onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-05-01 14:47:27 +02:00
Code Issues Releases Wiki Activity

Commit Graph

  • 8eeef2186f see #2676 Vadim Kurland 2011-11-30 18:13:10 -08:00
  • 8e2fabca2c fixed SF bug #3443609 Return of ID: 3059893": iptables "--set" option deprecated". Need to use --match-set instead of --set if iptables version is >= 1.4.4. The fix done for #3059893 was only in the policy compiler but needs to be done in both policy and nat compilers. Vadim Kurland 2011-11-28 13:43:17 -08:00
  • b7eb40b78e fixes #2673: fwbuilder GUI still wants to connect to X11 server when cli printing option -P is used Vadim Kurland 2011-11-28 12:46:19 -08:00
  • c26cadeb6a more fixes for SF bug #3439613. Adding "-i" / "-o" clause to match parent bridge interface. This allows us to correctly match which bridge the packet comes through in configurations using wildcard bridge port interfaces. For example, when br0 and br1 have "vnet+" bridge port interface, iptables can still correctly match which bridge the packet went through using "-o br0" or "-o br1" clause. This can be useful in installations with many bridged interfaces that get created and destroyed dynamically, e.g. with virtual machines. Note that the "-i br0" / "-o br0" clause is only added when there is more than one bridge interface and bridge port name ends with a wild card symbol "+" Vadim Kurland 2011-11-28 12:27:21 -08:00
  • e681556c0f see #2671, #2672 Vadim Kurland 2011-11-21 17:55:53 -08:00
  • c7bfbfe2d2 build 5.0.13589 Vadim Kurland 2011-11-21 12:23:14 -08:00
  • f5759fa905 SF bug #3439613. physdev module does not allow --physdev-out for non-bridged traffic anymore. We should add --physdev-is-bridged to make sure this matches only bridged packets. Vadim Kurland 2011-11-21 12:16:59 -08:00
  • 28dba00586 fixed problem in Inet6AddrMask related to the latest change for /31 subnets; fixed unit tests; build 3588 Vadim Kurland 2011-11-17 13:22:53 -08:00
  • 6f1c574633 v5.0.1.3587 Vadim Kurland 2011-11-16 10:56:09 -08:00
  • 1c05e238db merge 5.0.1.3586 Vadim Kurland 2011-11-16 10:51:05 -08:00
  • 734069f16f see #2667 Vadim Kurland 2011-11-16 10:47:21 -08:00
  • aa8f7edc7f fixes #2669 "Cant inspect custom Service object in Standard objects library". Vadim Kurland 2011-11-15 11:38:11 -08:00
  • edb126f3e3 added latest changes to 5.0.1 release notes Vadim Kurland 2011-11-10 14:03:42 -08:00
  • 99498dc90b fixes #2664 Update error message when "which" command fails. Generated iptables script uses "which" to check if all utilities it uses exist on the machine. We should also check if "which" itself exists and issue meaningful error message if not. Vadim Kurland 2011-11-10 12:06:08 -08:00
  • e7004dcc9c fixes #2668 Remove "static routes" from the explanation text in ASA/PIX import dialog. We can not import PIX/ASA routing configuration at this time. Vadim Kurland 2011-11-10 11:36:32 -08:00
  • 76da9f905f fixes #2670. Per RFC3021 network with netmask /31 has no network and direct broadcast addresses. When interface of the firewall is configured with netmask /31, policy compilers should not treat the second address of this "subnet" as a broadcast. Vadim Kurland 2011-11-08 18:40:09 -08:00
  • 028976c675 added release notes record Vadim Kurland 2011-11-08 18:13:13 -08:00
  • bd39f7b6bd fixes #2663 "Rule with "old-broadcast" object results in invalid iptables INPUT chain". Compiler was choosing chain INPUT with direction "outbound" for rules that had old broadcast address in "Source", this lead to invalid iptables configuration with chain INPUT and "-o eth0" interface match clause. Vadim Kurland 2011-11-08 18:11:03 -08:00
