2004-01-17    <vadim@vk.crocodile.org>

	* v1.1.2 released
	
2004-01-13    <vadim@vk.crocodile.org>

	* checked in updated French translation by Jean-Michel Poure jm@poure.com

2004-01-13    <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cc (processNext): fwb_ipt allows using action
	Reject with an option "TCP RST" with Custom service objects,
	rather than only with TCP services.


2004-01-01    <vadim@vk.crocodile.org>

	* FreeBSD port uses configure, ltmain.sh and other GNU 
	autoconf/automake scripts generated on Linux.  This helped to
	get rid of the anoying problem when the port won't build if
	port devel/automake was not installed because it could not find
	aclocal. There did not seem to be any suitable Makefile target
	that is executed after BUILD_DEPEND is checked and before 
	"configure" target is started. Target "post-extract" is before
	BUILD_DEPEND is checked and target "pre-configre" does not work
	because it tries to copy configure somewhere, can't find it and
	aborts with an error.  It turned out to be simpler to
	make configure, config.sub, config.guess and other scripts a part
	of the code tree than fight FreeBSD's mk.bsd.port.

2003-12-30    <vadim@vk.crocodile.org>

	    Changes in API:

        * XMLTools.cc (setDTD): Bug #868278: "fwbuilder GUI crashes while
        saving data to file on FreeBSD".  The crash happens in the DTD
        validation routine xmlValidateDocument when fwbuilder is working
        with libxml2 v2.6.4. Tests seem to rule out bug in libxml2 (I used
        their example program "tree2.c" and added similar fragment for
        validation, it worked), so it must be something in our code. I
        can't seem to find the problem though.  We recreate the tree from
        the objects in the memory, so doing validation here is mostly a
        double check. It should be relatively safe to just skip validation
        until I figure out what's wrong with it.

        * XMLTools.hh: properly using xmlFree to free blocks of memory
        allocated by libxml2

2003-12-18    <vadim@vk.crocodile.org>

	* fwbuilder.spec.in: fixed bug #855896: "do not quote RPM Group
	names". Group names in RPM .spec files should not be in quotes.

	* fwbuilder.info.in (InstallScript): fixed bug #862642: "fink
	packages do not work for 10.3". Changes have been made to the fink
	.info files to make libfwbuilder and fwbuilder build on Panther.

	* configure.in: fixed bug #859028: "configure script incorrectly
	determines ext. symbol prefix". Mac OS X does not need '_' in
	front of function names that are dynamically loaded from external
	modules at a run time.

	* NATCompiler_ipt_writers.cc (processNext): fixed bug #862743: "a
	bug in a code for a dynamic, wildcard interfaces". A '$' character
	was missing in a shell code fragment that cycles over the list of
	dynamic wildcard interfaces and creates iptables rule for each of
	them.

2003-12-14    <vadim@vk.crocodile.org>

	* VERSION: set version to 1.1.2

	* implemented Feature Req. 859327: "add table support to pf
	module"
	
	* PolicyCompiler_pf_writers.cc (processNext): Added support for
	tables in policy rules in pf. Compiler opens groups created in the
	GUI, possibly regroups objects and in the final step assembles
	objects in the tables. Using tables is optional and is controlled
	by the checkbox in the "Firewall" tab of the firewall object
	dialog.

	* PolicyCompiler_pf.cc (createTablesForRE): compiler reuses object
	tables if they contain identical sets of objects.

2003-12-02    <vadim@vk.crocodile.org>

	* VERSION (RELEASE_NUM): v 1.1.1 released

	* fwb_install (FWSCRIPT): fixed bug #848545: "fwb_install via GUI
	problem with ssh terminal". Calling ssh with a command line switch
	"-n".

2003-12-01    <vadim@vk.crocodile.org>

	* PolicyCompiler_ipf.cc (processNext): another correction to make
	sure compiler never generates illegal combination "skip ... quick"

2003-11-30    <vadim@vk.crocodile.org>

	* PolicyCompiler_ipf_optimizer.cc (optimizeForRuleElement): fixed
	bug #851698 'Incorrect "skip" counters in ipf script'. fwb_ipf
	generated negative skip counters for some rules.

	* OSConfigurator_linux24.cc (processFirewallOptions): fixed bug
	#848541: "Nothing to flush" on firewall execution. Iptables script
	flushes all aliased IPs on the firewall before installing new
	configuration, this caused harmless diagnostic print "nothing to
	flush" if there were no aliases.

	* PolicyCompiler_ipf_optimizer.cc (optimizeForRuleElement): fixed
	bug #851490: cannot use skip with quick. Ipfilter command "skip"
	does not require keyword "quick".

	* TargetDialog_ipf.cc (TargetDialog_ipf): optimization of ipfilter
	configuration is now optional. Added checkbox "Optimization" in
	the ipfilter target firewall dialog and corresponding support in
	fwb_ipf.

	* TargetDialog_ipf.cc (TargetDialog_ipf): fixed bug #851489:
	"Accept TCP sessions opened prior" no saveable in ipfilter
	firewall dialog.

2003-11-23    <vadim@vk.crocodile.org>

	* VERSION (RELEASE_NUM): v 1.1.0 released

2003-11-22    <vadim@vk.crocodile.org>

	* VERSION (RELEASE_NUM): set version to 1.1.0-RC1. This is only a
	version number change.

2003-11-12    <vadim@vk.crocodile.org>

	* ipt.cc (main): implemented Feature Request #837238: "unnummbered
	wildcard interfaces". Policy compiler for iptables accepts
	unnumbered wildcard interfaces.

	* ObjectQuickView.cc (getSinglelineToolTip): implemented Feature
	Request #841216: "Tooltip for a service group should show object
	properties". Tooltip for a group of services shows not only names
	of the objects in the group, but also their properties
	(protocol, port numbers, etc)
        

2003-11-11    <vadim@vk.crocodile.org>

	Change in API: fixed bug #840427: Problems with libxml2. The GUI
	won't start if libxml2 v 2.6.2 was installed, the error looked
	like this:

	I/O warning : failed to load external entity "/resources.xml"

	Function xmlParseFile broke in libxml2 v2.6.2 so I had to switch
	to xmlParseMemory.

2003-11-09    <vadim@vk.crocodile.org>

	* all policy compilers (change in API): implemented algorithm
	that converts address range into a set of networks rather than N
	hosts.

	* OSConfigurator_linux24.cc (generateCodeForProtocolHandlers):
	iptables script generated by policy compiler fwb_ipt can now
	properly find and load kernel modules for Linux kernel 2.6 (module
	file names have extension .ko in 2.6)

2003-11-08    <vadim@vk.crocodile.org>

	* PIXAdvancedFWDialog.cc (wrk2dlg): added GUI elements to support
	PIX options "max_conns" and "emb_limit" used for TCP syn flood
	protection and to establish a limit on the number of nat'ted
	connections.

	* NATCompiler_ipt_writers.cc (_printDstService): fixed bug #830093
	"Don't set custom services in NAT rules". Compiler fwb_ipt would
	ignore custom service objects in NAT rules.

	* NATCompiler_ipt.cc (processNext): fixed bug #828243: "bug with
	double NAT". A dual translation NAT rule (the one that translates
	both source and destination addresses) that involves negation in
	OSrc or ODst used to generate code doing double negation.

	* OSConfigurator_linux24.cc (processFirewallOptions): fixed bug
	#837236: "ipt compiler tries to find wildcard interfaces". Code
	that checks if interfaces of the firewall object reall exist on
	the firewall machine should not try to find wildcard interfaces
	such as "ppp*".

2003-11-02    <vadim@vk.crocodile.org>

	* ipfw.cc (main): added check for dynamic interface with IP
	address child object in all policy compilers.

	* ipt.cc (main): fixed bug #834799: "fwb_ipt: Compiler.cc:264
	Assertion`o' failed". This error happened if dynamic interface had
	an IP address child object which was used somewhere in the policy
	rule. Compiler issued a warning saying that this address was going
	to be ignored, and removed it from the interface. If this address
	object was used in the policy rule, it caused this assertion to
	fail because it had no parent.

	* Policy compilers and GUI dialogs for all supported firewall
	platforms: fixed bug #827697: "Configure interfaces adds both the
	NAT and the local".  Option "configure interfaces" used to both
	add virtual addresses that are needed for NAT rules, and configure
	regular interfaces of the firewall. These two functions are now
	controlled by separate checkboxes in the "Firewall" tab of the
	firewall object dialog: "Configure interfaces" and "Add virtual
	addresses for NAT".
	
	* ObjectTree.cc (TreePopupMenu): fixed bug #834726: "No physical
	address (MAC) for dynamic address in wizard." The GUI would not
	let user to add a physical address (MAC address) object to the
	interface marked as "dynamic" or "unnumbered".

	* DiscoveryDruidP40Dialog.cc (createObjects): fixed bug #834739:
	"network discovery creates bogus Policy objects for
	hosts". Network discovery druid would add Interface Policy objects
	to interfaces of Host objects discovered during network crawl
	(SNMP).

2003-10-25    <vadim@vk.crocodile.org>

	* PolicyCompiler_ipf_optimizer.cc (processNext): Optimizaiton in
	the policy compiler for ipfilter: compile speed improved for rules
	that generate huge numbers of combinations of objects (many
	objects in src, dst and/or srv). Number of generated rules changed
	from N^3 to 3N for rules with very large number of combinations of
	objects. Compile time has been reduced by the same factor.

	* PolicyCompiler_ipt_optimizer.cc (processNext): changed algorithm
	in the rule optimizer to improve policy compile speed. This
	significantly speeds up compilation of rules that create huge
	numbers of combinations of objects (typically a rule with large
	address ranges or large groups of hosts in both source and
	destination, or large group of hosts in src or dst and large group
	of services in srv)

2003-10-22    <vadim@vk.crocodile.org>

	* NewFirewallDruid.cc (on_finish): fixed bug #827688: "PIX-Network
	Zone Def is missing ". Policy compiler complained that interface
	"outside" had no network zone on a new firewall object, while in
	fact the Network zone of that interface was set to 'Any'.

2003-10-16    <vadim@vk.crocodile.org>

	* freebsd.xml.in: fixed bug #822744: "fwb_pf problem". While
	compiling policy for the firewall running on FreeBSD and using pf,
	compiler would not define variable PFCTL in the firewall
	activation script ( the .fw file).

2003-10-11    <vadim@vk.crocodile.org>

	* fwb_inst_pix.cc: redesigned PIX policy installer to use
	/usr/bin/expect instead of C API libexpect. It turned out
	libexpect is not shipped with SuSE (why?) so making protable
	version using it was difficult. Command-line expect tool is
	available on all supported OS, so this seems to be the simplest
	way to achieve portability. Hopefully this is the final version.

2003-10-10    <vadim@vk.crocodile.org>

	* objects_init.xml.in: fixed bug #810497: "Add UDP service microsoft-rpc"

2003-10-09    <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt_writers.cc (_printActionOnReject):
	implemented Feature Request #819761 "support new iptables option
	'icmp-admin-prohibited'". This option is supported in iptables
	1.2.9 in combination with target REJECT.

	* added PIX policy install program fwb_inst_pix. The program
	launches regular ssh client in the background and uses functions
	from libexpect library to manipulate it.
	
2003-10-03    <vadim@vk.crocodile.org>

	* PIXAdvancedFWDialog.cc (wrk2dlg): commands "sysopt route dnat"
	and "sysopt security fragguard" are deprecated in PIX v6.3. GUI is
	now aware of that.

2003-09-29    <vadim@vk.crocodile.org>

	* TargetDialog_pix.cc (readDefaults): added GUI controls for using
	ACL remarks to associate generated PIX ACL commands with original
	rule numbers

2003-09-28    <vadim@vk.crocodile.org>

	* PIXAdvancedFWDialog.cc (wrk2dlg): added GUI controls for logging
	in EMBLEM format (PIX v6.3)

	* PIXAdvancedFWDialog.cc (wrk2dlg): added GUI controls for setting
	syslog device-id  (PIX v6.3)

	* RuleOptionsDialog.cc (run): Added GUI support for the new
	logging options available in PIX v6.3 (syslog level and logging
	interval can now be set for an individual ACL rule)

	* FirewallDialog.hh (class FirewallDialog): fixed bug #811056:
	"Preserve tab selection". Active notebook tab is now "sticky" in
	Firewall and Host dialogs, that is while switching between
	different firewall objects the new dialog opens with the same tab
	active.

	* PolicyCompiler_ipt.cc (processNext): fixed bug 811860: "IPTables
	Compiler Firewall IP to Input Chain".  On a bridging firewall
	rules not associated with interfaces should go into INPUT/OUTPUT
	chain on interfaces that do routing and into FORWARD chain on
	bridging interfaces. Sometimes bridging interfaces are not created
	in the GUI, so to play it safe we will split the rule and put it
	into both FORWARD and INPUT/OUTPUT chain.

2003-09-21    <vadim@vk.crocodile.org>

	* AddressRangeDialog.cc (AddressRangeDialog): fixed bug #810400 :
	"GUI can not show address 0.0.0.0 in AddressRange obj".

	* Implemented Feature Req. #809106: "Netmask should not be
	automatically filled in dialogs". Dialogs that expect IP address
	and netmask should not fill the netmask entry fields with a
	netmask calculated from the IP address assuming that the address
	is classful.

	* PIXAdvancedFWDialog.cc (_printFixupCommand): added GUI widgets
	for new 'fixup' commands in PIX v6.3(3)

2003-09-20    <vadim@vk.crocodile.org>

	* StandardRulesDruid2.cc (generateRulesForNetProtection): fixed
	bug #810000: "Druid creates wrong rule for DHCP". If firewall
	works as DHCP server for the local net, the rule permitting DHCP
	requests should include both firewall object and a broadcast
	address object in destination. This rule uses new standard address
	range object "broadcast". The rule permitting DHCP replies should
	use only firewall obejct in source.

	* Added Address Range objects "broadcast" (address
	255.255.255.255) and "old-broadcast" (address 0.0.0.0) to the
	standard objects tree. These objects are used to build rules
	permitting broadcast-based protocols such as DHCP.
	
	
2003-09-09    <vadim@vk.crocodile.org>

	* fwb-upgrade.sh: Added fragment that finds and eliminates empty
	namespace attributes of XML elements (like xmlns=""). This seems
	to help convert those stubborn v0.10.4 files.
	
2003-09-02    <vadim@vk.crocodile.org>

	* v1.0.11 released
	
2003-09-01    <vadim@vk.crocodile.org>

	* renamed service objects that describe DNS (UDP and TCP, port 53)
	to 'domain' and added service group 'DNS' that includes both.
	
2003-08-31    <vadim@vk.crocodile.org>

	* TargetDialog_pf.cc (TargetDialog_pf): added support for the
	following 'set' commands in OpenBSD pf:

	 - set timeout interval, set timeout frag
	 - set limit frags , set limit states
	 - set optimization

2003-08-29  Vadim Kurland  <vadim@vk.crocodile.org>

	* patch for gettext 0.12.1: in all Makefile.in variable
	$top_builddir should be defined via @top_builddir@ and
	mkinstalldir via @MKINSTALLDIR@.

	* Code now compiles and runs on FreeBSD 4.9

2003-08-28  Vadim Kurland  <vadim@vk.crocodile.org>

	* obejcts_init.xml.in: added network objects to 
	the standard tree for reserved address blocks per RFC 3330

2003-08-16  Vadim Kurland  <vadim@vk.crocodile.org>

	* script fwbinstaller and tool fwbaskpwd moved to a separate
	module fwbuilder-installer
	
	* TargetDialog_pf.cc (TargetDialog_pf): Added GUI and policy
	compiler support for the following 'scrub' options for PF:

	  - no-df
	  - random-id
	  - min-ttl
	  - max-mss
	  - fragment reassemble
	  - fragment crop
	  - fragment drop-ovl

	* PolicyCompiler_pf_writers.cc (_printAddr): Added support for
	"(if)" syntax for OpenBSD pf. PF can automatically change address
	of the dynamic interface when its name in the rule is specified in
	parentheses.

	* NATCompiler_ipt.cc (splitMultipleICMP): fixed bug #788586: "ICMP
	and NAT". Compiler used to ignore a group of ICMP services used
	together with TCP or UDP services in the same NAT rule.

2003-08-13  Vadim Kurland  <vadim@vk.crocodile.org>

	* fwbaskpwd.cc (main): fwbaskpwd is an auxiliary tool used to
	prompt the user for the password for the firewall when
	fwbinstaller.pl is about to connect to it to transfer and activate
	policy. Fwbaskpwd is similar to openssh-askpass both in appearance
	and in function: it is just a pop-up dialog that asks user for the
	password and then returns it on the stdout. It is not intended for
	use as a standalone tool, it should only be called from the script
	that processes its output. Fwbaskpwd has three modes of operation:
	1) it asks for the login name and password, 2) it asks only for
	the password and 3) it asks for the password and 'enable'
	password.

2003-08-12  Vadim Kurland  <vadim@vk.crocodile.org>

	* OSConfigurator_linux24.cc (prolog): fixed bug #784029: "Problems
	with generated Script". Under certain circumstances generated
	script could not determine the type of the firewall's interface
	(POINTOPOINT vs BROADCAST) and could not configure its IP address.

2003-08-05  Vadim Kurland  <vadim@vk.crocodile.org>

	* fwb_compile_all: This is a wrapper script that provides a way to
	compile policies for several firewalls in one batch job. See man
	page fwb_compile_all(1)

	* configure.in: applied patch needed to build on OpenBSD 3.3 current
	(-current uses ELF binaries and does not require "_" to be prepended
	to the external function names for dlsym).

	* NATCompiler_ipf.cc (AssignInterface): fixed bug #783931: "wrong
	interface picked for rdr rule". In the case when both OSrc and
	ODst are not 'any' in the rdr rule, fwb_ipf failed to pick up
	right interface for the rule.
         

2003-08-04  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt_writers.cc (_printProtocol): fixed bug
	#782687: Protocol 'ip' is not always recognized by
	iptables. Although iptables permits using protocol name with "-p"
	option, we've got reports that it sometimes can not properly
	interpret protocol name 'ip'. Using 'all' instead seems to be a
	proper, supported way.

	* NATCompiler_ipf_writers.cc (_printPort): fixed bug #782927: a
	way to get "any tcp" in the rdr rule. Ipfilter permits using
	"port 0" as a way to match on any tcp or udp port in rdr rules.

	* fwbinstaller.pl (): script can now copy generated firewall
	configuration files and scripts to the Unix firewalls (emulates scp).

2003-08-03  Vadim Kurland  <vadim@vk.crocodile.org>

	* fwblookup.cc (main): added command line switch '-o' to fwblookup.
	This switch prints an option of the Firewall or a Host object.

	* fwbinstaller.pl: initial checkin of the universal policy
	installation script. Script uses Perl module Net::SSH::Perl and at
	this point can install generated policy on Cisco PIX
	firewall. This script will eventually replace old script
	fwb_install.

2003-07-31  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_ipt.cc (splitOnODst): fixed bug #780708: "Multiple
	dest IPs in NAT Table can be compiled (but aren't)". DNAT rules
	now allow multiple objects in Original Destination.

2003-07-30  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipf_writers.cc (processNext): implemented Feature
	Request #778150: per-rule log level setting for ipfilter. Now
	policy compiler for ipfilter can generate "log level
	facility.level" options for individual rules in firewall policy.

	* All compilers (prolog): implemented Feature Request #774727:
	Firewall General tab comment inserted into shell script. Compiler
	now inserts comment from the General tab of the firewall dialog
	into the generated firewall script.

	* helpers.cc (widgetModifyFont): if requested font is not
	available, this method won't try to change font for the widget.
	This fixes bug (no number) where "About" dialog showed empty
	boxes instead of the characters in the title line if font
	Helvetica was not available.

	* PolicyCompiler_ipt.cc (checkForMatchingBroadcastAndMulticast): 
	fixed bug #780345: "wrong chain is chosen for the rule in bridging
	fw". If bridging firewall's interface address object had a netmask
	of 255.255.255.255 in fwbuilder GUI, and firewall object or its
	interface was used in the Destination rule element, then compiler
	erroneously placed this rule in the FORWARD chain instead of
	INPUT.
	
2003-07-28  Vadim Kurland  <vadim@vk.crocodile.org>

	* fwblookup.cc (main): added command line option "-l" that lists
	all the objects located immediately under the given object in the
	tree (its 'children') and print their names, IDs, path or type
	(see man page fwblookup(1)).

	* fwbedit.cc (main): fwbedit is a general purpose object tree
	editing tool. This tool can be used for writing scripts to
	batch-process data file without loading it in the GUI. Currently
	fwbedit can delete given object from the tree, as well as add and
	remove objects in the groups. More operations will be added in the
	future.

2003-07-20  Vadim Kurland  <vadim@vk.crocodile.org>

	* Compiler.cc (isRecursiveGroup): fixed bug #774834: compiler
	hangs on a group referencing itself. If a group referenced itself,
	policy compilers either hang or dumped core.

2003-07-19  Vadim Kurland  <vadim@vk.crocodile.org>

	* snmp.cc: fixed bug #774462: wrong interface made external if fw
	was discovered by the crawler.
	
	* snmp.cc (fetchRoutingTable): fixed bug #773271: program crashes
	while doing network object discovery. 

	* DiscoveryDruidP40Dialog.cc (createObjects): when host object is
	discovered by network discover druid but it did not answer SNMP
	query and its interfaces could not be learned, the program assigns
	generic name to the interface object it creates. The name has been
	changed from 'interface1' to 'nic1'.

	* PolicyCompiler_ipt.cc (replaceLoopbackWithItsAddress): fixed bug
	#774455: "fwb_ipt produces wrong code when loopback used in the
	rule". Compiler produced broken iptables command if loopback
	interface object was used in the global policy rule.  This also
	fixes bug #781453: "compiler generates incorrect firewall script"

2003-07-16  Vadim Kurland  <vadim@vk.crocodile.org>

	* InterfaceTblWidget.cc (getInterfaces): fixed bug #772723: "new
	firewall wizard assigns external interface wrong". "New Firewall"
	wizard ignored setting made by the user to mark external interface
	of the firewall.

	* pf.cc (main): fixed bug #772460: missing space in the script
	generated by fwb_pf

	* PolicyCompiler_ipfw_writers.cc (_printDstService): fixed bug
	#772799: "fwb_ipfw ignores custom services". Policy compiler for
	ipfw did not generate code for Custom service objects used in
	the policy rules.

	* objects_init.xml: standard Custom service object "ESTABLISHED"
	is now configured for iptables and ipfw.

	
2003-07-15  Vadim Kurland  <vadim@vk.crocodile.org>

	* OSConfigurator_linux24.cc (prolog): fixed bug #772092: fwb_ipt
	uses bash synatx in generated script. fwb_ipt used "==" to compare
	strings; this syntax is specific to bash and won't work if shell
	/bin/sh does not support it.

	* NATCompiler_pf_writers.cc (_printProtocol): fixed bug #771993:
	pf in OpenBSD-3.3 requires explicit protocols. PF in OpenBSD 3.3
	does not allow using "proto ip" in nat and rdr rules.

	* PolicyCompiler_ipt.cc (checkMACinOUTPUTChain): fixed bug
	#766161: "kernel 2.4.20-18.8custom / rh 8". Iptables does not
	allow using "--mac --source-mac" in the OUTPUT chain. Policy
	compiler for iptables now specifically checks for this situation.

2003-07-05    <vadim@vk.crocodile.org>

	* PrintDialog.cc (run): fixed bug #764278 "Print error.
	uiltinDialog". Using background execution class from libfwbuilder
	and corresponding widget to call lpr so that user can see the
	output generated by it. Using new method
	XMLTools::transformFileToFile to apply XSLT transformation to the
	data file.

2003-07-01  Vadim Kurland  <vadim@vk.crocodile.org>

	* PrintDialog.cc (run): GUI uses popup dialog to show the output
	from the printing subsystem - good for debugging if lpr returned
	an error.

	* PrintDialog.cc (run): GUI works with a copy of the main object
	tree when processes objects for printing. This helped to get rid
	of the annoying warning that something in the data has changed
	every time user tried to print.

2003-06-29  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt_optimizer.cc (processNext): fixed bug (no
	number) whereas compiler eliminated too many rules as duplicates
	when firewall has two or more dynamic interfaces. This fixed bug
	#778734: "Multiple interface address in src/dst in global policy",
	too.

2003-06-28  Vadim Kurland  <vadim@vk.crocodile.org>

	* TargetDialog_iptables.cc (TargetDialog_iptables): implemented
	Feature Req. 730501: "ulog-ulgroup option for logging". ULOG
	ulgroup can be set both globally and for individual rules.

	* PolicyCompiler_ipt_writers.cc (_printTarget): fixed bug #762489:
	"rule and logging option". Here is how policy compiler uses
	various limits: logging limit set globally in 'Firewall' tab of
	the firewall dialog applies only to logging; limit set in the rule
	options dialog applies only to the corresponding rule's target.

	* main_window.cc (on_install): fixed bug (no number) where the GUI
	called firewall policy instllation script without command line
	option "-d". The command line options for policy compilers and
	installation scripts should be the same, see manual page
	fwb_install(1). Option "-d" specifies working directory, i.e. the
	directory where data file currently opened in the GUI is located.

2003-06-26  Vadim Kurland  <vadim@vk.crocodile.org>

	* compiler for iptables: implemented support for 'wildcard'
	interfaces. If interface of the firewall has a name that ends with
	'*' (e.g. 'ppp*'), it is considered a wildcard interface, that is
	compiler assumes that rules associated with this interface or
	using its address should be associated, or use address of all
	interfaces that match a 'wildcard'. For interface 'ppp*' that
	would be ppp0, ppp1, ppp2 etc. Rules created in the interface
	policy of this interface get "-i" or "-o" clause with an interface
	name ending in a '+' ('ppp*' gets simply converted into
	'ppp+'). To provide support for rules using an address of such
	interface, compiler creates a loop where it finds all real
	interfaces that match pattern defined by the wildcard interface
	name and then copies the rule command using an actual address of
	each interface it finds.


2003-06-25  Vadim Kurland  <vadim@vk.crocodile.org>

	* All compilers (prolog): Added a check for the typical error:
	dynamic interface should not have IPv4 child object(s). Compiler
	issues a warning if it does and ignores it.

2003-06-23  Vadim Kurland  <vadim@vk.crocodile.org>

	* ListOfIcons.cc (button_release_event_impl): fixed bugs #759665:
	"popup menu does not work in empty group" and #760536: "cannot
	paste object to group". Right mouse click in the group editing
	dialog of the group object did not open popup menu if the group
	was empty.

	* PolicyCompiler_ipt.cc (processNext): fixed bug #759655: "certain
	rules on loopback do not get added to OUTPUT chain". If option
	"assume firewall is part of any" is ON, then the rule "any fw_obj
	any" should generate code for the OUTPUT chain.

2003-06-22  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt_writers.cc (processNext): implemented Feature
	Request #731761: "support for interfaces that can be
	down". Firewall script skips rules using dynamic interface if that
	interface had no IP address assigned to it at the moment when
	firewall policy was activated. Firewall script will be activated
	and policy will work even if one or more dynamic interfaces are
	down or just do not have IP addresses. This helps use generated
	firewall script if firewall separates networks with statically
	assigned IP addresses and at the same time has one or more
	interfaces with dynamically assigned address which can sometimes
	be down (e.g. Internet connection using PPP protocol).

2003-06-21  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt_writers.cc (_printLogPrefix): implemented
	Feature Request #57561: "restricting log prefix to 29
	chars". Compiler issues a warning and truncates log prefix if it
	is longer than 29 characters.

	* NATCompiler_ipt.cc (processNext): fixed bug #751052: "Problem
	with more than 15 Services in Group (iptables)". Compiler should
	use no more than 15 ports in one invocation of the NAT rule using
	multiport module.

	* InterfaceDialog.cc (updateMainMenu): fixed bug #751656: "menu
	item Rules/Install does not get enabled when interface is shown in
	dialog".

2003-06-07  Vadim Kurland  <vadim@vk.crocodile.org>

	* All compilers (checkForDynamicInterfacesOfOtherObjects): 
	added a check for the situation when a host or a firewall object
	that has a dynamic interface is used in the policy or NAT rule of
	another firewall. Compiler aborts processing because it can not
	build a rule using dynamic interface of another object (its
	address is unknown at compile time and can not be determined at a
	run time)

	* NATCompiler_ipt.cc (specialCaseWithUnnumberedInterface): fixed
	bug #741933: "compiler does not skip unnumbered interface". Policy
	compiler should skip unnumbered interfaces if the firewall object
	is used in ODst

2003-06-02  Vadim Kurland  <vadim@vk.crocodile.org>

	* main_window.cc (openFile): fixed bug #747287: GUI crashes after
	"Open recent". This bug triggered only on some data sets, where
	opening the file using the "File/Open Recent" main menu caused GUI
	to become unstable and crash when global policy was opened.

2003-05-21  Vadim Kurland  <vadim@vk.crocodile.org>

	* v1.0.10 released
	
2003-05-18  Vadim Kurland  <vadim@vk.crocodile.org>

	* Makefile.in (OS/FreeBSD/Makefile.in): fine-tuning FreeBSD port,
	testing on FreeBSD 4.8-STABLE

2003-05-13  Vadim Kurland  <vadim@vk.crocodile.org>

	* configure.in: added files for Turkish translation

	* PolicyCompiler_ipf_writers.cc (_printDstService): fixed bug
	#732176: "FwBuilder 1.0.9 and ip_fragments". Keyword "fragment"
	used in OpenBSD pf to match on ip fragments can not be used with
	ipfilter. 

