onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-21 10:47:16 +01:00
Code Issues Releases Wiki Activity
4,162 Commits 3 Branches 3 Tags
Commit Graph

140 Commits

Author SHA1 Message Date
Vadim Kurland
1199fd926a see #2405 "Tag and classify actions dont work properly with branches". 
When branching rule points to a rule set that has rules with Tag and
Classify options, branching should occur in mangle table even when
checkbox "create branch in mangle table" is not checked. The fix in
this change is tentative as it creates branch in chains PREROUTING,
POSTROUTING and OUTPUT. Since target CLASSIFY is only allowed in
POSTROUTING, this may create conflict. Need to test more.
 2011-05-14 15:46:23 -07:00
Vadim Kurland
7ef3e583e5 see #2367 added test cases for options tag, classify and route and combinations - test object firewall111 2011-05-10 14:57:12 -07:00
Vadim Kurland
61929176e1 see #2367 no need to split iptables rules with option route because it is terminating by default; checking platform in xslt transformation to dtd21 to correctly set action 2011-05-06 18:11:52 -07:00
Vadim Kurland
7f2dbe58e9 See #2367 upgraded all test files to the latest dtd v21 2011-05-06 16:07:55 -07:00
Vadim Kurland
1c5fbb98a5 fixed xslt script dtd20 -> dtd21 to handle pf_classify_terminating properly 2011-05-06 15:10:48 -07:00
Vadim Kurland
8773642198 see #2367 merge from development 2011-05-05 19:16:47 -07:00
Vadim Kurland
e24a73a560 see #2385 "PF action Classify uses 
wrong parameter". This change fixes a bug introduced in 4.2.0
that affects rules with action Classify in PF firewalls.
 2011-05-05 18:50:32 -07:00
Vadim Kurland
7232a2195b see #2385 bumped XML DTD version to 21 to make room for the transformation to fix bug #2385. That will be done in branch development 2011-05-05 12:01:18 -07:00
Vadim Kurland
c096684c20 see #2367 merged latest changes from development branch; this merged transformation for v18->v19 XML file upgrades; upgraded test files for PF 2011-05-04 16:44:08 -07:00
Vadim Kurland
9ba2dc42ee * RoutingCompiler_ipt.cpp (compile): see #2359 "Crash when 
compiling single rule with IPv6 destination and IPv4 gateway or
interface". Routing compiler for iptables does not support ipv6 at
this time and will issue a warning when user tries to place ipv6
address or network in a routing rule. The warning does not appear
when ipv6 address is a member of a group used in the rule. Also
see #1575.
 2011-04-19 14:18:33 -07:00
Vadim Kurland
0aa3eac4d4 * Compiler.cpp (expandGroupsInRuleElement): sorting objects in the 
rule element by name after group is expanded, this helps ensure
stable ordering of objects in generated configuration.

* Compiler.cpp (replaceClusterInterfaceInItfRE::processNext):
sorting objects in rule element after cluster interfaces have been
replaced, this helps ensure stable ordering of objects in generated
configuration.

