fwbuilder-discussion

RE: [Fwbuilder-discussion] fwb2 buidl 172 groups very messy

[Hildebrand, B. <Bri...@un...>]

I was able to reproduce something similar. I created a group, pasted an =
object, hit apply changes, closed the group, and then when I tried to =
open it again FWB2 crashed.=20

-----Original Message-----
From: dum...@gm... [mailto:dum...@gm...]
Sent: Friday, May 28, 2004 14:38
To: fwb...@li...
Subject: [Fwbuilder-discussion] fwb2 buidl 172 groups very messy


Hi,

when i create an new group (service OR objects). Then i want to add
objects with copy and paste from existing rules not from the tree via
drag and drop. when i add some objects and hit apply changes
sometimes (can find way and when exactly) fwb2 crashes or when i
reopen the library the last object is not in the library.

Can someone reproduce this?

--=20
Best Regards
Thomas Schend
Systemadministrator
mailto:dum...@gm...

RE: [Fwbuilder-discussion] fwb2 buidl 172 groups very messy

[Hildebrand, B. <Bri...@un...>]

Vadim,

I selected a host object, copied it from the tree, created a new group, =
pasted the object from the tree in the new group, clicked apply changes, =
clicked close, double clicked the group I just created to open it again, =
and crash...

Brian

-----Original Message-----
From: Vadim Kurland /r/ [mailto:va...@vk...]
Sent: Friday, May 28, 2004 15:50
To: Hildebrand, Brian
Cc: fwb...@li...
Subject: Re: [Fwbuilder-discussion] fwb2 buidl 172 groups very messy



On May 28, 2004, at 12:53 PM, Hildebrand, Brian wrote:

> I was able to reproduce something similar. I created a group, pasted=20
> an object, hit apply changes, closed the group, and then when I tried=20
> to open it again FWB2 crashed.
>

detailed step-by-step scenario would help me fix it. Where did you copy=20
the object from? Was it from the rule, directly from the tree or from=20
another group ? Did you use "copy" or "cut" ?  I'll try to reproduce=20
this myself, but I need more information.

--vk

Re: [Fwbuilder-discussion] fwb2 buidl 172 groups very messy

[Vadim K. /r/ <va...@vk...>]

On May 28, 2004, at 1:55 PM, Hildebrand, Brian wrote:

> Vadim,
>
> I selected a host object, copied it from the tree, created a new=20
> group, pasted the object from the tree in the new group, clicked apply=20=

> changes, clicked close, double clicked the group I just created to=20
> open it again, and crash...
>

thanks

I'll work on this tonight

--vk


> Brian
>
> -----Original Message-----
> From: Vadim Kurland /r/ [mailto:va...@vk...]
> Sent: Friday, May 28, 2004 15:50
> To: Hildebrand, Brian
> Cc: fwb...@li...
> Subject: Re: [Fwbuilder-discussion] fwb2 buidl 172 groups very messy
>
>
>
> On May 28, 2004, at 12:53 PM, Hildebrand, Brian wrote:
>
>> I was able to reproduce something similar. I created a group, pasted
>> an object, hit apply changes, closed the group, and then when I tried
>> to open it again FWB2 crashed.
>>
>
> detailed step-by-step scenario would help me fix it. Where did you =
copy
> the object from? Was it from the rule, directly from the tree or from
> another group ? Did you use "copy" or "cut" ?  I'll try to reproduce
> this myself, but I need more information.
>
> --vk
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle=20
> 10g.
> Take an Oracle 10g class now, and we'll give you the exam FREE.
> http://ads.osdn.com/?ad_id149&alloc_id=9966&op=CCk
> _______________________________________________
> Fwbuilder-discussion mailing list
> Fwb...@li...
> https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion

[Fwbuilder-discussion] Firewall Builder 2.0 beta, build #176

[Vadim K. <va...@vk...>]

Build #176 is ready for downloads. Here is a summary of bugs fixed in 
it:

  - pop-down menu that appears when user clicks right mouse button on 
the rule number showed wrong rule number in long policies. This bug has 
originally been reported with regards to rule color settings using that 
pop-down menu, but it turned out all menu items acted on the wrong rule 
if long policy was scrolled down

  - many copies of the same object could be added to a group by using 
drag and drop or copy/paste mechanisms. Deleting these "phantom" 
objects caused GUI to crash.

  - dragging an object onto a group in the tree in read-only library 
caused crash

  - The GUI used to recreate "User" library if it was renamed. Now 
"USer" library can be renamed, exported to an external data file and 
then imported back to the same or another data file without creating 
any conflicts or duplicates

  - support for drag-and-drop of objects in the policy and NAT rules has 
been implemented. Objects can be dragged from rule to rule, as well as 
from a rule to a group in the tree.

  - objects in the group editor can be deleted using "Delete" key

  - column "Comment" is properly resized both when text is added and 
when it is deleted

  - all entry fields in the object editor are disabled if the object 
shown in it belongs to a read-only library. Object editor acts as an 
inspector dialog in this case and allows the user to see all properties 
of the object without editing it.

  - library pull-down list is sorted


thanks to all who reported bugs and problems !  I appreciate your help 
guys.

There was a bug report that I could not reproduce. Here is a quote from 
the original email:

> I selected a host object, copied it from the tree, created a new 
> group, pasted the object from the tree in the new group, clicked apply 
> changes, clicked close, double clicked the group I just created to 
> open it again, and crash...

I can't reproduce this.

--vk

Re: [Fwbuilder-discussion] Firewall Builder 2.0 beta, build #176

[<dum...@gm...>]

Guten Tag Vadim Kurland,

am Sonntag, 30. Mai 2004 um 08:21 schrieben Sie:

VK> Build #176 is ready for downloads. Here is a summary of bugs fixed in
VK> it:

VK>   - pop-down menu that appears when user clicks right mouse button on
VK> the rule number showed wrong rule number in long policies. This bug has
VK> originally been reported with regards to rule color settings using that
VK> pop-down menu, but it turned out all menu items acted on the wrong rule
VK> if long policy was scrolled down

VK>   - many copies of the same object could be added to a group by using
VK> drag and drop or copy/paste mechanisms. Deleting these "phantom" 
VK> objects caused GUI to crash.

VK>   - dragging an object onto a group in the tree in read-only library
VK> caused crash

VK>   - The GUI used to recreate "User" library if it was renamed. Now
VK> "USer" library can be renamed, exported to an external data file and
VK> then imported back to the same or another data file without creating
VK> any conflicts or duplicates

VK>   - support for drag-and-drop of objects in the policy and NAT rules has
VK> been implemented. Objects can be dragged from rule to rule, as well as
VK> from a rule to a group in the tree.

VK>   - objects in the group editor can be deleted using "Delete" key

VK>   - column "Comment" is properly resized both when text is added and
VK> when it is deleted

VK>   - all entry fields in the object editor are disabled if the object
VK> shown in it belongs to a read-only library. Object editor acts as an
VK> inspector dialog in this case and allows the user to see all properties
VK> of the object without editing it.

VK>   - library pull-down list is sorted


VK> thanks to all who reported bugs and problems !  I appreciate your help
VK> guys.

VK> There was a bug report that I could not reproduce. Here is a quote from
VK> the original email:

>> I selected a host object, copied it from the tree, created a new 
>> group, pasted the object from the tree in the new group, clicked apply
>> changes, clicked close, double clicked the group I just created to 
>> open it again, and crash...

