onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-23 11:47:24 +01:00
Code Issues Releases Wiki Activity
3,481 Commits 3 Branches 3 Tags
Commit Graph

3481 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Vadim Kurland
2235a162a9 fixes #1924 renamed module ObjectGroupsSupport to NamedObjectsAndGroupsSupport 2011-01-13 13:09:56 -08:00
Vadim Kurland
b21bf113f8 fixes #1923 rename class ASA8Object to NamedObject 2011-01-13 13:03:52 -08:00
Vadim Kurland
63257170e8 refs #1885 using named objects and object groups when multiple objects are found in TSrc; this fixes issue with address ranges 2011-01-13 12:49:25 -08:00
Vadim Kurland
4ea6f24a03 fixed unreported bug: rule processor PolicyCompiler_cisco::removeRedundantAddresses removed both redundant objects in some cases, it depended on the order in which they appeared in the rule element 2011-01-13 12:46:08 -08:00
Vadim Kurland
c532ca3f89 refactoring in class CreateObjectGroups 2011-01-13 11:03:49 -08:00
Vadim Kurland
59a90aabb1 fixes #1921 add rule processor to check correctness of TSrc after object-groups have been created 2011-01-13 10:34:36 -08:00
Vadim Kurland
f684d791c6 refs #1919 Fixed: do not put interface objects inside object-group for TSrc 2011-01-13 10:11:30 -08:00
Vadim Kurland
ba66447d7d refs #1919 do not put interface objects inside object-group for TSrc 2011-01-12 19:21:22 -08:00
Vadim Kurland
26b019cce8 refs #1919 do not put interface objects inside object-group for TSrc 2011-01-12 18:47:30 -08:00
Vadim Kurland
353ba61b7d refs #1907 ASA NAT - fwbuilder doesnt support multiple translated sources in a single NAT rule 2011-01-12 17:46:11 -08:00
Vadim Kurland
e52b3b2db4 fixes #1913 added default log level 2011-01-12 16:27:00 -08:00
Vadim Kurland
c9d0505af1 fixes #1912 Compiler error for ASA 8+ firewalls that have multiple networks in Policy rule and no network matches network zone 2011-01-12 16:03:06 -08:00
Vadim Kurland
77ae2185f2 refs #1908 "ASA NAT - cannot configure static NAT translations with (inside,outside)". Added radio buttons 2011-01-12 15:03:57 -08:00
Vadim Kurland
a3d7e3d89b refs #1908 moved code that decides whether asa8 nat rule should be dynamic or static into its own class so it can be reused 2011-01-12 12:57:02 -08:00
Vadim Kurland
40d0a3cbb5 new build number 2011-01-12 09:11:58 -08:00
Vadim Kurland
57666a2c09 refs #1912 added test case 2011-01-12 09:03:49 -08:00
Vadim Kurland
31f6ddb86a refs #1907 refactoring to make it possible to use object-groups in both policy and nat compilers using the same code 2011-01-11 20:51:43 -08:00
Vadim Kurland
c6abdb0fc6 refs #1908 : added nat rule option to force the rule to be "static"; new build number 2011-01-11 18:32:54 -08:00
Vadim Kurland
e1230a0a14 new build 2011-01-11 11:03:16 -08:00
Vadim Kurland
d4f9c04aeb refs #1902 Add NAT rule option "translate dns" for PIX 2011-01-11 10:55:53 -08:00
Vadim Kurland
ff6f43b3e6 refs #1907 split converting to atomic rules in orer to be able to control it better 2011-01-11 10:27:10 -08:00
Vadim Kurland
8c7c07cfb9 fixes #1909 2011-01-11 09:44:13 -08:00
Vadim Kurland
9f03dc52b0 using qualified class names in the hope it will compile on windows 2011-01-10 22:48:17 -08:00
Vadim Kurland
7a01d5f955 build 3427 2011-01-10 17:39:18 -08:00
Vadim Kurland
e17c19a0a3 fixed #1862 "fwb_pix crash". 2011-01-10 17:32:57 -08:00
Vadim Kurland
5bd095a95c fixed #1906 ASA NAT - Address objects are not properly identified by network zone and have the wrong real interface 2011-01-10 17:17:47 -08:00
Vadim Kurland
84a30873d5 refs #1905, #1879 2011-01-10 16:57:41 -08:00
Vadim Kurland
24ac2b56ac fixed #1905, #1879 2011-01-10 16:43:43 -08:00
Vadim Kurland
9a012af1f4 build 3426 2011-01-07 17:59:39 -08:00
Vadim Kurland
b1dde3821a fixes #1900 rename PIX8ObjectGroup to ASA8ObjectGroup for consistency 2011-01-07 17:05:19 -08:00
Vadim Kurland
df810d9d27 * NATCompiler_pix.cpp (NATCompiler_pix): fixes #1901 "add 
destructor to NATCompiler_pix and NATCompiler_asa8". This
eliminates memory leak.
 2011-01-07 17:01:23 -08:00
Vadim Kurland
62e7c778fe re-ran tests 2011-01-07 16:39:57 -08:00
Vadim Kurland
88666086ab refs #1886 added support for no-nat ("identity nat") rules 2011-01-07 16:38:23 -08:00
Vadim Kurland
5313a94c86 * ASA8Object.cpp (ASA8Object): refs #1885 "named network and 
service objects in pix8". So far, these objects are only used
for nat configuration.

