[Kde-print-devel] Since router ACLs have no state, all rules should be created in the policy pretty much like you do it on the router, including rules that permit reply packets.

Caspar fkvu at wam.umd.edu
Mon May 28 07:52:06 CEST 2007


Test mode means that installer does not save configuration in the permanent memory, as before.
This fix adds check in the GUI to not let the user enter port ranges like that.
No manual editing of the config is required prior to import. This operation also helps identify changes made to objects in two copies of the same data file.
In the process of this operation user is presented with series of dialogs showing conflicting objects side by side.
installOptionsDialog was too large and did not fit on some laptop screens. Also, you can explicitly put interface objects into policy rules and specify direction if you want to do this manually.
The GUI includes built-in installer for routers which works just like installer for PIX. The GUI got confused when user enter full path to the policy file in the "Output file name" input field in the "Compiler" tab of firewall object dialog.
This should be useful when you have routers with many interfaces and only want to add ACLs to some of them. These links point directly to the web interface to the CVS reposirory on SourceForge, these are the latest files that have been checked in. Packets that originate on the firewall should be marked in the OUTPUT chain. I do not know this myself and rely on translators for the localization to be done right.
I do not know this myself and rely on translators for the localization to be done right.
Packets that originate on the firewall should be marked in the OUTPUT chain. Two data files can not be merged, or one imported into another, if they contain such objects.
Summary page shown in the end reflects this as failed install.
Compiler can also add commands to configure logging.
Both installers were updated however to improve support for the automatic roll-back feature in case you lose connect with the firewall or the router because of an error in the policy. This should be useful when you have routers with many interfaces and only want to add ACLs to some of them. Both installers were updated however to improve support for the automatic roll-back feature in case you lose connect with the firewall or the router because of an error in the policy. Compiler can also add commands to configure logging. I can not help you or verify your work. Compiler can also add commands to configure logging. Installer incorrectly set name for files it copied to the firewall if generated configuration consisted of several files. I can't help it if this happens, except to remove the translation from the package. Since router ACLs have no state, all rules should be created in the policy pretty much like you do it on the router, including rules that permit reply packets. Two data files can not be merged, or one imported into another, if they contain such objects. This turns Firewall Builder into universal access policy management tool for a data center, office or an ISP. Built-in installer detects error messages printed by iptables and iptables-restore and aborts installation process. Currently only Cisco IOS access lists can be imported but I plan to add import for other platforms as well.
Importer can properly interpret both formats.
Importer creates firewall object with all interfaces firewall object name is assigned if "hostname" command is found in the configuration. Currently opened data file is not affected by this operation and objects in the tree do not change. The tab widget used to show policy, nat, routing and policy branch rulesets does not switch to a "folded" mode on Mac OS X when it needs to show more tabs that fit in the window.
Both installers were updated however to improve support for the automatic roll-back feature in case you lose connect with the firewall or the router because of an error in the policy. Now you can make installer schedule reboot in a few minutes, then upload new policy or ACLs and then cancel reboot if upload was successful.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.kde.org/pipermail/kde-print-devel/attachments/20070528/f4fdcbca/attachment.html 


More information about the Kde-print-devel mailing list