onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-23 03:37:15 +01:00
Code Issues Releases Wiki Activity
2,223 Commits 3 Branches 3 Tags
Commit Graph

2223 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Vadim Kurland
3cfd19c79b * PolicyCompiler_ipt.cpp (PolicyCompiler_ipt::checkForShadowingPlatformSpecific): 
see #1417 (SF bug 2992177) rule with greater limit module rate
value shadows rule with lower rate value. Comments in the code explain
why.
 2010-04-27 16:58:05 +00:00
Vadim Kurland
ef2d783888 added comment to explain the logic behind shadowing detection with iptables limit modules 2010-04-27 16:15:20 +00:00
Vadim Kurland
29456bf2ea mention support for iptables modules limit, connlimit and hashlimit in shadowing detection 2010-04-27 00:58:47 +00:00
Vadim Kurland
4969dd185d mention support for OpenBSD 4.7 in release notes 2010-04-26 18:16:08 +00:00
Vadim Kurland
3a534ba839 fixes SF bug 2992177 linitation option hashlimitrate in gui 2010-04-26 16:32:58 +00:00
Vadim Kurland
72307e1bfa see #1417 (SF bug 2992177): compiler should compare 
limit rate value and other parameters set for modules limit, connlimit
and hashlimit while deciding if rules shadow each other.
 2010-04-26 16:27:57 +00:00
Vadim Kurland
6773503bdd fixes #1423 extend limits for "state limit" and "timeout adaptive scaling" for PF 2010-04-26 00:55:28 +00:00
Vadim Kurland
b5044622f6 finally suppressed annoying debug prints FWCmdBasic::mergeWith 2010-04-26 00:41:00 +00:00
Roman Bovsunivskiy
f3cf357977 CustomServiceDialog unit test 2010-04-25 16:53:22 +00:00
Roman Bovsunivskiy
0ddae207d7 UDPServiceDialog unit test 2010-04-25 16:45:15 +00:00
Vadim Kurland
b9cfc1f5b8 * PolicyCompiler_ipt.cpp (PolicyCompiler_ipt::checkForShadowingPlatformSpecific): 
fixes #1417 rule shadowing detection should recognize different rule options.
Policy compiler for iptables takes into account rule options for modules
limit, connlimit and hashlimit when it considers rules for rule shadowing.
 2010-04-25 03:00:05 +00:00
Vadim Kurland
5f58d6bcf2 * instDialog.cpp (instDialog::show): fixed #1419: clear progress 
log display when instDialog is opened
 2010-04-25 01:54:41 +00:00
Vadim Kurland
3c420d0c92 see #1406 now definitely including installer log into unit test log on failure; using root account for testing, this only works when test can use ssh-agent authentication 2010-04-24 21:58:54 +00:00
Vadim Kurland
55ebd3a89c see #1406 add pause before an attempt to read installer progress log 2010-04-24 19:35:24 +00:00
Vadim Kurland
18a73c756e see #1406 include installer log in the test failure message when test fails 2010-04-24 18:58:09 +00:00
Vadim Kurland
3360977c2d * MangleTableCompiler_ipt.cpp (keepMangleTableRules::processNext): 
fixed #1415 "action branch that creates branch in mangle table
should branch in FORWARD chain". Rule with "any" in src and dst
and action Branch with option "branch in mangle table" will go
into FORWARD chain in addition to the PREROUTING and POSTROUTING
chains as before. Note that choice of PREROUTING or POSTROUTING
chains depends on direction.
 2010-04-24 01:41:47 +00:00
Vadim Kurland
a23b39d61a added unit test for #1418 - test actually compiles a firewall, then tries to open instDialog again and makes sure the "compile" checkbox is now off 2010-04-24 00:29:25 +00:00
Vadim Kurland
614f5b094e * instDialog.cpp (instDialog::show): fixed #1418 "install 
checkboxes disappear from the compile/install dialog". This was a
regression introduced when we fixed #547 ("User can open multiple
compile/install dialogs")
 2010-04-24 00:02:46 +00:00
Vadim Kurland
9c0a3110b2 see #1418, #1089, #1153, #1405, #1381 moved one test to instDialogClusterTest where it belongs, implemented test for the "install" function that was missing, added tests for the hidden/visible column in the dialog and tests for the checkable columns 2010-04-23 22:27:03 +00:00
Vadim Kurland
647343fb62 see #1408 2010-04-23 21:27:47 +00:00
Vadim Kurland
4c6518d5d3 * PolicyCompiler_PrintRule.cpp (PrintRule::_printTarget): fixes #1416 
leading blank space in front of the custom action is missing.
SF bug 2991397.
 2010-04-23 18:22:08 +00:00
Vadim Kurland
433b8332a7 * NATCompiler_pf.cpp (VerifyRules::processNext): see #1401. Because 
of the change in the nat and rdr rules syntax in 4.7, I can no
longer implement no-nat rules correctly for this version. They
dropped the "no" keyword and their examples suggest using "pass"
to implement exclusions for the nat rules. I need no-nat rule to
just not translate but not make a decision whether the packet
should be passed or dropped. In the new PF model, translation
rules are just options on the matching policy rules and they do
not offer any keyword or option to not translate.
 2010-04-23 04:38:51 +00:00
Vadim Kurland
fdb388659d * NATCompiler_pf_writers.cpp (PrintRule::processNext): fixes #1401 
nat rules syntax has changed in OpenBSD 4.7. Nat and rdr rules in
4.7 should be implemented using action "match" and keywords
"nat-to" and "rdr-to"

* PolicyCompiler_pf_writers.cpp (PrintRule::_printAction):
fixes #1414: use "match" action for tagging. Policy rules
with action Tag should use pf action "match" instead of "pass"
if version is 4.6 or later.
