onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-05-02 15:17:28 +02:00
Code Issues Releases Wiki Activity
4,470 Commits 3 Branches 3 Tags
Commit Graph

1347 Commits

Author SHA1 Message Date
Vadim Kurland
0ba45e6569 fixed SF bug 3435004: "Empty lines in comment result in "Incomplete 
Command" in IOS".
 2011-11-08 08:42:56 -08:00
Vadim Kurland
20b974959b fixed SF bug 3428992: "PF: rules order problem with IPv4 and 
IPv6". Compiler for PF should group ipv4 and ipv6 NAT rules together,
before it generates ipv4 and ipv6 policy rules.
 2011-11-08 08:15:17 -08:00
Vadim Kurland
aa49658c51 fixed SF bug #3429377 "PF: IPv6 rules are not added in IPv4/IPv6 
ruleset (anchor)". Compiler for PF did not inlcude rules generated for
IPv6 in generated PF anchor configuration files.
 2011-11-08 07:11:21 -08:00
Vadim Kurland
6df0cdb45e fixed SF bug #3433587 "Manual edit of new service Destination Port END 
value fails". This bug made it impossible to edit the value of the end
of the port range because as soon as the value became less than the
value of the beginning the range, the GUI would reset it to be equal
to the value of the beginning of the range. This affected both TCP and
UDP service object dialogs.
 2011-11-08 06:52:07 -08:00
Vadim Kurland
8da03a8783 fixed SF bug 3426843 "ipfw doesn't work for self-reference, in 
5.0.0.3568 version".
 2011-11-08 06:28:54 -08:00
Vadim Kurland
68cc6c1332 see #2662 "Crash when compiling ASA rule with IP range". Need to split 
address range if it is used in "source" of a rule that controls
telnet, ssh or http to the firewall itself and firewall's version is
>= 8.3.
 2011-10-19 17:49:36 -07:00
Vadim Kurland
3db31d6828 trim strings provided by the user in various dialogs to make sure we dont end up with file names and other parameters that end with a white space 2011-10-19 10:53:32 -07:00
Vadim Kurland
a27cccaba5 see SF bug #3416900 "Replace command with which". Generated 
script (Linux/iptables) used to use "command -v" to check if command
line tools it needs are present on the system. This was used to find
iptables, lsmod, modprobe, ifconfig, vconfig, logger and others. Some
embedded Linux distributions, notably TomatoUSB, come without support
for "command". Switching to "which" that is more ubuquitous and should
be available pretty much everywhere.
 2011-10-02 15:45:56 -07:00
Vadim Kurland
9994ca5c6d enable fwbuilder to take advantage of GSSAPIAuthentication with 
openssh using suggestion by Matthias Witte witte@netzquadrat.de
 2011-09-29 18:15:26 -07:00
Vadim Kurland
f1153c4dc6 fixes SF bug #3414382 "Segfault in fwb_ipt dealing with empty 
groups". Compiler for iptables used to crash when an empty group
was used in the "Interface" column of a policy rule.
 2011-09-29 13:46:41 -07:00
Vadim Kurland
ac28c2f84a fixes #2660 "compiler for IOSACL crashed when address range appears in 
a rule AND object-group option is turned ON"
 2011-09-24 19:14:28 -07:00
Vadim Kurland
b68eac1f43 see #2656 "Generated Cisco ASA access-list has duplicate entry". 2011-09-19 16:08:34 -07:00
Vadim Kurland
eaf71afcfa fixes #2658 "snmp network discovery creates duplicate address 
and network objects"
 2011-09-19 15:57:09 -07:00
Vadim Kurland
00f6188390 see #2657 snmp network discovery crashed if option "Confine scan 
to network" was used.
 2011-09-19 15:43:38 -07:00
Vadim Kurland
4c5bf811c6 see #2655 Interface names are not allowed to have dash "-" even with 
interface verification off. We should allow "-" in the interface name
for Cisco IOS
 2011-09-19 14:53:39 -07:00
Vadim Kurland
2a74bc273d see #2653 Importer for iptables checks that netfilter table used in 
the original iptables config is one of the tables we support.
Currently only "filter", "mangle" and "nat" are supported.

