|
 |
7d5a1d |
Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
|
|
|
7d5a1d |
Name: firewalld
|
|
|
47f735 |
Version: 0.9.3
|
|
|
b8221b |
Release: 13%{?dist}
|
|
|
7d5a1d |
URL: http://www.firewalld.org
|
|
|
7d5a1d |
License: GPLv2+
|
|
|
7d5a1d |
Source0: https://github.com/firewalld/firewalld/releases/download/v%{version}/firewalld-%{version}.tar.gz
|
|
|
e4e66d |
Patch1: 0001-RHEL-only-Add-cockpit-by-default-to-some-zones.patch
|
|
|
e4e66d |
Patch2: 0002-RHEL-only-default-to-AllowZoneDrifting-yes.patch
|
|
|
47f735 |
Patch3: v1.0.0-0003-feat-service-add-galera-service.patch
|
|
|
47f735 |
Patch4: 0004-fix-dbus-conf-setting-deprecated-properties-should-b.patch
|
|
|
47f735 |
Patch5: 0005-test-nftables-normalize-reject-statement-output.patch
|
|
|
47f735 |
Patch6: 0006-test-nftables-fix-normalization-of-reject-statement-.patch
|
|
|
47f735 |
Patch7: 0007-test-functions-increase-debug-level.patch
|
|
|
47f735 |
Patch8: 0008-test-functions-format-xml-output-with-xmllint.patch
|
|
|
47f735 |
Patch9: 0009-docs-firewall-cmd-reload-does-not-affect-direct-rule.patch
|
|
|
47f735 |
Patch10: 0010-docs-dbus-fix-copy-paste-error-for-FlushAllOnReload.patch
|
|
|
47f735 |
Patch11: 0011-docs-dbus-fix-copy-paste-error-for-RFC3964_IPv4.patch
|
|
|
47f735 |
Patch12: 0012-test-dbus-direct-add-coverage-for-signatures.patch
|
|
|
47f735 |
Patch13: 0013-test-dbus-policy-scope-introspection-checks-to-inter.patch
|
|
|
47f735 |
Patch14: 0014-test-dbus-zone-scope-introspection-checks-to-interfa.patch
|
|
|
47f735 |
Patch15: 0015-test-dbus-policy-introspect-signals.patch
|
|
|
47f735 |
Patch16: 0016-test-dbus-zone-introspect-signals.patch
|
|
|
47f735 |
Patch17: 0017-fix-dbus-properties-IPv4-and-IPv6-should-be-true-if-.patch
|
|
|
47f735 |
Patch18: 0018-test-ipset-add-missing-CHECK_IPSET.patch
|
|
|
47f735 |
Patch19: 0019-fix-fw-when-checking-tables-make-sure-to-check-the-a.patch
|
|
|
47f735 |
Patch20: 0020-fix-ipset-nftables-use-interval-flag-for-ip-types.patch
|
|
|
47f735 |
Patch21: 0021-test-ipset-verify-ipset-netmask-allowed-for-hash-ip.patch
|
|
|
47f735 |
Patch22: 0022-test-offline-always-allow-ipset-tests.patch
|
|
|
47f735 |
Patch23: 0023-fix-direct-rule-order-with-multiple-address-with-s-d.patch
|
|
|
47f735 |
Patch24: 0024-test-direct-verify-rule-order-with-multiple-address-.patch
|
|
|
47f735 |
Patch25: 0025-fix-ipset-fix-hash-net-net-functionality.patch
|
|
|
47f735 |
Patch26: 0026-test-ipset-add-test-to-verify-hash-net-net.patch
|
|
|
47f735 |
Patch27: 0027-fix-nm-reload-only-consider-NM-connections-with-a-re.patch
|
|
|
47f735 |
Patch28: 0028-test-nm-reload-only-consider-NM-connections-with-a-r.patch
|
|
|
47f735 |
Patch29: 0029-docs-conf-note-that-IPv6_rpfilter-has-a-performance-.patch
|
|
|
47f735 |
Patch30: 0030-improvement-conf-note-that-IPv6_rpfilter-has-a-perfo.patch
|
|
|
47f735 |
Patch31: 0031-test-functions-FWD_GREP_LOG-allow-checking-error-cod.patch
|
|
|
47f735 |
Patch32: 0032-test-functions-improve-checking-firewalld.log-for-er.patch
|
|
|
47f735 |
Patch33: 0033-fix-policy-warn-instead-of-error-for-overlapping-por.patch
|
|
|
47f735 |
Patch34: 0034-test-zone-verify-overlapping-ports-don-t-halt-zone-l.patch
|
|
|
47f735 |
Patch35: v1.0.0-0035-fix-ipset-normalize-entries-in-CIDR-notation.patch
|
|
|
47f735 |
Patch36: v1.0.0-0036-fix-ipset-disallow-overlapping-entries.patch
|
|
|
b8221b |
Patch37: 0037-docs-firewall-cmd-client-conntrack-helpers-must-use-.patch
|
|
|
b8221b |
Patch38: 0038-fix-nftables-do-not-log-icmp-block-if-inversion.patch
|
|
|
b8221b |
Patch39: 0039-test-icmp-don-t-log-blocked-if-ICMP-inversion.patch
|
|
|
b8221b |
Patch40: 0040-fix-nftables-rich-source-address-with-netmask.patch
|
|
|
b8221b |
Patch41: 0041-test-rich-source-address-with-netmask.patch
|
|
|
b8221b |
Patch42: 0042-test-zone-source-with-netmask.patch
|
|
|
b8221b |
Patch43: 0043-fix-fw_config-zone-on-rename-remove-then-add.patch
|
|
|
b8221b |
Patch44: 0044-fix-io-functions-check_config-against-on-disk-conf.patch
|
|
|
b8221b |
Patch45: 0045-fix-zone-detect-same-source-interface-in-zones.patch
|
|
|
b8221b |
Patch46: 0046-test-zone-detect-same-source-interface-in-zones.patch
|
|
|
b8221b |
Patch47: 0047-feat-config-add-CleanupModulesOnExit-configuration-o.patch
|
|
|
b8221b |
Patch48: 0048-RHEL-only-default-to-CleanupModulesOnExit-yes.patch
|
|
|
b8221b |
Patch49: v1.0.0-0049-fix-ipset-reduce-cost-of-entry-overlap-detection.patch
|
|
|
b8221b |
Patch50: v1.0.0-0050-test-ipset-huge-set-of-entries-benchmark.patch
|
|
|
b8221b |
Patch51: v1.0.0-0051-fix-ipset-further-reduce-cost-of-entry-overlap-detec.patch
|
|
|
7d5a1d |
|
|
|
7d5a1d |
BuildArch: noarch
|
|
|
7d5a1d |
BuildRequires: autoconf
|
|
|
7d5a1d |
BuildRequires: automake
|
|
|
7d5a1d |
BuildRequires: desktop-file-utils
|
|
|
7d5a1d |
BuildRequires: gettext
|
|
|
7d5a1d |
BuildRequires: intltool
|
|
|
7d5a1d |
# glib2-devel is needed for gsettings.m4
|
|
|
7d5a1d |
BuildRequires: glib2, glib2-devel
|
|
|
7d5a1d |
BuildRequires: systemd-units
|
|
|
7d5a1d |
BuildRequires: docbook-style-xsl
|
|
|
7d5a1d |
BuildRequires: libxslt
|
|
|
7d5a1d |
BuildRequires: iptables, ebtables, ipset
|
|
|
7d5a1d |
BuildRequires: python3-devel
|
|
|
7d5a1d |
Requires: iptables, ebtables, ipset
|
|
|
7d5a1d |
Requires(post): systemd
|
|
|
7d5a1d |
Requires(preun): systemd
|
|
|
7d5a1d |
Requires(postun): systemd
|
|
|
7d5a1d |
Requires: firewalld-filesystem = %{version}-%{release}
|
|
|
7d5a1d |
Requires: python3-firewall = %{version}-%{release}
|
|
|
7d5a1d |
Conflicts: selinux-policy < 3.14.1-28
|
|
|
7d5a1d |
Conflicts: squid < 7:3.5.10-1
|
|
|
7d5a1d |
Obsoletes: firewalld-selinux < 0.4.4.2-2
|
|
|
7d5a1d |
# bz1581578
|
|
|
7d5a1d |
Conflicts: cockpit-ws < 171-2
|
|
|
7d5a1d |
|
|
|
7d5a1d |
%description
|
|
|
7d5a1d |
firewalld is a firewall service daemon that provides a dynamic customizable
|
|
|
7d5a1d |
firewall with a D-Bus interface.
|
|
|
7d5a1d |
|
|
|
7d5a1d |
%package -n python3-firewall
|
|
|
7d5a1d |
Summary: Python3 bindings for firewalld
|
|
|
7d5a1d |
|
|
|
7d5a1d |
%{?python_provide:%python_provide python3-firewall}
|
|
|
7d5a1d |
|
|
|
7d5a1d |
Obsoletes: python-firewall < 0.5.2-2
|
|
|
7d5a1d |
Obsoletes: python2-firewall < 0.5.2-2
|
|
|
7d5a1d |
Requires: python3-dbus
|
|
|
7d5a1d |
Requires: python3-slip-dbus
|
|
|
7d5a1d |
Requires: python3-decorator
|
|
|
7d5a1d |
Requires: python3-gobject-base
|
|
|
4d3a0d |
Requires: python3-nftables
|
|
|
7d5a1d |
|
|
|
7d5a1d |
%description -n python3-firewall
|
|
|
7d5a1d |
Python3 bindings for firewalld.
|
|
|
7d5a1d |
|
|
|
7d5a1d |
%package -n firewalld-filesystem
|
|
|
7d5a1d |
Summary: Firewalld directory layout and rpm macros
|
|
|
7d5a1d |
|
|
|
7d5a1d |
%description -n firewalld-filesystem
|
|
|
7d5a1d |
This package provides directories and rpm macros which
|
|
|
7d5a1d |
are required by other packages that add firewalld configuration files.
|
|
|
7d5a1d |
|
|
|
7d5a1d |
%package -n firewall-applet
|
|
|
7d5a1d |
Summary: Firewall panel applet
|
|
|
7d5a1d |
Requires: %{name} = %{version}-%{release}
|
|
|
7d5a1d |
Requires: firewall-config = %{version}-%{release}
|
|
|
7d5a1d |
Requires: hicolor-icon-theme
|
|
|
7d5a1d |
Requires: python3-qt5-base
|
|
|
7d5a1d |
Requires: python3-gobject
|
|
|
7d5a1d |
Requires: libnotify
|
|
|
7d5a1d |
Requires: NetworkManager-libnm
|
|
|
7d5a1d |
Requires: dbus-x11
|
|
|
7d5a1d |
|
|
|
7d5a1d |
%description -n firewall-applet
|
|
|
7d5a1d |
The firewall panel applet provides a status information of firewalld and also
|
|
|
7d5a1d |
the firewall settings.
|
|
|
7d5a1d |
|
|
|
7d5a1d |
%package -n firewall-config
|
|
|
7d5a1d |
Summary: Firewall configuration application
|
|
|
7d5a1d |
Requires: %{name} = %{version}-%{release}
|
|
|
7d5a1d |
Requires: hicolor-icon-theme
|
|
|
7d5a1d |
Requires: gtk3
|
|
|
7d5a1d |
Requires: python3-gobject
|
|
|
7d5a1d |
Requires: NetworkManager-libnm
|
|
|
7d5a1d |
Requires: dbus-x11
|
|
|
7d5a1d |
|
|
|
7d5a1d |
%description -n firewall-config
|
|
|
7d5a1d |
The firewall configuration application provides an configuration interface for
|
|
|
7d5a1d |
firewalld.
|
|
|
7d5a1d |
|
|
|
7d5a1d |
%prep
|
|
|
7d5a1d |
%autosetup -p1
|
|
|
4d3a0d |
# must autogen since a patch above touched a Makefile.am
|
|
|
4d3a0d |
./autogen.sh
|
|
|
7d5a1d |
|
|
|
7d5a1d |
%build
|
|
|
7d5a1d |
%configure --enable-sysconfig --enable-rpmmacros PYTHON="%{__python3} %{py3_shbang_opts}"
|
|
|
7d5a1d |
make %{?_smp_mflags}
|
|
|
7d5a1d |
|
|
|
7d5a1d |
%install
|
|
|
7d5a1d |
make install DESTDIR=%{buildroot}
|
|
|
7d5a1d |
desktop-file-install --delete-original \
|
|
|
7d5a1d |
--dir %{buildroot}%{_sysconfdir}/xdg/autostart \
|
|
|
7d5a1d |
%{buildroot}%{_sysconfdir}/xdg/autostart/firewall-applet.desktop
|
|
|
7d5a1d |
desktop-file-install --delete-original \
|
|
|
7d5a1d |
--dir %{buildroot}%{_datadir}/applications \
|
|
|
7d5a1d |
%{buildroot}%{_datadir}/applications/firewall-config.desktop
|
|
|
7d5a1d |
|
|
|
7d5a1d |
%find_lang %{name} --all-name
|
|
|
7d5a1d |
|
|
|
7d5a1d |
%post
|
|
|
7d5a1d |
%systemd_post firewalld.service
|
|
|
7d5a1d |
|
|
|
7d5a1d |
%preun
|
|
|
7d5a1d |
%systemd_preun firewalld.service
|
|
|
7d5a1d |
|
|
|
7d5a1d |
%postun
|
|
|
7d5a1d |
%systemd_postun_with_restart firewalld.service
|
|
|
7d5a1d |
|
|
|
7d5a1d |
%files -f %{name}.lang
|
|
|
7d5a1d |
%doc COPYING README
|
|
|
7d5a1d |
%{_sbindir}/firewalld
|
|
|
7d5a1d |
%{_bindir}/firewall-cmd
|
|
|
7d5a1d |
%{_bindir}/firewall-offline-cmd
|
|
|
7d5a1d |
%dir %{_datadir}/bash-completion/completions
|
|
|
7d5a1d |
%{_datadir}/bash-completion/completions/firewall-cmd
|
|
|
7d5a1d |
%dir %{_datadir}/zsh/site-functions
|
|
|
7d5a1d |
%{_datadir}/zsh/site-functions/_firewalld
|
|
|
7d5a1d |
%{_prefix}/lib/firewalld/icmptypes/*.xml
|
|
|
7d5a1d |
%{_prefix}/lib/firewalld/ipsets/README
|
|
|
7d5a1d |
%{_prefix}/lib/firewalld/services/*.xml
|
|
|
47f735 |
%{_prefix}/lib/firewalld/policies/*.xml
|
|
|
7d5a1d |
%{_prefix}/lib/firewalld/zones/*.xml
|
|
|
7d5a1d |
%{_prefix}/lib/firewalld/helpers/*.xml
|
|
|
7d5a1d |
%attr(0750,root,root) %dir %{_sysconfdir}/firewalld
|
|
|
7d5a1d |
%config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf
|
|
|
7d5a1d |
%config(noreplace) %{_sysconfdir}/firewalld/lockdown-whitelist.xml
|
|
|
7d5a1d |
%attr(0750,root,root) %dir %{_sysconfdir}/firewalld/helpers
|
|
|
7d5a1d |
%attr(0750,root,root) %dir %{_sysconfdir}/firewalld/icmptypes
|
|
|
7d5a1d |
%attr(0750,root,root) %dir %{_sysconfdir}/firewalld/ipsets
|
|
|
7d5a1d |
%attr(0750,root,root) %dir %{_sysconfdir}/firewalld/services
|
|
|
47f735 |
%attr(0750,root,root) %dir %{_sysconfdir}/firewalld/policies
|
|
|
7d5a1d |
%attr(0750,root,root) %dir %{_sysconfdir}/firewalld/zones
|
|
|
7d5a1d |
%defattr(0644,root,root)
|
|
|
7d5a1d |
%config(noreplace) %{_sysconfdir}/sysconfig/firewalld
|
|
|
7d5a1d |
%{_unitdir}/firewalld.service
|
|
|
7d5a1d |
%config(noreplace) %{_datadir}/dbus-1/system.d/FirewallD.conf
|
|
|
7d5a1d |
%{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.desktop.policy.choice
|
|
|
7d5a1d |
%{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.server.policy.choice
|
|
|
7d5a1d |
%{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
|
|
|
7d5a1d |
%{_mandir}/man1/firewall*cmd*.1*
|
|
|
7d5a1d |
%{_mandir}/man1/firewalld*.1*
|
|
|
7d5a1d |
%{_mandir}/man5/firewall*.5*
|
|
|
7d5a1d |
%{_sysconfdir}/modprobe.d/firewalld-sysctls.conf
|
|
|
e4e66d |
%{_sysconfdir}/logrotate.d/firewalld
|
|
|
7d5a1d |
|
|
|
7d5a1d |
%files -n python3-firewall
|
|
|
7d5a1d |
%attr(0755,root,root) %dir %{python3_sitelib}/firewall
|
|
|
7d5a1d |
%attr(0755,root,root) %dir %{python3_sitelib}/firewall/__pycache__
|
|
|
7d5a1d |
%attr(0755,root,root) %dir %{python3_sitelib}/firewall/config
|
|
|
7d5a1d |
%attr(0755,root,root) %dir %{python3_sitelib}/firewall/config/__pycache__
|
|
|
7d5a1d |
%attr(0755,root,root) %dir %{python3_sitelib}/firewall/core
|
|
|
7d5a1d |
%attr(0755,root,root) %dir %{python3_sitelib}/firewall/core/__pycache__
|
|
|
7d5a1d |
%attr(0755,root,root) %dir %{python3_sitelib}/firewall/core/io
|
|
|
7d5a1d |
%attr(0755,root,root) %dir %{python3_sitelib}/firewall/core/io/__pycache__
|
|
|
7d5a1d |
%attr(0755,root,root) %dir %{python3_sitelib}/firewall/server
|
|
|
7d5a1d |
%attr(0755,root,root) %dir %{python3_sitelib}/firewall/server/__pycache__
|
|
|
7d5a1d |
%{python3_sitelib}/firewall/__pycache__/*.py*
|
|
|
7d5a1d |
%{python3_sitelib}/firewall/*.py*
|
|
|
7d5a1d |
%{python3_sitelib}/firewall/config/*.py*
|
|
|
7d5a1d |
%{python3_sitelib}/firewall/config/__pycache__/*.py*
|
|
|
7d5a1d |
%{python3_sitelib}/firewall/core/*.py*
|
|
|
7d5a1d |
%{python3_sitelib}/firewall/core/__pycache__/*.py*
|
|
|
7d5a1d |
%{python3_sitelib}/firewall/core/io/*.py*
|
|
