onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-21 02:37:16 +01:00
Code Issues Releases Wiki Activity
4,375 Commits 3 Branches 3 Tags
Commit Graph

66 Commits

Author SHA1 Message Date
Vadim Kurland
510e6897dd upgraded test files 2011-06-22 15:28:48 -07:00
Vadim Kurland
7f2dbe58e9 See #2367 upgraded all test files to the latest dtd v21 2011-05-06 16:07:55 -07:00
Vadim Kurland
e24a73a560 see #2385 "PF action Classify uses 
wrong parameter". This change fixes a bug introduced in 4.2.0
that affects rules with action Classify in PF firewalls.
 2011-05-05 18:50:32 -07:00
Vadim Kurland
db80629918 see #2264 added test case for the "short" script format 2011-04-15 12:49:07 -07:00
Vadim Kurland
0a50274c28 see #2295 added FWSM version 3.2 2011-04-14 16:34:38 -07:00
Vadim Kurland
3c0554c003 * PolicyCompiler_pix.cpp (printClearCommands): see #2322 If this 
is FWSM and if manual commit mode is used, need to commit after
clearing ACLs before we clear object groups.
 2011-04-14 11:47:05 -07:00
Vadim Kurland
126b561e32 * PolicyCompiler_cisco.cpp (processNext): see #2308 "ASA rules 
with service set to "http" and destination set to asa firewall
object should generate different command syntax". Policy rules
that have firewall object in Destination and http object in
Service now generate "http" commands. This is similar to how
fwbuilder generates "ssh", "telnet" and "icmp" commands to permit
corresponding services to the firewall itself.
 2011-04-08 18:08:56 -07:00
Vadim Kurland
37ab989922 see #1877 added test case for this 2011-02-20 17:45:46 -08:00
Vadim Kurland
4136d63957 see #2098 support for interfaces in PIX/ASA NAT rules; see #153 deprecating Rule::getInterfaceStr() 2011-02-19 19:13:01 -08:00
Vadim Kurland
ccbe413c22 upgraded regression tests data fles 2011-02-19 16:29:43 -08:00
Vadim Kurland
34630953cc see #1959 ASA Policy - ranges are broken into composite network instead of using range command. I now create named objects to represent address ranges and put them into object-group, whcih I can then use in access-list commands 2011-01-20 14:34:00 -08:00
Vadim Kurland
c34a758430 see #1959 ASA Policy - ranges are broken into composite network instead of using range command 2011-01-19 20:27:47 -08:00
Vadim Kurland
340c659677 see #1960 add support for CustomService for PIX policy rules 2011-01-19 11:59:53 -08:00
Vadim Kurland
701100b905 see #1942, #1943 fixed generation of the 
"object-group" statements by adding protocol keyword at the end so
that the group can be used in access-list commands.
 2011-01-18 19:36:01 -08:00
Vadim Kurland
1b7a761d27 see #1916 nat rule must be "static" when subnet is present in TSrc 2011-01-17 17:54:47 -08:00
Vadim Kurland
bbb36271a6 see #1942 fixed test cases 2011-01-17 17:46:26 -08:00
Vadim Kurland
ca475b24d7 fixes #1948 incorrect configuration created when a CustomService object is used in a policy rule for PIX/ASA v<8.3 2011-01-17 14:35:55 -08:00
Vadim Kurland
f104cb6a11 see #1949 ASA NAT - split objects if OSrc contains objects that are in more than one network zone 2011-01-17 12:12:54 -08:00
Vadim Kurland
139d5ce2de * NamedObjectsAndGroupsSupport.cpp (processNext): Added support for 
CustomService objects in policy and nat rules for asa 8.3 using
named objects and object-groups.
 -- see #1942 "ASA NAT - if custom service is included in service
group incorrect config generated"
 -- see #1929 "move map named_objects inside class NamedObjectManager"
 -- see #1946 "restrict generation of the named objects by
PolicyCompiler_pix to ASA 8"
 -- see #1885 "named network and service objects in pix8"
 2011-01-16 23:02:49 -08:00
Vadim Kurland
e2c2725e6b see #1941 ASA NAT - compiler complains about range in original destination 2011-01-16 20:19:43 -08:00
Vadim Kurland
3e603c1375 see #1938 "icmp" commands were not properly generated for ASA 8.x policy rules 2011-01-16 16:09:29 -08:00
Vadim Kurland
f74713b2fa see #1927 added check to prohibit nat rule that translates destination but has ODst "any" 2011-01-16 15:12:17 -08:00
Vadim Kurland
0f99325869 test case, refs #1928 2011-01-13 18:03:54 -08:00
Vadim Kurland
64772160ac fixes #1917 Duplicate objects are not detected 2011-01-13 13:29:58 -08:00
Vadim Kurland
63257170e8 refs #1885 using named objects and object groups when multiple objects are found in TSrc; this fixes issue with address ranges 2011-01-13 12:49:25 -08:00
Vadim Kurland
59a90aabb1 fixes #1921 add rule processor to check correctness of TSrc after object-groups have been created 2011-01-13 10:34:36 -08:00
Vadim Kurland
ba66447d7d refs #1919 do not put interface objects inside object-group for TSrc 2011-01-12 19:21:22 -08:00
Vadim Kurland
353ba61b7d refs #1907 ASA NAT - fwbuilder doesnt support multiple translated sources in a single NAT rule 2011-01-12 17:46:11 -08:00
Vadim Kurland
c9d0505af1 fixes #1912 Compiler error for ASA 8+ firewalls that have multiple networks in Policy rule and no network matches network zone 2011-01-12 16:03:06 -08:00
Vadim Kurland
77ae2185f2 refs #1908 "ASA NAT - cannot configure static NAT translations with (inside,outside)". Added radio buttons 2011-01-12 15:03:57 -08:00
Vadim Kurland
57666a2c09 refs #1912 added test case 2011-01-12 09:03:49 -08:00
Vadim Kurland
c6abdb0fc6 refs #1908 : added nat rule option to force the rule to be "static"; new build number 2011-01-11 18:32:54 -08:00
Vadim Kurland
d4f9c04aeb refs #1902 Add NAT rule option "translate dns" for PIX 2011-01-11 10:55:53 -08:00
Vadim Kurland
ff6f43b3e6 refs #1907 split converting to atomic rules in orer to be able to control it better 2011-01-11 10:27:10 -08:00
Vadim Kurland
8c7c07cfb9 fixes #1909 2011-01-11 09:44:13 -08:00
Vadim Kurland
e17c19a0a3 fixed #1862 "fwb_pix crash". 2011-01-10 17:32:57 -08:00
Vadim Kurland
88666086ab refs #1886 added support for no-nat ("identity nat") rules 2011-01-07 16:38:23 -08:00
Vadim Kurland
5313a94c86 * ASA8Object.cpp (ASA8Object): refs #1885 "named network and 
service objects in pix8". So far, these objects are only used
for nat configuration.

