* Compile time checking adjust includes and code for deprecated features
* QHttp class is removed from Qt5 so the custom HttpGet class is
disabled when compiling with Qt5. The api on fwbuilder.org isn't
working, so the code for getting tips and checking if a new version is
available must be rewritten anyway.
There's a "data directory" setting under user preferences. If the
user selects an address table file using "choose file" and that
file is "inside" the data directory, then the appropriate part of
the path is replaced with %DATADIR% as a variable. If the address
table is marked "run-time" then the path is taken from the
firewall data directory option.
change in other directories the dependent files don't get recompiled.
Fixed up INCLUDEPATH in various places.
Removed -pthread as an INCLUDEPATH (leads to bogus -I-pthread).
* pf.cpp (main): more changes to add support for
externally-controlled policy rulesets for PF: if policy ruelset
name ends with "/*", the program assumes it is controlled by
external means and does not compile rules in it and does not
create .conf file from it.
* PolicyCompiler_pf_writers.cpp (PrintRule::_printAction): Added
support for anchor names with "/*" suffix for PF. Now the user can
create policy ruleset with name e.g. "ftp-proxy/*" and then set up
branching rule pointing to this ruleset. This ruleset is treated
by the program in a special way. First, it allows characters "/"
and "*" in the name of the ruleset (but only for PF firewalls).
Second, compiler does not create a .conf file with rules from this
ruleset, assuming that it will be controlled by external program
such as ftp-proxy. See man page ftp-proxy(8) for examples.
* pf.cpp (main): fixed bug (no #): compiler for pf added code
provided in the "prolog" section while option was set to "add
after table definitions" in the incorrect place.
* PolicyCompiler_pf.cpp (PolicyCompiler_pf::addDefaultPolicyRule):
Deprecated options "generate commands for both in and out" and
"pass all outgoing" in compiler for PF. Before, user could choose
whether compiler was to generate only commands to match inbound
packets or both inbound and outbound. The distinction between
these two modes became very minimal in the recent versions of
fwbuilder because algorithm was mostly controlled by the setting
of "direction" in the policy rules. Now these two options have
been removed completely, the behavior of the compiler is as if
option "generate both in and out" was used.
* pf.cpp (main): Compiler can add command "pfctl -F states" after
command "pfctl -f file.conf" to flush states that existed in
memory from sessions opened prior to the policy reload. The reason
is that some of these sessions might be denied by the new policy,
but if state is not flushed, they will still work after policy
reload. This is optireloand is controller by checkbox in the
"Script" tab of the "advanced" settings dialog for the PF
firewall.
* ipt.cpp, ipfw.cpp, pf.cpp, iosacl.cpp: changes for FR #2431602:
support for rulesets configured as "dual address family", that is,
rulesets that should be compiled for both ipv4 and ipv6.
* RuleSetDialog.cpp (RuleSetDialog::applyChanges): implemented
feature request #2431602: "Feature request: Unified
policies (IPv4/v6)". RuleSet object now has two variables that
define which address family it should be compiled for - ipv4 or
ipv6. It is possible to have both set, in which case the same
ruleset will be compiled for both address families.
