|
 |
c8bceb |
%if (0%{?fedora} >= 13 || 0%{?rhel} > 7)
|
|
|
c8bceb |
%global with_python3 1
|
|
|
c8bceb |
%if (0%{?fedora} >= 23 || 0%{?rhel} >= 8)
|
|
|
c8bceb |
%global use_python3 1
|
|
|
c8bceb |
%endif
|
|
|
c8bceb |
%endif
|
|
|
c8bceb |
|
|
|
c8bceb |
Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
|
|
|
c8bceb |
Name: firewalld
|
|
|
c8bceb |
Version: 0.6.3
|
|
|
c8bceb |
Release: 7%{?dist}
|
|
|
c8bceb |
URL: http://www.firewalld.org
|
|
|
c8bceb |
License: GPLv2+
|
|
|
c8bceb |
Source0: https://github.com/firewalld/firewalld/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
|
|
|
c8bceb |
Patch1: RHEL-only-qt4_applet.patch
|
|
|
c8bceb |
Patch2: RHEL-only-remove-cockpit-service-definition.patch
|
|
|
c8bceb |
Patch4: RHEL-only-remove-ability-to-use-nftables-backend.patch
|
|
|
c8bceb |
Patch5: 0001-config-lockdown-whitelist-Don-t-auto-add-Es-to-inter.patch
|
|
|
c8bceb |
Patch6: 0002-ipXtables-nftables-Fix-object-has-no-attribute-_log_.patch
|
|
|
c8bceb |
Patch7: 0003-tests-regression-rhbz1571957-exercise-log-denied-bro.patch
|
|
|
c8bceb |
Patch8: 0004-rich-rules-fix-mark-action.patch
|
|
|
c8bceb |
Patch9: 0001-update-translations.patch
|
|
|
c8bceb |
Patch10: 0002-services-steam-streaming-update-udp-ports.patch
|
|
|
c8bceb |
Patch11: 0003-nftables-fix-panic-mode-not-filtering-output-packets.patch
|
|
|
c8bceb |
Patch12: 0004-fw_zone-fix-rich-rule-masquerading.patch
|
|
|
c8bceb |
Patch13: 0005-fw_zone-fix-IPv6-rich-rule-forward-port-without-toad.patch
|
|
|
c8bceb |
Patch14: 0006-nftables-fix-rich-rule-masquerade.patch
|
|
|
c8bceb |
Patch15: 0007-nftables-fix-ipv6-rich-rule-forward-ports.patch
|
|
|
c8bceb |
Patch16: 0008-ipset-fix-set-apply-if-IndividualCalls-yes.patch
|
|
|
c8bceb |
Patch17: 0009-tests-regression-rhbz1601610-modify-test-to-satisfy-.patch
|
|
|
c8bceb |
Patch18: 0010-tests-functions-implement-a-better-m4_strip.patch
|
|
|
c8bceb |
Patch19: 0011-tests-functions-m4_strip-expected-output.patch
|
|
|
c8bceb |
Patch20: 0012-tests-functions-for-list-macros-skip-if-testing-fire.patch
|
|
|
c8bceb |
Patch21: 0013-tests-firewall-cmd-remove-redundant-checks-for-TESTI.patch
|
|
|
c8bceb |
Patch22: 0014-nftables-Allow-interfaces-with-wildcards.patch
|
|
|
c8bceb |
Patch23: 0015-tests-firewall-cmd-Coverage-for-interface-wildcardin.patch
|
|
|
c8bceb |
Patch24: 0016-tests-functions-normalize-ebtables-inversion-output.patch
|
|
|
c8bceb |
Patch25: 0017-ipXtables-simplify-rpfilter-rule-generation.patch
|
|
|
c8bceb |
Patch26: 0018-ipXtables-Avoid-inserting-rules-with-index.patch
|
|
|
c8bceb |
Patch27: 0019-fix-issue-457.patch
|
|
|
c8bceb |
Patch28: 0020-doc-note-that-forward-port-may-enable-IP-forwarding.patch
|
|
|
c8bceb |
Patch29: 0021-doc-note-that-masquerade-will-enable-IP-forwarding.patch
|
|
|
c8bceb |
Patch30: 0022-fw_zone-forward-ports-only-enable-IP-forwarding-if-t.patch
|
|
|
c8bceb |
Patch31: 0023-tests-regression-coverage-for-enabling-IP-forwarding.patch
|
|
|
c8bceb |
Patch32: 0024-fix-rich-rule-forward-port-deletion-after-reload.patch
|
|
|
c8bceb |
Patch33: 0025-test-add-coverage-for-gh-482.patch
|
|
|
c8bceb |
Patch34: 0026-rich-rules-fix-Rich_Mark-logic.patch
|
|
|
c8bceb |
Patch35: 0027-fix-nftables-rich-rule-mark-not-marking-every-packet.patch
|
|
|
c8bceb |
Patch36: 0028-test-add-tests-for-rich-rule-mark-action.patch
|
|
|
c8bceb |
Patch37: 0029-fix-ipXtables-don-t-use-tables-that-aren-t-available.patch
|
|
|
c8bceb |
Patch38: 0030-fix-nftables-make-helpers-work-by-creating-ct-helper.patch
|
|
|
c8bceb |
Patch39: 0031-test-add-test-to-check-for-nftables-helper-objects.patch
|
|
|
c8bceb |
Patch40: 0032-test-add-macro-CHECK_NFT_CT_HELPER.patch
|
|
|
c8bceb |
Patch41: 0033-fix-tests-regression-gh453-guarantee-automatic-helpe.patch
|
|
|
c8bceb |
Patch42: 0034-fix-on-reload-set-policy-before-cleanup.patch
|
|
|
c8bceb |
Patch43: 0035-tests-functions-normalize-nft-list-rule-output.patch
|
|
|
c8bceb |
Patch44: 0036-test-functions-Strip-nft-hook-and-policy-from-output.patch
|
|
|
c8bceb |
Patch45: 0037-fix-tests-nftables-compatibility-with-numeric-output.patch
|
|
|
c8bceb |
Patch46: 0038-fix-document-check-config-option.patch
|
|
|
c8bceb |
Patch47: 0039-fix-tests-nftables-constant-set-compat-between-relea.patch
|
|
|
c8bceb |
Patch48: 0040-fix-propagate-exception-if-backend-fails-with-Indivi.patch
|
|
|
c8bceb |
Patch49: 0041-fix-do-not-flush-entire-ruleset-in-CHECK_NAT_COEXIST.patch
|
|
|
c8bceb |
Patch50: 0042-fix-tests-regression-pr323-don-t-check-for-nf_nat_pr.patch
|
|
|
c8bceb |
Patch51: 0043-fix-tests-regression-rhbz1601610-ignore-warning-abou.patch
|
|
|
c8bceb |
Patch52: 0044-fix-avoid-calling-backends-that-aren-t-available.patch
|
|
|
c8bceb |
Patch53: 0045-test-pass-IPTABLES-make-variables-down-to-autotest.patch
|
|
|
c8bceb |
Patch54: 0046-test-add-macro-HOST_SUPPORTS_IP6TABLES.patch
|
|
|
c8bceb |
Patch55: 0047-test-add-macro-IF_IPV6_SUPPORTED.patch
|
|
|
c8bceb |
Patch56: 0048-fix-tests-functions-ignore-warnings-about-missing-ip.patch
|
|
|
c8bceb |
Patch57: 0049-fix-tests-guard-occurrences-of-IPv6.patch
|
|
|
c8bceb |
Patch58: 0050-improvement-tests-Use-AT_KEYWORDS-for-backends.patch
|
|
|
c8bceb |
Patch59: 0051-chore-tests-add-AT_KEYWORDS-for-firewall-offline-cmd.patch
|
|
|
c8bceb |
Patch60: 0052-chore-travis-split-test-matrix-by-keywords.patch
|
|
|
c8bceb |
Patch61: 0053-test-travis-add-another-test-matrix-for-omitting-ip6.patch
|
|
|
c8bceb |
Patch62: 0054-treewide-fix-over-indentation-flake8-E117.patch
|
|
|
c8bceb |
Patch63: 0055-chore-update-translations.patch
|
|
|
c8bceb |
Patch64: 0056-Change-interface-can-accept-permanent-option.patch
|
|
|
c8bceb |
Patch65: 0057-fix-tests-update-package.m4-if-makefile-changed.patch
|
|
|
c8bceb |
Patch66: 0058-fix-tests-functions-define-HOST_SUPPORTS_IP6TABLES-v.patch
|
|
|
c8bceb |
Patch67: 0059-fix-do-not-allow-zone-drifting.patch
|
|
|
c8bceb |
Patch68: 0060-test-add-coverage-for-258-and-441.patch
|
|
|
c8bceb |
Patch69: 0061-fix-test-regression-gh258-add-missing-keyword-for-rh.patch
|
|
|
c8bceb |
Patch70: 0062-fix-rich-rule-destination-with-services.patch
|
|
|
c8bceb |
Patch71: 0063-test-coverage-for-rhbz-1715977.patch
|
|
|
c8bceb |
Patch72: 0064-fix-src-test-Makefile-dist-python-tests-as-well.patch
|
|
|
c8bceb |
Patch73: 0065-fix-src-test-Makefile-use-wildcard-in-variable-expan.patch
|
|
|
c8bceb |
Patch74: 0066-fix-tests-always-list-rules-using-macros.patch
|
|
|
c8bceb |
Patch75: 0067-test-new-macro-CHECK_MODULE_PROTO_GRE.patch
|
|
|
c8bceb |
Patch76: 0068-fix-test-regression-pr323-skip-if-GRE-module-doesn-t.patch
|
|
|
c8bceb |
Patch77: 0069-test-service-coverage-for-import-from-file.patch
|
|
|
c8bceb |
Patch78: 0070-fix-direct-removeRules-was-mistakenly-removing-all-r.patch
|
|
|
c8bceb |
Patch79: 0071-test-coverage-for-rhbz-1723610-and-gh-385.patch
|
|
|
c8bceb |
Patch80: 0072-fix-tests-regression-rhbz1723610-make-output-reliabl.patch
|
|
|
c8bceb |
Patch81: 0073-fix-tests-regression-rhbz1723610-avoid-calling-IPv6-.patch
|
|
|
c8bceb |
Patch82: 0074-fix-guarantee-zone-source-dispatch-is-sorted-by-zone.patch
|
|
|
c8bceb |
Patch83: 0075-test-verify-source-based-zone-dispatch-ordered-by-zo.patch
|
|
|
c8bceb |
Patch84: 0076-fix-test-regression-rhbz1734765-guard-IPv6-usage.patch
|
|
|
c8bceb |
Patch85: 0077-fix-nftables-fix-zone-dispatch-using-ipset-sources-i.patch
|
|
|
c8bceb |
Patch86: 0078-test-regression-rhbz1734765-add-coverage-for-rhbz-17.patch
|
|
|
c8bceb |
Patch87: 0079-chore-tests-functions-change-list-macros-to-only-exp.patch
|
|
|
c8bceb |
Patch88: 0088-doc-add-default-config-and-system-config.patch
|
|
|
c8bceb |
Patch89: 0089-test-missing-firewalld.conf.patch
|
|
|
c8bceb |
Patch90: 0090-fix-tests-regression-gh509-skip-if-host-doesn-t-supp.patch
|
|
|
c8bceb |
Patch91: 0091-fix-add-masquerade-should-only-affect-ipv4.patch
|
|
|
c8bceb |
Patch92: 0092-fix-nftables-forward-ports-should-only-affect-IPv4.patch
|
|
|
c8bceb |
Patch93: 0093-test-coverage-to-make-sure-masquerade-forward-port-o.patch
|
|
|
c8bceb |
Patch94: 0094-fix-tests-functions-add-macro-HOST_SUPPORTS_IPV6.patch
|
|
|
c8bceb |
Patch95: 0095-fix-tests-regression-gh335-don-t-set-ipv6-sysctls-if.patch
|
|
|
c8bceb |
Patch96: 0096-fix-tests-ignore-errors-about-setting-ipv6-forwardin.patch
|
|
|
c8bceb |
Patch97: 0097-fix-direct-removeRules-not-removing-all-rules-in-cha.patch
|
|
|
c8bceb |
Patch98: 0098-fix-tests-regression-rhbz1723610-better-coverage.patch
|
|
|
c8bceb |
Patch99: 0099-fix-tests-regression-rhbz1723610-make-deterministic.patch
|
|
|
c8bceb |
Patch100: 0100-fix-tests-functions-improve-CHECK_IPSET-for-nftables.patch
|
|
|
c8bceb |
Patch101: 0101-fix-tests-regression-rhbz1601610-add-missing-CHECK_I.patch
|
|
|
c8bceb |
Patch102: 0102-fix-allow-custom-helpers-using-standard-helper-modul.patch
|
|
|
c8bceb |
Patch103: 0103-test-helper-coverage-for-custom-helper.patch
|
|
|
c8bceb |
Patch104: 0104-fix-test-title-of-customer-helpers-test-was-wrong.patch
|
|
|
c8bceb |
Patch105: 0105-fix-service-usage-of-helpers-with-in-name.patch
|
|
|
c8bceb |
Patch106: 0106-fix-Revert-ebtables-drop-support-for-broute-table.patch
|
|
|
c8bceb |
Patch107: 0107-fix-ebtables-don-t-use-tables-that-aren-t-available.patch
|
|
|
c8bceb |
Patch108: 0108-fix-test-features-helpers_custom-skip-test-if-automa.patch
|
|
|
c8bceb |
Patch109: 0109-fix-test-only-set-locale-if-C.utf8-is-available.patch
|
|
|
c8bceb |
|
|
|
c8bceb |
BuildArch: noarch
|
|
|
c8bceb |
BuildRequires: desktop-file-utils
|
|
|
c8bceb |
BuildRequires: gettext
|
|
|
c8bceb |
BuildRequires: intltool
|
|
|
c8bceb |
# glib2-devel is needed for gsettings.m4
|
|
|
c8bceb |
BuildRequires: glib2, glib2-devel
|
|
|
c8bceb |
BuildRequires: systemd-units
|
|
|
c8bceb |
BuildRequires: docbook-style-xsl
|
|
|
c8bceb |
BuildRequires: libxslt
|
|
|
c8bceb |
BuildRequires: python2-devel
|
|
|
c8bceb |
BuildRequires: iptables, ebtables, ipset
|
|
|
c8bceb |
%if 0%{?with_python3}
|
|
|
c8bceb |
BuildRequires: python3-devel
|
|
|
c8bceb |
%endif #0%{?with_python3}
|
|
|
c8bceb |
Requires: iptables, ebtables, ipset
|
|
|
c8bceb |
Requires(post): systemd
|
|
|
c8bceb |
Requires(preun): systemd
|
|
|
c8bceb |
Requires(postun): systemd
|
|
|
c8bceb |
Requires: firewalld-filesystem = %{version}-%{release}
|
|
|
c8bceb |
%if 0%{?use_python3}
|
|
|
c8bceb |
Requires: python3-firewall = %{version}-%{release}
|
|
|
c8bceb |
%else #0%{?use_python3}
|
|
|
c8bceb |
Requires: python-firewall = %{version}-%{release}
|
|
|
c8bceb |
%endif #0%{?use_python3}
|
|
|
c8bceb |
Conflicts: selinux-policy < 3.13.1-118.el7
|
|
|
c8bceb |
Conflicts: squid < 7:3.5.10-1
|
|
|
c8bceb |
Conflicts: NetworkManager < 1:1.4.0-3.el7
|
|
|
c8bceb |
|
|
|
c8bceb |
%description
|
|
|
c8bceb |
firewalld is a firewall service daemon that provides a dynamic customizable
|
|
|
c8bceb |
firewall with a D-Bus interface.
