Release Notes: This release adds the 'hc' option to build rules in 'rr' mode and arrange the most hit new rules at the top. Beware: hit count rules are not 100% reliable at present. Hit counts can be multiplied for multi IP objects. 'cl' mode rules now use the original global rule number instead of incrementing it by 1. The defaults have been changed slightly, and a 'log' defaults option added. This release fixes a bug in 'load' mode trying to load files from '.', and Checkpoint rules that are not logged with a rule number are handled now.
Release Notes: This release adds the 'cl' option to clean/filter original rules, in 'rr' mode, and allows output of service priority rules as well as the original dst src priority rule build. The 'rr' mode menu has been simplified further. Starting the script without any options now starts load mode to add at least one config. This release fixes a bug in the 'any' object matching, any should now be matched from logs. The rashfilter hash tree format has been changed to match the order of the other rule processing hashes: mergebase, filterbase, and rulegroups; this should reduce memory use slightly.
Release Notes: This release adds Cisco ASA 8.3+ object NAT to the cisco reader for static and dynamic NAT. Network objects, ranges, and IPs are translated. Running the script with "--help" or "-h" or "h" prints the simple help screen. Two new options have been added to the "rr" mode filters, to allow encryption rules from the "merge from" and "merge to" rulebases to be used to mask later rules in the merge from rulebase. Connectivity matches output during "rr" mode filtering are now listed using the source configuration bundle object names instead of the binary CIDR IP's. This release resolves the menu infiniteloop issue.
Release Notes: This release resolves many of the problems with the filter sections; as many of the undefined warnings as the author could find are now fixed. Both the specific and the subnet 'rr' mode filter sections have been upgraded to fix many of the issues related to combining various filter mode types, and as a result, the filters behavior should be much more predictable. The Cisco and od output section definitions now print service defs for all defined prototypes.