                         Firewall Builder Release Notes

Version 2.1.15

   Released 12/10/2007
   GUI and compilers v2.1.15 require API library libfwbuilder version 2.1.15

Summary

   This is another bugfix release. Several problems with policy installer
   running in batch mode have been fixed, also this release resolves
   compatibility issues with Windows Vista and Mac OS X Leopard.

   For those who wish to build from source, instructions are outlined in the
   document "Install and Build instructions" on our web site here

   The GUI code is in the freeze for QT4 conversion. I will fix bugs in
   policy compilers but will try to avoid changes in the GUI. New GUI based
   on QT4 will be released next spring when KDE4 is included in all major
   Linux distributions and FreeBSD. There will be one more bugfix release for
   v2.1 if necessary.

Improvements and bug fixes in the GUI

     * fixed bug #1811781: "Batch Install". Built-in installer used address
       of the first firewall of the batch to communicate with all firewalls
       in the "batch install" mode.
     * fixed bug #1826558: "OSX 10.5 font problem". This problem appeared
       only in Mac OS X Leoprard (10.5) build, other platforms were
       unaffected.
     * Starting with build 320 Windows packages install on Vista
     * Added Brazilian Portuguese translation by Jose Carlos Medeiros
       <jose@psabs.com.br>
     * fixed bug #1821576: "Rule option tracking gives inavlid config with
       default value". Compiler should skip max-src-nodes when it is set to
       default '0' in the GUI.

Improvements and bug fixes in the policy importer for iptables

     * fixed bug #1812295: "Can't use runtime address tables AND
       iptabels-restore". Script generated by fwb_ipt used "here document" if
       the option "use iptables-restore to activate policy" was turned on.
       This did not work in case policy used any tun-time address table
       objects. Now generated script always uses "echo" to generate iptables
       commands that it sends to th standard input of iptables-restore.

Improvements and bug fixes in the policy importer for ipfilter

     * applied patch by <Cy.Schubert@komquats.com> to add support for
       Kerberos rcmd and Kerberos ekshell proxies in ipfilter NAT rules.

Improvements and bug fixes in the policy importer for pf

     * fixed bug #1800875 "'keep state' missing from pass out going traffic
       rule". Compilers for pf, ipf and ipfw were affected.