|
|
|
c8bceb |
|
|
|
c8bceb |
%package -n python-firewall
|
|
|
c8bceb |
Summary: Python2 bindings for firewalld
|
|
|
c8bceb |
Provides: python2-firewall
|
|
|
c8bceb |
Obsoletes: python2-firewall
|
|
|
c8bceb |
Requires: dbus-python
|
|
|
c8bceb |
Requires: python-slip-dbus
|
|
|
c8bceb |
Requires: python-decorator
|
|
|
c8bceb |
Requires: pygobject3-base
|
|
|
c8bceb |
Conflicts: %{name} < 0.3.14
|
|
|
c8bceb |
|
|
|
c8bceb |
%description -n python-firewall
|
|
|
c8bceb |
Python2 bindings for firewalld.
|
|
|
c8bceb |
|
|
|
c8bceb |
%if 0%{?with_python3}
|
|
|
c8bceb |
%package -n python3-firewall
|
|
|
c8bceb |
Summary: Python3 bindings for firewalld
|
|
|
c8bceb |
Requires: python3-dbus
|
|
|
c8bceb |
Requires: python3-slip-dbus
|
|
|
c8bceb |
Requires: python3-decorator
|
|
|
c8bceb |
%if (0%{?fedora} >= 23 || 0%{?rhel} >= 8)
|
|
|
c8bceb |
Requires: python3-gobject-base
|
|
|
c8bceb |
%else
|
|
|
c8bceb |
Requires: python3-gobject
|
|
|
c8bceb |
%endif
|
|
|
c8bceb |
Conflicts: %{name} < 0.3.14
|
|
|
c8bceb |
|
|
|
c8bceb |
%description -n python3-firewall
|
|
|
c8bceb |
Python3 bindings for firewalld.
|
|
|
c8bceb |
%endif #0%{?with_python3}
|
|
|
c8bceb |
|
|
|
c8bceb |
%package -n firewalld-filesystem
|
|
|
c8bceb |
Summary: Firewalld directory layout and rpm macros
|
|
|
c8bceb |
Conflicts: %{name} < 0.3.13
|
|
|
c8bceb |
|
|
|
c8bceb |
%description -n firewalld-filesystem
|
|
|
c8bceb |
This package provides directories and rpm macros which
|
|
|
c8bceb |
are required by other packages that add firewalld configuration files.
|
|
|
c8bceb |
|
|
|
c8bceb |
%package -n firewall-applet
|
|
|
c8bceb |
Summary: Firewall panel applet
|
|
|
c8bceb |
Requires: %{name} = %{version}-%{release}
|
|
|
c8bceb |
Requires: firewall-config = %{version}-%{release}
|
|
|
c8bceb |
Requires: hicolor-icon-theme
|
|
|
c8bceb |
%if 0%{?use_python3}
|
|
|
c8bceb |
Requires: python3-PyQt4
|
|
|
c8bceb |
Requires: python3-gobject
|
|
|
c8bceb |
%else
|
|
|
c8bceb |
Requires: PyQt4
|
|
|
c8bceb |
Requires: pygobject3-base
|
|
|
c8bceb |
%endif
|
|
|
c8bceb |
Requires: libnotify
|
|
|
c8bceb |
Requires: NetworkManager-libnm
|
|
|
c8bceb |
Requires: dbus-x11
|
|
|
c8bceb |
|
|
|
c8bceb |
%description -n firewall-applet
|
|
|
c8bceb |
The firewall panel applet provides a status information of firewalld and also
|
|
|
c8bceb |
the firewall settings.
|
|
|
c8bceb |
|
|
|
c8bceb |
%package -n firewall-config
|
|
|
c8bceb |
Summary: Firewall configuration application
|
|
|
c8bceb |
Requires: %{name} = %{version}-%{release}
|
|
|
c8bceb |
Requires: hicolor-icon-theme
|
|
|
c8bceb |
Requires: gtk3
|
|
|
c8bceb |
%if 0%{?use_python3}
|
|
|
c8bceb |
Requires: python3-gobject
|
|
|
c8bceb |
%else
|
|
|
c8bceb |
Requires: pygobject3-base
|
|
|
c8bceb |
%endif
|
|
|
c8bceb |
Requires: NetworkManager-libnm
|
|
|
c8bceb |
Requires: dbus-x11
|
|
|
c8bceb |
|
|
|
c8bceb |
%description -n firewall-config
|
|
|
c8bceb |
The firewall configuration application provides an configuration interface for
|
|
|
c8bceb |
firewalld.
|
|
|
c8bceb |
|
|
|
c8bceb |
%prep
|
|
|
c8bceb |
%autosetup -p1
|
|
|
c8bceb |
./autogen.sh
|
|
|
c8bceb |
|
|
|
c8bceb |
%if 0%{?with_python3}
|
|
|
c8bceb |
rm -rf %{py3dir}
|
|
|
c8bceb |
cp -a . %{py3dir}
|
|
|
c8bceb |
%endif #0%{?with_python3}
|
|
|
c8bceb |
|
|
|
c8bceb |
%build
|
|
|
c8bceb |
autoreconf --force -v --install --symlink
|
|
|
c8bceb |
%if 0%{?use_python3}
|
|
|
c8bceb |
%configure --enable-sysconfig --enable-rpmmacros PYTHON="%{__python3} -Es"
|
|
|
c8bceb |
%else
|
|
|
c8bceb |
%configure --enable-sysconfig --enable-rpmmacros PYTHON="%{__python2} -Es"
|
|
|
c8bceb |
%endif #0%{?use_python3}
|
|
|
c8bceb |
make %{?_smp_mflags}
|
|
|
c8bceb |
|
|
|
c8bceb |
%if 0%{?with_python3}
|
|
|
c8bceb |
pushd %{py3dir}
|
|
|
c8bceb |
autoreconf --force -v --install --symlink
|
|
|
c8bceb |
%configure --enable-sysconfig --enable-rpmmacros PYTHON="%{__python3} -Es"
|
|
|
c8bceb |
make %{?_smp_mflags}
|
|
|
c8bceb |
popd
|
|
|
c8bceb |
%endif #0%{?with_python3}
|
|
|
c8bceb |
|
|
|
c8bceb |
%install
|
|
|
c8bceb |
%if 0%{?use_python3}
|
|
|
c8bceb |
make -C src install-nobase_dist_pythonDATA DESTDIR=%{buildroot}
|
|
|
c8bceb |
%else
|
|
|
c8bceb |
make install DESTDIR=%{buildroot}
|
|
|
c8bceb |
%endif #0%{?use_python3}
|
|
|
c8bceb |
|
|
|
c8bceb |
%if 0%{?with_python3}
|
|
|
c8bceb |
pushd %{py3dir}
|
|
|
c8bceb |
%if 0%{?use_python3}
|
|
|
c8bceb |
make install DESTDIR=%{buildroot}
|
|
|
c8bceb |
%else
|
|
|
c8bceb |
make -C src install-nobase_dist_pythonDATA DESTDIR=%{buildroot}
|
|
|
c8bceb |
%endif #0%{?use_python3}
|
|
|
c8bceb |
popd
|
|
|
c8bceb |
%endif #0%{?with_python3}
|
|
|
c8bceb |
|
|
|
c8bceb |
desktop-file-install --delete-original \
|
|
|
c8bceb |
--dir %{buildroot}%{_sysconfdir}/xdg/autostart \
|
|
|
c8bceb |
%{buildroot}%{_sysconfdir}/xdg/autostart/firewall-applet.desktop
|
|
|
c8bceb |
desktop-file-install --delete-original \
|
|
|
c8bceb |
--dir %{buildroot}%{_datadir}/applications \
|
|
|
c8bceb |
%{buildroot}%{_datadir}/applications/firewall-config.desktop
|
|
|
c8bceb |
|
|
|
c8bceb |
%find_lang %{name} --all-name
|
|
|
c8bceb |
|
|
|
c8bceb |
%post
|
|
|
c8bceb |
%systemd_post firewalld.service
|
|
|
c8bceb |
|
|
|
c8bceb |
%preun
|
|
|
c8bceb |
%systemd_preun firewalld.service
|
|
|
c8bceb |
|
|
|
c8bceb |
%postun
|
|
|
c8bceb |
%systemd_postun_with_restart firewalld.service
|
|
|
c8bceb |
|
|
|
c8bceb |
|
|
|
c8bceb |
%post -n firewall-applet
|
|
|
c8bceb |
/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || :
|
|
|
c8bceb |
|
|
|
c8bceb |
%postun -n firewall-applet
|
|
|
c8bceb |
if [ $1 -eq 0 ] ; then
|
|
|
c8bceb |
/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null
|
|
|
c8bceb |
/usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
|
|
|
c8bceb |
/usr/bin/glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
|
|
|
c8bceb |
fi
|
|
|
c8bceb |
|
|
|
c8bceb |
%posttrans -n firewall-applet
|
|
|
c8bceb |
/usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
|
|
|
c8bceb |
/usr/bin/glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
|
|
|
c8bceb |
|
|
|
c8bceb |
|
|
|
c8bceb |
%post -n firewall-config
|
|
|
c8bceb |
/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || :
|
|
|
c8bceb |
|
|
|
c8bceb |
%postun -n firewall-config
|
|
|
c8bceb |
if [ $1 -eq 0 ] ; then
|
|
|
c8bceb |
/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null
|
|
|
c8bceb |
/usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
|
|
|
c8bceb |
/usr/bin/glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
|
|
|
c8bceb |
fi
|
|
|
c8bceb |
|
|
|
c8bceb |
%posttrans -n firewall-config
|
|
|
c8bceb |
/usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
|
|
|
c8bceb |
/usr/bin/glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
|
|
|
c8bceb |
|
|
|
c8bceb |
%files -f %{name}.lang
|
|
|
c8bceb |
%doc COPYING README
|
|
|
c8bceb |
%{_sbindir}/firewalld
|
|
|
c8bceb |
%{_bindir}/firewall-cmd
|
|
|
c8bceb |
%{_bindir}/firewall-offline-cmd
|
|
|
c8bceb |
%dir %{_datadir}/bash-completion/completions
|
|
|
c8bceb |
%{_datadir}/bash-completion/completions/firewall-cmd
|
|
|
c8bceb |
%{_prefix}/lib/firewalld/icmptypes/*.xml
|
|
|
c8bceb |
%{_prefix}/lib/firewalld/ipsets/README
|
|
|
c8bceb |
%{_prefix}/lib/firewalld/services/*.xml
|
|
|
c8bceb |
%{_prefix}/lib/firewalld/zones/*.xml
|
|
|
c8bceb |
%{_prefix}/lib/firewalld/helpers/*.xml
|
|
|
c8bceb |
%attr(0750,root,root) %dir %{_sysconfdir}/firewalld
|
|
|
c8bceb |
%config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf
|
|
|
c8bceb |
%config(noreplace) %{_sysconfdir}/firewalld/lockdown-whitelist.xml
|
|
|
c8bceb |
%attr(0750,root,root) %dir %{_sysconfdir}/firewalld/helpers
|
|
|
c8bceb |
%attr(0750,root,root) %dir %{_sysconfdir}/firewalld/icmptypes
|
|
|
c8bceb |
%attr(0750,root,root) %dir %{_sysconfdir}/firewalld/ipsets
|
|
|
c8bceb |
%attr(0750,root,root) %dir %{_sysconfdir}/firewalld/services
|
|
|
c8bceb |
%attr(0750,root,root) %dir %{_sysconfdir}/firewalld/zones
|
|
|
c8bceb |
%dir %{_datadir}/firewalld
|
|
|
c8bceb |
%defattr(0644,root,root)
|
|
|
c8bceb |
%config(noreplace) %{_sysconfdir}/sysconfig/firewalld
|
|
|
c8bceb |
#%attr(0755,root,root) %{_initrddir}/firewalld
|
|
|
c8bceb |
%{_unitdir}/firewalld.service
|
|
|
c8bceb |
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/FirewallD.conf
|
|
|
c8bceb |
%{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.desktop.policy.choice
|
|
|
c8bceb |
%{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.server.policy.choice
|
|
|
c8bceb |
%{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
|
|
|
c8bceb |
%{_mandir}/man1/firewall*cmd*.1*
|
|
|
c8bceb |
%{_mandir}/man1/firewalld*.1*
|
|
|
c8bceb |
%{_mandir}/man5/firewall*.5*
|
|
|
c8bceb |
%{_sysconfdir}/modprobe.d/firewalld-sysctls.conf
|
|
|
c8bceb |
|
|
|
c8bceb |
%files -n python-firewall
|
|
|
c8bceb |
%attr(0755,root,root) %dir %{python2_sitelib}/firewall
|
|
|
c8bceb |
%attr(0755,root,root) %dir %{python2_sitelib}/firewall/config
|
|
|
c8bceb |
%attr(0755,root,root) %dir %{python2_sitelib}/firewall/core
|
|
|
c8bceb |
%attr(0755,root,root) %dir %{python2_sitelib}/firewall/core/io
|
|
|
c8bceb |
%attr(0755,root,root) %dir %{python2_sitelib}/firewall/server
|
|
|
c8bceb |
%{python2_sitelib}/firewall/*.py*
|
|
|
c8bceb |
%{python2_sitelib}/firewall/config/*.py*
|
|
|
c8bceb |
%{python2_sitelib}/firewall/core/*.py*
|
|
|
c8bceb |
%{python2_sitelib}/firewall/core/io/*.py*
|
|
|
c8bceb |
%{python2_sitelib}/firewall/server/*.py*
|
|
|
c8bceb |
|
|
|
c8bceb |
%if 0%{?with_python3}
|
|
|
c8bceb |
%files -n python3-firewall
|
|
|
c8bceb |
%attr(0755,root,root) %dir %{python3_sitelib}/firewall
|
|
|
c8bceb |
%attr(0755,root,root) %dir %{python3_sitelib}/firewall/__pycache__
|
|
|
c8bceb |
%attr(0755,root,root) %dir %{python3_sitelib}/firewall/config
|
|
|
c8bceb |
%attr(0755,root,root) %dir %{python3_sitelib}/firewall/config/__pycache__
|
|
|
c8bceb |
%attr(0755,root,root) %dir %{python3_sitelib}/firewall/core
|
|
|
c8bceb |
%attr(0755,root,root) %dir %{python3_sitelib}/firewall/core/__pycache__
|
|
|
c8bceb |
%attr(0755,root,root) %dir %{python3_sitelib}/firewall/core/io
|
|
|
c8bceb |
%attr(0755,root,root) %dir %{python3_sitelib}/firewall/core/io/__pycache__
|
|
|
c8bceb |
%attr(0755,root,root) %dir %{python3_sitelib}/firewall/server
|
|
|
c8bceb |
%attr(0755,root,root) %dir %{python3_sitelib}/firewall/server/__pycache__
|
|
|
c8bceb |
%{python3_sitelib}/firewall/__pycache__/*.py*
|
|
|
c8bceb |
%{python3_sitelib}/firewall/*.py*
|
|
|
c8bceb |
%{python3_sitelib}/firewall/config/*.py*
|
|
|
c8bceb |
%{python3_sitelib}/firewall/config/__pycache__/*.py*
|
|
|
c8bceb |
%{python3_sitelib}/firewall/core/*.py*
