Firewall Builder Release Notes 
 Version  2.0.2   
Released 08/31/04
GUI and compilers v2.0.2 require API library libfwbuilder version 2.0.2
Summary 
Firewall Builder GUI v2.0.2 is a maintenance release that includes
fixes for bugs discovered since 2.0.1 has been released.
For those who wish to build from source, instructions are outlined
in "Install
and Build instructions"
    
General
    
      - Updated FreeBSD ports, tested on 5.3-BETA
    
    
    
New standard objects
    
      - added new service objects to the Standard objects library:
      "xmas scan" (old object renamed "xmas scan - full"), rsync,
      distcc, cvspserver, cvsup, afp, whois, bgp, radius and radius
      acct, SSDP and UPnP.
    
    
    
New template objects
    
      - added template firewall objects for Linksys firewall and a
      web server.
    
    
    
New features in policy compiler for PF
    
      - Implemented support for all timeout settings in pf:
      tcp.first,tcp.opening,tcp.established,
      tcp.closing,tcp.finwait,tcp.closed,udp.first,udp.single,udp.multiple,
      icmp.first,icmp.error,other.first,other.single,other.multiple,
      including adaptive timeout scaling options adaptive.start and
      adaptive.end
- Added support for options "max", "max-src-nodes" and
      "max-src-states" in pf. These allow to limit number of
      concurrent state table entries ("max"), number of source
      addresses that can simultaneously have state table entries
      ("max-src-nodes") and number of simultaneous state entries per
      source address ("max-src-states") per rule.
    
    
    
Bugs fixed in libfwbuilder API:
    
      - : added element physAddress to list of child elements of
      Library (bug #1011617)
- bug #1012733: "configure --libdir=DIR will be ignored at
      installation". Needed to use macro _libdir to specify target
      directory for libraries. Used it in configure, qmake.in,
      libfwbuilder-config-2 and a .spec file. Code should compile and
      install in correct place on 64-bit systems.
    
    
    
Bugs fixed in GUI:
    
      - bug #1019691: "040829 nightly build doesn't add paths for
      linksys"
- bug #1013177: "deleting multiple hosts causes crash"
      
- bug #1009345: "Can only move one host object at a time
      between libraries"
- bug #1013018: "host OS settings" dialog is missing for
      linksys. Added host OS settings dialog for
      linksys/Sveasoft. Dialog provides entry fields for paths to
      iptables, lsmod, modprobe, logger tools and two shell prompt
      string patterns, this should help to work around changes in the
      shell prompt on Linksys.
- bug #1013022: "can not install policy script on linksts
      Alchemy pre-5.2". Built-in installer uses shell prompt string
      patterns configured in the host OS settings dialog for
      linksys.
- bug #1008956: "Existing .fwb file gets overwritten if has
      wrong extension". If the GUI needs to rename a data file with
      old extension .xml to .fwb, it checks if a file with new
      extension exists and offers user a chance to choose a different
      name. It also treats symlinks in a special way: if user creates
      a symlink with extension .xml pointing at a file with extension
      .fwb, the GUI simply follows the link and works with .fwb
      file. This should work with Windows shortcuts, too. 
- bug #1013485: "File/Import should allow to import .fwb
      file". Function File/Import offers a choice of .fwl, .fwb and
      "all files" in the open file dialog.
- bug #1011248: "need two xmas scan service objects". 
- bug #1013957: "incorrect NAT rule in firewall created from
      template #3". The problem was caused by incorrect ip address of
      interface "dmz" in the template object #3.
- bug #1014725: "adding new ICMP types". If user created
      service group with the name "ICMP", the GUI would place new ICMP
      objects under this group instead of the standard folder
      "ICMP". There was the same problem with other object types, too.
- bug #1015884: "Export more than one library fails with 0
      references". Export library operation failed if user exported
      two libraries with groups or rules in one library referencing
      objects in the other.
    
    Bugs fixed in iptables policy compiler fwb_ipt:
    
      - bug #1005148: "MAC matching - space missing". Space was
      missing between MAC address and custom service code.
- avoiding grep in the script generated for Linksys/Sveasoft
      firewall - Sveasoft Alchemy pre-5.2.3 does not have grep
- bug #1019943: "Missing ip addresses in the rule using
      interfaces"
Last modified: Tue Aug 31 20:38:55 PDT 2004