VK> I can't reproduce this.

me too.

i will check if all bugs are fixed correct and i ill post you the new
bugs i found :-)

Best Regards
Thomas Schend
Systemadministrator
mailto:dum...@gm...

Re: [Fwbuilder-discussion] Firewall Builder 2.0 beta, build #176

[<dum...@gm...>]

Guten Tag Vadim Kurland,

am Sonntag, 30. Mai 2004 um 08:21 schrieben Sie:


VK> Build #176 is ready for downloads. Here is a summary of bugs fixed in
VK> it:

i tested build 177. Sorry for late testing was a little bit busy today
:-)

VK>   - pop-down menu that appears when user clicks right mouse button on
VK> the rule number showed wrong rule number in long policies. This bug has
VK> originally been reported with regards to rule color settings using that
VK> pop-down menu, but it turned out all menu items acted on the wrong rule
VK> if long policy was scrolled down

Checked and verified. Works perfectly.

VK>   - many copies of the same object could be added to a group by using
VK> drag and drop or copy/paste mechanisms. Deleting these "phantom" 
VK> objects caused GUI to crash.

Checked and verified. Works perfectly BUT then i saw something that
should not be possible. You can create in one library in the same group
more then one object with the same name. That is not good because you
can't differ them added to the rules. Think about adding a check in
all libraries if an object of the same type with the same name exists.
Also i should not be possible do add a group to themself :-)

Also you have in the standard library two times the internal server and
the server on dmz. Both have the same properties. With unique names
this could not happen.

VK>   - dragging an object onto a group in the tree in read-only library
VK> caused crash

Checked and verified. Works perfectly.

VK>   - The GUI used to recreate "User" library if it was renamed. Now
VK> "USer" library can be renamed, exported to an external data file and
VK> then imported back to the same or another data file without creating
VK> any conflicts or duplicates

Checked and verified. Works perfectly.

VK>   - support for drag-and-drop of objects in the policy and NAT rules has
VK> been implemented. Objects can be dragged from rule to rule, as well as
VK> from a rule to a group in the tree.

Checked and verified. Works perfectly BUT you need to activate the
cell by clicking on them and then you can only drag and drop the
object. This should be changed because it is a little bit unhandy.

VK>   - objects in the group editor can be deleted using "Delete" key

Checked and verified. Works perfectly.

VK>   - column "Comment" is properly resized both when text is added and
VK> when it is deleted

This works but editing a single rule still shows under windows this
naughty scrollbars with hide the text while editing. Also when you
remove all the text from the comments the comments are not resized to
the standard width and they are just a few pixels width. that's again
unhandy when editing. The cells should autoresize while adding text so
that the stupid scrollbars not appear and hide the text i am adding.
Also a minimum default width for the cells should always be kept.

VK>   - all entry fields in the object editor are disabled if the object
VK> shown in it belongs to a read-only library. Object editor acts as an
VK> inspector dialog in this case and allows the user to see all properties
VK> of the object without editing it.

Checked and verified. Works perfectly.

VK>   - library pull-down list is sorted

Checked and verified. Works perfectly but it's only resorted after
saving. When adding or deleting new libraries the puildown menu is not
resorted.

VK> thanks to all who reported bugs and problems !  I appreciate your help
VK> guys.

No problem.

VK> There was a bug report that I could not reproduce. Here is a quote from
VK> the original email:

>> I selected a host object, copied it from the tree, created a new 
>> group, pasted the object from the tree in the new group, clicked apply
>> changes, clicked close, double clicked the group I just created to 
>> open it again, and crash...

VK> I can't reproduce this.

Here the same. Gave this but a second try but no way.

No to the new bugs :-)

When i create an object in fwb2 and open it's properties (could be ANY
object) and keep the properties open while i delete it then fwb2
crashes without error when hitting the apply changes button.

Nothing more for today :-) Will check more out tomorrow :-)

Best Regards
Thomas Schend
Systemadministrator
mailto:dum...@gm...

Re: [Fwbuilder-discussion] Firewall Builder 2.0 beta, build #176

[Vadim K. <va...@vk...>]

On May 30, 2004, at 2:48 PM, dum...@gm... wrote:

> Guten Tag Vadim Kurland,
>
> VK>   - many copies of the same object could be added to a group by 
> using
> VK> drag and drop or copy/paste mechanisms. Deleting these "phantom"
> VK> objects caused GUI to crash.
>
> Checked and verified. Works perfectly BUT then i saw something that
> should not be possible. You can create in one library in the same group
> more then one object with the same name. That is not good because you
> can't differ them added to the rules. Think about adding a check in
> all libraries if an object of the same type with the same name exists.
> Also i should not be possible do add a group to themself :-)
>
> Also you have in the standard library two times the internal server and
> the server on dmz. Both have the same properties. With unique names
> this could not happen.
>

actually, fwbuilder does not impose requirement of uniqueness of the 
object names both globally and locally. In other words, you can have 
objects with the same names in different parts of the tree and/or in 
the same group. This is not practical, but it falls under "just don't 
do it" category.

I'll see if I can add simple control so that the GUI won't let you add 
or rename an object if another object with the same name exists in the 
group. I know it is going to be expensive to do this kind of check in 
all parts of the tree.

>
> VK>   - support for drag-and-drop of objects in the policy and NAT 
> rules has
> VK> been implemented. Objects can be dragged from rule to rule, as 
> well as
> VK> from a rule to a group in the tree.
>
> Checked and verified. Works perfectly BUT you need to activate the
> cell by clicking on them and then you can only drag and drop the
> object. This should be changed because it is a little bit unhandy.
>

yeah, thats annoying. Unfortunately it is like that because QT's widget 
used for the rule set view works that way. I'll see if I can find a 
work around.


> VK>   - column "Comment" is properly resized both when text is added 
> and
> VK> when it is deleted
>
> This works but editing a single rule still shows under windows this
> naughty scrollbars with hide the text while editing. Also when you
> remove all the text from the comments the comments are not resized to
> the standard width and they are just a few pixels width. that's again
> unhandy when editing. The cells should autoresize while adding text so
> that the stupid scrollbars not appear and hide the text i am adding.
> Also a minimum default width for the cells should always be kept.
>

there is no support for dynamic autoresizing while you edit the text. 
Is it such a big deal ? I thought the less pop-up dialogs, the better.

I'll add minimal width for this column, of course.

