                         Firewall Builder Release Notes

Version 2.1.14

   Released 09/10/2007
   GUI and compilers v2.1.14 require API library libfwbuilder version 2.1.14

Summary

   This is another bugfix release, it comes with numerous improvements in the
   iptables policy importer and fixes for gcc 4.2 and 4.3

   For those who wish to build from source, instructions are outlined in the
   document "Install and Build instructions" on our web site here

Improvements and bug fixes in libfwbuilder library

     * fixed bug #1761373: "libfwbuilder doesn't build on Mandriva cooker".
       Applied fixes to make the code compile with gcc 4.2

Improvements and bug fixes in the policy importer for iptables

     * fixed bug #1764988: "iptables import -> GUI crash":

          * iptables policy importer recognizes and parses target RETURN
          * iptables policy importer recognizes and parses TCP flag
            parameters ALL and NONE
          * syntax for TCP flag matching in iptables-save should allow for
            more than 2 flags in 'comp' part

     * fixed bug (no num): iptables policy importer should properly parse
       numeric protocol specification (e.g. "-p 47").
     * added missing supprot for "--log-tcp-sequence", "--log-tcp-options"
       and "--log-ip-options" options for target LOG to iptables policy
       importer
     * added a workaround for a situation when several iptables commands pass
       control to the same user-define chain in the iptables-save file. As of
       fwbuilder v2.1, branch ruleset is a child object of PolicyRule. This
       means two different rules can not point at the same branch ruleset.
       This is unfortunate but it is hard to fix in the current version
       because it requires changes XML DTD and API. Will do this in 3.0.
       Meanwhile, checking if branch ruleset with requested name already
       exists and change the name by adding suffix '1', '2' etc to make it
       different. Imported rule is marked as 'bad' (red background) and gets
       a comment explaining this.
     * fixed bug (no num): importer for iptables should properly assign rule
       options when it finds "-m limit" and "--limit" options in the input
       file.

Improvements and bug fixes in the GUI

     * configure.in: another patch by Carlos Silva <r3pek@r3pek.org> to add
       third parameter to AC_DEFINE_UNQUOTED
     * fixed bug reported in Debian Bug report #417685 - added missing
       #include to make code compile with gcc 4.3
     * applied patch by Carlos Silva <r3pek@r3pek.org> to make configure.in
       use ANTLR C++ run-time installed on the system if it can find one;
       otherwise it uses copy in src/antlr
     * fixed bug #1772722: "installer should recognize when it uses plink
       0.60". We detect when installer uses plink on Windows by checking the
       name of the configured ssh client. The check should be
       case-insensitive.
     * fixed bug #1764971: "allowed value range for burst limit". Iptables
       "--limit-burst" option should not be limited in the GUI.
