onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-19 17:57:22 +01:00
Code Issues Releases Wiki Activity
3,645 Commits 3 Branches 3 Tags
Commit Graph

399 Commits

Author SHA1 Message Date
Vadim Kurland
383d9e41d9 see #2069 PF: allow multiple objects in ODst of redirecting nat rule 2011-02-10 11:25:52 -08:00
Vadim Kurland
69896936ba see #2042 re-ran tests 2011-02-08 14:13:04 -08:00
Vadim Kurland
1460fef57f fixes #2042 add configlet and shell functions to manage bridge interfaces via shell script on OpenBSD and FreeBSD 2011-02-08 14:10:33 -08:00
Vadim Kurland
78bb5a5ba7 fixes #2054 add support for load anchor command 2011-02-08 11:22:39 -08:00
Vadim Kurland
d18427a9cc see #2048 PF compiler doesnt detect duplicate entries in Routing policy; added rule elements to catch and suppress duplicate routing commands 2011-02-07 17:06:42 -08:00
Vadim Kurland
b244b5ff4d fixes #2045 static route IDs used in rc.conf file must be stable 2011-02-07 15:17:36 -08:00
Vadim Kurland
bef9936ed5 making lists of interface configuration commands come out in a stable order, sorted by interface name; added test cases for vlan interfaces in shell and rc.conf formats; added vlan interfaces to cloned_interfaces line 2011-02-07 15:00:36 -08:00
Vadim Kurland
ba8c15e31d fixes #2040 rename functions in OSConfigurator_bsd 2011-02-06 15:09:44 -08:00
Vadim Kurland
242f0724c8 output ifconfig or update_addresses_of_interface lines in a stable order, sorted by interface name 2011-02-06 14:55:56 -08:00
Vadim Kurland
a28cdd359a see #1889, #2043 
Added support for bridge interface configuration in BSD.
 2011-02-06 13:10:46 -08:00
Vadim Kurland
9d2eb88522 fixes #2032 (added dhcp inetrfaces to generated rc.conf.local); see #2028 tested basic static routees on FreeBSD in both shell and rc.conf formats 2011-02-04 17:57:01 -08:00
Vadim Kurland
ceb6fc8865 fixes #2031 FreeBSD - firewall script command to delete existing routes fails 2011-02-04 16:32:08 -08:00
Vadim Kurland
e7083f157c fixes #2026 Compiler can now generate static routing configuration 
in rc.conf format for FreeBSD.
 2011-02-03 16:46:46 -08:00
Vadim Kurland
8fbb48b280 fixes #2021 since rc.conf format is only supported for FreeBSD, the option in the dialog should not be available for other OS 2011-02-03 16:06:13 -08:00
Vadim Kurland
8459b6e061 see #2023 refactoring determineOutputFileNames() 2011-02-03 15:44:24 -08:00
Vadim Kurland
424b6d0604 re-ran tests 2011-02-03 10:07:55 -08:00
Vadim Kurland
58ed0f4df2 re-ran tests 2011-02-03 10:06:20 -08:00
Vadim Kurland
2995ee37f5 re-ran tests 2011-02-03 10:03:49 -08:00
Vadim Kurland
5420f21ce1 re-ran tests 2011-02-03 09:56:08 -08:00
Vadim Kurland
129db6881c re-ran tests 2011-02-03 09:55:19 -08:00
Vadim Kurland
3d88c4ce46 fixes #2019 Cluster name is not prepended to the name of generated pf.conf file 2011-02-03 09:52:37 -08:00
Vadim Kurland
39eaf40722 see #1888, #2020, #2018 rc.conf format of the init script for PF on FreeBSD, includes inetrfaes. addresses, CARP, pfsync and pf initialization 2011-02-02 17:45:36 -08:00
Vadim Kurland
78e177f759 see #1890 re-ran tests 2011-01-31 18:38:08 -08:00
Vadim Kurland
dd86fcc5e2 see #1890 "Add 
support for configuring static routes on BSD". Implemented support
for simple static routing rules. ECMP and routing via interface
(routing to directly reachable subnets) are not
supported. Generated script preserves static routing entries that
existed before and attempts to recover in case of error. Needs
testing.
