onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-20 10:17:16 +01:00
Code Issues Releases Wiki Activity
4,064 Commits 3 Branches 3 Tags
Commit Graph

4064 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Vadim Kurland
3acb1c3787 minor fixes 2011-04-18 08:31:54 -07:00
Vadim Kurland
28072563fe minor fixes 2011-04-18 08:30:49 -07:00
Mike Horn
c75eda5c89 Merge branch 'development' of ssh://vc.netcitadel.com:2222/var/git/fwbuilder into development 2011-04-17 22:21:28 -07:00
Mike Horn
32780afaa1 minor updates to v4.2 release notes 2011-04-17 22:20:11 -07:00
Vadim Kurland
3dbfe5508b removed debug print 2011-04-17 17:42:05 -07:00
Vadim Kurland
019eba37ba gui should find correct reelase notes file 2011-04-17 17:36:28 -07:00
Vadim Kurland
25633190e0 release notes for 4.2.0 2011-04-17 16:50:26 -07:00
Vadim Kurland
5e1e377c6a * fwbedit.cpp (main): added command line switch "-d" to function 
"import" in fwbedit. This switch activates object deduplication
on import.
 2011-04-17 12:30:31 -07:00
Vadim Kurland
b3dbf7ce48 stripping binaries 2011-04-15 20:52:55 -07:00
Vadim Kurland
ff370be984 build fwbedit last because it depends on libgui at this time 2011-04-15 19:49:37 -07:00
Vadim Kurland
18256f52ef see #2275 fixed parser to make it understand multiport matches with negation 2011-04-15 18:49:31 -07:00
Vadim Kurland
94379ed9b5 * fwbedit.cpp (main): see #2328 "Add ability to run firewall import 
from the command line". This has been implemented as a new function
"import" in fwbedit. See man page fwbedit(1) and "fwbuilder -h" for
more details.
 2011-04-15 18:34:53 -07:00
Vadim Kurland
fbf7f4e6da see #2275 fixed parser to match a combination of any number of states separated by comma 2011-04-15 16:58:15 -07:00
Vadim Kurland
ef3485df4a see #2354 fixed parser to recognize top level "ip" commands that we do not use but that should not cause parser error 2011-04-15 16:51:15 -07:00
Vadim Kurland
6d5d1a9079 see #2353 fixed parser to parse access list rules matching icmp and service object-group 2011-04-15 16:35:31 -07:00
Vadim Kurland
c51a8123c8 see #2352 test case 2011-04-15 16:17:13 -07:00
Vadim Kurland
7260649b16 see #2352 fixed parser to be able to handle empty access list declarations (where access list is declared but has no rules) 2011-04-15 16:13:49 -07:00
Vadim Kurland
dbdfb93905 refactoring in preparation for command line import in fwbedit 2011-04-15 14:28:03 -07:00
Vadim Kurland
db80629918 see #2264 added test case for the "short" script format 2011-04-15 12:49:07 -07:00
Vadim Kurland
26484829e2 see #2342 parser will now recognize command "management-only" but not act on it in any way; this removes parser error 2011-04-15 12:39:46 -07:00
Vadim Kurland
6185a88ceb * iptables.g (multiport_tcp_udp_port_spec): see #2245 fixed bug in 
parser for iptables that prevented correct import of iptables rules
using module "multiport" with port range matches.
 2011-04-15 12:27:43 -07:00
Vadim Kurland
14258139ee * CompilerDriver_pix_run.cpp (pixSecurityLevelChecks): see #2351 
Security levels of ASA and FWSM interfaces do not have to be
unique. Removed check that enforced this.
 2011-04-14 18:58:36 -07:00
Vadim Kurland
dbb1e8ab57 see #2295 test for fwsm import 2011-04-14 18:54:22 -07:00
Vadim Kurland
8693c09eb4 see #2295 correctly setting platform and host OS for imported FWSM configs 2011-04-14 18:49:59 -07:00
Vadim Kurland
1bbe7fcac8 * IPTImporterRun.cpp (run): see #2275 removed debug print 2011-04-14 18:28:36 -07:00
Vadim Kurland
838116ab50 * IPTImporterRun.cpp (run): see #2275 Importer for iptables now 
correctly handles both "intrapositioned" ("-s ! address") and
"extrapositioned" ("! -s address") negation.
 2011-04-14 18:19:54 -07:00
Vadim Kurland
17263fb3ff see #2349 
Import hostname is used for interface names even if the firewall name is changed
 2011-04-14 16:51:47 -07:00
Vadim Kurland
0a50274c28 see #2295 added FWSM version 3.2 2011-04-14 16:34:38 -07:00
Vadim Kurland
9fd0a00218 see #2347 attach temporary acl to all interfaces 2011-04-14 16:06:21 -07:00
Vadim Kurland
1223e94ebf * platform/pix.xml: see #2348: "Accounting action is not valid for 
FWSM platform". Actions "Accounting" and "Reject" should not
appear in the drop-down list of actions in the GUI if platform is
pix or fwsm.
 2011-04-14 12:27:21 -07:00
Vadim Kurland
59f40e5d71 * PolicyCompiler_pix.cpp (printPreambleCommands): see #2347 "FWSM 
move up the "access-list mode auto-commit" command". Command that
configures access list commit mode should be issued before any
commands that clear and configure access lists. Also in this
change moving commands that set up temporary access list to the
top of the script.