2003-05-03  Vadim Kurland  <vadim@vk.crocodile.org>

	* configure.in: set version to 1.0.10-RC4 - release candidate 4.
	
	* NATCompiler_ipt.cc (processNext): implemented Feature Request
	#669022: "Support for multiple negated targets in NAT table". Port
	translation rules that change only port and do not change
	destination address now allow multiple objects in Original
	Destination (with or without negation).

	* NATCompiler_ipt.cc (processNext): port translation rules that do
	not have firewall object in ODst and do not change address (only
	change port) now generate iptables command with " ... -j DNAT
	--to-destination :80" (no address in front of the ':' ). Similar
	rules with firewall object in ODst are treated as redirection
	rules and generate iptables command with target REDIRECT.

2003-05-01  Vadim Kurland  <vadim@vk.crocodile.org>

	* NewHostDruid.cc (on_finish): fixed a bug (no number): if user
	called "New firewall" or "New host" druid and then clicked Cancel,
	the new object would still have been created but not added to the
	tree. Now object is created only if user followed all pages of the
	druid and clicked "Finish".

	* FWObjectDatabaseGUI.cc (load): got rid of a bogus error message
	that appeared if user used menu File/New (error was saying the
	file is read-only and changes could not be saved).

2003-04-27  Vadim Kurland  <vadim@vk.crocodile.org>

	* DiscoveryDruidP40Dialog.cc (createObjects): fixed bug (no
	number) where firewall object created using "Network Discovery"
	druid was given interfaces without InterfacePolicy child object.

2003-04-26  Vadim Kurland  <vadim@vk.crocodile.org>

	* configure.in: set version to 1.0.10-RC3 - release candidate 3.
	
	* fwb_install.1.in: added man page for the policy installation and
	activation script fwb_install

	* PixmapButton.cc (PixmapButton): eliminated GUI crash that
	happened if user edited the policy, then used main menu Open,
	canceled operation, edited some more then used Open again. It
	seems if this sequence is repeated several times, the GUI
	crashes. This is not always reproduceable, but it seems to happen
	more often on SuSE8.2 using package gtkmm-1.2.10-26. I had to
	disable buttons with pixmaps until this issue is resolved
	completely. May make sense to wait and reintroduce pixmap buttons
	when we switch to gtk2.0.

	* FileSel.cc (FileSel): hid file operation buttons in the "File
	Selection" dialog. These buttons do not seem to work with current
	version of gtkmm anyway.

2003-04-25  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipf_writers.cc (processNext): fixed bug #725853:
	"Flag for no SYN by default for tcp ". Implemented support for
	option "Accept TCP sessions opened prior to firewall restart" in
	ipfilter. This can be used in redundand firewall pairs where
	backup firewall takes over when the primary one goes down and
	should not drop sessions opened before failover happens.

	* PolicyCompiler_ipt.cc (compile): fixed bug #727324: policy rules
	generated wrong code if service contained a single object with
	negation.

2003-04-24  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_ipt_writers.cc (processNext): fixed bug #727229:
	"0/0 address in to-destination". Port translation rules with TDst
	'any' should generate iptables command with " ... -j DNAT
	--to-destination :80" (no address in front of the ':' )

	* configure.in, acinclude.m4: improvements in the build
	process. New configure macro REMOVE_DUPLICATES eliminates
	duplicate CFLAGS and LIBS options and libraries and makes compile
	compile lines shorter.

2003-04-15  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cc (specialCaseWithFW2): Global policy rules
	that have firewall object in both source and destination now use
	all interfaces of the firewall, including loopback. Previously
	address "127.0.0.1" was used only if the rule was associated with
	loopback interface.

	* NATCompiler_ipt.cc, NATCompiler_pf.cc (splitSDNATRule): fixed
	bug (no number) where compiler did not properly generate code for
	SDNAT (dual translation) rules with negation in OSrc (iptables and
	pf). In iptables, if OSrc or ODst have negation, each half of the
	split rule should be given its own user-defined chain. In both
	platforms we need to take into account situation when rule also
	translates service, in which case SNAT or nat rule should use
	translated service.

2003-04-13  Vadim Kurland  <vadim@vk.crocodile.org>

	* configure.in: changed libfwbuilder version to v1.0-RC1, made
	corresponding changes in configure.in in fwbuilder to reflect
	dependencies.

2003-04-12  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cc (processNext): verified that fwb_ipt
	properly chooses chain if host object with address the same as
	that of the firewall is used in src or dst in the policy rule.

	* OSConfigurator_linux24.cc (prolog): fixed bug #720250.
	Generated script defines varialbe LOGGER containing a path and
	name for the "logger" tool. Script should use this variable to
	call logger.

2003-04-09  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt_writers.cc (processNext): fixed a bug (no
	number) where iptables 1.2.7a did not like "-m time" with its
	parameters if it appeared after "-j ULOG". Target "-j ULOG" with
	its parameters should be the last in the command.

2003-04-06  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyListItem.cc (activateObjectQuickView): found and
	eliminated a GUI crash: if an IP address or network object has
	somehow been created with illegal IP address or netmask, it could
	not have been used in the policy. The GUI just crashed as soon as
	user dropped such object in the rule element.

	* IPAddressWidget.cc (on_change): disabled check of the
	correctness of the IP address on every keystroke in widget that
	manages IP address or netmask field. All dialogs that use this
	widget should check it before storing the data. It was annoying
	when program popped an error dialog on every typo.

	* NATCompiler_ipf.cc, NATCompiler_pf.cc (AssignInterface):
	implemented the same algorithm for assigning SNAT rules to
	interfaces in compilers for ipf and pf. See note below.

2003-04-05  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_ipt.cc (AssignInterface): fixed bug #715601: SNAT
	to specific host uses wrong interface. 

	SNAT rules are now assigned to interfaces (using "-o iface_name")
	as follows:

	 - if firewall's interface or its address is in TSrc, the rule the
	 uses its address for "--to-source" and its name for "-o"
	
	 - if firewall object is in TSrc, then it gets replaced with its
	 interfaces except for unnumbered and loopback interfaces and rule
	 is processed using each interface as described above

	 - if some other object is in TSrc, the rule is assigned to all
	 interfaces of the firewall except for unnumbered and loopback
	 inetrfaces using "-o" argument and address of the object in TSrc
	 is used for "--to-source". Compiler combines interfaces with
	 similar names using "+" notation to reduce overall number of
	 rules. There are reasons why rule has to be explicitly assigned
	 to all interfaces using "-o" as opposed to skipping "-o" all
	 together. Consider for example a configuration with an unnumbred
	 tunnel interface (e.g. ipsec0) used for "road varrior"
	 connections where IP address on the other end of the tunnel is
	 unknown. We can not add a "no nat" rule because we do not know
	 address of the net on the other side of the tunnel, but
	 fortunately ipsec0 is skipped in the assignment of SNAT rule
	 because it is unnumbered, so the firewall won't translate packets
	 going through this interface.
	
	* new .spec files for unified RPM build

	* Mandrake 9.1 RPMs

2003-04-03  Vadim Kurland  <vadim@vk.crocodile.org>

	* Eliminated multi-line string literals which are not supported by
	gcc 3.3
	
2003-04-02  Vadim Kurland  <vadim@vk.crocodile.org>

	* fixed bug #713582: Cannot build libfwbuilder from rpm src file
	on RH 8.0. Libfwbuilder should detect presence of net-snmp before
	it checks for ucd-snmp because RH8.0 comes with both libnetsnmp
	and libsnmp. Script configure in libfwbuilder now uses script
	net-snmp-config to obtain correct libraries net-snmp depends on
	and linking flags.
	
2003-03-30  Vadim Kurland  <vadim@vk.crocodile.org>

	* Switched to unified build environment, now doing automated
	builds on RedHat 7 and 8, SuSe 8.1, Mandrake 9 and FreeBSD
	4.7. All binary packages are built from the same tar.gz source
	archive. Please test.
	
2003-03-28  Vadim Kurland  <vadim@vk.crocodile.org>

	* OSConfigurator_linux24.cc (prolog): if generated firewall script
	can not determine an address of dynamic interface of the firewall,
	it won't install the policy.

	* API: fixed bug in implemetation of rule processor
	checkForUnnumbered. This processor checks if unnumbered interface
	is used in one of the rule elements and aborts compilation if such
	interface was found.
	
2003-03-27  Vadim Kurland  <vadim@vk.crocodile.org>

	* FWObjectDatabaseGUI.cc (saveAs): If user called "Save As"
	operation, but the file with suggested name already exists, the
	GUI asks user if they want to overwrite existing file

2003-03-26  Vadim Kurland  <vadim@vk.crocodile.org>

	* fwb_install: install script fwb_install now uses ssh-agent to
	interact with the user. User's key should be protected with a good
	passphrase, the script uses agent to ask for passphrase and then
	unlock the key. The script has been tested on RedHat 8.0 under
	Gnome (their session manager starts ssh-agent by default)
	
2003-03-25  Vadim Kurland  <vadim@vk.crocodile.org>

	* TargetDialog_iptables.cc (TargetDialog_iptables): added option
	"local NAT". This option, when enabled, causes policy compiler to
	generate NAT rules in OUTPUT chain for DNAT rules where firewall
	is in OSrc. Rules where OSrc is 'any' are split and also generate
	code in the OUTPUT chain if both options "assume firewall is part
	of any" and "local NAT" are enabled.

2003-03-23  Vadim Kurland  <vadim@vk.crocodile.org>

	* StandardRulesDruid2.cc (generateRulesForNetAndDMZProtection): 
	"Help me build firewall policy" druid adds a rule to block access
	to internal net and firewall from DMZ.

	* additional objects added to objects_init.xml database per
	Microsoft Knowledge Base article #179442. Groups "WinNT" and
	"Win2000" have been created in accrodance with this article.
	
2003-03-19  Vadim Kurland  <vadim@vk.crocodile.org>

	* All policy compilers (ReplaceFirewallObjectsTSrc): SNAT rules
	that have 'any' in ODst and a firewall object in TSrc will
	generate code using all interfaces of the firewall (except
	loopback and unnumbered ones) for --to-source option. Before this
	change, the compiler used to pick only external interfaces for
	SNAT rules. It seems to be more logical to use all interfaces
	because of two reasons: 1) 'any' in ODst does not specify any
	particular destination and therefore should cover all possible
	destinations. 2) Using firewall object in TSrc implies that there
	is no preference between interfaces of the firewall and any or all
	of them can be used for translation. As a side effect this
	automatically takes care of the "DNAT back to the same LAN" case
	because it adds SNAT rule that translates packets coming from the
	local net and going out of the firewall through the interface on
	the same net. Users who do not want to get rules translating to
	addresses of all interfaces should just use interface object
	instead of the firewall object in TSrc.

	* All policy compilers: DNAT rules that have firewall object in
	ODst will generate code using all interfaces of the
	firewall. Before this change compilers used only external
	interfaces. Just like the previous change, this is done to comply
	with our general principle that if firewall object is found in the
	rule, then all of its interfaces can be used. Users who do not
	want this type of the NAT rule to perform translation using
	addresses of all interfaces can simply use interface object in the
	rule instead of the firewall object.
	
	* Compilers for iptables and PF: (splitSDNATRule): added support
	for NAT rules that can translate both source and destination. This
	allows for nice single rule for the classic "DNAT back to the same
	LAN" rule. This rule looks like this: OSrc is internal net, ODst
	is a translated address for the server, TSrc is firewall's
	internal interface and TDst is a real server's object. This
	generates two NAT rules: one DNAT rule to translate destination
	and another SNAT rule to translate source. This is more logical
	than previously recommended combination of two rules because our
	model assumes that the first rule that matches the packet works
	and further rules are not consulted. The recommended two rule
	combination silently broke this assumption which was
	counter-intuitive and caused confusion.

2003-03-17  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_ipt.cc (DNATforFW): implemented Feature
	Req. #700994: "DNAT rule with chain OUTPUT". Compiler generates
	iptables commands in chain OUTPUT for DNAT rules that have
	firewall object in Original Source. DNAT rules that have OSrc
	"any" will yeild code in both PREROUTING and OUTPUT chains if
	option "Assume firewall is part of any". Correction: see a note
	made 03/25

2003-03-16  Vadim Kurland  <vadim@vk.crocodile.org>

	* SimplePixmap.cc (setFromFile): implemented caching of all icons
	and images supported through the class SimplePixmaps (icons in the
	policy and group views and icons on buttons). This yeilds
	significant speed-up in the GUI, especially noticeable in time it
	takes to load a long policy.

	* objects_init.xml: added objects pop3s, nntps, netbios-ssn (TCP),
	ftp_data_passive. Fixed bug #702661: "NETBIOS ports wrong".

	* NATCompiler_pf.cc (AssignInterface): fixed bug #700092: "Wrong
	interface is chosen for ipnat compiled rule (again)". Compiler for
	ipfilter should use OSrc to assign NAT rules that generate 'rdr'
	command to appropriate interface. If OSrc is 'any' or does not
	correspond to any interface, compiler should assign the rule to
	all interfaces.

	* NATCompiler_ipt.cc (ConvertLoadBalancingRules): fixed bug
	#698711: "DNAT to range of ips". Compiler should generate code for
	DNAT rule with multiple destination addresses if AddressRange
	object or multiple Host objects are used in TDst. Address range
	defined this way must be contiguous.

	* PolicyCompiler_ipt.cc (compile): removed processors
	splitIfSrcNegAndFw and splitIfDstNegAndFw. We do not need them
	anymore because we use variables for addresses of dynamic
	interfaces. 

2003-03-14  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_ipt.cc (verifyRuleWithMAC): Added rule processor to
	remove objects that define MAC address from OSrc element because
	SNAT rules (chain POSTROUTING) can not match MAC addresses. If
	rule element OSrc becomes 'any', compiler stops processing rules
	and prints an error message. Additional fix for the bug #698705:
	compiler would not try to match MAC address in NAT rules using
	POSTROUTING chain.
	
2003-03-13  Vadim Kurland  <vadim@vk.crocodile.org>

        * rearranged top level Makefile so I can build tar file without
          having to run configure first

2003-03-11  Vadim Kurland  <vadim@vk.crocodile.org>

	* Added files for Brazilian Portuguese translation

2003-03-09  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt_optimizer.cc (PolicyCompiler_ipt::optimize3):
	added optimizer that removes duplicate iptables rules

2003-03-07  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cc (_expandInterface): fixed bug #698705:
	mac-address in nat rules / also compiler bad. Two problems here:
	1) GUI did not allow to change option "Use MAC address filtering"
	in the Host object dialog, and 2) compiler should generate code
	checking MAC address only if this option is ON.

	* OSConfigurator_linux24.cc (configureInterfaces): fixed bug
	#698687: create ips for the all interfaces : missing up the
	intefaces. The requestor wanted generated firewall script to not
	only configure all interfaces defined in the object in the GUI,
	but also bring them up (ifconfig eth0 up). Why not.

2003-03-05  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipf_writers.cc (processNext): fixed bug #697235:
	"or-block" is used in the "block" rules

	* OSConfigurator_freebsd.cc (printPathForAllTools): fixed bug
	#697388: netmask is not passed to ifconfig command in add_addr()

	* PolicyCompiler_ipf.cc (processNext): fixed bug #698396: wrong
	values in "skip" rules (The lines-to-skip counters were wrong
	because they have to be calculated independently for "in" and
	"out" rules.)

	* NATCompiler_ipf.cc (processNext): fixed bug #697504: Wrong
	interface is choosed for ipnat compiled rule. Changes done in the
	processor NATCompiler_pf::AssignInterface and in the new processor
	NATCompiler_ipf::RedirectRules

2003-03-04  Vadim Kurland  <vadim@vk.crocodile.org>

	* main_window2.cc (OpenObject): minor bugfix - when user does
	double-click on the object in a group, or hits Enter, the tree
	should open and show this object. Before the object would show up
	in the dialog in the right pane, but would not show in the tree.

2003-03-03  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cc (processNext): improvement in support for
	dynamic interfaces: now we only remove unnumbered interfaces in
	specialCaseWithUnnumberedInterface (used to be
	specialCaseWithDynInterface) and always use a variable for dynamic
	interfaces.

	* configure.in: platform and os resource files moved back to this
	module from libfwbuilder

2003-03-02  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_ipf.cc (expandAnyService): fixed bug #694189: incomplete
	ipnat map rules. Ipfilter needs "portmap tcp/udp auto" statement
	to dynamically relocate TCP/UDP ports of connections translated by
	'map' rules.

	* converted everywhere from RuleElement::getFirst to
	Compiler::getFirstSrc , Compiler::getFirstDst etc. This helps
	improveme compile speed for all platforms, sometimes
	significantly.

	* GroupDialog.cc (dlg2wrk): getById does not have paremeter
	'dereference' anymore. Have to scan group members to find what
	changed in the group dialog instead of calling getById with
	dereference=true

	* PolicyListElement.cc (add_item_to_policy): the same change as in
	GroupDialog::dlg2wrk

	* main_window2.cc (on_delobj): fixed bug #691698: child object
	deletion. Bug caused the GUI to crash if interface of the firewall
	or one of its addresses was used in the policy rule of another
	firewall, and the first firewall was deleted.

2003-03-01  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_pf.cc (compile): NAT rules in PF are not associated
	with particular interface anymore. This allows for configurations
	where translation is supposed to happen on igress interface
	(e.g. NAT is done on enc0 interface for IPSEC tunnel)

2003-02-28  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyList.cc (buildRule): implemented Feature Req. #684604:
	TIME restrictions in interface policies. Firewall Builder now
	supports time restrictions in the Interface Policy rules for
	platforms that can match time intervals.

2003-02-27  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipfw_writers.cc (_printAction): Implemented
	support for action 'Accounting' using ipfw action 'count'
	
	* PolicyCompiler_ipf_writers.cc (_printAction): Implemented
	support for action 'Accounting' in IPF: compiler generates
	rule with action 'count'

	* PolicyCompiler_pf_writers.cc (_printAction): Implemented support
	for action 'Accounting' in IPF and PF: compiler generates rule
	with action 'pass' and no 'quick' flag.

	* PolicyCompiler_ipt.cc (processNext): implemented action
	'Accounting'. This provides for rules that only count packets they
	match but do not make any decision whether the packet should be
	passed or blocked. This action can be used for logging-only rules
	as well. In iptables, Accounting is implemented via user-defined
	chain with target RETURN. This implements Feature Req. #597259:
	"'NILL' action rule at top of mainchains" and #672272: "Log-only Rules"

2003-02-26  Vadim Kurland  <vadim@vk.crocodile.org>

	* NewFirewallDruid.cc (on_finish): fixed bug in NewHostDruid and
	NewFirewallDruid - both druids run in a non-modal windows and
	would not insert newly created object into the tree until all its
	parameters have been entered in the Druid.

2003-02-23  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_pf.cc (addLoopbackForRedirect): fixed bug
	#692043: problem with redirection NAT rules in PF. If NAT policy
	defines a redirect rule (a rule which sends packets to the
	firewall itself, possibly changing port numbers), then the packet
	appears on the same _ingress_ interface twice. The first time it
	is inspected, it has an original destination address, but the
	second time it has destination address of 127.0.0.1. This address
	appears there because our NAT compiler uses it for redirection
	rules. Our normal ExpandMultipleAddresses processor replaces
	firewall object with a set of addresses of all its interfaces, but
	skips loopback interface. Rule processor addLoopbackForRedirect
	consults with NATCompiler_pf to find out whether we have any
	Redirect rules to accomodate for. In case we do, and destination
	service in the current policy rule matches TSrv in the redirect
	rule and destination contains the same object that was in TDst in
	the NAT rule, it adds a new policy rule with the same source,
	destination being a new object used in TDst by the NAT compiler
	and the same service.
	
	* OSConfigurator_linux24.cc (processFirewallOptions): generated
	policy script now does not turn ip forwarding off before
	installing firewall policy. This seems to be an overkill since we
	set default policy to DROP on all chains anyway. Firewalls with
	really long policies that take a long time to install cause all
	sorts of problems (like dropped ssh sessions and tripped
	monitoring) because of disabled forwarding. Now administrator can
	add rules for ssh sessions and monitoring systems on the top of
	the policy so that even if policy takes a long time to install,
	those rules will be activated first.

2003-02-22  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cc (decideOnChainIfLoopback): fixed bug
	#691522: rule 'any any any accept both' on loopback. New rule
	processor decideOnChainIfLoopback processor takes care of a
	special case where a rule with 'any' in both src and dst is used
	on a loopback interface and option 'assume firewall is part of
	any' is OFF. Generated code should go into INPUT and OUTPUT
	chains. This also implements Feature Req. #688799: Allow all
	traffic on loopback interface.

	* PolicyCompiler_ipt.cc (compile): removed call to processor
	'removeFw' to fix bugs #685947 "Rules with firewall object allow
	too much" and #685624 "Interface rules with strange result". This
	change requires validation and testing. Sending email to the
	mailing list.
 
	* NetworkDialog.cc (NetworkDialog): fixed bug #686962: can not
	create network 0.0.0.0/8

2003-02-20  Vadim Kurland  <vadim@vk.crocodile.org>

	* OSConfigurator_linux24.cc (prolog): additional fix for bug
	#685611: add_addr statements even if switched off in fw
	config. Now add_addr correctly adds aliased IP to point-to-point
	interface.

2003-02-19  Vadim Kurland  <vadim@vk.crocodile.org>

	* Makefile.in (fwbuilder): need to use -export-dynamic when link
	fwbuilder executable, otherwise dynamically loaded modules can't
	find symbols in the main program on Solaris. This option does not
	seem to break anything on other platforms, so I keep it there.

2003-02-17  Vadim Kurland  <vadim@vk.crocodile.org>

	* OSConfigurator_macosx.cc: Added support for Mac OS X

	* PolicyCompiler_ipfw_writers.cc (_printInterface): First scratch
	at support for ipfw. The new ipfw (ipfw2) is not supported yet,
	this is only for the old one. Ipfw2 is supposed to be backwards
	compatible though. NAT is not supported at all at this time
	( will add support for natd in the future).

2003-02-16  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_ipt.cc (processNext): DNAT rules are no longer
	assigned to interfaces. This simplifies many configurations where
	packets headed for the address used for DNAT enter the firewall
	through "wrong" interface (e.g. users on internal LAN access web
	server using its DNAT address; in this case packets with
	destination address belonging to the external interface enter
	firewall through internal interface. If translation works right,
	these packets will go back through the same interface and never
	cross external one. Should DNAT rule have "-i..." clause, it would
	never work.)

	* OSConfigurator_linux24.cc: fixed bug #687589: problems on
	floppyfw. Generated script should not use 'which' and shell
	arithmetics operations. Now script does not check if specified
	paths and names for command line utilities it uses are
	correct. This is to avoid having to use 'which'. Script will abort
	anyway if these path/name specifications are incorrect. Arithmetics
	operator $(( )) has been replaced with a call to 'expr' which is
	more portable since it is available in systems built around
	busybox (floppyfw, Devil Linux etc.)

	(addVirtualAddressForNAT): implemented a better way to install
	blocks of virtual addresses (works with busybox shell that does
	not support fancy regular expression operators)

2003-02-14  Vadim Kurland  <vadim@vk.crocodile.org>

	* OSConfigurator_linux24.cc (prolog): fixed bug #685611: add_addr
	statements even if switched off in fw config

	* fwblookup.cc (main): fixed bugs #686434: fwblookup is broken in
	1.0.9  and  #686486: error parsing /usr/share/fwbuilder

2003-02-13  Vadim Kurland  <vadim@vk.crocodile.org>

	* POTFILES.in: fixed bug #686154: Print Dialog not
	translated. Added missing files to the list in POTFILES.in

	* POTFILES.in: fixed bug #686156: "Insert Firewall Object" Druid
	not translated. Added missing files to the list in POTFILES.in
	
2003-02-12  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt_writers.cc (_printAddr): implemented Feature
	Req. 551137: Improvement for dynamic ext. interfaces. Compiler
	generates shell code that determines current address for dynamic
	interfaces which can then be used in rules. This lets us correctly
	implement anti-spoofing rules for dynamic interfaces, among other
	things.

	* PolicyCompiler_ipt_writers.cc (_printAddr): fixed bug #685165:
	using dynamic interface in global policy. Address of dynamic
	interface is now determined at the policy activation time and then
	used in rules.

2003-02-11  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cc (splitIfSrcAny, splitIfDstAny): improved
	algorithm that splits src or dst if option "assume firewall is
	part of any" is in effect. Now, if dst contains single object and
	it is a firewall or one of its interfaces, compiler won't split
	src. It works similarly for the opposite combination. 

2003-02-10  Vadim Kurland  <vadim@vk.crocodile.org>

	* improved upgrade fixup script fwb-upgrade.sh

2003-02-08  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_pf_writers.cc (_printLabel): Feature
	Req. #680055: implement custom log prefix in PF. Using 'label'
	keyword. Contacted Daniel Hartmeier <daniel@benzedrine.cx>, author
	of PF. He said labels will be pushed to the log after OpenBSD 3.3
	is out. So, tentatively, this should be expected in 3.4. Make a
	note in Release Notes.

	* Build.sgml: document Requirements renamed to Build.

2003-02-07  Vadim Kurland  <vadim@vk.crocodile.org>

	* v 1.0.9 released
	
2003-02-07  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt_writers.cc (_printTarget): fixed bug #682262
	Errors in 'reject-rules' introduced while fixing bug #653250: 
	Order of match option in ULOG target. For rules using action 
	REJECT, option --reject-with must follow after -j REJECT, not 
	before it.

2003-01-28  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt_writers.cc (_printTCPFlags): fixed bug
	#676828 - Missing "NONE" keyword in rules built for TCP objects
	matching on packets with no TCP flags.

2003-01-26  Vadim Kurland  <vadim@vk.crocodile.org>

	* print-nat.xs1: fixed bug #673261: Printouts do not show negation.
	Printing transformations should show negated objects and skip disabled
	rules.

	* NATCompiler_ipf_writers.cc (processNext): fixed bug #671623: bad
	syntax for NAT proxies. Ipfilter does not like destination port
	specification when it is given together with proxy specification.

2003-01-21  Vadim Kurland  <vadim@vk.crocodile.org>

	* moved files with platform and os descriptions from the GUI to
	the API	(linux24.xml, iptables.xml etc)

2003-01-18  Vadim Kurland  <vadim@vk.crocodile.org>

	* NewFirewallDruid.cc (NewFirewallDruid): "New Firewall" druid can
	discover interfaces of the new firewall using SNMP.

	* NewFirewallDruid.cc (on_next): Added a page to the "New
	Firewall" druid that allows administrator to assign security
	levels to interfaces.

	* InterfaceData.cc: added method that uses heuristics to guess
	appropriate interface labels and security levels for interfaces

	* changed 'shading' to 'shadowing' everywhere. NB: Firewall option
	remained "check_shading' so that I won't need to make changes to
	existing data files.

	* fixed bug #637154: seg fault on snmp get / undo. Had to make
	changes in the API class BackgroundOp. Flag 'stop_program' is now
	created as a dyhamic variable so that it can be checked even if
	BackgroundOp object has been destroyed while run_impls was stuck
	in a system call. See comments in the code. 


2003-01-12  Vadim Kurland  <vadim@vk.crocodile.org>

	* OSConfigurator_linux24.cc (configureInterfaces): fixed bug
	#662132: ver 1.0.8 does not create the virtual ip for the
	nats. Now compiler creates virtual addresses using all Address
	objects of the firewall interfaces in addition to addresses used
	in the NAT rules. If the address it is trying to add already
	exists, it just skips it.


2003-01-11  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cc (separatePortRanges): fixed bug #664810:
	Compiler generates wrong multiport list. Compiler used to add
	extra comma at the end of the list of port numbers for module
	multiport if objects "Any UDP" or "Any TCP" were used.

	* PolicyCompiler_ipt.cc (splitIfSrcFWNetwork): implemented feature
	Req. #651268: network rules should include firewall. fwb_ipt now
	generates commands for INPUT/OUTPUT chains for rules using network
	to which interface of the firewall belongs.

	* PolicyCompiler_ipt.cc (splitIfSrcNegAndFw): improved fix for bug
	#662465 - rules where firewall object used with negation now use
	combination of INPUT/OUTPUT and FORWARD chains and do not use
	firewall's addresses at all.

2003-01-10  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_pf.cc (printScrubRule): "Scrub" option is now
	processed through the global firewall option (checkbox in
	"Firewall" tab of the Firewall object dialog)

	* PolicyCompiler_pf_writers.cc (_printDstService): Added support
	for "fragment" option for IP service objects with "short_fragment"
	or "fragment" options.

	* pf.cc (main): More work on bug #658333: pfctl requires
	option"-f" in OpenBSD 3.2. Now fwb_pf puts all NAT and policy
	configuration in a single firewall.conf file.

