onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-18 17:27:20 +01:00
Code Issues Releases Wiki Activity
4,376 Commits 3 Branches 3 Tags
Commit Graph

4376 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Vadim Kurland
33259ebf81 see #2460 added test for the nat rule with multiple objects in TDst; looks like it works 2011-06-03 19:10:40 -07:00
Vadim Kurland
6a9fdbf3af NATCompiler_pf.cpp (_expand_addr): see #2455 NAT Compiler for PF 
should use "(interface)" syntax to the right of "->" in NAT rules.
This now works for all interfaces, including those that have ip
addresses in fwbuilder configuration, when interface object appears in
"Translated Source" in a nat rule. When firewall object appears in
"Translated Source", it gets replaced with a set of its interfaces
which also get translated into "-> (interface)".
 2011-06-03 18:59:44 -07:00
Vadim Kurland
15bab71f49 * NATCompiler_ipt.cpp (compile): see #2456 Added support for 
single object negation in "Inbound Interface" and "Outbound
Interface" columns in compiler for iptables.

* NATCompiler_pf.cpp (compile): see #2456 Added support for single
object negation in "Interface" rule element of PF NAT rules. Now
compiler can produce PF commands such as "nat on ! em0 ... " (for
PF <4.7) or "match on ! em0 ..." (for PF >= 4.7)

* Compiler.cpp (singleObjectNegation::processNext): moved rule
processor that processes single object negation in any rule
element to the base class Compiler.
 2011-06-03 17:54:14 -07:00
Vadim Kurland
22b812fd4a see #2438 fixed grammar to match 1024:65535 2011-06-03 08:57:21 -07:00
Vadim Kurland
3b130a090a realistic test file for scrub commands for PF v4.6 and newer 2011-06-02 22:15:29 -07:00
Vadim Kurland
02b51d5dae set version to 5.0.0 build 3547 2011-06-02 21:31:57 -07:00
Vadim Kurland
c9211157ff see #2463 implemented import of "scrub" commands in both old and new syntax 2011-06-02 19:02:09 -07:00
Vadim Kurland
a0da65ddc9 see #2464 implemented import of PF "set timeout", 
"set limit" and other "set" commands. Known limitations:

