2004-09-30    <vadim@vk.crocodile.org>

	* v2.0.3 released
	
2004-09-28    <vadim@vk.crocodile.org>

	* instDialog.cpp (instDialog): since config diff is broken for pix
	v6.3(3) (because it does not permit adding duplicate ACL entries),
	"save diff to file" option is temporary disabled. "Incremental"
	install renamed to "install only ACL,icmp,telnet,ssh,nat,global
	and static commands"

2004-09-27    <vadim@vk.crocodile.org>

	* OSConfigurator_linux24.cpp (printPathForAllTools): script
	generated by compiler for iptables checks if /usr/sbin/ip exists
	on the firewall before it tries to use it to verify interfaces and
	configure IP addresses. This check is only performed if user
	activated options that use this tool. An error message "Interface
	eth0 does not exist" was generated if package iproute2 was not
	installed on the firewall, which was confusing.

	* FWWindow.cpp (doCompile): Added option "output file name" to
	firewall settings dialogs for all platforms. User can specify the
	name for the output file; this name is then used by built in
	installer in place of a macro %FWSCRIPT%.

	* ipt.cpp (main): Added command line option "-o" for all compilers

	* FWWindow.cpp (save): fixed bug #1035800: "Autosave failure opens
	error window repeatedly". This bug was in fact fixed earlier.

2004-09-26    <vadim@vk.crocodile.org>

	* FWWindow.cpp (fileSaveAs): fixed bug #1035130: 'Persistent
	"Save" dialog box'. Certain combination of actions on user's part
	used to lead to an indefinite loop of "do you want to save the
	data" dialogs. The problem was triggered if user skipped choosing
	a name for the new file in startup dialog.

	* linux24.xml.in: fixed bug #1035132: "compile errors with default
	Linksys firewall object". This bug has been introduced in build
	435. When user created a new firewall object using one of the
	template objects, the GUI would add bunch of garbage to the
	firewall options. This garbage violated XML DTD, so compilers and
	the GUI would not accept the data file anymore.

2004-09-25    <vadim@vk.crocodile.org>

	* ipt.cpp (main): using "set -x" to turn debugging on in generated
	iptables script. This will work even if the script is activated
	with "sh script.fw" command.

	* OSConfigurator_linux24.cpp (generateCodeForProtocolHandlers):
	changed commmand line for sed to more portable version. We used to
	use 'stmt; stmt' syntax, which is not always portable. Switched to
	a supposedly more portable syntax using multiple "-e" command line
	options.

2004-09-23    <vadim@vk.crocodile.org>

	* instDialog.cpp (getActivationCmd): fixed bug (no number): as of
	build #430, installer ignored activation command configured in the
	"install" tab of firewall settings dialog. Restored this
	functionality.

	* OSConfigurator_linux24.cpp (printPathForAllTools): just like
	with "tail -1", some busybox based systems require "head -1" to be
	changed to "head -n1"

2004-09-22    <vadim@vk.crocodile.org>

	* instDialog.cpp (testRunRequested): fixed bugs in installer that
	prevented it from working on OpenBSD. Enabled shceduled reboot for
	all OS except PIX.

2004-09-21    <vadim@vk.crocodile.org>

	* instDialog.cpp (testRunRequested): "schedule reboot" option is
	only enabled for linksys since it does not work on other platforms
	(yet)

	* FWWindow.cpp (openFirewall): implemented Feature Request
	#1032126: "Firewall label for clarity". Printing the name of the
	firewall object that is opened in the policy panel in a large font
	right above interface/policy tabs. This was easy to implement but
	I consider it an experiment. Will request feedback from users.

	* SSHSession.cpp (startSession): refactored code in built-in
	installer. Moved interaction with ssh to classes SSHSession,
	SSHUnx and SSHPIX. Moved "scriptlets" that are executed on
	firewall to activate policy in different modes to resource
	files. Using ssh rather than scp to copy policy script to
	unix-based firewalls (pscp.exe on Windows works only if the server
	supports sftp, but dropbear on Linksys does not support it so
	installer breaks if we use scp/pscp.exe to copy the policy).
	Still having problems with scheduled reboot option on Linux/BSD
	firewalls (it works on Linksys though).

	* OSConfigurator_linux24.cpp (printPathForAllTools): bugfix: some
	editions of busybox do not support "tail -1" syntax and require
	"tail -n1"

2004-09-19    <vadim@vk.crocodile.org>

	* instDialog.cpp (getActivationCmd): Improvement in the built-in
	installer: added an option to schedule automatic firewall reboot
	in specified time (in minutes) after policy activation. This
	option is available for all firewall platforms but PIX. This
	option only works if user requested policy activation in a test
	mode, in which case policy is copied and activated on the firewall
	but not stored in the permanent location. After reboot the
	firewall reverts to the previous version of the policy. To cancel
	scheduled reboot, run installer again with "test run" option
	turned off. Installer stores the policy in the permanent location,
	activates it and cancels scheduled reboot.

	* src/res/os/linux24.xml.in and other: moved all commands used by
	built-in installer to resource files.

2004-09-18    <vadim@vk.crocodile.org>

	* NATCompiler_pf.cpp (processNext): NAT rule of type DNAT (rdr
	rule) is assigned to an interface of the firewall if interface
	object or its address object is used in ODst. To get rdr rule
	without interface assignment, use an Address or a Host object that
	has the same IP address as that of firewall's interface but that
	is not a child of an interface. This is the same approach that is
	used in iptables.

	* PolicyCompiler_pf.cpp (compile): Compiler for pf always uses
	tables; this breaks compatibility with older OpenBSD systems (3.2
	and 3.3)

	* PolicyCompiler_pf.cpp (findDynamicInterfaces): Compiler for pf
	puts interface name in a table even if interface is dynamic for
	rules that use multiple objects in src or dst and one of these
	objects is dynamic interface of the firewall that is being
	processed. Using dynamic interface of another object in a rule is
	still considered an error. Compiler puts the name of dynamic
	interface in a table verbatim, without brackets '(' ')' since pf
	does not replace dynamic interface with its address dynamically if
	it is used in a table (pfctl issues an error if interface is put
	in brackets)

2004-09-17    <vadim@vk.crocodile.org>

	* OSConfigurator_linux24.cpp (configureInterfaces): flushing only
	secondary ip addresses on interfaces. This should fix a bug that
	caused linksys/sveasoft unit to lose default route upon reboot if
	external interface has static IP address.

2004-09-15    <vadim@vk.crocodile.org>

	* PolicyCompiler_pf.cpp (addDefaultPolicyRule): fixed bug
	#1028980: "need an option to turn logging on on fallback rule"

	* PolicyCompiler_pf_writers.cpp (processNext): fixed bug #1028973:
	fwb_pf: missing "flags S/SA" in front of "modulate state"

	* pfAdvancedDialog.cpp (pfAdvancedDialog): added an option to
	permit tcp sessions opened prior to firewall restart. This is
	needed now since compiler generates "flags S/SA" for the "keep
	state" and "modulate state" rules which means firewall won't
	permit TCP sessions unless it saw opening SYN packet.

	* instDialog.cpp (getActivationCmd): improvements in policy
	installer: added an option for test run. When this option is
	activated, policy script is pushed to the firewall and is executed
	but is not stored there permanently. Firewall reverts to the last
	working configuration after reboot.

	* NATCompiler_ipt_writers.cpp (processNext): using abbreviated
	versions of "--dport", "--sport", "--dports", "--sports" options
	to make generated iptables script smaller. Also changed the name
	of the variables used to hold IP address of dynamic interface from
	"interface_<ifname>" to "i_<ifname>". All this should help to fit
	larger policies into small FLASH on linksys. These changes shrunk
	my test script from 7964 bytes to 7430 bytes

2004-09-14    <vadim@vk.crocodile.org>

	* platforms.cpp (isDefaultOptions): fixed bug #1028078:
	"options.png is not displayed for "Assume firewall is part..."

	* pfAdvancedDialog.cpp (pfAdvancedDialog): fixed bug (no num):
	"firewall settings" dialog for OpenBSD pf did not save option "Use
	tables".

	* instDialog.cpp (getActivationCmd): implemented compression of
	the firewall script for Linksys/Sveasoft combo. Using gzip and
	uuencode/uudecode to compress the script and store it in flash
	variable 'fwb'. Installer prints flash memory stats after
	commiting changes. Installer uses scp to copy firewall script to
	the firewall and autogenerated prompt to detect when it logged in;
	it does not depend on Linksys shell prompt anymore.

