diff --git a/.firewalld.metadata b/.firewalld.metadata index f518a09..80ba36d 100644 --- a/.firewalld.metadata +++ b/.firewalld.metadata @@ -1 +1 @@ -a24459090c27124ba4aec0af1af605dc33fe0d43 SOURCES/firewalld-0.6.3.tar.gz +0861cc649bffc66b18bb70fb7e33fe03fe31fe33 SOURCES/firewalld-0.7.0.tar.gz diff --git a/.gitignore b/.gitignore index 6262b22..58d2fd6 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/firewalld-0.6.3.tar.gz +SOURCES/firewalld-0.7.0.tar.gz diff --git a/SOURCES/0001-config-lockdown-whitelist-Don-t-auto-add-Es-to-inter.patch b/SOURCES/0001-config-lockdown-whitelist-Don-t-auto-add-Es-to-inter.patch deleted file mode 100644 index 62b48c2..0000000 --- a/SOURCES/0001-config-lockdown-whitelist-Don-t-auto-add-Es-to-inter.patch +++ /dev/null @@ -1,29 +0,0 @@ -From c09f8ff4cbf31328f9c27d8b396f726e88118ecb Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Thu, 11 Oct 2018 19:39:29 -0400 -Subject: [PATCH] config/lockdown-whitelist: Don't auto add "-Es" to - interpreter - -Use whatever (if anything) is passed via PYTHON var. - -Fixes: 6d5c0c61fe04 ("scripts: Use @PYTHON@ to set interpreter") -(cherry picked from commit 789693d5c2c0e4164f751b4bf245f4e91ebd169d) ---- - config/lockdown-whitelist.xml.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/config/lockdown-whitelist.xml.in b/config/lockdown-whitelist.xml.in -index 0c6c07f2193f..e9cc4e7e985f 100644 ---- a/config/lockdown-whitelist.xml.in -+++ b/config/lockdown-whitelist.xml.in -@@ -1,6 +1,6 @@ - - -- -+ - - - --- -2.18.0 - diff --git a/SOURCES/0001-fix-src-test-Makefile-use-wildcard-in-variable-expan.patch b/SOURCES/0001-fix-src-test-Makefile-use-wildcard-in-variable-expan.patch new file mode 100644 index 0000000..a78097e --- /dev/null +++ b/SOURCES/0001-fix-src-test-Makefile-use-wildcard-in-variable-expan.patch @@ -0,0 +1,29 @@ +From 57ca11e82eeb4ac6aecefa19729ec7e19d21a4e1 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Thu, 13 Jun 2019 10:48:38 -0400 +Subject: [PATCH 01/20] fix: src/test/Makefile: use wildcard in variable + expansion + +It's more correct to use the wildcard function when setting a variable. + +(cherry picked from commit 40fc3b5fd327ec4a8bcbd3f6a2b34047ef16b732) +--- + src/tests/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am +index 9240484a3109..f1f83ec7eb52 100644 +--- a/src/tests/Makefile.am ++++ b/src/tests/Makefile.am +@@ -8,7 +8,7 @@ TESTSUITE_FILES = \ + EXTRA_DIST = \ + $(TESTSUITE) \ + $(TESTSUITE_FILES) \ +- $(srcdir)/python/*.py \ ++ $(wildcard $(srcdir)/python/*.py) \ + $(srcdir)/package.m4 + + $(srcdir)/package.m4: $(top_srcdir)/configure.ac $(top_srcdir)/firewalld.spec $(srcdir)/Makefile +-- +2.20.1 + diff --git a/SOURCES/0001-nftables-Allow-interfaces-with-wildcards.patch b/SOURCES/0001-nftables-Allow-interfaces-with-wildcards.patch deleted file mode 100644 index b20488b..0000000 --- a/SOURCES/0001-nftables-Allow-interfaces-with-wildcards.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 808f10c2fcf38d756f1f7f8814d27894fc9f369f Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Mon, 17 Dec 2018 12:53:30 -0500 -Subject: [PATCH 1/4] nftables: Allow interfaces with wildcards - -Fixes: rhbz 1644025 -(cherry picked from commit aa01eda4c87dd7b5c1f1e884fc7332c6317fed02) ---- - src/firewall/core/nftables.py | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py -index 8e24721c94f5..d0d1f6d1610d 100644 ---- a/src/firewall/core/nftables.py -+++ b/src/firewall/core/nftables.py -@@ -529,6 +529,9 @@ class nftables(object): - "OUTPUT": "oifname", - }[chain] - -+ if interface[len(interface)-1] == "+": -+ interface = interface[:len(interface)-1] + "*" -+ - target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS[chain], zone=zone) - if zone_target == DEFAULT_ZONE_TARGET: - action = "goto" -@@ -540,10 +543,10 @@ class nftables(object): - rule = ["add", "rule", family, "%s" % TABLE_NAME, "%s_%s_ZONES" % (table, chain)] - else: - rule = ["delete", "rule", family, "%s" % TABLE_NAME, "%s_%s_ZONES" % (table, chain)] -- if interface == "+": -+ if interface == "*": - rule += [action, "%s_%s" % (table, target)] - else: -- rule += [opt, interface, action, "%s_%s" % (table, target)] -+ rule += [opt, "\"" + interface + "\"", action, "%s_%s" % (table, target)] - return [rule] - - def build_zone_source_address_rules(self, enable, zone, zone_target, --- -2.18.0 - diff --git a/SOURCES/0002-fix-CLI-show-service-includes-with-info-service.patch b/SOURCES/0002-fix-CLI-show-service-includes-with-info-service.patch new file mode 100644 index 0000000..d8ca6e7 --- /dev/null +++ b/SOURCES/0002-fix-CLI-show-service-includes-with-info-service.patch @@ -0,0 +1,87 @@ +From 86d498cfd51b8a89d90a639951ff392671a5364b Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Thu, 13 Jun 2019 12:08:52 -0400 +Subject: [PATCH 02/20] fix: CLI: show service includes with --info-service + +Fixes: rhbz 1720300 +(cherry picked from commit 36c49fc5a0ec531ad8268347f1f511e6740c9e0c) +--- + src/firewall/command.py | 2 ++ + src/tests/features/service_include.at | 29 ++++++++++++++++++++++++++- + 2 files changed, 30 insertions(+), 1 deletion(-) + +diff --git a/src/firewall/command.py b/src/firewall/command.py +index 1449b6dfc3ea..85e58d731a80 100644 +--- a/src/firewall/command.py ++++ b/src/firewall/command.py +@@ -448,6 +448,7 @@ class FirewallCommand(object): + description = settings.getDescription() + destinations = settings.getDestinations() + short_description = settings.getShort() ++ includes = settings.getIncludes() + self.print_msg(service) + if self.verbose: + self.print_msg(" summary: " + short_description) +@@ -462,6 +463,7 @@ class FirewallCommand(object): + self.print_msg(" destination: " + + " ".join(["%s:%s" % (k, v) + for k, v in destinations.items()])) ++ self.print_msg(" includes: " + " ".join(sorted(includes))) + + def print_icmptype_info(self, icmptype, settings): + destinations = settings.getDestinations() +diff --git a/src/tests/features/service_include.at b/src/tests/features/service_include.at +index 992c5ef0ba92..0bf59f63b81b 100644 +--- a/src/tests/features/service_include.at ++++ b/src/tests/features/service_include.at +@@ -1,5 +1,5 @@ + FWD_START_TEST([service include]) +-AT_KEYWORDS(service xml gh273) ++AT_KEYWORDS(service xml gh273 rhbz1720300) + + AT_CHECK([mkdir -p ./services]) + AT_CHECK([cat < ./services/my-service-with-include.xml +@@ -68,6 +68,24 @@ AT_CHECK([grep '' ./services/my-service-with-include.xml + FWD_CHECK([--permanent --service=my-service-with-include --get-includes], 0, [dnl + mdns recursive-service ssdp + ]) ++FWD_CHECK([--permanent --info-service=my-service-with-include | TRIM_WHITESPACE], 0, [m4_strip([dnl ++my-service-with-include ++ ports: 12345/tcp ++ protocols: ++ source-ports: ++ modules: ++ destination: ++ includes: mdns recursive-service ssdp ++])]) ++FWD_CHECK([--info-service=my-service-with-include | TRIM_WHITESPACE], 0, [m4_strip([dnl ++my-service-with-include ++ ports: 12345/tcp ++ protocols: ++ source-ports: ++ modules: ++ destination: ++ includes: mdns recursive-service ssdp ++])]) + + dnl firewall-offline-cmd + FWD_OFFLINE_CHECK([--service=my-service-with-include --query-include=recursive-service], 0, [ignore], [ignore]) +@@ -80,6 +98,15 @@ AT_CHECK([grep '' ./services/my-service-with-include.xml + FWD_OFFLINE_CHECK([--service=my-service-with-include --get-includes], 0, [dnl + mdns recursive-service ssdp + ]) ++FWD_OFFLINE_CHECK([--info-service=my-service-with-include | TRIM_WHITESPACE], 0, [m4_strip([dnl ++my-service-with-include ++ ports: 12345/tcp ++ protocols: ++ source-ports: ++ modules: ++ destination: ++ includes: mdns recursive-service ssdp ++])]) + + dnl negative test for including service that doesn't exist + FWD_CHECK([-q --permanent --zone=drop --add-interface=foobar0]) +-- +2.20.1 + diff --git a/SOURCES/0002-tests-firewall-cmd-Coverage-for-interface-wildcardin.patch b/SOURCES/0002-tests-firewall-cmd-Coverage-for-interface-wildcardin.patch deleted file mode 100644 index 736140a..0000000 --- a/SOURCES/0002-tests-firewall-cmd-Coverage-for-interface-wildcardin.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 4d6d152c04088c70888fb13b845af3a96bcf8917 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Mon, 17 Dec 2018 12:42:16 -0500 -Subject: [PATCH 2/4] tests/firewall-cmd: Coverage for interface wildcarding - -Coverage for rhbz 1644025. - -(cherry picked from commit e3f936080ff57884df20b5def241593eecb10364) ---- - src/tests/firewall-cmd.at | 26 ++++++++++++++++++++++++++ - 1 file changed, 26 insertions(+) - -diff --git a/src/tests/firewall-cmd.at b/src/tests/firewall-cmd.at -index 87e0eea4150e..3b6b6057dbec 100644 ---- a/src/tests/firewall-cmd.at -+++ b/src/tests/firewall-cmd.at -@@ -115,6 +115,8 @@ FWD_START_TEST([zone interfaces]) - ]) - FWD_CHECK([--permanent --zone=public --remove-interface=perm_dummy], 0, ignore) - FWD_CHECK([--permanent --zone=public --query-interface perm_dummy], 1, ignore) -+ FWD_CHECK([--permanent --zone=trusted --remove-interface=perm_dummy2], 0, ignore) -+ FWD_RELOAD - - FWD_CHECK([--add-interface=foo], 0, ignore) - FWD_CHECK([--add-interface=bar --zone=public], 0, ignore) -@@ -128,6 +130,30 @@ FWD_START_TEST([zone interfaces]) - FWD_CHECK([--set-default-zone=public], 0, ignore) - FWD_CHECK([--remove-interface=foo], 0, ignore) - FWD_CHECK([--remove-interface=bar], 0, ignore) -+ -+ dnl exercise wildcards, rhbz 1644025 -+ dnl Note: This feature is undocumented, because it's a possible security -+ dnl risk. -+ FWD_CHECK([--zone=trusted --add-interface=+], 0, ignore) -+ FWD_CHECK([--add-interface=foobar+++], 0, ignore) -+ FWD_CHECK([--add-interface=foobar+], 0, ignore) -+ m4_if(nftables, FIREWALL_BACKEND, [ -+ NFT_LIST_RULES([inet], [filter_INPUT_ZONES], 0, [dnl -+ table inet firewalld { -+ chain filter_INPUT_ZONES { -+ iifname "foobar*" goto filter_IN_public -+ iifname "foobar++*" goto filter_IN_public -+ jump filter_IN_trusted -+ goto filter_IN_public -+ } -+ } -+ ])]) -+ FWD_CHECK([--zone=trusted --remove-interface=+], 0, ignore) -+ FWD_CHECK([--remove-interface=foobar+++], 0, ignore) -+ FWD_CHECK([--remove-interface=foobar+], 0, ignore) -+ FWD_CHECK([--permanent --add-interface=foobar+], 0, ignore) -+ FWD_CHECK([--permanent --remove-interface=foobar+], 0, ignore) -+ FWD_RELOAD - FWD_END_TEST([-e '/ERROR: ZONE_CONFLICT: perm_dummy/d']) - - FWD_START_TEST([zone sources]) --- -2.18.0 - diff --git a/SOURCES/0003-fix-tests-always-list-rules-using-macros.patch b/SOURCES/0003-fix-tests-always-list-rules-using-macros.patch new file mode 100644 index 0000000..94d942a --- /dev/null +++ b/SOURCES/0003-fix-tests-always-list-rules-using-macros.patch @@ -0,0 +1,162 @@ +From cc2b632a51ad32e7b3966f44057add92e45e60a5 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Fri, 14 Jun 2019 09:44:41 -0400 +Subject: [PATCH 03/20] fix: tests: always list rules using macros + +This is to make sure certain flags are used, e.g. "-w" for iptables. + +Fixes: rhbz 1720650 +(cherry picked from commit e527818500be462a724cd34c94948a2704560eb1) +--- + src/tests/features/rfc3964_ipv4.at | 4 +- + .../regression/icmp_block_in_forward_chain.at | 27 +++++-- + src/tests/regression/rhbz1514043.at | 80 +++++++++++++++++-- + 3 files changed, 98 insertions(+), 13 deletions(-) + +diff --git a/src/tests/features/rfc3964_ipv4.at b/src/tests/features/rfc3964_ipv4.at +index cce828c0b3de..baff411793b2 100644 +--- a/src/tests/features/rfc3964_ipv4.at ++++ b/src/tests/features/rfc3964_ipv4.at +@@ -93,8 +93,8 @@ NFT_LIST_RULES([inet], [filter_OUTPUT], 0, [dnl + } + ]) + +-m4_if(iptables, FIREWALL_BACKEND, [ +-NS_CHECK([ip6tables -w -n -t filter -L RFC3964_IPv4], 1, [ignore], [ignore]) ++IP6TABLES_LIST_RULES([filter], [RFC3964_IPv4], 0, [ignore], [dnl ++iptables: No chain/target/match by that name. + ]) + IP6TABLES_LIST_RULES([filter], [FORWARD], 0, [dnl + ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT +diff --git a/src/tests/regression/icmp_block_in_forward_chain.at b/src/tests/regression/icmp_block_in_forward_chain.at +index 769315d9534e..7580bc179470 100644 +--- a/src/tests/regression/icmp_block_in_forward_chain.at ++++ b/src/tests/regression/icmp_block_in_forward_chain.at +@@ -2,12 +2,27 @@ FWD_START_TEST([ICMP block present FORWARD chain]) + AT_KEYWORDS(icmp) + + FWD_CHECK([-q --zone=public --add-icmp-block=host-prohibited]) +-m4_if(iptables, FIREWALL_BACKEND, [ +- NS_CHECK([IPTABLES -L IN_public_deny | grep "host-prohibited"], 0, ignore) +- NS_CHECK([IPTABLES -L FWDI_public_deny | grep "host-prohibited"], 0, ignore) +-], [ +- NS_CHECK([nft list chain inet firewalld filter_IN_public_deny | grep "destination-unreachable" |grep "\(code 10\|host-prohibited\)"], 0, ignore) +- NS_CHECK([nft list chain inet firewalld filter_FWDI_public_deny | grep "destination-unreachable" |grep "\(code 10\|host-prohibited\)"], 0, ignore) ++ ++NFT_LIST_RULES([inet], [filter_IN_public_deny | sed -e 's/icmp code 10/icmp code host-prohibited/'], 0, [dnl ++ table inet firewalld { ++ chain filter_IN_public_deny { ++ icmp type destination-unreachable icmp code host-prohibited reject with icmp type admin-prohibited ++ } ++ } ++]) ++NFT_LIST_RULES([inet], [filter_FWDI_public_deny | sed -e 's/icmp code 10/icmp code host-prohibited/'], 0, [dnl ++ table inet firewalld { ++ chain filter_FWDI_public_deny { ++ icmp type destination-unreachable icmp code host-prohibited reject with icmp type admin-prohibited ++ } ++ } ++]) ++ ++IPTABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl ++ REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3 code 10 reject-with icmp-host-prohibited ++]) ++IPTABLES_LIST_RULES([filter], [FWDI_public_deny], 0, [dnl ++ REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3 code 10 reject-with icmp-host-prohibited + ]) + + FWD_END_TEST +diff --git a/src/tests/regression/rhbz1514043.at b/src/tests/regression/rhbz1514043.at +index 88ce4934e5ea..241cf547f7f3 100644 +--- a/src/tests/regression/rhbz1514043.at ++++ b/src/tests/regression/rhbz1514043.at +@@ -7,11 +7,81 @@ FWD_RELOAD + FWD_CHECK([--zone=public --list-all | TRIM | grep ^services], 0, [dnl + services: cockpit dhcpv6-client samba ssh + ]) ++ + dnl check that log denied actually took effect +-m4_if(iptables, FIREWALL_BACKEND, [ +- NS_CHECK([IPTABLES -t filter -L | grep "FINAL_REJECT:"], 0, ignore) +-], [ +- NS_CHECK([nft list chain inet firewalld filter_INPUT | grep "FINAL_REJECT"], 0, ignore) +- NS_CHECK([nft list chain inet firewalld filter_FORWARD | grep "FINAL_REJECT"], 0, ignore) ++NFT_LIST_RULES([inet], [filter_INPUT], 0, [dnl ++ table inet firewalld { ++ chain filter_INPUT { ++ ct state established,related accept ++ ct status dnat accept ++ iifname "lo" accept ++ jump filter_INPUT_ZONES ++ ct state invalid log prefix "STATE_INVALID_DROP: " ++ ct state invalid drop ++ log prefix "FINAL_REJECT: " ++ reject with icmpx type admin-prohibited ++ } ++ } ++]) ++NFT_LIST_RULES([inet], [filter_FORWARD], 0, [dnl ++ table inet firewalld { ++ chain filter_FORWARD { ++ ct state established,related accept ++ ct status dnat accept ++ iifname "lo" accept ++ ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } log prefix "RFC3964_IPv4_REJECT: " reject with icmpv6 type addr-unreachable ++ jump filter_FORWARD_IN_ZONES ++ jump filter_FORWARD_OUT_ZONES ++ ct state invalid log prefix "STATE_INVALID_DROP: " ++ ct state invalid drop ++ log prefix "FINAL_REJECT: " ++ reject with icmpx type admin-prohibited ++ } ++ } ++]) ++ ++IPTABLES_LIST_RULES([filter], [INPUT], 0, [dnl ++ ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED,DNAT ++ ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ++ INPUT_direct all -- 0.0.0.0/0 0.0.0.0/0 ++ INPUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0 ++ LOG all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID LOG flags 0 level 4 prefix "STATE_INVALID_DROP: " ++ DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID ++ LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "FINAL_REJECT: " ++ REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited + ]) ++IPTABLES_LIST_RULES([filter], [FORWARD], 0, [dnl ++ ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED,DNAT ++ ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ++ FORWARD_direct all -- 0.0.0.0/0 0.0.0.0/0 ++ FORWARD_IN_ZONES all -- 0.0.0.0/0 0.0.0.0/0 ++ FORWARD_OUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0 ++ LOG all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID LOG flags 0 level 4 prefix "STATE_INVALID_DROP: " ++ DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID ++ LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "FINAL_REJECT: " ++ REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited ++]) ++IP6TABLES_LIST_RULES([filter], [INPUT], 0, [dnl ++ ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT ++ ACCEPT all ::/0 ::/0 ++ INPUT_direct all ::/0 ::/0 ++ INPUT_ZONES all ::/0 ::/0 ++ LOG all ::/0 ::/0 ctstate INVALID LOG flags 0 level 4 prefix "STATE_INVALID_DROP: " ++ DROP all ::/0 ::/0 ctstate INVALID ++ LOG all ::/0 ::/0 LOG flags 0 level 4 prefix "FINAL_REJECT: " ++ REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited ++]) ++IP6TABLES_LIST_RULES([filter], [FORWARD], 0, [dnl ++ ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT ++ ACCEPT all ::/0 ::/0 ++ FORWARD_direct all ::/0 ::/0 ++ RFC3964_IPv4 all ::/0 ::/0 ++ FORWARD_IN_ZONES all ::/0 ::/0 ++ FORWARD_OUT_ZONES all ::/0 ::/0 ++ LOG all ::/0 ::/0 ctstate INVALID LOG flags 0 level 4 prefix "STATE_INVALID_DROP: " ++ DROP all ::/0 ::/0 ctstate INVALID ++ LOG all ::/0 ::/0 LOG flags 0 level 4 prefix "FINAL_REJECT: " ++ REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited ++]) ++ + FWD_END_TEST +-- +2.20.1 + diff --git a/SOURCES/0003-ipXtables-nftables-Fix-object-has-no-attribute-_log_.patch b/SOURCES/0003-ipXtables-nftables-Fix-object-has-no-attribute-_log_.patch deleted file mode 100644 index 7c67899..0000000 --- a/SOURCES/0003-ipXtables-nftables-Fix-object-has-no-attribute-_log_.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 27c9c0d4c15db0681f550bd5576502ded87da6fa Mon Sep 17 00:00:00 2001 -From: Federico Cuello -Date: Sat, 20 Oct 2018 15:47:28 +0200 -Subject: [PATCH 03/34] ipXtables/nftables: Fix "object has no attribute - '_log_denied'" - -This fixes nftables and ipXtables (when IndividualCalls=yes), -as _log_denied is not an attribute of the class but a param. - -(cherry picked from commit 93824072768f989991a11069ac75f1cd3d56ae34) -(cherry picked from commit 1148e7054b8ef9bbd808fd0fb739fb3204b3265b) ---- - src/firewall/core/ipXtables.py | 3 +-- - src/firewall/core/nftables.py | 2 +- - 2 files changed, 2 insertions(+), 3 deletions(-) - -diff --git a/src/firewall/core/ipXtables.py b/src/firewall/core/ipXtables.py -index 02a518d2938d..11aebec6e05a 100644 ---- a/src/firewall/core/ipXtables.py -+++ b/src/firewall/core/ipXtables.py -@@ -492,8 +492,7 @@ class ip4tables(object): - if log_denied == "off": - return "" - if log_denied in [ "unicast", "broadcast", "multicast" ]: -- rule[i:i+1] = [ "-m", "pkttype", "--pkt-type", -- self._log_denied ] -+ rule[i:i+1] = [ "-m", "pkttype", "--pkt-type", log_denied ] - else: - rule.pop(i) - -diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py -index 3c871069f7e6..cd05b2c3137e 100644 ---- a/src/firewall/core/nftables.py -+++ b/src/firewall/core/nftables.py -@@ -290,7 +290,7 @@ class nftables(object): - if log_denied == "off": - return "" - if log_denied in ["unicast", "broadcast", "multicast"]: -- rule[i:i+1] = ["pkttype", self._log_denied] -+ rule[i:i+1] = ["pkttype", log_denied] - else: - rule.pop(i) - --- -2.18.0 - diff --git a/SOURCES/0003-tests-functions-normalize-ebtables-inversion-output.patch b/SOURCES/0003-tests-functions-normalize-ebtables-inversion-output.patch deleted file mode 100644 index 3e8918b..0000000 --- a/SOURCES/0003-tests-functions-normalize-ebtables-inversion-output.patch +++ /dev/null @@ -1,54 +0,0 @@ -From ebf176de4204e1f1f49fc63d9726c7bef7965483 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Mon, 17 Dec 2018 14:03:09 -0500 -Subject: [PATCH 3/4] tests/functions: normalize ebtables inversion output - -It changed in xtables commit 5f508b76a0ce ("ebtables: use -extrapositioned negation consistently") - -(cherry picked from commit 6ec2195e544dda2a923a0393bf463bf83593c322) ---- - src/tests/firewall-cmd.at | 4 ++-- - src/tests/functions.at | 5 ++++- - 2 files changed, 6 insertions(+), 3 deletions(-) - -diff --git a/src/tests/firewall-cmd.at b/src/tests/firewall-cmd.at -index 3b6b6057dbec..074a9488f44c 100644 ---- a/src/tests/firewall-cmd.at -+++ b/src/tests/firewall-cmd.at -@@ -759,12 +759,12 @@ FWD_START_TEST([direct ebtables]) - FWD_CHECK([--direct --add-rule eb filter mychain 999 -p IPv6 --ip6-protocol UDP --ip6-source-port ! 12345 -j DROP], 0, ignore) - EBTABLES_LIST_RULES([filter], [mychain], 0, [dnl - -p IPv6 -j DROP -- -p IPv6 --ip6-proto udp --ip6-sport ! 12345 -j DROP -+ -p IPv6 --ip6-proto udp ! --ip6-sport 12345 -j DROP - -j RETURN - ]) - FWD_CHECK([--direct --remove-rule eb filter mychain 1 -p 0x86dd -j DROP], 0, ignore) - EBTABLES_LIST_RULES([filter], [mychain], 0, [dnl -- -p IPv6 --ip6-proto udp --ip6-sport ! 12345 -j DROP -+ -p IPv6 --ip6-proto udp ! --ip6-sport 12345 -j DROP - -j RETURN - ]) - -diff --git a/src/tests/functions.at b/src/tests/functions.at -index 080e44a73383..964bb8800637 100644 ---- a/src/tests/functions.at -+++ b/src/tests/functions.at -@@ -232,9 +232,12 @@ m4_define([NS_CHECK], [ - ]) - - m4_define([EBTABLES_LIST_RULES], [ -+ dnl ebtables commit 5f508b76a0ce change list output for inversion. -+ m4_define([EBTABLES_LIST_RULES_NORMALIZE], [[sed -e 's/\([-][-][-a-zA-Z0-9]\+\)[ ]\+[!]/! \1/g']]) - m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ -- NS_CHECK([ebtables --concurrent -t $1 -L $2 | TRIM_WHITESPACE | grep -v "^Bridge"], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) -+ NS_CHECK([ebtables --concurrent -t $1 -L $2 | TRIM_WHITESPACE | grep -v "^Bridge" | EBTABLES_LIST_RULES_NORMALIZE], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) - ]) -+ m4_undefine([EBTABLES_LIST_RULES_NORMALIZE]) - ]) - - m4_define([IPTABLES_LIST_RULES], [ --- -2.18.0 - diff --git a/SOURCES/0004-ipXtables-simplify-rpfilter-rule-generation.patch b/SOURCES/0004-ipXtables-simplify-rpfilter-rule-generation.patch deleted file mode 100644 index d778ef6..0000000 --- a/SOURCES/0004-ipXtables-simplify-rpfilter-rule-generation.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 9d0817d8a21a9d61d7518c2965981879b22f4b36 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Thu, 20 Dec 2018 15:34:36 -0500 -Subject: [PATCH 4/4] ipXtables: simplify rpfilter rule generation - -Don't bother specifying indexes. Just insert them in the correct order. - -(cherry picked from commit e93b1c1801ce2b8a71e433d90f095a7693e9a2a7) ---- - src/firewall/core/ipXtables.py | 18 +++++++++--------- - 1 file changed, 9 insertions(+), 9 deletions(-) - -diff --git a/src/firewall/core/ipXtables.py b/src/firewall/core/ipXtables.py -index 1940641c982e..d7626df1b023 100644 ---- a/src/firewall/core/ipXtables.py -+++ b/src/firewall/core/ipXtables.py -@@ -1290,19 +1290,19 @@ class ip6tables(ip4tables): - - def build_rpfilter_rules(self, log_denied=False): - rules = [] -- rules.append([ "-I", "PREROUTING", "1", "-t", "raw", -+ rules.append([ "-I", "PREROUTING", "-t", "raw", -+ "-m", "rpfilter", "--invert", "-j", "DROP" ]) -+ if log_denied != "off": -+ rules.append([ "-I", "PREROUTING", "-t", "raw", -+ "-m", "rpfilter", "--invert", -+ "-j", "LOG", -+ "--log-prefix", "rpfilter_DROP: " ]) -+ rules.append([ "-I", "PREROUTING", "-t", "raw", - "-p", "ipv6-icmp", - "--icmpv6-type=neighbour-solicitation", - "-j", "ACCEPT" ]) # RHBZ#1575431, kernel bug in 4.16-4.17 -- rules.append([ "-I", "PREROUTING", "2", "-t", "raw", -+ rules.append([ "-I", "PREROUTING", "-t", "raw", - "-p", "ipv6-icmp", - "--icmpv6-type=router-advertisement", - "-j", "ACCEPT" ]) # RHBZ#1058505 -- rules.append([ "-I", "PREROUTING", "3", "-t", "raw", -- "-m", "rpfilter", "--invert", "-j", "DROP" ]) -- if log_denied != "off": -- rules.append([ "-I", "PREROUTING", "3", "-t", "raw", -- "-m", "rpfilter", "--invert", -- "-j", "LOG", -- "--log-prefix", "rpfilter_DROP: " ]) - return rules --- -2.18.0 - diff --git a/SOURCES/0004-test-new-macro-PIPESTATUS0.patch b/SOURCES/0004-test-new-macro-PIPESTATUS0.patch new file mode 100644 index 0000000..513ad0a --- /dev/null +++ b/SOURCES/0004-test-new-macro-PIPESTATUS0.patch @@ -0,0 +1,35 @@ +From 818d297b17a55fc9c3b21784f45b23875501d654 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Mon, 17 Jun 2019 10:57:55 -0400 +Subject: [PATCH 04/20] test: new macro PIPESTATUS0 + +It's essentially a portable version of bash's PIPESTATUS[0]. It passes +down the return code of the first command in the pipeline. + +(cherry picked from commit 1c4bb9337f5d5c734a2a8bab10782423408d4026) +--- + src/tests/functions.at | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/src/tests/functions.at b/src/tests/functions.at +index 800dd92c7826..932e288f1597 100644 +--- a/src/tests/functions.at ++++ b/src/tests/functions.at +@@ -242,6 +242,14 @@ m4_define([NS_CHECK], [ + AT_CHECK([NS_CMD([$1])], [$2], [$3], [$4], [$5], [$6]) + ]) + ++dnl implement PIPESTATUS[0] in a portable way ++dnl ++m4_define([PIPESTATUS0], [dnl ++ sh <<-"HERE" ++ { { { { $1; echo $? >&3; } | $2 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 ++HERE ++]) ++ + m4_define([EBTABLES_LIST_RULES], [ + dnl ebtables commit 5f508b76a0ce change list output for inversion. + m4_define([EBTABLES_LIST_RULES_NORMALIZE], [[sed -e 's/\([-][-][-a-zA-Z0-9]\+\)[ ]\+[!]