* PolicyCompiler_PrintRule.cpp (PrintRule::_printIP): fixed bug
#2801548 "fwb_ipt should issue error for ipsrv with options for
ipv6". Since IP options lsrr, ssrr, rr do not exist in ipv6,
compiler should refuse to compile rules that request matching
these options.
* PolicyCompiler_iosacl_writers.cpp (PrintRule::_printIPServiceOptions):
fixed bug #2801547 "fwb_iosacl should issue an error for ipservice
with options". IOS access lists can not match source routing
options set in IPService object, compiler should issue an error
and abort processing when an object like this is encountered in a
rule.
* IPServiceDialog.cpp (IPServiceDialog::loadFWObject): fixed bug
#2801545 "IP Service object: lsrr, ssrr, rr options not saved".
* PolicyCompiler_pf_writers.cpp (PrintRule::_printDstService):
fixed bug #2801544 "missing space after tos option in pf config"
* IPTImporter.cpp (IPTImporter::pushPolicyRule): fixed bug
#2801362 "Iptables policy import does not handle rules with
ESTABLISED". Policy importer for iptables should properly
handle rules that use combination of a "-p protocol" and
match state "RELATED,ESTABLISHED". Example:
-A INBOUND -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
This rule should translate into fwbuilder rule using CustomService
object with code "-m state --state RELATED,ESTABLISHED"
and protocol spec "tcp".
* ObjectManipulator.cpp (ObjectManipulator::findWhereUsedRecursively):
fixed bug #2800625 "recursive groups cause infinite loop and crash
in compiler". When a group included itself, compiler used to go
into infinite loop and crash. The fix in this function also takes
care of the situation when group A referenced group B, which in
turn referenced group A again.
* newHostDialog.cpp (newHostDialog::selectedInterface): fixed the
same error reported in bug #2799163: "crash on correcting an
error". The GUI crashed if user tried to add, then delete
interfaces in the new firewall wizard. The crash occurred when the
last interface was deleted on the page where interfaces can be
configured manually. This needed to be fixed in both "new
firewall" and "new host" dialogs.
#2799315 "Find object" cant find object in rules of opened
firewall. If scope was set to "policy of the opened firewall",
"Find object" function could not find anything. It worked when
scope was set to "policy of all firewalls".
* RuleSetView.cpp (RuleSetView::contextMenu): fixed bug #2799254
"Erratic behavior when rule is removed from the group". If user
tried to remove a rule from the middle of a group of rules, the
GUI behaved erratically. It showed two groups with the same name,
each of these two groups claimed to have more rules than it really
did. Also only one of these two groups could be collapsed at the
time. Other weird things also happened. The fix is to not allow
removing a rule from the rule group if the rule is in the middle.
;
* newFirewallDialog.cpp (newFirewallDialog::selectedInterface):
fixed bug #2799163: "crash on correcting an error". The GUI
crashed if user tried to add, then delete interfaces in the new
firewall wizard. The crash occurred when the last interface was
deleted on the page where interfaces can be configured manually.
* ObjectTreeView.cpp (ObjectTreeView::dragMoveEvent): fixed bug
#2799174: "Multiple instance crashes a bug". The GUI crashed if
user tried to drag and drop an object between two different
running copies. Copy/Paste and Drag&Drop between separate copies
are not supported at this time.
;
* newFirewallDialog.cpp (newFirewallDialog::finishClicked): better
fix for the bug #2796760 "Display error when adding new FW with
multiple interfaces".
* ObjectManipulator.cpp (ObjectManipulator::actuallyCreateObject):
fixed bug #2797791: "Display error when duplicating an object".
* InterfaceData.cpp (InterfaceData::guessSecurityLevel): (change
in libfwbuilder) set security level to 0 (insecure) by
default. This makes all interfaces of the newly created firewall
be "external" or "insecure" unless they were assigned labels or
addresses from the private address space in which case
guessSecurityLevel() assigns level 100. This addresses bug
#2796760 "Display error when adding new FW with multiple
interfaces".
* RCSFilePreview.cpp (RCSViewItem::operator<): implemented feature
req. #2796238 "3.0.4 - FEAT REQ: Sort order for RCSFilePreview".
RCS file preview dialog (the one that shows RCS revisions and RCS
log records) can display revisions in the tree or list view style,
controlled by radio-buttons. Style setting is saved in user
preferences and persists from session to session. In both cases
the view can be sorted by revision number or data. Sort column
choice is also saved in preferences. By default program sorts by
date and selects the latest revision.
* ObjectManipulator.cpp (ObjectManipulator::actuallyPasteTo):
fixed bug (no #): the GUI did not allow to copy/paste an address
from one interface to another. This should be possible.
* PolicyCompiler_pf_writers.cpp (PrintRule::_printAddr): fixed
bug (no #): policy compiler for pf crashed when dynamic interface
was used in source or destination of a policy rule.
* ObjectManipulator.cpp (ObjectManipulator::contextMenuRequested):
fixed bug #2793144 "Context menu item for the new User Service
object is missing".
* ProjectPanel_file_ops.cpp (ProjectPanel::fileOpen): (finally)
fixed the algorithm used to determine directory offered to the
user when they use main menu File/Open to open a file:
1) if "work directory" is configured in preferences, always use
it first;
2) if it is blank, use the same directory where currently opened
file is located;
3) if this is the first file to be opened, use the same
directory user used last time they ran the program (saved in user
settings).