|
|
|
c8bceb |
%{python3_sitelib}/firewall/core/__pycache__/*.py*
|
|
|
c8bceb |
%{python3_sitelib}/firewall/core/io/*.py*
|
|
|
c8bceb |
%{python3_sitelib}/firewall/core/io/__pycache__/*.py*
|
|
|
c8bceb |
%{python3_sitelib}/firewall/server/*.py*
|
|
|
c8bceb |
%{python3_sitelib}/firewall/server/__pycache__/*.py*
|
|
|
c8bceb |
%endif #0%{?with_python3}
|
|
|
c8bceb |
|
|
|
c8bceb |
%files -n firewalld-filesystem
|
|
|
c8bceb |
%dir %{_prefix}/lib/firewalld
|
|
|
c8bceb |
%dir %{_prefix}/lib/firewalld/helpers
|
|
|
c8bceb |
%dir %{_prefix}/lib/firewalld/icmptypes
|
|
|
c8bceb |
%dir %{_prefix}/lib/firewalld/ipsets
|
|
|
c8bceb |
%dir %{_prefix}/lib/firewalld/services
|
|
|
c8bceb |
%dir %{_prefix}/lib/firewalld/zones
|
|
|
c8bceb |
%{_rpmconfigdir}/macros.d/macros.firewalld
|
|
|
c8bceb |
|
|
|
c8bceb |
%files -n firewall-applet
|
|
|
c8bceb |
%{_bindir}/firewall-applet
|
|
|
c8bceb |
%defattr(0644,root,root)
|
|
|
c8bceb |
%{_sysconfdir}/xdg/autostart/firewall-applet.desktop
|
|
|
c8bceb |
%dir %{_sysconfdir}/firewall
|
|
|
c8bceb |
%{_sysconfdir}/firewall/applet.conf
|
|
|
c8bceb |
%{_datadir}/icons/hicolor/*/apps/firewall-applet*.*
|
|
|
c8bceb |
%{_mandir}/man1/firewall-applet*.1*
|
|
|
c8bceb |
|
|
|
c8bceb |
%files -n firewall-config
|
|
|
c8bceb |
%{_bindir}/firewall-config
|
|
|
c8bceb |
%defattr(0644,root,root)
|
|
|
c8bceb |
%{_datadir}/firewalld/firewall-config.glade
|
|
|
c8bceb |
%{_datadir}/firewalld/gtk3_chooserbutton.py*
|
|
|
c8bceb |
%{_datadir}/firewalld/gtk3_niceexpander.py*
|
|
|
c8bceb |
%{_datadir}/applications/firewall-config.desktop
|
|
|
c8bceb |
%{_datadir}/metainfo/firewall-config.appdata.xml
|
|
|
c8bceb |
%{_datadir}/icons/hicolor/*/apps/firewall-config*.*
|
|
|
c8bceb |
%{_datadir}/glib-2.0/schemas/org.fedoraproject.FirewallConfig.gschema.xml
|
|
|
c8bceb |
%{_mandir}/man1/firewall-config*.1*
|
|
|
c8bceb |
|
|
|
c8bceb |
%changelog
|
|
|
c8bceb |
* Fri Sep 27 2019 Eric Garver <egarver@redhat.com> - 0.6.3-7
|
|
|
c8bceb |
- fix: Revert "ebtables: drop support for broute table"
|
|
|
c8bceb |
|
|
|
c8bceb |
* Tue Sep 03 2019 Eric Garver <egarver@redhat.com> - 0.6.3-6
|
|
|
c8bceb |
- fix: direct: removeRules() not removing all rules in chain
|
|
|
c8bceb |
|
|
|
c8bceb |
* Mon Aug 12 2019 Eric Garver <egarver@redhat.com> - 0.6.3-5
|
|
|
c8bceb |
- doc: add --default-config and --system-config
|
|
|
c8bceb |
|
|
|
c8bceb |
* Mon Aug 12 2019 Eric Garver <egarver@redhat.com> - 0.6.3-4
|
|
|
c8bceb |
- fix: guarantee zone source dispatch is sorted by zone name
|
|
|
c8bceb |
|
|
|
c8bceb |
* Mon Jul 29 2019 Eric Garver <egarver@redhat.com> - 0.6.3-3
|
|
|
c8bceb |
- backport recent upstream stable fixes
|
|
|
c8bceb |
- backport fix --remove-rules deleting all direct rules
|
|
|
c8bceb |
- backport fix unable to delete rich rule forward-port
|
|
|
c8bceb |
- backport fix forward-port for external zone hijacking internal zone
|
|
|
c8bceb |
- backport fix testsuite iptables locking
|
|
|
c8bceb |
|
|
|
c8bceb |
* Tue Mar 19 2019 Eric Garver <egarver@redhat.com> - 0.6.3-2
|
|
|
c8bceb |
- backport recent upstream stable fixes
|
|
|
c8bceb |
- backport fix to enable IP forwarding only if toaddr specified
|
|
|
c8bceb |
|
|
|
c8bceb |
* Wed Nov 14 2018 Eric Garver <egarver@redhat.com> - 0.6.3-1
|
|
|
c8bceb |
- rebase package to v0.6.3, include recent stable fixes
|
|
|
c8bceb |
- use QT4 patch for firewall-applet
|
|
|
c8bceb |
- remove cockpit service definition, cockpit package still ships their own
|
|
|
c8bceb |
- remove testsuite force of LC_ALL=C.UTF-8. RHEL-7 doesn't have C.UTF-8
|
|
|
c8bceb |
- remove nftables support
|
|
|
c8bceb |
|
|
|
c8bceb |
* Fri Aug 17 2018 Eric Garver <egarver@redhat.com> - 0.5.3-5
|
|
|
c8bceb |
- even if startup failed, reapply non-permanent interface to zone assignments
|
|
|
c8bceb |
|
|
|
c8bceb |
* Thu Aug 16 2018 Eric Garver <egarver@redhat.com> - 0.5.3-4
|
|
|
c8bceb |
- backport patches to enter failed state if startup fails
|
|
|
c8bceb |
|
|
|
c8bceb |
* Thu Jul 19 2018 Eric Garver <egarver@redhat.com> - 0.5.3-3
|
|
|
c8bceb |
- backport patches to avoid NM for generated connections
|
|
|
c8bceb |
|
|
|
c8bceb |
* Tue Jun 12 2018 Eric Garver <egarver@redhat.com> - 0.5.3-2
|
|
|
c8bceb |
- backport patches for --check-config option
|
|
|
c8bceb |
|
|
|
c8bceb |
* Tue May 15 2018 Eric Garver <egarver@redhat.com> - 0.5.3-1
|
|
|
c8bceb |
- rebase package to v0.5.3
|
|
|
c8bceb |
|
|
|
c8bceb |
* Tue Dec 12 2017 Eric Garver <egarver@redhat.com> - 0.4.4.4-14
|
|
|
c8bceb |
- services/high-availability: Add port 9929 (RHBZ#1486143)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Wed Dec 06 2017 Eric Garver <egarver@redhat.com> - 0.4.4.4-13
|
|
|
c8bceb |
- firewalld: also reload dbus config interface for global options
|
|
|
c8bceb |
(RHBZ#1514043)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Wed Dec 06 2017 Eric Garver <egarver@redhat.com> - 0.4.4.4-12
|
|
|
c8bceb |
- Fix and improve firewalld-sysctls.conf (RHBZ#1516881)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Mon Sep 18 2017 Phil Sutter - 0.4.4.4-11
|
|
|
c8bceb |
- core: Log unsupported ICMP types as informational only (RHBZ#1479951)
|
|
|
c8bceb |
- doc: firewall-cmd: Document --query-* options return codes (RHBZ#1372716)
|
|
|
c8bceb |
- doc: firewall-cmd: Document quirk in --reload option (RHBZ#1452137)
|
|
|
c8bceb |
- firewall-cmd: Use colors only if output is a TTY (RHBZ#1368544)
|
|
|
c8bceb |
- firewall-offline-cmd: Don't require root for help output (RHBZ#1445214)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Wed Sep 06 2017 Eric Garver <egarver@redhat.com> - 0.4.4.4-10
|
|
|
c8bceb |
- Add missing ports to RH-Satellite-6 service (RHBZ#1422149)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Fri Aug 18 2017 Eric Garver <egarver@redhat.com> - 0.4.4.4-9
|
|
|
c8bceb |
- Reload nf_conntrack sysctls after the module is loaded (RHBZ#1462977)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Sun Aug 13 2017 Eric Garver <egarver@redhat.com> - 0.4.4.4-8
|
|
|
c8bceb |
- Add NFSv3 service (a127d697177b) (RHBZ#1462088)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Thu Aug 10 2017 Eric Garver <egarver@redhat.com> - 0.4.4.4-7
|
|
|
c8bceb |
- firewall.functions: New function get_nf_nat_helpers (RHBZ#1452681)
|
|
|
c8bceb |
- firewall.core.fw: Get NAT helpers and store them internally. (RHBZ#1452681)
|
|
|
c8bceb |
- firewall.core.fw_zone: Load NAT helpers with conntrack helpers (RHBZ#1452681)
|
|
|
c8bceb |
- firewalld.dbus: Add missing properties nf_conntrach_helper_setting and
|
|
|
c8bceb |
nf_conntrack_helpers (RHBZ#1452681)
|
|
|
c8bceb |
- D-Bus interfaces: Fix GetAll for interfaces without properties (RHBZ#1452017)
|
|
|
c8bceb |
- firewall.server.firewalld: New property for NAT helpers supported by the
|
|
|
c8bceb |
kernel (RHBZ#1452681)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Mon Jun 12 2017 Thomas Woerner <twoerner@redhat.com> - 0.4.4.4-6
|
|
|
c8bceb |
- IPv6 ICMP type only rich-rule fix (cf50bd0) (RHBZ#1459921)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Wed May 31 2017 Thomas Woerner <twoerner@redhat.com> - 0.4.4.4-5
|
|
|
c8bceb |
- Translation update for japanese (RHBZ#1382652)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Wed May 17 2017 Thomas Woerner <twoerner@redhat.com> - 0.4.4.4-4
|
|
|
c8bceb |
- Add services for oVirt: ovirt-imageio, ovirt-vmconsole, ovirt-storageconsole,
|
|
|
c8bceb |
ctbc and nrpe (RHBZ#1449158)
|
|
|
c8bceb |
- Fix policy issue with the choice policies by using the .policy.choice
|
|
|
c8bceb |
extension (RHBZ#1449754)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Wed May 3 2017 Thomas Woerner <twoerner@redhat.com> - 0.4.4.4-3
|
|
|
c8bceb |
- Fix --{set,get}-{short,description} for zones (RHBZ#1416325)
|
|
|
c8bceb |
- Man pages: Add sctp and dccp for ports, ... (RHBZ#1429808)
|
|
|
c8bceb |
- Add support for new wait option in restore commands (RHBZ#1446162)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Wed Apr 5 2017 Thomas Woerner <twoerner@redhat.com> - 0.4.4.4-2
|
|
|
c8bceb |
- Add support for sctp and dccp in ports, source-ports and forward-ports
|
|
|
c8bceb |
(RHBZ#1429808)
|
|
|
c8bceb |
- Fix firewall-offline-cmd --remove-service-from-zone= option (RHBZ#1438127)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Mon Mar 27 2017 Thomas Woerner <twoerner@redhat.com> - 0.4.4.4-1
|
|
|
c8bceb |
- Rebase to firewalld-0.4.4.4
|
|
|
c8bceb |
http://www.firewalld.org/2017/03/firewalld-0-4-4-4-release
|
|
|
c8bceb |
- Drop references to fedorahosted.org from spec file and Makefile.am, use
|
|
|
c8bceb |
archive from github
|
|
|
c8bceb |
- Fix inconsistent ordering of rules in INPUT_ZONE_SOURCE (issue#166)
|
|
|
c8bceb |
(RHBZ#1421222)
|
|
|
c8bceb |
- Fix ipset overloading from /etc/firewalld/ipsets (RHBZ#1423941)
|
|
|
c8bceb |
- Fix permanent rich rules using icmp-type elements (RHBZ#1434763)
|
|
|
c8bceb |
- firewall-config: Deactivate edit, remove, .. buttons if there are no items
|
|
|
c8bceb |
- Check if ICMP types are supported by kernel before trying to use them
|
|
|
c8bceb |
(RHBZ#1401978)
|
|
|
c8bceb |
- firewall-config: Show invalid ipset type in the ipset configuration dialog
|
|
|
c8bceb |
in a special label (RHBZ#1419058)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Fri Feb 10 2017 Thomas Woerner <twoerner@redhat.com> - 0.4.4.3-2
|
|
|
c8bceb |
- Drop ghost flag on policy file again
|
|
|
c8bceb |
|
|
|
c8bceb |
* Wed Feb 8 2017 Thomas Woerner <twoerner@redhat.com> - 0.4.4.3-1
|
|
|
c8bceb |
- Rebase to firewalld-0.4.4.3 (RHBZ#1414584)
|
|
|
c8bceb |
- Support disabled automatic helper assignment in firewalld (RHBZ#1006225)
|
|
|
c8bceb |
- Fix masquerade rules to be created always the same (RHBZ#1374001)
|
|
|
c8bceb |
- Properly handle quoted ifcfg file values (RHBZ#1395348)
|
|
|
c8bceb |
- Fix extension of ifcfg backup files (RHBZ#1400478)
|
|
|
c8bceb |
- Complete icmp types list (RHBZ#1401978)
|
|
|
c8bceb |
- Fix LOG rule placement for LogDenied (RHBZ#1402932)
|
|
|
c8bceb |
- Show error messages from NM and do not trace back (RHBZ#1405562)
|
|
|
c8bceb |
- Support icmp-type usage in rich rules (RHBZ#1409544)
|
|
|
c8bceb |
- New service file for freeipa-trust (RHBZ#1411650)
|
|
|
c8bceb |
- Fix --{set,get}-{short,description} for ipset in commands (RHBZ#1416325)
|
|
|
c8bceb |
- Speed up large ipset file loading and import (RHBZ#1416817)
|
|
|
c8bceb |
- Improve support for ipsets in firewalld (RHBZ#1419058)
|
|
|
c8bceb |
- ALREADY_ errors should result in warnings and zero exit code (RHBZ#1420457)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Wed Feb 8 2017 Thomas Woerner <twoerner@redhat.com> - 0.4.3.2-10
