.exe or vsh.exe on Windows): + + + Qt::AlignVCenter + + + true + + + + + + + + 0 + 0 + 0 + 0 + + + + Browse... + + + + + + + + Libraries + + + + 6 + + + 6 + + + + + Add... + + + + + + + Remove + + + + + + + + 7 + 5 + 0 + 0 + + + + If you remove libraries from the list, changes get in effect next time you start the program + + + Qt::AlignVCenter + + + true + + + + + + + Available libraries: + + + false + + + + + + + + Name + + + + + Load + + + + + File Path + + + + + + + + + Labels + + + + 6 + + + 6 + + + + + Use these labels to mark rules in the firewall policy + + + Qt::AlignCenter + + + false + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 70 + 20 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + 0 + + + 6 + + + + + + + + + + + + Red + + + + + + + Blue + + + + + + + Yellow + + + + + + + + + + + + + + Orange + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Purple + + + + + + + + + + + + + + Green + + + + + + + Gray + + + + + + + + + + + + + + + tabWidget + wDir + browseWDir + startupAction + expandTree + autosave + autosaveFile + autosaveInterval + objTooltips + tooltipDelay + deletedObj + buttonOk + buttonCancel + emptyRCSLog + browseForSSH + sshPath + avLibs + add + rem + redBtn + redText + orangeBtn + orangeText + yellowBtn + yellowText + greenBtn + greenText + blueBtn + blueText + purpleBtn + purpleText + grayBtn + grayText + + + + + buttonOk + clicked() + prefsDialog_q + accept() + + + 20 + 20 + + + 20 + 20 + + + + + buttonCancel + clicked() + prefsDialog_q + reject() + + + 20 + 20 + + + 20 + 20 + + + + + browseWDir + clicked() + prefsDialog_q + findWDir() + + + 20 + 20 + + + 20 + 20 + + + + + add + clicked() + prefsDialog_q + addLibrary() + + + 20 + 20 + + + 20 + 20 + + + + + browseForSSH + clicked() + prefsDialog_q + findSSH() + + + 20 + 20 + + + 20 + 20 + + + + + rem + clicked() + prefsDialog_q + remLibrary() + + + 20 + 20 + + + 20 + 20 + + + + + avLibs + itemClicked(QTreeWidgetItem*,int) + prefsDialog_q + libClick(QTreeWidgetItem*,int) + + + 20 + 20 + + + 20 + 20 + + + + + redBtn + clicked() + prefsDialog_q + changeRedColor() + + + 20 + 20 + + + 20 + 20 + + + + + orangeBtn + clicked() + prefsDialog_q + changeOrangeColor() + + + 20 + 20 + + + 20 + 20 + + + + + yellowBtn + clicked() + prefsDialog_q + changeYellowColor() + + + 20 + 20 + + + 20 + 20 + + + + + greenBtn + clicked() + prefsDialog_q + changeGreenColor() + + + 20 + 20 + + + 20 + 20 + + + + + blueBtn + clicked() + prefsDialog_q + changeBlueColor() + + + 20 + 20 + + + 20 + 20 + + + + + purpleBtn + clicked() + prefsDialog_q + changePurpleColor() + + + 20 + 20 + + + 20 + 20 + + + + + grayBtn + clicked() + prefsDialog_q + changeGrayColor() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/printerStream.cpp b/src/gui/printerStream.cpp new file mode 100644 index 000000000..cf8b21240 --- /dev/null +++ b/src/gui/printerStream.cpp @@ -0,0 +1,336 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: printerStream.cpp,v 1.4 2007/06/21 05:43:26 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#include "config.h" +#include "global.h" +#include "utils.h" + +#include "printerStream.h" + +#include +#include +#include + +printerStream::printerStream(QPrinter *p, + float m, + bool h, + const QString &ht, + PrintingProgressDialog *pd) : pr()//,metrics(p) +{ + printer=p; + margin=m; + printHeader=h; + headerText=ht; + ppd=pd; + headerFont=QFont( "times", 10, QFont::Normal ); + bodyFont=QFont( "times", 14, QFont::Normal ); + headerHeight=1.5; // 1.5 cm for header + pageNo=0; + active=false; + fromPage=1; + toPage=9999; + + headerTimeString = QDateTime::currentDateTime().toString(); +} + +bool printerStream::begin() +{ + if( !pr.begin(printer) ) // paint on printer + return false; + active=true; + + pageWidth = printer->width(); + pageHeight = printer->height(); + + if (fwbdebug) + qDebug("printer dimensions: %dx%d",pageWidth,pageHeight); + + dpiy = printer->logicalDpiY(); + ymargin = (int) ( (margin/2.54)*dpiy ); +// assuming printer's resolutions by X and Y axes are the same + xmargin = ymargin; + pageBody=QRect( xmargin, ymargin, + printer->width() - 2*xmargin, printer->height() - 2*ymargin ); + + yHeaderHeight = int((headerHeight/2.54)*dpiy); + yHeaderLine = int(((headerHeight-0.5)/2.54)*dpiy); + + pr.setFont(headerFont); + QFontMetrics fm = pr.fontMetrics(); + QRect br = fm.boundingRect("Page 999"); + + headerTextBox=QRect(xmargin,ymargin+yHeaderLine-fm.lineSpacing()-1, + printer->width()-2*xmargin,fm.lineSpacing()+1); + headerBox=QRect(xmargin,ymargin,printer->width()-2*xmargin,yHeaderHeight); + + if (fwbdebug) + { + qDebug("dpiy=%d",dpiy); + qDebug("yHeaderHeight=%d",yHeaderHeight); + qDebug("yHeaderLine=%d",yHeaderLine); + qDebug("bounding rect for the header text: %d,%d,%d,%d", + br.left(),br.top(),br.width(),br.height()); + qDebug("headerBox: %d,%d,%d,%d", + headerBox.left(),headerBox.top(),headerBox.width(),headerBox.height()); + qDebug("headerTextBox: %d,%d,%d,%d", + headerTextBox.left(),headerTextBox.top(),headerTextBox.width(),headerTextBox.height()); + } + + yPos = 0; + pageNo = 1; + + return true; +} + +void printerStream::end() +{ + pr.end(); +} + +int printerStream::getWorkspaceWidth() +{ + return pageBody.width(); +} + +int printerStream::getWorkspaceHeight() +{ + return (printHeader)?(pageBody.height()-headerBox.height()):pageBody.height(); +} + +void printerStream::beginPage() +{ + yPos=0; + if (ppd!=NULL) ppd->setCurrentPageNo(pageNo); + + if (printHeader) + { + if (fwbdebug) qDebug("Printing header for page %d (%d-%d)",pageNo,fromPage,toPage); + + QString page = QObject::tr("Page %1").arg(pageNo); + if (pageNo>=fromPage && pageNo<=toPage) + { + pr.setFont(headerFont); + pr.setPen(Qt::black); + pr.setPen(Qt::SolidLine); + pr.drawText(headerTextBox,Qt::AlignLeft,page); + pr.drawText(headerTextBox,Qt::AlignCenter,headerText); + pr.drawText(headerTextBox,Qt::AlignRight,headerTimeString); + + pr.drawLine(headerTextBox.left(),headerTextBox.bottom(), + headerTextBox.right(),headerTextBox.bottom()); + } + yPos = ymargin+headerBox.height(); + } +} + +void printerStream::flushPage() +{ + if (pageNo>=fromPage && pageNo<=toPage) + printer->newPage(); + pageNo++; +} + +int printerStream::getTextHeight(const QString &txt) +{ + if (txt.isEmpty()) return 0; + if (printer->printerState() == QPrinter::Aborted) return 0; + + pr.setFont( bodyFont ); + QFontMetrics fm = pr.fontMetrics(); + int nlines=1; + int i=-1; + while ( (i=txt.indexOf("\n",i+1))>=0 ) nlines++; + return nlines*fm.lineSpacing(); +} + +void printerStream::printText(const QString &txt, bool newLine) +{ + if (txt.isEmpty()) return; + if (printer->printerState() == QPrinter::Aborted) return; + + pr.setFont( bodyFont ); + QFontMetrics fm = pr.fontMetrics(); + QRect br = fm.boundingRect(txt); + + if (getYSpace()=fromPage && pageNo<=toPage) + { + pr.setPen(Qt::black); + pr.drawText( xmargin, yPos, printer->width()-2*xmargin, br.height(), + Qt::TextExpandTabs | Qt::TextDontClip, + txt ); + } + int nlines=1; + int i=-1; + while ( (i=txt.indexOf("\n",i+1))>=0 ) nlines++; + if (newLine) yPos = yPos + nlines*fm.lineSpacing(); +} + +void printerStream::printPixmap(const QPixmap &pm, bool newLine) +{ + int pmYOffset = 0; + while ( getYSpace()<(pm.height()-pmYOffset) ) + { + int yFrag = pageBody.height()-yPos; + if (pageNo>=fromPage && pageNo<=toPage) + pr.drawPixmap(xmargin,yPos,pm,0,pmYOffset,-1,yFrag); + pmYOffset = pmYOffset+yFrag; + flushPage(); + beginPage(); // resets yPos + } + if (pageNo>=fromPage && pageNo<=toPage) + pr.drawPixmap(xmargin,yPos,pm,0,pmYOffset,-1,-1); + if (newLine) yPos = yPos + (pm.height()-pmYOffset); +} + +void printerStream::printQTable(QTableView *tbl, bool left_margin, bool top_margin) +{ + if (fwbdebug) + { + qDebug("printQTable ----------------------------------------------"); + qDebug("Size: %dx%d",tbl->width(),tbl->height()); + qDebug("Visible: %dx%d",tbl->contentsRect().width(),tbl->contentsRect().height()); + qDebug("Viewport: %dx%d", + tbl->viewport()->width(),tbl->viewport()->height()); + /*qDebug("Clipper: %dx%d", + tbl->clipper()->width(),tbl->clipper()->height());*/ + } + + int firstRow = 0; + int lastRow = 1; + int tblHeight = tbl->horizontalHeader()->height(); + + int columnsWidth = 0; + for (int i = 0; i < tbl->model()->columnCount(); columnsWidth += tbl->columnWidth(i), i++); + + if ( tblHeight + tbl->rowHeight(0) > getYSpace() ) + { + // even one row of the table won't fit on the space left on page + flushPage(); + beginPage(); + } + + int rowCount = tbl->model()->rowCount(); + while (firstRow<=(rowCount-1)) + { + int row = 0; + for (row=firstRow; row < rowCount; ++row) + { + int nth = tblHeight + tbl->rowHeight(row); + if ( nth==getYSpace() ) break; + if ( nth>getYSpace() ) { row--; break; } + tblHeight = nth; + } + // if row < firstRow then even single row does not fit on the page + if (row < firstRow) + { + row = firstRow; + tblHeight = tbl->rowHeight(firstRow); + } + + + if (row == rowCount) row--; + + lastRow = row; + + int firstRowPos = tbl->verticalHeader()->sectionPosition(firstRow); + int lastRowPos = tbl->verticalHeader()->sectionPosition(lastRow); + + if (fwbdebug) + qDebug("Page %d -- %d rows (%d-%d) tblHeight: %d firstRowPos: %d lastRowPos: %d", + pageNo, rowCount, + firstRow, lastRow, tblHeight, firstRowPos, lastRowPos); + + int left_hdr_w = 0; + if (left_margin && tbl->verticalHeader() != NULL) + left_hdr_w = tbl->verticalHeader()->width(); + + int top_hdr_h = 0; + if (top_margin && tbl->horizontalHeader() != NULL) + top_hdr_h = tbl->horizontalHeader()->height(); + + tbl->resize(columnsWidth + left_hdr_w, tblHeight); + + tbl->verticalHeader()->resize( + tbl->verticalHeader()->width(), + tbl->height()-tbl->horizontalHeader()->height()); + tbl->horizontalHeader()->resize( + tbl->width()-tbl->verticalHeader()->width(), + tbl->horizontalHeader()->height()); + + if (fwbdebug) + { + qDebug(" After resize:"); + qDebug(" Size: %dx%d",tbl->width(),tbl->height()); + qDebug(" Visible: %dx%d", + tbl->contentsRect().width(),tbl->contentsRect().height()); + /*qDebug(" Visible: %dx%d", + tbl->visibleWidth(),tbl->visibleHeight()); + qDebug(" Viewport: %dx%d", + tbl->viewport()->width(),tbl->viewport()->height()); + qDebug(" Clipper: %dx%d", + tbl->clipper()->width(),tbl->clipper()->height());*/ + qDebug(" vheader size: %dx%d", + tbl->verticalHeader()->width(), + tbl->verticalHeader()->height()); + } + + tbl->verticalHeader()->setOffsetToSectionPosition(firstRow); + tbl->update(); + + if (fwbdebug) + { + qDebug(" After scroll:"); + /* qDebug(" contents X: %d contents Y: %d", + tbl->horizontalOffset(),tbl->verticalOffset()); */ + int count = tbl->verticalHeader()->count(); + int offset= tbl->verticalHeader()->offset(); + qDebug(" vheader count: %d",count); + qDebug(" vheader offset: %d",offset); + qDebug(" vheader sectionAt(%d): %d", + offset, + tbl->verticalHeader()->logicalIndexAt(offset)); + } + + printPixmap(QPixmap::grabWidget(tbl,0,0,-1,tblHeight)); + + if (lastRow>=(rowCount-1)) break; + + flushPage(); + beginPage(); + + firstRow = lastRow + 1; + tblHeight = tbl->horizontalHeader()->height(); + } +} + + + diff --git a/src/gui/printerStream.h b/src/gui/printerStream.h new file mode 100644 index 000000000..64ef5c09c --- /dev/null +++ b/src/gui/printerStream.h @@ -0,0 +1,103 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: printerStream.h,v 1.3 2007/06/21 05:43:26 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __PRINTERSTREAM_H_ +#define __PRINTERSTREAM_H_ + +#include +#include +#include + +#include + +#include "PrintingProgressDialog.h" + +class QPrinter; + +class printerStream { + QPrinter *printer; + QPainter pr; + QRect pageBody; + PrintingProgressDialog *ppd; + + int yPos; + float margin; + int ymargin; + int xmargin; + int fromPage; + int toPage; + bool active; + bool printHeader; + QString headerTimeString; + QString headerText; + QFont headerFont; + QRect headerTextBox; + QRect headerBox; + QFont bodyFont; + float headerHeight; + int yHeaderHeight; + int yHeaderLine; + int pageNo; + int pageWidth; + int pageHeight; + int dpiy; + + public: + + printerStream(QPrinter *p,float margin,bool header,const QString &headerText, + PrintingProgressDialog *ppd); + + bool begin(); + void end(); + bool isActive() { return active; } + void setFromTo(int from, int to) { fromPage=from; toPage=to; } + + + QPainter& painter() { return pr; } + + int getYMargin() { return ymargin; } + int getXMargin() { return xmargin; } + + void printText(const QString &txt, bool newLine=true); + void printPixmap(const QPixmap &pm, bool newLine=true); + void printQTable(QTableView *tbl, bool left_margin=true, bool top_margin=true); + + int getTextHeight(const QString &txt); + + void beginPage(); + void flushPage(); + + int getPageHeight() { return pageHeight; } + int getPageWidth() { return pageWidth; } + int getWorkspaceHeight(); + int getWorkspaceWidth(); + + int getYPos() { return yPos; } + int getYSpace() { return pageBody.height()-yPos; } + +}; + +#endif diff --git a/src/gui/printingprogressdialog_q.ui b/src/gui/printingprogressdialog_q.ui new file mode 100644 index 000000000..17a99c41d --- /dev/null +++ b/src/gui/printingprogressdialog_q.ui @@ -0,0 +1,74 @@ + + printingProgressDialog_q + + + + 0 + 0 + 275 + 110 + + + + Printing + + + + + + Cancel + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + + + textLabel1 + + + false + + + + + + + + + + diff --git a/src/gui/rcsfilepreview_q.ui b/src/gui/rcsfilepreview_q.ui new file mode 100644 index 000000000..427607b78 --- /dev/null +++ b/src/gui/rcsfilepreview_q.ui @@ -0,0 +1,265 @@ + + RCSFilePreview_q + + + Qt::WindowModal + + + true + + + + 0 + 0 + 508 + 488 + + + + + 0 + 0 + + + + RCSFilePreview + + + true + + + true + + + + + + + 300 + 0 + + + + QFrame::NoFrame + + + QFrame::Plain + + + Qt::ScrollBarAlwaysOn + + + false + + + true + + + + Revision + + + + + Date + + + + + Author + + + + + Locked by + + + + + + + + QFrame::HLine + + + QFrame::Plain + + + Qt::Horizontal + + + + + + + 0 + + + + + + 0 + 0 + + + + RCS log: + + + Qt::AlignTop + + + false + + + 4 + + + 0 + + + + + + + + 0 + 0 + + + + + 32767 + 80 + + + + QFrame::NoFrame + + + + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 111 + 30 + + + + + + + + + 0 + 30 + + + + true + + + Open + + + + + + + + 0 + 30 + + + + Open read-only + + + + + + + + 0 + 30 + + + + Cancel + + + + + + + + + + RCSTreeView + comment + openButton + + + + + + openRO + released() + RCSFilePreview_q + openReadOnly() + + + 20 + 20 + + + 20 + 20 + + + + + RCSTreeView + currentItemChanged(QTreeWidgetItem*,QTreeWidgetItem*) + RCSFilePreview_q + selectedRevision(QTreeWidgetItem*) + + + 20 + 20 + + + 20 + 20 + + + + + openButton + clicked() + RCSFilePreview_q + openFile() + + + 379 + 462 + + + 253 + 243 + + + + + diff --git a/src/gui/rcsfilesavedialog_q.ui b/src/gui/rcsfilesavedialog_q.ui new file mode 100644 index 000000000..31b53915b --- /dev/null +++ b/src/gui/rcsfilesavedialog_q.ui @@ -0,0 +1,157 @@ + + + + + RCSFileSaveDialog_q + + + true + + + + 0 + 0 + 381 + 194 + + + + Log record for the new revision + + + true + + + + + + Do not ask me anymore, always check files in with empty log + + + + + + + 0 + + + 6 + + + + + + 20 + 20 + + + + Expanding + + + Horizontal + + + + + + + Check file &in + + + Alt+I + + + true + + + true + + + + + + + &Cancel + + + + + + true + + + + + + + + + + 7 + 7 + 0 + 0 + + + + + 32767 + 32767 + + + + + + + + Checking file %1 into RCS + + + false + + + + + + + + 5 + 7 + 0 + 0 + + + + Log record for this revision: + + + false + + + + + + + + + rcslog + nolog + buttonOk + buttonCancel + + + + buttonOk + clicked() + RCSFileSaveDialog_q + accept() + + + buttonCancel + clicked() + RCSFileSaveDialog_q + reject() + + + diff --git a/src/gui/routingruleoptionsdialog_q.ui b/src/gui/routingruleoptionsdialog_q.ui new file mode 100644 index 000000000..2539a5558 --- /dev/null +++ b/src/gui/routingruleoptionsdialog_q.ui @@ -0,0 +1,238 @@ + + RoutingRuleOptionsDialog_q + + + + 0 + 0 + 562 + 237 + + + + Routing Rule Options + + + + 11 + + + 6 + + + + + 0 + + + 6 + + + + + + 5 + 0 + 0 + 0 + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 6 + + + + + + 75 + true + + + + fw/rule num + + + false + + + + + + + + + + + 5 + 1 + 0 + 0 + + + + QFrame::Box + + + QFrame::Sunken + + + + + 0 + + + 6 + + + + + QFrame::NoFrame + + + QFrame::Raised + + + + 11 + + + 6 + + + + + If installation of this routing rule fails, just carry on + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 50 + + + + + + + + + + + + + 0 + + + 6 + + + + + QFrame::NoFrame + + + QFrame::Raised + + + + 11 + + + 6 + + + + + No options available for routing rules of this firewall platform + + + false + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 50 + + + + + + + + + + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + routing_non_critical_rule + + + + + routing_non_critical_rule + toggled(bool) + RoutingRuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/ruleoptionsdialog_q.ui b/src/gui/ruleoptionsdialog_q.ui new file mode 100644 index 000000000..f4ab17e43 --- /dev/null +++ b/src/gui/ruleoptionsdialog_q.ui @@ -0,0 +1,2947 @@ + + RuleOptionsDialog_q + + + + 0 + 0 + 983 + 510 + + + + Rule Options for ipt + + + + + 11 + 11 + 882 + 40 + + + + + 5 + 0 + 0 + 0 + + + + QFrame::Box + + + QFrame::Sunken + + + + 0 + + + 6 + + + + + + 75 + true + + + + fw/rule num + + + false + + + + + + + + + 10 + 50 + 954 + 269 + + + + + 1 + 5 + 0 + 0 + + + + QFrame::Box + + + QFrame::Sunken + + + 1 + + + 0 + + + 0 + + + + + 6 + + + 6 + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + + 7 + 5 + 0 + 0 + + + + QTabWidget::Triangular + + + 0 + + + + General + + + + 6 + + + 6 + + + + + Assume firewall is part of 'any' (this setting only affects code generated for this rule) + + + + + + + Stateless rule + + + + + + + Normally policy compiler uses stateful inspection in each rule. Activating next option makes this rule stateless. + + + Qt::AlignVCenter + + + true + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 16 + + + + + + + + + Logging + + + + 6 + + + 6 + + + + + + 5 + 0 + 0 + 0 + + + + + 200 + 32767 + + + + + + + + + + alert + + + + + crit + + + + + error + + + + + warning + + + + + notice + + + + + info + + + + + debug + + + + + + + + + 5 + 0 + 0 + 0 + + + + + 200 + 32767 + + + + + + + + Log prefix: + + + false + + + + + + + Log level: + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + false + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + Netlink group (if using ULOG): + + + false + + + + + + + 32 + + + 1 + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 30 + + + + + + + + + limit + + + + 6 + + + 6 + + + + + Rate (rule matches if it hits this often or less): + + + false + + + + + + + Module limit + + + Qt::AlignVCenter + + + true + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 60 + 20 + + + + + + + + Burst: + + + false + + + + + + + + + + + 5 + 0 + 0 + 0 + + + + + 200 + 32767 + + + + + + + + + + /day + + + + + /hour + + + + + /minute + + + + + /second + + + + + + + + + 0 + 0 + 0 + 0 + + + + 10000 + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + + connlimit + + + + 6 + + + 6 + + + + + + 1 + 5 + 0 + 0 + + + + bit + + + false + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + + 0 + 0 + 0 + 0 + + + + 10000 + + + + + + + + 1 + 5 + 0 + 0 + + + + per network with netmask of + + + false + + + + + + + + 0 + 0 + 0 + 0 + + + + 10000 + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + Number of allowed connections per client host + + + false + + + + + + + Module connlimit + + + false + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 16 + + + + + + + + + hashlimit + + + + 6 + + + 6 + + + + + Module hashlimit + + + false + + + + + + + On some older systems this module has name 'dstlimit'. Check here if you need to use this name. + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + Rate: + + + false + + + + + + + Name: + + + false + + + + + + + + + + + 80 + 32767 + + + + + + + + + 80 + 32767 + + + + + + + + + 5 + 0 + 0 + 0 + + + + + 200 + 32767 + + + + + + + + + + /day + + + + + /hour + + + + + /minute + + + + + /second + + + + + + + + Burst: + + + false + + + + + + + Mode: + + + false + + + + + + + + dstip + + + + + srcip + + + + + dstip,dstport + + + + + srcip,srcport + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 300 + 20 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 360 + 20 + + + + + + + + QFrame::HLine + + + QFrame::Sunken + + + Qt::Horizontal + + + + + + + htable-size: + + + false + + + + + + + The number of buckets of the hash table (omit this option in generated script if set to 0) + + + 999999 + + + + + + + htable-max: + + + false + + + + + + + Maximum number of entries in the hash (omit this option in generated script if set to 0) + + + 999999 + + + + + + + htable-expire: + + + false + + + + + + + After how many milliseconds do hash entries expire (omit this option in the generated script if set to 0) + + + 999999 + + + + + + + htable-gcinterval: + + + false + + + + + + + How many milliseconds between garbage collection intervals (omit this option in generated script if set to 0) + + + 999999 + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 130 + 20 + + + + + + + + Options below control size of the hash table and expiration time. They will be omitted from the generated script if set to zero. + + + Qt::AlignVCenter + + + true + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 16 + + + + + + + + + + + + + + 6 + + + 6 + + + + + + 7 + 1 + 0 + 0 + + + + QTabWidget::Triangular + + + + General + + + + 6 + + + 6 + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 8 + + + + + + + + Normally policy compiler uses stateful inspection in each rule. Activating next option makes this rule stateless. + + + Qt::AlignVCenter + + + true + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + Stateless rule + + + + + + + Send ICMP 'unreachable' packet masquerading as being from the original destination + + + + + + + Keep information on fragmented packets, to be applied to later fragments + + + + + + + + Logging + + + + 0 + + + 6 + + + + + Log facility: + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + false + + + + + + + + 7 + 0 + 0 + 0 + + + + + + + + Log level: + + + Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter + + + false + + + + + + + + 7 + 0 + 0 + 0 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 30 + + + + + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 40 + + + + + + + + + + 6 + + + 6 + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + + 7 + 1 + 0 + 0 + + + + QTabWidget::Triangular + + + + General + + + + 6 + + + 6 + + + + + + 400 + 0 + + + + Normally policy compiler uses stateful inspection in each rule. Activating next option makes this rule stateless. + + + Qt::AlignVCenter + + + true + + + + + + + Stateless rule + + + + + + + In PF 4.x "flags S/SA keep state" is the default. Compiler will omit these flags while generating code for stateful rules matching tcp services. However, according to the PF FAQ, care should be taken while dealing with states and interface enc0. To avoid leaking unencrypted traffic out, the FAQ recommends setting 'keep state' explicitly in all rules on the enc0 interface. This option applies only if version is set to 4.x. + + + Qt::AlignVCenter + + + true + + + + + + + Add 'keep state' + + + + + + + + Logging + + + + 6 + + + 6 + + + + + + + + Log prefix: + + + false + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 301 + 20 + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 51 + + + + + + + + + Tracking + + + + 6 + + + 6 + + + + + When this option is checked, the number of states per source IP is tracked + + + Activate source tracking + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + + 0 + 0 + 0 + 0 + + + + 1000000 + + + + + + + + 0 + 0 + 0 + 0 + + + + 1000000 + + + + + + + + 5 + 5 + 0 + 0 + + + + + 300 + 0 + + + + Maximum number of source addresses which can simultaneously have state table entries (max-src-nodes): + + + Qt::AlignVCenter + + + false + + + + + + + + 5 + 5 + 0 + 0 + + + + + 300 + 0 + + + + Maximum number of simultaneous state entries that a single source address can create with this rule (max-src-states): + + + Qt::AlignVCenter + + + false + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 40 + + + + + + + + + Limits + + + + 6 + + + 6 + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + + 0 + 0 + 0 + 0 + + + + + 80 + 32767 + + + + 1000000 + + + + + + + + 100 + 0 + + + + + + + + + 1 + 5 + 0 + 0 + + + + overload table: + + + false + + + + + + + flush + + + + + + + Maximum number of simultaneous TCP connections that a single host can make (max-src-conn): + + + Qt::AlignVCenter + + + false + + + + + + + global + + + + + + + The limit of new connections over a time interval (max-src-conn-rate): + + + Qt::AlignVCenter + + + false + + + + + + + / + + + false + + + + + + + + 100 + 0 + + + + + + + + + 0 + 0 + 0 + 0 + + + + 1000000 + + + + + + + global + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 125 + 20 + + + + + + + + flush + + + + + + + overload table: + + + false + + + + + + + Qt::Horizontal + + + QSizePolicy::Fixed + + + + 40 + 20 + + + + + + + + sec + + + false + + + + + + + + 0 + 0 + 0 + 0 + + + + + 80 + 32767 + + + + 1000000 + + + + + + + Qt::Horizontal + + + QSizePolicy::Fixed + + + + 40 + 20 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 80 + 20 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 70 + 20 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 60 + 20 + + + + + + + + When this limit is reached, further packets matching the rule that would create state are dropped, until existing states time out. + + + 1000000 + + + + + + + + 300 + 0 + + + + Maximum number of concurrent states this rule may create. Unlimited if set to zero (option 'max'). + + + Qt::AlignVCenter + + + false + + + + + + + + + + + + + 6 + + + 6 + + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 6 + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 90 + + + + + + + + Stateless rule + + + + + + + + 300 + 0 + + + + Normally policy compiler uses stateful inspection in each rule. Activating next option makes this rule stateless. + + + Qt::AlignVCenter + + + true + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + + + + + 6 + + + 6 + + + + + QFrame::NoFrame + + + QFrame::Raised + + + + 11 + + + 6 + + + + + These options are only valid for PIX running software v6.3 or later + + + Qt::AlignVCenter + + + true + + + + + + + Qt::Vertical + + + QSizePolicy::Fixed + + + + 20 + 16 + + + + + + + + completely disable logging for this rule + + + + + + + 0 + + + 6 + + + + + Log level: + + + false + + + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 51 + 20 + + + + + + + + + + 0 + + + 6 + + + + + Logging interval: + + + false + + + + + + + 10000 + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 51 + 20 + + + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + + + + + + 6 + + + 6 + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 40 + + + + + + + + There are no options for this firewall platform + + + Qt::AlignCenter + + + false + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 40 + + + + + + + + + + + pix_disable_rule_log + pix_logLevel + pix_log_interval + tabw1 + ipt_assumeFwIsPartOfAny + ipt_stateless + ipt_logPrefix + ipt_logLevel + ipt_nlgroup + ipt_limit + ipt_limitSuffix + ipt_burst + ipt_connlimit + ipt_connlimit_masklen + ipt_hashlimit_name + ipt_hashlimit_dstlimit + ipt_hashlimit + ipt_hashlimit_suffix + ipt_hashlimit_burst + ipt_hashlimit_mode + ipt_hashlimit_size + ipt_hashlimit_max + ipt_hashlimit_expire + ipt_hashlimit_gcinterval + tabw0 + ipf_stateless + ipf_masq_icmp + ipf_keep_frags + ipf_logFacility + ipf_logLevel + tabw2 + pf_stateless + pf_keep_state + pf_source_tracking + pf_max_src_nodes + pf_max_src_states + pf_rule_max_state + pf_max_src_conn + pf_max_src_conn_overload_table + pf_max_src_conn_flush + pf_max_src_conn_global + pf_max_src_conn_rate_num + pf_max_src_conn_rate_seconds + pf_max_src_conn_rate_overload_table + pf_max_src_conn_rate_flush + pf_max_src_conn_rate_global + ipfw_stateless + pf_logPrefix + + + + + pf_max_src_states + valueChanged(int) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + pf_max_src_nodes + valueChanged(int) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + pf_source_tracking + toggled(bool) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + pf_rule_max_state + valueChanged(int) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + pix_log_interval + valueChanged(int) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + pix_logLevel + activated(int) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + pix_disable_rule_log + toggled(bool) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + pf_stateless + toggled(bool) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + pf_logPrefix + textChanged(QString) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ipfw_stateless + toggled(bool) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ipf_stateless + toggled(bool) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ipf_masq_icmp + toggled(bool) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ipf_logLevel + activated(int) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ipf_logFacility + activated(int) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ipf_keep_frags + toggled(bool) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ipt_burst + valueChanged(int) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ipt_connlimit + valueChanged(int) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ipt_connlimit_masklen + valueChanged(int) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ipt_limit + valueChanged(int) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ipt_limitSuffix + activated(int) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ipt_logLevel + activated(int) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ipt_logPrefix + textChanged(QString) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ipt_nlgroup + valueChanged(int) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ipt_stateless + toggled(bool) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ipt_hashlimit + valueChanged(int) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ipt_hashlimit_burst + valueChanged(int) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ipt_hashlimit_dstlimit + toggled(bool) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ipt_hashlimit_mode + activated(int) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ipt_hashlimit_suffix + activated(int) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ipt_assumeFwIsPartOfAny + toggled(bool) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + pf_max_src_conn + valueChanged(int) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + pf_max_src_conn_flush + toggled(bool) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + pf_max_src_conn_global + toggled(bool) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + pf_max_src_conn_overload_table + textChanged(QString) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + pf_max_src_conn_rate_flush + toggled(bool) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + pf_max_src_conn_rate_global + toggled(bool) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + pf_max_src_conn_rate_num + valueChanged(int) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + pf_max_src_conn_rate_overload_table + textChanged(QString) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + pf_max_src_conn_rate_seconds + valueChanged(int) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ipt_hashlimit_expire + valueChanged(int) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ipt_hashlimit_gcinterval + valueChanged(int) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ipt_hashlimit_max + valueChanged(int) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ipt_hashlimit_name + textChanged(QString) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ipt_hashlimit_size + valueChanged(int) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + pf_keep_state + toggled(bool) + RuleOptionsDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/simpleinteditor_q.ui b/src/gui/simpleinteditor_q.ui new file mode 100644 index 000000000..ba147f3f9 --- /dev/null +++ b/src/gui/simpleinteditor_q.ui @@ -0,0 +1,146 @@ + + SimpleIntEditor_q + + + true + + + + 0 + 0 + 248 + 96 + + + + Script Editor + + + + 11 + + + 11 + + + 11 + + + 11 + + + + + + 0 + 0 + + + + QFrame::HLine + + + QFrame::Sunken + + + Qt::Horizontal + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 110 + 20 + + + + + + + + Cancel + + + + + + + true + + + QAbstractSpinBox::PlusMinus + + + + + + 255 + + + 1 + + + + + + + OK + + + true + + + + + + + + spin_box + ok_button + cancel_button + + + + + + ok_button + clicked() + SimpleIntEditor_q + accept() + + + 20 + 20 + + + 20 + 20 + + + + + cancel_button + clicked() + SimpleIntEditor_q + reject() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/simpletexteditor_q.ui b/src/gui/simpletexteditor_q.ui new file mode 100644 index 000000000..480b6a40b --- /dev/null +++ b/src/gui/simpletexteditor_q.ui @@ -0,0 +1,164 @@ + + SimpleTextEditor_q + + + true + + + + 0 + 0 + 592 + 344 + + + + Qt::StrongFocus + + + Script Editor + + + + 11 + + + 11 + + + 11 + + + 11 + + + + + Qt::ScrollBarAlwaysOn + + + Qt::ScrollBarAlwaysOn + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + OK + + + true + + + + + + + Cancel + + + + + + + Import from file ... + + + + + + + + 0 + 0 + + + + QFrame::HLine + + + QFrame::Sunken + + + Qt::Horizontal + + + + + + + + editor + inputFromFileButton + ok_button + cancel_button + + + + + + ok_button + clicked() + SimpleTextEditor_q + accept() + + + 20 + 20 + + + 20 + 20 + + + + + cancel_button + clicked() + SimpleTextEditor_q + reject() + + + 20 + 20 + + + 20 + 20 + + + + + inputFromFileButton + clicked() + SimpleTextEditor_q + loadFromFile() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/simpletextview_q.ui b/src/gui/simpletextview_q.ui new file mode 100644 index 000000000..c3af27047 --- /dev/null +++ b/src/gui/simpletextview_q.ui @@ -0,0 +1,141 @@ + + SimpleTextView_q + + + + 0 + 0 + 409 + 425 + + + + Qt::StrongFocus + + + Text viewer + + + + 11 + + + 11 + + + 11 + + + 11 + + + + + QFrame::StyledPanel + + + QFrame::Plain + + + + 11 + + + 11 + + + 11 + + + 11 + + + + + + 75 + true + + + + Object Name + + + false + + + + + + + + + + true + + + + + + + QFrame::HLine + + + QFrame::Sunken + + + Qt::Horizontal + + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 91 + 20 + + + + + + + + Close + + + + + + + + + + + + + pushButton7 + released() + SimpleTextView_q + close() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/solarisAdvancedDialog.cpp b/src/gui/solarisAdvancedDialog.cpp new file mode 100644 index 000000000..29365146a --- /dev/null +++ b/src/gui/solarisAdvancedDialog.cpp @@ -0,0 +1,131 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: solarisAdvancedDialog.cpp,v 1.3 2006/03/16 05:38:14 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "platforms.h" + +#include "solarisAdvancedDialog.h" +#include "ObjectManipulator.h" + +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Management.h" + +#include +#include +#include +#include +#include +#include +#include + + +using namespace std; +using namespace libfwbuilder; + +solarisAdvancedDialog::~solarisAdvancedDialog() +{ + delete m_dialog; +} + +solarisAdvancedDialog::solarisAdvancedDialog(QWidget *parent,FWObject *o) + : QDialog(parent) +{ + m_dialog = new Ui::solarisAdvancedDialog_q; + m_dialog->setupUi(this); + obj=o; + + FWOptions *fwopt=(Firewall::cast(obj))->getOptionsObject(); + assert(fwopt!=NULL); + + Management *mgmt=(Firewall::cast(obj))->getManagementObject(); + assert(mgmt!=NULL); + + QStringList threeStateMapping; + + threeStateMapping.push_back(QObject::tr("No change")); + threeStateMapping.push_back(""); + + threeStateMapping.push_back(QObject::tr("On")); + threeStateMapping.push_back("1"); + + threeStateMapping.push_back(QObject::tr("Off")); + threeStateMapping.push_back("0"); + + data.registerOption( m_dialog->solaris_ip_forward, + fwopt, + "solaris_ip_forward", threeStateMapping); + data.registerOption( m_dialog->solaris_ip_forward_src_routed, + fwopt, + "solaris_ip_forward_src_routed", threeStateMapping); + data.registerOption( m_dialog->solaris_ip_forward_directed_broadcasts, + fwopt, + "solaris_ip_forward_directed_broadcasts", threeStateMapping); + data.registerOption( m_dialog->solaris_ip_respond_to_echo_broadcast, + fwopt, + "solaris_ip_respond_to_echo_broadcast", threeStateMapping); + data.registerOption( m_dialog->solaris_ip_forward_directed_broadcasts, + fwopt, + "solaris_ip_forward_directed_broadcasts", threeStateMapping); + data.registerOption( m_dialog->solaris_ip_ignore_redirect, + fwopt, + "solaris_ip_ignore_redirect", threeStateMapping); + data.registerOption( m_dialog->solaris_ip_forward_src_routed, + fwopt, + "solaris_ip_forward_src_routed", threeStateMapping); + data.registerOption( m_dialog->solaris_path_ipf , + fwopt, + "solaris_path_ipf"); + data.registerOption( m_dialog->solaris_path_ipnat, + fwopt, + "solaris_path_ipnat"); + + + data.loadAll(); +} + +/* + * store all data in the object + */ +void solarisAdvancedDialog::accept() +{ + FWOptions *fwopt=(Firewall::cast(obj))->getOptionsObject(); + assert(fwopt!=NULL); + + Management *mgmt=(Firewall::cast(obj))->getManagementObject(); + assert(mgmt!=NULL); + + data.saveAll(); + + om->updateLastModifiedTimestampForAllFirewalls(obj); + QDialog::accept(); +} + +void solarisAdvancedDialog::reject() +{ + QDialog::reject(); +} + + diff --git a/src/gui/solarisAdvancedDialog.h b/src/gui/solarisAdvancedDialog.h new file mode 100644 index 000000000..7523dd01c --- /dev/null +++ b/src/gui/solarisAdvancedDialog.h @@ -0,0 +1,59 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: solarisAdvancedDialog.h,v 1.1 2004/05/11 04:45:39 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __SOLARISADVANCEDDIALOG_H_ +#define __SOLARISADVANCEDDIALOG_H_ + +#include +#include "DialogData.h" +#include + +namespace libfwbuilder { + class FWObject; +}; + +class solarisAdvancedDialog : public QDialog +{ + Q_OBJECT + + libfwbuilder::FWObject *obj; + DialogData data; + Ui::solarisAdvancedDialog_q *m_dialog; + + public: + solarisAdvancedDialog(QWidget *parent,libfwbuilder::FWObject *o); + ~solarisAdvancedDialog(); + +protected slots: + + virtual void accept(); + virtual void reject(); + + +}; + +#endif // __SOLARISADVANCEDDIALOG_H + diff --git a/src/gui/solarisadvanceddialog_q.ui b/src/gui/solarisadvanceddialog_q.ui new file mode 100644 index 000000000..da97975a0 --- /dev/null +++ b/src/gui/solarisadvanceddialog_q.ui @@ -0,0 +1,491 @@ + + solarisAdvancedDialog_q + + + + 0 + 0 + 388 + 285 + + + + Solaris: advanced settings + + + + 11 + + + 6 + + + + + 0 + + + 6 + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 20 + 20 + + + + + + + + &OK + + + + + + true + + + true + + + + + + + &Cancel + + + + + + true + + + + + + + + + 0 + + + + Options + + + + 6 + + + 6 + + + + + Ignore ICMP redirects + + + Qt::AlignCenter + + + false + + + + + + + + No change + + + + + On + + + + + Off + + + + + + + + Forward directed broadcasts + + + Qt::AlignCenter + + + false + + + + + + + Respond to echo broadcast + + + Qt::AlignCenter + + + false + + + + + + + + No change + + + + + On + + + + + Off + + + + + + + + + No change + + + + + On + + + + + Off + + + + + + + + Packet forwarding + + + Qt::AlignCenter + + + false + + + + + + + + No change + + + + + On + + + + + Off + + + + + + + + + No change + + + + + On + + + + + Off + + + + + + + + Forward source routed packets + + + Qt::AlignCenter + + + false + + + + + + + Qt::Horizontal + + + QSizePolicy::Fixed + + + + 151 + 20 + + + + + + + + Qt::Vertical + + + QSizePolicy::Fixed + + + + 20 + 20 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 40 + + + + + + + + + Path + + + + 6 + + + 6 + + + + + + 200 + 0 + + + + + + + + ipf: + + + Qt::AlignCenter + + + false + + + + + + + ipnat: + + + Qt::AlignCenter + + + false + + + + + + + + 200 + 0 + + + + + + + + Specify directory path and a file name for the following utilities on the OS your firewall machine is running. Leave these empty if you want to use default values. + + + Qt::AlignCenter + + + true + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 40 + + + + + + + + + + + + + solaris_ip_forward + solaris_ip_forward_src_routed + solaris_ip_forward_directed_broadcasts + solaris_ip_ignore_redirect + solaris_ip_respond_to_echo_broadcast + buttonOk + buttonCancel + solaris_path_ipf + solaris_path_ipnat + tabWidget11 + + + + + buttonOk + clicked() + solarisAdvancedDialog_q + accept() + + + 20 + 20 + + + 20 + 20 + + + + + buttonCancel + clicked() + solarisAdvancedDialog_q + reject() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/startwizard_q.ui b/src/gui/startwizard_q.ui new file mode 100644 index 000000000..a5188caae --- /dev/null +++ b/src/gui/startwizard_q.ui @@ -0,0 +1,351 @@ + + startWizard_q + + + + 0 + 0 + 440 + 283 + + + + + + + + 0 + 0 + + + + + 0 + 25 + + + + + Sans Serif + 14 + 75 + false + true + + + + + + + Qt::AlignCenter + + + + + + + 0 + + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + + Aharoni + 24 + + + + <b>Firewall Builder N.N.N</b> + + + Qt::AlignCenter + + + true + + + + + + + Do you want to open existing project file or create a new one? + + + Qt::AlignCenter + + + false + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + Create new project file + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + Open existing file + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 30 + 20 + + + + + + + + + + 0 + + + 0 + + + 0 + + + 0 + + + + + File name: %1 + + + false + + + + + + + Activate Revision Control System for this file +(if you do not do this now, you can always activate it later) + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 60 + + + + + + + + Let the program automatically open this file when I start it next time +(you can activate this option later using Preferences dialog) + + + + + + + + + + + + 1 + 0 + + + + + 400 + 50 + + + + QFrame::StyledPanel + + + QFrame::Raised + + + + + + Qt::Horizontal + + + + 40 + 20 + + + + + + + + < &Back + + + + + + + &Next > + + + false + + + + + + + &Finish + + + false + + + + + + + &Cancel + + + + + + + + + + + openFileButton + newFileButton + rcsBtn + autoopenBtn + + + + + + newFileButton + clicked() + startWizard_q + newFile() + + + 20 + 20 + + + 20 + 20 + + + + + openFileButton + clicked() + startWizard_q + openFile() + + + 20 + 20 + + + 20 + 20 + + + + + startWizard_q + selected(QString) + startWizard_q + selected(QString) + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/tagservicedialog_q.ui b/src/gui/tagservicedialog_q.ui new file mode 100644 index 000000000..7a08aa95a --- /dev/null +++ b/src/gui/tagservicedialog_q.ui @@ -0,0 +1,346 @@ + + TagServiceDialog_q + + + + 0 + 0 + 562 + 261 + + + + Form1 + + + + 11 + + + 6 + + + + + 0 + + + 6 + + + + + + 5 + 0 + 0 + 0 + + + + QFrame::Box + + + QFrame::Sunken + + + + 5 + + + 6 + + + + + + 75 + true + + + + Tag Service + + + false + + + + + + + + 0 + 0 + 0 + 0 + + + + + + + true + + + false + + + + + + + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 6 + + + + + + 7 + 7 + 0 + 100 + + + + true + + + + + + + Comment: + + + false + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 61 + 20 + + + + + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 6 + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 30 + + + + + + + + + 5 + 0 + 0 + 0 + + + + + + + + Library: + + + false + + + + + + + + 5 + 0 + 0 + 0 + + + + + + + + Name: + + + false + + + + + + + Code: + + + false + + + + + + + + 5 + 0 + 0 + 0 + + + + + + + + + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + obj_name + libs + tagcode + comment + + + + + obj_name + textChanged(QString) + TagServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + comment + textChanged() + TagServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + libs + activated(int) + TagServiceDialog_q + libChanged() + + + 20 + 20 + + + 20 + 20 + + + + + tagcode + textChanged(QString) + TagServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/tcpservicedialog_q.ui b/src/gui/tcpservicedialog_q.ui new file mode 100644 index 000000000..bd5c856e9 --- /dev/null +++ b/src/gui/tcpservicedialog_q.ui @@ -0,0 +1,1269 @@ + + TCPServiceDialog_q + + + true + + + + 0 + 0 + 840 + 408 + + + + + 0 + 0 + + + + TCP + + + + 6 + + + 9 + + + 9 + + + 9 + + + 9 + + + + + 6 + + + 0 + + + 0 + + + 0 + + + 0 + + + + + + 0 + 0 + + + + QFrame::Box + + + QFrame::Sunken + + + + 5 + + + 5 + + + 5 + + + 5 + + + 6 + + + 6 + + + + + + 75 + true + + + + TCP Service + + + false + + + + + + + + 0 + 0 + + + + + + + true + + + false + + + + + + + + + + QFrame::Box + + + QFrame::Sunken + + + + 9 + + + 9 + + + 9 + + + 9 + + + 6 + + + 6 + + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 11 + + + 11 + + + 11 + + + 6 + + + 6 + + + + + Source Port Range + + + + 6 + + + 6 + + + 6 + + + 6 + + + 6 + + + 6 + + + + + QAbstractSpinBox::UpDownArrows + + + 65535 + + + + + + + QAbstractSpinBox::UpDownArrows + + + 65535 + + + + + + + Start: + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + End: + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + + + + Destination Port Range + + + + 6 + + + 6 + + + 6 + + + 6 + + + 6 + + + 6 + + + + + QAbstractSpinBox::UpDownArrows + + + 65535 + + + + + + + QAbstractSpinBox::UpDownArrows + + + 65535 + + + + + + + Start: + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + End: + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 40 + + + + + + + + + + + + 0 + 0 + + + + QFrame::Box + + + QFrame::Sunken + + + + 9 + + + 9 + + + 9 + + + 9 + + + 6 + + + 6 + + + + + Name: + + + false + + + + + + + + 0 + 0 + + + + + + + + 6 + + + 9 + + + 9 + + + 9 + + + 9 + + + + + + + + false + + + + + + + 0 + + + 0 + + + 0 + + + 0 + + + 6 + + + 6 + + + + + + 0 + 0 + + + + + + + + + + + + 0 + 0 + + + + + + + + + + + + 0 + 0 + + + + U + + + false + + + + + + + TCP flags that must be set (see man iptables, option --tcp-flags) + + + Settings: + + + false + + + + + + + + 0 + 0 + + + + + + + + + + + + 0 + 0 + + + + + + + + + + + + 0 + 0 + + + + + + + + + + + + 0 + 0 + + + + + + + + + + + + 0 + 0 + + + + R + + + false + + + + + + + + 0 + 0 + + + + P + + + false + + + + + + + + 0 + 0 + + + + + + + + + + + + 0 + 0 + + + + + + + + + + + TCP flags that should be examined (see man iptables, option --tcp-flags) + + + Mask: + + + false + + + + + + + + 0 + 0 + + + + + + + + + + + + 0 + 0 + + + + + + + + + + + + 0 + 0 + + + + Flags: + + + false + + + + + + + + 0 + 0 + + + + + + + + + + + + 0 + 0 + + + + A + + + false + + + + + + + + 0 + 0 + + + + S + + + false + + + + + + + + 0 + 0 + + + + + + + + + + + + 0 + 0 + + + + F + + + false + + + + + + + + + Qt::Vertical + + + QSizePolicy::MinimumExpanding + + + + 20 + 16 + + + + + + + + 6 + + + 0 + + + 0 + + + 0 + + + 0 + + + + + + + + + + + + + 0 + 0 + + + + Use option "established" if supported by the target firewall platform + + + Qt::AlignVCenter + + + true + + + + + + + + + + + + Library: + + + false + + + + + + + + 0 + 0 + + + + + + + + + 0 + 0 + + + + + + + + + + + Comment: + + + false + + + + + + + + 0 + 0 + + + + + 200 + 0 + + + + true + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 16 + 20 + + + + + + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 16 + 386 + + + + + + + + + obj_name + libs + ss + se + ds + de + urg_m + urg_s + ack_m + ack_s + psh_m + psh_s + rst_m + rst_s + syn_m + syn_s + fin_m + fin_s + comment + + + + + obj_name + textChanged(QString) + TCPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ss + valueChanged(int) + TCPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + se + valueChanged(int) + TCPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ds + valueChanged(int) + TCPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + de + valueChanged(int) + TCPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + comment + textChanged() + TCPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + libs + activated(int) + TCPServiceDialog_q + libChanged() + + + 20 + 20 + + + 20 + 20 + + + + + ack_m + toggled(bool) + TCPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ack_s + toggled(bool) + TCPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + fin_m + toggled(bool) + TCPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + fin_s + toggled(bool) + TCPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + psh_m + toggled(bool) + TCPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + psh_s + toggled(bool) + TCPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + rst_m + toggled(bool) + TCPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + rst_s + toggled(bool) + TCPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + syn_m + toggled(bool) + TCPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + syn_s + toggled(bool) + TCPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + urg_m + toggled(bool) + TCPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + urg_s + toggled(bool) + TCPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + established + toggled(bool) + TCPServiceDialog_q + toggleEstablished() + + + 20 + 20 + + + 20 + 20 + + + + + established + toggled(bool) + TCPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/timedialog_q.ui b/src/gui/timedialog_q.ui new file mode 100644 index 000000000..34811eb46 --- /dev/null +++ b/src/gui/timedialog_q.ui @@ -0,0 +1,673 @@ + + TimeDialog_q + + + true + + + + 0 + 0 + 874 + 365 + + + + Time + + + + 9 + + + 6 + + + + + 0 + + + 6 + + + + + + 5 + 0 + 0 + 0 + + + + QFrame::Box + + + QFrame::Sunken + + + + 5 + + + 6 + + + + + + 75 + true + + + + Time Interval + + + false + + + + + + + + 0 + 0 + 0 + 0 + + + + + + + true + + + false + + + + + + + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 10 + + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 6 + + + + + + + + + 0 + + + 6 + + + + + + 2000 + 1 + 1 + + + + + + + + + 0 + 25 + + + + + + + + + Any + + + + + Sunday + + + + + Monday + + + + + Tuesday + + + + + Wednesday + + + + + Thursday + + + + + Friday + + + + + Saturday + + + + + + + + Start day of week: + + + false + + + + + + + Start time: + + + false + + + + + + + Start date: + + + + + + + + + + + + + + 0 + + + 6 + + + + + + + + + 2000 + 1 + 1 + + + + + + + + End date: + + + + + + + End time: + + + false + + + + + + + + Any + + + + + Sunday + + + + + Monday + + + + + Tuesday + + + + + Wednesday + + + + + Thursday + + + + + Friday + + + + + Saturday + + + + + + + + End day of week: + + + false + + + + + + + + + + + + + Comment: + + + false + + + + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 6 + + + + + Name: + + + false + + + + + + + Library: + + + false + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 41 + + + + + + + + + 5 + 0 + 0 + 0 + + + + + + + + + 5 + 0 + 0 + 0 + + + + + + + + + + + + 7 + 7 + 0 + 100 + + + + + 200 + 0 + + + + true + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + obj_name + libs + startDate + startTime + endDate + endTime + comment + + + + + obj_name + textChanged(QString) + TimeDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + libs + activated(int) + TimeDialog_q + libChanged() + + + 20 + 20 + + + 20 + 20 + + + + + comment + textChanged() + TimeDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + startTime + timeChanged(QTime) + TimeDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + startDate + dateChanged(QDate) + TimeDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + endTime + timeChanged(QTime) + TimeDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + endDate + dateChanged(QDate) + TimeDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + startDOW + editTextChanged(QString) + TimeDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + endDOW + editTextChanged(QString) + TimeDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + useStartDate + toggled(bool) + TimeDialog_q + useStartOrEndDate() + + + 20 + 20 + + + 20 + 20 + + + + + useEndDate + toggled(bool) + TimeDialog_q + useStartOrEndDate() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/udpservicedialog_q.ui b/src/gui/udpservicedialog_q.ui new file mode 100644 index 000000000..78713eab7 --- /dev/null +++ b/src/gui/udpservicedialog_q.ui @@ -0,0 +1,532 @@ + + UDPServiceDialog_q + + + true + + + + 0 + 0 + 761 + 269 + + + + + 1 + 5 + 0 + 0 + + + + UDP + + + + 11 + + + 6 + + + + + 0 + + + 6 + + + + + + 5 + 0 + 0 + 0 + + + + QFrame::Box + + + QFrame::Sunken + + + + 5 + + + 6 + + + + + + 75 + true + + + + UDP Service + + + false + + + + + + + + 0 + 0 + 0 + 0 + + + + + + + true + + + false + + + + + + + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 10 + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 30 + 20 + + + + + + + + + 7 + 7 + 0 + 0 + + + + + 200 + 0 + + + + true + + + + + + + Comment: + + + false + + + + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 6 + + + + + Source Port Range + + + + 0 + + + 6 + + + + + Start: + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + QAbstractSpinBox::UpDownArrows + + + 65535 + + + + + + + End: + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + QAbstractSpinBox::UpDownArrows + + + 65535 + + + + + + + + + + Destination Port Range + + + + 0 + + + 6 + + + + + Start: + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + QAbstractSpinBox::UpDownArrows + + + 65535 + + + + + + + End: + + + Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter + + + false + + + + + + + QAbstractSpinBox::UpDownArrows + + + 65535 + + + + + + + + + + + + + QFrame::Box + + + QFrame::Sunken + + + + 11 + + + 6 + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 41 + + + + + + + + Library: + + + false + + + + + + + Name: + + + false + + + + + + + + 5 + 0 + 0 + 0 + + + + + + + + + 5 + 0 + 0 + 0 + + + + + + + + + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 40 + 20 + + + + + + + + + obj_name + libs + ss + se + ds + de + comment + + + + + obj_name + textChanged(QString) + UDPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ss + valueChanged(int) + UDPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + se + valueChanged(int) + UDPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + ds + valueChanged(int) + UDPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + de + valueChanged(int) + UDPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + comment + textChanged() + UDPServiceDialog_q + changed() + + + 20 + 20 + + + 20 + 20 + + + + + libs + activated(int) + UDPServiceDialog_q + libChanged() + + + 20 + 20 + + + 20 + 20 + + + + + diff --git a/src/gui/unit_tests/RCS/zu.fwb,v b/src/gui/unit_tests/RCS/zu.fwb,v new file mode 100644 index 000000000..fa0fad0f9 --- /dev/null +++ b/src/gui/unit_tests/RCS/zu.fwb,v @@ -0,0 +1,205 @@ +head 1.7; +access; +symbols; +locks + vadim:1.6; strict; +comment @# @; +expand @b@; + + +1.7 +date 2006.07.19.03.42.51; author vadim; state Exp; +branches; +next 1.6; + +1.6 +date 2006.07.19.03.40.24; author vadim; state Exp; +branches; +next 1.5; + +1.5 +date 2006.07.19.03.39.45; author vadim; state Exp; +branches + 1.5.1.1; +next 1.4; + +1.4 +date 2006.06.26.03.16.12; author vadim; state Exp; +branches; +next 1.3; + +1.3 +date 2005.09.05.07.49.31; author vadim; state Exp; +branches; +next 1.2; + +1.2 +date 2004.09.29.07.01.31; author vadim; state Exp; +branches; +next 1.1; + +1.1 +date 2004.06.13.19.54.03; author vadim; state Exp; +branches; +next ; + +1.5.1.1 +date 2006.07.19.03.41.19; author vadim; state Exp; +branches; +next 1.5.1.2; + +1.5.1.2 +date 2006.07.19.03.41.57; author vadim; state Exp; +branches; +next ; + + +desc +@"Initial checkin" +@ + + +1.7 +log +@working in the main trunk +@ +text +@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +@ + + +1.6 +log +@added dns name object +@ +text +@d3 1 +a3 1 + +d14 1 +@ + + +1.5 +log +@fixed file using fwbedit +@ +text +@d3 1 +a3 1 + +d12 3 +a14 1 + +@ + + +1.5.1.1 +log +@added dns name object #2, creating a branch +@ +text +@d3 1 +a3 1 + +d12 1 +a12 3 + + + +@ + + +1.5.1.2 +log +@working in the branch +@ +text +@d3 1 +a3 1 + +a13 1 + +@ + + +1.4 +log +@_ +@ +text +@d3 2 +a4 2 + + +d6 1 +a6 1 + +d12 1 +d15 1 +a15 1 + +@ + + +1.3 +log +@test commit +@ +text +@d3 1 +a3 1 + +d6 1 +d14 1 +@ + + +1.2 +log +@. +@ +text +@d3 1 +a3 1 + +@ + + +1.1 +log +@Initial revision +@ +text +@d3 1 +a3 1 + +@ diff --git a/src/gui/unit_tests/rlog_unit_test.log b/src/gui/unit_tests/rlog_unit_test.log new file mode 100644 index 000000000..fcc5fa935 --- /dev/null +++ b/src/gui/unit_tests/rlog_unit_test.log @@ -0,0 +1,73 @@ +--------------------------------- +revision: 1.7 +date: 2006-07-18 20:42:51-07 +author: vadim +locked by: +log: revision 1.7 +working in the main trunk + +--------------------------------- +revision: 1.6 +date: 2006-07-18 20:40:24-07 +author: vadim +locked by: vadim +log: revision 1.6 locked by: vadim; +added dns name object + +--------------------------------- +revision: 1.5 +date: 2006-07-18 20:39:45-07 +author: vadim +locked by: +log: revision 1.5 +branches: 1.5.1; +fixed file using fwbedit + +--------------------------------- +revision: 1.4 +date: 2006-06-25 20:16:12-07 +author: vadim +locked by: +log: revision 1.4 +_ + +--------------------------------- +revision: 1.3 +date: 2005-09-05 00:49:31-07 +author: vadim +locked by: +log: revision 1.3 +test commit + +--------------------------------- +revision: 1.2 +date: 2004-09-29 00:01:31-07 +author: vadim +locked by: +log: revision 1.2 +. + +--------------------------------- +revision: 1.1 +date: 2004-06-13 12:54:03-07 +author: vadim +locked by: +log: revision 1.1 +Initial revision + +--------------------------------- +revision: 1.5.1.2 +date: 2006-07-18 20:41:57-07 +author: vadim +locked by: +log: revision 1.5.1.2 +working in the branch + +--------------------------------- +revision: 1.5.1.1 +date: 2006-07-18 20:41:19-07 +author: vadim +locked by: +log: revision 1.5.1.1 +added dns name object #2, creating a branch + diff --git a/src/gui/unit_tests/unit_tests.cpp b/src/gui/unit_tests/unit_tests.cpp new file mode 100644 index 000000000..980046564 --- /dev/null +++ b/src/gui/unit_tests/unit_tests.cpp @@ -0,0 +1,86 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: unit_tests.cpp 1107 2006-07-19 06:21:08Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#include "../../../config.h" +#include "../global.h" +#include "../RCS.h" + +#include +#include +#include + +#include + +using namespace std; +using namespace libfwbuilder; + +QApplication *app = NULL; +int fwbdebug = 0; + +QString test_file = "zu.fwb"; +QString rlog_unit_test_log_file = "rlog_unit_test.log"; + +int main( int argc, char ** argv ) +{ + app = new QApplication( argc, argv ); + QWidget w; + app->setMainWidget(&w); + w.show(); + + RCS *rcs = new RCS(test_file); + + QString reverse_engineered_rlog; + + QValueList::iterator i; + for (i=rcs->begin(); i!=rcs->end(); ++i) + { + reverse_engineered_rlog += "---------------------------------\n"; + reverse_engineered_rlog += "revision: " + (*i).rev + "\n"; + reverse_engineered_rlog += "date: " + (*i).date + "\n"; + reverse_engineered_rlog += "author: " + (*i).author + "\n"; + reverse_engineered_rlog += "locked by: " + (*i).locked_by + "\n"; + reverse_engineered_rlog += "log: " + (*i).log + "\n"; + } + + QFile rlog_test_file(rlog_unit_test_log_file); + if (rlog_test_file.open( IO_ReadOnly )) + { + QTextStream strm( &rlog_test_file ); + QString test_str = strm.read(); + rlog_test_file.close(); + + if (test_str != reverse_engineered_rlog) + { + cout << reverse_engineered_rlog; + +// cout << "################################################################" << endl; + +// cout << test_str << endl; + } + + } + +} diff --git a/src/gui/unit_tests/unit_tests.pro b/src/gui/unit_tests/unit_tests.pro new file mode 100644 index 000000000..02a4b81e9 --- /dev/null +++ b/src/gui/unit_tests/unit_tests.pro @@ -0,0 +1,37 @@ +TEMPLATE = app +LANGUAGE = C++ + +HEADERS += ../../../config.h \ + ../RCS.h \ + ../utils.h \ + ../global.h + +SOURCES += unit_tests.cpp \ + ../utils.cpp \ + ../RCS.cpp + + +# +include(../../../qmake.inc) +# +exists(../qmake.inc) { + include( ../qmake.inc) +} + + +INCLUDEPATH += .. +INCLUDEPATH += ../../../ + +# +# +# +# +TARGET = unit_tests +# + +#unix { +# !macx { +# # } +#} + +QMAKE_COPY = ../../install.sh -m 0755 -s diff --git a/src/gui/unit_tests/zu.fwb b/src/gui/unit_tests/zu.fwb new file mode 100644 index 000000000..9a7a62364 --- /dev/null +++ b/src/gui/unit_tests/zu.fwb @@ -0,0 +1,28 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/gui/upgradePredicate.h b/src/gui/upgradePredicate.h new file mode 100644 index 000000000..3f5190d9c --- /dev/null +++ b/src/gui/upgradePredicate.h @@ -0,0 +1,74 @@ +/* + + Firewall Builder + + Copyright (C) 2004 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: upgradePredicate.h,v 1.3 2004/12/08 08:06:30 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __UPGRADEPREDICATE_H_ +#define __UPGRADEPREDICATE_H_ + +#include "fwbuilder/XMLTools.h" + +#include "qmessagebox.h" +#include "qobject.h" + +class MessageBoxUpgradePredicate: public libfwbuilder::XMLTools::UpgradePredicate +{ + QWidget *parent; + public: + MessageBoxUpgradePredicate(QWidget *p=NULL) { parent=p; } + + virtual bool operator()(const std::string &msg) const + { + /*return QMessageBox::information( parent , "Firewall Builder", + QObject::tr( +"The data file you are trying to open has been \ +saved with an older version of Firewall Builder. \ +Opening it in this version will cause it to be \ +upgraded, which may prevent older versions of \ +the program from reading it. Backup copy of your \ +file in the old format will be made in the same \ +directory with extension '.bak'.\n\ +Are you sure you want to open it?"), + QObject::tr("&Upgrade"), + QObject::tr("&Do not load the file"), + QString::null, + 0, 1 )==0;*/ + return QMessageBox::information( parent , "Firewall Builder", + QObject::tr( +"The data file you are trying to open has been \ +saved with an older version of Firewall Builder. \ +Opening it in this version will cause it to be \ +upgraded, which may prevent older versions of \ +the program from reading it. Backup copy of your \ +file in the old format will be made in the same \ +directory with extension '.bak'.\n\ +Are you sure you want to open it?"), + QObject::tr("&Upgrade"), + QObject::tr("&Do not load the file"), + QString::null, + 0, 1 )==0; + } +}; + +#endif diff --git a/src/gui/utils.cpp b/src/gui/utils.cpp new file mode 100644 index 000000000..bf4881ba7 --- /dev/null +++ b/src/gui/utils.cpp @@ -0,0 +1,489 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: utils.cpp,v 1.55 2007/05/23 03:05:51 vkurland Exp $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" +#include "global.h" +#include "utils.h" +#include "utils_no_qt.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +//Added by qt3to4: +#include +#include + +#include "fwbuilder/FWObject.h" +#include "fwbuilder/FWReference.h" +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Library.h" +#include "fwbuilder/Resources.h" + +#if defined(_WIN32) +# include +# include +# include +# include +# include +# include +#else +# include +# include +# include +# include +#endif + +#include +#include +#include + +using namespace std; +using namespace libfwbuilder; + + +class mapValEQPredicate { + string descr; + public: + mapValEQPredicate(const string &d) { descr=d; } + bool operator()(pair _d) { return (descr == _d.second); } +}; + + + +QAction* addPopupMenuItem(QObject *res, + QMenu* menu, + const QString &resourceIconPath, + const QString itemName, + const char* member, + const QKeySequence &accel) +{ + string icn; + QPixmap pm; + //int itmID = -1; + QAction *act = NULL; + + icn = Resources::global_res->getResourceStr(static_cast(resourceIconPath.toLatin1())); + if(icn!="") + { +// pm = QPixmap::fromMimeSource( icn.c_str() ); + if ( ! QPixmapCache::find( icn.c_str(), pm) ) + { + pm.load( (":/"+icn).c_str() );//fromMimeSource( icn.c_str() ); + QPixmapCache::insert( icn.c_str(), pm); + } + act = menu->addAction( pm, itemName , res , member, accel ); //insertItem + } else + act = menu->addAction( itemName , res , member, accel); //insertItem + return act; +} + +void fillLibraries(QComboBox *libs, libfwbuilder::FWObject *obj, bool rw) +{ + bool standardObj = false; + bool templateObj = false; + bool deletedObj = false; + QString lib=""; + + if ( ! FWObjectDatabase::isA(obj)) + { + FWObject *libobj = obj->getLibrary(); + assert(libobj!=NULL); + lib = libobj->getName().c_str(); + standardObj = (libobj->getId()==STANDARD_LIB); + templateObj = (libobj->getId()==TEMPLATE_LIB); + deletedObj = (libobj->getId()==DELETED_LIB); + } + + libs->clear(); + list ll = obj->getRoot()->getByType( Library::TYPENAME ); + ll.sort(FWObjectNameCmpPredicate()); + int n=0; + int cn=0; + string libicn; + for (FWObject::iterator i=ll.begin(); i!=ll.end(); i++) + { + if (libicn.empty()) + libicn=(":/Icons/"+(*i)->getTypeName()+"/icon-tree").c_str(); + + if ( (*i)->getId()==STANDARD_LIB && !standardObj) continue; + if ( (*i)->getId()==TEMPLATE_LIB && !templateObj) continue; + if ( (*i)->getId()==DELETED_LIB && !deletedObj ) continue; + + if (rw && (*i)->isReadOnly()) continue; + if (lib==QString((*i)->getName().c_str())) cn=n; + QPixmap icon; + icon.load( (libicn).c_str() ); + + libs->addItem(icon, + QString::fromUtf8((*i)->getName().c_str()) ); + n++; + } + libs->setCurrentIndex(cn); +} + + +void fillLibraries(QListWidget *libs, libfwbuilder::FWObject *obj, bool rw) +{ + bool standardObj = false; + bool templateObj = false; + bool deletedObj = false; + QString lib=""; + + if ( ! FWObjectDatabase::isA(obj)) + { + FWObject *libobj = obj->getLibrary(); + assert(libobj!=NULL); + lib = libobj->getName().c_str(); + standardObj = (libobj->getId()==STANDARD_LIB); + templateObj = (libobj->getId()==TEMPLATE_LIB); + deletedObj = (libobj->getId()==DELETED_LIB); + } + + libs->clear(); + list ll = obj->getRoot()->getByType( Library::TYPENAME ); + ll.sort(FWObjectNameCmpPredicate()); + int n=0; + int cn=0; + string libicn; + for (FWObject::iterator i=ll.begin(); i!=ll.end(); i++) + { + if (libicn.empty()) + libicn=Resources::global_res->getObjResourceStr(*i,"icon-tree").c_str(); + + if ( (*i)->getId()==STANDARD_LIB && !standardObj) continue; + if ( (*i)->getId()==TEMPLATE_LIB && !templateObj) continue; + if ( (*i)->getId()==DELETED_LIB && !deletedObj ) continue; + + if (rw && (*i)->isReadOnly()) continue; + if (lib==QString((*i)->getName().c_str())) cn=n; + + QPixmap icon; + icon.load( (":/"+libicn).c_str() ); + + QListWidgetItem *item = new QListWidgetItem(icon, (*i)->getName().c_str()); + + libs->addItem(item); + + n++; + } + libs->setCurrentRow(cn); +} + + +bool isTreeReadWrite(QWidget *parent, FWObject *obj) +{ + if (obj->isReadOnly()) + { + QMessageBox::warning(parent, "Firewall Builder", + QObject::tr("Impossible to apply changes because object is located in read-only\npart of the tee or data file was opened read-only"), + QObject::tr("&Continue"), 0, 0, + 0, 2 ); + + return false; + } + return true; +} + +/* + * compare names as QString objects to catch non-ascii names + */ +bool validateName(QWidget *parent, + libfwbuilder::FWObject *obj,const QString &newname) +{ + FWObject *p = obj->getParent(); + for (FWObject::iterator i=p->begin(); i!=p->end(); ++i) + { + FWObject *o1= *i; + if (QString(o1->getName().c_str())==newname && o1!=obj) + { + QMessageBox::warning(parent, "Firewall Builder", + QObject::tr("Object with name '%1' already exists, please choose different name."). + arg(o1->getName().c_str()), + QObject::tr("&Continue editing"), NULL, NULL, 0, 2 ); + return false; + } + } + return true; +} + +QString quoteString(const QString &str) +{ + QString res; + + if (str.indexOf(" ")!=-1) res="\""; + res+=str; + if (str.indexOf(" ")!=-1) res+="\""; + + return res; +} + +QString getUserName() +{ + QString uname; + +#ifdef _WIN32 + +#define INFO_BUFFER_SIZE 32767 +TCHAR infoBuf[INFO_BUFFER_SIZE]; +DWORD bufCharCount = INFO_BUFFER_SIZE; + + bufCharCount = INFO_BUFFER_SIZE; + if( GetUserName( infoBuf, &bufCharCount ) ) + uname=qt_winQString( infoBuf ); + uname=uname.replace(' ','_'); +#else + + char *lname = getenv("LOGNAME"); + if (lname!=NULL) + uname = QString(lname); + else + { + struct passwd *pwd = getpwuid(getuid()); + assert(pwd); + uname = QString(pwd->pw_name); + } +#endif + return uname; +} + + +QString getFileDir(const QString &file) +{ + int sn1 = file.lastIndexOf("/",-1); + int sn2 = file.lastIndexOf("\\",-1); + int sn = (sn1>=0)?sn1:sn2; + QString dir; + + if(sn<0) dir = "./"; + else dir = file.left( sn ); + +#ifdef _WIN32 +/* on windows, if directory is in the root of the drive (like "c:"), + * I must append "\" to it + */ + if (dir.indexOf(":")==(dir.length()-1)) dir=dir + "\\"; +#endif + return dir; +} + +QMap getAllPlatforms() +{ + QMap res; + + map platforms = Resources::getPlatforms(); + map::iterator i; + for (i=platforms.begin(); i!=platforms.end(); i++) + res[ i->first.c_str() ] = i->second.c_str(); + + return res; +} + +QMap getAllOS() +{ + QMap res; + + map OSs = Resources::getOS(); + map::iterator i; + for (i=OSs.begin(); i!=OSs.end(); i++) + res[ i->first.c_str() ] = i->second.c_str(); + + return res; +} + +QString readPlatform(QComboBox *platform) +{ + map platforms = Resources::getPlatforms(); + map::iterator i1 = std::find_if( platforms.begin(), platforms.end(), + mapValEQPredicate(static_cast(platform->currentText().toLatin1()))); + return (*i1).first.c_str(); +} + +void setPlatform(QComboBox *platform,const QString &pl) +{ + platform->clear(); + int cp=0; + QMap platforms = getAllPlatforms(); + QMap::iterator i; + int ind=0; + for (i=platforms.begin(); i!=platforms.end(); i++,cp++) + { + platform->addItem( i.value() ); + if ( pl == i.key() ) ind = cp; + } + platform->setCurrentIndex( ind ); +} + +QString readHostOS(QComboBox *hostOS) +{ + map OSs = Resources::getOS(); + map::iterator i2 = std::find_if( OSs.begin(), OSs.end(), + mapValEQPredicate(static_cast(hostOS->currentText().toLatin1()))); + return (*i2).first.c_str(); +} + +void setHostOS(QComboBox *hostOS,const QString &os) +{ + hostOS->clear(); + + int cp=0; + QMap OSs = getAllOS(); + QMap::iterator i; + int ind=0; + for (i=OSs.begin(); i!=OSs.end(); i++,cp++) + { + hostOS->addItem( i.value() ); + if ( os == i.key() ) ind = cp; + } + hostOS->setCurrentIndex( ind ); +} + +void setDisabledPalette(QWidget *w) +{ + QPalette pal=w->palette(); + + pal.setCurrentColorGroup( QPalette::Active ); + pal.setColor( QPalette::Text, Qt::black ); + + pal.setCurrentColorGroup( QPalette::Inactive ); + pal.setColor( QPalette::Text, Qt::black ); + + pal.setCurrentColorGroup( QPalette::Disabled ); + pal.setColor( QPalette::Text, Qt::black ); + + w->setPalette( pal ); +} + +QString getAddrByName(const QString &name) +{ + QHostInfo a = QHostInfo::fromName(name); + + QList alist = a.addresses(); + + /*while (a.isWorking()) + { + app->processEvents(200); + } + alist = a.addresses();*/ + //we're using the blocking-type function + //"fromName" so we don't have to wait + + if (alist.empty()) return ""; + return alist.front().toString(); +} + +QString getNameByAddr(const QString &addr) +{ + /*QHostAddress ha; + ha.setAddress(addr); + + Q3Dns qry( ha, Q3Dns::Ptr); + + QStringList nlist = qry.hostNames(); + + while (qry.isWorking()) + { + app->processEvents(200); + } + nlist = qry.hostNames(); + if (nlist.empty()) return ""; + + return nlist.front();*/ + QHostInfo a = QHostInfo::fromName(addr); + + return a.hostName(); +} + +QString wordWrap(const QString& s, int maxchinline) +{ + int chcount=0; + int lastwdpos=0; + int linestart=0; + bool fl_wd=true; + /*unsigned*/ int pos=0; + QString res=""; + QChar ch; + + for ( ; pos < s.length(); pos++,chcount++) + { + ch = s.at(pos); + if (!ch.isLetter() && !ch.isNumber()) + { + fl_wd=false; + } else + { + if (!fl_wd) + { + fl_wd=true; + lastwdpos=pos; + } + } + if (chcount>maxchinline) + { + if (fl_wd) + { + if (linestart +#include +#include +#include + +class QObject; +class QWidget; +class QMenu; +class QComboBox; +class QListWidget; + +#include +#include +#include +#include + +#include "fwbuilder/FWObject.h" +#include "fwbuilder/FWReference.h" + +typedef std::pair QStringPair; + +// a predicate used to compare first string in pair +// use with find_if +class findFirstInQStringPair { + QString str; + public: + findFirstInQStringPair(const QString &d) { str=d; } + bool operator()(std::pair &_d) + { return (str == _d.first); } +}; + +class findSecondInQStringPair { + QString str; + public: + findSecondInQStringPair(const QString &d) { str=d; } + bool operator()(std::pair &_d) + { return (str == _d.second); } +}; + + + +extern QAction* addPopupMenuItem(QObject *res, + QMenu* menu, //it was a Q3PopupMenu object + const QString &resourceIconPath, + const QString itemName, + const char* member, + const QKeySequence &accel = 0); + +extern void fillLibraries(QComboBox *libs, libfwbuilder::FWObject *obj, + bool rw=false); +extern void fillLibraries(QListWidget *libs, libfwbuilder::FWObject *obj, + bool rw=false); + + +/** + * this is a convenience method that checks if the object tree is + * read-only and shows appropriate error dialog. This method is + * there so we don't have to repeat the same code in each object + * class dialog. + */ + +extern bool isTreeReadWrite(QWidget *parent, libfwbuilder::FWObject *obj); + +/** + * this function checks if the name of the object 'obj' is a duplicate + * by scanning all children objects of its parent and comparing their + * names. It shows pop-up dialog letting user know if the same name + * was found, and returns false. It returns true otherwise. + */ +extern bool validateName(QWidget *parent, + libfwbuilder::FWObject *obj, + const QString &newname); + +/** + * returns a copy of the string str, enclosed in quotes if it contains + * whitespaces + */ +extern QString quoteString(const QString &str); + +extern QString getUserName(); +extern QString getFileDir(const QString &file); + +/* + * convenience method that calls Resourcess::getPlatforms() and + * converts the result to QMap + */ +extern QMap getAllPlatforms(); + +extern QMap getAllOS(); + +extern QString readPlatform(QComboBox *platform); +extern QString readHostOS(QComboBox *hostOS); + +extern void setPlatform(QComboBox *platform,const QString &pl); +extern void setHostOS(QComboBox *hostOS,const QString &os); + +extern void setDisabledPalette(QWidget *w); + +extern QString getAddrByName(const QString &name); +extern QString getNameByAddr(const QString &addr); +extern QString wordWrap(const QString& ,int); + +#endif diff --git a/src/gui/utils_no_qt.cpp b/src/gui/utils_no_qt.cpp new file mode 100644 index 000000000..11fbcacfd --- /dev/null +++ b/src/gui/utils_no_qt.cpp @@ -0,0 +1,132 @@ +/* + + Firewall Builder + + Copyright (C) 2007 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id$ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +//#include "config.h" <- TAPIR: wasn't commented +#include "global.h" +#include "utils_no_qt.h" + +#include "fwbuilder/FWObject.h" +#include "fwbuilder/FWReference.h" +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Library.h" +#include "fwbuilder/Resources.h" + +#if defined(_WIN32) +# include +# include +# include +# include +# include +# include +#else +# include +# include +# include +# include +#endif + +#include +#include +#include + +using namespace std; +using namespace libfwbuilder; + + +/** + * this method finds all firewalls in the tree and makes no + * assumtions about tree structure + */ +void findFirewalls(FWObject *o, std::list &fwlist, + bool skip_system_libs) +{ + findByObjectType(o,Firewall::TYPENAME,fwlist,skip_system_libs); +} + +void findHosts(FWObject *o, std::list &fwlist, + bool skip_system_libs) +{ + findByObjectType(o,Host::TYPENAME,fwlist,skip_system_libs); +} + +void findByObjectType(FWObject *o, + const string &otype, + list &fwlist, + bool skip_system_libs) +{ + if (skip_system_libs) + { + if (o->getId()==DELETED_LIB) return; + if (o->getId()==TEMPLATE_LIB) return; + } + + for (list::iterator m=o->begin(); m!=o->end(); m++) + { + FWObject *o1=*m; + if (FWReference::cast(o1)!=NULL) continue; + if (o1->getTypeName()==otype) fwlist.push_back(o1); + else findByObjectType(o1,otype,fwlist); + } +} + + +FWReference* findRef(FWObject *o,FWObject *p) +{ + + FWReference* ref=NULL; + FWObject::iterator i=p->begin(); + for(;i!=p->end();++i) + { + ref=FWReference::cast(*i); + if (ref!=NULL && ref->getPointer() == o) + { + break; + } + ref=NULL; + } + return ref; +} + +string strip(const string &s) +{ + if (s.empty()) return s; + + string tmps = s; + string::size_type n1,n2; + + n1 = s.find_first_not_of(" ", 0); + n2 = s.size()-1; + while (n2>n1 && isspace(s[n2])) n2--; + n2++; + + return s.substr(n1, n2-n1); +} + +void join::operator()(std::string &s) +{ + if (!result->empty()) *result += separator; + *result += s; +} diff --git a/src/gui/utils_no_qt.h b/src/gui/utils_no_qt.h new file mode 100644 index 000000000..6e59d0527 --- /dev/null +++ b/src/gui/utils_no_qt.h @@ -0,0 +1,91 @@ +/* + + Firewall Builder + + Copyright (C) 2007 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id$ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __UTILS_NO_QT_H_ +#define __UTILS_NO_QT_H_ + + +#include +#include +#include + +#include + +#include "fwbuilder/FWObject.h" +#include "fwbuilder/FWReference.h" + +/* Utility functions that do not depend on QT */ + +struct FWObjectNameCmpPredicate : + public std::binary_function +{ + bool operator()(libfwbuilder::FWObject *a,libfwbuilder::FWObject *b) + { + return a->getName() < b->getName(); + } +}; + +class findFWObjectIDPredicate : public std::unary_function +{ + std::string _id; + public: + findFWObjectIDPredicate(const std::string &id):_id(id) {} + bool operator()(const libfwbuilder::FWObject *o) const + {return o->getId()==_id;} +}; + +extern void findFirewalls(libfwbuilder::FWObject *o, + std::list &fwlist, + bool skip_system_libs=true); + +extern void findHosts(libfwbuilder::FWObject *o, + std::list &fwlist, + bool skip_system_libs=true); + +extern void findByObjectType(libfwbuilder::FWObject *o, + const std::string &otype, + std::list &fwlist, + bool skip_system_libs=true); + +extern libfwbuilder::FWReference* findRef(libfwbuilder::FWObject *o, + libfwbuilder::FWObject *p); + +// helper: strip whitespaces from the beginning and end of a string +extern std::string strip(const std::string &s); + +// a functor to join list into a string with separator sep +class join : public std::unary_function +{ + std::string *result; + std::string separator; +public: + join(std::string *res, const std::string &s) + { result = res; separator = s; } + void operator()(std::string &s); +}; + + +#endif diff --git a/src/ipf/.cvsignore b/src/ipf/.cvsignore new file mode 100644 index 000000000..65ae5bcdd --- /dev/null +++ b/src/ipf/.cvsignore @@ -0,0 +1,7 @@ +Makefile +.moc +.ui +*.app +*.fwb +*.tbl + diff --git a/src/ipf/ipf.cpp b/src/ipf/ipf.cpp new file mode 100644 index 000000000..7a6a24664 --- /dev/null +++ b/src/ipf/ipf.cpp @@ -0,0 +1,621 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: ipf.cpp 1450 2007-12-05 16:53:10Z vk $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" + +#include + +#ifdef HAVE_LOCALE_H +#include +#endif + +#include +#include +#include +#include +#include + +#ifndef _WIN32 +# include +# include +#else +# include +# include +# include +#endif + +#include +#include +#include +#include +#include + +#include "PolicyCompiler_ipf.h" +#include "NATCompiler_ipf.h" + +#include "OSConfigurator_openbsd.h" +#include "OSConfigurator_freebsd.h" +#include "OSConfigurator_solaris.h" + +#include "fwcompiler/Preprocessor.h" + +#include "fwbuilder/Resources.h" +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/XMLTools.h" +#include "fwbuilder/FWException.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Interface.h" + +#ifdef HAVE_GETOPT_H + #include +#else + #ifdef _WIN32 + #include + #else + #include + #endif +#endif + +#include "../common/init.cpp" + +using namespace std; +using namespace libfwbuilder; +using namespace fwcompiler; + +int fwbdebug = 0; + +static const char *filename = NULL; +static const char *wdir = NULL; +static const char *fwobjectname = NULL; +static string fw_file_name = ""; +static string ipf_file_name = ""; +static string nat_file_name = ""; +static int dl = 0; +static int drp = -1; +static int drn = -1; +static int verbose = 0; +static bool test_mode = false; + +FWObjectDatabase *objdb = NULL; + +class UpgradePredicate: public XMLTools::UpgradePredicate +{ + public: + virtual bool operator()(const string &msg) const + { + cout << _("Data file has been created in the old version of Firewall Builder. Use fwbuilder GUI to convert it.") << endl; + return false; + } +}; + +void usage(const char *name) +{ + cout << _("Firewall Builder: policy compiler for ipfilter") << endl; + cout << _("Version ") << VERSION << RELEASE_NUM << endl; + cout << _("Usage: ") << name << " [-x] [-v] [-V] [-f filename.xml] [-o output.fw] [-d destdir] [-m] firewall_object_name" << endl; +} + +string printActivationCommandWithSubstitution(Firewall *fw,string filePath,string cmd) +{ + ostringstream str; + + str << "cat " << filePath << " | grep -v '#' "; + + FWObjectTypedChildIterator j=fw->findByType(Interface::TYPENAME); + for ( ; j!=j.end(); ++j ) + { + Interface *iface=Interface::cast(*j); + if ( iface->isDyn() ) + { + str << "| sed \"s/ (" << iface->getName() << ") " + << "/ $i_" << iface->getName() << " /\""; + } + } + str << " | " << cmd << endl; + return str.str(); +} + +int main(int argc, char * const *argv) +{ + +#ifdef ENABLE_NLS + setlocale (LC_ALL, ""); + + bindtextdomain (PACKAGE, LOCALEDIR); + textdomain (PACKAGE); +#else +# ifdef HAVE_SETLOCALE + setlocale (LC_ALL, ""); +# endif +#endif + + + if (argc<=1) + { + usage(argv[0]); + exit(1); + } + + int opt; + + while( (opt=getopt(argc,argv,"x:vVf:d:r:o:")) != EOF ) + { + switch(opt) + { + case 'd': + wdir = strdup(optarg); + break; + case 'r': + respath = string(optarg); + break; + case 'f': + filename = strdup(optarg); + break; + case 'o': + fw_file_name = string(optarg); + break; + case 'x': + if (*optarg=='t') { + test_mode = true; + } else if (*optarg=='p') { + ++optarg; + drp = atoi(optarg); + } else { + if (*optarg=='n') { + ++optarg; + drn = atoi(optarg); + } else { + if (isdigit(*optarg)) dl=atoi(optarg); // increase debug level + else { + usage(argv[0]); + exit(1); + } + } + } + break; + case 'v': + verbose++; + break; + case 'V': + usage(argv[0]); + exit(1); + } + } + + if((argc-1) != optind) + { + usage(argv[0]); + exit(1); + } + + fwobjectname = strdup( argv[optind++] ); + + if (fw_file_name.empty()) + { + fw_file_name=string(fwobjectname)+".fw"; + ipf_file_name=string(fwobjectname)+"-ipf.conf"; + nat_file_name=string(fwobjectname)+"-nat.conf"; + } else + { + string::size_type n = fw_file_name.rfind("."); + ipf_file_name = fw_file_name; + ipf_file_name.erase(n); + ipf_file_name.append("-ipf.conf"); + nat_file_name = fw_file_name; + nat_file_name.erase(n); + nat_file_name.append("-nat.conf"); + } + + if (wdir==0) wdir="./"; + + if ( +#ifdef _WIN32 + _chdir(wdir) +#else + chdir(wdir) +#endif + ) { + cerr << _("Can't change to: ") << wdir << endl; + exit(1); + } + + init(argv); + + try { + new Resources(respath+FS_SEPARATOR+"resources.xml"); + + /* create database */ + objdb = new FWObjectDatabase(); + + /* load the data file */ + UpgradePredicate upgrade_predicate; + + if (verbose) cout << _(" *** Loading data ..."); + + objdb->setReadOnly( false ); + objdb->load( sysfname, &upgrade_predicate, librespath); + objdb->setFileName(""); + FWObjectDatabase *ndb = new FWObjectDatabase(); + ndb->load(filename, &upgrade_predicate, librespath); + objdb->merge(ndb, NULL); + delete ndb; + objdb->setFileName(filename); + objdb->reIndex(); + +// objdb->load(filename, &upgrade_predicate, librespath); + if (verbose) cout << _(" done\n"); + + FWObject *slib = objdb->getById("syslib000"); + if ( slib->isReadOnly()) slib->setReadOnly(false); + + /* Review firewall and OS options and generate commands */ + Firewall* fw=objdb->findFirewallByName(fwobjectname); + + if (verbose) cout << _(" *** Data checks ..."); + + /* some initial sanity checks */ + list l2=fw->getByType(Interface::TYPENAME); + for (list::iterator i=l2.begin(); i!=l2.end(); ++i) + { + Interface *iface=dynamic_cast(*i); + assert(iface); + + if ( iface->isDyn()) + { + list l3=iface->getByType(IPv4::TYPENAME); + if (l3.size()>0) + { + char errstr[256]; + for (list::iterator j=l3.begin(); j!=l3.end(); ++j) + if ( objdb->findAllReferences(*j).size()!=0 ) + { + sprintf(errstr, + _("Dynamic interface %s has an IP address that is used in the firewall policy rule.\n"), + iface->getName().c_str() ); + throw FWException(errstr); + } + + sprintf(errstr, + _("Dynamic interface %s should not have an IP address object attached to it. This IP address object will be ignored.\n"), + iface->getName().c_str() ); + cerr << errstr; + for (list::iterator j=l3.begin(); j!=l3.end(); ++j) + iface->remove(*j); + } + } else + { + + list la=iface->getByType(IPv4::TYPENAME); + if ( iface->isRegular() && la.empty() ) + { + char errstr[256]; + sprintf(errstr,_("Missing IP address for interface %s\n"), + iface->getName().c_str() ); + throw FWException(errstr); + } + + for (list::iterator j=la.begin(); j!=la.end(); ++j) + { + IPv4 *ipv4 = IPv4::cast(*j); + if ( ipv4->getAddress().toString()=="0.0.0.0") + { + char errstr[256]; + sprintf(errstr, + _("Interface %s has IP address \"0.0.0.0\".\n"), + iface->getName().c_str() ); + throw FWException(errstr); + } + } + } + + } + + if (verbose) cout << _(" done\n"); + + FWOptions* options=fw->getOptionsObject(); + string s; + + string firewall_dir=options->getStr("firewall_dir"); + if (firewall_dir=="") firewall_dir="/etc/fw"; + + bool debug=options->getBool("debug"); + string shell_dbg=(debug)?"-x":"" ; + string ipf_dbg=(debug)?"-v":""; + + Preprocessor* prep=new Preprocessor(objdb , fwobjectname); + prep->compile(); + +/* + * Process firewall options, build OS network configuration script + */ + OSConfigurator *oscnf=NULL; + string family=Resources::os_res[fw->getStr("host_OS")]->Resources::getResourceStr("/FWBuilderResources/Target/family"); + if ( family=="solaris" ) + oscnf=new OSConfigurator_solaris(objdb , fwobjectname); + + if ( family=="openbsd") + oscnf=new OSConfigurator_openbsd(objdb , fwobjectname); + + if ( family=="freebsd") + oscnf=new OSConfigurator_freebsd(objdb , fwobjectname); + + if (oscnf==NULL) + throw FWException(_("Unrecognized host OS ")+fw->getStr("host_OS")+" (family "+family+")"); + + oscnf->prolog(); + +/* + * create compilers and run the whole thing + */ + PolicyCompiler_ipf c( objdb , fwobjectname , oscnf ); + + c.setDebugLevel( dl ); + c.setDebugRule( drp ); + c.setVerbose( verbose ); + if (test_mode) c.setTestMode(); + + bool have_ipf=false; + if ( c.prolog() > 0 ) { + have_ipf=true; + c.compile(); + c.epilog(); + } + + + NATCompiler_ipf n( objdb , fwobjectname , oscnf ); + + n.setDebugLevel( dl ); + n.setDebugRule( drn ); + n.setVerbose( verbose ); + if (test_mode) n.setTestMode(); + + bool have_nat=false; + if ( n.prolog() > 0 ) { + have_nat=true; + n.compile(); + n.epilog(); + } +/* + * now write generated scripts to files + */ + char *timestr; + time_t tm; + struct tm *stm; + + tm=time(NULL); + stm=localtime(&tm); + timestr=strdup(ctime(&tm)); + timestr[ strlen(timestr)-1 ]='\0'; + +#ifdef _WIN32 + char* user_name=getenv("USERNAME"); +#else + struct passwd *pwd=getpwuid(getuid()); + assert(pwd); + char *user_name=pwd->pw_name; +#endif + if (user_name==NULL) + { + user_name=getenv("LOGNAME"); + if (user_name==NULL) + { + cerr << _("Can't figure out your user name, aborting") << endl; + exit(1); + } + } + + ofstream fw_file; + fw_file.exceptions(ofstream::eofbit|ofstream::failbit|ofstream::badbit); + +#ifdef _WIN32 + fw_file.open(fw_file_name.c_str(), ios::out|ios::binary); +#else + fw_file.open(fw_file_name.c_str()); +#endif + fw_file << "#!/bin/sh " << shell_dbg << endl << endl; + + fw_file << _("#\n\ +# This is automatically generated file. DO NOT MODIFY !\n\ +#\n\ +# Firewall Builder fwb_ipf v") << VERSION << "-" << RELEASE_NUM << _(" \n\ +#\n\ +# Generated ") << timestr << " " << tzname[stm->tm_isdst] << _(" by ") + << user_name << "\n#\n#\n"; + + fw_file << MANIFEST_MARKER << "* " << fw_file_name << endl; + if (have_ipf) + fw_file << MANIFEST_MARKER << " " << ipf_file_name << endl; + if (have_nat) + fw_file << MANIFEST_MARKER << " " << nat_file_name << endl; + fw_file << "#" << endl; + fw_file << "#" << endl; + + + string fwcomment=fw->getComment(); + string::size_type n1,n2; + n1=n2=0; + while ( (n2=fwcomment.find("\n",n1))!=string::npos ) + { + fw_file << "# " << fwcomment.substr(n1,n2-n1) << endl; + n1=n2+1; + } + fw_file << "# " << fwcomment.substr(n1) << endl; + fw_file << "#\n#\n#\n"; + + fw_file << "FWDIR=`dirname $0`" << endl << endl; + + fw_file << oscnf->getCompiledScript(); + + fw_file << endl; + + fw_file << "log '"; + fw_file << _("Activating firewall script generated ") + << timestr << " " << _(" by ") + << user_name; + fw_file << "'" << endl; + + fw_file << endl; + + fw_file << endl + << "$IPF -Fa" << endl + << "$IPNAT -C" << endl; + +/* + * we add prolog and epilog to the activation shell script rather + * than to ipf and nat .conf files. This is more flexible since user + * can execute some shell commands, as well as add any policy and/or + * nat rules by putting them into their .conf file and loading them + * from prolog or epilog script. Because of this, prolog is added + * after all policy and nat rules are flushed. + */ + fw_file << endl; + fw_file << "#" << endl; + fw_file << "# Prolog script" << endl; + fw_file << "#" << endl; + + string pre_hook= fw->getOptionsObject()->getStr("prolog_script"); + fw_file << pre_hook << endl; + + fw_file << "#" << endl; + fw_file << "# End of prolog script" << endl; + fw_file << "#" << endl; + + unlink(ipf_file_name.c_str()); + if (have_ipf) + { + ofstream ipf_file; + ipf_file.exceptions(ofstream::eofbit|ofstream::failbit|ofstream::badbit); + +#ifdef _WIN32 + ipf_file.open(ipf_file_name.c_str(), ios::out|ios::binary); +#else + ipf_file.open(ipf_file_name.c_str()); +#endif + ipf_file << c.getCompiledScript(); + ipf_file.close(); + + string cmd = string("$IPF ")+ipf_dbg+" -I -f "; + string filePath = string("${FWDIR}/")+ipf_file_name; + if (fw->getOptionsObject()->getBool("dynAddr")) + { + cmd += "-"; + fw_file << + printActivationCommandWithSubstitution(fw,filePath,cmd); + } else + { + fw_file << cmd << filePath << endl; + } + } + + unlink(nat_file_name.c_str()); + if (have_nat) + { + ofstream nat_file; + nat_file.exceptions(ofstream::eofbit|ofstream::failbit|ofstream::badbit); + +#ifdef _WIN32 + nat_file.open(nat_file_name.c_str(), ios::out|ios::binary); +#else + nat_file.open(nat_file_name.c_str()); +#endif + nat_file << n.getCompiledScript(); + nat_file.close(); + + string cmd = string("$IPNAT ")+ipf_dbg+" -f "; + string filePath = string("${FWDIR}/")+nat_file_name; + if (fw->getOptionsObject()->getBool("dynAddr")) + { + cmd += "-"; + fw_file << + printActivationCommandWithSubstitution(fw,filePath,cmd); + } else + { + fw_file << cmd << filePath << endl; + } + } + + if (have_ipf) + fw_file << "$IPF " << ipf_dbg << " -s " << endl; + + fw_file << endl; + fw_file << "#" << endl; + fw_file << "# Epilog script" << endl; + fw_file << "#" << endl; + + string post_hook= fw->getOptionsObject()->getStr("epilog_script"); + fw_file << post_hook << endl; + + fw_file << endl; + fw_file << "# End of epilog script" << endl; + fw_file << "#" << endl; + + fw_file << endl; + + fw_file << "/sbin/kldstat -n ipl.ko > /dev/null 2>&1 || $IPF -E" << endl; + + fw_file << endl; + fw_file.close(); + +#ifdef _WIN32 + _chmod(fw_file_name.c_str(),_S_IREAD|_S_IWRITE); +#else + chmod(fw_file_name.c_str(),S_IXUSR|S_IRUSR|S_IWUSR|S_IRGRP); +#endif + + cout << _(" Compiled successfully") << endl << flush; + + return 0; + + } catch(const FWException &ex) { + cerr << ex.toString() << endl; + return 1; +#if __GNUC__ >= 3 +/* need to check version because std::ios::failure does not seem to be + * supported in gcc 2.9.5 on FreeBSD 4.10 */ + } catch (const std::ios::failure &e) { + cerr << "Error while opening or writing to the output file" << endl; + return 1; +#endif + } catch (const std::string &s) { + cerr << s; + return 1; + } catch (const std::exception &ex) { + cerr << ex.what(); + return 1; + } catch (...) { + cerr << _("Unsupported exception"); + return 1; + } + +} + + + + + + + + + diff --git a/src/ipf/ipf.pro b/src/ipf/ipf.pro new file mode 100644 index 000000000..b93c3393f --- /dev/null +++ b/src/ipf/ipf.pro @@ -0,0 +1,28 @@ +#-*- mode: makefile; tab-width: 4; -*- +# +include(../../qmake.inc) +# +SOURCES = ipf.cpp + +HEADERS = ../../config.h \ + ../pflib/OSData.h \ + ../pflib/NATCompiler_ipf.h \ + ../pflib/NATCompiler_pf.h \ + ../pflib/OSConfigurator_freebsd.h \ + ../pflib/OSConfigurator_solaris.h \ + ../pflib/PolicyCompiler_ipf.h \ + ../pflib/PolicyCompiler_pf.h + +QMAKE_COPY = ../../install.sh -m 0755 -s + +win32:CONFIG += console + +INCLUDEPATH += "../pflib" +DEPENDPATH = "../pflib" + +win32:LIBS += $$PREFIX/fwbpf.lib +!win32:LIBS += ../pflib/libfwbpf.a + +LIBS += $$LIBS_FWCOMPILER + +TARGET = fwb_ipf diff --git a/src/ipfw/.cvsignore b/src/ipfw/.cvsignore new file mode 100644 index 000000000..65ae5bcdd --- /dev/null +++ b/src/ipfw/.cvsignore @@ -0,0 +1,7 @@ +Makefile +.moc +.ui +*.app +*.fwb +*.tbl + diff --git a/src/ipfw/ipfw.cpp b/src/ipfw/ipfw.cpp new file mode 100644 index 000000000..9a7d793b0 --- /dev/null +++ b/src/ipfw/ipfw.cpp @@ -0,0 +1,509 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: ipfw.cpp 1450 2007-12-05 16:53:10Z vk $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" + +#include + +#ifdef HAVE_LOCALE_H +#include +#endif + +#include +#include +#include +#include +#include + +#ifndef _WIN32 +# include +# include +#else +# include +# include +# include +#endif + +#include +#include +#include +#include + +#include + +#include "PolicyCompiler_ipfw.h" +#include "NATCompiler_ipfw.h" + +#include "OSConfigurator_openbsd.h" +#include "OSConfigurator_macosx.h" +#include "OSConfigurator_freebsd.h" +#include "OSConfigurator_solaris.h" + +#include "fwcompiler/Preprocessor.h" + +#include "fwbuilder/Resources.h" +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/XMLTools.h" +#include "fwbuilder/FWException.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Interface.h" + +#ifdef HAVE_GETOPT_H + #include +#else + #ifdef _WIN32 + #include + #else + #include + #endif +#endif + +#include "../common/init.cpp" + +using namespace std; +using namespace libfwbuilder; +using namespace fwcompiler; + +int fwbdebug = 0; + +static const char *filename = NULL; +static const char *wdir = NULL; +static const char *fwobjectname = NULL; +static string fw_file_name = ""; +static int dl = 0; +static int drp = -1; +static int drn = -1; +static int verbose = 0; +static bool test_mode = false; + +FWObjectDatabase *objdb = NULL; + +class UpgradePredicate: public XMLTools::UpgradePredicate +{ + public: + virtual bool operator()(const string &msg) const + { + cout << _("Data file has been created in the old version of Firewall Builder. Use fwbuilder GUI to convert it.") << endl; + return false; + } +}; + +void usage(const char *name) +{ + cout << _("Firewall Builder: policy compiler for ipfw") << endl; + cout << _("Version ") << VERSION << RELEASE_NUM << endl; + cout << _("Usage: ") << name << " [-x] [-v] [-V] [-f filename.xml] [-o output.fw] [-d destdir] [-m] firewall_object_name" << endl; +} + +int main(int argc, char * const *argv) +{ + +#ifdef ENABLE_NLS + setlocale (LC_ALL, ""); + + bindtextdomain (PACKAGE, LOCALEDIR); + textdomain (PACKAGE); +#else +# ifdef HAVE_SETLOCALE + setlocale (LC_ALL, ""); +# endif +#endif + + + if (argc<=1) + { + usage(argv[0]); + exit(1); + } + + int opt; + + while( (opt=getopt(argc,argv,"x:vVf:d:r:o:")) != EOF ) + { + switch(opt) + { + case 'd': + wdir = strdup(optarg); + break; + case 'r': + respath = string(optarg); + break; + case 'f': + filename = strdup(optarg); + break; + case 'o': + fw_file_name = string(optarg); + break; + case 'x': + if (*optarg=='t') { + test_mode = true; + } else if (*optarg=='p') { + ++optarg; + drp = atoi(optarg); + } else { + if (*optarg=='n') { + ++optarg; + drn = atoi(optarg); + } else { + if (isdigit(*optarg)) dl=atoi(optarg); // increase debug level + else { + usage(argv[0]); + exit(1); + } + } + } + break; + case 'v': + verbose++; + break; + case 'V': + usage(argv[0]); + exit(1); + } + } + + if((argc-1) != optind) + { + usage(argv[0]); + exit(1); + } + + fwobjectname = strdup( argv[optind++] ); + + if (fw_file_name.empty()) + { + fw_file_name=string(fwobjectname)+".fw"; + } + + if (wdir==0) wdir="./"; + + if ( +#ifdef _WIN32 + _chdir(wdir) +#else + chdir(wdir) +#endif + ) { + cerr << _("Can't change to: ") << wdir << endl; + exit(1); + } + + init(argv); + + try { + new Resources(respath+FS_SEPARATOR+"resources.xml"); + + /* create database */ + objdb = new FWObjectDatabase(); + + /* load the data file */ + UpgradePredicate upgrade_predicate; + + if (verbose) cout << _(" *** Loading data ..."); + + objdb->setReadOnly( false ); + objdb->load( sysfname, &upgrade_predicate, librespath); + objdb->setFileName(""); + FWObjectDatabase *ndb = new FWObjectDatabase(); + ndb->load(filename, &upgrade_predicate, librespath); + objdb->merge(ndb, NULL); + delete ndb; + objdb->setFileName(filename); + objdb->reIndex(); + +// objdb->load(filename, &upgrade_predicate, librespath); + if (verbose) cout << _(" done\n"); + + FWObject *slib = objdb->getById("syslib000"); + if ( slib->isReadOnly()) slib->setReadOnly(false); + + /* Review firewall and OS options and generate commands */ + Firewall* fw=objdb->findFirewallByName(fwobjectname); + + /* some initial sanity checks */ + list l2=fw->getByType(Interface::TYPENAME); + for (list::iterator i=l2.begin(); i!=l2.end(); ++i) + { + Interface *iface=dynamic_cast(*i); + assert(iface); + + if ( iface->isDyn()) + { + list l3=iface->getByType(IPv4::TYPENAME); + if (l3.size()>0) + { + char errstr[256]; + for (list::iterator j=l3.begin(); j!=l3.end(); ++j) + if ( objdb->findAllReferences(*j).size()!=0 ) + { + sprintf(errstr, + _("Dynamic interface %s has an IP address that is used in the firewall policy rule.\n"), + iface->getName().c_str() ); + throw FWException(errstr); + } + + sprintf(errstr, + _("Dynamic interface %s should not have an IP address object attached to it. This IP address object will be ignored.\n"), + iface->getName().c_str() ); + cerr << errstr; + for (list::iterator j=l3.begin(); j!=l3.end(); ++j) + iface->remove(*j); + } + } else + { + + list la=iface->getByType(IPv4::TYPENAME); + if ( iface->isRegular() && la.empty() ) + { + char errstr[256]; + sprintf(errstr,_("Missing IP address for interface %s\n"), + iface->getName().c_str() ); + throw FWException(errstr); + } + + for (list::iterator j=la.begin(); j!=la.end(); ++j) + { + IPv4 *ipv4 = IPv4::cast(*j); + if ( ipv4->getAddress().toString()=="0.0.0.0") + { + char errstr[256]; + sprintf(errstr, + _("Interface %s has IP address \"0.0.0.0\".\n"), + iface->getName().c_str() ); + throw FWException(errstr); + } + } + } + + } + + + FWOptions* options=fw->getOptionsObject(); + string s; + + string firewall_dir=options->getStr("firewall_dir"); + if (firewall_dir=="") firewall_dir="/etc/fw"; + + bool debug=options->getBool("debug"); + string shell_dbg=(debug)?"-x":"" ; + + Preprocessor* prep=new Preprocessor(objdb , fwobjectname); + prep->compile(); + +/* + * Process firewall options, build OS network configuration script + */ + OSConfigurator *oscnf=NULL; + string family=Resources::os_res[fw->getStr("host_OS")]->Resources::getResourceStr("/FWBuilderResources/Target/family"); + if ( family=="macosx") + oscnf=new OSConfigurator_macosx(objdb , fwobjectname); + + if ( family=="freebsd") + oscnf=new OSConfigurator_freebsd(objdb , fwobjectname); + + if (oscnf==NULL) + throw FWException(_("Unrecognized host OS ")+fw->getStr("host_OS")+" (family "+family+")"); + + oscnf->prolog(); +/* + * create compilers and run the whole thing + */ + PolicyCompiler_ipfw c( objdb , fwobjectname , oscnf ); + + c.setDebugLevel( dl ); + c.setDebugRule( drp ); + c.setVerbose( verbose ); + if (test_mode) c.setTestMode(); + + bool have_ipfw=false; + if ( c.prolog() > 0 ) + { + have_ipfw=true; + + c.compile(); + c.epilog(); + } + +/* + * now write generated scripts to files + */ + + + char *timestr; + time_t tm; + struct tm *stm; + + tm=time(NULL); + stm=localtime(&tm); + timestr=strdup(ctime(&tm)); + timestr[ strlen(timestr)-1 ]='\0'; + +#ifdef _WIN32 + char* user_name=getenv("USERNAME"); +#else + struct passwd *pwd=getpwuid(getuid()); + assert(pwd); + char *user_name=pwd->pw_name; +#endif + if (user_name==NULL) + { + user_name=getenv("LOGNAME"); + if (user_name==NULL) + { + cerr << _("Can't figure out your user name, aborting") << endl; + exit(1); + } + } + + ofstream fw_file; + fw_file.exceptions(ofstream::eofbit|ofstream::failbit|ofstream::badbit); + +#ifdef _WIN32 + fw_file.open(fw_file_name.c_str(), ios::out|ios::binary); +#else + fw_file.open(fw_file_name.c_str()); +#endif + fw_file << "#!/bin/sh " << shell_dbg << endl << endl; + + fw_file << _("#\n\ +# This is automatically generated file. DO NOT MODIFY !\n\ +#\n\ +# Firewall Builder fwb_ipfw v") << VERSION << "-" << RELEASE_NUM << _(" \n\ +#\n\ +# Generated ") << timestr << " " << tzname[stm->tm_isdst] << _(" by ") + << user_name << "\n#\n"; + + fw_file << MANIFEST_MARKER << "* " << fw_file_name << endl; + fw_file << "#" << endl; + fw_file << "#" << endl; + + string fwcomment=fw->getComment(); + string::size_type n1,n2; + n1=n2=0; + while ( (n2=fwcomment.find("\n",n1))!=string::npos ) + { + fw_file << "# " << fwcomment.substr(n1,n2-n1) << endl; + n1=n2+1; + } + fw_file << "# " << fwcomment.substr(n1) << endl; + fw_file << "#\n#\n#\n"; + + fw_file << "cd " << firewall_dir << " || exit 1" << endl << endl; + + fw_file << endl; + fw_file << "#" << endl; + fw_file << "# Prolog script" << endl; + fw_file << "#" << endl; + + string pre_hook= fw->getOptionsObject()->getStr("prolog_script"); + fw_file << pre_hook << endl; + + fw_file << "#" << endl; + fw_file << "# End of prolog script" << endl; + fw_file << "#" << endl; + + fw_file << oscnf->getCompiledScript(); + + fw_file << endl; + + fw_file << "log '"; + fw_file << _("Activating firewall script generated ") + << timestr << " " << _(" by ") + << user_name; + fw_file << "'" << endl; + + fw_file << endl; + + + +/* commented out since we now use sets + fw_file << "\"$IPFW\" -f -q flush" << endl; +*/ + fw_file << endl; + + if (have_ipfw) + { + fw_file << c.getCompiledScript(); + } + + fw_file << endl; + fw_file << "#" << endl; + fw_file << "# Epilog script" << endl; + fw_file << "#" << endl; + + string post_hook= fw->getOptionsObject()->getStr("epilog_script"); + fw_file << post_hook << endl; + + fw_file << endl; + fw_file << "# End of epilog script" << endl; + fw_file << "#" << endl; + + fw_file << "\"$IPFW\" set swap 0 1 || exit 1" << endl; + fw_file << "\"$IPFW\" delete set 1" << endl; + + fw_file << endl; + fw_file.close(); + +#ifdef _WIN32 + _chmod(fw_file_name.c_str(),_S_IREAD|_S_IWRITE); +#else + chmod(fw_file_name.c_str(),S_IXUSR|S_IRUSR|S_IWUSR|S_IRGRP); +#endif + + cout << _(" Compiled successfully") << endl << flush; + + return 0; + + } catch(const FWException &ex) { + cerr << ex.toString() << endl; + return 1; +#if __GNUC__ >= 3 +/* need to check version because std::ios::failure does not seem to be + * supported in gcc 2.9.5 on FreeBSD 4.10 */ + } catch (const std::ios::failure &e) { + cerr << "Error while opening or writing to the output file" << endl; + return 1; +#endif + } catch (const std::string &s) { + cerr << s; + return 1; + } catch (const std::exception &ex) { + cerr << ex.what(); + return 1; + } catch (...) { + cerr << _("Unsupported exception"); + return 1; + } + +} + + + + + + + + + diff --git a/src/ipfw/ipfw.pro b/src/ipfw/ipfw.pro new file mode 100644 index 000000000..7c578613d --- /dev/null +++ b/src/ipfw/ipfw.pro @@ -0,0 +1,28 @@ +#-*- mode: makefile; tab-width: 4; -*- +# +include(../../qmake.inc) +# +SOURCES = ipfw.cpp + +HEADERS = ../../config.h \ + ../pflib/OSData.h \ + ../pflib/NATCompiler_ipfw.h \ + ../pflib/NATCompiler_pf.h \ + ../pflib/OSConfigurator_freebsd.h \ + ../pflib/OSConfigurator_macosx.h \ + ../pflib/PolicyCompiler_ipfw.h \ + ../pflib/PolicyCompiler_pf.h + +QMAKE_COPY = ../../install.sh -m 0755 -s + +win32:CONFIG += console + +INCLUDEPATH += "../pflib" +DEPENDPATH = "../pflib" + +win32:LIBS += $$PREFIX/fwbpf.lib +!win32:LIBS += ../pflib/libfwbpf.a + +LIBS += $$LIBS_FWCOMPILER + +TARGET = fwb_ipfw diff --git a/src/ipt/.cvsignore b/src/ipt/.cvsignore new file mode 100644 index 000000000..65ae5bcdd --- /dev/null +++ b/src/ipt/.cvsignore @@ -0,0 +1,7 @@ +Makefile +.moc +.ui +*.app +*.fwb +*.tbl + diff --git a/src/ipt/MangleTableCompiler_ipt.cpp b/src/ipt/MangleTableCompiler_ipt.cpp new file mode 100644 index 000000000..6a8a9a7e7 --- /dev/null +++ b/src/ipt/MangleTableCompiler_ipt.cpp @@ -0,0 +1,137 @@ +/* + + Firewall Builder + + Copyright (C) 2006 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: MangleTableCompiler_ipt.cpp 1381 2007-07-08 01:11:35Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" + +#include "MangleTableCompiler_ipt.h" +#include "OSConfigurator_linux24.h" + +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Policy.h" +#include "fwbuilder/Rule.h" + +#include + +using namespace libfwbuilder; +using namespace fwcompiler; +using namespace std; + +string MangleTableCompiler_ipt::myPlatformName() { return "iptables"; } + +int MangleTableCompiler_ipt::prolog() +{ + return PolicyCompiler_ipt::prolog(); + + int n = 0; + + for(FWObject::iterator i=combined_ruleset->begin(); + i!=combined_ruleset->end(); i++) + { + PolicyRule *r = PolicyRule::cast( *i ); + if (r->isDisabled()) continue; + if (r->getAction() == PolicyRule::Tag || r->getAction() == PolicyRule::Classify) n++; + } + return n; +} + +bool MangleTableCompiler_ipt::keepMangleTableRules::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + FWOptions *ruleopt =rule->getOptionsObject(); + + if (rule->getAction() == PolicyRule::Branch && + ruleopt->getBool("ipt_branch_in_mangle")) + { + PolicyRule* r; + + // this is a branching rule for mangle table. Need to put it + // into PREROUTING and POSTROUTING chains as well because some + // targets that work with mangle table can only go into these + // chains, yet we do not know what kind of rules will user + // place in the branch + + if (rule->getDirection()==PolicyRule::Undefined || + rule->getDirection()==PolicyRule::Both || + rule->getDirection()==PolicyRule::Inbound) + { + r = PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setStr("ipt_chain","PREROUTING"); + tmp_queue.push_back(r); + } + + if (rule->getDirection()==PolicyRule::Undefined || + rule->getDirection()==PolicyRule::Both || + rule->getDirection()==PolicyRule::Outbound) + { + r = PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setStr("ipt_chain","POSTROUTING"); + tmp_queue.push_back(r); + } + + tmp_queue.push_back(rule); + } + + if (rule->getAction() == PolicyRule::Tag || + rule->getAction() == PolicyRule::Route || + rule->getAction() == PolicyRule::Classify) tmp_queue.push_back(rule); + + return true; +} + + +void MangleTableCompiler_ipt::addRuleFilter() +{ + add( new keepMangleTableRules(" keep only rules that require mangle table") ); +} + +string MangleTableCompiler_ipt::flushAndSetDefaultPolicy() +{ + ostringstream res; + + PolicyCompiler_ipt::PrintRule *prp = createPrintRuleProcessor(); + + res << prp->_declareTable(); + if (have_connmark) + { + res << prp->_startRuleLine() + << "PREROUTING -j CONNMARK --restore-mark" + << prp->_endRuleLine(); + } + if (have_connmark_in_output) + { + res << prp->_startRuleLine() + << "OUTPUT -j CONNMARK --restore-mark" + << prp->_endRuleLine(); + res << endl; + } + + return res.str(); +} + diff --git a/src/ipt/MangleTableCompiler_ipt.h b/src/ipt/MangleTableCompiler_ipt.h new file mode 100644 index 000000000..bb29d5150 --- /dev/null +++ b/src/ipt/MangleTableCompiler_ipt.h @@ -0,0 +1,61 @@ +/* + + Firewall Builder + + Copyright (C) 2006 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: MangleTableCompiler_ipt.h 914 2006-01-04 07:52:51Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#ifndef __MANGLETABLECOMPILER_IPT_HH +#define __MANGLETABLECOMPILER_IPT_HH + +#include +#include "PolicyCompiler_ipt.h" + +namespace fwcompiler { + + class MangleTableCompiler_ipt : public PolicyCompiler_ipt { + + protected: + + virtual std::string myPlatformName(); + + /** + * this processor drops all rules except for those that require mangle table + */ + DECLARE_POLICY_RULE_PROCESSOR(keepMangleTableRules); + + public: + + MangleTableCompiler_ipt(libfwbuilder::FWObjectDatabase *_db, + const std::string &fwname, + fwcompiler::OSConfigurator *_oscnf) : PolicyCompiler_ipt(_db,fwname,_oscnf) + { + my_table = "mangle"; + } + + virtual int prolog(); + virtual void addRuleFilter(); + + virtual std::string flushAndSetDefaultPolicy(); + }; +} + +#endif diff --git a/src/ipt/NATCompiler_PrintRule.cpp b/src/ipt/NATCompiler_PrintRule.cpp new file mode 100644 index 000000000..73e1e6dd1 --- /dev/null +++ b/src/ipt/NATCompiler_PrintRule.cpp @@ -0,0 +1,686 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: NATCompiler_PrintRule.cpp 1179 2006-10-08 00:10:02Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "NATCompiler_ipt.h" +#include "OSConfigurator_linux24.h" + +#include "fwbuilder/AddressRange.h" +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/CustomService.h" +#include "fwbuilder/TagService.h" +#include "fwbuilder/Policy.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/IPv4.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Resources.h" +#include "fwbuilder/DNSName.h" +#include "fwbuilder/AddressTable.h" + +#include "combinedAddress.h" + +#include +#if __GNUC__ > 3 || \ + (__GNUC__ == 3 && (__GNUC_MINOR__ > 2 || (__GNUC_MINOR__ == 2 ) ) ) || \ + _MSC_VER +# include +#else +# include +#endif +#include +#include +#include + +#include + +using namespace libfwbuilder; +using namespace fwcompiler; +using namespace std; + + + +/** + *----------------------------------------------------------------------- + * Methods for printing + */ +/* + * check and create new chain if needed + */ +string NATCompiler_ipt::PrintRule::_createChain(const string &chain) +{ + ostringstream res; + if ( ! chains[chain] ) + { + res << "$IPTABLES -t nat -N " << chain << endl; + chains[chain]=true; + } + return res.str(); +} + +string NATCompiler_ipt::PrintRule::_startRuleLine() +{ + return string("$IPTABLES -t nat -A "); +} + +string NATCompiler_ipt::PrintRule::_endRuleLine() +{ + return string("\n"); +} + +string NATCompiler_ipt::PrintRule::_printRuleLabel(NATRule *rule) +{ + ostringstream res; + + bool nocomm=Resources::os_res[compiler->fw->getStr("host_OS")]->Resources::getResourceBool("/FWBuilderResources/Target/options/suppress_comments"); + + string rl=rule->getLabel(); + if (rl!=current_rule_label) + { + if (!nocomm) + { + res << "# " << endl; + res << "# Rule " << rl << endl; + res << "# " << endl; + } + res << "echo " << _quote(string("Rule ")+rl) << endl; + res << "# " << endl; + +/* do not put comment in the script if it is intended for linksys */ + if (!nocomm) + { + string comm=rule->getComment(); + string::size_type c1,c2; + c1=0; + while ( (c2=comm.find('\n',c1))!=string::npos ) { + res << "# " << comm.substr(c1,c2-c1) << endl; + c1=c2+1; + } + res << "# " << comm.substr(c1) << endl; +// res << "# " << endl; + } + current_rule_label=rl; + } + return res.str(); +} + +/* + * check and create new chain if needed + */ + +/** + *----------------------------------------------------------------------- + */ +string NATCompiler_ipt::PrintRule::_printChainDirectionAndInterface(NATRule *rule) +{ + std::ostringstream ostr; + + string iface_name = rule->getInterfaceStr(); +// Interface *rule_iface = compiler->getCachedFwInterface(iface_id); +// string iface_name= (rule_iface!=NULL) ? rule_iface->getName() : ""; + if (iface_name=="nil") iface_name=""; + +/* if interface name ends with '*', this is a wildcard + * interface. Iptables supports wildcard interfaces but uses '+' as a + * wildcard symbol */ + + string::size_type n; + if ( (n=iface_name.find("*"))!=string::npos) iface_name[n]='+'; + + ostr << rule->getStr("ipt_chain") << " "; + + switch (rule->getRuleType()) { + case NATRule::SNAT: + if (!iface_name.empty()) ostr << "-o " << iface_name; + break; + case NATRule::Masq: + if (!iface_name.empty()) ostr << "-o " << iface_name; + break; + case NATRule::DNAT: + if (!iface_name.empty()) ostr << "-i " << iface_name; + break; + case NATRule::Redirect: + if (!iface_name.empty()) ostr << "-i " << iface_name; + break; + default: break; + } + ostr << " "; + return ostr.str(); +} + + + +string NATCompiler_ipt::PrintRule::_printProtocol(Service *srv) +{ + std::ostringstream ostr; + if (!srv->isAny() && !CustomService::isA(srv) && !TagService::isA(srv)) + { + string pn=srv->getProtocolName(); + if (pn=="ip") pn="all"; + ostr << "-p " << pn << " "; + if (pn == "tcp") ostr << "-m tcp "; + if (pn == "udp") ostr << "-m udp "; + if (pn == "icmp") ostr << "-m icmp "; + } + return ostr.str(); +} + +string NATCompiler_ipt::PrintRule::_printMultiport(NATRule *rule) +{ + std::ostringstream ostr; + if( rule->getBool("ipt_multiport")) + ostr << "-m multiport "; + return ostr.str(); +} + + +string NATCompiler_ipt::PrintRule::_printOPorts(int rs,int re) +{ + std::ostringstream ostr; + + if (rs<0) rs=0; + if (re<0) re=0; + + if (rs>0 || re>0) { + if (rs==re) ostr << rs; + else + if (rs==0 && re!=0) ostr << ":" << re; + else + ostr << rs << ":" << re; + } + return ostr.str(); +} + +string NATCompiler_ipt::PrintRule::_printTPorts(int rs,int re) +{ + std::ostringstream ostr; + + if (rs<0) rs=0; + if (re<0) re=0; + + if (rs>0 || re>0) { + if (rs==re) ostr << rs; + else + if (rs==0 && re!=0) ostr << "-" << re; + else + ostr << rs << "-" << re; + } + return ostr.str(); +} + +string NATCompiler_ipt::PrintRule::_printICMP(ICMPService *srv) +{ + std::ostringstream ostr; + if (ICMPService::isA(srv) && srv->getInt("type")!=-1) { + ostr << srv->getStr("type"); + if (srv->getInt("code")!=-1) + ostr << "/" << srv->getStr("code") << " "; + } + return ostr.str(); +} + +string NATCompiler_ipt::PrintRule::_printIP(IPService *srv) +{ + std::ostringstream ostr; + if (IPService::isA(srv) ) { + if (srv->getBool("fragm") || srv->getBool("short_fragm")) + ostr << "-f "; + + if (srv->getBool("lsrr") || + srv->getBool("ssrr") || + srv->getBool("rr") || + srv->getBool("ts") ) ostr << " -m ipv4options "; + + if (srv->getBool("lsrr")) ostr << " --lsrr"; + if (srv->getBool("ssrr")) ostr << " --ssrr"; + if (srv->getBool("rr")) ostr << " --rr"; + if (srv->getBool("ts")) ostr << " --ts"; + } + return ostr.str(); +} + +string NATCompiler_ipt::PrintRule::_printSrcPorts(Service *srv) +{ + std::ostringstream ostr; + if (TCPService::isA(srv) || UDPService::isA(srv)) { + int rs=srv->getInt("src_range_start"); + int re=srv->getInt("src_range_end"); + ostr << _printOPorts(rs,re); + } + return ostr.str(); +} + +string NATCompiler_ipt::PrintRule::_printDstPorts(Service *srv) +{ + std::ostringstream ostr; + if (TCPService::isA(srv) || UDPService::isA(srv)) { + int rs=srv->getInt("dst_range_start"); + int re=srv->getInt("dst_range_end"); + ostr << _printOPorts(rs,re); + } + return ostr.str(); +} + +string NATCompiler_ipt::PrintRule::_printSNATPorts(Service *srv) +{ + std::ostringstream ostr; + if (TCPService::isA(srv) || UDPService::isA(srv)) { + int rs=srv->getInt("src_range_start"); + int re=srv->getInt("src_range_end"); + ostr << _printTPorts(rs,re); + } + return ostr.str(); +} + +string NATCompiler_ipt::PrintRule::_printDNATPorts(Service *srv) +{ + std::ostringstream ostr; + if (TCPService::isA(srv) || UDPService::isA(srv)) { + int rs=srv->getInt("dst_range_start"); + int re=srv->getInt("dst_range_end"); + ostr << _printTPorts(rs,re); + } + return ostr.str(); +} + +/* + * we made sure that all services in rel represent the same protocol + */ +string NATCompiler_ipt::PrintRule::_printSrcService(RuleElementOSrv *rel) +{ + std::ostringstream ostr; + +/* I do not want to use rel->getFirst because it traverses the tree to + * find the object. I'd rather use a cached copy in the compiler + */ + FWObject *o=rel->front(); + if (o && FWReference::cast(o)!=NULL) + o=FWReference::cast(o)->getPointer(); + + Service *srv= Service::cast(o); + + if (rel->size()==1) { + if (UDPService::isA(srv) || TCPService::isA(srv)) { + string str=_printSrcPorts( srv ); + if (! str.empty() ) ostr << "--sport " << str << " "; + } + } else { +/* use multiport */ + + string str; + bool first=true; + for (FWObject::iterator i=rel->begin(); i!=rel->end(); i++) { + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + + Service *s=Service::cast( o ); + assert(s); + if (UDPService::isA(srv) || TCPService::isA(srv)) { + if (!first) str+=","; + str+= _printSrcPorts( s ); + if (!str.empty()) first=false; + } + } + if ( !str.empty() ) + { + string v = compiler->fw->getStr("version"); + if (v.empty() || v=="ge_1.2.6" || v=="1.2.9" || v=="1.3.0") + ostr << "--sports "; + else + ostr << "--source-port "; + ostr << str << " "; + } + } + return ostr.str(); +} + +string NATCompiler_ipt::PrintRule::_printDstService(RuleElementOSrv *rel) +{ + std::ostringstream ostr; + + FWObject *o=rel->front(); + if (o && FWReference::cast(o)!=NULL) + o=FWReference::cast(o)->getPointer(); + + Service *srv= Service::cast(o); + + if (rel->size()==1) + { + if (UDPService::isA(srv) || TCPService::isA(srv)) + { + string str=_printDstPorts( srv ); + if (! str.empty() ) ostr << "--dport " << str << " "; + } + if (ICMPService::isA(srv)) + { + string str=_printICMP( ICMPService::cast(srv) ); + if (! str.empty() ) ostr << "--icmp-type " << str << " "; + } + if (IPService::isA(srv)) + { + string str=_printIP( IPService::cast(srv) ); + if (! str.empty() ) ostr << str << " "; + } + if (CustomService::isA(srv)) + { + ostr << CustomService::cast(srv)->getCodeForPlatform( compiler->myPlatformName() ) << " "; + } + if (TagService::isA(srv)) + { + ostr << "-m mark --mark " + << TagService::cast(srv)->getCode() << " "; + } + + } else { +/* use multiport */ + + string str; + bool first=true; + for (FWObject::iterator i=rel->begin(); i!=rel->end(); i++) + { + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + + Service *s=Service::cast( o ); + assert(s); + if (UDPService::isA(srv) || TCPService::isA(srv)) + { + if (!first) str+=","; + str+= _printDstPorts( s ); + if (!str.empty()) first=false; + } + } + if ( !str.empty() ) + { + string v = compiler->fw->getStr("version"); + if (v.empty() || v=="ge_1.2.6" || v=="1.2.9" || v=="1.3.0") + ostr << "--dports "; + else + ostr << "--destination-port "; + ostr << str << " "; + } + } + return ostr.str(); +} + +string NATCompiler_ipt::PrintRule::_printAddr(Address *o,bool print_mask,bool print_range) +{ + NATCompiler_ipt *ipt_comp=dynamic_cast(compiler); + std::ostringstream ostr; + + MultiAddressRunTime *atrt = MultiAddressRunTime::cast(o); + if (atrt!=NULL) + { + if (atrt->getSubstitutionTypeName()==AddressTable::TYPENAME) + { + ostr << "$" << ipt_comp->getAddressTableVarName(atrt) << " "; + return ostr.str(); + } + + if (atrt->getSubstitutionTypeName()==DNSName::TYPENAME) + { + return atrt->getSourceName(); + } + // at this time we only support two types of MultiAddress + // objects: AddressTable and DNSName. Both should be converted + // to MultiAddressRunTime at this point. If we get some other + // kind of MultiAddressRunTime object, we do not know what to do + // with it so we stop. + assert(atrt==NULL); + } + + IPAddress addr=o->getAddress(); + Netmask mask=o->getNetmask(); + Interface *iface; + if ( (iface=Interface::cast(o))!=NULL ) + { + if (iface->isDyn() && iface->getBool("use_var_address")) + { + ostr << "$" << ipt_comp->getInterfaceVarName(iface) << " "; + return ostr.str(); + } +// if (Interface::cast(o)->isDyn()) return; + mask=Netmask("255.255.255.255"); + } + + if (IPv4::cast(o)!=NULL) + { + mask=Netmask("255.255.255.255"); + } + + if (print_range && AddressRange::cast(o)!=NULL) { + IPAddress a1=AddressRange::cast(o)->getRangeStart(); + IPAddress a2=AddressRange::cast(o)->getRangeEnd(); + ostr << a1.toString() << "-" << a2.toString(); + } else { + if (addr.toString()=="0.0.0.0" && mask.toString()=="0.0.0.0") { + ostr << "0/0"; + } else { + ostr << addr.toString(); + if (print_mask && mask.toString()!="255.255.255.255") { + ostr << "/" << mask.getLength(); + } + } + } + return ostr.str(); +} + + +NATCompiler_ipt::PrintRule::PrintRule(const std::string &name) : + NATRuleProcessor(name) +{ + init=true; + print_once_on_top=true; + + chains["POSTROUTING"] =true; + chains["PREROUTING"] =true; + chains["SNAT"] =true; + chains["DNAT"] =true; + chains["MASQUERADE"] =true; + chains["REDIRECT"] =true; + chains["NETMAP"] =true; + chains["LOG"] =true; + chains["MARK"] =true; + chains["ACCEPT"] =true; + chains["REJECT"] =true; + chains["DROP"] =true; + chains["RETURN"] =true; + chains["OUTPUT"] =true; +} + +bool NATCompiler_ipt::PrintRule::processNext() +{ + NATRule *rule=getNext(); + if (rule==NULL) return false; + + tmp_queue.push_back(rule); + + compiler->output << _printRuleLabel(rule); + + string s; + std::ostringstream cmdout; + + compiler->output << _createChain(rule->getStr("ipt_chain")); + compiler->output << _createChain(rule->getStr("ipt_target")); + + +// RuleElementOSrc *osrcrel=rule->getOSrc(); + Address *osrc=compiler->getFirstOSrc(rule); assert(osrc); +// RuleElementODst *odstrel=rule->getODst(); + Address *odst=compiler->getFirstODst(rule); assert(odst); + RuleElementOSrv *osrvrel=rule->getOSrv(); + Service *osrv=compiler->getFirstOSrv(rule); assert(osrv); + + Address *tsrc=compiler->getFirstTSrc(rule); assert(tsrc); + Address *tdst=compiler->getFirstTDst(rule); assert(tdst); + Service *tsrv=compiler->getFirstTSrv(rule); assert(tsrv); + +// Interface *iface= +// Interface::cast( rule->getRoot()->getById(rule->getInterfaceId() ,true) ); + + + cmdout << _startRuleLine(); + + cmdout << _printChainDirectionAndInterface(rule); + + if (! osrv->isAny() ) + cmdout << _printProtocol(osrv); + + cmdout << _printMultiport(rule); + + if (!osrc->isAny()) + { + string physaddress=""; + + if (physAddress::isA(osrc)) + physaddress= physAddress::cast(osrc)->getPhysAddress(); + + if (combinedAddress::isA(osrc)) + physaddress= combinedAddress::cast(osrc)->getPhysAddress(); + + if ( ! physaddress.empty()) + { + cmdout << " -m mac --mac-source " + << physaddress; + } +/* + * fool-proof: this is last resort check for situation when user created IPv4 object + * for the interface but left it with empty address ( 0.0.0.0 ). + */ + if ( ! physaddress.empty() && osrc->getAddress()==IPAddress("0.0.0.0")) + { + ; + } else + { + cmdout << " -s "; + cmdout << _printAddr(osrc); + } + +// cmdout << " -s "; +// cmdout << _printAddr(osrc); + } + + if (!osrv->isAny()) { + cmdout << " "; + cmdout << _printSrcService(osrvrel); + } + + if (!odst->isAny()) { + cmdout << " -d "; + cmdout << _printAddr(odst); + } + + cmdout << " "; + cmdout << _printDstService(osrvrel); + + cmdout << "-j " << rule->getStr("ipt_target") << " "; + + switch (rule->getRuleType()) { + case NATRule::SNAT: + if (rule->getStr("ipt_target")=="SNAT") + { + cmdout << "--to-source "; + cmdout << _printAddr(tsrc,false,true); + string ports=_printSNATPorts(tsrv); + if (!ports.empty()) cmdout << ":" << ports; + } + break; +/* + * if rule type is DNAT and TDst is any, this rule only does port + * translation and does not change addresses. Iptables accepts + * "--to-destination :80" (no address in front of the ':') and seems + * to do the right thing. + */ + case NATRule::DNAT: + if (rule->getStr("ipt_target")=="DNAT") + { + cmdout << "--to-destination "; + if (!tdst->isAny()) cmdout << _printAddr(tdst,false,true); + string ports=_printDNATPorts(tsrv); + if (!ports.empty()) cmdout << ":" << ports; + } + break; + + case NATRule::SNetnat: + if (rule->getStr("ipt_target")=="NETMAP") + { + cmdout << "--to "; + cmdout << _printAddr(tsrc,true,false); + } + break; + + case NATRule::DNetnat: + if (rule->getStr("ipt_target")=="NETMAP") + { + cmdout << "--to "; + cmdout << _printAddr(tdst,true,false); + } + break; + + case NATRule::Redirect: + if (rule->getStr("ipt_target")=="REDIRECT") + { + string ports=_printDNATPorts(tsrv); + if (!ports.empty()) cmdout << "--to-ports " << ports; + } + break; + default: break; + } + cmdout << " "; + + cmdout << _endRuleLine(); + +// cmdout << endl; + + compiler->output + << dynamic_cast(compiler->osconfigurator)->printRunTimeWrappers( rule, cmdout.str()); + + return true; +} + +string NATCompiler_ipt::PrintRule::_declareTable() +{ + return ""; +} + +string NATCompiler_ipt::PrintRule::_flushAndSetDefaultPolicy() +{ + return ""; +} + +string NATCompiler_ipt::PrintRule::_commit() +{ + return ""; +} + + +string NATCompiler_ipt::PrintRule::_quote(const string &s) +{ + return "\"" + s + "\""; +} + + diff --git a/src/ipt/NATCompiler_PrintRuleIptRst.cpp b/src/ipt/NATCompiler_PrintRuleIptRst.cpp new file mode 100644 index 000000000..57c607c16 --- /dev/null +++ b/src/ipt/NATCompiler_PrintRuleIptRst.cpp @@ -0,0 +1,151 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: NATCompiler_PrintRuleIptRst.cpp 1054 2006-06-05 04:53:22Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "NATCompiler_ipt.h" + +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Rule.h" +#include "fwbuilder/Resources.h" + +#include +#if __GNUC__ > 3 || \ + (__GNUC__ == 3 && (__GNUC_MINOR__ > 2 || (__GNUC_MINOR__ == 2 ) ) ) || \ + _MSC_VER +# include +#else +# include +#endif +#include +#include +#include + +#include + +using namespace libfwbuilder; +using namespace fwcompiler; +using namespace std; + + + +/** + *----------------------------------------------------------------------- + * Methods for printing + */ +/* + * check and create new chain if needed + */ +string NATCompiler_ipt::PrintRuleIptRst::_createChain(const string &chain) +{ + string res; + if ( ! chains[chain] ) + { + res = ":" + chain + " - [0:0]\n"; + chains[chain]=true; + } + return res; +} + +string NATCompiler_ipt::PrintRuleIptRst::_startRuleLine() +{ + return string("-A "); +} + +string NATCompiler_ipt::PrintRuleIptRst::_endRuleLine() +{ + return string("\n"); +} + +string NATCompiler_ipt::PrintRuleIptRst::_printRuleLabel(NATRule *rule) +{ + ostringstream res; + + bool nocomm=Resources::os_res[compiler->fw->getStr("host_OS")]->Resources::getResourceBool("/FWBuilderResources/Target/options/suppress_comments"); + + string rl=rule->getLabel(); + if (rl!=current_rule_label) + { + if (!nocomm) + { + res << "# " << endl; + res << "# Rule " << rl << endl; + res << "# " << endl; + } + +/* do not put comment in the script if it is intended for linksys */ + if (!nocomm) + { + string comm=rule->getComment(); + string::size_type c1,c2; + c1=0; + while ( (c2=comm.find('\n',c1))!=string::npos ) { + res << "# " << comm.substr(c1,c2-c1) << endl; + c1=c2+1; + } + res << "# " << comm.substr(c1) << endl; +// res << "# " << endl; + } + current_rule_label=rl; + } + return res.str(); +} + +bool NATCompiler_ipt::PrintRuleIptRst::processNext() +{ + if (print_once_on_top) + { + + print_once_on_top=false; + } + + return NATCompiler_ipt::PrintRule::processNext(); +} + +string NATCompiler_ipt::PrintRuleIptRst::_declareTable() +{ + ostringstream res; + res << "*nat" << endl; + return res.str(); +} + +string NATCompiler_ipt::PrintRuleIptRst::_flushAndSetDefaultPolicy() +{ + ostringstream res; + res << ":PREROUTING ACCEPT [0:0]" << endl; + res << ":POSTROUTING ACCEPT [0:0]" << endl; + res << ":OUTPUT ACCEPT [0:0]" << endl; + return res.str(); +} + +string NATCompiler_ipt::PrintRuleIptRst::_commit() +{ + return "COMMIT\n"; +} + + +string NATCompiler_ipt::PrintRuleIptRst::_quote(const string &s) +{ + return "\"" + s + "\""; +} + diff --git a/src/ipt/NATCompiler_PrintRuleIptRstEcho.cpp b/src/ipt/NATCompiler_PrintRuleIptRstEcho.cpp new file mode 100644 index 000000000..49584a1e7 --- /dev/null +++ b/src/ipt/NATCompiler_PrintRuleIptRstEcho.cpp @@ -0,0 +1,117 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: NATCompiler_PrintRuleIptRstEcho.cpp 1054 2006-06-05 04:53:22Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "NATCompiler_ipt.h" + +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Rule.h" +#include "fwbuilder/Resources.h" + +#include +#if __GNUC__ > 3 || \ + (__GNUC__ == 3 && (__GNUC_MINOR__ > 2 || (__GNUC_MINOR__ == 2 ) ) ) || \ + _MSC_VER +# include +#else +# include +#endif +#include +#include +#include + +#include + +using namespace libfwbuilder; +using namespace fwcompiler; +using namespace std; + + + +/** + *----------------------------------------------------------------------- + * Methods for printing + */ +/* + * check and create new chain if needed + */ +string NATCompiler_ipt::PrintRuleIptRstEcho::_createChain(const string &chain) +{ + string res; + if ( ! chains[chain] ) + { + res = "echo \":" + chain + " - [0:0]\"\n"; + chains[chain]=true; + } + return res; +} + +string NATCompiler_ipt::PrintRuleIptRstEcho::_startRuleLine() +{ + return string("echo \"-A "); +} + +string NATCompiler_ipt::PrintRuleIptRstEcho::_endRuleLine() +{ + return string("\"\n"); +} + +bool NATCompiler_ipt::PrintRuleIptRstEcho::processNext() +{ + if (print_once_on_top) + { + + print_once_on_top=false; + } + + return NATCompiler_ipt::PrintRuleIptRst::processNext(); +} + +string NATCompiler_ipt::PrintRuleIptRstEcho::_declareTable() +{ + ostringstream res; + res << "echo '*nat'" << endl; + return res.str(); +} + +string NATCompiler_ipt::PrintRuleIptRstEcho::_flushAndSetDefaultPolicy() +{ + ostringstream res; + res << "echo :PREROUTING ACCEPT [0:0]" << endl; + res << "echo :POSTROUTING ACCEPT [0:0]" << endl; + res << "echo :OUTPUT ACCEPT [0:0]" << endl; + return res.str(); +} + +string NATCompiler_ipt::PrintRuleIptRstEcho::_commit() +{ + return "echo COMMIT\n"; +} + + +string NATCompiler_ipt::PrintRuleIptRstEcho::_quote(const string &s) +{ + return "\\\"" + s + "\\\""; +} + diff --git a/src/ipt/NATCompiler_ipt.cpp b/src/ipt/NATCompiler_ipt.cpp new file mode 100644 index 000000000..91ced98ee --- /dev/null +++ b/src/ipt/NATCompiler_ipt.cpp @@ -0,0 +1,2259 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: NATCompiler_ipt.cpp 1451 2007-12-09 23:53:22Z vk $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "NATCompiler_ipt.h" +#include "OSConfigurator_linux24.h" + +#include "combinedAddress.h" + +#include "fwcompiler/OSConfigurator.h" + +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/NAT.h" +#include "fwbuilder/AddressRange.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/CustomService.h" +#include "fwbuilder/TagService.h" +#include "fwbuilder/Host.h" +#include "fwbuilder/Network.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/IPv4.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/AddressTable.h" +#include "fwbuilder/DNSName.h" + +#include "config.h" + +#include +#include +#include +#include + +#include +#include + +using namespace libfwbuilder; +using namespace fwcompiler; +using namespace std; + +struct subnetInfo { + Interface *iface; + IPv4 *ipv4; + int nmlength; + subnetInfo() { iface=NULL; ipv4=NULL; nmlength=0; } + subnetInfo(Interface *i,IPv4 *a,int n) { iface=i; ipv4=a; nmlength=n; } +}; + + +#if 0 +static int chain_no=0; +#endif + +static std::map tmp_chain_no; + +string NATCompiler_ipt::myPlatformName() { return "iptables"; } + +string NATCompiler_ipt::getInterfaceVarName(FWObject *iface) +{ + ostringstream ostr; + string iname=iface->getName(); + string::size_type p1; + while ( (p1=iname.find("."))!=string::npos) + iname=iname.replace(p1,1,"_"); + ostr << "i_" << iname; + return ostr.str(); +} + +string NATCompiler_ipt::getAddressTableVarName(FWObject *at) +{ + ostringstream ostr; + string name=at->getName(); + string::size_type p1; + char *bad_shell_chars = " !#$&*()-+=\\|{}[]?<>,."; + for (char *cptr=bad_shell_chars; *cptr; cptr++) + { + while ( (p1=name.find(*cptr))!=string::npos) + name=name.replace(p1,1,"_"); + } + ostr << "at_" << name; + return ostr.str(); +} + +string NATCompiler_ipt::getNewTmpChainName(NATRule *rule) +{ + std::ostringstream str; + string chain_id=rule->getUniqueId(); + int n=tmp_chain_no[chain_id]; + + str << "C" << chain_id; + str << "." << setw(1) << setfill('0') << n; + + n++; + tmp_chain_no[chain_id]=n; + return str.str(); + +#if 0 + std::ostringstream str; + str << "ntmp" << setw(3) << setfill('0') << chain_no; + chain_no++; + return str.str(); +#endif +} + +string NATCompiler_ipt::debugPrintRule(Rule *r) +{ + NATRule *rule=NATRule::cast(r); + + return NATCompiler::debugPrintRule(rule)+ + " "+rule->getInterfaceId()+ + " "+rule->getStr("ipt_chain")+ + " "+rule->getStr("ipt_target")+ + " (type="+rule->getRuleTypeAsString()+")"; +} + + +int NATCompiler_ipt::prolog() +{ + int n=NATCompiler::prolog(); + + if ( n>0 ) + { + bool found_ext=false; + list l2=fw->getByType(Interface::TYPENAME); + for (list::iterator i=l2.begin(); i!=l2.end(); ++i) + { + Interface *iface=dynamic_cast(*i); + assert(iface); + + if ( iface->isExt() ) found_ext=true; + if ( iface->isDyn()) iface->setBool("use_var_address",true); + } + + if (!found_ext) + throw FWException(_("At least one interface should be marked as external, can not configure NAT")); + } + + return n; +} + + +void NATCompiler_ipt::_expandInterface(Interface *iface, + std::list &ol) +{ + std::list nol; + + Compiler::_expandInterface(iface,ol); + + physAddress *pa=iface->getPhysicalAddress(); +/* + * we use physAddress only if Host option "use_mac_addr_filter" of the + * parent Host object is true + */ + FWObject *p; + FWOptions *hopt; + p=iface->getParent(); + bool use_mac= (Host::cast(p)!=NULL && + (hopt=Host::cast(p)->getOptionsObject())!=NULL && + hopt->getBool("use_mac_addr_filter") ); + +/* + * Compiler::_expandInterface picks all IPv4 objects under Interface; + * it can also put interface itself into the list ol. + */ + for (std::list::iterator j=ol.begin(); j!=ol.end(); j++) + { + if (physAddress::cast(*j)!=NULL) continue; + + IPv4 *ipv4=IPv4::cast(*j); + if (ipv4!=NULL && use_mac && pa!=NULL) + { + combinedAddress *ca=new combinedAddress(dbcopy,true); + dbcopy->add(ca); + dbcopy->addToIndex(ca); + cacheObj(ca); + ca->setName( "CA("+iface->getName()+")" ); + ca->setAddress( ipv4->getAddress() ); + ca->setNetmask( ipv4->getNetmask() ); + ca->setPhysAddress( pa->getPhysAddress() ); + nol.push_back(ca); + } else + nol.push_back(*j); // if this is not IPv4, or we do not need to deal with MAC address + } + ol.clear(); + ol=nol; +} + +/* + * call this processor after classifyNATRules + */ +bool NATCompiler_ipt::ConvertLoadBalancingRules::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + tmp_queue.push_back(rule); + + if (rule->getRuleType()==NATRule::LB) + { + RuleElementTDst *tdst=rule->getTDst(); assert(tdst); + + list al; + for(list::iterator i=tdst->begin(); i!=tdst->end(); i++) + { + FWObject *o= *i; + FWObject *obj = NULL; + if (FWReference::cast(o)!=NULL) obj=FWReference::cast(o)->getPointer(); + Address *a=Address::cast(obj); + + al.push_back( a->getAddress() ); + } + + al.sort(); + + IPAddress a1=al.front(); + list::iterator j=al.begin(); + j++; + + for ( ; j!=al.end(); j++) + { +/* I use temporary AddressRange object here because it takes care of + * big endian/little endian conversion for me + */ + AddressRange tar; + tar.setRangeStart( a1 ); + tar.setRangeEnd( *j ); + if ( tar.dimension() != 2 ) + { + compiler->abort( + string( _("Non-contiguous address range in Translated Destination in load balancing NAT rule ") )+ + rule->getLabel()); + } + a1= *j; + } + + AddressRange *ar= AddressRange::cast(compiler->dbcopy->create(AddressRange::TYPENAME) ); + ar->setRangeStart( al.front() ); + ar->setRangeEnd( al.back() ); + ar->setName(string("%")+al.front().toString()+"-"+al.back().toString()+"%" ); + compiler->cacheObj(ar); // to keep cache consistent + compiler->dbcopy->add(ar,false); + tdst->clearChildren(); + tdst->addRef(ar); + + rule->setRuleType(NATRule::DNAT); + } + + return true; +} + +/* + * This processor should be called after classifyNATRule. Should call + * classifyNATRule after this processor again. + * + * This algorithm is very much specific to iptables. Platforms where + * this simple algorithm for SDNAT rules is not appropriate, should + * either implement equivalent of this processor using different + * algorithm, or should catch SDNAT rules and abort in their own + * verifyNATRule processor. + */ +bool NATCompiler_ipt::splitSDNATRule::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + if ( rule->getRuleType()==NATRule::SDNAT) + { +// RuleElementOSrc *osrc; + RuleElementODst *odst; + RuleElementOSrv *osrv; + RuleElementTSrc *tsrc; + RuleElementTDst *tdst; + +/* first rule translates destination and may translate service (depends + * on the original rule) */ + NATRule *r = NATRule::cast( compiler->dbcopy->create(NATRule::TYPENAME) ); + r->duplicate(rule); + compiler->temp_ruleset->add(r); + r->setRuleType(NATRule::Unknown); + + tsrc=r->getTSrc(); + tsrc->clearChildren(); + tsrc->setAnyElement(); + + tmp_queue.push_back(r); + +/* the second rule translates source and uses translated object in + * ODst. Since the service could have been translated by the first + * rule, we use TSrv in OSrv */ + r = NATRule::cast( compiler->dbcopy->create(NATRule::TYPENAME) ); + r->duplicate(rule); + compiler->temp_ruleset->add(r); + r->setRuleType(NATRule::Unknown); + +/* if original rule involved negation in ODst, it should be processed + * in the first of the two rules we create for SDNAT. Negation in OSrc + * must be processed in both rules since the first rule does not + * change OSrc + */ + + odst=r->getODst(); + odst->setNeg(false); + + odst->clearChildren(); + for (FWObject::iterator i=rule->getTDst()->begin(); i!