 2011-01-31 18:29:20 -08:00
Vadim Kurland
2c85c952bf see #1986 Cisco ASA remarks should be truncated to 100 characters or less; truncated remark lines 2011-01-25 11:25:20 -08:00
Vadim Kurland
d331ee7840 fixes #1966 IOSACL: object-group can get name that consists of only suffix 2011-01-24 18:28:48 -08:00
Vadim Kurland
7c1108204e see #1958 consistently use "exit" to get out of nested context in pix config 2011-01-24 16:41:34 -08:00
Vadim Kurland
5961400eb4 see #1981 ASA / FWSM Policy - Generate warning message if rule will not generate config data 2011-01-24 11:53:22 -08:00
Vadim Kurland
555e9425eb see #1968, #1972 object group deduplication finally works 2011-01-22 10:18:19 -08:00
Vadim Kurland
12d93a54c0 fixes #1963 move printing of object-group definitions to 
NamedObjectManager::getNamedObjectsDefinitions(); also refactoring of the code that generates "clear" commands
 2011-01-20 17:25:09 -08:00
Vadim Kurland
6b2d2c3a86 minor fix for iosacl 2011-01-20 14:41:44 -08:00
Vadim Kurland
34630953cc see #1959 ASA Policy - ranges are broken into composite network instead of using range command. I now create named objects to represent address ranges and put them into object-group, whcih I can then use in access-list commands 2011-01-20 14:34:00 -08:00
Vadim Kurland
7058a72f3e see #1965 ASA Policy - PIX 6.1 configurations use object groups 2011-01-20 10:10:10 -08:00
Vadim Kurland
ea2caa4413 see #1951 simplify object-group names 2011-01-20 09:54:08 -08:00
Vadim Kurland
02ce7747b6 test case for redirection rule for PF 2011-01-20 08:59:36 -08:00
Vadim Kurland
c34a758430 see #1959 ASA Policy - ranges are broken into composite network instead of using range command 2011-01-19 20:27:47 -08:00
Vadim Kurland
ca4c132e2b see #1954 "ASA NAT - generate warning if nat rule is split and one of the resulting nat rules have the same real interface and mapped interface". 2011-01-19 18:26:08 -08:00
Vadim Kurland
340c659677 see #1960 add support for CustomService for PIX policy rules 2011-01-19 11:59:53 -08:00
Vadim Kurland
701100b905 see #1942, #1943 fixed generation of the 
"object-group" statements by adding protocol keyword at the end so
that the group can be used in access-list commands.
 2011-01-18 19:36:01 -08:00
Vadim Kurland
15f8ba513c fixes #1956 rule processor NATCompiler_ipt::splitServices is redundant 2011-01-18 14:44:53 -08:00
Vadim Kurland
104a1bc287 using common rule processor separateSrcAndDstPort instead of the one specifically implemented only for iptables; Added Makefile to ipt test files in order to be able to run tests in parallel 2011-01-17 19:26:30 -08:00
Vadim Kurland
1b7a761d27 see #1916 nat rule must be "static" when subnet is present in TSrc 2011-01-17 17:54:47 -08:00
Vadim Kurland
bbb36271a6 see #1942 fixed test cases 2011-01-17 17:46:26 -08:00
Vadim Kurland
ca475b24d7 fixes #1948 incorrect configuration created when a CustomService object is used in a policy rule for PIX/ASA v<8.3 2011-01-17 14:35:55 -08:00
Vadim Kurland
8a91ae3882 fixes #1945 object-group names include ever-growing suffix 2011-01-17 13:52:00 -08:00
Vadim Kurland
b6b548f88f see #1944 ASA Policy - duplicate network object groups created for mixed service group with TCP dst and TCP src port range objects; FIXED 2011-01-17 13:20:38 -08:00
Vadim Kurland
bfce60d98d see #1943 ASA Policy - mixed service group with TCP destination port range and standard TCP object generates invalid config; protocol word "tcp" was missing after "deny". Generated configuration still does not load! 2011-01-17 13:04:02 -08:00
Vadim Kurland
f104cb6a11 see #1949 ASA NAT - split objects if OSrc contains objects that are in more than one network zone 2011-01-17 12:12:54 -08:00
Vadim Kurland
139d5ce2de * NamedObjectsAndGroupsSupport.cpp (processNext): Added support for 
CustomService objects in policy and nat rules for asa 8.3 using
named objects and object-groups.
 -- see #1942 "ASA NAT - if custom service is included in service
group incorrect config generated"
 -- see #1929 "move map named_objects inside class NamedObjectManager"
 -- see #1946 "restrict generation of the named objects by
PolicyCompiler_pix to ASA 8"
 -- see #1885 "named network and service objects in pix8"
 2011-01-16 23:02:49 -08:00
Vadim Kurland
e2c2725e6b see #1941 ASA NAT - compiler complains about range in original destination 2011-01-16 20:19:43 -08:00