2004-09-12    <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cpp (addPredefinedPolicyRules): implemented
	feature request #1023430: "add checkbox for INVALID support in fw
	settings". Added two checkboxes to the firewall settings dialog:
	one adds a rule to drop INVALID packets and another adds logging
	to the rule.
	
	* FWWindow.cpp (fileSaveAs): fixed bug #1026945: '"Save As" does
	not work if current file is in RCS'

	* FWWindow.cpp (removeFirewallFromList): fixed a bug (no number):
	after deleting a library firewall objects that belong to it were
	not removed from the pull-down list

	* PolicyCompiler_ipt_optimizer.cpp (optimizeForRuleElement): fixed
	bug #1026794: multiple SRC ntwks --> "iptables: invalid
	argument". Recent changes in optimizer introduced this bug. Rules
	with multiple objects in src or dst, TCP service, action Reject
	and option "reject with TCP RST" would generate iptables command
	that used option "--reject-with tcp-reset" without "-p tcp"

	* PolicyCompiler_pf_writers.cpp (_printDstAddr): fixed bug
	#1006906: "Negated network causes pass on network". Compiler for
	pf uses native negation syntax that is now available in pf 

2004-09-11    <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cpp (TimeNegation): fixed bug #1022216:
	"negated time produces incorrect iptables rule". Implemented
	negation for the "Time" rule element for iptables

	* PolicyCompiler_ipt.cpp (processNext): fixed bug #1026509:
	"incorrect rules generated for dual negation with time". Compiler
	generated incorrect iptables commands for rules that had negation
	in two or more rule elements, one of which was Time.

2004-09-09    <vadim@vk.crocodile.org>

	* OSConfigurator_linux24.cpp (prolog): rules that permit packets
	associated with ESTABLISHED,RELATED states moved to the beginning
	of the script before NAT rules.

	* PolicyCompiler_ipt_writers.cpp: added a checkbox and support in
	policy compiler for iptables to generate rules that drop packets
	that are associated with no know connection (state "INVALID")

2004-09-08    <vadim@vk.crocodile.org>

	* Firewall.cpp (duplicate): API change: fixed bug (no number): all
	references to the interfaces, as well as their IP and MAC
	addresses, in policy and NAT rules should be replaced when
	Firewall object is duplicated. Until now only references to the
	firewall object itself and to its interfaces were replaced with
	references to the newly created copies of object. References to IP
	and MAC addresses still pointed at the old objects.

	* FWObjectDatabase.cpp (IDcounter): fixed bug #1022788: "GUI
	corrupts XML file after creating a second firewall". Global object
	ID counter was getting reset every time new FWObjectDatabase
	object was created. This lead to the ID collision if user quickly
	created and deleted complex objects (such as Firewall) and used
	database merge. This should also fix bug #1022785: "GUI corrupts
	XML file after creating a host entry"

	* PolicyCompiler_ipt_optimizer.cpp (processNext): fixed bug
	#1024861: "optimizer is broken in fwb_ipt". Used idea and a patch
	by Mark Vevers <mark@vevers.net>. Fixed compiler fwb_ipt generates
	more efficient iptables script for rules with multiple objects in
	all rule elements. The script is smaller and eliminates
	unnecessary comparisons for packet attributes. Every attribute
	(i.e. source address, destination address, protocol and port
	numbers) is checked by the script only once. This should help
	reduce load on firewalls with lots of complex rules.
	
	* VERSION: set version to 2.0.3

2004-08-31    <vadim@vk.crocodile.org>

	* v2.0.2 released
	
2004-08-31    <vadim@vk.crocodile.org>

	* ipt.cpp (main): fixed bug #1019943: "Missing ip addresses in the
	rule using interfaces"

	* linksysAdvancedDialog.cpp (linksysAdvancedDialog): fixed bug
	#1019691: "040829 nightly build doesn't add paths for linksys"

2004-08-30    <vadim@vk.crocodile.org>

	* VERSION (VERSION): version 2.0.2, revision 1

	* aboutdialog_q.ui.h (init): "About" dialog shows registration
	status (used only in non-GPL versions)

2004-08-28    <vadim@vk.crocodile.org>

	* fixed FreeBSD port, now compiles on 5.3BETA

2004-08-25    <vadim@vk.crocodile.org>

	* RuleOptionsDialog.cpp (loadFWObject): Added support for options
	"max", "max-src-nodes" and "max-src-states" in pf. These allow to
	limit number of concurrent state table entries ("max"), number of
	source addresses that can simultaneously have state table entries
	("max-src-nodes") and number of simultaneous state entries per
	source address ("max-src-states") per rule.

	* LibExportDialog.cpp (accept): fixed bug #1015884: "Export more
	than one library fails with 0 references". Export library
	operation failed if user exported two libraries with groups or
	rules in one library referencing objects in the other.

2004-08-24    <vadim@vk.crocodile.org>

	* pfAdvancedDialog.cpp (pfAdvancedDialog): Implemented support for
	all timeout settings in pf: tcp.first,tcp.opening,tcp.established,
	tcp.closing,tcp.finwait,tcp.closed,udp.first,udp.single,udp.multiple,
	icmp.first,icmp.error,other.first,other.single,other.multiple, including
	adaptive timeout scaling options adaptive.start and adaptive.end


2004-08-23    <vadim@vk.crocodile.org>

	* FWBTree.cpp (getStandardSlotForObject): fixed bug #1014725:
	"adding new ICMP types". If user created service group with the
	name "ICMP", the GUI would place new ICMP objects under this group
	instead of the standard folder "ICMP". There was the same problem
	with other object types, too.

	* ObjectManipulator.cpp (simplifySelection): debugging in
	operations "delete object", "move object", "undelete". Making sure
	we can delete and undelete libraries, delete and move several
	objects at once, group several objects. There were problems if
	user selected several host or firewall objects using Shift-Click
	(although interface and address objects were not visible to the
	user, they were selected and acted upon in delete or move
	functions; this lead to unexected results or crashes).

2004-08-22    <vadim@vk.crocodile.org>

	* templates.xml.in: added template firewall objects for Linksys
	firewall and a web server.

	* templates.xml.in: fixed bug #1013957: "incorrect NAT rule in
	firewall created from template #3". The problem was caused by
	incorrect ip address of interface "dmz" in the template object #3.

	* pixAdvancedDialog.cpp (pixAdvancedDialog): implemented a backup
	ssh access rule. The user specifies management station IP in the
	firewall settings dialog for PIX and compiler adds a rule on top
	of all other rules to permit ssh from this address to the
	firewall.

2004-08-21    <vadim@vk.crocodile.org>

	* OSConfigurator_linux24.cpp (prolog): avoiding grep in the
	generated iptables script - Sveasoft Alchemy pre-5.2.3 does not
	have grep

	* API change: fixed bug #1012733: "configure --libdir=DIR will be
	ignored at installation". Needed to use macro _libdir to specify
	target directory for libraries. Used it in configure, qmake.in,
	libfwbuilder-config-2 and a .spec file

	* objects_init.xml.in: added new service objects to the Standard
	objects library: "xmas scan" (old object renamed "xmas scan -
	full"), rsync, distcc, cvspserver, cvsup, afp, whois, bgp, radius
	and radius acct, SSDP and UPnP. This fixes bug #1011248: "need two
	xmas scan service objects"

	* FWWindow.cpp (fileImport): function File/Import offers a choice
	of .fwl, .fwb and "all files" in the open file dialog. This fixes
	bug #1013485: "File/Import should allow to import .fwb file"

	* FWWindow.cpp (load): fixed bug #1008956: "Existing .fwb file
	gets overwritten if has wrong extension". If the GUI needs to
	rename a data file with old extension .xml to .fwb, it checks if a
	file with new extension exists and offers user a chance to choose
	a different name. It also treats symlinks in a special way: if
	user creates a symlink with extension .xml pointing at a file with
	extension .fwb, the GUI simply follows the link and works with
	.fwb file. This should work with Windows shortcuts, too. 

	* instDialog.cpp (instDialog): built-in installer uses shell
	prompt string patterns configured in the host OS settings dialog
	for linksys. This fixes bug #1013022: "can not install policy
	script on linksts Alchemy pre-5.2"

	* linksysAdvancedDialog.cpp (linksysAdvancedDialog): Added host OS
	settings dialog for linksys/Sveasoft. Dialog provides entry fields
	for paths to iptables, lsmod, modprobe, logger tools and two shell
	prompt string patterns, this should help to work around changes in
	the shell prompt on Linksys. This fixes bug #1013018: "host OS
	settings" dialog is missing for linksys

2004-08-20    <vadim@vk.crocodile.org>

	* ObjectManipulator.cpp (contextMenu): fixed bug #1009345: "Can
	only move one host object at a time between libraries"

	* ObjectManipulator.cpp (deleteObj): fixed bug #1013177: "deleting
	multiple hosts causes crash"

	* DTD change: fixed bug #1011617: "deleting physcal address object
	leads to the DTD violation"
	
2004-08-08    <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt_writers.cpp (_printDstService): fixed bug
	#1005148: "MAC matching - space missing". Space was missing
	between MAC address and custom service code.