  • ece8ca17a6 fixes #2665 "Adding text to comment causes rule to go from 2 rows to 1 row". Under certain circumstances, editing rule comment caused the GUI to collapse corresponding row in the rule set view so that only the first object of each rule element that contained several objects was visible. Vadim Kurland 2011-11-08 13:56:40 -08:00
  • 0ba45e6569 fixed SF bug 3435004: "Empty lines in comment result in "Incomplete Command" in IOS". Vadim Kurland 2011-11-08 08:42:56 -08:00
  • 20b974959b fixed SF bug 3428992: "PF: rules order problem with IPv4 and IPv6". Compiler for PF should group ipv4 and ipv6 NAT rules together, before it generates ipv4 and ipv6 policy rules. Vadim Kurland 2011-11-08 08:15:17 -08:00
  • aa49658c51 fixed SF bug #3429377 "PF: IPv6 rules are not added in IPv4/IPv6 ruleset (anchor)". Compiler for PF did not inlcude rules generated for IPv6 in generated PF anchor configuration files. Vadim Kurland 2011-11-08 07:11:21 -08:00
  • 6df0cdb45e fixed SF bug #3433587 "Manual edit of new service Destination Port END value fails". This bug made it impossible to edit the value of the end of the port range because as soon as the value became less than the value of the beginning the range, the GUI would reset it to be equal to the value of the beginning of the range. This affected both TCP and UDP service object dialogs. Vadim Kurland 2011-11-08 06:52:07 -08:00
  • cdb4ee1f09 build 5.0.1.3584 Vadim Kurland 2011-11-08 06:34:13 -08:00
  • 8da03a8783 fixed SF bug 3426843 "ipfw doesn't work for self-reference, in 5.0.0.3568 version". Vadim Kurland 2011-11-08 06:28:54 -08:00
  • 5aabf164a6 reset test files for iptables Vadim Kurland 2011-10-19 17:53:44 -07:00
  • 68cc6c1332 see #2662 "Crash when compiling ASA rule with IP range". Need to split address range if it is used in "source" of a rule that controls telnet, ssh or http to the firewall itself and firewall's version is >= 8.3. Vadim Kurland 2011-10-19 17:49:36 -07:00
  • 20e0e4efc5 Merge branch 'development' of ssh://vc.netcitadel.com:2222/var/git/fwbuilder into development Vadim Kurland 2011-10-19 16:52:35 -07:00
  • 680d23d824 reset pix test files to v5.0.1.3581 Vadim Kurland 2011-10-19 16:52:21 -07:00
  • 3db31d6828 trim strings provided by the user in various dialogs to make sure we dont end up with file names and other parameters that end with a white space Vadim Kurland 2011-10-19 10:53:32 -07:00
  • 7f41116700 v5.0.1.3582 Vadim Kurland 2011-10-02 15:46:44 -07:00
  • a27cccaba5 see SF bug #3416900 "Replace command with which". Generated script (Linux/iptables) used to use "command -v" to check if command line tools it needs are present on the system. This was used to find iptables, lsmod, modprobe, ifconfig, vconfig, logger and others. Some embedded Linux distributions, notably TomatoUSB, come without support for "command". Switching to "which" that is more ubuquitous and should be available pretty much everywhere. Vadim Kurland 2011-10-02 15:45:56 -07:00
  • 71df784112 fixed unit tests that broke when new objects were added to the StandardObjects library Vadim Kurland 2011-10-02 15:40:22 -07:00
  • 9994ca5c6d enable fwbuilder to take advantage of GSSAPIAuthentication with openssh using suggestion by Matthias Witte witte@netzquadrat.de Vadim Kurland 2011-09-29 18:15:26 -07:00
  • 34207a914b v5.0.1.3581 Vadim Kurland 2011-09-29 13:55:26 -07:00
  • f1153c4dc6 fixes SF bug #3414382 "Segfault in fwb_ipt dealing with empty groups". Compiler for iptables used to crash when an empty group was used in the "Interface" column of a policy rule. Vadim Kurland 2011-09-29 13:46:41 -07:00
