Firewall Builder Release Notes
Version 2.1.8
Released 12/02/2006
GUI and compilers v2.1.8 require API library libfwbuilder version 2.1.8
Summary
For those who wish to build from source, instructions are outlined
in the document "Install and Build instructions" on our web site here
Installation
Optinon poll ran on the fwbuilder-discussion mailing list showed
that majority of users are not interested in ability to install and
run both fwbuilder 2.0 and 2.1 on the same machine at the same
time. Hence we are reverting to the old naming schema without suffix
'21' for the binaries and man pages in this release.
Improvements and bug fixes in the GUI
- The user can search for objects using regular expressions
matching their names or attributes.
- Fixed bug #1592130: "Policy Chaining Issues". The GUI should
properly display nested branch rulesets. The user can create
policy branches within other branches.
All compilers
- Fixed bug #1590746 "problem with using "DNS Names" objects on MS
Windows". Compiler failed to convert DNSName objects set to resolve
at compile time into IP addresses.
Compiler for iptables
- fixed bug #1593221: "iptables filtering bridge problem - PHYSDEV:
no physdev opti..." Some times rules were generated with "-m
physdev" but witout "--physdev-in" or "--physdev-out" options.
Compiler for Cisco PIX
- fixed a bug (no num, support req. #1604103: "fwb_pix policy
compiler dies when SNMP or NTP hosts defined". Compiler did not
print error message when it could not find an interface with
network zone matching IP address of NTP or SNMP server (it just
printed the address without explanation of what went wrong)
- Experimental utility fwb_pix_diff has been added to the
package. This utility takes two PIX configurations on the command
line and produces the 'diff' that consists of a set of commands
that should bring the firewall from the state defined by the first
config to the state defined by the second. Only PIX 7.0 is
supported. This utility will be incorporated into policy installer
in the future to make policy updates simpler and faster,
especially when small changes are made to the large set of access
lists and nat rules.