/! \1/g']]) +-- +2.20.1 + diff --git a/SOURCES/0004-tests-regression-rhbz1571957-exercise-log-denied-bro.patch b/SOURCES/0004-tests-regression-rhbz1571957-exercise-log-denied-bro.patch deleted file mode 100644 index cbbdb68..0000000 --- a/SOURCES/0004-tests-regression-rhbz1571957-exercise-log-denied-bro.patch +++ /dev/null @@ -1,29 +0,0 @@ -From cf734ac990320c207c8b6e5dbe1f319a27d9d007 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Mon, 22 Oct 2018 10:56:54 -0400 -Subject: [PATCH 04/34] tests/regression/rhbz1571957: exercise - log-denied=broadcast - -Coverage for pr #410. - -(cherry picked from commit fe50b6bf7e8c90f6f3174b7169646e87206f3be6) -(cherry picked from commit 32ed5d185dec5b114e4b5e6b66d2d4efa94ed00f) ---- - src/tests/regression/rhbz1571957.at | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/tests/regression/rhbz1571957.at b/src/tests/regression/rhbz1571957.at -index 49e9b859afa4..dda5ec7a2415 100644 ---- a/src/tests/regression/rhbz1571957.at -+++ b/src/tests/regression/rhbz1571957.at -@@ -5,5 +5,7 @@ FWD_RELOAD - FWD_CHECK([-q --set-log-denied=all]) - AT_CHECK([sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf]) - FWD_RELOAD -+FWD_CHECK([-q --set-log-denied=broadcast]) -+FWD_RELOAD - - FWD_END_TEST --- -2.18.0 - diff --git a/SOURCES/0005-rich-rules-fix-mark-action.patch b/SOURCES/0005-rich-rules-fix-mark-action.patch deleted file mode 100644 index 16e8dfe..0000000 --- a/SOURCES/0005-rich-rules-fix-mark-action.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 0166f79231381947c8ba90aad16863f052835bc0 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Fri, 2 Nov 2018 14:10:38 -0400 -Subject: [PATCH 05/34] rich rules: fix mark action - -They were being placed in the wrong (and nonexistent) chain. Also add -test coverage for the "mark" action. - -Fixes: 7c5f5f4d12ee ("fw_zone: push rich rule generation to backend") -Tested-by: Felix Kaechele -(cherry picked from commit 5d36e0f55887c6204e07bd8095ead1ce2d535ddb) -(cherry picked from commit da851982df4020460fe4fa005dd99be4357ff9bd) ---- - src/firewall/core/ipXtables.py | 4 ++-- - src/firewall/core/nftables.py | 4 ++-- - src/tests/firewall-cmd.at | 1 + - 3 files changed, 5 insertions(+), 4 deletions(-) - -diff --git a/src/firewall/core/ipXtables.py b/src/firewall/core/ipXtables.py -index 11aebec6e05a..b98ba5228e68 100644 ---- a/src/firewall/core/ipXtables.py -+++ b/src/firewall/core/ipXtables.py -@@ -807,10 +807,10 @@ class ip4tables(object): - chain = "%s_deny" % target - rule_action = [ "-j", "DROP" ] - elif type(rich_rule.action) == Rich_Mark: -- chain = "%s_allow" % target -- table = "mangle" - target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS["PREROUTING"], - zone=zone) -+ table = "mangle" -+ chain = "%s_allow" % target - rule_action = [ "-j", "MARK", "--set-xmark", rich_rule.action.set ] - else: - raise FirewallError(INVALID_RULE, -diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py -index cd05b2c3137e..69236a9600c2 100644 ---- a/src/firewall/core/nftables.py -+++ b/src/firewall/core/nftables.py -@@ -723,10 +723,10 @@ class nftables(object): - chain = "%s_%s_deny" % (table, target) - rule_action = ["drop"] - elif type(rich_rule.action) == Rich_Mark: -- table = "mangle" -- chain = "%s_%s_allow" % (table, target) - target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS["PREROUTING"], - zone=zone) -+ table = "mangle" -+ chain = "%s_%s_allow" % (table, target) - rule_action = ["meta", "mark", "set", rich_rule.action.set] - else: - raise FirewallError(INVALID_RULE, -diff --git a/src/tests/firewall-cmd.at b/src/tests/firewall-cmd.at -index f496b67e4a35..82ffa9f52b47 100644 ---- a/src/tests/firewall-cmd.at -+++ b/src/tests/firewall-cmd.at -@@ -863,6 +863,7 @@ FWD_START_TEST([rich rules good]) - rich_rule_test([rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"]) - rich_rule_test([rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"]) - rich_rule_test([rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"]) -+ rich_rule_test([rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"]) - FWD_END_TEST - FWD_START_TEST([rich rules audit]) - CHECK_LOG_AUDIT --- -2.18.0 - diff --git a/SOURCES/0005-test-use-PIPESTATUS0-in-LIST-macros.patch b/SOURCES/0005-test-use-PIPESTATUS0-in-LIST-macros.patch new file mode 100644 index 0000000..5c06865 --- /dev/null +++ b/SOURCES/0005-test-use-PIPESTATUS0-in-LIST-macros.patch @@ -0,0 +1,141 @@ +From 7bfd5446e2926f9a061d883c60c78c88532a34da Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Mon, 17 Jun 2019 11:00:01 -0400 +Subject: [PATCH 05/20] test: use PIPESTATUS0 in LIST macros + +This so we get the return code from the first command instead of all the +sed/filtering we do afterwards. + +Also moves the NORMALIZE functions into the top-level. Avoids +unnecessary define/undefine. + +(cherry picked from commit ae18f69bdf2ef664646751787dd7ab44988912f3) +--- + src/tests/functions.at | 67 +++++++++++++++++++++++++++++------------- + 1 file changed, 47 insertions(+), 20 deletions(-) + +diff --git a/src/tests/functions.at b/src/tests/functions.at +index 932e288f1597..69f71c133d15 100644 +--- a/src/tests/functions.at ++++ b/src/tests/functions.at +@@ -250,18 +250,29 @@ m4_define([PIPESTATUS0], [dnl + HERE + ]) + ++m4_define([EBTABLES_LIST_RULES_NORMALIZE], [dnl ++ TRIM_WHITESPACE | dnl ++ grep -v "^Bridge" | dnl ++ [sed -e 's/\([-][-][-a-zA-Z0-9]\+\)[ ]\+[!]/! \1/g'] dnl ++]) ++ + m4_define([EBTABLES_LIST_RULES], [ + dnl ebtables commit 5f508b76a0ce change list output for inversion. +- m4_define([EBTABLES_LIST_RULES_NORMALIZE], [[sed -e 's/\([-][-][-a-zA-Z0-9]\+\)[ ]\+[!]/! \1/g']]) + m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ +- NS_CHECK([ebtables --concurrent -t $1 -L $2 | TRIM_WHITESPACE | grep -v "^Bridge" | EBTABLES_LIST_RULES_NORMALIZE], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) ++ NS_CHECK([PIPESTATUS0([ebtables --concurrent -t $1 -L $2], [EBTABLES_LIST_RULES_NORMALIZE])], ++ [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) + ]) +- m4_undefine([EBTABLES_LIST_RULES_NORMALIZE]) ++]) ++ ++m4_define([IPTABLES_LIST_RULES_NORMALIZE], [dnl ++ TRIM_WHITESPACE | dnl ++ tail -n +3 dnl + ]) + + m4_define([IPTABLES_LIST_RULES_ALWAYS], [ + m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ +- NS_CHECK([IPTABLES -w -n -t $1 -L $2 | TRIM_WHITESPACE | tail -n +3], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) ++ NS_CHECK([PIPESTATUS0([IPTABLES -w -n -t $1 -L $2], [IPTABLES_LIST_RULES_NORMALIZE])], ++ [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) + ]) + ]) + +@@ -271,11 +282,17 @@ m4_define([IPTABLES_LIST_RULES], [ + ]) + ]) + ++m4_define([IP6TABLES_LIST_RULES_NORMALIZE], [dnl ++ TRIM_WHITESPACE | dnl ++ tail -n +3 dnl ++]) ++ + m4_define([IP6TABLES_LIST_RULES_ALWAYS], [ + m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ +- m4_if(yes, HOST_SUPPORTS_IP6TABLES, [ +- NS_CHECK([IP6TABLES -w -n -t $1 -L $2 | TRIM_WHITESPACE | tail -n +3], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) +- ]) ++ m4_if(yes, HOST_SUPPORTS_IP6TABLES, [ ++ NS_CHECK([PIPESTATUS0([IP6TABLES -w -n -t $1 -L $2], [IP6TABLES_LIST_RULES_NORMALIZE])], ++ [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) ++ ]) + ]) + ]) + +@@ -285,20 +302,21 @@ m4_define([IP6TABLES_LIST_RULES], [ + ]) + ]) + +-m4_define([NFT_LIST_RULES_ALWAYS], [ ++m4_define([NFT_LIST_RULES_NORMALIZE], [dnl ++ TRIM_WHITESPACE | dnl + dnl nftables commit 6dd848339444 change list output to show "meta mark" + dnl instead of just "mark". +- m4_define([NFT_LIST_RULES_NORMALIZE], [dnl +- sed -e 's/meta mark/mark/g'dnl +- -e '/type.*hook.*priority.*policy.*/d'dnl +- dnl tranform ct state { established,related } to ct state established,related +- -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\(@<:@a-z@:>@*\), /\1,/g;}' dnl +- ]) ++ sed -e 's/meta mark/mark/g'dnl ++ -e '/type.*hook.*priority.*policy.*/d'dnl ++ dnl tranform ct state { established,related } to ct state established,related ++ -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\(@<:@a-z@:>@*\), /\1,/g;}' dnl ++]) + ++m4_define([NFT_LIST_RULES_ALWAYS], [ + m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ +- NS_CHECK([nft NFT_NUMERIC_ARGS list chain $1 firewalld $2 | TRIM_WHITESPACE | NFT_LIST_RULES_NORMALIZE], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) ++ NS_CHECK([PIPESTATUS0([nft NFT_NUMERIC_ARGS list chain $1 firewalld $2], [NFT_LIST_RULES_NORMALIZE])], ++ [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) + ]) +- m4_undefine([NFT_LIST_RULES_NORMALIZE]) + ]) + + m4_define([NFT_LIST_RULES], [ +@@ -307,18 +325,27 @@ m4_define([NFT_LIST_RULES], [ + ]) + ]) + ++m4_define([IPSET_LIST_SET_NORMALIZE], [dnl ++ TRIM_WHITESPACE |dnl ++ grep -v "^\(Revision\|Header\|Size\|References\|Number\)" |dnl ++ awk 'NR <= 3; NR > 3 {print | "sort"}' dnl ++]) ++ + m4_define([IPSET_LIST_SET], [ + m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ +- NS_CHECK([ipset list $1 | TRIM_WHITESPACE |dnl +- grep -v "^\(Revision\|Header\|Size\|References\|Number\)" |dnl +- awk 'NR <= 3; NR > 3 {print | "sort"}'], ++ NS_CHECK([PIPESTATUS0([ipset list $1], [IPSET_LIST_SET_NORMALIZE])], + [$2], [m4_strip([$3])], [m4_strip([$4])], [$5], [$6]) + ]) + ]) + ++m4_define([NFT_LIST_SET_NORMALIZE], [dnl ++ TRIM_WHITESPACE dnl ++]) ++ + m4_define([NFT_LIST_SET_ALWAYS], [ + m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ +- NS_CHECK([nft NFT_NUMERIC_ARGS list set inet firewalld $1 | TRIM_WHITESPACE], [$2], [m4_strip([$3])], [m4_strip([$4])], [$5], [$6]) ++ NS_CHECK([PIPESTATUS0([nft NFT_NUMERIC_ARGS list set inet firewalld $1], [NFT_LIST_SET_NORMALIZE])], ++ [$2], [m4_strip([$3])], [m4_strip([$4])], [$5], [$6]) + ]) + ]) + +-- +2.20.1 + diff --git a/SOURCES/0006-fix-test-features-rfc3964_ipv4-use-return-code-not-o.patch b/SOURCES/0006-fix-test-features-rfc3964_ipv4-use-return-code-not-o.patch new file mode 100644 index 0000000..d59cfdd --- /dev/null +++ b/SOURCES/0006-fix-test-features-rfc3964_ipv4-use-return-code-not-o.patch @@ -0,0 +1,32 @@ +From 0f3ae3ae56b7a27ec3ff85646a87b6488b1f05d6 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Mon, 17 Jun 2019 11:01:27 -0400 +Subject: [PATCH 06/20] fix: test/features/rfc3964_ipv4: use return code not + output for negative test + +The output varies between -nft and -legacy iptables variants. + +Fixes: e527818500be ("fix: tests: always list rules using macros") +(cherry picked from commit 7149ff26c88a86c9a485f8e59d3ceb3eb4a292d4) +--- + src/tests/features/rfc3964_ipv4.at | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/src/tests/features/rfc3964_ipv4.at b/src/tests/features/rfc3964_ipv4.at +index baff411793b2..54f5f756270b 100644 +--- a/src/tests/features/rfc3964_ipv4.at ++++ b/src/tests/features/rfc3964_ipv4.at +@@ -93,9 +93,7 @@ NFT_LIST_RULES([inet], [filter_OUTPUT], 0, [dnl + } + ]) + +-IP6TABLES_LIST_RULES([filter], [RFC3964_IPv4], 0, [ignore], [dnl +-iptables: No chain/target/match by that name. +-]) ++IP6TABLES_LIST_RULES([filter], [RFC3964_IPv4], 1, [ignore], [ignore]) + IP6TABLES_LIST_RULES([filter], [FORWARD], 0, [dnl + ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT + ACCEPT all ::/0 ::/0 +-- +2.20.1 + diff --git a/SOURCES/0006-update-translations.patch b/SOURCES/0006-update-translations.patch deleted file mode 100644 index 8483275..0000000 --- a/SOURCES/0006-update-translations.patch +++ /dev/null @@ -1,13923 +0,0 @@ -From 3a195f4ef16baa3b981df1081e57b8ab3f5225b5 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Fri, 16 Nov 2018 15:36:04 -0500 -Subject: [PATCH 06/34] update translations - -(cherry picked from commit d25ba96a4746b613ea30653c7b2f462815e78d1d) ---- - po/ar.po | 809 +++++++++++++++++++++++++++---------------------- - po/as.po | 176 ++++++----- - po/bg.po | 20 +- - po/bn_IN.po | 182 ++++++----- - po/ca.po | 30 +- - po/cs.po | 34 ++- - po/da.po | 21 +- - po/de.po | 72 ++--- - po/el.po | 18 +- - po/en_GB.po | 23 +- - po/es.po | 53 ++-- - po/et.po | 18 +- - po/eu.po | 20 +- - po/fi.po | 27 +- - po/fr.po | 42 +-- - po/gl.po | 20 +- - po/gu.po | 164 +++++----- - po/hi.po | 157 +++++----- - po/hu.po | 45 +-- - po/ia.po | 20 +- - po/id.po | 16 +- - po/it.po | 73 ++--- - po/ja.po | 286 +++++++---------- - po/ka.po | 18 +- - po/kn.po | 191 ++++++------ - po/ko.po | 270 +++++++---------- - po/lt.po | 293 ++++++++++-------- - po/ml.po | 218 +++++++------ - po/mr.po | 172 ++++++----- - po/nl.po | 51 ++-- - po/or.po | 191 +++++++----- - po/pa.po | 158 +++++----- - po/pl.po | 50 +-- - po/pt.po | 21 +- - po/pt_BR.po | 56 ++-- - po/ru.po | 62 ++-- - po/sk.po | 19 +- - po/sq.po | 16 +- - po/sr.po | 27 +- - po/sr@latin.po | 25 +- - po/sv.po | 40 +-- - po/ta.po | 197 ++++++------ - po/te.po | 185 ++++++----- - po/tr.po | 28 +- - po/uk.po | 47 +-- - po/zh_CN.po | 188 +++++------- - po/zh_TW.po | 163 ++++------ - 47 files changed, 2602 insertions(+), 2410 deletions(-) - -diff --git a/po/ar.po b/po/ar.po -index bf414c5b4e90..208a992375f3 100644 ---- a/po/ar.po -+++ b/po/ar.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # Abdalrahim Fakhouri , 2010 - # Abdalrahim Fakhouri , 2010 -@@ -11,26 +11,28 @@ - # Alfakhori , 2010 - # Ossama M. Khayat , 2004 - # Sherif Abdelgawad , 2004 -+# SuSE Linux Products GmbH, Nuernberg, 2018 -+# Eric Garver , 2018. #zanata - msgid "" - msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" --"PO-Revision-Date: 2015-02-26 02:43+0000\n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=UTF-8\n" -+"Content-Transfer-Encoding: 8bit\n" -+"PO-Revision-Date: 2018-11-16 08:20+0000\n" - "Last-Translator: Copied by Zanata \n" - "Language-Team: Arabic (http://www.transifex.com/projects/p/firewalld/" - "language/ar/)\n" - "Language: ar\n" --"MIME-Version: 1.0\n" --"Content-Type: text/plain; charset=UTF-8\n" --"Content-Transfer-Encoding: 8bit\n" - "Plural-Forms: nplurals=6; plural=n==0 ? 0 : n==1 ? 1 : n==2 ? 2 : n%100>=3 " - "&& n%100<=10 ? 3 : n%100>=11 && n%100<=99 ? 4 : 5;\n" - "X-Generator: Zanata 4.6.2\n" - - #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 - msgid "Firewall Applet" --msgstr "" -+msgstr "التطبيق الصغير للجدار الناري" - - #: ../config/firewall-config.desktop.in.h:1 - msgid "Firewall" -@@ -43,321 +45,332 @@ msgstr "إعدادات الجدار النّاري" - #. Translators: These are searchable keywords for the firewall configuration tool - #: ../config/firewall-config.desktop.in.h:4 - msgid "firewall;network;security;iptables;netfilter;" --msgstr "" -+msgstr "firewall;network;security;iptables;netfilter;" - - #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 - #, c-format - msgid "Select zone for interface '%s'" --msgstr "" -+msgstr "حدد منطقة للواجهة '%s'" - - #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 - #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 - #: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 - #: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 - msgid "Default Zone" --msgstr "" -+msgstr "المنطقة الافتراضية" - - #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 - #, c-format - msgid "Select zone for connection '%s'" --msgstr "" -+msgstr "حدد منطقة للاتصال '%s'" - - #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3910 - msgid "Failed to set zone {zone} for connection {connection_name}" --msgstr "" -+msgstr "فشل تعيين المنطقة {zone} للاتصال {connection_name}" - - #: ../src/firewall-applet.in:190 - #, c-format - msgid "Select zone for source '%s'" --msgstr "" -+msgstr "حدد منطقة للمصدر '%s'" - - #: ../src/firewall-applet.in:207 - msgid "Configure Shields Up/Down Zones" --msgstr "" -+msgstr "تكوين مناطق ارتفاع/انخفاض الدروع" - - #: ../src/firewall-applet.in:220 - msgid "Here you can select the zones used for Shields Up and Shields Down." --msgstr "" -+msgstr "يمكنك هنا تحديد المناطق المستخدمة لرفع الدروع وخفضها." - - #: ../src/firewall-applet.in:226 - msgid "" - "This feature is useful for people using the default zones mostly. For users, " - "that are changing zones of connections, it might be of limited use." - msgstr "" -+"تعد هذه الميزة مفيدة للأشخاص الذين يستخدمون المناطق الافتراضية على الأغلب. " -+"بالنسبة للمستخدمين الذين يغيرون مناطق الاتصالات، قد تكون محدودة الاستخدام." - - #: ../src/firewall-applet.in:235 - msgid "Shields Up Zone:" --msgstr "" -+msgstr "منطقة رفع الدروع:" - - #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 - msgid "Reset To Default" --msgstr "" -+msgstr "إعادة تعيين للافتراضي" - - #: ../src/firewall-applet.in:248 - msgid "Shields Down Zone:" --msgstr "" -+msgstr "منطقة خفض الدروع" - - #: ../src/firewall-applet.in:340 - #, c-format - msgid "About %s" --msgstr "" -+msgstr "حول %s" - - #: ../src/firewall-applet.in:391 - msgid "Authors" --msgstr "" -+msgstr "المؤلفون" - - #: ../src/firewall-applet.in:401 - msgid "License" --msgstr "" -+msgstr "الترخيص" - - #: ../src/firewall-applet.in:468 - msgid "Shields Up" --msgstr "" -+msgstr "الدروع مرفوعة" - - #: ../src/firewall-applet.in:475 - msgid "Enable Notifications" --msgstr "" -+msgstr "تمكين الإعلامات" - - #: ../src/firewall-applet.in:481 - msgid "Edit Firewall Settings..." --msgstr "" -+msgstr "تحرير إعدادات الجدار الناري..." - - #: ../src/firewall-applet.in:485 ../src/firewall-config.glade.h:61 - msgid "Change Zones of Connections..." --msgstr "" -+msgstr "تغيير مناطق الاتصال..." - - #: ../src/firewall-applet.in:489 - msgid "Configure Shields UP/Down Zones..." --msgstr "" -+msgstr "تكوين مناطق رفع/خفض الدروع..." - - #: ../src/firewall-applet.in:493 - msgid "Block all network traffic" --msgstr "" -+msgstr "حظر كل مرور الشبكة" - - #: ../src/firewall-applet.in:498 - msgid "About" --msgstr "" -+msgstr "حول" - - #: ../src/firewall-applet.in:506 ../src/firewall-config.in:618 - #: ../src/firewall-config.in:2380 ../src/firewall-config.in:2661 - #: ../src/firewall-config.in:2687 - msgid "Connections" --msgstr "" -+msgstr "الاتصالات" - - #: ../src/firewall-applet.in:510 ../src/firewall-config.in:620 - #: ../src/firewall-config.in:2468 ../src/firewall-config.in:2664 - #: ../src/firewall-config.in:2689 ../src/firewall-config.glade.h:130 - msgid "Interfaces" --msgstr "" -+msgstr "الواجهات" - - #: ../src/firewall-applet.in:514 ../src/firewall-config.in:622 - #: ../src/firewall-config.in:2499 ../src/firewall-config.in:2667 - #: ../src/firewall-config.in:2691 ../src/firewall-config.glade.h:135 - msgid "Sources" --msgstr "" -+msgstr "المصادر" - - #: ../src/firewall-applet.in:590 ../src/firewall-config.in:2279 - msgid "Authorization failed." --msgstr "" -+msgstr "فشل التصديق." - - #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2282 - msgid "Invalid name" --msgstr "مُعطى غير صالح %s" -+msgstr "اسم غير صالح" - - #: ../src/firewall-applet.in:596 ../src/firewall-config.in:2286 - msgid "Name already exists" --msgstr "" -+msgstr "الاسم موجود بالفعل" - - #: ../src/firewall-applet.in:681 - msgid "{entry} (Zone: {zone})" --msgstr "" -+msgstr "{entry} (المنطقة: {zone})" - - #: ../src/firewall-applet.in:688 - msgid "{entry} (Default Zone: {default_zone})" --msgstr "" -+msgstr "{entry} (المنطقة الافتراضية: {default_zone})" - - #: ../src/firewall-applet.in:769 ../src/firewall-config.in:1568 - msgid "Failed to get connections from NetworkManager" --msgstr "" -+msgstr "فشل الحصول على الاتصالات من NetworkManager" - - #: ../src/firewall-applet.in:781 ../src/firewall-config.in:1380 - msgid "No NetworkManager imports available" --msgstr "" -+msgstr "لا تتوفر عمليات استيراد NetworkManager" - - #: ../src/firewall-applet.in:859 - msgid "No connection to firewall daemon" --msgstr "" -+msgstr "لا يوجد اتصال ببرنامج محرك الجدار الناري" - - #: ../src/firewall-applet.in:867 ../src/firewall-applet.in:1004 - msgid "All network traffic is blocked." --msgstr "" -+msgstr "تم حظر كل مرور الشبكة." - - #: ../src/firewall-applet.in:871 - #, c-format - msgid "Default Zone: '%s'" --msgstr "" -+msgstr "المنطقة الافتراضية: '%s'" - - #: ../src/firewall-applet.in:877 - msgid "" - "Default Zone '{default_zone}' active for connection '{connection}' on " - "interface '{interface}'" - msgstr "" -+"المنطقة الافتراضية '{default_zone}' نشطة للاتصال '{connection}' في الواجهة " -+"'{interface}'" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" --msgstr "" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" -+msgstr "المنطقة '{zone}' نشطة للاتصال '{connection}' في الواجهة '{interface}'" - - #: ../src/firewall-applet.in:892 - msgid "Zone '{zone}' active for interface '{interface}'" --msgstr "" -+msgstr "المنطقة '{zone}' نشطة للواجهة '{interface}'" - - #: ../src/firewall-applet.in:900 - msgid "Zone '{zone}' active for source {source}" --msgstr "" -+msgstr "المنطقة '{zone}' نشطة للمصدر {source}" - - #: ../src/firewall-applet.in:904 - msgid "No Active Zones." --msgstr "" -+msgstr "لا توجد مناطق نشطة." - - #: ../src/firewall-applet.in:962 - msgid "Connection to FirewallD established." --msgstr "" -+msgstr "تم تأسيس الاتصال مع FirewallD" - - #: ../src/firewall-applet.in:974 - msgid "Connection to FirewallD lost." --msgstr "" -+msgstr "تم فقدان الاتصال مع FirewallD." - - #: ../src/firewall-applet.in:979 - msgid "FirewallD has been reloaded." --msgstr "" -+msgstr "تمت إعادة تحميل FirewallD." - - #: ../src/firewall-applet.in:986 - #, c-format - msgid "Default zone changed to '%s'." --msgstr "" -+msgstr "تم تغيير المنطقة الافتراضية إلى '%s'." - - #: ../src/firewall-applet.in:1005 - msgid "Network traffic is not blocked anymore." --msgstr "" -+msgstr "لم يعد مرور الشبكة محظورًا بعد الآن." - - #: ../src/firewall-applet.in:1031 ../src/firewall-applet.in:1085 - msgid "activated" --msgstr "" -+msgstr "تم التنشيط" - - #: ../src/firewall-applet.in:1032 ../src/firewall-applet.in:1086 - msgid "deactivated" --msgstr "" -+msgstr "تم إلغاء التنشيط" - - #: ../src/firewall-applet.in:1037 - msgid "" - "Default zone '{default_zone}' {activated_deactivated} for connection " - "'{connection}' on interface '{interface}'" - msgstr "" -+"المنطقة الافتراضية '{default_zone}' {activated_deactivated} " -+"للاتصال'{connection}' في الواجهة '{interface}'" - - #: ../src/firewall-applet.in:1042 - msgid "" - "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " - "interface '{interface}'" - msgstr "" -+"المنطقة '{zone}' {activated_deactivated} للاتصال '{connection}' في الواجهة " -+"'{interface}'" - - #: ../src/firewall-applet.in:1047 - msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" --msgstr "" -+msgstr "المنطقة '{zone}' {activated_deactivated} للواجهة '{interface}'" - - #: ../src/firewall-applet.in:1070 - #, c-format - msgid "Zone '%s' activated for interface '%s'" --msgstr "" -+msgstr "تم تنشيط المنطقة '%s' للواجهة '%s'" - - #: ../src/firewall-applet.in:1087 - msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" --msgstr "" -+msgstr "المنطقة '{zone}' {activated_deactivated} للمصدر '{source}'" - - #: ../src/firewall-applet.in:1111 - #, c-format - msgid "Zone '%s' activated for source '%s'" --msgstr "" -+msgstr "تم تنشيط '%s' للمصدر '%s'" - - #: ../src/firewall-config.in:89 - msgid "Connection to firewalld established." --msgstr "" -+msgstr "تم تأسيس اتصال مع firewalld." - - #: ../src/firewall-config.in:91 - msgid "Trying to connect to firewalld, waiting..." --msgstr "" -+msgstr "جارٍ محاولة الاتصال مع firewalld، جارٍ الانتظار..." - - #: ../src/firewall-config.in:93 - msgid "" - "Failed to connect to firewalld. Please make sure that the service has been " - "started correctly and try again." - msgstr "" -+"فشل الاتصال مع firewalld. الرجاء التأكد أن الخدمة بدأت بشكل صحيح ثم إعادة " -+"المحاولة." - - #: ../src/firewall-config.in:95 - msgid "Changes applied." --msgstr "" -+msgstr "تم تطبيق التغييرات." - - #: ../src/firewall-config.in:96 - #, c-format - msgid "Used by network connection '%s'" --msgstr "" -+msgstr "مستخدم بواسطة اتصال الشبكة '%s'" - - #: ../src/firewall-config.in:97 - #, c-format - msgid "Default zone used by network connection '%s'" --msgstr "" -+msgstr "المنطقة الافتراضية المستخدمة بواسطة اتصال الشبكة '%s'" - - #: ../src/firewall-config.in:99 - msgid "enabled" --msgstr "" -+msgstr "تم التمكين" - - #: ../src/firewall-config.in:100 - msgid "disabled" --msgstr "" -+msgstr "تم التعطيل" - - #: ../src/firewall-config.in:125 - msgid "Failed to load icons." --msgstr "" -+msgstr "فشل تحميل الأيقونات." - - #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 - msgid "Context" --msgstr "" -+msgstr "السياق" - - #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 - msgid "Command line" --msgstr "" -+msgstr "سطر الأوامر" - - #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 - msgid "User name" --msgstr "" -+msgstr "اسم المستخدم" - - #: ../src/firewall-config.in:244 - msgid "User id" --msgstr "" -+msgstr "معرف المستخدم" - - #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 - msgid "Table" --msgstr "" -+msgstr "الجدول" - - #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 - msgid "Chain" --msgstr "" -+msgstr "السلسلة" - - #: ../src/firewall-config.in:322 - msgid "Priority" --msgstr "" -+msgstr "الأولوية" - - #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 - msgid "Args" --msgstr "" -+msgstr "الوسيطات" - - #: ../src/firewall-config.in:401 ../src/firewall-config.in:2329 - msgid "Runtime" --msgstr "" -+msgstr "وقت التشغيل" - - #: ../src/firewall-config.in:402 - msgid "Permanent" --msgstr "" -+msgstr "دائم" - - #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 - msgid "Service" -@@ -387,55 +400,55 @@ msgstr "إلى العنوان" - - #: ../src/firewall-config.in:616 - msgid "Bindings" --msgstr "" -+msgstr "الروابط" - - #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 - msgid "Entry" --msgstr "" -+msgstr "الإدخال" - - #: ../src/firewall-config.in:777 - msgid "Icmp Type" --msgstr "" -+msgstr "نوع Icmp" - - #: ../src/firewall-config.in:821 - msgid "Family" --msgstr "" -+msgstr "العائلة" - - #: ../src/firewall-config.in:823 - msgid "Action" --msgstr "" -+msgstr "الإجراء" - - #: ../src/firewall-config.in:825 - msgid "Element" --msgstr "" -+msgstr "العنصر" - - #: ../src/firewall-config.in:827 - msgid "Src" --msgstr "" -+msgstr "المصدر" - - #: ../src/firewall-config.in:829 - msgid "Dest" --msgstr "" -+msgstr "الوجهة" - - #: ../src/firewall-config.in:831 - msgid "log" --msgstr "" -+msgstr "السجل" - - #: ../src/firewall-config.in:833 - msgid "Audit" --msgstr "" -+msgstr "التدقيق" - - #: ../src/firewall-config.in:934 ../src/firewall-config.glade.h:221 - msgid "Interface" --msgstr "" -+msgstr "الواجهة" - - #: ../src/firewall-config.in:936 - msgid "Comment" --msgstr "" -+msgstr "التعليق" - - #: ../src/firewall-config.in:955 ../src/firewall-config.glade.h:27 - msgid "Source" --msgstr "" -+msgstr "المصدر" - - #: ../src/firewall-config.in:1609 ../src/firewall-config.in:2802 - #: ../src/firewall-config.in:2850 -@@ -449,355 +462,357 @@ msgstr "خطأ" - #: ../src/firewall-config.in:2035 ../src/firewall-config.in:3199 - #: ../src/firewall-config.in:3692 ../src/firewall-config.glade.h:262 - msgid "accept" --msgstr "" -+msgstr "قبول" - - #: ../src/firewall-config.in:2037 ../src/firewall-config.in:3201 - #: ../src/firewall-config.in:3694 ../src/firewall-config.in:3842 - #: ../src/firewall-config.glade.h:263 - msgid "reject" --msgstr "" -+msgstr "رفض" - - #: ../src/firewall-config.in:2041 ../src/firewall-config.in:3216 - #: ../src/firewall-config.in:3699 ../src/firewall-config.glade.h:264 - msgid "drop" --msgstr "" -+msgstr "إسقاط" - - #: ../src/firewall-config.in:2043 ../src/firewall-config.in:3218 - #: ../src/firewall-config.in:3701 ../src/firewall-config.in:3843 - #: ../src/firewall-config.glade.h:265 - msgid "mark" --msgstr "" -+msgstr "علامة" - - #: ../src/firewall-config.in:2046 ../src/firewall-config.in:2090 - #: ../src/firewall-config.in:2095 - msgid "limit" --msgstr "" -+msgstr "الحد" - - #: ../src/firewall-config.in:2062 ../src/firewall-config.in:3153 - #: ../src/firewall-config.in:3333 ../src/firewall-config.in:3639 - #: ../src/firewall-config.glade.h:284 - msgid "service" --msgstr "" -+msgstr "الخدمة" - - #: ../src/firewall-config.in:2064 ../src/firewall-config.in:3159 - #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3642 - #: ../src/firewall-config.glade.h:285 - msgid "port" --msgstr "" -+msgstr "المنفذ" - - #: ../src/firewall-config.in:2067 ../src/firewall-config.in:3164 - #: ../src/firewall-config.in:3344 ../src/firewall-config.in:3652 - #: ../src/firewall-config.glade.h:286 - msgid "protocol" --msgstr "" -+msgstr "البروتوكول" - - #: ../src/firewall-config.in:2069 ../src/firewall-config.in:3169 - #: ../src/firewall-config.in:3669 ../src/firewall-config.in:3855 - #: ../src/firewall-config.glade.h:291 - msgid "masquerade" --msgstr "" -+msgstr "التنكر" - - #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3172 - #: ../src/firewall-config.in:3346 ../src/firewall-config.in:3655 - #: ../src/firewall-config.in:3870 ../src/firewall-config.glade.h:287 - msgid "icmp-block" --msgstr "" -+msgstr "كتلة icmp" - - #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3177 - #: ../src/firewall-config.in:3348 ../src/firewall-config.in:3658 - #: ../src/firewall-config.glade.h:288 - msgid "icmp-type" --msgstr "" -+msgstr "نوع icmp" - - #: ../src/firewall-config.in:2075 ../src/firewall-config.in:3182 - #: ../src/firewall-config.in:3350 ../src/firewall-config.in:3661 - #: ../src/firewall-config.in:3863 ../src/firewall-config.glade.h:289 - msgid "forward-port" --msgstr "" -+msgstr "منفذ إعادة توجيه" - - #: ../src/firewall-config.in:2079 ../src/firewall-config.in:3191 - #: ../src/firewall-config.in:3352 ../src/firewall-config.in:3671 - #: ../src/firewall-config.glade.h:290 - msgid "source-port" --msgstr "" -+msgstr "المصدر-المنفذ" - - #: ../src/firewall-config.in:2088 - msgid "level" --msgstr "" -+msgstr "المستوى" - - #: ../src/firewall-config.in:2092 ../src/firewall-config.in:2097 - msgid "yes" --msgstr "" -+msgstr "نعم" - - #: ../src/firewall-config.in:2443 ../src/firewall-config.in:2483 - #: ../src/firewall-config.in:2513 ../src/firewall-config.glade.h:89 - msgid "Zone" --msgstr "" -+msgstr "المنطقة" - - #: ../src/firewall-config.in:2456 - #, c-format - msgid "Default Zone: %s" --msgstr "" -+msgstr "المنطقة الافتراضية: %s" - - #: ../src/firewall-config.in:2463 ../src/firewall-config.in:2494 - #: ../src/firewall-config.in:2524 - #, c-format - msgid "Zone: %s" --msgstr "" -+msgstr "المنطقة: %s" - - #: ../src/firewall-config.in:2799 - #, c-format - msgid "Zone '%s': Service '%s' is not available." --msgstr "" -+msgstr "المنطقة '%s': الخدمة '%s' غير متوفرة." - - #: ../src/firewall-config.in:2803 ../src/firewall-config.in:2851 - #: ../src/firewall-config.glade.h:163 - msgid "Remove" --msgstr "" -+msgstr "إزالة" - - #: ../src/firewall-config.in:2803 ../src/firewall-config.in:2851 - msgid "Ignore" --msgstr "" -+msgstr "تجاهل" - - #: ../src/firewall-config.in:2847 - #, c-format - msgid "Zone '%s': ICMP type '%s' is not available." --msgstr "" -+msgstr "المنطقة '%s': نوع ICMP '%s' غير متوفر." - - #: ../src/firewall-config.in:3002 - msgid "Built-in zone, rename not supported." --msgstr "" -+msgstr "منطقة مضمنة، إعادة التسمية غير مدعومة." - - #: ../src/firewall-config.in:3116 ../src/firewall-config.in:3614 - #: ../src/firewall-config.glade.h:270 - msgid "second" --msgstr "" -+msgstr "ثانية" - - #: ../src/firewall-config.in:3117 ../src/firewall-config.in:3615 - #: ../src/firewall-config.glade.h:271 - msgid "minute" --msgstr "" -+msgstr "دقيقة" - - #: ../src/firewall-config.in:3118 ../src/firewall-config.in:3616 - #: ../src/firewall-config.glade.h:272 - msgid "hour" --msgstr "" -+msgstr "ساعة" - - #: ../src/firewall-config.in:3119 ../src/firewall-config.in:3617 - #: ../src/firewall-config.glade.h:273 - msgid "day" --msgstr "" -+msgstr "يوم" - - #: ../src/firewall-config.in:3120 ../src/firewall-config.in:3618 - #: ../src/firewall-config.glade.h:276 - msgid "emergency" --msgstr "" -+msgstr "طوارئ" - - #: ../src/firewall-config.in:3121 ../src/firewall-config.in:3619 - #: ../src/firewall-config.glade.h:277 - msgid "alert" --msgstr "" -+msgstr "تنبيه" - - #: ../src/firewall-config.in:3122 ../src/firewall-config.in:3620 - #: ../src/firewall-config.glade.h:278 - msgid "critical" --msgstr "" -+msgstr "حرج" - - #: ../src/firewall-config.in:3123 ../src/firewall-config.in:3621 - #: ../src/firewall-config.glade.h:279 - msgid "error" --msgstr "" -+msgstr "خطأ" - - #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3622 - #: ../src/firewall-config.glade.h:280 - msgid "warning" --msgstr "" -+msgstr "تحذير" - - #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3623 - #: ../src/firewall-config.glade.h:281 - msgid "notice" --msgstr "" -+msgstr "إخطار" - - #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3624 - #: ../src/firewall-config.glade.h:282 - msgid "info" --msgstr "" -+msgstr "معلومات" - - #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3625 - #: ../src/firewall-config.glade.h:283 - msgid "debug" --msgstr "" -+msgstr "إزالة الأخطاء" - - #: ../src/firewall-config.in:3325 ../src/firewall-config.in:3550 - #: ../src/firewall-config.in:3574 ../src/firewall-config.in:3629 - #: ../src/firewall-config.in:3759 ../src/firewall-config.in:3806 - msgid "ipv4" --msgstr "" -+msgstr "ipv4" - - #: ../src/firewall-config.in:3327 ../src/firewall-config.in:3552 - #: ../src/firewall-config.in:3576 ../src/firewall-config.in:3631 - #: ../src/firewall-config.in:3761 ../src/firewall-config.in:3808 - msgid "ipv6" --msgstr "" -+msgstr "ipv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" -+"تعد إعادة التوجيه إلى نظام آخر مفيدة فقط إذا كانت الواجهة متنكرة.\n" -+"هل تريد أن تتنكر هذه المنطقة؟" - - #: ../src/firewall-config.in:5376 - msgid "Built-in service, rename not supported." --msgstr "" -+msgstr "خدمة مضمنة، إعادة التسمية غير مدعومة." - - #: ../src/firewall-config.in:5585 - msgid "Please enter an ipv4 address with the form address[/mask]." --msgstr "" -+msgstr "الرجاء إدخال عنوان ipv4 بعنوان نموذج[/mask]." - - #: ../src/firewall-config.in:5586 - msgid "The mask can be a network mask or a number." --msgstr "" -+msgstr "قد يكون القناع، قناع شبكة أو رقمًا." - - #: ../src/firewall-config.in:5588 - msgid "Please enter an ipv6 address with the form address[/mask]." --msgstr "" -+msgstr "الرجاء إدخال عنوان ipv6 بعنوان نموذج[/mask]." - - #: ../src/firewall-config.in:5589 - msgid "The mask is a number." --msgstr "" -+msgstr "القناع رقمًا." - - #: ../src/firewall-config.in:5591 - msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." --msgstr "" -+msgstr "الرجاء إدخال عنوان ipv4 أو ipv6 بعنوان نموذج[/mask]." - - #: ../src/firewall-config.in:5592 - msgid "" - "The mask can be a network mask or a number for ipv4.\n" - "The mask is a number for ipv6." --msgstr "" -+msgstr "قد يكون القناع، قناع شبكة أو رقمًا لـ ipv4.\n" -+"القناع رقم لـ ipv6." - - #: ../src/firewall-config.in:5776 - msgid "Built-in ipset, rename not supported." --msgstr "" -+msgstr "ipset مضمن، إعادة التسمية غير مدعومة." - - #: ../src/firewall-config.in:5868 ../src/firewall-config.in:5950 - msgid "Please select a file" --msgstr "" -+msgstr "الرجاء تحديد ملف" - - #: ../src/firewall-config.in:5875 ../src/firewall-config.in:5957 - msgid "Text Files" --msgstr "" -+msgstr "الملفات النصية" - - #: ../src/firewall-config.in:5880 ../src/firewall-config.in:5962 - msgid "All Files" --msgstr "" -+msgstr "كل الملفات" - - #: ../src/firewall-config.in:6383 ../src/firewall-config.in:6412 - #: ../src/firewall-config.glade.h:40 - msgid "All" --msgstr "" -+msgstr "الكل" - - #: ../src/firewall-config.in:6383 ../src/firewall-config.in:6412 - #: ../src/firewall-config.glade.h:41 - msgid "IPv4" --msgstr "" -+msgstr "IPv4" - - #: ../src/firewall-config.in:6384 ../src/firewall-config.in:6412 - #: ../src/firewall-config.glade.h:42 - msgid "IPv6" --msgstr "" -+msgstr "IPv6" - - #: ../src/firewall-config.in:6389 - msgid "Built-in helper, rename not supported." --msgstr "" -+msgstr "مساعد مضمن، إعادة التسمية غير مدعومة." - - #: ../src/firewall-config.in:6867 - msgid "Built-in icmp, rename not supported." --msgstr "" -+msgstr "icmp مضمن، إعادة التسمية غير مدعومة." - - #: ../src/firewall-config.in:7935 - #, c-format - msgid "Failed to read file '%s': %s" --msgstr "" -+msgstr "فشل قراءة الملف '%s': %s" - - #: ../src/firewall-config.in:8068 - #, c-format - msgid "Select zone for source %s" --msgstr "" -+msgstr "حدد المنطقة للمصدر %s" - - #. implies all other actions - #: ../src/firewall-config.glade.h:1 - msgid "Address" --msgstr "" -+msgstr "العنوان" - - #: ../src/firewall-config.glade.h:2 - msgid "Automatic Helpers" --msgstr "" -+msgstr "المساعدون التلقائيون" - - #: ../src/firewall-config.glade.h:3 - msgid "Please select the automatic helpers value:" --msgstr "" -+msgstr "الرجاء تحديد قيمة المساعدين التلقائيين:" - - #: ../src/firewall-config.glade.h:5 - msgid "Please enter the command line." --msgstr "" -+msgstr "الرجاء إدخال سطر الأوامر." - - #: ../src/firewall-config.glade.h:7 - msgid "Please enter the context." --msgstr "" -+msgstr "الرجاء إدخال السياق." - - #: ../src/firewall-config.glade.h:9 - msgid "Please select default zone from the list below." --msgstr "" -+msgstr "الرجاء تحديد منطقة افتراضية من القائمة أدناه." - - #: ../src/firewall-config.glade.h:10 - msgid "Direct Chain" --msgstr "" -+msgstr "سلسلة مباشرة" - - #: ../src/firewall-config.glade.h:11 - msgid "Please select ipv and table and enter the chain name." --msgstr "" -+msgstr "الرجاء تحديد ipv وجدول ثم إدخال اسم السلسلة." - - #: ../src/firewall-config.glade.h:12 - msgid "ipv:" --msgstr "" -+msgstr "ipv:" - - #: ../src/firewall-config.glade.h:13 - msgid "eb" --msgstr "" -+msgstr "eb" - - #: ../src/firewall-config.glade.h:14 - msgid "Chain:" --msgstr "" -+msgstr "السلسلة:" - - #: ../src/firewall-config.glade.h:15 - msgid "nat" --msgstr "" -+msgstr "nat" - - #: ../src/firewall-config.glade.h:16 - msgid "raw" --msgstr "" -+msgstr "raw" - - #: ../src/firewall-config.glade.h:17 - msgid "security" --msgstr "" -+msgstr "الأمان" - - #: ../src/firewall-config.glade.h:18 - msgid "Table:" --msgstr "" -+msgstr "الجدول:" - - #: ../src/firewall-config.glade.h:19 - msgid "Direct Passthrough Rule" --msgstr "" -+msgstr "قاعدة المرور المباشر" - - #: ../src/firewall-config.glade.h:20 - msgid "Please select ipv and enter the args." --msgstr "" -+msgstr "الرجاء تحديد ipv ثم إدخال الوسيطات." - - #: ../src/firewall-config.glade.h:21 - msgid "Args:" --msgstr "" -+msgstr "الوسيطات:" - - #: ../src/firewall-config.glade.h:22 - msgid "Port Forwarding" -@@ -822,7 +837,7 @@ msgstr "ميفاق:" - - #: ../src/firewall-config.glade.h:28 - msgid "Destination" --msgstr "" -+msgstr "الوجهة" - - #: ../src/firewall-config.glade.h:29 - msgid "" -@@ -842,55 +857,55 @@ msgstr "تَحويل لمنفذ اخر" - - #: ../src/firewall-config.glade.h:32 - msgid "Base Helper Settings" --msgstr "" -+msgstr "إعدادات المساعد الأساسية" - - #: ../src/firewall-config.glade.h:33 - msgid "Please configure base helper settings:" --msgstr "" -+msgstr "الرجاء تكوين إعدادات المساعد الأساسية:" - - #: ../src/firewall-config.glade.h:34 - msgid "Bold entries are mandatory, all others are optional." --msgstr "" -+msgstr "الإدخال بالتنسيق الغامق إلزامية، كل الأخرى اختيارية." - - #: ../src/firewall-config.glade.h:35 - msgid "Name:" --msgstr "" -+msgstr "الاسم:" - - #: ../src/firewall-config.glade.h:36 - msgid "Version:" --msgstr "" -+msgstr "الإصدار:" - - #: ../src/firewall-config.glade.h:37 - msgid "Short:" --msgstr "" -+msgstr "قصير:" - - #: ../src/firewall-config.glade.h:38 - msgid "Description:" --msgstr "" -+msgstr "الوصف:" - - #: ../src/firewall-config.glade.h:39 - msgid "Family:" --msgstr "" -+msgstr "العائلة:" - - #: ../src/firewall-config.glade.h:43 - msgid "Module:" --msgstr "" -+msgstr "الوحدة النمطية:" - - #: ../src/firewall-config.glade.h:44 - msgid "Helper" --msgstr "" -+msgstr "المساعد" - - #: ../src/firewall-config.glade.h:45 - msgid "Please select a helper:" --msgstr "" -+msgstr "الرجاء تحديد مساعد:" - - #: ../src/firewall-config.glade.h:46 - msgid "Base ICMP Type Settings" --msgstr "" -+msgstr "إعدادات نوع ICMP الأساسية" - - #: ../src/firewall-config.glade.h:47 - msgid "Please configure base ICMP type settings:" --msgstr "" -+msgstr "الرجاء تكوين إعدادات نوع ICMP الأساسي:" - - #: ../src/firewall-config.glade.h:48 - msgid "ICMP Type" -@@ -898,7 +913,7 @@ msgstr "نوع ICMP" - - #: ../src/firewall-config.glade.h:49 - msgid "Please select an ICMP type" --msgstr "" -+msgstr "الرجاء تحديد نوع ICMP" - - #: ../src/firewall-config.glade.h:50 - msgid "Add Entry" -@@ -906,19 +921,19 @@ msgstr "إضافة مدخلة" - - #: ../src/firewall-config.glade.h:51 - msgid "Add Entries From File" --msgstr "" -+msgstr "إضافة إدخالات من ملف" - - #: ../src/firewall-config.glade.h:52 - msgid "Remove Selected Entry" --msgstr "" -+msgstr "إزالة الإدخال المحدد" - - #: ../src/firewall-config.glade.h:53 - msgid "Remove All Entries" --msgstr "" -+msgstr "إزالة كل الإدخالات" - - #: ../src/firewall-config.glade.h:54 - msgid "Remove Entries From File" --msgstr "" -+msgstr "إزالة الإدخالات من ملف" - - #: ../src/firewall-config.glade.h:56 - msgid "_File" -@@ -930,7 +945,7 @@ msgstr "_خيارات" - - #: ../src/firewall-config.glade.h:58 - msgid "Reload Firewalld" --msgstr "" -+msgstr "إعادة تحميل Firewalld" - - #: ../src/firewall-config.glade.h:59 - msgid "" -@@ -938,88 +953,93 @@ msgid "" - "runtime configuration. i.e. all runtime only changes done until reload are " - "lost with reload if they have not been also in permanent configuration." - msgstr "" -+"إعادة تحميل قواعد الجدار الناري. سيصبح التكوين الدائم الحالي هو تكوين وقت " -+"التشغيل الجديد، أي سيتم فقدان كل تغييرات وقت التشغيل فقط التي تمت حتى إعادة " -+"التحميل مع عملية إعادة التحميل إذا لم تتم في التكوين الدائم أيضًا." - - #: ../src/firewall-config.glade.h:60 - msgid "Change which zone a network connection belongs to." --msgstr "" -+msgstr "تغيير المنطقة التي ينتمي إليها اتصال شبكة." - - #: ../src/firewall-config.glade.h:62 - msgid "Change Default Zone" --msgstr "" -+msgstr "تغيير المنطقة الافتراضية" - - #: ../src/firewall-config.glade.h:63 - msgid "Change default zone for connections or interfaces." --msgstr "" -+msgstr "تغيير المنطقة الافتراضية للاتصالات أو الواجهات." - - #: ../src/firewall-config.glade.h:64 - msgid "Change Log Denied" --msgstr "" -+msgstr "تم رفض تغيير السجل" - - #: ../src/firewall-config.glade.h:65 - msgid "Change LogDenied value." --msgstr "" -+msgstr "تغيير قيمة LogDenied." - - #: ../src/firewall-config.glade.h:66 - msgid "Configure Automatic Helper Assigment" --msgstr "" -+msgstr "تكوين تعيين المساعد التلقائي" - - #: ../src/firewall-config.glade.h:67 - msgid "Configure Automatic Helper Assignment setting." --msgstr "" -+msgstr "تكوين إعداد تعيين المساعد التلقائي." - - #: ../src/firewall-config.glade.h:68 - msgid "Panic mode means that all incoming and outgoing packets are dropped." --msgstr "" -+msgstr "يعني وضع الفزع أنه يتم إسقاط كل الحزم الصادرة والواردة." - - #: ../src/firewall-config.glade.h:69 - msgid "Panic Mode" --msgstr "" -+msgstr "وضع الفزع" - - #: ../src/firewall-config.glade.h:70 - msgid "" - "Lockdown locks firewall configuration so that only applications on lockdown " - "whitelist are able to change it." - msgstr "" -+"يؤدي الإقفال التام إلى إقفال تكوين الجدار الناري بحيث يمكن للتطبيقات " -+"الموجودة في القائمة البيضاء للإقفال التام فقط تغييره." - - #: ../src/firewall-config.glade.h:71 - msgid "Lockdown" --msgstr "" -+msgstr "الإقفال التام" - - #: ../src/firewall-config.glade.h:72 - msgid "Make runtime configuration permanent" --msgstr "" -+msgstr "جعل تكوين وقت التشغيل دائمًا" - - #: ../src/firewall-config.glade.h:73 - msgid "Runtime To Permanent" --msgstr "" -+msgstr "وقت التشغيل لدائم" - - #: ../src/firewall-config.glade.h:74 - msgid "_View" --msgstr "" -+msgstr "_عرض" - - #: ../src/firewall-config.glade.h:75 - msgid "IPSets" --msgstr "" -+msgstr "IPSets" - - #: ../src/firewall-config.glade.h:76 - msgid "ICMP Types" --msgstr "" -+msgstr "أنواع ICMP" - - #: ../src/firewall-config.glade.h:77 - msgid "Helpers" --msgstr "" -+msgstr "المساعدون" - - #: ../src/firewall-config.glade.h:78 - msgid "Direct Configuration" --msgstr "" -+msgstr "التكوين المباشر" - - #: ../src/firewall-config.glade.h:79 - msgid "Lockdown Whitelist" --msgstr "" -+msgstr "القائمة البيضاء للإقفال التام" - - #: ../src/firewall-config.glade.h:80 - msgid "Active Bindings" --msgstr "" -+msgstr "الروابط النشطة" - - #: ../src/firewall-config.glade.h:81 - msgid "_Help" -@@ -1027,25 +1047,25 @@ msgstr "_مساعدة" - - #: ../src/firewall-config.glade.h:82 - msgid "Change Zone" --msgstr "" -+msgstr "تغيير منطقة" - - #: ../src/firewall-config.glade.h:83 - msgid "Change zone of binding" --msgstr "" -+msgstr "تغيير منطقة الربط" - - #: ../src/firewall-config.glade.h:84 - msgid "" - "Hide active runtime bindings of connections, interfaces and sources to zones" --msgstr "" -+msgstr "إخفاء روابط وقت التشغيل النشطة للاتصالات والواجهات والمصادر للمناطق" - - #: ../src/firewall-config.glade.h:85 - msgid "" - "Show active runtime bindings of connections, interfaces and sources to zones" --msgstr "" -+msgstr "إظهار روابط وقت التشغيل النشطة للاتصالات والواجهات والمصادر للمناطق" - - #: ../src/firewall-config.glade.h:86 - msgid "Configuration:" --msgstr "" -+msgstr "التكوين:" - - #: ../src/firewall-config.glade.h:87 - msgid "" -@@ -1053,6 +1073,8 @@ msgid "" - "configuration. Permanent configuration will be active after service or " - "system reload or restart." - msgstr "" -+"التكوين المرئي الحالي. تكوين وقت التشغيل هو التكوين الفعلي النشط. سيكون " -+"التكوين الدائم نشطًا بعد إعادة تحميل الخدمة أو النظام أو إعادة البدء." - - #: ../src/firewall-config.glade.h:88 - msgid "" -@@ -1062,22 +1084,26 @@ msgid "" - "filters and rich rules. The zone can be bound to interfaces and source " - "addresses." - msgstr "" -+"تحدد منطقة firewalld مستوى الثقة لاتصالات الشبكة والواجهات وعناوين المصادر " -+"المربوطة بالمنطقة. تجمع المنطقة بين الخدمات والمنافذ والبروتوكولات والتنكر " -+"وإعادة توجيه المنفذ/الحزمة وعوامل تصفية icmp والقواعد المنسقة. يمكن ربط " -+"المنطقة بالواجهات وعناوين المصادر." - - #: ../src/firewall-config.glade.h:90 - msgid "Add Zone" --msgstr "" -+msgstr "إضافة منطقة" - - #: ../src/firewall-config.glade.h:91 - msgid "Edit Zone" --msgstr "" -+msgstr "تحرير منطقة" - - #: ../src/firewall-config.glade.h:92 - msgid "Remove Zone" --msgstr "" -+msgstr "إزالة منطقة" - - #: ../src/firewall-config.glade.h:93 - msgid "Load Zone Defaults" --msgstr "" -+msgstr "تحميل الإعدادات الافتراضية لمنطقة" - - #: ../src/firewall-config.glade.h:94 - msgid "" -@@ -1085,16 +1111,21 @@ msgid "" - "are accessible from all hosts and networks that can reach the machine from " - "connections, interfaces and sources bound to this zone." - msgstr "" -+"يمكنك هنا تعريف الخدمات الموثوق بها في المنطقة. يمكن الوصول للخدمات الموثوق " -+"بها من كل المضيفين والشبكات الي يمكنها الوصول للجهاز من الاتصالات والواجهات " -+"والمصادر المربوطة بهذه المنطقة." - - #: ../src/firewall-config.glade.h:95 - msgid "Services" --msgstr "" -+msgstr "الخدمات" - - #: ../src/firewall-config.glade.h:96 - msgid "" - "Add additional ports or port ranges, which need to be accessible for all " - "hosts or networks that can connect to the machine." - msgstr "" -+"إضافة منافذ أو نطاقات منافذ إضافية يجب الوصول إليها لكل المضيفين أو الشبكات " -+"التي يمكنها الاتصال بالجهاز." - - #: ../src/firewall-config.glade.h:97 - msgid "Add Port" -@@ -1102,45 +1133,47 @@ msgstr "إلى المَنفذ" - - #: ../src/firewall-config.glade.h:98 - msgid "Edit Port" --msgstr "" -+msgstr "تحرير منفذ" - - #: ../src/firewall-config.glade.h:99 - msgid "Remove Port" --msgstr "" -+msgstr "إزالة منفذ" - - #: ../src/firewall-config.glade.h:100 - msgid "Ports" --msgstr "" -+msgstr "المنافذ" - - #: ../src/firewall-config.glade.h:101 - msgid "Add protocols, which need to be accessible for all hosts or networks." --msgstr "" -+msgstr "إضافة بروتوكول يمكن الوصول إليه لكل المضيفين أو الشبكات." - - #: ../src/firewall-config.glade.h:102 - msgid "Add Protocol" --msgstr "" -+msgstr "إضافة بروتوكول" - - #: ../src/firewall-config.glade.h:103 - msgid "Edit Protocol" --msgstr "" -+msgstr "تحرير بروتوكول" - - #: ../src/firewall-config.glade.h:104 - msgid "Remove Protocol" --msgstr "" -+msgstr "إزالة بروتوكول" - - #: ../src/firewall-config.glade.h:105 - msgid "Protocols" --msgstr "" -+msgstr "البروتوكولات" - - #: ../src/firewall-config.glade.h:106 - msgid "" - "Add additional source ports or port ranges, which need to be accessible for " - "all hosts or networks that can connect to the machine." - msgstr "" -+"إضافة منافذ مصادر أو نطاقات منافذ يجب الوصول إليها لكل المضيفين أو الشبكات " -+"التي يمكنها الاتصال بالجهاز." - - #: ../src/firewall-config.glade.h:107 - msgid "Source Ports" --msgstr "" -+msgstr "منافذ المصدر" - - #: ../src/firewall-config.glade.h:108 - msgid "" -@@ -1148,19 +1181,20 @@ msgid "" - "network to the internet. Your local network will not be visible and the " - "hosts appear as a single address on the internet. Masquerading is IPv4 only." - msgstr "" --"يسمح لك التقنيع أن تعدّ مضيفاً أو موجّهاً ليوصل شبكتك المحلّية بالشبكة العالميّة. " --"ستظهر جميع الأجهزة على هذه الشبكة كعنوان واحد على الإنترنت. التقنيع لـIPv4 " --"فقط." -+"يسمح لك التقنيع أن تعدّ مضيفاً أو موجّهاً ليوصل شبكتك المحلّية بالشبكة " -+"العالميّة. ستظهر جميع الأجهزة على هذه الشبكة كعنوان واحد على الإنترنت. " -+"التقنيع لـIPv4 فقط." - - #: ../src/firewall-config.glade.h:109 - msgid "Masquerade zone" --msgstr "" -+msgstr "منطقة التنكر" - - #: ../src/firewall-config.glade.h:110 - msgid "" - "If you enable masquerading, IP forwarding will be enabled for your IPv4 " - "networks." - msgstr "" -+"إذا قمت بتمكين التنكر، فسيتم تمكين إعادة توجيه IP لشبكة IPv4 الخاصة بك." - - #: ../src/firewall-config.glade.h:111 - msgid "Masquerading" -@@ -1178,15 +1212,15 @@ msgstr "" - - #: ../src/firewall-config.glade.h:113 - msgid "Add Forward Port" --msgstr "" -+msgstr "إضافة منفذ إعادة توجيه" - - #: ../src/firewall-config.glade.h:114 - msgid "Edit Forward Port" --msgstr "" -+msgstr "تحرير منفذ إعادة توجيه" - - #: ../src/firewall-config.glade.h:115 - msgid "Remove Forward Port" --msgstr "" -+msgstr "إزالة منفذ إعادة توجيه" - - #: ../src/firewall-config.glade.h:116 - msgid "" -@@ -1202,18 +1236,20 @@ msgid "" - "Mark the ICMP types in the list, which should be rejected. All other ICMP " - "types are allowed to pass the firewall. The default is no limitation." - msgstr "" --"علّم أنواع ICMP التي سترفض في القائمة. كلّ أنواع ICMP الأخرى سيسمح لها بالمرور " --"عبر الجدار الناريّ. المبدئيّ هو عدم وجود قيود." -+"علّم أنواع ICMP التي سترفض في القائمة. كلّ أنواع ICMP الأخرى سيسمح لها " -+"بالمرور عبر الجدار الناريّ. المبدئيّ هو عدم وجود قيود." - - #: ../src/firewall-config.glade.h:118 - msgid "" - "If Invert Filter is enabled, marked ICMP entries are accepted and the others " - "are rejected. In a zone with the target DROP, they are