|
|
|
c8bceb |
- Fix LOG rule placement for LogDenied (RHBZ#1402932)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Thu Jan 5 2017 Thomas Woerner <twoerner@redhat.com> - 0.4.3.2-9
|
|
|
c8bceb |
- Fix ZONE being blanked in ifcfg on reboot (RHBZ#1381314)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Mon Sep 12 2016 Thomas Woerner <twoerner@redhat.com> - 0.4.3.2-8
|
|
|
c8bceb |
- Exclude firewallctl (RHBZ#1374799)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Tue Sep 6 2016 Thomas Woerner <twoerner@redhat.com> - 0.4.3.2-7
|
|
|
c8bceb |
- Tolerate ipv6_rpfilter fail (RHBZ#1285769)
|
|
|
c8bceb |
- Fix set_rules to copy the rule before extracting the table (RHBZ#1373260)
|
|
|
c8bceb |
- Translation update (RHBZ#1273296)
|
|
|
c8bceb |
- Conflict with NetworkManager < 1:1.4.0-3.el7 (RHBZ#1366288)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Tue Aug 30 2016 Thomas Woerner <twoerner@redhat.com> - 0.4.3.2-6
|
|
|
c8bceb |
- Do not use exit code 254 for {ALREADY,NOT}_ENABLED sequences (RHBZ#1366654)
|
|
|
c8bceb |
- Fail with NOT_AUTHORIZED if authorization fails (RHBZ#1368549)
|
|
|
c8bceb |
- firewall-cmd: Fix get and set description for permanent zones (RHBZ#1368949)
|
|
|
c8bceb |
- Fix loading of service helpers in active zones (RHBZ#1371116)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Tue Aug 16 2016 Thomas Woerner <twoerner@redhat.com> - 0.4.3.2-5
|
|
|
c8bceb |
- Print errors and warnings to stderr additional patch (RHBZ#1360894)
|
|
|
c8bceb |
- Fixed trace back in firewallctl (RHBZ#1367155)
|
|
|
c8bceb |
- Fix client crash if systembus can not be aquired (RHBZ#1367038)
|
|
|
c8bceb |
- Make ALREADY_ENABLED a warning (RHBZ#1366654)
|
|
|
c8bceb |
- Added conflict to old squid package providing the squid.service file
|
|
|
c8bceb |
(RHBZ#1366308)
|
|
|
c8bceb |
- Fixed firewall-cmd help typo (RHBZ#1367171)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Wed Aug 10 2016 Thomas Woerner <twoerner@redhat.com> - 0.4.3.2-4
|
|
|
c8bceb |
- Fixed firewall-config gettext usage (RHBZ#1361612)
|
|
|
c8bceb |
- Fixed ifcfg file reader and writer (RHBZ#1362171)
|
|
|
c8bceb |
- Fixed loading ipset entries from file in commands (RHBZ#1365198)
|
|
|
c8bceb |
- Added conflicts to old main package to sub packages (RHBZ#1361669)
|
|
|
c8bceb |
- Do not show settings of zones etc. without authentication (RHBZ#1357098)
|
|
|
c8bceb |
- Fixed CVE-2016-5410 (RHBZ#1359296)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Thu Jul 28 2016 Thomas Woerner <twoerner@redhat.com> - 0.4.3.2-3
|
|
|
c8bceb |
- Fix test suite for command change (RHBZ#1360871)
|
|
|
c8bceb |
- Fix test suite with stderr usage (RHBZ#1360894)
|
|
|
c8bceb |
- Rebuild for wrong docdir without version (RHBZ#1057327#c7)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Wed Jul 27 2016 Thomas Woerner <twoerner@redhat.com> - 0.4.3.2-2
|
|
|
c8bceb |
- Updated conflict for selinux-policy (RHBZ#1304723)
|
|
|
c8bceb |
- Fixed exit codes in command line clients (RHBZ#1357050)
|
|
|
c8bceb |
- Fixed traceback in firewall-cmd without args (RHBZ#1357063)
|
|
|
c8bceb |
- Fixed source docs in man pages and help output (RHBZ#1357888)
|
|
|
c8bceb |
- Fixed rebuild of changed man pages (RHBZ#1360362)
|
|
|
c8bceb |
- Use stderr for errors and warnings in command line tools (RHBZ#1360894)
|
|
|
c8bceb |
- Fixed lockdown not denying invalid commands (RHBZ#1360871)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Tue Jul 5 2016 Thomas Woerner <twoerner@redhat.com> - 0.4.3.2-1
|
|
|
c8bceb |
- Rebase to 0.4.3.2
|
|
|
c8bceb |
- Fix regression with unavailable optional commands
|
|
|
c8bceb |
- All missing backend messages should be warnings
|
|
|
c8bceb |
- Individual calls for missing restore commands
|
|
|
c8bceb |
- Only one authenticate call for add and remove options and also sequences
|
|
|
c8bceb |
- RH-Satellite-6 service now upstream
|
|
|
c8bceb |
- Conflict for selinux-policy needed to be updated to newer release
|
|
|
c8bceb |
(RHBZ#1304723)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Tue Jun 28 2016 Thomas Woerner <twoerner@redhat.com> - 0.4.3.1-1
|
|
|
c8bceb |
- Rebase to 0.4.3.1
|
|
|
c8bceb |
- firewall.command: Fix python3 DBusException message not interable error
|
|
|
c8bceb |
- src/Makefile.am: Fix path in firewall-[offline-]cmd_test.sh while installing
|
|
|
c8bceb |
- firewallctl: Do not trace back on list command without further arguments
|
|
|
c8bceb |
- firewallctl (man1): Added remaining sections zone, service, ..
|
|
|
c8bceb |
- firewallctl: Added runtime-to-permanent, interface and source parser,
|
|
|
c8bceb |
IndividualCalls setting
|
|
|
c8bceb |
- firewall.server.config: Allow to set IndividualCalls property in config
|
|
|
c8bceb |
interface
|
|
|
c8bceb |
- Fix missing icmp rules for some zones
|
|
|
c8bceb |
- runProg: Fix issue with running programs
|
|
|
c8bceb |
- firewall-offline-cmd: Fix issues with missing system-config-firewall
|
|
|
c8bceb |
- firewall.core.ipXtables: Split up source and dest addresses for transaction
|
|
|
c8bceb |
- firewall.server.config: Log error in case of loading malformed files in
|
|
|
c8bceb |
watcher
|
|
|
c8bceb |
- Install and package the firewallctl man page
|
|
|
c8bceb |
|
|
|
c8bceb |
* Wed Jun 22 2016 Thomas Woerner <twoerner@redhat.com> - 0.4.3-3
|
|
|
c8bceb |
- Readding RH-Satellite-6 service
|
|
|
c8bceb |
|
|
|
c8bceb |
* Wed Jun 22 2016 Thomas Woerner <twoerner@redhat.com> - 0.4.3-2
|
|
|
c8bceb |
- Fixed typo in Requires(post)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Wed Jun 22 2016 Thomas Woerner <twoerner@redhat.com> - 0.4.3-1
|
|
|
c8bceb |
- Rebase to 0.4.3
|
|
|
c8bceb |
- Rebase to the new upstream and new release (RHBZ#1302802)
|
|
|
c8bceb |
- New firewallctl command line utility (RHBZ#1147959)
|
|
|
c8bceb |
- Adds radius TCP ports (RHBZ#1219717)
|
|
|
c8bceb |
- XSD enhancements for conflicting tag specification (RHBZ#1296573)
|
|
|
c8bceb |
- Adds port for corosync-qnetd to high-availability service (RHBZ#1347530)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Tue May 31 2016 Thomas Woerner <twoerner@redhat.com> - 0.4.2-1
|
|
|
c8bceb |
- Rebase to 0.4.2
|
|
|
c8bceb |
- Allows unspecifying zone binding for interfaces in firewall-config
|
|
|
c8bceb |
(RHBZ#1066037)
|
|
|
c8bceb |
- Adds improved management of zone binding for interfaces, connections and
|
|
|
c8bceb |
sources (RHBZ#1083626)
|
|
|
c8bceb |
- Adds commands to showing details of zones, services, .. (RHBZ#1147500)
|
|
|
c8bceb |
- Adds a default logging option (RHBZ#1147951)
|
|
|
c8bceb |
- Adds quiet option for firewall-offline-cmd (RHBZ#1220467)
|
|
|
c8bceb |
- Adds support for zone chain usage in direct rules (RHBZ#1136801,
|
|
|
c8bceb |
RHBZ#1336881)
|
|
|
c8bceb |
- Adds source port support in zones, services and rich rules (RHBZ#1214770)
|
|
|
c8bceb |
- Adds services imap and smtps (RHBZ#1220196)
|
|
|
c8bceb |
- Fixes runtime to permanent migration(RHBZ#1237242)
|
|
|
c8bceb |
- Fixes removal of destination addresses for services in permanent view in
|
|
|
c8bceb |
firewall-config (RHBZ#1278281)
|
|
|
c8bceb |
- Fixes firewall-config usage over ssh (RHBZ#1281416)
|
|
|
c8bceb |
- Fixes reload disconnects with existing connections (RHBZ#1287449)
|
|
|
c8bceb |
- Fixes ICMP packet drops while reloading (RHBZ#1288177)
|
|
|
c8bceb |
- Adds option to add a new zone, service, .. from existing file (RHBZ#1292926)
|
|
|
c8bceb |
- Adds improved checks for file readers, fixes error reporting of strings
|
|
|
c8bceb |
containing illegal characters (RHBZ#1303026)
|
|
|
c8bceb |
- Transforms direct.passthrough errors into warnings (RHBZ#1301573)
|
|
|
c8bceb |
- Reduced getprotobyname and getservbyname calls for NIS use (RHBZ#1305434)
|
|
|
c8bceb |
- Fixes (repeated) firewalld reload by sending SIGHUP signal (RHBZ#1313023)
|
|
|
c8bceb |
- Adds After=dbus.service to service file to fix shutdown (RHBZ#1313845)
|
|
|
c8bceb |
- Adds ICMP block inversion support (RHBZ#1325335)
|
|
|
c8bceb |
- Fixes local traffic issue with masquerading in default zone (RHBZ#1326130)
|
|
|
c8bceb |
- Adds destination rich rules without an element (RHBZ#1326462)
|
|
|
c8bceb |
- Fixes reload after default zone change to newly introduced zone (RHBZ#1273888)
|
|
|
c8bceb |
- Fixes start without ipv6_rpfilter module (RHBZ#1285769)
|
|
|
c8bceb |
- Adds log of denied packets option (RHBZ#1322505)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Tue Sep 15 2015 Thomas Woerner <twoerner@redhat.com> - 0.3.9-14
|
|
|
c8bceb |
- Fixed file mode of schema configuration file verifier check.sh als in files
|
|
|
c8bceb |
(RHBZ#994479)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Fri Sep 11 2015 Thomas Woerner <twoerner@redhat.com> - 0.3.9-13
|
|
|
c8bceb |
- Fixed file mode of schema configuration file verifier check.sh (RHBZ#994479)
|
|
|
c8bceb |
- Include upstream testsuite in SRPM package (RHBZ#1261502)
|
|
|
c8bceb |
- Added missing ports to RH-Satellite-6 mservice (RHBZ#1254531)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Mon Jul 6 2015 Thomas Woerner <twoerner@redhat.com> - 0.3.9-12
|
|
|
c8bceb |
- New schema configuration file verifier (RHBZ#994479)
|
|
|
c8bceb |
- More information about interface handling with and without NetworkManager
|
|
|
c8bceb |
(RHBZ#1122739) (RHBZ#1128563)
|
|
|
c8bceb |
- Apply all rich rules for non-default targets (RHBZ#1142741)
|
|
|
c8bceb |
- New iscsi service (RHBZ#1150656)
|
|
|
c8bceb |
- New rsync service (RHBZ#1150659)
|
|
|
c8bceb |
- ipXtables: use -w or -w2 if supported (RHBZ#1161745)
|
|
|
c8bceb |
- Do not use ipv6header for protocol matching. (RHBZ#1164605)
|
|
|
c8bceb |
- Iptables does not like limit of 1/d (RHBZ#1176813)
|
|
|
c8bceb |
- Fix readdition of removed permanent direct settings (RHBZ#1182671)
|
|
|
c8bceb |
- Fix bugs found by upstream test suite (RHBZ#1183008)
|
|
|
c8bceb |
- Fix polkit auth for query and get passthroughs methods (RHBZ#1183688)
|
|
|
c8bceb |
- New vdsm service (RHBZ#1194382)
|
|
|
c8bceb |
- New freeipa services (RHBZ#1206490)
|
|
|
c8bceb |
- Add missing parts to firewall-offline-cmd man page (RHBZ#1217678)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Tue Jan 13 2015 Thomas Woerner <twoerner@redhat.com> - 0.3.9-11
|
|
|
c8bceb |
- added missing upstream commit 265bfe90 for (RHBZ#993650)
|
|
|
c8bceb |
- also add log message in the firewall-cmd output (RHBZ#1057095)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Mon Oct 20 2014 Thomas Woerner <twoerner@redhat.com> - 0.3.9-10
|
|
|
c8bceb |
- additional upstream commits for (RHBZ#993650)
|
|
|
c8bceb |