2004-08-06    <vadim@vk.crocodile.org>

	* listOfLibraries.cpp (add): fixed compile problem on systems
	where QT is built without STL support

	* PolicyCompiler_ipt_writers.cpp (_printLimit): fixed bug #1004153
	"limit-burst = 0 is not valid". Iptables does not accept the rule
	using "limit-burst" option if it is set to zero.

2004-08-04    <vadim@vk.crocodile.org>

	* ObjectManipulator.cpp (pasteTo): fixed bug #1003068: "object
	copy/paste not always working". IP address object could not be
	placed under interface using copy/paste operation. Now ip address
	object can be pasted to interface as well as to Objects/Addresses
	folder.

	* FWWindow.cpp (fileDiscard): Operation File/Discard closes the
	file, discards all the changes that have been made to it and
	replaces it with a fresh copy of the head revision from RCS. This
	works if user wants to abort file upgrade when they switch to the
	new version of fwbuilder.

2004-08-02    <vadim@vk.crocodile.org>

	* FWObject.cpp (deleteChildren): fixed bug #1001833: "memory leak"
	- children objects were not deleted when FWObjectDatabase object
	was destroyed.

	* iptAdvancedDialog.cpp (accept): fixed bug #1002388: "Clamp MSS
	to MTU" option is missing in 2.0

2004-08-01    <vadim@vk.crocodile.org>

	* objects_init.xml.in: there were two TCP Service objects
	"linuxconf" in the Standard objects library. Object with ID
	id3AED0D6D has been removed. It seems this object has been
	duplicated long time ago (at least it was like this in 1.1.2)

	* FWObject.cpp (getPath): fixed bug #1001725: "object with empty
	name can not be deleted". the problem was caused by the algorithm
	used in FWObject::getPath. If object had had a blank name, the
	path returned by this method would end with the name of its parent
	without slash.

	* FWWindow.cpp (showFirewalls): fixed bug #1000485: "Firewalls in
	the drop-down box not ordered". List of firewalls in the pull-down
	that controls policy views is now alphabetically sorted on program
	startup.

	* utils.cpp (fillLibraries): fixed bug #1000862: "Creating groups
	in Deleted Objects". Library "Deleted objects" should not be
	offered as a choice for "group objects" operation.

	* ObjectManipulator.cpp (contextMenu): fixed bug #1001275: "object
	duplication fails w/ no action". GUI used to not allow user to
	duplicate IP address object. Now any object can be duplicated so
	that the copy is placed under the same parent, including IP
	address.

	* ICMPServiceDialog.cpp (applyChanges): fixed bug #1001521: "Cant
	create ICMP service". ICMP Service dialog did not save icmp code
	and type numbers in the object.

2004-07-29    <vadim@vk.crocodile.org>

	* 2.0 released, CVS tag set

2004-07-27    <vadim@vk.crocodile.org>

	* FWWindow.cpp (install): the GUI calls external installer script
	if it is configured in firewall settings dialog when user clicks
	'Install', otherwise it should use built-in installer.

2004-07-24    <vadim@vk.crocodile.org>

	* RuleSetView.cpp (insertRule): correctly copying rule direction
	when interface rule is copied/pasted

	* instDialog.cpp (selected): proper error messages for management
	interface misconfigurations

2004-07-20    <vadim@vk.crocodile.org>

	* ICMPServiceDialog.cpp (loadFWObject): ICMP service dialog allows
	for setting type and code to 'any' (-1)

2004-07-19    <vadim@vk.crocodile.org>

	* OSConfigurator_linux24.cpp (processFirewallOptions): fixed bug
	#992969: "argument to log should be quoted"

2004-07-14    <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cpp (processNext): working on bug #990037:
	"Wrong rule generated: fw interface included in negated
	group". Rules with negation should not generate code in
	INPUT/OUTPUT chains if option "assume firewall is part of any" is
	off.

	* ObjectManipulator.cpp (delObj): fixed bug #990675: "Application
	crashes when deleting objects"

2004-07-11    <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cpp (splitIfSrcNegAndFw): optimized
	processing of policy rules where firewall object is used in src or
	dst with negation (possibly in combination with other
	objects). Before, generated script would match firewall's
	addresses in INPUT/OUTPUT and FORWARD chains which added redundant
	checks in the FORWARD chain.

	* NATCompiler_ipt.cpp (processNext): fixed bugs #935794: "dual
	translation and negation in fwb_ipt" and #986376: "Wrong result
	for negated source in NAT rules". Dual translation rule with
	negation in OSrc did not process negation in the second half
	(POSTROUTING rule, the one that translates the source).

	* NATCompiler_ipt.cpp (processNext): fixed bug #965558: "False
	ruleset generated for iptables (negate w/ nat)". There were
	problems with double negations in NAT rules (OSrc and ODst, or
	ODst and OSrv, etc).

	* OSConfigurator_linux24.cpp (printPathForAllTools): fixed bug
	#988860: "Logging missing when firewall start is aborted". When
	iptables script generated by fwb_ipt finds missing interfaces,
	it prints error message both on stdout and sends it to the log.

2004-07-10    <vadim@vk.crocodile.org>

	* FWObject.cpp (_moveToDeletedObjects): now move deleted objects
	to the special library with id 'sysid99' rather than delete them
	completely. This serves two purposes:
		1. can easily provide for undelete function which is very
		useful
		2. can catch a situation when an object has been deleted
		fromt he external library but is still used in the data
		file

	* FWObjectDatabase.cpp: while merging object trees, checking for
	deleted objects. If an object is present in the current tree but
	has been deleted in the file being merged in, special form of
	conflict resolution dialog is shown. User has only one option - to
	delete the object from the file. Typical situation when this
	happens is when an object from external library is used in a rule
	or group in a data file, then this object is deleted in the
	external library. If this external library is preloaded and then
	the data file using this object is opened, conflict occurs because
	this object is present in the file but is in the "Deleted objects"
	in the library. The problem is that the library is read-only, so
	if we kept the object (actually, its copy coming from the data
	file), the user would not be able to delete it. So, not only
	object magically reappeared after it has been deleted from the
	library, it appeared in read-only library and can not be deleted
	anymore. To avoid this situation we must delete it in the file if
	it has been deleted in the library.
	
	* ObjectManipulator.cpp (delObj): "delete object" function moves
	it to "Deleted objects" library.
	
	* PrefsDialog.cpp (accept): Added checkbox "Show deleted objects"
	to the preferences dialog. If this option is on, user has access
	to deleted objects via library "Deleted objects". 

	* ObjectManipulator.cpp (contextMenu): pull-down menu item "Move"
	turns into "Undelete" if an object is in "Deleted objects"
	library. This provides for a simple undelete function.

	
2004-07-09    <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cpp (processNext): fixed bug #925199:
	"compiles wrongly a double negation". Policy compiler for iptables
	generated incorrect code for rules where two rule elements used
	negation (i.e. both src and dst, or dst and srv, etc.)

	* PolicyCompiler_ipt.cpp (prolog): fixed bug #978854: "false rule
	generated for fw object in interface rule". Policy compiler for
	iptables generated incorrect code for rules using negated firewall
	object in source or destination when global option "assume
	firewall is part of any" was turned off.
	
	* fwb_ipt: implemented Feature Request #913273: make "assume fw is
	part of any" a per-rule option
	
2004-07-08    <vadim@vk.crocodile.org>

	* FWWindow.cpp (setupAutoSave): Added an option for autosave - if
	this option is turned on, the gui periodically saves data to the
	file. The autosave interval can be set between 1 minute and 2
	hours.

	* ipt.cpp (main): fixed bug #917422: "compiler misinterprets
	interface with addr 0.0.0.0". If an interface has IP address
	"0.0.0.0", it is considered an error.
	
	* added option "strip comments in the script" to the installer
	  for Linksys and PIX

	* do "nvram uset rc_firewall" before loading fw script on
	  Linksys

	* added the following to the list of errors for Linksys
            /dev/nvram: Cannot allocate memory
          
	* skip table "mangle" when flushing iptables rules

	
2004-07-07    <vadim@vk.crocodile.org>

	* NATCompiler_ipt_writers.cpp (processNext): fwb_ipt does not
	include comments in the script if it is intended for linksys
	firewall. Linksys has small nvram and script should be kept small,
	otherwise it may not fit in nvram.

