Commit b77d7ddf authored by Sylvestre Ledru's avatar Sylvestre Ledru

New upstream version 5.3.7

parent 795af12c
......@@ -34,12 +34,14 @@ qtdbus_test
fwbedit
qrc_MainRes.cpp
fwb_iosacl
fwb_nxosacl
fwb_ipf
fwb_ipfw
fwb_ipt
fwb_pf
fwb_pix
fwb_procurve_acl
fwb_junosacl
transfer_secuwall
.configure_marker
.build_marker
......@@ -50,4 +52,8 @@ src/unit_tests/generatedScriptTests*/generatedScriptTests*
src/unit_tests/generatedScriptTestsSecuwall/ref.*
src/unit_tests/generatedScriptTestsSecuwall/secuwall-1/
src/unit_tests/generatedScriptTestsSecuwall/secuwall-2/
*.pro.user
src/libfwbuilder/etc/fwbuilder.dtd
src/res/objects_init.xml
src/res/templates.xml
VERSION.h
sudo: required
dist: trusty
language: c++
addons:
apt:
packages:
- build-essential
- autoconf
- libxml2-dev
- libxslt1-dev
- qt5-default
- libsnmp-dev
env:
global:
- MAKEJOBS=-j3
- CXXFLAGS="-Wall -Werror -Qunused-arguments"
matrix:
include:
- os: linux
compiler: clang
env: QMAKESPEC=linux-clang
- os: linux
compiler: gcc
- os: osx
compiler: clang
install:
- if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew install qt5 && brew link --force qt5 ; fi
before_script:
- if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then ./autogen.sh ; fi
script:
- if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then make $MAKEJOBS; fi
- if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then sh build_mac.sh ; fi
[![Build Status](https://travis-ci.org/fwbuilder/fwbuilder.svg?branch=master)](https://travis-ci.org/fwbuilder/fwbuilder)
fwbuilder
=========
Firewall Builder is a GUI firewall management application for iptables, PF, Cisco ASA/PIX/FWSM, Cisco router ACL and more. Firewall configuration data is stored in a central file that can scale to hundreds of firewalls managed from a single UI.
#-*- mode: shell-script; tab-width: 4; -*-
FWB_MAJOR_VERSION=5
FWB_MINOR_VERSION=1
FWB_MICRO_VERSION=0
# Data format version
FWBUILDER_XML_VERSION=24
# build number is like "nano" version number. I am incrementing build
# number during development cycle
#
BUILD_NUM="3599"
# Static version number
FWB_MAJOR_VERSION=5
FWB_MINOR_VERSION=3
FWB_MICRO_VERSION=7
FWB_QUALIFIER_VERSION=
VERSION="$FWB_MAJOR_VERSION.$FWB_MINOR_VERSION.$FWB_MICRO_VERSION.$BUILD_NUM"
VERSION="$FWB_MAJOR_VERSION.$FWB_MINOR_VERSION.$FWB_MICRO_VERSION"
if [ -n "${FWB_QUALIFIER_VERSION}" ]; then
VERSION="$VERSION-$FWB_QUALIFIER_VERSION"
fi
GENERATION="$FWB_MAJOR_VERSION.$FWB_MINOR_VERSION"
# Data format version
FWBUILDER_XML_VERSION=22
# Git may generate version info for us
# May be overridden by setting NO_GIT_VER environment variable
if [ ! -n "${NO_GIT_VER}" ]; then
GIT_DIRTY_FLAG="--dirty"
if [ -n "${NO_GIT_DIRTY}" ]; then
GIT_DIRTY_FLAG=""
fi
GIT_VERSION=`git describe --tags ${GIT_DIRTY_FLAG} --always`
if [ -n "${GIT_VERSION}" ]; then
VERSION=${GIT_VERSION#v}
GENERATION=${VERSION%.*}
fi
fi
#define VERSION "5.1.0.3599"
#define GENERATION "5.1"
#!/bin/bash
export QMAKE_MAC_SDK="macosx"
export QMAKESPEC="macx-clang"
export QMAKE_MACOSX_DEPLOYMENT_TARGET=10.9
./autogen.sh
echo "==> Compiling"
export JOBS=$(sysctl -n hw.ncpu | awk '{ print $1 + 1 }')
make -j${JOBS}
APP_VERSION=$(cat VERSION.h | grep VERSION | awk '{ print $3 }' | tr -d '"')
QT_VERSION_MAJOR=$(qmake -version | awk '/Using Qt version/ { ver=4; print $ver }' | awk -F. '{ major=1; print $major }')
FWBUILDER_ROOT_DIR=$(pwd)
TMP_BUNDLE_DIR=$(ls -d ${FWBUILDER_ROOT_DIR}/src/gui/*.app)
test -z "$TMP_BUNDLE_DIR" && {
echo "Cannot find GUI bundle. My best guess was in ${FWBUILDER_ROOT_DIR}/src/gui/"
exit 1
}
TMP_BUNDLE=$(basename $TMP_BUNDLE_DIR)
rm -rf $TMP_BUNDLE
echo "==> Copying base bundle"
cp -R ${FWBUILDER_ROOT_DIR}/src/gui/$TMP_BUNDLE .
