by the object consists of a sequence of "1" bits, followed by the
sequence of "0" bits and therefore does not have zeroes in the middle.
added check to the Network object dialog to make sure user does not
enter netmask with zeroes in the middle for the IPv4 network
object. Netmasks like that are not supported by fwbuilder.
see #2644
br0.5)". Currently fwbuilder can not generate script to configure vlan
subinterfaces of bridge interfaces, however if user did not request
this configuration script to be generated, compiler should not abort
when it encounters this combination.
for PF and iptables should include not only cluster interfaces, but
also interfaces of all members. This way, we can make compiler
generate configuration
"pass in quick on em0 route-to { ( em0 10.1.1.2 ) } ... "
for a rule of a PF cluster. Here "em0" is an interface of a member,
not the cluster.
dialog where user enters their password. Now user can start in a
non-batch install mode but continue in batch install mode at any time
if all their firewalls authenticate with the same user name and
password.
macro "ESP" that happened during build on OpenSolaris
fixed unit test (ObjectMatcher matches ipv6 only when internal flag is
set accordingly)
set version to 5.0.1
of the GUI was too complicated since user can both act on objects
directly and navigate backwards and forwards to the objects found in
their browsing history. Navigation using browsing history was broken
when quick filter was in use, too. All in all, it feels the value of
"back" and "forward" buttons was relatively low.
New build 3568
parameters in the new policy rules they create. Now user can set
default values for action ("Deny" or "Accept"), direction, the
"stateless" flag and logging.
empty editor pane". Double click on the rule number should not do
anything, but double click on rule options, comment and other fields
should open the editor. Change done for #2566 broke this.
the user starts typing something into the quick filter. When the
quick filter is cleared, re-expand any items that started off
expanded (so we get the union of expanded items displayed by quick
filter plus what the user started with expanded).
that the user forgets to set a data directory on a firewall and then
refers to it from an Address Table. Made the error message a little
explicit since now the only way the error can happen is if the firewall
is missing the data directory setting.
a dynamic group are actually objects. Previously we were showing
stuff like FirewallOptions objects. To make sure that dynamic
group expansion is done the same way in the UI and for the
compiler, also fixed#2502 (consolidate logic for DynamicGroup).
There's a "data directory" setting under user preferences. If the
user selects an address table file using "choose file" and that
file is "inside" the data directory, then the appropriate part of
the path is replaced with %DATADIR% as a variable. If the address
table is marked "run-time" then the path is taken from the
firewall data directory option.
config". Compiler for PF can now preserve names of object groups,
dynamic groups, compile-time AddressTable and compile-time DNSName
objects in the generated pf.conf file. This is optional and is
controlled by a checkbox in the firewall settings dialog.
"reply-to" and "dup-to" options in both pre-4.7 and 4.7 formats. In PF
4.7 these parameters moved to the end of the rule and are now part of
the "filteropts" block of parameters.
follows source routing rule options "route-to", "reply-to" and
"dup-to". Also, since currently fwbuilder does not support source
routing rules with multiple different interface-gateway pairs (only
one interface in combination with one or multiple gateway addresses
are supported), importer displays warning and marks rules as "broken"
when it encounters this configuration.
macros". Importer now records all parser errors in the comments of
rules where they occurred and marks these rules "broken" by coloring
them red. Behavior on import of pf.conf file with undefined macros is
inconsistent at this time: undefined macro that appears in a rule
where parser expects ip addresses is converted to a run-time DNSName
object with name "$macro", a warning is displayed and rule is marked
as "broken". Undefined macro in the position of interface name, port
name or other parameters triggers generic parser error that looks like
"Parser error: line 26:19: unexpected token: $ext". The rule is marked
as "broken" and the error is recorded in the comment.
