onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-20 18:27:16 +01:00
Code Issues Releases Wiki Activity
3,807 Commits 3 Branches 3 Tags
Commit Graph

1102 Commits

Author SHA1 Message Date
Vadim Kurland
69d277ce41 see #2181 importr recognizes -i and -o 2011-03-06 20:14:47 -08:00
Vadim Kurland
2717d09f7e see #2170 checking combination of -i and -o interface and chain 2011-03-06 19:57:45 -08:00
Vadim Kurland
5c25bfb711 * IPTImporter.cpp (pushPolicyRule): see #2189 Policy importer 
warnings and errors now include line numbers to help find relevant
lines in the original configuration file.
 2011-03-06 13:16:11 -08:00
Vadim Kurland
d82b81682e fixes #2183 count errors and warnings generated by the importer and show the numbers in the progress page of the wizard 2011-03-05 15:48:02 -08:00
Vadim Kurland
85afa6dc8e see #2162 renamed menu item File / Import Firewall; see #2179 button Finish should be disabled while importer is still running 2011-03-05 11:06:22 -08:00
Vadim Kurland
2e65d946da see #2161 import wizard finished 2011-03-04 18:06:54 -08:00
Vadim Kurland
0ed86de82a new policy import wizard; see #2161 - automatic detection of firewall platform and host name works 2011-03-04 13:34:45 -08:00
Vadim Kurland
a0eb7989ef build 3491 2011-03-01 17:20:44 -08:00
Vadim Kurland
19ce284f21 see #2156 select new firewall in tree, expand subtree and open firewall object in the editor after successful import 2011-02-27 13:30:22 -08:00
Vadim Kurland
689e54005d see #2160 "Installer reports error "Generated script file 
<firewall>.fw not found."". The problem was intorduced earlier
while fixing #2047
 2011-02-27 12:39:22 -08:00
Vadim Kurland
73500e15c5 see #2153 Wizard shows 
additional page when user imports PIX/ASA config. This page
explains concept of network zones and offers UI to let them choose
network objects or groups as a network zone of each interface.
 2011-02-26 20:45:57 -08:00
Vadim Kurland
ff53d6bd07 see #2145 Vlan interfaces discovered in the process of PIX configuration 
import should be created as subinterfaces of the corresponding
parent with correct interface type and vlan id.
 2011-02-26 12:17:23 -08:00
Vadim Kurland
1714e27233 see #2146 Issue a warning when 
parser encounters "standby" parameter in an interface
configuration. We do not support import of PIX failover
configuration at this time.
 2011-02-26 11:09:38 -08:00
Vadim Kurland
1258c4580e new build 3488; see #2147 "ASA Import - some versions are not detected correctly". SEtting version in the created firewall object to the best match of the version found in imported config 2011-02-26 10:45:40 -08:00
Vadim Kurland
59562d852c see #87 tested parser on pix6, pix7 and asa8 configs, making sure it parses different interface configurations correctly 2011-02-25 20:40:04 -08:00
Vadim Kurland
98a2f51d52 see #2047 
Do not
pass full path to the output file as an argument of the "-o"
option when the GUI launches policy compiler. Since the "-d"
option passes directory path where files sould be saved, actual
file names do not need to be absolute path, except if the user
entered absolute path for the output file name in the firewall
settings dialog.
 2011-02-24 18:55:55 -08:00
Vadim Kurland
5b3160267d * configlets/freebsd/installer_commands_root: see #2143 "installer 
should run /etc/rc.d/pf script to reload PF rules on FreeBSD when
generated script is in rc.conf format"
 2011-02-24 17:28:57 -08:00
Vadim Kurland
d841231a28 * AddressTableDialog.cpp (browse): see #2140 "Attempting to create 
new Address Table file results in read-only error". Implemented
support for the workflow when user wants to create the file used
to feed addresses to the AddressTable object.
 2011-02-24 11:10:52 -08:00
Vadim Kurland
da776105be see #2139 show warning dialog and offer choice: open file for veiwing read-only or cancel 2011-02-24 10:19:46 -08:00
Vadim Kurland
25fa09d626 see #2135 Editing table objects 2011-02-23 19:28:22 -08:00
Vadim Kurland
85dad674bf new build 3485 
* configlets/linux24/shell_functions: see #2130 "unnecessary
output when iptables script runs on the firewall". Ever since I
switched to using "command" to verify that various system
utilities generated script needs are present and can be used, the
scirpt produced extra lines in the log printing full path and
names to /usr/bin/logger, /sbin/ip etc. These lines are
unnecessary and should not be there. This problem was introduced
some time during the work on 4.2.0
 2011-02-22 15:26:06 -08:00
Vadim Kurland
7bf0f8a4f4 see #2129 
deprecate "test install" function. We have decided to deprecate test install because it is rather heavy-handed on Linux and PIX where it reboots the firewall and plain does not work on *BSD.
 2011-02-22 15:12:26 -08:00
Vadim Kurland
e84751e95c see #2008 compiler avoids INPUT/OUTPUT chain if interface in the rule column "Interface" is a bridge port and firewall is bridging firewall (which means we are going to use --physdev-in or --physdev-out option for this rule) 2011-02-21 17:06:43 -08:00
Vadim Kurland
8ee59ebbf8 * newFirewallDialog.cpp (monitor): see #2126 Using snmp sysDescr 
OID to guess version of the new firewall when it is created using
snmp polling.
