onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-24 04:07:55 +01:00
Code Issues Releases Wiki Activity
3,583 Commits 3 Branches 3 Tags
Commit Graph

1033 Commits

Author SHA1 Message Date
Vadim Kurland
93b3b12bab see #2000 Added page to the new firewall wizard to let the 
user configure network zones of interfaces when chosen firewall
platform supports network zones (only PIX/ASA right now).
 2011-01-28 16:43:13 -08:00
Vadim Kurland
a8dd192bec see #1983 ASA multiple interfaces have the same security level; using QTableWidget with QSpinBox widgets in the last column to let the user edit secrity levels directly 2011-01-28 13:13:14 -08:00
Vadim Kurland
5ec0e428dd see #1998 update ChangeLog to reflect latest change 2011-01-28 09:58:25 -08:00
Vadim Kurland
eb984a4e39 new build 3452 2011-01-27 22:12:27 -08:00
Vadim Kurland
8e0159f197 see #1996 2011-01-27 19:23:53 -08:00
Vadim Kurland
a67aaacb26 * IOSImporterRun.cpp (run): see #1931 "Update failed import 
behavior". Added meaningful error messages for when policy
importer fails to create firewall object or does not create
interface objects or any rules.
 2011-01-27 13:09:06 -08:00
Vadim Kurland
b3f34b06ac * Rule.cpp (removeRef): fixes #1997 "add removeRef and addRef 
methods to class NATRule". Now undo and redo correctly remove and
restore references to NAT rule sets in NAT rules with action
Branch.
 2011-01-27 11:58:02 -08:00
Vadim Kurland
804189fb75 * Rule.cpp (addRef): fixes #1991 "Undo does not restore object as 
a parameter of policy rule action Branch or Tag after it was
deleted deleted". Now Undo restores references to rule sets and tag
services as arguments of corresponding policy rules, as well as
references to objects configured as interface network zones.
 2011-01-27 11:50:03 -08:00
Vadim Kurland
9cc60050ee see #1987 Deleting object that is used as Network Zone for ASA/PIX interface results in inconsistent behavior. When an object that is used as a network zone of some interface is deleted, it should be removed from that interface configuration as well. 2011-01-27 11:35:24 -08:00
Vadim Kurland
4bba7533c8 see #1995 Crash when compiling a cluster with identical firewalls. Needed to call base class Firewall::init() to create Policy, NAT and Routing objects. The fact that member firewalls are identical as reported in the ticket is a red herring 2011-01-27 11:06:31 -08:00
Vadim Kurland
535b8e27eb see #1994 Crash when compiling a firewall in an imported Library. Compilers reset read-only flags on the firewall and all objects in the tree above it before making any changes to the copy of the tree they work with 2011-01-27 10:54:11 -08:00
Vadim Kurland
cf543d7adf fixes #1992, #1993, see #1994 2011-01-26 21:49:31 -08:00
Vadim Kurland
eb61a51c89 fixes #1989: 
Got rid
of global variables sysfname, tempfname, librespath, respath and
localepath; will now use class Constants to keep this information.
 2011-01-26 13:27:57 -08:00
Vadim Kurland
9b1c98f0f4 fixes #1937 RES_DIR macro is defined twice 2011-01-25 17:09:20 -08:00
Vadim Kurland
71a94277a8 fixes #1985 implement FWObjectDatabase::setPredictableIds as virtual function 2011-01-25 16:38:35 -08:00
Vadim Kurland
2c85c952bf see #1986 Cisco ASA remarks should be truncated to 100 characters or less; truncated remark lines 2011-01-25 11:25:20 -08:00
Vadim Kurland
d331ee7840 fixes #1966 IOSACL: object-group can get name that consists of only suffix 2011-01-24 18:28:48 -08:00
Vadim Kurland
498d9456ca see #1980 Objects from Deleted Objects should not be allowed to be used in rules 2011-01-24 17:09:49 -08:00
Vadim Kurland
7c1108204e see #1958 consistently use "exit" to get out of nested context in pix config 2011-01-24 16:41:34 -08:00
Vadim Kurland
7e7f5509d2 see #1970 ASA Policy - single IPv6 icmp object allowed in rules 2011-01-24 16:33:43 -08:00
Vadim Kurland
5961400eb4 see #1981 ASA / FWSM Policy - Generate warning message if rule will not generate config data 2011-01-24 11:53:22 -08:00
Vadim Kurland
5ca7d180e3 call context menu item "Inspect" instead of "Edit" when object is read-only 2011-01-22 19:51:45 -08:00
Vadim Kurland
36831643af fixes #1926 Crash when moving object in Standard library 2011-01-22 19:47:09 -08:00
Vadim Kurland
7d3b11796d see #1976 disable "Paste" context menu items when object in the clipboard has been deleted 2011-01-22 19:38:40 -08:00
Vadim Kurland
555e9425eb see #1968, #1972 object group deduplication finally works 2011-01-22 10:18:19 -08:00
Vadim Kurland
12d93a54c0 fixes #1963 move printing of object-group definitions to 
NamedObjectManager::getNamedObjectsDefinitions(); also refactoring of the code that generates "clear" commands
 2011-01-20 17:25:09 -08:00
Vadim Kurland
34630953cc see #1959 ASA Policy - ranges are broken into composite network instead of using range command. I now create named objects to represent address ranges and put them into object-group, whcih I can then use in access-list commands 2011-01-20 14:34:00 -08:00
Vadim Kurland
7058a72f3e see #1965 ASA Policy - PIX 6.1 configurations use object groups 2011-01-20 10:10:10 -08:00
Vadim Kurland
ea2caa4413 see #1951 simplify object-group names 2011-01-20 09:54:08 -08:00
Vadim Kurland
c34a758430 see #1959 ASA Policy - ranges are broken into composite network instead of using range command 2011-01-19 20:27:47 -08:00
Vadim Kurland
ca4c132e2b see #1954 "ASA NAT - generate warning if nat rule is split and one of the resulting nat rules have the same real interface and mapped interface". 2011-01-19 18:26:08 -08:00
Vadim Kurland
e20321fc74 see #1953 "ASA NAT - two host 
objects in the same rule result in incorrect config".