 2010-04-23 04:10:59 +00:00
Vadim Kurland
4d205e259f * PolicyCompiler_ipt.cpp (PolicyCompiler_ipt::insertFailoverRule): 
fixes #1411 "automatic rules for the HA protocol should match
source IP". Rules added for heartbeat in unicast mode already
matched source IP, this change makes rules added for VRRP, OpenAIS
and heartbeat in muticast mode also match source address.
 2010-04-20 23:10:46 +00:00
Vadim Kurland
3df762b301 * RoutingCompiler.cpp (reachableAddressInRGtw::checkReachableIPAddress): 
fixes #1410 "Problem with route for 4.0.0-b2809". Compiler did
not allow vlan subinterface as a gateway in a routing rule.
 2010-04-20 18:07:05 +00:00
Vadim Kurland
b6a7824ff5 fixes #1409, SF bug 2985886. 
Depending on the combination of the activated options, shell
functions in the generated launcher script could have no body,
which is a syntax error in bash.
 2010-04-20 17:24:59 +00:00
Vadim Kurland
c88c5d726b now run-tests.py deals with Xvfb instead of scripts inside fwbuilder module 2010-04-19 19:47:31 +00:00
Vadim Kurland
f778743b89 use Xvfb only if env variable DISPLAY is not set 2010-04-19 17:54:39 +00:00
Vadim Kurland
6aa670d538 start and stop Xvfb for each unit test separately in an attempt to fight its constant crashes on Ubuntu intrepid 2010-04-19 17:22:07 +00:00
Roman Bovsunivskiy
ae315edfcb Unit test for TCPService Dialog 2010-04-19 07:02:41 +00:00
Roman Bovsunivskiy
b60c803eac Using "username" string to userid if UserServiceDialog unit test 2010-04-17 16:29:29 +00:00
Roman Bovsunivskiy
53b16c3c51 UserServiceDialog, ICMP6ServiceDialog, ICMPServiceDialog and TagServiceDialog unit tests 2010-04-17 14:15:15 +00:00
Roman Bovsunivskiy
cf8777a655 Removed old unused file 2010-04-16 16:55:00 +00:00
Roman Bovsunivskiy
ca64405f07 Removed unused timer 2010-04-15 10:13:14 +00:00
Roman Bovsunivskiy
74a2949ec2 Updated instDialogInstallTest unit test to match current instDialog 2010-04-14 17:22:25 +00:00
Roman Bovsunivskiy
10c488cba2 Now user can not open more than one instDialog. Fixed #547. 2010-04-14 17:16:01 +00:00
Adrian-Ken Rueegsegger
37c67a80b8 Secuwall: Extract ref files from archive (Fixes: #1399). 
The reference files for the unit test are extracted from a tarball
prior to running the tests. This ensures that the reference data
contains the intended files and no additional files (e.g. svn).
 2010-04-14 14:50:16 +00:00
Roman Bovsunivskiy
f9de28a8f3 Splitted instDialogTest (fixed #1405) and fixed #1381 2010-04-13 02:09:26 +00:00
Vadim Kurland
92a8a0cf3e updated test case 2010-04-10 17:52:13 +00:00
Vadim Kurland
42a9419376 added test descriptions to the comment at the top of the module 2010-04-10 17:51:42 +00:00
Vadim Kurland
f05f657700 * RoutingCompiler_ipt.cpp (RoutingCompiler_ipt::epilog): fixed #1404 
call to function restore_script_output in the generated iptables
script is sometimes added without function definition
 2010-04-09 21:29:29 +00:00
Vadim Kurland
33a1980b4d * NATCompiler_pf.cpp (ReplaceFirewallObjectsODst::processNext): 
fixes #1397   PF compiler fix: destination nat rule with fw object
in ODst should skip "on intf"
 2010-04-09 20:11:16 +00:00
Vadim Kurland
4f8eeb9b1f refs #1403, #1150 updated release notes 2010-04-09 19:50:58 +00:00
Vadim Kurland
4bbe1c2b12 * NATCompiler_ipt.cpp (AssignInterface::processNext): fixes #1403 
refs #1150  "Using ip address of wrong interface" is broken in v4.0.
 2010-04-09 19:50:03 +00:00
Vadim Kurland
8ceb3fd45f * ProjectPanel_state_ops.cpp (ProjectPanel::saveState): fixed #1402 
GUI crashes on exit when no rules are opened in the ruleset panel view
 2010-04-09 17:11:37 +00:00
Vadim Kurland
0417a1ba52 * ObjectTreeViewItem.cpp (ObjectTreeViewItem::data): fixed #1398 
bold font and "*" in the tree indicate firewalls that require
installation but should indicate those that require recompile
 2010-04-09 16:53:27 +00:00
Adrian-Ken Rueegsegger
215186707d Add secuwall unit test. 
This test generates the cluster configuration and secuwall-specific
config files which are then compared to a reference fileset.
 2010-04-09 14:17:09 +00:00
Adrian-Ken Rueegsegger
fe2b8afd29 Secuwall: Allow none as failover protocol (Fixes: #1367). 2010-04-09 14:17:03 +00:00
Vadim Kurland
dfdde2c857 * interfacePropertiesObjectFactory.cpp: fixed #1396, SF bug 2984193 
Vlan error when OpenWrt is selected as host
 2010-04-09 02:52:44 +00:00
Vadim Kurland
c1708d457a fixes #1394 using existing virtual functions that expand multiple addresses to expand cluster interfaces. Now it is possible to use interface of a cluster different from the one being compiled in rules 2010-04-09 02:29:27 +00:00