dropped." - msgstr "" -+"عند تمكين عامل تصفية العكس، يتم قبول إدخالات ICMP التي عليها علامة ورفض " -+"الأخرى. وفي منطقة بالهدف DROP، يتم إسقاطها." - - #: ../src/firewall-config.glade.h:119 - msgid "Invert Filter" --msgstr "" -+msgstr "عامل تصفية العكس" - - #: ../src/firewall-config.glade.h:120 - msgid "ICMP Filter" -@@ -1221,41 +1257,43 @@ msgstr "مُرشح ميفاق رسائل مراقبة الشبكة -ICMP-" - - #: ../src/firewall-config.glade.h:121 - msgid "Here you can set rich language rules for the zone." --msgstr "" -+msgstr "يمكنك هنا تعيين قواعد اللغة المنسقة للمنطقة." - - #: ../src/firewall-config.glade.h:122 - msgid "Add Rich Rule" --msgstr "" -+msgstr "إضافة قاعدة منسقة" - - #: ../src/firewall-config.glade.h:123 - msgid "Edit Rich Rule" --msgstr "" -+msgstr "تحرير قاعدة منسقة" - - #: ../src/firewall-config.glade.h:124 - msgid "Remove Rich Rule" --msgstr "" -+msgstr "إزالة قاعدة منسقة" - - #: ../src/firewall-config.glade.h:125 - msgid "Rich Rules" --msgstr "" -+msgstr "القواعد المنسقة" - - #: ../src/firewall-config.glade.h:126 - msgid "" - "Add entries to bind interfaces to the zone. If the interface will be used by " - "a connection, the zone will be set to the zone specified in the connection." - msgstr "" -+"إضافة إدخالات لربط الواجهات بالمنطقة. إذا كانت المنطقة سيتم استخدامها بواسطة " -+"اتصال، فسيتم تعيين قيمة المنطقة على المنطقة المحددة في الاتصال." - - #: ../src/firewall-config.glade.h:127 - msgid "Add Interface" --msgstr "" -+msgstr "إضافة واجهة" - - #: ../src/firewall-config.glade.h:128 - msgid "Edit Interface" --msgstr "" -+msgstr "تحرير واجهة" - - #: ../src/firewall-config.glade.h:129 - msgid "Remove Interface" --msgstr "" -+msgstr "إزالة واجهة" - - #: ../src/firewall-config.glade.h:131 - msgid "" -@@ -1263,50 +1301,55 @@ msgid "" - "to a MAC source address, but with limitations. Port forwarding and " - "masquerading will not work for MAC source bindings." - msgstr "" -+"إضافة إدخالات لربط المناطق أو عناوين المصادر بالمنطقة. يمكنك أيضًا ربط عنوان " -+"مصدر MAC ولكن بحدود. لن يعمل التنكر وإعادة توجيه المنفذ لروابط مصدر MAC." - - #: ../src/firewall-config.glade.h:132 - msgid "Add Source" --msgstr "" -+msgstr "إضافة مصدر" - - #: ../src/firewall-config.glade.h:133 - msgid "Edit Source" --msgstr "" -+msgstr "تحرير مصدر" - - #: ../src/firewall-config.glade.h:134 - msgid "Remove Source" --msgstr "" -+msgstr "إزالة مصدر" - - #: ../src/firewall-config.glade.h:136 - msgid "Zones" --msgstr "" -+msgstr "المناطق" - - #: ../src/firewall-config.glade.h:137 - msgid "" - "A firewalld service is a combination of ports, protocols, modules and " - "destination addresses." - msgstr "" -+"خدمة firewalld هي مجموعة من المنافذ والبروتوكولات والوحدات النمطية وعناوين " -+"الوجهة." - - #: ../src/firewall-config.glade.h:139 - msgid "Add Service" --msgstr "" -+msgstr "إضافة خدمة" - - #: ../src/firewall-config.glade.h:140 - msgid "Edit Service" --msgstr "" -+msgstr "تحرير خدمة" - - #: ../src/firewall-config.glade.h:141 - msgid "Remove Service" --msgstr "" -+msgstr "إزالة خدمة" - - #: ../src/firewall-config.glade.h:142 - msgid "Load Service Defaults" --msgstr "" -+msgstr "تحميل الإعدادات الافتراضية للخدمة" - - #: ../src/firewall-config.glade.h:143 - msgid "" - "Add additional ports or port ranges, which need to be accessible for all " - "hosts or networks." - msgstr "" -+"إضافة منافذ أو نطاقات منافذ يجب الوصول إليها من كل المضيفين أو الشبكات." - - #: ../src/firewall-config.glade.h:144 - msgid "Edit Entry" -@@ -1321,18 +1364,20 @@ msgid "" - "Add additional source ports or port ranges, which need to be accessible for " - "all hosts or networks." - msgstr "" -+"إضافة منافذ مصادر أو نطاقات منافذ يجب الوصول إليها من كل المضيفين أو الشبكات." -+"" - - #: ../src/firewall-config.glade.h:147 - msgid "Source Port" --msgstr "" -+msgstr "منفذ مصدر" - - #: ../src/firewall-config.glade.h:148 - msgid "Netfilter helper modules are needed for some services." --msgstr "" -+msgstr "تحتاج بعض الخدمات إلى الوحدات النمطية المساعدة لـ Netfilter." - - #: ../src/firewall-config.glade.h:149 - msgid "Modules" --msgstr "" -+msgstr "الوحدات النمطية" - - #: ../src/firewall-config.glade.h:150 - msgid "" -@@ -1340,46 +1385,52 @@ msgid "" - "the destination address and type. If both entries are empty, there is no " - "limitation." - msgstr "" -+"إذا حددت عناوين وجهة، فسيتم تحديد إدخال الخدمة بعنوان الوجهة والنوع. وإذا " -+"كان الإدخالان فارغانن فلن توجد أي حدود." - - #: ../src/firewall-config.glade.h:151 - msgid "IPv4:" --msgstr "" -+msgstr "IPv4:" - - #: ../src/firewall-config.glade.h:152 - msgid "IPv6:" --msgstr "" -+msgstr "IPv6:" - - #: ../src/firewall-config.glade.h:153 - msgid "" - "Services can only be changed in the permanent configuration view. The " - "runtime configuration of services is fixed." - msgstr "" -+"لا يمكن تغيير الخدمات إلا في عرض التكوين الدائم. تكوين وقت تشغيل الخدمة ثابت." -+"" - - #: ../src/firewall-config.glade.h:154 - msgid "" - "An IPSet can be used to create white or black lists and is able to store for " - "example IP addresses, port numbers or MAC addresses. " - msgstr "" -+"يمكن استخدام IPSet لإنشاء قوائم بيضاء أو سوداء ويمكنه تخزين على سبيل المثال، " -+"عناوين IP أو أعداد المنافذ أو عناوين MAC." - - #: ../src/firewall-config.glade.h:155 - msgid "IPSet" --msgstr "" -+msgstr "IPSet" - - #: ../src/firewall-config.glade.h:156 - msgid "Add IPSet" --msgstr "" -+msgstr "إضافة IPSet" - - #: ../src/firewall-config.glade.h:157 - msgid "Edit IPSet" --msgstr "" -+msgstr "تحرير IPSet" - - #: ../src/firewall-config.glade.h:158 - msgid "Remove IPSet" --msgstr "" -+msgstr "إزالة IPSet" - - #: ../src/firewall-config.glade.h:159 - msgid "Load IPSet Defaults" --msgstr "" -+msgstr "تحميل الإعدادات الافتراضية لـ IPSet" - - #: ../src/firewall-config.glade.h:160 - msgid "" -@@ -1388,57 +1439,66 @@ msgid "" - "added by firewalld. Entries, that have been directly added with the ipset " - "command wil not be listed here." - msgstr "" -+"إدخالات IPSet. لن تتمكن إلا من رؤية إدخالات ipsets التي لا تستخدم خيار " -+"انتهاء المهلة الزمنية، وكذلك الإدخالات التي تمت إضافتها بواسطة firewalld. لن " -+"يتم إدراج الإدخالات التي تمت إضافتها مباشرة بأمر ipset هنا." - - #: ../src/firewall-config.glade.h:161 - msgid "" - "This IPSet uses the timeout option, therefore no entries are visible here. " - "The entries should be taken care directly with the ipset command." - msgstr "" -+"يستخدم IPSet هذا خيار انتهاء المهلة الزمنية، لذا لا توجد إدخالات مرئية هنا. " -+"يجب الاهتمام بالإدخالات مباشرة بأمر ipset." - - #: ../src/firewall-config.glade.h:162 - msgid "Add" --msgstr "" -+msgstr "إضافة" - - #: ../src/firewall-config.glade.h:164 - msgid "Entries" --msgstr "" -+msgstr "إدخالات" - - #: ../src/firewall-config.glade.h:165 - msgid "" - "IPSets can only be created or deleted in the permanent configuration view." --msgstr "" -+msgstr "لا يمكن إنشاء IPSets أو حذفه إلا في عرض التكوين الدائم." - - #: ../src/firewall-config.glade.h:166 - msgid "" - "A firewalld icmptype provides the information for an Internet Control " - "Message Protocol (ICMP) type for firewalld." - msgstr "" -+"يوفر نوع icmp في firewalld معلومات لنوع بروتوكول رسائل تحكم الإنترنت (ICMP) " -+"لـ firewalld." - - #: ../src/firewall-config.glade.h:167 - msgid "Add ICMP Type" --msgstr "" -+msgstr "إضافة نوع ICMP" - - #: ../src/firewall-config.glade.h:168 - msgid "Edit ICMP Type" --msgstr "" -+msgstr "تحرير نوع ICMP" - - #: ../src/firewall-config.glade.h:169 - msgid "Remove ICMP Type" --msgstr "" -+msgstr "إزالة نوع ICMP" - - #: ../src/firewall-config.glade.h:170 - msgid "Load ICMP Type Defaults" --msgstr "" -+msgstr "تحميل الإعدادات الافتراضية لنوع ICMP" - - #: ../src/firewall-config.glade.h:171 - msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." --msgstr "" -+msgstr "تحديد إذا كان نوع ICMP هذا متوفرًا لـ IPv4 و/أو IPv6." - - #: ../src/firewall-config.glade.h:172 - msgid "" - "ICMP Types can only be changed in the permanent configuration view. The " - "runtime configuration of ICMP Types is fixed." - msgstr "" -+"لا يمكن تغيير أنواع ICMP إلا في عرض التكوين الدائم. تكوين وقت التشغيل لأنواع " -+"ICMP ثابت." - - #: ../src/firewall-config.glade.h:173 - msgid "" -@@ -1447,10 +1507,13 @@ msgid "" - "are using ports that are unrelated to the signaling connection and are " - "therefore blocked by the firewall without the helper." - msgstr "" -+"يقوم مساعد تتبع الاتصال بالمساعدة في عمل البروتوكولات التي تعمل باستخدام " -+"تدفقات مختلفة لنقل البيانات والإشارات. تستخدم عمليات نقل البيانات منافذ غير " -+"متعلقة باتصال الإشارات لذا يحجبها الجدار الناري بدون المساعد." - - #: ../src/firewall-config.glade.h:174 - msgid "Define ports or port ranges, which are monitored by the helper." --msgstr "" -+msgstr "تعريف المنافذ أو نطاقات المنافذ التي يراقبها المساعد." - - #: ../src/firewall-config.glade.h:175 - msgid "" -@@ -1459,6 +1522,10 @@ msgid "" - "commands, parameters and targets. Direct configuration should be used only " - "as a last resort when it is not possible to use other firewalld features." - msgstr "" -+"يوفر التكوين المباشر وصولاً أكثر مباشرة إلى الجدار الناري. تتطلب هذه " -+"الخيارات من المستخدم معرفة مفاهيم iptables الأساسية وهي الجداول والسلاسل " -+"والأوامر والمعلمات والأهداف. يجب استخدام التكوين المباشر كملاذ أخير فقط " -+"عندما لا يمكن استخدام ميزات firewalld الأخرى." - - #: ../src/firewall-config.glade.h:176 - msgid "" -@@ -1466,31 +1533,33 @@ msgid "" - "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " - "bridges (ebtables)." - msgstr "" -+"يجب أن تكون وسيطة ipv لكل خيار ipv4 أو ipv6 أو eb. مع ipv4 سيكون لـ " -+"iptables، ومع ipv6 لـ ip6tables، ومع eb لجسور الإيثيرنت (ebtables)." - - #: ../src/firewall-config.glade.h:177 - msgid "Additional chains for use with rules." --msgstr "" -+msgstr "سلاسل إضافية للاستخدام باستخدام القواعد." - - #: ../src/firewall-config.glade.h:178 - msgid "Add Chain" --msgstr "" -+msgstr "إضافة سلسلة" - - #: ../src/firewall-config.glade.h:179 - msgid "Edit Chain" --msgstr "" -+msgstr "تحرير سلسلة" - - #: ../src/firewall-config.glade.h:180 - msgid "Remove Chain" --msgstr "" -+msgstr "إزالة سلسلة" - - #: ../src/firewall-config.glade.h:181 - msgid "Chains" --msgstr "" -+msgstr "السلاسل" - - #: ../src/firewall-config.glade.h:182 - msgid "" - "Add a rule with the arguments args to a chain in a table with a priority." --msgstr "" -+msgstr "إضافة قاعدة بالوسيطات args لسلسلة في جدول بأولوية." - - #: ../src/firewall-config.glade.h:183 - msgid "" -@@ -1501,22 +1570,27 @@ msgid "" - "after another one, use a low priority for the first and a higher for the " - "following." - msgstr "" -+"يتم استخدام الأولوية لترتيب القواعد. تعني الأولوية 0 إضافة قاعدة في أعلى " -+"السلسلة، ومع أولوية عالية تتم إضافة القاعدة في مكان أقل. وتتم إضافة القواعد " -+"التي لها نفس الأولوية على نفس المستوى ولا يكون ترتيب هذه القواعد ثابتًا وقد " -+"يتغير. إذا كنت تريد التأكد من إضافة قاعدة بعد واحدة أخرى، استخدم أولوية أقل " -+"للأولى وأعلى للتالية." - - #: ../src/firewall-config.glade.h:184 - msgid "Add Rule" --msgstr "" -+msgstr "إضافة قاعدة" - - #: ../src/firewall-config.glade.h:185 - msgid "Edit Rule" --msgstr "" -+msgstr "تحرير قاعدة" - - #: ../src/firewall-config.glade.h:186 - msgid "Remove Rule" --msgstr "" -+msgstr "إزالة قاعدة" - - #: ../src/firewall-config.glade.h:187 - msgid "Rules" --msgstr "" -+msgstr "القواعد" - - #: ../src/firewall-config.glade.h:188 - msgid "" -@@ -1524,26 +1598,29 @@ msgid "" - "not placed in special chains. All iptables, ip6tables and ebtables options " - "can be used." - msgstr "" -+"يتم تمرير قواعد المرور للجدار الناري ولا يتم وضعها في سلسلة خاصة. يمكن " -+"استخدام خيارات iptables وip6tables وebtables." - - #: ../src/firewall-config.glade.h:189 - msgid "Please be careful with passthrough rules to not damage the firewall." - msgstr "" -+"الرجاء الحذر في التعامل مع قاعد المرور حتى لا يتم تدمير الجدار الناري." - - #: ../src/firewall-config.glade.h:190 - msgid "Add Passthrough" --msgstr "" -+msgstr "إضافة مرور" - - #: ../src/firewall-config.glade.h:191 - msgid "Edit Passthrough" --msgstr "" -+msgstr "تحرير مرور" - - #: ../src/firewall-config.glade.h:192 - msgid "Remove Passthrough" --msgstr "" -+msgstr "إزالة مرور" - - #: ../src/firewall-config.glade.h:193 - msgid "Passthrough" --msgstr "" -+msgstr "المرور" - - #: ../src/firewall-config.glade.h:194 - msgid "" -@@ -1551,6 +1628,9 @@ msgid "" - "firewalld. It limits changes to the firewall. The lockdown whitelist can " - "contain commands, contexts, users and user ids." - msgstr "" -+"ميزة الإقفال التام هي الإصدار الأصغر من سياسات التطبيقات والمستخدمين لـ " -+"firewalld. فهي تحد من تغييرات الجدار الناري. قد تحتوي القائمة البيضاء " -+"للإقفال التام على الأوامر والسياقات والمستخدمين ومعرفات المستخدمين." - - #: ../src/firewall-config.glade.h:195 - msgid "" -@@ -1558,22 +1638,24 @@ msgid "" - "service. To get the context of a running application use ps -e --" - "context." - msgstr "" -+"السياق هو سياق أمان (SELinux) لتطبيق أو خدمة تعمل. للوصول إلى تطبيق أو خدمة " -+"تعمل، استخدم ps -e --context." - - #: ../src/firewall-config.glade.h:196 - msgid "Add Context" --msgstr "" -+msgstr "إضافة سياق" - - #: ../src/firewall-config.glade.h:197 - msgid "Edit Context" --msgstr "" -+msgstr "تحرير سياق" - - #: ../src/firewall-config.glade.h:198 - msgid "Remove Context" --msgstr "" -+msgstr "إزالة سياق" - - #: ../src/firewall-config.glade.h:199 - msgid "Contexts" --msgstr "" -+msgstr "السياقات" - - #: ../src/firewall-config.glade.h:200 - msgid "" -@@ -1581,180 +1663,183 @@ msgid "" - "command lines starting with the command will match. If the '*' is not there " - "the absolute command inclusive arguments must match." - msgstr "" -+"إذا كان إدخال أمر في القائمة البيضاء ينتهي بعلامة نجمية '*'، فستتطابق كل " -+"سطور الأوامر التي تبدأ بالأمر. إذا لم توجد '*'، يجب أن تطابق الوسيطة الشاملة " -+"الأمر المطلق." - - #: ../src/firewall-config.glade.h:201 - msgid "Add Command Line" --msgstr "" -+msgstr "إضافة سطر أمر" - - #: ../src/firewall-config.glade.h:202 - msgid "Edit Command Line" --msgstr "" -+msgstr "تحرير سطر أمر" - - #: ../src/firewall-config.glade.h:203 - msgid "Remove Command Line" --msgstr "" -+msgstr "إزالة سطر أمر" - - #: ../src/firewall-config.glade.h:204 - msgid "Command lines" --msgstr "" -+msgstr "سطور الأوامر" - - #: ../src/firewall-config.glade.h:205 - msgid "User names." --msgstr "" -+msgstr "أسماء المستخدمين." - - #: ../src/firewall-config.glade.h:206 - msgid "Add User Name" --msgstr "" -+msgstr "إضافة اسم مستخدم" - - #: ../src/firewall-config.glade.h:207 - msgid "Edit User Name" --msgstr "" -+msgstr "تحرير اسم مستخدم" - - #: ../src/firewall-config.glade.h:208 - msgid "Remove User Name" --msgstr "" -+msgstr "إزالة اسم مستخدم" - - #: ../src/firewall-config.glade.h:209 - msgid "User names" --msgstr "" -+msgstr "أسماء المستخدمين" - - #: ../src/firewall-config.glade.h:210 - msgid "User ids." --msgstr "" -+msgstr "معرفات المستخدمين." - - #: ../src/firewall-config.glade.h:211 - msgid "Add User Id" --msgstr "" -+msgstr "إضافة معرف مستخدم" - - #: ../src/firewall-config.glade.h:212 - msgid "Edit User Id" --msgstr "" -+msgstr "تحرير معرف مستخدم" - - #: ../src/firewall-config.glade.h:213 - msgid "Remove User Id" --msgstr "" -+msgstr "إزالة معرف مستخدم" - - #: ../src/firewall-config.glade.h:214 - msgid "User Ids" --msgstr "" -+msgstr "معرفات المستخدمين" - - #: ../src/firewall-config.glade.h:215 - msgid "Current default zone of the system." --msgstr "" -+msgstr "المنطقة الافتراضية الحالية للنظام." - - #: ../src/firewall-config.glade.h:216 - msgctxt "" - "Meaning: Log of denied packets. But this is too long. LogDenied is also the " - "parameter used in firewalld.conf." - msgid "Log Denied:" --msgstr "" -+msgstr "تم رفض السجل:" - - #: ../src/firewall-config.glade.h:217 - msgid "Panic Mode:" --msgstr "" -+msgstr "وضع الفزع:" - - #: ../src/firewall-config.glade.h:218 - msgctxt "" - "Meaning: Log of denied packets. But this is too long. LogDenied is also the " - "parameter used in firewalld.conf." - msgid "Automatic Helpers:" --msgstr "" -+msgstr "المساعدون التلقائيون:" - - #: ../src/firewall-config.glade.h:219 - msgid "Lockdown:" --msgstr "" -+msgstr "الإقفال التام:" - - #: ../src/firewall-config.glade.h:220 - msgid "Default Zone:" --msgstr "" -+msgstr "المنطقة الافتراضية:" - - #: ../src/firewall-config.glade.h:222 - msgid "Please enter an interface name:" --msgstr "" -+msgstr "الرجاء إدخال اسم واجهة:" - - #: ../src/firewall-config.glade.h:223 - msgid "Base IPSet Settings" --msgstr "" -+msgstr "إعدادات IPSet الأساسية" - - #: ../src/firewall-config.glade.h:224 - msgid "Please configure base ipset settings:" --msgstr "" -+msgstr "الرجاء تكوين إعدادات ipset الأساسية:" - - #: ../src/firewall-config.glade.h:225 - msgid "Type:" --msgstr "" -+msgstr "النوع:" - - #: ../src/firewall-config.glade.h:226 - msgid "Timeout:" --msgstr "" -+msgstr "انتهاء المهلة الزمنية:" - - #: ../src/firewall-config.glade.h:227 - msgid "Hashsize:" --msgstr "" -+msgstr "حجم هاش:" - - #: ../src/firewall-config.glade.h:228 - msgid "Maxelem:" --msgstr "" -+msgstr "Maxelem:" - - #: ../src/firewall-config.glade.h:229 - msgid "Timeout value in seconds" --msgstr "" -+msgstr "قيمة انتهاء المهلة الزمنية بالثواني" - - #: ../src/firewall-config.glade.h:230 - msgid "Initial hash size, default 1024" --msgstr "" -+msgstr "حجم هاش الأولي، الافتراضي 1024" - - #: ../src/firewall-config.glade.h:231 - msgid "Max number of elements, default 65536" --msgstr "" -+msgstr "الحد الأقصى لعدد العناصر، الافتراضي 65536" - - #: ../src/firewall-config.glade.h:232 - msgid "Please select an ipset:" --msgstr "" -+msgstr "الرجاء تحديد ipset:" - - #: ../src/firewall-config.glade.h:234 - msgid "Please enter an ipset entry:" --msgstr "" -+msgstr "الرجاء توفير إدخال ipset:" - - #: ../src/firewall-config.glade.h:235 - msgid "Log Denied" --msgstr "" -+msgstr "رفض السجل" - - #: ../src/firewall-config.glade.h:236 - msgid "Please select the log denied value:" --msgstr "" -+msgstr "الرجاء تحديد قيمة رفض السجل:" - - #: ../src/firewall-config.glade.h:237 - msgid "Mark" --msgstr "" -+msgstr "علامة" - - #: ../src/firewall-config.glade.h:238 - msgid "Please enter a mark with an optional mask." --msgstr "" -+msgstr "الرجاء إدخال علامة بقناع اختياري." - - #: ../src/firewall-config.glade.h:239 - msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." --msgstr "" -+msgstr "يصل عرض حقلي العلامة والقناع إلى 32 بت بأرقام غير موقعة." - - #: ../src/firewall-config.glade.h:240 - msgid "Mark:" --msgstr "" -+msgstr "العلامة:" - - #: ../src/firewall-config.glade.h:241 - msgid "Mask:" --msgstr "" -+msgstr "القناع:" - - #: ../src/firewall-config.glade.h:242 - msgid "Please select a netfilter conntrack helper:" --msgstr "" -+msgstr "الرجاء تحديد مساعد تتبع اتصال netfilter:" - - #: ../src/firewall-config.glade.h:243 - msgid "- Select -" --msgstr "" -+msgstr "- تحديد -" - - #: ../src/firewall-config.glade.h:244 - msgid "Other Module:" --msgstr "" -+msgstr "وحدة نمطية أخرى:" - - #: ../src/firewall-config.glade.h:245 - msgid "Port and Protocol" -@@ -1762,142 +1847,144 @@ msgstr "المنفذ والميفاق" - - #: ../src/firewall-config.glade.h:246 - msgid "Please enter a port and protocol." --msgstr "" -+msgstr "الرجاء إدخال منفذ وبروتوكول." - - #: ../src/firewall-config.glade.h:247 - msgid "Direct Rule" --msgstr "" -+msgstr "قاعدة مباشرة" - - #: ../src/firewall-config.glade.h:248 - msgid "Please select ipv and table, chain priority and enter the args." --msgstr "" -+msgstr "الرجاء تحديد ipv وجدول وأولوية سلسلة وإدخال الوسيطات." - - #: ../src/firewall-config.glade.h:249 - msgid "Priority:" --msgstr "" -+msgstr "الأولوية:" - - #: ../src/firewall-config.glade.h:251 - msgid "Please enter a protocol." --msgstr "" -+msgstr "الرجاء إدخال بروتوكول." - - #: ../src/firewall-config.glade.h:252 - msgid "Other Protocol:" --msgstr "" -+msgstr "بروتوكول أخر:" - - #: ../src/firewall-config.glade.h:253 - msgid "Rich Rule" --msgstr "" -+msgstr "قاعدة منسقة" - - #: ../src/firewall-config.glade.h:254 - msgid "Please enter a rich rule." --msgstr "" -+msgstr "الرجاء إدخال قاعدة منسقة." - - #: ../src/firewall-config.glade.h:255 - msgid "For host or network white or blacklisting deactivate the element." --msgstr "" -+msgstr "للقائمة البيضاء أو السوداء لمضيف أو شبكة، قم بإلغاء تنشيط العنصر." - - #: ../src/firewall-config.glade.h:256 - msgid "Source:" --msgstr "" -+msgstr "المصدر:" - - #: ../src/firewall-config.glade.h:257 - msgid "Destination:" --msgstr "" -+msgstr "الوجهة:" - - #: ../src/firewall-config.glade.h:258 - msgid "Log:" --msgstr "" -+msgstr "السجل:" - - #: ../src/firewall-config.glade.h:259 - msgid "Audit:" --msgstr "" -+msgstr "التدقيق:" - - #: ../src/firewall-config.glade.h:260 - msgid "ipv4 and ipv6" --msgstr "" -+msgstr "ipv4 وipv6" - - #: ../src/firewall-config.glade.h:261 - msgid "inverted" --msgstr "" -+msgstr "معكوس" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" -+"لتمكين هذا، يجب أن يكون الإجراء 'رفض' والعائلة إما 'ipv4' أو 'ipv6' (ليس " -+"كلاهما)" - - #: ../src/firewall-config.glade.h:267 - msgid "with Type:" --msgstr "" -+msgstr "مع النوع:" - - #: ../src/firewall-config.glade.h:268 - msgid "With limit:" --msgstr "" -+msgstr "بالحد:" - - #: ../src/firewall-config.glade.h:269 - msgid "/" --msgstr "" -+msgstr "/" - - #: ../src/firewall-config.glade.h:274 - msgid "Prefix:" --msgstr "" -+msgstr "البادئة:" - - #: ../src/firewall-config.glade.h:275 - msgid "Level:" --msgstr "" -+msgstr "المستوى:" - - #: ../src/firewall-config.glade.h:292 - msgid "Element:" --msgstr "" -+msgstr "العنصر:" - - #: ../src/firewall-config.glade.h:293 - msgid "Action:" --msgstr "" -+msgstr "الإجراء:" - - #: ../src/firewall-config.glade.h:294 - msgid "Base Service Settings" --msgstr "" -+msgstr "إعدادات الخدمة الأساسية" - - #: ../src/firewall-config.glade.h:295 - msgid "Please configure base service settings:" --msgstr "" -+msgstr "الرجاء تكوين إعدادات الخدمة الأساسية:" - - #: ../src/firewall-config.glade.h:296 - msgid "Please select a service." --msgstr "" -+msgstr "الرجاء تحديد خدمة." - - #: ../src/firewall-config.glade.h:297 - msgid "Please enter a source." --msgstr "" -+msgstr "الرجاء إدخال مصدر." - - #: ../src/firewall-config.glade.h:298 - msgid "User ID" --msgstr "" -+msgstr "معرف المستخدم" - - #: ../src/firewall-config.glade.h:299 - msgid "Please enter the user id." --msgstr "" -+msgstr "الرجاء إدخال معرف المستخدم." - - #: ../src/firewall-config.glade.h:301 - msgid "Please enter the user name." --msgstr "" -+msgstr "الرجاء إدخال اسم المستخدم." - - #: ../src/firewall-config.glade.h:302 - msgid "label" --msgstr "" -+msgstr "التسمية" - - #: ../src/firewall-config.glade.h:303 - msgid "Base Zone Settings" --msgstr "" -+msgstr "إعدادات المنطقة الأساسية" - - #: ../src/firewall-config.glade.h:304 - msgid "Please configure base zone settings:" --msgstr "" -+msgstr "الرجاء تكوين إعدادات المنطقة الأساسية:" - - #: ../src/firewall-config.glade.h:305 - msgid "Default Target" --msgstr "" -+msgstr "الهدف الافتراضي" - - #: ../src/firewall-config.glade.h:306 - msgid "Target:" --msgstr "" -+msgstr "الهدف:" -diff --git a/po/as.po b/po/as.po -index d68afe622802..f26b59c83d99 100644 ---- a/po/as.po -+++ b/po/as.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # Amitakhya Phukan , 2006 - # Amitakhya Phukan , 2007-2010 -@@ -14,14 +14,14 @@ msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=UTF-8\n" -+"Content-Transfer-Encoding: 8bit\n" - "PO-Revision-Date: 2016-01-04 12:15+0000\n" - "Last-Translator: Copied by Zanata \n" - "Language-Team: Assamese (http://www.transifex.com/projects/p/firewalld/" - "language/as/)\n" - "Language: as\n" --"MIME-Version: 1.0\n" --"Content-Type: text/plain; charset=UTF-8\n" --"Content-Transfer-Encoding: 8bit\n" - "Plural-Forms: nplurals=2; plural=(n != 1);\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -74,15 +74,17 @@ msgstr "শিল্ড আপ/ডাউন অঞ্চলবোৰ সংৰ - - #: ../src/firewall-applet.in:220 - msgid "Here you can select the zones used for Shields Up and Shields Down." --msgstr "ইয়াত আপুনি শিল্ড আপ আৰু শিল্ড ডাউনৰ বাবে ব্যৱহৃত অঞ্চলবোৰ বাছিব পাৰিব।" -+msgstr "" -+"ইয়াত আপুনি শিল্ড আপ আৰু শিল্ড ডাউনৰ বাবে ব্যৱহৃত অঞ্চলবোৰ বাছিব পাৰিব।" - - #: ../src/firewall-applet.in:226 - msgid "" - "This feature is useful for people using the default zones mostly. For users, " - "that are changing zones of connections, it might be of limited use." - msgstr "" --"এই বৈশিষ্ট্য অবিকল্পিত অঞ্চলবোৰ ব্যৱহাৰ কৰা লোকৰ বাবে উপযোগী। ব্যৱহাৰকাৰীসকল, " --"যিসকলে সংযোগসমূহৰ অঞ্চলসমূহ পৰিবৰ্তন কৰি আছে, ইয়াৰ ব্যৱহাৰ সীমিত হব।" -+"এই বৈশিষ্ট্য অবিকল্পিত অঞ্চলবোৰ ব্যৱহাৰ কৰা লোকৰ বাবে উপযোগী। " -+"ব্যৱহাৰকাৰীসকল, যিসকলে সংযোগসমূহৰ অঞ্চলসমূহ পৰিবৰ্তন কৰি আছে, ইয়াৰ ব্যৱহাৰ " -+"সীমিত হব।" - - #: ../src/firewall-applet.in:235 - msgid "Shields Up Zone:" -@@ -204,7 +206,8 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" - "আন্তঃপৃষ্ঠ '{interface}' ত সংযোগ '{connection}' ৰ বাবে সক্ৰিয় অঞ্চল '{zone}'" - -@@ -260,12 +263,13 @@ msgid "" - "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " - "interface '{interface}'" - msgstr "" --"আন্তঃপৃষ্ঠ '{interface}' ত সংযোগ '{connection}' ৰ বাবে অঞ্চল " --"'{zone}' {activated_deactivated}" -+"আন্তঃপৃষ্ঠ '{interface}' ত সংযোগ '{connection}' ৰ বাবে অঞ্চল '{zone}' " -+"{activated_deactivated}" - - #: ../src/firewall-applet.in:1047 - msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" --msgstr "আন্তঃপৃষ্ঠ '{interface}' ৰ বাবে অঞ্চল '{zone}' {activated_deactivated}" -+msgstr "" -+"আন্তঃপৃষ্ঠ '{interface}' ৰ বাবে অঞ্চল '{zone}' {activated_deactivated}" - - #: ../src/firewall-applet.in:1070 - #, c-format -@@ -644,12 +648,11 @@ msgstr "ipv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" --"অন্য চিস্টেমলৈ ফৰৱাৰ্ড কৰাটো কেৱল তেতিয়াহে লাভদায়ক যেতিয়া আন্তঃপৃষ্ঠ মাস্কুৰেডেড " --"থাকে।