--- Begin Message ---
|
Subject: |
recline |
|
Date: |
Wed, 27 Jun 2007 08:17:30 -0400 |
|
User-agent: |
Thunderbird 1.5.0.12 (Windows/20070509) |
Market Makers Short SREA, Watchers Pick It To Explode!
Score One Inc. (SREA)
$0.31
SREA hit price spikes of 600% last week and is still hold at a 300%
increase as Market Makers are pushing it down to grab control.
Stockprofiler.us, Businessnewsnow.us, & OTCPicks.com all pick it to take
off. Get in on the Market Makers play and grab SREA first thing
Wednesday!
Shortcomings of this version: importer does not use address and service
objects that existed in the tree before the operation has started, it
creates new ones.
This makes compiler use option "established" in rules it generates if it
is supported by the firewall platform. Since the result of this function
depends on the OS, some port names may not convert on some systems.
Compiler for PF creates a table and also lists all IP addresses it reads
from the file; it uses the name of the AddressTable object for the name
of the table it creates.
Compiler failed to convert DNSName objects set to resolve at compile
time into IP addresses.
Numerous bug filxes also come with this version. Unrecognized targets
and converted to branching rules, where the name of the target becomes
the name of the branch. Currently the following modules are supported:
state multiport limit mark Importer creates firewall object with all
interfaces. In combination with automatic roll-back, installation
process is pretty reliable. My thanks to Jeffrey for the help. For each
compile-time AddressTable object defined in the object tree compiler
tries to find and read the file specified in the object configuration.
Address and service objects are created in the process for all addresses
and ports used in all rules. Built-in installer now properly detects
errors that arise during activation of the iptables script.
For PF it is translated into queue; compiler for ipfw can use pipe,
queue or divert depending on how the action is configured by the
administrator in the GUI. Interface of the firewall has new flag
"unprotected", currently only used in compiler for Cisco IOS access
lists. Although importer can only interpret a subset of IOS
configuration commands, other commands that it does not understand will
be ignored and should not affect operation. This is useful if the name
of the obejct is not unique. It however preserved connlimit option in
all subrules, even though some of them did not have TCP service after
the split. This operation works with two external files, neither of
which needs to be opened in the program. For example, new action that
created branch in rule set is called Chain for iptables firewalls and
Anchor for PF fierwalls.
Ability to search for objects using regular expressions matching their
names or attributes has been added. Numerous bug filxes also come with
this version. In the process of this operation user is presented with
series of dialogs showing conflicting objects side by side. Interface of
the firewall has new flag "unprotected", currently only used in compiler
for Cisco IOS access lists.
The GUI includes built-in installer for routers which works just like
installer for PIX. The user can create policy branches within other
branches.
Import is done this way in order to preserve logic of chains INPUT,
OUTPUT and FORWARD in the recreated fwbuilder rules.
For example, Windows can convert more limited set of service names
compared to Linux or BSD. Packets that originate on the firewall should
be marked in the OUTPUT chain. This turns Firewall Builder into
universal access policy management tool for a data center, office or an
ISP.
Test mode means that installer does not save configuration in the
permanent memory, as before. Policy comilers for platforms that have
special keyword for this flag can recognize this flag in TCPService
object. html , rerouting happens after OUTPUT hook but before
POSTROUTING hook. igmp access lists are not parsed.
Although importer can only interpret a subset of IOS configuration
commands, other commands that it does not understand will be ignored and
should not affect operation.
Compile-time AddressTable object that uses file with no addresses should
be treated as an empty group according to the "Ignore empty groups"
option.
My thanks to Jeffrey for the help. Policy installer for Cisco routers
fixed long-standing problem with size of the built-in installer options
dialog.
Compilers for iptables, ipfilter, pf and PIX can not use objects with
this option and treat it as an error because corresponding platforms do
not support it.
I've uploaded these packages to our SourceForge download page.
--- End Message ---
--- Begin Message ---
|
Subject: |
confirm 0e65571ee05a16da6939f1c3535b883a3b981559 |
If you reply to this message, keeping the Subject: header intact,
Mailman will discard the held message. Do this if the message is
spam. If you reply to this message and include an Approved: header
with the list password in it, the message will be approved for posting
to the list. The Approved: header can also appear in the first line
of the body of the reply.
--- End Message ---