Vadim Kurland

What's happening?

Comment: Add TCP options support for IOS ACL

meanwhile, I implemented matching TCP flags using extended ACL option "match-all". This seems to work in IOS 12.4 (not "T"). It may be available in 12.3T but I do not have this image to test and I think fwbuilder should require IOS version of the general deployment release, which seems to be 12.4 in this case. Anyway, you can test using latest fwbuilder v3.1 test build that you can download here:

2009-11-08 06:25:42 UTC in Firewall Builder
Comment: Add TCP options support for IOS ACL

The Cisco document you provided URL for talks about matching IP options rather than TCP flags. Please clarify if this request is to implement matching for IP options, such as lsr, ssr, timestamp, router-alert and others, or TCP flags. If the latter, could you provide reference to the relevant Cisco document ? Thanks.

2009-11-08 03:09:52 UTC in Firewall Builder
Followup: RE: Testing FWBuilder 3.1 - script errors

this is fixed in the latest build, I'll generate new packages and source tar.gz for download later today.

2009-11-06 17:52:29 UTC in Firewall Builder
Comment: fwb_pf crash when unnumbered interface is used in nat rule

fixed in 3.0.8 build 1687 and later.

2009-11-06 14:10:31 UTC in Firewall Builder
Comment: "Old boradcast" object produces 0/0 in iptables script

fixed in 3.0.8build 1686 and later.

2009-11-06 13:37:03 UTC in Firewall Builder
Followup: RE: Testing FWBuilder 3.1 - script errors

thank you, I'll fix this. Note that you can have your own scriptlets in v3.1 so it is even easier to patch skeleton script . You just create directory fwbuilder/configlets in your home dir and then inside of it you can have copies of any scriptlets that you want to overwrite. You only need to maintain the same directory structure, that is fwbuilder/configlets/linux24...

2009-11-06 05:31:28 UTC in Firewall Builder
Comment: "Old boradcast" object produces 0/0 in iptables script

This happens when firewall version is set to 1.3.x or later The bug is in the code that handles configuration generation for the iprange module.

2009-11-04 19:02:18 UTC in Firewall Builder
"Old boradcast" object produces 0/0 in iptables script

when "old broadcast" object is used in policy of iptables firewall, generated script has 0/0 instead of 0.0.0.0.

2009-11-04 18:35:36 UTC in Firewall Builder
Followup: RE: FWBuilder 3.1 cluster sw

fwbuilder does not generate configuration for conntrackd, heartbeat and others, you need to do this yourself. However fwbuilder will automatically add firewall rules for the protocols you choose .

2009-11-04 05:52:13 UTC in Firewall Builder
Followup: RE: FWBuilder 3.1 rules

The program scans rule sets of the cluster and members before compiling to assemble actual collection of rule sets for each member that it will use. First, it starts with cluster rule set objects, one of which should be marked as "top rule set". The top rule set goes into standard chains INPUT/FORWARD/OUTPUT, other rule sets create chains with the same names. If member firewall has...

2009-11-04 05:49:57 UTC in Firewall Builder

Vadim Kurland

What's happening?

Comment: Add TCP options support for IOS ACL

Comment: Add TCP options support for IOS ACL

Followup: RE: Testing FWBuilder 3.1 - script errors

Comment: fwb_pf crash when unnumbered interface is used in nat rule

Comment: "Old boradcast" object produces 0/0 in iptables script

Followup: RE: Testing FWBuilder 3.1 - script errors

Comment: "Old boradcast" object produces 0/0 in iptables script

"Old boradcast" object produces 0/0 in iptables script

Followup: RE: FWBuilder 3.1 cluster sw

Followup: RE: FWBuilder 3.1 rules

About Me

My Projects

About SourceForge

Find Software

Develop Software

Community

Help