Summary: A firewall daemon with D-BUS interface providing a dynamic firewall

Name: firewalld

Version: 0.3.9

Release: 14%{?dist}

URL: http://fedorahosted.org/firewalld

License: GPLv2+

Group: System Environment/Base

Source0: https://fedorahosted.org/released/firewalld/%{name}-%{version}.tar.bz2

%if 0%{?fedora} > 17

Patch0: firewalld-0.2.6-MDNS-default.patch

%endif

Patch1: firewalld-0.3.9-RHBZ#1054270_36a54c11.patch

Patch2: firewalld-0.3.9-RHBZ#1054289_80946eb1.patch

Patch3: firewalld-0.3.9-RHBZ#1054289_48b6c1b7.patch

Patch4: firewalld-0.3.9-RHBZ#1054289_5043e7d8.patch

Patch5: firewalld-0.3.9-RHBZ#1054289_0f23c071.patch

Patch6: firewalld-0.3.9-RHBZ#1054289_91e32f1c.patch

Patch7: firewalld-0.3.9-RHBZ#1054415_7f1f7e79.patch

Patch8: firewalld-0.3.9-RHBZ#1057628_c01ec3db.patch

Patch9: firewalld-0.3.9-RHBZ#1057629_2dc9c4ab_9c56a72b.patch

Patch10: firewalld-0.3.9-RHBZ#1057684_b77b00ba.patch

Patch11: firewalld-0.3.9-RHBZ#1058339_b2b5b88c.patch

Patch12: firewalld-0.3.9-RHBZ#1064386_2f435f7a_b270c289_89e03476.patch

Patch13: firewalld-0.3.9-RHBZ#1058853_85f0beed.patch

Patch14: firewalld-0.3.9-RHBZ#1058791_d4779272_ffc70ef5_a9770f96.patch

Patch15: firewalld-0.3.9-RHBZ#1064401_96bb6f2a.patch

Patch16: firewalld-0.3.9-RHBZ#993740_3f1b42f3.patch

Patch17: firewalld-0.3.9-RHBZ#993782_d545084d.patch

Patch18: firewalld-0.3.9-RHBZ#1030330.patch

Patch19: firewalld-0.3.9-RHBZ#1067639_d6b16d44.patch

Patch20: firewalld-0.3.9-RHBZ#1067652_59b0e97a.patch

Patch21: firewalld-0.3.9-RHBZ#1068148_2afef77d.patch

Patch22: firewalld-0.3.9-RHBZ#1059800.patch

Patch23: firewalld-0.3.9-RHBZ#1070683_80d94d0_86539a2.patch

Patch24: firewalld-0.3.9-RHBZ#993655.patch

Patch25: firewalld-0.3.9-RHBZ#993650.patch

Patch26: firewalld-0.3.9-RHBZ#994044.patch

Patch27: firewalld-0.3.9-RHBZ#1048119.patch

Patch28: firewalld-0.3.9-RHBZ#1057095.patch

Patch29: firewalld-0.3.9-RHBZ#1075675.patch

Patch30: firewalld-0.3.9-RHBZ#1097765.patch

Patch31: firewalld-0.3.9-RHBZ#1111573.patch

Patch32: firewalld-0.3.9-RHBZ#1135634.patch

Patch33: firewalld-0.3.9-RHBZ#1097841.patch

Patch34: firewalld-0.3.9-RHBZ#1099065.patch

Patch35: firewalld-0.3.9-RHBZ#1127706.patch

Patch36: firewalld-0.3.9-RHBZ#1120212.patch

Patch37: firewalld-0.3.9-RHBZ#1112742.patch

Patch38: firewalld-0.3.9-RHBZ#1058794.patch

Patch39: firewalld-0.3.9-RHBZ#1061809.patch

Patch40: firewalld-0.3.9-RHBZ#993650_add.patch

Patch41: firewalld-0.3.9-RHBZ#1127706_add.patch

Patch42: firewalld-0.3.9-RHBZ#993650_add2.patch

Patch43: firewalld-0.3.9-RHBZ#1057095_add.patch

Patch44: firewalld-0.3.9-RHBZ#994479.patch

Patch45: firewalld-0.3.9-RHBZ#1122739,1128563.patch

Patch46: firewalld-0.3.9-RHBZ#1142741.patch

Patch47: firewalld-0.3.9-RHBZ#1150656.patch

Patch48: firewalld-0.3.9-RHBZ#1150659.patch

Patch49: firewalld-0.3.9-RHBZ#1161745.patch

Patch50: firewalld-0.3.9-RHBZ#1164605.patch

Patch51: firewalld-0.3.9-RHBZ#1176813.patch

Patch52: firewalld-0.3.9-RHBZ#1182671.patch

Patch53: firewalld-0.3.9-RHBZ#1183008.patch

Patch54: firewalld-0.3.9-RHBZ#1183688.patch

Patch55: firewalld-0.3.9-RHBZ#1194382.patch

Patch56: firewalld-0.3.9-RHBZ#1206490.patch

Patch57: firewalld-0.3.9-RHBZ#1217678.patch

Patch58: firewalld-0.3.9-RHBZ#1261502.patch

Patch59: firewalld-0.3.9-RHBZ#1254531.patch

BuildArch: noarch

BuildRequires: desktop-file-utils

BuildRequires: gettext

BuildRequires: intltool

# glib2-devel is needed for gsettings.m4

BuildRequires: glib2, glib2-devel

BuildRequires: systemd-units

BuildRequires: docbook-style-xsl

BuildRequires: libxslt

Requires: dbus-python

Requires: python-slip-dbus

Requires: python-decorator

Requires: pygobject3-base

Requires: iptables, ebtables

Requires(post): systemd

Requires(preun): systemd

Requires(postun): systemd

%description

firewalld is a firewall service daemon that provides a dynamic customizable 

firewall with a D-BUS interface.

%package -n firewall-applet

Summary: Firewall panel applet

Group: System Environment/Base

Requires: %{name} = %{version}-%{release}

Requires: firewall-config = %{version}-%{release}

Requires: hicolor-icon-theme

Requires: gtk3

Requires: pygobject3-base

%description -n firewall-applet

The firewall panel applet provides a status information of firewalld and also 

the firewall settings.

%package -n firewall-config

Summary: Firewall configuration application

Group: System Environment/Base

Requires: %{name} = %{version}-%{release}

Requires: hicolor-icon-theme

Requires: gtk3

Requires: pygobject3-base

%description -n firewall-config

The firewall configuration application provides an configuration interface for 

firewalld.

