onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-21 18:57:14 +01:00
Code Issues Releases Wiki Activity
fwbuilder/doc/ReleaseNotes_2.1.13.txt
Vadim Kurland fcfedad398 Initial import into v3 branch
2007-12-25 22:25:59 +00:00

68 lines
3.4 KiB
Plaintext
Raw Blame History

Firewall Builder Release Notes
Version 2.1.13
Released 07/22/2007
GUI and compilers v2.1.13 require API library libfwbuilder version 2.1.13
Summary
This is bugfix release; its main focus is better support for new features
available in PF in OpenBSD 4.1
For those who wish to build from source, instructions are outlined in the
document "Install and Build instructions" on our web site here
Improvements and bug fixes in the GUI
* fixed bug #1740766: "lock not saved". This method now copies the value
of "ro" attribute (read-only). Clear it in the caller if neccessary.
Method duplicate() clears it after calling shallowDuplicate in order
to be able to modify the object, then restores this attribute to its
original value.
* fixed bug #1743117: "crash while editing any". Added check, user
should not be able to unlock Standard objects library
* fixed bug #1753188: "policy activation fails on PIX and IOS".
Installer failed if account used to authenticate to the router or PIX
went straight to 'enable' mode after login.
* added simple template object for Cisco router 36xx
Improvements and bug fixes in policy compiler for iptables
* fixed bug #1746257: "fwbuilder breaks IPv6". Added an option to the
firewall settings dialog for iptables that controls whether compiler
should skip generation of the code to set default policy of all ipv6
chains to DROP. This option is off by default, that is compiler puts
the code in. This helps maintain backwards compatibility with old data
files that do not have this option, which is equivalent to this option
being "off".
* fixed bug #1747332: "missing CONNMARK/ restore mark in Output Chain"
* compiler permits setting direction in the rule while interface field
is "All". This generates iptables command in chain INPUT or OUTPUT
with "-i +" or "-o +" interface specification to match all interfaces.
Improvements and bug fixes in policy compiler for PF
* fixed bug #1747828: "anchors generation - "log" not supported". "Log"
keyword is not allowed in "anchor" rules; compiler should not generate
it even if user turned logging on in a rule with action 'Branch'
* implemented support for PF limit options "src-nodes", "tables" and
"table-entries". Feature Req. #1674919: "Support "set limit
table-entries""
* better compliance with PF 4.x. Feature Req. #1679793: "add 'no state'
and 'flags any'". If version is set to 4.x, compiler skips "flags S/SA
keep state" for rules mathcing tcp services. However, according to the
section "1.2. Operational changes" in PF FAQ at
http://www.openbsd.org/faq/upgrade41.html , there should be a way to
add "keep state" explicitly for rules on interface enc0. Added this
option to the rule options dialog.
* Added support for "set skip on " command for PF. If an interface is
marked as "unprotected" in the GUI, compiler generates this command
for it. This is useful for loopback or other virtual interfaces.
Improvements and bug fixes in policy compilers for Cisco IOS ACL
* Fixed bug that caused compiler to exit abnormally while compiling a
rule with interface field "all". Compiler should generate ACL lines
for all interfaces of the router (except those marked "unprotected")
Reference in New Issue View Git Blame Copy Permalink