Also see #2651, #2652
 2011-09-04 20:29:02 -07:00
Vadim Kurland
ad2d088d67 see #2654 ChangeLog and release notes entries 2011-09-04 20:04:26 -07:00
Vadim Kurland
19a6776f7a fixes SF bug 3247094 "Nomenclature of IP address edit dialog". 
Network ipv6 dialog says "Prefix length".
 2011-08-30 13:35:01 -07:00
Vadim Kurland
5b72064084 fixes SF bug 3302121 "cosmetic mis-format in fwb Linux paths dialog" 2011-08-30 13:30:19 -07:00
Vadim Kurland
62b48f1833 fixes SF bug 3388055 Adding a "DNS Name" with a trailing space causes 
failure.
 2011-08-30 13:24:22 -07:00
Vadim Kurland
14579473bd see #2646 and SF bug 3395658: Added few ipv4 and ipv6 network objects 
to the Standard objects library: TEST-NET-2, TEST-NET-3 (RFC 5735, RFC
5737), translated-ipv4, mapped-ipv4, Teredo, unique-local and few
others.
 2011-08-25 17:34:10 -07:00
Vadim Kurland
baf9e7a956 fixes #2648 "right mouse click on firewall object in "Deleted objects" 
library causes GUI crash"
 2011-08-25 14:12:13 -07:00
Vadim Kurland
25efaa6a91 fixes #2650 "rules with address range that includes firewall address 
in Src are placed in OUTPUT chain even though addresses that do not
match the firewall should go in FORWARD"
 2011-08-25 13:56:03 -07:00
Vadim Kurland
e4491ccd51 function InetAddr::isValidV4Netmask() checks that netmask represented 
by the object consists of a sequence of "1" bits, followed by the
sequence of "0" bits and therefore does not have zeroes in the middle.

added check to the Network object dialog to make sure user does not
enter netmask with zeroes in the middle for the IPv4 network
object. Netmasks like that are not supported by fwbuilder.

see #2644
 2011-08-14 19:41:14 -07:00
Vadim Kurland
23f488361c fixes #2643 "GUI crashes when user cuts a rule, then right-mouse click 
in any rule element of another"
 2011-08-14 18:56:50 -07:00
Vadim Kurland
7a614b0908 see #2638 "When CARP password is empty the advskew value is not 
read". Should skip "pass <word>" parameter of the ifconfig command
that creates carp interface if user did not set up any password.
 2011-08-11 16:55:08 -07:00
Vadim Kurland
de1e3698a7 see #2639 "support for vlan subinterfaces of bridge interfaces (e.g. 
br0.5)". Currently fwbuilder can not generate script to configure vlan
subinterfaces of bridge interfaces, however if user did not request
this configuration script to be generated, compiler should not abort
when it encounters this combination.
 2011-08-11 16:35:50 -07:00
Vadim Kurland
1da73349d5 fixes #2641 "newFirewall dialog does not accept ipv6 addresses with 
long prefixes". The dialog did not allow ipv6 addresses of inetrfaces
with netmask > 64 bit.
 2011-08-11 16:03:58 -07:00
Vadim Kurland
1651e9c73a fixes #2642 "GUI crashes if user cancels newFirewall dialog". 2011-08-11 15:48:52 -07:00
Vadim Kurland
bd9ab07a5e the drop-down list of interfaces for the "route-through" rule option 
for PF and iptables should include not only cluster interfaces, but
also interfaces of all members. This way, we can make compiler
generate configuration

"pass in quick on em0 route-to { ( em0 10.1.1.2 ) } ... "

for a rule of a PF cluster. Here "em0" is an interface of a member,
not the cluster.
 2011-08-11 14:02:21 -07:00
Vadim Kurland
6e0654aaa6 see #2636 "carp : Incorrect output in rc.conf.local format". Should 
use create_args_carp0 instead of ifconfig_carp0 to set up CARP
interface vhid, pass and adskew parameters.
 2011-08-08 15:35:25 -07:00
Vadim Kurland
3209044b22 see #2635 Object type AttachedNetworks is not allowed in the 
"interface" rule element.
 2011-08-05 20:58:37 -07:00
Vadim Kurland
84685d84a5 see #2628 fixed crash that happened if user create new firewall object 
from a template and changed one of the ip addresses, while another
firewall object created from the same template already existed in the
tree.
 2011-08-03 14:14:16 -07:00
Vadim Kurland
a7584e4c17 moved "batch install" button from the main installer wizard to the 
dialog where user enters their password. Now user can start in a
non-batch install mode but continue in batch install mode at any time
if all their firewalls authenticate with the same user name and
password.
 2011-08-02 21:27:46 -07:00
Vadim Kurland
25ab6bb227 changed token name from "ESP" to "ESP_WORD" to avoid conflict with 
macro "ESP" that happened during build on OpenSolaris