%prep

%setup -q

%if 0%{?fedora} > 17

%patch0 -p1

%endif

%patch1 -p1 -b .RHBZ#1054270_36a54c11

%patch2 -p1 -b .RHBZ#1054289_80946eb1

%patch3 -p1 -b .RHBZ#1054289_48b6c1b7

%patch4 -p1 -b .RHBZ#1054289_5043e7d8

%patch5 -p1 -b .RHBZ#1054289_0f23c071

%patch6 -p1 -b .RHBZ#1054289_91e32f1c

%patch7 -p1 -b .RHBZ#1054415_7f1f7e79

%patch8 -p1 -b .RHBZ#1057628_c01ec3db

#-b .RHBZ#1057629_2dc9c4ab_9c56a72b

%patch9 -p1 

%patch10 -p1 -b .RHBZ#1057684_b77b00ba

%patch11 -p1 -b .RHBZ#1058339_b2b5b88c

%patch12 -p1 -b .RHBZ#1064386_2f435f7a_b270c289_89e03476

%patch13 -p1 -b .RHBZ#1058853_85f0beed

%patch14 -p1 -b .RHBZ#1058791_d4779272_ffc70ef5_a9770f96

%patch15 -p1 -b .RHBZ#1064401_96bb6f2a

%patch16 -p1 -b .RHBZ#993740_3f1b42f3

%patch17 -p1 -b .RHBZ#993782_d545084d

%patch18 -p1 -b .RHBZ#1030330

%patch19 -p1 -b .RHBZ#1067639_d6b16d44

%patch20 -p1 -b .RHBZ#1067652_59b0e97a

%patch21 -p1 -b .RHBZ#1068148_2afef77d

%patch22 -p1 -b .RHBZ#1059800

%patch23 -p1 -b .RHBZ#1070683

%patch24 -p1 -b .RHBZ#993655

%patch25 -p1 -b .RHBZ#993650

%patch26 -p1 -b .RHBZ#994044

%patch27 -p1 -b .RHBZ#1048119

%patch28 -p1 -b .RHBZ#1057095

%patch29 -p1 -b .RHBZ#1075675

%patch30 -p1 -b .RHBZ#1097765

%patch31 -p1 -b .RHBZ#1111573

#-b .RHBZ#1135634

%patch32 -p1

%patch33 -p1 -b .RHBZ#1097841

%patch34 -p1 -b .RHBZ#1099065

%patch35 -p1 -b .RHBZ#1127706

%patch36 -p1 -b .RHBZ#1120212

%patch37 -p1 -b .RHBZ#1112742

%patch38 -p1 -b .RHBZ#1058794

%patch39 -p1 -b .RHBZ#1061809

%patch40 -p1 -b .RHBZ#993650_add

%patch41 -p1 -b .RHBZ#1127706_add

%patch42 -p1 -b .RHBZ#993650_add2

%patch43 -p1 -b .RHBZ#1057095_add

%patch44 -p1 -b .RHBZ#994479

chmod 0750 config/xmlschema/check.sh

%patch45 -p1 -b .RHBZ#1122739,1128563

%patch46 -p1 -b .RHBZ#1142741

%patch47 -p1

%patch48 -p1

%patch49 -p1 -b .RHBZ#1161745

%patch50 -p1 -b .RHBZ#1164605

%patch51 -p1 -b .RHBZ#1176813

%patch52 -p1 -b .RHBZ#1182671

%patch53 -p1 -b .RHBZ#1183008

%patch54 -p1 -b .RHBZ#1183688

%patch55 -p1

%patch56 -p1

%patch57 -p1 -b .RHBZ#1217678

%patch58 -p1 -b .RHBZ#1261502

chmod 0755 src/tests/firewall-cmd_test.sh

#-b .RHBZ#1254531

%patch59 -p1

%build

%configure --enable-sysconfig

make

%install

make install DESTDIR=%{buildroot}

desktop-file-install --delete-original \

  --dir %{buildroot}%{_sysconfdir}/xdg/autostart \

  %{buildroot}%{_sysconfdir}/xdg/autostart/firewall-applet.desktop

desktop-file-install --delete-original \

  --dir %{buildroot}%{_datadir}/applications \

  %{buildroot}%{_datadir}/applications/firewall-config.desktop

%find_lang %{name} --all-name

%post

%systemd_post firewalld.service

%preun

%systemd_preun firewalld.service

%postun

%systemd_postun_with_restart firewalld.service 

%post -n firewall-applet

/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || :

%postun -n firewall-applet

if [ $1 -eq 0 ] ; then

    /bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null

    /usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :

    /usr/bin/glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :

fi