  • 892f863523 v5.0.1.3580 Vadim Kurland 2011-09-24 19:20:43 -07:00
  • ac28c2f84a fixes #2660 "compiler for IOSACL crashed when address range appears in a rule AND object-group option is turned ON" Vadim Kurland 2011-09-24 19:14:28 -07:00
  • b68eac1f43 see #2656 "Generated Cisco ASA access-list has duplicate entry". Vadim Kurland 2011-09-19 16:08:34 -07:00
  • eaf71afcfa fixes #2658 "snmp network discovery creates duplicate address and network objects" Vadim Kurland 2011-09-19 15:57:09 -07:00
  • 00f6188390 see #2657 snmp network discovery crashed if option "Confine scan to network" was used. Vadim Kurland 2011-09-19 15:43:38 -07:00
  • 4c5bf811c6 see #2655 Interface names are not allowed to have dash "-" even with interface verification off. We should allow "-" in the interface name for Cisco IOS Vadim Kurland 2011-09-19 14:53:39 -07:00
  • 2a74bc273d see #2653 Importer for iptables checks that netfilter table used in the original iptables config is one of the tables we support. Currently only "filter", "mangle" and "nat" are supported. Vadim Kurland 2011-09-04 20:29:02 -07:00
  • d45002faf9 new build 5.0.1.3578 Vadim Kurland 2011-09-04 20:09:41 -07:00
  • ad2d088d67 see #2654 ChangeLog and release notes entries Vadim Kurland 2011-09-04 20:04:26 -07:00
  • 6908ca9aa7 see #2654 fixes GUI crash that occured if user copied a rule from file A to file B, then closed file B, opened file C and tried to copy the same rule from A to C Vadim Kurland 2011-09-04 20:02:26 -07:00
  • 1b8c9aa574 added release notes for 5.0.1 Vadim Kurland 2011-08-30 13:51:36 -07:00
  • 19a6776f7a fixes SF bug 3247094 "Nomenclature of IP address edit dialog". Network ipv6 dialog says "Prefix length". Vadim Kurland 2011-08-30 13:35:01 -07:00
  • 5b72064084 fixes SF bug 3302121 "cosmetic mis-format in fwb Linux paths dialog" Vadim Kurland 2011-08-30 13:30:19 -07:00
  • 62b48f1833 fixes SF bug 3388055 Adding a "DNS Name" with a trailing space causes failure. Vadim Kurland 2011-08-30 13:24:22 -07:00
  • 14579473bd see #2646 and SF bug 3395658: Added few ipv4 and ipv6 network objects to the Standard objects library: TEST-NET-2, TEST-NET-3 (RFC 5735, RFC 5737), translated-ipv4, mapped-ipv4, Teredo, unique-local and few others. Vadim Kurland 2011-08-25 17:34:10 -07:00
  • 572dd960c8 fixes #2647 remove description of the option "make actions Tag and Classify terminating" from the help page Vadim Kurland 2011-08-25 14:13:35 -07:00
  • baf9e7a956 fixes #2648 "right mouse click on firewall object in "Deleted objects" library causes GUI crash" Vadim Kurland 2011-08-25 14:12:13 -07:00
  • 25efaa6a91 fixes #2650 "rules with address range that includes firewall address in Src are placed in OUTPUT chain even though addresses that do not match the firewall should go in FORWARD" Vadim Kurland 2011-08-25 13:56:03 -07:00
  • a78619ed46 see #2644 added check for netmask validity in the ip4 address dialog (when it is used to configure address of an interface and shows netmask) Vadim Kurland 2011-08-14 19:46:54 -07:00
  • e4491ccd51 function InetAddr::isValidV4Netmask() checks that netmask represented by the object consists of a sequence of "1" bits, followed by the sequence of "0" bits and therefore does not have zeroes in the middle. Vadim Kurland 2011-08-14 19:41:14 -07:00
  • 23f488361c fixes #2643 "GUI crashes when user cuts a rule, then right-mouse click in any rule element of another" Vadim Kurland 2011-08-14 18:56:50 -07:00
  • 7a614b0908 see #2638 "When CARP password is empty the advskew value is not read". Should skip "pass <word>" parameter of the ifconfig command that creates carp interface if user did not set up any password. Vadim Kurland 2011-08-11 16:55:08 -07:00