\n" -+"অন্য চিস্টেমলৈ ফৰৱাৰ্ড কৰাটো কেৱল তেতিয়াহে লাভদায়ক যেতিয়া আন্তঃপৃষ্ঠ " -+"মাস্কুৰেডেড থাকে।\n" - "আপুনি এই অঞ্চলটো মাস্কুৰেড কৰিব বিচাৰে নে?" - - #: ../src/firewall-config.in:5376 -@@ -834,8 +837,8 @@ msgid "" - "If you enable local forwarding, you have to specify a port. This port has to " - "be different to the source port." - msgstr "" --"স্থানীয় ভাবে আগবঢ়োৱা সক্ৰিয় কৰিলে, আপুনি এটা প'ৰ্ট নিৰ্ধাৰিত কৰিব লাগিব ।এই প'ৰ্ট " --"উৎসৰ প'ৰ্টৰ পৰা বেলেগ হ'ব লাগি ব ।" -+"স্থানীয় ভাবে আগবঢ়োৱা সক্ৰিয় কৰিলে, আপুনি এটা প'ৰ্ট নিৰ্ধাৰিত কৰিব লাগিব ।এই " -+"প'ৰ্ট উৎসৰ প'ৰ্টৰ পৰা বেলেগ হ'ব লাগি ব ।" - - #: ../src/firewall-config.glade.h:30 - msgid "Local forwarding" -@@ -943,9 +946,9 @@ msgid "" - "runtime configuration. i.e. all runtime only changes done until reload are " - "lost with reload if they have not been also in permanent configuration." - msgstr "" --"ফায়াৰৱাল নিয়মসমূহ পুনৰ ল'ড কৰে। বৰ্তমান চলনসময় সংৰূপ নতুন চলনসময় অংৰূপ হ'ব, অৰ্থাত " --"পুনৰ ল'ড হোৱালৈ সকলো কেৱল চলনসময় পৰিবৰ্তনসমূহ পুনৰ ল'ডৰ সৈতে নহোৱা হব যদি সিহতো " --"স্থায়ী সংৰূপত নাথাকিল হেতেন।" -+"ফায়াৰৱাল নিয়মসমূহ পুনৰ ল'ড কৰে। বৰ্তমান চলনসময় সংৰূপ নতুন চলনসময় অংৰূপ হ'ব, " -+"অৰ্থাত পুনৰ ল'ড হোৱালৈ সকলো কেৱল চলনসময় পৰিবৰ্তনসমূহ পুনৰ ল'ডৰ সৈতে নহোৱা হব " -+"যদি সিহতো স্থায়ী সংৰূপত নাথাকিল হেতেন।" - - #: ../src/firewall-config.glade.h:60 - msgid "Change which zone a network connection belongs to." -@@ -977,7 +980,8 @@ msgstr "" - - #: ../src/firewall-config.glade.h:68 - msgid "Panic mode means that all incoming and outgoing packets are dropped." --msgstr "পেনিক অৱস্থাৰ অৰ্থ সকলো অন্তৰগামী আৰু বহিৰ্গামী পেকেটসমূহ ড্ৰপ কৰা হব।" -+msgstr "" -+"পেনিক অৱস্থাৰ অৰ্থ সকলো অন্তৰগামী আৰু বহিৰ্গামী পেকেটসমূহ ড্ৰপ কৰা হব।" - - #: ../src/firewall-config.glade.h:69 - msgid "Panic Mode" -@@ -988,8 +992,8 @@ msgid "" - "Lockdown locks firewall configuration so that only applications on lockdown " - "whitelist are able to change it." - msgstr "" --"লকডাউনে ফায়াৰৱাল সংৰূপ লক কৰে যাতে কেৱল লকডাউন হোৱাইটলিস্টত থকা এপ্লিকেচনসমূহে " --"ইয়াক পৰিবৰ্তন কৰিব পাৰে।" -+"লকডাউনে ফায়াৰৱাল সংৰূপ লক কৰে যাতে কেৱল লকডাউন হোৱাইটলিস্টত থকা " -+"এপ্লিকেচনসমূহে ইয়াক পৰিবৰ্তন কৰিব পাৰে।" - - #: ../src/firewall-config.glade.h:71 - msgid "Lockdown" -@@ -1063,8 +1067,8 @@ msgid "" - "configuration. Permanent configuration will be active after service or " - "system reload or restart." - msgstr "" --"বৰ্তমানে দৃশ্য সংৰূপ। চলনসময় সংৰূপ হল প্ৰকৃত সক্ৰিয় সংৰূপ। স্থায়ী সংৰূপ সেৱাৰ পিছত অথবা " --"চিস্টেম পুনৰ ল'ড অথবা পুনাৰম্ভৰ পিছত সক্ৰিয় হব।" -+"বৰ্তমানে দৃশ্য সংৰূপ। চলনসময় সংৰূপ হল প্ৰকৃত সক্ৰিয় সংৰূপ। স্থায়ী সংৰূপ " -+"সেৱাৰ পিছত অথবা চিস্টেম পুনৰ ল'ড অথবা পুনাৰম্ভৰ পিছত সক্ৰিয় হব।" - - #: ../src/firewall-config.glade.h:88 - msgid "" -@@ -1074,10 +1078,11 @@ msgid "" - "filters and rich rules. The zone can be bound to interfaces and source " - "addresses." - msgstr "" --"এটা firewalld অঞ্চলে নেটৱাৰ্ক সংযোগসমূহ, আন্তঃপৃষ্ঠসমূহ আৰু অঞ্চলৰ সৈতে সংযুক্ত উৎস " --"ঠিকনাসমূহৰ বাবে ভৰষাৰ স্তৰৰ বিৱৰণ দিয়ে। অঞ্চলে সেৱাসমূহ, পৰ্টসমূহ, প্ৰটোকলসমূহ, " --"ছদ্মবেশ, পৰ্ট/পেকেট ফৰৱাৰ্ডিং, icmp, ফিল্টাৰসমূহ আৰু সমৃদ্ধ নিয়মসমূহ একত্ৰিত কৰে। " --"অঞ্চলক আন্তঃপৃষ্ঠসমূহ আৰু উৎস ঠিকনাসমূহলৈ সংযুক্ত কৰিব পাৰি।" -+"এটা firewalld অঞ্চলে নেটৱাৰ্ক সংযোগসমূহ, আন্তঃপৃষ্ঠসমূহ আৰু অঞ্চলৰ সৈতে " -+"সংযুক্ত উৎস ঠিকনাসমূহৰ বাবে ভৰষাৰ স্তৰৰ বিৱৰণ দিয়ে। অঞ্চলে সেৱাসমূহ, " -+"পৰ্টসমূহ, প্ৰটোকলসমূহ, ছদ্মবেশ, পৰ্ট/পেকেট ফৰৱাৰ্ডিং, icmp, ফিল্টাৰসমূহ আৰু " -+"সমৃদ্ধ নিয়মসমূহ একত্ৰিত কৰে। অঞ্চলক আন্তঃপৃষ্ঠসমূহ আৰু উৎস ঠিকনাসমূহলৈ " -+"সংযুক্ত কৰিব পাৰি।" - - #: ../src/firewall-config.glade.h:90 - msgid "Add Zone" -@@ -1102,8 +1107,9 @@ msgid "" - "connections, interfaces and sources bound to this zone." - msgstr "" - "ইয়াত আপুনি বিৱৰণ দিব পাৰিব কোন সেৱাসমূহ অঞ্চলত ভৰষা কৰিব পাৰি। সকলো হস্ট আৰু " --"নেটৱাৰ্কসমূহ যিসমূহে মেনিচক এই অঞ্চলৰ সৈতে সংযুক্ত সংযোগসমূহ, আন্তঃপৃষ্ঠসমূহ আৰু উৎসসমূহৰ " --"পৰা প্ৰাপ্ত কৰিব পাৰে সেইসমূহে ভৰষাবান সেৱাসমূহ অভিগম কৰিব পাৰে।" -+"নেটৱাৰ্কসমূহ যিসমূহে মেনিচক এই অঞ্চলৰ সৈতে সংযুক্ত সংযোগসমূহ, আন্তঃপৃষ্ঠসমূহ " -+"আৰু উৎসসমূহৰ পৰা প্ৰাপ্ত কৰিব পাৰে সেইসমূহে ভৰষাবান সেৱাসমূহ অভিগম কৰিব " -+"পাৰে।" - - #: ../src/firewall-config.glade.h:95 - msgid "Services" -@@ -1114,8 +1120,8 @@ msgid "" - "Add additional ports or port ranges, which need to be accessible for all " - "hosts or networks that can connect to the machine." - msgstr "" --"অতিৰিক্ত পৰ্ট অথবা পৰ্ট বিস্তাৰসমূহ যোগ কৰক, যি মেচিনৰ সৈতে সংযোগ কৰিব পৰা সকলো " --"হস্ট অথবা নেটৱাৰ্কৰ বাবে অভিগম্য হব লাগে।" -+"অতিৰিক্ত পৰ্ট অথবা পৰ্ট বিস্তাৰসমূহ যোগ কৰক, যি মেচিনৰ সৈতে সংযোগ কৰিব পৰা " -+"সকলো হস্ট অথবা নেটৱাৰ্কৰ বাবে অভিগম্য হব লাগে।" - - #: ../src/firewall-config.glade.h:97 - msgid "Add Port" -@@ -1169,9 +1175,10 @@ msgid "" - "network to the internet. Your local network will not be visible and the " - "hosts appear as a single address on the internet. Masquerading is IPv4 only." - msgstr "" --"স্থানীয় নেটৱৰ্ক, ইন্টাৰনেটেৰ সৈতে সংযুক্ত কৰাৰ বাবে গৃহস্থ অথবা ৰাউটাৰ প্ৰস্তুতিৰ সময় " --"Masquerading সহয়াক । আপোনাৰ স্থানীয় নেটৱৰ্ক প্ৰকাশিত নহ'ব আৰু ইন্টাৰনেটে এটা গৃহস্থ " --"ৰূপে প্ৰস্তুত কৰা হ'ব । Masquerading অকল IPv4-ৰ ক্ষেত্ৰত প্ৰযোজ্য ।" -+"স্থানীয় নেটৱৰ্ক, ইন্টাৰনেটেৰ সৈতে সংযুক্ত কৰাৰ বাবে গৃহস্থ অথবা ৰাউটাৰ " -+"প্ৰস্তুতিৰ সময় Masquerading সহয়াক । আপোনাৰ স্থানীয় নেটৱৰ্ক প্ৰকাশিত নহ'ব আৰু " -+"ইন্টাৰনেটে এটা গৃহস্থ ৰূপে প্ৰস্তুত কৰা হ'ব । Masquerading অকল IPv4-ৰ " -+"ক্ষেত্ৰত প্ৰযোজ্য ।" - - #: ../src/firewall-config.glade.h:109 - msgid "Masquerade zone" -@@ -1196,9 +1203,9 @@ msgid "" - "system is only useful if the interface is masqueraded. Port forwarding is " - "IPv4 only." - msgstr "" --"ফৰৱাৰ্ড পৰ্টসমূহলৈ প্ৰৱিষ্টি স্থানীয় চিস্টেমত অথবা স্থানীয় চিস্টেমৰ পৰা অন্য চিস্টেমলৈ " --"এটা পৰ্টৰ পৰা অন্যলৈ যোগ কৰক। আন্তঃপৃষ্ঠ মাস্কুৰেইডেড থাকিলে অন্য চিস্টেমলৈ ফৰৱাৰ্ডিং " --"উপযোগী হয়। পৰ্ট ফৰৱাৰ্ডিং কেৱল IPv4।" -+"ফৰৱাৰ্ড পৰ্টসমূহলৈ প্ৰৱিষ্টি স্থানীয় চিস্টেমত অথবা স্থানীয় চিস্টেমৰ পৰা অন্য " -+"চিস্টেমলৈ এটা পৰ্টৰ পৰা অন্যলৈ যোগ কৰক। আন্তঃপৃষ্ঠ মাস্কুৰেইডেড থাকিলে অন্য " -+"চিস্টেমলৈ ফৰৱাৰ্ডিং উপযোগী হয়। পৰ্ট ফৰৱাৰ্ডিং কেৱল IPv4।" - - #: ../src/firewall-config.glade.h:113 - msgid "Add Forward Port" -@@ -1218,9 +1225,9 @@ msgid "" - "messages between networked computers, but additionally for informational " - "messages like ping requests and replies." - msgstr "" --"ইন্টাৰনেট নিয়ন্ত্ৰণ বাৰ্তা প্ৰটোকল (ICMP) মূখ্যভাৱে নেটৱাৰ্ক কমপিউটাৰসমূহৰ মাজত ত্ৰুটি " --"বাৰ্তাসমূহ পঠাবলৈ ব্যৱহাৰ কৰা হয়, কিন্তু অতিৰিক্তভাৱে তথ্যমূলক বাৰ্তাসমূহ যেনে ping " --"অনুৰোধ আৰু উত্তৰৰ বাবেও ব্যৱহাৰ কৰা হয়।" -+"ইন্টাৰনেট নিয়ন্ত্ৰণ বাৰ্তা প্ৰটোকল (ICMP) মূখ্যভাৱে নেটৱাৰ্ক কমপিউটাৰসমূহৰ " -+"মাজত ত্ৰুটি বাৰ্তাসমূহ পঠাবলৈ ব্যৱহাৰ কৰা হয়, কিন্তু অতিৰিক্তভাৱে তথ্যমূলক " -+"বাৰ্তাসমূহ যেনে ping অনুৰোধ আৰু উত্তৰৰ বাবেও ব্যৱহাৰ কৰা হয়।" - - #: ../src/firewall-config.glade.h:117 - msgid "" -@@ -1269,8 +1276,9 @@ msgid "" - "Add entries to bind interfaces to the zone. If the interface will be used by " - "a connection, the zone will be set to the zone specified in the connection." - msgstr "" --"অঞ্চলৰ সৈতে আন্তহপৃষ্ঠসমূহ সংযুক্ত কৰিবলৈ প্ৰৱিষ্টিসমূহ যোগ কৰক। যদি আন্তঃপৃষ্ঠক এটা " --"সংযোগে ব্যৱহাৰ কৰিব, অঞ্চলক সংযোগত ধাৰ্য্য কৰা অঞ্চললৈ সংহতি কৰা হব।" -+"অঞ্চলৰ সৈতে আন্তহপৃষ্ঠসমূহ সংযুক্ত কৰিবলৈ প্ৰৱিষ্টিসমূহ যোগ কৰক। যদি " -+"আন্তঃপৃষ্ঠক এটা সংযোগে ব্যৱহাৰ কৰিব, অঞ্চলক সংযোগত ধাৰ্য্য কৰা অঞ্চললৈ সংহতি " -+"কৰা হব।" - - #: ../src/firewall-config.glade.h:127 - msgid "Add Interface" -@@ -1312,8 +1320,8 @@ msgid "" - "A firewalld service is a combination of ports, protocols, modules and " - "destination addresses." - msgstr "" --"এটা firewalld সেৱা হল পৰ্টসমূহ, প্ৰটোকলসমূহ, মডিউলসমূহ আৰু গন্তব্য ঠিকনাসমূহৰ এটা " --"সংযুক্তি।" -+"এটা firewalld সেৱা হল পৰ্টসমূহ, প্ৰটোকলসমূহ, মডিউলসমূহ আৰু গন্তব্য " -+"ঠিকনাসমূহৰ এটা সংযুক্তি।" - - #: ../src/firewall-config.glade.h:139 - msgid "Add Service" -@@ -1369,8 +1377,9 @@ msgid "" - "the destination address and type. If both entries are empty, there is no " - "limitation." - msgstr "" --"যদি আপুনি গন্তব্য ঠিকনাসমূহ ধাৰ্য্য কৰে, সেৱা প্ৰৱিষ্টি গন্তব্য ঠিকনা আৰু ধৰণলৈ সীমিত " --"থাকিব। যদি দুয়োটা প্ৰৱিষ্টি ৰিক্ত থাকে, তেন্তে কোনো সীমা নাথাকিব।" -+"যদি আপুনি গন্তব্য ঠিকনাসমূহ ধাৰ্য্য কৰে, সেৱা প্ৰৱিষ্টি গন্তব্য ঠিকনা আৰু " -+"ধৰণলৈ সীমিত থাকিব। যদি দুয়োটা প্ৰৱিষ্টি ৰিক্ত থাকে, তেন্তে কোনো সীমা " -+"নাথাকিব।" - - #: ../src/firewall-config.glade.h:151 - msgid "IPv4:" -@@ -1385,8 +1394,8 @@ msgid "" - "Services can only be changed in the permanent configuration view. The " - "runtime configuration of services is fixed." - msgstr "" --"সেৱাসমূহক কেৱল স্থায়ী সংৰূপ দৰ্শনত পৰিবৰ্তন কৰিব পাৰি। সেৱাসমূহৰ চলনসময় সংৰূপ " --"নিৰ্দিষ্ট কৰা আছে।" -+"সেৱাসমূহক কেৱল স্থায়ী সংৰূপ দৰ্শনত পৰিবৰ্তন কৰিব পাৰি। সেৱাসমূহৰ চলনসময় " -+"সংৰূপ নিৰ্দিষ্ট কৰা আছে।" - - #: ../src/firewall-config.glade.h:154 - msgid "" -@@ -1446,8 +1455,8 @@ msgid "" - "A firewalld icmptype provides the information for an Internet Control " - "Message Protocol (ICMP) type for firewalld." - msgstr "" --"এটা firewalld icmptype এ firewalld ৰ বাবে এটা ইন্টাৰনেট নিয়ন্ত্ৰণ বাৰ্তা প্ৰটোকল " --"(ICMP) ধৰণৰ তথ্য প্ৰদান কৰে।" -+"এটা firewalld icmptype এ firewalld ৰ বাবে এটা ইন্টাৰনেট নিয়ন্ত্ৰণ বাৰ্তা " -+"প্ৰটোকল (ICMP) ধৰণৰ তথ্য প্ৰদান কৰে।" - - #: ../src/firewall-config.glade.h:167 - msgid "Add ICMP Type" -@@ -1474,8 +1483,8 @@ msgid "" - "ICMP Types can only be changed in the permanent configuration view. The " - "runtime configuration of ICMP Types is fixed." - msgstr "" --"ICMP ধৰণসমূহক কেৱল স্থায়ী সংৰূপ দৰ্শনত পৰিবৰ্তন কৰিব পাৰি। ICMP ধৰণসমূহৰ চলনসময় " --"সংৰূপ নিৰ্দিষ্ট কৰা আছে।" -+"ICMP ধৰণসমূহক কেৱল স্থায়ী সংৰূপ দৰ্শনত পৰিবৰ্তন কৰিব পাৰি। ICMP ধৰণসমূহৰ " -+"চলনসময় সংৰূপ নিৰ্দিষ্ট কৰা আছে।" - - #: ../src/firewall-config.glade.h:173 - msgid "" -@@ -1496,10 +1505,11 @@ msgid "" - "commands, parameters and targets. Direct configuration should be used only " - "as a last resort when it is not possible to use other firewalld features." - msgstr "" --"প্ৰত্যক্ষ সংৰূপে ফায়াৰৱাললৈ এটা অধিক প্ৰত্যক্ষ অভিগম প্ৰদান কৰে। এই বিকল্পসমূহৰ বাবে " --"ব্যৱহাৰকাৰী জনে মৌলিক iptables ধাৰণাবোৰ জানিব লাগিব, অৰ্থাত টেবুলসমূহ, শৃংখলসমূহ, " --"কমান্ডসমূহ, প্ৰাচলসমূহ আৰু লক্ষ্যবোৰ। প্ৰত্যক্ষ সংৰূপক কেৱল শেষ উপায় হিচাপে ব্যৱহাৰ কৰিব " --"লাগে যেতিয়া অন্য firewalld বৈশিষ্ট্যসমূহ ব্যৱহাৰ কৰা সম্ভব নহয়।" -+"প্ৰত্যক্ষ সংৰূপে ফায়াৰৱাললৈ এটা অধিক প্ৰত্যক্ষ অভিগম প্ৰদান কৰে। এই " -+"বিকল্পসমূহৰ বাবে ব্যৱহাৰকাৰী জনে মৌলিক iptables ধাৰণাবোৰ জানিব লাগিব, অৰ্থাত " -+"টেবুলসমূহ, শৃংখলসমূহ, কমান্ডসমূহ, প্ৰাচলসমূহ আৰু লক্ষ্যবোৰ। প্ৰত্যক্ষ সংৰূপক " -+"কেৱল শেষ উপায় হিচাপে ব্যৱহাৰ কৰিব লাগে যেতিয়া অন্য firewalld বৈশিষ্ট্যসমূহ " -+"ব্যৱহাৰ কৰা সম্ভব নহয়।" - - #: ../src/firewall-config.glade.h:176 - msgid "" -@@ -1507,8 +1517,8 @@ msgid "" - "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " - "bridges (ebtables)." - msgstr "" --"প্ৰত্যকটো বিকল্পৰ বাবে ipv তৰ্ক ipv4 অথবা ipv6 অথবা eb হব লাগিব। ipv4 ৰ সৈতে ই " --"iptables ৰ বাবে হব, ipv6 ৰ সৈতে ip6tables ৰ বাবে হব আৰু eb ৰ সৈতে ইথাৰনেট " -+"প্ৰত্যকটো বিকল্পৰ বাবে ipv তৰ্ক ipv4 অথবা ipv6 অথবা eb হব লাগিব। ipv4 ৰ সৈতে " -+"ই iptables ৰ বাবে হব, ipv6 ৰ সৈতে ip6tables ৰ বাবে হব আৰু eb ৰ সৈতে ইথাৰনেট " - "ব্ৰিজবোৰ (ebtables) ৰ বাবে হব।" - - #: ../src/firewall-config.glade.h:177 -@@ -1535,7 +1545,8 @@ msgstr "শৃংখলসমূহ" - msgid "" - "Add a rule with the arguments args to a chain in a table with a priority." - msgstr "" --"এটা প্ৰাথমিকতাৰ সৈতে এটা টেবুলৰ শৃংখললৈ তৰ্কসমূহ args ৰ সৈতে এটা নিয়ম যোগ কৰক।" -+"এটা প্ৰাথমিকতাৰ সৈতে এটা টেবুলৰ শৃংখললৈ তৰ্কসমূহ args ৰ সৈতে এটা নিয়ম যোগ " -+"কৰক।" - - #: ../src/firewall-config.glade.h:183 - msgid "" -@@ -1546,11 +1557,12 @@ msgid "" - "after another one, use a low priority for the first and a higher for the " - "following." - msgstr "" --"প্ৰাথমিকতাক নিয়মসমূহক ক্ৰম কৰিবলৈ ব্যৱহাৰ কৰা হয়। প্ৰাথমিকতা 0 ৰ অৰ্থ হল শৃংখলৰ " --"ওপৰত নিময় যোগ কৰা, উচ্চ প্ৰাথমিকতাৰ সৈতে নিয়মক তলত যোগ কৰা হব। একে প্ৰাথমিকতাৰ " --"সৈতে নিয়মসমূহ একেটা স্তৰত থাকে আৰু এই নিয়মসমূহৰ ক্ৰম নিৰ্দিষ্ট নহয় আৰু সলনি হব পাৰে। " --"যদি আপুনি সুনিশ্চিত কৰিব বিচাৰে যে এটা নিয়ম অন্য এটাৰ পিছত যোগ কৰা হব, প্ৰথমটোৰ " --"বাবে এটা নিম্ন প্ৰাথমিকতা ব্যৱহাৰ কৰক আৰু নিম্নলিখিতৰ বাবে এটা উচ্চ ব্যৱহাৰ কৰক:" -+"প্ৰাথমিকতাক নিয়মসমূহক ক্ৰম কৰিবলৈ ব্যৱহাৰ কৰা হয়। প্ৰাথমিকতা 0 ৰ অৰ্থ হল " -+"শৃংখলৰ ওপৰত নিময় যোগ কৰা, উচ্চ প্ৰাথমিকতাৰ সৈতে নিয়মক তলত যোগ কৰা হব। একে " -+"প্ৰাথমিকতাৰ সৈতে নিয়মসমূহ একেটা স্তৰত থাকে আৰু এই নিয়মসমূহৰ ক্ৰম নিৰ্দিষ্ট " -+"নহয় আৰু সলনি হব পাৰে। যদি আপুনি সুনিশ্চিত কৰিব বিচাৰে যে এটা নিয়ম অন্য এটাৰ " -+"পিছত যোগ কৰা হব, প্ৰথমটোৰ বাবে এটা নিম্ন প্ৰাথমিকতা ব্যৱহাৰ কৰক আৰু " -+"নিম্নলিখিতৰ বাবে এটা উচ্চ ব্যৱহাৰ কৰক:" - - #: ../src/firewall-config.glade.h:184 - msgid "Add Rule" -@@ -1574,13 +1586,15 @@ msgid "" - "not placed in special chains. All iptables, ip6tables and ebtables options " - "can be used." - msgstr "" --"পাছথ্ৰু নিয়মসমূহ ফায়াৰৱাললৈ প্ৰত্যক্ষভাৱে প্ৰেৰণ কৰা হয় আৰু বিশেষ শৃংখলত স্থাপন কৰা " --"নহয়। সকলো iptables, ip6tables আৰু ebtables বিকল্পসমূহ ব্যৱহাৰ কৰিব পাৰি।" -+"পাছথ্ৰু নিয়মসমূহ ফায়াৰৱাললৈ প্ৰত্যক্ষভাৱে প্ৰেৰণ কৰা হয় আৰু বিশেষ শৃংখলত " -+"স্থাপন কৰা নহয়। সকলো iptables, ip6tables আৰু ebtables বিকল্পসমূহ ব্যৱহাৰ " -+"কৰিব পাৰি।" - - #: ../src/firewall-config.glade.h:189 - msgid "Please be careful with passthrough rules to not damage the firewall." - msgstr "" --"অনুগ্ৰহ কৰি পাছথ্ৰু নিয়মসমূহ ব্যৱহাৰ কৰোতে সাৱধান হব যাতে ফায়াৰৱাল ক্ষতিগ্ৰস্থ নহয়।" -+"অনুগ্ৰহ কৰি পাছথ্ৰু নিয়মসমূহ ব্যৱহাৰ কৰোতে সাৱধান হব যাতে ফায়াৰৱাল " -+"ক্ষতিগ্ৰস্থ নহয়।" - - #: ../src/firewall-config.glade.h:190 - msgid "Add Passthrough" -@@ -1604,9 +1618,10 @@ msgid "" - "firewalld. It limits changes to the firewall. The lockdown whitelist can " - "contain commands, contexts, users and user ids." - msgstr "" --"লকডাউন বৈশিষ্ট্য firewalld ৰ বাবে ব্যৱহাৰকাৰী আৰু এপ্লিকেচন নীতিসমূহৰ এটা লঘু " --"সংস্কৰণ। ই ফায়াৰৱাললৈ কৰা পৰিবৰ্তনসমূহ সীমিত কৰে। লকডাউন হোৱাইটলিস্টত কমান্ডসমূহ, " --"পৰিপ্ৰেক্ষতিত, ব্যৱহাৰকাৰীসকল আৰু ব্যৱহাৰকাৰী আইডিসমূহ থাকিব পাৰে।" -+"লকডাউন বৈশিষ্ট্য firewalld ৰ বাবে ব্যৱহাৰকাৰী আৰু এপ্লিকেচন নীতিসমূহৰ এটা " -+"লঘু সংস্কৰণ। ই ফায়াৰৱাললৈ কৰা পৰিবৰ্তনসমূহ সীমিত কৰে। লকডাউন হোৱাইটলিস্টত " -+"কমান্ডসমূহ, পৰিপ্ৰেক্ষতিত, ব্যৱহাৰকাৰীসকল আৰু ব্যৱহাৰকাৰী আইডিসমূহ থাকিব " -+"পাৰে।" - - #: ../src/firewall-config.glade.h:195 - msgid "" -@@ -1637,9 +1652,9 @@ msgid "" - "command lines starting with the command will match. If the '*' is not there " - "the absolute command inclusive arguments must match." - msgstr "" --"যদি ৱোহাইটলিস্টত এটা কমান্ড প্ৰৱিষ্টি এটা একস্টেৰিক্স '*' ৰ সৈতে অন্ত হয়, তেন্তে " --"কমান্ডৰ সৈতে আৰম্ভ হোৱা সকলো কমান্ড শাৰী মিল খাব। যদি '*' নাই সম্পূৰ্ণ কমান্ড " --"অন্তৰ্ভুক্ত তৰ্কসমূহ মিল খাব লাগিব।" -+"যদি ৱোহাইটলিস্টত এটা কমান্ড প্ৰৱিষ্টি এটা একস্টেৰিক্স '*' ৰ সৈতে অন্ত হয়, " -+"তেন্তে কমান্ডৰ সৈতে আৰম্ভ হোৱা সকলো কমান্ড শাৰী মিল খাব। যদি '*' নাই " -+"সম্পূৰ্ণ কমান্ড অন্তৰ্ভুক্ত তৰ্কসমূহ মিল খাব লাগিব।" - - #: ../src/firewall-config.glade.h:201 - msgid "Add Command Line" -@@ -1853,7 +1868,8 @@ msgstr "অনুগ্ৰহ কৰি এটা সমৃদ্ধ নিয় - - #: ../src/firewall-config.glade.h:255 - msgid "For host or network white or blacklisting deactivate the element." --msgstr "হস্ট অথবা নেটৱাৰ্ক হোৱাইট অথবা ব্লেকলিস্টিংৰ বাবে উপাদানক নিষ্ক্ৰিয় কৰক।" -+msgstr "" -+"হস্ট অথবা নেটৱাৰ্ক হোৱাইট অথবা ব্লেকলিস্টিংৰ বাবে উপাদানক নিষ্ক্ৰিয় কৰক।" - - #: ../src/firewall-config.glade.h:256 - msgid "Source:" -@@ -1881,11 +1897,11 @@ msgstr "উলোটা" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" --"ইয়াক সামৰ্থবান কৰিবলৈ কাৰ্য্য 'reject' আৰু পৰিয়াল 'ipv4' অথবা 'ipv6' হব লাগিব " --"(দুয়ো নহয়)।" -+"ইয়াক সামৰ্থবান কৰিবলৈ কাৰ্য্য 'reject' আৰু পৰিয়াল 'ipv4' অথবা 'ipv6' হব " -+"লাগিব (দুয়ো নহয়)।" - - #: ../src/firewall-config.glade.h:267 - msgid "with Type:" -diff --git a/po/bg.po b/po/bg.po -index 3c665f14233b..81d14c4e748a 100644 ---- a/po/bg.po -+++ b/po/bg.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # Valentin Laskov , 2012-2014 - msgid "" -@@ -9,14 +9,14 @@ msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" --"PO-Revision-Date: 2015-02-26 02:43+0000\n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=UTF-8\n" -+"Content-Transfer-Encoding: 8bit\n" -+"PO-Revision-Date: 2015-02-26 09:43+0000\n" - "Last-Translator: Copied by Zanata \n" - "Language-Team: Bulgarian (http://www.transifex.com/projects/p/firewalld/" - "language/bg/)\n" - "Language: bg\n" --"MIME-Version: 1.0\n" --"Content-Type: text/plain; charset=UTF-8\n" --"Content-Transfer-Encoding: 8bit\n" - "Plural-Forms: nplurals=2; plural=(n != 1);\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -200,7 +200,8 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" - "Зона '{zone}' е активна за връзка '{connection}' на интерфейс '{interface}'" - -@@ -640,8 +641,7 @@ msgstr "" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" - -@@ -1831,8 +1831,8 @@ msgstr "" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" - - #: ../src/firewall-config.glade.h:267 -diff --git a/po/bn_IN.po b/po/bn_IN.po -index 43914e6a7615..8b5a6269ae4a 100644 ---- a/po/bn_IN.po -+++ b/po/bn_IN.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # Saibal Ray, 2014 - # Jamil Ahmed , 2003 -@@ -14,14 +14,14 @@ msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" --"PO-Revision-Date: 2015-02-26 02:43+0000\n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=UTF-8\n" -+"Content-Transfer-Encoding: 8bit\n" -+"PO-Revision-Date: 2015-02-26 09:43+0000\n" - "Last-Translator: Copied by Zanata \n" - "Language-Team: Bengali (India) (http://www.transifex.com/projects/p/" - "firewalld/language/bn_IN/)\n" - "Language: bn_IN\n" --"MIME-Version: 1.0\n" --"Content-Type: text/plain; charset=UTF-8\n" --"Content-Transfer-Encoding: 8bit\n" - "Plural-Forms: nplurals=2; plural=(n != 1);\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -75,7 +75,8 @@ msgstr "শিল্ড ঊর্ধ্বে/নিম্নে অঞ্চল - #: ../src/firewall-applet.in:220 - msgid "Here you can select the zones used for Shields Up and Shields Down." - msgstr "" --"শিল্ড ঊর্ধ্ব এবং শিল্ড নিম্নের জন্য ব্যবহৃত অঞ্চলগুলি অাপনি এখানে নির্বাচন করতে পারবেন।" -+"শিল্ড ঊর্ধ্ব এবং শিল্ড নিম্নের জন্য ব্যবহৃত অঞ্চলগুলি অাপনি এখানে নির্বাচন " -+"করতে পারবেন।" - - #: ../src/firewall-applet.in:226 - msgid "" -@@ -83,7 +84,8 @@ msgid "" - "that are changing zones of connections, it might be of limited use." - msgstr "" - "অধিকাংশ ক্ষেত্রে ডিফল্ট অঞ্চল ব্যবহারকারীদের কাছে এই বৈশিষ্টটি উপযোগী। " --"ব্যবহারকারীদের জন্য, যা সংযোগের পরিবর্তনশীল অঞ্চল, ব্যবহার সীমাবদ্ধ হতে পারে।" -+"ব্যবহারকারীদের জন্য, যা সংযোগের পরিবর্তনশীল অঞ্চল, ব্যবহার সীমাবদ্ধ হতে " -+"পারে।" - - #: ../src/firewall-applet.in:235 - msgid "Shields Up Zone:" -@@ -205,7 +207,8 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" - "অঞ্চল '{zone}' '{connection}' সংযোগের জন্য সক্রিয়, '{interface}' ইন্টারফেসে" - -@@ -645,8 +648,7 @@ msgstr "ipv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" - "ইন্টারফেস ছদ্মবেশ ধারণ করলে শুধুমাত্র তখনই অন্য সিস্টেমে ফরোয়ার্ডিং উপযোগী।\n" -@@ -811,7 +813,8 @@ msgstr "পোর্ট ফরওয়ার্ডিং" - #: ../src/firewall-config.glade.h:23 - msgid "" - "Please select the source and destination options according to your needs." --msgstr "প্রয়োজন অনুসারে উৎস ও গন্তব্য সংক্রান্ত বিবিধ বিকল্পগুলি নির্বাচন করুন।" -+msgstr "" -+"প্রয়োজন অনুসারে উৎস ও গন্তব্য সংক্রান্ত বিবিধ বিকল্পগুলি নির্বাচন করুন।" - - #: ../src/firewall-config.glade.h:24 - msgid "Port / Port Range:" -@@ -834,8 +837,8 @@ msgid "" - "If you enable local forwarding, you have to specify a port. This port has to " - "be different to the source port." - msgstr "" --"স্থানীয়রূপে ফরওয়ার্ডিং করতে ইচ্ছুক হলে, একটি পোর্ট নির্দেশ করা আবশ্যক। উদ্দিষ্ট পোর্টটি " --"উৎস পোর্টের থেকে পৃথক হওয়া আবশ্যক।" -+"স্থানীয়রূপে ফরওয়ার্ডিং করতে ইচ্ছুক হলে, একটি পোর্ট নির্দেশ করা আবশ্যক। " -+"উদ্দিষ্ট পোর্টটি উৎস পোর্টের থেকে পৃথক হওয়া আবশ্যক।" - - #: ../src/firewall-config.glade.h:30 - msgid "Local forwarding" -@@ -943,9 +946,10 @@ msgid "" - "runtime configuration. i.e. all runtime only changes done until reload are " - "lost with reload if they have not been also in permanent configuration." - msgstr "" --"ফায়ারওয়াল নিয়ম পুনঃলোড করে। বর্তমান স্থায়ী কনফিগারেশন নতুন রানটাইম কনফিগারেশন " --"হবে। অর্থাৎ, পুনঃলোড পর্যন্ত হওয়া সমস্ত শুধুমাত্র রানটাইম পরিবর্তনগুলি পুনঃলোডের সাথে " --"নষ্ট হয়ে যায়। যদি না তারা স্থায়ী কনফিগারেশনেও থেকে থাকে।" -+"ফায়ারওয়াল নিয়ম পুনঃলোড করে। বর্তমান স্থায়ী কনফিগারেশন নতুন রানটাইম " -+"কনফিগারেশন হবে। অর্থাৎ, পুনঃলোড পর্যন্ত হওয়া সমস্ত শুধুমাত্র রানটাইম " -+"পরিবর্তনগুলি পুনঃলোডের সাথে নষ্ট হয়ে যায়। যদি না তারা স্থায়ী কনফিগারেশনেও " -+"থেকে থাকে।" - - #: ../src/firewall-config.glade.h:60 - msgid "Change which zone a network connection belongs to." -@@ -977,7 +981,8 @@ msgstr "" - - #: ../src/firewall-config.glade.h:68 - msgid "Panic mode means that all incoming and outgoing packets are dropped." --msgstr "প্যানিক মোডের অর্থ হল, সকল ইনকামিং এবং অাউটগোয়িং প্যাকেট ড্রপ করা হয়।" -+msgstr "" -+"প্যানিক মোডের অর্থ হল, সকল ইনকামিং এবং অাউটগোয়িং প্যাকেট ড্রপ করা হয়।" - - #: ../src/firewall-config.glade.h:69 - msgid "Panic Mode" -@@ -988,8 +993,8 @@ msgid "" - "Lockdown locks firewall configuration so that only applications on lockdown " - "whitelist are able to change it." - msgstr "" --"Lockdown ফায়ারওয়াল কনফিগারেশন লক করে, যাতে কিনা শুধুমাত্র lockdown whitelist এ " --"অ্যাপ্লিকেশন তার পরিবর্তন করতে পারে।" -+"Lockdown ফায়ারওয়াল কনফিগারেশন লক করে, যাতে কিনা শুধুমাত্র lockdown " -+"whitelist এ অ্যাপ্লিকেশন তার পরিবর্তন করতে পারে।" - - #: ../src/firewall-config.glade.h:71 - msgid "Lockdown" -@@ -1063,8 +1068,9 @@ msgid "" - "configuration. Permanent configuration will be active after service or " - "system reload or restart." - msgstr "" --"বর্তমানে দৃশ্যমান কনফিগারেশন। রানটাইম কনফিগারেশন হল প্রকৃত সক্রিয় কনফিগারেশন। " --"স্থায়ী কনফিগারেশন পরিষেবা বা সিস্টেম পুনঃলোড বা বন্ধ হয়ে চালু হওয়ার পরে সক্রিয় হবে।" -+"বর্তমানে দৃশ্যমান কনফিগারেশন। রানটাইম কনফিগারেশন হল প্রকৃত সক্রিয় " -+"কনফিগারেশন। স্থায়ী কনফিগারেশন পরিষেবা বা সিস্টেম পুনঃলোড বা বন্ধ হয়ে চালু " -+"হওয়ার পরে সক্রিয় হবে।" - - #: ../src/firewall-config.glade.h:88 - msgid "" -@@ -1074,10 +1080,11 @@ msgid "" - "filters and rich rules. The zone can be bound to interfaces and source " - "addresses." - msgstr "" --"একটি ফায়ারওয়াল দিয়ে ঘেরা অঞ্চল তার মধ্যস্ত নেটওয়ার্ক সংযোগ, ইন্টারফেস এবং সোর্স " --"ঠিকানার বিশ্বস্তের স্তরকে নির্ধারণ করে। অঞ্চলের মধ্যে অন্তর্ভুক্ত হল পরিষেবাদি, পোর্ট, " --"প্রোটোকল, ম্যাসকোয়ারডিং, পোর্ট/প্যাকেট ফরোয়ার্ডিং, icmp ফিল্টার এবং রিচ রুল। অঞ্চল " --"ইন্টারফেস এবং সোর্স ঠিকানার মধ্যে অাবদ্ধ থাকতে পারে।" -+"একটি ফায়ারওয়াল দিয়ে ঘেরা অঞ্চল তার মধ্যস্ত নেটওয়ার্ক সংযোগ, ইন্টারফেস " -+"এবং সোর্স ঠিকানার বিশ্বস্তের স্তরকে নির্ধারণ করে। অঞ্চলের মধ্যে অন্তর্ভুক্ত " -+"হল পরিষেবাদি, পোর্ট, প্রোটোকল, ম্যাসকোয়ারডিং, পোর্ট/প্যাকেট ফরোয়ার্ডিং, " -+"icmp ফিল্টার এবং রিচ রুল। অঞ্চল ইন্টারফেস এবং সোর্স ঠিকানার মধ্যে অাবদ্ধ " -+"থাকতে পারে।" - - #: ../src/firewall-config.glade.h:90 - msgid "Add Zone" -@@ -1101,9 +1108,9 @@ msgid "" - "are accessible from all hosts and networks that can reach the machine from " - "connections, interfaces and sources bound to this zone." - msgstr "" --"অঞ্চলে কোন পরিষেবাগুলি বিশ্বস্ত তা অাপনি এখানে নির্দিষ্ট করতে পারবেন। এই অঞ্চলের " --"সংযোগ, ইন্টারফেস এবং সোর্স থেকে মেশিনে পৌঁছাতে পারে এমন সকল হোস্ট এবং নেটওয়ার্ক " --"থেকে বিশ্বস্ত পরিষেবাগুলি অ্যাক্সেসযোগ্য।" -+"অঞ্চলে কোন পরিষেবাগুলি বিশ্বস্ত তা অাপনি এখানে নির্দিষ্ট করতে পারবেন। এই " -+"অঞ্চলের সংযোগ, ইন্টারফেস এবং সোর্স থেকে মেশিনে পৌঁছাতে পারে এমন সকল হোস্ট " -+"এবং নেটওয়ার্ক থেকে বিশ্বস্ত পরিষেবাগুলি অ্যাক্সেসযোগ্য।" - - #: ../src/firewall-config.glade.h:95 - msgid "Services" -@@ -1114,8 +1121,8 @@ msgid "" - "Add additional ports or port ranges, which need to be accessible for all " - "hosts or networks that can connect to the machine." - msgstr "" --"অতিরিক্ত পোর্ট বা পোর্ট রেঞ্জ যোগ করুন, যা মেশিনের সংগে সংযুক্ত করা যায় এমন সকল " --"হোস্ট বা নেটওয়ার্কের জন্য অ্যাক্সেস হওয়া প্রয়োজন।" -+"অতিরিক্ত পোর্ট বা পোর্ট রেঞ্জ যোগ করুন, যা মেশিনের সংগে সংযুক্ত করা যায় এমন " -+"সকল হোস্ট বা নেটওয়ার্কের জন্য অ্যাক্সেস হওয়া প্রয়োজন।" - - #: ../src/firewall-config.glade.h:97 - msgid "Add Port" -@@ -1169,9 +1176,10 @@ msgid "" - "network to the internet. Your local network will not be visible and the " - "hosts appear as a single address on the internet. Masquerading is IPv4 only." - msgstr "" --"স্থানীয় নেটওয়ার্ক, ইন্টারনেটের সাথে সংযুক্ত করার জন্য হোস্ট অথবা রাউটার প্রস্তুতির সময় " --"Masquerading সহয়াক। আপনার স্থানীয় নেটওয়ার্ক প্রকাশিত হবে না ও ইন্টারনেটে একটি " --"হোস্ট রূপে প্রস্তুত করা হবে। Masquerading শুধুমাত্র IPv4-র ক্ষেত্রে প্রযোজ্য।" -+"স্থানীয় নেটওয়ার্ক, ইন্টারনেটের সাথে সংযুক্ত করার জন্য হোস্ট অথবা রাউটার " -+"প্রস্তুতির সময় Masquerading সহয়াক। আপনার স্থানীয় নেটওয়ার্ক প্রকাশিত হবে না ও " -+"ইন্টারনেটে একটি হোস্ট রূপে প্রস্তুত করা হবে। Masquerading শুধুমাত্র IPv4-র " -+"ক্ষেত্রে প্রযোজ্য।" - - #: ../src/firewall-config.glade.h:109 - msgid "Masquerade zone" -@@ -1182,8 +1190,8 @@ msgid "" - "If you enable masquerading, IP forwarding will be enabled for your IPv4 " - "networks." - msgstr "" --"অাপনি ম্যাসকিউরেডিং সক্রিয় করলে, IP ফরোয়ার্ডিং অাপনার IPv4 নেটওয়ার্কগুলির জন্য " --"সক্রিয় করা হবে।" -+"অাপনি ম্যাসকিউরেডিং সক্রিয় করলে, IP