>
> VK>   - library pull-down list is sorted
>
> Checked and verified. Works perfectly but it's only resorted after
> saving. When adding or deleting new libraries the puildown menu is not
> resorted.
>

will work on this tonight

>
> When i create an object in fwb2 and open it's properties (could be ANY
> object) and keep the properties open while i delete it then fwb2
> crashes without error when hitting the apply changes button.
>

fixed in build 178

I also fixed couple other bugs that were introduced by changes in the 
code in groups.

thanks for your help

--vk

Re: [Fwbuilder-discussion] Firewall Builder 2.0 beta, build #176

[<dum...@gm...>]

Guten Tag Vadim Kurland,

am Montag, 31. Mai 2004 um 05:19 schrieben Sie:


VK> On May 30, 2004, at 2:48 PM, dum...@gm... wrote:

>> Guten Tag Vadim Kurland,
>>
>> VK>   - many copies of the same object could be added to a group by
>> using
>> VK> drag and drop or copy/paste mechanisms. Deleting these "phantom"
>> VK> objects caused GUI to crash.
>>
>> Checked and verified. Works perfectly BUT then i saw something that
>> should not be possible. You can create in one library in the same group
>> more then one object with the same name. That is not good because you
>> can't differ them added to the rules. Think about adding a check in
>> all libraries if an object of the same type with the same name exists.
>> Also i should not be possible do add a group to themself :-)
>>
>> Also you have in the standard library two times the internal server and
>> the server on dmz. Both have the same properties. With unique names
>> this could not happen.
>>

VK> actually, fwbuilder does not impose requirement of uniqueness of the
VK> object names both globally and locally. In other words, you can have
VK> objects with the same names in different parts of the tree and/or in
VK> the same group. This is not practical, but it falls under "just don't
VK> do it" category.

VK> I'll see if I can add simple control so that the GUI won't let you add
VK> or rename an object if another object with the same name exists in the
VK> group. I know it is going to be expensive to do this kind of check in
VK> all parts of the tree.

But would be very handy :-)

>>
>> VK>   - support for drag-and-drop of objects in the policy and NAT 
>> rules has
>> VK> been implemented. Objects can be dragged from rule to rule, as 
>> well as
>> VK> from a rule to a group in the tree.
>>
>> Checked and verified. Works perfectly BUT you need to activate the
>> cell by clicking on them and then you can only drag and drop the
>> object. This should be changed because it is a little bit unhandy.
>>

VK> yeah, thats annoying. Unfortunately it is like that because QT's widget
VK> used for the rule set view works that way. I'll see if I can find a
VK> work around.

Ok great.


>> VK>   - column "Comment" is properly resized both when text is added
>> and
>> VK> when it is deleted
>>
>> This works but editing a single rule still shows under windows this
>> naughty scrollbars with hide the text while editing. Also when you
>> remove all the text from the comments the comments are not resized to
>> the standard width and they are just a few pixels width. that's again
>> unhandy when editing. The cells should autoresize while adding text so
>> that the stupid scrollbars not appear and hide the text i am adding.
>> Also a minimum default width for the cells should always be kept.
>>

VK> there is no support for dynamic autoresizing while you edit the text.
VK> Is it such a big deal ? I thought the less pop-up dialogs, the better.

Yes i think it is a problem because not seeing what i am typing is
really annoying :-)

VK> I'll add minimal width for this column, of course.

>>
>> VK>   - library pull-down list is sorted
>>
>> Checked and verified. Works perfectly but it's only resorted after
>> saving. When adding or deleting new libraries the puildown menu is not
>> resorted.
>>

VK> will work on this tonight

>>
>> When i create an object in fwb2 and open it's properties (could be ANY
>> object) and keep the properties open while i delete it then fwb2
>> crashes without error when hitting the apply changes button.
>>

VK> fixed in build 178

VK> I also fixed couple other bugs that were introduced by changes in the
VK> code in groups.

VK> thanks for your help

no problem. I do this with pleasure :-)


Best Regards
Thomas Schend
Systemadministrator
mailto:dum...@gm...

Re: [Fwbuilder-discussion] Firewall Builder 2.0 beta, build #176

[<dum...@gm...>]

Guten Tag Vadim Kurland,

am Montag, 31. Mai 2004 um 09:11 schrieben Sie:


VK> build 179 has been uploaded, please check it out.

Checked it out and works ok (exempt some reported but not fixed
things yet)

VK> I'll continue tomorrow (my time).

Great.

VK> Also, please use UTF-8 encoding for the German translation. One more
VK> thing, please open menu Help/Debug and make a screenshot of the dialog
VK> that appears. I need to see the name of the locale to properly name a
VK> file for the German translation.

Screenshot 11 is attached.

VK> thanks
VK> --vk

No problem.

Will do some more testing tomorrow at work.

Best Regards
Thomas Schend
Systemadministrator
mailto:dum...@gm...

Re: [Fwbuilder-discussion] Firewall Builder 2.0 beta, new build #189

[Erich T. <eri...@th...>]

Hi

At 22:10 31.05.2004 -0700, Vadim Kurland wrote:

>the new build #189 includes the following:

Tried the Windoze version, this really looks nice. Unfortunately the=
 built-in installer is still not functional yet. Am I the only one trying to=
 actually install and start the firewall rules using the internal installer=
 and using RSA authentication from a Windoze platform?

I attached a screen dump of the installer settings.=20

This is the verbose output from the installer I added a few comments

Summary:
* firewall name : test

* management address : test

* platform : iptables

* host OS : linux24

* Loading configuration from file C:/data/FWBuilder/asp.fwb

Looking up host "217.193.153.58"Connecting to 217.193.153.58 port 22
------>  why is it not using the 'test' putty session, but the ip of the=
 management interface?

Server version: SSH-2.0-OpenSSH_3.8p1
We claim version: SSH-2.0-PuTTY-Release-0.52
Using SSH protocol version 2
Doing Diffie-Hellman group exchange
Doing Diffie-Hellman key exchange
Host key fingerprint is:
ssh-rsa 1024 ef:37:0c:1b:d6:d2:8f:1f:f2:5d:45:1d:bc:72:77:d2
Using username "root".
-------> this cannot be made persistent.

Pageant is running. Requesting keys.
Pageant has 2 SSH2 keys
Trying Pageant key #0
This key matches configured key file
Authenticating with public key "ruf wrap key" from agent
Sending Pageant's response
Access granted
Opened channel for session
Primary command failed; attempting fallback
Started a shell/command
Connected to 217.193.153.58

Sending file test.fw, size=3D17403
Sent EOF message
Server sent command exit status 0
SSH terminated, exit status: 0Unable to open connection:
Host does not exist
------>  mmmh...
=20
SSH terminated, exit status: 1
Error activating firewall policy

cheers

Erich =20

THINK=20
P=FCntenstrasse 39=20
8143 Stallikon=20
mailto:eri...@th...=20
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16

Re: [Fwbuilder-discussion] Firewall Builder 2.0 beta, new build #189

[Vadim K. <va...@vk...>]

On Jun 1, 2004, at 12:16 AM, Erich Titl wrote:

> Hi
>
> At 22:10 31.05.2004 -0700, Vadim Kurland wrote:
>
>> the new build #189 includes the following:
>
> Tried the Windoze version, this really looks nice. Unfortunately the=20=

> built-in installer is still not functional yet. Am I the only one=20
> trying to actually install and start the firewall rules using the=20
> internal installer and using RSA authentication from a Windoze=20
> platform?
>

I guess you are (so far)

> I attached a screen dump of the installer settings.
>

thanks, this helps

I'll look at it tomorrow, will try to fix the problem with it ignoring=20=

specified alternative name when it needs to activate the policy. It=20
looks like the problem has nothing to do with you using RSA keys, but=20
rather is caused by the alternative address which is different from the=20=

management interface address. I'll fix it.


