2005-09-17    <vadim@vk.crocodile.org>

	* 2.0.9 release
	
2005-09-12    <vadim@vk.crocodile.org>

	* fwsm.xml.in: Added support for Cisco FWSM (platform and host OS)

	* pixAdvancedDialog.cpp (pixAdvancedDialog): Added support for
	manual ACL commit in FWSM

2005-09-11    <vadim@vk.crocodile.org>

	* SSHPIX.cpp (SSHPIX): enable_prompt should include string "Access
	Rules Download Complete" which is _sometimes_ printed by FWSM when
	in auto-commit mode.

2005-09-07    <vadim@vk.crocodile.org>

	* SSHSession.cpp (cmpPrompt): overloaded method
	SSHSession::cmpPrompt to be able to specify prompt as a regular
	expression. This variant is very convenient for PIX prompts.

2005-09-05    <vadim@vk.crocodile.org>

	* fixed bug #1254775: "RCS checkin fails on Windows when data file
	is too big". RCS tools failed to check the file in if it consisted
	of one huge line of text. This fix makes th GUI save data file
	(.fwb) in formatted form on Windows, just like on Linux. This
	means each XML element is saved on separate line instead of all of
	them being on the same line.
	
2005-09-04    <vadim@vk.crocodile.org>

	* NATCompiler_pf.cpp (processNext): fixed bug #1276083:
	"Destination NAT rules". Old restriction on "rdr" rules that
	required service in OSrv is not valid anymore, pf supports rdr
	rules with no protocol specification.

2005-09-04  Vadim Kurland  <vadim@vk.crocodile.org>

	* FWWindow.cpp (fileCommit): properly handling situation when user
	hits Cancel in check-in log dialog (should abort File/Commit
	operation entirely)

	* main.cpp (main): added a workaround to make the GUI work in
	Spanish locale (QT 3.3.4 ships with broken qt_es.qm file at least
	on Fedora-C4 and Mac OS X)

2005-08-31    <vadim@vk.crocodile.org>

	* SSHUnx.cpp (stateMachine): fixed bug #1277129: "script is
	truncated when installed by the GUI running on Mac". Large script
	was getting truncated while copied to the firewall if GUI was
	running on Mac OS X.

2005-07-31    <vadim@vk.crocodile.org>

	* LINGUAS: Added Spanish translation, thanks to Carlos Lozano
	<clozano@andago.com>

2005-07-30    <vadim@vk.crocodile.org>

	* FWWindow.cpp (fileCommit): Illya implemented Feature Request
	#1187461 "Add "commit" menu item". This menu item commits opened
	data file to RCS but keeps it opened so the user can continue
	editing. (backported from v2.1)

2005-07-29    <vadim@vk.crocodile.org>

	* FWWindowPrint.cpp (addObjectsToTable): Illiya implemented
	Feature Request #1225393 "FeatureRequest Print comments on
	objects"  (backported from v2.1)

2005-07-23    <vadim@vk.crocodile.org>

	* RuleSetView.cpp (dragMoveEvent): Illiya fixed bug #1226069:
	"Segfault: Drag&Drop between two instances"  (backported from v2.1)

2005-07-21    <vadim@vk.crocodile.org>

	* platforms.cpp (getLogFacilities): Illiya moved definitions of
	log levels, log facilities and actions on reject to module
	platforms.cpp. Methods getLogLevel, getLogFacilities and
	getActionsOnReject return string lists suitable for using with
	DialogData to provide mapping between localized and english
	strings so that the user sees translated ones but enlish ones are
	written into FWOptions object and used by compilers. This fixes
	bugs #1240205: "Iilegal --log-level Information" and #1233165:
	"Illegal Logging-Limit string.".  (backported from v2.1)

2005-07-08    <vadim@vk.crocodile.org>

	v2.0.8 released
	
2005-07-05    <vadim@vk.crocodile.org>

	* SSHSession.cpp (allDataSent): calling allDataSent from heartBeat
	slot method because on windows signal 'wroteToStdin' is emitted
	before I had a chance to connect it to a slot in
	SSHUnx::stateMachine in state PUSHING_CONFIG after entire file has
	been transmitted. I used to send an extra '\n' to force signal
	'wroteToStdin', but that made the file to be sligltly different on
	the receiving end and I do not like that.

	* RuleSetView.cpp (dragMoveEvent): not really a change: bug
	1226069 "Segfault: Drag&Drop between two instances" requires
	redesign of the drag&drop mechanism so that live pointer to
	FWObject is not passed between sender and receiver.
	
2005-07-04    <vadim@vk.crocodile.org>

	* SSHSession.cpp (startSession): fixed bug #1232478: "FWB shuts
	down on incorrect password". Bug was intorduced in build 624 while
	working on installer stalls and undescriptive ssh termination
	error when OpenSSH 4.0 was used.

2005-07-02  Vadim Kurland  <vadim@vk.crocodile.org>

	* main.cpp (main): ignore SIGHUP in the child process in ssh
	wrapper. Closing stdin at the end of the file copy sends SIGHUP to
	the child. By some reason, this caused ssh to terminate with error
	message "killed by signal 1" and return code 255 on Fedora C4
	which uses OpenSSH v4.0p1

2005-07-02    <vadim@vk.crocodile.org>

	* main.cpp (tty_raw): switched from TCSAFLUSH to TCSANOW in call
	to tcsetattr when we switch tty to raw mode in ssh wrapper
	code. This should fix mysterious stalls in the installer that were
	introduced when I worked on the wrapper code to fix bug #1213361
	(problems with file copies on FreeBSD 5.4)

	* instDialog.cpp (initiateCopy): added missing "-v" option to ssh
	call used to copy policy script to the firewall if "verbose"
	checkbox is checked. This should help troubleshoot problems with
	installer when ssh fails and terminates with an error.

2005-06-25    <vadim@vk.crocodile.org>

	* configure.in: need to call macro AC_PROG_MAKE_SET before
	using $ac_make to check for GNU make

	* configure.in: added check for cfmakeraw (which is absent on Solaris)

	* configure.in: make script continue if forkpty is not found,
	the program will use emulation.
	
2005-06-13    <vadim@vk.crocodile.org>

	* FWObjectPropertiesFactory.cpp (getObjectPropertiesDetailed):
	sorting list of objects for tooltips. Sorting is done by object
	name, alphabetically. TODO: use locale-aware sort and ignore
	case of the letters.

2005-06-12    <vadim@vk.crocodile.org>

	* main.cpp (main): need to switch the pipe and stdin in the child
	process to raw mode in order to ensure proper communication when
	fwbuilder works in ssh wrapper mode. This (really) fixes bug
	#1213361

	* configure.in: Added path to QT where it is installed on 64-bit
	systems to the list configure tries while searching for QT

2005-06-11    <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cpp (processNext): fixed bug #1215279: "rate
	limiting rule logs everything".  Rule utlilizing "limit" module to
	rate limit packets with logging logged every packet and dropped
	those that exceeded the limit. The fix makes it apply the limit
	first and then log only packets that were dropped.

	* main.cpp (forkpty): fixed bug #1072842: "fwbuilder: Solaris and
	forkpty". We need forkpty fr built-in installer but this function
	is not awailable on Solaris. I am adding re-implementation, but it
	hasn't been tested since I do not have Solaris machine.

	* FWObjectPropertiesFactory.cpp (getObjectPropertiesDetailed):
	fixed bug #1212179: "tool tips for TCP services cuts off some
	services". The gui would show very long tooltip for large groups;
	if the group was too large, the tooltip did not fit on the screen.

	* main.cpp (main): fixed bug #1213361: "PF on FreeBSD-5.4R". Bug
	description is misleading, the probem was caused by built-in
	installer rather than by compiler for PF. Installer would not copy
	generated script over ssh if the script was longer than some
	threshold and the gui was running on FreeBSD.

2005-06-05    <vadim@vk.crocodile.org>

	* linux24.xml.in: fixed bug #1212121: "sudo shutdown doesn't
	work". Installer needs to schedule reboot when the user activates
	policy in a test mode. There was a bug in the installer script
	that improperly used sudo to run shutdown when installation was
	performed using regular user account.

	* linux24.xml.in: fixed bug #1212123: "executing file below /tmp
	as root". Avoiding world-writable directory /tmp/ while activating
	policy in the test mode.  This change makes installer use
	subdirectory "tmp" under directory specified in the "intaller" tab
	of firewall settings dialog. That directory is expected to have
	proper permissions; subdirectory "tmp" can be created manually,
	otherwise installer creates it. Either way, it is not
	world-writable, therefore unauthorized users can not create
	scripts in it.

	* freebsd.xml.in: Using pkill to find running shutdown process and
	kill it to cancel pending reboot. Pkill simplifies the scriptlet
	so we don't need to deal with output redirection etc. Pkill is
	available on FreeBSD, Linux, OpenBSD and Solaris.

	* linux24.xml.in: another fix for a bug #1201406: "shutdown
	messages should be suppressed". Scriptlet has been modified to
	make sure it works in both sh and csh (user who installs the
	policy may have tcsh as their login shell, root may use tcsh too)

2005-05-30    <vadim@vk.crocodile.org>

	* src/res/os/*.xml.in: fixed bug #1201406: "shutdown messages
	should be suppressed". Installation scriptlet tries to kill
	shutdown process, if there is one, to cancel pending shutdown that
	might have been left over from test install. If there is none, the
	script prints an error message "shutdown process not found" or
	similar, which confuses user. Needed to suppress these error
	messages.

	* fixed bug #1155351: "Remote install of FW rulset fails due to
	race condition". Generated ipfw firewall script could not be ran
	reliably over ssh session because "ipfw -f" flushes all rules and
	all state, which breaks ssh session. As soon as the script needed
	to print anything, it got I/O error from the system because TCP
	session for ssh was blocked; this stopped the script and did not
	let it activate new firewall policy.
	
	* PolicyCompiler_ipfw_writers.cpp (processNext): improvemet in the
	compiler for ipfw: added "established" rule on top of the regular
	backup ssh access rule; this allows to maintain management ssh
	session after the policy is reloaded. both "ipfw -f" and swapping
	sets flushes all states, so the ssh session used to upload and
	activate new policy breaks. A rule with "established" keyword
	maintains this session.

	* PolicyCompiler_ipfw_writers.cpp (processNext): improvement in
	the compiler for ipfw: using rule sets to atomically swap old and
	new rules. New rules are loaded in the set 1 and then swapped into
	set 0. If there is an error in a new rule set, it is caught while
	loading rules into inactive set 1, at which point script stops
	without changing old firewall rules.

	* PolicyCompiler_pf.cpp (addDefaultPolicyRule): implemented
	support for subnets for backup ssh access for pf,ipf,ipfw. Subnet
	can be defined using either full netmask or bitlength: both
	"192.168.1.0/255.255.255.0" and "192.168.1.0/24" are
	acceptable. Single host address works too, both as "192.168.1.10"
	and as "192.168.1.10/255.255.255.255" or
	"192.168.1.10/32". Incorrect address or netmask cause compiler to
	abort processing.

2005-05-28    <vadim@vk.crocodile.org>

	* GroupDialog: fixed bug #1207983: "incorrect size of "I" and "L"
	buttons in the group view dialog". Tested with large font and
	cleaned up layout in many dialogs.
	
	* HostDialog.cpp (loadFWObject): removed 'snmp community' option
	from the Host object dialog - it was not used anywhere

	* ipt.cpp (main): fixed bug #1205665: "Error with summer time when
	compiling script". Sometimes timezone name has "'" in it which
	confuses shell and causes an error when generated script prints
	"Activating firewall policy..." log message

	* RCS.cpp (RCSEnvFix): fixed bug #1204067: "incorrect timezone
	handling in RCS". Windows version of RCS incorrectly converts
	check-in time when time zone is east of GMT. Had to use "-z"
	option on all RCS commands to explicitly set offset; "-zLT"
	produces wrong results in rlog.

	* fwb_compile_all (LIB): fixed bug #1200902: "fwb_compile_all does
	not work in 2.0". Script fwb_compile_all broke because of changes
	in data file format

	* PolicyCompiler_PrintRule.cpp (_printTimeInterval): fixed bug
	#191423: "Weekend Time restriction not created correctly". Rules
	with time restriction spanning from Saturday to Sunday were
	generated with incorrect "--day" option

	* objects_init.xml.in: fixed bug #210518: 'Incorrect ending day in
	the standard object "weekends"'. This object defined time interval
	ending at 23:59 on Monday instead of Sunday

	* implemented Feature Request #1145666: "Print RCS
	Log". File/Properties dialog can now print RCS log. Thanks to
	"Ilya V. Yalovoy" <yalovoy@pilot.aip.mk.ua> for the patch.

	
2005-05-23    <vadim@vk.crocodile.org>

	* added updated German translation by Hans Peter Dittler
	<hpdittler@braintec-consult.de>
	
2005-05-20    <vadim@vk.crocodile.org>

	* set version to 2.0.8
	
2005-05-08    <vadim@vk.crocodile.org>

	* v2.0.7 released
	
2005-05-04    <vadim@vk.crocodile.org>

	* OSConfigurator_linux24.cpp (printPathForAllTools): fixed bug
	#1195201: "getaddr function return error ip address". Yet another
	change in the way we use grep to find IP addresses of an interface
	on Linux. We can't use regex (bug #1123748) and need to filter out
	secondary addresses from the "ip addr show" output. It looks like
	"grep -v :" neatly solves the problem without using regex.

2005-05-02    <vadim@vk.crocodile.org>

	* snmp.cpp: API change: Compiled all OIDs. The program may run on
	a system where MIBs are not installed, so we can not always use
	symbolic OID names Also using snmp_out_toggle_options to turn
	numeric output in all responses (equivalent to -On in snmp tools)

2005-05-01    <vadim@vk.crocodile.org>

	* snmp.cpp (walk): API changes: verbose error message, printing
	response->errstat code as well as corresponding error string; this
	should help debug snmp -related problems better

	* snmp.cpp (walk): API changes: using snmp_error to print last
	snmp error string
	
2005-04-27    <vadim@vk.crocodile.org>

	* implemented support for SNMP operations in Windows packages

	* qmake.inc files overhaul
	
2005-04-26    <vadim@vk.crocodile.org>

	* newFirewallDialog.cpp (getInterfacesViaSNMP): switched to using
	QT class DNS to get host/firewall name in new HostDialog and
	newFirewallDialog classes. This seems to work better on Windows.
	Also added more locks to prevent reentering getInterfacesViaSNMP
	if user clicks the button multiple times in quick succession
	
2005-04-23    <vadim@vk.crocodile.org>

	* newFirewallDialog.cpp (accept): fixed bug #1187248: using "find"
	for an address "192.168.10*" several times after a firewall
	objects has been created using templates caused GUI to crash

2005-04-17    <vadim@vk.crocodile.org>

	* findDialog.cpp (matchAttr): implemented feature request
	#1151206: "Search for IP Addresses". "Find" dialog searches for
	objects by a combination of name and one of the following
	attributes: address, tcp/udp port, ip protocol number or icmp
	message type. Regular expressions can be used for both name and
	attribute.

	* ObjectTreeView.cpp (getSimplifiedSelection): fixed bug #1151212:
	"Collapsed sub-objects shouldn't be added if they are
	hidden". When user selects multiple objects in the tree some of
	which have child objects, those child objects used to be also
	selected and added to groups in addition to their parent
	objects via drag-and-drop operation.