	* NATCompiler_pf.cpp (processNext): fixed bug #986518: "PF
	redirection always point to loopback address"

2004-07-06    <vadim@vk.crocodile.org>

	* instDialog4.cpp (stateMachineLinksys): Activating policy on
	Linksys/Sveasoft wothout reboot (using command "nvram get
	rc_firewall | /bin/sh" instead)

	* OSConfigurator_linux24.cpp (prolog): added an option to firewall
	platforms iptables, ipfilter, pf and ipfw that sets up a policy
	rule to permit ssh access from one specified IP address to the
	firewall regardless of other rules. This is for a backup ssh
	access from the management workstation in case of an error in the
	policy that locks user out of the firewall. The option (a checkbox
	and entry field for the management station address) is located in
	the "Compiler" tab of the firewall settings dialog. A command that
	permits ssh to the firewall from the given address is added on top
	of all other rules.

2004-07-05    <vadim@vk.crocodile.org>

	* RuleSetView.cpp (dropEvent): fixed bug #985187: "Usability bug:
	Copy objects from one rule to another". Dragging an object from
	one rule to another with Ctrl down makes a copy. If Ctrl is up,
	then the object is moved.

	* instDialog4.cpp (stateMachineLinksys): Added support for Linksys
	devices running Sveasoft firmware. Firewall object should be
	configured as platform "iptables", host OS "linksys". Policy
	installer works both using password and public key authentication.

	* NATCompiler_pf_writers.cpp (processNext): fixed bug #985527: pf
	NAT rules miss destination port specification. NAT rules that
	translate to "map" missed destination port specification.

	* main.cpp: the gui can now use external wrapper scipts for ssh
	and scp all the way (removed all direct references to commands
	"ssh" and "scp", use whatever is configured in preferences
	everywhere)

2004-07-04    <vadim@vk.crocodile.org>

	* RuleSetView.cpp (contextMenu): fixed bugs in the rule
	selection. The user can select one rule with a simple left-click
	on the rule number, or multiple consequtive rules using
	shift-left-click. Selecting non-ajacent rules with ctrl-click is
	not supported; ctrl-click acts as normal click. Right-click calls
	context menu and uses existing selection if click is on one of the
	selected rules, or resets it if click is outside of the selection.

2004-06-29    <vadim@vk.crocodile.org>

	* ObjectTreeView.cpp (dragObject): implemented drag and drop of
	multiple objects. User can select and then drag several objects
	from the tree to a group or a rule.

	* LibExportDialog.cpp (accept): a change in the export library
	algorithm. We now permit exporting several libraries to one file,
	but check that all these libraries have only references to each
	other and to objects in the Standard lib and have no references to
	objects in libraries that are not going to be exported to the same
	file. This ensures integrity of this file and helps avoid pulling
	objects from other libraries into it. User can edit objects in the
	exported libraries by opening this file as usual; the GUI does not
	preload libraries configured in Preferences/Libraries when .fwl
	file is opened and unlocks all libraries in this file so objects
	can be edited. This way user can edit objects and move them
	between libraries in the .fwl file.

2004-06-28    <vadim@vk.crocodile.org>

	* RCS.cpp (RCSEnvFix): fixed a bug (no #) that appeared only on
	Windows: the GUI failed to check a file in to RCS if it was
	launched by windows explorer via file extension association.

	* platform.cpp: pull-down "versions" is now translatable and says
	"1.2.9 or later" for iptables v > 1.2.9

2004-06-26    <vadim@vk.crocodile.org>

	* LibExportDialog.cpp: when a library is exported to a file, the
	program checks whether any groups or rules in this library use
	objects in the othe libraries. Only self-contained libraries can
	be exported.

2004-06-24    <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cpp (processNext): fixed bug #979484:
	"improper command for rule with servie any and action reject."
	For rules like that, and if rule options dialog does not specify
	particular way to handle this combination, the compiler splits the
	rule; the first iptables command rejects any tcp packet with TCP
	RST, while the second rejects everything else with ICMP message.

	* minor bugfixes in the gui

	* incorporated changes suggested by a user to make code compile
	with gcc 3.4

2004-06-23    <vadim@vk.crocodile.org>

	* LINGUAS: added Vietnamese translation .po file

	* FWBSettings.cpp (init): Option "do not save standard libraries
	in the user's data file" is now ON by default. User can still turn
	it off though.

	* FWWindow.cpp (save): Usability fixes in methods that work with
	libraries:

	  - libary files have extension .fwl
	
	  - preloaded libraries are always read-only (flag RO is set when
	  library file is loaded, regardless of the value this attribute
	  has in the file)

	  - user can open library file using normal File/Open
	  operation. Read-only flag is cleared when library file is
	  opened, so it can be edited. File can be added to RCS and saved
	  using normal File/Save or File/SaveAs operations.

	  - When user opens library file for editing, other libraries that
	  are configured in Preferences/Libraries are not preloaded.

	

2004-06-22    <vadim@vk.crocodile.org>

	* LibExportDialog.cpp (init): when object library is exported to a
	file, the file gets extension .fwl to distinguish it from the
	regular data file. The GUI allows to export only one library to a
	file.

	* FWWindow.cpp (fileDiscard): added main menu function
	"File/discard" which discard all changes that have been done to
	the data and saved to the file and checks out clean copy of its
	head revision from RCS. This provides for a quick way to roll back
	to the latest revision. Older revisions can be checked out from RCS
	using list of versions in the right hand panel in open file dialog
	(this creates a branch in RCS).

2004-06-20    <vadim@vk.crocodile.org>

	* IPv4Dialog.cpp (DNSlookup): "DNS Lookup" button in the IP
	address dialog runs dns query for the name of the address object
	and if that fails, repeats query for the name of the host or
	firewall object this address belongs to. If address object is in
	the folder "Addresses", it does only one DNS lookup on its name.
	
2004-06-18    <vadim@vk.crocodile.org>

	* ObjectManipulator.cpp (ObjectManipulator): disabled ability to
	drop objects into groups in the tree. It was confusing and not
	really useful. Objects can still be dropped into a group opened in
	the editor dialog.

	* ObjectTreeView.cpp (dragObject): enabled dragging of all objects
	in the tree. It turns out, QListView will highlight multiple items
	in the tree in Extended selection mode when user drags mouse
	across items _and_ the first item they started cursor move on is
	not drag-enabled. So, to avoid this unexpected highlighting
	behavior, need to enable drag of all objects. We then make sure
	that system folder can not be dropped anywhere.

2004-06-16    <vadim@vk.crocodile.org>

	* Compiler_ops.cpp (checkForShadowing): fixed bug #906709: "A
	dynamic interface". Dynamic interface used to "shadow" old
	broadcast object (0.0.0.0)

	* OSConfigurator_linux24.cpp (configureInterfaces): fixed bug
	#912849: "Reorder activation of network interfaces in IPT" -
	script generated by the compiler for iptables sets default policy
	to DROP, flushes all rules and then reconfigures interfaces of the
	firewall (it used to reconfigure intefaces and then flush the rules).

	* IPv4Dialog.cpp (DNSlookup): Button "DNS lookup" in the IP
	address editor dialog does DNS lookup on the address object name
	if the object is located in the "Addresses" folder, or on the
	parent host object name if it belongs to an interface of a host or
	a firewall.

	* ObjectManipulator.cpp (moveObject): refactored "move object"
	functions and added debug printing. Trying to debug crash reported
	by one of the users.

2004-06-15    <vadim@vk.crocodile.org>

	* ObjectEditor.cpp (hide): checking if screen position for the
	dialog is 0,0 and not storing this value. This should help to work
	around a weird bug where screen position of dialogs sometimes is
	returned as 0,0 when GUI runs in Gnome.

	* Object names and comments are stored in the object file in UTF-8
	format. This allows for names and comments to be entered and
	displayed in local languages. Although object names can be
	localized, it is recommended to keep firewall names in plain ASCII
	because compilers do not support UTF-8 yet. This fixes very old
	bug #657156: "Special characters problem".