- additional upstream commits for (RHBZ#1127706)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Tue Oct 7 2014 Thomas Woerner <twoerner@redhat.com> - 0.3.9-9
|
|
|
c8bceb |
- added lost runtime passthrough check and reverse patch (RHBZ#993650)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Mon Sep 29 2014 Thomas Woerner <twoerner@redhat.com> - 0.3.9-8
|
|
|
c8bceb |
- fixed GUI missing name of active zone (RHBZ#993655)
|
|
|
c8bceb |
- recreate man pages at build time (RHBZ#1071303)
|
|
|
c8bceb |
- fixes rich language log level (RHBZ#993740)
|
|
|
c8bceb |
- fixes typo in firewall-cmd man page (RHBZ#1064401)
|
|
|
c8bceb |
- new support to save runtime as permanent (RHBZ#993650)
|
|
|
c8bceb |
- new cli --timeout time specifiers support (RHBZ#994044)
|
|
|
c8bceb |
- updated translations (RHBZ#1048119) (RHBZ#1083592)
|
|
|
c8bceb |
- more descriptive error message in case of mistakes in iptables (RHBZ#1057095)
|
|
|
c8bceb |
- use apparent name for default target (RHBZ#1075675)
|
|
|
c8bceb |
- simplified firewalld usage on servers by dropping at_console (RHBZ#1097765)
|
|
|
c8bceb |
- fixed enable/disable of lockdown (RHBZ#1111573)
|
|
|
c8bceb |
- new Satellite 6 service (RHBZ#1135634)
|
|
|
c8bceb |
- fixed inconsistent color usage for firewall-cmd messages (RHBZ#1097841)
|
|
|
c8bceb |
- fixed missing -Es in lockdown whitelist firewall-config command (RHBZ#1099065)
|
|
|
c8bceb |
- unified runtime and permanent D-Bus API (RHBZ#1127706)
|
|
|
c8bceb |
- fixed missing update of the connections menu in firewall-config (RHBZ#1120212)
|
|
|
c8bceb |
- better docs for interface bindings in firewalld and NetworkManager (RHBZ#1112742)
|
|
|
c8bceb |
- firewall-config: Show target REJECT (RHBZ#1058794)
|
|
|
c8bceb |
- fixed inconsistent PolicyKit domain usage in main D-Bus interface (RHBZ#1061809)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Fri Feb 28 2014 Jiri Popelka <jpopelka@redhat.com> - 0.3.9-7
|
|
|
c8bceb |
- firewall-cmd: prevent argparse from parsing iptables options (RHBZ#1070683)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Wed Feb 26 2014 Jiri Popelka <jpopelka@redhat.com> - 0.3.9-6
|
|
|
c8bceb |
- firewall-offline-cmd: options from 'firewall-cmd --permanent *' (RHBZ#1059800)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Sun Feb 23 2014 Thomas Woerner <twoerner@redhat.com> - 0.3.9-5
|
|
|
c8bceb |
- fixed rich language log level (RHBZ#993740)
|
|
|
c8bceb |
- firewall-config: use simple tool to change zones for connections (RHBZ#993782)
|
|
|
c8bceb |
- translations update (RHBZ#1030330)
|
|
|
c8bceb |
- firewall-config: fixed service and icmptype name dulications (RHBZ#1067639)
|
|
|
c8bceb |
- allow router advertisements for IPv6 rpfilter (RHBZ#1067652)
|
|
|
c8bceb |
- firewall-applet: allow to bind connections to the defaut zone (RHBZ#1068148)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Wed Feb 12 2014 Thomas Woerner <twoerner@redhat.com> - 0.3.9-4
|
|
|
c8bceb |
- firewall-config creates unloadable config; port forwarding broken
|
|
|
c8bceb |
(RHBZ#1057628)
|
|
|
c8bceb |
- Network connection is lost after changing Zones Default Target to DROP
|
|
|
c8bceb |
(RHBZ#1057629)
|
|
|
c8bceb |
- permanently adding rich rule with audit creates unloadable config XML
|
|
|
c8bceb |
(RHBZ#1057684)
|
|
|
c8bceb |
- firewalld input_zones has default rule for public zone (RHBZ#1058339)
|
|
|
c8bceb |
- firewall-cmd is not able to add and remove zones, services and icmptypes
|
|
|
c8bceb |
(RHBZ#1064386)
|
|
|
c8bceb |
- firewall-config leaves deleted services shown if they were in use
|
|
|
c8bceb |
(RHBZ#1058853)
|
|
|
c8bceb |
- firewall-cmd does not allow user to change zone default target (RHBZ#1058791)
|
|
|
c8bceb |
- firewall-cmd man page has a typo in --help description (RHBZ#1064401)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Fri Jan 17 2014 Thomas Woerner <twoerner@redhat.com> - 0.3.9-3
|
|
|
c8bceb |
- fixed enforcing of trusted, drop and block zones (RHBZ#1054415)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Thu Jan 16 2014 Thomas Woerner <twoerner@redhat.com> - 0.3.9-2
|
|
|
c8bceb |
- fixed rich rules (RHBZ#1054270)
|
|
|
c8bceb |
- fixed small defects in firewall-cmd and firewall-config (RHBZ#1054289)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Wed Jan 15 2014 Thomas Woerner <twoerner@redhat.com> - 0.3.9-1
|
|
|
c8bceb |
- rebase to 0.3.9 version:
|
|
|
c8bceb |
- translation updates
|
|
|
c8bceb |
- New IPv6_rpfilter setting to enable source address validation (RHBZ#847707)
|
|
|
c8bceb |
- Do not mix original and customized zones in case of target changes,
|
|
|
c8bceb |
apply only used zones
|
|
|
c8bceb |
- firewall-cmd: fix --*_lockdown_whitelist_uid to work with uid 0
|
|
|
c8bceb |
- Don't show main window maximized. (RHBZ#1046811)
|
|
|
c8bceb |
- Use rmmod instead of 'modprobe -r' (RHBZ#1031102)
|
|
|
c8bceb |
- Deprecate 'enabled' attribute of 'masquerade' element
|
|
|
c8bceb |
- firewall-config: new zone was added twice to the list
|
|
|
c8bceb |
- firewalld.dbus(5)
|
|
|
c8bceb |
- Enable python shebang fix again
|
|
|
c8bceb |
- firewall/client: handle_exceptions: Use loop in decorator
|
|
|
c8bceb |
- firewall-offline-cmd: Do not mask firewalld service with disabled option
|
|
|
c8bceb |
- firewall-config: richRuleDialogActionRejectType Entry -> ComboBox
|
|
|
c8bceb |
- Rich_Rule: fix parsing of reject element (RHBZ#1027373)
|
|
|
c8bceb |
- Show combined zones in permanent configuration (RHBZ#1002016)
|
|
|
c8bceb |
- firewall-cmd(1): document exit code 2 and colored output (RHBZ#1028507)
|
|
|
c8bceb |
- firewall-config: fix RHBZ#1028853
|
|
|
c8bceb |
|
|
|
c8bceb |
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 0.3.8-2
|
|
|
c8bceb |
- Mass rebuild 2013-12-27
|
|
|
c8bceb |
|
|
|
c8bceb |
* Tue Nov 05 2013 Jiri Popelka <jpopelka@redhat.com> - 0.3.8-1
|
|
|
c8bceb |
- fix memory leaks
|
|
|
c8bceb |
- New option --debug-gc
|
|
|
c8bceb |
- Python3 compatibility
|
|
|
c8bceb |
- Better non-ascii support
|
|
|
c8bceb |
- several firewall-config & firewall-applet fixes
|
|
|
c8bceb |
- New --remove-rules commands for firewall-cmd and removeRules methods for D-Bus
|
|
|
c8bceb |
- Fixed FirewallDirect.get_rules to return proper list
|
|
|
c8bceb |
- Fixed LastUpdatedOrderedDict.keys()
|
|
|
c8bceb |
- Enable rich rule usage in trusted zone (RHBZ#994144)
|
|
|
c8bceb |
- New error codes: INVALID_CONTEXT, INVALID_COMMAND, INVALID_USER and INVALID_UID
|
|
|
c8bceb |
|
|
|
c8bceb |
* Thu Oct 17 2013 Jiri Popelka <jpopelka@redhat.com> - 0.3.7-1
|
|
|
c8bceb |
- Don't fail on missing ip[6]tables/ebtables table. (RHBZ#967376)
|
|
|
c8bceb |
- bash-completion: --permanent --direct options
|
|
|
c8bceb |
- firewall/core/fw.py: fix checking for iptables & ip6tables (RHBZ#1017087)
|
|
|
c8bceb |
- firewall-cmd: use client's exception_handler instead of catching exceptions ourselves
|
|
|
c8bceb |
- FirewallClientZoneSettings: fix {add|remove|query}RichRule()
|
|
|
c8bceb |
- Extend amanda-client service with 10080/tcp (RHBZ#1016867)
|
|
|
c8bceb |
- Simplify Rich_Rule()_lexer() by using functions.splitArgs()
|
|
|
c8bceb |
- Fix encoding problems in exception handling (RHBZ#1015941)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Fri Oct 04 2013 Jiri Popelka <jpopelka@redhat.com> - 0.3.6.2-1
|
|
|
c8bceb |
- firewall-offline-cmd: --forward-port 'toaddr' is optional (RHBZ#1014958)
|
|
|
c8bceb |
- firewall-cmd: fix variable name (RHBZ#1015011)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Thu Oct 03 2013 Jiri Popelka <jpopelka@redhat.com> - 0.3.6.1-1
|
|
|
c8bceb |
- remove superfluous po files from archive
|
|
|
c8bceb |
|
|
|
c8bceb |
* Wed Oct 02 2013 Jiri Popelka <jpopelka@redhat.com> - 0.3.6-1
|
|
|
c8bceb |
- firewalld.richlanguage.xml: correct log levels (RHBZ#993740)
|
|
|
c8bceb |
- firewall-config: Make sure that all zone settings are updated properly on firewalld restart
|
|
|
c8bceb |
- Rich_Limit: Allow long representation for duration (RHBZ#994103
|
|
|
c8bceb |
- firewall-config: Show "Changes applied." after changes (RHBZ#993643)
|
|
|
c8bceb |
- Use own connection dialog to change zones for NM connections
|
|
|
c8bceb |
- Rename service cluster-suite to high-availability (RHBZ#885257)
|
|
|
c8bceb |
- Permanent direct support for firewall-config and firewall-cmd
|
|
|
c8bceb |
- Try to avoid file descriptor leaking (RHBZ#951900)
|
|
|
c8bceb |
- New functions to split and join args properly (honoring quotes)
|
|
|
c8bceb |
- firewall-cmd(1): 2 simple examples
|
|
|
c8bceb |
- Better IPv6 NAT checking.
|
|
|
c8bceb |
- Ship firewalld.direct(5).
|
|
|
c8bceb |
|
|
|
c8bceb |
* Mon Sep 30 2013 Jiri Popelka <jpopelka@redhat.com> - 0.3.5-1
|
|
|
c8bceb |
- Only use one PK action for configuration (RHBZ#994729)
|
|
|
c8bceb |
- firewall-cmd: indicate non-zero exit code with red color
|
|
|
c8bceb |
- rich-rule: enable to have log without prefix & log_level & limit
|
|
|
c8bceb |
- log-level warn/err -> warning/error (RHBZ#1009436)
|
|
|
c8bceb |
- Use policy DROP while reloading, do not reset policy in restart twice
|
|
|
c8bceb |
- Add _direct chains to all table and chain combinations
|
|
|
c8bceb |
- documentation improvements
|
|
|
c8bceb |
- New firewalld.direct(5) man page docbook source
|
|
|
c8bceb |
- tests/firewall-cmd_test.sh: make rich language tests work
|
|
|
c8bceb |
- Rich_Rule._import_from_string(): improve error messages (RHBZ#994150)
|
|
|
c8bceb |
- direct.passthrough wasn't always matching out_signature (RHBZ#967800)
|
|
|
c8bceb |
- firewall-config: twist ICMP Type IP address family logic.
|
|
|
c8bceb |
- firewall-config: port-forwarding/masquerading dialog (RHBZ#993658)
|
|
|
c8bceb |
- firewall-offline-cmd: New --remove-service=<service> option (BZ#969106)
|
|
|
c8bceb |
- firewall-config: Options->Lockdown was not changing permanent.
|
|
|
c8bceb |
- firewall-config: edit line on doubleclick (RHBZ#993572)
|
|
|
c8bceb |
- firewall-config: System Default Zone -> Default Zone (RHBZ#993811)
|
|
|
c8bceb |
- New direct D-Bus interface, persistent direct rule handling, enabled passthough
|
|
|
c8bceb |
- src/firewall-cmd: Fixed help output to use more visual parameters
|
|
|
c8bceb |
- src/firewall-cmd: New usage output, no redirection to man page anymore
|
|
|
c8bceb |
- src/firewall/core/rich.py: Fixed forwad port destinations
|
|
|
c8bceb |
- src/firewall-offline-cmd: Early enable/disable handling now with mask/unmask
|
|
|
c8bceb |
- doc/xml/firewalld.zone.xml: Added more information about masquerade use
|
|
|
c8bceb |
- Prefix to log message is optional (RHBZ#998079)
|
|
|
c8bceb |
- firewall-cmd: fix --permanent --change-interface (RHBZ#997974)
|
|
|
c8bceb |
- Sort zones/interfaces/service/icmptypes on output.