> This is the verbose output from the installer I added a few comments
>
> Summary:
> * firewall name : test
>
> * management address : test
>
> * platform : iptables
>
> * host OS : linux24
>
> * Loading configuration from file C:/data/FWBuilder/asp.fwb
>
> Looking up host "217.193.153.58"Connecting to 217.193.153.58 port 22
> ------>  why is it not using the 'test' putty session, but the ip of=20=

> the management interface?
>
> Server version: SSH-2.0-OpenSSH_3.8p1
> We claim version: SSH-2.0-PuTTY-Release-0.52
> Using SSH protocol version 2
> Doing Diffie-Hellman group exchange
> Doing Diffie-Hellman key exchange
> Host key fingerprint is:
> ssh-rsa 1024 ef:37:0c:1b:d6:d2:8f:1f:f2:5d:45:1d:bc:72:77:d2
> Using username "root".
> -------> this cannot be made persistent.
>
> Pageant is running. Requesting keys.
> Pageant has 2 SSH2 keys
> Trying Pageant key #0
> This key matches configured key file
> Authenticating with public key "ruf wrap key" from agent
> Sending Pageant's response
> Access granted
> Opened channel for session
> Primary command failed; attempting fallback
> Started a shell/command
> Connected to 217.193.153.58
>
> Sending file test.fw, size=3D17403
> Sent EOF message
> Server sent command exit status 0
> SSH terminated, exit status: 0Unable to open connection:
> Host does not exist
> ------>  mmmh...
>
> SSH terminated, exit status: 1
> Error activating firewall policy
>
> cheers
>
> Erich
>
> THINK
> P=FCntenstrasse 39
> 8143 Stallikon
> mailto:eri...@th...
> PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16
>
> <installer.jpg>=

[Fwbuilder-discussion] Firewall Builder 2.0 beta, new build #189

[Vadim K. <va...@vk...>]

the new build #189 includes the following:

  - bugfixes

  - the GUI won't allow the user to rename an object if another object 
with the same name already exists in the same folder. Although 
underlying API allows for duplicate names, they are confusing and it 
just makes sense to avoid them.

  - pull-down list of libraries is sorted when new libraries are added 
or old ones removed

  - rule comments are edited in a pop-up dialog ( Hi Thomas :-) )

  - I can't seem to figure out how to implement rule drag&drop (the 
standard widget that I use intercepts "drag" event and uses it for 
selecting of rows). It looks like it would require a lot of hacking to 
work around the standard behavior which emulates typical spreadsheets.

  - Since there is no drag&drop for rules, I wanted to compensate for it 
somehow and implemented support for operations that act on multiple 
rules at once. You can now select several consecutive rules by dragging 
mouse cursor over rule numbers; pop-up menu that appears when you then 
click right mouse button allows you to set color, delete and move group 
of rules.

  - I replaced "move rule up" and "move rule down" operations with a 
single "move rule" operation which allows you to move any rule or group 
of rules to any position in the rule set. This may not be as cool as 
dragging rules, but it sure is more efficient, especially if you want 
to move rules from one end of a very long policy to another.


--vk

[Fwbuilder-discussion] Re: Firewall Builder 2.0 beta, new build #189

[<dum...@gm...>]

Guten Tag Vadim Kurland,

am Dienstag, 1. Juni 2004 um 07:10 schrieben Sie:

today i worked 4 hours with fwb2 build 189.

VK> the new build #189 includes the following:

VK>   - bugfixes

VK>   - the GUI won't allow the user to rename an object if another object
VK> with the same name already exists in the same folder. Although 
VK> underlying API allows for duplicate names, they are confusing and it
VK> just makes sense to avoid them.

Works but add also a check when creating maybe something like
numbering up (1),(2) or so would do fine.

VK>   - pull-down list of libraries is sorted when new libraries are added
VK> or old ones removed

Works fine good work.

VK>   - rule comments are edited in a pop-up dialog ( Hi Thomas :-) )

hehe thanks first of all but should be possible to just doubleclick
the comments field to open the edit window. Also the edit window is
wrong labeled ("Script Editor").

VK>   - I can't seem to figure out how to implement rule drag&drop (the
VK> standard widget that I use intercepts "drag" event and uses it for
VK> selecting of rows). It looks like it would require a lot of hacking to
VK> work around the standard behavior which emulates typical spreadsheets.

That's no problem ... it's not so high in priority but keep it on the
todo list because it will be awsome

VK>   - Since there is no drag&drop for rules, I wanted to compensate for it
VK> somehow and implemented support for operations that act on multiple
VK> rules at once. You can now select several consecutive rules by dragging
VK> mouse cursor over rule numbers; pop-up menu that appears when you then
VK> click right mouse button allows you to set color, delete and move group
VK> of rules.

Works fine with mouse but you limited the menu much. I tried the same
holding down Strg key and wanted to copy or cut several rules but no
chance. Fwb2 only copies the first one. This should go directly to the
todo list.

VK>   - I replaced "move rule up" and "move rule down" operations with a
VK> single "move rule" operation which allows you to move any rule or group
VK> of rules to any position in the rule set. This may not be as cool as
VK> dragging rules, but it sure is more efficient, especially if you want
VK> to move rules from one end of a very long policy to another.

Great works fine.

VK> --vk

Now we get to the serious stuff.

First when i copy a firewall and try to install rules he always uses
the same rules (old name for example test1.fw and test1.conf (pf)) I
can't change this in the firewall properties so the rules file should
be renamed also when i rename the firewall.

Another thing is tell me an easy way to keep several rulesets for one
firewall in one library? That's how i discovered this bug. Try it for
further questions ask me.

Creating many objects really sucks. I created to today 40 hosts from
scratch and it was a pain (i used copy later). I know tehre is the
address object but when i create a host it should have some kind of
special dialog which automatic creates one interface with one ip. This
would be promising because in 99% of the times you need a host it has
one interface with one ip.

Firewallinstaller should keep the last name used to install the policy
(should be configurable):

Now we come to openbsd 3.5 and fwb2. The script copies the .fw and the
.conf to /etc but tries to sudo them from /etc/fw. Maybe also look at
the permissions. I can test this for you at work.

Another this with maybe only the windows binary is that the .conf and
the .fw (but only the .conf matters have a ^N after every line. This
causes a syntax error when executing. Using dos2unix or nano fixes
this. I can test this too at work.

A last i must say that this is my first openbsd fw and i try to build
a transparent fw (bridged fw) with two interfaces without ip and one
management interface with ip. I only added rules to the policy and
none to the interfaces and even when i add a pass all rule i can't get
on the fw until flushing all rules (pfctl -F all). Any ideas?

Keep up the great work and release a new windows build so i can
continue testing *G*

-- 
Best Regards

Thomas Schend
Systemadministrator
mailto:dum...@gm...

