File: ReleaseNotes_0.9.3.html

package info (click to toggle)
fwbuilder 1.0.0-2
  • links: PTS
  • area: main
  • in suites: woody
  • size: 4,508 kB
  • ctags: 2,655
  • sloc: cpp: 15,549; sh: 7,494; ansic: 3,538; xml: 3,418; makefile: 906; perl: 397
file content (75 lines) | stat: -rw-r--r-- 2,893 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
 
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
</head>
 <body>
<h1>		Firewall Builder Release Notes </h1>
<h3> Version  0.9.3   </h3>
<br>
<hr>
This release includes many fixes for bugs reported for v0.9.2 and some new
features as well  <br>
<br>
<h3>What's new in this release:   </h3>
<br>
<ul>
<li>New objects discovery method has been implemented: this time
Firewall Builder can perform scan of your network and run SNMP query
against hosts supporting SNMP. It pulls ARP table from each host and
finds other hosts this way. It can also determine names and
configuration of all network interfaces, so when you use this
information to create an object for the firewall it will have all its
interfaces added right away.
<p>
So, now Firewall Builder can help you create objects for your network in three ways:
<ul>
<li>Read file in format /etc/hosts(5)
<li>Import DNS zone
<li>Run SNMP queries to find hosts via ARP tables of other hosts
</ul>
<p>
<li>Druid pages dealing with objects found by discovery process have been
improved. Now user can filter lists of network and host addresses to
focus on those they really need to create objects for.</li>
<li>several improvements have been made to configure script (aiming
at smooth compile process on different OS)</li>
<li>iptables compiler now supports <b>REDIRECT</b> target</li>
<li>both GUI and iptables compiler now support additional policy rule
option "<b>stateless</b>". This allows for marking certain rules in the
policy as not requiring stateful inspection. This feature, if used
properly, can improve performance without compromising
security. However, by default all rules are generated with " -m state
--state NEW" options as before</li>
<li>iptables compiler can create static ARP entries and associated 
routes needed  for DNAT translations. This feature can be activated in 
iptables options tab in firewall dialog</li>
</ul>
<br>
<br>
<h3>Bugs fixed in iptables compiler: </h3>
<br>
    <ul>
      <li> #440557: previously optimizer
      could not distinguish TCP protcols with different options and
      generated incorrect code.</li>
      <li> #440390: synax error in construct '--tcp-flag ALL ,SYN '</li>
      <li> #441979: generated wrong interface rules when direction was "both"</li>
   </ul>
    <br>
    <h3>Bugs fixed in GUI:</h3>
    <ul>
      <li> gui crashed if user hit TAB on empty "Address"
field in Interface dialog</li>
      <li> gui crashed after "Help me build policy" Druid
if Policy or NAT were showing in the right pane of the main
window (Support request #437759)</li>
      <li> pop-up menu in group view did not activate
"Open", "Copy" and "Cut" items when it really should </li>
      <li> #444048 (spelling error in log level parameter)</li>
      <li>few other minor bugs discovered in testing  </li>
    </ul>
    <br>
    <br>
    <br>
    </body>
    </html>