2003-01-07  Vadim Kurland  <vadim@vk.crocodile.org>

	* fixes in configure.in for Mac OS X

	* DialogFactory.cc: taking into account differences in the file
	name of the dynamically loaded modules on Mac OS X and other OS

2003-01-06  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cc (compile): Added processors
	splitIfSrcNegAndFw and splitIfDstNegAndFw to fix bug #663506:
	wrong chain if address range includes firewall interface. Compiler
	used to chose wrong chain if address range object was used in
	source or destination of the rule and address range started with
	the address of the interface of the firewall. The generated code
	was also incorrect if range did not start with the address of the
	firewall, but included it in the middle.

2003-01-04  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cc (splitIfSrcNegAndFw): fixed bug #662465:
	problem in rules with negation if fw has dynamic
	interface. fwb_ipt generated incorrect code for rules where
	firewall object was part of the rule element with negation and one
	of the firewall's interfaces had dynamic address. The new
	algorithm properly handles this situation using OUTPUT/INPUT
	chains, although it generates slightly redundand code.

2003-01-03  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cc (_expandInterface): using virtual method
	_expandInterface for MAC filtering in fwb_ipt

2002-12-31  Vadim Kurland  <vadim@vk.crocodile.org>

	* Preferences.cc (Preferences): moved preferences from $HOME/.fwbuilder.xml
	to $HOME/.fwbuilder/prefs.xml

2002-12-28  Vadim Kurland  <vadim@vk.crocodile.org>

	* etc/objects_init.xml: fixed bug #659782: Wrong netmask in
	standard object net-192.168.0.0
	
	* DiscoveryDruidP40Dialog.cc (createObjects): fixed bug#617904:
	snmp does not get multiple addresses. The crawler and the tool
	that discovers host's interfaces using SNMP finds and creates
	appropriate IPv4 objects for interfaces that have multiple
	addresses.

2002-12-27  Vadim Kurland  <vadim@vk.crocodile.org>

	* OSConfigurator_linux24.cc (generateCodeForProtocolHandlers):
	fixed bug #659201: Problems with "busybox modprobe". Generated
	script should check if netfilter module is already loaded before
	calling modprobe to load it.

2002-12-26  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt_writers.cc (_printTarget): implemented fix
	suggested in bug report #653250: Order of match option in ULOG
	target (target -j ULOG put in the output script after limit
	options).

2002-12-25  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_ipt.cc (_expand_addr_recursive): fixed bug #645127:
	DNAT with MAC address. Now compiler for iptables supports MAC
	address matching in NAT rules.

	* physAddressDialog.hh: added support for physAddress in the GUI.

	* combinedAddress.hh (class combinedAddress): added class
	representing a combination of ipv4 and MAC address. This is an
	extension of API needed because iptables supports MAC address
	matching. We need to be able to generate rules that match on both
	IP and MAC addresses simultaneously, but since we keep MAC
	addresses in a separate object now, our old rule processors
	created separate rules for ip and MAC addresses. Using
	combinedAddress object simplifies generation of rules that match
	on both IP and MAC addresses. The code dealing with MAC addresses
	is now cleaner and more logical.
	

2002-12-24  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_ipt.cc (compile): added support for unnumbered
	interfaces to all policy compilers. Feature req. #546881:
	"Unnumbered Interfaces cause bad compile". This fixes bug #649195:
	"name of dynamic interfce appears in rules" and completes
	implementation of yet another Feature Req. #603726: Bridge
	Support.

	* InterfaceDialog.cc (InterfaceDialog): added support for unnumbered
	interfaces

	* TargetDialog_pf.cc (wrk2dlg): fixed bug #658333: pfctl requires
	option"-f" in OpenBSD 3.2. Added choice of OpenBSD version
	( <3.2 versus 3.2 ) to support option "-f" that appeared in pfctl
	in 3.2

2002-12-17  Vadim Kurland  <vadim@vk.crocodile.org>

	* 1.0.8 released
	
2002-12-14  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipf_writers.cc (processNext): implemented feature
	req. #653803: Implement flags for TCP keep state. See
	http://false.net/ipfilter/2002_12/0176.html

2002-12-11  Vadim Kurland  <vadim@vk.crocodile.org>

	* main_window.cc (on_open_recent_file1_activate): implemented
	Feature request #611604: Recently Opened Files / Command Line arg.
	Added main menu item "Open Recent" (a submenu with 4 recently
	opened file names).
	
	* NATCompiler_pf.cc (AssignInterface): reenabled the code to
	assign interfaces to NONAT rules

2002-12-10  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_ipf.cc (processNext): added support for NONAT rules
	in ipfilter per information from ipfilter mailing list as reported
	by lupe@lupe-christoph.de (Lupe Christoph): using "0/0" on the
	right side of the "map" rule makes it do no translation. I could
	not verify this actually works that way, but ipnat accepts this
	syntax.

2002-12-05  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_ipf_writers.cc (_printAddr_R_LB): implemented
	feature request #604840: support for round-robin rules for rdr

2002-12-04  Vadim Kurland  <vadim@vk.crocodile.org>

	* OSConfigurator_linux24.cc (addVirtualAddressForNAT): implemented
	feature request #579374: Virtual addresses / -j NETMAP. Compiler
	can now add blocks of virtual addresses to provide support for
	one-to-one translations that map the whole networks.

	* OSConfigurator_linux24.cc (addVirtualAddressForNAT): virtual
	interfaces get labels with index which is automatically calculated
	by the generated shell script.

2002-12-01  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_ipf_writers.cc (processNext): working on feature
	req. #604840: round-robin for rdr. Not quite ready yet (code is
	generated, but there seems to be ipnat syntax error).

	* ipf.cc (main): implemented feature req. #557042: 'ipf
	isims'. Ipfilter rules are now installed in "inactive" filter and
	filters are immediately swapped with "ipf -s". Firewall admin can
	quickly revert to that "last known good" policy by doing "ipf -s".

	* NATCompiler_ipf.cc (compile): Implemented feature req. #633534:
	Ipf Proxies - added support for h323 and ipsec proxies in ipfilter
	'map' NAT rules. Compiler generates code for proxies only when
	OSrv object used in the rule matches port number and protocol of
	the respective proxy.

	* NATCompiler_ipf_writers.cc (processNext): compiler generates
	code to check destination port number in map rules (supported in
	3.4.27 but may be even earlier)

2002-11-30  Vadim Kurland  <vadim@vk.crocodile.org>

	* ObjectTree.cc:  added support for icons in the tree

	* OptionsDlg.cc (OptionsDlg): added support for a GUI option "Show
	icons in the tree"

	* FWBuilderPreferences.xslt: autoupgrade transformation adds
	element UI/ShowIconsInTree (default value - true )

	* PolicyCompiler_ipt.cc (processNext): fixed a bug in compiler -
	option "Accept TCP sessions opened prior to firewall restart"
	should not depend on "assume firewall is part of any". Now, if the
	former option is OFF, compiler will generate code to block TCP
	packets in state NEW and no SYN flag headed both for firewall
	itself and machines behind it.

2002-11-29  Vadim Kurland  <vadim@vk.crocodile.org>

	* policy-html.xsl: fixed bug #641217: print HTML buglet (while
	printing rules with multi-line comments, '\n' in comments should
	be replaced with tag <br>)

2002-11-28  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_ipt.cc (AssignInterface): fixed bug #645553: NAT
	rules assigned to wrong interface (when firewall's external and
	dmz interfaces are on overlapping subnets and NAT rule uses
	negation)

	* added calls to new policy rule processors emptyGroupsInSrc,
	emptyGroupsInDst etc. These find and eliminate empty groups in
	rule elements. Calls to these new processors where added in all
	policy and NAT compilers. this fixes bug #645263: Empty group
	becomes 'any'

	* NATCompiler_ipt.cc (processNext): fixed bug #644684: REDIRECT
	instead of DNAT (now we consider rule REDIRECt only if TDst
	is firewall, in all other cases we generate DNAT rule.)

2002-11-27  Vadim Kurland  <vadim@vk.crocodile.org>

	* StandardRulesDruid2.cc (generateRulesForNetProtection): added
	few more rules to the "Help me build policy druid":
	  o  SSH access to the firewall
	  o  DNS access from the firewall
	  o  DNS access from internal LAN to the firewall
	  o  DHCP access from internal LAN to the firewall

	* NATCompiler_ipt.cc (processNext): improved algorithm in
	addVirtualAddressForNAT. May be fixed bug #640329: virtual add for
	nat only using first ip (bug report is unclear, submitter has not
	posted an example).

2002-11-26  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt_writers.cc (_printSrcService): fixed bug
	#636497: MAC address compile mistake (there was space missing between
	--mac-source and --source-port in rules that used TCP/UDP service
	with non-empty source port definition)
	
	* NATCompiler_ipt.cc (processNext): fixed bug #644138 1.0.7 NAT
	mis-compiles rules (problem with rules that do only port
	translation, this bug is similar to #642161, but there is a
	difference: rule mentioned in this bug should generate iptables
	command with target REDIRECT)

2002-11-24  Vadim Kurland  <vadim@vk.crocodile.org>

	* TCPServiceDialog.cc (update_flags): fixed bug #642873: no way to
	block null scans (added support for TCP flag masks to
	libfwbuilder::TCPService and to the GUI).

2002-11-21  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_ipt.cc (processNext): fixed bug #642161: problem
	with NAT rules that translate port numbers but do not change
	addresses.

2002-11-19  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_ipt.cc (specialCaseWithDynInterface): fixed bug
	#634825: problem with dynamic external interface in MASQ NAT rule

	* ASDruidP05Dialog_glade.cc: fixed bug #640481: Typo in Help Me
	Build wizard

2002-11-16  Vadim Kurland  <vadim@vk.crocodile.org>

	* fwblookup.cc (main): general object lookup tool has been added
	to the distribution. This tool can be used in scripts that need to
	be able to find and inspect objects in the database, for example
	firewall policy install sctipt could use this tool to find the
	firewall and identify its management address.

	* PolicyCompiler_ipt_writers.cc (processNext): fixed bug #636497:
	MAC address compile mistake. (Problem happened in rules with MAC
	address filtering and no destination, or fw object in
	destination).

	* PolicyCompiler_ipt.cc (processNext): fixed bug #637694 - bridge
	enbaled / management. Compiler can now put rules with
	broadcast/multicast into FORWARD chain, but still recognizes rules
	controlling access to the firewall itself and puts those in INPUT
	chain.


2002-11-15  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cc (processNext): fixed bug #633211: rule
	shader when firewall is not part of 'any' - when option "firewall
	is part of any" is OFF, object "Any" does not shade firewall


2002-11-14  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyDialog.cc (PolicyDialog): fixed bug #635849: old and
	annoying problem where GUI detected non-existent change in the
	data tree once the user opened firewall object or any of the
	policy objects (InterfacePolicy, Policy or NAT). It then asked if
	the user wants to save the data before exiting the GUI.

	* PolicyList.cc (on_hscrollbar_value_changed): New feature in the
	GUI: RuleSetList has title bar that stays in place when the rule
	table widget scrolls up and down. The title bar is synchronized
	with the table when it scrolls left and right.

2002-11-13  Vadim Kurland  <vadim@vk.crocodile.org>

	* ObjectTree.cc (changeTreeLabel): fixed bug #637858: Bad Behavior
	on Firewall Interface object (the GUI sometimes did not properly
	update object's label in the tree)

	* OSConfigurator_linux24.cc (processFirewallOptions): fixed bug
	#634275: iptables modules loaded with -k

	* PolicyCompiler_ipt.cc (checkForMatchingBroadcastAndMulticast): 
	tentatively fixed bug #637694 - bridge enbaled / management. Needs
	more testing.

2002-11-12  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cc (expandMultipleAddressesIfNotFW): fixed
	bug #637488: compiler chose wrong chain for rules where interface
	with multiple addresses was used in Src or Dst

2002-11-10  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyList.cc (addTitleButton): Widget showing policy and NAT
	rules keeps rule column titles in place and scrolls rules
	underneath. Very convenient for large policies.

	* main_window.cc (on_saveas1_activate): fixed bug #636279: Save As
	behavior seems wrong (main window did not update title when user
	saved data in a different file using Save As main menu item)

2002-11-09  Vadim Kurland  <vadim@vk.crocodile.org>

	* configure.in: set version to 1.0.8-cvs

	* PolicyListItem.cc (source_drag_begin): fixed bug #635844: GUI
	crash while dragging a rule near the bottom of the ruleset when
	ruleset is large and the widget has been scrolled to show the last
	rule.

2002-11-05  Vadim Kurland  <vadim@vk.crocodile.org>

	* main_window2.cc (OpenObject): passing library name alongside
	with object id when scheduling opening object in the main
	window. This simplified and fixed navigation in user and standard
	trees (now I can open and sort system groups in "standard" tree).

2002-10-29  Vadim Kurland  <vadim@vk.crocodile.org>

	* 1.0.7 released

2002-10-28  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipf_writers.cc (_printWith): fixed bug: if
	ipfilter rule has multiple 'with' statements, they should be
	grouped with one 'with' keyword

2002-10-27  Vadim Kurland  <vadim@vk.crocodile.org>

	* OSConfigurator_linux24.cc (processFirewallOptions): added option
	and GUI checkbox to add a piece of shell code to the generated
	firewall script checking firewall interfaces.

	* platforms.cc (isDefaultOptions): fixed bug #629359:
	return-icmp-as-dest is not flagged in the GUI in the column
	"Options"

2002-10-26  Vadim Kurland  <vadim@vk.crocodile.org>

	* build_rpm.sh: setting _unpackaged_files_terminate_build to 0 in
	.rpmmacros

2002-10-25  Vadim Kurland  <vadim@vk.crocodile.org>

	* DialogPlugin.cc (saveEntry): cleaning user's input to avoid
	foreign characters

2002-10-24  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipf.cc (eliminateDuplicateRules): implemented
	feature req. #614034: Cross Rule consolidation. This rule
	processor finds and eliminates duplicate atomic rules. It ignores
	rules creates as the result of processing of negation, even if
	they are duplicates.

	* CommentDialog.cc (run): cleaning user's input to avoid foreign
	characters

2002-10-20  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cc (compile): added support for rule shading
	detection in the policy (both compiler and checkbox in the GUI dialog)

2002-10-18  Vadim Kurland  <vadim@vk.crocodile.org>

	* DiscoveryDruidP40Dialog.cc (createObjects): fixed bug #617005:
	sigsev when creating standard rules (missing InterfacePolicy child
	elements on interfaces of firewall object created via Network
	Discovery Druid).

	* PolicyCompiler_ipt.cc (prepareForMACMatching): fixed bug
	#624842: mac addrress lost when multiple hosts with MAC addresses
	using withing group of objects.

2002-10-17  Vadim Kurland  <vadim@vk.crocodile.org>

	* print-policy.xs1: fixed printing in plain text format

2002-10-16  Vadim Kurland  <vadim@vk.crocodile.org>

	* PrintDialog.cc: finally redesigned PrintDialog

	* policy-html.xsl: fixed printing in html form (IPv4 element,
	checking for fw platform to determine whether we should print
	time and logging rule elements)

2002-10-14  Vadim Kurland  <vadim@vk.crocodile.org>

	* OSConfigurator_linux24.cc (processFirewallOptions): fixed bug
	#617001: wrong module names used for ip_conntrack etc. if version
	of iptables is set to >1.2.6

	* PolicyCompiler_ipf_writers.cc (_printAction): fixed bug #616951:
	block return-icmp can not be used with direction 'outbound'

	* PolicyCompiler_ipf.cc (processNext): fixed bugs #616482 and
	#623376: rule with negation and logging logged everything.

	* OSConfigurator_linux24.cc (processFirewallOptions): added
	universal code that loads iptables modules if option "Load
	modules" is activated. Code loads any modules with names like
	*_conntrack_* and *_nat_*.

2002-10-13  Vadim Kurland  <vadim@vk.crocodile.org>

	* NewHostDruid.cc (on_finish): per user's request, interface of
	the newly created host object gets netmask 255.255.255.255 if
	"quick create" method is used.

2002-09-30  Vadim Kurland  <vadim@vk.crocodile.org>

	* release 1.0.6

	* TargetDialog_ipf.cc (TargetDialog_ipf): added global option for
	"return icmp masqueraded as being from packet's original
	destination" per bug #616492

2002-09-27  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cc (bridgingFw): added support for bridging
	firewall per Feature Req. #603726 and fixed bug #614898: bridged
	and dedicated dhcp.

	* PolicyCompiler_ipf_writers.cc (_printAction): fixed bug #614896:
	unexpected keyword ()). Compiler used to insert extra whitespaces
	around the number in block return-icmp-as-dest(3) construct.

	* NATCompiler_ipt.cc (processNext): fixed bug (no number) where
	compiler failed to add "-o interface" for SNAT or DNAT rules if
	virtual address is used in TSrc or ODst (resp.)

2002-09-26  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_ipt.cc (processNext): fixed bug (no number) where
	compiler did not process negation properly if one of the objects
	in the rule element with negation was a firewall or one of its
	interfaces.

2002-09-25  Vadim Kurland  <vadim@vk.crocodile.org>

	* ObjectTree.cc (sortSubtree): implemented sorting of objects by
	name and by property

	* ICMPServiceDialog.cc: added support for all ICMP types and codes
	assigned by IANA here: http://www.iana.org/assignments/icmp-parameters

	* main_window.cc (checkAndSaveData): aborting "exit" operation if
	changes in the file could not be saved.

	* FWObjectDatabaseGUI.cc (load): checking if file being opened is
	read-only

2002-09-24  Vadim Kurland  <vadim@vk.crocodile.org>

	* ObjectTree.cc (get_properties): interface properties in the tree
	shows its address.

2002-09-23  Vadim Kurland  <vadim@vk.crocodile.org>

	* ObjectTree.cc (TreePopupMenu): manual sort of tree branches is
	back. Automatic tree sorting is too cumbersom and sometimes leads
	to unexpected "jumping" of objects in the tree.

	* PolicyCompiler_ipt.hh: All policy compilers: added rule
	processors to eliminate duplicate objects in rule elements per
	Feaure req. #613424: consolidation of objects in a rule

2002-09-21  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt_writers.cc (_printAddr): fixed bug that
	caused indefinite loop in case interface or address object had
	empty netmask

2002-09-20  Vadim Kurland  <vadim@vk.crocodile.org>

	* HostDialog.cc (on_snmp_get_descr_released): checking that
	sysDesc data retrieved from the host via SNMP conforms to
	NVT ASCII coding.

2002-09-19  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyListItem.cc (source_drag_begin): properly checking for
	condition when main window has been positioned beyond left or
	right boundary of the screen (this should fix bug #608717)

	* TargetDialog_linux24.cc (TargetDialog_linux24): added support
	for user-defined path to modprobe (Feature req. #611323 "Allow
	modprobe path specification")

2002-09-16  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt_writers.cc (_printLogPrefix): use name of the
	interface, or word 'global', to substitute macro %I in custom log
	prefix (per support request #609956).
 
2002-09-15  Vadim Kurland  <vadim@vk.crocodile.org>

	* All policy compilers: added call for checkForZeroAddr
	processor which checks for host and network objects with address
	0.0.0.0, which is equivalent to 'any'. This is an error,
	compilation is aborted. This fixes bug #607380: host with no IP
	creates any rule.


	* libfwbuilder::Compiler.cc (complexMatch): fixed bug #605944:
	multicast addresses in FORWARD chain
	
	* PolicyCompiler_ipt_writers.cc (_printLogPrefix): fixed bug
	#609052: Incorrect syntax when using time and log (missing space
	between custom log prefix and "-m time")

	* HostDialog.cc (on_snmp_get_descr_released): fixed bug #609342:
	Problems with ISO-8859-2 letters in SNMP (now program cleans up
	strings before storing them to make sure all data conforms with
	UTF-8 encoding). Also now setting encoding "utf-8" in xml file.

2002-09-14  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyList.cc (buildTableBottom): fixed bug #608448: GUI crash
	leaving interface policy and bug #608717: GUI crashes while
	dragging rules.

	* PolicyList.cc (insertRuleBefore): fixed bug #609355: Rules are
	not copied properly (direction was lost when interface policy rule
	was copied via clipboard)

	* configure.in: set version to 1.0.6cvs

2002-09-10  Vadim Kurland  <vadim@vk.crocodile.org>

	* v 1.0.5 released

2002-09-08  Vadim Kurland  <vadim@vk.crocodile.org>

	* minor code cleanup. Changes to configure and Makefiles to
	support compile and linking with STLport
	
        * Makefile.in (INSTALL_STRIP): controlling build options via
        env. var FWB_BUILD_OPTIONS. Currently provides control for "-g"
        compiler/linker option and "-s" installer option.

2002-09-07  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_pf.cc (processNext): correctly process situations
	where address object is used in NAT rule and this address belongs
	not the firewall but to the host with the same address.
	
2002-09-06  Vadim Kurland  <vadim@vk.crocodile.org>

	* FilterDialog.cc (FilterDialog): using simple text entry field
	for address in FilterDialog. Fixed bugs in filter in Discovery Druid.

2002-09-04  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_ipf_writers.cc (processNext): using correct syntax
	for "port = NN" in DNAT rule with OSrv!=any

	* NATCompiler_ipf_writers.cc (printRule::_printAddr_R): properly
	printing /32 netmask for dynamic interface in "map" rule

	* OptionsDlg.cc (on_path_browse_clicked): activated button
	"Browse" in options dialog

	* popup menus in PolicyListElement are now translateable
	
2002-09-03  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_ipf_writers.cc (PrintRule): fixed bug #601069:
	implemented support for "from"/"to" in rdr rules for ipfilter

	* NATCompiler_pf.cc (processNext): fixed problem mentioned in bug
	#601069: fwb_ipf can't compile DNAT rule with ODst any.

	* NATCompiler_pf.cc (AssignInterface): properly picking up
	interface if address object is used in the policy, even if
	interface has dynamic address

	* IPv4Dialog.cc (on_dns_clicked): added "DNS Lookup" button to the
	address dialog

2002-08-31  Vadim Kurland  <vadim@vk.crocodile.org>

	* fwbuilder.cc: class Resources moved from fwbuilder to
	libfwbuilder

	* ListOfIcons.cc (addObject): user-defined groups now use special
	icons to show that they hold references to objects and not objects
	themselves.

2002-08-30  Vadim Kurland  <vadim@vk.crocodile.org>

	* added bunch of standard objects to objects_init.xml

2002-08-29  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_ipt.cc (doOSrcNegation, doODstNegation): fixed bug#
	599650: missing protocol option ("-p") in SNAT/DNAT/REDIRECT rules
	with translated port specification

	* configure.in: better #include for detection of nanosleep 

2002-08-28  Vadim Kurland  <vadim@vk.crocodile.org>

	* fwbuilder.cc (main ): moved initialization
	libfwbuilder::init_dns futher down, so that it can show
	MessageDialog::Error if there was a problem initializing lwres
	(init_dns throws exception if lwres does not work)

	* Set Copyright to NetCitadel, LLC

2002-08-27  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_ipt.cc (VerifyRule2): two additional sanity checks
	for iptables. This can possibly address bug #599650

2002-08-26  Vadim Kurland  <vadim@vk.crocodile.org>

	* ObjectTree.cc (get_tree_label): using interface labels to
	label objects in the tree

	* DialogPlugin.hh (readDefaults): added virtual method to set
	default values to platform or OS parameters.

	* OSConfigurator_linux24.cc (addVirtualAddressForNAT): better code
	for "ip addr add" and "ip addr flush" commands, suggested by
	Jeremy

2002-08-25  Vadim Kurland  <vadim@vk.crocodile.org>

	* OSData.hh: using full absolute path for command line tools in
	generated firewall scripts for all platforms, e.g. "/sbin/iptables",
	"/sbin/ip" etc.). Added GUI controls so	that user can now edit
	path if tools are in non-standard place.

2002-08-24  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt_writers.cc (_printTimeInterval): fixed bug
	#599454: module 'time' requires specification of all three
	parameters: --timestart, --timestop and --days

	* OSConfigurator_linux24.cc (addVirtualAddressForNAT): fixed bug
	#597296: added netmask and broadcast specification to "ip addr add"
	command generated by fwb_ipt

	* NATCompiler_ipt.cc (splitNONATRule): in case of NONAT, when the
	chain is OUTPUT, set OSrc to any.

	* merged branch virt_iface : suport for virtual interfaces
	
2002-08-22  Vadim Kurland  <vadim@vk.crocodile.org>

	* InterfaceDialog.cc (wrk2dlg): Security level moved to the tab
	"General" in InterfaceDialog. Also added checkbox "This is the
	management interface".

	* FWObjectDatabaseGUI.cc (newInterfacesViaSNMP): new interfaces,
	obtained via SNMP query, are merged with existing
	ones. Pre-exsiting interfaces that do not exist in the list
	obtained via snmp are deleted.

	* configure.in: now initializing automake in configure.in

2002-08-21  Vadim Kurland  <vadim@vk.crocodile.org>

	* NewHostDruidP20Dialog.cc (NewHostDruidP20Dialog): added classes
	for "NewFirewall druid

2002-08-20  Vadim Kurland  <vadim@vk.crocodile.org>

	* NewHostDruid.hh: NewHostDruid is called when user adds new Host
	object. This Druid provides GUI controls for initial host
	configuration and adds interfaces.

	* InterfaceListWidget.cc (addInterface): fixed bug #597285
	(GUI crash opening tab "Interfaces" in firewall dialog)

2002-08-19  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyListElement.cc (create_popup_menu): using new class
	popupMenu.  Working on improving GUI stability.

	* PolicyCompiler_ipt_writers.cc (processNext): fixed problem #1 in
	bug #597418 (missing space after MAC address in the rule)

2002-08-18  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt_writers.cc (_printSrcService): fixed bugs
	#596983 and #603470: multiport requires options --source-ports and
	--destination-ports (and does not recognize "--destination-port"
	and "--source-port" anymore) starting from iptables v1.2.6 and
	newer
	* PolicyCompiler_ipt_writers.cc (_printLogParameters): more
	complete support for ULOG

2002-08-17  Vadim Kurland  <vadim@vk.crocodile.org>

	* RuleOptionsDialog.cc (run): implemented Feature req. #514507:
	ability to change logging level in rule options

	* PolicyCompiler_ipt.cc (Logging1): implemented "log all"
	global logging option per Feature req. #481670

	* PolicyCompiler_ipt_writers.cc (_printTarget): implemented support
	for ULOG target. Feature req. #591486

	* PolicyCompiler_ipt.cc (singleSrcNegation): optimized processing
	of negation in Src, Dst and Srv for the case where rule element
	holds single object

	* PolicyCompiler_ipt.cc (prepareForMultiport): fixed bug #596430:
	compiler ignored more than one custom object used in the
	ServiceGroup or together in one rule element

	* PolicyCompiler_ipt.cc (addPredefinedRules): this rule processor
	adds some predefined rules on top of the policy. This fixes old
	bug #580937

2002-08-16  Vadim Kurland  <vadim@vk.crocodile.org>

	* OSConfigurator_linux24.cc (addVirtualAddressForNAT): fixed bug
	#596349: wrong netmask in virtual addresses added by compiler

	* ipt.cc (main): fixed bug #594093: wrong TZ name in the generated
	script

	* PolicyCompiler_ipt_writers.cc (_printTarget): fixed bug #596255:
	log-prefix missing in rules with 'limit' option

	* ObjectQuickView.cc (fillObjectQuickViewText): showing pop-up
	object tooltips for objects Interface and IPv4

	* OSConfigurator_freebsd.cc (addVirtualAddressForNAT): 
	* OSConfigurator_openbsd.cc (addVirtualAddressForNAT): 
	* OSConfigurator_solaris.cc (addVirtualAddressForNAT): scanning
	IPv4 objects on interfaces while looking for the one to add
	virtual address on

	* OSConfigurator_linux24.cc (addVirtualAddressForNAT): scanning 
	virtual interfaces and adding new virtual address with appropriate
	netmask

2002-08-14  Vadim Kurland  <vadim@vk.crocodile.org>

	* Makefile.in (USE_INCLUDED_LIBINTL): using proper variables for
	gettext support

	* configure.in: using both <time.h> and <sys/time.h> while detecting
	library for nanosleep

2002-08-12  Vadim Kurland  <vadim@vk.crocodile.org>

	* BuiltinDialog.cc (SaveData): change object label in the tree
	only of its name has changed. It used to behave like this, but by
	some reason code was changed.

