onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-24 04:07:55 +01:00
Code Issues Releases Wiki Activity
4,484 Commits 3 Branches 3 Tags
Commit Graph

4484 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Vadim Kurland
c7bfbfe2d2 build 5.0.13589 2011-11-21 12:23:14 -08:00
Vadim Kurland
f5759fa905 SF bug #3439613. physdev module does not allow --physdev-out for 
non-bridged traffic anymore. We should add --physdev-is-bridged to
make sure this matches only bridged packets.
 2011-11-21 12:16:59 -08:00
Vadim Kurland
28dba00586 fixed problem in Inet6AddrMask related to the latest change for /31 subnets; fixed unit tests; build 3588 2011-11-17 13:22:53 -08:00
Vadim Kurland
6f1c574633 v5.0.1.3587 2011-11-16 10:56:09 -08:00
Vadim Kurland
1c05e238db merge 5.0.1.3586 2011-11-16 10:51:05 -08:00
Vadim Kurland
734069f16f see #2667 
fixed bug (no number) introduced when I was working on #2667.
Setting broadcast address in the network object with netmask /31
to 255.255.255.255 broke rule shadowing algorithm.
 2011-11-16 10:47:21 -08:00
Vadim Kurland
aa8f7edc7f fixes #2669 "Cant inspect custom Service object in Standard objects 
library".
 2011-11-15 11:38:11 -08:00
Vadim Kurland
edb126f3e3 added latest changes to 5.0.1 release notes 2011-11-10 14:03:42 -08:00
Vadim Kurland
99498dc90b fixes #2664 Update error message when "which" command fails. Generated 
iptables script uses "which" to check if all utilities it uses exist
on the machine.  We should also check if "which" itself exists and
issue meaningful error message if not.
 2011-11-10 12:06:08 -08:00
Vadim Kurland
e7004dcc9c fixes #2668 Remove "static routes" from the explanation text in 
ASA/PIX import dialog.  We can not import PIX/ASA routing
configuration at this time.

build 5.0.1.3585
 2011-11-10 11:36:32 -08:00
Vadim Kurland
76da9f905f fixes #2670. Per RFC3021 network with netmask /31 has no network and 
direct broadcast addresses. When interface of the firewall is
configured with netmask /31, policy compilers should not treat the
second address of this "subnet" as a broadcast.
 2011-11-08 18:40:09 -08:00
Vadim Kurland
028976c675 added release notes record 2011-11-08 18:13:13 -08:00
Vadim Kurland
bd39f7b6bd fixes #2663 "Rule with "old-broadcast" object results in invalid 
iptables INPUT chain".  Compiler was choosing chain INPUT with
direction "outbound" for rules that had old broadcast address in
"Source", this lead to invalid iptables configuration with chain INPUT
and "-o eth0" interface match clause.

