onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-21 10:47:16 +01:00
Code Issues Releases Wiki Activity
3,685 Commits 3 Branches 3 Tags
Commit Graph

110 Commits

Author SHA1 Message Date
Vadim Kurland
a58445ed16 see #1807, #2104 arrange interface configuration commands in the 
generated scritpt in such order that bridge and carp interfaces
are configured after all other interfaces are done.
 2011-02-16 14:42:06 -08:00
Vadim Kurland
9ae36f6632 see #2103 added checkbox to disable interface name validation checks and autoconfiguration of vlan interface IDs 2011-02-16 13:27:38 -08:00
Vadim Kurland
0df4ae9abd * ActionsDialog.cpp (setRule): see #1871 "PF Actions Tag and 
Classify can be terminating or non-terminating". Added checkbox to
the action properties dialog for actions Tag and Classify for PF
that lets the user choose if these actions should be terminating
or not. Old behavior (Tag was non-terminating and Classify was
terminating) is reflected in default settings of the checkboxes.
Terminating rules generate "pass quick" commands, while
non-terminating rules generate "pass" commands (no "quick" option).
 2011-02-15 14:20:27 -08:00
Vadim Kurland
bee424b3d0 fixes #2091 ethernet intrface options a used twice if the interface is a bridge port 2011-02-14 16:08:54 -08:00
Vadim Kurland
ec5bb2290d fixes #2092 parameter "stp" is now optional and is controlled by a checkbox in the interface settings dialog 2011-02-14 15:53:55 -08:00
Vadim Kurland
143594ddc7 see 2058 fixed mtu configuration commands generated for FreeBSD in shell script mode 2011-02-14 10:44:04 -08:00
Vadim Kurland
7de1edab4b see #1867 Since action Tag is non-terminating, rules with 
this action should not shadow other rules.
 2011-02-13 18:03:12 -08:00
Vadim Kurland
19b9b2482b see #2078 added verbose error 
message in a situation when "ifconfig carp0 create" command fails
to create CARP interface.
 2011-02-11 13:53:39 -08:00
Vadim Kurland
be38fc57ba see #2058 Ability to configure mtu and metric of regular inetrfaces 2011-02-11 13:00:40 -08:00
Vadim Kurland
c2b41c1f4b see #2071 vlandev missing in the vlan definition (when using rc.conf.local ) 2011-02-10 12:45:49 -08:00
Vadim Kurland
383d9e41d9 see #2069 PF: allow multiple objects in ODst of redirecting nat rule 2011-02-10 11:25:52 -08:00
Vadim Kurland
69896936ba see #2042 re-ran tests 2011-02-08 14:13:04 -08:00
Vadim Kurland
1460fef57f fixes #2042 add configlet and shell functions to manage bridge interfaces via shell script on OpenBSD and FreeBSD 2011-02-08 14:10:33 -08:00
Vadim Kurland
78bb5a5ba7 fixes #2054 add support for load anchor command 2011-02-08 11:22:39 -08:00
Vadim Kurland
d18427a9cc see #2048 PF compiler doesnt detect duplicate entries in Routing policy; added rule elements to catch and suppress duplicate routing commands 2011-02-07 17:06:42 -08:00
Vadim Kurland
b244b5ff4d fixes #2045 static route IDs used in rc.conf file must be stable 2011-02-07 15:17:36 -08:00
Vadim Kurland
bef9936ed5 making lists of interface configuration commands come out in a stable order, sorted by interface name; added test cases for vlan interfaces in shell and rc.conf formats; added vlan interfaces to cloned_interfaces line 2011-02-07 15:00:36 -08:00
Vadim Kurland
ba8c15e31d fixes #2040 rename functions in OSConfigurator_bsd 2011-02-06 15:09:44 -08:00
Vadim Kurland
242f0724c8 output ifconfig or update_addresses_of_interface lines in a stable order, sorted by interface name 2011-02-06 14:55:56 -08:00
Vadim Kurland
a28cdd359a see #1889, #2043 
Added support for bridge interface configuration in BSD.
 2011-02-06 13:10:46 -08:00
Vadim Kurland
9d2eb88522 fixes #2032 (added dhcp inetrfaces to generated rc.conf.local); see #2028 tested basic static routees on FreeBSD in both shell and rc.conf formats 2011-02-04 17:57:01 -08:00
Vadim Kurland
ceb6fc8865 fixes #2031 FreeBSD - firewall script command to delete existing routes fails 2011-02-04 16:32:08 -08:00
Vadim Kurland
e7083f157c fixes #2026 Compiler can now generate static routing configuration 
in rc.conf format for FreeBSD.
 2011-02-03 16:46:46 -08:00
Vadim Kurland
8fbb48b280 fixes #2021 since rc.conf format is only supported for FreeBSD, the option in the dialog should not be available for other OS 2011-02-03 16:06:13 -08:00
Vadim Kurland
8459b6e061 see #2023 refactoring determineOutputFileNames() 2011-02-03 15:44:24 -08:00
Vadim Kurland
3d88c4ce46 fixes #2019 Cluster name is not prepended to the name of generated pf.conf file 2011-02-03 09:52:37 -08:00
Vadim Kurland
39eaf40722 see #1888, #2020, #2018 rc.conf format of the init script for PF on FreeBSD, includes inetrfaes. addresses, CARP, pfsync and pf initialization 2011-02-02 17:45:36 -08:00
Vadim Kurland
78e177f759 see #1890 re-ran tests 2011-01-31 18:38:08 -08:00
Vadim Kurland
dd86fcc5e2 see #1890 "Add 
support for configuring static routes on BSD". Implemented support
for simple static routing rules. ECMP and routing via interface
(routing to directly reachable subnets) are not
supported. Generated script preserves static routing entries that
existed before and attempts to recover in case of error. Needs
testing.
 2011-01-31 18:29:20 -08:00
Vadim Kurland
d331ee7840 fixes #1966 IOSACL: object-group can get name that consists of only suffix 2011-01-24 18:28:48 -08:00
Vadim Kurland
02ce7747b6 test case for redirection rule for PF 2011-01-20 08:59:36 -08:00
Vadim Kurland
24ac2b56ac fixed #1905, #1879 2011-01-10 16:43:43 -08:00
Vadim Kurland
83646b91fa minor refactoring in NATCompiler::ExpandMultipleAddresses::processNext to include SDNAT rules; rerun tests 2011-01-07 13:27:37 -08:00
Vadim Kurland
00127aac9f fixes #1892 move rule processor class separateServiceObject to PolicyCompiler 2011-01-04 12:00:09 -08:00
Vadim Kurland
d3bfdcf0f7 removed {{$build}} from top_comment configlets since we do not have build number variable anymore 2011-01-03 13:23:17 -08:00
Vadim Kurland
abf2b3b2be checking in "golden" test files 2011-01-03 13:01:06 -08:00
Vadim Kurland
57cc064b14 removed obsolete files .cvsignore, added more patters to .gitignore 2010-10-29 14:15:22 -07:00
Vadim Kurland
9475e71877 need to escape file name and path if it has spaces 2010-10-07 01:14:01 +00:00
Vadim Kurland
8a4fb97afe upgraded test data files for 4.1 2010-07-20 23:45:05 +00:00
Vadim Kurland
e75d3ccdb0 minor updates in test data files after they were loaded in the latest version of the gui 2010-07-15 17:09:55 +00:00
Vadim Kurland
fdb388659d * NATCompiler_pf_writers.cpp (PrintRule::processNext): fixes #1401 
nat rules syntax has changed in OpenBSD 4.7. Nat and rdr rules in
4.7 should be implemented using action "match" and keywords
"nat-to" and "rdr-to"

