2002-09-08  Vadim Kurland  <vadim@vk.crocodile.org>

	* minor code cleanup. Changes to configure and Makefiles to
	support compile and linking with STLport
	
        * Makefile.in (INSTALL_STRIP): controlling build options via
        env. var FWB_BUILD_OPTIONS. Currently provides control for "-g"
        compiler/linker option and "-s" installer option.

2002-09-07  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_pf.cc (processNext): correctly process situations
	where address object is used in NAT rule and this address belongs
	not the firewall but to the host with the same address.
	
2002-09-06  Vadim Kurland  <vadim@vk.crocodile.org>

	* FilterDialog.cc (FilterDialog): using simple text entry field
	for address in FilterDialog. Fixed bugs in filter in Discovery Druid.

2002-09-04  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_ipf_writers.cc (processNext): using correct syntax
	for "port = NN" in DNAT rule with OSrv!=any

	* NATCompiler_ipf_writers.cc (printRule::_printAddr_R): properly
	printing /32 netmask for dynamic interface in "map" rule

	* OptionsDlg.cc (on_path_browse_clicked): activated button
	"Browse" in options dialog

	* popup menus in PolicyListElement are now translateable
	
2002-09-03  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_ipf_writers.cc (PrintRule): fixed bug #601069:
	implemented support for "from"/"to" in rdr rules for ipfilter

	* NATCompiler_pf.cc (processNext): fixed problem mentioned in bug
	#601069: fwb_ipf can't compile DNAT rule with ODst any.

	* NATCompiler_pf.cc (AssignInterface): properly picking up
	interface if address object is used in the policy, even if
	interface has dynamic address

	* IPv4Dialog.cc (on_dns_clicked): added "DNS Lookup" button to the
	address dialog

2002-08-31  Vadim Kurland  <vadim@vk.crocodile.org>

	* fwbuilder.cc: class Resources moved from fwbuilder to
	libfwbuilder

	* ListOfIcons.cc (addObject): user-defined groups now use special
	icons to show that they hold references to objects and not objects
	themselves.

2002-08-30  Vadim Kurland  <vadim@vk.crocodile.org>

	* added bunch of standard objects to objects_init.xml

2002-08-29  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_ipt.cc (doOSrcNegation, doODstNegation): fixed bug#
	599650: missing protocol option ("-p") in SNAT/DNAT/REDIRECT rules
	with translated port specification

	* configure.in: better #include for detection of nanosleep 

2002-08-28  Vadim Kurland  <vadim@vk.crocodile.org>

	* fwbuilder.cc (main ): moved initialization
	libfwbuilder::init_dns futher down, so that it can show
	MessageDialog::Error if there was a problem initializing lwres
	(init_dns throws exception if lwres does not work)

	* Set Copyright to NetCitadel, LLC

2002-08-27  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_ipt.cc (VerifyRule2): two additional sanity checks
	for iptables. This can possibly address bug #599650

2002-08-26  Vadim Kurland  <vadim@vk.crocodile.org>

	* ObjectTree.cc (get_tree_label): using interface labels to
	label objects in the tree

	* DialogPlugin.hh (readDefaults): added virtual method to set
	default values to platform or OS parameters.

	* OSConfigurator_linux24.cc (addVirtualAddressForNAT): better code
	for "ip addr add" and "ip addr flush" commands, suggested by
	Jeremy

2002-08-25  Vadim Kurland  <vadim@vk.crocodile.org>

	* OSData.hh: using full absolute path for command line tools in
	generated firewall scripts for all platforms, e.g. "/sbin/iptables",
	"/sbin/ip" etc.). Added GUI controls so	that user can now edit
	path if tools are in non-standard place.

2002-08-24  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt_writers.cc (_printTimeInterval): fixed bug
	#599454: module 'time' requires specification of all three
	parameters: --timestart, --timestop and --days

	* OSConfigurator_linux24.cc (addVirtualAddressForNAT): fixed bug
	#597296: added netmask and broadcast specification to "ip addr add"
	command generated by fwb_ipt

	* NATCompiler_ipt.cc (splitNONATRule): in case of NONAT, when the
	chain is OUTPUT, set OSrc to any.

	* merged branch virt_iface : suport for virtual interfaces
	
2002-08-22  Vadim Kurland  <vadim@vk.crocodile.org>

	* InterfaceDialog.cc (wrk2dlg): Security level moved to the tab
	"General" in InterfaceDialog. Also added checkbox "This is the
	management interface".

	* FWObjectDatabaseGUI.cc (newInterfacesViaSNMP): new interfaces,
	obtained via SNMP query, are merged with existing
	ones. Pre-exsiting interfaces that do not exist in the list
	obtained via snmp are deleted.

	* configure.in: now initializing automake in configure.in

2002-08-21  Vadim Kurland  <vadim@vk.crocodile.org>

	* NewHostDruidP20Dialog.cc (NewHostDruidP20Dialog): added classes
	for "NewFirewall druid

2002-08-20  Vadim Kurland  <vadim@vk.crocodile.org>

	* NewHostDruid.hh: NewHostDruid is called when user adds new Host
	object. This Druid provides GUI controls for initial host
	configuration and adds interfaces.

	* InterfaceListWidget.cc (addInterface): fixed bug #597285
	(GUI crash opening tab "Interfaces" in firewall dialog)

2002-08-19  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyListElement.cc (create_popup_menu): using new class
	popupMenu.  Working on improving GUI stability.

	* PolicyCompiler_ipt_writers.cc (processNext): fixed problem #1 in
	bug #597418 (missing space after MAC address in the rule)

2002-08-18  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt_writers.cc (_printSrcService): fixed bugs
	#596983 and #603470: multiport requires options --source-ports and
	--destination-ports (and does not recognize "--destination-port"
	and "--source-port" anymore) starting from iptables v1.2.6 and
	newer
	* PolicyCompiler_ipt_writers.cc (_printLogParameters): more
	complete support for ULOG

2002-08-17  Vadim Kurland  <vadim@vk.crocodile.org>

	* RuleOptionsDialog.cc (run): implemented Feature req. #514507:
	ability to change logging level in rule options

	* PolicyCompiler_ipt.cc (Logging1): implemented "log all"
	global logging option per Feature req. #481670

	* PolicyCompiler_ipt_writers.cc (_printTarget): implemented support
	for ULOG target. Feature req. #591486

	* PolicyCompiler_ipt.cc (singleSrcNegation): optimized processing
	of negation in Src, Dst and Srv for the case where rule element
	holds single object

	* PolicyCompiler_ipt.cc (prepareForMultiport): fixed bug #596430:
	compiler ignored more than one custom object used in the
	ServiceGroup or together in one rule element

	* PolicyCompiler_ipt.cc (addPredefinedRules): this rule processor
	adds some predefined rules on top of the policy. This fixes old
	bug #580937

2002-08-16  Vadim Kurland  <vadim@vk.crocodile.org>

	* OSConfigurator_linux24.cc (addVirtualAddressForNAT): fixed bug
	#596349: wrong netmask in virtual addresses added by compiler

	* ipt.cc (main): fixed bug #594093: wrong TZ name in the generated
	script

	* PolicyCompiler_ipt_writers.cc (_printTarget): fixed bug #596255:
	log-prefix missing in rules with 'limit' option

	* ObjectQuickView.cc (fillObjectQuickViewText): showing pop-up
	object tooltips for objects Interface and IPv4

	* OSConfigurator_freebsd.cc (addVirtualAddressForNAT): 
	* OSConfigurator_openbsd.cc (addVirtualAddressForNAT): 
	* OSConfigurator_solaris.cc (addVirtualAddressForNAT): scanning
	IPv4 objects on interfaces while looking for the one to add
	virtual address on

	* OSConfigurator_linux24.cc (addVirtualAddressForNAT): scanning 
	virtual interfaces and adding new virtual address with appropriate
	netmask

2002-08-14  Vadim Kurland  <vadim@vk.crocodile.org>

	* Makefile.in (USE_INCLUDED_LIBINTL): using proper variables for
	gettext support

	* configure.in: using both <time.h> and <sys/time.h> while detecting
	library for nanosleep

2002-08-12  Vadim Kurland  <vadim@vk.crocodile.org>

	* BuiltinDialog.cc (SaveData): change object label in the tree
	only of its name has changed. It used to behave like this, but by
	some reason code was changed.

	* main_window2.cc (insertCopy): duplicate, copy and paste now
	work for interfaces and addresses

2002-08-11  Vadim Kurland  <vadim@vk.crocodile.org>

	* main_window_menu.cc (build_menu): menu items to add interface
	and ipv4

	* IPv4Dialog.hh (class IPv4Dialog): dialog for IPv4 object

	* ObjectTree.cc (insertSubtree): tree autosorting

2002-08-10  Vadim Kurland  <vadim@vk.crocodile.org>

	* InterfacePolicyDialog.hh (class InterfacePolicyDialog): showing
	Interface policy in a dialog

	* InterfaceDialog.hh (class InterfaceDialog): made interfaces
	appear int he tree and InterfaceDialog appear in the right panel

2002-08-09  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyList.cc (appendRuleAfter): fixed bug #592396: GUI behaved
	erratically if menu item "add rule after current" was used on the
	empty policy

	* PolicyListElement.cc (popup_menu): fixed bug #593234: running in
	German locale causes "help me build policy" Druid to produce
	incorrect rules (XML attribute "direction" translated)

	* post-glade.pl: added code to get rid of translation for empty
	strings (changes _("") to N_("") ) in fles produced by glade--
	
2002-08-08  Vadim Kurland  <vadim@vk.crocodile.org>

	* DialogPlugin.cc: adjusted for glade-- 1.1.1b

2002-08-07  Vadim Kurland  <vadim@vk.crocodile.org>

	* FWObjectDatabaseGUI.cc (load): showing error dialog if user is
	trying to load file with objects using unsupported firewall
	platforms or host OS

	* Resources.hh (class Resources): made methods that deal with
	target platform name throw exception if support for given target 
	is not available

2002-08-06  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.hh: finished work on bug #591316 (corrections
	for g++ 2.95.3 used on Suse)

2002-08-05  Vadim Kurland  <vadim@vk.crocodile.org>

	* fixed bug #589772: added internationalization support in policy
	compilers
	
	* ipf.cc (main): Added internationalization support in policy
	compiler for ipfilter

	* pf.cc (main): Added internationalization support in policy
	compiler for pf

	* ipt.cc (main): Added internationalization support in policy
	compiler for iptables

	* PolicyCompiler_ipt.cc (processNext): do not repeat service in
	the iptables command with action in rules with logging
	
	* PolicyCompiler_ipt.cc (splitServicesIfRejectWithTCPReset):
	correctly processing case with action_on_reject set in a global
	options
	
2002-08-04  Vadim Kurland  <vadim@vk.crocodile.org>

	* ipt.cc (main): fixed bug #590691: logger assumed to be in
	/usr/bin

	* PolicyCompiler_ipt.cc (splitServicesIfRejectWithTCPReset): fixed
	bug #590690: incorrect processing of action_on_reject "TCP RST" in
	combination with logging.

2002-08-02  Vadim Kurland  <vadim@vk.crocodile.org>

	* main_window2.cc (insertToSystemGroup): fixed bug #590029: When
	duplicating a firewall the new fw has no platform
	("Unknown/Unknown") even if the original firewall had one.

	* PolicyList.cc (buildTitles): fixed bug #589769: missing
	translations for column titles in Policy and NAT widgets

	* DiscoveryDruidP40Dialog.cc (on_selection_changed): fixed bug
	#589768 : proper handling of plurals in translated text

	* OptionsDlg.cc (OptionsDlg): fixed bug #589763: made tree
	autoresizeable in Options dialog.

	* CertificateDruid.cc (CertificateDruid): fixed bug #589767: added
	missing text to *.po files

	* OptionsDlg.cc (OptionsDlg): autoresizing column width in ctree

2002-08-01  Vadim Kurland  <vadim@vk.crocodile.org>

	* v1.0.4 released

2002-07-29  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyList.cc (RuleSetList): PolicyList widget now shows rule
	elements "time Interval" and "Options" only if target platform
	supports them (controlled by capability elements in platform
	specific resource file).

	* MessageDialog.hh (class MessageDialog): MessageDialog is now
	transient for the window that called it. Using additional
	paremeter in call to all static members to pass reference to the
	widget; MessageDialog uses this reference to find top-level window
	and becomes transient for that window.

	* PolicyCompiler_ipt.cc (processNext): using complexMatch for
	comparison in the case when firewall (or "equivalent" object) is
	simultaneously in both src and dst.

2002-07-28  Vadim Kurland  <vadim@vk.crocodile.org>

	* TargetDialog_pf.cc (wrk2dlg): moved firewall s/w version to
	the tab "Firewall"

	* FirewallDialog.cc (FirewallDialog): removed checkbox "Dynamic
	Address" from the tab "General" in FirewallDialog. Address in this
	tab serves for the management purposes and should not be dynamic.

	* MessageDialog.cc (run): MessageDialog is now transient window
	for the last main window (always stays on top of it and has window
	decorations of a transient window, if window manager supports it)

2002-07-26  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyList.cc (createTitleButton): made title buttons passive

	* main_window2.cc (on_sort): now if user sorts subtree, program
	updates tree view in all windows

	* ObjectTree.cc (constructor): made title buttons passive

	* BackgroundOpWidget.cc (init): fixed a problem where scroll bar
	was not properly connected with clist widget in the pop-up window
	following progress of compile or any other background operation

2002-07-25  Vadim Kurland  <vadim@vk.crocodile.org>

	* configure.in: added (blank) file for German translation.
	* configure.in: set designation to RC2 (release candidate)

	* FWObjectBook.cc (addPage): improved scrolling in object trees:
	now tree can be scrolled up and down, while its title bar stays in
	place.

	* PolicyList.cc (Clear): eliminating calls to manage

2002-07-23  Vadim Kurland  <vadim@vk.crocodile.org>

	* fwbuilder.cc (main): added parameter to Gtk::Main to indicate
	presence of locale. Russian locale works now!

2002-07-22  Vadim Kurland  <vadim@vk.crocodile.org>

	* Merged branch gettext - Internationalizarion support is
	incorporated in the main trunk.

	* configure.in: checking for extra libraries for nanosleep

	* Makefile.in (all-yes): correction: should create libintl.h
	before try to build the code (original Makefile.in had dependency
	on the library defined before dependency on libintl.h file,
	therefore it tried to compile before it created libintl.h file)

	* ru.po: added basic files for Russian translation; testing gettext
	NLS support

2002-07-21  Vadim Kurland  <vadim@vk.crocodile.org>

	* applied gettext support patch from Florent MANENS <manens@efrei.fr>
	  (working in branch 'gettext')
	
2002-07-20  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyList.cc: added basic support for control of target
	platform capabilities in GUI. Newly created Policy rules will have
	logging turned on only if target platform supports it. Also pop-up
	menus associated with rule elements can have some items disabled
	depending on the capabilities of target firewall platform. Other
	currently supported capabilities include: logging in policy rules,
	support for rule options, support for negation in policy,
	interface policy and nat (separate flag for each).

	* Resources.cc (getTargetCapability): added method
	Resources::getTargetCapability - this allows us to enable/disable
	certain features in the GUI depending on whether target platform
	provides support for them.

2002-07-19  Vadim Kurland  <vadim@vk.crocodile.org>

	* Resources.cc (setDefaultTargetOptions): setDefault* methods are
	static now. Also separated "properties" and "options" elements in
	resources.xml.

2002-07-18  Vadim Kurland  <vadim@vk.crocodile.org>

	* Resources.cc (setDefaultOptionsAll): better set of methods for
	class Resources

2002-07-17  Vadim Kurland  <vadim@vk.crocodile.org>

	* BackgroundOpWidget.cc (monitor_operation): using nanosleep to
	suspend foreground thread when ackground opration is in progress.
	This prevents GUI from taking up too much CPU time

	* listicons.sh: moved call to script that generates list of icons
	we use to configure.in


2002-07-16  Vadim Kurland  <vadim@vk.crocodile.org>

	* BackgroundOpWidget.cc (monitor_operation): fixed bug #582271:
	fwbuilder goes postal when compiling. Added usleep(100) into idle
	event handler so that GUI won't consume lots of CPU time while
	serving output of background process

	* CustomServiceDialog.cc (CustomServiceDialog): using class
	OptionMenuWidget in CustomServiceDialog

2002-07-15  Vadim Kurland  <vadim@vk.crocodile.org>

	* BackgroundOpWidget.cc (init): using widget CList instead of Text
	in BackgroundOpWidget

	* TargetDialog_ipf.cc (TargetDialog_ipf): fixed bug #580916: added
	gloabl option to control action on reject for fwb_ipf

	* PolicyCompiler_pf_writers.cc (processNext): fixed bug #581695:
	option "modulate state" applies only to TCP service in OpenBSD PF.

	* PolicyCompiler_ipt_writers.cc (processNext): fixed bug #580937:
	Log without prefix. fwb_ipt did not include custom log prefix in
	the rule generated for option "Log or dropped packets".

	* NATCompiler_ipt.cc (separateSourcePort): fixed bug #581814:
	fwb_ipt incorrectly combines objects with source port or source
	port range with objects with destination port or port range in NAT
	rules using multiport.

2002-07-13  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_ipt.cc (processNext): followup for bugfix for bug
	#576598. Fix for that bug introduced problem when outside
	interface of the firewall is dynamic. See comment in the code.

2002-07-12  Vadim Kurland  <vadim@vk.crocodile.org>

	* Resources.cc (loadRes): code cleanup in class Resources. Now
	resources for firewall platforms and target OS can be packaged
	separately from the GUI, together with corresponding policy
	compilers. Class Resources loads all .xml files it can find in
	TEMPLATE_DIR/platform and TEMPLATE_DIR/os and creates one object
	of itself for each platform and os, besides of global_res which
	still holds universal global resources. This concludes separation
	of the GUI and modules that provide support for target platforms
	(if I have not forgotten anythig, that is)

2002-07-11  Vadim Kurland  <vadim@vk.crocodile.org>

	* configure.in: checking for appropriate value for the second
	argument for dlopen (ran into problem on OpenBSD)

	* it turned out external C functions on OpenBSD should be called
	with '_' prepended to their name. I define macro
	EXTERNAL_FUNC_NAME_PREFIX in config.h.in that configure will
	set to either nothing or '_'. I could not figure out better way
	to work around this problem.

2002-07-09  Vadim Kurland  <vadim@vk.crocodile.org>

	* fwbuilder.cc (main): restoring main window position only if user
	set corresponding option in the preferences (earlier we restored
	window size if the option was set, but window position was
	restored regardless of this option)

	* ObjectQuickView.cc (deactivate): fixed bug that caused GUI to
	crash at random times after user switched between policy and nat
	dialogs several times

	*  merged branch "dialog-separation". Now all platform-specific
	dialogs are built as a standalone dynamically loaded modules
	and are installed in TEMPLATEDIR/modules/gui. These dialogs are
	also packaged with policy compiler RPMs instead of the GUI RPM.
	
2002-07-08  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cc (processNext): fixed bug #578162: Invalid
	syntax on REJECT w/tcp-rst. Compiler now issues warning and clears
	action-on-reject flag if reject with TCP RST is ordered on the
	rule with non-TCP services

2002-07-07  Vadim Kurland  <vadim@vk.crocodile.org>

	* DialogFactory.cc (class DefaultDialogFactory): this method loads
	dynamic library that contains class handling dialog for specified
	target platform and then creates instance of this class.

	* all dialogs for target platform (both firewall options and host
	OS options) are now created as dynamically loaded modules.
	