[Fwbuilder-discussion] Re: Firewall Builder 2.0 beta, new build #189

[Vadim K. <va...@vk...>]

On Jun 1, 2004, at 10:01 AM, dum...@gm... wrote:

> VK>   - the GUI won't allow the user to rename an object if another 
> object
> VK> with the same name already exists in the same folder. Although
> VK> underlying API allows for duplicate names, they are confusing and 
> it
> VK> just makes sense to avoid them.
>
> Works but add also a check when creating maybe something like
> numbering up (1),(2) or so would do fine.
>

do you mean it should automatically add a number if the same name 
already exists? I am not sure this is a good idea

> VK>   - rule comments are edited in a pop-up dialog ( Hi Thomas :-) )
>
> hehe thanks first of all but should be possible to just doubleclick
> the comments field to open the edit window. Also the edit window is
> wrong labeled ("Script Editor").
>

check

> VK>   - Since there is no drag&drop for rules, I wanted to compensate 
> for it
> VK> somehow and implemented support for operations that act on multiple
> VK> rules at once. You can now select several consecutive rules by 
> dragging
> VK> mouse cursor over rule numbers; pop-up menu that appears when you 
> then
> VK> click right mouse button allows you to set color, delete and move 
> group
> VK> of rules.
>
> Works fine with mouse but you limited the menu much. I tried the same
> holding down Strg key and wanted to copy or cut several rules but no
> chance. Fwb2 only copies the first one. This should go directly to the
> todo list.
>

copy/cut of groups of rules is not supported. I would need to make too 
many changes for that so I decided to postpone it. You can remove 
multiple rules though.


> First when i copy a firewall and try to install rules he always uses
> the same rules (old name for example test1.fw and test1.conf (pf)) I
> can't change this in the firewall properties so the rules file should
> be renamed also when i rename the firewall.
>

I don't understand. Compiler always uses the name of the firewall for 
generated files.

> Another thing is tell me an easy way to keep several rulesets for one
> firewall in one library? That's how i discovered this bug. Try it for
> further questions ask me.
>

You can create two firewall objects with the same addresses and 
different rules.


> Creating many objects really sucks. I created to today 40 hosts from
> scratch and it was a pain (i used copy later). I know tehre is the
> address object but when i create a host it should have some kind of
> special dialog which automatic creates one interface with one ip. This
> would be promising because in 99% of the times you need a host it has
> one interface with one ip.
>

use address object, that's what it is there for.

I also have couple of useful shortcuts on my todo list, I'll try to 
implement these soon if time permits.

> Firewallinstaller should keep the last name used to install the policy
> (should be configurable):
>

what name ?

> Now we come to openbsd 3.5 and fwb2. The script copies the .fw and the
> .conf to /etc but tries to sudo them from /etc/fw. Maybe also look at
> the permissions. I can test this for you at work.
>

I'll check. The directory is configurable in the "advanced" firewall 
dialog (see "installer" tab)

> Another this with maybe only the windows binary is that the .conf and
> the .fw (but only the .conf matters have a ^N after every line. This
> causes a syntax error when executing. Using dos2unix or nano fixes
> this. I can test this too at work.
>

could be, I'll check

> A last i must say that this is my first openbsd fw and i try to build
> a transparent fw (bridged fw) with two interfaces without ip and one
> management interface with ip. I only added rules to the policy and
> none to the interfaces and even when i add a pass all rule i can't get
> on the fw until flushing all rules (pfctl -F all). Any ideas?
>

I have no experience with bridging firewalls. Try to mark bridging 
interfaces "unnumbered" or remove them from the object.

--vk

Re: [Fwbuilder-discussion] Re: Firewall Builder 2.0 beta, new build #189

[<dum...@gm...>]

Guten Tag Vadim Kurland,

am Dienstag, 1. Juni 2004 um 19:12 schrieben Sie:


VK> On Jun 1, 2004, at 10:01 AM, dum...@gm... wrote:

>> VK>   - the GUI won't allow the user to rename an object if another
>> object
>> VK> with the same name already exists in the same folder. Although
>> VK> underlying API allows for duplicate names, they are confusing and
>> it
>> VK> just makes sense to avoid them.
>>
>> Works but add also a check when creating maybe something like
>> numbering up (1),(2) or so would do fine.
>>

VK> do you mean it should automatically add a number if the same name 
VK> already exists? I am not sure this is a good idea

Ok i think you are right. Just disallow creating of objects with the same
name. I think there need to be done some testing how it fells in the
gui.

>> VK>   - rule comments are edited in a pop-up dialog ( Hi Thomas :-) )
>>
>> hehe thanks first of all but should be possible to just doubleclick
>> the comments field to open the edit window. Also the edit window is
>> wrong labeled ("Script Editor").
>>

VK> check

>> VK>   - Since there is no drag&drop for rules, I wanted to compensate
>> for it
>> VK> somehow and implemented support for operations that act on multiple
>> VK> rules at once. You can now select several consecutive rules by 
>> dragging
>> VK> mouse cursor over rule numbers; pop-up menu that appears when you
>> then
>> VK> click right mouse button allows you to set color, delete and move
>> group
>> VK> of rules.
>>
>> Works fine with mouse but you limited the menu much. I tried the same
>> holding down Strg key and wanted to copy or cut several rules but no
>> chance. Fwb2 only copies the first one. This should go directly to the
>> todo list.
>>

VK> copy/cut of groups of rules is not supported. I would need to make too
VK> many changes for that so I decided to postpone it. You can remove 
VK> multiple rules though.

Ok.

>> First when i copy a firewall and try to install rules he always uses
>> the same rules (old name for example test1.fw and test1.conf (pf)) I
>> can't change this in the firewall properties so the rules file should
>> be renamed also when i rename the firewall.
>>

VK> I don't understand. Compiler always uses the name of the firewall for
VK> generated files.

Try it. Rename a firewall and install. The rule files on the server
.fw and .conf have the name of the original one.

>> Another thing is tell me an easy way to keep several rulesets for one
>> firewall in one library? That's how i discovered this bug. Try it for
>> further questions ask me.
>>

VK> You can create two firewall objects with the same addresses and 
VK> different rules.

That's what i tried see above.

>> Creating many objects really sucks. I created to today 40 hosts from
>> scratch and it was a pain (i used copy later). I know tehre is the
>> address object but when i create a host it should have some kind of
>> special dialog which automatic creates one interface with one ip. This
>> would be promising because in 99% of the times you need a host it has
>> one interface with one ip.
>>

VK> use address object, that's what it is there for.

VK> I also have couple of useful shortcuts on my todo list, I'll try to
VK> implement these soon if time permits.

New dialog with additional fileds or a little popup with if name,ip
and subnetmask would do fine.

>> Firewallinstaller should keep the last name used to install the policy
>> (should be configurable):
>>

VK> what name ?

login name :-) Should be saved per firewall.

>> Now we come to openbsd 3.5 and fwb2. The script copies the .fw and the
>> .conf to /etc but tries to sudo them from /etc/fw. Maybe also look at
>> the permissions. I can test this for you at work.
>>

VK> I'll check. The directory is configurable in the "advanced" firewall
VK> dialog (see "installer" tab)

I see points to /etc where the rules go to. Only the sudo command
looks i a wrong place.

>> Another this with maybe only the windows binary is that the .conf and
>> the .fw (but only the .conf matters have a ^N after every line. This
>> causes a syntax error when executing. Using dos2unix or nano fixes
>> this. I can test this too at work.
>>

VK> could be, I'll check

gimme something to test *G*

>> A last i must say that this is my first openbsd fw and i try to build
>> a transparent fw (bridged fw) with two interfaces without ip and one
>> management interface with ip. I only added rules to the policy and
>> none to the interfaces and even when i add a pass all rule i can't get
>> on the fw until flushing all rules (pfctl -F all). Any ideas?
>>

VK> I have no experience with bridging firewalls. Try to mark bridging
VK> interfaces "unnumbered" or remove them from the object.

It is marked unnumbered. I don't need any rules on the interfaces
right?