=rule->getTDst()->end(); i++) + odst->add( *i ); + + if ( ! rule->getTSrv()->isAny()) + { + osrv=r->getOSrv(); + osrv->clearChildren(); + for (FWObject::iterator i=rule->getTSrv()->begin(); i!=rule->getTSrv()->end(); i++) + osrv->add( *i ); + } + + tdst=r->getTDst(); + tdst->clearChildren(); + tdst->setAnyElement(); + + tmp_queue.push_back(r); + } + else + tmp_queue.push_back(rule); + + return true; +} + + +bool NATCompiler_ipt::VerifyRules::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + tmp_queue.push_back(rule); + + RuleElementOSrc *osrc=rule->getOSrc(); assert(osrc); + RuleElementODst *odst=rule->getODst(); assert(odst); + RuleElementOSrv *osrv=rule->getOSrv(); assert(osrv); + + RuleElementTSrc *tsrc=rule->getTSrc(); assert(tsrc); + RuleElementTDst *tdst=rule->getTDst(); assert(tdst); + RuleElementTSrv *tsrv=rule->getTSrv(); assert(tsrv); + + if (tsrc->getNeg()) + throw FWException(_("Can not use negation in translated source. Rule ")+rule->getLabel()); + + if (tdst->getNeg()) + throw FWException(_("Can not use negation in translated destination. Rule ")+rule->getLabel()); + + if (tsrv->getNeg()) + throw FWException(_("Can not use negation in translated service. Rule ")+rule->getLabel()); + + if (tsrv->size()!=1) + throw FWException(_("Translated service should be 'Original' or should contain single object. Rule: ")+rule->getLabel()); + + if ( Group::cast( compiler->getFirstTSrv(rule) )!=NULL) + throw FWException(_("Can not use group in translated service. Rule ")+rule->getLabel()); + + + if (rule->getRuleType()==NATRule::LB) + throw FWException(_("Load balancing rules are not supported. Rule ")+rule->getLabel()); + + + if (rule->getRuleType()==NATRule::DNAT) + { +/* + * check removed per bug report #780708 07/31/03 --vk + * + * multiple objects in ODST are allowed only in port translation rules + * that do not change destination address. Such rules must have TDST==any + * + if ( odst->size()!=1 && ! tdst->isAny() ) + throw FWException(_("There should be no more than one object in original destination in the rule ")+rule->getLabel()); + */ + +/* + * check removed per bug report #566172 06/07/02 --vk + * + * + if ( odst->isAny() ) + throw FWException("Original destination can not be 'any' in DNAT rule. Rule "+rule->getLabel()); + + Address* o2=odst->getFirst(true); + if ( ! Host::isA(o2) && ! Firewall::isA(o2) ) + throw FWException("Original destination must be host or firewall for this type of NAT rule. Rule "+rule->getLabel()); +*/ + +/* + * check if we have specific IP address to use in odst + * + * disabled to fix a bug #562173 (bug created per user's request on + * Open Forum) 05/29/02 --vk + * + bool find_ext_static_address=false; + FWObjectTypedChildIterator j=o2->findByType(Interface::TYPENAME); + for ( ; j!=j.end(); ++j ) { + Interface *iface=Interface::cast(*j); + if ( ! iface->isLoopback() && iface->isExt() && ! iface->isDyn() ) + find_ext_static_address=true; + } + if ( ! find_ext_static_address && Host::isA(o2) ) + find_ext_static_address=true; + + if ( ! find_ext_static_address ) { + if ( Firewall::isA(o2) ) + throw FWException("Could not find appropriate address for original destination: external interface of the firewall has dynamic address. Rule "+rule->getLabel()); + else + throw FWException("Could not find appropriate address for original destination. Rule "+rule->getLabel()); + } +*/ + } + + if (rule->getRuleType()==NATRule::SNAT ) + { +// if ( tsrc->size()!=1) +// throw FWException(_("There should be no more than one object in translated source in the rule ")+rule->getLabel()); + + Address* o1=compiler->getFirstTSrc(rule); + if ( ! tsrc->isAny() && Network::cast(o1)!=NULL) + throw FWException(_("Can not use network object in translated source. Rule ")+rule->getLabel()); + } + + + if (rule->getRuleType()==NATRule::SNetnat && !tsrc->isAny() ) + { + Network *a1=Network::cast(compiler->getFirstOSrc(rule)); + Network *a2=Network::cast(compiler->getFirstTSrc(rule)); + if ( a1==NULL || a2==NULL || + a1->getNetmask().getLength()!=a2->getNetmask().getLength() ) + throw FWException(_("Original and translated source should both be networks of the same size . Rule ")+rule->getLabel()); + } + + if (rule->getRuleType()==NATRule::DNetnat && !tsrc->isAny() ) + { + Network *a1=Network::cast(compiler->getFirstODst(rule)); + Network *a2=Network::cast(compiler->getFirstTDst(rule)); + if ( a1==NULL || a2==NULL || + a1->getNetmask().getLength()!=a2->getNetmask().getLength() ) + throw FWException(_("Original and translated destination should both be networks of the same size . Rule ")+rule->getLabel()); + } + + return true; +} + +/* + * this should be called only after splitServices, so that we have + * objects of the same type in OSrv and either "any" or a single + * object in TSrv + */ +bool NATCompiler_ipt::VerifyRules2::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + tmp_queue.push_back(rule); + + if (rule->getRuleType()!= NATRule::Return) + { + RuleElementOSrv *osrv=rule->getOSrv(); assert(osrv); + RuleElementTSrv *tsrv=rule->getTSrv(); assert(tsrv); + + Service *s1=compiler->getFirstOSrv(rule); + Service *s2=compiler->getFirstTSrv(rule); + + if (osrv->isAny() && ! tsrv->isAny()) + throw FWException(_("Can not use service object in Translated Service if Original Service is 'Any'. Rule ")+rule->getLabel()); + + if (!tsrv->isAny() && s1->getProtocolNumber()!=s2->getProtocolNumber()) + throw FWException(_("Translated Service should be either 'Original' or should contain object of the same type as Original Service. Rule ")+rule->getLabel()); + } + return true; +} + +bool NATCompiler_ipt::convertToAtomicportForOSrv::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + if (rule->getOSrv()->size()>1 && ! rule->getTSrv()->isAny()) + { + RuleElementOSrv *osrv=rule->getOSrv(); assert(osrv); + + for (FWObject::iterator i1=osrv->begin(); i1!=osrv->end(); ++i1) + { + NATRule *r = NATRule::cast( + compiler->dbcopy->create(NATRule::TYPENAME) ); + r->duplicate(rule); + compiler->temp_ruleset->add(r); + + FWObject *s; + + s=r->getOSrv(); assert(s); + s->clearChildren(); + s->add( *i1 ); + + tmp_queue.push_back(r); + } + } + else + tmp_queue.push_back(rule); + + return true; +} + +bool NATCompiler_ipt::portTranslationRules::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + Address *odst=compiler->getFirstODst(rule); +// Service *osrv=compiler->getFirstOSrv(rule); + + Address *tsrc=compiler->getFirstTSrc(rule); + Address *tdst=compiler->getFirstTDst(rule); + Service *tsrv=compiler->getFirstTSrv(rule); + + if (rule->getRuleType() == NATRule::DNAT && + tsrc->isAny() && tdst->isAny() && ! tsrv->isAny() && odst->getId()==compiler->fw->getId() ) + { + rule->getTDst()->addRef( odst ); + } + + tmp_queue.push_back(rule); + + return true; +} + +bool NATCompiler_ipt::specialCaseWithRedirect::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + Address *tdst=compiler->getFirstTDst(rule); + +/* we consider rule redirect only if TDst is a firewall object */ + if (rule->getRuleType() == NATRule::DNAT && tdst->getId()==compiler->fw->getId()) + rule->setRuleType(NATRule::Redirect); + + tmp_queue.push_back(rule); + + return true; +} + +bool NATCompiler_ipt::splitOnODst::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementODst *odst=rule->getODst(); assert(odst); + if (rule->getRuleType()==NATRule::DNAT && odst->size()!=1) + { + for(list::iterator i=odst->begin(); i!=odst->end(); ++i) + { + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + Address *a=Address::cast( o ); + assert(a); + + NATRule *r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + RuleElementODst *nodst=r->getODst(); + nodst->clearChildren(); + + nodst->addRef( a ); + + tmp_queue.push_back( r ); + } + } else + tmp_queue.push_back(rule); + + return true; +} + + +bool NATCompiler_ipt::splitOnOSrv::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementOSrv *osrv=rule->getOSrv(); assert(osrv); + if (osrv->size()!=1) + { + for(list::iterator i=osrv->begin(); i!=osrv->end(); ++i) + { + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + Service *s=Service::cast( o ); + assert(s); + + NATRule *r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + RuleElementOSrv *nosrv=r->getOSrv(); + nosrv->clearChildren(); + + nosrv->addRef( s ); + + tmp_queue.push_back( r ); + } + } else + tmp_queue.push_back(rule); + + return true; +} + +bool NATCompiler_ipt::fillTranslatedSrv::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + tmp_queue.push_back(rule); + + Service *osrv_o=compiler->getFirstOSrv(rule); + Service *tsrv_o=compiler->getFirstTSrv(rule); + + if ( ! osrv_o->isAny() && tsrv_o->isAny() ) { + RuleElementTSrv *tsrv=rule->getTSrv(); + tsrv->addRef(osrv_o); + } + return true; +} + +bool NATCompiler_ipt::addVirtualAddress::processNext() +{ + FWOptions* options=compiler->fw->getOptionsObject(); + NATRule *rule=getNext(); if (rule==NULL) return false; + + tmp_queue.push_back(rule); + + Address *a=NULL; + + if (rule->getRuleType()==NATRule::SNAT || rule->getRuleType()==NATRule::DNAT) + { + if (rule->getRuleType()==NATRule::SNAT) + a=compiler->getFirstTSrc(rule); + else + a=compiler->getFirstODst(rule); + + if ( ! a->isAny() && ! compiler->complexMatch(a,compiler->fw) && + options->getBool("manage_virtual_addr") ) + { + if (AddressRange::cast(a)!=NULL) + { + compiler->warning(string(_("Adding of virtual address for address range is not implemented (object ")) + + a->getName() + ")" ); + } else + compiler->osconfigurator->addVirtualAddressForNAT( a ); + } + return true; + } + + + if (rule->getRuleType()==NATRule::SNetnat || rule->getRuleType()==NATRule::DNetnat) + { + if (rule->getRuleType()==NATRule::SNetnat) + a=compiler->getFirstTSrc(rule); + else + a=compiler->getFirstODst(rule); + + if ( ! a->isAny() && Network::cast(a) ) + compiler->osconfigurator->addVirtualAddressForNAT( Network::constcast(a) ); + + return true; + } + + return true; +} + +bool NATCompiler_ipt::splitRuleIfRuleElementIsDynamicInterface::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + RuleElement *re=RuleElement::cast(rule->getFirstByType(re_type)); + int nre=re->size(); + + vector cl; + + for(list::iterator i=re->begin(); nre>1 && i!=re->end(); ++i) + { + FWObject *o= *i; + FWObject *obj = NULL; + if (FWReference::cast(o)!=NULL) obj=FWReference::cast(o)->getPointer(); + Interface *iface=Interface::cast(obj); + if (iface!=NULL && !iface->isRegular()) + { + cl.push_back(o); // can not remove right now because remove invalidates iterator + nre--; + + NATRule *new_rule= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) ); + compiler->temp_ruleset->add(new_rule); + new_rule->duplicate(rule); + RuleElement *new_re=RuleElement::cast(new_rule->getFirstByType(re_type)); + new_re->clearChildren(); + new_re->setAnyElement(); + new_re->addRef( iface ); + tmp_queue.push_back(new_rule); + } + } + if (!cl.empty()) { + for (vector::iterator i1=cl.begin(); i1!=cl.end(); ++i1) + re->remove( (*i1) ); + } + + tmp_queue.push_back(rule); + + return true; +} + + + +bool NATCompiler_ipt::specialCaseWithUnnumberedInterface::dropUnnumberedInterface(RuleElement *re) +{ + if (re->isAny()) return true; + list cl; + for (list::iterator i1=re->begin(); i1!=re->end(); ++i1) + { + FWObject *o = *i1; + FWObject *obj = o; + if (FWReference::cast(o)!=NULL) obj=FWReference::cast(o)->getPointer(); + Interface *ifs =Interface::cast( obj ); + + if (ifs!=NULL && + (ifs->isUnnumbered() || ifs->isBridgePort()) + ) cl.push_back(obj); + } + if (!cl.empty()) + { + for (list::iterator i1=cl.begin(); i1!=cl.end(); ++i1) + re->removeRef( (*i1) ); + } + return (!re->isAny()); +} + +bool NATCompiler_ipt::specialCaseWithUnnumberedInterface::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + bool keep_rule=true; + switch (rule->getRuleType()) { + case NATRule::Masq: + case NATRule::SNAT: + keep_rule=dropUnnumberedInterface( rule->getOSrc() ); + break; + case NATRule::DNAT: + keep_rule=dropUnnumberedInterface( rule->getODst() ); + break; + default: ; + } + if (keep_rule) tmp_queue.push_back(rule); + return true; +} + + +/* + * I assume that there is always only one object in ODst, TSrc and TDst + * rule elements. This should have been assured by inspector VerifyRules + */ +bool NATCompiler_ipt::ReplaceFirewallObjectsODst::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + tmp_queue.push_back(rule); + + list cl; + RuleElementODst *rel; + Address *obj=NULL; + + switch (rule->getRuleType()) { + + case NATRule::Masq: +// case NATRule::Redirect: + return true; + default: + rel=rule->getODst(); assert(rel); + obj=compiler->getFirstODst(rule); assert(obj!=NULL); + + if (obj->getId()==compiler->getFwId() ) + { + + list l2=compiler->fw->getByType(Interface::TYPENAME); + for (list::iterator i=l2.begin(); i!=l2.end(); ++i) { + Interface *interface_=Interface::cast(*i); +/* + * Right now I build DNAT and Redirect rules only for external interface. + * This actually implies some sort of assymmetric firewall; it does + * not have to be like this. + * + * TODO: add platform-specific fw option "Generate NAT rules for all + * interfaces" and use here all interfaces , not only external ones. + * Do this for v1.0.4. Modify verification code in verifyRules + * accordingly. The same applies to ReplaceFirewallObjectsTSrc + * + * Note 05/29/02: I do not check if external interface is dynamic anymore + * see bug #562173 --vk + * + * + * if (! interface_->isLoopback() && + * interface_->isExt() && + * ! interface_->isDyn() ) cl.push_back(interface_); + * + * update 03/20/03: + * + * generally we assume that if firewall object is used in the rule, + * then any or all its interface will be used. This means that if + * firewall is in ODst we should really use all of its interfaces, not + * only external ones. + */ + if (! interface_->isLoopback() ) cl.push_back(interface_); + +// if (! interface_->isLoopback() && +// interface_->isExt() ) cl.push_back(interface_); + } + if ( ! cl.empty() ) { + while (rel->size()) + rel->remove( rel->front() ); + + for (FWObject::iterator i1=cl.begin(); i1!=cl.end(); ++i1) + { + rel->addRef( *i1 ); + } + } + } + } + return true; +} + +/* + * This processor works together with ConvertToAtomicRules and + * AssignInterfaces. If firewall object is used in TSrc of SNAT rule, + * it gets replaced with its interfaces. ConvertToAtomicRules slits + * this rule onto atomic rules, each of which has one interface object + * in TSrc. AssigInterfaces then assigns each atomic rule to + * corresponding interface. + * + * it seems the simplest way is just to assign SNAT rule to all + * interfaces if firewall is used in TSrc. This automatically takes + * care of weird cases where people use address that belongs to subnet + * of one interface to do translation of packets going out through + * another interface. Basically, compiler does not have information + * about routing, so we have no choice but assume the routing can be + * anything and assign the rule to all interfaces. + */ +bool NATCompiler_ipt::ReplaceFirewallObjectsTSrc::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + tmp_queue.push_back(rule); + + list cl; + RuleElementTSrc *rel; + Address *obj=NULL; + + switch (rule->getRuleType()) { + + case NATRule::Masq: + case NATRule::Redirect: return true; + + default: + rel=rule->getTSrc(); assert(rel); + obj=compiler->getFirstTSrc(rule); assert(obj!=NULL); + + if (obj->getId()==compiler->getFwId() ) + { + Address *odst=compiler->getFirstODst(rule); + + rel->clearChildren(); + + Interface *iface=compiler->findInterfaceFor(odst,compiler->fw); + + if (!odst->isAny() && iface!=NULL) rel->addRef(iface); + else // else use all interfaces except loopback and unnumbered ones + { + list l2=compiler->fw->getByType(Interface::TYPENAME); + for (list::iterator i=l2.begin(); i!=l2.end(); ++i) + { + Interface *iface=Interface::cast(*i); + if (! iface->isLoopback() && + ! iface->isUnnumbered() && + ! iface->isBridgePort() + ) + rel->addRef( *i ); + } + for (FWObject::iterator i1=cl.begin(); i1!=cl.end(); ++i1) + rel->addRef( *i1 ); + +/* it is an error if rule element is empty at this point. this could have + * happened if all external interfaces are unnumbered */ + if (rel->size()==0) + { + char errmsg[1024]; + sprintf(errmsg, +_("Could not find suitable interface for the NAT rule %s. Perhaps all interfaces are unnumbered?"), + rule->getLabel().c_str() ); + compiler->abort(errmsg); + } + } + } + } + return true; +} + +bool NATCompiler_ipt::dynamicInterfaceInODst::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + tmp_queue.push_back(rule); + + RuleElementODst *odstrel=rule->getODst(); assert(odstrel); + Address *odst =compiler->getFirstODst(rule); + if ( ! odstrel->isAny() ) + { + Interface *iface =Interface::cast(odst); + if (iface!=NULL && iface->isDyn()) + { + ; +// iface->setBool("use_var_address",true); +// odstrel->clearChildren(); +// odstrel->setAnyElement(); + } + } + return true; +} + +bool NATCompiler_ipt::splitMultiSrcAndDst::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementOSrv *osrv=rule->getOSrv(); + RuleElementOSrc *osrc=rule->getOSrc(); + RuleElementODst *odst=rule->getODst(); + RuleElementOSrc *rosrc; + RuleElementODst *rodst; + + int nosrv=osrv->size(); + int nosrc=osrc->size(); + int nodst=odst->size(); + +/* + * Return if service is set - svcs my introduce complications and I'm + * treading carefully here. + * We don't handle anything thats redirect, MASQ yet - just NONAT,SNAT & DNAT + * We also check we've got multiple rules to deal with - we can't optimize + * 1 src with 1 dst ... + */ + + if ((nosrv>1 || !(osrv->isAny())) || + (nosrc<1 || osrc->isAny()) || + (nodst<1 || odst->isAny()) || + (nosrc==1 && nodst==1) ) + { + tmp_queue.push_back(rule); + return true; + } + + switch (rule->getRuleType()) { + case NATRule::NONAT: + case NATRule::SNAT: + case NATRule::DNAT: + { +// get old chain name create new chain name + string new_chain=NATCompiler_ipt::getNewTmpChainName(rule); +// create new rule + NATRule *r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); +// move existing rule onto new chain + rule->setStr("ipt_chain",new_chain); +// we've already tested for interface .... + rule->setInterfaceStr("nil"); +// new rule points to new chain, continues if no match + r->setStr("ipt_target",new_chain); + +// Now decide which way round would be best ... + if (nosrc < nodst) + { + rodst=r->getODst(); rodst->clearChildren(); rodst->setAnyElement(); + osrc->clearChildren(); osrc->setAnyElement(); + } else { + rosrc=r->getOSrc(); rosrc->clearChildren(); rosrc->setAnyElement(); + odst->clearChildren(); odst->setAnyElement(); + } + + tmp_queue.push_back(r); + + } + break; + default: ; + } + + tmp_queue.push_back(rule); + + return true; +} + +bool NATCompiler_ipt::dynamicInterfaceInTSrc::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + tmp_queue.push_back(rule); + + Address *tsrc=compiler->getFirstTSrc(rule); + + if (rule->getRuleType()==NATRule::SNAT && + Interface::cast(tsrc)!=NULL && !Interface::cast(tsrc)->isRegular()) + { + + rule->setRuleType(NATRule::Masq); + + if ( rule->getStr("ipt_target")=="" || rule->getStr("ipt_target")=="SNAT" ) + rule->setStr("ipt_target","MASQUERADE"); + } + return true; +} + +/** + * unlike standard inspector addressRanges in the base class NATCompiler, + * this one does not expand address ranges in TSrc and TDst because + * iptables supports ranges in those rule elements + */ +bool NATCompiler_ipt::ExpandAddressRanges::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + tmp_queue.push_back(rule); + + RuleElement *rel; + + rel=rule->getOSrc(); assert(rel); + compiler->_expandAddressRanges(rule,rel); + rel=rule->getODst(); assert(rel); + compiler->_expandAddressRanges(rule,rel); + return true; +} + + + +void NATCompiler_ipt::checkForDynamicInterfacesOfOtherObjects::findDynamicInterfaces(RuleElement *re, + Rule *rule) +{ + if (re->isAny()) return; + + list cl; + for (list::iterator i1=re->begin(); i1!=re->end(); ++i1) + { + FWObject *o = *i1; + FWObject *obj = o; + if (FWReference::cast(o)!=NULL) obj=FWReference::cast(o)->getPointer(); + Interface *ifs =Interface::cast( obj ); + + if (ifs!=NULL && ifs->isDyn() && ! ifs->isChildOf(compiler->fw)) + { +#if 0 + cerr << "NATCompiler_ipt::checkForDynamicInterfacesOfOtherObjects" << endl; + cerr << "ifs: " << endl; + ifs->dump(true,true); + cerr << endl; + cerr << "fw: " << endl; + compiler->fw->dump(true,true); + cerr << endl; +#endif + char errstr[2048]; + sprintf(errstr,_("Can not build rule using dynamic interface '%s' of the object '%s' because its address in unknown. Rule %s"), + ifs->getName().c_str(), + ifs->getParent()->getName().c_str(), + rule->getLabel().c_str() ); + + throw FWException(errstr); + } + } +} + + +bool NATCompiler_ipt::checkForDynamicInterfacesOfOtherObjects::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + findDynamicInterfaces( rule->getOSrc() , rule ); + findDynamicInterfaces( rule->getODst() , rule ); + findDynamicInterfaces( rule->getTSrc() , rule ); + findDynamicInterfaces( rule->getTDst() , rule ); + + tmp_queue.push_back(rule); + return true; +} + + + + +bool NATCompiler_ipt::splitServices::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementOSrv *srv=rule->getOSrv(); + + if (srv->size()==1) { + tmp_queue.push_back(rule); + return true; + } + + map > services; + + for (FWObject::iterator i=srv->begin(); i!=srv->end(); i++) + { + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + + Service *s=Service::cast( o ); + assert(s); + + int proto=s->getProtocolNumber(); + services[proto].push_back(s); + } + + for (map >::iterator i=services.begin(); i!=services.end(); i++) { + list &sl=(*i).second; + + NATRule *r= NATRule::cast( + compiler->dbcopy->create(NATRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + RuleElementOSrv *nsrv=r->getOSrv(); + nsrv->clearChildren(); + + for (list::iterator j=sl.begin(); j!=sl.end(); j++) { + nsrv->addRef( (*j) ); + } + + tmp_queue.push_back(r); + + } + return true; +} + +bool NATCompiler_ipt::separatePortRanges::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementOSrv *rel= rule->getOSrv(); + + if (rel->size()==1) { + tmp_queue.push_back(rule); + return true; + } + + list services; + for (FWObject::iterator i=rel->begin(); i!=rel->end(); i++) { + + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + Service *s=Service::cast(o); + assert(s!=NULL); + + if ( TCPService::isA(s) || UDPService::isA(s) ) { + int srs=s->getInt("src_range_start"); + int sre=s->getInt("src_range_end"); + int drs=s->getInt("dst_range_start"); + int dre=s->getInt("dst_range_end"); + + compiler->normalizePortRange(srs,sre); + compiler->normalizePortRange(drs,dre); + + if (srs!=sre || drs!=dre) { + NATRule *r= NATRule::cast( + compiler->dbcopy->create(NATRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + RuleElementOSrv *nsrv=r->getOSrv(); + nsrv->clearChildren(); + nsrv->addRef( s ); + tmp_queue.push_back(r); + services.push_back(s); + } + } + } + for (list::iterator i=services.begin(); i!=services.end(); i++) + rel->removeRef( (*i) ); + + if (!rel->isAny()) + tmp_queue.push_back(rule); + + return true; +} + +bool NATCompiler_ipt::separateSourcePorts::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementOSrv *rel= rule->getOSrv(); + + if (rel->size()==1) { + tmp_queue.push_back(rule); + return true; + } + + NATRule *rule_4_src_ports=NULL; + RuleElementOSrv *nsrv = NULL; + + list services; + for (FWObject::iterator i=rel->begin(); i!=rel->end(); i++) + { + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + Service *s=Service::cast(o); + assert(s!=NULL); + + if ( TCPService::isA(s) || UDPService::isA(s) ) { + int srs=s->getInt("src_range_start"); + int sre=s->getInt("src_range_end"); + + compiler->normalizePortRange(srs,sre); + + if (srs!=0 || sre!=0) + { + if (rule_4_src_ports==NULL) + { + rule_4_src_ports= NATRule::cast( + compiler->dbcopy->create(NATRule::TYPENAME) ); + compiler->temp_ruleset->add(rule_4_src_ports); + rule_4_src_ports->duplicate(rule); + nsrv=rule_4_src_ports->getOSrv(); + nsrv->clearChildren(); + tmp_queue.push_back(rule_4_src_ports); + } + assert(nsrv!=NULL); + nsrv->addRef( s ); + services.push_back(s); + } + } + } + for (list::iterator i=services.begin(); i!=services.end(); i++) + rel->removeRef( (*i) ); + + if (!rel->isAny()) + tmp_queue.push_back(rule); + + return true; +} + +bool NATCompiler_ipt::separateSourceAndDestinationPorts::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementOSrv *rel= rule->getOSrv(); + + if (rel->size()==1) { + tmp_queue.push_back(rule); + return true; + } + + NATRule *nrule=NULL; + RuleElementOSrv *nsrv = NULL; + + list services; + for (FWObject::iterator i=rel->begin(); i!=rel->end(); i++) + { + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + Service *s=Service::cast(o); + assert(s!=NULL); + + if ( TCPService::isA(s) || UDPService::isA(s) ) { + int srs=s->getInt("src_range_start"); + int sre=s->getInt("src_range_end"); + int drs=s->getInt("dst_range_start"); + int dre=s->getInt("dst_range_end"); + + compiler->normalizePortRange(srs,sre); + compiler->normalizePortRange(drs,dre); + + if ( (srs!=0 || sre!=0) && (drs!=0 || dre!=0) ) + { + if (nrule==NULL) + { + nrule= NATRule::cast( + compiler->dbcopy->create(NATRule::TYPENAME) ); + compiler->temp_ruleset->add(nrule); + nrule->duplicate(rule); + nsrv=nrule->getOSrv(); + nsrv->clearChildren(); + tmp_queue.push_back(nrule); + } + assert(nsrv!=NULL); + nsrv->addRef( s ); + services.push_back(s); + } + } + } + for (list::iterator i=services.begin(); i!=services.end(); i++) + rel->removeRef( (*i) ); + + if (!rel->isAny()) + tmp_queue.push_back(rule); + + return true; +} + + +bool NATCompiler_ipt::prepareForMultiport::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementOSrv *rel= rule->getOSrv(); + Service *srv= compiler->getFirstOSrv(rule); + + if (rel->size()==1) { + tmp_queue.push_back(rule); + return true; + } + +/* + * processor splitServices should have been called eariler, so now all + * services in Srv are of the same type + */ + if (TCPService::isA(srv) || UDPService::isA(srv)) + { + rule->setBool("ipt_multiport",true); +/* make sure we have no more than 15 ports */ + if (rel->size()>15) + { + int n=0; + NATRule *r; + RuleElementOSrv *nsrv=NULL; + for (FWObject::iterator i=rel->begin(); i!=rel->end(); i++) + { + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + + Service *s=Service::cast( o ); + assert(s); + + if (n==0) + { + r= NATRule::cast( + compiler->dbcopy->create(NATRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + nsrv=r->getOSrv(); + nsrv->clearChildren(); + tmp_queue.push_back(r); + } + assert(nsrv!=NULL); + nsrv->addRef( s ); + if (++n>=15) n=0; + } + } else { + tmp_queue.push_back(rule); + } + +// tmp_queue.push_back(rule); + } else + tmp_queue.push_back(rule); + return true; +} + +bool NATCompiler_ipt::splitMultipleICMP::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementOSrv *rel= rule->getOSrv(); + Service *srv= compiler->getFirstOSrv(rule); + + if (rel->size()==1) { + tmp_queue.push_back(rule); + return true; + } + + if (ICMPService::isA(srv)) + { + NATRule *r; + RuleElementOSrv *nsrv; + for (FWObject::iterator i=rel->begin(); i!=rel->end(); i++) + { + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + + Service *s=Service::cast( o ); + assert(s); + + r= NATRule::cast( compiler->dbcopy->create(NATRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + nsrv=r->getOSrv(); + nsrv->clearChildren(); + nsrv->addRef( s ); + tmp_queue.push_back(r); + } + } else + tmp_queue.push_back(rule); + return true; +} + +bool NATCompiler_ipt::doOSrcNegation::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementOSrc *osrcrel=rule->getOSrc(); + +/* ! A B C */ + + if (osrcrel->getNeg()) { + NATRule *r; + RuleElementOSrc *nsrc; + RuleElementODst *ndst; + RuleElementOSrv *nsrv; + + RuleElementTSrc *ntsrc; + RuleElementTDst *ntdst; + RuleElementTSrv *ntsrv; + + string new_chain=NATCompiler_ipt::getNewTmpChainName(rule); + osrcrel->setNeg(false); +/* + * negation in OSrc : + * + * CHAIN !A B C RULE_TYPE TARGET + *----------------------------------------------- + * ----- any B C SNAT/DNAT TMP_CHAIN + * TMP_CHAIN A any any RETURN RETURN + * TMP_CHAIN any any C SNAT/DNAT --------- + */ + r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + nsrc=r->getOSrc(); nsrc->clearChildren(); nsrc->setAnyElement(); +// ntsrc=r->getTSrc(); ntsrc->clearChildren(); ntsrc->setAnyElement(); +// ntdst=r->getTDst(); ntdst->clearChildren(); ntdst->setAnyElement(); +// r->setRuleType(NATRule::Continue); + r->setStr("ipt_target",new_chain); +// r->setBool("rule_added_for_osrc_neg",true); + tmp_queue.push_back(r); + +/* TMP_CHAIN A any any RETURN */ + r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + ndst=r->getODst(); ndst->clearChildren(); ndst->setAnyElement(); + nsrv=r->getOSrv(); nsrv->clearChildren(); nsrv->setAnyElement(); + ntsrc=r->getTSrc(); ntsrc->clearChildren(); ntsrc->setAnyElement(); + ntdst=r->getTDst(); ntdst->clearChildren(); ntdst->setAnyElement(); + ntsrv=r->getTSrv(); ntsrv->clearChildren(); ntsrv->setAnyElement(); + ndst->setNeg(false); + nsrv->setNeg(false); + r->setRuleType(NATRule::Return); + r->setStr("ipt_target","RETURN"); + r->setStr("ipt_chain",new_chain); + r->setInterfaceStr("nil"); + r->setBool("rule_added_for_osrc_neg",true); + tmp_queue.push_back(r); + +/* TMP_CHAIN any any C ACTION */ + r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + nsrc=r->getOSrc(); nsrc->clearChildren(); nsrc->setAnyElement(); + ndst=r->getODst(); ndst->clearChildren(); ndst->setAnyElement(); + nsrv=r->getOSrv(); + ndst->setNeg(false); + nsrv->setNeg(false); + r->setStr("ipt_chain",new_chain); + r->setInterfaceStr("nil"); + r->setBool("rule_added_for_osrc_neg",true); + tmp_queue.push_back(r); + + } else + tmp_queue.push_back(rule); + + return true; +} + +bool NATCompiler_ipt::doODstNegation::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementODst *odstrel=rule->getODst(); + +/* ! A B C */ + + if (odstrel->getNeg()) { + NATRule *r; + RuleElementOSrc *nsrc; + RuleElementODst *ndst; + RuleElementOSrv *nsrv; + + RuleElementTSrc *ntsrc; + RuleElementTDst *ntdst; + RuleElementTSrv *ntsrv; + + string new_chain=NATCompiler_ipt::getNewTmpChainName(rule); + odstrel->setNeg(false); +/* + * negation in Odst : + * + * CHAIN A !B C RULE_TYPE TARGET + *----------------------------------------------- + * ----- A any C SNAT/DNAT TMP_CHAIN + * TMP_CHAIN any B any RETURN RETURN + * TMP_CHAIN any any C SNAT/DNAT --------- + */ + r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + ndst=r->getODst(); ndst->clearChildren(); ndst->setAnyElement(); +// ntsrc=r->getTSrc(); ntsrc->clearChildren(); ntsrc->setAnyElement(); +// ntdst=r->getTDst(); ntdst->clearChildren(); ntdst->setAnyElement(); +// r->setRuleType(NATRule::Continue); + r->setStr("ipt_target",new_chain); + r->setBool("rule_added_for_odst_neg",true); + tmp_queue.push_back(r); + +/* TMP_CHAIN any B any RETURN */ + r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + nsrc=r->getOSrc(); nsrc->clearChildren(); nsrc->setAnyElement(); + nsrv=r->getOSrv(); nsrv->clearChildren(); nsrv->setAnyElement(); + ntsrc=r->getTSrc(); ntsrc->clearChildren(); ntsrc->setAnyElement(); + ntdst=r->getTDst(); ntdst->clearChildren(); ntdst->setAnyElement(); + ntsrv=r->getTSrv(); ntsrv->clearChildren(); ntsrv->setAnyElement(); + nsrc->setNeg(false); + nsrv->setNeg(false); + r->setRuleType(NATRule::Return); + r->setStr("ipt_target","RETURN"); + r->setStr("ipt_chain",new_chain); + r->setInterfaceStr("nil"); +// r->setBool("rule_added_for_odst_neg",true); + tmp_queue.push_back(r); + +/* TMP_CHAIN any any C ACTION */ + r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + nsrc=r->getOSrc(); nsrc->clearChildren(); nsrc->setAnyElement(); + ndst=r->getODst(); ndst->clearChildren(); ndst->setAnyElement(); + nsrv=r->getOSrv(); + nsrc->setNeg(false); + nsrv->setNeg(false); + r->setStr("ipt_chain",new_chain); + r->setInterfaceStr("nil"); + r->setBool("rule_added_for_odst_neg",true); + tmp_queue.push_back(r); + + } else + tmp_queue.push_back(rule); + + return true; +} + +bool NATCompiler_ipt::doOSrvNegation::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementOSrv *osrvrel=rule->getOSrv(); + +/* A B ! C */ + + if (osrvrel->getNeg()) { + NATRule *r; + RuleElementOSrc *nsrc; + RuleElementODst *ndst; + RuleElementOSrv *nsrv; + + RuleElementTSrc *ntsrc; + RuleElementTDst *ntdst; + + string new_chain=NATCompiler_ipt::getNewTmpChainName(rule); + osrvrel->setNeg(false); +/* + * negation in OSrv : + * + * CHAIN A B !C RULE_TYPE TARGET + *----------------------------------------------- + * ----- A B any SNAT/DNAT TMP_CHAIN + * TMP_CHAIN any any C RETURN RETURN + * TMP_CHAIN any any any SNAT/DNAT --------- + */ + r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + nsrv=r->getOSrv(); nsrv->clearChildren(); nsrv->setAnyElement(); +// ntsrc=r->getTSrc(); ntsrc->clearChildren(); ntsrc->setAnyElement(); +// ntdst=r->getTDst(); ntdst->clearChildren(); ntdst->setAnyElement(); +// r->setRuleType(NATRule::Continue); + r->setStr("ipt_target",new_chain); + r->setBool("rule_added_for_osrv_neg",true); + tmp_queue.push_back(r); + +/* TMP_CHAIN any any C RETURN */ + r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + nsrc=r->getOSrc(); nsrc->clearChildren(); nsrc->setAnyElement(); + ndst=r->getODst(); ndst->clearChildren(); ndst->setAnyElement(); + ntsrc=r->getTSrc(); ntsrc->clearChildren(); ntsrc->setAnyElement(); + ntdst=r->getTDst(); ntdst->clearChildren(); ntdst->setAnyElement(); + nsrc->setNeg(false); + ndst->setNeg(false); + r->setRuleType(NATRule::Return); + r->setStr("ipt_target","RETURN"); + r->setStr("ipt_chain",new_chain); + r->setInterfaceStr("nil"); + r->setBool("rule_added_for_osrv_neg",true); + tmp_queue.push_back(r); + +/* TMP_CHAIN any any any ACTION */ + r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + nsrc=r->getOSrc(); nsrc->clearChildren(); nsrc->setAnyElement(); + ndst=r->getODst(); ndst->clearChildren(); ndst->setAnyElement(); + nsrv=r->getOSrv(); nsrv->clearChildren(); nsrv->setAnyElement(); + nsrc->setNeg(false); + ndst->setNeg(false); + r->setStr("ipt_chain",new_chain); + r->setInterfaceStr("nil"); +// r->setBool("rule_added_for_osrv_neg",true); + tmp_queue.push_back(r); + + } else + tmp_queue.push_back(rule); + + return true; +} + +bool NATCompiler_ipt::splitNONATRule::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + if ( rule->getStr("ipt_chain").empty() && rule->getRuleType()==NATRule::NONAT) { + + Address *osrc=compiler->getFirstOSrc(rule); + bool osrcfw= compiler->complexMatch(osrc,compiler->fw); +/* + * NONAT is special if OSrc matches firewall. It is not sufficient to + * only put this rule in the OUTPUT chain because packets originating + * on the firewall actually cross both OUTPUT and POSTROUTING chains + * (I tested this). So, we need to make sure we _do not_ translate in + * both these chains because there may be other rules in POSTROUTING + * chain that may accidentally match the packet and translate it. + */ + NATRule *r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setStr("ipt_chain","POSTROUTING"); + tmp_queue.push_back(r); + + if (osrcfw) + { + rule->setStr("ipt_chain","OUTPUT"); + if (osrc->getId()==compiler->fw->getId()) + { + RuleElementOSrc *src; + src=rule->getOSrc(); + src->clearChildren(); + src->setAnyElement(); + } + } else rule->setStr("ipt_chain","PREROUTING"); + + tmp_queue.push_back(rule); + + } else + tmp_queue.push_back(rule); + return true; +} + +bool NATCompiler_ipt::localNATRule::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + +// if ( rule->getStr("ipt_chain").empty()) +// { + + Address *osrc=compiler->getFirstOSrc(rule); + bool osrcfw= compiler->complexMatch(osrc,compiler->fw); + + switch( rule->getRuleType()) + { + case NATRule::DNAT: + case NATRule::DNetnat: + +/* it should not be necessary to do anything if rule type is NONAT + * since splitNONATRule takes care of NONAT rules + * + * is there any need to split the rule if it is SNAT or DNAT type ? I + * can't see any reason to do it. + * + * Can use OUTPUT chain only for DNAT rules and a like + */ + if (osrcfw) rule->setStr("ipt_chain","OUTPUT"); + if (osrcfw && osrc->getId()==compiler->fw->getId()) + { + RuleElementOSrc *src; + src=rule->getOSrc(); + src->clearChildren(); + src->setAnyElement(); + } + break; + default: + break; + } +// } + + tmp_queue.push_back(rule); + + return true; +} + +bool NATCompiler_ipt::splitIfOSrcAny::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + tmp_queue.push_back(rule); + +/* do not split rules added to handle negation, these rules have "any" + * in OSrc but get control only after OSrc is tested by another + * rule */ + if (rule->getBool("rule_added_for_osrc_neg")) return true; + if (rule->getBool("rule_added_for_odst_neg")) return true; + if (rule->getBool("rule_added_for_osrv_neg")) return true; + + if (rule->getRuleType()==NATRule::DNAT) + { +// RuleElementOSrc *osrcrel=rule->getOSrc(); + Address *osrc=compiler->getFirstOSrc(rule); + + if (osrc->isAny()) + { + NATRule *r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + RuleElementOSrc *nosrcrel=r->getOSrc(); + nosrcrel->addRef(compiler->fw); + tmp_queue.push_back(r); + } + } + + return true; +} + + +/* + * we assume that splitIfOSrcMatchesFw was called before, so that if firewall + * was in OSrc, it is now a single object in that rule element + */ +bool NATCompiler_ipt::DNATforFW::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + tmp_queue.push_back(rule); + + if (rule->getRuleType()==NATRule::DNAT) + { + Address *osrc=compiler->getFirstOSrc(rule); + if ( compiler->complexMatch(osrc,compiler->fw) ) + { + rule->setStr("ipt_chain","OUTPUT"); + if (osrc->getId()==compiler->fw->getId()) + { + rule->getOSrc()->clearChildren(); + rule->getOSrc()->setAnyElement(); + } + } + } + + return true; +} + + +bool NATCompiler_ipt::decideOnChain::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + tmp_queue.push_back(rule); + + if ( ! rule->getStr("ipt_chain").empty() ) return true; // already defined + + switch (rule->getRuleType()) { + case NATRule::SNAT: rule->setStr("ipt_chain","POSTROUTING"); break; + case NATRule::SNetnat: rule->setStr("ipt_chain","POSTROUTING"); break; + case NATRule::Masq: rule->setStr("ipt_chain","POSTROUTING"); break; + case NATRule::DNAT: rule->setStr("ipt_chain","PREROUTING"); break; + case NATRule::DNetnat: rule->setStr("ipt_chain","PREROUTING"); break; + case NATRule::Redirect: rule->setStr("ipt_chain","PREROUTING"); break; + case NATRule::NONAT: +// processor splitNONATRule took care of NONAT rule + break; + default: ; + } + return true; +} + + +bool NATCompiler_ipt::decideOnTarget::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + tmp_queue.push_back(rule); + + if ( ! rule->getStr("ipt_target").empty() ) return true; // already defined + + switch (rule->getRuleType()) { + case NATRule::NONAT: rule->setStr("ipt_target","ACCEPT"); break; + case NATRule::SNAT: rule->setStr("ipt_target","SNAT"); break; + case NATRule::SNetnat: rule->setStr("ipt_target","NETMAP"); break; + case NATRule::DNAT: rule->setStr("ipt_target","DNAT"); break; + case NATRule::DNetnat: rule->setStr("ipt_target","NETMAP"); break; + case NATRule::Masq: rule->setStr("ipt_target","MASQUERADE"); break; + case NATRule::Redirect: rule->setStr("ipt_target","REDIRECT"); break; + case NATRule::Return: rule->setStr("ipt_target","RETURN"); break; + default: ; + } + return true; +} + +/* + * this processor works together with ReplaceFirewallObjectsTSrc and + * ConvertToAtomicRules. If the first two left interface object in + * TSrc, AssignInterfaces assigns this rule to the corresponding + * interface. Rule will be split and assigned to all interfaces here + * if object in TSrc is not an interface or an address of interface. + * + * Summary: SNAT rules are now assigned to interfaces (using "-o + * iface_name") as follows: + * + * - if firewall's interface or its address is in TSrc, the rule the + * uses its address for "--to-source" and its name for "-o" + * + * - if firewall object is in TSrc, then it gets replaced with its + * interfaces (except unnumbered and loopback interfaces) and rule is + * processed using each interface as described above + * + * - if some other object is in TSrc, the rule is assigned to all + * interfaces of the firewall (using notation with '+') and address of + * this object is used for "--to-source". There are reasons why rule + * has to be explicitly assigned to all interfaces using "-o" as + * opposed to skipping "-o" all together. consider for example a + * configuration with an unnumbred tunnel interface (e.g. ipsec0) used + * for "road varrior" connections where IP address on the other end of + * the tunnel is unknown. We can not add a "no nat" rule because we do + * not know address of the net on the other side of the tunnel, but + * fortunately ipsec0 is skipped in the assignment of SNAT rule + * because it is unnumbered, so the firewall won't translate packets + * going through this interface. + * + */ +bool NATCompiler_ipt::AssignInterface::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + +// Address *a=NULL; +// FWObject *ref; + + if (regular_interfaces.size()==0) + { + list l2=compiler->fw->getByType(Interface::TYPENAME); + for (list::iterator i=l2.begin(); i!=l2.end(); ++i) + { + Interface *iface=Interface::cast(*i); + assert(iface); + + if (iface->isLoopback() || + iface->isUnnumbered() || + iface->isBridgePort() + ) continue; + + char *in=strdup( iface->getName().c_str() ); + char *cptr=in; + while (*cptr && *cptr!='*' && !isdigit(*cptr)) ++cptr; +/* if interface name ends with '*', this is wildcard interface. Just + * replace '*' with '+'. If interace name does not end with '*', + * replace numeric interface index with '+'. Either way, cptr points + * at the first caracter after the 'family' name of the interface (is + * there a better term?) which will be either a digit or '*'. + */ + *cptr='\0'; + string inexp=string(in)+"+"; + if ( std::find(regular_interfaces.begin(), + regular_interfaces.end(), + inexp)==regular_interfaces.end() ) + regular_interfaces.push_back( inexp ); + + free(in); + } + } + + switch (rule->getRuleType()) { + case NATRule::SNAT: + case NATRule::Masq: + { + Address* a=compiler->getFirstTSrc(rule); + + if ( (Interface::isA(a) || IPv4::isA(a)) && a->isChildOf(compiler->fw)) + { + FWObject *p=a; + while ( ! Interface::isA(p) ) p=p->getParent(); + rule->setInterfaceId( p->getId() ); + tmp_queue.push_back(rule); + return true; + } + +/* if we appear here, then TSrc is not an interface or address of an + * interface. This processor will simply pass a rule along if firewall + * has no interfaces at all. I wonder if I really have to do this, + * but I do it anyway. + */ + int n=0; + for (list::iterator i=regular_interfaces.begin(); i!=regular_interfaces.end(); i++) + { + NATRule *r = NATRule::cast( + compiler->dbcopy->create(NATRule::TYPENAME) ); + r->duplicate(rule); + compiler->temp_ruleset->add(r); + + r->setInterfaceStr( *i ); + + tmp_queue.push_back(r); + n++; + } + if (n==0) tmp_queue.push_back(rule); + return true; + } + break; + default: ; + } + + tmp_queue.push_back(rule); + return true; +} + +bool NATCompiler_ipt::verifyRuleWithMAC::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + tmp_queue.push_back(rule); + + string chain=rule->getStr("ipt_chain"); + + if (chain!="PREROUTING" && + chain!="FORWARD" && + chain!="INPUT" ) + { +/* scan all objects in OSrc, look for physAddress or combinedAddress + * with pa present. Objects like that are not allowed in chain POSTROUTING. + * Issue warning and remove physAddress from the list. + */ + RuleElementOSrc *rel= rule->getOSrc(); + if (rel->isAny()) return true; + + list cl; + FWObject *pa=NULL; + for (FWObject::iterator i=rel->begin(); i!=rel->end(); i++) + { + FWObject *o= *i; + FWObject *o1= o; + if (FWReference::cast(o)!=NULL) o1=FWReference::cast(o)->getPointer(); + + if (physAddress::isA(o1)) + { + pa=o1; + cl.push_back(o1); + } + combinedAddress *ca=combinedAddress::cast(o1); + if (ca!=NULL && ca->getPhysAddress()!="" ) + { +/* there are two possibilities: + * 1 - combinedAddress consists of the IPv4 component and MAC address component + * 2 - combinedAddress consists of an empty IPv4 component and MAC address . + */ + pa=o1; + if ( ca->isAny() ) cl.push_back(o1); + else ca->setPhysAddress(""); + } + } + + if (!cl.empty()) + { + for (list::iterator i1=cl.begin(); i1!=cl.end(); ++i1) + rel->removeRef( (*i1) ); + } + + if (pa!=NULL) + { + char errmsg[2048]; + if (rel->isAny()) + { + sprintf(errmsg, +_("SNAT rule can not match MAC address, however after removing object %s from OSrc it becomes 'Any' in the rule %s"), + pa->getName().c_str(), + rule->getLabel().c_str() ); + compiler->abort( errmsg ); + } + else + { + sprintf(errmsg, +_("SNAT rule can not match MAC address. Object %s removed from the rule %s"), + pa->getName().c_str(), + rule->getLabel().c_str() ); + compiler->warning( errmsg ); + } + } + } + + return true; +} + +bool NATCompiler_ipt::processMultiAddressObjectsInRE::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + OSConfigurator_linux24 *osconf = + dynamic_cast(compiler->osconfigurator); + + RuleElement *re=RuleElement::cast( rule->getFirstByType(re_type) ); + bool neg = re->getNeg(); + + if (re->size()==1) + { + FWObject *o = re->front(); + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + MultiAddressRunTime *atrt = MultiAddressRunTime::cast(o); + if (atrt!=NULL) + { + // we have just one object in RE and this object is MutiAddressRunTime + if (atrt->getSubstitutionTypeName()==AddressTable::TYPENAME) + { + rule->setStr("address_table_file",atrt->getSourceName()); + osconf->registerMultiAddressObject(atrt); + } + if (atrt->getSubstitutionTypeName()==DNSName::TYPENAME) + { + // this is DNSName converted to its run-time counterpart, + // we do not need to touch it at all + } + tmp_queue.push_back(rule); + return true; + } + } + + list cl; + for (FWObject::iterator i=re->begin(); i!=re->end(); i++) + { + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + MultiAddressRunTime *atrt = MultiAddressRunTime::cast(o); + if (atrt!=NULL && atrt->getSubstitutionTypeName()==AddressTable::TYPENAME) + cl.push_back(atrt); + } + + if (!cl.empty()) + { + RuleElement *nre; + RuleElement *ore=RuleElement::cast( rule->getFirstByType(re_type) ); + NATRule *r; + for (list::iterator i=cl.begin(); i!=cl.end(); i++) + { + MultiAddressRunTime *atrt = *i; + r = NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + nre=RuleElement::cast( r->getFirstByType(re_type) ); + nre->clearChildren(); + nre->addRef( atrt ); + r->setStr("address_table_file",atrt->getSourceName()); + osconf->registerMultiAddressObject(atrt); + tmp_queue.push_back(r); + + ore->removeRef( *i ); + } + } + + tmp_queue.push_back(rule); + return true; +} + + +void NATCompiler_ipt::compile() +{ +// FWOptions* options=fw->getOptionsObject(); + + cout << _(" Compiling rules for 'nat' table ...") << endl << flush; + + try { + + Compiler::compile(); +#if 0 + cerr << "Checking objects" << endl; + dbcopy->findInIndex("id45035B9F499")->dump(true,true); + dbcopy->findInIndex("id4504CDCF27596")->dump(true,true); + cerr << endl; +#endif + add( new NATCompiler::Begin()); + + add( new printTotalNumberOfRules( )); + + add( new recursiveGroupsInOSrc("check for recursive groups in OSRC")); + add( new recursiveGroupsInODst("check for recursive groups in ODST")); + add( new recursiveGroupsInOSrv("check for recursive groups in OSRV")); + + add( new recursiveGroupsInTSrc("check for recursive groups in TSRC")); + add( new recursiveGroupsInTDst("check for recursive groups in TDST")); + add( new recursiveGroupsInTSrv("check for recursive groups in TSRV")); + + add( new emptyGroupsInOSrc("check for empty groups in OSRC" )); + add( new emptyGroupsInODst("check for empty groups in ODST" )); + add( new emptyGroupsInOSrv("check for empty groups in OSRV" )); + + add( new emptyGroupsInTSrc("check for empty groups in TSRC" )); + add( new emptyGroupsInTDst("check for empty groups in TDST" )); + add( new emptyGroupsInTSrv("check for empty groups in TSRV" )); + + add( new ExpandGroups( "Expand groups" )); + add( new eliminateDuplicatesInOSRC("eliminate duplicates in OSRC")); + add( new eliminateDuplicatesInODST("eliminate duplicates in ODST")); + add( new eliminateDuplicatesInOSRV("eliminate duplicates in OSRV")); + + add( new swapMultiAddressObjectsInOSrc(" swap MultiAddress -> MultiAddressRunTime in OSrc") ); + add( new swapMultiAddressObjectsInODst(" swap MultiAddress -> MultiAddressRunTime in ODst") ); + + add( new processMultiAddressObjectsInOSrc("process MultiAddress objects in OSrc") ); + add( new processMultiAddressObjectsInODst("process MultiAddress objects in ODst") ); + + add( new doOSrvNegation( "process negation in OSrv" )); + + add( new convertToAtomicportForOSrv("convert to atomic rules in OSrv")); + + add( new classifyNATRule( "classify NAT rule" )); + add( new splitSDNATRule( "split SDNAT rules" )); + add( new classifyNATRule( "reclassify rules" )); + add( new ConvertLoadBalancingRules( "convert load balancing rules")); + add( new VerifyRules( "verify rules" )); + + add( new doOSrcNegation( "process negation in OSrc" )); + add( new doODstNegation( "process negation in ODst" )); + +/* call splitOnODst after processing negation */ + add( new splitOnODst( "split on ODst" )); + + add( new portTranslationRules( "port translation rules" )); + add( new specialCaseWithRedirect("check for special case with redirecting port translation rules" ) ); + + if (fwopt->getBool("local_nat") ) + { + if ( fwopt->getBool("firewall_is_part_of_any_and_networks") ) + add( new splitIfOSrcAny( "split rule if OSrc is any" )); + + add( new splitIfOSrcMatchesFw("split rule if OSrc matches FW" )); + } + + add( new splitNONATRule("process NAT rules that request no translation")); + add( new localNATRule("process local NAT rules")); +// add( new DNATforFW("process DNAT rules for packets originated on the firewall")); + add( new decideOnChain( "decide on chain" ) ); + add( new decideOnTarget( "decide on target" ) ); + + add( new splitODstForSNAT( "split rule if objects in ODst belong to different subnets") ); + add( new ReplaceFirewallObjectsODst("replace firewall in ODst" ) ); + add( new ReplaceFirewallObjectsTSrc("replace firewall in TSrc" ) ); + add( new splitOnDynamicInterfaceInODst("split rule if ODst is dynamic interface" ) ); + add( new splitOnDynamicInterfaceInTSrc("split rule if TSrc is dynamic interface" ) ); + + add( new ExpandMultipleAddresses("expand multiple addresses") ); + + add( new specialCaseWithUnnumberedInterface("check for special cases with dynamic and unnumbered interfaces" ) ); + add( new checkForDynamicInterfacesOfOtherObjects( "check for dynamic interfaces of other hosts and firewalls" ) ); + + add( new verifyRuleWithMAC("verify rules using MAC address filtering")); + add( new ExpandAddressRanges("expand address ranges") ); + + add( new splitMultiSrcAndDst("split rules where multiple srcs and dsts are present" ) ); + + add( new splitServices("split on services") ); + add( new VerifyRules2("check correctness of TSrv") ); + add( new separatePortRanges("separate port ranges") ); + add( new separateSourcePorts("separate objects with src") ); + add( new separateSourceAndDestinationPorts( "separate objects with both src and dest ports" ) ); + add( new prepareForMultiport("prepare for multiport") ); + add( new splitMultipleICMP("split rule with multiple ICMP services") ); + + add( new ConvertToAtomicForAddresses("convert to atomic rules") ); + + add( new addVirtualAddress("add virtual addresses") ); + + add( new AssignInterface("assign rules to interfaces") ); + add( new dynamicInterfaceInODst("split if dynamic interface in ODst") ); + add( new dynamicInterfaceInTSrc("set target if dynamic interface in TSrc" ) ); + add( new convertInterfaceIdToStr("prepare interface assignments") ); + + if (fwopt->getBool("use_iptables_restore")) + { + // bug #1812295: we should use PrintRuleIptRstEcho not only + // when we have dynamic interfaces, but also when we have + // address tables expanded at run time. Instead of checking + // for all these conditions, just always use PrintRuleIptRstEcho + printRule=new PrintRuleIptRstEcho( + "generate code for iptables-restore using echo"); + } else + printRule=new PrintRule("generate iptables shell script"); + + add( printRule ); + + add( new simplePrintProgress() ); + + runRuleProcessors(); + + + } catch (FWException &ex) { + error(ex.toString()); + exit(1); + } +} + + +void NATCompiler_ipt::epilog() +{ + if (fwopt->getBool("use_iptables_restore")) + { + output << "#" << endl; + } +} + +string NATCompiler_ipt::flushAndSetDefaultPolicy() +{ + string res=""; + +/* printRule may be null if there are no NAT rules and we never ran compile() */ + if(printRule!=NULL) + { + res += printRule->_declareTable(); + res += printRule->_flushAndSetDefaultPolicy(); +// res += printRule->_printOptionalGlobalRules(); + } + + return res; +} + +string NATCompiler_ipt::commit() +{ + string res=""; + + if(printRule!=NULL) + { + res += printRule->_commit(); + } + return res; +} + + diff --git a/src/ipt/NATCompiler_ipt.h b/src/ipt/NATCompiler_ipt.h new file mode 100644 index 000000000..4e9f4ffd6 --- /dev/null +++ b/src/ipt/NATCompiler_ipt.h @@ -0,0 +1,535 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: NATCompiler_ipt.h 1054 2006-06-05 04:53:22Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#ifndef __NATCOMPILER_IPT_HH__ +#define __NATCOMPILER_IPT_HH__ + +#include + +#include "fwcompiler/NATCompiler.h" +#include "fwbuilder/RuleElement.h" + +#include +#include + +namespace libfwbuilder { + class Host; + class IPService; + class ICMPService; + class TCPService; + class UDPService; + class RuleElementOSrc; + class RuleElementODst; + class RuleElementOSrv; + class RuleElementTSrc; + class RuleElementTDst; + class RuleElementTSrv; +}; + +namespace fwcompiler { + + class NATCompiler_ipt : public NATCompiler { + + protected: + + class PrintRule; + + NATCompiler_ipt::PrintRule *printRule; + bool have_dynamic_interfaces; + + std::string getInterfaceVarName(libfwbuilder::FWObject *iface); + std::string getAddressTableVarName(libfwbuilder::FWObject *iface); + + /** + * internal: scans child objects of interface iface, both IPv4 + * and physAddress, and puts them in the list ol. Since iptables + * supports matching on MAc addresses, we create objects of + * the class combinedAddress here from each pair of physAddress + * and IPV4 + */ + virtual void _expandInterface(libfwbuilder::Interface *iface, + std::list &ol); + + + + virtual std::string debugPrintRule(libfwbuilder::Rule *rule); + + /** + * convert load balancing rules into DNAT rules with address + * range in TDst. If objects in TDst do not constitute a + * consecutive address range, abort with an error message + */ + DECLARE_NAT_RULE_PROCESSOR(ConvertLoadBalancingRules); + + /** + * this processor spits SDNAT rule onto SNAT and DNAT rules. + * SDNAT rule translates both source and destination. + */ + DECLARE_NAT_RULE_PROCESSOR(splitSDNATRule); + + /** + * verifies correctness of the NAT rules + */ + DECLARE_NAT_RULE_PROCESSOR(VerifyRules); + + /** + * verifies correctness of the NAT rules - this one + * specifically * checks for some inconsistencies between + * OSrv and TSrv and should * only be used after + * splitServices + */ + DECLARE_NAT_RULE_PROCESSOR(VerifyRules2); + + /** + * splits rule with multiple objects in ODst. This needs to be + * done only * for DNAT rules. Call this processor when + * negation has been dealt with already. + */ + DECLARE_NAT_RULE_PROCESSOR(splitOnODst); + + /** + * splits rule with multiple service objects in OSrv onto + * several rules + */ + DECLARE_NAT_RULE_PROCESSOR(splitOnOSrv); + + /** + * process special case: multiple objects in osrv and + * tsrv!=any. Need to convert to atomic by OSrv before + * using classifyNATRule. + */ + DECLARE_NAT_RULE_PROCESSOR(convertToAtomicportForOSrv); + + /** + * process special case: rule that translates dest. port but + * does not change addresses (tsrc==any, tdst==any, tsrv!=any) + * Need to copy odst to tdst. + */ + DECLARE_NAT_RULE_PROCESSOR(portTranslationRules); + + /** + * processor portTranslationRules copies ODst into TDst + * for rules that only do port translations and where TDst + * is "any". In case ODst was firewall or one of its interfaces, + * we should set rule type to NATRule::REDIRECT + */ + DECLARE_NAT_RULE_PROCESSOR(specialCaseWithRedirect); + + + class splitRuleIfRuleElementIsDynamicInterface : public NATRuleProcessor + { + std::string re_type; + public: + splitRuleIfRuleElementIsDynamicInterface(const std::string &n,std::string _type): + NATRuleProcessor(n) { re_type=_type; } + virtual bool processNext(); + }; + + /** + * splits rule if one of the objects in tsrc is * interface + * with dynamic address + */ + class splitOnDynamicInterfaceInTSrc : public splitRuleIfRuleElementIsDynamicInterface + { + public: + splitOnDynamicInterfaceInTSrc(const std::string &n): + splitRuleIfRuleElementIsDynamicInterface(n,libfwbuilder::RuleElementTSrc::TYPENAME) {} + }; + + /** + * splits rule if one of the objects in odst is * interface + * with dynamic address + */ + class splitOnDynamicInterfaceInODst : public splitRuleIfRuleElementIsDynamicInterface + { + public: + splitOnDynamicInterfaceInODst(const std::string &n): + splitRuleIfRuleElementIsDynamicInterface(n,libfwbuilder::RuleElementODst::TYPENAME) {} + }; + + /** + * checks for the following situations: + * + * 1. an unnumbered interface is in OSrc and rule rtype is Masq + * or SNAT (drop interface from src since source address is + * undertermined) + * + * 2. an unnumbered interface is in ODst and rule type is + * DNAT (drop interface since dest. address is undefined) + * + */ + friend class specialCaseWithUnnumberedInterface; + class specialCaseWithUnnumberedInterface : public NATRuleProcessor + { + bool dropUnnumberedInterface(libfwbuilder::RuleElement *re); + public: + specialCaseWithUnnumberedInterface(const std::string &name) : NATRuleProcessor(name) {} + virtual bool processNext(); + }; + + friend class checkForDynamicInterfacesOfOtherObjects; + class checkForDynamicInterfacesOfOtherObjects : public NATRuleProcessor + { + void findDynamicInterfaces(libfwbuilder::RuleElement *re, + libfwbuilder::Rule *rule); + public: + checkForDynamicInterfacesOfOtherObjects(const std::string &name) : NATRuleProcessor(name) {} + virtual bool processNext(); + }; + + + /** + * fills translated service with the copy of original srv + */ + DECLARE_NAT_RULE_PROCESSOR(fillTranslatedSrv); + + /** + * Assigns NAT rules to interfaces + * + * This processor works together with + * ReplaceFirewallObjectsTSrc and ConvertToAtomicRules. If the + * first two left interface object in TSrc, AssignInterfaces + * assigns this rule to the corresponding interface. Rule + * wont'be assigned to any interface if object in TSrc is not + * an interface or an address of interface. + */ + friend class AssignInterface; + class AssignInterface : public NATRuleProcessor + { + std::list regular_interfaces; + public: + AssignInterface(const std::string &name) : NATRuleProcessor(name) {} + virtual bool processNext(); + }; + + /** + * calls OSConfigurator to add virtual * address to the + * firewall if it is needed for NAT rule + */ + DECLARE_NAT_RULE_PROCESSOR(addVirtualAddress); + + /** + * replaces references to the firewall in odst * with + * references to its external interfaces + */ + DECLARE_NAT_RULE_PROCESSOR(ReplaceFirewallObjectsODst); + + /** + * replaces references to the firewall in tsrc with + * references to its interfaces in SNAT rules + */ + DECLARE_NAT_RULE_PROCESSOR(ReplaceFirewallObjectsTSrc); + + /** + * distinguishes SNAT from Masquerading (can do * this after + * firewall objects has been replaced with its * interfaces + * and basic NAT rule type has been determined) + */ + DECLARE_NAT_RULE_PROCESSOR(dynamicInterfaceInTSrc); + + /** + * takes care of dynamic interfaces in ODst (if ODst contains + * interface and its address is dynamic, replace it with any) + */ + DECLARE_NAT_RULE_PROCESSOR(dynamicInterfaceInODst); + + /** + * splits rule element if src or dst contains * address + * range. This inspector differs from the standard one * in + * the base class NATCompiler + */ + DECLARE_NAT_RULE_PROCESSOR(ExpandAddressRanges); + + /** + * split rules with more than one service object, so that each + * rule has services with the same protocol + */ + DECLARE_NAT_RULE_PROCESSOR(splitServices); + + /** + * separate TCP/UDP services with port ranges (can not be used with multiport) + */ + DECLARE_NAT_RULE_PROCESSOR(separatePortRanges); + + /** + * for TCP/UDP services separate objects with source ports + * from objects with destination ports + */ + DECLARE_NAT_RULE_PROCESSOR(separateSourcePorts); + + /** + * for TCP/UDP services separate objects that have both source + * and destination ports + */ + DECLARE_NAT_RULE_PROCESSOR(separateSourceAndDestinationPorts); + + /** + * splits rules so multiport module can be used (only works for UDP and TCP) + */ + DECLARE_NAT_RULE_PROCESSOR(prepareForMultiport); + + /** + * splits rules using multiple ICMP services + */ + DECLARE_NAT_RULE_PROCESSOR(splitMultipleICMP); + + /** + * deals with negation in OSrc + */ + DECLARE_NAT_RULE_PROCESSOR(doOSrcNegation); + + /** + * deals with negation in ODst + */ + DECLARE_NAT_RULE_PROCESSOR(doODstNegation); + + /** + * deals with negation in OSrv + */ + DECLARE_NAT_RULE_PROCESSOR(doOSrvNegation); + + /** + * splits DNAT rule if "Assume firewall is part of any" is ON + * and OSrc is any. Need this to take care of the case with + * packets originating on the firewall in DNAT rules. + */ + DECLARE_NAT_RULE_PROCESSOR(splitIfOSrcAny); + + + /** + * splits NONAT rule and assigns chains to PREROUTING, + * POSTROUTING and OUTPUT. Always call this processor before + * decideOnChain + */ + DECLARE_NAT_RULE_PROCESSOR(splitNONATRule); + + + /** + * sets chain and possibly splits a NAT rule if firewall or + * its interface is in OSrc. + */ + DECLARE_NAT_RULE_PROCESSOR(localNATRule); + + + /** + * special case of DNAT rule for packets originated on the + * firewall itself * (should go to the OUTPUT chain) + */ + DECLARE_NAT_RULE_PROCESSOR(DNATforFW); + + /** + * decides what chain this rule should go to. + */ + DECLARE_NAT_RULE_PROCESSOR(decideOnChain); + + /** + * decides on "jump to" chain + */ + DECLARE_NAT_RULE_PROCESSOR(decideOnTarget); + + /** + * split rule for efficiency where multiple srcs & dsts are present + */ + DECLARE_NAT_RULE_PROCESSOR(splitMultiSrcAndDst); + /** + * MAC address filtering is permitted only in DNAT rules (only + * in PREROUTING chain) + */ + DECLARE_NAT_RULE_PROCESSOR(verifyRuleWithMAC); + + /** + * eliminates duplicate objects in SRC. Uses default comparison + * in eliminateDuplicatesInRE which compares IDs + */ + class eliminateDuplicatesInOSRC : public eliminateDuplicatesInRE + { + public: + eliminateDuplicatesInOSRC(const std::string &n) : + eliminateDuplicatesInRE(n,libfwbuilder::RuleElementOSrc::TYPENAME) {} + }; + + /** + * eliminates duplicate objects in DST. Uses default comparison + * in eliminateDuplicatesInRE which compares IDs + */ + class eliminateDuplicatesInODST : public eliminateDuplicatesInRE + { + public: + eliminateDuplicatesInODST(const std::string &n) : + eliminateDuplicatesInRE(n,libfwbuilder::RuleElementODst::TYPENAME) {} + }; + + /** + * eliminates duplicate objects in SRV. Uses default comparison + * in eliminateDuplicatesInRE which compares IDs + */ + class eliminateDuplicatesInOSRV : public eliminateDuplicatesInRE + { + public: + eliminateDuplicatesInOSRV(const std::string &n) : + eliminateDuplicatesInRE(n,libfwbuilder::RuleElementOSrv::TYPENAME) {} + }; + + /** + * Split rule if MultiAddress object is used in RE to make + * sure it is single object. + */ + class processMultiAddressObjectsInRE : public NATRuleProcessor + { + std::string re_type; + public: + processMultiAddressObjectsInRE(const std::string &name, + const std::string &t) : NATRuleProcessor(name) { re_type=t; } + virtual bool processNext(); + }; + + + class processMultiAddressObjectsInOSrc : public processMultiAddressObjectsInRE + { + public: + processMultiAddressObjectsInOSrc(const std::string &n) : + processMultiAddressObjectsInRE(n,libfwbuilder::RuleElementOSrc::TYPENAME) {} + }; + + class processMultiAddressObjectsInODst : public processMultiAddressObjectsInRE + { + public: + processMultiAddressObjectsInODst(const std::string &n) : + processMultiAddressObjectsInRE(n,libfwbuilder::RuleElementODst::TYPENAME) {} + }; + + + /** + * prints single policy rule, assuming all * groups have + * been expanded, so source, destination and * service hold + * exactly one object each, and this object is * not a + * group. Negation should also have been taken care of * + * before this method is called. + */ + class PrintRule : public NATRuleProcessor + { + protected: + + bool init; + bool print_once_on_top; + std::string current_rule_label; + std::map chains; + + virtual std::string _createChain(const std::string &chain); + virtual std::string _startRuleLine(); + virtual std::string _endRuleLine(); + virtual std::string _printRuleLabel(libfwbuilder::NATRule *r); + + virtual std::string _printProtocol(libfwbuilder::Service *srv); + virtual std::string _printSrcService(libfwbuilder::RuleElementOSrv *o); + virtual std::string _printDstService(libfwbuilder::RuleElementOSrv *o); + + virtual std::string _printICMP(libfwbuilder::ICMPService *srv); + virtual std::string _printIP(libfwbuilder::IPService *srv); + + virtual std::string _printOPorts(int rs,int re); + virtual std::string _printTPorts(int rs,int re); + virtual std::string _printSrcPorts(libfwbuilder::Service *srv); + virtual std::string _printDstPorts(libfwbuilder::Service *srv); + virtual std::string _printSNATPorts(libfwbuilder::Service *srv); + virtual std::string _printDNATPorts(libfwbuilder::Service *srv); + + virtual std::string _printMultiport(libfwbuilder::NATRule *r); + virtual std::string _printAddr(libfwbuilder::Address *o,bool print_mask=true,bool print_range=false); + virtual std::string _printChainDirectionAndInterface(libfwbuilder::NATRule *r); + + public: + PrintRule(const std::string &name); + virtual std::string _declareTable(); + virtual std::string _flushAndSetDefaultPolicy(); + virtual std::string _commit(); + virtual std::string _quote(const std::string &s); + virtual bool processNext(); + }; + friend class NATCompiler_ipt::PrintRule; + + class PrintRuleIptRst : public PrintRule + { + virtual std::string _createChain(const std::string &chain); + virtual std::string _startRuleLine(); + virtual std::string _endRuleLine(); + virtual std::string _printRuleLabel(libfwbuilder::NATRule *r); + + public: + + PrintRuleIptRst(const std::string &name) : PrintRule(name) {}; + virtual std::string _declareTable(); + virtual std::string _flushAndSetDefaultPolicy(); + virtual std::string _commit(); + virtual std::string _quote(const std::string &s); + virtual bool processNext(); + }; + friend class NATCompiler_ipt::PrintRuleIptRst; + + class PrintRuleIptRstEcho : public PrintRuleIptRst + { + virtual std::string _createChain(const std::string &chain); + virtual std::string _startRuleLine(); + virtual std::string _endRuleLine(); + + public: + + PrintRuleIptRstEcho(const std::string &name) : PrintRuleIptRst(name) {}; + virtual std::string _declareTable(); + virtual std::string _flushAndSetDefaultPolicy(); + virtual std::string _commit(); + virtual std::string _quote(const std::string &s); + virtual bool processNext(); + }; + friend class NATCompiler_ipt::PrintRuleIptRstEcho; + + + virtual std::string myPlatformName(); + + public: + + NATCompiler_ipt(libfwbuilder::FWObjectDatabase *_db, + const std::string &fwname, + fwcompiler::OSConfigurator *_oscnf) : NATCompiler(_db,fwname,_oscnf) + {have_dynamic_interfaces=false; printRule=NULL;} + + + virtual int prolog(); + virtual void compile(); + virtual void epilog(); + + void setHaveDynamicInterfaces(bool f) { have_dynamic_interfaces=f; } + + std::string flushAndSetDefaultPolicy(); + std::string commit(); + + static std::string getNewTmpChainName(libfwbuilder::NATRule *rule); + + }; + + +} + +#endif diff --git a/src/ipt/OSConfigurator_linux24.cpp b/src/ipt/OSConfigurator_linux24.cpp new file mode 100644 index 000000000..78e31a517 --- /dev/null +++ b/src/ipt/OSConfigurator_linux24.cpp @@ -0,0 +1,744 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: OSConfigurator_linux24.cpp 1369 2007-06-17 03:28:20Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#include "config.h" + +#include "OSConfigurator_linux24.h" + +#include "fwbuilder/Firewall.h" +#include "fwbuilder/FWOptions.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/IPv4.h" +#include "fwbuilder/Network.h" +#include "fwbuilder/Address.h" +#include "fwbuilder/Resources.h" +#include "fwbuilder/MultiAddress.h" + +#ifndef _WIN32 +# include +#endif + +#include +#include +#include +#include + +#include +#include +#include + +#include + +using namespace libfwbuilder; +using namespace fwcompiler; +using namespace std; + +string OSConfigurator_linux24::myPlatformName() { return "Linux24"; } + +OSConfigurator_linux24::OSConfigurator_linux24(FWObjectDatabase *_db, + const string &fwname) : + OSConfigurator(_db,fwname) , os_data(fw->getStr("host_OS")) +{ +} + +string OSConfigurator_linux24::getInterfaceVarName(FWObject *iface) +{ + ostringstream ostr; + string iname=iface->getName(); + string::size_type p1; + while ( (p1=iname.find("."))!=string::npos) + iname=iname.replace(p1,1,"_"); + ostr << "i_" << iname; + return ostr.str(); +} + + +void OSConfigurator_linux24::processFirewallOptions() +{ + FWOptions* options=fw->getOptionsObject(); + string s; + int i; + +/* + * check if all interfaces configured for the firewall are present + */ + if (options->getBool("verify_interfaces")) + { + list l2=fw->getByType(Interface::TYPENAME); + if ( ! l2.empty() ) + { + output << endl; + output << "INTERFACES=\""; + for (list::iterator i=l2.begin(); i!=l2.end(); ++i) + { + Interface *iface=Interface::cast(*i); + if (iface->getName().find("*")==string::npos) + output << iface->getName() << " "; + } + output << "\"" << endl; + output << "for i in $INTERFACES ; do" << endl; + output << " $IP link show \"$i\" > /dev/null 2>&1 || {" << endl; + output << " log \"Interface $i does not exist\"" << endl; + output << " exit 1" << endl; + output << " }" << endl; + output << "done" << endl; + output << endl; + } + } + +/* + * Turn off packet forwarding for now. We'll turn it on if needed in the end + * + * turned this off. This seems to be an overkill as we set default + * policy to DROP in all chains before we purge the current firewall policy. + + output << "\n\n"; + output << "FWD=`cat /proc/sys/net/ipv4/ip_forward`\n"; + output << "echo \"0\" > /proc/sys/net/ipv4/ip_forward\n\n"; +*/ + + s=options->getStr("linux24_ip_dynaddr"); + if (!s.empty()) + output << "echo " << s << " > /proc/sys/net/ipv4/ip_dynaddr\n\n"; + + + s=options->getStr("linux24_rp_filter"); + if (!s.empty()) + output << "echo " << s << " > /proc/sys/net/ipv4/conf/all/rp_filter\n\n"; + + s=options->getStr("linux24_accept_source_route"); + if (!s.empty()) + output << "echo " << s << " > /proc/sys/net/ipv4/conf/all/accept_source_route\n\n"; + + s=options->getStr("linux24_accept_redirects"); + if (!s.empty()) + output << "echo " << s << " > /proc/sys/net/ipv4/conf/all/accept_redirects\n\n"; + + s=options->getStr("linux24_log_martians"); + if (!s.empty()) + output << "echo " << s << " > /proc/sys/net/ipv4/conf/all/log_martians\n\n"; + + + + s=options->getStr("linux24_icmp_echo_ignore_broadcasts"); + if (!s.empty()) + output << "echo " << s << " > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts\n\n"; + + s=options->getStr("linux24_icmp_echo_ignore_all"); + if (!s.empty()) + output << "echo " << s << " > /proc/sys/net/ipv4/icmp_echo_ignore_all\n\n"; + + s=options->getStr("linux24_icmp_ignore_bogus_error_responses"); + if (!s.empty()) + output << "echo " << s << " > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses\n\n"; + + + + if ( (i=options->getInt("linux24_tcp_fin_timeout"))>0 ) + output << "echo " << i << " > /proc/sys/net/ipv4/tcp_fin_timeout\n\n"; + + if ( (i=options->getInt("linux24_tcp_keepalive_interval"))>0 ) + output << "echo " << i << " > /proc/sys/net/ipv4/tcp_keepalive_intvl\n\n"; + + s=options->getStr("linux24_tcp_window_scaling"); + if (!s.empty()) + output << "echo " << s << " > /proc/sys/net/ipv4/tcp_window_scaling\n\n"; + + s=options->getStr("linux24_tcp_sack"); + if (!s.empty()) + output << "echo " << s << " > /proc/sys/net/ipv4/tcp_sack\n\n"; + + s=options->getStr("linux24_tcp_fack"); + if (!s.empty()) + output << "echo " << s << " > /proc/sys/net/ipv4/tcp_fack\n\n"; + + s=options->getStr("linux24_tcp_syncookies"); + if (!s.empty()) + output << "echo " << s << " > /proc/sys/net/ipv4/tcp_syncookies\n\n"; + + s=options->getStr("linux24_tcp_ecn"); + if (!s.empty()) + output << "echo " << s << " > /proc/sys/net/ipv4/tcp_ecn\n\n"; + + s=options->getStr("linux24_tcp_timestamps"); + if (!s.empty()) + output << "echo " << s << " > /proc/sys/net/ipv4/tcp_timestamps\n\n"; + + + output << endl; +} + +void OSConfigurator_linux24::addVirtualAddressForNAT(const Network *nw) +{ + ostringstream ostr; + + FWOptions* options=fw->getOptionsObject(); + if ( options->getBool("manage_virtual_addr") ) + { + if (virtual_addresses.empty() || + find(virtual_addresses.begin(),virtual_addresses.end(),nw->getAddress())==virtual_addresses.end()) + { + Interface *iface=findInterfaceFor( nw, fw ); + if (iface!=NULL) + { + IPNetwork n( nw->getAddress() , nw->getNetmask() ); + + IPAddress a; + string str, subnet, first, last; + + a=nw->getAddress() +1; + first = a.toString(); + + a = n.getBroadcastAddress() -1; + last = a.toString(); + + ostr << endl; + + ostr << "a=\"" << first << "\"" << endl; + ostr << "while test \"$a\" != \"" << last << "\"; do" << endl; + + ostr << " add_addr ${a} " << nw->getNetmask().getLength() << " " + << iface->getName() << endl; + + ostr << endl; + ostr << " OIFS=$IFS" << endl; + ostr << " IFS=\".\"" << endl; + ostr << " set $a" << endl; + ostr << " a4=$1" << endl; + ostr << " a3=$2" << endl; + ostr << " a2=$3" << endl; + ostr << " a1=$4" << endl; + ostr << " IFS=$OIFS" << endl; + ostr << " incaddr a4 a3 a2 a1" << endl; + ostr << " a=$a4\".\"$a3\".\"$a2\".\"$a1" << endl; + + ostr << "done" << endl << endl; + virtual_addresses.push_back(nw->getAddress()); + registerVirtualAddressForNat(); + } else + warning(_("Can not add virtual address ") + nw->getAddress().toString() + + _(" (object ") + nw->getName() + ")" ); + } + commands_to_add_virtual_addresses.push_back(ostr.str()); + } +} + +void OSConfigurator_linux24::addVirtualAddressForNAT(const Address *addr) +{ + ostringstream ostr; + + FWOptions* options=fw->getOptionsObject(); + if ( options->getBool("manage_virtual_addr") ) + { + if (virtual_addresses.empty() || + find(virtual_addresses.begin(),virtual_addresses.end(),addr->getAddress())==virtual_addresses.end()) + { + IPv4 *iaddr=IPv4::cast( findAddressFor(addr, fw ) ); + if (iaddr!=NULL) + { + Interface *iface=Interface::cast(iaddr->getParent()); + assert(iface!=NULL); + + ostr << "add_addr " << addr->getAddress().toString() << " " + << iaddr->getNetmask().getLength() << " " + << iface->getName() << endl; + + virtual_addresses.push_back(addr->getAddress()); + registerVirtualAddressForNat(); + } else + warning(_("Can not add virtual address ") + addr->getAddress().toString() + + _(" (object ") + addr->getName() + ")" ); + } + commands_to_add_virtual_addresses.push_back(ostr.str()); + return; + } +} + +void OSConfigurator_linux24::printCommandsToAddVirtualAddressesForNAT() +{ + output << "# Add virtual addresses for NAT rules" << endl; + + list::iterator i; + for (i=commands_to_add_virtual_addresses.begin(); + i!=commands_to_add_virtual_addresses.end(); ++i) + output << *i; + + output << endl; +} + +void OSConfigurator_linux24::registerMultiAddressObject(MultiAddressRunTime *at) +{ + address_table_objects[at->getName()] = at->getSourceName(); +} + +void OSConfigurator_linux24::printChecksForRunTimeMultiAddress() +{ + output << "# Using " << address_table_objects.size() << " address table files" << endl; + + map::iterator i; + for (i=address_table_objects.begin(); i!=address_table_objects.end(); ++i) + { + string at_name = i->first; + string at_file = i->second; + output << "check_file \"" + at_name + "\" \"" + at_file + "\"" << endl; + } + output << endl; +} + +void OSConfigurator_linux24::configureInterfaces() +{ + FWOptions* options=fw->getOptionsObject(); + + output << "# Configure interfaces" << endl; + +/* + * Remove all host static routes and "pub" ARP entries if we are going to + * create new ones + */ + if ( options->getBool("manage_virtual_addr") ) + { + list l2=fw->getByType(Interface::TYPENAME); + for (list::iterator i=l2.begin(); i!=l2.end(); ++i) + { + Interface *interface_=Interface::cast(*i); + if ( interface_->isDyn() ) continue; + if ( interface_->isUnnumbered() ) continue; + if ( interface_->isBridgePort() ) continue; + if ( interface_->isLoopback() ) continue; + + output << "$IP -4 neigh flush dev " + << interface_->getName() << " >/dev/null 2>&1" << endl; + + output << "$IP -4 addr flush dev " + << interface_->getName() + << " secondary label \"" << interface_->getName() << ":FWB*\"" + << " >/dev/null 2>&1" << endl; + } + output << endl; + } + + if ( options->getBool("configure_interfaces") ) + { + + output << endl; + + FWObjectTypedChildIterator i=fw->findByType(Interface::TYPENAME); + for ( ; i!=i.end(); ++i ) + { + Interface *iface=dynamic_cast(*i); + assert(iface); + + if (iface->isDyn()) continue; + if (iface->isUnnumbered()) continue; + if (iface->isBridgePort() ) continue; + + FWObjectTypedChildIterator j=iface->findByType(IPv4::TYPENAME); + for ( ; j!=j.end(); ++j ) + { + IPv4 *iaddr=IPv4::cast(*j); + + output << "add_addr " << iaddr->getAddress().toString() << " " + << iaddr->getNetmask().getLength() << " " + << iface->getName() << endl; +// add to the table of virtual addresses so we won't generate code to +// configure the same address if it is needed for NAT + virtual_addresses.push_back(iaddr->getAddress()); + } + output << "$IP link set " << iface->getName() << " up" << endl; + } + output << endl; + } + +/* + * get addresses of dynamic interfaces + */ + FWObjectTypedChildIterator j=fw->findByType(Interface::TYPENAME); + for ( ; j!=j.end(); ++j ) + { + Interface *iface=Interface::cast(*j); + + if ( iface->isDyn() ) + { +/* if interface name ends with '*', this is a wildcard interface. Do + * not get its address at this time. */ + if (iface->getName().find("*")==string::npos) + output << "getaddr " + << iface->getName() + << " " + << getInterfaceVarName(iface) + << endl; + } + } + output << endl; +} + + +int OSConfigurator_linux24::prolog() +{ + printShellFunctions(); + +/* + * Process firewall options, build OS network configuration script + */ +// processFirewallOptions(); + + output << endl; + +// configureInterfaces(); + + return 0; +} + +void OSConfigurator_linux24::printShellFunctions() +{ + FWOptions* options=fw->getOptionsObject(); + + output << endl; + output << "log() {" << endl; + output << " echo \"$1\"" << endl; + output << " test -x \"$LOGGER\" && $LOGGER -p info \"$1\"" << endl; + output << "}" << endl; + output << endl; + + output << "check_file() {" << endl; + output << " test -r \"$2\" || {" << endl; + output << " echo \"Can not find file $2 referenced by AddressTable object $1\"" << endl; + output << " exit 1" << endl; + output << " }" << endl; + output << "}" << endl; + output << endl; + + output << "va_num=1" << endl; + + output << "add_addr() {" << endl; + output << " addr=$1" << endl; + output << " nm=$2" << endl; + output << " dev=$3" << endl; + output << "" << endl; + output << " type=\"\"" << endl; + output << " aadd=\"\"" << endl; + output << "" << endl; + output << " L=`$IP -4 link ls $dev | head -n1`" << endl; + output << " if test -n \"$L\"; then" << endl; + output << " OIFS=$IFS" << endl; + output << " IFS=\" /:,<\"" << endl; + output << " set $L" << endl; + output << " type=$4" << endl; + output << " IFS=$OIFS" << endl; + output << " if test \"$type\" = \"NO-CARRIER\"; then" << endl; + output << " type=$5" << endl; + output << " fi" << endl; + output << "" << endl; + +/* + * see comment about using grep with or without regex below + */ + output << " L=`$IP -4 addr ls $dev to $addr | grep inet | grep -v :`" << endl; + output << " if test -n \"$L\"; then" << endl; + output << " OIFS=$IFS" << endl; + output << " IFS=\" /\"" << endl; + output << " set $L" << endl; + output << " aadd=$2" << endl; + output << " IFS=$OIFS" << endl; + output << " fi" << endl; + output << " fi" << endl; + output << " if test -z \"$aadd\"; then" << endl; + output << " if test \"$type\" = \"POINTOPOINT\"; then"<< endl; + output << " $IP -4 addr add $addr dev $dev scope global label $dev:FWB${va_num}" << endl; + output << " va_num=`expr $va_num + 1`" << endl; + output << " fi" << endl; + output << " if test \"$type\" = \"BROADCAST\"; then" << endl; + output << " $IP -4 addr add $addr/$nm dev $dev brd + scope global label $dev:FWB${va_num}" << endl; + output << " va_num=`expr $va_num + 1`" << endl; + output << " fi" << endl; + output << " fi" << endl; + output << "}" << endl; + output << endl; + output << "getInterfaceVarName() {" << endl; + output << " echo $1 | sed 's/\\./_/'" << endl; + output << "}" << endl; + output << endl; + output << "getaddr() {" << endl; + output << " dev=$1" << endl; + output << " name=$2" << endl; +/* + * originally this command looked like this: + * $IP -4 addr ls $dev to $addr | grep inet | grep -E \"$dev$\"` + * + * i.e. it looked for a line that ends with "$dev": + * inet 10.3.14.40/24 brd 10.3.14.255 scope global eth0 + * as opposed to + * inet 192.168.1.100/24 brd 192.168.1.255 scope global eth0:1 + * + * It turns out, some busybox-based systems have grep compiled w/o + * support for regular expressions. Using "grep -v :" seems to be an + * easy way to filter out secondary addresses without using regex + */ + output << " L=`$IP -4 addr show dev $dev | grep inet | grep -v :`" << endl; + output << " test -z \"$L\" && { " << endl; + output << " eval \"$name=''\"" << endl; + output << " return" << endl; + output << " }" << endl; + output << " OIFS=$IFS" << endl; + output << " IFS=\" /\"" << endl; + output << " set $L" << endl; + output << " eval \"$name=$2\"" << endl; + output << " IFS=$OIFS" << endl; + output << "}" << endl; + output << endl; + output << endl; + +/* we use function getinterfaces to process wildcard interfaces */ + + output << "getinterfaces() {" << endl; + output << " NAME=$1" << endl; + output << " $IP link show | grep \": $NAME\" | while read L; do" << endl; + output << " OIFS=$IFS" << endl; + output << " IFS=\" :\"" << endl; + output << " set $L" << endl; + output << " IFS=$OIFS" << endl; + output << " echo $2" << endl; + output << " done" << endl; + output << "}" << endl; + output << endl; + output << endl; + + output << "# increment ip address" << endl; + output << "incaddr()" << endl; + output << "{" << endl; + output << " n1=$4" << endl; + output << " n2=$3" << endl; + output << " n3=$2" << endl; + output << " n4=$1" << endl; + output << endl; + output << " vn1=`eval \"echo \\\\$$n1\"`" << endl; + output << endl; + output << " R=`expr $vn1 \\< 255`" << endl; + output << " if test $R = \"1\"; then" << endl; + output << " eval \"$n1=`expr $vn1 + 1`\"" << endl; + output << " else" << endl; + output << " eval \"$n1=0\"" << endl; + output << " incaddr XX $n4 $n3 $n2" << endl; + output << " fi" << endl; + output << "}" << endl; + output << endl; + +/* check if package iproute2 is installed, but do this only if + * we really need /usr/sbin/ip + */ + if (options->getBool("verify_interfaces") || + options->getBool("manage_virtual_addr") || + options->getBool("configure_interfaces") ) + { + output << "if $IP link ls >/dev/null 2>&1; then" << endl; + output << " echo;" << endl; + output << "else" << endl; + output << " echo \"iproute not found\"" << endl; + output << " exit 1" << endl; + output << "fi" << endl; + } + + output << endl; +} + +string OSConfigurator_linux24::printPathForAllTools(const string &os) +{ + string res; + + FWOptions* options=fw->getOptionsObject(); + + string s, path_lsmod, path_modprobe, path_iptables, path_iptables_restore, path_ip, path_logger; + + s=options->getStr("linux24_path_lsmod"); + if (!s.empty()) path_lsmod=s; + else path_lsmod=os_data.getPathForTool(os,OSData::LSMOD); + + s=options->getStr("linux24_path_modprobe"); + if (!s.empty()) path_modprobe=s; + else path_modprobe=os_data.getPathForTool(os,OSData::MODPROBE); + + s=options->getStr("linux24_path_iptables"); + if (!s.empty()) path_iptables=s; + else path_iptables=os_data.getPathForTool(os,OSData::IPTABLES); + + s=options->getStr("linux24_path_iptables_restore"); + if (!s.empty()) path_iptables_restore=s; + else path_iptables_restore=os_data.getPathForTool(os,OSData::IPTABLES_RESTORE); + + s=options->getStr("linux24_path_ip"); + if (!s.empty()) path_ip=s; + else path_ip=os_data.getPathForTool(os,OSData::IP); + + s=options->getStr("linux24_path_logger"); + if (!s.empty()) path_logger=s; + else path_logger=os_data.getPathForTool(os,OSData::LOGGER); + + + res += "LSMOD=\"" +path_lsmod+"\"\n"; + res += "MODPROBE=\""+path_modprobe+"\"\n"; + res += "IPTABLES=\""+path_iptables+"\"\n"; + res += "IPTABLES_RESTORE=\""+path_iptables_restore+"\"\n"; + res += "IP=\"" +path_ip+"\"\n"; + res += "LOGGER=\"" +path_logger+"\"\n"; + res += "\n"; + + return res; +} + +void OSConfigurator_linux24::generateCodeForProtocolHandlers(bool have_nat) +{ + FWOptions* options=fw->getOptionsObject(); + + bool nomod=Resources::os_res[fw->getStr("host_OS")]->Resources::getResourceBool("/FWBuilderResources/Target/options/suppress_modules"); + +/* there is no need to load modules on linksys */ + if (options->getBool("load_modules") && !nomod) + { + std::string sed_command = "sed -e 's/^.*\\///' -e 's/\\([^\\.]\\)\\..*/\\1/'"; + output << endl; + output << "MODULES_DIR=\"/lib/modules/`uname -r`/kernel/net/\"" << endl; + output << "MODULES=`find $MODULES_DIR -name '*conntrack*'|" << sed_command << "`" << endl; + if (have_nat) + { + output << "MODULES=\"$MODULES `find $MODULES_DIR -name '*nat*'|" << sed_command << "`\"" << endl; + + } + + output << "for module in $MODULES; do " << endl; + output << " if $LSMOD | grep ${module} >/dev/null; then continue; fi" << endl; + output << " $MODPROBE ${module} || exit 1 " << endl; + output << "done" << endl; + + output << endl; + output << endl; + } +} + +string OSConfigurator_linux24::printRunTimeWrappers(FWObject *rule, + const string &command) +{ + string command_line = command; + ostringstream res; + ostringstream ext_command_line; + + int nlines = 0; + string::size_type p1 = 0; + string::size_type p2, p3; + + p1=command_line.find("$at_"); + if ( p1!=string::npos ) + { + p2=command_line.find(" ",p1); + string at_var= command_line.substr(p1+1,p2-p1-1); // skip '$' + string atfile = rule->getStr("address_table_file"); + ext_command_line << "grep -Ev '^#|^;|^\\s*$' " << atfile << " | "; + ext_command_line << "while read L ; do" << endl; + ext_command_line << " set $L; " << at_var << "=$1; "; + ext_command_line << command_line; + ext_command_line << "done" << endl; + + command_line = ext_command_line.str(); + } + + p1 = 0; + while (1) + { + p1=command_line.find_first_of("\n\r",p1); + if (p1==string::npos) break; + nlines++; + p1=command_line.find_first_not_of("\n\r",p1); + if (p1==string::npos) break; + } + +/* if anywhere in command_line we used variable holding an address of + * dynamic interface (named $i_something) then we need to add + * this command with a check for the value of this variable. We execute + * iptables command only if the value is a non-empty string. + */ + + p1=command_line.find("$i_"); + string iface_name; + string iface_var; + if ( p1==string::npos ) return command_line; + + p2=command_line.find(" ",p1); + p3=command_line.find("_",p1) +1; + iface_name=command_line.substr(p3,p2-p3); + iface_var= command_line.substr(p1,p2-p1); + +/* if interface name ends with '*', this is a wildcard interface. */ + string::size_type p4; + if ((p4=iface_name.find("*"))!=string::npos) + { + string cmdline=command_line; + string iface_family_name=iface_name.substr(0,p4); + res << "getinterfaces " << iface_family_name << " | while read I; do" << endl; + res << " ivar=`getInterfaceVarName $I`" << endl; + res << " getaddr $I $ivar" << endl; + res << " cmd=\"$\"$ivar" << endl; + res << " eval \"addr=$cmd\"" << endl; + cmdline.replace(p1,p2-p1,"$addr"); + res << " test -n \"$addr\" && "; + if (nlines>1) res << "{" << endl; + res << cmdline; + if (nlines>1) res << "}" << endl; + res << "done" << endl; + } else + { + res << "test -n \"" << iface_var << "\" && "; + if (nlines>1) res << "{" << endl; + res << command_line; + if (nlines>1) res << "}" << endl; + } + + return res.str(); +} + +void OSConfigurator_linux24::epilog() +{ + FWOptions* options=fw->getOptionsObject(); + + try { + output << "#" << endl; + output << "#" << endl; + +/* Turn on packet forwarding if we have to */ + + string s=options->getStr("linux24_ip_forward"); + if (!s.empty()) + { + if (s=="1" || s=="On" || s=="on") s="1"; + else s="0"; + output << "echo " << s << " > /proc/sys/net/ipv4/ip_forward\n\n"; + } +// else +// output << "echo \"$FWD\" > /proc/sys/net/ipv4/ip_forward\n\n"; + + } catch (FWException ex) { + error(ex.toString()); + exit(1); + } +} diff --git a/src/ipt/OSConfigurator_linux24.h b/src/ipt/OSConfigurator_linux24.h new file mode 100644 index 000000000..f22100776 --- /dev/null +++ b/src/ipt/OSConfigurator_linux24.h @@ -0,0 +1,81 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: OSConfigurator_linux24.h 1026 2006-05-16 22:39:59Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#ifndef _OSNETWORKCONFIGURATOR_LINUX24_HH +#define _OSNETWORKCONFIGURATOR_LINUX24_HH + +#include "config.h" + +#include "fwcompiler/OSConfigurator.h" + +#include "OSData.h" + +namespace libfwbuilder { + class FWObject; + class MultiAddressRunTime; +}; + +namespace fwcompiler { + + class OSConfigurator_linux24 : public OSConfigurator { + + OSData os_data; + std::map address_table_objects; + std::vector virtual_addresses; + std::list commands_to_add_virtual_addresses; + + std::string getInterfaceVarName(libfwbuilder::FWObject *iface); + + public: + + virtual ~OSConfigurator_linux24() {}; + OSConfigurator_linux24(libfwbuilder::FWObjectDatabase *_db, + const std::string &fwname); + + virtual std::string myPlatformName(); + + virtual int prolog(); + virtual void epilog(); + + virtual void processFirewallOptions(); + virtual void generateCodeForProtocolHandlers(bool have_nat); + + virtual void addVirtualAddressForNAT(const libfwbuilder::Address *addr); + virtual void addVirtualAddressForNAT(const libfwbuilder::Network *nw); + + void registerMultiAddressObject(libfwbuilder::MultiAddressRunTime *at); + void printChecksForRunTimeMultiAddress(); + void printShellFunctions(); + std::string printPathForAllTools(const std::string &os); + void configureInterfaces(); + void printCommandsToAddVirtualAddressesForNAT(); + + std::string printRunTimeWrappers(libfwbuilder::FWObject *rule, + const std::string &command); + + }; +}; + +#endif diff --git a/src/ipt/OSData.cpp b/src/ipt/OSData.cpp new file mode 100644 index 000000000..d53230f7a --- /dev/null +++ b/src/ipt/OSData.cpp @@ -0,0 +1,50 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: OSData.cpp 606 2004-10-25 04:23:14Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "OSData.h" +#include "fwbuilder/Resources.h" + +using namespace std; + + +string OSData::getPathForTool(const string &distro,tools t) +{ + string r="/FWBuilderResources/Target/tools/"+distro+"/"; + + if (Resources::os_res[host_os]->getResourceStr(r+"path_ip").empty()) + r="/FWBuilderResources/Target/tools/Unknown/"; + + switch (t) + { + case LSMOD: r+="path_lsmod"; break; + case MODPROBE: r+="path_modprobe"; break; + case IPTABLES: r+="path_iptables"; break; + case IPTABLES_RESTORE: r+="path_iptables_restore"; break; + case IP: r+="path_ip"; break; + case LOGGER: r+="path_logger"; break; + } + return Resources::os_res[host_os]->getResourceStr(r); +} + diff --git a/src/ipt/OSData.h b/src/ipt/OSData.h new file mode 100644 index 000000000..9cca632c6 --- /dev/null +++ b/src/ipt/OSData.h @@ -0,0 +1,48 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: OSData.h 606 2004-10-25 04:23:14Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#ifndef __OSDATA_HH +#define __OSDATA_HH + +#include "config.h" + +#include +#include + + +class OSData { + + std::string host_os; + + public: + + OSData(const std::string &ho) { host_os=ho; } + + typedef enum { LSMOD, MODPROBE , IPTABLES , IPTABLES_RESTORE , IP , LOGGER } tools; + + std::string getPathForTool(const std::string &distro,tools t); +}; + +#endif diff --git a/src/ipt/PolicyCompiler_PrintRule.cpp b/src/ipt/PolicyCompiler_PrintRule.cpp new file mode 100644 index 000000000..ec49a60c4 --- /dev/null +++ b/src/ipt/PolicyCompiler_PrintRule.cpp @@ -0,0 +1,1437 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: PolicyCompiler_PrintRule.cpp 1456 2007-12-13 16:38:34Z vk $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "PolicyCompiler_ipt.h" +#include "OSConfigurator_linux24.h" + +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/CustomService.h" +#include "fwbuilder/TagService.h" +#include "fwbuilder/Policy.h" +#include "fwbuilder/Network.h" +#include "fwbuilder/DNSName.h" + +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/Policy.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/IPv4.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Resources.h" +#include "fwbuilder/AddressTable.h" + +#include "combinedAddress.h" + + +#include +#if __GNUC__ > 3 || \ + (__GNUC__ == 3 && (__GNUC_MINOR__ > 2 || (__GNUC_MINOR__ == 2 ) ) ) || \ + _MSC_VER +# include +#else +# include +#endif +#include +#include +#include + +#include + +using namespace libfwbuilder; +using namespace fwcompiler; +using namespace std; + + + +/** + *----------------------------------------------------------------------- + * Methods for printing + */ + +/* + * check and create new chain if needed + */ +string PolicyCompiler_ipt::PrintRule::_createChain(const string &chain) +{ + string res; + PolicyCompiler_ipt *ipt_comp=dynamic_cast(compiler); + + if ( ! chains[chain] ) + { + res = "$IPTABLES -N " + chain; + if (ipt_comp->my_table != "filter") res += " -t " + ipt_comp->my_table; + res += "\n"; + chains[chain]=true; + } + return res; +} + +string PolicyCompiler_ipt::PrintRule::_startRuleLine() +{ + string res = "$IPTABLES "; + PolicyCompiler_ipt *ipt_comp=dynamic_cast(compiler); + + if (ipt_comp->my_table != "filter") res += "-t " + ipt_comp->my_table + " "; + + res += "-A "; + return res; +} + +string PolicyCompiler_ipt::PrintRule::_endRuleLine() +{ + return string("\n"); +} + +string PolicyCompiler_ipt::PrintRule::_printRuleLabel(PolicyRule *rule) +{ + ostringstream res; + + bool nocomm=Resources::os_res[compiler->fw->getStr("host_OS")]->Resources::getResourceBool("/FWBuilderResources/Target/options/suppress_comments"); + + string rl=rule->getLabel(); + if (rl!=current_rule_label) + { + if (!nocomm) + { + res << "# " << endl; + res << "# Rule " << rl << endl; + res << "# " << endl; + } + res << "echo " << _quote(string("Rule ")+rl) << endl; + res << "# " << endl; + +/* do not put comment in the script if it is intended for linksys */ + if (!nocomm) + { + string comm=rule->getComment(); + string::size_type c1,c2; + c1=0; + while ( (c2=comm.find('\n',c1))!=string::npos ) { + res << "# " << comm.substr(c1,c2-c1) << endl; + c1=c2+1; + } + res << "# " << comm.substr(c1) << endl; + res << "# " << endl; + } + current_rule_label=rl; + } + return res.str(); +} + + + + +/** + *----------------------------------------------------------------------- + */ +string PolicyCompiler_ipt::PrintRule::_printChain(PolicyRule *rule) +{ + string s=rule->getStr("ipt_chain"); + if (s.empty()) s="UNKNOWN"; + s= s + " "; + return s; +} + +string PolicyCompiler_ipt::PrintRule::_printModules(PolicyRule *rule) +{ + std::ostringstream ostr; + + string target=rule->getStr("ipt_target"); + if (target.empty()) target="UNKNOWN"; + + FWOptions *ruleopt =rule->getOptionsObject(); + int lim = 0; + +/* + * Here is what do we do with limits: + * + * Limit set globally in 'Firewall' tab of the firewall dialog + * applies only to logging + * + * Limit set in the rule options dialog applies only to this + * rule's target. + * + * this is so as of 1.0.11 ( 28/06/03 ) --vk + */ + if (target=="LOG") + { + FWOptions *compopt=compiler->getCachedFwOpt(); + if ((lim=compopt->getInt("limit_value"))>0) + { + ostr << " -m limit --limit " << lim; + + string ls=compopt->getStr("limit_suffix"); + if (!ls.empty()) ostr << ls; + + int lb=compopt->getInt("limit_burst"); + if (lb>0) ostr << " --limit-burst " << lb; + } + } else { + if (ruleopt!=NULL && (lim=ruleopt->getInt("limit_value"))>0) + { + ostr << " -m limit --limit " << lim; + + string ls=ruleopt->getStr("limit_suffix"); + if (!ls.empty()) ostr << ls; + + int lb=ruleopt->getInt("limit_burst"); + if (lb>0) ostr << " --limit-burst " << lb; + } + } + + if (ruleopt!=NULL && (lim=ruleopt->getInt("connlimit_value"))>0) + { + ostr << " -m connlimit --connlimit-above " << lim; + + int ml=ruleopt->getInt("connlimit_masklen"); + if (ml>0) ostr << " --connlimit-mask " << ml; + } + + if (ruleopt!=NULL && (lim=ruleopt->getInt("hashlimit_value"))>0) + { + string module_name = "hashlimit"; + if (ruleopt->getBool("hashlimit_dstlimit")) + module_name = "dstlimit"; + + ostr << " -m " << module_name << " --" << module_name << " " << lim; + + string ls = ruleopt->getStr("hashlimit_suffix"); + if (!ls.empty()) ostr << ls; + + int lb=ruleopt->getInt("hashlimit_burst"); + if (lb>0) ostr << " --" << module_name << "-burst " << lb; + + ls=ruleopt->getStr("hashlimit_mode"); + if (!ls.empty()) ostr << " --" << module_name << "-mode " << ls; + + string hl_name = ruleopt->getStr("hashlimit_name"); + if (hl_name.empty()) + { + std::ostringstream hn; + hn << "htable_rule_" << rule->getPosition(); + hl_name = hn.str(); + } + ostr << " --" << module_name << "-name " << hl_name; + + int arg = ruleopt->getInt("hashlimit_size"); + if (arg>0) ostr << " --" << module_name << "-htable-size " << arg; + + arg = ruleopt->getInt("hashlimit_max"); + if (arg>0) ostr << " --" << module_name << "-htable-max " << arg; + + arg = ruleopt->getInt("hashlimit_expire"); + if (arg>0) ostr << " --" << module_name << "-htable-expire " << arg; + + arg = ruleopt->getInt("hashlimit_gcinterval"); + if (arg>0) ostr << " --" << module_name << "-htable-gcinterval " << arg; + + } + + return ostr.str(); +} + + +string PolicyCompiler_ipt::PrintRule::_printTarget(PolicyRule *rule) +{ + std::ostringstream ostr; + + string target=rule->getStr("ipt_target"); + if (target.empty()) target="UNKNOWN"; + + FWOptions *ruleopt =rule->getOptionsObject(); + + if (target=="CUSTOM") + { + ostr << ruleopt->getStr("custom_str"); + return ostr.str(); + } + + if ( compiler->getCachedFwOpt()->getBool("use_ULOG") && + target=="LOG") target="ULOG"; + + ostr << " -j " << target << " "; + + if (target=="REJECT") + ostr << _printActionOnReject(rule); + + if (target=="LOG" || target=="ULOG") + ostr << _printLogParameters(rule); + + if (target=="MARK") + { + ostr << " --set-mark " << ruleopt->getStr("tagvalue"); + } + + if (target=="CONNMARK") + { + ostr << ruleopt->getStr("CONNMARK_arg"); + } + + if (target=="CLASSIFY") + { + ostr << " --set-class " << ruleopt->getStr("classify_str"); + } + + if (target=="ROUTE") + { + string a; + a = ruleopt->getStr("ipt_iif"); + if (!a.empty()) ostr << " --iif " << a; + + a = ruleopt->getStr("ipt_oif"); + if (!a.empty()) ostr << " --oif " << a; + + a = ruleopt->getStr("ipt_gw"); + if (!a.empty()) ostr << " --gw " << a; + + bool c = ruleopt->getBool("ipt_continue"); + if (c) ostr << " --continue"; + + c = ruleopt->getBool("ipt_tee"); + if (c) ostr << " --tee"; + } + + return ostr.str(); +} + +string PolicyCompiler_ipt::PrintRule::_printMultiport(PolicyRule *rule) +{ + RuleElementSrv *srvrel=rule->getSrv(); + string s; + if(srvrel->size()>1 && rule->getBool("ipt_multiport")) + s= " -m multiport "; + + return s; +} + +string PolicyCompiler_ipt::PrintRule::_printDirectionAndInterface(PolicyRule *rule) +{ + std::ostringstream ostr; + + string iface_name = rule->getInterfaceStr(); + if (iface_name.empty() || iface_name=="nil" ) return ""; + +/* if interface name ends with '*', this is a wildcard + * interface. Iptables supports wildcard interfaces but uses '+' as a + * wildcard symbol */ + + string::size_type n; + if ( (n=iface_name.find("*"))!=string::npos) iface_name[n]='+'; + + string version=compiler->fw->getStr("version"); + + Interface *rule_iface = + compiler->getCachedFwInterface(rule->getInterfaceId()); + + if (rule_iface && rule_iface->isBridgePort() && version == "1.3.0") + { + if (rule->getDirection()==PolicyRule::Inbound) + ostr << " -m physdev --physdev-in " << iface_name; + + if (rule->getDirection()==PolicyRule::Outbound) + ostr << " -m physdev --physdev-out " << iface_name; + } else + { + if (rule->getDirection()==PolicyRule::Inbound) + ostr << " -i " << iface_name; + + if (rule->getDirection()==PolicyRule::Outbound) + ostr << " -o " << iface_name; + } + +// if (rule->getDirection()==PolicyRule::Both) +// compiler->output << "-i " << rule_iface->getName() +// << " -o " << rule_iface->getName(); + ostr << " "; + + return ostr.str(); +} + +string PolicyCompiler_ipt::PrintRule::_printActionOnReject(libfwbuilder::PolicyRule *rule) +{ + std::ostringstream str; + + PolicyCompiler_ipt *ipt_comp=dynamic_cast(compiler); + +// RuleElementSrv *srvrel=rule->getSrv(); + Service *srv =compiler->getFirstSrv(rule); assert(srv); + + string version=compiler->fw->getStr("version"); + string s=ipt_comp->getActionOnReject(rule); + if (!s.empty()) + { + if (ipt_comp->isActionOnRejectTCPRST(rule)) str << " --reject-with tcp-reset"; + + if (s.find("ICMP")!=string::npos) + { + if (s.find("unreachable")!=string::npos) + { + if (s.find("net")!=string::npos) str << " --reject-with icmp-net-unreachable"; + if (s.find("host")!=string::npos) str << " --reject-with icmp-host-unreachable"; + if (s.find("port")!=string::npos) str << " --reject-with icmp-port-unreachable"; + if (s.find("proto")!=string::npos) str << " --reject-with icmp-proto-unreachable"; + } + if (s.find("prohibited")!=string::npos) + { + if (s.find("net")!=string::npos) str << " --reject-with icmp-net-prohibited"; + if (s.find("host")!=string::npos) str << " --reject-with icmp-host-prohibited"; + if ((version=="1.2.9" || version=="1.3.0") && + s.find("admin")!=string::npos) str << " --reject-with icmp-admin-prohibited"; + } + } + } + str << " "; + return str.str(); +} + +string PolicyCompiler_ipt::PrintRule::_printGlobalLogParameters() +{ + return _printLogParameters(NULL); +} + +string PolicyCompiler_ipt::PrintRule::_printLogPrefix(const string &rule_num, + const string &action, + const string &interf, + const string &chain, + const string &rule_label, + const string &prefix) +{ + string s=prefix; + +/* deal with our logging macros: + * %N - rule number ('2', or '2/3' for rule in a branch) + * %A - action + * %I - interface name + * %C - chain name + */ + string::size_type n; + if ((n=s.find("%N"))!=string::npos ) + { + s.replace(n,2,rule_num); + } + if ((n=s.find("%A"))!=string::npos ) + { + s.replace(n,2,action); + } + if ((n=s.find("%I"))!=string::npos ) + { + s.replace(n,2,interf); + } + if ((n=s.find("%C"))!=string::npos ) + { + s.replace(n,2,chain); + } + + if (s.length()>29) + { + compiler->warning(_("Log prefix has been truncated to 29 characters in rule ")+rule_label); + s=s.substr(0,29); + } + + return _quote( s ); +} + +string PolicyCompiler_ipt::PrintRule::_printLogPrefix(PolicyRule *rule, + const string &prefix) +{ + char action[64]; + strncpy(action,rule->getStr("stored_action").c_str(),sizeof(action)); + for (char *cptr=action; *cptr; cptr++) *cptr=toupper(*cptr); + + string rule_iface = rule->getInterfaceStr(); + if (rule_iface=="") rule_iface = "global"; + + std::ostringstream s1; + int pos=rule->getPosition(); + // parent_rule_num is set by processor "Branching" for branch rules + string ppos = rule->getStr("parent_rule_num"); + + if (ppos != "") + s1 << ppos << "/"; + s1 << pos; + + return _printLogPrefix(s1.str(), + action, + rule_iface, + rule->getStr("ipt_chain"), + rule->getLabel(), + prefix); +} + +string PolicyCompiler_ipt::PrintRule::_printLogParameters(libfwbuilder::PolicyRule *rule) +{ + std::ostringstream str; + string s; +// int l; + FWOptions *ruleopt =(rule!=NULL)?rule->getOptionsObject():compiler->getCachedFwOpt(); + + bool use_ulog=compiler->getCachedFwOpt()->getBool("use_ULOG"); + + if (use_ulog) + { + s=ruleopt->getStr("ulog_nlgroup"); + if (s.empty()) s=compiler->getCachedFwOpt()->getStr("ulog_nlgroup"); + if (!s.empty()) + str << " --ulog-nlgroup " << s; + + s=ruleopt->getStr("log_prefix"); + if (s.empty()) s=compiler->getCachedFwOpt()->getStr("log_prefix"); + if (!s.empty()) + str << " --ulog-prefix " << _printLogPrefix(rule,s); + + int r=compiler->getCachedFwOpt()->getInt("ulog_cprange"); + if (r!=0) str << " --ulog-cprange " << r << " "; + r=compiler->getCachedFwOpt()->getInt("ulog_qthreshold"); + if (r!=0) str << " --ulog-qthreshold " << r << " "; + } else + { + bool numeric_levels; + numeric_levels=compiler->getCachedFwOpt()->getBool("use_numeric_log_levels"); + s=ruleopt->getStr("log_level"); + if (s.empty()) s=compiler->getCachedFwOpt()->getStr("log_level"); + if (!s.empty()) + { + if ( numeric_levels ) + { + if (s=="alert") s="1"; + if (s=="crit") s="2"; + if (s=="error") s="3"; + if (s=="warning") s="4"; + if (s=="notice") s="5"; + if (s=="info") s="6"; + if (s=="debug") s="7"; + } + str << " --log-level " << s; + } + + s=ruleopt->getStr("log_prefix"); + if (s.empty()) s=compiler->getCachedFwOpt()->getStr("log_prefix"); + if (!s.empty()) + str << " --log-prefix " << _printLogPrefix(rule,s); + + if (ruleopt->getBool("log_tcp_seq") || compiler->getCachedFwOpt()->getBool("log_tcp_seq")) + str << " --log-tcp-sequence "; + if (ruleopt->getBool("log_tcp_opt") || compiler->getCachedFwOpt()->getBool("log_tcp_opt")) + str << " --log-tcp-options "; + if (ruleopt->getBool("log_ip_opt") || compiler->getCachedFwOpt()->getBool("log_ip_opt")) + str << " --log-ip-options "; + } + + return str.str(); +} + +string PolicyCompiler_ipt::PrintRule::_printLimit(libfwbuilder::PolicyRule *rule) +{ + std::ostringstream str; + string s; + int l, lb; + FWOptions *ruleopt =rule->getOptionsObject(); + FWOptions *compopt =compiler->getCachedFwOpt(); + + if ( (ruleopt!=NULL && (l=ruleopt->getInt("limit_value"))>0) || + (l=compopt->getInt("limit_value"))>0 ) + { + str << " -m limit --limit " << l; + + if (ruleopt!=NULL) s=ruleopt->getStr("limit_suffix"); + if (s.empty()) s=compopt->getStr("limit_suffix"); + if (!s.empty()) str << s; + + lb=-1; + if (ruleopt!=NULL) lb=ruleopt->getInt("limit_burst"); + if (lb<0) lb=compopt->getInt("limit_burst"); + if (lb>0) str << " --limit-burst " << lb; + } + + return str.str(); +} + +string PolicyCompiler_ipt::PrintRule::_printProtocol(libfwbuilder::Service *srv) +{ + string version=compiler->fw->getStr("version"); + string s; + if (! srv->isAny() && !CustomService::isA(srv) && !TagService::isA(srv)) + { + string pn=srv->getProtocolName(); + if (pn=="ip") pn="all"; + + s= "-p " + pn + " "; + + if (pn == "icmp") + { + if (version.empty() || version=="1.2.9" || version=="1.3.0") + { + s += " -m icmp "; + } + } else + { + if (pn == "tcp") s += "-m tcp "; + if (pn == "udp") s += "-m udp "; + } + } + return s; +} + +string PolicyCompiler_ipt::PrintRule::_printPorts(int rs,int re) +{ + std::ostringstream str; + + compiler->normalizePortRange(rs,re); + + if (rs>0 || re>0) { + if (rs==re) str << rs; + else + if (rs==0 && re!=0) str << ":" << re; + else + str << rs << ":" << re; + } + return str.str(); +} + +string PolicyCompiler_ipt::PrintRule::_printSrcPorts(Service *srv) +{ + std::ostringstream str; + if (TCPService::isA(srv) || UDPService::isA(srv)) + { + int rs=srv->getInt("src_range_start"); + int re=srv->getInt("src_range_end"); + str << _printPorts(rs,re); + } + return str.str(); +} + +string PolicyCompiler_ipt::PrintRule::_printDstPorts(Service *srv) +{ + std::ostringstream str; + if (TCPService::isA(srv) || UDPService::isA(srv)) + { + int rs=srv->getInt("dst_range_start"); + int re=srv->getInt("dst_range_end"); + str << _printPorts(rs,re); + } + return str.str(); +} + +string PolicyCompiler_ipt::PrintRule::_printICMP(ICMPService *srv) +{ + std::ostringstream str; + if (ICMPService::isA(srv) && srv->getInt("type")!=-1) { + str << srv->getStr("type"); + if (srv->getInt("code")!=-1) + str << "/" << srv->getStr("code") << " "; + } + return str.str(); +} + +string PolicyCompiler_ipt::PrintRule::_printIP(IPService *srv) +{ + std::ostringstream str; + if (IPService::isA(srv) ) { + if (srv->getBool("fragm") || srv->getBool("short_fragm")) + str << " -f "; + + if (srv->getBool("lsrr") || + srv->getBool("ssrr") || + srv->getBool("rr") || + srv->getBool("ts") ) str << " -m ipv4options "; + + if (srv->getBool("lsrr")) str << " --lsrr"; + if (srv->getBool("ssrr")) str << " --ssrr"; + if (srv->getBool("rr")) str << " --rr"; + if (srv->getBool("ts")) str << " --ts"; + } + return str.str(); +} + +string PolicyCompiler_ipt::PrintRule::_printTCPFlags(libfwbuilder::TCPService *srv) +{ + string str; + if (srv->inspectFlags()) + { + TCPService::TCPFlag f1[2]={ TCPService::SYN }; + TCPService::TCPFlag f2[7]={ TCPService::URG, + TCPService::ACK, + TCPService::PSH, + TCPService::RST, + TCPService::SYN, + TCPService::FIN }; + + std::set none; + std::set syn( f1, f1+1 ); + std::set all_masks( f2 , f2+6 ); + + if (srv->getAllTCPFlags()==syn && srv->getAllTCPFlagMasks()==all_masks) + str=" --tcp-flags SYN,RST,ACK SYN "; + else + { + str=" --tcp-flags "; + bool first=true; + + if (srv->getAllTCPFlagMasks()==all_masks) str+="ALL"; + else + { + if (srv->getTCPFlagMask(TCPService::URG)) { if (!first) str+=","; str+="URG"; first=false; } + if (srv->getTCPFlagMask(TCPService::ACK)) { if (!first) str+=","; str+="ACK"; first=false; } + if (srv->getTCPFlagMask(TCPService::PSH)) { if (!first) str+=","; str+="PSH"; first=false; } + if (srv->getTCPFlagMask(TCPService::RST)) { if (!first) str+=","; str+="RST"; first=false; } + if (srv->getTCPFlagMask(TCPService::SYN)) { if (!first) str+=","; str+="SYN"; first=false; } + if (srv->getTCPFlagMask(TCPService::FIN)) { if (!first) str+=","; str+="FIN"; first=false; } + } + + str+=" "; + + if (srv->getAllTCPFlags()==none) str+="NONE"; + else + { + first=true; + if (srv->getTCPFlag(TCPService::URG)) { if (!first) str+=","; str+="URG"; first=false; } + if (srv->getTCPFlag(TCPService::ACK)) { if (!first) str+=","; str+="ACK"; first=false; } + if (srv->getTCPFlag(TCPService::PSH)) { if (!first) str+=","; str+="PSH"; first=false; } + if (srv->getTCPFlag(TCPService::RST)) { if (!first) str+=","; str+="RST"; first=false; } + if (srv->getTCPFlag(TCPService::SYN)) { if (!first) str+=","; str+="SYN"; first=false; } + if (srv->getTCPFlag(TCPService::FIN)) { if (!first) str+=","; str+="FIN"; first=false; } + } + } + } + return str; +} + +/* + * we made sure that all services in rel represent the same protocol + */ +string PolicyCompiler_ipt::PrintRule::_printSrcService(RuleElementSrv *rel) +{ + std::ostringstream ostr; +/* I do not want to use rel->getFirst because it traverses the tree to + * find the object. I'd rather use a cached copy in the compiler + */ + FWObject *o=rel->front(); + if (o && FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + + Service *srv= Service::cast(o); + + + if (rel->size()==1) { + if (UDPService::isA(srv) || TCPService::isA(srv)) { + string str=_printSrcPorts( srv ); + if (! str.empty() ) + { + ostr << " --sport "; + ostr << _printSingleObjectNegation(rel) << str << " "; + } + } + } else { +/* use multiport */ + + string str; + bool first=true; + for (FWObject::iterator i=rel->begin(); i!=rel->end(); i++) { + FWObject *o= *i; +// if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + + Service *s=Service::cast( o ); + assert(s); + if (UDPService::isA(srv) || TCPService::isA(srv)) { + if (!first) str+=","; + str+= _printSrcPorts( s ); + if (!str.empty()) first=false; + } + } + if ( !str.empty() ) + { + string v=compiler->fw->getStr("version"); + if (v.empty() || v=="ge_1.2.6" || v=="1.2.9" || v=="1.3.0") + ostr << " --sports "; + else + ostr << " --source-port "; + + ostr << str << " "; + } + } + return ostr.str(); +} + +string PolicyCompiler_ipt::PrintRule::_printDstService(RuleElementSrv *rel) +{ + std::ostringstream ostr; + FWObject *o=rel->front(); + string version=compiler->fw->getStr("version"); + if (o && FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + + Service *srv= Service::cast(o); + + if (rel->size()==1) + { + if (UDPService::isA(srv) || TCPService::isA(srv)) + { + string str=_printDstPorts( srv ); + if (! str.empty() ) + { + ostr << " --dport "; + ostr << _printSingleObjectNegation(rel) << str << " "; + } + } + if (TCPService::isA(srv)) + { + string str=_printTCPFlags(TCPService::cast(srv)); + if (!str.empty()) + { + ostr << _printSingleObjectNegation(rel) + << str << " "; + } + } + if (ICMPService::isA(srv)) + { + string str=_printICMP( ICMPService::cast(srv) ); + if (str.empty() ) + { + if (version.empty() || version=="1.2.9" || version=="1.3.0") + ostr << " --icmp-type any "; + } else + { + ostr << " --icmp-type " + << _printSingleObjectNegation(rel) + << str << " "; + } + } + if (IPService::isA(srv)) + { + string str=_printIP( IPService::cast(srv) ); + if (! str.empty() ) + { + ostr << _printSingleObjectNegation(rel) + << str << " "; + } + } + if (CustomService::isA(srv)) + { + ostr << _printSingleObjectNegation(rel) << " " + << CustomService::cast(srv)->getCodeForPlatform( compiler->myPlatformName() ) << " "; + } + if (TagService::isA(srv)) + { + ostr << "-m mark --mark " + << TagService::cast(srv)->getCode() << " "; + } + } else + { +/* use multiport */ + + string str; + for (FWObject::iterator i=rel->begin(); i!=rel->end(); i++) + { + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + + Service *s=Service::cast( o ); + assert(s); + if (UDPService::isA(srv) || TCPService::isA(srv)) + { + string str1 = _printDstPorts( s ); + if (str!="" && str1!="") str+=","; + str+=str1; + } + } + if ( !str.empty() ) + { + string v=compiler->fw->getStr("version"); + if (v.empty() || v=="ge_1.2.6" || v=="1.2.9" || v=="1.3.0") + ostr << " --dports "; + else + ostr << " --destination-port "; + ostr << str << " "; + } + } + return ostr.str(); +} + +string PolicyCompiler_ipt::PrintRule::_printAddr(Address *o) +{ + PolicyCompiler_ipt *ipt_comp=dynamic_cast(compiler); + std::ostringstream ostr; + + MultiAddressRunTime *atrt = MultiAddressRunTime::cast(o); + if (atrt!=NULL) + { + if (atrt->getSubstitutionTypeName()==AddressTable::TYPENAME) + { + ostr << "$" << ipt_comp->getAddressTableVarName(atrt) << " "; + return ostr.str(); + } + + if (atrt->getSubstitutionTypeName()==DNSName::TYPENAME) + { + return atrt->getSourceName(); + } + // at this time we only support two types of MultiAddress + // objects: AddressTable and DNSName. Both should be converted + // to MultiAddressRunTime at this point. If we get some other + // kind of MultiAddressRunTime object, we do not know what to do + // with it so we stop. + assert(atrt==NULL); + } + + if (Interface::cast(o)!=NULL) + { + Interface *iface=Interface::cast(o); + if (iface->isDyn()) + ostr << "$" << ipt_comp->getInterfaceVarName(iface) << " "; + return ostr.str(); + } + + IPAddress addr; + Netmask mask; + try { + addr=o->getAddress(); + + if (Interface::cast(o)!=NULL || IPv4::cast(o)!=NULL) mask=Netmask("255.255.255.255"); + else mask=o->getNetmask(); + } + catch (FWException ex) + { + FWObject *obj=o; +/* + * check if this is object of class Address. since we want to + * distinguish between Host, Interface and Address, and both Host and + * Interface are inherited from Address, we can't use cast. Use isA + * instead + */ + while (obj!=NULL && + !Host::isA(obj) && + !Firewall::isA(obj) && + !Network::isA(obj)) obj=obj->getParent(); + + compiler->error(_("Problem with address or netmask in the object or one of its interfaces: '")+obj->getName()+"'"); + throw; + } + + + if (addr.toString()=="0.0.0.0" && mask.toString()=="0.0.0.0") + { + ostr << "0/0 "; + } else + { + ostr << addr.toString(); + if (mask.toString()!="255.255.255.255") + { + ostr << "/" << mask.getLength(); + } + ostr << " "; + } + return ostr.str(); +} + + +string PolicyCompiler_ipt::PrintRule::_printSingleObjectNegation(RuleElement *rel) +{ + if (rel->getBool("single_object_negation")) return "! "; + else return ""; +} + +string PolicyCompiler_ipt::PrintRule::_printTimeInterval(PolicyRule *r) +{ + std::ostringstream ostr; + + RuleElementInterval* ri=r->getWhen(); + if (ri==NULL || ri->isAny()) return ""; + + std::map daysofweek; + + daysofweek[0]="Sun"; + daysofweek[1]="Mon"; + daysofweek[2]="Tue"; + daysofweek[3]="Wed"; + daysofweek[4]="Thu"; + daysofweek[5]="Fri"; + daysofweek[6]="Sat"; + + bool first; + int smin, shour, sday, smonth, syear, sdayofweek; + int emin, ehour, eday, emonth, eyear, edayofweek; + + Interval *interval=compiler->getFirstWhen(r); + assert(interval!=NULL); + + interval->getStartTime( &smin, &shour, &sday, &smonth, &syear, &sdayofweek); + interval->getEndTime( &emin, &ehour, &eday, &emonth, &eyear, &edayofweek); + + ostr << "-m time "; + + if (shour<0) shour=0; + if (smin<0) smin=0; + + if (ehour<0) ehour=23; + if (emin<0) emin=59; + + bool use_timestart_timestop = true; + + if (sday>0 && smonth>0 && syear>0) + { + ostr << "--datestart " + << setw(2) << setfill('0') << syear << ":" + << setw(2) << setfill('0') << smonth << ":" + << setw(2) << setfill('0') << sday << ":" + << setw(2) << setfill('0') << shour << ":" + << setw(2) << setfill('0') << smin << ":00 "; + use_timestart_timestop = false; + } + + if (eday>0 && emonth>0 && eyear>0) + { + ostr << "--datestop " + << setw(2) << setfill('0') << syear << ":" + << setw(2) << setfill('0') << smonth << ":" + << setw(2) << setfill('0') << sday << ":" + << setw(2) << setfill('0') << ehour << ":" + << setw(2) << setfill('0') << emin << ":00 "; + use_timestart_timestop = false; + } + + + if (use_timestart_timestop ) + { + ostr << " --timestart " + << setw(2) << setfill('0') << shour << ":" + << setw(2) << setfill('0') << smin << " "; + ostr << " --timestop " + << setw(2) << setfill('0') << ehour << ":" + << setw(2) << setfill('0') << emin << " "; + + if (sdayofweek<0) sdayofweek=0; + if (sdayofweek>6) sdayofweek=6; + + // if both start and end day are -1, need to + // generate "sun,mon,tue,wed,thu,fri,sat" + if (edayofweek<0) edayofweek=6; + if (edayofweek>6) edayofweek=6; + + ostr << " --days "; + first=true; + + bool inside_interval = false; + int day=0; + while (1) + { + if (!inside_interval && day==sdayofweek) inside_interval=true; + if (inside_interval) + { + if (!first) ostr << ","; + first=false; + ostr << daysofweek[day]; + // if sdayofweek==edayofweek print one day + if (day==edayofweek) break; + } + if (++day>6) day=0; + } + } + + return ostr.str(); +} + +PolicyCompiler_ipt::PrintRule::PrintRule(const std::string &name) : PolicyRuleProcessor(name) +{ + init=true; + print_once_on_top=true; + + chains["INPUT"] =true; + chains["OUTPUT"] =true; + chains["FORWARD"] =true; + chains["PREROUTING"] =true; + chains["POSTROUTING"] =true; + chains["RETURN"] =true; + chains["LOG"] =true; + chains["ACCEPT"] =true; + chains["DROP"] =true; + chains["REJECT"] =true; + chains["MARK"] =true; + chains["CONNMARK"] =true; + chains["QUEUE"] =true; + chains["CLASSIFY"] =true; + chains["CUSTOM"] =true; + chains["ROUTE"] =true; +} + +bool PolicyCompiler_ipt::PrintRule::processNext() +{ + PolicyCompiler_ipt *ipt_comp=dynamic_cast(compiler); + PolicyRule *rule =getNext(); + if (rule==NULL) return false; + + tmp_queue.push_back(rule); + + compiler->output << _printRuleLabel(rule); + compiler->output << _createChain(rule->getStr("ipt_chain")); + compiler->output << _createChain(rule->getStr("ipt_target")); + compiler->output + << dynamic_cast(compiler->osconfigurator)->printRunTimeWrappers( rule, PolicyRuleToString(rule) ); + + return true; +} + +string PolicyCompiler_ipt::PrintRule::PolicyRuleToString(PolicyRule *rule) +{ + FWOptions *ruleopt =rule->getOptionsObject(); + FWObject *ref; + + RuleElementSrc *srcrel=rule->getSrc(); + ref=srcrel->front(); + Address *src=Address::cast(FWReference::cast(ref)->getPointer()); + if(src==NULL) + throw FWException(_("Broken SRC in ")+rule->getLabel()); + + RuleElementDst *dstrel=rule->getDst(); + ref=dstrel->front(); + Address *dst=Address::cast(FWReference::cast(ref)->getPointer()); + if(dst==NULL) + throw FWException(_("Broken DST in ")+rule->getLabel()); + + RuleElementSrv *srvrel=rule->getSrv(); + ref=srvrel->front(); + Service *srv=Service::cast(FWReference::cast(ref)->getPointer()); + if(srv==NULL) + throw FWException(_("Broken SRV in ")+rule->getLabel()); + + + std::ostringstream command_line; + + command_line << _startRuleLine(); + + command_line << _printChain(rule); + command_line << _printDirectionAndInterface(rule); + command_line << _printProtocol(srv); + command_line << _printMultiport(rule); + + if (!src->isAny()) + { + string physaddress=""; + + if (physAddress::isA(src)) + physaddress= physAddress::cast(src)->getPhysAddress(); + + if (combinedAddress::isA(src)) + physaddress= combinedAddress::cast(src)->getPhysAddress(); + + if ( ! physaddress.empty()) + { + command_line << " -m mac --mac-source " << _printSingleObjectNegation(srcrel); + command_line << physaddress; + } +/* + * fool-proof: this is last resort check for situation when user created IPv4 object + * for the interface but left it with empty address ( 0.0.0.0 ). + */ + if ( ! physaddress.empty() && src->getAddress()==IPAddress("0.0.0.0")) + { + ; + } else + { + command_line << " -s " << _printSingleObjectNegation(srcrel); + command_line << _printAddr(src); + } + } + command_line << _printSrcService(srvrel); + + if (!dst->isAny()) + { + command_line << " -d " << _printSingleObjectNegation(dstrel); + command_line << _printAddr(dst); + } + command_line << _printDstService(srvrel); + +/* keeping state does not apply to deny/reject + however some rules need state check even if action is Deny + + + autoupgrade transformation 2.1.11 -> 2.1.12 adds rule option + 'stateless=True' for rules with action NOT 'Accept', 'Tag' or + 'Route'. No need to check action here, just rely on this option + and internal flag 'force_state_check' (05/07/07 --vk) +*/ + if (!ruleopt->getBool("stateless") || rule->getBool("force_state_check") ) + { + /* + * But not, when the line already contains a state matching + */ + if (command_line.str().find("-m state --state", 0) == string::npos) + command_line << " -m state --state NEW "; + } + + command_line << _printTimeInterval(rule); + + command_line << _printModules(rule); + command_line << _printTarget(rule); + + command_line << _endRuleLine(); + +// command_line << endl; + + return command_line.str(); +} + +string PolicyCompiler_ipt::PrintRule::_declareTable() +{ + return ""; +} + +string PolicyCompiler_ipt::PrintRule::_flushAndSetDefaultPolicy() +{ + PolicyCompiler_ipt *ipt_comp = dynamic_cast(compiler); + FWOptions *fwopt = compiler->getCachedFwOpt(); + ostringstream res; + +// if (ipt_comp->my_table=="filter") +// { + res << "$IPTABLES -P OUTPUT DROP" << endl; + res << "$IPTABLES -P INPUT DROP" << endl; + res << "$IPTABLES -P FORWARD DROP" << endl; + + if ( ! fwopt->getBool("no_ipv6_default_policy") ) + { + /* + * test if ip6tables is installed and if it works. It may be installed + * on the system but fail because ipv6 is not compiled into the + * kernel. + */ + res << "ip6tables -L -n > /dev/null 2>&1 && {" << endl; + res << " ip6tables -P OUTPUT DROP" << endl; + res << " ip6tables -P INPUT DROP" << endl; + res << " ip6tables -P FORWARD DROP" << endl; + res << " ip6tables -A INPUT -i lo -j ACCEPT " << endl; + res << " ip6tables -A OUTPUT -o lo -j ACCEPT " << endl; + res << "}" << endl; + res << endl; + } +/* + * need to flush all tables and chains before setting up any rules + */ + res << "\n\ +\n\ +cat /proc/net/ip_tables_names | while read table; do\n\ + $IPTABLES -t $table -L -n | while read c chain rest; do\n\ + if test \"X$c\" = \"XChain\" ; then\n\ + $IPTABLES -t $table -F $chain\n\ + fi\n\ + done\n\ + $IPTABLES -t $table -X\n\ +done\n\ +\n"; + res << endl; +// } + return res.str(); +} + +string PolicyCompiler_ipt::PrintRule::_commit() +{ + return ""; +} + +string PolicyCompiler_ipt::PrintRule::_printOptionalGlobalRules() +{ + PolicyCompiler_ipt *ipt_comp=dynamic_cast(compiler); + ostringstream res; + +/* + * bug #1092141: "irritating FORWARD rule for established connections" + * Need rules in FORWARD chain only if ip forwarding is on or set to + * "no change" + */ + bool ipforward=false; + string s=compiler->getCachedFwOpt()->getStr("linux24_ip_forward"); + ipforward= (s.empty() || s=="1" || s=="On" || s=="on"); + + if ( compiler->getCachedFwOpt()->getBool("accept_established") && + ipt_comp->my_table=="filter") + { + res << _startRuleLine() + << "INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT" + << _endRuleLine(); + + res << _startRuleLine() + << "OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT" + << _endRuleLine(); + + if (ipforward) + res << _startRuleLine() + << "FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT" + << _endRuleLine(); + + res << endl; + } + +/* + * it helps to add backup ssh access rule as early as possible so that + * ssh session opened from the management station won't break after + * all chains are flushed. The installation process may stall if + * stdout buffer gets filled with diagnostic or progress output from + * this script printed after chains are flushed but before a rule + * permitting ssh is installed. This may happen if script debugging is + * on or there are many NAT rules (so it prints a lot of "Rule NN + * (NAT)" lines). + */ + if ( compiler->getCachedFwOpt()->getBool("mgmt_ssh") && + ! compiler->getCachedFwOpt()->getStr("mgmt_addr").empty() ) + { + string addr = compiler->getCachedFwOpt()->getStr("mgmt_addr"); + res << "# backup ssh access" << endl; + res << "#" << endl; +/* bug #1106701: 'backup ssh access' and statefulness interation + * Need to add rules with ESTABLISHED and RELATED to make sure backup ssh access + * works even when global rule that accepts ESTABLISHED and RELATED is disabled + */ + res << _startRuleLine() << "INPUT -p tcp -m tcp -s " + << addr + << " --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT" + << _endRuleLine(); + + res << _startRuleLine() << "OUTPUT -p tcp -m tcp -d " + << addr + << " --sport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT" + << _endRuleLine(); + + res << endl; + } + + if ( compiler->getCachedFwOpt()->getBool("clamp_mss_to_mtu") && ipforward) + { + res << _startRuleLine() + << "FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu" + << _endRuleLine(); + + res << endl; + } + + if ( ! compiler->getCachedFwOpt()->getBool("accept_new_tcp_with_no_syn") ) + { + res << "# drop TCP sessions opened prior firewall restart" + << endl; + + res << "#" << endl; + + res << _startRuleLine() + << "INPUT -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j DROP" + << _endRuleLine(); + + res << _startRuleLine() + << "OUTPUT -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j DROP" + << _endRuleLine(); + + if (ipforward) + res << _startRuleLine() + << "FORWARD -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j DROP" + << _endRuleLine(); + + res << endl; + } + + if ( compiler->getCachedFwOpt()->getBool("drop_invalid") ) + { + res << "# drop packets that do not match any valid state " + << endl; + res << "#" << endl; + + if ( !compiler->getCachedFwOpt()->getBool("log_invalid")) + { + res << _startRuleLine() + << "OUTPUT -m state --state INVALID -j DROP" + << _endRuleLine(); + + res << _startRuleLine() + << "INPUT -m state --state INVALID -j DROP" + << _endRuleLine(); + + if (ipforward) + res << _startRuleLine() + << "FORWARD -m state --state INVALID -j DROP" + << _endRuleLine(); + } else + { + res << _createChain("drop_invalid"); + + res << _startRuleLine() + << "OUTPUT -m state --state INVALID -j drop_invalid" + << _endRuleLine(); + + res << _startRuleLine() + << "INPUT -m state --state INVALID -j drop_invalid" + << _endRuleLine(); + + if (ipforward) + res << _startRuleLine() + << "FORWARD -m state --state INVALID -j drop_invalid" + << _endRuleLine(); + + + res << _startRuleLine(); + + + if (compiler->getCachedFwOpt()->getBool("use_ULOG")) + { + string s = compiler->getCachedFwOpt()->getStr("ulog_nlgroup"); + + res << "drop_invalid -j ULOG "; + + if (!s.empty()) + res << "--ulog-nlgroup " << s << " "; + + int r; + if ((r = compiler->getCachedFwOpt()->getInt("ulog_cprange"))!=0) + res << "--ulog-cprange " << r << " "; + + if ((r = compiler->getCachedFwOpt()->getInt("ulog_qthreshold"))!=0) + res << " --ulog-qthreshold " << r << " "; + + res << "--ulog-prefix "; + + } else { + res << "drop_invalid -j LOG " + << "--log-level debug --log-prefix "; + } + + string s = compiler->getCachedFwOpt()->getStr("log_prefix"); + if (s.empty()) + s = "INVALID state -- DENY "; + + res << _printLogPrefix("-1", "DENY","global","drop_invalid","BLOCK INVALID",s) + << _endRuleLine() + << _startRuleLine() << "drop_invalid -j DROP" << _endRuleLine(); + + } + res << endl; + } + + return res.str(); +} + +string PolicyCompiler_ipt::PrintRule::_quote(const string &s) +{ + return "\"" + s + "\""; +} + + diff --git a/src/ipt/PolicyCompiler_PrintRuleIptRst.cpp b/src/ipt/PolicyCompiler_PrintRuleIptRst.cpp new file mode 100644 index 000000000..358de9457 --- /dev/null +++ b/src/ipt/PolicyCompiler_PrintRuleIptRst.cpp @@ -0,0 +1,158 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: PolicyCompiler_PrintRuleIptRst.cpp 1054 2006-06-05 04:53:22Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "PolicyCompiler_ipt.h" + +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Rule.h" +#include "fwbuilder/Resources.h" + +#include +#if __GNUC__ > 3 || \ + (__GNUC__ == 3 && (__GNUC_MINOR__ > 2 || (__GNUC_MINOR__ == 2 ) ) ) || \ + _MSC_VER +# include +#else +# include +#endif +#include +#include +#include + +#include + +using namespace libfwbuilder; +using namespace fwcompiler; +using namespace std; + + + +/** + *----------------------------------------------------------------------- + * Methods for printing + */ + +/* + * check and create new chain if needed + */ +string PolicyCompiler_ipt::PrintRuleIptRst::_createChain(const string &chain) +{ + string res; + if ( ! chains[chain] ) + { + res = ":" + chain + " - [0:0]\n"; + chains[chain]=true; + } + return res; +} + +string PolicyCompiler_ipt::PrintRuleIptRst::_startRuleLine() +{ + return string("-A "); +} + +string PolicyCompiler_ipt::PrintRuleIptRst::_endRuleLine() +{ + return string("\n"); +} + +string PolicyCompiler_ipt::PrintRuleIptRst::_printRuleLabel(PolicyRule *rule) +{ + ostringstream res; + + bool nocomm=Resources::os_res[compiler->fw->getStr("host_OS")]->Resources::getResourceBool("/FWBuilderResources/Target/options/suppress_comments"); + + string rl=rule->getLabel(); + if (rl!=current_rule_label) + { + if (!nocomm) + { + res << "# " << endl; + res << "# Rule " << rl << endl; + res << "# " << endl; + } + +/* do not put comment in the script if it is intended for linksys */ + if (!nocomm) + { + string comm=rule->getComment(); + string::size_type c1,c2; + c1=0; + while ( (c2=comm.find('\n',c1))!=string::npos ) { + res << "# " << comm.substr(c1,c2-c1) << endl; + c1=c2+1; + } + res << "# " << comm.substr(c1) << endl; + res << "# " << endl; + } + current_rule_label=rl; + } + return res.str(); +} + +bool PolicyCompiler_ipt::PrintRuleIptRst::processNext() +{ + if (print_once_on_top) + { + + print_once_on_top=false; + } + + return PolicyCompiler_ipt::PrintRule::processNext(); +} + +string PolicyCompiler_ipt::PrintRuleIptRst::_declareTable() +{ + PolicyCompiler_ipt *ipt_comp=dynamic_cast(compiler); + ostringstream res; + + res << "*" << ipt_comp->my_table << endl; + + return res.str(); +} + +string PolicyCompiler_ipt::PrintRuleIptRst::_flushAndSetDefaultPolicy() +{ + PolicyCompiler_ipt *ipt_comp=dynamic_cast(compiler); + ostringstream res; + + res << ":INPUT DROP [0:0]" << endl; + res << ":FORWARD DROP [0:0]" << endl; + res << ":OUTPUT DROP [0:0]" << endl; + + return res.str(); +} + +string PolicyCompiler_ipt::PrintRuleIptRst::_commit() +{ + return "COMMIT\n"; +} + + +string PolicyCompiler_ipt::PrintRuleIptRst::_quote(const string &s) +{ + return "\"" + s + "\""; +} + diff --git a/src/ipt/PolicyCompiler_PrintRuleIptRstEcho.cpp b/src/ipt/PolicyCompiler_PrintRuleIptRstEcho.cpp new file mode 100644 index 000000000..5a37266da --- /dev/null +++ b/src/ipt/PolicyCompiler_PrintRuleIptRstEcho.cpp @@ -0,0 +1,124 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: PolicyCompiler_PrintRuleIptRstEcho.cpp 1054 2006-06-05 04:53:22Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "PolicyCompiler_ipt.h" + +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Rule.h" +#include "fwbuilder/Resources.h" + +#include +#if __GNUC__ > 3 || \ + (__GNUC__ == 3 && (__GNUC_MINOR__ > 2 || (__GNUC_MINOR__ == 2 ) ) ) || \ + _MSC_VER +# include +#else +# include +#endif +#include +#include +#include + +#include + +using namespace libfwbuilder; +using namespace fwcompiler; +using namespace std; + + + +/** + *----------------------------------------------------------------------- + * Methods for printing + */ + +/* + * check and create new chain if needed + */ +string PolicyCompiler_ipt::PrintRuleIptRstEcho::_createChain(const string &chain) +{ + string res; + if ( ! chains[chain] ) + { + res = "echo \":" + chain + " - [0:0]\"\n"; + chains[chain]=true; + } + return res; +} + +string PolicyCompiler_ipt::PrintRuleIptRstEcho::_startRuleLine() +{ + return string("echo \"-A "); +} + +string PolicyCompiler_ipt::PrintRuleIptRstEcho::_endRuleLine() +{ + return string("\"\n"); +} + +bool PolicyCompiler_ipt::PrintRuleIptRstEcho::processNext() +{ + if (print_once_on_top) + { + + print_once_on_top=false; + } + + return PolicyCompiler_ipt::PrintRule::processNext(); +} + +string PolicyCompiler_ipt::PrintRuleIptRstEcho::_declareTable() +{ + PolicyCompiler_ipt *ipt_comp=dynamic_cast(compiler); + ostringstream res; + + res << "echo '*" << ipt_comp->my_table << "'" << endl; + + return res.str(); +} + +string PolicyCompiler_ipt::PrintRuleIptRstEcho::_flushAndSetDefaultPolicy() +{ + PolicyCompiler_ipt *ipt_comp=dynamic_cast(compiler); + ostringstream res; + + res << "echo :INPUT DROP [0:0]" << endl; + res << "echo :FORWARD DROP [0:0]" << endl; + res << "echo :OUTPUT DROP [0:0]" << endl; + + return res.str(); +} + +string PolicyCompiler_ipt::PrintRuleIptRstEcho::_commit() +{ + return "echo COMMIT\n"; +} + + +string PolicyCompiler_ipt::PrintRuleIptRstEcho::_quote(const string &s) +{ + return "\\\"" + s + "\\\""; +} + diff --git a/src/ipt/PolicyCompiler_ipt.cpp b/src/ipt/PolicyCompiler_ipt.cpp new file mode 100644 index 000000000..c46de46c6 --- /dev/null +++ b/src/ipt/PolicyCompiler_ipt.cpp @@ -0,0 +1,4103 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: PolicyCompiler_ipt.cpp 1451 2007-12-09 23:53:22Z vk $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" + +#include "PolicyCompiler_ipt.h" +#include "OSConfigurator_linux24.h" + +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/CustomService.h" +#include "fwbuilder/TagService.h" +#include "fwbuilder/Policy.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/IPv4.h" +#include "fwbuilder/physAddress.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Network.h" +#include "fwbuilder/AddressTable.h" +#include "fwbuilder/DNSName.h" + +#include "combinedAddress.h" + +#include + +#include +#if __GNUC__ > 3 || \ + (__GNUC__ == 3 && (__GNUC_MINOR__ > 2 || (__GNUC_MINOR__ == 2 ) ) ) || \ + _MSC_VER +# include +#else +# include +#endif +#include +#include +#include + +#include + +using namespace libfwbuilder; +using namespace fwcompiler; +using namespace std; + +static int chain_no=0; + +static std::map tmp_chain_no; + +string PolicyCompiler_ipt::myPlatformName() { return "iptables"; } + +string PolicyCompiler_ipt::getInterfaceVarName(FWObject *iface) +{ + ostringstream ostr; + string iname = iface->getName(); + string::size_type p1; + while ( (p1=iname.find("."))!=string::npos) + iname=iname.replace(p1,1,"_"); + ostr << "i_" << iname; + return ostr.str(); +} + +string PolicyCompiler_ipt::getAddressTableVarName(FWObject *at) +{ + ostringstream ostr; + string name=at->getName(); + string::size_type p1; + char *bad_shell_chars = " !#$&*()-+=\\|{}[]?<>,."; + for (char *cptr=bad_shell_chars; *cptr; cptr++) + { + while ( (p1=name.find(*cptr))!