2004-06-13    <vadim@vk.crocodile.org>

	* init.cpp (init): the program uses reasonable default for the
	directory where user might want to save their data files on each
	OS. ( $HOME on Unix, $HOME/Documents on Mac,
	$USERPROFILE/Documents in windows)

	* ObjectManipulator.cpp (updateObjName): whenever user changes the
	name of a firewall, host or an interface object, the GUI asks
	whether they want to also rename all IP and MAC addresses that
	belong to that firewall or host. If user agrees to rename them,
	the program generates names automatically using scheme
	'host_name:interface_name:ip' and 'host_name:interface_name:mac'

2004-06-12    <vadim@vk.crocodile.org>

	* newHostDialog.cpp (selected): implemented "new host"
	wizard. User can choose to add interfaces manually or can use a
	library of predefined host object templates.

2004-06-10    <vadim@vk.crocodile.org>

	* PolicyCompiler_pf_writers.cpp (_printDstService): fixed a bug
	(no number) where fwb_pf would not include code defined by custom
	service object in the .conf file

2004-06-08    <vadim@vk.crocodile.org>

	* ObjectManipulator.cpp (copyObj): implemented multi-object and
	multi-rule copy/cut/paste operations

	* ObjectManipulator.cpp (moveObject): implemented "move object"
	operation - moves object to another library; operation is accessed
	via pull-down menu in the object tree.

2004-06-06    <vadim@vk.crocodile.org>

	* ObjectManipulator.cpp (groupObjects): added ability to select
	multiple objects in the tree. Currently the following operations
	are performed on multiple objects: delete, duplicate, group.

	* ObjectManipulator.cpp (groupObjects): operation of grouping of
	selected obejcts. User selects several objects in the tree and
	choses menu item "group" in the pull-down menu; the GUI brings up
	a dialog asking for the new group name and a library it should be
	put in. New group is created and all selected objects are
	automatically added to it when user hits "Create group" button.

2004-06-05    <vadim@vk.crocodile.org>

	* pixAdvancedDialog.cpp (accept): added "Installer" tab to the PIX
	firewall settings dialog

	* FWBSettings.cpp (getScreenPosition): checking if the window fits
	in the screen before restoring its geometry.

	* ObjectListView.cpp (dragObject): setting hot spot in the center
	of the object icon for drag and drop.

	* FWObjectPropertiesFactory.cpp (getObjectPropertiesDetailed):
	showing group members in tooltips and conflict resolution dialog

	* ObjectEditor.cpp (ObjectEditor): redesigned ObjectEditor
	class. All individual object editor classes are now inherited from
	QDialog and are top-level windows. Class ObjectEditor is just a
	manager that opens and hides appropriate dialog and manages its
	size and position on the screen. Geometry is remembered separately
	for each dialog for each object type, so we can have group object
	editor open wider than, say, IP service object editor. Each object
	editor has its optimal size.

	* pfAdvancedDialog.cpp (pfAdvancedDialog): yet another redesign of
	PF firewall settings dialog. Using individual checkboxes to
	enable/disable each "limit" and "timeout" option

	* ipt.cpp (main): all compilers do not create any files if there
	was an error during rule processing (not even empty ones)

2004-06-04    <vadim@vk.crocodile.org>

	* RuleSetView.cpp : Info window shows properties of an object
	selected in rules
	
	* RuleSetView.cpp (paintCell): added tooltips for objects in the
	policy view, using the same detailed properties text that is used
	for Info panel.

	* iptAdvancedDialog.cpp (accept): the actual command that
	installer should run on the firewall to activate the policy can
	now be specified in the "installer" tab of firewall settings
	dialog for all platforms. If this input field is left blank,
	installer will run firewall script, using sudo if user name used
	to authenticate to the firewall is not 'root'. On Windows,
	installer also does chmod +x on the file.

	* FWBSettings.cpp (setSSHPath): directory path and a file name for
	the secure file transfer and secure shell utilities can be
	configured in the Preferences (tab "SSH"). This allows for using
	of different SSH packages on Windows, as well as using SSH
	installed in a non-standard directory on Unix.

2004-06-03    <vadim@vk.crocodile.org>

	* ObjectTreeView.cpp (dragObject): standard folders in the tree
	can not be dragged into groups or rules and open/close on double
	click. Regular objects open editor on doubleclick.

	* ipt.cpp (main): compiler for iptables sets up PATH environment
	variable at the beginning of the generated script. This is
	particularly useful if policy is compiled on windows or mac for
	Linux firewall that runs unknown version of Linux, so we cant be
	sure where standard tools such as iptables, lsmod etc are
	located. Most systems place them in /sbin, but for example SuSe
	places iptables in /usr/sbin. If policy is compiled on one of the
	Linux systems, we assume generated script will run on the same
	system (which may not be true, btw), but if we compile on Windows,
	there is no way to know where these tools are located
	beforehand. In this case we need PATH. User can always override
	this behavior and specify full path to all tools explicitly.

2004-06-02    <vadim@vk.crocodile.org>

	* linux24.xml.in: changed "Linux 2.4" to "Linux 2.4/2.6" in all
	menu

	* iptAdvancedDialog.cpp (iptAdvancedDialog): removed "log all
	dropped packets" option from the firewall settings dialog for
	iptables. This option required p-o-m patch that has become
	obsoleted and is not included in p-o-m anymore.

	* FWWindow.cpp (install): when user hits "Install", the GUI checks
	if objects in the database were modified since policy of a
	firewall has been compiled last time. If existing policy file is
	older than the database, program offers the user to compile it
	before it is installed. There are options to recompile, install
	old copy or cancel the operation.

2004-05-31    <vadim@vk.crocodile.org>

	* RuleSetView.cpp: Added support for operations that act on
	multiple rules: setting rule color, moving to a different position
	in rule set, disabling/enabling, deleting. User can select
	multiple rules by dragging mouse across several rows in the column
	that shows rule numbers. Copy/Cut/Paste operations of multiple
	rules are not supported yet.


2004-05-29    <vadim@vk.crocodile.org>

	* RuleSetView.cpp (dragObject): implemented drag-and-drop of
	objects in the rules

	* utils.cpp (setDisabledPalette): all entry fields in the object
	editor are disabled if an object is read-only or is located in
	read-only library. Object editor is still opened for read-only
	objects, but since all fields are disabled, changes are not
	allowed. Opening object editor for read-only and standard objects
	allows for inspection of their properties.

	* FWWindow.cpp (load): file objects_init.xml does not include
	empty "User" library anymore. Instead, this library is created
	dynamically using method FWBTree::createNewLibrary when user
	creates new data file. This simplified things since 1) "User"
	library now has unique random ID in every data file so it can be
	safely exported and then imported back without any conflicts; 2)
	since its ID is unique, it can be renamed without creating any
	conflicts. The library is only created in FWWindow::load()
	(i.e. when new data file is created). It is not created when
	existing data file is loaded because it is supposed to be
	there. Old data files that still have this library with
	semi-standard ID will load it as before, but the ID loses its
	standard meaning.

2004-05-23    <vadim@vk.crocodile.org>

	* filePropDialog.cpp (filePropDialog): added "File properties"
	main menu item and dialog

	* debugDialog.cpp (debugDialog): added "debug" menu item under "Help"

2004-05-20    <vadim@vk.crocodile.org>

	* instDialog.cpp : built-in installer works with all supported
	firewall platforms: iptables, ipf, pf, ipfw and pix.
	
	* instDialog.cpp (instDialog): built-in installer reads list of
	files that policy compiler generated for a given firewall object
	("manifest") from the .fw file and installs them on the
	firewall. One file in the manifest needs to be marked as
	executable, installer runs it after all files are copied.

	* all policy compilers: all compilers include a list of files
	generated for a given firewall object ("manifest") in .fw file.

2004-05-18    <vadim@vk.crocodile.org>

	* RuleSetView.cpp (contextMenu): split long context menu that used
	to be shown when user clicked right mouse button on an object in a
	rule. Now this menu has only actions related to the object, while
	actions for the whole rule belong in the context menu shown when
	user clicks right mouse button on the rule number.

	* fr.po, ru.po: checked in updated French translation by
	Jean-Michel Poure and added some rudimentary Russian
	translation. Both translations are done in UTF-8. 

2004-05-15    <vadim@vk.crocodile.org>

	* init.cpp (init): define global var localepath that is
	initialized with a path to the directory where translation files
	(*.qm) are installed. This path is defined as $respath/locale on
	all systems (on Unix this typically is
	/usr/share/fwbuilder/locale, while on Windows and Mac it will be a
	subdirectory "locale" in the directory where the binary is
	installed)

2004-05-14    <vadim@vk.crocodile.org>

	* ColorLabelMenuItem.cpp (ColorLabelMenuItem): implemented RFE
	#725461: "Colors". Added ability to color-code rules in the
	policy. User can pick one of the 7 predefined colors (plus none)
	in the pop-down menu that appears when they right-mouse-click on
	the policy or NAT rule. Custom text can be associated with each
	color using a panel in the Preferences dialog, this text appears
	as a tool tip when user flies mouse cursor over color buttons in
	the pop-down menu.