* FWObject.h (FWObjectNameCmpPredicate): moved this class from
gui-specific module to libfwbuilder as it is universally useful.
It can compare FWObject objects by name and can optionally can
follow references; it can be used with std::sort() to sort lists
of FWObject pointers or directly sort rule elements.
 2011-03-12 19:50:24 -08:00
Vadim Kurland
fd5eb7d8ce see #2220 AutomaticRules classes for ipt and pf 2011-03-12 15:52:09 -08:00
Vadim Kurland
fcd7c7920b re-ran tests for pix 2011-03-12 15:13:57 -08:00
Vadim Kurland
db9584cab5 fixes #2214 2011-03-11 10:40:40 -08:00
Vadim Kurland
7986214d4d re-ran pf tests and updated files 2011-03-10 21:09:54 -08:00
Vadim Kurland
56f81407f1 fixes #2124 some error messages get multiplied when compiler splits rules 2011-02-20 21:32:58 -08:00
Vadim Kurland
2b342aa67d see #2057 detection of loops in branching rules ; see #2124 some error messages appeared multiple times in generated script 2011-02-20 20:12:18 -08:00
Vadim Kurland
344010c873 see #1920 Setting host interface to unnumbered after it has been assigned IP address doesnt have desired effect 2011-02-20 18:11:16 -08:00
Vadim Kurland
6f5f1ac075 fixes #153 Deprecate Rule::getInterfaceStr() fixes #2123 deprecate rule processor convertInterfaceIdToStr 2011-02-20 17:27:24 -08:00
Vadim Kurland
aea53d35eb see #2116 "When CARP interface IP address cant be assigned error or warning should appear". Script should abort if command trying to add an ip address to an interface fails 2011-02-19 15:33:30 -08:00
Vadim Kurland
a8b65e6506 getting rid of sprintf where I can 2011-02-18 22:09:50 -08:00
Vadim Kurland
66681b9695 see #153 #133 got rid of getInterfaceStr and getInterfaceId in policy and nat compilers for PF 2011-02-18 18:54:21 -08:00
Vadim Kurland
faece9e40c see #2097 more test cases with negation and vlan interfaces 2011-02-17 18:39:17 -08:00
Vadim Kurland
581ccdc68e see #2097 #133 additional test cases 2011-02-17 18:01:45 -08:00
Vadim Kurland
5162212073 see #2097 #133 : no need to replace cluster interfaces with member interfaces in NATCompiler_pf::AssignInterface::processNext() since it was already done in replaceClusterInterfaceInItfOutb 2011-02-17 15:36:28 -08:00
Vadim Kurland
100dca74bb * NATCompiler_pf.cpp (processNext): see #133. MErged code from the 
branch, running tests. Making sure rules that have firewall
object in ODst and interface columnblank end up with rdr command
without "on interface" clause as before.
 2011-02-17 11:50:14 -08:00
Vadim Kurland
8b158c0a74 * OSConfigurator_bsd_interfaces.cpp (configureInterfaces): make 
sure we print "ifconfig" commands for mtu and other parameters for
all interfaces, including those with no ip addresses and bridge
ports (unnumbered interfaces used to be skipped before)
 2011-02-16 16:23:54 -08:00
Vadim Kurland
8de52b3f06 fixes #2093 build failed because function QStringList::removeDuplicates() is only available in Qt 4.5 2011-02-16 15:49:02 -08:00
Vadim Kurland
1f8363c84e * configlets/bsd/update_vlans: see #2105: generated script now 
supports vlan interfaces with names that do not match vlan IDs
(OpenBSD, FreeBSD, shell script format).
 2011-02-16 15:22:47 -08:00
Vadim Kurland
f4858bfc83 fixes #2106 avoid adding pfsync_enable line if it is not needed in rc.conf format 2011-02-16 14:47:10 -08:00
Vadim Kurland
a58445ed16 see #1807, #2104 arrange interface configuration commands in the 
generated scritpt in such order that bridge and carp interfaces
are configured after all other interfaces are done.
 2011-02-16 14:42:06 -08:00
Vadim Kurland
9ae36f6632 see #2103 added checkbox to disable interface name validation checks and autoconfiguration of vlan interface IDs 2011-02-16 13:27:38 -08:00
Vadim Kurland
0df4ae9abd * ActionsDialog.cpp (setRule): see #1871 "PF Actions Tag and 
Classify can be terminating or non-terminating". Added checkbox to
the action properties dialog for actions Tag and Classify for PF
that lets the user choose if these actions should be terminating
or not. Old behavior (Tag was non-terminating and Classify was
terminating) is reflected in default settings of the checkboxes.
Terminating rules generate "pass quick" commands, while
non-terminating rules generate "pass" commands (no "quick" option).
 2011-02-15 14:20:27 -08:00
Vadim Kurland
bee424b3d0 fixes #2091 ethernet intrface options a used twice if the interface is a bridge port 2011-02-14 16:08:54 -08:00
Vadim Kurland
ec5bb2290d fixes #2092 parameter "stp" is now optional and is controlled by a checkbox in the interface settings dialog 2011-02-14 15:53:55 -08:00
Vadim Kurland
143594ddc7 see 2058 fixed mtu configuration commands generated for FreeBSD in shell script mode 2011-02-14 10:44:04 -08:00
Vadim Kurland
7de1edab4b see #1867 Since action Tag is non-terminating, rules with 
this action should not shadow other rules.
 2011-02-13 18:03:12 -08:00
Vadim Kurland
19b9b2482b see #2078 added verbose error 
message in a situation when "ifconfig carp0 create" command fails
to create CARP interface.
 2011-02-11 13:53:39 -08:00
Vadim Kurland
be38fc57ba see #2058 Ability to configure mtu and metric of regular inetrfaces 2011-02-11 13:00:40 -08:00
Vadim Kurland
c2b41c1f4b see #2071 vlandev missing in the vlan definition (when using rc.conf.local ) 2011-02-10 12:45:49 -08:00
Vadim Kurland
383d9e41d9 see #2069 PF: allow multiple objects in ODst of redirecting nat rule 2011-02-10 11:25:52 -08:00
Vadim Kurland
69896936ba see #2042 re-ran tests 2011-02-08 14:13:04 -08:00
Vadim Kurland
1460fef57f fixes #2042 add configlet and shell functions to manage bridge interfaces via shell script on OpenBSD and FreeBSD 2011-02-08 14:10:33 -08:00
Vadim Kurland
78bb5a5ba7 fixes #2054 add support for load anchor command 2011-02-08 11:22:39 -08:00
Vadim Kurland
d18427a9cc see #2048 PF compiler doesnt detect duplicate entries in Routing policy; added rule elements to catch and suppress duplicate routing commands 2011-02-07 17:06:42 -08:00
Vadim Kurland
b244b5ff4d fixes #2045 static route IDs used in rc.conf file must be stable 2011-02-07 15:17:36 -08:00
Vadim Kurland
bef9936ed5 making lists of interface configuration commands come out in a stable order, sorted by interface name; added test cases for vlan interfaces in shell and rc.conf formats; added vlan interfaces to cloned_interfaces line 2011-02-07 15:00:36 -08:00
Vadim Kurland
ba8c15e31d fixes #2040 rename functions in OSConfigurator_bsd 2011-02-06 15:09:44 -08:00
Vadim Kurland
242f0724c8 output ifconfig or update_addresses_of_interface lines in a stable order, sorted by interface name 2011-02-06 14:55:56 -08:00
Vadim Kurland
a28cdd359a see #1889, #2043 
Added support for bridge interface configuration in BSD.
 2011-02-06 13:10:46 -08:00