|
7d5a1d |
%{python3_sitelib}/firewall/core/io/__pycache__/*.py*
|
|
|
7d5a1d |
%{python3_sitelib}/firewall/server/*.py*
|
|
|
7d5a1d |
%{python3_sitelib}/firewall/server/__pycache__/*.py*
|
|
|
7d5a1d |
|
|
|
7d5a1d |
%files -n firewalld-filesystem
|
|
|
7d5a1d |
%dir %{_prefix}/lib/firewalld
|
|
|
7d5a1d |
%dir %{_prefix}/lib/firewalld/helpers
|
|
|
7d5a1d |
%dir %{_prefix}/lib/firewalld/icmptypes
|
|
|
7d5a1d |
%dir %{_prefix}/lib/firewalld/ipsets
|
|
|
7d5a1d |
%dir %{_prefix}/lib/firewalld/services
|
|
|
47f735 |
%dir %{_prefix}/lib/firewalld/policies
|
|
|
7d5a1d |
%dir %{_prefix}/lib/firewalld/zones
|
|
|
7d5a1d |
%{_rpmconfigdir}/macros.d/macros.firewalld
|
|
|
7d5a1d |
|
|
|
7d5a1d |
%files -n firewall-applet
|
|
|
7d5a1d |
%attr(0755,root,root) %dir %{_sysconfdir}/firewall
|
|
|
7d5a1d |
%{_bindir}/firewall-applet
|
|
|
7d5a1d |
%defattr(0644,root,root)
|
|
|
7d5a1d |
%{_sysconfdir}/xdg/autostart/firewall-applet.desktop
|
|
|
7d5a1d |
%{_sysconfdir}/firewall/applet.conf
|
|
|
7d5a1d |
%{_datadir}/icons/hicolor/*/apps/firewall-applet*.*
|
|
|
7d5a1d |
%{_mandir}/man1/firewall-applet*.1*
|
|
|
7d5a1d |
|
|
|
7d5a1d |
%files -n firewall-config
|
|
|
7d5a1d |
%{_bindir}/firewall-config
|
|
|
7d5a1d |
%defattr(0644,root,root)
|
|
|
7d5a1d |
%{_datadir}/firewalld/firewall-config.glade
|
|
|
7d5a1d |
%{_datadir}/firewalld/gtk3_chooserbutton.py*
|
|
|
7d5a1d |
%{_datadir}/firewalld/gtk3_niceexpander.py*
|
|
|
7d5a1d |
%{_datadir}/applications/firewall-config.desktop
|
|
|
7d5a1d |
%{_datadir}/metainfo/firewall-config.appdata.xml
|
|
|
7d5a1d |
%{_datadir}/icons/hicolor/*/apps/firewall-config*.*
|
|
|
7d5a1d |
%{_datadir}/glib-2.0/schemas/org.fedoraproject.FirewallConfig.gschema.xml
|
|
|
7d5a1d |
%{_mandir}/man1/firewall-config*.1*
|
|
|
7d5a1d |
|
|
|
7d5a1d |
%changelog
|
|
|
b8221b |
* Thu Feb 03 2022 Eric Garver <egarver@redhat.com> - 0.9.3-13
|
|
|
b8221b |
- change default CleanupModulesOnExit=yes
|
|
|
b8221b |
|
|
|
b8221b |
* Mon Dec 20 2021 Eric Garver <egarver@redhat.com> - 0.9.3-12
|
|
|
b8221b |
- feat(config): add CleanupModulesOnExit configuration option
|
|
|
b8221b |
- change default CleanupModulesOnExit=yes
|
|
|
b8221b |
|
|
|
b8221b |
* Tue Nov 16 2021 Eric Garver <egarver@redhat.com> - 0.9.3-11
|
|
|
b8221b |
- fix(zone): detect same source/interface in zones
|
|
|
b8221b |
|
|
|
b8221b |
* Tue Nov 16 2021 Eric Garver <egarver@redhat.com> - 0.9.3-10
|
|
|
b8221b |
- fix(nftables): rich: source address with netmask
|
|
|
b8221b |
|
|
|
b8221b |
* Tue Nov 16 2021 Eric Garver <egarver@redhat.com> - 0.9.3-9
|
|
|
b8221b |
- fix(nftables): do not log icmp block if inversion
|
|
|
b8221b |
|
|
|
b8221b |
* Tue Nov 16 2021 Eric Garver <egarver@redhat.com> - 0.9.3-8
|
|
|
b8221b |
- docs(firewall-*cmd): client conntrack helpers must use a policy
|
|
|
b8221b |
|
|
|
47f735 |
* Tue Jul 13 2021 Eric Garver <egarver@redhat.com> - 0.9.3-7
|
|
|
47f735 |
- fix(ipset): disallow overlapping entries
|
|
|
47f735 |
|
|
|
47f735 |
* Tue Jul 13 2021 Eric Garver <egarver@redhat.com> - 0.9.3-6
|
|
|
47f735 |
- fix(policy): warn instead of error for overlapping ports
|
|
|
47f735 |
|
|
|
47f735 |
* Wed May 19 2021 Eric Garver <egarver@redhat.com> - 0.9.3-5
|
|
|
47f735 |
- docs(conf): note that IPv6_rpfilter has a performance penalty
|
|
|
47f735 |
|
|
|
47f735 |
* Wed May 19 2021 Eric Garver <egarver@redhat.com> - 0.9.3-4
|
|
|
47f735 |
- fix(nm): reload: only consider NM connections with a real interface
|
|
|
47f735 |
|
|
|
47f735 |
* Wed May 19 2021 Eric Garver <egarver@redhat.com> - 0.9.3-3
|
|
|
47f735 |
- fix(ipset): fix hash:net,net functionality
|
|
|
47f735 |
|
|
|
47f735 |
* Wed May 19 2021 Eric Garver <egarver@redhat.com> - 0.9.3-2
|
|
|
47f735 |
- fix(direct): rule order with multiple address with -s/-d
|
|
|
47f735 |
|
|
|
47f735 |
* Thu Feb 25 2021 Eric Garver <egarver@redhat.com> - 0.9.3-1
|
|
|
47f735 |
- rebase to v0.9.3
|
|
|
47f735 |
- fixes from upstream branch stable-0.9
|
|
|
47f735 |
|
|
|
725d6a |
* Fri Jan 29 2021 Eric Garver <egarver@redhat.com> - 0.8.2-6
|
|
|
725d6a |
- feat(service): add galera service
|
|
|
725d6a |
|
|
|
725d6a |
* Fri Jan 29 2021 Eric Garver <egarver@redhat.com> - 0.8.2-5
|
|
|
725d6a |
- fix(zone): add source with mac address
|
|
|
725d6a |
|
|
|
725d6a |
* Fri Jan 29 2021 Eric Garver <egarver@redhat.com> - 0.8.2-4
|
|
|
725d6a |
- fix(rich): non-printable characters removed from rich
|
|
|
725d6a |
|
|
|
725d6a |
* Mon Oct 26 2020 Eric Garver <egarver@redhat.com> - 0.8.2-3
|
|
|
725d6a |
- fix(nftables): packet marks with masks
|
|
|
725d6a |
- fix(nftables): icmp types with code == 0
|
|
|
725d6a |
- fix(rich icmptype): verify rule and icmptype families
|
|
|
725d6a |
- fix(zone): cache rule_str for rich rules
|
|
|
725d6a |
- improvement(service): IPsec: Update description and add TCP port 4500
|
|
|
725d6a |
- feat(service): add collectd service
|
|
|
725d6a |
- feat(service): Add rpc-rquotad.service
|
|
|
725d6a |
|
|
|
725d6a |
* Tue Aug 04 2020 Eric Garver <egarver@redhat.com> - 0.8.2-2
|
|
|
725d6a |
- fix(cli): add ipset type hash:mac is incompatible with the family parameter
|
|
|
725d6a |
- fix(cli): add --zone is an invalid option with --direct
|
|
|
725d6a |
- fix: update dynamic DCE RPC ports in freeipa-trust service
|
|
|
725d6a |
- fix: core: rich: Catch ValueError on non-numeric priority values
|
|
|
725d6a |
- fix(rich): icmptypes with one family
|
|
|
725d6a |
- fix(direct): rule in a zone chain
|
|
|
725d6a |
- plus additional upstream stable fixes
|
|
|
725d6a |
|
|
|
e4e66d |
* Mon Apr 06 2020 Eric Garver <egarver@redhat.com> - 0.8.2-1
|
|
|
e4e66d |
- rebase to v0.8.2
|
|
|
e4e66d |
|
|
|
e4e66d |
* Thu Feb 27 2020 Eric Garver <egarver@redhat.com> - 0.8.0-4
|
|
|
e4e66d |
- doc: direct: add CAVEATS section
|
|
|
e4e66d |
|
|
|
e4e66d |
* Mon Feb 03 2020 Eric Garver <egarver@redhat.com> - 0.8.0-3
|
|
|
e4e66d |
- restore zone drifting as a feature
|
|
|
e4e66d |
|
|
|
4d3a0d |
* Tue Nov 12 2019 Eric Garver <egarver@redhat.com> - 0.8.0-2
|
|
|
4d3a0d |
- fix: CLI: service: also output helpers for service info
|
|
|
4d3a0d |
|
|
|
4d3a0d |
* Tue Nov 05 2019 Eric Garver <egarver@redhat.com> - 0.8.0-1
|
|
|
4d3a0d |
- rebase to v0.8.0
|
|
|
4d3a0d |
|
|
|
4d3a0d |
* Tue Aug 13 2019 Eric Garver <egarver@redhat.com> - 0.7.0-5
|
|
|
4d3a0d |
- bump nftables version requirements
|
|
|
4d3a0d |
|
|
|
4d3a0d |
* Tue Aug 06 2019 Eric Garver <egarver@redhat.com> - 0.7.0-4
|
|
|
4d3a0d |
- backport patches to sort source-based zone dispatch by zone name
|
|
|
4d3a0d |
|
|
|
4d3a0d |
* Tue Jul 23 2019 Eric Garver <egarver@redhat.com> - 0.7.0-3
|
|
|
4d3a0d |
- backport patch to show service includes in service output
|
|
|
4d3a0d |
- backport patches to fix dbus API break
|
|
|
4d3a0d |
|
|
|
4d3a0d |
* Thu Jun 13 2019 Eric Garver <egarver@redhat.com> - 0.7.0-2
|
|
|
7d5a1d |
- package rebuild
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Wed Jun 12 2019 Eric Garver <egarver@redhat.com> - 0.7.0-1
|
|
|
7d5a1d |
- rebase to v0.7.0
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Sun Jan 13 2019 Eric Garver <egarver@redhat.com> - 0.6.3-7
|
|
|
7d5a1d |
- backport additional patches for RFC3964_IPv4 filter feature
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Tue Jan 08 2019 Eric Garver <egarver@redhat.com> - 0.6.3-6
|
|
|
7d5a1d |
- backport nftables support for wildcard interfaces
|
|
|
7d5a1d |
- backport RFC3964_IPv4 filter feature
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Tue Dec 18 2018 Eric Garver <egarver@redhat.com> - 0.6.3-5
|
|
|
7d5a1d |
- backport fix for lost NM interfaces in default zone during reload
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Thu Dec 13 2018 Eric Garver <egarver@redhat.com> - 0.6.3-4
|
|
|
7d5a1d |
- backport recent stable fixes
|
|
|
7d5a1d |
- backport fix for lost NM interfaces during reload
|
|
|
7d5a1d |
- backport rich rule priorities
|
|
|
7d5a1d |
- backport fix for set entries not applied
|
|
|
7d5a1d |
- update translations
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Tue Oct 16 2018 Eric Garver <egarver@redhat.com> - 0.6.3-3
|
|
|
7d5a1d |
- backport FlushAllOnReload feature
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Fri Oct 12 2018 Eric Garver <egarver@redhat.com> - 0.6.3-2
|
|
|
7d5a1d |
- use py3_shbang_opts for lockdown-whitelist
|
|
|
7d5a1d |
- fix cockpit patch causing test failure
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Thu Oct 11 2018 Eric Garver <egarver@redhat.com> - 0.6.3-1
|
|
|
7d5a1d |
- rebase package to v0.6.3
|
|
|
7d5a1d |
- use py3_shbang_opts for interpreter invocations
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Mon Sep 10 2018 Eric Garver <egarver@redhat.com> - 0.6.1-5
|
|
|
7d5a1d |
- python3-firewalld can get by with python3-gobject-base
|
|
|
7d5a1d |
- firewall-config can get by with python3-qt5-base
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Thu Aug 16 2018 Eric Garver <egarver@redhat.com> - 0.6.1-4
|
|
|
7d5a1d |
- backports for new failed state if startup fails
|
|
|
7d5a1d |
- backports to use explicit RETURN on user defined ebtables chains
|
|
|
7d5a1d |
- backports to fix nftables AUDIT log support
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Tue Aug 14 2018 Eric Garver <egarver@redhat.com> - 0.6.1-3
|
|
|
7d5a1d |
- drop support for ebtables broute table
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Fri Aug 10 2018 Eric Garver <egarver@redhat.com> - 0.6.1-2
|
|
|
7d5a1d |
- add more ports to high-availability service
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Thu Aug 09 2018 Eric Garver <egarver@redhat.com> - 0.6.1-1
|
|
|
7d5a1d |
- rebase to v0.6.1
|
|
|
7d5a1d |
- fix patch adding cockpit by default, fixes testsuite
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Mon Jul 09 2018 Eric Garver <egarver@redhat.com> - 0.6.0-2
|
|
|
7d5a1d |
- Use correct conflicts version for cockpit-ws
|
|
|
7d5a1d |
- Enable cockpit by default in some zones
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Fri Jul 06 2018 Eric Garver <egarver@redhat.com> - 0.6.0-1
|
|
|
7d5a1d |
- rebase to v0.6.0
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Tue May 01 2018 Eric Garver <egarver@redhat.com> - 0.6.0-0.1.alpha1
|
|
|
7d5a1d |
- rebase to v0.6.0-alpha
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Wed Mar 21 2018 Eric Garver <egarver@redhat.com> - 0.5.2-3
|
|
|
7d5a1d |
- remove fedora-isms and clean up spec file
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Wed Mar 21 2018 Eric Garver <egarver@redhat.com> - 0.5.2-2
|
|
|
7d5a1d |
- remove python2-firewall subpackage
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Mon Mar 19 2018 Eric Garver <egarver@redhat.com> - 0.5.2-1
|
|
|
7d5a1d |
- rebase package to v0.5.2
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.5.1-2
|
|
|
7d5a1d |
- Escape macros in %%changelog
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Wed Feb 07 2018 Eric Garver <egarver@redhat.com> - 0.5.1-1
|
|
|
7d5a1d |
- rebase package to v0.5.1
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.4.5-6
|
|
|
7d5a1d |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Fri Jan 05 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.4.4.5-5
|
|
|
7d5a1d |
- Remove obsolete scriptlets
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Sun Dec 17 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 0.4.4.5-4
|
|
|
7d5a1d |
- Python 2 binary package renamed to python2-firewall
|
|
|
7d5a1d |
See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Mon Jul 31 2017 Thomas Woerner <twoerner@redhat.com> - 0.4.4.5-3
|
|
|
7d5a1d |
- Fix spec file for next RHEL versions
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.4.5-2
|
|
|
7d5a1d |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Fri Jun 9 2017 Thomas Woerner <twoerner@redhat.com> - 0.4.4.5-1
|
|
|
7d5a1d |
- Rebase to firewalld-0.4.4.5
|
|
|
7d5a1d |
http://www.firewalld.org/2017/06/firewalld-0-4-4-5-release
|
|
|
7d5a1d |
- Fix build from spec
|
|
|
7d5a1d |
- Fix –remove-service-from-zone option (RHBZ#1438127)
|
|
|
7d5a1d |
- Support sctp and dccp in ports, source-ports, forward-ports, helpers and
|
|
|
7d5a1d |
rich rules (RHBZ#1429808)
|
|
|
7d5a1d |
- firewall-cmd: Fix –{set,get}-{short,description} for zone (RHBZ#1445238)
|
|
|
7d5a1d |
- firewall.core.ipXtables: Use new wait option for restore commands if
|
|
|
7d5a1d |
available
|
|
|
7d5a1d |
- New services for oVirt:
|
|
|
7d5a1d |
ctdb, ovirt-imageio, ovirt-storageconsole, ovirt-vmconsole and nrpe
|
|
|
7d5a1d |
- Rename extension for policy choices (server and desktop) to .policy.choice
|
|
|
7d5a1d |
(RHBZ#1449754)
|
|
|
7d5a1d |
- D-Bus interfaces: Fix GetAll for interfaces without properties