2004-05-12    <vadim@vk.crocodile.org>

	* src/gui/ui: QT's ui translator uic creates code in this directory.
	This allows me to add generated files to the internationalization
	infrastructure (include in the .pot file). also added *.cpp files
	in src/gui/ui to cvs so translators can look at them to better understand
	context without having full QT development environment.

2004-05-09    <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cpp (processNext): fixed bug #934949:
	"duplicate rules". fwb_ipt created duplicate rules for a bridging
	firewall if fw object or its interfaces or their addresses were
	not in the source or desintaion

2004-05-04    <vadim@vk.crocodile.org>

	* newFirewallDialog.cpp (accept): "new firewall" wizard can create
	a new firewall object using predefined templates from the file
	templates.xml (the file is a pat of the package and is installed
	in /usr/share/fwbuilder on Linux and in c:\FWBuilder\resources on
	Windows). User picks a template and the program creates a
	duplicate of the template object in the "User" object library. The
	wizard page where user picks template shows a diagram of the
	firewall configuration that illustrates its interfaces, their
	configuration and addresses. Comment text associated with template
	object explains its specific properties and is shown on the page
	as well.

2004-05-02    <vadim@vk.crocodile.org>

	* templates.xml.in : a library of firewall object templates. This
	library is a part of the distribution and is installed in
	${prefix}/share/fwbuilder on Linux and BSD and in
	C:FWBuilder/resources on windows (the same dir where standard
	objects are installed). This library is not loaded by default
	though.
	
	* listOfLibraries.cpp (listOfLibraries): Added a page to the
	preferences dialog to manage add-on libraries. The GUI maintains a
	list of available add-on libraries and allows user to define which
	ones will be automatically loaded when the GUI is started. The
	program always adds "standard" and "templates" libraries to the
	list, then scans directory $HOME/.fwbuilder/lib/ (
	C:\FWBuilder\lib on windows) and adds all .fwb files found there
	to the list. It stores list of libraries in the user's preferences
	together with a boolean flag that is set if a library should be
	loaded on a start-up. Library added using main menu "Import
	Library" is also added to the list so the user can make the
	program load it automatically.

2004-04-29    <vadim@vk.crocodile.org>

	* Makefile.in: Added support for internationalization.  Using
	gettext 0.14.1. This is the first version where support for QT
	lanuage files is available, but it is not available in RedHat or
	other Linux distributions yet. Therefore had to copy some m4 macro
	colelctions from example to directory 'm4', as well as copied a
	Makefile.in and script remove-potcdate.sin to directory 'po'. New
	version of xgettext recognizes standard QT localization method
	tr() and can generate usual .pot files from strings used with
	it. The nwe msgfmt can generate .qm files from translated .po
	files.
		

2004-04-25    <vadim@vk.crocodile.org>

	* instDialog.cpp (cmd): this method can be used whenever we need
	to execute several commands on the firewall sequentially.

	* (instDialog): install dialog hides incremental install options
	if 'diff' program can not be found (perhaps compiler that comes
	with it is not installed)

	* instDialog2.cpp (PIXincrementalInstall): integrated with
	fwb_pix_diff
	* instDialog2.cpp (PIXbackup): implemented function that stores
	backup copy of firewall configuration in a file

2004-04-18    <vadim@vk.crocodile.org>

	* findDialog.cpp (find): 'find object' function is implemented by
	means of an external modeless dialog that allows for searching in
	the tree and or policy rules and supports matching with regular
	expressions.

	* newFirewallDialog.cpp (getInterfacesViaSNMP): 'new firewall'
	wizard can discover interfaces using SNMP. Finished work on the
	page where user can arrange interfaces according to their security
	levels.

2004-04-15    <vadim@vk.crocodile.org>

	* newFirewallDialog.cpp (accept): added 'new firewall'
	wizard. Still need to work on the page where user sets security
	levels of interfaces.

2004-04-14    <vadim@vk.crocodile.org>

	* VERSION (BETA): added a variable in the VERSION file that
	designates code revision as beta and stores beta testing period
	expiration time (+30 days). Currently only About dialog shows this
	time, but in the future I may make the program disable itself if
	it is used past this time. The released version won't have this
	limitation. This can be used to prompt people to upgrade, so I do
	not have to support old versions.

2004-04-11    <vadim@vk.crocodile.org>

	* FWBSettings.cpp (restoreGeometry): added ability for dialogs to
	automatically remember and restore their geometry (size and
	relative position on the screen). Currently only main window, conflict
	resolution dialog and object editor dialogs do this. Geometry is
	stored in preferences. Main window comes up with a default geometry
	100,100,750,600 (x,y,w,h) when no geometry is found in settings.

2004-04-10    <vadim@vk.crocodile.org>

	* FWWindow.cpp (ConflictResolutionPredicate): implemented conflict
	detection and resolution for the "merge" operation. The same
	mechanism works for "open file" since it is also based on
	merge. When there is a conflict during merge, the program opens a
	dialog and asks the user which copy of the object they want to
	keep.

2004-04-09    <vadim@vk.crocodile.org>

	* instDialog3.cpp (stateMachineSSHSUDO): builtin installer works
	with Linux/BSD systems using combination of ssh on the client side
	and sudo on the firewall. User provides a password for
	authentication and the program logs in into the firewall as that
	user, copies firewall script to "/etc/fw" (directory path is
	hardcoded), then executes it using sudo. Sudo should be configured
	for this user or group she belong to to be able to execute this
	script as root with no password.

2004-04-08    <vadim@vk.crocodile.org>

	* instDialog.cpp (instDialog): added universal (hopefully) policy
	installer program. The program uses ssh in a background on both
	Unix and Windows (on Windows it requires putty/plink) to
	communicate with the firewall. Currently only supports PIX but I
	will add Linux/BSD later. Installer GUI asks user for a password.

2004-04-07    <vadim@vk.crocodile.org>

	* RuleOptionsDialog.cpp (loadFWObject): added rule options dialog
	for ipt

2004-04-06    <vadim@vk.crocodile.org>

	* FWWindow.cpp (search): implemented advanced search method that
	finds and highlights objects both in the tree and in any rule of
	any firewall. This resolves problem outlined in Feature Request
	#837448: '"Where used" only shows fw objects'

2004-04-04    <vadim@vk.crocodile.org>

	* FWWindow.cpp (save): implemented saving data file without making
	copies of objects in the 'Standard' library (Feature Request
	#810504). This feature is considered experimental and is off by
	default. An option in Preferences dialog activates it.

	* FWWindow.cpp (load): All load is done via merging of the loaded
	file with a standard object tree. Now we can load files saved
	without copies of unused standard objects.

	* FWWindow.cpp (fileImport): implemented data import. Using method
	FWObjectDatabase::merge to merge imported data with current object
	tree. Only object IDs are compared, so modified standard object in
	the imported file will be ignored and its changes will be lost.

2004-04-03    <vadim@vk.crocodile.org>

	* export.cpp (exportLibrary): Implemented library export

	* StartWizard.cpp (StartWizard): added simple startup wizard that
	asks user if they want to open existing file or create a new
	one. It also sets some useful preferences such as adds new file to
	RCS and makes the program automatically open it when it is started
	next time.

	* OSConfigurator_linux24.cpp (generateCodeForProtocolHandlers):
	Fixed bug #956544: "Error into load modules script generation",
	where generated script would not load kernel modules with names
	"module.ko.gz". Regular expression should match on ".ko.*$" to
	find these modules properly. Thanks to Andrey Kaminsky
	<and@fao.lv> who pointed this out.

	* RuleSetView.cpp (doubleClicked): double-clicking on an object in
	the policy rule opens that object in the editor

2004-04-02    <vadim@vk.crocodile.org>

	* ObjectManipulator.cpp (ObjectManipulator): using combobox widget
	instead of a tab widget for libraries. This way we can fit more
	libraries without making interface cluttered.

2004-03-31    <vadim@vk.crocodile.org>

	* ipt.cpp (main): the GUI saves path to the DTD and resources in
	user's settings using QT QSettings class. Policy compilers and
	other tools can read this setting to quickly determine location of
	DTD and resources.

2004-03-29    <vadim@vk.crocodile.org>

	* getting rid of STL classes in the GUI. The idea is to make GUI
	use QT classes in most of the code and use STL classes such as
	'string', 'map', 'list' where it has to pass data to and from API
	which is STL-based. This should simplify using QT compiled without
	STL support (much less conversions between string and QString).