echo "==> Copying resources and libraries into bundle"
mkdir -p ${TMP_BUNDLE}/Contents/Resources/os
mkdir -p ${TMP_BUNDLE}/Contents/Resources/platform
mkdir -p ${TMP_BUNDLE}/Contents/Resources/help
mkdir -p ${TMP_BUNDLE}/Contents/Resources/configlets
mkdir -p ${TMP_BUNDLE}/Contents/Resources/migration
cp -R ${FWBUILDER_ROOT_DIR}/src/res/{*.xml,os,platform,help,configlets} ${TMP_BUNDLE}/Contents/Resources/
cp ${FWBUILDER_ROOT_DIR}/src/libfwbuilder/etc/fwbuilder.dtd ${TMP_BUNDLE}/Contents/Resources/
cp ${FWBUILDER_ROOT_DIR}/src/libfwbuilder/migration/*.xslt ${TMP_BUNDLE}/Contents/Resources/migration/
echo "==> Copying binaries into bundle"
cp ${FWBUILDER_ROOT_DIR}/src/fwbedit/fwbedit.app/Contents/MacOS/fwbedit ${TMP_BUNDLE}/Contents/MacOS/
for binary in ipt pf ipf ipfw iosacl nxosacl pix procurve_acl junosacl
do
cp ${FWBUILDER_ROOT_DIR}/src/$binary/fwb_$binary.app/Contents/MacOS/fwb_$binary ${TMP_BUNDLE}/Contents/MacOS/
done
BIN=${TMP_BUNDLE}/Contents/MacOS
chmod +x ${BIN}/fwb*
echo "==> Stripping binaries"
strip ${BIN}/*
echo "==> Running macdeployqt"
macdeployqt ${TMP_BUNDLE} -executable=${BIN}/fwbedit -executable=${BIN}/fwb_ipt -executable=${BIN}/fwb_pf -executable=${BIN}/fwb_ipf -executable=${BIN}/fwb_ipfw -executable=${BIN}/fwb_iosacl -executable=${BIN}/fwb_nxosacl -executable=${BIN}/fwb_pix -executable=${BIN}/fwb_procurve_acl -executable=${BIN}/fwb_junosacl
echo "==> Done"
echo "# open ${TMP_BUNDLE}/"
#!/bin/bash
JOBS=$(nproc --all)