	* main_window2.cc (insertCopy): duplicate, copy and paste now
	work for interfaces and addresses

2002-08-11  Vadim Kurland  <vadim@vk.crocodile.org>

	* main_window_menu.cc (build_menu): menu items to add interface
	and ipv4

	* IPv4Dialog.hh (class IPv4Dialog): dialog for IPv4 object

	* ObjectTree.cc (insertSubtree): tree autosorting

2002-08-10  Vadim Kurland  <vadim@vk.crocodile.org>

	* InterfacePolicyDialog.hh (class InterfacePolicyDialog): showing
	Interface policy in a dialog

	* InterfaceDialog.hh (class InterfaceDialog): made interfaces
	appear int he tree and InterfaceDialog appear in the right panel

2002-08-09  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyList.cc (appendRuleAfter): fixed bug #592396: GUI behaved
	erratically if menu item "add rule after current" was used on the
	empty policy

	* PolicyListElement.cc (popup_menu): fixed bug #593234: running in
	German locale causes "help me build policy" Druid to produce
	incorrect rules (XML attribute "direction" translated)

	* post-glade.pl: added code to get rid of translation for empty
	strings (changes _("") to N_("") ) in fles produced by glade--
	
2002-08-08  Vadim Kurland  <vadim@vk.crocodile.org>

	* DialogPlugin.cc: adjusted for glade-- 1.1.1b

2002-08-07  Vadim Kurland  <vadim@vk.crocodile.org>

	* FWObjectDatabaseGUI.cc (load): showing error dialog if user is
	trying to load file with objects using unsupported firewall
	platforms or host OS

	* Resources.hh (class Resources): made methods that deal with
	target platform name throw exception if support for given target 
	is not available

2002-08-06  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.hh: finished work on bug #591316 (corrections
	for g++ 2.95.3 used on Suse)

2002-08-05  Vadim Kurland  <vadim@vk.crocodile.org>

	* fixed bug #589772: added internationalization support in policy
	compilers
	
	* ipf.cc (main): Added internationalization support in policy
	compiler for ipfilter

	* pf.cc (main): Added internationalization support in policy
	compiler for pf

	* ipt.cc (main): Added internationalization support in policy
	compiler for iptables

	* PolicyCompiler_ipt.cc (processNext): do not repeat service in
	the iptables command with action in rules with logging
	
	* PolicyCompiler_ipt.cc (splitServicesIfRejectWithTCPReset):
	correctly processing case with action_on_reject set in a global
	options
	
2002-08-04  Vadim Kurland  <vadim@vk.crocodile.org>

	* ipt.cc (main): fixed bug #590691: logger assumed to be in
	/usr/bin

	* PolicyCompiler_ipt.cc (splitServicesIfRejectWithTCPReset): fixed
	bug #590690: incorrect processing of action_on_reject "TCP RST" in
	combination with logging.

2002-08-02  Vadim Kurland  <vadim@vk.crocodile.org>

	* main_window2.cc (insertToSystemGroup): fixed bug #590029: When
	duplicating a firewall the new fw has no platform
	("Unknown/Unknown") even if the original firewall had one.

	* PolicyList.cc (buildTitles): fixed bug #589769: missing
	translations for column titles in Policy and NAT widgets

	* DiscoveryDruidP40Dialog.cc (on_selection_changed): fixed bug
	#589768 : proper handling of plurals in translated text

	* OptionsDlg.cc (OptionsDlg): fixed bug #589763: made tree
	autoresizeable in Options dialog.

	* CertificateDruid.cc (CertificateDruid): fixed bug #589767: added
	missing text to *.po files

	* OptionsDlg.cc (OptionsDlg): autoresizing column width in ctree

2002-08-01  Vadim Kurland  <vadim@vk.crocodile.org>

	* v1.0.4 released

2002-07-29  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyList.cc (RuleSetList): PolicyList widget now shows rule
	elements "time Interval" and "Options" only if target platform
	supports them (controlled by capability elements in platform
	specific resource file).

	* MessageDialog.hh (class MessageDialog): MessageDialog is now
	transient for the window that called it. Using additional
	paremeter in call to all static members to pass reference to the
	widget; MessageDialog uses this reference to find top-level window
	and becomes transient for that window.

	* PolicyCompiler_ipt.cc (processNext): using complexMatch for
	comparison in the case when firewall (or "equivalent" object) is
	simultaneously in both src and dst.

2002-07-28  Vadim Kurland  <vadim@vk.crocodile.org>

	* TargetDialog_pf.cc (wrk2dlg): moved firewall s/w version to
	the tab "Firewall"

	* FirewallDialog.cc (FirewallDialog): removed checkbox "Dynamic
	Address" from the tab "General" in FirewallDialog. Address in this
	tab serves for the management purposes and should not be dynamic.

	* MessageDialog.cc (run): MessageDialog is now transient window
	for the last main window (always stays on top of it and has window
	decorations of a transient window, if window manager supports it)

2002-07-26  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyList.cc (createTitleButton): made title buttons passive

	* main_window2.cc (on_sort): now if user sorts subtree, program
	updates tree view in all windows

	* ObjectTree.cc (constructor): made title buttons passive

	* BackgroundOpWidget.cc (init): fixed a problem where scroll bar
	was not properly connected with clist widget in the pop-up window
	following progress of compile or any other background operation

2002-07-25  Vadim Kurland  <vadim@vk.crocodile.org>

	* configure.in: added (blank) file for German translation.
	* configure.in: set designation to RC2 (release candidate)

	* FWObjectBook.cc (addPage): improved scrolling in object trees:
	now tree can be scrolled up and down, while its title bar stays in
	place.

	* PolicyList.cc (Clear): eliminating calls to manage

2002-07-23  Vadim Kurland  <vadim@vk.crocodile.org>

	* fwbuilder.cc (main): added parameter to Gtk::Main to indicate
	presence of locale. Russian locale works now!

2002-07-22  Vadim Kurland  <vadim@vk.crocodile.org>

	* Merged branch gettext - Internationalizarion support is
	incorporated in the main trunk.

	* configure.in: checking for extra libraries for nanosleep

	* Makefile.in (all-yes): correction: should create libintl.h
	before try to build the code (original Makefile.in had dependency
	on the library defined before dependency on libintl.h file,
	therefore it tried to compile before it created libintl.h file)

	* ru.po: added basic files for Russian translation; testing gettext
	NLS support

2002-07-21  Vadim Kurland  <vadim@vk.crocodile.org>

	* applied gettext support patch from Florent MANENS <manens@efrei.fr>
	  (working in branch 'gettext')
	
2002-07-20  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyList.cc: added basic support for control of target
	platform capabilities in GUI. Newly created Policy rules will have
	logging turned on only if target platform supports it. Also pop-up
	menus associated with rule elements can have some items disabled
	depending on the capabilities of target firewall platform. Other
	currently supported capabilities include: logging in policy rules,
	support for rule options, support for negation in policy,
	interface policy and nat (separate flag for each).

	* Resources.cc (getTargetCapability): added method
	Resources::getTargetCapability - this allows us to enable/disable
	certain features in the GUI depending on whether target platform
	provides support for them.

2002-07-19  Vadim Kurland  <vadim@vk.crocodile.org>

	* Resources.cc (setDefaultTargetOptions): setDefault* methods are
	static now. Also separated "properties" and "options" elements in
	resources.xml.

2002-07-18  Vadim Kurland  <vadim@vk.crocodile.org>

	* Resources.cc (setDefaultOptionsAll): better set of methods for
	class Resources

2002-07-17  Vadim Kurland  <vadim@vk.crocodile.org>

	* BackgroundOpWidget.cc (monitor_operation): using nanosleep to
	suspend foreground thread when ackground opration is in progress.
	This prevents GUI from taking up too much CPU time

	* listicons.sh: moved call to script that generates list of icons
	we use to configure.in


2002-07-16  Vadim Kurland  <vadim@vk.crocodile.org>

	* BackgroundOpWidget.cc (monitor_operation): fixed bug #582271:
	fwbuilder goes postal when compiling. Added usleep(100) into idle
	event handler so that GUI won't consume lots of CPU time while
	serving output of background process

	* CustomServiceDialog.cc (CustomServiceDialog): using class
	OptionMenuWidget in CustomServiceDialog

2002-07-15  Vadim Kurland  <vadim@vk.crocodile.org>

	* BackgroundOpWidget.cc (init): using widget CList instead of Text
	in BackgroundOpWidget

	* TargetDialog_ipf.cc (TargetDialog_ipf): fixed bug #580916: added
	gloabl option to control action on reject for fwb_ipf

	* PolicyCompiler_pf_writers.cc (processNext): fixed bug #581695:
	option "modulate state" applies only to TCP service in OpenBSD PF.

	* PolicyCompiler_ipt_writers.cc (processNext): fixed bug #580937:
	Log without prefix. fwb_ipt did not include custom log prefix in
	the rule generated for option "Log or dropped packets".

	* NATCompiler_ipt.cc (separateSourcePort): fixed bug #581814:
	fwb_ipt incorrectly combines objects with source port or source
	port range with objects with destination port or port range in NAT
	rules using multiport.

2002-07-13  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_ipt.cc (processNext): followup for bugfix for bug
	#576598. Fix for that bug introduced problem when outside
	interface of the firewall is dynamic. See comment in the code.

2002-07-12  Vadim Kurland  <vadim@vk.crocodile.org>

	* Resources.cc (loadRes): code cleanup in class Resources. Now
	resources for firewall platforms and target OS can be packaged
	separately from the GUI, together with corresponding policy
	compilers. Class Resources loads all .xml files it can find in
	TEMPLATE_DIR/platform and TEMPLATE_DIR/os and creates one object
	of itself for each platform and os, besides of global_res which
	still holds universal global resources. This concludes separation
	of the GUI and modules that provide support for target platforms
	(if I have not forgotten anythig, that is)

2002-07-11  Vadim Kurland  <vadim@vk.crocodile.org>

	* configure.in: checking for appropriate value for the second
	argument for dlopen (ran into problem on OpenBSD)

	* it turned out external C functions on OpenBSD should be called
	with '_' prepended to their name. I define macro
	EXTERNAL_FUNC_NAME_PREFIX in config.h.in that configure will
	set to either nothing or '_'. I could not figure out better way
	to work around this problem.

2002-07-09  Vadim Kurland  <vadim@vk.crocodile.org>

	* fwbuilder.cc (main): restoring main window position only if user
	set corresponding option in the preferences (earlier we restored
	window size if the option was set, but window position was
	restored regardless of this option)

	* ObjectQuickView.cc (deactivate): fixed bug that caused GUI to
	crash at random times after user switched between policy and nat
	dialogs several times

	*  merged branch "dialog-separation". Now all platform-specific
	dialogs are built as a standalone dynamically loaded modules
	and are installed in TEMPLATEDIR/modules/gui. These dialogs are
	also packaged with policy compiler RPMs instead of the GUI RPM.
	
2002-07-08  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cc (processNext): fixed bug #578162: Invalid
	syntax on REJECT w/tcp-rst. Compiler now issues warning and clears
	action-on-reject flag if reject with TCP RST is ordered on the
	rule with non-TCP services

2002-07-07  Vadim Kurland  <vadim@vk.crocodile.org>

	* DialogFactory.cc (class DefaultDialogFactory): this method loads
	dynamic library that contains class handling dialog for specified
	target platform and then creates instance of this class.

	* all dialogs for target platform (both firewall options and host
	OS options) are now created as dynamically loaded modules.
	
2002-07-04  Vadim Kurland  <vadim@vk.crocodile.org>

	* autogen.sh: added script autogen.sh - this script regenerates
	all critical scripts and config files (aclocal.m4, ltmain.sh and
	ltconfig, configure etc) using aclocal, automake and libtool. This
	needs to be done to properly build on different platforms. This
	fixes bug #574106

2002-07-03  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_pf_writers.cc (processNext): fixed bug #577060:
	compiler used to add word "inet" to every rule in ipf.conf
	file. This bug was introduced when I fixed bug #569942.

	* PolicyCompiler_ipt_writers.cc (_printTarget): fixed bug #575674
	- compiler added "limit" option to all generated iptables rules
	instead of adding it to only LOG and ACCEPT/DROP/REJECT rules.

	* NATCompiler_ipt.cc (processNext): fixed bug #576598 (user
	reported a problem with configuration where DNAT translation was
	provided using IP addresses on DMZ (interface eth3, routable IP),
	but connection was actually coming from outside.  Compiler used to
	add "-i eth3" to the generated code which broke his DNAT rule
	because packets were actually entering firewall through different
	interface.

2002-07-01  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_ipt.cc (processNext): fixed bug #575492 - compiler
	erroneously combined single ports and port ranges in NAT rules
	using multiport.

2002-06-28  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cc (specialCaseWithCustomServices): 
	fixed bug #574836 (useless state NEW w/ ESTABLISHED,RELATED in
	fwb_ipt)
	
2002-06-26  Vadim Kurland  <vadim@vk.crocodile.org>

	* HostDialog.cc (dlg2wrk): fixed bug #573985 (could not change
	interface attributes in Host object dialog)

	* PolicyCompiler_ipt.cc (processNext): additional correction for
	bugs #571824 and #571524 ( interface rules with direction 'both')

2002-06-25  Vadim Kurland  <vadim@vk.crocodile.org>

	* PIXAdvancedNetDialog.cc (PIXAdvancedNetDialog): added bunch of
	"sysopt" options to PIX Advanced NEtwork parameters dialog

	* set version to 1.0.4

2002-06-24  Vadim Kurland  <vadim@vk.crocodile.org>

	* PIXAdvancedNetDialog.cc (dlg2wrk): added page "SNMP" to PIX
	Advanced Network options dialog
	
	* PIXAdvancedFWDialog.cc (on_defaults_clicked): PIX "Advanced"
	firewall options dialog now supports resetting timeouts to their
	default values. Also added page "Logging" to this dialog.

	* PolicyCompiler_ipt_writers.cc (_printDirectionAndInterface): 
	fixed bugs #571824 and #571524 : compiler used to create rule in
	FORWARD chain with missing interface specification for interface
	policy rules

	* PolicyCompiler_ipt_writers.cc (_printLimit): fixed bug #572746:
	fwb_ipt: rule option confusion. This bug addressed several issues:
	1) limit_value and limit_burst are applied to the logging
	option. In fwb_iptables they are applied to the actual action
	(eg accept) as the dialog text indicates.2) the output of
	limit_burst is missing a space: --limit-burst0 3) tcp-rst option
	on reject does not work. The compiler forgets to output
	--reject-with tcp-reset. fwb_iptables works ok. 4) The single rule
	created on the loopback interface by the druid
	(permit all protocols on loopback) does not work. I changed this
	to two rules as produced by older versions of the druid, this
	works. (this problem may already be reported)

	
	* NATCompiler_ipt.cc (processNext): fixed bugs #570694, #572847 :
	problems in NAT & transparent proxy rules.
	
	* NATCompiler_ipt.cc (processNext): fixed bug #572848: new chain
	created in inappropriate table in iptables script generated for
	NAT rules with negation
	

2002-06-23  Vadim Kurland  <vadim@vk.crocodile.org>

	* resources.xml.in: added few default options for FirewallOptions
	and HostOptions for various firewall plaforms and host OS.

	* Resources.cc (Resources): added wrappers getXmlNodeProp and
	getXmlNodeContent for better memory management. Moved setting of
	default object properties and default host and firewall options
	from classes Firewall and Host to Resources.

2002-06-21  Vadim Kurland  <vadim@vk.crocodile.org>

	* PIXAdvancedNetDialog.cc (run): added 'advanced' dialogs for
	PIX

2002-06-17  Vadim Kurland  <vadim@vk.crocodile.org>

	* Version 1.0.3 released
	
2002-06-17  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_pf_writers.cc (_printProtocol): fixed bug
	#569942: Syntax error while loading rules on OpenBSD

	* fwbuilder.cc (main): added command line option "-o objid"
	that causes GUI to show object with given ID immediately after
	program starts.

2002-06-14  Vadim Zaliva  <lord@crocodile.org>

	* fwbuilder.cc (main): static intialized moved 
	to libfwbuilder.

2002-06-13  Vadim Kurland  <vadim@vk.crocodile.org>

	* ObjectTree.cc (source_drag_begin): using default icon for
	drag&drop (simplified code, fixed  core dump)

2002-06-10  Vadim Kurland  <vadim@vk.crocodile.org>

	* FWObjectDatabaseGUI.cc (create): fixed bug #566693: crash on
	copy/cut operations in the policy if object being copied is
	firewall. Bug was introduced and fixed in 1.0.3

2002-06-08  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_ipt.cc (processNext): fixed bug #566172: Original
	Dest. in DNAT rules can be any.

2002-06-07  Vadim Kurland  <vadim@vk.crocodile.org>

	* Preferences.cc, Resources.cc, SimplePixmap.cc: eliminated major
	memory leak. Fixed bugs #553299 and #559958

2002-06-06  Vadim Kurland  <vadim@vk.crocodile.org>

	* ipf.cc (main): 
	* pf.cc (main): 
	* ipt.cc (main): fixed bug #564633: compiler does not set (x)
	permission

	* FWObjectClipboard.cc (putObject): class clipboard creates
	and stores a copy of the object (uses FWObjectDatabase::create
	and then FWObject::operator= )

2002-06-05  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipf.cc (processNext): 
	* PolicyCompiler_ipt.cc (processNext): taking care of some special
	cases with dynamic interfaces in ipt and ipf compilers.

2002-06-02  Vadim Kurland  <vadim@vk.crocodile.org>

	* set version to 1.0.3, added autoupgrade transofrmation for
	preferences

	* added ReleaseNotes_1.0.3.html

	* PolicyCompiler_ipt_writers.cc (_printTimeInterval): new policy
	compiler for iptables: added support for time intervals

	* main_window.cc (showSaveStatusbar): file name is shown on the main
	window title bar.

2002-06-01  Vadim Kurland  <vadim@vk.crocodile.org>

	* main_window.cc (showSaveStatusbar): gui shows icon of a floppy
	on the status bar when data has been modified and requires saving

2002-05-31  Vadim Kurland  <vadim@vk.crocodile.org>

	* OSConfigurator_linux24.cc (processFirewallOptions): fixed bug
	#551323  (iptables modules names have changed in v1.2.6 and later)
	Added support for predefined firewall platform version numbers in
	firewall dialog
	
	* main_window.cc (main_window): split statusbar onto three smaller
	status areas: for the current data file name, for "needs saving"
	indicator and for assorted text status messages.

2002-05-29  Vadim Kurland  <vadim@vk.crocodile.org>

	* InterfaceData.hh (struct InterfaceData): bugfix: attributes
	label, physAddress and network_zone are #IMPILED so InterfaceData
	should copy values only if they are not empty.

	* NATCompiler_ipt.cc (processNext): fixed bug #562173 : DNAT rule
	could not be created if all external interfaces of the firewall
	had dynamic address.

	* ICMPServiceDialog.cc (on_type_combo_changed): Fixed bug #562171:
	ICMP service dialog now provides widgets for setting ICMP type and
	code both numerically and from the list of predefined values. Any
	numeric value in the range 0-255 can be used for both type and
	code.
	
	
2002-05-27  Vadim Kurland  <vadim@vk.crocodile.org>

	* main_window.cc (main_window): added upport for multiple windows
	mode. Added few static methods working on all windows. Disabled
	floating dialog feature, but the code is still there. Removed
	FWObjectDatabase::Scratchpad, instead each dialog manages data in
	widgets until saved into the object. FirewallDialog is an
	exception!

	* InterfaceListWidget.cc (InterfaceListWidget): this widget now
	uses struct InterfaceData to pass data in and out

	* InterfaceData.hh (struct InterfaceData): this structure
	represents parameters of object Interface for widgets and dialogs.
	Using this structure we simplify methods of widgets and dialogs
	and don't have to create temporary objects of class Interface and
	thus avoid having to attach them to the tree and so on.

2002-05-25  Vadim Kurland  <vadim@vk.crocodile.org>

	* TMPGroupObject.hh (class TMPGroupObject): this class represents
	an object that has all properties of a group, except it does not
	save itself in XML file and its validateChild method approve
	objects of any type. This object is used to create temporary group
	in the tree where working copies of other objects can be
	temporarily stored so that dialogs can use them for editing.
	
	* code cleanup in the GUI. Created separate class Navbar
	
2002-05-23  Vadim Kurland  <vadim@vk.crocodile.org>

	* converted policy compilers fwb_ipt, fwb_pf and fwb_ipf to the
	new API based on class RuleProcessor

2002-05-19    <vadim@vk.crocodile.org>

	* PolicyListElement.cc (popup_menu): fixed bug #557899 - GUI
	crashes on "Cut" operation on policy and NAT rules

2002-05-18  Vadim Kurland  <vadim@vk.crocodile.org>

	* HostDialog.cc (on_snmp_get_released): gui checks and creates
	only interfaces that are "up" when it gets a list via snmp query

	* PolicyCompiler_ipf.cc (checkForKeepState): fixed bug #557033
	ipf supports 'keep state' only for icmp/udp/tcp protocols

	* ipt.cc (main): fixed bug #557015 - compiler crashed if it
	could not find firewall object

	* PolicyCompiler_ipt.cc (separateSrcPort): fixed bug #556438
	multiport does not accept source and destination ports
	simultaneously

	* NATCompiler_ipt_writers.cc (_printTPorts): fixed bug #556783
	source and destination port ranges in "original" part of NAT
	rules should use ':' as separator

2002-05-17  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_pf.cc, PolicyCompiler_ipf.cc,PolicyCompiler_ipt.cc
	(compile): using macros FOR_EACH_RULE_P1,
	FOR_EACH_RULE_P2, FOR_EACH_RULE_N1, FOR_EACH_RULE_N2.  Using new
	DebugRule method.

	* ipt.cc, pf.cc, ipf.cc : Fixed processing of "-x" command line
	switch so that numeric argument can now be given.

2002-05-16  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.hh: using new implementations of
	for_each_rule and for_each_const_rule 

2002-05-14  Vadim Kurland  <vadim@vk.crocodile.org>

	* v1.0.2 released
	
2002-05-13  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_ipt.cc (operator): checking for a situation when all
	external firewall interfaces have dynamic addresses for DNAT rule

2002-05-09  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_pf.cc (NATRuleType): detecting more types
	of NAT rules (DBinat, SBinat, NONAT)

	* PolicyCompiler_pf.cc (compile): using separateTCPWithFlags

	* PolicyCompiler_ipt.cc (compile): moved separateTCPWithFlags
	to PolicyCompiler

2002-05-09    <vadim@vk.crocodile.org>

	* BuiltinDialog.cc (LoadData,SaveData,UndoChanges): calling
	destroyChildren to clean up scratchpad copy and/or original object
	before copying the into each other - eliminates memory leak

	* eliminated few memory leaks in the GUI (mostly not "managed" widgets)

	* fwbuilder.cc (main): now I delete all windows and objects before
	program exists (helps debugging memory leaks)

2002-05-07  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt_optimizer.cc (_optimizeForRuleElement): added
	simple optimization to new iptables policy compiler

2002-05-06  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cc (operator): splitting rules not only if
	firewall object is part of src or dst, but also if broadcast
	(and multicast in the future) is there
	* PolicyCompiler_ipt.cc (operator): using _isMatchingFW in
	PolicyCompiler_ipt::splitIfInputChainObjectSrc and
	PolicyCompiler_ipt::splitIfInputChainObjectDst

2002-05-03  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipf.cc (compile): fixed bug #546195 : "skip" with
	"quick" in ipfilter

	* PolicyCompiler_ipt.cc (compile): added debug print and fixed
	  some minor bugs
	* NATCompiler_ipt.cc (compile): added debug print

	* ipt.cc (main): added support for command line switches
	-xr and -xn for debugging

2002-05-03    <vadim@vk.crocodile.org>

	* NATCompiler_ipt.cc (VerifyRules::operator()): straightened rule
	verification code

	* NATCompiler_ipt.cc (NATRuleType::operator()): new iptables
	compiler supports SBinat and DBinat NAT rules

2002-04-27  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt_writers.cc (_printAddr): more meningful error
	message in case of interface with empty netmask. Not perfect, but
	better still.

2002-04-26    <vadim@vk.crocodile.org>

	* BackgroundOpWidget.hh: defined rules of using BackgroundOpWidget
	and added methods allowing connecting and disconnecting of object
	of class BackgroundOp and widget BackgroundOpWidget.

	Made changes in other classes using background operations to
	follow these rules. 

2002-04-22  Vadim Kurland  <vadim@vk.crocodile.org>

	* ExecBgr.cc (stop_operation): killing background process if user
	clicks "Stop"

	* Makefile.in (GLIB_CFLAGS): added GLIB_CFLAGS and GLIB_LIBS back to
	Makefile.in

2002-04-21    <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cc (compile): added support for option "Assume
	firewall is part of Any" in the new iptables compiler

2002-04-20    <vadim@vk.crocodile.org>

	* BackgroundOpWidget.cc (display_lines): this class now connects
	its method display_lines to signal 'idle' where reads lines from
	the logger. If logger is empty and background operation has
	finished, handler is disconnected from the signal. This class also
	disconnects logger (calls Logger::disconnect) in its destructor.

2002-04-19  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cc (prepareForMultiport): added support for
	MAC address matching in the new iptables compiler

	* PolicyCompiler_ipt.cc (separatePortRanges): separating TCP and
	UDP port ranges 'cause they can not be used with multiport

2002-04-18  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt_writers.cc (_printDstService): added support
	for CustomService in the new iptables compiler

	* PolicyCompiler_pf_writers.cc (_printDstService): added support
	for CustomService in compilers for PF and IPF

	* PolicyCompiler_ipt.cc (operator): better processing for
	multiport.  Now making sure we supply no more than 15 ports for
	multiport module and also separating TCP services with flags
	'cause those can not be used together with others in multiport.

2002-04-17  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_pf_negation.cc (operator): implemented support
	for negation in NAT for OpenBSD PF (using "no nat" )

	* NATCompiler_ipf.cc (operator): *** Negation in NAT is _NOT_
	supported for ipf

	* NATCompiler_ipt.cc (operator): implemented support for negation
	in NAT for the new iptables compiler. Fixed bug #545028 in the new
	compiler

2002-04-17    <vadim@vk.crocodile.org>

	* PolicyCompiler_pf.cc (compile): implemented support for AddressRange
	in Src/Dst for pf,ipf,ipt. Bug #543335 

	* NATCompiler_ipt_writers.cc (_printAddr): implemented support for
	AddressRange in SNAT and DNAT rules (feature req. #476511)

2002-04-16  Vadim Kurland  <vadim@vk.crocodile.org>

	* OSConfigurator_linux24.cc (processFirewallOptions): 
	* iptables.c: improved code checking for modules installed on the
	system so it will now detect compressed modules (*.o.gz). Bug #544587

2002-04-15    <vadim@vk.crocodile.org>

	* FirewallDialog_ipf.cc (init_ipf): 
	* NATCompiler_ipf.cc (operator): added support for built-in
	application proxies in "map" rules for ipfilter per support
	req. #543383

2002-04-14    <vadim@vk.crocodile.org>

	* PolicyCompiler_ipf.cc (_printAction): 
	* RuleOptionsDialog.cc (run): added rule option
	"return_icmp_as_dest" for ipf per support req. #543768

2002-04-12    <vadim@vk.crocodile.org>

	* NATCompiler_ipt.cc (operator): most of the implementation of NAT
	in the new ipt compiler (still need to work on negation in NAT)

	* PolicyCompiler_ipf.cc (operator): added "keep frag" rule option
	for ipf per support req. #541753

	* NATCompiler_pf.cc (operator): added check for DNAT rules with
	service "any" (bug #541814 )
	

2002-04-11  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_pf.cc (_printAddr): 
	* NATCompiler_pf.cc (_printAddr): Added support for policy rules
	and translations on interfaces with dynamic addresses. Feature
	req. #542705

	* IconList.cc (size_allocate_impl): more bugfixes for 64-bit
	platforms

2002-04-11    <vadim@vk.crocodile.org>

	* IconList.cc (get_label_width): bugfix for 64-bit platforms
	(testing on Alpha)

2002-04-09    <vadim@vk.crocodile.org>

	* configure.in: checking for ccache and using it if present

2002-04-08    <vadim@vk.crocodile.org>

	* src/Makefile.in: 
	* ipt/Makefile.in:
	* pf/Makefile.in: I do not need to explicitly add parameters for
	GLIB because we supply them via libfwbuilder-config

	* configure.in: removed check for GTK. It was redundand because we
	depend on GTKMM, which in turn can not be installed without GTK.
	I had to keep check for GLIB even though we add CFLAGS and LIBS for
	GLIB via the output of libfwbuilder-config because of the old
	iptables compiler does not use libfwbuilder
	
2002-04-07    <vadim@vk.crocodile.org>

	* objects_init.xml.in: added few new objects (PCAnywhere, winterm,
	Citrix ICA), renamed IPService object IPSEC to ESP, added IPService
	object AH and service group IPSEC

2002-04-07  Vadim Kurland  <vadim@vk.crocodile.org>

	* configure.in: Set version to 1.0.2

	* PolicyCompiler_ipt.cc (_printDstService): printing of addresses
	and services, using multiport module

	* PolicyCompiler_ipt.cc (compile): support for some predefined
	rules (log all dropped, accept_established, clamp_mss_to_mtu and
	accept_new_tcp_with_no_syn options)
	
	* PolicyCompiler_ipt.cc (_printActionOnReject): support for different
	modes of REJECT

	* PolicyCompiler_ipt.cc (_printLogParameters): support for logging
	parameters

	* Added new log prefix macro %C - prints chain name as part of log
	prefix (feature req. #535950)

2002-04-06  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cc (operator): implemented negation in policy
	rules in the new iptables compiler

2002-04-05  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cc (operator): logging in the new iptables
	policy compiler

2002-04-04  Vadim Kurland  <vadim@vk.crocodile.org>

	* ipt.cc (main): First try at rewriting iptables compiler using
	API

2002-04-03  Vadim Kurland  <vadim@vk.crocodile.org>

	* fwcompiler.c: applied patch #535447 (command line option
	-w supresses compiler warnings)

	* ipf.cc (main): added call to libfwbuilder::init()

	* pf.cc (main): added call to libfwbuilder::init()

	* PolicyListItem.cc (PolicyListItem): using HBox instead of Table
	in PolicyListItem widget in a hope that it is faster

2002-04-02    <vadim@vk.crocodile.org>

	* PolicyList.cc (removeWidgetsInRow): significant optimization in
	PolicyList widget. Widget does not rebuild itself anymore when
	rule is added or removed or moved to another position (per task
	#50867)

2002-03-31    <vadim@vk.crocodile.org>

	* CertificateDruid.cc (on_next): added simple progress indicator for
	key generation process

2002-03-28  Vadim Kurland  <vadim@vk.crocodile.org>

	* IPAddressWidget.cc (key_press_event_impl): Fixed keypad entering
	problem

2002-03-23  Vadim Kurland  <vadim@vk.crocodile.org>

	* Makefile.in (install): installing man page for fwbuilder

2002-03-22  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_pf.cc (operator): better algorithm to decide on
	direction for Global Policy rules in case Src or Dst contains
	firewall object

2002-03-22  Vadim Zaliva  <lord@crocodile.org>

	* Preferences.cc (Preferences): corrected bug with loading
	preferences if user home dir is '/'.