  • de1e3698a7 see #2639 "support for vlan subinterfaces of bridge interfaces (e.g. br0.5)". Currently fwbuilder can not generate script to configure vlan subinterfaces of bridge interfaces, however if user did not request this configuration script to be generated, compiler should not abort when it encounters this combination. Vadim Kurland 2011-08-11 16:35:50 -07:00
  • 1da73349d5 fixes #2641 "newFirewall dialog does not accept ipv6 addresses with long prefixes". The dialog did not allow ipv6 addresses of inetrfaces with netmask > 64 bit. Vadim Kurland 2011-08-11 16:03:58 -07:00
  • 1651e9c73a fixes #2642 "GUI crashes if user cancels newFirewall dialog". Vadim Kurland 2011-08-11 15:48:52 -07:00
  • bd9ab07a5e the drop-down list of interfaces for the "route-through" rule option for PF and iptables should include not only cluster interfaces, but also interfaces of all members. This way, we can make compiler generate configuration Vadim Kurland 2011-08-11 14:02:21 -07:00
  • 3ba5c78ba1 Merge branch 'development' of ssh://vc.netcitadel.com:2222/var/git/fwbuilder into development Vadim Kurland 2011-08-08 15:52:45 -07:00
  • 19bbafb067 fixes #2637 improved cluster group dialog layout Vadim Kurland 2011-08-08 15:51:09 -07:00
  • 294fd170d0 fixes Vadim Kurland 2011-08-08 15:51:09 -07:00
  • 6e0654aaa6 see #2636 "carp : Incorrect output in rc.conf.local format". Should use create_args_carp0 instead of ifconfig_carp0 to set up CARP interface vhid, pass and adskew parameters. Vadim Kurland 2011-08-08 15:35:25 -07:00
  • 3209044b22 see #2635 Object type AttachedNetworks is not allowed in the "interface" rule element. Vadim Kurland 2011-08-05 20:58:37 -07:00
  • a96d6dfd8b v5.0.1.3572 Vadim Kurland 2011-08-05 20:49:02 -07:00
  • 9dc5623722 see #2634 User cant duplicate or move MAC Address objects Vadim Kurland 2011-08-05 20:37:06 -07:00
  • 84685d84a5 see #2628 fixed crash that happened if user create new firewall object from a template and changed one of the ip addresses, while another firewall object created from the same template already existed in the tree. Vadim Kurland 2011-08-03 14:14:16 -07:00
  • e20cebbe81 fixed bug in the installer introduced yesterday, if user cancelled install, next attempt to run installer caused crash Vadim Kurland 2011-08-03 11:09:16 -07:00
  • a7584e4c17 moved "batch install" button from the main installer wizard to the dialog where user enters their password. Now user can start in a non-batch install mode but continue in batch install mode at any time if all their firewalls authenticate with the same user name and password. Vadim Kurland 2011-08-02 21:27:46 -07:00
  • 25ab6bb227 changed token name from "ESP" to "ESP_WORD" to avoid conflict with macro "ESP" that happened during build on OpenSolaris Vadim Kurland 2011-08-01 17:56:22 -07:00
  • 9a2a1d6e83 changelog update; fixed unit test ObjectMatcherTest Vadim Kurland 2011-08-01 13:00:31 -07:00
  • 84a6dcbdf7 see #2425 no sprintf_s in mingw Vadim Kurland 2011-07-25 16:27:44 -07:00
  • 9372c1ffa9 fixes #2548 added dependency on libqt4-network Vadim Kurland 2011-07-25 14:59:35 -07:00
  • 19eb55cfa5 release notes 5.0.0 Vadim Kurland 2011-07-25 14:52:57 -07:00
  • bb1c9f8d7d see #2622 "Remove Back and Forward buttons". We have decided behavior of the GUI was too complicated since user can both act on objects directly and navigate backwards and forwards to the objects found in their browsing history. Navigation using browsing history was broken when quick filter was in use, too. All in all, it feels the value of "back" and "forward" buttons was relatively low. Vadim Kurland 2011-07-22 15:57:54 -07:00