export PATH=/usr/lib/mxe/usr/bin:$PATH
export TOOLCHAIN_PREFIX=/usr/lib/mxe/usr/i686-w64-mingw32.shared
./autogen.sh \
--with-xml2-config=/usr/lib/mxe/usr/i686-w64-mingw32.shared/bin/xml2-config \
--with-xslt-config=/usr/lib/mxe/usr/i686-w64-mingw32.shared/bin/xslt-config \
--with-qtdir=/usr/lib/mxe/usr/i686-w64-mingw32.shared/qt5 \
--host=i686-w64-mingw32.shared
make -j${JOBS}
makensis -nocd packaging/fwbuilder.nsi
......@@ -57,7 +57,7 @@ if test -n "$with_qtdir"; then
fi
# TODO: do we need to add $QTDIR/bin to PATH to find qmake?
EXTENDED_PATH="/usr/local/bin:$PATH"
EXTENDED_PATH="/usr/local/bin:$QTDIR/bin/:$PATH"
AC_ARG_WITH(qmake, [ --with-qmake=qmake Specify the qmake to be used (debian qmake-qt4) ])
if test -n "$with_qmake"; then
......@@ -79,7 +79,8 @@ AC_MSG_CHECKING(checking version of QT this qmake is part of)
qmake_version=`$QMAKE -v 2>&1 | awk '/Using Qt version/ { print $4;}'`
case $qmake_version in
4.*) AC_MSG_RESULT( $qmake_version ) ;;
*) AC_MSG_ERROR( "$qmake_version -- v4.x is required") ;;
5.*) AC_MSG_RESULT( $qmake_version ) ;;
*) AC_MSG_ERROR( "$qmake_version -- v4.x or v5.x is required") ;;
esac
......@@ -242,10 +243,13 @@ ACX_PTHREAD([
AC_MSG_ERROR([POSIX threads library not present or not configured])
])
dnl check for XML library
AC_PATH_PROG(XML2_CONFIG, xml2-config, ,[$EXTENDED_PATH])
dnl check for XML library
AC_ARG_WITH(xml2-config,
[ --with-xml2-config=xml2-config Specify the xml2-config to be used],
[ XML2_CONFIG=$with_xml2_config ],
[ AC_PATH_PROG(XML2_CONFIG, xml2-config, ,[$EXTENDED_PATH]) ])
if test x$XML2_CONFIG = x ; then
AC_MSG_ERROR([libxml2 not present or not configured])
else
......@@ -263,8 +267,10 @@ LIBS=${SAVE_LIBS}
dnl check for XSLT library
AC_PATH_PROG(XSLT_CONFIG, xslt-config, ,[$EXTENDED_PATH])
AC_ARG_WITH(xslt-config,
[ --with-xslt-config=xslt-config Specify the xslt-config to be used],
[ XSLT_CONFIG=$with_xslt_config ],
[ AC_PATH_PROG(XSLT_CONFIG, xslt-config, ,[$EXTENDED_PATH]) ])
if test x$XSLT_CONFIG = x ; then
AC_MSG_ERROR([libxslt not present or not configured])
else
......
This diff is collapsed.
# Defaults for fwbuilder initscript
# Master system-wide fwbuilder switch. The initscript
# will not run if it is not set to yes.
START_FWBUILDER=yes
# Directory to look for the fwbuilder generated script
FWBSCRIPT_DIR=/etc/fwbuilder
#! /bin/sh
#
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
NAME=fwbuilder
DESC="Firewall Builder"
DEFAULT=/etc/default/fwbuilder
IPTABLES=/sbin/iptables
test -f $DEFAULT || exit 0
grep -s -q 'START_FWBUILDER=yes' $DEFAULT || exit 0
SCRIPT_DIR=$(grep -s "^[[:space:]]*FWBSCRIPT_DIR" $DEFAULT | cut -d "=" -f 2)
SCRIPT="$SCRIPT_DIR/$(hostname -s).fw"
stopfw() {
#Set accept for default tables
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
#Flush tables
$IPTABLES -F
$IPTABLES -F -t nat
$IPTABLES -F -t mangle
$IPTABLES -X
$IPTABLES -X -t nat
$IPTABLES -X -t mangle
}
test -x $SCRIPT || exit 0
test -x $IPTABLES || exit 0
set -e
case "$1" in
start)
echo -n "Starting $DESC: "
$SCRIPT 2>/dev/null
echo "$NAME."
;;
stop)
echo -n "Stopping $DESC: "
stopfw
echo "$NAME."
;;
restart|force-reload|reload)
#
# Firewall Builder generated script flushes tables prior
# to setting up new tables so safe to just re-execute
#
echo -n "Restarting $DESC: "
$SCRIPT 2>/dev/null
echo "$NAME."
