fixed#1523 "outbound ipv6 rule matching multicast ipv6 destination
is not generated". The rule with network object fe80::/10 in source
and ipv6 muticast ff00::/8 in destination did not produce correspondign
ip6tables command. The change affects other cases with rules using
broadcast or multicast objects that should be considered matching
the firewall object.
restored function of the "comment the code" in the "Script
options" of the firewall settings dialog for Cisco IOS ACL and
ProCurve ACL. When this checkbox is off, comments are not
added to generated script.
support some popular iptables modules". Added support for module
"recent" and rules that match standard ip/icmp/udp/tcp protocols
and at the same time module "mark", "length", "limit" or "recent".
Rules like these are translated into a combination of a branching
rule and additional rule in a branch rule set that implements
module match.
QProcess::waitForFinished() instead of just sleep() after we send
TERM signal to the background process. Also let Qt process events
to update the GUI while waiting.
* instDialog_installer.cpp (instDialog::stopInstall): fixed#1428
button "Stop" in the installer dialog does not stop installer
process
fixes#1417 rule shadowing detection should recognize different rule options.
Policy compiler for iptables takes into account rule options for modules
limit, connlimit and hashlimit when it considers rules for rule shadowing.
fixed#1415 "action branch that creates branch in mangle table
should branch in FORWARD chain". Rule with "any" in src and dst
and action Branch with option "branch in mangle table" will go
into FORWARD chain in addition to the PREROUTING and POSTROUTING
chains as before. Note that choice of PREROUTING or POSTROUTING
chains depends on direction.
nat rules syntax has changed in OpenBSD 4.7. Nat and rdr rules in
4.7 should be implemented using action "match" and keywords
"nat-to" and "rdr-to"
* PolicyCompiler_pf_writers.cpp (PrintRule::_printAction):
fixes#1414: use "match" action for tagging. Policy rules
with action Tag should use pf action "match" instead of "pass"
if version is 4.6 or later.
fixed#1379 "Should be able to build routing rules with interface
as gateway for IOS". Routing rules for IOS now have column
"Interface". Rules can be built either with explicit address of
the gateway or interface.
some flags for the "non-default" rule options for PF"
* FWObjectPropertiesFactory.cpp (FWObjectPropertiesFactory::getPolicyRuleOptions):
fixed#1364 "add synproxy and other missing pf rule options to the
rule options tooltip"
fixed time format for the iptables parameters --datestart,
--datestop which is supposed to be ISO 8601 "T" notation but
apparently with no support for time zone designators. Timezone
desginators are an error in iptables 1.4.1.1 and 1.4.5, did not
test newer versions. Fixes#1286 SourceForge bug #2961532
rules". Fixes this and several other problems with policy and nat
rules that use cluster inetrfaces with dynamic addresses.
PolicyCompiler_ipt.cpp
NATCompiler_ipt.cpp
