onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-23 11:47:24 +01:00
Code Issues Releases Wiki Activity
4,355 Commits 3 Branches 3 Tags
Commit Graph

28 Commits

Author SHA1 Message Date
Vadim Kurland
56ee41fdee see #2556 "PF import: impor of rules referring to undefined 
macros". If pf.conf file uses an undefined macro (there is $macro
somewhere but the macro has never been defined), importer issues a
warning, creates run-time DNSName object with the name "$macro" and
marks all rules where it is used as broken, that is, rules are colored
red and the error message is added to the comment field. Using
run-time DNSName object makes compiler use "$macro" in the generated
pf rule which means fwbuilder generates exactly the same pf rule as
the one it tried to import.
 2011-07-07 17:24:57 -07:00
Vadim Kurland
6046524a37 see #2552 "PF import: add ability to suppress comments referring to 
line numbers in the original file".
 2011-07-06 16:13:59 -07:00
Vadim Kurland
fd63078a5e see #2551 "PF Import - source routing rules are not imported with rule 
options set". Importer should import "route-to" rule parameters.
 2011-07-06 14:36:47 -07:00
Vadim Kurland
eb67ae82ff * pf.g: fixed bug in PF import: address lists such as "{ addr1, 
addr2, ... }" defined as macros or inside the rule could not be
imported correctly.

* pf.g: we should be able to import both "block quick log" and
"block log quick".
 2011-07-05 13:27:14 -07:00
Vadim Kurland
d682785b63 see #2496 parsing, but not importing, "user" and "group" matches 2011-06-09 16:33:22 -07:00
Vadim Kurland
c77796ebd0 see #2497 added an error on import of "include" word in pf.conf files 2011-06-09 16:15:36 -07:00
Vadim Kurland
17a178b637 see #2482 now can import rules that match both source and destination ports, including cases where groups of ports are used on both sides 2011-06-06 14:55:00 -07:00
Vadim Kurland
36a6472f95 fixing build on windows mingw: avoid token name "IN" 2011-06-04 20:36:07 -07:00
Vadim Kurland
b985fcacac fixing build on windows mingw: avoid token name "CONST" 2011-06-04 20:32:37 -07:00
Vadim Kurland
8cab8f0672 see #2470 added support for set skip with a list of interface names 2011-06-04 12:57:01 -07:00
Vadim Kurland
30ec7d1e72 see #2472 fixed import of table definitions without file name and with shortcut network defines 2011-06-03 23:34:25 -07:00
Vadim Kurland
22b812fd4a see #2438 fixed grammar to match 1024:65535 2011-06-03 08:57:21 -07:00
Vadim Kurland
c9211157ff see #2463 implemented import of "scrub" commands in both old and new syntax 2011-06-02 19:02:09 -07:00
Vadim Kurland
a0da65ddc9 see #2464 implemented import of PF "set timeout", 
"set limit" and other "set" commands. Known limitations:

 - commands "set ruleset-optimization", "set loginterface",
   "set block-policy", "set state-defaults", "set require-order",
   "set fingerprints", "set reassemble", "set hostid" are not supported.
 2011-06-02 17:18:37 -07:00
Vadim Kurland
68a29785da see #2394 matching icmp types and codes by name explicitly to avoid conflicts where the same keyword (e.g. "skip") is used in different rules of the grammar; see #2464 added test case for "set timeout" commands 2011-06-02 16:13:23 -07:00
Vadim Kurland
b86900cc54 see #2464 implemented import of "set timeout" commands 2011-06-02 11:38:13 -07:00
Vadim Kurland
58eb1a865e see #2394 using InterfaceProperties class to guess where WORD is an interface name or host name; Lexer generates IPV6 token for "1000:1010" port range configuration, could not find a way to fix this in the lexer so using this token to parse port ranges in the parser; added unit test for host "from" and "to" matches, including interface name and host name matches 2011-06-01 23:44:53 -07:00
Vadim Kurland
564500768e see #2458, #2459 import of "rdr", "no nat", "no rdr" rules 2011-05-31 12:55:55 -07:00
Vadim Kurland
1ed2581dd1 see #2449 import of "nat" rules. First implementation. Restrictions are listed in ChangeLog 2011-05-30 21:49:46 -07:00
Vadim Kurland
ba53d7b8f5 see #2447 implemented import of parameters for action "block" 2011-05-29 13:38:36 -07:00
Vadim Kurland
765060c29c see #2403 added test case file; fixed import of icmp services, added test case file; other fixes 2011-05-26 22:30:07 -07:00
Vadim Kurland
e89cc24466 see #2403 added ability to import clause en0:network; stubbed import of en0:broadcast 2011-05-26 21:29:12 -07:00
Vadim Kurland
29bf29f892 see #2394 grammar clean-up; creating policy rules in the right ruleset and renumbering rule set in the end 2011-05-26 12:06:50 -07:00
Vadim Kurland
e10ab65393 see #2394 creating policy rules with src and dst populated; parsing and creating address tables and groups of addresses 2011-05-25 23:57:27 -07:00
Vadim Kurland
ea9c28fda1 See #2394 grammar can parse most of the sample pf.conf files, including important ones 2011-05-25 18:57:44 -07:00
Vadim Kurland
db8ae42ad1 grammar matches port ranges; better grammar for ipv6 2011-05-23 19:03:49 -07:00
Vadim Kurland
12abcf9533 minimal grammar to match "from" and "to", both addresses and ports 2011-05-22 23:17:05 -07:00
Vadim Kurland
2e11bc22da pf import: first draft of the grammar (still does nothing useful), importer class skeleton 2011-05-17 10:05:33 -07:00