1
0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-07-02 22:12:09 +02:00

37 Commits

Author SHA1 Message Date
Sirius Bakke
65a2009f97 refactor: Disable unused variables in production code 2018-10-04 16:20:02 +02:00
Sirius Bakke
a8f38647c9 refactor: NULL -> nullptr 2018-10-04 16:20:02 +02:00
Sirius Bakke
ea85cab17b feat: Remove unneeded header includes 2018-09-12 20:21:12 +02:00
Vadim Kurland
59f40e5d71 * PolicyCompiler_pix.cpp (printPreambleCommands): see #2347 "FWSM
move up the "access-list mode auto-commit" command". Command that
configures access list commit mode should be issued before any
commands that clear and configure access lists. Also in this
change moving commands that set up temporary access list to the
top of the script.
2011-04-14 12:11:15 -07:00
Vadim Kurland
c4f6a5a219 fixed dangerous memory access: the code used to delete object references instead of using removeRef() 2011-03-12 17:49:50 -08:00
Vadim Kurland
1638eb4bd1 see #2207 finished fixes in all compilerts to enforce changes per #2209; regression tests for all platforms pass 2011-03-11 12:22:11 -08:00
Vadim Kurland
4136d63957 see #2098 support for interfaces in PIX/ASA NAT rules; see #153 deprecating Rule::getInterfaceStr() 2011-02-19 19:13:01 -08:00
Vadim Kurland
979224573b see #1970 ASA Policy - single IPv6 icmp object allowed in rules 2011-01-25 11:09:34 -08:00
Vadim Kurland
7e7f5509d2 see #1970 ASA Policy - single IPv6 icmp object allowed in rules 2011-01-24 16:33:43 -08:00
Vadim Kurland
83ac66edff see #1970 1) suppress rules that hold ipv6 objects from policy and nat rule sets because we do not support ipv6 at this time 2) moved rule processor dropRuleWithEmptyRE to class Compiler to avoid duplication of code 2011-01-24 14:42:06 -08:00
Vadim Kurland
7a406d772b fixes #1973 code cleanup and some renaming 2011-01-22 10:40:05 -08:00
Vadim Kurland
555e9425eb see #1968, #1972 object group deduplication finally works 2011-01-22 10:18:19 -08:00
Vadim Kurland
1d5c7db396 see #1968 Class NamedObjectsAndGroupsSupport maintains the list of object groups between compiler passes to make sure it does not create redundant groups 2011-01-22 00:21:45 -08:00
Vadim Kurland
e7d1191492 partial implementation for #1972. This stuff does not work because most often used constructor of FWObject and derived classes requires pointed to FWObjectDatabase which can not be provided if create_class function is not a member of FWObjectDatabase class. However macros have been rewritten and basic framework for external functions to create new objects is done 2011-01-21 13:46:46 -08:00
Vadim Kurland
12d93a54c0 fixes #1963 move printing of object-group definitions to
NamedObjectManager::getNamedObjectsDefinitions(); also refactoring of the code that generates "clear" commands
2011-01-20 17:25:09 -08:00
Vadim Kurland
1452861a91 see #1963 moved object_groups object to NamedObjectManager class 2011-01-20 15:08:50 -08:00
Vadim Kurland
ca475b24d7 fixes #1948 incorrect configuration created when a CustomService object is used in a policy rule for PIX/ASA v<8.3 2011-01-17 14:35:55 -08:00
Vadim Kurland
e2c2725e6b see #1941 ASA NAT - compiler complains about range in original destination 2011-01-16 20:19:43 -08:00
Vadim Kurland
2235a162a9 fixes #1924 renamed module ObjectGroupsSupport to NamedObjectsAndGroupsSupport 2011-01-13 13:09:56 -08:00
Vadim Kurland
353ba61b7d refs #1907 ASA NAT - fwbuilder doesnt support multiple translated sources in a single NAT rule 2011-01-12 17:46:11 -08:00
Vadim Kurland
31f6ddb86a refs #1907 refactoring to make it possible to use object-groups in both policy and nat compilers using the same code 2011-01-11 20:51:43 -08:00
Vadim Kurland
24ac2b56ac fixed #1905, #1879 2011-01-10 16:43:43 -08:00
Vadim Kurland
df810d9d27 * NATCompiler_pix.cpp (NATCompiler_pix): fixes #1901 "add
destructor to NATCompiler_pix and NATCompiler_asa8". This
eliminates memory leak.
2011-01-07 17:01:23 -08:00
Vadim Kurland
5313a94c86 * ASA8Object.cpp (ASA8Object): refs #1885 "named network and
service objects in pix8". So far, these objects are only used
for nat configuration.

