bug 3012953: iptables importer sometimes does not recognize rule
with " ESTABLISHED,RELATED ". Parser properly processed iptables
rules with state "RELATED,ESTABLISHED" but not when states were
in the opposite order.
3012953 name of UDP and TCP objects created during import should
follow the same pattern and not include "0-0" for the source ports
if they are equal to zero.
settings object and file in the .ini format to store instance uuid
to ensure uuid persistence on windows across upgrades done with
complete deinstall. Fixes#1497
workflow progress flags for an attempted install and first
successful install. Both flags are boolean true/false indicating
that the even occurred. We do not track and do not report any
information about the firewall, platform, rules etc. These flags
will be used to determine how many users abandon the program
before even trying to run install for real because it is too
complicated or the UI is not good enough. Fixes#1495
* UserWorkflow.cpp (UserWorkflow::flagsToQueryString): added user
workflow flag indicating that ssh/scp have been configured in the
Prefereces dialog. The flag is boolean and registers only the fact
that something was entered in ssh and scp fields. Actual path and
programs used are not registered and reported. Fixes#1496
refs #1483 If program detects change in CustomService object and
the change just adds code string for a platform that was not
in the object in the users data file, the change is accepted without
showing the dialog.
* ../src/res/objects_init.xml.in: fixed#1483 "missing code in the
custom service object ESTABLISHED for ProCurve"
one-time announcements that can be pulled from the web site
when version check server says there is one. Announcement is
shown only once. To do this, I store time stamp when it was shown
in settings using hash of the announcement url.
* Help.cpp (Help::setSource): made class Help capable of
downloading contents via HTTP.
r2896 because of the user complaints. It appears to be more
convenient if Policy, NAT and Routing objects open in the rule set
view on double click but not in the editor. Second double clik
opens these objects in the editor.
* UserWorkflow.cpp (UserWorkflow::report): see #1466 Implemented
instrumentation that should help us improve user experience. Will
track few things that new users do (or dont) and report as a
combination of bit flags at the end of the GUI session. Reporting
things such as if user looked at "Getting Started" tutorial, if
they created their first firewall object, modified any rules,
tried to compile or install. Information passed in the report is
strictly a set of boolean flags, is not identifiable and does not
reveal what firewall platform they are using or anything about
their objects and rules.
SourceForge bug 3004274: "Branch rule set object displays
improperly". Branch rule set attribute was not loaded properly
into Branch action dialog for rules of PF firewalls.
restored function of the "comment the code" in the "Script
options" of the firewall settings dialog for Cisco IOS ACL and
ProCurve ACL. When this checkbox is off, comments are not
added to generated script.
fixed#1460 "when "show icons in rules" is turned off, there is no
way to tell when logging is turned on and non-default options are
present in a rule".
* fixed#1339 "Logging" icon appears looking the same as "Rule
options" icon on Mac
fixed#1458 Should permit interface name "br-lan" for bridge interface
on Linux. Bridge interfaces on Linux can have any name, including those
with "-". OpenWRT creates bridge interface with the name "br-lan" by
default.
importer should parse multiport module parameter --ports". Module
multuport with parameter "--ports" matches either source or
destination port numbers. Importer creates two tcp (or udp)
service objects to implement this match.
support some popular iptables modules". Added support for module
"recent" and rules that match standard ip/icmp/udp/tcp protocols
and at the same time module "mark", "length", "limit" or "recent".
Rules like these are translated into a combination of a branching
rule and additional rule in a branch rule set that implements
module match.
ticket 3000809: iptables parser can now import "mark" module
matches with hexadecimal parameters and "length" module
matches. Also added check in the importer for broken iptables-save
files where rules for any table are not terminated with "COMMIT".