=string::npos) + name=name.replace(p1,1,"_"); + } + ostr << "at_" << name; + return ostr.str(); +} + +string PolicyCompiler_ipt::getNewTmpChainName(PolicyRule *rule) +{ + std::ostringstream str; + string chain_id = rule->getUniqueId(); + int n = tmp_chain_no[chain_id]; + + str << "C" << chain_id; + str << "." << setw(1) << setfill('0') << n; + + n++; + tmp_chain_no[chain_id]=n; + return str.str(); + + +#if 0 + std::ostringstream str; + str << "ptmp" << setw(3) << setfill('0') << chain_no; + chain_no++; + return str.str(); +#endif +} + +string PolicyCompiler_ipt::getNewChainName(PolicyRule *rule,Interface *rule_iface) +{ + std::ostringstream str; + +/* if interface name ends with '*', this is a wildcard interface. We + * do not want '*' to get incorporated into the chain name, so we + * replace it with '_' */ + + if (rule_iface) + { + string iface_name=rule_iface->getName(); + string::size_type n=iface_name.find("*"); + str << iface_name.substr(0,n) << "_"; + } + + switch (rule->getDirection()) { + case PolicyRule::Inbound: str << "In_"; break; + case PolicyRule::Outbound: str << "Out_"; break; + default: ; + } + int pos=rule->getPosition(); + + // parent_rule_num is set by processor "Branching" for branch rules + string ppos = rule->getStr("parent_rule_num"); + + str << "RULE_"; + if (ppos != "") + str << ppos << "_"; + if (pos>=0) + str << pos; + else // special case: position == -1 + str << "000"; + + string suffix=rule->getStr("subrule_suffix"); + if (!suffix.empty()) str << "_" << suffix; + + chain_no++; + + return str.str(); +} + +void PolicyCompiler_ipt::_expandInterface(Interface *iface, + std::list &ol) +{ + std::list ol1; + + std::list lipv4; + std::list lother; + physAddress *pa=NULL; + + Compiler::_expandInterface(iface,ol1); +/* + cerr << "PolicyCompiler_ipt::_expandInterface"; + cerr << " iface->name=" << iface->getName(); + cerr << " iface->id=" << iface->getId(); + cerr << " ol1.size=" << ol1.size() << endl; +*/ + for (std::list::iterator j=ol1.begin(); j!=ol1.end(); j++) + { +/* + cerr << " (*j)->name=" << (*j)->getName(); + cerr << " (*j)->parent->name=" << (*j)->getParent()->getName(); + cerr << " (*j)->parent->id=" << (*j)->getParent()->getId(); + cerr << endl; +*/ + if (IPv4::cast(*j)!=NULL) { lipv4.push_back(*j); continue; } + if (physAddress::cast(*j)!=NULL) { pa=physAddress::cast(*j); continue; } + lother.push_back(*j); + } + +/* + * if pa==NULL then this is trivial case: there is no physical address + */ + if (pa==NULL) + { + ol.insert(ol.end(),ol1.begin(),ol1.end()); + return; + } + +/* At this point we have physAddress object and have to deal with it + * + * Compiler::_expandInterface picks all IPv4 objects and physAddress + * object under Interface; it can also add interface object(s) to + * the list. + * + * We have two possibilities now: there could be IPv4 objects or + * not. In either case list ol1 may contain also interface object(s). + * If there are IPv4 objects, we replace them with combinedAddress + * objects which store information about IPv4 address and physAddress pa. + * If there were no IPv4 objects, then we pass physAddress along. + * We always copy interface objects to the output list. + * + * + * + * we use physAddress only if Host option "use_mac_addr_filter" of the + * parent Host object is true + */ + FWObject *p; + FWOptions *hopt; + p=iface->getParent(); + bool use_mac= (Host::cast(p)!=NULL && + (hopt=Host::cast(p)->getOptionsObject())!=NULL && + hopt->getBool("use_mac_addr_filter") ); + + + + if (lipv4.empty()) ol.push_back(pa); + else + { + for (std::list::iterator j=lipv4.begin(); j!=lipv4.end(); j++) + { + IPv4 *ipv4=IPv4::cast(*j); + if (use_mac) + { + combinedAddress *ca=new combinedAddress(); + dbcopy->add(ca); + cacheObj(ca); + ca->setName( "CA("+iface->getName()+")" ); + ca->setAddress( ipv4->getAddress() ); + ca->setNetmask( ipv4->getNetmask() ); + ca->setPhysAddress( pa->getPhysAddress() ); + ol.push_back(ca); + } else + ol.push_back(ipv4); + } + } + ol.insert(ol.end(),lother.begin(),lother.end()); +} + +string PolicyCompiler_ipt::getActionOnReject(PolicyRule *rule) +{ + FWOptions *ruleopt =rule->getOptionsObject(); + return ruleopt->getStr("action_on_reject"); +} + +bool PolicyCompiler_ipt::isActionOnRejectTCPRST(PolicyRule *rule) +{ + string s=getActionOnReject(rule); + return ( ! s.empty() && s.find("TCP ")!=string::npos ); +} + +/* + * resets rule option "action_on_reject" so it won't be TCP RST + * Algorithm: + * + * if global option "action_on_reject" is not empty + * if global option is TCP RST + * set rule option value to "none" + * else + * copy value from global option to rule option + * else + * set rule option value to "none" + * + * + */ +void PolicyCompiler_ipt::resetActionOnReject(PolicyRule *rule) +{ + FWOptions *ruleopt =rule->getOptionsObject(); + string go=getCachedFwOpt()->getStr("action_on_reject"); + + if (!go.empty()) + { + if ( go.find("TCP ")!=string::npos ) + { + ruleopt->setStr("action_on_reject","NOP"); // hack. + } else + { + ruleopt->setStr("action_on_reject",go); + } + } else + ruleopt->setStr("action_on_reject","none"); // hack. +} + +int PolicyCompiler_ipt::prolog() +{ + if (fw->getStr("platform")!="iptables") + abort(_("Unsupported platform ") + fw->getStr("platform") ); + + int n= PolicyCompiler::prolog(); + + Service *anytcp, *anyudp, *anyicmp, *anyip; + Address *bcast255; + TCPService *tcpsyn; + + anytcp=Service::cast(dbcopy->create(TCPService::TYPENAME) ); + anytcp->setId(ANY_TCP_OBJ_ID); + anytcp->setName("AnyTCP"); + dbcopy->add(anytcp); + cacheObj(anytcp); // to keep cache consistent + + tcpsyn=TCPService::cast(dbcopy->create(TCPService::TYPENAME) ); + tcpsyn->setId(TCP_SYN_OBJ_ID); + tcpsyn->setName("tcpSYN"); + tcpsyn->setTCPFlag(TCPService::SYN,true); + tcpsyn->setAllTCPFlagMasks(); + dbcopy->add(tcpsyn); + cacheObj(tcpsyn); // to keep cache consistent + + anyudp=Service::cast(dbcopy->create(UDPService::TYPENAME) ); + anyudp->setId(ANY_UDP_OBJ_ID); + anyudp->setName("AnyUDP"); + dbcopy->add(anyudp); + cacheObj(anyudp); // to keep cache consistent + + anyicmp=Service::cast(dbcopy->create(ICMPService::TYPENAME) ); + anyicmp->setId(ANY_ICMP_OBJ_ID); + anyicmp->setName("AnyICMP"); + dbcopy->add(anyicmp); + cacheObj(anyicmp); // to keep cache consistent + + anyip=Service::cast(dbcopy->create(IPService::TYPENAME) ); + anyip->setId(ANY_IP_OBJ_ID); + anyip->setName("AnyIP"); + dbcopy->add(anyip); + cacheObj(anyip); // to keep cache consistent + + bcast255=Address::cast(dbcopy->create(IPv4::TYPENAME) ); + bcast255->setId(BCAST_255_OBJ_ID); + bcast255->setName("Broadcast_addr"); + bcast255->setAddress("255.255.255.255"); + bcast255->setNetmask("255.255.255.255"); + dbcopy->add(bcast255); + cacheObj(bcast255); + + + FWOptions *fwopt = getCachedFwOpt(); + bool afpa = fwopt->getBool("firewall_is_part_of_any_and_networks"); + + for(FWObject::iterator i=combined_ruleset->begin(); + i!=combined_ruleset->end(); i++) + { + Rule *r = Rule::cast( *i ); + if (r->isDisabled()) continue; + + FWOptions *ruleopt = r->getOptionsObject(); + ruleopt->setBool("firewall_is_part_of_any_and_networks", + afpa | ruleopt->getBool("firewall_is_part_of_any_and_networks")); + } + +#if 0 +/* + * set up backup ssh access to the firewall if told to do so + */ + if (fwopt->getBool("mgmt_ssh") && !fwopt->getStr("mgmt_addr").empty()) + { + string addr = options->getStr("mgmt_addr"); + output << "$IPTABLES -A INPUT -p tcp -s " << addr << " --destination-port 22 -m state --state NEW -j ACCEPT" << endl; + } +#endif + + + return n; +} + +void PolicyCompiler_ipt::addPredefinedPolicyRules() +{ +} + +/* + * if rule is associated with multiple interfaces we split it to check + * for interfaces first and then do the rest in the common + * user-defined chain. If the rule also has negation, this + * optimization leads to a useless command that bounces from one + * user-defined chain to another, like this: + * + * $IPTABLES -A Cid433D045026912.0 -j Cid433D045026912.1 + * + * This needs to be fixed. + */ + +#if 0 +bool PolicyCompiler_ipt::InterfacePolicyRulesWithOptimization::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementItf *itfre=rule->getItf(); assert(itfre); + if (itfre->isAny()) + { + rule->setInterfaceId(""); + tmp_queue.push_back(rule); + return true; + } + if (itfre->size()==1) + { + Interface *itf = compiler->getFirstItf(rule); assert(itf); + rule->setInterfaceId( itf->getId() ); + tmp_queue.push_back(rule); + return true; + } else + { + RuleElementSrc *nsrc; + RuleElementDst *ndst; + RuleElementSrv *nsrv; + RuleElementItf *nitfre; + PolicyRule *r; + FWOptions *ruleopt; + string this_chain =rule->getStr("ipt_chain"); + string new_chain =PolicyCompiler_ipt::getNewTmpChainName(rule); + + for (FWObject::iterator i=itfre->begin(); i!=itfre->end(); ++i) + { + FWObject *o=*i; + if (FWReference::cast(o)!=NULL) + o=FWReference::cast(o)->getPointer(); + + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setStr("subrule_suffix","i1"); + r->setLogging(false); + r->setStr("ipt_target",new_chain); + ruleopt =r->getOptionsObject(); + ruleopt->setInt("limit_value",-1); + ruleopt->setInt("limit_value",-1); + ruleopt->setInt("connlimit_value",-1); + ruleopt->setInt("hashlimit_value",-1); + r->setInterfaceId(o->getId()); + nsrc=r->getSrc(); nsrc->reset(); + ndst=r->getDst(); ndst->reset(); + nsrv=r->getSrv(); nsrv->reset(); + nitfre=r->getItf(); nitfre->reset(); + nitfre->addRef(o); + tmp_queue.push_back(r); + } + itfre->reset(); + ruleopt =rule->getOptionsObject(); + ruleopt->setBool("stateless",true); + rule->setDirection(PolicyRule::Both); + rule->setStr("ipt_chain",new_chain); + rule->setStr("upstream_rule_chain",this_chain); + tmp_queue.push_back(rule); + } + return true; +} +#endif + +bool PolicyCompiler_ipt::SkipActionContinueWithNoLogging::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + if ( ! rule->getStr("ipt_target").empty() && + rule->getStr("ipt_target") == "CONTINUE" && + ! rule->getLogging()) return true; // skip this rule + + tmp_queue.push_back(rule); + return true; +} + +/* + * This rule processor converts non-terminating targets CLASSIFY and + * MARK to terminating targets (equivalent) by splitting the rule and + * adding one more rule with target ACCEPT. + * + * Call this rule processor at the very end of the chain when all + * splits are done and target is set via "ipt_target" + */ +bool PolicyCompiler_ipt::splitNonTerminatingTargets::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + string tgt = rule->getStr("ipt_target"); + FWOptions *ruleopt = rule->getOptionsObject(); + + if (compiler->fw->getOptionsObject()->getBool("classify_mark_terminating") && + !ruleopt->getBool("already_terminating_target") && + (tgt=="CLASSIFY" || tgt=="MARK")) + { + RuleElementSrc *nsrc; + RuleElementDst *ndst; + RuleElementSrv *nsrv; + RuleElementItf *nitfre; + PolicyRule *r, *r2; + + string this_chain = rule->getStr("ipt_chain"); + string new_chain = this_chain; + + nsrc = rule->getSrc(); + ndst = rule->getDst(); + nsrv = rule->getSrv(); + nitfre = rule->getItf(); + + if (!nsrc->isAny() || + !ndst->isAny() || + !nsrv->isAny() || + !nitfre->isAny()) + { + new_chain =PolicyCompiler_ipt::getNewTmpChainName(rule); + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setStr("subrule_suffix","ntt"); + r->setStr("ipt_target",new_chain); + tmp_queue.push_back(r); + } + + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + nsrc = r->getSrc(); nsrc->reset(); + ndst = r->getDst(); ndst->reset(); + nsrv = r->getSrv(); nsrv->reset(); + nitfre = r->getItf(); nitfre->reset(); + r->setInterfaceId(""); + ruleopt = r->getOptionsObject(); + ruleopt->setInt("limit_value",-1); + ruleopt->setInt("limit_value",-1); + ruleopt->setInt("connlimit_value",-1); + ruleopt->setInt("hashlimit_value",-1); + ruleopt->setBool("stateless",true); + r->setLogging(false); + r->setStr("ipt_chain",new_chain); + r->setStr("upstream_rule_chain",this_chain); + tmp_queue.push_back(r); + + r2= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r2); + r2->duplicate(r); + r2->setAction(PolicyRule::Accept); + r2->setStr("ipt_target","ACCEPT"); + ruleopt = r2->getOptionsObject(); + ruleopt->setBool("stateless",true); + tmp_queue.push_back(r2); + + return true; + } + + tmp_queue.push_back(rule); + return true; +} + +// this version just splits rule so that each elementary rule is associated +// with one interface. + +bool PolicyCompiler_ipt::InterfacePolicyRulesWithOptimization::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementItf *itfre=rule->getItf(); assert(itfre); + if (itfre->isAny()) + { + rule->setInterfaceId(""); + tmp_queue.push_back(rule); + return true; + } + RuleElementItf *nitfre; + PolicyRule *r; + + for (FWObject::iterator i=itfre->begin(); i!=itfre->end(); ++i) + { + FWObject *o=*i; + if (FWReference::cast(o)!=NULL) + o=FWReference::cast(o)->getPointer(); + + if (ObjectGroup::isA(o)) + { + // a group in "interface" rule element. GUI checks that only + // interfaces are allowed in such group, but we should check anyway. + for (FWObject::iterator i=o->begin(); i!=o->end(); ++i) + { + FWObject *o1=*i; + if (FWReference::cast(o1)!=NULL) + o1=FWReference::cast(o1)->getPointer(); + if (!Interface::isA(o1)) + { + compiler->warning("Object '" + o1->getName() + "', which is not an interface, is a member of the group '" + o->getName() + "' used in 'Interface' element of a rule. Rule: " + rule->getLabel()); + continue; + } + r= PolicyRule::cast(compiler->dbcopy->create( + PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setStr("subrule_suffix","i1"); + r->setInterfaceId(o1->getId()); + nitfre=r->getItf(); nitfre->reset(); nitfre->addRef(o1); + tmp_queue.push_back(r); + } + } else + { + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setStr("subrule_suffix","i1"); + r->setInterfaceId(o->getId()); + nitfre=r->getItf(); nitfre->reset(); nitfre->addRef(o); + tmp_queue.push_back(r); + } + } + return true; +} + +void PolicyCompiler_ipt::Branching::expandBranch(PolicyRule *rule, + const string &parentRuleNum) +{ + std::ostringstream str; + + if (rule->getAction() == PolicyRule::Branch) + { + RuleSet *subset = rule->getBranch(); + if (subset==NULL) + { + compiler->abort( + _("Action 'Branch' but no branch policy in policy rule ") + +rule->getLabel()); + } + tmp_queue.push_back(rule); + + FWOptions *ropt = rule->getOptionsObject(); + string branchName = ropt->getStr("branch_name"); + rule->setStr("ipt_target",branchName); + string branchRuleLabelSuffix = string("branch head: ") + rule->getLabel(); + //string parentRuleNum = r->getStr("parent_rule_num"); + + string lbl; + + for (FWObject::iterator i=subset->begin(); i!=subset->end(); i++) + { + PolicyRule *r = PolicyRule::cast(*i); + if (r->isDisabled()) continue; + + RuleElementItf *itfre=r->getItf(); assert(itfre); + + if (itfre->isAny()) + { + lbl = rule->getLabel() + " / " + branchName + " " + + compiler->createRuleLabel("", + r->getPosition()); + r->setLabel(lbl); + } else + { + string interfaces = ""; + for (FWObject::iterator i=itfre->begin(); i!=itfre->end(); ++i) + { + FWObject *o=*i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + if (interfaces!="") interfaces += ","; + interfaces += o->getName(); + } + lbl = rule->getLabel() + " / " + branchName + " " + + compiler->createRuleLabel(interfaces, + r->getPosition()); + r->setLabel(lbl); + } + std::ostringstream str; + + r->setStr("parent_rule_num",parentRuleNum); + r->setStr("ipt_chain",branchName); + r->setUniqueId( r->getId() ); + + //tmp_queue.push_back(r); + str << parentRuleNum << "_" << r->getPosition(); + expandBranch(r, str.str() ); + } + subset->ref(); + rule->remove(subset); + + } else + tmp_queue.push_back(rule); + +} + +bool PolicyCompiler_ipt::Branching::processNext() +{ + std::ostringstream str; + + PolicyRule *rule=getNext(); if (rule==NULL) return false; + str << rule->getPosition(); + expandBranch( rule, str.str() ); + + return true; +} + + +bool PolicyCompiler_ipt::Route::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + FWOptions *ruleopt =rule->getOptionsObject(); + + if (rule->getAction() == PolicyRule::Route) + { + string iif,oif,gw; + iif = ruleopt->getStr("ipt_iif"); + oif = ruleopt->getStr("ipt_oif"); + gw = ruleopt->getStr("ipt_gw"); + + if (!iif.empty()) + { + rule->setStr("ipt_chain","PREROUTING"); + } + + if (!oif.empty() || !gw.empty()) + { + rule->setStr("ipt_chain","POSTROUTING"); + } + + if (ruleopt->getBool("ipt_tee")) + { + PolicyRule *r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setStr("ipt_chain","PREROUTING"); + tmp_queue.push_back(r); + + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setStr("ipt_chain","POSTROUTING"); + tmp_queue.push_back(r); + + return true; + } + + } + + tmp_queue.push_back(rule); + return true; +} + + +/* + * A note about CLASSIFY target in iptables: + * + * CLASSIFY only works in mangle table in POSTROUTING chain. + * the man page does not mention this, but module documentation + * in p-o-m says so. + * + * per bug #1618329: "Wrong in-code comment" this comment is incorrect, + * CLASSIFY target is valid in POSTROUTING, OUTPUT and FORWARD chains. + */ +bool PolicyCompiler_ipt::dropMangleTableRules::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + if (rule->getAction() == PolicyRule::Tag || + rule->getAction() == PolicyRule::Route || + rule->getAction() == PolicyRule::Classify) return true; + + tmp_queue.push_back(rule); + + return true; +} + + +bool PolicyCompiler_ipt::Logging1::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + if ( compiler->getCachedFwOpt()->getBool("log_all") ) + rule->setLogging(true); + + tmp_queue.push_back(rule); + + return true; +} + +bool PolicyCompiler_ipt::storeAction::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + rule->setStr("stored_action", rule->getActionAsString() ); + + tmp_queue.push_back(rule); + return true; +} + +/** + * splits rule if logging is required and either src or dst is + * not any + */ +bool PolicyCompiler_ipt::Logging2::processNext() +{ +// PolicyCompiler_ipt *ipt_comp=dynamic_cast(compiler); + PolicyRule *rule=getNext(); if (rule==NULL) return false; + Interface *rule_iface = compiler->getCachedFwInterface(rule->getInterfaceId()); + + RuleElementSrc *nsrc; + RuleElementDst *ndst; + RuleElementSrv *nsrv; + RuleElementInterval *nint; + RuleElementItf *nitfre; + + if (rule->getLogging()) + { +/*chain could have been assigned if we split this rule before */ + string this_chain =rule->getStr("ipt_chain"); + string new_chain=PolicyCompiler_ipt::getNewChainName(rule,rule_iface); + + PolicyRule *r; + FWOptions *ruleopt; + +/* + * if we are in the user-defined chain and src=dst=srv=int=any, then there is no + * need to create a sub-chain. Otherwise, create new chain and handle logging + * and actual original target there. + */ + bool need_new_chain = true; + + if (this_chain==new_chain && + rule->getSrc()->isAny() && + rule->getDst()->isAny() && + rule->getSrv()->isAny() && + (rule->getWhen())!=NULL && rule->getWhen()->isAny()) + { + need_new_chain = false; + } +/* + * add copy of original rule, but turn off logging and set target + * chain to new_chain. + */ + if (need_new_chain) + { + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + ruleopt =r->getOptionsObject(); + r->setStr("ipt_target",new_chain); + r->setLogging(false); + r->setAction(PolicyRule::Continue); // ### +// ruleopt->setInt("limit_value",-1); + tmp_queue.push_back(r); + } + +/* + * need to add two rules with the same rule_label, direction=both, no + * interface, no src, no srv and no dst. One of these new rules should + * have target = LOG and another should inherit action and therefore + * target from original rule. Both new rules go into chain new_chain. + * In both rules turn off stateful inspection. + * + * keep interface information in the first one to be able to process + * %I in log prefix + * + */ + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + ruleopt =r->getOptionsObject(); + nsrc=r->getSrc(); nsrc->reset(); + ndst=r->getDst(); ndst->reset(); + nsrv=r->getSrv(); nsrv->reset(); + nitfre=r->getItf(); nitfre->reset(); + if ( (nint=r->getWhen())!=NULL ) nint->reset(); + r->setStr("ipt_chain",new_chain); + r->setStr("upstream_rule_chain",this_chain); + r->setStr("ipt_target","LOG"); + r->setAction(PolicyRule::Continue); // ### + r->setDirection( PolicyRule::Both ); + r->setLogging(false); + ruleopt->setBool("stateless",true); + r->setBool("force_state_check",false); + ruleopt->setInt("limit_value",-1); + ruleopt->setInt("connlimit_value",-1); + ruleopt->setInt("hashlimit_value",-1); + tmp_queue.push_back(r); + + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + ruleopt =r->getOptionsObject(); + nsrc=r->getSrc(); nsrc->reset(); + ndst=r->getDst(); ndst->reset(); + if ( (nint=r->getWhen())!=NULL ) nint->reset(); + nitfre=r->getItf(); nitfre->reset(); +/* + * special case: need to preserve information about service protocol in case + * action_on_reject is TCP RST + */ + nsrv=r->getSrv(); + Service *srv= compiler->getFirstSrv(r); + if (TCPService::isA(srv)) + { + nsrv->clearChildren(); + nsrv->addRef(compiler->dbcopy->findInIndex(ANY_TCP_OBJ_ID)); + } + else + { + nsrv->reset(); + } + + r->setStr("ipt_chain",new_chain); + r->setStr("upstream_rule_chain",this_chain); + r->setInterfaceStr("nil"); + r->setDirection( PolicyRule::Both ); + r->setLogging(false); + ruleopt->setBool("stateless",true); + r->setBool("force_state_check",false); + r->setBool("final",true); + ruleopt->setInt("limit_value",-1); + ruleopt->setInt("connlimit_value",-1); + ruleopt->setInt("hashlimit_value",-1); + + tmp_queue.push_back(r); + } else + tmp_queue.push_back(rule); + + return true; +} + +bool PolicyCompiler_ipt::singleSrcNegation::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementSrc *srcrel=rule->getSrc(); + Address *src =compiler->getFirstSrc(rule); + +/* ! A B C ACTION */ + if (srcrel->getNeg() && srcrel->size()==1 && src!=NULL && + !compiler->complexMatch(src,compiler->fw)) + { + srcrel->setNeg(false); + srcrel->setBool("single_object_negation",true); + } + + tmp_queue.push_back(rule); + return true; +} + +bool PolicyCompiler_ipt::singleDstNegation::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementDst *dstrel=rule->getDst(); + Address *dst =compiler->getFirstDst(rule); + +/* A ! B C ACTION */ + if (dstrel->getNeg() && dstrel->size()==1 && dst!=NULL && + !compiler->complexMatch(dst,compiler->fw)) + { + dstrel->setNeg(false); + dstrel->setBool("single_object_negation",true); + } + + tmp_queue.push_back(rule); + return true; +} + +bool PolicyCompiler_ipt::singleSrvNegation::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementSrv *srvrel=rule->getSrv(); + Service *srv=compiler->getFirstSrv(rule); // need to make sure it is not a group + +/* A B ! C ACTION */ + if (srvrel->getNeg() && srvrel->size()==1 && srv!=NULL ) + { + srvrel->setNeg(false); + srvrel->setBool("single_object_negation",true); + } + + tmp_queue.push_back(rule); + return true; +} + + +bool PolicyCompiler_ipt::SrcNegation::processNext() +{ +// PolicyCompiler_ipt *ipt_comp=dynamic_cast(compiler); + PolicyRule *rule=getNext(); if (rule==NULL) return false; + FWOptions *ruleopt =rule->getOptionsObject(); + bool afpa = ruleopt->getBool("firewall_is_part_of_any_and_networks"); + + RuleElementSrc *srcrel=rule->getSrc(); + +/* ! A B C D ACTION */ + + if (srcrel->getNeg()) + { + PolicyRule *r; + RuleElementSrc *nsrc; + RuleElementDst *ndst; + RuleElementSrv *nsrv; + RuleElementInterval *nint; + RuleElementItf *nitf; + FWOptions *ruleopt; + +/*chain could have been assigned if we split this rule before */ + string this_chain =rule->getStr("ipt_chain"); + string new_chain =PolicyCompiler_ipt::getNewTmpChainName(rule); + srcrel->setNeg(false); + + rule->setBool("upstream_rule_neg",true); + +/* any B C D TMP_CHAIN */ + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setStr("subrule_suffix","1"); + nsrc=r->getSrc(); nsrc->reset(); + r->setLogging(false); + r->setStr("ipt_target",new_chain); + ruleopt =r->getOptionsObject(); + ruleopt->setInt("limit_value",-1); + ruleopt->setInt("limit_value",-1); + ruleopt->setInt("connlimit_value",-1); + ruleopt->setInt("hashlimit_value",-1); + ruleopt->setBool("firewall_is_part_of_any_and_networks",afpa); + tmp_queue.push_back(r); + +/* TMP_CHAIN A any any any RETURN */ + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setStr("subrule_suffix","2"); + + if (!shadowing_mode) + { + ndst=r->getDst(); ndst->reset(); + nsrv=r->getSrv(); nsrv->reset(); + nitf=r->getItf(); nitf->reset(); + if ( (nint=r->getWhen())!=NULL ) nint->reset(); + } + + r->setAction( PolicyRule::Return ); + r->setLogging(false); + r->setStr("ipt_chain",new_chain); + r->setStr("ipt_target",""); + r->setStr("upstream_rule_chain",this_chain); + ruleopt =r->getOptionsObject(); + ruleopt->setInt("limit_value",-1); + ruleopt->setInt("limit_value",-1); + ruleopt->setInt("connlimit_value",-1); + ruleopt->setInt("hashlimit_value",-1); + ruleopt->setBool("stateless",true); // ### + tmp_queue.push_back(r); + +/* TMP_CHAIN any any any any ACTION */ + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setStr("subrule_suffix","3"); + + nsrc=r->getSrc(); nsrc->reset(); + + if (!shadowing_mode) + { + ndst=r->getDst(); ndst->reset(); + nitf=r->getItf(); nitf->reset(); + if ( (nint=r->getWhen())!=NULL ) nint->reset(); +/* + * special case: need to preserve information about service protocol in case + * action_on_reject is TCP RST + */ + nsrv=r->getSrv(); + Service *srv= compiler->getFirstSrv(r); + if (TCPService::isA(srv)) + { + nsrv->clearChildren(); + nsrv->addRef(compiler->dbcopy->findInIndex(ANY_TCP_OBJ_ID)); + } + else + { + nsrv->reset(); + } + } + r->setStr("ipt_chain",new_chain); + r->setStr("upstream_rule_chain",this_chain); + if ( ! rule->getStr("ipt_target").empty() ) + r->setStr("ipt_target",rule->getStr("ipt_target")); +// r->setInterfaceStr("nil"); + r->setBool("final",true); + ruleopt =r->getOptionsObject(); + ruleopt->setBool("stateless",true); // ### + tmp_queue.push_back(r); + + } else + tmp_queue.push_back(rule); + + return true; +} + +bool PolicyCompiler_ipt::DstNegation::processNext() +{ +// PolicyCompiler_ipt *ipt_comp=dynamic_cast(compiler); + PolicyRule *rule=getNext(); if (rule==NULL) return false; + FWOptions *ruleopt =rule->getOptionsObject(); + bool afpa = ruleopt->getBool("firewall_is_part_of_any_and_networks"); + + RuleElementDst *dstrel=rule->getDst(); + +/* A ! B C D ACTION */ + + if (dstrel->getNeg()) + { + PolicyRule *r; + RuleElementSrc *nsrc; + RuleElementDst *ndst; + RuleElementSrv *nsrv; + RuleElementInterval *nint; + RuleElementItf *nitf; + FWOptions *ruleopt; + +/*chain could have been assigned if we split this rule before */ + string this_chain =rule->getStr("ipt_chain"); + string new_chain=PolicyCompiler_ipt::getNewTmpChainName(rule); + dstrel->setNeg(false); + + rule->setBool("upstream_rule_neg",true); + +/* A any C D TMP_CHAIN */ + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setStr("subrule_suffix","1"); + ndst=r->getDst(); ndst->reset(); + r->setLogging(false); + r->setStr("ipt_target",new_chain); + ruleopt =r->getOptionsObject(); + ruleopt->setInt("limit_value",-1); + ruleopt->setInt("limit_value",-1); + ruleopt->setInt("connlimit_value",-1); + ruleopt->setInt("hashlimit_value",-1); + ruleopt->setBool("firewall_is_part_of_any_and_networks",afpa); + tmp_queue.push_back(r); + +/* TMP_CHAIN any B any any RETURN */ + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setStr("subrule_suffix","2"); + + if (!shadowing_mode) + { + nsrc=r->getSrc(); nsrc->reset(); + nsrv=r->getSrv(); nsrv->reset(); + nitf=r->getItf(); nitf->reset(); + if ( (nint=r->getWhen())!=NULL ) nint->reset(); + } + + r->setAction( PolicyRule::Return ); + r->setLogging(false); + r->setStr("ipt_chain",new_chain); + r->setStr("ipt_target",""); + r->setStr("upstream_rule_chain",this_chain); + ruleopt =r->getOptionsObject(); + ruleopt->setInt("limit_value",-1); + ruleopt->setInt("limit_value",-1); + ruleopt->setInt("connlimit_value",-1); + ruleopt->setInt("hashlimit_value",-1); + ruleopt->setBool("stateless",true); // ### +// r->setInterfaceStr("nil"); + tmp_queue.push_back(r); + +/* TMP_CHAIN any any any any ACTION */ + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setStr("subrule_suffix","3"); + + ndst=r->getDst(); ndst->reset(); + + if (!shadowing_mode) + { + nsrc=r->getSrc(); nsrc->reset(); + nitf=r->getItf(); nitf->reset(); + if ( (nint=r->getWhen())!=NULL ) nint->reset(); +/* + * special case: need to preserve information about service protocol in case + * action_on_reject is TCP RST + */ + nsrv=r->getSrv(); + Service *srv= compiler->getFirstSrv(r); + if (TCPService::isA(srv)) + { + nsrv->clearChildren(); + nsrv->addRef(compiler->dbcopy->findInIndex(ANY_TCP_OBJ_ID)); + } + else + { + nsrv->reset(); + } + } + r->setStr("ipt_chain",new_chain); + r->setStr("ipt_target",""); + r->setStr("upstream_rule_chain",this_chain); + if ( ! rule->getStr("ipt_target").empty() ) + r->setStr("ipt_target",rule->getStr("ipt_target")); +// r->setInterfaceStr("nil"); + r->setBool("final",true); + ruleopt =r->getOptionsObject(); + ruleopt->setBool("stateless",true); // ### + tmp_queue.push_back(r); + + } else + tmp_queue.push_back(rule); + + return true; +} + + + + +bool PolicyCompiler_ipt::SrvNegation::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementSrv *srvrel=rule->getSrv(); + +/* A B !C D ACTION */ + + if (srvrel->getNeg()) + { + PolicyRule *r; + RuleElementSrc *nsrc; + RuleElementDst *ndst; + RuleElementSrv *nsrv; + RuleElementInterval *nint; + RuleElementItf *nitf; + FWOptions *ruleopt; + +/*chain could have been assigned if we split this rule before */ + string this_chain =rule->getStr("ipt_chain"); + string new_chain=PolicyCompiler_ipt::getNewTmpChainName(rule); + srvrel->setNeg(false); + + +/* A B any D TMP_CHAIN */ + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setStr("subrule_suffix","1"); + nsrv=r->getSrv(); nsrv->reset(); + r->setLogging(false); + r->setStr("ipt_target",new_chain); + ruleopt =r->getOptionsObject(); + ruleopt->setInt("limit_value",-1); + ruleopt->setInt("limit_value",-1); + ruleopt->setInt("connlimit_value",-1); + ruleopt->setInt("hashlimit_value",-1); + tmp_queue.push_back(r); + +/* TMP_CHAIN any any C any RETURN */ + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setStr("subrule_suffix","2"); + + if (!shadowing_mode) + { + nsrc=r->getSrc(); nsrc->reset(); + ndst=r->getDst(); ndst->reset(); + nitf=r->getItf(); nitf->reset(); + if ( (nint=r->getWhen())!=NULL ) nint->reset(); + } + + r->setAction( PolicyRule::Return ); + r->setLogging(false); + r->setStr("ipt_chain",new_chain); + r->setStr("ipt_target",""); + r->setStr("upstream_rule_chain",this_chain); + ruleopt =r->getOptionsObject(); + ruleopt->setInt("limit_value",-1); + ruleopt->setInt("limit_value",-1); + ruleopt->setInt("connlimit_value",-1); + ruleopt->setInt("hashlimit_value",-1); + ruleopt->setBool("stateless",true); // ### +// r->setInterfaceStr("nil"); + tmp_queue.push_back(r); + +/* TMP_CHAIN any any any any ACTION */ + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setStr("subrule_suffix","3"); + + nsrv=r->getSrv(); nsrv->reset(); + + if (!shadowing_mode) + { + nsrc=r->getSrc(); nsrc->reset(); + ndst=r->getDst(); ndst->reset(); + nitf=r->getItf(); nitf->reset(); + if ( (nint=r->getWhen())!=NULL ) nint->reset(); + } + + r->setStr("ipt_chain",new_chain); + r->setStr("upstream_rule_chain",this_chain); + r->setBool("upstream_rule_neg",true); + if ( ! rule->getStr("ipt_target").empty() ) + r->setStr("ipt_target",rule->getStr("ipt_target")); +// r->setInterfaceStr("nil"); + r->setBool("final",true); + ruleopt =r->getOptionsObject(); + ruleopt->setBool("stateless",true); // ### + tmp_queue.push_back(r); + + } else + tmp_queue.push_back(rule); + + return true; +} + + +bool PolicyCompiler_ipt::TimeNegation::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + FWOptions *ruleopt =rule->getOptionsObject(); + bool afpa = ruleopt->getBool("firewall_is_part_of_any_and_networks"); + + RuleElementInterval *intrel=rule->getWhen(); + +/* A B C !D ACTION */ + + if (intrel!=NULL && intrel->getNeg()) + { + PolicyRule *r; + RuleElementSrc *nsrc; + RuleElementDst *ndst; + RuleElementSrv *nsrv; + RuleElementInterval *nint; + RuleElementItf *nitf; + FWOptions *ruleopt; + +/*chain could have been assigned if we split this rule before */ + string this_chain =rule->getStr("ipt_chain"); + string new_chain=PolicyCompiler_ipt::getNewTmpChainName(rule); + intrel->setNeg(false); + + rule->setBool("upstream_rule_neg",true); + +/* A B C any TMP_CHAIN */ + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setStr("subrule_suffix","1"); + if ( (nint=r->getWhen())!=NULL ) nint->reset(); + r->setLogging(false); + r->setStr("ipt_target",new_chain); + ruleopt =r->getOptionsObject(); + ruleopt->setInt("limit_value",-1); + ruleopt->setInt("limit_value",-1); + ruleopt->setInt("connlimit_value",-1); + ruleopt->setInt("hashlimit_value",-1); + ruleopt->setBool("firewall_is_part_of_any_and_networks",afpa); + tmp_queue.push_back(r); + +/* TMP_CHAIN any any any D RETURN */ + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setStr("subrule_suffix","2"); + + if (!shadowing_mode) + { + nsrc=r->getSrc(); nsrc->reset(); + ndst=r->getDst(); ndst->reset(); + nsrv=r->getSrv(); nsrv->reset(); + nitf=r->getItf(); nitf->reset(); + } + + r->setAction( PolicyRule::Return ); + r->setLogging(false); + r->setStr("ipt_chain",new_chain); + r->setStr("ipt_target",""); + r->setStr("upstream_rule_chain",this_chain); + ruleopt =r->getOptionsObject(); + ruleopt->setInt("limit_value",-1); + ruleopt->setInt("limit_value",-1); + ruleopt->setInt("connlimit_value",-1); + ruleopt->setInt("hashlimit_value",-1); + ruleopt->setBool("stateless",true); // ### +// r->setInterfaceStr("nil"); + tmp_queue.push_back(r); + +/* TMP_CHAIN any any any any ACTION */ + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setStr("subrule_suffix","3"); + + if ( (nint=r->getWhen())!=NULL ) nint->reset(); + + if (!shadowing_mode) + { + nsrc=r->getSrc(); nsrc->reset(); + ndst=r->getDst(); ndst->reset(); + nsrv=r->getSrv(); nsrv->reset(); + nitf=r->getItf(); nitf->reset(); +/* + * special case: need to preserve information about service protocol in case + * action_on_reject is TCP RST + */ + nsrv=r->getSrv(); + Service *srv= compiler->getFirstSrv(r); + if (TCPService::isA(srv)) + { + nsrv->clearChildren(); + nsrv->addRef(compiler->dbcopy->findInIndex(ANY_TCP_OBJ_ID)); + } + else + { + nsrv->reset(); + } + } + r->setStr("ipt_chain",new_chain); + r->setStr("upstream_rule_chain",this_chain); + if ( ! rule->getStr("ipt_target").empty() ) + r->setStr("ipt_target",rule->getStr("ipt_target")); +// r->setInterfaceStr("nil"); + r->setBool("final",true); + ruleopt =r->getOptionsObject(); + ruleopt->setBool("stateless",true); // ### + tmp_queue.push_back(r); + + } else + tmp_queue.push_back(rule); + + return true; +} + + + + + + + + +bool PolicyCompiler_ipt::InterfaceAndDirection::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + tmp_queue.push_back(rule); + + RuleElementItf *itfre=rule->getItf(); assert(itfre); + + if (rule->getDirection()==PolicyRule::Undefined) + rule->setDirection( PolicyRule::Both ); + + if (itfre->isAny() && rule->getDirection()==PolicyRule::Both) + { + rule->setInterfaceStr("nil"); + return true; + } + + if (itfre->isAny() && ( + rule->getDirection()==PolicyRule::Inbound || + rule->getDirection()==PolicyRule::Outbound )) + { + rule->setInterfaceStr("*"); + return true; + } + + + return true; +} + +bool PolicyCompiler_ipt::setChainPreroutingForTag::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + /* + * About setting chain for rules with action Tag + * + * We tag in chains OUTPUT and PREROUTING. Here is why we need + * OUTPUT: packets that originate on the firewall should be marked + * in OUTPUT chain rather than in POSTROUTING because NAT + * rerouting happens after OUTPUT hook but before POSTROUTING + * hook. See diagram at + * http://www.shorewall.net/NetfilterOverview.html + * + * Packet that traverse the firewall will be marked in PREROUTING + * giving us a chance to match them later in other chains. + * + * Rule is split by the normal splitIfSrcAny rule processor if src + * is any or chain is set to OUTPUT if src matches fw. In case + * rule is split, the second copy won't have chain set when this + * rule processor is called so it will place it in PREROUTING. + * + * This means this processor must be called after splitIfSrcAny but + * before splitIfDstAny + * + * Chain is set by the rule processor setChainForMangle for all + * rules in the table mangle if direction is set to Inbound or + * Outbound + */ + + /* + * set chain to PREROUTING if this is (was) a Tag rule, chain has + * not been assigned yet, direction is Both and there is no + * interface. + */ + if ( (rule->getAction() == PolicyRule::Tag || + rule->getStr("stored_action")=="Tag") && + rule->getStr("ipt_chain").empty() && + (rule->getDirection()==PolicyRule::Both || + rule->getDirection()==PolicyRule::Inbound) && + rule->getInterfaceId().empty() ) + rule->setStr("ipt_chain","PREROUTING"); + + tmp_queue.push_back(rule); + + return true; +} + + +bool PolicyCompiler_ipt::setChainPostroutingForTag::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + if ( (rule->getAction() == PolicyRule::Tag || + rule->getStr("stored_action")=="Tag") && + rule->getStr("ipt_chain").empty() && + (rule->getDirection()==PolicyRule::Both || + rule->getDirection()==PolicyRule::Outbound) && + rule->getInterfaceId().empty() ) + rule->setStr("ipt_chain","POSTROUTING"); + + tmp_queue.push_back(rule); + + return true; +} + +bool PolicyCompiler_ipt::checkForRestoreMarkInOutput::processNext() +{ + PolicyCompiler_ipt *ipt_comp=dynamic_cast(compiler); + PolicyRule *rule=getNext(); if (rule==NULL) return false; + FWOptions *ruleopt = rule->getOptionsObject(); + + if ( (rule->getAction() == PolicyRule::Tag || + rule->getStr("stored_action")=="Tag") && + ruleopt->getBool("ipt_mark_connections") && + rule->getStr("ipt_chain")=="OUTPUT") + ipt_comp->have_connmark_in_output = true; + + tmp_queue.push_back(rule); + return true; +} + + +bool PolicyCompiler_ipt::setChainForMangle::processNext() +{ + PolicyCompiler_ipt *ipt_comp=dynamic_cast(compiler); + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + if (ipt_comp->my_table=="mangle" && rule->getStr("ipt_chain").empty()) + { + if (rule->getDirection()==PolicyRule::Inbound) + rule->setStr("ipt_chain","PREROUTING"); + + if (rule->getDirection()==PolicyRule::Outbound) + rule->setStr("ipt_chain","POSTROUTING"); + } + + tmp_queue.push_back(rule); + return true; +} + +/* + * couple of special cases for rules with action Tag + * + * option 'ipt_mark_connections' means we need to generate two rules: + * one with target MARK and another with target CONNMARK. We place + * these two new rules in a separate chain. + * + * if global option 'classify_mark_terminating' is also on, we place third rule in + * the same chain, this time with action ACCEPT. + * + * Note that if option 'ipt_mark_connections' is off, we do not process + * classify_mark_terminating option here. It will be processed later in + * splitNonTerminatingTargets + */ +bool PolicyCompiler_ipt::splitIfTagAndConnmark::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + PolicyCompiler_ipt *ipt_comp=dynamic_cast(compiler); + FWOptions *ruleopt = rule->getOptionsObject(); + Interface *rule_iface = compiler->getCachedFwInterface(rule->getInterfaceId()); + + RuleElementSrc *nsrc; + RuleElementDst *ndst; + RuleElementSrv *nsrv; + RuleElementInterval *nint; + bool make_terminating = compiler->fw->getOptionsObject()->getBool("classify_mark_terminating"); + + if (rule->getAction() == PolicyRule::Tag && + ruleopt->getBool("ipt_mark_connections")) + { + PolicyRule *r, *r1; + + if (make_terminating) + ruleopt->setBool("already_terminating_target",true); + + string this_chain = rule->getStr("ipt_chain"); + string new_chain=PolicyCompiler_ipt::getNewChainName(rule,rule_iface); + + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setStr("ipt_target",new_chain); + r->setLogging(false); + r->setAction(PolicyRule::Continue); + r->setLogging(false); + ruleopt =r->getOptionsObject(); + if (make_terminating) + ruleopt->setBool("already_terminating_target",true); + + tmp_queue.push_back(r); + + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setStr("ipt_chain",new_chain); + r->setStr("upstream_rule_chain",this_chain); +// r->setDirection( PolicyRule::Both ); + ruleopt =r->getOptionsObject(); + ruleopt->setBool("stateless",true); + r->setBool("force_state_check",false); + ruleopt->setInt("limit_value",-1); + ruleopt->setInt("connlimit_value",-1); + ruleopt->setInt("hashlimit_value",-1); + nsrc=r->getSrc(); nsrc->reset(); + ndst=r->getDst(); ndst->reset(); + nsrv=r->getSrv(); nsrv->reset(); + if ( (nint=r->getWhen())!=NULL ) nint->reset(); + if (make_terminating) + ruleopt->setBool("already_terminating_target",true); + + tmp_queue.push_back(r); + + r1= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r1); + r1->duplicate(r); + r1->setStr("ipt_target","CONNMARK"); + r1->setAction(PolicyRule::Continue); // ### + r1->setLogging(false); + ruleopt =r1->getOptionsObject(); + ruleopt->setStr("CONNMARK_arg","--save-mark"); + if (make_terminating) + ruleopt->setBool("already_terminating_target",true); + + tmp_queue.push_back(r1); + + if (make_terminating) + { + r1= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r1); + r1->duplicate(r); + r1->setStr("ipt_target","ACCEPT"); + r1->setAction(PolicyRule::Accept); + r1->setLogging(false); + tmp_queue.push_back(r1); + } + + ipt_comp->have_connmark = true; + } else + tmp_queue.push_back(rule); + + return true; +} + + +bool PolicyCompiler_ipt::splitIfIfaceAndDirectionBoth::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementItf *itfre=rule->getItf(); assert(itfre); + + if ( !itfre->isAny() && rule->getDirection()==PolicyRule::Both) + { + PolicyRule *r; + + // If this rule has been assigned to chain POSTROUTING, + // direction 'inbound' does not make sense for it. + if (rule->getStr("ipt_chain") != "POSTROUTING") + { + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setDirection( PolicyRule::Inbound ); + tmp_queue.push_back(r); + } + + // If this rule has been assigned to chain PREROUTING, + // direction 'Outbound' does not make sense for it. + if (rule->getStr("ipt_chain") != "PREROUTING") + { + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setDirection( PolicyRule::Outbound ); + tmp_queue.push_back(r); + } + } else + tmp_queue.push_back(rule); + + return true; +} + +bool PolicyCompiler_ipt::bridgingFw::checkForMatchingBroadcastAndMulticast(Address *addr) +{ + + IPAddress obj1_addr=addr->getAddress(); + if (obj1_addr!=IPAddress("0.0.0.0") && + (obj1_addr.isBroadcast() || obj1_addr.isMulticast()) + ) return true; + + FWObjectTypedChildIterator j=compiler->fw->findByType(Interface::TYPENAME); + for ( ; j!=j.end(); ++j ) + { + Interface *iface=Interface::cast(*j); + if ( iface->isRegular() ) + { + FWObjectTypedChildIterator k=iface->findByType(IPv4::TYPENAME); + for ( ; k!=k.end(); ++k ) { + IPv4 *ipv4=IPv4::cast(*k); + +/* + * bug #780345: if interface has netmask 255.255.255.255, its own + * address will be detected as broadcast. Of course interface address + * should not be created with netmask 255.255.255.255, but even if it + * is, we should not interpret its own address as a broadcast, so we + * should just skip it here. Typical case when this happens is the + * rule that uses firewall's interface in dst. If we compare an addres + * found in dst against combination addr/netmask of the same + * interface, and the netmask is 255.255.255.255, then we get positive + * match because this routine interprets this address as a broadcast. + */ + if (ipv4->getNetmask()==Netmask("255.255.255.255")) continue; +/* + * commented out to fix bug #637694 - "bridge enbaled / management" + * Rule where firewall was in destination, and bridging option was on, + * yielded code in FORWARD chain when this line was uncommented. + + if ( ipv4->getAddress()==obj1_addr ) return true; + + */ + IPNetwork n( ipv4->getAddress() , ipv4->getNetmask() ); + if (n.getAddress()==obj1_addr) return true; + if (n.getBroadcastAddress()==obj1_addr) return true; + } + } + } + return false; +} + +/* + * call this after splitIfSrcMatchesFw and splitIfDstMatchesFw so that + * we can count on firewall or broadcast/multicast being a single + * object in src and dst. + */ +bool PolicyCompiler_ipt::bridgingFw::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + +// Address *src=compiler->getFirstSrc(rule); + Address *dst=compiler->getFirstDst(rule); + + + if ( rule->getStr("ipt_chain")=="INPUT" ) + { + if ( checkForMatchingBroadcastAndMulticast(dst) ) + { +/* bug #1101910: "Samba problem with Bridged Firewall" + * need to split rule to take care of broadcasts forwarded by the bridge, as well + * as broadcasts that are accepted by the firewall itself. Need to do this only if + * the rule is not associated with any bridging interfaces + */ + RuleElementItf *itfre=rule->getItf(); assert(itfre); + + Interface *rule_iface = compiler->getCachedFwInterface(rule->getInterfaceId()); + if (rule_iface!=NULL && + (rule_iface->isUnnumbered() || + rule_iface->isBridgePort() ) + ) rule->setStr("ipt_chain","FORWARD"); + else + { + PolicyRule *r= PolicyRule::cast( + compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setStr("ipt_chain","FORWARD"); + tmp_queue.push_back(r); + } + } + } + + + tmp_queue.push_back(rule); + + return true; +} + +bool PolicyCompiler_ipt::splitIfSrcNegAndFw::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + if ( ! rule->getStr("ipt_chain").empty() ) + { + tmp_queue.push_back(rule); + return true; + } + + RuleElementSrc *srcrel=rule->getSrc(); + RuleElementSrc *nsrc; +// Address *src=compiler->getFirstSrc(rule); + +/* if there is negation in SRC, then we need to split the rule based on what + * first rule generated as the result of processing negation would be: + + any B C TMP_CHAIN + + in this case SRC will become Any even if it is not in the original + rule. That is, we should split if srcrel is 'any' OR if it has negation. + + To avoid extra complexity in the generated code, this processor does it only + if src contains more than 1 object and one of these objects is firewall. This + is the only case when we need to split before processing negation. All other + "normal" cases are handled by splitIfSrcAny + + */ + + list fwLikes; + list notFwLikes; + + if (rule->getDirection()!=PolicyRule::Inbound && srcrel->getNeg()) + { + for (list::iterator i1=srcrel->begin(); i1!=srcrel->end(); ++i1) + { + FWObject *o = *i1; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + + Address *a = Address::cast(o); + if (a && compiler->complexMatch(a,compiler->fw)) + fwLikes.push_back(o); + else + notFwLikes.push_back(o); + } + + if (fwLikes.size() != 0) + { + PolicyRule *r= PolicyRule::cast( + compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setStr("ipt_chain","OUTPUT"); + r->setDirection( PolicyRule::Outbound ); + nsrc=r->getSrc(); + nsrc->clearChildren(); + for (list::iterator m=fwLikes.begin(); m!=fwLikes.end(); ++m) + nsrc->addRef(*m); + tmp_queue.push_back(r); + +// rule->setStr("ipt_chain","FORWARD"); + nsrc=rule->getSrc(); + nsrc->reset(); // resets negation flag + for (list::iterator m=notFwLikes.begin(); m!=notFwLikes.end(); ++m) + nsrc->addRef(*m); + if (!nsrc->isAny()) nsrc->setNeg(true); + FWOptions *ruleopt = rule->getOptionsObject(); + ruleopt->setBool("firewall_is_part_of_any_and_networks",false); // so we do not put this rule in OUTPUT chain later + tmp_queue.push_back(rule); + return true; + } + } + tmp_queue.push_back(rule); + + return true; +} + +bool PolicyCompiler_ipt::splitIfDstNegAndFw::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + if ( ! rule->getStr("ipt_chain").empty() ) + { + tmp_queue.push_back(rule); + return true; + } + + RuleElementDst *dstrel=rule->getDst(); + RuleElementDst *ndst; +// Address *dst=compiler->getFirstDst(rule); + +/* if there is negation in DST, then we need to split the rule based on what + * first rule generated as the result of processing negation would be: + + A any C TMP_CHAIN + + in this case DST will become Any even if it is not in the original + rule. That is, we should split if dstrel is 'any' OR if it has negation. + + To avoid extra complexity in the generated code, this processor does it only + if dst contains more than 1 object and one of these objects is firewall. This + is the only case when we need to split before processing negation. All other + "normal" cases are handled by splitIfDstAny + + */ + + list fwLikes; + list notFwLikes; + + if (rule->getDirection()!=PolicyRule::Outbound && dstrel->getNeg()) + { + for (list::iterator i1=dstrel->begin(); i1!=dstrel->end(); ++i1) + { + FWObject *o = *i1; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + + Address *a = Address::cast(o); + if (a && compiler->complexMatch(a,compiler->fw)) + fwLikes.push_back(o); + else + notFwLikes.push_back(o); + } + + if (fwLikes.size() != 0) + { + PolicyRule *r= PolicyRule::cast( + compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setStr("ipt_chain","INPUT"); + r->setDirection( PolicyRule::Inbound ); + ndst=r->getDst(); + ndst->clearChildren(); + for (list::iterator m=fwLikes.begin(); m!=fwLikes.end(); ++m) + ndst->addRef(*m); + tmp_queue.push_back(r); + + // the second rule goes into FORWARD chain, but if source + // is (or contains) firewall, we may also need OUTPUT chain + +// rule->setStr("ipt_chain","FORWARD"); + ndst=rule->getDst(); + ndst->reset(); // resets negation flag + for (list::iterator m=notFwLikes.begin(); m!=notFwLikes.end(); ++m) + ndst->addRef(*m); + if (!ndst->isAny()) ndst->setNeg(true); + FWOptions *ruleopt = rule->getOptionsObject(); + ruleopt->setBool("firewall_is_part_of_any_and_networks",false); // so we do not put this rule in INPUT chain later + tmp_queue.push_back(rule); + return true; + } + } + tmp_queue.push_back(rule); + + return true; +} + +bool PolicyCompiler_ipt::splitIfSrcAny::processNext() +{ + PolicyCompiler_ipt *ipt_comp=dynamic_cast(compiler); + PolicyRule *rule=getNext(); if (rule==NULL) return false; + +// FWOptions *fwopt = compiler->getCachedFwOpt(); + FWOptions *ruleopt = rule->getOptionsObject(); +/* commented to fix bug #1112470 + * if fw is considered part of any, we should place rule in INPUT/OUTPUT + * chains even if it is a bridging fw since fw itself may send or receive + * packets + */ + if ( /* fwopt->getBool("bridging_fw") || */ + ! ruleopt->getBool("firewall_is_part_of_any_and_networks") ) + { + tmp_queue.push_back(rule); + return true; + } + + if ( ! rule->getStr("ipt_chain").empty() ) + { + tmp_queue.push_back(rule); + return true; + } + + RuleElementSrc *srcrel=rule->getSrc(); + Address *src=compiler->getFirstSrc(rule); + + if ( rule->getDirection()!=PolicyRule::Inbound && + ( + srcrel->isAny() || + + ( srcrel->size()==1 && src!=NULL && + !compiler->complexMatch(src,compiler->fw) && + srcrel->getBool("single_object_negation")) + ) + ) + { + + PolicyRule *r= PolicyRule::cast( + compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setStr("ipt_chain","OUTPUT"); + r->setDirection( PolicyRule::Outbound ); + tmp_queue.push_back(r); + + // if this rule is for mangle table, need to put it into + // POSTROUTING chain as well because some targets that + // work with mangle table can only go into POSTROUTING chain + // such as CLASSIFY + if (ipt_comp->my_table=="mangle" && rule->getAction()==PolicyRule::Classify) + { + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setStr("ipt_chain","POSTROUTING"); + r->setDirection( PolicyRule::Outbound ); + tmp_queue.push_back(r); + } + + } + tmp_queue.push_back(rule); // add old rule anyway + + return true; +} + +bool PolicyCompiler_ipt::splitIfDstAny::processNext() +{ + PolicyCompiler_ipt *ipt_comp=dynamic_cast(compiler); + PolicyRule *rule=getNext(); if (rule==NULL) return false; + +// FWOptions *fwopt = compiler->getCachedFwOpt(); + FWOptions *ruleopt = rule->getOptionsObject(); +/* commented to fix bug #1112470 + * if fw is considered part of any, we should place rule in INPUT/OUTPUT + * chains even if it is a bridging fw since fw itself may send or receive + * packets + */ + if ( /* fwopt->getBool("bridging_fw") || */ + ! ruleopt->getBool("firewall_is_part_of_any_and_networks") ) + { + tmp_queue.push_back(rule); + return true; + } + + if ( ! rule->getStr("ipt_chain").empty() ) + { + tmp_queue.push_back(rule); + return true; + } + + RuleElementDst *dstrel=rule->getDst(); + Address *dst=compiler->getFirstDst(rule); + + if ( rule->getDirection()!=PolicyRule::Outbound && + ( + dstrel->isAny() || + + ( dstrel->size()==1 && dst!=NULL && + !compiler->complexMatch(dst,compiler->fw) && + dstrel->getBool("single_object_negation")) + ) + ) + { + PolicyRule *r= PolicyRule::cast( + compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setStr("ipt_chain","INPUT"); + r->setDirection( PolicyRule::Inbound ); + tmp_queue.push_back(r); + + // if this rule is for mangle table, need to put it into + // POSTROUTING chain as well because some targets that + // work with mangle table can only go into POSTROUTING chain + // such as CLASSIFY + if (ipt_comp->my_table=="mangle" && rule->getAction()==PolicyRule::Classify) + { + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setStr("ipt_chain","PREROUTING"); + r->setDirection( PolicyRule::Inbound ); + tmp_queue.push_back(r); + } + + } + tmp_queue.push_back(rule); // add old rule in any case + + return true; +} + +bool PolicyCompiler_ipt::splitIfSrcAnyForShadowing::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + if (rule->getAction() == PolicyRule::Classify) + { + tmp_queue.push_back(rule); + return true; + } + + RuleElementSrc *srcrel=rule->getSrc(); + FWOptions *ruleopt = rule->getOptionsObject(); + + if ( ruleopt->getBool("firewall_is_part_of_any_and_networks") && + rule->getDirection()!=PolicyRule::Inbound && + srcrel->isAny() ) + { + PolicyRule *r= PolicyRule::cast( + compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setStr("ipt_chain","OUTPUT"); + r->setDirection( PolicyRule::Outbound ); + RuleElementSrc *nsrcrel=r->getSrc(); + nsrcrel->addRef(compiler->fw); + tmp_queue.push_back(r); + } + tmp_queue.push_back(rule); // add old rule anyway + + return true; +} + +bool PolicyCompiler_ipt::splitIfDstAnyForShadowing::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + if (rule->getAction() == PolicyRule::Classify) + { + tmp_queue.push_back(rule); + return true; + } + + RuleElementDst *dstrel=rule->getDst(); + FWOptions *ruleopt = rule->getOptionsObject(); + + if ( ruleopt->getBool("firewall_is_part_of_any_and_networks") && + rule->getDirection()!=PolicyRule::Outbound && + dstrel->isAny() ) + { + PolicyRule *r= PolicyRule::cast( + compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setStr("ipt_chain","INPUT"); + r->setDirection( PolicyRule::Inbound ); + RuleElementDst *ndstrel=r->getDst(); + ndstrel->addRef(compiler->fw); + tmp_queue.push_back(r); + } + tmp_queue.push_back(rule); // add old rule anyway + + return true; +} + + +bool PolicyCompiler_ipt::splitIfSrcFWNetwork::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + if (rule->getAction() == PolicyRule::Classify) + { + tmp_queue.push_back(rule); + return true; + } + + RuleElementSrc *srcrel=rule->getSrc(); + + FWOptions *fwopt = compiler->getCachedFwOpt(); + FWOptions *ruleopt = rule->getOptionsObject(); + if ( fwopt->getBool("bridging_fw") || + ! ruleopt->getBool("firewall_is_part_of_any_and_networks") ) + { + tmp_queue.push_back(rule); + return true; + } + + if ( ! rule->getStr("ipt_chain").empty() || srcrel->isAny() ) + { + tmp_queue.push_back(rule); + return true; + } + + if (rule->getDirection()!=PolicyRule::Inbound) + { + std::map obj_subst; + + for (list::iterator i1=srcrel->begin(); i1!=srcrel->end(); ++i1) + { + FWObject *o = *i1; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + Address *a=Address::cast(o); + Address *na; + if ( Network::isA(a) && (na=compiler->findAddressFor( a , compiler->fw ))!=NULL ) + { + obj_subst[a]=na; + } + } + + if ( ! obj_subst.empty() ) + { + PolicyRule *r= PolicyRule::cast( + compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setStr("ipt_chain","OUTPUT"); + r->setDirection( PolicyRule::Outbound ); + +#if 0 +/* I can't decide right now if I should replace network objects with firewall's addresses. + I am going not to replace them for now */ + RuleElementSrc *nsrcrel=r->getSrc(); + for (std::map::iterator i=obj_subst.begin(); i!=obj_subst.end(); i++) + { + nsrcrel->removeRef( i->first ); + nsrcrel->addRef( i->second ); + } +#endif + tmp_queue.push_back(r); + } + } + tmp_queue.push_back(rule); + + return true; +} + + +bool PolicyCompiler_ipt::splitIfDstFWNetwork::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + if (rule->getAction() == PolicyRule::Classify) + { + tmp_queue.push_back(rule); + return true; + } + + RuleElementDst *dstrel=rule->getDst(); + + FWOptions *fwopt = compiler->getCachedFwOpt(); + FWOptions *ruleopt = rule->getOptionsObject(); + if ( fwopt->getBool("bridging_fw") || + ! ruleopt->getBool("firewall_is_part_of_any_and_networks") ) + { + tmp_queue.push_back(rule); + return true; + } + + if ( ! rule->getStr("ipt_chain").empty() || dstrel->isAny() ) + { + tmp_queue.push_back(rule); + return true; + } + + if (rule->getDirection()!=PolicyRule::Outbound) + { + std::map obj_subst; + + for (list::iterator i1=dstrel->begin(); i1!=dstrel->end(); ++i1) + { + FWObject *o = *i1; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + Address *a=Address::cast(o); + Address *na; + if ( Network::isA(a) && (na=compiler->findAddressFor( a , compiler->fw ))!=NULL ) + { + obj_subst[a]=na; + } + } + + if ( ! obj_subst.empty() ) + { + PolicyRule *r= PolicyRule::cast( + compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setStr("ipt_chain","INPUT"); + r->setDirection( PolicyRule::Inbound ); + +#if 0 +/* I can't decide right now if I should replace network objects with firewall's addresses. + I am going not to replace them for now */ + RuleElementDst *ndstrel=r->getDst(); + for (std::map::iterator i=obj_subst.begin(); i!=obj_subst.end(); i++) + { + ndstrel->removeRef( i->first ); + ndstrel->addRef( i->second ); + } +#endif + tmp_queue.push_back(r); + } + } + tmp_queue.push_back(rule); + + return true; +} + + +/* + * predicates that run before guarantee that when we call this one, + * firewall object, if it is in src or dst, is single object there + */ +bool PolicyCompiler_ipt::checkSrcAndDst1::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + +// RuleElementSrc *srcrel=rule->getSrc(); + Address *src =compiler->getFirstSrc(rule); assert(src); +// RuleElementDst *dstrel=rule->getDst(); + Address *dst =compiler->getFirstDst(rule); assert(dst); + + if (src->getId()!=compiler->getFwId() && + dst->getId()==compiler->getFwId() && + rule->getDirection()==PolicyRule::Outbound ) + throw FWException(_("direction can not be outbound when destination is firewall, in rule ")+rule->getLabel()); + + tmp_queue.push_back(rule); + return true; +} + +bool PolicyCompiler_ipt::checkSrcAndDst2::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + +// RuleElementSrc *srcrel=rule->getSrc(); + Address *src =compiler->getFirstSrc(rule); assert(src); +// RuleElementDst *dstrel=rule->getDst(); + Address *dst =compiler->getFirstDst(rule); assert(dst); + + if (src->getId()==compiler->getFwId() && + dst->getId()!=compiler->getFwId() && + rule->getDirection()==PolicyRule::Inbound ) + throw FWException(_("direction can not be inbound when source is firewall, in rule ")+rule->getLabel()); + + tmp_queue.push_back(rule); + return true; +} + +bool PolicyCompiler_ipt::specialCaseWithFW1::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + if (rule->getAction() == PolicyRule::Classify) + { + tmp_queue.push_back(rule); + return true; + } + +// RuleElementSrc *srcrel=rule->getSrc(); + Address *src =compiler->getFirstSrc(rule); + if(src==NULL) throw(_("Broken SRC in rule ")+rule->getLabel()); +// RuleElementDst *dstrel=rule->getDst(); + Address *dst =compiler->getFirstDst(rule); + if(dst==NULL) throw(_("Broken DST in rule ")+rule->getLabel()); + + if (!src->isAny() && !dst->isAny() && + compiler->complexMatch(src,compiler->fw) && + compiler->complexMatch(dst,compiler->fw) && + rule->getDirection()== PolicyRule::Both ) + { + PolicyRule *r; + + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setDirection( PolicyRule::Inbound ); + tmp_queue.push_back(r); + + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setDirection( PolicyRule::Outbound ); + tmp_queue.push_back(r); + } else + tmp_queue.push_back(rule); + + return true; +} + +/* + * this is basically the same as ExpandMultipleAddresses except it + * does not skip loopback + */ +bool PolicyCompiler_ipt::specialCaseWithFW2::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementSrc *srcrel=rule->getSrc(); + Address *src =compiler->getFirstSrc(rule); + RuleElementDst *dstrel=rule->getDst(); + Address *dst =compiler->getFirstDst(rule); + + if (src->getId()==compiler->fw->getId() && dst->getId()==compiler->fw->getId() ) + { + srcrel->reset(); + dstrel->reset(); + + list all_addresses; + + FWObjectTypedChildIterator i=compiler->fw->findByType(Interface::TYPENAME); + for ( ; i!=i.end(); ++i ) + { + Interface *iface=Interface::cast(*i); + if ( iface->isUnnumbered() || iface->isBridgePort() ) continue; + + FWObjectTypedChildIterator j=iface->findByType(IPv4::TYPENAME); + for ( ; j!=j.end(); ++j ) all_addresses.push_back( *j); + } + for (list::iterator i=all_addresses.begin(); i!=all_addresses.end(); ++i) + { + srcrel->addRef(*i); + dstrel->addRef(*i); + } + } + + tmp_queue.push_back(rule); + return true; +} + +bool PolicyCompiler_ipt::specialCaseWithUnnumberedInterface::dropUnnumberedInterface(RuleElement *re) +{ + if (re->isAny()) return true; + list cl; + for (list::iterator i1=re->begin(); i1!=re->end(); ++i1) + { + FWObject *o = *i1; + FWObject *obj = o; + if (FWReference::cast(o)!=NULL) obj=FWReference::cast(o)->getPointer(); + Interface *ifs =Interface::cast( obj ); + + if (ifs!=NULL && + (ifs->isUnnumbered() || ifs->isBridgePort())) cl.push_back(obj); + } + + if (!cl.empty()) + { + for (list::iterator i1=cl.begin(); i1!=cl.end(); ++i1) + re->removeRef( (*i1) ); + } + return (!re->isAny() ); +} + + +/** + * checks for the following situations: + * + * 1. unnumbered interface is in source and direction is inbound + * (drop interface from src since source address is + * undertermined) + * + * 2. unnumbered interface is in source, direction is outbound + * and chain is temporary (drop interface from the list, this + * rule has been created while processing negation. TODO: this + * is kludge, need to create separate temporary chain while + * doing negation in src if one of the objects is firewall) + * + * 3. unnumbered interface is in destination and chain is "OUTPUT" + * (drop interface since dest. address is undefined) + * + * + */ +bool PolicyCompiler_ipt::specialCaseWithUnnumberedInterface::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + bool keep_rule=true; + switch ( rule->getDirection() ) + { + case PolicyRule::Inbound: + keep_rule=dropUnnumberedInterface( rule->getSrc() ); + break; + case PolicyRule::Outbound: + if ( rule->getStr("ipt_chain")=="OUTPUT" ) + keep_rule=dropUnnumberedInterface( rule->getDst() ); + else + keep_rule=dropUnnumberedInterface( rule->getSrc() ); + break; + default: ; + } + + if (keep_rule) tmp_queue.push_back(rule); + return true; +} + +void PolicyCompiler_ipt::checkForDynamicInterfacesOfOtherObjects::findDynamicInterfaces(RuleElement *re, + Rule *rule) +{ + if (re->isAny()) return; + list cl; + for (list::iterator i1=re->begin(); i1!=re->end(); ++i1) + { + FWObject *o = *i1; + FWObject *obj = o; + if (FWReference::cast(o)!=NULL) obj=FWReference::cast(o)->getPointer(); + Interface *ifs =Interface::cast( obj ); + + if (ifs!=NULL && ifs->isDyn() && ! ifs->isChildOf(compiler->fw)) + { + char errstr[2048]; + sprintf(errstr,_("Can not build rule using dynamic interface '%s' of the object '%s' because its address in unknown. Rule %s"), + ifs->getName().c_str(), + ifs->getParent()->getName().c_str(), + rule->getLabel().c_str() ); + + throw FWException(errstr); + } + } +} + + +bool PolicyCompiler_ipt::checkForDynamicInterfacesOfOtherObjects::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + findDynamicInterfaces( rule->getSrc() , rule ); + findDynamicInterfaces( rule->getDst() , rule ); + + tmp_queue.push_back(rule); + return true; +} + +/* + * remember, behavior of this processor has been changed in virtual + * method _expandInterface + */ +bool PolicyCompiler_ipt::expandMultipleAddressesIfNotFWinSrc::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementSrc *srcrel=rule->getSrc(); + Address *src =compiler->getFirstSrc(rule); assert(src); + + if (Firewall::cast(src)==NULL) compiler->_expandAddr(rule,srcrel); + + tmp_queue.push_back(rule); + + return true; +} + +bool PolicyCompiler_ipt::expandMultipleAddressesIfNotFWinDst::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementDst *dstrel=rule->getDst(); + Address *dst =compiler->getFirstDst(rule); assert(dst); + + if (Firewall::cast(dst)==NULL) compiler->_expandAddr(rule,dstrel); + + tmp_queue.push_back(rule); + + return true; +} + +void PolicyCompiler_ipt::expandLoopbackInterfaceAddress::replaceLoopbackWithItsAddress(RuleElement *rel, + Rule *rule) +{ + if (rel->isAny()) return; + list cl; + for (list::iterator i1=rel->begin(); i1!=rel->end(); ++i1) + { + FWObject *o = *i1; + FWObject *obj = o; + if (FWReference::cast(o)!=NULL) obj=FWReference::cast(o)->getPointer(); + + if (Interface::cast(obj)!=NULL && Interface::cast(obj)->isLoopback()) + { + FWObject *addr=obj->getFirstByType(IPv4::TYPENAME); + if (addr==NULL) + compiler->abort(_("Loopback interface of the firewall object does not have IP address but is used in the rule ")+rule->getLabel()); + rel->removeRef(obj); + rel->addRef(addr); + break; // I guess there can be only one loopback object in the rule, right ? + } + } +} + +bool PolicyCompiler_ipt::expandLoopbackInterfaceAddress::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementSrc *srcrel=rule->getSrc(); + RuleElementDst *dstrel=rule->getDst(); + + replaceLoopbackWithItsAddress(srcrel,rule); + replaceLoopbackWithItsAddress(dstrel,rule); + + tmp_queue.push_back(rule); + + return true; +} + +/* + * This processor sets chain only if it is INPUT or OUTPUT. We will + * look at the rule if it goes into FORWARD chain in + * splitIfSrcFWNetwork / splitIfDstFWNetwork and possibly split it. We will + * set chain to FORWARD after that in decideOnChain + */ +bool PolicyCompiler_ipt::decideOnChainIfSrcFW::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + if ( ! rule->getStr("ipt_chain").empty() || + rule->getAction() == PolicyRule::Classify) + { + tmp_queue.push_back(rule); + return true; + } + + Address *src =compiler->getFirstSrc(rule); assert(src); + +/* Bug 811860: "IPTables Compiler Firewall IP to Input Chain". + * on a bridging firewall rules not associated with interfaces should + * go into INPUT/OUTPUT chain on interfaces that do routing and into + * FORWARD chain on bridging interfaces. Sometimes bridging interfaces + * are not created in the GUI, so to play it safe we will split the + * rule and put it into both FORWARD and INPUT/OUTPUT chain. + * + * Bug #934949: "duplicate rules". Split the rule only if firewall is + * in src or dst. Otherwise compiler produces duplicates. + * + */ + if ( compiler->getCachedFwOpt()->getBool("bridging_fw") && + compiler->complexMatch(src,compiler->fw,false,false) ) + { + PolicyRule *r; + + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setStr("ipt_chain","FORWARD"); + + tmp_queue.push_back(r); + } + + bool b,m; +/* + * do not check for broadcasts and multicasts in bridging firewall because + * they should go to FORWARD chain + * + * b=m= !( compiler->getCachedFwOpt()->getBool("bridging_fw") ); + * + * + * Commented out the line above while working on the bug #811860: + * "IPTables Compiler Firewall IP to Input Chain". No need to do it + * anymore since we now split the rule if we work with a bridging fw + * and the rule _always_ goes into FORWARD chain --vk 09/28/03 + */ + + b=m=true; + + switch ( rule->getDirection() ) + { + case PolicyRule::Outbound: +/* if direction is "Outbound", chain can never be INPUT, but could be FORWARD */ + if (!src->isAny() && compiler->complexMatch(src,compiler->fw,b,m)) + rule->setStr("ipt_chain","OUTPUT"); + break; + + case PolicyRule::Both: +/* direction == Both + */ + if (!src->isAny() && compiler->complexMatch(src,compiler->fw,b,m)) + { + rule->setStr("ipt_chain","OUTPUT"); + rule->setDirection( PolicyRule::Outbound ); + } + break; + default: break; + } + tmp_queue.push_back(rule); + + return true; +} + +bool PolicyCompiler_ipt::decideOnChainIfDstFW::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + if ( ! rule->getStr("ipt_chain").empty() || + rule->getAction() == PolicyRule::Classify) + { + tmp_queue.push_back(rule); + return true; + } + + Address *dst =compiler->getFirstDst(rule); assert(dst); + +/* Bug 811860: "IPTables Compiler Firewall IP to Input Chain". + * on a bridging firewall rules not associated with interfaces should + * go into INPUT/OUTPUT chain on interfaces that do routing and into + * FORWARD chain on bridging interfaces. Sometimes bridging interfaces + * are not created in the GUI, so to play it safe we will split the + * rule and put it into both FORWARD and INPUT/OUTPUT chain. + * + * Bug #934949: "duplicate rules". Split the rule only if firewall is + * in src or dst. Otherwise compiler produces duplicates. + * + */ + if ( compiler->getCachedFwOpt()->getBool("bridging_fw") && + compiler->complexMatch(dst,compiler->fw,false,false) ) + { + PolicyRule *r; + + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setStr("ipt_chain","FORWARD"); + + tmp_queue.push_back(r); + } + + bool b,m; +/* + * do not check for broadcasts and multicasts in bridging firewall because + * they should go to FORWARD chain + * + * b=m= !( compiler->getCachedFwOpt()->getBool("bridging_fw") ); + * + * + * Commented out the line above while working on the bug #811860: + * "IPTables Compiler Firewall IP to Input Chain". No need to do it + * anymore since we now split the rule if we work with a bridging fw + * and the rule _always_ goes into FORWARD chain --vk 09/28/03 + */ + + b=m=true; + + switch ( rule->getDirection() ) + { + case PolicyRule::Inbound: +/* if direction is "Inbound", chain can never be OUTPUT, but could be FORWARD */ + if (!dst->isAny() && compiler->complexMatch(dst,compiler->fw,b,m)) + rule->setStr("ipt_chain","INPUT"); + break; + + case PolicyRule::Both: +/* direction == Both + */ + if (!dst->isAny() && compiler->complexMatch(dst,compiler->fw,b,m)) + { + rule->setStr("ipt_chain","INPUT"); + rule->setDirection(PolicyRule::Inbound); + } + break; + default: break; + } + tmp_queue.push_back(rule); + + return true; +} + + + + +/* + * processor splitIfIfaceAndDirectionBoth splits interface rule if its + * direction is "Both". This means that by the time when this + * processor is called, original rule "any any any accept both" on the + * loopback interface has already been converted to two rules : + * + * any any any accept inbound + * any any any accept outbound + * + * We do not have to split rule here, but rather just assign it to + * INPUT/OUTPUT chains. + * + * We now call this rule processor after InterfacePolicyRulesWithOptimization + * which means there is no more than one object in rule element 'Interface' + */ +bool PolicyCompiler_ipt::decideOnChainIfLoopback::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementItf *itfre=rule->getItf(); + assert(itfre); + assert(itfre->size()<=1); + + Interface *rule_iface = compiler->getFirstItf(rule); + + RuleElementSrc *srcrel=rule->getSrc(); + RuleElementDst *dstrel=rule->getDst(); + + if (srcrel->isAny() && dstrel->isAny() && + rule->getStr("ipt_chain").empty() && + rule_iface!=NULL && + rule_iface->isLoopback() ) + { + switch (rule->getDirection()) + { + case PolicyRule::Inbound: rule->setStr("ipt_chain","INPUT"); break; + case PolicyRule::Outbound: rule->setStr("ipt_chain","OUTPUT"); break; + default: ; + } + } + + tmp_queue.push_back(rule); + + return true; +} + +/** + * target CLASSIFY is only valid in mangle table, chain POSTROUTING + */ +bool PolicyCompiler_ipt::decideOnChainForClassify::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + if (rule->getAction() != PolicyRule::Classify) + { + tmp_queue.push_back(rule); + return true; + } + + if (rule->getStr("ipt_chain").empty()) + rule->setStr("ipt_chain","POSTROUTING"); + + tmp_queue.push_back(rule); + return true; +} + +bool PolicyCompiler_ipt::finalizeChain::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + PolicyCompiler_ipt *ipt_comp=dynamic_cast(compiler); + +// tmp_queue.push_back(rule); + + if ( ! rule->getStr("ipt_chain").empty() ) + { + tmp_queue.push_back(rule); + return true; + } + + rule->setStr("ipt_chain","FORWARD"); + + if (ipt_comp->my_table=="mangle") + { + switch ( rule->getDirection() ) + { + case PolicyRule::Inbound: + rule->setStr("ipt_chain","PREROUTING"); + break; + case PolicyRule::Outbound: + rule->setStr("ipt_chain","POSTROUTING"); + break; + default: + rule->setStr("ipt_chain","FORWARD"); + break; + } + } else + { + +// RuleElementSrc *srcrel=rule->getSrc(); + Address *src =compiler->getFirstSrc(rule); assert(src); +// RuleElementDst *dstrel=rule->getDst(); + Address *dst =compiler->getFirstDst(rule); assert(dst); + + bool b,m; +/* + * do not check for broadcasts and multicasts in bridging firewall because + * they should go to FORWARD chain + */ + b=m= !( compiler->getCachedFwOpt()->getBool("bridging_fw") ); + + switch ( rule->getDirection() ) + { + case PolicyRule::Inbound: +/* if direction is "Inbound", chain can never be OUTPUT, but could be FORWARD */ + if (!dst->isAny() && ipt_comp->complexMatch(dst,ipt_comp->fw,b,m)) + rule->setStr("ipt_chain","INPUT"); + + break; + + case PolicyRule::Outbound: +/* if direction is "Outbound", chain can never be INPUT, but could be FORWARD */ + if (!src->isAny() && ipt_comp->complexMatch(src,ipt_comp->fw,b,m)) + rule->setStr("ipt_chain","OUTPUT"); + + break; + + default: + +/* direction == Both */ + if (!dst->isAny() && ipt_comp->complexMatch(dst,ipt_comp->fw,b,m)) + { + rule->setStr("ipt_chain","INPUT"); + break; + } + if (!src->isAny() && ipt_comp->complexMatch(src,ipt_comp->fw,b,m)) + { + rule->setStr("ipt_chain","OUTPUT"); + break; + } + } + } + +/* + * bug #1040599: "unnecessary FORWARD rules". + * If we haven't decided on INPUT/OUTPUT chain, it stays FORWARD. + * However, if ip forwarding is turned off, we do not want any rules + * in FORWARD chain, so we just drop it. + * + * If ip forwarding is set to "no change", assume it is on. + */ + bool ipforw=true; + string s=compiler->getCachedFwOpt()->getStr("linux24_ip_forward"); + if (!s.empty() && (s=="0" || s=="Off" || s=="off")) ipforw=false; + + if (rule->getStr("ipt_chain")=="FORWARD" && !ipforw) return true; + + tmp_queue.push_back(rule); + return true; +} + +bool PolicyCompiler_ipt::decideOnTarget::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + tmp_queue.push_back(rule); + + if ( ! rule->getStr("ipt_target").empty() ) return true; // already defined + + switch (rule->getAction()) { + case PolicyRule::Accept: rule->setStr("ipt_target","ACCEPT"); break; + case PolicyRule::Deny: rule->setStr("ipt_target","DROP"); break; + case PolicyRule::Reject: rule->setStr("ipt_target","REJECT"); break; + case PolicyRule::Return: rule->setStr("ipt_target","RETURN"); break; + case PolicyRule::Tag: rule->setStr("ipt_target","MARK"); break; + case PolicyRule::Pipe: rule->setStr("ipt_target","QUEUE"); break; + case PolicyRule::Classify: rule->setStr("ipt_target","CLASSIFY"); break; + case PolicyRule::Continue: rule->setStr("ipt_target","CONTINUE"); break; + case PolicyRule::Custom: rule->setStr("ipt_target","CUSTOM"); break; + case PolicyRule::Route: rule->setStr("ipt_target","ROUTE"); break; + default: ; + } + return true; +} + +/* + * remove fw object from src or dst to simplify rules but only if: + * + * original rule did not have negation and + * we do not add any virtual addresses for NAT. + * + * After removal the rule collapses to a simple command like this: + * iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT + * + * this works fine except if we have added virtual addresses for + * NAT. It is assumed that firewall object in rules represents + * combination of addresses configured in its interfaces in the + * GUI. Virtual addresses added for NAT are considered to be a side + * effect and connections should not be implicitly permitted to them + * by a rule with fw object in destination. The same applies to fw + * object in source. See bug #685947 + * + * To avoid inadvertently opening holes in the firewall by a rule like + * that, we remove fw object only when it is safe to do so. + */ +bool PolicyCompiler_ipt::removeFW::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + tmp_queue.push_back(rule); + + if (compiler->osconfigurator->getNumOfVirtualAddressesForNat()==0 && + ! rule->getBool("upstream_rule_neg") ) + { + RuleElementSrc *srcrel=rule->getSrc(); + Address *src =compiler->getFirstSrc(rule); assert(src); + RuleElementDst *dstrel=rule->getDst(); + Address *dst =compiler->getFirstDst(rule); assert(dst); + + if (( rule->getStr("ipt_chain")=="INPUT" || + rule->getStr("upstream_rule_chain")=="INPUT") && dst->getId()==compiler->getFwId() ) + { + dstrel->reset(); + } + + if (( rule->getStr("ipt_chain")=="OUTPUT" || + rule->getStr("upstream_rule_chain")=="OUTPUT") && src->getId()==compiler->getFwId() ) + { + srcrel->reset(); + } + } + return true; +} + +bool PolicyCompiler_ipt::checkMACinOUTPUTChain::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + tmp_queue.push_back(rule); + + if ( rule->getStr("ipt_chain")=="OUTPUT" ) + { +// RuleElementSrc *srcrel=rule->getSrc(); + Address *src =compiler->getFirstSrc(rule); assert(src); + + if (physAddress::isA(src)) + compiler->abort(_("Can not match on MAC address of the firewall in rule ")+rule->getLabel()); + + if (combinedAddress::isA(src)) + combinedAddress::cast(src)->setPhysAddress(""); + } + + return true; +} + + +bool PolicyCompiler_ipt::separatePortRanges::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementSrv *rel= rule->getSrv(); + + if (rel->size()==1) + { + tmp_queue.push_back(rule); + return true; + } + + list services; + for (FWObject::iterator i=rel->begin(); i!=rel->end(); i++) + { + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + Service *s=Service::cast(o); + assert(s!=NULL); + + if ( TCPService::isA(s) || UDPService::isA(s) ) + { + unsigned srs=s->getInt("src_range_start"); + unsigned sre=s->getInt("src_range_end"); + unsigned drs=s->getInt("dst_range_start"); + unsigned dre=s->getInt("dst_range_end"); + + if (srs!=0 && sre==0) sre=srs; + if (drs!=0 && dre==0) dre=drs; + +/* + * I also need to separate rules that use "Any UDP" and "Any TCP" + * objects. These objects have all ports set to zero and iptables code + * for them should just have "-p udp" or "-p tcp" without any + * "--source-port" or "--destination-port" specification. Commands + * like this do not combine with commands that do specify port because + * they lose their "any udp"/"any tcp" meaning as soon as + * "--source-port"/"--destination-port" is added. + */ + if (srs==0 && sre==0 && drs==0 && dre==0) { sre=65535; dre=65535; } + + if (srs!=sre || drs!=dre) + { + PolicyRule *r= PolicyRule::cast( + compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + RuleElementSrv *nsrv=r->getSrv(); + nsrv->clearChildren(); + nsrv->addRef( s ); + tmp_queue.push_back(r); + services.push_back(s); + } + } + } + for (list::iterator i=services.begin(); i!=services.end(); i++) + rel->removeRef( (*i) ); + + if (!rel->isAny()) + tmp_queue.push_back(rule); + + return true; +} + +bool PolicyCompiler_ipt::separateSrcPort::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementSrv *rel= rule->getSrv(); + + if (rel->size()==1) { + tmp_queue.push_back(rule); + return true; + } + + list services; + for (FWObject::iterator i=rel->begin(); i!=rel->end(); i++) { + + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + Service *s=Service::cast(o); + assert(s!=NULL); + + if ( TCPService::isA(s) || UDPService::isA(s) ) { + int srs=s->getInt("src_range_start"); + int sre=s->getInt("src_range_end"); + + compiler->normalizePortRange(srs,sre); + + if (srs!=0 || sre!=0) { + PolicyRule *r= PolicyRule::cast( + compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + RuleElementSrv *nsrv=r->getSrv(); + nsrv->clearChildren(); + nsrv->addRef( s ); + tmp_queue.push_back(r); + services.push_back(s); + } + } + } + for (list::iterator i=services.begin(); i!=services.end(); i++) + rel->removeRef( (*i) ); + + if (!rel->isAny()) + tmp_queue.push_back(rule); + + return true; +} + +bool PolicyCompiler_ipt::fillActionOnReject::processNext() +{ + PolicyCompiler_ipt *ipt_comp=dynamic_cast(compiler); + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + FWOptions *ruleopt =rule->getOptionsObject(); + string s=ruleopt->getStr("action_on_reject"); + if (s.empty()) ruleopt->setStr("action_on_reject", + ipt_comp->getCachedFwOpt()->getStr("action_on_reject")); + + tmp_queue.push_back(rule); + + return true; +} + +bool PolicyCompiler_ipt::expandGroupsInSrv::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementSrv *srv= rule->getSrv(); + + compiler->expandGroupsInRuleElement(srv); + + tmp_queue.push_back(rule); + return true; +} + + +bool PolicyCompiler_ipt::splitRuleIfSrvAnyActionReject::processNext() +{ + PolicyCompiler_ipt *ipt_comp=dynamic_cast(compiler); + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementSrv *srv= rule->getSrv(); + + string s=ipt_comp->getActionOnReject(rule); + if ( rule->getAction()==PolicyRule::Reject && s.empty() && srv->isAny() ) + { + PolicyRule *r; + RuleElementSrv *nsrv; + + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + nsrv=r->getSrv(); + nsrv->addRef(compiler->dbcopy->findInIndex(ANY_TCP_OBJ_ID)); + + FWOptions *ruleopt =r->getOptionsObject(); + ruleopt->setStr("action_on_reject","TCP RST"); + + tmp_queue.push_back(r); + } + + tmp_queue.push_back(rule); + return true; +} + +/* + * I am adding subrule suffix here, which I then use to generate + * unique new chain name for this rule. The idea is to generate + * meaningful chain name, which is associated with rule number (like + * RULE_5), however since this processor runs very early and may split + * the rule, subsequent processors that create new chains end up + * creating chains with the same names. Need this suffix to create + * different, yet meaningful chain names. + * + * TODO: add methods addRuleSuffix and getRuleSuffix to class Rule. + * Define suffix automatically in a tree-like manner, so that when + * original rule is split, its parts will get suffixes ".1" and + * ".2". When these parts are split again, suffixes should become + * ".1.1" and ".1.2" and so on. + */ +bool PolicyCompiler_ipt::splitServicesIfRejectWithTCPReset::processNext() +{ + PolicyCompiler_ipt *ipt_comp=dynamic_cast(compiler); + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementSrv *srv= rule->getSrv(); + + if ( rule->getAction()==PolicyRule::Reject && ipt_comp->isActionOnRejectTCPRST(rule)) + { + list tcp; + list other; + + for (FWObject::iterator i=srv->begin(); i!=srv->end(); ++i) + { + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + + Service *s1=Service::cast( o ); + assert(s1); + + if ( TCPService::isA(s1) ) tcp.push_back(s1); + else other.push_back(s1); + } + + if ( !other.empty() && tcp.empty() ) + { + if (seen_rules[rule->getPosition()]==false) + compiler->warning(_("Rule action 'Reject' with TCP RST can be used only with TCP services. Rule ")+rule->getLabel()); + ipt_comp->resetActionOnReject(rule); + tmp_queue.push_back(rule); + seen_rules[rule->getPosition()]=true; + return true; + } + + if ( other.empty() && !tcp.empty() ) + { + tmp_queue.push_back(rule); + return true; + } +/* if both are not empty */ + + PolicyRule *r; + RuleElementSrv *nsrv; + + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + nsrv=r->getSrv(); + nsrv->clearChildren(); + + for (list::iterator j=other.begin(); j!=other.end(); j++) + nsrv->addRef( (*j) ); + + r->getOptionsObject()->setStr("action_on_reject",""); + r->setStr("subrule_suffix","1"); + tmp_queue.push_back(r); + + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + nsrv=r->getSrv(); + nsrv->clearChildren(); + + for (list::iterator j=tcp.begin(); j!=tcp.end(); j++) + nsrv->addRef( (*j) ); + + r->setStr("subrule_suffix","2"); + tmp_queue.push_back(r); + return true; + } + tmp_queue.push_back(rule); + + return true; +} + + +/* + * processor splitServices should have been called eariler, so now all + * services in Srv are of the same type + */ +bool PolicyCompiler_ipt::prepareForMultiport::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementSrv *rel= rule->getSrv(); + Service *srv= compiler->getFirstSrv(rule); + + if (rel->size()==1) { + tmp_queue.push_back(rule); + return true; + } + + if (IPService::isA(srv) || + ICMPService::isA(srv) || + CustomService::isA(srv) || + TagService::isA(srv)) + { +/* multiport does not support ip and icmp services, split the rule */ + for (FWObject::iterator i=rel->begin(); i!=rel->end(); i++) + { + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + + Service *s=Service::cast( o ); + assert(s); + + PolicyRule *r= PolicyRule::cast( + compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + RuleElementSrv *nsrv=r->getSrv(); + nsrv->clearChildren(); + nsrv->addRef( s ); + + tmp_queue.push_back(r); + } + return true; + } + + if (TCPService::isA(srv) || UDPService::isA(srv)) + { + rule->setBool("ipt_multiport",true); + +/* make sure we have no more than 15 ports */ + if (rel->size()>15) + { + int n=0; + PolicyRule *r; + RuleElementSrv *nsrv = NULL; + for (FWObject::iterator i=rel->begin(); i!=rel->end(); i++) + { + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + + Service *s=Service::cast( o ); + assert(s); + + if (n==0) + { + r= PolicyRule::cast( + compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + nsrv=r->getSrv(); + nsrv->clearChildren(); + tmp_queue.push_back(r); + } + assert(nsrv!=NULL); + nsrv->addRef( s ); + if (++n>=15) n=0; + } + + } else { + tmp_queue.push_back(rule); + } + } + + return true; +} + +/* + * processor splitServices should have been called before, it makes sure + * all objects in Service are of the same type. + * + * One special case is custom service "ESTABLISHED". This processor + * splits rule if it finds this service and turns off stateful + * inspection on the rule. + * + */ +bool PolicyCompiler_ipt::specialCasesWithCustomServices::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementSrv *srv= rule->getSrv(); + + if (srv->isAny()) + { + tmp_queue.push_back(rule); + return true; + } + + stack cl; + for (FWObject::iterator i=srv->begin(); i!=srv->end(); i++) + { + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + assert(o!=NULL); + if (CustomService::isA(o)) + { + string code=CustomService::cast(o)->getCodeForPlatform(compiler->myPlatformName()); + if (code.find("ESTABLISHED")!=string::npos || + code.find("RELATED")!=string::npos) + { + PolicyRule *r= PolicyRule::cast( + compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + RuleElementSrv *nsrv=r->getSrv(); + nsrv->clearChildren(); + nsrv->addRef(o); + r->getOptionsObject()->setBool("stateless",true); + tmp_queue.push_back(r); + + cl.push(o); + } + } + } + while (!cl.empty()) { + srv->removeRef( cl.top() ); + cl.pop(); + } +/* + * if srv is 'any' at this point, then it had only single object at + * the beginning and that object was CustomService which we've split + * into a new rule. There is nothing left in the original srv so we + * can simply drop the old rule. + */ + if (!srv->isAny()) + tmp_queue.push_back(rule); + + return true; +} + +bool PolicyCompiler_ipt::convertAnyToNotFWForShadowing::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + FWOptions *ruleopt =rule->getOptionsObject(); + PolicyRule *r; + + if ( ! ruleopt->getBool("firewall_is_part_of_any_and_networks") ) + { + RuleElementSrc *srcrel=rule->getSrc(); + RuleElementDst *dstrel=rule->getDst(); + + if (srcrel->isAny()) + { +// srcrel->addRef(compiler->fw); +// srcrel->setNeg(true); + + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setAction( PolicyRule::Return ); + RuleElementSrc *nsrc=r->getSrc(); + nsrc->clearChildren(); + nsrc->addRef( compiler->fw ); + tmp_queue.push_back(r); + } + + if (dstrel->isAny()) + { +// dstrel->addRef(compiler->fw); +// dstrel->setNeg(true); + + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setAction( PolicyRule::Return ); + RuleElementDst *ndst=r->getDst(); + ndst->clearChildren(); + ndst->addRef( compiler->fw ); + tmp_queue.push_back(r); + } + } + tmp_queue.push_back(rule); + return true; +} + +bool PolicyCompiler_ipt::processMultiAddressObjectsInRE::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + OSConfigurator_linux24 *osconf = + dynamic_cast(compiler->osconfigurator); + + RuleElement *re=RuleElement::cast( rule->getFirstByType(re_type) ); + bool neg = re->getNeg(); + + if (re->size()==1) + { + FWObject *o = re->front(); + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + MultiAddressRunTime *atrt = MultiAddressRunTime::cast(o); + if (atrt!=NULL) + { + // we have just one object in RE and this object is MutiAddressRunTime + if (atrt->getSubstitutionTypeName()==AddressTable::TYPENAME) + { + rule->setStr("address_table_file",atrt->getSourceName()); + osconf->registerMultiAddressObject(atrt); + } + if (atrt->getSubstitutionTypeName()==DNSName::TYPENAME) + { + // this is DNSName converted to its run-time counterpart, + // we do not need to touch it at all + } + tmp_queue.push_back(rule); + return true; + } + } + + list cl; + for (FWObject::iterator i=re->begin(); i!=re->end(); i++) + { + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + MultiAddressRunTime *atrt = MultiAddressRunTime::cast(o); + if (atrt!=NULL && atrt->getSubstitutionTypeName()==AddressTable::TYPENAME) + cl.push_back(atrt); + } + + if (!cl.empty()) + { + RuleElement *nre; + RuleElement *ore=RuleElement::cast( rule->getFirstByType(re_type) ); + PolicyRule *r; + for (list::iterator i=cl.begin(); i!=cl.end(); i++) + { + MultiAddressRunTime *atrt = *i; + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + nre=RuleElement::cast( r->getFirstByType(re_type) ); + nre->clearChildren(); + nre->addRef( atrt ); + r->setStr("address_table_file",atrt->getSourceName()); + osconf->registerMultiAddressObject(atrt); + tmp_queue.push_back(r); + + ore->removeRef( *i ); + } + } + + tmp_queue.push_back(rule); + return true; +} + + +/* + * iptables does not have target that would do nothing and would not + * terminate processing of the packet (like NOP), so we create a new + * user chain with target RETURN. + */ +bool PolicyCompiler_ipt::accounting::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + Interface *rule_iface = compiler->getCachedFwInterface(rule->getInterfaceId()); + FWOptions *ruleopt =rule->getOptionsObject(); + + if (rule->getAction()==PolicyRule::Accounting && + rule->getStr("ipt_target").empty()) + { + string this_chain =rule->getStr("ipt_chain"); + string new_chain=PolicyCompiler_ipt::getNewChainName(rule,rule_iface); + string rule_name_accounting = ruleopt->getStr("rule_name_accounting"); + if (!rule_name_accounting.empty()) + new_chain = rule_name_accounting; + + if (new_chain==this_chain) + { + rule->setStr("ipt_target","RETURN"); + rule->setAction(PolicyRule::Continue); + } else + { + PolicyRule *r; + FWOptions *ruleopt; + RuleElementSrc *nsrc; + RuleElementDst *ndst; + RuleElementSrv *nsrv; +/* + * add copy of original rule, but turn off logging and set target + * chain to new_chain. + */ + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + nsrc=r->getSrc(); nsrc->reset(); + ndst=r->getDst(); ndst->reset(); + nsrv=r->getSrv(); nsrv->reset(); + r->setStr("ipt_chain",new_chain); + r->setStr("upstream_rule_chain",this_chain); + r->setStr("ipt_target","RETURN"); + r->setLogging(false); + r->setAction(PolicyRule::Continue); + tmp_queue.push_back(r); + + rule->setStr("ipt_target",new_chain); + rule->setLogging(false); + ruleopt =rule->getOptionsObject(); + ruleopt->setInt("limit_value",-1); + ruleopt->setInt("connlimit_value",-1); + ruleopt->setInt("hashlimit_value",-1); + } + } + tmp_queue.push_back(rule); + return true; +} + + +bool PolicyCompiler_ipt::addPredefinedRules::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + tmp_queue.push_back(rule); + return true; +} + +void PolicyCompiler_ipt::addRuleFilter() +{ + add( new dropMangleTableRules(" remove rules that require mangle table") ); +} + +/** + *----------------------------------------------------------------------- + */ +void PolicyCompiler_ipt::compile() +{ + printRule=NULL; + + cout << _(" Compiling rules for '") << my_table + << _("' table ...") << endl << flush; + + try { + + Compiler::compile(); + bool check_for_recursive_groups=true; + + addPredefinedPolicyRules(); + + if ( fw->getOptionsObject()->getBool ("check_shading") ) + { + add( new Begin("Detecting rule shadowing" ) ); + + addRuleFilter(); + + add( new printTotalNumberOfRules( ) ); + + add( new ItfNegation( "process negation in Itf" ) ); + add( new InterfacePolicyRules( + "process interface policy rules and store interface ids")); + add( new convertAnyToNotFWForShadowing("convert 'any' to '!fw'" ) ); +#if 0 + add( new splitIfSrcAnyForShadowing("split rule if src is any" ) ); + add( new splitIfDstAnyForShadowing("split rule if dst is any" ) ); + add( new SrcNegation( true, "process negation in Src" ) ); + add( new DstNegation( true, "process negation in Dst" ) ); +#endif + add( new recursiveGroupsInSrc("check for recursive groups in SRC")); + add( new recursiveGroupsInDst("check for recursive groups in DST")); + add( new recursiveGroupsInSrv("check for recursive groups in SRV")); + check_for_recursive_groups=false; + + add( new ExpandGroups("expand groups" ) ); + add( new eliminateDuplicatesInSRC("eliminate duplicates in SRC") ); + add( new eliminateDuplicatesInDST("eliminate duplicates in DST") ); + add( new eliminateDuplicatesInSRV("eliminate duplicates in SRV") ); + + add( new swapMultiAddressObjectsInSrc( + " swap MultiAddress -> MultiAddressRunTime in Src") ); + add( new swapMultiAddressObjectsInDst( + " swap MultiAddress -> MultiAddressRunTime in Dst") ); + +/* behavior of processors ExpandMultiple... has been changed in + * virtual method _expandInterface */ + add( new ExpandMultipleAddressesInSRC( + "expand objects with multiple addresses in SRC" ) ); + add( new ExpandMultipleAddressesInDST( + "expand objects with multiple addresses in DST" ) ); + add( new ConvertToAtomic("convert to atomic rules" ) ); + +/* + * This assumes that all rules that go into the mangle table are + * non-terminating. This is not necessarily correct because + * non-termination is really an attribute of the target. However + * targets that we support that go into mangle table (CLASSIFY and + * MARK) are indeed non-terminating. + */ + + add( new SkipActionContinueWithNoLogging( + "drop rules with action Continue") ); + + if (my_table=="mangle" && + !fw->getOptionsObject()->getBool("classify_mark_terminating") + ) + add( new DetectShadowingForNonTerminatingRules( + "Detect shadowing for non-terminating rules" ) ); + else + add( new DetectShadowing("Detect shadowing" ) ); + + add( new simplePrintProgress() ); + + runRuleProcessors(); + deleteRuleProcessors(); + } + + + add( new PolicyCompiler::Begin() ); + add( new addPredefinedRules("Add some predefined rules" ) ); + + add( new Branching( "fold in branches" ) ); + + addRuleFilter(); + + add( new printTotalNumberOfRules( ) ); + +// add( new Branching("process branch rules" ) ); + + add( new Route("process route rules" ) ); + add( new storeAction("store original action of this rule" ) ); + + add( new splitIfTagAndConnmark("Tag+CONNMARK combo")); + add( new setChainForMangle("set chain for other rules in mangle")); + + add( new Logging1("check global logging override option" ) ); + add( new ItfNegation("process negation in Itf" ) ); + +// add( new InterfacePolicyRulesWithOptimization("process interface policy rules and store interface ids") ); + + add( new decideOnChainForClassify("set chain for action is Classify") ); + + add( new InterfaceAndDirection("fill in interface and direction" ) ); + +// if an action requires chain POSTROUTING (e.g. Classify), set chain +// BEFORE calling splitIfIfaceAndDirectionBoth + add( new splitIfIfaceAndDirectionBoth( + "split interface rule with direction 'both'")); + + if (check_for_recursive_groups) + { + add( new recursiveGroupsInSrc("check for recursive groups in SRC")); + add( new recursiveGroupsInDst("check for recursive groups in DST")); + add( new recursiveGroupsInSrv("check for recursive groups in SRV")); + } + + add( new emptyGroupsInSrc("check for empty groups in SRC" ) ); + add( new emptyGroupsInDst("check for empty groups in DST" ) ); + add( new emptyGroupsInSrv("check for empty groups in SRV" ) ); +/* + * commented out to fix bug #727324. "-p tcp --destination-port ! 25" + * means "all TCP with port != 25", which is not the same as "all + * protocols except TCP port 25". We just can't use "!" with negation + * in service even if there is only single object in that rule + * element. + */ +// add( new singleSrvNegation("negation in Srv if it holds 1 object")); + add( new splitRuleIfSrvAnyActionReject( + "split rule if action is reject and srv is any" ) ); + add( new SrvNegation( false, "process negation in Srv" ) ); + add( new expandGroupsInSrv("expand groups in Srv" )); + + add( new CheckForTCPEstablished("TCPService with \"established\"") ); + +// add( new splitRuleIfSrvAnyActionReject( +// "split rule if action is reject and srv is any" ) ); + add( new fillActionOnReject("fill in action_on_reject" ) ); + add( new splitServicesIfRejectWithTCPReset( + "check and split if action on reject is TCP reset")); + add( new fillActionOnReject("fill in action_on_reject 2" ) ); + add( new splitServicesIfRejectWithTCPReset( + "check and split if action on reject is TCP reset 2")); + add( new singleSrcNegation( + "process negation in Src if it holds single object" ) ); + add( new singleDstNegation( + "process negation in Dst if it holds single object" ) ); + +/* + * phased out these processors, they are not needed anymore because we use variable + * for dynamic interfaces. + */ + add( new splitIfSrcNegAndFw("split rule if src has negation and fw")); + add( new splitIfDstNegAndFw("split rule if dst has negation and fw")); + + add( new SrcNegation( false, "process negation in Src" )); + add( new DstNegation( false, "process negation in Dst" )); + add( new TimeNegation( false, "process negation in Time" )); + + add( new Logging2( "process logging" )); + +/* this is just a patch for those who do not understand how does + * "assume firewall is part of any" work. It also eliminates redundant + * and useless rules in the FORWARD chain for rules assigned to a + * loopback interface. + */ +// add( new decideOnChainIfLoopback("any-any rule on loopback" ) ); + + add( new splitIfSrcAny("split rule if src is any") ); + + // call setChainPreroutingForTag before splitIfDstAny + add( new setChainPreroutingForTag("chain PREROUTING for Tag")); + + add( new splitIfDstAny("split rule if dst is any") ); + + add( new setChainPostroutingForTag("chain POSTROUTING for Tag")); + + add( new ExpandGroups( "expand all groups" )); + add( new eliminateDuplicatesInSRC("eliminate duplicates in SRC" )); + add( new eliminateDuplicatesInDST("eliminate duplicates in DST" )); + add( new eliminateDuplicatesInSRV("eliminate duplicates in SRV" )); + + add( new swapMultiAddressObjectsInSrc( + " swap MultiAddress -> MultiAddressRunTime in Src")); + add( new swapMultiAddressObjectsInDst( + " swap MultiAddress -> MultiAddressRunTime in Dst")); + + add( new processMultiAddressObjectsInSrc( + "process MultiAddress objects in Src")); + add( new processMultiAddressObjectsInDst( + "process MultiAddress objects in Dst")); + +/* + * should expand address range before splitIfSrcMatchesFw because some + * addresses in the range may match firewall + */ + add( new addressRanges( "process address ranges" ) ); + + add( new splitIfSrcMatchesFw( "split rule if src matches FW" ) ); + add( new splitIfDstMatchesFw( "split rule if dst matches FW" ) ); + +/* at this point in all rules where firewall is in either src or dst, + * firewall is a single object in that rule element. Other rule + * elements may contain multiple objects yet + */ + + add( new specialCaseWithFW1( "special case with firewall" ) ); + + add( new decideOnChainIfDstFW( "decide on chain if Dst has fw" ) ); + add( new splitIfSrcFWNetwork( + "split rule if src has a net fw has interface on" ) ); + + add( new decideOnChainIfSrcFW( "decide on chain if Src has fw" ) ); + add( new splitIfDstFWNetwork( + "split rule if dst has a net fw has interface on" ) ); + + add( new specialCaseWithFW2( + "replace fw with its interfaces if src==dst==fw" ) ); + +/* behavior of processors ExpandMultiple... has been changed in the + * virtual method expandInterface + */ + add( new expandMultipleAddressesIfNotFWinSrc( + "expand multiple addresses if not FW in Src") ); + add( new expandMultipleAddressesIfNotFWinDst( + "expand multiple addresses if not FW in Dst") ); + add( new expandLoopbackInterfaceAddress( + "check for loopback interface in the rule objects") ); + + +// trying process rules with multiple interfaces as late as possible + add( new InterfacePolicyRulesWithOptimization( + "process interface policy rules and store interface ids") ); + +/* this is just a patch for those who do not understand how does + * "assume firewall is part of any" work. It also eliminates redundant + * and useless rules in the FORWARD chain for rules assigned to a + * loopback interface. + */ + add( new decideOnChainIfLoopback("any-any rule on loopback" ) ); + +// add( new decideOnChainForClassify("set chain if action is Classify")); + add( new finalizeChain( "decide on chain" ) ); + add( new decideOnTarget( "decide on target" ) ); + + add( new checkForRestoreMarkInOutput( + "check if we need -A OUTPUT -j CONNMARK --restore-mark")); + +/* + * removed call to processor removeFW to make changes for bug #685947: + * "Rules with firewall object allow too much. " + */ + add( new removeFW( "remove fw" ) ); + + add( new ExpandMultipleAddresses("expand multiple addresses" ) ); + add( new checkForUnnumbered("check for unnumbered interfaces" ) ); + add( new checkForDynamicInterfacesOfOtherObjects( + "check for dynamic interfaces of other hosts and firewalls")); + + if ( fwopt->getBool("bridging_fw") ) + add( new bridgingFw( "handle bridging firewall cases" ) ); + + add( new specialCaseWithUnnumberedInterface( + "check for a special cases with unnumbered interface" ) ); + +// add( new splitServices( "split on services" ) ); +// add( new prepareForMultiport("prepare for multiport" ) ); + + add( new optimize1( "optimization 1, pass 1" ) ); + add( new optimize1( "optimization 1, pass 2" ) ); + add( new optimize1( "optimization 1, pass 3" ) ); + + + add( new splitServices( "split on services" )); + add( new separateTCPWithFlags( "split on TCP services with flags" )); + add( new verifyCustomServices( "verify custom services" )); + add( new specialCasesWithCustomServices( + "scpecial cases with some custom services" ) ); + add( new separatePortRanges( "separate port ranges" )); + add( new separateSrcPort( "split on TCP and UDP with source ports")); + +// add( new optimize1( "optimization 1, pass 1" ) ); +// add( new optimize1( "optimization 1, pass 2" ) ); + add( new optimize2( "optimization 2" ) ); + add( new accounting( "Accounting" ) ); + add( new prepareForMultiport("prepare for multiport" ) ); + + add( new splitNonTerminatingTargets( + "split rules using non-terminating targets" ) ); + + add( new ConvertToAtomicForAddresses( + "convert to atomic rules by address elements") ); + + add( new checkForZeroAddr( "check for zero addresses" ) ); + add( new checkMACinOUTPUTChain("check for MAC in OUTPUT chain" ) ); + + add( new ConvertToAtomicForIntervals( + "convert to atomic rules by interval element") ); + + add( new SkipActionContinueWithNoLogging( + "drop rules with action Continue") ); + add( new convertInterfaceIdToStr("prepare interface assignments" ) ); + add( new optimize3( "optimization 3" ) ); + + add( createPrintRuleProcessor() ); + + add( new simplePrintProgress()); + + runRuleProcessors(); + + } catch (FWException &ex) { + error(ex.toString()); + exit(1); + } +} + +string PolicyCompiler_ipt::debugPrintRule(Rule *r) +{ + PolicyRule *rule=PolicyRule::cast(r); + FWOptions *ruleopt =rule->getOptionsObject(); + + + RuleElementSrc *srcrel=rule->getSrc(); + RuleElementDst *dstrel=rule->getDst(); + RuleElementSrv *srvrel=rule->getSrv(); + RuleElementInterval *intrel=rule->getWhen(); + RuleElementItf *itfrel=rule->getItf(); + + string iface_id = rule->getInterfaceId(); +// Interface *rule_iface = fw_interfaces[iface_id]; + + ostringstream str; + +// str << setw(70) << setfill('-') << "-"; + + int no=0; + FWObject::iterator i1=srcrel->begin(); + FWObject::iterator i2=dstrel->begin(); + FWObject::iterator i3=srvrel->begin(); + FWObject::iterator i4=intrel->begin(); + FWObject::iterator i5=itfrel->begin(); + + while ( i1!=srcrel->end() || i2!=dstrel->end() || + i3!=srvrel->end() || i4!=intrel->end() || + i5!=itfrel->end()) + { + + str << endl; + + ostringstream src; + ostringstream dst; + string srv=" "; + string time=" "; + string itf=" "; + + if (srcrel->getNeg()) src << "!"; + if (dstrel->getNeg()) dst << "!"; + if (srvrel->getNeg()) srv = "!"; + if (intrel->getNeg()) time = "!"; + if (itfrel->getNeg()) itf = "!"; + + if (i1!=srcrel->end()) { + FWObject *o=*i1; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + src << o->getName(); + if (Group::cast(o)!=NULL) + src << "[" << o->size() << "]"; + } + + if (i2!=dstrel->end()) { + FWObject *o=*i2; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + dst << o->getName(); + if (Group::cast(o)!=NULL) + dst << "[" << o->size() << "]"; + } + + if (i3!=srvrel->end()) { + FWObject *o=*i3; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + srv+=o->getName(); + } + + if (i4!=intrel->end()) { + FWObject *o=*i4; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + time+=o->getName(); + } + + if (i5!=itfrel->end()) { + FWObject *o=*i5; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + itf+=o->getName(); + } + + int w=0; + if (no==0) { + str << rule->getLabel(); + w=rule->getLabel().length(); + } + + str << setw(15-w) << setfill(' ') << " "; + + str << setw(18) << setfill(' ') << src.str(); + str << setw(18) << setfill(' ') << dst.str(); + str << setw(12) << setfill(' ') << srv.c_str(); + str << setw(10) << setfill(' ') << time.c_str(); + str << setw(8) << setfill(' ') << itf.c_str(); + + if (no==0) + { + str << setw(9) << setfill(' ') << rule->getActionAsString().c_str(); + str << setw(9) << setfill(' ') << rule->getDirectionAsString().c_str(); + if (rule->getLogging()) str << " LOG"; + } else + str << setw(18) << setfill(' ') << " "; + + ++no; + + if ( i1!=srcrel->end() ) ++i1; + if ( i2!=dstrel->end() ) ++i2; + if ( i3!=srvrel->end() ) ++i3; + if ( i4!=intrel->end() ) ++i4; + if ( i5!=intrel->end() ) ++i5; + } + + + string s= str.str() + + " c="+rule->getStr("ipt_chain") + + " t="+rule->getStr("ipt_target") + + " intfId="+rule->getInterfaceId() + + " intfstr="+rule->getInterfaceStr(); + + if (rule->getAction()==PolicyRule::Reject) + s=s+" "+ruleopt->getStr("action_on_reject"); + + if (ruleopt!=NULL && ruleopt->getInt("limit_value")>0) + s=s+" limit"; + + if (ruleopt!=NULL && ruleopt->getInt("connlimit_value")>0) + s=s+" connlimit"; + + if (ruleopt!=NULL && ruleopt->getInt("hashlimit_value")>0) + s=s+" hashlimit"; + + return s; +} + +void PolicyCompiler_ipt::epilog() +{ + if (fwopt->getBool("use_iptables_restore") && getCompiledScriptLength()>0) + { + output << "#" << endl; + } +} + + +PolicyCompiler_ipt::PrintRule* PolicyCompiler_ipt::createPrintRuleProcessor() +{ + if(printRule==NULL) + { + if (fwopt->getBool("use_iptables_restore")) + { + // bug #1812295: we should use PrintRuleIptRstEcho not only + // when we have dynamic interfaces, but also when we have + // address tables expanded at run time. Instead of checking + // for all these conditions, just always use PrintRuleIptRstEcho + printRule = new PrintRuleIptRstEcho( + "generate code for iptables-restore using echo"); + } else printRule=new PrintRule("generate shell script" ); + printRule->setContext(this); + } + return printRule; +} + +string PolicyCompiler_ipt::flushAndSetDefaultPolicy() +{ + string res=""; + + createPrintRuleProcessor(); + res += printRule->_declareTable(); + res += printRule->_flushAndSetDefaultPolicy(); + res += printRule->_printOptionalGlobalRules(); + + return res; +} + +string PolicyCompiler_ipt::commit() +{ + return createPrintRuleProcessor()->_commit(); +} + + diff --git a/src/ipt/PolicyCompiler_ipt.h b/src/ipt/PolicyCompiler_ipt.h new file mode 100644 index 000000000..b468ddf64 --- /dev/null +++ b/src/ipt/PolicyCompiler_ipt.h @@ -0,0 +1,940 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: PolicyCompiler_ipt.h 1381 2007-07-08 01:11:35Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#ifndef __POLICYCOMPILER_IPT_HH__ +#define __POLICYCOMPILER_IPT_HH__ + +#include + +#include "fwcompiler/PolicyCompiler.h" +#include "fwbuilder/RuleElement.h" +#include "config.h" +namespace libfwbuilder { + class Interface; + class IPService; + class ICMPService; + class TCPService; + class UDPService; + class RuleElementSrc; + class RuleElementDst; + class RuleElementSrv; +}; + +#define ANY_IP_OBJ_ID "__any_ip_obj__" +#define ANY_ICMP_OBJ_ID "__any_icmp_obj__" +#define ANY_TCP_OBJ_ID "__any_tcp_obj__" +#define ANY_UDP_OBJ_ID "__any_udp_obj__" +#define TCP_SYN_OBJ_ID "__tcp_syn_obj__" +#define BCAST_255_OBJ_ID "__bcast_255_obj__" + +namespace fwcompiler { + + + class PolicyCompiler_ipt : public PolicyCompiler { + + protected: + + class PrintRule; + + PolicyCompiler_ipt::PrintRule *printRule; + bool have_dynamic_interfaces; + bool have_connmark; + bool have_connmark_in_output; + std::string my_table; + + PolicyCompiler_ipt::PrintRule* createPrintRuleProcessor(); + + std::string getInterfaceVarName(libfwbuilder::FWObject *iface); + std::string getAddressTableVarName(libfwbuilder::FWObject *iface); + + /** + * Add some predefined rules controlled by checkboxes in + * firewall settings dialog + */ + void addPredefinedPolicyRules(); + + /** + * internal: scans child objects of interface iface, both IPv4 + * and physAddress, and puts them in the list ol. Since iptables + * supports matching on MAC addresses, we create objects of + * the class combinedAddress here from each pair of physAddress + * and IPV4 + */ + virtual void _expandInterface(libfwbuilder::Interface *iface, + std::list &ol); + + + /** + * prints rule in some universal format (close to that visible + * to user in the GUI). Used for debugging purposes. This method + * calls PolicyCompiler::_internalPrintPolicyRule and then adds + * chain and target at the end of the printed line + */ + virtual std::string debugPrintRule(libfwbuilder::Rule *rule); + + /** + * this processor drops all rules that require mangle table + */ + DECLARE_POLICY_RULE_PROCESSOR(dropMangleTableRules); + + /** + * adds few predefined (or "builtin") rules on top of the policy + */ + class addPredefinedRules : public PolicyRuleProcessor + { + bool add_once; + public: + addPredefinedRules(const std::string &name) : PolicyRuleProcessor(name) + { add_once=true; } + virtual bool processNext(); + }; + friend class addPredefinedRules; + + /** + * need to duplicate original action of this rule. We use this + * information later to decide whether we need to use "-m + * state --state new" + */ + DECLARE_POLICY_RULE_PROCESSOR(storeAction); + + /** + * set target and chain in case of branching + */ + class Branching : public PolicyRuleProcessor + { + public: + Branching(const std::string &name) : PolicyRuleProcessor(name) {} + virtual bool processNext(); + void expandBranch(libfwbuilder::PolicyRule *rule, + const std::string &parentRuleNum ); + }; + friend class Branching; + + /** + * set target and chain in case of route rules + */ + DECLARE_POLICY_RULE_PROCESSOR(Route); + + /** + * turns logging on if global logging override is used + */ + DECLARE_POLICY_RULE_PROCESSOR(Logging1); + + /** + * splits rule if logging is required and either src or dst is + * not any + */ + DECLARE_POLICY_RULE_PROCESSOR(Logging2); + + + /** + * this processor checks if the rule is associated with an + * interface and uses setInterfaceId to record its id. If the + * rule is associated with multiple interfaces, this processor + * splits the rule accordingly. Unlike basic processor + * PolicyCompiler::InterfacePolicyrules, this processor tries + * to optimize rules applied to multiple interfaces using + * user-defined chains + */ + DECLARE_POLICY_RULE_PROCESSOR(InterfacePolicyRulesWithOptimization); + + /** + * if option "firewall is part of any" is OFF, replace all + * "Any" with "!fw" before checking for rule shadowing (if fw is + * not * part of "any", then "any" does not shadow the + * firewall) + */ + DECLARE_POLICY_RULE_PROCESSOR(convertAnyToNotFWForShadowing); + + /** + * processes rules with negation in Src if it holds only one object + */ + DECLARE_POLICY_RULE_PROCESSOR(singleSrcNegation); + + /** + * processes rules with negation in Dst if it holds only one object + */ + DECLARE_POLICY_RULE_PROCESSOR(singleDstNegation); + + /** + * processes rules with negation in Srv if it holds only one object + */ + DECLARE_POLICY_RULE_PROCESSOR(singleSrvNegation); + + + + /** + * processes rules with negation in Src + * + * Argument dm defines mode of operation for this rule processor: + * if it is false, processor compiles the rule + * if it is true, it works in the mode of shadowing detection + * + * difference is that in shadowing detection mode it does not + * replace objects in dst,srv and time with any so that we can + * properly check shadowing later. Regular rule processor that + * deals with negation in SRC replaces objects in rule + * elements DST, SRV and Time with any which causes problems + * because these rule elements then match those in other + * rules, but they really should not match them because + * originally they had specific object so only some packets + * would match these rules. + */ + + class SrcNegation : public PolicyRuleProcessor + { + bool shadowing_mode; + public: + SrcNegation(bool dm, + const std::string &name) : PolicyRuleProcessor(name) + { + shadowing_mode = dm; + } + virtual bool processNext(); + }; + + + /** + * processes rules with negation in Dst + */ + + class DstNegation : public PolicyRuleProcessor + { + bool shadowing_mode; + public: + DstNegation(bool dm, + const std::string &name) : PolicyRuleProcessor(name) + { + shadowing_mode = dm; + } + virtual bool processNext(); + }; + + + /** + * processes rules with negation in Srv + */ + + class SrvNegation : public PolicyRuleProcessor + { + bool shadowing_mode; + public: + SrvNegation(bool dm, + const std::string &name) : PolicyRuleProcessor(name) + { + shadowing_mode = dm; + } + virtual bool processNext(); + }; + + + /** + * processes rules with negation in Interval + */ + + class TimeNegation : public PolicyRuleProcessor + { + bool shadowing_mode; + public: + TimeNegation(bool dm, + const std::string &name) : PolicyRuleProcessor(name) + { + shadowing_mode = dm; + } + virtual bool processNext(); + }; + + + + /** + * verifies combination of interface and * direction and + * fills interface and direction. After this * predicate it + * is guaranteed that both interface and * direction have + * some value. In certain situations interface * ID may be + * set to "nil" though (e.g. global policy rules). + */ + DECLARE_POLICY_RULE_PROCESSOR(InterfaceAndDirection); + + /** + * splits rule onto two if interface is defined and direction is Both + */ + DECLARE_POLICY_RULE_PROCESSOR(splitIfIfaceAndDirectionBoth); + + /** + * If this is bridging firewall, broadcasts and multicasts go + * to FORWARD chain unconditionally. There may be other + * special conditions to be added later. + */ + class bridgingFw : public PolicyRuleProcessor + { + bool checkForMatchingBroadcastAndMulticast(libfwbuilder::Address *addr); + public: + bridgingFw(const std::string &name) : PolicyRuleProcessor(name) {} + virtual bool processNext(); + }; + + + /** + * set chain if Tag rule should go into PREROUTING + * + DECLARE_POLICY_RULE_PROCESSOR(setChainIfTagInPrerouting); + */ + + /** + * set chain if Tag rule should go into PREROUTING + */ + DECLARE_POLICY_RULE_PROCESSOR(setChainPreroutingForTag); + + /** + * set chain if Tag rule should go into POSTROUTING + */ + DECLARE_POLICY_RULE_PROCESSOR(setChainPostroutingForTag); + + /** + * set chain for mangle table + */ + DECLARE_POLICY_RULE_PROCESSOR(setChainForMangle); + + /** + * check if we need to do CONNMARK --restore-mark in OUTPUT chain + */ + DECLARE_POLICY_RULE_PROCESSOR(checkForRestoreMarkInOutput); + + + /** + * split rule if action is Tag and connmark option is activated + */ + DECLARE_POLICY_RULE_PROCESSOR(splitIfTagAndConnmark); + + /** + * split rule if Src==any + * + * This is special case since we assume that "any" includes + * also a firewall object. Packets headed to or from the + * firewall must be inspected by INPUT or OUTPUT chain, while + * packets crossing the firewall are inspected by FORWARD + * chain. If we assume that "any" also includes firewall + * itself, then we need to generate code for both FORWARD and + * INPUT/OUTPUT chains from the same rule. This processor + * splits the rule onto two and sets chain and direction in + * the second copy appropriately. It preserves original src + * and dst in both copies, it only changes chain and direction + * in the second copy. + */ + DECLARE_POLICY_RULE_PROCESSOR(splitIfSrcAny); + + /** + * split rule if Dst==any. See comment in splitIfSrcAny + */ + DECLARE_POLICY_RULE_PROCESSOR(splitIfDstAny); + + /** + * split rule if Src==any + * + * This works just like splitIfSrcAny, except is used in the + * part of compiler that detects rule shadowing. While + * compiling rules, we split the rule and set chains + * appropriately (one rule gets into chain OUTPUT) but leave + * SRC 'any' to avoid generating lots of address matches since + * setting chain to OUTPUT is sufficient. We can not do this + * while detecting shadowing and need to explicitly put the + * firewall object in the first of the two rules we produce. + */ + DECLARE_POLICY_RULE_PROCESSOR(splitIfSrcAnyForShadowing); + + /** + * split rule if Dst==any for shadowing detection. See comment + * in splitIfSrcAnyForShadowing + */ + DECLARE_POLICY_RULE_PROCESSOR(splitIfDstAnyForShadowing); + + /** + * split rule if Src==network the firewall is connected to + * + * This is special case since we assume that network object + * that firewall has interface on includes also a firewall + * object. See comment in splitIfSrcAny for further explanation. + * + * Unlike in splitIfSrcAny, we can not assume rule element + * holds a single object (since in splitIfSrcAny we are + * looking for "any", we could rely on rule element containing + * single object because "any" can only be there alone). + * + * This processor splits the rule onto two and sets chain and + * direction in the second copy appropriately. It preserves + * original src and dst in both copies, it only changes chain + * and direction in the second copy. + */ + DECLARE_POLICY_RULE_PROCESSOR(splitIfSrcFWNetwork); + + /** + * split rule if Dst==network the firewall is connected to. + * See comment in splitIfSrcAny + */ + DECLARE_POLICY_RULE_PROCESSOR(splitIfDstFWNetwork); + + /** + * this is a special case of splitIfSrcAny. It splits the rule + * but only if SRC has negation turned on, contains two or more + * objects and one of these objects is firewall. + * + * This processor should be called immediately before + * processing negation. I tried to modify splitIfSrcAny to + * split if there is negation and use it, but that lead to too + * much overhead in the generated code for rules with negation + * but no firewall in the rule element. + */ + DECLARE_POLICY_RULE_PROCESSOR(splitIfSrcNegAndFw); + + /** + * similar to splitIfSrcNegAndFw + */ + DECLARE_POLICY_RULE_PROCESSOR(splitIfDstNegAndFw); + + /** + * checks for illegal combination of src, dst and direction + */ + DECLARE_POLICY_RULE_PROCESSOR(checkSrcAndDst1); + + /** + * checks for illegal combination of src, dst and direction + */ + DECLARE_POLICY_RULE_PROCESSOR(checkSrcAndDst2); + + /** + * Split rule if MultiAddress object is used in RE to make + * sure it is single object. + */ + class processMultiAddressObjectsInRE : public PolicyRuleProcessor + { + std::string re_type; + public: + processMultiAddressObjectsInRE(const std::string &name, + const std::string &t) : PolicyRuleProcessor(name) { re_type=t; } + virtual bool processNext(); + }; + + + class processMultiAddressObjectsInSrc : public processMultiAddressObjectsInRE + { + public: + processMultiAddressObjectsInSrc(const std::string &n) : + processMultiAddressObjectsInRE(n,libfwbuilder::RuleElementSrc::TYPENAME) {} + }; + + class processMultiAddressObjectsInDst : public processMultiAddressObjectsInRE + { + public: + processMultiAddressObjectsInDst(const std::string &n) : + processMultiAddressObjectsInRE(n,libfwbuilder::RuleElementDst::TYPENAME) {} + }; + + /** + * splits rule if firewall is in src and dst + */ + DECLARE_POLICY_RULE_PROCESSOR(specialCaseWithFW1); + + /** + * expands src and dst if both contain fw object. Unlike + * standard processor ExpandMultipleAddresses, this one + * uses loopback interface as well. + */ + DECLARE_POLICY_RULE_PROCESSOR(specialCaseWithFW2); + + /** + * checks for the following situations: + * + * 1. unnumbered interface is in source and direction is inbound + * (drop interface from src since source address is + * undertermined) + * + * 2. unnumbered interface is in source, direction is outbound + * and temporary chain (drop interface from the list, this + * rule has been created while processing negation. TODO: this + * is kludge, need to create separate temporary chain while + * doing negation in src if one of the objects is firewall) + * + * 3. unnumbered interface is in destination and direction is + * outbound (drop interface since dest. address is undefined) + * + */ + friend class specialCaseWithUnnumberedInterface; + class specialCaseWithUnnumberedInterface : public PolicyRuleProcessor + { + bool dropUnnumberedInterface(libfwbuilder::RuleElement *re); + public: + specialCaseWithUnnumberedInterface(const std::string &name) : PolicyRuleProcessor(name) {} + virtual bool processNext(); + }; + + friend class checkForDynamicInterfacesOfOtherObjects; + class checkForDynamicInterfacesOfOtherObjects : public PolicyRuleProcessor + { + void findDynamicInterfaces(libfwbuilder::RuleElement *re, + libfwbuilder::Rule *rule); + public: + checkForDynamicInterfacesOfOtherObjects(const std::string &name) : PolicyRuleProcessor(name) {} + virtual bool processNext(); + }; + + /** + * expand object with multiple addresses but only if it is NOT + * the firewall we are working with. This processor is called + * right before decideOnChain but after groups have been + * expanded and splitIfSrcMatchesFw and splitIfDstMatchesFw + * have been called. Latter two make sure that firewall, if it + * is part of Src or Dst, will be a single object there when + * this processor is called. + * + * 1. We need to expand objects with multiple addresses (such + * as interfaces with many addresses) so that decideOnChain + * would properly match when it calls + * complexMatch. complexMatch does not match if its first + * argument is an object with multiple addresses. + * + * 2. At the same time we need to keep firewall as a whole, so + * that we can drop it later in removeFW, but only after + * decideOnChain has determined that chain is INPUT or OUTPUT. + */ + DECLARE_POLICY_RULE_PROCESSOR(expandMultipleAddressesIfNotFWinSrc); + DECLARE_POLICY_RULE_PROCESSOR(expandMultipleAddressesIfNotFWinDst); + + /** + * Compiler::_expandAddr skips loopback interface, so we need + * to explicitly process the case when user puts loopback + * interface object in the rule + */ + friend class expandLoopbackInterfaceAddress; + class expandLoopbackInterfaceAddress : public PolicyRuleProcessor + { + void replaceLoopbackWithItsAddress(libfwbuilder::RuleElement *re, + libfwbuilder::Rule *rule); + public: + expandLoopbackInterfaceAddress(const std::string &name) : PolicyRuleProcessor(name) {} + virtual bool processNext(); + }; + + /** + * decides what chain this rule should go to if Src contains + * firewall object. This is a simple case and we need to set + * chain before we try to split the rule if it contains + * network the firewall has interface on (splitIfSrcFWNetwork + * / splitIfDstFWNetwork). + */ + DECLARE_POLICY_RULE_PROCESSOR(decideOnChainIfSrcFW); + + /** + * Similar to the above, except it decides what chain this + * rule should go to if Dst contains firewall object. + */ + DECLARE_POLICY_RULE_PROCESSOR(decideOnChainIfDstFW); + + /** + * This processor takes care of a special case where a rule + * with 'any' in both src and dst is used on a loopback + * interface and option 'assume firewall is part of any' is + * OFF. Processor splitIfIfaceAndDirectionBoth splits + * interface rule if its direction is "Both". This means that + * by the time this processor is called, the original rule + * "any any any accept both" on the loopback interface has + * already been converted to two rules : + * + * any any any accept inbound + * any any any accept outbound + * + * We do not have to split rule here, but rather just assign it to + * INPUT/OUTPUT chains. + * + * This is mostly a patch for those who do not understand how + * does "assume firewall is part of any" work. It also + * eliminates useless code in the FORWARD chain that appear in + * the rules on a loopback interface if the option "assume + * firewall is part of any" is ON. + */ + DECLARE_POLICY_RULE_PROCESSOR(decideOnChainIfLoopback); + + /** + * define chain for rules with action Classify + */ + DECLARE_POLICY_RULE_PROCESSOR(decideOnChainForClassify); + + /** + * find non-terminating targets (such as MARK and + * CLASSIFY). Put such rule in a separate chain and pass + * control to it using "-g" + */ + DECLARE_POLICY_RULE_PROCESSOR(splitNonTerminatingTargets); + + /** + * decides what chain this rule should go to if it has not + * been decided in decideOnChainIfFW + */ + DECLARE_POLICY_RULE_PROCESSOR(finalizeChain); + + /** + * decides on "jump to" chain + */ + DECLARE_POLICY_RULE_PROCESSOR(decideOnTarget); + + /** + * If chain has been determined to be INPUT or OUTPUT, we can + * remove firewall object from dst or src (resp.) NB: we can + * remove only reference to the whole firewall. We DO NOT + * remove reference to its interface or (in the future) + * address objects under interfaces. We do this only if we do + * not add any virtual addresses for NAT and if original rule + * did not have negation. + */ + DECLARE_POLICY_RULE_PROCESSOR(removeFW); + + /** + * if rule option action_on_reject is empty, initialize it + * with global setting of this option. + */ + DECLARE_POLICY_RULE_PROCESSOR(fillActionOnReject); + + + /** + * iptables does not permit using "--m mac --mac-source" in + * the OUTPUT chain + */ + DECLARE_POLICY_RULE_PROCESSOR(checkMACinOUTPUTChain); + + + /** + * expand groups in Srv + */ + DECLARE_POLICY_RULE_PROCESSOR(expandGroupsInSrv); + + /** + * split a rule if action Reject is used in a rule with + * Service 'any' and rule options do not specify what should + * we use for Reject + */ + class splitRuleIfSrvAnyActionReject :public PolicyRuleProcessor + { + std::map seen_rules; + public: + splitRuleIfSrvAnyActionReject(const std::string &name) : + PolicyRuleProcessor(name) {} + virtual bool processNext(); + }; + friend class PolicyCompiler_ipt::splitRuleIfSrvAnyActionReject; + + /** + * separate TCP/UDP services that specify source port (can + * not be used in combination with destination port with + * multiport) + * + * Call this processor after groups have been expanded in Srv + */ + class splitServicesIfRejectWithTCPReset :public PolicyRuleProcessor + { + std::map seen_rules; + public: + splitServicesIfRejectWithTCPReset(const std::string &name) : PolicyRuleProcessor(name) {} + virtual bool processNext(); + }; + friend class PolicyCompiler_ipt::splitServicesIfRejectWithTCPReset; + + /** + * This processor separates TCP/UDP services with port ranges + * (they can not be used with multiport). It also separates + * rules using "Any UDP" and "Any TCP" objects (they have + * all ports set to zero) + */ + DECLARE_POLICY_RULE_PROCESSOR(separatePortRanges); + + /** + * separate TCP/UDP services that specify source port (can + * not be used in combination with destination port with + * multiport) + */ + DECLARE_POLICY_RULE_PROCESSOR(separateSrcPort); + + + /** + * deals with special cases with some known custom services + */ + DECLARE_POLICY_RULE_PROCESSOR(specialCasesWithCustomServices); + + /** + * optimize rules in case we deal with one or few objects in + * one rule element and lots of objects in the other two + */ + class optimize1 : public PolicyRuleProcessor + { + void optimizeForRuleElement(libfwbuilder::PolicyRule *rule, + const std::string &re_type); + public: + optimize1(const std::string &name) : PolicyRuleProcessor(name) {} + virtual bool processNext(); + }; + friend class PolicyCompiler_ipt::optimize1; + + /** + * simple optimization: if the rule is "final" and its action + * does not need protocol specification (it is _not_ -j REJECT + * --reject-with tcp-reset), then make sure service is + * "any". The "final" is such rule that defines the actual + * built-in chain ACCEPT/DROP/REJECT and * should not be + * further split or processed in any way; such rule for + * example is created in Logging and negations) + */ + DECLARE_POLICY_RULE_PROCESSOR(optimize2); + friend class PolicyCompiler_ipt::optimize2; + + /** + * remove duplicate rules + */ + class optimize3 : public PolicyRuleProcessor + { + std::map rules_seen_so_far; + PolicyCompiler_ipt::PrintRule *printRule; + public: + optimize3(const std::string &name) : PolicyRuleProcessor(name){ + printRule=NULL; + } + virtual bool processNext(); + }; + friend class PolicyCompiler_ipt::optimize3; + + + /** + * split rules so multiport module can be used + */ + DECLARE_POLICY_RULE_PROCESSOR(prepareForMultiport); + + /** + * eliminates duplicate objects in SRC. Uses default comparison + * in eliminateDuplicatesInRE which compares IDs + */ + class eliminateDuplicatesInSRC : public eliminateDuplicatesInRE + { + public: + eliminateDuplicatesInSRC(const std::string &n) : + eliminateDuplicatesInRE(n,libfwbuilder::RuleElementSrc::TYPENAME) {} + }; + + /** + * eliminates duplicate objects in DST. Uses default comparison + * in eliminateDuplicatesInRE which compares IDs + */ + class eliminateDuplicatesInDST : public eliminateDuplicatesInRE + { + public: + eliminateDuplicatesInDST(const std::string &n) : + eliminateDuplicatesInRE(n,libfwbuilder::RuleElementDst::TYPENAME) {} + }; + + /** + * eliminates duplicate objects in SRV. Uses default comparison + * in eliminateDuplicatesInRE which compares IDs + */ + class eliminateDuplicatesInSRV : public eliminateDuplicatesInRE + { + public: + eliminateDuplicatesInSRV(const std::string &n) : + eliminateDuplicatesInRE(n,libfwbuilder::RuleElementSrv::TYPENAME) {} + }; + + /** + * process action 'Accounting' + */ + DECLARE_POLICY_RULE_PROCESSOR(accounting); + + + /** + * if action is Continue and logging is off, skip this rule. + * We only use action Continue to log some packets without making + * policy decision + */ + DECLARE_POLICY_RULE_PROCESSOR(SkipActionContinueWithNoLogging); + + + /** + * prints single policy rule, assuming all groups have been + * expanded, so source, destination and service hold exactly + * one object each, and this object is not a group. Negation + * should also have been taken care of before this method is + * called. + * + * This processor is not necessarily the last in the + * conveyor, so it should push rules back to tmp_queue (for + * example there could be progress indicator processor after + * this one) + */ + class PrintRule : public PolicyRuleProcessor + { + protected: + + bool init; + bool print_once_on_top; + std::string current_rule_label; + std::map chains; + + virtual std::string _createChain(const std::string &chain); + virtual std::string _printRuleLabel(libfwbuilder::PolicyRule *r); + + virtual std::string _printSrcService(libfwbuilder::RuleElementSrv *o); + virtual std::string _printDstService(libfwbuilder::RuleElementSrv *o); + virtual std::string _printProtocol(libfwbuilder::Service *srv); + + virtual std::string _printPorts(int rs,int re); + virtual std::string _printSrcPorts(libfwbuilder::Service *srv); + virtual std::string _printDstPorts(libfwbuilder::Service *srv); + virtual std::string _printICMP(libfwbuilder::ICMPService *srv); + virtual std::string _printIP(libfwbuilder::IPService *srv); + + virtual std::string _printTCPFlags(libfwbuilder::TCPService *srv); + + virtual std::string _printAddr(libfwbuilder::Address *o); + virtual std::string _printSingleObjectNegation(libfwbuilder::RuleElement *rel); + + virtual std::string _printChain(libfwbuilder::PolicyRule *r); + virtual std::string _printTarget(libfwbuilder::PolicyRule *r); + virtual std::string _printModules(libfwbuilder::PolicyRule *r); + virtual std::string _printDirectionAndInterface(libfwbuilder::PolicyRule *r); + virtual std::string _printMultiport(libfwbuilder::PolicyRule *r); + + virtual std::string _printTimeInterval(libfwbuilder::PolicyRule *r); + + virtual std::string _printLogParameters(libfwbuilder::PolicyRule *r); + virtual std::string _printLogPrefix(const std::string &rule_n, + const std::string &action, + const std::string &interf, + const std::string &chain, + const std::string &rule_label, + const std::string &prefix); + virtual std::string _printLogPrefix(libfwbuilder::PolicyRule *r, + const std::string &prefix); + virtual std::string _printActionOnReject(libfwbuilder::PolicyRule *r); + virtual std::string _printLimit(libfwbuilder::PolicyRule *r); + + public: + + PrintRule(const std::string &name); + virtual std::string _printGlobalLogParameters(); + virtual std::string _printOptionalGlobalRules(); + virtual std::string _declareTable(); + virtual std::string _flushAndSetDefaultPolicy(); + virtual std::string _commit(); + virtual std::string _quote(const std::string &s); + + virtual std::string _startRuleLine(); + virtual std::string _endRuleLine(); + + virtual bool processNext(); + + std::string PolicyRuleToString(libfwbuilder::PolicyRule *r); + + }; + friend class PolicyCompiler_ipt::PrintRule; + + class PrintRuleIptRst : public PrintRule + { + virtual std::string _createChain(const std::string &chain); + virtual std::string _startRuleLine(); + virtual std::string _endRuleLine(); + virtual std::string _printRuleLabel(libfwbuilder::PolicyRule *r); + + public: + PrintRuleIptRst(const std::string &name) : PrintRule(name) {}; + virtual std::string _declareTable(); + virtual std::string _flushAndSetDefaultPolicy(); + virtual std::string _commit(); + virtual std::string _quote(const std::string &s); + + virtual bool processNext(); + }; + friend class PolicyCompiler_ipt::PrintRuleIptRst; + + class PrintRuleIptRstEcho : public PrintRuleIptRst + { + virtual std::string _createChain(const std::string &chain); + virtual std::string _startRuleLine(); + virtual std::string _endRuleLine(); + + public: + PrintRuleIptRstEcho(const std::string &name) : PrintRuleIptRst(name) {}; + virtual std::string _declareTable(); + virtual std::string _flushAndSetDefaultPolicy(); + virtual std::string _commit(); + virtual std::string _quote(const std::string &s); + + virtual bool processNext(); + }; + friend class PolicyCompiler_ipt::PrintRuleIptRstEcho; + + + virtual std::string myPlatformName(); + + /** + * TODO: move these two to class fwcompiler::PolicyCompiler, + * then create enum for all possible actions on reject in that + * class and use it instead of string. + */ + std::string getActionOnReject(libfwbuilder::PolicyRule *rule); + bool isActionOnRejectTCPRST(libfwbuilder::PolicyRule *rule); + void resetActionOnReject(libfwbuilder::PolicyRule *rule); + + public: + + PolicyCompiler_ipt(libfwbuilder::FWObjectDatabase *_db, + const std::string &fwname, + fwcompiler::OSConfigurator *_oscnf) : PolicyCompiler(_db,fwname,_oscnf) + { + have_dynamic_interfaces = false; + have_connmark = false; + have_connmark_in_output = false; + printRule = NULL; + my_table = "filter"; + } + + + virtual int prolog(); + virtual void compile(); + virtual void epilog(); + + /** + * addRuleFilter() is a hook where we can add a rule processor to filter + * some of the rules out before we begin actual processing + */ + virtual void addRuleFilter(); + + void setHaveDynamicInterfaces(bool f) { have_dynamic_interfaces=f; } + + virtual std::string flushAndSetDefaultPolicy(); + std::string commit(); + + static std::string getNewTmpChainName(libfwbuilder::PolicyRule *rule); + static std::string getNewChainName(libfwbuilder::PolicyRule *rule,libfwbuilder::Interface *rule_iface); + + }; + + +} + +#endif diff --git a/src/ipt/PolicyCompiler_ipt_optimizer.cpp b/src/ipt/PolicyCompiler_ipt_optimizer.cpp new file mode 100644 index 000000000..31dd02e42 --- /dev/null +++ b/src/ipt/PolicyCompiler_ipt_optimizer.cpp @@ -0,0 +1,287 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: PolicyCompiler_ipt_optimizer.cpp 1389 2007-07-19 01:46:30Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "PolicyCompiler_ipt.h" + +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/Policy.h" +#include "fwbuilder/Firewall.h" + +#include "combinedAddress.h" + +#include + +#include +#include +#include + +#include + +using namespace libfwbuilder; +using namespace fwcompiler; +using namespace std; + +/* + * Optimizer 1: + * + * splits rule, making sure we make only one parameter check at a time + * That is, we only check source, or destination or service and then + * pass control to a user-defined chain to check for the next + * parameter. This helps avoid multiple checks for the same parameter. + * + * Assumtions: + * + * Can use this process with multiple objects in src,dst,srv + * Run splitRuleIfSrvAnyActionReject before this processor to make sure + * Srv contains only TCP objects if action is "Reject" and TCP RST is required + */ +void PolicyCompiler_ipt::optimize1::optimizeForRuleElement(PolicyRule *rule, + const std::string &re_type) +{ + PolicyCompiler_ipt *ipt_comp=dynamic_cast(compiler); + PolicyRule *r; + + string this_chain =rule->getStr("ipt_chain"); + string new_chain=PolicyCompiler_ipt::getNewTmpChainName(rule); + + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + + for (FWObject::iterator i=r->begin(); i!