|
|
|
7d5a1d |
(RHBZ#1452017)
|
|
|
7d5a1d |
- Load NAT helpers with conntrack helpers (RHBZ#1452681)
|
|
|
7d5a1d |
- Translation updates
|
|
|
7d5a1d |
- Additional upstream patches:
|
|
|
7d5a1d |
- Rich-rule source validation (d69b7cb)
|
|
|
7d5a1d |
- IPv6 ICMP type only rich-rule fix (cf50bd0)
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Mon Mar 27 2017 Thomas Woerner <twoerner@redhat.com> - 0.4.4.4-1
|
|
|
7d5a1d |
- Rebase to firewalld-0.4.4.4
|
|
|
7d5a1d |
http://www.firewalld.org/2017/03/firewalld-0-4-4-4-release
|
|
|
7d5a1d |
- Drop references to fedorahosted.org from spec file and Makefile.am, use
|
|
|
7d5a1d |
archive from github
|
|
|
7d5a1d |
- Fix inconsistent ordering of rules in INPUT_ZONE_SOURCE (issue#166)
|
|
|
7d5a1d |
- Fix ipset overloading from /etc/firewalld/ipsets
|
|
|
7d5a1d |
- Fix permanent rich rules using icmp-type elements (RHBZ#1434594)
|
|
|
7d5a1d |
- firewall-config: Deactivate edit, remove, .. buttons if there are no items
|
|
|
7d5a1d |
- Check if ICMP types are supported by kernel before trying to use them
|
|
|
7d5a1d |
- firewall-config: Show invalid ipset type in the ipset configuration dialog
|
|
|
7d5a1d |
in a special label
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Tue Feb 21 2017 Thomas Woerner <twoerner@redhat.com> - 0.4.4.3-2
|
|
|
7d5a1d |
- Fixed ipset overloading, dropped applied check in get_ipset (issue#206)
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Fri Feb 10 2017 Thomas Woerner <twoerner@redhat.com> - 0.4.4.3-1
|
|
|
7d5a1d |
- Rebase to firewalld-0.4.4.3
|
|
|
7d5a1d |
http://www.firewalld.org/2017/02/firewalld-0-4-4-3-release
|
|
|
7d5a1d |
- Speed up of large file loading
|
|
|
7d5a1d |
- Support for more ipset types
|
|
|
7d5a1d |
- Speed up of adding or removing entries for ipsets from files
|
|
|
7d5a1d |
- Support icmp-type usage in rich rules
|
|
|
7d5a1d |
- Support for more icmp types
|
|
|
7d5a1d |
- Support for h323 conntrack helper
|
|
|
7d5a1d |
- New services
|
|
|
7d5a1d |
- Code cleanup and several other bug fixes
|
|
|
7d5a1d |
- Translation updates
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.4.2-4
|
|
|
7d5a1d |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Tue Dec 13 2016 Stratakis Charalampos <cstratak@redhat.com> - 0.4.4.2-3
|
|
|
7d5a1d |
- Rebuild for Python 3.6
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Mon Dec 5 2016 Thomas Woerner <twoerner@redhat.com> - 0.4.4.2-2
|
|
|
7d5a1d |
- Dropping firewalld-selinux package again as the required fix made it into
|
|
|
7d5a1d |
selinux-policy packages for F-23+, updated selinux-policy version conflicts
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Thu Dec 1 2016 Thomas Woerner <twoerner@redhat.com> - 0.4.4.2-1
|
|
|
7d5a1d |
- New firewalld-selinux sub package delivering the SELinux policy module for
|
|
|
7d5a1d |
firewalld (RHBZ#1396765) (RHBZ#1394625) (RHBZ#1394578) (RHBZ#1394573)
|
|
|
7d5a1d |
(RHBZ#1394569)
|
|
|
7d5a1d |
- New firewalld release 0.4.4.2:
|
|
|
7d5a1d |
- firewalld.spec: Added helpers and ipsets paths to firewalld-filesystem
|
|
|
7d5a1d |
- firewall.core.fw_nm: create NMClient lazily
|
|
|
7d5a1d |
- Do not use hard-coded path for modinfo, use autofoo to detect it
|
|
|
7d5a1d |
- firewall.core.io.ifcfg: Dropped invalid option warning with bad format
|
|
|
7d5a1d |
string
|
|
|
7d5a1d |
- firewall.core.io.ifcfg: Properly handle quoted ifcfg values
|
|
|
7d5a1d |
- firewall.core.fw_zone: Do not reset ZONE with ifdown
|
|
|
7d5a1d |
- Updated translations from zanata
|
|
|
7d5a1d |
- firewall-config: Extra grid at bottom to visualize firewalld settings
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Wed Nov 9 2016 Thomas Woerner <twoerner@redhat.com> - 0.4.4.1-1
|
|
|
7d5a1d |
- firewall-config: Use proper source check in sourceDialog (fixes issue#162)
|
|
|
7d5a1d |
- firewallctl: New support for helpers
|
|
|
7d5a1d |
- Translation updates
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Fri Oct 28 2016 Thomas Woerner <twoerner@redhat.com> - 0.4.4-1
|
|
|
7d5a1d |
- Fix dist-check
|
|
|
7d5a1d |
- src/Makefile.am: Install new helper files
|
|
|
7d5a1d |
- config/Makefile.am: Install helpers
|
|
|
7d5a1d |
- Merged translations
|
|
|
7d5a1d |
- Updated translations from zanata
|
|
|
7d5a1d |
- firewalld.spec: Adapt requires for PyQt5
|
|
|
7d5a1d |
- firewall-applet: Fix fromUTF8 for python2 PyQt5 usage
|
|
|
7d5a1d |
- firewall-applet: Use PyQt5
|
|
|
7d5a1d |
- firewall-config: New nf_conntrack_select dialog, use nf_conntrack_helpers D-Bus property
|
|
|
7d5a1d |
- shell-completion/bash/firewall-cmd: Updates for helpers and also some fixes
|
|
|
7d5a1d |
- src/tests/firewall-[offline-]cmd_test.sh: New helper tests, adapted module tests for services
|
|
|
7d5a1d |
- doc/xml/seealso.xml: Add firewalld.helper(5) man page
|
|
|
7d5a1d |
- doc/xml/seealso.xml: Add firewalld.ipset(5) man page
|
|
|
7d5a1d |
- Fixed typo in firewalld.ipset(5) man page
|
|
|
7d5a1d |
- Updated firewalld.dbus(5) man page
|
|
|
7d5a1d |
- New firewalld.helper(5) man page
|
|
|
7d5a1d |
- doc/xml/firewall-offline-cmd.xml: Updated firewall-offline-cmd man page
|
|
|
7d5a1d |
- doc/xml/firewall-cmd.xml: Updated firewall-cmd man page
|
|
|
7d5a1d |
- firewall-offline-cmd: New support for helpers
|
|
|
7d5a1d |
- firewall-cmd: New support for helpers
|
|
|
7d5a1d |
- firewall.command: New check_helper_family, check_module and print_helper_info methods
|
|
|
7d5a1d |
- firewall.core.fw_test: Add helpers also to offline backend
|
|
|
7d5a1d |
- firewall.server.config: New AutomaticHelpers property (rw)
|
|
|
7d5a1d |
- firewall.server.config: Fix an dict size changed error for firewall.conf file changes
|
|
|
7d5a1d |
- firewall.server.config: Make LogDenied property readwrite to be consistent
|
|
|
7d5a1d |
- Some renames of nf_conntrack_helper* functions and structures, helpers is a dict
|
|
|
7d5a1d |
- firewall.core.fw: Properly check helper setting in set_automatic_helpers
|
|
|
7d5a1d |
- firewall.errors: Add missing BUILTIN_HELPER error code
|
|
|
7d5a1d |
- No extra interface for helpers needed in runtime, dropped DBUS_INTERFACE_HELPER
|
|
|
7d5a1d |
- firewall.server.firewalld: Drop unused queryHelper D-Bus method
|
|
|
7d5a1d |
- New helpers Q.931 and RAS from nf_conntrack_h323
|
|
|
7d5a1d |
- firewall.core.io.helper: Allow dots in helper names, remove underscore
|
|
|
7d5a1d |
- firewall.core.io.firewalld_conf: Fixed typo in FALLBACK_AUTOMATIC_HELPERS
|
|
|
7d5a1d |
- firewall-[offline-]cmd: Use sys.excepthook to force exception_handler usage always
|
|
|
7d5a1d |
- firewall.core.fw_config: new_X methods should also check builtins
|
|
|
7d5a1d |
- firewall.client: Set helper family to "" if None
|
|
|
7d5a1d |
- firewall.client: Add missing module string to FirewallClientHelperSettings.settings
|
|
|
7d5a1d |
- config/firewalld.conf: Add possible values description for AutomaticHelpers
|
|
|
7d5a1d |
- helpers/amanda.xml: Fix typo in helper module
|
|
|
7d5a1d |
- firewall-config: Added support for helper module setting
|
|
|
7d5a1d |
- firewall.client: Added support for helper module setting
|
|
|
7d5a1d |
- firewall.server.config_helper: Added support for helper module setting
|
|
|
7d5a1d |
- firewall.core.io.service, firewall.server.config_service: Only replace underscore by dash if module start with nf_conntrack_
|
|
|
7d5a1d |
- firewall.core.fw_zone: Use helper module instead of a generated name from helper name
|
|
|
7d5a1d |
- helpers: Added kernel module
|
|
|
7d5a1d |
- firewall.core.io.helper: Add module to helper
|
|
|
7d5a1d |
- firewall-cmd: Removed duplicate --get-ipset-types from help output
|
|
|
7d5a1d |
- firewall.core.fw_zone: Add zone bingings for PREROUTING in the raw table
|
|
|
7d5a1d |
- firewall.core.ipXtables: Add PREROUTING default rules for zones in raw table
|
|
|
7d5a1d |
- firewall-config: New support to handle helpers, new dialogs, new helper tab, ..
|
|
|
7d5a1d |
- config/org.fedoraproject.FirewallConfig.gschema.xml.in: New show-helpers setting
|
|
|
7d5a1d |
- firewall.client: New helper management for runtime and permanent configuration
|
|
|
7d5a1d |
- firewall.server.firewalld: New runtime helper management, new nf_conntrack_helper property
|
|
|
7d5a1d |
- firewall.server.config_service: Fix module name handling (no nf_conntrack_ prefix needed)
|
|
|
7d5a1d |
- firewall.server.config: New permanent D-Bus helper management
|
|
|
7d5a1d |
- New firewall.server.config_helper to provide the permanent D-Bus interface for helpers
|
|
|
7d5a1d |
- firewall.core.fw_zone: Use helpers fw.nf_conntrack_helper for services using helpers
|
|
|
7d5a1d |
- firewall.core.fw: New helper management, new _automatic_helpers and nf_conntrack_helper settings
|
|
|
7d5a1d |
- firewall.core.fw_config: Add support for permanent helper handling
|
|
|
7d5a1d |
- firewall.core.io.service: The module does not need to start with nf_conntrack_ anymore
|
|
|
7d5a1d |
- firewall.functions: New functions to get and set nf_conntrack_helper kernel setting
|
|
|
7d5a1d |
- firewall.core.io.firewalld_conf: New support for AutomaticHelpers setting
|
|
|
7d5a1d |
- firewall.config.dbus: New D-Bus definitions for helpers, new DBUS_INTERFACE_REVISION 12
|
|
|
7d5a1d |
- New firewall.core.fw_helper providing FirewallHelper backend
|
|
|
7d5a1d |
- New firewall.core.helper with HELPER_MAXNAMELEN definition
|
|
|
7d5a1d |
- config/firewalld.conf: New AutomaticHelpers setting with description
|
|
|
7d5a1d |
- firewall.config.__init__.py.in: New helpers variables
|
|
|
7d5a1d |
- firewalld.spec: Add new helpers directory
|
|
|
7d5a1d |
- config/Makefile.am: Install new helpers
|
|
|
7d5a1d |
- New helper configuration files for amanda, ftp, irc, netbios-ns, pptp, sane, sip, snmp and tftp
|
|
|
7d5a1d |
- firewall.core.io.helper: New IO handler for netfilter helpers
|
|
|
7d5a1d |
- firewall.errors: New INVALID_HELPER error code
|
|
|
7d5a1d |
- firewall.core.io.ifcfg: Use .bak for save files
|
|
|
7d5a1d |
- firewall-config: Set internal log_denied setting after changing
|
|
|
7d5a1d |
- firewall.server.config: Copy props before removing items
|
|
|
7d5a1d |
- doc/xml/firewalld.ipset: Replaced icmptype name remains with ipset
|
|
|
7d5a1d |
- firewall.core.fw_zone: Fix LOG rule placement for LogDenied
|
|
|
7d5a1d |
- firewall.command: Use "source-ports" in print_zone_info
|
|
|
7d5a1d |
- firewall.core.logger: Use syslog.openlog() and syslog.closelog()
|
|
|
7d5a1d |
- firewall-[offline-]cmd man pages: Document --path-{zone,icmptype,ipset,service}
|
|
|
7d5a1d |
- firewall-cmd: Enable --path-{zone,icmptype,service} options again
|
|
|
7d5a1d |
- firewall.core.{ipXtables,ebtables}: Copy rule before extracting items in set_rules
|
|
|
7d5a1d |
- firewall.core.fw: Do not abort transaction on failed ipv6_rpfilter rules
|
|
|
7d5a1d |
- config/Makefile.am: Added cfengine, condor-collector and smtp-submission services
|
|
|
7d5a1d |
- Makefile.am: New dist-check used in the archive target
|
|
|
7d5a1d |
- src/Makefile.am: Reordered nobase_dist_python_DATA to be sorted
|
|
|
7d5a1d |
- config/Makefile.am: New CONFIG_FILES variable to contain the config files
|
|
|
7d5a1d |
- Merge pull request #150 from hspaans/master
|
|
|
7d5a1d |
- Merge pull request #146 from canvon/bugfix/spelling
|
|
|
7d5a1d |
- Merge pull request #145 from jcpunk/condor
|
|
|
7d5a1d |
- Command line tools man pages: New section about sequence options and exit codes
|
|
|
7d5a1d |
- Creating service file for SMTP-Submission.
|
|
|
7d5a1d |
- Creating service file for CFEngine.
|
|
|
7d5a1d |
- Fix typo in documentation: iptables mangle table
|
|
|
7d5a1d |
- Only use sort on lists of main items, but not for item properties
|
|
|
7d5a1d |
- firewall.core.io.io_object: import_config should not change ordering of lists
|
|
|
7d5a1d |
- firewall.core.fw_transaction: Load helper modules in FirewallZoneTransaction
|
|
|
7d5a1d |
- firewall.command: Fail with NOT_AUTHORIZED if authorization fails (RHBZ#1368549)
|
|
|
7d5a1d |
- firewall.command: Fix sequence exit code with at least one succeeded item
|
|
|
7d5a1d |
- Add condor collector service
|
|
|
7d5a1d |
- firewall-cmd: Fixed --{get,set}-{description,short} for permanent zones
|
|
|
7d5a1d |
- firewall.command: Do not use error code 254 for {ALREADY,NOT}_ENABLED sequences
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Tue Aug 16 2016 Thomas Woerner <twoerner@redhat.com> - 0.4.3.3-1
|
|
|
7d5a1d |
- Fix CVE-2016-5410: Firewall configuration can be modified by any logged in
|
|
|
7d5a1d |
user
|
|
|
7d5a1d |
- firewall/server/firewalld: Make getXSettings and getLogDenied CONFIG_INFO
|
|
|
7d5a1d |
- Update AppData configuration file.