* NATCompiler_asa8_writers.cpp (processNext): fixes #1903 "correct
order of clear commands for ASA 8.3"

* NATCompiler_asa8_writers.cpp (printSDNAT): refs #1886 "new nat
configuration in pix 8.3". Initial support for new style nat
configuation.
2011-01-07 16:29:09 -08:00
Vadim Kurland
8a46ecc87d made Service::getProtocolName() method a "const" 2011-01-06 18:31:52 -08:00
Vadim Kurland
d564fbb198 refs #1887 using real IPs in ACL instead of translated addresses in pix 8.3; refactored rule element that finds matching NAT rules and performs substitution for pix v<8.3 2011-01-06 12:54:36 -08:00
Vadim Kurland
c1708d457a fixes #1394 using existing virtual functions that expand multiple addresses to expand cluster interfaces. Now it is possible to use interface of a cluster different from the one being compiled in rules 2010-04-09 02:29:27 +00:00
Vadim Kurland
8f5f4b4f0e fixes #1187 regression in compiler for PIX 2010-02-01 06:39:24 +00:00
Vadim Kurland
7bcd04bac3 * Helper.cpp (Helper::findInterfaceByNetzone): fixes #1118
"fwb_pix uses wrong interface compiling the second cluster
member".  NAT compiler for PIX failed to find interface with
correct network zone if interface was a child of another
interface, e.g. vlan subinterface.
2010-01-20 19:12:39 +00:00
Vadim Kurland
482fc615e7 * NATCompiler_pix.cpp (NATCompiler_pix::_expand_interface): fixes
#1115: "fwb_pix crash compiling cluster NAT rule set with
interface in TSrc". A cluster interface was used in the TSrc rule
element of a NAT rule. Cluster interfaces of PIX cluster have no
ip addresses of their own (PIX HA pair uses ip addresses of the
master unit), this caused rule element to become empty after
interface object was supposed to be replaced with its ip address.

fixes #1115
2010-01-20 08:09:15 +00:00
Vadim Kurland
83cd816c40 * (createNATCmd::processNext): fixes #1114: "fwb_pix crash when fw
with dynamic interface is used in TDst".
2010-01-20 06:38:01 +00:00
Vadim Kurland
988b82f0a8 * ../src/cisco_lib/NATCompiler_pix.cpp (NATCompiler_pix::compile):
fixes #1108: fwb_pix: incorrect access list is generated for
"static". When a firewall or host object with an interface that
was configured with netmask that was not
255.255.255.255 (i.e. configured correctly) was used in TDst of a
NAT rule for PIX firewall, compiler generated configuration that
used subnet instead of just the address of the inetrface.
2010-01-20 05:59:30 +00:00
Vadim Kurland
f89f63ebae fixes #1104: policy compiler for PIX crashed when it enountered
NAT rule trying to trsnslate both source and destination addresses.
2010-01-19 22:55:20 +00:00
Vadim Kurland
2e27954947 * PolicyCompiler_ipt.cpp (PolicyCompiler_ipt::compile): Using rule
processor Compiler::checkForObjectsWithErrors to find objects with
errors and generate proper calls to abort(). This exposes errors
that happened when Preprocessor failed to resolve compile-time
AddressTable and DNSName objects. If compiler runs in test mode,
preprocessor did not abort but used dummy substitution addresses
and continued. Call to checkForObjectsWithErrors generates proper
error messages tied to rules. Using this rule processor in all
compilers. Fixes #1087
2010-01-16 00:26:01 +00:00
Vadim Kurland
005507969c fixes #712 (ipt_mangle_only_rulesets option converted) fixes #713 2009-11-26 02:37:38 +00:00
Vadim Kurland
672b8ff586 fixes #591 using configlet to generate interface configuration commands for PIX 2009-11-10 19:27:20 +00:00
Vadim Kurland
23ee2d9531 merge from v3_1_merge 2009-09-23 17:00:48 +00:00