 - commands "set ruleset-optimization", "set loginterface",
   "set block-policy", "set state-defaults", "set require-order",
   "set fingerprints", "set reassemble", "set hostid" are not supported.
 2011-06-02 17:18:37 -07:00
Vadim Kurland
68a29785da see #2394 matching icmp types and codes by name explicitly to avoid conflicts where the same keyword (e.g. "skip") is used in different rules of the grammar; see #2464 added test case for "set timeout" commands 2011-06-02 16:13:23 -07:00
Vadim Kurland
b86900cc54 see #2464 implemented import of "set timeout" commands 2011-06-02 11:38:13 -07:00
Vadim Kurland
d825133481 removing failed attempt to parse ifconfig output 2011-06-02 10:33:40 -07:00
Vadim Kurland
58eb1a865e see #2394 using InterfaceProperties class to guess where WORD is an interface name or host name; Lexer generates IPV6 token for "1000:1010" port range configuration, could not find a way to fix this in the lexer so using this token to parse port ranges in the parser; added unit test for host "from" and "to" matches, including interface name and host name matches 2011-06-01 23:44:53 -07:00
Vadim Kurland
b9dfdd5d2c split ifconfig.g to keep linux and bsd grammars separate 2011-06-01 16:55:52 -07:00
Vadim Kurland
d1f83311f1 see #2461 parser and importer for ifconfig output. Linux ifconfig import works, BSD ifconfig import does not 2011-05-31 23:04:57 -07:00
Vadim Kurland
52ea731f92 refactored useful classes AddressSpec, PortSpec, InterfaceSpec, IcmpSpec and RouteSpec to separate modules so they can be used with other installers 2011-05-31 16:31:05 -07:00
Vadim Kurland
564500768e see #2458, #2459 import of "rdr", "no nat", "no rdr" rules 2011-05-31 12:55:55 -07:00
Vadim Kurland
fd7c3601ba see #2449 unit test for nat rules 2011-05-30 22:03:35 -07:00
Vadim Kurland
f9f78fe7bd using "port 1000:*" in PF nat commands 2011-05-30 21:59:40 -07:00
Vadim Kurland
2f3f509dfe see #2449 better error message for "source-hash" with options 2011-05-30 21:58:06 -07:00
Vadim Kurland
1ed2581dd1 see #2449 import of "nat" rules. First implementation. Restrictions are listed in ChangeLog 2011-05-30 21:49:46 -07:00
Vadim Kurland
3a6c3dfa09 fixed unit tests ; fixed import of port ranges 2011-05-29 23:41:02 -07:00
Vadim Kurland
ee6723a05d fixes #2429 fixed common error message shown when importer could not create firewall object 2011-05-29 21:49:18 -07:00
Vadim Kurland
2f075efd81 added unit test files 2011-05-29 21:48:51 -07:00
Vadim Kurland
5da32dfb2c added unit tests skeleton for PF import; fixed warning that appeared at the end of import, saying no rules have been created 2011-05-29 21:39:44 -07:00
Vadim Kurland
77560a735b see #2446 fixed deduplication of address table objects 2011-05-29 14:33:21 -07:00
Vadim Kurland
ba53d7b8f5 see #2447 implemented import of parameters for action "block" 2011-05-29 13:38:36 -07:00
Vadim Kurland
3a88a0cbc5 user-specified parameter for action Reject takes precedence over automatically determined action based on the protocol. If user chooses one of the icmp responses, it should be used even with tcp (we used to force return-rst in that case) 2011-05-29 13:36:55 -07:00
Vadim Kurland
aac598f1cc see #2445 fixed import of tcp/udp ports defined by names; still need to test all possible names to make sure mappings work 2011-05-28 09:27:27 -07:00
Vadim Kurland
a3a07b4b42 see #2394 documenting import limitations in ChangeLog 2011-05-27 14:50:28 -07:00
Vadim Kurland
ef3102aa6a added .gitignore for PF import tests 2011-05-27 14:45:08 -07:00
Vadim Kurland
83fc99f076 see #2435 tcp flags parsing 2011-05-27 14:35:37 -07:00
Vadim Kurland
8082f602b3 see #2436 fixed handling of the synproxy state option, minor tweaks to the grammar 2011-05-27 12:37:44 -07:00
Vadim Kurland
afdc3707de fixes #2442 pre-processor removed the very last "\n" from the input stream which broke parser 2011-05-27 12:35:33 -07:00
Vadim Kurland
adde1d534c see #2436 setting stateless/stateful rule option depending on combination of the "state" keyword and user-chosen version 2011-05-27 12:20:30 -07:00
Vadim Kurland
3b229be520 see #2436, #2435 added GUI controls to let user choose host OS and version as part of the PF import process. Using this information to configure firewall object 2011-05-27 11:38:29 -07:00
Vadim Kurland
765060c29c see #2403 added test case file; fixed import of icmp services, added test case file; other fixes 2011-05-26 22:30:07 -07:00
Vadim Kurland
e89cc24466 see #2403 added ability to import clause en0:network; stubbed import of en0:broadcast 2011-05-26 21:29:12 -07:00
Vadim Kurland
68bc1ec263 see #2394 populating policy rules with services 2011-05-26 18:45:05 -07:00
Vadim Kurland
cc7fb3c1b0 fixing typo 2011-05-26 14:42:18 -07:00
Vadim Kurland
a814b38c0f Merge branch 'pf_import' into development 2011-05-26 14:29:45 -07:00
Vadim Kurland
ca77bbb51c re-ran tests for iptables 2011-05-26 14:29:14 -07:00
Vadim Kurland
a544492ced see #2434 "PF compiler should use 'self' keyword where 
appropriate". Compiler for PF now uses keyword 'self' in rules
where firewall object is used in Source or Destination.
 2011-05-26 14:13:26 -07:00
Vadim Kurland
29bf29f892 see #2394 grammar clean-up; creating policy rules in the right ruleset and renumbering rule set in the end 2011-05-26 12:06:50 -07:00
Vadim Kurland
e10ab65393 see #2394 creating policy rules with src and dst populated; parsing and creating address tables and groups of addresses 2011-05-25 23:57:27 -07:00
Vadim Kurland
ea9c28fda1 See #2394 grammar can parse most of the sample pf.conf files, including important ones 2011-05-25 18:57:44 -07:00
Theron Tock
b6f2d7d921 Merge branch 'development' of ssh://ncgit/var/git/fwbuilder into development 
Conflicts:
	src/libfwbuilder/src/fwbuilder/fwbuilder.pro
 2011-05-25 15:05:56 -07:00
Theron Tock
52c0bce5d2 Remove ^Ms from file 2011-05-25 15:01:22 -07:00
Vadim Kurland
439f8240ba see #2394 checking pf.conf file before import to determine if it is designed in the style not using keyword "quick". We can not import config like that 2011-05-24 23:01:41 -07:00
Vadim Kurland
db8ae42ad1 grammar matches port ranges; better grammar for ipv6 2011-05-23 19:03:49 -07:00
Vadim Kurland
12abcf9533 minimal grammar to match "from" and "to", both addresses and ports 2011-05-22 23:17:05 -07:00