|
|
|
7d5a1d |
- tests/firewalld_rich.py: Use new import structure and FirewallClient classes
|
|
|
7d5a1d |
- tests/firewalld_direct.py: Use new import structure
|
|
|
7d5a1d |
- tests: firewalld_direct: Fix assert to check for True instead of False
|
|
|
7d5a1d |
- tests: firewalld_config: Fix expected value when querying the zone target
|
|
|
7d5a1d |
- tests: firewalld_config: Use real nf_conntrack modules
|
|
|
7d5a1d |
- firewalld.spec: Added comment about make call for %%build
|
|
|
7d5a1d |
- firewall-config: Use also width_request and height_request with default size
|
|
|
7d5a1d |
- Updated firewall-config screenshot
|
|
|
7d5a1d |
- firewall-cmd: Fixed typo in help output (RHBZ#1367171)
|
|
|
7d5a1d |
- test-suite: Ignore stderr to get default zone also for missing firewalld.conf
|
|
|
7d5a1d |
- firewall.core.logger: Warnings should be printed to stderr per default
|
|
|
7d5a1d |
- firewall.core.fw_nm: Ignore NetworkManager if NM.Client connect fails
|
|
|
7d5a1d |
- firewall-cmd, firewallctl: Gracefully fail if SystemBus can not be aquired
|
|
|
7d5a1d |
- firewall.client: Generate new DBUS_ERROR if SystemBus can not be aquired
|
|
|
7d5a1d |
- test-suite: Do not fail on ALREADY_ENABLED --add-destination tests
|
|
|
7d5a1d |
- firewall.command: ALREADY_ENABLED, NOT_ENABLED, ZONE_ALREADY_SET are warnings
|
|
|
7d5a1d |
- doc/xml/firewalld.dbus.xml: Removed undefined reference
|
|
|
7d5a1d |
- doc/xml/transform-html.xsl.in: Fixed references in the document
|
|
|
7d5a1d |
- doc/xml/firewalld.{dbus,zone}.xml: Embed programlisting in para
|
|
|
7d5a1d |
- doc/xml/transform-html.xsl.in: Enhanced html formatting closer to the man page
|
|
|
7d5a1d |
- firewall: core: fw_nm: Instantiate the NM client only once
|
|
|
7d5a1d |
- firewall/core/io/*.py: Do not traceback on a general sax parsing issue
|
|
|
7d5a1d |
- firewall-offline-cmd: Fix --{add,remove}-entries-from-file
|
|
|
7d5a1d |
- firewall-cmd: Add missing action to fix --{add,remove}-entries-from-file
|
|
|
7d5a1d |
- firewall.core.prog: Do not output stderr, but return it in the error case
|
|
|
7d5a1d |
- firewall.core.io.ifcfg.py: Fix ifcfg file reader and writer (RHBZ#1362171)
|
|
|
7d5a1d |
- config/firewall.service.in: use KillMode=mixed
|
|
|
7d5a1d |
- config/firewalld.service.in: use network-pre.target
|
|
|
7d5a1d |
- firewall-config: Add missing gettext.textdomain call to fix translations
|
|
|
7d5a1d |
- Add UDP to transmission-client.xml service
|
|
|
7d5a1d |
- tests/firewall-[offline-]cmd_test.sh: Hide errors and warnings
|
|
|
7d5a1d |
- firewall.client: Fix ALREADY_ENABLED errors in icmptype destination calls
|
|
|
7d5a1d |
- firewall.client: Fix NOT_ENABLED errors in icmptype destination calls
|
|
|
7d5a1d |
- firewall.client: Use {ALREADY,NOT}_ENABLED errors in icmptype destination
|
|
|
7d5a1d |
calls
|
|
|
7d5a1d |
- firewall.command: Add the removed FirewallError handling to the action
|
|
|
7d5a1d |
(a17ce50)
|
|
|
7d5a1d |
- firewall.command: Do not use query methods for sequences and also single
|
|
|
7d5a1d |
options
|
|
|
7d5a1d |
- Add missing information about MAC and ipset sources to man pages and help
|
|
|
7d5a1d |
output
|
|
|
7d5a1d |
- firewalld.spec: Add BuildRequires for libxslt to enable rebuild of man pages
|
|
|
7d5a1d |
- firewall[-offline]-cmd, firewallctl, firewall.command: Use sys.{stdout,stderr}
|
|
|
7d5a1d |
- firewallctl: Fix traceback if not connected to firewalld
|
|
|
7d5a1d |
- firewall-config: Initialize value in on_richRuleDialogElementChooser_clicked
|
|
|
7d5a1d |
- firewall.command: Convert errors to string for Python3
|
|
|
7d5a1d |
- firewall.command: Get proper firewall error code from D-BusExceptions
|
|
|
7d5a1d |
- firewall-cmd: Fixed traceback without args
|
|
|
7d5a1d |
- Add missing service files to Makefile.am
|
|
|
7d5a1d |
- shell-completion: Add shell completion support for
|
|
|
7d5a1d |
--{get,set}--{description,short}
|
|
|
7d5a1d |
- Updated RHEL-7 selinux-policy and squid conflict
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.3.2-2
|
|
|
7d5a1d |
- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Mon Jul 4 2016 Thomas Woerner <twoerner@redhat.com> - 0.4.3.2-1
|
|
|
7d5a1d |
- Fix regression with unavailable optional commands
|
|
|
7d5a1d |
- All missing backend messages should be warnings
|
|
|
7d5a1d |
- Individual calls for missing restore commands
|
|
|
7d5a1d |
- Only one authenticate call for add and remove options and also sequences
|
|
|
7d5a1d |
- New service RH-Satellite-6
|
|
|
7d5a1d |
- Fixed selinux-policy conflict version for RHEL-7
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Wed Jun 29 2016 Thomas Woerner <twoerner@redhat.com> - 0.4.3.1-2
|
|
|
7d5a1d |
- Fixed selinux-policy conflict version for Fedora 24
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Tue Jun 28 2016 Thomas Woerner <twoerner@redhat.com> - 0.4.3.1-1
|
|
|
7d5a1d |
- New firewalld release 0.4.3.1
|
|
|
7d5a1d |
- firewall.command: Fix python3 DBusException message not interable error
|
|
|
7d5a1d |
- src/Makefile.am: Fix path in firewall-[offline-]cmd_test.sh while installing
|
|
|
7d5a1d |
- firewallctl: Do not trace back on list command without further arguments
|
|
|
7d5a1d |
- firewallctl (man1): Added remaining sections zone, service, ..
|
|
|
7d5a1d |
- firewallctl: Added runtime-to-permanent, interface and source parser,
|
|
|
7d5a1d |
IndividualCalls setting
|
|
|
7d5a1d |
- firewall.server.config: Allow to set IndividualCalls property in config
|
|
|
7d5a1d |
interface
|
|
|
7d5a1d |
- Fix missing icmp rules for some zones
|
|
|
7d5a1d |
- runProg: Fix issue with running programs
|
|
|
7d5a1d |
- firewall-offline-cmd: Fix issues with missing system-config-firewall
|
|
|
7d5a1d |
- firewall.core.ipXtables: Split up source and dest addresses for transaction
|
|
|
7d5a1d |
- firewall.server.config: Log error in case of loading malformed files in
|
|
|
7d5a1d |
watcher
|
|
|
7d5a1d |
- Install and package the firewallctl man page
|
|
|
7d5a1d |
- New firewallctl utility (RHBZ#1147959)
|
|
|
7d5a1d |
- doc.xml.seealso: Show firewalld.dbus in See Also sections
|
|
|
7d5a1d |
- firewall.core.fw_config: Create backup on zone, service, ipset and icmptype
|
|
|
7d5a1d |
removal (RHBZ#1339251)
|
|
|
7d5a1d |
- {zone,service,ipset,icmptype}_writer: Do not fail on failed backup
|
|
|
7d5a1d |
- firewall-[offline-]cmd: Fix --new-X-from-file options for files in cwd
|
|
|
7d5a1d |
- firewall-cmd: Dropped duplicate setType call in --new-ipset
|
|
|
7d5a1d |
- radius service: Support also tcp ports (RBZ#1219717)
|
|
|
7d5a1d |
- xmlschemas: Support source-port, protocol, icmp-block-inversion and ipset
|
|
|
7d5a1d |
sources
|
|
|
7d5a1d |
- config.xmlschema.service.xsd: Fix service destination conflicts
|
|
|
7d5a1d |
(RHBZ#1296573)
|
|
|
7d5a1d |
- firewall-cmd, firewalld man: Information about new NetworkManager and ifcfg
|
|
|
7d5a1d |
- firewall.command: Only print summary and description in print_X_info with
|
|
|
7d5a1d |
verbose
|
|
|
7d5a1d |
- firewall.command: print_msg should be able to print empty lines
|
|
|
7d5a1d |
- firewall-config: No processing of runtime passthroughs signals in permanent
|
|
|
7d5a1d |
- Landspace.io fixes and pylint calm downs
|
|
|
7d5a1d |
- firewall.core.io.zone: Add zone_reader and zone_writer to __all__, pylint
|
|
|
7d5a1d |
fixes
|
|
|
7d5a1d |
- firewall-config: Fixed titles of command and context dialogs, also entry
|
|
|
7d5a1d |
lenths
|
|
|
7d5a1d |
- firewall-config: pylint calm downs
|
|
|
7d5a1d |
- firewall.core.fw_zone: Fix use of MAC source in rich rules without ipv limit
|
|
|
7d5a1d |
- firewall-config: Use self.active_zoens in conf_zone_added_cb
|
|
|
7d5a1d |
- firewall.command: New parse_port, extended parse methods with more checks
|
|
|
7d5a1d |
- firewall.command: Fixed parse_port to use the separator in the split call
|
|
|
7d5a1d |
- firewall.command: New [de]activate_exception_handler, raise error in parse_X
|
|
|
7d5a1d |
- services ha: Allow corosync-qnetd port
|
|
|
7d5a1d |
- firewall-applet: Support for kde5-nm-connection-editor
|
|
|
7d5a1d |
- tests/firewall-offline-cmd_test.sh: New tests for service and icmptype
|
|
|
7d5a1d |
modifications
|
|
|
7d5a1d |
- firewall-offline-cmd: Use FirewallCommand for simplification and sequence
|
|
|
7d5a1d |
options
|
|
|
7d5a1d |
- tests/firewall-cmd_test.sh: New tests for service and icmptype modifications
|
|
|
7d5a1d |
- firewall-cmd: Fixed set, remove and query destination options for services
|
|
|
7d5a1d |
- firewall.core.io.service: Source ports have not been checked in _check_config
|
|
|
7d5a1d |
- firewall.core.fw_zone: Method check_source_port is not used, removed
|
|
|
7d5a1d |
- firewall.core.base: Added default to ZONE_TARGETS
|
|
|
7d5a1d |
- firewall.client: Allow to remove ipv:address pair for service destinations
|
|
|
7d5a1d |
- tests/firewall-offline-cmd_test.sh: There is no timeout option in permanent
|
|
|
7d5a1d |
- firewall-cmd: Landscape.io fixes, pylint calm downs
|
|
|
7d5a1d |
- firewall-cmd: Use FirewallCommand for simplification and sequence options
|
|
|
7d5a1d |
- firewall.command: New FirewallCommand for command line client simplification
|
|
|
7d5a1d |
- New services: kshell, rsh, ganglia-master, ganglia-client
|
|
|
7d5a1d |
- firewalld: Cleanup of unused imports, do not translate some deamon messages
|
|
|
7d5a1d |
- firewalld: With fd close interation in runProg, it is not needed here anymore
|
|
|
7d5a1d |
- firewall.core.prog: Add fd close iteration to runProg
|
|
|
7d5a1d |
- firewall.core.fw_nm: Hide NM typelib import, new nm_get_dbus_interface
|
|
|
7d5a1d |
function
|
|
|
7d5a1d |
- firewalld.spec: Require NetworkManager-libnm instead of NetworkManager-glib
|
|
|
7d5a1d |
- firewall-config: New add/remove ipset entries from file, remove all entries
|
|
|
7d5a1d |
- firewall-applet: Fix tooltip after applet start with connection to firewalld
|
|
|
7d5a1d |
- firewall-config: Select new zone, service or icmptype if the view was empty
|
|
|
7d5a1d |
- firewalld.spec: Added build requires for iptables, ebtables and ipset
|
|
|
7d5a1d |
- Adding nf_conntrack_sip module to the service SIP
|
|
|
7d5a1d |
- firewall: core: fw_ifcfg: Quickly return if ifcfg directory does not exist
|
|
|
7d5a1d |
- Drop unneeded python shebangs
|
|
|
7d5a1d |
- Translation updates
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Mon May 30 2016 Thomas Woerner <twoerner@redhat.com> - 0.4.2-1
|
|
|
7d5a1d |
- New module to search for and change ifcfg files for interfaces not under
|
|
|
7d5a1d |
control of NM
|
|
|
7d5a1d |
- firewall_config: Enhanced messages in status bar
|
|
|
7d5a1d |
- firewall-config: New message window as overlay if not connected
|
|
|
7d5a1d |
- firewall-config: Fix sentivity of option, view menus and main paned if not
|
|
|
7d5a1d |
connected
|
|
|
7d5a1d |
- firewall-applet: Quit on SIGINT (Ctrl-C), reduced D-Bus calls, some cleanup
|
|
|
7d5a1d |
- firewall-[offline]cmd: Show target in zone information
|
|
|
7d5a1d |
- D-Bus: Completed masquerade methods in FirewallClientZoneSettings
|
|
|
7d5a1d |
- Fixed log-denied rules for icmp-blocks
|
|
|
7d5a1d |
- Keep sorting of interfaces, services, icmp-blocks and other settings in zones
|
|
|
7d5a1d |
- Fixed runtime-to-permanent not to save interfaces under control of NM
|
|
|
7d5a1d |
- New icmp-block-inversion flag in the zones
|
|
|
7d5a1d |
- ICMP type filtering in the zones
|
|
|
7d5a1d |
- New services: sip, sips, managesieve
|
|
|
7d5a1d |
- rich rules: Allow destination action (RHBZ#1163428)
|
|
|
7d5a1d |
- firewall-offline-cmd: New option -q/--quiet
|
|
|
7d5a1d |
- firewall-[offline-]cmd: New --add-[zone,service,ipset,icmptype]-from-file
|
|
|
7d5a1d |
- firewall-[offline-]cmd: Fix option for setting the destination address
|
|
|
7d5a1d |
- firewall-config: Fixed resizing behaviour
|
|
|
7d5a1d |
- New transaction model for speed ups in start, restart, stop and other actions
|
|
|
7d5a1d |
- firewall-cmd: New options --load{zone,service,ipset,icmptype}-defaults
|
|
|
7d5a1d |
- Fixed memory leak in dbus_introspection_add_properties
|
|
|
7d5a1d |
- Landscape.io fixes, pylint calm downs
|
|
|
7d5a1d |
- New D-Bus getXnames methods to speed up firewall-config and firewall-cmd
|
|
|
7d5a1d |
- ebtables-restore: No support for COMMIT command
|
|
|
7d5a1d |
- Source port support in services, zones and rich rules
|
|
|
7d5a1d |
- firewall-offline-cmd: Added --{add,remove}-entries-from-file for ipsets
|
|
|
7d5a1d |
- firewall-config: New active bindings side bar for simple binding changes
|
|
|
7d5a1d |
- Reworked NetworkManager module
|
|
|
7d5a1d |
- Proper default zone handling for NM connections
|
|
|
7d5a1d |
- Try to set zone binding with NM if interface is under control of NM
|
|
|
7d5a1d |
- Code cleanup and bug fixes
|
|
|
7d5a1d |
- Include test suite in the release and install in /usr/share/firewalld/tests
|
|
|
7d5a1d |
- New Travis-CI configuration file
|
|
|
7d5a1d |
- Fixed more broken frensh translations
|
|
|
7d5a1d |
- Translation updates
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Mon May 9 2016 Thomas Woerner <twoerner@redhat.com> - 0.4.1.2-2
|
|
|
7d5a1d |
- Fixed ebtables-restore does not support the COMMIT command issue
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Wed Apr 20 2016 Thomas Woerner <twoerner@redhat.com> - 0.4.1.2-1
|
|
|
7d5a1d |
- Fixed translations with python3
|
|
|
7d5a1d |
- Fixed exception for failed NM import, new doc string
|
|
|
7d5a1d |
- Make ipsets visible per default in firewall-config
|
|
|
7d5a1d |
- Install new fw_nm module
|
|
|
7d5a1d |
- Do not fail if log file could not be opened
|
|
|
7d5a1d |
- Fixed broken fr translation
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Tue Apr 19 2016 Thomas Woerner <twoerner@redhat.com> - 0.4.1-1
|
|
|
7d5a1d |
- Enhancements of ipset handling
|
|
|
7d5a1d |
- No cleanup of ipsets using timeouts while reloading
|
|
|
7d5a1d |
- Only destroy conflicting ipsets
|
|
|
7d5a1d |
- Only use ipset types supported by the system
|
|
|
7d5a1d |
- Add and remove several ipset entries in one call using a file
|
|
|
7d5a1d |
- Reduce time frame where builtin chains are on policy DROP while reloading
|
|
|
7d5a1d |
- Include descriptions in --info-X calls
|
|
|
7d5a1d |
- Command line interface support to get and alter descriptions of zones,
|
|
|
7d5a1d |
services, ipsets and icmptypes with permanent option
|
|
|
7d5a1d |
- Properly watch changes in combined zones
|
|
|
7d5a1d |
- Fix logging in rich rule forward rules
|
|
|
7d5a1d |
- Transformed direct.passthrough errors into warnings
|
|
|
7d5a1d |
- Rework of import structures
|
|
|
7d5a1d |
- Reduced calls to get ids for port and protocol names (RHBZ#1305434)
|
|
|
7d5a1d |
- Build and installation fixes by Markos Chandras
|
|
|
7d5a1d |
- Provide D-Bus properties in introspection data
|
|
|
7d5a1d |
- Fix for flaws found by landscape.io
|
|
|
7d5a1d |
- Fix for repeated SUGHUP
|
|
|
7d5a1d |
- New NetworkManager module to get and set zones of connections, used in
|
|
|
7d5a1d |
firewall-applet and firewall-config
|
|
|
7d5a1d |
- configure: Autodetect backend tools ({ip,ip6,eb}tables{,-restore}, ipset)
|
|
|
7d5a1d |
- Code cleanups
|
|
|
7d5a1d |
- Bug fixes
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Mon Feb 22 2016 Jiri Popelka <jpopelka@redhat.com> - 0.4.0-4
|
|
|
7d5a1d |
- Revert one commit to temporary work-around RHBZ#1309754
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Mon Feb 08 2016 Jiri Popelka <jpopelka@redhat.com> - 0.4.0-3
|
|
|
7d5a1d |
- Make sure tempdir is created even in offline mode. (RHBZ#1305175)
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.0-2
|
|
|
7d5a1d |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Mon Feb 1 2016 Thomas Woerner <twoerner@redhat.com> - 0.4.0-1
|
|
|
7d5a1d |
- Version 0.4.0
|
|
|
7d5a1d |
- Speed ups
|
|
|
7d5a1d |
- ipset support
|
|
|
7d5a1d |
- MAC address support
|
|
|
7d5a1d |
- Log of denied packets
|
|
|
7d5a1d |
- Mark action in rich rules
|
|
|
7d5a1d |
- Enhanced alteration of config files with command line tools
|
|
|
7d5a1d |
- Use of zone chains in direct interface
|
|
|
7d5a1d |
- firewall-applet enhancement
|
|
|
7d5a1d |
- New services: ceph-mon, ceph, docker-registry, imap, pop3, pulseaudio,
|
|
|
7d5a1d |
smtps, snmptrap, snmp, syslog-tls and syslog
|
|
|
7d5a1d |
- Several bug fixes
|
|
|
7d5a1d |
- Code optimizations
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Tue Nov 10 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.14.2-5
|
|
|
7d5a1d |
- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Wed Jul 22 2015 Adam Williamson <awilliam@redhat.com> - 0.3.14.2-4
|
|
|
7d5a1d |
- bump versions on old config package obsoletes (f21 is on 0.3.14 now)
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Mon Jul 13 2015 Thomas Woerner <twoerner@redhat.com> - 0.3.14.2-3
|
|
|
7d5a1d |
- Require python3-gobject-base for fedora >= 23 and rhel >= 8 (RHBZ#1242076)
|
|
|
7d5a1d |
- Fix rhel defines: No python3 for rhel-7
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Thu Jun 18 2015 Thomas Woerner <twoerner@redhat.com> - 0.3.14.2-2
|
|
|
7d5a1d |
- Fixed 'pid_file' referenced before assignment (RHBZ#1233232)
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Wed Jun 17 2015 Thomas Woerner <twoerner@redhat.com> - 0.3.14.2-1
|
|
|
7d5a1d |
- reunification of the firewalld spec files for all Fedora releases
|
|
|
7d5a1d |
- fix dependencies for -applet and -config: use_python3 is the proper switch
|
|
|
7d5a1d |
not with_python3 (RHBZ#1232493)
|
|
|
7d5a1d |
- firewalld.spec:
|
|
|
7d5a1d |
- fixed requirements for -applet and -config
|
|
|
7d5a1d |
- man pages:
|
|
|
7d5a1d |
- adapted firewall-applet man page to new version
|
|
|
7d5a1d |
- firewall-applet:
|
|
|
7d5a1d |
- Only honour active connections for zone changes
|
|
|
7d5a1d |
- Change QSettings path and file names
|
|
|
7d5a1d |
- firewall-config:
|
|
|
7d5a1d |
- Only honour active connections for zone changes in the “Change Zones of Connections” menu
|
|
|
7d5a1d |
- Translations:
|
|
|
7d5a1d |
- updated translations
|
|
|
7d5a1d |
- marked translations for “Connections” for review
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.14.1-3
|
|
|
7d5a1d |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Tue Jun 16 2015 Stephen Gallagher <sgallagh@redhat.com> 0.3.14.1-2
|
|
|
7d5a1d |
- Fix issue with missing polkit policy when installing firewalld on
|
|
|
7d5a1d |
Cloud Edition.
