onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-19 17:57:22 +01:00
Code Issues Releases Wiki Activity
4,053 Commits 3 Branches 3 Tags
Commit Graph

1191 Commits

Author SHA1 Message Date
Vadim Kurland
7d3b11796d see #1976 disable "Paste" context menu items when object in the clipboard has been deleted 2011-01-22 19:38:40 -08:00
Vadim Kurland
555e9425eb see #1968, #1972 object group deduplication finally works 2011-01-22 10:18:19 -08:00
Vadim Kurland
12d93a54c0 fixes #1963 move printing of object-group definitions to 
NamedObjectManager::getNamedObjectsDefinitions(); also refactoring of the code that generates "clear" commands
 2011-01-20 17:25:09 -08:00
Vadim Kurland
34630953cc see #1959 ASA Policy - ranges are broken into composite network instead of using range command. I now create named objects to represent address ranges and put them into object-group, whcih I can then use in access-list commands 2011-01-20 14:34:00 -08:00
Vadim Kurland
7058a72f3e see #1965 ASA Policy - PIX 6.1 configurations use object groups 2011-01-20 10:10:10 -08:00
Vadim Kurland
ea2caa4413 see #1951 simplify object-group names 2011-01-20 09:54:08 -08:00
Vadim Kurland
c34a758430 see #1959 ASA Policy - ranges are broken into composite network instead of using range command 2011-01-19 20:27:47 -08:00
Vadim Kurland
ca4c132e2b see #1954 "ASA NAT - generate warning if nat rule is split and one of the resulting nat rules have the same real interface and mapped interface". 2011-01-19 18:26:08 -08:00
Vadim Kurland
e20321fc74 see #1953 "ASA NAT - two host 
objects in the same rule result in incorrect config".
 2011-01-19 14:19:00 -08:00
Vadim Kurland
340c659677 see #1960 add support for CustomService for PIX policy rules 2011-01-19 11:59:53 -08:00
Vadim Kurland
e744ddf200 new build, minor text fix in ChangeLog 2011-01-18 19:42:41 -08:00
Vadim Kurland
701100b905 see #1942, #1943 fixed generation of the 
"object-group" statements by adding protocol keyword at the end so
that the group can be used in access-list commands.
 2011-01-18 19:36:01 -08:00
Vadim Kurland
1b7a761d27 see #1916 nat rule must be "static" when subnet is present in TSrc 2011-01-17 17:54:47 -08:00
Vadim Kurland
b50e70bf92 see #1942 splitting rule to have only one custom service per rule, then getitng protocol word from the custom object 2011-01-17 17:34:14 -08:00
Vadim Kurland
ca475b24d7 fixes #1948 incorrect configuration created when a CustomService object is used in a policy rule for PIX/ASA v<8.3 2011-01-17 14:35:55 -08:00
Vadim Kurland
8a91ae3882 fixes #1945 object-group names include ever-growing suffix 2011-01-17 13:52:00 -08:00
Vadim Kurland
b6b548f88f see #1944 ASA Policy - duplicate network object groups created for mixed service group with TCP dst and TCP src port range objects; FIXED 2011-01-17 13:20:38 -08:00
Vadim Kurland
bfce60d98d see #1943 ASA Policy - mixed service group with TCP destination port range and standard TCP object generates invalid config; protocol word "tcp" was missing after "deny". Generated configuration still does not load! 2011-01-17 13:04:02 -08:00
Vadim Kurland
f104cb6a11 see #1949 ASA NAT - split objects if OSrc contains objects that are in more than one network zone 2011-01-17 12:12:54 -08:00
Vadim Kurland
139d5ce2de * NamedObjectsAndGroupsSupport.cpp (processNext): Added support for 
CustomService objects in policy and nat rules for asa 8.3 using
named objects and object-groups.
 -- see #1942 "ASA NAT - if custom service is included in service
group incorrect config generated"
 -- see #1929 "move map named_objects inside class NamedObjectManager"
 -- see #1946 "restrict generation of the named objects by
PolicyCompiler_pix to ASA 8"
 -- see #1885 "named network and service objects in pix8"
 2011-01-16 23:02:49 -08:00
Vadim Kurland
e2c2725e6b see #1941 ASA NAT - compiler complains about range in original destination 2011-01-16 20:19:43 -08:00
Vadim Kurland
77690478f4 see #1940 ASA NAT - fwbuilder host objects interface ip is reserved keyword 2011-01-16 16:42:29 -08:00
Vadim Kurland
3e603c1375 see #1938 "icmp" commands were not properly generated for ASA 8.x policy rules 2011-01-16 16:09:29 -08:00
Vadim Kurland
f74713b2fa see #1927 added check to prohibit nat rule that translates destination but has ODst "any" 2011-01-16 15:12:17 -08:00
Vadim Kurland
86584b6aac fixes #1932 Add description field to generated NAT rules for ASA 2011-01-14 18:50:46 -08:00
Vadim Kurland
25b7da796e fixes #1934 and SF bug 3156376 "Can 
not find interface with network zone that includes address range"
 2011-01-14 18:41:50 -08:00
Vadim Kurland
99d0aba102 refs #1928 Support for object-group in OSrc 2011-01-13 19:05:58 -08:00
Vadim Kurland
64772160ac fixes #1917 Duplicate objects are not detected 2011-01-13 13:29:58 -08:00
Vadim Kurland
63257170e8 refs #1885 using named objects and object groups when multiple objects are found in TSrc; this fixes issue with address ranges 2011-01-13 12:49:25 -08:00
Vadim Kurland
353ba61b7d refs #1907 ASA NAT - fwbuilder doesnt support multiple translated sources in a single NAT rule 2011-01-12 17:46:11 -08:00
Vadim Kurland
e52b3b2db4 fixes #1913 added default log level 2011-01-12 16:27:00 -08:00
Vadim Kurland
77ae2185f2 refs #1908 "ASA NAT - cannot configure static NAT translations with (inside,outside)". Added radio buttons 2011-01-12 15:03:57 -08:00
Vadim Kurland
c6abdb0fc6 refs #1908 : added nat rule option to force the rule to be "static"; new build number 2011-01-11 18:32:54 -08:00
Vadim Kurland
d4f9c04aeb refs #1902 Add NAT rule option "translate dns" for PIX 2011-01-11 10:55:53 -08:00
Vadim Kurland
8c7c07cfb9 fixes #1909 2011-01-11 09:44:13 -08:00
Vadim Kurland
e17c19a0a3 fixed #1862 "fwb_pix crash". 2011-01-10 17:32:57 -08:00
Vadim Kurland
5bd095a95c fixed #1906 ASA NAT - Address objects are not properly identified by network zone and have the wrong real interface 2011-01-10 17:17:47 -08:00
Vadim Kurland
24ac2b56ac fixed #1905, #1879 2011-01-10 16:43:43 -08:00
Vadim Kurland
df810d9d27 * NATCompiler_pix.cpp (NATCompiler_pix): fixes #1901 "add 
destructor to NATCompiler_pix and NATCompiler_asa8". This
eliminates memory leak.
 2011-01-07 17:01:23 -08:00
Vadim Kurland
5313a94c86 * ASA8Object.cpp (ASA8Object): refs #1885 "named network and 
service objects in pix8". So far, these objects are only used
for nat configuration.