fixed unit test (ObjectMatcher matches ipv6 only when internal flag is
set accordingly)

set version to 5.0.1
 2011-08-01 17:56:22 -07:00
Vadim Kurland
9a2a1d6e83 changelog update; fixed unit test ObjectMatcherTest 2011-08-01 13:00:31 -07:00
Vadim Kurland
bb1c9f8d7d see #2622 "Remove Back and Forward buttons". We have decided behavior 
of the GUI was too complicated since user can both act on objects
directly and navigate backwards and forwards to the objects found in
their browsing history.  Navigation using browsing history was broken
when quick filter was in use, too. All in all, it feels the value of
"back" and "forward" buttons was relatively low.

New build 3568
 2011-07-22 15:57:54 -07:00
Vadim Kurland
31c5133fdc see #2577 Updated error message that appears when user tries to open 
.fwb file created by the future version of fwbuilder.
 2011-07-21 16:48:20 -07:00
Vadim Kurland
a206d46cde fixes #2567 "If file doesn't exist when clicking 'edit file', then you 
have to hit save button twice".  The bug affected "edit file" function
in the Address Table object dialog.
 2011-07-21 16:37:00 -07:00
Vadim Kurland
1fd2ac3a95 fixes #2590 "PF: NAT compiler fails when run-time address table object 
is used in a rule"
 2011-07-21 14:22:40 -07:00
Vadim Kurland
2b54b4c49b fixes #2565 "Run-time dns name or address table in routing policy -> 
crash". Compiler for PF crashed if user placed run-time DNSName object
in "destination" of a routing rule.
 2011-07-21 14:17:48 -07:00
Vadim Kurland
6d26bfac90 see #2515 Expanded set of options the user can change to pre-set 
parameters in the new policy rules they create. Now user can set
default values for action ("Deny" or "Accept"), direction, the
"stateless" flag and logging.
 2011-07-21 13:20:59 -07:00
Vadim Kurland
2ce9852aeb see #2516 "Enhance Find to include searching for IP addresses in 
ranges". Function "find" now finds ip addresses inside address ranges.
 2011-07-21 12:42:51 -07:00
Vadim Kurland
5993fd7574 see #2619 "Attempting to copy-and-paste a tag service results in an 
error". Pasting of a TagService object to the "Tag Services" group did
not work.
 2011-07-20 23:52:30 -07:00
Vadim Kurland
ddd45fb426 fixes #2566, #2618 Fix for the regression introduced when I worked on 
empty editor pane".  Double click on the rule number should not do
anything, but double click on rule options, comment and other fields
should open the editor. Change done for #2566 broke this.
 2011-07-20 23:39:11 -07:00
Vadim Kurland
ededc39789 merge from fortress, new build 2011-07-20 19:06:50 -07:00
Vadim Kurland
a47d102c30 fixed SF bug 3371301 "Error compiling with VLAN and 
masquerade". Iptables NAT rules with vlan interface configured as
"dynamic" and no ip address in Translated Source caused compiler
crash.
 2011-07-19 19:07:56 -07:00
Theron Tock
2c70ef0583 * Fixed #2511: make sure auto-scroll of items in ObjectTreeView 
works, otherwise it's impossible to move an item into a
	user-defined folder if there are lots of intervening items.
 2011-07-18 15:05:10 -07:00
Theron Tock
48e1096c24 * Tried to fix #2507: set a size for the "type" column in the 
dynamic group dialog (on some platforms it comes out so narrow you
	can't see it, despite it having ResizeToContents).
 2011-07-13 16:59:30 -07:00
Theron Tock
8fb279a488 * Fixed #2523: save the expanded/collapsed state of the tree when 
the user starts typing something into the quick filter.  When the
	quick filter is cleared, re-expand any items that started off
	expanded (so we get the union of expanded items displayed by quick
	filter plus what the user started with expanded).
 2011-07-13 16:38:10 -07:00