diff --git a/.firewalld.metadata b/.firewalld.metadata index 80ba36d..23ab0b0 100644 --- a/.firewalld.metadata +++ b/.firewalld.metadata @@ -1 +1 @@ -0861cc649bffc66b18bb70fb7e33fe03fe31fe33 SOURCES/firewalld-0.7.0.tar.gz +e558ccbfd8a0e08d9339cf1506d8856d3533ed82 SOURCES/firewalld-0.8.0.tar.gz diff --git a/.gitignore b/.gitignore index 58d2fd6..14b4503 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/firewalld-0.7.0.tar.gz +SOURCES/firewalld-0.8.0.tar.gz diff --git a/SOURCES/0002-fix-CLI-service-also-output-helpers-for-service-info.patch b/SOURCES/0002-fix-CLI-service-also-output-helpers-for-service-info.patch new file mode 100644 index 0000000..ea33abc --- /dev/null +++ b/SOURCES/0002-fix-CLI-service-also-output-helpers-for-service-info.patch @@ -0,0 +1,132 @@ +From ff17d85fd863e7be2b4088c92360185aca6693b0 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Thu, 7 Nov 2019 08:21:52 -0500 +Subject: [PATCH] fix: CLI: service: also output helpers for service info + +Fixes: 0c07b704f76d ("feat: CLI: add "helper" support for services") +Fixes: rhbz 1769520 +(cherry picked from commit 6bfffe65f55b727afc37a8c1fb4068f6589bb890) +--- + src/firewall/command.py | 2 ++ + src/tests/features/helpers_custom.at | 42 ++++++++++++++++++++++++++- + src/tests/features/service_include.at | 3 ++ + 3 files changed, 46 insertions(+), 1 deletion(-) + +diff --git a/src/firewall/command.py b/src/firewall/command.py +index 85e58d731a80..c371dc23584c 100644 +--- a/src/firewall/command.py ++++ b/src/firewall/command.py +@@ -449,6 +449,7 @@ class FirewallCommand(object): + destinations = settings.getDestinations() + short_description = settings.getShort() + includes = settings.getIncludes() ++ helpers = settings.getHelpers() + self.print_msg(service) + if self.verbose: + self.print_msg(" summary: " + short_description) +@@ -464,6 +465,7 @@ class FirewallCommand(object): + " ".join(["%s:%s" % (k, v) + for k, v in destinations.items()])) + self.print_msg(" includes: " + " ".join(sorted(includes))) ++ self.print_msg(" helpers: " + " ".join(sorted(helpers))) + + def print_icmptype_info(self, icmptype, settings): + destinations = settings.getDestinations() +diff --git a/src/tests/features/helpers_custom.at b/src/tests/features/helpers_custom.at +index c65f067a06ec..4c9024d1e2b8 100644 +--- a/src/tests/features/helpers_custom.at ++++ b/src/tests/features/helpers_custom.at +@@ -1,5 +1,5 @@ + FWD_START_TEST([customer helpers]) +-AT_KEYWORDS(helpers rhbz1733066 gh514) ++AT_KEYWORDS(helpers rhbz1733066 gh514 rhbz1769520) + + FWD_CHECK([-q --permanent --new-helper="ftptest" --module="nf_conntrack_ftp"]) + FWD_CHECK([-q --permanent --helper=ftptest --add-port="2121/tcp"]) +@@ -8,7 +8,27 @@ FWD_CHECK([-q --permanent --new-service="ftptest"]) + FWD_CHECK([-q --permanent --service=ftptest --add-module="ftptest"]) + FWD_CHECK([-q --permanent --service=ftptest --query-module="ftptest"]) + FWD_CHECK([-q --permanent --service=ftptest --add-port="2121/tcp"]) ++FWD_CHECK([--permanent --info-service=ftptest | TRIM_WHITESPACE], 0, [m4_strip([dnl ++ftptest ++ ports: 2121/tcp ++ protocols: ++ source-ports: ++ modules: ftptest ++ destination: ++ includes: ++ helpers: ++])]) + FWD_RELOAD ++FWD_CHECK([--info-service=ftptest | TRIM_WHITESPACE], 0, [m4_strip([dnl ++ftptest ++ ports: 2121/tcp ++ protocols: ++ source-ports: ++ modules: ftptest ++ destination: ++ includes: ++ helpers: ++])]) + + FWD_CHECK([-q --add-service=ftptest]) + +@@ -42,7 +62,27 @@ dnl Same thing as above, but with the new "helper" in service. + FWD_CHECK([-q --permanent --service=ftptest --remove-module="ftptest"]) + FWD_CHECK([-q --permanent --service=ftptest --query-module="ftptest"], 1) + FWD_CHECK([-q --permanent --service=ftptest --add-helper="ftptest"]) ++FWD_CHECK([--permanent --info-service=ftptest | TRIM_WHITESPACE], 0, [m4_strip([dnl ++ftptest ++ ports: 2121/tcp ++ protocols: ++ source-ports: ++ modules: ++ destination: ++ includes: ++ helpers: ftptest ++])]) + FWD_RELOAD ++FWD_CHECK([--info-service=ftptest | TRIM_WHITESPACE], 0, [m4_strip([dnl ++ftptest ++ ports: 2121/tcp ++ protocols: ++ source-ports: ++ modules: ++ destination: ++ includes: ++ helpers: ftptest ++])]) + + FWD_CHECK([-q --add-service=ftptest]) + +diff --git a/src/tests/features/service_include.at b/src/tests/features/service_include.at +index 219d5b42767b..7f02701a9419 100644 +--- a/src/tests/features/service_include.at ++++ b/src/tests/features/service_include.at +@@ -76,6 +76,7 @@ my-service-with-include + modules: + destination: + includes: mdns recursive-service ssdp ++ helpers: + ])]) + FWD_CHECK([--info-service=my-service-with-include | TRIM_WHITESPACE], 0, [m4_strip([dnl + my-service-with-include +@@ -85,6 +86,7 @@ my-service-with-include + modules: + destination: + includes: mdns recursive-service ssdp ++ helpers: + ])]) + + dnl firewall-offline-cmd +@@ -106,6 +108,7 @@ my-service-with-include + modules: + destination: + includes: mdns recursive-service ssdp ++ helpers: + ])]) + + dnl negative test for including service that doesn't exist +-- +2.23.0 + diff --git a/SOURCES/RHEL-only-0001-Add-cockpit-by-default-to-some-zones.patch b/SOURCES/RHEL-only-0001-Add-cockpit-by-default-to-some-zones.patch index 9995b07..e558b49 100644 --- a/SOURCES/RHEL-only-0001-Add-cockpit-by-default-to-some-zones.patch +++ b/SOURCES/RHEL-only-0001-Add-cockpit-by-default-to-some-zones.patch @@ -1,4 +1,4 @@ -From 0f28f2b7b8072bdc2e483d035230ddcb8b00a919 Mon Sep 17 00:00:00 2001 +From aaba32dd922c84662521754952e5a50198dd8625 Mon Sep 17 00:00:00 2001 From: Eric Garver Date: Mon, 9 Jul 2018 11:29:33 -0400 Subject: [PATCH] Add cockpit by default to some zones @@ -9,12 +9,13 @@ Fixes: #1581578 config/zones/internal.xml | 1 + config/zones/public.xml | 1 + config/zones/work.xml | 1 + + src/tests/features/helpers_custom.at | 9 +++++++++ src/tests/features/service_include.at | 2 +- src/tests/firewall-cmd.at | 14 +++++++++++++- src/tests/regression/gh366.at | 3 +++ src/tests/regression/gh453.at | 2 ++ src/tests/regression/rhbz1514043.at | 2 +- - 9 files changed, 24 insertions(+), 3 deletions(-) + 10 files changed, 33 insertions(+), 3 deletions(-) diff --git a/config/zones/home.xml b/config/zones/home.xml index 42b29b2f2d50..8aa8afa0e8aa 100644 @@ -56,11 +57,87 @@ index 6ea5550a40bd..9609ee6f65c2 100644 + +diff --git a/src/tests/features/helpers_custom.at b/src/tests/features/helpers_custom.at +index c65f067a06ec..263185c88724 100644 +--- a/src/tests/features/helpers_custom.at ++++ b/src/tests/features/helpers_custom.at +@@ -17,6 +17,7 @@ NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl + chain filter_IN_public_allow { + tcp dport 22 ct state new,untracked accept + ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept ++ tcp dport 9090 ct state new,untracked accept + tcp dport 2121 ct helper set "helper-ftptest-tcp" + tcp dport 2121 ct state new,untracked accept + } +@@ -27,6 +28,7 @@ IPTABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl + ]) + IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl + ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ++ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED + ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 ctstate NEW,UNTRACKED + ]) + IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl +@@ -35,6 +37,7 @@ IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl + IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl + ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED + ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ++ ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED + ACCEPT tcp ::/0 ::/0 tcp dpt:2121 ctstate NEW,UNTRACKED + ]) + +@@ -51,6 +54,7 @@ NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl + chain filter_IN_public_allow { + tcp dport 22 ct state new,untracked accept + ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept ++ tcp dport 9090 ct state new,untracked accept + tcp dport 2121 ct helper set "helper-ftptest-tcp" + tcp dport 2121 ct state new,untracked accept + } +@@ -61,6 +65,7 @@ IPTABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl + ]) + IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl + ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ++ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED + ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 ctstate NEW,UNTRACKED + ]) + IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl +@@ -69,6 +74,7 @@ IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl + IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl + ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED + ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ++ ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED + ACCEPT tcp ::/0 ::/0 tcp dpt:2121 ctstate NEW,UNTRACKED + ]) + +@@ -86,6 +92,7 @@ NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl + chain filter_IN_public_allow { + tcp dport 22 ct state new,untracked accept + ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept ++ tcp dport 9090 ct state new,untracked accept + tcp dport 21 ct helper set "helper-ftp-tcp" + tcp dport 2121 ct helper set "helper-ftptest-tcp" + tcp dport 2121 ct state new,untracked accept +@@ -99,6 +106,7 @@ IPTABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl + ]) + IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl + ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ++ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED + ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 ctstate NEW,UNTRACKED + ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 ctstate NEW,UNTRACKED + ]) +@@ -109,6 +117,7 @@ IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl + IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl + ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED + ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ++ ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED + ACCEPT tcp ::/0 ::/0 tcp dpt:2121 ctstate NEW,UNTRACKED + ACCEPT tcp ::/0 ::/0 tcp dpt:21 ctstate NEW,UNTRACKED + ]) diff --git a/src/tests/features/service_include.at b/src/tests/features/service_include.at -index b3a50a84bd88..992c5ef0ba92 100644 +index 219d5b42767b..0bf59f63b81b 100644 --- a/src/tests/features/service_include.at +++ b/src/tests/features/service_include.at -@@ -90,7 +90,7 @@ FWD_CHECK([--zone=drop --list-services], 0, [dnl +@@ -117,7 +117,7 @@ FWD_CHECK([--zone=drop --list-services], 0, [dnl ]) FWD_CHECK([--zone=public --list-services], 0, [dnl @@ -70,10 +147,10 @@ index b3a50a84bd88..992c5ef0ba92 100644 FWD_CHECK([-q --permanent --service=my-service-with-include --remove-include=does-not-exist]) FWD_RELOAD diff --git a/src/tests/firewall-cmd.at