|
|
|
c8bceb |
- wbem-https service (RHBZ#996668)
|
|
|
c8bceb |
- applet&config: add support for KDE NetworkManager connection editor
|
|
|
c8bceb |
- firewall/core/fw_config.py: New method update_lockdown_whitelist
|
|
|
c8bceb |
- Added missing file watcher for lockdown whitelist in config D-Bus interface
|
|
|
c8bceb |
- firewall/core/watcher: New add_watch_file for lockdown-whitelist and direct
|
|
|
c8bceb |
- Make use of IPv6 NAT conditional, based on kernel number (RHBZ#967376)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Tue Jul 30 2013 Thomas Woerner <twoerner@redhat.com> 0.3.4-1
|
|
|
c8bceb |
- several rich rule check enhancements and fixes
|
|
|
c8bceb |
- firewall-cmd: direct options - check ipv4|ipv6|eb (RHBZ#970505)
|
|
|
c8bceb |
- firewall-cmd(1): improve description of direct options (RHBZ#970509)
|
|
|
c8bceb |
- several firewall-applet enhancements and fixes
|
|
|
c8bceb |
- New README
|
|
|
c8bceb |
- several doc and man page fixes
|
|
|
c8bceb |
- Service definitions for PCP daemons (RHBZ#972262)
|
|
|
c8bceb |
- bash-completion: add lockdown and rich language options
|
|
|
c8bceb |
- firewall-cmd: add --permanent --list-all[-zones]
|
|
|
c8bceb |
- firewall-cmd: new -q/--quiet option
|
|
|
c8bceb |
- firewall-cmd: warn when default zone not active (RHBZ#971843)
|
|
|
c8bceb |
- firewall-cmd: check priority in --add-rule (RHBZ#914955)
|
|
|
c8bceb |
- add dhcpv6 (for server) service (RHBZ#917866)
|
|
|
c8bceb |
- firewall-cmd: add --permanent --get-zone-of-interface/source --change-interface/source
|
|
|
c8bceb |
- firewall-cmd: print result (yes/no) of all --query-* commands
|
|
|
c8bceb |
- move permanent-getZoneOf{Interface|Source} from firewall-cmd to server
|
|
|
c8bceb |
- Check Interfaces/sources when updating permanent zone settings.
|
|
|
c8bceb |
- FirewallDConfig: getZoneOfInterface/Source can actually return more zones
|
|
|
c8bceb |
- Fixed toaddr check in forward port to only allow single address, no range
|
|
|
c8bceb |
- firewall-cmd: various output improvements
|
|
|
c8bceb |
- fw_zone: use check_single_address from firewall.functions
|
|
|
c8bceb |
- getZoneOfInterface/Source does not need to throw exception
|
|
|
c8bceb |
- firewall.functions: Use socket.inet_pton in checkIP, fixed checkIP*nMask
|
|
|
c8bceb |
- firewall.core.io.service: Properly check port/proto and destination address
|
|
|
c8bceb |
- Install applet desktop file into /etc/xdg/autostart
|
|
|
c8bceb |
- Fixed option problem with rich rule destinations (RHBZ#979804)
|
|
|
c8bceb |
- Better exception creation in dbus_handle_exceptions() decorator (RHBZ#979790)
|
|
|
c8bceb |
- Updated firewall-offline-cmd
|
|
|
c8bceb |
- Use priority in add, remove, query and list of direct rules (RHBZ#979509)
|
|
|
c8bceb |
- New documentation (man pages are created from docbook sources)
|
|
|
c8bceb |
- firewall/core/io/direct.py: use prirority for rule methods, new get_all_ methods
|
|
|
c8bceb |
- direct: pass priority also to client.py and firewall-cmd
|
|
|
c8bceb |
- applet: New blink and blink-count settings
|
|
|
c8bceb |
- firewall.functions: New function ppid_of_pid
|
|
|
c8bceb |
- applet: Check for gnome3 and fix it, use new settings, new size-changed cb
|
|
|
c8bceb |
- firewall-offline-cmd: Fix use of systemctl in chroot
|
|
|
c8bceb |
- firewall-config: use string.ascii_letters instead of string.letters
|
|
|
c8bceb |
- dbus_to_python(): handle non-ascii chars in dbus.String.
|
|
|
c8bceb |
- Modernize old syntax constructions.
|
|
|
c8bceb |
- dict.keys() in Python 3 returns a "view" instead of list
|
|
|
c8bceb |
- Use gettext.install() to install _() in builtins namespace.
|
|
|
c8bceb |
- Allow non-ascii chars in 'short' and 'description'
|
|
|
c8bceb |
- README: More information for "Working With The Source Repository"
|
|
|
c8bceb |
- Build environment fixes
|
|
|
c8bceb |
- firewalld.spec: Added missing checks for rhel > 6 for pygobject3-base
|
|
|
c8bceb |
- firewall-applet: New setting show-inactive
|
|
|
c8bceb |
- Don't stop on reload when lockdown already enabled (RHBZ#987403)
|
|
|
c8bceb |
- firewall-cmd: --lockdown-on/off did not touch firewalld.conf
|
|
|
c8bceb |
- FirewallApplet.gschema.xml: Dropped unused sender-info setting
|
|
|
c8bceb |
- doc/firewall-applet.xml: Added information about gsettings
|
|
|
c8bceb |
- several debug and log message fixes
|
|
|
c8bceb |
- Add chain for sources so they can be checked before interfaces (RHBZ#903222)
|
|
|
c8bceb |
- Add dhcp and proxy-dhcp services (RHBZ#986947)
|
|
|
c8bceb |
- io/Zone(): don't error on deprecated family attr of source elem
|
|
|
c8bceb |
- Limit length of zone file name (to 12 chars) due to Netfilter internals.
|
|
|
c8bceb |
- It was not possible to overload a zone with defined source(s).
|
|
|
c8bceb |
- DEFAULT_ZONE_TARGET: {chain}_ZONE_{zone} -> {chain}_{zone}
|
|
|
c8bceb |
- New runtime get<X>Settings for services and icmptypes, fixed policies callbacks
|
|
|
c8bceb |
- functions: New functions checkUser, checkUid and checkCommand
|
|
|
c8bceb |
- src/firewall/client: Fixed lockdown-whitelist-updated signal handling
|
|
|
c8bceb |
- firewall-cmd(1): move firewalld.richlanguage(5) reference in --*-rich-rule
|
|
|
c8bceb |
- Rich rule service: Only add modules for accept action
|
|
|
c8bceb |
- firewall/core/rich: Several fixes and enhanced checks
|
|
|
c8bceb |
- Fixed reload of direct rules
|
|
|
c8bceb |
- firewall/client: New functions to set and get the exception handler
|
|
|
c8bceb |
- firewall-config: New and enhanced UI to handle lockdown and rich rules
|
|
|
c8bceb |
- zone's immutable attribute is redundant
|
|
|
c8bceb |
- Do not allow to set settings in config for immutable zones.
|
|
|
c8bceb |
- Ignore deprecated 'immutable' attribute in zone files.
|
|
|
c8bceb |
- Eviscerate 'immutable' completely.
|
|
|
c8bceb |
- FirewallDirect.query_rule(): fix it
|
|
|
c8bceb |
- permanent direct: activate firewall.core.io.direct:Direct reader
|
|
|
c8bceb |
- core/io/*: simplify getting of character data
|
|
|
c8bceb |
- FirewallDirect.set_config(): allow reloading
|
|
|
c8bceb |
|
|
|
c8bceb |
* Thu Jun 20 2013 Jiri Popelka <jpopelka@redhat.com>
|
|
|
c8bceb |
- Remove migrating to a systemd unit file from a SysV initscript
|
|
|
c8bceb |
- Remove pointless "ExclusiveOS" tag
|
|
|
c8bceb |
|
|
|
c8bceb |
* Fri Jun 7 2013 Thomas Woerner <twoerner@redhat.com> 0.3.3-2
|
|
|
c8bceb |
- Fixed rich rule check for use in D-Bus
|
|
|
c8bceb |
|
|
|
c8bceb |
* Thu Jun 6 2013 Thomas Woerner <twoerner@redhat.com> 0.3.3-1
|
|
|
c8bceb |
- new service files
|
|
|
c8bceb |
- relicensed logger.py under GPLv2+
|
|
|
c8bceb |
- firewall-config: sometimes we don't want to use client's exception handler
|
|
|
c8bceb |
- When removing Service/IcmpType remove it from zones too (RHBZ#958401)
|
|
|
c8bceb |
- firewall-config: work-around masquerade_check_cb() being called more times
|
|
|
c8bceb |
- Zone(IO): add interfaces/sources to D-Bus signature
|
|
|
c8bceb |
- Added missing UNKNOWN_SOURCE error code
|
|
|
c8bceb |
- fw_zone.check_source: Raise INVALID_FAMILY if family is invalid
|
|
|
c8bceb |
- New changeZoneOfInterface method, marked changeZone as deprecated
|
|
|
c8bceb |
- Fixed firewall-cmd man page entry for --panic-on
|
|
|
c8bceb |
- firewall-applet: Fixed possible problems of unescaped strings used for markup
|
|
|
c8bceb |
- New support to bind zones to source addresses and ranges (D-BUS, cmd, applet
|
|
|
c8bceb |
- Cleanup of unused variables in FirewallD.start
|
|
|
c8bceb |
- New firewall/fw_types.py with LastUpdatedOrderedDict
|
|
|
c8bceb |
- direct.chains, direct.rules: Using LastUpdatedOrderedDict
|
|
|
c8bceb |
- Support splitted zone files
|
|
|
c8bceb |
- New reader and writer for stored direct chains and rules
|
|
|
c8bceb |
- LockdownWhitelist: fix write(), add get_commands/uids/users/contexts()
|
|
|
c8bceb |
- fix service_writer() and icmptype_writer() to put newline at end of file
|
|
|
c8bceb |
- firewall-cmd: fix --list-sources
|
|
|
c8bceb |
- No need to specify whether source address family is IPv4 or IPv6
|
|
|
c8bceb |
- add getZoneOfSource() to D-Bus interface
|
|
|
c8bceb |
- Add tests and bash-completion for the new "source" operations
|
|
|
c8bceb |
- Convert all input args in D-Bus methods
|
|
|
c8bceb |
- setDefaultZone() was calling accessCheck() *after* the action
|
|
|
c8bceb |
- New uniqify() function to remove duplicates from list whilst preserving order
|
|
|
c8bceb |
- Zone.combine() merge also services and ports
|
|
|
c8bceb |
- config/applet: silence DBusException during start when FirewallD is not running (RHBZ#966518)
|
|
|
c8bceb |
- firewall-applet: more fixes to make the address sources family agnostic
|
|
|
c8bceb |
- Better defaults for lockdown white list
|
|
|
c8bceb |
- Use auth_admin_keep for allow_any and allow_inactive also
|
|
|
c8bceb |
- New D-Bus API for lockdown policies
|
|
|
c8bceb |
- Use IPv4, IPv6 and BRIDGE for FirewallD properties
|
|
|
c8bceb |
- Use rich rule action as audit type
|
|
|
c8bceb |
- Prototype of string-only D-Bus interface for rich language
|
|
|
c8bceb |
- Fixed wrongly merged source family check in firewall/core/io/zone.py
|
|
|
c8bceb |
- handle_cmr: report errors, cleanup modules in error case only, mark handling
|
|
|
c8bceb |
- Use audit type from rule action, fixed rule output
|
|
|
c8bceb |
- Fixed lockdown whitelist D-Bus handling method names
|
|
|
c8bceb |
- New rich rule handling in runtime D-Bus interface
|
|
|
c8bceb |
- Added interface, source and rich rule handling (runtime and permanent)
|
|
|
c8bceb |
- Fixed dbus_obj in FirewallClientConfigPolicies, added queryLockdown
|
|
|
c8bceb |
- Write changes in setLockdownWhitelist
|
|
|
c8bceb |
- Fixed typo in policies log message in method calls
|
|
|
c8bceb |
- firewall-cmd: Added rich rule, lockdown and lockdown whitelist handling
|
|
|
c8bceb |
- Don't check access in query/getLockdownWhitelist*()
|
|
|
c8bceb |
- firewall-cmd: Also output masquerade flag in --list-all
|
|
|
c8bceb |
- firewall-cmd: argparse is able to convert argument to desired type itself
|
|
|
c8bceb |
- firewall-cmd_test.sh: tests for permanent interfaces/sources and lockdown whitelist
|
|
|
c8bceb |
- Makefile.am: add missing files
|
|
|
c8bceb |
- firewall-cmd_test.sh: tests for rich rules
|
|
|
c8bceb |
- Added lockdown, source, interface and rich rule docs to firewall-cmd
|
|
|
c8bceb |
- Do not masquerade lo if masquerade is enabled in the default zone (RHBZ#904098)
|
|
|
c8bceb |
- Use <rule> in metavar for firewall-cmd parser
|
|
|
c8bceb |
|
|
|
c8bceb |
* Fri May 10 2013 Jiri Popelka <jpopelka@redhat.com> - 0.3.2-2
|
|
|
c8bceb |
- removed unintentional en_US.po from tarball
|
|
|
c8bceb |
|
|
|
c8bceb |
* Tue Apr 30 2013 Jiri Popelka <jpopelka@redhat.com> - 0.3.2-1
|
|
|
c8bceb |
- Fix signal handling for SIGTERM
|
|
|
c8bceb |
- Additional service files (RHBZ#914859)
|
|
|
c8bceb |
- Updated po files
|
|
|
c8bceb |
- s/persistent/permanent/ (Trac Ticket #7)
|
|
|
c8bceb |
- Better behaviour when running without valid DISPLAY (RHBZ#955414)
|
|
|
c8bceb |
- client.handle_exceptions(): do not loop forever
|
|
|
c8bceb |
- Set Zone.defaults in zone_reader (RHBZ#951747)
|
|
|
c8bceb |
- client: do not pass the dbus exception name to handler
|
|
|
c8bceb |
- IO_Object_XMLGenerator: make it work with Python 2.7.4 (RHBZ#951741)
|
|
|
c8bceb |
- firewall-cmd: do not use deprecated BaseException.message
|
|
|
c8bceb |
- client.py: fix handle_exceptions() (RHBZ#951314)
|
|
|
c8bceb |
- firewall-config: check zone/service/icmptype name (RHBZ#947820)
|
|
|
c8bceb |
- Allow 3121/tcp (pacemaker_remote) in cluster-suite service. (RHBZ#885257)
|
|
|
c8bceb |
- firewall-applet: fix default zone hangling in 'shields-up' (RHBZ#947230)
|
|
|
c8bceb |
- FirewallError.get_code(): check for unknown error
|
|
|
c8bceb |
|
|
|
c8bceb |
* Wed Apr 17 2013 Jiri Popelka <jpopelka@redhat.com> - 0.3.1-2
|
|
|
c8bceb |
- Make permanenent changes work with Python 2.7.4 (RHBZ#951741)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Thu Mar 28 2013 Thomas Woerner <twoerner@redhat.com> 0.3.1-1
|
|
|
c8bceb |
- Use explicit file lists for make dist
|
|
|
c8bceb |
- New rich rule validation check code
|
|
|
c8bceb |
- New global check_port and check_address functions
|
|
|
c8bceb |
- Allow source white and black listing with the rich rule
|
|
|
c8bceb |
- Fix error handling in case of unsupported family in rich rule
|
|
|
c8bceb |
- Enable ip_forwarding in masquerade and forward-port
|
|
|
c8bceb |
- New functions to read and write simple files using filename and content
|
|
|
c8bceb |
- Add --enable-sysconfig to install Fedora-specific sysconfig config file.