ফরোয়ার্ডিং অাপনার IPv4 নেটওয়ার্কগুলির " -+"জন্য সক্রিয় করা হবে।" - - #: ../src/firewall-config.glade.h:111 - msgid "Masquerading" -@@ -1196,9 +1204,10 @@ msgid "" - "system is only useful if the interface is masqueraded. Port forwarding is " - "IPv4 only." - msgstr "" --"স্থানীয় সিস্টেমের মধ্যে অন্য পোর্টে অথবা স্থানীয় সিস্টেম থেকে অন্য সিস্টেমে পোর্ট " --"ফরওয়ার্ড করার জন্য মান লিখুন। ইন্টারফেস masquerade করা থাকলে পৃথক সিস্টেমে পোর্ট " --"ফরওয়ার্ড করা উপকারী হবে। পোর্ট ফরওয়ার্ডিং ব্যবস্থা শুধুমাত্র IPv4-র ক্ষেত্রে প্রযোজ্য।" -+"স্থানীয় সিস্টেমের মধ্যে অন্য পোর্টে অথবা স্থানীয় সিস্টেম থেকে অন্য সিস্টেমে " -+"পোর্ট ফরওয়ার্ড করার জন্য মান লিখুন। ইন্টারফেস masquerade করা থাকলে পৃথক " -+"সিস্টেমে পোর্ট ফরওয়ার্ড করা উপকারী হবে। পোর্ট ফরওয়ার্ডিং ব্যবস্থা শুধুমাত্র " -+"IPv4-র ক্ষেত্রে প্রযোজ্য।" - - #: ../src/firewall-config.glade.h:113 - msgid "Add Forward Port" -@@ -1219,17 +1228,17 @@ msgid "" - "messages like ping requests and replies." - msgstr "" - "ইন্টারনেট কন্ট্রোল মেসেজ প্রোটকল (ICMP) প্রয়োগ করে নেটওয়ার্কের মধ্যে উপস্থিত " --"কম্পিউটারগুলির মধ্যে ত্রুটি বার্তা আদান প্রদান করা হয়। উপরন্তু, বিবিধ তথ্য যেমন ping-র " --"অনুরোধ ও উত্তর প্রভৃতিও বিনিময় করার জন্য এটি ব্যবহৃত হয়।" -+"কম্পিউটারগুলির মধ্যে ত্রুটি বার্তা আদান প্রদান করা হয়। উপরন্তু, বিবিধ তথ্য " -+"যেমন ping-র অনুরোধ ও উত্তর প্রভৃতিও বিনিময় করার জন্য এটি ব্যবহৃত হয়।" - - #: ../src/firewall-config.glade.h:117 - msgid "" - "Mark the ICMP types in the list, which should be rejected. All other ICMP " - "types are allowed to pass the firewall. The default is no limitation." - msgstr "" --"প্রত্যাখ্যানের উদ্দেশ্যে, তালিকার মধ্যে ICMP-র ধরনগুলি চিহ্নিত করুন। অন্যান্য সকল ICMP-" --"র ধরনগুলি ফায়ারওয়ালের মধ্যে প্রবেশ করতে সক্ষম হবে। ডিফল্টরূপে কোনো প্রতিরোধ করা হয় " --"না।" -+"প্রত্যাখ্যানের উদ্দেশ্যে, তালিকার মধ্যে ICMP-র ধরনগুলি চিহ্নিত করুন। " -+"অন্যান্য সকল ICMP-র ধরনগুলি ফায়ারওয়ালের মধ্যে প্রবেশ করতে সক্ষম হবে। " -+"ডিফল্টরূপে কোনো প্রতিরোধ করা হয় না।" - - #: ../src/firewall-config.glade.h:118 - msgid "" -@@ -1270,8 +1279,9 @@ msgid "" - "Add entries to bind interfaces to the zone. If the interface will be used by " - "a connection, the zone will be set to the zone specified in the connection." - msgstr "" --"অঞ্চলে ইন্টারফেসগুলি অাবদ্ধ করতে এন্ট্রিগুলি যোগ করুন। ইন্টারফেস একটি সংযোগের দ্বারা " --"ব্যবহৃত হলে, অঞ্চল সংযোগের দ্বারা নির্দিষ্ট অঞ্চলে নির্দিষ্ট হবে।" -+"অঞ্চলে ইন্টারফেসগুলি অাবদ্ধ করতে এন্ট্রিগুলি যোগ করুন। ইন্টারফেস একটি " -+"সংযোগের দ্বারা ব্যবহৃত হলে, অঞ্চল সংযোগের দ্বারা নির্দিষ্ট অঞ্চলে নির্দিষ্ট " -+"হবে।" - - #: ../src/firewall-config.glade.h:127 - msgid "Add Interface" -@@ -1313,7 +1323,8 @@ msgid "" - "A firewalld service is a combination of ports, protocols, modules and " - "destination addresses." - msgstr "" --"একটি firewalld পরিষেবা হল পোর্ট, প্রোটোকল, মডিউল এবং গন্তব্য ঠিকানার সমন্বয়।" -+"একটি firewalld পরিষেবা হল পোর্ট, প্রোটোকল, মডিউল এবং গন্তব্য ঠিকানার " -+"সমন্বয়।" - - #: ../src/firewall-config.glade.h:139 - msgid "Add Service" -@@ -1369,8 +1380,9 @@ msgid "" - "the destination address and type. If both entries are empty, there is no " - "limitation." - msgstr "" --"অাপনি গন্তব্য ঠিকানাগুলি নির্দিষ্ট করলে, পরিষেবা এন্ট্রি গন্তব্য ঠিকানা এবং ধরনের " --"মধ্যেই সীমাবদ্ধ থাকবে। উভয় এন্ট্রিই খালি থাকলে, কোনো সীমাবদ্ধতা থাকে না।" -+"অাপনি গন্তব্য ঠিকানাগুলি নির্দিষ্ট করলে, পরিষেবা এন্ট্রি গন্তব্য ঠিকানা এবং " -+"ধরনের মধ্যেই সীমাবদ্ধ থাকবে। উভয় এন্ট্রিই খালি থাকলে, কোনো সীমাবদ্ধতা থাকে " -+"না।" - - #: ../src/firewall-config.glade.h:151 - msgid "IPv4:" -@@ -1385,8 +1397,8 @@ msgid "" - "Services can only be changed in the permanent configuration view. The " - "runtime configuration of services is fixed." - msgstr "" --"পরিষেবাগুলি শুধুমাত্র স্থায়ী কনফিগারেশন রূপে পরিবর্তন করা যেতে পারে। পরিষেবাগুলির " --"রানটাইম কনফিগারেশন নির্দিষ্ট।" -+"পরিষেবাগুলি শুধুমাত্র স্থায়ী কনফিগারেশন রূপে পরিবর্তন করা যেতে পারে। " -+"পরিষেবাগুলির রানটাইম কনফিগারেশন নির্দিষ্ট।" - - #: ../src/firewall-config.glade.h:154 - msgid "" -@@ -1446,8 +1458,8 @@ msgid "" - "A firewalld icmptype provides the information for an Internet Control " - "Message Protocol (ICMP) type for firewalld." - msgstr "" --"একটি firewalld icmptype, firewalld এর জন্য একটি ইন্টারনেট কন্ট্রোল মেসেজ প্রোটোকল " --"(ICMP) ধরনের জন্য তথ্য প্রদান করে।" -+"একটি firewalld icmptype, firewalld এর জন্য একটি ইন্টারনেট কন্ট্রোল মেসেজ " -+"প্রোটোকল (ICMP) ধরনের জন্য তথ্য প্রদান করে।" - - #: ../src/firewall-config.glade.h:167 - msgid "Add ICMP Type" -@@ -1474,8 +1486,8 @@ msgid "" - "ICMP Types can only be changed in the permanent configuration view. The " - "runtime configuration of ICMP Types is fixed." - msgstr "" --"ICMP ধরনগুলি শুধুমাত্র স্থায়ী কনফিগারেশন রূপে পরিবর্তন করা যেতে পারে। ICMP ধরনগুলির " --"রানটাইম কনফিগারেশন নির্দিষ্ট।" -+"ICMP ধরনগুলি শুধুমাত্র স্থায়ী কনফিগারেশন রূপে পরিবর্তন করা যেতে পারে। ICMP " -+"ধরনগুলির রানটাইম কনফিগারেশন নির্দিষ্ট।" - - #: ../src/firewall-config.glade.h:173 - msgid "" -@@ -1496,10 +1508,11 @@ msgid "" - "commands, parameters and targets. Direct configuration should be used only " - "as a last resort when it is not possible to use other firewalld features." - msgstr "" --"ডাইরেক্ট কনফিগারেশন ফায়ারওয়ালে অারো সরাসারি অ্যাক্সেস দেয়। এই বিকল্পের ক্ষেত্রে " --"ব্যবহারকারীকে প্রাথমিক iptables কনসেপ্ট, অর্থাৎ সারণী, চেন, কম্যান্ড, প্যারামিটার " --"এবং টার্গেট জানতে হবে। অন্যান্য firewalld বৈশিষ্ট্য ব্যবহার করা সম্ভব না হলে, " --"শুধুমাত্র তখনই শেষ মাধ্যম হিসাবে ডাইরেক্ট কনফিগারেশন ব্যবহার করা হবে।" -+"ডাইরেক্ট কনফিগারেশন ফায়ারওয়ালে অারো সরাসারি অ্যাক্সেস দেয়। এই বিকল্পের " -+"ক্ষেত্রে ব্যবহারকারীকে প্রাথমিক iptables কনসেপ্ট, অর্থাৎ সারণী, চেন, " -+"কম্যান্ড, প্যারামিটার এবং টার্গেট জানতে হবে। অন্যান্য firewalld বৈশিষ্ট্য " -+"ব্যবহার করা সম্ভব না হলে, শুধুমাত্র তখনই শেষ মাধ্যম হিসাবে ডাইরেক্ট " -+"কনফিগারেশন ব্যবহার করা হবে।" - - #: ../src/firewall-config.glade.h:176 - msgid "" -@@ -1507,9 +1520,9 @@ msgid "" - "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " - "bridges (ebtables)." - msgstr "" --"প্রত্যেক বিকল্পের ipv অার্গুমেন্ট ipv4 বা ipv6 বা eb হতে হবে। ipv4 এর ক্ষেত্রে এটি " --"হবে iptables, ipv6 এর ক্ষেত্রে ip6tables এবং eb এর ক্ষেত্রে ইথারনেট ব্রিজ " --"(ebtables)।" -+"প্রত্যেক বিকল্পের ipv অার্গুমেন্ট ipv4 বা ipv6 বা eb হতে হবে। ipv4 এর " -+"ক্ষেত্রে এটি হবে iptables, ipv6 এর ক্ষেত্রে ip6tables এবং eb এর ক্ষেত্রে " -+"ইথারনেট ব্রিজ (ebtables)।" - - #: ../src/firewall-config.glade.h:177 - msgid "Additional chains for use with rules." -@@ -1535,7 +1548,8 @@ msgstr "চেন" - msgid "" - "Add a rule with the arguments args to a chain in a table with a priority." - msgstr "" --"অগ্রাধিকার বিশিষ্ট একটি সারণীতে একটি চেনে অার্গুমেন্ট args সমেত একটি নিয়ম যোগ করুন।" -+"অগ্রাধিকার বিশিষ্ট একটি সারণীতে একটি চেনে অার্গুমেন্ট args সমেত একটি নিয়ম " -+"যোগ করুন।" - - #: ../src/firewall-config.glade.h:183 - msgid "" -@@ -1546,12 +1560,12 @@ msgid "" - "after another one, use a low priority for the first and a higher for the " - "following." - msgstr "" --"অগ্রাধিকার নিয়ম অর্ডার করতে ব্যবহার করা হয়। অগ্রাধিকার 0 এর অর্থ হল, চেনের উপরে " --"নিয়ম যোগ করুন, অপেক্ষাকৃত বেশি অগ্রাধিকারের ক্ষেত্রে নিয়ম অারো নীচের দিকে যোগ হতে " --"থাকবে। একই অগ্রাধিকারের নিয়মগুলি একই লেবেলে থাকে এবং এই নিয়মগুলির ক্রম নির্দিষ্ট " --"নয় এবং পরিবর্তিত হতে পারে। একটির পরে অার একটি নিয়ম যোগ হোক তা অাপনি নিশ্চিত " --"করতে চাইলে, প্রথমটির জন্য একটি কম অগ্রাধিকার ব্যবহার করুন এবং নিম্নলিখিতের জন্য " --"অপেক্ষাকৃত বেশি।" -+"অগ্রাধিকার নিয়ম অর্ডার করতে ব্যবহার করা হয়। অগ্রাধিকার 0 এর অর্থ হল, চেনের " -+"উপরে নিয়ম যোগ করুন, অপেক্ষাকৃত বেশি অগ্রাধিকারের ক্ষেত্রে নিয়ম অারো নীচের " -+"দিকে যোগ হতে থাকবে। একই অগ্রাধিকারের নিয়মগুলি একই লেবেলে থাকে এবং এই " -+"নিয়মগুলির ক্রম নির্দিষ্ট নয় এবং পরিবর্তিত হতে পারে। একটির পরে অার একটি " -+"নিয়ম যোগ হোক তা অাপনি নিশ্চিত করতে চাইলে, প্রথমটির জন্য একটি কম অগ্রাধিকার " -+"ব্যবহার করুন এবং নিম্নলিখিতের জন্য অপেক্ষাকৃত বেশি।" - - #: ../src/firewall-config.glade.h:184 - msgid "Add Rule" -@@ -1575,14 +1589,15 @@ msgid "" - "not placed in special chains. All iptables, ip6tables and ebtables options " - "can be used." - msgstr "" --"passthrough নিয়ম ফায়ারওয়াল দিয়ে সরাসারি চালনা করা হয় এবং বিশেষ চেনে রাখা হয় " --"না। সকল iptables, ip6tables এবং ebtables বিকল্প ব্যবহার করা যেতে পারে।" -+"passthrough নিয়ম ফায়ারওয়াল দিয়ে সরাসারি চালনা করা হয় এবং বিশেষ চেনে " -+"রাখা হয় না। সকল iptables, ip6tables এবং ebtables বিকল্প ব্যবহার করা যেতে " -+"পারে।" - - #: ../src/firewall-config.glade.h:189 - msgid "Please be careful with passthrough rules to not damage the firewall." - msgstr "" --"ফায়ারওয়াল যাতে ক্ষতিগস্থ না হয় তার জন্য অনুগ্রহ করে passthrough নিয়মের ক্ষেত্রে " --"যত্নবান হোন।" -+"ফায়ারওয়াল যাতে ক্ষতিগস্থ না হয় তার জন্য অনুগ্রহ করে passthrough নিয়মের " -+"ক্ষেত্রে যত্নবান হোন।" - - #: ../src/firewall-config.glade.h:190 - msgid "Add Passthrough" -@@ -1606,9 +1621,10 @@ msgid "" - "firewalld. It limits changes to the firewall. The lockdown whitelist can " - "contain commands, contexts, users and user ids." - msgstr "" --"লকডাউন বৈশিষ্ট্য firewalld এর জন্য ব্যবহারকারী এবং অ্যাপ্লিকেশন নীতির একটি ক্ষুদ্র " --"সংস্করণ। এটি ফায়ারওয়ালের পরিবর্তনগুলিকে সীমাবদ্ধ করে। লকডাউন হোয়াইটলিস্টের মধ্যে " --"কম্যান্ড, কনটেক্স, ব্যবহারকারী এবং ব্যবহারকারী অাইডি থাকতে পারে।" -+"লকডাউন বৈশিষ্ট্য firewalld এর জন্য ব্যবহারকারী এবং অ্যাপ্লিকেশন নীতির একটি " -+"ক্ষুদ্র সংস্করণ। এটি ফায়ারওয়ালের পরিবর্তনগুলিকে সীমাবদ্ধ করে। লকডাউন " -+"হোয়াইটলিস্টের মধ্যে কম্যান্ড, কনটেক্স, ব্যবহারকারী এবং ব্যবহারকারী অাইডি " -+"থাকতে পারে।" - - #: ../src/firewall-config.glade.h:195 - msgid "" -@@ -1639,9 +1655,9 @@ msgid "" - "command lines starting with the command will match. If the '*' is not there " - "the absolute command inclusive arguments must match." - msgstr "" --"whitelist এ কোনো কম্যান্ড এন্ট্রি তারকা চিহ্ন '*' দিয়ে সমাপ্ত হলে, কম্যান্ড দিয়ে শুরু " --"হওয়া সমস্ত কম্যান্ড লাইন মিলবে। '*' উপস্থিত না থাকলে, অার্গুমেন্ট সমেত চরম কম্যান্ড " --"অবশ্যই মিলতে হবে।" -+"whitelist এ কোনো কম্যান্ড এন্ট্রি তারকা চিহ্ন '*' দিয়ে সমাপ্ত হলে, কম্যান্ড " -+"দিয়ে শুরু হওয়া সমস্ত কম্যান্ড লাইন মিলবে। '*' উপস্থিত না থাকলে, " -+"অার্গুমেন্ট সমেত চরম কম্যান্ড অবশ্যই মিলতে হবে।" - - #: ../src/firewall-config.glade.h:201 - msgid "Add Command Line" -@@ -1832,7 +1848,8 @@ msgstr "ডাইরেক্ট নিয়ম" - #: ../src/firewall-config.glade.h:248 - msgid "Please select ipv and table, chain priority and enter the args." - msgstr "" --"অনুগ্রহ করে ipv এবং সারণী, চেন অগ্রাধিকার নির্বাচন করুন এবং args প্রবেশ করান।" -+"অনুগ্রহ করে ipv এবং সারণী, চেন অগ্রাধিকার নির্বাচন করুন এবং args প্রবেশ " -+"করান।" - - #: ../src/firewall-config.glade.h:249 - msgid "Priority:" -@@ -1857,7 +1874,8 @@ msgstr "অনুগ্রহ করে একটি সমৃদ্ধ নি - #: ../src/firewall-config.glade.h:255 - msgid "For host or network white or blacklisting deactivate the element." - msgstr "" --"হোস্ট বা নেটওয়ার্ক হোয়াইট বা কালো তালিকাভুক্তকরণের ক্ষেত্রে উপাদান নিষ্ক্রিয় করুন।" -+"হোস্ট বা নেটওয়ার্ক হোয়াইট বা কালো তালিকাভুক্তকরণের ক্ষেত্রে উপাদান " -+"নিষ্ক্রিয় করুন।" - - #: ../src/firewall-config.glade.h:256 - msgid "Source:" -@@ -1885,8 +1903,8 @@ msgstr "উল্টানো" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" - "এটিকে সক্ষম করতে হলে, অ্যাকশন 'রিজেক্ট' হতে হবে এবং ফ্যামিলি হয় 'ipv4' বা " - "'ipv6' (উভয়ই নয়) হতে হবে।" -diff --git a/po/ca.po b/po/ca.po -index 8017ec2bd40b..885cc55685ff 100644 ---- a/po/ca.po -+++ b/po/ca.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # Angels Sala , 2004 - # Josep Puigdemont , 2004-2006 -@@ -20,14 +20,14 @@ msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=UTF-8\n" -+"Content-Transfer-Encoding: 8bit\n" - "PO-Revision-Date: 2018-08-20 10:43+0000\n" - "Last-Translator: Robert Antoni Buj Gelonch \n" - "Language-Team: Catalan (http://www.transifex.com/projects/p/firewalld/" - "language/ca/)\n" - "Language: ca\n" --"MIME-Version: 1.0\n" --"Content-Type: text/plain; charset=UTF-8\n" --"Content-Transfer-Encoding: 8bit\n" - "Plural-Forms: nplurals=2; plural=(n != 1);\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -216,7 +216,8 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" - "La zona '{zone}' es troba activa per a la connexió '{connection}' en la " - "interfície '{interface}'" -@@ -662,8 +663,7 @@ msgstr "ipv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" - "El reenviament a un altre sistema tan sols és útil si la interfície de xarxa " -@@ -1443,8 +1443,8 @@ msgid "" - "Services can only be changed in the permanent configuration view. The " - "runtime configuration of services is fixed." - msgstr "" --"Els serveis es poden canviar únicament en la vista de configuració " --"permanent. La configuració en temps d'execució dels serveis és fixa." -+"Els serveis es poden canviar únicament en la vista de configuració permanent." -+" La configuració en temps d'execució dels serveis és fixa." - - #: ../src/firewall-config.glade.h:154 - msgid "" -@@ -1485,6 +1485,7 @@ msgstr "" - "no estiguin utilitzant l'opció de temps d'expiració, i també únicament " - "aquelles entrades que hagin estat afegides amb firewalld. Aquí no es " - "llistaran aquelles entrades que s'hagin afegit directament amb l'ordre ipset." -+"" - - #: ../src/firewall-config.glade.h:161 - msgid "" -@@ -1535,7 +1536,8 @@ msgstr "Carrega els valor predeterminats d'ICMP" - - #: ../src/firewall-config.glade.h:171 - msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." --msgstr "Especifiqueu si aquest tipus d'ICMP està disponible per IPv4 i/o IPv6." -+msgstr "" -+"Especifiqueu si aquest tipus d'ICMP està disponible per IPv4 i/o IPv6." - - #: ../src/firewall-config.glade.h:172 - msgid "" -@@ -1968,11 +1970,11 @@ msgstr "inverteix" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" --"Per habilitar-ho l'acció ha de ser «rebutja» i la família «ipv4» o " --"«ipv6» (no ambdós)." -+"Per habilitar-ho l'acció ha de ser «rebutja» i la família «ipv4» o «ipv6» " -+"(no ambdós)." - - #: ../src/firewall-config.glade.h:267 - msgid "with Type:" -diff --git a/po/cs.po b/po/cs.po -index 4b2420270bd6..f8949f5438c0 100644 ---- a/po/cs.po -+++ b/po/cs.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # Adam Pribyl , 2007-2010 - # zdenek , 2013 -@@ -20,20 +20,21 @@ - # Josef Hruška , 2016. #zanata - # Zdenek , 2016. #zanata - # Zdenek , 2017. #zanata -+# Eric Garver , 2018. #zanata - # Robert Chudý , 2018. #zanata - msgid "" - msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" --"PO-Revision-Date: 2018-04-05 08:32+0000\n" --"Last-Translator: Robert Chudý \n" --"Language-Team: Czech (http://www.transifex.com/projects/p/firewalld/language/" --"cs/)\n" --"Language: cs\n" - "MIME-Version: 1.0\n" - "Content-Type: text/plain; charset=UTF-8\n" - "Content-Transfer-Encoding: 8bit\n" -+"PO-Revision-Date: 2018-11-16 08:21+0000\n" -+"Last-Translator: Copied by Zanata \n" -+"Language-Team: Czech (http://www.transifex.com/projects/p/firewalld/language/" -+"cs/)\n" -+"Language: cs\n" - "Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -73,7 +74,7 @@ msgstr "Vyberte zónu pro připojení '%s'" - - #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3910 - msgid "Failed to set zone {zone} for connection {connection_name}" --msgstr "" -+msgstr "Nepodařilo se nastavit zónu {zone} pro připojení {connection_name}" - - #: ../src/firewall-applet.in:190 - #, c-format -@@ -218,7 +219,8 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" - "Zóna '{zone}' aktivní pro spojení '{connection}' přes rozhraní '{interface}'" - -@@ -662,12 +664,11 @@ msgstr "ipv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" --"Přeposílání na jiný systém je užitečné pouze pokud je rozhraní " --"maškarádované.\n" -+"Přeposílání na jiný systém je užitečné pouze pokud je rozhraní maškarádované." -+"\n" - "Přejete si zamaškarádovat tuto zónu?" - - #: ../src/firewall-config.in:5376 -@@ -966,6 +967,7 @@ msgstr "" - "Aktualizuje pravidla firewallu. Současná trvalá konfigurace se stane novou " - "běžící konfigurací. Tj. všechny změny provedeny v běžící konfiguraci budou " - "po této aktualizaci ztraceny, pokud již v trvalé konfiguraci předtím nebyly." -+"" - - #: ../src/firewall-config.glade.h:60 - msgid "Change which zone a network connection belongs to." -@@ -1223,8 +1225,8 @@ msgid "" - msgstr "" - "Přidat záznamy pro přeposílání portů buď z jednoho portu na druhý na " - "lokálním systému nebo z lokálního portu do portu na jiném systému. " --"Přeposílání na jiný systém je užitečné pouze pokud je rozhraní " --"maškarádované. Přeposílání portů funguje pouze na IPv4." -+"Přeposílání na jiný systém je užitečné pouze pokud je rozhraní maškarádované." -+" Přeposílání portů funguje pouze na IPv4." - - #: ../src/firewall-config.glade.h:113 - msgid "Add Forward Port" -@@ -1934,8 +1936,8 @@ msgstr "obrácený" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" - "K povolení tohoto musí být Akce nastavena na 'odmítnout' a Rodina buď 'IPv4' " - "nebo 'IPv6' (ne obojí)." -diff --git a/po/da.po b/po/da.po -index 415c16ee248c..8c5f0972e051 100644 ---- a/po/da.po -+++ b/po/da.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # Christian Rose , 2002 - # Keld Simonsen , 2002-2005 -@@ -14,14 +14,14 @@ msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=UTF-8\n" -+"Content-Transfer-Encoding: 8bit\n" - "PO-Revision-Date: 2018-09-20 10:43+0000\n" - "Last-Translator: scootergrisen \n" - "Language-Team: Danish (http://www.transifex.com/projects/p/firewalld/" - "language/da/)\n" - "Language: da\n" --"MIME-Version: 1.0\n" --"Content-Type: text/plain; charset=UTF-8\n" --"Content-Transfer-Encoding: 8bit\n" - "Plural-Forms: nplurals=2; plural=(n != 1);\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -207,7 +207,8 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" - "Zone '{zone}' aktiv for forbindelse '{connection}' på grænseflade " - "'{interface}'" -@@ -652,8 +653,7 @@ msgstr "ipv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" - "Videresending til et andet system er kun nyttigt hvis grænsefladen er " -@@ -1155,6 +1155,7 @@ msgstr "Porte" - msgid "Add protocols, which need to be accessible for all hosts or networks." - msgstr "" - "Tilføj protokoller som skal være tilgængelig for alle værter eller netværker." -+"" - - #: ../src/firewall-config.glade.h:102 - msgid "Add Protocol" -@@ -1483,6 +1484,7 @@ msgid "" - "IPSets can only be created or deleted in the permanent configuration view." - msgstr "" - "IP-sæt kan kun oprettes eller slettes i den permanente konfigurationsvisning." -+"" - - #: ../src/firewall-config.glade.h:166 - msgid "" -@@ -1908,6 +1910,7 @@ msgstr "Indtast venligst en rigregel." - msgid "For host or network white or blacklisting deactivate the element." - msgstr "" - "For værts- eller netværkshvidlistning eller -sortlisting deaktivér elementet." -+"" - - #: ../src/firewall-config.glade.h:256 - msgid "Source:" -@@ -1935,8 +1938,8 @@ msgstr "omvendt" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" - "For at aktivere, skal denne handling være 'afvis' og familje skal enten være " - "'ipv4' eller 'ipv6' (ikke begge)." -diff --git a/po/de.po b/po/de.po -index 6ce9a463b620..57f88852ead8 100644 ---- a/po/de.po -+++ b/po/de.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # Andreas Müller , 2003 - # Bernd Bartmann , 2004 -@@ -35,19 +35,20 @@ - # Robert Scheck , 2017. #zanata - # Roman Spirgi , 2017. #zanata - # Eric Garver , 2018. #zanata -+# Fabian Affolter , 2018. #zanata - msgid "" - msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" --"PO-Revision-Date: 2018-03-29 10:05+0000\n" --"Last-Translator: Eric Garver \n" --"Language-Team: German (http://www.transifex.com/projects/p/firewalld/" --"language/de/)\n" --"Language: de\n" - "MIME-Version: 1.0\n" - "Content-Type: text/plain; charset=UTF-8\n" - "Content-Transfer-Encoding: 8bit\n" -+"PO-Revision-Date: 2018-11-16 08:22+0000\n" -+"Last-Translator: Copied by Zanata \n" -+"Language-Team: German (http://www.transifex.com/projects/p/firewalld/" -+"language/de/)\n" -+"Language: de\n" - "Plural-Forms: nplurals=2; plural=(n != 1);\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -87,7 +88,7 @@ msgstr " Zone für Verbindung »%s« auswählen" - - #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3910 - msgid "Failed to set zone {zone} for connection {connection_name}" --msgstr "" -+msgstr "Fehler beim Angeben der Zone {zone} für Verbindung {connection_name}" - - #: ../src/firewall-applet.in:190 - #, c-format -@@ -110,7 +111,7 @@ msgid "" - "that are changing zones of connections, it might be of limited use." - msgstr "" - "Diese Funktion ist besonders nützlich für Benutzer, die hauptsächlich die " --"Standard-Zonen verwenden. Für Benutzer, die Verbindungs-Zonen ändern, ist es " -+"Standardzonen verwenden. Für Benutzer, die Verbindungs-Zonen ändern, ist es " - "möglicherweise nur bedingt nützlich." - - #: ../src/firewall-applet.in:235 -@@ -235,7 +236,8 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" - "'{zone}'-Zone aktiv für '{connection}'-Verbindung auf '{interface}'-" - "Schnittstelle" -@@ -267,7 +269,7 @@ msgstr "FirewallD neu geladen." - #: ../src/firewall-applet.in:986 - #, c-format - msgid "Default zone changed to '%s'." --msgstr "Standard-Zone geändert auf »%s«." -+msgstr "Standardzone geändert auf »%s«." - - #: ../src/firewall-applet.in:1005 - msgid "Network traffic is not blocked anymore." -@@ -328,6 +330,8 @@ msgid "" - "Failed to connect to firewalld. Please make sure that the service has been " - "started correctly and try again." - msgstr "" -+"Verbindung mit Firewall fehlgeschlagen. Stellen Sie sicher, dass der Dienst " -+"korrekt gestartet wurde, und versuchen Sie es erneut." - - #: ../src/firewall-config.in:95 - msgid "Changes applied." -@@ -369,23 +373,23 @@ msgstr "Benutzername" - - #: ../src/firewall-config.in:244 - msgid "User id" --msgstr "" -+msgstr "Benutzer-ID" - - #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 - msgid "Table" --msgstr "" -+msgstr "Tabelle" - - #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 - msgid "Chain" --msgstr "" -+msgstr "Kette" - - #: ../src/firewall-config.in:322 - msgid "Priority" --msgstr "" -+msgstr "Priorität" - - #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 - msgid "Args" --msgstr "" -+msgstr "Argumente" - - #: ../src/firewall-config.in:401 ../src/firewall-config.in:2329 - msgid "Runtime" -@@ -467,7 +471,7 @@ msgstr "Schnittstelle" - - #: ../src/firewall-config.in:936 - msgid "Comment" --msgstr "" -+msgstr "Kommentar" - - #: ../src/firewall-config.in:955 ../src/firewall-config.glade.h:27 - msgid "Source" -@@ -678,8 +682,7 @@ msgstr "ipv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" - "Die Weiterleitung an ein anderes System ist nur dann sinnvoll, wenn die " -@@ -935,7 +938,8 @@ msgstr "Grundlegende ICMP Typ-Einstellungen" - - #: ../src/firewall-config.glade.h:47 - msgid "Please configure base ICMP type settings:" --msgstr "Bitte konfigurieren Sie die grundlegenden Einstellungen des ICMP-Typs:" -+msgstr "" -+"Bitte konfigurieren Sie die grundlegenden Einstellungen des ICMP-Typs:" - - #: ../src/firewall-config.glade.h:48 - msgid "ICMP Type" -@@ -1065,7 +1069,7 @@ msgstr "Helfer" - - #: ../src/firewall-config.glade.h:78 - msgid "Direct Configuration" --msgstr "Direkte Konfiguration:" -+msgstr "Direkte Konfiguration" - - #: ../src/firewall-config.glade.h:79 - msgid "Lockdown Whitelist" -@@ -1081,7 +1085,7 @@ msgstr "_Hilfe" - - #: ../src/firewall-config.glade.h:82 - msgid "Change Zone" --msgstr "" -+msgstr "Zone ändern" - - #: ../src/firewall-config.glade.h:83 - msgid "Change zone of binding" -@@ -1151,9 +1155,9 @@ msgid "" - "are accessible from all hosts and networks that can reach the machine from " - "connections, interfaces and sources bound to this zone." - msgstr "" --"Hier können Sie definieren, welche Dienste in der Zone vertrauenswürdig " --"sind. Vertrauenswürdige Dienste sind zugänglich von allen Hosts und " --"Netzwerken, die den Rechner über mit dieser Zone verbundenen Verbindungen, " -+"Hier können Sie definieren, welche Dienste in der Zone vertrauenswürdig sind." -+" Vertrauenswürdige Dienste sind zugänglich von allen Hosts und Netzwerken, " -+"die den Rechner über mit dieser Zone verbundenen Verbindungen, " - "Schnittstellen und Quellen erreichen können." - - #: ../src/firewall-config.glade.h:95 -@@ -1702,9 +1706,9 @@ msgid "" - "contain commands, contexts, users and user ids." - msgstr "" - "Die Sperroption ist eine einfache Version von Benutzer- und " --"Anwendungsrichtlinien für firewalld. Sie begrenzt Änderungen an der " --"Firewall. Die Sperr-Positivliste kann Befehle, Kontexte, Benutzer und " --"Benutzer-IDs enthalten." -+"Anwendungsrichtlinien für firewalld. Sie begrenzt Änderungen an der Firewall." -+" Die Sperr-Positivliste kann Befehle, Kontexte, Benutzer und Benutzer-IDs " -+"enthalten." - - #: ../src/firewall-config.glade.h:195 - msgid "" -@@ -1801,7 +1805,7 @@ msgstr "Benutzerkennungen" - - #: ../src/firewall-config.glade.h:215 - msgid "Current default zone of the system." --msgstr "Aktuelle Standard-Zone des Systems" -+msgstr "Aktuelle Standardzone des Systems" - - #: ../src/firewall-config.glade.h:216 - msgctxt "" -@@ -1827,11 +1831,11 @@ msgstr "Sperrung:" - - #: ../src/firewall-config.glade.h:220 - msgid "Default Zone:" --msgstr "Standard-Zone:" -+msgstr "Standardzone:" - - #: ../src/firewall-config.glade.h:222 - msgid "Please enter an interface name:" --msgstr "" -+msgstr "Geben Sie einen Schnittstellennamen ein:" - - #: ../src/firewall-config.glade.h:223 - msgid "Base IPSet Settings" -@@ -1875,7 +1879,7 @@ msgstr "Bitte wählen Sie ein IPSet:" - - #: ../src/firewall-config.glade.h:234 - msgid "Please enter an ipset entry:" --msgstr "" -+msgstr "Geben Sie einen Ipset-Eintrag ein:" - - #: ../src/firewall-config.glade.h:235 - msgid "Log Denied" -@@ -1986,8 +1990,8 @@ msgstr "invertiert" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" - "Zum Aktivieren muss diese Aktion 'reject' sein und die Familie muss entweder " - "'ipv4' oder 'ipv6' sein (nicht beides)." -@@ -2034,7 +2038,7 @@ msgstr "Bitte einen Dienst auswählen." - - #: ../src/firewall-config.glade.h:297 - msgid "Please enter a source." --msgstr "" -+msgstr "Geben Sie eine Quelle ein." - - #: ../src/firewall-config.glade.h:298 - msgid "User ID" -diff --git a/po/el.po b/po/el.po -index 074c06562c1d..a90df214e121 100644 ---- a/po/el.po -+++ b/po/el.