=r->end(); ++i) + { + if (RuleElement::cast(*i)!=NULL) + { + if ((*i)->getTypeName()!=re_type && (*i)->size()!=1) + { + RuleElement *nre=RuleElement::cast(*i); + nre->clearChildren(); + nre->setAnyElement(); + } else + { + RuleElement *re=RuleElement::cast(rule->getFirstByType((*i)->getTypeName())); +/* + * put "any tcp" service back in srv field if it was originally some + * tcp service. This is needed because we may need to produce + * --reject-with tcp-reset if the action is reject and we need to + * reject with TCP RST. + */ + + if (RuleElementSrv::isA(re) && + r->getAction()==PolicyRule::Reject && + ipt_comp->isActionOnRejectTCPRST(r)) + { + Service *srv= compiler->getFirstSrv(r); + if (TCPService::isA(srv)) + { + re->clearChildren(); + re->addRef(compiler->dbcopy->findInIndex(ANY_TCP_OBJ_ID)); +/* also leave a flag indicating that further optimization by service + * is not needed */ + rule->setBool("do_not_optimize_by_srv",true); + r->setBool("do_not_optimize_by_srv",true); + } + else + { + re->reset(); + } + } else + { + re->reset(); + } + } + } + } + r->setStr("ipt_target",new_chain); + tmp_queue.push_back(r); + + FWOptions *ruleopt=rule->getOptionsObject(); + ruleopt->setBool("stateless",true); + ruleopt->setInt("limit_value",-1); + ruleopt->setInt("connlimit_value",-1); + ruleopt->setInt("hashlimit_value",-1); + rule->setStr("ipt_chain",new_chain); + rule->setBool("force_state_check",false); + rule->setStr("upstream_rule_chain",this_chain); + if (rule->getInterfaceStr()=="") + rule->setInterfaceStr("nil"); + rule->setDirection( PolicyRule::Both ); + + tmp_queue.push_back(rule); +} + +bool PolicyCompiler_ipt::optimize1::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementSrc *srcrel=rule->getSrc(); + RuleElementDst *dstrel=rule->getDst(); + RuleElementSrv *srvrel=rule->getSrv(); + RuleElementInterval *intrel=rule->getWhen(); + + bool srcany=srcrel->isAny(); + bool dstany=dstrel->isAny(); + bool srvany=srvrel->isAny(); + bool intany=(intrel!=NULL && intrel->isAny()); + + int srcn=srcrel->size(); + int dstn=dstrel->size(); + int srvn=srvrel->size(); + int intn=1; + if (intrel!=NULL) intn=intrel->size(); + + bool all_tcp_or_udp = true; + for (FWObject::iterator i=srvrel->begin(); i!=srvrel->end(); i++) + { + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + + Service *s=Service::cast( o ); + assert(s); + +// tcp and udp will be collapsed because we can use multiport module + if ( !TCPService::isA(s) && !UDPService::isA(s)) + { + all_tcp_or_udp = false; + break; + } + } + + if (all_tcp_or_udp) srvn = 1; + +// Golden rule - try to introduce minimum forward rules .... +// we can't optimize 1 src, 1 dstn, 1 service and 1 time interval +// we can't optimize if we've got three 'anys' .. + if ((srcn <= 1 && dstn <= 1 && srvn <= 1 && intn <= 1) || + (srcany && dstany && srvany) || + (srcany && dstany && intany) || + (srcany && srvany && intany) || + (dstany && srvany && intany) ) + { + tmp_queue.push_back(rule); + return true; + } + +// Assume any means LOTS of rules - i.e. not good candidate for optimization + if (srcany) srcn=INT_MAX; + if (dstany) dstn=INT_MAX; + if (srvany) srvn=INT_MAX; + if (intany) intn=INT_MAX; + + +// Now work out which is best optimization to do. +// this rule is called twice so we only need to do one op on each + + if ( !srvany && (srvn <= dstn) && (srvn <= srcn) && (srvn <= intn) && + ! rule->getBool("do_not_optimize_by_srv") ) + { + optimizeForRuleElement(rule,RuleElementSrv::TYPENAME); + return true; + } + + if ( !srcany && (srcn <= dstn) && (srcn <= srvn) && (srcn <= intn)) + { + optimizeForRuleElement(rule,RuleElementSrc::TYPENAME); + return true; + } + + if ( !dstany && (dstn <= srcn) && (dstn <= srvn) && (dstn <= intn)) + { + optimizeForRuleElement(rule,RuleElementDst::TYPENAME); + return true; + } + + if ( !intany && (intn <= srcn) && (intn <= dstn) && (intn <= srvn)) + { + optimizeForRuleElement(rule,RuleElementInterval::TYPENAME); + return true; + } + + + tmp_queue.push_back(rule); + + return true; +} + +bool PolicyCompiler_ipt::optimize2::processNext() +{ + PolicyCompiler_ipt *ipt_comp=dynamic_cast(compiler); + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementSrv *srvrel=rule->getSrv(); + + if (rule->getBool("final")) + { + if ( rule->getAction()==PolicyRule::Reject && ipt_comp->isActionOnRejectTCPRST(rule)) + { +// preserve service + ; + } else + { + srvrel->clearChildren(); + srvrel->setAnyElement(); + } + } + + tmp_queue.push_back(rule); + + return true; +} + +/* + * this processor eliminates duplicate rules _generated for the same + * high level rule_ This is different from processor + * PolicyCompiler_ipf::eliminateDuplicateRules, which finds and + * eliminates duplicate rules throughout the whole generated script. + */ +bool PolicyCompiler_ipt::optimize3::processNext() +{ + PolicyRule *rule; + rule=getNext(); if (rule==NULL) return false; + + if (rule->isFallback() || rule->isHidden()) + { + tmp_queue.push_back(rule); + return true; + } + + if (printRule==NULL) + { + printRule=new PrintRule(""); + printRule->setContext(compiler); + } + string thisRule = rule->getLabel() + " " + printRule->PolicyRuleToString(rule); + if (rules_seen_so_far.count(thisRule)!=0) return true; + + tmp_queue.push_back(rule); + rules_seen_so_far[thisRule]=true; + + return true; +} diff --git a/src/ipt/RoutingCompiler_ipt.cpp b/src/ipt/RoutingCompiler_ipt.cpp new file mode 100644 index 000000000..4314bfae0 --- /dev/null +++ b/src/ipt/RoutingCompiler_ipt.cpp @@ -0,0 +1,240 @@ +/* + + Firewall Builder Routing add-on + + Copyright (C) 2004 Compal GmbH, Germany + + Author: Tidei Maurizio + + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies + of the Software, and to permit persons to whom the Software is furnished to do + so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in all + copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, + INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A + PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE + OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +*/ + +#include "RoutingCompiler_ipt.h" + +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/Routing.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/IPv4.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Network.h" + +#include + +#include +#if __GNUC__ > 3 || \ + (__GNUC__ == 3 && (__GNUC_MINOR__ > 2 || (__GNUC_MINOR__ == 2 ) ) ) || \ + _MSC_VER +# include +#else +# include +#endif +#include +#include +#include +#include + +#include + +using namespace libfwbuilder; +using namespace fwcompiler; +using namespace std; + +static int chain_no=0; + +static std::map tmp_chain_no; + +string RoutingCompiler_ipt::myPlatformName() { return "iptables"; } + + +int RoutingCompiler_ipt::prolog() +{ + int n = RoutingCompiler::prolog(); + + //TODO: Routing based on the 'ip' command is independent from iptables + if (fw->getStr("platform")!="iptables") + abort(_("Unsupported platform ") + fw->getStr("platform") ); + + return n; +} + + +/* + * this processor eliminates duplicate routing rules, generated from the same + * rule in the GUI + */ +bool RoutingCompiler_ipt::optimize3::processNext() +{ + RoutingRule *rule; + rule=getNext(); if (rule==NULL) return false; + + if (rule->isFallback() || rule->isHidden()) + { + tmp_queue.push_back(rule); + return true; + } + + if (printRule==NULL) + { + printRule=new PrintRule(""); + printRule->setContext(compiler); + } + + string thisRule = rule->getLabel() + " " + printRule->RoutingRuleToString(rule); + + if (rules_seen_so_far.count(thisRule)!=0) return true; + + tmp_queue.push_back(rule); + rules_seen_so_far[thisRule]=true; + + return true; +} + +/* + * this processor eliminates duplicate atomic routing rules in one routing table + */ +bool RoutingCompiler_ipt::eliminateDuplicateRules::processNext() +{ + RoutingRule *rule; + rule=getNext(); if (rule==NULL) return false; + + if (rule->isFallback() || rule->isHidden()) + { + tmp_queue.push_back(rule); + return true; + } + + if (printRule==NULL) + { + printRule=new PrintRule(""); + printRule->setContext(compiler); + } + + string label = rule->getLabel(); + int bracepos = label.find("("); + label.erase(0, bracepos); + + string thisRule = label + " " + printRule->RoutingRuleToString(rule); + + rules_it = rules_seen_so_far.find(thisRule); + + if (rules_it != rules_seen_so_far.end()) { + + string msg; + msg = "Two of the sub rules created from the gui routing rules " + rules_it->second + " and " + rule->getLabel() + + "\nare identical, skipping the second. Please revise them to avoid this warning!"; + compiler->warning( msg.c_str() ); + return true; + } + + tmp_queue.push_back(rule); + rules_seen_so_far[thisRule]=rule->getLabel(); + + return true; +} + + +/** + *----------------------------------------------------------------------- + */ +void RoutingCompiler_ipt::compile() +{ + cout << _(" Compiling routing rules for ") << fw->getName() << " ..." << endl << flush; + + try { + + Compiler::compile(); + //bool check_for_recursive_groups=true; + + + add( new RoutingCompiler::Begin()); + add( new printTotalNumberOfRules()); + + add( new recursiveGroupsInRDst( "Check for recursive Groups in RDst" ) ); + add( new emptyGroupsInRDst( "Check for empty Groups in RDst" ) ); + add( new emptyRDstAndRItf( "Check if RDst and RItf are both empty" ) ); + add( new singleAdressInRGtw( "Check if RGtw object has exactly one IP adress" ) ); + add( new rItfChildOfFw( "Check if RItf is an Iterface of this firewall" ) ); + add( new validateNetwork( "Validate network addresses" ) ); + add( new reachableAdressInRGtw( "Check if RGtw is reachable via local networks" ) ); + add( new contradictionRGtwAndRItf( "Check if RGtw is in a network of RItf" ) ); + + add( new ExpandGroups( "Expand groups in DST" ) ); + add( new ExpandMultipleAddresses( "Expand objects with multiple addresses in DST" ) ); + add( new eliminateDuplicatesInDST( "Eliminate duplicates in DST" ) ); + + add( new createSortedDstIdsLabel( "Creates a label with a sorted dst-id-list for 'competingRules'" ) ); + add( new competingRules( "Check for competing rules" ) ); + + add( new ConvertToAtomicForDST( "Convert to atomic rules by dst address elements") ); + + add( new createSortedDstIdsLabel( "Creates a label with a sorted dst-id-list for 'classifyRoutingRules'") ); + add( new classifyRoutingRules( "Classify into single path or part of a multi path rule" ) ); + + add( new optimize3( "Eliminate duplicate rules generated from a single gui-rule" ) ); + add( new eliminateDuplicateRules( "Eliminate duplicate rules over the whole table" ) ); + + add( new PrintRule( "generate ip code" ) ); + add( new simplePrintProgress( ) ); + + runRuleProcessors(); + + } catch (FWException &ex) { + error(ex.toString()); + exit(1); + } +} + + +string RoutingCompiler_ipt::debugPrintRule(Rule *r) +{ + RoutingRule *rule=RoutingRule::cast(r); + + string s= RoutingCompiler::debugPrintRule(rule); + + return s; +} + + +void RoutingCompiler_ipt::epilog() +{ + ///int total = ecmp_comments_buffer.size(); + int nb = 0; + + // ecmp roules can only be generated after all the rules have been parsed, that is the reason for putting this code in the epilog function + if( ecmp_rules_buffer.size() > 0) { + + output << "\n#\n# ======================================= EQUAL COST MULTI PATH ========================================\n#" << endl; + + output << "echo \"Activating ecmp routing rules...\"" << endl; + + for( map::iterator ecmp_comments_buffer_it = ecmp_comments_buffer.begin(); ecmp_comments_buffer_it != ecmp_comments_buffer.end(); ++ecmp_comments_buffer_it) { + + output << ecmp_comments_buffer_it->second << "#\n" << flush; + + output << ecmp_rules_buffer[ecmp_comments_buffer_it->first] << flush; + + output << " \\\n|| routeFailed " << "\"" << ++nb << "\"" << endl; + //echo \"Error: The ECMP routing rule #" << ++nb <<" couldn't be activated! Please make sure your kernel is compiled with the CONFIG_IP_ROUTE_MULTIPATH option.\"" << endl; + + } + } + + output << "echo \"...done.\"" << endl; +} diff --git a/src/ipt/RoutingCompiler_ipt.h b/src/ipt/RoutingCompiler_ipt.h new file mode 100644 index 000000000..047a1ef11 --- /dev/null +++ b/src/ipt/RoutingCompiler_ipt.h @@ -0,0 +1,174 @@ +/* + + Firewall Builder Routing add-on + + Copyright (C) 2004 Compal GmbH, Germany + + Author: Tidei Maurizio + + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies + of the Software, and to permit persons to whom the Software is furnished to do + so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in all + copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, + INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A + PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE + OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +*/ + +#ifndef __ROUTINGCOMPILER_IPT_HH__ +#define __ROUTINGCOMPILER_IPT_HH__ + +#include + +#include "fwcompiler/RoutingCompiler.h" +#include "fwbuilder/RuleElement.h" +#include "config.h" +namespace libfwbuilder { + class RuleElementRDst; + class RuleElementRItf; + class RuleElementRGtw; +}; + + +namespace fwcompiler { + + + class RoutingCompiler_ipt : public RoutingCompiler { + + protected: + + /** + * prints rule in some universal format (close to that visible + * to user in the GUI). Used for debugging purposes. This method + * calls RoutingCompiler::debugPrintRule + */ + virtual std::string debugPrintRule(libfwbuilder::Rule *rule); + + /** + * processes rules with negation in Dst if it holds only one object + */ + DECLARE_ROUTING_RULE_PROCESSOR(singleDstNegation); + + /** + * processes rules with negation in Dst + */ + DECLARE_ROUTING_RULE_PROCESSOR(DstNegation); + + + /** + * remove duplicate rules + */ + class PrintRule; + class optimize3 : public RoutingRuleProcessor + { + std::map rules_seen_so_far; + RoutingCompiler_ipt::PrintRule *printRule; + + public: + + optimize3(const std::string &name) : RoutingRuleProcessor(name){ + printRule=NULL; + } + virtual bool processNext(); + }; + friend class RoutingCompiler_ipt::optimize3; + + /** + * eliminates duplicate objects in DST. Uses default comparison + * in eliminateDuplicatesInRE which compares IDs + */ + class eliminateDuplicatesInDST : public eliminateDuplicatesInRE + { + + public: + + eliminateDuplicatesInDST(const std::string &n) : + eliminateDuplicatesInRE(n,libfwbuilder::RuleElementRDst::TYPENAME) {} + }; + + /** + * eliminates duplicate rules + */ + class eliminateDuplicateRules : public RoutingRuleProcessor + { + std::map rules_seen_so_far; + std::map::iterator rules_it; + RoutingCompiler_ipt::PrintRule *printRule; + + public: + + eliminateDuplicateRules(const std::string &name) : RoutingRuleProcessor(name){ + printRule=NULL; + } + virtual bool processNext(); + }; + + + /** + * prints single policy rule, assuming all groups have been + * expanded, destination holds exactly one object, and this + * object is not a group. Negation should also have been taken + * care of before this method is called. + * + * This processor is not necessarily the last in the + * conveyor, so it should push rules back to tmp_queue (for + * example there could be progress indicator processor after + * this one) + */ + class PrintRule : public RoutingRuleProcessor + { + bool print_once_on_top; + std::string current_rule_label; + + virtual std::string _printAddr(libfwbuilder::Address *o); + + public: + + PrintRule(const std::string &name); + virtual bool processNext(); + + std::string RoutingRuleToString(libfwbuilder::RoutingRule *r); + std::string _printRGtw(libfwbuilder::RoutingRule *r); + std::string _printRItf(libfwbuilder::RoutingRule *r); + std::string _printRDst(libfwbuilder::RoutingRule *r); + + }; + friend class RoutingCompiler_ipt::PrintRule; + + virtual std::string myPlatformName(); + + // These buffers are needed to collect output generated from the single ECMP rules belonging to one destination, + // because all these routes have to be activated with a single ip command. So ECMP ip commands are built up gradually + // during compilation and inserted in the shell script after all rules are processed. + + + std::map< std::string, std::string> ecmp_rules_buffer; // sortedDstId+metric-->nexthops + std::map< std::string, std::string> ecmp_comments_buffer; // sortedDstId+metric-->rule's info for the fw script + + public: + + RoutingCompiler_ipt(libfwbuilder::FWObjectDatabase *_db, + const std::string &fwname, + fwcompiler::OSConfigurator *_oscnf) : RoutingCompiler(_db,fwname,_oscnf) {} + + + virtual int prolog(); + virtual void compile(); + virtual void epilog(); + + }; + + +} + +#endif diff --git a/src/ipt/RoutingCompiler_ipt_writers.cpp b/src/ipt/RoutingCompiler_ipt_writers.cpp new file mode 100644 index 000000000..4471f6fa4 --- /dev/null +++ b/src/ipt/RoutingCompiler_ipt_writers.cpp @@ -0,0 +1,325 @@ +/* + + Firewall Builder Routing add-on + + Copyright (C) 2004 Compal GmbH, Germany + + Author: Tidei Maurizio + + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies + of the Software, and to permit persons to whom the Software is furnished to do + so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in all + copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, + INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A + PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE + OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +*/ + +#include "RoutingCompiler_ipt.h" + +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/Routing.h" +#include "fwbuilder/Network.h" + +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/Routing.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/IPv4.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/FWOptions.h" + + +#include +#if __GNUC__ > 3 || \ + (__GNUC__ == 3 && (__GNUC_MINOR__ > 2 || (__GNUC_MINOR__ == 2 ) ) ) || \ + _MSC_VER +# include +#else +# include +#endif +#include +#include +#include + +#include + +using namespace libfwbuilder; +using namespace fwcompiler; +using namespace std; + + + +/** + *----------------------------------------------------------------------- + * Methods for printing + */ + + +string RoutingCompiler_ipt::PrintRule::_printAddr(Address *o) +{ + std::ostringstream ostr; + + if (Interface::cast(o)!=NULL) + { + Interface *iface=Interface::cast(o); + if (iface->isDyn()) + ostr << "$interface_" << iface->getName() << " "; + return ostr.str(); + } + + IPAddress addr; + Netmask mask; + try { + addr=o->getAddress(); + + if (Interface::cast(o)!=NULL || IPv4::cast(o)!=NULL) mask=Netmask("255.255.255.255"); + else mask=o->getNetmask(); + } + catch (FWException ex) + { + FWObject *obj=o; +/* + * check if this is object of class Address. since we want to + * distinguish between Host, Interface and Address, and both Host and + * Interface are inherited from Address, we can't use cast. Use isA + * instead + */ + while (obj!=NULL && + !Host::isA(obj) && + !Firewall::isA(obj) && + !Network::isA(obj)) obj=obj->getParent(); + + compiler->error(_("Problem with address or netmask in the object or one of its interfaces: '")+obj->getName()+"'"); + throw; + } + + + if (addr.toString()=="0.0.0.0" && mask.toString()=="0.0.0.0") + { + ostr << "default "; + } else + { + ostr << addr.toString(); + if (mask.toString()!="255.255.255.255") + { + ostr << "/" << mask.getLength(); + } + ostr << " "; + } + return ostr.str(); +} + + + +RoutingCompiler_ipt::PrintRule::PrintRule(const std::string &name) : RoutingRuleProcessor(name) +{ + print_once_on_top=true; +} + + +bool RoutingCompiler_ipt::PrintRule::processNext() +{ + RoutingRule *rule =getNext(); + if (rule==NULL) return false; + + tmp_queue.push_back(rule); + + static int ecmp_nb = 0; + stringstream ecmp_nb_string; + + if (print_once_on_top) { + + compiler->output << "#\n#\n# ========================================== ROUTING RULES =============================================\n#" << endl; + + compiler->output << "# if any routing rule fails we do our best to prevent freezing the firewall" << endl; + compiler->output << "routeFailed()" << endl; + compiler->output << "{" << endl; + compiler->output << " echo \"Error: Routing rule $1 couldn't be activated!\"" << endl; + compiler->output << " echo \"Recovering previous routing configuration...\"" << endl; + compiler->output << " # delete current routing rules" << endl; + compiler->output << " $IP route show | while read route ; do $IP route del $route ; done" << endl; + compiler->output << " # restore old routing rules" << endl; + + /* this shell code has been tested with bash, zsh, ash, sash, csh and tcsh */ + compiler->output << " (IFS=\"\n\"; for route in $oldRoutes; do (IFS=' '; $IP route add $route); done)" << endl; + compiler->output << " echo \"...done\"" << endl; + compiler->output << " exit 1" << endl; + compiler->output << "}" << endl << endl; + + compiler->output << "# store previous routing configuration (sort: 'via' GW has to be inserted after device routes)" << endl; + compiler->output << "oldRoutes=$($IP route show | sort -k 2)" << endl << endl; + + compiler->output << "echo \"Deleting routing rules previously set by user space processes...\"" << endl; + compiler->output << "$IP route show | grep -v ' proto kernel ' | while read route ; do $IP route del $route ; done\n" << endl; + + compiler->output << "echo \"Activating non-ecmp routing rules...\"" << endl << endl; + + print_once_on_top=false; + } + + string rl=rule->getLabel(); + string comm=rule->getComment(); + string::size_type c1,c2; + c1=0; + + if (rl!=current_rule_label) { + compiler->output << "# " << endl; + compiler->output << "# Rule " << rl << endl; + //compiler->output << "# " << rule->getRuleTypeAsString() << endl; + compiler->output << "# " << endl; + compiler->output << "echo \"Routing rule " << rl << "\"" << endl; + compiler->output << "# " << endl; + } + + if( rule->getRuleType() != RoutingRule::MultiPath ) { + + if (rl!=current_rule_label) { + + while ( (c2=comm.find('\n',c1))!=string::npos ) { + compiler->output << "# " << comm.substr(c1,c2-c1) << endl; + c1=c2+1; + } + compiler->output << "# " << comm.substr(c1) << endl; + + compiler->output << "# " << endl; + + current_rule_label=rl; + } + + string command_line = RoutingRuleToString(rule); + compiler->output << command_line; + + } else { + + // the ecmp_id contains the table, the rule label and the metric. These are the properties the ecmp rules are distinguished + string metric = rule->getMetricAsString(); + string ecmp_id = rule->getSortedDstIds() + "#" + metric; + + if (rl!=current_rule_label) { + + compiler->output << "# Some sub rules belonging to an ECMP (Equal Cost Multi Path) rule were placed in the ECMP section below." << endl; + current_rule_label=rl; + } + + map< string, string>& ecmp_rules_buffer = ((RoutingCompiler_ipt*)compiler)->ecmp_rules_buffer; + map< string, string>& ecmp_comments_buffer = ((RoutingCompiler_ipt*)compiler)->ecmp_comments_buffer; + + map< string, string>::iterator ecmp_rules_buffer_it; + ecmp_rules_buffer_it = ecmp_rules_buffer.find(ecmp_id); + if( ecmp_rules_buffer_it == ecmp_rules_buffer.end() ) { + + // ECMP Dst not seen so far, add "ip route add x.x.x.x" and comment's header + ecmp_nb_string << ++ecmp_nb; + ecmp_comments_buffer[ecmp_id] = "#\n# Multipath Rule #" + ecmp_nb_string.str() + " derivated from the following routing rules:\n#\n"; + + if (rule->getMetricAsString() != "0") { + ecmp_rules_buffer[ecmp_id] += "$IP route add " + _printRDst(rule) + "metric " + metric; + } else { + ecmp_rules_buffer[ecmp_id] += "$IP route add " + _printRDst(rule); + } + } + + ecmp_comments_buffer[ecmp_id] += "# Rule " + rl + "\n"; + + while ( (c2=comm.find('\n',c1))!=string::npos ) { + + ecmp_comments_buffer[ecmp_id] += "# " + comm.substr(c1,c2-c1) + "\n"; + c1=c2+1; + } + ecmp_comments_buffer[ecmp_id] += "# " + comm.substr(c1) + "\n"; + + // Collect the nexthop information for the multipath rules, indexed by the sorted dst ids + ecmp_rules_buffer[ecmp_id] += " \\\nnexthop " ; + ecmp_rules_buffer[ecmp_id] += _printRGtw(rule); + ecmp_rules_buffer[ecmp_id] += _printRItf(rule); + + + } + return true; +} + + +string RoutingCompiler_ipt::PrintRule::RoutingRuleToString(RoutingRule *rule) +{ + FWObject *ref; + + RuleElementRDst *dstrel=rule->getRDst(); + ref=dstrel->front(); + Address *dst=Address::cast(FWReference::cast(ref)->getPointer()); + if(dst==NULL) + throw FWException(_("Broken DST in ")+rule->getLabel()); + + std::ostringstream command_line; + + command_line << "$IP route add "; + command_line << _printRDst(rule); + if (rule->getMetricAsString() != "0") { + command_line << " metric " << rule->getMetricAsString() << " "; + } + command_line << _printRGtw(rule); + command_line << _printRItf(rule); + command_line << "\\\n|| "; + + FWObject *opt_dummy = rule->getFirstByType(RoutingRuleOptions::TYPENAME); + RoutingRuleOptions *opt = opt_dummy ? RoutingRuleOptions::cast(opt_dummy) : 0; + if ( opt && opt->getBool("no_fail") ) { + command_line << "echo \"*** Warning: routing rule " << rule->getLabel() << " failed. ignored. ***\"\n"; + } else { + command_line << "routeFailed " << "\"" << rule->getLabel() << "\"" << endl;; + } + command_line << endl; + + return command_line.str(); +} + +string RoutingCompiler_ipt::PrintRule::_printRGtw(RoutingRule *rule) +{ + FWObject *ref; + + RuleElementRGtw *gtwrel=rule->getRGtw(); + ref=gtwrel->front(); + Address *gtw=Address::cast(FWReference::cast(ref)->getPointer()); + if(gtw==NULL) + throw FWException(_("Broken GTW in ")+rule->getLabel()); + + string gateway = _printAddr(gtw); + + if( gateway != "default ") return "via " + gateway; + else return ""; +} + +string RoutingCompiler_ipt::PrintRule::_printRItf(RoutingRule *rule) +{ + FWObject *ref; + + RuleElementRItf *itfrel=rule->getRItf(); + ref=itfrel->front(); + Interface *itf=Interface::cast(FWReference::cast(ref)->getPointer()); + + if(itf != NULL) return "dev " + itf->getStr("name") + " "; + else return ""; +} + +string RoutingCompiler_ipt::PrintRule::_printRDst(RoutingRule *rule) +{ + FWObject *ref; + + RuleElementRDst *dstrel=rule->getRDst(); + ref=dstrel->front(); + Address *dst=Address::cast(FWReference::cast(ref)->getPointer()); + if(dst==NULL) + throw FWException(_("Broken DST in ")+rule->getLabel()); + + return _printAddr(dst); +} diff --git a/src/ipt/combinedAddress.cpp b/src/ipt/combinedAddress.cpp new file mode 100644 index 000000000..e7f3c8e0b --- /dev/null +++ b/src/ipt/combinedAddress.cpp @@ -0,0 +1,56 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland + + $Id: combinedAddress.cpp 1151 2006-09-11 00:41:10Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include + +#include + +#include +#include +#include + +using namespace libfwbuilder; +using namespace std; + +const char *combinedAddress::TYPENAME={"combinedAddress"}; + +combinedAddress::combinedAddress(const FWObject *root,bool prepopulate) : IPv4(root,prepopulate) {} +combinedAddress::~combinedAddress() {} + +std::string combinedAddress::getPhysAddress() const +{ + return physAddress; +} + +void combinedAddress::setPhysAddress(const std::string &s) +{ + physAddress=s; +} + +bool combinedAddress::isAny() const +{ + return (IPv4::isAny() && physAddress==""); +} + diff --git a/src/ipt/combinedAddress.h b/src/ipt/combinedAddress.h new file mode 100644 index 000000000..107a7cb72 --- /dev/null +++ b/src/ipt/combinedAddress.h @@ -0,0 +1,61 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland + + $Id: combinedAddress.h 1151 2006-09-11 00:41:10Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef __COMB_ADDRESS_HH_FLAG__ +#define __COMB_ADDRESS_HH_FLAG__ + +#include +#include +#include + +namespace libfwbuilder +{ + +class combinedAddress : public IPv4 +{ + private: + + std::string physAddress; + + public: + + DECLARE_FWOBJECT_SUBTYPE(combinedAddress); + + combinedAddress() {} + combinedAddress(const FWObject *root,bool prepopulate); + virtual ~combinedAddress(); + + std::string getPhysAddress() const; + void setPhysAddress(const std::string &s); + + bool isAny() const; +}; + +} + + +#endif + diff --git a/src/ipt/ipt.cpp b/src/ipt/ipt.cpp new file mode 100644 index 000000000..1f317142f --- /dev/null +++ b/src/ipt/ipt.cpp @@ -0,0 +1,801 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: ipt.cpp 1459 2007-12-15 05:56:12Z vk $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" + +#include + +#ifdef HAVE_LOCALE_H +#include +#endif + +#include +#include +#include +#include +#include + +#ifndef _WIN32 +# include +# include +#else +# include +# include +# include +#endif + +#include +#include +#include +#include +#include + +#include "PolicyCompiler_ipt.h" +#include "MangleTableCompiler_ipt.h" +#include "NATCompiler_ipt.h" +#include "RoutingCompiler_ipt.h" +#include "OSConfigurator_linux24.h" + +#include "fwcompiler/Preprocessor.h" + +#include "fwbuilder/Resources.h" +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/XMLTools.h" +#include "fwbuilder/FWException.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Interface.h" + +#ifdef HAVE_GETOPT_H + #include +#else + #ifdef _WIN32 + #include + #else + #include + #endif +#endif + +#include "../common/init.cpp" + +using namespace std; +using namespace libfwbuilder; +using namespace fwcompiler; + +int fwbdebug = 0; + +static const char *filename = NULL; +static const char *wdir = NULL; +static const char *fwobjectname = NULL; +static string fw_file_name = ""; +static int dl = 0; +static int drp = -1; +static bool omit_timestamp = false; +static int drn = -1; +static int verbose = 0; +static bool have_dynamic_interfaces = false; +static bool test_mode = false; + +FWObjectDatabase *objdb = NULL; + +class UpgradePredicate: public XMLTools::UpgradePredicate +{ + public: + virtual bool operator()(const string &msg) const + { + cout << _("Data file has been created in the old version of Firewall Builder. Use fwbuilder GUI to convert it.") << endl; + return false; + } +}; + +string addPrologScript(bool nocomment,const string &script) +{ + string res=""; + + if ( !nocomment ) + { + res += "\n"; + res += "#\n"; + res += "# Prolog script\n"; + res += "#\n"; + } + + res += script; + res += "\n"; + + if ( !nocomment ) + { + res += "#\n"; + res += "# End of prolog script\n"; + res += "#\n"; + } + return res; +} + +void usage(const char *name) +{ + cout << _("Firewall Builder: policy compiler for Linux 2.4.x and 2.6.x iptables") << endl; + cout << _("Version ") << VERSION << "-" << RELEASE_NUM << endl; + cout << _("Usage: ") << name << _(" [-x level] [-v] [-V] [-q] [-f filename.xml] [-d destdir] [-m] firewall_object_name") << endl; +} + +int main(int argc, char * const *argv) +{ + +#ifdef ENABLE_NLS + setlocale (LC_ALL, ""); + + bindtextdomain (PACKAGE, LOCALEDIR); + textdomain (PACKAGE); +#else +# ifdef HAVE_SETLOCALE + setlocale (LC_ALL, ""); +# endif +#endif + + + if (argc<=1) + { + usage(argv[0]); + exit(1); + } + + int opt; + + while( (opt=getopt(argc,argv,"x:vVqf:d:r:o:")) != EOF ) + { + switch(opt) + { + case 'd': + wdir = strdup(optarg); + break; + case 'r': + respath = string(optarg); + break; + case 'f': + filename = strdup(optarg); + break; + case 'o': + fw_file_name = string(optarg); + break; + case 'x': + if (*optarg=='t') { + test_mode = true; + } else if (*optarg=='p') { + ++optarg; + drp = atoi(optarg); + } else { + if (*optarg=='n') { + ++optarg; + drn = atoi(optarg); + } else { + if (isdigit(*optarg)) dl=atoi(optarg); // increase debug level + else { + usage(argv[0]); + exit(1); + } + } + } + break; + case 'v': + verbose++; + break; + case 'V': + usage(argv[0]); + exit(1); + case 'q': + omit_timestamp = true; + break; + } + } + + if((argc-1) != optind) + { + usage(argv[0]); + exit(1); + } + + fwobjectname = strdup( argv[optind++] ); + + if (fw_file_name.empty()) + fw_file_name=string(fwobjectname)+".fw"; + + if (wdir==0) wdir="./"; + + if ( +#ifdef _WIN32 + _chdir(wdir) +#else + chdir(wdir) +#endif + ) { + cerr << _("Can't change to: ") << wdir << endl; + exit(1); + } + + init(argv); + + try + { + new Resources(respath+FS_SEPARATOR+"resources.xml"); + + /* create database */ + objdb = new FWObjectDatabase(); + + /* load the data file */ + UpgradePredicate upgrade_predicate; + + if (verbose) cout << _(" *** Loading data ..."); + + objdb->setReadOnly( false ); + objdb->load( sysfname, &upgrade_predicate, librespath); + objdb->setFileName(""); + FWObjectDatabase *ndb = new FWObjectDatabase(); + ndb->load(filename, &upgrade_predicate, librespath); + + objdb->merge(ndb, NULL); + delete ndb; + objdb->setFileName(filename); + objdb->reIndex(); + + if (verbose) cout << _(" done\n"); + + //objdb->dump(true,true); + + FWObject *slib = objdb->findInIndex("syslib000"); + if ( slib->isReadOnly()) slib->setReadOnly(false); + + /* Review firewall and OS options and generate commands */ + Firewall* fw=objdb->findFirewallByName(fwobjectname); + FWOptions* options=fw->getOptionsObject(); + string s; + + /* some initial sanity checks */ + + list l2=fw->getByType(Interface::TYPENAME); + for (list::iterator i=l2.begin(); i!=l2.end(); ++i) + { + Interface *iface=dynamic_cast(*i); + assert(iface); + + string::size_type n; + if ( (n=iface->getName().find("*"))!=string::npos) + { +/* this is a special 'wildcard' interface. Its name must end with '*', + * it must be dynamic and should not have a child IPv4 or + * physAddress object + */ + + if (n!=iface->getName().length()-1) + { + char errstr[256]; + sprintf(errstr, + _("'*' must be the last character in the wildcard's interface name: '%s'."), + iface->getName().c_str() ); + throw FWException(errstr); + } +/* + removed test to implement RFE #837238: "unnummbered wildcard interfaces" + + if (!iface->isDyn()) + { + char errstr[256]; + sprintf(errstr, + _("Wildcard interface '%s' must be dynamic."), + iface->getName().c_str() ); + throw FWException(errstr); + } +*/ + list l3=iface->getByType(physAddress::TYPENAME); + if (l3.size()>0) + { + char errstr[256]; + sprintf(errstr, +_("Wildcard interface '%s' should not have a physcal address object attached to it. The physical address object will be ignored.\n"), + iface->getName().c_str() ); + cerr << errstr; + for (list::iterator j=l3.begin(); j!=l3.end(); ++j) + iface->remove(*j); + } + } + + if ( iface->isDyn()) + { + have_dynamic_interfaces=true; + + iface->setBool("use_var_address",true); + + list l3=iface->getByType(IPv4::TYPENAME); + if (l3.size()>0) + { + char errstr[256]; + for (list::iterator j=l3.begin(); j!=l3.end(); ++j) + if ( objdb->findAllReferences(*j).size()!=0 ) + { + sprintf(errstr, +_("Dynamic interface %s has an IP address that is used in the firewall policy rule.\n"), + iface->getName().c_str() ); + throw FWException(errstr); + } + + sprintf(errstr, +_("Dynamic interface %s should not have an IP address object attached to it. This IP address object will be ignored.\n"), + iface->getName().c_str() ); + cerr << errstr; + for (list::iterator j=l3.begin(); j!=l3.end(); ++j) + iface->remove(*j); + } + } else + { + + list la=iface->getByType(IPv4::TYPENAME); + if ( iface->isRegular() && la.empty() ) + { + char errstr[256]; + sprintf(errstr,_("Missing IP address for interface %s\n"), + iface->getName().c_str() ); + throw FWException(errstr); + } + + for (list::iterator j=la.begin(); j!=la.end(); ++j) + { + IPv4 *ipv4 = IPv4::cast(*j); + if ( ipv4->getAddress().toString()=="0.0.0.0") + { + char errstr[256]; + sprintf(errstr, + _("Interface %s has IP address \"0.0.0.0\".\n"), + iface->getName().c_str() ); + throw FWException(errstr); + } + } + } + } + + string firewall_dir=options->getStr("firewall_dir"); + if (firewall_dir=="") firewall_dir="/etc"; + + bool debug=options->getBool("debug"); + string shell_dbg=(debug)?"set -x":"" ; + string pfctl_dbg=(debug)?"-v":""; + + Preprocessor* prep=new Preprocessor(objdb , fwobjectname); + prep->compile(); + + OSConfigurator_linux24 *oscnf=NULL; + string family=Resources::os_res[fw->getStr("host_OS")]->Resources::getResourceStr("/FWBuilderResources/Target/family"); + if ( family=="linux24" ) + oscnf=new OSConfigurator_linux24(objdb , fwobjectname); + + if (oscnf==NULL) + throw FWException(_("Unrecognized host OS ")+fw->getStr("host_OS")+" (family "+family+")"); + + oscnf->prolog(); + + int policy_rules_count = 0; + int mangle_rules_count = 0; + int nat_rules_count = 0; + int routing_rules_count = 0; + + MangleTableCompiler_ipt m( objdb , fwobjectname , oscnf ); + + m.setDebugLevel( dl ); + m.setDebugRule( drp ); + m.setVerbose( (bool)(verbose) ); + m.setHaveDynamicInterfaces(have_dynamic_interfaces); + if (test_mode) m.setTestMode(); + + if ( (mangle_rules_count=m.prolog()) > 0 ) + { + m.compile(); + m.epilog(); + } + +// compile NAT rules before policy rules because policy compiler +// needs to know the number of virtual addresses being created for NAT + + NATCompiler_ipt n( objdb , fwobjectname , oscnf ); + + n.setDebugLevel( dl ); + n.setDebugRule( drn ); + n.setVerbose( (bool)(verbose) ); + n.setHaveDynamicInterfaces(have_dynamic_interfaces); + if (test_mode) n.setTestMode(); + + if ( (nat_rules_count=n.prolog()) > 0 ) + { + oscnf->generateCodeForProtocolHandlers(true); + n.compile(); + n.epilog(); + } else + oscnf->generateCodeForProtocolHandlers(false); + + PolicyCompiler_ipt c( objdb , fwobjectname , oscnf ); + + c.setDebugLevel( dl ); + c.setDebugRule( drp ); + c.setVerbose( (bool)(verbose) ); + c.setHaveDynamicInterfaces(have_dynamic_interfaces); + if (test_mode) c.setTestMode(); + + if ( (policy_rules_count=c.prolog()) > 0 ) + { + c.compile(); + c.epilog(); + } + + RoutingCompiler_ipt r( objdb , fwobjectname , oscnf ); + + r.setDebugLevel( dl ); + r.setDebugRule( drp ); + r.setVerbose( verbose ); + if (test_mode) r.setTestMode(); + + if ( (routing_rules_count=r.prolog()) > 0 ) + { + r.compile(); + r.epilog(); + } + + oscnf->printChecksForRunTimeMultiAddress(); + oscnf->processFirewallOptions(); + oscnf->configureInterfaces(); + oscnf->printCommandsToAddVirtualAddressesForNAT(); + +/* + * now write generated scripts to files + */ + + char *timestr; + time_t tm; + struct tm *stm; + + tm=time(NULL); + stm=localtime(&tm); + timestr=strdup(ctime(&tm)); + timestr[ strlen(timestr)-1 ]='\0'; + +#ifdef _WIN32 + char* user_name=getenv("USERNAME"); +#else + struct passwd *pwd=getpwuid(getuid()); + assert(pwd); + char *user_name=pwd->pw_name; +#endif + + if (user_name==NULL) + { + user_name=getenv("LOGNAME"); + if (user_name==NULL) + { + cerr << _("Can't figure out your user name, aborting") << endl; + exit(1); + } + } +/* + * assemble the script and then perhaps post-process it if it should + * run on Linksys device with sveasoft firmware + */ + + ostringstream script; + + script << "#!/bin/sh " << endl; + + script << _("#\n\ +# This is automatically generated file. DO NOT MODIFY !\n\ +#\n\ +# Firewall Builder fwb_ipt v") << VERSION << "-" << RELEASE_NUM << _(" \n"); + + if (!omit_timestamp) + { + script << _("#\n\ +# Generated ") << timestr << " " << tzname[stm->tm_isdst] << _(" by ") + << user_name << "\n#\n"; + } + + script << MANIFEST_MARKER << "* " << fw_file_name << endl; + script << "#" << endl; + script << "#" << endl; + +/* do not put comment in the script if it is intended for linksys */ + bool nocomm=Resources::os_res[fw->getStr("host_OS")]->Resources::getResourceBool("/FWBuilderResources/Target/options/suppress_comments"); + if ( !nocomm ) + { + string fwcomment=fw->getComment(); + string::size_type n1,n2; + n1=n2=0; + while ( (n2=fwcomment.find("\n",n1))!=string::npos ) + { + script << "# " << fwcomment.substr(n1,n2-n1) << endl; + n1=n2+1; + } + script << "# " << fwcomment.substr(n1) << endl; + script << "#\n#\n#\n"; + } + + script << shell_dbg << endl; + script << endl; + + script << "PATH=\"/sbin:/usr/sbin:/bin:/usr/bin:${PATH}\"" << endl; + script << "export PATH" << endl; + script << endl; + +/* + * print definitions for variables IPTABLES, IP, LOGGER. Some day we may + * add a choice of distro in the GUI. Right now paths are either default + * for a given distro, or custom strings entered by user in the GUI and stored + * in firewall options. + */ + script << oscnf->printPathForAllTools(DISTRO); + + string prolog_place= fw->getOptionsObject()->getStr("prolog_place"); + if (prolog_place == "") prolog_place="top"; + + if (prolog_place == "top") + { + script << + addPrologScript(nocomm, + fw->getOptionsObject()->getStr("prolog_script")); + } + + script << oscnf->getCompiledScript(); + + script << endl; + + if (prolog_place == "after_interfaces") + { + script << + addPrologScript(nocomm, + fw->getOptionsObject()->getStr("prolog_script")); + } + + script << "log '"; + if (omit_timestamp) + { + script << _("Activating firewall script"); + } else + { + script << _("Activating firewall script generated ") + << timestr << " " << _(" by ") +/* timezone removed because of bug #1205665 - sometimes timezone name + * has "'" in it which confuses shell and causes an error (for + * instance French daylight savings time is "Paris, Madrid (heure + * d'ete)" where 'e' are actually accented 'e') + * + * << timestr << " " << tzname[stm->tm_isdst] << _(" by ") + */ + << user_name; + } + + script << "'" << endl; + + script << endl; + + if (options->getBool("use_iptables_restore")) + { + if (have_dynamic_interfaces) + { + script << "(" << endl; + + script << c.flushAndSetDefaultPolicy(); + + if (prolog_place == "after_flush") + { + script << addPrologScript(nocomm, + fw->getOptionsObject()->getStr("prolog_script")); + } + + script << c.getCompiledScript(); + script << c.commit(); + + if (m.getCompiledScriptLength()>0) + { + script << m.flushAndSetDefaultPolicy(); + script << m.getCompiledScript(); + script << m.commit(); + } + if (n.getCompiledScriptLength()>0) + { + script << n.flushAndSetDefaultPolicy(); + script << n.getCompiledScript(); + script << n.commit(); + } + script << "#" << endl; + script << ") | $IPTABLES_RESTORE" << endl; + } else + { + script << "cat << EOF | $IPTABLES_RESTORE" << endl; + + script << c.flushAndSetDefaultPolicy(); + + if (prolog_place == "after_flush") + { + script << addPrologScript(nocomm, + fw->getOptionsObject()->getStr("prolog_script")); + } + + script << c.getCompiledScript(); + script << c.commit(); + + if (m.getCompiledScriptLength()>0) + { + script << m.flushAndSetDefaultPolicy(); + script << m.getCompiledScript(); + script << m.commit(); + } + if (n.getCompiledScriptLength()>0) + { + script << n.flushAndSetDefaultPolicy(); + script << n.getCompiledScript(); + script << n.commit(); + } + script << "#" << endl; + script << "EOF" << endl; + } + } else + { + + script << c.flushAndSetDefaultPolicy(); + if (m.getCompiledScriptLength()>0) + script << m.flushAndSetDefaultPolicy(); + if (n.getCompiledScriptLength()>0) + script << n.flushAndSetDefaultPolicy(); + + if (prolog_place == "after_flush") + { + script << addPrologScript(nocomm, + fw->getOptionsObject()->getStr("prolog_script")); + } + + if (n.getCompiledScriptLength()>0) + { + script << n.getCompiledScript(); + script << n.commit(); + } + + if (m.getCompiledScriptLength()>0) + { + script << m.getCompiledScript(); + script << m.commit(); + } + + script << c.getCompiledScript(); + script << c.commit(); + } + script << r.getCompiledScript(); + + + + + oscnf->epilog(); + script << oscnf->getCompiledScript(); + + if ( !nocomm ) + { + script << endl; + script << "#" << endl; + script << "# Epilog script" << endl; + script << "#" << endl; + } + + string post_hook= fw->getOptionsObject()->getStr("epilog_script"); + script << post_hook << endl; + + if ( !nocomm ) + { + script << endl; + script << "# End of epilog script" << endl; + script << "#" << endl; + } + + script << endl; + + string sbuf = script.str(); + +/* starting with 2.0.3 we copy script to linksys using scp and do not + * need to escape double quotes and '$' anymore + */ + +#if 0 + if ( Resources::getTargetOptionBool(fw->getStr("host_OS"), + "escape_everything") ) + { +/* need to escape single and double quotes, as well as '$' in the script */ + + string::size_type i; + + i = 0; + while ( (i=sbuf.find('\"',i))!=string::npos ) + { + sbuf.replace(i,1,"\\\""); + i+=2; + } + + i = 0; + while ( (i=sbuf.find('\'',i))!=string::npos ) + { + sbuf.replace(i,1,"\\\'"); + i+=2; + } + + i = 0; + while ( (i=sbuf.find('`',i))!=string::npos ) + { + sbuf.replace(i,1,"\\`"); + i+=2; + } + + i = 0; + while ( (i=sbuf.find('$',i))!=string::npos ) + { + sbuf.replace(i,1,"\\$"); + i+=2; + } + } +#endif + + ofstream fw_file; + fw_file.exceptions(ofstream::eofbit|ofstream::failbit|ofstream::badbit); + +#ifdef _WIN32 + fw_file.open(fw_file_name.c_str(), ios::out|ios::binary); +#else + fw_file.open(fw_file_name.c_str()); +#endif + + fw_file << sbuf << endl; + fw_file.close(); + +#ifdef _WIN32 + _chmod(fw_file_name.c_str(),_S_IREAD|_S_IWRITE); +#else + chmod(fw_file_name.c_str(),S_IXUSR|S_IRUSR|S_IWUSR|S_IRGRP); +#endif + + cout << _(" Compiled successfully") << endl << flush; + + return 0; + + } catch(const FWException &ex) { + cerr << "Error: " << ex.toString() << endl; + return 1; +#if __GNUC__ >= 3 +/* need to check version because std::ios::failure does not seem to be + * supported in gcc 2.9.5 on FreeBSD 4.10 */ + } catch (const std::ios::failure &e) { + cerr << "Error while opening or writing to the output file" << endl; + return 1; +#endif + } catch (const std::string &s) { + cerr << s << endl; + return 1; + } catch (const std::exception &ex) { + cerr << ex.what() << endl; + return 1; + } catch (...) { + cerr << _("Unsupported exception") << endl; + return 1; + } + +} diff --git a/src/ipt/ipt.pro b/src/ipt/ipt.pro new file mode 100644 index 000000000..659840195 --- /dev/null +++ b/src/ipt/ipt.pro @@ -0,0 +1,40 @@ +#-*- mode: makefile; tab-width: 4; -*- +# +include(../../qmake.inc) +# +# +SOURCES = ipt.cpp \ + OSConfigurator_linux24.cpp \ + OSData.cpp \ + combinedAddress.cpp \ + PolicyCompiler_ipt.cpp \ + PolicyCompiler_PrintRule.cpp \ + PolicyCompiler_PrintRuleIptRst.cpp \ + PolicyCompiler_PrintRuleIptRstEcho.cpp \ + PolicyCompiler_ipt_optimizer.cpp \ + NATCompiler_ipt.cpp \ + NATCompiler_PrintRule.cpp \ + NATCompiler_PrintRuleIptRst.cpp \ + NATCompiler_PrintRuleIptRstEcho.cpp \ + MangleTableCompiler_ipt.cpp \ + RoutingCompiler_ipt.cpp \ + RoutingCompiler_ipt_writers.cpp + +HEADERS = ../../config.h \ + combinedAddress.h \ + PolicyCompiler_ipt.h \ + NATCompiler_ipt.h \ + MangleTableCompiler_ipt.h \ + RoutingCompiler_ipt.h \ + OSConfigurator_linux24.h \ + OSData.h + +QMAKE_COPY = ../../install.sh -m 0755 -s + +win32:CONFIG += console + +TARGET = fwb_ipt + +LIBS += $$LIBS_FWCOMPILER + + diff --git a/src/parsers/IOSCfgLexer.cpp b/src/parsers/IOSCfgLexer.cpp new file mode 100644 index 000000000..936b26be1 --- /dev/null +++ b/src/parsers/IOSCfgLexer.cpp @@ -0,0 +1,1543 @@ +/* $ANTLR 2.7.4: "iosacl.g" -> "IOSCfgLexer.cpp"$ */ +#line 42 "iosacl.g" + + // gets inserted before the antlr generated includes in the cpp + // file + +#line 8 "IOSCfgLexer.cpp" +#include "IOSCfgLexer.hpp" +#include +#include +#include +#include +#include +#include +#include + +#line 48 "iosacl.g" + + // gets inserted after the antlr generated includes in the cpp + // file +#include +#include + +#include "../gui/IOSImporter.h" + +#line 27 "IOSCfgLexer.cpp" +#line 1 "iosacl.g" +#line 29 "IOSCfgLexer.cpp" +IOSCfgLexer::IOSCfgLexer(ANTLR_USE_NAMESPACE(std)istream& in) + : ANTLR_USE_NAMESPACE(antlr)CharScanner(new ANTLR_USE_NAMESPACE(antlr)CharBuffer(in),true) +{ + initLiterals(); +} + +IOSCfgLexer::IOSCfgLexer(ANTLR_USE_NAMESPACE(antlr)InputBuffer& ib) + : ANTLR_USE_NAMESPACE(antlr)CharScanner(ib,true) +{ + initLiterals(); +} + +IOSCfgLexer::IOSCfgLexer(const ANTLR_USE_NAMESPACE(antlr)LexerSharedInputState& state) + : ANTLR_USE_NAMESPACE(antlr)CharScanner(state,true) +{ + initLiterals(); +} + +void IOSCfgLexer::initLiterals() +{ + literals["host"] = 24; + literals["log"] = 27; + literals["access-list"] = 11; + literals["interface"] = 33; + literals["remark"] = 35; + literals["exit"] = 40; + literals["udp"] = 18; + literals["tcp"] = 17; + literals["eq"] = 19; + literals["ip"] = 5; + literals["access-group"] = 37; + literals["time-range"] = 31; + literals["version"] = 7; + literals["icmp"] = 16; + literals["description"] = 34; + literals["secondary"] = 39; + literals["lt"] = 21; + literals["range"] = 23; + literals["log-input"] = 28; + literals["standard"] = 42; + literals["gt"] = 20; + literals["permit"] = 14; + literals["extended"] = 13; + literals["address"] = 38; + literals["established"] = 29; + literals["neq"] = 22; + literals["vlan"] = 32; + literals["any"] = 26; + literals["deny"] = 15; + literals["shutdown"] = 36; + literals["hostname"] = 9; + literals["fragments"] = 30; +} + +ANTLR_USE_NAMESPACE(antlr)RefToken IOSCfgLexer::nextToken() +{ + ANTLR_USE_NAMESPACE(antlr)RefToken theRetToken; + for (;;) { + ANTLR_USE_NAMESPACE(antlr)RefToken theRetToken; + int _ttype = ANTLR_USE_NAMESPACE(antlr)Token::INVALID_TYPE; + resetText(); + try { // for lexical and char stream error handling + switch ( LA(1)) { + case 0x21 /* '!' */ : + { + mLINE_COMMENT(true); + theRetToken=_returnToken; + break; + } + case 0xa /* '\n' */ : + case 0xd /* '\r' */ : + { + mNEWLINE(true); + theRetToken=_returnToken; + break; + } + case 0x30 /* '0' */ : + case 0x31 /* '1' */ : + case 0x32 /* '2' */ : + case 0x33 /* '3' */ : + case 0x34 /* '4' */ : + case 0x35 /* '5' */ : + case 0x36 /* '6' */ : + case 0x37 /* '7' */ : + case 0x38 /* '8' */ : + case 0x39 /* '9' */ : + { + mNUMBER(true); + theRetToken=_returnToken; + break; + } + case 0x2e /* '.' */ : + { + mDOT(true); + theRetToken=_returnToken; + break; + } + case 0x24 /* '$' */ : + case 0x41 /* 'A' */ : + case 0x42 /* 'B' */ : + case 0x43 /* 'C' */ : + case 0x44 /* 'D' */ : + case 0x45 /* 'E' */ : + case 0x46 /* 'F' */ : + case 0x47 /* 'G' */ : + case 0x48 /* 'H' */ : + case 0x49 /* 'I' */ : + case 0x4a /* 'J' */ : + case 0x4b /* 'K' */ : + case 0x4c /* 'L' */ : + case 0x4d /* 'M' */ : + case 0x4e /* 'N' */ : + case 0x4f /* 'O' */ : + case 0x50 /* 'P' */ : + case 0x51 /* 'Q' */ : + case 0x52 /* 'R' */ : + case 0x53 /* 'S' */ : + case 0x54 /* 'T' */ : + case 0x55 /* 'U' */ : + case 0x56 /* 'V' */ : + case 0x57 /* 'W' */ : + case 0x58 /* 'X' */ : + case 0x59 /* 'Y' */ : + case 0x5a /* 'Z' */ : + case 0x61 /* 'a' */ : + case 0x62 /* 'b' */ : + case 0x63 /* 'c' */ : + case 0x64 /* 'd' */ : + case 0x65 /* 'e' */ : + case 0x66 /* 'f' */ : + case 0x67 /* 'g' */ : + case 0x68 /* 'h' */ : + case 0x69 /* 'i' */ : + case 0x6a /* 'j' */ : + case 0x6b /* 'k' */ : + case 0x6c /* 'l' */ : + case 0x6d /* 'm' */ : + case 0x6e /* 'n' */ : + case 0x6f /* 'o' */ : + case 0x70 /* 'p' */ : + case 0x71 /* 'q' */ : + case 0x72 /* 'r' */ : + case 0x73 /* 's' */ : + case 0x74 /* 't' */ : + case 0x75 /* 'u' */ : + case 0x76 /* 'v' */ : + case 0x77 /* 'w' */ : + case 0x78 /* 'x' */ : + case 0x79 /* 'y' */ : + case 0x7a /* 'z' */ : + { + mWORD(true); + theRetToken=_returnToken; + break; + } + case 0x22 /* '"' */ : + { + mSTRING(true); + theRetToken=_returnToken; + break; + } + case 0x23 /* '#' */ : + { + mNUMBER_SIGN(true); + theRetToken=_returnToken; + break; + } + case 0x25 /* '%' */ : + { + mPERCENT(true); + theRetToken=_returnToken; + break; + } + case 0x26 /* '&' */ : + { + mAMPERSAND(true); + theRetToken=_returnToken; + break; + } + case 0x27 /* '\'' */ : + { + mAPOSTROPHE(true); + theRetToken=_returnToken; + break; + } + case 0x28 /* '(' */ : + { + mOPENING_PAREN(true); + theRetToken=_returnToken; + break; + } + case 0x29 /* ')' */ : + { + mCLOSING_PAREN(true); + theRetToken=_returnToken; + break; + } + case 0x2a /* '*' */ : + { + mSTAR(true); + theRetToken=_returnToken; + break; + } + case 0x2b /* '+' */ : + { + mPLUS(true); + theRetToken=_returnToken; + break; + } + case 0x2c /* ',' */ : + { + mCOMMA(true); + theRetToken=_returnToken; + break; + } + case 0x2d /* '-' */ : + { + mMINUS(true); + theRetToken=_returnToken; + break; + } + case 0x2f /* '/' */ : + { + mSLASH(true); + theRetToken=_returnToken; + break; + } + case 0x3a /* ':' */ : + { + mCOLON(true); + theRetToken=_returnToken; + break; + } + case 0x3b /* ';' */ : + { + mSEMICOLON(true); + theRetToken=_returnToken; + break; + } + case 0x3c /* '<' */ : + { + mLESS_THAN(true); + theRetToken=_returnToken; + break; + } + case 0x3d /* '=' */ : + { + mEQUALS(true); + theRetToken=_returnToken; + break; + } + case 0x3e /* '>' */ : + { + mGREATER_THAN(true); + theRetToken=_returnToken; + break; + } + case 0x3f /* '?' */ : + { + mQUESTION(true); + theRetToken=_returnToken; + break; + } + case 0x40 /* '@' */ : + { + mCOMMERCIAL_AT(true); + theRetToken=_returnToken; + break; + } + case 0x5b /* '[' */ : + { + mOPENING_SQUARE(true); + theRetToken=_returnToken; + break; + } + case 0x5d /* ']' */ : + { + mCLOSING_SQUARE(true); + theRetToken=_returnToken; + break; + } + case 0x5e /* '^' */ : + { + mCARET(true); + theRetToken=_returnToken; + break; + } + case 0x5f /* '_' */ : + { + mUNDERLINE(true); + theRetToken=_returnToken; + break; + } + case 0x7b /* '{' */ : + { + mOPENING_BRACE(true); + theRetToken=_returnToken; + break; + } + case 0x7d /* '}' */ : + { + mCLOSING_BRACE(true); + theRetToken=_returnToken; + break; + } + case 0x7e /* '~' */ : + { + mTILDE(true); + theRetToken=_returnToken; + break; + } + default: + if ((_tokenSet_0.member(LA(1)))) { + mWhitespace(true); + theRetToken=_returnToken; + } + else { + if (LA(1)==EOF_CHAR) + { + uponEOF(); + _returnToken = makeToken(ANTLR_USE_NAMESPACE(antlr)Token::EOF_TYPE); + } + else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + } + if ( !_returnToken ) + goto tryAgain; // found SKIP token + + _ttype = _returnToken->getType(); + _ttype = testLiteralsTable(_ttype); + _returnToken->setType(_ttype); + return _returnToken; + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& e) { + throw ANTLR_USE_NAMESPACE(antlr)TokenStreamRecognitionException(e); + } + catch (ANTLR_USE_NAMESPACE(antlr)CharStreamIOException& csie) { + throw ANTLR_USE_NAMESPACE(antlr)TokenStreamIOException(csie.io); + } + catch (ANTLR_USE_NAMESPACE(antlr)CharStreamException& cse) { + throw ANTLR_USE_NAMESPACE(antlr)TokenStreamException(cse.getMessage()); + } +tryAgain:; + } +} + +void IOSCfgLexer::mLINE_COMMENT(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = LINE_COMMENT; + int _saveIndex; + + match("!"); + { // ( ... )* + for (;;) { + if ((_tokenSet_1.member(LA(1)))) { + { + match(_tokenSet_1); + } + } + else { + goto _loop79; + } + + } + _loop79:; + } // ( ... )* + mNEWLINE(false); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IOSCfgLexer::mNEWLINE(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = NEWLINE; + int _saveIndex; + + { + if ((LA(1) == 0xd /* '\r' */ ) && (LA(2) == 0xa /* '\n' */ )) { + match("\r\n"); + } + else if ((LA(1) == 0xd /* '\r' */ ) && (true)) { + match('\r'); + } + else if ((LA(1) == 0xa /* '\n' */ )) { + match('\n'); + } + else { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn()); + } + + } + if ( inputState->guessing==0 ) { +#line 656 "iosacl.g" + newline(); +#line 428 "IOSCfgLexer.cpp" + } + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IOSCfgLexer::mWhitespace(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = Whitespace; + int _saveIndex; + + { + switch ( LA(1)) { + case 0x3 /* '\3' */ : + case 0x4 /* '\4' */ : + case 0x5 /* '\5' */ : + case 0x6 /* '\6' */ : + case 0x7 /* '\7' */ : + case 0x8 /* '\10' */ : + { + matchRange('\3','\10'); + break; + } + case 0x9 /* '\t' */ : + { + match('\t'); + break; + } + case 0xb /* '\13' */ : + { + match('\13'); + break; + } + case 0xc /* '\14' */ : + { + match('\14'); + break; + } + case 0xe /* '\16' */ : + case 0xf /* '\17' */ : + case 0x10 /* '\20' */ : + case 0x11 /* '\21' */ : + case 0x12 /* '\22' */ : + case 0x13 /* '\23' */ : + case 0x14 /* '\24' */ : + case 0x15 /* '\25' */ : + case 0x16 /* '\26' */ : + case 0x17 /* '\27' */ : + case 0x18 /* '\30' */ : + case 0x19 /* '\31' */ : + case 0x1a /* '\32' */ : + case 0x1b /* '\33' */ : + case 0x1c /* '\34' */ : + case 0x1d /* '\35' */ : + case 0x1e /* '\36' */ : + case 0x1f /* '\37' */ : + { + matchRange('\16','\37'); + break; + } + case 0x20 /* ' ' */ : + { + match(' '); + break; + } + default: + if (((LA(1) >= 0x7f && LA(1) <= 0xff))) { + matchRange('\177',static_cast(255)); + } + else { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn()); + } + } + } + if ( inputState->guessing==0 ) { +#line 651 "iosacl.g" + _ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP; +#line 509 "IOSCfgLexer.cpp" + } + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IOSCfgLexer::mINT_CONST(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = INT_CONST; + int _saveIndex; + + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IOSCfgLexer::mHEX_CONST(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = HEX_CONST; + int _saveIndex; + + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IOSCfgLexer::mNEG_INT_CONST(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = NEG_INT_CONST; + int _saveIndex; + + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IOSCfgLexer::mDIGIT(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = DIGIT; + int _saveIndex; + + matchRange('0','9'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IOSCfgLexer::mHEXDIGIT(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = HEXDIGIT; + int _saveIndex; + + switch ( LA(1)) { + case 0x30 /* '0' */ : + case 0x31 /* '1' */ : + case 0x32 /* '2' */ : + case 0x33 /* '3' */ : + case 0x34 /* '4' */ : + case 0x35 /* '5' */ : + case 0x36 /* '6' */ : + case 0x37 /* '7' */ : + case 0x38 /* '8' */ : + case 0x39 /* '9' */ : + { + matchRange('0','9'); + break; + } + case 0x41 /* 'A' */ : + case 0x42 /* 'B' */ : + case 0x43 /* 'C' */ : + case 0x44 /* 'D' */ : + case 0x45 /* 'E' */ : + case 0x46 /* 'F' */ : + { + matchRange('A','F'); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn()); + } + } + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IOSCfgLexer::mNUMBER(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = NUMBER; + int _saveIndex; + + { + bool synPredMatched98 = false; + if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_2.member(LA(2))) && (_tokenSet_2.member(LA(3))) && (_tokenSet_2.member(LA(4))) && (_tokenSet_2.member(LA(5))) && (_tokenSet_2.member(LA(6))) && (_tokenSet_2.member(LA(7))) && (true) && (true) && (true))) { + int _m98 = mark(); + synPredMatched98 = true; + inputState->guessing++; + try { + { + { // ( ... )+ + int _cnt93=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt93>=1 ) { goto _loop93; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt93++; + } + _loop93:; + } // ( ... )+ + mDOT(false); + { // ( ... )+ + int _cnt95=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt95>=1 ) { goto _loop95; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt95++; + } + _loop95:; + } // ( ... )+ + mDOT(false); + { // ( ... )+ + int _cnt97=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt97>=1 ) { goto _loop97; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt97++; + } + _loop97:; + } // ( ... )+ + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { + synPredMatched98 = false; + } + rewind(_m98); + inputState->guessing--; + } + if ( synPredMatched98 ) { + { + { // ( ... )+ + int _cnt101=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt101>=1 ) { goto _loop101; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt101++; + } + _loop101:; + } // ( ... )+ + mDOT(false); + { // ( ... )+ + int _cnt103=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt103>=1 ) { goto _loop103; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt103++; + } + _loop103:; + } // ( ... )+ + mDOT(false); + { // ( ... )+ + int _cnt105=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt105>=1 ) { goto _loop105; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt105++; + } + _loop105:; + } // ( ... )+ + mDOT(false); + { // ( ... )+ + int _cnt107=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt107>=1 ) { goto _loop107; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt107++; + } + _loop107:; + } // ( ... )+ + } + if ( inputState->guessing==0 ) { +#line 676 "iosacl.g" + _ttype = IPV4; +#line 745 "IOSCfgLexer.cpp" + } + } + else { + bool synPredMatched113 = false; + if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_2.member(LA(2))) && (_tokenSet_2.member(LA(3))) && (true) && (true) && (true) && (true) && (true) && (true) && (true))) { + int _m113 = mark(); + synPredMatched113 = true; + inputState->guessing++; + try { + { + { // ( ... )+ + int _cnt110=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt110>=1 ) { goto _loop110; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt110++; + } + _loop110:; + } // ( ... )+ + mDOT(false); + { // ( ... )+ + int _cnt112=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt112>=1 ) { goto _loop112; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt112++; + } + _loop112:; + } // ( ... )+ + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { + synPredMatched113 = false; + } + rewind(_m113); + inputState->guessing--; + } + if ( synPredMatched113 ) { + { + { // ( ... )+ + int _cnt116=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt116>=1 ) { goto _loop116; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt116++; + } + _loop116:; + } // ( ... )+ + mDOT(false); + { // ( ... )+ + int _cnt118=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt118>=1 ) { goto _loop118; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt118++; + } + _loop118:; + } // ( ... )+ + } + } + else if ((LA(1) == 0x30 /* '0' */ ) && (LA(2) == 0x78 /* 'x' */ )) { + { + match('0'); + match('x'); + { // ( ... )+ + int _cnt123=0; + for (;;) { + if ((_tokenSet_3.member(LA(1)))) { + mHEXDIGIT(false); + } + else { + if ( _cnt123>=1 ) { goto _loop123; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt123++; + } + _loop123:; + } // ( ... )+ + } + if ( inputState->guessing==0 ) { +#line 682 "iosacl.g" + _ttype = HEX_CONST; +#line 848 "IOSCfgLexer.cpp" + } + } + else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true)) { + { // ( ... )+ + int _cnt120=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt120>=1 ) { goto _loop120; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt120++; + } + _loop120:; + } // ( ... )+ + if ( inputState->guessing==0 ) { +#line 680 "iosacl.g" + _ttype = INT_CONST; +#line 869 "IOSCfgLexer.cpp" + } + } + else { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn()); + } + } + } + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IOSCfgLexer::mDOT(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = DOT; + int _saveIndex; + + match('.'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IOSCfgLexer::mWORD(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = WORD; + int _saveIndex; + + { + switch ( LA(1)) { + case 0x61 /* 'a' */ : + case 0x62 /* 'b' */ : + case 0x63 /* 'c' */ : + case 0x64 /* 'd' */ : + case 0x65 /* 'e' */ : + case 0x66 /* 'f' */ : + case 0x67 /* 'g' */ : + case 0x68 /* 'h' */ : + case 0x69 /* 'i' */ : + case 0x6a /* 'j' */ : + case 0x6b /* 'k' */ : + case 0x6c /* 'l' */ : + case 0x6d /* 'm' */ : + case 0x6e /* 'n' */ : + case 0x6f /* 'o' */ : + case 0x70 /* 'p' */ : + case 0x71 /* 'q' */ : + case 0x72 /* 'r' */ : + case 0x73 /* 's' */ : + case 0x74 /* 't' */ : + case 0x75 /* 'u' */ : + case 0x76 /* 'v' */ : + case 0x77 /* 'w' */ : + case 0x78 /* 'x' */ : + case 0x79 /* 'y' */ : + case 0x7a /* 'z' */ : + { + matchRange('a','z'); + break; + } + case 0x41 /* 'A' */ : + case 0x42 /* 'B' */ : + case 0x43 /* 'C' */ : + case 0x44 /* 'D' */ : + case 0x45 /* 'E' */ : + case 0x46 /* 'F' */ : + case 0x47 /* 'G' */ : + case 0x48 /* 'H' */ : + case 0x49 /* 'I' */ : + case 0x4a /* 'J' */ : + case 0x4b /* 'K' */ : + case 0x4c /* 'L' */ : + case 0x4d /* 'M' */ : + case 0x4e /* 'N' */ : + case 0x4f /* 'O' */ : + case 0x50 /* 'P' */ : + case 0x51 /* 'Q' */ : + case 0x52 /* 'R' */ : + case 0x53 /* 'S' */ : + case 0x54 /* 'T' */ : + case 0x55 /* 'U' */ : + case 0x56 /* 'V' */ : + case 0x57 /* 'W' */ : + case 0x58 /* 'X' */ : + case 0x59 /* 'Y' */ : + case 0x5a /* 'Z' */ : + { + matchRange('A','Z'); + break; + } + case 0x24 /* '$' */ : + { + match('$'); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn()); + } + } + } + { // ( ... )* + for (;;) { + switch ( LA(1)) { + case 0x21 /* '!' */ : + case 0x22 /* '"' */ : + case 0x23 /* '#' */ : + case 0x24 /* '$' */ : + case 0x25 /* '%' */ : + case 0x26 /* '&' */ : + case 0x27 /* '\'' */ : + case 0x28 /* '(' */ : + case 0x29 /* ')' */ : + case 0x2a /* '*' */ : + case 0x2b /* '+' */ : + case 0x2c /* ',' */ : + case 0x2d /* '-' */ : + case 0x2e /* '.' */ : + case 0x2f /* '/' */ : + { + matchRange('!','/'); + break; + } + case 0x30 /* '0' */ : + case 0x31 /* '1' */ : + case 0x32 /* '2' */ : + case 0x33 /* '3' */ : + case 0x34 /* '4' */ : + case 0x35 /* '5' */ : + case 0x36 /* '6' */ : + case 0x37 /* '7' */ : + case 0x38 /* '8' */ : + case 0x39 /* '9' */ : + { + matchRange('0','9'); + break; + } + case 0x3a /* ':' */ : + { + match(':'); + break; + } + case 0x3b /* ';' */ : + { + match(';'); + break; + } + case 0x3c /* '<' */ : + { + match('<'); + break; + } + case 0x3d /* '=' */ : + { + match('='); + break; + } + case 0x3e /* '>' */ : + { + match('>'); + break; + } + case 0x3f /* '?' */ : + { + match('?'); + break; + } + case 0x40 /* '@' */ : + { + match('@'); + break; + } + case 0x41 /* 'A' */ : + case 0x42 /* 'B' */ : + case 0x43 /* 'C' */ : + case 0x44 /* 'D' */ : + case 0x45 /* 'E' */ : + case 0x46 /* 'F' */ : + case 0x47 /* 'G' */ : + case 0x48 /* 'H' */ : + case 0x49 /* 'I' */ : + case 0x4a /* 'J' */ : + case 0x4b /* 'K' */ : + case 0x4c /* 'L' */ : + case 0x4d /* 'M' */ : + case 0x4e /* 'N' */ : + case 0x4f /* 'O' */ : + case 0x50 /* 'P' */ : + case 0x51 /* 'Q' */ : + case 0x52 /* 'R' */ : + case 0x53 /* 'S' */ : + case 0x54 /* 'T' */ : + case 0x55 /* 'U' */ : + case 0x56 /* 'V' */ : + case 0x57 /* 'W' */ : + case 0x58 /* 'X' */ : + case 0x59 /* 'Y' */ : + case 0x5a /* 'Z' */ : + { + matchRange('A','Z'); + break; + } + case 0x5c /* '\\' */ : + { + match('\\'); + break; + } + case 0x5e /* '^' */ : + { + match('^'); + break; + } + case 0x5f /* '_' */ : + { + match('_'); + break; + } + case 0x60 /* '`' */ : + { + match('`'); + break; + } + case 0x61 /* 'a' */ : + case 0x62 /* 'b' */ : + case 0x63 /* 'c' */ : + case 0x64 /* 'd' */ : + case 0x65 /* 'e' */ : + case 0x66 /* 'f' */ : + case 0x67 /* 'g' */ : + case 0x68 /* 'h' */ : + case 0x69 /* 'i' */ : + case 0x6a /* 'j' */ : + case 0x6b /* 'k' */ : + case 0x6c /* 'l' */ : + case 0x6d /* 'm' */ : + case 0x6e /* 'n' */ : + case 0x6f /* 'o' */ : + case 0x70 /* 'p' */ : + case 0x71 /* 'q' */ : + case 0x72 /* 'r' */ : + case 0x73 /* 's' */ : + case 0x74 /* 't' */ : + case 0x75 /* 'u' */ : + case 0x76 /* 'v' */ : + case 0x77 /* 'w' */ : + case 0x78 /* 'x' */ : + case 0x79 /* 'y' */ : + case 0x7a /* 'z' */ : + { + matchRange('a','z'); + break; + } + default: + { + goto _loop127; + } + } + } + _loop127:; + } // ( ... )* + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IOSCfgLexer::mSTRING(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = STRING; + int _saveIndex; + + match('"'); + { // ( ... )* + for (;;) { + if ((_tokenSet_4.member(LA(1)))) { + matchNot('"'); + } + else { + goto _loop130; + } + + } + _loop130:; + } // ( ... )* + match('"'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IOSCfgLexer::mNUMBER_SIGN(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = NUMBER_SIGN; + int _saveIndex; + + match('#'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IOSCfgLexer::mPERCENT(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = PERCENT; + int _saveIndex; + + match('%'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IOSCfgLexer::mAMPERSAND(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = AMPERSAND; + int _saveIndex; + + match('&'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IOSCfgLexer::mAPOSTROPHE(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = APOSTROPHE; + int _saveIndex; + + match('\''); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IOSCfgLexer::mOPENING_PAREN(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = OPENING_PAREN; + int _saveIndex; + + match('('); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IOSCfgLexer::mCLOSING_PAREN(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = CLOSING_PAREN; + int _saveIndex; + + match(')'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IOSCfgLexer::mSTAR(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = STAR; + int _saveIndex; + + match('*'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IOSCfgLexer::mPLUS(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = PLUS; + int _saveIndex; + + match('+'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IOSCfgLexer::mCOMMA(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = COMMA; + int _saveIndex; + + match(','); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IOSCfgLexer::mMINUS(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = MINUS; + int _saveIndex; + + match('-'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IOSCfgLexer::mSLASH(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = SLASH; + int _saveIndex; + + match('/'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IOSCfgLexer::mCOLON(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = COLON; + int _saveIndex; + + match(':'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IOSCfgLexer::mSEMICOLON(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = SEMICOLON; + int _saveIndex; + + match(';'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IOSCfgLexer::mLESS_THAN(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = LESS_THAN; + int _saveIndex; + + match('<'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IOSCfgLexer::mEQUALS(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = EQUALS; + int _saveIndex; + + match('='); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IOSCfgLexer::mGREATER_THAN(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = GREATER_THAN; + int _saveIndex; + + match('>'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IOSCfgLexer::mQUESTION(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = QUESTION; + int _saveIndex; + + match('?'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IOSCfgLexer::mCOMMERCIAL_AT(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = COMMERCIAL_AT; + int _saveIndex; + + match('@'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IOSCfgLexer::mOPENING_SQUARE(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = OPENING_SQUARE; + int _saveIndex; + + match('['); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IOSCfgLexer::mCLOSING_SQUARE(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = CLOSING_SQUARE; + int _saveIndex; + + match(']'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IOSCfgLexer::mCARET(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = CARET; + int _saveIndex; + + match('^'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IOSCfgLexer::mUNDERLINE(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = UNDERLINE; + int _saveIndex; + + match('_'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IOSCfgLexer::mOPENING_BRACE(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = OPENING_BRACE; + int _saveIndex; + + match('{'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IOSCfgLexer::mCLOSING_BRACE(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = CLOSING_BRACE; + int _saveIndex; + + match('}'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IOSCfgLexer::mTILDE(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = TILDE; + int _saveIndex; + + match('~'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + + +const unsigned long IOSCfgLexer::_tokenSet_0_data_[] = { 4294958072UL, 1UL, 0UL, 2147483648UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xb 0xc 0xe 0xf 0x10 0x11 0x12 0x13 0x14 +// 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f +const ANTLR_USE_NAMESPACE(antlr)BitSet IOSCfgLexer::_tokenSet_0(_tokenSet_0_data_,16); +const unsigned long IOSCfgLexer::_tokenSet_1_data_[] = { 4294958072UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xb 0xc 0xe 0xf 0x10 0x11 0x12 0x13 0x14 +// 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f ! " # $ % & +// \' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F G H +// I +const ANTLR_USE_NAMESPACE(antlr)BitSet IOSCfgLexer::_tokenSet_1(_tokenSet_1_data_,16); +const unsigned long IOSCfgLexer::_tokenSet_2_data_[] = { 0UL, 67059712UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// . 0 1 2 3 4 5 6 7 8 9 +const ANTLR_USE_NAMESPACE(antlr)BitSet IOSCfgLexer::_tokenSet_2(_tokenSet_2_data_,10); +const unsigned long IOSCfgLexer::_tokenSet_3_data_[] = { 0UL, 67043328UL, 126UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// 0 1 2 3 4 5 6 7 8 9 A B C D E F +const ANTLR_USE_NAMESPACE(antlr)BitSet IOSCfgLexer::_tokenSet_3(_tokenSet_3_data_,10); +const unsigned long IOSCfgLexer::_tokenSet_4_data_[] = { 4294967288UL, 4294967291UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xa 0xb 0xc 0xd 0xe 0xf 0x10 0x11 0x12 0x13 +// 0x14 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f ! # $ +// % & \' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F +// G H I +const ANTLR_USE_NAMESPACE(antlr)BitSet IOSCfgLexer::_tokenSet_4(_tokenSet_4_data_,16); + diff --git a/src/parsers/IOSCfgLexer.hpp b/src/parsers/IOSCfgLexer.hpp new file mode 100644 index 000000000..03f1e17f1 --- /dev/null +++ b/src/parsers/IOSCfgLexer.hpp @@ -0,0 +1,100 @@ +#ifndef INC_IOSCfgLexer_hpp_ +#define INC_IOSCfgLexer_hpp_ + +#line 27 "iosacl.g" + + // gets inserted before antlr generated includes in the header + // file + +#line 10 "IOSCfgLexer.hpp" +#include +/* $ANTLR 2.7.4: "iosacl.g" -> "IOSCfgLexer.hpp"$ */ +#include +#include +#include +#include "IOSCfgParserTokenTypes.hpp" +#include +#line 32 "iosacl.g" + + // gets inserted after antlr generated includes in the header file + // outside any generated namespace specifications + +#include + +class IOSImporter; + +#line 27 "IOSCfgLexer.hpp" +#line 58 "iosacl.g" + + // gets inserted after generated namespace specifications in the + // header file. But outside the generated class. + +#line 33 "IOSCfgLexer.hpp" +class CUSTOM_API IOSCfgLexer : public ANTLR_USE_NAMESPACE(antlr)CharScanner, public IOSCfgParserTokenTypes +{ +#line 1 "iosacl.g" +#line 37 "IOSCfgLexer.hpp" +private: + void initLiterals(); +public: + bool getCaseSensitiveLiterals() const + { + return true; + } +public: + IOSCfgLexer(ANTLR_USE_NAMESPACE(std)istream& in); + IOSCfgLexer(ANTLR_USE_NAMESPACE(antlr)InputBuffer& ib); + IOSCfgLexer(const ANTLR_USE_NAMESPACE(antlr)LexerSharedInputState& state); + ANTLR_USE_NAMESPACE(antlr)RefToken nextToken(); + public: void mLINE_COMMENT(bool _createToken); + public: void mNEWLINE(bool _createToken); + public: void mWhitespace(bool _createToken); + protected: void mINT_CONST(bool _createToken); + protected: void mHEX_CONST(bool _createToken); + protected: void mNEG_INT_CONST(bool _createToken); + protected: void mDIGIT(bool _createToken); + protected: void mHEXDIGIT(bool _createToken); + public: void mNUMBER(bool _createToken); + public: void mDOT(bool _createToken); + public: void mWORD(bool _createToken); + public: void mSTRING(bool _createToken); + public: void mNUMBER_SIGN(bool _createToken); + public: void mPERCENT(bool _createToken); + public: void mAMPERSAND(bool _createToken); + public: void mAPOSTROPHE(bool _createToken); + public: void mOPENING_PAREN(bool _createToken); + public: void mCLOSING_PAREN(bool _createToken); + public: void mSTAR(bool _createToken); + public: void mPLUS(bool _createToken); + public: void mCOMMA(bool _createToken); + public: void mMINUS(bool _createToken); + public: void mSLASH(bool _createToken); + public: void mCOLON(bool _createToken); + public: void mSEMICOLON(bool _createToken); + public: void mLESS_THAN(bool _createToken); + public: void mEQUALS(bool _createToken); + public: void mGREATER_THAN(bool _createToken); + public: void mQUESTION(bool _createToken); + public: void mCOMMERCIAL_AT(bool _createToken); + public: void mOPENING_SQUARE(bool _createToken); + public: void mCLOSING_SQUARE(bool _createToken); + public: void mCARET(bool _createToken); + public: void mUNDERLINE(bool _createToken); + public: void mOPENING_BRACE(bool _createToken); + public: void mCLOSING_BRACE(bool _createToken); + public: void mTILDE(bool _createToken); +private: + + static const unsigned long _tokenSet_0_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_0; + static const unsigned long _tokenSet_1_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_1; + static const unsigned long _tokenSet_2_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_2; + static const unsigned long _tokenSet_3_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_3; + static const unsigned long _tokenSet_4_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_4; +}; + +#endif /*INC_IOSCfgLexer_hpp_*/ diff --git a/src/parsers/IOSCfgParser.cpp b/src/parsers/IOSCfgParser.cpp new file mode 100644 index 000000000..79e591450 --- /dev/null +++ b/src/parsers/IOSCfgParser.cpp @@ -0,0 +1,1947 @@ +/* $ANTLR 2.7.4: "iosacl.g" -> "IOSCfgParser.cpp"$ */ +#line 42 "iosacl.g" + + // gets inserted before the antlr generated includes in the cpp + // file + +#line 8 "IOSCfgParser.cpp" +#include "IOSCfgParser.hpp" +#include +#include +#include +#line 48 "iosacl.g" + + // gets inserted after the antlr generated includes in the cpp + // file +#include +#include + +#include "../gui/IOSImporter.h" + +#line 22 "IOSCfgParser.cpp" +#line 1 "iosacl.g" +#line 24 "IOSCfgParser.cpp" +IOSCfgParser::IOSCfgParser(ANTLR_USE_NAMESPACE(antlr)TokenBuffer& tokenBuf, int k) +: ANTLR_USE_NAMESPACE(antlr)LLkParser(tokenBuf,k) +{ +} + +IOSCfgParser::IOSCfgParser(ANTLR_USE_NAMESPACE(antlr)TokenBuffer& tokenBuf) +: ANTLR_USE_NAMESPACE(antlr)LLkParser(tokenBuf,2) +{ +} + +IOSCfgParser::IOSCfgParser(ANTLR_USE_NAMESPACE(antlr)TokenStream& lexer, int k) +: ANTLR_USE_NAMESPACE(antlr)LLkParser(lexer,k) +{ +} + +IOSCfgParser::IOSCfgParser(ANTLR_USE_NAMESPACE(antlr)TokenStream& lexer) +: ANTLR_USE_NAMESPACE(antlr)LLkParser(lexer,2) +{ +} + +IOSCfgParser::IOSCfgParser(const ANTLR_USE_NAMESPACE(antlr)ParserSharedInputState& state) +: ANTLR_USE_NAMESPACE(antlr)LLkParser(state,2) +{ +} + +void IOSCfgParser::cfgfile() { + + try { // for error handling + { // ( ... )+ + int _cnt3=0; + for (;;) { + switch ( LA(1)) { + case LINE_COMMENT: + { + comment(); + break; + } + case IOSVERSION: + { + version(); + break; + } + case HOSTNAME: + { + hostname(); + break; + } + case IP: + { + ip_commands(); + break; + } + case INTRFACE: + { + intrface(); + break; + } + case VLAN: + { + vlan(); + break; + } + case ACCESS_LIST: + { + access_list_commands(); + break; + } + case EXIT: + { + exit(); + break; + } + case DESCRIPTION: + { + description(); + break; + } + case SHUTDOWN: + { + shutdown(); + break; + } + case WORD: + { + unknown_command(); + break; + } + case NEWLINE: + { + match(NEWLINE); + break; + } + default: + { + if ( _cnt3>=1 ) { goto _loop3; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());} + } + } + _cnt3++; + } + _loop3:; + } // ( ... )+ + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_0); + } else { + throw; + } + } +} + +void IOSCfgParser::comment() { + + try { // for error handling + match(LINE_COMMENT); + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_1); + } else { + throw; + } + } +} + +void IOSCfgParser::version() { + ANTLR_USE_NAMESPACE(antlr)RefToken v = ANTLR_USE_NAMESPACE(antlr)nullToken; + + try { // for error handling + match(IOSVERSION); + v = LT(1); + match(NUMBER); + if ( inputState->guessing==0 ) { +#line 126 "iosacl.g" + + *dbg << "VERSION " << v->getText() << std::endl; + +#line 166 "IOSCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_2); + } else { + throw; + } + } +} + +void IOSCfgParser::hostname() { + + try { // for error handling + match(HOSTNAME); + { + switch ( LA(1)) { + case STRING: + { + match(STRING); + break; + } + case WORD: + { + match(WORD); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + if ( inputState->guessing==0 ) { +#line 133 "iosacl.g" + + importer->setHostName( LT(0)->getText() ); + *dbg << "HOSTNAME " + << "LT0=" << LT(0)->getText() + << std::endl; + +#line 210 "IOSCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_2); + } else { + throw; + } + } +} + +void IOSCfgParser::ip_commands() { + + try { // for error handling + match(IP); + { + switch ( LA(1)) { + case ACCESS_LIST: + { + ip_access_list_ext(); + break; + } + case ACCESS_GROUP: + case ADDRESS: + { + interface_known_ip_commands(); + break; + } + case WORD: + { + unknown_command(); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_2); + } else { + throw; + } + } +} + +void IOSCfgParser::intrface() { + ANTLR_USE_NAMESPACE(antlr)RefToken in = ANTLR_USE_NAMESPACE(antlr)nullToken; + + try { // for error handling + match(INTRFACE); + in = LT(1); + match(WORD); + if ( inputState->guessing==0 ) { +#line 443 "iosacl.g" + + importer->newInterface( in->getText() ); + *dbg << in->getLine() << ":" + << " INTRFACE: " << in->getText() << std::endl; + +#line 278 "IOSCfgParser.cpp" + } + match(NEWLINE); + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_2); + } else { + throw; + } + } +} + +void IOSCfgParser::vlan() { + + try { // for error handling + match(VLAN); + { + switch ( LA(1)) { + case WORD: + { + match(WORD); + break; + } + case INT_CONST: + { + match(INT_CONST); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + if ( inputState->guessing==0 ) { +#line 434 "iosacl.g" + + importer->clearCurrentInterface(); + consumeUntil(NEWLINE); + +#line 321 "IOSCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_2); + } else { + throw; + } + } +} + +void IOSCfgParser::access_list_commands() { + ANTLR_USE_NAMESPACE(antlr)RefToken acl_num = ANTLR_USE_NAMESPACE(antlr)nullToken; + + try { // for error handling + match(ACCESS_LIST); + acl_num = LT(1); + match(INT_CONST); + if ( inputState->guessing==0 ) { +#line 148 "iosacl.g" + + importer->newUnidirRuleSet( std::string("acl_") + acl_num->getText() ); + *dbg << acl_num->getLine() << ":" + << " ACL #" << acl_num->getText() << " "; + +#line 349 "IOSCfgParser.cpp" + } + { + if ((LA(1) == PERMIT) && (LA(2) == IPV4 || LA(2) == ANY)) { + permit_std(); + } + else if ((LA(1) == DENY) && (LA(2) == IPV4 || LA(2) == ANY)) { + deny_std(); + } + else if ((LA(1) == PERMIT) && (_tokenSet_3.member(LA(2)))) { + permit_ext(); + } + else if ((LA(1) == DENY) && (_tokenSet_3.member(LA(2)))) { + deny_ext(); + } + else if ((LA(1) == REMARK)) { + remark(); + } + else { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_2); + } else { + throw; + } + } +} + +void IOSCfgParser::exit() { + + try { // for error handling + match(EXIT); + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_2); + } else { + throw; + } + } +} + +void IOSCfgParser::description() { + + try { // for error handling + match(DESCRIPTION); + if ( inputState->guessing==0 ) { +#line 454 "iosacl.g" + + *dbg << LT(1)->getLine() << ":"; + std::string descr; + while (LA(1) != ANTLR_USE_NAMESPACE(antlr)Token::EOF_TYPE && LA(1) != NEWLINE) + { + descr += LT(1)->getText() + " "; + consume(); + } + importer->addInterfaceComment( descr ); + *dbg << " INTERFACE DESCRIPTION " << descr << std::endl; + //consumeUntil(NEWLINE); + +#line 418 "IOSCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_2); + } else { + throw; + } + } +} + +void IOSCfgParser::shutdown() { + + try { // for error handling + match(SHUTDOWN); + if ( inputState->guessing==0 ) { +#line 487 "iosacl.g" + + *dbg<< LT(1)->getLine() << ":" + << " INTERFACE SHUTDOWN " << std::endl; + +#line 442 "IOSCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_2); + } else { + throw; + } + } +} + +void IOSCfgParser::unknown_command() { + + try { // for error handling + match(WORD); + if ( inputState->guessing==0 ) { +#line 119 "iosacl.g" + + consumeUntil(NEWLINE); + +#line 465 "IOSCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_2); + } else { + throw; + } + } +} + +void IOSCfgParser::ip_access_list_ext() { + ANTLR_USE_NAMESPACE(antlr)RefToken name = ANTLR_USE_NAMESPACE(antlr)nullToken; + + try { // for error handling + match(ACCESS_LIST); + match(EXTENDED); + name = LT(1); + match(WORD); + if ( inputState->guessing==0 ) { +#line 169 "iosacl.g" + + importer->newUnidirRuleSet( name->getText() ); + *dbg << name->getLine() << ":" + << " ACL ext " << name->getText() << std::endl; + +#line 494 "IOSCfgParser.cpp" + } + match(NEWLINE); + { // ( ... )+ + int _cnt14=0; + for (;;) { + switch ( LA(1)) { + case PERMIT: + { + permit_ext(); + break; + } + case DENY: + { + deny_ext(); + break; + } + case REMARK: + { + remark(); + break; + } + default: + if ((LA(1) == LINE_COMMENT) && (_tokenSet_1.member(LA(2)))) { + comment(); + } + else if ((LA(1) == NEWLINE) && (_tokenSet_1.member(LA(2)))) { + match(NEWLINE); + } + else { + if ( _cnt14>=1 ) { goto _loop14; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());} + } + } + _cnt14++; + } + _loop14:; + } // ( ... )+ + if ( inputState->guessing==0 ) { +#line 186 "iosacl.g" + + *dbg << LT(0)->getLine() << ":" + << " ACL end" << std::endl << std::endl; + +#line 537 "IOSCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_2); + } else { + throw; + } + } +} + +void IOSCfgParser::interface_known_ip_commands() { + + try { // for error handling + { + if ((LA(1) == ACCESS_GROUP) && (LA(2) == WORD)) { + access_group_by_name(); + } + else if ((LA(1) == ACCESS_GROUP) && (LA(2) == INT_CONST)) { + access_group_by_number(); + } + else if ((LA(1) == ADDRESS)) { + intf_address(); + } + else { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + + } + match(NEWLINE); + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_2); + } else { + throw; + } + } +} + +void IOSCfgParser::permit_std() { + + try { // for error handling + match(PERMIT); + if ( inputState->guessing==0 ) { +#line 219 "iosacl.g" + + importer->newPolicyRule(); + importer->action = "permit"; + *dbg << LT(1)->getLine() << ":" << " permit "; + +#line 593 "IOSCfgParser.cpp" + } + rule_std(); + match(NEWLINE); + if ( inputState->guessing==0 ) { +#line 225 "iosacl.g" + + importer->pushRule(); + +#line 602 "IOSCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_2); + } else { + throw; + } + } +} + +void IOSCfgParser::deny_std() { + + try { // for error handling + match(DENY); + if ( inputState->guessing==0 ) { +#line 231 "iosacl.g" + + importer->newPolicyRule(); + importer->action = "deny"; + *dbg << LT(1)->getLine() << ":" << " deny "; + +#line 627 "IOSCfgParser.cpp" + } + rule_std(); + match(NEWLINE); + if ( inputState->guessing==0 ) { +#line 237 "iosacl.g" + + importer->pushRule(); + +#line 636 "IOSCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_2); + } else { + throw; + } + } +} + +void IOSCfgParser::permit_ext() { + + try { // for error handling + match(PERMIT); + if ( inputState->guessing==0 ) { +#line 194 "iosacl.g" + + importer->newPolicyRule(); + importer->action = "permit"; + *dbg << LT(1)->getLine() << ":" << " permit "; + +#line 661 "IOSCfgParser.cpp" + } + rule_ext(); + match(NEWLINE); + if ( inputState->guessing==0 ) { +#line 200 "iosacl.g" + + importer->pushRule(); + +#line 670 "IOSCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_1); + } else { + throw; + } + } +} + +void IOSCfgParser::deny_ext() { + + try { // for error handling + match(DENY); + if ( inputState->guessing==0 ) { +#line 206 "iosacl.g" + + importer->newPolicyRule(); + importer->action = "deny"; + *dbg << LT(1)->getLine() << ":" << " deny "; + +#line 695 "IOSCfgParser.cpp" + } + rule_ext(); + match(NEWLINE); + if ( inputState->guessing==0 ) { +#line 212 "iosacl.g" + + importer->pushRule(); + +#line 704 "IOSCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_1); + } else { + throw; + } + } +} + +void IOSCfgParser::remark() { + + try { // for error handling + match(REMARK); + if ( inputState->guessing==0 ) { +#line 472 "iosacl.g" + + *dbg << LT(1)->getLine() << ":"; + std::string rem; + while (LA(1) != ANTLR_USE_NAMESPACE(antlr)Token::EOF_TYPE && LA(1) != NEWLINE) + { + rem += LT(1)->getText() + " "; + consume(); + } + importer->addRuleComment( rem ); + *dbg << " REMARK " << rem << std::endl; + //consumeUntil(NEWLINE); + +#line 736 "IOSCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_1); + } else { + throw; + } + } +} + +void IOSCfgParser::rule_ext() { + + try { // for error handling + { + switch ( LA(1)) { + case IP: + case WORD: + { + ip_protocols(); + hostaddr_ext(); + if ( inputState->guessing==0 ) { +#line 247 "iosacl.g" + importer->SaveTmpAddrToSrc(); *dbg << "(src) "; +#line 763 "IOSCfgParser.cpp" + } + hostaddr_ext(); + if ( inputState->guessing==0 ) { +#line 248 "iosacl.g" + importer->SaveTmpAddrToDst(); *dbg << "(dst) "; +#line 769 "IOSCfgParser.cpp" + } + { + switch ( LA(1)) { + case TIME_RANGE: + { + time_range(); + break; + } + case NEWLINE: + case LOG: + case LOG_INPUT: + case FRAGMENTS: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + switch ( LA(1)) { + case FRAGMENTS: + { + fragments(); + break; + } + case NEWLINE: + case LOG: + case LOG_INPUT: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + switch ( LA(1)) { + case LOG: + case LOG_INPUT: + { + log(); + break; + } + case NEWLINE: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + break; + } + case ICMP: + { + match(ICMP); + if ( inputState->guessing==0 ) { +#line 254 "iosacl.g" + + importer->protocol = LT(0)->getText(); + *dbg << "protocol " << LT(0)->getText() << " "; + +#line 839 "IOSCfgParser.cpp" + } + hostaddr_ext(); + if ( inputState->guessing==0 ) { +#line 258 "iosacl.g" + importer->SaveTmpAddrToSrc(); *dbg << "(src) "; +#line 845 "IOSCfgParser.cpp" + } + hostaddr_ext(); + if ( inputState->guessing==0 ) { +#line 259 "iosacl.g" + importer->SaveTmpAddrToDst(); *dbg << "(dst) "; +#line 851 "IOSCfgParser.cpp" + } + { + switch ( LA(1)) { + case WORD: + case INT_CONST: + { + icmp_spec(); + break; + } + case NEWLINE: + case LOG: + case LOG_INPUT: + case FRAGMENTS: + case TIME_RANGE: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + switch ( LA(1)) { + case TIME_RANGE: + { + time_range(); + break; + } + case NEWLINE: + case LOG: + case LOG_INPUT: + case FRAGMENTS: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + switch ( LA(1)) { + case FRAGMENTS: + { + fragments(); + break; + } + case NEWLINE: + case LOG: + case LOG_INPUT: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + switch ( LA(1)) { + case LOG: + case LOG_INPUT: + { + log(); + break; + } + case NEWLINE: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + break; + } + case TCP: + case UDP: + { + { + switch ( LA(1)) { + case TCP: + { + match(TCP); + break; + } + case UDP: + { + match(UDP); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + if ( inputState->guessing==0 ) { +#line 266 "iosacl.g" + + importer->protocol = LT(0)->getText(); + *dbg << "protocol " << LT(0)->getText() << " "; + +#line 961 "IOSCfgParser.cpp" + } + hostaddr_ext(); + if ( inputState->guessing==0 ) { +#line 270 "iosacl.g" + importer->SaveTmpAddrToSrc(); *dbg << "(src) "; +#line 967 "IOSCfgParser.cpp" + } + { + switch ( LA(1)) { + case P_EQ: + case P_GT: + case P_LT: + case P_NEQ: + case P_RANGE: + { + xoperator(); + if ( inputState->guessing==0 ) { +#line 271 "iosacl.g" + importer->SaveTmpPortToSrc(); +#line 981 "IOSCfgParser.cpp" + } + break; + } + case HOST: + case IPV4: + case ANY: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + hostaddr_ext(); + if ( inputState->guessing==0 ) { +#line 272 "iosacl.g" + importer->SaveTmpAddrToDst(); *dbg << "(dst) "; +#line 1001 "IOSCfgParser.cpp" + } + { + switch ( LA(1)) { + case P_EQ: + case P_GT: + case P_LT: + case P_NEQ: + case P_RANGE: + { + xoperator(); + if ( inputState->guessing==0 ) { +#line 273 "iosacl.g" + importer->SaveTmpPortToDst(); +#line 1015 "IOSCfgParser.cpp" + } + break; + } + case NEWLINE: + case LOG: + case LOG_INPUT: + case ESTABLISHED: + case FRAGMENTS: + case TIME_RANGE: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + switch ( LA(1)) { + case ESTABLISHED: + { + established(); + break; + } + case NEWLINE: + case LOG: + case LOG_INPUT: + case FRAGMENTS: + case TIME_RANGE: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + switch ( LA(1)) { + case TIME_RANGE: + { + time_range(); + break; + } + case NEWLINE: + case LOG: + case LOG_INPUT: + case FRAGMENTS: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + switch ( LA(1)) { + case FRAGMENTS: + { + fragments(); + break; + } + case NEWLINE: + case LOG: + case LOG_INPUT: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + switch ( LA(1)) { + case LOG: + case LOG_INPUT: + { + log(); + break; + } + case NEWLINE: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + if ( inputState->guessing==0 ) { +#line 279 "iosacl.g" + + *dbg << std::endl; + +#line 1125 "IOSCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } else { + throw; + } + } +} + +void IOSCfgParser::rule_std() { + + try { // for error handling + { + hostaddr_std(); + if ( inputState->guessing==0 ) { +#line 287 "iosacl.g" + importer->SaveTmpAddrToSrc(); *dbg << "(std) "; +#line 1147 "IOSCfgParser.cpp" + } + { + switch ( LA(1)) { + case LOG: + case LOG_INPUT: + { + log(); + break; + } + case NEWLINE: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + if ( inputState->guessing==0 ) { +#line 290 "iosacl.g" + + *dbg << std::endl; + +#line 1173 "IOSCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } else { + throw; + } + } +} + +void IOSCfgParser::ip_protocols() { + + try { // for error handling + { + switch ( LA(1)) { + case IP: + { + match(IP); + break; + } + case WORD: + { + match(WORD); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + if ( inputState->guessing==0 ) { +#line 298 "iosacl.g" + + importer->protocol = LT(0)->getText(); + *dbg << "protocol " << LT(0)->getText() << " "; + +#line 1214 "IOSCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_5); + } else { + throw; + } + } +} + +void IOSCfgParser::hostaddr_ext() { + ANTLR_USE_NAMESPACE(antlr)RefToken h = ANTLR_USE_NAMESPACE(antlr)nullToken; + ANTLR_USE_NAMESPACE(antlr)RefToken a = ANTLR_USE_NAMESPACE(antlr)nullToken; + ANTLR_USE_NAMESPACE(antlr)RefToken m = ANTLR_USE_NAMESPACE(antlr)nullToken; + + try { // for error handling + switch ( LA(1)) { + case HOST: + { + { + match(HOST); + h = LT(1); + match(IPV4); + } + if ( inputState->guessing==0 ) { +#line 350 "iosacl.g" + + importer->tmp_a = h->getText(); + importer->tmp_nm = "0.0.0.0"; + *dbg << h->getText() << "/0.0.0.0"; + +#line 1249 "IOSCfgParser.cpp" + } + break; + } + case IPV4: + { + { + a = LT(1); + match(IPV4); + m = LT(1); + match(IPV4); + } + if ( inputState->guessing==0 ) { +#line 357 "iosacl.g" + + importer->tmp_a = a->getText(); + importer->tmp_nm = m->getText(); + *dbg << a->getText() << "/" << m->getText(); + +#line 1268 "IOSCfgParser.cpp" + } + break; + } + case ANY: + { + match(ANY); + if ( inputState->guessing==0 ) { +#line 364 "iosacl.g" + + importer->tmp_a = "0.0.0.0"; + importer->tmp_nm = "0.0.0.0"; + *dbg << "0.0.0.0/0.0.0.0"; + +#line 1282 "IOSCfgParser.cpp" + } + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_6); + } else { + throw; + } + } +} + +void IOSCfgParser::time_range() { + ANTLR_USE_NAMESPACE(antlr)RefToken tr_name = ANTLR_USE_NAMESPACE(antlr)nullToken; + + try { // for error handling + match(TIME_RANGE); + tr_name = LT(1); + match(WORD); + if ( inputState->guessing==0 ) { +#line 416 "iosacl.g" + + importer->time_range_name = tr_name->getText(); + *dbg << "time_range " << tr_name->getText() << " "; + +#line 1316 "IOSCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_7); + } else { + throw; + } + } +} + +void IOSCfgParser::fragments() { + + try { // for error handling + match(FRAGMENTS); + if ( inputState->guessing==0 ) { +#line 409 "iosacl.g" + + importer->fragments = true; + *dbg << "fragments "; + +#line 1340 "IOSCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_8); + } else { + throw; + } + } +} + +void IOSCfgParser::log() { + + try { // for error handling + { + switch ( LA(1)) { + case LOG: + { + match(LOG); + break; + } + case LOG_INPUT: + { + match(LOG_INPUT); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + if ( inputState->guessing==0 ) { +#line 395 "iosacl.g" + + importer->logging = true; + *dbg << "logging "; + +#line 1381 "IOSCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } else { + throw; + } + } +} + +void IOSCfgParser::icmp_spec() { + ANTLR_USE_NAMESPACE(antlr)RefToken icmp_type = ANTLR_USE_NAMESPACE(antlr)nullToken; + ANTLR_USE_NAMESPACE(antlr)RefToken icmp_code = ANTLR_USE_NAMESPACE(antlr)nullToken; + ANTLR_USE_NAMESPACE(antlr)RefToken icmp_word = ANTLR_USE_NAMESPACE(antlr)nullToken; + + try { // for error handling + { + switch ( LA(1)) { + case INT_CONST: + { + { + icmp_type = LT(1); + match(INT_CONST); + icmp_code = LT(1); + match(INT_CONST); + } + if ( inputState->guessing==0 ) { +#line 306 "iosacl.g" + + importer->icmp_type = icmp_type->getText(); + importer->icmp_code = icmp_code->getText(); + importer->icmp_spec = ""; + *dbg << icmp_type->getText() << " " + << icmp_code->getText() << " "; + +#line 1420 "IOSCfgParser.cpp" + } + break; + } + case WORD: + { + icmp_word = LT(1); + match(WORD); + if ( inputState->guessing==0 ) { +#line 315 "iosacl.g" + + importer->icmp_spec = icmp_word->getText(); + *dbg << icmp_word->getText() << " "; + +#line 1434 "IOSCfgParser.cpp" + } + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_9); + } else { + throw; + } + } +} + +void IOSCfgParser::xoperator() { + + try { // for error handling + switch ( LA(1)) { + case P_EQ: + case P_GT: + case P_LT: + case P_NEQ: + { + single_port_op(); + break; + } + case P_RANGE: + { + port_range(); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_10); + } else { + throw; + } + } +} + +void IOSCfgParser::established() { + + try { // for error handling + match(ESTABLISHED); + if ( inputState->guessing==0 ) { +#line 402 "iosacl.g" + + importer->established = true; + *dbg << "established "; + +#line 1500 "IOSCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_9); + } else { + throw; + } + } +} + +void IOSCfgParser::hostaddr_std() { + ANTLR_USE_NAMESPACE(antlr)RefToken h = ANTLR_USE_NAMESPACE(antlr)nullToken; + ANTLR_USE_NAMESPACE(antlr)RefToken a = ANTLR_USE_NAMESPACE(antlr)nullToken; + ANTLR_USE_NAMESPACE(antlr)RefToken m = ANTLR_USE_NAMESPACE(antlr)nullToken; + + try { // for error handling + if ((LA(1) == IPV4) && (LA(2) == NEWLINE || LA(2) == LOG || LA(2) == LOG_INPUT)) { + { + h = LT(1); + match(IPV4); + } + if ( inputState->guessing==0 ) { +#line 373 "iosacl.g" + + importer->tmp_a = h->getText(); + importer->tmp_nm = "0.0.0.0"; + *dbg << h->getText() << "/0.0.0.0"; + +#line 1532 "IOSCfgParser.cpp" + } + } + else if ((LA(1) == IPV4) && (LA(2) == IPV4)) { + { + a = LT(1); + match(IPV4); + m = LT(1); + match(IPV4); + } + if ( inputState->guessing==0 ) { +#line 380 "iosacl.g" + + importer->tmp_a = a->getText(); + importer->tmp_nm = m->getText(); + *dbg << a->getText() << "/" << m->getText(); + +#line 1549 "IOSCfgParser.cpp" + } + } + else if ((LA(1) == ANY)) { + match(ANY); + if ( inputState->guessing==0 ) { +#line 387 "iosacl.g" + + importer->tmp_a = "0.0.0.0"; + importer->tmp_nm = "0.0.0.0"; + *dbg << "0.0.0.0/0.0.0.0"; + +#line 1561 "IOSCfgParser.cpp" + } + } + else { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_8); + } else { + throw; + } + } +} + +void IOSCfgParser::single_port_op() { + + try { // for error handling + { + switch ( LA(1)) { + case P_EQ: + { + match(P_EQ); + break; + } + case P_GT: + { + match(P_GT); + break; + } + case P_LT: + { + match(P_LT); + break; + } + case P_NEQ: + { + match(P_NEQ); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + if ( inputState->guessing==0 ) { +#line 326 "iosacl.g" + + importer->tmp_port_op = LT(0)->getText(); + *dbg << LT(0)->getText() << " "; + +#line 1617 "IOSCfgParser.cpp" + } + port_spec(); + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_10); + } else { + throw; + } + } +} + +void IOSCfgParser::port_range() { + + try { // for error handling + match(P_RANGE); + if ( inputState->guessing==0 ) { +#line 334 "iosacl.g" + + importer->tmp_port_op = LT(0)->getText(); + *dbg << LT(0)->getText() << " "; + +#line 1642 "IOSCfgParser.cpp" + } + port_spec(); + port_spec(); + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_10); + } else { + throw; + } + } +} + +void IOSCfgParser::port_spec() { + + try { // for error handling + { + switch ( LA(1)) { + case WORD: + { + match(WORD); + break; + } + case INT_CONST: + { + match(INT_CONST); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + if ( inputState->guessing==0 ) { +#line 342 "iosacl.g" + + importer->tmp_port_spec += (std::string(" ") + LT(0)->getText()); + *dbg << LT(0)->getText() << " "; + +#line 1685 "IOSCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_11); + } else { + throw; + } + } +} + +void IOSCfgParser::access_group_by_name() { + ANTLR_USE_NAMESPACE(antlr)RefToken acln = ANTLR_USE_NAMESPACE(antlr)nullToken; + ANTLR_USE_NAMESPACE(antlr)RefToken dir = ANTLR_USE_NAMESPACE(antlr)nullToken; + + try { // for error handling + match(ACCESS_GROUP); + acln = LT(1); + match(WORD); + dir = LT(1); + match(WORD); + if ( inputState->guessing==0 ) { +#line 513 "iosacl.g" + + importer->setInterfaceAndDirectionForRuleSet( + acln->getText(), + "", + dir->getText() ); + *dbg << LT(1)->getLine() << ":" + << " INTRFACE: ACL '" << acln->getText() << "'" + << " " << dir->getText() << std::endl; + +#line 1720 "IOSCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } else { + throw; + } + } +} + +void IOSCfgParser::access_group_by_number() { + ANTLR_USE_NAMESPACE(antlr)RefToken acln = ANTLR_USE_NAMESPACE(antlr)nullToken; + ANTLR_USE_NAMESPACE(antlr)RefToken dir = ANTLR_USE_NAMESPACE(antlr)nullToken; + + try { // for error handling + match(ACCESS_GROUP); + acln = LT(1); + match(INT_CONST); + dir = LT(1); + match(WORD); + if ( inputState->guessing==0 ) { +#line 528 "iosacl.g" + + importer->setInterfaceAndDirectionForRuleSet( + std::string("acl_") + acln->getText(), + "", + dir->getText() ); + *dbg << LT(1)->getLine() << ":" + << " INTRFACE: ACL '" << acln->getText() << "'" + << " " << dir->getText() << std::endl; + +#line 1755 "IOSCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } else { + throw; + } + } +} + +void IOSCfgParser::intf_address() { + ANTLR_USE_NAMESPACE(antlr)RefToken a = ANTLR_USE_NAMESPACE(antlr)nullToken; + ANTLR_USE_NAMESPACE(antlr)RefToken m = ANTLR_USE_NAMESPACE(antlr)nullToken; + ANTLR_USE_NAMESPACE(antlr)RefToken s = ANTLR_USE_NAMESPACE(antlr)nullToken; + + try { // for error handling + match(ADDRESS); + a = LT(1); + match(IPV4); + m = LT(1); + match(IPV4); + { + switch ( LA(1)) { + case SECONDARY: + { + s = LT(1); + match(SECONDARY); + break; + } + case NEWLINE: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + if ( inputState->guessing==0 ) { +#line 540 "iosacl.g" + + importer->addInterfaceAddress(a->getText(), m->getText()); + *dbg << LT(1)->getLine() << ":" + << " INTRFACE ADDRESS: " << a->getText() + << "/" << m->getText() << " "; + if (s) + { + *dbg << s->getText(); + } + *dbg << std::endl; + +#line 1811 "IOSCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } else { + throw; + } + } +} + +void IOSCfgParser::initializeASTFactory( ANTLR_USE_NAMESPACE(antlr)ASTFactory& ) +{ +} +const char* IOSCfgParser::tokenNames[] = { + "<0>", + "EOF", + "<2>", + "NULL_TREE_LOOKAHEAD", + "NEWLINE", + "\"ip\"", + "WORD", + "\"version\"", + "NUMBER", + "\"hostname\"", + "STRING", + "\"access-list\"", + "INT_CONST", + "\"extended\"", + "\"permit\"", + "\"deny\"", + "\"icmp\"", + "\"tcp\"", + "\"udp\"", + "\"eq\"", + "\"gt\"", + "\"lt\"", + "\"neq\"", + "\"range\"", + "\"host\"", + "IPV4", + "\"any\"", + "\"log\"", + "\"log-input\"", + "\"established\"", + "\"fragments\"", + "\"time-range\"", + "\"vlan\"", + "\"interface\"", + "\"description\"", + "\"remark\"", + "\"shutdown\"", + "\"access-group\"", + "\"address\"", + "\"secondary\"", + "\"exit\"", + "LINE_COMMENT", + "\"standard\"", + "Whitespace", + "HEX_CONST", + "NEG_INT_CONST", + "DIGIT", + "HEXDIGIT", + "NUMBER_SIGN", + "PERCENT", + "AMPERSAND", + "APOSTROPHE", + "OPENING_PAREN", + "CLOSING_PAREN", + "STAR", + "PLUS", + "COMMA", + "MINUS", + "DOT", + "SLASH", + "COLON", + "SEMICOLON", + "LESS_THAN", + "EQUALS", + "GREATER_THAN", + "QUESTION", + "COMMERCIAL_AT", + "OPENING_SQUARE", + "CLOSING_SQUARE", + "CARET", + "UNDERLINE", + "OPENING_BRACE", + "CLOSING_BRACE", + "TILDE", + 0 +}; + +const unsigned long IOSCfgParser::_tokenSet_0_data_[] = { 2UL, 0UL, 0UL, 0UL }; +// EOF +const ANTLR_USE_NAMESPACE(antlr)BitSet IOSCfgParser::_tokenSet_0(_tokenSet_0_data_,4); +const unsigned long IOSCfgParser::_tokenSet_1_data_[] = { 51954UL, 799UL, 0UL, 0UL }; +// EOF NEWLINE "ip" WORD "version" "hostname" "access-list" "permit" "deny" +// "vlan" "interface" "description" "remark" "shutdown" "exit" LINE_COMMENT +const ANTLR_USE_NAMESPACE(antlr)BitSet IOSCfgParser::_tokenSet_1(_tokenSet_1_data_,4); +const unsigned long IOSCfgParser::_tokenSet_2_data_[] = { 2802UL, 791UL, 0UL, 0UL }; +// EOF NEWLINE "ip" WORD "version" "hostname" "access-list" "vlan" "interface" +// "description" "shutdown" "exit" LINE_COMMENT +const ANTLR_USE_NAMESPACE(antlr)BitSet IOSCfgParser::_tokenSet_2(_tokenSet_2_data_,4); +const unsigned long IOSCfgParser::_tokenSet_3_data_[] = { 458848UL, 0UL, 0UL, 0UL }; +// "ip" WORD "icmp" "tcp" "udp" +const ANTLR_USE_NAMESPACE(antlr)BitSet IOSCfgParser::_tokenSet_3(_tokenSet_3_data_,4); +const unsigned long IOSCfgParser::_tokenSet_4_data_[] = { 16UL, 0UL, 0UL, 0UL }; +// NEWLINE +const ANTLR_USE_NAMESPACE(antlr)BitSet IOSCfgParser::_tokenSet_4(_tokenSet_4_data_,4); +const unsigned long IOSCfgParser::_tokenSet_5_data_[] = { 117440512UL, 0UL, 0UL, 0UL }; +// "host" IPV4 "any" +const ANTLR_USE_NAMESPACE(antlr)BitSet IOSCfgParser::_tokenSet_5(_tokenSet_5_data_,4); +const unsigned long IOSCfgParser::_tokenSet_6_data_[] = { 4294447184UL, 0UL, 0UL, 0UL }; +// NEWLINE WORD INT_CONST "eq" "gt" "lt" "neq" "range" "host" IPV4 "any" +// "log" "log-input" "established" "fragments" "time-range" +const ANTLR_USE_NAMESPACE(antlr)BitSet IOSCfgParser::_tokenSet_6(_tokenSet_6_data_,4); +const unsigned long IOSCfgParser::_tokenSet_7_data_[] = { 1476395024UL, 0UL, 0UL, 0UL }; +// NEWLINE "log" "log-input" "fragments" +const ANTLR_USE_NAMESPACE(antlr)BitSet IOSCfgParser::_tokenSet_7(_tokenSet_7_data_,4); +const unsigned long IOSCfgParser::_tokenSet_8_data_[] = { 402653200UL, 0UL, 0UL, 0UL }; +// NEWLINE "log" "log-input" +const ANTLR_USE_NAMESPACE(antlr)BitSet IOSCfgParser::_tokenSet_8(_tokenSet_8_data_,4); +const unsigned long IOSCfgParser::_tokenSet_9_data_[] = { 3623878672UL, 0UL, 0UL, 0UL }; +// NEWLINE "log" "log-input" "fragments" "time-range" +const ANTLR_USE_NAMESPACE(antlr)BitSet IOSCfgParser::_tokenSet_9(_tokenSet_9_data_,4); +const unsigned long IOSCfgParser::_tokenSet_10_data_[] = { 4278190096UL, 0UL, 0UL, 0UL }; +// NEWLINE "host" IPV4 "any" "log" "log-input" "established" "fragments" +// "time-range" +const ANTLR_USE_NAMESPACE(antlr)BitSet IOSCfgParser::_tokenSet_10(_tokenSet_10_data_,4); +const unsigned long IOSCfgParser::_tokenSet_11_data_[] = { 4278194256UL, 0UL, 0UL, 0UL }; +// NEWLINE WORD INT_CONST "host" IPV4 "any" "log" "log-input" "established" +// "fragments" "time-range" +const ANTLR_USE_NAMESPACE(antlr)BitSet IOSCfgParser::_tokenSet_11(_tokenSet_11_data_,4); + + diff --git a/src/parsers/IOSCfgParser.hpp b/src/parsers/IOSCfgParser.hpp new file mode 100644 index 000000000..5780b344b --- /dev/null +++ b/src/parsers/IOSCfgParser.hpp @@ -0,0 +1,148 @@ +#ifndef INC_IOSCfgParser_hpp_ +#define INC_IOSCfgParser_hpp_ + +#line 27 "iosacl.g" + + // gets inserted before antlr generated includes in the header + // file + +#line 10 "IOSCfgParser.hpp" +#include +/* $ANTLR 2.7.4: "iosacl.g" -> "IOSCfgParser.hpp"$ */ +#include +#include +#include "IOSCfgParserTokenTypes.hpp" +#include + +#line 32 "iosacl.g" + + // gets inserted after antlr generated includes in the header file + // outside any generated namespace specifications + +#include + +class IOSImporter; + +#line 27 "IOSCfgParser.hpp" +#line 58 "iosacl.g" + + // gets inserted after generated namespace specifications in the + // header file. But outside the generated class. + +#line 33 "IOSCfgParser.hpp" +class CUSTOM_API IOSCfgParser : public ANTLR_USE_NAMESPACE(antlr)LLkParser, public IOSCfgParserTokenTypes +{ +#line 75 "iosacl.g" + +// additional methods and members + + public: + + std::ostream *dbg; + IOSImporter *importer; +#line 37 "IOSCfgParser.hpp" +public: + void initializeASTFactory( ANTLR_USE_NAMESPACE(antlr)ASTFactory& factory ); +protected: + IOSCfgParser(ANTLR_USE_NAMESPACE(antlr)TokenBuffer& tokenBuf, int k); +public: + IOSCfgParser(ANTLR_USE_NAMESPACE(antlr)TokenBuffer& tokenBuf); +protected: + IOSCfgParser(ANTLR_USE_NAMESPACE(antlr)TokenStream& lexer, int k); +public: + IOSCfgParser(ANTLR_USE_NAMESPACE(antlr)TokenStream& lexer); + IOSCfgParser(const ANTLR_USE_NAMESPACE(antlr)ParserSharedInputState& state); + int getNumTokens() const + { + return IOSCfgParser::NUM_TOKENS; + } + const char* getTokenName( int type ) const + { + if( type > getNumTokens() ) return 0; + return IOSCfgParser::tokenNames[type]; + } + const char* const* getTokenNames() const + { + return IOSCfgParser::tokenNames; + } + public: void cfgfile(); + public: void comment(); + public: void version(); + public: void hostname(); + public: void ip_commands(); + public: void intrface(); + public: void vlan(); + public: void access_list_commands(); + public: void exit(); + public: void description(); + public: void shutdown(); + public: void unknown_command(); + public: void ip_access_list_ext(); + public: void interface_known_ip_commands(); + public: void permit_std(); + public: void deny_std(); + public: void permit_ext(); + public: void deny_ext(); + public: void remark(); + public: void rule_ext(); + public: void rule_std(); + public: void ip_protocols(); + public: void hostaddr_ext(); + public: void time_range(); + public: void fragments(); + public: void log(); + public: void icmp_spec(); + public: void xoperator(); + public: void established(); + public: void hostaddr_std(); + public: void single_port_op(); + public: void port_range(); + public: void port_spec(); + public: void access_group_by_name(); + public: void access_group_by_number(); + public: void intf_address(); +public: + ANTLR_USE_NAMESPACE(antlr)RefAST getAST() + { + return returnAST; + } + +protected: + ANTLR_USE_NAMESPACE(antlr)RefAST returnAST; +private: + static const char* tokenNames[]; +#ifndef NO_STATIC_CONSTS + static const int NUM_TOKENS = 74; +#else + enum { + NUM_TOKENS = 74 + }; +#endif + + static const unsigned long _tokenSet_0_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_0; + static const unsigned long _tokenSet_1_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_1; + static const unsigned long _tokenSet_2_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_2; + static const unsigned long _tokenSet_3_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_3; + static const unsigned long _tokenSet_4_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_4; + static const unsigned long _tokenSet_5_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_5; + static const unsigned long _tokenSet_6_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_6; + static const unsigned long _tokenSet_7_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_7; + static const unsigned long _tokenSet_8_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_8; + static const unsigned long _tokenSet_9_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_9; + static const unsigned long _tokenSet_10_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_10; + static const unsigned long _tokenSet_11_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_11; +}; + +#endif /*INC_IOSCfgParser_hpp_*/ diff --git a/src/parsers/IOSCfgParserTokenTypes.hpp b/src/parsers/IOSCfgParserTokenTypes.hpp new file mode 100644 index 000000000..1f581983a --- /dev/null +++ b/src/parsers/IOSCfgParserTokenTypes.hpp @@ -0,0 +1,90 @@ +#ifndef INC_IOSCfgParserTokenTypes_hpp_ +#define INC_IOSCfgParserTokenTypes_hpp_ + +/* $ANTLR 2.7.4: "iosacl.g" -> "IOSCfgParserTokenTypes.hpp"$ */ + +#ifndef CUSTOM_API +# define CUSTOM_API +#endif + +#ifdef __cplusplus +struct CUSTOM_API IOSCfgParserTokenTypes { +#endif + enum { + EOF_ = 1, + NEWLINE = 4, + IP = 5, + WORD = 6, + IOSVERSION = 7, + NUMBER = 8, + HOSTNAME = 9, + STRING = 10, + ACCESS_LIST = 11, + INT_CONST = 12, + EXTENDED = 13, + PERMIT = 14, + DENY = 15, + ICMP = 16, + TCP = 17, + UDP = 18, + P_EQ = 19, + P_GT = 20, + P_LT = 21, + P_NEQ = 22, + P_RANGE = 23, + HOST = 24, + IPV4 = 25, + ANY = 26, + LOG = 27, + LOG_INPUT = 28, + ESTABLISHED = 29, + FRAGMENTS = 30, + TIME_RANGE = 31, + VLAN = 32, + INTRFACE = 33, + DESCRIPTION = 34, + REMARK = 35, + SHUTDOWN = 36, + ACCESS_GROUP = 37, + ADDRESS = 38, + SECONDARY = 39, + EXIT = 40, + LINE_COMMENT = 41, + STANDARD = 42, + Whitespace = 43, + HEX_CONST = 44, + NEG_INT_CONST = 45, + DIGIT = 46, + HEXDIGIT = 47, + NUMBER_SIGN = 48, + PERCENT = 49, + AMPERSAND = 50, + APOSTROPHE = 51, + OPENING_PAREN = 52, + CLOSING_PAREN = 53, + STAR = 54, + PLUS = 55, + COMMA = 56, + MINUS = 57, + DOT = 58, + SLASH = 59, + COLON = 60, + SEMICOLON = 61, + LESS_THAN = 62, + EQUALS = 63, + GREATER_THAN = 64, + QUESTION = 65, + COMMERCIAL_AT = 66, + OPENING_SQUARE = 67, + CLOSING_SQUARE = 68, + CARET = 69, + UNDERLINE = 70, + OPENING_BRACE = 71, + CLOSING_BRACE = 72, + TILDE = 73, + NULL_TREE_LOOKAHEAD = 3 + }; +#ifdef __cplusplus +}; +#endif +#endif /*INC_IOSCfgParserTokenTypes_hpp_*/ diff --git a/src/parsers/IPTCfgLexer.cpp b/src/parsers/IPTCfgLexer.cpp new file mode 100644 index 000000000..a7987d966 --- /dev/null +++ b/src/parsers/IPTCfgLexer.cpp @@ -0,0 +1,2505 @@ +/* $ANTLR 2.7.4: "iptables.g" -> "IPTCfgLexer.cpp"$ */ +#line 42 "iptables.g" + + // gets inserted before the antlr generated includes in the cpp + // file + +#line 8 "IPTCfgLexer.cpp" +#include "IPTCfgLexer.hpp" +#include +#include +#include +#include +#include +#include +#include + +#line 48 "iptables.g" + + // gets inserted after the antlr generated includes in the cpp + // file +#include +#include + +#include "../gui/IPTImporter.h" +#include "fwbuilder/TCPService.h" + +#include + + +#line 31 "IPTCfgLexer.cpp" +#line 1 "iptables.g" +#line 33 "IPTCfgLexer.cpp" +IPTCfgLexer::IPTCfgLexer(ANTLR_USE_NAMESPACE(std)istream& in) + : ANTLR_USE_NAMESPACE(antlr)CharScanner(new ANTLR_USE_NAMESPACE(antlr)CharBuffer(in),true) +{ + initLiterals(); +} + +IPTCfgLexer::IPTCfgLexer(ANTLR_USE_NAMESPACE(antlr)InputBuffer& ib) + : ANTLR_USE_NAMESPACE(antlr)CharScanner(ib,true) +{ + initLiterals(); +} + +IPTCfgLexer::IPTCfgLexer(const ANTLR_USE_NAMESPACE(antlr)LexerSharedInputState& state) + : ANTLR_USE_NAMESPACE(antlr)CharScanner(state,true) +{ + initLiterals(); +} + +void IPTCfgLexer::initLiterals() +{ + literals["SYN"] = 81; + literals["udp"] = 31; + literals["multiport"] = 70; + literals["tcp"] = 30; + literals["NEW"] = 59; + literals["INPUT"] = 9; + literals["mark"] = 65; + literals["PSH"] = 86; + literals["FIN"] = 83; + literals["RST"] = 84; + literals["RELATED"] = 61; + literals["state"] = 62; + literals["icmp"] = 32; + literals["ALL"] = 87; + literals["URG"] = 85; + literals["limit"] = 67; + literals["COMMIT"] = 6; + literals["INVALID"] = 58; + literals["ESTABLISHED"] = 60; + literals["OUTPUT"] = 11; + literals["ACK"] = 82; + literals["PREROUTING"] = 12; + literals["NONE"] = 88; + literals["FORWARD"] = 10; + literals["POSTROUTING"] = 13; +} + +ANTLR_USE_NAMESPACE(antlr)RefToken IPTCfgLexer::nextToken() +{ + ANTLR_USE_NAMESPACE(antlr)RefToken theRetToken; + for (;;) { + ANTLR_USE_NAMESPACE(antlr)RefToken theRetToken; + int _ttype = ANTLR_USE_NAMESPACE(antlr)Token::INVALID_TYPE; + resetText(); + try { // for lexical and char stream error handling + switch ( LA(1)) { + case 0xa /* '\n' */ : + case 0xd /* '\r' */ : + { + mNEWLINE(true); + theRetToken=_returnToken; + break; + } + case 0x30 /* '0' */ : + case 0x31 /* '1' */ : + case 0x32 /* '2' */ : + case 0x33 /* '3' */ : + case 0x34 /* '4' */ : + case 0x35 /* '5' */ : + case 0x36 /* '6' */ : + case 0x37 /* '7' */ : + case 0x38 /* '8' */ : + case 0x39 /* '9' */ : + { + mNUMBER(true); + theRetToken=_returnToken; + break; + } + case 0x2e /* '.' */ : + { + mDOT(true); + theRetToken=_returnToken; + break; + } + case 0x24 /* '$' */ : + case 0x41 /* 'A' */ : + case 0x42 /* 'B' */ : + case 0x43 /* 'C' */ : + case 0x44 /* 'D' */ : + case 0x45 /* 'E' */ : + case 0x46 /* 'F' */ : + case 0x47 /* 'G' */ : + case 0x48 /* 'H' */ : + case 0x49 /* 'I' */ : + case 0x4a /* 'J' */ : + case 0x4b /* 'K' */ : + case 0x4c /* 'L' */ : + case 0x4d /* 'M' */ : + case 0x4e /* 'N' */ : + case 0x4f /* 'O' */ : + case 0x50 /* 'P' */ : + case 0x51 /* 'Q' */ : + case 0x52 /* 'R' */ : + case 0x53 /* 'S' */ : + case 0x54 /* 'T' */ : + case 0x55 /* 'U' */ : + case 0x56 /* 'V' */ : + case 0x57 /* 'W' */ : + case 0x58 /* 'X' */ : + case 0x59 /* 'Y' */ : + case 0x5a /* 'Z' */ : + case 0x61 /* 'a' */ : + case 0x62 /* 'b' */ : + case 0x63 /* 'c' */ : + case 0x64 /* 'd' */ : + case 0x65 /* 'e' */ : + case 0x66 /* 'f' */ : + case 0x67 /* 'g' */ : + case 0x68 /* 'h' */ : + case 0x69 /* 'i' */ : + case 0x6a /* 'j' */ : + case 0x6b /* 'k' */ : + case 0x6c /* 'l' */ : + case 0x6d /* 'm' */ : + case 0x6e /* 'n' */ : + case 0x6f /* 'o' */ : + case 0x70 /* 'p' */ : + case 0x71 /* 'q' */ : + case 0x72 /* 'r' */ : + case 0x73 /* 's' */ : + case 0x74 /* 't' */ : + case 0x75 /* 'u' */ : + case 0x76 /* 'v' */ : + case 0x77 /* 'w' */ : + case 0x78 /* 'x' */ : + case 0x79 /* 'y' */ : + case 0x7a /* 'z' */ : + { + mWORD(true); + theRetToken=_returnToken; + break; + } + case 0x22 /* '"' */ : + { + mSTRING(true); + theRetToken=_returnToken; + break; + } + case 0x21 /* '!' */ : + { + mEXCLAMATION(true); + theRetToken=_returnToken; + break; + } + case 0x25 /* '%' */ : + { + mPERCENT(true); + theRetToken=_returnToken; + break; + } + case 0x26 /* '&' */ : + { + mAMPERSAND(true); + theRetToken=_returnToken; + break; + } + case 0x27 /* '\'' */ : + { + mAPOSTROPHE(true); + theRetToken=_returnToken; + break; + } + case 0x28 /* '(' */ : + { + mOPENING_PAREN(true); + theRetToken=_returnToken; + break; + } + case 0x29 /* ')' */ : + { + mCLOSING_PAREN(true); + theRetToken=_returnToken; + break; + } + case 0x2a /* '*' */ : + { + mSTAR(true); + theRetToken=_returnToken; + break; + } + case 0x2b /* '+' */ : + { + mPLUS(true); + theRetToken=_returnToken; + break; + } + case 0x2c /* ',' */ : + { + mCOMMA(true); + theRetToken=_returnToken; + break; + } + case 0x2f /* '/' */ : + { + mSLASH(true); + theRetToken=_returnToken; + break; + } + case 0x3a /* ':' */ : + { + mCOLON(true); + theRetToken=_returnToken; + break; + } + case 0x3b /* ';' */ : + { + mSEMICOLON(true); + theRetToken=_returnToken; + break; + } + case 0x3c /* '<' */ : + { + mLESS_THAN(true); + theRetToken=_returnToken; + break; + } + case 0x3d /* '=' */ : + { + mEQUALS(true); + theRetToken=_returnToken; + break; + } + case 0x3e /* '>' */ : + { + mGREATER_THAN(true); + theRetToken=_returnToken; + break; + } + case 0x3f /* '?' */ : + { + mQUESTION(true); + theRetToken=_returnToken; + break; + } + case 0x40 /* '@' */ : + { + mCOMMERCIAL_AT(true); + theRetToken=_returnToken; + break; + } + case 0x5b /* '[' */ : + { + mOPENING_SQUARE(true); + theRetToken=_returnToken; + break; + } + case 0x5d /* ']' */ : + { + mCLOSING_SQUARE(true); + theRetToken=_returnToken; + break; + } + case 0x5e /* '^' */ : + { + mCARET(true); + theRetToken=_returnToken; + break; + } + case 0x5f /* '_' */ : + { + mUNDERLINE(true); + theRetToken=_returnToken; + break; + } + case 0x7b /* '{' */ : + { + mOPENING_BRACE(true); + theRetToken=_returnToken; + break; + } + case 0x7d /* '}' */ : + { + mCLOSING_BRACE(true); + theRetToken=_returnToken; + break; + } + case 0x7e /* '~' */ : + { + mTILDE(true); + theRetToken=_returnToken; + break; + } + default: + if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x64 /* 'd' */ ) && (LA(4) == 0x65 /* 'e' */ ) && (LA(5) == 0x73 /* 's' */ ) && (LA(6) == 0x74 /* 't' */ ) && (LA(7) == 0x69 /* 'i' */ ) && (LA(8) == 0x6e /* 'n' */ ) && (LA(9) == 0x61 /* 'a' */ ) && (LA(10) == 0x74 /* 't' */ ) && (LA(11) == 0x69 /* 'i' */ ) && (LA(12) == 0x6f /* 'o' */ ) && (LA(13) == 0x6e /* 'n' */ ) && (LA(14) == 0x2d /* '-' */ ) && (LA(15) == 0x70 /* 'p' */ ) && (LA(16) == 0x6f /* 'o' */ ) && (LA(17) == 0x72 /* 'r' */ ) && (LA(18) == 0x74 /* 't' */ ) && (LA(19) == 0x73 /* 's' */ )) { + mMATCH_DST_MULTIPORT(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x64 /* 'd' */ ) && (LA(4) == 0x65 /* 'e' */ ) && (LA(5) == 0x73 /* 's' */ ) && (LA(6) == 0x74 /* 't' */ ) && (LA(7) == 0x69 /* 'i' */ ) && (LA(8) == 0x6e /* 'n' */ ) && (LA(9) == 0x61 /* 'a' */ ) && (LA(10) == 0x74 /* 't' */ ) && (LA(11) == 0x69 /* 'i' */ ) && (LA(12) == 0x6f /* 'o' */ ) && (LA(13) == 0x6e /* 'n' */ ) && (LA(14) == 0x2d /* '-' */ ) && (LA(15) == 0x70 /* 'p' */ ) && (LA(16) == 0x6f /* 'o' */ ) && (LA(17) == 0x72 /* 'r' */ ) && (LA(18) == 0x74 /* 't' */ ) && (true)) { + mMATCH_DST_PORT(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x73 /* 's' */ ) && (LA(4) == 0x6f /* 'o' */ ) && (LA(5) == 0x75 /* 'u' */ ) && (LA(6) == 0x72 /* 'r' */ ) && (LA(7) == 0x63 /* 'c' */ ) && (LA(8) == 0x65 /* 'e' */ ) && (LA(9) == 0x2d /* '-' */ ) && (LA(10) == 0x70 /* 'p' */ ) && (LA(11) == 0x6f /* 'o' */ ) && (LA(12) == 0x72 /* 'r' */ ) && (LA(13) == 0x74 /* 't' */ ) && (LA(14) == 0x73 /* 's' */ )) { + mMATCH_SRC_MULTIPORT(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x73 /* 's' */ ) && (LA(4) == 0x6f /* 'o' */ ) && (LA(5) == 0x75 /* 'u' */ ) && (LA(6) == 0x72 /* 'r' */ ) && (LA(7) == 0x63 /* 'c' */ ) && (LA(8) == 0x65 /* 'e' */ ) && (LA(9) == 0x2d /* '-' */ ) && (LA(10) == 0x70 /* 'p' */ ) && (LA(11) == 0x6f /* 'o' */ ) && (LA(12) == 0x72 /* 'r' */ ) && (LA(13) == 0x74 /* 't' */ ) && (true)) { + mMATCH_SRC_PORT(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x6c /* 'l' */ ) && (LA(4) == 0x6f /* 'o' */ ) && (LA(5) == 0x67 /* 'g' */ ) && (LA(6) == 0x2d /* '-' */ ) && (LA(7) == 0x74 /* 't' */ ) && (LA(8) == 0x63 /* 'c' */ ) && (LA(9) == 0x70 /* 'p' */ ) && (LA(10) == 0x2d /* '-' */ ) && (LA(11) == 0x73 /* 's' */ )) { + mLOG_TCP_SEQ(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x6c /* 'l' */ ) && (LA(4) == 0x6f /* 'o' */ ) && (LA(5) == 0x67 /* 'g' */ ) && (LA(6) == 0x2d /* '-' */ ) && (LA(7) == 0x74 /* 't' */ ) && (LA(8) == 0x63 /* 'c' */ ) && (LA(9) == 0x70 /* 'p' */ ) && (LA(10) == 0x2d /* '-' */ ) && (LA(11) == 0x6f /* 'o' */ )) { + mLOG_TCP_OPT(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x73 /* 's' */ ) && (LA(4) == 0x70 /* 'p' */ ) && (LA(5) == 0x6f /* 'o' */ ) && (LA(6) == 0x72 /* 'r' */ ) && (LA(7) == 0x74 /* 't' */ ) && (LA(8) == 0x73 /* 's' */ )) { + mMATCH_SRC_MULTIPORT_SHORT(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x64 /* 'd' */ ) && (LA(4) == 0x70 /* 'p' */ ) && (LA(5) == 0x6f /* 'o' */ ) && (LA(6) == 0x72 /* 'r' */ ) && (LA(7) == 0x74 /* 't' */ ) && (LA(8) == 0x73 /* 's' */ )) { + mMATCH_DST_MULTIPORT_SHORT(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x6c /* 'l' */ ) && (LA(4) == 0x69 /* 'i' */ ) && (LA(5) == 0x6d /* 'm' */ ) && (LA(6) == 0x69 /* 'i' */ ) && (LA(7) == 0x74 /* 't' */ ) && (LA(8) == 0x2d /* '-' */ )) { + mMATCH_LIMIT_BURST(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x75 /* 'u' */ ) && (LA(4) == 0x6c /* 'l' */ ) && (LA(5) == 0x6f /* 'o' */ ) && (LA(6) == 0x67 /* 'g' */ ) && (LA(7) == 0x2d /* '-' */ ) && (LA(8) == 0x70 /* 'p' */ )) { + mULOG_PREFIX(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x75 /* 'u' */ ) && (LA(4) == 0x6c /* 'l' */ ) && (LA(5) == 0x6f /* 'o' */ ) && (LA(6) == 0x67 /* 'g' */ ) && (LA(7) == 0x2d /* '-' */ ) && (LA(8) == 0x71 /* 'q' */ )) { + mULOG_QTHR(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x75 /* 'u' */ ) && (LA(4) == 0x6c /* 'l' */ ) && (LA(5) == 0x6f /* 'o' */ ) && (LA(6) == 0x67 /* 'g' */ ) && (LA(7) == 0x2d /* '-' */ ) && (LA(8) == 0x6e /* 'n' */ )) { + mULOG_NLG(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x75 /* 'u' */ ) && (LA(4) == 0x6c /* 'l' */ ) && (LA(5) == 0x6f /* 'o' */ ) && (LA(6) == 0x67 /* 'g' */ ) && (LA(7) == 0x2d /* '-' */ ) && (LA(8) == 0x63 /* 'c' */ )) { + mULOG_CPR(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x73 /* 's' */ ) && (LA(4) == 0x70 /* 'p' */ ) && (LA(5) == 0x6f /* 'o' */ ) && (LA(6) == 0x72 /* 'r' */ ) && (LA(7) == 0x74 /* 't' */ ) && (true)) { + mMATCH_SRC_PORT_SHORT(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x64 /* 'd' */ ) && (LA(4) == 0x70 /* 'p' */ ) && (LA(5) == 0x6f /* 'o' */ ) && (LA(6) == 0x72 /* 'r' */ ) && (LA(7) == 0x74 /* 't' */ ) && (true)) { + mMATCH_DST_PORT_SHORT(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x6c /* 'l' */ ) && (LA(4) == 0x69 /* 'i' */ ) && (LA(5) == 0x6d /* 'm' */ ) && (LA(6) == 0x69 /* 'i' */ ) && (LA(7) == 0x74 /* 't' */ ) && (true)) { + mMATCH_LIMIT(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x73 /* 's' */ ) && (LA(4) == 0x65 /* 'e' */ ) && (LA(5) == 0x74 /* 't' */ ) && (LA(6) == 0x2d /* '-' */ ) && (LA(7) == 0x6d /* 'm' */ )) { + mSET_MARK(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x73 /* 's' */ ) && (LA(4) == 0x65 /* 'e' */ ) && (LA(5) == 0x74 /* 't' */ ) && (LA(6) == 0x2d /* '-' */ ) && (LA(7) == 0x74 /* 't' */ )) { + mSET_TOS(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x6c /* 'l' */ ) && (LA(4) == 0x6f /* 'o' */ ) && (LA(5) == 0x67 /* 'g' */ ) && (LA(6) == 0x2d /* '-' */ ) && (LA(7) == 0x70 /* 'p' */ )) { + mLOG_PREFIX(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x6c /* 'l' */ ) && (LA(4) == 0x6f /* 'o' */ ) && (LA(5) == 0x67 /* 'g' */ ) && (LA(6) == 0x2d /* '-' */ ) && (LA(7) == 0x6c /* 'l' */ )) { + mLOG_LEVEL(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x6c /* 'l' */ ) && (LA(4) == 0x6f /* 'o' */ ) && (LA(5) == 0x67 /* 'g' */ ) && (LA(6) == 0x2d /* '-' */ ) && (LA(7) == 0x69 /* 'i' */ )) { + mLOG_IP_OPT(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x74 /* 't' */ ) && (LA(4) == 0x6f /* 'o' */ ) && (LA(5) == 0x2d /* '-' */ ) && (LA(6) == 0x73 /* 's' */ )) { + mTO_SOURCE(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x74 /* 't' */ ) && (LA(4) == 0x6f /* 'o' */ ) && (LA(5) == 0x2d /* '-' */ ) && (LA(6) == 0x64 /* 'd' */ )) { + mTO_DESTINATION(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x74 /* 't' */ ) && (LA(4) == 0x6f /* 'o' */ ) && (LA(5) == 0x2d /* '-' */ ) && (LA(6) == 0x70 /* 'p' */ )) { + mTO_PORTS(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x73 /* 's' */ ) && (LA(4) == 0x65 /* 'e' */ ) && (LA(5) == 0x63 /* 'c' */ )) { + mSECONDS(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x73 /* 's' */ ) && (LA(4) == 0x65 /* 'e' */ ) && (LA(5) == 0x74 /* 't' */ ) && (true)) { + mSET(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x72 /* 'r' */ ) && (LA(4) == 0x65 /* 'e' */ ) && (LA(5) == 0x6a /* 'j' */ )) { + mREJECT_WITH(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x72 /* 'r' */ ) && (LA(4) == 0x65 /* 'e' */ ) && (LA(5) == 0x73 /* 's' */ )) { + mRESTORE_MARK(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x72 /* 'r' */ ) && (LA(4) == 0x73 /* 's' */ )) { + mRSOURCE(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x73 /* 's' */ ) && (LA(4) == 0x74 /* 't' */ )) { + mMATCH_STATE(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x73 /* 's' */ ) && (LA(4) == 0x79 /* 'y' */ )) { + mMATCH_SYN(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x74 /* 't' */ ) && (LA(4) == 0x63 /* 'c' */ )) { + mMATCH_TCP_FLAGS(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x69 /* 'i' */ ) && (LA(4) == 0x63 /* 'c' */ )) { + mMATCH_ICMP_TYPE(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x73 /* 's' */ ) && (LA(4) == 0x61 /* 'a' */ )) { + mSAVE_MARK(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x69 /* 'i' */ ) && (LA(4) == 0x69 /* 'i' */ )) { + mROUTE_IIF(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x74 /* 't' */ ) && (LA(4) == 0x65 /* 'e' */ )) { + mROUTE_TEE(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x74 /* 't' */ ) && (LA(4) == 0x6f /* 'o' */ ) && (true)) { + mTO_NETMAP(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x6d /* 'm' */ )) { + mMATCH_MARK(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x63 /* 'c' */ )) { + mCONTINUE(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x6f /* 'o' */ )) { + mROUTE_OIF(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x2d /* '-' */ ) && (LA(3) == 0x67 /* 'g' */ )) { + mROUTE_GW(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x23 /* '#' */ ) && ((LA(2) >= 0x3 /* '\3' */ && LA(2) <= 0xff))) { + mLINE_COMMENT(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x41 /* 'A' */ )) { + mADD_RULE(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x6d /* 'm' */ )) { + mOPT_MODULE(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x73 /* 's' */ )) { + mOPT_SRC(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x64 /* 'd' */ )) { + mOPT_DST(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x69 /* 'i' */ )) { + mOPT_IN_INTF(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x6f /* 'o' */ )) { + mOPT_OUT_INTF(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x70 /* 'p' */ )) { + mOPT_PROTO(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x6a /* 'j' */ )) { + mOPT_TARGET(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x66 /* 'f' */ )) { + mOPT_FRAGM(true); + theRetToken=_returnToken; + } + else if ((_tokenSet_0.member(LA(1)))) { + mWhitespace(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x23 /* '#' */ ) && (true)) { + mNUMBER_SIGN(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x2d /* '-' */ ) && (true)) { + mMINUS(true); + theRetToken=_returnToken; + } + else { + if (LA(1)==EOF_CHAR) + { + uponEOF(); + _returnToken = makeToken(ANTLR_USE_NAMESPACE(antlr)Token::EOF_TYPE); + } + else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + } + if ( !_returnToken ) + goto tryAgain; // found SKIP token + + _ttype = _returnToken->getType(); + _ttype = testLiteralsTable(_ttype); + _returnToken->setType(_ttype); + return _returnToken; + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& e) { + throw ANTLR_USE_NAMESPACE(antlr)TokenStreamRecognitionException(e); + } + catch (ANTLR_USE_NAMESPACE(antlr)CharStreamIOException& csie) { + throw ANTLR_USE_NAMESPACE(antlr)TokenStreamIOException(csie.io); + } + catch (ANTLR_USE_NAMESPACE(antlr)CharStreamException& cse) { + throw ANTLR_USE_NAMESPACE(antlr)TokenStreamException(cse.getMessage()); + } +tryAgain:; + } +} + +void IPTCfgLexer::mLINE_COMMENT(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = LINE_COMMENT; + int _saveIndex; + + match("#"); + { // ( ... )* + for (;;) { + if ((_tokenSet_1.member(LA(1)))) { + { + match(_tokenSet_1); + } + } + else { + goto _loop125; + } + + } + _loop125:; + } // ( ... )* + mNEWLINE(false); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mNEWLINE(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = NEWLINE; + int _saveIndex; + + { + if ((LA(1) == 0xd /* '\r' */ ) && (LA(2) == 0xa /* '\n' */ )) { + match("\r\n"); + } + else if ((LA(1) == 0xd /* '\r' */ ) && (true)) { + match('\r'); + } + else if ((LA(1) == 0xa /* '\n' */ )) { + match('\n'); + } + else { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn()); + } + + } + if ( inputState->guessing==0 ) { +#line 964 "iptables.g" + newline(); +#line 625 "IPTCfgLexer.cpp" + } + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mWhitespace(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = Whitespace; + int _saveIndex; + + { + switch ( LA(1)) { + case 0x3 /* '\3' */ : + case 0x4 /* '\4' */ : + case 0x5 /* '\5' */ : + case 0x6 /* '\6' */ : + case 0x7 /* '\7' */ : + case 0x8 /* '\10' */ : + { + matchRange('\3','\10'); + break; + } + case 0x9 /* '\t' */ : + { + match('\t'); + break; + } + case 0xb /* '\13' */ : + { + match('\13'); + break; + } + case 0xc /* '\14' */ : + { + match('\14'); + break; + } + case 0xe /* '\16' */ : + case 0xf /* '\17' */ : + case 0x10 /* '\20' */ : + case 0x11 /* '\21' */ : + case 0x12 /* '\22' */ : + case 0x13 /* '\23' */ : + case 0x14 /* '\24' */ : + case 0x15 /* '\25' */ : + case 0x16 /* '\26' */ : + case 0x17 /* '\27' */ : + case 0x18 /* '\30' */ : + case 0x19 /* '\31' */ : + case 0x1a /* '\32' */ : + case 0x1b /* '\33' */ : + case 0x1c /* '\34' */ : + case 0x1d /* '\35' */ : + case 0x1e /* '\36' */ : + case 0x1f /* '\37' */ : + { + matchRange('\16','\37'); + break; + } + case 0x20 /* ' ' */ : + { + match(' '); + break; + } + default: + if (((LA(1) >= 0x7f && LA(1) <= 0xff))) { + matchRange('\177',static_cast(255)); + } + else { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn()); + } + } + } + if ( inputState->guessing==0 ) { +#line 962 "iptables.g" + _ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP; +#line 706 "IPTCfgLexer.cpp" + } + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mINT_CONST(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = INT_CONST; + int _saveIndex; + + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mHEX_CONST(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = HEX_CONST; + int _saveIndex; + + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mNEG_INT_CONST(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = NEG_INT_CONST; + int _saveIndex; + + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mDIGIT(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = DIGIT; + int _saveIndex; + + matchRange('0','9'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mHEXDIGIT(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = HEXDIGIT; + int _saveIndex; + + switch ( LA(1)) { + case 0x30 /* '0' */ : + case 0x31 /* '1' */ : + case 0x32 /* '2' */ : + case 0x33 /* '3' */ : + case 0x34 /* '4' */ : + case 0x35 /* '5' */ : + case 0x36 /* '6' */ : + case 0x37 /* '7' */ : + case 0x38 /* '8' */ : + case 0x39 /* '9' */ : + { + matchRange('0','9'); + break; + } + case 0x41 /* 'A' */ : + case 0x42 /* 'B' */ : + case 0x43 /* 'C' */ : + case 0x44 /* 'D' */ : + case 0x45 /* 'E' */ : + case 0x46 /* 'F' */ : + { + matchRange('A','F'); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn()); + } + } + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mNUMBER(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = NUMBER; + int _saveIndex; + + { + bool synPredMatched144 = false; + if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_2.member(LA(2))) && (_tokenSet_2.member(LA(3))) && (_tokenSet_2.member(LA(4))) && (_tokenSet_2.member(LA(5))) && (_tokenSet_2.member(LA(6))) && (_tokenSet_2.member(LA(7))) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true))) { + int _m144 = mark(); + synPredMatched144 = true; + inputState->guessing++; + try { + { + { // ( ... )+ + int _cnt139=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt139>=1 ) { goto _loop139; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt139++; + } + _loop139:; + } // ( ... )+ + mDOT(false); + { // ( ... )+ + int _cnt141=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt141>=1 ) { goto _loop141; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt141++; + } + _loop141:; + } // ( ... )+ + mDOT(false); + { // ( ... )+ + int _cnt143=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt143>=1 ) { goto _loop143; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt143++; + } + _loop143:; + } // ( ... )+ + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { + synPredMatched144 = false; + } + rewind(_m144); + inputState->guessing--; + } + if ( synPredMatched144 ) { + { + { // ( ... )+ + int _cnt147=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt147>=1 ) { goto _loop147; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt147++; + } + _loop147:; + } // ( ... )+ + mDOT(false); + { // ( ... )+ + int _cnt149=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt149>=1 ) { goto _loop149; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt149++; + } + _loop149:; + } // ( ... )+ + mDOT(false); + { // ( ... )+ + int _cnt151=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt151>=1 ) { goto _loop151; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt151++; + } + _loop151:; + } // ( ... )+ + mDOT(false); + { // ( ... )+ + int _cnt153=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt153>=1 ) { goto _loop153; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt153++; + } + _loop153:; + } // ( ... )+ + } + if ( inputState->guessing==0 ) { +#line 984 "iptables.g" + _ttype = IPV4; +#line 942 "IPTCfgLexer.cpp" + } + } + else { + bool synPredMatched159 = false; + if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_2.member(LA(2))) && (_tokenSet_2.member(LA(3))) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true))) { + int _m159 = mark(); + synPredMatched159 = true; + inputState->guessing++; + try { + { + { // ( ... )+ + int _cnt156=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt156>=1 ) { goto _loop156; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt156++; + } + _loop156:; + } // ( ... )+ + mDOT(false); + { // ( ... )+ + int _cnt158=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt158>=1 ) { goto _loop158; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt158++; + } + _loop158:; + } // ( ... )+ + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { + synPredMatched159 = false; + } + rewind(_m159); + inputState->guessing--; + } + if ( synPredMatched159 ) { + { + { // ( ... )+ + int _cnt162=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt162>=1 ) { goto _loop162; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt162++; + } + _loop162:; + } // ( ... )+ + mDOT(false); + { // ( ... )+ + int _cnt164=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt164>=1 ) { goto _loop164; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt164++; + } + _loop164:; + } // ( ... )+ + } + } + else if ((LA(1) == 0x30 /* '0' */ ) && (LA(2) == 0x78 /* 'x' */ )) { + { + match('0'); + match('x'); + { // ( ... )+ + int _cnt169=0; + for (;;) { + if ((_tokenSet_3.member(LA(1)))) { + mHEXDIGIT(false); + } + else { + if ( _cnt169>=1 ) { goto _loop169; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt169++; + } + _loop169:; + } // ( ... )+ + } + if ( inputState->guessing==0 ) { +#line 990 "iptables.g" + _ttype = HEX_CONST; +#line 1045 "IPTCfgLexer.cpp" + } + } + else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true)) { + { // ( ... )+ + int _cnt166=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt166>=1 ) { goto _loop166; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt166++; + } + _loop166:; + } // ( ... )+ + if ( inputState->guessing==0 ) { +#line 988 "iptables.g" + _ttype = INT_CONST; +#line 1066 "IPTCfgLexer.cpp" + } + } + else { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn()); + } + } + } + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mDOT(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = DOT; + int _saveIndex; + + match('.'