	* GroupObjectDialog.cpp (pasteObj): fixed bug #1184791: "can not
	copy/paste multiple objects into a group"

	* FWWindow.cpp (doCompile): implemented feature req. #1151220:
	"Close" button should change is caption/title to "Install". When
	user clicks "Install" toolbar button or main menu item, the
	"Close" button in the pop-up window that displays compiler
	progress changes its text caption to "Install"

2005-04-13    <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cpp (addPredefinedPolicyRules): fixed bug
	#1181359: "Missing traling space in "INVALID state" syslog
	message"

2005-04-10    <vadim@vk.crocodile.org>

	* instDialog.cpp (continueRun): Improvement in built-in installer:
	user can specify additional command line parameters for ssh that
	built-in installer runs to access firewall. This allows for
	alternative ssh port or alternative ssh identity to be used when
	accessing firewall. Parameters can be added in the "Installer" tab
	of firewall settings dialog for all platforms.

2005-04-09    <vadim@vk.crocodile.org>

	* ipt.cpp (main): fixed bug #1179103: 'compiled rules can not be
	install'. Generated iptables script could not be used on systems
	with non-English locale where timezone name used local characters
	because these characters were printed as hex ( "&#21488;" ) and
	'&' caused problems with shell. Now using single quotes to make
	shell ignore any characters in the string. Will deal with proper
	printing of localazed timezone later.


2005-04-07    <vadim@vk.crocodile.org>

	* OSConfigurator_freebsd.cpp (printPathForAllTools): function
	getaddr() falls back to 0.0.0.0/32 if dynamic interface has not
	been assigned an address yet or is down. Ipfilter policy using
	run-time substitution of dynamic interface addresses will be
	functional even if these interfaces are down or do not have IP
	address.

2005-04-05    <vadim@vk.crocodile.org>

	* PolicyCompiler_PrintRule.cpp (_flushAndSetDefaultPolicy): fixed
	bug #1176890: "block IPv6". Generated iptables script sets default
	policies to DROP in all ipv6 filter chains. More detailed control
	can be implemented using prolog or epilog scripts.

2005-04-03    <vadim@vk.crocodile.org>

	* PolicyCompiler_pf.cpp (separateSrcPort): fixed bug #1176051:
	"incorrect rule generated for TCP service ftp-data". If a rule
	used several TCP or UDP service objects and one of them has source
	port range configured, generated PF filter rule incorrectly
	matched on a combiantion of that source port range _and_
	destination port ranges from all other service objects. This bug
	affected compilers for OpenBSD PF and ipfilter

2005-03-31    <vadim@vk.crocodile.org>

	* FWWindowPrint.cpp (filePrint): fixed bug #1155163: "print does
	not print group contents". The program printed only number of
	objects contaned in object or service groups. Now it prints lists
	of member objects for all groups used in rules. If groups contain
	other groups, they are printed recursively.

2005-03-30    <vadim@vk.crocodile.org>

	* objects_init.xml.in: fixed bug #1172620: "Add tcp service object
	for icslap". Added this object to the  objects library "Standard".

	* FWWindow.cpp (info): fixed bug #1151243: "Maintain format of
	description text". The GUI ignored text formatting in object
	comment when displayed it in the info panel (lower left corner of
	the main windows)

	* FWOptions.cpp (toXML): API change: fixed bug #1173801: '"&"
	character in prolog/epilog'. Needed to call xmlEncodeSpecialChars
	to encode special characters in firewall options

2005-03-29    <vadim@vk.crocodile.org>

	* ipf.cpp (printActivationCommandWithSubstitution): fixed bug
	#1173064: "support for dynamic interfaces in ipfilter". Actual
	address of dynamic interface is now determined at run-time in the
	policy activation script <firewall_name>.fw generated by
	fwbuilder. If dynamic interface is used somewhere in the policy or
	nat rules, it will be replaced with its actual address by
	activation script before configuration is sent to ipf or ipnat for
	activation. This run-time substitution is done only if a checkbox
	is checked in the "Script options" tab of firewall settings
	dialog. Default behavior is to use "any". This is because ipfilter
	configuration files <firewall>-ipf.conf and <firewall>-nat.conf
	that rely on run-time substitution of dynamic interface address
	can not be loaded using standard activation scripts that come with
	FreeBSD.

	This also fixes another problem in fwb_ipf where it generated rdr
	and nat commands with address 0.0.0.0/32 if dynamic interface was
	used in a NAT rule.

2005-03-28  vadim  <vadim@tourist2.local>

	* PolicyCompiler_PrintRule.cpp (_printMultiport): fixed bug
	#1160186: 'IPTables Compiler - Multiport Issue'. When 16 or 31
	ports were used in a single rule, compiler generated command with
	conflicting options "-m multiport --dport"

	* NATCompiler_ipf.cpp (processNext): fixed bug #1173067: "support
	for port ranges in NAT rules (ipfilter)" - policy compiler for
	ipfilter should split DNAT rules (rdr) that use TCP or UDP objects
	with port ranges. A warning is issued if more than 20 rules are
	created.

2005-03-20    <vadim@vk.crocodile.org>

	* utils.cpp (getFileDir): fixed bug #1157976: "patches to make
	fwbuilder compile under NetBSD 1.6". Applied patches.

	* newHostDialog.cpp (newHostDialog): fixed bug #1151219: "New Host
	creation window is not well dimensioned". Fixed wrong dialog page
	layout in the new host wizard.

	* OSConfigurator_linux24.cpp (printPathForAllTools): fixed bug
	#1123748: "busybox grep -E". Busybox in floppyfw is compiled
	without support for egrep (or grep -E). Switched to using "plain"
	grep.

	* InterfaceDialog.cpp (loadFWObject): fixed bug #1151052: "Not
	external interfaces marked as external". Dialog for an interface
	object that belongs to a host should not show checkbox "external
	(insecure) interface"

	* Tools.cpp: API change: fixed bug #1158870: "mutexes are not
	properly created on FreeBSD". Mutexes gethostbyname_mutex and
	gethostbyaddr_mutex were never created but used on OS where
	thread-safe resolver is not available.
	
2005-02-17    <vadim@vk.crocodile.org>

	* v2.0.6 released
	
2005-02-17    <vadim@vk.crocodile.org>

	* ipt.cpp (main): fixed bug #1123933 "iptables add_addr() expr
	binary not found". As it turns out, /usr/bin/ is not in PATH
	during boot time on Slackware. I added /usr/bin/ to PATH variable
	in generated iptables script.

2005-02-16    <vadim@vk.crocodile.org>

	* OSConfigurator_linux24.cpp (printPathForAllTools): fixed bug
	#1123748 "busybox grep -E". Busybox does not support option "-E"
	with grep, however it has "egrep".

2005-02-12    <vadim@vk.crocodile.org>

	* instDialog.cpp (instDialog): proper localization in the
	installer where it displays progress of the installation operation

2005-02-11    <vadim@vk.crocodile.org>

	* main.cpp (main): Troubleshooting weird case of data file
	corruption during install

	* RCS.cpp (RCS): fixed bug #1120904: "GUI hangs when accessing RCS
	file". Improved parsing of rlog output.

2005-02-09    <vadim@vk.crocodile.org>

	* utils.cpp (getUserName): working on bug #1118717: "fwbuilder 206
	on Windows XP SP2: error checking out". Env variable USERNAME was
	not set in user's profile, which triggered this bug.  Now using
	getuid to get user name on Unix and GetUserName on Windows. This
	should make the program more resilient for situations when
	environment variable LOGNAME or USERNAME is not set

2005-02-08    <vadim@vk.crocodile.org>

	* ipt.cpp (main): Using getuid to read real user's ID on Unix

2005-02-07    <vadim@vk.crocodile.org>

	* instDialog.cpp (continueRun): Fix for support request #1118039:
	"Error when Windows client calls plink -ssh". The problem is that
	putty ignores protocol and port specified in the session file if
	command line option -ssh is given. On the other hand, the sign of
	session usage is an empty user name, so we can check for that. If
	user name is empty, then putty will use current Windows account
	name to log in to the firewall and this is unlikely to work
	anyway. This seems to be a decent workaround.

	* printerStream.cpp (printQTable): further bugfixes in printing,
	in particular fixed a problem with partially greyed-out horizontal
	and vertical headers when ruleset was small enough to fit on the
	first page.

2005-02-05    <vadim@vk.crocodile.org>

	* RuleSetView.cpp (selectionChanged): fixed bug #1030538:
	"incorrect highlighting when selecting multiple rules". This bug
	seems to be specific to Mac OS X

	* printerStream.cpp (printQTable): improvements in printing:

	 - if a rule set does not fit on a single page, the program
	 repeats table header on each page ("Source","Destination","Service" etc)

	 - the program does not draw the whole rule set in memory
	 anymore. Instead, it "scrolls" the table and only draws section
	 that fits on a single page. This means we can now print really
	 huge policies that can not be drawn as a whole because they
	 exceed maximum coordinate value. Tested with a rule set that
	 consists of 1200 rules which has size of 677x34884 pixels on my
	 machine.

2005-02-03    <vadim@vk.crocodile.org>

	* instDialog.cpp (selected): working on bug #1115412: "Problem
	installer FWbuilder 2.0.5 for Windows". Switched to command line
	option "-l" to specify user name for external ssh in
	installer. This was necessary because Van Dyke SecureCRT on
	Windows does not support user@host syntax.

	* instDialog.cpp: Installer verbose and quiet modes work as follows:

	  - if quiet is off, verbose is off: prints everything that
	  firewall script prints on stdout and stderr; does not add "-v"
	  to calls to external ssh utilities

	  - if quiet is off, verbose is on: adds "-v" to ssh command line

	  - if quiet is on - supresses script output but still prints short
	  messages to indicate when it copies files to the firewall and when
	  it executes them
	
2005-02-01    <vadim@vk.crocodile.org>

	* ObjectManipulator.cpp (delObj): slightly changed logic with user
	warnings in the object removal code. The program asks the user for
	confirmation if they remove an ordinary object from a regular
	library. Confirmation is not asked if object is removed from
	"Deleted objects" library or when a library is being deleted (in
	this case we ask a different quastion later anyway). This helps
	avoid double warning when a library is deleted.

2005-01-31    <vadim@vk.crocodile.org>

	* POmakefile.in (POTFILES): Added module FWWindowPrint.cpp to the
	list of files processed for localization

	* FWWindowPrint.cpp (filePrint): Added small margin inside table
	cells in Legend and Object tables in the printout.

2005-01-30    <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cpp (processNext): fixed bug #1112470:
	"Problem with FW part of ANY in Bridged mode".  If fw is
	considered part of any, we should place rule in INPUT/OUTPUT
	chains even if it is a bridging fw since fw itself may send or
	receive packets.

	* PolicyCompiler_ipt.cpp (accounting): implemented feature
	req. #1112980: "Need unique names for accounting rules". User can
	now specify a unique name for rules with action 'Accounting'; this
	name will be converted to a chain name. This simplifies accounting
	since chain name for such rule won't change if the user adds or
	removes rules above or below.

	* PolicyCompiler_ipt.cpp (accounting): fixed bug #1112976:
	"Accounting rule with logging produces looped iptables command"

	* FWWindowPrint.cpp (beginPage): implemented Feature
	Req. #1112778: "include date and time on printouts". Added date
	and time to the header on each printed page.

	* RuleSetView.cpp (paintCell): fixed bug #1112776: "some items
	touching seperator lines on printouts". Rule elements "Action",
	"Direction", "Options" and "Comment" were placed right at the top
	of the table cell which led to their clipping when rule set was
	printed on Mac OS X. Need more testing.

	* FWWindowPrint.cpp (filePrint): fixed bug #1112764: "some Objects
	are partially obscured in printout". Parts of the "Objects" table
	were clipped.  Need to test some more.
	
2005-01-29    <vadim@vk.crocodile.org>

	* FWBSettings.cpp (init): fixed bug #1112264: "Load last edited
	file" setting doesn't work. This was broken only on Mac OS X.

	* FWObjectDatabase.cpp (merge): API change: fixed bug #1105167:
	"Crash when importing a library that has been deleted".

2005-01-27    <vadim@vk.crocodile.org>

	* NATCompiler_pf_writers.cpp (_printPort): not quite fixed bug
	#1105755 "Custom Service objects not working for PF
	compiler". User tried to generate a nat rule like this using
	CustomService object:

	nat on eth1 proto {tcp udp icmp gre} from 192.168.1.0/24 to any -> 22.22.22.22 

	Taken from the bug report:

	it turned out, I can not fix this. You are trying to use Custom
	Service object to insert protocol list into a "nat"
	rule. Normally, a service object such as TCP or UDP service
	generates two components for any rule where it is used: a protocol
	specification and port specification
	(type/ code spec for ICMP). PF is sensitive to the order of
	parameters in the rule, in particular, protocol must be defined
	after interface but before src/dst addresses in the rule, while
	port numbers go after addresses.  Compiler easily retrieves this
	information from IP, TCP, UDP and ICMP services and places it in a
	proper slots in the rule it generates.  CustomService does not
	have a notion of protocol and parameters for it, so compiler puts
	a string that is configured in the CustomService in the place
	reserved for port numbers. This means you can not use
	CustomService to specify protocols.

	There still was a bug in fwb_pf where it would print
	"custom_service" in place of protocol. This is fixed in 2.0.6
	build 542. Protocols can not be inserted with Custom Service
	though.

	Feature request #1111267 "CustomService should specify protocol
	and parameters for it" has been opened
	

	* PolicyCompiler_ipt.cpp (processNext): fixed bug #1102629: "lost
	chain in accounting rules". Rules with multiple objects in one of
	the rule elements and action 'Accounting' generated code that
	ignored objects in that rule element

	* ObjectManipulator.cpp (newPhysicalAddress): fixed bug #1111244
	"GUI allows to add more than one MAC address to an
	interface". There can only be one MAC address for each interface.

	* FWWindowPrint.cpp (printQTable): While printing rule sets, the
	program makes sure rule set tables are broken on the rule
	boundaries while switching to a new page.

	* Added "Page setup" dialog to set parameters such as printing
	header, printing of a legend and object lists etc.

	* fixed bug #1109174: "Cannot print rule base" - implemented
	printing
	
2005-01-25    <vadim@vk.crocodile.org>

	* instDialog.cpp (selected): fixed bug #1109631: "can not copy
	firewall script to /etc on Linksys". Added an option ot all OS
	resource files that determines whether user is allowed to change
	installation directory on the firewall. Currently it is allowed on
	all supported OS except Linksys/Sveasoft because there /etc/
	resides on read-only filesystem

2005-01-24    <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cpp (processNext): fixed bug #1101910: "Samba
	problem with Bridged Firewall". Need to split rule to take care of
	broadcasts forwarded by the bridge and broadcasts that are
	accepted by the firewall itself. Need to do this only if the rule
	is not associated with any bridging interface.

	* PolicyCompiler_PrintRule.cpp (_printOptionalGlobalRules): fixed
	bug #1106701: 'backup ssh access' and statefulness
	interation. Need to add rules matching states ESTABLISHED and
	RELATED for the backup ssh access to make sure it works even if
	global rule matching these states is disabled.

	* configure.in: fixed bug #1107838: "bug in configure script in
	fwbuilder 2.0.6". Need to specify path "./" when calling
	runqmake.sh

	* FWWindowPrint.cpp (filePrint): printing legend and a list of
	objects at the bottom of a printed document.

	* Compiler_ops.cpp (operator==): API change: fixed bug #1108861:
	"two rules using MAC address matching shadow each other". Need to
	check for MAC addresses while processing rules for shadowing.