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Fri Jun 12 2015 Thomas Woerner <twoerner@redhat.com> - 0.3.14.1-1
|
|
|
7d5a1d |
- firewall-applet
|
|
|
7d5a1d |
- do not use isSystemTrayAvailable check to fix KDE5 startup
|
|
|
7d5a1d |
- dropped gtk applet remain: org.fedoraproject.FirewallApplet.gschema.xml
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Fri Jun 12 2015 Thomas Woerner <twoerner@redhat.com> - 0.3.14-1
|
|
|
7d5a1d |
- renamed python2-firewall to python-firewall
|
|
|
7d5a1d |
- fixed requirements for GUI parts with Python3
|
|
|
7d5a1d |
- dropped upstream merged python3 patch
|
|
|
7d5a1d |
- firewalld:
|
|
|
7d5a1d |
- print real zone names in error messages
|
|
|
7d5a1d |
- iptables 1.4.21 does not accept limits of 1/day, minimum is 2/day now
|
|
|
7d5a1d |
- rate limit fix for rich rules
|
|
|
7d5a1d |
- fix readdition of removed permanent direct settings
|
|
|
7d5a1d |
- adaption of the polkit domains to use PK_ACTION_DIRECT_INFO
|
|
|
7d5a1d |
- fixed two minor Python3 issues in firewall.core.io.direct
|
|
|
7d5a1d |
- fixed use of fallback configuration values
|
|
|
7d5a1d |
- fixed use without firewalld.conf
|
|
|
7d5a1d |
- firewalld main restructureization
|
|
|
7d5a1d |
- IPv6_rpfilter now also available as a property on D-Bus in the config interface
|
|
|
7d5a1d |
- fixed wait option use for ipXtables
|
|
|
7d5a1d |
- added --concurrent support for ebtables
|
|
|
7d5a1d |
- richLanguage: allow masquerading with destination
|
|
|
7d5a1d |
- richLanguage: limit masquerading forward rule to new connections
|
|
|
7d5a1d |
- ipXtables: No dns lookups in available_tables and _detect_wait_option
|
|
|
7d5a1d |
- full ebtables support: start, stop, reload, panic mode, direct chains and rules
|
|
|
7d5a1d |
- fix for reload with direct rules
|
|
|
7d5a1d |
- fix or flaws found by landscape.io
|
|
|
7d5a1d |
- pid file handling fixes in case of pid file removal
|
|
|
7d5a1d |
- fix for client issue in case of a dbus NoReply error
|
|
|
7d5a1d |
- configuration
|
|
|
7d5a1d |
- new services: dropbox-lansync, ptp
|
|
|
7d5a1d |
- new icmptypes: timestamp-request, timestamp-reply
|
|
|
7d5a1d |
- man pages:
|
|
|
7d5a1d |
- firewalld.zones(5): fixed typos
|
|
|
7d5a1d |
- firewalld.conf(5): Fixed wrong reference to firewalld.lockdown-whitelist page
|
|
|
7d5a1d |
- firewall-applet:
|
|
|
7d5a1d |
- new version using Qt4 fixing several issues with the Gtk version
|
|
|
7d5a1d |
- spec file:
|
|
|
7d5a1d |
- enabled Python3 support: new backends python-firewall and python3-firewall
|
|
|
7d5a1d |
- some cleanup
|
|
|
7d5a1d |
- git:
|
|
|
7d5a1d |
- migrated to github
|
|
|
7d5a1d |
- translations:
|
|
|
7d5a1d |
- migrated to zanata
|
|
|
7d5a1d |
- build environment:
|
|
|
7d5a1d |
- no need for autoconf-2.69, 2.68 is sufficient
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Thu May 07 2015 Stephen Gallagher <sgallagh@redhat.com> 0.3.13-7
|
|
|
7d5a1d |
- Use VARIANT_ID instead of VARIANT for making decisions
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Thu Apr 16 2015 Stephen Gallagher <sgallagh@redhat.com> 0.3.13-6
|
|
|
7d5a1d |
- Switch to using $VARIANT directly from /etc/os-release
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Fri Mar 13 2015 Stephen Gallagher <sgallagh@redhat.com> 0.3.13-5
|
|
|
7d5a1d |
- Fix bugs with posttrans
|
|
|
7d5a1d |
- Remove nonexistent fedora-cloud.conf symlink
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Fri Mar 13 2015 Stephen Gallagher <sgallagh@redhat.com> 0.3.13-4
|
|
|
7d5a1d |
- Remove per-edition config files
|
|
|
7d5a1d |
- Decide on default configuration based on /etc/os-release
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Mon Feb 23 2015 Jiri Popelka <jpopelka@redhat.com> - 0.3.13-3
|
|
|
7d5a1d |
- use python3 bindings on fedora >=23
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Wed Jan 28 2015 Thomas Woerner <twoerner@redhat.com> - 0.3.13-2
|
|
|
7d5a1d |
- enable python2 and python3 bindings for fedora >= 20 and rhel >= 7
|
|
|
7d5a1d |
- use python3 bindings on fedora >= 22 and rhel >= 8 for firewalld,
|
|
|
7d5a1d |
firewall-config and firewall-applet
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Thu Dec 04 2014 Jiri Popelka <jpopelka@redhat.com> - 0.3.13-1
|
|
|
7d5a1d |
- firewalld:
|
|
|
7d5a1d |
- ipXtables: use -w or -w2 if supported (RHBZ#1161745, RHBZ#1151067)
|
|
|
7d5a1d |
- DROP INVALID packets (RHBZ#1169837)
|
|
|
7d5a1d |
- don't use ipv6header for protocol matching. (RHBZ#1065565)
|
|
|
7d5a1d |
- removeAllPassthroughs(): remove passthroughs in reverse order (RHBZ#1167100)
|
|
|
7d5a1d |
- fix config.service.removeDestination() (RHBZ#1164584)
|
|
|
7d5a1d |
- firewall-config:
|
|
|
7d5a1d |
- portProtoDialog: other protocol excludes port number/range
|
|
|
7d5a1d |
- better fix for updating zoneStore also in update_active_zones()
|
|
|
7d5a1d |
- fix typo in menu
|
|
|
7d5a1d |
- configuration:
|
|
|
7d5a1d |
- new services: tinc, vdsm, mosh, iscsi-target, rsyncd
|
|
|
7d5a1d |
- ship and install XML Schema files. (#8)
|
|
|
7d5a1d |
- man pages:
|
|
|
7d5a1d |
- firewalld.dbus, firewalld.direct, firewalld, firewall-cmd
|
|
|
7d5a1d |
- spec file:
|
|
|
7d5a1d |
- filesystem subpackage
|
|
|
7d5a1d |
- make dirs&files in /usr/lib/ world-readable (RHBZ#915988)
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Tue Oct 14 2014 Jiri Popelka <jpopelka@redhat.com> - 0.3.12-1
|
|
|
7d5a1d |
- firewalld:
|
|
|
7d5a1d |
- new runtimeToPermanent and tracked passsthrough support
|
|
|
7d5a1d |
- make permanent D-Bus interfaces more fine grained like the runtime versions (RHBZ#1127706)
|
|
|
7d5a1d |
- richLanguage: allow using destination with forward-port
|
|
|
7d5a1d |
- Rich_Rule.check(): action can't be used with icmp-block/forward-port/masquerade
|
|
|
7d5a1d |
- fixed Python specific D-Bus exception (RHBZ#1132441)
|
|
|
7d5a1d |
- firewall-cmd:
|
|
|
7d5a1d |
- new --runtime-to-permanent to create permanent from runtime configuration
|
|
|
7d5a1d |
- use new D-Bus methods for permanent changes
|
|
|
7d5a1d |
- show target REJECT instead of %%REJECT%% (RHBZ#1058794)
|
|
|
7d5a1d |
- --direct: make fail messages consistent (RHBZ#1141835)
|
|
|
7d5a1d |
- firewall-config:
|
|
|
7d5a1d |
- richRuleDialog - OK button tooltip indicates problem
|
|
|
7d5a1d |
- use new D-Bus methods for permanent changes
|
|
|
7d5a1d |
- show target REJECT instead of %%REJECT%% (RHBZ#1058794)
|
|
|
7d5a1d |
- update "Change Zones of Connections" menu on default zone change (RHBZ#11120212)
|
|
|
7d5a1d |
- fixed rename of zones, services and icmptypes to not create new entry (RBHZ#1131064)
|
|
|
7d5a1d |
- configuration:
|
|
|
7d5a1d |
- new service for Squid HTTP proxy server
|
|
|
7d5a1d |
- new service for Kerberos admin server
|
|
|
7d5a1d |
- new services for syslog and syslog-tls
|
|
|
7d5a1d |
- new services for SNMP and SNMP traps
|
|
|
7d5a1d |
- add Keywords to .desktop to improve software searchability
|
|
|
7d5a1d |
- docs:
|
|
|
7d5a1d |
- updated translations
|
|
|
7d5a1d |
- firewalld.richlanguage: improvements suggested by Rufe Glick
|
|
|
7d5a1d |
- firewalld.dbus: various improvements
|
|
|
7d5a1d |
- firewalld.zone: better description of Limit tag
|
|
|
7d5a1d |
- mention new homepage everywhere
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Wed Aug 27 2014 Jiri Popelka <jpopelka@redhat.com> - 0.3.11-3
|
|
|
7d5a1d |
- Quiet systemctl if cups-browsed.service is not installed
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Mon Aug 25 2014 Jiri Popelka <jpopelka@redhat.com> - 0.3.11-2
|
|
|
7d5a1d |
- add few Requires to spec (RHBZ#1133167)
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Wed Aug 20 2014 Jiri Popelka <jpopelka@redhat.com> - 0.3.11-1
|
|
|
7d5a1d |
- firewalld:
|
|
|
7d5a1d |
- improve error messages
|
|
|
7d5a1d |
- check built-in chains in direct chain handling functions (RHBZ#1120619)
|
|
|
7d5a1d |
- dbus_to_python() check whether input is of expected type (RHBZ#1122018)
|
|
|
7d5a1d |
- handle negative timeout values (RHBZ#1124476)
|
|
|
7d5a1d |
- warn when Command/Uid/Use/Context already in lockdown whitelist (RHBZ#1126405)
|
|
|
7d5a1d |
- make --lockdown-{on,off} work again (RHBZ#1111573)
|
|
|
7d5a1d |
- firewall-cmd:
|
|
|
7d5a1d |
- --timeout now accepts time units (RHBZ#994044)
|
|
|
7d5a1d |
- firewall-config:
|
|
|
7d5a1d |
- show active (not default) zones in bold (RHBZ#993655)
|
|
|
7d5a1d |
- configuration:
|
|
|
7d5a1d |
- remove ipp-client service from all zones (RHBZ#1105639).