%posttrans -n firewall-applet

/usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :

/usr/bin/glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :

%post -n firewall-config

/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || :

%postun -n firewall-config

if [ $1 -eq 0 ] ; then

    /bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null

    /usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :

    /usr/bin/glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :

fi

%posttrans -n firewall-config

/usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :

/usr/bin/glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :

%files -f %{name}.lang

%doc COPYING README

%{_sbindir}/firewalld

%{_bindir}/firewall-cmd

%{_bindir}/firewall-offline-cmd

%dir %{_datadir}/bash-completion/completions

%{_datadir}/bash-completion/completions/firewall-cmd

%defattr(0640,root,root)

%attr(0750,root,root) %dir %{_prefix}/lib/firewalld

%attr(0750,root,root) %dir %{_prefix}/lib/firewalld/icmptypes

%attr(0750,root,root) %dir %{_prefix}/lib/firewalld/services

%attr(0750,root,root) %dir %{_prefix}/lib/firewalld/zones

%attr(0750,root,root) %dir %{_prefix}/lib/firewalld/xmlschema

%{_prefix}/lib/firewalld/icmptypes/*.xml

%{_prefix}/lib/firewalld/services/*.xml

%{_prefix}/lib/firewalld/zones/*.xml

%attr(0750,root,root) %{_prefix}/lib/firewalld/xmlschema/check.sh

%{_prefix}/lib/firewalld/xmlschema/*.xsd

%attr(0750,root,root) %dir %{_sysconfdir}/firewalld

%config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf

%config(noreplace) %{_sysconfdir}/firewalld/lockdown-whitelist.xml

%attr(0750,root,root) %dir %{_sysconfdir}/firewalld/icmptypes

%attr(0750,root,root) %dir %{_sysconfdir}/firewalld/services

%attr(0750,root,root) %dir %{_sysconfdir}/firewalld/zones

%defattr(0644,root,root)

%config(noreplace) %{_sysconfdir}/sysconfig/firewalld

#%attr(0755,root,root) %{_initrddir}/firewalld

%{_unitdir}/firewalld.service

%config(noreplace) %{_sysconfdir}/dbus-1/system.d/FirewallD.conf

%{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy

%attr(0755,root,root) %dir %{python_sitelib}/firewall

%attr(0755,root,root) %dir %{python_sitelib}/firewall/config

%attr(0755,root,root) %dir %{python_sitelib}/firewall/core

%attr(0755,root,root) %dir %{python_sitelib}/firewall/core/io

%attr(0755,root,root) %dir %{python_sitelib}/firewall/server

%{python_sitelib}/firewall/*.py*

%{python_sitelib}/firewall/config/*.py*

%{python_sitelib}/firewall/core/*.py*

%{python_sitelib}/firewall/core/io/*.py*

%{python_sitelib}/firewall/server/*.py*

%{_mandir}/man1/firewall*cmd*.1*

%{_mandir}/man1/firewalld*.1*

%{_mandir}/man5/firewall*.5*

%files -n firewall-applet

%{_bindir}/firewall-applet

%defattr(0644,root,root)

%{_sysconfdir}/xdg/autostart/firewall-applet.desktop

%{_datadir}/icons/hicolor/*/apps/firewall-applet*.*

%{_datadir}/glib-2.0/schemas/org.fedoraproject.FirewallApplet.gschema.xml

%{_mandir}/man1/firewall-applet*.1*

%files -n firewall-config

%{_bindir}/firewall-config

%defattr(0644,root,root)

