onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-21 02:37:16 +01:00
Code Issues Releases Wiki Activity
3,618 Commits 3 Branches 3 Tags
Commit Graph

3618 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Vadim Kurland
e744ddf200 new build, minor text fix in ChangeLog 2011-01-18 19:42:41 -08:00
Vadim Kurland
701100b905 see #1942, #1943 fixed generation of the 
"object-group" statements by adding protocol keyword at the end so
that the group can be used in access-list commands.
 2011-01-18 19:36:01 -08:00
Vadim Kurland
15f8ba513c fixes #1956 rule processor NATCompiler_ipt::splitServices is redundant 2011-01-18 14:44:53 -08:00
Vadim Kurland
6eed5cc0bf renamed rule processor splitServices to groupServicesByProtocol and set it up so it can be extended by inheritance 2011-01-18 14:19:07 -08:00
Vadim Kurland
8acce19923 new build 2011-01-17 19:30:06 -08:00
Vadim Kurland
104a1bc287 using common rule processor separateSrcAndDstPort instead of the one specifically implemented only for iptables; Added Makefile to ipt test files in order to be able to run tests in parallel 2011-01-17 19:26:30 -08:00
Vadim Kurland
08003fceb6 fixes #1936 NATCompiler_ipt::separateSourcePorts could be redundant 2011-01-17 18:22:20 -08:00
Vadim Kurland
6e12d51dac fixes #1935 class separatePortRanges is defined twice 2011-01-17 18:11:16 -08:00
Vadim Kurland
1b7a761d27 see #1916 nat rule must be "static" when subnet is present in TSrc 2011-01-17 17:54:47 -08:00
Vadim Kurland
bbb36271a6 see #1942 fixed test cases 2011-01-17 17:46:26 -08:00
Vadim Kurland
b50e70bf92 see #1942 splitting rule to have only one custom service per rule, then getitng protocol word from the custom object 2011-01-17 17:34:14 -08:00
Vadim Kurland
568e222fa5 see #1942 refactored rule processors that deal with service so that they can be used by both policy and nat compilers 2011-01-17 17:12:35 -08:00
Vadim Kurland
5efb7ae3e5 new build 2011-01-17 14:43:13 -08:00
Vadim Kurland
ca475b24d7 fixes #1948 incorrect configuration created when a CustomService object is used in a policy rule for PIX/ASA v<8.3 2011-01-17 14:35:55 -08:00
Vadim Kurland
8a91ae3882 fixes #1945 object-group names include ever-growing suffix 2011-01-17 13:52:00 -08:00
Vadim Kurland
b6b548f88f see #1944 ASA Policy - duplicate network object groups created for mixed service group with TCP dst and TCP src port range objects; FIXED 2011-01-17 13:20:38 -08:00
Vadim Kurland
bfce60d98d see #1943 ASA Policy - mixed service group with TCP destination port range and standard TCP object generates invalid config; protocol word "tcp" was missing after "deny". Generated configuration still does not load! 2011-01-17 13:04:02 -08:00
Vadim Kurland
f104cb6a11 see #1949 ASA NAT - split objects if OSrc contains objects that are in more than one network zone 2011-01-17 12:12:54 -08:00
Vadim Kurland
800205df51 new build 3436 2011-01-16 23:09:07 -08:00
Vadim Kurland
139d5ce2de * NamedObjectsAndGroupsSupport.cpp (processNext): Added support for 
CustomService objects in policy and nat rules for asa 8.3 using
named objects and object-groups.