Best Regards

Thomas Schend
Systemadministrator
mailto:dum...@gm...

Re: [Fwbuilder-discussion] Re: Firewall Builder 2.0 beta, new build #189

[Vadim K. /r/ <va...@vk...>]

On Jun 1, 2004, at 11:12 AM, dum...@gm... wrote:

> Guten Tag Vadim Kurland,
>
> Ok i think you are right. Just disallow creating of objects with the 
> same
> name. I think there need to be done some testing how it fells in the
> gui.
>

build 189 does just that - does not allow the user to create an object 
if another object with the same name already exists in a folder.

>
>>> First when i copy a firewall and try to install rules he always uses
>>> the same rules (old name for example test1.fw and test1.conf (pf)) I
>>> can't change this in the firewall properties so the rules file should
>>> be renamed also when i rename the firewall.
>>>
>
> VK> I don't understand. Compiler always uses the name of the firewall 
> for
> VK> generated files.
>
> Try it. Rename a firewall and install. The rule files on the server
> .fw and .conf have the name of the original one.
>

please give me detailed step-by-step of what you did.

  - duplicate the object (new name should appear in the firewall 
pull-down list)
  - choose the new object in the firewall pull-down list if some other 
one was opened
  - compile (this should produce .conf and .fw files with the name name)
  - install

is this what you did ?

>
>>> Creating many objects really sucks. I created to today 40 hosts from
>>> scratch and it was a pain (i used copy later). I know tehre is the
>>> address object but when i create a host it should have some kind of
>>> special dialog which automatic creates one interface with one ip. 
>>> This
>>> would be promising because in 99% of the times you need a host it has
>>> one interface with one ip.
>>>
>
> VK> use address object, that's what it is there for.
>
> VK> I also have couple of useful shortcuts on my todo list, I'll try to
> VK> implement these soon if time permits.
>
> New dialog with additional fileds or a little popup with if name,ip
> and subnetmask would do fine.
>

the latter is on the list. I'll add an item to the pull-down menu that 
appears when you right click on the rule element, something like 
"Create and add an address". This will open a little dialog with name, 
address, netmask and "dns lookup" button which will create an object 
and insert it in the rule at the same time.

>>> Firewallinstaller should keep the last name used to install the 
>>> policy
>>> (should be configurable):
>>>
>
> VK> what name ?
>
> login name :-) Should be saved per firewall.
>

This bug is on the list. I'll look at it tonight. I plan to add a 
parameter to the "installer" tab of "advanced" firewall dialog.


>>> Now we come to openbsd 3.5 and fwb2. The script copies the .fw and 
>>> the
>>> .conf to /etc but tries to sudo them from /etc/fw. Maybe also look at
>>> the permissions. I can test this for you at work.
>>>
>
> VK> I'll check. The directory is configurable in the "advanced" 
> firewall
> VK> dialog (see "installer" tab)
>
> I see points to /etc where the rules go to. Only the sudo command
> looks i a wrong place.
>

hmm, will check.

>

> VK> I have no experience with bridging firewalls. Try to mark bridging
> VK> interfaces "unnumbered" or remove them from the object.
>
> It is marked unnumbered. I don't need any rules on the interfaces
> right?
>

I thought so but I am not sure.

--vk

Re: [Fwbuilder-discussion] Re: Firewall Builder 2.0 beta, new build #189

[<dum...@gm...>]

Guten Tag Vadim Kurland /r/,

am Dienstag, 1. Juni 2004 um 20:36 schrieben Sie:


VKr> On Jun 1, 2004, at 11:12 AM, dum...@gm... wrote:

>> Guten Tag Vadim Kurland,
>>
>> Ok i think you are right. Just disallow creating of objects with the
>> same
>> name. I think there need to be done some testing how it fells in the
>> gui.
>>

VKr> build 189 does just that - does not allow the user to create an object
VKr> if another object with the same name already exists in a folder.

     Hehe no i tested it (see attached screenshot12). You can create
     one object after another with the new object function. Only
     renaming and renaming back does not work.
     
>>
>>>> First when i copy a firewall and try to install rules he always uses
>>>> the same rules (old name for example test1.fw and test1.conf (pf)) I
>>>> can't change this in the firewall properties so the rules file should
>>>> be renamed also when i rename the firewall.
>>>>
>>
>> VK> I don't understand. Compiler always uses the name of the firewall
>> for
>> VK> generated files.
>>
>> Try it. Rename a firewall and install. The rule files on the server
>> .fw and .conf have the name of the original one.
>>

VKr> please give me detailed step-by-step of what you did.

VKr>   - duplicate the object (new name should appear in the firewall 
VKr> pull-down list)
VKr>   - choose the new object in the firewall pull-down list if some other
VKr> one was opened
VKr>   - compile (this should produce .conf and .fw files with the name name)
VKr>   - install

VKr> is this what you did ?

yes you are right. Is it correct that the .conf and .fw are equal in
name? The second one is called Copy of but the conf and fw not.

Btw do i need to compile the rules every time before installing?
The This should be checked when i just hit install without compiling.
Also a button in the drop down menu when i click the firewall with
"complie" and "install" would be nice. Btw what is the dump button
for in the fw menu.

>>
>>>> Creating many objects really sucks. I created to today 40 hosts from
>>>> scratch and it was a pain (i used copy later). I know tehre is the
>>>> address object but when i create a host it should have some kind of
>>>> special dialog which automatic creates one interface with one ip.
>>>> This
>>>> would be promising because in 99% of the times you need a host it has
>>>> one interface with one ip.
>>>>
>>
>> VK> use address object, that's what it is there for.
>>
>> VK> I also have couple of useful shortcuts on my todo list, I'll try to
>> VK> implement these soon if time permits.
>>
>> New dialog with additional fileds or a little popup with if name,ip
>> and subnetmask would do fine.
>>

VKr> the latter is on the list. I'll add an item to the pull-down menu that
VKr> appears when you right click on the rule element, something like 
VKr> "Create and add an address". This will open a little dialog with name,
VKr> address, netmask and "dns lookup" button which will create an object
VKr> and insert it in the rule at the same time.

Great you rock :-)

>>>> Firewallinstaller should keep the last name used to install the 
>>>> policy
>>>> (should be configurable):
>>>>
>>
>> VK> what name ?
>>
>> login name :-) Should be saved per firewall.
>>

VKr> This bug is on the list. I'll look at it tonight. I plan to add a
VKr> parameter to the "installer" tab of "advanced" firewall dialog.

Great

>>>> Now we come to openbsd 3.5 and fwb2. The script copies the .fw and
>>>> the
>>>> .conf to /etc but tries to sudo them from /etc/fw. Maybe also look at
>>>> the permissions. I can test this for you at work.
>>>>
>>
>> VK> I'll check. The directory is configurable in the "advanced" 
>> firewall
>> VK> dialog (see "installer" tab)
>>
>> I see points to /etc where the rules go to. Only the sudo command
>> looks i a wrong place.
>>

VKr> hmm, will check.

ok.

>>

>> VK> I have no experience with bridging firewalls. Try to mark bridging
>> VK> interfaces "unnumbered" or remove them from the object.
>>
>> It is marked unnumbered. I don't need any rules on the interfaces
>> right?
>>

VKr> I thought so but I am not sure.