2004-03-28    <vadim@vk.crocodile.org>

	* main.cpp (main): the data file can be specified on a command
	line both as an argument for option '-f' and after all
	options. Option '-f' is preserved for compatibility with old
	versions. Preferred method is to specify the file name as a
	parameter without any option: "fwbuilder file.fwb"

2004-03-27    <vadim@vk.crocodile.org>

	* platforms.cpp (getVersionsForPlatform): usability improvement:
	"combo boxes" that do not allow typing in them should not have
	empty choices. Fixed this for a drop-down menu of version numbers
	in firewall dialog.

2004-03-26    <vadim@vk.crocodile.org>

	* RuleSetView.cpp (insertRule): counting rules from zero in the GUI

	* (RuleSetView): this is not a change, I just wanted to document
	that I tested the GUI with a policy that has 1000 rules. I haven't
	noticed any delay in loading this policy compared with when it had
	<100 rules.

2004-03-25    <vadim@vk.crocodile.org>

	* FWWindow.cpp (fileSaveAs): gui automatically chooses working dir
	if none is set and user calls 'file save as' menu item :
	 * on Unix will use current dir.
	 * on Windows will use user's document dir.

	* NATCompiler_ipt.cpp (processNext): added a workaround for a bug
	(no number): if address range object was used in SNAT or DNAT rule
	and option 'manage virtual addresses' was on, compilerwould not
	add virtual address properly. It still won't do it, but at least
	there is a check for this situation and it prints appropriate
	warning message. The problem with this is that if the range is
	large, we end up with potentially lots of virtual addresses. Let
	the user deal with this themselves.

	* ipt.cpp: compiler(s) understand new command line option '-R',
	which should specify a full path to the resources. This is useful
	on Windows and Mac where resources are installed in a non-fixed
	place by the GUI package, but need to be used by the compilers.

2004-03-24    <vadim@vk.crocodile.org>

	* ObjectManipulator.cpp (contextMenu): each system group object in
	the tree has an item in its pop-down menu that allows user to
	quickly add an object to that group.

	* IPv4Dialog.cpp (DNSlookup): added ability to determine IP
	address of an Address object using DNS lookup (using QDns class)

	* FWBSettings.cpp (FWBSettings): explicitly setting scope for
	QSettings as "User"

2004-03-22    <vadim@vk.crocodile.org>

	* ObjectManipulator.cpp (addTreePage): added attribute 'ro' to all
	elements in DTD (see API). This provides for a way of locking down
	parts of the tree.

	* ObjectManipulator.cpp (addTreePage): read-only subtrees are
	marked with an icon of a lock and text 'read-only'
	
	* objects_init.xml : standard objects tree is now read-only. User
	objects can not be moved into 'standard' tree and standard objects
	can not be edited but can be duplicated (a copy is automatically
	created in the first user-defined library, most often it is a
	library 'User')

	* FWWindow.cpp (install): GUI supplies a path to the firewall
	object as a parameter to installation script rather than just its
	name (as before). This is because the path has changed when
	library element has been added. Changes made in the GUI (send path
	instead of name) and in fwb_install script (to make it interpret
	path).

2004-03-21    <vadim@vk.crocodile.org>

	* pixosAdvancedDialog.cpp (pixosAdvancedDialog): 'advanced host
	settings' dialog for PIX

	* RuleSetView.cpp (contentsMousePressEvent): selectedObject is
	chosen in mouse press and key press even handlers; got rid of
	currentChanged slot all together. This eliminated flicker that was
	caused by extra repaint of the cell when selected object was
	chosen in currentChanged slot.

2004-03-20    <vadim@vk.crocodile.org>

	* DialogData.cpp (DialogOption): universal class to load and save
	data in dialogs

	* pixAdvancedDialog.cpp (pixAdvancedDialog): 'advanced' firewall
	options dialog for PIX. Implemented tabls 'Compiler options',
	'Prolog/Epilog', 'Timeouts' and partially 'Fixups'. Fixup pages
	are disabled using resource string that defines which fixups are
	available in certain PIX version.

	* FirewallDialog.cpp (openFWDialog): firewall dialog saves version
	from the widget to the object before opening 'advanced' firewall
	options dialog. This is a departure from the dialog logic where
	all data is stored when user clicks 'Apply changes' button. 

2004-03-19    <vadim@vk.crocodile.org>

	* FWBSettings.cpp: added support for an "object autosave" option
	(automatic saving of changes in dialogs while switching between
	objects)

	* RuleSetView.cpp (insertRule): added main menu items "insert
	rule" and "add rule after current"

	* RuleSetView.cpp (contextMenu): added pop-up menu items for
	adding, removing and moving rules up and down, as well as standard
	copy/cut/paste operations on moves. Similar menu items added to
	the main menu.

	* RuleSetView.cpp (paintCell): implemented double-buffering in
	paintCell to improve performance and remove flickering

2004-03-17    <vadim@vk.crocodile.org>

	* FWBSettings.cpp: saving the size of the info window in settings

	* RCSFileDialog.cpp (RCSFileDialog): 'open file' dialog
	automatically looks for files in the working directory configured
	in a global preferences dialog.

	* main.cpp (main): added a global setting "startup action" in
	Preferences. Currently two actions are available: "load standard
	objects" and "load last edited file".

	* FWBSettings.cpp (FWBSettings): a specialized wrapper for
	QSettings. I will be adding methods to this class to simplify
	access to whatever global program preferences and options I
	need. Currently it supports 'working dir' and 'info window style'
	settings. Settings are stored in a platform-depended way as
	QSettings does it.

2004-03-16    <vadim@vk.crocodile.org>

	* NATCompiler_ipt_writers.cpp (_printOPorts): minor bugifx - fixed
	typo ( '==' -> '=' )

	* ObjectEditor.cpp (closeEvent): object editor checks for
	modifications before closing if user closes it using window
	manager buttons.

	* FWWindow.cpp (unselectRules): the main window maintains single
	selection across objects in the tree and in the policy
	view. Selecting an object in the tree automatically unselects
	object in the policy and vice versa. Now I can implement
	copy/cut/paste functions driven by the main menu; these operations
	will work on the currently selected object either in the tree or
	in the policy.

	* FWWindow.cpp (editCut): copy/cut/paste operations work between
	the tree and policy views using both context menus and main
	menu.

	* ipt.cpp: output stream is created with a mode ios::binary on
	Windows

	* RCS.cpp (isDiff): having problems with rcsdiff.exe in windows,
	for now will assume that the file always changes and needs checkin
	comment.

2004-03-15    <vadim@vk.crocodile.org>

	* RCS.cpp (co): using windows-specific functions to create a
	temporary file for the file checkout

	* global.h: added redefinition of macro assert to be able to use
	it on windows where we compile without debugging info. (the reason
	I do not build Debug version on win32 is because I use precompiled
	libraries libxml2 etc that are built using Release CRT, and I
	can't mix different runtimes).

	* RCS.cpp (co): GUI makes sure that if the file has been opened
	and locked by a user, another user can only open it read-only. The
	same user has a choice of opening it read-only or read-write. The
	latter case is useful in case of a program crash that leaves
	opened files in the locked state.

	* RCS.cpp (co): added ability to open older revision of the file
	read-only. Requested revision is checked out into temporary file,
	which is then loaded and immediately deleted. The object tree is
	locked read-only and 'save' and 'save as' operations are disabled.

2004-03-14    <vadim@vk.crocodile.org>

	* RCS.cpp (add): using "rcs -i -kb" to add a file to RCS, this
	should help avoid extra CR in the file while working on windows
	because it makes RCS use binary mode while working with the file.

2004-03-13    <vadim@vk.crocodile.org>

	* ObjectManipulator.cpp: GUI redesign: switched to a single window
	design. Object manipulation happens inside three classes:
	ObjectManipulator (the tree widgets and algorithms), ObjectEditor
	(a stack of editor widgets and a glue logic), obejct info browser
	(class QTextBrowser). Object editor appears as a non-modal dialog
	when user double-clicks an object in the tree. Single click
	updates data in the info window but does not open the
	editor. Objects can be selected in the tree in any supported way -
	keyboard arrows, keyboard shortcuts, hitting the first letter of
	the objects's name, mouse click. In any case, appropriate object
	is selected and info window is updated with its attributes.

	Info window has three modes: collapsed (there is no info window),
	showing only comment attrbibute and showing brief summary of
	object's parameters and a comment. User can switch between modes
	using a button located on the main window panel directly under the
	info widget.
	