|
|
|
c8bceb |
- Add chains for security table (RHBZ#927015)
|
|
|
c8bceb |
- firewalld.spec: no need to specify --with-systemd-unitdir
|
|
|
c8bceb |
- firewalld.service: remove syslog.target and dbus.target
|
|
|
c8bceb |
- firewalld.service: replace hard-coded paths
|
|
|
c8bceb |
- Move bash-completion to new location.
|
|
|
c8bceb |
- Revert "Added configure for new build env"
|
|
|
c8bceb |
- Revert "Added Makefile.in files"
|
|
|
c8bceb |
- Revert "Added po/Makefile.in.in"
|
|
|
c8bceb |
- Revert "Added po/LINGUAS"
|
|
|
c8bceb |
- Revert "Added aclocal.m4"
|
|
|
c8bceb |
- Amend zone XML Schema
|
|
|
c8bceb |
|
|
|
c8bceb |
* Wed Mar 20 2013 Thomas Woerner <twoerner@redhat.com> 0.3.0-1
|
|
|
c8bceb |
- Added rich language support
|
|
|
c8bceb |
- Added lockdown feature
|
|
|
c8bceb |
- Allow to bind interfaces and sources to zones permanently
|
|
|
c8bceb |
- Enabled IPv6 NAT support
|
|
|
c8bceb |
masquerading and port/packet forwarding for IPv6 only with rich language
|
|
|
c8bceb |
- Handle polkit errors in client class and firewall-config
|
|
|
c8bceb |
- Added priority description for --direct --add-rule in firewall-cmd man page
|
|
|
c8bceb |
- Add XML Schemas for zones/services/icmptypes XMLs
|
|
|
c8bceb |
- Don't keep file descriptors open when forking
|
|
|
c8bceb |
- Introduce --nopid option for firewalld
|
|
|
c8bceb |
- New FORWARD_IN_ZONES and FORWARD_OUT_ZONES chains (RHBZ#912782)
|
|
|
c8bceb |
- Update cluster-suite service (RHBZ#885257)
|
|
|
c8bceb |
- firewall-cmd: rename --enable/disable-panic to --panic-on/off (RHBZ#874912)
|
|
|
c8bceb |
- Fix interaction problem of changed event of gtk combobox with polkit-kde
|
|
|
c8bceb |
by processing all remaining events (RHBZ#915892)
|
|
|
c8bceb |
- Stop default zone rules being applied to all zones (RHBZ#912782)
|
|
|
c8bceb |
- Firewall.start(): don't call set_default_zone()
|
|
|
c8bceb |
- Add wiki's URL to firewalld(1) and firewall-cmd(1) man pages
|
|
|
c8bceb |
- firewalld-cmd: make --state verbose (RHBZ#886484)
|
|
|
c8bceb |
- improve firewalld --help (RHBZ#910492)
|
|
|
c8bceb |
- firewall-cmd: --add/remove-* can be used multiple times (RHBZ#879834)
|
|
|
c8bceb |
- Continue loading zone in case of wrong service/port etc. (RHBZ#909466)
|
|
|
c8bceb |
- Check also services and icmptypes in Zone() (RHBZ#909466)
|
|
|
c8bceb |
- Increase the maximum length of the port forwarding fields from 5 to 11 in
|
|
|
c8bceb |
firewall-config
|
|
|
c8bceb |
- firewall-cmd: add usage to fail message
|
|
|
c8bceb |
- firewall-cmd: redefine usage to point to man page
|
|
|
c8bceb |
- firewall-cmd: fix visible problems with arg. parsing
|
|
|
c8bceb |
- Use argparse module for parsing command line options and arguments
|
|
|
c8bceb |
- firewall-cmd.1: better clarify where to find ACTIONs
|
|
|
c8bceb |
- firewall-cmd Bash completion
|
|
|
c8bceb |
- firewall-cmd.1: comment --zone=<zone> usage and move some options
|
|
|
c8bceb |
- Use zone's target only in %s_ZONES chains
|
|
|
c8bceb |
- default zone in firewalld.conf was set to public with every restart (#902845)
|
|
|
c8bceb |
- man page cleanup
|
|
|
c8bceb |
- code cleanup
|
|
|
c8bceb |
|
|
|
c8bceb |
* Thu Mar 07 2013 Jiri Popelka <jpopelka@redhat.com> - 0.2.12-5
|
|
|
c8bceb |
- Another fix for RHBZ#912782
|
|
|
c8bceb |
|
|
|
c8bceb |
* Wed Feb 20 2013 Jiri Popelka <jpopelka@redhat.com> - 0.2.12-4
|
|
|
c8bceb |
- Stop default zone rules being applied to all zones (RHBZ#912782)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2.12-3
|
|
|
c8bceb |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
|
|
c8bceb |
|
|
|
c8bceb |
* Tue Jan 22 2013 Jiri Popelka <jpopelka@redhat.com> - 0.2.12-2
|
|
|
c8bceb |
- Default zone in firewalld.conf was reseted with every restart (RHBZ#902845)
|
|
|
c8bceb |
- Add icon cache related scriptlets for firewall-config (RHBZ#902680)
|
|
|
c8bceb |
- Fix typo in firewall-config (RHBZ#895812)
|
|
|
c8bceb |
- Fix few mistakes in firewall-cmd(1) man page
|
|
|
c8bceb |
|
|
|
c8bceb |
* Mon Jan 14 2013 Thomas Woerner <twoerner@redhat.com> 0.2.12-1
|
|
|
c8bceb |
- firewall-cmd: use -V instead of -v for version info (RHBZ#886477)
|
|
|
c8bceb |
- firewall-cmd: don't check reload()'s return value (RHBZ#886461)
|
|
|
c8bceb |
- actually install firewalld.zones.5
|
|
|
c8bceb |
- firewall-config: treat exceptions when adding new zone/service/icmp
|
|
|
c8bceb |
(RHBZ#886602)
|
|
|
c8bceb |
- firewalld.spec: Fixed requirements of firewall-config to use gtk2 and
|
|
|
c8bceb |
pygobject3
|
|
|
c8bceb |
- Fail gracefully when running in non X environment.(RHBZ#886551)
|
|
|
c8bceb |
- offline-cmd: fail gracefully when no s-c-f config
|
|
|
c8bceb |
- fix duplicated iptables rules (RHBZ#886515)
|
|
|
c8bceb |
- detect errors and duplicates in config file (RHBZ#886581)
|
|
|
c8bceb |
- firewall-config: don't make 'Edit Service' and 'Edit ICMP Type' insensitive
|
|
|
c8bceb |
- firewalld.spec: fixed requirements, require pygobject3-base
|
|
|
c8bceb |
- frewall-applet: Unused code cleanup
|
|
|
c8bceb |
- firewall-applet: several usability fixes and enhancements
|
|
|
c8bceb |
(RHBZ#886531) (RHBZ#886534)
|
|
|
c8bceb |
- firewall/server/server.py: fixed KeyboardInterrupt message (RHBZ#886558)
|
|
|
c8bceb |
- Moved fallback zone and minimal_mark to firewall.config.__init__
|
|
|
c8bceb |
- Do not raise ZONE_ALREADY_SET in change_zone if old zone is set again
|
|
|
c8bceb |
(RHBZ#886432)
|
|
|
c8bceb |
- Make default zone default for all unset connections/interfaces
|
|
|
c8bceb |
(RHBZ#888288) (RHBZ#882736)
|
|
|
c8bceb |
- firewall-config: Use Gtk.MessageType.WARNING for warning dialog
|
|
|
c8bceb |
- firewall-config: Handle unknown services and icmptypes in persistent mode
|
|
|
c8bceb |
- firewall-config: Do not load settings more than once
|
|
|
c8bceb |
- firewall-config: UI cleanup and fixes (RHBZ#888242)
|
|
|
c8bceb |
- firewall-cmd: created alias --change-zone for --change-interface
|
|
|
c8bceb |
- firewall-cmd man page updates (RHBZ#806511)
|
|
|
c8bceb |
- Merged branch 'build-cleanups'
|
|
|
c8bceb |
- dropped call to autogen.sh in build stage, not needed anymore due to
|
|
|
c8bceb |
'build-cleanups' merge
|
|
|
c8bceb |
|
|
|
c8bceb |
* Thu Dec 13 2012 Thomas Woerner <twoerner@redhat.com> 0.2.11-2
|
|
|
c8bceb |
- require pygobject3-base instead of pygobject3 (no cairo needed) (RHBZ#874378)
|
|
|
c8bceb |
- fixed dependencies of firewall-config to use gtk3 with pygobject3-base and
|
|
|
c8bceb |
not pygtk2
|
|
|
c8bceb |
|
|
|
c8bceb |
* Tue Dec 11 2012 Thomas Woerner <twoerner@redhat.com> 0.2.11-1
|
|
|
c8bceb |
- Fixed more _xmlplus (PyXML) incompatibilities to python xml
|
|
|
c8bceb |
- Several man page updates
|
|
|
c8bceb |
- Fixed error in addForwardPort, removeForwardPort and queryForwardPort
|
|
|
c8bceb |
- firewall-cmd: use already existing queryForwardPort()
|
|
|
c8bceb |
- Update firewall.cmd man page, use man page as firewall-cmd usage (rhbz#876394)
|
|
|
c8bceb |
- firewall-config: Do not force to show labels in the main toolbar
|
|
|
c8bceb |
- firewall-config: Dropped "Change default zone" from toolbar
|
|
|
c8bceb |
- firewall-config: Added menu entry to change zones of connections
|
|
|
c8bceb |
- firewall-applet: Zones can be changed now using nm-connection-editor
|
|
|
c8bceb |
(rhbz#876661)
|
|
|
c8bceb |
- translation updates: cs, hu, ja
|
|
|
c8bceb |
|
|
|
c8bceb |
* Tue Nov 20 2012 Thomas Woerner <twoerner@redhat.com> 0.2.10-1
|
|
|
c8bceb |
- tests/firewalld_config.py: tests for config.service and config.icmptype
|
|
|
c8bceb |
- FirewallClientConfigServiceSettings(): destinations are dict not list
|
|
|
c8bceb |
- service/zone/icmptype: do not write deprecated name attribute
|
|
|
c8bceb |
- New service ntp
|
|
|
c8bceb |
- firewall-config: Fixed name of about dialog
|
|
|
c8bceb |
- configure.in: Fixed getting of error codes
|
|
|
c8bceb |
- Added coding to all pyhton files
|
|
|
c8bceb |
- Fixed copyright years
|
|
|
c8bceb |
- Beautified file headers
|
|
|
c8bceb |
- Force use of pygobject3 in python-slip (RHBZ#874378)
|
|
|
c8bceb |
- Log: firewall.server.config_icmptype, firewall.server.config_service and
|
|
|
c8bceb |
firewall.server.config_zone: Prepend full path
|
|
|
c8bceb |
- Allow ":" in interface names for interface aliases
|
|
|
c8bceb |
- Add name argument to Updated and Renamed signal
|
|
|
c8bceb |
- Disable IPv4, IPv6 and EB tables if missing - for IPv4/IPv6 only environments
|
|
|
c8bceb |
- firewall-config.glade file cleanup
|
|
|
c8bceb |
- firewall-config: loadDefaults() can throw exception
|
|
|
c8bceb |
- Use toolbars for Add/Edit/Remove/LoadDefaults buttons for zones, services
|
|
|
c8bceb |
and icmp types
|
|
|
c8bceb |
- New vnc-server service, opens ports for displays :0 to :3 (RHBZ#877035)
|
|
|
c8bceb |
- firewall-cmd: Fix typo in help output, allow default zone usage for
|
|
|
c8bceb |
permanenent options
|
|
|
c8bceb |
- Translation updates: cs, fr, ja, pt_BR and zh_CN
|
|
|
c8bceb |
|
|
|
c8bceb |
* Wed Oct 17 2012 Thomas Woerner <twoerner@redhat.com> 0.2.9-1
|
|
|
c8bceb |
- firewall-config: some UI usability changes
|
|
|
c8bceb |
- firewall-cmd: New option --list-all-zones, output of --list-all changed,
|
|
|
c8bceb |
more option combination checks
|
|
|
c8bceb |
- firewall-applet: Replaced NMClient by direct DBUS calls to fix python core
|
|
|
c8bceb |
dumps in case of connection activates/deactivates
|
|
|
c8bceb |
- Use fallback 'C' locale if current locale isn't supported (RHBZ#860278)
|
|
|
c8bceb |
- Add interfaces to zones again after reload
|
|
|
c8bceb |
- firewall-cmd: use FirewallClient().connected value
|
|
|
c8bceb |
- firewall-cmd: --remove-interface was not working due to a typo
|
|
|
c8bceb |
- Do not use restorecon for new and backup files
|
|
|
c8bceb |
- Fixed use of properties REJECT and DROP
|
|
|
c8bceb |
- firewalld_test.py: check interfaces after reload
|
|
|
c8bceb |
- Translation updates
|
|
|
c8bceb |
- Renamed firewall-convert-scfw-config to firewall-offline-cmd, used by
|
|
|
c8bceb |
anaconda for firewall configuration (e.g. kickstart)
|
|
|
c8bceb |
- Fix python shebang to use -Es at installation time for bin_SCRIPTS and
|
|
|
c8bceb |
sbin_SCRIPTS and at all times in gtk3_chooserbutton.py
|
|
|
c8bceb |
- tests/firewalld_config.py: update test_zones() test case
|
|
|
c8bceb |
- Config interface: improve renaming of zones/services/icmp_types
|
|
|
c8bceb |
- Move emiting of Added signals closer to source.