b/src/tests/firewall-cmd.at -index efc8f9c50757..6444b4566af5 100644 +index 0e0d3938da0a..540bdb8b1065 100644 --- a/src/tests/firewall-cmd.at +++ b/src/tests/firewall-cmd.at -@@ -1046,6 +1046,7 @@ FWD_START_TEST([rich rules priority]) +@@ -1144,6 +1144,7 @@ FWD_START_TEST([rich rules priority]) chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept @@ -81,7 +158,7 @@ index efc8f9c50757..6444b4566af5 100644 tcp dport 1122 ct state new,untracked accept tcp dport 3333 ct state new,untracked accept tcp dport 4444 ct state new,untracked accept -@@ -1061,6 +1062,7 @@ FWD_START_TEST([rich rules priority]) +@@ -1159,6 +1160,7 @@ FWD_START_TEST([rich rules priority]) ]) IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED @@ -89,7 +166,7 @@ index efc8f9c50757..6444b4566af5 100644 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1122 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3333 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4444 ctstate NEW,UNTRACKED -@@ -1075,6 +1077,7 @@ FWD_START_TEST([rich rules priority]) +@@ -1173,6 +1175,7 @@ FWD_START_TEST([rich rules priority]) IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED @@ -97,7 +174,7 @@ index efc8f9c50757..6444b4566af5 100644 ACCEPT tcp ::/0 ::/0 tcp dpt:1122 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:3333 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:4444 ctstate NEW,UNTRACKED -@@ -1156,6 +1159,7 @@ FWD_START_TEST([rich rules priority]) +@@ -1254,6 +1257,7 @@ FWD_START_TEST([rich rules priority]) chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept @@ -105,7 +182,7 @@ index efc8f9c50757..6444b4566af5 100644 } } ]) -@@ -1259,6 +1263,7 @@ FWD_START_TEST([rich rules priority]) +@@ -1357,6 +1361,7 @@ FWD_START_TEST([rich rules priority]) ]) IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED @@ -113,7 +190,7 @@ index efc8f9c50757..6444b4566af5 100644 ]) IPTABLES_LIST_RULES([filter], [FWDI_public_pre], 0, [dnl ]) -@@ -1293,6 +1298,7 @@ FWD_START_TEST([rich rules priority]) +@@ -1391,6 +1396,7 @@ FWD_START_TEST([rich rules priority]) IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED @@ -121,7 +198,7 @@ index efc8f9c50757..6444b4566af5 100644 ]) IP6TABLES_LIST_RULES([filter], [FWDI_public_pre], 0, [dnl ]) -@@ -1340,6 +1346,7 @@ FWD_START_TEST([rich rules priority]) +@@ -1438,6 +1444,7 @@ FWD_START_TEST([rich rules priority]) chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept @@ -129,7 +206,7 @@ index efc8f9c50757..6444b4566af5 100644 icmp type echo-request accept icmpv6 type echo-request accept } -@@ -1380,6 +1387,7 @@ FWD_START_TEST([rich rules priority]) +@@ -1478,6 +1485,7 @@ FWD_START_TEST([rich rules priority]) ]) IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED @@ -137,7 +214,7 @@ index efc8f9c50757..6444b4566af5 100644 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 ]) IPTABLES_LIST_RULES([filter], [FWDI_public_pre], 0, [dnl -@@ -1402,6 +1410,7 @@ FWD_START_TEST([rich rules priority]) +@@ -1500,6 +1508,7 @@ FWD_START_TEST([rich rules priority]) IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED @@ -145,7 +222,7 @@ index efc8f9c50757..6444b4566af5 100644 ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128 ]) IP6TABLES_LIST_RULES([filter], [FWDI_public_pre], 0, [dnl -@@ -1458,6 +1467,7 @@ FWD_START_TEST([rich rules priority]) +@@ -1556,6 +1565,7 @@ FWD_START_TEST([rich rules priority]) chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept @@ -153,7 +230,7 @@ index efc8f9c50757..6444b4566af5 100644 } } ]) -@@ -1495,6 +1505,7 @@ FWD_START_TEST([rich