FirewallBuilder 3.0.1
About:
Firewall Builder is a GUI firewall configuration and management tool that supports iptables (netfilter), ipfilter, pf, ipfw, Cisco PIX (FWSM, ASA) and Cisco routers extended access lists. Firewall Builder uses object-oriented approach, it helps administrator maintain a database of network objects and allows policy editing using simple drag-and-drop operations.
Summary
This is first minor release in the v3.0 series. This release includes numerous usability improvements and stability fixes.
For those who wish to build from source, instructions are outlined in the document "Install and Build instructions" on our web site here
Improvements and bug fixes in libfwbuilder
* Filter addresses of IPv4 objects and strip leading and trailing whitespaces and other non-digit characters before converting to InetAddr. This will help with annoying problem where v2.1 allowed such characters in address attributes of Address objects but v3.0 applies strict checks during file load and rejects such data files.
* generate unique string object id on demand instead of in the call to generateUniqeueId. This helps speed up compiler operations by a factor of about 3 because we generate unique int ID every time object is created or copied, yet string ID is only needed when object is stored in external XML file. Also using sprintf to assemble string ID, it works faster than ostringstream.
* converted attribute "ro" (read-only) from a dictionary variable to the member variable of class FWObject. We check read-only status of objects very often and dictionary lookups were slowing compiler down considerably.
* set netmask to /32 when new Network object is created. This used to be the default in fwbuilder v2.1. New default of 0.0.0.0 appears to be confusing and error-prone, by user's requests changing default back to /32. This fixes bug #2125542: New Address objects added with netmask of "0.0.0.0"
Improvements and bug fixes in the GUI
* bugfix: if user called "Save As" and then hit Cancel in the dialog where they choose file name, internal RCS object used to be deleted anyway.
* bug #2091507: "Create New Firewall problem.". If user created new data file using File/New main menu item, items in the main menu File used to stay disabled and file could only be saved using "File/Save As" (which did not make sense because the name has already been assigned to the file during File/New operation).
* bug #2091520: "Crash FWB". The GUI crashed if user closed mdi window showing just standard objects and then tried to close the main window.
* bug #2099700 "Association of the .fwb and .fwl file types with app on Mac". Implemented support for the association of the application and data file type on Mac OS X. Double-clicking on .fwb and .fwl files in Finder will now open application and load files automatically. User can open several files by selecting them in Finder and double-clicking.
* fixed "usage" in fwbedit, command line option that specifies object attributes for the command "new" is "-a", not "-o". Also fixed this in the man page.
* bug #2099631 "GUI should rememver firewall object that was opened last". The program remembers opened ruleset between sessions.
* bug #2091225: "Can objects in the left pane remember last state.". The program saves state of the object tree branches (expanded or collapsed) between sessions.
* bug (no #): added ability to copy/paste rule set objects.
* bug #2100415: "cannot re-create or clone Routing object". The GUI does not let the user to delete Routing object. Policy and NAT objects can be deleted as long as there is at least one more left. Also "top" rule set objects can not be deleted at all.
* bug (no #): if the name of the plink.exe program was specified in upper case in Preferences dialog, built-in installer failed to provide correct command line options to it.
* Additional checks for operations with rules and ruleset on the deleted Policy or NAT object. User should not be able to change anything in rule set object that has been deleted because it does not have parent firewall object.
* bug #2106229 "Disable-Icon bad position in rule group". Icon that indicates that a rule is disabled used to be drawn in the wrong row of the ruleset table.
* bug #2106280: "option to change color of rule group head". Made rule group head colored in "medium dark", actual color depends on chosen QT theme.
* bug #2106124: "Crash after deletion of (last rule in + whole) rule group".
* bug #2105111: "use color for compiler status and errors". Compilation and installation status is color coded in the left panel of compile/install dialog (Error is red, Success is green). Also coloring compiler error messages red in the compiler progress panel. Note that this feature is subject to QT bug #212207. This QT bug was introduced in QT 4.4.1. Because of this bug, text labels using non-default color or font disappear unless they are selected. This does not happen with QT 4.3.x or 4.4.1 and later.