2002-03-21  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_pf.cc (operator): I now support two modes for pf
	and ipf compilers (I distinguish modes using firewall option
	"pass_all_out") :

	1. compiler produces two pf (or ipf) rules per each global policy
	rule, one "in" and another "out". Predicate SplitDirection does
	this for me if I set direction to Both in fillDirection

	2. compiler produces one pf (or ipf) "in" rule per each global
	policy rule. In this case I set direction to Inbound in
	fillDirection.
      

	* objects_init.xml.in: fixed but #532457 - increased dest. port
	range end for traceroute

2002-03-19  Vadim Kurland  <vadim@vk.crocodile.org>

	* nat.c (processNATRule): fixed bug in iptables compiler where
	SNAT rule was generated incorrectly if firewall did not have ip
	address specified in "General" tab

	* OptionsDlg.cc (OptionsDlg): 
	* FirewallDialog.cc (wrk2dlg): disabled some elements of the GUI
	in case program is compiled without SSL support

2002-03-19  Vadim Zaliva  <lord@crocodile.org>

	* Preferences.cc (importPKCS12): compiling w/o openssl.

2002-03-18  Vadim Kurland  <vadim@vk.crocodile.org>

	* FirewallDialog_ipf.cc (init_ipf): added GUI widgets for "log
	or-block", "log body" and "log level FACILITY.LEVEL" options

	* PolicyCompiler_ipf.cc (operator): added support for "log
	or-block", "log body" and "log level FACILITY.LEVEL" options

2002-03-17  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_pf.cc (operator): splitting rules with direction
	"Both"

2002-03-14  Vadim Kurland  <vadim@vk.crocodile.org>

	* iptables.c (parseOptions): support for --limit-burst

	* RuleOptionsDialog.cc (run): added support for --limit-burst
	option for iptables in the GUI

	* nat.c (printNatRule): fixd bug #530133 ( extra ':' in the end of
	--to-source in SNAT rule)

	* PolicyListItem.cc (PolicyListRuleNumItem): this widget should
	also be d&d recipient on win32

2002-03-13  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyListItem.cc (PolicyListObjectItem): implemented workaround
	for broken D&D on win32

2002-03-12  Vadim Zaliva  <lord@crocodile.org>

	* fwbuilder.cc (class StaticInitializer): initializing libraty.

2002-03-12  Vadim Kurland  <vadim@vk.crocodile.org>

	* ExecDialog.cc (ExecDialog), ExecBgr.cc (run_impl): supporting
	file names, working directory names and object names with
	whitespaces

2002-03-11  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyListItem.cc (drag_data_received_impl): made PolicyListItem
	drag&drop recipient (trying to fix d&d problem on windows)

2002-03-10  Vadim Kurland  <vadim@vk.crocodile.org>

	* CertDruidP30Dialog.cc (convertToTime): fixed date and time
	conversion for certificates

	* policy.c (rulePrologue): fixed bug with multi-line comments in
	iptables compiler: now each line of the comment text starts with
	its own '#'

2002-03-09  Vadim Kurland  <vadim@vk.crocodile.org>

	* CertDruidP40Dialog.cc (CertDruidP40Dialog): split large druid
	page onto two

	* CertDruidP30Dialog.cc (CertDruidP30Dialog): got rid of format '%D'
	in strftime and strptime

	* applied patches from Igor for win32

2002-03-08  Vadim Kurland  <vadim@vk.crocodile.org>

	* FAQ.sgml: changed format of Table of Contents in FAQ, added
	references to ipfilter and pf compilers

2002-03-07    <vadim@vk.crocodile.org>

	* NATCompiler_ipf.cc: test compile with g++-3

2002-03-07  Vadim Kurland  <vadim@vk.crocodile.org>

	* policy.c (ruleEpilogue): fixed bug #527187 (%I in Generic Log
	Prefix: compiler cores )

2002-03-02  Vadim Kurland  <vadim@vk.crocodile.org>

	* FirewallDialog_ipf.cc (init_ipf): added option "directory where
	firewall configuration files should installed" to platforms pf and
	ipf

	* NATCompiler_pf.cc (splitOnOSrv): have to split rules if there
	are many objects in OSrv

	* PolicyCompiler_pf.cc (_expandAddr): minor bugfix

	* NATCompiler_pf.cc (operator): compiler adds virtual addresses
	for NAT rules calling virtual method
	OSNetworkConfigurator::addVirtualAddressForNAT

2002-03-01  Vadim Kurland  <vadim@vk.crocodile.org>

	* OSNetworkConfigurator_freebsd.cc (processFirewallOptions): split
	OS-specific configuration among separate classes:

	OSNetworkConfigurator_openbsd
	OSNetworkConfigurator_freebsd
	OSNetworkConfigurator_solaris
	
	* FirewallDialog.cc: added support for host OS Solaris

2002-02-28  Vadim Kurland  <vadim@vk.crocodile.org>

	* fwbuilder.spec.in (Docdir): automatically taking libfwbuilder
	version for dependency

	* configure.in: now checking for presence of getopt.h header
	file (need this for Solaris where getopt is defined in stdlib.h)

	* configure.in: defining __PRAGMA_REDEFINE_EXTNAME in config.h
	if on Solaris

2002-02-27  Vadim Kurland  <vadim@vk.crocodile.org>

	* policy.c (decideOnGroup): checking if destination address in the
	rule is the same as an address of one of firewall's interfaces
	(rule should go into INPUT chain). Fixed bug #523652 ("destination
	to myself: rule in forward ")

2002-02-24  Vadim Kurland  <vadim@vk.crocodile.org>

	* DialogPlugin.cc (data_changed_flag): got rid of WARNING
	"Gtk---WARNING **: The toplevel is not a Gtk::Window -- use
	gtk_widget_get_toplevel" which kept appearing once in a while if
	gtk+ > 1.2.8 was used

	* Makefile.in (SUBDIRS): removed directory src/ipfilter

	* RuleOptionsDialog.cc (run): added support for rule options for
	firewall platform 'ipf'

2002-02-23    <vadim@vk.crocodile.org>

	* pf.cc: added missing #include for g++3

	* fwcompiler.c:
	* iptables.c: getting rid of multi-line string literals

	* configure.in: simplified check for gtk+ and gtk-- (because our
	old check does not work with g++3). We do not check for the
	version of gtk-- anymore.

2002-02-23  Vadim Kurland  <vadim@vk.crocodile.org>

	* nat.c (processNATRule): fixed bug #520886 (multi-line string
	literals cause warning if code is compiled with gcc3)

	* GroupDialog.cc (GroupDialog): fixed bug #521545 (extra brackets
	in the call to GroupIconList->drag_data_received.connect which broke
	compile on Solaris with gcc 3.0.3)

	* PolicyCompiler_ipf.cc (operator): implemented negation in ipf
	compiler. So far only negation in src and dst is supported.

	* ipf.cc (main): added support for few OS specific options
	for FreeBSD 4.4:
	net.inet.ip.forwarding
	net.inet.ip.sourceroute
	net.inet.ip.redirect

	* FirewallDialog.cc (dlg2wrk): added support for ipf and
	FreeBSD 4.4 in GUI

2002-02-22  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_pf.cc : 
	* NATCompiler_ipf.cc : using NATRule::getRuleType and setRuleType
	methods

	* PolicyCompiler_ipf.hh: 
	* NATCompiler_ipf.cc :	added classes for FreeBSD IPF compiler

2002-02-21  Vadim Kurland  <vadim@vk.crocodile.org>

	* iptables.c: added changes suggested by Jeremy: now iptables
	script generated by compiler checks if a module exists before
	trying to load it. It will bail out if modprobe failed.

	* pf.cc (main): compiler for OpenBSD PF now supports few OS options:
	net.inet.ip.directed-broadcast
	net.inet.ip.forwarding
	net.inet.ip.sourceroute
	net.inet.ip.redirect

	* iptables.c: iptables compiler now adds commands to load modules 
	ip_conntrack_irc and ip_nat_irc. Using code proposed by Jeremy.

	* OptionMenuWidget.cc (set_menu): properly sorting list of platforms
	and supported OS in pull-down widgets in FirewallDialog

	* configure.in: fixed bug #520845 (configure fails on solaris)

2002-02-20  Vadim Kurland  <vadim@vk.crocodile.org>

	* FirewallDialog_pf.cc (init_pf): added tab for OpenBSD network
	parameters to FirewallDialog

	* Resources.cc (getOS): storing names of supported OS in resources

	* PolicyCompiler_pf.cc (_printTCPFlags): added support for TCP
	flags

2002-02-19  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_pf.cc (compile): checking for rule shading in
	pf policy compiler (fool-proof for negation)

2002-02-19 Vadim Kurland   <vadim@vk.crocodile.org>

	* PolicyCompiler_pf.cc (operator): first attempt to implement
	negation

2002-02-18 Vadim Kurland   <vadim@vk.crocodile.org>

	* pf.cc (main): compiler won't generate nat.conf file if there are
	no NAT rules

	* PolicyCompiler_pf.cc (epilog): compiler now generates rule
	"block all" at the very end of pf.conf -- all our compilers should
	build firewall policy in a such way that it would block everything
	even if there are no rules. In iptables we set default chains
	policy to DROP. In pf we add this unconditional blocking rule in
	the end.

2002-02-14  Vadim Kurland  <vadim@vk.crocodile.org>

	* applied patches for build for win32 (Thanks Igor!)
	
2002-02-13  Vadim Kurland  <vadim@vk.crocodile.org>

	* policy.c (printElementaryRule): added support for icmp codes
	per suggestion of Andrey Kaminsky and_lv@users.sourceforge.net
	(we used to generate code only for icmp types)

	* PolicyCompiler_pf.cc (operator): compiler generates 'scrub' rule
	when service 'ip_fragments' is used and rule action is Deny or
	Reject. It also generates scrub rule if rule option 'scrub' is
	activated. We will decide later which one method we'll keep.

	* NATCompiler_pf.cc : added some more sanity checks for NAT rules
	in pf compiler. Correctly dealing with situation when original srv
	has some service object, while translated srv. is "Original"

2002-02-12  Vadim Kurland  <vadim@vk.crocodile.org>

	* policy.c (processElementaryPolicyRule): fixed bug #516378
	(correct matching broadcast for iptables if destination is
	firewall with negation)

2002-02-11  Vadim Kurland  <vadim@vk.crocodile.org>

	* fixed bug #516033 (tcp-flags... - added missing flags PSH and URG)
	
	* TCPServiceDialog.cc (wrk2dlg): added support for missing TCP
	flags PSH and URG

	* PolicyList.cc (copyRuleContent): fixed bug #516028 (Comments
	don't copy )

2002-02-09  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyListElement.cc (popup_menu): fixed bug #504109
	( hang on `Edit' of object in changed rule )

	* main_window2.cc (OpenObject): OpenObject does not check if there
	is unsaved data in the current dialog anymore! It only does what
	it is supposed to do - shows an object. Caller should check it
	before calling OpenObject.

2002-02-07  Vadim Zaliva  <lord@crocodile.org>

	* pf.cc (main): -m option and Manifest file generation.
	(main): returning 0 on success and not-0 on error.

2002-02-07  Vadim Kurland  <vadim@vk.crocodile.org>

	* FirewallDialog.cc (wrk2dlg): loading/saving install script
	parameters in object PolicyInstallScript

	* fwcompiler.c (cmpPPolicyRules): fixed bug which caused iptables
	policy compiler to ignore multiple objects in "Time" rule element
	if optimization was enabled.

	* StandardRulesDruid2.cc (findLoopbackInterface): using new methods
	available in API. Cosmetic changes.

	* main_window2.cc (pasteTo): fixed big which broke copy/paste and
	duplicate operations for time objects

	* PolicyListItem.cc (source_drag_begin): fixed bug introduced when
	I converted to gdk-pixbuf

	* GroupDialog.cc (dlg2wrk): fixed bug introduced recently:
	removing objects from the group dialog (in the icon view) did not
	remove them but duplicated them instead

	* PolicyCompiler_pf.cc: added support for rule options in pf
	compiler. Support has been added for :

		o turning off stateful inspection in rules
		o choice of icmp or tcp rst replies for rules with 
		  action "Reject"
		o setting flag "allow-opts" if match on ip options is needed

2002-02-06  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_pf.cc (prolog): first working version of policy
	compiler for OpenBSD PF. 

		What is supported:
	
		o both pf.conf and nat.conf files are generated
		o negation in policy rules
		o grouping in "from", "to" and in ports
		o rule with "scrub" policy is generated if
		  object ip_fragments is used as service and action is
		  Deny or Reject

		What is not supported
	
		- Address ranges in both policy and NAT
		- negation in NAT is not supported
		- custom services
		- turning off stateful inspection in rule options
		- choice of icmp or tcp rst replies for rules with 
		  action "Reject"
		- setting flags "no-df", "min-ttl" and "allow-opts" via 
		  rule options
		- matching on TCP flags

		What will not be supported (at least not anytime soon)

		* policy routing
	
	* platforms.cc: this is the module for all platform-specific
	predicates and global functions. Some day we'll convert to a
	full-fledged "capabilities" database, but for now this will
	suffice.

2002-02-05  Vadim Kurland  <vadim@vk.crocodile.org>

	* Created framework for OpenBSD PF support:

	* PolicyCompiler_pf.hh: added basic support for PF filtering rules

	* FirewallDialog.cc: added support for PF to FirewallDialog

2002-02-04  Vadim Kurland  <vadim@vk.crocodile.org>

	* StandardRulesDruid2.cc:
	* PolicyListItem.cc:
	* PolicyListElement.cc: using new methods of PolicyRule and NATRule

2002-02-03  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyList.hh (Table ): reorganization of classes in PolicyList.
	Added class RuleSetList, classes PolicyList, InterfacePolicyList
	and NATList derived from RuleSetList. All notion of rule elements,
	their number, names and widget classes associated with tnem is now
	concentrated in classes derived from RuleSetList.

2002-02-02  Vadim Zaliva  <lord@crocodile.org>

	* ManifestFile.txt: Policy Compiler Manifest file format proposal.

	* ExecDialog.hh (class ExecDialog): now subclass of BackgroundOpDialog.

	* BackgroundOpDialog.hh: Generic dialog for backgroud operations

	* BackgroundOpWidget.hh (Packer): execute() method is virtual now.

	* BackgroundRunWidget.hh (class BackgroundRunWidget): moved params and
	command name to constructor to make it 'execute' method virtual.

2002-01-31  Vadim Kurland  <vadim@vk.crocodile.org>

	* GroupDialog.cc (showObjectInDialogPredicate): properly checking
	objects based on library and other parameters when removing from
	the group. Fixed bug #511271

	* iptables.c (printARPEntryCommands): fixed bug #511296 (using
	Jeremy's suggestion)

	* policy.c (optimisePolicyRules): fixed bug #511260 (copy of
	Debian bug #131637)

2002-01-27  Vadim Kurland  <vadim@vk.crocodile.org>

	* FirewallDialog.cc (wrk2dlg): added tab "fwbd" to the Firewall
	dialog

2002-01-26  Vadim Zaliva  <lord@crocodile.org>

	* main_window.cc (LoadObjDB): optionally reporting what transformation
	failed and at what element.

2002-01-25  Vadim Kurland  <vadim@vk.crocodile.org>

	* OptionsDlg.cc (fillListOfCertificates): using small icon in the
	OptionsDialog when showing the list of installed keys

2002-01-24  Vadim Kurland  <vadim@vk.crocodile.org>

	* FirewallDialog.cc , HostDialog.cc (dlg2wrk): loading and storing
	snmp communities via Management subelement

2002-01-22  Vadim Kurland  <vadim@vk.crocodile.org>

	* policy.c (printElementaryRule): fixed bug #501021
	(optimisePolicyRules): optimizer does not supress destination
	address if it is broadcast

	* iptables.c (prologue): fixed bugs #507209 and #507972

2002-01-22  Vadim Zaliva  <lord@crocodile.org>

	* OptionsDlg.cc (on_import_cert_clicked): asking for certificate
	description on import.

2002-01-21  Vadim Zaliva  <lord@crocodile.org>

	* OptionsDlg.cc (on_import_cert_clicked): 
	* Preferences.cc (importPKCS12): PKCS#12 file import

2002-01-20  Vadim Zaliva  <lord@crocodile.org>

	* OptionsDlg.cc (on_export_public_key_clicked): GUI for public
	key export.

2002-01-20  Vadim Kurland  <vadim@vk.crocodile.org>

	* InterfaceDialog.cc (run): code to load and save network zones

2002-01-19  Vadim Kurland  <vadim@vk.crocodile.org>

	* InterfaceDialog.cc (InterfaceDialog): redesigned InterfaceDialog
	to provide space for Security Levels and Network Zones

	* SimplePasswordDialog.cc (SimplePasswordDialog): added
	SimplePasswordDialog widget and class

2002-01-18  Vadim Zaliva  <lord@crocodile.org>

	* OptionsDlg.cc (on_remove_cert_clicked): 
	* Preferences.cc (removeKeyAndCert): removing certificates.

	* OptionsDlg.cc (on_export_cert_clicked):
	* Preferences.cc (exportPKCS12): exporting certificate PKCS#12
	representation to external file.

2002-01-17  Vadim Kurland  <vadim@vk.crocodile.org>

	* AddressRangeDialog.cc (AddressRangeDialog): added class
	AddressRangeDialog

	* configure.in: set version to 1.0.1

2002-01-16  Vadim Zaliva  <lord@crocodile.org>

	* fwbuilder.cc (main): init fwbd library.

	* Preferences.cc (getCerificates): method to load PKCS12 certificates.

2002-01-16  Vadim Kurland  <vadim@vk.crocodile.org>

	* configure.in: added filters to remove '-I/usr/include' from
	various variables from which CFLAGS is composed in the end.

2002-01-16  Vadim Zaliva  <lord@crocodile.org>

	* fwbuilder_preferences.dtd.in: storing Key, Certificate pairs
	in PKCS12 format. Added 'description' attribute.

2002-01-15  Vadim Kurland  <vadim@vk.crocodile.org>

	* CertDruidP30Dialog.cc (getNotValidBefore): added methods to extract
	data from the Druid fields

2002-01-14  Vadim Zaliva  <lord@crocodile.org>

	* fwbuilder_preferences.dtd.in: added possibility to have multiple
	certificates.

2002-01-14  Vadim Kurland  <vadim@vk.crocodile.org>

	* main_window2.cc: fixed bug #502534 Still need to implement
	clipboard operations support properly (waiting for GTK 2.0 for
	that, because method that returns list of children for Gtk::Table
	is hopelessly broken in gtk 1.2)

2002-01-13  Vadim Kurland  <vadim@vk.crocodile.org>

	* main_window_menu.cc (build_menu): moved menu items "Find object"
	and "Where used" to menu "View". 

	* Now creating menu items "Copy","Cut","Paste" without key
	accelerators to avoid event loop (which happens if user presses
	Ctrl-C when no editable widget is active and accelerator kicks in)

	* MessageDialog.cc (MessageDialog): creating pixmap using gdk_pixbuf

	* CertificateDruid.cc (CertificateDruid): added classes for GUI
	support for certificates

2002-01-12  Vadim Kurland  <vadim@vk.crocodile.org>

	* helpers.cc (createPixmapFromFile): added function to creare
	Gtk::Pixmap from graphics files. Completely got rid of xpm icons.

2002-01-11  Vadim Kurland  <vadim@vk.crocodile.org>

	* resources.xml.in: switched to png versions of all icons

	* configure.in, fwbuilder.cc (main): converted to getopt
	we do not use popt anymore
	
	* added png versions of all icons
	
2002-01-11  Vadim Zaliva  <lord@crocodile.org>

	* fwbuilder_preferences.dtd.in: Added 'Security' element.

2002-01-07  Vadim Kurland  <vadim@vk.crocodile.org>

	* iptables.c (processSrv): fixed bug which duplicated "-f" for
	ip_fragment service if both "all fragments" and "'short' fragments"
	where checked. Bug #511868

	* PolicyListItem.cc (addIcon): got rid of imlib alltogether. Now
	using gdk_pixbuf. Also switched to using pre-drawn "negated" icons

2001-12-29  Vadim Kurland  <vadim@vk.crocodile.org>

	* version 1.0 released
	
	* PrintDialog.cc (PrintDialog): 
	* FindDialog.cc (FindDialog): 
	* StandardRulesDruid.cc (StandardRulesDruid): 
	* DiscoveryDruid.cc (DiscoveryDruid): druids and dialogs appear 
	in the center of the screen

	* IconList.cc (Icon): eliminated dependency on gdk_imlib in
	classes IconList, StandardRuleDruid, DiscoveryDruid, ObjectTree

2001-12-27  Vadim Kurland  <vadim@vk.crocodile.org>

	* GroupDialog.cc (dlg2wrk): fixed bug #497114: gui crashed if
	object was deleted in Hosts group and database saved to the file

	* IconList.cc (arrangeIcons): simplified algorithms for rendering
	icon lists. Made group dialog work lot faster

2001-12-26  Vadim Kurland  <vadim@vk.crocodile.org>

	* IconList.cc (arrangeIcons): fixed bug #496841: clicking on a
	group while another group was in the process of rendering icons in
	the dialog caused gui crash

2001-12-25  Vadim Kurland  <vadim@vk.crocodile.org>

	* PrintDialog.cc (run): parameter should be in quotes when passed
	to printing xslt transformation. Bug #492006 is fixed now.

	* some minor text changes in dialogs

2001-12-23  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyListElement.cc (drag_data_received_impl): fixed bug #496116
	(GUI crash on illegal drag-and-drop operation)

2001-12-22  Vadim Kurland  <vadim@vk.crocodile.org>

	* BackgroundOpWidget.hh (Packer): fbuf is defined only if there is
	no constructor ofstream(int&)

	* added check for constructor ofstream(int&) to configure.in

	* added checks for some C++ and STL capabilities, borrowed
	from configure.in coming with gtk-- library

	* added #ifdef to BackgroundOpWindget and BackgroundRunWidget
	to work around a problem with ofstream(int&) constructor

2001-12-21  Vadim Kurland  <vadim@vk.crocodile.org>

	* main_window2.cc (on_where_used): added menu item "Where Used"
	which scans entire database and shows all groups and firewalls
	using selected object

	* WhereUsedDialog.cc (WhereUsedDialog): added class WhereUsedDialog

2001-12-20  Vadim Kurland  <vadim@vk.crocodile.org>

	* main_window.cc (main_window): class main_window automatically
	requests window manager to assign default size to the main program
	window in case user does not save window size and position in
	preferences.

2001-12-18  Vadim Kurland  <vadim@vk.crocodile.org>

	* DiscoveryDruidP40Dialog.cc (createObjects): showing progress bar
	dialog while creating objects found by dns zone transfer or snmp
	network scan

	* SimpleProgressDialog.hh (class SimpleProgressDialog): added class 
	SimpleProgressDialog - simple dialog with progress bar 

	* HostDialog.cc (HostDialog): using DialogPlugin::loadPageOptions
	and DialogPlugin::savePageOptions to load and save dialog data

	* HostDialog.cc (HostDialog): added tab "Sysinfo"

	* FWObjectDatabaseGUI.cc (newHost): do not add "unknown"
	interface to the newly created host

2001-12-15  Vadim Kurland  <vadim@vk.crocodile.org>

	* main_window2.cc (on_copy): per feature req. #475645 implemented
	support for text copy/cut/paste operations using both keyboard
	shortcuts Ctrl-C,Ctrl-X,Ctrl-V and menu "Edit".  Renamed menu
	items for copying and pasting objects to avoid confusion.
	
	* PolicyListItem.cc (activateObjectQuickView): fixed bug #493590
	(object tooltip was shown for "any")

2001-12-14  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyListElement.cc (popup_menu): fixed bug #492284
	also did some additional code cleanup for copy/paste operations

	* policy.c (printElementaryRule): fixed bug #493303 (invalid
	icmp type number for "any type" ICMP service

	* policy.c (optimisePolicyRules): fixed bug #491972 (Failure with
	more then 15 ports if multiport optimization is used)

2001-12-11  Vadim Kurland  <vadim@vk.crocodile.org>

	* floppyfw_install.sh (DIR): added missing command line option
	"-f". fwbuilder GUI automatically adds options "-f" and "-d"
	when calls install script, so we need to accept these options
	in getopt in the script.

2001-12-10  Vadim Kurland  <vadim@vk.crocodile.org>

	* v 0.9.9 released
	
	* HostDialog.cc (on_snmp_get_released): fixed bug #491279

2001-12-09  Vadim Kurland  <vadim@vk.crocodile.org>

	* v 0.9.8 released
	
	* helpers.cc (checkObjectName): removed limitations on object's name
	Now name can contain white spaces

2001-12-08  Vadim Kurland  <vadim@vk.crocodile.org>

	* ObjectQuickView.cc (fillObjectQuickViewText): moved all the code
	for objects quick-view inside the class ObjectQuickView and used
	singleton. Implemented support for quick view in group dialogs

	* removed support for large icons in group dialogs
	* removed support for policy display without icons
	
2001-12-07  Vadim Kurland  <vadim@vk.crocodile.org>

	* IconList.cc (getNextPosition): fixed bug #490134

2001-12-06  Vadim Kurland  <vadim@vk.crocodile.org>

	* iptables.c (printARPEntryCommands): fixed bug #488269

	* fwbuilder.cc (main): setting visual for imlib

2001-12-05  Vadim Kurland  <vadim@vk.crocodile.org>

	* policy.c (optimisePolicyRules): fixed bug #489369

	* iptables.c (processSrc): added support for MAC filtering option
	stored in HostOptions to iptables compiler

	* InterfaceListWidget.hh: created class InterfaceListWidget -
	widget showing list of interfaces for HostDialog and
	FirewallDialog

	* HostDialog.cc (wrk2dlg): added support for HostOptions
	added checkbutton "Use MAC address filtering"
	(showInterfaces): added tab "Interfaces" to HostDialog
	
2001-12-04  Vadim Kurland  <vadim@vk.crocodile.org>

	* nat.c (generateFinalRulesForNegation): trying to fix bug #488005

	* IconList.cc (size_allocate_impl): fixed bug #489148

2001-11-28  Vadim Kurland  <vadim@vk.crocodile.org>

	* version 0.9.7 released
	
2001-11-24  Vadim Kurland  <vadim@vk.crocodile.org>

	* completely eliminated dependency on Gnome
	
	* main_window.cc (on_release_notes_activate): showing Release Notes
	in LongTextInfo dialog instead of MiniBrowser

	* configure.in: checking for imlib and popt libraries

	* fwbuilder.cc (main): not using gnome_init anymore; using popt
	calls to parse parameters

	* Makefile.in: we do not need GNOME_LIBS and other GNOME-related
	stuff anymore

	* Druid.hh : class Druid added.

2001-11-23  Vadim Kurland  <vadim@vk.crocodile.org>

	* objects_init.xml.in: added predefined standard Service
	"ESTABLISHED"

	* iptables.c (prologue): compiler now adds rules to accept
	ESTABLISHED, RELATED packets only if FirewallOption
	"accept_established" is True (its default value is True)

	* FirewallDialog.cc (FirewallDialog): changed checkbox label from 
	"Create ARP entries for DNAT translations" to "Create virtual
	addresses for NAT rules". 