 2011-04-14 12:11:15 -07:00
Vadim Kurland
3c0554c003 * PolicyCompiler_pix.cpp (printClearCommands): see #2322 If this 
is FWSM and if manual commit mode is used, need to commit after
clearing ACLs before we clear object groups.
 2011-04-14 11:47:05 -07:00
Vadim Kurland
41e1255101 fixes #2346 increase width of column "Comment" by 10 pixels 2011-04-13 20:45:08 -07:00
Vadim Kurland
1a9eda04a9 see #2338 updated unit test files 2011-04-13 20:36:18 -07:00
Vadim Kurland
d066f567f5 * IPTImporter.cpp (pushPolicyRule): see #2338 "Empty Mangle Policy 
object created on import". Iptables rules in the table mangle
will be imported in the dedicated Policy rule set with name
"Mangle". Rules that use chains FORWARD and POSTROUTING in table
mangle can not be reproduced and will be marked as "bad" (color
red and corresponding comment).
 2011-04-13 19:09:30 -07:00
Vadim Kurland
457fcd1660 see #2344 disabled ntp configuraton when host os is FWSM 2011-04-13 17:24:55 -07:00
Vadim Kurland
aa6be186da see #2345 updated test files 2011-04-13 17:11:43 -07:00
Vadim Kurland
c93421f0e3 * OSConfigurator_pix_os.cpp (_printSysopt): see #2345 More fixes for 
FWSM 4.x: "service resetoutbound", "timeout xlate", "timeout sunrpc"
 2011-04-13 17:10:16 -07:00
Vadim Kurland
0e303fe444 see #2343 updated unit tests 2011-04-13 15:42:51 -07:00
Vadim Kurland
6cc059b91c * OSConfigurator_pix_os.cpp (_printInterfaceConfiguration): see #2343 
"Interface nameif error when installing generated config for FWSM".
Use correct  "nameif" command sytax  in FWSM 2.x and 4.x.
 2011-04-13 15:33:50 -07:00
Vadim Kurland
074aae6427 see #2341 
fixed XML error introduced with FWSM config  import; build 3525
 2011-04-13 15:18:09 -07:00
Vadim Kurland
5c07a81c7b * OSConfigurator_pix_os.cpp (_printSSHConfiguration): see #2344 
"FWSM install errors for clear commands". Using correct syntax for
"clear" commands for FWSM v4.x
 2011-04-13 12:27:52 -07:00
Vadim Kurland
d64b12221a * PolicyCompiler_PrintRule.cpp (_printTarget): see #2235 "Modified 
rule action for Continue". Rules with action "Continue" should
translate into iptables commands without "-j TARGET" parameter. If
such rule also has logging enabled, it should use target "-j LOG"
instead of generating additional chain.
 2011-04-11 19:35:42 -07:00
Vadim Kurland
b49e76a052 * IPTImporter.cpp (pushPolicyRule): see #2206 Iptables commands with 
no "-j TARGET" parameter should be imported using action "Continue".
 2011-04-11 18:58:34 -07:00
Vadim Kurland
b2e9445cec iptables parser w/o tracing 2011-04-11 18:53:52 -07:00
Vadim Kurland
e9ffe7b67b * iptables.g (comment): see #2336 Importer for iptables recognizes 
version stored in the top comment by iptables-save and sets
version in the firewall object it creates.
 2011-04-11 18:17:48 -07:00
Vadim Kurland
aa4c661395 * utils.cpp (expand_interface_with_phys_address): see #2324 "NAT + 
MAC-matching rules not generated properly". Iptables NAT rules
matching a group of host objects with both IP and MAC addresses each
in "Original Source" were not generated properly.
 2011-04-10 18:58:29 -07:00
Vadim Kurland
f366e2dc66 * PolicyCompiler_PrintRule.cpp (_printOptionalGlobalRules): SF bug 
3178186 "Add ND/NS allow rules for the FORWARD chain". Rules that are
added automatically to ipv6 Linux firewall to permit neighbor discovery
packets should be also added to the FORWARD chain if the firewall is
a bridge.

see #2323
 2011-04-10 17:58:32 -07:00
Vadim Kurland
cac256054f * ObjectManipulator_create_new.cpp (actuallyCreateObject): see #2229 
"Multiple new objects with the same name". The GUI should automatically
choose unique object names for new objects.
 2011-04-10 17:28:46 -07:00
Vadim Kurland
8b0febcb23 * platforms.cpp (setInterfaceTypes): see #2224 "FreeBSD - Bridge 
interfaces with the name vlan<xx> dont show as Bridge Port
Interfaces". This actually applies to all OS where we support vlan
and bridge interfaces. Fwbuilder GUI should allow the user to set
subinterface type to both "ethernet" and "vlan" when its parent
interface has type "bridge". Setting subinterface type to
"ethernet" makes it bridge port, while setting the type to "vlan"
signals policy compiler that it should generate code to configure
real vlan interface. If the name of the subinterface does not
include the name of the parent, such as "vlan101", or when the
name does not match vlan ID, such as "vlan8101", global
preferences option "Verify interface names and autoconfigure their
parameters..." should turned off. The option is located in the
Preferences dialog, tab "Objects".
 2011-04-10 17:12:05 -07:00