* NATCompiler_asa8_writers.cpp (processNext): fixes #1903 "correct
order of clear commands for ASA 8.3"

* NATCompiler_asa8_writers.cpp (printSDNAT): refs #1886 "new nat
configuration in pix 8.3". Initial support for new style nat
configuation.
 2011-01-07 16:29:09 -08:00
Vadim Kurland
3ff086ecc1 snat commands work for the most part; double translations in snat rules are not supported as before 2011-01-06 19:46:20 -08:00
Vadim Kurland
cb19348312 refs #1887 using real IPs in ACL instead of translated addresses in pix 8.3 ; turned on warning for pix 8.3 2011-01-06 13:24:49 -08:00
Vadim Kurland
b9a9d7a2c9 refs #1893 fixes #1882 "inspect ip options in pix8". Added support for 
"policy-map type inspect ip-options" command in PIX v8.2 and later.
At this time, of all possible types of "policy-map type inspect"
command only "ip-options" is implemented.
 2011-01-04 17:05:43 -08:00
Vadim Kurland
4a350d290a fixes #1891 problems with TCP and UDP services with source ports 2011-01-04 12:14:17 -08:00
Vadim Kurland
cd3c457971 refs #1882 Mixed service groups in PIX8; added pix versions 8.0 and 8.3, added support for mixed servcie groups in 8.0; source port matching does not work, see #1891 2011-01-03 17:17:56 -08:00
Vadim Kurland
2b60dcac8e fixed #1783 "PIX routing entries require interface, but PIX 
config will compile without interface in Routing rule". Policy
      compiler for PIX now checks that both "interface" and "gateway"
      rule elements are not empty.
 2010-10-06 22:41:43 +00:00
Vadim Kurland
8a4fb97afe upgraded test data files for 4.1 2010-07-20 23:45:05 +00:00
Vadim Kurland
e75d3ccdb0 minor updates in test data files after they were loaded in the latest version of the gui 2010-07-15 17:09:55 +00:00
Vadim Kurland
9f00e4e619 * CompilerDriver_pix_run.cpp (CompilerDriver_pix::pixNetworkZoneChecks): 
fixed #1491 fwb_pix crashes trying to compile simple rule. Compiler
should check validity of the object used as network zone of an interface.
 2010-06-08 00:56:07 +00:00
Vadim Kurland
6c5b8b3b32 fixed SourceForge bug 2973121: Added support 
for FWSM v4.x
 2010-03-19 22:33:23 +00:00
Vadim Kurland
8f5f4b4f0e fixes #1187 regression in compiler for PIX 2010-02-01 06:39:24 +00:00
Vadim Kurland
83cd816c40 * (createNATCmd::processNext): fixes #1114: "fwb_pix crash when fw 
with dynamic interface is used in TDst".
 2010-01-20 06:38:01 +00:00