#1123, #1124: Text label next to the option that translates into
--connlimit-above clause for the iptables "connlimit" module
now matches description in the iptables manual. Added checkbox
that allows the user to add negation to the generated code
fixes#1123, #1124
draft of the object-groups support for Cisco IOS. Controlled by a
checkbox in the "Advanced" settings dialog of the firewall object;
this feature requires IOS v12.4(20)T or later and is off by
default.
fixes#1119 "add test for the integrity of failover cluster
groups". Compilers require all failover group objects to be
configured with interfaces of member firewalls.
fixes#1120 "redundant commands generated for ssh
access". Compiler for PIX generated two "ssh address netmask
inside" commands for the same rule that permits ssh to the firewall.
fixes#1106 "fwb_pix does not include prolog". Prolog script was
not included in generated configuration if firewall object was
converted from some other platform because FirewallOptions? object
inherited old "prolog_place" variable
"fwb_pix uses wrong interface compiling the second cluster
member". NAT compiler for PIX failed to find interface with
correct network zone if interface was a child of another
interface, e.g. vlan subinterface.
fixes#1117 "failover group member editor loses interfaces". If
failover group included vlan interfaces of the member firewalls,
the dialog that appears when user clicks on "manage members"
button would not show members at all.
#1115: "fwb_pix crash compiling cluster NAT rule set with
interface in TSrc". A cluster interface was used in the TSrc rule
element of a NAT rule. Cluster interfaces of PIX cluster have no
ip addresses of their own (PIX HA pair uses ip addresses of the
master unit), this caused rule element to become empty after
interface object was supposed to be replaced with its ip address.
fixes#1115
fixes#1108: fwb_pix: incorrect access list is generated for
"static". When a firewall or host object with an interface that
was configured with netmask that was not
255.255.255.255 (i.e. configured correctly) was used in TDst of a
NAT rule for PIX firewall, compiler generated configuration that
used subnet instead of just the address of the inetrface.
Regression: fixed#1092 "missing "install" checkboxes in the list
of firewalls on the first page of the installer
wizard". Checkboxes "install" disappeared randomly from the first
page of the installer wizard.
"duplicate objects on redo". Click on the last line in undo stack
view created duplicate objects in the tree if some undo/redo
commands created new objects.