2005-01-21    <vadim@vk.crocodile.org>

	* FWWindowPrint.cpp (filePrint): Implemented printing of firewall
	rule sets. Using standard QT class QPrinter; can print to a system
	printers or to a file (PostScript), both in black and white or a
	color where available. Prints policies of the currently opened
	firewall. The program can calculate total number of pages and
	offer the user a choice in the Print dialog only if QT v3.2 and
	later is used. Each printed page has a header with the file name,
	RCS revision and a page number. Currently, the header can not be
	turned off (will implement in the future).

2005-01-07    <vadim@vk.crocodile.org>

	* v2.0.5 released
	
2005-01-06    <vadim@vk.crocodile.org>

	* RCS.cpp (isDiff): writing RCS log in UTF-8, this simplified
	localization

2005-01-02    <vadim@vk.crocodile.org>

	* RCS.cpp (RCS): working on localization of RCS log entries. Build
	516 converts log strings into 8bit string into locale-specific
	format on Unix before sending it to ci. Strings returned by rlog
	are converted from locale-specific format. No conversion is done
	on Windows and Mac OS X.

	* objects_init.xml.in: fixed bug (no num) that caused GUI crash
	when user created new firewall object using template with three
	interfaces. 

2004-12-30    <vadim@vk.crocodile.org>

	* PolicyCompiler_ipfw_writers.cpp (processNext): fixed bug
	#1093620: "path (to ipfw) with spaces fails". Generated script
	failed if path to ipfw contained space. I only worked around this
	problem for ipfw; paths to sysctl and logger must be standard and
	never contain spaces.

	* PolicyCompiler_ipfw.cpp (processNext): fixed bug #1093472: "ipfw
	port range(s) errors". There can only be one port range in a
	single ipfw rule. 
	
	* PolicyCompiler_ipfw_writers.cpp (_printProtocol): fixed bug
	#1093461: "problem with 'established' in ipfw". Ipfw requires
	protocol to be set to 'tcp' if option 'established' is used in a
	rule.

2004-12-29    <vadim@vk.crocodile.org>

	* RCS.cpp (RCS): fixed bug #1092810: "Multiline RCS comments are
	shown as a single line on windows". As it turned out, this bug
	affected all platforms.

	* RCS.cpp (ci): an attempt to fix a bug that does not allow to
	enter RCS comment using non-english locale.

2004-12-28    <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cpp (getInterfaceVarName): fixed bug
	#1059393: "function getaddr failed for eth1.0020". Generated
	script can now work with interfaces that have a dot in their name
	(such as "eth1.0020" - vlan interface)

	* PolicyCompiler_PrintRule.cpp (_printOptionalGlobalRules): fixed
	bug #1092141: "irritating FORWARD rule for established
	connections". Need rule in FORWARD chain only if ip forwarding is
	on or set to "no change"

2004-12-22    <vadim@vk.crocodile.org>

	* Compiler.cpp (createRuleLabel): API change: fixed bug #1068119:
	"additional whitespace for Rule comments in .fw file". Added extra
	space between rule number and interface spec in rule comments.

	* PolicyCompiler_ipfw.cpp (processNext): fixed bug #1089866:
	"multiple services in one rule confuses ipfw compiler". If several
	UDP or TCP objects were used in the same policy rule and these
	service objects had source port ranges defined, the compiler would
	produce incorrect code by combining source port range
	specifications together in the same ipfw command.

	* main.cpp (main): Pull-down menu "On startup" in the "General"
	tab of the preferences dialog now has three items: "Load standard
	objects", "Load last edited file" and "Ask user what to do". The
	last item is default.

	* PolicyCompiler_PrintRule.cpp (_printProtocol): fixed bug
	#1089586: "default --icmp-type value is 0 in iptables <
	1.2.9". The problem concerns policy rules using service object
	"any ICMP". A rule like this is supposed to match any ICMP
	packet. Few versions ago I had to add option "-m icmp" (and "-m
	udp", "-m tcp") because I've discovered that iptables-restore on
	some systems (linksys sveasoft firmware, iptables v1.2.11) refused
	to load rules without it. Now it turns out that iptables v < 1.2.9
	(tested on 1.2.6a and 1.2.7a) implicitly adds equivalent of
	"--icmp-type 0" to rules with "-p icmp -m icmp" and without
	"--icmp-type" option. Since type 0 is actually icmp echo reply, a
	rule like this does not match "any ICMP" as it was supposed to
	do. Iptables 1.2.9 implicitly adds "--icmp-type 255" which matches
	any icmp type. Using "--icmp-type 255" on iptables 1.2.6 and 1.2.7
	does not work (a rule does not match icmp packets with type
	different from 255). The fix generates "-p icmp -m icmp
	--icmp-type any" for iptables 1.2.9 and later, as well as when
	iptables version is not specified in the firewall object settings.
	It generates just "-p icmp" for versions < 1.2.9.
 
2004-12-19    <vadim@vk.crocodile.org>

	* ObjectManipulator.cpp (newInterfaceAddress): GUI change: main
	menu item "Object/New Object/Address" and corresponding toolbar
	button always creates an Address object under Objects/Addresses
	folder in the tree. Address of an interface can be created using
	pop-up menu item "Add IP Address"

2004-12-16    <vadim@vk.crocodile.org>

	* Bunch of cosmetic bugfixes in the GUI
	
	* PrefsDialog.cpp (setButtonColor): implemented feature request:
	colors that are used to color rules can be changed in Preferences
	dialog.

2004-12-13    <vadim@vk.crocodile.org>

	* FWWindow.cpp (fileOpen): when user clicks menu item "File/Open"
	to open a new file, the GUI should save and close currently opened
	file only after the user chooses new file. If user clicks Cancel
	in the File/Open dialog, operation should be cancelled so the user
	can continue working with currently opened file. The same applies
	to operation File/New.

2004-12-12    <vadim@vk.crocodile.org>

	* po.pro: fixed bug (no num): localization was broken on win32 and
	mac os x because translation files were not installed properly.

	* ObjectManipulator.cpp (pasteTo): improved behavior of the main
	menu "Edit" as well as pop-up menu that appears when user right
	mouse clicks on an object in the tree. Menu item "Paste" should
	only be enabled if the clipboard is not empty and objects that are
	stored in it can be pasted into selected object in the tree.

2004-12-10    <vadim@vk.crocodile.org>

	* RCSFilePreview.cpp (selectedRevision): fixed bug (localization):
	RCS log entries made using non-ascii characters used to appear as
	'???' in Open File and File/Properties dialogs.

	* ObjectEditor.cpp (validateAndClose): more bugfixes for the
	behavior of the object editor dialogs. Dialog should ask if user
	wants to save data and then validate it when user clicks on [x] to
	close editor dialog. It used to validate the data first, then ask
	if they want to close dialog.

2004-12-09    <vadim@vk.crocodile.org>

	* FWWindow.cpp (load): when user opens data file in the old format
	(fwbuilder v1.1.x, extension .xml) and after autoupgrade the
	program discovers that the same file with extension .fwb already
	exists, it offers the user a chance to choose different name. If
	user clicks "Cancel" at this point, the program cancel operation
	and reverts upgraded data file back to its original name and
	version.

	* listOfLibraries.cpp (add): fixed bug (internal #34) the program
	should issue a warning when user tries to add a library file
	(.fwl) that contains object library that already exists in the
	opened data file.

	* ObjectEditor.cpp (validate): Streamlined logic in the object
	editor dialog. This improves handling of the situation when user
	closes dialog by clicking on [x] while 1) there are unsaved data
	and/or 2) some of the object's parameters have illegal values. The
	dialog behavior also depends on the setting of the global flag
	"Autosave" that causes dialog to automatically save data when user
	switches between objects.

2004-12-08    <vadim@vk.crocodile.org>

	* listOfLibraries.cpp (add): numerous fixes for localization

2004-12-05    <vadim@vk.crocodile.org>

	* ObjectManipulator.h: numerous bugfixes:

	 - properly synchronizing state of the items main menu with state
	 of corresponding items in the pop-up menu that appears when user
	 right-mouse-clicks on an object in the tree

	 - fixes for non-localized text strings in dialogs (mostly
	 "Continue", "Yes"/"No" etc. in many places)

	- proper localization of the human-readable version number text
	for iptables; also made info window print readable text instead of
	"lt_1.2.6"

	- cosmetic changes in some dialogs layout to make the look better
	when localized text makes strings much longer

	- firewall object dialog tab "Templates" has been hidden. It is
	unlikely that this feature will be implemented in 2.0.X series.
	
2004-12-04    <vadim@vk.crocodile.org>

	* listOfLibraries.cpp (add): fixed bug (no num): the GUI crashed
	when user tried to add a library file for auto-load in
	Preferences/Libraries and the first library object in that file
	had a name using non-ascii characters

	* Bunch of other fixes to avoid '????' in various places for
	localized strings
	
2004-12-04    <vadim@vk.crocodile.org>

	version 2.0.4 released
	
2004-12-02    <vadim@vk.crocodile.org>

	* utils.cpp (fillLibraries): fixed bug (no num): if a library was
	assigned a name with non-ascii characters, it would appear
	distorted in the pull-down list in object dialogs.

	* fixed bug #1077496 ] Error compiling libfwbuilder in FreeBSD:
	The problem was caused by changed major version number of libnetsnmp library
	in the latest net-snmp port (v5.2)

2004-12-01    <vadim@vk.crocodile.org>

	* FWWindow.cpp (openFirewall): fixed bug #1077072: "CrossPlatform
	Firewall Builder Crash" - pressing arrow down key on the keyboard
	right after the GUI started with no firewall objects defined
	caused crash.

2004-11-30    <vadim@vk.crocodile.org>

	* po/ru.qm: Updated Russian translation

2004-11-25    <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cpp (splitIfSrcNegAndFw::processNext): fixed
	bug #1073491: incorrect code for rules using two interfaces with
	negation. If a rule had two (or more) interfaces of the firewall
	in the destination, with negation, the code generated by compiler
	would check one interface's address in INPUT chain and another in
	FORWARD chain. It should check addresses of all interfaces from
	the corresponding rule element in the INPUT chain and also check
	addresses and possibly services from other rule elements in the
	FORWARD chain. This bug affected rules with two or more interfaces
	both in source and destination.

	* po/LINGUAS: translators maintain Russian localization using QT
	linguist rather than gettext, removed ru locale from gettext
	Makefiles but left it in po.pro for installation

	* fwblookup.cpp: a fix to make it compile on FreeBSD w/o gnugetopt
	port

	* utils.cpp (addPopupMenuItem): minor fix to help localization
	('add object' and operation on rules pull-down menus did not
	translate properly)

2004-11-23    <vadim@vk.crocodile.org>

	* instDialog.cpp (continueRun): built-in installer checks exit
	status of the script it runs on the firewall and aborts
	installation sequence if it detects an error. OS resource files
	have been updated accordingly so they return exit status '1' in
	case of error and '0' when they succeed.

	* Compiler_ops.cpp (checkForShadowing): API change: still working
	on the IPService object shadowing changes. ip fragments object was
	shadowing GRE object, which was incorrect. Hopefully this change
	finally fixes it.

2004-11-21    <vadim@vk.crocodile.org>

	* OSConfigurator_linux24.cpp (printPathForAllTools): fixed bug (no
	number): policy compiler for iptables used "tail -1" in the shell
	script that read actual IP addresses of interfaces of the
	firewall. This shell code failed to determine correct address of
	an interface that was configured with a secondary
	address. Reverted to using grep (I switched to tail when ran into
	limitations of one of the beta builds of Sveasoft Linksys firmware
	that did not have grep)

2004-11-18    <vadim@vk.crocodile.org>

	* NATCompiler_ipt.cpp (processNext): fixed bug #1068936:
	"unnumbered interace not using MASQUERADE". Comiler for iptables
	will use target "MASQUERADE" if unnumbered interface is used in
	Translated Source in a NAT rule.

	* utils.cpp (fillLibraries): fixed bug (no num): group object
	dialog showed incorrect library name for groups located in the
	"Standard" library

2004-11-17    <vadim@vk.crocodile.org>

	* listOfLibraries.cpp (add): fixed bug (no number): GUI could not
	find names of the object libraries in external library files that
	user added for automatic load in the Preferences dialog on
	Windows. It would find the name of the library in the first file,
	but failed to find library names in subsequent files and used the
	name from the first file. Since this library was only present in
	the first file, object tree was getting corrupted when the program
	attempted to load this library from every file configured for
	automatic pre-load. This only happened on Windows.

	* dns.cpp (init): API change: fixed bug (no number): program
	crashed on FreeBSD 5.3 when using SNMP to obtain parameters for
	hosts and interfaces. Crash occurred because of use of
	uninitialized mutex variables in module dns.cpp

2004-11-16    <vadim@vk.crocodile.org>

	* main.cpp (main): improved error handling: if the GUI is started
	with a file on the command line or is configured to open a file
	automatically on startup and RCS can not check the file out, the
	GUI will come up empty (with only standard objects loaded).

	* po/ja.po: Added Japanese translation by Tadashi Jokagi
	<elf@elf.no-ip.org>
	
	* DialogFactory.cpp (createFWDialog): added XML element
	FWBuilderResources/Target/dialog to platform and host OS resource
	files. This element describes GUI dialog that should be opened for
	the firewall object for a given firewall platform or host OS. This
	is to be used with customized resource files, e.g. when user wants
	to add their own host OS resource file to change commands used to
	load and activate policy on the firewall. Such customized resource
	file will have unique "description" element (the value of this
	element appears in the pull-down menu in firewall object dialog)
	and the same values for "family" and "dialog" elements to indicate
	which firewall family it belongs to and which dialog should be
	used. Policy compilers consult "family" element to check if the
	firewall platform is supported by the compiler.

	* GroupObjectDialog.cpp (addIcon): fixed bug (no number): group
	object dialog corrupted object names if they contained non-ascii
	characters.

2004-11-13    <vadim@vk.crocodile.org>

	* pixAdvancedDialog.cpp (pixAdvancedDialog): Removed "always new"
	mode for access lists and object groups for PIX
	configurations. This mode works well when user installs new
	configuration but causes problems if they want to reinstall the
	same configuration.

	Also converted old option "pix_add_clear_statements" to one of the
	confgiuration script modes. So, final list of script modes for PIX
	is as follows:

	 - basic or old format when access lists are cleared and added
	 from scratch. This is the simplest mode which can be used if
	 management station connects to the firewall from inside. Remote
	 management over IPSEC tunnel may be difficult since tunnel
	 traffic is blocked as soon as "clear access-list" command is
	 executed.

	 - access-list and object-group commands are generated but "clear
	 access-list" and "clear object-groups" commands are not
	 added. User's installation scripts should take care of that. This
	 option replaces old option pix_add_clear_statements (with
	 opposite semantics)
	
	 - temporary access list is created and added to outside
	 interface, then main lists and object groups are added with
	 permanent names and assigned to interfaces. Temporary list
	 permits all traffic from a single subnet configured in the GUI
	 via option pix_acl_temp_addr. Temporary list is small and is not
	 cleared in the end. Temporary list helps maintain IPSEC tunnel
	 for the time when access-lists are cleared and firewall is
	 running with default acl that does implict deny for all traffic.


2004-11-12    <vadim@vk.crocodile.org>

	* pf.cpp (main): fixed bug (no number): pfctl expects "-F Sources"
	and "-F Tables" command line options with "Sources" and "Tables"
	capitalized.

	* FWObjectDatabase.cpp (merge): API change: changes in the object
	database merge algorithm: when an object database we are trying to
	merge has non-empty "Deleted objects" library, deleted objects
	from this library should be ignored (they used to be deleted from
	the current tree). Likewise, when current tree has non-empty
	"Deleted objects" library and objects in it match objects being
	merged in, objects should be removed from "Deleted objects"
	library to avoid creating duplicate IDs with objects being merged
	in.