 2011-01-19 14:19:00 -08:00
Vadim Kurland
340c659677 see #1960 add support for CustomService for PIX policy rules 2011-01-19 11:59:53 -08:00
Vadim Kurland
e744ddf200 new build, minor text fix in ChangeLog 2011-01-18 19:42:41 -08:00
Vadim Kurland
701100b905 see #1942, #1943 fixed generation of the 
"object-group" statements by adding protocol keyword at the end so
that the group can be used in access-list commands.
 2011-01-18 19:36:01 -08:00
Vadim Kurland
1b7a761d27 see #1916 nat rule must be "static" when subnet is present in TSrc 2011-01-17 17:54:47 -08:00
Vadim Kurland
b50e70bf92 see #1942 splitting rule to have only one custom service per rule, then getitng protocol word from the custom object 2011-01-17 17:34:14 -08:00
Vadim Kurland
ca475b24d7 fixes #1948 incorrect configuration created when a CustomService object is used in a policy rule for PIX/ASA v<8.3 2011-01-17 14:35:55 -08:00
Vadim Kurland
8a91ae3882 fixes #1945 object-group names include ever-growing suffix 2011-01-17 13:52:00 -08:00
Vadim Kurland
b6b548f88f see #1944 ASA Policy - duplicate network object groups created for mixed service group with TCP dst and TCP src port range objects; FIXED 2011-01-17 13:20:38 -08:00
Vadim Kurland
bfce60d98d see #1943 ASA Policy - mixed service group with TCP destination port range and standard TCP object generates invalid config; protocol word "tcp" was missing after "deny". Generated configuration still does not load! 2011-01-17 13:04:02 -08:00
Vadim Kurland
f104cb6a11 see #1949 ASA NAT - split objects if OSrc contains objects that are in more than one network zone 2011-01-17 12:12:54 -08:00
Vadim Kurland
139d5ce2de * NamedObjectsAndGroupsSupport.cpp (processNext): Added support for 
CustomService objects in policy and nat rules for asa 8.3 using
named objects and object-groups.
 -- see #1942 "ASA NAT - if custom service is included in service
group incorrect config generated"
 -- see #1929 "move map named_objects inside class NamedObjectManager"
 -- see #1946 "restrict generation of the named objects by
PolicyCompiler_pix to ASA 8"
 -- see #1885 "named network and service objects in pix8"
 2011-01-16 23:02:49 -08:00
Vadim Kurland
e2c2725e6b see #1941 ASA NAT - compiler complains about range in original destination 2011-01-16 20:19:43 -08:00
Vadim Kurland
77690478f4 see #1940 ASA NAT - fwbuilder host objects interface ip is reserved keyword 2011-01-16 16:42:29 -08:00
Vadim Kurland
3e603c1375 see #1938 "icmp" commands were not properly generated for ASA 8.x policy rules 2011-01-16 16:09:29 -08:00
Vadim Kurland
f74713b2fa see #1927 added check to prohibit nat rule that translates destination but has ODst "any" 2011-01-16 15:12:17 -08:00
Vadim Kurland
86584b6aac fixes #1932 Add description field to generated NAT rules for ASA 2011-01-14 18:50:46 -08:00
Vadim Kurland
25b7da796e fixes #1934 and SF bug 3156376 "Can 
not find interface with network zone that includes address range"
 2011-01-14 18:41:50 -08:00
Vadim Kurland
99d0aba102 refs #1928 Support for object-group in OSrc 2011-01-13 19:05:58 -08:00