;;
listfilter)
$IPTABLES -L -n -v
;;
listnat)
$IPTABLES -t nat -L -n -v
;;
listmangle)
$IPTABLES -t mangle -L -n -v
;;
*)
N=/etc/init.d/$NAME
echo "Usage: $N {start|stop|restart|reload|force-reload|listfilter|listnat|listmangle}" >&2
exit 1
;;
esac
exit 0
Source: fwbuilder
Section: net
Priority: optional
Maintainer: Morten Knutsen <morten.knutsen@uninett.no>
Build-Depends: debhelper (>= 5), cdbs, autotools-dev, zlib1g-dev,
libqt4-dev, libxml2-dev, libxslt1-dev, libssl-dev, libsnmp-dev, qt4-dev-tools,
autoconf, automake, libtool
Standards-Version: 3.9.3
Homepage: http://www.fwbuilder.org/
Vcs-Svn: https://bollin.googlecode.com/svn/fwbuilder/trunk
Vcs-Browser: http://bollin.googlecode.com/svn/fwbuilder/trunk
Package: fwbuilder
Architecture: any
Provides: fwbuilder-frontend
Depends: ${shlibs:Depends}, ${misc:Depends},
fwbuilder-common (= ${source:Version})
Replaces: fwbuilder-linux, fwbuilder-cisco, fwbuilder-bsd, fwbuilder-backend,
libfwbuilder9
Recommends: fwbuilder-doc
Description: Firewall administration tool GUI
Firewall Builder consists of an object-oriented GUI and a set of policy
compilers for various firewall platforms. In Firewall Builder, firewall
policy is a set of rules, each rule consists of abstract objects which
represent real network objects and services (hosts, routers, firewalls,
networks, protocols). Firewall Builder helps the user maintain a database
of objects and allows policy editing using simple drag-and-drop operations.
.
This is the GUI part of fwbuilder
Package: fwbuilder-common
Depends: ${misc:Depends}
Architecture: all
Description: Firewall administration tool GUI (common files)
Firewall Builder consists of an object-oriented GUI and a set of policy
compilers for various firewall platforms. In Firewall Builder, firewall
policy is a set of rules, each rule consists of abstract objects which
represent real network objects and services (hosts, routers, firewalls,
networks, protocols). Firewall Builder helps the user maintain a database
of objects and allows policy editing using simple drag-and-drop operations.
.
This is the arch independent common parts of fwbuilder
Package: fwbuilder-doc
Depends: ${misc:Depends}
Section: doc
Architecture: all
Description: Firewall administration tool GUI documentation
Firewall Builder consists of an object-oriented GUI and a set of policy
compilers for various firewall platforms. In Firewall Builder, firewall
policy is a set of rules, each rule consists of abstract objects which
represent real network objects and services (hosts, routers, firewalls,
networks, protocols). Firewall Builder helps the user maintain a database
of objects and allows policy editing using simple drag-and-drop operations.
.
This is the documentation of fwbuilder
Package: fwbuilder-dbg
Section: debug
Priority: extra
Architecture: any
Depends: fwbuilder (= ${binary:Version}), ${misc:Depends}
Description: Firewall administration tool GUI (debugging symbols)
Firewall Builder consists of an object-oriented GUI and a set of policy
compilers for various firewall platforms. In Firewall Builder, firewall
policy is a set of rules, each rule consists of abstract objects which
represent real network objects and services (hosts, routers, firewalls,
networks, protocols). Firewall Builder helps the user maintain a database
of objects and allows policy editing using simple drag-and-drop operations.
.
This package ships the debugging symbols of fwbuilder.
This package was debianized by Jeremy T. Bouse <jbouse@debian.org> on
Fri, 26 Jan 2001 14:26:21 -0500.
It was downloaded from ftp://fwbuilder.sourceforge.net/pub/fwbuilder/
Copyright: Copyright (C) 2001-2008 NetCitadel, LLC
It may be redistributed under the terms of the GNU GPL, Version 2 or
later, found on Debian systems in the file /usr/share/common-licenses/GPL-2.
debian/contrib/fwbuilder.default
debian/contrib/fwbuilder.init.d
debian/tmp/usr/share/fwbuilder-*/platform/*
debian/tmp/usr/share/fwbuilder-*/os/*
debian/tmp/usr/share/fwbuilder-*/resources.xml
debian/tmp/usr/share/fwbuilder-*/objects_init.xml
debian/tmp/usr/share/fwbuilder-*/templates.xml
debian/tmp/usr/share/fwbuilder-*/fwbuilder.dtd
debian/tmp/usr/share/fwbuilder-*/configlets/*
debian/tmp/usr/share/fwbuilder-*/migration/*
debian/tmp/usr/share/doc/fwbuilder*/ReleaseNotes*.html
debian/tmp/usr/share/doc/fwbuilder*/ReleaseNotes*.txt
debian/tmp/usr/share/doc/fwbuilder*/README.*
debian/tmp/usr/share/doc/fwbuilder*/AUTHORS
debian/tmp/usr/share/doc/fwbuilder*/Credits
debian/tmp/usr/share/doc/fwbuilder*/PatchAcceptancePolicy.txt
debian/tmp/usr/share/fwbuilder-*/help/
\ No newline at end of file
This version of fwbuilder includes a template init.d script to start
your firewall script that is generated and the default file. In order to
use these you will need to install them on your firewall machine. These
do not need to be installed on your build machine unless it also doubles
as your firewall. The are included as part of the fwbuilder-common
package and are located in /usr/share/doc/fwbuilder-common/examples/.
