-
I can see this to be an inconvenience, but this is not a bug, this is by design.
NAT rules do not have special column for the interface so to get "-o interface" parameter the program needs to get it from somewhere. If the interface object or its address is used in TSrc, it adds "-o interface" because it can associate this address with interface. If you explicitly do not want to have "-o...
2009-11-10 13:57:02 UTC in Firewall Builder
-
Sorry, I did not notice that this is what you did exactly in the first try. That is the recommended way of doing it. It works as it is supposed to.
2009-11-10 13:35:17 UTC in Firewall Builder
-
Try creating a separate standalone address object with address 192.168.1.1 (in addition or instead of adding this address to br0) and then use it in Translated Source. See what you get then.
2009-11-10 13:34:12 UTC in Firewall Builder
-
meanwhile, I implemented matching TCP flags using extended ACL option "match-all". This seems to work in IOS 12.4 (not "T"). It may be available in 12.3T but I do not have this image to test and I think fwbuilder should require IOS version of the general deployment release, which seems to be 12.4 in this case. Anyway, you can test using latest fwbuilder v3.1 test build that you can download here:
2009-11-08 06:25:42 UTC in Firewall Builder
-
The Cisco document you provided URL for talks about matching IP options rather than TCP flags. Please clarify if this request is to implement matching for IP options, such as lsr, ssr, timestamp, router-alert and others, or TCP flags. If the latter, could you provide reference to the relevant Cisco document ? Thanks.
2009-11-08 03:09:52 UTC in Firewall Builder
-
this is fixed in the latest build, I'll generate new packages and source tar.gz for download later today.
2009-11-06 17:52:29 UTC in Firewall Builder
-
fixed in 3.0.8 build 1687 and later.
2009-11-06 14:10:31 UTC in Firewall Builder
-
fixed in 3.0.8build 1686 and later.
2009-11-06 13:37:03 UTC in Firewall Builder
-
thank you, I'll fix this.
Note that you can have your own scriptlets in v3.1 so it is even easier to patch skeleton script . You just create directory fwbuilder/configlets in your home dir and then inside of it you can have copies of any scriptlets that you want to overwrite. You only need to maintain the same directory structure, that is fwbuilder/configlets/linux24...
2009-11-06 05:31:28 UTC in Firewall Builder
-
This happens when firewall version is set to 1.3.x or later
The bug is in the code that handles configuration generation for the iprange module.
2009-11-04 19:02:18 UTC in Firewall Builder