* bug #2107004: "Fwbuilder crashes while deleting objects in groups". I could only reproduce the crash when there were two identical objects in the group and I was trying to delete both. v3.0 does not allow the user to add the same object twice to the group so this condition should not be possible.
* bug #2090332: "Where used search function does not always work.". WhereUsed function could not find firewall if it was used in its own rules.
* bug #2099631: there used to be object "icmpv6 unreachables" in the Deleted Objects library in the file of standard objects that comes with the package.
* bug # 2109432: "double click on results in "Where used" list opens wrong rule."
* bug #2109431: "context menu item "Where used" is missing for rulesets".
* bug #2109660: "Compiler Progress: bar is incomplete". Compiler progress bar failed to show full length bar when operation was complete for some firewall platforms.
* bug #2109675: "file Title bar contains redundant info". Internal page title should be coordinated with items in the Windows main menu. There is also no need to add "Firewall Builder" to the title of internal windows.
* bug #2109833: "Crash on right mouse click in the object group".
* bug #2099700 "Association of the .fwb and .fwl file types with app". Implemented support for the association of the application and data file type on Windows and Mac OS X. Double-clicking on .fwb and .fwl files in Explorer or Finder will now open application and load files automatically.
* Changed format of the start and stop date fields in the Time Interval object to show year as four digits. Also enabled calendar in these widgets.
* change in the logic applied when the program decided which library to open at start time. If a file is opened and there is settings record pointing to the library that was opened in this file last time the program was used, this library is opened. If there is no such settings record, the program tries to find the first not system library in the file but prefers the one named "User". If the program starts without data file, it shows library "User" from the standard objects file.
* enable "close" button in the title of several dialog windows (it was not shown on Mac).
* Using tabbed presentation of internal subwindows on Mac OS X. This looks much better than standard MDI presentation where internal windows have their own title bar.
* workaround for a problem that only appears on Mac: if user uses File/Open but cancels operation, the main window used to switch from the subwindow that was active to another one (usually the empty default window with only standard objects tree).
* when the program is started without data file, it shows panel with just default objects, with a title "Untitled". If user opens data file, it is loaded into the same panel and its title changes accordingly. If user makes changes and then saves using "Save As", its title also changes accordingly (and there is still one panel). If user uses "File/New data file" and enters the name of the new data file, it is loaded into the same panel and its title changes accordingly. Still, after this there is only one panel. However if the panel shows contents of some data file, operations "File/Open" and "File/New" load second data file into a new panel.
* bug # 2106266: "Save collapse/expand state of groups in policy". The GUI will remember state of the rule groups (expanded/collapsed) between sessions. The state is saved in preferences. Groups are referenced by combination of file name (full path), firewall object name, ruleset name, group name. Since state is saved in preferences rather than in the data file, state of the rule groups is separate for each user.
* bug #2123150: "add new rule below inserts at end of rulebase". The program used to append rule at the bottom of the policy when user tried to insert it n the middle when there were rule groups.
* bug #2124804: "Policy list "jump" when using groups". Combination of rule groups and very tall rows in the rule set view caused problems with vertical scrolling.
* do not print netmask of the IPv4 and IPv6 objects in tooltips and "info" panel unless such object is child of an Interface. This fixes bug #2125542: New Address objects added with netmask of "0.0.0.0"
* bug #2126524: "User Service created in the Service Group section" - added missing group UserServices to the standard objects file.
* fixed GUI crash that happened when user made modifications in the default object tree but did not save the changes and then tried to exit the program.
* Network and NetworkIPv6 object dialogs accept CIDR notation in the "address" input field. Netmask input field is filled automatically using "/NN" entered as part of the address when user hits Return or Tab or switches to another input element using mouse click.