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mWORD(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = WORD; + int _saveIndex; + + { + switch ( LA(1)) { + case 0x61 /* 'a' */ : + case 0x62 /* 'b' */ : + case 0x63 /* 'c' */ : + case 0x64 /* 'd' */ : + case 0x65 /* 'e' */ : + case 0x66 /* 'f' */ : + case 0x67 /* 'g' */ : + case 0x68 /* 'h' */ : + case 0x69 /* 'i' */ : + case 0x6a /* 'j' */ : + case 0x6b /* 'k' */ : + case 0x6c /* 'l' */ : + case 0x6d /* 'm' */ : + case 0x6e /* 'n' */ : + case 0x6f /* 'o' */ : + case 0x70 /* 'p' */ : + case 0x71 /* 'q' */ : + case 0x72 /* 'r' */ : + case 0x73 /* 's' */ : + case 0x74 /* 't' */ : + case 0x75 /* 'u' */ : + case 0x76 /* 'v' */ : + case 0x77 /* 'w' */ : + case 0x78 /* 'x' */ : + case 0x79 /* 'y' */ : + case 0x7a /* 'z' */ : + { + matchRange('a','z'); + break; + } + case 0x41 /* 'A' */ : + case 0x42 /* 'B' */ : + case 0x43 /* 'C' */ : + case 0x44 /* 'D' */ : + case 0x45 /* 'E' */ : + case 0x46 /* 'F' */ : + case 0x47 /* 'G' */ : + case 0x48 /* 'H' */ : + case 0x49 /* 'I' */ : + case 0x4a /* 'J' */ : + case 0x4b /* 'K' */ : + case 0x4c /* 'L' */ : + case 0x4d /* 'M' */ : + case 0x4e /* 'N' */ : + case 0x4f /* 'O' */ : + case 0x50 /* 'P' */ : + case 0x51 /* 'Q' */ : + case 0x52 /* 'R' */ : + case 0x53 /* 'S' */ : + case 0x54 /* 'T' */ : + case 0x55 /* 'U' */ : + case 0x56 /* 'V' */ : + case 0x57 /* 'W' */ : + case 0x58 /* 'X' */ : + case 0x59 /* 'Y' */ : + case 0x5a /* 'Z' */ : + { + matchRange('A','Z'); + break; + } + case 0x24 /* '$' */ : + { + match('$'); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn()); + } + } + } + { // ( ... )* + for (;;) { + switch ( LA(1)) { + case 0x21 /* '!' */ : + case 0x22 /* '"' */ : + case 0x23 /* '#' */ : + case 0x24 /* '$' */ : + case 0x25 /* '%' */ : + case 0x26 /* '&' */ : + case 0x27 /* '\'' */ : + case 0x28 /* '(' */ : + case 0x29 /* ')' */ : + case 0x2a /* '*' */ : + case 0x2b /* '+' */ : + { + matchRange('!','+'); + break; + } + case 0x2d /* '-' */ : + { + match('-'); + break; + } + case 0x2e /* '.' */ : + { + match('.'); + break; + } + case 0x2f /* '/' */ : + { + match('/'); + break; + } + case 0x30 /* '0' */ : + case 0x31 /* '1' */ : + case 0x32 /* '2' */ : + case 0x33 /* '3' */ : + case 0x34 /* '4' */ : + case 0x35 /* '5' */ : + case 0x36 /* '6' */ : + case 0x37 /* '7' */ : + case 0x38 /* '8' */ : + case 0x39 /* '9' */ : + { + matchRange('0','9'); + break; + } + case 0x3a /* ':' */ : + { + match(':'); + break; + } + case 0x3b /* ';' */ : + { + match(';'); + break; + } + case 0x3c /* '<' */ : + { + match('<'); + break; + } + case 0x3d /* '=' */ : + { + match('='); + break; + } + case 0x3e /* '>' */ : + { + match('>'); + break; + } + case 0x3f /* '?' */ : + { + match('?'); + break; + } + case 0x40 /* '@' */ : + { + match('@'); + break; + } + case 0x41 /* 'A' */ : + case 0x42 /* 'B' */ : + case 0x43 /* 'C' */ : + case 0x44 /* 'D' */ : + case 0x45 /* 'E' */ : + case 0x46 /* 'F' */ : + case 0x47 /* 'G' */ : + case 0x48 /* 'H' */ : + case 0x49 /* 'I' */ : + case 0x4a /* 'J' */ : + case 0x4b /* 'K' */ : + case 0x4c /* 'L' */ : + case 0x4d /* 'M' */ : + case 0x4e /* 'N' */ : + case 0x4f /* 'O' */ : + case 0x50 /* 'P' */ : + case 0x51 /* 'Q' */ : + case 0x52 /* 'R' */ : + case 0x53 /* 'S' */ : + case 0x54 /* 'T' */ : + case 0x55 /* 'U' */ : + case 0x56 /* 'V' */ : + case 0x57 /* 'W' */ : + case 0x58 /* 'X' */ : + case 0x59 /* 'Y' */ : + case 0x5a /* 'Z' */ : + { + matchRange('A','Z'); + break; + } + case 0x5e /* '^' */ : + { + match('^'); + break; + } + case 0x5f /* '_' */ : + { + match('_'); + break; + } + case 0x60 /* '`' */ : + { + match('`'); + break; + } + case 0x61 /* 'a' */ : + case 0x62 /* 'b' */ : + case 0x63 /* 'c' */ : + case 0x64 /* 'd' */ : + case 0x65 /* 'e' */ : + case 0x66 /* 'f' */ : + case 0x67 /* 'g' */ : + case 0x68 /* 'h' */ : + case 0x69 /* 'i' */ : + case 0x6a /* 'j' */ : + case 0x6b /* 'k' */ : + case 0x6c /* 'l' */ : + case 0x6d /* 'm' */ : + case 0x6e /* 'n' */ : + case 0x6f /* 'o' */ : + case 0x70 /* 'p' */ : + case 0x71 /* 'q' */ : + case 0x72 /* 'r' */ : + case 0x73 /* 's' */ : + case 0x74 /* 't' */ : + case 0x75 /* 'u' */ : + case 0x76 /* 'v' */ : + case 0x77 /* 'w' */ : + case 0x78 /* 'x' */ : + case 0x79 /* 'y' */ : + case 0x7a /* 'z' */ : + { + matchRange('a','z'); + break; + } + default: + { + goto _loop173; + } + } + } + _loop173:; + } // ( ... )* + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mSTRING(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = STRING; + int _saveIndex; + + match('"'); + { // ( ... )* + for (;;) { + if ((_tokenSet_4.member(LA(1)))) { + matchNot('"'); + } + else { + goto _loop176; + } + + } + _loop176:; + } // ( ... )* + match('"'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mUNSUPPORTED_OPTION(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = UNSUPPORTED_OPTION; + int _saveIndex; + + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mSECONDS(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = SECONDS; + int _saveIndex; + + match("--seconds"); + if ( inputState->guessing==0 ) { +#line 1006 "iptables.g" + _ttype = UNSUPPORTED_OPTION; +#line 1396 "IPTCfgLexer.cpp" + } + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mSET(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = SET; + int _saveIndex; + + match("--set"); + if ( inputState->guessing==0 ) { +#line 1009 "iptables.g" + _ttype = UNSUPPORTED_OPTION; +#line 1415 "IPTCfgLexer.cpp" + } + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mRSOURCE(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = RSOURCE; + int _saveIndex; + + match("--rsource"); + if ( inputState->guessing==0 ) { +#line 1012 "iptables.g" + _ttype = UNSUPPORTED_OPTION; +#line 1434 "IPTCfgLexer.cpp" + } + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mADD_RULE(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = ADD_RULE; + int _saveIndex; + + match("-A"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mMATCH_STATE(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = MATCH_STATE; + int _saveIndex; + + match("--state"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mMATCH_SRC_MULTIPORT(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = MATCH_SRC_MULTIPORT; + int _saveIndex; + + match("--source-ports"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mMATCH_DST_MULTIPORT(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = MATCH_DST_MULTIPORT; + int _saveIndex; + + match("--destination-ports"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mMATCH_SRC_MULTIPORT_SHORT(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = MATCH_SRC_MULTIPORT_SHORT; + int _saveIndex; + + match("--sports"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mMATCH_DST_MULTIPORT_SHORT(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = MATCH_DST_MULTIPORT_SHORT; + int _saveIndex; + + match("--dports"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mMATCH_SRC_PORT(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = MATCH_SRC_PORT; + int _saveIndex; + + match("--source-port"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mMATCH_DST_PORT(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = MATCH_DST_PORT; + int _saveIndex; + + match("--destination-port"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mMATCH_SYN(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = MATCH_SYN; + int _saveIndex; + + match("--syn"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mMATCH_TCP_FLAGS(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = MATCH_TCP_FLAGS; + int _saveIndex; + + match("--tcp-flags"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mMATCH_SRC_PORT_SHORT(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = MATCH_SRC_PORT_SHORT; + int _saveIndex; + + match("--sport"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mMATCH_DST_PORT_SHORT(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = MATCH_DST_PORT_SHORT; + int _saveIndex; + + match("--dport"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mMATCH_ICMP_TYPE(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = MATCH_ICMP_TYPE; + int _saveIndex; + + match("--icmp-type"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mMATCH_MARK(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = MATCH_MARK; + int _saveIndex; + + match("--mark"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mMATCH_LIMIT(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = MATCH_LIMIT; + int _saveIndex; + + match("--limit"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mMATCH_LIMIT_BURST(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = MATCH_LIMIT_BURST; + int _saveIndex; + + match("--limit-burst"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mREJECT_WITH(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = REJECT_WITH; + int _saveIndex; + + match("--reject-with"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mSET_MARK(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = SET_MARK; + int _saveIndex; + + match("--set-mark"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mSAVE_MARK(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = SAVE_MARK; + int _saveIndex; + + match("--save-mark"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mRESTORE_MARK(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = RESTORE_MARK; + int _saveIndex; + + match("--restore-mark"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mSET_TOS(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = SET_TOS; + int _saveIndex; + + match("--set-tos"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mCONTINUE(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = CONTINUE; + int _saveIndex; + + match("--continue"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mROUTE_IIF(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = ROUTE_IIF; + int _saveIndex; + + match("--iif"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mROUTE_OIF(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = ROUTE_OIF; + int _saveIndex; + + match("--oif"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mROUTE_GW(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = ROUTE_GW; + int _saveIndex; + + match("--gw"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mROUTE_TEE(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = ROUTE_TEE; + int _saveIndex; + + match("--tee"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mLOG_PREFIX(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = LOG_PREFIX; + int _saveIndex; + + match("--log-prefix"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mLOG_LEVEL(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = LOG_LEVEL; + int _saveIndex; + + match("--log-level"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mLOG_TCP_SEQ(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = LOG_TCP_SEQ; + int _saveIndex; + + match("--log-tcp-sequence"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mLOG_TCP_OPT(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = LOG_TCP_OPT; + int _saveIndex; + + match("--log-tcp-options"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mLOG_IP_OPT(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = LOG_IP_OPT; + int _saveIndex; + + match("--log-ip-options"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mULOG_PREFIX(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = ULOG_PREFIX; + int _saveIndex; + + match("--ulog-prefix"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mULOG_QTHR(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = ULOG_QTHR; + int _saveIndex; + + match("--ulog-qthreshold"); + if ( inputState->guessing==0 ) { +#line 1059 "iptables.g" + _ttype = UNSUPPORTED_OPTION; +#line 1901 "IPTCfgLexer.cpp" + } + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mULOG_NLG(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = ULOG_NLG; + int _saveIndex; + + match("--ulog-nlgroup"); + if ( inputState->guessing==0 ) { +#line 1060 "iptables.g" + _ttype = UNSUPPORTED_OPTION; +#line 1920 "IPTCfgLexer.cpp" + } + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mULOG_CPR(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = ULOG_CPR; + int _saveIndex; + + match("--ulog-cprange"); + if ( inputState->guessing==0 ) { +#line 1061 "iptables.g" + _ttype = UNSUPPORTED_OPTION; +#line 1939 "IPTCfgLexer.cpp" + } + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mTO_SOURCE(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = TO_SOURCE; + int _saveIndex; + + match("--to-source"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mTO_DESTINATION(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = TO_DESTINATION; + int _saveIndex; + + match("--to-destination"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mTO_PORTS(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = TO_PORTS; + int _saveIndex; + + match("--to-ports"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mTO_NETMAP(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = TO_NETMAP; + int _saveIndex; + + match("--to"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mOPT_MODULE(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = OPT_MODULE; + int _saveIndex; + + match("-m"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mOPT_SRC(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = OPT_SRC; + int _saveIndex; + + match("-s"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mOPT_DST(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = OPT_DST; + int _saveIndex; + + match("-d"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mOPT_IN_INTF(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = OPT_IN_INTF; + int _saveIndex; + + match("-i"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mOPT_OUT_INTF(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = OPT_OUT_INTF; + int _saveIndex; + + match("-o"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mOPT_PROTO(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = OPT_PROTO; + int _saveIndex; + + match("-p"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mOPT_TARGET(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = OPT_TARGET; + int _saveIndex; + + match("-j"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mOPT_FRAGM(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = OPT_FRAGM; + int _saveIndex; + + match("-f"); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mEXCLAMATION(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = EXCLAMATION; + int _saveIndex; + + match('!'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mNUMBER_SIGN(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = NUMBER_SIGN; + int _saveIndex; + + match('#'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mPERCENT(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = PERCENT; + int _saveIndex; + + match('%'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mAMPERSAND(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = AMPERSAND; + int _saveIndex; + + match('&'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mAPOSTROPHE(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = APOSTROPHE; + int _saveIndex; + + match('\''); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mOPENING_PAREN(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = OPENING_PAREN; + int _saveIndex; + + match('('); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mCLOSING_PAREN(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = CLOSING_PAREN; + int _saveIndex; + + match(')'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mSTAR(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = STAR; + int _saveIndex; + + match('*'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mPLUS(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = PLUS; + int _saveIndex; + + match('+'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mCOMMA(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = COMMA; + int _saveIndex; + + match(','); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mMINUS(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = MINUS; + int _saveIndex; + + match('-'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mSLASH(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = SLASH; + int _saveIndex; + + match('/'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mCOLON(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = COLON; + int _saveIndex; + + match(':'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mSEMICOLON(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = SEMICOLON; + int _saveIndex; + + match(';'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mLESS_THAN(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = LESS_THAN; + int _saveIndex; + + match('<'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mEQUALS(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = EQUALS; + int _saveIndex; + + match('='); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mGREATER_THAN(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = GREATER_THAN; + int _saveIndex; + + match('>'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mQUESTION(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = QUESTION; + int _saveIndex; + + match('?'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mCOMMERCIAL_AT(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = COMMERCIAL_AT; + int _saveIndex; + + match('@'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mOPENING_SQUARE(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = OPENING_SQUARE; + int _saveIndex; + + match('['); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mCLOSING_SQUARE(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = CLOSING_SQUARE; + int _saveIndex; + + match(']'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mCARET(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = CARET; + int _saveIndex; + + match('^'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mUNDERLINE(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = UNDERLINE; + int _saveIndex; + + match('_'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mOPENING_BRACE(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = OPENING_BRACE; + int _saveIndex; + + match('{'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mCLOSING_BRACE(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = CLOSING_BRACE; + int _saveIndex; + + match('}'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void IPTCfgLexer::mTILDE(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; int _begin=text.length(); + _ttype = TILDE; + int _saveIndex; + + match('~'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + + +const unsigned long IPTCfgLexer::_tokenSet_0_data_[] = { 4294958072UL, 1UL, 0UL, 2147483648UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xb 0xc 0xe 0xf 0x10 0x11 0x12 0x13 0x14 +// 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f +const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgLexer::_tokenSet_0(_tokenSet_0_data_,16); +const unsigned long IPTCfgLexer::_tokenSet_1_data_[] = { 4294958072UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xb 0xc 0xe 0xf 0x10 0x11 0x12 0x13 0x14 +// 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f ! " # $ % & +// \' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F G H +// I J K L M N O P Q R S T U V W X Y Z [ \\ ] ^ _ ` a b c d e f g h i j +// k l m n o p q r s t u v +const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgLexer::_tokenSet_1(_tokenSet_1_data_,16); +const unsigned long IPTCfgLexer::_tokenSet_2_data_[] = { 0UL, 67059712UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// . 0 1 2 3 4 5 6 7 8 9 +const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgLexer::_tokenSet_2(_tokenSet_2_data_,10); +const unsigned long IPTCfgLexer::_tokenSet_3_data_[] = { 0UL, 67043328UL, 126UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// 0 1 2 3 4 5 6 7 8 9 A B C D E F +const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgLexer::_tokenSet_3(_tokenSet_3_data_,10); +const unsigned long IPTCfgLexer::_tokenSet_4_data_[] = { 4294967288UL, 4294967291UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xa 0xb 0xc 0xd 0xe 0xf 0x10 0x11 0x12 0x13 +// 0x14 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f ! # $ +// % & \' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F +// G H I J K L M N O P Q R S T U V W X Y Z [ \\ ] ^ _ ` a b c d e f g h +// i j k l m n o p q r s t u v +const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgLexer::_tokenSet_4(_tokenSet_4_data_,16); + diff --git a/src/parsers/IPTCfgLexer.hpp b/src/parsers/IPTCfgLexer.hpp new file mode 100644 index 000000000..1928d2173 --- /dev/null +++ b/src/parsers/IPTCfgLexer.hpp @@ -0,0 +1,152 @@ +#ifndef INC_IPTCfgLexer_hpp_ +#define INC_IPTCfgLexer_hpp_ + +#line 27 "iptables.g" + + // gets inserted before antlr generated includes in the header + // file + +#line 10 "IPTCfgLexer.hpp" +#include +/* $ANTLR 2.7.4: "iptables.g" -> "IPTCfgLexer.hpp"$ */ +#include +#include +#include +#include "IPTCfgParserTokenTypes.hpp" +#include +#line 32 "iptables.g" + + // gets inserted after antlr generated includes in the header file + // outside any generated namespace specifications + +#include + +class IPTImporter; + +#line 27 "IPTCfgLexer.hpp" +#line 62 "iptables.g" + + // gets inserted after generated namespace specifications in the + // header file. But outside the generated class. + +#line 33 "IPTCfgLexer.hpp" +class CUSTOM_API IPTCfgLexer : public ANTLR_USE_NAMESPACE(antlr)CharScanner, public IPTCfgParserTokenTypes +{ +#line 1 "iptables.g" +#line 37 "IPTCfgLexer.hpp" +private: + void initLiterals(); +public: + bool getCaseSensitiveLiterals() const + { + return true; + } +public: + IPTCfgLexer(ANTLR_USE_NAMESPACE(std)istream& in); + IPTCfgLexer(ANTLR_USE_NAMESPACE(antlr)InputBuffer& ib); + IPTCfgLexer(const ANTLR_USE_NAMESPACE(antlr)LexerSharedInputState& state); + ANTLR_USE_NAMESPACE(antlr)RefToken nextToken(); + public: void mLINE_COMMENT(bool _createToken); + public: void mNEWLINE(bool _createToken); + public: void mWhitespace(bool _createToken); + protected: void mINT_CONST(bool _createToken); + protected: void mHEX_CONST(bool _createToken); + protected: void mNEG_INT_CONST(bool _createToken); + protected: void mDIGIT(bool _createToken); + protected: void mHEXDIGIT(bool _createToken); + public: void mNUMBER(bool _createToken); + public: void mDOT(bool _createToken); + public: void mWORD(bool _createToken); + public: void mSTRING(bool _createToken); + protected: void mUNSUPPORTED_OPTION(bool _createToken); + public: void mSECONDS(bool _createToken); + public: void mSET(bool _createToken); + public: void mRSOURCE(bool _createToken); + public: void mADD_RULE(bool _createToken); + public: void mMATCH_STATE(bool _createToken); + public: void mMATCH_SRC_MULTIPORT(bool _createToken); + public: void mMATCH_DST_MULTIPORT(bool _createToken); + public: void mMATCH_SRC_MULTIPORT_SHORT(bool _createToken); + public: void mMATCH_DST_MULTIPORT_SHORT(bool _createToken); + public: void mMATCH_SRC_PORT(bool _createToken); + public: void mMATCH_DST_PORT(bool _createToken); + public: void mMATCH_SYN(bool _createToken); + public: void mMATCH_TCP_FLAGS(bool _createToken); + public: void mMATCH_SRC_PORT_SHORT(bool _createToken); + public: void mMATCH_DST_PORT_SHORT(bool _createToken); + public: void mMATCH_ICMP_TYPE(bool _createToken); + public: void mMATCH_MARK(bool _createToken); + public: void mMATCH_LIMIT(bool _createToken); + public: void mMATCH_LIMIT_BURST(bool _createToken); + public: void mREJECT_WITH(bool _createToken); + public: void mSET_MARK(bool _createToken); + public: void mSAVE_MARK(bool _createToken); + public: void mRESTORE_MARK(bool _createToken); + public: void mSET_TOS(bool _createToken); + public: void mCONTINUE(bool _createToken); + public: void mROUTE_IIF(bool _createToken); + public: void mROUTE_OIF(bool _createToken); + public: void mROUTE_GW(bool _createToken); + public: void mROUTE_TEE(bool _createToken); + public: void mLOG_PREFIX(bool _createToken); + public: void mLOG_LEVEL(bool _createToken); + public: void mLOG_TCP_SEQ(bool _createToken); + public: void mLOG_TCP_OPT(bool _createToken); + public: void mLOG_IP_OPT(bool _createToken); + public: void mULOG_PREFIX(bool _createToken); + public: void mULOG_QTHR(bool _createToken); + public: void mULOG_NLG(bool _createToken); + public: void mULOG_CPR(bool _createToken); + public: void mTO_SOURCE(bool _createToken); + public: void mTO_DESTINATION(bool _createToken); + public: void mTO_PORTS(bool _createToken); + public: void mTO_NETMAP(bool _createToken); + public: void mOPT_MODULE(bool _createToken); + public: void mOPT_SRC(bool _createToken); + public: void mOPT_DST(bool _createToken); + public: void mOPT_IN_INTF(bool _createToken); + public: void mOPT_OUT_INTF(bool _createToken); + public: void mOPT_PROTO(bool _createToken); + public: void mOPT_TARGET(bool _createToken); + public: void mOPT_FRAGM(bool _createToken); + public: void mEXCLAMATION(bool _createToken); + public: void mNUMBER_SIGN(bool _createToken); + public: void mPERCENT(bool _createToken); + public: void mAMPERSAND(bool _createToken); + public: void mAPOSTROPHE(bool _createToken); + public: void mOPENING_PAREN(bool _createToken); + public: void mCLOSING_PAREN(bool _createToken); + public: void mSTAR(bool _createToken); + public: void mPLUS(bool _createToken); + public: void mCOMMA(bool _createToken); + public: void mMINUS(bool _createToken); + public: void mSLASH(bool _createToken); + public: void mCOLON(bool _createToken); + public: void mSEMICOLON(bool _createToken); + public: void mLESS_THAN(bool _createToken); + public: void mEQUALS(bool _createToken); + public: void mGREATER_THAN(bool _createToken); + public: void mQUESTION(bool _createToken); + public: void mCOMMERCIAL_AT(bool _createToken); + public: void mOPENING_SQUARE(bool _createToken); + public: void mCLOSING_SQUARE(bool _createToken); + public: void mCARET(bool _createToken); + public: void mUNDERLINE(bool _createToken); + public: void mOPENING_BRACE(bool _createToken); + public: void mCLOSING_BRACE(bool _createToken); + public: void mTILDE(bool _createToken); +private: + + static const unsigned long _tokenSet_0_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_0; + static const unsigned long _tokenSet_1_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_1; + static const unsigned long _tokenSet_2_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_2; + static const unsigned long _tokenSet_3_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_3; + static const unsigned long _tokenSet_4_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_4; +}; + +#endif /*INC_IPTCfgLexer_hpp_*/ diff --git a/src/parsers/IPTCfgParser.cpp b/src/parsers/IPTCfgParser.cpp new file mode 100644 index 000000000..6f989c42a --- /dev/null +++ b/src/parsers/IPTCfgParser.cpp @@ -0,0 +1,3050 @@ +/* $ANTLR 2.7.4: "iptables.g" -> "IPTCfgParser.cpp"$ */ +#line 42 "iptables.g" + + // gets inserted before the antlr generated includes in the cpp + // file + +#line 8 "IPTCfgParser.cpp" +#include "IPTCfgParser.hpp" +#include +#include +#include +#line 48 "iptables.g" + + // gets inserted after the antlr generated includes in the cpp + // file +#include +#include + +#include "../gui/IPTImporter.h" +#include "fwbuilder/TCPService.h" + +#include + + +#line 26 "IPTCfgParser.cpp" +#line 1 "iptables.g" +#line 28 "IPTCfgParser.cpp" +IPTCfgParser::IPTCfgParser(ANTLR_USE_NAMESPACE(antlr)TokenBuffer& tokenBuf, int k) +: ANTLR_USE_NAMESPACE(antlr)LLkParser(tokenBuf,k) +{ +} + +IPTCfgParser::IPTCfgParser(ANTLR_USE_NAMESPACE(antlr)TokenBuffer& tokenBuf) +: ANTLR_USE_NAMESPACE(antlr)LLkParser(tokenBuf,2) +{ +} + +IPTCfgParser::IPTCfgParser(ANTLR_USE_NAMESPACE(antlr)TokenStream& lexer, int k) +: ANTLR_USE_NAMESPACE(antlr)LLkParser(lexer,k) +{ +} + +IPTCfgParser::IPTCfgParser(ANTLR_USE_NAMESPACE(antlr)TokenStream& lexer) +: ANTLR_USE_NAMESPACE(antlr)LLkParser(lexer,2) +{ +} + +IPTCfgParser::IPTCfgParser(const ANTLR_USE_NAMESPACE(antlr)ParserSharedInputState& state) +: ANTLR_USE_NAMESPACE(antlr)LLkParser(state,2) +{ +} + +void IPTCfgParser::cfgfile() { + + try { // for error handling + { // ( ... )+ + int _cnt3=0; + for (;;) { + switch ( LA(1)) { + case LINE_COMMENT: + { + comment(); + break; + } + case STAR: + { + start_table(); + break; + } + case COLON: + { + create_chain(); + break; + } + case ADD_RULE: + { + add_rule(); + break; + } + case COMMIT: + { + commit(); + break; + } + case NEWLINE: + { + match(NEWLINE); + break; + } + default: + { + if ( _cnt3>=1 ) { goto _loop3; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());} + } + } + _cnt3++; + } + _loop3:; + } // ( ... )+ + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_0); + } +} + +void IPTCfgParser::comment() { + + try { // for error handling + match(LINE_COMMENT); + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_1); + } +} + +void IPTCfgParser::start_table() { + + try { // for error handling + match(STAR); + match(WORD); +#line 123 "iptables.g" + + importer->current_table = LT(0)->getText(); + *dbg << "TABLE " << LT(0)->getText() << std::endl; + +#line 130 "IPTCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_1); + } +} + +void IPTCfgParser::create_chain() { + + try { // for error handling + match(COLON); + chain_def(); +#line 142 "iptables.g" + + importer->newUnidirRuleSet(LT(0)->getText()); + *dbg << "NEW CHAIN " << LT(0)->getText() << std::endl; + +#line 149 "IPTCfgParser.cpp" + { + switch ( LA(1)) { + case WORD: + { + match(WORD); + break; + } + case MINUS: + { + match(MINUS); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + switch ( LA(1)) { + case OPENING_SQUARE: + { + match(OPENING_SQUARE); + match(INT_CONST); + match(COLON); + match(INT_CONST); + match(CLOSING_SQUARE); + break; + } + case ANTLR_USE_NAMESPACE(antlr)Token::EOF_TYPE: + case NEWLINE: + case LINE_COMMENT: + case COMMIT: + case STAR: + case COLON: + case ADD_RULE: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_1); + } +} + +void IPTCfgParser::add_rule() { + + try { // for error handling + match(ADD_RULE); + chain_def(); +#line 153 "iptables.g" + + // push previous rule + *dbg << std::endl; + importer->pushRule(); + // start new one + if (importer->current_table=="nat") + importer->newNATRule(); + else + importer->newPolicyRule(); + importer->current_chain = LT(0)->getText(); + *dbg << "add_rule: line=" << LT(0)->getLine() + << " chain=" << LT(0)->getText(); + +#line 222 "IPTCfgParser.cpp" + { // ( ... )+ + int _cnt14=0; + for (;;) { + if ((_tokenSet_2.member(LA(1)))) { + ipt_option(); + } + else { + if ( _cnt14>=1 ) { goto _loop14; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());} + } + + _cnt14++; + } + _loop14:; + } // ( ... )+ + match(NEWLINE); + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_1); + } +} + +void IPTCfgParser::commit() { + + try { // for error handling + match(COMMIT); +#line 111 "iptables.g" + + // push last rule + importer->pushRule(); + *dbg << " COMMIT" << std::endl; + // clear current table + importer->current_table = ""; + +#line 258 "IPTCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_1); + } +} + +void IPTCfgParser::chain_def() { + + try { // for error handling + { + switch ( LA(1)) { + case INPUT: + { + match(INPUT); + break; + } + case FORWARD: + { + match(FORWARD); + break; + } + case OUTPUT: + { + match(OUTPUT); + break; + } + case PREROUTING: + { + match(PREROUTING); + break; + } + case POSTROUTING: + { + match(POSTROUTING); + break; + } + case WORD: + { + match(WORD); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_3); + } +} + +void IPTCfgParser::ipt_option() { + + try { // for error handling + { + switch ( LA(1)) { + case OPT_MODULE: + { + module(); + break; + } + case OPT_SRC: + { + src(); + break; + } + case OPT_DST: + { + dst(); + break; + } + case OPT_IN_INTF: + { + i_intf(); + break; + } + case OPT_OUT_INTF: + { + o_intf(); + break; + } + case OPT_PROTO: + { + proto(); + break; + } + case OPT_TARGET: + { + target(); + break; + } + case OPT_FRAGM: + { + fragm(); + break; + } + case MATCH_ICMP_TYPE: + { + icmp_type_spec(); + break; + } + case MATCH_SRC_PORT: + case MATCH_SRC_PORT_SHORT: + case MATCH_DST_PORT: + case MATCH_DST_PORT_SHORT: + { + basic_tcp_udp_port_spec(); + break; + } + case MATCH_SRC_MULTIPORT: + case MATCH_SRC_MULTIPORT_SHORT: + case MATCH_DST_MULTIPORT: + case MATCH_DST_MULTIPORT_SHORT: + { + multiport_tcp_udp_port_spec(); + break; + } + case EXCLAMATION: + case MATCH_SYN: + case MATCH_TCP_FLAGS: + { + tcp_options(); + break; + } + case MATCH_MARK: + { + match_mark(); + break; + } + case MATCH_LIMIT: + { + match_limit(); + break; + } + case MATCH_LIMIT_BURST: + { + match_limit_burst(); + break; + } + case MINUS: + case UNSUPPORTED_OPTION: + { + unknown_option(); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } +} + +void IPTCfgParser::module() { + + try { // for error handling + match(OPT_MODULE); + { + switch ( LA(1)) { + case M_STATE: + { + m_state(); + break; + } + case M_MPORT: + { + m_mport(); + break; + } + case ICMP: + { + m_icmp(); + break; + } + case TCP: + { + m_tcp(); + break; + } + case UDP: + { + m_udp(); + break; + } + case M_MARK: + { + m_mark(); + break; + } + case M_LIMIT: + { + m_limit(); + break; + } + case WORD: + { + m_unknown_module(); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } +} + +void IPTCfgParser::src() { + + try { // for error handling + match(OPT_SRC); +#line 275 "iptables.g" + + *dbg << " SRC="; + +#line 492 "IPTCfgParser.cpp" + { + switch ( LA(1)) { + case EXCLAMATION: + { + match(EXCLAMATION); +#line 280 "iptables.g" + + importer->src_neg = true; + +#line 502 "IPTCfgParser.cpp" + break; + } + case WORD: + case IPV4: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + { + switch ( LA(1)) { + case WORD: + { + match(WORD); + break; + } + case IPV4: + { + match(IPV4); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 285 "iptables.g" + + importer->src_a = LT(0)->getText(); + *dbg << LT(0)->getText(); + +#line 540 "IPTCfgParser.cpp" + { + switch ( LA(1)) { + case SLASH: + { + match(SLASH); + { + switch ( LA(1)) { + case IPV4: + { + match(IPV4); + break; + } + case INT_CONST: + { + match(INT_CONST); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 290 "iptables.g" + + importer->src_nm = LT(0)->getText(); + *dbg << "/" << LT(0)->getText(); + +#line 569 "IPTCfgParser.cpp" + break; + } + case NEWLINE: + case MINUS: + case UNSUPPORTED_OPTION: + case OPT_MODULE: + case OPT_SRC: + case EXCLAMATION: + case OPT_DST: + case OPT_IN_INTF: + case OPT_OUT_INTF: + case OPT_PROTO: + case OPT_TARGET: + case OPT_FRAGM: + case MATCH_MARK: + case MATCH_LIMIT: + case MATCH_LIMIT_BURST: + case MATCH_SRC_MULTIPORT: + case MATCH_SRC_MULTIPORT_SHORT: + case MATCH_DST_MULTIPORT: + case MATCH_DST_MULTIPORT_SHORT: + case MATCH_ICMP_TYPE: + case MATCH_SRC_PORT: + case MATCH_SRC_PORT_SHORT: + case MATCH_DST_PORT: + case MATCH_DST_PORT_SHORT: + case MATCH_SYN: + case MATCH_TCP_FLAGS: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } +} + +void IPTCfgParser::dst() { + + try { // for error handling + match(OPT_DST); +#line 299 "iptables.g" + + *dbg << " DST="; + +#line 624 "IPTCfgParser.cpp" + { + switch ( LA(1)) { + case EXCLAMATION: + { + match(EXCLAMATION); +#line 304 "iptables.g" + + importer->dst_neg = true; + +#line 634 "IPTCfgParser.cpp" + break; + } + case WORD: + case IPV4: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + { + switch ( LA(1)) { + case WORD: + { + match(WORD); + break; + } + case IPV4: + { + match(IPV4); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 309 "iptables.g" + + importer->dst_a = LT(0)->getText(); + *dbg << LT(0)->getText(); + +#line 672 "IPTCfgParser.cpp" + { + switch ( LA(1)) { + case SLASH: + { + match(SLASH); + { + switch ( LA(1)) { + case IPV4: + { + match(IPV4); + break; + } + case INT_CONST: + { + match(INT_CONST); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 314 "iptables.g" + + importer->dst_nm = LT(0)->getText(); + *dbg << "/" << LT(0)->getText(); + +#line 701 "IPTCfgParser.cpp" + break; + } + case NEWLINE: + case MINUS: + case UNSUPPORTED_OPTION: + case OPT_MODULE: + case OPT_SRC: + case EXCLAMATION: + case OPT_DST: + case OPT_IN_INTF: + case OPT_OUT_INTF: + case OPT_PROTO: + case OPT_TARGET: + case OPT_FRAGM: + case MATCH_MARK: + case MATCH_LIMIT: + case MATCH_LIMIT_BURST: + case MATCH_SRC_MULTIPORT: + case MATCH_SRC_MULTIPORT_SHORT: + case MATCH_DST_MULTIPORT: + case MATCH_DST_MULTIPORT_SHORT: + case MATCH_ICMP_TYPE: + case MATCH_SRC_PORT: + case MATCH_SRC_PORT_SHORT: + case MATCH_DST_PORT: + case MATCH_DST_PORT_SHORT: + case MATCH_SYN: + case MATCH_TCP_FLAGS: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } +} + +void IPTCfgParser::i_intf() { + ANTLR_USE_NAMESPACE(antlr)RefToken i = ANTLR_USE_NAMESPACE(antlr)nullToken; + + try { // for error handling + match(OPT_IN_INTF); + { + switch ( LA(1)) { + case EXCLAMATION: + { + match(EXCLAMATION); +#line 325 "iptables.g" + + importer->intf_neg = true; + +#line 762 "IPTCfgParser.cpp" + break; + } + case WORD: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + i = LT(1); + match(WORD); +#line 330 "iptables.g" + + importer->i_intf = LT(0)->getText(); + *dbg << " I_INTF=" << i->getText(); + +#line 782 "IPTCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } +} + +void IPTCfgParser::o_intf() { + ANTLR_USE_NAMESPACE(antlr)RefToken i = ANTLR_USE_NAMESPACE(antlr)nullToken; + + try { // for error handling + match(OPT_OUT_INTF); + { + switch ( LA(1)) { + case EXCLAMATION: + { + match(EXCLAMATION); +#line 340 "iptables.g" + + importer->intf_neg = true; + +#line 805 "IPTCfgParser.cpp" + break; + } + case WORD: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + i = LT(1); + match(WORD); +#line 345 "iptables.g" + + importer->o_intf = LT(0)->getText(); + *dbg << " O_INTF=" << i->getText(); + +#line 825 "IPTCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } +} + +void IPTCfgParser::proto() { + + try { // for error handling + match(OPT_PROTO); + { + switch ( LA(1)) { + case EXCLAMATION: + { + match(EXCLAMATION); +#line 358 "iptables.g" + + importer->srv_neg = true; + +#line 847 "IPTCfgParser.cpp" + break; + } + case WORD: + case INT_CONST: + case TCP: + case UDP: + case ICMP: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + protocol_word(); +#line 363 "iptables.g" + + std::string tmp_s = LT(0)->getText(); + importer->protocol.resize(tmp_s.size()); + std::transform(tmp_s.begin(), + tmp_s.end(), + importer->protocol.begin(), + ::tolower); + *dbg << " PROTO=" << importer->protocol; + +#line 875 "IPTCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } +} + +void IPTCfgParser::target() { + ANTLR_USE_NAMESPACE(antlr)RefToken t = ANTLR_USE_NAMESPACE(antlr)nullToken; + + try { // for error handling + match(OPT_TARGET); + t = LT(1); + match(WORD); +#line 376 "iptables.g" + + importer->target = LT(0)->getText(); + *dbg << " TARGET=" << t->getText(); + +#line 896 "IPTCfgParser.cpp" + { // ( ... )* + for (;;) { + if ((_tokenSet_5.member(LA(1)))) { + target_options(); + } + else { + goto _loop55; + } + + } + _loop55:; + } // ( ... )* + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } +} + +void IPTCfgParser::fragm() { + + try { // for error handling + match(OPT_FRAGM); +#line 565 "iptables.g" + + importer->fragments = true; + *dbg << " FRAGM"; + +#line 926 "IPTCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } +} + +void IPTCfgParser::icmp_type_spec() { + + try { // for error handling + match(MATCH_ICMP_TYPE); + { + switch ( LA(1)) { + case WORD: + { + match(WORD); +#line 711 "iptables.g" + + importer->icmp_spec = LT(0)->getText(); + *dbg << " ICMP_SPEC=" << LT(0)->getText(); + +#line 949 "IPTCfgParser.cpp" + break; + } + case INT_CONST: + { + { + match(INT_CONST); +#line 718 "iptables.g" + + importer->icmp_type = LT(0)->getText(); + importer->icmp_code = "-1"; + *dbg << " ICMP_TYPE=" << LT(0)->getText(); + +#line 962 "IPTCfgParser.cpp" + { + switch ( LA(1)) { + case SLASH: + { + match(SLASH); + match(INT_CONST); +#line 725 "iptables.g" + + importer->icmp_code = LT(0)->getText(); + *dbg << " ICMP_CODE=" << LT(0)->getText(); + +#line 974 "IPTCfgParser.cpp" + break; + } + case NEWLINE: + case MINUS: + case UNSUPPORTED_OPTION: + case OPT_MODULE: + case OPT_SRC: + case EXCLAMATION: + case OPT_DST: + case OPT_IN_INTF: + case OPT_OUT_INTF: + case OPT_PROTO: + case OPT_TARGET: + case OPT_FRAGM: + case MATCH_MARK: + case MATCH_LIMIT: + case MATCH_LIMIT_BURST: + case MATCH_SRC_MULTIPORT: + case MATCH_SRC_MULTIPORT_SHORT: + case MATCH_DST_MULTIPORT: + case MATCH_DST_MULTIPORT_SHORT: + case MATCH_ICMP_TYPE: + case MATCH_SRC_PORT: + case MATCH_SRC_PORT_SHORT: + case MATCH_DST_PORT: + case MATCH_DST_PORT_SHORT: + case MATCH_SYN: + case MATCH_TCP_FLAGS: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } +} + +void IPTCfgParser::basic_tcp_udp_port_spec() { + + try { // for error handling + switch ( LA(1)) { + case MATCH_SRC_PORT: + case MATCH_SRC_PORT_SHORT: + { + { + switch ( LA(1)) { + case MATCH_SRC_PORT: + { + match(MATCH_SRC_PORT); + break; + } + case MATCH_SRC_PORT_SHORT: + { + match(MATCH_SRC_PORT_SHORT); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + switch ( LA(1)) { + case EXCLAMATION: + { + match(EXCLAMATION); +#line 786 "iptables.g" + + importer->srv_neg = true; + +#line 1063 "IPTCfgParser.cpp" + break; + } + case WORD: + case INT_CONST: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + port_def_with_range(); +#line 791 "iptables.g" + + importer->pushTmpPortSpecToSrcPortList(); + +#line 1082 "IPTCfgParser.cpp" + break; + } + case MATCH_DST_PORT: + case MATCH_DST_PORT_SHORT: + { + { + switch ( LA(1)) { + case MATCH_DST_PORT: + { + match(MATCH_DST_PORT); + break; + } + case MATCH_DST_PORT_SHORT: + { + match(MATCH_DST_PORT_SHORT); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + switch ( LA(1)) { + case EXCLAMATION: + { + match(EXCLAMATION); +#line 798 "iptables.g" + + importer->srv_neg = true; + +#line 1115 "IPTCfgParser.cpp" + break; + } + case WORD: + case INT_CONST: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + port_def_with_range(); +#line 803 "iptables.g" + + importer->pushTmpPortSpecToDstPortList(); + +#line 1134 "IPTCfgParser.cpp" + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } +} + +void IPTCfgParser::multiport_tcp_udp_port_spec() { + + try { // for error handling + { + switch ( LA(1)) { + case MATCH_SRC_MULTIPORT: + case MATCH_SRC_MULTIPORT_SHORT: + { + { + { + switch ( LA(1)) { + case MATCH_SRC_MULTIPORT: + { + match(MATCH_SRC_MULTIPORT); + break; + } + case MATCH_SRC_MULTIPORT_SHORT: + { + match(MATCH_SRC_MULTIPORT_SHORT); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 667 "iptables.g" + + importer->startSrcMultiPort(); + *dbg << " SRC MULTIPORT="; + +#line 1182 "IPTCfgParser.cpp" + port_def_no_range(); +#line 672 "iptables.g" + + importer->pushTmpPortSpecToSrcPortList(); + +#line 1188 "IPTCfgParser.cpp" + { // ( ... )+ + int _cnt85=0; + for (;;) { + if ((LA(1) == COMMA)) { + match(COMMA); + port_def_no_range(); +#line 676 "iptables.g" + + importer->pushTmpPortSpecToSrcPortList(); + +#line 1199 "IPTCfgParser.cpp" + } + else { + if ( _cnt85>=1 ) { goto _loop85; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());} + } + + _cnt85++; + } + _loop85:; + } // ( ... )+ + } + break; + } + case MATCH_DST_MULTIPORT: + case MATCH_DST_MULTIPORT_SHORT: + { + { + { + switch ( LA(1)) { + case MATCH_DST_MULTIPORT: + { + match(MATCH_DST_MULTIPORT); + break; + } + case MATCH_DST_MULTIPORT_SHORT: + { + match(MATCH_DST_MULTIPORT_SHORT); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 682 "iptables.g" + + importer->startDstMultiPort(); + *dbg << " DST MULTIPORT="; + +#line 1239 "IPTCfgParser.cpp" + port_def_no_range(); +#line 687 "iptables.g" + + importer->pushTmpPortSpecToDstPortList(); + +#line 1245 "IPTCfgParser.cpp" + { // ( ... )+ + int _cnt89=0; + for (;;) { + if ((LA(1) == COMMA)) { + match(COMMA); + port_def_no_range(); +#line 691 "iptables.g" + + importer->pushTmpPortSpecToDstPortList(); + +#line 1256 "IPTCfgParser.cpp" + } + else { + if ( _cnt89>=1 ) { goto _loop89; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());} + } + + _cnt89++; + } + _loop89:; + } // ( ... )+ + } + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } +} + +void IPTCfgParser::tcp_options() { + + try { // for error handling + { + switch ( LA(1)) { + case EXCLAMATION: + case MATCH_SYN: + { + syn(); + break; + } + case MATCH_TCP_FLAGS: + { + tcp_flags(); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } +} + +void IPTCfgParser::match_mark() { + + try { // for error handling + match(MATCH_MARK); + match(INT_CONST); +#line 617 "iptables.g" + + importer->match_mark = LT(0)->getText(); + *dbg << " MATCH MARK " << LT(0)->getText(); + +#line 1323 "IPTCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } +} + +void IPTCfgParser::match_limit() { + + try { // for error handling + match(MATCH_LIMIT); + limit_rate(); + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } +} + +void IPTCfgParser::match_limit_burst() { + + try { // for error handling + match(MATCH_LIMIT_BURST); + match(INT_CONST); +#line 648 "iptables.g" + + importer->limit_burst = LT(0)->getText(); + *dbg << " LIMIT BURST " << LT(0)->getText(); + +#line 1355 "IPTCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } +} + +void IPTCfgParser::unknown_option() { + + try { // for error handling + if ((LA(1) == MINUS) && (LA(2) == WORD)) { + { + match(MINUS); + match(WORD); +#line 210 "iptables.g" + + importer->markCurrentRuleBad( + std::string("Unknown option: -")+LT(0)->getText()); + *dbg << " UNKNOWN OPTION=-" << LT(0)->getText(); + +#line 1377 "IPTCfgParser.cpp" + { + switch ( LA(1)) { + case WORD: + case INT_CONST: + case DIGIT: + { + unknown_parameter(); + break; + } + case NEWLINE: + case MINUS: + case UNSUPPORTED_OPTION: + case OPT_MODULE: + case OPT_SRC: + case EXCLAMATION: + case OPT_DST: + case OPT_IN_INTF: + case OPT_OUT_INTF: + case OPT_PROTO: + case OPT_TARGET: + case OPT_FRAGM: + case MATCH_MARK: + case MATCH_LIMIT: + case MATCH_LIMIT_BURST: + case MATCH_SRC_MULTIPORT: + case MATCH_SRC_MULTIPORT_SHORT: + case MATCH_DST_MULTIPORT: + case MATCH_DST_MULTIPORT_SHORT: + case MATCH_ICMP_TYPE: + case MATCH_SRC_PORT: + case MATCH_SRC_PORT_SHORT: + case MATCH_DST_PORT: + case MATCH_DST_PORT_SHORT: + case MATCH_SYN: + case MATCH_TCP_FLAGS: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + } + else if ((LA(1) == MINUS) && (LA(2) == MINUS)) { + { + { + match(MINUS); + match(MINUS); + match(WORD); + } +#line 220 "iptables.g" + + importer->markCurrentRuleBad( + std::string("Unknown option: --")+LT(0)->getText()); + *dbg << " UNKNOWN OPTION=--" << LT(0)->getText(); + +#line 1437 "IPTCfgParser.cpp" + { + switch ( LA(1)) { + case WORD: + case INT_CONST: + case DIGIT: + { + unknown_parameter(); + break; + } + case NEWLINE: + case MINUS: + case UNSUPPORTED_OPTION: + case OPT_MODULE: + case OPT_SRC: + case EXCLAMATION: + case OPT_DST: + case OPT_IN_INTF: + case OPT_OUT_INTF: + case OPT_PROTO: + case OPT_TARGET: + case OPT_FRAGM: + case MATCH_MARK: + case MATCH_LIMIT: + case MATCH_LIMIT_BURST: + case MATCH_SRC_MULTIPORT: + case MATCH_SRC_MULTIPORT_SHORT: + case MATCH_DST_MULTIPORT: + case MATCH_DST_MULTIPORT_SHORT: + case MATCH_ICMP_TYPE: + case MATCH_SRC_PORT: + case MATCH_SRC_PORT_SHORT: + case MATCH_DST_PORT: + case MATCH_DST_PORT_SHORT: + case MATCH_SYN: + case MATCH_TCP_FLAGS: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + } + else if ((LA(1) == UNSUPPORTED_OPTION)) { + { + match(UNSUPPORTED_OPTION); +#line 230 "iptables.g" + + importer->markCurrentRuleBad( + std::string("Unknown option: ")+LT(0)->getText()); + *dbg << " UNKNOWN OPTION=" << LT(0)->getText(); + +#line 1493 "IPTCfgParser.cpp" + { + switch ( LA(1)) { + case WORD: + case INT_CONST: + case DIGIT: + { + unknown_parameter(); + break; + } + case NEWLINE: + case MINUS: + case UNSUPPORTED_OPTION: + case OPT_MODULE: + case OPT_SRC: + case EXCLAMATION: + case OPT_DST: + case OPT_IN_INTF: + case OPT_OUT_INTF: + case OPT_PROTO: + case OPT_TARGET: + case OPT_FRAGM: + case MATCH_MARK: + case MATCH_LIMIT: + case MATCH_LIMIT_BURST: + case MATCH_SRC_MULTIPORT: + case MATCH_SRC_MULTIPORT_SHORT: + case MATCH_DST_MULTIPORT: + case MATCH_DST_MULTIPORT_SHORT: + case MATCH_ICMP_TYPE: + case MATCH_SRC_PORT: + case MATCH_SRC_PORT_SHORT: + case MATCH_DST_PORT: + case MATCH_DST_PORT_SHORT: + case MATCH_SYN: + case MATCH_TCP_FLAGS: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + } + else { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } +} + +void IPTCfgParser::unknown_parameter() { + + try { // for error handling + if ((LA(1) == INT_CONST || LA(1) == DIGIT) && (LA(2) == SLASH)) { +#line 240 "iptables.g" + std::string s; +#line 1558 "IPTCfgParser.cpp" + { + { + { + switch ( LA(1)) { + case DIGIT: + { + match(DIGIT); +#line 244 "iptables.g" + s+=LT(0)->getText(); +#line 1568 "IPTCfgParser.cpp" + break; + } + case INT_CONST: + { + match(INT_CONST); +#line 246 "iptables.g" + s+=LT(0)->getText(); +#line 1576 "IPTCfgParser.cpp" + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + match(SLASH); +#line 248 "iptables.g" + s+=LT(0)->getText(); +#line 1588 "IPTCfgParser.cpp" + match(WORD); +#line 249 "iptables.g" + s+=LT(0)->getText(); +#line 1592 "IPTCfgParser.cpp" + } +#line 251 "iptables.g" + + importer->markCurrentRuleBad( + std::string("Unknown parameter: ")+s); + *dbg << " UNKNOWN PARMETER=" << s; + +#line 1600 "IPTCfgParser.cpp" + } + } + else if ((LA(1) == WORD || LA(1) == INT_CONST || LA(1) == DIGIT) && (_tokenSet_4.member(LA(2)))) { + { + { + switch ( LA(1)) { + case DIGIT: + { + match(DIGIT); + break; + } + case INT_CONST: + { + match(INT_CONST); + break; + } + case WORD: + { + match(WORD); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 260 "iptables.g" + + importer->markCurrentRuleBad( + std::string("Unknown parameter: ")+LT(0)->getText()); + *dbg << " UNKNOWN PARMETER=" << LT(0)->getText(); + +#line 1634 "IPTCfgParser.cpp" + } + } + else { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } +} + +void IPTCfgParser::m_state() { + + try { // for error handling + match(M_STATE); + match(MATCH_STATE); +#line 587 "iptables.g" + + importer->current_state = ""; + +#line 1658 "IPTCfgParser.cpp" + state_word(); +#line 591 "iptables.g" + + importer->current_state += LT(0)->getText(); + +#line 1664 "IPTCfgParser.cpp" + { + switch ( LA(1)) { + case COMMA: + { + match(COMMA); + state_word(); +#line 596 "iptables.g" + + importer->current_state += std::string(",") + LT(0)->getText(); + +#line 1675 "IPTCfgParser.cpp" + break; + } + case NEWLINE: + case MINUS: + case UNSUPPORTED_OPTION: + case OPT_MODULE: + case OPT_SRC: + case EXCLAMATION: + case OPT_DST: + case OPT_IN_INTF: + case OPT_OUT_INTF: + case OPT_PROTO: + case OPT_TARGET: + case OPT_FRAGM: + case MATCH_MARK: + case MATCH_LIMIT: + case MATCH_LIMIT_BURST: + case MATCH_SRC_MULTIPORT: + case MATCH_SRC_MULTIPORT_SHORT: + case MATCH_DST_MULTIPORT: + case MATCH_DST_MULTIPORT_SHORT: + case MATCH_ICMP_TYPE: + case MATCH_SRC_PORT: + case MATCH_SRC_PORT_SHORT: + case MATCH_DST_PORT: + case MATCH_DST_PORT_SHORT: + case MATCH_SYN: + case MATCH_TCP_FLAGS: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 600 "iptables.g" + + *dbg << " STATE MATCH=" << importer->current_state; + +#line 1717 "IPTCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } +} + +void IPTCfgParser::m_mport() { + + try { // for error handling + match(M_MPORT); +#line 657 "iptables.g" + + *dbg << " MULTIPORT"; + +#line 1734 "IPTCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } +} + +void IPTCfgParser::m_icmp() { + + try { // for error handling + match(ICMP); +#line 701 "iptables.g" + + importer->protocol = "icmp"; + *dbg << " ICMP"; + +#line 1752 "IPTCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } +} + +void IPTCfgParser::m_tcp() { + + try { // for error handling + match(TCP); +#line 821 "iptables.g" + + importer->protocol = "tcp"; + *dbg << " TCP"; + +#line 1770 "IPTCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } +} + +void IPTCfgParser::m_udp() { + + try { // for error handling + match(UDP); +#line 812 "iptables.g" + + importer->protocol = "udp"; + *dbg << " UDP"; + +#line 1788 "IPTCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } +} + +void IPTCfgParser::m_mark() { + + try { // for error handling + match(M_MARK); +#line 609 "iptables.g" + + *dbg << " MARK"; + +#line 1805 "IPTCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } +} + +void IPTCfgParser::m_limit() { + + try { // for error handling + match(M_LIMIT); +#line 626 "iptables.g" + + *dbg << " LIMIT"; + +#line 1822 "IPTCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } +} + +void IPTCfgParser::m_unknown_module() { + + try { // for error handling + match(WORD); +#line 574 "iptables.g" + + *dbg << " UNKNOWN MODULE=" << LT(0)->getText(); + importer->markCurrentRuleBad( + std::string("Unknown module: ")+LT(0)->getText()); + +#line 1841 "IPTCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } +} + +void IPTCfgParser::protocol_word() { + + try { // for error handling + { + switch ( LA(1)) { + case TCP: + { + match(TCP); + break; + } + case UDP: + { + match(UDP); + break; + } + case ICMP: + { + match(ICMP); + break; + } + case WORD: + { + match(WORD); + break; + } + case INT_CONST: + { + match(INT_CONST); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } +} + +void IPTCfgParser::target_options() { + + try { // for error handling + { + switch ( LA(1)) { + case REJECT_WITH: + { + match(REJECT_WITH); + match(WORD); +#line 387 "iptables.g" + + importer->action_params["reject_with"] = LT(0)->getText(); + *dbg << " REJECT WITH=" << LT(0)->getText(); + +#line 1908 "IPTCfgParser.cpp" + break; + } + case LOG_PREFIX: + { + match(LOG_PREFIX); + { + switch ( LA(1)) { + case WORD: + { + match(WORD); + break; + } + case STRING: + { + match(STRING); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 393 "iptables.g" + + importer->action_params["log_prefix"] = LT(0)->getText(); + *dbg << " LOG PREFIX=" << LT(0)->getText(); + +#line 1937 "IPTCfgParser.cpp" + break; + } + case LOG_TCP_SEQ: + { + match(LOG_TCP_SEQ); +#line 399 "iptables.g" + + importer->action_params["log_tcp_seq"] = LT(0)->getText(); + *dbg << " LOG TCP SEQUENCE="; + +#line 1948 "IPTCfgParser.cpp" + break; + } + case LOG_TCP_OPT: + { + match(LOG_TCP_OPT); +#line 405 "iptables.g" + + importer->action_params["log_tcp_options"] = LT(0)->getText(); + *dbg << " LOG TCP OPTIONS="; + +#line 1959 "IPTCfgParser.cpp" + break; + } + case LOG_IP_OPT: + { + match(LOG_IP_OPT); +#line 411 "iptables.g" + + importer->action_params["log_ip_options"] = LT(0)->getText(); + *dbg << " LOG IP OPTIONS="; + +#line 1970 "IPTCfgParser.cpp" + break; + } + case ULOG_PREFIX: + { + match(ULOG_PREFIX); + { + switch ( LA(1)) { + case WORD: + { + match(WORD); + break; + } + case STRING: + { + match(STRING); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 417 "iptables.g" + + importer->action_params["log_prefix"] = LT(0)->getText(); + *dbg << " ULOG PREFIX=" << LT(0)->getText(); + +#line 1999 "IPTCfgParser.cpp" + break; + } + case LOG_LEVEL: + { + match(LOG_LEVEL); + match(WORD); +#line 423 "iptables.g" + + importer->action_params["log_level"] = LT(0)->getText(); + *dbg << " LOG LEVEL=" << LT(0)->getText(); + +#line 2011 "IPTCfgParser.cpp" + break; + } + case SET_MARK: + { + match(SET_MARK); + match(INT_CONST); +#line 429 "iptables.g" + + importer->action_params["set_mark"] = LT(0)->getText(); + *dbg << " SET MARK=" << LT(0)->getText(); + +#line 2023 "IPTCfgParser.cpp" + break; + } + case SAVE_MARK: + { + match(SAVE_MARK); +#line 445 "iptables.g" + + importer->action_params["connmark_save_mark"] = "--save-mark"; + *dbg << " SAVE MARK"; + +#line 2034 "IPTCfgParser.cpp" + break; + } + case RESTORE_MARK: + { + match(RESTORE_MARK); +#line 451 "iptables.g" + + importer->action_params["connmark_restore_mark"] = "--restore-mark"; + *dbg << " RESTORE MARK"; + +#line 2045 "IPTCfgParser.cpp" + break; + } + case CONTINUE: + { + match(CONTINUE); +#line 457 "iptables.g" + + importer->action_params["route_continue"] = "--continue"; + *dbg << " CONTINUE"; + +#line 2056 "IPTCfgParser.cpp" + break; + } + case ROUTE_IIF: + { + match(ROUTE_IIF); + match(WORD); +#line 463 "iptables.g" + + importer->action_params["route_iif"] = LT(0)->getText(); + *dbg << " ROUTE_IIF=" << LT(0)->getText(); + +#line 2068 "IPTCfgParser.cpp" + break; + } + case ROUTE_OIF: + { + match(ROUTE_OIF); + match(WORD); +#line 469 "iptables.g" + + importer->action_params["route_oif"] = LT(0)->getText(); + *dbg << " ROUTE_OIF=" << LT(0)->getText(); + +#line 2080 "IPTCfgParser.cpp" + break; + } + case ROUTE_GW: + { + match(ROUTE_GW); + match(IPV4); +#line 475 "iptables.g" + + importer->action_params["route_gw"] = LT(0)->getText(); + *dbg << " ROUTE_GW=" << LT(0)->getText(); + +#line 2092 "IPTCfgParser.cpp" + break; + } + case ROUTE_TEE: + { + match(ROUTE_TEE); +#line 481 "iptables.g" + + importer->action_params["route_tee"] = "--tee"; + *dbg << " ROUTE_TEE"; + +#line 2103 "IPTCfgParser.cpp" + break; + } + case TO_SOURCE: + { + match(TO_SOURCE); +#line 487 "iptables.g" + + *dbg << " TO-SOURCE"; + +#line 2113 "IPTCfgParser.cpp" + nat_spec(); + break; + } + case TO_DESTINATION: + { + match(TO_DESTINATION); +#line 493 "iptables.g" + + *dbg << " TO-DESTINATION"; + +#line 2124 "IPTCfgParser.cpp" + nat_spec(); + break; + } + case TO_PORTS: + { + match(TO_PORTS); + redirect_spec(); + break; + } + case TO_NETMAP: + { + match(TO_NETMAP); +#line 501 "iptables.g" + + *dbg << " TO-NETMAP"; + +#line 2141 "IPTCfgParser.cpp" + { + match(IPV4); +#line 506 "iptables.g" + + importer->nat_addr1 = LT(0)->getText(); + importer->nat_addr2 = LT(0)->getText(); + *dbg << LT(0)->getText(); + +#line 2150 "IPTCfgParser.cpp" + match(SLASH); + { + switch ( LA(1)) { + case IPV4: + { + match(IPV4); + break; + } + case INT_CONST: + { + match(INT_CONST); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 512 "iptables.g" + + importer->nat_nm = LT(0)->getText(); + *dbg << "/" << LT(0)->getText(); + +#line 2175 "IPTCfgParser.cpp" + } + break; + } + default: + if ((LA(1) == SET_TOS) && (LA(2) == HEX_CONST)) { + match(SET_TOS); + match(HEX_CONST); +#line 435 "iptables.g" + + *dbg << " SET TOS=" << LT(0)->getText() << "(unsupported)"; + +#line 2187 "IPTCfgParser.cpp" + } + else if ((LA(1) == SET_TOS) && (LA(2) == WORD)) { + match(SET_TOS); + match(WORD); +#line 440 "iptables.g" + + *dbg << " SET TOS=" << LT(0)->getText() << "(unsupported)"; + +#line 2196 "IPTCfgParser.cpp" + } + else { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_6); + } +} + +void IPTCfgParser::nat_spec() { + + try { // for error handling + nat_addr_range(); + { + switch ( LA(1)) { + case COLON: + { + match(COLON); + nat_port_def_with_range(); + break; + } + case NEWLINE: + case MINUS: + case UNSUPPORTED_OPTION: + case OPT_MODULE: + case OPT_SRC: + case EXCLAMATION: + case OPT_DST: + case OPT_IN_INTF: + case OPT_OUT_INTF: + case OPT_PROTO: + case OPT_TARGET: + case REJECT_WITH: + case LOG_PREFIX: + case LOG_TCP_SEQ: + case LOG_TCP_OPT: + case LOG_IP_OPT: + case ULOG_PREFIX: + case LOG_LEVEL: + case SET_MARK: + case SET_TOS: + case SAVE_MARK: + case RESTORE_MARK: + case CONTINUE: + case ROUTE_IIF: + case ROUTE_OIF: + case ROUTE_GW: + case ROUTE_TEE: + case TO_SOURCE: + case TO_DESTINATION: + case TO_PORTS: + case TO_NETMAP: + case OPT_FRAGM: + case MATCH_MARK: + case MATCH_LIMIT: + case MATCH_LIMIT_BURST: + case MATCH_SRC_MULTIPORT: + case MATCH_SRC_MULTIPORT_SHORT: + case MATCH_DST_MULTIPORT: + case MATCH_DST_MULTIPORT_SHORT: + case MATCH_ICMP_TYPE: + case MATCH_SRC_PORT: + case MATCH_SRC_PORT_SHORT: + case MATCH_DST_PORT: + case MATCH_DST_PORT_SHORT: + case MATCH_SYN: + case MATCH_TCP_FLAGS: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 524 "iptables.g" + + *dbg << " " + << importer->nat_addr1 + << "-" + << importer->nat_addr2 + << ":" + << importer->nat_port_range_start + << "-" + << importer->nat_port_range_end; + +#line 2289 "IPTCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_6); + } +} + +void IPTCfgParser::redirect_spec() { + + try { // for error handling + nat_port_def_with_range(); +#line 552 "iptables.g" + + *dbg << " TO-PORTS " + << importer->nat_addr1 + << "-" + << importer->nat_addr2 + << ":" + << importer->nat_port_range_start + << importer->nat_port_range_end; + +#line 2312 "IPTCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_6); + } +} + +void IPTCfgParser::nat_addr_range() { + + try { // for error handling + match(IPV4); +#line 539 "iptables.g" + + importer->nat_port_range_start = ""; + importer->nat_port_range_end = ""; + importer->nat_addr1 = LT(0)->getText(); + importer->nat_addr2 = LT(0)->getText(); + +#line 2332 "IPTCfgParser.cpp" + { + if ((LA(1) == MINUS) && (LA(2) == IPV4)) { + match(MINUS); + match(IPV4); +#line 546 "iptables.g" + importer->nat_addr2 = LT(0)->getText(); +#line 2339 "IPTCfgParser.cpp" + } + else if ((_tokenSet_7.member(LA(1))) && (_tokenSet_8.member(LA(2)))) { + } + else { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_7); + } +} + +void IPTCfgParser::nat_port_def_with_range() { + + try { // for error handling + { + switch ( LA(1)) { + case WORD: + { + match(WORD); + break; + } + case INT_CONST: + { + match(INT_CONST); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 767 "iptables.g" + + importer->nat_port_range_start = LT(0)->getText(); + importer->nat_port_range_end = LT(0)->getText(); + *dbg << " PORT=" << LT(0)->getText(); + +#line 2383 "IPTCfgParser.cpp" + { + if ((LA(1) == MINUS) && (LA(2) == WORD || LA(2) == INT_CONST)) { + match(MINUS); + { + switch ( LA(1)) { + case WORD: + { + match(WORD); + break; + } + case INT_CONST: + { + match(INT_CONST); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 774 "iptables.g" + + importer->nat_port_range_end = LT(0)->getText(); + *dbg << ":" << LT(0)->getText(); + +#line 2410 "IPTCfgParser.cpp" + } + else if ((_tokenSet_6.member(LA(1))) && (_tokenSet_8.member(LA(2)))) { + } + else { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_6); + } +} + +void IPTCfgParser::state_word() { + + try { // for error handling + { + switch ( LA(1)) { + case INVALID: + { + match(INVALID); + break; + } + case NEW: + { + match(NEW); + break; + } + case ESTABLISHED: + { + match(ESTABLISHED); + break; + } + case RELATED: + { + match(RELATED); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_9); + } +} + +void IPTCfgParser::limit_rate() { + + try { // for error handling + match(INT_CONST); +#line 637 "iptables.g" + importer->limit_val = LT(0)->getText(); +#line 2472 "IPTCfgParser.cpp" + match(SLASH); + match(WORD); +#line 639 "iptables.g" + importer->limit_suffix = LT(0)->getText(); +#line 2477 "IPTCfgParser.cpp" +#line 640 "iptables.g" + + *dbg << " MATCH LIMIT " + << importer->limit_val << "/" + << importer->limit_suffix; + +#line 2484 "IPTCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } +} + +void IPTCfgParser::port_def_no_range() { + + try { // for error handling + { + switch ( LA(1)) { + case WORD: + { + match(WORD); + break; + } + case INT_CONST: + { + match(INT_CONST); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 737 "iptables.g" + + importer->tmp_port_range_start = LT(0)->getText(); + importer->tmp_port_range_end = LT(0)->getText(); + *dbg << " PORT=" << LT(0)->getText(); + +#line 2520 "IPTCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_9); + } +} + +void IPTCfgParser::port_def_with_range() { + + try { // for error handling + { + switch ( LA(1)) { + case WORD: + { + match(WORD); + break; + } + case INT_CONST: + { + match(INT_CONST); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 748 "iptables.g" + + importer->tmp_port_range_start = LT(0)->getText(); + importer->tmp_port_range_end = LT(0)->getText(); + *dbg << " PORT=" << LT(0)->getText(); + +#line 2556 "IPTCfgParser.cpp" + { + switch ( LA(1)) { + case COLON: + { + match(COLON); + { + switch ( LA(1)) { + case WORD: + { + match(WORD); + break; + } + case INT_CONST: + { + match(INT_CONST); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 755 "iptables.g" + + importer->tmp_port_range_end = LT(0)->getText(); + *dbg << ":" << LT(0)->getText(); + +#line 2585 "IPTCfgParser.cpp" + break; + } + case NEWLINE: + case MINUS: + case UNSUPPORTED_OPTION: + case OPT_MODULE: + case OPT_SRC: + case EXCLAMATION: + case OPT_DST: + case OPT_IN_INTF: + case OPT_OUT_INTF: + case OPT_PROTO: + case OPT_TARGET: + case OPT_FRAGM: + case MATCH_MARK: + case MATCH_LIMIT: + case MATCH_LIMIT_BURST: + case MATCH_SRC_MULTIPORT: + case MATCH_SRC_MULTIPORT_SHORT: + case MATCH_DST_MULTIPORT: + case MATCH_DST_MULTIPORT_SHORT: + case MATCH_ICMP_TYPE: + case MATCH_SRC_PORT: + case MATCH_SRC_PORT_SHORT: + case MATCH_DST_PORT: + case MATCH_DST_PORT_SHORT: + case MATCH_SYN: + case MATCH_TCP_FLAGS: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } +} + +void IPTCfgParser::syn() { + + try { // for error handling + { + switch ( LA(1)) { + case EXCLAMATION: + { + match(EXCLAMATION); +#line 836 "iptables.g" + + importer->srv_neg = true; + +#line 2643 "IPTCfgParser.cpp" + break; + } + case MATCH_SYN: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + match(MATCH_SYN); +#line 841 "iptables.g" + + importer->tcp_flags_mask.clear(); + importer->tcp_flags_mask.push_back(libfwbuilder::TCPService::SYN); + importer->tcp_flags_mask.push_back(libfwbuilder::TCPService::RST); + importer->tcp_flags_mask.push_back(libfwbuilder::TCPService::ACK); + + importer->tcp_flags_comp.clear(); + importer->tcp_flags_comp.push_back(libfwbuilder::TCPService::SYN); + +#line 2667 "IPTCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } +} + +void IPTCfgParser::tcp_flags() { + + try { // for error handling + match(MATCH_TCP_FLAGS); + tcp_flags_list(); +#line 892 "iptables.g" + + importer->tcp_flags_mask = importer->tmp_tcp_flags_list; + importer->tmp_tcp_flags_list.clear(); + +#line 2686 "IPTCfgParser.cpp" + tcp_flags_list(); +#line 897 "iptables.g" + + importer->tcp_flags_comp = importer->tmp_tcp_flags_list; + importer->tmp_tcp_flags_list.clear(); + *dbg << " TCP FLAGS="; + std::list::iterator i; + for (i=importer->tcp_flags_mask.begin(); + i!=importer->tcp_flags_mask.end(); ++i) + *dbg << *i << "|"; + *dbg << " "; + for (i=importer->tcp_flags_comp.begin(); + i!=importer->tcp_flags_comp.end(); ++i) + *dbg << *i << "|"; + +#line 2702 "IPTCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_4); + } +} + +void IPTCfgParser::tcp_flag_word() { + + try { // for error handling + { + switch ( LA(1)) { + case SYN: + { + match(SYN); +#line 854 "iptables.g" + importer->tmp_tcp_flag_code = libfwbuilder::TCPService::SYN; +#line 2721 "IPTCfgParser.cpp" + break; + } + case ACK: + { + match(ACK); +#line 856 "iptables.g" + importer->tmp_tcp_flag_code = libfwbuilder::TCPService::ACK; +#line 2729 "IPTCfgParser.cpp" + break; + } + case FIN: + { + match(FIN); +#line 858 "iptables.g" + importer->tmp_tcp_flag_code = libfwbuilder::TCPService::FIN; +#line 2737 "IPTCfgParser.cpp" + break; + } + case RST: + { + match(RST); +#line 860 "iptables.g" + importer->tmp_tcp_flag_code = libfwbuilder::TCPService::RST; +#line 2745 "IPTCfgParser.cpp" + break; + } + case URG: + { + match(URG); +#line 862 "iptables.g" + importer->tmp_tcp_flag_code = libfwbuilder::TCPService::URG; +#line 2753 "IPTCfgParser.cpp" + break; + } + case PSH: + { + match(PSH); +#line 864 "iptables.g" + importer->tmp_tcp_flag_code = libfwbuilder::TCPService::PSH; +#line 2761 "IPTCfgParser.cpp" + break; + } + case ALL: + { + match(ALL); +#line 866 "iptables.g" + importer->tmp_tcp_flag_code = 99; +#line 2769 "IPTCfgParser.cpp" + break; + } + case NONE: + { + match(NONE); +#line 868 "iptables.g" + importer->tmp_tcp_flag_code = 98; +#line 2777 "IPTCfgParser.cpp" + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_10); + } +} + +void IPTCfgParser::tcp_flags_list() { + + try { // for error handling +#line 873 "iptables.g" + + importer->tmp_tcp_flags_list.clear(); + importer->tmp_tcp_flag_code = 0; + +#line 2802 "IPTCfgParser.cpp" + tcp_flag_word(); +#line 878 "iptables.g" + + importer->tmp_tcp_flags_list.push_back(importer->tmp_tcp_flag_code); + +#line 2808 "IPTCfgParser.cpp" + { // ( ... )* + for (;;) { + if ((LA(1) == COMMA)) { + match(COMMA); + tcp_flag_word(); +#line 883 "iptables.g" + + importer->tmp_tcp_flags_list.push_back( + importer->tmp_tcp_flag_code); + +#line 2819 "IPTCfgParser.cpp" + } + else { + goto _loop120; + } + + } + _loop120:; + } // ( ... )* + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + consume(); + consumeUntil(_tokenSet_11); + } +} + +void IPTCfgParser::initializeASTFactory( ANTLR_USE_NAMESPACE(antlr)ASTFactory& ) +{ +} +const char* IPTCfgParser::tokenNames[] = { + "<0>", + "EOF", + "<2>", + "NULL_TREE_LOOKAHEAD", + "NEWLINE", + "LINE_COMMENT", + "\"COMMIT\"", + "STAR", + "WORD", + "\"INPUT\"", + "\"FORWARD\"", + "\"OUTPUT\"", + "\"PREROUTING\"", + "\"POSTROUTING\"", + "COLON", + "MINUS", + "OPENING_SQUARE", + "INT_CONST", + "CLOSING_SQUARE", + "ADD_RULE", + "UNSUPPORTED_OPTION", + "DIGIT", + "SLASH", + "OPT_MODULE", + "OPT_SRC", + "EXCLAMATION", + "IPV4", + "OPT_DST", + "OPT_IN_INTF", + "OPT_OUT_INTF", + "\"tcp\"", + "\"udp\"", + "\"icmp\"", + "OPT_PROTO", + "OPT_TARGET", + "REJECT_WITH", + "LOG_PREFIX", + "STRING", + "LOG_TCP_SEQ", + "LOG_TCP_OPT", + "LOG_IP_OPT", + "ULOG_PREFIX", + "LOG_LEVEL", + "SET_MARK", + "SET_TOS", + "HEX_CONST", + "SAVE_MARK", + "RESTORE_MARK", + "CONTINUE", + "ROUTE_IIF", + "ROUTE_OIF", + "ROUTE_GW", + "ROUTE_TEE", + "TO_SOURCE", + "TO_DESTINATION", + "TO_PORTS", + "TO_NETMAP", + "OPT_FRAGM", + "\"INVALID\"", + "\"NEW\"", + "\"ESTABLISHED\"", + "\"RELATED\"", + "\"state\"", + "MATCH_STATE", + "COMMA", + "\"mark\"", + "MATCH_MARK", + "\"limit\"", + "MATCH_LIMIT", + "MATCH_LIMIT_BURST", + "\"multiport\"", + "MATCH_SRC_MULTIPORT", + "MATCH_SRC_MULTIPORT_SHORT", + "MATCH_DST_MULTIPORT", + "MATCH_DST_MULTIPORT_SHORT", + "MATCH_ICMP_TYPE", + "MATCH_SRC_PORT", + "MATCH_SRC_PORT_SHORT", + "MATCH_DST_PORT", + "MATCH_DST_PORT_SHORT", + "MATCH_SYN", + "\"SYN\"", + "\"ACK\"", + "\"FIN\"", + "\"RST\"", + "\"URG\"", + "\"PSH\"", + "\"ALL\"", + "\"NONE\"", + "MATCH_TCP_FLAGS", + "Whitespace", + "NEG_INT_CONST", + "HEXDIGIT", + "NUMBER", + "SECONDS", + "SET", + "RSOURCE", + "ULOG_QTHR", + "ULOG_NLG", + "ULOG_CPR", + "NUMBER_SIGN", + "PERCENT", + "AMPERSAND", + "APOSTROPHE", + "OPENING_PAREN", + "CLOSING_PAREN", + "PLUS", + "DOT", + "SEMICOLON", + "LESS_THAN", + "EQUALS", + "GREATER_THAN", + "QUESTION", + "COMMERCIAL_AT", + "CARET", + "UNDERLINE", + "OPENING_BRACE", + "CLOSING_BRACE", + "TILDE", + 0 +}; + +const unsigned long IPTCfgParser::_tokenSet_0_data_[] = { 2UL, 0UL, 0UL, 0UL }; +// EOF +const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgParser::_tokenSet_0(_tokenSet_0_data_,4); +const unsigned long IPTCfgParser::_tokenSet_1_data_[] = { 540914UL, 0UL, 0UL, 0UL }; +// EOF NEWLINE LINE_COMMENT "COMMIT" STAR COLON ADD_RULE +const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgParser::_tokenSet_1(_tokenSet_1_data_,4); +const unsigned long IPTCfgParser::_tokenSet_2_data_[] = { 999325696UL, 33554438UL, 33685428UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// MINUS UNSUPPORTED_OPTION OPT_MODULE OPT_SRC EXCLAMATION OPT_DST OPT_IN_INTF +// OPT_OUT_INTF OPT_PROTO OPT_TARGET OPT_FRAGM MATCH_MARK MATCH_LIMIT MATCH_LIMIT_BURST +// MATCH_SRC_MULTIPORT MATCH_SRC_MULTIPORT_SHORT MATCH_DST_MULTIPORT MATCH_DST_MULTIPORT_SHORT +// MATCH_ICMP_TYPE MATCH_SRC_PORT MATCH_SRC_PORT_SHORT MATCH_DST_PORT MATCH_DST_PORT_SHORT +// MATCH_SYN MATCH_TCP_FLAGS +const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgParser::_tokenSet_2(_tokenSet_2_data_,8); +const unsigned long IPTCfgParser::_tokenSet_3_data_[] = { 999325952UL, 33554438UL, 33685428UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// WORD MINUS UNSUPPORTED_OPTION OPT_MODULE OPT_SRC EXCLAMATION OPT_DST +// OPT_IN_INTF OPT_OUT_INTF OPT_PROTO OPT_TARGET OPT_FRAGM MATCH_MARK MATCH_LIMIT +// MATCH_LIMIT_BURST MATCH_SRC_MULTIPORT MATCH_SRC_MULTIPORT_SHORT MATCH_DST_MULTIPORT +// MATCH_DST_MULTIPORT_SHORT MATCH_ICMP_TYPE MATCH_SRC_PORT MATCH_SRC_PORT_SHORT +// MATCH_DST_PORT MATCH_DST_PORT_SHORT MATCH_SYN MATCH_TCP_FLAGS +const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgParser::_tokenSet_3(_tokenSet_3_data_,8); +const unsigned long IPTCfgParser::_tokenSet_4_data_[] = { 999325712UL, 33554438UL, 33685428UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE MINUS UNSUPPORTED_OPTION OPT_MODULE OPT_SRC EXCLAMATION OPT_DST +// OPT_IN_INTF OPT_OUT_INTF OPT_PROTO OPT_TARGET OPT_FRAGM MATCH_MARK MATCH_LIMIT +// MATCH_LIMIT_BURST MATCH_SRC_MULTIPORT MATCH_SRC_MULTIPORT_SHORT MATCH_DST_MULTIPORT +// MATCH_DST_MULTIPORT_SHORT MATCH_ICMP_TYPE MATCH_SRC_PORT MATCH_SRC_PORT_SHORT +// MATCH_DST_PORT MATCH_DST_PORT_SHORT MATCH_SYN MATCH_TCP_FLAGS +const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgParser::_tokenSet_4(_tokenSet_4_data_,8); +const unsigned long IPTCfgParser::_tokenSet_5_data_[] = { 0UL, 33546200UL, 0UL, 0UL }; +// REJECT_WITH LOG_PREFIX LOG_TCP_SEQ LOG_TCP_OPT LOG_IP_OPT ULOG_PREFIX +// LOG_LEVEL SET_MARK SET_TOS SAVE_MARK RESTORE_MARK CONTINUE ROUTE_IIF +// ROUTE_OIF ROUTE_GW ROUTE_TEE TO_SOURCE TO_DESTINATION TO_PORTS TO_NETMAP +const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgParser::_tokenSet_5(_tokenSet_5_data_,4); +const unsigned long IPTCfgParser::_tokenSet_6_data_[] = { 999325712UL, 67100638UL, 33685428UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE MINUS UNSUPPORTED_OPTION OPT_MODULE OPT_SRC EXCLAMATION OPT_DST +// OPT_IN_INTF OPT_OUT_INTF OPT_PROTO OPT_TARGET REJECT_WITH LOG_PREFIX +// LOG_TCP_SEQ LOG_TCP_OPT LOG_IP_OPT ULOG_PREFIX LOG_LEVEL SET_MARK SET_TOS +// SAVE_MARK RESTORE_MARK CONTINUE ROUTE_IIF ROUTE_OIF ROUTE_GW ROUTE_TEE +// TO_SOURCE TO_DESTINATION TO_PORTS TO_NETMAP OPT_FRAGM MATCH_MARK MATCH_LIMIT +// MATCH_LIMIT_BURST MATCH_SRC_MULTIPORT MATCH_SRC_MULTIPORT_SHORT MATCH_DST_MULTIPORT +// MATCH_DST_MULTIPORT_SHORT MATCH_ICMP_TYPE MATCH_SRC_PORT MATCH_SRC_PORT_SHORT +// MATCH_DST_PORT MATCH_DST_PORT_SHORT MATCH_SYN MATCH_TCP_FLAGS +const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgParser::_tokenSet_6(_tokenSet_6_data_,8); +const unsigned long IPTCfgParser::_tokenSet_7_data_[] = { 999342096UL, 67100638UL, 33685428UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE COLON MINUS UNSUPPORTED_OPTION OPT_MODULE OPT_SRC EXCLAMATION +// OPT_DST OPT_IN_INTF OPT_OUT_INTF OPT_PROTO OPT_TARGET REJECT_WITH LOG_PREFIX +// LOG_TCP_SEQ LOG_TCP_OPT LOG_IP_OPT ULOG_PREFIX LOG_LEVEL SET_MARK SET_TOS +// SAVE_MARK RESTORE_MARK CONTINUE ROUTE_IIF ROUTE_OIF ROUTE_GW ROUTE_TEE +// TO_SOURCE TO_DESTINATION TO_PORTS TO_NETMAP OPT_FRAGM MATCH_MARK MATCH_LIMIT +// MATCH_LIMIT_BURST MATCH_SRC_MULTIPORT MATCH_SRC_MULTIPORT_SHORT MATCH_DST_MULTIPORT +// MATCH_DST_MULTIPORT_SHORT MATCH_ICMP_TYPE MATCH_SRC_PORT MATCH_SRC_PORT_SHORT +// MATCH_DST_PORT MATCH_DST_PORT_SHORT MATCH_SYN MATCH_TCP_FLAGS +const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgParser::_tokenSet_7(_tokenSet_7_data_,8); +const unsigned long IPTCfgParser::_tokenSet_8_data_[] = { 4290429426UL, 1140850687UL, 67108862UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// EOF NEWLINE LINE_COMMENT "COMMIT" STAR WORD COLON MINUS INT_CONST ADD_RULE +// UNSUPPORTED_OPTION DIGIT OPT_MODULE OPT_SRC EXCLAMATION IPV4 OPT_DST +// OPT_IN_INTF OPT_OUT_INTF "tcp" "udp" "icmp" OPT_PROTO OPT_TARGET REJECT_WITH +// LOG_PREFIX STRING LOG_TCP_SEQ LOG_TCP_OPT LOG_IP_OPT ULOG_PREFIX LOG_LEVEL +// SET_MARK SET_TOS HEX_CONST SAVE_MARK RESTORE_MARK CONTINUE ROUTE_IIF +// ROUTE_OIF ROUTE_GW ROUTE_TEE TO_SOURCE TO_DESTINATION TO_PORTS TO_NETMAP +// OPT_FRAGM "state" "mark" MATCH_MARK "limit" MATCH_LIMIT MATCH_LIMIT_BURST +// "multiport" MATCH_SRC_MULTIPORT MATCH_SRC_MULTIPORT_SHORT MATCH_DST_MULTIPORT +// MATCH_DST_MULTIPORT_SHORT MATCH_ICMP_TYPE MATCH_SRC_PORT MATCH_SRC_PORT_SHORT +// MATCH_DST_PORT MATCH_DST_PORT_SHORT MATCH_SYN "SYN" "ACK" "FIN" "RST" +// "URG" "PSH" "ALL" "NONE" MATCH_TCP_FLAGS +const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgParser::_tokenSet_8(_tokenSet_8_data_,8); +const unsigned long IPTCfgParser::_tokenSet_9_data_[] = { 999325712UL, 33554438UL, 33685429UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE MINUS UNSUPPORTED_OPTION OPT_MODULE OPT_SRC EXCLAMATION OPT_DST +// OPT_IN_INTF OPT_OUT_INTF OPT_PROTO OPT_TARGET OPT_FRAGM COMMA MATCH_MARK +// MATCH_LIMIT MATCH_LIMIT_BURST MATCH_SRC_MULTIPORT MATCH_SRC_MULTIPORT_SHORT +// MATCH_DST_MULTIPORT MATCH_DST_MULTIPORT_SHORT MATCH_ICMP_TYPE MATCH_SRC_PORT +// MATCH_SRC_PORT_SHORT MATCH_DST_PORT MATCH_DST_PORT_SHORT MATCH_SYN MATCH_TCP_FLAGS +const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgParser::_tokenSet_9(_tokenSet_9_data_,8); +const unsigned long IPTCfgParser::_tokenSet_10_data_[] = { 999325712UL, 33554438UL, 67108789UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE MINUS UNSUPPORTED_OPTION OPT_MODULE OPT_SRC EXCLAMATION OPT_DST +// OPT_IN_INTF OPT_OUT_INTF OPT_PROTO OPT_TARGET OPT_FRAGM COMMA MATCH_MARK +// MATCH_LIMIT MATCH_LIMIT_BURST MATCH_SRC_MULTIPORT MATCH_SRC_MULTIPORT_SHORT +// MATCH_DST_MULTIPORT MATCH_DST_MULTIPORT_SHORT MATCH_ICMP_TYPE MATCH_SRC_PORT +// MATCH_SRC_PORT_SHORT MATCH_DST_PORT MATCH_DST_PORT_SHORT MATCH_SYN "SYN" +// "ACK" "FIN" "RST" "URG" "PSH" "ALL" "NONE" MATCH_TCP_FLAGS +const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgParser::_tokenSet_10(_tokenSet_10_data_,8); +const unsigned long IPTCfgParser::_tokenSet_11_data_[] = { 999325712UL, 33554438UL, 67108788UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE MINUS UNSUPPORTED_OPTION OPT_MODULE OPT_SRC EXCLAMATION OPT_DST +// OPT_IN_INTF OPT_OUT_INTF OPT_PROTO OPT_TARGET OPT_FRAGM MATCH_MARK MATCH_LIMIT +// MATCH_LIMIT_BURST MATCH_SRC_MULTIPORT MATCH_SRC_MULTIPORT_SHORT MATCH_DST_MULTIPORT +// MATCH_DST_MULTIPORT_SHORT MATCH_ICMP_TYPE MATCH_SRC_PORT MATCH_SRC_PORT_SHORT +// MATCH_DST_PORT MATCH_DST_PORT_SHORT MATCH_SYN "SYN" "ACK" "FIN" "RST" +// "URG" "PSH" "ALL" "NONE" MATCH_TCP_FLAGS +const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgParser::_tokenSet_11(_tokenSet_11_data_,8); + + diff --git a/src/parsers/IPTCfgParser.hpp b/src/parsers/IPTCfgParser.hpp new file mode 100644 index 000000000..758e1533f --- /dev/null +++ b/src/parsers/IPTCfgParser.hpp @@ -0,0 +1,159 @@ +#ifndef INC_IPTCfgParser_hpp_ +#define INC_IPTCfgParser_hpp_ + +#line 27 "iptables.g" + + // gets inserted before antlr generated includes in the header + // file + +#line 10 "IPTCfgParser.hpp" +#include +/* $ANTLR 2.7.4: "iptables.g" -> "IPTCfgParser.hpp"$ */ +#include +#include +#include "IPTCfgParserTokenTypes.hpp" +#include + +#line 32 "iptables.g" + + // gets inserted after antlr generated includes in the header file + // outside any generated namespace specifications + +#include + +class IPTImporter; + +#line 27 "IPTCfgParser.hpp" +#line 62 "iptables.g" + + // gets inserted after generated namespace specifications in the + // header file. But outside the generated class. + +#line 33 "IPTCfgParser.hpp" +class CUSTOM_API IPTCfgParser : public ANTLR_USE_NAMESPACE(antlr)LLkParser, public IPTCfgParserTokenTypes +{ +#line 79 "iptables.g" + +// additional methods and members + + public: + + std::ostream *dbg; + IPTImporter *importer; +#line 37 "IPTCfgParser.hpp" +public: + void initializeASTFactory( ANTLR_USE_NAMESPACE(antlr)ASTFactory& factory ); +protected: + IPTCfgParser(ANTLR_USE_NAMESPACE(antlr)TokenBuffer& tokenBuf, int k); +public: + IPTCfgParser(ANTLR_USE_NAMESPACE(antlr)TokenBuffer& tokenBuf); +protected: + IPTCfgParser(ANTLR_USE_NAMESPACE(antlr)TokenStream& lexer, int k); +public: + IPTCfgParser(ANTLR_USE_NAMESPACE(antlr)TokenStream& lexer); + IPTCfgParser(const ANTLR_USE_NAMESPACE(antlr)ParserSharedInputState& state); + int getNumTokens() const + { + return IPTCfgParser::NUM_TOKENS; + } + const char* getTokenName( int type ) const + { + if( type > getNumTokens() ) return 0; + return IPTCfgParser::tokenNames[type]; + } + const char* const* getTokenNames() const + { + return IPTCfgParser::tokenNames; + } + public: void cfgfile(); + public: void comment(); + public: void start_table(); + public: void create_chain(); + public: void add_rule(); + public: void commit(); + public: void chain_def(); + public: void ipt_option(); + public: void module(); + public: void src(); + public: void dst(); + public: void i_intf(); + public: void o_intf(); + public: void proto(); + public: void target(); + public: void fragm(); + public: void icmp_type_spec(); + public: void basic_tcp_udp_port_spec(); + public: void multiport_tcp_udp_port_spec(); + public: void tcp_options(); + public: void match_mark(); + public: void match_limit(); + public: void match_limit_burst(); + public: void unknown_option(); + public: void unknown_parameter(); + public: void m_state(); + public: void m_mport(); + public: void m_icmp(); + public: void m_tcp(); + public: void m_udp(); + public: void m_mark(); + public: void m_limit(); + public: void m_unknown_module(); + public: void protocol_word(); + public: void target_options(); + public: void nat_spec(); + public: void redirect_spec(); + public: void nat_addr_range(); + public: void nat_port_def_with_range(); + public: void state_word(); + public: void limit_rate(); + public: void port_def_no_range(); + public: void port_def_with_range(); + public: void syn(); + public: void tcp_flags(); + public: void tcp_flag_word(); + public: void tcp_flags_list(); +public: + ANTLR_USE_NAMESPACE(antlr)RefAST getAST() + { + return returnAST; + } + +protected: + ANTLR_USE_NAMESPACE(antlr)RefAST returnAST; +private: + static const char* tokenNames[]; +#ifndef NO_STATIC_CONSTS + static const int NUM_TOKENS = 119; +#else + enum { + NUM_TOKENS = 119 + }; +#endif + + static const unsigned long _tokenSet_0_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_0; + static const unsigned long _tokenSet_1_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_1; + static const unsigned long _tokenSet_2_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_2; + static const unsigned long _tokenSet_3_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_3; + static const unsigned long _tokenSet_4_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_4; + static const unsigned long _tokenSet_5_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_5; + static const unsigned long _tokenSet_6_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_6; + static const unsigned long _tokenSet_7_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_7; + static const unsigned long _tokenSet_8_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_8; + static const unsigned long _tokenSet_9_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_9; + static const unsigned long _tokenSet_10_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_10; + static const unsigned long _tokenSet_11_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_11; +}; + +#endif /*INC_IPTCfgParser_hpp_*/ diff --git a/src/parsers/IPTCfgParserTokenTypes.hpp b/src/parsers/IPTCfgParserTokenTypes.hpp new file mode 100644 index 000000000..2b69418f1 --- /dev/null +++ b/src/parsers/IPTCfgParserTokenTypes.hpp @@ -0,0 +1,135 @@ +#ifndef INC_IPTCfgParserTokenTypes_hpp_ +#define INC_IPTCfgParserTokenTypes_hpp_ + +/* $ANTLR 2.7.4: "iptables.g" -> "IPTCfgParserTokenTypes.hpp"$ */ + +#ifndef CUSTOM_API +# define CUSTOM_API +#endif + +#ifdef __cplusplus +struct CUSTOM_API IPTCfgParserTokenTypes { +#endif + enum { + EOF_ = 1, + NEWLINE = 4, + LINE_COMMENT = 5, + COMMIT = 6, + STAR = 7, + WORD = 8, + INPUT = 9, + FORWARD = 10, + OUTPUT = 11, + PREROUTING = 12, + POSTROUTING = 13, + COLON = 14, + MINUS = 15, + OPENING_SQUARE = 16, + INT_CONST = 17, + CLOSING_SQUARE = 18, + ADD_RULE = 19, + UNSUPPORTED_OPTION = 20, + DIGIT = 21, + SLASH = 22, + OPT_MODULE = 23, + OPT_SRC = 24, + EXCLAMATION = 25, + IPV4 = 26, + OPT_DST = 27, + OPT_IN_INTF = 28, + OPT_OUT_INTF = 29, + TCP = 30, + UDP = 31, + ICMP = 32, + OPT_PROTO = 33, + OPT_TARGET = 34, + REJECT_WITH = 35, + LOG_PREFIX = 36, + STRING = 37, + LOG_TCP_SEQ = 38, + LOG_TCP_OPT = 39, + LOG_IP_OPT = 40, + ULOG_PREFIX = 41, + LOG_LEVEL = 42, + SET_MARK = 43, + SET_TOS = 44, + HEX_CONST = 45, + SAVE_MARK = 46, + RESTORE_MARK = 47, + CONTINUE = 48, + ROUTE_IIF = 49, + ROUTE_OIF = 50, + ROUTE_GW = 51, + ROUTE_TEE = 52, + TO_SOURCE = 53, + TO_DESTINATION = 54, + TO_PORTS = 55, + TO_NETMAP = 56, + OPT_FRAGM = 57, + INVALID = 58, + NEW = 59, + ESTABLISHED = 60, + RELATED = 61, + M_STATE = 62, + MATCH_STATE = 63, + COMMA = 64, + M_MARK = 65, + MATCH_MARK = 66, + M_LIMIT = 67, + MATCH_LIMIT = 68, + MATCH_LIMIT_BURST = 69, + M_MPORT = 70, + MATCH_SRC_MULTIPORT = 71, + MATCH_SRC_MULTIPORT_SHORT = 72, + MATCH_DST_MULTIPORT = 73, + MATCH_DST_MULTIPORT_SHORT = 74, + MATCH_ICMP_TYPE = 75, + MATCH_SRC_PORT = 76, + MATCH_SRC_PORT_SHORT = 77, + MATCH_DST_PORT = 78, + MATCH_DST_PORT_SHORT = 79, + MATCH_SYN = 80, + SYN = 81, + ACK = 82, + FIN = 83, + RST = 84, + URG = 85, + PSH = 86, + ALL = 87, + NONE = 88, + MATCH_TCP_FLAGS = 89, + Whitespace = 90, + NEG_INT_CONST = 91, + HEXDIGIT = 92, + NUMBER = 93, + SECONDS = 94, + SET = 95, + RSOURCE = 96, + ULOG_QTHR = 97, + ULOG_NLG = 98, + ULOG_CPR = 99, + NUMBER_SIGN = 100, + PERCENT = 101, + AMPERSAND = 102, + APOSTROPHE = 103, + OPENING_PAREN = 104, + CLOSING_PAREN = 105, + PLUS = 106, + DOT = 107, + SEMICOLON = 108, + LESS_THAN = 109, + EQUALS = 110, + GREATER_THAN = 111, + QUESTION = 112, + COMMERCIAL_AT = 113, + CARET = 114, + UNDERLINE = 115, + OPENING_BRACE = 116, + CLOSING_BRACE = 117, + TILDE = 118, + NULL_TREE_LOOKAHEAD = 3 + }; +#ifdef __cplusplus +}; +#endif +#endif /*INC_IPTCfgParserTokenTypes_hpp_*/ diff --git a/src/parsers/iosacl.g b/src/parsers/iosacl.g new file mode 100644 index 000000000..b5cc106c2 --- /dev/null +++ b/src/parsers/iosacl.g @@ -0,0 +1,723 @@ +/* + + Firewall Builder + + Copyright (C) 2007 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: iosacl.g 1392 2007-08-06 07:07:23Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +header "pre_include_hpp" +{ + // gets inserted before antlr generated includes in the header + // file +} +header "post_include_hpp" +{ + // gets inserted after antlr generated includes in the header file + // outside any generated namespace specifications + +#include + +class IOSImporter; +} + +header "pre_include_cpp" +{ + // gets inserted before the antlr generated includes in the cpp + // file +} + +header "post_include_cpp" +{ + // gets inserted after the antlr generated includes in the cpp + // file +#include +#include + +#include "../gui/IOSImporter.h" +} + +header +{ + // gets inserted after generated namespace specifications in the + // header file. But outside the generated class. +} + +options +{ + language="Cpp"; +} + + +class IOSCfgParser extends Parser; +options +{ + k = 2; +// defaultErrorHandler=false; +} +{ +// additional methods and members + + public: + + std::ostream *dbg; + IOSImporter *importer; +} + +cfgfile : + ( + comment + | + version + | + hostname + | + ip_commands + | + intrface + | + vlan + | + access_list_commands + | + exit + | + description + | + shutdown + | + unknown_command + | + NEWLINE + )+ + ; + +//**************************************************************** + +ip_commands : IP ( ip_access_list_ext | interface_known_ip_commands | unknown_command ) + ; + +//**************************************************************** +unknown_command : WORD + { + consumeUntil(NEWLINE); + } + ; + +//**************************************************************** +version : IOSVERSION v:NUMBER + { + *dbg << "VERSION " << v->getText() << std::endl; + } + ; + +//**************************************************************** +hostname : HOSTNAME ( STRING | WORD ) + { + importer->setHostName( LT(0)->getText() ); + *dbg << "HOSTNAME " + << "LT0=" << LT(0)->getText() + << std::endl; + } + ; + +//**************************************************************** +// note that permit_ext and deny_ext eat NEWLINE. This is necessary +// because the same parser rules are used for ip access-list commands, +// where they should work the same way as LINE_COMMENT which eats +// NEWLINE +// +access_list_commands : ACCESS_LIST acl_num:INT_CONST + { + importer->newUnidirRuleSet( std::string("acl_") + acl_num->getText() ); + *dbg << acl_num->getLine() << ":" + << " ACL #" << acl_num->getText() << " "; + } + ( + permit_std + | + deny_std + | + permit_ext + | + deny_ext + | + remark + ) + ; + +//**************************************************************** + +ip_access_list_ext : ACCESS_LIST EXTENDED name:WORD + { + importer->newUnidirRuleSet( name->getText() ); + *dbg << name->getLine() << ":" + << " ACL ext " << name->getText() << std::endl; + } + NEWLINE + ( + permit_ext + | + deny_ext + | + comment + | + remark + | + NEWLINE + )+ + { + *dbg << LT(0)->getLine() << ":" + << " ACL end" << std::endl << std::endl; + } + ; + +//**************************************************************** +permit_ext: PERMIT + { + importer->newPolicyRule(); + importer->action = "permit"; + *dbg << LT(1)->getLine() << ":" << " permit "; + } + rule_ext NEWLINE + { + importer->pushRule(); + } + ; + +deny_ext: DENY + { + importer->newPolicyRule(); + importer->action = "deny"; + *dbg << LT(1)->getLine() << ":" << " deny "; + } + rule_ext NEWLINE + { + importer->pushRule(); + } + ; + +//**************************************************************** +permit_std: PERMIT + { + importer->newPolicyRule(); + importer->action = "permit"; + *dbg << LT(1)->getLine() << ":" << " permit "; + } + rule_std NEWLINE + { + importer->pushRule(); + } + ; + +deny_std: DENY + { + importer->newPolicyRule(); + importer->action = "deny"; + *dbg << LT(1)->getLine() << ":" << " deny "; + } + rule_std NEWLINE + { + importer->pushRule(); + } + ; + +//**************************************************************** +// the difference between standard and extended acls should be in these rules +rule_ext : + ( + ip_protocols + hostaddr_ext { importer->SaveTmpAddrToSrc(); *dbg << "(src) "; } + hostaddr_ext { importer->SaveTmpAddrToDst(); *dbg << "(dst) "; } + (time_range)? + (fragments)? + (log)? + | + ICMP + { + importer->protocol = LT(0)->getText(); + *dbg << "protocol " << LT(0)->getText() << " "; + } + hostaddr_ext { importer->SaveTmpAddrToSrc(); *dbg << "(src) "; } + hostaddr_ext { importer->SaveTmpAddrToDst(); *dbg << "(dst) "; } + (icmp_spec)? + (time_range)? + (fragments)? + (log)? + | + (TCP|UDP) + { + importer->protocol = LT(0)->getText(); + *dbg << "protocol " << LT(0)->getText() << " "; + } + hostaddr_ext { importer->SaveTmpAddrToSrc(); *dbg << "(src) "; } + (xoperator { importer->SaveTmpPortToSrc(); } )? + hostaddr_ext { importer->SaveTmpAddrToDst(); *dbg << "(dst) "; } + (xoperator { importer->SaveTmpPortToDst(); } )? + (established)? + (time_range)? + (fragments)? + (log)? + ) + { + *dbg << std::endl; + } + ; + +//**************************************************************** +rule_std : + ( + hostaddr_std { importer->SaveTmpAddrToSrc(); *dbg << "(std) "; } + (log)? + ) + { + *dbg << std::endl; + } + ; + +//**************************************************************** +// ip_protocols : (IP | AHP | EIGRP | ESP | GRE | IGRP | IPINIP | NOS | OSPF | PCP | PIM ) +ip_protocols : (IP | WORD ) + { + importer->protocol = LT(0)->getText(); + *dbg << "protocol " << LT(0)->getText() << " "; + }; + +icmp_spec : + ( + (INT_CONST) => (icmp_type:INT_CONST icmp_code:INT_CONST) + { + importer->icmp_type = icmp_type->getText(); + importer->icmp_code = icmp_code->getText(); + importer->icmp_spec = ""; + *dbg << icmp_type->getText() << " " + << icmp_code->getText() << " "; + } + | + icmp_word:WORD + { + importer->icmp_spec = icmp_word->getText(); + *dbg << icmp_word->getText() << " "; + } + ) + ; + + +xoperator : single_port_op | port_range ; + +single_port_op : (P_EQ | P_GT | P_LT | P_NEQ ) + { + importer->tmp_port_op = LT(0)->getText(); + *dbg << LT(0)->getText() << " "; + } + port_spec + ; + +port_range : P_RANGE + { + importer->tmp_port_op = LT(0)->getText(); + *dbg << LT(0)->getText() << " "; + } + port_spec port_spec + ; + +port_spec : (WORD|INT_CONST) + { + importer->tmp_port_spec += (std::string(" ") + LT(0)->getText()); + *dbg << LT(0)->getText() << " "; + } + ; + +hostaddr_ext : + (HOST h:IPV4) + { + importer->tmp_a = h->getText(); + importer->tmp_nm = "0.0.0.0"; + *dbg << h->getText() << "/0.0.0.0"; + } + | + (a:IPV4 m:IPV4) + { + importer->tmp_a = a->getText(); + importer->tmp_nm = m->getText(); + *dbg << a->getText() << "/" << m->getText(); + } + | + ANY + { + importer->tmp_a = "0.0.0.0"; + importer->tmp_nm = "0.0.0.0"; + *dbg << "0.0.0.0/0.0.0.0"; + } + ; + +hostaddr_std : + (h:IPV4) + { + importer->tmp_a = h->getText(); + importer->tmp_nm = "0.0.0.0"; + *dbg << h->getText() << "/0.0.0.0"; + } + | + (a:IPV4 m:IPV4) + { + importer->tmp_a = a->getText(); + importer->tmp_nm = m->getText(); + *dbg << a->getText() << "/" << m->getText(); + } + | + ANY + { + importer->tmp_a = "0.0.0.0"; + importer->tmp_nm = "0.0.0.0"; + *dbg << "0.0.0.0/0.0.0.0"; + } + ; + +log : (LOG | LOG_INPUT) + { + importer->logging = true; + *dbg << "logging "; + } + ; + +established : ESTABLISHED + { + importer->established = true; + *dbg << "established "; + } + ; + +fragments : FRAGMENTS + { + importer->fragments = true; + *dbg << "fragments "; + } + ; + +time_range : TIME_RANGE tr_name:WORD + { + importer->time_range_name = tr_name->getText(); + *dbg << "time_range " << tr_name->getText() << " "; + } + ; + +//**************************************************************** +// Need this not because we parse "vlan" commands, but because +// "ip address" command may appear in the "vlan" context +// So we properly clear current_interface in the Importer class +// to let it know that it should ignore "ip address" that follows. +// +// Also, depending on the context, command "vlan" may have just +// one argument (vlan number) or more. So we need to consume +// all tokens until newline to accommodate for all possible formats. +// This works because we ignore all of them. +// +vlan : VLAN (WORD | INT_CONST ) + { + importer->clearCurrentInterface(); + consumeUntil(NEWLINE); + } + ; + +//**************************************************************** + +intrface : INTRFACE in:WORD + { + importer->newInterface( in->getText() ); + *dbg << in->getLine() << ":" + << " INTRFACE: " << in->getText() << std::endl; + } + NEWLINE + ; + +// interface description +// Use it for comment +description : DESCRIPTION + { + *dbg << LT(1)->getLine() << ":"; + std::string descr; + while (LA(1) != ANTLR_USE_NAMESPACE(antlr)Token::EOF_TYPE && LA(1) != NEWLINE) + { + descr += LT(1)->getText() + " "; + consume(); + } + importer->addInterfaceComment( descr ); + *dbg << " INTERFACE DESCRIPTION " << descr << std::endl; + //consumeUntil(NEWLINE); + } + ; + +// remark. According to the Cisco docs, can only be used +// within access list +// Use it for the current rule comment +remark : REMARK + { + *dbg << LT(1)->getLine() << ":"; + std::string rem; + while (LA(1) != ANTLR_USE_NAMESPACE(antlr)Token::EOF_TYPE && LA(1) != NEWLINE) + { + rem += LT(1)->getText() + " "; + consume(); + } + importer->addRuleComment( rem ); + *dbg << " REMARK " << rem << std::endl; + //consumeUntil(NEWLINE); + } + ; + +shutdown : SHUTDOWN + { + *dbg<< LT(1)->getLine() << ":" + << " INTERFACE SHUTDOWN " << std::endl; + } + ; + +interface_known_ip_commands : + ( + access_group_by_name + | + access_group_by_number + | + intf_address + ) NEWLINE ; + +// need this because "ospf", "bgp" and others are a known tokens +// (needed for protocol and ports in access lists) and "ip ospf" and +// similar are legit interface commands + +// ignore_interface_ip_commands : (BGP | OSPF | DHCP) +// { +// consumeUntil(NEWLINE); +// } +// ; + +access_group_by_name : ACCESS_GROUP acln:WORD dir:WORD + { + importer->setInterfaceAndDirectionForRuleSet( + acln->getText(), + "", + dir->getText() ); + *dbg << LT(1)->getLine() << ":" + << " INTRFACE: ACL '" << acln->getText() << "'" + << " " << dir->getText() << std::endl; + } + ; + +// for acess lists defined by numbers we add prefix "acl_" to the name +// Making sure this is done consistently in both "access-list NNN" +// and "ip access-group NNN" commands +access_group_by_number : ACCESS_GROUP acln:INT_CONST dir:WORD + { + importer->setInterfaceAndDirectionForRuleSet( + std::string("acl_") + acln->getText(), + "", + dir->getText() ); + *dbg << LT(1)->getLine() << ":" + << " INTRFACE: ACL '" << acln->getText() << "'" + << " " << dir->getText() << std::endl; + } + ; + +intf_address : ADDRESS a:IPV4 m:IPV4 (s:SECONDARY)? + { + importer->addInterfaceAddress(a->getText(), m->getText()); + *dbg << LT(1)->getLine() << ":" + << " INTRFACE ADDRESS: " << a->getText() + << "/" << m->getText() << " "; + if (s) + { + *dbg << s->getText(); + } + *dbg << std::endl; + } + ; + +//**************************************************************** + +exit: EXIT + ; + +comment : LINE_COMMENT ; + +// comment: COMMENT_START +// { +// *dbg << LT(1)->getLine() << ":"; +// std::string comm; +// while (LA(1) != ANTLR_USE_NAMESPACE(antlr)Token::EOF_TYPE && LA(1) != NEWLINE) +// { +// comm += LT(1)->getText() + " "; +// consume(); +// } +// importer->addInterfaceComment( comm ); +// *dbg << " COMMENT " << comm << std::endl; +// } +// ; + + +//**************************************************************** + +class IOSCfgLexer extends Lexer; +options { + k = 10; + // ASCII only + charVocabulary = '\3'..'\377'; +} + + +tokens +{ + EXIT = "exit"; + + IOSVERSION = "version"; + HOSTNAME = "hostname"; + + INTRFACE = "interface"; + DESCRIPTION = "description"; + REMARK = "remark"; + SHUTDOWN = "shutdown"; + + VLAN = "vlan"; + + ACCESS_LIST = "access-list"; + ACCESS_GROUP = "access-group"; + + ADDRESS = "address"; + SECONDARY = "secondary"; + + PERMIT = "permit"; + DENY = "deny"; + +// protocols for 'permit' and 'deny' commands + + IP = "ip"; + ICMP = "icmp"; + TCP = "tcp"; + UDP = "udp"; + +// AHP = "ahp"; +// EIGRP = "eigrp"; +// ESP = "esp"; +// GRE = "gre"; +// IGMP = "igmp"; +// IGRP = "igrp"; +// IPINIP = "ipinip"; +// NOS = "nos"; +// OSPF = "ospf"; +// PCP = "pcp"; +// PIM = "pim"; + + HOST = "host"; + ANY = "any"; + + P_EQ = "eq"; + P_GT = "gt"; + P_LT = "lt"; + P_NEQ = "neq"; + P_RANGE = "range"; + + LOG = "log"; + LOG_INPUT = "log-input"; + + ESTABLISHED = "established"; + FRAGMENTS = "fragments"; + TIME_RANGE = "time-range"; + + EXTENDED = "extended" ; + STANDARD = "standard" ; + +} + +LINE_COMMENT : "!" (~('\r' | '\n'))* NEWLINE ; + +Whitespace : ( '\003'..'\010' | '\t' | '\013' | '\f' | '\016'.. '\037' | '\177'..'\377' | ' ' ) + { _ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP; } ; + + +//COMMENT_START : '!' ; + +NEWLINE : ( "\r\n" | '\r' | '\n' ) { newline(); } ; + +protected +INT_CONST:; + +protected +HEX_CONST:; + +protected +NEG_INT_CONST:; + +protected +DIGIT : '0'..'9' ; + +protected +HEXDIGIT : '0'..'9' | 'A'..'F' ; + +NUMBER : + ( + ( (DIGIT)+ DOT (DIGIT)+ DOT (DIGIT)+ )=> ( (DIGIT)+ DOT (DIGIT)+ DOT (DIGIT)+ DOT (DIGIT)+ ) + { _ttype = IPV4; } + | + ( (DIGIT)+ DOT (DIGIT)+ )=> ( (DIGIT)+ DOT (DIGIT)+ ) + | + ( DIGIT )+ { _ttype = INT_CONST; } + | + ( '0' 'x' ( HEXDIGIT )+ ) { _ttype = HEX_CONST; } + ) + ; + +WORD : ( 'a'..'z' | 'A'..'Z' | '$' ) ( '!'..'/' | '0'..'9' | ':' | ';' | '<' | '=' | '>' | '?' | '@' | 'A'..'Z' | '\\' | '^' | '_' | '`' | 'a'..'z' )* + ; + +STRING : '"' (~'"')* '"'; + + + +NUMBER_SIGN : '#' ; +// DOLLAR : '$' ; +PERCENT : '%' ; +AMPERSAND : '&' ; +APOSTROPHE : '\'' ; +OPENING_PAREN : '(' ; +CLOSING_PAREN : ')' ; +STAR : '*' ; +PLUS : '+' ; +COMMA : ',' ; +MINUS : '-' ; +DOT : '.' ; +SLASH : '/' ; + +COLON : ':' ; +SEMICOLON : ';' ; +LESS_THAN : '<' ; +EQUALS : '=' ; +GREATER_THAN : '>' ; +QUESTION : '?' ; +COMMERCIAL_AT : '@' ; + +OPENING_SQUARE : '[' ; +CLOSING_SQUARE : ']' ; +CARET : '^' ; +UNDERLINE : '_' ; + +OPENING_BRACE : '{' ; +CLOSING_BRACE : '}' ; +TILDE : '~' ; + diff --git a/src/parsers/iptables.g b/src/parsers/iptables.g new file mode 100644 index 000000000..2e993ffcd --- /dev/null +++ b/src/parsers/iptables.g @@ -0,0 +1,1111 @@ +/* + + Firewall Builder + + Copyright (C) 2007 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: iptables.g 1392 2007-08-06 07:07:23Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +header "pre_include_hpp" +{ + // gets inserted before antlr generated includes in the header + // file +} +header "post_include_hpp" +{ + // gets inserted after antlr generated includes in the header file + // outside any generated namespace specifications + +#include + +class IPTImporter; +} + +header "pre_include_cpp" +{ + // gets inserted before the antlr generated includes in the cpp + // file +} + +header "post_include_cpp" +{ + // gets inserted after the antlr generated includes in the cpp + // file +#include +#include + +#include "../gui/IPTImporter.h" +#include "fwbuilder/TCPService.h" + +#include + +} + +header +{ + // gets inserted after generated namespace specifications in the + // header file. But outside the generated class. +} + +options +{ + language="Cpp"; +} + + +class IPTCfgParser extends Parser; +options +{ + k = 2; +// defaultErrorHandler=false; +} +{ +// additional methods and members + + public: + + std::ostream *dbg; + IPTImporter *importer; +} + +cfgfile : + ( + comment + | + start_table + | + create_chain + | + add_rule + | + commit + | + NEWLINE + )+ + ; + +//**************************************************************** + +comment : LINE_COMMENT ; + +//**************************************************************** + +commit : COMMIT + { + // push last rule + importer->pushRule(); + *dbg << " COMMIT" << std::endl; + // clear current table + importer->current_table = ""; + } + ; + +//**************************************************************** + +start_table : STAR WORD + { + importer->current_table = LT(0)->getText(); + *dbg << "TABLE " << LT(0)->getText() << std::endl; + } + ; + +//**************************************************************** +chain_def : (INPUT | FORWARD | OUTPUT | PREROUTING | POSTROUTING | WORD) + ; + +//**************************************************************** +// +// :INPUT DROP [2:104] +// :FORWARD DROP [0:0] +// :OUTPUT DROP [1:1492] +// :Cid4089E41E.0 - [0:0] +// :Cid45349B7222600.0 - [0:0] + +create_chain : COLON chain_def + { + importer->newUnidirRuleSet(LT(0)->getText()); + *dbg << "NEW CHAIN " << LT(0)->getText() << std::endl; + } + (WORD | MINUS) + (OPENING_SQUARE INT_CONST COLON INT_CONST CLOSING_SQUARE)? + ; + +//**************************************************************** + +add_rule : ADD_RULE chain_def + { + // push previous rule + *dbg << std::endl; + importer->pushRule(); + // start new one + if (importer->current_table=="nat") + importer->newNATRule(); + else + importer->newPolicyRule(); + importer->current_chain = LT(0)->getText(); + *dbg << "add_rule: line=" << LT(0)->getLine() + << " chain=" << LT(0)->getText(); + } + ( ipt_option )+ NEWLINE + ; + +//**************************************************************** +ipt_option : + ( + module + | + src + | + dst + | + i_intf + | + o_intf + | + proto + | + target + | + fragm + | + icmp_type_spec + | + basic_tcp_udp_port_spec + | + multiport_tcp_udp_port_spec + | + tcp_options + | + match_mark + | + match_limit + | + match_limit_burst + | + unknown_option + ) + ; + +//**************************************************************** +unknown_option : + ( + MINUS WORD + { + importer->markCurrentRuleBad( + std::string("Unknown option: -")+LT(0)->getText()); + *dbg << " UNKNOWN OPTION=-" << LT(0)->getText(); + } + (unknown_parameter)? + ) + | + ( + ( MINUS MINUS WORD ) + { + importer->markCurrentRuleBad( + std::string("Unknown option: --")+LT(0)->getText()); + *dbg << " UNKNOWN OPTION=--" << LT(0)->getText(); + } + (unknown_parameter)? + ) + | + ( + UNSUPPORTED_OPTION + { + importer->markCurrentRuleBad( + std::string("Unknown option: ")+LT(0)->getText()); + *dbg << " UNKNOWN OPTION=" << LT(0)->getText(); + } + (unknown_parameter)? + ) + ; + +unknown_parameter : + { std::string s; } + ( + ( + ( + DIGIT {s+=LT(0)->getText();} + | + INT_CONST {s+=LT(0)->getText();} + ) + SLASH {s+=LT(0)->getText();} + WORD {s+=LT(0)->getText();} + ) + { + importer->markCurrentRuleBad( + std::string("Unknown parameter: ")+s); + *dbg << " UNKNOWN PARMETER=" << s; + } + ) + | + ( + (DIGIT | INT_CONST | WORD) + { + importer->markCurrentRuleBad( + std::string("Unknown parameter: ")+LT(0)->getText()); + *dbg << " UNKNOWN PARMETER=" << LT(0)->getText(); + } + ) + ; + +//**************************************************************** + +module : OPT_MODULE ( m_state | m_mport | m_icmp | m_tcp | m_udp | m_mark | m_limit | m_unknown_module) + ; + +//**************************************************************** +src : OPT_SRC + { + *dbg << " SRC="; + } + ( + EXCLAMATION + { + importer->src_neg = true; + } + )? + ( (WORD | IPV4) + { + importer->src_a = LT(0)->getText(); + *dbg << LT(0)->getText(); + } + (SLASH (IPV4 | INT_CONST) + { + importer->src_nm = LT(0)->getText(); + *dbg << "/" << LT(0)->getText(); + } )? + ) + ; + +//**************************************************************** +dst : OPT_DST + { + *dbg << " DST="; + } + ( + EXCLAMATION + { + importer->dst_neg = true; + } + )? + ( (WORD | IPV4) + { + importer->dst_a = LT(0)->getText(); + *dbg << LT(0)->getText(); + } + (SLASH (IPV4 | INT_CONST) + { + importer->dst_nm = LT(0)->getText(); + *dbg << "/" << LT(0)->getText(); + } )? + ) + ; + +//**************************************************************** +i_intf : OPT_IN_INTF + ( + EXCLAMATION + { + importer->intf_neg = true; + } + )? + i:WORD + { + importer->i_intf = LT(0)->getText(); + *dbg << " I_INTF=" << i->getText(); + } + ; + +//**************************************************************** +o_intf : OPT_OUT_INTF + ( + EXCLAMATION + { + importer->intf_neg = true; + } + )? + i:WORD + { + importer->o_intf = LT(0)->getText(); + *dbg << " O_INTF=" << i->getText(); + } + ; + +//**************************************************************** +protocol_word : (TCP | UDP | ICMP | WORD | INT_CONST ) + ; + +proto : OPT_PROTO + ( + EXCLAMATION + { + importer->srv_neg = true; + } + )? + protocol_word + { + std::string tmp_s = LT(0)->getText(); + importer->protocol.resize(tmp_s.size()); + std::transform(tmp_s.begin(), + tmp_s.end(), + importer->protocol.begin(), + ::tolower); + *dbg << " PROTO=" << importer->protocol; + } + ; + +//**************************************************************** +target : OPT_TARGET t:WORD + { + importer->target = LT(0)->getText(); + *dbg << " TARGET=" << t->getText(); + } + ( target_options )* + ; + +//**************************************************************** +target_options : + ( + REJECT_WITH WORD + { + importer->action_params["reject_with"] = LT(0)->getText(); + *dbg << " REJECT WITH=" << LT(0)->getText(); + } + | + LOG_PREFIX (WORD | STRING) + { + importer->action_params["log_prefix"] = LT(0)->getText(); + *dbg << " LOG PREFIX=" << LT(0)->getText(); + } + | + LOG_TCP_SEQ + { + importer->action_params["log_tcp_seq"] = LT(0)->getText(); + *dbg << " LOG TCP SEQUENCE="; + } + | + LOG_TCP_OPT + { + importer->action_params["log_tcp_options"] = LT(0)->getText(); + *dbg << " LOG TCP OPTIONS="; + } + | + LOG_IP_OPT + { + importer->action_params["log_ip_options"] = LT(0)->getText(); + *dbg << " LOG IP OPTIONS="; + } + | + ULOG_PREFIX (WORD | STRING) + { + importer->action_params["log_prefix"] = LT(0)->getText(); + *dbg << " ULOG PREFIX=" << LT(0)->getText(); + } + | + LOG_LEVEL WORD + { + importer->action_params["log_level"] = LT(0)->getText(); + *dbg << " LOG LEVEL=" << LT(0)->getText(); + } + | + SET_MARK INT_CONST + { + importer->action_params["set_mark"] = LT(0)->getText(); + *dbg << " SET MARK=" << LT(0)->getText(); + } + | + SET_TOS HEX_CONST + { + *dbg << " SET TOS=" << LT(0)->getText() << "(unsupported)"; + } + | + SET_TOS WORD + { + *dbg << " SET TOS=" << LT(0)->getText() << "(unsupported)"; + } + | + SAVE_MARK + { + importer->action_params["connmark_save_mark"] = "--save-mark"; + *dbg << " SAVE MARK"; + } + | + RESTORE_MARK + { + importer->action_params["connmark_restore_mark"] = "--restore-mark"; + *dbg << " RESTORE MARK"; + } + | + CONTINUE + { + importer->action_params["route_continue"] = "--continue"; + *dbg << " CONTINUE"; + } + | + ROUTE_IIF WORD + { + importer->action_params["route_iif"] = LT(0)->getText(); + *dbg << " ROUTE_IIF=" << LT(0)->getText(); + } + | + ROUTE_OIF WORD + { + importer->action_params["route_oif"] = LT(0)->getText(); + *dbg << " ROUTE_OIF=" << LT(0)->getText(); + } + | + ROUTE_GW IPV4 + { + importer->action_params["route_gw"] = LT(0)->getText(); + *dbg << " ROUTE_GW=" << LT(0)->getText(); + } + | + ROUTE_TEE + { + importer->action_params["route_tee"] = "--tee"; + *dbg << " ROUTE_TEE"; + } + | + TO_SOURCE + { + *dbg << " TO-SOURCE"; + } + nat_spec + | + TO_DESTINATION + { + *dbg << " TO-DESTINATION"; + } + nat_spec + | + TO_PORTS redirect_spec + | + TO_NETMAP + { + *dbg << " TO-NETMAP"; + } + ( + IPV4 + { + importer->nat_addr1 = LT(0)->getText(); + importer->nat_addr2 = LT(0)->getText(); + *dbg << LT(0)->getText(); + } + SLASH (IPV4 | INT_CONST) + { + importer->nat_nm = LT(0)->getText(); + *dbg << "/" << LT(0)->getText(); + } + ) + ) + ; + +//**************************************************************** +nat_spec : + nat_addr_range + (COLON nat_port_def_with_range)? + { + *dbg << " " + << importer->nat_addr1 + << "-" + << importer->nat_addr2 + << ":" + << importer->nat_port_range_start + << "-" + << importer->nat_port_range_end; + } + ; + +//**************************************************************** +nat_addr_range : + IPV4 + { + importer->nat_port_range_start = ""; + importer->nat_port_range_end = ""; + importer->nat_addr1 = LT(0)->getText(); + importer->nat_addr2 = LT(0)->getText(); + } + ( + MINUS IPV4 { importer->nat_addr2 = LT(0)->getText(); } + )? + ; + +//**************************************************************** +redirect_spec : nat_port_def_with_range + { + *dbg << " TO-PORTS " + << importer->nat_addr1 + << "-" + << importer->nat_addr2 + << ":" + << importer->nat_port_range_start + << importer->nat_port_range_end; + } + ; + +//**************************************************************** +fragm : OPT_FRAGM + { + importer->fragments = true; + *dbg << " FRAGM"; + } + ; + +//**************************************************************** + +m_unknown_module : WORD + { + *dbg << " UNKNOWN MODULE=" << LT(0)->getText(); + importer->markCurrentRuleBad( + std::string("Unknown module: ")+LT(0)->getText()); + } + ; + +//**************************************************************** + +state_word : ( INVALID | NEW | ESTABLISHED | RELATED ) + ; + +m_state : M_STATE MATCH_STATE + { + importer->current_state = ""; + } + state_word + { + importer->current_state += LT(0)->getText(); + } + ( + COMMA state_word + { + importer->current_state += std::string(",") + LT(0)->getText(); + } + )? + { + *dbg << " STATE MATCH=" << importer->current_state; + } + + ; + +//**************************************************************** + +m_mark : M_MARK + { + *dbg << " MARK"; + } + ; + +//**************************************************************** + +match_mark : MATCH_MARK INT_CONST + { + importer->match_mark = LT(0)->getText(); + *dbg << " MATCH MARK " << LT(0)->getText(); + } + ; + +//**************************************************************** + +m_limit : M_LIMIT + { + *dbg << " LIMIT"; + } + ; + +//**************************************************************** + +match_limit : MATCH_LIMIT limit_rate + ; + +limit_rate : + INT_CONST { importer->limit_val = LT(0)->getText(); } + SLASH + WORD { importer->limit_suffix = LT(0)->getText(); } + { + *dbg << " MATCH LIMIT " + << importer->limit_val << "/" + << importer->limit_suffix; + } + ; + +match_limit_burst : MATCH_LIMIT_BURST INT_CONST + { + importer->limit_burst = LT(0)->getText(); + *dbg << " LIMIT BURST " << LT(0)->getText(); + } + ; + +//**************************************************************** + +m_mport : M_MPORT + { + *dbg << " MULTIPORT"; + } + ; + +//**************************************************************** + +multiport_tcp_udp_port_spec : + ( + ( (MATCH_SRC_MULTIPORT | MATCH_SRC_MULTIPORT_SHORT) + { + importer->startSrcMultiPort(); + *dbg << " SRC MULTIPORT="; + } + port_def_no_range + { + importer->pushTmpPortSpecToSrcPortList(); + } + ( COMMA port_def_no_range + { + importer->pushTmpPortSpecToSrcPortList(); + } )+ + ) + | + ( (MATCH_DST_MULTIPORT | MATCH_DST_MULTIPORT_SHORT) + { + importer->startDstMultiPort(); + *dbg << " DST MULTIPORT="; + } + port_def_no_range + { + importer->pushTmpPortSpecToDstPortList(); + } + ( COMMA port_def_no_range + { + importer->pushTmpPortSpecToDstPortList(); + } )+ + ) + ) + ; + +//**************************************************************** + +m_icmp : ICMP + { + importer->protocol = "icmp"; + *dbg << " ICMP"; + } + ; + +//**************************************************************** +icmp_type_spec : MATCH_ICMP_TYPE + ( + WORD + { + importer->icmp_spec = LT(0)->getText(); + *dbg << " ICMP_SPEC=" << LT(0)->getText(); + } + | + ( + INT_CONST + { + importer->icmp_type = LT(0)->getText(); + importer->icmp_code = "-1"; + *dbg << " ICMP_TYPE=" << LT(0)->getText(); + } + ( + SLASH INT_CONST + { + importer->icmp_code = LT(0)->getText(); + *dbg << " ICMP_CODE=" << LT(0)->getText(); + } + )? + ) + ) + ; + +//**************************************************************** +// port definition that does not allow for port range +port_def_no_range : (WORD|INT_CONST) + { + importer->tmp_port_range_start = LT(0)->getText(); + importer->tmp_port_range_end = LT(0)->getText(); + *dbg << " PORT=" << LT(0)->getText(); + } + ; + +//**************************************************************** +// port definition that allows for port range +port_def_with_range : + (WORD|INT_CONST) + { + importer->tmp_port_range_start = LT(0)->getText(); + importer->tmp_port_range_end = LT(0)->getText(); + *dbg << " PORT=" << LT(0)->getText(); + } + ( + COLON (WORD|INT_CONST) + { + importer->tmp_port_range_end = LT(0)->getText(); + *dbg << ":" << LT(0)->getText(); + } + )? + ; + +//**************************************************************** +// nat port definition that allows for port range +// (uses '-' instead of ':') +nat_port_def_with_range : + (WORD|INT_CONST) + { + importer->nat_port_range_start = LT(0)->getText(); + importer->nat_port_range_end = LT(0)->getText(); + *dbg << " PORT=" << LT(0)->getText(); + } + ( + MINUS (WORD|INT_CONST) + { + importer->nat_port_range_end = LT(0)->getText(); + *dbg << ":" << LT(0)->getText(); + } + )? + ; + +//**************************************************************** +basic_tcp_udp_port_spec : + (MATCH_SRC_PORT | MATCH_SRC_PORT_SHORT) + ( + EXCLAMATION + { + importer->srv_neg = true; + } + )? + port_def_with_range + { + importer->pushTmpPortSpecToSrcPortList(); + } + | + (MATCH_DST_PORT | MATCH_DST_PORT_SHORT) + ( + EXCLAMATION + { + importer->srv_neg = true; + } + )? + port_def_with_range + { + importer->pushTmpPortSpecToDstPortList(); + } + ; + + +//**************************************************************** + +m_udp : UDP + { + importer->protocol = "udp"; + *dbg << " UDP"; + } + ; + +//**************************************************************** + +m_tcp : TCP + { + importer->protocol = "tcp"; + *dbg << " TCP"; + } + ; + +//**************************************************************** +// tcp options can follow "-p tcp", the "-m tcp" seems to be optional, +// at least in the older versions of iptables + +tcp_options : ( syn | tcp_flags) + ; + +syn : ( + EXCLAMATION + { + importer->srv_neg = true; + } + )? + MATCH_SYN + { + importer->tcp_flags_mask.clear(); + importer->tcp_flags_mask.push_back(libfwbuilder::TCPService::SYN); + importer->tcp_flags_mask.push_back(libfwbuilder::TCPService::RST); + importer->tcp_flags_mask.push_back(libfwbuilder::TCPService::ACK); + + importer->tcp_flags_comp.clear(); + importer->tcp_flags_comp.push_back(libfwbuilder::TCPService::SYN); + } + ; + +tcp_flag_word : + ( + SYN { importer->tmp_tcp_flag_code = libfwbuilder::TCPService::SYN; } + | + ACK { importer->tmp_tcp_flag_code = libfwbuilder::TCPService::ACK; } + | + FIN { importer->tmp_tcp_flag_code = libfwbuilder::TCPService::FIN; } + | + RST { importer->tmp_tcp_flag_code = libfwbuilder::TCPService::RST; } + | + URG { importer->tmp_tcp_flag_code = libfwbuilder::TCPService::URG; } + | + PSH { importer->tmp_tcp_flag_code = libfwbuilder::TCPService::PSH; } + | + ALL { importer->tmp_tcp_flag_code = 99; } + | + NONE { importer->tmp_tcp_flag_code = 98; } + ) + ; + +tcp_flags_list : + { + importer->tmp_tcp_flags_list.clear(); + importer->tmp_tcp_flag_code = 0; + } + tcp_flag_word + { + importer->tmp_tcp_flags_list.push_back(importer->tmp_tcp_flag_code); + } + ( + COMMA tcp_flag_word + { + importer->tmp_tcp_flags_list.push_back( + importer->tmp_tcp_flag_code); + } + )* + ; + +tcp_flags : MATCH_TCP_FLAGS + tcp_flags_list + { + importer->tcp_flags_mask = importer->tmp_tcp_flags_list; + importer->tmp_tcp_flags_list.clear(); + } + tcp_flags_list + { + importer->tcp_flags_comp = importer->tmp_tcp_flags_list; + importer->tmp_tcp_flags_list.clear(); + *dbg << " TCP FLAGS="; + std::list::iterator i; + for (i=importer->tcp_flags_mask.begin(); + i!=importer->tcp_flags_mask.end(); ++i) + *dbg << *i << "|"; + *dbg << " "; + for (i=importer->tcp_flags_comp.begin(); + i!=importer->tcp_flags_comp.end(); ++i) + *dbg << *i << "|"; + } + ; + + +//**************************************************************** + + +class IPTCfgLexer extends Lexer; +options { + k = 20; + // ASCII only + charVocabulary = '\3'..'\377'; +} + + +tokens +{ + INPUT = "INPUT"; + FORWARD = "FORWARD"; + OUTPUT = "OUTPUT"; + PREROUTING = "PREROUTING"; + POSTROUTING = "POSTROUTING"; + + INVALID = "INVALID"; + NEW = "NEW"; + ESTABLISHED = "ESTABLISHED"; + RELATED = "RELATED"; + + COMMIT = "COMMIT"; + + M_STATE = "state"; + M_MPORT = "multiport"; + M_MARK = "mark"; + M_LIMIT = "limit" ; + + ICMP = "icmp"; + TCP = "tcp"; + UDP = "udp"; + + SYN = "SYN"; + ACK = "ACK"; + FIN = "FIN"; + RST = "RST"; + URG = "URG"; + PSH = "PSH"; + ALL = "ALL"; + NONE = "NONE"; + +} + +LINE_COMMENT : "#" (~('\r' | '\n'))* NEWLINE ; + +Whitespace : ( '\003'..'\010' | '\t' | '\013' | '\f' | '\016'.. '\037' | '\177'..'\377' | ' ' ) + { _ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP; } ; + +NEWLINE : ( "\r\n" | '\r' | '\n' ) { newline(); } ; + +protected +INT_CONST:; + +protected +HEX_CONST:; + +protected +NEG_INT_CONST:; + +protected +DIGIT : '0'..'9' ; + +protected +HEXDIGIT : '0'..'9' | 'A'..'F' ; + +NUMBER : + ( + ( (DIGIT)+ DOT (DIGIT)+ DOT (DIGIT)+ )=> ( (DIGIT)+ DOT (DIGIT)+ DOT (DIGIT)+ DOT (DIGIT)+ ) + { _ttype = IPV4; } + | + ( (DIGIT)+ DOT (DIGIT)+ )=> ( (DIGIT)+ DOT (DIGIT)+ ) + | + ( DIGIT )+ { _ttype = INT_CONST; } + | + ( '0' 'x' ( HEXDIGIT )+ ) { _ttype = HEX_CONST; } + ) + ; + +WORD : ( 'a'..'z' | 'A'..'Z' | '$' ) ( '!'..'+' | '-' | '.' | '/' | '0'..'9' | ':' | ';' | '<' | '=' | '>' | '?' | '@' | 'A'..'Z' | '^' | '_' | '`' | 'a'..'z' )* + ; + +STRING : '"' (~'"')* '"'; + +// ------------------------------------------------------------------------ +// I have to add these options even though I do not support them +// +protected +UNSUPPORTED_OPTION:; + +//"--seconds" confuses lexer because it interprets it as "-" "-s" "econds" +SECONDS : "--seconds" { _ttype = UNSUPPORTED_OPTION; }; + +//"--seconds" confuses lexer because it interprets it as "-" "-s" "econds" +SET : "--set" { _ttype = UNSUPPORTED_OPTION; }; + +// "--rsource" also confuses lexer which expects "--reject" +RSOURCE : "--rsource" { _ttype = UNSUPPORTED_OPTION; }; +// ------------------------------------------------------------------------ + +ADD_RULE : "-A" ; +MATCH_STATE : "--state" ; + +MATCH_SRC_MULTIPORT : "--source-ports" ; +MATCH_DST_MULTIPORT : "--destination-ports" ; + +MATCH_SRC_MULTIPORT_SHORT : "--sports" ; +MATCH_DST_MULTIPORT_SHORT : "--dports" ; + +MATCH_SRC_PORT : "--source-port" ; +MATCH_DST_PORT : "--destination-port" ; + +MATCH_SYN : "--syn" ; +MATCH_TCP_FLAGS : "--tcp-flags" ; + +MATCH_SRC_PORT_SHORT : "--sport" ; +MATCH_DST_PORT_SHORT : "--dport" ; + +MATCH_ICMP_TYPE : "--icmp-type" ; + +MATCH_MARK : "--mark" ; +MATCH_LIMIT : "--limit" ; +MATCH_LIMIT_BURST : "--limit-burst" ; + +// ---------------------------------------------------------------- +// target options +REJECT_WITH : "--reject-with" ; +SET_MARK : "--set-mark" ; +SAVE_MARK : "--save-mark" ; +RESTORE_MARK : "--restore-mark" ; +SET_TOS : "--set-tos" ; +CONTINUE : "--continue" ; +ROUTE_IIF : "--iif" ; +ROUTE_OIF : "--oif" ; +ROUTE_GW : "--gw" ; +ROUTE_TEE : "--tee" ; + +LOG_PREFIX : "--log-prefix" ; +LOG_LEVEL : "--log-level" ; +LOG_TCP_SEQ : "--log-tcp-sequence"; +LOG_TCP_OPT : "--log-tcp-options"; +LOG_IP_OPT : "--log-ip-options"; + +ULOG_PREFIX : "--ulog-prefix" ; +ULOG_QTHR : "--ulog-qthreshold" { _ttype = UNSUPPORTED_OPTION; }; +ULOG_NLG : "--ulog-nlgroup" { _ttype = UNSUPPORTED_OPTION; }; +ULOG_CPR : "--ulog-cprange" { _ttype = UNSUPPORTED_OPTION; }; + +TO_SOURCE : "--to-source" ; +TO_DESTINATION : "--to-destination" ; +TO_PORTS : "--to-ports" ; +TO_NETMAP : "--to" ; + +// ---------------------------------------------------------------- +// these are the basic iptables options, not too many really +OPT_MODULE : "-m" ; +OPT_SRC : "-s" ; +OPT_DST : "-d" ; +OPT_IN_INTF : "-i" ; +OPT_OUT_INTF : "-o" ; +OPT_PROTO : "-p" ; +OPT_TARGET : "-j" ; +OPT_FRAGM : "-f" ; + +EXCLAMATION : '!' ; + +NUMBER_SIGN : '#' ; +// DOLLAR : '$' ; +PERCENT : '%' ; +AMPERSAND : '&' ; +APOSTROPHE : '\'' ; +OPENING_PAREN : '(' ; +CLOSING_PAREN : ')' ; +STAR : '*' ; +PLUS : '+' ; +COMMA : ',' ; +MINUS : '-' ; +DOT : '.' ; +SLASH : '/' ; + +COLON : ':' ; +SEMICOLON : ';' ; +LESS_THAN : '<' ; +EQUALS : '=' ; +GREATER_THAN : '>' ; +QUESTION : '?' ; +COMMERCIAL_AT : '@' ; + +OPENING_SQUARE : '[' ; +CLOSING_SQUARE : ']' ; +CARET : '^' ; +UNDERLINE : '_' ; + +OPENING_BRACE : '{' ; +CLOSING_BRACE : '}' ; +TILDE : '~' ; + diff --git a/src/parsers/parsers.pro b/src/parsers/parsers.pro new file mode 100644 index 000000000..519ba77b0 --- /dev/null +++ b/src/parsers/parsers.pro @@ -0,0 +1,31 @@ +#-*- mode: makefile; tab-width: 4; -*- +# +include(../../qmake.inc) +# +TEMPLATE = lib +# +SOURCES = IOSCfgLexer.cpp \ + IOSCfgParser.cpp \ + IPTCfgLexer.cpp \ + IPTCfgParser.cpp + +HEADERS = ../../config.h \ + IOSCfgLexer.hpp \ + IOSCfgParser.hpp \ + IOSCfgParserTokenTypes.hpp \ + IPTCfgLexer.hpp \ + IPTCfgParser.hpp \ + IPTCfgParserTokenTypes.hpp \ + + +CONFIG += staticlib + +contains( HAVE_ANTLR_RUNTIME, 1 ) { + INCLUDEPATH += $$ANTLR_INCLUDEPATH + LIBS += $$ANTLR_LIBS + DEFINES += $$ANTLR_DEFINES +} + +TARGET = fwbparser + +INSTALLS -= target diff --git a/src/pf/.cvsignore b/src/pf/.cvsignore new file mode 100644 index 000000000..65ae5bcdd --- /dev/null +++ b/src/pf/.cvsignore @@ -0,0 +1,7 @@ +Makefile +.moc +.ui +*.app +*.fwb +*.tbl + diff --git a/src/pf/pf.cpp b/src/pf/pf.cpp new file mode 100644 index 000000000..39f178877 --- /dev/null +++ b/src/pf/pf.cpp @@ -0,0 +1,885 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: pf.cpp 1459 2007-12-15 05:56:12Z vk $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" + +#include + +#ifdef HAVE_LOCALE_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include + +#ifndef _WIN32 +# include +# include +#else +# include +# include +# include +#endif + +#include +#include +#include +#include +#include + +#include "PolicyCompiler_pf.h" +#include "NATCompiler_pf.h" +#include "TableFactory.h" +#include "Preprocessor_pf.h" + +#include "OSConfigurator_openbsd.h" +#include "OSConfigurator_freebsd.h" +#include "OSConfigurator_solaris.h" + +#include "fwbuilder/Resources.h" +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/XMLTools.h" +#include "fwbuilder/FWException.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/Policy.h" + +#ifdef HAVE_GETOPT_H + #include +#else + #ifdef _WIN32 + #include + #else + #include + #endif +#endif + +#include "../common/init.cpp" + +using namespace std; +using namespace libfwbuilder; +using namespace fwcompiler; + +int fwbdebug = 0; + +static const char *filename = NULL; +static const char *wdir = NULL; +static const char *fwobjectname = NULL; +static string fw_file_name = ""; +static string pf_file_name = ""; +static int dl = 0; +static int drp = -1; +static int drn = -1; +static int verbose = 0; +static bool test_mode = false; + +static map branches; +static map anchor_files; + +FWObjectDatabase *objdb = NULL; + +class UpgradePredicate: public XMLTools::UpgradePredicate +{ + public: + virtual bool operator()(const string &msg) const + { + cout << _("Data file has been created in the old version of Firewall Builder. Use fwbuilder GUI to convert it.") << endl; + return false; + } +}; + +// a functor to join list into a string with separator sep +class join : public std::unary_function +{ + std::string *result; + std::string separator; +public: + join(std::string *res, const std::string &s) + { result = res; separator = s; } + void operator()(std::string &s); +}; + +void join::operator()(std::string &s) +{ + if (!result->empty()) *result += separator; + *result += s; +} + +void usage(const char *name) +{ + cout << _("Firewall Builder: policy compiler for OpenBSD PF") << endl; + cout << _("Version ") << VERSION << RELEASE_NUM << endl; + cout << _("Usage: ") << name << " [-x] [-v] [-V] [-f filename.xml] [-o output.fw] [-d destdir] [-m] firewall_object_name" << endl; +} + + +string printTimeout(FWOptions* options, + const string &OnOffOption, + const string &ValOption, + const string &pfCode) +{ + std::ostringstream res; + if (options->getBool(OnOffOption) && options->getInt(ValOption)>0) + { + res << "set timeout " + << pfCode << " " << options->getInt(ValOption) << endl; + } + return res.str(); +} + +void printProlog(ofstream &file, const string &prolog_code) +{ + file << endl; + file << "#" << endl; + file << "# Prolog script" << endl; + file << "#" << endl; + file << prolog_code << endl; + file << "#" << endl; + file << "# End of prolog script" << endl; + file << "#" << endl; +} + +int main(int argc, char * const *argv) +{ + +#ifdef ENABLE_NLS + setlocale (LC_ALL, ""); + + bindtextdomain (PACKAGE, LOCALEDIR); + textdomain (PACKAGE); +#else +# ifdef HAVE_SETLOCALE + setlocale (LC_ALL, ""); +# endif +#endif + + + if (argc<=1) + { + usage(argv[0]); + exit(1); + } + + int opt; + + while( (opt=getopt(argc,argv,"x:vVf:d:r:o:")) != EOF ) + { + switch(opt) + { + case 'd': + wdir = strdup(optarg); + break; + case 'r': + respath = string(optarg); + break; + case 'f': + filename = strdup(optarg); + break; + case 'o': + fw_file_name = string(optarg); + break; + case 'x': + if (*optarg=='t') { + test_mode = true; + } else if (*optarg=='p') { + ++optarg; + drp = atoi(optarg); + } else { + if (*optarg=='n') { + ++optarg; + drn = atoi(optarg); + } else { + if (isdigit(*optarg)) dl=atoi(optarg); // increase debug level + else { + usage(argv[0]); + exit(1); + } + } + } + break; + case 'v': + verbose++; + break; + case 'V': + usage(argv[0]); + exit(1); + } + } + + if((argc-1) != optind) + { + usage(argv[0]); + exit(1); + } + + fwobjectname = strdup( argv[optind++] ); + + if (fw_file_name.empty()) + { + fw_file_name=string(fwobjectname)+".fw"; + pf_file_name=string(fwobjectname)+".conf"; + } else + { + string::size_type n = fw_file_name.rfind("."); + pf_file_name = fw_file_name; + pf_file_name.erase(n); + pf_file_name.append(".conf"); + } + + if (wdir==0) wdir="./"; + + if ( +#ifdef _WIN32 + _chdir(wdir) +#else + chdir(wdir) +#endif + ) { + cerr << _("Can't change to: ") << wdir << endl; + exit(1); + } + + init(argv); + + try + { + new Resources(respath+FS_SEPARATOR+"resources.xml"); + + /* create database */ + objdb = new FWObjectDatabase(); + + /* load the data file */ + UpgradePredicate upgrade_predicate; + + if (verbose) cout << _(" *** Loading data ..."); + + objdb->setReadOnly( false ); + objdb->load( sysfname, &upgrade_predicate, librespath); + objdb->setFileName(""); + FWObjectDatabase *ndb = new FWObjectDatabase(); + ndb->load(filename, &upgrade_predicate, librespath); + objdb->merge(ndb, NULL); + delete ndb; + objdb->setFileName(filename); + objdb->reIndex(); + +// objdb->load(filename, &upgrade_predicate, librespath); + if (verbose) cout << _(" done\n"); + + FWObject *slib = objdb->getById("syslib000"); + if ( slib->isReadOnly()) slib->setReadOnly(false); + + /* Review firewall and OS options and generate commands */ + Firewall* fw=objdb->findFirewallByName(fwobjectname); + + /* some initial sanity checks */ + list all_interfaces=fw->getByType(Interface::TYPENAME); + for (list::iterator i=all_interfaces.begin(); + i!=all_interfaces.end(); ++i) + { + Interface *iface=dynamic_cast(*i); + assert(iface); + + if ( iface->isDyn()) + { + list l3=iface->getByType(IPv4::TYPENAME); + if (l3.size()>0) + { + char errstr[256]; + for (list::iterator j=l3.begin(); j!=l3.end(); ++j) + if ( objdb->findAllReferences(*j).size()!=0 ) + { + sprintf(errstr, +_("Dynamic interface %s has an IP address that is used in the firewall policy rule.\n"), + iface->getName().c_str() ); + throw FWException(errstr); + } + + sprintf(errstr, +_("Dynamic interface %s should not have an IP address object attached to it. This IP address object will be ignored.\n"), + iface->getName().c_str() ); + cerr << errstr; + for (list::iterator j=l3.begin(); j!=l3.end(); ++j) + iface->remove(*j); + } + } else + { + + list la=iface->getByType(IPv4::TYPENAME); + if ( iface->isRegular() && la.empty() ) + { + char errstr[256]; + sprintf(errstr,_("Missing IP address for interface %s\n"), + iface->getName().c_str() ); + throw FWException(errstr); + } + + for (list::iterator j=la.begin(); j!=la.end(); ++j) + { + IPv4 *ipv4 = IPv4::cast(*j); + if ( ipv4->getAddress().toString()=="0.0.0.0") + { + char errstr[256]; + sprintf(errstr, + _("Interface %s has IP address \"0.0.0.0\".\n"), + iface->getName().c_str() ); + throw FWException(errstr); + } + } + } + + } + + + + + FWOptions* options=fw->getOptionsObject(); + string s; + + string firewall_dir=options->getStr("firewall_dir"); + if (firewall_dir=="") firewall_dir="/etc/fw"; + + string prolog_place = options->getStr("prolog_place"); + if (prolog_place.empty()) prolog_place = "fw_file"; // old default + string pre_hook= fw->getOptionsObject()->getStr("prolog_script"); + + bool debug=options->getBool("debug"); + string shell_dbg=(debug)?"-x":"" ; + string pfctl_dbg=(debug)?"-v ":""; + + string pfctl_f_option="-f "; +// if (fw->getStr("version")=="obsd_3.2") pfctl_f_option="-f "; + if (fw->getStr("version")=="obsd_lt_3.2") pfctl_f_option="-R "; + + Preprocessor_pf* prep=new Preprocessor_pf(objdb , fwobjectname); + prep->compile(); + +/* + * Process firewall options, build OS network configuration script + */ + OSConfigurator *oscnf=NULL; + string family=Resources::os_res[fw->getStr("host_OS")]->Resources::getResourceStr("/FWBuilderResources/Target/family"); + + if (family=="solaris") + oscnf=new OSConfigurator_solaris(objdb , fwobjectname); + + if (family=="openbsd") + oscnf=new OSConfigurator_openbsd(objdb , fwobjectname); + + if (family=="freebsd") + oscnf=new OSConfigurator_freebsd(objdb , fwobjectname); + + if (oscnf==NULL) + throw FWException(_("Unrecognized host OS ")+fw->getStr("host_OS")+" (family "+family+")"); + + oscnf->prolog(); + + // find branching rules and store names of the branches and + // pointers to corresponding rule sets + // + FWObject *policy = fw->getFirstByType(Policy::TYPENAME); + for (FWObject::iterator i=policy->begin(); i!=policy->end(); i++) + { + PolicyRule *rule = PolicyRule::cast(*i); + if (rule->getAction()==PolicyRule::Branch) + { + int parentRuleNum = rule->getPosition(); + RuleSet *subset = rule->getBranch(); + if (subset==NULL) + { + throw FWException( + _("Action 'Branch' but no branch policy in policy rule ") + +rule->getLabel()); + } + subset->setInt("parent_rule_num",parentRuleNum); + FWOptions *ropt = rule->getOptionsObject(); + string branchName = ropt->getStr("branch_name"); + branches[branchName] = subset; + subset->ref(); + rule->remove(subset); + } + } + + TableFactory *table_factory = new TableFactory(); + + NATCompiler_pf n( objdb, fwobjectname, oscnf, table_factory ); + + n.setDebugLevel( dl ); + n.setDebugRule( drn ); + n.setVerbose( verbose ); + if (test_mode) n.setTestMode(); + + bool have_nat=false; + if ( n.prolog() > 0 ) + { + have_nat=true; + + n.compile(); + n.epilog(); + } + + PolicyCompiler_pf c( objdb, fwobjectname, oscnf, &n, table_factory ); + + c.setDebugLevel( dl ); + c.setDebugRule( drp ); + c.setVerbose( verbose ); + if (test_mode) c.setTestMode(); + + bool have_pf=false; + if ( c.prolog() > 0 ) + { + have_pf=true; + + cout << " Compiling policy rules for " + << fwobjectname + << " ..." << endl << flush; + + c.compile(); + c.epilog(); + } + + +/* + * now write generated scripts to files + */ + + ofstream pf_file; + pf_file.exceptions(ofstream::eofbit|ofstream::failbit|ofstream::badbit); + +#ifdef _WIN32 + pf_file.open(pf_file_name.c_str(), ios::out|ios::binary); +#else + pf_file.open(pf_file_name.c_str()); +#endif + + if (prolog_place == "pf_file_top") + printProlog(pf_file, pre_hook); + + pf_file << endl; + + list limits; + if (options->getBool("pf_do_limit_frags") && + options->getInt("pf_limit_frags")>0 ) + limits.push_back(string("frags ") + + options->getStr("pf_limit_frags")); + + if (options->getBool("pf_do_limit_states") && + options->getInt("pf_limit_states")>0 ) + limits.push_back(string("states ") + + options->getStr("pf_limit_states")); + + if (options->getBool("pf_do_limit_src_nodes") && + options->getInt("pf_limit_src_nodes")>0 ) + limits.push_back(string("src-nodes ") + + options->getStr("pf_limit_src_nodes")); + + if (options->getBool("pf_do_limit_tables") && + options->getInt("pf_limit_tables")>0 ) + limits.push_back(string("tables ") + + options->getStr("pf_limit_tables")); + + if (options->getBool("pf_do_limit_table_entries") && + options->getInt("pf_limit_table_entries")>0 ) + limits.push_back(string("table-entries ") + + options->getStr("pf_limit_table_entries")); + + if (limits.size() > 0) + { + pf_file << "set limit "; + if (limits.size() > 1 ) pf_file << "{ "; + string all_limits; + for_each(limits.begin(), limits.end(), join( &all_limits, ", ")); + pf_file << all_limits; + if (limits.size() > 1 ) pf_file << " }"; + pf_file << endl; + } + + pf_file << printTimeout(options, + "pf_do_timeout_interval","pf_timeout_interval", + "interval"); + pf_file << printTimeout(options, + "pf_do_timeout_frag","pf_timeout_frag", + "frag"); + + pf_file << printTimeout(options, + "pf_set_tcp_first","pf_tcp_first", + "tcp.first" ); + pf_file << printTimeout(options, + "pf_set_tcp_opening","pf_tcp_opening", + "tcp.opening" ); + pf_file << printTimeout(options, + "pf_set_tcp_established","pf_tcp_established", + "tcp.established" ); + pf_file << printTimeout(options, + "pf_set_tcp_closing","pf_tcp_closing", + "tcp.closing" ); + pf_file << printTimeout(options, + "pf_set_tcp_finwait","pf_tcp_finwait", + "tcp.finwait" ); + pf_file << printTimeout(options, + "pf_set_tcp_closed","pf_tcp_closed", + "tcp.closed" ); + pf_file << printTimeout(options, + "pf_set_udp_first","pf_udp_first", + "udp.first" ); + pf_file << printTimeout(options, + "pf_set_udp_single","pf_udp_single", + "udp.single" ); + pf_file << printTimeout(options, + "pf_set_udp_multiple","pf_udp_multiple", + "udp.multiple" ); + pf_file << printTimeout(options, + "pf_set_icmp_first","pf_icmp_first", + "icmp.first" ); + pf_file << printTimeout(options, + "pf_set_icmp_error","pf_icmp_error", + "icmp.error" ); + pf_file << printTimeout(options, + "pf_set_other_first","pf_other_first", + "other.first" ); + pf_file << printTimeout(options, + "pf_set_other_single","pf_other_single", + "other.single" ); + pf_file << printTimeout(options, + "pf_set_other_multiple","pf_other_multiple", + "other.multiple" ); + + pf_file << printTimeout(options, + "pf_set_adaptive","pf_adaptive_start", + "adaptive.start" ); + pf_file << printTimeout(options, + "pf_set_adaptive","pf_adaptive_end", + "adaptive.end"); + + + + if ( ! options->getStr("pf_optimization").empty() ) + pf_file << "set optimization " + << options->getStr("pf_optimization") << endl; + + // check if any interface is marked as 'unprotected' + // and generate 'set skip on ' commands + + if (fw->getStr("version")=="ge_3.7" || + fw->getStr("version")=="4.x") + { + for (list::iterator i=all_interfaces.begin(); + i!