* NATCompiler_asa8_writers.cpp (processNext): fixes #1903 "correct
order of clear commands for ASA 8.3"

* NATCompiler_asa8_writers.cpp (printSDNAT): refs #1886 "new nat
configuration in pix 8.3". Initial support for new style nat
configuation.
 2011-01-07 16:29:09 -08:00
Vadim Kurland
b20a7843a6 refs #1883, #1893 FWSM 4.x does not have fixup command, we should use policy-map and class commands. 2011-01-04 19:08:19 -08:00
Vadim Kurland
3104b38b60 refs #1893 fixes #1883 "inspect ip options in pix8". Added support for 
"policy-map type inspect ip-options" command in PIX v8.2 and later.
At this time, of all possible types of "policy-map type inspect"
command only "ip-options" is implemented.
 2011-01-04 17:06:25 -08:00
Vadim Kurland
b9a9d7a2c9 refs #1893 fixes #1882 "inspect ip options in pix8". Added support for 
"policy-map type inspect ip-options" command in PIX v8.2 and later.
At this time, of all possible types of "policy-map type inspect"
command only "ip-options" is implemented.
 2011-01-04 17:05:43 -08:00
Vadim Kurland
8fb64f10eb added changelog records 2011-01-04 12:20:09 -08:00
Vadim Kurland
18377b1ff2 refs #1876 build number is now part of the long version number 2010-12-29 12:00:15 -08:00
Vadim Kurland
3d0d4da23a * ActionsDialog.cpp (fillInterfaces): fixed #1872: "vlan interface 
does not appear in the list of interfaces for route-to action for
	PF".
 2010-12-16 19:10:13 -08:00
Vadim Kurland
65228cb91d started 4.1.4 2010-12-12 17:54:29 -08:00
Vadim Kurland
6936d08d64 updated Changelog 2010-12-05 16:29:02 -08:00
Vadim Kurland
938757373b added changelog entries 2010-12-02 11:38:58 -08:00
Vadim Kurland
450f6e5224 fixed #1851 "no need to check for modprobe when host OS is "dd-wrt" 
and possibly other embedded Linux systems". Generated script does not
use modprobe utility when host OS is set to "DD-WRT" or "OpenWRT" and
should not try to find this utility on the system. This is also
related to the SourceForge bug 3032293
 2010-11-16 21:08:06 -08:00