[5135] in Moira
change rile
daemon@ATHENA.MIT.EDU (Angelina I.Vickers)
Sun Jul 1 12:54:36 2007
Message-ID: <4687DC3F.1070401@invenproinc.com>
Date: Sun, 1 Jul 2007 09:54:23 -0700
From: "Angelina I.Vickers" <iwsk@invenproinc.com>
MIME-Version: 1.0
To: bug-moira@mit.edu
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
ERMX Grabs Edge Of US Trade With China And Moves Into Nitride Devices!
EntreMetrix Inc. (ERMX)
$0.16
Congress's push to increase trade agreements with China gives ERMX huge
advantage as they enter joint venture to manufacture Nitride Devices for
military, energy and technological solutions in China. This is huge. Get
on ERMX Monday!
igmp access lists are not parsed. There can only be one MAC address for
each interface. Packages are available for download on our SourceForge
downloads page. Virtual addresses added for NAT are considered to be a
side effect and connections should not be implicitly permitted to them
by a rule with fw object in destination.
targets ACCEPT, DROP, REJECT, MARK and others are converted to the
corresponding fwbuilder policy rule actions.
In all cases the goal is to make sure DNAT rules process the packet
before, and SNAT rules process it after filtering and tagging rules.
New features in the built in policy installer added an option for test
run.
Installer would not copy generated script over ssh if the script was
longer than some threshold and the gui was running on FreeBSD. Menu item
"Paste" should only be enabled if the clipboard is not empty and objects
that are stored in it can be pasted into selected object in the tree.
The problem concerns policy rules using service object "any ICMP".
A bug that prevented user from creating a rule set branch inside another
branch has been fixed.
If this is not the case, built-in installer can be instructed to ask for
the authentication information before it touches each firewall.
This simplifies accounting since chain name for such rule won't change
if the user adds or removes rules above or below.
Keeping track of dependencies between objects.
Keeping track of dependencies between objects.
SNAT, DNAT, MASQUERADING, REDIRECT and NETMAP targets and their
parameters are recognized in the NAT rules.
Compilers for iptables, ipfilter, pf and PIX can not use objects with
this option and treat it as an error because corresponding platforms do
not support it. Streamlined logic in the object editor dialog. Currently
this still remains largely untested.
The program printed only number of objects contaned in object or service
groups.
Rule utlilizing "limit" module to rate limit packets with logging logged
every packet and dropped those that exceeded the limit. Address and
service objects are created in the process for all addresses and ports
used in all rules. The GUI now starts either into an empty database or
opens data file specified on the command line.
This turns Firewall Builder into universal access policy management tool
for a data center, office or an ISP. Switched to command line option
"-l" to specify user name for external ssh in installer. This was broken
only on Mac OS X.
Now using getuid to get user name on Unix and GetUserName on Windows.
all policy compilers properly detect an error when the output file can
not be created or overwritten and print error message to warn the user.
This option is available for all firewall platforms but PIX. Packets
originating on the firewall go into OUTPUT and POSTROUTING chains, so
no-nat rules must be placed in both. The last item is default.
Needed to suppress these error messages.
For PF this action is translated into tag. New features in the built in
policy installer added an option for test run.
This means you can not use CustomService to specify protocols. Switched
to using "plain" grep.
Policy compiler for iptables can use iptables-restore to activate
firewall policy. The fix makes it apply the limit first and then log
only packets that were dropped.