=all_interfaces.end(); ++i) + { + Interface *iface=dynamic_cast(*i); + assert(iface); + + if ( iface->isUnprotected()) + pf_file << "set skip on " << iface->getName() << endl; + } + } + + pf_file << endl; + + if (prolog_place == "pf_file_after_set") + printProlog(pf_file, pre_hook); + + string scrub_options; + + if (options->getBool("pf_do_scrub")) + { + if (options->getBool("pf_scrub_reassemble")) + scrub_options+="fragment reassemble "; + else + { + if (options->getBool("pf_scrub_fragm_crop")) + scrub_options+="fragment crop "; + else + { + if (options->getBool("pf_scrub_fragm_drop_ovl")) + scrub_options+="fragment drop-ovl "; + } + } + } + + if (options->getBool("pf_scrub_no_df")) scrub_options+="no-df "; + + if (!scrub_options.empty()) + { + pf_file << "#" << endl; + pf_file << "# Scrub rules" << endl; + pf_file << "#" << endl; + pf_file << "scrub in all " << scrub_options << endl; + } + + scrub_options=""; + if (options->getBool("pf_scrub_random_id")) scrub_options+="random-id "; + if (options->getBool("pf_scrub_use_minttl")) scrub_options+="min-ttl " + options->getStr("pf_scrub_minttl") + " "; + if (options->getBool("pf_scrub_use_maxmss")) scrub_options+="max-mss " + options->getStr("pf_scrub_maxmss") + " "; + if (!scrub_options.empty()) + { + pf_file << "scrub out all " << scrub_options << endl; + } + pf_file << endl; + + if (prolog_place == "pf_file_after_scrub") + printProlog(pf_file, pre_hook); + + pf_file << table_factory->PrintTables(); + pf_file << endl; + + if (prolog_place == "pf_file_after_tables") + printProlog(pf_file, pre_hook); + + if (have_nat) pf_file << n.getCompiledScript(); + if (have_pf) pf_file << c.getCompiledScript(); + pf_file.close(); + + + // run policy compiler for each branch we have found in the + // ruleset and store the result in a separate .conf file + // + map::iterator bi; + for (bi=branches.begin(); bi!=branches.end(); ++bi) + { + table_factory = new TableFactory(); + + string branchName = bi->first; + RuleSet *subset = bi->second; + PolicyCompiler_pf c( objdb , fwobjectname , oscnf , &n, table_factory ); + c.setSourceRuleSet( subset ); + c.setRuleSetName(branchName); + + c.setDebugLevel( dl ); + c.setDebugRule( drp ); + c.setVerbose( verbose ); + if (test_mode) c.setTestMode(); + + if ( c.prolog() > 0 ) + { + cout << " Compiling rules for anchor " + << branchName + << " ..." << endl << flush; + + c.compile(); + c.epilog(); + + string anchor_file_name; + if (fw_file_name.empty()) + { + anchor_file_name=string(fwobjectname) + "-" + branchName + ".conf"; + } else + { + string::size_type n = fw_file_name.rfind("."); + anchor_file_name = fw_file_name; + anchor_file_name.erase(n); + anchor_file_name.append("-" + branchName + ".conf"); + } + anchor_files[branchName] = anchor_file_name; + + ofstream pf_file; + pf_file.exceptions(ofstream::eofbit|ofstream::failbit|ofstream::badbit); + +#ifdef _WIN32 + pf_file.open(anchor_file_name.c_str(), ios::out|ios::binary); +#else + pf_file.open(anchor_file_name.c_str()); +#endif + pf_file << endl; + pf_file << table_factory->PrintTables(); + pf_file << endl; + pf_file << c.getCompiledScript(); + pf_file.close(); + } + } + + + char *timestr; + time_t tm; + struct tm *stm; + + tm=time(NULL); + stm=localtime(&tm); + timestr=strdup(ctime(&tm)); + timestr[ strlen(timestr)-1 ]='\0'; + +#ifdef _WIN32 + char* user_name=getenv("USERNAME"); +#else + struct passwd *pwd=getpwuid(getuid()); + assert(pwd); + char *user_name=pwd->pw_name; +#endif + if (user_name==NULL) + { + user_name=getenv("LOGNAME"); + if (user_name==NULL) + { + cerr << _("Can't figure out your user name, aborting") << endl; + exit(1); + } + } + + ofstream fw_file; + fw_file.exceptions(ofstream::eofbit|ofstream::failbit|ofstream::badbit); + +#ifdef _WIN32 + fw_file.open(fw_file_name.c_str(), ios::out|ios::binary); +#else + fw_file.open(fw_file_name.c_str()); +#endif + fw_file << "#!/bin/sh " << shell_dbg << endl; + + fw_file << _("#\n\ +# This is automatically generated file. DO NOT MODIFY !\n\ +#\n\ +# Firewall Builder fwb_pf v") << VERSION << "-" << RELEASE_NUM << _(" \n\ +#\n\ +# Generated ") << timestr << " " << tzname[stm->tm_isdst] << _(" by ") + << user_name << "\n#\n"; + + fw_file << MANIFEST_MARKER << "* " << fw_file_name << endl; + fw_file << MANIFEST_MARKER << " " << pf_file_name << endl; + for (map::iterator i=anchor_files.begin(); + i!=anchor_files.end(); ++i) + fw_file << MANIFEST_MARKER << " " << i->second << endl; + + fw_file << "#" << endl; + fw_file << "#" << endl; + + string fwcomment=fw->getComment(); + string::size_type n1,n2; + n1=n2=0; + while ( (n2=fwcomment.find("\n",n1))!=string::npos ) + { + fw_file << "# " << fwcomment.substr(n1,n2-n1) << endl; + n1=n2+1; + } + fw_file << "# " << fwcomment.substr(n1) << endl; + fw_file << "#\n#\n#\n"; + + fw_file << "FWDIR=`dirname $0`" << endl << endl; + + fw_file << oscnf->getCompiledScript(); + + fw_file << endl; + + fw_file << "log '"; + fw_file << _("Activating firewall script generated ") + << timestr << " " << _(" by ") + << user_name; + fw_file << "'" << endl; + + fw_file << endl; + + + + + fw_file << endl + << "$PFCTL -d " << endl + << "$PFCTL -F nat" << endl + << "$PFCTL -F rules" << endl + << "$PFCTL -F Sources" << endl + << "$PFCTL -F Tables" << endl; + + if (prolog_place == "fw_file") + printProlog(fw_file, pre_hook); + + fw_file << endl; + + fw_file << "$PFCTL " << pfctl_dbg << pfctl_f_option + << "${FWDIR}/" << pf_file_name + << " || exit 1" + << endl; + + for (map::iterator i=anchor_files.begin(); + i!=anchor_files.end(); ++i) + fw_file << "$PFCTL " << pfctl_dbg + << "-a " << i->first << " " + << pfctl_f_option + << "${FWDIR}/" << i->second + << " || exit 1" + << endl; + + fw_file << "$PFCTL -e" + << " || exit 1" + << endl; + + fw_file << endl; + fw_file << "#" << endl; + fw_file << "# Epilog script" << endl; + fw_file << "#" << endl; + + string post_hook= fw->getOptionsObject()->getStr("epilog_script"); + fw_file << post_hook << endl; + + fw_file << endl; + fw_file << "# End of epilog script" << endl; + fw_file << "#" << endl; + + fw_file << endl; + fw_file.close(); + +#ifdef _WIN32 + _chmod(fw_file_name.c_str(),_S_IREAD|_S_IWRITE); +#else + chmod(fw_file_name.c_str(),S_IXUSR|S_IRUSR|S_IWUSR|S_IRGRP); +#endif + + cout << _(" Compiled successfully") << endl << flush; + + return 0; + + } catch(const FWException &ex) { + cerr << ex.toString() << endl; + return 1; +#if __GNUC__ >= 3 +/* need to check version because std::ios::failure does not seem to be + * supported in gcc 2.9.5 on FreeBSD 4.10 */ + } catch (const std::ios::failure &e) { + cerr << "Error while opening or writing to the output file" << endl; + return 1; +#endif + } catch (const std::string &s) { + cerr << s; + return 1; + } catch (const std::exception &ex) { + cerr << ex.what(); + return 1; + } catch (...) { + cerr << _("Unsupported exception"); + return 1; + } + +} + + + + + + + + + diff --git a/src/pf/pf.pro b/src/pf/pf.pro new file mode 100644 index 000000000..1e421129f --- /dev/null +++ b/src/pf/pf.pro @@ -0,0 +1,26 @@ +#-*- mode: makefile; tab-width: 4; -*- +# +include(../../qmake.inc) +# +SOURCES = pf.cpp + +HEADERS = ../../config.h \ + ../pflib/OSData.h \ + ../pflib/NATCompiler_pf.h \ + ../pflib/OSConfigurator_openbsd.h \ + ../pflib/PolicyCompiler_pf.h + + +QMAKE_COPY = ../../install.sh -m 0755 -s + + +win32:CONFIG += console + +INCLUDEPATH += "../pflib" + +win32:LIBS += $$PREFIX/fwbpf.lib +!win32:LIBS += ../pflib/libfwbpf.a + +LIBS += $$LIBS_FWCOMPILER + +TARGET = fwb_pf diff --git a/src/pflib/.cvsignore b/src/pflib/.cvsignore new file mode 100644 index 000000000..65ae5bcdd --- /dev/null +++ b/src/pflib/.cvsignore @@ -0,0 +1,7 @@ +Makefile +.moc +.ui +*.app +*.fwb +*.tbl + diff --git a/src/pflib/NATCompiler_ipf.cpp b/src/pflib/NATCompiler_ipf.cpp new file mode 100644 index 000000000..528620c50 --- /dev/null +++ b/src/pflib/NATCompiler_ipf.cpp @@ -0,0 +1,602 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: NATCompiler_ipf.cpp 1429 2007-10-10 16:05:37Z vk $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" + +#include "NATCompiler_ipf.h" + +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/NAT.h" +#include "fwbuilder/AddressRange.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/Host.h" +#include "fwbuilder/Network.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/AddressTable.h" + +#include + +#include + +using namespace libfwbuilder; +using namespace fwcompiler; +using namespace std; + +string NATCompiler_ipf::myPlatformName() { return "ipf"; } + + +int NATCompiler_ipf::prolog() +{ + + int n=NATCompiler_pf::prolog(); + + return n; +} + +bool NATCompiler_ipf::VerifyRules::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + tmp_queue.push_back(rule); + + RuleElementOSrc *osrc=rule->getOSrc(); assert(osrc); + RuleElementODst *odst=rule->getODst(); assert(odst); + RuleElementOSrv *osrv=rule->getOSrv(); assert(osrv); + + RuleElementTSrc *tsrc=rule->getTSrc(); assert(tsrc); + RuleElementTDst *tdst=rule->getTDst(); assert(tdst); + RuleElementTSrv *tsrv=rule->getTSrv(); assert(tsrv); + + if (rule->getRuleType()==NATRule::DNAT && odst->size()!=1) + throw FWException(_("There should be no more than one object in original destination in the rule ")+rule->getLabel()); + +// if (rule->getRuleType()==NATRule::SNAT && tsrc->size()!=1) +// throw FWException(_("There should be no more than one object in translated source in the rule ")+rule->getLabel()); + + if (rule->getRuleType()==NATRule::DNAT && osrv->isAny()) + throw FWException(_("Service must be specified for destination translation rule. Rule ")+rule->getLabel()); + + if (tsrv->size()!=1) + throw FWException(_("Translated service should be 'Original' or should contain single object. Rule: ")+rule->getLabel()); + + FWObject *o=tsrv->front(); + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + + if ( Group::cast(o)!=NULL) + throw FWException(_("Can not use group in translated service. Rule ")+rule->getLabel()); + +#if 0 + if (rule->getRuleType()==NATRule::SNAT ) + { + if ( tsrc->size()!=1) + throw FWException(_("There should be no more than one object in translated source in the rule ")+rule->getLabel()); + +// Address* o1=tsrc->getFirst(true); +// if ( ! tsrc->isAny() && Network::cast(o1)!=NULL) +// throw FWException(_("Can not use network object in translated source. Rule ")+rule->getLabel()); + } +#endif + + if (rule->getRuleType()==NATRule::SNetnat && !tsrc->isAny() ) { + Network *a1=Network::cast(compiler->getFirstOSrc(rule)); + Network *a2=Network::cast(compiler->getFirstTSrc(rule)); + if ( a1==NULL || a2==NULL || + a1->getNetmask().getLength()!=a2->getNetmask().getLength() ) + throw FWException(_("Original and translated source should both be networks of the same size . Rule ")+rule->getLabel()); + } + + if (rule->getRuleType()==NATRule::DNetnat && !tsrc->isAny() ) { + Network *a1=Network::cast(compiler->getFirstODst(rule)); + Network *a2=Network::cast(compiler->getFirstTDst(rule)); + if ( a1==NULL || a2==NULL || + a1->getNetmask().getLength()!=a2->getNetmask().getLength() ) + throw FWException(_("Original and translated destination should both be networks of the same size . Rule ")+rule->getLabel()); + } + + + + + if (osrc->getNeg() || odst->getNeg() || osrv->getNeg()) + throw FWException(_("Negation in NAT rules is not supported. Rule ")+rule->getLabel()); + +// if (rule->getRuleType()==NATRule::NONAT) +// throw FWException(_("Unsupported translation. Rule ")+rule->getLabel()); + + return true; +} + +bool NATCompiler_ipf::ExpandPortRange::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + Service *osrv=compiler->getFirstOSrv(rule); + + if (UDPService::isA(osrv) || TCPService::isA(osrv)) + { + int rs = osrv->getInt("dst_range_start"); + int re = osrv->getInt("dst_range_end"); + + int numPorts = re-rs+1; + if (numPorts==1) + { + tmp_queue.push_back(rule); + return true; + } + + if (numPorts > 20) + { + ostringstream ostr; + ostr << string("Rule ") << rule->getLabel() << " : " + << string("Expanding port range ") << osrv->getName() + << " creates " << numPorts << " rules"; + compiler->warning(ostr.str()); + } + + string newSrvType = TCPService::TYPENAME; + if (UDPService::isA(osrv)) newSrvType = UDPService::TYPENAME; + + for (int p=rs; p<=re; ++p) + { + NATRule *r = NATRule::cast( + compiler->dbcopy->create(NATRule::TYPENAME) ); + r->duplicate(rule); + + FWObject *newSrv = compiler->dbcopy->create(newSrvType); + newSrv->duplicate(osrv,true); + newSrv->setInt("dst_range_start",p); + newSrv->setInt("dst_range_end",p); + compiler->dbcopy->add(newSrv,false); + compiler->dbcopy->addToIndex(newSrv); + compiler->cacheObj(newSrv); + + RuleElementOSrv *nosrv = r->getOSrv(); + nosrv->clearChildren(); + nosrv->addRef(newSrv); + + compiler->temp_ruleset->add(r); + tmp_queue.push_back(r); + } + } else + { + tmp_queue.push_back(rule); + } + return true; +} + +bool NATCompiler_ipf::AssignInterface::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + Address *a=NULL; + + switch (rule->getRuleType() ) { + + case NATRule::Continue: + case NATRule::NONAT: + { +/* use heuristic to assign nonat rule to interfaces */ + Interface *iface; + + a=compiler->getFirstODst(rule); + iface=compiler->findInterfaceFor( compiler->getFirstODst(rule) , + compiler->fw); + if (iface!=NULL && !iface->isLoopback()) + { + rule->setInterfaceId( iface->getId() ); + tmp_queue.push_back( rule ); + return true; + } +/* slip into Redirect case to assign rule to all interfaces */ + } + + case NATRule::Redirect: + case NATRule::DNAT: + case NATRule::DNetnat: + case NATRule::LB: + { +/* + * we do not have network zones here, so our ability to pick right + * interfaces is rather limited. First, we try to find interface that + * is connected to the subnet OSrc belongs to. If that does not work, + * we assign rule to all interfaces, except loopback + */ + a=NULL; + if ( ! rule->getOSrc()->isAny() ) a=compiler->getFirstOSrc(rule); + if ( a==NULL && ! rule->getODst()->isAny() ) a=compiler->getFirstODst(rule); + + if(a!=NULL) + { + Interface *iface; + iface=compiler->findInterfaceFor(a,compiler->fw); + + if (iface!=NULL && !iface->isLoopback()) + { + rule->setInterfaceId( iface->getId() ); + tmp_queue.push_back(rule); + return true; + } + } + + FWObjectTypedChildIterator j=compiler->fw->findByType(Interface::TYPENAME); + for ( ; j!=j.end(); ++j ) + { + Interface *iface=Interface::cast(*j); + assert(iface); + if ( iface->isUnnumbered() || + iface->isBridgePort() || + iface->isLoopback()) continue; + + NATRule *r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) +); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setInterfaceId( iface->getId() ); + tmp_queue.push_back( r ); + } + return true; + } + + case NATRule::SNAT: + case NATRule::SNetnat: + { + a=compiler->getFirstTSrc(rule); + + if ( (Interface::isA(a) || IPv4::isA(a)) && a->isChildOf(compiler->fw)) + { + FWObject *p=a; + while ( ! Interface::isA(p) ) p=p->getParent(); + rule->setInterfaceId( p->getId() ); + tmp_queue.push_back(rule); + return true; + } + +/* if we appear here, then TSrc is not an interface or address of an + * interface. + */ + int n=0; + list l2=compiler->fw->getByType(Interface::TYPENAME); + for (list::iterator i=l2.begin(); i!=l2.end(); ++i) + { + Interface *iface=Interface::cast(*i); + assert(iface); + + if (iface->isLoopback() || + iface->isUnnumbered() || + iface->isBridgePort()) continue; + + NATRule *r = NATRule::cast( + compiler->dbcopy->create(NATRule::TYPENAME) ); + r->duplicate(rule); + compiler->temp_ruleset->add(r); + + r->setInterfaceId( iface->getId() ); + + tmp_queue.push_back(r); + n++; + } + if (n==0) tmp_queue.push_back(rule); + + return true; + } + default: ; + } + + throw FWException(_("Could not assign NAT rule to the interface. Perhaps one of the \n\ + objects has address which does not belong to any subnet the firewall has interface on. \n\ + Rule: ")+rule->getLabel()); + + return true; +} + + +bool NATCompiler_ipf::prepareForLB::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + if (rule->getRuleType()==NATRule::LB ) + { + RuleElementTDst *tdst=rule->getTDst(); assert(tdst); + if (tdst->size()>2) + { + std::vector cl; + for(list::iterator i=tdst->begin(); i!=tdst->end(); ++i) + { + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + + cl.push_back(o); + if (cl.size()==2) + { + NATRule *r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + RuleElementTDst *notdst=r->getTDst(); + notdst->clearChildren(); + notdst->addRef( cl[0] ); + notdst->addRef( cl[1] ); + cl.clear(); + tmp_queue.push_back( r ); + } + } + + if (cl.size()!=0) + { + NATRule *r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + RuleElementTDst *notdst=r->getTDst(); + notdst->clearChildren(); + notdst->addRef( cl[0] ); +// notdst->addRef( cl[1] ); + cl.clear(); + tmp_queue.push_back( r ); + } + + } else tmp_queue.push_back(rule); + } else tmp_queue.push_back(rule); + + return true; +} + +/* + * by now the rule should have already been assigned to interface. + * + * TODO: We should also take into account a situation when interface has + * multiple addresses... + */ +bool NATCompiler_ipf::RedirectRules::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + Interface *rule_iface= + Interface::cast( rule->getRoot()->getById(rule->getInterfaceId() ,true) ); + + tmp_queue.push_back(rule); + + RuleElementTDst *rel=rule->getTDst(); assert(rel); + Address *otdst=compiler->getFirstTDst(rule); + + if (rule->getRuleType()==NATRule::Redirect && rule_iface!=NULL && + otdst->getId()==compiler->fw->getId()) + { + rel->clearChildren(); + rel->addRef( rule_iface ); + } + + return true; +} + + +bool NATCompiler_ipf::appProxy::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + bool ftp_proxy = compiler->getCachedFwOpt()->getBool("ipf_nat_ftp_proxy"); + bool rcmd_proxy = compiler->getCachedFwOpt()->getBool("ipf_nat_rcmd_proxy"); + bool krcmd_proxy = compiler->getCachedFwOpt()->getBool("ipf_nat_krcmd_proxy"); + bool ekshell_proxy = compiler->getCachedFwOpt()->getBool("ipf_nat_ekshell_proxy"); + bool raudio_proxy = compiler->getCachedFwOpt()->getBool("ipf_nat_raudio_proxy"); + bool h323_proxy = compiler->getCachedFwOpt()->getBool("ipf_nat_h323_proxy"); + bool ipsec_proxy = compiler->getCachedFwOpt()->getBool("ipf_nat_ipsec_proxy"); + bool pptp_proxy = compiler->getCachedFwOpt()->getBool("ipf_nat_pptp_proxy"); + bool irc_proxy = compiler->getCachedFwOpt()->getBool("ipf_nat_irc_proxy"); + + char ipsec_proxy_str[64]; + char ftp_proxy_str[64]; + char rcmd_proxy_str[64]; + char krcmd_proxy_str[64]; + char ekshell_proxy_str[64]; + char raudio_proxy_str[64]; + char h323_proxy_str[64]; + char pptp_proxy_str[64]; + char irc_proxy_str[64]; + + sprintf(ipsec_proxy_str, "proxy port %d ipsec/udp ", ISAKMP_PORT); + sprintf(ftp_proxy_str, "proxy port %d ftp/tcp ", FTP_PORT); + sprintf(rcmd_proxy_str, "proxy port %d rcmd/tcp ", RCMD_PORT); + sprintf(krcmd_proxy_str, "proxy port %d rcmd/tcp ", KRCMD_PORT); + sprintf(ekshell_proxy_str,"proxy port %d rcmd/tcp ", EKSHELL_PORT); + sprintf(raudio_proxy_str, "proxy port %d raudio/tcp ", RAUDIO_PORT); + sprintf(h323_proxy_str, "proxy port %d h323/tcp ", H323_PORT); + sprintf(pptp_proxy_str, "proxy port %d pptp/tcp ", PPTP_PORT); + sprintf(irc_proxy_str, "proxy port %d irc/tcp ", IRC_PORT); + + + if (rule->getRuleType()==NATRule::SNAT || + rule->getRuleType()==NATRule::NONAT) + { + Service *osrv=compiler->getFirstOSrv(rule); + + if (UDPService::isA(osrv)) + { + UDPService *s=UDPService::cast(osrv); + if (ipsec_proxy && + s->getInt("dst_range_start")==ISAKMP_PORT && s->getInt("dst_range_end")==ISAKMP_PORT) + rule->setStr("nat_rule_proxy",ipsec_proxy_str); + } + + if (TCPService::isA(osrv)) + { + TCPService *s=TCPService::cast(osrv); + if (ftp_proxy && + s->getInt("dst_range_start")==FTP_PORT && s->getInt("dst_range_end")==FTP_PORT ) + rule->setStr("nat_rule_proxy",ftp_proxy_str); + + if (rcmd_proxy && + s->getInt("dst_range_start")==RCMD_PORT && s->getInt("dst_range_end")==RCMD_PORT ) + rule->setStr("nat_rule_proxy",rcmd_proxy_str); + + if (krcmd_proxy && + s->getInt("dst_range_start")==KRCMD_PORT && s->getInt("dst_range_end")==KRCMD_PORT ) + rule->setStr("nat_rule_proxy",krcmd_proxy_str); + + if (ekshell_proxy && + s->getInt("dst_range_start")==EKSHELL_PORT && s->getInt("dst_range_end")==EKSHELL_PORT ) + rule->setStr("nat_rule_proxy",ekshell_proxy_str); + + if (raudio_proxy && + s->getInt("dst_range_start")==RAUDIO_PORT && s->getInt("dst_range_end")==RAUDIO_PORT ) + rule->setStr("nat_rule_proxy",raudio_proxy_str); + + if (h323_proxy && + s->getInt("dst_range_start")==H323_PORT && s->getInt("dst_range_end")==H323_PORT ) + rule->setStr("nat_rule_proxy",h323_proxy_str); + + if (pptp_proxy && + s->getInt("dst_range_start")==PPTP_PORT && s->getInt("dst_range_end")==PPTP_PORT ) + rule->setStr("nat_rule_proxy",pptp_proxy_str); + + if (irc_proxy && + s->getInt("dst_range_start")==IRC_PORT && s->getInt("dst_range_end")==IRC_PORT ) + rule->setStr("nat_rule_proxy",irc_proxy_str); + } + } + tmp_queue.push_back(rule); + + return true; +} + +bool NATCompiler_ipf::expandAnyService::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + RuleElementOSrv *srv=rule->getOSrv(); + + if (rule->getRuleType()==NATRule::SNAT && srv->isAny()) + { + NATRule *r= NATRule::cast( + compiler->dbcopy->create(NATRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setBool("needs_portmap",true); + tmp_queue.push_back(r); + } + tmp_queue.push_back(rule); + + return true; +} + +bool NATCompiler_ipf::processMultiAddressObjectsInRE::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + RuleElement *re=RuleElement::cast( rule->getFirstByType(re_type) ); + + for (FWObject::iterator i=re->begin(); i!=re->end(); i++) + { + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + MultiAddressRunTime *atrt = MultiAddressRunTime::cast(o); + if (atrt!=NULL && atrt->getSubstitutionTypeName()==AddressTable::TYPENAME) + compiler->abort("Run-time AddressTable objects are not supported. Rule " + rule->getLabel()); + } + + tmp_queue.push_back(rule); + return true; +} + + +void NATCompiler_ipf::compile() +{ + bool manage_virtual_addr=getCachedFwOpt()->getBool("manage_virtual_addr"); + + cout << _(" Compiling NAT rules for ") << fw->getName() << " ..." << endl << flush; + + try { + + Compiler::compile(); + + add( new Begin()); + add( new printTotalNumberOfRules() ); + + add( new recursiveGroupsInOSrc( "check for recursive groups in OSRC" ) ); + add( new recursiveGroupsInODst( "check for recursive groups in ODST" ) ); + add( new recursiveGroupsInOSrv( "check for recursive groups in OSRV" ) ); + + add( new recursiveGroupsInTSrc( "check for recursive groups in TSRC" ) ); + add( new recursiveGroupsInTDst( "check for recursive groups in TDST" ) ); + add( new recursiveGroupsInTSrv( "check for recursive groups in TSRV" ) ); + + add( new emptyGroupsInOSrc( "check for empty groups in OSRC" ) ); + add( new emptyGroupsInODst( "check for empty groups in ODST" ) ); + add( new emptyGroupsInOSrv( "check for empty groups in OSRV" ) ); + + add( new emptyGroupsInTSrc( "check for empty groups in TSRC" ) ); + add( new emptyGroupsInTDst( "check for empty groups in TDST" ) ); + add( new emptyGroupsInTSrv( "check for empty groups in TSRV" ) ); + + add( new ExpandGroups( "expand groups" ) ); + add( new eliminateDuplicatesInOSRC( "eliminate duplicates in OSRC" ) ); + add( new eliminateDuplicatesInODST( "eliminate duplicates in ODST" ) ); + add( new eliminateDuplicatesInOSRV( "eliminate duplicates in OSRV" ) ); + + add( new swapMultiAddressObjectsInOSrc(" swap MultiAddress -> MultiAddressRunTime in OSrc") ); + add( new swapMultiAddressObjectsInODst(" swap MultiAddress -> MultiAddressRunTime in ODst") ); + + add( new processMultiAddressObjectsInOSrc("process MultiAddress objects in OSrc") ); + add( new processMultiAddressObjectsInODst("process MultiAddress objects in ODst") ); + + add( new splitOnOSrv( "split rule on original service" ) ); + add( new ExpandPortRange("expand port ranges") ); + add( new fillTranslatedSrv( "fill translated service" ) ); + add( new NATRuleType( "determine NAT rule types" ) ); + add( new VerifyRules( "verify NAT rules" ) ); + add( new splitODstForSNAT("split rule if objects in ODst belong to different subnets" ) ); + add( new ReplaceFirewallObjectsODst( "replace references to the firewall in ODst" ) ); + add( new ReplaceFirewallObjectsTSrc( "replace references to the firewall in TSrc" ) ); + + if ( manage_virtual_addr ) { + add( new addVirtualAddress( "add virtual addresses for NAT rules" ) ); + } + + add( new ExpandMultipleAddresses( "expand multiple addresses" ) ); + add( new checkForUnnumbered( "check for unnumbered interfaces" ) ); + add( new checkForDynamicInterfacesOfOtherObjects( "check for dynamic interfaces of other hosts and firewalls" ) ); + add( new ExpandAddressRanges( "expand address range objects" ) ); + add( new ConvertToAtomicForOriginal( "convert to atomic rules in OSrc and ODst" ) ); + add( new ConvertToAtomicForTSrc( "convert to atomic rules in TSrc" ) ); + add( new prepareForLB( "prepare for load balancing rules" ) ); + add( new appProxy( "add application proxy code to map rules" ) ); + add( new expandAnyService("split NAT rules with ANY service" ) ); + add( new AssignInterface( "assign rules to interfaces" ) ); + add( new RedirectRules( "replace objects in TDst for 'Redirect' rules" ) ); + add( new convertInterfaceIdToStr( "prepare interface assignments" ) ); + add( new PrintRule("generate ipfilter code") ); + add( new simplePrintProgress() ); + + runRuleProcessors(); + + + } catch (FWException &ex) { + error(ex.toString()); + exit(1); + } +} + + +void NATCompiler_ipf::epilog() +{ +} diff --git a/src/pflib/NATCompiler_ipf.h b/src/pflib/NATCompiler_ipf.h new file mode 100644 index 000000000..a0c70468b --- /dev/null +++ b/src/pflib/NATCompiler_ipf.h @@ -0,0 +1,201 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: NATCompiler_ipf.h 1429 2007-10-10 16:05:37Z vk $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#ifndef __NATCOMPILER_IPF_HH +#define __NATCOMPILER_IPF_HH + +#include +#include "NATCompiler_pf.h" + +#include + +#define FTP_PORT 21 +#define RCMD_PORT 514 +#define KRCMD_PORT 544 +#define EKSHELL_PORT 2106 +#define H323_PORT 1720 +#define RAUDIO_PORT 5050 +#define ISAKMP_PORT 500 +#define PPTP_PORT 1723 +#define IRC_PORT 6667 + +namespace fwcompiler { + + + class NATCompiler_ipf : public NATCompiler_pf { + + + + protected: + + virtual std::string myPlatformName(); + + + /** + * verifies correctness of the NAT rules (some checks are the + * same as in pf, some are specific for ipf) + */ + DECLARE_NAT_RULE_PROCESSOR(VerifyRules); + + /** + * splits NAT rules if user ordered using * application proxy + * code for "map" rules + */ + DECLARE_NAT_RULE_PROCESSOR(appProxy); + + /** + * splits rules with service 'any' because they need "proxy + * tcp/udp auto" + */ + DECLARE_NAT_RULE_PROCESSOR(expandAnyService); + + /** + * ipf nat and rdr rules do not support port tanges; need to + * generate a separate rule for each port of the range. + */ + DECLARE_NAT_RULE_PROCESSOR(ExpandPortRange); + + /** + * LB-type rules allow no more than two destination hosts on + * the right side of '->'. This processor splits NAT rule if + * necessary to satisfy this rule + */ + DECLARE_NAT_RULE_PROCESSOR(prepareForLB); + + /** + * assigns NAT rules to interfaces + */ + DECLARE_NAT_RULE_PROCESSOR(AssignInterface); + + /** + * replaces object in tdst with reference to firewall's + * interface in 'Redirect' rules + */ + DECLARE_NAT_RULE_PROCESSOR(RedirectRules); + friend class fwcompiler::NATCompiler_ipf::RedirectRules; + + /** + * eliminates duplicate objects in SRC. Uses default comparison + * in eliminateDuplicatesInRE which compares IDs + */ + class eliminateDuplicatesInOSRC : public eliminateDuplicatesInRE + { + public: + eliminateDuplicatesInOSRC(const std::string &n) : + eliminateDuplicatesInRE(n,libfwbuilder::RuleElementOSrc::TYPENAME) {} + }; + + /** + * eliminates duplicate objects in DST. Uses default comparison + * in eliminateDuplicatesInRE which compares IDs + */ + class eliminateDuplicatesInODST : public eliminateDuplicatesInRE + { + public: + eliminateDuplicatesInODST(const std::string &n) : + eliminateDuplicatesInRE(n,libfwbuilder::RuleElementODst::TYPENAME) {} + }; + + /** + * eliminates duplicate objects in SRV. Uses default comparison + * in eliminateDuplicatesInRE which compares IDs + */ + class eliminateDuplicatesInOSRV : public eliminateDuplicatesInRE + { + public: + eliminateDuplicatesInOSRV(const std::string &n) : + eliminateDuplicatesInRE(n,libfwbuilder::RuleElementOSrv::TYPENAME) {} + }; + + /** + * Placeholder for MultiAddressRunTime objects that are not + * supported for ipf + */ + class processMultiAddressObjectsInRE : public NATRuleProcessor + { + std::string re_type; + public: + processMultiAddressObjectsInRE(const std::string &name, + const std::string &t) : NATRuleProcessor(name) { re_type=t; } + virtual bool processNext(); + }; + + + class processMultiAddressObjectsInOSrc : public processMultiAddressObjectsInRE + { + public: + processMultiAddressObjectsInOSrc(const std::string &n) : + processMultiAddressObjectsInRE(n,libfwbuilder::RuleElementOSrc::TYPENAME) {} + }; + + class processMultiAddressObjectsInODst : public processMultiAddressObjectsInRE + { + public: + processMultiAddressObjectsInODst(const std::string &n) : + processMultiAddressObjectsInRE(n,libfwbuilder::RuleElementODst::TYPENAME) {} + }; + + + /** + * prints single policy rule, assuming all groups have been + * expanded, so source, destination and service hold exactly + * one object each, and this object is not a group. Negation + * should also have been taken care of before this method is + * called. + */ + class PrintRule : public NATCompiler_pf::PrintRule + { + protected: + virtual void _printProtocol(libfwbuilder::Service *srv); + virtual void _printAddr_L(libfwbuilder::Address *o, bool print_netmask=true); + virtual void _printAddr_R(libfwbuilder::Address *o, bool print_netmask=true); + virtual void _printAddr_R_LB(libfwbuilder::RuleElementTDst *re); + virtual void _printPort(libfwbuilder::Service *srv,bool eq); + + public: + PrintRule(const std::string &name); + virtual bool processNext(); + }; + + + + + public: + + NATCompiler_ipf(libfwbuilder::FWObjectDatabase *_db, + const std::string &fwname, + fwcompiler::OSConfigurator *_oscnf) : NATCompiler_pf(_db,fwname,_oscnf) {} + + + virtual int prolog(); + virtual void compile(); + virtual void epilog(); + + }; + + +} + +#endif diff --git a/src/pflib/NATCompiler_ipf_writers.cpp b/src/pflib/NATCompiler_ipf_writers.cpp new file mode 100644 index 000000000..4db27a39d --- /dev/null +++ b/src/pflib/NATCompiler_ipf_writers.cpp @@ -0,0 +1,317 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: NATCompiler_ipf_writers.cpp 1028 2006-05-17 02:30:19Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "NATCompiler_ipf.h" + + +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/NAT.h" +#include "fwbuilder/AddressRange.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/Host.h" +#include "fwbuilder/Network.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/IPv4.h" +#include "fwbuilder/Firewall.h" + + +#include +#if __GNUC__ > 3 || \ + (__GNUC__ == 3 && (__GNUC_MINOR__ > 2 || (__GNUC_MINOR__ == 2 ) ) ) || \ + _MSC_VER +# include +#else +# include +#endif +#include +#include +#include + +#include + +using namespace libfwbuilder; +using namespace fwcompiler; +using namespace std; + + + +/** + *----------------------------------------------------------------------- + * Methods for printing + */ + + + + + +void NATCompiler_ipf::PrintRule::_printAddr_L(Address *o, bool print_netmask) +{ + FWOptions* options=compiler->fw->getOptionsObject(); + + IPAddress addr=o->getAddress(); + Netmask mask=o->getNetmask(); + + if (Interface::cast(o)!=NULL && Interface::cast(o)->isDyn()) + { + if (options->getBool("dynAddr")) + compiler->output << "(" << o->getName() << ") "; + else + compiler->output << "any "; + + return; + } + + if (Interface::cast(o)!=NULL && ! Interface::cast(o)->isDyn()) + mask=Netmask("255.255.255.255"); + + if (IPv4::cast(o)!=NULL) + mask=Netmask("255.255.255.255"); + + if (addr.toString()=="0.0.0.0" && mask.toString()=="0.0.0.0") { + compiler->output << "any "; + } else { + + compiler->output << addr.toString(); + if (print_netmask) + compiler->output << "/" << mask.getLength(); + compiler->output << " "; + } +} + +void NATCompiler_ipf::PrintRule::_printAddr_R(Address *o, bool print_netmask) +{ + IPAddress addr=o->getAddress(); + Netmask mask=o->getNetmask(); + + if (Interface::cast(o)!=NULL) + mask=Netmask("255.255.255.255"); + + if (IPv4::cast(o)!=NULL) + mask=Netmask("255.255.255.255"); + + if (addr.toString()=="0.0.0.0" && print_netmask && mask.toString()=="255.255.255.255") + compiler->output << "0/32 "; + else + { + compiler->output << addr.toString(); + if (print_netmask) + compiler->output << "/" << mask.getLength(); + compiler->output << " "; + } +} + + +void NATCompiler_ipf::PrintRule::_printAddr_R_LB(RuleElementTDst *tdst) +{ + bool first=true; + for(list::iterator i=tdst->begin(); i!=tdst->end(); ++i) + { + FWObject *o= *i; + FWObject *obj = NULL; + if (FWReference::cast(o)!=NULL) obj=FWReference::cast(o)->getPointer(); + + Address *a=Address::cast(obj); + + IPAddress addr=a->getAddress(); + + if (!first) compiler->output << ","; + compiler->output << addr.toString(); + first=false; + } + compiler->output << " "; +} + + + +void NATCompiler_ipf::PrintRule::_printProtocol(Service *srv) +{ + compiler->output << srv->getProtocolName() << " "; +} + +/* + * Note: ipfilter permits "port 0" to the right of "->", in fact, this is useful + * and recommended construct for rules that should match "any tcp" or "any udp". + * If this method is called to print port spec. for the part of the rule left + * of "->", then parameter eq is true, otherwise it is false. We permit port 0 + * only for the right part of the rule, that is, when eq is false + */ +void NATCompiler_ipf::PrintRule::_printPort(Service *srv,bool eq) +{ + if (TCPService::isA(srv) || UDPService::isA(srv)) + { + int drs=srv->getInt("dst_range_start"); + if (!eq || drs!=0) + { + compiler->output << "port "; + if (eq) + compiler->output << "= "; + compiler->output<< drs << " "; + } + } +} + + +NATCompiler_ipf::PrintRule::PrintRule(const std::string &name) : NATCompiler_pf::PrintRule(name) +{ +} + +bool NATCompiler_ipf::PrintRule::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + tmp_queue.push_back(rule); + + string rl=rule->getLabel(); + if (rl!=current_rule_label) { + + compiler->output << "# " << endl; + compiler->output << "# Rule " << rl << endl; + + string comm=rule->getComment(); + string::size_type c1,c2; + c1=0; + while ( (c2=comm.find('\n',c1))!=string::npos ) { + compiler->output << "# " << comm.substr(c1,c2-c1) << endl; + c1=c2+1; + } + compiler->output << "# " << comm.substr(c1) << endl; + compiler->output << "# " << endl; + + current_rule_label=rl; + } + + + Address *osrc=compiler->getFirstOSrc(rule); assert(osrc); + Address *odst=compiler->getFirstODst(rule); assert(odst); + Service *osrv=compiler->getFirstOSrv(rule); assert(osrv); + + Address *tsrc=compiler->getFirstTSrc(rule); assert(tsrc); + Address *tdst=compiler->getFirstTDst(rule); assert(tdst); + Service *tsrv=compiler->getFirstTSrv(rule); assert(tsrv); + +// Interface *iface= +// Interface::cast( rule->getRoot()->getById(rule->getInterfaceId() ,true) ); + + if (rule->getRuleType()==NATRule::NONAT) + { + compiler->output << "map " + << rule->getInterfaceStr() + << " "; + compiler->output << "from "; + _printAddr_L( osrc ); + compiler->output << "to "; + _printAddr_L( odst ); + + if ( rule->getStr("nat_rule_proxy")=="") _printPort(osrv,true); + + compiler->output << "-> 0/0"; +// _printAddr_R( tsrc ); + compiler->output << " "; + + if ( rule->getStr("nat_rule_proxy")!="") compiler->output << rule->getStr("nat_rule_proxy"); + + compiler->output << endl; + } + + if (rule->getRuleType()==NATRule::SNAT) + { + compiler->output << "map " + << rule->getInterfaceStr() + << " "; + compiler->output << "from "; + _printAddr_L( osrc ); + compiler->output << "to "; + _printAddr_L( odst ); + + if ( rule->getStr("nat_rule_proxy")=="") _printPort(osrv,true); + + compiler->output << "-> "; + _printAddr_R( tsrc ); + compiler->output << " "; + + if ( rule->getStr("nat_rule_proxy")!="") compiler->output << rule->getStr("nat_rule_proxy"); + else + { + if (osrv->getTypeName()==TCPService::TYPENAME || + osrv->getTypeName()==UDPService::TYPENAME || + rule->getBool("needs_portmap") ) + compiler->output << " portmap tcp/udp auto "; + } + + compiler->output << endl; + } + + if (rule->getRuleType()==NATRule::DNAT) + { + compiler->output << "rdr " << rule->getInterfaceStr() << " "; + + compiler->output << "from "; _printAddr_L( osrc , true ); + compiler->output << "to "; _printAddr_L( odst , true ); + _printPort(osrv,true); + + compiler->output << "-> "; _printAddr_R( tdst , false ); + _printPort(tsrv,false); + + if ( ! osrv->isAny()) _printProtocol(osrv); + compiler->output << endl; + } + + if (rule->getRuleType()==NATRule::LB) + { + compiler->output << "rdr " << rule->getInterfaceStr() << " "; + + compiler->output << "from "; _printAddr_L( osrc , true ); + compiler->output << "to "; _printAddr_L( odst , true ); + _printPort(osrv,true); + + compiler->output << "-> "; _printAddr_R_LB( rule->getTDst() ); + _printPort(tsrv,false); + + if ( ! osrv->isAny()) _printProtocol(osrv); + compiler->output << " round-robin "; + compiler->output << endl; + } + + if (rule->getRuleType()==NATRule::Redirect) + { + compiler->output << "rdr " << rule->getInterfaceStr() << " "; + + compiler->output << "from "; _printAddr_L( osrc , true ); + compiler->output << "to "; _printAddr_L( odst , true ); + _printPort(osrv,true); + + compiler->output << "-> "; _printAddr_R( tdst , false ); + _printPort(tsrv,false); + _printProtocol(osrv); + + compiler->output << endl; + } + + return true; +} + diff --git a/src/pflib/NATCompiler_ipfw.cpp b/src/pflib/NATCompiler_ipfw.cpp new file mode 100644 index 000000000..82bc9d5be --- /dev/null +++ b/src/pflib/NATCompiler_ipfw.cpp @@ -0,0 +1,86 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: NATCompiler_ipfw.cpp 955 2006-03-08 07:10:09Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" + +#include "NATCompiler_ipfw.h" + +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/NAT.h" +#include "fwbuilder/AddressRange.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/Host.h" +#include "fwbuilder/Network.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/Firewall.h" + +#include + +#include + +using namespace libfwbuilder; +using namespace fwcompiler; +using namespace std; + +string NATCompiler_ipfw::myPlatformName() { return "ipfw"; } + + +int NATCompiler_ipfw::prolog() +{ + + int n=NATCompiler_pf::prolog(); + + return n; +} + +void NATCompiler_ipfw::compile() +{ + cout << _(" Compiling NAT rules for ") << fw->getName() << " ..." << endl << flush; + + try { + + Compiler::compile(); + + add( new Begin()); + add( new printTotalNumberOfRules() ); + + add( new simplePrintProgress() ); + + runRuleProcessors(); + + } catch (FWException &ex) { + error(ex.toString()); + exit(1); + } +} + + +void NATCompiler_ipfw::epilog() +{ +} diff --git a/src/pflib/NATCompiler_ipfw.h b/src/pflib/NATCompiler_ipfw.h new file mode 100644 index 000000000..880ffec5e --- /dev/null +++ b/src/pflib/NATCompiler_ipfw.h @@ -0,0 +1,65 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: NATCompiler_ipfw.h 282 2004-05-11 06:06:30Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#ifndef __NATCOMPILER_IPFW_HH +#define __NATCOMPILER_IPFW_HH + +#include +#include "NATCompiler_pf.h" + +#include + +#define FTP_PORT 21 +#define RCMD_PORT 514 +#define H323_PORT 1720 +#define RAUDIO_PORT 5050 +#define ISAKMP_PORT 500 + +namespace fwcompiler { + + + class NATCompiler_ipfw : public NATCompiler_pf { + + protected: + + virtual std::string myPlatformName(); + + public: + + NATCompiler_ipfw(libfwbuilder::FWObjectDatabase *_db, + const std::string &fwname, + fwcompiler::OSConfigurator *_oscnf) : NATCompiler_pf(_db,fwname,_oscnf) {} + + + virtual int prolog(); + virtual void compile(); + virtual void epilog(); + + }; + + +} + +#endif diff --git a/src/pflib/NATCompiler_ipfw_writers.cpp b/src/pflib/NATCompiler_ipfw_writers.cpp new file mode 100644 index 000000000..82d65d9ac --- /dev/null +++ b/src/pflib/NATCompiler_ipfw_writers.cpp @@ -0,0 +1,61 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: NATCompiler_ipfw_writers.cpp 297 2004-05-15 06:19:03Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "NATCompiler_ipfw.h" + + +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/NAT.h" +#include "fwbuilder/AddressRange.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/Host.h" +#include "fwbuilder/Network.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/IPv4.h" +#include "fwbuilder/Firewall.h" + + +#include +#if __GNUC__ > 3 || \ + (__GNUC__ == 3 && (__GNUC_MINOR__ > 2 || (__GNUC_MINOR__ == 2 ) ) ) || \ + _MSC_VER +# include +#else +# include +#endif +#include +#include +#include + +#include + +using namespace libfwbuilder; +using namespace fwcompiler; +using namespace std; + + diff --git a/src/pflib/NATCompiler_pf.cpp b/src/pflib/NATCompiler_pf.cpp new file mode 100644 index 000000000..63ad0563e --- /dev/null +++ b/src/pflib/NATCompiler_pf.cpp @@ -0,0 +1,1002 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: NATCompiler_pf.cpp 1372 2007-06-21 03:25:45Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" + +#include "NATCompiler_pf.h" + +#include "fwcompiler/OSConfigurator.h" + +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/NAT.h" +#include "fwbuilder/AddressRange.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/Host.h" +#include "fwbuilder/Network.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/IPv4.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/AddressTable.h" + +#include +#include + +#include + +using namespace libfwbuilder; +using namespace fwcompiler; +using namespace std; + +string NATCompiler_pf::myPlatformName() { return "pf"; } + + +int NATCompiler_pf::prolog() +{ + int n=NATCompiler::prolog(); + + if ( n>0 ) + { + bool found_ext=false; + list l2=fw->getByType(Interface::TYPENAME); + for (list::iterator i=l2.begin(); i!=l2.end(); ++i) + { + Interface *iface=dynamic_cast(*i); + assert(iface); + + if ( iface->isExt() ) found_ext=true; + if ( iface->isDyn()) + { + iface->setBool("use_var_address",true); + +/* dynamic interface should not have IPv4 child object(s). We issue a + * warning if it does in a policy compiler, there is no need to repeat + * it here + */ + list l3=iface->getByType(IPv4::TYPENAME); + for (list::iterator j=l3.begin(); j!=l3.end(); ++j) + iface->remove(*j); + } + } + + if (!found_ext) + throw FWException(_("At least one interface should be marked as external, can not configure NAT")); + } + +/* pseudo-host with ip address 127.0.0.1 We'll use it for redirection NAT rules */ + //FWObject *grp; + loopback_address=IPv4::cast(dbcopy->create(IPv4::TYPENAME) ); + loopback_address->setAddress("127.0.0.1"); + loopback_address->setName("__loopback_address__"); + loopback_address->setId("__loopback_address_id__"); + dbcopy->add(loopback_address,false); + cacheObj(loopback_address); + + if (tables) tables->init(dbcopy); + + return n; +} + +string NATCompiler_pf::debugPrintRule(libfwbuilder::Rule *r) +{ + NATRule *rule=NATRule::cast(r); + Interface *rule_iface = getCachedFwInterface(rule->getInterfaceId()); + + return NATCompiler::debugPrintRule(rule)+ + " "+string( (rule_iface!=NULL)?rule_iface->getName():"") + + " (type="+rule->getRuleTypeAsString()+")"; +} + + +bool NATCompiler_pf::NATRuleType::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + tmp_queue.push_back(rule); + + if (rule->getRuleType()!=NATRule::Unknown) return true; + + RuleElementTDst *tdstre=rule->getTDst(); + + //Address *osrc=compiler->getFirstOSrc(rule); + //Address *odst=compiler->getFirstODst(rule); + + Address *tsrc=compiler->getFirstTSrc(rule); + Address *tdst=compiler->getFirstTDst(rule); + + if ( tsrc->isAny() && tdst->isAny() ) { + rule->setRuleType(NATRule::NONAT); + return true; + } + + if ( ! tsrc->isAny() && tdst->isAny() ) { + rule->setRuleType(NATRule::SNAT); + return true; + } + + if ( tsrc->isAny() && ! tdst->isAny() ) { +/* this is load balancing rule if there are multiple objects in TDst */ + if ( tdstre->size()>1 ) rule->setRuleType(NATRule::LB); + else + { + + if ( compiler->complexMatch(tdst,compiler->fw) ) rule->setRuleType(NATRule::Redirect); + else rule->setRuleType(NATRule::DNAT); + +// if ( tdst->getId()==compiler->fw->getId() ) rule->setRuleType(NATRule::Redirect); +// else rule->setRuleType(NATRule::DNAT); + } + return true; + } + + if ( ! tsrc->isAny() && ! tdst->isAny() ) + { + rule->setRuleType(NATRule::SDNAT); + return true; + } + + throw FWException(_("Unsupported translation. Rule: ")+rule->getLabel()); + + return false; +} + +/* + * This processor should be called after classifyNATRule. Should call + * classifyNATRule after this processor again. + * + * This algorithm is very much specific to iptables. Platforms where + * this simple algorithm for SDNAT rules is not appropriate, should + * either implement equivalent of this processor using different + * algorithm, or should catch SDNAT rules and abort in their own + * verifyNATRule processor. + */ +bool NATCompiler_pf::splitSDNATRule::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + if ( rule->getRuleType()==NATRule::SDNAT) + { + RuleElementODst *odst; + RuleElementOSrv *osrv; + RuleElementTSrc *tsrc; + RuleElementTDst *tdst; + +/* first rule translates destination and may translate service (depends + * on the original rule) */ + NATRule *r = NATRule::cast( compiler->dbcopy->create(NATRule::TYPENAME) ); + r->duplicate(rule); + compiler->temp_ruleset->add(r); + r->setRuleType(NATRule::Unknown); + + tsrc=r->getTSrc(); + tsrc->clearChildren(); + tsrc->setAnyElement(); + + tmp_queue.push_back(r); + +/* the second rule translates source and uses translated object in + * ODst. Since the service could have been translated by the first + * rule, we use TSrv in OSrv */ + r = NATRule::cast( compiler->dbcopy->create(NATRule::TYPENAME) ); + r->duplicate(rule); + compiler->temp_ruleset->add(r); + r->setRuleType(NATRule::Unknown); + + odst=r->getODst(); + odst->clearChildren(); + for (FWObject::iterator i=rule->getTDst()->begin(); i!=rule->getTDst()->end(); i++) + odst->add( *i ); + + if ( ! rule->getTSrv()->isAny()) + { + osrv=r->getOSrv(); + osrv->clearChildren(); + for (FWObject::iterator i=rule->getTSrv()->begin(); i!=rule->getTSrv()->end(); i++) + osrv->add( *i ); + } + + tdst=r->getTDst(); + tdst->clearChildren(); + tdst->setAnyElement(); + + tmp_queue.push_back(r); + } + else + tmp_queue.push_back(rule); + + return true; +} + + +bool NATCompiler_pf::VerifyRules::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + tmp_queue.push_back(rule); + + RuleElementOSrc *osrc=rule->getOSrc(); assert(osrc); + RuleElementODst *odst=rule->getODst(); assert(odst); + RuleElementOSrv *osrv=rule->getOSrv(); assert(osrv); + + RuleElementTSrc *tsrc=rule->getTSrc(); assert(tsrc); + RuleElementTDst *tdst=rule->getTDst(); assert(tdst); + RuleElementTSrv *tsrv=rule->getTSrv(); assert(tsrv); + +// if (rule->getRuleType()==NATRule::LB) +// throw FWException(_("Load balancing rules are not supported. Rule ")+rule->getLabel()); + + if (rule->getRuleType()==NATRule::DNAT && odst->size()!=1) + throw FWException(_("There should be no more than one object in original destination in the rule ")+rule->getLabel()); + +// if (rule->getRuleType()==NATRule::SNAT && tsrc->size()!=1) +// throw FWException(_("There should be no more than one object in translated source in the rule ")+rule->getLabel()); + + if (osrv->getNeg()) + throw FWException(_("Negation in original service is not supported. Rule ")+rule->getLabel()); + + /* bug #1276083: "Destination NAT rules". this restriction is not + * true at least as of OpenBSD 3.5 + * + if (rule->getRuleType()==NATRule::DNAT && osrv->isAny()) + throw FWException(_("Service must be specified for destination translation rule. Rule ")+rule->getLabel()); + */ + + if (rule->getRuleType()==NATRule::DNAT && osrv->isAny() && !tsrv->isAny()) + throw FWException(_("Can not translate 'any' into a specific service. Rule ")+rule->getLabel()); + + if (tsrc->getNeg()) + throw FWException(_("Can not use negation in translated source. Rule ")+rule->getLabel()); + + if (tdst->getNeg()) + throw FWException(_("Can not use negation in translated destination. Rule ")+rule->getLabel()); + + if (tsrv->getNeg()) + throw FWException(_("Can not use negation in translated service. Rule ")+rule->getLabel()); + + if (tsrv->size()!=1) + throw FWException(_("Translated service should be 'Original' or should contain single object. Rule: ")+rule->getLabel()); + + FWObject *o=tsrv->front(); + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + + if ( Group::cast(o)!=NULL) + throw FWException(_("Can not use group in translated service. Rule ")+rule->getLabel()); + +#if 0 + if (rule->getRuleType()==NATRule::SNAT ) + { + Address* o1=compiler->getFirstTSrc(rule); + if ( Network::cast(o1)!=NULL || AddressRange::cast(o1)!=NULL ) + throw FWException(_("Can not use network or address range object in translated source. Rule ")+rule->getLabel()); + } +#endif + + if (rule->getRuleType()==NATRule::DNAT || rule->getRuleType()==NATRule::Redirect ) + { + if ( tdst->size()!=1) + throw FWException(_("There should be no more than one object in translated destination in the rule ")+rule->getLabel()); + + Address* o1=compiler->getFirstTDst(rule); + if ( Network::cast(o1)!=NULL || AddressRange::cast(o1)!=NULL ) + throw FWException(_("Can not use network or address range object in translated destination. Rule ")+rule->getLabel()); + } + + + if (rule->getRuleType()==NATRule::SNetnat && !tsrc->isAny() ) + { + Network *a1=Network::cast(compiler->getFirstOSrc(rule)); + Network *a2=Network::cast(compiler->getFirstTSrc(rule)); + if ( a1==NULL || a2==NULL || + a1->getNetmask().getLength()!=a2->getNetmask().getLength() ) + throw FWException(_("Original and translated source should both be networks of the same size . Rule ")+rule->getLabel()); + } + + if (rule->getRuleType()==NATRule::DNetnat && !tsrc->isAny() ) + { + Network *a1=Network::cast(compiler->getFirstODst(rule)); + Network *a2=Network::cast(compiler->getFirstTDst(rule)); + if ( a1==NULL || a2==NULL || + a1->getNetmask().getLength()!=a2->getNetmask().getLength() ) + throw FWException(_("Original and translated destination should both be networks of the same size . Rule ")+rule->getLabel()); + } + + return true; +} + +bool NATCompiler_pf::splitOnOSrv::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementOSrv *osrv=rule->getOSrv(); assert(osrv); + if (osrv->size()!=1) { + + for(list::iterator i=osrv->begin(); i!=osrv->end(); ++i) { + FWObject *o= *i; +// if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + Service *s=Service::cast( o ); + assert(s); + + NATRule *r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + RuleElementOSrv *nosrv=r->getOSrv(); + nosrv->clearChildren(); + + nosrv->addRef( s ); + + tmp_queue.push_back( r ); + } + } else + tmp_queue.push_back(rule); + + return true; +} + +bool NATCompiler_pf::fillTranslatedSrv::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + tmp_queue.push_back(rule); + + Service *osrv_o=compiler->getFirstOSrv(rule); + Service *tsrv_o=compiler->getFirstTSrv(rule); + + if ( ! osrv_o->isAny() && tsrv_o->isAny() ) + { + RuleElementTSrv *tsrv=rule->getTSrv(); + tsrv->addRef(osrv_o); + } + return true; +} + +bool NATCompiler_pf::addVirtualAddress::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + tmp_queue.push_back(rule); + + Address *a=NULL; + if (rule->getRuleType()==NATRule::SNAT) a=compiler->getFirstTSrc(rule); + else + if (rule->getRuleType()==NATRule::DNAT) a=compiler->getFirstODst(rule); + else return true; + assert(a!=NULL); + + if ( ! a->isAny() && a->getId()!=compiler->getFwId() ) { + + list l2=compiler->fw->getByType(Interface::TYPENAME); + for (list::iterator i=l2.begin(); i!=l2.end(); ++i) + { + Interface *iface=dynamic_cast(*i); + assert(iface); + + if ( a->getAddress() == iface->getAddress() ) return true; + } + compiler->osconfigurator->addVirtualAddressForNAT( a ); + } + + return true; +} + + +bool NATCompiler_pf::splitForTSrc::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + RuleElementTSrc *tsrc=rule->getTSrc(); assert(tsrc); + + map > interfaceGroups; + + for(list::iterator i=tsrc->begin(); i!=tsrc->end(); ++i) + { + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + Interface *iface = compiler->findInterfaceFor(Address::cast(o),compiler->fw); + if (iface!=NULL) + interfaceGroups[iface->getId()].push_back(o); + } + + if (interfaceGroups.size()<=1) tmp_queue.push_back(rule); + else + { + map >::iterator i; + for (i=interfaceGroups.begin(); i!=interfaceGroups.end(); i++) + { + list &objSubset = (*i).second; + + RuleElementTSrc *ntsrc = NULL; + NATRule *r = NATRule::cast( + compiler->dbcopy->create(NATRule::TYPENAME) ); + r->duplicate(rule); + compiler->temp_ruleset->add(r); + + ntsrc=r->getTSrc(); + ntsrc->clearChildren(); + ntsrc->setAnyElement(); + for (FWObject::iterator j=objSubset.begin(); j!=objSubset.end(); j++) + { + ntsrc->addRef(*j); + } + tmp_queue.push_back(r); + } + } + return true; +} + + +bool NATCompiler_pf::AssignInterface::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + if (regular_interfaces.empty()) + { + int n=0; + list l2=compiler->fw->getByType(Interface::TYPENAME); + for (list::iterator i=l2.begin(); i!=l2.end(); ++i) + { + Interface *iface=Interface::cast(*i); + assert(iface); + + if (iface->isLoopback() || + iface->isUnnumbered() || + iface->isBridgePort()) continue; + + if (n) regular_interfaces+=","; + regular_interfaces+= iface->getName(); + n++; + } + if (n>1) regular_interfaces="{ "+regular_interfaces+" }"; + } + + switch ( rule->getRuleType() ) + { + case NATRule::SNAT: + { + Address *a=compiler->getFirstTSrc(rule); +#if 0 + Interface *iface = compiler->findInterfaceFor(a,compiler->fw); + if (iface!=NULL) + { + rule->setInterfaceId( iface->getId() ); + tmp_queue.push_back(rule); + return true; + } +#endif + if ( (Interface::isA(a) || IPv4::isA(a)) && a->isChildOf(compiler->fw)) + { + FWObject *p=a; + while ( ! Interface::isA(p) ) p=p->getParent(); + rule->setInterfaceId( p->getId() ); + tmp_queue.push_back(rule); + return true; + } + +/* if we appear here, then TSrc is not an interface or address of + * an interface. Generate NAT rule without "on iface" clause + */ + rule->setInterfaceStr(""); + } + break; + + case NATRule::DNAT: + { + Address *a=compiler->getFirstODst(rule); + + if ( (Interface::isA(a) || IPv4::isA(a)) && a->isChildOf(compiler->fw)) + { + FWObject *p=a; + while ( ! Interface::isA(p) ) p=p->getParent(); + rule->setInterfaceId( p->getId() ); + tmp_queue.push_back(rule); + return true; + } + +/* if we appear here, then ODst is not an interface or address of an + * interface. If this is so, just do not specify interface for rdr + * rule. + */ + rule->setInterfaceStr(""); + } + break; + + default: break; + } + + tmp_queue.push_back(rule); + return true; +} + + +/* + * I assume that there is always only one object in ODst, TSrc and TDst + * rule elements. This should have been assured by inspector VerifyRules + */ +bool NATCompiler_pf::ReplaceFirewallObjectsODst::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + tmp_queue.push_back(rule); + + list cl; + RuleElementODst *rel; + Address *obj=NULL; + + rel=rule->getODst(); assert(rel); + obj=compiler->getFirstODst(rule); assert(obj); + + if (obj->getId()==compiler->getFwId() ) { + + list l2=compiler->fw->getByType(Interface::TYPENAME); + for (list::iterator i=l2.begin(); i!=l2.end(); ++i) { + Interface *interface_=Interface::cast(*i); +/* + * update 03/20/03: + * + * generally we assume that if firewall object is used in the rule, + * then any or all its interface will be used. This means that if + * firewall is in ODst we should really use all of its interfaces, not + * only external ones. + */ + if (! interface_->isLoopback() ) cl.push_back(interface_); + +// if (interface_->isExt()) cl.push_back(interface_); + } + if ( ! cl.empty() ) { + rel->clearChildren(); + + for (FWObject::iterator i1=cl.begin(); i1!=cl.end(); ++i1) + { + rel->addRef( *i1 ); + } + } + } + + return true; +} + +/* + * I assume that there is always only one object in ODst, TSrc and TDst + * rule elements. This should have been assured by inspector VerifyRules + */ +bool NATCompiler_pf::ReplaceFirewallObjectsTSrc::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + tmp_queue.push_back(rule); + + list cl; + RuleElementTSrc *rel; + Address *obj=NULL; + + switch (rule->getRuleType()) + { + case NATRule::Masq: return true; + default: + rel=rule->getTSrc(); assert(rel); + obj=compiler->getFirstTSrc(rule); assert(obj); + + if (obj->getId()==compiler->getFwId() ) + { + Address *odst=compiler->getFirstODst(rule); + + rel->clearChildren(); + + Interface *iface=compiler->findInterfaceFor(odst,compiler->fw); + + if (!odst->isAny() && !rule->getODst()->getNeg() && iface!=NULL) + rel->addRef(iface); + else // else use all interfaces except loopback and unnumbered ones + { + list l2=compiler->fw->getByType(Interface::TYPENAME); + for (list::iterator i=l2.begin(); i!=l2.end(); ++i) + { + Interface *iface=Interface::cast(*i); + if (! iface->isLoopback() && + ! iface->isUnnumbered() && + ! iface->isBridgePort()) + rel->addRef( *i ); + } + for (FWObject::iterator i1=cl.begin(); i1!=cl.end(); ++i1) + rel->addRef( *i1 ); + +/* it is an error if rule element is empty at this point. this could have + * happened if all external interfaces are unnumbered */ + if (rel->size()==0) + { + char errmsg[1024]; + sprintf(errmsg, +_("Could not find suitable interface for the NAT rule %s. Perhaps all interfaces are unnumbered?"), + rule->getLabel().c_str() ); + compiler->abort(errmsg); + } + } + } + } + return true; +} + +/* + * I assume that there is always only one object in ODst, TSrc and TDst + * rule elements. This should have been assured by inspector VerifyRules + */ +bool NATCompiler_pf::ReplaceObjectsTDst::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + NATCompiler_pf *pf_comp=dynamic_cast(compiler); + + tmp_queue.push_back(rule); + + if (rule->getRuleType()==NATRule::Redirect) + { + Service *tsrv=compiler->getFirstTSrv(rule); + RuleElementTDst *rel=rule->getTDst(); assert(rel); + Address *otdst=compiler->getFirstTDst(rule); + Interface *loopback=NULL; + IPv4 *loopback_address=NULL; + +/* if firewall is used in TDst in redirection rule, replace it with + * its loopback interface + */ + if (otdst->getId()==compiler->fw->getId()) + { + std::list l2=compiler->fw->getByType(Interface::TYPENAME); + for (std::list::iterator i=l2.begin(); + i!=l2.end(); ++i) + { + Interface *iface=dynamic_cast(*i); + assert(iface); + if (iface->isLoopback()) + { + loopback=iface; + loopback_address=IPv4::cast(loopback->getFirstByType(IPv4::TYPENAME)); + } + } + + if (loopback_address==NULL) + { + char errstr[1024]; + sprintf(errstr, _("Can not configure redirection NAT rule %s because loopback interface is missing.") , + rule->getLabel().c_str() ); + compiler->abort(errstr); + } + + rel->clearChildren(); + rel->addRef( loopback_address ); + + pf_comp->redirect_rules.push_back( + redirectRuleInfo( rule->getLabel(), otdst, + loopback_address, tsrv ) ); + } + } + return true; +} + + +bool NATCompiler_pf::swapAddressTableObjectsInRE::processNext() +{ + NATCompiler_pf *pf_comp=dynamic_cast(compiler); + Rule *rule=prev_processor->getNextRule(); if (rule==NULL) return false; + + RuleElement *re=RuleElement::cast( rule->getFirstByType(re_type) ); + + list cl; + for (FWObject::iterator i=re->begin(); i!=re->end(); i++) + { + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + /* + * All addressTable objects will be run-time here because we + * switch them in preprocessor. The difference is: if address + * table was originally run-time, at this point it will have + * no children, however if it was compile-time originally, it + * will have children objects. That is how we distinguish + * them in this rule processor. Here we only deal with + * AddressTable objects that originally used to be + * compile-time because we need to create tables for them. + */ + if (AddressTable::cast(o)!=NULL && + AddressTable::cast(o)->isRunTime() && + o->size() > 0) + cl.push_back(MultiAddress::cast(o)); + } + + if (!cl.empty()) + { + for (list::iterator i=cl.begin(); i!=cl.end(); i++) + { + MultiAddress *atbl = *i; + + string mart_id = atbl->getId()+"_runtime"; + MultiAddressRunTime *mart = + MultiAddressRunTime::cast(compiler->dbcopy->findInIndex(mart_id)); + if (mart==NULL) + { + mart = new MultiAddressRunTime(atbl); + + // need to ensure stable ID for the runtime object, so + // that when the same object is replaced in different + // rulesets by different compiler passes, chosen + // runtime object has the same ID and is identified as + // the same by the compiler. + + mart->setId( mart_id ); + compiler->dbcopy->addToIndex(mart); + compiler->dbcopy->add(mart); + +// register this object as a table + string tblname = atbl->getName(); + string tblID = tblname + "_addressTableObject"; + pf_comp->tables->registerTable(tblname,tblID,atbl); + } + + re->removeRef(atbl); + re->addRef(mart); + } + tmp_queue.push_back(rule); + return true; + } + + tmp_queue.push_back(rule); + return true; +} + + +bool NATCompiler_pf::processMultiAddressObjectsInRE::processNext() +{ + NATCompiler_pf *pf_comp=dynamic_cast(compiler); + NATRule *rule=getNext(); if (rule==NULL) return false; + + RuleElement *re=RuleElement::cast( rule->getFirstByType(re_type) ); + bool neg = re->getNeg(); + + list cl; + + try + { + for (FWObject::iterator i=re->begin(); i!=re->end(); i++) + { + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + + MultiAddressRunTime *atrt = MultiAddressRunTime::cast(o); + if (atrt!=NULL && atrt->getSubstitutionTypeName()==AddressTable::TYPENAME) + { + if (re->size()>1 && neg) + { + string err = "AddressTable object can not be used with negation in combination with other objects in the same rule element. Rule "; + err += rule->getLabel(); + compiler->abort(err); + } + o->setBool("pf_table",true); + string tblname = o->getName(); + string tblID = tblname + "_addressTableObject"; + pf_comp->tables->registerTable(tblname,tblID,o); + cl.push_back(o); + } + } + } catch(FWException &ex) // TableFactory::registerTable throws exception + { + string err; + err = "Can not process MultiAddress object in rule " + + rule->getLabel() + " : " + ex.toString(); + compiler->abort( err ); + } + + if (!cl.empty()) + { + RuleElement *nre; + + for (FWObject::iterator i=cl.begin(); i!=cl.end(); i++) + { + NATRule *r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + nre=RuleElement::cast( r->getFirstByType(re_type) ); + nre->clearChildren(); + nre->addRef( *i ); + tmp_queue.push_back(r); + } + + for (FWObject::iterator i=cl.begin(); i!=cl.end(); i++) + re->removeRef( *i ); + + if (!re->isAny()) + tmp_queue.push_back(rule); + + return true; + } + + tmp_queue.push_back(rule); + return true; +} + + + +void NATCompiler_pf::checkForDynamicInterfacesOfOtherObjects::findDynamicInterfaces(RuleElement *re, + Rule *rule) +{ + if (re->isAny()) return; + list cl; + for (list::iterator i1=re->begin(); i1!=re->end(); ++i1) + { + FWObject *o = *i1; + FWObject *obj = o; + if (FWReference::cast(o)!=NULL) obj=FWReference::cast(o)->getPointer(); + Interface *ifs =Interface::cast( obj ); + + if (ifs!=NULL && ifs->isDyn() && ! ifs->isChildOf(compiler->fw)) + { + char errstr[2048]; + sprintf(errstr,_("Can not build rule using dynamic interface '%s' of the object '%s' because its address in unknown. Rule %s"), + ifs->getName().c_str(), + ifs->getParent()->getName().c_str(), + rule->getLabel().c_str() ); + + throw FWException(errstr); + } + } +} + + +bool NATCompiler_pf::checkForDynamicInterfacesOfOtherObjects::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + findDynamicInterfaces( rule->getOSrc() , rule ); + findDynamicInterfaces( rule->getODst() , rule ); + findDynamicInterfaces( rule->getTSrc() , rule ); + findDynamicInterfaces( rule->getTDst() , rule ); + + tmp_queue.push_back(rule); + return true; +} + +bool NATCompiler_pf::createTables::processNext() +{ + NATCompiler_pf *pf_comp=dynamic_cast(compiler); + NATRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementOSrc *osrc=rule->getOSrc(); + RuleElementODst *odst=rule->getODst(); + + if (osrc->size()!=1) pf_comp->tables->createTablesForRE(osrc,rule); + if (odst->size()!=1) pf_comp->tables->createTablesForRE(odst,rule); + +#if 0 + RuleElementTSrc *tsrc=rule->getTSrc(); + RuleElementTDst *tdst=rule->getTDst(); + + if (tsrc->size()!=1) pf_comp->tables->createTablesForRE(tsrc,rule); + if (tdst->size()!=1) pf_comp->tables->createTablesForRE(tdst,rule); +#endif + + tmp_queue.push_back(rule); + return true; +} + + +void NATCompiler_pf::compile() +{ + bool manage_virtual_addr=fwopt->getBool("manage_virtual_addr"); + + + cout << _(" Compiling NAT rules for ") << fw->getName() << " ..." << endl << flush; + + try { + + Compiler::compile(); + + add( new Begin()); + add( new printTotalNumberOfRules() ); + + add( new recursiveGroupsInOSrc("check for recursive groups in OSRC") ); + add( new recursiveGroupsInODst("check for recursive groups in ODST") ); + add( new recursiveGroupsInOSrv("check for recursive groups in OSRV") ); + + add( new recursiveGroupsInTSrc("check for recursive groups in TSRC") ); + add( new recursiveGroupsInTDst("check for recursive groups in TDST") ); + add( new recursiveGroupsInTSrv("check for recursive groups in TSRV") ); + + add( new emptyGroupsInOSrc( "check for empty groups in OSRC" ) ); + add( new emptyGroupsInODst( "check for empty groups in ODST" ) ); + add( new emptyGroupsInOSrv( "check for empty groups in OSRV" ) ); + + add( new emptyGroupsInTSrc( "check for empty groups in TSRC" ) ); + add( new emptyGroupsInTDst( "check for empty groups in TDST" ) ); + add( new emptyGroupsInTSrv( "check for empty groups in TSRV" ) ); + + add( new ExpandGroups( "expand groups" ) ); + add( new eliminateDuplicatesInOSRC( "eliminate duplicates in OSRC") ); + add( new eliminateDuplicatesInODST( "eliminate duplicates in ODST") ); + add( new eliminateDuplicatesInOSRV( "eliminate duplicates in OSRV") ); + + add( new swapMultiAddressObjectsInOSrc( + " swap MultiAddress -> MultiAddressRunTime in OSrc") ); + add( new swapMultiAddressObjectsInODst( + " swap MultiAddress -> MultiAddressRunTime in ODst") ); + + add( new swapAddressTableObjectsInOSrc( + "AddressTable -> MultiAddressRunTime in OSrc") ); + add( new swapAddressTableObjectsInODst( + "AddressTable -> MultiAddressRunTime in ODst") ); + add( new swapAddressTableObjectsInTDst( + "AddressTable -> MultiAddressRunTime in TDst") ); + + add( new processMultiAddressObjectsInOSrc( + "process MultiAddress objects in OSrc") ); + add( new processMultiAddressObjectsInODst( + "process MultiAddress objects in ODst") ); + add( new processMultiAddressObjectsInTDst( + "process MultiAddress objects in TDst") ); + + add( new splitOnOSrv( "split rule on original service" ) ); + add( new fillTranslatedSrv( "fill translated service" ) ); + + //add( new doOSrcNegation( "process negation in OSrc" ) ); + //add( new doODstNegation( "process negation in ODst" ) ); + //add( new doOSrvNegation( "process negation in OSrv" ) ); + + add( new NATRuleType( "determine NAT rule types" ) ); + add( new splitSDNATRule("split SDNAT rules" ) ); + add( new NATRuleType( "determine NAT rule types" ) ); + add( new VerifyRules( "verify NAT rules" ) ); + //add( new splitODstForSNAT( + // "split rule if objects in ODst belong to different subnets")); + add( new ReplaceFirewallObjectsODst( + "replace references to the firewall in ODst" ) ); + add( new ReplaceFirewallObjectsTSrc( + "replace references to the firewall in TSrc" ) ); + add( new ReplaceObjectsTDst( "replace objects in TDst" ) ); + + if ( manage_virtual_addr ) { + add( new addVirtualAddress("add virtual addresses for NAT rules")); + } + + add( new ExpandMultipleAddresses( "expand multiple addresses" ) ); + add( new checkForUnnumbered("check for unnumbered interfaces" ) ); + add( new checkForDynamicInterfacesOfOtherObjects( + "check for dynamic interfaces of other hosts and firewalls")); + add( new ExpandAddressRanges( "expand address range objects" ) ); + //add( new ConvertToAtomicForTSrc( "convert to atomic rules" ) ); + add( new splitForTSrc( + "split if addresses in TSrc belong to different networks" )); + add( new AssignInterface( "assign rules to interfaces" ) ); + add( new convertInterfaceIdToStr("prepare interface assignments") ); + + add( new createTables( "create tables" ) ); +// add( new PrintTables( "print tables" ) ); + + add( new PrintRule("generate pf code") ); + add( new simplePrintProgress() ); + + runRuleProcessors(); + + + } catch (FWException &ex) { + error(ex.toString()); + exit(1); + } +} + + +void NATCompiler_pf::epilog() +{ +} diff --git a/src/pflib/NATCompiler_pf.h b/src/pflib/NATCompiler_pf.h new file mode 100644 index 000000000..da7ac7a4d --- /dev/null +++ b/src/pflib/NATCompiler_pf.h @@ -0,0 +1,388 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: NATCompiler_pf.h 1372 2007-06-21 03:25:45Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#ifndef __NATCOMPILER_PF_HH +#define __NATCOMPILER_PF_HH + +#include +#include "fwcompiler/NATCompiler.h" + +#include "TableFactory.h" + + +#include + +namespace libfwbuilder { + class Host; + class IPv4; + class IPService; + class ICMPService; + class TCPService; + class UDPService; + class RuleElementOSrc; + class RuleElementODst; + class RuleElementOSrv; + class RuleElementTSrc; + class RuleElementTDst; + class RuleElementTSrv; +}; + +namespace fwcompiler { + + + class NATCompiler_pf : public NATCompiler { + + public: + + + struct redirectRuleInfo { + std::string natrule_label; + libfwbuilder::Address *old_tdst; + libfwbuilder::Address *new_tdst; + libfwbuilder::Service *tsrv; + redirectRuleInfo(const std::string &rl, + libfwbuilder::Address *oa, + libfwbuilder::Address *na, + libfwbuilder::Service *s) + { natrule_label=rl; old_tdst=oa; new_tdst=na; tsrv=s; } + }; + + + protected: + + libfwbuilder::IPv4 *loopback_address; + TableFactory *tables; + + + virtual std::string debugPrintRule(libfwbuilder::Rule *rule); + + + /** + * determines type of the NAT rule + */ + DECLARE_NAT_RULE_PROCESSOR(NATRuleType); + + + /** + * this processor spits SDNAT rule onto SNAT and DNAT rules. + * SDNAT rule translates both source and destination. + */ + DECLARE_NAT_RULE_PROCESSOR(splitSDNATRule); + + /** + * verifies correctness of the NAT rules + */ + DECLARE_NAT_RULE_PROCESSOR(VerifyRules); + + /** + * splits rule with multiple service objects in OSrv * onto + * several rules + */ + DECLARE_NAT_RULE_PROCESSOR(splitOnOSrv); + + /** + * fills translated service with the copy of original srv + */ + DECLARE_NAT_RULE_PROCESSOR(fillTranslatedSrv); + + /** + * split rule if addresses in TSrc are from the networks + * different interfaces of the firewall belong to. + */ + DECLARE_NAT_RULE_PROCESSOR(splitForTSrc); + + /** + * assigns NAT rules to interfaces + */ + friend class AssignInterface; + class AssignInterface : public NATRuleProcessor + { + std::string regular_interfaces; + public: + AssignInterface(const std::string &name) : NATRuleProcessor(name) {} + virtual bool processNext(); + }; + + /** + * calls OSConfigurator to add virtual * address to the + * firewall if it is needed for NAT rule + */ + DECLARE_NAT_RULE_PROCESSOR(addVirtualAddress); + + /** + * replaces references to the firewall in odst with + * references to its external interfaces + */ + DECLARE_NAT_RULE_PROCESSOR(ReplaceFirewallObjectsODst); + + /** + * replaces references to the firewall in tsrc with + * references to its external interfaces + */ + DECLARE_NAT_RULE_PROCESSOR(ReplaceFirewallObjectsTSrc); + + /** + * replaces object in tdst with reference to firewall's + * loopback interface address object + */ + DECLARE_NAT_RULE_PROCESSOR(ReplaceObjectsTDst); + friend class fwcompiler::NATCompiler_pf::ReplaceObjectsTDst; + + /** + * deals with negation in OSrc + */ + DECLARE_NAT_RULE_PROCESSOR(doOSrcNegation); + + /** + * deals with negation in ODst + */ + DECLARE_NAT_RULE_PROCESSOR(doODstNegation); + + /** + * deals with negation in OSrv + */ + DECLARE_NAT_RULE_PROCESSOR(doOSrvNegation); + + /** + * eliminates duplicate objects in SRC. Uses default comparison + * in eliminateDuplicatesInRE which compares IDs + */ + class eliminateDuplicatesInOSRC : public eliminateDuplicatesInRE + { + public: + eliminateDuplicatesInOSRC(const std::string &n) : + eliminateDuplicatesInRE(n,libfwbuilder::RuleElementOSrc::TYPENAME) {} + }; + + /** + * eliminates duplicate objects in DST. Uses default comparison + * in eliminateDuplicatesInRE which compares IDs + */ + class eliminateDuplicatesInODST : public eliminateDuplicatesInRE + { + public: + eliminateDuplicatesInODST(const std::string &n) : + eliminateDuplicatesInRE(n,libfwbuilder::RuleElementODst::TYPENAME) {} + }; + + /** + * eliminates duplicate objects in SRV. Uses default comparison + * in eliminateDuplicatesInRE which compares IDs + */ + class eliminateDuplicatesInOSRV : public eliminateDuplicatesInRE + { + public: + eliminateDuplicatesInOSRV(const std::string &n) : + eliminateDuplicatesInRE(n,libfwbuilder::RuleElementOSrv::TYPENAME) {} + }; + + friend class checkForDynamicInterfacesOfOtherObjects; + class checkForDynamicInterfacesOfOtherObjects : public NATRuleProcessor + { + void findDynamicInterfaces(libfwbuilder::RuleElement *re, + libfwbuilder::Rule *rule); + public: + checkForDynamicInterfacesOfOtherObjects(const std::string &name) : NATRuleProcessor(name) {} + virtual bool processNext(); + }; + + /** + * like standard processor swapMultiAddressObjectsInRE, but + * swaps compile-time address tables. See comment for this + * rule processor in PolicyCompiler_pf + */ + class swapAddressTableObjectsInRE : public PolicyRuleProcessor + { + std::string re_type; + public: + swapAddressTableObjectsInRE(const std::string &name, + const std::string &t) : PolicyRuleProcessor(name) + { re_type=t; } + virtual bool processNext(); + }; + + + class swapAddressTableObjectsInOSrc : public swapAddressTableObjectsInRE + { + public: + swapAddressTableObjectsInOSrc(const std::string &n) : + swapAddressTableObjectsInRE(n, + libfwbuilder::RuleElementOSrc::TYPENAME) {} + }; + + class swapAddressTableObjectsInODst : public swapAddressTableObjectsInRE + { + public: + swapAddressTableObjectsInODst(const std::string &n) : + swapAddressTableObjectsInRE(n, + libfwbuilder::RuleElementODst::TYPENAME) {} + }; + + class swapAddressTableObjectsInTDst : public swapAddressTableObjectsInRE + { + public: + swapAddressTableObjectsInTDst(const std::string &n) : + swapAddressTableObjectsInRE(n, + libfwbuilder::RuleElementTDst::TYPENAME) {} + }; + + /** + * Split rule if MultiAddress object is used in RE to make + * sure it is single object. Also check for the case where + * MultiAddress object is used in combination with negation, + * this case is not supported. NOTE: this restriction can be + * removed if PF adds support for recursively defined tables + * (tables as elements inside tables). + */ + class processMultiAddressObjectsInRE : public NATRuleProcessor + { + std::string re_type; + public: + processMultiAddressObjectsInRE(const std::string &name, + const std::string &t) : NATRuleProcessor(name) + { re_type=t; } + virtual bool processNext(); + }; + + + class processMultiAddressObjectsInOSrc : + public processMultiAddressObjectsInRE + { + public: + processMultiAddressObjectsInOSrc(const std::string &n) : + processMultiAddressObjectsInRE(n, + libfwbuilder::RuleElementOSrc::TYPENAME) {} + }; + + class processMultiAddressObjectsInODst : + public processMultiAddressObjectsInRE + { + public: + processMultiAddressObjectsInODst(const std::string &n) : + processMultiAddressObjectsInRE(n, + libfwbuilder::RuleElementODst::TYPENAME) {} + }; + + class processMultiAddressObjectsInTDst : + public processMultiAddressObjectsInRE + { + public: + processMultiAddressObjectsInTDst(const std::string &n) : + processMultiAddressObjectsInRE(n, + libfwbuilder::RuleElementTDst::TYPENAME) {} + }; + + + /** + * this processor is only called if we are using tables. It + * creates two tables for each rule element Processor + * PrintRule uses these tables later. + */ + class createTables : public NATRuleProcessor + { + void createTablesForRE(libfwbuilder::RuleElement *re, + libfwbuilder::Rule *rule); + public: + createTables(const std::string &name) : NATRuleProcessor(name) {} + virtual bool processNext(); + }; + friend class NATCompiler_pf::createTables; + + /** + * this processor accumulates all rules fed to it by previous + * processors, then prints commands for all tables, + * then feeds all rules to the next processor. Usually this + * processor is in chain right before PrintRules + */ + class PrintTables : public NATRuleProcessor + { + public: + PrintTables(const std::string &n) : NATRuleProcessor(n) {} + virtual bool processNext(); + }; + friend class NATCompiler_pf::PrintTables; + + + + /** + * prints single policy rule, assuming all groups have been + * expanded, so source, destination and service hold exactly + * one object each, and this object is not a group. Negation + * should also have been taken care of before this method is + * called. + */ + class PrintRule : public NATRuleProcessor + { + protected: + bool init; + std::string current_rule_label; + + virtual void _printProtocol(libfwbuilder::Service *srv); + virtual void _printPort(libfwbuilder::Service *srv,bool print_range_end); + + virtual void _printAddrList(libfwbuilder::FWObject *o,bool negflag); + virtual void _printREAddr(libfwbuilder::RuleElement *o); + virtual void _printAddr(libfwbuilder::FWObject *o); + virtual void _printNATRuleOptions(libfwbuilder::Rule *rule); + + virtual void _printNegation(libfwbuilder::RuleElement *o); + + public: + PrintRule(const std::string &name); + virtual bool processNext(); + }; + + + + virtual std::string myPlatformName(); + + + std::list redirect_rules; + + public: + + NATCompiler_pf(libfwbuilder::FWObjectDatabase *_db, + const std::string &fwname, + fwcompiler::OSConfigurator *_oscnf, + TableFactory *tbf = NULL) : NATCompiler(_db,fwname,_oscnf) + { + tables = tbf; + } + + + virtual int prolog(); + virtual void compile(); + virtual void epilog(); + +// virtual string atomicRuleToString(libfwbuilder::Rule *r); + + const std::list& getRedirRulesInfo() { return redirect_rules; } + + }; + + +} + +#endif diff --git a/src/pflib/NATCompiler_pf_negation.cpp b/src/pflib/NATCompiler_pf_negation.cpp new file mode 100644 index 000000000..e78884218 --- /dev/null +++ b/src/pflib/NATCompiler_pf_negation.cpp @@ -0,0 +1,162 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: NATCompiler_pf_negation.cpp 1148 2006-09-09 05:05:03Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "NATCompiler_pf.h" + +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/NAT.h" +#include "fwbuilder/AddressRange.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/Host.h" +#include "fwbuilder/Network.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/Firewall.h" + + +using namespace libfwbuilder; +using namespace fwcompiler; +using namespace std; + + + + +/* + * negation in OSrc : + * + * !A B C RULE_TYPE + *----------------------------------------------- + * + * A B C Continue ("no nat") + * any B C SNAT/DNAT + */ +bool NATCompiler_pf::doOSrcNegation::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementOSrc *osrcrel=rule->getOSrc(); + + if (osrcrel->getNeg()) { + NATRule *r; + + osrcrel->setNeg(false); + + r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setRuleType(NATRule::Continue); + tmp_queue.push_back(r); + + r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + RuleElementOSrc *nsrc=r->getOSrc(); nsrc->clearChildren(); nsrc->setAnyElement(); + tmp_queue.push_back(r); + } else + tmp_queue.push_back(rule); + + return true; +} + +/* + * negation in Odst : + * + * A !B C RULE_TYPE TARGET + *------------------------------------- + * + * A B C Continue ("no nat") + * A any C SNAT/DNAT + */ +bool NATCompiler_pf::doODstNegation::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementODst *odstrel=rule->getODst(); + + if (odstrel->getNeg()) { + NATRule *r; + + odstrel->setNeg(false); + + r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setRuleType(NATRule::Continue); + tmp_queue.push_back(r); + + r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + RuleElementODst *ndst=r->getODst(); ndst->clearChildren(); ndst->setAnyElement(); + tmp_queue.push_back(r); + } else + tmp_queue.push_back(rule); + + return true; +} + + +/* + * negation in OSrv : + * + * A B !C RULE_TYPE TARGET + *------------------------------------- + * + * A B C Continue ("no nat") + * A B any SNAT/DNAT + */ +bool NATCompiler_pf::doOSrvNegation::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementOSrv *osrvrel=rule->getOSrv(); + +/* A B ! C */ + + if (osrvrel->getNeg()) { + NATRule *r; + + osrvrel->setNeg(false); + + r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setRuleType(NATRule::Continue); + tmp_queue.push_back(r); + + r= NATRule::cast(compiler->dbcopy->create(NATRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + RuleElementOSrv *nsrv=r->getOSrv(); nsrv->clearChildren(); nsrv->setAnyElement(); + tmp_queue.push_back(r); + } else + tmp_queue.push_back(rule); + + return true; +} + diff --git a/src/pflib/NATCompiler_pf_writers.cpp b/src/pflib/NATCompiler_pf_writers.cpp new file mode 100644 index 000000000..9db2cd49f --- /dev/null +++ b/src/pflib/NATCompiler_pf_writers.cpp @@ -0,0 +1,381 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: NATCompiler_pf_writers.cpp 1078 2006-06-22 05:04:16Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "NATCompiler_pf.h" + +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/NAT.h" +#include "fwbuilder/AddressRange.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/CustomService.h" +#include "fwbuilder/TagService.h" +#include "fwbuilder/Host.h" +#include "fwbuilder/Network.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/IPv4.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/DNSName.h" + + +#include +#if __GNUC__ > 3 || \ + (__GNUC__ == 3 && (__GNUC_MINOR__ > 2 || (__GNUC_MINOR__ == 2 ) ) ) || \ + _MSC_VER +# include +#else +# include +#endif +#include +#include +#include + +#include + +using namespace libfwbuilder; +using namespace fwcompiler; +using namespace std; + + + +/** + *----------------------------------------------------------------------- + * Methods for printing + */ + + + + +NATCompiler_pf::PrintRule::PrintRule(const std::string &name) : NATRuleProcessor(name) +{ + init=true; +} + +bool NATCompiler_pf::PrintRule::processNext() +{ + NATRule *rule=getNext(); if (rule==NULL) return false; + + tmp_queue.push_back(rule); + + string rl=rule->getLabel(); + if (rl!=current_rule_label) { + + compiler->output << "# " << endl; + compiler->output << "# Rule " << rl << endl; + + string comm=rule->getComment(); + string::size_type c1,c2; + c1=0; + while ( (c2=comm.find('\n',c1))!=string::npos ) { + compiler->output << "# " << comm.substr(c1,c2-c1) << endl; + c1=c2+1; + } + compiler->output << "# " << comm.substr(c1) << endl; + compiler->output << "# " << endl; + + current_rule_label=rl; + } + + + RuleElementOSrc *osrcrel=rule->getOSrc(); + RuleElementODst *odstrel=rule->getODst(); + RuleElementTSrc *tsrcrel=rule->getTSrc(); + RuleElementTDst *tdstrel=rule->getTDst(); + + FWObject *osrc, *odst; + + osrc = osrcrel->front(); + if (osrc && FWReference::cast(osrc)!=NULL) + osrc=FWReference::cast(osrc)->getPointer(); + + odst = odstrel->front(); + if (odst && FWReference::cast(odst)!=NULL) + odst=FWReference::cast(odst)->getPointer(); + + //Address *osrc=compiler->getFirstOSrc(rule); //assert(osrc); + //Address *odst=compiler->getFirstODst(rule); //assert(odst); + Service *osrv=compiler->getFirstOSrv(rule); //assert(osrv); + + Address *tsrc=compiler->getFirstTSrc(rule); //assert(tsrc); + Address *tdst=compiler->getFirstTDst(rule); //assert(tdst); + Service *tsrv=compiler->getFirstTSrv(rule); //assert(tsrv); + + char errstr[1024]; + + if (osrc==NULL || + odst==NULL || + osrv==NULL || + tsrc==NULL || + tdst==NULL || + tsrv==NULL) + { + if (osrc==NULL)sprintf(errstr, "NAT rule %s: osrc==NULL", rule->getLabel().c_str() ); + if (odst==NULL)sprintf(errstr, "NAT rule %s: odst==NULL", rule->getLabel().c_str() ); + if (osrv==NULL)sprintf(errstr, "NAT rule %s: osrv==NULL", rule->getLabel().c_str() ); + + if (tsrc==NULL)sprintf(errstr, "NAT rule %s: tsrc==NULL", rule->getLabel().c_str() ); + if (tdst==NULL)sprintf(errstr, "NAT rule %s: tdst==NULL", rule->getLabel().c_str() ); + if (tsrv==NULL)sprintf(errstr, "NAT rule %s: tsrv==NULL", rule->getLabel().c_str() ); + + compiler->abort(errstr); + } + + string iface_name = rule->getInterfaceStr(); +// Interface *iface = compiler->getCachedFwInterface(iface_id); +// string iface_name= (iface!=NULL) ? iface->getName() : ""; + if (iface_name=="nil") iface_name=""; + + switch ( rule->getRuleType() ) { + case NATRule::Continue: + case NATRule::NONAT: + compiler->output << "no nat "; + if (iface_name!="") compiler->output << "on " << iface_name << " "; + _printProtocol(osrv); + compiler->output << "from "; + _printREAddr( osrcrel ); + compiler->output << "to "; + _printREAddr( odstrel ); + compiler->output << endl; + + compiler->output << "no rdr "; + if (iface_name!="") compiler->output << "on " << iface_name << " "; + _printProtocol(osrv); + compiler->output << "from "; + _printREAddr( osrcrel ); + compiler->output << "to "; + _printREAddr( odstrel ); + compiler->output << endl; + break; + + case NATRule::SNAT: + compiler->output << "nat "; + if (iface_name!="") compiler->output << "on " << iface_name << " "; + _printProtocol(osrv); + compiler->output << "from "; + _printREAddr( osrcrel ); + compiler->output << "to "; + _printREAddr( odstrel ); + _printPort( osrv, true ); + + compiler->output << "-> "; + _printREAddr( tsrcrel ); + _printNATRuleOptions(rule); + + compiler->output << endl; + break; + + case NATRule::DNAT: + case NATRule::LB: + compiler->output << "rdr "; + if (iface_name!="") compiler->output << "on " << iface_name << " "; + _printProtocol(osrv); + compiler->output << "from "; + _printREAddr( osrcrel ); + compiler->output << "to "; + _printREAddr( odstrel ); + _printPort(osrv, true); + compiler->output << "-> "; + _printREAddr( tdstrel ); + _printPort(tsrv, false); + _printNATRuleOptions(rule); + compiler->output << endl; + break; + + case NATRule::Redirect: + compiler->output << "rdr "; + if (iface_name!="") compiler->output << "on " << iface_name << " "; + _printProtocol(osrv); + compiler->output << "from "; + _printREAddr( osrcrel ); + compiler->output << "to "; + _printREAddr( odstrel ); + _printPort(osrv, true); + compiler->output << "-> "; + _printREAddr( tdstrel ); + _printPort(tsrv, false); + _printNATRuleOptions(rule); + compiler->output << endl; + break; + default: break; + } + + return true; +} + +void NATCompiler_pf::PrintRule::_printProtocol(Service *srv) +{ + if ( ! CustomService::isA(srv) && ! TagService::isA(srv)) + { + string s=srv->getProtocolName(); + if (s=="ip") s="{tcp udp icmp}"; + compiler->output << "proto " << s << " "; + } +} + +void NATCompiler_pf::PrintRule::_printPort(Service *srv,bool print_range_end) +{ + if (TCPService::isA(srv) || UDPService::isA(srv)) { + int drs=srv->getInt("dst_range_start"); + int dre=srv->getInt("dst_range_end"); + if (drs!=0) + { + compiler->output << "port " << drs; + if (dre!=0 && dre!=drs) + { + if (print_range_end) + compiler->output << ":" << dre; + else + compiler->output << ":*"; + } + } + compiler->output << " "; + } + if (TagService::isA(srv)) + { + compiler->output << "tagged " << TagService::cast(srv)->getCode() << " "; + } +} + +void NATCompiler_pf::PrintRule::_printNegation(libfwbuilder::RuleElement *rel) +{ + if (rel->getNeg()) + compiler->output << "! "; +} + +void NATCompiler_pf::PrintRule::_printREAddr(RuleElement *rel) +{ + FWObject *o=rel->front(); + if (o && FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + + Address *addr= Address::cast(o); + + _printNegation(rel); + + if (rel->size()==1 && ! o->getBool("pf_table") ) + { + _printAddr( addr ); + } else + { + if (o->getBool("pf_table")) + { + compiler->output << "<" << o->getName() << "> "; + } else + { + _printAddrList(rel,rel->getNeg()); + } + } +} + + +void NATCompiler_pf::PrintRule::_printAddrList(FWObject *grp,bool negflag) +{ + compiler->output << "{ "; + for (FWObject::iterator i=grp->begin(); i!=grp->end(); i++) + { + if (i!=grp->begin()) compiler->output << ", "; + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + Address *s=Address::cast( o ); + assert(s); + _printAddr(s); + } + compiler->output << "} "; +} + +void NATCompiler_pf::PrintRule::_printAddr(FWObject *o) +{ + MultiAddressRunTime *atrt = MultiAddressRunTime::cast(o); + if (atrt!=NULL) + { + if (atrt->getSubstitutionTypeName()==DNSName::TYPENAME) + { + compiler->output << atrt->getSourceName() << " "; + return; + } + // at this time we only support two types of MultiAddress + // objects: AddressTable and DNSName. Both should be converted + // to MultiAddressRunTime at this point. If we get some other + // kind of MultiAddressRunTime object, we do not know what to do + // with it so we stop. + assert(atrt==NULL); + } + + Address *a = Address::cast(o); + IPAddress addr=a->getAddress(); + Netmask mask=a->getNetmask(); + + if (Interface::cast(o)!=NULL) + { + Interface *interface_=Interface::cast(o); + if (interface_->isDyn()) + { + compiler->output << "(" << interface_->getName() << ") "; + return; + } + + mask=Netmask("255.255.255.255"); + } + + if (IPv4::cast(o)!=NULL) { + mask=Netmask("255.255.255.255"); + } + + if (addr.toString()=="0.0.0.0" && mask.toString()=="0.0.0.0") { + compiler->output << "any "; + } else { + compiler->output << addr.toString(); + if (mask.toString()!="255.255.255.255") { + compiler->output << "/" << mask.getLength(); + } + compiler->output << " "; + } +} + +void NATCompiler_pf::PrintRule::_printNATRuleOptions(Rule *rule) +{ + FWOptions *ruleopt =rule->getOptionsObject(); + + if (ruleopt->getBool("pf_bitmask")) compiler->output << "bitmask "; + if (ruleopt->getBool("pf_random")) compiler->output << "random "; + if (ruleopt->getBool("pf_source_hash")) compiler->output << "source-hash "; + if (ruleopt->getBool("pf_round_robin")) compiler->output << "round-robin "; + + if (ruleopt->getBool("pf_static_port")) compiler->output << "static-port "; +} + +bool NATCompiler_pf::PrintTables::processNext() +{ + NATCompiler_pf *pf_comp=dynamic_cast(compiler); + + slurp(); + if (tmp_queue.size()==0) return false; + +/* print tables */ + compiler->output << pf_comp->tables->PrintTables(); + + return true; +} diff --git a/src/pflib/OSConfigurator_freebsd.cpp b/src/pflib/OSConfigurator_freebsd.cpp new file mode 100644 index 000000000..ff2286a68 --- /dev/null +++ b/src/pflib/OSConfigurator_freebsd.cpp @@ -0,0 +1,285 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: OSConfigurator_freebsd.cpp 951 2006-03-06 03:02:58Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include + +#include "OSConfigurator_freebsd.h" + +#include "fwbuilder/Firewall.h" +#include "fwbuilder/FWOptions.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/IPv4.h" + +#include +#include +#include + +using namespace libfwbuilder; +using namespace fwcompiler; +using namespace std; + +string OSConfigurator_freebsd::myPlatformName() { return "FreeBSD"; } + +string OSConfigurator_freebsd::getInterfaceVarName(FWObject *iface) +{ + return string("i_") + iface->getName(); +} + + +void OSConfigurator_freebsd::processFirewallOptions() +{ + FWOptions* options=fw->getOptionsObject(); + string s; + + s=options->getStr("freebsd_ip_forward"); + if (!s.empty()) { + if (s=="1" || s=="On" || s=="on") s="1"; + else s="0"; + + output << "$SYSCTL -w net.inet.ip.forwarding=" << s << endl; + } + + s=options->getStr("freebsd_ip_sourceroute"); + if (!s.empty()) { + if (s!="0" && s!="1") + throw FWException(_("Illegal value for OS parameter freebsd_ip_sourceroute: '")+s+"'"); + + output << "$SYSCTL -w net.inet.ip.sourceroute=" << s << endl; + } + + s=options->getStr("freebsd_ip_redirect"); + if (!s.empty()) { + if (s!="0" && s!="1") + throw FWException(_("Illegal value for OS parameter freebsd_ip_redirect: '")+s+"'"); + + output << "$SYSCTL -w net.inet.ip.redirect=" << s << endl; + } +} + +void OSConfigurator_freebsd::addVirtualAddressForNAT(const Network *addr) +{ +} + +void OSConfigurator_freebsd::addVirtualAddressForNAT(const Address *addr) +{ + if (virtual_addresses.empty() || + find(virtual_addresses.begin(),virtual_addresses.end(),addr->getAddress())==virtual_addresses.end()) + { + IPv4 *iaddr=IPv4::cast( findAddressFor(addr, fw ) ); + if (iaddr!=NULL) + { + Interface *iface=Interface::cast(iaddr->getParent()); + assert(iface!=NULL); + + output << "add_addr " << addr->getAddress().toString() << " " + << iaddr->getNetmask().toString() << " " + << iface->getName() << endl; + + virtual_addresses.push_back(addr->getAddress()); + } else + warning(_("Can not add virtual address ") + addr->getAddress().toString() ); + } +} +#if 0 + if (virtual_addresses.empty() || + find(virtual_addresses.begin(),virtual_addresses.end(),addr->getAddress())==virtual_addresses.end()) { + + FWObjectTypedChildIterator i=fw->findByType(Interface::TYPENAME); + for ( ; i!=i.end(); ++i ) + { + Interface *iface=dynamic_cast(*i); + assert(iface); + + FWObjectTypedChildIterator j=iface->findByType(IPv4::TYPENAME); + for ( ; j!=j.end(); ++j ) + { + IPv4 *iaddr=IPv4::cast(*j); + + IPNetwork n( iaddr->getAddress() , iaddr->getNetmask() ); + if ( n.belongs( addr->getAddress() ) ) { + output << "ifconfig " + << iface->getName() << " " + << addr->getAddress().toString() << " alias" << endl; + virtual_addresses.push_back(addr->getAddress()); + return; + } + } + } + warning(_("Can not add virtual address ") + addr->getAddress().toString() ); + } +#endif + + +int OSConfigurator_freebsd::prolog() +{ + printPathForAllTools("freebsd"); + + processFirewallOptions(); + + configureInterfaces(); + + return 0; +} + +void OSConfigurator_freebsd::printPathForAllTools(const string &os) +{ + FWOptions* options=fw->getOptionsObject(); + + string s, path_ipf, path_ipnat, path_ipfw, path_pfctl, path_sysctl, path_logger; + + s=options->getStr("freebsd_path_ipf"); + if (!s.empty()) path_ipf=s; + else path_ipf=os_data.getPathForTool(os,OSData::IPF); + + s=options->getStr("freebsd_path_ipnat"); + if (!s.empty()) path_ipnat=s; + else path_ipnat=os_data.getPathForTool(os,OSData::IPNAT); + + s=options->getStr("freebsd_path_ipfw"); + if (!s.empty()) path_ipfw=s; + else path_ipfw=os_data.getPathForTool(os,OSData::IPFW); + + s=options->getStr("openbsd_path_pfctl"); + if (!s.empty()) path_pfctl=s; + else path_pfctl=os_data.getPathForTool(os,OSData::PFCTL); + + s=options->getStr("freebsd_path_sysctl"); + if (!s.empty()) path_sysctl=s; + else path_sysctl=os_data.getPathForTool(os,OSData::SYSCTL); + + s=options->getStr("freebsd_path_logger"); + if (!s.empty()) path_logger=s; + else path_logger=os_data.getPathForTool(os,OSData::LOGGER); + + output << endl; + output << "log() {" << endl; + output << " test -x \"$LOGGER\" && $LOGGER -p info \"$1\"" << endl; + output << "}" << endl; + output << endl; + + + + output << "add_addr() {" << endl; + output << " addr=$1" << endl; + output << " nm=$2" << endl; + output << " dev=$3" << endl; + output << " ( ifconfig $dev | egrep -q \"inet +${addr} \" ) || " << endl; + output << " { " << endl; + output << " echo \"$dev: $addr\"" << endl; + output << " ifconfig $dev inet $addr netmask $nm alias" << endl; + output << " } " << endl; + output << "}" << endl; + output << endl; + output << endl; + + if (options->getBool("dynAddr")) + { + output << "getaddr() {" << endl; + output << " intf=$1" << endl; + output << " varname=$2" << endl; + output << " L=`ifconfig $1 | grep 'inet '`" << endl; + output << " if [ -z \"$L\" ]; then" << endl; + output << " L=\"inet 0.0.0.0/32\"" << endl; + output << " fi" << endl; + output << " set $L" << endl; + output << " a=$2" << endl; + output << " eval \"$varname=$a\"" << endl; + output << "}" << endl; + output << endl; + output << endl; + } + + output << "IPF=\"" + path_ipf + "\"\n"; + output << "IPNAT=\"" + path_ipnat + "\"\n"; + output << "IPFW=\"" + path_ipfw + "\"\n"; + output << "PFCTL=\"" + path_pfctl + "\"\n"; + output << "SYSCTL=\"" + path_sysctl + "\"\n"; + output << "LOGGER=\"" + path_logger + "\"\n"; + output << endl; + + if (options->getBool("dynAddr")) + { +/* + * get addresses of dynamic interfaces + */ + FWObjectTypedChildIterator j=fw->findByType(Interface::TYPENAME); + for ( ; j!=j.end(); ++j ) + { + Interface *iface=Interface::cast(*j); + + if ( iface->isDyn() ) + { +/* if interface name ends with '*', this is a wildcard interface. Do + * not get its address at this time. + * + * Do we support wildcard interfaces on *BSD at all ? + */ + if (iface->getName().find("*")==string::npos) + output << "getaddr " + << iface->getName() + << " " + << getInterfaceVarName(iface) + << endl; + } + } + } + + output << endl; +} + +void OSConfigurator_freebsd::configureInterfaces() +{ + FWOptions* options=fw->getOptionsObject(); + if ( options->getBool("configure_interfaces") ) + { + + output << endl; + + FWObjectTypedChildIterator i=fw->findByType(Interface::TYPENAME); + for ( ; i!=i.end(); ++i ) + { + Interface *iface=dynamic_cast(*i); + assert(iface); + + if (!iface->isRegular()) continue; + + FWObjectTypedChildIterator j=iface->findByType(IPv4::TYPENAME); + for ( ; j!=j.end(); ++j ) + { + IPv4 *iaddr=IPv4::cast(*j); + + output << "add_addr " << iaddr->getAddress().toString() << " " + << iaddr->getNetmask().toString() << " " + << iface->getName() << endl; + + virtual_addresses.push_back(iaddr->getAddress()); + } + } + output << endl; + } +} + + + diff --git a/src/pflib/OSConfigurator_freebsd.h b/src/pflib/OSConfigurator_freebsd.h new file mode 100644 index 000000000..0a3379765 --- /dev/null +++ b/src/pflib/OSConfigurator_freebsd.h @@ -0,0 +1,63 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: OSConfigurator_freebsd.h 749 2005-03-30 07:33:18Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#ifndef _OSNETWORKCONFIGURATOR_FREEBSD_HH +#define _OSNETWORKCONFIGURATOR_FREEBSD_HH + +#include "config.h" + +#include "fwcompiler/OSConfigurator.h" + +#include "OSData.h" + +namespace fwcompiler { + + class OSConfigurator_freebsd : public OSConfigurator { + + OSData os_data; + + std::vector virtual_addresses; + + std::string getInterfaceVarName(libfwbuilder::FWObject *iface); + + public: + + virtual ~OSConfigurator_freebsd() {}; + OSConfigurator_freebsd(libfwbuilder::FWObjectDatabase *_db, + const std::string &fwname) : + OSConfigurator(_db,fwname) , os_data() {} + + virtual int prolog(); + + virtual std::string myPlatformName(); + virtual void processFirewallOptions(); + virtual void addVirtualAddressForNAT(const libfwbuilder::Address *addr); + virtual void addVirtualAddressForNAT(const libfwbuilder::Network *nw); + void printPathForAllTools(const std::string &os); + void configureInterfaces(); + }; +}; + +#endif diff --git a/src/pflib/OSConfigurator_macosx.cpp b/src/pflib/OSConfigurator_macosx.cpp new file mode 100644 index 000000000..e80e3b37d --- /dev/null +++ b/src/pflib/OSConfigurator_macosx.cpp @@ -0,0 +1,192 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: OSConfigurator_macosx.cpp 951 2006-03-06 03:02:58Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include + +#include "OSConfigurator_macosx.h" + +#include "fwbuilder/Firewall.h" +#include "fwbuilder/FWOptions.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/IPv4.h" + +#include +#include +#include + +using namespace libfwbuilder; +using namespace fwcompiler; +using namespace std; + +string OSConfigurator_macosx::myPlatformName() { return "Macosx"; } + +void OSConfigurator_macosx::processFirewallOptions() +{ + FWOptions* options=fw->getOptionsObject(); + string s; + + s=options->getStr("macosx_ip_forward"); + if (!s.empty()) { + if (s=="1" || s=="On" || s=="on") s="1"; + else s="0"; + + output << "$SYSCTL -w net.inet.ip.forwarding=" << s << endl; + } + + s=options->getStr("macosx_ip_sourceroute"); + if (!s.empty()) { + if (s!="0" && s!="1") + throw FWException(_("Illegal value for OS parameter macosx_ip_sourceroute: '")+s+"'"); + + output << "$SYSCTL -w net.inet.ip.sourceroute=" << s << endl; + } + + s=options->getStr("macosx_ip_redirect"); + if (!s.empty()) { + if (s!="0" && s!="1") + throw FWException(_("Illegal value for OS parameter macosx_ip_redirect: '")+s+"'"); + + output << "$SYSCTL -w net.inet.ip.redirect=" << s << endl; + } +} + +void OSConfigurator_macosx::addVirtualAddressForNAT(const Network *addr) +{ +} + +void OSConfigurator_macosx::addVirtualAddressForNAT(const Address *addr) +{ + if (virtual_addresses.empty() || + find(virtual_addresses.begin(),virtual_addresses.end(),addr->getAddress())==virtual_addresses.end()) + { + IPv4 *iaddr=IPv4::cast( findAddressFor(addr, fw ) ); + if (iaddr!=NULL) + { + Interface *iface=Interface::cast(iaddr->getParent()); + assert(iface!=NULL); + + output << "add_addr " << addr->getAddress().toString() << " " + << iaddr->getNetmask().toString() << " " + << iface->getName() << endl; + + virtual_addresses.push_back(addr->getAddress()); + } else + warning(_("Can not add virtual address ") + addr->getAddress().toString() ); + } +} + + +int OSConfigurator_macosx::prolog() +{ + printPathForAllTools("macosx"); + + processFirewallOptions(); + + configureInterfaces(); + + return 0; +} + +void OSConfigurator_macosx::printPathForAllTools(const string &os) +{ + FWOptions* options=fw->getOptionsObject(); + + string s, path_ipfw, path_sysctl, path_logger; + + s=options->getStr("macosx_path_ipfw"); + if (!s.empty()) path_ipfw=s; + else path_ipfw=os_data.getPathForTool(os,OSData::IPFW); + + s=options->getStr("macosx_path_sysctl"); + if (!s.empty()) path_sysctl=s; + else path_sysctl=os_data.getPathForTool(os,OSData::SYSCTL); + + s=options->getStr("macosx_path_logger"); + if (!s.empty()) path_logger=s; + else path_logger=os_data.getPathForTool(os,OSData::LOGGER); + + output << endl; + output << "log() {" << endl; + output << " test -x \"$LOGGER\" && $LOGGER -p info \"$1\"" << endl; + output << "}" << endl; + output << endl; + + + output << "add_addr() {" << endl; + output << " addr=$1" << endl; + output << " nm=$2" << endl; + output << " dev=$3" << endl; + output << " ( ifconfig $dev | egrep -q \"inet +${addr} \" ) || " << endl; + output << " { " << endl; + output << " echo \"$dev: $addr\"" << endl; + output << " ifconfig $dev $addr alias" << endl; + output << " } " << endl; + output << "}" << endl; + output << endl; + output << endl; + + output << "IPFW=\"" + path_ipfw + "\"\n"; + output << "SYSCTL=\"" + path_sysctl + "\"\n"; + output << "LOGGER=\"" + path_logger + "\"\n"; + output << endl; + + output << endl; +} + +void OSConfigurator_macosx::configureInterfaces() +{ + FWOptions* options=fw->getOptionsObject(); + if ( options->getBool("configure_interfaces") ) + { + + output << endl; + + FWObjectTypedChildIterator i=fw->findByType(Interface::TYPENAME); + for ( ; i!=i.end(); ++i ) + { + Interface *iface=dynamic_cast(*i); + assert(iface); + + if (!iface->isRegular()) continue; + + FWObjectTypedChildIterator j=iface->findByType(IPv4::TYPENAME); + for ( ; j!=j.end(); ++j ) + { + IPv4 *iaddr=IPv4::cast(*j); + + output << "add_addr " << iaddr->getAddress().toString() << " " + << iaddr->getNetmask().toString() << " " + << iface->getName() << endl; + + virtual_addresses.push_back(iaddr->getAddress()); + } + } + output << endl; + } +} + + + + diff --git a/src/pflib/OSConfigurator_macosx.h b/src/pflib/OSConfigurator_macosx.h new file mode 100644 index 000000000..909c5a9bb --- /dev/null +++ b/src/pflib/OSConfigurator_macosx.h @@ -0,0 +1,61 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: OSConfigurator_macosx.h 282 2004-05-11 06:06:30Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#ifndef _OSNETWORKCONFIGURATOR_MACOSX_HH +#define _OSNETWORKCONFIGURATOR_MACOSX_HH + +#include "config.h" + +#include "fwcompiler/OSConfigurator.h" + +#include "OSData.h" + +namespace fwcompiler { + + class OSConfigurator_macosx : public OSConfigurator { + + OSData os_data; + + std::vector virtual_addresses; + + public: + + virtual ~OSConfigurator_macosx() {}; + OSConfigurator_macosx(libfwbuilder::FWObjectDatabase *_db, + const std::string &fwname) : + OSConfigurator(_db,fwname) , os_data() {} + + virtual int prolog(); + + virtual std::string myPlatformName(); + virtual void processFirewallOptions(); + virtual void addVirtualAddressForNAT(const libfwbuilder::Address *addr); + virtual void addVirtualAddressForNAT(const libfwbuilder::Network *nw); + void printPathForAllTools(const std::string &os); + void configureInterfaces(); + }; +}; + +#endif diff --git a/src/pflib/OSConfigurator_openbsd.cpp b/src/pflib/OSConfigurator_openbsd.cpp new file mode 100644 index 000000000..56785298c --- /dev/null +++ b/src/pflib/OSConfigurator_openbsd.cpp @@ -0,0 +1,229 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: OSConfigurator_openbsd.cpp 951 2006-03-06 03:02:58Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include + +#include "OSConfigurator_openbsd.h" + +#include "fwbuilder/Firewall.h" +#include "fwbuilder/FWOptions.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/IPv4.h" + +#include +#include +#include + +using namespace libfwbuilder; +using namespace fwcompiler; +using namespace std; + +string OSConfigurator_openbsd::myPlatformName() { return "OpenBSD"; } + +void OSConfigurator_openbsd::processFirewallOptions() +{ + FWOptions* options=fw->getOptionsObject(); + string s; + + s=options->getStr("openbsd_ip_directed_broadcast"); + if (!s.empty()) { + if (s!="0" && s!="1") + throw FWException(_("Illegal value for OS parameter openbsd_ip_directed_broadcast: '")+s+"'"); + + output << "$SYSCTL -w net.inet.ip.directed-broadcast=" << s << endl; + } + + s=options->getStr("openbsd_ip_forward"); + if (!s.empty()) { + if (s=="1" || s=="On" || s=="on") s="1"; + else s="0"; + + output << "$SYSCTL -w net.inet.ip.forwarding=" << s << endl; + } + + s=options->getStr("openbsd_ip_sourceroute"); + if (!s.empty()) { + if (s!="0" && s!="1") + throw FWException(_("Illegal value for OS parameter openbsd_ip_sourceroute: '")+s+"'"); + + output << "$SYSCTL -w net.inet.ip.sourceroute=" << s << endl; + } + + s=options->getStr("openbsd_ip_redirect"); + if (!s.empty()) { + if (s!="0" && s!="1") + throw FWException(_("Illegal value for OS parameter openbsd_ip_redirect: '")+s+"'"); + + output << "$SYSCTL -w net.inet.ip.redirect=" << s << endl; + } +} + +void OSConfigurator_openbsd::addVirtualAddressForNAT(const Network *nw) +{ +} + +void OSConfigurator_openbsd::addVirtualAddressForNAT(const Address *addr) +{ + if (virtual_addresses.empty() || + find(virtual_addresses.begin(),virtual_addresses.end(),addr->getAddress())==virtual_addresses.end()) + { + IPv4 *iaddr=IPv4::cast( findAddressFor(addr, fw ) ); + if (iaddr!=NULL) + { + Interface *iface=Interface::cast(iaddr->getParent()); + assert(iface!=NULL); + + output << "add_addr " << addr->getAddress().toString() << " " + << iaddr->getNetmask().toString() << " " + << iface->getName() << endl; + + virtual_addresses.push_back(addr->getAddress()); + } else + warning(_("Can not add virtual address ") + addr->getAddress().toString() ); + } +} + +#if 0 + if (virtual_addresses.empty() || + find(virtual_addresses.begin(),virtual_addresses.end(),addr->getAddress())==virtual_addresses.end()) { + + FWObjectTypedChildIterator i=fw->findByType(Interface::TYPENAME); + for ( ; i!=i.end(); ++i ) { + Interface *iface=dynamic_cast(*i); + assert(iface); + + FWObjectTypedChildIterator j=iface->findByType(IPv4::TYPENAME); + for ( ; j!=j.end(); ++j ) { + IPv4 *iaddr=IPv4::cast(*j); + + IPNetwork n( iaddr->getAddress() , iaddr->getNetmask() ); + if ( n.belongs( addr->getAddress() ) ) { + output << "ifconfig " + << iface->getName() << " " + << addr->getAddress().toString() << " alias" << endl; + virtual_addresses.push_back( addr->getAddress() ); + return; + } + } + } + warning(_("Can not add virtual address ") + addr->getAddress().toString() ); + } +} +#endif + +int OSConfigurator_openbsd::prolog() +{ + printPathForAllTools("openbsd"); + + processFirewallOptions(); + + configureInterfaces(); + + return 0; +} + +void OSConfigurator_openbsd::printPathForAllTools(const string &os) +{ + FWOptions* options=fw->getOptionsObject(); + + string s, path_pfctl, path_sysctl, path_logger; + + s=options->getStr("openbsd_path_pfctl"); + if (!s.empty()) path_pfctl=s; + else path_pfctl=os_data.getPathForTool(os,OSData::PFCTL); + + s=options->getStr("openbsd_path_sysctl"); + if (!s.empty()) path_sysctl=s; + else path_sysctl=os_data.getPathForTool(os,OSData::SYSCTL); + + s=options->getStr("openbsd_path_logger"); + if (!s.empty()) path_logger=s; + else path_logger=os_data.getPathForTool(os,OSData::LOGGER); + + + + output << endl; + output << "log() {" << endl; + output << " test -x \"$LOGGER\" && $LOGGER -p info \"$1\"" << endl; + output << "}" << endl; + output << endl; + + + output << "add_addr() {" << endl; + output << " addr=$1" << endl; + output << " nm=$2" << endl; + output << " dev=$3" << endl; + output << " ( ifconfig $dev | egrep -q \"inet +${addr} \" ) || " << endl; + output << " { " << endl; + output << " echo \"$dev: $addr/$nm\"" << endl; + output << " ifconfig $dev inet $addr netmask $nm alias" << endl; + output << " } " << endl; + output << "}" << endl; + output << endl; + output << endl; + + output << "PFCTL=\"" + path_pfctl + "\"\n"; + output << "SYSCTL=\"" + path_sysctl + "\"\n"; + output << "LOGGER=\"" + path_logger + "\"\n"; + output << endl; + + + output << endl; +} + +void OSConfigurator_openbsd::configureInterfaces() +{ + FWOptions* options=fw->getOptionsObject(); + if ( options->getBool("configure_interfaces") ) + { + output << endl; + + FWObjectTypedChildIterator i=fw->findByType(Interface::TYPENAME); + for ( ; i!=i.end(); ++i ) + { + Interface *iface=dynamic_cast(*i); + assert(iface); + + if (!iface->isRegular()) continue; + + FWObjectTypedChildIterator j=iface->findByType(IPv4::TYPENAME); + for ( ; j!=j.end(); ++j ) + { + IPv4 *iaddr=IPv4::cast(*j); + + output << "add_addr " << iaddr->getAddress().toString() << " " + << iaddr->getNetmask().toString() << " " + << iface->getName() << endl; + + virtual_addresses.push_back(iaddr->getAddress()); + } + } + output << endl; + } +} + + + + diff --git a/src/pflib/OSConfigurator_openbsd.h b/src/pflib/OSConfigurator_openbsd.h new file mode 100644 index 000000000..478bc4226 --- /dev/null +++ b/src/pflib/OSConfigurator_openbsd.h @@ -0,0 +1,61 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: OSConfigurator_openbsd.h 282 2004-05-11 06:06:30Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#ifndef _OSNETWORKCONFIGURATOR_OPENBSD_HH +#define _OSNETWORKCONFIGURATOR_OPENBSD_HH + +#include "config.h" + +#include "fwcompiler/OSConfigurator.h" + +#include "OSData.h" + +namespace fwcompiler { + + class OSConfigurator_openbsd : public OSConfigurator { + + OSData os_data; + + std::vector virtual_addresses; + + public: + + virtual ~OSConfigurator_openbsd() {}; + OSConfigurator_openbsd(libfwbuilder::FWObjectDatabase *_db, + const std::string &fwname) : + OSConfigurator(_db,fwname) , os_data() {} + + virtual int prolog(); + + virtual std::string myPlatformName(); + virtual void processFirewallOptions(); + virtual void addVirtualAddressForNAT(const libfwbuilder::Address *addr); + virtual void addVirtualAddressForNAT(const libfwbuilder::Network *nw); + void printPathForAllTools(const std::string &os); + void configureInterfaces(); + }; +}; + +#endif diff --git a/src/pflib/OSConfigurator_solaris.cpp b/src/pflib/OSConfigurator_solaris.cpp new file mode 100644 index 000000000..89ab9ed41 --- /dev/null +++ b/src/pflib/OSConfigurator_solaris.cpp @@ -0,0 +1,239 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: OSConfigurator_solaris.cpp 959 2006-03-19 06:35:00Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include + +#include "OSConfigurator_solaris.h" + +#include "fwbuilder/Firewall.h" +#include "fwbuilder/FWOptions.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/IPv4.h" + +#include +#include +#include + +using namespace libfwbuilder; +using namespace fwcompiler; +using namespace std; + +string OSConfigurator_solaris::myPlatformName() { return "Solaris"; } + +void OSConfigurator_solaris::processFirewallOptions() +{ + FWOptions* options=fw->getOptionsObject(); + string s; + + s=options->getStr("solaris_ip_forward"); + if (!s.empty()) { + if (s=="1" || s=="On" || s=="on") s="1"; + else s="0"; + + output << "ndd -set /dev/ip ip_forwarding " << s << endl; + } + + s=options->getStr("solaris_ip_ignore_redirect"); + if (!s.empty()) { + if (s!="0" && s!="1") + throw FWException(_("Illegal value for OS parameter solaris_ip_ignore_redirect: '")+s+"'"); + + output << "ndd -set /dev/ip ip_ignore_redirect " << s << endl; + } + + s=options->getStr("solaris_ip_respond_to_echo_broadcast"); + if (!s.empty()) { + if (s!="0" && s!="1") + throw FWException(_("Illegal value for OS parameter solaris_ip_respond_to_echo_broadcast: '")+s+"'"); + + output << "ndd -set /dev/ip ip_respond_to_echo_broadcast " << s << endl; + } + + s=options->getStr("solaris_ip_forward_directed_broadcasts"); + if (!s.empty()) { + if (s!="0" && s!="1") + throw FWException(_("Illegal value for OS parameter solaris_ip_forward_directed_broadcasts: '")+s+"'"); + + output << "ndd -set /dev/ip ip_forward_directed_broadcasts " << s << endl; + } + + s=options->getStr("solaris_ip_forward_src_routed"); + if (!s.empty()) { + if (s!="0" && s!="1") + throw FWException(_("Illegal value for OS parameter solaris_ip_forward_src_routed: '")+s+"'"); + + output << "ndd -set /dev/ip ip_forward_src_routed " << s << endl; + } + +} + +void OSConfigurator_solaris::addVirtualAddressForNAT(const Network *nw) +{ +} + +void OSConfigurator_solaris::addVirtualAddressForNAT(const Address *addr) +{ + if (virtual_addresses.empty() || + find(virtual_addresses.begin(),virtual_addresses.end(),addr->getAddress())==virtual_addresses.end()) + { + IPv4 *iaddr=IPv4::cast( findAddressFor(addr, fw ) ); + if (iaddr!=NULL) + { + Interface *iface=Interface::cast(iaddr->getParent()); + assert(iface!=NULL); + + output << "add_addr " << addr->getAddress().toString() << " " + << iaddr->getNetmask().toString() << " " + << iface->getName() << endl; + + virtual_addresses.push_back(addr->getAddress()); + } else + warning(_("Can not add virtual address ") + addr->getAddress().toString() ); + } +} + +#if 0 + if (virtual_addresses.empty() || + find(virtual_addresses.begin(),virtual_addresses.end(),addr->getAddress())==virtual_addresses.end()) { + + FWObjectTypedChildIterator i=fw->findByType(Interface::TYPENAME); + for ( ; i!=i.end(); ++i ) + { + Interface *iface=dynamic_cast(*i); + assert(iface); + + FWObjectTypedChildIterator j=iface->findByType(IPv4::TYPENAME); + for ( ; j!=j.end(); ++j ) + { + IPv4 *iaddr=IPv4::cast(*j); + + IPNetwork n( iaddr->getAddress() , iaddr->getNetmask() ); + if ( n.belongs( addr->getAddress() ) ) { + output << "ifconfig " + << iface->getName() << " " + << addr->getAddress().toString() << " alias" << endl; + virtual_addresses.push_back(addr->getAddress()); + return; + } + } + } + warning(_("Can not add virtual address ") + addr->getAddress().toString() ); + } +} +#endif + +int OSConfigurator_solaris::prolog() +{ + printPathForAllTools("solaris"); + + processFirewallOptions(); + + configureInterfaces(); + + return 0; +} + +void OSConfigurator_solaris::printPathForAllTools(const string &os) +{ + FWOptions* options=fw->getOptionsObject(); + + string s, path_ipf, path_ipnat, path_logger; + + s=options->getStr("solaris_path_ipf"); + if (!s.empty()) path_ipf=s; + else path_ipf=os_data.getPathForTool(os,OSData::IPF); + + s=options->getStr("solaris_path_ipnat"); + if (!s.empty()) path_ipnat=s; + else path_ipnat=os_data.getPathForTool(os,OSData::IPNAT); + + s=options->getStr("solaris_path_logger"); + if (!s.empty()) path_logger=s; + else path_logger=os_data.getPathForTool(os,OSData::LOGGER); + + output << endl; + output << "log() {" << endl; + output << " test -x \"$LOGGER\" && $LOGGER -p info \"$1\"" << endl; + output << "}" << endl; + output << endl; + + + output << "add_addr() {" << endl; + output << " addr=$1" << endl; + output << " nm=$2" << endl; + output << " dev=$3" << endl; + output << " ( ifconfig $dev | egrep -s \"inet +${addr} \" ) || " << endl; + output << " { " << endl; + output << " echo \"$dev: $addr\"" << endl; + output << " ifconfig $dev $addr alias" << endl; + output << " } " << endl; + output << "}" << endl; + output << endl; + output << endl; + + output << "IPF=\"" + path_ipf + "\"\n"; + output << "IPNAT=\"" + path_ipnat + "\"\n"; + output << "LOGGER=\"" + path_logger + "\"\n"; + output << endl; + + output << endl; +} + +void OSConfigurator_solaris::configureInterfaces() +{ + FWOptions* options=fw->getOptionsObject(); + if ( options->getBool("configure_interfaces") ) + { + + output << endl; + + FWObjectTypedChildIterator i=fw->findByType(Interface::TYPENAME); + for ( ; i!=i.end(); ++i ) + { + Interface *iface=dynamic_cast(*i); + assert(iface); + + if (!iface->isRegular()) continue; + + FWObjectTypedChildIterator j=iface->findByType(IPv4::TYPENAME); + for ( ; j!=j.end(); ++j ) + { + IPv4 *iaddr=IPv4::cast(*j); + + output << "add_addr " << iaddr->getAddress().toString() << " " + << iaddr->getNetmask().toString() << " " + << iface->getName() << endl; + + virtual_addresses.push_back(iaddr->getAddress()); + } + } + output << endl; + } +} + + + + + diff --git a/src/pflib/OSConfigurator_solaris.h b/src/pflib/OSConfigurator_solaris.h new file mode 100644 index 000000000..6e3578073 --- /dev/null +++ b/src/pflib/OSConfigurator_solaris.h @@ -0,0 +1,64 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: OSConfigurator_solaris.h 282 2004-05-11 06:06:30Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#ifndef _OSNETWORKCONFIGURATOR_SOLARIS_HH +#define _OSNETWORKCONFIGURATOR_SOLARIS_HH + +#include "config.h" + +#include "fwcompiler/OSConfigurator.h" +#include "fwbuilder/IPAddress.h" + +#include + +#include "OSData.h" + +namespace fwcompiler { + + class OSConfigurator_solaris : public OSConfigurator { + + OSData os_data; + + std::vector virtual_addresses; + + public: + + virtual ~OSConfigurator_solaris() {}; + OSConfigurator_solaris(libfwbuilder::FWObjectDatabase *_db, + const std::string &fwname) : + OSConfigurator(_db,fwname) , os_data() {} + + virtual int prolog(); + + virtual std::string myPlatformName(); + virtual void processFirewallOptions(); + virtual void addVirtualAddressForNAT(const libfwbuilder::Address *addr); + virtual void addVirtualAddressForNAT(const libfwbuilder::Network *nw); + void printPathForAllTools(const std::string &os); + void configureInterfaces(); + }; +}; + +#endif diff --git a/src/pflib/OSData.cpp b/src/pflib/OSData.cpp new file mode 100644 index 000000000..64d344bb1 --- /dev/null +++ b/src/pflib/OSData.cpp @@ -0,0 +1,48 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: OSData.cpp 282 2004-05-11 06:06:30Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "OSData.h" +#include "fwbuilder/Resources.h" + +using namespace std; +using namespace libfwbuilder; + +OSData::OSData() {} + +string OSData::getPathForTool(const string &os,tools t) +{ + string r="/FWBuilderResources/Target/tools/"; + switch (t) + { + case SYSCTL: r+="path_sysctl"; break; + case PFCTL: r+="path_pfctl"; break; + case IPFW: r+="path_ipfw"; break; + case IPF: r+="path_ipf"; break; + case IPNAT: r+="path_ipnat"; break; + case LOGGER: r+="path_logger"; break; + } + return Resources::os_res[os]->getResourceStr(r); +} + diff --git a/src/pflib/OSData.h b/src/pflib/OSData.h new file mode 100644 index 000000000..df4c77f67 --- /dev/null +++ b/src/pflib/OSData.h @@ -0,0 +1,46 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: OSData.h 282 2004-05-11 06:06:30Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#ifndef __OSDATA_HH +#define __OSDATA_HH + +#include "config.h" + +#include +#include + + +class OSData { + + public: + + OSData(); + + typedef enum { SYSCTL, PFCTL, IPFW, IPF, IPNAT, LOGGER } tools; + + std::string getPathForTool(const std::string &os,tools t); +}; + +#endif diff --git a/src/pflib/PolicyCompiler_ipf.cpp b/src/pflib/PolicyCompiler_ipf.cpp new file mode 100644 index 000000000..095658b45 --- /dev/null +++ b/src/pflib/PolicyCompiler_ipf.cpp @@ -0,0 +1,543 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: PolicyCompiler_ipf.cpp 1303 2007-05-08 02:11:39Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" + +#include "PolicyCompiler_ipf.h" + +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/Policy.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/AddressTable.h" + +#include + +#include + +using namespace libfwbuilder; +using namespace fwcompiler; +using namespace std; + +string PolicyCompiler_ipf::myPlatformName() { return "ipf"; } + +int PolicyCompiler_ipf::prolog() +{ + int n= PolicyCompiler_pf::prolog(); + +// FWObject *grp; + anytcp=TCPService::cast(dbcopy->create(TCPService::TYPENAME) ); + anytcp->setId(ANY_TCP_OBJ_ID); +// grp=dbcopy->getById( dbcopy->std.TCPServicesId , true ); +// assert(grp!=NULL); + dbcopy->add(anytcp,false); + cacheObj(anytcp); // to keep cache consistent + + anyudp=UDPService::cast(dbcopy->create(UDPService::TYPENAME) ); + anyudp->setId(ANY_UDP_OBJ_ID); +// grp=dbcopy->getById( dbcopy->std.UDPServicesId , true ); +// assert(grp!=NULL); + dbcopy->add(anyudp,false); + cacheObj(anyudp); // to keep cache consistent + + anyicmp=ICMPService::cast(dbcopy->create(ICMPService::TYPENAME) ); + anyicmp->setId(ANY_ICMP_OBJ_ID); +// grp=dbcopy->getById( dbcopy->std.ICMPServicesId , true ); +// assert(grp!=NULL); + dbcopy->add(anyicmp,false); + cacheObj(anyicmp); // to keep cache consistent + + + return n; +} + +bool PolicyCompiler_ipf::expandAnyService::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementSrv *srv=rule->getSrv(); + FWOptions *ruleopt =rule->getOptionsObject(); + + if (srv->isAny() && ! ruleopt->getBool("stateless") && rule->getAction()==PolicyRule::Accept) { + + PolicyRule *r= PolicyRule::cast( + compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + RuleElementSrv *nsrv=r->getSrv(); + nsrv->clearChildren(); + nsrv->addRef(compiler->dbcopy->findInIndex(ANY_ICMP_OBJ_ID)); + tmp_queue.push_back(r); + + r= PolicyRule::cast( + compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + nsrv=r->getSrv(); + nsrv->clearChildren(); + nsrv->addRef(compiler->dbcopy->findInIndex(ANY_TCP_OBJ_ID)); + tmp_queue.push_back(r); + + r= PolicyRule::cast( + compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + nsrv=r->getSrv(); + nsrv->clearChildren(); + nsrv->addRef(compiler->dbcopy->findInIndex(ANY_UDP_OBJ_ID)); + tmp_queue.push_back(r); + + r= PolicyRule::cast( + compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + FWOptions *ruleopt =r->getOptionsObject(); + ruleopt->setBool("stateless",true); + tmp_queue.push_back(r); + + } else + tmp_queue.push_back(rule); + + return true; +} + +bool PolicyCompiler_ipf::doSrcNegation::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementSrc *src=rule->getSrc(); + + if (src->getNeg()) { + RuleElementSrc *nsrc; + PolicyRule *r; + FWOptions *ruleopt; + + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setAction(PolicyRule::Continue); + r->setLogging(false); + nsrc=r->getSrc(); + nsrc->setNeg(false); + r->setBool("quick",false); + r->setBool("skip_check_for_duplicates",true); + ruleopt = r->getOptionsObject(); + ruleopt->setBool("stateless", true); + tmp_queue.push_back(r); + + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + nsrc=r->getSrc(); + nsrc->setNeg(false); + nsrc->clearChildren(); + nsrc->setAnyElement(); + r->setBool("quick",true); + r->setBool("skip_check_for_duplicates",true); + tmp_queue.push_back(r); + + return true; + } + tmp_queue.push_back(rule); + return true; +} + +bool PolicyCompiler_ipf::doDstNegation::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementDst *dst=rule->getDst(); + + if (dst->getNeg()) { + RuleElementDst *ndst; + PolicyRule *r; + FWOptions *ruleopt; + + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setAction(PolicyRule::Continue); + r->setLogging(false); + ndst=r->getDst(); + ndst->setNeg(false); + r->setBool("quick",false); + r->setBool("skip_check_for_duplicates",true); + ruleopt = r->getOptionsObject(); + ruleopt->setBool("stateless", true); + tmp_queue.push_back(r); + + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + ndst=r->getDst(); + ndst->setNeg(false); + ndst->clearChildren(); + ndst->setAnyElement(); + r->setBool("quick",true); + r->setBool("skip_check_for_duplicates",true); + tmp_queue.push_back(r); + + return true; + } + tmp_queue.push_back(rule); + return true; +} + +bool PolicyCompiler_ipf::doSrvNegation::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementSrv *srv=rule->getSrv(); + + if (srv->getNeg()) { + throw FWException(_("Negation in Srv is not implemented. Rule: ")+rule->getLabel()); + return false; + } + tmp_queue.push_back(rule); + return true; +} + +void PolicyCompiler_ipf::specialCaseWithDynInterface::dropDynamicInterface(RuleElement *re) +{ + list cl; + for (list::iterator i1=re->begin(); i1!=re->end(); ++i1) + { + FWObject *o = *i1; + FWObject *obj = o; + if (FWReference::cast(o)!=NULL) obj=FWReference::cast(o)->getPointer(); + Interface *ifs =Interface::cast( obj ); + + if (ifs!=NULL && !ifs->isRegular()) continue; + cl.push_back(obj); + } + if (!cl.empty()) + { + re->clearChildren(); + for (list::iterator i1=cl.begin(); i1!=cl.end(); ++i1) + re->addRef( (*i1) ); + } +} + +bool PolicyCompiler_ipf::specialCaseWithDynInterface::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + dropDynamicInterface( rule->getDst() ); + dropDynamicInterface( rule->getSrc() ); + tmp_queue.push_back(rule); + return true; +} + + +PolicyCompiler_ipf::calculateSkip::calculateSkip(const std::string &n) : PolicyRuleProcessor(n) +{ +} + +bool PolicyCompiler_ipf::calculateSkip::processNext() +{ +// PolicyRule *rule; + + slurp(); + if (tmp_queue.size()==0) return false; + +/* + * first, we scan all rules and build a hash that maps attribute + * "skip_label" to rule number. Attribute "skip_label" is set in + * optimize1, after which we could have split some rules, so this + * attrbiute may not be unique. We want to skip to the first rule + * marked with the same skip label if there are few with the same + * label. The simplest way to find the first one with the same label + * is to scan rules in reverse order, that is from the bottom up. + */ + int N=tmp_queue.size()-1; // The last rule number is N + for (deque::reverse_iterator k=tmp_queue.rbegin(); k!=tmp_queue.rend(); ++k) + { + PolicyRule *r = PolicyRule::cast( *k ); + if (!r->getStr("skip_label").empty()) allrules[r->getStr("skip_label")]=N; + r->setInt("rule_num",N); + N--; + } + + for (deque::iterator k=tmp_queue.begin(); k!=tmp_queue.end(); ++k) + { + PolicyRule *r = PolicyRule::cast( *k ); + string rl=r->getLabel(); + int current_position=r->getPosition(); + + if (r->getAction()==PolicyRule::Skip) + { + assert(!r->getStr("skip_to").empty()); + + int to=allrules[r->getStr("skip_to")]; + int n =r->getInt("rule_num"); + r->setInt("no_to_skip",to-n-1); + } +/* Action 'Continue' means we need to jump to the next rule in the + * GUI. We scan rules down from the current one, looking for the first + * rule that corresponds to the next rule in the GUI. + */ + if (r->getAction()==PolicyRule::Continue) + { + r->setAction(PolicyRule::Skip); + r->setBool("quick",false); + + deque::iterator j=k; + ++j; + int n=0; + for ( ; j!=tmp_queue.end(); ++j) + { + PolicyRule *r2 = PolicyRule::cast( *j ); + if (r2->getPosition()!=current_position) break; +/* 'skip' only skips rules with the same setting of 'in' or 'out', + * that is the same direction + */ + if (r2->getDirection()==r->getDirection()) ++n; + } + r->setInt("no_to_skip",n); + } + } + return true; +} + +bool PolicyCompiler_ipf::checkForKeepState::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + tmp_queue.push_back(rule); + + Service *srv=compiler->getFirstSrv(rule); assert(srv); + FWOptions *ruleopt =rule->getOptionsObject(); + + if (! ICMPService::isA(srv) && + ! UDPService::isA(srv) && + ! TCPService::isA(srv) ) ruleopt->setBool("stateless",true); + + return true; +} + +bool PolicyCompiler_ipf::eliminateDuplicateRules::processNext() +{ + PolicyCompiler *pcomp=dynamic_cast(compiler); + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + if ( ! rule->getBool("skip_check_for_duplicates")) + { + for (deque::iterator i=rules_seen_so_far.begin(); i!=rules_seen_so_far.end(); ++i) + { + PolicyRule *r=(*i); + if ( r->getBool("skip_check_for_duplicates") ) continue; + if (r->getInterfaceId()==rule->getInterfaceId() && + r->getAction()==rule->getAction() && + r->getAction()!=PolicyRule::Continue && + r->getAction()!=PolicyRule::Skip && + r->getLogging()==rule->getLogging() && + pcomp->cmpRules(*r,*rule) ) + { +// cout << "---------------------------------------" << endl; +// cout << pcomp->debugPrintRule(r) << endl; +// cout << pcomp->debugPrintRule(rule) << endl; + return true; + } + } + } + tmp_queue.push_back(rule); + rules_seen_so_far.push_back(rule); + + return true; +} + +bool PolicyCompiler_ipf::processMultiAddressObjectsInRE::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + RuleElement *re=RuleElement::cast( rule->getFirstByType(re_type) ); + + for (FWObject::iterator i=re->begin(); i!=re->end(); i++) + { + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + MultiAddressRunTime *atrt = MultiAddressRunTime::cast(o); + if (atrt!=NULL && atrt->getSubstitutionTypeName()==AddressTable::TYPENAME) + compiler->abort("Run-time AddressTable objects are not supported. Rule " + rule->getLabel()); + } + + tmp_queue.push_back(rule); + return true; +} + + +void PolicyCompiler_ipf::compile() +{ + cout << " Compiling policy for " << fw->getName() << " ..." << endl << flush; + + try { + + Compiler::compile(); + + addDefaultPolicyRule(); + bool check_for_recursive_groups=true; + + if ( fw->getOptionsObject()->getBool ("check_shading") ) + { + add( new Begin ("Detecting rule shadowing" ) ); + add( new printTotalNumberOfRules ( ) ); + + add( new ItfNegation( "process negation in Itf" ) ); + add( new InterfacePolicyRules("process interface policy rules and store interface ids") ); + + add( new recursiveGroupsInSrc( "check for recursive groups in SRC" ) ); + add( new recursiveGroupsInDst( "check for recursive groups in DST" ) ); + add( new recursiveGroupsInSrv( "check for recursive groups in SRV" ) ); + check_for_recursive_groups=false; + + add( new ExpandGroups ("expand groups" ) ); + add( new eliminateDuplicatesInSRC ("eliminate duplicates in SRC" ) ); + add( new eliminateDuplicatesInDST ("eliminate duplicates in DST" ) ); + add( new eliminateDuplicatesInSRV ("eliminate duplicates in SRV" ) ); + + add( new swapMultiAddressObjectsInSrc(" swap MultiAddress -> MultiAddressRunTime in Src") ); + add( new swapMultiAddressObjectsInDst(" swap MultiAddress -> MultiAddressRunTime in Dst") ); + + add( new ExpandMultipleAddressesInSRC("expand objects with multiple addresses in SRC" ) ); + add( new ExpandMultipleAddressesInDST("expand objects with multiple addresses in DST" ) ); + add( new ConvertToAtomic ("convert to atomic rules" ) ); + add( new DetectShadowing ("Detect shadowing" ) ); + add( new simplePrintProgress ( ) ); + + runRuleProcessors(); + deleteRuleProcessors(); + } + + + add( new Begin()); + add( new printTotalNumberOfRules() ); +// add( new MACFiltering( "verify for MAC address filtering" ) ); + add( new setQuickFlag( "set 'quick' flag" ) ); + + if (check_for_recursive_groups) + { + add( new recursiveGroupsInSrc( "check for recursive groups in SRC" ) ); + add( new recursiveGroupsInDst( "check for recursive groups in DST" ) ); + add( new recursiveGroupsInSrv( "check for recursive groups in SRV" ) ); + } + + add( new emptyGroupsInSrc( "check for empty groups in SRC" ) ); + add( new emptyGroupsInDst( "check for empty groups in DST" ) ); + add( new emptyGroupsInSrv( "check for empty groups in SRV" ) ); + + add( new ItfNegation( "process negation in Itf" ) ); + add( new InterfacePolicyRules("process interface policy rules and store interface ids") ); + + add( new doSrcNegation( "process negation in Src" ) ); + add( new doDstNegation( "process negation in Dst" ) ); + add( new doSrvNegation( "process negation in Srv" ) ); + add( new ExpandGroups( "expand groups" ) ); + + add( new CheckForTCPEstablished("check for TCPService objects with flag \"established\"") ); + + add( new eliminateDuplicatesInSRC( "eliminate duplicates in SRC" ) ); + add( new eliminateDuplicatesInDST( "eliminate duplicates in DST" ) ); + add( new eliminateDuplicatesInSRV( "eliminate duplicates in SRV" ) ); + + add( new swapMultiAddressObjectsInSrc(" swap MultiAddress -> MultiAddressRunTime in Src") ); + add( new swapMultiAddressObjectsInDst(" swap MultiAddress -> MultiAddressRunTime in Dst") ); + + add( new processMultiAddressObjectsInSrc("process MultiAddress objects in Src") ); + add( new processMultiAddressObjectsInDst("process MultiAddress objects in Dst") ); + + add( new splitIfFirewallInSrc( "split rule if firewall is in Src" ) ); + add( new splitIfFirewallInDst( "split rule if firewall is in Dst" ) ); + add( new fillDirection( "determine directions" ) ); + add( new SplitDirection( "split rules with direction 'both'" ) ); + add( new ExpandMultipleAddresses( "expand objects with multiple addresses" ) ); + add( new checkForDynamicInterfacesOfOtherObjects( "check for dynamic interfaces of other hosts and firewalls" ) ); + add( new MACFiltering( "verify for MAC address filtering" ) ); + add( new checkForUnnumbered( "check for unnumbered interfaces" ) ); + add( new specialCaseWithDynInterface( "check for a special cases with dynamic interface") ); + add( new addressRanges( "expand address range objects" ) ); + add( new splitServices( "split rules with different protocols" ) ); + add( new separateTCPWithFlags( "separate TCP services with flags" ) ); + add( new separateSrcPort("split on TCP and UDP with source ports")); + add( new verifyCustomServices( "verify custom services for this platform" ) ); + add( new SpecialServices( "check for special services" ) ); + add( new expandAnyService( "expand ANY service for stateful rules" ) ); +/* + * it may make sense to do optimization even before we expand groups + * (before ExpandGroups). Need to test this idea. + */ + if ( fw->getOptionsObject()->getBool ("optimize") ) + { + add( new optimizeSrc( "optimization in SRC" ) ); + add( new optimizeDst( "optimization in DST" ) ); + add( new optimizeSrv( "optimization in SRV" ) ); + } + + add( new ConvertToAtomic( "convert to atomic rules" ) ); + add( new checkForZeroAddr( "check for zero addresses" ) ); + + if ( fw->getOptionsObject()->getBool ("eliminate_duplicates") ) + add( new eliminateDuplicateRules( "eliminate duplicate rules" ) ); + + add( new calculateSkip( "calculate argument for skip" ) ); + add( new checkForKeepState( "check for 'keep state'" ) ); + add( new convertInterfaceIdToStr( "prepare interface assignments" ) ); + add( new PrintRule( "generate ipf code" ) ); + add( new simplePrintProgress() ); + + runRuleProcessors(); + + + } catch (FWException &ex) { + error(ex.toString()); + exit(1); + } +} + +string PolicyCompiler_ipf::debugPrintRule(Rule *r) +{ + PolicyRule *rule=PolicyRule::cast(r); +// FWOptions *ruleopt =rule->getOptionsObject(); + + string iface = rule->getInterfaceId(); + if (iface!="") { + Interface *rule_iface = getCachedFwInterface( iface ); + iface=" intf: "+rule_iface->getName(); + } + ostringstream s; + s << PolicyCompiler::debugPrintRule(rule)+" "+iface; + if (r->getBool("skip_check_for_duplicates")) s << "skip_check_for_duplicates "; + if (r->getStr("skip_label")!="") s << "skip_label: " << r->getStr("skip_label") << " "; + if (r->getStr("skip_to")!