* PolicyCompiler_iosacl.cpp (PolicyCompiler_iosacl::prolog): fixed
few bugs (no #) in policy compiler for Cisco IPv6 ACLs:
- The "extended" keyword is not supported by IOS for IPv6 ACLs
- keyword "established" is only valid in combination with
protocol tcp. If standard CustomService objects "ESTABLISHED" and
"ESTABLISHED ipv6" are used in a rule, enforce protocol to "tcp".
- command to clear ipv6 access lists should be "no ipv6
access-list ipv6_management_in"
- command to assign ipv6 acl to interface should be "ipv6
traffic-filter ipv6_acl in"
ipv6" which defines code for iptables, ipfw and IOS extended
access lists for IPv6.
* PolicyCompiler_ipfw_writers.cpp (PrintRule::_printProtocol):
fixed behavior or policy compiler for ipfw which was broken in
rev714 - it should print protocol "tcp" when custom service object
that adds option "established" is used. This compiler worked like
that before attribute "protocol" was added to the CustomService
object.
* PolicyCompiler_PrintRule.cpp (PrintRule::_printAddr): fixed bug
#2526173: "fwb_ipt crashes due to old-broadcast". This bug was
introduced when support for module iprange was sadded. Need
special check for AddressRange objects where start and end of
range addresses are equal.
* NetworkDialog.cpp (NetworkDialog::addressEntered): fixed bug (no
#): the GUI used to check ip address entered for the network
object whenever user switched focus from the address input widget
in the network object dialog to another widget or even a different
application to look up the address. This caused the program to
show error dialog if this happened when the address was
incomplete. This change makes the program verify the address only
when user clicks "Apply".
* RoutingCompiler_iosacl.cpp (RoutingCompiler_iosacl::compile):
Added support for generation of "ip route" commands for Cisco IOS.
Variant of Cisco IOS "ip route" command where gateway is the name
of one of the interfaces of the router is also supported. To get
this, put interface object in the "gateway" column of the routing
rule.
* pix.xml.in, RuleSetView.cpp: Routing ruleset view shows column
"interface" only for platforms that require it. Currently IOS does
not require it, while other platforms for which routing commands
generation is supported require it (iptables and PIX).
* All policy compilers: using FWObjectDatabase::createClass
methods to create rules and other objects in compilers wherever
the type is known at the (code) compile time. This makes code
cleaner and speeds it up a little because of eliminated cast() and
string comparison.
* changes in libfbuilder: eliminated excessive use of dynamic_cast
and long chains of "if" comparing object type names in
FWObjectDatabase in methods that create new objects of given type.