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # ioza1964, 2013 - # ioza1964, 2013 -@@ -17,14 +17,14 @@ msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=UTF-8\n" -+"Content-Transfer-Encoding: 8bit\n" - "PO-Revision-Date: 2016-01-04 12:27+0000\n" - "Last-Translator: Copied by Zanata \n" - "Language-Team: Greek (http://www.transifex.com/projects/p/firewalld/language/" - "el/)\n" - "Language: el\n" --"MIME-Version: 1.0\n" --"Content-Type: text/plain; charset=UTF-8\n" --"Content-Transfer-Encoding: 8bit\n" - "Plural-Forms: nplurals=2; plural=(n != 1);\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -210,7 +210,8 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" - "Ζώνη '{zone}' ενεργή για σύνδεση '{connection}' στην διεπαφή '{interface}'" - -@@ -650,8 +651,7 @@ msgstr "" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" - -@@ -1845,8 +1845,8 @@ msgstr "" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" - - #: ../src/firewall-config.glade.h:267 -diff --git a/po/en_GB.po b/po/en_GB.po -index d82e6bc1b0db..7fa66856c515 100644 ---- a/po/en_GB.po -+++ b/po/en_GB.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # Automatically generated, 2004 - # Bruce Cowan , 2010 -@@ -12,14 +12,14 @@ msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" --"PO-Revision-Date: 2015-02-26 02:44+0000\n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=UTF-8\n" -+"Content-Transfer-Encoding: 8bit\n" -+"PO-Revision-Date: 2015-02-26 09:44+0000\n" - "Last-Translator: Copied by Zanata \n" - "Language-Team: English (United Kingdom) (http://www.transifex.com/projects/p/" - "firewalld/language/en_GB/)\n" - "Language: en_GB\n" --"MIME-Version: 1.0\n" --"Content-Type: text/plain; charset=UTF-8\n" --"Content-Transfer-Encoding: 8bit\n" - "Plural-Forms: nplurals=2; plural=(n != 1);\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -202,9 +202,11 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - - #: ../src/firewall-applet.in:892 - msgid "Zone '{zone}' active for interface '{interface}'" -@@ -642,8 +644,7 @@ msgstr "ipv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" - -@@ -1839,8 +1840,8 @@ msgstr "inverted" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" - - #: ../src/firewall-config.glade.h:267 -diff --git a/po/es.po b/po/es.po -index 1afcb74cc187..ec804cc9924f 100644 ---- a/po/es.po -+++ b/po/es.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # beckerde , 2013 - # Claudio Rodrigo Pereyra Diaz , 2012-2013 -@@ -25,20 +25,21 @@ - # Máximo Castañeda Riloba , 2016. #zanata - # William Moreno Reyes , 2016. #zanata - # Máximo Castañeda Riloba , 2017. #zanata -+# Eric Garver , 2018. #zanata - # Máximo Castañeda Riloba , 2018. #zanata - msgid "" - msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" --"PO-Revision-Date: 2018-08-21 09:57+0000\n" --"Last-Translator: Máximo Castañeda Riloba \n" --"Language-Team: Spanish (http://www.transifex.com/projects/p/firewalld/" --"language/es/)\n" --"Language: es\n" - "MIME-Version: 1.0\n" - "Content-Type: text/plain; charset=UTF-8\n" - "Content-Transfer-Encoding: 8bit\n" -+"PO-Revision-Date: 2018-11-16 08:22+0000\n" -+"Last-Translator: Copied by Zanata \n" -+"Language-Team: Spanish (http://www.transifex.com/projects/p/firewalld/" -+"language/es/)\n" -+"Language: es\n" - "Plural-Forms: nplurals=2; plural=(n != 1);\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -225,7 +226,8 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" - "Zona '{zone}' activa para conexión '{connection}' en interfaz '{interface}'" - -@@ -317,8 +319,8 @@ msgid "" - "Failed to connect to firewalld. Please make sure that the service has been " - "started correctly and try again." - msgstr "" --"No se pudo conectar con firewalld. Asegúrese de que el servicio se ha " --"iniciado y vuelva a intentarlo." -+"Error al conectar con firewalld. Asegúrese de que el servicio se ha iniciado " -+"correctamente y vuelva a intentarlo." - - #: ../src/firewall-config.in:95 - msgid "Changes applied." -@@ -360,7 +362,7 @@ msgstr "Nombre de usuario" - - #: ../src/firewall-config.in:244 - msgid "User id" --msgstr "Id de usuario" -+msgstr "ID de usuario" - - #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 - msgid "Table" -@@ -593,7 +595,7 @@ msgstr "Zona '%s': El tipo ICMP '%s' no está disponible." - - #: ../src/firewall-config.in:3002 - msgid "Built-in zone, rename not supported." --msgstr " Zona incorporada, no se puede renombrar." -+msgstr "Zona incorporada, no se puede renombrar." - - #: ../src/firewall-config.in:3116 ../src/firewall-config.in:3614 - #: ../src/firewall-config.glade.h:270 -@@ -669,8 +671,7 @@ msgstr "ipv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" - "El reenvío a otro sistema sólo es útil si la interfaz es enmascarada.\n" -@@ -1179,6 +1180,7 @@ msgstr "Puertos" - msgid "Add protocols, which need to be accessible for all hosts or networks." - msgstr "" - "Añadir protocolos que deben ser accesibles para todos los servidores o redes." -+"" - - #: ../src/firewall-config.glade.h:102 - msgid "Add Protocol" -@@ -1442,8 +1444,8 @@ msgid "" - "Services can only be changed in the permanent configuration view. The " - "runtime configuration of services is fixed." - msgstr "" --"Los servicios sólo se pueden cambiar en la vista de configuración " --"permanente. La configuración de tiempo de ejecución de los servicios es fija." -+"Los servicios sólo se pueden cambiar en la vista de configuración permanente." -+" La configuración de tiempo de ejecución de los servicios es fija." - - #: ../src/firewall-config.glade.h:154 - msgid "" -@@ -1451,7 +1453,7 @@ msgid "" - "example IP addresses, port numbers or MAC addresses. " - msgstr "" - "Se puede usar un IPSet para crear listas blancas o negras, y puede contener " --"direcciones IP o MAC, o números puertos." -+"direcciones IP o MAC, o números puertos. " - - #: ../src/firewall-config.glade.h:155 - msgid "IPSet" -@@ -1553,10 +1555,10 @@ msgid "" - "therefore blocked by the firewall without the helper." - msgstr "" - "Hay un agente de seguimiento de conexiones ayudando con los protocolos que " --"usan diferentes flujos para la señalización y para la transferencia de " --"datos. Los datos se envían por puertos que no están relacionados con la " --"conexión de control y el cortafuegos los bloquearía sin la ayuda del agente " --"de seguimiento." -+"usan diferentes flujos para la señalización y para la transferencia de datos." -+" Los datos se envían por puertos que no están relacionados con la conexión " -+"de control y el cortafuegos los bloquearía sin la ayuda del agente de " -+"seguimiento." - - #: ../src/firewall-config.glade.h:174 - msgid "Define ports or port ranges, which are monitored by the helper." -@@ -1654,7 +1656,8 @@ msgstr "" - - #: ../src/firewall-config.glade.h:189 - msgid "Please be careful with passthrough rules to not damage the firewall." --msgstr "Tenga cuidado con las reglas passthrough para no dañar el cortafuegos." -+msgstr "" -+"Tenga cuidado con las reglas passthrough para no dañar el cortafuegos." - - #: ../src/firewall-config.glade.h:190 - msgid "Add Passthrough" -@@ -1843,7 +1846,7 @@ msgstr "Tamaño inicial del hash (valor predeterminado: 1024)" - - #: ../src/firewall-config.glade.h:231 - msgid "Max number of elements, default 65536" --msgstr "Máximo número de elementos; valor predeterminado: 65536 " -+msgstr "Máximo número de elementos; valor predeterminado: 65536" - - #: ../src/firewall-config.glade.h:232 - msgid "Please select an ipset:" -@@ -1851,7 +1854,7 @@ msgstr "Elija un IPSet" - - #: ../src/firewall-config.glade.h:234 - msgid "Please enter an ipset entry:" --msgstr "Introduzca un IPSet:" -+msgstr "Introduzca una entrada de ipset:" - - #: ../src/firewall-config.glade.h:235 - msgid "Log Denied" -@@ -1959,8 +1962,8 @@ msgstr "invertido" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" - "Para activar ésto, Acción debe ser 'reject' y Family 'ipv4' o 'ipv6' (no " - "ambas)." -diff --git a/po/et.po b/po/et.po -index db616243a5e0..7290cf63c57d 100644 ---- a/po/et.po -+++ b/po/et.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # mihkel , 2012 - # mihkel , 2012 -@@ -11,14 +11,14 @@ msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=UTF-8\n" -+"Content-Transfer-Encoding: 8bit\n" - "PO-Revision-Date: 2016-01-04 12:21+0000\n" - "Last-Translator: Copied by Zanata \n" - "Language-Team: Estonian (http://www.transifex.com/projects/p/firewalld/" - "language/et/)\n" - "Language: et\n" --"MIME-Version: 1.0\n" --"Content-Type: text/plain; charset=UTF-8\n" --"Content-Transfer-Encoding: 8bit\n" - "Plural-Forms: nplurals=2; plural=(n != 1);\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -199,7 +199,8 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" - - #: ../src/firewall-applet.in:892 -@@ -636,8 +637,7 @@ msgstr "" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" - -@@ -1805,8 +1805,8 @@ msgstr "" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" - - #: ../src/firewall-config.glade.h:267 -diff --git a/po/eu.po b/po/eu.po -index 45b4feaf99a4..5da623fbe0ac 100644 ---- a/po/eu.po -+++ b/po/eu.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # Asier Iturralde Sarasola , 2012 - # Mikel Olasagasti Uranga , 2013 -@@ -11,14 +11,14 @@ msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" --"PO-Revision-Date: 2015-02-26 02:43+0000\n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=UTF-8\n" -+"Content-Transfer-Encoding: 8bit\n" -+"PO-Revision-Date: 2015-02-26 09:43+0000\n" - "Last-Translator: Copied by Zanata \n" - "Language-Team: Basque (http://www.transifex.com/projects/p/firewalld/" - "language/eu/)\n" - "Language: eu\n" --"MIME-Version: 1.0\n" --"Content-Type: text/plain; charset=UTF-8\n" --"Content-Transfer-Encoding: 8bit\n" - "Plural-Forms: nplurals=2; plural=(n != 1);\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -199,7 +199,8 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" - - #: ../src/firewall-applet.in:892 -@@ -636,8 +637,7 @@ msgstr "" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" - -@@ -1805,8 +1805,8 @@ msgstr "" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" - - #: ../src/firewall-config.glade.h:267 -diff --git a/po/fi.po b/po/fi.po -index c03ccad05c32..878d63462a07 100644 ---- a/po/fi.po -+++ b/po/fi.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # Juhani Numminen , 2012-2013 - # Lauri Nurmi , 2004 -@@ -16,14 +16,14 @@ msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=UTF-8\n" -+"Content-Transfer-Encoding: 8bit\n" - "PO-Revision-Date: 2018-08-19 12:28+0000\n" - "Last-Translator: Jiri Grönroos \n" - "Language-Team: Finnish (http://www.transifex.com/projects/p/firewalld/" - "language/fi/)\n" - "Language: fi\n" --"MIME-Version: 1.0\n" --"Content-Type: text/plain; charset=UTF-8\n" --"Content-Transfer-Encoding: 8bit\n" - "Plural-Forms: nplurals=2; plural=(n != 1);\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -43,8 +43,7 @@ msgstr "Palomuuriasetukset" - #: ../config/firewall-config.desktop.in.h:4 - msgid "firewall;network;security;iptables;netfilter;" - msgstr "" --"palomuuri;verkko;tietoturva;suojaus;turva;firewall;network;security;iptables;" --"netfilter;" -+"palomuuri;verkko;tietoturva;suojaus;turva;firewall;network;security;iptables;netfilter;" - - #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 - #, c-format -@@ -208,9 +207,11 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" --"Alue '{zone}' aktiivisena yhteydelle '{connection}' liitännällä '{interface}'" -+"Alue '{zone}' aktiivisena yhteydelle '{connection}' liitännällä " -+"'{interface}'" - - #: ../src/firewall-applet.in:892 - msgid "Zone '{zone}' active for interface '{interface}'" -@@ -648,8 +649,7 @@ msgstr "ipv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" - "Välittäminen toiseen järjestelmään on hyödyllistä vain jos verkkoliitäntä on " -@@ -683,8 +683,7 @@ msgstr "Syötä ipv4- tai ipv6-osoite muodossa osoite[/maski]." - msgid "" - "The mask can be a network mask or a number for ipv4.\n" - "The mask is a number for ipv6." --msgstr "" --"Ipv4:n maski voi olla verkkomaski tai numero.\n" -+msgstr "Ipv4:n maski voi olla verkkomaski tai numero.\n" - "Ipv6:n maski on numero." - - #: ../src/firewall-config.in:5776 -@@ -1858,8 +1857,8 @@ msgstr "käänteinen" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" - - #: ../src/firewall-config.glade.h:267 -diff --git a/po/fr.po b/po/fr.po -index f8e9faeb3a7c..b6e99b05adb2 100644 ---- a/po/fr.po -+++ b/po/fr.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # <>, 2006 - # Alain PORTAL , 2007 -@@ -28,20 +28,21 @@ - # Eric Garver , 2017. #zanata - # Jean-Baptiste Holcroft , 2017. #zanata - # Laurent Bigonville , 2017. #zanata -+# Eric Garver , 2018. #zanata - # Jean-Baptiste Holcroft , 2018. #zanata - msgid "" - msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" --"PO-Revision-Date: 2018-10-02 09:02+0000\n" --"Last-Translator: Jean-Baptiste Holcroft \n" --"Language-Team: French (http://www.transifex.com/projects/p/firewalld/" --"language/fr/)\n" --"Language: fr\n" - "MIME-Version: 1.0\n" - "Content-Type: text/plain; charset=UTF-8\n" - "Content-Transfer-Encoding: 8bit\n" -+"PO-Revision-Date: 2018-11-16 08:23+0000\n" -+"Last-Translator: Copied by Zanata \n" -+"Language-Team: French (http://www.transifex.com/projects/p/firewalld/" -+"language/fr/)\n" -+"Language: fr\n" - "Plural-Forms: nplurals=2; plural=(n > 1);\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -94,7 +95,8 @@ msgstr "Configurer des zones à protection active/inactive" - - #: ../src/firewall-applet.in:220 - msgid "Here you can select the zones used for Shields Up and Shields Down." --msgstr "Vous pouvez choisir ici les zones avec protections active ou inactive." -+msgstr "" -+"Vous pouvez choisir ici les zones avec protections active ou inactive." - - #: ../src/firewall-applet.in:226 - msgid "" -@@ -227,7 +229,8 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" - "Zone « {zone} » active pour la connexion  « {connection} » sur l'interface " - "« {interface} »" -@@ -321,8 +324,8 @@ msgid "" - "Failed to connect to firewalld. Please make sure that the service has been " - "started correctly and try again." - msgstr "" --"N’a pas pu se connecter à firewalld. Veuillez vérifier que le service a été " --"correctement démarré et réessayez." -+"Impossible de se connecter à FirewallD. Vérifiez que le service a été " -+"démarré correctement, puis réessayez." - - #: ../src/firewall-config.in:95 - msgid "Changes applied." -@@ -380,7 +383,7 @@ msgstr "Priorité" - - #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 - msgid "Args" --msgstr "Paramètres" -+msgstr "Arguments" - - #: ../src/firewall-config.in:401 ../src/firewall-config.in:2329 - msgid "Runtime" -@@ -673,8 +676,7 @@ msgstr "ipv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" - "Rediriger vers un autre système est utile seulement si l'interface est " -@@ -687,7 +689,8 @@ msgstr "Service intégré, le renommage n'est pas pris en charge." - - #: ../src/firewall-config.in:5585 - msgid "Please enter an ipv4 address with the form address[/mask]." --msgstr "Veuillez saisir une adresse ipv4 avec l'adresse du formulaire [/mask]." -+msgstr "" -+"Veuillez saisir une adresse ipv4 avec l'adresse du formulaire [/mask]." - - #: ../src/firewall-config.in:5586 - msgid "The mask can be a network mask or a number." -@@ -695,7 +698,8 @@ msgstr "Le masque peut être un masque de réseau ou un numéro" - - #: ../src/firewall-config.in:5588 - msgid "Please enter an ipv6 address with the form address[/mask]." --msgstr "Veuillez saisir une adresse ipv6 avec l'adresse du formulaire [/mask]." -+msgstr "" -+"Veuillez saisir une adresse ipv6 avec l'adresse du formulaire [/mask]." - - #: ../src/firewall-config.in:5589 - msgid "The mask is a number." -@@ -1075,7 +1079,7 @@ msgstr "_Aide" - - #: ../src/firewall-config.glade.h:82 - msgid "Change Zone" --msgstr "Zone de liaison" -+msgstr "Modifier la zone" - - #: ../src/firewall-config.glade.h:83 - msgid "Change zone of binding" -@@ -1823,7 +1827,7 @@ msgstr "Zone par défaut :" - - #: ../src/firewall-config.glade.h:222 - msgid "Please enter an interface name:" --msgstr "Veuillez saisir un nom d’interface :" -+msgstr "Veuillez saisir un nom d'interface :" - - #: ../src/firewall-config.glade.h:223 - msgid "Base IPSet Settings" -@@ -1980,8 +1984,8 @@ msgstr "inversé" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" - "Pour activer ceci, Action doit être paramétré sur « reject » et Famille soit " - "sur « Ipv4 » ou « Ipv6 » (pas les deux)." -diff --git a/po/gl.po b/po/gl.po -index 6295712ce171..67244dfa5921 100644 ---- a/po/gl.po -+++ b/po/gl.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # Xosé , 2013 - # Xosé , 2013 -@@ -10,14 +10,14 @@ msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" --"PO-Revision-Date: 2015-02-26 02:45+0000\n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=UTF-8\n" -+"Content-Transfer-Encoding: 8bit\n" -+"PO-Revision-Date: 2015-02-26 09:45+0000\n" - "Last-Translator: Copied by Zanata \n" - "Language-Team: Galician (http://www.transifex.com/projects/p/firewalld/" - "language/gl/)\n" - "Language: gl\n" --"MIME-Version: 1.0\n" --"Content-Type: text/plain; charset=UTF-8\n" --"Content-Transfer-Encoding: 8bit\n" - "Plural-Forms: nplurals=2; plural=(n != 1);\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -201,7 +201,8 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" - "A zona «{zone}» está activa para a conexión «{connection}» na interface " - "«{interface}»" -@@ -643,8 +644,7 @@ msgstr "" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" - -@@ -1827,8 +1827,8 @@ msgstr "" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" - - #: ../src/firewall-config.glade.h:267 -diff --git a/po/gu.po b/po/gu.po -index e030e927ef50..8abe70304032 100644 ---- a/po/gu.po -+++ b/po/gu.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # Ankit Patel , 2014 - # Ankit Patel , 2004-2008 -@@ -15,14 +15,14 @@ msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" --"PO-Revision-Date: 2015-02-26 02:45+0000\n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=UTF-8\n" -+"Content-Transfer-Encoding: 8bit\n" -+"PO-Revision-Date: 2015-02-26 09:45+0000\n" - "Last-Translator: Copied by Zanata \n" - "Language-Team: Gujarati (http://www.transifex.com/projects/p/firewalld/" - "language/gu/)\n" - "Language: gu\n" --"MIME-Version: 1.0\n" --"Content-Type: text/plain; charset=UTF-8\n" --"Content-Transfer-Encoding: 8bit\n" - "Plural-Forms: nplurals=2; plural=(n != 1);\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -75,15 +75,16 @@ msgstr "શીલ્ડ અપ/ડાઉન વિસ્તારોને ર - - #: ../src/firewall-applet.in:220 - msgid "Here you can select the zones used for Shields Up and Shields Down." --msgstr "શીલ્ડ અપ અને શીલ્ડ ડાઉન માટે વાપરેલ વિસ્તારોને તમે અહિંયા પસંદ કરી શકો છો." -+msgstr "" -+"શીલ્ડ અપ અને શીલ્ડ ડાઉન માટે વાપરેલ વિસ્તારોને તમે અહિંયા પસંદ કરી શકો છો." - - #: ../src/firewall-applet.in:226 - msgid "" - "This feature is useful for people using the default zones mostly. For users, " - "that are changing zones of connections, it might be of limited use." - msgstr "" --"આ લક્ષણ મોટેભાગે મૂળભૂત વિસ્તારોની મદદથી લોકો માટે ઉપયોગી છે. વપરાશકર્તાઓ માટે, જોડાણો " --"માટે વિસ્તારોને બદલી રહ્યા છે, તે મર્યાદિત વપરાશ હોઇ શકે છે." -+"આ લક્ષણ મોટેભાગે મૂળભૂત વિસ્તારોની મદદથી લોકો માટે ઉપયોગી છે. વપરાશકર્તાઓ " -+"માટે, જોડાણો માટે વિસ્તારોને બદલી રહ્યા છે, તે મર્યાદિત વપરાશ હોઇ શકે છે." - - #: ../src/firewall-applet.in:235 - msgid "Shields Up Zone:" -@@ -205,8 +206,10 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" --msgstr "ઇન્ટરફેસ '{interface}' પર જોડાણ '{connection}' માટે વિસ્તાર '{zone}' સક્રિય" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" -+msgstr "" -+"ઇન્ટરફેસ '{interface}' પર જોડાણ '{connection}' માટે વિસ્તાર '{zone}' સક્રિય" - - #: ../src/firewall-applet.in:892 - msgid "Zone '{zone}' active for interface '{interface}'" -@@ -260,8 +263,8 @@ msgid "" - "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " - "interface '{interface}'" - msgstr "" --"ઇન્ટરફેસ '{interface}' પર જોડાણ '{connection}' માટે વિસ્તાર " --"'{zone}' {activated_deactivated}" -+"ઇન્ટરફેસ '{interface}' પર જોડાણ '{connection}' માટે વિસ્તાર '{zone}' " -+"{activated_deactivated}" - - #: ../src/firewall-applet.in:1047 - msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" -@@ -644,8 +647,7 @@ msgstr "ipv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "ફોર્વડીંગ એ ફક્ત બીજી સિસ્ટમ માટે ઉપયોગી છે જો ઇન્ટરફેસ માસ્કરેડ છે. " - -@@ -808,7 +810,8 @@ msgstr "પોર્ટ ફોરવર્ડીંગ" - #: ../src/firewall-config.glade.h:23 - msgid "" - "Please select the source and destination options according to your needs." --msgstr "મહેરબાની કરીને તમારી જરૂરીયાત અનુસાર સ્રોત અને અંતિમ મુકામ વિકલ્પો પસંદ કરો." -+msgstr "" -+"મહેરબાની કરીને તમારી જરૂરીયાત અનુસાર સ્રોત અને અંતિમ મુકામ વિકલ્પો પસંદ કરો." - - #: ../src/firewall-config.glade.h:24 - msgid "Port / Port Range:" -@@ -831,8 +834,8 @@ msgid "" - "If you enable local forwarding, you have to specify a port. This port has to " - "be different to the source port." - msgstr "" --"જો તમે સ્થાનિય આગળ ધપાવવાનું સક્રિય કરો, તો તમારે પોર્ટ સ્પષ્ટ કરવો પડે. આ પોર્ટ સ્રોત " --"પોર્ટથી અલગ હોવો જોઈએ." -+"જો તમે સ્થાનિય આગળ ધપાવવાનું સક્રિય કરો, તો તમારે પોર્ટ સ્પષ્ટ કરવો પડે. આ " -+"પોર્ટ સ્રોત પોર્ટથી અલગ હોવો જોઈએ." - - #: ../src/firewall-config.glade.h:30 - msgid "Local forwarding" -@@ -940,9 +943,10 @@ msgid "" - "runtime configuration. i.e. all runtime only changes done until reload are " - "lost with reload if they have not been also in permanent configuration." - msgstr "" --"ફાયરવોલ નિયમોને પુન:લાવો. વર્તમાન કાયમી રૂપરેખાંકન એ નવી રનટાઇમ રૂપરેખાંકન બનાવશે. એટલે " --"કે બધી રનટાઇમ એ ફક્ત ફેરફારો પૂર્ણ કર્યા જ્યાં સુધી ફરી લાવવાનું એ ફરી લાવવા સાથે ગુમ થઇ " --"જાય જો તેઓ કાયમી રૂપરેખાંકનમાં પણ ન આવ્યા હોય." -+"ફાયરવોલ નિયમોને પુન:લાવો. વર્તમાન કાયમી રૂપરેખાંકન એ નવી રનટાઇમ રૂપરેખાંકન " -+"બનાવશે. એટલે કે બધી રનટાઇમ એ ફક્ત ફેરફારો પૂર્ણ કર્યા જ્યાં સુધી ફરી " -+"લાવવાનું એ ફરી લાવવા સાથે ગુમ થઇ જાય જો તેઓ કાયમી રૂપરેખાંકનમાં પણ ન આવ્યા " -+"હોય." - - #: ../src/firewall-config.glade.h:60 - msgid "Change which zone a network connection belongs to." -@@ -985,8 +989,8 @@ msgid "" - "Lockdown locks firewall configuration so that only applications on lockdown " - "whitelist are able to change it." - msgstr "" --"લૉકડાઉન ફાયરવોલ રૂપરેખાંકનને તાળુ મારે છે તેથી ફક્ત લૉકડાઉન સફેદયાદી પર ફક્ત કાર્યક્રમો એ " --"તેને બદલવા સક્ષમ છે." -+"લૉકડાઉન ફાયરવોલ રૂપરેખાંકનને તાળુ મારે છે તેથી ફક્ત લૉકડાઉન સફેદયાદી પર ફક્ત " -+"કાર્યક્રમો એ તેને બદલવા સક્ષમ છે." - - #: ../src/firewall-config.glade.h:71 - msgid "Lockdown" -@@ -1060,8 +1064,8 @@ msgid "" - "configuration. Permanent configuration will be active after service or " - "system reload or restart." - msgstr "" --"હાલમાં દૃશ્યમાન રૂપરેખાંકન. રનટાઇમ રૂપરેખાંકન એ ચોક્કસ સક્રિય રૂપરેખાંકન છે. કાયમી રૂપરેખાંકન " --"સેવા પછી સક્રિય થશે અથવા સિસ્ટમ રિલોડ અથવા પુન:શરૂ થાય છે." -+"હાલમાં દૃશ્યમાન રૂપરેખાંકન. રનટાઇમ રૂપરેખાંકન એ ચોક્કસ સક્રિય રૂપરેખાંકન છે. " -+"કાયમી રૂપરેખાંકન સેવા પછી સક્રિય થશે અથવા સિસ્ટમ રિલોડ અથવા પુન:શરૂ થાય છે." - - #: ../src/firewall-config.glade.h:88 - msgid "" -@@ -1071,10 +1075,11 @@ msgid "" - "filters and rich rules. The zone can be bound to interfaces and source " - "addresses." - msgstr "" --"firewalld વિસ્તાર એ નેટવર્ક જોડાણો, ઇન્ટરફેસ અને વિસ્તારમાં સરનામાં બાઉન્ડ માટે " --"વિસ્તારનાં સ્તરને વ્યાખ્યાયિત કરે છે. વિસ્તાર એ સેવાઓ, પોર્ટ, પ્રોટોકોલ, માસ્કરેડીંગ, પોર્ટ/" --"પેકેટ ફોર્વડીંગ, icmp ફિલ્ટરો અને કિંમતી નિયમોને બેગુ કરે છે. વિસ્તાર ઇન્ટરફેસ અને સ્ત્રોત " --"સરનામાંને બાઉન્ડ કરી શકે છે." -+"firewalld વિસ્તાર એ નેટવર્ક જોડાણો, ઇન્ટરફેસ અને વિસ્તારમાં સરનામાં બાઉન્ડ " -+"માટે વિસ્તારનાં સ્તરને વ્યાખ્યાયિત કરે છે. વિસ્તાર એ સેવાઓ, પોર્ટ, " -+"પ્રોટોકોલ, માસ્કરેડીંગ, પોર્ટ/પેકેટ ફોર્વડીંગ, icmp ફિલ્ટરો અને કિંમતી " -+"નિયમોને બેગુ કરે છે. વિસ્તાર ઇન્ટરફેસ અને સ્ત્રોત સરનામાંને બાઉન્ડ કરી શકે " -+"છે." - - #: ../src/firewall-config.glade.h:90 - msgid "Add Zone" -@@ -1098,9 +1103,9 @@ msgid "" - "are accessible from all hosts and networks that can reach the machine from " - "connections, interfaces and sources bound to this zone." - msgstr "" --"અહિંયા તમે વ્યાખ્યાયત કરી શકો છો કે જે સેવાઓ વિસ્તારમાં વિશ્ર્વાસપાત્ર છે. વિશ્ર્વાસપાત્ર " --"સેવાઓ બધા યજમાનો અને નેટવર્કોમાંથી વાપરી શકાય છે કે જે જોડાણો, ઇન્ટરફેસ અને આ વિસ્તારમાં " --"સ્ત્રોત બાઉન્ડ સુધી પહોંચી શકાય છે." -+"અહિંયા તમે