2004-03-12    <vadim@vk.crocodile.org>

	* build environment is based on qmake: file qmake.inc is included
	from qmake project files in all subdirectories. File qmake.inc
	defines all variables for all platforms, so project files in
	subdirs only add lists of files and take care of exceptions. File
	qmake.inc is generated by configure, but all substitutions are
	only needed for Unix and Mac. This file is checked in to cvs so it
	could be used on Windows without a need to run configure.

	All qmake project files in subdirectories need no substitutions
	by configure, so they all are checked in to cvs and can be used on
	windows right away.

	Qmake project files fwbuilder2.pro and src/src.pro use template
	'subdirs' and make qmake descent into subdirectories and rebuild
	projects there.
	
	Now using qmake to generate Makefile and MSVC project files in
	src/fwblookup, src/fwbedit, src/ipt. Makes it easier to generate
	consistent MSVC projects without having to edit them manually.
 
	resource files (src/res/*.xml and src/res/*/*.xml) are generated
	by configure, however, since substitutions made in them are only
	relevant on Unix and Mac, generated files are checked in to cvs so
	they can be used on windows without running configure.

	No need to run configure (or autogen.sh) on Windows anymore.

	To build on Unix and Mac:
	 $ autogen.sh
	 $ make
	 $ make install

	To build on windows:

	run qmake, then make in the root dir. of the project
	Open fwbuilder2.dsw in MSVC and rebuild all
	
	* NATCompiler_ipt.cpp, PolicyCompiler_ipt.cpp and others in
	src/ipt: code cleanup. Removed all unused variables and added
	handling for 'default' case in switch operators.


	
2004-03-10    <vadim@vk.crocodile.org>

	* FWWindow.cpp (compile): implemented main menu items "Rules/compile"
	and "Rules/install". Still need to add toolbar buttons though.

	* execDialog.cpp (execDialog): a dialog for a background execution
	of external commands. This class is used to call external policy
	compilers and installer scripts. Uses QT class QProcess.

	* ipt.cpp: transfered compiler for iptables over to fwb2. Only
	minor changes: new file name schema (*.h, *.cpp); proper choice of
	the directory where resource files are located; eliminated last
	dependencies on glib

2004-03-09    <vadim@vk.crocodile.org>

	* iptAdvancedDialog.cpp (accept): firewall settings dialog saves
	all data in the object.

2004-03-07    <vadim@vk.crocodile.org>

	* iptAdvancedDialog.cpp (iptAdvancedDialog): firewall settings
	dialog for iptables. Saving of the data back in the firewall
	object is not implemented yet.

	* DialogFactory.cpp (createDialog): DialogFactory: class that
	creates dialogs for all object types.

	* FWBTree.cpp (FWBTree): refactored code: all methods that enforce
	our standard tree structure now belong to the class FWBTree

	* TimeDialog.cpp (applyChanges): added dialog for the Time
	interval object.

2004-03-06    <vadim@vk.crocodile.org>

	* GroupObjectDialog.cpp (setupPopupMenu): added pop-up menu in the
	group view (both icon and list modes) with oprations
	copy,cut,paste and delete.

	* all dialogs: object is moved from library to library when user
	clicks 'apply changes' (before it would move immediately when the
	library was changed in the pop-down menu).

	* CustomServiceDialog.cpp (loadFWObject): added dialog for the
	Custom Service object

2004-03-05    <vadim@vk.crocodile.org>

	* PropertyEditor.cpp (copyObj): added pop-up menu to object tree
	view; implemented functions 'duplicate', 'copy', 'cut', 'paste'

2004-03-04    <vadim@vk.crocodile.org>

	* ObjectTreeView.cpp (contentsMouseReleaseEvent): objects in the
	tree are selected with double-click. 


2004-03-03    <vadim@vk.crocodile.org>

	* RuleSetView.cpp (getRE): added platform capabilities check for
	columns 'Time' and 'log/options' in policy views

	* RuleSetView.cpp (dragMoveEvent): support for d&d of Time objects

2004-03-02    <vadim@vk.crocodile.org>

	* InterfaceDialog.cpp (loadFWObject): added dialog elements for
	interface security level, 'external' checkbox, network zone.

	* RCS.cpp (isDiff): added a wrapper for rcsdiff in RCS class

2004-02-29    <vadim@vk.crocodile.org>

	* PropertyEditor.cpp (createObject): properly creating interfaces
	and addresses for the firewall object

	* further testing and improvements in RCS integration

2004-02-28    <vadim@vk.crocodile.org>

	* FWWindow.cpp (load): file can be opened with or without RCS, a
	head revision or any specific revision, read-write or
	read-only. File name, revision number and read-only status is
	displayed on the main window's title bar.

	* FWWindow.cpp (load): added ability to open data files read-only

	* RCS.cpp (RCS): refactored the code, made class RCS a wrapper for
	the command-line rcs tools. It should be possible to use the same
	or similar interface for other version control system if needed.

2004-02-26    <vadim@vk.crocodile.org>

	* RCSFilePreview.cpp (showFileRLog): Open File dialog shows RCS
	revisions of the chosen file in a preview panel. Added button "add
	to RCS" that allows user to add selected file to RCS right from
	the "open file" dialog. Added elements for opening file read-only
	and with or without locking (but these functions have not been
	implemented yet).

2004-02-23    <vadim@vk.crocodile.org>

	* RCS.cpp (rlog): class RCS provides simple integration with
	RCS. Uses portable functions provided by QT to call external RCS
	programs.

	* configure.in: added checks for external RCS programs ci, co,
	rlog.
	
2004-02-22    <vadim@vk.crocodile.org>

	* FWWindow.cpp: added basic integration with RCS. Every time a
	data file is opened, it is checked out from RCS and locked. If the
	file has not been added to RCS, an initial checkin is performed
	with a generic comment. Every time an opened file is saved (using
	"save" or "save as" menu), it is checked in and kept in a locked
	state. A new menu item "File/Close" has been added; this menu item
	checks the file in and removes lock (does 'ci -u') so other users
	can work on it, then it reopens a standard objects database in the
	GUI. Opening a file while another file is already opened in the
	GUI causes the latter to be closed (checked in and lock removed)
	and a new one opened as described above.

	still TODO: add a dialog to ask the user for a checkin comment
	text. Add a global option "Use RCS" so that using version control
	is optional. Test the whole thing on Windows.
	
2004-02-16    <vadim@vk.crocodile.org>

	* PropertyEditor.cpp (PropertyEditor): added dialogs for
	interface, MAC address, network, address range and other objects.

	* FWObjectDrag.h: implemented custom drag class FWObjectDrag; all
	widgets dynamically check if the object being dragged can be
	dropped in them. User can drag objects from the tree into groups
	and rules, as well as from a group into the tree.

2004-02-08    <vadim@vk.crocodile.org>

	* IPServiceDialog.cpp (libChanged): implemented gui elements and
	support for moving objects between libraries.

2004-01-20    <vadim@vk.crocodile.org>

	* added dialog for object IPv4. This object can now be created in
	a standard place in the tree in a group Objects/Addresses as well
	as as a child object of interface (as before in fwbuilder 1). This
	allows for using object IPv4 as an abstract for an IP address
	which is simpler than using a Host object.
	
2004-01-04    <vadim@vk.crocodile.org>

	* GroupObjectDialog.cpp: Experiment: user and standard object tree
	views have different background colors. This provides simple
	visual clue of what library the object shown in the editor panel
	belongs to. This is especially useful if a standard object is
	referenced from the user defined group and user opens it; in this
	case the tree switches from user-defined objects to the standard
	onces but this switch may not be evident from the first glance,
	thus user loses context and may be confused why his objects
	apparently have gone away.

2004-01-03    <vadim@vk.crocodile.org>

	* PropertyEditor.cpp (PropertyEditor): property editor has window
	type "dialog" and always stays on top of the main
	window. Implemented simple history feature for the object
	navigation and added a button "Back" to the toolbar.

	* GroupObjectDialog.cpp (loadFWObject): group object dialog can
	now show group contents as a set of icons or as a list; switching
	between two modes is done using toggle buttons a-la file list
	modes in the "open file" dialog.

	* PropertyEditor.cpp (loadObjects): merged object tree and object
	property editor in one dialog.

2003-12-20    <vadim@vk.crocodile.org>

	* main.cpp (main): resources and preferences files can now be
	found dynamically, using a full path to the directory the binary
	has been launched from. The RES_DIR macro defined in config.h
	now specifies relative path to the resource files starting from
	the application root dir. If program is installed in
	/usr/local/bin, then the application root is "/usr/local" and
	resources should be located in /usr/local/$RES_DIR directory.