The default file (examples/fwbuilder.default) should be installed as
/etc/default/fwbuilder and the init.d script (examples/fwbuilder.init.d)
as /etc/init.d/fwbuilder. Then copy your .fw script to /etc/fwbuilder as
`hostname -s`.fw.
You can use
update-rc.d fwbuilder start 41 S . stop 89 0 6 .
to install the init.d script to start on boot-up or modify to suit your
systems boot-up sequence.
This is a maintainer built script, and therefore not supported by the
upstream authors of fwbuilder. Please report any problems to the package
maintainer via the Debian BTS.
The fwbuilder.init.d script patched by submission provided to me by
Robert Lindgren <robert@orcafat.com> to provide means of flushing rules
as well as listing active rules.
[Desktop Entry]
# This is the spec version, *not* the application version
Version=1.0
Type=Application
Name=Firewall Builder
GenericName=Firewall administration tool
Comment=Firewall administration tool GUI
Icon=/usr/share/pixmaps/fwbuilder/firewall_64.xpm
Exec=fwbuilder
Terminal=false
Categories=Network
debian/tmp/usr/bin/fwbuilder
debian/tmp/usr/bin/fwbedit
debian/tmp/usr/bin/fwb_ipf
debian/tmp/usr/bin/fwb_ipfw
debian/tmp/usr/bin/fwb_pf
debian/tmp/usr/bin/fwb_ipt
debian/tmp/usr/bin/fwb_iosacl
debian/tmp/usr/bin/fwb_nxosacl
debian/tmp/usr/bin/fwb_pix
debian/tmp/usr/bin/fwb_procurve_acl
debian/tmp/usr/bin/fwb_junosacl
src/libgui/Icons/firewall_64.xpm /usr/share/pixmaps/fwbuilder/
debian/fwbuilder.desktop /usr/share/applications/
src/tools/fwb_compile_all /usr/bin/
debian/tmp/usr/share/man/man1/fwbuilder.1
debian/tmp/usr/share/man/man1/fwbedit.1
doc/fwb_compile_all.1
debian/tmp/usr/share/man/man1/fwb_ipf.1
debian/tmp/usr/share/man/man1/fwb_ipfw.1
debian/tmp/usr/share/man/man1/fwb_pf.1
debian/tmp/usr/share/man/man1/fwb_iosacl.1
debian/tmp/usr/share/man/man1/fwb_pix.1
debian/tmp/usr/share/man/man1/fwb_ipt.1
?package(fwbuilder):needs="X11" section="Applications/System/Security/" \
title="Firewall Builder" command="/usr/bin/fwbuilder"
#!/usr/bin/make -f
include /usr/share/cdbs/1/rules/debhelper.mk
include /usr/share/cdbs/1/class/autotools.mk
DEB_CONFIGURE_SCRIPT := ./autogen.sh
DEB_CONFIGURE_USER_FLAGS := --with-qmake=qmake-qt4
DEB_MAKE_INSTALL_TARGET := install INSTALL_ROOT=`pwd`/debian/tmp
DEB_INSTALL_CHANGELOGS_ALL := doc/ChangeLog
......@@ -7,7 +7,13 @@ Vadim Zaliva <lord@crocodile.org> libfwbuilder API design;
XML data storage implementation;
implementation of printing
UNINETT AS, Sirius Bakke <sirius.bakke@uninett.no>
Search for objects by port number or ip address
Graphical diff viewer
Diff on generated output, autocompiling firewall when loading file
Support for Cisco NXOS Access lists
Support for dummy objects in rules
Port to Qt5
New buildscript and instructions for OSX
Added build instructions for Windows
<
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
......@@ -15,7 +15,7 @@ software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Library General Public License instead.) You can apply it to
the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
......@@ -55,8 +55,8 @@ patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
......@@ -110,7 +110,7 @@ above, provided that you also meet all of these conditions:
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
......@@ -168,7 +168,7 @@ access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
......@@ -225,7 +225,7 @@ impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
......@@ -255,7 +255,7 @@ make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.