="") s << "skip_to: " << r->getStr("skip_to") << " "; + if (r->getInt("no_to_skip")!=-1) s << "no_to_skip: " << r->getInt("no_to_skip"); + return s.str(); +} + + +void PolicyCompiler_ipf::epilog() +{ +} diff --git a/src/pflib/PolicyCompiler_ipf.h b/src/pflib/PolicyCompiler_ipf.h new file mode 100644 index 000000000..b7d92fd9f --- /dev/null +++ b/src/pflib/PolicyCompiler_ipf.h @@ -0,0 +1,262 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: PolicyCompiler_ipf.h 1027 2006-05-16 23:00:17Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#ifndef __POLICYCOMPILER_IPF_HH +#define __POLICYCOMPILER_IPF_HH + +#include +#include "PolicyCompiler_pf.h" + + +namespace libfwbuilder { +class TCPService; +class UDPService; +class ICMPService; +}; + + +#define ANY_IP_OBJ_ID "__any_ip_obj__" +#define ANY_ICMP_OBJ_ID "__any_icmp_obj__" +#define ANY_TCP_OBJ_ID "__any_tcp_obj__" +#define ANY_UDP_OBJ_ID "__any_udp_obj__" + +namespace fwcompiler { + + + class PolicyCompiler_ipf : public PolicyCompiler_pf { + + + protected: + + libfwbuilder::TCPService *anytcp; + libfwbuilder::UDPService *anyudp; + libfwbuilder::ICMPService *anyicmp; + + + virtual std::string myPlatformName(); + + /** + * prints rule in some universal format (close to that visible + * to user in the GUI). Used for debugging purposes. This method + * calls PolicyCompiler::_internalPrintPolicyRule and then adds + * chain and target at the end of the printed line + */ + virtual std::string debugPrintRule(libfwbuilder::Rule *rule); + + + /** + * splits rules with service 'any' because ipf can keep state + * only for UDP/TCP/ICMP + */ + DECLARE_POLICY_RULE_PROCESSOR(expandAnyService); + + /** + * deals with negation in Src in policy rules. + * + * this method is different from that in PolicyCompiler_pf + */ + DECLARE_POLICY_RULE_PROCESSOR(doSrcNegation); + + /** + * deals with negation in Dst in policy rules. + * + * this method is different from that in PolicyCompiler_pf + */ + DECLARE_POLICY_RULE_PROCESSOR(doDstNegation); + + /** + * deals with negation in Srv in policy rules. + * + * this method is different from that in PolicyCompiler_pf + */ + DECLARE_POLICY_RULE_PROCESSOR(doSrvNegation); + + /** + * Placeholders for MultiAddressRunTime objects which are not + * supported for ipf + */ + class processMultiAddressObjectsInRE : public PolicyRuleProcessor + { + std::string re_type; + public: + processMultiAddressObjectsInRE(const std::string &name, + const std::string &t) : PolicyRuleProcessor(name) { re_type=t; } + virtual bool processNext(); + }; + + + class processMultiAddressObjectsInSrc : public processMultiAddressObjectsInRE + { + public: + processMultiAddressObjectsInSrc(const std::string &n) : + processMultiAddressObjectsInRE(n,libfwbuilder::RuleElementSrc::TYPENAME) {} + }; + + class processMultiAddressObjectsInDst : public processMultiAddressObjectsInRE + { + public: + processMultiAddressObjectsInDst(const std::string &n) : + processMultiAddressObjectsInRE(n,libfwbuilder::RuleElementDst::TYPENAME) {} + }; + /** + * checks for the following situations: + * + * 1. dynamic interface is in source and direction is inbound + * (drop interface from src since source address is + * undertermined) + * + * 2. dynamic interface is in source, direction is outbound + * (drop interface from the list, this rule has been created + * while processing negation. TODO: this is kludge, need to + * find a better way to process negation if firewall is in rule + * element and it has dynamic interface) + * + * 3. dynamic interface is in destination and direction is + * outbound (drop interface since dest. address is undefined) + * + */ + class specialCaseWithDynInterface : public PolicyRuleProcessor + { + void dropDynamicInterface(libfwbuilder::RuleElement *re); + public: + specialCaseWithDynInterface(const std::string &name) : PolicyRuleProcessor(name) {} + virtual bool processNext(); + }; + + /** + * ipf supports "keep state" only for icmp/udp/tcp + */ + DECLARE_POLICY_RULE_PROCESSOR(checkForKeepState); + + /** + * calculates N for action skip (used in negation) + */ + class calculateSkip : public PolicyRuleProcessor + { + std::map allrules; + public: + calculateSkip(const std::string &n); + virtual bool processNext(); + }; + + /** + * eliminates duplicate atomic rules + */ + class eliminateDuplicateRules : public PolicyRuleProcessor + { + private: + std::deque rules_seen_so_far; + public: + eliminateDuplicateRules(const std::string &n) : PolicyRuleProcessor(n) {} + virtual bool processNext(); + }; + friend class fwcompiler::PolicyCompiler_ipf::eliminateDuplicateRules; + + /** + * optimize rules - instead of generating all possible + * combinations of src,dst and srv we split the rule onto + * three rules, checking on * rule element at a time and using + * 'any' in the other two. This reduces the number of + * generated elementary rules from N^3 to 3N (and reduces + * compile time about the same). + */ + class optimize1 : public PolicyRuleProcessor + { + protected: + void optimizeForRuleElement(libfwbuilder::PolicyRule *rule, + const std::string &re_type); + public: + optimize1(const std::string &name) : PolicyRuleProcessor(name) {} + virtual bool processNext(); + }; + friend class PolicyCompiler_ipf::optimize1; + + class optimizeSrc : public optimize1 + { + public: + optimizeSrc(const std::string &name) : optimize1(name) {} + virtual bool processNext(); + }; + friend class PolicyCompiler_ipf::optimizeSrc; + + class optimizeDst : public optimize1 + { + public: + optimizeDst(const std::string &name) : optimize1(name) {} + virtual bool processNext(); + }; + friend class PolicyCompiler_ipf::optimizeDst; + + class optimizeSrv : public optimize1 + { + public: + optimizeSrv(const std::string &name) : optimize1(name) {} + virtual bool processNext(); + }; + friend class PolicyCompiler_ipf::optimizeSrv; + + + + /** + * prints single policy rule, assuming all groups have been + * expanded, so source, destination and service hold exactly + * one object each, and this object is not a group. + * Negation should also have been taken care of before this + * method is called. + */ + class PrintRule : public PolicyCompiler_pf::PrintRule + { + virtual std::string _printPort(int rs,int re,bool neg=false); + virtual void _printWith(libfwbuilder::Service *srv); + virtual void _printAction(libfwbuilder::PolicyRule *r); + virtual void _printAddr(libfwbuilder::Address *o,bool neg=false); + virtual void _printDstService(libfwbuilder::RuleElementSrv *o); + + public: + PrintRule(const std::string &name); + virtual bool processNext(); + }; + + + + + + public: + + PolicyCompiler_ipf(libfwbuilder::FWObjectDatabase *_db, + const std::string &fwname, + fwcompiler::OSConfigurator *_oscnf) : PolicyCompiler_pf(_db,fwname,_oscnf,NULL) {} + + + virtual int prolog(); + virtual void compile(); + virtual void epilog(); + + }; + + +} + +#endif diff --git a/src/pflib/PolicyCompiler_ipf_optimizer.cpp b/src/pflib/PolicyCompiler_ipf_optimizer.cpp new file mode 100644 index 000000000..8748deb8e --- /dev/null +++ b/src/pflib/PolicyCompiler_ipf_optimizer.cpp @@ -0,0 +1,241 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: PolicyCompiler_ipf_optimizer.cpp 1148 2006-09-09 05:05:03Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "PolicyCompiler_ipf.h" + +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/Policy.h" + +#include + +#include +#include +#include + +#include + +using namespace libfwbuilder; +using namespace fwcompiler; +using namespace std; + + +static map skip_targets; + + +void PolicyCompiler_ipf::optimize1::optimizeForRuleElement(PolicyRule *rule, + const std::string &re_type) +{ + RuleElement *re=RuleElement::cast(rule->getFirstByType(re_type)); + int nre=re->size(); + + PolicyRule *r; + + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + +/* duplicate copies everything, including attribute + * "skip_label". That's why I set skip_label after I create a copy of the rule + */ + + string skip_target=rule->getId(); + while (skip_targets[skip_target]) skip_target+=".A"; + skip_targets[skip_target]=true; + + rule->setStr("skip_label",skip_target); // just need a unique label, and ID is unique + + for (FWObject::iterator i=r->begin(); i!=r->end(); ++i) + { + if (RuleElement::cast(*i)!=NULL && (*i)->getTypeName()!=re_type) + { + RuleElement *nre=RuleElement::cast(*i); + nre->clearChildren(); + nre->setAnyElement(); + } + } + r->setAction(PolicyRule::Skip); + r->setBool("quick",false); + r->setStr("skip_to",skip_target); + tmp_queue.push_back(r); + + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + + RuleElement *re1; + re1=r->getSrc(); re1->clearChildren(); re1->setAnyElement(); + re1=r->getDst(); re1->clearChildren(); re1->setAnyElement(); + re1=r->getSrv(); re1->clearChildren(); re1->setAnyElement(); + r->setAction(PolicyRule::Continue); + r->setStr("skip_label",""); + tmp_queue.push_back(r); + + re->clearChildren(); + re->setAnyElement(); + +/* rules that we have inserted above 'rule' will skip over it. We should + * not drop them when we eliminate duplicates */ + rule->setBool("skip_check_for_duplicates",true); + tmp_queue.push_back(rule); +} + +bool PolicyCompiler_ipf::optimize1::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementSrc *srcrel=rule->getSrc(); + RuleElementDst *dstrel=rule->getDst(); + RuleElementSrv *srvrel=rule->getSrv(); + + int srcn=srcrel->size(); + int dstn=dstrel->size(); + int srvn=srvrel->size(); + +/* if all rule elements have exactly one object, there is nothing to optimize */ + if ( (srcn==1 && dstn==1) || + (dstn==1 && srvn==1) || + (srvn==1 && srcn==1) ) + { + tmp_queue.push_back(rule); + return true; + } + + if (srcn==1) srcn=INT_MAX; + if (dstn==1) dstn=INT_MAX; + if (srvn==1) srvn=INT_MAX; + + string re=RuleElementSrc::TYPENAME; + + if (srcn>2 && srcn<=dstn && dstn<=srvn) + { + optimizeForRuleElement(rule,RuleElementSrc::TYPENAME); + return true; + } + + if (dstn>2 && dstn<=srvn && srvn<=srcn) + { + optimizeForRuleElement(rule,RuleElementDst::TYPENAME); + return true; + } + + if (srvn>2 && srvn<=srcn && srcn<=dstn) + { + optimizeForRuleElement(rule,RuleElementSrv::TYPENAME); + return true; + } + + tmp_queue.push_back(rule); + + return true; +} + + + +bool PolicyCompiler_ipf::optimizeSrc::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementSrc *srcrel=rule->getSrc(); + RuleElementDst *dstrel=rule->getDst(); + RuleElementSrv *srvrel=rule->getSrv(); + + int srcn=srcrel->size(); + int dstn=dstrel->size(); + int srvn=srvrel->size(); + +/* without optimization we generate N^3 rules (n1*n2*n3), with it we + * generate 3*N (n1+n2+n3) rules. If n1+n2+n3 is greater than + * n1*n2*n3, then we should not optimize + */ + if (srcrel->isAny() || (srcn+dstn+srvn>=srcn*dstn*srvn)) + { + tmp_queue.push_back(rule); + return true; + } + + optimizeForRuleElement(rule,RuleElementSrc::TYPENAME); + + return true; +} + +bool PolicyCompiler_ipf::optimizeDst::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementSrc *srcrel=rule->getSrc(); + RuleElementDst *dstrel=rule->getDst(); + RuleElementSrv *srvrel=rule->getSrv(); + + int srcn=srcrel->size(); + int dstn=dstrel->size(); + int srvn=srvrel->size(); + +/* without optimization we generate N^3 rules (n1*n2*n3), with it we + * generate 3*N (n1+n2+n3) rules. If n1+n2+n3 is greater than + * n1*n2*n3, then we should not optimize + */ + if (dstrel->isAny() || (srcn+dstn+srvn>=srcn*dstn*srvn)) + { + tmp_queue.push_back(rule); + return true; + } + + optimizeForRuleElement(rule,RuleElementDst::TYPENAME); + + return true; +} + +bool PolicyCompiler_ipf::optimizeSrv::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementSrc *srcrel=rule->getSrc(); + RuleElementDst *dstrel=rule->getDst(); + RuleElementSrv *srvrel=rule->getSrv(); + + int srcn=srcrel->size(); + int dstn=dstrel->size(); + int srvn=srvrel->size(); + +/* without optimization we generate N^3 rules (n1*n2*n3), with it we + * generate 3*N (n1+n2+n3) rules. If n1+n2+n3 is greater than + * n1*n2*n3, then we should not optimize + */ + if (srvrel->isAny() || (srcn+dstn+srvn>=srcn*dstn*srvn)) + { + tmp_queue.push_back(rule); + return true; + } + + optimizeForRuleElement(rule,RuleElementSrv::TYPENAME); + + return true; +} + diff --git a/src/pflib/PolicyCompiler_ipf_writers.cpp b/src/pflib/PolicyCompiler_ipf_writers.cpp new file mode 100644 index 000000000..a807eaf98 --- /dev/null +++ b/src/pflib/PolicyCompiler_ipf_writers.cpp @@ -0,0 +1,423 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: PolicyCompiler_ipf_writers.cpp 1301 2007-05-08 00:22:58Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "PolicyCompiler_ipf.h" + +#include "fwbuilder/AddressRange.h" +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/Policy.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/IPv4.h" +#include "fwbuilder/FWOptions.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/DNSName.h" + +#include + +#if __GNUC__ > 3 || \ + (__GNUC__ == 3 && (__GNUC_MINOR__ > 2 || (__GNUC_MINOR__ == 2 ) ) ) || \ + _MSC_VER +# include +#else +# include +#endif +#include +#include +#include + +#include + +using namespace libfwbuilder; +using namespace fwcompiler; +using namespace std; + + + + + +/** + *----------------------------------------------------------------------- + * Methods for printing + */ + +string PolicyCompiler_ipf::PrintRule::_printPort(int rs,int re,bool neg) +{ + ostringstream str; + + if (rs<0) rs=0; + if (re<0) re=0; + + if (!neg) { + + if (rs>0 || re>0) + { + if (rs>re && re==0) re=rs; + + if (rs==re) str << "= " << rs; + else + if (rs==0 && re!=0) str << "<= " << re; + else + if (rs!=0 && re==65535) str << ">= " << rs; + else { +/* + * port range. Operator '><' defines range in a such way that boundaries + * are not included. Since we assume it is inclusive, let's move boundaries + */ + if (rs>0 ) rs--; + if (re<65535) re++; + str << rs << " >< " << re; + } + } + } else { + + if (rs>0 || re>0) { + if (rs==re) str << "!= " << rs; + else + if (rs==0 && re!=0) str << "> " << re; + else + if (rs!=0 && re==65535) str << "< " << rs; + else { + str << rs << " <> " << re; + } + } + + } + return str.str(); +} + +void PolicyCompiler_ipf::PrintRule::_printDstService(RuleElementSrv *rel) +{ + FWObject *o=rel->front(); + if (o && FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + + Service *srv= Service::cast(o); + + if (IPService::isA(srv)) return; + else + PolicyCompiler_pf::PrintRule::_printDstService(rel); +} + + +void PolicyCompiler_ipf::PrintRule::_printAction(PolicyRule *rule) +{ +/* + * difference between this and PolicyCompiler_pf::_printAction is as follows: + * + * 1. there is no support for action Scrub in ipf + * 2. there is support for return-icmp-as-dest in ipf + * 3. there is support for action Skip in ipf + */ + + FWOptions *ruleopt =rule->getOptionsObject(); + Service *srv=compiler->getFirstSrv(rule); assert(srv); + + switch (rule->getAction()) { + case PolicyRule::Skip: + compiler->output << "skip " << rule->getInt("no_to_skip") << " "; + break; + + case PolicyRule::Accept: + compiler->output << "pass "; + break; + + case PolicyRule::Accounting: + compiler->output << "count "; + break; + + case PolicyRule::Deny: + compiler->output << "block "; + break; + + case PolicyRule::Reject: + if (rule->getDirection()==PolicyRule::Inbound) + { + if (TCPService::isA(srv)) compiler->output << "block return-rst "; + else { + string aor=ruleopt->getStr("action_on_reject"); + if (aor.empty()) aor=compiler->getCachedFwOpt()->getStr("action_on_reject"); + string code; + if ( aor.find("ICMP")!=string::npos ) { + if (ruleopt->getBool("ipf_return_icmp_as_dest") || + compiler->getCachedFwOpt()->getBool("ipf_return_icmp_as_dest") + ) + code="return-icmp-as-dest "; + else + code="return-icmp "; + if (aor.find("unreachable")!=string::npos ) { + if (aor.find("net")!=string::npos) code=code+"(0) "; + if (aor.find("host")!=string::npos) code=code+"(1) "; + if (aor.find("protocol")!=string::npos) code=code+"(2) "; + if (aor.find("port")!=string::npos) code=code+"(3) "; + } + if (aor.find("prohibited")!=string::npos ) { + if (aor.find("net")!=string::npos) code=code+"(9) "; + if (aor.find("host")!=string::npos) code=code+"(10) "; + } + } else + code="return-icmp "; + + compiler->output << "block " << code; + + } + } else + compiler->output << "block "; + break; + + case PolicyRule::Custom: + compiler->output << ruleopt->getStr("custom_str") << " "; + break; + + default: + compiler->abort( + string("Unknown action ") + rule->getActionAsString() + + " in rule " + rule->getLabel() + ); + +// compiler->output << rule->getActionAsString() << " "; + } +} + +void PolicyCompiler_ipf::PrintRule::_printWith(libfwbuilder::Service *srv) +{ + if (IPService::cast(srv)!=NULL) { + bool with=true; + if ( srv->getBool("short_fragm") ) + { + if (with) { compiler->output << " with"; with=false; } + compiler->output << " short"; + } + + if ( srv->getBool("fragm") ) + { + if (with) { compiler->output << " with"; with=false; } + compiler->output << " frag"; + } + + if (srv->getBool("rr") ) + { + if (with) { compiler->output << " with"; with=false; } + compiler->output << " opt rr"; + } + if (srv->getBool("lsrr") ) + { + if (with) { compiler->output << " with"; with=false; } + compiler->output << " opt lsrr"; + } + if (srv->getBool("ssrr") ) + { + if (with) { compiler->output << " with"; with=false; } + compiler->output << " opt ssrr"; + } + if (srv->getBool("ts") ) + { + if (with) { compiler->output << " with"; with=false; } + compiler->output << " opt ts"; + } + } +} + +/* + * this is almost like the one in PolicyCompiler_pf, except it does + * not print interface name for dynamic interface ('cause ipfilter + * does not support it) + */ +void PolicyCompiler_ipf::PrintRule::_printAddr(Address *o,bool neg) +{ + FWOptions* options=compiler->fw->getOptionsObject(); + + MultiAddressRunTime *atrt = MultiAddressRunTime::cast(o); + if (atrt!=NULL) + { + if (atrt->getSubstitutionTypeName()==DNSName::TYPENAME) + { + compiler->output << atrt->getSourceName() << " "; + return; + } + // at this time we only support two types of MultiAddress + // objects: AddressTable and DNSName. Both should be converted + // to MultiAddressRunTime at this point. If we get some other + // kind of MultiAddressRunTime object, we do not know what to do + // with it so we stop. + assert(atrt==NULL); + } + + IPAddress addr=o->getAddress(); + Netmask mask=o->getNetmask(); + + if (options->getBool("dynAddr") && + Interface::cast(o)!=NULL && Interface::cast(o)->isDyn()) + { + if (neg) compiler->output << "! "; + compiler->output << "(" << o->getName() << ") "; + return; + } + + if (Interface::cast(o)!=NULL) { + mask=Netmask("255.255.255.255"); + } + + if (IPv4::cast(o)!=NULL) { + mask=Netmask("255.255.255.255"); + } + + if (addr.toString()=="0.0.0.0" && mask.toString()=="0.0.0.0") { + compiler->output << "any "; + } else { + if (neg) compiler->output << "! "; + compiler->output << addr.toString(); + if (mask.toString()!="255.255.255.255") { + compiler->output << "/" << mask.getLength(); + } + compiler->output << " "; + } +} + +PolicyCompiler_ipf::PrintRule::PrintRule(const std::string &name) : PolicyCompiler_pf::PrintRule(name) +{ +} + +bool PolicyCompiler_ipf::PrintRule::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + FWOptions *ruleopt =rule->getOptionsObject(); + + tmp_queue.push_back(rule); + + string rl=rule->getLabel(); + if (rl!=current_rule_label) + { + compiler->output << "# " << endl; + compiler->output << "# Rule " << rl << endl; + + string comm=rule->getComment(); + string::size_type c1,c2; + c1=0; + while ( (c2=comm.find('\n',c1))!=string::npos ) { + compiler->output << "# " << comm.substr(c1,c2-c1) << endl; + c1=c2+1; + } + compiler->output << "# " << comm.substr(c1) << endl; + compiler->output << "# " << endl; + + current_rule_label=rl; + } + + + RuleElementSrc *srcrel=rule->getSrc(); + Address *src =compiler->getFirstSrc(rule); assert(src); + RuleElementDst *dstrel=rule->getDst(); + Address *dst =compiler->getFirstDst(rule); assert(dst); + RuleElementSrv *srvrel=rule->getSrv(); + Service *srv =compiler->getFirstSrv(rule); assert(srv); + + _printAction(rule); + _printDirection(rule); + + if (rule->getLogging()) + { + compiler->output << " log "; + + if (compiler->getCachedFwOpt()->getBool("ipf_log_or_block") && + rule->getAction()==PolicyRule::Accept) + compiler->output << " or-block"; + + if (compiler->getCachedFwOpt()->getBool("ipf_log_body")) + compiler->output << " body"; + + string facility=ruleopt->getStr("ipf_log_facility"); + if (facility.empty()) facility = compiler->getCachedFwOpt()->getStr("ipf_log_facility"); + + string level=ruleopt->getStr("log_level"); + if (level.empty()) level=compiler->getCachedFwOpt()->getStr("ipf_log_level"); + if (level!="") + { + compiler->output << " level "; + if (facility!="") compiler->output << facility << "."; + compiler->output << level; + } + compiler->output << " "; + } + + if ( rule->getBool("quick") ) compiler->output << "quick "; + _printInterface(rule); + + _printRouteOptions(rule); + + _printProtocol(srv); + + compiler->output << " from "; + _printSrcAddr(srcrel); + _printSrcService(srvrel); + + compiler->output << " to "; + _printDstAddr(dstrel); + _printDstService(srvrel); + + _printWith(srv); + +/* keeping state does not apply to deny/reject */ + if ( ! ruleopt->getBool("stateless") ) + { +/* + * this is per advice from Darren Reed http://false.net/ipfilter/2002_12/0176.html + * + * Feature req. #653803: Implement flags for TCP keep state + * + * If "keep state" option is given, the rule matches only first packet + * in the session. To make the rule more secure, we also match on TCP + * flags (if TCP service is used) looking for the correct session + * opener packet which should have only SYN flag set and all other + * flags cleared. + * + * However, if option "Accept tcp sessions opened prior to firewall + * restart" is ON, we do not need to add "flags S" here ( bug #725853 ). + * + */ + TCPService *tcpsrv=TCPService::cast(srv); + + if ( ! compiler->getCachedFwOpt()->getBool("accept_new_tcp_with_no_syn") && + tcpsrv!=NULL && !tcpsrv->inspectFlags() ) + compiler->output << "flags S "; + + + compiler->output << "keep state "; + } + +/* keep frags option */ + if ( ruleopt->getBool("ipf_keep_frags") && rule->getAction()==PolicyRule::Accept) + { + compiler->output << "keep frags "; + } + + compiler->output << endl; + + return true; +} + + diff --git a/src/pflib/PolicyCompiler_ipfw.cpp b/src/pflib/PolicyCompiler_ipfw.cpp new file mode 100644 index 000000000..856ac83f4 --- /dev/null +++ b/src/pflib/PolicyCompiler_ipfw.cpp @@ -0,0 +1,654 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: PolicyCompiler_ipfw.cpp 1301 2007-05-08 00:22:58Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" + +#include "PolicyCompiler_ipfw.h" + +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/Policy.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/AddressTable.h" + +#include + +#include + +using namespace libfwbuilder; +using namespace fwcompiler; +using namespace std; + +string PolicyCompiler_ipfw::myPlatformName() { return "ipfw"; } + +int PolicyCompiler_ipfw::prolog() +{ + int n= PolicyCompiler_pf::prolog(); + + anytcp=TCPService::cast(dbcopy->create(TCPService::TYPENAME) ); + anytcp->setId(ANY_TCP_OBJ_ID); + dbcopy->add(anytcp,false); + cacheObj(anytcp); // to keep cache consistent + + anyudp=UDPService::cast(dbcopy->create(UDPService::TYPENAME) ); + anyudp->setId(ANY_UDP_OBJ_ID); + dbcopy->add(anyudp,false); + cacheObj(anyudp); // to keep cache consistent + + anyicmp=ICMPService::cast(dbcopy->create(ICMPService::TYPENAME) ); + anyicmp->setId(ANY_ICMP_OBJ_ID); + dbcopy->add(anyicmp,false); + cacheObj(anyicmp); // to keep cache consistent + + + return n; +} + +/* + * (this is a virtual method). We do not want to expand a firewall + * object that own the policy we are processing, because we can use + * address 'me' in ipfw rules. + */ +void PolicyCompiler_ipfw::_expandAddr(Rule *rule,FWObject *s) +{ + RuleElement *re=RuleElement::cast(s); + + if (re!=NULL && re->size()==1 ) + { + FWObject *o=re->front(); + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + + if (o->getId()==fw->getId()) return; + } + Compiler::_expandAddr(rule,s); +} + +bool PolicyCompiler_ipfw::expandAnyService::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementSrv *srv=rule->getSrv(); + FWOptions *ruleopt =rule->getOptionsObject(); + + if (srv->isAny() && ! ruleopt->getBool("stateless") && rule->getAction()==PolicyRule::Accept) + { + PolicyRule *r= PolicyRule::cast( + compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + RuleElementSrv *nsrv=r->getSrv(); + nsrv->clearChildren(); + nsrv->addRef(compiler->dbcopy->findInIndex(ANY_ICMP_OBJ_ID)); + tmp_queue.push_back(r); + + r= PolicyRule::cast( + compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + nsrv=r->getSrv(); + nsrv->clearChildren(); + nsrv->addRef(compiler->dbcopy->findInIndex(ANY_TCP_OBJ_ID)); + tmp_queue.push_back(r); + + r= PolicyRule::cast( + compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + nsrv=r->getSrv(); + nsrv->clearChildren(); + nsrv->addRef(compiler->dbcopy->findInIndex(ANY_UDP_OBJ_ID)); + tmp_queue.push_back(r); + + r= PolicyRule::cast( + compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + FWOptions *ruleopt =r->getOptionsObject(); + ruleopt->setBool("stateless",true); + tmp_queue.push_back(r); + + } else + tmp_queue.push_back(rule); + + return true; +} + +bool PolicyCompiler_ipfw::SpecialRuleActionsForShadowing::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + if (rule->getAction()==PolicyRule::Pipe || + rule->getAction()==PolicyRule::Custom) + return true; + + tmp_queue.push_back(rule); + return true; +} + +bool PolicyCompiler_ipfw::doSrcNegation::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementSrc *src=rule->getSrc(); + + if (src->getNeg()) { + RuleElementSrc *nsrc; + PolicyRule *r; + FWOptions *ruleopt; + + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setAction(PolicyRule::Continue); + r->setLogging(false); + nsrc=r->getSrc(); + nsrc->setNeg(false); + r->setBool("quick",false); + r->setBool("skip_check_for_duplicates",true); + ruleopt = r->getOptionsObject(); + ruleopt->setBool("stateless", true); + tmp_queue.push_back(r); + + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + nsrc=r->getSrc(); + nsrc->setNeg(false); + nsrc->clearChildren(); + nsrc->setAnyElement(); + r->setBool("quick",true); + r->setBool("skip_check_for_duplicates",true); + tmp_queue.push_back(r); + + return true; + } + tmp_queue.push_back(rule); + return true; +} + +bool PolicyCompiler_ipfw::doDstNegation::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementDst *dst=rule->getDst(); + + if (dst->getNeg()) { + RuleElementDst *ndst; + PolicyRule *r; + FWOptions *ruleopt; + + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setAction(PolicyRule::Continue); + r->setLogging(false); + ndst=r->getDst(); + ndst->setNeg(false); + r->setBool("quick",false); + r->setBool("skip_check_for_duplicates",true); + ruleopt = r->getOptionsObject(); + ruleopt->setBool("stateless", true); + tmp_queue.push_back(r); + + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + ndst=r->getDst(); + ndst->setNeg(false); + ndst->clearChildren(); + ndst->setAnyElement(); + r->setBool("quick",true); + r->setBool("skip_check_for_duplicates",true); + tmp_queue.push_back(r); + + return true; + } + tmp_queue.push_back(rule); + return true; +} + +bool PolicyCompiler_ipfw::doSrvNegation::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementSrv *srv=rule->getSrv(); + + if (srv->getNeg()) { + throw FWException(_("Negation in Srv is not implemented. Rule: ")+rule->getLabel()); + return false; + } + tmp_queue.push_back(rule); + return true; +} + +bool PolicyCompiler_ipfw::separatePortRanges::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + RuleElementSrv *rel= rule->getSrv(); + + if (rel->size()==1) + { + tmp_queue.push_back(rule); + return true; + } + + list services; + bool sawServiceWithPortRange=false; + for (FWObject::iterator i=rel->begin(); i!=rel->end(); i++) + { + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + Service *s=Service::cast(o); + assert(s!=NULL); + + if ( TCPService::isA(s) || UDPService::isA(s) ) + { + unsigned srs=s->getInt("src_range_start"); + unsigned sre=s->getInt("src_range_end"); + unsigned drs=s->getInt("dst_range_start"); + unsigned dre=s->getInt("dst_range_end"); + + if (srs!=0 && sre==0) sre=srs; + if (drs!=0 && dre==0) dre=drs; + + if (srs!=sre || drs!=dre) + { + /* leave the very first service with port range in this rule, + * split others into separate rules + */ + if (sawServiceWithPortRange) + { + PolicyRule *r= PolicyRule::cast( + compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + RuleElementSrv *nsrv=r->getSrv(); + nsrv->clearChildren(); + nsrv->addRef( s ); + tmp_queue.push_back(r); + services.push_back(s); + } + sawServiceWithPortRange=true; + } + } + } + for (list::iterator i=services.begin(); i!=services.end(); i++) + rel->removeRef( (*i) ); + + if (!rel->isAny()) + tmp_queue.push_back(rule); + + return true; +} + +bool PolicyCompiler_ipfw::sortTCPUDPServices::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + RuleElementSrv *rel= rule->getSrv(); + + if (rel->size()==1) + { + tmp_queue.push_back(rule); + return true; + } + + FWObject *o=rel->front(); + if (o && FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + + Service *s1= Service::cast(o); + if ( !UDPService::isA(s1) && !TCPService::isA(s1)) + { + tmp_queue.push_back(rule); + return true; + } + +/* + * we know that at this point if there the original rule had service + * objects with port ranges, there is only one left. We just need to + * move it to the front of the list. + */ + Service *portRangeSvc=NULL; + for (FWObject::iterator i=rel->begin(); i!=rel->end(); i++) + { + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) + o=FWReference::cast(o)->getPointer(); + Service *s=Service::cast(o); + assert(s!=NULL); + + unsigned srs=s->getInt("src_range_start"); + unsigned sre=s->getInt("src_range_end"); + unsigned drs=s->getInt("dst_range_start"); + unsigned dre=s->getInt("dst_range_end"); + + if (srs!=0 && sre==0) sre=srs; + if (drs!=0 && dre==0) dre=drs; + + if (srs!=sre || drs!=dre) + { + portRangeSvc=s; + break; + } + } + + if (portRangeSvc) + { + rel->removeRef(portRangeSvc); + +/* It certainly would have been better if we had FWObject::insertRef() */ + FWReference *oref = portRangeSvc->createRef(); + portRangeSvc->ref(); + + rel->push_front(oref); + oref->setParent(rel); + } + + tmp_queue.push_back(rule); + return true; +} + +void PolicyCompiler_ipfw::specialCaseWithDynInterface::dropDynamicInterface(RuleElement *re) +{ + list cl; + for (list::iterator i1=re->begin(); i1!=re->end(); ++i1) + { + FWObject *o = *i1; + FWObject *obj = o; + if (FWReference::cast(o)!=NULL) obj=FWReference::cast(o)->getPointer(); + Interface *ifs =Interface::cast( obj ); + + if (ifs!=NULL && !ifs->isRegular()) continue; + cl.push_back(obj); + } + if (!cl.empty()) + { + re->clearChildren(); + for (list::iterator i1=cl.begin(); i1!=cl.end(); ++i1) + re->addRef( (*i1) ); + } +} + +bool PolicyCompiler_ipfw::specialCaseWithDynInterface::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + dropDynamicInterface( rule->getDst() ); + dropDynamicInterface( rule->getSrc() ); + tmp_queue.push_back(rule); + return true; +} + + +PolicyCompiler_ipfw::calculateNum::calculateNum(const std::string &n) : PolicyRuleProcessor(n) +{ + ipfw_num=0; +} + +bool PolicyCompiler_ipfw::calculateNum::processNext() +{ + slurp(); + if (tmp_queue.size()==0) return false; + + for (deque::iterator k=tmp_queue.begin(); k!=tmp_queue.end(); ++k) + { + PolicyRule *r = PolicyRule::cast( *k ); + + ipfw_num += 10; + r->setInt("ipfw_num", ipfw_num ); + } + + + for (deque::iterator k=tmp_queue.begin(); k!=tmp_queue.end(); ++k) + { + PolicyRule *r = PolicyRule::cast( *k ); + int current_position=r->getPosition(); + if (r->getAction()==PolicyRule::Continue) + { + r->setAction(PolicyRule::Skip); + + deque::iterator j=k; + ++j; + PolicyRule *r2; + for ( ; j!=tmp_queue.end(); ++j) + { + r2 = PolicyRule::cast( *j ); + + if (r2->getPosition()!=current_position) + { + r->setInt("skip_to", r2->getInt("ipfw_num") ); + break; + } + } + } + } + + return true; +} + +bool PolicyCompiler_ipfw::checkForKeepState::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + tmp_queue.push_back(rule); + + Service *srv=compiler->getFirstSrv(rule); assert(srv); + FWOptions *ruleopt =rule->getOptionsObject(); + + if (! ICMPService::isA(srv) && + ! UDPService::isA(srv) && + ! TCPService::isA(srv) ) ruleopt->setBool("stateless",true); + + return true; +} + +bool PolicyCompiler_ipfw::eliminateDuplicateRules::processNext() +{ + PolicyCompiler *pcomp=dynamic_cast(compiler); + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + if ( ! rule->getBool("skip_check_for_duplicates")) + { + for (deque::iterator i=rules_seen_so_far.begin(); i!=rules_seen_so_far.end(); ++i) + { + PolicyRule *r=(*i); + if ( r->getBool("skip_check_for_duplicates") ) continue; + if (r->getInterfaceId()==rule->getInterfaceId() && + r->getAction()==rule->getAction() && + r->getLogging()==rule->getLogging() && + pcomp->cmpRules(*r,*rule) ) + { +// cout << "---------------------------------------" << endl; +// cout << pcomp->debugPrintRule(r) << endl; +// cout << pcomp->debugPrintRule(rule) << endl; + return true; + } + } + } + tmp_queue.push_back(rule); + rules_seen_so_far.push_back(rule); + + return true; +} + +/* + * this processor is the same as in PolicyCompiler_ipf + */ +bool PolicyCompiler_ipfw::processMultiAddressObjectsInRE::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + RuleElement *re=RuleElement::cast( rule->getFirstByType(re_type) ); + + for (FWObject::iterator i=re->begin(); i!=re->end(); i++) + { + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + MultiAddressRunTime *atrt = MultiAddressRunTime::cast(o); + if (atrt!=NULL && atrt->getSubstitutionTypeName()==AddressTable::TYPENAME) + compiler->abort("Run-time AddressTable objects are not supported. Rule " + rule->getLabel()); + } + + tmp_queue.push_back(rule); + return true; +} + + +void PolicyCompiler_ipfw::compile() +{ + cout << " Compiling policy for " << fw->getName() << " ..." << endl << flush; + + try { + + Compiler::compile(); + + addDefaultPolicyRule(); + bool check_for_recursive_groups=true; + + if ( fw->getOptionsObject()->getBool("check_shading")) + { + add( new Begin("Detecting rule shadowing")); + add( new printTotalNumberOfRules()); + + add( new SpecialRuleActionsForShadowing( "disable rules with action Pipe and Custom") ); + add( new ItfNegation( "process negation in Itf" ) ); + add( new InterfacePolicyRules("process interface policy rules and store interface ids") ); + + add( new recursiveGroupsInSrc("check for recursive grps in SRC")); + add( new recursiveGroupsInDst("check for recursive grps in DST")); + add( new recursiveGroupsInSrv("check for recursive grps in SRV")); + check_for_recursive_groups=false; + + add( new ExpandGroups("expand groups")); + add( new eliminateDuplicatesInSRC("eliminate duplicates in SRC")); + add( new eliminateDuplicatesInDST("eliminate duplicates in DST")); + add( new eliminateDuplicatesInSRV("eliminate duplicates in SRV")); + + add( new swapMultiAddressObjectsInSrc(" swap MultiAddress -> MultiAddressRunTime in Src") ); + add( new swapMultiAddressObjectsInDst(" swap MultiAddress -> MultiAddressRunTime in Dst") ); + + add( new ExpandMultipleAddressesInSRC( + "expand objects with multiple addresses in SRC")); + add( new ExpandMultipleAddressesInDST( + "expand objects with multiple addresses in DST")); + add( new ConvertToAtomic("convert to atomic rules")); + add( new DetectShadowing("Detect shadowing")); + add( new simplePrintProgress()); + + runRuleProcessors(); + deleteRuleProcessors(); + } + + + add( new Begin()); + add( new printTotalNumberOfRules()); + + if (check_for_recursive_groups) + { + add( new recursiveGroupsInSrc("check for recursive grps in SRC")); + add( new recursiveGroupsInDst("check for recursive grps in DST")); + add( new recursiveGroupsInSrv("check for recursive grps in SRV")); + } + + add( new emptyGroupsInSrc("check for empty grps in SRC")); + add( new emptyGroupsInDst("check for empty grps in DST")); + add( new emptyGroupsInSrv("check for empty grps in SRV")); + + add( new ItfNegation( "process negation in Itf" ) ); + add( new InterfacePolicyRules("process interface policy rules and store interface ids") ); + + add( new doSrcNegation("process negation in Src")); + add( new doDstNegation("process negation in Dst")); + add( new doSrvNegation("process negation in Srv")); + add( new ExpandGroups("expand groups")); + add( new eliminateDuplicatesInSRC("eliminate duplicates in SRC")); + add( new eliminateDuplicatesInDST("eliminate duplicates in DST")); + add( new eliminateDuplicatesInSRV("eliminate duplicates in SRV")); + + add( new swapMultiAddressObjectsInSrc(" swap MultiAddress -> MultiAddressRunTime in Src") ); + add( new swapMultiAddressObjectsInDst(" swap MultiAddress -> MultiAddressRunTime in Dst") ); + + add( new processMultiAddressObjectsInSrc("process MultiAddress objects in Src") ); + add( new processMultiAddressObjectsInDst("process MultiAddress objects in Dst") ); + + add( new splitIfFirewallInSrc("split rule if firewall is in Src")); + add( new splitIfFirewallInDst("split rule if firewall is in Dst")); + add( new fillDirection("determine directions")); + add( new ExpandMultipleAddresses( + "expand objects with multiple addresses")); + add( new checkForDynamicInterfacesOfOtherObjects( + "check for dynamic interfaces of other hosts and firewalls")); + add( new MACFiltering("verify for MAC address filtering")); + add( new checkForUnnumbered("check for unnumbered interfaces")); + add( new specialCaseWithDynInterface( + "check for a special cases with dynamic interface")); + add( new addressRanges("expand address range objects")); + add( new splitServices("split rules with different protocols")); + add( new separateTCPWithFlags("separate TCP services with flags")); + add( new separateSrcPort("split on TCP and UDP with source ports")); + add( new separatePortRanges("split services with port ranges")); + add( new sortTCPUDPServices("move port ranges to the front of ports")); + add( new verifyCustomServices( + "verify custom services for this platform")); + add( new SpecialServices("check for special services")); +// add( new expandAnyService("expand ANY service for stateful rules")); + add( new ConvertToAtomicForAddresses( + "convert to atomic rules in SRC and DST")); + add( new checkForZeroAddr("check for zero addresses")); + + add( new calculateNum("calculate rule numbers ")); + add( new convertInterfaceIdToStr("prepare interface assignments")); + add( new PrintRule("generate ipf code")); + add( new simplePrintProgress()); + + runRuleProcessors(); + + + } catch (FWException &ex) { + error(ex.toString()); + exit(1); + } +} + +string PolicyCompiler_ipfw::debugPrintRule(Rule *r) +{ + PolicyRule *rule=PolicyRule::cast(r); + + string iface = rule->getInterfaceId(); + if (iface!="") { + Interface *rule_iface = getCachedFwInterface( iface ); + iface=" intf: "+rule_iface->getName(); + } + string s= PolicyCompiler::debugPrintRule(rule)+" "+iface; + + return s; +} + + +void PolicyCompiler_ipfw::epilog() +{ +} diff --git a/src/pflib/PolicyCompiler_ipfw.h b/src/pflib/PolicyCompiler_ipfw.h new file mode 100644 index 000000000..fae3e8c2b --- /dev/null +++ b/src/pflib/PolicyCompiler_ipfw.h @@ -0,0 +1,249 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: PolicyCompiler_ipfw.h 1177 2006-10-07 06:42:44Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#ifndef __POLICYCOMPILER_IPFW_HH +#define __POLICYCOMPILER_IPFW_HH + +#include +#include "PolicyCompiler_pf.h" + + +namespace libfwbuilder { +class TCPService; +class UDPService; +class ICMPService; +}; + + +#define ANY_IP_OBJ_ID "__any_ip_obj__" +#define ANY_ICMP_OBJ_ID "__any_icmp_obj__" +#define ANY_TCP_OBJ_ID "__any_tcp_obj__" +#define ANY_UDP_OBJ_ID "__any_udp_obj__" + +namespace fwcompiler { + + + class PolicyCompiler_ipfw : public PolicyCompiler_pf { + + + protected: + + libfwbuilder::TCPService *anytcp; + libfwbuilder::UDPService *anyudp; + libfwbuilder::ICMPService *anyicmp; + + + virtual std::string myPlatformName(); + + virtual void _expandAddr(libfwbuilder::Rule *rule,libfwbuilder::FWObject *s); + + /** + * prints rule in some universal format (close to that visible + * to user in the GUI). Used for debugging purposes. This method + * calls PolicyCompiler::_internalPrintPolicyRule and then adds + * chain and target at the end of the printed line + */ + virtual std::string debugPrintRule(libfwbuilder::Rule *rule); + + + /** + * disabled rules with action Pipe, use this processor in the + * run detecting rule shadowing + */ + DECLARE_POLICY_RULE_PROCESSOR(SpecialRuleActionsForShadowing); + + /** + * splits rules with service 'any' because ipf can keep state + * only for UDP/TCP/ICMP + */ + DECLARE_POLICY_RULE_PROCESSOR(expandAnyService); + + /** + * deals with negation in Src in policy rules. + * + * this method is different from that in PolicyCompiler_pf + */ + DECLARE_POLICY_RULE_PROCESSOR(doSrcNegation); + + /** + * deals with negation in Dst in policy rules. + * + * this method is different from that in PolicyCompiler_pf + */ + DECLARE_POLICY_RULE_PROCESSOR(doDstNegation); + + /** + * deals with negation in Srv in policy rules. + * + * this method is different from that in PolicyCompiler_pf + */ + DECLARE_POLICY_RULE_PROCESSOR(doSrvNegation); + + /** + * This processor separates TCP/UDP services with port ranges + * (can only have one port range per group of ports in one + * rule). Call this processor after TCP and UDP services were + * separated by splitServices + */ + DECLARE_POLICY_RULE_PROCESSOR(separatePortRanges); + + /** + * This processor rearranges order of TCP/UDP services to make + * sure those with port ranges come first. Call this processor + * after TCP and UDP services were separated by splitServices + * and port ranges were separated by separatePortRanges + */ + DECLARE_POLICY_RULE_PROCESSOR(sortTCPUDPServices); + + /** + * checks for the following situations: + * + * 1. dynamic interface is in source and direction is inbound + * (drop interface from src since source address is + * undertermined) + * + * 2. dynamic interface is in source, direction is outbound + * (drop interface from the list, this rule has been created + * while processing negation. TODO: this is kludge, need to + * find a better way to process negation if firewall is in rule + * element and it has dynamic interface) + * + * 3. dynamic interface is in destination and direction is + * outbound (drop interface since dest. address is undefined) + * + */ + class specialCaseWithDynInterface : public PolicyRuleProcessor + { + void dropDynamicInterface(libfwbuilder::RuleElement *re); + public: + specialCaseWithDynInterface(const std::string &name) : PolicyRuleProcessor(name) {} + virtual bool processNext(); + }; + + /** + * ipf supports "keep state" only for icmp/udp/tcp + */ + DECLARE_POLICY_RULE_PROCESSOR(checkForKeepState); + + /** + * calculates numbers for rules (ipfw numbers, that is) + */ + class calculateNum : public PolicyRuleProcessor + { + int ipfw_num; + public: + calculateNum(const std::string &n); + virtual bool processNext(); + }; + + /** + * eliminates duplicate atomic rules + */ + class eliminateDuplicateRules : public PolicyRuleProcessor + { + private: + std::deque rules_seen_so_far; + public: + eliminateDuplicateRules(const std::string &n) : PolicyRuleProcessor(n) {} + virtual bool processNext(); + }; + friend class fwcompiler::PolicyCompiler_ipfw::eliminateDuplicateRules; + + /** + * Placeholders for MultiAddressRunTime objects which are not + * supported for ipfw + */ + class processMultiAddressObjectsInRE : public PolicyRuleProcessor + { + std::string re_type; + public: + processMultiAddressObjectsInRE(const std::string &name, + const std::string &t) : PolicyRuleProcessor(name) { re_type=t; } + virtual bool processNext(); + }; + + + class processMultiAddressObjectsInSrc : public processMultiAddressObjectsInRE + { + public: + processMultiAddressObjectsInSrc(const std::string &n) : + processMultiAddressObjectsInRE(n,libfwbuilder::RuleElementSrc::TYPENAME) {} + }; + + class processMultiAddressObjectsInDst : public processMultiAddressObjectsInRE + { + public: + processMultiAddressObjectsInDst(const std::string &n) : + processMultiAddressObjectsInRE(n,libfwbuilder::RuleElementDst::TYPENAME) {} + }; + + /** + * prints single policy rule, assuming all groups have been + * expanded, so source, destination and service hold exactly + * one object each, and this object is not a group. + * Negation should also have been taken care of before this + * method is called. + */ + class PrintRule : public PolicyCompiler_pf::PrintRule + { + virtual std::string _printPort(int rs,int re,bool neg=false); + virtual void _printProtocol(libfwbuilder::Service *srv); + virtual void _printAction(libfwbuilder::PolicyRule *r); + virtual void _printAddr(libfwbuilder::Address *o,bool neg=false); + virtual void _printDirection(libfwbuilder::PolicyRule *r); + virtual void _printInterface(libfwbuilder::PolicyRule *r); + virtual void _printSrcService(libfwbuilder::RuleElementSrv *o); + virtual void _printDstService(libfwbuilder::RuleElementSrv *o); + virtual std::string _printSrcService(libfwbuilder::Service *srv,bool neg=false); + virtual std::string _printDstService(libfwbuilder::Service *srv,bool neg=false); + virtual std::string _printTCPFlags(libfwbuilder::TCPService *srv); + + bool print_once_on_top; + public: + PrintRule(const std::string &name); + virtual bool processNext(); + }; + + + + + + public: + + PolicyCompiler_ipfw(libfwbuilder::FWObjectDatabase *_db, + const std::string &fwname, + fwcompiler::OSConfigurator *_oscnf) : PolicyCompiler_pf(_db,fwname,_oscnf,NULL) {} + + + virtual int prolog(); + virtual void compile(); + virtual void epilog(); + + }; + + +} + +#endif diff --git a/src/pflib/PolicyCompiler_ipfw_writers.cpp b/src/pflib/PolicyCompiler_ipfw_writers.cpp new file mode 100644 index 000000000..acc5ffaec --- /dev/null +++ b/src/pflib/PolicyCompiler_ipfw_writers.cpp @@ -0,0 +1,610 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: PolicyCompiler_ipfw_writers.cpp 1303 2007-05-08 02:11:39Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "definitions.h" + +#include "PolicyCompiler_ipfw.h" +#include "OSData.h" + +#include "fwbuilder/AddressRange.h" +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/CustomService.h" +#include "fwbuilder/Policy.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/IPv4.h" +#include "fwbuilder/FWOptions.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Resources.h" +#include "fwbuilder/DNSName.h" + +#include + +#if __GNUC__ > 3 || \ + (__GNUC__ == 3 && (__GNUC_MINOR__ > 2 || (__GNUC_MINOR__ == 2 ) ) ) || \ + _MSC_VER +# include +#else +# include +#endif +#include +#include +#include + +#include + +using namespace libfwbuilder; +using namespace fwcompiler; +using namespace std; + + + + + +/** + *----------------------------------------------------------------------- + * Methods for printing + */ + +void PolicyCompiler_ipfw::PrintRule::_printProtocol(Service *srv) +{ + + if ( srv->isAny() || srv->getProtocolName()=="ip") + { + compiler->output << "all "; + return; + } + + if ( CustomService::isA(srv) ) + { + string cscode= + CustomService::cast(srv)->getCodeForPlatform( compiler->myPlatformName() ); +/* + * This is really a hack + * + * CustomService object does not imply any specific protocol so + * generally we can't add protocol name if Custom Service object is + * used. However, there is one particular case where we have to + * specify protocol 'tcp' instead of 'all', that is when CustomService + * object is used to add an option 'established' which is only valid + * for tcp protocol. + * + * Perhaps better solution would be to add optional protocol + * specification to the CustomService object + */ + if (cscode=="established") + compiler->output << "tcp "; + else + compiler->output << "all "; + return; + } + + compiler->output << srv->getProtocolName(); + compiler->output << " "; +} + + + +string PolicyCompiler_ipfw::PrintRule::_printPort(int rs,int re,bool neg) +{ + ostringstream str; + + if (rs<0) rs=0; + if (re<0) re=0; + + if (rs>0 || re>0) + { + if (rs==re) str << rs; + else str << rs << "-" << re; + } + return str.str(); +} + +string PolicyCompiler_ipfw::PrintRule::_printTCPFlags(TCPService *srv) +{ + string str; + if (srv->getEstablished()) str = "established"; + else + { + if (srv->inspectFlags()) + { + if (srv->getTCPFlagMask(TCPService::FIN)) + { + if (!srv->getTCPFlag(TCPService::FIN)) str+="!"; + str+="fin"; + } + if (srv->getTCPFlagMask(TCPService::SYN)) + { + str+=","; + if (!srv->getTCPFlag(TCPService::SYN)) str+="!"; + str+="syn"; + } + if (srv->getTCPFlagMask(TCPService::RST)) + { + str+=","; + if (!srv->getTCPFlag(TCPService::RST)) str+="!"; + str+="rst"; + } + if (srv->getTCPFlagMask(TCPService::PSH)) + { + str+=","; + if (!srv->getTCPFlag(TCPService::PSH)) str+="!"; + str+="psh"; + } + if (srv->getTCPFlagMask(TCPService::ACK)) + { + str+=","; + if (!srv->getTCPFlag(TCPService::ACK)) str+="!"; + str+="ack"; + } + if (srv->getTCPFlagMask(TCPService::URG)) + { + str+=","; + if (!srv->getTCPFlag(TCPService::URG)) str+="!"; + str+="urg"; + } + if (!str.empty()) + return "tcpflags " + str; + } + } + return str; +} + + +void PolicyCompiler_ipfw::PrintRule::_printAction(PolicyRule *rule) +{ + FWOptions *ruleopt =rule->getOptionsObject(); + Service *srv=compiler->getFirstSrv(rule); assert(srv); + + switch (rule->getAction()) { + case PolicyRule::Skip: + compiler->output << "skipto " << rule->getInt("skip_to") << " "; + break; + + case PolicyRule::Accounting: + compiler->output << "count "; + break; + + case PolicyRule::Accept: + compiler->output << "permit "; + break; + + case PolicyRule::Deny: + compiler->output << "drop "; + break; + + case PolicyRule::Reject: + if (TCPService::isA(srv)) compiler->output << "reset "; + else + { + string aor=ruleopt->getStr("action_on_reject"); + if (aor.empty()) aor=compiler->getCachedFwOpt()->getStr("action_on_reject"); + string code; + if ( aor.find("ICMP")!=string::npos ) + { + code=""; + if (aor.find("unreachable")!=string::npos ) { + if (aor.find("net")!=string::npos) code="net "; + if (aor.find("host")!=string::npos) code="host "; + if (aor.find("protocol")!=string::npos) code="protocol "; + if (aor.find("port")!=string::npos) code="port "; + } + if (aor.find("prohibited")!=string::npos ) { + if (aor.find("net")!=string::npos) code="net-prohib "; + if (aor.find("host")!=string::npos) code="host-prohib "; + } + } else + code="host-prohib "; + + compiler->output << "unreach " << code; + } + break; + + case PolicyRule::Classify: + { + int portNum = ruleopt->getInt("ipfw_pipe_queue_num"); + switch (ruleopt->getInt("ipfw_classify_method")) + { + case DUMMYNETPIPE: + compiler->output << "pipe " << portNum << " "; + break; + case DUMMYNETQUEUE: + compiler->output << "queue " << portNum << " "; + break; + default: + compiler->output << "divert " << portNum << " "; + break; + } + } + break; + + case PolicyRule::Pipe: + compiler->output << "divert " << ruleopt->getInt("ipfw_pipe_port_num") << " "; + break; + + case PolicyRule::Custom: + compiler->output << ruleopt->getStr("custom_str") << " "; + break; + + default: + compiler->abort( + string("Unknown action ") + rule->getActionAsString() + + " in rule " + rule->getLabel() + ); + +// compiler->output << rule->getActionAsString() << " "; + } +} + +/* + * this is almost like the one in PolicyCompiler_pf, except it does + * not print interface name for dynamic interface ('cause ipfilter + * does not support it) + */ +void PolicyCompiler_ipfw::PrintRule::_printAddr(Address *o,bool neg) +{ + if (o->getId()==compiler->fw->getId()) + { + compiler->output << "me "; + return; + } + + MultiAddressRunTime *atrt = MultiAddressRunTime::cast(o); + if (atrt!=NULL) + { + if (atrt->getSubstitutionTypeName()==DNSName::TYPENAME) + { + compiler->output << atrt->getSourceName() << " "; + return; + } + // at this time we only support two types of MultiAddress + // objects: AddressTable and DNSName. Both should be converted + // to MultiAddressRunTime at this point. If we get some other + // kind of MultiAddressRunTime object, we do not know what to do + // with it so we stop. + assert(atrt==NULL); + } + + IPAddress addr=o->getAddress(); + Netmask mask=o->getNetmask(); + + if (Interface::cast(o)!=NULL) mask=Netmask("255.255.255.255"); + if (IPv4::cast(o)!=NULL) mask=Netmask("255.255.255.255"); + + if (addr.toString()=="0.0.0.0" && mask.toString()=="0.0.0.0") + { + compiler->output << "any "; + } else + { + if (neg) compiler->output << "not "; + compiler->output << addr.toString(); + if (mask.toString()!="255.255.255.255") { + compiler->output << "/" << mask.getLength(); + } + compiler->output << " "; + } +} + +void PolicyCompiler_ipfw::PrintRule::_printDirection(libfwbuilder::PolicyRule *r) +{ + switch (r->getDirection()) + { + case PolicyRule::Outbound: compiler->output << "out "; break; + case PolicyRule::Inbound: compiler->output << "in "; break; + case PolicyRule::Both: compiler->output << " "; break; + default: break; + } +} + +void PolicyCompiler_ipfw::PrintRule::_printInterface(PolicyRule *r) +{ + string iface_id = r->getInterfaceId(); + if (iface_id!="") + { + switch (r->getDirection()) + { + case PolicyRule::Outbound: compiler->output << "xmit "; break; + case PolicyRule::Inbound: compiler->output << "recv "; break; + case PolicyRule::Both: compiler->output << "via "; break; + default: break; + } + + Interface *rule_iface = compiler->getCachedFwInterface( iface_id ); + compiler->output << rule_iface->getName() << " "; + } +} + +void PolicyCompiler_ipfw::PrintRule::_printSrcService(RuleElementSrv *rel) +{ +/* I do not want to use rel->getFirst because it traverses the tree to + * find the object. I'd rather use a cached copy in the compiler + */ + FWObject *o=rel->front(); + if (o && FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + + Service *s1= Service::cast(o); + + + bool tcpudp= (UDPService::isA(s1) || TCPService::isA(s1)); + + bool first=true; + for (list::iterator i1=rel->begin(); i1!=rel->end(); ++i1) + { + FWObject *o = *i1; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + Service *srv=Service::cast(o); + + if (tcpudp) + { + string str=_printSrcService( srv , false ); + if (! str.empty() ) + { + if (!first) compiler->output << ","; + compiler->output << str; + } + } + } +} + +string PolicyCompiler_ipfw::PrintRule::_printSrcService(Service *srv,bool neg) +{ + string res; + + if (TCPService::isA(srv) || UDPService::isA(srv)) + { + int rs=srv->getInt("src_range_start"); + int re=srv->getInt("src_range_end"); + string s1= _printPort(rs,re,neg); + if (!s1.empty()) res= s1; + } + return res; +} + +void PolicyCompiler_ipfw::PrintRule::_printDstService(RuleElementSrv *rel) +{ + FWObject *o=rel->front(); + if (o && FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + + Service *s1= Service::cast(o); + + + bool tcpudp= (UDPService::isA(s1) || TCPService::isA(s1)); + bool icmp = ICMPService::isA(s1); + bool custom= CustomService::isA(s1); + + if (icmp) compiler->output << "icmptypes "; + + bool first=true; + for (list::iterator i1=rel->begin(); i1!=rel->end(); ++i1) + { + FWObject *o = *i1; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + Service *srv=Service::cast(o); + + if (tcpudp || custom) + { + string str=_printDstService( srv , false ); + if (! str.empty() ) + { + if (!first) compiler->output << ","; + compiler->output << str; + } + } + if (icmp) + { + if (!first) compiler->output << ","; + compiler->output << srv->getStr("type"); + } + first=false; + } + + compiler->output << " "; +/* + * TCP services with flags were separated in rule processor separateTCPWithFlags. + * We can count on objects like that being a single object in the SRV. + */ + if (TCPService::isA(s1)) + { + string str=_printTCPFlags(TCPService::cast(s1)); + if (!str.empty()) compiler->output << str << " "; + } + if (IPService::isA(s1) && (s1->getBool("fragm") || s1->getBool("short_fragm")) ) + compiler->output << " frag "; +} + +string PolicyCompiler_ipfw::PrintRule::_printDstService(Service *srv,bool neg) +{ + string res; + + if (TCPService::isA(srv) || UDPService::isA(srv)) + { + int rs=srv->getInt("dst_range_start"); + int re=srv->getInt("dst_range_end"); + string s1=_printPort(rs,re,neg);; + if (!s1.empty()) res= s1; + } + + if (ICMPService::isA(srv) && srv->getInt("type")!=-1) + { + res= "icmptypes " + srv->getStr("type") + " "; + } + + if (CustomService::isA(srv)) + { + res= CustomService::cast(srv)->getCodeForPlatform( compiler->myPlatformName() ) + " "; + } + + return res; +} + + + +PolicyCompiler_ipfw::PrintRule::PrintRule(const std::string &name) : PolicyCompiler_pf::PrintRule(name) +{ + print_once_on_top=true; +} + +bool PolicyCompiler_ipfw::PrintRule::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + FWOptions* options = compiler->fw->getOptionsObject(); + FWOptions *ruleopt = rule->getOptionsObject(); + + tmp_queue.push_back(rule); + +/* need to quote $IPFW because it may contain space, this happens on + * Mac more often than anywhere else */ + + string quote = "\""; + + if (print_once_on_top) + { + compiler->output << quote << "$IPFW" << quote + << " set disable 1" << endl; + + /* checking if option add_check_state_rule is absent to + * provide for backward compatibility: before 2.1.6 build 131 + * this option did not exist and compiler alawys generated + * check-state rule + */ + if (options->getStr("add_check_state_rule").empty() || + options->getBool("add_check_state_rule")) + compiler->output << quote << "$IPFW" << quote + << " add 1 set 1 check-state ip from any to any" << endl; + + compiler->output << endl; + + print_once_on_top=false; + } + + + string rl=rule->getLabel(); + if (rl!=current_rule_label) + { + compiler->output << "# " << endl; + compiler->output << "# Rule " << rl << endl; + + string comm=rule->getComment(); + string::size_type c1,c2; + c1=0; + while ( (c2=comm.find('\n',c1))!=string::npos ) + { + compiler->output << "# " << comm.substr(c1,c2-c1) << endl; + c1=c2+1; + } + compiler->output << "# " << comm.substr(c1) << endl; + compiler->output << "# " << endl; + + current_rule_label=rl; + } + + + RuleElementSrc *srcrel=rule->getSrc(); + Address *src =compiler->getFirstSrc(rule); assert(src); + RuleElementDst *dstrel=rule->getDst(); + Address *dst =compiler->getFirstDst(rule); assert(dst); + RuleElementSrv *srvrel=rule->getSrv(); + Service *srv =compiler->getFirstSrv(rule); assert(srv); + + if (rule->getBool("needs_established")) + { +// ipfw_num is assigned with a step of 10, so it is safe to substract 1 here + compiler->output << quote << "$IPFW" << quote + << " add " << rule->getInt("ipfw_num")-1 << " set 1 "; + + _printAction(rule); + + if (rule->getLogging()) compiler->output << " log "; + + _printProtocol(srv); + + compiler->output << " from "; + _printSrcAddr(srcrel); + _printSrcService(srvrel); + + compiler->output << " to "; + _printDstAddr(dstrel); + _printDstService(srvrel); + + _printDirection(rule); + _printInterface(rule); + + compiler->output << "established "; + + compiler->output << endl; + } + + compiler->output << quote << "$IPFW" << quote + << " add " << rule->getInt("ipfw_num") << " set 1 "; + + _printAction(rule); + + if (rule->getLogging()) compiler->output << " log "; + + _printProtocol(srv); + + compiler->output << " from "; + _printSrcAddr(srcrel); + _printSrcService(srvrel); + + compiler->output << " to "; + _printDstAddr(dstrel); + _printDstService(srvrel); + + _printDirection(rule); + _printInterface(rule); + +/* keeping state does not apply to deny/reject */ + if ( ! ruleopt->getBool("stateless")) + { +/* + * this is per advice from Darren Reed http://false.net/ipfilter/2002_12/0176.html + * + * Feature req. #653803: Implement flags for TCP keep state + * + * In ipfw the equivalend is + * + * setup TCP packets only. Match packets that have the SYN bit + * set but no ACK bit. + * + */ + TCPService *tcpsrv=TCPService::cast(srv); + if ( tcpsrv!=NULL && + !tcpsrv->inspectFlags() && + !tcpsrv->getEstablished() ) compiler->output << "setup "; + + compiler->output << "keep-state "; + } + + compiler->output << " || exit 1" << endl; + compiler->output << endl; + + return true; +} + + diff --git a/src/pflib/PolicyCompiler_pf.cpp b/src/pflib/PolicyCompiler_pf.cpp new file mode 100644 index 000000000..0f2408c79 --- /dev/null +++ b/src/pflib/PolicyCompiler_pf.cpp @@ -0,0 +1,1082 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: PolicyCompiler_pf.cpp 1451 2007-12-09 23:53:22Z vk $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" + +#include "PolicyCompiler_pf.h" +#include "NATCompiler_pf.h" + +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/Policy.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Network.h" +#include "fwbuilder/AddressTable.h" + +#include +#include +#include +#include + +#include + +using namespace libfwbuilder; +using namespace fwcompiler; +using namespace std; + +string PolicyCompiler_pf::myPlatformName() { return "pf"; } + +int PolicyCompiler_pf::prolog() +{ + if (fw->getStr("platform")!=myPlatformName() ) + abort(_("Unsupported platform ") + fw->getStr("platform") ); + + list l2=fw->getByType(Interface::TYPENAME); + for (list::iterator i=l2.begin(); i!=l2.end(); ++i) + { + Interface *iface=dynamic_cast(*i); + assert(iface); + + if ( iface->isDyn()) + { + list l3=iface->getByType(IPv4::TYPENAME); + if (l3.size()>0) + { + char errstr[256]; + sprintf(errstr, + _("Dynamic interface %s should not have an IP address object attached to it. This IP address object will be ignored."), + iface->getName().c_str() ); + warning( errstr ); + for (list::iterator j=l3.begin(); j!=l3.end(); ++j) + iface->remove(*j); + } + } + } + + if (tables) + { + tables->init(dbcopy); + tables->setRuleSetName(getRuleSetName()); + } + + return PolicyCompiler::prolog(); +} + + +bool PolicyCompiler_pf::swapAddressTableObjectsInRE::processNext() +{ + PolicyCompiler_pf *pf_comp=dynamic_cast(compiler); + Rule *rule=prev_processor->getNextRule(); if (rule==NULL) return false; + + RuleElement *re=RuleElement::cast( rule->getFirstByType(re_type) ); + + list cl; + for (FWObject::iterator i=re->begin(); i!=re->end(); i++) + { + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + /* + * All addressTable objects will be run-time here because we + * switch them in preprocessor. The difference is: if address + * table was originally run-time, at this point it will have + * no children, however if it was compile-time originally, it + * will have children objects. That is how we distinguish + * them in this rule processor. Here we only deal with + * AddressTable objects that originally used to be + * compile-time because we need to create tables for them. + */ + if (AddressTable::cast(o)!=NULL && + AddressTable::cast(o)->isRunTime() && + o->size() > 0) + cl.push_back(MultiAddress::cast(o)); + } + + if (!cl.empty()) + { + for (list::iterator i=cl.begin(); i!=cl.end(); i++) + { + MultiAddress *atbl = *i; + + string mart_id = atbl->getId()+"_runtime"; + MultiAddressRunTime *mart = + MultiAddressRunTime::cast(compiler->dbcopy->findInIndex(mart_id)); + if (mart==NULL) + { + mart = new MultiAddressRunTime(atbl); + + // need to ensure stable ID for the runtime object, so + // that when the same object is replaced in different + // rulesets by different compiler passes, chosen + // runtime object has the same ID and is identified as + // the same by the compiler. + + mart->setId( mart_id ); + compiler->dbcopy->addToIndex(mart); + compiler->dbcopy->add(mart); + +// register this object as a table + string tblname = atbl->getName(); + string tblID = tblname + "_addressTableObject"; + pf_comp->tables->registerTable(tblname,tblID,atbl); + } + + re->removeRef(atbl); + re->addRef(mart); + } + tmp_queue.push_back(rule); + return true; + } + + tmp_queue.push_back(rule); + return true; +} + + +bool PolicyCompiler_pf::processMultiAddressObjectsInRE::processNext() +{ + PolicyCompiler_pf *pf_comp=dynamic_cast(compiler); + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElement *re=RuleElement::cast( rule->getFirstByType(re_type) ); + bool neg = re->getNeg(); + + list maddr_runtime; + + try + { + for (FWObject::iterator i=re->begin(); i!=re->end(); i++) + { + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + + MultiAddressRunTime *atrt = MultiAddressRunTime::cast(o); + if (atrt!=NULL && + atrt->getSubstitutionTypeName()==AddressTable::TYPENAME) + { + if (re->size()>1 && neg) + { + string err = "AddressTable object can not be used with negation in combination with other objects in the same rule element. Rule "; + err += rule->getLabel(); + compiler->abort(err); + } + string tblname = o->getName(); + string tblID = tblname + "_addressTableObject"; + pf_comp->tables->registerTable(tblname,tblID,o); + o->setBool("pf_table",true); + maddr_runtime.push_back(o); + } + } + } catch(FWException &ex) // TableFactory::registerTable throws exception + { + string err; + err = "Can not process MultiAddress object in rule " + + rule->getLabel() + " : " + ex.toString(); + compiler->abort( err ); + } + + if (!maddr_runtime.empty()) + { + RuleElement *nre; + + for (FWObject::iterator i=maddr_runtime.begin(); i!=maddr_runtime.end(); i++) + { + PolicyRule *r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + nre=RuleElement::cast( r->getFirstByType(re_type) ); + nre->clearChildren(); + nre->addRef( *i ); + tmp_queue.push_back(r); + } + + for (FWObject::iterator i=maddr_runtime.begin(); i!=maddr_runtime.end(); i++) + re->removeRef( *i ); + + if (!re->isAny()) + tmp_queue.push_back(rule); + + return true; + } + + tmp_queue.push_back(rule); + return true; +} + + +bool PolicyCompiler_pf::splitIfFirewallInSrc::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + PolicyRule *r; + RuleElementSrc *src=rule->getSrc(); assert(src); + + if (src->size()==1 || src->getNeg()) + { + tmp_queue.push_back(rule); + return true; + } + FWObject *fw_in_src=NULL; + vector cl; + for (FWObject::iterator i1=src->begin(); i1!=src->end(); ++i1) { + + FWObject *o = *i1; + FWObject *obj = NULL; +// if (FWReference::cast(o)!=NULL) obj=FWReference::cast(o)->getPointer(); + if (FWReference::cast(o)!=NULL) obj=FWReference::cast(o)->getPointer(); + if (obj==NULL) throw FWException(_("Broken Src object in rule: ")+rule->getLabel()); + + if (obj->getId()==compiler->getFwId()) { + fw_in_src=o; // can not remove right now because remove invalidates iterator + + RuleElementSrc *nsrc; + + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + nsrc=r->getSrc(); + nsrc->clearChildren(); + nsrc->setAnyElement(); + nsrc->addRef( compiler->fw ); + tmp_queue.push_back(r); + } + } + if (fw_in_src!=NULL) src->remove( fw_in_src ); + + tmp_queue.push_back(rule); + return true; +} + + +bool PolicyCompiler_pf::splitIfFirewallInDst::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + PolicyRule *r; + RuleElementDst *dst=rule->getDst(); assert(dst); + + if (dst->size()==1 || dst->getNeg()) + { + tmp_queue.push_back(rule); + return true; + } + + FWObject *fw_in_dst=NULL; + vector cl; + for (FWObject::iterator i1=dst->begin(); i1!=dst->end(); ++i1) + { + FWObject *o = *i1; + FWObject *obj = NULL; +// if (FWReference::cast(o)!=NULL) obj=FWReference::cast(o)->getPointer(); + if (FWReference::cast(o)!=NULL) obj=FWReference::cast(o)->getPointer(); + if (obj==NULL) throw FWException(_("Broken Dst in rule: ")+rule->getLabel()); + + if (obj->getId()==compiler->getFwId()) { + fw_in_dst=o; // can not remove right now because remove invalidates iterator + + RuleElementDst *ndst; + + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + ndst=r->getDst(); + ndst->clearChildren(); + ndst->setAnyElement(); + ndst->addRef( compiler->fw ); + tmp_queue.push_back(r); + } + } + if (fw_in_dst!=NULL) dst->remove( fw_in_dst ); + + tmp_queue.push_back(rule); + return true; +} + + + +bool PolicyCompiler_pf::fillDirection::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + tmp_queue.push_back(rule); + +/* after interface policies have been merged with global policy, rules + * with empty direction have disappeared. In fact, xslt + * transformation 2.1.1->2.1.2 leaves empty direction in the old + * global policy rules, but the GUI promptly fixes that replacing it + * with "Both" whenever user opens the policy. So, we have to handle + * both the case of an empty direction and direction "Both". To + * preserve old semantics as accurately as possible, I check for a + * combination of empty interface and direction "Both", this is what + * old global rules become after user opens the combined policy in the + * GUI. In fact, it does not matter what direction is set in the rule + * as long as it misses interface - we need to determine direction + * again anyway. + */ + + if (rule->getDirectionAsString()=="" || rule->getInterfaceId()=="" ) + { + if ( compiler->getCachedFwOpt()->getBool("pass_all_out") ) + { + if (!rule->isFallback()) rule->setDirection( PolicyRule::Inbound ); + } else + { + rule->setDirection( PolicyRule::Both ); + + Address *src=compiler->getFirstSrc(rule); + Address *dst=compiler->getFirstDst(rule); + string fwid=compiler->getFwId(); + + if (src==NULL || dst==NULL) + compiler->abort("Broken src or dst in rule "+rule->getLabel()); + + if (!src->isAny() && !dst->isAny() && + compiler->complexMatch(compiler->fw, src) && + compiler->complexMatch(compiler->fw, dst)) return true; + + if (!src->isAny() && compiler->complexMatch(compiler->fw, src)) + rule->setDirection( PolicyRule::Outbound ); + if (!dst->isAny() && compiler->complexMatch(compiler->fw, dst)) + rule->setDirection( PolicyRule::Inbound ); + } + } + return true; +} + +/* + * add default and auto-generated rules, except when we process rules + * in a branch (i.e. anchor, since this is PF) + */ +void PolicyCompiler_pf::addDefaultPolicyRule() +{ + if (!getRuleSetName().empty()) return; + + if ( getCachedFwOpt()->getBool("mgmt_ssh") && + !getCachedFwOpt()->getStr("mgmt_addr").empty() ) + { + PolicyRule *r; + TCPService *ssh=TCPService::cast(dbcopy->create(TCPService::TYPENAME) ); + ssh->setInt("dst_range_start",22); + ssh->setInt("dst_range_end",22); + ssh->setName("mgmt_ssh"); + dbcopy->add(ssh,false); + cacheObj(ssh); // to keep cache consistent + + string mgmt_addr = getCachedFwOpt()->getStr("mgmt_addr"); + IPAddress addr; + Netmask netmask(32); + try + { + addr = IPAddress(mgmt_addr); + string::size_type sep = mgmt_addr.find("/"); + if (sep != string::npos) + { + addr = IPAddress(mgmt_addr.substr(0,sep)); + string nm = mgmt_addr.substr(sep+1); + int o1,o2,o3,o4; + if(sscanf(nm.c_str(), "%3u.%3u.%3u.%3u", &o1, &o2, &o3, &o4)==4) + { + netmask = Netmask(nm); + } else + { + sscanf(nm.c_str(),"%u",&o1); + netmask = Netmask(o1); + } + } + } catch(FWException &ex) + { + char errstr[256]; + sprintf(errstr, + _("Invalid address for the backup ssh access: '%s'"), + mgmt_addr.c_str() ); + abort( errstr ); + } + + Network *mgmt_workstation = Network::cast(dbcopy->create(Network::TYPENAME)); + mgmt_workstation->setName("mgmt_addr"); + mgmt_workstation->setAddress( addr ); + mgmt_workstation->setNetmask( netmask ); +// IPv4 *mgmt_workstation = IPv4::cast(dbcopy->create(IPv4::TYPENAME)); +// mgmt_workstation->setAddress( getCachedFwOpt()->getStr("mgmt_addr") ); + dbcopy->add(mgmt_workstation,false); + cacheObj(mgmt_workstation); // to keep cache consistent + + + r= PolicyRule::cast(dbcopy->create(PolicyRule::TYPENAME) ); + temp_ruleset->add(r); + r->setAction(PolicyRule::Accept); + r->setLogging(false); + r->setDirection(PolicyRule::Inbound); + r->setPosition(9999); + r->setComment(" backup ssh access rule "); + r->setHidden(true); + r->setFallback(false); + r->setLabel("backup ssh access rule"); + r->setBool("needs_established",true); // supported in ipfw + + RuleElement *src=r->getSrc(); + assert(src!=NULL); + src->addRef(mgmt_workstation); + + RuleElement *dst=r->getDst(); + assert(dst!=NULL); + dst->addRef(fw); + + RuleElement *srv=r->getSrv(); + assert(srv!=NULL); + srv->addRef(ssh); + + combined_ruleset->push_front(r); + } + + if ( getCachedFwOpt()->getBool("pass_all_out") ) + { + PolicyRule *r; + FWOptions *ruleopt; + + r= PolicyRule::cast(dbcopy->create(PolicyRule::TYPENAME) ); + temp_ruleset->add(r); + r->setAction(PolicyRule::Accept); + r->setLogging( getCachedFwOpt()->getBool("fallback_log") ); + r->setDirection(PolicyRule::Outbound); + r->setPosition(10000); + r->setComment(" fallback rule "); + r->setHidden(true); + r->setFallback(true); + r->setLabel("fallback rule"); + combined_ruleset->push_back(r); + + r= PolicyRule::cast(dbcopy->create(PolicyRule::TYPENAME) ); + temp_ruleset->add(r); + r->setAction(PolicyRule::Deny); + r->setLogging( getCachedFwOpt()->getBool("fallback_log") ); + r->setDirection(PolicyRule::Inbound); + r->setPosition(10001); + r->setComment(" fallback rule "); + r->setHidden(true); + r->setFallback(true); + r->setLabel("fallback rule"); + ruleopt = r->getOptionsObject(); + ruleopt->setBool("stateless", true); + combined_ruleset->push_back(r); + } else + { + PolicyRule *r= PolicyRule::cast(dbcopy->create(PolicyRule::TYPENAME) ); + FWOptions *ruleopt; + + temp_ruleset->add(r); + r->setAction(PolicyRule::Deny); + r->setLogging( getCachedFwOpt()->getBool("fallback_log") ); + r->setDirection(PolicyRule::Both); + r->setPosition(10000); + r->setComment(" fallback rule "); + r->setHidden(true); + r->setFallback(true); + r->setLabel("fallback rule"); + ruleopt = r->getOptionsObject(); + ruleopt->setBool("stateless", true); + combined_ruleset->push_back(r); + } +} + +bool PolicyCompiler_pf::SpecialServices::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + tmp_queue.push_back(rule); + + RuleElementSrv *srv=rule->getSrv(); + + for (FWObject::iterator i=srv->begin(); i!=srv->end(); i++) { + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + Service *s=Service::cast( o ); + assert(s); + + if (IPService::cast(s)!=NULL && rule->getAction()==PolicyRule::Accept) { + if (s->getBool("rr") || + s->getBool("ssrr") || + s->getBool("ts") ) + rule->setBool("allow_opts",true); + } + } + return true; +} + +bool PolicyCompiler_pf::SplitDirection::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + if (rule->getDirection()==PolicyRule::Both) { + PolicyRule *r= PolicyRule::cast( + compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setDirection(PolicyRule::Inbound); + tmp_queue.push_back(r); + + r= PolicyRule::cast( + compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setDirection(PolicyRule::Outbound); + tmp_queue.push_back(r); + + } else + tmp_queue.push_back(rule); + + return true; +} + +bool PolicyCompiler_pf::ProcessScrubOption::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + FWOptions *ruleopt =rule->getOptionsObject(); + + + if ( ruleopt->getBool("scrub") ) { + + if (rule->getAction()!=PolicyRule::Accept) { + ruleopt->setBool("scrub",false); + tmp_queue.push_back(rule); + + throw FWException(_("Rule option 'scrub' is supported only for rules with action 'Accept'. Rule: ")+rule->getLabel()); + + return true; + } + + PolicyRule *r= PolicyRule::cast( + compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setAction(PolicyRule::Scrub); + r->getOptionsObject()->setBool("scrub",false); + tmp_queue.push_back(r); + + ruleopt->setBool("scrub",false); + tmp_queue.push_back(rule); + + return true; + } + +/* if service is ip_fragment and action is 'Deny', then add rule with scrub */ + + Service *srv=compiler->getFirstSrv(rule); assert(srv); + + if ( (srv->getBool("short_fragm") || srv->getBool("fragm")) && + ( rule->getAction()==PolicyRule::Deny || rule->getAction()==PolicyRule::Reject) ) { + + PolicyRule *r= PolicyRule::cast( + compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + r->setAction(PolicyRule::Scrub); + r->getOptionsObject()->setBool("scrub",false); + tmp_queue.push_back(r); + + return true; + } + + tmp_queue.push_back(rule); + return true; +} + + +bool PolicyCompiler_pf::setQuickFlag::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + tmp_queue.push_back(rule); + + if ( rule->getAction()!=PolicyRule::Scrub && + rule->getAction()!=PolicyRule::Accounting && + rule->getAction()!=PolicyRule::Tag && + rule->getAction()!=PolicyRule::Branch + ) rule->setBool("quick",true); + + return true; +} + +bool PolicyCompiler_pf::doSrcNegation::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementSrc *src=rule->getSrc(); + + if (src->getNeg()) { + RuleElementSrc *nsrc; + PolicyRule *r; + + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + if (rule->getAction()==PolicyRule::Accept) r->setAction(PolicyRule::Deny); + else r->setAction(PolicyRule::Accept); + nsrc=r->getSrc(); + nsrc->setNeg(false); + r->setBool("quick",true); + r->setLogging(false); + tmp_queue.push_back(r); + + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + nsrc=r->getSrc(); + nsrc->setNeg(false); + nsrc->clearChildren(); + nsrc->setAnyElement(); + r->setBool("quick",true); + tmp_queue.push_back(r); + + return true; + } + tmp_queue.push_back(rule); + return true; +} + +bool PolicyCompiler_pf::doDstNegation::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementDst *dst=rule->getDst(); + + if (dst->getNeg()) { + RuleElementDst *ndst; + PolicyRule *r; + + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + if (rule->getAction()==PolicyRule::Accept) r->setAction(PolicyRule::Deny); + else r->setAction(PolicyRule::Accept); + ndst=r->getDst(); + ndst->setNeg(false); + r->setBool("quick",true); + r->setLogging(false); + tmp_queue.push_back(r); + + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + ndst=r->getDst(); + ndst->setNeg(false); + ndst->clearChildren(); + ndst->setAnyElement(); + r->setBool("quick",true); + tmp_queue.push_back(r); + + return true; + } + tmp_queue.push_back(rule); + return true; +} + +bool PolicyCompiler_pf::doSrvNegation::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementSrv *srv=rule->getSrv(); + + if (srv->getNeg()) { + throw FWException(_("Negation in Srv is not implemented. Rule: ")+rule->getLabel()); + return true; + } + tmp_queue.push_back(rule); + return true; +} + + +bool PolicyCompiler_pf::addLoopbackForRedirect::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + PolicyCompiler_pf *pf_comp=dynamic_cast(compiler); + +// RuleElementSrc *src=rule->getSrc(); + RuleElementDst *dst=rule->getDst(); + RuleElementSrv *srv=rule->getSrv(); + + if (pf_comp->natcmp==NULL) + compiler->abort("addLoopbackForRedirect needs a valid pointer to the NAT compiler object"); + + tmp_queue.push_back(rule); + + const list lst=pf_comp->natcmp->getRedirRulesInfo(); + + if (lst.empty()) return true; + +/* + * struct redirectRuleInfo { + * string natrule_label; + * Address *tdst; + * Service *tsrv; + * }; + */ + + for (FWObject::iterator i=srv->begin(); i!=srv->end(); i++) + { + FWObject *o1= *i; + if (FWReference::cast(o1)!=NULL) o1=FWReference::cast(o1)->getPointer(); + Service *s=Service::cast( o1 ); + assert(s); + + for (FWObject::iterator j=dst->begin(); j!=dst->end(); j++) + { + FWObject *o2= *j; + if (FWReference::cast(o2)!=NULL) o2=FWReference::cast(o2)->getPointer(); + Address *a=Address::cast( o2 ); + assert(a); + + list::const_iterator k; + for (k=lst.begin(); k!=lst.end(); ++k) + { + if ( *a == *(k->old_tdst) && *s == *(k->tsrv) ) + { +// insert address used for redirection in the NAT rule. + dst->addRef( k->new_tdst ); + return true; + } + } + } + } + + return true; +} + + +void PolicyCompiler_pf::checkForDynamicInterfacesOfOtherObjects::findDynamicInterfaces(RuleElement *re, + Rule *rule) +{ + if (re->isAny()) return; + list cl; + for (list::iterator i1=re->begin(); i1!=re->end(); ++i1) + { + FWObject *o = *i1; + FWObject *obj = o; + if (FWReference::cast(o)!=NULL) obj=FWReference::cast(o)->getPointer(); + Interface *ifs =Interface::cast( obj ); + + if (ifs!=NULL && + ifs->isDyn() && + ifs->getParent()->getId()!=compiler->fw->getId() && + ! ifs->getParent()->getBool("pf_table") ) + { + char errstr[2048]; + sprintf(errstr,_("Can not build rule using dynamic interface '%s' of the object '%s' because its address in unknown. Rule %s"), + ifs->getName().c_str(), + ifs->getParent()->getName().c_str(), + rule->getLabel().c_str() ); + + throw FWException(errstr); + } + } +} + + +bool PolicyCompiler_pf::checkForDynamicInterfacesOfOtherObjects::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + findDynamicInterfaces( rule->getSrc() , rule ); + findDynamicInterfaces( rule->getDst() , rule ); + + tmp_queue.push_back(rule); + return true; +} + + +bool PolicyCompiler_pf::splitIfInterfaceInRE::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElement *re=RuleElement::cast( rule->getFirstByType(re_type) ); + if (re->size()<=2) + { + tmp_queue.push_back(rule); + return true; + } + + list cl; + + for (FWObject::iterator i=re->begin(); i!=re->end(); i++) + { + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + + Interface *interface_=Interface::cast(o); + if (interface_!=NULL && interface_->isDyn()) + cl.push_back(interface_); + } + + if (!cl.empty()) + { + RuleElement *nre; + + PolicyRule *r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + nre=RuleElement::cast( r->getFirstByType(re_type) ); + nre->clearChildren(); + for (FWObject::iterator i=cl.begin(); i!=cl.end(); i++) nre->addRef( *i ); + tmp_queue.push_back(r); + + r= PolicyRule::cast(compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + nre=RuleElement::cast( r->getFirstByType(re_type) ); + for (FWObject::iterator i=cl.begin(); i!=cl.end(); i++) nre->removeRef( *i ); + tmp_queue.push_back(r); + + return true; + } + + tmp_queue.push_back(rule); + return true; +} + +bool PolicyCompiler_pf::separateSrcPort::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementSrv *rel= rule->getSrv(); + + if (rel->size()==1) { + tmp_queue.push_back(rule); + return true; + } + + list services; + for (FWObject::iterator i=rel->begin(); i!=rel->end(); i++) { + + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + Service *s=Service::cast(o); + assert(s!=NULL); + + if ( TCPService::isA(s) || UDPService::isA(s) ) { + int srs=s->getInt("src_range_start"); + int sre=s->getInt("src_range_end"); + + compiler->normalizePortRange(srs,sre); + + if (srs!=0 || sre!=0) { + PolicyRule *r= PolicyRule::cast( + compiler->dbcopy->create(PolicyRule::TYPENAME) ); + compiler->temp_ruleset->add(r); + r->duplicate(rule); + RuleElementSrv *nsrv=r->getSrv(); + nsrv->clearChildren(); + nsrv->addRef( s ); + tmp_queue.push_back(r); + services.push_back(s); + } + } + } + for (list::iterator i=services.begin(); i!=services.end(); i++) + rel->removeRef( (*i) ); + + if (!rel->isAny()) + tmp_queue.push_back(rule); + + return true; +} + +bool PolicyCompiler_pf::createTables::processNext() +{ + PolicyCompiler_pf *pf_comp=dynamic_cast(compiler); + PolicyRule *rule=getNext(); if (rule==NULL) return false; + + RuleElementSrc *src=rule->getSrc(); + RuleElementDst *dst=rule->getDst(); +// RuleElementSrv *srv=rule->getSrv(); + + if (src->size()!=1) pf_comp->tables->createTablesForRE(src,rule); + if (dst->size()!=1) pf_comp->tables->createTablesForRE(dst,rule); +// if (srv->size()!=1) createTablesForRE(srv,rule); + + tmp_queue.push_back(rule); + return true; +} + + +bool PolicyCompiler_pf::printScrubRule::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + FWOptions* options=compiler->fw->getOptionsObject(); + + if (!init && options->getBool("pf_do_scrub")) + { + compiler->output << "#" << endl; + compiler->output << "# Defragmentation" << endl; + compiler->output << "#" << endl; + compiler->output << "scrub in from any to any" << endl << endl; + init=true; + } + + tmp_queue.push_back(rule); + return true; +} + +void PolicyCompiler_pf::compile() +{ + try + { + Compiler::compile(); + + addDefaultPolicyRule(); + bool check_for_recursive_groups=true; + + if ( fw->getOptionsObject()->getBool ("check_shading") ) + { + add( new Begin ("Detecting rule shadowing" )); + add( new printTotalNumberOfRules () ); + + add( new ItfNegation( "process negation in Itf" ) ); + add( new InterfacePolicyRules( + "process interface policy rules and store interface ids")); + + add( new recursiveGroupsInSrc("check for recursive groups in SRC")); + add( new recursiveGroupsInDst("check for recursive groups in DST")); + add( new recursiveGroupsInSrv("check for recursive groups in SRV")); + check_for_recursive_groups=false; + + add( new ExpandGroups ("expand groups" ) ); + add( new eliminateDuplicatesInSRC("eliminate duplicates in SRC") ); + add( new eliminateDuplicatesInDST("eliminate duplicates in DST") ); + add( new eliminateDuplicatesInSRV("eliminate duplicates in SRV") ); + + add( new swapAddressTableObjectsInSrc( + "AddressTable -> MultiAddressRunTime in Src") ); + add( new swapAddressTableObjectsInDst( + "AddressTable -> MultiAddressRunTime in Dst") ); + + add( new swapMultiAddressObjectsInSrc( + "MultiAddress -> MultiAddressRunTime in Src") ); + add( new swapMultiAddressObjectsInDst( + "MultiAddress -> MultiAddressRunTime in Dst") ); + + add( new ExpandMultipleAddressesInSRC( + "expand objects with multiple addresses in SRC" ) ); + add( new ExpandMultipleAddressesInDST( + "expand objects with multiple addresses in DST" ) ); + add( new ConvertToAtomic ("convert to atomic rules") ); + add( new DetectShadowing ("Detect shadowing" ) ); + add( new simplePrintProgress ( ) ); + + runRuleProcessors(); + deleteRuleProcessors(); + } + + add( new Begin() ); + add( new printTotalNumberOfRules() ); + +// add( new printScrubRule (" Defragmentation" )); + if (check_for_recursive_groups) + { + add( new recursiveGroupsInSrc("check for recursive groups in SRC")); + add( new recursiveGroupsInDst("check for recursive groups in DST")); + add( new recursiveGroupsInSrv("check for recursive groups in SRV")); + } + + add( new emptyGroupsInSrc( "check for empty groups in SRC" )); + add( new emptyGroupsInDst( "check for empty groups in DST" )); + add( new emptyGroupsInSrv( "check for empty groups in SRV" )); + +// add( new doSrcNegation( "process negation in Src" )); +// add( new doDstNegation( "process negation in Dst" )); + add( new doSrvNegation( "process negation in Srv" )); + +// ExpandGroups opens groups, as well as groups in groups etc. + add( new ExpandGroups( "expand groups" )); + + add( new CheckForTCPEstablished( + "check for TCPService objects with flag \"established\"") ); + + add( new eliminateDuplicatesInSRC("eliminate duplicates in SRC" )); + add( new eliminateDuplicatesInDST("eliminate duplicates in DST" )); + add( new eliminateDuplicatesInSRV("eliminate duplicates in SRV" )); + + add( new swapAddressTableObjectsInSrc( + "AddressTable -> MultiAddressRunTime in Src") ); + add( new swapAddressTableObjectsInDst( + "AddressTable -> MultiAddressRunTime in Dst") ); + + add( new swapMultiAddressObjectsInSrc( + "MultiAddress -> MultiAddressRunTime in Src") ); + add( new swapMultiAddressObjectsInDst( + "MultiAddress -> MultiAddressRunTime in Dst") ); + + add( new processMultiAddressObjectsInSrc( + "process MultiAddress objects in Src") ); + add( new processMultiAddressObjectsInDst( + "process MultiAddress objects in Dst") ); + + add( new ItfNegation( "process negation in Itf" ) ); + add( new InterfacePolicyRules( + "process interface policy rules and store interface ids") ); + + add( new splitIfFirewallInSrc( "split rule if firewall is in Src" )); + add( new splitIfFirewallInDst( "split rule if firewall is in Dst" )); + add( new fillDirection( "determine directions" )); + add( new SplitDirection( "split rules with direction 'both'" )); + add( new addLoopbackForRedirect( + "add loopback to rules that permit redirected services" ) ); + add( new ExpandMultipleAddresses( + "expand objects with multiple addresses" ) ); + add( new checkForDynamicInterfacesOfOtherObjects( + "check for dynamic interfaces of other hosts and firewalls" )); + add( new MACFiltering( "verify for MAC address filtering" )); + add( new checkForUnnumbered( "check for unnumbered interfaces" )); + add( new addressRanges( "expand address range objects" )); + add( new splitServices( "split rules with different protocols")); + add( new separateTCPWithFlags("separate TCP services with flags" )); + add( new separateSrcPort("split on TCP and UDP with source ports")); + add( new verifyCustomServices( + "verify custom services for this platform")); +// add( new ProcessScrubOption( "process 'scrub' option" )); + add( new SpecialServices( "check for special services" )); + add( new setQuickFlag( "set 'quick' flag" )); + add( new checkForZeroAddr( "check for zero addresses" )); + add( new convertInterfaceIdToStr("prepare interface assignments" )); + + add( new createTables( "create tables" )); +// add( new PrintTables( "print tables" )); + + add( new PrintRule( "generate pf code" )); + add( new simplePrintProgress() ); + + runRuleProcessors(); + + } catch (FWException &ex) { + error(ex.toString()); + exit(1); + } +} + + +void PolicyCompiler_pf::epilog() +{ +} diff --git a/src/pflib/PolicyCompiler_pf.h b/src/pflib/PolicyCompiler_pf.h new file mode 100644 index 000000000..a99291d9b --- /dev/null +++ b/src/pflib/PolicyCompiler_pf.h @@ -0,0 +1,470 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: PolicyCompiler_pf.h 1075 2006-06-17 21:53:54Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#ifndef __POLICYCOMPILER_PF_HH +#define __POLICYCOMPILER_PF_HH + +#include +#include "fwcompiler/PolicyCompiler.h" + +#include "TableFactory.h" + +namespace libfwbuilder { + class IPService; + class ICMPService; + class TCPService; + class UDPService; + class RuleElementSrc; + class RuleElementDst; + class RuleElementSrv; + class IPv4; +}; + + +namespace fwcompiler { + + class NATCompiler_pf; + + class PolicyCompiler_pf : public PolicyCompiler { + + public: + + /** + * our firewall policy must block everything by default even + * if there are no rules. In iptables we do this by setting + * default chain policies to DROP. Here we do this by adding + * this unconditional blocking rule in the end. See also comment + * in the code regarding "pass_all_out" option + */ + void addDefaultPolicyRule(); + + protected: + + /** + * splits rule if one of the objects in Src * is firewall + * itself. This is needed to properly choose direction * + * later in filDirection + */ + DECLARE_POLICY_RULE_PROCESSOR(splitIfFirewallInSrc); + + + /** + * splits rule if one of the objects in Dst * is firewall + * itself. This is needed to properly choose direction * + * later in filDirection + */ + DECLARE_POLICY_RULE_PROCESSOR(splitIfFirewallInDst); + + + /** + * decides on direction if it is empty. + * + * Algorithm is as follows: + * + * I now support two modes for this compiler: + * + * 1. compiler produces two pf (or ipf) rules per each + * global policy rule, one "Inbound" and another + * "Outbound". Predicate SplitDirection does this for me if + * I set direction to Both here. + * + * Special cases: + * If Src is single object which is firewall itself, then set + * direction to Outbound + * If Dst is single object which is firewall itself, then set + * direction to Inbound + * If oth Src and Dst contain firewall, then set directon to + * Both + * + * In fact predicates splitIfFirewallInSrc and + * splitIfFirewallInDst make sure that if firewall is in + * Src or Dst, then it is the only object there. Thus we + * do not need to check number of objects in Src and Dst. + * + * 2. compiler produces one pf (or ipf) "in" rule per each + * global policy rule. In this case I set direction to + * Inbound here. + * + * I distinguish modes using firewall option "pass_all_out" + * + * 03/21/02 --vk + */ + DECLARE_POLICY_RULE_PROCESSOR(fillDirection); + + /** + * split rules if direction is "Both" + */ + DECLARE_POLICY_RULE_PROCESSOR(SplitDirection); + + /** + * Option "scrub" does not accept "quick" and therefore does not + * stop matching sequence. We need to split rule onto two, the first + * will be generated with action "scrub", while the second one with + * action "pass" and option "quick" + */ + DECLARE_POLICY_RULE_PROCESSOR(ProcessScrubOption); + + /** + * checks for the services which require * special treatment. + * Some of these will be checking for * source or destination + * object as well because special * command may need to be + * generated in case source or * destination is a firewall + * itself. Therefore this processor * should be called after + * converting to atomic rules, but * before interface + * addresses in source and destination are * expanded. + */ + DECLARE_POLICY_RULE_PROCESSOR(SpecialServices); + + /** + * sets 'quick' flag on rules + */ + DECLARE_POLICY_RULE_PROCESSOR(setQuickFlag); + + /** + * deals with negation in Src in policy rules. + */ + DECLARE_POLICY_RULE_PROCESSOR(doSrcNegation); + + /** + * deals with negation in Dst in policy rules. + */ + DECLARE_POLICY_RULE_PROCESSOR(doDstNegation); + + /** + * deals with negation in Srv in policy rules. + * + * NOT IMPLEMENTED + */ + DECLARE_POLICY_RULE_PROCESSOR(doSrvNegation); + + + /** + * like standard processor swapMultiAddressObjectsInRE, + * but swaps compile-time address tables + * + * We need this because unlike on other platforms, we need to + * generate code for compile-time AddressTables using their + * object name (to name the table after that). This + * substantially complicates things, we have to register + * AddressTable objects with TableFactory and then replace + * them with corresponding run time objects. This is unique + * feature of the compiler for PF. + */ + class swapAddressTableObjectsInRE : public PolicyRuleProcessor + { + std::string re_type; + public: + swapAddressTableObjectsInRE(const std::string &name, + const std::string &t) : PolicyRuleProcessor(name) { re_type=t; } + virtual bool processNext(); + }; + + + class swapAddressTableObjectsInSrc : public swapAddressTableObjectsInRE + { + public: + swapAddressTableObjectsInSrc(const std::string &n) : + swapAddressTableObjectsInRE(n,libfwbuilder::RuleElementSrc::TYPENAME) {} + }; + + class swapAddressTableObjectsInDst : public swapAddressTableObjectsInRE + { + public: + swapAddressTableObjectsInDst(const std::string &n) : + swapAddressTableObjectsInRE(n,libfwbuilder::RuleElementDst::TYPENAME) {} + }; + + /** + * Split rule if MultiAddress object is used in RE to make + * sure it is single object. Also check for the case where + * MultiAddress object is used in combination with negation, + * this case is not supported. NOTE: this restriction can be + * removed if PF adds support for recursively defined tables + * (tables as elements inside tables). + */ + class processMultiAddressObjectsInRE : public PolicyRuleProcessor + { + std::string re_type; + public: + processMultiAddressObjectsInRE(const std::string &name, + const std::string &t) : PolicyRuleProcessor(name) { re_type=t; } + virtual bool processNext(); + }; + + + class processMultiAddressObjectsInSrc : public processMultiAddressObjectsInRE + { + public: + processMultiAddressObjectsInSrc(const std::string &n) : + processMultiAddressObjectsInRE(n,libfwbuilder::RuleElementSrc::TYPENAME) {} + }; + + class processMultiAddressObjectsInDst : public processMultiAddressObjectsInRE + { + public: + processMultiAddressObjectsInDst(const std::string &n) : + processMultiAddressObjectsInRE(n,libfwbuilder::RuleElementDst::TYPENAME) {} + }; + + /** + * This is to work around a "feature" specific to PF: If NAT + * policy defines a redirect rule (a rule which sends packets + * to the firewall itself, possibly changing port numbers), + * then the packet appears on the same _ingress_ interface + * twice. The first time it is inspected, it has an original + * destination address, but the second time it has destination + * address of 127.0.0.1. This address appears there because + * our NAT compiler uses it for redirection rules. Our normal + * ExpandMultipleAddresses processor replaces firewall object + * with a set of addresses of all its interfaces, but skips + * loopback interface. Rule processor addLoopbackForRedirect + * consults with NATCompiler_pf to find out whether we have + * any Redirect rules to accomodate for. In case we do, and + * destination service in the current policy rule matches TSrv + * in the redirect rule and destination contains the same + * object that was in TDst in the NAT rule, it adds a new + * policy rule with the same source, destination being a new + * object used in TDst by the NAT compiler and the same + * service. + * + * Caveat: as everywhere in compiler for PF, we assume rule + * elements may contain multiple objects. + */ + DECLARE_POLICY_RULE_PROCESSOR(addLoopbackForRedirect); + friend class PolicyCompiler_pf::addLoopbackForRedirect; + + + friend class checkForDynamicInterfacesOfOtherObjects; + class checkForDynamicInterfacesOfOtherObjects : public PolicyRuleProcessor + { + void findDynamicInterfaces(libfwbuilder::RuleElement *re, + libfwbuilder::Rule *rule); + public: + checkForDynamicInterfacesOfOtherObjects(const std::string &name) : PolicyRuleProcessor(name) {} + virtual bool processNext(); + }; + + + /** + * we can not put interface name in the table, so we need to + * split the rule if src or dst contains both interface and + * host or network objects. + */ + class splitIfInterfaceInRE : public PolicyRuleProcessor + { + std::string re_type; + public: + splitIfInterfaceInRE(const std::string &name, + const std::string &t) : PolicyRuleProcessor(name) { re_type=t; } + virtual bool processNext(); + }; + + /** + * we can not put interface name in the table, so we need to + * split the rule if src contains both interface and host or + * network objects. + */ + class splitIfInterfaceInSrc : public splitIfInterfaceInRE + { + public: + splitIfInterfaceInSrc(const std::string &n) : + splitIfInterfaceInRE(n,libfwbuilder::RuleElementSrc::TYPENAME) {} + }; + + /** + * we can not put interface name in the table, so we need to + * split the rule if dst contains both interface and host or + * network objects. + */ + class splitIfInterfaceInDst : public splitIfInterfaceInRE + { + public: + splitIfInterfaceInDst(const std::string &n) : + splitIfInterfaceInRE(n,libfwbuilder::RuleElementDst::TYPENAME) {} + }; + + + /** + * this processor is only called if we are using tables. It + * creates two tables for each rule: one for source and + * another for destination. Processor PrintRule uses these + * tables later. + */ + class createTables : public PolicyRuleProcessor + { + void createTablesForRE(libfwbuilder::RuleElement *re, + libfwbuilder::Rule *rule); + public: + createTables(const std::string &name) : PolicyRuleProcessor(name) {} + virtual bool processNext(); + }; + friend class PolicyCompiler_pf::createTables; + + /** + * eliminates duplicate objects in SRC. Uses default comparison + * in eliminateDuplicatesInRE which compares IDs + */ + class eliminateDuplicatesInSRC : public eliminateDuplicatesInRE + { + public: + eliminateDuplicatesInSRC(const std::string &n) : + eliminateDuplicatesInRE(n,libfwbuilder::RuleElementSrc::TYPENAME) {} + }; + + /** + * eliminates duplicate objects in DST. Uses default comparison + * in eliminateDuplicatesInRE which compares IDs + */ + class eliminateDuplicatesInDST : public eliminateDuplicatesInRE + { + public: + eliminateDuplicatesInDST(const std::string &n) : + eliminateDuplicatesInRE(n,libfwbuilder::RuleElementDst::TYPENAME) {} + }; + + /** + * eliminates duplicate objects in SRV. Uses default comparison + * in eliminateDuplicatesInRE which compares IDs + */ + class eliminateDuplicatesInSRV : public eliminateDuplicatesInRE + { + public: + eliminateDuplicatesInSRV(const std::string &n) : + eliminateDuplicatesInRE(n,libfwbuilder::RuleElementSrv::TYPENAME) {} + }; + + /** + * separate TCP/UDP services that specify source port (can + * not be used in combination with destination port with + * multiport) + */ + DECLARE_POLICY_RULE_PROCESSOR(separateSrcPort); + + + class printScrubRule : public PolicyRuleProcessor + { + protected: + bool init; + public: + printScrubRule(const std::string &name) : PolicyRuleProcessor(name) { init=false; } + virtual bool processNext(); + }; + + /** + * this processor accumulates all rules fed to it by previous + * processors, then prints commands for all tables, + * then feeds all rules to the next processor. Usually this + * processor is in chain right before PrintRules + */ + class PrintTables : public PolicyRuleProcessor + { + public: + PrintTables(const std::string &n) : PolicyRuleProcessor(n) {} + virtual bool processNext(); + }; + friend class PolicyCompiler_pf::PrintTables; + + + /** + * prints single policy rule, assuming all groups have been + * expanded, so source, destination and service hold exactly + * one object each, and this object is not a group. Negation + * should also have been taken care of before this method is + * called. + */ + class PrintRule : public PolicyRuleProcessor + { + protected: + + bool init; + std::string current_rule_label; + + virtual void _printSrcService(libfwbuilder::RuleElementSrv *o); + virtual void _printDstService(libfwbuilder::RuleElementSrv *o); + virtual void _printProtocol(libfwbuilder::Service *srv); + + virtual std::string _printPort(int rs,int re,bool neg=false); + virtual std::string _printSrcService(libfwbuilder::Service *srv,bool neg=false); + virtual std::string _printDstService(libfwbuilder::Service *srv,bool neg=false); + virtual std::string _printTCPFlags(libfwbuilder::TCPService *srv); + + virtual void _printAddrList(libfwbuilder::FWObject *o,bool negflag); + virtual void _printSrcAddr(libfwbuilder::RuleElementSrc *o); + virtual void _printDstAddr(libfwbuilder::RuleElementDst *o); + virtual void _printAddr(libfwbuilder::Address *o,bool neg=false); + + virtual void _printNegation(libfwbuilder::RuleElement *o); + + virtual void _printAction(libfwbuilder::PolicyRule *r); + virtual void _printRouteOptions(libfwbuilder::PolicyRule *r); + virtual void _printLogging(libfwbuilder::PolicyRule *r); + virtual void _printDirection(libfwbuilder::PolicyRule *r); + virtual void _printInterface(libfwbuilder::PolicyRule *r); + virtual void _printLabel(libfwbuilder::PolicyRule *r); + virtual void _printQueue(libfwbuilder::PolicyRule *r); + virtual void _printTag(libfwbuilder::PolicyRule *r); + virtual std::string _printLogPrefix(libfwbuilder::PolicyRule *r,const std::string &prefix); + + public: + PrintRule(const std::string &name); + virtual bool processNext(); + }; + + + virtual std::string myPlatformName(); + + + public: + + PolicyCompiler_pf(libfwbuilder::FWObjectDatabase *_db, + const std::string &fwname, + fwcompiler::OSConfigurator *_oscnf, + NATCompiler_pf *_natcmp, + TableFactory *tbf = NULL) : PolicyCompiler(_db,fwname,_oscnf) + { + natcmp=_natcmp; + tables = tbf; + } + + virtual int prolog(); + virtual void compile(); + virtual void epilog(); + + protected: + + TableFactory *tables; + NATCompiler_pf *natcmp; + libfwbuilder::IPv4 *loopback_address; + + + + private: + + }; + + +} + +#endif diff --git a/src/pflib/PolicyCompiler_pf_writers.cpp b/src/pflib/PolicyCompiler_pf_writers.cpp new file mode 100644 index 000000000..3d25380fa --- /dev/null +++ b/src/pflib/PolicyCompiler_pf_writers.cpp @@ -0,0 +1,861 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: PolicyCompiler_pf_writers.cpp 1451 2007-12-09 23:53:22Z vk $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "PolicyCompiler_pf.h" + +#include "fwbuilder/Firewall.h" +#include "fwbuilder/AddressRange.h" +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/CustomService.h" +#include "fwbuilder/TagService.h" +#include "fwbuilder/Policy.h" +#include "fwbuilder/FWOptions.h" +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/IPv4.h" +#include "fwbuilder/DNSName.h" +#include "fwbuilder/AddressTable.h" + +#include +#if __GNUC__ > 3 || \ + (__GNUC__ == 3 && (__GNUC_MINOR__ > 2 || (__GNUC_MINOR__ == 2 ) ) ) || \ + _MSC_VER +# include +#else +# include +#endif +#include +#include +#include + +#include + +using namespace libfwbuilder; +using namespace fwcompiler; +using namespace std; + + + + + +/** + *----------------------------------------------------------------------- + * Methods for printing + */ +void PolicyCompiler_pf::PrintRule::_printAction(PolicyRule *rule) +{ + FWOptions *ruleopt =rule->getOptionsObject(); + Service *srv=compiler->getFirstSrv(rule); assert(srv); + + switch (rule->getAction()) { + case PolicyRule::Accept: + case PolicyRule::Tag: + case PolicyRule::Classify: + case PolicyRule::Accounting: + case PolicyRule::Route: + compiler->output << "pass "; + break; + + case PolicyRule::Deny: + compiler->output << "block "; + break; + + case PolicyRule::Reject: + if (TCPService::isA(srv)) compiler->output << "block return-rst "; + else { + string aor=ruleopt->getStr("action_on_reject"); + string code; + if ( aor.find("ICMP")!=string::npos ) { + code="return-icmp "; + if (aor.find("unreachable")!=string::npos ) { + if (aor.find("net")!=string::npos) code=code+"( 0 ) "; + if (aor.find("host")!=string::npos) code=code+"( 1 ) "; + if (aor.find("protocol")!=string::npos) code=code+"( 2 ) "; + if (aor.find("port")!=string::npos) code=code+"( 3 ) "; + } + if (aor.find("prohibited")!=string::npos ) { + if (aor.find("net")!=string::npos) code=code+"( 9 ) "; + if (aor.find("host")!=string::npos) code=code+"( 10 ) "; + } + } else + code="return-icmp "; + + compiler->output << "block " << code; + } + break; + case PolicyRule::Scrub: + compiler->output << "scrub "; + break; + case PolicyRule::Custom: + compiler->output << ruleopt->getStr("custom_str") << " "; + break; + case PolicyRule::Branch: + compiler->output << "anchor " << ruleopt->getStr("branch_name") << " "; + break; + default: + compiler->abort( + string("Unknown action '") + rule->getActionAsString() + + "' in rule " + rule->getLabel() + ); +// compiler->output << rule->getActionAsString() << " "; + } +} + +void PolicyCompiler_pf::PrintRule::_printRouteOptions(PolicyRule *rule) +{ + FWOptions *ruleopt =rule->getOptionsObject(); + + if (rule->getAction() == PolicyRule::Route) + { + if (ruleopt->getBool("pf_fastroute")) + compiler->output << "fastroute "; + + string prefix = "pf"; + if (compiler->myPlatformName()=="ipf") + prefix="ipf"; + + string ro = ruleopt->getStr(prefix+"_route_option"); + string roif = ruleopt->getStr(prefix+"_route_opt_if"); + string roaddr = ruleopt->getStr(prefix+"_route_opt_addr"); + + if (!ro.empty()) + { + if (roif.empty()) + compiler->abort("Interface specification is required for action Route in rule "+rule->getLabel()); + + if (ro == "route_through") compiler->output << "route-to "; + else if (ro == "route_reply_through") compiler->output << "reply-to "; + else if (ro == "route_copy_through") compiler->output << "dup-to "; + else + compiler->abort("Unknown option for rule action Route: '" + + ro + "' in rule "+rule->getLabel()); + + compiler->output << "( "; + compiler->output << roif << " "; + if (!roaddr.empty()) compiler->output << roaddr << " "; + compiler->output << ") "; + } + } +} + +void PolicyCompiler_pf::PrintRule::_printQueue(PolicyRule *rule) +{ + FWOptions *ruleopt =rule->getOptionsObject(); + + if (rule->getAction() == PolicyRule::Classify) + compiler->output << "queue " << ruleopt->getStr("classify_str") << " "; +} + +void PolicyCompiler_pf::PrintRule::_printTag(PolicyRule *rule) +{ + FWOptions *ruleopt =rule->getOptionsObject(); + + if (rule->getAction() == PolicyRule::Tag) + compiler->output << "tag " << ruleopt->getStr("tagvalue") << " "; +} + +void PolicyCompiler_pf::PrintRule::_printDirection(PolicyRule *rule) +{ + if (rule->getDirection()==PolicyRule::Outbound) compiler->output << "out "; + else compiler->output << "in "; +} + +void PolicyCompiler_pf::PrintRule::_printLogging(PolicyRule *rule) +{ + if (rule->getAction() != PolicyRule::Branch && + rule->getLogging()) compiler->output << " log "; +} + +void PolicyCompiler_pf::PrintRule::_printLabel(PolicyRule *rule) +{ + FWOptions *ruleopt =rule->getOptionsObject(); + string s=ruleopt->getStr("log_prefix"); + if (s.empty()) s=compiler->getCachedFwOpt()->getStr("log_prefix"); + if (!s.empty()) + compiler->output << " label " << _printLogPrefix(rule,s) << " "; +} + +string PolicyCompiler_pf::PrintRule::_printLogPrefix(PolicyRule *rule, + const string &prefix) +{ + string s=prefix; + +/* deal with our logging macros: + * %N - rule number + * %A - action + * %I - interface name + * %C - chain name + */ + string::size_type n; + if (rule && (n=s.find("%N"))!=string::npos ) { + std::ostringstream s1; + s1 << rule->getPosition(); + s.replace(n,2,s1.str()); + } + if (rule && (n=s.find("%A"))!=string::npos ) { + std::ostringstream s1; + switch (rule->getAction()) { + case PolicyRule::Accept: s1 << "ACCEPT"; break; + case PolicyRule::Deny: s1 << "DROP"; break; + case PolicyRule::Reject: s1 << "REJECT"; break; + case PolicyRule::Return: s1 << "RETURN"; break; + default: break; + } + s.replace(n,2,s1.str()); + } + if (rule && (n=s.find("%I"))!=string::npos ) { + std::ostringstream s1; + string rule_iface = rule->getInterfaceStr(); + if (rule_iface!="") + { + s1 << rule_iface; + s.replace(n,2,s1.str()); + } else + s.replace(n,2,"global"); + } + if (rule && (n=s.find("%C"))!=string::npos ) { + s.replace(n,2,""); // there is no chain in PF and friends + } + + return "\"" + s + "\" "; +} + + +void PolicyCompiler_pf::PrintRule::_printInterface(PolicyRule *rule) +{ + string iface_name = rule->getInterfaceStr(); + if (iface_name!="") + compiler->output << "on " << iface_name << " "; +} + +void PolicyCompiler_pf::PrintRule::_printProtocol(libfwbuilder::Service *srv) +{ + + if (!srv->isAny() && + !CustomService::isA(srv) && + !TagService::isA(srv) && + srv->getProtocolName()!="ip") + { + compiler->output << "proto "; + compiler->output << srv->getProtocolName(); + compiler->output << " "; + } +} + +string PolicyCompiler_pf::PrintRule::_printPort(int rs,int re,bool neg) +{ + ostringstream str; + + if (rs<0) rs=0; + if (re<0) re=0; + + if (!neg) { + + if (rs>0 || re>0) + { + if (rs>re && re==0) re=rs; + + if (rs==re) str << rs; // TODO: do we need '=' here ? + else + if (rs==0 && re!=0) str << "<= " << re; + else + if (rs!=0 && re==65535) str << ">= " << rs; + else { +/* + * port range. Operator '><' defines range in a such way that boundaries + * are not included. Since we assume it is inclusive, let's move boundaries + */ + if (rs>0 ) rs--; + if (re<65535) re++; + str << rs << " >< " << re; + } + } + } else { + + if (rs>0 || re>0) { + if (rs==re) str << "!= " << rs; + else + if (rs==0 && re!=0) str << "> " << re; + else + if (rs!=0 && re==65535) str << "< " << rs; + else { + str << rs << " <> " << re; + } + } + + } + return str.str(); +} + +/* + * we made sure that all services in rel represent the same protocol + */ +void PolicyCompiler_pf::PrintRule::_printSrcService(RuleElementSrv *rel) +{ +/* I do not want to use rel->getFirst because it traverses the tree to + * find the object. I'd rather use a cached copy in the compiler + */ + FWObject *o=rel->front(); + if (o && FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + + Service *srv= Service::cast(o); + + if (rel->size()==1) { + if (UDPService::isA(srv) || TCPService::isA(srv)) { + string str=_printSrcService( srv , rel->getNeg()); + if (! str.empty() ) compiler->output << "port " << str << " "; + } + } else { + + string str; + for (FWObject::iterator i=rel->begin(); i!=rel->end(); i++) { + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + Service *s=Service::cast( o ); + assert(s); + if (UDPService::isA(srv) || TCPService::isA(srv)) { + string str1= _printSrcService(s , rel->getNeg() ); + if (! str.empty() && ! str1.empty() ) str = str + ", "; + str = str + str1; + } + } + if ( !str.empty() ) { + compiler->output << "port { " << str << "} "; + } + } +} + +string PolicyCompiler_pf::PrintRule::_printSrcService(Service *srv,bool neg) +{ + ostringstream str; + if (TCPService::isA(srv) || UDPService::isA(srv)) + { + int rs=srv->getInt("src_range_start"); + int re=srv->getInt("src_range_end"); + str << _printPort(rs,re,neg); + } + return str.str(); +} + +void PolicyCompiler_pf::PrintRule::_printDstService(RuleElementSrv *rel) +{ + FWObject *o=rel->front(); + if (o && FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + + Service *srv= Service::cast(o); + + + if (rel->size()==1) + { + string str=_printDstService( srv , rel->getNeg()); + if ( ! str.empty() ) + { + if (UDPService::isA(srv) || TCPService::isA(srv)) + compiler->output << "port " << str << " "; + else + { + if (ICMPService::isA(srv)) + compiler->output << "icmp-type " << str << " "; + else + compiler->output << str << " "; + } + } + if (TCPService::isA(srv)) + { + str=_printTCPFlags(TCPService::cast(srv)); + if (!str.empty()) compiler->output << "flags " << str << " "; + } + if (IPService::isA(srv) && (srv->getBool("fragm") || srv->getBool("short_fragm")) ) + compiler->output << " fragment "; + + } else + { + string str; + for (FWObject::iterator i=rel->begin(); i!=rel->end(); i++) + { + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + Service *s=Service::cast( o ); + assert(s); + string str1= _printDstService(s , rel->getNeg() ); + if (! str.empty() && ! str1.empty() ) str = str + ", "; + str = str + str1; + } + if ( !str.empty() ) + { + if (UDPService::isA(srv) || TCPService::isA(srv)) + compiler->output << "port { " << str << " } "; + else + { + if (ICMPService::isA(srv)) + compiler->output << "icmp-type { " << str << " } "; + else + compiler->output << str << " " << endl; + } + } + } +} + +string PolicyCompiler_pf::PrintRule::_printDstService(Service *srv,bool neg) +{ + ostringstream str; + if (TCPService::isA(srv) || UDPService::isA(srv)) + { + int rs=srv->getInt("dst_range_start"); + int re=srv->getInt("dst_range_end"); + str << _printPort(rs,re,neg); + } + + if (ICMPService::isA(srv) && srv->getInt("type")!=-1) + { + str << srv->getStr("type") << " "; + if (srv->getInt("code")!=-1) + str << "code " << srv->getStr("code") << " "; + } + + if (CustomService::isA(srv)) + { + str << CustomService::cast(srv)->getCodeForPlatform( compiler->myPlatformName() ) << " "; + } + + if (TagService::isA(srv)) + { + str << "tagged " << TagService::cast(srv)->getCode() << " "; + } + + return str.str(); +} + +string PolicyCompiler_pf::PrintRule::_printTCPFlags(libfwbuilder::TCPService *srv) +{ + string str; + if (srv->inspectFlags()) + { + if (srv->getTCPFlag(TCPService::URG)) str+="U"; + if (srv->getTCPFlag(TCPService::ACK)) str+="A"; + if (srv->getTCPFlag(TCPService::PSH)) str+="P"; + if (srv->getTCPFlag(TCPService::RST)) str+="R"; + if (srv->getTCPFlag(TCPService::SYN)) str+="S"; + if (srv->getTCPFlag(TCPService::FIN)) str+="F"; + str+="/"; + if (srv->getTCPFlagMask(TCPService::URG)) str+="U"; + if (srv->getTCPFlagMask(TCPService::ACK)) str+="A"; + if (srv->getTCPFlagMask(TCPService::PSH)) str+="P"; + if (srv->getTCPFlagMask(TCPService::RST)) str+="R"; + if (srv->getTCPFlagMask(TCPService::SYN)) str+="S"; + if (srv->getTCPFlagMask(TCPService::FIN)) str+="F"; + } + return str; +} + +void PolicyCompiler_pf::PrintRule::_printAddr(Address *o,bool neg) +{ + MultiAddressRunTime *atrt = MultiAddressRunTime::cast(o); + if (atrt!=NULL) + { + if (atrt->getSubstitutionTypeName()==DNSName::TYPENAME) + { + compiler->output << atrt->getSourceName() << " "; + return; + } + if (atrt->getSubstitutionTypeName()==AddressTable::TYPENAME) + { + compiler->output << "<" << o->getName() << "> "; + return; + } + assert(atrt==NULL); + } + + IPAddress addr=o->getAddress(); + Netmask mask=o->getNetmask(); + + if (Interface::cast(o)!=NULL) + { + Interface *interface_=Interface::cast(o); + if (interface_->isDyn()) + { + compiler->output << "(" << interface_->getName() << ") "; + return; + } + + mask=Netmask("255.255.255.255"); + } + + if (IPv4::cast(o)!=NULL) + { + mask=Netmask("255.255.255.255"); + } + + if (addr.toString()=="0.0.0.0" && mask.toString()=="0.0.0.0") + { + compiler->output << "any "; + } else + { +// if (neg) compiler->output << "! "; + compiler->output << addr.toString(); + if (mask.toString()!="255.255.255.255") + { + compiler->output << "/" << mask.getLength(); + } + compiler->output << " "; + } +} + +void PolicyCompiler_pf::PrintRule::_printAddrList(FWObject *grp,bool negflag) +{ + compiler->output << "{ "; + for (FWObject::iterator i=grp->begin(); i!=grp->end(); i++) + { + if (i!=grp->begin()) compiler->output << ", "; + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + Address *s=Address::cast( o ); + assert(s); + _printAddr(s , negflag); + } + compiler->output << "} "; +} + +void PolicyCompiler_pf::PrintRule::_printSrcAddr(RuleElementSrc *rel) +{ + FWObject *o=rel->front(); + FWReference *oref = FWReference::cast(o); + if (o && oref!=NULL) o=oref->getPointer(); + + Address *src= Address::cast(o); + + _printNegation(rel); + + if (o==NULL) + { + PolicyRule *rule = PolicyRule::cast(rel->getParent()); + compiler->abort("Broken rule element " + rel->getTypeName() + " in rule '" + rule->getLabel() + "' rel->front(): " + oref->getPointerId()); + } + + if (rel->size()==1 && ! o->getBool("pf_table") ) + { + _printAddr( src , rel->getNeg() ); + } else + { + if (o->getBool("pf_table")) + { + compiler->output << "<" << o->getName() << "> "; + } else + { + _printAddrList(rel,rel->getNeg()); + } + } + +} + +void PolicyCompiler_pf::PrintRule::_printDstAddr(RuleElementDst *rel) +{ + FWObject *o=rel->front(); + FWReference *oref = FWReference::cast(o); + if (o && oref!=NULL) o=oref->getPointer(); + + Address *dst= Address::cast(o); + + _printNegation(rel); + + if (o==NULL) + { + PolicyRule *rule = PolicyRule::cast(rel->getParent()); + compiler->abort("Broken rule element " + rel->getTypeName() + " in rule '" + rule->getLabel() + "' rel->front(): " + oref->getPointerId()); + } + + if (rel->size()==1 && ! o->getBool("pf_table") ) + { + _printAddr( dst , rel->getNeg()); + } else + { + if (o->getBool("pf_table")) + { + compiler->output << "<" << o->getName() << "> "; + } else + { + _printAddrList(rel,rel->getNeg()); + } + } +} + +void PolicyCompiler_pf::PrintRule::_printNegation(libfwbuilder::RuleElement *rel) +{ + if (rel->getNeg()) + compiler->output << "! "; +} + + +PolicyCompiler_pf::PrintRule::PrintRule(const std::string &name) : PolicyRuleProcessor(name) +{ + init=true; +} + +bool PolicyCompiler_pf::PrintRule::processNext() +{ + PolicyRule *rule=getNext(); if (rule==NULL) return false; + FWOptions *ruleopt =rule->getOptionsObject(); + string version=compiler->fw->getStr("version"); + +// cerr << endl; +// cerr << "Rule " << rule->getPosition() << endl; + + tmp_queue.push_back(rule); + + string rl=rule->getLabel(); + if (rl!=current_rule_label) + { + + compiler->output << "# " << endl; + compiler->output << "# Rule " << rl << endl; + + string comm=rule->getComment(); + string::size_type c1,c2; + c1=0; + while ( (c2=comm.find('\n',c1))!=string::npos ) { + compiler->output << "# " << comm.substr(c1,c2-c1) << endl; + c1=c2+1; + } + compiler->output << "# " << comm.substr(c1) << endl; + compiler->output << "# " << endl; + + current_rule_label=rl; + } + +// cerr << "CP 1" << endl; + + + + RuleElementSrc *srcrel=rule->getSrc(); +// Address *src =compiler->getFirstSrc(rule); assert(src); + RuleElementDst *dstrel=rule->getDst(); +// Address *dst =compiler->getFirstDst(rule); assert(dst); + RuleElementSrv *srvrel=rule->getSrv(); + Service *srv =compiler->getFirstSrv(rule); assert(srv); + + _printAction(rule); + _printDirection(rule); + _printLogging(rule); + + if ( rule->getBool("quick") ) compiler->output << " quick "; + + _printInterface(rule); + + _printRouteOptions(rule); + + compiler->output << "inet "; + + _printProtocol(srv); + +// cerr << "CP 2" << endl; + + compiler->output << " from "; + _printSrcAddr(srcrel); + _printSrcService(srvrel); + + compiler->output << " to "; + _printDstAddr(dstrel); + _printDstService(srvrel); + + _printTag(rule); + +/* + * Dealing with "keep state" and "modulate state" flags + * + * 1. both flags do not apply to deny/reject rules. + * 2. modulate state applies only to TCP services. Since we use splitServices, + * all services in a rule are of the same protocol, therefore we can simply + * check type of srv + */ + if ( ! ruleopt->getBool("stateless") ) + { + + TCPService *tcpsrv=TCPService::cast(srv); + + if (tcpsrv!=NULL && ! tcpsrv->inspectFlags() ) + { + // tcp service, no special flag match + + if ( version == "4.x") + { + if (compiler->getCachedFwOpt()->getBool( + "accept_new_tcp_with_no_syn") ) + // v4.x, accept connections opened prior to restart + compiler->output << "flags any "; + // else - no 'flags' option since in 4.x + // 'flags S/SA' is the default + if (ruleopt->getBool("pf_keep_state") ) + compiler->output << "keep state "; + } else + { + // v3.x + if ( compiler->getCachedFwOpt()->getBool( + "accept_new_tcp_with_no_syn") ) + { + // no 'flags ' option needed + ; + } else + // v3.x, stateful + compiler->output << "flags S/SA "; + } + } + + if (compiler->getCachedFwOpt()->getBool("modulate_state") && + tcpsrv!=NULL) + compiler->output << "modulate state "; + else + { + /* + * "flags S/SA keep state" is implicit in 4.x + * However see section "1.2. Operational changes" in + * http://www.openbsd.org/faq/upgrade41.html + * + * Quote: + * + * In particular care should be taken with the enc0 + * interface, as floating states are a potential problem + * for filtering IPsec traffic: states need to be + * interface bound, to avoid permitting unencrypted + * traffic should isakmpd(8) exit. Therefore all rules on + * the enc0 interface should explicitly set keep state + * (if-bound). + * + * This seems to imply that even though "keep state" is + * the default, it should be explicitly used with enc0 + * interface. Adding rule option "Set 'keep state' + * explicitly" to cope with this. + */ + if ( version != "4.x" || + compiler->getCachedFwOpt()->getBool("pf_keep_state")) + compiler->output << "keep state "; + } + + int nopt=0; + if (ruleopt->getInt("pf_rule_max_state")>0) nopt++; + if (ruleopt->getBool("pf_source_tracking")) nopt+=2; + if (ruleopt->getInt("pf_max_src_conn")>0) nopt++; + if (ruleopt->getStr("pf_max_src_conn_overload_table")!="") nopt++; + if (ruleopt->getInt("pf_max_src_conn_rate_num")>0) nopt++; + if (ruleopt->getStr("pf_max_src_conn_rate_overload_table")!="") nopt++; + + bool not_the_first = false; + if (nopt) + { + if (nopt>1) compiler->output << " ( "; + + if (ruleopt->getInt("pf_rule_max_state")>0) + { + compiler->output << " max " + << ruleopt->getInt("pf_rule_max_state"); + not_the_first = true; + } + + if (ruleopt->getBool("pf_source_tracking")) + { + if (not_the_first) compiler->output << ","; + + if (ruleopt->getInt("pf_max_src_nodes") > 0) + compiler->output << " max-src-nodes " + << ruleopt->getInt("pf_max_src_nodes"); + + if (ruleopt->getInt("pf_max_src_states")>0) + compiler->output << ", max-src-states " + << ruleopt->getInt("pf_max_src_states"); + + not_the_first = true; + } + + if (ruleopt->getInt("pf_max_src_conn")>0) + { + if (not_the_first) compiler->output << ","; + + compiler->output << " max-src-conn " + << ruleopt->getInt("pf_max_src_conn"); + if (ruleopt->getStr("pf_max_src_conn_overload_table")!="") + compiler->output << ", overload <" + << ruleopt->getStr("pf_max_src_conn_overload_table") << ">"; + if (ruleopt->getBool("pf_max_src_conn_flush")) + compiler->output << " flush"; + if (ruleopt->getBool("pf_max_src_conn_global")) + compiler->output << " global"; + not_the_first = true; + } + + if (ruleopt->getInt("pf_max_src_conn_rate_num")>0 && + ruleopt->getInt("pf_max_src_conn_rate_seconds")>0) + { + if (not_the_first) compiler->output << ","; + + compiler->output << " max-src-conn-rate " + << ruleopt->getInt("pf_max_src_conn_rate_num") + << "/" + << ruleopt->getInt("pf_max_src_conn_rate_seconds"); + + if (ruleopt->getStr("pf_max_src_conn_rate_overload_table")!="") + compiler->output << ", overload <" + << ruleopt->getStr("pf_max_src_conn_rate_overload_table") << ">"; + if (ruleopt->getBool("pf_max_src_conn_rate_flush")) + compiler->output << " flush"; + if (ruleopt->getBool("pf_max_src_conn_rate_global")) + compiler->output << " global"; + } + + if (nopt>1) compiler->output << " ) "; + } + } else + { + // stateless rule + if ( version == "4.x") + // v4.x, stateless rule + compiler->output << "no state "; + } + + if (rule->getBool("allow_opts")) compiler->output << "allow-opts "; + + _printQueue(rule); + _printLabel(rule); + + compiler->output << endl; + + return true; +} + +bool PolicyCompiler_pf::PrintTables::processNext() +{ + PolicyCompiler_pf *pf_comp=dynamic_cast(compiler); + + slurp(); + if (tmp_queue.size()==0) return false; + +/* print tables */ + compiler->output << pf_comp->tables->PrintTables(); + + return true; +} diff --git a/src/pflib/Preprocessor_pf.cpp b/src/pflib/Preprocessor_pf.cpp new file mode 100644 index 000000000..f05a426da --- /dev/null +++ b/src/pflib/Preprocessor_pf.cpp @@ -0,0 +1,45 @@ +/* + + Firewall Builder + + Copyright (C) 2006 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: Preprocessor_pf.cpp 1034 2006-05-21 04:47:10Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#include "Preprocessor_pf.h" + +#include "fwbuilder/AddressTable.h" + +using namespace libfwbuilder; +using namespace fwcompiler; +using namespace std; + + +void Preprocessor_pf::convertObject(FWObject *obj) +{ + Preprocessor::convertObject(obj); + + AddressTable *adt = AddressTable::cast(obj); + if (adt!=NULL && adt->isCompileTime()) + adt->setRunTime(true); + +} + diff --git a/src/pflib/Preprocessor_pf.h b/src/pflib/Preprocessor_pf.h new file mode 100644 index 000000000..52d2f530e --- /dev/null +++ b/src/pflib/Preprocessor_pf.h @@ -0,0 +1,54 @@ +/* + + Firewall Builder + + Copyright (C) 2006 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: Preprocessor_pf.h 1034 2006-05-21 04:47:10Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#ifndef __PREPROCESSOR_PF_HH +#define __PREPROCESSOR_PF_HH + +#include +#include "fwcompiler/Preprocessor.h" + +namespace libfwbuilder { + class FWObjectDatabase; +}; + + +namespace fwcompiler { + + class Preprocessor_pf : public Preprocessor { + + public: + + Preprocessor_pf(libfwbuilder::FWObjectDatabase *_db, + const std::string &fwname) : Preprocessor(_db,fwname) + { } + + virtual void convertObject(libfwbuilder::FWObject *obj); + + }; + + +} + +#endif diff --git a/src/pflib/TableFactory.cpp b/src/pflib/TableFactory.cpp new file mode 100644 index 000000000..fad5fcbeb --- /dev/null +++ b/src/pflib/TableFactory.cpp @@ -0,0 +1,235 @@ +/* + + Firewall Builder + + Copyright (C) 2002 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: TableFactory.cpp 1175 2006-10-07 05:49:05Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" + +#include "TableFactory.h" + +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Rule.h" +#include "fwbuilder/DNSName.h" +#include "fwbuilder/AddressTable.h" + +#include +#include +#include +#include + +#include +#include + +using namespace libfwbuilder; +using namespace fwcompiler; +using namespace std; + +TableFactory::TableFactory() +{ + ruleSetName = ""; + dbroot = NULL; + persistent_tables = new ObjectGroup(); +} + +void TableFactory::init(FWObjectDatabase *_dbr) +{ + dbroot = _dbr; + dbroot->add(persistent_tables); + dbroot->addToIndex(persistent_tables); + for (FWObject::iterator i=persistent_tables->begin(); i!=persistent_tables->end(); i++) + { + dbroot->addToIndex(*i); + } +} + +struct joinIDs : public unary_function +{ + string out, sep; + joinIDs(const string& _sep) { sep=_sep; }; + void operator() (string x) { out += x + sep; } +}; + +string TableFactory::generateTblID(RuleElement *re) +{ + string res; + list lids; + for (FWObject::iterator i=re->begin(); i!=re->end(); i++) + { + FWObject *o = *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + lids.push_back(o->getId()); + } + lids.sort(); + joinIDs R = for_each(lids.begin(), lids.end(), joinIDs("_")); + return R.out; +} + +void TableFactory::registerTable(const string& tblname, const string& tblid, FWObject* tbl) + throw(FWException) +{ +// two different table objects should have different names +// + if (tables.count(tblid)!=0 && + tblnames.count(tblname)!=0 && + tables[tblid]->getName()!=tbl->getName() + ) + throw(FWException("table object name must be unique: '"+tblname+"'")); + + tblnames[tblname] = tblid; + tables[tblid] = tbl; +} + +void TableFactory::createTablesForRE(RuleElement *re,Rule *rule) +{ + //Interface *rule_iface = compiler->getCachedFwInterface(rule->getInterfaceId()); + + // sanity checks + assert(rule->getRoot()==re->getRoot()); + assert(dbroot==rule->getRoot()); + + /* + * Before we create a new table, we scan tables and try to find + * the one that already exists and contains the same objects. + */ + string tblID = generateTblID(re); + FWObject *tblgrp = NULL; + + if (tables.count(tblID)!=0) + { + tblgrp = tables[tblID]; + } else + { + tblgrp=ObjectGroup::cast(dbroot->create(ObjectGroup::TYPENAME)); +// TODO: can two rules yeild the same name for the group using this method? + std::ostringstream tblname; + if (!ruleSetName.empty()) tblname << ruleSetName << ":"; + int rp = rule->getPosition(); + tblname << "tbl.r"; + tblname << ((rp>0)?rp:0); + + //if (rule_iface) tblname << rule_iface->getName()+"."; + // tblname=tblname+rule->getId(); + if (RuleElementSrc::isA(re)) tblname << ".s"; + if (RuleElementDst::isA(re)) tblname << ".d"; + + while (tblnames.count(tblname.str())>0) tblname << "x"; + + tblgrp->setName( tblname.str() ); + tblgrp->setId( "id_" + tblname.str() ); + + persistent_tables->add(tblgrp,false); + dbroot->addToIndex(tblgrp); + + tblgrp->setBool("pf_table",true); + tblgrp->setStr("pf_table_id",tblID); + + registerTable(tblname.str(),tblID,tblgrp); + + for (FWObject::iterator i=re->begin(); i!=re->end(); i++) + { + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + tblgrp->add( o ); + } + } + re->clearChildren(); + re->addRef(tblgrp); +} + +string TableFactory::PrintTables() +{ + stringstream output; + output << endl; + output << endl; + output << "# Tables: (" << tables.size() << ")" << endl; + + for (map::const_iterator i=tblnames.begin(); i!=tblnames.end(); i++) + { + string tblID = i->second; + FWObject *grp = tables[tblID]; + output << "table "; + output << "<" << grp->getName() << "> "; + MultiAddressRunTime *atrt = MultiAddressRunTime::cast(grp); + if (atrt!=NULL && atrt->getSubstitutionTypeName()==AddressTable::TYPENAME) + { + output << "persist"; + if ( !atrt->getSourceName().empty() ) + output << " file \"" + << atrt->getSourceName() + << "\""; + + output << endl; + continue; + } + output << "{ "; + for (FWObject::iterator i=grp->begin(); i!=grp->end(); i++) + { + if (i!=grp->begin()) output << ", "; + FWObject *o= *i; + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + if (o==NULL) + throw(FWException("broken table object ")); + + + MultiAddressRunTime *atrt = MultiAddressRunTime::cast(o); + if (atrt!=NULL) + { + if (atrt->getSubstitutionTypeName()==DNSName::TYPENAME) + { + output << atrt->getSourceName() << " "; + } + } else + { + if (Interface::cast(o)) + { + output << o->getName(); + } else + { + Address *A=Address::cast( o ); + if (A==NULL) + throw(FWException("table object must be an address: '"+o->getTypeName()+"'")); + + IPAddress addr=A->getAddress(); + Netmask mask=A->getNetmask(); + + if (IPv4::cast(A)!=NULL) { + mask=Netmask("255.255.255.255"); + } + + output << addr.toString(); + if (mask.toString()!