2002-07-04  Vadim Kurland  <vadim@vk.crocodile.org>

	* autogen.sh: added script autogen.sh - this script regenerates
	all critical scripts and config files (aclocal.m4, ltmain.sh and
	ltconfig, configure etc) using aclocal, automake and libtool. This
	needs to be done to properly build on different platforms. This
	fixes bug #574106

2002-07-03  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_pf_writers.cc (processNext): fixed bug #577060:
	compiler used to add word "inet" to every rule in ipf.conf
	file. This bug was introduced when I fixed bug #569942.

	* PolicyCompiler_ipt_writers.cc (_printTarget): fixed bug #575674
	- compiler added "limit" option to all generated iptables rules
	instead of adding it to only LOG and ACCEPT/DROP/REJECT rules.

	* NATCompiler_ipt.cc (processNext): fixed bug #576598 (user
	reported a problem with configuration where DNAT translation was
	provided using IP addresses on DMZ (interface eth3, routable IP),
	but connection was actually coming from outside.  Compiler used to
	add "-i eth3" to the generated code which broke his DNAT rule
	because packets were actually entering firewall through different
	interface.

2002-07-01  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_ipt.cc (processNext): fixed bug #575492 - compiler
	erroneously combined single ports and port ranges in NAT rules
	using multiport.

2002-06-28  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cc (specialCaseWithCustomServices): 
	fixed bug #574836 (useless state NEW w/ ESTABLISHED,RELATED in
	fwb_ipt)
	
2002-06-26  Vadim Kurland  <vadim@vk.crocodile.org>

	* HostDialog.cc (dlg2wrk): fixed bug #573985 (could not change
	interface attributes in Host object dialog)

	* PolicyCompiler_ipt.cc (processNext): additional correction for
	bugs #571824 and #571524 ( interface rules with direction 'both')

2002-06-25  Vadim Kurland  <vadim@vk.crocodile.org>

	* PIXAdvancedNetDialog.cc (PIXAdvancedNetDialog): added bunch of
	"sysopt" options to PIX Advanced NEtwork parameters dialog

	* set version to 1.0.4

2002-06-24  Vadim Kurland  <vadim@vk.crocodile.org>

	* PIXAdvancedNetDialog.cc (dlg2wrk): added page "SNMP" to PIX
	Advanced Network options dialog
	
	* PIXAdvancedFWDialog.cc (on_defaults_clicked): PIX "Advanced"
	firewall options dialog now supports resetting timeouts to their
	default values. Also added page "Logging" to this dialog.

	* PolicyCompiler_ipt_writers.cc (_printDirectionAndInterface): 
	fixed bugs #571824 and #571524 : compiler used to create rule in
	FORWARD chain with missing interface specification for interface
	policy rules

	* PolicyCompiler_ipt_writers.cc (_printLimit): fixed bug #572746:
	fwb_ipt: rule option confusion. This bug addressed several issues:
	1) limit_value and limit_burst are applied to the logging
	option. In fwb_iptables they are applied to the actual action
	(eg accept) as the dialog text indicates.2) the output of
	limit_burst is missing a space: --limit-burst0 3) tcp-rst option
	on reject does not work. The compiler forgets to output
	--reject-with tcp-reset. fwb_iptables works ok. 4) The single rule
	created on the loopback interface by the druid
	(permit all protocols on loopback) does not work. I changed this
	to two rules as produced by older versions of the druid, this
	works. (this problem may already be reported)

	
	* NATCompiler_ipt.cc (processNext): fixed bugs #570694, #572847 :
	problems in NAT & transparent proxy rules.
	
	* NATCompiler_ipt.cc (processNext): fixed bug #572848: new chain
	created in inappropriate table in iptables script generated for
	NAT rules with negation
	

2002-06-23  Vadim Kurland  <vadim@vk.crocodile.org>

	* resources.xml.in: added few default options for FirewallOptions
	and HostOptions for various firewall plaforms and host OS.

	* Resources.cc (Resources): added wrappers getXmlNodeProp and
	getXmlNodeContent for better memory management. Moved setting of
	default object properties and default host and firewall options
	from classes Firewall and Host to Resources.

2002-06-21  Vadim Kurland  <vadim@vk.crocodile.org>

	* PIXAdvancedNetDialog.cc (run): added 'advanced' dialogs for
	PIX

2002-06-17  Vadim Kurland  <vadim@vk.crocodile.org>

	* Version 1.0.3 released
	
2002-06-17  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_pf_writers.cc (_printProtocol): fixed bug
	#569942: Syntax error while loading rules on OpenBSD

	* fwbuilder.cc (main): added command line option "-o objid"
	that causes GUI to show object with given ID immediately after
	program starts.

2002-06-14  Vadim Zaliva  <lord@crocodile.org>

	* fwbuilder.cc (main): static intialized moved 
	to libfwbuilder.

2002-06-13  Vadim Kurland  <vadim@vk.crocodile.org>

	* ObjectTree.cc (source_drag_begin): using default icon for
	drag&drop (simplified code, fixed  core dump)

2002-06-10  Vadim Kurland  <vadim@vk.crocodile.org>

	* FWObjectDatabaseGUI.cc (create): fixed bug #566693: crash on
	copy/cut operations in the policy if object being copied is
	firewall. Bug was introduced and fixed in 1.0.3

2002-06-08  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_ipt.cc (processNext): fixed bug #566172: Original
	Dest. in DNAT rules can be any.

2002-06-07  Vadim Kurland  <vadim@vk.crocodile.org>

	* Preferences.cc, Resources.cc, SimplePixmap.cc: eliminated major
	memory leak. Fixed bugs #553299 and #559958

2002-06-06  Vadim Kurland  <vadim@vk.crocodile.org>

	* ipf.cc (main): 
	* pf.cc (main): 
	* ipt.cc (main): fixed bug #564633: compiler does not set (x)
	permission

	* FWObjectClipboard.cc (putObject): class clipboard creates
	and stores a copy of the object (uses FWObjectDatabase::create
	and then FWObject::operator= )

2002-06-05  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipf.cc (processNext): 
	* PolicyCompiler_ipt.cc (processNext): taking care of some special
	cases with dynamic interfaces in ipt and ipf compilers.

2002-06-02  Vadim Kurland  <vadim@vk.crocodile.org>

	* set version to 1.0.3, added autoupgrade transofrmation for
	preferences

	* added ReleaseNotes_1.0.3.html

	* PolicyCompiler_ipt_writers.cc (_printTimeInterval): new policy
	compiler for iptables: added support for time intervals

	* main_window.cc (showSaveStatusbar): file name is shown on the main
	window title bar.

2002-06-01  Vadim Kurland  <vadim@vk.crocodile.org>

	* main_window.cc (showSaveStatusbar): gui shows icon of a floppy
	on the status bar when data has been modified and requires saving

2002-05-31  Vadim Kurland  <vadim@vk.crocodile.org>

	* OSConfigurator_linux24.cc (processFirewallOptions): fixed bug
	#551323  (iptables modules names have changed in v1.2.6 and later)
	Added support for predefined firewall platform version numbers in
	firewall dialog
	
	* main_window.cc (main_window): split statusbar onto three smaller
	status areas: for the current data file name, for "needs saving"
	indicator and for assorted text status messages.

2002-05-29  Vadim Kurland  <vadim@vk.crocodile.org>

	* InterfaceData.hh (struct InterfaceData): bugfix: attributes
	label, physAddress and network_zone are #IMPILED so InterfaceData
	should copy values only if they are not empty.

	* NATCompiler_ipt.cc (processNext): fixed bug #562173 : DNAT rule
	could not be created if all external interfaces of the firewall
	had dynamic address.

	* ICMPServiceDialog.cc (on_type_combo_changed): Fixed bug #562171:
	ICMP service dialog now provides widgets for setting ICMP type and
	code both numerically and from the list of predefined values. Any
	numeric value in the range 0-255 can be used for both type and
	code.
	
	
2002-05-27  Vadim Kurland  <vadim@vk.crocodile.org>

	* main_window.cc (main_window): added upport for multiple windows
	mode. Added few static methods working on all windows. Disabled
	floating dialog feature, but the code is still there. Removed
	FWObjectDatabase::Scratchpad, instead each dialog manages data in
	widgets until saved into the object. FirewallDialog is an
	exception!

	* InterfaceListWidget.cc (InterfaceListWidget): this widget now
	uses struct InterfaceData to pass data in and out

	* InterfaceData.hh (struct InterfaceData): this structure
	represents parameters of object Interface for widgets and dialogs.
	Using this structure we simplify methods of widgets and dialogs
	and don't have to create temporary objects of class Interface and
	thus avoid having to attach them to the tree and so on.

2002-05-25  Vadim Kurland  <vadim@vk.crocodile.org>

	* TMPGroupObject.hh (class TMPGroupObject): this class represents
	an object that has all properties of a group, except it does not
	save itself in XML file and its validateChild method approve
	objects of any type. This object is used to create temporary group
	in the tree where working copies of other objects can be
	temporarily stored so that dialogs can use them for editing.
	
	* code cleanup in the GUI. Created separate class Navbar
	
2002-05-23  Vadim Kurland  <vadim@vk.crocodile.org>

	* converted policy compilers fwb_ipt, fwb_pf and fwb_ipf to the
	new API based on class RuleProcessor

2002-05-19    <vadim@vk.crocodile.org>

	* PolicyListElement.cc (popup_menu): fixed bug #557899 - GUI
	crashes on "Cut" operation on policy and NAT rules

2002-05-18  Vadim Kurland  <vadim@vk.crocodile.org>

	* HostDialog.cc (on_snmp_get_released): gui checks and creates
	only interfaces that are "up" when it gets a list via snmp query

	* PolicyCompiler_ipf.cc (checkForKeepState): fixed bug #557033
	ipf supports 'keep state' only for icmp/udp/tcp protocols

	* ipt.cc (main): fixed bug #557015 - compiler crashed if it
	could not find firewall object

	* PolicyCompiler_ipt.cc (separateSrcPort): fixed bug #556438
	multiport does not accept source and destination ports
	simultaneously

	* NATCompiler_ipt_writers.cc (_printTPorts): fixed bug #556783
	source and destination port ranges in "original" part of NAT
	rules should use ':' as separator

2002-05-17  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_pf.cc, PolicyCompiler_ipf.cc,PolicyCompiler_ipt.cc
	(compile): using macros FOR_EACH_RULE_P1,
	FOR_EACH_RULE_P2, FOR_EACH_RULE_N1, FOR_EACH_RULE_N2.  Using new
	DebugRule method.

	* ipt.cc, pf.cc, ipf.cc : Fixed processing of "-x" command line
	switch so that numeric argument can now be given.

2002-05-16  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.hh: using new implementations of
	for_each_rule and for_each_const_rule 

2002-05-14  Vadim Kurland  <vadim@vk.crocodile.org>

	* v1.0.2 released
	
2002-05-13  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_ipt.cc (operator): checking for a situation when all
	external firewall interfaces have dynamic addresses for DNAT rule

2002-05-09  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_pf.cc (NATRuleType): detecting more types
	of NAT rules (DBinat, SBinat, NONAT)

	* PolicyCompiler_pf.cc (compile): using separateTCPWithFlags

	* PolicyCompiler_ipt.cc (compile): moved separateTCPWithFlags
	to PolicyCompiler

2002-05-09    <vadim@vk.crocodile.org>

	* BuiltinDialog.cc (LoadData,SaveData,UndoChanges): calling
	destroyChildren to clean up scratchpad copy and/or original object
	before copying the into each other - eliminates memory leak

	* eliminated few memory leaks in the GUI (mostly not "managed" widgets)

	* fwbuilder.cc (main): now I delete all windows and objects before
	program exists (helps debugging memory leaks)

2002-05-07  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt_optimizer.cc (_optimizeForRuleElement): added
	simple optimization to new iptables policy compiler

2002-05-06  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cc (operator): splitting rules not only if
	firewall object is part of src or dst, but also if broadcast
	(and multicast in the future) is there
	* PolicyCompiler_ipt.cc (operator): using _isMatchingFW in
	PolicyCompiler_ipt::splitIfInputChainObjectSrc and
	PolicyCompiler_ipt::splitIfInputChainObjectDst

2002-05-03  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipf.cc (compile): fixed bug #546195 : "skip" with
	"quick" in ipfilter

	* PolicyCompiler_ipt.cc (compile): added debug print and fixed
	  some minor bugs
	* NATCompiler_ipt.cc (compile): added debug print

	* ipt.cc (main): added support for command line switches
	-xr and -xn for debugging

2002-05-03    <vadim@vk.crocodile.org>

	* NATCompiler_ipt.cc (VerifyRules::operator()): straightened rule
	verification code

	* NATCompiler_ipt.cc (NATRuleType::operator()): new iptables
	compiler supports SBinat and DBinat NAT rules

2002-04-27  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt_writers.cc (_printAddr): more meningful error
	message in case of interface with empty netmask. Not perfect, but
	better still.

2002-04-26    <vadim@vk.crocodile.org>

	* BackgroundOpWidget.hh: defined rules of using BackgroundOpWidget
	and added methods allowing connecting and disconnecting of object
	of class BackgroundOp and widget BackgroundOpWidget.

	Made changes in other classes using background operations to
	follow these rules. 

2002-04-22  Vadim Kurland  <vadim@vk.crocodile.org>

	* ExecBgr.cc (stop_operation): killing background process if user
	clicks "Stop"

	* Makefile.in (GLIB_CFLAGS): added GLIB_CFLAGS and GLIB_LIBS back to
	Makefile.in

2002-04-21    <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cc (compile): added support for option "Assume
	firewall is part of Any" in the new iptables compiler

2002-04-20    <vadim@vk.crocodile.org>

	* BackgroundOpWidget.cc (display_lines): this class now connects
	its method display_lines to signal 'idle' where reads lines from
	the logger. If logger is empty and background operation has
	finished, handler is disconnected from the signal. This class also
	disconnects logger (calls Logger::disconnect) in its destructor.

2002-04-19  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cc (prepareForMultiport): added support for
	MAC address matching in the new iptables compiler

	* PolicyCompiler_ipt.cc (separatePortRanges): separating TCP and
	UDP port ranges 'cause they can not be used with multiport

2002-04-18  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt_writers.cc (_printDstService): added support
	for CustomService in the new iptables compiler

	* PolicyCompiler_pf_writers.cc (_printDstService): added support
	for CustomService in compilers for PF and IPF

	* PolicyCompiler_ipt.cc (operator): better processing for
	multiport.  Now making sure we supply no more than 15 ports for
	multiport module and also separating TCP services with flags
	'cause those can not be used together with others in multiport.

2002-04-17  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_pf_negation.cc (operator): implemented support
	for negation in NAT for OpenBSD PF (using "no nat" )

	* NATCompiler_ipf.cc (operator): *** Negation in NAT is _NOT_
	supported for ipf

	* NATCompiler_ipt.cc (operator): implemented support for negation
	in NAT for the new iptables compiler. Fixed bug #545028 in the new
	compiler

2002-04-17    <vadim@vk.crocodile.org>

	* PolicyCompiler_pf.cc (compile): implemented support for AddressRange
	in Src/Dst for pf,ipf,ipt. Bug #543335 

	* NATCompiler_ipt_writers.cc (_printAddr): implemented support for
	AddressRange in SNAT and DNAT rules (feature req. #476511)

2002-04-16  Vadim Kurland  <vadim@vk.crocodile.org>

	* OSConfigurator_linux24.cc (processFirewallOptions): 
	* iptables.c: improved code checking for modules installed on the
	system so it will now detect compressed modules (*.o.gz). Bug #544587

2002-04-15    <vadim@vk.crocodile.org>

	* FirewallDialog_ipf.cc (init_ipf): 
	* NATCompiler_ipf.cc (operator): added support for built-in
	application proxies in "map" rules for ipfilter per support
	req. #543383

2002-04-14    <vadim@vk.crocodile.org>

	* PolicyCompiler_ipf.cc (_printAction): 
	* RuleOptionsDialog.cc (run): added rule option
	"return_icmp_as_dest" for ipf per support req. #543768

2002-04-12    <vadim@vk.crocodile.org>

	* NATCompiler_ipt.cc (operator): most of the implementation of NAT
	in the new ipt compiler (still need to work on negation in NAT)

	* PolicyCompiler_ipf.cc (operator): added "keep frag" rule option
	for ipf per support req. #541753

	* NATCompiler_pf.cc (operator): added check for DNAT rules with
	service "any" (bug #541814 )
	

2002-04-11  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_pf.cc (_printAddr): 
	* NATCompiler_pf.cc (_printAddr): Added support for policy rules
	and translations on interfaces with dynamic addresses. Feature
	req. #542705

	* IconList.cc (size_allocate_impl): more bugfixes for 64-bit
	platforms

2002-04-11    <vadim@vk.crocodile.org>

	* IconList.cc (get_label_width): bugfix for 64-bit platforms
	(testing on Alpha)

2002-04-09    <vadim@vk.crocodile.org>

	* configure.in: checking for ccache and using it if present

2002-04-08    <vadim@vk.crocodile.org>

	* src/Makefile.in: 
	* ipt/Makefile.in:
	* pf/Makefile.in: I do not need to explicitly add parameters for
	GLIB because we supply them via libfwbuilder-config

	* configure.in: removed check for GTK. It was redundand because we
	depend on GTKMM, which in turn can not be installed without GTK.
	I had to keep check for GLIB even though we add CFLAGS and LIBS for
	GLIB via the output of libfwbuilder-config because of the old
	iptables compiler does not use libfwbuilder
	
2002-04-07    <vadim@vk.crocodile.org>

	* objects_init.xml.in: added few new objects (PCAnywhere, winterm,
	Citrix ICA), renamed IPService object IPSEC to ESP, added IPService
	object AH and service group IPSEC

2002-04-07  Vadim Kurland  <vadim@vk.crocodile.org>

	* configure.in: Set version to 1.0.2

	* PolicyCompiler_ipt.cc (_printDstService): printing of addresses
	and services, using multiport module

	* PolicyCompiler_ipt.cc (compile): support for some predefined
	rules (log all dropped, accept_established, clamp_mss_to_mtu and
	accept_new_tcp_with_no_syn options)
	
	* PolicyCompiler_ipt.cc (_printActionOnReject): support for different
	modes of REJECT

	* PolicyCompiler_ipt.cc (_printLogParameters): support for logging
	parameters

	* Added new log prefix macro %C - prints chain name as part of log
	prefix (feature req. #535950)

2002-04-06  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cc (operator): implemented negation in policy
	rules in the new iptables compiler

2002-04-05  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cc (operator): logging in the new iptables
	policy compiler

2002-04-04  Vadim Kurland  <vadim@vk.crocodile.org>

	* ipt.cc (main): First try at rewriting iptables compiler using
	API

2002-04-03  Vadim Kurland  <vadim@vk.crocodile.org>

	* fwcompiler.c: applied patch #535447 (command line option
	-w supresses compiler warnings)

	* ipf.cc (main): added call to libfwbuilder::init()

	* pf.cc (main): added call to libfwbuilder::init()

	* PolicyListItem.cc (PolicyListItem): using HBox instead of Table
	in PolicyListItem widget in a hope that it is faster

2002-04-02    <vadim@vk.crocodile.org>

	* PolicyList.cc (removeWidgetsInRow): significant optimization in
	PolicyList widget. Widget does not rebuild itself anymore when
	rule is added or removed or moved to another position (per task
	#50867)

2002-03-31    <vadim@vk.crocodile.org>

	* CertificateDruid.cc (on_next): added simple progress indicator for
	key generation process

2002-03-28  Vadim Kurland  <vadim@vk.crocodile.org>

	* IPAddressWidget.cc (key_press_event_impl): Fixed keypad entering
	problem

2002-03-23  Vadim Kurland  <vadim@vk.crocodile.org>

	* Makefile.in (install): installing man page for fwbuilder

2002-03-22  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_pf.cc (operator): better algorithm to decide on
	direction for Global Policy rules in case Src or Dst contains
	firewall object

2002-03-22  Vadim Zaliva  <lord@crocodile.org>

	* Preferences.cc (Preferences): corrected bug with loading
	preferences if user home dir is '/'.