* fixed bug #2128261: "fwbuilder thinks the file has changed when opened read-only". Operation "find where used" triggered "dirty" flag on the object tree even though it does not change anything.
* bug #2105977: "Viewing firewall settings change state to edited". Opening firewall "advanced" settings dialog triggered internal flag that signalled that something in the object tree has changed.
* Added tooltip in the rule set view for the column showing rule group handle, the tooltip shows group name and number of rules.
* bug related to #2123152 "Fwbuilder 3.0.0 Gui very slow and doesn't refresh properly". There seems to be a bug in QT 4.4.1 (not sure of 4.4.0, definitely not in 4.3.x) which causes the last row of the rule set view table to come out blank when the table is redrawn. This happens when rows have very different height and looks like the last row comes out blank when user scrolls the table up. The last row is finally redrawn when most of it is already visible.
* bug #2129726: "Where Used" not working on collapsed groups.
* constructors of rule set view classes (PolicyView, NATView, RoutingView) used to set "dirty" flag in the object database which caused the GUI to ask the user if they wanted to save modifications before exisitng the program even when there were no modifications made. This change fixes this annoying problem.
* fixed icon for rule action "Mark"
* fixed crash that happened on Ubuntu with QT 4.3.x because of recursive call to updateGeometries()
* bug #2125604: "Cancel button does not kill the installer". Cancel button of the installer wizard in fact kills background process. Second issue raised in this bug report is that "Finish" button was always enabled. This is now fixed.
* bug #2144114 "fwbuilder * exits if the last object file is closed". The GUI will not terminate after the last window is closed but instead will just show empty main window.
* bug #2144358 "Double check with 'save as'". The GUI used to ask twice if user wants to overwrite the file in Save As operation if file with given name already existed.
* bug #2144122 "Segfault when trying to add an address to a group"
* making sure all modules store settings under the same path prefix "3.0/" (applies to all OS).
*
Improvements and bug fixes in command line tool fwbedit
* bug #2143961: a typo in the man page fwbedit.1
* bug #2143894: "fwbedit list does not show objects". Command "fwbedit list -f file" did not print anything unless option "-F" was supplied. This change adds default value for this option so that when it is missing, the command prints object path.
Improvements and bug fixes in the policy compiler for iptables
* bug (no #): compiler for iptables used date entered for the beginning of the interval in "Time" object both for the beginning and for the end.
* fixed compiler error "Error (iptables): The object "eth0" used as interface in the routing rule 0 (main) is not a child of the firewall the rule belongs to!" that also happened because Routing ruleset object being processed is disconnected from the firewall parent at the time compiler works with it.
* fixed crashes in RoutingCompiler that happened because Routing ruleset object being processed is disconnected from the firewall parent at the time compiler works with it.
* bug #2141911: "no ULOG for ip6tables". ULOG target has not been implemented for ip6tables yet, so the compiler should fall back to LOG target while compiling ipv6 policy.
Improvements and bug fixes in the policy compiler for PF
* fixed bug (no #): policy compiler for PF used to insert both "inet" and "inet6" into generated pf.conf lines for the IPv6 policy.
Improvements and bug fixes in the policy compiler for ipfw
* Basic suport for IPv6 for ipfw. IPv6 rules should be kept in a separate policy, just like for all other platforms. Branching rules are not supported so there is no support for multiple policies (although there is no check for that at this time either). Both ipv4 and ipv6 rules are loaded into the same ipfw set "1" with globally unique increasing rule numbers. The order in which ipv4 and ipv6 policies are processed is controlled by an option in firewall settings dialog. Note that this is not complete yet, for example ICMPv6 is not supported. More complete implementation should be done as part of ipfw2 support.
Improvements and bug fixes in the policy compiler for PIX
* fixed crash in compiler for PIX that happened when compiler tried to merge "global" commands and some of the interfaces of the firewall had dynamic address.
|
Transit-forever
Mageia Linux provider
|
|
Список
Плоский
Дерево