%{_datadir}/firewalld/firewall-config.glade

%{_datadir}/firewalld/gtk3_chooserbutton.py*

%{_datadir}/applications/firewall-config.desktop

%{_datadir}/icons/hicolor/*/apps/firewall-config*.*

%{_datadir}/glib-2.0/schemas/org.fedoraproject.FirewallConfig.gschema.xml

%{_mandir}/man1/firewall-config*.1*

%changelog

* Tue Sep 15 2015 Thomas Woerner <twoerner@redhat.com> - 0.3.9-14

- Fixed file mode of schema configuration file verifier check.sh als in files

  (RHBZ#994479)

* Fri Sep 11 2015 Thomas Woerner <twoerner@redhat.com> - 0.3.9-13

- Fixed file mode of schema configuration file verifier check.sh (RHBZ#994479)

- Include upstream testsuite in SRPM package (RHBZ#1261502)

- Added missing ports to RH-Satellite-6 mservice (RHBZ#1254531)

* Mon Jul  6 2015 Thomas Woerner <twoerner@redhat.com> - 0.3.9-12

- New schema configuration file verifier (RHBZ#994479)

- More information about interface handling with and without NetworkManager

  (RHBZ#1122739) (RHBZ#1128563)

- Apply all rich rules for non-default targets (RHBZ#1142741)

- New iscsi service (RHBZ#1150656)

- New rsync service (RHBZ#1150659)

- ipXtables: use -w or -w2 if supported (RHBZ#1161745)

- Do not use ipv6header for protocol matching. (RHBZ#1164605)

- Iptables does not like limit of 1/d (RHBZ#1176813)

- Fix readdition of removed permanent direct settings (RHBZ#1182671)

- Fix bugs found by upstream test suite (RHBZ#1183008)

- Fix polkit auth for query and get passthroughs methods (RHBZ#1183688)

- New vdsm service (RHBZ#1194382)

- New freeipa services (RHBZ#1206490)

- Add missing parts to firewall-offline-cmd man page (RHBZ#1217678)

* Tue Jan 13 2015 Thomas Woerner <twoerner@redhat.com> - 0.3.9-11

- added missing upstream commit 265bfe90 for (RHBZ#993650)

- also add log message in the firewall-cmd output (RHBZ#1057095)

* Mon Oct 20 2014 Thomas Woerner <twoerner@redhat.com> - 0.3.9-10

- additional upstream commits for (RHBZ#993650)

- additional upstream commits for (RHBZ#1127706)

* Tue Oct  7 2014 Thomas Woerner <twoerner@redhat.com> - 0.3.9-9

- added lost runtime passthrough check and reverse patch (RHBZ#993650)

* Mon Sep 29 2014 Thomas Woerner <twoerner@redhat.com> - 0.3.9-8

- fixed GUI missing name of active zone (RHBZ#993655)

- recreate man pages at build time (RHBZ#1071303)

  - fixes rich language log level (RHBZ#993740)

  - fixes typo in firewall-cmd man page (RHBZ#1064401)

- new support to save runtime as permanent (RHBZ#993650)

- new cli --timeout time specifiers support (RHBZ#994044)

- updated translations (RHBZ#1048119) (RHBZ#1083592)

- more descriptive error message in case of mistakes in iptables (RHBZ#1057095)

- use apparent name for default target (RHBZ#1075675)

- simplified firewalld usage on servers by dropping at_console (RHBZ#1097765)

- fixed enable/disable of lockdown (RHBZ#1111573)

- new Satellite 6 service (RHBZ#1135634)

- fixed inconsistent color usage for firewall-cmd messages (RHBZ#1097841)

- fixed missing -Es in lockdown whitelist firewall-config command (RHBZ#1099065)

- unified runtime and permanent D-Bus API (RHBZ#1127706)

- fixed missing update of the connections menu in firewall-config (RHBZ#1120212)

- better docs for interface bindings in firewalld and NetworkManager (RHBZ#1112742)

- firewall-config: Show target REJECT (RHBZ#1058794)

- fixed inconsistent PolicyKit domain usage in main D-Bus interface (RHBZ#1061809)

* Fri Feb 28 2014 Jiri Popelka <jpopelka@redhat.com> - 0.3.9-7

- firewall-cmd: prevent argparse from parsing iptables options (RHBZ#1070683)

* Wed Feb 26 2014 Jiri Popelka <jpopelka@redhat.com> - 0.3.9-6

- firewall-offline-cmd: options from 'firewall-cmd --permanent *' (RHBZ#1059800)

* Sun Feb 23 2014 Thomas Woerner <twoerner@redhat.com> - 0.3.9-5

- fixed rich language log level (RHBZ#993740)

- firewall-config: use simple tool to change zones for connections (RHBZ#993782)

- translations update (RHBZ#1030330)

- firewall-config: fixed service and icmptype name dulications (RHBZ#1067639)

- allow router advertisements for IPv6 rpfilter (RHBZ#1067652)

- firewall-applet: allow to bind connections to the defaut zone (RHBZ#1068148)