2001-11-21  Vadim Kurland  <vadim@vk.crocodile.org>

	* policy.c (printPolicyRule): now create new chains from
	printPolicyrule when needed
	(optimisePolicyRules): added optimization for repreating source
	or destination address in generated iptables rules

2001-11-18  Vadim Kurland  <vadim@vk.crocodile.org>

	* InterfaceDialog.cc (InterfaceDialog): changed Interface attribute
	name "alias" -> "label", change the name for the entry field in
	Interface dialog

	* policy.c (optimisePolicyRules): improved rule optimization in
	iptables compiler. Now using multiport module where appropriate

2001-11-17  Vadim Kurland  <vadim@vk.crocodile.org>

	* fwcompiler.c (isExternalInterface): support for security zone
	in iptables compiler (rather support for "external" interface
	through security zone numbers)

	* InterfaceDialog.cc (InterfaceDialog): added entry field "alias"
	to Interface dialog

2001-11-16  Vadim Kurland  <vadim@vk.crocodile.org>

	* main_window.cc (saveWindowConfiguration): fixed bug in saving
	windows size and position code

2001-11-14  Vadim Kurland  <vadim@vk.crocodile.org>

	* policy.c (checkRuleShading): removed terrible memory leak (bug
	#480801)

2001-11-13  Vadim Kurland  <vadim@vk.crocodile.org>

	* iptables.c (processSrc): added support for MAC address filtering
	in iptables compiler

	* HostDialog.cc (dlg2wrk): added support for MAC address in
	HostDialog

2001-11-11  Vadim Kurland  <vadim@vk.crocodile.org>

	* nat.c (processNATRule): optimization can now be turned off for
	NAT rules (bug #480658) 

	* nat.c (optimiseNatRules): fixed bug #480410 ( optimizer used to
	remove rules with the same address in both source and destination.
	This caused problems in certain network configurations where SNAT
	rule was needed to support translation for connects from internal
	net to the server on the same net, using its external URL)

	* iptables.c (printARPEntryCommands): avoid duplicates while adding
	static arp entries or alias addresses for certain NAT rules
	(bug #480473)
	
	* fwbuilder.spec.in (Obsoletes): added call to libtoolize per bug
	#480081

	* iptables.c (printARPEntryCommands): if NAT rule uses host object
	with address which coincides with that of one of firewall's
	interfaces, static ARP entry (or interface alias address) is not
	needed and won't be added by compiler

2001-11-04  Vadim Kurland  <vadim@vk.crocodile.org>

	* gtkrc: RC file - defines colors and font for IconList widget

	* IconList.hh: replacement implementation of IconList widget

	* fwbuilder.cc (main): fwbuilder now has its own gtkrc file

2001-10-30  Vadim Kurland  <vadim@vk.crocodile.org>

	* iptables.c (prologue): implemented feature req. #476517:
	firewall script generated by iptables compiler makes log record
	when activated

	* nat.c (processNATRule): fixed bug #476520: iptables compiler
	used to multiply code which adds static ARP entries for DNAT
	translations

2001-10-29  Vadim Kurland  <vadim@vk.crocodile.org>

	* ObjectQuickView.cc (fillObjectQuickViewText): ObjectQuickView
	now shows interfaces for the firewall object

2001-10-28  Vadim Kurland  <vadim@vk.crocodile.org>

	* trying to eliminate dependency on libgnomeui
	
	* StockButton.hh: collection of standard buttons

	* PixmapButton.hh: class PixmapButton - button with icon and text
	replaces widget available via libgnomeui
	
	* AboutDialog.cc (AboutDialog): got rid of dependency on
	libgnomeui for "about" dialog

2001-10-27  Vadim Kurland  <vadim@vk.crocodile.org>

	* ObjectQuickView.cc (getTextAsString): implemented another
	mode for quick object view - now can show it either in tooltip
	window, or on status bar

2001-10-26  Vadim Kurland  <vadim@vk.crocodile.org>

	* configure.in: added support for locale

2001-10-25  Vadim Kurland  <vadim@vk.crocodile.org>

	* nat.c (processNATRule): fixed bug #475155 : compiler
	generated incorrect code for REDIRECT NAT rules and negation

2001-10-24  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyList.cc (copyRuleContent): fixed bug with rule copy/paste:
	now interface policy rule can be moved via copy/paste to the
	GLobal Policy and vice versa

	* iptables.c (parseOptions): implemented workaround for iptables
	1.2.3 for the bug with interpretation of log-level
	strings. Firewall option "Use numeric log levels" makes compiler
	use numbers for log levels instead of text strings

	* floppyfw_install.sh: firewall policy installer for floppyfw
	single floppy Linux router/firewall
	
2001-10-23  Vadim Kurland  <vadim@vk.crocodile.org>

	* iptables.c: changes in the iptables compiler:
	- turning ip_forward off before adding rules and turning it
	back on only after all rules were added;
	- code which cleans up all pre-existing chains in all tables
	uses only pure shell and does not need awk anymore;
	- code which manages static ARP entries for DNAT rules 
	can use either /sbin/arp or /sbin/ip, depending on firewall option
	"iptables_use_ip_tool". This is done to provide support for 
	single-floppy firewall floppyfw which does not have arp and awk but
	does have package iproute2 
	- new macro for the custom log prefix: "%I" is replaced 
	with interface name
	
2001-10-20  Vadim Kurland  <vadim@vk.crocodile.org>

	* iptables.c (prologue): per feature request #471917 added
	iptables  "clamp MSS to MTU"

	* ObjectTree.cc (changeTreeLabel): #472677 ( object properties
	shown in the tree should change when object is edited )

	* PolicyListElement.hh (Frame ): better PolicyListElement widget

	* PolicyListItem.cc (on_button_release_event): fixed bug #472678
	pop-up menu and object quick view


2001-10-19  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyListItem.cc (combineWithNeg): fixed bug #472344 (icon
	for negated service is corrupted)

2001-10-16  Vadim Kurland  <vadim@vk.crocodile.org>

	* version 0.9.6 released
	
2001-10-12  Vadim Kurland  <vadim@vk.crocodile.org>

	* nat.c (processNATRule): added more sanity checks: now checking
	if firewall has interfaces and if at least one is marked as
	'external'

2001-10-11  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyListItem.cc (PolicyListItem): redesign of PolicyListItem
	widget. Fixed old bug where drawing of PolicyListItem used to
	intermittenly break clipping, which in turn caused strange
	effects in other widgets.

2001-10-08  Vadim Kurland  <vadim@vk.crocodile.org>

	* ObjectTree.hh (CTree): fixed bug #469014

	* BuiltinDialog.cc (BuiltinDialog): navigation bar can be turned
	off via global Options dialog

2001-10-07  Vadim Kurland  <vadim@vk.crocodile.org>

	* BuiltinDialog.cc (fill_navbar_location): implemented navigation
	bar in BuiltinDialog

2001-10-05  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyListElement.cc (popup_menu): fixed bug introduced earlier
	in "paste"
	(popup_menu): expanded pop-up menu, added items "Copy", "Cut",
	"Paste above", "Paste below" which provide a way to copy rules via
	clipboard

	* PolicyList.cc (on_button_release_event): added pop-up menu item
	"Paste rule"

	* GroupDialog.cc (on_popup_menu): fixed bug introduced earlier in
	"paste"

	* main_window2.cc (on_duplicate): fixed bug introduced earlier in
	"duplicate"
	

2001-10-04  Vadim Kurland  <vadim@vk.crocodile.org>

	* GroupDialog.cc (wrk2dlg): minor bug fixed (change of the group
	name in the dialog did not activate "Apply" and "Undo" buttons)

	* iptables.c (printInfo): now compiler adds general information
	on the top of geenrated script (Firewall Builder version used, 
	timestamp and the user name of user who ran the program)

	* nat.c (generateFinalRulesForNegation): fixed first half of the bug
	report #464628 (corrected processing of negations in NAT)
	(processNATRule): fixed second half of the bug report #464628

2001-10-01  Vadim Kurland  <vadim@vk.crocodile.org>

	* Requirements.html: added requirements for Mandrake 8.1

2001-09-30  Vadim Kurland  <vadim@vk.crocodile.org>

	* main_window.cc (restoreWindowConfiguration): added methods to
	save abd restore window size and configuration
	(on_float_pane): added methods to "float" object dialog per user's
	request

	* main_window_menu.cc (build_menu): added submenu "View"

2001-09-28  Vadim Kurland  <vadim@vk.crocodile.org>

	* ObjectTree.cc (get_properties): implemented feature req. #427061:
	" List IP with alongside hostname "

2001-09-27  Vadim Kurland  <vadim@vk.crocodile.org>

	* fwbuilder.cc (main): added option "remember window position and
	size"

2001-09-26  Vadim Kurland  <vadim@vk.crocodile.org>

	* MessageDialog.cc (MessageDialog): minor improvements to dialog

	* configure.in: added checks for GNU make

2001-09-23  Vadim Kurland  <vadim@vk.crocodile.org>

	* ObjectTree.cc (removeObject): improvements in insertObject,
	removeObject, showObject, selectObject - avoiding full tree rebuild

2001-09-22  Vadim Kurland  <vadim@vk.crocodile.org>

	* Makefile.in (run): added "fwbuilder-static" and "debug"
	Makefile targets

2001-09-21  Vadim Kurland  <vadim@vk.crocodile.org>

	* ObjectTree.cc (TreePopupMenu): corrections to Copy/Paste
	mechanism and menu itmes behavior. Trying to fix fix bug #463329

2001-09-20  Vadim Kurland  <vadim@vk.crocodile.org>

	* About.cc (showAboutDialog): cosmetic: now About dialog shows
	version of the library used at run-time

2001-09-20  Vadim Zaliva  <lord@crocodile.org>

	* Preferences.cc (loadPrefs): passing correct version number while
	loading preferences file.

2001-09-17  Vadim Zaliva  <lord@crocodile.org>

	* fwbuilder.spec.in (Source): added dependency from libfwbuilder

2001-09-17  Vadim Kurland  <vadim@vk.crocodile.org>

	* Makefile.in (LTCXXLINK): using libtool for API library

2001-09-17  Vadim Zaliva  <lord@crocodile.org>

	* FWObject.hh: 
	* FWObject.cc: Internal code brush-up. Removed NULL pointer
	checks in children list. Use stl algorithms wherether it is possible.

2001-09-16  Vadim Kurland  <vadim@vk.crocodile.org>

	* OptionsDlg.cc and many other dialogs: corrected buttons size and
	layout

	* InterfaceDialog.cc (InterfaceDialog): added support for "delete"
	event

	* OptionsDlg.cc (OptionsDlg): redesigned Options dialog using
	two-pane window with options represented in a tree-like vew

	* BuiltinDialog.hh (setLibrary): BuiltinDialog now remembers
	the name of the tree the object it shows belongs to.

	* OptionsDlg.cc (OptionsDlg): added GUI elements to support
	ObjectTree view modes "Split" and "Combined"

	* FWObjectBook.cc (build): implemented ObjectTree view modes:
	"Split" mode shows libraries in a separate trees,
	"Combined" mode shows all libraries in one combined tree

	* ObjectTree.cc (ObjectTree): ObjectTree can now filter objects
	by their attribute "library"

	* main_window.cc (main_window()): now using FWObjectBook
	instead of the tree

	* FWObjectBook.cc (FWObjectBook): added class FWObjectBook - 
	a collection of many object tree widgets. This widget is used
	to show objects from different libraries in different pages

2001-09-14  Vadim Zaliva  <lord@crocodile.org>

	* api/ moved doc++ comments from .cc to .hh files

	* dns.cc (DNS_bulkBackResolve_Thread): using our Cond and Mutex
	classes instead of GCond and GMutex.

	* ThreadTools.hh (class Cond): Conditional Variable implemented.
	(_Tp>): Synchronized Queue implemented.

2001-09-13  Vadim Zaliva  <lord@crocodile.org>

	* snmp.cc (special): ignore 0.0.0.0/* networks.
	(run_impl): timestamps for start/end of scan.

	* FWObject.cc (fromXML): library addtribute and
	access methods added.

	* fwbuilder.dtd.in (TODO): added 'library' attribute
	to list of standard object's attributes.

2001-09-12  Vadim Zaliva  <lord@crocodile.org>

	* snmp.cc (fetchInterfaces): reading operational and admin
	status of interface.
	(run_impl): ignoring routes which use interface which
	is currently down.
	(guessInterface): guessing interface for routes where it is
	not specified.

	* Interface.hh (class Interface): added operational
	status attribute.

2001-09-12  Vadim Kurland  <vadim@vk.crocodile.org>

	* DiscoveryDruidP51Dialog.cc (DiscoveryDruidP51Dialog): changed
	checkboxes to make their meaning consistent

	* main_window.hh (Window): moved bunch of methods from ObjectTree
	to main_window

2001-09-11  Vadim Zaliva  <lord@crocodile.org>

	* snmp.cc (fetchInterfaces): rewrote of interface fetch code
	to work around bug observed of following SNMP implementation:
	IOS (tm) C2600 Software (C2600-IS-M), Version 12.0(7), RELEASE SOFTWARE (fc1)
	with uptime of 338 days.

2001-09-10  Vadim Kurland  <vadim@vk.crocodile.org>

	* main_window_menu.cc (build_menu): renamed menu item for the
	network discovery Druid

	* DiscoveryDruidP70Dialog.cc (fillListOfNetworks): all the
	networks and hosts in the list of nodes discovered by druid or DNS
	import are now checked by default

	* DiscoveryDruidP65Dialog.cc (execute): added checkbox to the
	object discovery druid page: "Avoid point-to-point links"

	* All dialogs: removed large icon in all dialogs. All dialogs have
	been adjusted to look nice in different screen resolutions

	* main_window2.cc : setting main window size depending on the
	screen dimentions

2001-09-10  Vadim Zaliva  <lord@crocodile.org>

	* snmp.cc (run_impl): task #36517: added option controlling
	wherether to try to crawl to the other side of 
	point-to-point routes.
	(point2point): detecting point-to-point routes
	using interface information.

	* IPAddress.hh (class IPNetwork): method for getting
	broadcast address of network.

	* snmp.cc (fetchRoutingTable): fetching interface
	and gateway information.
	(run_impl): task #37813 - adding route gateway
	as crawler input.
	(run_impl): task #36520 - skipping interface broadcasts found
	in routing table from crawler output.

2001-09-09  Vadim Zaliva  <lord@crocodile.org>

	* IPAddress.hh (class IPRoute): interface and gateway
	fields added.

2001-09-08  Vadim Kurland  <vadim@vk.crocodile.org>

	* fwbuilder.dtd.in (TODO): Added object Gateway to DTD. 
	Added HostOptions to Host.

	* FirewallDialog.cc (FirewallDialog): new iptables option: "Accept
	established TCP sessions after firewall restart". This option is
	ON by default. Autoupgrade transformation adds this option to
	existing firewalls.


2001-09-06  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyListElement.cc (PolicyListRuleOpt): Rule element "Options"
	now shows logging icon and options icon. "Log" rule element can
	now be retired. Without "Log" column policy list is more clean and
	compact, especially for Interface policies

	* FindDialog.cc (on_find_clicked): using OptionMenuWidget;
	implemented partial match search

	* OptionMenuWidget.cc (on_menu_selection_changed): OptionMenuWidget
	keeps track of the menu state and generates signal "changed" only
	when menu choice actually changed

2001-09-05  Vadim Kurland  <vadim@vk.crocodile.org>

	* ObjectTree.cc: newly created object can now be deleted without
	saving

	* DialogPlugin.hh: added methods which load and save data from
	groups of dialog widgets

	* ObjectTree.cc (on_delobj): added "Delete" menu item

2001-09-04  Vadim Kurland  <vadim@vk.crocodile.org>

	* FirewallDialog.cc: FirewallDialog now calls setDefaults method
	of the firewall object to set default values for all
	platform-specific firewall parameters and OS-specific network
	parameters

	* Firewall.hh (class Firewall): added doc++ comments to some methods

2001-09-03  Vadim Zaliva  <lord@crocodile.org>

	* configure.in: dynamic link with libxml2 and libxslt.

	* snmp.cc (run_impl): task #36519 - ignoring IPs on loopback.

	* IPAddress.hh (class IPNetwork): added isBroadcast() and isMulticast()
	methods.

2001-09-02  Vadim Kurland  <vadim@vk.crocodile.org>

	* policy.c (processElementaryPolicyRule): further fixes for bug
	#455794

	* iptables.c (prologue): Implemented support for various kernel
	parameters 

	* FirewallDialog.cc (on_host_os_changed): Implemented host OS support
	for Firewall Object

2001-08-28  Vadim Kurland  <vadim@vk.crocodile.org>

	* iptables.c (printARPEntryCommands): improved code which generates
	commands to add ARP entries for static NAT. Now it adds ARP entries
	for SNAT translations using "other" IP addresses

2001-08-27  Vadim Kurland  <vadim@vk.crocodile.org>

	* policy.c (processElementaryPolicyRule): fixed bug #455794 (wrong
	code generated for the loopback interface policy rule with src and
	dst being firewall object)

2001-08-26  Vadim Kurland  <vadim@vk.crocodile.org>

	* FirewallDialog.cc (wrk2dlg): added "Load modules" checkbox
	back to the Firewall Dialog "iptables" tab. Also added an option
	for setting up PATH environment variable in iptables script
	
2001-08-25  Vadim Kurland  <vadim@vk.crocodile.org>

	* nat.c (printNatRule): fixed bug 449638 (port mapping in DNAT rules)

	* iptables.c (parseOptions): fixed bugs 448693 and 453966 (sttting
	rule options did not generate any code in iptables script)

	* FindDialog.cc: Implemented "Find" feature

2001-08-24  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyListItem.cc (paint): fixed bug 449133 (GUI was hanging if
	very long word was entered in the comment field in the policy)

	* PolicyListElement.cc (add_item_to_policy): fixd bug 454812 (GUI
	used to allow duplicates in policy rule elements)

2001-08-19  Vadim Zaliva  <lord@crocodile.org>

	* configure.in: Checking for /usr/include/bind
	and libbind_r.a.

2001-08-18  Vadim Zaliva  <lord@crocodile.org>

	* Makefile (install): if doc++ present, geenerales 
	API class reference and installs it under DOCDIR/classref.

	* configure.in: checking for doc++ presense.

2001-08-14  Vadim Zaliva  <lord@crocodile.org>

	* dns.cc (findA): renamed variable 'nsaddr' to avoid
	name clash with macro in older versions of 'bind'.


2001-08-05  Vadim Zaliva  <lord@crocodile.org>

	* Merger 0.9.4 branch into main trunk.

2001-08-05  Vadim Kurland  <vadim@vk.crocodile.org>

	* DiscoveryDruidP65Dialog.cc: fixed bug #448130 where project did
	not link because of the missing method in class
	DiscoveryDruidP65Dialog if compiled without support for SNMP

	* NetworkDialog.cc (dlg2wrk): fixed bug #448213 where netmask
	could not be set in NetworkDialog

2001-08-04  Vadim Zaliva  <lord@crocodile.org>

	* CodingConventions.txt: Proposed project coding conventions
	document.

	* FWObject.hh: 
	* DialogFactory.hh: 
	* BuiltinDialog.cc (BuiltinDialog): 
	* DialogFactory.cc (class DefaultDialogFactory): removing 
	GUI dependencies from data layer. Switching from 
	Fatory Method to AbstractFactory pattern for
	dialog creation.

2001-08-04  Vadim Kurland  <vadim@vk.crocodile.org>

	* DiscoveryDruidP65Dialog.cc (on_save_to_file_clicked): added
	ability to save network scan log to a file

2001-08-03  Vadim Zaliva  <lord@crocodile.org>

	* api/: starting work on API.

2001-08-02  Vadim Kurland  <vadim@vk.crocodile.org>

	* iptables.c (processTime): time matching support implemented in
	iptables policy compiler (requires patch from patch-o-matic)

2001-07-30  Vadim Kurland  <vadim@vk.crocodile.org>

	* iptables.c: added support for drop-table
	(requires patch-o-matic)
	
	* iptables.c (processSrv): added support for ipv4options patch
	(requires patch-o-matic)
	
	* nat.c (processNATRule): added support for NETMAP target (requires
	patch from patch-o-matic)

	* iptables.c (prologue): corrected script to take into account
	different path to arp and route in different distributions

2001-07-29  Vadim Kurland  <vadim@vk.crocodile.org>

	* policy.c (processElementaryPolicyRule): added recognition of
	broadcast addresses. If destination object in the rule is
	broadcast, compiler should generate code into INPUT chain

	* CustomService.hh (class CustomService): added class CustomService

	* iptables.c (processSrv): added support for CustomService in
	iptables compiler

	* set version to 0.9.4

	* added autoupgrade xslt transformations for upgrade 0.9.3->0.9.4
	
2001-07-24  Vadim Kurland  <vadim@vk.crocodile.org>

	* iptables.c (printARPEntryCommands): now we can manage static ARP
	entries and associated routes needed for DNAT translations via
	Firewall Builder

2001-07-22  Vadim Kurland  <vadim@vk.crocodile.org>

	* NetworkDialog.cc (NetworkDialog): switched to IPAddresswidget for
	address and netmask

	* HostDialog.cc, FirewallDialog.cc: switched to IPAddressWidget
	for address

2001-07-21  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyList.cc (on_button_release_event): free space in the policy
	or NAT view is now clickable: right mouse button click brings 
	pop-up menu with options for adding new rules at the top or bottom
	of the policy
	
	* OptionsDlg.cc (run): added UI parameters "Autosave" - if true,
	data in all dialogs is automatically saved when user switches
	between objects

2001-07-20  Vadim Kurland  <vadim@vk.crocodile.org>

	* policy.c (processPolicyERule): compiler now correctly processes
	case where firewall object used in both src and dst in the policy
	rule
	(rulePrologue): now using separate temporary chains for INPUT,OUTPUT
	and FORWARD in rules with negation.
	(optimisePolicyRules): improved rule optimiser

2001-07-19  Vadim Zaliva  <lord@crocodile.org>

	* BackgroundOp.hh (class Logger): added 'start' and 'end' manipulators
	to lock synchornized output.

	* dns.cc (DNS_bulkBackResolve_Thread): synchronized output from several
	resovled threads.

2001-07-19  Vadim Kurland  <vadim@vk.crocodile.org>

	* iptables.c (parseOptions): added rule option "stateless" - now
	user can mark certain rules as not requiring stateful
	inspection. This feature, if used properly, can improve
	performance without compromising security

	* RuleOptionsDialog.cc (RuleOptionsDialog): added checkbox for
	rule option "stateless"

2001-07-18  Vadim Zaliva  <lord@crocodile.org>

	* HostsFile.cc (parse): skipping IPv6 addresses
	* IPAddress.cc (operator=): detecting IPv6 addresses.

2001-07-17  Vadim Kurland  <vadim@vk.crocodile.org>

	* policy.c (processPolicyERule): fixed bug #441979 in iptables
	compiler (Iface rules wrong when direction both)


2001-07-17  Vadim Zaliva  <lord@crocodile.org>

	* snmp.cc (run_impl): Distinguishing point-to-point routes
	and adding them as hosts, rather as networks.

	* dns.hh (class DNS_findA_query): Handling mulpiple PTR records.

2001-07-16  Vadim Zaliva  <lord@crocodile.org>

	* HostsFile.cc (parse): More decent parser, hanlding
	empty lines, end of line comments and multiple hosts aliases.

2001-07-15  Vadim Kurland  <vadim@vk.crocodile.org>

	* DiscoveryDruidP05Dialog.cc (DiscoveryDruidP05Dialog): Now option
	"Perform network scan using SNMP queries" will be disabled, and 
	explanatory text added, if program is compiled with no SNMP support

2001-07-14  Vadim Zaliva  <lord@crocodile.org>

	* dns.cc: implemented getHostByAddress with DNS timeout.

2001-07-14  Vadim Kurland  <vadim@vk.crocodile.org>

	* nat.c (processNATRule): support for REDIRECT in iptables

2001-07-13  Vadim Kurland  <vadim@vk.crocodile.org>

	* snmp.cc (init): added parameters for dns timeout
	(isvirtual): bugfix in virtual address detection method

	* TableOfObjects.cc (addObject): If object has multiple names in DNS, 
	this widget will show all of them in combo box

	* FilterDialog.cc (FilterDialog): Now can filter by address and name

2001-07-13  Vadim Zaliva  <lord@crocodile.org>

	* snmp.cc (run_impl): optinally resolve found hosts.
	(isvirtual): detection and removed virtual IPs.

	* snmp.hh (class CrawlerFind): return DNS info in availiable.

	* dns.cc (run_impl): Multu-threaded back-resolving
	implemented.

	* Pool.hh (Pool): tiny memory leak corrected.

2001-07-12  Vadim Kurland  <vadim@vk.crocodile.org>

	* DiscoveryDruidP70Dialog.cc (on_filter_clicked): now user can
	apply filter to objects found by crawler

2001-07-11  Vadim Kurland  <vadim@vk.crocodile.org>

	* fwcompiler.c (cmpTriplet): fixed bug #440557
	* iptables.c (prologue): now setting default policy before flushing
	all chains
	* iptables.c (processSrv): fixed bug #440390 

2001-07-10  Vadim Kurland  <vadim@vk.crocodile.org>

	* DiscoveryDruidP70Dialog.hh (class DiscoveryDruidP70Dialog):
	one more page to DiscoveryDruid (picking objects discovered by
	SNMP crawler)

2001-07-10  Vadim Zaliva  <lord@crocodile.org>

	* snmp.cc (fetchRoutingTable): discovering
	networks from network host routing table.

2001-07-09  Vadim Kurland  <vadim@vk.crocodile.org>

	* DiscoveryDruidP65Dialog.cc: using pool for
	SNMPCrawler operations. Now it is safe to interrupt crawler in
	the middle of the process

2001-07-08  Vadim Kurland  <vadim@vk.crocodile.org>

	* DiscoveryDruidP50Dialog.cc (DiscoveryDruidP50Dialog): 
	* DiscoveryDruidP53Dialog.cc (DiscoveryDruidP53Dialog): 
	* DiscoveryDruidP65Dialog.cc (DiscoveryDruidP65Dialog): 
		GUI for SNMP crawler
	
2001-07-08  Vadim Zaliva  <lord@crocodile.org>

	* dns.hh (class DNS_bulkBackResolve_query): operation
	for groups of IPs.

	* dns.cc (getHostByAddr): method added

	* snmp.cc
	* snmp.hh (class SNMPCrawler): retries, timeout, community
	parameters added.

2001-07-07  Vadim Kurland  <vadim@vk.crocodile.org>

	* ListOfIcons.cc (addObject): fixed bug: pop-up menu in group view
	now correctly activates "Open", "Copy" and "Cut" items

	* ObjectTree.cc (on_button_release_event): fixed bug: gui crashed
	after "Help me build policy" Druid if Policy or NAT were showing in
	the right pane of the main window (Support request #437759)


2001-07-06  Vadim Kurland  <vadim@vk.crocodile.org>

	* InterfaceDialog.cc (on_addr_focus_out_event): fixed bug: gui crashed
	if user hit TAB on empty "Address" field

2001-07-06  Vadim Zaliva  <lord@crocodile.org>

	* FirewallDialog.cc: 
	* snmp.cc: 
	* snmp.hh: 
	* config.h.in:
	* configure.in: better check for libsnmp

2001-06-28  Vadim Zaliva  <lord@crocodile.org>

	* snmp.hh:
	* snmp.cc (run_impl): implemented simple single threaded
	SNMP crawler.

2001-06-26  Vadim Kurland  <vadim@vk.crocodile.org>

	* main_window.cc (on_feedback_activate): menu item "Feedback" added

	* GenericBackgroundOpDialog.hh (Window): class SNMPOpDialog renamed
	to GenericBackgroundOpDialog

2001-06-20  Vadim Kurland  <vadim@vk.crocodile.org>

	* FirewallDialog.cc (addOptionsMenu): Now using OptionsMenu widget
	where appropriate

2001-06-18  Vadim Kurland  <vadim@vk.crocodile.org>

	* main_window.cc (on_release_notes_activate): open Release Notes
	in the default browser configured for "file://" URLs. Now we have
	choice : we can use our own mini browser MiniBrowserDialog or
	standard URL display program configured in system Gnome
	preferences

	* MiniBrowserDialog.hh (class MiniBrowserDialog): mini-browser dialog
	using HTMLViewer widget

	* htmlviewer.cc (HTMLViewer): primitive gtk-- wrapper widget for
	gtk-xmhtml widget. This widget will be used to show ReleaseNotes
	etc.

2001-06-17  Vadim Kurland  <vadim@vk.crocodile.org>

	* BuiltinDialog.cc (BuiltinDialog): GUI now does not permit
	creation of objects with empty names. Some logic cleanup in
	"Apply"/"Undo" functions

2001-06-17  Vadim Zaliva  <lord@crocodile.org>

	* dns.cc (findA): timeout check in findA() methods.

	* XMLTools.cc (saveFile): ident XML files on save.

2001-06-14  Vadim Zaliva  <lord@crocodile.org>

	* configure.in: Checking for actual presence of static version
	of libresolv.a, if not found - try dynamic.

2001-06-13  Vadim Kurland  <vadim@vk.crocodile.org>

	* main_window.cc (on_install): support for optional policy install
	script added

2001-06-11  Vadim Zaliva  <lord@crocodile.org>

	* configure.in: unconditionally link with libresolv.a

2001-06-11  Vadim Kurland  <vadim@vk.crocodile.org>

	* DiscoveryDruid.cc (on_prepare): implemented GUI for importing
	hosts from DNS zone

	* iptables/iptables.c (parseOptions): bug 429427 fixed (garbage
	after the end of rule action) 
	* iptables/nat.c: bug 426874 fixed (implemented NAT on firewalls
	with dynamic address on external interface)
	* iptables/iptables.c: bug 424440 fixed (added correct clean-up code
	on top of iptables script to remove all "old" rules in all
	chains)

	* iptables/nat.c: bug 422345 fixed (implemented support for
	negations in NAT, in particular negated original dest.)