* PolicyCompiler_pf_writers.cpp (PrintRule::_printAction):
fixes #1414: use "match" action for tagging. Policy rules
with action Tag should use pf action "match" instead of "pass"
if version is 4.6 or later.
 2010-04-23 04:10:59 +00:00
Vadim Kurland
da08afa8c1 * PolicyCompiler_pf.cpp (PolicyCompiler_pf::compile): fixed #1375 
Interface group is not expanded in "Interface" rule element by
compiler for PF
 2010-03-29 20:01:10 +00:00
Vadim Kurland
3aec315ac0 fixed #1360 "negation of cluster interfaces is broken" 2010-03-27 21:41:04 +00:00
Vadim Kurland
a6c0b0f1ee working on #1360 "negation of cluster interfaces is broken" 2010-03-27 20:39:20 +00:00
Vadim Kurland
b5a794d1f1 * platforms.cpp (isDefaultPolicyRuleOptions): fixed #1365 "missing 
some flags for the "non-default" rule options for PF"

* FWObjectPropertiesFactory.cpp (FWObjectPropertiesFactory::getPolicyRuleOptions):
fixed #1364 "add synproxy and other missing pf rule options to the
rule options tooltip"
 2010-03-27 17:25:05 +00:00
Vadim Kurland
816dac9402 fixed #1297 "change in scrub rules in PF 4.6". PF 4.6 stopped 
support for several reassemble options except for "reassemble tcp"
and changed format for the "scrub" rules.
 2010-03-05 02:05:28 +00:00
Vadim Kurland
a63382fe48 * NATCompiler_pf.cpp (NATCompiler_pf::assignInterfaceToNATRule): 
fixes #1240 nat rule should get "on interface" when cluster
interface is used in TSrc.
 2010-02-17 02:43:23 +00:00
Vadim Kurland
d6d0dd0e41 * OSConfigurator_bsd.cpp (OSConfigurator_bsd::configureInterfaces): 
New feature: generated script adds and removes CARP interfaces
incrementally. This means it is not going to run ifconfig command
to create carp interface if it is already there and will run
"ifconfig carp1 destroy" command if interface carp1 has been
removed in fwbuilder GUI to delete it on the firewall.
 2010-02-14 06:16:44 +00:00
Vadim Kurland
81ee822cd3 * OSConfigurator_bsd.cpp (OSConfigurator_bsd::configureInterfaces): 
New feature: incremental VLAN interface management for OpenBSD and
FreeBSD. When user adds or removes VLAN subinterface in fwbuilder
GUI, geenrated script executes appropriate ifconfig commands to
add or remove corresponding vlan pseudo-interface on the firewall
machine.
 2010-02-14 03:23:25 +00:00
Vadim Kurland
a0314a7d97 * src/pflib/PolicyCompiler_pf_writers.cpp (PrintRule::processNext): 
fixes #1210 "syntax error in PF rule - "modulate state" is
required".  Per bug reported in the mailing list (and according to
the pf.conf manual), pf.conf requires "keep state", "modulate
state" or "synproxy"if any of the stateful tracking options are
used in the rule. These include "max", "no-sync", "pflow",
"sloppy", "source-track" and others.
 2010-02-07 05:24:21 +00:00