                         Firewall Builder Release Notes

Version 2.0.2

   Released 08/31/04
   GUI and compilers v2.0.2 require API library libfwbuilder version 2.0.2

Summary

   Firewall Builder GUI v2.0.2 is a maintenance release that includes fixes
   for bugs discovered since 2.0.1 has been released.

   For those who wish to build from source, instructions are outlined in
   "Install and Build instructions"

General

     * Updated FreeBSD ports, tested on 5.3-BETA

New standard objects

     * added new service objects to the Standard objects library: "xmas scan"
       (old object renamed "xmas scan - full"), rsync, distcc, cvspserver,
       cvsup, afp, whois, bgp, radius and radius acct, SSDP and UPnP.

New template objects

     * added template firewall objects for Linksys firewall and a web server.

New features in policy compiler for PF

     * Implemented support for all timeout settings in pf:
       tcp.first,tcp.opening,tcp.established,
       tcp.closing,tcp.finwait,tcp.closed,udp.first,udp.single,udp.multiple,
       icmp.first,icmp.error,other.first,other.single,other.multiple,
       including adaptive timeout scaling options adaptive.start and
       adaptive.end
     * Added support for options "max", "max-src-nodes" and "max-src-states"
       in pf. These allow to limit number of concurrent state table entries
       ("max"), number of source addresses that can simultaneously have state
       table entries ("max-src-nodes") and number of simultaneous state
       entries per source address ("max-src-states") per rule.

Bugs fixed in libfwbuilder API:

     * : added element physAddress to list of child elements of Library (bug
       #1011617)
     * bug #1012733: "configure --libdir=DIR will be ignored at
       installation". Needed to use macro _libdir to specify target directory
       for libraries. Used it in configure, qmake.in, libfwbuilder-config-2
       and a .spec file. Code should compile and install in correct place on
       64-bit systems.

Bugs fixed in GUI:

     * bug #1019691: "040829 nightly build doesn't add paths for linksys"
     * bug #1013177: "deleting multiple hosts causes crash"
     * bug #1009345: "Can only move one host object at a time between
       libraries"
     * bug #1013018: "host OS settings" dialog is missing for linksys. Added
       host OS settings dialog for linksys/Sveasoft. Dialog provides entry
       fields for paths to iptables, lsmod, modprobe, logger tools and two
       shell prompt string patterns, this should help to work around changes
       in the shell prompt on Linksys.
     * bug #1013022: "can not install policy script on linksts Alchemy
       pre-5.2". Built-in installer uses shell prompt string patterns
       configured in the host OS settings dialog for linksys.
     * bug #1008956: "Existing .fwb file gets overwritten if has wrong
       extension". If the GUI needs to rename a data file with old extension
       .xml to .fwb, it checks if a file with new extension exists and offers
       user a chance to choose a different name. It also treats symlinks in a
       special way: if user creates a symlink with extension .xml pointing at
       a file with extension .fwb, the GUI simply follows the link and works
       with .fwb file. This should work with Windows shortcuts, too.
     * bug #1013485: "File/Import should allow to import .fwb file". Function
       File/Import offers a choice of .fwl, .fwb and "all files" in the open
       file dialog.
     * bug #1011248: "need two xmas scan service objects".
     * bug #1013957: "incorrect NAT rule in firewall created from template
       #3". The problem was caused by incorrect ip address of interface "dmz"
       in the template object #3.
     * bug #1014725: "adding new ICMP types". If user created service group
       with the name "ICMP", the GUI would place new ICMP objects under this
       group instead of the standard folder "ICMP". There was the same
       problem with other object types, too.
     * bug #1015884: "Export more than one library fails with 0 references".
       Export library operation failed if user exported two libraries with
       groups or rules in one library referencing objects in the other.

Bugs fixed in iptables policy compiler fwb_ipt:

     * bug #1005148: "MAC matching - space missing". Space was missing
       between MAC address and custom service code.
     * avoiding grep in the script generated for Linksys/Sveasoft firewall -
       Sveasoft Alchemy pre-5.2.3 does not have grep
     * bug #1019943: "Missing ip addresses in the rule using interfaces"

     ----------------------------------------------------------------------

   Last modified: Tue Aug 31 20:38:55 PDT 2004 