2002-03-21  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_pf.cc (operator): I now support two modes for pf
	and ipf compilers (I distinguish modes using firewall option
	"pass_all_out") :

	1. compiler produces two pf (or ipf) rules per each global policy
	rule, one "in" and another "out". Predicate SplitDirection does
	this for me if I set direction to Both in fillDirection

	2. compiler produces one pf (or ipf) "in" rule per each global
	policy rule. In this case I set direction to Inbound in
	fillDirection.
      

	* objects_init.xml.in: fixed but #532457 - increased dest. port
	range end for traceroute

2002-03-19  Vadim Kurland  <vadim@vk.crocodile.org>

	* nat.c (processNATRule): fixed bug in iptables compiler where
	SNAT rule was generated incorrectly if firewall did not have ip
	address specified in "General" tab

	* OptionsDlg.cc (OptionsDlg): 
	* FirewallDialog.cc (wrk2dlg): disabled some elements of the GUI
	in case program is compiled without SSL support

2002-03-19  Vadim Zaliva  <lord@crocodile.org>

	* Preferences.cc (importPKCS12): compiling w/o openssl.

2002-03-18  Vadim Kurland  <vadim@vk.crocodile.org>

	* FirewallDialog_ipf.cc (init_ipf): added GUI widgets for "log
	or-block", "log body" and "log level FACILITY.LEVEL" options

	* PolicyCompiler_ipf.cc (operator): added support for "log
	or-block", "log body" and "log level FACILITY.LEVEL" options

2002-03-17  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_pf.cc (operator): splitting rules with direction
	"Both"

2002-03-14  Vadim Kurland  <vadim@vk.crocodile.org>

	* iptables.c (parseOptions): support for --limit-burst

	* RuleOptionsDialog.cc (run): added support for --limit-burst
	option for iptables in the GUI

	* nat.c (printNatRule): fixd bug #530133 ( extra ':' in the end of
	--to-source in SNAT rule)

	* PolicyListItem.cc (PolicyListRuleNumItem): this widget should
	also be d&d recipient on win32

2002-03-13  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyListItem.cc (PolicyListObjectItem): implemented workaround
	for broken D&D on win32

2002-03-12  Vadim Zaliva  <lord@crocodile.org>

	* fwbuilder.cc (class StaticInitializer): initializing libraty.

2002-03-12  Vadim Kurland  <vadim@vk.crocodile.org>

	* ExecDialog.cc (ExecDialog), ExecBgr.cc (run_impl): supporting
	file names, working directory names and object names with
	whitespaces

2002-03-11  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyListItem.cc (drag_data_received_impl): made PolicyListItem
	drag&drop recipient (trying to fix d&d problem on windows)

2002-03-10  Vadim Kurland  <vadim@vk.crocodile.org>

	* CertDruidP30Dialog.cc (convertToTime): fixed date and time
	conversion for certificates

	* policy.c (rulePrologue): fixed bug with multi-line comments in
	iptables compiler: now each line of the comment text starts with
	its own '#'

2002-03-09  Vadim Kurland  <vadim@vk.crocodile.org>

	* CertDruidP40Dialog.cc (CertDruidP40Dialog): split large druid
	page onto two

	* CertDruidP30Dialog.cc (CertDruidP30Dialog): got rid of format '%D'
	in strftime and strptime

	* applied patches from Igor for win32

2002-03-08  Vadim Kurland  <vadim@vk.crocodile.org>

	* FAQ.sgml: changed format of Table of Contents in FAQ, added
	references to ipfilter and pf compilers

2002-03-07    <vadim@vk.crocodile.org>

	* NATCompiler_ipf.cc: test compile with g++-3

2002-03-07  Vadim Kurland  <vadim@vk.crocodile.org>

	* policy.c (ruleEpilogue): fixed bug #527187 (%I in Generic Log
	Prefix: compiler cores )

2002-03-02  Vadim Kurland  <vadim@vk.crocodile.org>

	* FirewallDialog_ipf.cc (init_ipf): added option "directory where
	firewall configuration files should installed" to platforms pf and
	ipf

	* NATCompiler_pf.cc (splitOnOSrv): have to split rules if there
	are many objects in OSrv

	* PolicyCompiler_pf.cc (_expandAddr): minor bugfix

	* NATCompiler_pf.cc (operator): compiler adds virtual addresses
	for NAT rules calling virtual method
	OSNetworkConfigurator::addVirtualAddressForNAT

2002-03-01  Vadim Kurland  <vadim@vk.crocodile.org>

	* OSNetworkConfigurator_freebsd.cc (processFirewallOptions): split
	OS-specific configuration among separate classes:

	OSNetworkConfigurator_openbsd
	OSNetworkConfigurator_freebsd
	OSNetworkConfigurator_solaris
	
	* FirewallDialog.cc: added support for host OS Solaris

2002-02-28  Vadim Kurland  <vadim@vk.crocodile.org>

	* fwbuilder.spec.in (Docdir): automatically taking libfwbuilder
	version for dependency

	* configure.in: now checking for presence of getopt.h header
	file (need this for Solaris where getopt is defined in stdlib.h)

	* configure.in: defining __PRAGMA_REDEFINE_EXTNAME in config.h
	if on Solaris

2002-02-27  Vadim Kurland  <vadim@vk.crocodile.org>

	* policy.c (decideOnGroup): checking if destination address in the
	rule is the same as an address of one of firewall's interfaces
	(rule should go into INPUT chain). Fixed bug #523652 ("destination
	to myself: rule in forward ")

2002-02-24  Vadim Kurland  <vadim@vk.crocodile.org>

	* DialogPlugin.cc (data_changed_flag): got rid of WARNING
	"Gtk---WARNING **: The toplevel is not a Gtk::Window -- use
	gtk_widget_get_toplevel" which kept appearing once in a while if
	gtk+ > 1.2.8 was used

	* Makefile.in (SUBDIRS): removed directory src/ipfilter

	* RuleOptionsDialog.cc (run): added support for rule options for
	firewall platform 'ipf'

2002-02-23    <vadim@vk.crocodile.org>

	* pf.cc: added missing #include for g++3

	* fwcompiler.c:
	* iptables.c: getting rid of multi-line string literals

	* configure.in: simplified check for gtk+ and gtk-- (because our
	old check does not work with g++3). We do not check for the
	version of gtk-- anymore.

2002-02-23  Vadim Kurland  <vadim@vk.crocodile.org>

	* nat.c (processNATRule): fixed bug #520886 (multi-line string
	literals cause warning if code is compiled with gcc3)

	* GroupDialog.cc (GroupDialog): fixed bug #521545 (extra brackets
	in the call to GroupIconList->drag_data_received.connect which broke
	compile on Solaris with gcc 3.0.3)

	* PolicyCompiler_ipf.cc (operator): implemented negation in ipf
	compiler. So far only negation in src and dst is supported.

	* ipf.cc (main): added support for few OS specific options
	for FreeBSD 4.4:
	net.inet.ip.forwarding
	net.inet.ip.sourceroute
	net.inet.ip.redirect

	* FirewallDialog.cc (dlg2wrk): added support for ipf and
	FreeBSD 4.4 in GUI

2002-02-22  Vadim Kurland  <vadim@vk.crocodile.org>

	* NATCompiler_pf.cc : 
	* NATCompiler_ipf.cc : using NATRule::getRuleType and setRuleType
	methods

	* PolicyCompiler_ipf.hh: 
	* NATCompiler_ipf.cc :	added classes for FreeBSD IPF compiler

2002-02-21  Vadim Kurland  <vadim@vk.crocodile.org>

	* iptables.c: added changes suggested by Jeremy: now iptables
	script generated by compiler checks if a module exists before
	trying to load it. It will bail out if modprobe failed.

	* pf.cc (main): compiler for OpenBSD PF now supports few OS options:
	net.inet.ip.directed-broadcast
	net.inet.ip.forwarding
	net.inet.ip.sourceroute
	net.inet.ip.redirect

	* iptables.c: iptables compiler now adds commands to load modules 
	ip_conntrack_irc and ip_nat_irc. Using code proposed by Jeremy.

	* OptionMenuWidget.cc (set_menu): properly sorting list of platforms
	and supported OS in pull-down widgets in FirewallDialog

	* configure.in: fixed bug #520845 (configure fails on solaris)

2002-02-20  Vadim Kurland  <vadim@vk.crocodile.org>

	* FirewallDialog_pf.cc (init_pf): added tab for OpenBSD network
	parameters to FirewallDialog

	* Resources.cc (getOS): storing names of supported OS in resources

	* PolicyCompiler_pf.cc (_printTCPFlags): added support for TCP
	flags

2002-02-19  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_pf.cc (compile): checking for rule shading in
	pf policy compiler (fool-proof for negation)

2002-02-19 Vadim Kurland   <vadim@vk.crocodile.org>

	* PolicyCompiler_pf.cc (operator): first attempt to implement
	negation

2002-02-18 Vadim Kurland   <vadim@vk.crocodile.org>

	* pf.cc (main): compiler won't generate nat.conf file if there are
	no NAT rules

	* PolicyCompiler_pf.cc (epilog): compiler now generates rule
	"block all" at the very end of pf.conf -- all our compilers should
	build firewall policy in a such way that it would block everything
	even if there are no rules. In iptables we set default chains
	policy to DROP. In pf we add this unconditional blocking rule in
	the end.

2002-02-14  Vadim Kurland  <vadim@vk.crocodile.org>

	* applied patches for build for win32 (Thanks Igor!)
	
2002-02-13  Vadim Kurland  <vadim@vk.crocodile.org>

	* policy.c (printElementaryRule): added support for icmp codes
	per suggestion of Andrey Kaminsky and_lv@users.sourceforge.net
	(we used to generate code only for icmp types)

	* PolicyCompiler_pf.cc (operator): compiler generates 'scrub' rule
	when service 'ip_fragments' is used and rule action is Deny or
	Reject. It also generates scrub rule if rule option 'scrub' is
	activated. We will decide later which one method we'll keep.

	* NATCompiler_pf.cc : added some more sanity checks for NAT rules
	in pf compiler. Correctly dealing with situation when original srv
	has some service object, while translated srv. is "Original"

2002-02-12  Vadim Kurland  <vadim@vk.crocodile.org>

	* policy.c (processElementaryPolicyRule): fixed bug #516378
	(correct matching broadcast for iptables if destination is
	firewall with negation)

2002-02-11  Vadim Kurland  <vadim@vk.crocodile.org>

	* fixed bug #516033 (tcp-flags... - added missing flags PSH and URG)
	
	* TCPServiceDialog.cc (wrk2dlg): added support for missing TCP
	flags PSH and URG

	* PolicyList.cc (copyRuleContent): fixed bug #516028 (Comments
	don't copy )

2002-02-09  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyListElement.cc (popup_menu): fixed bug #504109
	( hang on `Edit' of object in changed rule )

	* main_window2.cc (OpenObject): OpenObject does not check if there
	is unsaved data in the current dialog anymore! It only does what
	it is supposed to do - shows an object. Caller should check it
	before calling OpenObject.

2002-02-07  Vadim Zaliva  <lord@crocodile.org>

	* pf.cc (main): -m option and Manifest file generation.
	(main): returning 0 on success and not-0 on error.

2002-02-07  Vadim Kurland  <vadim@vk.crocodile.org>

	* FirewallDialog.cc (wrk2dlg): loading/saving install script
	parameters in object PolicyInstallScript

	* fwcompiler.c (cmpPPolicyRules): fixed bug which caused iptables
	policy compiler to ignore multiple objects in "Time" rule element
	if optimization was enabled.

	* StandardRulesDruid2.cc (findLoopbackInterface): using new methods
	available in API. Cosmetic changes.

	* main_window2.cc (pasteTo): fixed big which broke copy/paste and
	duplicate operations for time objects

	* PolicyListItem.cc (source_drag_begin): fixed bug introduced when
	I converted to gdk-pixbuf

	* GroupDialog.cc (dlg2wrk): fixed bug introduced recently:
	removing objects from the group dialog (in the icon view) did not
	remove them but duplicated them instead

	* PolicyCompiler_pf.cc: added support for rule options in pf
	compiler. Support has been added for :

		o turning off stateful inspection in rules
		o choice of icmp or tcp rst replies for rules with 
		  action "Reject"
		o setting flag "allow-opts" if match on ip options is needed

2002-02-06  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyCompiler_pf.cc (prolog): first working version of policy
	compiler for OpenBSD PF. 

		What is supported:
	
		o both pf.conf and nat.conf files are generated
		o negation in policy rules
		o grouping in "from", "to" and in ports
		o rule with "scrub" policy is generated if
		  object ip_fragments is used as service and action is
		  Deny or Reject

		What is not supported
	
		- Address ranges in both policy and NAT
		- negation in NAT is not supported
		- custom services
		- turning off stateful inspection in rule options
		- choice of icmp or tcp rst replies for rules with 
		  action "Reject"
		- setting flags "no-df", "min-ttl" and "allow-opts" via 
		  rule options
		- matching on TCP flags

		What will not be supported (at least not anytime soon)

		* policy routing
	
	* platforms.cc: this is the module for all platform-specific
	predicates and global functions. Some day we'll convert to a
	full-fledged "capabilities" database, but for now this will
	suffice.

2002-02-05  Vadim Kurland  <vadim@vk.crocodile.org>

	* Created framework for OpenBSD PF support:

	* PolicyCompiler_pf.hh: added basic support for PF filtering rules

	* FirewallDialog.cc: added support for PF to FirewallDialog

2002-02-04  Vadim Kurland  <vadim@vk.crocodile.org>

	* StandardRulesDruid2.cc:
	* PolicyListItem.cc:
	* PolicyListElement.cc: using new methods of PolicyRule and NATRule

2002-02-03  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyList.hh (Table ): reorganization of classes in PolicyList.
	Added class RuleSetList, classes PolicyList, InterfacePolicyList
	and NATList derived from RuleSetList. All notion of rule elements,
	their number, names and widget classes associated with tnem is now
	concentrated in classes derived from RuleSetList.

2002-02-02  Vadim Zaliva  <lord@crocodile.org>

	* ManifestFile.txt: Policy Compiler Manifest file format proposal.

	* ExecDialog.hh (class ExecDialog): now subclass of BackgroundOpDialog.

	* BackgroundOpDialog.hh: Generic dialog for backgroud operations

	* BackgroundOpWidget.hh (Packer): execute() method is virtual now.

	* BackgroundRunWidget.hh (class BackgroundRunWidget): moved params and
	command name to constructor to make it 'execute' method virtual.

2002-01-31  Vadim Kurland  <vadim@vk.crocodile.org>

	* GroupDialog.cc (showObjectInDialogPredicate): properly checking
	objects based on library and other parameters when removing from
	the group. Fixed bug #511271

	* iptables.c (printARPEntryCommands): fixed bug #511296 (using
	Jeremy's suggestion)

	* policy.c (optimisePolicyRules): fixed bug #511260 (copy of
	Debian bug #131637)

2002-01-27  Vadim Kurland  <vadim@vk.crocodile.org>

	* FirewallDialog.cc (wrk2dlg): added tab "fwbd" to the Firewall
	dialog

2002-01-26  Vadim Zaliva  <lord@crocodile.org>

	* main_window.cc (LoadObjDB): optionally reporting what transformation
	failed and at what element.

2002-01-25  Vadim Kurland  <vadim@vk.crocodile.org>

	* OptionsDlg.cc (fillListOfCertificates): using small icon in the
	OptionsDialog when showing the list of installed keys

2002-01-24  Vadim Kurland  <vadim@vk.crocodile.org>

	* FirewallDialog.cc , HostDialog.cc (dlg2wrk): loading and storing
	snmp communities via Management subelement

2002-01-22  Vadim Kurland  <vadim@vk.crocodile.org>

	* policy.c (printElementaryRule): fixed bug #501021
	(optimisePolicyRules): optimizer does not supress destination
	address if it is broadcast

	* iptables.c (prologue): fixed bugs #507209 and #507972

2002-01-22  Vadim Zaliva  <lord@crocodile.org>

	* OptionsDlg.cc (on_import_cert_clicked): asking for certificate
	description on import.

2002-01-21  Vadim Zaliva  <lord@crocodile.org>

	* OptionsDlg.cc (on_import_cert_clicked): 
	* Preferences.cc (importPKCS12): PKCS#12 file import

2002-01-20  Vadim Zaliva  <lord@crocodile.org>

	* OptionsDlg.cc (on_export_public_key_clicked): GUI for public
	key export.

2002-01-20  Vadim Kurland  <vadim@vk.crocodile.org>

	* InterfaceDialog.cc (run): code to load and save network zones

2002-01-19  Vadim Kurland  <vadim@vk.crocodile.org>

	* InterfaceDialog.cc (InterfaceDialog): redesigned InterfaceDialog
	to provide space for Security Levels and Network Zones

	* SimplePasswordDialog.cc (SimplePasswordDialog): added
	SimplePasswordDialog widget and class

2002-01-18  Vadim Zaliva  <lord@crocodile.org>

	* OptionsDlg.cc (on_remove_cert_clicked): 
	* Preferences.cc (removeKeyAndCert): removing certificates.

	* OptionsDlg.cc (on_export_cert_clicked):
	* Preferences.cc (exportPKCS12): exporting certificate PKCS#12
	representation to external file.

2002-01-17  Vadim Kurland  <vadim@vk.crocodile.org>

	* AddressRangeDialog.cc (AddressRangeDialog): added class
	AddressRangeDialog

	* configure.in: set version to 1.0.1

2002-01-16  Vadim Zaliva  <lord@crocodile.org>

	* fwbuilder.cc (main): init fwbd library.

	* Preferences.cc (getCerificates): method to load PKCS12 certificates.

2002-01-16  Vadim Kurland  <vadim@vk.crocodile.org>

	* configure.in: added filters to remove '-I/usr/include' from
	various variables from which CFLAGS is composed in the end.

2002-01-16  Vadim Zaliva  <lord@crocodile.org>

	* fwbuilder_preferences.dtd.in: storing Key, Certificate pairs
	in PKCS12 format. Added 'description' attribute.

2002-01-15  Vadim Kurland  <vadim@vk.crocodile.org>

	* CertDruidP30Dialog.cc (getNotValidBefore): added methods to extract
	data from the Druid fields

2002-01-14  Vadim Zaliva  <lord@crocodile.org>

	* fwbuilder_preferences.dtd.in: added possibility to have multiple
	certificates.

2002-01-14  Vadim Kurland  <vadim@vk.crocodile.org>

	* main_window2.cc: fixed bug #502534 Still need to implement
	clipboard operations support properly (waiting for GTK 2.0 for
	that, because method that returns list of children for Gtk::Table
	is hopelessly broken in gtk 1.2)

2002-01-13  Vadim Kurland  <vadim@vk.crocodile.org>

	* main_window_menu.cc (build_menu): moved menu items "Find object"
	and "Where used" to menu "View". 

	* Now creating menu items "Copy","Cut","Paste" without key
	accelerators to avoid event loop (which happens if user presses
	Ctrl-C when no editable widget is active and accelerator kicks in)

	* MessageDialog.cc (MessageDialog): creating pixmap using gdk_pixbuf

	* CertificateDruid.cc (CertificateDruid): added classes for GUI
	support for certificates

2002-01-12  Vadim Kurland  <vadim@vk.crocodile.org>

	* helpers.cc (createPixmapFromFile): added function to creare
	Gtk::Pixmap from graphics files. Completely got rid of xpm icons.

2002-01-11  Vadim Kurland  <vadim@vk.crocodile.org>

	* resources.xml.in: switched to png versions of all icons

	* configure.in, fwbuilder.cc (main): converted to getopt
	we do not use popt anymore
	
	* added png versions of all icons
	
2002-01-11  Vadim Zaliva  <lord@crocodile.org>

	* fwbuilder_preferences.dtd.in: Added 'Security' element.

2002-01-07  Vadim Kurland  <vadim@vk.crocodile.org>

	* iptables.c (processSrv): fixed bug which duplicated "-f" for
	ip_fragment service if both "all fragments" and "'short' fragments"
	where checked. Bug #511868

	* PolicyListItem.cc (addIcon): got rid of imlib alltogether. Now
	using gdk_pixbuf. Also switched to using pre-drawn "negated" icons

2001-12-29  Vadim Kurland  <vadim@vk.crocodile.org>

	* version 1.0 released
	
	* PrintDialog.cc (PrintDialog): 
	* FindDialog.cc (FindDialog): 
	* StandardRulesDruid.cc (StandardRulesDruid): 
	* DiscoveryDruid.cc (DiscoveryDruid): druids and dialogs appear 
	in the center of the screen

	* IconList.cc (Icon): eliminated dependency on gdk_imlib in
	classes IconList, StandardRuleDruid, DiscoveryDruid, ObjectTree

2001-12-27  Vadim Kurland  <vadim@vk.crocodile.org>

	* GroupDialog.cc (dlg2wrk): fixed bug #497114: gui crashed if
	object was deleted in Hosts group and database saved to the file

	* IconList.cc (arrangeIcons): simplified algorithms for rendering
	icon lists. Made group dialog work lot faster

2001-12-26  Vadim Kurland  <vadim@vk.crocodile.org>

	* IconList.cc (arrangeIcons): fixed bug #496841: clicking on a
	group while another group was in the process of rendering icons in
	the dialog caused gui crash

2001-12-25  Vadim Kurland  <vadim@vk.crocodile.org>

	* PrintDialog.cc (run): parameter should be in quotes when passed
	to printing xslt transformation. Bug #492006 is fixed now.

	* some minor text changes in dialogs

2001-12-23  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyListElement.cc (drag_data_received_impl): fixed bug #496116
	(GUI crash on illegal drag-and-drop operation)

2001-12-22  Vadim Kurland  <vadim@vk.crocodile.org>

	* BackgroundOpWidget.hh (Packer): fbuf is defined only if there is
	no constructor ofstream(int&)

	* added check for constructor ofstream(int&) to configure.in

	* added checks for some C++ and STL capabilities, borrowed
	from configure.in coming with gtk-- library

	* added #ifdef to BackgroundOpWindget and BackgroundRunWidget
	to work around a problem with ofstream(int&) constructor

2001-12-21  Vadim Kurland  <vadim@vk.crocodile.org>

	* main_window2.cc (on_where_used): added menu item "Where Used"
	which scans entire database and shows all groups and firewalls
	using selected object

	* WhereUsedDialog.cc (WhereUsedDialog): added class WhereUsedDialog

2001-12-20  Vadim Kurland  <vadim@vk.crocodile.org>

	* main_window.cc (main_window): class main_window automatically
	requests window manager to assign default size to the main program
	window in case user does not save window size and position in
	preferences.

2001-12-18  Vadim Kurland  <vadim@vk.crocodile.org>

	* DiscoveryDruidP40Dialog.cc (createObjects): showing progress bar
	dialog while creating objects found by dns zone transfer or snmp
	network scan

	* SimpleProgressDialog.hh (class SimpleProgressDialog): added class 
	SimpleProgressDialog - simple dialog with progress bar 

	* HostDialog.cc (HostDialog): using DialogPlugin::loadPageOptions
	and DialogPlugin::savePageOptions to load and save dialog data

	* HostDialog.cc (HostDialog): added tab "Sysinfo"

	* FWObjectDatabaseGUI.cc (newHost): do not add "unknown"
	interface to the newly created host

2001-12-15  Vadim Kurland  <vadim@vk.crocodile.org>

	* main_window2.cc (on_copy): per feature req. #475645 implemented
	support for text copy/cut/paste operations using both keyboard
	shortcuts Ctrl-C,Ctrl-X,Ctrl-V and menu "Edit".  Renamed menu
	items for copying and pasting objects to avoid confusion.
	
	* PolicyListItem.cc (activateObjectQuickView): fixed bug #493590
	(object tooltip was shown for "any")

2001-12-14  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyListElement.cc (popup_menu): fixed bug #492284
	also did some additional code cleanup for copy/paste operations

	* policy.c (printElementaryRule): fixed bug #493303 (invalid
	icmp type number for "any type" ICMP service

	* policy.c (optimisePolicyRules): fixed bug #491972 (Failure with
	more then 15 ports if multiport optimization is used)

2001-12-11  Vadim Kurland  <vadim@vk.crocodile.org>

	* floppyfw_install.sh (DIR): added missing command line option
	"-f". fwbuilder GUI automatically adds options "-f" and "-d"
	when calls install script, so we need to accept these options
	in getopt in the script.

2001-12-10  Vadim Kurland  <vadim@vk.crocodile.org>

	* v 0.9.9 released
	
	* HostDialog.cc (on_snmp_get_released): fixed bug #491279

2001-12-09  Vadim Kurland  <vadim@vk.crocodile.org>

	* v 0.9.8 released
	
	* helpers.cc (checkObjectName): removed limitations on object's name
	Now name can contain white spaces

2001-12-08  Vadim Kurland  <vadim@vk.crocodile.org>

	* ObjectQuickView.cc (fillObjectQuickViewText): moved all the code
	for objects quick-view inside the class ObjectQuickView and used
	singleton. Implemented support for quick view in group dialogs

	* removed support for large icons in group dialogs
	* removed support for policy display without icons
	
2001-12-07  Vadim Kurland  <vadim@vk.crocodile.org>

	* IconList.cc (getNextPosition): fixed bug #490134

2001-12-06  Vadim Kurland  <vadim@vk.crocodile.org>

	* iptables.c (printARPEntryCommands): fixed bug #488269

	* fwbuilder.cc (main): setting visual for imlib

2001-12-05  Vadim Kurland  <vadim@vk.crocodile.org>

	* policy.c (optimisePolicyRules): fixed bug #489369

	* iptables.c (processSrc): added support for MAC filtering option
	stored in HostOptions to iptables compiler

	* InterfaceListWidget.hh: created class InterfaceListWidget -
	widget showing list of interfaces for HostDialog and
	FirewallDialog

	* HostDialog.cc (wrk2dlg): added support for HostOptions
	added checkbutton "Use MAC address filtering"
	(showInterfaces): added tab "Interfaces" to HostDialog
	
2001-12-04  Vadim Kurland  <vadim@vk.crocodile.org>

	* nat.c (generateFinalRulesForNegation): trying to fix bug #488005

	* IconList.cc (size_allocate_impl): fixed bug #489148

2001-11-28  Vadim Kurland  <vadim@vk.crocodile.org>

	* version 0.9.7 released
	
2001-11-24  Vadim Kurland  <vadim@vk.crocodile.org>

	* completely eliminated dependency on Gnome
	
	* main_window.cc (on_release_notes_activate): showing Release Notes
	in LongTextInfo dialog instead of MiniBrowser

	* configure.in: checking for imlib and popt libraries

	* fwbuilder.cc (main): not using gnome_init anymore; using popt
	calls to parse parameters

	* Makefile.in: we do not need GNOME_LIBS and other GNOME-related
	stuff anymore

	* Druid.hh : class Druid added.

2001-11-23  Vadim Kurland  <vadim@vk.crocodile.org>

	* objects_init.xml.in: added predefined standard Service
	"ESTABLISHED"

	* iptables.c (prologue): compiler now adds rules to accept
	ESTABLISHED, RELATED packets only if FirewallOption
	"accept_established" is True (its default value is True)

	* FirewallDialog.cc (FirewallDialog): changed checkbox label from 
	"Create ARP entries for DNAT translations" to "Create virtual
	addresses for NAT rules". 

2001-11-21  Vadim Kurland  <vadim@vk.crocodile.org>

	* policy.c (printPolicyRule): now create new chains from
	printPolicyrule when needed
	(optimisePolicyRules): added optimization for repreating source
	or destination address in generated iptables rules

2001-11-18  Vadim Kurland  <vadim@vk.crocodile.org>

	* InterfaceDialog.cc (InterfaceDialog): changed Interface attribute
	name "alias" -> "label", change the name for the entry field in
	Interface dialog

	* policy.c (optimisePolicyRules): improved rule optimization in
	iptables compiler. Now using multiport module where appropriate

2001-11-17  Vadim Kurland  <vadim@vk.crocodile.org>

	* fwcompiler.c (isExternalInterface): support for security zone
	in iptables compiler (rather support for "external" interface
	through security zone numbers)

	* InterfaceDialog.cc (InterfaceDialog): added entry field "alias"
	to Interface dialog

2001-11-16  Vadim Kurland  <vadim@vk.crocodile.org>

	* main_window.cc (saveWindowConfiguration): fixed bug in saving
	windows size and position code

2001-11-14  Vadim Kurland  <vadim@vk.crocodile.org>

	* policy.c (checkRuleShading): removed terrible memory leak (bug
	#480801)

2001-11-13  Vadim Kurland  <vadim@vk.crocodile.org>

	* iptables.c (processSrc): added support for MAC address filtering
	in iptables compiler

	* HostDialog.cc (dlg2wrk): added support for MAC address in
	HostDialog

2001-11-11  Vadim Kurland  <vadim@vk.crocodile.org>

	* nat.c (processNATRule): optimization can now be turned off for
	NAT rules (bug #480658) 

	* nat.c (optimiseNatRules): fixed bug #480410 ( optimizer used to
	remove rules with the same address in both source and destination.
	This caused problems in certain network configurations where SNAT
	rule was needed to support translation for connects from internal
	net to the server on the same net, using its external URL)

	* iptables.c (printARPEntryCommands): avoid duplicates while adding
	static arp entries or alias addresses for certain NAT rules
	(bug #480473)
	
	* fwbuilder.spec.in (Obsoletes): added call to libtoolize per bug
	#480081

	* iptables.c (printARPEntryCommands): if NAT rule uses host object
	with address which coincides with that of one of firewall's
	interfaces, static ARP entry (or interface alias address) is not
	needed and won't be added by compiler

2001-11-04  Vadim Kurland  <vadim@vk.crocodile.org>

	* gtkrc: RC file - defines colors and font for IconList widget

	* IconList.hh: replacement implementation of IconList widget

	* fwbuilder.cc (main): fwbuilder now has its own gtkrc file

2001-10-30  Vadim Kurland  <vadim@vk.crocodile.org>

	* iptables.c (prologue): implemented feature req. #476517:
	firewall script generated by iptables compiler makes log record
	when activated

	* nat.c (processNATRule): fixed bug #476520: iptables compiler
	used to multiply code which adds static ARP entries for DNAT
	translations

2001-10-29  Vadim Kurland  <vadim@vk.crocodile.org>

	* ObjectQuickView.cc (fillObjectQuickViewText): ObjectQuickView
	now shows interfaces for the firewall object

2001-10-28  Vadim Kurland  <vadim@vk.crocodile.org>

	* trying to eliminate dependency on libgnomeui
	
	* StockButton.hh: collection of standard buttons

	* PixmapButton.hh: class PixmapButton - button with icon and text
	replaces widget available via libgnomeui
	
	* AboutDialog.cc (AboutDialog): got rid of dependency on
	libgnomeui for "about" dialog

2001-10-27  Vadim Kurland  <vadim@vk.crocodile.org>

	* ObjectQuickView.cc (getTextAsString): implemented another
	mode for quick object view - now can show it either in tooltip
	window, or on status bar

2001-10-26  Vadim Kurland  <vadim@vk.crocodile.org>

	* configure.in: added support for locale

2001-10-25  Vadim Kurland  <vadim@vk.crocodile.org>

	* nat.c (processNATRule): fixed bug #475155 : compiler
	generated incorrect code for REDIRECT NAT rules and negation

2001-10-24  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyList.cc (copyRuleContent): fixed bug with rule copy/paste:
	now interface policy rule can be moved via copy/paste to the
	GLobal Policy and vice versa

	* iptables.c (parseOptions): implemented workaround for iptables
	1.2.3 for the bug with interpretation of log-level
	strings. Firewall option "Use numeric log levels" makes compiler
	use numbers for log levels instead of text strings

	* floppyfw_install.sh: firewall policy installer for floppyfw
	single floppy Linux router/firewall
	
2001-10-23  Vadim Kurland  <vadim@vk.crocodile.org>

	* iptables.c: changes in the iptables compiler:
	- turning ip_forward off before adding rules and turning it
	back on only after all rules were added;
	- code which cleans up all pre-existing chains in all tables
	uses only pure shell and does not need awk anymore;
	- code which manages static ARP entries for DNAT rules 
	can use either /sbin/arp or /sbin/ip, depending on firewall option
	"iptables_use_ip_tool". This is done to provide support for 
	single-floppy firewall floppyfw which does not have arp and awk but
	does have package iproute2 
	- new macro for the custom log prefix: "%I" is replaced 
	with interface name
	
2001-10-20  Vadim Kurland  <vadim@vk.crocodile.org>

	* iptables.c (prologue): per feature request #471917 added
	iptables  "clamp MSS to MTU"

	* ObjectTree.cc (changeTreeLabel): #472677 ( object properties
	shown in the tree should change when object is edited )

	* PolicyListElement.hh (Frame ): better PolicyListElement widget

	* PolicyListItem.cc (on_button_release_event): fixed bug #472678
	pop-up menu and object quick view


2001-10-19  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyListItem.cc (combineWithNeg): fixed bug #472344 (icon
	for negated service is corrupted)

2001-10-16  Vadim Kurland  <vadim@vk.crocodile.org>

	* version 0.9.6 released
	
2001-10-12  Vadim Kurland  <vadim@vk.crocodile.org>

	* nat.c (processNATRule): added more sanity checks: now checking
	if firewall has interfaces and if at least one is marked as
	'external'

2001-10-11  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyListItem.cc (PolicyListItem): redesign of PolicyListItem
	widget. Fixed old bug where drawing of PolicyListItem used to
	intermittenly break clipping, which in turn caused strange
	effects in other widgets.

2001-10-08  Vadim Kurland  <vadim@vk.crocodile.org>

	* ObjectTree.hh (CTree): fixed bug #469014

	* BuiltinDialog.cc (BuiltinDialog): navigation bar can be turned
	off via global Options dialog

2001-10-07  Vadim Kurland  <vadim@vk.crocodile.org>

	* BuiltinDialog.cc (fill_navbar_location): implemented navigation
	bar in BuiltinDialog

2001-10-05  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyListElement.cc (popup_menu): fixed bug introduced earlier
	in "paste"
	(popup_menu): expanded pop-up menu, added items "Copy", "Cut",
	"Paste above", "Paste below" which provide a way to copy rules via
	clipboard

	* PolicyList.cc (on_button_release_event): added pop-up menu item
	"Paste rule"

	* GroupDialog.cc (on_popup_menu): fixed bug introduced earlier in
	"paste"

	* main_window2.cc (on_duplicate): fixed bug introduced earlier in
	"duplicate"
	

2001-10-04  Vadim Kurland  <vadim@vk.crocodile.org>

	* GroupDialog.cc (wrk2dlg): minor bug fixed (change of the group
	name in the dialog did not activate "Apply" and "Undo" buttons)

	* iptables.c (printInfo): now compiler adds general information
	on the top of geenrated script (Firewall Builder version used, 
	timestamp and the user name of user who ran the program)

	* nat.c (generateFinalRulesForNegation): fixed first half of the bug
	report #464628 (corrected processing of negations in NAT)
	(processNATRule): fixed second half of the bug report #464628

2001-10-01  Vadim Kurland  <vadim@vk.crocodile.org>

	* Requirements.html: added requirements for Mandrake 8.1

2001-09-30  Vadim Kurland  <vadim@vk.crocodile.org>

	* main_window.cc (restoreWindowConfiguration): added methods to
	save abd restore window size and configuration
	(on_float_pane): added methods to "float" object dialog per user's
	request

	* main_window_menu.cc (build_menu): added submenu "View"

2001-09-28  Vadim Kurland  <vadim@vk.crocodile.org>

	* ObjectTree.cc (get_properties): implemented feature req. #427061:
	" List IP with alongside hostname "

2001-09-27  Vadim Kurland  <vadim@vk.crocodile.org>

	* fwbuilder.cc (main): added option "remember window position and
	size"

2001-09-26  Vadim Kurland  <vadim@vk.crocodile.org>

	* MessageDialog.cc (MessageDialog): minor improvements to dialog

	* configure.in: added checks for GNU make

2001-09-23  Vadim Kurland  <vadim@vk.crocodile.org>

	* ObjectTree.cc (removeObject): improvements in insertObject,
	removeObject, showObject, selectObject - avoiding full tree rebuild

2001-09-22  Vadim Kurland  <vadim@vk.crocodile.org>

	* Makefile.in (run): added "fwbuilder-static" and "debug"
	Makefile targets

2001-09-21  Vadim Kurland  <vadim@vk.crocodile.org>

	* ObjectTree.cc (TreePopupMenu): corrections to Copy/Paste
	mechanism and menu itmes behavior. Trying to fix fix bug #463329

2001-09-20  Vadim Kurland  <vadim@vk.crocodile.org>

	* About.cc (showAboutDialog): cosmetic: now About dialog shows
	version of the library used at run-time

2001-09-20  Vadim Zaliva  <lord@crocodile.org>

	* Preferences.cc (loadPrefs): passing correct version number while
	loading preferences file.

2001-09-17  Vadim Zaliva  <lord@crocodile.org>

	* fwbuilder.spec.in (Source): added dependency from libfwbuilder

2001-09-17  Vadim Kurland  <vadim@vk.crocodile.org>

	* Makefile.in (LTCXXLINK): using libtool for API library

2001-09-17  Vadim Zaliva  <lord@crocodile.org>

	* FWObject.hh: 
	* FWObject.cc: Internal code brush-up. Removed NULL pointer
	checks in children list. Use stl algorithms wherether it is possible.

2001-09-16  Vadim Kurland  <vadim@vk.crocodile.org>

	* OptionsDlg.cc and many other dialogs: corrected buttons size and
	layout

	* InterfaceDialog.cc (InterfaceDialog): added support for "delete"
	event

	* OptionsDlg.cc (OptionsDlg): redesigned Options dialog using
	two-pane window with options represented in a tree-like vew

	* BuiltinDialog.hh (setLibrary): BuiltinDialog now remembers
	the name of the tree the object it shows belongs to.

	* OptionsDlg.cc (OptionsDlg): added GUI elements to support
	ObjectTree view modes "Split" and "Combined"

	* FWObjectBook.cc (build): implemented ObjectTree view modes:
	"Split" mode shows libraries in a separate trees,
	"Combined" mode shows all libraries in one combined tree

	* ObjectTree.cc (ObjectTree): ObjectTree can now filter objects
	by their attribute "library"

	* main_window.cc (main_window()): now using FWObjectBook
	instead of the tree

	* FWObjectBook.cc (FWObjectBook): added class FWObjectBook - 
	a collection of many object tree widgets. This widget is used
	to show objects from different libraries in different pages

2001-09-14  Vadim Zaliva  <lord@crocodile.org>

	* api/ moved doc++ comments from .cc to .hh files

	* dns.cc (DNS_bulkBackResolve_Thread): using our Cond and Mutex
	classes instead of GCond and GMutex.

	* ThreadTools.hh (class Cond): Conditional Variable implemented.
	(_Tp>): Synchronized Queue implemented.

2001-09-13  Vadim Zaliva  <lord@crocodile.org>

	* snmp.cc (special): ignore 0.0.0.0/* networks.
	(run_impl): timestamps for start/end of scan.

	* FWObject.cc (fromXML): library addtribute and
	access methods added.

	* fwbuilder.dtd.in (TODO): added 'library' attribute
	to list of standard object's attributes.

2001-09-12  Vadim Zaliva  <lord@crocodile.org>

	* snmp.cc (fetchInterfaces): reading operational and admin
	status of interface.
	(run_impl): ignoring routes which use interface which
	is currently down.
	(guessInterface): guessing interface for routes where it is
	not specified.

	* Interface.hh (class Interface): added operational
	status attribute.

2001-09-12  Vadim Kurland  <vadim@vk.crocodile.org>

	* DiscoveryDruidP51Dialog.cc (DiscoveryDruidP51Dialog): changed
	checkboxes to make their meaning consistent

	* main_window.hh (Window): moved bunch of methods from ObjectTree
	to main_window

2001-09-11  Vadim Zaliva  <lord@crocodile.org>

	* snmp.cc (fetchInterfaces): rewrote of interface fetch code
	to work around bug observed of following SNMP implementation:
	IOS (tm) C2600 Software (C2600-IS-M), Version 12.0(7), RELEASE SOFTWARE (fc1)
	with uptime of 338 days.

2001-09-10  Vadim Kurland  <vadim@vk.crocodile.org>

	* main_window_menu.cc (build_menu): renamed menu item for the
	network discovery Druid

	* DiscoveryDruidP70Dialog.cc (fillListOfNetworks): all the
	networks and hosts in the list of nodes discovered by druid or DNS
	import are now checked by default

	* DiscoveryDruidP65Dialog.cc (execute): added checkbox to the
	object discovery druid page: "Avoid point-to-point links"

	* All dialogs: removed large icon in all dialogs. All dialogs have
	been adjusted to look nice in different screen resolutions

	* main_window2.cc : setting main window size depending on the
	screen dimentions

2001-09-10  Vadim Zaliva  <lord@crocodile.org>

	* snmp.cc (run_impl): task #36517: added option controlling
	wherether to try to crawl to the other side of 
	point-to-point routes.
	(point2point): detecting point-to-point routes
	using interface information.

	* IPAddress.hh (class IPNetwork): method for getting
	broadcast address of network.

	* snmp.cc (fetchRoutingTable): fetching interface
	and gateway information.
	(run_impl): task #37813 - adding route gateway
	as crawler input.
	(run_impl): task #36520 - skipping interface broadcasts found
	in routing table from crawler output.

2001-09-09  Vadim Zaliva  <lord@crocodile.org>

	* IPAddress.hh (class IPRoute): interface and gateway
	fields added.

2001-09-08  Vadim Kurland  <vadim@vk.crocodile.org>

	* fwbuilder.dtd.in (TODO): Added object Gateway to DTD. 
	Added HostOptions to Host.

	* FirewallDialog.cc (FirewallDialog): new iptables option: "Accept
	established TCP sessions after firewall restart". This option is
	ON by default. Autoupgrade transformation adds this option to
	existing firewalls.


2001-09-06  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyListElement.cc (PolicyListRuleOpt): Rule element "Options"
	now shows logging icon and options icon. "Log" rule element can
	now be retired. Without "Log" column policy list is more clean and
	compact, especially for Interface policies

	* FindDialog.cc (on_find_clicked): using OptionMenuWidget;
	implemented partial match search

	* OptionMenuWidget.cc (on_menu_selection_changed): OptionMenuWidget
	keeps track of the menu state and generates signal "changed" only
	when menu choice actually changed

2001-09-05  Vadim Kurland  <vadim@vk.crocodile.org>

	* ObjectTree.cc: newly created object can now be deleted without
	saving

	* DialogPlugin.hh: added methods which load and save data from
	groups of dialog widgets

	* ObjectTree.cc (on_delobj): added "Delete" menu item

2001-09-04  Vadim Kurland  <vadim@vk.crocodile.org>

	* FirewallDialog.cc: FirewallDialog now calls setDefaults method
	of the firewall object to set default values for all
	platform-specific firewall parameters and OS-specific network
	parameters

	* Firewall.hh (class Firewall): added doc++ comments to some methods

2001-09-03  Vadim Zaliva  <lord@crocodile.org>

	* configure.in: dynamic link with libxml2 and libxslt.

	* snmp.cc (run_impl): task #36519 - ignoring IPs on loopback.

	* IPAddress.hh (class IPNetwork): added isBroadcast() and isMulticast()
	methods.

2001-09-02  Vadim Kurland  <vadim@vk.crocodile.org>

	* policy.c (processElementaryPolicyRule): further fixes for bug
	#455794

	* iptables.c (prologue): Implemented support for various kernel
	parameters 

	* FirewallDialog.cc (on_host_os_changed): Implemented host OS support
	for Firewall Object

2001-08-28  Vadim Kurland  <vadim@vk.crocodile.org>

	* iptables.c (printARPEntryCommands): improved code which generates
	commands to add ARP entries for static NAT. Now it adds ARP entries
	for SNAT translations using "other" IP addresses

2001-08-27  Vadim Kurland  <vadim@vk.crocodile.org>

	* policy.c (processElementaryPolicyRule): fixed bug #455794 (wrong
	code generated for the loopback interface policy rule with src and
	dst being firewall object)

2001-08-26  Vadim Kurland  <vadim@vk.crocodile.org>

	* FirewallDialog.cc (wrk2dlg): added "Load modules" checkbox
	back to the Firewall Dialog "iptables" tab. Also added an option
	for setting up PATH environment variable in iptables script
	
2001-08-25  Vadim Kurland  <vadim@vk.crocodile.org>

	* nat.c (printNatRule): fixed bug 449638 (port mapping in DNAT rules)

	* iptables.c (parseOptions): fixed bugs 448693 and 453966 (sttting
	rule options did not generate any code in iptables script)

	* FindDialog.cc: Implemented "Find" feature

2001-08-24  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyListItem.cc (paint): fixed bug 449133 (GUI was hanging if
	very long word was entered in the comment field in the policy)

	* PolicyListElement.cc (add_item_to_policy): fixd bug 454812 (GUI
	used to allow duplicates in policy rule elements)

2001-08-19  Vadim Zaliva  <lord@crocodile.org>

	* configure.in: Checking for /usr/include/bind
	and libbind_r.a.

2001-08-18  Vadim Zaliva  <lord@crocodile.org>

	* Makefile (install): if doc++ present, geenerales 
	API class reference and installs it under DOCDIR/classref.

	* configure.in: checking for doc++ presense.

2001-08-14  Vadim Zaliva  <lord@crocodile.org>

	* dns.cc (findA): renamed variable 'nsaddr' to avoid
	name clash with macro in older versions of 'bind'.


2001-08-05  Vadim Zaliva  <lord@crocodile.org>

	* Merger 0.9.4 branch into main trunk.

2001-08-05  Vadim Kurland  <vadim@vk.crocodile.org>

	* DiscoveryDruidP65Dialog.cc: fixed bug #448130 where project did
	not link because of the missing method in class
	DiscoveryDruidP65Dialog if compiled without support for SNMP

	* NetworkDialog.cc (dlg2wrk): fixed bug #448213 where netmask
	could not be set in NetworkDialog

2001-08-04  Vadim Zaliva  <lord@crocodile.org>

	* CodingConventions.txt: Proposed project coding conventions
	document.

	* FWObject.hh: 
	* DialogFactory.hh: 
	* BuiltinDialog.cc (BuiltinDialog): 
	* DialogFactory.cc (class DefaultDialogFactory): removing 
	GUI dependencies from data layer. Switching from 
	Fatory Method to AbstractFactory pattern for
	dialog creation.

2001-08-04  Vadim Kurland  <vadim@vk.crocodile.org>

	* DiscoveryDruidP65Dialog.cc (on_save_to_file_clicked): added
	ability to save network scan log to a file

2001-08-03  Vadim Zaliva  <lord@crocodile.org>

	* api/: starting work on API.

2001-08-02  Vadim Kurland  <vadim@vk.crocodile.org>

	* iptables.c (processTime): time matching support implemented in
	iptables policy compiler (requires patch from patch-o-matic)

2001-07-30  Vadim Kurland  <vadim@vk.crocodile.org>

	* iptables.c: added support for drop-table
	(requires patch-o-matic)
	
	* iptables.c (processSrv): added support for ipv4options patch
	(requires patch-o-matic)
	
	* nat.c (processNATRule): added support for NETMAP target (requires
	patch from patch-o-matic)

	* iptables.c (prologue): corrected script to take into account
	different path to arp and route in different distributions

2001-07-29  Vadim Kurland  <vadim@vk.crocodile.org>

	* policy.c (processElementaryPolicyRule): added recognition of
	broadcast addresses. If destination object in the rule is
	broadcast, compiler should generate code into INPUT chain

	* CustomService.hh (class CustomService): added class CustomService

	* iptables.c (processSrv): added support for CustomService in
	iptables compiler

	* set version to 0.9.4

	* added autoupgrade xslt transformations for upgrade 0.9.3->0.9.4
	
2001-07-24  Vadim Kurland  <vadim@vk.crocodile.org>

	* iptables.c (printARPEntryCommands): now we can manage static ARP
	entries and associated routes needed for DNAT translations via
	Firewall Builder

2001-07-22  Vadim Kurland  <vadim@vk.crocodile.org>

	* NetworkDialog.cc (NetworkDialog): switched to IPAddresswidget for
	address and netmask

	* HostDialog.cc, FirewallDialog.cc: switched to IPAddressWidget
	for address

2001-07-21  Vadim Kurland  <vadim@vk.crocodile.org>

	* PolicyList.cc (on_button_release_event): free space in the policy
	or NAT view is now clickable: right mouse button click brings 
	pop-up menu with options for adding new rules at the top or bottom
	of the policy
	
	* OptionsDlg.cc (run): added UI parameters "Autosave" - if true,
	data in all dialogs is automatically saved when user switches
	between objects

2001-07-20  Vadim Kurland  <vadim@vk.crocodile.org>

	* policy.c (processPolicyERule): compiler now correctly processes
	case where firewall object used in both src and dst in the policy
	rule
	(rulePrologue): now using separate temporary chains for INPUT,OUTPUT
	and FORWARD in rules with negation.
	(optimisePolicyRules): improved rule optimiser

2001-07-19  Vadim Zaliva  <lord@crocodile.org>

	* BackgroundOp.hh (class Logger): added 'start' and 'end' manipulators
	to lock synchornized output.

	* dns.cc (DNS_bulkBackResolve_Thread): synchronized output from several
	resovled threads.

2001-07-19  Vadim Kurland  <vadim@vk.crocodile.org>

	* iptables.c (parseOptions): added rule option "stateless" - now
	user can mark certain rules as not requiring stateful
	inspection. This feature, if used properly, can improve
	performance without compromising security

	* RuleOptionsDialog.cc (RuleOptionsDialog): added checkbox for
	rule option "stateless"

2001-07-18  Vadim Zaliva  <lord@crocodile.org>

	* HostsFile.cc (parse): skipping IPv6 addresses
	* IPAddress.cc (operator=): detecting IPv6 addresses.

2001-07-17  Vadim Kurland  <vadim@vk.crocodile.org>

	* policy.c (processPolicyERule): fixed bug #441979 in iptables
	compiler (Iface rules wrong when direction both)


2001-07-17  Vadim Zaliva  <lord@crocodile.org>

	* snmp.cc (run_impl): Distinguishing point-to-point routes
	and adding them as hosts, rather as networks.

	* dns.hh (class DNS_findA_query): Handling mulpiple PTR records.

2001-07-16  Vadim Zaliva  <lord@crocodile.org>

	* HostsFile.cc (parse): More decent parser, hanlding
	empty lines, end of line comments and multiple hosts aliases.

2001-07-15  Vadim Kurland  <vadim@vk.crocodile.org>

	* DiscoveryDruidP05Dialog.cc (DiscoveryDruidP05Dialog): Now option
	"Perform network scan using SNMP queries" will be disabled, and 
	explanatory text added, if program is compiled with no SNMP support

2001-07-14  Vadim Zaliva  <lord@crocodile.org>

	* dns.cc: implemented getHostByAddress with DNS timeout.

2001-07-14  Vadim Kurland  <vadim@vk.crocodile.org>

	* nat.c (processNATRule): support for REDIRECT in iptables

2001-07-13  Vadim Kurland  <vadim@vk.crocodile.org>

	* snmp.cc (init): added parameters for dns timeout
	(isvirtual): bugfix in virtual address detection method

	* TableOfObjects.cc (addObject): If object has multiple names in DNS, 
	this widget will show all of them in combo box

	* FilterDialog.cc (FilterDialog): Now can filter by address and name

2001-07-13  Vadim Zaliva  <lord@crocodile.org>

	* snmp.cc (run_impl): optinally resolve found hosts.
	(isvirtual): detection and removed virtual IPs.

	* snmp.hh (class CrawlerFind): return DNS info in availiable.

	* dns.cc (run_impl): Multu-threaded back-resolving
	implemented.

	* Pool.hh (Pool): tiny memory leak corrected.

2001-07-12  Vadim Kurland  <vadim@vk.crocodile.org>

	* DiscoveryDruidP70Dialog.cc (on_filter_clicked): now user can
	apply filter to objects found by crawler

2001-07-11  Vadim Kurland  <vadim@vk.crocodile.org>

	* fwcompiler.c (cmpTriplet): fixed bug #440557
	* iptables.c (prologue): now setting default policy before flushing
	all chains
	* iptables.c (processSrv): fixed bug #440390 

2001-07-10  Vadim Kurland  <vadim@vk.crocodile.org>

	* DiscoveryDruidP70Dialog.hh (class DiscoveryDruidP70Dialog):
	one more page to DiscoveryDruid (picking objects discovered by
	SNMP crawler)

2001-07-10  Vadim Zaliva  <lord@crocodile.org>

	* snmp.cc (fetchRoutingTable): discovering
	networks from network host routing table.

2001-07-09  Vadim Kurland  <vadim@vk.crocodile.org>

	* DiscoveryDruidP65Dialog.cc: using pool for
	SNMPCrawler operations. Now it is safe to interrupt crawler in
	the middle of the process

2001-07-08  Vadim Kurland  <vadim@vk.crocodile.org>

	* DiscoveryDruidP50Dialog.cc (DiscoveryDruidP50Dialog): 
	* DiscoveryDruidP53Dialog.cc (DiscoveryDruidP53Dialog): 
	* DiscoveryDruidP65Dialog.cc (DiscoveryDruidP65Dialog): 
		GUI for SNMP crawler
	
2001-07-08  Vadim Zaliva  <lord@crocodile.org>

	* dns.hh (class DNS_bulkBackResolve_query): operation
	for groups of IPs.

	* dns.cc (getHostByAddr): method added

	* snmp.cc
	* snmp.hh (class SNMPCrawler): retries, timeout, community
	parameters added.

2001-07-07  Vadim Kurland  <vadim@vk.crocodile.org>

	* ListOfIcons.cc (addObject): fixed bug: pop-up menu in group view
	now correctly activates "Open", "Copy" and "Cut" items

	* ObjectTree.cc (on_button_release_event): fixed bug: gui crashed
	after "Help me build policy" Druid if Policy or NAT were showing in
	the right pane of the main window (Support request #437759)


2001-07-06  Vadim Kurland  <vadim@vk.crocodile.org>

	* InterfaceDialog.cc (on_addr_focus_out_event): fixed bug: gui crashed
	if user hit TAB on empty "Address" field

2001-07-06  Vadim Zaliva  <lord@crocodile.org>

	* FirewallDialog.cc: 
	* snmp.cc: 
	* snmp.hh: 
	* config.h.in:
	* configure.in: better check for libsnmp

2001-06-28  Vadim Zaliva  <lord@crocodile.org>

	* snmp.hh:
	* snmp.cc (run_impl): implemented simple single threaded
	SNMP crawler.

2001-06-26  Vadim Kurland  <vadim@vk.crocodile.org>

	* main_window.cc (on_feedback_activate): menu item "Feedback" added

	* GenericBackgroundOpDialog.hh (Window): class SNMPOpDialog renamed
	to GenericBackgroundOpDialog

2001-06-20  Vadim Kurland  <vadim@vk.crocodile.org>

	* FirewallDialog.cc (addOptionsMenu): Now using OptionsMenu widget
	where appropriate

2001-06-18  Vadim Kurland  <vadim@vk.crocodile.org>

	* main_window.cc (on_release_notes_activate): open Release Notes
	in the default browser configured for "file://" URLs. Now we have
	choice : we can use our own mini browser MiniBrowserDialog or
	standard URL display program configured in system Gnome
	preferences

	* MiniBrowserDialog.hh (class MiniBrowserDialog): mini-browser dialog
	using HTMLViewer widget

	* htmlviewer.cc (HTMLViewer): primitive gtk-- wrapper widget for
	gtk-xmhtml widget. This widget will be used to show ReleaseNotes
	etc.

2001-06-17  Vadim Kurland  <vadim@vk.crocodile.org>

	* BuiltinDialog.cc (BuiltinDialog): GUI now does not permit
	creation of objects with empty names. Some logic cleanup in
	"Apply"/"Undo" functions

2001-06-17  Vadim Zaliva  <lord@crocodile.org>

	* dns.cc (findA): timeout check in findA() methods.

	* XMLTools.cc (saveFile): ident XML files on save.

2001-06-14  Vadim Zaliva  <lord@crocodile.org>

	* configure.in: Checking for actual presence of static version
	of libresolv.a, if not found - try dynamic.

2001-06-13  Vadim Kurland  <vadim@vk.crocodile.org>

	* main_window.cc (on_install): support for optional policy install
	script added

2001-06-11  Vadim Zaliva  <lord@crocodile.org>

	* configure.in: unconditionally link with libresolv.a

2001-06-11  Vadim Kurland  <vadim@vk.crocodile.org>

	* DiscoveryDruid.cc (on_prepare): implemented GUI for importing
	hosts from DNS zone

	* iptables/iptables.c (parseOptions): bug 429427 fixed (garbage
	after the end of rule action) 
	* iptables/nat.c: bug 426874 fixed (implemented NAT on firewalls
	with dynamic address on external interface)
	* iptables/iptables.c: bug 424440 fixed (added correct clean-up code
	on top of iptables script to remove all "old" rules in all
	chains)

	* iptables/nat.c: bug 422345 fixed (implemented support for
	negations in NAT, in particular negated original dest.)

	* iptables/nat.c: bug 424435 fixed (implemented negation in NAT)
	

2001-06-09  Vadim Kurland  <vadim@vk.crocodile.org>

	* iptables.c (parseOptions): fixed bug 431705 - log options
	  an logging limits processing in iptables compiler

	* DiscoveryDruid.cc (on_next): Objects Discovery Druid class

	* DiscoveryDruidP40Dialog.cc (newObject): reads hosts(5) file and
	  creates objects
	

2001-06-08  Vadim Zaliva  <lord@crocodile.org>

	* Makefile.in: bulk compilation of all GLADE-generated
	sources to decrease build time.

	* HostsFile.hh:
	* HostsFile.cc: hosts(5) file parser

2001-06-07  Vadim Zaliva  <lord@crocodile.org>

	* dns.cc: Made background operations of getNS()
	and findA() operations.

	* config.h.in: 
	* configure.in: checking for functions from bind8
	api.

	* dns.cc: code cleanup. works with bind8
	on Linux.
	(HAVE_BIND8): conditional compilation
	to compile on systems without proper
	bind libraries.

2001-06-06  Vadim Zaliva  <lord@crocodile.org>

	* dns.cc (findA): first working version
	* configure.in: checking for libbind_r.a

2001-06-04  Vadim Zaliva  <lord@crocodile.org>

	* snmp.hh: 
	* snmp.cc: 
	* FirewallDialog.cc (on_snmp_get_released): Using SNMP
	timeout and retries from preferences.

2001-05-30  Vadim Zaliva  <lord@crocodile.org>

	* configure.in: libresolv detection

2001-05-29  Vadim Zaliva  <lord@crocodile.org>

	* dns.cc (getHostByName): using gethostbyname_r
	with 5 (solaris) or six (linux) parameters.

	* configure.in: detecting arity of gethostbyname_r

	* dns.hh: DNS lookup wrapper interface.
	* dns.cc: DNS lookup wrapper implementation for Linux.

2001-05-23  Vadim Zaliva  <lord@crocodile.org>

	* main_window_menu.cc (build_menu): 
	* main_window.cc (on_tools_scan): Added Tools menu with
	Scan submenu.

2001-05-20  Vadim Kurland  <vadim@voyager.crocodile.org>

	* BackgroundOp.cc: background op. classes redesign

2001-05-18  Vadim Zaliva  <lord@crocodile.org>

	* snmp.cc (run_impl): 
	(run_impl): handling problem with present, but
	not configured interfaces.

	* snmp.hh (run_impl): 
	* FirewallDialog.cc (on_snmp_get_released): 
	(on_snmp_get_descr_released): 
	Running SNMP queries in background, without
	GUI freeze.

2001-05-18  Vadim Kurland  <vadim@voyager.crocodile.org>

	* ListOfIcons.cc (addObject): fixed bug #425023 

2001-05-17  Vadim Kurland  <vadim@voyager.crocodile.org>

	* OptionsDlg.cc (OptionsDlg): removed snmpget and snmpwalk paths
	parameters

2001-05-16  Vadim Kurland  <vadim@voyager.crocodile.org>

	* PolicyListItem.cc (PolicyListObjectItem): translated
	source/dest/service now shows as "Original" if no translation is
	needed.


2001-05-15  Vadim Zaliva  <lord@crocodile.org>

	* snmp.cc: 
	* snmp.hh: 
	* FirewallDialog.cc (wrk2dlg): 

	* config.h.in: 
	* configure.in: detecting presense of ucd-snmp library

	* merger snmp-lib-integration branch.

2001-05-12  Vadim Zaliva  <lord@crocodile.org>

	* XMLTools.cc (parseFile): detecting DTD validation
	errors during file load.

2001-05-11  Vadim Kurland  <vadim@voyager.crocodile.org>

	* FWObjectDatabase.xslt: making sure attribute action is never 
	  empty in PolicyRule

2001-05-11  Vadim Zaliva  <lord@crocodile.org>

	* fwcompiler.c (main): using DTD when loading data file.

2001-05-11  Vadim Kurland  <vadim@voyager.crocodile.org>

	* FWObjectDatabase.xslt (xmlns): transformation from 0.8.7 to 0.9.0:
	  fixed bug where InterfacePolicy objects created by this script
	  where duplicated

	* FirewallDialog.cc (on_snmp_get_released): now user doesn't have
	to press "Apply" before pulling information from the firewall via
	SNMP

2001-05-14  Vadim Zaliva  <lord@crocodile.org>

	* snmp.cc: getting interfaces information
	using snmp library.

2001-05-11  Vadim Zaliva  <lord@crocodile.org>

	* snmp.hh (class SNMPConnection): 
	* snmp.cc (class SNMPConnection): implemented simple
	C++ wrapper to ucd-snmp library.
	(run): getting system info using library.

	* configure.in: check for ucd-snmp library

2001-05-11  Vadim Kurland  <vadim@voyager.crocodile.org>

	* fwcompiler.c (cmpObjects): now we recognize the case when "Host"
	object has the same address as "Firewall" object and can generate
	appropriate rules

2001-05-10  Vadim Kurland  <vadim@voyager.crocodile.org>

	* policy-text.xsl: implemented negation in policy printing

	* helpers.cc (checkObjectName): allowed ':' in object names

	* iptables.c : two bugfixes:
	  added  "iptables -N temp_rule_name"
	  corrected processing of SNAT rules where translated source is not
	  firewall.

2001-05-06  Vadim Kurland  <vadim@voyager.crocodile.org>

	* StandardRulesDruid2.cc (generateRulesForHostProtection): fixed bug:
	  policy rules should not have direction, but druid used to insert
	  direction in "allow all outgoing connections" rule for host
	  protection firewall

2001-05-05  Vadim Kurland  <vadim@voyager.crocodile.org>

	* iptables.c (parseOptions): bugfix: "--reject-with tcp-reset"
	  requires "-p tcp"

2001-04-30  Vadim Zaliva  <lord@crocodile.org>

	* FWObject.hh (class FWObject): using 'vector' instead
	of 'list'.
	* FWObject.cc (sortChildren): sorting children by name.

2001-04-28  Vadim Zaliva  <lord@crocodile.org>

	* Makefile.in:
	* fwbuilder-packages"
	* fwbuilder.bts:
	* fwbuilder.appmap: Bug-Buddy 1.2 support

2001-04-27  Vadim Zaliva  <lord@crocodile.org>

	* Makefile.in (uninstall): installing bug buddy data files

	* XMLTools.cc: '-' as output file name prints to stdout.

	* PrintDialog.cc (run): fixed bug with passing currenlty
	selected node to XSLT transformation.

2001-04-26  Vadim Zaliva  <lord@crocodile.org>

	* XMLTools.cc (setDTD): 
	* FWObjectDatabase.cc (saveXML): 
	* PrintDialog.cc (run): do not use temporaty files 
	for printing.

2001-04-25  Vadim Zaliva  <lord@crocodile.org>

	* PrintDialog.cc (run): 
	* FWObjectDatabase.cc (saveFile): Print w/o saving file.
	(Task #30300)

2001-04-25  Vadim Kurland  <vadim@voyager.crocodile.org>

	* InterfacePolicy.cc: Added "Srv" to InterfacePolicy

	* Rule.cc (fromXML): now show warning dialog if general policy 
	  rule has interface or direction specified. Rule will be loaded
	  with interface and direction attirbutes erased.

	* fwcompiler.c (scan_Policy): now print error message and bail out
	  if general policy rule has interface or direction specified.

2001-04-24  Vadim Kurland  <vadim@voyager.crocodile.org>

	* configure.in : correct checking for paths for libxml2 and libxslt
	  Now configure will use dynamic libraries if static ones could
	  not be found

2001-04-23  Vadim Kurland  <vadim@voyager.crocodile.org>

	* policy-ascii.xsl (ref): plain ascii printing transformation

2001-04-22  Vadim Kurland  <vadim@voyager.crocodile.org>

	* iptables.c (processTCPorUDP): --tcp-flags and --syn are
	  now supported

	* FWObjectDatabase.xslt: fixed typo 
	  (line 130, was: UPD, should be: UDP)

	* FirewallDialog.cc (on_find_compiler_clicked): implemented
	  "browse" button callback for custom compiler lookup

	* resources.xml.in: ipchains is gone. Now it even won't show up in
	  platforms drop-down menu in FirewallDialog

2001-04-22  Vadim Zaliva  <lord@crocodile.org>

	* XMLTools.cc: protected access to XML/XSLT
	library params with locks.

2001-04-21  Vadim Zaliva  <lord@crocodile.org>

	* PrintDialog.cc (run): XSLT specific code moved
	to XMLTools.cc. As result, XSLT error messsages
	during print are caught and shown to user.

	* XMLTools.hh:
	* XMLTools.cc (transformDocument): complete XSLT/XML
	error interception.

2001-04-19  Vadim Zaliva  <lord@crocodile.org>

	* XMLTools.cc (convert): intercepting conversion
	error messages and reporting them to the user.

2001-04-18  Vadim Zaliva  <lord@crocodile.org>

	* XMLTools.cc (convert): comparing version numbers
	(loadFile): making backup copy of converted files.
	restoring from backup if conversion failed.
	(loadFile): showing confirmation dialog.

	* XMLTools.hh: 
	* XMLTools.hh: migrating data files on load using XSLT transformations.

	* fwbuilder.spec.in (Group): filters and migration dirs added.
	* Makefile.in (install): makefile added

2001-04-16  Vadim Zaliva  <lord@crocodile.org>

	* XMLTools.cc (saveFile): 
	* Preferences.cc (savePrefs): 
	* FWObjectDatabase.cc (saveFile): 
	Consolidated XML files saving, with DTD/doctype
	handling into one place.

	* Makefile.in: installing/uninstalling
	preferences DTD.

	* XMLTools.cc (loadFile): 
	* Preferences.cc (loadPrefs): 
	* FWObjectDatabase.cc (load): 
	Consolidated XML files loading with version checking
	and validation into one place

	* fwbuilder_preferences.dtd.in: minor syntax tweaking

	* fwbuilder_prefs.xml.in: added DOCTYPE

	* fwbuilder_preferences.dtd.in: 
	* configure.in: setting preferences file version
	using autoconf.

	* FWObjectDatabase.cc (saveFile): do not specify
	full path to DTD when saving.

	* fwbuilder.cc (main): 
	* XMLTools.cc (fwbExternalEntityLoader): loading DTD files
	from template directory.

	* translate087preferences.xsl: initial version
	from from Friedhelm Duesterhoeft.

	* translate087objects.xsl: new version 
	from Friedhelm Duesterhoeft.
	added NATRuleOptions
        added FirewallOptions
        added PolicyRuleOptions
        added fixed version 1.0 to FWObjectDatabase

	* fwbuilder_preferences.dtd: DTD for preferences
	file from Friedhelm Duesterhoeft.

	* main_window.cc (on_print_activate): passing id of
	currently selected node to print dialogue

	* PrintDialog.cc (PrintDialog): added controls allowing
	to choose between printing all tree and current object only.
	Passing ID of currenlty selected node to XSLT processor.

2001-04-14  Vadim Kurland  <vadim@voyager.crocodile.org>

	* ICMPServiceDialog.cc (dlg2wrk): ICMP dialog now supports
	  "Any icmp type" and provides verbose ICMP types and codes names.
	  Support for "any icmp" tested with iptables compiler

	* fixes and improvements in fwbuilder.spec - incorporated patches
	  from Carlo Wood

2001-04-13  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Resources.cc (getResourceInt): added couple of convenient
	methods 
	* moved SmallIconsSize and LargeIconsSize from preferences
	to resources

2001-04-11  Vadim Zaliva  <lord@crocodile.org>

	* FWObjectDatabase.cc (load): checking for version attribute.

	* XMLTools.cc (getXmlNodeByPath): moved all xml helpers to
	this class.

2001-04-11  Vadim Kurland  <vadim@voyager.crocodile.org>

	* ObjectTree.cc (TreePopupMenu): added function "Duplicate" to 
	  menu "Edit" and popup menu in the tree

2001-04-10  Vadim Kurland  <vadim@voyager.crocodile.org>

	* configure.in: now statically linking with gtk--,
	  libxml2 and libxslt

2001-04-10  Vadim Zaliva  <lord@crocodile.org>

	* PrintDialog.cc (savePrefs): Printing preferences load/save.
	* fwbuilder_prefs.xml.in: added Printing preferences

2001-04-10  Vadim Kurland  <vadim@voyager.crocodile.org>

	* FWObjectDatabase.cc (saveFile): fixed file saving for libxml2

2001-04-09  Vadim Zaliva  <lord@crocodile.org>

	* Requirements: 
	* configure.in: 
	* Makefile.in (XSLT_CFLAGS): Added libxslt detection and
	usage.

	* configure.in: libxml2 detection

	* translate087objects.xsl: new delivery from Friedhelm Duesterhoeft.
	It conforms DTD v1.40.

2001-04-08  Vadim Zaliva  <lord@crocodile.org>

	* Makefile.in (depend): passing file names to 'makedepend'.
	* PrintDialog.cc (PrintDialog): added

2001-04-08  Vadim Kurland  <vadim@voyager.crocodile.org>

	* StandardRulesDruid.cc (StandardRulesDruid): Druid redesigned. Now
	 druid offers different questions for three network configurations:
	 1. firewall protects local host
	 2. firewall protects only internal network
	 3. firewall protects internal network and DMZ

	* post-glade.pl: modifications to this script allow for incremental
	  compile after GUI changes made by glade

2001-04-07  Vadim Kurland  <vadim@voyager.crocodile.org>

	* StandardRulesDruid.cc: druid corrected for new policy formats
	* New firewall option added: no_iochains_for_any. 
	
2001-04-06  Vadim Kurland  <vadim@voyager.crocodile.org>

	* iptables.c (parseOptions): implemented full support for firewall
	  options and policy rule options

2001-04-04  Vadim Kurland  <vadim@voyager.crocodile.org>

	* iptables.c : now compiler generates separate chain for each
	  policy rule and implements logging and action in this
	  chain. Support for rule options has been implemented too.

	* fwbuilder.dtd : added comment to PolicyRule

	* iptables.c (processInterfacePolicyRule): now correctly processing
	  negation in source and destination in iptables compiler

2001-04-01  Vadim Kurland  <vadim@voyager.crocodile.org>

	* fwbuilder.cc (main): fixed bug when exception thrown while
	loading preferences caused core dump

2001-04-01  Vadim Zaliva  <lord@crocodile.org>

	* Preferences.cc (loadPrefs): versioning of preferences file.

2001-04-01  Vadim Kurland  <vadim@voyager.crocodile.org>

	* iptables.c: iptables compiler now takes into account cases when
	  firewall has multiple interfaces and cases when firewall's
	  interfaces have dynamic address

2001-03-29  Vadim Kurland  <vadim@voyager.crocodile.org>

	* fwcompiler.c Policy attached to firewall interface is now processed
	  before "main" firewall policy

	* iptables.c compiler generates code for chains INPUT and OUTPUT
	  if policy rule applies to the firewall object; otherwise it
	  generates code for the FORWARD chain
	
	
2001-03-25  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Implemented Scratch pad which works as a mirror of the main
	  obejcts tree. All dialogs edit object's copies in scratch pad,
	  which then gets copied back to the main object tree when user
	  clicks "Apply" button. This provides for "Undo" function in all
	  dialogs, including complex ones such as policy editing

	
2001-03-23  Vadim Kurland  <vadim@voyager.crocodile.org>

	* ExecBgr.cc : background operations use exceptions to handle
	errors now. Many improvements have been made to error handling
	and more controls added.
	
2001-03-22  Vadim Kurland  <vadim@voyager.crocodile.org>

	* InterfacePolicy.cc (InterfacePolicy): class for policy attached
	to firewall interface

	* FirewallDialog.cc (showInterfacePolicy): FirewallDialog now
	shows and allows to edit policy attached to firewall interfaces

2001-03-21  Vadim Kurland  <vadim@voyager.crocodile.org>

	* PolicyListItem.cc (PolicyListObjectItem): first attempt at
	  showing objects properties in a pop-up window (using tooltips
	  for now) when mouse is over the object's icon in policy

	* Now using glade-- v0.5.11f (current cvs checkout). This fixed
	  problem with radio buttons in OptionsDialog

2001-03-19  Vadim Kurland  <vadim@voyager.crocodile.org>

	* fwbuilder.dtd (NATRule): added attribute "disabled"

2001-03-18  Vadim Kurland  <vadim@voyager.crocodile.org>

	* fwbuilder.dtd (Host, Firewall): netmask is gone

2001-03-16  Vadim Kurland  <vadim@voyager.crocodile.org>

	* FWIntervalReference.hh (class FWIntervalReference): yet another
	type of reference

2001-03-15  Vadim Kurland  <vadim@voyager.crocodile.org>

	* fwbuilder.dtd (): added %STD_ATTRIBUTES to NAT and Policy
	  created element Option
	  added attribute "dyn" to Interface

	* FirewallOptions.cc (fromXML):  now we store firewall
	 platform-specific options in class FirewallOptions instead of
	 Firewall

2001-03-14  Vadim Kurland  <vadim@voyager.crocodile.org>

	* FWData.hh: this class is used to store "options" data for policy
	and NAT rules and firewall objects

	* RuleElement.cc (RuleElement): all specific rule elements are now
	  inherited from RuleElement and corresponding Group (ObjectGroup,
	  ServiceGroup, IntervalGroup) using virtual inheritance


2001-03-14  Vadim Zaliva  <lord@crocodile.org>

	* FWObjectDatabase.cc (saveFile): adding DOCTYPE to generated XML
	documents.

2001-03-12  Vadim Kurland  <vadim@voyager.crocodile.org>

	* FirewallDialog.cc (dlg2wrk): "dynamic address" is now an option
	for interface, not firewall object

	* Interface.cc (Interface): added attribute "dynamic address"

2001-03-11  Vadim Kurland  <vadim@voyager.crocodile.org>

	* UDPService.hh (class    UDPService): class and file renamed

	* TCPService.hh (class    TCPService): class and file renamed

	* ICMPService.hh (class ICMPService): class and file renamed

	* IPService.hh (class IPService): class and file renamed

	* Host.hh (class Host): class and file renamed

	* Network.hh (class Network): class and file renamed

	* Firewall.hh (class Firewall): class and file renamed

	* Interval.hh (class Interval): class and file renamed

	* RuleElement.hh: new classes RuleElementSrc, RuleElementDst etc.

	* resources.xml.in: platforms and RuleElement descriptors added

	* Group.cc (setAnyElement): few methods added to Group. These methods
	support RuleElement and its descendants

2001-03-10  Vadim Kurland  <vadim@voyager.crocodile.org>

	* RuleSet.hh: new class. Policy and NAT are now derived from
	  RuleSet

2001-03-09  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Resources.cc (getPlatforms): created few new specialized methods
	in Resources

2001-03-07  Vadim Kurland  <vadim@voyager.crocodile.org>

	* FWObject.cc (validateChild): this virtual method checks child's
	type and prevents loops.

	* ServiceGroup.hh (class ServiceGroup): classes ServiceGroup,
	ObjectGroup and IntervalGroup created.

2001-03-04  Vadim Kurland  <vadim@voyager.crocodile.org>

	* FWObject.hh (FWObject*>): method bool isSystem() replaced old
	  Permissions.  Permissions completely eliminated.

	* Makefile.in (install): installs/uninstalls resources file

	* fwbuilder.cc (main): loading resources just before preferences

	* resources.xml: resources data moved from the old preferences
	  template file

	* Resources.hh (class Resources): class Resources created

2001-03-04  Vadim Zaliva  <lord@crocodile.org>

	* FWObjectDatabase.cc (saveFile): setting DTD when saving file.

2001-03-03  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Preferences.cc (getResource): handful of methods for resources
	manipulation. These methods will eventually move to a dedicated
	class Resources.

	* FWObject.cc (checkPermission): now permissions are stored in
	Preferences instead of the object itself. setPermissions method
	will be phased out soon. In the future permissions will move from
	Preferences to Resources.

	* FWObjectDatabase.hh (class FWObjectDatabase): fixed typo in
	definition of struct StandardObjects

2001-02-25  Vadim Zaliva  <lord@crocodile.org>

	* FWReference.cc: 'id' based implementation.

	* FWObject.hh (FWObject*>): getById getByType methods replacing
	old one: get().

2001-02-08  Vadim Zaliva  <lord@crocodile.org>

	* fwbuilder.dtd (Firewall): Firewall has Address optional - it may
	not be defined in certain situations.  Added notion of interval
	groups. Reorganized 'Time' element content.

2001-02-07  Vadim Zaliva  <lord@crocodile.org>

	* fwbuilder.dtd (PolicyRule): 'When' reference add to NAT, PolicyRule.

	* Makefile.in: AnyTime, AnyService classes removed.

2001-02-01  Vadim Zaliva  <lord@crocodile.org>

	* configure.in: version 0.8.7

	* fwbuilder.dtd: this could be called first
	prototype of DTD which we will use in future.

2001-02-01  Vadim Kurland  <vadim@voyager.crocodile.org>

	* fwcompiler.c (main): static arrays eliminated in favor of
	GSList (from glib)

2001-01-31  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Makefile.in (GLIB_CFLAGS): need GLIB CFLAGS to compile fwbuilder.c

2001-01-29  Vadim Zaliva  <lord@crocodile.org>

	* fwbuilder.dtd (TODO): typing of attributes.
	(TODO): compiler-specific options added.

2001-01-28  Vadim Zaliva  <lord@crocodile.org>

	* Makefile.in (distclean): fwbuilder.spec removed.

	* fwbuilder.spec.in (Group): Credits and FAQ files added 
	to RPM.

	* Incorporated patch from
	Jeremy T. Bouse <undrgrid@toons.UnderGrid.net> to
	support libxml2.

2001-01-27  Vadim Zaliva  <lord@crocodile.org>

	* fwbuilder.dtd: major rework of DTD.

2001-01-24  Vadim Kurland  <vadim@voyager.crocodile.org>

	* iptables.c (processSNAT): implemented MASQUERADE versus SNAT support
	  for dynamic addresses

	* README.examples: minor corrections to the example description

2001-01-23  Vadim Zaliva  <lord@crocodile.org>

	* Preferences.cc (Preferences): corrected problem
	with not detecting problem when preferences
	file could not be written.

2001-01-23  Vadim Kurland  <vadim@voyager.crocodile.org>

	* FirewallDialog.cc (on_snmp_get_descr_released): getting firewall
	  description, location and contact via SNMP
	  (wrk2dlg): storing parameters for ipfilter platform

	* snmp.cc (run): SNMP_sysdesc_query implemented

	* iptables.c (prologue): logging parameters implemented

2001-01-22  Vadim Kurland  <vadim@voyager.crocodile.org>

	* FirewallObject.cc (fromXML): loading platform-specific parameters

	* FirewallDialog.cc (FirewallDialog): fixed checkboxes alignment

2001-01-21  Vadim Zaliva  <lord@crocodile.org>

	* all xml files moved to etc. 

2001-01-21  Vadim Kurland  <vadim@voyager.crocodile.org>

	* FirewallDialog.cc (wrk2dlg): new options for ipchains and iptables
	  platforms

	* StandardRulesDruid.cc (on_finish): automatic generation of
	"net_junk" rule disabled

	* FirewallDialog.cc (dlg2wrk): check address validity before we
	  save the data

	* iptables.c (prologue): code produced by this compiler works!

	* FirewallDialog.cc (wrk2dlg): additional parameters for iptables
	  firewalls

2001-01-20  Vadim Kurland  <vadim@voyager.crocodile.org>

	* iptables.c: compiler produces code with no syntax errors

2001-01-20  Vadim Zaliva  <lord@crocodile.org>

	* listicons.sh: rewritten to shell/sed to avoid gawk.
	(for solaris).

2001-01-20  Vadim Kurland  <vadim@voyager.crocodile.org>

	* configure.in (TEMPLATE_DIR): fixed bug where bogus directory
	  path was stored in config.h during RPM build

	* fwbuilder.cc (main): fixed bug when we needed to report error
	  which happened while loading Preferences but MessageDialog in
	  turn needed Preferences to be already loaded.

2001-01-17  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Makefile.in (uninstall): uninstall target created

	* src/gui/main_window.cc (on_saveas1_activate): saveas does not
	erase current loaded object file name anymore, so we can figure
	out current working directory and open file selector dialog in
	that directory

	* src/gui/Preferences.cc (getWdir): this how we chose working
	directory to load/store files and to pass as a parameter to
	compiler: We use directory set in preferences if there was no
	object file loaded yet, and directory where it was loaded from
	otherwise

	* src/gui/NATDialog.cc (NATDialog): fixed bug #128967 

2001-01-16  Vadim Kurland  <vadim@voyager.crocodile.org>

	* examples/README:       added example description file
	  examples/objects.xml:  example objects file
	
2001-01-15  Vadim Kurland  <vadim@voyager.crocodile.org>

	* src/gui/PolicyListItem.cc (paint): long comment text line
	  folding implemented

2001-01-15  Vadim Zaliva  <lord@crocodile.org>

	* src/gui/GroupDialog.cc (GroupDialog): compiler warrning avoided.

	* src/gui/BackgroundOp.hh (Data ): run_impl is pure virtual now.
	* src/gui/Rule.cc: removed some debug output to stderr.

2001-01-15  Vadim Kurland  <vadim@voyager.crocodile.org>

	* src/gui/PolicyListItem.cc (PolicyListCommentItem): class for Policy
	rule comment

2001-01-15  Vadim Zaliva  <lord@crocodile.org>

	* src/gui/FWObjectDatabase.cc (load): better detection of
	invalid input file structure.

2001-01-15  Vadim Kurland  <vadim@voyager.crocodile.org>

        * changed #include <gnome-xml/parser.h> to #include <parser.h>
	everywhere to resolve build problem with libxml in unusual place
	
	* src/gui/HostObject.cc (HostObject): set default snmp read
	community to "public" as a wide spread default value. If object has
	different community string, its value will be read from XML file and
	will override default.

	* src/gui/NetworkDialog.cc (on_obj_addr_focus_out_event): automatically
	sets suggested netmask based on network's IP address

	* src/gui/HostDialog.cc (dlg2wrk): now checks address syntax

	* src/gui/NetworkDialog.cc (dlg2wrk): now checks address and 
	netmask syntax

	* src/gui/helpers.cc (checkIPaddress): checks IP address validity
	                     (getNaturalNetmask): returns "natural" 
			     classfull netmask for given IP address

2001-01-14  Vadim Kurland  <vadim@voyager.crocodile.org>

	* configure.in (FWB_MICRO_VERSION): set version to 0.8.6
	* configure.in :  Now we define version in configure.in

2001-01-09  Vadim Kurland  <vadim@voyager.crocodile.org>

	* src/gui/MessageDialog.hh (class MessageDialog): added new dialog
	  type (error with message text and error code); also changed all
	  static dialog creation methods so they accept const string& as
	  parameters

	* added error dialogs everywhere

2001-01-09  Vadim Zaliva  <lord@crocodile.org>

	* src/gui/main_window.cc: catch loading/saving errors.

	* src/gui/fwbuilder.cc (main): handling initial
	file loading errors.

	* src/gui/FWObjectDatabase.hh (class FWObjectDatabase): 
	* src/gui/FWObjectDatabase.cc: load/save methods
	now throw exceptions.

	* src/gui/fwbuilder.cc (main): handling load preferences
	error.

	* src/gui/OptionsDlg.cc (run): catching save error.

	* src/gui/Preferences.cc: throwing exceptions
	on save/load errors.

	* src/gui/FWException.cc: 
	* src/gui/FWException.hh: Base exception class.

2001-01-08  Vadim Kurland  <vadim@voyager.crocodile.org>

	* src/gui/FWObject.cc (setDirty): method sets "dirty" flag for
	  the object and possibly its children.

	* src/gui/FWObject.cc (isDirty): method checks dirty flag for this
	  object and possibly its children

	* src/gui/FWObject.hh (FWObject*>): boolean flag "dirty" - 
	  indicates data has been modified. 

	* src/gui/FWObjectDatabase.cc (saveIfModified): this method checks
	  for unsaved data in the database and asks user whether they want
	  to save it
	
	* src/gui/FWObjectDatabase.cc (load): now checking for unsaved
	  data before loading

	* src/gui/MessageDialog.cc (MessageDialog): new dialog type: 
	  question dialog with three buttons - "Yes", "No", "Cancel"

	* src/gui/main_window.cc (destroy_handler): now checking for unsaved
	  data if main window gets destroyed

	* src/gui/FileSel.cc (FileSel): file selector dialog now opens
	  in the working directory 

	* src/gui/CompileDialog.cc (CompileDialog): passing working dir
	  parameter to compiler via command line ( "-d" )

	* src/gui/OptionsDlg.cc (OptionsDlg): "Working directory" option
	  added to Options dialog

2001-01-08  Vadim Zaliva  <lord@crocodile.org>

	* src/compiler-framework/fwcompiler.c (main): -d option added.

	* src/gui/main_window.cc (on_compile): 
	* src/gui/CompileDialog.hh (class CompileDialog): 
	* src/gui/CompileDialog.cc (run): 
	* src/gui/FWObjectDatabase.cc (getFileName): 
	* src/gui/FWObjectDatabase.hh (class FWObjectDatabase): 
	Passing file name parameter to compiler
	
	* src/gui/main_window.cc (on_new1_activate): 
	* src/gui/FWObjectDatabase.cc: 
	* src/gui/FWObjectDatabase.hh (class FWObjectDatabase): 
	* src/gui/fwbuilder.cc (main): loading file from
	command line (-f, --file).
	Loading default database on startup.

2001-01-08  Vadim Kurland  <vadim@voyager.crocodile.org>

	* configure.in (DOCDIR): checking for docs directory ( /usr/doc
	  versus /usr/share/doc )

	* src/gui/DialogPlugin.cc: dialog text typo corrected

	* src/gui/FWObjectDatabase.cc (FWObjectDatabase): now setting 
	  permissions for objects created as a part of empty database

	* src/gui/FWObject.cc (setPermission): setPermission method
	  added

2001-01-07  Vadim Kurland  <vadim@voyager.crocodile.org>

	* src/iptables/iptables.c: first version of iptables compiler,
	  based on ipchains compiler

	* src/gui/fwbuilder_prefs.xml: added definition for iptables
	  Policy and NAT

	* configure.in (PACKAGE_PIXMAPS_DIR): added iptables support

	* src/iptables/Makefile.in: added directory and Makefile.in for
	  iptables. Started development for iptables

2001-01-07  Vadim Zaliva  <lord@crocodile.org>

	* src/gui/main_window_menu.cc (build_menu): Objects renamed to Insert.

	* src/compiler-framework/fwcompiler.c (main): restring changes
	lost in CVS reorg.

	* src/gui/FWObjectDatabase.cc (setFileName): 
	* src/gui/main_window.hh (class Main_window): 
	* src/gui/main_window.cc (on_saveas1_activate):
	(on_new1_activate): 
	* src/gui/main_window2.cc (OpenObject): Save, SaveAs, New implemented.

2001-01-06  Vadim Zaliva  <lord@crocodile.org>

	* src/gui/main_window_menu.cc (build_menu): "Objects" menu
	created.

	* src/gui/fwbuilder.cc (main): do now load default files
	on startup.

	* src/gui/Preferences.hh: misc cleanup
	* src/gui/Preferences.cc (Preferences): copying default preferences file
	to ~/.fwuilded. No longer we create ~/fwbuilder directory.

2001-01-05  Vadim Kurland  <vadim@voyager.crocodile.org>

	* src/gui/ObjectTree.cc (on_pasteobj): checks permissions
	                        (on_cutobj): check permissions
				(on_copyobj): check permissions

	* src/gui/FWObject.hh (FWObject*>): added set of permissions for
	FWObject

	* src/gui/ObjectTree.cc (TreePopupMenu): pop-up menu has its items
	  deactivated if object can not be removed or copied

	* src/gui/ListOfIcons.cc (on_button_release_event): pop-up menu
	has its items deactivated just like that in ObjectTree.cc

	* src/gui/GroupDialog.cc (dlg2wrk): fixed bug in object removal

	

2001-01-04  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Makefile.in (distclean): now even cleaner

	* src/gui/main_window.cc (Main_window): fixed bug where program
	  used to give Gtk-CRITICAL warning on exit ( Bug ID 127496 )

2001-01-04  Vadim Zaliva  <lord@crocodile.org>

	* fwbuilder.spec: version 0.8.3 released

2001-01-03  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Makefile.in (rpm): added makefile target "rpm". This will build
	  snapshot usoing cvs export and then run script build_rpm.sh
	* build_rpm.sh: this script will build rpms

	* Version number for snapshot is taken from fwbuilder.spec
	  file. To generate snapshot and tar.gz for RPM one needs to edit
	  fwbuilder.spec file and then do "make tar"

2001-01-03  Vadim Zaliva  <lord@crocodile.org>

	* fwbuilder.spec: created SPEC file for building RPM package

	* doc/Makefile (install): install-doc is separate target

	* src/gui/Tools.cc: 
	* src/gui/Tools.hh: Added new files for misc tools

	* src/gui/Preferences.cc (getNodeByPath): 
	* src/gui/PolicyListElement.cc (popup_menu): 
	* src/gui/GroupDialog.cc (GroupDialog): 
	* src/gui/ListOfIcons.cc (on_button_release_event): 
	(on_button_release_event): replaced g_new/g_free/g_strdup
	with new, delete, cxx_strdup.

	* src/gui/HostObject.cc (get_if_names): 
	* src/gui/FWObject.cc (getPath): 
	(FWObject): 

	* src/compiler-framework/fwcompiler.h: Copyright added.

	* src/compiler-framework/Makefile.in: install goal added.

	* src/ipfilter/Makefile.in: 
	* src/ipchains/Makefile.in: 'install' goal corrected.

2001-01-02  Vadim Kurland  <vadim@voyager.crocodile.org>

	* merging fwbuilder and fwcompiler in one CVS tree
	* added Makefile.in in doc subdir. Documents will be installed
	  in $(prefix)/doc
	
2001-01-02  Vadim Zaliva  <lord@crocodile.org>

	* src/MessageDialog_glade.cc: removed icon init to avoid
	runtime warnings.

2000-12-27  Vadim Kurland  <vadim@voyager.crocodile.org>

	* src/*.cc: converted to isA and cast methods everywhere

2000-12-27  Vadim Zaliva  <lord@crocodile.org>

	* src/*.hh: isA() and cast() methods added to all
	subclasses of FWObject.

	* src/ListOfIcons.cc (addObject): fixed chrash when showing group
	with references.

2000-12-26  Vadim Zaliva  <lord@crocodile.org>

	* src/Makefile.in (install): install also installs icons

2000-12-25  Vadim Zaliva  <lord@crocodile.org>

	* Makefile.in (distclean): 'distclean' goal added.

2000-12-23  Vadim Kurland  <vadim@voyager.crocodile.org>

	* src/Preferences.cc (Preferences): now program looks for
	  fwbuilder_prefs.xml and objects_init.xml in the directory
	  defined by INIT_DIR

	* config.h.in: added #define for INIT_DIR

	* src/Makefile.in (PACKAGE_PIXMAPS_DIR): PACKAGE_PIXMPAP_DIR is
	  now defined relatively to $prefix

2000-12-21  Vadim Kurland  <vadim@voyager.crocodile.org>

	* added copyright notice to all .cc and .hh files, except those
	  generated by glade
	
	* src/Rule.cc (Rule): read "hidden" status from preferences
	  in constructor

	* src/RuleElement.cc (RuleElement): read "hidden" status from
	  preferences in constructor

2000-12-20  Vadim Kurland  <vadim@voyager.crocodile.org>

	* acsite.m4: redefined macro AC_TRY_RUN_NATIVE to fix an error
	  with gcc 2.96 (originally macro defined exit(int) which
	  conflicted with previous definition in
	  /usr/include/stdlib.h). gcc 2.91 just issued warning on this,
	  while gcc 2.96 considered this to be an error

	* configure.in:  rule checking for /usr/include/g++-3 has been refined.
	  If system has been upgraded from RH 6.2 to RH 7.0 then both 
	  /usr/include/g++-2 and /usr/include/g++-3 exist. We should pick 
	  only  /usr/include/g++-3 in this case


2000-12-19  Vadim Kurland  <vadim@voyager.crocodile.org>

	* src/fwbuilder_prefs.xml.in: fwbuilder_prefs.xml is now generated
	  by configure

	* src/Makefile.in (snapshot): added target "snapshot"

	* src/PolicyListItem.cc (paint): switched to queue_draw everywhere 
	  and updated drawing method to use Gdk_GC consistently

	* src/NAT.cc (updateMainMenu): enable/disable main menu items

	* src/Policy.cc (updateMainMenu): enable/disable main menu items

	* src/FirewallObject.cc (updateMainMenu): enable/disable main menu
	  items in "Policy"

2000-12-18  Vadim Kurland  <vadim@voyager.crocodile.org>

	* src/FWObject.cc (updateMainMenu): this virtual method
	  enables or disables appropriate main menu items.

	* aclocal.m4: added functions which test for particluar headers:
	  AC_TEST_FILES and AC_SEARCH_HEADERS

	* Makefile.in: subdirectories processing is done through .PHONY target
	 
	* doc/Requirements: updated requirements
	* bugfixes
	
2000-12-16  Vadim Kurland  <vadim@voyager.crocodile.org>

	* src/StandardRulesDruid.cc (on_finish): bugfixes

	* doc/README: descriptions of all object types added

	* AUTHORS (Credits): updated AUTHORS file

	* src/objects_init.xml: added group "Time" and object "AnyTime"

	* src/fwbuilder_prefs.xml: definition for TIME object; added
	  time to policy definition for all supported platforms

	* src/AnyTime.cc: initial implementation

	* src/TimeObject.cc: Initial implementation of TimeObject

	* src/main_window.cc (Main_window): left and right panels in the main
	  window simplified and are not built by glade anymore

2000-12-15  Vadim Kurland  <vadim@voyager.crocodile.org>

	* src/main_window_menu.cc (build_menu): another way to build menus.

	* src/main_window.cc (extractPolicyList): trying to avoid excessive
	  use of dynamic_cast. I now tell PolicyDialog from NATDialog using
	  widget name
	* dynamic_cast replaced everywhere, now using getTypeName()

2000-12-14  Vadim Kurland  <vadim@voyager.crocodile.org>

	* src/fwbuilder.cc (main): no need to initialize imlib if
	  compile with gnome support - gnome_init does it

2000-12-14  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Global key accelerator group implemented
	
2000-12-14  Vadim Zaliva  <lord@crocodile.org>

	* src/GroupDialog_glade.cc (N_): get rid of one more nasty
	compilation warnings.

2000-12-13  Vadim Kurland  <vadim@voyager.crocodile.org>

	* gnome-wrappers/iconlist.{cc,hh}  :  wrapper for gnome widget
	  icon_list
	* GroupDialog now uses our wrapper class IconList
	* Doubleclick on the object in a group view opens object
	
2000-12-13  Vadim Zaliva  <lord@crocodile.org>

	* src/main_window_menu.cc (GNOMEUIINFO_MENU_NEW_SUBTREE): workaround
	to solve compilation problem under gcc 2.96

	* src/Makefile.in ($(GNOME_WRAPPERS_LIB)): add dependency 
	to gnome-wrappers/*.o which does not work.

	* src/Iconlist.cc (IconList): 
	* src/TextDlg.cc (TextDlg): 
	* src/BackgroundOpDisplay.cc (ConnectSignals): 
	* src/NATDialog.cc (NATDialog): 
	* src/PolicyDialog.cc (PolicyDialog): 
	* src/PolicyList.cc (PolicyList): 
	* src/PolicyListItem.cc (PolicyListItem): 
	* src/PolicyListElement.cc (PolicyListRuleNum): 
	(constructor): 
	* src/GroupDialog.cc (GroupDialog): 
	* src/About.cc (About): gcc 2.96 compilatiom pb. Corrected syntax
	of taking address of method.

	* src/PolicyListElement.cc (request_focus): 
	focus() renamed to request_focus()

	* src/PolicyListElement.hh: get_row(), get_col() return type added.
	focus() renamed to request_focus()

	* src/PolicyListElement.cc (popup_menu): unused variable pl commented

	* src/Preferences.cc (getNodeByRelPath): commented out unused method.

	* configure: removed exit() method prototype which conflicts
	with one from stdlib.

	* src/PolicyList.hh: 
	* src/PolicyList.cc (request_focus): focus() renamed to request_focus()

	* src/gnome-wrappers/wrappers.hh: undef syntax corrected
	to avoid compiler warnings.

	* src/Makefile.in (clean): clean target added

2000-12-12  Vadim Kurland  <vadim@voyager.crocodile.org>

	* configure.in, Makefile.in reimplemented. Now we do not use
	  those built by glade for us.
	
2000-12-11  Vadim Kurland  <vadim@voyager.crocodile.org>

	* FWObject::map is now map<const gchar*,const gchar*,ltstr>
	* FWObject can now store data of three types: String, Int, Bool
	
2000-12-3  Vadim Kurland  <vadim@voyager.crocodile.org>

	* PolicyListItem drawing method reimplemented using plain
	  gdk routines. Everything works just fine.
	* bugfixes
	* ICMP code -1 now means any code. Compiler generates 
	  code which takes only icmp type into consideration

2000-12-2  Vadim Kurland  <vadim@voyager.crocodile.org>
	
	* Class PolicyListItem completely reimplemented as custom widget
	  derived from Gtk::Widget. It turned out to be surprisingly 
	  simpler to do it this way.
	* Class LabelWithEffects is not needed anymore; files have been
	  removed from CVS
	* Still working on a bug where object tree lines lose color once
	  policy has been displayed. Something is wrong with style or
	  Gdk_GC processing in PolicyListItem

2000-12-1  Vadim Kurland  <vadim@voyager.crocodile.org>
	
	* Implemented "disable rule" function in GUI
	* LabelWithEffects can now display text string with pixmap background
	  ( used in PolicyListRuleNum class to display rule number which
	    can be double-crossed if rule is disabled )

2000-11-29  Vadim Kurland  <vadim@voyager.crocodile.org>
	
	* Policy rule drag&drop methods now use actual rule screen 
	  snapshot as a drag icon
	* Added some imlib image manipulation to this snapshot to make 
	  it easily distinguishable from the rest of the picture on 
	  the screen. 

2000-11-28  Vadim Kurland  <vadim@voyager.crocodile.org>
	
	* Got rid of "path" and all supporting methods. Now we keep
	  pointer to parent in each FWObject, which allows us to easily
	  reconstruct path string on demand
	* pop-down menu appears on mouse button release (instead of button
	  press) in ObjectTree, PolicyList and IconsList
	* added attribute "hidden". Now each object can be made
	  hidden, so it won't show up in ObjectTree and groups. There is
	  no GUI mechanism to set this attribute as of yet

2000-11-26  Vadim Kurland  <vadim@voyager.crocodile.org>

        * algorithm refinements for "any" objects and services. Now
          GUI inserts reference to the object "Any" instead of keeping
          rule element empty. This simplified somewhat algorithms for
	  objects removals and additions in rule elements as we now 
	  gaurantee that rule elements are never empty 
	* doc/README updated with compilation and installation instructions
	* Makefile.am updated for proper binary and *.xml files install,
	  as well as icons install. See README for details. 

2000-11-25 Vadim Kurland  <vadim@voyager.crocodile.org>

	* Druid now helps to build more or less complete basic policy.
	  If you don't know where to start with new firewall - start
	  with menu item "Help build firewall policy"
	* Object can now be dragged between policy elements
	* Menu item "compile" now actually calls compiler in the background
	  and shows its progress or errors in the dialog window.
	* policy rules can now be dragged to swap places and move rules
	  up or down.

2000-11-24 Vadim Kurland  <vadim@voyager.crocodile.org>

	* FWObject is now derived from list, not map.  This made 
	  manipulation of the order in which children are presented 
	  much easier. This change was needed for proper implementation
	  of Policy rules addition and insertion
	* some changes to fwbuilder_prefs.xml
	* bugfixes

2000-11-13 Vadim Kurland  <vadim@voyager.crocodile.org>

	* Druid is now called "Standard Protection Rules Druid" and
	  generates three types of rules:
	    - anti-spoofing rule
	    - rule dropping "short" fragments
	    - rule dropping "network junk", that is packets coming from
	      outside but not headed for our network
	* Druid consists of three pages, plus "final" page
	* program now automatically creates working directory
	  in user's home and copies default preferences file and initial
	  objects database there. See doc/README
	* Again new icons


2000-11-12 Vadim Kurland  <vadim@voyager.crocodile.org>

	* Now all object dialogs check object's name for syntax before
	  saving. Name must consist of alphanumeric characters and should
	  not start with number

2000-11-11 Vadim Kurland  <vadim@voyager.crocodile.org>

	* New policy element added: "Direction". This, together with "Target",
	  helps build anti-spoofing and other direction-dependant rules.
	* Anti-spoofing druid now actually builds rule on top of the policy
	* Preferences dialog now allows turning on and off visibility of 
	  individual policy elements
	* Original icons with transparent background restored
	* ICMP code and type terminology fixed

2000-11-9  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Preferences and database are stored in user's home directory now

2000-11-8  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Converting icons to .png using imlib

2000-11-7  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Druid for generating anti-spoofing rules implemented

2000-11-4  Vadim Kurland  <vadim@voyager.crocodile.org>

	* gnome-wrappers added. Dependency on gnome-- eliminated
	* preparations for "anti-spoofing rules" druid
	* main menu generating code streamlined using GnomeUIInfo for all
	  menu items and submenus
	* bugfixes

2000-11-3  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Some new icons


2000-11-1  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Icons can be of two different sizes now: large ones for
	  object dialogs and small ones for policy
	* Preferences code streamlined

2000-10-31  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Main menu code rewritten. I use gnome-- libraries and code
	  for menus and some other things. Getting ready to use "Druid"
	  widget for firewall policy Wizard
	* Got rid of dynamic menu item.  It was ugly from UI standpoint
	* "About" dialog added

2000-10-29  Vadim Kurland  <vadim@voyager.crocodile.org>

	* PortRange object is gone, use TCP and UDP instead
	* IP Object and dialog created

2000-10-27  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Additional icons

2000-10-24  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Preferences dialogs for different firewall platforms have been
	  implemented
	* Preferences for ipchains firewall implemented in both builder 
	  and compiler

2000-10-19  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Interfaces can now be marked as "external" and "internal" via GUI
	  This feature will help implementing NAT on various platforms
	  (such as ipchains, cisco)
	* NAT rules are now properly displayed and can be edited and stored.

2000-10-19  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Bugfixes in PolicyList

2000-10-15  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Bugfixes

2000-10-14  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Bugfixes
	* Now BuiltinDialog may appear with or without buttons "Save" and
	  "Undo" depending on the object definition in fwbuilder_pref.xml
	* "Move rule up" and "Move rule down" implemented

2000-10-12  Vadim Kurland  <vadim@voyager.crocodile.org>

	* completely got rid of direct references to rule descriptors in
	  fwbuilder.xml. Now we recalculate descriptors for policies, rules
	  and rule elements when we need them

2000-10-11  Vadim Kurland  <vadim@voyager.crocodile.org>

	* unnessesary references to rule and rule element descriptors
	  removed from XML representation. Now these descriptors are
	  being calculated when respective objects are built. This makes
	  XML file much cleaner


2000-10-10  Vadim Kurland  <vadim@voyager.crocodile.org>

	* XML paths for all objects and preferences now include 
	  root element (FWObjectDatabase or FWBuilderPreferences). This
	  makes design more systematic and allows for code reuse between
	  builder and compiler.

2000-10-09  Vadim Kurland  <vadim@voyager.crocodile.org>

	* minor changes to rule element descriptors. Adjustments for
	  compiler

2000-10-08  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Descriptors now are part of preferences.

2000-10-08  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Changes in XML storage: now XML nodes are named after
	  respective objects, with object type stored as attribute "_type"
	  This is needed to eliminate confusion between two different ways 
	  to handle object's path in the tree: one way is to compose
	  path from XML nodes names, another way is to use object's names.
	  We will assume path consists of XML nodes names, which are
	  now the same as corresponding objects names.

	  Next big step will be moving subtree "/Descriptors/" from
	  the main tree to Preferences. We already working with descriptors
	  using their path, so it won't be difficult to rewrite relevant
	  pieces of code to use preferences instead.

2000-10-07  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Accomodations for the policy compiler. Paths to compilers 
	  for all supported platforms are now stored in Preferences

	* Class Preferences now keeps data in XML tree instead 
	  of map<string,string>. Preferences should be accessed via
	  Preferences::getOpt method by their XML tree path
	
2000-10-01  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Further code refinement in rule element negation

2000-09-30  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Rule element negation implemented in GUI

2000-09-26  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Code cleanup. XPM icon file names for all object types are 
	now stored in XML file

2000-09-05  Vadim Kurland  <vadim@voyager.crocodile.org>

	* New class:  TypeDescriptor. Objects of this class contain
	descriptive information for various object types used in the system.
	Objects get stored in the static part of XML database under 
	"Descriptors". Verbose description for a given type can be retrieved
	using the following code fragment:

	here s contains type name ("FW") and ss will get description 
	("Firewall") from the type descriptor

	FWObject *typedsc=FWObjectsDatabase::db->get("/Descriptors/Types/"+s);
	ss=typedsc->getStr("description");

	GroupDialog shows allowed group members types using verbose 
	descriptions taken from TypeDescriptor for each type


2000-09-04  Vadim Kurland  <vadim@voyager.crocodile.org>

	* Classes ICMPObject, UDPObject and TCPObject have been adopted for
	storing data in XML

	* Class Group has got a list of types allowed for its children. 
	It is comma separated list of type names stored as string attribute 
	"allowed_types"  and provides for easy search and checks by name. 
	GroupDialog now shows all allowed types in the dialog. Upon creation
 	each group inherits allowed types from its ancestor, although group 
	may have this set trimmed for stricter control

	* New method:  FWObject::getParent(): looks for a parent of given
	object using its path

2000-09-02  Vadim Kurland  <vadim@voyager.crocodile.org>

	* All type comparisons converted to getTypeName(). FWObject::GetType()
	is obsolete now and is scheduled for removal. enum FWObjectType is also
	going to be phased out

	* RuleElementDescriptor now holds list of allowed object type names
	instead of integer with a bitmask of values from enum FWObjectType

	* class FWObjectDialog has been created. This is generic dialog for
	all classes which are not supposed to be visible for regular user.
	ObjectTree shows these objects after pressing magic key "F6", so 
	this dialog can then be used to open and potentially edit objects
	XML attributes.

	* bug fixes in the area of interfaces processing for both hosts and
	firewalls


2000-08-27  Vadim Kurland  <vadim@voyager.crocodile.org>

	* src/FWObjectClipboard.cc: FWObjectClipboard is now derived from	
	FWObjectReference

2000-08-27  Vadim Kurland  <vadim@voyager.crocodile.org>

	* src/fwbuilder.xml: Each Policy, Rule and RuleElement have now an
	attribute pointing to the corresponding descriptor as follows:

	Policy      -> RuleDescriptor        (record RD in xml file)
	Rule        -> RuleDescriptor        (record RD in xml file)
	RuleElement -> RuleElementDescriptor (record RED in xml file)

	This simplified descriptors manipulation significantly and allowed us
	to get rid of bunch of calls to FWObject::get
	
	* src/FWObject.cc (xfind): Method deprecated in favor of FWObject::get
	Code has been cleaned so FWObject::xfind is not used anymore.

2000-08-27  Vadim Kurland  <vadim@voyager.crocodile.org>

	* src/FWObject.cc (xfind): Method deprecated in favor of FWObject::get
	Code has been cleaned so FWObject::xfind is not used anymore.

2000-08-21  Vadim Kurland  <vadim@tahoe.crocodile.org>

        * src/Policy.cc (AppendRuleAfter): Now adding rules above and below
        of the given rule work properly

2000-08-20  Vadim Kurland  <vadim@tahoe.crocodile.org>

        * src/PolicyList.hh: Individual classes for standard policy elements
        have been added. These are:

        PolicyListRuleAction
        PolicyListRuleLog
        PolicyListRuleTarget
        PolicyListRuleComment
        

        * src/fwbuilder.xml: Following classes where converted to the new
        system of tree-like data storage:

        RuleDescriptor (Policy rule descriptor )
        RuleElementDescriptor (rule element descriptor)
        Rule (policy rule)
        RuleElement
        Policy

        data storage and loading for these classes have been implemented 
        and tested.

        This is the fisrt time we can store firewall policy and then load 
        it back!

        
        * src/ObjectTree.cc (on_key_press_event): 
        Secret keys for the left panel:

        press F5 to rebuild the tree 
        press F6 to toggle boolean flag show_all and rebuild the tree. 

        The "show_all" flag, if true, forces tree to show all the elements 
        ignoring their showInTree method

        * src/PolicyListElement.cc: PolicyListElement methods are now in 
        a separate file


2000-08-17  Vadim Kurland  <vadim@tahoe.crocodile.org>

        * src/FWObject.cc (fromXML): added protected method fromXML. I need
        to be able to initalize some fields in FWObjectsDatabase
        before we load data from XML file. Since XML parsing used to happen in
        the FWObject constructor, I could not initialize "path" field for
        the database object before actual XML parsing would happen. Hence
        method fromXML
        (addChild): This is where we keep track of the full path to the object.
        Every time we add object to another object, we take path of the parent,
        add slash "/" and name of the child at the end. The result gets stored
        in the child using setPath method. This way we keep track of the full
        path to every object in the database.  For this algorithm to work, 
        the "root" object - database itself - has to be "seeded" with its path
        name "/Database". That is why we needed fromXML method (see above)


2000-08-17  Vadim Zaliva  <lord@crocodile.org>

	* src/FWObject.hh (FWObject*>): find renamed to xfind to avoid name
	conflict with STL method.
	(FWObject*>): set/get Str/Int using const and reference to pass names.

	* src/FWObjectDatabase.cc (load): 
	* src/FWObject.cc (resolveReferences): 
	resolving references on load

	* src/FWObject.hh: 
	* src/FWObjectReference.hh: 
	* src/FWObjectReference.cc: 
	New tree object - reference to another one

2000-08-16  Vadim Zaliva  <lord@crocodile.org>

	* src/fwbuilder.xml: sample data file

	* src/Group.hh: 
	* src/Group.cc: 
	* src/FWObjectDatabase.cc: 
	* src/FWObjectDatabase.hh: 
	* src/FWObject.cc:
	* src/FWObject.hh:
	* src/HostObject.cc: 
	* src/HostObject.hh: 
	Loading xml files sekeleton.

2000-08-15  Vadim Zaliva  <lord@crocodile.org>

	* src/FWObjectDatabase.hh (class FWObjectsDatabase): removed methods
	which are already present in FWObjects.
	object_db variable removed and replaced with singelton.

2000-08-14  Vadim Zaliva  <lord@crocodile.org>

	* src/FileSel.cc (FileSel): default extension changed to .xml

	* src/FWObjectDatabase.cc (saveAs): database is now saved as root of
	xml tree.

	* src/FWObject.hh: FWObjectType converted to enum. Added value DATABASE.

	* src/FWObject.cc (toXML): saving to XML uses different schema - not nodes
	are object types.

	* src/FWObject.hh (FWObject*>): Find renamed to find() to matching coding
	style.

	* src/FWObject.cc (toXML): saving method added.

	* src/FWObjectDatabase.cc (saveAs): remembering filename we were loading to
	to use it for saving. Saving XML implemented.

2000-07-27  Vadim Zaliva  <lord@crocodile.org>

	* src/Preferences.cc (LoadPrefsFile): loading preferences from XML file.
	(SavePrefsFile): saving preferences in XML.

	* src/Preferences.hh: loadPrefsFile protected method added

	* src/Makefile.in (LIBS): added list of libraries detected by autoconf
	to link flags.

	* src/fwbuilder_prefs.xml: created this file for storing user preferences.

	* configure.in: added check for libxml

2000/4/29 23:51:53 PDT
        policy sheet implemented as CList with multiple lines per one rule

2000/4/30 12:58:07 PDT
        gen_popup_menu (generic popup menu class) implemented

	

2000/11/25 13:35:36 PST
	update files from .glade file

2000/11/25 13:35:53 PST
	update files from .glade file

2000/11/25 13:42:03 PST
	update files from .glade file

2000/11/25 13:42:26 PST
	update files from .glade file

2000/11/25 14:05:22 PST
	update files from .glade file

2000/11/25 14:12:19 PST
	update files from .glade file

2000/11/25 14:17:45 PST
	update files from .glade file

2000/11/25 14:52:01 PST
	update files from .glade file

2000/11/25 14:52:34 PST
	update files from .glade file

2000/11/25 14:53:16 PST
	update files from .glade file

2000/11/25 15:16:48 PST
	update files from .glade file

2000/11/30 0:11:16 PST
	update files from .glade file

2000/12/1 14:01:00 PST
	update files from .glade file

2000/12/3 23:20:01 PST
	update files from .glade file

2000/12/10 10:57:30 PST
	update files from .glade file

2000/12/10 11:41:13 PST
	update files from .glade file

2000/12/10 12:00:42 PST
	update files from .glade file

2000/12/10 12:04:47 PST
	update files from .glade file

2000/12/10 12:14:29 PST
	update files from .glade file

2000/12/10 12:15:55 PST
	update files from .glade file

2000/12/10 12:28:51 PST
	update files from .glade file

2000/12/10 12:29:07 PST
	update files from .glade file

2000/12/10 12:31:22 PST
	update files from .glade file

2000/12/11 22:14:41 PST
	update files from .glade file

2000/12/11 22:39:28 PST
	update files from .glade file

2000/12/11 22:57:08 PST
	update files from .glade file

2000/12/11 23:11:43 PST
	update files from .glade file

2000/12/11 23:52:09 PST
	update files from .glade file

2000/12/11 23:56:01 PST
	update files from .glade file

2000/12/16 1:14:00 PST
	update files from .glade file

2000/12/16 1:15:53 PST
	update files from .glade file

2000/12/16 1:29:13 PST
	update files from .glade file

2000/12/16 1:33:19 PST
	update files from .glade file

2000/12/16 2:04:55 PST
	update files from .glade file

2000/12/16 13:26:53 PST
	update files from .glade file

2000/12/16 13:35:44 PST
	update files from .glade file

2000/12/16 14:25:45 PST
	update files from .glade file

2000/12/16 21:35:07 PST
	update files from .glade file

2000/12/21 22:55:28 PST
	update files from .glade file

2000/12/21 23:45:51 PST
	update files from .glade file