|
|
|
c8bceb |
- FirewallClient(): config:ServiceAdded signal was wrongly mapped
|
|
|
c8bceb |
- Add argument 'name' to Removed signal
|
|
|
c8bceb |
- firewall-config: Add callbacks for config:[service|icmp]-[added|removed]
|
|
|
c8bceb |
- firewall-config: catch INVALID_X error when removing zone/service/icmp_type
|
|
|
c8bceb |
- firewall-config: remove unused code
|
|
|
c8bceb |
- Revert "Neutralize _xmlplus instead of conforming it"
|
|
|
c8bceb |
- firewall-applet: some UI usability changes
|
|
|
c8bceb |
- firewall-cmd: ALREADY_ENABLED, NOT_ENABLED, ZONE_ALREADY_SET are warnings
|
|
|
c8bceb |
|
|
|
c8bceb |
* Fri Sep 7 2012 Thomas Woerner <twoerner@redhat.com> 0.2.8-1
|
|
|
c8bceb |
- Do not apply old settings to zones after reload
|
|
|
c8bceb |
- FirewallClient: Added callback structure for firewalld signals
|
|
|
c8bceb |
- New firewall-config with full zone, service and icmptype support
|
|
|
c8bceb |
- Added Shields Up/Down configuration dialog to firewall-applet
|
|
|
c8bceb |
- Name attribute of main tag deprecated for zones, services and icmptypes,
|
|
|
c8bceb |
will be ignored if present
|
|
|
c8bceb |
- Fixed wrong references in firewalld man page
|
|
|
c8bceb |
- Unregister DBus interfaces after sending out the Removed signal
|
|
|
c8bceb |
- Use proper DBus signature in addIcmpType, addService and addZone
|
|
|
c8bceb |
- New builtin property for config interfaces
|
|
|
c8bceb |
- New test case for Config interface
|
|
|
c8bceb |
- spec: use new systemd-rpm macros (rhbz#850110)
|
|
|
c8bceb |
- More config file verifications
|
|
|
c8bceb |
- Lots of smaller fixes and enhancements
|
|
|
c8bceb |
|
|
|
c8bceb |
* Tue Aug 21 2012 Jiri Popelka <jpopelka@redhat.com> 0.2.7-2
|
|
|
c8bceb |
- use new systemd-rpm macros (rhbz#850110)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Mon Aug 13 2012 Thomas Woerner <twoerner@redhat.com> 0.2.7-1
|
|
|
c8bceb |
- Update of firewall-config
|
|
|
c8bceb |
- Some bug fixes
|
|
|
c8bceb |
|
|
|
c8bceb |
* Tue Aug 7 2012 Thomas Woerner <twoerner@redhat.com> 0.2.6-1
|
|
|
c8bceb |
- New D-BUS interface for persistent configuration
|
|
|
c8bceb |
- Aded support for persistent zone configuration in firewall-cmd
|
|
|
c8bceb |
- New Shields Up feature in firewall-applet
|
|
|
c8bceb |
- New requirements for python-decorator and pygobject3
|
|
|
c8bceb |
- New firewall-config sub-package
|
|
|
c8bceb |
- New firewall-convert-scfw-config config script
|
|
|
c8bceb |
|
|
|
c8bceb |
* Fri Apr 20 2012 Thomas Woerner <twoerner@redhat.com> 0.2.5-1
|
|
|
c8bceb |
- Fixed traceback in firewall-cmd for failed or canceled authorization,
|
|
|
c8bceb |
return proper error codes, new error codes NOT_RUNNING and NOT_AUTHORIZED
|
|
|
c8bceb |
- Enhanced firewalld service file (RHBZ#806868) and (RHBZ#811240)
|
|
|
c8bceb |
- Fixed duplicates in zone after reload, enabled timed settings after reload
|
|
|
c8bceb |
- Removed conntrack --ctstate INVALID check from default ruleset, because it
|
|
|
c8bceb |
results in ICMP problems (RHBZ#806017).
|
|
|
c8bceb |
- Update interfaces in default zone after reload (rhbz#804814)
|
|
|
c8bceb |
- New man pages for firewalld(1), firewalld.conf(5), firewalld.icmptype(5),
|
|
|
c8bceb |
firewalld.service(5) and firewalld.zone(5), updated firewall-cmd man page
|
|
|
c8bceb |
(RHBZ#811257)
|
|
|
c8bceb |
- Fixed firewall-cmd help output
|
|
|
c8bceb |
- Fixed missing icon for firewall-applet (RHBZ#808759)
|
|
|
c8bceb |
- Added root user check for firewalld (RHBZ#767654)
|
|
|
c8bceb |
- Fixed requirements of firewall-applet sub package (RHBZ#808746)
|
|
|
c8bceb |
- Update interfaces in default zone after changing of default zone (RHBZ#804814)
|
|
|
c8bceb |
- Start firewalld before NetworkManager (RHBZ#811240)
|
|
|
c8bceb |
- Add Type=dbus and BusName to service file (RHBZ#811240)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Fri Mar 16 2012 Thomas Woerner <twoerner@redhat.com> 0.2.4-1
|
|
|
c8bceb |
- fixed firewalld.conf save exception if no temporary file can be written to
|
|
|
c8bceb |
/etc/firewalld/
|
|
|
c8bceb |
|
|
|
c8bceb |
* Thu Mar 15 2012 Thomas Woerner <twoerner@redhat.com> 0.2.3-1
|
|
|
c8bceb |
- firewall-cmd: several changes and fixes
|
|
|
c8bceb |
- code cleanup
|
|
|
c8bceb |
- fixed icmp protocol used for ipv6 (rhbz#801182)
|
|
|
c8bceb |
- added and fixed some comments
|
|
|
c8bceb |
- properly restore zone settings, timeout is always set, check for 0
|
|
|
c8bceb |
- some FirewallError exceptions were actually not raised
|
|
|
c8bceb |
- do not REJECT in each zone
|
|
|
c8bceb |
- removeInterface() don't require zone
|
|
|
c8bceb |
- new tests in firewall-test script
|
|
|
c8bceb |
- dbus_to_python() was ignoring certain values
|
|
|
c8bceb |
- added functions for the direct interface: chains, rules, passthrough
|
|
|
c8bceb |
- fixed inconsistent data after reload
|
|
|
c8bceb |
- some fixes for the direct interface: priority positions are bound to ipv,
|
|
|
c8bceb |
table and chain
|
|
|
c8bceb |
- added support for direct interface in firewall-cmd:
|
|
|
c8bceb |
- added isImmutable(zone) to zone D-Bus interface
|
|
|
c8bceb |
- renamed policy file
|
|
|
c8bceb |
- enhancements for error messages, enables output for direct.passthrough
|
|
|
c8bceb |
- added allow_any to firewald policies, using at leas auth_admin for policies
|
|
|
c8bceb |
- replaced ENABLE_FAILED, DISABLE_FAILED, ADD_FAILED and REMOVE_FAILED by
|
|
|
c8bceb |
COMMAND_FAILED, resorted error codes
|
|
|
c8bceb |
- new firewalld configuration setting CleanupOnExit
|
|
|
c8bceb |
- enabled polkit again, found a fix for property problem with slip.dbus.service
|
|
|
c8bceb |
- added dhcpv6-client to 'public' (the default) and to 'internal' zones.
|
|
|
c8bceb |
- fixed missing settings form zone config files in
|
|
|
c8bceb |
"firewall-cmd --list=all --zone=<zone>" call
|
|
|
c8bceb |
- added list functions for services and icmptypes, added --list=services and
|
|
|
c8bceb |
--list=icmptypes to firewall-cmd
|
|
|
c8bceb |
|
|
|
c8bceb |
* Tue Mar 6 2012 Thomas Woerner <twoerner@redhat.com> 0.2.2-1
|
|
|
c8bceb |
- enabled dhcpv6-client service for zones home and work
|
|
|
c8bceb |
- new dhcpv6-client service
|
|
|
c8bceb |
- firewall-cmd: query mode returns reversed values
|
|
|
c8bceb |
- new zone.changeZone(zone, interface)
|
|
|
c8bceb |
- moved zones, services and icmptypes to /usr/lib/firewalld, can be overloaded
|
|
|
c8bceb |
by files in /etc/firewalld (no overload of immutable zones block, drop,
|
|
|
c8bceb |
trusted)
|
|
|
c8bceb |
- reset MinimalMark in firewalld.cnf to default value
|
|
|
c8bceb |
- fixed service destination (addresses not used)
|
|
|
c8bceb |
- fix xmlplus to be compatible with the python xml sax parser and python 3
|
|
|
c8bceb |
by adding __contains__ to xml.sax.xmlreader.AttributesImpl
|
|
|
c8bceb |
- use icon and glib related post, postun and posttrans scriptes for firewall
|
|
|
c8bceb |
- firewall-cmd: fix typo in state
|
|
|
c8bceb |
- firewall-cmd: fix usage()
|
|
|
c8bceb |
- firewall-cmd: fix interface action description in usage()
|
|
|
c8bceb |
- client.py: fix definition of queryInterface()
|
|
|
c8bceb |
- client.py: fix typo in getInterfaces()
|
|
|
c8bceb |
- firewalld.service: do not fork
|
|
|
c8bceb |
- firewall-cmd: fix bug in --list=port and --port action help message
|
|
|
c8bceb |
- firewall-cmd: fix bug in --list=service
|
|
|
c8bceb |
|
|
|
c8bceb |
* Mon Mar 5 2012 Thomas Woerner <twoerner@redhat.com>
|
|
|
c8bceb |
- moved zones, services and icmptypes to /usr/lib/firewalld, can be overloaded
|
|
|
c8bceb |
by files in /etc/firewalld (no overload of immutable zones block, drop,
|
|
|
c8bceb |
trusted)
|
|
|
c8bceb |
|
|
|
c8bceb |
* Tue Feb 21 2012 Thomas Woerner <twoerner@redhat.com> 0.2.1-1
|
|
|
c8bceb |
- added missing firewall.dbus_utils
|
|
|
c8bceb |
|
|
|
c8bceb |
* Tue Feb 7 2012 Thomas Woerner <twoerner@redhat.com> 0.2.0-2
|
|
|
c8bceb |
- added glib2-devel to build requires, needed for gsettings.m4
|
|
|
c8bceb |
- added --with-system-unitdir arg to fix installaiton of system file
|
|
|
c8bceb |
- added glib-compile-schemas calls for postun and posttrans
|
|
|
c8bceb |
- added EXTRA_DIST file lists
|
|
|
c8bceb |
|
|
|
c8bceb |
* Mon Feb 6 2012 Thomas Woerner <twoerner@redhat.com> 0.2.0-1
|
|
|
c8bceb |
- version 0.2.0 with new FirewallD1 D-BUS interface
|
|
|
c8bceb |
- supports zones with a default zone
|
|
|
c8bceb |
- new direct interface as a replacement of the partial virt interface with
|
|
|
c8bceb |
additional passthrough functionality
|
|
|
c8bceb |
- dropped custom rules, use direct interface instead
|
|
|
c8bceb |
- dropped trusted interface funcionality, use trusted zone instead
|
|
|
c8bceb |
- using zone, service and icmptype configuration files
|
|
|
c8bceb |
- not using any system-config-firewall parts anymore
|
|
|
c8bceb |
|
|
|
c8bceb |
* Mon Feb 14 2011 Thomas Woerner <twoerner@redhat.com> 0.1.3-1
|
|
|
c8bceb |
- new version 0.1.3
|
|
|
c8bceb |
- restore all firewall features for reload: panic and virt rules and chains
|
|
|
c8bceb |
- string fixes for firewall-cmd man page (by Jiri Popelka)
|
|
|
c8bceb |
- fixed firewall-cmd port list (by Jiri Popelka)
|
|
|
c8bceb |
- added firewall dbus client connect check to firewall-cmd (by Jiri Popelka)
|
|
|
c8bceb |
- translation updates: de, es, gu, it, ja, kn, ml, nl, or, pa, pl, ru, ta,
|
|
|
c8bceb |
uk, zh_CN
|
|
|
c8bceb |
|
|
|
c8bceb |
* Mon Jan 3 2011 Thomas Woerner <twoerner@redhat.com> 0.1.2-1
|
|
|
c8bceb |
- fixed package according to package review (rhbz#665395):
|
|
|
c8bceb |
- non executable scripts: dropped shebang
|
|
|
c8bceb |
- using newer GPL license file
|
|
|
c8bceb |
- made /etc/dbus-1/system.d/FirewallD.conf config(noreplace)
|
|
|
c8bceb |
- added requires(post) and (pre) for chkconfig
|
|
|
c8bceb |
|
|
|
c8bceb |
* Mon Jan 3 2011 Thomas Woerner <twoerner@redhat.com> 0.1.1-1
|
|
|
c8bceb |
- new version 0.1.1
|
|
|
c8bceb |
- fixed source path in POTFILES*
|
|
|
c8bceb |
- added missing firewall_config.py.in
|
|
|
c8bceb |
- added misssing space for spec_ver line
|
|
|
c8bceb |
- using firewall_config.VARLOGFILE
|
|
|
c8bceb |
- added date to logging output
|
|
|
c8bceb |
- also log fatal and error logs to stderr and firewall_config.VARLOGFILE
|
|
|
c8bceb |
- make log message for active_firewalld fatal
|
|
|
c8bceb |
|
|
|
c8bceb |
* Mon Dec 20 2010 Thomas Woerner <twoerner@redhat.com> 0.1-1
|
|
|
c8bceb |
- initial package (proof of concept implementation)
|