	* iptables/nat.c: bug 424435 fixed (implemented negation in NAT)
	

2001-06-09  Vadim Kurland  <vadim@vk.crocodile.org>

	* iptables.c (parseOptions): fixed bug 431705 - log options
	  an logging limits processing in iptables compiler

	* DiscoveryDruid.cc (on_next): Objects Discovery Druid class

	* DiscoveryDruidP40Dialog.cc (newObject): reads hosts(5) file and
	  creates objects
	

2001-06-08  Vadim Zaliva  <lord@crocodile.org>

	* Makefile.in: bulk compilation of all GLADE-generated
	sources to decrease build time.

	* HostsFile.hh:
	* HostsFile.cc: hosts(5) file parser

2001-06-07  Vadim Zaliva  <lord@crocodile.org>

	* dns.cc: Made background operations of getNS()
	and findA() operations.

	* config.h.in: 
	* configure.in: checking for functions from bind8
	api.

	* dns.cc: code cleanup. works with bind8
	on Linux.
	(HAVE_BIND8): conditional compilation
	to compile on systems without proper
	bind libraries.

2001-06-06  Vadim Zaliva  <lord@crocodile.org>

	* dns.cc (findA): first working version
	* configure.in: checking for libbind_r.a

2001-06-04  Vadim Zaliva  <lord@crocodile.org>

	* snmp.hh: 
	* snmp.cc: 
	* FirewallDialog.cc (on_snmp_get_released): Using SNMP
	timeout and retries from preferences.

2001-05-30  Vadim Zaliva  <lord@crocodile.org>

	* configure.in: libresolv detection

2001-05-29  Vadim Zaliva  <lord@crocodile.org>

	* dns.cc (getHostByName): using gethostbyname_r
	with 5 (solaris) or six (linux) parameters.

	* configure.in: detecting arity of gethostbyname_r

	* dns.hh: DNS lookup wrapper interface.
	* dns.cc: DNS lookup wrapper implementation for Linux.

2001-05-23  Vadim Zaliva  <lord@crocodile.org>

	* main_window_menu.cc (build_menu): 
	* main_window.cc (on_tools_scan): Added Tools menu with
	Scan submenu.

2001-05-20  Vadim Kurland  <vadim@voyager.crocodile.org>

	* BackgroundOp.cc: background op. classes redesign

2001-05-18  Vadim Zaliva  <lord@crocodile.org>

	* snmp.cc (run_impl): 
	(run_impl): handling problem with present, but
	not configured interfaces.

	* snmp.hh (run_impl): 
	* FirewallDialog.cc (on_snmp_get_released): 
	(on_snmp_get_descr_released): 
	Running SNMP queries in background, without
	GUI freeze.

2001-05-18  Vadim Kurland  <vadim@voyager.crocodile.org>

	* ListOfIcons.cc (addObject): fixed bug #425023 

2001-05-17  Vadim Kurland  <vadim@voyager.crocodile.org>

	* OptionsDlg.cc (OptionsDlg): removed snmpget and snmpwalk paths
	parameters

2001-05-16  Vadim Kurland  <vadim@voyager.crocodile.org>

	* PolicyListItem.cc (PolicyListObjectItem): translated
	source/dest/service now shows as "Original" if no translation is
	needed.


2001-05-15  Vadim Zaliva  <lord@crocodile.org>

	* snmp.cc: 
	* snmp.hh: 
	* FirewallDialog.cc (wrk2dlg): 

	* config.h.in: 
	* configure.in: detecting presense of ucd-snmp library

	* merger snmp-lib-integration branch.

2001-05-12  Vadim Zaliva  <lord@crocodile.org>

	* XMLTools.cc (parseFile): detecting DTD validation
	errors during file load.

2001-05-11  Vadim Kurland  <vadim@voyager.crocodile.org>

	* FWObjectDatabase.xslt: making sure attribute action is never 
	  empty in PolicyRule

2001-05-11  Vadim Zaliva  <lord@crocodile.org>

	* fwcompiler.c (main): using DTD when loading data file.

2001-05-11  Vadim Kurland  <vadim@voyager.crocodile.org>

	* FWObjectDatabase.xslt (xmlns): transformation from 0.8.7 to 0.9.0:
	  fixed bug where InterfacePolicy objects created by this script
	  where duplicated

	* FirewallDialog.cc (on_snmp_get_released): now user doesn't have
	to press "Apply" before pulling information from the firewall via
	SNMP

2001-05-14  Vadim Zaliva  <lord@crocodile.org>

	* snmp.cc: getting interfaces information
	using snmp library.

2001-05-11  Vadim Zaliva  <lord@crocodile.org>

	* snmp.hh (class SNMPConnection): 
	* snmp.cc (class SNMPConnection): implemented simple
	C++ wrapper to ucd-snmp library.
	(run): getting system info using library.

	* configure.in: check for ucd-snmp library

2001-05-11  Vadim Kurland  <vadim@voyager.crocodile.org>

	* fwcompiler.c (cmpObjects): now we recognize the case when "Host"
	object has the same address as "Firewall" object and can generate
	appropriate rules

2001-05-10  Vadim Kurland  <vadim@voyager.crocodile.org>

	* policy-text.xsl: implemented negation in policy printing

	* helpers.cc (checkObjectName): allowed ':' in object names

	* iptables.c : two bugfixes:
	  added  "iptables -N temp_rule_name"
	  corrected processing of SNAT rules where translated source is not
	  firewall.

2001-05-06  Vadim Kurland  <vadim@voyager.crocodile.org>

	* StandardRulesDruid2.cc (generateRulesForHostProtection): fixed bug:
	  policy rules should not have direction, but druid used to insert
	  direction in "allow all outgoing connections" rule for host
	  protection firewall

2001-05-05  Vadim Kurland  <vadim@voyager.crocodile.org>

	* iptables.c (parseOptions): bugfix: "--reject-with tcp-reset"
	  requires "-p tcp"

2001-04-30  Vadim Zaliva  <lord@crocodile.org>

	* FWObject.hh (class FWObject): using 'vector' instead
	of 'list'.
	* FWObject.cc (sortChildren): sorting children by name.

2001-04-28  Vadim Zaliva  <lord@crocodile.org>

	* Makefile.in:
	* fwbuilder-packages"
	* fwbuilder.bts:
	* fwbuilder.appmap: Bug-Buddy 1.2 support

2001-04-27  Vadim Zaliva  <lord@crocodile.org>

	* Makefile.in (uninstall): installing bug buddy data files

	* XMLTools.cc: '-' as output file name prints to stdout.

	* PrintDialog.cc (run): fixed bug with passing currenlty
	selected node to XSLT transformation.

2001-04-26  Vadim Zaliva  <lord@crocodile.org>

	* XMLTools.cc (setDTD): 
	* FWObjectDatabase.cc (saveXML): 
	* PrintDialog.cc (run): do not use temporaty files 
	for printing.

2001-04-25  Vadim Zaliva  <lord@crocodile.org>

	* PrintDialog.cc (run): 
	* FWObjectDatabase.cc (saveFile): Print w/o saving file.
	(Task #30300)

2001-04-25  Vadim Kurland  <vadim@voyager.crocodile.org>

	* InterfacePolicy.cc: Added "Srv" to InterfacePolicy

	* Rule.cc (fromXML): now show warning dialog if general policy 
	  rule has interface or direction specified. Rule will be loaded
	  with interface and direction attirbutes erased.

	* fwcompiler.c (scan_Policy): now print error message and bail out
	  if general policy rule has interface or direction specified.

2001-04-24  Vadim Kurland  <vadim@voyager.crocodile.org>

	* configure.in : correct checking for paths for libxml2 and libxslt
	  Now configure will use dynamic libraries if static ones could
	  not be found

2001-04-23  Vadim Kurland  <vadim@voyager.crocodile.org>

	* policy-ascii.xsl (ref): plain ascii printing transformation

2001-04-22  Vadim Kurland  <vadim@voyager.crocodile.org>

	* iptables.c (processTCPorUDP): --tcp-flags and --syn are
	  now supported

	* FWObjectDatabase.xslt: fixed typo 
	  (line 130, was: UPD, should be: UDP)

	* FirewallDialog.cc (on_find_compiler_clicked): implemented
	  "browse" button callback for custom compiler lookup

	* resources.xml.in: ipchains is gone. Now it even won't show up in
	  platforms drop-down menu in FirewallDialog

2001-04-22  Vadim Zaliva  <lord@crocodile.org>

	* XMLTools.cc: protected access to XML/XSLT
	library params with locks.

2001-04-21  Vadim Zaliva  <lord@crocodile.org>

	* PrintDialog.cc (run): XSLT specific code moved
	to XMLTools.cc. As result, XSLT error messsages
	during print are caught and shown to user.

	* XMLTools.hh:
	* XMLTools.cc (transformDocument): complete XSLT/XML
	error interception.

2001-04-19  Vadim Zaliva  <lord@crocodile.org>

	* XMLTools.cc (convert): intercepting conversion
	error messages and reporting them to the user.

2001-04-18  Vadim Zaliva  <lord@crocodile.org>

	* XMLTools.cc (convert): comparing version numbers
	(loadFile): making backup copy of converted files.
	restoring from backup if conversion failed.
	(loadFile): showing confirmation dialog.

	* XMLTools.hh: 
	* XMLTools.hh: migrating data files on load using XSLT transformations.

	* fwbuilder.spec.in (Group): filters and migration dirs added.
	* Makefile.in (install): makefile added

2001-04-16  Vadim Zaliva  <lord@crocodile.org>

	* XMLTools.cc (saveFile): 
	* Preferences.cc (savePrefs): 
	* FWObjectDatabase.cc (saveFile): 
	Consolidated XML files saving, with DTD/doctype
	handling into one place.

	* Makefile.in: installing/uninstalling
	preferences DTD.

	* XMLTools.cc (loadFile): 
	* Preferences.cc (loadPrefs): 
	* FWObjectDatabase.cc (load): 
	Consolidated XML files loading with version checking
	and validation into one place

	* fwbuilder_preferences.dtd.in: minor syntax tweaking

	* fwbuilder_prefs.xml.in: added DOCTYPE

	* fwbuilder_preferences.dtd.in: 
	* configure.in: setting preferences file version
	using autoconf.

	* FWObjectDatabase.cc (saveFile): do not specify
	full path to DTD when saving.

	* fwbuilder.cc (main): 
	* XMLTools.cc (fwbExternalEntityLoader): loading DTD files
	from template directory.

	* translate087preferences.xsl: initial version
	from from Friedhelm Duesterhoeft.

	* translate087objects.xsl: new version 
	from Friedhelm Duesterhoeft.
	added NATRuleOptions
        added FirewallOptions
        added PolicyRuleOptions
        added fixed version 1.0 to FWObjectDatabase

	* fwbuilder_preferences.dtd: DTD for preferences
	file from Friedhelm Duesterhoeft.

	* main_window.cc (on_print_activate): passing id of
	currently selected node to print dialogue

	* PrintDialog.cc (PrintDialog): added controls allowing
	to choose between printing all tree and current object only.
	Passing ID of currenlty selected node to XSLT processor.

2001-04-14  Vadim Kurland  <vadim@voyager.crocodile.org>

	* ICMPServiceDialog.cc (dlg2wrk): ICMP dialog now supports
	  "Any icmp type" and provides verbose ICMP types and codes names.
	  Support for "any icmp" tested with iptables compiler

	* fixes and improvements in fwbuilder.spec - incorporated patches
	  from Carlo Wood

2001-04-13  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Resources.cc (getResourceInt): added couple of convenient
	methods 
	* moved SmallIconsSize and LargeIconsSize from preferences
	to resources

2001-04-11  Vadim Zaliva  <lord@crocodile.org>

	* FWObjectDatabase.cc (load): checking for version attribute.

	* XMLTools.cc (getXmlNodeByPath): moved all xml helpers to
	this class.

2001-04-11  Vadim Kurland  <vadim@voyager.crocodile.org>

	* ObjectTree.cc (TreePopupMenu): added function "Duplicate" to 
	  menu "Edit" and popup menu in the tree

2001-04-10  Vadim Kurland  <vadim@voyager.crocodile.org>

	* configure.in: now statically linking with gtk--,
	  libxml2 and libxslt

2001-04-10  Vadim Zaliva  <lord@crocodile.org>

	* PrintDialog.cc (savePrefs): Printing preferences load/save.
	* fwbuilder_prefs.xml.in: added Printing preferences

2001-04-10  Vadim Kurland  <vadim@voyager.crocodile.org>

	* FWObjectDatabase.cc (saveFile): fixed file saving for libxml2

2001-04-09  Vadim Zaliva  <lord@crocodile.org>

	* Requirements: 
	* configure.in: 
	* Makefile.in (XSLT_CFLAGS): Added libxslt detection and
	usage.

	* configure.in: libxml2 detection

	* translate087objects.xsl: new delivery from Friedhelm Duesterhoeft.
	It conforms DTD v1.40.

2001-04-08  Vadim Zaliva  <lord@crocodile.org>

	* Makefile.in (depend): passing file names to 'makedepend'.
	* PrintDialog.cc (PrintDialog): added

2001-04-08  Vadim Kurland  <vadim@voyager.crocodile.org>

	* StandardRulesDruid.cc (StandardRulesDruid): Druid redesigned. Now
	 druid offers different questions for three network configurations:
	 1. firewall protects local host
	 2. firewall protects only internal network
	 3. firewall protects internal network and DMZ

	* post-glade.pl: modifications to this script allow for incremental
	  compile after GUI changes made by glade

2001-04-07  Vadim Kurland  <vadim@voyager.crocodile.org>

	* StandardRulesDruid.cc: druid corrected for new policy formats
	* New firewall option added: no_iochains_for_any. 
	
2001-04-06  Vadim Kurland  <vadim@voyager.crocodile.org>

	* iptables.c (parseOptions): implemented full support for firewall
	  options and policy rule options

2001-04-04  Vadim Kurland  <vadim@voyager.crocodile.org>

	* iptables.c : now compiler generates separate chain for each
	  policy rule and implements logging and action in this
	  chain. Support for rule options has been implemented too.

	* fwbuilder.dtd : added comment to PolicyRule

	* iptables.c (processInterfacePolicyRule): now correctly processing
	  negation in source and destination in iptables compiler

2001-04-01  Vadim Kurland  <vadim@voyager.crocodile.org>

	* fwbuilder.cc (main): fixed bug when exception thrown while
	loading preferences caused core dump

2001-04-01  Vadim Zaliva  <lord@crocodile.org>

	* Preferences.cc (loadPrefs): versioning of preferences file.

2001-04-01  Vadim Kurland  <vadim@voyager.crocodile.org>

	* iptables.c: iptables compiler now takes into account cases when
	  firewall has multiple interfaces and cases when firewall's
	  interfaces have dynamic address

2001-03-29  Vadim Kurland  <vadim@voyager.crocodile.org>

	* fwcompiler.c Policy attached to firewall interface is now processed
	  before "main" firewall policy

	* iptables.c compiler generates code for chains INPUT and OUTPUT
	  if policy rule applies to the firewall object; otherwise it
	  generates code for the FORWARD chain
	
	
2001-03-25  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Implemented Scratch pad which works as a mirror of the main
	  obejcts tree. All dialogs edit object's copies in scratch pad,
	  which then gets copied back to the main object tree when user
	  clicks "Apply" button. This provides for "Undo" function in all
	  dialogs, including complex ones such as policy editing

	
2001-03-23  Vadim Kurland  <vadim@voyager.crocodile.org>

	* ExecBgr.cc : background operations use exceptions to handle
	errors now. Many improvements have been made to error handling
	and more controls added.
	
2001-03-22  Vadim Kurland  <vadim@voyager.crocodile.org>

	* InterfacePolicy.cc (InterfacePolicy): class for policy attached
	to firewall interface

	* FirewallDialog.cc (showInterfacePolicy): FirewallDialog now
	shows and allows to edit policy attached to firewall interfaces

2001-03-21  Vadim Kurland  <vadim@voyager.crocodile.org>

	* PolicyListItem.cc (PolicyListObjectItem): first attempt at
	  showing objects properties in a pop-up window (using tooltips
	  for now) when mouse is over the object's icon in policy

	* Now using glade-- v0.5.11f (current cvs checkout). This fixed
	  problem with radio buttons in OptionsDialog

2001-03-19  Vadim Kurland  <vadim@voyager.crocodile.org>

	* fwbuilder.dtd (NATRule): added attribute "disabled"

2001-03-18  Vadim Kurland  <vadim@voyager.crocodile.org>

	* fwbuilder.dtd (Host, Firewall): netmask is gone

2001-03-16  Vadim Kurland  <vadim@voyager.crocodile.org>

	* FWIntervalReference.hh (class FWIntervalReference): yet another
	type of reference

2001-03-15  Vadim Kurland  <vadim@voyager.crocodile.org>

	* fwbuilder.dtd (): added %STD_ATTRIBUTES to NAT and Policy
	  created element Option
	  added attribute "dyn" to Interface

	* FirewallOptions.cc (fromXML):  now we store firewall
	 platform-specific options in class FirewallOptions instead of
	 Firewall

2001-03-14  Vadim Kurland  <vadim@voyager.crocodile.org>

	* FWData.hh: this class is used to store "options" data for policy
	and NAT rules and firewall objects

	* RuleElement.cc (RuleElement): all specific rule elements are now
	  inherited from RuleElement and corresponding Group (ObjectGroup,
	  ServiceGroup, IntervalGroup) using virtual inheritance


2001-03-14  Vadim Zaliva  <lord@crocodile.org>

	* FWObjectDatabase.cc (saveFile): adding DOCTYPE to generated XML
	documents.

2001-03-12  Vadim Kurland  <vadim@voyager.crocodile.org>

	* FirewallDialog.cc (dlg2wrk): "dynamic address" is now an option
	for interface, not firewall object

	* Interface.cc (Interface): added attribute "dynamic address"

2001-03-11  Vadim Kurland  <vadim@voyager.crocodile.org>

	* UDPService.hh (class    UDPService): class and file renamed

	* TCPService.hh (class    TCPService): class and file renamed

	* ICMPService.hh (class ICMPService): class and file renamed

	* IPService.hh (class IPService): class and file renamed

	* Host.hh (class Host): class and file renamed

	* Network.hh (class Network): class and file renamed

	* Firewall.hh (class Firewall): class and file renamed

	* Interval.hh (class Interval): class and file renamed

	* RuleElement.hh: new classes RuleElementSrc, RuleElementDst etc.

	* resources.xml.in: platforms and RuleElement descriptors added

	* Group.cc (setAnyElement): few methods added to Group. These methods
	support RuleElement and its descendants

2001-03-10  Vadim Kurland  <vadim@voyager.crocodile.org>

	* RuleSet.hh: new class. Policy and NAT are now derived from
	  RuleSet

2001-03-09  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Resources.cc (getPlatforms): created few new specialized methods
	in Resources

2001-03-07  Vadim Kurland  <vadim@voyager.crocodile.org>

	* FWObject.cc (validateChild): this virtual method checks child's
	type and prevents loops.

	* ServiceGroup.hh (class ServiceGroup): classes ServiceGroup,
	ObjectGroup and IntervalGroup created.

2001-03-04  Vadim Kurland  <vadim@voyager.crocodile.org>

	* FWObject.hh (FWObject*>): method bool isSystem() replaced old
	  Permissions.  Permissions completely eliminated.

	* Makefile.in (install): installs/uninstalls resources file

	* fwbuilder.cc (main): loading resources just before preferences

	* resources.xml: resources data moved from the old preferences
	  template file

	* Resources.hh (class Resources): class Resources created

2001-03-04  Vadim Zaliva  <lord@crocodile.org>

	* FWObjectDatabase.cc (saveFile): setting DTD when saving file.

2001-03-03  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Preferences.cc (getResource): handful of methods for resources
	manipulation. These methods will eventually move to a dedicated
	class Resources.

	* FWObject.cc (checkPermission): now permissions are stored in
	Preferences instead of the object itself. setPermissions method
	will be phased out soon. In the future permissions will move from
	Preferences to Resources.

	* FWObjectDatabase.hh (class FWObjectDatabase): fixed typo in
	definition of struct StandardObjects

2001-02-25  Vadim Zaliva  <lord@crocodile.org>

	* FWReference.cc: 'id' based implementation.

	* FWObject.hh (FWObject*>): getById getByType methods replacing
	old one: get().

2001-02-08  Vadim Zaliva  <lord@crocodile.org>

	* fwbuilder.dtd (Firewall): Firewall has Address optional - it may
	not be defined in certain situations.  Added notion of interval
	groups. Reorganized 'Time' element content.

2001-02-07  Vadim Zaliva  <lord@crocodile.org>

	* fwbuilder.dtd (PolicyRule): 'When' reference add to NAT, PolicyRule.

	* Makefile.in: AnyTime, AnyService classes removed.

2001-02-01  Vadim Zaliva  <lord@crocodile.org>

	* configure.in: version 0.8.7

	* fwbuilder.dtd: this could be called first
	prototype of DTD which we will use in future.

2001-02-01  Vadim Kurland  <vadim@voyager.crocodile.org>

	* fwcompiler.c (main): static arrays eliminated in favor of
	GSList (from glib)

2001-01-31  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Makefile.in (GLIB_CFLAGS): need GLIB CFLAGS to compile fwbuilder.c

2001-01-29  Vadim Zaliva  <lord@crocodile.org>

	* fwbuilder.dtd (TODO): typing of attributes.
	(TODO): compiler-specific options added.

2001-01-28  Vadim Zaliva  <lord@crocodile.org>

	* Makefile.in (distclean): fwbuilder.spec removed.

	* fwbuilder.spec.in (Group): Credits and FAQ files added 
	to RPM.

	* Incorporated patch from
	Jeremy T. Bouse <undrgrid@toons.UnderGrid.net> to
	support libxml2.

2001-01-27  Vadim Zaliva  <lord@crocodile.org>

	* fwbuilder.dtd: major rework of DTD.

2001-01-24  Vadim Kurland  <vadim@voyager.crocodile.org>

	* iptables.c (processSNAT): implemented MASQUERADE versus SNAT support
	  for dynamic addresses

	* README.examples: minor corrections to the example description

2001-01-23  Vadim Zaliva  <lord@crocodile.org>

	* Preferences.cc (Preferences): corrected problem
	with not detecting problem when preferences
	file could not be written.

2001-01-23  Vadim Kurland  <vadim@voyager.crocodile.org>

	* FirewallDialog.cc (on_snmp_get_descr_released): getting firewall
	  description, location and contact via SNMP
	  (wrk2dlg): storing parameters for ipfilter platform

	* snmp.cc (run): SNMP_sysdesc_query implemented

	* iptables.c (prologue): logging parameters implemented

2001-01-22  Vadim Kurland  <vadim@voyager.crocodile.org>

	* FirewallObject.cc (fromXML): loading platform-specific parameters

	* FirewallDialog.cc (FirewallDialog): fixed checkboxes alignment

2001-01-21  Vadim Zaliva  <lord@crocodile.org>

	* all xml files moved to etc. 

2001-01-21  Vadim Kurland  <vadim@voyager.crocodile.org>

	* FirewallDialog.cc (wrk2dlg): new options for ipchains and iptables
	  platforms

	* StandardRulesDruid.cc (on_finish): automatic generation of
	"net_junk" rule disabled

	* FirewallDialog.cc (dlg2wrk): check address validity before we
	  save the data

	* iptables.c (prologue): code produced by this compiler works!

	* FirewallDialog.cc (wrk2dlg): additional parameters for iptables
	  firewalls

2001-01-20  Vadim Kurland  <vadim@voyager.crocodile.org>

	* iptables.c: compiler produces code with no syntax errors

2001-01-20  Vadim Zaliva  <lord@crocodile.org>

	* listicons.sh: rewritten to shell/sed to avoid gawk.
	(for solaris).

2001-01-20  Vadim Kurland  <vadim@voyager.crocodile.org>

	* configure.in (TEMPLATE_DIR): fixed bug where bogus directory
	  path was stored in config.h during RPM build

	* fwbuilder.cc (main): fixed bug when we needed to report error
	  which happened while loading Preferences but MessageDialog in
	  turn needed Preferences to be already loaded.

2001-01-17  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Makefile.in (uninstall): uninstall target created

	* src/gui/main_window.cc (on_saveas1_activate): saveas does not
	erase current loaded object file name anymore, so we can figure
	out current working directory and open file selector dialog in
	that directory

	* src/gui/Preferences.cc (getWdir): this how we chose working
	directory to load/store files and to pass as a parameter to
	compiler: We use directory set in preferences if there was no
	object file loaded yet, and directory where it was loaded from
	otherwise

	* src/gui/NATDialog.cc (NATDialog): fixed bug #128967 

2001-01-16  Vadim Kurland  <vadim@voyager.crocodile.org>

	* examples/README:       added example description file
	  examples/objects.xml:  example objects file
	
2001-01-15  Vadim Kurland  <vadim@voyager.crocodile.org>

	* src/gui/PolicyListItem.cc (paint): long comment text line
	  folding implemented

2001-01-15  Vadim Zaliva  <lord@crocodile.org>

	* src/gui/GroupDialog.cc (GroupDialog): compiler warrning avoided.

	* src/gui/BackgroundOp.hh (Data ): run_impl is pure virtual now.
	* src/gui/Rule.cc: removed some debug output to stderr.

2001-01-15  Vadim Kurland  <vadim@voyager.crocodile.org>

	* src/gui/PolicyListItem.cc (PolicyListCommentItem): class for Policy
	rule comment

2001-01-15  Vadim Zaliva  <lord@crocodile.org>

	* src/gui/FWObjectDatabase.cc (load): better detection of
	invalid input file structure.

2001-01-15  Vadim Kurland  <vadim@voyager.crocodile.org>

        * changed #include <gnome-xml/parser.h> to #include <parser.h>
	everywhere to resolve build problem with libxml in unusual place
	
	* src/gui/HostObject.cc (HostObject): set default snmp read
	community to "public" as a wide spread default value. If object has
	different community string, its value will be read from XML file and
	will override default.

	* src/gui/NetworkDialog.cc (on_obj_addr_focus_out_event): automatically
	sets suggested netmask based on network's IP address

	* src/gui/HostDialog.cc (dlg2wrk): now checks address syntax

	* src/gui/NetworkDialog.cc (dlg2wrk): now checks address and 
	netmask syntax

	* src/gui/helpers.cc (checkIPaddress): checks IP address validity
	                     (getNaturalNetmask): returns "natural" 
			     classfull netmask for given IP address

2001-01-14  Vadim Kurland  <vadim@voyager.crocodile.org>

	* configure.in (FWB_MICRO_VERSION): set version to 0.8.6
	* configure.in :  Now we define version in configure.in

2001-01-09  Vadim Kurland  <vadim@voyager.crocodile.org>

	* src/gui/MessageDialog.hh (class MessageDialog): added new dialog
	  type (error with message text and error code); also changed all
	  static dialog creation methods so they accept const string& as
	  parameters

	* added error dialogs everywhere

2001-01-09  Vadim Zaliva  <lord@crocodile.org>

	* src/gui/main_window.cc: catch loading/saving errors.

	* src/gui/fwbuilder.cc (main): handling initial
	file loading errors.

	* src/gui/FWObjectDatabase.hh (class FWObjectDatabase): 
	* src/gui/FWObjectDatabase.cc: load/save methods
	now throw exceptions.

	* src/gui/fwbuilder.cc (main): handling load preferences
	error.

	* src/gui/OptionsDlg.cc (run): catching save error.

	* src/gui/Preferences.cc: throwing exceptions
	on save/load errors.

	* src/gui/FWException.cc: 
	* src/gui/FWException.hh: Base exception class.

2001-01-08  Vadim Kurland  <vadim@voyager.crocodile.org>

	* src/gui/FWObject.cc (setDirty): method sets "dirty" flag for
	  the object and possibly its children.

	* src/gui/FWObject.cc (isDirty): method checks dirty flag for this
	  object and possibly its children

	* src/gui/FWObject.hh (FWObject*>): boolean flag "dirty" - 
	  indicates data has been modified. 

	* src/gui/FWObjectDatabase.cc (saveIfModified): this method checks
	  for unsaved data in the database and asks user whether they want
	  to save it
	
	* src/gui/FWObjectDatabase.cc (load): now checking for unsaved
	  data before loading

	* src/gui/MessageDialog.cc (MessageDialog): new dialog type: 
	  question dialog with three buttons - "Yes", "No", "Cancel"

	* src/gui/main_window.cc (destroy_handler): now checking for unsaved
	  data if main window gets destroyed

	* src/gui/FileSel.cc (FileSel): file selector dialog now opens
	  in the working directory 

	* src/gui/CompileDialog.cc (CompileDialog): passing working dir
	  parameter to compiler via command line ( "-d" )

	* src/gui/OptionsDlg.cc (OptionsDlg): "Working directory" option
	  added to Options dialog

2001-01-08  Vadim Zaliva  <lord@crocodile.org>

	* src/compiler-framework/fwcompiler.c (main): -d option added.

	* src/gui/main_window.cc (on_compile): 
	* src/gui/CompileDialog.hh (class CompileDialog): 
	* src/gui/CompileDialog.cc (run): 
	* src/gui/FWObjectDatabase.cc (getFileName): 
	* src/gui/FWObjectDatabase.hh (class FWObjectDatabase): 
	Passing file name parameter to compiler
	
	* src/gui/main_window.cc (on_new1_activate): 
	* src/gui/FWObjectDatabase.cc: 
	* src/gui/FWObjectDatabase.hh (class FWObjectDatabase): 
	* src/gui/fwbuilder.cc (main): loading file from
	command line (-f, --file).
	Loading default database on startup.

