fixed bug 3001228 "v4.0.0 iptables: NAT not creating interface
addresses". Iptables script generated by fwbuilder used to include
commands to configure virtual ip addresses for NAT only if option
"configure interfaces" was turned on. Expected behavior is to
generate these commands when option "Add virtual addresses for
NAT" is turned on regardless of the setting of the option
"configure interfaces".
fixed#1523 "outbound ipv6 rule matching multicast ipv6 destination
is not generated". The rule with network object fe80::/10 in source
and ipv6 muticast ff00::/8 in destination did not produce correspondign
ip6tables command. The change affects other cases with rules using
broadcast or multicast objects that should be considered matching
the firewall object.
iptables replaces --sport and --dport parameters of module
multiport with --source-ports and --destination-ports to remove
grammar ambiguity that arises from the use of the same parameters
--sport and --dport by different iptables modules with different
argument syntax.
"import policy disabled after file close". Menu items "File/Import
Library" and "File/Import policy" became disabled after user
closed data file using "File/Close" and never became enabled
again.
also fixed#1494 flush duplicate uuid
"GroupObjectDialogTest.cpp does not compile with gcc 3.4.6" and SF
bug 3015307. There is no reason to make method insertObject()
protected which caused problems (and hacky workaround) in the unit
test.
"compile error XML validity ". The problem was introduced with a
change that made policy importer cabaple of reproducing default
policies of main chains.
bug 3012953: iptables importer sometimes does not recognize rule
with " ESTABLISHED,RELATED ". Parser properly processed iptables
rules with state "RELATED,ESTABLISHED" but not when states were
in the opposite order.
3012953 name of UDP and TCP objects created during import should
follow the same pattern and not include "0-0" for the source ports
if they are equal to zero.
settings object and file in the .ini format to store instance uuid
to ensure uuid persistence on windows across upgrades done with
complete deinstall. Fixes#1497
workflow progress flags for an attempted install and first
successful install. Both flags are boolean true/false indicating
that the even occurred. We do not track and do not report any
information about the firewall, platform, rules etc. These flags
will be used to determine how many users abandon the program
before even trying to run install for real because it is too
complicated or the UI is not good enough. Fixes#1495
* UserWorkflow.cpp (UserWorkflow::flagsToQueryString): added user
workflow flag indicating that ssh/scp have been configured in the
Prefereces dialog. The flag is boolean and registers only the fact
that something was entered in ssh and scp fields. Actual path and
programs used are not registered and reported. Fixes#1496
refs #1483 If program detects change in CustomService object and
the change just adds code string for a platform that was not
in the object in the users data file, the change is accepted without
showing the dialog.
* ../src/res/objects_init.xml.in: fixed#1483 "missing code in the
custom service object ESTABLISHED for ProCurve"
one-time announcements that can be pulled from the web site
when version check server says there is one. Announcement is
shown only once. To do this, I store time stamp when it was shown
in settings using hash of the announcement url.
* Help.cpp (Help::setSource): made class Help capable of
downloading contents via HTTP.
r2896 because of the user complaints. It appears to be more
convenient if Policy, NAT and Routing objects open in the rule set
view on double click but not in the editor. Second double clik
opens these objects in the editor.
* UserWorkflow.cpp (UserWorkflow::report): see #1466 Implemented
instrumentation that should help us improve user experience. Will
track few things that new users do (or dont) and report as a
combination of bit flags at the end of the GUI session. Reporting
things such as if user looked at "Getting Started" tutorial, if
they created their first firewall object, modified any rules,
tried to compile or install. Information passed in the report is
strictly a set of boolean flags, is not identifiable and does not
reveal what firewall platform they are using or anything about
their objects and rules.