* RuleSetView.cpp (RuleSetView::pasteObject): fixed bug #2794827
"crash when pasting from a Library in a another file". The GUI
crashed if user tried to copy/paste an object from one data file
into a rule in another.
* ObjectEditor.cpp (ObjectEditor::help): Added support for the
built-in help page for all objects dialogs, including rule
actions and options dialog. Implemented help pages for actions
"Route", "Branch", "Tag", "Classify" and rule options dialogs for
iptables and pf. Button "Help" is greyed out if corresponding help
page is unavailable.
* RuleSetView.cpp (RuleSetView::switchObjectInEditor): fixed bug
#2794484 "Crash after click in the "Options" col of rule group
title".
* PolicyCompiler_ipt.cpp (checkInterfaceAgainstAddressFamily::processNext):
fixed bug #2792888: "interface with only v4 address is used in v6
rules". Compiler should drop rule if it is associate with an
interface that does not have address that belongs to the address
family declared for the rule set. If interface has only ipv4
address, it will never see ipv6 packets and therefore rules that
have this interface in the "interface" rule element should not be
included in the output generated for the ipv6 or combined
ipv4+ipv6 rule sets.
* PolicyCompiler_pf.cpp (fillDirection::processNext): fixed bug
#2791950 "no way to generate "pass out" rule with no interface".
Compiler created two rules "pass out" and "pass in" for rules with
no interface and direction "in" or "out". It should create one
rule with direction defined by the rule in the GUI.
* FWWindowPrint.cpp (FWWindow::tableResolutionSettingChanged):
Using slider widget to set table scaling factor; now user can
choose any scaling factor between 1 and 200%. This fixes bug
#2789903: "Table scaling when printing in 3.0.4"
* fixed bug #2787857: "b847 crashes on Start". v3.0.5 build 847
links with QtDBus framework as part of the future development but
the framework file was not included in the bundle. This caused
crash on Mac OS X.
* RoutingCompiler_pix.cpp (RoutingCompiler_pix::prolog): fixes bug
#2782645: "Can't compile for FWSM platform". Routing compiler for
PIX should accept firewall object with platform "fwsm" as well as
"pix".
* ObjectManipulator.cpp (ObjectManipulator::actuallyCreateObject):
fixes bug #2783780: "Tree objects not sorted in
3.0.4". Automatically re-sort object branch when new host or
firewall object is created so that the new object is positioned in
the alphabetic sorting order.
* ObjectManipulator.cpp (ObjectManipulator::getMenuState): for bug
#2782289: "Crashes when deleting unused host object". Added
safeguards to make it impossible to delete objects in the Standard
library, as well as for a few other cases. Waiting for a
clarification on the bug anyway.
* ObjectListView.cpp (ObjectListView::dragObject): fixed bug
#2781952: "fwbuilder (3.0.4-b794) crashes when creating a new
group". The GUI crashed if user clicked and dragged mouse inside
empty list of group members in the dialog of the new group object.
* ipt.cpp (dumpScript): fixed bug #2356131: "Iptables-restore
option broken for multiple policy sets". Compiler inserted
redundant line "echo COMMIT" to the iptables script if
iptables-restore was used and there were no rules in the mangle
table.
* ObjectManipulator.cpp (ObjectManipulator::findWhereUsedRecursively):
fixed bug #2744798 "dependency checking failed". In case when an
object was used in a group and group used in a rule of a firewall,
the program failed to properly update "last modified" attribute
of the firewall when the object was changed.
* DialogData.cpp (DialogData::loadToWidget): fixed bug #2710309:
"Bug in gui/DialogData.cpp when not using mapping.". There was a
bug in DialogData.cpp that when setting the value of a combobox
and not using a mapping array the requested value would not be
selected. Applied patch provided by Tom Judge ( tomjudge )
* platforms.cpp (init_platforms): fixed bug #2710300 "Bug in
gui/platforms.cpp". there was a discrepancy between the list of
route-to options for PF and UI elements.
* pf.cpp (main): more changes to add support for
externally-controlled policy rulesets for PF: if policy ruelset
name ends with "/*", the program assumes it is controlled by
external means and does not compile rules in it and does not
create .conf file from it.
* PolicyCompiler_pf_writers.cpp (PrintRule::_printAction): Added
support for anchor names with "/*" suffix for PF. Now the user can
create policy ruleset with name e.g. "ftp-proxy/*" and then set up
branching rule pointing to this ruleset. This ruleset is treated
by the program in a special way. First, it allows characters "/"
and "*" in the name of the ruleset (but only for PF firewalls).
Second, compiler does not create a .conf file with rules from this
ruleset, assuming that it will be controlled by external program
such as ftp-proxy. See man page ftp-proxy(8) for examples.
* pf.cpp (main): fixed bug (no #): compiler for pf added code
provided in the "prolog" section while option was set to "add
after table definitions" in the incorrect place.
* RuleSetView.cpp (RuleSetView::updateGroups): fixed bug #2701593
"gui problem". Adding a rule to a policy with rule groups caused
weird rule display - a rule immediately above rule group header
would appear empty, with only "Source" shoring.
