onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-20 02:07:23 +01:00
Code Issues Releases Wiki Activity
3,501 Commits 3 Branches 3 Tags
Commit Graph

352 Commits

Author SHA1 Message Date
Vadim Kurland
f104cb6a11 see #1949 ASA NAT - split objects if OSrc contains objects that are in more than one network zone 2011-01-17 12:12:54 -08:00
Vadim Kurland
139d5ce2de * NamedObjectsAndGroupsSupport.cpp (processNext): Added support for 
CustomService objects in policy and nat rules for asa 8.3 using
named objects and object-groups.
 -- see #1942 "ASA NAT - if custom service is included in service
group incorrect config generated"
 -- see #1929 "move map named_objects inside class NamedObjectManager"
 -- see #1946 "restrict generation of the named objects by
PolicyCompiler_pix to ASA 8"
 -- see #1885 "named network and service objects in pix8"
 2011-01-16 23:02:49 -08:00
Vadim Kurland
e2c2725e6b see #1941 ASA NAT - compiler complains about range in original destination 2011-01-16 20:19:43 -08:00
Vadim Kurland
77690478f4 see #1940 ASA NAT - fwbuilder host objects interface ip is reserved keyword 2011-01-16 16:42:29 -08:00
Vadim Kurland
3e603c1375 see #1938 "icmp" commands were not properly generated for ASA 8.x policy rules 2011-01-16 16:09:29 -08:00
Vadim Kurland
f74713b2fa see #1927 added check to prohibit nat rule that translates destination but has ODst "any" 2011-01-16 15:12:17 -08:00
Vadim Kurland
86584b6aac fixes #1932 Add description field to generated NAT rules for ASA 2011-01-14 18:50:46 -08:00
Vadim Kurland
25b7da796e fixes #1934 and SF bug 3156376 "Can 
not find interface with network zone that includes address range"
 2011-01-14 18:41:50 -08:00
Vadim Kurland
99d0aba102 refs #1928 Support for object-group in OSrc 2011-01-13 19:05:58 -08:00
Vadim Kurland
0f99325869 test case, refs #1928 2011-01-13 18:03:54 -08:00
Vadim Kurland
64772160ac fixes #1917 Duplicate objects are not detected 2011-01-13 13:29:58 -08:00
Vadim Kurland
63257170e8 refs #1885 using named objects and object groups when multiple objects are found in TSrc; this fixes issue with address ranges 2011-01-13 12:49:25 -08:00
Vadim Kurland
59a90aabb1 fixes #1921 add rule processor to check correctness of TSrc after object-groups have been created 2011-01-13 10:34:36 -08:00
Vadim Kurland
f684d791c6 refs #1919 Fixed: do not put interface objects inside object-group for TSrc 2011-01-13 10:11:30 -08:00
Vadim Kurland
ba66447d7d refs #1919 do not put interface objects inside object-group for TSrc 2011-01-12 19:21:22 -08:00
Vadim Kurland
353ba61b7d refs #1907 ASA NAT - fwbuilder doesnt support multiple translated sources in a single NAT rule 2011-01-12 17:46:11 -08:00
Vadim Kurland
c9d0505af1 fixes #1912 Compiler error for ASA 8+ firewalls that have multiple networks in Policy rule and no network matches network zone 2011-01-12 16:03:06 -08:00
Vadim Kurland
77ae2185f2 refs #1908 "ASA NAT - cannot configure static NAT translations with (inside,outside)". Added radio buttons 2011-01-12 15:03:57 -08:00
Vadim Kurland
57666a2c09 refs #1912 added test case 2011-01-12 09:03:49 -08:00
Vadim Kurland
c6abdb0fc6 refs #1908 : added nat rule option to force the rule to be "static"; new build number 2011-01-11 18:32:54 -08:00
Vadim Kurland
d4f9c04aeb refs #1902 Add NAT rule option "translate dns" for PIX 2011-01-11 10:55:53 -08:00
Vadim Kurland
ff6f43b3e6 refs #1907 split converting to atomic rules in orer to be able to control it better 2011-01-11 10:27:10 -08:00
Vadim Kurland
8c7c07cfb9 fixes #1909 2011-01-11 09:44:13 -08:00
Vadim Kurland
e17c19a0a3 fixed #1862 "fwb_pix crash". 2011-01-10 17:32:57 -08:00
Vadim Kurland
5bd095a95c fixed #1906 ASA NAT - Address objects are not properly identified by network zone and have the wrong real interface 2011-01-10 17:17:47 -08:00
Vadim Kurland
24ac2b56ac fixed #1905, #1879 2011-01-10 16:43:43 -08:00
Vadim Kurland
62e7c778fe re-ran tests 2011-01-07 16:39:57 -08:00
Vadim Kurland
88666086ab refs #1886 added support for no-nat ("identity nat") rules 2011-01-07 16:38:23 -08:00
Vadim Kurland
5313a94c86 * ASA8Object.cpp (ASA8Object): refs #1885 "named network and 
service objects in pix8". So far, these objects are only used
for nat configuration.

