Problems found locating distfiles:
Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
Package libidea: missing distfile libidea-0.8.2b.tar.gz
Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
Package uvscan: missing distfile vlp4510e.tar.Z
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
This version comes with the following usability enhancements:
* Added checkbox to the Preferences dialog, this checkbox turns off some
tooltips that can be annoying for users who are sufficiently familiar with
the GUI.
* Added a tab "Policy Rule" to the "Objects" page of the global preferences
dialog; checkbox in this tab allows the user to choose whether new policy
rules should be created with logging turned on or off.
The major bug fixes in this release include:
* Fixed installer issue for Windows users that use Putty sessions. Built-in
policy installer can use putty session on Windows when it runs pscp.exe
utility to copy generated script to the firewall
* Fixed bug in the generated iptables script that made it to not configure
broadcast address when it added ip addresses to interfaces.
* Several bugs that affected cluster configurations were fixed.
2.0.12:
Bugs fixed in this release:
bug #1455772: Implement more portable fix for converting UTF-8 in
comments. The previous one broke the Windows installer.
2.0.11:
Bugs fixed in this release:
* fixes to make code compile with g++ 4.1.
* bug #1455772: Properly convert comments to/from UTF-8 to ensure the
script is not corrupted when copied to the firewall
* bug #1455748: "make firewall script executable".
Bugs fixed in policy compiler for iptables:
* bug #1375432: avoid using '-m state' twice for stateless rules with
with custom services.
* bug#1364060: change shell pattern to match names of conntrack modules
in Linux 2.6.
Bugs fixed in policy compiler for ipfilter:
* bug #1386226: removed nat.conf when nat rules are removed.
* bug #1393004: use 'egrep -s' on Solaris.
called. Also include pthread.buildlink3.mk directly.
- With the update of qt3-tools to use the libtool mode of qmake, it is
unnecessary to install files manually; "make install" just works.
Bump PKGREVISION.
Bugs fixed since 2.0.9:
* bug #1349326 "ulogd option does not work". There was a typo in the
class iptAdvancedDialog ( 'useULOG' instead of 'use_ULOG' )
* bug #1315892: "fwbuilder crashes on missing OS template" The GUI
crashed if user added new hostOS or firewall platform template under
resources/os or resources/platforms, then reinstalled the package (and
therefore lost their custom template files), then tried to open
firewall or host OS settings dialog for the object using new template.
* bug #1305933: "fwbuilder/Solaris: compilation errors". Another case of
implicit type conversion QString->string which does not compile on
systems with QT built w/o STL support.
* bug #1304878: fwbuilder: signal.h required (Solaris). Using
'AC_CHECK_HEADERS([signal.h])' in configure.in to check for the
appropriate #include.
* bug #1304764: "configure script: Sun make check fails". Need to use
${MAKE-make} instead of $ac_make when checking for GNU make.
* bug #1304785: "fwbuilder - Solaris has no libutil". Using better way
to check whether we need to link with libutil.
Bugs fixed in policy compiler for iptables since 2.0.9:
* bug #1342495: "SNAT with address range". Compiler used to print
warning "Adding virtual addresses for NAT is not supported for
address range" even if adding virtual addresses for NAT was turned off.
* bug #1313420: "OUTPUT chain is built wrong under certain conditions."
Rules that have firewall in SRC and DST, while DST has negation,
should be split so that the second generated rule goes into OUTPUT
chain rather than FORWARD
Changes since version 2.0.6:
Version 2.0.9 -- This is a bug fix release
What's new:
* support for Cisco FWSM.
* Print comments on objects.
* Add "commit" menu item.
* Spanish translation has been added.
Bugs fixed in the GUI:
* bug #1254775: "RCS checkin fails on Windows when data file is too
big".
* bug #1226069: "Segfault: Drag&Drop between two instances".
* bugs #1233165: "Illegal Logging-Limit string" and #1287755: "i18n is
breaking iptables script".
* bug #1240205: "Iilegal --log-level Information".
* bug #1277129: "script is truncated when installed by the GUI running
on Mac".
Bugs fixed in policy compiler for PF:
* bug #1276083: "Destination NAT rules". Old restriction on "rdr" rules.
Version 2.0.8 -- This is a bug fix release
What's new:
* Improvements in the GUI:
* Included updated German translation by Hans Peter Dittler.
* Print RCS Log".
* Code changes to make the code compile and work on Solaris.
* Improvements in policy compilers for pf, ipf, ipfw:
* implemented support for subnets for backup ssh access for
pf,ipf,ipfw.