Mhh i will test more tomorrow (my time *G*)

Hope new version is ready for on which installation on openbsd works
:-)



Best Regards

Thomas Schend
Systemadministrator
mailto:dum...@gm...

[Fwbuilder-discussion] Re: Firewall Builder 2.0 beta, new build #192

[Vadim K. <va...@vk...>]

build #192 is available for download


  - added a new parameter to the "Installer" tab of "advanced" dialogs 
for all firewall platforms: a user name used to authenticate to the 
firewall when installing policy. User name is stored in the firewall 
object and used by installer.

  - installer uses alternative address of the firewall if the 
corresponding input field is filled in; if it is empty, it uses address 
of management interface. Alternative address can be specified as an IP 
address or a fully qualified host name. Short names are not supported 
at this time (because of limitations on Windows).

  - installer properly uses directory specified in the "installer" tab 
of firewall dialog (before it would try to use "/etc/fw" regardless of 
what was configured in the dialog)

  - all compilers generate files in binary mode on Windows (without 
carriage return "^M" at the end of each line )

  - various minor fixes, such as comment editor window caption, starting 
comment editor  when user double clicks on the comment in a rule, etc.


please test

--vk


On Jun 1, 2004, at 12:36 PM, dum...@gm... wrote:

> Guten Tag Vadim Kurland /r/,
>
> am Dienstag, 1. Juni 2004 um 20:36 schrieben Sie:
>
>
> VKr> On Jun 1, 2004, at 11:12 AM, dum...@gm... wrote:
>
>>> Guten Tag Vadim Kurland,
>>>
>>> Ok i think you are right. Just disallow creating of objects with the
>>> same
>>> name. I think there need to be done some testing how it fells in the
>>> gui.
>>>
>
> VKr> build 189 does just that - does not allow the user to create an 
> object
> VKr> if another object with the same name already exists in a folder.
>
>      Hehe no i tested it (see attached screenshot12). You can create
>      one object after another with the new object function. Only
>      renaming and renaming back does not work.
>
>>>
>>>>> First when i copy a firewall and try to install rules he always 
>>>>> uses
>>>>> the same rules (old name for example test1.fw and test1.conf (pf)) 
>>>>> I
>>>>> can't change this in the firewall properties so the rules file 
>>>>> should
>>>>> be renamed also when i rename the firewall.
>>>>>
>>>
>>> VK> I don't understand. Compiler always uses the name of the firewall
>>> for
>>> VK> generated files.
>>>
>>> Try it. Rename a firewall and install. The rule files on the server
>>> .fw and .conf have the name of the original one.
>>>
>
> VKr> please give me detailed step-by-step of what you did.
>
> VKr>   - duplicate the object (new name should appear in the firewall
> VKr> pull-down list)
> VKr>   - choose the new object in the firewall pull-down list if some 
> other
> VKr> one was opened
> VKr>   - compile (this should produce .conf and .fw files with the 
> name name)
> VKr>   - install
>
> VKr> is this what you did ?
>
> yes you are right. Is it correct that the .conf and .fw are equal in
> name? The second one is called Copy of but the conf and fw not.
>
> Btw do i need to compile the rules every time before installing?
> The This should be checked when i just hit install without compiling.
> Also a button in the drop down menu when i click the firewall with
> "complie" and "install" would be nice. Btw what is the dump button
> for in the fw menu.
>
>>>
>>>>> Creating many objects really sucks. I created to today 40 hosts 
>>>>> from
>>>>> scratch and it was a pain (i used copy later). I know tehre is the
>>>>> address object but when i create a host it should have some kind of
>>>>> special dialog which automatic creates one interface with one ip.
>>>>> This
>>>>> would be promising because in 99% of the times you need a host it 
>>>>> has
>>>>> one interface with one ip.
>>>>>
>>>
>>> VK> use address object, that's what it is there for.
>>>
>>> VK> I also have couple of useful shortcuts on my todo list, I'll try 
>>> to
>>> VK> implement these soon if time permits.
>>>
>>> New dialog with additional fileds or a little popup with if name,ip
>>> and subnetmask would do fine.
>>>
>
> VKr> the latter is on the list. I'll add an item to the pull-down menu 
> that
> VKr> appears when you right click on the rule element, something like
> VKr> "Create and add an address". This will open a little dialog with 
> name,
> VKr> address, netmask and "dns lookup" button which will create an 
> object
> VKr> and insert it in the rule at the same time.
>
> Great you rock :-)
>
>>>>> Firewallinstaller should keep the last name used to install the
>>>>> policy
>>>>> (should be configurable):
>>>>>
>>>
>>> VK> what name ?
>>>
>>> login name :-) Should be saved per firewall.
>>>
>
> VKr> This bug is on the list. I'll look at it tonight. I plan to add a
> VKr> parameter to the "installer" tab of "advanced" firewall dialog.
>
> Great
>
>>>>> Now we come to openbsd 3.5 and fwb2. The script copies the .fw and
>>>>> the
>>>>> .conf to /etc but tries to sudo them from /etc/fw. Maybe also look 
>>>>> at
>>>>> the permissions. I can test this for you at work.
>>>>>
>>>
>>> VK> I'll check. The directory is configurable in the "advanced"
>>> firewall
>>> VK> dialog (see "installer" tab)
>>>
>>> I see points to /etc where the rules go to. Only the sudo command
>>> looks i a wrong place.
>>>
>
> VKr> hmm, will check.
>
> ok.
>
>>>
>
>>> VK> I have no experience with bridging firewalls. Try to mark 
>>> bridging
>>> VK> interfaces "unnumbered" or remove them from the object.
>>>
>>> It is marked unnumbered. I don't need any rules on the interfaces
>>> right?
>>>
>
> VKr> I thought so but I am not sure.
>
> Mhh i will test more tomorrow (my time *G*)
>
> Hope new version is ready for on which installation on openbsd works
> :-)
>
>
>
> Best Regards
>
> Thomas Schend
> Systemadministrator
> mailto:dum...@gm...
> <screenshot12.JPG>

[Fwbuilder-discussion] Re: Firewall Builder 2.0 beta, new build #192

[Tom D. <td...@ro...>]

On Wed, 2 Jun 2004, Vadim Kurland wrote:

> 
> 
> build #192 is available for download

Since you went to the trouble of naming the rpms *fwbuilder2* is there any
possibility you could fix the spec file so that fwb and fwb2 could coexist
peacfully on the same machine? Currently they conflict. At first glance it
appears you could just add a 2 to the path names so it uses its own directories
but I could be wrong.

I would like to test but I need a known working fwb available. :-)

Regards,

Tom

Re: [Fwbuilder-discussion] Re: Firewall Builder 2.0 beta, new build #192

[Vadim K. <va...@vk...>]

On Jun 2, 2004, at 7:04 AM, Tom Diehl wrote:

> On Wed, 2 Jun 2004, Vadim Kurland wrote:
>
>>
>>
>> build #192 is available for download
>
> Since you went to the trouble of naming the rpms *fwbuilder2* is there 
> any
> possibility you could fix the spec file so that fwb and fwb2 could 
> coexist
> peacfully on the same machine? Currently they conflict. At first 
> glance it
> appears you could just add a 2 to the path names so it uses its own 
> directories
> but I could be wrong.
>

it is intentional. The old fwbuilder won't be supported once the new 
one is released. I have no time and resources to support two versions, 
and I am sure if I make it possible to keep both on the same machine, 
there always will be someone who will do it and have problems...