* Wed Feb 12 2014 Thomas Woerner <twoerner@redhat.com> - 0.3.9-4

- firewall-config creates unloadable config; port forwarding broken

  (RHBZ#1057628)

- Network connection is lost after changing Zones Default Target to DROP

  (RHBZ#1057629)

- permanently adding rich rule with audit creates unloadable config XML

  (RHBZ#1057684)

- firewalld input_zones has default rule for public zone (RHBZ#1058339)

- firewall-cmd is not able to add and remove zones, services and icmptypes

  (RHBZ#1064386)

- firewall-config leaves deleted services shown if they were in use

  (RHBZ#1058853)

- firewall-cmd does not allow user to change zone default target (RHBZ#1058791)

- firewall-cmd man page has a typo in --help description (RHBZ#1064401)

* Fri Jan 17 2014 Thomas Woerner <twoerner@redhat.com> - 0.3.9-3

- fixed enforcing of trusted, drop and block zones (RHBZ#1054415)

* Thu Jan 16 2014 Thomas Woerner <twoerner@redhat.com> - 0.3.9-2

- fixed rich rules (RHBZ#1054270)

- fixed small defects in firewall-cmd and firewall-config (RHBZ#1054289)

* Wed Jan 15 2014 Thomas Woerner <twoerner@redhat.com> - 0.3.9-1

- rebase to 0.3.9 version:

- translation updates

- New IPv6_rpfilter setting to enable source address validation (RHBZ#847707)

- Do not mix original and customized zones in case of target changes,

  apply only used zones

- firewall-cmd: fix --*_lockdown_whitelist_uid to work with uid 0

- Don't show main window maximized. (RHBZ#1046811)

- Use rmmod instead of 'modprobe -r' (RHBZ#1031102)

- Deprecate 'enabled' attribute of 'masquerade' element

- firewall-config: new zone was added twice to the list

- firewalld.dbus(5)

- Enable python shebang fix again

- firewall/client: handle_exceptions: Use loop in decorator

- firewall-offline-cmd: Do not mask firewalld service with disabled option

- firewall-config: richRuleDialogActionRejectType Entry -> ComboBox

- Rich_Rule: fix parsing of reject element (RHBZ#1027373)

- Show combined zones in permanent configuration (RHBZ#1002016)

- firewall-cmd(1): document exit code 2 and colored output (RHBZ#1028507)

- firewall-config: fix RHBZ#1028853

* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 0.3.8-2

- Mass rebuild 2013-12-27

* Tue Nov 05 2013 Jiri Popelka <jpopelka@redhat.com> - 0.3.8-1

- fix memory leaks

- New option --debug-gc

- Python3 compatibility

- Better non-ascii support

- several firewall-config & firewall-applet fixes

- New --remove-rules commands for firewall-cmd and removeRules methods for D-Bus

- Fixed FirewallDirect.get_rules to return proper list

- Fixed LastUpdatedOrderedDict.keys()

- Enable rich rule usage in trusted zone (RHBZ#994144)

- New error codes: INVALID_CONTEXT, INVALID_COMMAND, INVALID_USER and INVALID_UID

* Thu Oct 17 2013 Jiri Popelka <jpopelka@redhat.com> - 0.3.7-1

- Don't fail on missing ip[6]tables/ebtables table. (RHBZ#967376)

- bash-completion: --permanent --direct options

- firewall/core/fw.py: fix checking for iptables & ip6tables (RHBZ#1017087)

- firewall-cmd: use client's exception_handler instead of catching exceptions ourselves

- FirewallClientZoneSettings: fix {add|remove|query}RichRule()

- Extend amanda-client service with 10080/tcp (RHBZ#1016867)

- Simplify Rich_Rule()_lexer() by using functions.splitArgs()

- Fix encoding problems in exception handling (RHBZ#1015941)

* Fri Oct 04 2013 Jiri Popelka <jpopelka@redhat.com> - 0.3.6.2-1

- firewall-offline-cmd: --forward-port 'toaddr' is optional (RHBZ#1014958)

- firewall-cmd: fix variable name (RHBZ#1015011)

* Thu Oct 03 2013 Jiri Popelka <jpopelka@redhat.com> - 0.3.6.1-1

- remove superfluous po files from archive

* Wed Oct 02 2013 Jiri Popelka <jpopelka@redhat.com> - 0.3.6-1

- firewalld.richlanguage.xml: correct log levels (RHBZ#993740)

- firewall-config: Make sure that all zone settings are updated properly on firewalld restart

- Rich_Limit: Allow long representation for duration (RHBZ#994103

- firewall-config: Show "Changes applied." after changes (RHBZ#993643)

- Use own connection dialog to change zones for NM connections

- Rename service cluster-suite to high-availability (RHBZ#885257)

- Permanent direct support for firewall-config and firewall-cmd

- Try to avoid file descriptor leaking (RHBZ#951900)

- New functions to split and join args properly (honoring quotes)

- firewall-cmd(1): 2 simple examples

- Better IPv6 NAT checking.