fixed bug in the rule processor that replaces AddressRange object that
represents single address with an IPv4 object. Also eliminated code
redundancy.
 2011-11-08 18:11:03 -08:00
Vadim Kurland
ece8ca17a6 fixes #2665 "Adding text to comment causes rule to go from 2 rows to 1 
row". Under certain circumstances, editing rule comment caused the GUI
to collapse corresponding row in the rule set view so that only the
first object of each rule element that contained several objects was
visible.
 2011-11-08 13:56:40 -08:00
Vadim Kurland
0ba45e6569 fixed SF bug 3435004: "Empty lines in comment result in "Incomplete 
Command" in IOS".
 2011-11-08 08:42:56 -08:00
Vadim Kurland
20b974959b fixed SF bug 3428992: "PF: rules order problem with IPv4 and 
IPv6". Compiler for PF should group ipv4 and ipv6 NAT rules together,
before it generates ipv4 and ipv6 policy rules.
 2011-11-08 08:15:17 -08:00
Vadim Kurland
aa49658c51 fixed SF bug #3429377 "PF: IPv6 rules are not added in IPv4/IPv6 
ruleset (anchor)". Compiler for PF did not inlcude rules generated for
IPv6 in generated PF anchor configuration files.
 2011-11-08 07:11:21 -08:00
Vadim Kurland
6df0cdb45e fixed SF bug #3433587 "Manual edit of new service Destination Port END 
value fails". This bug made it impossible to edit the value of the end
of the port range because as soon as the value became less than the
value of the beginning the range, the GUI would reset it to be equal
to the value of the beginning of the range. This affected both TCP and
UDP service object dialogs.
 2011-11-08 06:52:07 -08:00
Vadim Kurland
cdb4ee1f09 build 5.0.1.3584 2011-11-08 06:34:13 -08:00
Vadim Kurland
8da03a8783 fixed SF bug 3426843 "ipfw doesn't work for self-reference, in 
5.0.0.3568 version".
 2011-11-08 06:28:54 -08:00
Vadim Kurland
5aabf164a6 reset test files for iptables 2011-10-19 17:53:44 -07:00
Vadim Kurland
68cc6c1332 see #2662 "Crash when compiling ASA rule with IP range". Need to split 
address range if it is used in "source" of a rule that controls
telnet, ssh or http to the firewall itself and firewall's version is
>= 8.3.
 2011-10-19 17:49:36 -07:00
Vadim Kurland
20e0e4efc5 Merge branch 'development' of ssh://vc.netcitadel.com:2222/var/git/fwbuilder into development 2011-10-19 16:52:35 -07:00
Vadim Kurland
680d23d824 reset pix test files to v5.0.1.3581 2011-10-19 16:52:21 -07:00
Vadim Kurland
3db31d6828 trim strings provided by the user in various dialogs to make sure we dont end up with file names and other parameters that end with a white space 2011-10-19 10:53:32 -07:00
Vadim Kurland
7f41116700 v5.0.1.3582 2011-10-02 15:46:44 -07:00
Vadim Kurland
a27cccaba5 see SF bug #3416900 "Replace command with which". Generated 
script (Linux/iptables) used to use "command -v" to check if command
line tools it needs are present on the system. This was used to find
iptables, lsmod, modprobe, ifconfig, vconfig, logger and others. Some
embedded Linux distributions, notably TomatoUSB, come without support
for "command". Switching to "which" that is more ubuquitous and should
be available pretty much everywhere.
 2011-10-02 15:45:56 -07:00
Vadim Kurland
71df784112 fixed unit tests that broke when new objects were added to the StandardObjects library 2011-10-02 15:40:22 -07:00
Vadim Kurland
9994ca5c6d enable fwbuilder to take advantage of GSSAPIAuthentication with 
openssh using suggestion by Matthias Witte witte@netzquadrat.de
 2011-09-29 18:15:26 -07:00
Vadim Kurland
34207a914b v5.0.1.3581 2011-09-29 13:55:26 -07:00
Vadim Kurland
f1153c4dc6 fixes SF bug #3414382 "Segfault in fwb_ipt dealing with empty 
groups". Compiler for iptables used to crash when an empty group
was used in the "Interface" column of a policy rule.
 2011-09-29 13:46:41 -07:00
Vadim Kurland
892f863523 v5.0.1.3580 2011-09-24 19:20:43 -07:00
Vadim Kurland
ac28c2f84a fixes #2660 "compiler for IOSACL crashed when address range appears in 
a rule AND object-group option is turned ON"
 2011-09-24 19:14:28 -07:00
Vadim Kurland
b68eac1f43 see #2656 "Generated Cisco ASA access-list has duplicate entry". 2011-09-19 16:08:34 -07:00
Vadim Kurland
eaf71afcfa fixes #2658 "snmp network discovery creates duplicate address 
and network objects"
 2011-09-19 15:57:09 -07:00
Vadim Kurland
00f6188390 see #2657 snmp network discovery crashed if option "Confine scan 
to network" was used.
 2011-09-19 15:43:38 -07:00
Vadim Kurland
4c5bf811c6 see #2655 Interface names are not allowed to have dash "-" even with 
interface verification off. We should allow "-" in the interface name
for Cisco IOS
 2011-09-19 14:53:39 -07:00
Vadim Kurland
2a74bc273d see #2653 Importer for iptables checks that netfilter table used in 
the original iptables config is one of the tables we support.
Currently only "filter", "mangle" and "nat" are supported.

Also see #2651, #2652
 2011-09-04 20:29:02 -07:00
Vadim Kurland
d45002faf9 new build 5.0.1.3578 2011-09-04 20:09:41 -07:00
Vadim Kurland
ad2d088d67 see #2654 ChangeLog and release notes entries 2011-09-04 20:04:26 -07:00
Vadim Kurland
6908ca9aa7 see #2654 fixes GUI crash that occured if user copied a rule from file A to file B, then closed file B, opened file C and tried to copy the same rule from A to C 2011-09-04 20:02:26 -07:00
Vadim Kurland
1b8c9aa574 added release notes for 5.0.1 2011-08-30 13:51:36 -07:00
Vadim Kurland
19a6776f7a fixes SF bug 3247094 "Nomenclature of IP address edit dialog". 
Network ipv6 dialog says "Prefix length".
 2011-08-30 13:35:01 -07:00
Vadim Kurland
5b72064084 fixes SF bug 3302121 "cosmetic mis-format in fwb Linux paths dialog" 2011-08-30 13:30:19 -07:00
Vadim Kurland
62b48f1833 fixes SF bug 3388055 Adding a "DNS Name" with a trailing space causes 
failure.
 2011-08-30 13:24:22 -07:00
Vadim Kurland
14579473bd see #2646 and SF bug 3395658: Added few ipv4 and ipv6 network objects 
to the Standard objects library: TEST-NET-2, TEST-NET-3 (RFC 5735, RFC
5737), translated-ipv4, mapped-ipv4, Teredo, unique-local and few
others.
 2011-08-25 17:34:10 -07:00
Vadim Kurland
572dd960c8 fixes #2647 remove description of the option "make actions Tag and Classify terminating" from the help page 2011-08-25 14:13:35 -07:00
Vadim Kurland
baf9e7a956 fixes #2648 "right mouse click on firewall object in "Deleted objects" 
library causes GUI crash"
 2011-08-25 14:12:13 -07:00
Vadim Kurland
25efaa6a91 fixes #2650 "rules with address range that includes firewall address 
in Src are placed in OUTPUT chain even though addresses that do not
match the firewall should go in FORWARD"
 2011-08-25 13:56:03 -07:00
Vadim Kurland
a78619ed46 see #2644 added check for netmask validity in the ip4 address dialog 
(when it is used to configure address of an interface and shows
netmask)
 2011-08-14 19:46:54 -07:00