 -- see #1942 "ASA NAT - if custom service is included in service
group incorrect config generated"
 -- see #1929 "move map named_objects inside class NamedObjectManager"
 -- see #1946 "restrict generation of the named objects by
PolicyCompiler_pix to ASA 8"
 -- see #1885 "named network and service objects in pix8"
 2011-01-16 23:02:49 -08:00
Vadim Kurland
e2c2725e6b see #1941 ASA NAT - compiler complains about range in original destination 2011-01-16 20:19:43 -08:00
Vadim Kurland
5c01a0ec13 new build 2011-01-16 16:47:48 -08:00
Vadim Kurland
77690478f4 see #1940 ASA NAT - fwbuilder host objects interface ip is reserved keyword 2011-01-16 16:42:29 -08:00
Vadim Kurland
3e603c1375 see #1938 "icmp" commands were not properly generated for ASA 8.x policy rules 2011-01-16 16:09:29 -08:00
Vadim Kurland
f74713b2fa see #1927 added check to prohibit nat rule that translates destination but has ODst "any" 2011-01-16 15:12:17 -08:00
Vadim Kurland
f8904a9c3f Merge branch 'development' of ssh://git@vc.netcitadel.com:2222/var/git/fwbuilder into development 2011-01-14 21:55:04 -08:00
Vadim Kurland
b3a6d8553c new build number 2011-01-14 21:53:02 -08:00
Vadim
cd4da4fb52 fixed build on Mandriva 2011-01-14 21:46:18 -08:00
Vadim Kurland
acd509f7bc new build 2011-01-14 18:56:04 -08:00
Vadim Kurland
86584b6aac fixes #1932 Add description field to generated NAT rules for ASA 2011-01-14 18:50:46 -08:00
Vadim Kurland
25b7da796e fixes #1934 and SF bug 3156376 "Can 
not find interface with network zone that includes address range"
 2011-01-14 18:41:50 -08:00
Vadim Kurland
1932d3d02b new build 2011-01-13 19:14:13 -08:00
Vadim Kurland
99d0aba102 refs #1928 Support for object-group in OSrc 2011-01-13 19:05:58 -08:00
Vadim Kurland
0f99325869 test case, refs #1928 2011-01-13 18:03:54 -08:00
Vadim Kurland
a04135be61 fixes #1925 2011-01-13 18:03:32 -08:00
Vadim Kurland
0d522e04dc new build 2011-01-13 13:37:44 -08:00
Vadim Kurland
64772160ac fixes #1917 Duplicate objects are not detected 2011-01-13 13:29:58 -08:00
Vadim Kurland
2235a162a9 fixes #1924 renamed module ObjectGroupsSupport to NamedObjectsAndGroupsSupport 2011-01-13 13:09:56 -08:00
Vadim Kurland
b21bf113f8 fixes #1923 rename class ASA8Object to NamedObject 2011-01-13 13:03:52 -08:00
Vadim Kurland
63257170e8 refs #1885 using named objects and object groups when multiple objects are found in TSrc; this fixes issue with address ranges 2011-01-13 12:49:25 -08:00
Vadim Kurland
4ea6f24a03 fixed unreported bug: rule processor PolicyCompiler_cisco::removeRedundantAddresses removed both redundant objects in some cases, it depended on the order in which they appeared in the rule element 2011-01-13 12:46:08 -08:00
Vadim Kurland
c532ca3f89 refactoring in class CreateObjectGroups 2011-01-13 11:03:49 -08:00
Vadim Kurland
59a90aabb1 fixes #1921 add rule processor to check correctness of TSrc after object-groups have been created 2011-01-13 10:34:36 -08:00
Vadim Kurland
f684d791c6 refs #1919 Fixed: do not put interface objects inside object-group for TSrc 2011-01-13 10:11:30 -08:00
Vadim Kurland
ba66447d7d refs #1919 do not put interface objects inside object-group for TSrc 2011-01-12 19:21:22 -08:00
Vadim Kurland
26b019cce8 refs #1919 do not put interface objects inside object-group for TSrc 2011-01-12 18:47:30 -08:00
Vadim Kurland
353ba61b7d refs #1907 ASA NAT - fwbuilder doesnt support multiple translated sources in a single NAT rule 2011-01-12 17:46:11 -08:00
Vadim Kurland
e52b3b2db4 fixes #1913 added default log level 2011-01-12 16:27:00 -08:00
Vadim Kurland
c9d0505af1 fixes #1912 Compiler error for ASA 8+ firewalls that have multiple networks in Policy rule and no network matches network zone 2011-01-12 16:03:06 -08:00
Vadim Kurland
77ae2185f2 refs #1908 "ASA NAT - cannot configure static NAT translations with (inside,outside)". Added radio buttons 2011-01-12 15:03:57 -08:00