  • 31c5133fdc see #2577 Updated error message that appears when user tries to open .fwb file created by the future version of fwbuilder. Vadim Kurland 2011-07-21 16:48:20 -07:00
  • a206d46cde fixes #2567 "If file doesn't exist when clicking 'edit file', then you have to hit save button twice". The bug affected "edit file" function in the Address Table object dialog. Vadim Kurland 2011-07-21 16:37:00 -07:00
  • ff2dba8bab see #2507 fixed the issue with column "Type" width Vadim Kurland 2011-07-21 16:20:06 -07:00
  • 8fde504d83 see #2536 avoiding FormLayout since it seems to be broken in older Qt Vadim Kurland 2011-07-21 16:06:48 -07:00
  • 715a6c56ad build 3567 Vadim Kurland 2011-07-21 15:27:29 -07:00
  • 1fd2ac3a95 fixes #2590 "PF: NAT compiler fails when run-time address table object is used in a rule" Vadim Kurland 2011-07-21 14:22:40 -07:00
  • 2b54b4c49b fixes #2565 "Run-time dns name or address table in routing policy -> crash". Compiler for PF crashed if user placed run-time DNSName object in "destination" of a routing rule. Vadim Kurland 2011-07-21 14:17:48 -07:00
  • 04d5c68fb3 see #2563 fixed crash that occurred it user tried to edit interface object located in the Deleted Objects library Vadim Kurland 2011-07-21 14:01:52 -07:00
  • 6d26bfac90 see #2515 Expanded set of options the user can change to pre-set parameters in the new policy rules they create. Now user can set default values for action ("Deny" or "Accept"), direction, the "stateless" flag and logging. Vadim Kurland 2011-07-21 13:20:59 -07:00
  • 2ce9852aeb see #2516 "Enhance Find to include searching for IP addresses in ranges". Function "find" now finds ip addresses inside address ranges. Vadim Kurland 2011-07-21 12:42:51 -07:00
  • 0132087bb4 ported fix for #2617 from fortress to fwbuilder-oss; see #2617 Vadim Kurland 2011-07-21 11:43:08 -07:00
  • 5993fd7574 see #2619 "Attempting to copy-and-paste a tag service results in an error". Pasting of a TagService object to the "Tag Services" group did not work. Vadim Kurland 2011-07-20 23:52:30 -07:00
  • ddd45fb426 fixes #2566, #2618 Fix for the regression introduced when I worked on empty editor pane". Double click on the rule number should not do anything, but double click on rule options, comment and other fields should open the editor. Change done for #2566 broke this. Vadim Kurland 2011-07-20 23:39:11 -07:00
  • 8a47a44a3e fixes #2586 new address table object icons, all sizes and all badges Vadim Kurland 2011-07-20 21:18:25 -07:00
  • b4f4a59767 fixes #2564 complete set of new "negated" icons Vadim Kurland 2011-07-20 21:15:06 -07:00
  • ededc39789 merge from fortress, new build Vadim Kurland 2011-07-20 19:06:50 -07:00
  • e8a87b16fb new build 3565 Vadim Kurland 2011-07-19 19:46:21 -07:00
  • 83514e728b fixes #2566 Double-clicking on rule when program first starts results in empty editor pane Vadim Kurland 2011-07-19 19:41:27 -07:00
  • e553360d24 see #2609 additional checks to make sure we do not allow drag and drop between different instances of the program Vadim Kurland 2011-07-19 19:35:54 -07:00
  • d966ac1eb0 see #2564 added more negated icons Vadim Kurland 2011-07-19 19:15:01 -07:00
  • a47d102c30 fixed SF bug 3371301 "Error compiling with VLAN and masquerade". Iptables NAT rules with vlan interface configured as "dynamic" and no ip address in Translated Source caused compiler crash. Vadim Kurland 2011-07-19 19:07:56 -07:00
  • 739a76ffd0 see #2564 new "negated" icons Vadim Kurland 2011-07-19 18:26:56 -07:00