2001-01-08  Vadim Kurland  <vadim@voyager.crocodile.org>

	* configure.in (DOCDIR): checking for docs directory ( /usr/doc
	  versus /usr/share/doc )

	* src/gui/DialogPlugin.cc: dialog text typo corrected

	* src/gui/FWObjectDatabase.cc (FWObjectDatabase): now setting 
	  permissions for objects created as a part of empty database

	* src/gui/FWObject.cc (setPermission): setPermission method
	  added

2001-01-07  Vadim Kurland  <vadim@voyager.crocodile.org>

	* src/iptables/iptables.c: first version of iptables compiler,
	  based on ipchains compiler

	* src/gui/fwbuilder_prefs.xml: added definition for iptables
	  Policy and NAT

	* configure.in (PACKAGE_PIXMAPS_DIR): added iptables support

	* src/iptables/Makefile.in: added directory and Makefile.in for
	  iptables. Started development for iptables

2001-01-07  Vadim Zaliva  <lord@crocodile.org>

	* src/gui/main_window_menu.cc (build_menu): Objects renamed to Insert.

	* src/compiler-framework/fwcompiler.c (main): restring changes
	lost in CVS reorg.

	* src/gui/FWObjectDatabase.cc (setFileName): 
	* src/gui/main_window.hh (class Main_window): 
	* src/gui/main_window.cc (on_saveas1_activate):
	(on_new1_activate): 
	* src/gui/main_window2.cc (OpenObject): Save, SaveAs, New implemented.

2001-01-06  Vadim Zaliva  <lord@crocodile.org>

	* src/gui/main_window_menu.cc (build_menu): "Objects" menu
	created.

	* src/gui/fwbuilder.cc (main): do now load default files
	on startup.

	* src/gui/Preferences.hh: misc cleanup
	* src/gui/Preferences.cc (Preferences): copying default preferences file
	to ~/.fwuilded. No longer we create ~/fwbuilder directory.

2001-01-05  Vadim Kurland  <vadim@voyager.crocodile.org>

	* src/gui/ObjectTree.cc (on_pasteobj): checks permissions
	                        (on_cutobj): check permissions
				(on_copyobj): check permissions

	* src/gui/FWObject.hh (FWObject*>): added set of permissions for
	FWObject

	* src/gui/ObjectTree.cc (TreePopupMenu): pop-up menu has its items
	  deactivated if object can not be removed or copied

	* src/gui/ListOfIcons.cc (on_button_release_event): pop-up menu
	has its items deactivated just like that in ObjectTree.cc

	* src/gui/GroupDialog.cc (dlg2wrk): fixed bug in object removal

	

2001-01-04  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Makefile.in (distclean): now even cleaner

	* src/gui/main_window.cc (Main_window): fixed bug where program
	  used to give Gtk-CRITICAL warning on exit ( Bug ID 127496 )

2001-01-04  Vadim Zaliva  <lord@crocodile.org>

	* fwbuilder.spec: version 0.8.3 released

2001-01-03  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Makefile.in (rpm): added makefile target "rpm". This will build
	  snapshot usoing cvs export and then run script build_rpm.sh
	* build_rpm.sh: this script will build rpms

	* Version number for snapshot is taken from fwbuilder.spec
	  file. To generate snapshot and tar.gz for RPM one needs to edit
	  fwbuilder.spec file and then do "make tar"

2001-01-03  Vadim Zaliva  <lord@crocodile.org>

	* fwbuilder.spec: created SPEC file for building RPM package

	* doc/Makefile (install): install-doc is separate target

	* src/gui/Tools.cc: 
	* src/gui/Tools.hh: Added new files for misc tools

	* src/gui/Preferences.cc (getNodeByPath): 
	* src/gui/PolicyListElement.cc (popup_menu): 
	* src/gui/GroupDialog.cc (GroupDialog): 
	* src/gui/ListOfIcons.cc (on_button_release_event): 
	(on_button_release_event): replaced g_new/g_free/g_strdup
	with new, delete, cxx_strdup.

	* src/gui/HostObject.cc (get_if_names): 
	* src/gui/FWObject.cc (getPath): 
	(FWObject): 

	* src/compiler-framework/fwcompiler.h: Copyright added.

	* src/compiler-framework/Makefile.in: install goal added.

	* src/ipfilter/Makefile.in: 
	* src/ipchains/Makefile.in: 'install' goal corrected.

2001-01-02  Vadim Kurland  <vadim@voyager.crocodile.org>

	* merging fwbuilder and fwcompiler in one CVS tree
	* added Makefile.in in doc subdir. Documents will be installed
	  in $(prefix)/doc
	
2001-01-02  Vadim Zaliva  <lord@crocodile.org>

	* src/MessageDialog_glade.cc: removed icon init to avoid
	runtime warnings.

2000-12-27  Vadim Kurland  <vadim@voyager.crocodile.org>

	* src/*.cc: converted to isA and cast methods everywhere

2000-12-27  Vadim Zaliva  <lord@crocodile.org>

	* src/*.hh: isA() and cast() methods added to all
	subclasses of FWObject.

	* src/ListOfIcons.cc (addObject): fixed chrash when showing group
	with references.

2000-12-26  Vadim Zaliva  <lord@crocodile.org>

	* src/Makefile.in (install): install also installs icons

2000-12-25  Vadim Zaliva  <lord@crocodile.org>

	* Makefile.in (distclean): 'distclean' goal added.

2000-12-23  Vadim Kurland  <vadim@voyager.crocodile.org>

	* src/Preferences.cc (Preferences): now program looks for
	  fwbuilder_prefs.xml and objects_init.xml in the directory
	  defined by INIT_DIR

	* config.h.in: added #define for INIT_DIR

	* src/Makefile.in (PACKAGE_PIXMAPS_DIR): PACKAGE_PIXMPAP_DIR is
	  now defined relatively to $prefix

2000-12-21  Vadim Kurland  <vadim@voyager.crocodile.org>

	* added copyright notice to all .cc and .hh files, except those
	  generated by glade
	
	* src/Rule.cc (Rule): read "hidden" status from preferences
	  in constructor

	* src/RuleElement.cc (RuleElement): read "hidden" status from
	  preferences in constructor

2000-12-20  Vadim Kurland  <vadim@voyager.crocodile.org>

	* acsite.m4: redefined macro AC_TRY_RUN_NATIVE to fix an error
	  with gcc 2.96 (originally macro defined exit(int) which
	  conflicted with previous definition in
	  /usr/include/stdlib.h). gcc 2.91 just issued warning on this,
	  while gcc 2.96 considered this to be an error

	* configure.in:  rule checking for /usr/include/g++-3 has been refined.
	  If system has been upgraded from RH 6.2 to RH 7.0 then both 
	  /usr/include/g++-2 and /usr/include/g++-3 exist. We should pick 
	  only  /usr/include/g++-3 in this case


2000-12-19  Vadim Kurland  <vadim@voyager.crocodile.org>

	* src/fwbuilder_prefs.xml.in: fwbuilder_prefs.xml is now generated
	  by configure

	* src/Makefile.in (snapshot): added target "snapshot"

	* src/PolicyListItem.cc (paint): switched to queue_draw everywhere 
	  and updated drawing method to use Gdk_GC consistently

	* src/NAT.cc (updateMainMenu): enable/disable main menu items

	* src/Policy.cc (updateMainMenu): enable/disable main menu items

	* src/FirewallObject.cc (updateMainMenu): enable/disable main menu
	  items in "Policy"

2000-12-18  Vadim Kurland  <vadim@voyager.crocodile.org>

	* src/FWObject.cc (updateMainMenu): this virtual method
	  enables or disables appropriate main menu items.

	* aclocal.m4: added functions which test for particluar headers:
	  AC_TEST_FILES and AC_SEARCH_HEADERS

	* Makefile.in: subdirectories processing is done through .PHONY target
	 
	* doc/Requirements: updated requirements
	* bugfixes
	
2000-12-16  Vadim Kurland  <vadim@voyager.crocodile.org>

	* src/StandardRulesDruid.cc (on_finish): bugfixes

	* doc/README: descriptions of all object types added

	* AUTHORS (Credits): updated AUTHORS file

	* src/objects_init.xml: added group "Time" and object "AnyTime"

	* src/fwbuilder_prefs.xml: definition for TIME object; added
	  time to policy definition for all supported platforms

	* src/AnyTime.cc: initial implementation

	* src/TimeObject.cc: Initial implementation of TimeObject

	* src/main_window.cc (Main_window): left and right panels in the main
	  window simplified and are not built by glade anymore

2000-12-15  Vadim Kurland  <vadim@voyager.crocodile.org>

	* src/main_window_menu.cc (build_menu): another way to build menus.

	* src/main_window.cc (extractPolicyList): trying to avoid excessive
	  use of dynamic_cast. I now tell PolicyDialog from NATDialog using
	  widget name
	* dynamic_cast replaced everywhere, now using getTypeName()

2000-12-14  Vadim Kurland  <vadim@voyager.crocodile.org>

	* src/fwbuilder.cc (main): no need to initialize imlib if
	  compile with gnome support - gnome_init does it

2000-12-14  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Global key accelerator group implemented
	
2000-12-14  Vadim Zaliva  <lord@crocodile.org>

	* src/GroupDialog_glade.cc (N_): get rid of one more nasty
	compilation warnings.

2000-12-13  Vadim Kurland  <vadim@voyager.crocodile.org>

	* gnome-wrappers/iconlist.{cc,hh}  :  wrapper for gnome widget
	  icon_list
	* GroupDialog now uses our wrapper class IconList
	* Doubleclick on the object in a group view opens object
	
2000-12-13  Vadim Zaliva  <lord@crocodile.org>

	* src/main_window_menu.cc (GNOMEUIINFO_MENU_NEW_SUBTREE): workaround
	to solve compilation problem under gcc 2.96

	* src/Makefile.in ($(GNOME_WRAPPERS_LIB)): add dependency 
	to gnome-wrappers/*.o which does not work.

	* src/Iconlist.cc (IconList): 
	* src/TextDlg.cc (TextDlg): 
	* src/BackgroundOpDisplay.cc (ConnectSignals): 
	* src/NATDialog.cc (NATDialog): 
	* src/PolicyDialog.cc (PolicyDialog): 
	* src/PolicyList.cc (PolicyList): 
	* src/PolicyListItem.cc (PolicyListItem): 
	* src/PolicyListElement.cc (PolicyListRuleNum): 
	(constructor): 
	* src/GroupDialog.cc (GroupDialog): 
	* src/About.cc (About): gcc 2.96 compilatiom pb. Corrected syntax
	of taking address of method.

	* src/PolicyListElement.cc (request_focus): 
	focus() renamed to request_focus()

	* src/PolicyListElement.hh: get_row(), get_col() return type added.
	focus() renamed to request_focus()

	* src/PolicyListElement.cc (popup_menu): unused variable pl commented

	* src/Preferences.cc (getNodeByRelPath): commented out unused method.

	* configure: removed exit() method prototype which conflicts
	with one from stdlib.

	* src/PolicyList.hh: 
	* src/PolicyList.cc (request_focus): focus() renamed to request_focus()

	* src/gnome-wrappers/wrappers.hh: undef syntax corrected
	to avoid compiler warnings.

	* src/Makefile.in (clean): clean target added

2000-12-12  Vadim Kurland  <vadim@voyager.crocodile.org>

	* configure.in, Makefile.in reimplemented. Now we do not use
	  those built by glade for us.
	
2000-12-11  Vadim Kurland  <vadim@voyager.crocodile.org>

	* FWObject::map is now map<const gchar*,const gchar*,ltstr>
	* FWObject can now store data of three types: String, Int, Bool
	
2000-12-3  Vadim Kurland  <vadim@voyager.crocodile.org>

	* PolicyListItem drawing method reimplemented using plain
	  gdk routines. Everything works just fine.
	* bugfixes
	* ICMP code -1 now means any code. Compiler generates 
	  code which takes only icmp type into consideration

2000-12-2  Vadim Kurland  <vadim@voyager.crocodile.org>
	
	* Class PolicyListItem completely reimplemented as custom widget
	  derived from Gtk::Widget. It turned out to be surprisingly 
	  simpler to do it this way.
	* Class LabelWithEffects is not needed anymore; files have been
	  removed from CVS
	* Still working on a bug where object tree lines lose color once
	  policy has been displayed. Something is wrong with style or
	  Gdk_GC processing in PolicyListItem

2000-12-1  Vadim Kurland  <vadim@voyager.crocodile.org>
	
	* Implemented "disable rule" function in GUI
	* LabelWithEffects can now display text string with pixmap background
	  ( used in PolicyListRuleNum class to display rule number which
	    can be double-crossed if rule is disabled )

2000-11-29  Vadim Kurland  <vadim@voyager.crocodile.org>
	
	* Policy rule drag&drop methods now use actual rule screen 
	  snapshot as a drag icon
	* Added some imlib image manipulation to this snapshot to make 
	  it easily distinguishable from the rest of the picture on 
	  the screen. 

2000-11-28  Vadim Kurland  <vadim@voyager.crocodile.org>
	
	* Got rid of "path" and all supporting methods. Now we keep
	  pointer to parent in each FWObject, which allows us to easily
	  reconstruct path string on demand
	* pop-down menu appears on mouse button release (instead of button
	  press) in ObjectTree, PolicyList and IconsList
	* added attribute "hidden". Now each object can be made
	  hidden, so it won't show up in ObjectTree and groups. There is
	  no GUI mechanism to set this attribute as of yet

2000-11-26  Vadim Kurland  <vadim@voyager.crocodile.org>

        * algorithm refinements for "any" objects and services. Now
          GUI inserts reference to the object "Any" instead of keeping
          rule element empty. This simplified somewhat algorithms for
	  objects removals and additions in rule elements as we now 
	  gaurantee that rule elements are never empty 
	* doc/README updated with compilation and installation instructions
	* Makefile.am updated for proper binary and *.xml files install,
	  as well as icons install. See README for details. 

2000-11-25 Vadim Kurland  <vadim@voyager.crocodile.org>

	* Druid now helps to build more or less complete basic policy.
	  If you don't know where to start with new firewall - start
	  with menu item "Help build firewall policy"
	* Object can now be dragged between policy elements
	* Menu item "compile" now actually calls compiler in the background
	  and shows its progress or errors in the dialog window.
	* policy rules can now be dragged to swap places and move rules
	  up or down.

2000-11-24 Vadim Kurland  <vadim@voyager.crocodile.org>

	* FWObject is now derived from list, not map.  This made 
	  manipulation of the order in which children are presented 
	  much easier. This change was needed for proper implementation
	  of Policy rules addition and insertion
	* some changes to fwbuilder_prefs.xml
	* bugfixes

2000-11-13 Vadim Kurland  <vadim@voyager.crocodile.org>

	* Druid is now called "Standard Protection Rules Druid" and
	  generates three types of rules:
	    - anti-spoofing rule
	    - rule dropping "short" fragments
	    - rule dropping "network junk", that is packets coming from
	      outside but not headed for our network
	* Druid consists of three pages, plus "final" page
	* program now automatically creates working directory
	  in user's home and copies default preferences file and initial
	  objects database there. See doc/README
	* Again new icons


2000-11-12 Vadim Kurland  <vadim@voyager.crocodile.org>

	* Now all object dialogs check object's name for syntax before
	  saving. Name must consist of alphanumeric characters and should
	  not start with number

2000-11-11 Vadim Kurland  <vadim@voyager.crocodile.org>

	* New policy element added: "Direction". This, together with "Target",
	  helps build anti-spoofing and other direction-dependant rules.
	* Anti-spoofing druid now actually builds rule on top of the policy
	* Preferences dialog now allows turning on and off visibility of 
	  individual policy elements
	* Original icons with transparent background restored
	* ICMP code and type terminology fixed

2000-11-9  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Preferences and database are stored in user's home directory now

2000-11-8  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Converting icons to .png using imlib

2000-11-7  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Druid for generating anti-spoofing rules implemented

2000-11-4  Vadim Kurland  <vadim@voyager.crocodile.org>

	* gnome-wrappers added. Dependency on gnome-- eliminated
	* preparations for "anti-spoofing rules" druid
	* main menu generating code streamlined using GnomeUIInfo for all
	  menu items and submenus
	* bugfixes

2000-11-3  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Some new icons


2000-11-1  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Icons can be of two different sizes now: large ones for
	  object dialogs and small ones for policy
	* Preferences code streamlined

2000-10-31  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Main menu code rewritten. I use gnome-- libraries and code
	  for menus and some other things. Getting ready to use "Druid"
	  widget for firewall policy Wizard
	* Got rid of dynamic menu item.  It was ugly from UI standpoint
	* "About" dialog added

2000-10-29  Vadim Kurland  <vadim@voyager.crocodile.org>

	* PortRange object is gone, use TCP and UDP instead
	* IP Object and dialog created

2000-10-27  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Additional icons

2000-10-24  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Preferences dialogs for different firewall platforms have been
	  implemented
	* Preferences for ipchains firewall implemented in both builder 
	  and compiler

2000-10-19  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Interfaces can now be marked as "external" and "internal" via GUI
	  This feature will help implementing NAT on various platforms
	  (such as ipchains, cisco)
	* NAT rules are now properly displayed and can be edited and stored.

2000-10-19  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Bugfixes in PolicyList

2000-10-15  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Bugfixes

2000-10-14  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Bugfixes
	* Now BuiltinDialog may appear with or without buttons "Save" and
	  "Undo" depending on the object definition in fwbuilder_pref.xml
	* "Move rule up" and "Move rule down" implemented

2000-10-12  Vadim Kurland  <vadim@voyager.crocodile.org>

	* completely got rid of direct references to rule descriptors in
	  fwbuilder.xml. Now we recalculate descriptors for policies, rules
	  and rule elements when we need them

2000-10-11  Vadim Kurland  <vadim@voyager.crocodile.org>

	* unnessesary references to rule and rule element descriptors
	  removed from XML representation. Now these descriptors are
	  being calculated when respective objects are built. This makes
	  XML file much cleaner


2000-10-10  Vadim Kurland  <vadim@voyager.crocodile.org>

	* XML paths for all objects and preferences now include 
	  root element (FWObjectDatabase or FWBuilderPreferences). This
	  makes design more systematic and allows for code reuse between
	  builder and compiler.

2000-10-09  Vadim Kurland  <vadim@voyager.crocodile.org>

	* minor changes to rule element descriptors. Adjustments for
	  compiler

2000-10-08  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Descriptors now are part of preferences.

2000-10-08  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Changes in XML storage: now XML nodes are named after
	  respective objects, with object type stored as attribute "_type"
	  This is needed to eliminate confusion between two different ways 
	  to handle object's path in the tree: one way is to compose
	  path from XML nodes names, another way is to use object's names.
	  We will assume path consists of XML nodes names, which are
	  now the same as corresponding objects names.

	  Next big step will be moving subtree "/Descriptors/" from
	  the main tree to Preferences. We already working with descriptors
	  using their path, so it won't be difficult to rewrite relevant
	  pieces of code to use preferences instead.

2000-10-07  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Accomodations for the policy compiler. Paths to compilers 
	  for all supported platforms are now stored in Preferences

	* Class Preferences now keeps data in XML tree instead 
	  of map<string,string>. Preferences should be accessed via
	  Preferences::getOpt method by their XML tree path
	
2000-10-01  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Further code refinement in rule element negation

2000-09-30  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Rule element negation implemented in GUI

2000-09-26  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Code cleanup. XPM icon file names for all object types are 
	now stored in XML file

2000-09-05  Vadim Kurland  <vadim@voyager.crocodile.org>

	* New class:  TypeDescriptor. Objects of this class contain
	descriptive information for various object types used in the system.
	Objects get stored in the static part of XML database under 
	"Descriptors". Verbose description for a given type can be retrieved
	using the following code fragment:

	here s contains type name ("FW") and ss will get description 
	("Firewall") from the type descriptor

	FWObject *typedsc=FWObjectsDatabase::db->get("/Descriptors/Types/"+s);
	ss=typedsc->getStr("description");

	GroupDialog shows allowed group members types using verbose 
	descriptions taken from TypeDescriptor for each type


2000-09-04  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Classes ICMPObject, UDPObject and TCPObject have been adopted for
	storing data in XML

	* Class Group has got a list of types allowed for its children. 
	It is comma separated list of type names stored as string attribute 
	"allowed_types"  and provides for easy search and checks by name. 
	GroupDialog now shows all allowed types in the dialog. Upon creation
 	each group inherits allowed types from its ancestor, although group 
	may have this set trimmed for stricter control

	* New method:  FWObject::getParent(): looks for a parent of given
	object using its path

2000-09-02  Vadim Kurland  <vadim@voyager.crocodile.org>

	* All type comparisons converted to getTypeName(). FWObject::GetType()
	is obsolete now and is scheduled for removal. enum FWObjectType is also
	going to be phased out

	* RuleElementDescriptor now holds list of allowed object type names
	instead of integer with a bitmask of values from enum FWObjectType

	* class FWObjectDialog has been created. This is generic dialog for
	all classes which are not supposed to be visible for regular user.
	ObjectTree shows these objects after pressing magic key "F6", so 
	this dialog can then be used to open and potentially edit objects
	XML attributes.

	* bug fixes in the area of interfaces processing for both hosts and
	firewalls


2000-08-27  Vadim Kurland  <vadim@voyager.crocodile.org>

	* src/FWObjectClipboard.cc: FWObjectClipboard is now derived from	
	FWObjectReference

2000-08-27  Vadim Kurland  <vadim@voyager.crocodile.org>

	* src/fwbuilder.xml: Each Policy, Rule and RuleElement have now an
	attribute pointing to the corresponding descriptor as follows:

	Policy      -> RuleDescriptor        (record RD in xml file)
	Rule        -> RuleDescriptor        (record RD in xml file)
	RuleElement -> RuleElementDescriptor (record RED in xml file)

	This simplified descriptors manipulation significantly and allowed us
	to get rid of bunch of calls to FWObject::get
	
	* src/FWObject.cc (xfind): Method deprecated in favor of FWObject::get
	Code has been cleaned so FWObject::xfind is not used anymore.

2000-08-27  Vadim Kurland  <vadim@voyager.crocodile.org>

	* src/FWObject.cc (xfind): Method deprecated in favor of FWObject::get
	Code has been cleaned so FWObject::xfind is not used anymore.

2000-08-21  Vadim Kurland  <vadim@tahoe.crocodile.org>

        * src/Policy.cc (AppendRuleAfter): Now adding rules above and below
        of the given rule work properly

2000-08-20  Vadim Kurland  <vadim@tahoe.crocodile.org>

        * src/PolicyList.hh: Individual classes for standard policy elements
        have been added. These are:

        PolicyListRuleAction
        PolicyListRuleLog
        PolicyListRuleTarget
        PolicyListRuleComment
        

        * src/fwbuilder.xml: Following classes where converted to the new
        system of tree-like data storage:

        RuleDescriptor (Policy rule descriptor )
        RuleElementDescriptor (rule element descriptor)
        Rule (policy rule)
        RuleElement
        Policy

        data storage and loading for these classes have been implemented 
        and tested.

        This is the fisrt time we can store firewall policy and then load 
        it back!

        
        * src/ObjectTree.cc (on_key_press_event): 
        Secret keys for the left panel:

        press F5 to rebuild the tree 
        press F6 to toggle boolean flag show_all and rebuild the tree. 

        The "show_all" flag, if true, forces tree to show all the elements 
        ignoring their showInTree method

        * src/PolicyListElement.cc: PolicyListElement methods are now in 
        a separate file


2000-08-17  Vadim Kurland  <vadim@tahoe.crocodile.org>

        * src/FWObject.cc (fromXML): added protected method fromXML. I need
        to be able to initalize some fields in FWObjectsDatabase
        before we load data from XML file. Since XML parsing used to happen in
        the FWObject constructor, I could not initialize "path" field for
        the database object before actual XML parsing would happen. Hence
        method fromXML
        (addChild): This is where we keep track of the full path to the object.
        Every time we add object to another object, we take path of the parent,
        add slash "/" and name of the child at the end. The result gets stored
        in the child using setPath method. This way we keep track of the full
        path to every object in the database.  For this algorithm to work, 
        the "root" object - database itself - has to be "seeded" with its path
        name "/Database". That is why we needed fromXML method (see above)


2000-08-17  Vadim Zaliva  <lord@crocodile.org>

	* src/FWObject.hh (FWObject*>): find renamed to xfind to avoid name
	conflict with STL method.
	(FWObject*>): set/get Str/Int using const and reference to pass names.

	* src/FWObjectDatabase.cc (load): 
	* src/FWObject.cc (resolveReferences): 
	resolving references on load

	* src/FWObject.hh: 
	* src/FWObjectReference.hh: 
	* src/FWObjectReference.cc: 
	New tree object - reference to another one

2000-08-16  Vadim Zaliva  <lord@crocodile.org>

	* src/fwbuilder.xml: sample data file

	* src/Group.hh: 
	* src/Group.cc: 
	* src/FWObjectDatabase.cc: 
	* src/FWObjectDatabase.hh: 
	* src/FWObject.cc:
	* src/FWObject.hh:
	* src/HostObject.cc: 
	* src/HostObject.hh: 
	Loading xml files sekeleton.

2000-08-15  Vadim Zaliva  <lord@crocodile.org>

	* src/FWObjectDatabase.hh (class FWObjectsDatabase): removed methods
	which are already present in FWObjects.
	object_db variable removed and replaced with singelton.

2000-08-14  Vadim Zaliva  <lord@crocodile.org>

	* src/FileSel.cc (FileSel): default extension changed to .xml

	* src/FWObjectDatabase.cc (saveAs): database is now saved as root of
	xml tree.

	* src/FWObject.hh: FWObjectType converted to enum. Added value DATABASE.

	* src/FWObject.cc (toXML): saving to XML uses different schema - not nodes
	are object types.

	* src/FWObject.hh (FWObject*>): Find renamed to find() to matching coding
	style.

	* src/FWObject.cc (toXML): saving method added.

	* src/FWObjectDatabase.cc (saveAs): remembering filename we were loading to
	to use it for saving. Saving XML implemented.

2000-07-27  Vadim Zaliva  <lord@crocodile.org>

	* src/Preferences.cc (LoadPrefsFile): loading preferences from XML file.
	(SavePrefsFile): saving preferences in XML.

	* src/Preferences.hh: loadPrefsFile protected method added

	* src/Makefile.in (LIBS): added list of libraries detected by autoconf
	to link flags.

	* src/fwbuilder_prefs.xml: created this file for storing user preferences.

	* configure.in: added check for libxml

2000/4/29 23:51:53 PDT
        policy sheet implemented as CList with multiple lines per one rule

2000/4/30 12:58:07 PDT
        gen_popup_menu (generic popup menu class) implemented

	

2000/11/25 13:35:36 PST
	update files from .glade file

2000/11/25 13:35:53 PST
	update files from .glade file

2000/11/25 13:42:03 PST
	update files from .glade file

2000/11/25 13:42:26 PST
	update files from .glade file

2000/11/25 14:05:22 PST
	update files from .glade file

2000/11/25 14:12:19 PST
	update files from .glade file

2000/11/25 14:17:45 PST
	update files from .glade file

2000/11/25 14:52:01 PST
	update files from .glade file

2000/11/25 14:52:34 PST
	update files from .glade file

2000/11/25 14:53:16 PST
	update files from .glade file

2000/11/25 15:16:48 PST
	update files from .glade file

2000/11/30 0:11:16 PST
	update files from .glade file

2000/12/1 14:01:00 PST
	update files from .glade file

2000/12/3 23:20:01 PST
	update files from .glade file

2000/12/10 10:57:30 PST
	update files from .glade file

2000/12/10 11:41:13 PST
	update files from .glade file

2000/12/10 12:00:42 PST
	update files from .glade file

2000/12/10 12:04:47 PST
	update files from .glade file

2000/12/10 12:14:29 PST
	update files from .glade file

2000/12/10 12:15:55 PST
	update files from .glade file

2000/12/10 12:28:51 PST
	update files from .glade file

2000/12/10 12:29:07 PST
	update files from .glade file

2000/12/10 12:31:22 PST
	update files from .glade file

2000/12/11 22:14:41 PST
	update files from .glade file

2000/12/11 22:39:28 PST
	update files from .glade file

2000/12/11 22:57:08 PST
	update files from .glade file

2000/12/11 23:11:43 PST
	update files from .glade file

2000/12/11 23:52:09 PST
	update files from .glade file

2000/12/11 23:56:01 PST
	update files from .glade file

2000/12/16 1:14:00 PST
	update files from .glade file

2000/12/16 1:15:53 PST
	update files from .glade file

2000/12/16 1:29:13 PST
	update files from .glade file

2000/12/16 1:33:19 PST
	update files from .glade file

2000/12/16 2:04:55 PST
	update files from .glade file

2000/12/16 13:26:53 PST
	update files from .glade file

2000/12/16 13:35:44 PST
	update files from .glade file

2000/12/16 14:25:45 PST
	update files from .glade file

2000/12/16 21:35:07 PST
	update files from .glade file

2000/12/21 22:55:28 PST
	update files from .glade file

2000/12/21 23:45:51 PST
	update files from .glade file