|
|
|
7d5a1d |
- fallbacks for missing values in firewalld.conf
|
|
|
7d5a1d |
- create missing dirs under /etc if needed
|
|
|
7d5a1d |
- add -Es to python command in lockdown-whitelist.xml (RHBZ#1099065)
|
|
|
7d5a1d |
- docs:
|
|
|
7d5a1d |
- 'direct' methods concern only chains/rules added via 'direct' (RHBZ#1120619)
|
|
|
7d5a1d |
- --remove-[interface/source] don't need a zone to be specified (RHBZ#1125851)
|
|
|
7d5a1d |
- various fixes in firewalld.zone(5), firewalld.dbus(5), firewalld.direct(5)
|
|
|
7d5a1d |
- others:
|
|
|
7d5a1d |
- rpm macros for easier packaging of e.g. services
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Tue Jul 22 2014 Thomas Woerner <twoerner@redhat.com> - 0.3.10-5
|
|
|
7d5a1d |
- Fixed wrong default zone names for server and workstation (RHBZ#1120296)
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Tue Jul 8 2014 Thomas Woerner <twoerner@redhat.com> - 0.3.10-4
|
|
|
7d5a1d |
- renamed fedora specific zones to FedoraServer and FedoraWorkstation for
|
|
|
7d5a1d |
zone name limitations (length and allowed chars)
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Mon Jul 7 2014 Thomas Woerner <twoerner@redhat.com> - 0.3.10-3
|
|
|
7d5a1d |
- New support for Fedora per-product configuration settings for Fedora.next
|
|
|
7d5a1d |
https://fedoraproject.org/wiki/Per-Product_Configuration_Packaging_Draft
|
|
|
7d5a1d |
- Added Fedora server zone (RHBZ#1110711)
|
|
|
7d5a1d |
- Added Fedora workstation zone(RHBZ#1113775)
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.10-2
|
|
|
7d5a1d |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Wed May 28 2014 Jiri Popelka <jpopelka@redhat.com> - 0.3.10-1
|
|
|
7d5a1d |
- new services: freeipa-*, puppermaster, amanda-k5, synergy,
|
|
|
7d5a1d |
xmpp-*, tor, privoxy, sane
|
|
|
7d5a1d |
- do not use at_console in D-Bus policies (RHBZ#1094745)
|
|
|
7d5a1d |
- apply all rich rules for non-default targets
|
|
|
7d5a1d |
- AppData file (RHBZ#1094754)
|
|
|
7d5a1d |
- separate Polkit actions for desktop & server (RHBZ#1091068)
|
|
|
7d5a1d |
- sanitize missing ip6t_rpfilter (RHBZ#1074427)
|
|
|
7d5a1d |
- firewall/core/io/*: few improvements (RHBZ#1065738)
|
|
|
7d5a1d |
- no load failed error for absent direct.xml file
|
|
|
7d5a1d |
- new DBUS_INTERFACE.getZoneSettings to get all run-time zone settings
|
|
|
7d5a1d |
- fixed creation and deletion of zones, services and icmptypes over D-Bus signals
|
|
|
7d5a1d |
- FirewallClientZoneSettings: Set proper default target
|
|
|
7d5a1d |
- if Python2 then encode strings from sax parser (RHBZ#1059104, RHBZ#1058853)
|
|
|
7d5a1d |
- firewall-cmd:
|
|
|
7d5a1d |
- don't colour output of query commands (RHBZ#1097841)
|
|
|
7d5a1d |
- use "default" instead of {chain}_{zone} (RHBZ#1075675)
|
|
|
7d5a1d |
- New --get-target and --set-target
|
|
|
7d5a1d |
- Create and remove permanent zones, services and icmptypes
|
|
|
7d5a1d |
- firewall-config:
|
|
|
7d5a1d |
- Adding services and icmptypes resulted in duplicates in UI
|
|
|
7d5a1d |
- Use left button menu of -applet in Option menu
|
|
|
7d5a1d |
- firewall-offline-cmd: same functionality as 'firewall-cmd --permanent'
|
|
|
7d5a1d |
- firewall-applet: ZoneConnectionEditor was missing the Default Zone entry
|
|
|
7d5a1d |
- bash-completion: getting zones/services/icmps is different with/without --permanent
|
|
|
7d5a1d |
- firewalld.zone(5): removed superfluous slash (RHBZ#1091575)
|
|
|
7d5a1d |
- updated translations
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Wed Feb 05 2014 Jiri Popelka <jpopelka@redhat.com> - 0.3.9.3-1
|
|
|
7d5a1d |
- Fixed persistent port forwarding (RHBZ#1056154)
|
|
|
7d5a1d |
- Stop default zone rules being applied to all zones (RHBZ#1057875)
|
|
|
7d5a1d |
- Enforce trust, block and drop zones in the filter table only (RHBZ#1055190)
|
|
|
7d5a1d |
- Allow RAs prior to applying IPv6_rpfilter (RHBZ#1058505)
|
|
|
7d5a1d |
- Fix writing of rule.audit in zone_writer()
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Fri Jan 17 2014 Jiri Popelka <jpopelka@redhat.com> - 0.3.9.2-1
|
|
|
7d5a1d |
- fix regression introduced in 0.3.9 (RHBZ#1053932)
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Thu Jan 16 2014 Jiri Popelka <jpopelka@redhat.com> - 0.3.9.1-1
|
|
|
7d5a1d |
- fix regressions introduced in 0.3.9 (RHBZ#1054068, RHBZ#1054120)
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Mon Jan 13 2014 Jiri Popelka <jpopelka@redhat.com> - 0.3.9-1
|
|
|
7d5a1d |
- translation updates
|
|
|
7d5a1d |
- New IPv6_rpfilter setting to enable source address validation (RHBZ#847707)
|
|
|
7d5a1d |
- Do not mix original and customized zones in case of target changes,
|
|
|
7d5a1d |
apply only used zones
|
|
|
7d5a1d |
- firewall-cmd: fix --*_lockdown_whitelist_uid to work with uid 0
|
|
|
7d5a1d |
- Don't show main window maximized. (RHBZ#1046811)
|
|
|
7d5a1d |
- Use rmmod instead of 'modprobe -r' (RHBZ#1031102)
|
|
|
7d5a1d |
- Deprecate 'enabled' attribute of 'masquerade' element
|
|
|
7d5a1d |
- firewall-config: new zone was added twice to the list
|
|
|
7d5a1d |
- firewalld.dbus(5)
|
|
|
7d5a1d |
- Enable python shebang fix again
|
|
|
7d5a1d |
- firewall/client: handle_exceptions: Use loop in decorator
|
|
|
7d5a1d |
- firewall-offline-cmd: Do not mask firewalld service with disabled option
|
|
|
7d5a1d |
- firewall-config: richRuleDialogActionRejectType Entry -> ComboBox
|
|
|
7d5a1d |
- Rich_Rule: fix parsing of reject element (RHBZ#1027373)
|
|
|
7d5a1d |
- Show combined zones in permanent configuration (RHBZ#1002016)
|
|
|
7d5a1d |
- firewall-cmd(1): document exit code 2 and colored output (RHBZ#1028507)
|
|
|
7d5a1d |
- firewall-config: fix RHBZ#1028853
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Tue Nov 05 2013 Jiri Popelka <jpopelka@redhat.com> - 0.3.8-1
|
|
|
7d5a1d |
- fix memory leaks
|
|
|
7d5a1d |
- New option --debug-gc
|
|
|
7d5a1d |
- Python3 compatibility
|
|
|
7d5a1d |
- Better non-ascii support
|
|
|
7d5a1d |
- several firewall-config & firewall-applet fixes
|
|
|
7d5a1d |
- New --remove-rules commands for firewall-cmd and removeRules methods for D-Bus
|
|
|
7d5a1d |
- Fixed FirewallDirect.get_rules to return proper list
|
|
|
7d5a1d |
- Fixed LastUpdatedOrderedDict.keys()
|
|
|
7d5a1d |
- Enable rich rule usage in trusted zone (RHBZ#994144)
|
|
|
7d5a1d |
- New error codes: INVALID_CONTEXT, INVALID_COMMAND, INVALID_USER and INVALID_UID
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Thu Oct 17 2013 Jiri Popelka <jpopelka@redhat.com> - 0.3.7-1
|
|
|
7d5a1d |
- Don't fail on missing ip[6]tables/ebtables table. (RHBZ#967376)
|
|
|
7d5a1d |
- bash-completion: --permanent --direct options
|
|
|
7d5a1d |
- firewall/core/fw.py: fix checking for iptables & ip6tables (RHBZ#1017087)
|
|
|
7d5a1d |
- firewall-cmd: use client's exception_handler instead of catching exceptions ourselves
|
|
|
7d5a1d |
- FirewallClientZoneSettings: fix {add|remove|query}RichRule()
|
|
|
7d5a1d |
- Extend amanda-client service with 10080/tcp (RHBZ#1016867)
|
|
|
7d5a1d |
- Simplify Rich_Rule()_lexer() by using functions.splitArgs()
|
|
|
7d5a1d |
- Fix encoding problems in exception handling (RHBZ#1015941)
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Fri Oct 04 2013 Jiri Popelka <jpopelka@redhat.com> - 0.3.6.2-1
|
|
|
7d5a1d |
- firewall-offline-cmd: --forward-port 'toaddr' is optional (RHBZ#1014958)
|
|
|
7d5a1d |
- firewall-cmd: fix variable name (RHBZ#1015011)
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Thu Oct 03 2013 Jiri Popelka <jpopelka@redhat.com> - 0.3.6.1-1
|
|
|
7d5a1d |
- remove superfluous po files from archive
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Wed Oct 02 2013 Jiri Popelka <jpopelka@redhat.com> - 0.3.6-1
|
|
|
7d5a1d |
- firewalld.richlanguage.xml: correct log levels (RHBZ#993740)
|
|
|
7d5a1d |
- firewall-config: Make sure that all zone settings are updated properly on firewalld restart
|
|
|
7d5a1d |
- Rich_Limit: Allow long representation for duration (RHBZ#994103
|
|
|
7d5a1d |
- firewall-config: Show "Changes applied." after changes (RHBZ#993643)
|
|
|
7d5a1d |
- Use own connection dialog to change zones for NM connections
|
|
|
7d5a1d |
- Rename service cluster-suite to high-availability (RHBZ#885257)
|
|
|
7d5a1d |
- Permanent direct support for firewall-config and firewall-cmd
|
|
|
7d5a1d |
- Try to avoid file descriptor leaking (RHBZ#951900)
|
|
|
7d5a1d |
- New functions to split and join args properly (honoring quotes)
|
|
|
7d5a1d |
- firewall-cmd(1): 2 simple examples
|
|
|
7d5a1d |
- Better IPv6 NAT checking.
|
|
|
7d5a1d |
- Ship firewalld.direct(5).
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Mon Sep 30 2013 Jiri Popelka <jpopelka@redhat.com> - 0.3.5-1
|
|
|
7d5a1d |
- Only use one PK action for configuration (RHBZ#994729)
|
|
|
7d5a1d |
- firewall-cmd: indicate non-zero exit code with red color
|
|
|
7d5a1d |
- rich-rule: enable to have log without prefix & log_level & limit
|
|
|
7d5a1d |
- log-level warn/err -> warning/error (RHBZ#1009436)
|
|
|
7d5a1d |
- Use policy DROP while reloading, do not reset policy in restart twice
|
|
|
7d5a1d |
- Add _direct chains to all table and chain combinations
|
|
|
7d5a1d |
- documentation improvements
|
|
|
7d5a1d |
- New firewalld.direct(5) man page docbook source
|
|
|
7d5a1d |
- tests/firewall-cmd_test.sh: make rich language tests work
|
|
|
7d5a1d |
- Rich_Rule._import_from_string(): improve error messages (RHBZ#994150)
|
|
|
7d5a1d |
- direct.passthrough wasn't always matching out_signature (RHBZ#967800)
|
|
|
7d5a1d |
- firewall-config: twist ICMP Type IP address family logic.
|
|
|
7d5a1d |
- firewall-config: port-forwarding/masquerading dialog (RHBZ#993658)
|
|
|
7d5a1d |
- firewall-offline-cmd: New --remove-service=<service> option (BZ#969106)
|
|
|
7d5a1d |
- firewall-config: Options->Lockdown was not changing permanent.
|
|
|
7d5a1d |
- firewall-config: edit line on doubleclick (RHBZ#993572)
|
|
|
7d5a1d |
- firewall-config: System Default Zone -> Default Zone (RHBZ#993811)
|
|
|
7d5a1d |
- New direct D-Bus interface, persistent direct rule handling, enabled passthough
|
|
|
7d5a1d |
- src/firewall-cmd: Fixed help output to use more visual parameters
|
|
|
7d5a1d |
- src/firewall-cmd: New usage output, no redirection to man page anymore
|
|
|
7d5a1d |
- src/firewall/core/rich.py: Fixed forwad port destinations
|
|
|
7d5a1d |
- src/firewall-offline-cmd: Early enable/disable handling now with mask/unmask
|
|
|
7d5a1d |
- doc/xml/firewalld.zone.xml: Added more information about masquerade use
|
|
|
7d5a1d |
- Prefix to log message is optional (RHBZ#998079)
|
|
|
7d5a1d |
- firewall-cmd: fix --permanent --change-interface (RHBZ#997974)
|
|
|
7d5a1d |
- Sort zones/interfaces/service/icmptypes on output.
|
|
|
7d5a1d |
- wbem-https service (RHBZ#996668)
|
|
|
7d5a1d |
- applet&config: add support for KDE NetworkManager connection editor
|
|
|
7d5a1d |
- firewall/core/fw_config.py: New method update_lockdown_whitelist
|
|
|
7d5a1d |
- Added missing file watcher for lockdown whitelist in config D-Bus interface
|
|
|
7d5a1d |
- firewall/core/watcher: New add_watch_file for lockdown-whitelist and direct
|
|
|
7d5a1d |
- Make use of IPv6 NAT conditional, based on kernel number (RHBZ#967376)
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Tue Jul 30 2013 Thomas Woerner <twoerner@redhat.com> 0.3.4-1
|
|
|
7d5a1d |
- several rich rule check enhancements and fixes
|
|
|
7d5a1d |
- firewall-cmd: direct options - check ipv4|ipv6|eb (RHBZ#970505)
|
|
|
7d5a1d |
- firewall-cmd(1): improve description of direct options (RHBZ#970509)
|
|
|
7d5a1d |
- several firewall-applet enhancements and fixes
|
|
|
7d5a1d |
- New README
|
|
|
7d5a1d |
- several doc and man page fixes
|
|
|
7d5a1d |
- Service definitions for PCP daemons (RHBZ#972262)
|
|
|
7d5a1d |
- bash-completion: add lockdown and rich language options
|
|
|
7d5a1d |
- firewall-cmd: add --permanent --list-all[-zones]
|
|
|
7d5a1d |
- firewall-cmd: new -q/--quiet option
|
|
|
7d5a1d |
- firewall-cmd: warn when default zone not active (RHBZ#971843)
|
|
|
7d5a1d |
- firewall-cmd: check priority in --add-rule (RHBZ#914955)
|
|
|
7d5a1d |
- add dhcpv6 (for server) service (RHBZ#917866)
|
|
|
7d5a1d |
- firewall-cmd: add --permanent --get-zone-of-interface/source --change-interface/source
|
|
|
7d5a1d |
- firewall-cmd: print result (yes/no) of all --query-* commands
|
|
|
7d5a1d |
- move permanent-getZoneOf{Interface|Source} from firewall-cmd to server
|
|
|
7d5a1d |
- Check Interfaces/sources when updating permanent zone settings.
|
|
|
7d5a1d |
- FirewallDConfig: getZoneOfInterface/Source can actually return more zones
|
|
|
7d5a1d |
- Fixed toaddr check in forward port to only allow single address, no range
|
|
|
7d5a1d |
- firewall-cmd: various output improvements
|
|
|
7d5a1d |
- fw_zone: use check_single_address from firewall.functions
|
|
|
7d5a1d |
- getZoneOfInterface/Source does not need to throw exception
|
|
|
7d5a1d |
- firewall.functions: Use socket.inet_pton in checkIP, fixed checkIP*nMask
|
|
|
7d5a1d |
- firewall.core.io.service: Properly check port/proto and destination address
|
|
|
7d5a1d |
- Install applet desktop file into /etc/xdg/autostart
|
|
|
7d5a1d |
- Fixed option problem with rich rule destinations (RHBZ#979804)
|
|
|
7d5a1d |
- Better exception creation in dbus_handle_exceptions() decorator (RHBZ#979790)
|
|
|
7d5a1d |
- Updated firewall-offline-cmd
|
|
|
7d5a1d |
- Use priority in add, remove, query and list of direct rules (RHBZ#979509)
|
|
|
7d5a1d |
- New documentation (man pages are created from docbook sources)
|
|
|
7d5a1d |
- firewall/core/io/direct.py: use prirority for rule methods, new get_all_ methods
|
|
|
7d5a1d |
- direct: pass priority also to client.py and firewall-cmd
|
|
|
7d5a1d |
- applet: New blink and blink-count settings
|
|
|
7d5a1d |
- firewall.functions: New function ppid_of_pid
|
|
|
7d5a1d |
- applet: Check for gnome3 and fix it, use new settings, new size-changed cb
|
|
|
7d5a1d |
- firewall-offline-cmd: Fix use of systemctl in chroot
|
|
|
7d5a1d |
- firewall-config: use string.ascii_letters instead of string.letters
|
|
|
7d5a1d |
- dbus_to_python(): handle non-ascii chars in dbus.String.
|
|
|
7d5a1d |
- Modernize old syntax constructions.
|
|
|
7d5a1d |
- dict.keys() in Python 3 returns a "view" instead of list
|
|
|
7d5a1d |
- Use gettext.install() to install _() in builtins namespace.
|
|
|
7d5a1d |
- Allow non-ascii chars in 'short' and 'description'
|
|
|
7d5a1d |
- README: More information for "Working With The Source Repository"
|
|
|
7d5a1d |
- Build environment fixes
|
|
|
7d5a1d |
- firewalld.spec: Added missing checks for rhel > 6 for pygobject3-base
|
|
|
7d5a1d |
- firewall-applet: New setting show-inactive
|
|
|
7d5a1d |
- Don't stop on reload when lockdown already enabled (RHBZ#987403)
|
|
|
7d5a1d |
- firewall-cmd: --lockdown-on/off did not touch firewalld.conf
|
|
|
7d5a1d |
- FirewallApplet.gschema.xml: Dropped unused sender-info setting
|
|
|
7d5a1d |
- doc/firewall-applet.xml: Added information about gsettings
|
|
|
7d5a1d |
- several debug and log message fixes
|
|
|
7d5a1d |
- Add chain for sources so they can be checked before interfaces (RHBZ#903222)
|
|
|
7d5a1d |
- Add dhcp and proxy-dhcp services (RHBZ#986947)
|
|
|
7d5a1d |
- io/Zone(): don't error on deprecated family attr of source elem
|
|
|
7d5a1d |
- Limit length of zone file name (to 12 chars) due to Netfilter internals.
|
|
|
7d5a1d |
- It was not possible to overload a zone with defined source(s).
|
|
|
7d5a1d |
- DEFAULT_ZONE_TARGET: {chain}_ZONE_{zone} -> {chain}_{zone}
|
|
|
7d5a1d |
- New runtime get<X>Settings for services and icmptypes, fixed policies callbacks
|
|
|
7d5a1d |
- functions: New functions checkUser, checkUid and checkCommand
|
|
|
7d5a1d |
- src/firewall/client: Fixed lockdown-whitelist-updated signal handling
|
|
|
7d5a1d |
- firewall-cmd(1): move firewalld.richlanguage(5) reference in --*-rich-rule
|
|
|
7d5a1d |
- Rich rule service: Only add modules for accept action
|
|
|
7d5a1d |
- firewall/core/rich: Several fixes and enhanced checks
|
|
|
7d5a1d |
- Fixed reload of direct rules
|
|
|
7d5a1d |
- firewall/client: New functions to set and get the exception handler
|
|
|
7d5a1d |
- firewall-config: New and enhanced UI to handle lockdown and rich rules
|
|
|
7d5a1d |
- zone's immutable attribute is redundant
|
|
|
7d5a1d |
- Do not allow to set settings in config for immutable zones.
|
|
|
7d5a1d |
- Ignore deprecated 'immutable' attribute in zone files.
