Firewall Builder Release Notes
Version 2.1.19
Released 05/17/2008
GUI and compilers v2.1.19 require API library libfwbuilder version 2.1.19
Summary
This version includes compilers for Cisco PIX and IOS access lists
which were released under GPL.
For those who wish to build from source, instructions are outlined
in the document "Install and Build instructions" on our web site here
The GUI code is in the freeze for QT4 conversion. I will fix bugs in
policy compilers but will try to avoid changes in the GUI. New GUI
based on QT4 will be released next spring when KDE4 is included in all
major Linux distributions and FreeBSD. There will be bugfix releases
for v2.1 if necessary.
Reminder: Improvements and changes in the packaging
- Starting with v2.1.18, all policy compilers come as part of the
"fwbuilder" RPM. This inludes compilers fwb_ipt, fwb_ipf, fwb_ipfw,
fwb_pf, fwb_iosacl and fwb_pix. Instead of 6 RPMs (libfwbuilder,
fwbuilder and 4 RPMs for individual compilers) I now build only two:
libfwbuilder and fwbuilder. For example, for Fedora C8 only these
two RPMs will be built form now on: libfwbuilder-2.1.18.fc8.i386.rpm
and fwbuilder-2.1.18.fc8.i386.rpm
Improvements and bug fixes in the GUI
- fixed bug #1949103: "manpage slightly broken". Minor fixes in
fwbedit.1 man page.
- fixed bug #1949438: "parser expects decimal - hex is not
accepted". Importer for iptables should be able to process
"--set-mark" with hex argument.
- fixed bug #1562726: "policy print rule cut-off". Long rulesets
would not print correctly on Windows, the bottom of the ruleset
table was just printed solid grey with no rules visible.
Improvements and bug fixes in the policy compiler for iptables
- bug #1938985: Rate in hashlimit in local language
- fixed bug# 1940504: "Clamp MSS to MTU". Iptables command that
invokes "-j TCPMSS --clamp-mss-to-pmtu" in FORWARD chain should go
before the one that matches "--state ESTABLISHED,RELATED" in order
to work for the packets in these states.
- partial fix for bugs #1789059 "shadow issue when using action
chain" and #1945149: "Shadowing test for rules with action
chain". The mechanism for rule shadowing detection we have at this
time can only detect shadowing of one rule by another. In case of
branching it is a combination of the branching rule and rules
inside the branch that may shadow other rules. I plan to redesign
this part of the code in the future, but it won't happen in
upcoming v3. Meanwhile, I am fixing it in 2.1 by making compiler
ignore rules with action Branch.
Improvements and bug fixes in the policy compiler for PF
- fixed bug #1821573: "Rule options limits allow for multiple
overload tables". PF allows only for one "overload" option per
rule.
- fixed bug #1961202: "Pf Timeouts overriden by Optimization".
Compiler should generate "set optimization" command before "set
timeout" commands.