behavior is for the compiler to create files in the directory
specified by the argument of the "-d" command line flag. If
flag "-d" is not provided, files should be created in the current
directory.
fixed SF bug 3094273 "no state needed for ipv6-icmp in
ip6tables". Rules that match ICMPv6 objects should be
stateless. Compiler will check for this and reset "stateful" flag
of a rule and issue warning if the rule was built stateful in the
GUI.
problem" (type 4, any code) per SF feature request 3094743. Also
added service group object "ipv6 unreachable messages" that
includes ICMPv6 messages "destination unreachable", "packet too
big", "parameter problem" and "time exceeded" per SF feature
request 3094758
request 3094738 "Set the HL to 255 for IPv6 Neighbor
Discovery". Neighbor discovery packets must have hop limit of 255
per RFC 2461. Automatically generated rules that match neighbor
discovery packets will math hooplimit 255.
"Routing configuration failed". Iptables script generated by
fwbuilder did not configure broadcast when it added ip addresses
to interfaces. Using "ip addr add ADDR/NM boradcast + dev INTF"
syntax to do this.
of address assignment in the generated OpenBSD/PF/CARP cluster
configuration". Need to assign ip addresses to regular interfaces
before trying to assign them to carp interfaces.
"nf_conntrack_ipv6" if generated script has no ipv6 rules"
Shell function load_modules should not try to load module
nf_conntrack_ipv6 if generated script does not load any ipv6
rules. Loading this module fails if ipv6 has been disabled in
the kernel.
r3320 (refs #1790) "When an object is found using Find and the
object is in the object tree, the keyboard focus shifts to the
Object Panel". That change broke highlighting of the found object
in rules.
config will compile without interface in Routing rule". Policy
compiler for PIX now checks that both "interface" and "gateway"
rule elements are not empty.
panel once its created". This has side effect in that some
other operations that open an object in the tree will also
scroll the tree to position this object at the top.
templates button on the New Firewall Wizard". Use of the
custom template library to create new firewall object is now
optional, controlled by a checkbox in the "Object" tab of the
gobal preferenes dialog. New users will have this option turned
off by default, however existing users will see it enabled for
backwards compatibility.
is found using Find and the object is in the object tree, the
keyboard focus shifts to the Object Panel". The "find" pabel now
retains keyboard focus after it shows found object in the tree,
this allows the user to just hit Enter on the keyboard to find
the next object.
that happened when user switched from page 0 to page 1 of the new
firewall wizard. Pause was caused by the DNS queries the program
ran trying to determine ip address of the firewall using the name
provided on the first page of the wizard. Now DNS query is
launched only if user wants to create interfaces uses snmp scan.
improved design of the widget used to edit ip addresses and other
attributes of an interface in the new firewall, new host and new
cluster wizards. Removed "MAC Address" imput field and rearranged
other input fields according to the result of usability tests.
nothing. This button should only be enabled if user switched to
their own library of template objects. The button should be
disabled if they switched back to the standard template library
or never switched to their own one.
and host OS". The placeholder text in the interface name and label
input fields in the new firewall wizard will depend on the host OS
chosen in the first page of the wizard.
fields. This text is displayed in greyed-out small font inside
the imput field but is cleared as soon as user starts their input.
The text gives user a prompt as of what is expected in each input
field. The "placeholder" text support is available only in Qt 4.7
and later so the code is conditional on the version of Qt.
wizard". When user creates interfaces for the new firewall or host
using manual method and clicks on the "+" button to add a tab for
the new interface in the wizard page, the interface tab is created
with blank name. Wizard later checks the name when user clicks
Finish to create new firewall or host object and does not let them
do this while interface name is still blank. Error dialog reminds
that the name of the interface must match the name of the
interface on the machine.
"Quick Start Guide" tutorial that demonstrates basic features and
key concepts of Firewall Builder. The tutorial is accessible
via Help / Tutorials menu and is shown to the first-time user
on the GUI startup instead of the "tip of the day" dialog.
for the "Direction" and "Action" rule elements to remind user that
to change these rule parameters they need to click right mouse
button to open list of possible settings
rule number". The column in the RuleSetView? where rule number is
shown now has a tooltip to remind the user that they can click
right mouse button to the the context menu and use keyboard
shortcut "x" to compile the rule
* FWBSettings.cpp (init): fixed#1743 "change default for the
option /Show text descriptions for direction and action/". The
option should be on by default.
text and images to empty policy window". Showing tooltip in the
empty space in the rule set view, this tooltip provides hints on
how to edit rules which should be useful for the beginners.