|
|
|
7d5a1d |
- Eviscerate 'immutable' completely.
|
|
|
7d5a1d |
- FirewallDirect.query_rule(): fix it
|
|
|
7d5a1d |
- permanent direct: activate firewall.core.io.direct:Direct reader
|
|
|
7d5a1d |
- core/io/*: simplify getting of character data
|
|
|
7d5a1d |
- FirewallDirect.set_config(): allow reloading
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Thu Jun 20 2013 Jiri Popelka <jpopelka@redhat.com>
|
|
|
7d5a1d |
- Remove migrating to a systemd unit file from a SysV initscript
|
|
|
7d5a1d |
- Remove pointless "ExclusiveOS" tag
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Fri Jun 7 2013 Thomas Woerner <twoerner@redhat.com> 0.3.3-2
|
|
|
7d5a1d |
- Fixed rich rule check for use in D-Bus
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Thu Jun 6 2013 Thomas Woerner <twoerner@redhat.com> 0.3.3-1
|
|
|
7d5a1d |
- new service files
|
|
|
7d5a1d |
- relicensed logger.py under GPLv2+
|
|
|
7d5a1d |
- firewall-config: sometimes we don't want to use client's exception handler
|
|
|
7d5a1d |
- When removing Service/IcmpType remove it from zones too (RHBZ#958401)
|
|
|
7d5a1d |
- firewall-config: work-around masquerade_check_cb() being called more times
|
|
|
7d5a1d |
- Zone(IO): add interfaces/sources to D-Bus signature
|
|
|
7d5a1d |
- Added missing UNKNOWN_SOURCE error code
|
|
|
7d5a1d |
- fw_zone.check_source: Raise INVALID_FAMILY if family is invalid
|
|
|
7d5a1d |
- New changeZoneOfInterface method, marked changeZone as deprecated
|
|
|
7d5a1d |
- Fixed firewall-cmd man page entry for --panic-on
|
|
|
7d5a1d |
- firewall-applet: Fixed possible problems of unescaped strings used for markup
|
|
|
7d5a1d |
- New support to bind zones to source addresses and ranges (D-BUS, cmd, applet
|
|
|
7d5a1d |
- Cleanup of unused variables in FirewallD.start
|
|
|
7d5a1d |
- New firewall/fw_types.py with LastUpdatedOrderedDict
|
|
|
7d5a1d |
- direct.chains, direct.rules: Using LastUpdatedOrderedDict
|
|
|
7d5a1d |
- Support splitted zone files
|
|
|
7d5a1d |
- New reader and writer for stored direct chains and rules
|
|
|
7d5a1d |
- LockdownWhitelist: fix write(), add get_commands/uids/users/contexts()
|
|
|
7d5a1d |
- fix service_writer() and icmptype_writer() to put newline at end of file
|
|
|
7d5a1d |
- firewall-cmd: fix --list-sources
|
|
|
7d5a1d |
- No need to specify whether source address family is IPv4 or IPv6
|
|
|
7d5a1d |
- add getZoneOfSource() to D-Bus interface
|
|
|
7d5a1d |
- Add tests and bash-completion for the new "source" operations
|
|
|
7d5a1d |
- Convert all input args in D-Bus methods
|
|
|
7d5a1d |
- setDefaultZone() was calling accessCheck() *after* the action
|
|
|
7d5a1d |
- New uniqify() function to remove duplicates from list whilst preserving order
|
|
|
7d5a1d |
- Zone.combine() merge also services and ports
|
|
|
7d5a1d |
- config/applet: silence DBusException during start when FirewallD is not running (RHBZ#966518)
|
|
|
7d5a1d |
- firewall-applet: more fixes to make the address sources family agnostic
|
|
|
7d5a1d |
- Better defaults for lockdown white list
|
|
|
7d5a1d |
- Use auth_admin_keep for allow_any and allow_inactive also
|
|
|
7d5a1d |
- New D-Bus API for lockdown policies
|
|
|
7d5a1d |
- Use IPv4, IPv6 and BRIDGE for FirewallD properties
|
|
|
7d5a1d |
- Use rich rule action as audit type
|
|
|
7d5a1d |
- Prototype of string-only D-Bus interface for rich language
|
|
|
7d5a1d |
- Fixed wrongly merged source family check in firewall/core/io/zone.py
|
|
|
7d5a1d |
- handle_cmr: report errors, cleanup modules in error case only, mark handling
|
|
|
7d5a1d |
- Use audit type from rule action, fixed rule output
|
|
|
7d5a1d |
- Fixed lockdown whitelist D-Bus handling method names
|
|
|
7d5a1d |
- New rich rule handling in runtime D-Bus interface
|
|
|
7d5a1d |
- Added interface, source and rich rule handling (runtime and permanent)
|
|
|
7d5a1d |
- Fixed dbus_obj in FirewallClientConfigPolicies, added queryLockdown
|
|
|
7d5a1d |
- Write changes in setLockdownWhitelist
|
|
|
7d5a1d |
- Fixed typo in policies log message in method calls
|
|
|
7d5a1d |
- firewall-cmd: Added rich rule, lockdown and lockdown whitelist handling
|
|
|
7d5a1d |
- Don't check access in query/getLockdownWhitelist*()
|
|
|
7d5a1d |
- firewall-cmd: Also output masquerade flag in --list-all
|
|
|
7d5a1d |
- firewall-cmd: argparse is able to convert argument to desired type itself
|
|
|
7d5a1d |
- firewall-cmd_test.sh: tests for permanent interfaces/sources and lockdown whitelist
|
|
|
7d5a1d |
- Makefile.am: add missing files
|
|
|
7d5a1d |
- firewall-cmd_test.sh: tests for rich rules
|
|
|
7d5a1d |
- Added lockdown, source, interface and rich rule docs to firewall-cmd
|
|
|
7d5a1d |
- Do not masquerade lo if masquerade is enabled in the default zone (RHBZ#904098)
|
|
|
7d5a1d |
- Use <rule> in metavar for firewall-cmd parser
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Fri May 10 2013 Jiri Popelka <jpopelka@redhat.com> - 0.3.2-2
|
|
|
7d5a1d |
- removed unintentional en_US.po from tarball
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Tue Apr 30 2013 Jiri Popelka <jpopelka@redhat.com> - 0.3.2-1
|
|
|
7d5a1d |
- Fix signal handling for SIGTERM
|
|
|
7d5a1d |
- Additional service files (RHBZ#914859)
|
|
|
7d5a1d |
- Updated po files
|
|
|
7d5a1d |
- s/persistent/permanent/ (Trac Ticket #7)
|
|
|
7d5a1d |
- Better behaviour when running without valid DISPLAY (RHBZ#955414)
|
|
|
7d5a1d |
- client.handle_exceptions(): do not loop forever
|
|
|
7d5a1d |
- Set Zone.defaults in zone_reader (RHBZ#951747)
|
|
|
7d5a1d |
- client: do not pass the dbus exception name to handler
|
|
|
7d5a1d |
- IO_Object_XMLGenerator: make it work with Python 2.7.4 (RHBZ#951741)
|
|
|
7d5a1d |
- firewall-cmd: do not use deprecated BaseException.message
|
|
|
7d5a1d |
- client.py: fix handle_exceptions() (RHBZ#951314)
|
|
|
7d5a1d |
- firewall-config: check zone/service/icmptype name (RHBZ#947820)
|
|
|
7d5a1d |
- Allow 3121/tcp (pacemaker_remote) in cluster-suite service. (RHBZ#885257)
|
|
|
7d5a1d |
- firewall-applet: fix default zone hangling in 'shields-up' (RHBZ#947230)
|
|
|
7d5a1d |
- FirewallError.get_code(): check for unknown error
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Wed Apr 17 2013 Jiri Popelka <jpopelka@redhat.com> - 0.3.1-2
|
|
|
7d5a1d |
- Make permanenent changes work with Python 2.7.4 (RHBZ#951741)
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Thu Mar 28 2013 Thomas Woerner <twoerner@redhat.com> 0.3.1-1
|
|
|
7d5a1d |
- Use explicit file lists for make dist
|
|
|
7d5a1d |
- New rich rule validation check code
|
|
|
7d5a1d |
- New global check_port and check_address functions
|
|
|
7d5a1d |
- Allow source white and black listing with the rich rule
|
|
|
7d5a1d |
- Fix error handling in case of unsupported family in rich rule
|
|
|
7d5a1d |
- Enable ip_forwarding in masquerade and forward-port
|
|
|
7d5a1d |
- New functions to read and write simple files using filename and content
|
|
|
7d5a1d |
- Add --enable-sysconfig to install Fedora-specific sysconfig config file.
|
|
|
7d5a1d |
- Add chains for security table (RHBZ#927015)
|
|
|
7d5a1d |
- firewalld.spec: no need to specify --with-systemd-unitdir
|
|
|
7d5a1d |
- firewalld.service: remove syslog.target and dbus.target
|
|
|
7d5a1d |
- firewalld.service: replace hard-coded paths
|
|
|
7d5a1d |
- Move bash-completion to new location.
|
|
|
7d5a1d |
- Revert "Added configure for new build env"
|
|
|
7d5a1d |
- Revert "Added Makefile.in files"
|
|
|
7d5a1d |
- Revert "Added po/Makefile.in.in"
|
|
|
7d5a1d |
- Revert "Added po/LINGUAS"
|
|
|
7d5a1d |
- Revert "Added aclocal.m4"
|
|
|
7d5a1d |
- Amend zone XML Schema
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Wed Mar 20 2013 Thomas Woerner <twoerner@redhat.com> 0.3.0-1
|
|
|
7d5a1d |
- Added rich language support
|
|
|
7d5a1d |
- Added lockdown feature
|
|
|
7d5a1d |
- Allow to bind interfaces and sources to zones permanently
|
|
|
7d5a1d |
- Enabled IPv6 NAT support
|
|
|
7d5a1d |
masquerading and port/packet forwarding for IPv6 only with rich language
|
|
|
7d5a1d |
- Handle polkit errors in client class and firewall-config
|
|
|
7d5a1d |
- Added priority description for --direct --add-rule in firewall-cmd man page
|
|
|
7d5a1d |
- Add XML Schemas for zones/services/icmptypes XMLs
|
|
|
7d5a1d |
- Don't keep file descriptors open when forking
|
|
|
7d5a1d |
- Introduce --nopid option for firewalld
|
|
|
7d5a1d |
- New FORWARD_IN_ZONES and FORWARD_OUT_ZONES chains (RHBZ#912782)
|
|
|
7d5a1d |
- Update cluster-suite service (RHBZ#885257)
|
|
|
7d5a1d |
- firewall-cmd: rename --enable/disable-panic to --panic-on/off (RHBZ#874912)
|
|
|
7d5a1d |
- Fix interaction problem of changed event of gtk combobox with polkit-kde
|
|
|
7d5a1d |
by processing all remaining events (RHBZ#915892)
|
|
|
7d5a1d |
- Stop default zone rules being applied to all zones (RHBZ#912782)
|
|
|
7d5a1d |
- Firewall.start(): don't call set_default_zone()
|
|
|
7d5a1d |
- Add wiki's URL to firewalld(1) and firewall-cmd(1) man pages
|
|
|
7d5a1d |
- firewalld-cmd: make --state verbose (RHBZ#886484)
|
|
|
7d5a1d |
- improve firewalld --help (RHBZ#910492)
|
|
|
7d5a1d |
- firewall-cmd: --add/remove-* can be used multiple times (RHBZ#879834)
|
|
|
7d5a1d |
- Continue loading zone in case of wrong service/port etc. (RHBZ#909466)
|
|
|
7d5a1d |
- Check also services and icmptypes in Zone() (RHBZ#909466)
|
|
|
7d5a1d |
- Increase the maximum length of the port forwarding fields from 5 to 11 in
|
|
|
7d5a1d |
firewall-config
|
|
|
7d5a1d |
- firewall-cmd: add usage to fail message
|
|
|
7d5a1d |
- firewall-cmd: redefine usage to point to man page
|
|
|
7d5a1d |
- firewall-cmd: fix visible problems with arg. parsing
|
|
|
7d5a1d |
- Use argparse module for parsing command line options and arguments
|
|
|
7d5a1d |
- firewall-cmd.1: better clarify where to find ACTIONs
|
|
|
7d5a1d |
- firewall-cmd Bash completion
|
|
|
7d5a1d |
- firewall-cmd.1: comment --zone=<zone> usage and move some options
|
|
|
7d5a1d |
- Use zone's target only in %%s_ZONES chains
|
|
|
7d5a1d |
- default zone in firewalld.conf was set to public with every restart (#902845)
|
|
|
7d5a1d |
- man page cleanup
|
|
|
7d5a1d |
- code cleanup
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Thu Mar 07 2013 Jiri Popelka <jpopelka@redhat.com> - 0.2.12-5
|
|
|
7d5a1d |
- Another fix for RHBZ#912782
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Wed Feb 20 2013 Jiri Popelka <jpopelka@redhat.com> - 0.2.12-4
|
|
|
7d5a1d |
- Stop default zone rules being applied to all zones (RHBZ#912782)
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2.12-3
|
|
|
7d5a1d |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Tue Jan 22 2013 Jiri Popelka <jpopelka@redhat.com> - 0.2.12-2
|
|
|
7d5a1d |
- Default zone in firewalld.conf was reseted with every restart (RHBZ#902845)
|
|
|
7d5a1d |
- Add icon cache related scriptlets for firewall-config (RHBZ#902680)
|
|
|
7d5a1d |
- Fix typo in firewall-config (RHBZ#895812)
|
|
|
7d5a1d |
- Fix few mistakes in firewall-cmd(1) man page
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Mon Jan 14 2013 Thomas Woerner <twoerner@redhat.com> 0.2.12-1
|
|
|
7d5a1d |
- firewall-cmd: use -V instead of -v for version info (RHBZ#886477)
|
|
|
7d5a1d |
- firewall-cmd: don't check reload()'s return value (RHBZ#886461)
|
|
|
7d5a1d |
- actually install firewalld.zones.5
|
|
|
7d5a1d |
- firewall-config: treat exceptions when adding new zone/service/icmp
|
|
|
7d5a1d |
(RHBZ#886602)
|
|
|
7d5a1d |
- firewalld.spec: Fixed requirements of firewall-config to use gtk2 and
|
|
|
7d5a1d |
pygobject3
|
|
|
7d5a1d |
- Fail gracefully when running in non X environment.(RHBZ#886551)
|
|
|
7d5a1d |
- offline-cmd: fail gracefully when no s-c-f config
|
|
|
7d5a1d |
- fix duplicated iptables rules (RHBZ#886515)
|
|
|
7d5a1d |
- detect errors and duplicates in config file (RHBZ#886581)
|
|
|
7d5a1d |
- firewall-config: don't make 'Edit Service' and 'Edit ICMP Type' insensitive
|
|
|
7d5a1d |
- firewalld.spec: fixed requirements, require pygobject3-base
|
|
|
7d5a1d |
- frewall-applet: Unused code cleanup
|
|
|
7d5a1d |
- firewall-applet: several usability fixes and enhancements
|
|
|
7d5a1d |
(RHBZ#886531) (RHBZ#886534)
|
|
|
7d5a1d |
- firewall/server/server.py: fixed KeyboardInterrupt message (RHBZ#886558)
|
|
|
7d5a1d |
- Moved fallback zone and minimal_mark to firewall.config.__init__
|
|
|
7d5a1d |
- Do not raise ZONE_ALREADY_SET in change_zone if old zone is set again
|
|
|
7d5a1d |
(RHBZ#886432)
|
|
|
7d5a1d |
- Make default zone default for all unset connections/interfaces
|
|
|
7d5a1d |
(RHBZ#888288) (RHBZ#882736)
|
|
|
7d5a1d |
- firewall-config: Use Gtk.MessageType.WARNING for warning dialog
|
|
|
7d5a1d |
- firewall-config: Handle unknown services and icmptypes in persistent mode
|
|
|
7d5a1d |
- firewall-config: Do not load settings more than once
|
|
|
7d5a1d |
- firewall-config: UI cleanup and fixes (RHBZ#888242)
|
|
|
7d5a1d |
- firewall-cmd: created alias --change-zone for --change-interface
|
|
|
7d5a1d |
- firewall-cmd man page updates (RHBZ#806511)
|
|
|
7d5a1d |
- Merged branch 'build-cleanups'
|
|
|
7d5a1d |
- dropped call to autogen.sh in build stage, not needed anymore due to
|
|
|
7d5a1d |
'build-cleanups' merge
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Thu Dec 13 2012 Thomas Woerner <twoerner@redhat.com> 0.2.11-2
|
|
|
7d5a1d |
- require pygobject3-base instead of pygobject3 (no cairo needed) (RHBZ#874378)
|
|
|
7d5a1d |
- fixed dependencies of firewall-config to use gtk3 with pygobject3-base and
|
|
|
7d5a1d |
not pygtk2
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Tue Dec 11 2012 Thomas Woerner <twoerner@redhat.com> 0.2.11-1
|
|
|
7d5a1d |
- Fixed more _xmlplus (PyXML) incompatibilities to python xml
|
|
|
7d5a1d |
- Several man page updates
|
|
|
7d5a1d |
- Fixed error in addForwardPort, removeForwardPort and queryForwardPort
|
|
|
7d5a1d |
- firewall-cmd: use already existing queryForwardPort()
|
|
|
7d5a1d |
- Update firewall.cmd man page, use man page as firewall-cmd usage (rhbz#876394)
|
|
|
7d5a1d |
- firewall-config: Do not force to show labels in the main toolbar
|
|
|
7d5a1d |
- firewall-config: Dropped "Change default zone" from toolbar
|
|
|
7d5a1d |
- firewall-config: Added menu entry to change zones of connections
|
|
|
7d5a1d |
- firewall-applet: Zones can be changed now using nm-connection-editor
|
|
|
7d5a1d |
(rhbz#876661)
|
|
|
7d5a1d |
- translation updates: cs, hu, ja
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Tue Nov 20 2012 Thomas Woerner <twoerner@redhat.com> 0.2.10-1
|
|
|
7d5a1d |
- tests/firewalld_config.py: tests for config.service and config.icmptype
|
|
|
7d5a1d |
- FirewallClientConfigServiceSettings(): destinations are dict not list
|
|
|
7d5a1d |
- service/zone/icmptype: do not write deprecated name attribute
|
|
|
7d5a1d |
- New service ntp
|
|
|
7d5a1d |
- firewall-config: Fixed name of about dialog
|
|
|
7d5a1d |
- configure.in: Fixed getting of error codes
|
|
|
7d5a1d |
- Added coding to all pyhton files
|
|
|
7d5a1d |
- Fixed copyright years
|
|
|
7d5a1d |
- Beautified file headers
|
|
|
7d5a1d |
- Force use of pygobject3 in python-slip (RHBZ#874378)
|
|
|
7d5a1d |
- Log: firewall.server.config_icmptype, firewall.server.config_service and
|
|
|
7d5a1d |
firewall.server.config_zone: Prepend full path
|
|
|
7d5a1d |
- Allow ":" in interface names for interface aliases
|
|
|
7d5a1d |
- Add name argument to Updated and Renamed signal
|
|
|
7d5a1d |
- Disable IPv4, IPv6 and EB tables if missing - for IPv4/IPv6 only environments
|
|
|
7d5a1d |
- firewall-config.glade file cleanup
|
|
|
7d5a1d |
- firewall-config: loadDefaults() can throw exception
|
|
|
7d5a1d |
- Use toolbars for Add/Edit/Remove/LoadDefaults buttons for zones, services
|
|
|
7d5a1d |
and icmp types
|
|
|
7d5a1d |
- New vnc-server service, opens ports for displays :0 to :3 (RHBZ#877035)
|
|
|
7d5a1d |
- firewall-cmd: Fix typo in help output, allow default zone usage for
|
|
|
7d5a1d |
permanenent options
|
|
|
7d5a1d |
- Translation updates: cs, fr, ja, pt_BR and zh_CN
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Wed Oct 17 2012 Thomas Woerner <twoerner@redhat.com> 0.2.9-1
|
|
|
7d5a1d |
- firewall-config: some UI usability changes
|
|
|
7d5a1d |
- firewall-cmd: New option --list-all-zones, output of --list-all changed,
|
|
|
7d5a1d |
more option combination checks
|
|
|
7d5a1d |
- firewall-applet: Replaced NMClient by direct DBUS calls to fix python core
|
|
|
7d5a1d |
dumps in case of connection activates/deactivates
|
|
|
7d5a1d |
- Use fallback 'C' locale if current locale isn't supported (RHBZ#860278)
|
|
|
7d5a1d |
- Add interfaces to zones again after reload
|
|
|
7d5a1d |
- firewall-cmd: use FirewallClient().connected value
|
|
|
7d5a1d |
- firewall-cmd: --remove-interface was not working due to a typo
|
|
|
7d5a1d |
- Do not use restorecon for new and backup files
|
|
|
7d5a1d |
- Fixed use of properties REJECT and DROP
|
|
|
7d5a1d |
- firewalld_test.py: check interfaces after reload
|
|
|
7d5a1d |
- Translation updates
|
|
|
7d5a1d |
- Renamed firewall-convert-scfw-config to firewall-offline-cmd, used by
|
|
|
7d5a1d |
anaconda for firewall configuration (e.g. kickstart)
|
|
|
7d5a1d |
- Fix python shebang to use -Es at installation time for bin_SCRIPTS and
|
|
|
7d5a1d |
sbin_SCRIPTS and at all times in gtk3_chooserbutton.py
|
|
|
7d5a1d |
- tests/firewalld_config.py: update test_zones() test case
|
|
|
7d5a1d |
- Config interface: improve renaming of zones/services/icmp_types
|
|
|
7d5a1d |
- Move emiting of Added signals closer to source.