- Ship firewalld.direct(5).

* Mon Sep 30 2013 Jiri Popelka <jpopelka@redhat.com> - 0.3.5-1

- Only use one PK action for configuration (RHBZ#994729)

- firewall-cmd: indicate non-zero exit code with red color

- rich-rule: enable to have log without prefix & log_level & limit

- log-level warn/err -> warning/error (RHBZ#1009436)

- Use policy DROP while reloading, do not reset policy in restart twice

- Add _direct chains to all table and chain combinations

- documentation improvements

- New firewalld.direct(5) man page docbook source

- tests/firewall-cmd_test.sh: make rich language tests work

- Rich_Rule._import_from_string(): improve error messages (RHBZ#994150)

- direct.passthrough wasn't always matching out_signature (RHBZ#967800)

- firewall-config: twist ICMP Type IP address family logic.

- firewall-config: port-forwarding/masquerading dialog (RHBZ#993658)

- firewall-offline-cmd: New --remove-service=<service> option (BZ#969106)

- firewall-config: Options->Lockdown was not changing permanent.

- firewall-config: edit line on doubleclick (RHBZ#993572)

- firewall-config: System Default Zone -> Default Zone (RHBZ#993811)

- New direct D-Bus interface, persistent direct rule handling, enabled passthough

- src/firewall-cmd: Fixed help output to use more visual parameters

- src/firewall-cmd: New usage output, no redirection to man page anymore

- src/firewall/core/rich.py: Fixed forwad port destinations

- src/firewall-offline-cmd: Early enable/disable handling now with mask/unmask

- doc/xml/firewalld.zone.xml: Added more information about masquerade use

- Prefix to log message is optional (RHBZ#998079)

- firewall-cmd: fix --permanent --change-interface (RHBZ#997974)

- Sort zones/interfaces/service/icmptypes on output.

- wbem-https service (RHBZ#996668)

- applet&config: add support for KDE NetworkManager connection editor

- firewall/core/fw_config.py: New method update_lockdown_whitelist

- Added missing file watcher for lockdown whitelist in config D-Bus interface

- firewall/core/watcher: New add_watch_file for lockdown-whitelist and direct

- Make use of IPv6 NAT conditional, based on kernel number (RHBZ#967376)

* Tue Jul 30 2013 Thomas Woerner <twoerner@redhat.com> 0.3.4-1

- several rich rule check enhancements and fixes

- firewall-cmd: direct options - check ipv4|ipv6|eb (RHBZ#970505)

- firewall-cmd(1): improve description of direct options (RHBZ#970509)

- several firewall-applet enhancements and fixes

- New README

- several doc and man page fixes

- Service definitions for PCP daemons (RHBZ#972262)

- bash-completion: add lockdown and rich language options

- firewall-cmd: add --permanent --list-all[-zones]

- firewall-cmd: new -q/--quiet option

- firewall-cmd: warn when default zone not active (RHBZ#971843)

- firewall-cmd: check priority in --add-rule (RHBZ#914955)

- add dhcpv6 (for server) service (RHBZ#917866)

- firewall-cmd: add --permanent --get-zone-of-interface/source --change-interface/source

- firewall-cmd: print result (yes/no) of all --query-* commands

- move permanent-getZoneOf{Interface|Source} from firewall-cmd to server

- Check Interfaces/sources when updating permanent zone settings.

- FirewallDConfig: getZoneOfInterface/Source can actually return more zones

- Fixed toaddr check in forward port to only allow single address, no range

- firewall-cmd: various output improvements

- fw_zone: use check_single_address from firewall.functions

- getZoneOfInterface/Source does not need to throw exception

- firewall.functions: Use socket.inet_pton in checkIP, fixed checkIP*nMask

- firewall.core.io.service: Properly check port/proto and destination address

- Install applet desktop file into /etc/xdg/autostart

- Fixed option problem with rich rule destinations (RHBZ#979804)

- Better exception creation in dbus_handle_exceptions() decorator (RHBZ#979790)

- Updated firewall-offline-cmd

- Use priority in add, remove, query and list of direct rules (RHBZ#979509)

- New documentation (man pages are created from docbook sources)

- firewall/core/io/direct.py: use prirority for rule methods, new get_all_ methods

- direct: pass priority also to client.py and firewall-cmd

- applet: New blink and blink-count settings

- firewall.functions: New function ppid_of_pid

- applet: Check for gnome3 and fix it, use new settings, new size-changed cb

- firewall-offline-cmd: Fix use of systemctl in chroot

- firewall-config: use string.ascii_letters instead of string.letters

- dbus_to_python(): handle non-ascii chars in dbus.String.

- Modernize old syntax constructions.

- dict.keys() in Python 3 returns a "view" instead of list

- Use gettext.install() to install _() in builtins namespace.