> I would like to test but I need a known working fwb available. :-)
>

working what ?

--vk

Re: [Fwbuilder-discussion] Re: Firewall Builder 2.0 beta, new build #192

[Tom D. <td...@ro...>]

On Wed, 2 Jun 2004, Vadim Kurland wrote:

> 
> On Jun 2, 2004, at 7:04 AM, Tom Diehl wrote:
> 
> > On Wed, 2 Jun 2004, Vadim Kurland wrote:
> >
> >>
> >>
> >> build #192 is available for download
> >
> > Since you went to the trouble of naming the rpms *fwbuilder2* is there 
> > any
> > possibility you could fix the spec file so that fwb and fwb2 could 
> > coexist
> > peacfully on the same machine? Currently they conflict. At first 
> > glance it
> > appears you could just add a 2 to the path names so it uses its own 
> > directories
> > but I could be wrong.
> >
> 
> it is intentional. The old fwbuilder won't be supported once the new 
> one is released. I have no time and resources to support two versions, 
> and I am sure if I make it possible to keep both on the same machine, 
> there always will be someone who will do it and have problems...

So what would be wrong with just adding an obsoletes tag once you do a
real release? That would get rid of the old version. For that matter if you
are going to not allow both to be installed together then the obsoletes tag
should be there now. I understand the support issues, once a final release
is out but I do not understand why both should not be allowed during beta
testing. If you add an obsoletes tag and someone takes it out then that is
their problem. It would be an unsupported thing.

> > I would like to test but I need a known working fwb available. :-)
> >
> 
> working what ?

Working fwbuilder. I only have 1 machine available to run fwb on. Since fwb2
is beta I do not wish to totally rely on it for configuring production firewalls
without some testing. I would like to test/play with fwb2 but given the current
state of the rpms I cannot do that unless I go hack the spec file myself.

Regards,

Tom

Re: [Fwbuilder-discussion] Re: Firewall Builder 2.0 beta, new build #192

[Vadim K. /r/ <va...@vk...>]

On Jun 2, 2004, at 11:54 AM, Tom Diehl wrote:

> On Wed, 2 Jun 2004, Vadim Kurland wrote:
>
>
> So what would be wrong with just adding an obsoletes tag once you do a
> real release? That would get rid of the old version. For that matter 
> if you
> are going to not allow both to be installed together then the 
> obsoletes tag
> should be there now. I understand the support issues, once a final 
> release
> is out but I do not understand why both should not be allowed during 
> beta
> testing. If you add an obsoletes tag and someone takes it out then 
> that is
> their problem. It would be an unsupported thing.
>

true. Unfortunately this can't be done by simply hacking .spec file, 
the API (libraries, include files and resource files) needs to be 
installed in a separate directories and the change should propagate 
through code. It is partially so, for example includes are in a 
different directory and libraries have different names, but resources 
are still in the same place.

Also all binaries would need to be called something else in beta, and 
the name would have to be changed back to the standard one in release. 
It is rather messy.


>>> I would like to test but I need a known working fwb available. :-)
>>>
>>
>> working what ?
>
> Working fwbuilder. I only have 1 machine available to run fwb on. 
> Since fwb2
> is beta I do not wish to totally rely on it for configuring production 
> firewalls
> without some testing. I would like to test/play with fwb2 but given 
> the current
> state of the rpms I cannot do that unless I go hack the spec file 
> myself.

as I said, hacking spec files would not be enough anyway...

--vk

[Fwbuilder-discussion] Re: Firewall Builder 2.0 beta, new build #192

[Tom D. <td...@ro...>]

On Wed, 2 Jun 2004, Vadim Kurland /r/ wrote:

> 
> On Jun 2, 2004, at 11:54 AM, Tom Diehl wrote:
> 
> true. Unfortunately this can't be done by simply hacking .spec file, 
> the API (libraries, include files and resource files) needs to be 
> installed in a separate directories and the change should propagate 
> through code. It is partially so, for example includes are in a 
> different directory and libraries have different names, but resources 
> are still in the same place.
> 
> Also all binaries would need to be called something else in beta, and 
> the name would have to be changed back to the standard one in release. 
> It is rather messy.

OK, obviously I had not really looked at it.

So, are you going to put an obsoletes tag in the fwb2 rpms? At least then
I could upgrade to fwb2 and roll it back if I had to. Right now the only
way to do this is to uninstall fwb and then install fwb2.

Also, do you have any plans to build rpms for RHEL3 after the final fwb2
release?

Regards,

Tom

[Fwbuilder-discussion] Re: Firewall Builder 2.0 beta, new build #192

[Vadim K. /r/ <va...@vk...>]

On Jun 2, 2004, at 12:33 PM, Tom Diehl wrote:

> On Wed, 2 Jun 2004, Vadim Kurland /r/ wrote:
>
>>
>> On Jun 2, 2004, at 11:54 AM, Tom Diehl wrote:
>>
>> true. Unfortunately this can't be done by simply hacking .spec file,
>> the API (libraries, include files and resource files) needs to be
>> installed in a separate directories and the change should propagate
>> through code. It is partially so, for example includes are in a
>> different directory and libraries have different names, but resources
>> are still in the same place.
>>
>> Also all binaries would need to be called something else in beta, and
>> the name would have to be changed back to the standard one in release.
>> It is rather messy.
>
> OK, obviously I had not really looked at it.
>
> So, are you going to put an obsoletes tag in the fwb2 rpms? At least 
> then
> I could upgrade to fwb2 and roll it back if I had to. Right now the 
> only
> way to do this is to uninstall fwb and then install fwb2.
>

yes, I'll add "obsoletes" tag, of course. Thanks for pointing this out, 
I just spaced it.

> Also, do you have any plans to build rpms for RHEL3 after the final 
> fwb2
> release?
>

yes, I should do it. I'll buy RHEL3 if there is no free version 
available.

--vk

[Fwbuilder-discussion] Re: Firewall Builder 2.0 beta, new build #192

[Tom D. <td...@ro...>]

On Wed, 2 Jun 2004, Vadim Kurland /r/ wrote:

> 
> On Jun 2, 2004, at 12:33 PM, Tom Diehl wrote:
> 
> > So, are you going to put an obsoletes tag in the fwb2 rpms? At least 
> > then
> > I could upgrade to fwb2 and roll it back if I had to. Right now the 
> > only
> > way to do this is to uninstall fwb and then install fwb2.
> >
> 
> yes, I'll add "obsoletes" tag, of course. Thanks for pointing this out, 
> I just spaced it.

Thanks.

> > Also, do you have any plans to build rpms for RHEL3 after the final 
> > fwb2
> > release?
> >
> 
> yes, I should do it. I'll buy RHEL3 if there is no free version 
> available.

You might want to look at White Box Linux, cAoS, or Tao. They are clones of
RHEL built from the srpms of RHEL and freely distributed. I have never used
them but I have heard good things about them.

If you want the real thing and you do not need all of the server packages you
can get RHEL PW in places like Staples for $50.00 USD. I do not know what that
translates into in your part of the world but it is at least a datapoint.

RHPW contains most of the packages RHEL does but you only get installation
support and a year of rhn.

Regards,

Tom