|
|
|
7d5a1d |
- FirewallClient(): config:ServiceAdded signal was wrongly mapped
|
|
|
7d5a1d |
- Add argument 'name' to Removed signal
|
|
|
7d5a1d |
- firewall-config: Add callbacks for config:[service|icmp]-[added|removed]
|
|
|
7d5a1d |
- firewall-config: catch INVALID_X error when removing zone/service/icmp_type
|
|
|
7d5a1d |
- firewall-config: remove unused code
|
|
|
7d5a1d |
- Revert "Neutralize _xmlplus instead of conforming it"
|
|
|
7d5a1d |
- firewall-applet: some UI usability changes
|
|
|
7d5a1d |
- firewall-cmd: ALREADY_ENABLED, NOT_ENABLED, ZONE_ALREADY_SET are warnings
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Fri Sep 7 2012 Thomas Woerner <twoerner@redhat.com> 0.2.8-1
|
|
|
7d5a1d |
- Do not apply old settings to zones after reload
|
|
|
7d5a1d |
- FirewallClient: Added callback structure for firewalld signals
|
|
|
7d5a1d |
- New firewall-config with full zone, service and icmptype support
|
|
|
7d5a1d |
- Added Shields Up/Down configuration dialog to firewall-applet
|
|
|
7d5a1d |
- Name attribute of main tag deprecated for zones, services and icmptypes,
|
|
|
7d5a1d |
will be ignored if present
|
|
|
7d5a1d |
- Fixed wrong references in firewalld man page
|
|
|
7d5a1d |
- Unregister DBus interfaces after sending out the Removed signal
|
|
|
7d5a1d |
- Use proper DBus signature in addIcmpType, addService and addZone
|
|
|
7d5a1d |
- New builtin property for config interfaces
|
|
|
7d5a1d |
- New test case for Config interface
|
|
|
7d5a1d |
- spec: use new systemd-rpm macros (rhbz#850110)
|
|
|
7d5a1d |
- More config file verifications
|
|
|
7d5a1d |
- Lots of smaller fixes and enhancements
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Tue Aug 21 2012 Jiri Popelka <jpopelka@redhat.com> 0.2.7-2
|
|
|
7d5a1d |
- use new systemd-rpm macros (rhbz#850110)
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Mon Aug 13 2012 Thomas Woerner <twoerner@redhat.com> 0.2.7-1
|
|
|
7d5a1d |
- Update of firewall-config
|
|
|
7d5a1d |
- Some bug fixes
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Tue Aug 7 2012 Thomas Woerner <twoerner@redhat.com> 0.2.6-1
|
|
|
7d5a1d |
- New D-BUS interface for persistent configuration
|
|
|
7d5a1d |
- Aded support for persistent zone configuration in firewall-cmd
|
|
|
7d5a1d |
- New Shields Up feature in firewall-applet
|
|
|
7d5a1d |
- New requirements for python-decorator and pygobject3
|
|
|
7d5a1d |
- New firewall-config sub-package
|
|
|
7d5a1d |
- New firewall-convert-scfw-config config script
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Fri Apr 20 2012 Thomas Woerner <twoerner@redhat.com> 0.2.5-1
|
|
|
7d5a1d |
- Fixed traceback in firewall-cmd for failed or canceled authorization,
|
|
|
7d5a1d |
return proper error codes, new error codes NOT_RUNNING and NOT_AUTHORIZED
|
|
|
7d5a1d |
- Enhanced firewalld service file (RHBZ#806868) and (RHBZ#811240)
|
|
|
7d5a1d |
- Fixed duplicates in zone after reload, enabled timed settings after reload
|
|
|
7d5a1d |
- Removed conntrack --ctstate INVALID check from default ruleset, because it
|
|
|
7d5a1d |
results in ICMP problems (RHBZ#806017).
|
|
|
7d5a1d |
- Update interfaces in default zone after reload (rhbz#804814)
|
|
|
7d5a1d |
- New man pages for firewalld(1), firewalld.conf(5), firewalld.icmptype(5),
|
|
|
7d5a1d |
firewalld.service(5) and firewalld.zone(5), updated firewall-cmd man page
|
|
|
7d5a1d |
(RHBZ#811257)
|
|
|
7d5a1d |
- Fixed firewall-cmd help output
|
|
|
7d5a1d |
- Fixed missing icon for firewall-applet (RHBZ#808759)
|
|
|
7d5a1d |
- Added root user check for firewalld (RHBZ#767654)
|
|
|
7d5a1d |
- Fixed requirements of firewall-applet sub package (RHBZ#808746)
|
|
|
7d5a1d |
- Update interfaces in default zone after changing of default zone (RHBZ#804814)
|
|
|
7d5a1d |
- Start firewalld before NetworkManager (RHBZ#811240)
|
|
|
7d5a1d |
- Add Type=dbus and BusName to service file (RHBZ#811240)
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Fri Mar 16 2012 Thomas Woerner <twoerner@redhat.com> 0.2.4-1
|
|
|
7d5a1d |
- fixed firewalld.conf save exception if no temporary file can be written to
|
|
|
7d5a1d |
/etc/firewalld/
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Thu Mar 15 2012 Thomas Woerner <twoerner@redhat.com> 0.2.3-1
|
|
|
7d5a1d |
- firewall-cmd: several changes and fixes
|
|
|
7d5a1d |
- code cleanup
|
|
|
7d5a1d |
- fixed icmp protocol used for ipv6 (rhbz#801182)
|
|
|
7d5a1d |
- added and fixed some comments
|
|
|
7d5a1d |
- properly restore zone settings, timeout is always set, check for 0
|
|
|
7d5a1d |
- some FirewallError exceptions were actually not raised
|
|
|
7d5a1d |
- do not REJECT in each zone
|
|
|
7d5a1d |
- removeInterface() don't require zone
|
|
|
7d5a1d |
- new tests in firewall-test script
|
|
|
7d5a1d |
- dbus_to_python() was ignoring certain values
|
|
|
7d5a1d |
- added functions for the direct interface: chains, rules, passthrough
|
|
|
7d5a1d |
- fixed inconsistent data after reload
|
|
|
7d5a1d |
- some fixes for the direct interface: priority positions are bound to ipv,
|
|
|
7d5a1d |
table and chain
|
|
|
7d5a1d |
- added support for direct interface in firewall-cmd:
|
|
|
7d5a1d |
- added isImmutable(zone) to zone D-Bus interface
|
|
|
7d5a1d |
- renamed policy file
|
|
|
7d5a1d |
- enhancements for error messages, enables output for direct.passthrough
|
|
|
7d5a1d |
- added allow_any to firewald policies, using at leas auth_admin for policies
|
|
|
7d5a1d |
- replaced ENABLE_FAILED, DISABLE_FAILED, ADD_FAILED and REMOVE_FAILED by
|
|
|
7d5a1d |
COMMAND_FAILED, resorted error codes
|
|
|
7d5a1d |
- new firewalld configuration setting CleanupOnExit
|
|
|
7d5a1d |
- enabled polkit again, found a fix for property problem with slip.dbus.service
|
|
|
7d5a1d |
- added dhcpv6-client to 'public' (the default) and to 'internal' zones.
|
|
|
7d5a1d |
- fixed missing settings form zone config files in
|
|
|
7d5a1d |
"firewall-cmd --list=all --zone=<zone>" call
|
|
|
7d5a1d |
- added list functions for services and icmptypes, added --list=services and
|
|
|
7d5a1d |
--list=icmptypes to firewall-cmd
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Tue Mar 6 2012 Thomas Woerner <twoerner@redhat.com> 0.2.2-1
|
|
|
7d5a1d |
- enabled dhcpv6-client service for zones home and work
|
|
|
7d5a1d |
- new dhcpv6-client service
|
|
|
7d5a1d |
- firewall-cmd: query mode returns reversed values
|
|
|
7d5a1d |
- new zone.changeZone(zone, interface)
|
|
|
7d5a1d |
- moved zones, services and icmptypes to /usr/lib/firewalld, can be overloaded
|
|
|
7d5a1d |
by files in /etc/firewalld (no overload of immutable zones block, drop,
|
|
|
7d5a1d |
trusted)
|
|
|
7d5a1d |
- reset MinimalMark in firewalld.cnf to default value
|
|
|
7d5a1d |
- fixed service destination (addresses not used)
|
|
|
7d5a1d |
- fix xmlplus to be compatible with the python xml sax parser and python 3
|
|
|
7d5a1d |
by adding __contains__ to xml.sax.xmlreader.AttributesImpl
|
|
|
7d5a1d |
- use icon and glib related post, postun and posttrans scriptes for firewall
|
|
|
7d5a1d |
- firewall-cmd: fix typo in state
|
|
|
7d5a1d |
- firewall-cmd: fix usage()
|
|
|
7d5a1d |
- firewall-cmd: fix interface action description in usage()
|
|
|
7d5a1d |
- client.py: fix definition of queryInterface()
|
|
|
7d5a1d |
- client.py: fix typo in getInterfaces()
|
|
|
7d5a1d |
- firewalld.service: do not fork
|
|
|
7d5a1d |
- firewall-cmd: fix bug in --list=port and --port action help message
|
|
|
7d5a1d |
- firewall-cmd: fix bug in --list=service
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Mon Mar 5 2012 Thomas Woerner <twoerner@redhat.com>
|
|
|
7d5a1d |
- moved zones, services and icmptypes to /usr/lib/firewalld, can be overloaded
|
|
|
7d5a1d |
by files in /etc/firewalld (no overload of immutable zones block, drop,
|
|
|
7d5a1d |
trusted)
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Tue Feb 21 2012 Thomas Woerner <twoerner@redhat.com> 0.2.1-1
|
|
|
7d5a1d |
- added missing firewall.dbus_utils
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Tue Feb 7 2012 Thomas Woerner <twoerner@redhat.com> 0.2.0-2
|
|
|
7d5a1d |
- added glib2-devel to build requires, needed for gsettings.m4
|
|
|
7d5a1d |
- added --with-system-unitdir arg to fix installaiton of system file
|
|
|
7d5a1d |
- added glib-compile-schemas calls for postun and posttrans
|
|
|
7d5a1d |
- added EXTRA_DIST file lists
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Mon Feb 6 2012 Thomas Woerner <twoerner@redhat.com> 0.2.0-1
|
|
|
7d5a1d |
- version 0.2.0 with new FirewallD1 D-BUS interface
|
|
|
7d5a1d |
- supports zones with a default zone
|
|
|
7d5a1d |
- new direct interface as a replacement of the partial virt interface with
|
|
|
7d5a1d |
additional passthrough functionality
|
|
|
7d5a1d |
- dropped custom rules, use direct interface instead
|
|
|
7d5a1d |
- dropped trusted interface funcionality, use trusted zone instead
|
|
|
7d5a1d |
- using zone, service and icmptype configuration files
|
|
|
7d5a1d |
- not using any system-config-firewall parts anymore
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Mon Feb 14 2011 Thomas Woerner <twoerner@redhat.com> 0.1.3-1
|
|
|
7d5a1d |
- new version 0.1.3
|
|
|
7d5a1d |
- restore all firewall features for reload: panic and virt rules and chains
|
|
|
7d5a1d |
- string fixes for firewall-cmd man page (by Jiri Popelka)
|
|
|
7d5a1d |
- fixed firewall-cmd port list (by Jiri Popelka)
|
|
|
7d5a1d |
- added firewall dbus client connect check to firewall-cmd (by Jiri Popelka)
|
|
|
7d5a1d |
- translation updates: de, es, gu, it, ja, kn, ml, nl, or, pa, pl, ru, ta,
|
|
|
7d5a1d |
uk, zh_CN
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Mon Jan 3 2011 Thomas Woerner <twoerner@redhat.com> 0.1.2-1
|
|
|
7d5a1d |
- fixed package according to package review (rhbz#665395):
|
|
|
7d5a1d |
- non executable scripts: dropped shebang
|
|
|
7d5a1d |
- using newer GPL license file
|
|
|
7d5a1d |
- made /etc/dbus-1/system.d/FirewallD.conf config(noreplace)
|
|
|
7d5a1d |
- added requires(post) and (pre) for chkconfig
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Mon Jan 3 2011 Thomas Woerner <twoerner@redhat.com> 0.1.1-1
|
|
|
7d5a1d |
- new version 0.1.1
|
|
|
7d5a1d |
- fixed source path in POTFILES*
|
|
|
7d5a1d |
- added missing firewall_config.py.in
|
|
|
7d5a1d |
- added misssing space for spec_ver line
|
|
|
7d5a1d |
- using firewall_config.VARLOGFILE
|
|
|
7d5a1d |
- added date to logging output
|
|
|
7d5a1d |
- also log fatal and error logs to stderr and firewall_config.VARLOGFILE
|
|
|
7d5a1d |
- make log message for active_firewalld fatal
|
|
|
7d5a1d |
|
|
|
7d5a1d |
* Mon Dec 20 2010 Thomas Woerner <twoerner@redhat.com> 0.1-1
|
|
|
7d5a1d |
- initial package (proof of concept implementation)
|