[Compiler-sig] Importer can properly interpret both formats.

Tue Jul 3 11:55:21 CEST 2007

ERMX Jumps 12.5% and Volume Goes Through The Roof!

EntreMetrix Inc. (ERMX)
$0.18 UP 12.5%

Big news last week pushed investors to the table. Wallst.net release of
an audio interview got them excited. This is only the first day after
the release. Act fast and get on ERMX Tuesday morning!

the following keywords available in extended access lists are not
supported at this time:  tos, precedence, time-range.
Checking "Test mode" checkbox in the installer options dialog should
enable widgets that configure automatic reboot timeout. Import is done
this way in order to preserve logic of chains INPUT, OUTPUT and FORWARD
in the recreated fwbuilder rules. Summary page shown in the end reflects
this as failed install.

Currently policy importer can parse iptables configuration from a file
created by iptables-save utility and Cisco router configuration saved
using "show run" or similar command.

Support for IP option "lsrr" has been added in compiler for ipfilter.
the following keywords available in extended access lists are not
supported at this time:  tos, precedence, time-range.
Numerous bug filxes also come with this version.

deb packages are included for the first time. Finally beta testing is
over and the  release is out. Policy installer for Cisco routers fixed
long-standing problem with size of the built-in installer options
dialog. Numerous bug filxes also come with this version.

Now you can make installer schedule reboot in a few minutes, then upload
new policy or ACLs and then cancel reboot if upload was successful.
Importer can properly interpret both formats. Improvements and bug fixes
in policy compiler for ipfw new TCPService object flag "established" in
compiler for ipfw. Firewall object is placed in "Source" for rules with
chain OUTPUT. The goal is to always use chain PREROUTING for rules with
direction Inbound or Both and a combination of OUTPUT and POSTROUTING
for rules with direction Outbound and Both. fw for both when it copies
them to the firewall. option "Assume firewall is part of 'any'" is off
in the created firewall object. Policy comilers for platforms that have
special keyword for this flag can recognize this flag in TCPService
object. Interfaces without "ip address" in the configuration are marked
as "unnumbered" in the firewall builder object tree. Policy installer
for Cisco routers fixed long-standing problem with size of the built-in
installer options dialog. This is an empty action that does not affect
packet flow through the firewall but can be used in combination with
"logging" option to log the packet.

Rule option 'stateless' is automatically set when user changes rule
action so it becomes anything except 'Accept', 'Tag' or 'Route'. Because
of the huge variety of iptables modules, Importer can only interpret
basic iptables configuration and a subset of modules. Although importer
can only interpret a subset of IOS configuration commands, other
commands that it does not understand will be ignored and should not
affect operation.

New option has been added to the interface object, called "unprotected".

Unrecognized targets and converted to branching rules, where the name of
the target becomes the name of the branch.

Compiler can also add commands to configure logging.

Import is done this way in order to preserve logic of chains INPUT,
OUTPUT and FORWARD in the recreated fwbuilder rules.

Interfaces without "ip address" in the configuration are marked as
"unnumbered" in the firewall builder object tree.
Currently only Cisco IOS access lists can be imported but I plan to add
import for other platforms as well. A bug that prevented user from
creating a rule set branch inside another branch has been fixed. All
three installation methods that were available for PIX are now available
for routers: you can make it clear all access lists and then load new
ones or just update access lists without clearing. deb packages are
included for the first time.

Improvements and bug fixes in the GUI dialogs and resource files for
Cisco IOS access lists. Address and service objects are reused in the
process of import. This allows you to mark some interfaces to be skipped
by the compiler when it picks interfaces for ACL rules.