* Improvements in compiler for ipfw:
* using rule sets to atomically swap old and new rules.
* added "established" rule on top of the regular backup ssh access rule.
Bugs fixed in the Standard Objects library:
* bug #210518: 'Incorrect ending day in the standard object "weekends"'.
Bugs fixed in scripts and tools:
* bug #1200902: "fwb_compile_all does not work in 2.0".
Bugs fixed in GUI:
* bug #1072842: "fwbuilder: Solaris and forkpty".
* bug #1201406: "shutdown messages should be suppressed".
* bug #1204067: "incorrect timezone handling in RCS".
* bug #1207983: "incorrect size of "I" and "L" buttons in the group view
dialog".
* bug #1212121: "sudo shutdown doesn't work".
* bug #1212123: "executing file below /tmp as root".
* bug #1212179: "tool tips for TCP services cuts off some services".
* bug #1213361: "PF on FreeBSD-5.4R".
Bugs fixed in policy compiler for iptables:
* bug #191423: "Weekend Time restriction not created correctly".
* bug #1205665: "Error with summer time when compiling script".
* bug #1215279: "rate limiting rule logs everything".
Bugs fixed in policy compiler for ipfw:
* bug #1155351: "Remote install of FW rulset fails due to race
condition".
Version 2.0.7 -- This is a bug fix release
What's new:
* Improvements in the GUI:
* "Close" button should change is caption/title to "Install".
* "Search for IP Addresses".
* Support for SNMP operations has been added in Windows packages of
Firewall Builder.
* Improvements in built-in installer:
User can specify additional command line parameters for ssh that
built-in installer runs to access firewall.
* Improvements in compiler for ipfilter fwb_ipf:
Added support for dynamic addresses in ipfilter.
* Improvements in compiler for iptables fwb_ipt:
Generated iptables script sets default policies to DROP in all ipv6
filter chains.
Bugs fixed in GUI:
* bug #1151052: "Not external interfaces marked as external".
* bug #1151212: "Collapsed sub-objects shouldn't be added if they are
hidden".
* bug #1151243: "Maintain format of description text".
* bug #1155163: "print does not print group contents".
* bug #1172620: "Add tcp service object for icslap".
* bug #1184791: "can not copy/paste multiple objects into a group".
Bugs fixed in API:
* bug #1158870: "mutexes are not properly created on FreeBSD".
* bug #1151219: "New Host creation window is not well dimensioned".
* bug #1157976: "patches to make fwbuilder compile under NetBSD 1.6".
* bug #1173801: '"&" character in prolog/epilog'.
Bugs fixed in policy compiler for iptables fwb_ipt:
* bug #1123748: "busybox grep -E".
* bug #1160186: 'IPTables Compiler - Multiport Issue'.
* bug #1176890: "block IPv6".
* bug #1176890: "block IPv6".
* bug #1179103: 'compiled rules can not be installed'.
* bug #1181359: "Missing traling space in "INVALID state" syslog message".
* bug #1195201: "getaddr function return error ip address".
Bugs fixed in policy compiler for pf fwb_ipf:
* bug #1173067: "support for port ranges in NAT rules (ipfilter)".
* bug #1173064: "support for dynamic interfaces in ipfilter".
Bugs fixed in policy compiler for pf fwb_pf:
* bug #1176051: "incorrect rule generated for TCP service ftp-data".
The main change is support for printing policies and NAT rules for
firewall objects. Also improvments in the iptables compiler and lots
of bug fixes, to numerous to mentions. See the release notes at:
http://www.fwbuilder.org/archives/cat_release_notes.html#000185
useful.
Firewall Builder is a multi-platform firewall configuration and
management tool. It consists of a GUI and a set of policy compilers for
various firewall platforms. Firewall Builder uses an object-oriented
approach, it helps administrators maintain a database of network
objects and allows policy editing using simple drag-and-drop
operations. Firewall Builder currently supports
iptables,
IP Filter,
ipfw,
OpenBSD PF, and
Cisco PIX
libfwbuilder provides the back-end functionality in a library.
was based a long time ago on the OpenBSD port, but the only thing that
remains form that is one of the patches, and I'm not sure that's necessary
any more.
Firewall Builder is multi-platform firewall configuration and
management tool. It consists of a GUI and set of policy compilers for
various firewall platforms. Firewall Builder uses object-oriented
approach, it helps administrator maintain a database of network
objects and allows policy editing using simple drag-and-drop
operations. Firewall Builder currently supports
iptables,
ipfilter,
OpenBSD PF, and
Cisco PIX
libfwbuilder provides the back-end functionality in a library.