rules priority]) +@@ -1593,6 +1603,7 @@ FWD_START_TEST([rich rules priority]) ]) IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED @@ -161,7 +238,7 @@ index efc8f9c50757..6444b4566af5 100644 ]) IPTABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl ]) -@@ -1515,6 +1526,7 @@ FWD_START_TEST([rich rules priority]) +@@ -1613,6 +1624,7 @@ FWD_START_TEST([rich rules priority]) IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED @@ -169,7 +246,7 @@ index efc8f9c50757..6444b4566af5 100644 ]) IP6TABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl ]) -@@ -1540,7 +1552,7 @@ FWD_START_TEST([rich rules priority]) +@@ -1638,7 +1650,7 @@ FWD_START_TEST([rich rules priority]) icmp-block-inversion: no interfaces: sources: @@ -225,7 +302,7 @@ index f57a79dcf9a2..6d820fce840a 100644 tcp dport 21 ct state new,untracked accept tcp dport 5060 ct helper set "helper-sip-tcp" diff --git a/src/tests/regression/rhbz1514043.at b/src/tests/regression/rhbz1514043.at -index deb93a5fac94..88ce4934e5ea 100644 +index efc33e09478b..241cf547f7f3 100644 --- a/src/tests/regression/rhbz1514043.at +++ b/src/tests/regression/rhbz1514043.at @@ -5,7 +5,7 @@ FWD_CHECK([-q --set-log-denied=all]) @@ -235,8 +312,8 @@ index deb93a5fac94..88ce4934e5ea 100644 -services: dhcpv6-client samba ssh +services: cockpit dhcpv6-client samba ssh ]) + dnl check that log denied actually took effect - m4_if(iptables, FIREWALL_BACKEND, [ -- -2.20.1 +2.23.0 diff --git a/SPECS/firewalld.spec b/SPECS/firewalld.spec index 402a552..de64085 100644 --- a/SPECS/firewalld.spec +++ b/SPECS/firewalld.spec @@ -1,11 +1,12 @@ Summary: A firewall daemon with D-Bus interface providing a dynamic firewall Name: firewalld -Version: 0.7.0 +Version: 0.8.0 Release: 2%{?dist} URL: http://www.firewalld.org License: GPLv2+ Source0: https://github.com/firewalld/firewalld/releases/download/v%{version}/firewalld-%{version}.tar.gz Patch1: RHEL-only-0001-Add-cockpit-by-default-to-some-zones.patch +Patch2: 0002-fix-CLI-service-also-output-helpers-for-service-info.patch BuildArch: noarch BuildRequires: autoconf @@ -20,9 +21,7 @@ BuildRequires: docbook-style-xsl BuildRequires: libxslt BuildRequires: iptables, ebtables, ipset BuildRequires: python3-devel -BuildRequires: nftables >= 0.9.0 Requires: iptables, ebtables, ipset -Requires: nftables >= 0.9.0 Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -49,6 +48,7 @@ Requires: python3-dbus Requires: python3-slip-dbus Requires: python3-decorator Requires: python3-gobject-base +Requires: python3-nftables %description -n python3-firewall Python3 bindings for firewalld. @@ -90,6 +90,8 @@ firewalld. %prep %autosetup -p1 +# must autogen since a patch above touched a Makefile.am +./autogen.sh %build %configure --enable-sysconfig --enable-rpmmacros PYTHON="%{__python3} %{py3_shbang_opts}" @@ -202,7 +204,23 @@ desktop-file-install --delete-original \ %{_mandir}/man1/firewall-config*.1* %changelog -* Wed Jun 13 2019 Eric Garver - 0.7.0-2 +* Tue Nov 12 2019 Eric Garver - 0.8.0-2 +- fix: CLI: service: also output helpers for service info + +* Tue Nov 05 2019 Eric Garver - 0.8.0-1 +- rebase to v0.8.0 + +* Tue Aug 13 2019 Eric Garver - 0.7.0-5 +- bump nftables version requirements + +* Tue Aug 06 2019 Eric Garver - 0.7.0-4 +- backport patches to sort source-based zone dispatch by zone name + +* Tue Jul 23 2019 Eric Garver - 0.7.0-3 +- backport patch to show service includes in service output +- backport patches to fix dbus API break + +* Thu Jun 13 2019 Eric Garver - 0.7.0-2 - package rebuild * Wed Jun 12 2019 Eric Garver - 0.7.0-1