 2011-02-21 16:34:29 -08:00
Vadim Kurland
cdbd1e35c3 see #1990 newly created PIX/ASA firewalls now have "generate outbound acl" option turned on by default 2011-02-21 15:11:47 -08:00
Vadim Kurland
b42fe3e802 see #1678 When creating a firewall from template it appears that a default template is selected 2011-02-21 13:52:09 -08:00
Vadim Kurland
264d6bc3ee see #1971 dialog does not let user enter range end address lower than range start address 2011-02-21 13:35:13 -08:00
Vadim Kurland
966533a672 see #2113 added pattern for ASA interface descriptions which is different from PIX interface descirptions 2011-02-21 11:33:25 -08:00
Vadim Kurland
56f81407f1 fixes #2124 some error messages get multiplied when compiler splits rules 2011-02-20 21:32:58 -08:00
Vadim Kurland
e9e7f89cf2 see #1920 Setting host interface to unnumbered after it has been assigned IP address doesnt have desired effect 2011-02-20 18:03:21 -08:00
Vadim Kurland
4136d63957 see #2098 support for interfaces in PIX/ASA NAT rules; see #153 deprecating Rule::getInterfaceStr() 2011-02-19 19:13:01 -08:00
Vadim Kurland
73c31a589f see #2117 CARP interfaces in cluster that use VLAN interaces have no interface set to MASTER 2011-02-19 16:17:25 -08:00
Vadim Kurland
aea53d35eb see #2116 "When CARP interface IP address cant be assigned error or warning should appear". Script should abort if command trying to add an ip address to an interface fails 2011-02-19 15:33:30 -08:00
Vadim Kurland
d0ae7bac01 * NATCompiler_ipt.cpp (processNext): see #2097 #133 "support for 
inbound and outbound interface columns in iptables NAT
rules". This also addresses SF feature requests 1954286 "DNAT with
interface as condition not possible" and 621023 "manipulating
interface in NAT rule".
 2011-02-17 17:47:42 -08:00
Vadim Kurland
f8b668e691 see #2101 setting master advskew to 10 and default advskew to 20 2011-02-17 15:02:45 -08:00
Vadim Kurland
91f16fb85a documenting decision to stop making builds on Hardy. See #2107 2011-02-17 14:36:17 -08:00
Vadim Kurland
fdb899bdd2 * NATCompiler_ipf.cpp (processNext): see #133, fixes #2108 making 
nat compiler for ipfilter work with interface column, however the
column is not exposed to the user. Compiler behavior should be
backwards compatible with older versions of fwbuilder.
 2011-02-17 12:06:50 -08:00
Vadim Kurland
100dca74bb * NATCompiler_pf.cpp (processNext): see #133. MErged code from the 
branch, running tests. Making sure rules that have firewall
object in ODst and interface columnblank end up with rdr command
without "on interface" clause as before.
 2011-02-17 11:50:14 -08:00
Vadim Kurland
ee2204086e new build 3479a 2011-02-16 20:03:44 -08:00
Vadim Kurland
c042430cb2 merged from branch development; see #2095 "Support for interface groups in "nat" and "rdr" rules", see #2096 "support for negation in "Interface" column of PF NAT rules" 2011-02-16 19:55:07 -08:00
Vadim Kurland
59dc81c424 see #2100 carp password should be optional 2011-02-16 16:48:29 -08:00
Vadim Kurland
8b158c0a74 * OSConfigurator_bsd_interfaces.cpp (configureInterfaces): make 
sure we print "ifconfig" commands for mtu and other parameters for
all interfaces, including those with no ip addresses and bridge
ports (unnumbered interfaces used to be skipped before)
 2011-02-16 16:23:54 -08:00
Vadim Kurland
174686d281 * ObjectTreeView.cpp (startDrag): fixes #2099 "Object list scrolls 
up to the last edited object". Object tree used to scroll
spontaneously when user started dragging an object from it to a
rule.
 2011-02-16 15:33:07 -08:00
Vadim Kurland
1f8363c84e * configlets/bsd/update_vlans: see #2105: generated script now 
supports vlan interfaces with names that do not match vlan IDs
(OpenBSD, FreeBSD, shell script format).
 2011-02-16 15:22:47 -08:00
Vadim Kurland
a58445ed16 see #1807, #2104 arrange interface configuration commands in the 
generated scritpt in such order that bridge and carp interfaces
are configured after all other interfaces are done.
 2011-02-16 14:42:06 -08:00
Vadim Kurland
9ae36f6632 see #2103 added checkbox to disable interface name validation checks and autoconfiguration of vlan interface IDs 2011-02-16 13:27:38 -08:00
Vadim Kurland
6135cf8acb see #133 added support for inbound and outbound interfaces in nat rules (DTD, libfwbuilder API); added support for an interface column in PF NAT rules (using outbound interface rule element): changes in GUI and compiler 2011-02-15 18:56:05 -08:00
Vadim Kurland
0df4ae9abd * ActionsDialog.cpp (setRule): see #1871 "PF Actions Tag and 
Classify can be terminating or non-terminating". Added checkbox to
the action properties dialog for actions Tag and Classify for PF
that lets the user choose if these actions should be terminating
or not. Old behavior (Tag was non-terminating and Classify was
terminating) is reflected in default settings of the checkboxes.
Terminating rules generate "pass quick" commands, while
non-terminating rules generate "pass" commands (no "quick" option).
 2011-02-15 14:20:27 -08:00
Vadim Kurland
bee424b3d0 fixes #2091 ethernet intrface options a used twice if the interface is a bridge port 2011-02-14 16:08:54 -08:00
Vadim Kurland
b5d57a740b fixes #2092 parameter "stp" is now optional and is controlled by a checkbox in the interface settings dialog 2011-02-14 15:15:23 -08:00