* NATCompiler_asa8_writers.cpp (processNext): fixes #1903 "correct
order of clear commands for ASA 8.3"

* NATCompiler_asa8_writers.cpp (printSDNAT): refs #1886 "new nat
configuration in pix 8.3". Initial support for new style nat
configuation.
 2011-01-07 16:29:09 -08:00
Vadim Kurland
83646b91fa minor refactoring in NATCompiler::ExpandMultipleAddresses::processNext to include SDNAT rules; rerun tests 2011-01-07 13:27:37 -08:00
Vadim Kurland
3ff086ecc1 snat commands work for the most part; double translations in snat rules are not supported as before 2011-01-06 19:46:20 -08:00
Vadim Kurland
71a1841ace refs #1886 basic framework for ASA8 new style NAT commands 2011-01-06 18:32:59 -08:00
Vadim Kurland
8a46ecc87d made Service::getProtocolName() method a "const" 2011-01-06 18:31:52 -08:00
Vadim Kurland
62ea13f33e refs #1886 new nat configuration in pix 8.3; created new class NATCompiler_asa8, so far it does the same thing as NATCompiler_pix 2011-01-06 15:04:19 -08:00
Vadim Kurland
66a806c15f refs #1887 using real IPs in ACL instead of translated addresses in pix 8.3 ; updated explanation in the dialog 2011-01-06 13:28:23 -08:00
Vadim Kurland
cb19348312 refs #1887 using real IPs in ACL instead of translated addresses in pix 8.3 ; turned on warning for pix 8.3 2011-01-06 13:24:49 -08:00
Vadim Kurland
d564fbb198 refs #1887 using real IPs in ACL instead of translated addresses in pix 8.3; refactored rule element that finds matching NAT rules and performs substitution for pix v<8.3 2011-01-06 12:54:36 -08:00
Vadim Kurland
5b5edce615 renamed function 2011-01-06 10:52:15 -08:00
Vadim Kurland
0efa8ad347 refs #1887 using real IPs in ACL instead of translated addresses in pix 8.3; changes in the GUI 2011-01-06 10:32:17 -08:00
Vadim Kurland
b20a7843a6 refs #1883, #1893 FWSM 4.x does not have fixup command, we should use policy-map and class commands. 2011-01-04 19:08:19 -08:00
Vadim Kurland
3104b38b60 refs #1893 fixes #1883 "inspect ip options in pix8". Added support for 
"policy-map type inspect ip-options" command in PIX v8.2 and later.
At this time, of all possible types of "policy-map type inspect"
command only "ip-options" is implemented.
 2011-01-04 17:06:25 -08:00
Vadim Kurland
b9a9d7a2c9 refs #1893 fixes #1882 "inspect ip options in pix8". Added support for 
"policy-map type inspect ip-options" command in PIX v8.2 and later.
At this time, of all possible types of "policy-map type inspect"
command only "ip-options" is implemented.
 2011-01-04 17:05:43 -08:00
Vadim Kurland
8fb64f10eb added changelog records 2011-01-04 12:20:09 -08:00
Vadim Kurland
4a350d290a fixes #1891 problems with TCP and UDP services with source ports 2011-01-04 12:14:17 -08:00
Vadim Kurland
00127aac9f fixes #1892 move rule processor class separateServiceObject to PolicyCompiler 2011-01-04 12:00:09 -08:00