Need help testing a fix for rule printing

Hi all,

if you print your rule sets in fwbuilder, I could use your help.

I've made some changes in the fwbuilder v3.0.6 in order to fix a bug  
with rule printing reported here:

https://sourceforge.net/tracker/?func=detail&aid=2807724&group_id=5314&atid=1070394


The original reporter did not provide sufficient details about the  
problem so I had to guess. It appears the problem was triggered when  
one tried to print rule set with groups of rules, at least that was  
the case I was able to reproduce. I would appreciate it if you could  
try the latest build of 3.0.6 with your rule sets and let me know if  
printing works right. It would be especially useful if you saw  
problems with printing in previous versions and could compare.

New packages, as usual, can be downloaded from the nightly builds site  
at

http://www.fwbuilder.org/nightly_builds/fwbuilder-3.0/

The "testing" repositories have also been updated to serve v3.0.6  
build 1166.

Here is the summary of changes since v3.0.5 has been released (there  
is more than only a fix for printing)


2009-07-15  vadim  <vadim@...>

        * PolicyCompiler_ipt_optimizer.cpp  
(optimizeForMinusIOPlus::processNext):
        fixed bug #2822098: "IPT: adds useless "-i +" iin some cases".
        Added optimization to remove redundant "-i +" and "-o +" if
        chain is INPUT or OUTPUT.

2009-07-14  vadim  <vadim@...>

        * PolicyCompiler_ipt.cpp (singleItfNegation::processNext): fixed
        bug #2819901: "sub-optimal expansion of negated interface". Policy
        rules with single interface object in "interface" rule element
        with negation should generate iptables commands using "-i ! itf"
        or "-o ! itf" rather than multiply the rule using all other
        interfaces of the firewall. Note that for iptables v1.4.3 and
        later, extrapositioned syntax is used, such as "! -i itf".

        * PolicyCompiler_PrintRule.cpp, NATCompiler_PrintRule.cpp: fixed
        bug #2821050: "loading new fw rules on iptables 1.4.3.2+ gives
        warnings". starting with v1.4.3.1 iptables started giving warnings
        when negation ("!")  is used after --option. This fix adds version
        "1.4.3" to the list of recognized iptables versions in fwbuilder
        and makes compiler generate extrapositioned version of the option
        such as "!  --option arg".

2009-07-13  vadim  <vadim@...>

        * iptAdvancedDialog.cpp (iptAdvancedDialog::iptAdvancedDialog):
        fixed bug #2820840: "IPT: prolog script+iptables-restore silent
        incompatibility". With this fix the GUI does not allow for the
        prolog script to be placed after policy reset if iptables-restore
        is used to activate iptables rules. Also policy compiler for
        iptables checks for this condition and aborts with an error
        message if prolog place is set to "after reset" but
        iptables-restore is used to activate policy. Configuration may end
        up with this combination of options if user set prolog place to
        "after reset" first and switched activation method to
        iptables-restore later.

        * ACL.cpp (ciscoACL::addRemark): fixed bug #1778536 "IOSACL -
        remark command". Remarks now include rule comments; if comment
        consists of several lines, each line is added using separate
        remark statement. This works for both IOS ACL and PIX platforms.

2009-07-12  vadim  <vadim@...>

        * printerStream.cpp (printerStream::printQTable): fix bug
        #2807724: "Print out FWB still not ok". Taking into account hidden
        rable rows associated with rule groups while printing rule sets.
        Before this fix some rules disappeared between pages in the
        printout.

2009-07-11  vadim  <vadim@...>

        * PrintingController.cpp (PrintingController::printRuleSet): bug
        #2807724: "Print out FWB still not ok". Rule groups were always
        printed expanded, even if they were collapsed by the user in the
        GUI.

        * OSConfigurator_openbsd.cpp (processFirewallOptions): fixed bug
        #2820162 "Bad sysctl name for OpenBSD pf" - the sysctl argument
        for IPv6 forwarding was incorrect.

        * AddressRange.h (libfwbuilder): fixed bug #2820152: "Address
        ranges and other such need IPv4/v6 typing". AddressRange object
        should be recognized and removed from the rule if it is used in
        ipv6 rule set. To do this, add virtual method
        hasInetAddress() (should return true) to indicate that this object
        has an address. This works since virtual method getAddressPtr()
        has been implemented anyway.

        * VERSION (VERSION): started v3.0.6



Vadim Kurland ✍
vadim@...







------------------------------------------------------------------------------
Enter the BlackBerry Developer Challenge  
This is your chance to win up to $100,000 in prizes! For a limited time,
vendors submitting new applications to BlackBerry App World(TM) will have
the opportunity to enter the BlackBerry Developer Challenge. See full prize  
details at: http://p.sf.net/sfu/Challenge
_______________________________________________
Fwbuilder-discussion mailing list
Fwbuilder-discussion@...
https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion