Firewall Builder Release Notes Version 0.9.2 This release includes many fixes for bugs reported for v0.9.1 and some new features as well What's new in this release: - most noticeable is adding of the "bulk import" or objects discovery feature which works with the help of the new Druid. See in menu "Tools", it is called "Scan Network". This is because we plan on adding even more advanced feature of network discovery and consider objects discovery a part of that. There are two working mechanisms for objects discovery at this time: reading file in hosts(5) format and import or DNS zone information. Objects can be created as hosts, networks or firewalls depending on user's choice. DNS queries are being run in the background and can be stopped by clicking "Stop" button. This helps to deal with blocked or very slow name servers. - code for background operations was significantly rewritten. This provides for better and more reliable support for SNMP and DNS queries in the background. - we now use UCD SNMP library for SNMP support. This library comes with standard RedHat distribution in the following rpms: ucd-snmp-4.2-12.i386.rpm ucd-snmp-utils-4.2-12.i386.rpm ucd-snmp-devel-4.2-12.i386.rpm These packages must be installed on your system if you want to compile Firewall Builder from sources, or SNMP support will not be included. RPM's of Firewall Builder we ship include support of SNMP and therefore require ucd-snmp rpm. - Menu item for objects sorting has been added. - Menu item for policy install has been added. This feature uses optional install script which does not come with Firewall Builder. One example of install script can be found in our "Contrib" area on the project's site on sourceforge. If install script is to be used, its full path and optional command line parameters should be configured in Firewall object's properties dialog. Normally menu item "Install" is disabled, but if install script is configured in firewall properties, this item will be enabled. Bugs fixed in iptables compiler: - bug 429427 fixed (garbage after the end of rule action) - bug 426874 fixed (implemented NAT on firewalls with dynamic address on external interface) - bug 424440 fixed (added correct clean-up code on top of iptables script to remove all "old" rules in all chains) - bugs 422345 and 424435 fixed (implemented support for negations in NAT, in particular negated original dest.) - fixed bug 431705 - log options an logging limits processing in iptables compiler Bugs fixed in GUI: - bug 425023 (crash when firewall object icon double clicked in group view) - few other bugs discovered in testing