- Allow non-ascii chars in 'short' and 'description'

- README: More information for "Working With The Source Repository"

- Build environment fixes

- firewalld.spec: Added missing checks for rhel > 6 for pygobject3-base

- firewall-applet: New setting show-inactive

- Don't stop on reload when lockdown already enabled (RHBZ#987403)

- firewall-cmd: --lockdown-on/off did not touch firewalld.conf

- FirewallApplet.gschema.xml: Dropped unused sender-info setting

- doc/firewall-applet.xml: Added information about gsettings

- several debug and log message fixes

- Add chain for sources so they can be checked before interfaces (RHBZ#903222)

- Add dhcp and proxy-dhcp services (RHBZ#986947)

- io/Zone(): don't error on deprecated family attr of source elem

- Limit length of zone file name (to 12 chars) due to Netfilter internals.

- It was not possible to overload a zone with defined source(s).

- DEFAULT_ZONE_TARGET: {chain}_ZONE_{zone} -> {chain}_{zone}

- New runtime get<X>Settings for services and icmptypes, fixed policies callbacks

- functions: New functions checkUser, checkUid and checkCommand

- src/firewall/client: Fixed lockdown-whitelist-updated signal handling

- firewall-cmd(1): move firewalld.richlanguage(5) reference in --*-rich-rule

- Rich rule service: Only add modules for accept action

- firewall/core/rich: Several fixes and enhanced checks

- Fixed reload of direct rules

- firewall/client: New functions to set and get the exception handler

- firewall-config: New and enhanced UI to handle lockdown and rich rules

- zone's immutable attribute is redundant

- Do not allow to set settings in config for immutable zones.

- Ignore deprecated 'immutable' attribute in zone files.

- Eviscerate 'immutable' completely.

- FirewallDirect.query_rule(): fix it

- permanent direct: activate firewall.core.io.direct:Direct reader

- core/io/*: simplify getting of character data

- FirewallDirect.set_config(): allow reloading

* Thu Jun 20 2013  Jiri Popelka <jpopelka@redhat.com>

- Remove migrating to a systemd unit file from a SysV initscript

- Remove pointless "ExclusiveOS" tag

* Fri Jun  7 2013 Thomas Woerner <twoerner@redhat.com> 0.3.3-2

- Fixed rich rule check for use in D-Bus

* Thu Jun  6 2013 Thomas Woerner <twoerner@redhat.com> 0.3.3-1

- new service files

- relicensed logger.py under GPLv2+

- firewall-config: sometimes we don't want to use client's exception handler

- When removing Service/IcmpType remove it from zones too (RHBZ#958401)

- firewall-config: work-around masquerade_check_cb() being called more times

- Zone(IO): add interfaces/sources to D-Bus signature

- Added missing UNKNOWN_SOURCE error code

- fw_zone.check_source: Raise INVALID_FAMILY if family is invalid

- New changeZoneOfInterface method, marked changeZone as deprecated

- Fixed firewall-cmd man page entry for --panic-on

- firewall-applet: Fixed possible problems of unescaped strings used for markup

- New support to bind zones to source addresses and ranges (D-BUS, cmd, applet

- Cleanup of unused variables in FirewallD.start

- New firewall/fw_types.py with LastUpdatedOrderedDict

- direct.chains, direct.rules: Using LastUpdatedOrderedDict

- Support splitted zone files

- New reader and writer for stored direct chains and rules

- LockdownWhitelist: fix write(), add get_commands/uids/users/contexts()

- fix service_writer() and icmptype_writer() to put newline at end of file

- firewall-cmd: fix --list-sources

- No need to specify whether source address family is IPv4 or IPv6

- add getZoneOfSource() to D-Bus interface

- Add tests and bash-completion for the new "source" operations

- Convert all input args in D-Bus methods

- setDefaultZone() was calling accessCheck() *after* the action

- New uniqify() function to remove duplicates from list whilst preserving order

- Zone.combine() merge also services and ports

- config/applet: silence DBusException during start when FirewallD is not running (RHBZ#966518)

- firewall-applet: more fixes to make the address sources family agnostic

- Better defaults for lockdown white list

- Use auth_admin_keep for allow_any and allow_inactive also

- New D-Bus API for lockdown policies

- Use IPv4, IPv6 and BRIDGE for FirewallD properties

- Use rich rule action as audit type

- Prototype of string-only D-Bus interface for rich language

- Fixed wrongly merged source family check in firewall/core/io/zone.py

- handle_cmr: report errors, cleanup modules in error case only, mark handling

- Use audit type from rule action, fixed rule output

- Fixed lockdown whitelist D-Bus handling method names

- New rich rule handling in runtime D-Bus interface

- Added interface, source and rich rule handling (runtime and permanent)

- Fixed dbus_obj in FirewallClientConfigPolicies, added queryLockdown

- Write changes in setLockdownWhitelist

- Fixed typo in policies log message in method calls

- firewall-cmd: Added rich rule, lockdown and lockdown whitelist handling

- Don't check access in query/getLockdownWhitelist*()

