selecting New Firewall and existing firewall has interface that is
locked". Fixed GUI crash that happened on some operations if an
object in the tree was locked. For example, if the user locked an
interface of one of the firewall objects that then proceeded to
create new firewall object, the GUI would crash. The problem was
not limited to locking specifically interface objects.
When branching rule points to a rule set that has rules with Tag and
Classify options, branching should occur in mangle table even when
checkbox "create branch in mangle table" is not checked. The fix in
this change is tentative as it creates branch in chains PREROUTING,
POSTROUTING and OUTPUT. Since target CLASSIFY is only allowed in
POSTROUTING, this may create conflict. Need to test more.
type: network object that automatically matches subnets an
interface is attached to. The object can be a child of an
interface. The object is optional and is not created automatically
for all interfaces; user can add it using context menu associated
with an interface. Dialog for this object allows editing of the
name and comment. List of network addresses represented by this
object is always generated automatically. Compiler for PF
translates this object to "en0:network" construct that is
supported by PF. Compiler for iptables expands it to the list of
ipv4 and ipv6 networks defined by the addresses of the parent
interface if interface has static addresses. If interface is
confgiured as "dynamic" and has no address in fwbuilder, then
compiler treats AttachedNetworks object as run-time and uses shell
function to determine network addresses during activation of the
firewall script. Compilers for other firewall platforms always
treat this object as compile-time and abort if it is used with
dynamic interface.
should be done in PREROUTING so it can be acted on later". If a
rule has both tagging and classification options, the rule should
be split so that iptables command doing tagging goes in PREROUTING
and rule doing classification goes into POSTROUTING chain.
;
change in other directories the dependent files don't get recompiled.
Fixed up INCLUDEPATH in various places.
Removed -pthread as an INCLUDEPATH (leads to bogus -I-pthread).