="255.255.255.255") { + output << "/" << mask.getLength(); + } + } + } + output << " "; + } + output << "} "; + output << endl; + } + output << endl; + return output.str(); +} diff --git a/src/pflib/TableFactory.h b/src/pflib/TableFactory.h new file mode 100644 index 000000000..8d7b062b4 --- /dev/null +++ b/src/pflib/TableFactory.h @@ -0,0 +1,71 @@ +/* + + Firewall Builder + + Copyright (C) 2005 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: TableFactory.h 1033 2006-05-20 08:03:33Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#ifndef __TABLEFACTORY_HH +#define __TABLEFACTORY_HH + +#include +#include "fwcompiler/PolicyCompiler.h" +#include + +#include +#include + +namespace libfwbuilder { + class FWObject; + class FWObjectDatabase; +}; + +namespace fwcompiler { + + class TableFactory { + libfwbuilder::FWObjectDatabase *dbroot; + libfwbuilder::FWObject *persistent_tables; + + std::map tables; + std::map tblnames; + std::string generateTblID(libfwbuilder::RuleElement *re); + std::string ruleSetName; + +public: + TableFactory(); + + void init(libfwbuilder::FWObjectDatabase *_dbroot); + + void setRuleSetName(const std::string &rsn="") { ruleSetName=rsn; } + + void registerTable(const std::string& tblname, + const std::string& tblid, + libfwbuilder::FWObject *tbl) throw(libfwbuilder::FWException); + void createTablesForRE(libfwbuilder::RuleElement *re, + libfwbuilder::Rule *rule); + + std::string PrintTables(); + + }; +}; + + +#endif diff --git a/src/pflib/pflib.pro b/src/pflib/pflib.pro new file mode 100644 index 000000000..a24929990 --- /dev/null +++ b/src/pflib/pflib.pro @@ -0,0 +1,51 @@ +#-*- mode: makefile; tab-width: 4; -*- +# +include(../../qmake.inc) +# +TEMPLATE = lib +# +SOURCES = TableFactory.cpp \ + Preprocessor_pf.cpp \ + NATCompiler_ipf.cpp \ + NATCompiler_ipfw.cpp \ + NATCompiler_ipf_writers.cpp \ + NATCompiler_ipfw_writers.cpp \ + NATCompiler_pf.cpp \ + NATCompiler_pf_negation.cpp \ + NATCompiler_pf_writers.cpp \ + OSConfigurator_freebsd.cpp \ + OSConfigurator_macosx.cpp \ + OSConfigurator_openbsd.cpp \ + OSConfigurator_solaris.cpp \ + OSData.cpp \ + PolicyCompiler_ipf.cpp \ + PolicyCompiler_ipf_optimizer.cpp \ + PolicyCompiler_ipfw.cpp \ + PolicyCompiler_ipf_writers.cpp \ + PolicyCompiler_ipfw_writers.cpp \ + PolicyCompiler_pf.cpp \ + PolicyCompiler_pf_writers.cpp + +HEADERS = ../../config.h \ + OSData.h \ + TableFactory.h \ + Preprocessor_pf.h \ + NATCompiler_ipf.h \ + NATCompiler_ipfw.h \ + NATCompiler_pf.h \ + OSConfigurator_freebsd.h \ + OSConfigurator_macosx.h \ + OSConfigurator_openbsd.h \ + OSConfigurator_solaris.h \ + PolicyCompiler_ipf.h \ + PolicyCompiler_ipfw.h \ + PolicyCompiler_pf.h + +!macx:LIBS += $$LIBS_FWCOMPILER +# macx:LIBS += -L../../../libfwbuilder2-2.0.0/src/fwcompiler -lfwcompiler-2.0 + +CONFIG += staticlib + +TARGET = fwbpf + +INSTALLS -= target diff --git a/src/res/.cvsignore b/src/res/.cvsignore new file mode 100644 index 000000000..65ae5bcdd --- /dev/null +++ b/src/res/.cvsignore @@ -0,0 +1,7 @@ +Makefile +.moc +.ui +*.app +*.fwb +*.tbl + diff --git a/src/res/dummy b/src/res/dummy new file mode 100644 index 000000000..e69de29bb diff --git a/src/res/fwbuilder_preferences.dtd.in b/src/res/fwbuilder_preferences.dtd.in new file mode 100644 index 000000000..133285dd0 --- /dev/null +++ b/src/res/fwbuilder_preferences.dtd.in @@ -0,0 +1,122 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/res/fwbuilder_prefs.xml.in b/src/res/fwbuilder_prefs.xml.in new file mode 100644 index 000000000..c3ab942b7 --- /dev/null +++ b/src/res/fwbuilder_prefs.xml.in @@ -0,0 +1,54 @@ + + + + + 10 + 1 + 10 + 1 + + + lpr + null.xsl + false + + + + + + true + false + true + false + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + Split + false + false + true + true + false + popup + 2 + + + + + + + + + + + diff --git a/src/res/objects_init.xml b/src/res/objects_init.xml new file mode 100644 index 000000000..6e0aeb932 --- /dev/null +++ b/src/res/objects_init.xml @@ -0,0 +1,363 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + established + -m state --state ESTABLISHED,RELATED + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + -m record_rpc + + + + + + + + + + -m irc + + + + + + + + + + -m psd --psd-weight-threshold 5 --psd-delay-threshold 10000 + + + + + + + + + + -m string --string test_pattern + + + + + + + + + + -m talk + + + + + + + + + + + + + + + + + diff --git a/src/res/objects_init.xml.in b/src/res/objects_init.xml.in new file mode 100644 index 000000000..1e8917276 --- /dev/null +++ b/src/res/objects_init.xml.in @@ -0,0 +1,363 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + established + -m state --state ESTABLISHED,RELATED + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + -m record_rpc + + + + + + + + + + -m irc + + + + + + + + + + -m psd --psd-weight-threshold 5 --psd-delay-threshold 10000 + + + + + + + + + + -m string --string test_pattern + + + + + + + + + + -m talk + + + + + + + + + + + + + + + + + diff --git a/src/res/os/freebsd.xml b/src/res/os/freebsd.xml new file mode 100644 index 000000000..95fe75b0a --- /dev/null +++ b/src/res/os/freebsd.xml @@ -0,0 +1,117 @@ + + + + FreeBSD + freebsd + freebsd + + + true + + 1 + lo0 + + + + /etc/fw + + /tmp + + min + + + + +echo '%FWBPROMPT%'; +cat > %FWDIR%/%FWSCRIPT%; + + + +echo '%FWBPROMPT%'; +chmod +x %FWDIR%/%FWSCRIPT%; +sudo -S %FWDIR%/%FWSCRIPT% && sudo -S pkill shutdown; echo 'Policy activated' + + +echo '%FWBPROMPT%'; +chmod +x %FWDIR%/%FWSCRIPT%; +sudo -S %FWDIR%/%FWSCRIPT% && sudo -S pkill shutdown; echo 'Policy activated' + + + + + +echo '%FWBPROMPT%'; +mkdir -p %FWDIR%/tmp; +cat > %FWDIR%/tmp/%FWSCRIPT%; + + + +echo '%FWBPROMPT%'; +chmod +x %FWDIR%/tmp/%FWSCRIPT%; +sudo -S /sbin/shutdown -r +%RBTIMEOUT%; +sudo -S %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + +echo '%FWBPROMPT%'; +chmod +x %FWDIR%/tmp/%FWSCRIPT%; +sudo -S %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + + + + + + +echo '%FWBPROMPT%'; +cat > %FWDIR%/%FWSCRIPT%; + + + +echo '%FWBPROMPT%'; +sh %FWDIR%/%FWSCRIPT% && pkill shutdown; echo 'Policy activated' + + +echo '%FWBPROMPT%'; +sh %FWDIR%/%FWSCRIPT% && pkill shutdown; echo 'Policy activated' + + + + + +echo '%FWBPROMPT%'; +mkdir -p %FWDIR%/tmp; +cat > %FWDIR%/tmp/%FWSCRIPT%; + + + +echo '%FWBPROMPT%'; +/sbin/shutdown -r +%RBTIMEOUT%; +sh %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + +echo '%FWBPROMPT%'; +sh %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + + + + + + + + + False + + + + /sbin/ipfw + /sbin/ipf + /sbin/ipnat + /sbin/pfctl + /sbin/sysctl + /usr/bin/logger + /usr/bin/expect + + + + diff --git a/src/res/os/freebsd.xml.in b/src/res/os/freebsd.xml.in new file mode 100644 index 000000000..9faa54e37 --- /dev/null +++ b/src/res/os/freebsd.xml.in @@ -0,0 +1,117 @@ + + + + FreeBSD + freebsd + freebsd + + + true + + 1 + lo0 + + + + /etc/fw + + /tmp + + min + + + + +echo '%FWBPROMPT%'; +cat > %FWDIR%/%FWSCRIPT%; + + + +echo '%FWBPROMPT%'; +chmod +x %FWDIR%/%FWSCRIPT%; +sudo -S %FWDIR%/%FWSCRIPT% && sudo -S pkill shutdown; echo 'Policy activated' + + +echo '%FWBPROMPT%'; +chmod +x %FWDIR%/%FWSCRIPT%; +sudo -S %FWDIR%/%FWSCRIPT% && sudo -S pkill shutdown; echo 'Policy activated' + + + + + +echo '%FWBPROMPT%'; +mkdir -p %FWDIR%/tmp; +cat > %FWDIR%/tmp/%FWSCRIPT%; + + + +echo '%FWBPROMPT%'; +chmod +x %FWDIR%/tmp/%FWSCRIPT%; +sudo -S /sbin/shutdown -r +%RBTIMEOUT%; +sudo -S %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + +echo '%FWBPROMPT%'; +chmod +x %FWDIR%/tmp/%FWSCRIPT%; +sudo -S %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + + + + + + +echo '%FWBPROMPT%'; +cat > %FWDIR%/%FWSCRIPT%; + + + +echo '%FWBPROMPT%'; +sh %FWDIR%/%FWSCRIPT% && pkill shutdown; echo 'Policy activated' + + +echo '%FWBPROMPT%'; +sh %FWDIR%/%FWSCRIPT% && pkill shutdown; echo 'Policy activated' + + + + + +echo '%FWBPROMPT%'; +mkdir -p %FWDIR%/tmp; +cat > %FWDIR%/tmp/%FWSCRIPT%; + + + +echo '%FWBPROMPT%'; +/sbin/shutdown -r +%RBTIMEOUT%; +sh %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + +echo '%FWBPROMPT%'; +sh %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + + + + + + + + + False + + + + /sbin/ipfw + /sbin/ipf + /sbin/ipnat + /sbin/pfctl + /sbin/sysctl + /usr/bin/logger + /usr/bin/expect + + + + diff --git a/src/res/os/fwsm_os.xml b/src/res/os/fwsm_os.xml new file mode 100644 index 000000000..c3938c937 --- /dev/null +++ b/src/res/os/fwsm_os.xml @@ -0,0 +1,21 @@ + + + + Cisco FWSM + fwb_pix + fwsm_os + pix_os + + + false + + + + + + False + + + + + diff --git a/src/res/os/fwsm_os.xml.in b/src/res/os/fwsm_os.xml.in new file mode 100644 index 000000000..a614e1697 --- /dev/null +++ b/src/res/os/fwsm_os.xml.in @@ -0,0 +1,21 @@ + + + + Cisco FWSM + fwb_pix + fwsm_os + pix_os + + + false + + + + + + False + + + + + diff --git a/src/res/os/ios.xml.in b/src/res/os/ios.xml.in new file mode 100644 index 000000000..de71172af --- /dev/null +++ b/src/res/os/ios.xml.in @@ -0,0 +1,71 @@ + + + + Cisco IOS + fwb_iosacl + ios + ios + + + false + + + + + + + + min + + + + + terminal width 256 + terminal length 0 + + + + wr mem + + + + reload in %RBTIMEOUT% + + + + reload cancel + + + + + + + + + terminal width 256 + terminal length 0 + + + + + + + reload in %RBTIMEOUT% + + + + reload cancel + + + + + + + + + + + + + + diff --git a/src/res/os/linksys.xml b/src/res/os/linksys.xml new file mode 100644 index 000000000..1cf377c1a --- /dev/null +++ b/src/res/os/linksys.xml @@ -0,0 +1,107 @@ + + + + Linksys/Sveasoft + linux24 + linksys + + + false + + 1 + lo + $ + # + + + + + /tmp + + /tmp + + sec + + + + +echo '%FWBPROMPT%'; +cat > /tmp/%FWSCRIPT% + + + +echo '%FWBPROMPT%'; +mv /tmp/%FWSCRIPT% /tmp/fwb; +/usr/sbin/nvram unset rc_firewall; +/usr/sbin/nvram set rc_firewall="/usr/sbin/nvram get fwb|uudecode|gzip -dc|sh"; +/usr/sbin/nvram unset fwb; +/usr/sbin/nvram set fwb="`cat /tmp/fwb|gzip|uuencode -`" || exit 1; +rm /tmp/fwb; +echo "Saving data to flash memory"; +/usr/sbin/nvram commit || exit 1; +echo "Flash memory:"; +/usr/sbin/nvram show >/dev/null; +echo "Activating policy"; +/usr/sbin/nvram get fwb|uudecode|gzip -dc|sh && (killall reboot;echo 'Policy activated') + + + +echo '%FWBPROMPT%'; +mv /tmp/%FWSCRIPT% /tmp/fwb; +/usr/sbin/nvram set rc_firewall="/usr/sbin/nvram get fwb|sh"; +/usr/sbin/nvram unset fwb; +/usr/sbin/nvram set fwb="`cat /tmp/fwb`" || exit 1; +rm /tmp/fwb; +echo "Saving data to flash memory"; +/usr/sbin/nvram commit || exit 1; +echo "Flash memory:"; +/usr/sbin/nvram show >/dev/null; +echo "Activating policy"; +/usr/sbin/nvram get fwb|sh && (killall reboot; echo 'Policy activated') + + + + + +echo '%FWBPROMPT%'; +cat > /tmp/%FWSCRIPT% + + + +echo '%FWBPROMPT%'; +cp /tmp/crontab /tmp/crontab.o; +echo '* * * * * root cat /tmp/crontab.o > /tmp/crontab; reboot -d%RBTIMEOUT%' >> /tmp/crontab; +sh /tmp/%FWSCRIPT% && echo 'Policy activated' + + +echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT% && echo 'Policy activated' + + + + + + + + True + + True + + + + + True + + + + + lsmod + modprobe + iptables + iptables-restore + ip + logger + + + + + diff --git a/src/res/os/linksys.xml.in b/src/res/os/linksys.xml.in new file mode 100644 index 000000000..1fc8b9105 --- /dev/null +++ b/src/res/os/linksys.xml.in @@ -0,0 +1,107 @@ + + + + Linksys/Sveasoft + linux24 + linksys + + + false + + 1 + lo + $ + # + + + + + /tmp + + /tmp + + sec + + + + +echo '%FWBPROMPT%'; +cat > /tmp/%FWSCRIPT% + + + +echo '%FWBPROMPT%'; +mv /tmp/%FWSCRIPT% /tmp/fwb; +/usr/sbin/nvram unset rc_firewall; +/usr/sbin/nvram set rc_firewall="/usr/sbin/nvram get fwb|uudecode|gzip -dc|sh"; +/usr/sbin/nvram unset fwb; +/usr/sbin/nvram set fwb="`cat /tmp/fwb|gzip|uuencode -`" || exit 1; +rm /tmp/fwb; +echo "Saving data to flash memory"; +/usr/sbin/nvram commit || exit 1; +echo "Flash memory:"; +/usr/sbin/nvram show >/dev/null; +echo "Activating policy"; +/usr/sbin/nvram get fwb|uudecode|gzip -dc|sh && (killall reboot;echo 'Policy activated') + + + +echo '%FWBPROMPT%'; +mv /tmp/%FWSCRIPT% /tmp/fwb; +/usr/sbin/nvram set rc_firewall="/usr/sbin/nvram get fwb|sh"; +/usr/sbin/nvram unset fwb; +/usr/sbin/nvram set fwb="`cat /tmp/fwb`" || exit 1; +rm /tmp/fwb; +echo "Saving data to flash memory"; +/usr/sbin/nvram commit || exit 1; +echo "Flash memory:"; +/usr/sbin/nvram show >/dev/null; +echo "Activating policy"; +/usr/sbin/nvram get fwb|sh && (killall reboot; echo 'Policy activated') + + + + + +echo '%FWBPROMPT%'; +cat > /tmp/%FWSCRIPT% + + + +echo '%FWBPROMPT%'; +cp /tmp/crontab /tmp/crontab.o; +echo '* * * * * root cat /tmp/crontab.o > /tmp/crontab; reboot -d%RBTIMEOUT%' >> /tmp/crontab; +sh /tmp/%FWSCRIPT% && echo 'Policy activated' + + +echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT% && echo 'Policy activated' + + + + + + + + True + + True + + + + + True + + + + + lsmod + modprobe + iptables + iptables-restore + ip + logger + + + + + diff --git a/src/res/os/linux24.xml b/src/res/os/linux24.xml new file mode 100644 index 000000000..0756ab0b3 --- /dev/null +++ b/src/res/os/linux24.xml @@ -0,0 +1,165 @@ + + + + Linux 2.4/2.6 + linux24 + linux24 + + + true + + 1 + lo + + + + + /etc/fw + + /tmp + + min + + + + +echo '%FWBPROMPT%'; +cat > %FWDIR%/%FWSCRIPT% && +chmod +x %FWDIR%/%FWSCRIPT%; +echo Done; + + + +echo '%FWBPROMPT%'; +sudo -S %FWDIR%/%FWSCRIPT% && ( which pkill > /dev/null && sudo -S pkill shutdown; echo 'Policy activated' ) + + +echo '%FWBPROMPT%'; +sudo -S %FWDIR%/%FWSCRIPT% && ( which pkill > /dev/null && sudo -S pkill shutdown; echo 'Policy activated' ) + + + + + +echo '%FWBPROMPT%'; +mkdir -p %FWDIR%/tmp; +cat > %FWDIR%/tmp/%FWSCRIPT% && +chmod +x %FWDIR%/tmp/%FWSCRIPT%; +echo Done; + + + +echo '%FWBPROMPT%'; +echo 'sudo -S /sbin/shutdown -r +%RBTIMEOUT%'|batch; +sudo -S %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + +echo '%FWBPROMPT%'; +sudo -S %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + + + + + + +echo '%FWBPROMPT%'; +cat > %FWDIR%/%FWSCRIPT% && +chmod +x %FWDIR%/%FWSCRIPT%; +echo Done; + + + +echo '%FWBPROMPT%'; +sh %FWDIR%/%FWSCRIPT% && ( which pkill > /dev/null && pkill shutdown; echo 'Policy activated' ) + + +echo '%FWBPROMPT%'; +sh %FWDIR%/%FWSCRIPT% && ( which pkill > /dev/null && pkill shutdown; echo 'Policy activated' ) + + + + + +echo '%FWBPROMPT%'; +mkdir -p %FWDIR%/tmp; +cat > %FWDIR%/tmp/%FWSCRIPT% && +chmod +x %FWDIR%/tmp/%FWSCRIPT%; +echo Done; + + + +echo '%FWBPROMPT%'; +echo '/sbin/shutdown -r +%RBTIMEOUT%'|batch; +sh %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + +echo '%FWBPROMPT%'; +sh %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + + + + + + + False + + False + + + + + True + + + + + /sbin/lsmod + /sbin/modprobe + /sbin/iptables + /sbin/iptables-restore + /sbin/ip + /usr/bin/logger + /usr/bin/expect + + + /sbin/lsmod + /sbin/modprobe + /sbin/iptables + /sbin/iptables-restore + /sbin/ip + /usr/bin/logger + /usr/bin/expect + + + /sbin/lsmod + /sbin/modprobe + /usr/sbin/iptables + /usr/sbin/iptables-restore + /sbin/ip + /bin/logger + /usr/bin/expect + + + /sbin/lsmod + /sbin/modprobe + /sbin/iptables + /sbin/iptables-restore + /sbin/ip + /usr/bin/logger + /usr/bin/expect + + + lsmod + modprobe + iptables + iptables-restore + ip + logger + /usr/bin/expect + + + + + diff --git a/src/res/os/linux24.xml.in b/src/res/os/linux24.xml.in new file mode 100644 index 000000000..0eb42eb0c --- /dev/null +++ b/src/res/os/linux24.xml.in @@ -0,0 +1,165 @@ + + + + Linux 2.4/2.6 + linux24 + linux24 + + + true + + 1 + lo + + + + + /etc/fw + + /tmp + + min + + + + +echo '%FWBPROMPT%'; +cat > %FWDIR%/%FWSCRIPT% && +chmod +x %FWDIR%/%FWSCRIPT%; +echo Done; + + + +echo '%FWBPROMPT%'; +sudo -S %FWDIR%/%FWSCRIPT% && ( which pkill > /dev/null && sudo -S pkill shutdown; echo 'Policy activated' ) + + +echo '%FWBPROMPT%'; +sudo -S %FWDIR%/%FWSCRIPT% && ( which pkill > /dev/null && sudo -S pkill shutdown; echo 'Policy activated' ) + + + + + +echo '%FWBPROMPT%'; +mkdir -p %FWDIR%/tmp; +cat > %FWDIR%/tmp/%FWSCRIPT% && +chmod +x %FWDIR%/tmp/%FWSCRIPT%; +echo Done; + + + +echo '%FWBPROMPT%'; +echo 'sudo -S /sbin/shutdown -r +%RBTIMEOUT%'|batch; +sudo -S %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + +echo '%FWBPROMPT%'; +sudo -S %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + + + + + + +echo '%FWBPROMPT%'; +cat > %FWDIR%/%FWSCRIPT% && +chmod +x %FWDIR%/%FWSCRIPT%; +echo Done; + + + +echo '%FWBPROMPT%'; +sh %FWDIR%/%FWSCRIPT% && ( which pkill > /dev/null && pkill shutdown; echo 'Policy activated' ) + + +echo '%FWBPROMPT%'; +sh %FWDIR%/%FWSCRIPT% && ( which pkill > /dev/null && pkill shutdown; echo 'Policy activated' ) + + + + + +echo '%FWBPROMPT%'; +mkdir -p %FWDIR%/tmp; +cat > %FWDIR%/tmp/%FWSCRIPT% && +chmod +x %FWDIR%/tmp/%FWSCRIPT%; +echo Done; + + + +echo '%FWBPROMPT%'; +echo '/sbin/shutdown -r +%RBTIMEOUT%'|batch; +sh %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + +echo '%FWBPROMPT%'; +sh %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + + + + + + + False + + False + + + + + True + + + + + /sbin/lsmod + /sbin/modprobe + /sbin/iptables + /sbin/iptables-restore + /sbin/ip + /usr/bin/logger + /usr/bin/expect + + + /sbin/lsmod + /sbin/modprobe + /sbin/iptables + /sbin/iptables-restore + /sbin/ip + /usr/bin/logger + /usr/bin/expect + + + /sbin/lsmod + /sbin/modprobe + /usr/sbin/iptables + /usr/sbin/iptables-restore + /sbin/ip + /bin/logger + /usr/bin/expect + + + /sbin/lsmod + /sbin/modprobe + /sbin/iptables + /sbin/iptables-restore + /sbin/ip + /usr/bin/logger + /usr/bin/expect + + + lsmod + modprobe + iptables + iptables-restore + ip + logger + /usr/bin/expect + + + + + diff --git a/src/res/os/macosx.xml b/src/res/os/macosx.xml new file mode 100644 index 000000000..fa2c5a359 --- /dev/null +++ b/src/res/os/macosx.xml @@ -0,0 +1,115 @@ + + + + Mac OS X + macosx + macosx + + + true + + 1 + lo0 + + + + + /etc/fw + + /tmp + + min + + + + +echo '%FWBPROMPT%'; +cat > %FWDIR%/%FWSCRIPT%; + + + +echo '%FWBPROMPT%'; +chmod +x %FWDIR%/%FWSCRIPT%; +sudo -S %FWDIR%/%FWSCRIPT% && (ps ax|awk '/shutdown/ && !/awk/ {printf "sudo -S kill %d\n",$1;}'|sh; echo 'Policy activated') + + +echo '%FWBPROMPT%'; +chmod +x %FWDIR%/%FWSCRIPT%; +sudo -S %FWDIR%/%FWSCRIPT% && (ps ax|awk '/shutdown/ && !/awk/ {printf "sudo -S kill %d\n",$1;}'|sh; echo 'Policy activated') + + + + + +echo '%FWBPROMPT%'; +mkdir -p %FWDIR%/tmp; +cat > %FWDIR%/tmp/%FWSCRIPT%; + + + +echo '%FWBPROMPT%'; +chmod +x %FWDIR%/tmp/%FWSCRIPT%; +sudo -S /sbin/shutdown -r +%RBTIMEOUT%; +sudo -S %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + +echo '%FWBPROMPT%'; +chmod +x %FWDIR%/tmp/%FWSCRIPT%; +sudo -S %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + + + + + + +echo '%FWBPROMPT%'; +cat > %FWDIR%/%FWSCRIPT%; + + + +echo '%FWBPROMPT%'; +sh %FWDIR%/%FWSCRIPT% && (ps ax|awk '/shutdown/ && \!/awk/ {printf "kill %d\n",$1;}'|sh; echo 'Policy activated') + + +echo '%FWBPROMPT%'; +sh %FWDIR%/%FWSCRIPT% && (ps ax|awk '/shutdown/ && \!/awk/ {printf "kill %d\n",$1;}'|sh; echo 'Policy activated') + + + + + +echo '%FWBPROMPT%'; +mkdir -p %FWDIR%/tmp; +cat > %FWDIR%/tmp/%FWSCRIPT%; + + + +echo '%FWBPROMPT%'; +/sbin/shutdown -r +%RBTIMEOUT%; +sh %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + +echo '%FWBPROMPT%'; +sh %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + + + + + + + + + False + + + + /sbin/ipfw + /usr/sbin/sysctl + /usr/bin/logger + /sw/bin/expect + + + + diff --git a/src/res/os/macosx.xml.in b/src/res/os/macosx.xml.in new file mode 100644 index 000000000..ade224b48 --- /dev/null +++ b/src/res/os/macosx.xml.in @@ -0,0 +1,115 @@ + + + + Mac OS X + macosx + macosx + + + true + + 1 + lo0 + + + + + /etc/fw + + /tmp + + min + + + + +echo '%FWBPROMPT%'; +cat > %FWDIR%/%FWSCRIPT%; + + + +echo '%FWBPROMPT%'; +chmod +x %FWDIR%/%FWSCRIPT%; +sudo -S %FWDIR%/%FWSCRIPT% && (ps ax|awk '/shutdown/ && !/awk/ {printf "sudo -S kill %d\n",$1;}'|sh; echo 'Policy activated') + + +echo '%FWBPROMPT%'; +chmod +x %FWDIR%/%FWSCRIPT%; +sudo -S %FWDIR%/%FWSCRIPT% && (ps ax|awk '/shutdown/ && !/awk/ {printf "sudo -S kill %d\n",$1;}'|sh; echo 'Policy activated') + + + + + +echo '%FWBPROMPT%'; +mkdir -p %FWDIR%/tmp; +cat > %FWDIR%/tmp/%FWSCRIPT%; + + + +echo '%FWBPROMPT%'; +chmod +x %FWDIR%/tmp/%FWSCRIPT%; +sudo -S /sbin/shutdown -r +%RBTIMEOUT%; +sudo -S %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + +echo '%FWBPROMPT%'; +chmod +x %FWDIR%/tmp/%FWSCRIPT%; +sudo -S %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + + + + + + +echo '%FWBPROMPT%'; +cat > %FWDIR%/%FWSCRIPT%; + + + +echo '%FWBPROMPT%'; +sh %FWDIR%/%FWSCRIPT% && (ps ax|awk '/shutdown/ && \!/awk/ {printf "kill %d\n",$1;}'|sh; echo 'Policy activated') + + +echo '%FWBPROMPT%'; +sh %FWDIR%/%FWSCRIPT% && (ps ax|awk '/shutdown/ && \!/awk/ {printf "kill %d\n",$1;}'|sh; echo 'Policy activated') + + + + + +echo '%FWBPROMPT%'; +mkdir -p %FWDIR%/tmp; +cat > %FWDIR%/tmp/%FWSCRIPT%; + + + +echo '%FWBPROMPT%'; +/sbin/shutdown -r +%RBTIMEOUT%; +sh %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + +echo '%FWBPROMPT%'; +sh %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + + + + + + + + + False + + + + /sbin/ipfw + /usr/sbin/sysctl + /usr/bin/logger + /sw/bin/expect + + + + diff --git a/src/res/os/openbsd.xml b/src/res/os/openbsd.xml new file mode 100644 index 000000000..85e9d0946 --- /dev/null +++ b/src/res/os/openbsd.xml @@ -0,0 +1,114 @@ + + + + OpenBSD + openbsd + openbsd + + + true + + 1 + lo0 + + + + + /etc/fw + + /tmp + + min + + + + +echo '%FWBPROMPT%'; +cat > %FWDIR%/%FWSCRIPT%; + + + +echo '%FWBPROMPT%'; +chmod +x %FWDIR%/%FWSCRIPT%; +sudo -S %FWDIR%/%FWSCRIPT% && sudo -S pkill shutdown; echo 'Policy activated' + + +echo '%FWBPROMPT%'; +chmod +x %FWDIR%/%FWSCRIPT%; +sudo -S %FWDIR%/%FWSCRIPT% && sudo -S pkill shutdown; echo 'Policy activated' + + + + + +echo '%FWBPROMPT%'; +mkdir -p %FWDIR%/tmp; +cat > %FWDIR%/tmp/%FWSCRIPT%; + + + +echo '%FWBPROMPT%'; +chmod +x %FWDIR%/tmp/%FWSCRIPT%; +sudo -S /sbin/shutdown -r +%RBTIMEOUT%; +sudo -S %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + +echo '%FWBPROMPT%'; +chmod +x %FWDIR%/tmp/%FWSCRIPT%; +sudo -S %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + + + + + + +echo '%FWBPROMPT%'; +cat > %FWDIR%/%FWSCRIPT%; + + + +echo '%FWBPROMPT%'; +sh %FWDIR%/%FWSCRIPT% && pkill shutdown; echo 'Policy activated' + + +echo '%FWBPROMPT%'; +sh %FWDIR%/%FWSCRIPT% && pkill shutdown; echo 'Policy activated' + + + + + +echo '%FWBPROMPT%'; +mkdir -p %FWDIR%/tmp; +cat > %FWDIR%/tmp/%FWSCRIPT%; + + + +echo '%FWBPROMPT%'; +/sbin/shutdown -r +%RBTIMEOUT%; +sh %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + +echo '%FWBPROMPT%'; +sh %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + + + + + + + + False + + + + /sbin/pfctl + /sbin/sysctl + /usr/bin/logger + /usr/bin/expect + + + + diff --git a/src/res/os/openbsd.xml.in b/src/res/os/openbsd.xml.in new file mode 100644 index 000000000..3e24ab619 --- /dev/null +++ b/src/res/os/openbsd.xml.in @@ -0,0 +1,114 @@ + + + + OpenBSD + openbsd + openbsd + + + true + + 1 + lo0 + + + + + /etc/fw + + /tmp + + min + + + + +echo '%FWBPROMPT%'; +cat > %FWDIR%/%FWSCRIPT%; + + + +echo '%FWBPROMPT%'; +chmod +x %FWDIR%/%FWSCRIPT%; +sudo -S %FWDIR%/%FWSCRIPT% && sudo -S pkill shutdown; echo 'Policy activated' + + +echo '%FWBPROMPT%'; +chmod +x %FWDIR%/%FWSCRIPT%; +sudo -S %FWDIR%/%FWSCRIPT% && sudo -S pkill shutdown; echo 'Policy activated' + + + + + +echo '%FWBPROMPT%'; +mkdir -p %FWDIR%/tmp; +cat > %FWDIR%/tmp/%FWSCRIPT%; + + + +echo '%FWBPROMPT%'; +chmod +x %FWDIR%/tmp/%FWSCRIPT%; +sudo -S /sbin/shutdown -r +%RBTIMEOUT%; +sudo -S %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + +echo '%FWBPROMPT%'; +chmod +x %FWDIR%/tmp/%FWSCRIPT%; +sudo -S %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + + + + + + +echo '%FWBPROMPT%'; +cat > %FWDIR%/%FWSCRIPT%; + + + +echo '%FWBPROMPT%'; +sh %FWDIR%/%FWSCRIPT% && pkill shutdown; echo 'Policy activated' + + +echo '%FWBPROMPT%'; +sh %FWDIR%/%FWSCRIPT% && pkill shutdown; echo 'Policy activated' + + + + + +echo '%FWBPROMPT%'; +mkdir -p %FWDIR%/tmp; +cat > %FWDIR%/tmp/%FWSCRIPT%; + + + +echo '%FWBPROMPT%'; +/sbin/shutdown -r +%RBTIMEOUT%; +sh %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + +echo '%FWBPROMPT%'; +sh %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + + + + + + + + False + + + + /sbin/pfctl + /sbin/sysctl + /usr/bin/logger + /usr/bin/expect + + + + diff --git a/src/res/os/pix_os.xml b/src/res/os/pix_os.xml new file mode 100644 index 000000000..a09855774 --- /dev/null +++ b/src/res/os/pix_os.xml @@ -0,0 +1,77 @@ + + + + Cisco PIX + fwb_pix + pix_os + pix_os + + + false + + + + + + + + min + + + + + + + + wr mem + + + + reload in %RBTIMEOUT% + + + + reload cancel + + + + wr standby + + + + + + terminal pager lines 0 + + + + + + + reload in %RBTIMEOUT% + + + + reload cancel + + + + wr standby + + + + + + + + + + + + + False + + + + + diff --git a/src/res/os/pix_os.xml.in b/src/res/os/pix_os.xml.in new file mode 100644 index 000000000..d9ce7b81f --- /dev/null +++ b/src/res/os/pix_os.xml.in @@ -0,0 +1,77 @@ + + + + Cisco PIX + fwb_pix + pix_os + pix_os + + + false + + + + + + + + min + + + + + + + + wr mem + + + + reload in %RBTIMEOUT% + + + + reload cancel + + + + wr standby + + + + + + terminal pager lines 0 + + + + + + + reload in %RBTIMEOUT% + + + + reload cancel + + + + wr standby + + + + + + + + + + + + + False + + + + + diff --git a/src/res/os/solaris.xml b/src/res/os/solaris.xml new file mode 100644 index 000000000..18786414d --- /dev/null +++ b/src/res/os/solaris.xml @@ -0,0 +1,115 @@ + + + + Solaris + solaris + solaris + + + true + + 1 + lo0 + + + + + /etc/fw + + /tmp + + sec + + + + +echo '%FWBPROMPT%'; +cat > %FWDIR%/%FWSCRIPT%; + + + +echo '%FWBPROMPT%'; +chmod +x %FWDIR%/%FWSCRIPT%; +sudo -S %FWDIR%/%FWSCRIPT% && sudo -S pkill shutdown; echo 'Policy activated' + + +echo '%FWBPROMPT%'; +chmod +x %FWDIR%/%FWSCRIPT%; +sudo -S %FWDIR%/%FWSCRIPT% && sudo -S pkill shutdown; echo 'Policy activated' + + + + + +echo '%FWBPROMPT%'; +mkdir -p %FWDIR%/tmp; +cat > %FWDIR%/tmp/%FWSCRIPT%; + + + +echo '%FWBPROMPT%'; +chmod +x %FWDIR%/tmp/%FWSCRIPT%; +echo 'sudo -S /usr/sbin/shutdown -y -i6 -g%RBTIMEOUT% &'|sh; +sudo -S %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + +echo '%FWBPROMPT%'; +chmod +x %FWDIR%/tmp/%FWSCRIPT%; +sudo -S %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + + + + + + +echo '%FWBPROMPT%'; +cat > %FWDIR%/%FWSCRIPT%; + + + +echo '%FWBPROMPT%'; +sh %FWDIR%/%FWSCRIPT% && pkill shutdown; echo 'Policy activated' + + +echo '%FWBPROMPT%'; +sh %FWDIR%/%FWSCRIPT% && pkill shutdown; echo 'Policy activated' + + + + + +echo '%FWBPROMPT%'; +mkdir -p %FWDIR%/tmp; +cat > %FWDIR%/tmp/%FWSCRIPT%; + + + +echo '%FWBPROMPT%'; +echo '/usr/sbin/shutdown -y -i6 -g%RBTIMEOUT% &'|sh; +sh %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + +echo '%FWBPROMPT%'; +sh %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + + + + + + + + + False + + + + /sbin/ipf + /sbin/ipnat + /usr/bin/logger + /usr/bin/expect + + + + diff --git a/src/res/os/solaris.xml.in b/src/res/os/solaris.xml.in new file mode 100644 index 000000000..5b230c3da --- /dev/null +++ b/src/res/os/solaris.xml.in @@ -0,0 +1,115 @@ + + + + Solaris + solaris + solaris + + + true + + 1 + lo0 + + + + + /etc/fw + + /tmp + + sec + + + + +echo '%FWBPROMPT%'; +cat > %FWDIR%/%FWSCRIPT%; + + + +echo '%FWBPROMPT%'; +chmod +x %FWDIR%/%FWSCRIPT%; +sudo -S %FWDIR%/%FWSCRIPT% && sudo -S pkill shutdown; echo 'Policy activated' + + +echo '%FWBPROMPT%'; +chmod +x %FWDIR%/%FWSCRIPT%; +sudo -S %FWDIR%/%FWSCRIPT% && sudo -S pkill shutdown; echo 'Policy activated' + + + + + +echo '%FWBPROMPT%'; +mkdir -p %FWDIR%/tmp; +cat > %FWDIR%/tmp/%FWSCRIPT%; + + + +echo '%FWBPROMPT%'; +chmod +x %FWDIR%/tmp/%FWSCRIPT%; +echo 'sudo -S /usr/sbin/shutdown -y -i6 -g%RBTIMEOUT% &'|sh; +sudo -S %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + +echo '%FWBPROMPT%'; +chmod +x %FWDIR%/tmp/%FWSCRIPT%; +sudo -S %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + + + + + + +echo '%FWBPROMPT%'; +cat > %FWDIR%/%FWSCRIPT%; + + + +echo '%FWBPROMPT%'; +sh %FWDIR%/%FWSCRIPT% && pkill shutdown; echo 'Policy activated' + + +echo '%FWBPROMPT%'; +sh %FWDIR%/%FWSCRIPT% && pkill shutdown; echo 'Policy activated' + + + + + +echo '%FWBPROMPT%'; +mkdir -p %FWDIR%/tmp; +cat > %FWDIR%/tmp/%FWSCRIPT%; + + + +echo '%FWBPROMPT%'; +echo '/usr/sbin/shutdown -y -i6 -g%RBTIMEOUT% &'|sh; +sh %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + +echo '%FWBPROMPT%'; +sh %FWDIR%/tmp/%FWSCRIPT% && echo 'Policy activated' + + + + + + + + + + False + + + + /sbin/ipf + /sbin/ipnat + /usr/bin/logger + /usr/bin/expect + + + + diff --git a/src/res/os/unknown_os.xml b/src/res/os/unknown_os.xml new file mode 100644 index 000000000..4da2403cc --- /dev/null +++ b/src/res/os/unknown_os.xml @@ -0,0 +1,108 @@ + + + + Unknown + unknown + unknown + + + true + + + + + + /etc/fw + + /tmp + + sec + + + +echo '%FWBPROMPT%'; +cat > %FWDIR%/%FWSCRIPT%; + + + + +echo '%FWBPROMPT%'; +chmod +x %FWDIR%/%FWSCRIPT%; +sudo -S %FWDIR%/%FWSCRIPT% && (sudo -S ps ax|awk '/shutdown/ && \!/awk/ {printf "kill %d\n",$1;}'|sh; echo 'Policy activated') + + +echo '%FWBPROMPT%'; +chmod +x %FWDIR%/%FWSCRIPT%; +sudo -S %FWDIR%/%FWSCRIPT% && (sudo -S ps ax|awk '/shutdown/ && \!/awk/ {printf "kill %d\n",$1;}'|sh; echo 'Policy activated') + + + + + +echo '%FWBPROMPT%'; +chmod +x /tmp/%FWSCRIPT%; +sudo -S /sbin/shutdown -r +%RBTIMEOUT%; +sudo -S /tmp/%FWSCRIPT% && echo 'Policy activated' + + +echo '%FWBPROMPT%'; +chmod +x /tmp/%FWSCRIPT%; +sudo -S /tmp/%FWSCRIPT% && echo 'Policy activated' + + + + + + +echo '%FWBPROMPT%'; +cat > %FWDIR%/%FWSCRIPT%; + + + + +echo '%FWBPROMPT%'; +sh %FWDIR%/%FWSCRIPT% && (ps ax|awk '/shutdown/ && \!/awk/ {printf "kill %d\n",$1;}'|sh; echo 'Policy activated') + + +echo '%FWBPROMPT%'; +sh %FWDIR%/%FWSCRIPT% && (ps ax|awk '/shutdown/ && \!/awk/ {printf "kill %d\n",$1;}'|sh; echo 'Policy activated') + + + + + +echo '%FWBPROMPT%'; +/sbin/shutdown -r +%RBTIMEOUT%; +sh /tmp/%FWSCRIPT% && echo 'Policy activated' + + +echo '%FWBPROMPT%'; +sh /tmp/%FWSCRIPT% && echo 'Policy activated' + + + + + + + + + + False + + + + /sbin/lsmod + /sbin/modprobe + /sbin/iptables + /sbin/ip + /usr/bin/logger + /usr/bin/expect + /sbin/ipfw + /sbin/ipf + /sbin/ipnat + /sbin/sysctl + + + + + diff --git a/src/res/os/unknown_os.xml.in b/src/res/os/unknown_os.xml.in new file mode 100644 index 000000000..cbb52c9ad --- /dev/null +++ b/src/res/os/unknown_os.xml.in @@ -0,0 +1,108 @@ + + + + Unknown + unknown + unknown + + + true + + + + + + /etc/fw + + /tmp + + sec + + + +echo '%FWBPROMPT%'; +cat > %FWDIR%/%FWSCRIPT%; + + + + +echo '%FWBPROMPT%'; +chmod +x %FWDIR%/%FWSCRIPT%; +sudo -S %FWDIR%/%FWSCRIPT% && (sudo -S ps ax|awk '/shutdown/ && \!/awk/ {printf "kill %d\n",$1;}'|sh; echo 'Policy activated') + + +echo '%FWBPROMPT%'; +chmod +x %FWDIR%/%FWSCRIPT%; +sudo -S %FWDIR%/%FWSCRIPT% && (sudo -S ps ax|awk '/shutdown/ && \!/awk/ {printf "kill %d\n",$1;}'|sh; echo 'Policy activated') + + + + + +echo '%FWBPROMPT%'; +chmod +x /tmp/%FWSCRIPT%; +sudo -S /sbin/shutdown -r +%RBTIMEOUT%; +sudo -S /tmp/%FWSCRIPT% && echo 'Policy activated' + + +echo '%FWBPROMPT%'; +chmod +x /tmp/%FWSCRIPT%; +sudo -S /tmp/%FWSCRIPT% && echo 'Policy activated' + + + + + + +echo '%FWBPROMPT%'; +cat > %FWDIR%/%FWSCRIPT%; + + + + +echo '%FWBPROMPT%'; +sh %FWDIR%/%FWSCRIPT% && (ps ax|awk '/shutdown/ && \!/awk/ {printf "kill %d\n",$1;}'|sh; echo 'Policy activated') + + +echo '%FWBPROMPT%'; +sh %FWDIR%/%FWSCRIPT% && (ps ax|awk '/shutdown/ && \!/awk/ {printf "kill %d\n",$1;}'|sh; echo 'Policy activated') + + + + + +echo '%FWBPROMPT%'; +/sbin/shutdown -r +%RBTIMEOUT%; +sh /tmp/%FWSCRIPT% && echo 'Policy activated' + + +echo '%FWBPROMPT%'; +sh /tmp/%FWSCRIPT% && echo 'Policy activated' + + + + + + + + + + False + + + + /sbin/lsmod + /sbin/modprobe + /sbin/iptables + /sbin/ip + /usr/bin/logger + /usr/bin/expect + /sbin/ipfw + /sbin/ipf + /sbin/ipnat + /sbin/sysctl + + + + + diff --git a/src/res/platform/fwsm.xml b/src/res/platform/fwsm.xml new file mode 100644 index 000000000..987efaf07 --- /dev/null +++ b/src/res/platform/fwsm.xml @@ -0,0 +1,176 @@ + + + + FWSM + fwb_pix + pix + fwb_inst_pix + fwb_pix_diff + fwsm_os + + 2.3 + + + + true + true + true + true + true + true + 300 + false + false + false + true + true + + + + true + true + true + true + true + true + true + 300 + true + true + true + false + false + true + false + + clear access-list + clear object-group + clear icmp + clear telnet + clear ssh + clear ntp + clear snmp-server + clear xlate + clear static + clear global + clear nat + +ip address %il %a %n + + +ip address %il dhcp setroute retry 10 + + +nameif %in %il security%sl + + + + + 3 + 0 + 0 + + 1 + 0 + 0 + + 0 + 2 + 0 + + 0 + 10 + 0 + + 0 + 5 + 0 + + 0 + 30 + 0 + + 0 + 2 + 0 + + 0 + 10 + 0 + + 2 + 0 + 0 + True + False + + 5 + 5 + + + + dns_fixup,espike_fixup,ftp_fixup,h323_h225_fixup,h323_ras_fixup,http_fixup,icmp_error_fixup,ils_fixup,mgcp_fixup,rsh_fixup,rtsp_fixup,sip_fixup,sip_udp_fixup,skinny_fixup,smtp_fixup,sqlnet_fixup,tftp_fixup + false + + + + + + + False + False + False + True + True + True + False + False + True + True + False + + + True + None + + + True + None + + + True + Reject + + + True + None + + + False + None + + + False + None + + + False + None + + + False + None + + + False + None + + + False + None + + + + + + diff --git a/src/res/platform/fwsm.xml.in b/src/res/platform/fwsm.xml.in new file mode 100644 index 000000000..636a3c183 --- /dev/null +++ b/src/res/platform/fwsm.xml.in @@ -0,0 +1,176 @@ + + + + FWSM + fwb_pix + pix + fwb_inst_pix + fwb_pix_diff + fwsm_os + + 2.3 + + + + true + true + true + true + true + true + 300 + false + false + false + true + true + + + + true + true + true + true + true + true + true + 300 + true + true + true + false + false + true + false + + clear access-list + clear object-group + clear icmp + clear telnet + clear ssh + clear ntp + clear snmp-server + clear xlate + clear static + clear global + clear nat + +ip address %il %a %n + + +ip address %il dhcp setroute retry 10 + + +nameif %in %il security%sl + + + + + 3 + 0 + 0 + + 1 + 0 + 0 + + 0 + 2 + 0 + + 0 + 10 + 0 + + 0 + 5 + 0 + + 0 + 30 + 0 + + 0 + 2 + 0 + + 0 + 10 + 0 + + 2 + 0 + 0 + True + False + + 5 + 5 + + + + dns_fixup,espike_fixup,ftp_fixup,h323_h225_fixup,h323_ras_fixup,http_fixup,icmp_error_fixup,ils_fixup,mgcp_fixup,rsh_fixup,rtsp_fixup,sip_fixup,sip_udp_fixup,skinny_fixup,smtp_fixup,sqlnet_fixup,tftp_fixup + false + + + + + + + False + False + False + True + True + True + False + False + True + True + False + + + True + None + + + True + None + + + True + Reject + + + True + None + + + False + None + + + False + None + + + False + None + + + False + None + + + False + None + + + False + None + + + + + + diff --git a/src/res/platform/iosacl.xml.in b/src/res/platform/iosacl.xml.in new file mode 100644 index 000000000..6776cf4d7 --- /dev/null +++ b/src/res/platform/iosacl.xml.in @@ -0,0 +1,98 @@ + + + + IOS ACL + fwb_iosacl + iosacl + fwb_inst_iosacl + fwb_iosacl_diff + ios + + 12.x + + + + true + true + true + + + + true + true + true + + + no access-list + no ip access-list extended + +interface %in + ip address %a %n + + +interface %in + ip address dhcp + + + + + + + + False + False + False + True + True + False + False + False + False + False + True + + + True + None + + + True + None + + + False + Reject + + + False + None + + + False + None + + + False + None + + + False + None + + + False + None + + + False + None + + + False + None + + + + + + diff --git a/src/res/platform/ipf.xml b/src/res/platform/ipf.xml new file mode 100644 index 000000000..0c96bddf0 --- /dev/null +++ b/src/res/platform/ipf.xml @@ -0,0 +1,80 @@ + + + + ipfilter + fwb_ipf + ipf + freebsd,solaris + + + + /etc + true + true + true + RULE %N -- %A + true + true + true + false + + + + + True + True + False + True + True + True + False + True + False + False + False + + + True + None + + + True + None + + + True + Reject + + + True + None + + + False + None + + + False + None + + + False + None + + + True + CustomStr + + + False + None + + + True + RouteIPF + + + + + + diff --git a/src/res/platform/ipf.xml.in b/src/res/platform/ipf.xml.in new file mode 100644 index 000000000..bab90a09b --- /dev/null +++ b/src/res/platform/ipf.xml.in @@ -0,0 +1,80 @@ + + + + ipfilter + fwb_ipf + ipf + freebsd,solaris + + + + /etc + true + true + true + RULE %N -- %A + true + true + true + false + + + + + True + True + False + True + True + True + False + True + False + False + False + + + True + None + + + True + None + + + True + Reject + + + True + None + + + False + None + + + False + None + + + False + None + + + True + CustomStr + + + False + None + + + True + RouteIPF + + + + + + diff --git a/src/res/platform/ipfw.xml b/src/res/platform/ipfw.xml new file mode 100644 index 000000000..65525baba --- /dev/null +++ b/src/res/platform/ipfw.xml @@ -0,0 +1,79 @@ + + + + ipfw + fwb_ipfw + ipfw + freebsd,macosx + + + + /etc + true + true + true + RULE %N -- %A + true + true + + + + + True + True + False + True + True + False + False + True + False + False + False + + + True + None + + + True + None + + + True + Reject + + + True + None + + + False + None + + + True + PipeArgsIPFW + + + True + ClassifyArgsIPFW + + + True + CustomStr + + + False + None + + + False + None + + + + + + + diff --git a/src/res/platform/ipfw.xml.in b/src/res/platform/ipfw.xml.in new file mode 100644 index 000000000..5fdb682f6 --- /dev/null +++ b/src/res/platform/ipfw.xml.in @@ -0,0 +1,79 @@ + + + + ipfw + fwb_ipfw + ipfw + freebsd,macosx + + + + /etc + true + true + true + RULE %N -- %A + true + true + + + + + True + True + False + True + True + False + False + True + False + False + False + + + True + None + + + True + None + + + True + Reject + + + True + None + + + False + None + + + True + PipeArgsIPFW + + + True + ClassifyArgsIPFW + + + True + CustomStr + + + False + None + + + False + None + + + + + + + diff --git a/src/res/platform/iptables.xml b/src/res/platform/iptables.xml new file mode 100644 index 000000000..910c91a58 --- /dev/null +++ b/src/res/platform/iptables.xml @@ -0,0 +1,89 @@ + + + + iptables + fwb_ipt + iptables + linux24 + + + + true + true + true + true + true + true + true + info + RULE %N -- %A + 1 + 0 + true + true + false + + + + + True + True + True + True + True + True + True + True + False + False + False + + + True + None + + + True + None + + + True + Reject + + + True + AccountingStr + + + True + TagInt + + + True + None + + + True + ClassifyStr + + + True + CustomStr + + + True + BranchChain + + + True + RouteIPT + + + True + None + + + + + + diff --git a/src/res/platform/iptables.xml.in b/src/res/platform/iptables.xml.in new file mode 100644 index 000000000..e4d4a77b8 --- /dev/null +++ b/src/res/platform/iptables.xml.in @@ -0,0 +1,89 @@ + + + + iptables + fwb_ipt + iptables + linux24 + + + + true + true + true + true + true + true + true + info + RULE %N -- %A + 1 + 0 + true + true + false + + + + + True + True + True + True + True + True + True + True + False + False + False + + + True + None + + + True + None + + + True + Reject + + + True + AccountingStr + + + True + TagInt + + + True + None + + + True + ClassifyStr + + + True + CustomStr + + + True + BranchChain + + + True + RouteIPT + + + True + None + + + + + + diff --git a/src/res/platform/pf.xml b/src/res/platform/pf.xml new file mode 100644 index 000000000..54997f160 --- /dev/null +++ b/src/res/platform/pf.xml @@ -0,0 +1,82 @@ + + + + PF + fwb_pf + pf + openbsd,freebsd + + + + /etc + true + RULE %N -- %A + true + true + true + false + 1460 + 10 + 30 + 5000 + 10000 + + + + + True + True + True + True + True + True + False + True + False + False + True + + + True + None + + + True + None + + + True + Reject + + + True + None + + + True + TagStr + + + False + None + + + True + ClassifyStr + + + False + None + + + True + BranchAnchor + + + True + RoutePF + + + + + diff --git a/src/res/platform/pf.xml.in b/src/res/platform/pf.xml.in new file mode 100644 index 000000000..d07659195 --- /dev/null +++ b/src/res/platform/pf.xml.in @@ -0,0 +1,82 @@ + + + + PF + fwb_pf + pf + openbsd,freebsd + + + + /etc + true + RULE %N -- %A + true + true + true + false + 1460 + 10 + 30 + 5000 + 10000 + + + + + True + True + True + True + True + True + False + True + False + False + True + + + True + None + + + True + None + + + True + Reject + + + True + None + + + True + TagStr + + + False + None + + + True + ClassifyStr + + + False + None + + + True + BranchAnchor + + + True + RoutePF + + + + + diff --git a/src/res/platform/pix.xml b/src/res/platform/pix.xml new file mode 100644 index 000000000..41c446c6e --- /dev/null +++ b/src/res/platform/pix.xml @@ -0,0 +1,447 @@ + + + + PIX + fwb_pix + pix + fwb_inst_pix + fwb_pix_diff + pix_os + + 6.1,6.2,6.3,7.0 + + + + true + true + true + true + true + true + 300 + false + false + false + true + true + + + + true + true + true + true + true + true + true + 300 + false + false + false + true + true + false + false + + clear access-list + clear object-group + clear icmp + clear telnet + clear ssh + clear ntp + clear snmp-server + clear xlate + clear static + clear global + clear nat + +ip address %il %a %n + + +ip address %il dhcp setroute retry 10 + + +nameif %in %il security%sl + + + + + 3 + 0 + 0 + + 1 + 0 + 0 + + 0 + 2 + 0 + + 0 + 10 + 0 + + 0 + 5 + 0 + + 0 + 30 + 0 + + 0 + 2 + 0 + + 0 + 10 + 0 + + 2 + 0 + 0 + True + False + + 5 + 5 + + + + ftp_fixup,http_fixup,h323_h225_fixup,h323_ras_fixup,rsh_fixup,rtsp_fixup,sip_fixup,skinny_fixup,smtp_fixup,sqlnet_fixup + false + + + + + true + true + true + true + true + true + true + 300 + false + false + false + true + true + false + false + + clear access-list + clear object-group + clear icmp + clear telnet + clear ssh + clear ntp + clear snmp-server + clear xlate + clear static + clear global + clear nat + +ip address %il %a %n + + +ip address %il dhcp setroute retry 10 + + +nameif %in %il security%sl + + + + + 3 + 0 + 0 + + 1 + 0 + 0 + + 0 + 2 + 0 + + 0 + 10 + 0 + + 0 + 5 + 0 + + 0 + 30 + 0 + + 0 + 2 + 0 + + 0 + 10 + 0 + + 2 + 0 + 0 + True + False + + 5 + 5 + + + + ftp_fixup,http_fixup,h323_h225_fixup,h323_ras_fixup,ils_fixup,rsh_fixup,rtsp_fixup,sip_fixup,skinny_fixup,smtp_fixup,sqlnet_fixup + false + + + + + true + true + true + true + true + true + true + 300 + true + true + true + false + false + false + false + + clear access-list + clear object-group + clear icmp + clear telnet + clear ssh + clear ntp + clear snmp-server + clear xlate + clear static + clear global + clear nat + +ip address %il %a %n + + +ip address %il dhcp setroute retry 10 + + +nameif %in %il security%sl + + + + + 3 + 0 + 0 + + 1 + 0 + 0 + + 0 + 2 + 0 + + 0 + 10 + 0 + + 0 + 5 + 0 + + 0 + 30 + 0 + + 0 + 2 + 0 + + 0 + 10 + 0 + + 2 + 0 + 0 + True + False + + 5 + 5 + + + + ctiqbe_fixup,dns_fixup,espike_fixup,ftp_fixup,h323_h225_fixup,h323_ras_fixup,http_fixup,icmp_error_fixup,ils_fixup,mgcp_fixup,pptp_fixup,rsh_fixup,rtsp_fixup,sip_fixup,sip_udp_fixup,skinny_fixup,smtp_fixup,sqlnet_fixup,tftp_fixup + false + + + + + true + true + true + true + true + false + true + 300 + true + true + true + false + false + true + true + + clear config access-list + clear config object-group + clear config icmp + clear config telnet + clear config ssh + clear config ntp + clear config snmp-server + clear xlate + clear config static + clear config global + clear config nat + +interface %in + ip address %a %n +exit + + +interface %in + ip address dhcp setroute +exit + + +interface %in + nameif %il + security-level %sl +exit + + + + + 3 + 0 + 0 + + 1 + 0 + 0 + + 0 + 2 + 0 + + 0 + 10 + 0 + + 0 + 5 + 0 + + 0 + 30 + 0 + + 0 + 2 + 0 + + 0 + 10 + 0 + + 2 + 0 + 0 + True + False + + 5 + 5 + + + + ctiqbe_fixup,dns_fixup,ftp_fixup,h323_h225_fixup,h323_ras_fixup,http_fixup,icmp_error_fixup,ils_fixup,mgcp_fixup,rsh_fixup,rtsp_fixup,sip_fixup,sip_udp_fixup,skinny_fixup,smtp_fixup,sqlnet_fixup,tftp_fixup + true + + + + + + + False + False + False + True + True + True + False + False + True + True + False + + + True + None + + + True + None + + + True + Reject + + + True + None + + + False + None + + + False + None + + + False + None + + + False + None + + + False + None + + + False + None + + + + + + diff --git a/src/res/platform/pix.xml.in b/src/res/platform/pix.xml.in new file mode 100644 index 000000000..69710ed48 --- /dev/null +++ b/src/res/platform/pix.xml.in @@ -0,0 +1,447 @@ + + + + PIX + fwb_pix + pix + fwb_inst_pix + fwb_pix_diff + pix_os + + 6.1,6.2,6.3,7.0 + + + + true + true + true + true + true + true + 300 + false + false + false + true + true + + + + true + true + true + true + true + true + true + 300 + false + false + false + true + true + false + false + + clear access-list + clear object-group + clear icmp + clear telnet + clear ssh + clear ntp + clear snmp-server + clear xlate + clear static + clear global + clear nat + +ip address %il %a %n + + +ip address %il dhcp setroute retry 10 + + +nameif %in %il security%sl + + + + + 3 + 0 + 0 + + 1 + 0 + 0 + + 0 + 2 + 0 + + 0 + 10 + 0 + + 0 + 5 + 0 + + 0 + 30 + 0 + + 0 + 2 + 0 + + 0 + 10 + 0 + + 2 + 0 + 0 + True + False + + 5 + 5 + + + + ftp_fixup,http_fixup,h323_h225_fixup,h323_ras_fixup,rsh_fixup,rtsp_fixup,sip_fixup,skinny_fixup,smtp_fixup,sqlnet_fixup + false + + + + + true + true + true + true + true + true + true + 300 + false + false + false + true + true + false + false + + clear access-list + clear object-group + clear icmp + clear telnet + clear ssh + clear ntp + clear snmp-server + clear xlate + clear static + clear global + clear nat + +ip address %il %a %n + + +ip address %il dhcp setroute retry 10 + + +nameif %in %il security%sl + + + + + 3 + 0 + 0 + + 1 + 0 + 0 + + 0 + 2 + 0 + + 0 + 10 + 0 + + 0 + 5 + 0 + + 0 + 30 + 0 + + 0 + 2 + 0 + + 0 + 10 + 0 + + 2 + 0 + 0 + True + False + + 5 + 5 + + + + ftp_fixup,http_fixup,h323_h225_fixup,h323_ras_fixup,ils_fixup,rsh_fixup,rtsp_fixup,sip_fixup,skinny_fixup,smtp_fixup,sqlnet_fixup + false + + + + + true + true + true + true + true + true + true + 300 + true + true + true + false + false + false + false + + clear access-list + clear object-group + clear icmp + clear telnet + clear ssh + clear ntp + clear snmp-server + clear xlate + clear static + clear global + clear nat + +ip address %il %a %n + + +ip address %il dhcp setroute retry 10 + + +nameif %in %il security%sl + + + + + 3 + 0 + 0 + + 1 + 0 + 0 + + 0 + 2 + 0 + + 0 + 10 + 0 + + 0 + 5 + 0 + + 0 + 30 + 0 + + 0 + 2 + 0 + + 0 + 10 + 0 + + 2 + 0 + 0 + True + False + + 5 + 5 + + + + ctiqbe_fixup,dns_fixup,espike_fixup,ftp_fixup,h323_h225_fixup,h323_ras_fixup,http_fixup,icmp_error_fixup,ils_fixup,mgcp_fixup,pptp_fixup,rsh_fixup,rtsp_fixup,sip_fixup,sip_udp_fixup,skinny_fixup,smtp_fixup,sqlnet_fixup,tftp_fixup + false + + + + + true + true + true + true + true + false + true + 300 + true + true + true + false + false + true + true + + clear config access-list + clear config object-group + clear config icmp + clear config telnet + clear config ssh + clear config ntp + clear config snmp-server + clear xlate + clear config static + clear config global + clear config nat + +interface %in + ip address %a %n +exit + + +interface %in + ip address dhcp setroute +exit + + +interface %in + nameif %il + security-level %sl +exit + + + + + 3 + 0 + 0 + + 1 + 0 + 0 + + 0 + 2 + 0 + + 0 + 10 + 0 + + 0 + 5 + 0 + + 0 + 30 + 0 + + 0 + 2 + 0 + + 0 + 10 + 0 + + 2 + 0 + 0 + True + False + + 5 + 5 + + + + ctiqbe_fixup,dns_fixup,ftp_fixup,h323_h225_fixup,h323_ras_fixup,http_fixup,icmp_error_fixup,ils_fixup,mgcp_fixup,rsh_fixup,rtsp_fixup,sip_fixup,sip_udp_fixup,skinny_fixup,smtp_fixup,sqlnet_fixup,tftp_fixup + true + + + + + + + False + False + False + True + True + True + False + False + True + True + False + + + True + None + + + True + None + + + True + Reject + + + True + None + + + False + None + + + False + None + + + False + None + + + False + None + + + False + None + + + False + None + + + + + + diff --git a/src/res/platform/unknown.xml b/src/res/platform/unknown.xml new file mode 100644 index 000000000..e59c1f3d3 --- /dev/null +++ b/src/res/platform/unknown.xml @@ -0,0 +1,15 @@ + + + + Unknown + + unknown + unknown + + + + + + + + diff --git a/src/res/platform/unknown.xml.in b/src/res/platform/unknown.xml.in new file mode 100644 index 000000000..016107543 --- /dev/null +++ b/src/res/platform/unknown.xml.in @@ -0,0 +1,15 @@ + + + + Unknown + + unknown + unknown + + + + + + + + diff --git a/src/res/res.pro b/src/res/res.pro new file mode 100644 index 000000000..26f024948 --- /dev/null +++ b/src/res/res.pro @@ -0,0 +1,32 @@ +#-*- mode: makefile; tab-width: 4; -*- +# + +include(../../qmake.inc) + +win32 { + QMAKE_RUN_CC = @echo + QMAKE_RUN_CXX = @echo + QMAKE_LINK = @echo +} +!win32 { + QMAKE_RUN_CC = @echo > /dev/null + QMAKE_RUN_CXX = @echo > /dev/null + QMAKE_LINK = @echo > /dev/null +} + + +TARGET = res + +win32:target.path = $$PREFIX/ +unix:target.path = $$PREFIX/share/fwbuilder/ +macx:target.path = $$PREFIX/ + +res.files = objects_init.xml templates.xml resources.xml +res_os.files = os/*.xml +res_platform.files = platform/*.xml + +INSTALLS -= target +INSTALLS += res +INSTALLS += res_os +INSTALLS += res_platform +INSTALLS += icns diff --git a/src/res/resources.xml b/src/res/resources.xml new file mode 100644 index 000000000..8b29451bb --- /dev/null +++ b/src/res/resources.xml @@ -0,0 +1,532 @@ + + + + @PACKAGE_PIXMAPS_DIR@ + + + + neg.png + accept_25.png + tag_25.png + pipe_25.png + deny_25.png + reject_25.png + continue_25.png + accounting_25.png + classify_25.png + custom_25.png + branch_25.png + route_25.png + inbound.png + outbound.png + both.png + log_25.png + blank.png + error.png + warning.png + question.png + info_25.png + generic.png + check.png + uncheck.png + drag_object.png + options_25.png + protect_host.png + protect_net.png + protect_net_and_dmz.png + binoculars64.png + rules_druid_logo.png + up-arrow.png + down-arrow.png + left-arrow.png + right-arrow.png + big-up-arrow.png + big-down-arrow.png + big-left-arrow.png + big-right-arrow.png + cancel.png + ok.png + close.png + stop.png + redo.png + undo.png + apply.png + yes.png + no.png + cert_druid_logo.png + host_64.png + key.png + fwbuilder.ico + floppy.png + + 25 + 64 + + + + 9999 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + blank.png + false + false + true + true + true + + + + Network Objects + blank.png + + + + Library Of Objects + false + true + false + false + library_25.png + library-neg.png + library-ref.png + library_16.png + + + + Host + host_25.png + host-neg_25.png + host-ref_25.png + host_16.png + + false + + + + + Network + network_25.png + network-neg_25.png + network-ref_25.png + network_16.png + + + + Address Range + rangeaddress_25.png + rangeaddress-neg_25.png + rangeaddress-ref_25.png + rangeaddress_16.png + + + + Firewall + firewall_25.png + firewall-neg_25.png + firewall-ref_25.png + firewall_16.png + + unknown + unknown_os + + + + + Group of Objects + object-group_25.png + object-group-neg_25.png + object-group-ref_25.png + object-group_16.png + + + + Group of Services + service-group_25.png + service-group-neg_25.png + service-group-ref_25.png + service-group_16.png + + + + Group of time intervals + clock-group_25.png + clock-group-neg_25.png + clock-group-ref_25.png + clock-group_16.png + + + + Interface + interface_25.png + interface-neg_25.png + interface-ref_25.png + interface_16.png + false + + + + Physical address + physaddress_25.png + physaddress-neg_25.png + physaddress-ref_25.png + physaddress_16.png + false + + + + IPv4 address + address_25.png + address-neg_25.png + address-ref_25.png + address_16.png + false + + + + DNS Name + domainname_25.png + domainname-neg_25.png + domainname-ref_25.png + domainname_16.png + false + + + + Address Table + addresstable_25.png + addresstable-neg_25.png + addresstable-ref_25.png + addresstable_16.png + false + + + + Management + blank.png + blank.png + true + + + + Management + blank.png + blank.png + true + + + + Management + blank.png + blank.png + true + + + + IP + service-ip_25.png + service-ip-neg_25.png + service-ip-ref_25.png + service-ip_16.png + + + + ICMP + service-icmp_25.png + service-icmp-neg_25.png + service-icmp-ref_25.png + service-icmp_16.png + + + + TCP + service-tcp_25.png + service-tcp-neg_25.png + service-tcp-ref_25.png + service-tcp_16.png + + + + UDP + service-udp_25.png + service-udp-neg_25.png + service-udp-ref_25.png + service-udp_16.png + + + + Tag + service-tag_25.png + service-tag-neg_25.png + service-tag-ref_25.png + service-tag_16.png + + + + Custom + service-custom_25.png + service-custom-neg_25.png + service-custom-ref_25.png + service-custom_16.png + + + + NAT + blank_2x16.png + + + + Policy + blank_2x16.png + + + + Routing + blank_2x16.png + + + + Policy + blank_2x16.png + + + + Rule Element + generic.png + blank_2x16.png + true + + + + Rule + generic.png + blank_2x16.png + true + + + + Rule + generic.png + blank_2x16.png + true + + + + Rule + generic.png + blank_2x16.png + true + + + + Reference + ref.png + true + + + + Reference + ref.png + true + + + + Reference + ref.png + true + + + + Time + clock_25.png + clock-neg_25.png + clock-ref_25.png + clock_16.png + + -1 + -1 + -1 + -1 + -1 + -1 + -1 + -1 + -1 + -1 + -1 + -1 + + + + + Host Options + true + + + + Firewall Options + true + + + + Policy Rule Options + true + + + + NAT Rule Options + true + + + + Temporary Objects + true + + + + + + + + + Object Database + false + true + false + false + blank.png + + + + Any + true + true + false + false + blank.png + + + + Any + true + true + false + false + blank.png + + + + Any + true + true + false + false + blank.png + + + + Deleted Objects + true + true + false + false + blank.png + + + + + + + + + + diff --git a/src/res/resources.xml.in b/src/res/resources.xml.in new file mode 100644 index 000000000..a19cf4f14 --- /dev/null +++ b/src/res/resources.xml.in @@ -0,0 +1,532 @@ + + + + @PACKAGE_PIXMAPS_DIR@ + + + + neg.png + accept_25.png + tag_25.png + pipe_25.png + deny_25.png + reject_25.png + continue_25.png + accounting_25.png + classify_25.png + custom_25.png + branch_25.png + route_25.png + inbound.png + outbound.png + both.png + log_25.png + blank.png + error.png + warning.png + question.png + info_25.png + generic.png + check.png + uncheck.png + drag_object.png + options_25.png + protect_host.png + protect_net.png + protect_net_and_dmz.png + binoculars64.png + rules_druid_logo.png + up-arrow.png + down-arrow.png + left-arrow.png + right-arrow.png + big-up-arrow.png + big-down-arrow.png + big-left-arrow.png + big-right-arrow.png + cancel.png + ok.png + close.png + stop.png + redo.png + undo.png + apply.png + yes.png + no.png + cert_druid_logo.png + host_64.png + key.png + fwbuilder.ico + floppy.png + + 25 + 64 + + + + 9999 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + blank.png + false + false + true + true + true + + + + Network Objects + blank.png + + + + Library Of Objects + false + true + false + false + library_25.png + library-neg.png + library-ref.png + library_16.png + + + + Host + host_25.png + host-neg_25.png + host-ref_25.png + host_16.png + + false + + + + + Network + network_25.png + network-neg_25.png + network-ref_25.png + network_16.png + + + + Address Range + rangeaddress_25.png + rangeaddress-neg_25.png + rangeaddress-ref_25.png + rangeaddress_16.png + + + + Firewall + firewall_25.png + firewall-neg_25.png + firewall-ref_25.png + firewall_16.png + + unknown + unknown_os + + + + + Group of Objects + object-group_25.png + object-group-neg_25.png + object-group-ref_25.png + object-group_16.png + + + + Group of Services + service-group_25.png + service-group-neg_25.png + service-group-ref_25.png + service-group_16.png + + + + Group of time intervals + clock-group_25.png + clock-group-neg_25.png + clock-group-ref_25.png + clock-group_16.png + + + + Interface + interface_25.png + interface-neg_25.png + interface-ref_25.png + interface_16.png + false + + + + Physical address + physaddress_25.png + physaddress-neg_25.png + physaddress-ref_25.png + physaddress_16.png + false + + + + IPv4 address + address_25.png + address-neg_25.png + address-ref_25.png + address_16.png + false + + + + DNS Name + domainname_25.png + domainname-neg_25.png + domainname-ref_25.png + domainname_16.png + false + + + + Address Table + addresstable_25.png + addresstable-neg_25.png + addresstable-ref_25.png + addresstable_16.png + false + + + + Management + blank.png + blank.png + true + + + + Management + blank.png + blank.png + true + + + + Management + blank.png + blank.png + true + + + + IP + service-ip_25.png + service-ip-neg_25.png + service-ip-ref_25.png + service-ip_16.png + + + + ICMP + service-icmp_25.png + service-icmp-neg_25.png + service-icmp-ref_25.png + service-icmp_16.png + + + + TCP + service-tcp_25.png + service-tcp-neg_25.png + service-tcp-ref_25.png + service-tcp_16.png + + + + UDP + service-udp_25.png + service-udp-neg_25.png + service-udp-ref_25.png + service-udp_16.png + + + + Tag + service-tag_25.png + service-tag-neg_25.png + service-tag-ref_25.png + service-tag_16.png + + + + Custom + service-custom_25.png + service-custom-neg_25.png + service-custom-ref_25.png + service-custom_16.png + + + + NAT + blank_2x16.png + + + + Policy + blank_2x16.png + + + + Routing + blank_2x16.png + + + + Policy + blank_2x16.png + + + + Rule Element + generic.png + blank_2x16.png + true + + + + Rule + generic.png + blank_2x16.png + true + + + + Rule + generic.png + blank_2x16.png + true + + + + Rule + generic.png + blank_2x16.png + true + + + + Reference + ref.png + true + + + + Reference + ref.png + true + + + + Reference + ref.png + true + + + + Time + clock_25.png + clock-neg_25.png + clock-ref_25.png + clock_16.png + + -1 + -1 + -1 + -1 + -1 + -1 + -1 + -1 + -1 + -1 + -1 + -1 + + + + + Host Options + true + + + + Firewall Options + true + + + + Policy Rule Options + true + + + + NAT Rule Options + true + + + + Temporary Objects + true + + + + + + + + + Object Database + false + true + false + false + blank.png + + + + Any + true + true + false + false + blank.png + + + + Any + true + true + false + false + blank.png + + + + Any + true + true + false + false + blank.png + + + + Deleted Objects + true + true + false + false + blank.png + + + + + + + + + + diff --git a/src/res/templates.xml b/src/res/templates.xml new file mode 100644 index 000000000..03fd8a23c --- /dev/null +++ b/src/res/templates.xml @@ -0,0 +1,2074 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + established + -m state --state ESTABLISHED,RELATED + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + -m record_rpc + + + + + + + + + + -m irc + + + + + + + + + + -m psd --psd-weight-threshold 5 --psd-delay-threshold 10000 + + + + + + + + + + -m string --string test_pattern + + + + + + + + + + -m talk + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/res/templates.xml.in b/src/res/templates.xml.in new file mode 100644 index 000000000..bef380389 --- /dev/null +++ b/src/res/templates.xml.in @@ -0,0 +1,2074 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + established + -m state --state ESTABLISHED,RELATED + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + -m record_rpc + + + + + + + + + + -m irc + + + + + + + + + + -m psd --psd-weight-threshold 5 --psd-delay-threshold 10000 + + + + + + + + + + -m string --string test_pattern + + + + + + + + + + -m talk + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/src.pro b/src/src.pro new file mode 100644 index 000000000..88e138de6 --- /dev/null +++ b/src/src.pro @@ -0,0 +1,22 @@ +#-*- mode: makefile; tab-width: 4; -*- +# +# +include(../qmake.inc) + +TEMPLATE = subdirs + +CONFIG += ordered + +TARGET = src +SUBDIRS = res fwbedit fwblookup +# NOTE: 2.1 does not install scripts from src/tools ( fwb_install , fwb_compile_all) + +contains( HAVE_ANTLR_RUNTIME, 1 ) { + SUBDIRS += parsers + contains ( HAVE_EXTERNAL_ANTLR, 0 ) { + SUBDIRS += antlr + } +} + +SUBDIRS += gui ipt pflib pf ipf ipfw + diff --git a/src/tools/.cvsignore b/src/tools/.cvsignore new file mode 100644 index 000000000..65ae5bcdd --- /dev/null +++ b/src/tools/.cvsignore @@ -0,0 +1,7 @@ +Makefile +.moc +.ui +*.app +*.fwb +*.tbl + diff --git a/src/tools/fwb_compile_all b/src/tools/fwb_compile_all new file mode 100755 index 000000000..0c0956017 --- /dev/null +++ b/src/tools/fwb_compile_all @@ -0,0 +1,67 @@ +#!/bin/sh +# +# +# Firewall Builder +# +# Copyright (C) 2003 NetCitadel, LLC +# +# Author: Vadim Kurland vadim@vk.crocodile.org +# +# $Id: fwb_compile_all 784 2005-05-28 21:16:19Z vkurland $ +# +# This program is free software which we release under the GNU General Public +# License. You may redistribute and/or modify this program under the terms +# of that license as published by the Free Software Foundation; either +# version 2 of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# To get a copy of the GNU General Public License, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +# + +XMLFILE="objects.xml" # default fallback if -f option is missing +DIR="." +V="" +LIB="User" # default library + +while getopts f:d:l:va opt +do + case "$opt" in + a) all="yes" ;; + v) V="-v " ;; + f) XMLFILE=$OPTARG ;; + d) DIR=$OPTARG ;; + l) LIB=$OPTARG ;; + \?) ;; + esac + done + +shift `expr $OPTIND - 1` + +test -n "$all" && LIST=`fwblookup -f $XMLFILE -lN /${LIB}/Firewalls | grep -v Firewalls` || { + while test -n "$1"; do + LIST="$LIST $1" + shift + done +} + +for f in `echo $LIST`; do + platform=`fwblookup -f $XMLFILE -a platform /${LIB}/Firewalls/$f` + case "$platform" in + iptables) comp="fwb_ipt" ;; + ipf) comp="fwb_ipf" ;; + ipfw) comp="fwb_ipfw";; + pf) comp="fwb_pf" ;; + pix) comp="fwb_pix" ;; + \?) echo "Unknown platform \"$platform\""; exit 1 ;; + esac + echo + echo "################ $f" + $comp $V -f $XMLFILE -d $DIR $f; + done + diff --git a/src/tools/fwb_install b/src/tools/fwb_install new file mode 100755 index 000000000..f9e94e564 --- /dev/null +++ b/src/tools/fwb_install @@ -0,0 +1,178 @@ +#!/bin/sh +# +# +# Description: +# +# this script transfers compiled fwbuilder rulesets via ssh +# to a firewall and activates them. Optionally it transfers +# a backup of the .xml source file, too +# +### +# +# Disclaimer: +# +# (K) 2001 by David Gullasch , +# All rights reversed. Copy what you like, but give credit +# and include this note. Don't blame me when this script does +# not do what you want it to - there is no bug-free software. +# +# +############################################################################ +# +# Updated script to use command line object lookup tool fwblookup. +# This makes the script independent of changes in DTD (since it now +# uses libfwbuilder API to work with xml files) +# +# Caveats: +# +# The script uses address of firewall's interface which is marked +# as "management". The script aborts if there is no management interface. +# +# There still is a depenency on the current DTD structure in that +# the script assumes that all firewalls are always located in +# the tree branch "Firewalls". This may change in the future; the script +# will need to be updated then. +# +# 11/29/2002 vadim@fwbuilder.org +############################################################################ +# +# Modified by stephan_r@users.sourceforge.net +# +# Added config option "SSH_PORT" in fwb_install for non-standart ssh +# ports as lots of admins prefer firewalls to let ssh listen on +# something else as 22. +# +############################################################################ +# +# Important: +# +# The firewall rules should allow ssh traffic to the +# firewall, or you will lock yourself out. +# +### +# +# Installation Procedure: +# +# On the local machine: +# +# You should have a ssh and sshd installed and configured +# properly. (--> RTFmanpage!) +# +# make a public/private keypair, the private key goes into +# ~$REMOTEUSER/.ssh/ on the firewall, $SSHIDENTITY locally +# points to the private key. +# +# Adjust the following variables: + +# where the firewall script will be placed: +REMOTEDIR="/etc/firewall" + +# the user on the firewall allowed to set up the firewall rulesets: +REMOTEUSER="root" + +# do we want to store a backup copy of the .xml on the firewall? +DOXMLBACKUP="YES" + +# location of private ssh key: +SSHIDENTITY="${HOME}/.ssh/id_dsa" + + +# on which port does your ssh deamon listen? (default: 22) +SSH_PORT="22" + +# +# Copy this file somewhere into your path, e.g.: +# +# # cp fwb_install /usr/local/bin +# +# Tell fwbuilder to use the script: +# +# use "fwb_install" as installer script in the firewall dialog +# +######################################################### + +start_agent() { + test -z "$SSH_AUTH_SOCK" && { + ssh-agent -s > /tmp/ssh-agent.$$ + . /tmp/ssh-agent.$$ + rm -f /tmp/ssh-agent.$$ + echo "SSH Agent started: $SSH_AGENT_PID" + echo + SSH_AGENT_PID_VAR_NAME="SSH_AGENT_PID_"$$ + eval "$SSH_AGENT_PID_VAR_NAME=$SSH_AGENT_PID" + } + ssh-add -l || { + ssh-add $SSHIDENTITY -v 'RS=]*name="'$FIREWALL'"/ {print $1}' < $XMLFILE | \ +# sed -n -e '/address="[0-9\\.]*"/ { +# s/^.*address="\([0-9\\.]*\)".*$/\\1/p +# }'` + +FWIP=`fwblookup21 -M -f $XMLFILE $FWPATH` +if [ $? -ne 0 ]; then + exit 1; +fi + +FWSCRIPT="$DIR/$FIREWALL.fw" + +trap stop_agent EXIT + +start_agent + +echo -n "Transferring $DIR/$FIREWALL.fw to $FWIP:$REMOTEDIR/$FIREWALL.fw ... " +scp -P$SSH_PORT -o "User $REMOTEUSER" -o "IdentityFile $SSHIDENTITY" -qC \ + "$DIR/$FIREWALL.fw" "$FWIP:$REMOTEDIR/$FIREWALL.fw" +if [ "$?" -ne 0 ] ; then echo "Error." ; exit $? ; else echo "Ok." ; fi + +if [ "$DOXMLBACKUP" = "YES" ] ; then + echo -n "Transferring $XMLFILE to $FWIP:$REMOTEDIR/"`basename $XMLFILE`" ... " + scp -P$SSH_PORT -o "User $REMOTEUSER" -o "IdentityFile $SSHIDENTITY" -qBC \ + "$XMLFILE" "$FWIP:$REMOTEDIR/"`basename $XMLFILE` + if [ "$?" -ne 0 ] ; then echo "Error." ; exit $? ; else echo "Ok." ; fi +fi + +echo -n "Executing $REMOTEDIR/$FIREWALL.fw on $FWIP ... " +ssh -n -p $SSH_PORT -o "User $REMOTEUSER" -o "IdentityFile $SSHIDENTITY" "$FWIP" "$REMOTEDIR/$FIREWALL.fw" +if [ "$?" -ne 0 ] ; then echo "Error." ; exit $? ; else echo "Ok." ; fi + +echo "Firewall ruleset successfully installed." + + + diff --git a/src/tools/rehash-ids.pl b/src/tools/rehash-ids.pl new file mode 100755 index 000000000..b5342b1ab --- /dev/null +++ b/src/tools/rehash-ids.pl @@ -0,0 +1,50 @@ +#!/usr/bin/perl +# +# + +use strict; + +my $file = $ARGV[0]; + +die "rehash-ids.pl data_file.fwb\n" if ($file eq ""); + +my %ids; +my $idCntr = time; + +open F, "$file" or die "Could not open file $file for reading"; +while () { + if ($_ =~ /id=\"([^\"]+)\"/) { + $ids{$1}=$1; + } +} +close F; + +while ( my ($k,$v) = each %ids ) { + if (length($k)>20) { + $ids{$k} = sprintf("id%d", $idCntr); + $idCntr++; + printf "ID=%s -> %s\n",$k, $ids{$k}; + } +} + +my $newfile = "$file" . ".new"; +open F, "$file" or die "Could not open file $file for reading"; +open W, ">$newfile" or die "Coule not open file $newfile for writing"; + +while () { + if ($_ =~ /id=\"([^\"]+)\"/) { + my $oldid=$1; + my $newid=$ids{$oldid}; + $_ =~ s/id=\"[^\"]+\"/id=\"$newid\"/; + } + + if ($_ =~ /ref=\"([^\"]+)\"/) { + my $oldid=$1; + my $newid=$ids{$oldid}; + $_ =~ s/ref=\"[^\"]+\"/ref=\"$newid\"/; + } + + print W $_; +} +close F; +close W; diff --git a/src/tools/tools.pro b/src/tools/tools.pro new file mode 100644 index 000000000..6910ca7d8 --- /dev/null +++ b/src/tools/tools.pro @@ -0,0 +1,34 @@ +#-*- mode: makefile; tab-width: 4; -*- +# + +include(../../qmake.inc) + +win32 { + QMAKE_RUN_CC = @echo + QMAKE_RUN_CXX = @echo + QMAKE_LINK = @echo +} + +unix { + QMAKE_RUN_CC = @true + QMAKE_RUN_CXX = @true + QMAKE_LINK = @true +} + +macx { + QMAKE_RUN_CC = @true + QMAKE_RUN_CXX = @true + QMAKE_LINK = @true +} + +TARGET = tools + +win32:tools.path = $$target.path +unix:tools.path = $$target.path +macx:tools.path = $$target.path + +tools.files = fwb_install fwb_compile_all + +INSTALLS -= target +INSTALLS += tools + diff --git a/src/unit_tests/importer/importer.pro b/src/unit_tests/importer/importer.pro new file mode 100644 index 000000000..91bf0caba --- /dev/null +++ b/src/unit_tests/importer/importer.pro @@ -0,0 +1,40 @@ +#-*- mode: makefile; tab-width: 4; -*- +# +# +# +include(../../../qmake.inc) +# +exists(qmake.inc) { + include( qmake.inc) +} + +HEADERS += ../../../config.h \ + ../../gui/utils_no_qt.h \ + ../../gui/FWBTree.h \ + ../../gui/Importer.h \ + ../../gui/IOSImporter.h \ + ../../gui/IPTImporter.h + +SOURCES += importer_test.cpp \ + ../../gui/utils_no_qt.cpp \ + ../../gui/FWBTree.cpp \ + ../../gui/Importer.cpp \ + ../../gui/IOSImporter.cpp \ + ../../gui/IOSImporterRun.cpp \ + ../../gui/IPTImporter.cpp \ + ../../gui/IPTImporterRun.cpp + +TARGET = importer_test +#TARGETDEPS += unit_test + +contains( HAVE_ANTLR_RUNTIME, 1 ) { + INCLUDEPATH += $$ANTLR_INCLUDEPATH + LIBS += ../../parsers/libfwbparser.a $$ANTLR_LIBS + DEFINES += $$ANTLR_DEFINES +} + +INCLUDEPATH += ../../.. ../../gui/ + +QMAKE_COPY = echo + + diff --git a/src/unit_tests/importer/importer_test.cpp b/src/unit_tests/importer/importer_test.cpp new file mode 100644 index 000000000..10bc1c959 --- /dev/null +++ b/src/unit_tests/importer/importer_test.cpp @@ -0,0 +1,205 @@ +/* + + Firewall Builder + + Copyright (C) 2007 NetCitadel, LLC + + Author: Vadim Kurland vadim@vk.crocodile.org + + $Id: importer_test.cpp 1393 2007-08-06 07:15:24Z vkurland $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#include "config.h" +#include "global.h" + +#ifdef HAVE_LOCALE_H +#include +#endif + +#include +#include +#include +#include +#include + +#include + +#ifndef _WIN32 +# include +# include +#else +# include +# include +# include +#endif + +#include +#include +#include +#include +#include + +#include "../../gui/Importer.h" +#include "../../gui/IOSImporter.h" +#include "../../gui/IPTImporter.h" + +#include "../../gui/FWBTree.h" + +#include "fwbuilder/Resources.h" +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/Library.h" +#include "fwbuilder/FWException.h" +#include "fwbuilder/Logger.h" + +#ifdef HAVE_GETOPT_H + #include +#else + #ifdef _WIN32 + #include + #else + #include + #endif +#endif + +#include "../../common/init.cpp" + +int fwbdebug = 1; + +using namespace std; +using namespace libfwbuilder; + +FWObjectDatabase *objdb = NULL; + +class UpgradePredicate: public XMLTools::UpgradePredicate +{ + public: + virtual bool operator()(const string &msg) const + { + cout << _("Data file has been created in the old version of Firewall Builder. Use fwbuilder GUI to convert it.") << endl; + return false; + } +}; + +void usage() +{ + + cout << "Firewall Builder: unit test for policy importer" << endl; + cout << "importer_test (iosacl|iptables)" << endl; + cout << "(expecting test config file on stdin)" << endl; +} + +int main(int argc, char * const *argv) +{ + +#ifdef HAVE_SETLOCALE + setlocale (LC_ALL, ""); +#endif + + if (argc<=1) + { + usage(); + exit(1); + } + + init(argv); + + string platform(argv[1]); + + try + { + new Resources(respath+FS_SEPARATOR+"resources.xml"); + new FWBTree(); + + /* create database */ + objdb = new FWObjectDatabase(); + + /* load the data file */ + UpgradePredicate upgrade_predicate; + + cout << _(" *** Loading standard data file ..."); + + objdb->setReadOnly( false ); + objdb->load( sysfname, &upgrade_predicate, librespath); + objdb->setFileName(""); + FWObject *lib = objdb->create(Library::TYPENAME); + lib->setName("User"); + objdb->add(lib); + cout << _(" done\n"); + + //objdb->dump(true,true); + + libfwbuilder::QueueLogger *logger = new libfwbuilder::QueueLogger(); + + string buffer; + string s; + while (!cin.eof()) + { + getline(cin,s); + buffer += s; + buffer += '\n'; + } + + std::istringstream instream(buffer); + + Importer* imp; + if (platform=="iosacl") + imp = new IOSImporter(lib, instream, logger); + + if (platform == "iptables") + imp = new IPTImporter(lib, instream, logger); + + try + { + imp->run(); + } catch(ImporterException &e) + { + *logger << std::string("Parser error:\n"); + *logger << e.toString() << "\n"; + } + while (logger->ready()) + cout << logger->getLine(); + + imp->finalize(); + + cout << endl; + cout << flush; + + return 0; + + } catch(const FWException &ex) { + cerr << "Error: " << ex.toString() << endl; + return 1; +#if __GNUC__ >= 3 +/* need to check version because std::ios::failure does not seem to be + * supported in gcc 2.9.5 on FreeBSD 4.10 */ + } catch (const std::ios::failure &e) { + cerr << "Error while opening or writing to the output file" << endl; + return 1; +#endif + } catch (const std::string &s) { + cerr << s << endl; + return 1; + } catch (const std::exception &ex) { + cerr << ex.what() << endl; + return 1; + } catch (...) { + cerr << _("Unsupported exception") << endl; + return 1; + } + +} diff --git a/src/unit_tests/importer/run-tests.sh b/src/unit_tests/importer/run-tests.sh new file mode 100755 index 000000000..7fac84a40 --- /dev/null +++ b/src/unit_tests/importer/run-tests.sh @@ -0,0 +1,18 @@ +#!/bin/sh + +qmake +make +echo "Running the test" +echo +echo "iosacl" && \ +./importer_test iosacl < test_data/test1.conf > test1.result 2> test1.stderr +cmp test1.result test_data/test1.result && \ +cmp test1.stderr test_data/test1.stderr + +echo "iptables" && \ +./importer_test iptables < test_data/iptables_test1.conf > test1.result 2> test1.stderr +cmp test1.result test_data/iptables_test1.result && \ +cmp test1.stderr test_data/iptables_test1.stderr && \ + +echo PASS || echo FAIL + diff --git a/src/unit_tests/importer/test_data/iptables_test1.conf b/src/unit_tests/importer/test_data/iptables_test1.conf new file mode 100644 index 000000000..c712c5e9e --- /dev/null +++ b/src/unit_tests/importer/test_data/iptables_test1.conf @@ -0,0 +1,186 @@ +# Generated by iptables-save v1.2.1a on Fri Jun 1 14:04:15 2001 +*filter +:INPUT DROP [0:0] +:FORWARD DROP [0:0] +:OUTPUT ACCEPT [1531191:180073476] +:user_chain - [0:0] + +# this should be recognized as built-in rule +-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT + +# this should be recognized as built-in rule +-A FORWARD -m state --state INVALID -j drop_invalid + +# this should be recognized as built-in rule +-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT + +# this is a hard one, we can not add this combination of states to a normal rule +# should mark as error and add --state line to comment +-A OUTPUT -d 21.21.21.21 -p tcp -m tcp --sport 22 -m state --state RELATED,ESTABLISHED -j ACCEPT + +# this should be recognized as built-in rule +-A OUTPUT -m state --state INVALID -j drop_invalid + +# these go into INPUT chain, should end up with firewall object in DST +-A INPUT -i lo -j ACCEPT +-A INPUT -j user_chain +-A INPUT -j scan_checks_chain + +# testing action REJECT with option +-A INPUT -p tcp --dport 0:8000 -j REJECT --reject-with tcp-reset +-A INPUT -p udp --dport 0:8000 -j REJECT --reject-with icmp-port-unreachable + +# v2.1 does not support passing control to the same branch from +# several rules This rule will have action 'branch' but branch name +# will be 'user_chain1' This rule will have a comment explaining this +# and branch rule set will be emtpy +-A OUTPUT -j user_chain + +-A FORWARD -s 192.168.0.0/16 -m state --state NEW -j ACCEPT + +# this should end up with action "Continue" and logging on +-A FORWARD -j LOG --log-prefix "FORWARD catch-all" + +# should have icmp (-1,-1) in SRV -- should recognize this as icmp +# even though it is uppercased +-A user_chain -s 128.143.0.0/16 -p ICMP -j ACCEPT + +# numeric protocol spec +-A user_chain -d 192.168.1.1 -i eth0 -p 47 -j ACCEPT + +# target RETURN +-A user_chain -s 1.1.0.0/16 -p ICMP -j RETURN + +# this should be recognized as built-in rule even though it is in user-defined chain +-A user_chain -m state --state RELATED,ESTABLISHED -j ACCEPT + +-A user_chain -s 192.168.19.0/24 -p tcp -m tcp --dport 5432 -m state --state NEW -j ACCEPT +-A user_chain -s 192.168.16.125 -p tcp -m tcp --dport 5432 -m state --state NEW -j ACCEPT +-A user_chain -s 192.168.0.0/16 -p tcp -m tcp --dport 873 -m state --state NEW -j ACCEPT +-A user_chain -s 192.168.0.0/16 -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT +-A user_chain -s 192.0.34.166 -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT +-A user_chain -s 192.168.19.0/24 -p tcp -m tcp --dport 137:139 -m state --state NEW -j ACCEPT + +-A user_chain -s 192.168.0.0/16 -p udp --dport 137 -m state --state NEW -j ACCEPT +-A user_chain -s 192.168.0.0/16 -p udp --dport 138 -m state --state NEW -j ACCEPT +-A user_chain -s 192.168.0.0/16 -p tcp -m tcp --dport 139 -m state --state NEW -j ACCEPT +-A user_chain -s 192.168.0.0/16 -p tcp -m tcp --dport 445 -m state --state NEW -j ACCEPT +-A user_chain -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT + +-A user_chain -s 192.168.0.0/16 -p tcp -m tcp --dport 8080 -m state --state NEW -j ACCEPT +-A user_chain -s 192.0.34.166 -p tcp -m tcp --dport 8080 -m state --state NEW -j ACCEPT + +-A user_chain -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT + +-A user_chain -s 127.0.0.1 -p tcp -m tcp --dport 631 -m state --state NEW -j ACCEPT +-A user_chain -s 127.0.0.1 -p tcp -m tcp --dport 515 -m state --state NEW -j ACCEPT + +# different combinations of tcp flags in combination with some other +# options. Taken from a real policy. +# +-A scan_checks_chain -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -m limit --limit 3/min -j LOG --log-prefix "Stealth XMAS scan: " --log-level 7 +-A scan_checks_chain -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -m limit --limit 3/min -j LOG --log-prefix "Stealth XMAS-PSH scan: " --log-level 7 +-A scan_checks_chain -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -m limit --limit 3/min -j LOG --log-prefix "Stealth XMAS-ALL scan: " --log-level 7 +-A scan_checks_chain -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN -m limit --limit 3/min -j LOG --log-prefix "Stealth FIN scan: " --log-level 7 +-A scan_checks_chain -i eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -m limit --limit 3/min -j LOG --log-prefix "Stealth SYN/RST scan: " --log-level 7 +-A scan_checks_chain -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -m limit --limit 3/min -j LOG --log-prefix "Stealth SYN/FIN scan(?): " --log-level 7 +-A scan_checks_chain -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -m limit --limit 3/min -j LOG --log-prefix "Stealth Null scan: " --log-level 7 +-A scan_checks_chain -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP +-A scan_checks_chain -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP +-A scan_checks_chain -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP +-A scan_checks_chain -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN -j DROP +-A scan_checks_chain -i eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP +-A scan_checks_chain -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP +-A scan_checks_chain -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP + + +# bad port spec +-A user_chain -s 192.168.0.0/16 -p tcp -m tcp --dport foo -m state --state NEW -j ACCEPT + +# Log prefix and log limit test +# Also need action Continue (or NOP) +-A user_chain -s ! 128.143.0.0/16 -m limit --limit 25/hour -j LOG --log-prefix user_chain_notlocal: + +-A user_chain -s 128.143.0.0/16 -p tcp --dport 427 -j ACCEPT +-A user_chain -s 128.143.0.0/16 -p udp --dport 427 -j ACCEPT +-A user_chain -s 128.143.0.0/16 -p tcp --dport 548 -j ACCEPT +-A user_chain -s 128.143.0.0/16 -p tcp --dport 201 -j ACCEPT +-A user_chain -s 128.143.0.0/16 -p tcp --dport 202 -j ACCEPT +-A user_chain -s 128.143.0.0/16 -p tcp --dport 204 -j ACCEPT +-A user_chain -s 128.143.0.0/16 -p tcp --dport 206 -j ACCEPT + +# --dports does not necessarily follow -m multiport +# +-A user_chain -m multiport -s 128.143.0.0/16 -p tcp --dports 548,201,202,204,206 -j ACCEPT + +-A user_chain -j DROP + +COMMIT + +# mangle table +*mangle +:PREROUTING ACCEPT +:INPUT ACCEPT +:FORWARD ACCEPT +:OUTPUT ACCEPT +:POSTROUTING ACCEPT + +# mark in FORWARD +-A FORWARD -i eth1 -p tcp --dport smtp -j MARK --set-mark 16 + +# mark in PREROUTING (check option "ipt_mark_prerouting") +-A PREROUTING -i eth1 -p tcp --dport smtp -j MARK --set-mark 16 + +# option "ipt_mark_connections" +-A PREROUTING -j CONNMARK --restore-mark + +# packets from me going out +-A POSTROUTING -o eth1 -p tcp --sport smtp -j MARK --set-mark 16 +-A POSTROUTING -j CONNMARK --save-mark + +# test ROUTE target +-A POSTROUTING -m mark --mark 1 -j ROUTE --oif eth0 --continue +-A POSTROUTING -m mark --mark 2 -j ROUTE --oif eth2 --continue + +# test TOS target with parameters (unsupported, but parser +# should not crash on it) +-A POSTROUTING -d 192.168.1.1 -j TOS --set-tos Minimize-Delay +-A POSTROUTING -d 192.168.1.1 -j TOS --set-tos 0x10 + +COMMIT + +*nat +:PREROUTING ACCEPT [1502:275921] +:POSTROUTING ACCEPT [406:45653] +:OUTPUT ACCEPT [406:45653] + +-A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.222 +-A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 192.168.1.1 +-A POSTROUTING -o eth+ -s 192.168.1.32/27 -j SNAT --to-source 222.222.222.10-222.222.222.100 +-A POSTROUTING -o eth+ -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.20 --dport 80 -j SNAT --to-source 192.168.1.1 +-A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --sport 1000:1010 -j SNAT --to-source 222.222.222.222:1000-1010 + +-A POSTROUTING -o eth2 -s 192.168.1.0/24 -j MASQUERADE + +-A POSTROUTING -s 192.168.1.0/24 -j NETMAP --to 222.222.222.0/24 + +-A PREROUTING -p tcp -m tcp -d 222.222.222.222 --dport 25 -j DNAT --to-destination 192.168.1.10:25 +-A PREROUTING -p icmp -m icmp -d 222.222.222.222 --icmp-type 8/0 -j DNAT --to-destination 192.168.1.10 +-A PREROUTING -p tcp -m tcp --sport 1000:1010 -d 222.222.222.222 -j DNAT --to-destination 192.168.1.10 +-A PREROUTING -p tcp -m tcp -d 222.222.222.222 --dport 4000:4010 -j DNAT --to-destination 192.168.1.10:4000-4010 +-A PREROUTING -p tcp -m tcp -m multiport -d 222.222.222.222 --dports 6667,3128,113,53,21,80,119,25,22,23,540,70,13,2105,443 -j DNAT --to-destination 192.168.1.10 + +# numeric protocol spec +-A PREROUTING -d 192.168.3.145 -i eth0 -p 47 -j DNAT --to-destination 1.1.1.1 + +# a "no nat" rule +-A POSTROUTING -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT + +# redirect rule +-A PREROUTING -s 192.168.1.0/24 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 + +# a couple of nat rules in chain OUTPUT +-A OUTPUT -p tcp -m tcp -d 192.168.1.22 --dport 80 -j DNAT --to-destination 192.168.2.10:80 +-A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10 + +COMMIT diff --git a/src/unit_tests/importer/test_data/iptables_test1.result b/src/unit_tests/importer/test_data/iptables_test1.result new file mode 100644 index 000000000..a04206d4f --- /dev/null +++ b/src/unit_tests/importer/test_data/iptables_test1.result @@ -0,0 +1,128 @@ + *** Loading standard data file ... done +Ruleset: INPUT +Ruleset: FORWARD +Ruleset: OUTPUT +Ruleset: user_chain +Using automatic rule controlled by option 'Accept established,related states' to match states RELATED,ESTABLISHED +Using automatic rule controlled by option 'Drop packet that do not match any known connection' to match state INVALID +Using automatic rule controlled by option 'Accept established,related states' to match states RELATED,ESTABLISHED +Address object: h-21.21.21.21 +TCP Service object: tcp 22-22: +Parser error: Rule passes control to branch drop_invalid which +is already used by some rule prior to this one. +fwbuilder 2.1 does not support multiple rules +passing control to the same branch. This will +be fixed in the next major release (v3.0) +Using automatic rule controlled by option 'Drop packet that do not match any known connection' to match state INVALID +Interface: lo +TCP Service object: tcp 0-8000 +UDP Service object: udp 0-0:0-8000 +Parser error: Rule passes control to branch user_chain which +is already used by some rule prior to this one. +fwbuilder 2.1 does not support multiple rules +passing control to the same branch. This will +be fixed in the next major release (v3.0) +Network object: net-192.168.0.0/16 +Network object: net-128.143.0.0/16 +ICMP Service object: icmp -1/-1 +Address object: h-192.168.1.1 +IP Service object: ip-47 +Interface: eth0 +Network object: net-1.1.0.0/16 +Using automatic rule controlled by option 'Accept established,related states' to match states RELATED,ESTABLISHED +Network object: net-192.168.19.0/24 +TCP Service object: tcp 5432-5432 +Address object: h-192.168.16.125 +TCP Service object: tcp 873-873 +TCP Service object: tcp 22-22 +Address object: h-192.0.34.166 +TCP Service object: tcp 137-139 +UDP Service object: udp 0-0:137-137 +UDP Service object: udp 0-0:138-138 +TCP Service object: tcp 139-139 +TCP Service object: tcp 445-445 +TCP Service object: tcp 80-80 +TCP Service object: tcp 8080-8080 +TCP Service object: tcp 443-443 +Address object: h-127.0.0.1 +TCP Service object: tcp 631-631 +TCP Service object: tcp 515-515 +TCP Service object: tcp fsrpau/fpu +TCP Service object: tcp fsrpau/fsrau +TCP Service object: tcp fsrpau/fsrpau +TCP Service object: tcp fsrpau/f +TCP Service object: tcp sr/sr +TCP Service object: tcp fs/fs +TCP Service object: tcp fsrpau/N +Parser error: Port spec 'foo' unknown. Error basic_ios::clear +Parser error: Port spec 'foo' unknown. Error basic_ios::clear +TCP Service object: tcp +TCP Service object: tcp 427-427 +UDP Service object: udp 0-0:427-427 +TCP Service object: tcp 548-548 +TCP Service object: tcp 201-201 +TCP Service object: tcp 202-202 +TCP Service object: tcp 204-204 +TCP Service object: tcp 206-206 +Ruleset: PREROUTING +Ruleset: INPUT +Ruleset: FORWARD +Ruleset: OUTPUT +Ruleset: POSTROUTING +TCP Service object: tcp 25-25 +Interface: eth1 +Skip command with '-j CONNMARK --restore-mark' This rule is generated automatically. +TCP Service object: tcp 25-25: +Turned option on in previous rule with action Mark for '-j CONNMARK --save-mark' +Tag Service object: tag-1 +Interface: eth2 +Tag Service object: tag-2 +Parser error: Rule passes control to branch TOS which +is already used by some rule prior to this one. +fwbuilder 2.1 does not support multiple rules +passing control to the same branch. This will +be fixed in the next major release (v3.0) +Ruleset: PREROUTING +Ruleset: POSTROUTING +Ruleset: OUTPUT +Network object: net-192.168.1.0/24 +Address object: h-222.222.222.222 +Parser error: Original rule defines outbound interface 'eth1'. + Replace address in TSrc with matching interface of the firewall. +Parser error: Original rule defines outbound interface 'eth0'. + Replace address in TSrc with matching interface of the firewall. +Network object: net-192.168.1.32/27 +AddressRange object: range-222.222.222.10-222.222.222.100 +Parser error: Original rule defines outbound interface 'eth+'. + Replace address in TSrc with matching interface of the firewall. +Address object: h-192.168.1.20 +Parser error: Original rule defines outbound interface 'eth+'. + Replace address in TSrc with matching interface of the firewall. +Address object: h-192.168.1.10 +TCP Service object: tcp 1000-1010: +Parser error: Original rule defines outbound interface 'eth1'. + Replace address in TSrc with matching interface of the firewall. +Network object: net-222.222.222.0/24 +ICMP Service object: icmp 8/0 +TCP Service object: tcp 4000-4010 +TCP Service object: tcp 6667-6667 +TCP Service object: tcp 3128-3128 +TCP Service object: tcp 113-113 +TCP Service object: tcp 53-53 +TCP Service object: tcp 21-21 +TCP Service object: tcp 119-119 +TCP Service object: tcp 23-23 +TCP Service object: tcp 540-540 +TCP Service object: tcp 70-70 +TCP Service object: tcp 13-13 +TCP Service object: tcp 2105-2105 +Address object: h-192.168.3.145 +Address object: h-1.1.1.1 +Parser error: Original rule defines inbound interface 'eth0'. + Replace address in ODst with matching interface of the firewall. +Network object: net-192.168.2.0/24 +Address object: h-192.168.1.22 +Address object: h-192.168.2.10 +Address object: h-22.22.22.23 +ICMP Service object: icmp 11/0 + diff --git a/src/unit_tests/importer/test_data/iptables_test1.stderr b/src/unit_tests/importer/test_data/iptables_test1.stderr new file mode 100644 index 000000000..e77ae23ba --- /dev/null +++ b/src/unit_tests/importer/test_data/iptables_test1.stderr @@ -0,0 +1,337 @@ +TABLE filter +NEW CHAIN INPUT +NEW CHAIN FORWARD +NEW CHAIN OUTPUT +NEW CHAIN user_chain + +add_rule: line=9 chain=FORWARD STATE MATCH=RELATED,ESTABLISHED TARGET=ACCEPT +add_rule: line=12 chain=FORWARD STATE MATCH=INVALID TARGET=drop_invalid +add_rule: line=15 chain=OUTPUT STATE MATCH=RELATED,ESTABLISHED TARGET=ACCEPT +add_rule: line=19 chain=OUTPUT DST=21.21.21.21 PROTO=tcp TCP PORT=22 STATE MATCH=RELATED,ESTABLISHED TARGET=ACCEPT +Creating tcp service +src range: 22 - 22 +dst range: 0 - 0 +add_rule: line=22 chain=OUTPUT STATE MATCH=INVALID TARGET=drop_invalid +add_rule: line=25 chain=INPUT I_INTF=lo TARGET=ACCEPT +add_rule: line=26 chain=INPUT TARGET=user_chain +add_rule: line=27 chain=INPUT TARGET=scan_checks_chain +add_rule: line=30 chain=INPUT PROTO=tcp PORT=0:8000 TARGET=REJECT REJECT WITH=tcp-reset +Creating tcp service +src range: 0 - 0 +dst range: 0 - 8000 +add_rule: line=31 chain=INPUT PROTO=udp PORT=0:8000 TARGET=REJECT REJECT WITH=icmp-port-unreachable +Creating udp service +src range: 0 - 0 +dst range: 0 - 8000 +add_rule: line=37 chain=OUTPUT TARGET=user_chain +add_rule: line=39 chain=FORWARD SRC=192.168.0.0/16 STATE MATCH=NEW TARGET=ACCEPT +add_rule: line=42 chain=FORWARD TARGET=LOG LOG PREFIX="FORWARD catch-all" +add_rule: line=46 chain=user_chain SRC=128.143.0.0/16 PROTO=icmp TARGET=ACCEPT +add_rule: line=49 chain=user_chain DST=192.168.1.1 I_INTF=eth0 PROTO=47 TARGET=ACCEPT +add_rule: line=52 chain=user_chain SRC=1.1.0.0/16 PROTO=icmp TARGET=RETURN +add_rule: line=55 chain=user_chain STATE MATCH=RELATED,ESTABLISHED TARGET=ACCEPT +add_rule: line=57 chain=user_chain SRC=192.168.19.0/24 PROTO=tcp TCP PORT=5432 STATE MATCH=NEW TARGET=ACCEPT +Creating tcp service +src range: 0 - 0 +dst range: 5432 - 5432 +add_rule: line=58 chain=user_chain SRC=192.168.16.125 PROTO=tcp TCP PORT=5432 STATE MATCH=NEW TARGET=ACCEPT +Creating tcp service +src range: 0 - 0 +dst range: 5432 - 5432 +add_rule: line=59 chain=user_chain SRC=192.168.0.0/16 PROTO=tcp TCP PORT=873 STATE MATCH=NEW TARGET=ACCEPT +Creating tcp service +src range: 0 - 0 +dst range: 873 - 873 +add_rule: line=60 chain=user_chain SRC=192.168.0.0/16 PROTO=tcp TCP PORT=22 STATE MATCH=NEW TARGET=ACCEPT +Creating tcp service +src range: 0 - 0 +dst range: 22 - 22 +add_rule: line=61 chain=user_chain SRC=192.0.34.166 PROTO=tcp TCP PORT=22 STATE MATCH=NEW TARGET=ACCEPT +Creating tcp service +src range: 0 - 0 +dst range: 22 - 22 +add_rule: line=62 chain=user_chain SRC=192.168.19.0/24 PROTO=tcp TCP PORT=137:139 STATE MATCH=NEW TARGET=ACCEPT +Creating tcp service +src range: 0 - 0 +dst range: 137 - 139 +add_rule: line=64 chain=user_chain SRC=192.168.0.0/16 PROTO=udp PORT=137 STATE MATCH=NEW TARGET=ACCEPT +Creating udp service +src range: 0 - 0 +dst range: 137 - 137 +add_rule: line=65 chain=user_chain SRC=192.168.0.0/16 PROTO=udp PORT=138 STATE MATCH=NEW TARGET=ACCEPT +Creating udp service +src range: 0 - 0 +dst range: 138 - 138 +add_rule: line=66 chain=user_chain SRC=192.168.0.0/16 PROTO=tcp TCP PORT=139 STATE MATCH=NEW TARGET=ACCEPT +Creating tcp service +src range: 0 - 0 +dst range: 139 - 139 +add_rule: line=67 chain=user_chain SRC=192.168.0.0/16 PROTO=tcp TCP PORT=445 STATE MATCH=NEW TARGET=ACCEPT +Creating tcp service +src range: 0 - 0 +dst range: 445 - 445 +add_rule: line=68 chain=user_chain PROTO=tcp TCP PORT=80 STATE MATCH=NEW TARGET=ACCEPT +Creating tcp service +src range: 0 - 0 +dst range: 80 - 80 +add_rule: line=70 chain=user_chain SRC=192.168.0.0/16 PROTO=tcp TCP PORT=8080 STATE MATCH=NEW TARGET=ACCEPT +Creating tcp service +src range: 0 - 0 +dst range: 8080 - 8080 +add_rule: line=71 chain=user_chain SRC=192.0.34.166 PROTO=tcp TCP PORT=8080 STATE MATCH=NEW TARGET=ACCEPT +Creating tcp service +src range: 0 - 0 +dst range: 8080 - 8080 +add_rule: line=73 chain=user_chain PROTO=tcp TCP PORT=443 STATE MATCH=NEW TARGET=ACCEPT +Creating tcp service +src range: 0 - 0 +dst range: 443 - 443 +add_rule: line=75 chain=user_chain SRC=127.0.0.1 PROTO=tcp TCP PORT=631 STATE MATCH=NEW TARGET=ACCEPT +Creating tcp service +src range: 0 - 0 +dst range: 631 - 631 +add_rule: line=76 chain=user_chain SRC=127.0.0.1 PROTO=tcp TCP PORT=515 STATE MATCH=NEW TARGET=ACCEPT +Creating tcp service +src range: 0 - 0 +dst range: 515 - 515 +add_rule: line=81 chain=scan_checks_chain I_INTF=eth0 PROTO=tcp TCP TCP FLAGS=5|4|3|2|1|0| 5|2|0| LIMIT MATCH LIMIT 3/min TARGET=LOG LOG PREFIX="Stealth XMAS scan: "line 81:169: expecting WORD, found '7' + +Creating tcp service +src range: 0 - 0 +dst range: 0 - 0 +add_rule: line=82 chain=scan_checks_chain I_INTF=eth0 PROTO=tcp TCP TCP FLAGS=5|4|3|2|1|0| 5|4|3|1|0| LIMIT MATCH LIMIT 3/min TARGET=LOG LOG PREFIX="Stealth XMAS-PSH scan: "line 82:181: expecting WORD, found '7' + +Creating tcp service +src range: 0 - 0 +dst range: 0 - 0 +add_rule: line=83 chain=scan_checks_chain I_INTF=eth0 PROTO=tcp TCP TCP FLAGS=5|4|3|2|1|0| 5|4|3|2|1|0| LIMIT MATCH LIMIT 3/min TARGET=LOG LOG PREFIX="Stealth XMAS-ALL scan: "line 83:185: expecting WORD, found '7' + +Creating tcp service +src range: 0 - 0 +dst range: 0 - 0 +add_rule: line=84 chain=scan_checks_chain I_INTF=eth0 PROTO=tcp TCP TCP FLAGS=5|4|3|2|1|0| 5| LIMIT MATCH LIMIT 3/min TARGET=LOG LOG PREFIX="Stealth FIN scan: "line 84:160: expecting WORD, found '7' + +Creating tcp service +src range: 0 - 0 +dst range: 0 - 0 +add_rule: line=85 chain=scan_checks_chain I_INTF=eth0 PROTO=tcp TCP TCP FLAGS=4|3| 4|3| LIMIT MATCH LIMIT 3/min TARGET=LOG LOG PREFIX="Stealth SYN/RST scan: "line 85:152: expecting WORD, found '7' + +Creating tcp service +src range: 0 - 0 +dst range: 0 - 0 +add_rule: line=86 chain=scan_checks_chain I_INTF=eth0 PROTO=tcp TCP TCP FLAGS=5|4| 5|4| LIMIT MATCH LIMIT 3/min TARGET=LOG LOG PREFIX="Stealth SYN/FIN scan(?): "line 86:155: expecting WORD, found '7' + +Creating tcp service +src range: 0 - 0 +dst range: 0 - 0 +add_rule: line=87 chain=scan_checks_chain I_INTF=eth0 PROTO=tcp TCP TCP FLAGS=5|4|3|2|1|0| 98| LIMIT MATCH LIMIT 3/min TARGET=LOG LOG PREFIX="Stealth Null scan: "line 87:162: expecting WORD, found '7' + +Creating tcp service +src range: 0 - 0 +dst range: 0 - 0 +add_rule: line=88 chain=scan_checks_chain I_INTF=eth0 PROTO=tcp TCP TCP FLAGS=5|4|3|2|1|0| 5|2|0| TARGET=DROP +Creating tcp service +src range: 0 - 0 +dst range: 0 - 0 +add_rule: line=89 chain=scan_checks_chain I_INTF=eth0 PROTO=tcp TCP TCP FLAGS=5|4|3|2|1|0| 5|4|3|1|0| TARGET=DROP +Creating tcp service +src range: 0 - 0 +dst range: 0 - 0 +add_rule: line=90 chain=scan_checks_chain I_INTF=eth0 PROTO=tcp TCP TCP FLAGS=5|4|3|2|1|0| 5|4|3|2|1|0| TARGET=DROP +Creating tcp service +src range: 0 - 0 +dst range: 0 - 0 +add_rule: line=91 chain=scan_checks_chain I_INTF=eth0 PROTO=tcp TCP TCP FLAGS=5|4|3|2|1|0| 5| TARGET=DROP +Creating tcp service +src range: 0 - 0 +dst range: 0 - 0 +add_rule: line=92 chain=scan_checks_chain I_INTF=eth0 PROTO=tcp TCP TCP FLAGS=4|3| 4|3| TARGET=DROP +Creating tcp service +src range: 0 - 0 +dst range: 0 - 0 +add_rule: line=93 chain=scan_checks_chain I_INTF=eth0 PROTO=tcp TCP TCP FLAGS=5|4| 5|4| TARGET=DROP +Creating tcp service +src range: 0 - 0 +dst range: 0 - 0 +add_rule: line=94 chain=scan_checks_chain I_INTF=eth0 PROTO=tcp TCP TCP FLAGS=5|4|3|2|1|0| 98| TARGET=DROP +Creating tcp service +src range: 0 - 0 +dst range: 0 - 0 +add_rule: line=98 chain=user_chain SRC=192.168.0.0/16 PROTO=tcp TCP PORT=foo STATE MATCH=NEW TARGET=ACCEPT +Creating tcp service +src range: 0 - 0 +dst range: foo - foo +add_rule: line=102 chain=user_chain SRC=128.143.0.0/16 LIMIT MATCH LIMIT 25/hour TARGET=LOG LOG PREFIX=user_chain_notlocal: +add_rule: line=104 chain=user_chain SRC=128.143.0.0/16 PROTO=tcp PORT=427 TARGET=ACCEPT +Creating tcp service +src range: 0 - 0 +dst range: 427 - 427 +add_rule: line=105 chain=user_chain SRC=128.143.0.0/16 PROTO=udp PORT=427 TARGET=ACCEPT +Creating udp service +src range: 0 - 0 +dst range: 427 - 427 +add_rule: line=106 chain=user_chain SRC=128.143.0.0/16 PROTO=tcp PORT=548 TARGET=ACCEPT +Creating tcp service +src range: 0 - 0 +dst range: 548 - 548 +add_rule: line=107 chain=user_chain SRC=128.143.0.0/16 PROTO=tcp PORT=201 TARGET=ACCEPT +Creating tcp service +src range: 0 - 0 +dst range: 201 - 201 +add_rule: line=108 chain=user_chain SRC=128.143.0.0/16 PROTO=tcp PORT=202 TARGET=ACCEPT +Creating tcp service +src range: 0 - 0 +dst range: 202 - 202 +add_rule: line=109 chain=user_chain SRC=128.143.0.0/16 PROTO=tcp PORT=204 TARGET=ACCEPT +Creating tcp service +src range: 0 - 0 +dst range: 204 - 204 +add_rule: line=110 chain=user_chain SRC=128.143.0.0/16 PROTO=tcp PORT=206 TARGET=ACCEPT +Creating tcp service +src range: 0 - 0 +dst range: 206 - 206 +add_rule: line=114 chain=user_chain MULTIPORT SRC=128.143.0.0/16 PROTO=tcp DST MULTIPORT= PORT=548 PORT=201 PORT=202 PORT=204 PORT=206 TARGET=ACCEPT +Creating tcp service +src range: 0 - 0 +dst range: 548 - 548 +Creating tcp service +src range: 0 - 0 +dst range: 201 - 201 +Creating tcp service +src range: 0 - 0 +dst range: 202 - 202 +Creating tcp service +src range: 0 - 0 +dst range: 204 - 204 +Creating tcp service +src range: 0 - 0 +dst range: 206 - 206 +Group of tcp services with name 'tcp group 0', sig 'tcp dst 548:548_201:201_202:202_204:204_206:206_' +add_rule: line=116 chain=user_chain TARGET=DROP COMMIT +TABLE mangle +NEW CHAIN PREROUTING +NEW CHAIN INPUT +NEW CHAIN FORWARD +NEW CHAIN OUTPUT +NEW CHAIN POSTROUTING + +add_rule: line=129 chain=FORWARD I_INTF=eth1 PROTO=tcp PORT=smtp TARGET=MARK SET MARK=16 +Creating tcp service +src range: 0 - 0 +dst range: smtp - smtp +add_rule: line=132 chain=PREROUTING I_INTF=eth1 PROTO=tcp PORT=smtp TARGET=MARK SET MARK=16 +Creating tcp service +src range: 0 - 0 +dst range: smtp - smtp +add_rule: line=135 chain=PREROUTING TARGET=CONNMARK RESTORE MARK +add_rule: line=138 chain=POSTROUTING O_INTF=eth1 PROTO=tcp PORT=smtp TARGET=MARK SET MARK=16 +Creating tcp service +src range: smtp - smtp +dst range: 0 - 0 +add_rule: line=139 chain=POSTROUTING TARGET=CONNMARK SAVE MARK +add_rule: line=142 chain=POSTROUTING MARK MATCH MARK 1 TARGET=ROUTE ROUTE_OIF=eth0 CONTINUE +add_rule: line=143 chain=POSTROUTING MARK MATCH MARK 2 TARGET=ROUTE ROUTE_OIF=eth2 CONTINUE +add_rule: line=147 chain=POSTROUTING DST=192.168.1.1 TARGET=TOS SET TOS=Minimize-Delay(unsupported) +add_rule: line=148 chain=POSTROUTING DST=192.168.1.1 TARGET=TOS SET TOS=0x10(unsupported) COMMIT +TABLE nat +NEW CHAIN PREROUTING +NEW CHAIN POSTROUTING +NEW CHAIN OUTPUT + +add_rule: line=157 chain=POSTROUTING O_INTF=eth1 SRC=192.168.1.0/24 TARGET=SNAT TO-SOURCE 222.222.222.222-222.222.222.222:- +add_rule: line=158 chain=POSTROUTING O_INTF=eth0 SRC=192.168.1.0/24 TARGET=SNAT TO-SOURCE 192.168.1.1-192.168.1.1:- +add_rule: line=159 chain=POSTROUTING O_INTF=eth+ SRC=192.168.1.32/27 TARGET=SNAT TO-SOURCE 222.222.222.10-222.222.222.100:- +add_rule: line=160 chain=POSTROUTING O_INTF=eth+ PROTO=tcp TCP SRC=192.168.1.0/24 DST=192.168.1.20 PORT=80 TARGET=SNAT TO-SOURCE 192.168.1.1-192.168.1.1:- +Creating tcp service +src range: 0 - 0 +dst range: 80 - 80 +add_rule: line=161 chain=POSTROUTING O_INTF=eth1 PROTO=tcp TCP SRC=192.168.1.10 PORT=1000:1010 TARGET=SNAT TO-SOURCE PORT=1000:1010 222.222.222.222-222.222.222.222:1000-1010 +Creating tcp service +src range: 1000 - 1010 +dst range: 0 - 0 +Creating tcp service +src range: 1000 - 1010 +dst range: 0 - 0 +add_rule: line=163 chain=POSTROUTING O_INTF=eth2 SRC=192.168.1.0/24 TARGET=MASQUERADE +add_rule: line=165 chain=POSTROUTING SRC=192.168.1.0/24 TARGET=NETMAP TO-NETMAP222.222.222.0/24 +add_rule: line=167 chain=PREROUTING PROTO=tcp TCP DST=222.222.222.222 PORT=25 TARGET=DNAT TO-DESTINATION PORT=25 192.168.1.10-192.168.1.10:25-25 +Creating tcp service +src range: 0 - 0 +dst range: 25 - 25 +Creating tcp service +src range: 0 - 0 +dst range: 25 - 25 +add_rule: line=168 chain=PREROUTING PROTO=icmp ICMP DST=222.222.222.222 ICMP_TYPE=8 ICMP_CODE=0 TARGET=DNAT TO-DESTINATION 192.168.1.10-192.168.1.10:- +add_rule: line=169 chain=PREROUTING PROTO=tcp TCP PORT=1000:1010 DST=222.222.222.222 TARGET=DNAT TO-DESTINATION 192.168.1.10-192.168.1.10:- +Creating tcp service +src range: 1000 - 1010 +dst range: 0 - 0 +add_rule: line=170 chain=PREROUTING PROTO=tcp TCP DST=222.222.222.222 PORT=4000:4010 TARGET=DNAT TO-DESTINATION PORT=4000:4010 192.168.1.10-192.168.1.10:4000-4010 +Creating tcp service +src range: 0 - 0 +dst range: 4000 - 4010 +Creating tcp service +src range: 0 - 0 +dst range: 4000 - 4010 +add_rule: line=171 chain=PREROUTING PROTO=tcp TCP MULTIPORT DST=222.222.222.222 DST MULTIPORT= PORT=6667 PORT=3128 PORT=113 PORT=53 PORT=21 PORT=80 PORT=119 PORT=25 PORT=22 PORT=23 PORT=540 PORT=70 PORT=13 PORT=2105 PORT=443 TARGET=DNAT TO-DESTINATION 192.168.1.10-192.168.1.10:- +Creating tcp service +src range: 0 - 0 +dst range: 6667 - 6667 +Creating tcp service +src range: 0 - 0 +dst range: 3128 - 3128 +Creating tcp service +src range: 0 - 0 +dst range: 113 - 113 +Creating tcp service +src range: 0 - 0 +dst range: 53 - 53 +Creating tcp service +src range: 0 - 0 +dst range: 21 - 21 +Creating tcp service +src range: 0 - 0 +dst range: 80 - 80 +Creating tcp service +src range: 0 - 0 +dst range: 119 - 119 +Creating tcp service +src range: 0 - 0 +dst range: 25 - 25 +Creating tcp service +src range: 0 - 0 +dst range: 22 - 22 +Creating tcp service +src range: 0 - 0 +dst range: 23 - 23 +Creating tcp service +src range: 0 - 0 +dst range: 540 - 540 +Creating tcp service +src range: 0 - 0 +dst range: 70 - 70 +Creating tcp service +src range: 0 - 0 +dst range: 13 - 13 +Creating tcp service +src range: 0 - 0 +dst range: 2105 - 2105 +Creating tcp service +src range: 0 - 0 +dst range: 443 - 443 +Group of tcp services with name 'tcp group 1', sig 'tcp dst 6667:6667_3128:3128_113:113_53:53_21:21_80:80_119:119_25:25_22:22_23:23_540:540_70:70_13:13_2105:2105_443:443_' +add_rule: line=174 chain=PREROUTING DST=192.168.3.145 I_INTF=eth0 PROTO=47 TARGET=DNAT TO-DESTINATION 1.1.1.1-1.1.1.1:- +add_rule: line=177 chain=POSTROUTING SRC=192.168.1.0/24 DST=192.168.2.0/24 TARGET=ACCEPT +add_rule: line=180 chain=PREROUTING SRC=192.168.1.0/24 PROTO=tcp TCP PORT=80 TARGET=REDIRECT PORT=3128 TO-PORTS -:31283128 +Creating tcp service +src range: 0 - 0 +dst range: 80 - 80 +add_rule: line=183 chain=OUTPUT PROTO=tcp TCP DST=192.168.1.22 PORT=80 TARGET=DNAT TO-DESTINATION PORT=80 192.168.2.10-192.168.2.10:80-80 +Creating tcp service +src range: 0 - 0 +dst range: 80 - 80 +Creating tcp service +src range: 0 - 0 +dst range: 80 - 80 +add_rule: line=184 chain=OUTPUT PROTO=icmp ICMP DST=22.22.22.23 ICMP_TYPE=11 ICMP_CODE=0 TARGET=DNAT TO-DESTINATION 192.168.1.10-192.168.1.10:- COMMIT +IPTImporter::finalize() diff --git a/src/unit_tests/importer/test_data/test1.conf b/src/unit_tests/importer/test_data/test1.conf new file mode 100644 index 000000000..0f79fdeab --- /dev/null +++ b/src/unit_tests/importer/test_data/test1.conf @@ -0,0 +1,284 @@ +! +! Last configuration change at 12:24:46 PST Fri May 11 2007 by vadim +! NVRAM config last updated at 12:24:46 PST Fri May 11 2007 by vadim +! +version 12.2 +service timestamps debug uptime +no service timestamps log uptime +service password-encryption +! +hostname "c3620" +! +no logging buffered +no logging console +aaa new-model +aaa new-model +aaa group server tacacs+ inttac + server 10.1.0.1 +! +enable secret 5 $1$U6dJ$BfnMsC23.X8BCFJB0XIJA. +enable password 7 +! +username user1 password 7 0123456789ABCDEF00 +username user2 password 7 01234567890ABCDEF01234567890 +clock timezone PST -7 +ip subnet-zero +! +! +ip domain-name fwbuilder.org +ip name-server 10.1.1.10 +! +ip audit notify log +ip audit po max-events 100 +! +crypto isakmp policy 10 + encr 3des + hash md5 + authentication pre-share + group 2 +crypto isakmp key address 22.22.22.22 +crypto isakmp key address 192.168.171.1 +! +crypto ipsec security-association lifetime seconds 28800 +! +crypto ipsec transform-set test-transform esp-3des esp-md5-hmac +crypto ipsec transform-set pix-transform esp-3des esp-md5-hmac +! +crypto map test 10 ipsec-isakmp + set peer 22.22.22.22 + set transform-set test-transform + match address 133 +! +crypto map real 10 ipsec-isakmp + set peer 192.168.171.1 + set transform-set pix-transform + match address 144 +! +call rsvp-sync +! +! +! +module ContentSwitchingModule 3 + ft group 1 vlan 9 + preempt +! +! -- test behavior for the "ip address" command in the "vlan" context +! (should ignore it) +! + vlan 706 server + ip address 172.16.1.1 255.255.255.128 + alias 172.16.1.2 255.255.255.128 +! + vlan 111 client + ip address 172.16.10.1 255.255.255.0 + gateway 172.16.10.254 +! + static nat virtual + real 192.168.16.20 + real 192.168.16.19 +! +! + vserver TEST + virtual 172.16.1.51 tcp www + vlan 706 + serverfarm BBTEST-HTTP + persistent rebalance + slb-policy BBTEST + inservice +! +! +interface FastEthernet0/0 + ip address 192.168.100.100 255.255.255.0 secondary + ip address 10.3.14.201 255.255.255.0 + ip access-group fe0_0_acl_in in + ip access-group fe0_0_acl_out out + no ip mroute-cache + duplex auto + speed auto +! +interface Ethernet1/0 + description Test [test] {test} (and one more test) /weird:characters#$%^&*/ + ip address 192.168.171.2 255.255.255.0 + ip access-group e1_0_acl_in in + ip access-group e1_0_acl_out out + no ip mroute-cache + ip ospf cost 65000 + half-duplex + crypto map real +! +interface Serial1/0 + ip unnumbered Loopback0 + no ip mroute-cache + shutdown + no fair-queue +! +interface Ethernet1/1 + ip address 10.10.10.10 255.255.255.0 + no ip mroute-cache +! +! Note - the same access list applied both in and out + ip access-group 133 in + ip access-group 133 out + no shutdown + half-duplex +! +interface Ethernet1/2 + ip address 10.10.20.20 255.255.255.0 + no ip mroute-cache +! +! Note - the same access list applied both in and out +! the same list is applied to eth 1/1 and eth 1/2 + ip access-group 133 in + ip access-group 133 out + no shutdown + half-duplex +! +router ospf 1 + network 10.3.14.0 0.0.0.255 area 0 +! +ip classless +ip route 0.0.0.0 0.0.0.0 192.168.171.1 +no ip http server +! +ip bgp-community new-format +ip community-list standard AS65530.INTERNAL permit 65532:10100 +ip community-list expanded ASFOO permit _65533:10200_ +ip community-list expanded ASFOO.CUST permit _65532:103.._ +ip community-list expanded TEST99 permit 65532:102.* 65533:.* +ip as-path access-list 10 permit ^1239_ +ip as-path access-list 10 permit .* +ip flow-export source Loopback0 +ip flow-export version 5 +! +!################################################################ +ip access-list extended e1_0_acl_in + deny ip any any fragments + permit tcp host 10.3.14.40 host 192.168.171.2 eq 22 log + permit tcp host 10.3.14.40 host 10.3.14.201 eq 22 log + permit ip any 10.3.14.0 0.0.0.255 log + deny ip any any log +!################################################################ +ip access-list extended e1_0_acl_out + permit ip 10.3.14.0 0.0.0.255 any log + deny ip any any log +!################################################################ +ip access-list extended fe0_0_acl_in + permit tcp host 10.3.14.40 host 192.168.171.2 eq 22 log + permit tcp host 10.3.14.40 host 10.3.14.201 eq 22 log + permit ip 10.3.14.0 0.0.0.255 any log + deny ip any any log +!################################################################ +ip access-list extended fe0_0_acl_out + permit ip any 10.3.14.0 0.0.0.255 log + deny ip any any log +!################################################################ +ip access-list extended outside + remark //path1/path2/path3 + remark access list comment +! destination port + permit udp any any eq isakmp +! source port + permit tcp any eq 80 any +! source port and established + permit tcp any eq 80 any established +! different port operators + permit tcp any gt 1023 any + deny tcp any lt 1023 any +! ports can be defined by number or by name + permit tcp any any eq www +! port ranges + permit tcp any any range 22 80 + permit tcp any any range 22 www +! +! two identical services, one tcp, another udp + deny tcp any any eq 2967 + deny tcp any eq 2967 any + deny udp any any eq 2967 + deny udp any eq 2967 any +! + permit ahp any any + permit esp any any +! icmp rule with no icmp spec + permit icmp any any +! icmp rule with icmp spec in the form of two integers + permit icmp any any 8 0 +! icmp rule with icmp spec in the form of a word + permit icmp any any unreachable + permit icmp any any host-unreachable + permit icmp any any host-precedence-unreachable +! +! check for empty line inside ACL definition + + permit udp any any eq bootpc + permit udp any any eq bootps + permit udp any eq domain any +! 'time-range' option + permit tcp 10.10.10.0 0.0.0.255 eq 80 host 10.3.14.40 established time-range evening + deny ip any any log +!################################################################ +ip access-list extended tmp_acl + permit ip 10.3.14.0 0.0.0.255 any + deny ip any any +! +access-list 133 permit ip 10.3.14.0 0.0.0.255 10.10.10.0 0.0.0.255 +access-list 133 permit ip 10.10.10.0 0.0.0.255 10.3.14.0 0.0.0.255 +access-list 133 deny ip any any log +access-list 144 permit icmp 10.3.14.0 0.0.0.255 10.2.1.0 0.0.0.255 +access-list 144 permit icmp 10.2.1.0 0.0.0.255 10.3.14.0 0.0.0.255 +access-list 144 permit ip 10.3.14.0 0.0.0.255 10.2.1.0 0.0.0.255 +access-list 144 permit ip 10.2.1.0 0.0.0.255 10.3.14.0 0.0.0.255 +access-list 144 permit icmp 10.3.14.0 0.0.0.255 host 192.168.171.1 +access-list 144 permit icmp host 192.168.171.1 10.3.14.0 0.0.0.255 +access-list 144 permit ip 10.3.14.0 0.0.0.255 host 192.168.171.1 +access-list 144 permit ip host 192.168.171.1 10.3.14.0 0.0.0.255 +access-list 199 permit icmp 10.3.14.0 0.0.0.255 10.10.10.0 0.0.0.255 log +access-list 199 permit ip any any +! +access-list 1300 remark Standard access lists are 1 to 99 and 1300 to 1999 +access-list 1300 permit 22.22.22.21 +access-list 1300 permit 22.23.24.25 +access-list 1300 permit 22.23.25.0 0.0.0.15 +access-list 1300 permit 10.0.0.0 0.255.255.255 +! +route-map AS65530_AGGREGATION permit 10 + match ip address prefix-list AS65530_AGGR + set community 65532:111 65533:101 65533:111 65533:121 65533:131 65533:141 65533:151 65533:201 65533:301 65533:311 65533:321 65533:401 +! +! +snmp-server community public RO +snmp-server enable traps tty +! +dial-peer cor custom +! +ip prefix-list AS65530_AGGR permit 22.23.24.0/19 le 24 +! +logging facility syslog +logging source-interface Loopback0 +logging 10.1.0.91 +logging 10.1.0.92 +! +! +! +banner motd ^C + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ B A N N E R ~ ~ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +^C +! +line con 0 +line aux 0 +line vty 0 4 + password 7 +! +ntp clock-period 17179753 +ntp server 10.3.14.10 +! +time-range evening + periodic daily 17:00 to 23:59 +! +end + diff --git a/src/unit_tests/importer/test_data/test1.result b/src/unit_tests/importer/test_data/test1.result new file mode 100644 index 000000000..3cbb2737e --- /dev/null +++ b/src/unit_tests/importer/test_data/test1.result @@ -0,0 +1,83 @@ + *** Loading standard data file ... done +Host name: "c3620" +Interface: FastEthernet0/0 +Interface address: 192.168.100.100/255.255.255.0 +Interface address: 10.3.14.201/255.255.255.0 +Interface ruleset fe0_0_acl_in direction 'in' (set to 'in') +Interface ruleset fe0_0_acl_out direction 'out' (set to 'out') +Interface: Ethernet1/0 +Interface comment: Test [ test ] { test } ( and one more test) / weird:characters#$%^&*/ +Interface address: 192.168.171.2/255.255.255.0 +Interface ruleset e1_0_acl_in direction 'in' (set to 'in') +Interface ruleset e1_0_acl_out direction 'out' (set to 'out') +Interface: Serial1/0 +Interface: Ethernet1/1 +Interface address: 10.10.10.10/255.255.255.0 +Interface ruleset acl_133 direction 'in' (set to 'in') +Interface ruleset acl_133 direction 'out' (set to 'both') +Interface: Ethernet1/2 +Interface address: 10.10.20.20/255.255.255.0 +Interface ruleset acl_133 direction 'in' (set to 'in') +Interface ruleset acl_133 direction 'out' (set to 'both') +Ruleset: e1_0_acl_in +IP Service object: ip-0 fragm +Address object: h-10.3.14.40 +Address object: h-192.168.171.2 +TCP Service object: tcp 22-22 +Address object: h-10.3.14.201 +Network object: net-10.3.14.0/255.255.255.0 +Ruleset: e1_0_acl_out +Ruleset: fe0_0_acl_in +Ruleset: fe0_0_acl_out +Ruleset: outside +Rule comment: / / path1/path2/path3 +Rule comment: access list comment +UDP Service object: udp 0-0:500-500 +TCP Service object: tcp 80-80: +TCP Service object: tcp 80-80: est +TCP Service object: tcp 1023-65535: +TCP Service object: tcp 0-1023: +TCP Service object: tcp 80-80 +TCP Service object: tcp 22-80 +TCP Service object: tcp 2967-2967 +TCP Service object: tcp 2967-2967: +UDP Service object: udp 0-0:2967-2967 +UDP Service object: udp 2967-2967:0-0 +IP Service object: ip-51 +IP Service object: ip-50 +ICMP Service object: icmp -1/-1 +ICMP Service object: icmp 8/0 +ICMP Service object: icmp 3/-1 +ICMP Service object: icmp 3/1 +ICMP Service object: icmp 3/14 +UDP Service object: udp 0-0:68-68 +UDP Service object: udp 0-0:67-67 +UDP Service object: udp 53-53:0-0 +Network object: net-10.10.10.0/255.255.255.0 +Ruleset: tmp_acl +Ruleset: acl_133 +Ruleset: acl_133 +Ruleset: acl_133 +Ruleset: acl_144 +Network object: net-10.2.1.0/255.255.255.0 +Ruleset: acl_144 +Ruleset: acl_144 +Ruleset: acl_144 +Ruleset: acl_144 +Address object: h-192.168.171.1 +Ruleset: acl_144 +Ruleset: acl_144 +Ruleset: acl_144 +Ruleset: acl_199 +Ruleset: acl_199 +Ruleset: acl_1300 +Rule comment: Standard access lists are 1 to 99 and 1300 to 1999 +Ruleset: acl_1300 +Address object: h-22.22.22.21 +Ruleset: acl_1300 +Address object: h-22.23.24.25 +Ruleset: acl_1300 +Network object: net-22.23.25.0/255.255.255.240 +Ruleset: acl_1300 +Network object: net-10.0.0.0/255.0.0.0 + diff --git a/src/unit_tests/importer/test_data/test1.stderr b/src/unit_tests/importer/test_data/test1.stderr new file mode 100644 index 000000000..7c482730f --- /dev/null +++ b/src/unit_tests/importer/test_data/test1.stderr @@ -0,0 +1,189 @@ +VERSION 12.2 +HOSTNAME LT0="c3620" +69: INTRFACE ADDRESS: 172.16.1.1/255.255.255.128 +73: INTRFACE ADDRESS: 172.16.10.1/255.255.255.0 +90: INTRFACE: FastEthernet0/0 +91: INTRFACE ADDRESS: 192.168.100.100/255.255.255.0 secondary +92: INTRFACE ADDRESS: 10.3.14.201/255.255.255.0 +93: INTRFACE: ACL 'fe0_0_acl_in' in +94: INTRFACE: ACL 'fe0_0_acl_out' out +99: INTRFACE: Ethernet1/0 +100: INTERFACE DESCRIPTION Test [ test ] { test } ( and one more test) / weird:characters#$%^&*/ +101: INTRFACE ADDRESS: 192.168.171.2/255.255.255.0 +102: INTRFACE: ACL 'e1_0_acl_in' in +103: INTRFACE: ACL 'e1_0_acl_out' out +109: INTRFACE: Serial1/0 +112: INTERFACE SHUTDOWN +115: INTRFACE: Ethernet1/1 +116: INTRFACE ADDRESS: 10.10.10.10/255.255.255.0 +120: INTRFACE: ACL '133' in +121: INTRFACE: ACL '133' out +125: INTRFACE: Ethernet1/2 +126: INTRFACE ADDRESS: 10.10.20.20/255.255.255.0 +131: INTRFACE: ACL '133' in +132: INTRFACE: ACL '133' out +154: ACL ext e1_0_acl_in +155: deny protocol ip 0.0.0.0/0.0.0.0(src) 0.0.0.0/0.0.0.0(dst) fragments +156: permit protocol tcp 10.3.14.40/0.0.0.0(src) 192.168.171.2/0.0.0.0(dst) eq 22 logging +Convert TCP/UDP port spec: port_op= port_spec= +Convert TCP/UDP port spec: port_op=eq port_spec= 22 +157: permit protocol tcp 10.3.14.40/0.0.0.0(src) 10.3.14.201/0.0.0.0(dst) eq 22 logging +Convert TCP/UDP port spec: port_op= port_spec= +Convert TCP/UDP port spec: port_op=eq port_spec= 22 +158: permit protocol ip 0.0.0.0/0.0.0.0(src) 10.3.14.0/0.0.0.255(dst) logging +159: deny protocol ip 0.0.0.0/0.0.0.0(src) 0.0.0.0/0.0.0.0(dst) logging +160: ACL end + +161: ACL ext e1_0_acl_out +162: permit protocol ip 10.3.14.0/0.0.0.255(src) 0.0.0.0/0.0.0.0(dst) logging +163: deny protocol ip 0.0.0.0/0.0.0.0(src) 0.0.0.0/0.0.0.0(dst) logging +164: ACL end + +165: ACL ext fe0_0_acl_in +166: permit protocol tcp 10.3.14.40/0.0.0.0(src) 192.168.171.2/0.0.0.0(dst) eq 22 logging +Convert TCP/UDP port spec: port_op= port_spec= +Convert TCP/UDP port spec: port_op=eq port_spec= 22 +167: permit protocol tcp 10.3.14.40/0.0.0.0(src) 10.3.14.201/0.0.0.0(dst) eq 22 logging +Convert TCP/UDP port spec: port_op= port_spec= +Convert TCP/UDP port spec: port_op=eq port_spec= 22 +168: permit protocol ip 10.3.14.0/0.0.0.255(src) 0.0.0.0/0.0.0.0(dst) logging +169: deny protocol ip 0.0.0.0/0.0.0.0(src) 0.0.0.0/0.0.0.0(dst) logging +170: ACL end + +171: ACL ext fe0_0_acl_out +172: permit protocol ip 0.0.0.0/0.0.0.0(src) 10.3.14.0/0.0.0.255(dst) logging +173: deny protocol ip 0.0.0.0/0.0.0.0(src) 0.0.0.0/0.0.0.0(dst) logging +174: ACL end + +175: ACL ext outside +176: REMARK / / path1/path2/path3 +177: REMARK access list comment +179: permit protocol udp 0.0.0.0/0.0.0.0(src) 0.0.0.0/0.0.0.0(dst) eq isakmp +Convert TCP/UDP port spec: port_op= port_spec= +Convert TCP/UDP port spec: port_op=eq port_spec= isakmp +181: permit protocol tcp 0.0.0.0/0.0.0.0(src) eq 80 0.0.0.0/0.0.0.0(dst) +Convert TCP/UDP port spec: port_op=eq port_spec= 80 +Convert TCP/UDP port spec: port_op= port_spec= +183: permit protocol tcp 0.0.0.0/0.0.0.0(src) eq 80 0.0.0.0/0.0.0.0(dst) established +Convert TCP/UDP port spec: port_op=eq port_spec= 80 +Convert TCP/UDP port spec: port_op= port_spec= +185: permit protocol tcp 0.0.0.0/0.0.0.0(src) gt 1023 0.0.0.0/0.0.0.0(dst) +Convert TCP/UDP port spec: port_op=gt port_spec= 1023 +Convert TCP/UDP port spec: port_op= port_spec= +186: deny protocol tcp 0.0.0.0/0.0.0.0(src) lt 1023 0.0.0.0/0.0.0.0(dst) +Convert TCP/UDP port spec: port_op=lt port_spec= 1023 +Convert TCP/UDP port spec: port_op= port_spec= +188: permit protocol tcp 0.0.0.0/0.0.0.0(src) 0.0.0.0/0.0.0.0(dst) eq www +Convert TCP/UDP port spec: port_op= port_spec= +Convert TCP/UDP port spec: port_op=eq port_spec= www +190: permit protocol tcp 0.0.0.0/0.0.0.0(src) 0.0.0.0/0.0.0.0(dst) range 22 80 +Convert TCP/UDP port spec: port_op= port_spec= +Convert TCP/UDP port spec: port_op=range port_spec= 22 80 +191: permit protocol tcp 0.0.0.0/0.0.0.0(src) 0.0.0.0/0.0.0.0(dst) range 22 www +Convert TCP/UDP port spec: port_op= port_spec= +Convert TCP/UDP port spec: port_op=range port_spec= 22 www +194: deny protocol tcp 0.0.0.0/0.0.0.0(src) 0.0.0.0/0.0.0.0(dst) eq 2967 +Convert TCP/UDP port spec: port_op= port_spec= +Convert TCP/UDP port spec: port_op=eq port_spec= 2967 +195: deny protocol tcp 0.0.0.0/0.0.0.0(src) eq 2967 0.0.0.0/0.0.0.0(dst) +Convert TCP/UDP port spec: port_op=eq port_spec= 2967 +Convert TCP/UDP port spec: port_op= port_spec= +196: deny protocol udp 0.0.0.0/0.0.0.0(src) 0.0.0.0/0.0.0.0(dst) eq 2967 +Convert TCP/UDP port spec: port_op= port_spec= +Convert TCP/UDP port spec: port_op=eq port_spec= 2967 +197: deny protocol udp 0.0.0.0/0.0.0.0(src) eq 2967 0.0.0.0/0.0.0.0(dst) +Convert TCP/UDP port spec: port_op=eq port_spec= 2967 +Convert TCP/UDP port spec: port_op= port_spec= +199: permit protocol ahp 0.0.0.0/0.0.0.0(src) 0.0.0.0/0.0.0.0(dst) +200: permit protocol esp 0.0.0.0/0.0.0.0(src) 0.0.0.0/0.0.0.0(dst) +202: permit protocol icmp 0.0.0.0/0.0.0.0(src) 0.0.0.0/0.0.0.0(dst) +204: permit protocol icmp 0.0.0.0/0.0.0.0(src) 0.0.0.0/0.0.0.0(dst) 8 0 +206: permit protocol icmp 0.0.0.0/0.0.0.0(src) 0.0.0.0/0.0.0.0(dst) unreachable +207: permit protocol icmp 0.0.0.0/0.0.0.0(src) 0.0.0.0/0.0.0.0(dst) host-unreachable +208: permit protocol icmp 0.0.0.0/0.0.0.0(src) 0.0.0.0/0.0.0.0(dst) host-precedence-unreachable +212: permit protocol udp 0.0.0.0/0.0.0.0(src) 0.0.0.0/0.0.0.0(dst) eq bootpc +Convert TCP/UDP port spec: port_op= port_spec= +Convert TCP/UDP port spec: port_op=eq port_spec= bootpc +213: permit protocol udp 0.0.0.0/0.0.0.0(src) 0.0.0.0/0.0.0.0(dst) eq bootps +Convert TCP/UDP port spec: port_op= port_spec= +Convert TCP/UDP port spec: port_op=eq port_spec= bootps +214: permit protocol udp 0.0.0.0/0.0.0.0(src) eq domain 0.0.0.0/0.0.0.0(dst) +Convert TCP/UDP port spec: port_op=eq port_spec= domain +Convert TCP/UDP port spec: port_op= port_spec= +216: permit protocol tcp 10.10.10.0/0.0.0.255(src) eq 80 10.3.14.40/0.0.0.0(dst) established time_range evening +Convert TCP/UDP port spec: port_op=eq port_spec= 80 +Convert TCP/UDP port spec: port_op= port_spec= +217: deny protocol ip 0.0.0.0/0.0.0.0(src) 0.0.0.0/0.0.0.0(dst) logging +218: ACL end + +219: ACL ext tmp_acl +220: permit protocol ip 10.3.14.0/0.0.0.255(src) 0.0.0.0/0.0.0.0(dst) +221: deny protocol ip 0.0.0.0/0.0.0.0(src) 0.0.0.0/0.0.0.0(dst) +222: ACL end + +223: ACL #133 223: permit protocol ip 10.3.14.0/0.0.0.255(src) 10.10.10.0/0.0.0.255(dst) +224: ACL #133 224: permit protocol ip 10.10.10.0/0.0.0.255(src) 10.3.14.0/0.0.0.255(dst) +225: ACL #133 225: deny protocol ip 0.0.0.0/0.0.0.0(src) 0.0.0.0/0.0.0.0(dst) logging +226: ACL #144 226: permit protocol icmp 10.3.14.0/0.0.0.255(src) 10.2.1.0/0.0.0.255(dst) +227: ACL #144 227: permit protocol icmp 10.2.1.0/0.0.0.255(src) 10.3.14.0/0.0.0.255(dst) +228: ACL #144 228: permit protocol ip 10.3.14.0/0.0.0.255(src) 10.2.1.0/0.0.0.255(dst) +229: ACL #144 229: permit protocol ip 10.2.1.0/0.0.0.255(src) 10.3.14.0/0.0.0.255(dst) +230: ACL #144 230: permit protocol icmp 10.3.14.0/0.0.0.255(src) 192.168.171.1/0.0.0.0(dst) +231: ACL #144 231: permit protocol icmp 192.168.171.1/0.0.0.0(src) 10.3.14.0/0.0.0.255(dst) +232: ACL #144 232: permit protocol ip 10.3.14.0/0.0.0.255(src) 192.168.171.1/0.0.0.0(dst) +233: ACL #144 233: permit protocol ip 192.168.171.1/0.0.0.0(src) 10.3.14.0/0.0.0.255(dst) +234: ACL #199 234: permit protocol icmp 10.3.14.0/0.0.0.255(src) 10.10.10.0/0.0.0.255(dst) logging +235: ACL #199 235: permit protocol ip 0.0.0.0/0.0.0.0(src) 0.0.0.0/0.0.0.0(dst) +237: ACL #1300 237: REMARK Standard access lists are 1 to 99 and 1300 to 1999 +238: ACL #1300 238: permit 22.22.22.21/0.0.0.0(std) +239: ACL #1300 239: permit 22.23.24.25/0.0.0.0(std) +240: ACL #1300 240: permit 22.23.25.0/0.0.0.15(std) +241: ACL #1300 241: permit 10.0.0.0/0.255.255.255(std) +IPTImporter::finalize() +Setting interface and direction for all rules +all_rulesets.size()=10 + irs->name=acl_1300 + irs->intf_dir.size()=0 + irs->ruleset->size()=4 +ruleset done + irs->name=acl_133 + irs->intf_dir.size()=2 + irs->ruleset->size()=3 +Interface group with name 'intf-acl_133', sig 'acl_133__Ethernet1/1_Ethernet1/2' +ruleset done + irs->name=acl_144 + irs->intf_dir.size()=0 + irs->ruleset->size()=8 +ruleset done + irs->name=acl_199 + irs->intf_dir.size()=0 + irs->ruleset->size()=2 +ruleset done + irs->name=e1_0_acl_in + irs->intf_dir.size()=1 + irs->ruleset->size()=5 + interface=Ethernet1/0 +ruleset done + irs->name=e1_0_acl_out + irs->intf_dir.size()=1 + irs->ruleset->size()=2 + interface=Ethernet1/0 +ruleset done + irs->name=fe0_0_acl_in + irs->intf_dir.size()=1 + irs->ruleset->size()=4 + interface=FastEthernet0/0 +ruleset done + irs->name=fe0_0_acl_out + irs->intf_dir.size()=1 + irs->ruleset->size()=2 + interface=FastEthernet0/0 +ruleset done + irs->name=outside + irs->intf_dir.size()=0 + irs->ruleset->size()=24 +ruleset done + irs->name=tmp_acl + irs->intf_dir.size()=0 + irs->ruleset->size()=2 +ruleset done diff --git a/src/unit_tests/rcsinterface/rcs.pro b/src/unit_tests/rcsinterface/rcs.pro new file mode 100644 index 000000000..02b95538d --- /dev/null +++ b/src/unit_tests/rcsinterface/rcs.pro @@ -0,0 +1,34 @@ +#-*- mode: makefile; tab-width: 4; -*- +# +# +# +include(../../../qmake.inc) +# +exists(qmake.inc) { + include( qmake.inc) +} + +QT += network + +HEADERS += ../../../config.h \ + ../../gui/RCS.h \ + ../../gui/utils.h \ + ../../gui/global.h + +SOURCES += rcs_test.cpp \ + ../../gui/utils.cpp \ + ../../gui/RCS.cpp + + +# +include(../../../qmake.inc) +# +exists(../qmake.inc) { + include( ../qmake.inc) +} + +TARGET = rcs_test + +INCLUDEPATH += ../../.. ../../gui/ + +QMAKE_COPY = echo diff --git a/src/unit_tests/rcsinterface/rcs_test.cpp b/src/unit_tests/rcsinterface/rcs_test.cpp new file mode 100644 index 000000000..8dcaa171a --- /dev/null +++ b/src/unit_tests/rcsinterface/rcs_test.cpp @@ -0,0 +1,92 @@ +/* + + Firewall Builder + + Copyright (C) 2003 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: rcs_test.cpp 1445 2007-11-20 17:41:22Z alek $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#include "config.h" +#include "global.h" +#include "../../gui/RCS.h" + +#include +#include +#include +#include + +#include + +using namespace std; +using namespace libfwbuilder; + +QApplication *app = NULL; +int fwbdebug = 0; + +QString test_file = "zu.fwb"; +QString rlog_unit_test_log_file = "rlog_unit_test.log"; + +int main( int argc, char ** argv ) +{ + app = new QApplication( argc, argv ); + QWidget *w = new QWidget; + //app->setMainWidget(w); + w->show(); + + RCS *rcs = new RCS(test_file); + + QString reverse_engineered_rlog; + + QList::iterator i; + for (i=rcs->begin(); i!=rcs->end(); ++i) + { + reverse_engineered_rlog += "---------------------------------\n"; + reverse_engineered_rlog += "revision: " + (*i).rev + "\n"; + reverse_engineered_rlog += "date: " + (*i).date + "\n"; + reverse_engineered_rlog += "author: " + (*i).author + "\n"; + reverse_engineered_rlog += "locked by: " + (*i).locked_by + "\n"; + reverse_engineered_rlog += "log: " + (*i).log + "\n"; + } + + QFile rlog_test_file(rlog_unit_test_log_file); + if (rlog_test_file.open( QIODevice::ReadOnly )) + { + QTextStream strm( &rlog_test_file ); + QString test_str = strm.readAll(); + rlog_test_file.close(); + + if (test_str != reverse_engineered_rlog) + { + cout << "Test failed. Generated log (incorrect):" << endl; + cout << reverse_engineered_rlog.toAscii().constData(); +// cerr << "#############################################" << endl; +// cerr << test_str << endl; + return(2); + } + + } else + { + cout << "Could not open test file " << rlog_unit_test_log_file.toAscii().constData() << endl; + return(2); + } + + return(0); +} diff --git a/src/unit_tests/rcsinterface/rlog_unit_test.log b/src/unit_tests/rcsinterface/rlog_unit_test.log new file mode 100644 index 000000000..f6ea15a34 --- /dev/null +++ b/src/unit_tests/rcsinterface/rlog_unit_test.log @@ -0,0 +1,73 @@ +--------------------------------- +revision: 1.7 +date: 2006-07-18 19:42:51-08 +author: vadim +locked by: +log: revision 1.7 +working in the main trunk + +--------------------------------- +revision: 1.6 +date: 2006-07-18 19:40:24-08 +author: vadim +locked by: vadim +log: revision 1.6 locked by: vadim; +added dns name object + +--------------------------------- +revision: 1.5 +date: 2006-07-18 19:39:45-08 +author: vadim +locked by: +log: revision 1.5 +branches: 1.5.1; +fixed file using fwbedit + +--------------------------------- +revision: 1.4 +date: 2006-06-25 19:16:12-08 +author: vadim +locked by: +log: revision 1.4 +_ + +--------------------------------- +revision: 1.3 +date: 2005-09-04 23:49:31-08 +author: vadim +locked by: +log: revision 1.3 +test commit + +--------------------------------- +revision: 1.2 +date: 2004-09-28 23:01:31-08 +author: vadim +locked by: +log: revision 1.2 +. + +--------------------------------- +revision: 1.1 +date: 2004-06-13 11:54:03-08 +author: vadim +locked by: +log: revision 1.1 +Initial revision + +--------------------------------- +revision: 1.5.1.2 +date: 2006-07-18 19:41:57-08 +author: vadim +locked by: +log: revision 1.5.1.2 +working in the branch + +--------------------------------- +revision: 1.5.1.1 +date: 2006-07-18 19:41:19-08 +author: vadim +locked by: +log: revision 1.5.1.1 +added dns name object #2, creating a branch + diff --git a/src/unit_tests/rcsinterface/run-tests.sh b/src/unit_tests/rcsinterface/run-tests.sh new file mode 100755 index 000000000..fec6d842a --- /dev/null +++ b/src/unit_tests/rcsinterface/run-tests.sh @@ -0,0 +1,10 @@ +#!/bin/sh + +qmake +make +echo "Copying RCS file into place" +mkdir -p RCS +cp zu.fwb_v RCS/zu.fwb,v +echo "Running the test" +./rcs_test && echo PASS || echo FAIL + diff --git a/src/unit_tests/rcsinterface/zu.fwb b/src/unit_tests/rcsinterface/zu.fwb new file mode 100644 index 000000000..9a7a62364 --- /dev/null +++ b/src/unit_tests/rcsinterface/zu.fwb @@ -0,0 +1,28 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/unit_tests/rcsinterface/zu.fwb_v b/src/unit_tests/rcsinterface/zu.fwb_v new file mode 100644 index 000000000..fa0fad0f9 --- /dev/null +++ b/src/unit_tests/rcsinterface/zu.fwb_v @@ -0,0 +1,205 @@ +head 1.7; +access; +symbols; +locks + vadim:1.6; strict; +comment @# @; +expand @b@; + + +1.7 +date 2006.07.19.03.42.51; author vadim; state Exp; +branches; +next 1.6; + +1.6 +date 2006.07.19.03.40.24; author vadim; state Exp; +branches; +next 1.5; + +1.5 +date 2006.07.19.03.39.45; author vadim; state Exp; +branches + 1.5.1.1; +next 1.4; + +1.4 +date 2006.06.26.03.16.12; author vadim; state Exp; +branches; +next 1.3; + +1.3 +date 2005.09.05.07.49.31; author vadim; state Exp; +branches; +next 1.2; + +1.2 +date 2004.09.29.07.01.31; author vadim; state Exp; +branches; +next 1.1; + +1.1 +date 2004.06.13.19.54.03; author vadim; state Exp; +branches; +next ; + +1.5.1.1 +date 2006.07.19.03.41.19; author vadim; state Exp; +branches; +next 1.5.1.2; + +1.5.1.2 +date 2006.07.19.03.41.57; author vadim; state Exp; +branches; +next ; + + +desc +@"Initial checkin" +@ + + +1.7 +log +@working in the main trunk +@ +text +@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +@ + + +1.6 +log +@added dns name object +@ +text +@d3 1 +a3 1 + +d14 1 +@ + + +1.5 +log +@fixed file using fwbedit +@ +text +@d3 1 +a3 1 + +d12 3 +a14 1 + +@ + + +1.5.1.1 +log +@added dns name object #2, creating a branch +@ +text +@d3 1 +a3 1 + +d12 1 +a12 3 + + + +@ + + +1.5.1.2 +log +@working in the branch +@ +text +@d3 1 +a3 1 + +a13 1 + +@ + + +1.4 +log +@_ +@ +text +@d3 2 +a4 2 + + +d6 1 +a6 1 + +d12 1 +d15 1 +a15 1 + +@ + + +1.3 +log +@test commit +@ +text +@d3 1 +a3 1 + +d6 1 +d14 1 +@ + + +1.2 +log +@. +@ +text +@d3 1 +a3 1 + +@ + + +1.1 +log +@Initial revision +@ +text +@d3 1 +a3 1 + +@ diff --git a/src/unit_tests/run-tests.sh b/src/unit_tests/run-tests.sh new file mode 100755 index 000000000..de8faac55 --- /dev/null +++ b/src/unit_tests/run-tests.sh @@ -0,0 +1,6 @@ +#!/bin/sh + +for d in */run-tests.sh +do + (d=`dirname $d`; echo; echo "******* $d "; cd $d && ./run-tests.sh) +done diff --git a/test/ipf/.cvsignore b/test/ipf/.cvsignore new file mode 100644 index 000000000..4c36a76cc --- /dev/null +++ b/test/ipf/.cvsignore @@ -0,0 +1,2 @@ +*.conf +*.fw diff --git a/test/ipf/addr-table-1.tbl b/test/ipf/addr-table-1.tbl new file mode 100644 index 000000000..94ddd3f91 --- /dev/null +++ b/test/ipf/addr-table-1.tbl @@ -0,0 +1,14 @@ +# this is a comment +# +; this should be a comment too +; + +192.168.1.1 +192.168.1.2/32 +192.168.1.3/30 +192.168.2.128/25 +192.168.1.200/32 # comment again + 192.168.1.201/32 # this should work, too + + + diff --git a/test/ipf/do-diff b/test/ipf/do-diff new file mode 100755 index 000000000..e8604d720 --- /dev/null +++ b/test/ipf/do-diff @@ -0,0 +1,14 @@ +#!/bin/sh + +T=$1 +N=$2 + +if which opendiff > /dev/null; then + TOOL="opendiff" +else + TOOL="tkdiff -b -B " +fi + +${TOOL} firewall${N}-${T}.conf.orig firewall${N}-${T}.conf + + diff --git a/test/ipf/large_policy_test.fwb b/test/ipf/large_policy_test.fwb new file mode 100644 index 000000000..d9d87c398 --- /dev/null +++ b/test/ipf/large_policy_test.fwb @@ -0,0 +1,524 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + established + -m state --state ESTABLISHED,RELATED + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + -m record_rpc + + + + + + + + + + -m irc + + + + + + + + + + -m psd --psd-weight-threshold 5 --psd-delay-threshold 10000 + + + + + + + + + + -m string --string test_pattern + + + + + + + + + + -m talk + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/test/ipf/objects-for-regression-tests.fwb b/test/ipf/objects-for-regression-tests.fwb new file mode 100644 index 000000000..d183f9a8e --- /dev/null +++ b/test/ipf/objects-for-regression-tests.fwb @@ -0,0 +1,6565 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + -m ip_conntrack_talk -m ip_nat_talk + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/test/ipf/quick-cmp.sh b/test/ipf/quick-cmp.sh new file mode 100755 index 000000000..c6aa7f2c3 --- /dev/null +++ b/test/ipf/quick-cmp.sh @@ -0,0 +1,19 @@ +#!/usr/bin/perl + +$XMLFILE=@ARGV[0]; + +$DIFFCMD="diff -C 1 -b -B -c -I \"# Generated\" -I 'Activating ' -I '# Firewall Builder fwb_ipf v' "; + + +while (<>) { + $str=$_; + while ( $str=~ /]+name="([^"]*).*$"/; + $fw=$1; + printf "$DIFFCMD %s.fw.orig %s.fw\n",$fw,$fw; + printf "$DIFFCMD %s-ipf.conf.orig %s-ipf.conf\n",$fw,$fw; + printf "$DIFFCMD %s-nat.conf.orig %s-nat.conf\n",$fw,$fw; + $str=~ s/^.*]+name="$fw"[^>]+>//; + } +} + diff --git a/test/ipf/recycle b/test/ipf/recycle new file mode 100755 index 000000000..313c62c37 --- /dev/null +++ b/test/ipf/recycle @@ -0,0 +1,17 @@ +#!/bin/sh + +for f in *.fw; do + j=${f}.orig + mv $f $j +done + +for f in *-ipf.conf; do + j=${f}.orig + mv $f $j +done + +for f in *-nat.conf; do + j=${f}.orig + mv $f $j +done + diff --git a/test/ipf/run.all b/test/ipf/run.all new file mode 100755 index 000000000..d6077e92b --- /dev/null +++ b/test/ipf/run.all @@ -0,0 +1,16 @@ +#!/usr/bin/perl + +$XMLFILE=@ARGV[0]; + + +while (<>) { + $str=$_; + while ( $str=~ /]+name="([^"]*).*$"/; + $fw=$1; + printf "fwb_ipf -v -f $XMLFILE $fw\n"; + $str=~ s/^.*]+name="$fw"[^>]+>//; + } +} + + diff --git a/test/ipfw/.cvsignore b/test/ipfw/.cvsignore new file mode 100644 index 000000000..876e4a070 --- /dev/null +++ b/test/ipfw/.cvsignore @@ -0,0 +1 @@ +*.fw diff --git a/test/ipfw/do-diff b/test/ipfw/do-diff new file mode 100755 index 000000000..baef3b6bf --- /dev/null +++ b/test/ipfw/do-diff @@ -0,0 +1,15 @@ +#!/bin/sh + +N=$1 + +if which opendiff > /dev/null 2>&1; then + TOOL="opendiff" +elif which tkdiff > /dev/null 2>&1; then + TOOL="tkdiff -b -B " +else + TOOL="diff -b -B " +fi + +${TOOL} firewall${N}.fw.orig firewall${N}.fw + + diff --git a/test/ipfw/objects-for-regression-tests.fwb b/test/ipfw/objects-for-regression-tests.fwb new file mode 100644 index 000000000..4fcacad74 --- /dev/null +++ b/test/ipfw/objects-for-regression-tests.fwb @@ -0,0 +1,5538 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + -m ip_conntrack_talk -m ip_nat_talk + + + + + if established + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + established + -m state --state ESTABLISHED,RELATED + + + + + + + + + + + + + + + diff --git a/test/ipfw/quick-cmp.sh b/test/ipfw/quick-cmp.sh new file mode 100755 index 000000000..194a96e11 --- /dev/null +++ b/test/ipfw/quick-cmp.sh @@ -0,0 +1,15 @@ +#!/usr/bin/perl + +$XMLFILE=@ARGV[0]; + +$DIFFCMD="diff -C 1 -b -B -c -I \"# Generated\" -I 'Activating ' -I '# Firewall Builder fwb_ipfw v' "; + +while (<>) { + $str=$_; + while ( $str=~ /]+name="([^"]*).*$"/; + $fw=$1; + printf "$DIFFCMD %s.fw.orig %s.fw\n",$fw,$fw; + $str=~ s/^.*]+name="$fw"[^>]+>//; + } +} diff --git a/test/ipfw/recycle b/test/ipfw/recycle new file mode 100755 index 000000000..7c93d66c9 --- /dev/null +++ b/test/ipfw/recycle @@ -0,0 +1,8 @@ +#!/bin/sh + +for f in *.fw; do + j=${f}.orig + mv $f $j +done + + diff --git a/test/ipfw/run.all b/test/ipfw/run.all new file mode 100755 index 000000000..bdd3d6bf5 --- /dev/null +++ b/test/ipfw/run.all @@ -0,0 +1,16 @@ +#!/usr/bin/perl + +$XMLFILE=@ARGV[0]; + + +while (<>) { + $str=$_; + while ( $str=~ /]+name="([^"]*).*$"/; + $fw=$1; + printf "fwb_ipfw -v -f $XMLFILE $fw\n"; + $str=~ s/^.*]+name="$fw"[^>]+>//; + } +} + + diff --git a/test/ipt/.cvsignore b/test/ipt/.cvsignore new file mode 100644 index 000000000..876e4a070 --- /dev/null +++ b/test/ipt/.cvsignore @@ -0,0 +1 @@ +*.fw diff --git a/test/ipt/addr-table-1.tbl b/test/ipt/addr-table-1.tbl new file mode 100644 index 000000000..94ddd3f91 --- /dev/null +++ b/test/ipt/addr-table-1.tbl @@ -0,0 +1,14 @@ +# this is a comment +# +; this should be a comment too +; + +192.168.1.1 +192.168.1.2/32 +192.168.1.3/30 +192.168.2.128/25 +192.168.1.200/32 # comment again + 192.168.1.201/32 # this should work, too + + + diff --git a/test/ipt/block-hosts.tbl b/test/ipt/block-hosts.tbl new file mode 100644 index 000000000..2cff9ed04 --- /dev/null +++ b/test/ipt/block-hosts.tbl @@ -0,0 +1,60 @@ +# +# use this table to test run-time AddressTable object +# (this is just a small collection of addresses that sent spam to me +# on Nov 20 2005) +# +; this is a comment, too +; empty lines are allowed and should be skipped by the script + +151.8.224.178 # this is also a comment +168.156.76.20 +193.207.126.36 +195.136.186.35 +196.15.136.15 +201.10.180.138 +201.17.93.16 +201.36.156.121 +202.103.25.253 +202.96.112.93 +203.162.3.209 +203.209.124.144 +210.106.193.237 +210.222.114.102 +211.144.143.143 +211.172.218.237 +211.250.16.132 +212.100.212.100 +212.21.241.31 +218.104.138.146 +218.18.72.252 +218.39.114.122 +218.55.115.43 +219.132.104.160 +220.71.17.86 +220.81.50.105 +220.91.99.46 +221.14.249.242 +221.166.177.135 +221.198.33.38 +221.202.160.233 +221.205.54.125 +221.217.44.248 +222.100.212.223 +222.121.118.144 +222.174.113.2 +58.231.13.78 +58.33.181.83 +58.53.82.190 +61.150.47.112 +61.184.14.102 +64.106.85.186 +70.228.60.100 +80.243.72.149 +80.249.77.34 +80.51.236.6 +81.196.74.125 +81.2.36.254 +82.117.221.205 +82.143.196.17 +82.77.37.174 +84.90.8.198 diff --git a/test/ipt/do-all-diff b/test/ipt/do-all-diff new file mode 100755 index 000000000..e72e75a43 --- /dev/null +++ b/test/ipt/do-all-diff @@ -0,0 +1,18 @@ +#!/usr/bin/perl + +$XMLFILE=@ARGV[0]; + +if (-x "/usr/bin/opendiff") { $TOOL="opendiff"; } +else { $TOOL="tkdiff -b -B "; } + + + +while (<>) { + $str=$_; + while ( $str=~ /]+name="([^"]*).*$"/; + $fw=$1; + printf "$TOOL %s.fw.orig %s.fw\n",$fw,$fw; + $str=~ s/^.*]+name="$fw"[^>]+>//; + } +} diff --git a/test/ipt/do-diff b/test/ipt/do-diff new file mode 100755 index 000000000..baef3b6bf --- /dev/null +++ b/test/ipt/do-diff @@ -0,0 +1,15 @@ +#!/bin/sh + +N=$1 + +if which opendiff > /dev/null 2>&1; then + TOOL="opendiff" +elif which tkdiff > /dev/null 2>&1; then + TOOL="tkdiff -b -B " +else + TOOL="diff -b -B " +fi + +${TOOL} firewall${N}.fw.orig firewall${N}.fw + + diff --git a/test/ipt/emtpy-table.tbl b/test/ipt/emtpy-table.tbl new file mode 100644 index 000000000..60ca90a8d --- /dev/null +++ b/test/ipt/emtpy-table.tbl @@ -0,0 +1,3 @@ +# this is an empty address table file +# it has no addresses + diff --git a/test/ipt/large_policy_test.fwb b/test/ipt/large_policy_test.fwb new file mode 100644 index 000000000..f69766d5f --- /dev/null +++ b/test/ipt/large_policy_test.fwb @@ -0,0 +1,200 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/test/ipt/objects-for-regression-tests.fwb b/test/ipt/objects-for-regression-tests.fwb new file mode 100644 index 000000000..d1e0f0ad4 --- /dev/null +++ b/test/ipt/objects-for-regression-tests.fwb @@ -0,0 +1,24906 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + -m ip_conntrack_talk -m ip_nat_talk + + + + + + + + -p tcp -m state --state ESTABLISHED --tcp-flags SYN,ACK,RST,URG ACK + + + + + + + + -p tcp -m state --state ESTABLISHED --tcp-flags SYN,FIN,RST,URG,PSH RST + + + + + + -m string --string test_pattern + + -m string --string test_pattern + + + + + + + + -p tcp ! --syn -dport 5190 -m state --state NEW + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/test/ipt/optimizer_test.fwb b/test/ipt/optimizer_test.fwb new file mode 100644 index 000000000..edf80f98c --- /dev/null +++ b/test/ipt/optimizer_test.fwb @@ -0,0 +1,1207 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/test/ipt/quick-cmp.sh b/test/ipt/quick-cmp.sh new file mode 100755 index 000000000..27b6dc997 --- /dev/null +++ b/test/ipt/quick-cmp.sh @@ -0,0 +1,15 @@ +#!/usr/bin/perl + +$XMLFILE=@ARGV[0]; + +$DIFFCMD="diff -C 1 -c -b -B -I \"# Generated\" -I 'Activating ' -I '# Firewall Builder fwb_ipt v' -I 'Can not find file' "; + +while (<>) { + $str=$_; + while ( $str=~ /]+name="([^"]*).*$"/; + $fw=$1; + printf "$DIFFCMD %s.fw.orig %s.fw\n",$fw,$fw; + $str=~ s/^.*]+name="$fw"[^>]+>//; + } +} diff --git a/test/ipt/recycle b/test/ipt/recycle new file mode 100755 index 000000000..7c93d66c9 --- /dev/null +++ b/test/ipt/recycle @@ -0,0 +1,8 @@ +#!/bin/sh + +for f in *.fw; do + j=${f}.orig + mv $f $j +done + + diff --git a/test/ipt/run.all b/test/ipt/run.all new file mode 100755 index 000000000..923912538 --- /dev/null +++ b/test/ipt/run.all @@ -0,0 +1,16 @@ +#!/usr/bin/perl + +$XMLFILE=@ARGV[0]; + + +while (<>) { + $str=$_; + while ( $str=~ /]+name="([^"]*).*$"/; + $fw=$1; + printf "fwb_ipt -v -f $XMLFILE $fw\n"; + $str=~ s/^.*]+name="$fw"[^>]+>//; + } +} + + diff --git a/test/pf/.cvsignore b/test/pf/.cvsignore new file mode 100644 index 000000000..4c36a76cc --- /dev/null +++ b/test/pf/.cvsignore @@ -0,0 +1,2 @@ +*.conf +*.fw diff --git a/test/pf/addr-table-1.tbl b/test/pf/addr-table-1.tbl new file mode 100644 index 000000000..94ddd3f91 --- /dev/null +++ b/test/pf/addr-table-1.tbl @@ -0,0 +1,14 @@ +# this is a comment +# +; this should be a comment too +; + +192.168.1.1 +192.168.1.2/32 +192.168.1.3/30 +192.168.2.128/25 +192.168.1.200/32 # comment again + 192.168.1.201/32 # this should work, too + + + diff --git a/test/pf/block-hosts.tbl b/test/pf/block-hosts.tbl new file mode 100644 index 000000000..6a3736833 --- /dev/null +++ b/test/pf/block-hosts.tbl @@ -0,0 +1,57 @@ +# +# use this table to test run-time AddressTable object +# (this is just a small collection of addresses that sent spam to me +# on Nov 20 2005) +# +151.8.224.178 +168.156.76.20 +193.207.126.36 +195.136.186.35 +196.15.136.15 +201.10.180.138 +201.17.93.16 +201.36.156.121 +202.103.25.253 +202.96.112.93 +203.162.3.209 +203.209.124.144 +210.106.193.237 +210.222.114.102 +211.144.143.143 +211.172.218.237 +211.250.16.132 +212.100.212.100 +212.21.241.31 +218.104.138.146 +218.18.72.252 +218.39.114.122 +218.55.115.43 +219.132.104.160 +220.71.17.86 +220.81.50.105 +220.91.99.46 +221.14.249.242 +221.166.177.135 +221.198.33.38 +221.202.160.233 +221.205.54.125 +221.217.44.248 +222.100.212.223 +222.121.118.144 +222.174.113.2 +58.231.13.78 +58.33.181.83 +58.53.82.190 +61.150.47.112 +61.184.14.102 +64.106.85.186 +70.228.60.100 +80.243.72.149 +80.249.77.34 +80.51.236.6 +81.196.74.125 +81.2.36.254 +82.117.221.205 +82.143.196.17 +82.77.37.174 +84.90.8.198 diff --git a/test/pf/do-diff b/test/pf/do-diff new file mode 100755 index 000000000..2a07bfcbb --- /dev/null +++ b/test/pf/do-diff @@ -0,0 +1,13 @@ +#!/bin/sh + +N=$1 + +if which opendiff > /dev/null; then + TOOL="opendiff" +else + TOOL="tkdiff -b -B " +fi + +${TOOL} firewall${N}.conf.orig firewall${N}.conf + + diff --git a/test/pf/objects-for-regression-tests.fwb b/test/pf/objects-for-regression-tests.fwb new file mode 100644 index 000000000..7b3e2e3cb --- /dev/null +++ b/test/pf/objects-for-regression-tests.fwb @@ -0,0 +1,10327 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + -m ip_conntrack_talk -m ip_nat_talk + + + + + + proto {tcp udp icmp gre} + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/test/pf/quick-cmp.sh b/test/pf/quick-cmp.sh new file mode 100755 index 000000000..c2f36e22d --- /dev/null +++ b/test/pf/quick-cmp.sh @@ -0,0 +1,18 @@ +#!/usr/bin/perl + +$XMLFILE=@ARGV[0]; + +$DIFFCMD="diff -C 1 -b -B -c -I \"# Generated\" -I 'Activating ' -I '# Firewall Builder fwb_pf v'"; + + +while (<>) { + $str=$_; + while ( $str=~ /]+name="([^"]*).*$"/; + $fw=$1; + printf "$DIFFCMD %s.fw.orig %s.fw\n",$fw,$fw; + printf "$DIFFCMD %s.conf.orig %s.conf\n",$fw,$fw; + $str=~ s/^.*]+name="$fw"[^>]+>//; + } +} + diff --git a/test/pf/recycle b/test/pf/recycle new file mode 100755 index 000000000..5f94b137d --- /dev/null +++ b/test/pf/recycle @@ -0,0 +1,13 @@ +#!/bin/sh + +for f in *.fw; do + j=${f}.orig + mv $f $j +done + +for f in *.conf; do + j=${f}.orig + mv $f $j +done + + diff --git a/test/pf/run.all b/test/pf/run.all new file mode 100755 index 000000000..670f8606e --- /dev/null +++ b/test/pf/run.all @@ -0,0 +1,16 @@ +#!/usr/bin/perl + +$XMLFILE=@ARGV[0]; + + +while (<>) { + $str=$_; + while ( $str=~ /]+name="([^"]*).*$"/; + $fw=$1; + printf "fwb_pf -v -f $XMLFILE $fw\n"; + $str=~ s/^.*]+name="$fw"[^>]+>//; + } +} + +