2004-11-10    <vadim@vk.crocodile.org>

	* Compiler_ops.cpp (checkForShadowing): API change: fixed bug (no
	number): rule shadowing algorithm now assumes that IPService
	object with protocol number '0' shadows any other service just
	like 'any' does.

	* PolicyCompiler_ipt_optimizer.cpp (optimizeForRuleElement): fixed
	bug #1063953: "Wrong accept/multiport rule generated". Compiler
	generated wrong code for rules using multiple service objects of
	different types (TCP and UDP, or TCP and ICMP etc), multiple
	addresses in src or dst with option that requires using TCP RST
	for action REJECT.

2004-11-07    <vadim@vk.crocodile.org>

	* SSHPIX.cpp (getACLs): New feature: added support for new
	configuration script formats for PIX in installer:

	 - basic or old format when access lists are cleared and added
	 from scratch

	 - access lists have unique names each time policy is recompiled,
	lists are added without clearing.

	 - access lists are added with temporary names and assigned to
	 interfaces, then the same lists are added with permanent names,
	 lists are swapped and temporary lists cleared

	Last two methods provide for instantaneous access list swap so
	that the firewall never runs with empty lists. This helps maintain
	access to the firewall if configuration is installed remotely.


	* SSHPIX.cpp: New feature: Installer always clears unused access
	lists after confgiuration is loaded.
	
	
2004-11-06    <vadim@vk.crocodile.org>

	* fwcompiler/Compiler.cpp (complexMatch): fixed bug #1055937:
	"Any->all_multicasts not in INPUT Chain". Need to check if network
	objects are multicasts; assume that multicast always matches
	firewall object (e.g fwb_ipt will put rule with such network
	object in destination in INPUT chain)


	* instDialog.cpp (instDialog): Added an option to push PIX
	configuration to a standby firewall at the end of install.

2004-11-01    <vadim@vk.crocodile.org>

	* NATCompiler_PrintRule.cpp (_printDstService): fixed bug (no
	number) where compiler for iptables used option
	"--destination-port" with module "multiport" for versions of
	iptables that do not understand it (1.2.6 and later, as well as
	default version setting 'any'). The option should be
	"--destination-ports" or "--dports".

2004-10-31    <vadim@vk.crocodile.org>

	* FWBSettings.cpp (init): fixed bug (no number): Policy installer
	failed if the following conditions were met:
	 - it was running on Linux, FreeBSD or Mac OS X
	 - working directory configured in the "General" tab of the
	 Preferences dialog did not exist and could not be created or its
	 permissions did not allow user that runs the GUI to access it

	* NATCompiler_ipt.cpp (processNext): fixed bug (no number) in
	fwb_ipt that caused no-nat rules with firewall in OSrc to be
	placed only in OUTPUT chain. Packets originating on the firewall
	go into OUTPUT and POSTROUTING chains, so no-nat rules must be
	placed in both. Other minor improvements for NAT of the locally
	originated connections have been done as well.

2004-10-30    <vadim@vk.crocodile.org>

	* NATCompiler_PrintRuleIptRst.cpp (_endRuleLine): fixed bug (no
	number): compiler placed extra quote '"' at the end of each NAT
	command in the script using iptables-restore; this happened
	only if all interfaces of the firewall had static addresses.

	* PolicyCompiler_PrintRule.cpp (_printProtocol): testing policy
	installation via iptables-restore with old versions of iptables
	(1.2.6a). Need to include "-m tcp", "-m udp" or "-m icmp",
	otherwise iptables-restore does not understand options "--dport",
	"--tcp-flags" and some others. Also had to use "--tcp-flags
	SYN,RST,ACK SYN" instea dof "--syn" for better backwards
	compatibility.

2004-10-26    <vadim@vk.crocodile.org>

	* ipt.cpp (main): iptables: Added ability to instert shell
	commands defined in the prolog script in three places:

	  - on the top of generated script

	  - after interface configuration but before resetting existing
	  iptables policy

	  - after existing policy rules are flushed and optional global
	  implied rules added but before all policy and NAT rules

2004-10-24    <vadim@vk.crocodile.org>

	* PolicyCompiler_PrintRuleIptRst.cpp (_createChain): implemented
	Feature Request #1021201: "output iptables-restore compatible
	config from fwb_ipt". Policy compiler for iptables can use
	iptables-restore to activate firewall policy. Iptables-restore
	provides for atomic policy load and allows to load large policy
	much faster. Atomic load means the whole filter or nat table is
	activated at once, and if there is an error, nothing is
	changed. Compiler generates script in three possible formats:

	  - the ususal shell script that adds rules one at a time by
	  executing iptables command with an "-A" flag to add a rule;

	  - commands are fed to iptables-restore, this format is used when
	  all interfaces of the firewall have static IP addresses and
	  script does not need to determine addresses at run time;

	  - script determines IP addresses of interfaces and discovers
	  dynamic interfaces that were defined as a "wildcard" interface
	  in fwbuilder (e.g. 'ppp*'); code that is sent to
	  iptables-restore is generated dynamically by the script at run
	  time.
	
	Using iptables-restore is optional and is controlled by
	the checkbutton in the "Script options" tab of firewall settings
	dialog. Path to iptables-restore utility can be set in the "Paths"
	tab of the host settings dialog.

	* A change in the script generated by fwb_ipt: if iptables-restore
	is not used to load policy, generated shell script purges existing
	firewall policy (all tables and chains) and sets default chain
	policies after it configures interfaces of the firewall.
	Previously, it would flush tables and set default policy before it
	configured interfaces.

2004-10-23    <vadim@vk.crocodile.org>

	* RuleSetView.cpp (pasteRuleAbove): fixed bug #1028866: "incorrect
	order when several rules copied using copy/paste". Pasting
	multiple rules into an empty policy caused rules to be inserted in
	the wrong order.

	* freebsdAdvancedDialog.cpp (freebsdAdvancedDialog): fixed bug
	#1046345: "ipfw - no option to specify ipfw executable". Added GUI
	control to let user specify alternative path to "ipfw" on
	FreeBSD. Control like that was previously available only for Mac
	OS X

	* PolicyCompiler_ipt.cpp (checkForMatchingBroadcastAndMulticast),
	Compiler.cpp (_complexMatchWithInterface): fixed bug #1040773:
	need to match network address as well as broadcast. Packets sent
	to the network address (192.168.1.0 for net 192.168.1.0/24) go in
	the broadcast frame and behave just like IP broadcast packets
	(sent to 192.168.1.1255 for the same net)

	* PolicyCompiler_ipt.cpp (finalizeChain::processNext): fixed bug
	#1040599: "unnecessary FORWARD rules". If ip forwarding is turned
	off in the host settings dialog of the linux-based firewall,
	compiler should not generate rules in FORWARD chain.

2004-10-20    <vadim@vk.crocodile.org>

	* linux24.xml.in: Added element "Target/family" to all OS resource
	XML files. Compilers use "family" resource element to determine if
	host OS is supported. User may want to copy host OS resource file
	to modify installer scriptlets; as long as the family element is
	kept the same, compiler will accept new resource file.

	* linksys.xml.in: Added elements
	"Target/options/suppress_comments" and
	"Target/options/suppress_modules" to the OS resource files
	linksys.xml and linux24.xml. These options suppress printing
	comments in the generated script and remove commands that load
	kernel modules. These options are used for Linksys/Sveasoft
	appliance but can also be used for other firewalls based on Linux.

2004-10-19    <vadim@vk.crocodile.org>

	* pf.cpp (main): Activation script for PF flushes only information
	about rules, nat, source and tables (it used to flush "all"). This
	preserves queue entries and states.

	* ipt.cpp (main): moved rule permitting backup ssh access from the
	management station to the firewall to the top of the script. This
	helps maintain ssh session, otherwise it may stall or break
	because stdout buffer is filled with diagnostic or progress output
	from the script that is printed after all chains are flushed but
	before rule permitting ssh to the firewall is added. If stdout
	buffer is full, ssh stops and tries to send the text to the
	management station but times out because firewall blocks it.

	* ipt.cpp: removed code that added iptables command to the "drop"
	table to drop and log all dropped packets. This rule used
	obsoleted patch-o-matic patch "drop" which is not available
	anymore.
	
2004-10-17    <vadim@vk.crocodile.org>

	* ipt.cpp (main): fixed bug (no number): all policy compilers
	properly detect an error when the output file can not be created
	or overwritten and print error message to warn the user.

	* New feature: added support for prolog and epilog scripts for all
	firewall platforms. This was available for PIX for some time, now
	it has been added for all platforms. "Prolog/Epilog" tab of the
	firewall settings dialog allows for editing of two blocks of
	commands that will be added to the generated firewall script
	verbatim. Prolog block is added on top, while epilog block is
	added at the bottom. Both prolog and epilog are expected to be
	shell scripts and are added to the generated shell script that
	activates firewall. For iptables and ipfw all compiler generates
	is this shell script and prolog and epilog commands are inserted
	into it. These commands may execute some actions, as well as add
	any policy or nat commands. For ipf and pf prolog and epilog
	commands are added to the activation shell script ( .fw file);
	prolog is added immediately after the command that flushes all
	rules. This way user may either execute shell commands or add
	policy and/or nat rules by loading them from external file.

2004-10-10    <vadim@vk.crocodile.org>

	* FWWindow.cpp (addFirewallToList): fixed bug (no number)
	introduced in 2.0.3 when GUI crashed if user tried to choose
	pull-down menu item in the firewall list after the very first
	firewall object has been created.

	* SSHPIX.cpp: Added #include <errno.h> to make code compile with
	gcc 3.4.2 and glibc 2.3.3

	* ipt.cpp (main): fixed bug #1040788: fwb_ipt and user
	name. Compiler used to read environment variable "USER" to find
	out user's name. Sometimes this variable is not set, which caused
	compiler to abort. Using env variable LOGNAME in addition to USER.

2004-09-30    <vadim@vk.crocodile.org>

	* v2.0.3 released
	
2004-09-28    <vadim@vk.crocodile.org>

	* instDialog.cpp (instDialog): since config diff is broken for pix
	v6.3(3) (because it does not permit adding duplicate ACL entries),
	"save diff to file" option is temporary disabled. "Incremental"
	install renamed to "install only ACL,icmp,telnet,ssh,nat,global
	and static commands"

2004-09-27    <vadim@vk.crocodile.org>

	* OSConfigurator_linux24.cpp (printPathForAllTools): script
	generated by compiler for iptables checks if /usr/sbin/ip exists
	on the firewall before it tries to use it to verify interfaces and
	configure IP addresses. This check is only performed if user
	activated options that use this tool. An error message "Interface
	eth0 does not exist" was generated if package iproute2 was not
	installed on the firewall, which was confusing.

	* FWWindow.cpp (doCompile): Added option "output file name" to
	firewall settings dialogs for all platforms. User can specify the
	name for the output file; this name is then used by built in
	installer in place of a macro %FWSCRIPT%.

	* ipt.cpp (main): Added command line option "-o" for all compilers

	* FWWindow.cpp (save): fixed bug #1035800: "Autosave failure opens
	error window repeatedly". This bug was in fact fixed earlier.

2004-09-26    <vadim@vk.crocodile.org>

	* FWWindow.cpp (fileSaveAs): fixed bug #1035130: 'Persistent
	"Save" dialog box'. Certain combination of actions on user's part
	used to lead to an indefinite loop of "do you want to save the
	data" dialogs. The problem was triggered if user skipped choosing
	a name for the new file in startup dialog.

	* linux24.xml.in: fixed bug #1035132: "compile errors with default
	Linksys firewall object". This bug has been introduced in build
	435. When user created a new firewall object using one of the
	template objects, the GUI would add bunch of garbage to the
	firewall options. This garbage violated XML DTD, so compilers and
	the GUI would not accept the data file anymore.

2004-09-25    <vadim@vk.crocodile.org>

	* ipt.cpp (main): using "set -x" to turn debugging on in generated
	iptables script. This will work even if the script is activated
	with "sh script.fw" command.

	* OSConfigurator_linux24.cpp (generateCodeForProtocolHandlers):
	changed commmand line for sed to more portable version. We used to
	use 'stmt; stmt' syntax, which is not always portable. Switched to
	a supposedly more portable syntax using multiple "-e" command line
	options.

2004-09-23    <vadim@vk.crocodile.org>

	* instDialog.cpp (getActivationCmd): fixed bug (no number): as of
	build #430, installer ignored activation command configured in the
	"install" tab of firewall settings dialog. Restored this
	functionality.

	* OSConfigurator_linux24.cpp (printPathForAllTools): just like
	with "tail -1", some busybox based systems require "head -1" to be
	changed to "head -n1"

2004-09-22    <vadim@vk.crocodile.org>

	* instDialog.cpp (testRunRequested): fixed bugs in installer that
	prevented it from working on OpenBSD. Enabled shceduled reboot for
	all OS except PIX.

2004-09-21    <vadim@vk.crocodile.org>

	* instDialog.cpp (testRunRequested): "schedule reboot" option is
	only enabled for linksys since it does not work on other platforms
	(yet)

	* FWWindow.cpp (openFirewall): implemented Feature Request
	#1032126: "Firewall label for clarity". Printing the name of the
	firewall object that is opened in the policy panel in a large font
	right above interface/policy tabs. This was easy to implement but
	I consider it an experiment. Will request feedback from users.

	* SSHSession.cpp (startSession): refactored code in built-in
	installer. Moved interaction with ssh to classes SSHSession,
	SSHUnx and SSHPIX. Moved "scriptlets" that are executed on
	firewall to activate policy in different modes to resource
	files. Using ssh rather than scp to copy policy script to
	unix-based firewalls (pscp.exe on Windows works only if the server
	supports sftp, but dropbear on Linksys does not support it so
	installer breaks if we use scp/pscp.exe to copy the policy).
	Still having problems with scheduled reboot option on Linux/BSD
	firewalls (it works on Linksys though).

	* OSConfigurator_linux24.cpp (printPathForAllTools): bugfix: some
	editions of busybox do not support "tail -1" syntax and require
	"tail -n1"

2004-09-19    <vadim@vk.crocodile.org>

	* instDialog.cpp (getActivationCmd): Improvement in the built-in
	installer: added an option to schedule automatic firewall reboot
	in specified time (in minutes) after policy activation. This
	option is available for all firewall platforms but PIX. This
	option only works if user requested policy activation in a test
	mode, in which case policy is copied and activated on the firewall
	but not stored in the permanent location. After reboot the
	firewall reverts to the previous version of the policy. To cancel
	scheduled reboot, run installer again with "test run" option
	turned off. Installer stores the policy in the permanent location,
	activates it and cancels scheduled reboot.

	* src/res/os/linux24.xml.in and other: moved all commands used by
	built-in installer to resource files.

2004-09-18    <vadim@vk.crocodile.org>

	* NATCompiler_pf.cpp (processNext): NAT rule of type DNAT (rdr
	rule) is assigned to an interface of the firewall if interface
	object or its address object is used in ODst. To get rdr rule
	without interface assignment, use an Address or a Host object that
	has the same IP address as that of firewall's interface but that
	is not a child of an interface. This is the same approach that is
	used in iptables.

	* PolicyCompiler_pf.cpp (compile): Compiler for pf always uses
	tables; this breaks compatibility with older OpenBSD systems (3.2
	and 3.3)

	* PolicyCompiler_pf.cpp (findDynamicInterfaces): Compiler for pf
	puts interface name in a table even if interface is dynamic for
	rules that use multiple objects in src or dst and one of these
	objects is dynamic interface of the firewall that is being
	processed. Using dynamic interface of another object in a rule is
	still considered an error. Compiler puts the name of dynamic
	interface in a table verbatim, without brackets '(' ')' since pf
	does not replace dynamic interface with its address dynamically if
	it is used in a table (pfctl issues an error if interface is put
	in brackets)

2004-09-17    <vadim@vk.crocodile.org>

	* OSConfigurator_linux24.cpp (configureInterfaces): flushing only
	secondary ip addresses on interfaces. This should fix a bug that
	caused linksys/sveasoft unit to lose default route upon reboot if
	external interface has static IP address.

2004-09-15    <vadim@vk.crocodile.org>

	* PolicyCompiler_pf.cpp (addDefaultPolicyRule): fixed bug
	#1028980: "need an option to turn logging on on fallback rule"

	* PolicyCompiler_pf_writers.cpp (processNext): fixed bug #1028973:
	fwb_pf: missing "flags S/SA" in front of "modulate state"

	* pfAdvancedDialog.cpp (pfAdvancedDialog): added an option to
	permit tcp sessions opened prior to firewall restart. This is
	needed now since compiler generates "flags S/SA" for the "keep
	state" and "modulate state" rules which means firewall won't
	permit TCP sessions unless it saw opening SYN packet.

	* instDialog.cpp (getActivationCmd): improvements in policy
	installer: added an option for test run. When this option is
	activated, policy script is pushed to the firewall and is executed
	but is not stored there permanently. Firewall reverts to the last
	working configuration after reboot.

	* NATCompiler_ipt_writers.cpp (processNext): using abbreviated
	versions of "--dport", "--sport", "--dports", "--sports" options
	to make generated iptables script smaller. Also changed the name
	of the variables used to hold IP address of dynamic interface from
	"interface_<ifname>" to "i_<ifname>". All this should help to fit
	larger policies into small FLASH on linksys. These changes shrunk
	my test script from 7964 bytes to 7430 bytes

2004-09-14    <vadim@vk.crocodile.org>

	* platforms.cpp (isDefaultOptions): fixed bug #1028078:
	"options.png is not displayed for "Assume firewall is part..."

	* pfAdvancedDialog.cpp (pfAdvancedDialog): fixed bug (no num):
	"firewall settings" dialog for OpenBSD pf did not save option "Use
	tables".

	* instDialog.cpp (getActivationCmd): implemented compression of
	the firewall script for Linksys/Sveasoft combo. Using gzip and
	uuencode/uudecode to compress the script and store it in flash
	variable 'fwb'. Installer prints flash memory stats after
	commiting changes. Installer uses scp to copy firewall script to
	the firewall and autogenerated prompt to detect when it logged in;
	it does not depend on Linksys shell prompt anymore.

2004-09-12    <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cpp (addPredefinedPolicyRules): implemented
	feature request #1023430: "add checkbox for INVALID support in fw
	settings". Added two checkboxes to the firewall settings dialog:
	one adds a rule to drop INVALID packets and another adds logging
	to the rule.
	
	* FWWindow.cpp (fileSaveAs): fixed bug #1026945: '"Save As" does
	not work if current file is in RCS'

	* FWWindow.cpp (removeFirewallFromList): fixed a bug (no number):
	after deleting a library firewall objects that belong to it were
	not removed from the pull-down list

	* PolicyCompiler_ipt_optimizer.cpp (optimizeForRuleElement): fixed
	bug #1026794: multiple SRC ntwks --> "iptables: invalid
	argument". Recent changes in optimizer introduced this bug. Rules
	with multiple objects in src or dst, TCP service, action Reject
	and option "reject with TCP RST" would generate iptables command
	that used option "--reject-with tcp-reset" without "-p tcp"

	* PolicyCompiler_pf_writers.cpp (_printDstAddr): fixed bug
	#1006906: "Negated network causes pass on network". Compiler for
	pf uses native negation syntax that is now available in pf 

2004-09-11    <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cpp (TimeNegation): fixed bug #1022216:
	"negated time produces incorrect iptables rule". Implemented
	negation for the "Time" rule element for iptables

	* PolicyCompiler_ipt.cpp (processNext): fixed bug #1026509:
	"incorrect rules generated for dual negation with time". Compiler
	generated incorrect iptables commands for rules that had negation
	in two or more rule elements, one of which was Time.

2004-09-09    <vadim@vk.crocodile.org>

	* OSConfigurator_linux24.cpp (prolog): rules that permit packets
	associated with ESTABLISHED,RELATED states moved to the beginning
	of the script before NAT rules.

	* PolicyCompiler_ipt_writers.cpp: added a checkbox and support in
	policy compiler for iptables to generate rules that drop packets
	that are associated with no know connection (state "INVALID")

2004-09-08    <vadim@vk.crocodile.org>

	* Firewall.cpp (duplicate): API change: fixed bug (no number): all
	references to the interfaces, as well as their IP and MAC
	addresses, in policy and NAT rules should be replaced when
	Firewall object is duplicated. Until now only references to the
	firewall object itself and to its interfaces were replaced with
	references to the newly created copies of object. References to IP
	and MAC addresses still pointed at the old objects.

	* FWObjectDatabase.cpp (IDcounter): fixed bug #1022788: "GUI
	corrupts XML file after creating a second firewall". Global object
	ID counter was getting reset every time new FWObjectDatabase
	object was created. This lead to the ID collision if user quickly
	created and deleted complex objects (such as Firewall) and used
	database merge. This should also fix bug #1022785: "GUI corrupts
	XML file after creating a host entry"

	* PolicyCompiler_ipt_optimizer.cpp (processNext): fixed bug
	#1024861: "optimizer is broken in fwb_ipt". Used idea and a patch
	by Mark Vevers <mark@vevers.net>. Fixed compiler fwb_ipt generates
	more efficient iptables script for rules with multiple objects in
	all rule elements. The script is smaller and eliminates
	unnecessary comparisons for packet attributes. Every attribute
	(i.e. source address, destination address, protocol and port
	numbers) is checked by the script only once. This should help
	reduce load on firewalls with lots of complex rules.
	
	* VERSION: set version to 2.0.3

2004-08-31    <vadim@vk.crocodile.org>

	* v2.0.2 released
	
2004-08-31    <vadim@vk.crocodile.org>

	* ipt.cpp (main): fixed bug #1019943: "Missing ip addresses in the
	rule using interfaces"

	* linksysAdvancedDialog.cpp (linksysAdvancedDialog): fixed bug
	#1019691: "040829 nightly build doesn't add paths for linksys"

2004-08-30    <vadim@vk.crocodile.org>

	* VERSION (VERSION): version 2.0.2, revision 1

	* aboutdialog_q.ui.h (init): "About" dialog shows registration
	status (used only in non-GPL versions)

2004-08-28    <vadim@vk.crocodile.org>

	* fixed FreeBSD port, now compiles on 5.3BETA

2004-08-25    <vadim@vk.crocodile.org>

	* RuleOptionsDialog.cpp (loadFWObject): Added support for options
	"max", "max-src-nodes" and "max-src-states" in pf. These allow to
	limit number of concurrent state table entries ("max"), number of
	source addresses that can simultaneously have state table entries
	("max-src-nodes") and number of simultaneous state entries per
	source address ("max-src-states") per rule.

	* LibExportDialog.cpp (accept): fixed bug #1015884: "Export more
	than one library fails with 0 references". Export library
	operation failed if user exported two libraries with groups or
	rules in one library referencing objects in the other.

2004-08-24    <vadim@vk.crocodile.org>

	* pfAdvancedDialog.cpp (pfAdvancedDialog): Implemented support for
	all timeout settings in pf: tcp.first,tcp.opening,tcp.established,
	tcp.closing,tcp.finwait,tcp.closed,udp.first,udp.single,udp.multiple,
	icmp.first,icmp.error,other.first,other.single,other.multiple, including
	adaptive timeout scaling options adaptive.start and adaptive.end


2004-08-23    <vadim@vk.crocodile.org>

	* FWBTree.cpp (getStandardSlotForObject): fixed bug #1014725:
	"adding new ICMP types". If user created service group with the
	name "ICMP", the GUI would place new ICMP objects under this group
	instead of the standard folder "ICMP". There was the same problem
	with other object types, too.

	* ObjectManipulator.cpp (simplifySelection): debugging in
	operations "delete object", "move object", "undelete". Making sure
	we can delete and undelete libraries, delete and move several
	objects at once, group several objects. There were problems if
	user selected several host or firewall objects using Shift-Click
	(although interface and address objects were not visible to the
	user, they were selected and acted upon in delete or move
	functions; this lead to unexected results or crashes).

2004-08-22    <vadim@vk.crocodile.org>

	* templates.xml.in: added template firewall objects for Linksys
	firewall and a web server.

	* templates.xml.in: fixed bug #1013957: "incorrect NAT rule in
	firewall created from template #3". The problem was caused by
	incorrect ip address of interface "dmz" in the template object #3.

	* pixAdvancedDialog.cpp (pixAdvancedDialog): implemented a backup
	ssh access rule. The user specifies management station IP in the
	firewall settings dialog for PIX and compiler adds a rule on top
	of all other rules to permit ssh from this address to the
	firewall.

2004-08-21    <vadim@vk.crocodile.org>

	* OSConfigurator_linux24.cpp (prolog): avoiding grep in the
	generated iptables script - Sveasoft Alchemy pre-5.2.3 does not
	have grep

	* API change: fixed bug #1012733: "configure --libdir=DIR will be
	ignored at installation". Needed to use macro _libdir to specify
	target directory for libraries. Used it in configure, qmake.in,
	libfwbuilder-config-2 and a .spec file

	* objects_init.xml.in: added new service objects to the Standard
	objects library: "xmas scan" (old object renamed "xmas scan -
	full"), rsync, distcc, cvspserver, cvsup, afp, whois, bgp, radius
	and radius acct, SSDP and UPnP. This fixes bug #1011248: "need two
	xmas scan service objects"

	* FWWindow.cpp (fileImport): function File/Import offers a choice
	of .fwl, .fwb and "all files" in the open file dialog. This fixes
	bug #1013485: "File/Import should allow to import .fwb file"

	* FWWindow.cpp (load): fixed bug #1008956: "Existing .fwb file
	gets overwritten if has wrong extension". If the GUI needs to
	rename a data file with old extension .xml to .fwb, it checks if a
	file with new extension exists and offers user a chance to choose
	a different name. It also treats symlinks in a special way: if
	user creates a symlink with extension .xml pointing at a file with
	extension .fwb, the GUI simply follows the link and works with
	.fwb file. This should work with Windows shortcuts, too. 

	* instDialog.cpp (instDialog): built-in installer uses shell
	prompt string patterns configured in the host OS settings dialog
	for linksys. This fixes bug #1013022: "can not install policy
	script on linksts Alchemy pre-5.2"

	* linksysAdvancedDialog.cpp (linksysAdvancedDialog): Added host OS
	settings dialog for linksys/Sveasoft. Dialog provides entry fields
	for paths to iptables, lsmod, modprobe, logger tools and two shell
	prompt string patterns, this should help to work around changes in
	the shell prompt on Linksys. This fixes bug #1013018: "host OS
	settings" dialog is missing for linksys

2004-08-20    <vadim@vk.crocodile.org>

	* ObjectManipulator.cpp (contextMenu): fixed bug #1009345: "Can
	only move one host object at a time between libraries"

	* ObjectManipulator.cpp (deleteObj): fixed bug #1013177: "deleting
	multiple hosts causes crash"

	* DTD change: fixed bug #1011617: "deleting physcal address object
	leads to the DTD violation"
	
2004-08-08    <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt_writers.cpp (_printDstService): fixed bug
	#1005148: "MAC matching - space missing". Space was missing
	between MAC address and custom service code.

2004-08-06    <vadim@vk.crocodile.org>

	* listOfLibraries.cpp (add): fixed compile problem on systems
	where QT is built without STL support

	* PolicyCompiler_ipt_writers.cpp (_printLimit): fixed bug #1004153
	"limit-burst = 0 is not valid". Iptables does not accept the rule
	using "limit-burst" option if it is set to zero.

2004-08-04    <vadim@vk.crocodile.org>

	* ObjectManipulator.cpp (pasteTo): fixed bug #1003068: "object
	copy/paste not always working". IP address object could not be
	placed under interface using copy/paste operation. Now ip address
	object can be pasted to interface as well as to Objects/Addresses
	folder.

	* FWWindow.cpp (fileDiscard): Operation File/Discard closes the
	file, discards all the changes that have been made to it and
	replaces it with a fresh copy of the head revision from RCS. This
	works if user wants to abort file upgrade when they switch to the
	new version of fwbuilder.

2004-08-02    <vadim@vk.crocodile.org>

	* FWObject.cpp (deleteChildren): fixed bug #1001833: "memory leak"
	- children objects were not deleted when FWObjectDatabase object
	was destroyed.

	* iptAdvancedDialog.cpp (accept): fixed bug #1002388: "Clamp MSS
	to MTU" option is missing in 2.0

2004-08-01    <vadim@vk.crocodile.org>

	* objects_init.xml.in: there were two TCP Service objects
	"linuxconf" in the Standard objects library. Object with ID
	id3AED0D6D has been removed. It seems this object has been
	duplicated long time ago (at least it was like this in 1.1.2)

	* FWObject.cpp (getPath): fixed bug #1001725: "object with empty
	name can not be deleted". the problem was caused by the algorithm
	used in FWObject::getPath. If object had had a blank name, the
	path returned by this method would end with the name of its parent
	without slash.

	* FWWindow.cpp (showFirewalls): fixed bug #1000485: "Firewalls in
	the drop-down box not ordered". List of firewalls in the pull-down
	that controls policy views is now alphabetically sorted on program
	startup.

	* utils.cpp (fillLibraries): fixed bug #1000862: "Creating groups
	in Deleted Objects". Library "Deleted objects" should not be
	offered as a choice for "group objects" operation.

	* ObjectManipulator.cpp (contextMenu): fixed bug #1001275: "object
	duplication fails w/ no action". GUI used to not allow user to
	duplicate IP address object. Now any object can be duplicated so
	that the copy is placed under the same parent, including IP
	address.

	* ICMPServiceDialog.cpp (applyChanges): fixed bug #1001521: "Cant
	create ICMP service". ICMP Service dialog did not save icmp code
	and type numbers in the object.

2004-07-29    <vadim@vk.crocodile.org>

	* 2.0 released, CVS tag set

2004-07-27    <vadim@vk.crocodile.org>

	* FWWindow.cpp (install): the GUI calls external installer script
	if it is configured in firewall settings dialog when user clicks
	'Install', otherwise it should use built-in installer.

2004-07-24    <vadim@vk.crocodile.org>

	* RuleSetView.cpp (insertRule): correctly copying rule direction
	when interface rule is copied/pasted

	* instDialog.cpp (selected): proper error messages for management
	interface misconfigurations

2004-07-20    <vadim@vk.crocodile.org>

	* ICMPServiceDialog.cpp (loadFWObject): ICMP service dialog allows
	for setting type and code to 'any' (-1)

2004-07-19    <vadim@vk.crocodile.org>

	* OSConfigurator_linux24.cpp (processFirewallOptions): fixed bug
	#992969: "argument to log should be quoted"

2004-07-14    <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cpp (processNext): working on bug #990037:
	"Wrong rule generated: fw interface included in negated
	group". Rules with negation should not generate code in
	INPUT/OUTPUT chains if option "assume firewall is part of any" is
	off.

	* ObjectManipulator.cpp (delObj): fixed bug #990675: "Application
	crashes when deleting objects"

2004-07-11    <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cpp (splitIfSrcNegAndFw): optimized
	processing of policy rules where firewall object is used in src or
	dst with negation (possibly in combination with other
	objects). Before, generated script would match firewall's
	addresses in INPUT/OUTPUT and FORWARD chains which added redundant
	checks in the FORWARD chain.

	* NATCompiler_ipt.cpp (processNext): fixed bugs #935794: "dual
	translation and negation in fwb_ipt" and #986376: "Wrong result
	for negated source in NAT rules". Dual translation rule with
	negation in OSrc did not process negation in the second half
	(POSTROUTING rule, the one that translates the source).

	* NATCompiler_ipt.cpp (processNext): fixed bug #965558: "False
	ruleset generated for iptables (negate w/ nat)". There were
	problems with double negations in NAT rules (OSrc and ODst, or
	ODst and OSrv, etc).

	* OSConfigurator_linux24.cpp (printPathForAllTools): fixed bug
	#988860: "Logging missing when firewall start is aborted". When
	iptables script generated by fwb_ipt finds missing interfaces,
	it prints error message both on stdout and sends it to the log.

2004-07-10    <vadim@vk.crocodile.org>

	* FWObject.cpp (_moveToDeletedObjects): now move deleted objects
	to the special library with id 'sysid99' rather than delete them
	completely. This serves two purposes:
		1. can easily provide for undelete function which is very
		useful
		2. can catch a situation when an object has been deleted
		fromt he external library but is still used in the data
		file

	* FWObjectDatabase.cpp: while merging object trees, checking for
	deleted objects. If an object is present in the current tree but
	has been deleted in the file being merged in, special form of
	conflict resolution dialog is shown. User has only one option - to
	delete the object from the file. Typical situation when this
	happens is when an object from external library is used in a rule
	or group in a data file, then this object is deleted in the
	external library. If this external library is preloaded and then
	the data file using this object is opened, conflict occurs because
	this object is present in the file but is in the "Deleted objects"
	in the library. The problem is that the library is read-only, so
	if we kept the object (actually, its copy coming from the data
	file), the user would not be able to delete it. So, not only
	object magically reappeared after it has been deleted from the
	library, it appeared in read-only library and can not be deleted
	anymore. To avoid this situation we must delete it in the file if
	it has been deleted in the library.
	
	* ObjectManipulator.cpp (delObj): "delete object" function moves
	it to "Deleted objects" library.
	
	* PrefsDialog.cpp (accept): Added checkbox "Show deleted objects"
	to the preferences dialog. If this option is on, user has access
	to deleted objects via library "Deleted objects". 

	* ObjectManipulator.cpp (contextMenu): pull-down menu item "Move"
	turns into "Undelete" if an object is in "Deleted objects"
	library. This provides for a simple undelete function.

	
2004-07-09    <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cpp (processNext): fixed bug #925199:
	"compiles wrongly a double negation". Policy compiler for iptables
	generated incorrect code for rules where two rule elements used
	negation (i.e. both src and dst, or dst and srv, etc.)

	* PolicyCompiler_ipt.cpp (prolog): fixed bug #978854: "false rule
	generated for fw object in interface rule". Policy compiler for
	iptables generated incorrect code for rules using negated firewall
	object in source or destination when global option "assume
	firewall is part of any" was turned off.
	
	* fwb_ipt: implemented Feature Request #913273: make "assume fw is
	part of any" a per-rule option
	
2004-07-08    <vadim@vk.crocodile.org>

	* FWWindow.cpp (setupAutoSave): Added an option for autosave - if
	this option is turned on, the gui periodically saves data to the
	file. The autosave interval can be set between 1 minute and 2
	hours.

	* ipt.cpp (main): fixed bug #917422: "compiler misinterprets
	interface with addr 0.0.0.0". If an interface has IP address
	"0.0.0.0", it is considered an error.
	
	* added option "strip comments in the script" to the installer
	  for Linksys and PIX

	* do "nvram uset rc_firewall" before loading fw script on
	  Linksys

	* added the following to the list of errors for Linksys
            /dev/nvram: Cannot allocate memory
          
	* skip table "mangle" when flushing iptables rules

	
2004-07-07    <vadim@vk.crocodile.org>

	* NATCompiler_ipt_writers.cpp (processNext): fwb_ipt does not
	include comments in the script if it is intended for linksys
	firewall. Linksys has small nvram and script should be kept small,
	otherwise it may not fit in nvram.

	* NATCompiler_pf.cpp (processNext): fixed bug #986518: "PF
	redirection always point to loopback address"

2004-07-06    <vadim@vk.crocodile.org>

	* instDialog4.cpp (stateMachineLinksys): Activating policy on
	Linksys/Sveasoft wothout reboot (using command "nvram get
	rc_firewall | /bin/sh" instead)

	* OSConfigurator_linux24.cpp (prolog): added an option to firewall
	platforms iptables, ipfilter, pf and ipfw that sets up a policy
	rule to permit ssh access from one specified IP address to the
	firewall regardless of other rules. This is for a backup ssh
	access from the management workstation in case of an error in the
	policy that locks user out of the firewall. The option (a checkbox
	and entry field for the management station address) is located in
	the "Compiler" tab of the firewall settings dialog. A command that
	permits ssh to the firewall from the given address is added on top
	of all other rules.

2004-07-05    <vadim@vk.crocodile.org>

	* RuleSetView.cpp (dropEvent): fixed bug #985187: "Usability bug:
	Copy objects from one rule to another". Dragging an object from
	one rule to another with Ctrl down makes a copy. If Ctrl is up,
	then the object is moved.

	* instDialog4.cpp (stateMachineLinksys): Added support for Linksys
	devices running Sveasoft firmware. Firewall object should be
	configured as platform "iptables", host OS "linksys". Policy
	installer works both using password and public key authentication.

	* NATCompiler_pf_writers.cpp (processNext): fixed bug #985527: pf
	NAT rules miss destination port specification. NAT rules that
	translate to "map" missed destination port specification.

	* main.cpp: the gui can now use external wrapper scipts for ssh
	and scp all the way (removed all direct references to commands
	"ssh" and "scp", use whatever is configured in preferences
	everywhere)

2004-07-04    <vadim@vk.crocodile.org>

	* RuleSetView.cpp (contextMenu): fixed bugs in the rule
	selection. The user can select one rule with a simple left-click
	on the rule number, or multiple consequtive rules using
	shift-left-click. Selecting non-ajacent rules with ctrl-click is
	not supported; ctrl-click acts as normal click. Right-click calls
	context menu and uses existing selection if click is on one of the
	selected rules, or resets it if click is outside of the selection.

2004-06-29    <vadim@vk.crocodile.org>

	* ObjectTreeView.cpp (dragObject): implemented drag and drop of
	multiple objects. User can select and then drag several objects
	from the tree to a group or a rule.

	* LibExportDialog.cpp (accept): a change in the export library
	algorithm. We now permit exporting several libraries to one file,
	but check that all these libraries have only references to each
	other and to objects in the Standard lib and have no references to
	objects in libraries that are not going to be exported to the same
	file. This ensures integrity of this file and helps avoid pulling
	objects from other libraries into it. User can edit objects in the
	exported libraries by opening this file as usual; the GUI does not
	preload libraries configured in Preferences/Libraries when .fwl
	file is opened and unlocks all libraries in this file so objects
	can be edited. This way user can edit objects and move them
	between libraries in the .fwl file.

2004-06-28    <vadim@vk.crocodile.org>

	* RCS.cpp (RCSEnvFix): fixed a bug (no #) that appeared only on
	Windows: the GUI failed to check a file in to RCS if it was
	launched by windows explorer via file extension association.

	* platform.cpp: pull-down "versions" is now translatable and says
	"1.2.9 or later" for iptables v > 1.2.9

2004-06-26    <vadim@vk.crocodile.org>

	* LibExportDialog.cpp: when a library is exported to a file, the
	program checks whether any groups or rules in this library use
	objects in the othe libraries. Only self-contained libraries can
	be exported.

2004-06-24    <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cpp (processNext): fixed bug #979484:
	"improper command for rule with servie any and action reject."
	For rules like that, and if rule options dialog does not specify
	particular way to handle this combination, the compiler splits the
	rule; the first iptables command rejects any tcp packet with TCP
	RST, while the second rejects everything else with ICMP message.

	* minor bugfixes in the gui

	* incorporated changes suggested by a user to make code compile
	with gcc 3.4

2004-06-23    <vadim@vk.crocodile.org>

	* LINGUAS: added Vietnamese translation .po file

	* FWBSettings.cpp (init): Option "do not save standard libraries
	in the user's data file" is now ON by default. User can still turn
	it off though.

	* FWWindow.cpp (save): Usability fixes in methods that work with
	libraries:

	  - libary files have extension .fwl
	
	  - preloaded libraries are always read-only (flag RO is set when
	  library file is loaded, regardless of the value this attribute
	  has in the file)

	  - user can open library file using normal File/Open
	  operation. Read-only flag is cleared when library file is
	  opened, so it can be edited. File can be added to RCS and saved
	  using normal File/Save or File/SaveAs operations.

	  - When user opens library file for editing, other libraries that
	  are configured in Preferences/Libraries are not preloaded.

	

2004-06-22    <vadim@vk.crocodile.org>

	* LibExportDialog.cpp (init): when object library is exported to a
	file, the file gets extension .fwl to distinguish it from the
	regular data file. The GUI allows to export only one library to a
	file.

	* FWWindow.cpp (fileDiscard): added main menu function
	"File/discard" which discard all changes that have been done to
	the data and saved to the file and checks out clean copy of its
	head revision from RCS. This provides for a quick way to roll back
	to the latest revision. Older revisions can be checked out from RCS
	using list of versions in the right hand panel in open file dialog
	(this creates a branch in RCS).

2004-06-20    <vadim@vk.crocodile.org>

	* IPv4Dialog.cpp (DNSlookup): "DNS Lookup" button in the IP
	address dialog runs dns query for the name of the address object
	and if that fails, repeats query for the name of the host or
	firewall object this address belongs to. If address object is in
	the folder "Addresses", it does only one DNS lookup on its name.
	
2004-06-18    <vadim@vk.crocodile.org>

	* ObjectManipulator.cpp (ObjectManipulator): disabled ability to
	drop objects into groups in the tree. It was confusing and not
	really useful. Objects can still be dropped into a group opened in
	the editor dialog.

	* ObjectTreeView.cpp (dragObject): enabled dragging of all objects
	in the tree. It turns out, QListView will highlight multiple items
	in the tree in Extended selection mode when user drags mouse
	across items _and_ the first item they started cursor move on is
	not drag-enabled. So, to avoid this unexpected highlighting
	behavior, need to enable drag of all objects. We then make sure
	that system folder can not be dropped anywhere.

2004-06-16    <vadim@vk.crocodile.org>

	* Compiler_ops.cpp (checkForShadowing): fixed bug #906709: "A
	dynamic interface". Dynamic interface used to "shadow" old
	broadcast object (0.0.0.0)

	* OSConfigurator_linux24.cpp (configureInterfaces): fixed bug
	#912849: "Reorder activation of network interfaces in IPT" -
	script generated by the compiler for iptables sets default policy
	to DROP, flushes all rules and then reconfigures interfaces of the
	firewall (it used to reconfigure intefaces and then flush the rules).

	* IPv4Dialog.cpp (DNSlookup): Button "DNS lookup" in the IP
	address editor dialog does DNS lookup on the address object name
	if the object is located in the "Addresses" folder, or on the
	parent host object name if it belongs to an interface of a host or
	a firewall.

	* ObjectManipulator.cpp (moveObject): refactored "move object"
	functions and added debug printing. Trying to debug crash reported
	by one of the users.

2004-06-15    <vadim@vk.crocodile.org>

	* ObjectEditor.cpp (hide): checking if screen position for the
	dialog is 0,0 and not storing this value. This should help to work
	around a weird bug where screen position of dialogs sometimes is
	returned as 0,0 when GUI runs in Gnome.

	* Object names and comments are stored in the object file in UTF-8
	format. This allows for names and comments to be entered and
	displayed in local languages. Although object names can be
	localized, it is recommended to keep firewall names in plain ASCII
	because compilers do not support UTF-8 yet. This fixes very old
	bug #657156: "Special characters problem".

2004-06-13    <vadim@vk.crocodile.org>

	* init.cpp (init): the program uses reasonable default for the
	directory where user might want to save their data files on each
	OS. ( $HOME on Unix, $HOME/Documents on Mac,
	$USERPROFILE/Documents in windows)

	* ObjectManipulator.cpp (updateObjName): whenever user changes the
	name of a firewall, host or an interface object, the GUI asks
	whether they want to also rename all IP and MAC addresses that
	belong to that firewall or host. If user agrees to rename them,
	the program generates names automatically using scheme
	'host_name:interface_name:ip' and 'host_name:interface_name:mac'

2004-06-12    <vadim@vk.crocodile.org>

	* newHostDialog.cpp (selected): implemented "new host"
	wizard. User can choose to add interfaces manually or can use a
	library of predefined host object templates.

2004-06-10    <vadim@vk.crocodile.org>

	* PolicyCompiler_pf_writers.cpp (_printDstService): fixed a bug
	(no number) where fwb_pf would not include code defined by custom
	service object in the .conf file

2004-06-08    <vadim@vk.crocodile.org>

	* ObjectManipulator.cpp (copyObj): implemented multi-object and
	multi-rule copy/cut/paste operations

	* ObjectManipulator.cpp (moveObject): implemented "move object"
	operation - moves object to another library; operation is accessed
	via pull-down menu in the object tree.

2004-06-06    <vadim@vk.crocodile.org>

	* ObjectManipulator.cpp (groupObjects): added ability to select
	multiple objects in the tree. Currently the following operations
	are performed on multiple objects: delete, duplicate, group.

	* ObjectManipulator.cpp (groupObjects): operation of grouping of
	selected obejcts. User selects several objects in the tree and
	choses menu item "group" in the pull-down menu; the GUI brings up
	a dialog asking for the new group name and a library it should be
	put in. New group is created and all selected objects are
	automatically added to it when user hits "Create group" button.

2004-06-05    <vadim@vk.crocodile.org>

	* pixAdvancedDialog.cpp (accept): added "Installer" tab to the PIX
	firewall settings dialog

	* FWBSettings.cpp (getScreenPosition): checking if the window fits
	in the screen before restoring its geometry.

	* ObjectListView.cpp (dragObject): setting hot spot in the center
	of the object icon for drag and drop.

	* FWObjectPropertiesFactory.cpp (getObjectPropertiesDetailed):
	showing group members in tooltips and conflict resolution dialog

	* ObjectEditor.cpp (ObjectEditor): redesigned ObjectEditor
	class. All individual object editor classes are now inherited from
	QDialog and are top-level windows. Class ObjectEditor is just a
	manager that opens and hides appropriate dialog and manages its
	size and position on the screen. Geometry is remembered separately
	for each dialog for each object type, so we can have group object
	editor open wider than, say, IP service object editor. Each object
	editor has its optimal size.

	* pfAdvancedDialog.cpp (pfAdvancedDialog): yet another redesign of
	PF firewall settings dialog. Using individual checkboxes to
	enable/disable each "limit" and "timeout" option

	* ipt.cpp (main): all compilers do not create any files if there
	was an error during rule processing (not even empty ones)

2004-06-04    <vadim@vk.crocodile.org>

	* RuleSetView.cpp : Info window shows properties of an object
	selected in rules
	
	* RuleSetView.cpp (paintCell): added tooltips for objects in the
	policy view, using the same detailed properties text that is used
	for Info panel.

	* iptAdvancedDialog.cpp (accept): the actual command that
	installer should run on the firewall to activate the policy can
	now be specified in the "installer" tab of firewall settings
	dialog for all platforms. If this input field is left blank,
	installer will run firewall script, using sudo if user name used
	to authenticate to the firewall is not 'root'. On Windows,
	installer also does chmod +x on the file.

	* FWBSettings.cpp (setSSHPath): directory path and a file name for
	the secure file transfer and secure shell utilities can be
	configured in the Preferences (tab "SSH"). This allows for using
	of different SSH packages on Windows, as well as using SSH
	installed in a non-standard directory on Unix.

2004-06-03    <vadim@vk.crocodile.org>

	* ObjectTreeView.cpp (dragObject): standard folders in the tree
	can not be dragged into groups or rules and open/close on double
	click. Regular objects open editor on doubleclick.

	* ipt.cpp (main): compiler for iptables sets up PATH environment
	variable at the beginning of the generated script. This is
	particularly useful if policy is compiled on windows or mac for
	Linux firewall that runs unknown version of Linux, so we cant be
	sure where standard tools such as iptables, lsmod etc are
	located. Most systems place them in /sbin, but for example SuSe
	places iptables in /usr/sbin. If policy is compiled on one of the
	Linux systems, we assume generated script will run on the same
	system (which may not be true, btw), but if we compile on Windows,
	there is no way to know where these tools are located
	beforehand. In this case we need PATH. User can always override
	this behavior and specify full path to all tools explicitly.

2004-06-02    <vadim@vk.crocodile.org>

	* linux24.xml.in: changed "Linux 2.4" to "Linux 2.4/2.6" in all
	menu

	* iptAdvancedDialog.cpp (iptAdvancedDialog): removed "log all
	dropped packets" option from the firewall settings dialog for
	iptables. This option required p-o-m patch that has become
	obsoleted and is not included in p-o-m anymore.

	* FWWindow.cpp (install): when user hits "Install", the GUI checks
	if objects in the database were modified since policy of a
	firewall has been compiled last time. If existing policy file is
	older than the database, program offers the user to compile it
	before it is installed. There are options to recompile, install
	old copy or cancel the operation.

2004-05-31    <vadim@vk.crocodile.org>

	* RuleSetView.cpp: Added support for operations that act on
	multiple rules: setting rule color, moving to a different position
	in rule set, disabling/enabling, deleting. User can select
	multiple rules by dragging mouse across several rows in the column
	that shows rule numbers. Copy/Cut/Paste operations of multiple
	rules are not supported yet.


2004-05-29    <vadim@vk.crocodile.org>

	* RuleSetView.cpp (dragObject): implemented drag-and-drop of
	objects in the rules

	* utils.cpp (setDisabledPalette): all entry fields in the object
	editor are disabled if an object is read-only or is located in
	read-only library. Object editor is still opened for read-only
	objects, but since all fields are disabled, changes are not
	allowed. Opening object editor for read-only and standard objects
	allows for inspection of their properties.

	* FWWindow.cpp (load): file objects_init.xml does not include
	empty "User" library anymore. Instead, this library is created
	dynamically using method FWBTree::createNewLibrary when user
	creates new data file. This simplified things since 1) "User"
	library now has unique random ID in every data file so it can be
	safely exported and then imported back without any conflicts; 2)
	since its ID is unique, it can be renamed without creating any
	conflicts. The library is only created in FWWindow::load()
	(i.e. when new data file is created). It is not created when
	existing data file is loaded because it is supposed to be
	there. Old data files that still have this library with
	semi-standard ID will load it as before, but the ID loses its
	standard meaning.

2004-05-23    <vadim@vk.crocodile.org>

	* filePropDialog.cpp (filePropDialog): added "File properties"
	main menu item and dialog

	* debugDialog.cpp (debugDialog): added "debug" menu item under "Help"

2004-05-20    <vadim@vk.crocodile.org>

	* instDialog.cpp : built-in installer works with all supported
	firewall platforms: iptables, ipf, pf, ipfw and pix.
	
	* instDialog.cpp (instDialog): built-in installer reads list of
	files that policy compiler generated for a given firewall object
	("manifest") from the .fw file and installs them on the
	firewall. One file in the manifest needs to be marked as
	executable, installer runs it after all files are copied.

	* all policy compilers: all compilers include a list of files
	generated for a given firewall object ("manifest") in .fw file.

2004-05-18    <vadim@vk.crocodile.org>

	* RuleSetView.cpp (contextMenu): split long context menu that used
	to be shown when user clicked right mouse button on an object in a
	rule. Now this menu has only actions related to the object, while
	actions for the whole rule belong in the context menu shown when
	user clicks right mouse button on the rule number.

	* fr.po, ru.po: checked in updated French translation by
	Jean-Michel Poure and added some rudimentary Russian
	translation. Both translations are done in UTF-8. 

2004-05-15    <vadim@vk.crocodile.org>

	* init.cpp (init): define global var localepath that is
	initialized with a path to the directory where translation files
	(*.qm) are installed. This path is defined as $respath/locale on
	all systems (on Unix this typically is
	/usr/share/fwbuilder/locale, while on Windows and Mac it will be a
	subdirectory "locale" in the directory where the binary is
	installed)

2004-05-14    <vadim@vk.crocodile.org>

	* ColorLabelMenuItem.cpp (ColorLabelMenuItem): implemented RFE
	#725461: "Colors". Added ability to color-code rules in the
	policy. User can pick one of the 7 predefined colors (plus none)
	in the pop-down menu that appears when they right-mouse-click on
	the policy or NAT rule. Custom text can be associated with each
	color using a panel in the Preferences dialog, this text appears
	as a tool tip when user flies mouse cursor over color buttons in
	the pop-down menu.

2004-05-12    <vadim@vk.crocodile.org>

	* src/gui/ui: QT's ui translator uic creates code in this directory.
	This allows me to add generated files to the internationalization
	infrastructure (include in the .pot file). also added *.cpp files
	in src/gui/ui to cvs so translators can look at them to better understand
	context without having full QT development environment.

2004-05-09    <vadim@vk.crocodile.org>

	* PolicyCompiler_ipt.cpp (processNext): fixed bug #934949:
	"duplicate rules". fwb_ipt created duplicate rules for a bridging
	firewall if fw object or its interfaces or their addresses were
	not in the source or desintaion

2004-05-04    <vadim@vk.crocodile.org>

	* newFirewallDialog.cpp (accept): "new firewall" wizard can create
	a new firewall object using predefined templates from the file
	templates.xml (the file is a pat of the package and is installed
	in /usr/share/fwbuilder on Linux and in c:\FWBuilder\resources on
	Windows). User picks a template and the program creates a
	duplicate of the template object in the "User" object library. The
	wizard page where user picks template shows a diagram of the
	firewall configuration that illustrates its interfaces, their
	configuration and addresses. Comment text associated with template
	object explains its specific properties and is shown on the page
	as well.

2004-05-02    <vadim@vk.crocodile.org>

	* templates.xml.in : a library of firewall object templates. This
	library is a part of the distribution and is installed in
	${prefix}/share/fwbuilder on Linux and BSD and in
	C:FWBuilder/resources on windows (the same dir where standard
	objects are installed). This library is not loaded by default
	though.
	
	* listOfLibraries.cpp (listOfLibraries): Added a page to the
	preferences dialog to manage add-on libraries. The GUI maintains a
	list of available add-on libraries and allows user to define which
	ones will be automatically loaded when the GUI is started. The
	program always adds "standard" and "templates" libraries to the
	list, then scans directory $HOME/.fwbuilder/lib/ (
	C:\FWBuilder\lib on windows) and adds all .fwb files found there
	to the list. It stores list of libraries in the user's preferences
	together with a boolean flag that is set if a library should be
	loaded on a start-up. Library added using main menu "Import
	Library" is also added to the list so the user can make the
	program load it automatically.

2004-04-29    <vadim@vk.crocodile.org>

	* Makefile.in: Added support for internationalization.  Using
	gettext 0.14.1. This is the first version where support for QT
	lanuage files is available, but it is not available in RedHat or
	other Linux distributions yet. Therefore had to copy some m4 macro
	colelctions from example to directory 'm4', as well as copied a
	Makefile.in and script remove-potcdate.sin to directory 'po'. New
	version of xgettext recognizes standard QT localization method
	tr() and can generate usual .pot files from strings used with
	it. The nwe msgfmt can generate .qm files from translated .po
	files.
		

2004-04-25    <vadim@vk.crocodile.org>

	* instDialog.cpp (cmd): this method can be used whenever we need
	to execute several commands on the firewall sequentially.

	* (instDialog): install dialog hides incremental install options
	if 'diff' program can not be found (perhaps compiler that comes
	with it is not installed)

	* instDialog2.cpp (PIXincrementalInstall): integrated with
	fwb_pix_diff
	* instDialog2.cpp (PIXbackup): implemented function that stores
	backup copy of firewall configuration in a file

2004-04-18    <vadim@vk.crocodile.org>

	* findDialog.cpp (find): 'find object' function is implemented by
	means of an external modeless dialog that allows for searching in
	the tree and or policy rules and supports matching with regular
	expressions.

	* newFirewallDialog.cpp (getInterfacesViaSNMP): 'new firewall'
	wizard can discover interfaces using SNMP. Finished work on the
	page where user can arrange interfaces according to their security
	levels.

2004-04-15    <vadim@vk.crocodile.org>

	* newFirewallDialog.cpp (accept): added 'new firewall'
	wizard. Still need to work on the page where user sets security
	levels of interfaces.

2004-04-14    <vadim@vk.crocodile.org>

	* VERSION (BETA): added a variable in the VERSION file that
	designates code revision as beta and stores beta testing period
	expiration time (+30 days). Currently only About dialog shows this
	time, but in the future I may make the program disable itself if
	it is used past this time. The released version won't have this
	limitation. This can be used to prompt people to upgrade, so I do
	not have to support old versions.

2004-04-11    <vadim@vk.crocodile.org>

	* FWBSettings.cpp (restoreGeometry): added ability for dialogs to
	automatically remember and restore their geometry (size and
	relative position on the screen). Currently only main window, conflict
	resolution dialog and object editor dialogs do this. Geometry is
	stored in preferences. Main window comes up with a default geometry
	100,100,750,600 (x,y,w,h) when no geometry is found in settings.

2004-04-10    <vadim@vk.crocodile.org>

	* FWWindow.cpp (ConflictResolutionPredicate): implemented conflict
	detection and resolution for the "merge" operation. The same
	mechanism works for "open file" since it is also based on
	merge. When there is a conflict during merge, the program opens a
	dialog and asks the user which copy of the object they want to
	keep.

2004-04-09    <vadim@vk.crocodile.org>

	* instDialog3.cpp (stateMachineSSHSUDO): builtin installer works
	with Linux/BSD systems using combination of ssh on the client side
	and sudo on the firewall. User provides a password for
	authentication and the program logs in into the firewall as that
	user, copies firewall script to "/etc/fw" (directory path is
	hardcoded), then executes it using sudo. Sudo should be configured
	for this user or group she belong to to be able to execute this
	script as root with no password.

2004-04-08    <vadim@vk.crocodile.org>

	* instDialog.cpp (instDialog): added universal (hopefully) policy
	installer program. The program uses ssh in a background on both
	Unix and Windows (on Windows it requires putty/plink) to
	communicate with the firewall. Currently only supports PIX but I
	will add Linux/BSD later. Installer GUI asks user for a password.

2004-04-07    <vadim@vk.crocodile.org>

	* RuleOptionsDialog.cpp (loadFWObject): added rule options dialog
	for ipt

2004-04-06    <vadim@vk.crocodile.org>

	* FWWindow.cpp (search): implemented advanced search method that
	finds and highlights objects both in the tree and in any rule of
	any firewall. This resolves problem outlined in Feature Request
	#837448: '"Where used" only shows fw objects'

2004-04-04    <vadim@vk.crocodile.org>

	* FWWindow.cpp (save): implemented saving data file without making
	copies of objects in the 'Standard' library (Feature Request
	#810504). This feature is considered experimental and is off by
	default. An option in Preferences dialog activates it.

	* FWWindow.cpp (load): All load is done via merging of the loaded
	file with a standard object tree. Now we can load files saved
	without copies of unused standard objects.

	* FWWindow.cpp (fileImport): implemented data import. Using method
	FWObjectDatabase::merge to merge imported data with current object
	tree. Only object IDs are compared, so modified standard object in
	the imported file will be ignored and its changes will be lost.

2004-04-03    <vadim@vk.crocodile.org>

	* export.cpp (exportLibrary): Implemented library export

	* StartWizard.cpp (StartWizard): added simple startup wizard that
	asks user if they want to open existing file or create a new
	one. It also sets some useful preferences such as adds new file to
	RCS and makes the program automatically open it when it is started
	next time.

	* OSConfigurator_linux24.cpp (generateCodeForProtocolHandlers):
	Fixed bug #956544: "Error into load modules script generation",
	where generated script would not load kernel modules with names
	"module.ko.gz". Regular expression should match on ".ko.*$" to
	find these modules properly. Thanks to Andrey Kaminsky
	<and@fao.lv> who pointed this out.

	* RuleSetView.cpp (doubleClicked): double-clicking on an object in
	the policy rule opens that object in the editor

2004-04-02    <vadim@vk.crocodile.org>

	* ObjectManipulator.cpp (ObjectManipulator): using combobox widget
	instead of a tab widget for libraries. This way we can fit more
	libraries without making interface cluttered.

2004-03-31    <vadim@vk.crocodile.org>

	* ipt.cpp (main): the GUI saves path to the DTD and resources in
	user's settings using QT QSettings class. Policy compilers and
	other tools can read this setting to quickly determine location of
	DTD and resources.

2004-03-29    <vadim@vk.crocodile.org>

	* getting rid of STL classes in the GUI. The idea is to make GUI
	use QT classes in most of the code and use STL classes such as
	'string', 'map', 'list' where it has to pass data to and from API
	which is STL-based. This should simplify using QT compiled without
	STL support (much less conversions between string and QString).

2004-03-28    <vadim@vk.crocodile.org>

	* main.cpp (main): the data file can be specified on a command
	line both as an argument for option '-f' and after all
	options. Option '-f' is preserved for compatibility with old
	versions. Preferred method is to specify the file name as a
	parameter without any option: "fwbuilder file.fwb"

2004-03-27    <vadim@vk.crocodile.org>

	* platforms.cpp (getVersionsForPlatform): usability improvement:
	"combo boxes" that do not allow typing in them should not have
	empty choices. Fixed this for a drop-down menu of version numbers
	in firewall dialog.

2004-03-26    <vadim@vk.crocodile.org>

	* RuleSetView.cpp (insertRule): counting rules from zero in the GUI

	* (RuleSetView): this is not a change, I just wanted to document
	that I tested the GUI with a policy that has 1000 rules. I haven't
	noticed any delay in loading this policy compared with when it had
	<100 rules.

2004-03-25    <vadim@vk.crocodile.org>

	* FWWindow.cpp (fileSaveAs): gui automatically chooses working dir
	if none is set and user calls 'file save as' menu item :
	 * on Unix will use current dir.
	 * on Windows will use user's document dir.

	* NATCompiler_ipt.cpp (processNext): added a workaround for a bug
	(no number): if address range object was used in SNAT or DNAT rule
	and option 'manage virtual addresses' was on, compilerwould not
	add virtual address properly. It still won't do it, but at least
	there is a check for this situation and it prints appropriate
	warning message. The problem with this is that if the range is
	large, we end up with potentially lots of virtual addresses. Let
	the user deal with this themselves.

	* ipt.cpp: compiler(s) understand new command line option '-R',
	which should specify a full path to the resources. This is useful
	on Windows and Mac where resources are installed in a non-fixed
	place by the GUI package, but need to be used by the compilers.

2004-03-24    <vadim@vk.crocodile.org>

	* ObjectManipulator.cpp (contextMenu): each system group object in
	the tree has an item in its pop-down menu that allows user to
	quickly add an object to that group.

	* IPv4Dialog.cpp (DNSlookup): added ability to determine IP
	address of an Address object using DNS lookup (using QDns class)

	* FWBSettings.cpp (FWBSettings): explicitly setting scope for
	QSettings as "User"

2004-03-22    <vadim@vk.crocodile.org>

	* ObjectManipulator.cpp (addTreePage): added attribute 'ro' to all
	elements in DTD (see API). This provides for a way of locking down
	parts of the tree.

	* ObjectManipulator.cpp (addTreePage): read-only subtrees are
	marked with an icon of a lock and text 'read-only'
	
	* objects_init.xml : standard objects tree is now read-only. User
	objects can not be moved into 'standard' tree and standard objects
	can not be edited but can be duplicated (a copy is automatically
	created in the first user-defined library, most often it is a
	library 'User')

	* FWWindow.cpp (install): GUI supplies a path to the firewall
	object as a parameter to installation script rather than just its
	name (as before). This is because the path has changed when
	library element has been added. Changes made in the GUI (send path
	instead of name) and in fwb_install script (to make it interpret
	path).

2004-03-21    <vadim@vk.crocodile.org>

	* pixosAdvancedDialog.cpp (pixosAdvancedDialog): 'advanced host
	settings' dialog for PIX

	* RuleSetView.cpp (contentsMousePressEvent): selectedObject is
	chosen in mouse press and key press even handlers; got rid of
	currentChanged slot all together. This eliminated flicker that was
	caused by extra repaint of the cell when selected object was
	chosen in currentChanged slot.

2004-03-20    <vadim@vk.crocodile.org>

	* DialogData.cpp (DialogOption): universal class to load and save
	data in dialogs

	* pixAdvancedDialog.cpp (pixAdvancedDialog): 'advanced' firewall
	options dialog for PIX. Implemented tabls 'Compiler options',
	'Prolog/Epilog', 'Timeouts' and partially 'Fixups'. Fixup pages
	are disabled using resource string that defines which fixups are
	available in certain PIX version.

	* FirewallDialog.cpp (openFWDialog): firewall dialog saves version
	from the widget to the object before opening 'advanced' firewall
	options dialog. This is a departure from the dialog logic where
	all data is stored when user clicks 'Apply changes' button. 

2004-03-19    <vadim@vk.crocodile.org>

	* FWBSettings.cpp: added support for an "object autosave" option
	(automatic saving of changes in dialogs while switching between
	objects)

	* RuleSetView.cpp (insertRule): added main menu items "insert
	rule" and "add rule after current"

	* RuleSetView.cpp (contextMenu): added pop-up menu items for
	adding, removing and moving rules up and down, as well as standard
	copy/cut/paste operations on moves. Similar menu items added to
	the main menu.

	* RuleSetView.cpp (paintCell): implemented double-buffering in
	paintCell to improve performance and remove flickering

2004-03-17    <vadim@vk.crocodile.org>

	* FWBSettings.cpp: saving the size of the info window in settings

	* RCSFileDialog.cpp (RCSFileDialog): 'open file' dialog
	automatically looks for files in the working directory configured
	in a global preferences dialog.

	* main.cpp (main): added a global setting "startup action" in
	Preferences. Currently two actions are available: "load standard
	objects" and "load last edited file".

	* FWBSettings.cpp (FWBSettings): a specialized wrapper for
	QSettings. I will be adding methods to this class to simplify
	access to whatever global program preferences and options I
	need. Currently it supports 'working dir' and 'info window style'
	settings. Settings are stored in a platform-depended way as
	QSettings does it.

2004-03-16    <vadim@vk.crocodile.org>

	* NATCompiler_ipt_writers.cpp (_printOPorts): minor bugifx - fixed
	typo ( '==' -> '=' )

	* ObjectEditor.cpp (closeEvent): object editor checks for
	modifications before closing if user closes it using window
	manager buttons.

	* FWWindow.cpp (unselectRules): the main window maintains single
	selection across objects in the tree and in the policy
	view. Selecting an object in the tree automatically unselects
	object in the policy and vice versa. Now I can implement
	copy/cut/paste functions driven by the main menu; these operations
	will work on the currently selected object either in the tree or
	in the policy.

	* FWWindow.cpp (editCut): copy/cut/paste operations work between
	the tree and policy views using both context menus and main
	menu.

	* ipt.cpp: output stream is created with a mode ios::binary on
	Windows

	* RCS.cpp (isDiff): having problems with rcsdiff.exe in windows,
	for now will assume that the file always changes and needs checkin
	comment.

2004-03-15    <vadim@vk.crocodile.org>

	* RCS.cpp (co): using windows-specific functions to create a
	temporary file for the file checkout

	* global.h: added redefinition of macro assert to be able to use
	it on windows where we compile without debugging info. (the reason
	I do not build Debug version on win32 is because I use precompiled
	libraries libxml2 etc that are built using Release CRT, and I
	can't mix different runtimes).

	* RCS.cpp (co): GUI makes sure that if the file has been opened
	and locked by a user, another user can only open it read-only. The
	same user has a choice of opening it read-only or read-write. The
	latter case is useful in case of a program crash that leaves
	opened files in the locked state.

	* RCS.cpp (co): added ability to open older revision of the file
	read-only. Requested revision is checked out into temporary file,
	which is then loaded and immediately deleted. The object tree is
	locked read-only and 'save' and 'save as' operations are disabled.

2004-03-14    <vadim@vk.crocodile.org>

	* RCS.cpp (add): using "rcs -i -kb" to add a file to RCS, this
	should help avoid extra CR in the file while working on windows
	because it makes RCS use binary mode while working with the file.

2004-03-13    <vadim@vk.crocodile.org>

	* ObjectManipulator.cpp: GUI redesign: switched to a single window
	design. Object manipulation happens inside three classes:
	ObjectManipulator (the tree widgets and algorithms), ObjectEditor
	(a stack of editor widgets and a glue logic), obejct info browser
	(class QTextBrowser). Object editor appears as a non-modal dialog
	when user double-clicks an object in the tree. Single click
	updates data in the info window but does not open the
	editor. Objects can be selected in the tree in any supported way -
	keyboard arrows, keyboard shortcuts, hitting the first letter of
	the objects's name, mouse click. In any case, appropriate object
	is selected and info window is updated with its attributes.

	Info window has three modes: collapsed (there is no info window),
	showing only comment attrbibute and showing brief summary of
	object's parameters and a comment. User can switch between modes
	using a button located on the main window panel directly under the
	info widget.
	
2004-03-12    <vadim@vk.crocodile.org>

	* build environment is based on qmake: file qmake.inc is included
	from qmake project files in all subdirectories. File qmake.inc
	defines all variables for all platforms, so project files in
	subdirs only add lists of files and take care of exceptions. File
	qmake.inc is generated by configure, but all substitutions are
	only needed for Unix and Mac. This file is checked in to cvs so it
	could be used on Windows without a need to run configure.

	All qmake project files in subdirectories need no substitutions
	by configure, so they all are checked in to cvs and can be used on
	windows right away.

	Qmake project files fwbuilder2.pro and src/src.pro use template
	'subdirs' and make qmake descent into subdirectories and rebuild
	projects there.
	
	Now using qmake to generate Makefile and MSVC project files in
	src/fwblookup, src/fwbedit, src/ipt. Makes it easier to generate
	consistent MSVC projects without having to edit them manually.
 
	resource files (src/res/*.xml and src/res/*/*.xml) are generated
	by configure, however, since substitutions made in them are only
	relevant on Unix and Mac, generated files are checked in to cvs so
	they can be used on windows without running configure.

	No need to run configure (or autogen.sh) on Windows anymore.

	To build on Unix and Mac:
	 $ autogen.sh
	 $ make
	 $ make install

	To build on windows:

	run qmake, then make in the root dir. of the project
	Open fwbuilder2.dsw in MSVC and rebuild all
	
	* NATCompiler_ipt.cpp, PolicyCompiler_ipt.cpp and others in
	src/ipt: code cleanup. Removed all unused variables and added
	handling for 'default' case in switch operators.


	
2004-03-10    <vadim@vk.crocodile.org>

	* FWWindow.cpp (compile): implemented main menu items "Rules/compile"
	and "Rules/install". Still need to add toolbar buttons though.

	* execDialog.cpp (execDialog): a dialog for a background execution
	of external commands. This class is used to call external policy
	compilers and installer scripts. Uses QT class QProcess.

	* ipt.cpp: transfered compiler for iptables over to fwb2. Only
	minor changes: new file name schema (*.h, *.cpp); proper choice of
	the directory where resource files are located; eliminated last
	dependencies on glib

2004-03-09    <vadim@vk.crocodile.org>

	* iptAdvancedDialog.cpp (accept): firewall settings dialog saves
	all data in the object.

2004-03-07    <vadim@vk.crocodile.org>

	* iptAdvancedDialog.cpp (iptAdvancedDialog): firewall settings
	dialog for iptables. Saving of the data back in the firewall
	object is not implemented yet.

	* DialogFactory.cpp (createDialog): DialogFactory: class that
	creates dialogs for all object types.

	* FWBTree.cpp (FWBTree): refactored code: all methods that enforce
	our standard tree structure now belong to the class FWBTree

	* TimeDialog.cpp (applyChanges): added dialog for the Time
	interval object.

2004-03-06    <vadim@vk.crocodile.org>

	* GroupObjectDialog.cpp (setupPopupMenu): added pop-up menu in the
	group view (both icon and list modes) with oprations
	copy,cut,paste and delete.

	* all dialogs: object is moved from library to library when user
	clicks 'apply changes' (before it would move immediately when the
	library was changed in the pop-down menu).

	* CustomServiceDialog.cpp (loadFWObject): added dialog for the
	Custom Service object

2004-03-05    <vadim@vk.crocodile.org>

	* PropertyEditor.cpp (copyObj): added pop-up menu to object tree
	view; implemented functions 'duplicate', 'copy', 'cut', 'paste'

2004-03-04    <vadim@vk.crocodile.org>

	* ObjectTreeView.cpp (contentsMouseReleaseEvent): objects in the
	tree are selected with double-click. 


2004-03-03    <vadim@vk.crocodile.org>

	* RuleSetView.cpp (getRE): added platform capabilities check for
	columns 'Time' and 'log/options' in policy views

	* RuleSetView.cpp (dragMoveEvent): support for d&d of Time objects

2004-03-02    <vadim@vk.crocodile.org>

	* InterfaceDialog.cpp (loadFWObject): added dialog elements for
	interface security level, 'external' checkbox, network zone.

	* RCS.cpp (isDiff): added a wrapper for rcsdiff in RCS class

2004-02-29    <vadim@vk.crocodile.org>

	* PropertyEditor.cpp (createObject): properly creating interfaces
	and addresses for the firewall object

	* further testing and improvements in RCS integration

2004-02-28    <vadim@vk.crocodile.org>

	* FWWindow.cpp (load): file can be opened with or without RCS, a
	head revision or any specific revision, read-write or
	read-only. File name, revision number and read-only status is
	displayed on the main window's title bar.

	* FWWindow.cpp (load): added ability to open data files read-only

	* RCS.cpp (RCS): refactored the code, made class RCS a wrapper for
	the command-line rcs tools. It should be possible to use the same
	or similar interface for other version control system if needed.

2004-02-26    <vadim@vk.crocodile.org>

	* RCSFilePreview.cpp (showFileRLog): Open File dialog shows RCS
	revisions of the chosen file in a preview panel. Added button "add
	to RCS" that allows user to add selected file to RCS right from
	the "open file" dialog. Added elements for opening file read-only
	and with or without locking (but these functions have not been
	implemented yet).

2004-02-23    <vadim@vk.crocodile.org>

	* RCS.cpp (rlog): class RCS provides simple integration with
	RCS. Uses portable functions provided by QT to call external RCS
	programs.

	* configure.in: added checks for external RCS programs ci, co,
	rlog.
	
2004-02-22    <vadim@vk.crocodile.org>

	* FWWindow.cpp: added basic integration with RCS. Every time a
	data file is opened, it is checked out from RCS and locked. If the
	file has not been added to RCS, an initial checkin is performed
	with a generic comment. Every time an opened file is saved (using
	"save" or "save as" menu), it is checked in and kept in a locked
	state. A new menu item "File/Close" has been added; this menu item
	checks the file in and removes lock (does 'ci -u') so other users
	can work on it, then it reopens a standard objects database in the
	GUI. Opening a file while another file is already opened in the
	GUI causes the latter to be closed (checked in and lock removed)
	and a new one opened as described above.

	still TODO: add a dialog to ask the user for a checkin comment
	text. Add a global option "Use RCS" so that using version control
	is optional. Test the whole thing on Windows.
	
2004-02-16    <vadim@vk.crocodile.org>

	* PropertyEditor.cpp (PropertyEditor): added dialogs for
	interface, MAC address, network, address range and other objects.

	* FWObjectDrag.h: implemented custom drag class FWObjectDrag; all
	widgets dynamically check if the object being dragged can be
	dropped in them. User can drag objects from the tree into groups
	and rules, as well as from a group into the tree.

2004-02-08    <vadim@vk.crocodile.org>

	* IPServiceDialog.cpp (libChanged): implemented gui elements and
	support for moving objects between libraries.

2004-01-20    <vadim@vk.crocodile.org>

	* added dialog for object IPv4. This object can now be created in
	a standard place in the tree in a group Objects/Addresses as well
	as as a child object of interface (as before in fwbuilder 1). This
	allows for using object IPv4 as an abstract for an IP address
	which is simpler than using a Host object.
	
2004-01-04    <vadim@vk.crocodile.org>

	* GroupObjectDialog.cpp: Experiment: user and standard object tree
	views have different background colors. This provides simple
	visual clue of what library the object shown in the editor panel
	belongs to. This is especially useful if a standard object is
	referenced from the user defined group and user opens it; in this
	case the tree switches from user-defined objects to the standard
	onces but this switch may not be evident from the first glance,
	thus user loses context and may be confused why his objects
	apparently have gone away.

2004-01-03    <vadim@vk.crocodile.org>

	* PropertyEditor.cpp (PropertyEditor): property editor has window
	type "dialog" and always stays on top of the main
	window. Implemented simple history feature for the object
	navigation and added a button "Back" to the toolbar.

	* GroupObjectDialog.cpp (loadFWObject): group object dialog can
	now show group contents as a set of icons or as a list; switching
	between two modes is done using toggle buttons a-la file list
	modes in the "open file" dialog.

	* PropertyEditor.cpp (loadObjects): merged object tree and object
	property editor in one dialog.

2003-12-20    <vadim@vk.crocodile.org>

	* main.cpp (main): resources and preferences files can now be
	found dynamically, using a full path to the directory the binary
	has been launched from. The RES_DIR macro defined in config.h
	now specifies relative path to the resource files starting from
	the application root dir. If program is installed in
	/usr/local/bin, then the application root is "/usr/local" and
	resources should be located in /usr/local/$RES_DIR directory.