- firewall-cmd: Also output masquerade flag in --list-all

- firewall-cmd: argparse is able to convert argument to desired type itself

- firewall-cmd_test.sh: tests for permanent interfaces/sources and lockdown whitelist

- Makefile.am: add missing files

- firewall-cmd_test.sh: tests for rich rules

- Added lockdown, source, interface and rich rule docs to firewall-cmd

- Do not masquerade lo if masquerade is enabled in the default zone (RHBZ#904098)

- Use <rule> in metavar for firewall-cmd parser

* Fri May 10 2013 Jiri Popelka <jpopelka@redhat.com> - 0.3.2-2

- removed unintentional en_US.po from tarball

* Tue Apr 30 2013 Jiri Popelka <jpopelka@redhat.com> - 0.3.2-1

- Fix signal handling for SIGTERM

- Additional service files (RHBZ#914859)

- Updated po files

- s/persistent/permanent/ (Trac Ticket #7)

- Better behaviour when running without valid DISPLAY (RHBZ#955414)

- client.handle_exceptions(): do not loop forever

- Set Zone.defaults in zone_reader (RHBZ#951747)

- client: do not pass the dbus exception name to handler

- IO_Object_XMLGenerator: make it work with Python 2.7.4 (RHBZ#951741)

- firewall-cmd: do not use deprecated BaseException.message

- client.py: fix handle_exceptions() (RHBZ#951314)

- firewall-config: check zone/service/icmptype name (RHBZ#947820)

- Allow 3121/tcp (pacemaker_remote) in cluster-suite service. (RHBZ#885257)

- firewall-applet: fix default zone hangling in 'shields-up' (RHBZ#947230)

- FirewallError.get_code(): check for unknown error

* Wed Apr 17 2013 Jiri Popelka <jpopelka@redhat.com> - 0.3.1-2

- Make permanenent changes work with Python 2.7.4 (RHBZ#951741)

* Thu Mar 28 2013 Thomas Woerner <twoerner@redhat.com> 0.3.1-1

- Use explicit file lists for make dist

- New rich rule validation check code

- New global check_port and check_address functions

- Allow source white and black listing with the rich rule

- Fix error handling in case of unsupported family in rich rule

- Enable ip_forwarding in masquerade and forward-port

- New functions to read and write simple files using filename and content

- Add --enable-sysconfig to install Fedora-specific sysconfig config file.

- Add chains for security table (RHBZ#927015)

- firewalld.spec: no need to specify --with-systemd-unitdir

- firewalld.service: remove syslog.target and dbus.target

- firewalld.service: replace hard-coded paths

- Move bash-completion to new location.

- Revert "Added configure for new build env"

- Revert "Added Makefile.in files"

- Revert "Added po/Makefile.in.in"

- Revert "Added po/LINGUAS"

- Revert "Added aclocal.m4"

- Amend zone XML Schema

* Wed Mar 20 2013 Thomas Woerner <twoerner@redhat.com> 0.3.0-1

- Added rich language support

- Added lockdown feature

- Allow to bind interfaces and sources to zones permanently

- Enabled IPv6 NAT support

  masquerading and port/packet forwarding for IPv6 only with rich language

- Handle polkit errors in client class and firewall-config

- Added priority description for --direct --add-rule in firewall-cmd man page

- Add XML Schemas for zones/services/icmptypes XMLs

- Don't keep file descriptors open when forking

- Introduce --nopid option for firewalld

- New FORWARD_IN_ZONES and FORWARD_OUT_ZONES chains (RHBZ#912782)

- Update cluster-suite service (RHBZ#885257)

- firewall-cmd: rename --enable/disable-panic to --panic-on/off (RHBZ#874912)

- Fix interaction problem of changed event of gtk combobox with polkit-kde

  by processing all remaining events (RHBZ#915892)

- Stop default zone rules being applied to all zones (RHBZ#912782)

- Firewall.start(): don't call set_default_zone()

- Add wiki's URL to firewalld(1) and firewall-cmd(1) man pages

- firewalld-cmd: make --state verbose (RHBZ#886484)

- improve firewalld --help (RHBZ#910492)

- firewall-cmd: --add/remove-* can be used multiple times (RHBZ#879834)

- Continue loading zone in case of wrong service/port etc. (RHBZ#909466)

- Check also services and icmptypes in Zone() (RHBZ#909466)

- Increase the maximum length of the port forwarding fields from 5 to 11 in

  firewall-config

- firewall-cmd: add usage to fail message

- firewall-cmd: redefine usage to point to man page

- firewall-cmd: fix visible problems with arg. parsing

- Use argparse module for parsing command line options and arguments

- firewall-cmd.1: better clarify where to find ACTIONs

- firewall-cmd Bash completion

- firewall-cmd.1: comment --zone=<zone> usage and move some options

- Use zone's target only in %s_ZONES chains