of the GUI was too complicated since user can both act on objects
directly and navigate backwards and forwards to the objects found in
their browsing history. Navigation using browsing history was broken
when quick filter was in use, too. All in all, it feels the value of
"back" and "forward" buttons was relatively low.
New build 3568
parameters in the new policy rules they create. Now user can set
default values for action ("Deny" or "Accept"), direction, the
"stateless" flag and logging.
empty editor pane". Double click on the rule number should not do
anything, but double click on rule options, comment and other fields
should open the editor. Change done for #2566 broke this.
the user starts typing something into the quick filter. When the
quick filter is cleared, re-expand any items that started off
expanded (so we get the union of expanded items displayed by quick
filter plus what the user started with expanded).
that the user forgets to set a data directory on a firewall and then
refers to it from an Address Table. Made the error message a little
explicit since now the only way the error can happen is if the firewall
is missing the data directory setting.
a dynamic group are actually objects. Previously we were showing
stuff like FirewallOptions objects. To make sure that dynamic
group expansion is done the same way in the UI and for the
compiler, also fixed#2502 (consolidate logic for DynamicGroup).
There's a "data directory" setting under user preferences. If the
user selects an address table file using "choose file" and that
file is "inside" the data directory, then the appropriate part of
the path is replaced with %DATADIR% as a variable. If the address
table is marked "run-time" then the path is taken from the
firewall data directory option.
config". Compiler for PF can now preserve names of object groups,
dynamic groups, compile-time AddressTable and compile-time DNSName
objects in the generated pf.conf file. This is optional and is
controlled by a checkbox in the firewall settings dialog.
"reply-to" and "dup-to" options in both pre-4.7 and 4.7 formats. In PF
4.7 these parameters moved to the end of the rule and are now part of
the "filteropts" block of parameters.
follows source routing rule options "route-to", "reply-to" and
"dup-to". Also, since currently fwbuilder does not support source
routing rules with multiple different interface-gateway pairs (only
one interface in combination with one or multiple gateway addresses
are supported), importer displays warning and marks rules as "broken"
when it encounters this configuration.