* NATCompiler_asa8_writers.cpp (processNext): fixes #1903 "correct
order of clear commands for ASA 8.3"

* NATCompiler_asa8_writers.cpp (printSDNAT): refs #1886 "new nat
configuration in pix 8.3". Initial support for new style nat
configuation.
 2011-01-07 16:29:09 -08:00
Vadim Kurland
83646b91fa minor refactoring in NATCompiler::ExpandMultipleAddresses::processNext to include SDNAT rules; rerun tests 2011-01-07 13:27:37 -08:00
Vadim Kurland
3ff086ecc1 snat commands work for the most part; double translations in snat rules are not supported as before 2011-01-06 19:46:20 -08:00
Vadim Kurland
62ea13f33e refs #1886 new nat configuration in pix 8.3; created new class NATCompiler_asa8, so far it does the same thing as NATCompiler_pix 2011-01-06 15:04:19 -08:00
Vadim Kurland
cb19348312 refs #1887 using real IPs in ACL instead of translated addresses in pix 8.3 ; turned on warning for pix 8.3 2011-01-06 13:24:49 -08:00
Vadim Kurland
d564fbb198 refs #1887 using real IPs in ACL instead of translated addresses in pix 8.3; refactored rule element that finds matching NAT rules and performs substitution for pix v<8.3 2011-01-06 12:54:36 -08:00
Vadim Kurland
b20a7843a6 refs #1883, #1893 FWSM 4.x does not have fixup command, we should use policy-map and class commands. 2011-01-04 19:08:19 -08:00
Vadim Kurland
b9a9d7a2c9 refs #1893 fixes #1882 "inspect ip options in pix8". Added support for 
"policy-map type inspect ip-options" command in PIX v8.2 and later.
At this time, of all possible types of "policy-map type inspect"
command only "ip-options" is implemented.
 2011-01-04 17:05:43 -08:00
Vadim Kurland
4a350d290a fixes #1891 problems with TCP and UDP services with source ports 2011-01-04 12:14:17 -08:00
Vadim Kurland
00127aac9f fixes #1892 move rule processor class separateServiceObject to PolicyCompiler 2011-01-04 12:00:09 -08:00
Vadim Kurland
cd3c457971 refs #1882 Mixed service groups in PIX8; added pix versions 8.0 and 8.3, added support for mixed servcie groups in 8.0; source port matching does not work, see #1891 2011-01-03 17:17:56 -08:00
Vadim Kurland
d3bfdcf0f7 removed {{$build}} from top_comment configlets since we do not have build number variable anymore 2011-01-03 13:23:17 -08:00
Vadim Kurland
abf2b3b2be checking in "golden" test files 2011-01-03 13:01:06 -08:00
Vadim Kurland
d9641e730f fixed #1856 "Pemit - in Linux interface names". OpenWRT uses 
name "ppp-dsl" for PPPoE interfaces. In addition to that, Linux
      bridge interfaces may have names with a "-" such as
      "br-lan". We will now permit a "-" in Linux interface names.
 2010-12-02 10:21:27 -08:00
Vadim Kurland
b6a003bac5 debugging algorithm that choses interface for ios acl rules with ipv6 
Added test object for this
 2010-11-16 19:18:56 -08:00
Vadim Kurland
8351f7640b fixed SF bug 3103582 "Cant 
create redirect rule in cluster firewall object".  Iptables nat
rule with target REDIRECT could not be built in a cluster
configuration. It should be possible to do this by putting cluster
object in Translated Destination.
 2010-11-10 17:49:28 -08:00
Vadim Kurland
a76c1a21a1 * PolicyCompiler_ipt.cpp (checkForStatefulICMP6Rules::processNext): 
fixed SF bug 3094273 "no state needed for ipv6-icmp in
ip6tables". Rules that match ICMPv6 objects should be
stateless. Compiler will check for this and reset "stateful" flag
of a rule and issue warning if the rule was built stateful in the
GUI.
 2010-10-29 18:04:48 -07:00
Vadim Kurland
57cc064b14 removed obsolete files .cvsignore, added more patters to .gitignore 2010-10-29 14:15:22 -07:00
Vadim Kurland
9475e71877 need to escape file name and path if it has spaces 2010-10-07 01:14:01 +00:00
Vadim Kurland
2b60dcac8e fixed #1783 "PIX routing entries require interface, but PIX 
config will compile without interface in Routing rule". Policy
      compiler for PIX now checks that both "interface" and "gateway"
      rule elements are not empty.
 2010-10-06 22:41:43 +00:00
Vadim Kurland
4b1ecbfc93 added test cases for SF bug 3077132 2010-10-05 19:40:29 +00:00
Vadim Kurland
c3aa139f22 * NATCompiler_PrintRule.cpp (processNext): fixed SF bug 3057503 
"DNAT rule with dynamic IP has a white space, causing error".
 2010-09-14 21:59:13 +00:00