tutorial
News Hits! New R&D Facility Engaged!
Chan-On International Inc.
Symbol: CAON
Close: $0.73
News hits today on CAON and trading continues to warm up. Hitting highs
of $0.90 today, we can see this building. Read the release and get on
CAON first thing Tuesday. We can see this climbing all week!
Support for options "max-src-conn" and "max-src-states" has been
improved in the compiler for PF. No manual editing of the config is
required prior to import.
You can download free trial version here.
One of the most important improvements in the web site is that it now
has a "Search" function.
ACL names are automatically generated using abbreviated interface names
and direction symbols to make it easy to figure out which ACL is which.
This allows for names and comments to be entered and displayed in local
languages.
Using iptables-restore is optional and is controlled by the checkbutton
in the "Script options" tab of firewall settings dialog.
Object dependencies are tracked not only when objects are directly used
in rules, but also when they apepar there indirectly, as members of
groups Added bulk compile and install operations. Code has been fixed in
many places where text strings were not properly marked for
localization.
Currently the following modules are supported: state multiport limit
mark Importer creates firewall object with all interfaces. Rule element
"direction" that previously was only part of the interface policy rules
is now part of all policy rules.
Ability to search for objects using regular expressions matching their
names or attributes has been added.
Custom: This action allows administrator to define arbitrary piece of
code to be used in place of an action. Here is the contents of the
README.
Firewall object is placed in "Source" for rules with chain OUTPUT. For
PF this action is translated into an anchor with the name the same as
the name of the branch defined by the administrator. igmp access lists
are not parsed. You can download free trial version here. This allows
fwbedit to quickly create objects and still ensure their IDs are unique
fwbedit Fwbedit can now create objects and repair broken object
database. Both installers were updated however to improve support for
the automatic roll-back feature in case you lose connect with the
firewall or the router because of an error in the policy. Prolog block
is added on top, while epilog block is added at the bottom. See Release
Notes for the complete list. The bug has been fixed, along with a couple
of others. For PF this action is translated into an anchor with the name
the same as the name of the branch defined by the administrator. All
object dialogs have been converted into built-in panels that appear in
the right hand part of the main window.
Interfaces without "ip address" in the configuration are marked as
"unnumbered" in the firewall builder object tree.
This is especially convenient as it allows one to inspect the rules
after failed compilation while still having compiler error on screen.
Compiler is more tolerant while processing Address Table object with
empty address file or with a file with empty lines.
The problem must be corrected manually.
Besides the "cookbook", I moved all the documents that used to be
published on the old site here, and added many new ones.
This allows for names and comments to be entered and displayed in local
languages. This turns Firewall Builder into universal access policy
management tool for a data center, office or an ISP. New function to
compare two data files and find conflicting objects has been added.
Supported only by compilers for iptables and PF.
It can not assign object name for the firewall object nor add IP and MAC
addresses to interfaces because this information is not present in
iptables-save file.
This feature helps to work around errors in the policy that block access
to the firewall from the management workstation. See Release Notes for
the complete list.
The "Help me build firewall policy" wizard was phased out and replaced
with firewall templates.
Here is the contents of the README. "log", "log-input", "fragments",
"established" keywords are supported and translated into rule or object
options as appropriate. We plan to run public beta for a few months and
release final version in October.
Editing of all objects is done in a separate floating editor window that
can be kept open at all times. It can not configure QoS and other
features available there, but you can always use web interface for
those. This replaced "help me build firewall" wizard.
A bug that prevented user from creating a rule set branch inside another
branch has been fixed. Firewall object now has an attribute "inactive".
This action is only supported by compilers for iptables, PF and ipfw. It
is assumed that firewall object in rules represents combination of
addresses configured in its interfaces in the GUI.
Libtool is not used at all.
For PF it is translated into queue; compiler for ipfw can use pipe,
queue or divert depending on how the action is configured by the
administrator in the GUI.
You can download free trial version here.
Reply to: