RSS All releases tagged Stable

  •  06 Jun 2013 00:17
Avatar

Release Notes: This release fixes netscreen group name translation bugs. Empty groups are not matched in build_rules subs. Comments are output in 'set name' statements in policy id mode for netscreen rulebases. Netscreen rule 'name' strings are added with rule descriptions, and net ranges are translated as ranges. Some default services have been updated with a few new services definitions. 'rr' mode 'nat' defaults have been added, the same as 'yes' defaults with CIDR filter NAT translations switched on.

Release Notes: This release fixes rulebase output bugs when using the 'cl' option in 'rr' mode. Netscreen rulebase numbers now output usable rule numbers in 'cl' rulebases. The ctrl-c panic when reading logs is fixed. 'rr' mode 'log' defaults now switch off 'Any' rule to object and service object resolution. New 'rr' mode 'res' defaults now switch on most resolution and matching options.

Release Notes: This release adds the 'hc' option to build rules in 'rr' mode and arrange the most hit new rules at the top. Beware: hit count rules are not 100% reliable at present. Hit counts can be multiplied for multi IP objects. 'cl' mode rules now use the original global rule number instead of incrementing it by 1. The defaults have been changed slightly, and a 'log' defaults option added. This release fixes a bug in 'load' mode trying to load files from '.', and Checkpoint rules that are not logged with a rule number are handled now.

Release Notes: This release adds the 'cl' option to clean/filter original rules, in 'rr' mode, and allows output of service priority rules as well as the original dst src priority rule build. The 'rr' mode menu has been simplified further. Starting the script without any options now starts load mode to add at least one config. This release fixes a bug in the 'any' object matching, any should now be matched from logs. The rashfilter hash tree format has been changed to match the order of the other rule processing hashes: mergebase, filterbase, and rulegroups; this should reduce memory use slightly.

Release Notes: This release permits you to to choose the types of rules and which rule actions to include in the rule rationalization mode. Both the 'merge from' and 'filter' rulebases rule types can be chosen. The 'rr' mode rule unwrap code has been optimized.

Release Notes: This release adds Cisco ASA 8.3+ object NAT to the cisco reader for static and dynamic NAT. Network objects, ranges, and IPs are translated. Running the script with "--help" or "-h" or "h" prints the simple help screen. Two new options have been added to the "rr" mode filters, to allow encryption rules from the "merge from" and "merge to" rulebases to be used to mask later rules in the merge from rulebase. Connectivity matches output during "rr" mode filtering are now listed using the source configuration bundle object names instead of the binary CIDR IP's. This release resolves the menu infiniteloop issue.

Release Notes: This release fixes many of the bugs in the Cisco reader and writer sections. Cisco configurations can now be processed, written, re-read, processed, and written again cyclically. Access lists using proto groups, specifying only protocol details or using "ip/any" services, are now handled. Protocol group objects are written and used in rules for service groups with many different protocol types specified within them. "port-objects" are read in service objects, service groups, and protocol groups alike. The Cisco "echo" default service has been updated to remove TCP and UDP from its listed ports.

Release Notes: This release resolves many of the problems with the filter sections; as many of the undefined warnings as the author could find are now fixed. Both the specific and the subnet 'rr' mode filter sections have been upgraded to fix many of the issues related to combining various filter mode types, and as a result, the filters behavior should be much more predictable. The Cisco and od output section definitions now print service defs for all defined prototypes.

Release Notes: This release resolves Cisco ICMP default services without printing stringified hash references in the cs output sections. Cisco network and range objects are listed as such in object-groups instead of as hosts. The Cisco output writer uses 'object' in access-lists instead of IP NM, as well as listing range objects using 'range' in access lists as well as groups. The NAT translation now supports SRC NAT translation for known network objects in rr mode filters.

Release Notes: This release adds NAT capabilities to the Cisco ASA reader. "static" NAT IP IP NM and access-list statements are now added the NATs table, and policy NAT rules are identified. The < and > range identifiers used in ports are now stripped before printing Netscreen policies in rr mode. Some of the "undefined" warnings have been resolved.

Screenshot

Project Spotlight

Bible-Discovery

Bible study and concordance software.

Screenshot

Project Spotlight

le editor

Text editor with powerful block operations, similar to NE.