વ્યાખ્યાયત કરી શકો છો કે જે સેવાઓ વિસ્તારમાં વિશ્ર્વાસપાત્ર છે. " -+"વિશ્ર્વાસપાત્ર સેવાઓ બધા યજમાનો અને નેટવર્કોમાંથી વાપરી શકાય છે કે જે " -+"જોડાણો, ઇન્ટરફેસ અને આ વિસ્તારમાં સ્ત્રોત બાઉન્ડ સુધી પહોંચી શકાય છે." - - #: ../src/firewall-config.glade.h:95 - msgid "Services" -@@ -1111,8 +1116,8 @@ msgid "" - "Add additional ports or port ranges, which need to be accessible for all " - "hosts or networks that can connect to the machine." - msgstr "" --"વધારાનાં પોર્ટ અને પોર્ટ સીમાઓને ઉમેરો, કે જે બધા યજમાનો અથવા નેટવર્કો માટે વાપરવાની " --"જરૂર છે કે જે મશીન માટે જોડાઇ શકે છે." -+"વધારાનાં પોર્ટ અને પોર્ટ સીમાઓને ઉમેરો, કે જે બધા યજમાનો અથવા નેટવર્કો માટે " -+"વાપરવાની જરૂર છે કે જે મશીન માટે જોડાઇ શકે છે." - - #: ../src/firewall-config.glade.h:97 - msgid "Add Port" -@@ -1166,9 +1171,10 @@ msgid "" - "network to the internet. Your local network will not be visible and the " - "hosts appear as a single address on the internet. Masquerading is IPv4 only." - msgstr "" --"માસ્કરેડીંગ તમને યજમાન અથવા રાઉટર સુયોજીત કરવા માટે પરવાનગી આપે છે કે જે તમારા સ્થાનિક " --"નેટવર્કને ઈન્ટરનેટ સાથે જોડે. તમારું સ્થાનિક નેટવર્ક દૃશ્યમાન હશે નહિં અને ઈન્ટરનેટ માટે એક " --"યજમાન તરીકે દેખાશે. માસ્કરેડીંગ એ માત્ર IPv4 હોય છે." -+"માસ્કરેડીંગ તમને યજમાન અથવા રાઉટર સુયોજીત કરવા માટે પરવાનગી આપે છે કે જે " -+"તમારા સ્થાનિક નેટવર્કને ઈન્ટરનેટ સાથે જોડે. તમારું સ્થાનિક નેટવર્ક દૃશ્યમાન " -+"હશે નહિં અને ઈન્ટરનેટ માટે એક યજમાન તરીકે દેખાશે. માસ્કરેડીંગ એ માત્ર IPv4 " -+"હોય છે." - - #: ../src/firewall-config.glade.h:109 - msgid "Masquerade zone" -@@ -1179,7 +1185,8 @@ msgid "" - "If you enable masquerading, IP forwarding will be enabled for your IPv4 " - "networks." - msgstr "" --"જો તમે માસ્કરેડીંગને સક્રિય કરો તો, IP ફોર્વડીંગ એ તમારાં IPv4 નેટવર્કો માટે સક્રિય થશે." -+"જો તમે માસ્કરેડીંગને સક્રિય કરો તો, IP ફોર્વડીંગ એ તમારાં IPv4 નેટવર્કો " -+"માટે સક્રિય થશે." - - #: ../src/firewall-config.glade.h:111 - msgid "Masquerading" -@@ -1192,9 +1199,10 @@ msgid "" - "system is only useful if the interface is masqueraded. Port forwarding is " - "IPv4 only." - msgstr "" --"સ્થાનિક સિસ્ટમ પર એક પોર્ટમાંથી અન્ય પર પોર્ટો આગળ ધપાવવા માટે કે સ્થાનિક સિસ્ટમમાંથી " --"અન્ય સિસ્ટમ પર આગળ ધપાવવા માટે પ્રવેશો ઉમેરો. અન્ય સિસ્ટમમાં આગળ ધપાવવાનું એ માત્ર ત્યારે " --"જ ઉપયોગી છે જો ઈન્ટરફેસ માસ્કરેડ થયેલ હોય. પોર્ટ આગળ ધપાવવાનું એ માત્ર IPv4 છે." -+"સ્થાનિક સિસ્ટમ પર એક પોર્ટમાંથી અન્ય પર પોર્ટો આગળ ધપાવવા માટે કે સ્થાનિક " -+"સિસ્ટમમાંથી અન્ય સિસ્ટમ પર આગળ ધપાવવા માટે પ્રવેશો ઉમેરો. અન્ય સિસ્ટમમાં આગળ " -+"ધપાવવાનું એ માત્ર ત્યારે જ ઉપયોગી છે જો ઈન્ટરફેસ માસ્કરેડ થયેલ હોય. પોર્ટ " -+"આગળ ધપાવવાનું એ માત્ર IPv4 છે." - - #: ../src/firewall-config.glade.h:113 - msgid "Add Forward Port" -@@ -1214,17 +1222,17 @@ msgid "" - "messages between networked computers, but additionally for informational " - "messages like ping requests and replies." - msgstr "" --"Internet Control Message Protocol (ICMP) એ મુખ્યત્વે નેટવર્ક કમ્પ્યૂટરો વચ્ચે ભૂલ સંદેશાઓ " --"મોકલવા માટે વપરાય છે, પરંતુ વધુમાં જાણકારી સંદેશાઓ માટે જેમ કે પીંગ અરજીઓ અને પ્રત્યુત્તરો " --"માટે." -+"Internet Control Message Protocol (ICMP) એ મુખ્યત્વે નેટવર્ક કમ્પ્યૂટરો " -+"વચ્ચે ભૂલ સંદેશાઓ મોકલવા માટે વપરાય છે, પરંતુ વધુમાં જાણકારી સંદેશાઓ માટે " -+"જેમ કે પીંગ અરજીઓ અને પ્રત્યુત્તરો માટે." - - #: ../src/firewall-config.glade.h:117 - msgid "" - "Mark the ICMP types in the list, which should be rejected. All other ICMP " - "types are allowed to pass the firewall. The default is no limitation." - msgstr "" --"ICMP પ્રકારોને યાદીમાં ચિહ્નિત કરો, કે જેઓ નકારાવા જોઈએ. બાકીના બધા ICMP પ્રકારો " --"ફાયરવોલ પસાર કરવા માટે માન્ય છે. મૂળભૂત એ કોઈ મર્યાદા નથી." -+"ICMP પ્રકારોને યાદીમાં ચિહ્નિત કરો, કે જેઓ નકારાવા જોઈએ. બાકીના બધા ICMP " -+"પ્રકારો ફાયરવોલ પસાર કરવા માટે માન્ય છે. મૂળભૂત એ કોઈ મર્યાદા નથી." - - #: ../src/firewall-config.glade.h:118 - msgid "" -@@ -1265,8 +1273,8 @@ msgid "" - "Add entries to bind interfaces to the zone. If the interface will be used by " - "a connection, the zone will be set to the zone specified in the connection." - msgstr "" --"વિસ્તારમાં ઇન્ટરફેસને બાઇન્ડ કરવા માટે નોંધણીને ઉમેરો. જો ઇન્ટરફેસ એ જોડાણ દ્દારા વાપરેલ " --"હશે, વિસ્તાર એ જોડાણનાં ખાસ વિસ્તારમાં સુયોજિત હશે." -+"વિસ્તારમાં ઇન્ટરફેસને બાઇન્ડ કરવા માટે નોંધણીને ઉમેરો. જો ઇન્ટરફેસ એ જોડાણ " -+"દ્દારા વાપરેલ હશે, વિસ્તાર એ જોડાણનાં ખાસ વિસ્તારમાં સુયોજિત હશે." - - #: ../src/firewall-config.glade.h:127 - msgid "Add Interface" -@@ -1307,7 +1315,9 @@ msgstr "વિસ્તારો" - msgid "" - "A firewalld service is a combination of ports, protocols, modules and " - "destination addresses." --msgstr "firewalld સેવા એર પોર્ટ, પ્રોટોકોલ, મોડ્યુલો અને લક્ષ્ય સરનામાંનું સંયોજન છે." -+msgstr "" -+"firewalld સેવા એર પોર્ટ, પ્રોટોકોલ, મોડ્યુલો અને લક્ષ્ય સરનામાંનું સંયોજન છે." -+"" - - #: ../src/firewall-config.glade.h:139 - msgid "Add Service" -@@ -1363,8 +1373,8 @@ msgid "" - "the destination address and type. If both entries are empty, there is no " - "limitation." - msgstr "" --"જો તમે લક્ષ્ય સરનામાંને સ્પષ્ટ કરો તો, સેવા પ્રવેશ એ લક્ષ્ય સરનામાં અને પ્રકારને મર્યાદિત " --"કરશે. જો બંને નોંધણી ખાલી હોય તો, ત્યાં મર્યાદા નથી." -+"જો તમે લક્ષ્ય સરનામાંને સ્પષ્ટ કરો તો, સેવા પ્રવેશ એ લક્ષ્ય સરનામાં અને " -+"પ્રકારને મર્યાદિત કરશે. જો બંને નોંધણી ખાલી હોય તો, ત્યાં મર્યાદા નથી." - - #: ../src/firewall-config.glade.h:151 - msgid "IPv4:" -@@ -1379,7 +1389,8 @@ msgid "" - "Services can only be changed in the permanent configuration view. The " - "runtime configuration of services is fixed." - msgstr "" --"સેવાઓ ફક્ત કાયમી રૂપરેખાંકન દૃશ્યમાં બદલી શકાય છે. સેવાઓની રનટાઇમ રૂપરેખાંકન સુધારેલ છે." -+"સેવાઓ ફક્ત કાયમી રૂપરેખાંકન દૃશ્યમાં બદલી શકાય છે. સેવાઓની રનટાઇમ રૂપરેખાંકન " -+"સુધારેલ છે." - - #: ../src/firewall-config.glade.h:154 - msgid "" -@@ -1467,8 +1478,8 @@ msgid "" - "ICMP Types can only be changed in the permanent configuration view. The " - "runtime configuration of ICMP Types is fixed." - msgstr "" --"ICMP પ્રકારો ફક્ત કાયમી રૂપરેખાંકન દૃશ્યમાં બદલી શકાય છે. ICMP પ્રકારોની રનટાઇમ " --"રૂપરેખાંકન સુધારેલ છે." -+"ICMP પ્રકારો ફક્ત કાયમી રૂપરેખાંકન દૃશ્યમાં બદલી શકાય છે. ICMP પ્રકારોની " -+"રનટાઇમ રૂપરેખાંકન સુધારેલ છે." - - #: ../src/firewall-config.glade.h:173 - msgid "" -@@ -1489,10 +1500,10 @@ msgid "" - "commands, parameters and targets. Direct configuration should be used only " - "as a last resort when it is not possible to use other firewalld features." - msgstr "" --"સીધુ રૂપરેખાંકન એ firewall માં સીધો વપરાશ આપે છે. આ વિકલ્પો એ મૂળ iptables ખ્યાલોને " --"જાણવા વપરાશકર્તાને જરૂરી છે એટલે કે કોષ્ટકો, કતારો, આદેશો, પરિમાણો અને લક્ષ્યો. સીધુ " --"રૂપરેખાંકન એ છેલ્લા પુન:ક્રમાંકિત તરીકે ફક્ત વાપરવુ જોઇએ જ્યારે તે બીજા firewalld લક્ષણોને " --"વાપરવા શક્ય નથી." -+"સીધુ રૂપરેખાંકન એ firewall માં સીધો વપરાશ આપે છે. આ વિકલ્પો એ મૂળ iptables " -+"ખ્યાલોને જાણવા વપરાશકર્તાને જરૂરી છે એટલે કે કોષ્ટકો, કતારો, આદેશો, પરિમાણો " -+"અને લક્ષ્યો. સીધુ રૂપરેખાંકન એ છેલ્લા પુન:ક્રમાંકિત તરીકે ફક્ત વાપરવુ જોઇએ " -+"જ્યારે તે બીજા firewalld લક્ષણોને વાપરવા શક્ય નથી." - - #: ../src/firewall-config.glade.h:176 - msgid "" -@@ -1501,8 +1512,8 @@ msgid "" - "bridges (ebtables)." - msgstr "" - "દરેક વિકલ્પની ipv દલીલ એ ipv4 અથવા ipv6 અથવા eb હોવી જ જોઇએ. ipv4 સાથે તે " --"iptables માટે હશે, ipv6 સાથે ip6tables માટે હશે અને eb સાથે ઇથરનેટ બ્રિજ માટે હશે " --"(ebtables)." -+"iptables માટે હશે, ipv6 સાથે ip6tables માટે હશે અને eb સાથે ઇથરનેટ બ્રિજ " -+"માટે હશે (ebtables)." - - #: ../src/firewall-config.glade.h:177 - msgid "Additional chains for use with rules." -@@ -1538,10 +1549,11 @@ msgid "" - "after another one, use a low priority for the first and a higher for the " - "following." - msgstr "" --"પ્રાધાન્ય નિયમોને ક્રમાંકિત કરવા વાપરેલ છે. પ્રાધાન્ય 0 નો મતલબ થાય કે કતારની ટોચ પર " --"નિયમને ઉમેરો, ઉચ્ચ પ્રાધાન્ય સાથે નિયમ આગળ ઉમેરાશે. એજ પ્રાધાન્ય સાથે નિયમો એજ સ્તર પર છે " --"અને આ નિયમોનો ક્રમ સુધારેલ નથી અને બદલી શકાય છે. જો તમે ખાતરી કરવા માંગો તો નિયમ " --"બીજા એક પછી ઉમેરાશે, પહેલી માટે નીચા પ્રાધાન્યને વાપરો અને નીચેનાં માટે ઉચ્ચ." -+"પ્રાધાન્ય નિયમોને ક્રમાંકિત કરવા વાપરેલ છે. પ્રાધાન્ય 0 નો મતલબ થાય કે " -+"કતારની ટોચ પર નિયમને ઉમેરો, ઉચ્ચ પ્રાધાન્ય સાથે નિયમ આગળ ઉમેરાશે. એજ " -+"પ્રાધાન્ય સાથે નિયમો એજ સ્તર પર છે અને આ નિયમોનો ક્રમ સુધારેલ નથી અને બદલી " -+"શકાય છે. જો તમે ખાતરી કરવા માંગો તો નિયમ બીજા એક પછી ઉમેરાશે, પહેલી માટે " -+"નીચા પ્રાધાન્યને વાપરો અને નીચેનાં માટે ઉચ્ચ." - - #: ../src/firewall-config.glade.h:184 - msgid "Add Rule" -@@ -1565,12 +1577,13 @@ msgid "" - "not placed in special chains. All iptables, ip6tables and ebtables options " - "can be used." - msgstr "" --"પાસથ્રુ નિયમો એ સીધુ firewall મારફતે પસાર થયેલ છે અને ખાસ કતારોમાં સ્થિત થયેલ છે. બધા " --"iptables, ip6tables અને ebtables વિકલ્પોને વાપરી શકાય છે." -+"પાસથ્રુ નિયમો એ સીધુ firewall મારફતે પસાર થયેલ છે અને ખાસ કતારોમાં સ્થિત " -+"થયેલ છે. બધા iptables, ip6tables અને ebtables વિકલ્પોને વાપરી શકાય છે." - - #: ../src/firewall-config.glade.h:189 - msgid "Please be careful with passthrough rules to not damage the firewall." --msgstr "મહેરબાની કરીને પાસથ્રુ નિયમો એ ફાયરવોલને ઇજા પહોંચાડે નહિં તે રીતે સાચવો." -+msgstr "" -+"મહેરબાની કરીને પાસથ્રુ નિયમો એ ફાયરવોલને ઇજા પહોંચાડે નહિં તે રીતે સાચવો." - - #: ../src/firewall-config.glade.h:190 - msgid "Add Passthrough" -@@ -1594,9 +1607,9 @@ msgid "" - "firewalld. It limits changes to the firewall. The lockdown whitelist can " - "contain commands, contexts, users and user ids." - msgstr "" --"લોકડાઉન લક્ષણ એ firewalld માટે વપરાશકર્તા અને કાર્યક્રમ પોલિસીઓની આવૃત્તિ છે. તે " --"ફાયરવોલ માટે ફેરફારોને મર્યાદિત કરે છે. લોકડાઉન વાઇટલીસ્ટ એ આદેશો, સંદર્ભો, વપરાશકર્તા " --"અને વપરાશકર્તા ids ને સમાવે છે." -+"લોકડાઉન લક્ષણ એ firewalld માટે વપરાશકર્તા અને કાર્યક્રમ પોલિસીઓની આવૃત્તિ " -+"છે. તે ફાયરવોલ માટે ફેરફારોને મર્યાદિત કરે છે. લોકડાઉન વાઇટલીસ્ટ એ આદેશો, " -+"સંદર્ભો, વપરાશકર્તા અને વપરાશકર્તા ids ને સમાવે છે." - - #: ../src/firewall-config.glade.h:195 - msgid "" -@@ -1627,8 +1640,9 @@ msgid "" - "command lines starting with the command will match. If the '*' is not there " - "the absolute command inclusive arguments must match." - msgstr "" --"જો વાઇટલીસેટ પર આદેશ પ્રવેશ એ એસ્ટ્રીંક '*' સાથે અંત થાય તો, પછી બધા આદેશ સાથે શરૂ થતા " --"આદેશ વાક્યો એ બંધબેસશે. જો '*' ત્યાં ન હોય તો ખાસ આદેશ સમાવતી દલીલો બંધબેસવી જ જોઇએ." -+"જો વાઇટલીસેટ પર આદેશ પ્રવેશ એ એસ્ટ્રીંક '*' સાથે અંત થાય તો, પછી બધા આદેશ " -+"સાથે શરૂ થતા આદેશ વાક્યો એ બંધબેસશે. જો '*' ત્યાં ન હોય તો ખાસ આદેશ સમાવતી " -+"દલીલો બંધબેસવી જ જોઇએ." - - #: ../src/firewall-config.glade.h:201 - msgid "Add Command Line" -@@ -1818,7 +1832,9 @@ msgstr "સીધો નિયમ" - - #: ../src/firewall-config.glade.h:248 - msgid "Please select ipv and table, chain priority and enter the args." --msgstr "મહેરબાની કરીને ipv અને કોષ્ટકને પસંદ કરો, કતાર પ્રાધાન્ય અને દલીલોને દાખલ કરો." -+msgstr "" -+"મહેરબાની કરીને ipv અને કોષ્ટકને પસંદ કરો, કતાર પ્રાધાન્ય અને દલીલોને દાખલ " -+"કરો." - - #: ../src/firewall-config.glade.h:249 - msgid "Priority:" -@@ -1870,8 +1886,8 @@ msgstr "ઉલટુ કરાયેલું" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" - "આને સક્રિય કરવા માટે ક્રિયા 'રદ કરો' હોવી જોઇએ અને પરિવાર પ્રકાર 'ipv4' અથવા " - "'ipv6' (બંને નહિ) હોવો જોઇએ." -diff --git a/po/hi.po b/po/hi.po -index 76472deda65b..00fcda4f1a25 100644 ---- a/po/hi.po -+++ b/po/hi.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # Rajesh Ranjan , 2009 - # Rajesh Ranjan , 2004-2010,2014 -@@ -11,14 +11,14 @@ msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=UTF-8\n" -+"Content-Transfer-Encoding: 8bit\n" - "PO-Revision-Date: 2016-01-04 12:28+0000\n" - "Last-Translator: Copied by Zanata \n" - "Language-Team: Hindi (http://www.transifex.com/projects/p/firewalld/language/" - "hi/)\n" - "Language: hi\n" --"MIME-Version: 1.0\n" --"Content-Type: text/plain; charset=UTF-8\n" --"Content-Transfer-Encoding: 8bit\n" - "Plural-Forms: nplurals=2; plural=(n != 1);\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -78,8 +78,9 @@ msgid "" - "This feature is useful for people using the default zones mostly. For users, " - "that are changing zones of connections, it might be of limited use." - msgstr "" --"यह फीचर उन लोगों के लिए उपयोगी है जो तयशुदा क्षेत्र अधिकतर उपयोग करते हैं. उपयोक्ताओं के " --"लिए, वह कनेक्शन का बदलता क्षेत्र है, यह सीमित उपयोग का हो सकता है." -+"यह फीचर उन लोगों के लिए उपयोगी है जो तयशुदा क्षेत्र अधिकतर उपयोग करते हैं. " -+"उपयोक्ताओं के लिए, वह कनेक्शन का बदलता क्षेत्र है, यह सीमित उपयोग का हो सकता " -+"है." - - #: ../src/firewall-applet.in:235 - msgid "Shields Up Zone:" -@@ -201,9 +202,11 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" --"क्षेत्र '{zone}' सक्रिय है '{connection}' कनेक्शन के लिए '{interface}' अंतरफलक पर" -+"क्षेत्र '{zone}' सक्रिय है '{connection}' कनेक्शन के लिए '{interface}' " -+"अंतरफलक पर" - - #: ../src/firewall-applet.in:892 - msgid "Zone '{zone}' active for interface '{interface}'" -@@ -262,7 +265,8 @@ msgstr "" - - #: ../src/firewall-applet.in:1047 - msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" --msgstr "क्षेत्र '{zone}' {activated_deactivated} है '{interface}' अंतरफलक के लिए" -+msgstr "" -+"क्षेत्र '{zone}' {activated_deactivated} है '{interface}' अंतरफलक के लिए" - - #: ../src/firewall-applet.in:1070 - #, c-format -@@ -641,8 +645,7 @@ msgstr "ipv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" - "किसी दूसरे तंत्र में अग्रसारण तभी उपयोगी है जब अंतरफलक छद्म होता है.\n" -@@ -830,8 +833,8 @@ msgid "" - "If you enable local forwarding, you have to specify a port. This port has to " - "be different to the source port." - msgstr "" --"यदि आप स्थानीय अग्रसारण सक्रिय करते हैं, आपको एक पोर्ट को निर्दिष्ट करना है. इस पोर्ट " --"को स्रोत पोर्ट से भिन्न होना है." -+"यदि आप स्थानीय अग्रसारण सक्रिय करते हैं, आपको एक पोर्ट को निर्दिष्ट करना है. " -+"इस पोर्ट को स्रोत पोर्ट से भिन्न होना है." - - #: ../src/firewall-config.glade.h:30 - msgid "Local forwarding" -@@ -940,7 +943,8 @@ msgid "" - "lost with reload if they have not been also in permanent configuration." - msgstr "" - "फायरवॉल नियम फिर लोड करता है. मौजूदा स्थायी विन्यास एक नया रनटाइम विन्यास बन " --"जाएगा. यानी सभी रनटाइम केवल तभी लोड होता है जब वे स्थायी विन्यास में होते हैं." -+"जाएगा. यानी सभी रनटाइम केवल तभी लोड होता है जब वे स्थायी विन्यास में होते " -+"हैं." - - #: ../src/firewall-config.glade.h:60 - msgid "Change which zone a network connection belongs to." -@@ -972,7 +976,8 @@ msgstr "" - - #: ../src/firewall-config.glade.h:68 - msgid "Panic mode means that all incoming and outgoing packets are dropped." --msgstr "पैनिक अवस्था का अर्थ है कि सभी इनकमिंग और आउटगोइंग पैकेट छोड़े जाते हैं." -+msgstr "" -+"पैनिक अवस्था का अर्थ है कि सभी इनकमिंग और आउटगोइंग पैकेट छोड़े जाते हैं." - - #: ../src/firewall-config.glade.h:69 - msgid "Panic Mode" -@@ -983,8 +988,8 @@ msgid "" - "Lockdown locks firewall configuration so that only applications on lockdown " - "whitelist are able to change it." - msgstr "" --"लॉकडाउन फ़ायरवॉल विन्यास लॉक करता है ताकि लॉकडाउन ह्वाइटलिस्ट पर केवल अनुप्रयोग इसे " --"बदल सकें." -+"लॉकडाउन फ़ायरवॉल विन्यास लॉक करता है ताकि लॉकडाउन ह्वाइटलिस्ट पर केवल " -+"अनुप्रयोग इसे बदल सकें." - - #: ../src/firewall-config.glade.h:71 - msgid "Lockdown" -@@ -1058,8 +1063,8 @@ msgid "" - "configuration. Permanent configuration will be active after service or " - "system reload or restart." - msgstr "" --"मौजूदा दृश्य विन्यास. रनटाइम विन्यास एक वास्तविक विन्यास है. स्थायी विन्यास सेवा या तंत्र " --"रिलोड या फिर आरंभ करने के बाद सक्रिय होगा." -+"मौजूदा दृश्य विन्यास. रनटाइम विन्यास एक वास्तविक विन्यास है. स्थायी विन्यास " -+"सेवा या तंत्र रिलोड या फिर आरंभ करने के बाद सक्रिय होगा." - - #: ../src/firewall-config.glade.h:88 - msgid "" -@@ -1069,9 +1074,10 @@ msgid "" - "filters and rich rules. The zone can be bound to interfaces and source " - "addresses." - msgstr "" --"firewalld क्षेत्र संजाल कनेक्शन, अंतरफलक, और क्षेत्र से जुड़ा स्रोत पता के लिए भरोसे का स्तर " --"परिभाषित करता है. यह क्षेत्र सेवा, पोर्ट, प्रोटोकॉल, प्रच्छन्न, पोर्ट/पैकेट अग्रसारण, icmp " --"फिल्टर और रिच नियम को एकीकृत करता है. यह क्षेत्र अंतरफलक और स्रोत पता से बंधा रहता है." -+"firewalld क्षेत्र संजाल कनेक्शन, अंतरफलक, और क्षेत्र से जुड़ा स्रोत पता के " -+"लिए भरोसे का स्तर परिभाषित करता है. यह क्षेत्र सेवा, पोर्ट, प्रोटोकॉल, " -+"प्रच्छन्न, पोर्ट/पैकेट अग्रसारण, icmp फिल्टर और रिच नियम को एकीकृत करता है. " -+"यह क्षेत्र अंतरफलक और स्रोत पता से बंधा रहता है." - - #: ../src/firewall-config.glade.h:90 - msgid "Add Zone" -@@ -1095,9 +1101,9 @@ msgid "" - "are accessible from all hosts and networks that can reach the machine from " - "connections, interfaces and sources bound to this zone." - msgstr "" --"यहां आप परिभाषित कर सकते हैं कि कौन सी सेवाएँ इस क्षेत्र के लिए विश्वसनीय हैं. विश्वसनीय " --"सेवाओं को सभी मेजबान या संजाल से अभिगम योग्य होता है जो मशीन तक इस क्षेत्र में कनेक्शन, " --"अंतरफलक और स्रोत बाउंड से पहुँच सकता है." -+"यहां आप परिभाषित कर सकते हैं कि कौन सी सेवाएँ इस क्षेत्र के लिए विश्वसनीय " -+"हैं. विश्वसनीय सेवाओं को सभी मेजबान या संजाल से अभिगम योग्य होता है जो मशीन " -+"तक इस क्षेत्र में कनेक्शन, अंतरफलक और स्रोत बाउंड से पहुँच सकता है." - - #: ../src/firewall-config.glade.h:95 - msgid "Services" -@@ -1108,8 +1114,8 @@ msgid "" - "Add additional ports or port ranges, which need to be accessible for all " - "hosts or networks that can connect to the machine." - msgstr "" --"अतिरिक्त पोर्ट व पोर्ट परिसर को जोड़ें, जो सभी मेजबान या संजाल के लिए अभिगम योग्य होना " --"चाहिए दो मशीन से कनेक्ट कर सकता है." -+"अतिरिक्त पोर्ट व पोर्ट परिसर को जोड़ें, जो सभी मेजबान या संजाल के लिए अभिगम " -+"योग्य होना चाहिए दो मशीन से कनेक्ट कर सकता है." - - #: ../src/firewall-config.glade.h:97 - msgid "Add Port" -@@ -1163,9 +1169,9 @@ msgid "" - "network to the internet. Your local network will not be visible and the " - "hosts appear as a single address on the internet. Masquerading is IPv4 only." - msgstr "" --"मुखौटा आपको एक मेजबान या रॉटर सेटअप करने की स्वीकृति देता है जो इंटरनेट से अपने स्थानीय " --"संजाल को कनेक्ट करता है. आपका स्थानीय संजाल दृश्य नहीं होगा और इंटरनेट के लिए एक मेजबान के " --"रूप में प्रकट होगा. मुखौटा सिर्फ IPv4 है." -+"मुखौटा आपको एक मेजबान या रॉटर सेटअप करने की स्वीकृति देता है जो इंटरनेट से " -+"अपने स्थानीय संजाल को कनेक्ट करता है. आपका स्थानीय संजाल दृश्य नहीं होगा और " -+"इंटरनेट के लिए एक मेजबान के रूप में प्रकट होगा. मुखौटा सिर्फ IPv4 है." - - #: ../src/firewall-config.glade.h:109 - msgid "Masquerade zone" -@@ -1175,7 +1181,9 @@ msgstr "प्रच्छन्न क्षेत्र" - msgid "" - "If you enable masquerading, IP forwarding will be enabled for your IPv4 " - "networks." --msgstr "यदि आप प्रच्छन्न सक्रिय कर रहे हैं, IP को आपको IPv4 के लिए सक्रिय किया जाएगा." -+msgstr "" -+"यदि आप प्रच्छन्न सक्रिय कर रहे हैं, IP को आपको IPv4 के लिए सक्रिय किया जाएगा." -+"" - - #: ../src/firewall-config.glade.h:111 - msgid "Masquerading" -@@ -1188,9 +1196,10 @@ msgid "" - "system is only useful if the interface is masqueraded. Port forwarding is " - "IPv4 only." - msgstr "" --"एक पोर्ट से दूसरे से पोर्ट को अग्रसारित करने के लिए प्रविष्टि जोड़ें स्थानीय सिस्टम पर या " --"स्थानीय सिस्टम से दूसरे सिस्टम में. दूसरे सिस्टम में अग्रसारण सिर्फ तभी उपयोगी है यदि अंतरफलक " --"को मुखौटा दिया जाता है. पोर्ट अग्रसारण सिर्फ IPv4 है." -+"एक पोर्ट से दूसरे से पोर्ट को अग्रसारित करने के लिए प्रविष्टि जोड़ें स्थानीय " -+"सिस्टम पर या स्थानीय सिस्टम से दूसरे सिस्टम में. दूसरे सिस्टम में अग्रसारण " -+"सिर्फ तभी उपयोगी है यदि अंतरफलक को मुखौटा दिया जाता है. पोर्ट अग्रसारण सिर्फ " -+"IPv4 है." - - #: ../src/firewall-config.glade.h:113 - msgid "Add Forward Port" -@@ -1210,17 +1219,17 @@ msgid "" - "messages between networked computers, but additionally for informational " - "messages like ping requests and replies." - msgstr "" --"इंटरनेट कंट्रोल मेसेज प्रोटोकॉल (ICMP) को त्रुटि संदेश भेजने के लिए प्रयुक्त किया जाता है " --"संजालित कंप्यूटर के बीच, लेकिन सूचनात्मक संदेश के लिए अतिरिक्त रूप से जैसे कि पिंग आग्रह और " --"जवाब के लिए." -+"इंटरनेट कंट्रोल मेसेज प्रोटोकॉल (ICMP) को त्रुटि संदेश भेजने के लिए प्रयुक्त " -+"किया जाता है संजालित कंप्यूटर के बीच, लेकिन सूचनात्मक संदेश के लिए अतिरिक्त " -+"रूप से जैसे कि पिंग आग्रह और जवाब के लिए." - - #: ../src/firewall-config.glade.h:117 - msgid "" - "Mark the ICMP types in the list, which should be rejected. All other ICMP " - "types are allowed to pass the firewall. The default is no limitation." - msgstr "" --"सूची में ICMP प्रकार चिह्नित करें, जो अस्वीकृत किया जाना चाहिए. सभी दूसरे ICMP प्रकार को " --"फायरवाल भेज देने की स्वीकृति है. तयशुदा में कोई सीमा नहीं है." -+"सूची में ICMP प्रकार चिह्नित करें, जो अस्वीकृत किया जाना चाहिए. सभी दूसरे " -+"ICMP प्रकार को फायरवाल भेज देने की स्वीकृति है. तयशुदा में कोई सीमा नहीं है." - - #: ../src/firewall-config.glade.h:118 - msgid "" -@@ -1261,8 +1270,9 @@ msgid "" - "Add entries to bind interfaces to the zone. If the interface will be used by " - "a connection, the zone will be set to the zone specified in the connection." - msgstr "" --"क्षेत्र में अंतरफलक बाइंड करने के लिए प्रविष्टि बाइंड करें. यदि अंतरफलक किसी कनेक्शन के द्वारा " --"प्रयोग किया जाता है, तो इस क्षेत्र को निर्दिष्ट क्षेत्र में कनेक्शन में सेट किया जाएगा." -+"क्षेत्र में अंतरफलक बाइंड करने के लिए प्रविष्टि बाइंड करें. यदि अंतरफलक किसी " -+"कनेक्शन के द्वारा प्रयोग किया जाता है, तो इस क्षेत्र को निर्दिष्ट क्षेत्र " -+"में कनेक्शन में सेट किया जाएगा." - - #: ../src/firewall-config.glade.h:127 - msgid "Add Interface" -@@ -1359,8 +1369,8 @@ msgid "" - "the destination address and type. If both entries are empty, there is no " - "limitation." - msgstr "" --"यदि आप गंतव्य पता को निर्दिष्ट करते हैं, तो सेवा प्रविष्ट गंतव्य पता और प्रकार में सीमित " --"होगी. यदि दोनों प्रविष्टि रिक्त है, तो कोई सीमा नहीं है." -+"यदि आप गंतव्य पता को निर्दिष्ट करते हैं, तो सेवा प्रविष्ट गंतव्य पता और " -+"प्रकार में सीमित होगी. यदि दोनों प्रविष्टि रिक्त है, तो कोई सीमा नहीं है." - - #: ../src/firewall-config.glade.h:151 - msgid "IPv4:" -@@ -1375,7 +1385,8 @@ msgid "" - "Services can only be changed in the permanent configuration view. The " - "runtime configuration of services is fixed." - msgstr "" --"सेवा को स्थायी विन्यास दृश्य में केवल बदला जा सकता है. सेवा का रनटाइम विन्यास फिक्स्ड है." -+"सेवा को स्थायी विन्यास दृश्य में केवल बदला जा सकता है. सेवा का रनटाइम " -+"विन्यास फिक्स्ड है." - - #: ../src/firewall-config.glade.h:154 - msgid "" -@@ -1435,8 +1446,8 @@ msgid "" - "A firewalld icmptype provides the information for an Internet Control " - "Message Protocol (ICMP) type for firewalld." - msgstr "" --"firewalld icmptype इंटरनेट कंट्रोल मैसेज प्रोटोकॉल (ICMP) प्रकार के लिए firewalld के " --"लिए सूचना प्रदान करता है." -+"firewalld icmptype इंटरनेट कंट्रोल मैसेज प्रोटोकॉल (ICMP) प्रकार के लिए " -+"firewalld के लिए सूचना प्रदान करता है." - - #: ../src/firewall-config.glade.h:167 - msgid "Add ICMP Type" -@@ -1463,8 +1474,8 @@ msgid "" - "ICMP Types can only be changed in the permanent configuration view. The " - "runtime configuration of ICMP Types is fixed." - msgstr "" --"ICMP प्रकार को स्थायी विन्यास दृश्य में केवल बदला जा सकता है. ICMP प्रकार का रनटाइम " --"विन्यास फिक्स्ड है." -+"ICMP प्रकार को स्थायी विन्यास दृश्य में केवल बदला जा सकता है. ICMP प्रकार का " -+"रनटाइम विन्यास फिक्स्ड है." - - #: ../src/firewall-config.glade.h:173 - msgid "" -@@ -1485,10 +1496,10 @@ msgid "" - "commands, parameters and targets. Direct configuration should be used only " - "as a last resort when it is not possible to use other firewalld features." - msgstr "" --"सीधा विन्यास फायरवॉल में सीधा पहुँच देता है. ये विकल्प मौलिक iptables संबोध, यानी " --"सारणी, शृंखला, कमांड, पैरामीटर और लक्ष्य को उपयोक्ता जाने इसकी जरूरत बताता है. सीधा " --"विन्यास केवल अंतिम हल के रूप में प्रयोग किया जा सकता है जबकि दूसरे फ़ायरवॉल किए फीचर संभव " --"नहीं हैं." -+"सीधा विन्यास फायरवॉल में सीधा पहुँच देता है. ये विकल्प मौलिक iptables संबोध, " -+"यानी सारणी, शृंखला, कमांड, पैरामीटर और लक्ष्य को उपयोक्ता जाने इसकी जरूरत " -+"बताता है. सीधा विन्यास केवल अंतिम हल के रूप में प्रयोग किया जा सकता है जबकि " -+"दूसरे फ़ायरवॉल किए फीचर संभव नहीं हैं." - - #: ../src/firewall-config.glade.h:176 - msgid "" -@@ -1523,7 +1534,9 @@ msgstr "शृंखला" - #: ../src/firewall-config.glade.h:182 - msgid "" - "Add a rule with the arguments args to a chain in a table with a priority." --msgstr "args वितर्क के साथ कोई नियम शृंखला में जोड़ें प्राथमिकता के साथ एक सारणी में." -+msgstr "" -+"args वितर्क के साथ कोई नियम शृंखला में जोड़ें प्राथमिकता के साथ एक सारणी में." -+"" - - #: ../src/firewall-config.glade.h:183 - msgid "" -@@ -1534,12 +1547,13 @@ msgid "" - "after another one, use a low priority for the first and a higher for the " - "following." - msgstr "" --"प्राथमिकता नियम को आदेश देने के लिए प्रयोग किया जा सकता है. प्राथमिकता 0 का अर्थ है " --"शृंखला के शीर्ष पर नियम को जोड़ना, उच्चतर प्राथमिकता के साथ नियम फिर और जोड़े जाएँगे. " --"समान प्राथमिकता के साथ नियम समान स्तर पर हैं और इन नियमों का क्रम स्थिर नहीं है और बदल " --"सकता है. यदि आप पक्का करना चाहते हैं कि कोई नियम किसी के बाद जोड़े जाएँगे, पहले कम " --"प्राथमिकता का जोड़ें कि एक नियम एक के बाद एक जोड़े जाएँगे, पहले से कम प्राथमिकता का " --"उपयोग करें और निम्नलिखित के लिए उच्चतर जोड़े जाएँगे." -+"प्राथमिकता नियम को आदेश देने के लिए प्रयोग किया जा सकता है. प्राथमिकता 0 का " -+"अर्थ है शृंखला के शीर्ष पर नियम को जोड़ना, उच्चतर प्राथमिकता के साथ नियम फिर " -+"और जोड़े जाएँगे. समान प्राथमिकता के साथ नियम समान स्तर पर हैं और इन नियमों " -+"का क्रम स्थिर नहीं है और बदल सकता है. यदि आप पक्का करना चाहते हैं कि कोई " -+"नियम किसी के बाद जोड़े जाएँगे, पहले कम प्राथमिकता का जोड़ें कि एक नियम एक के " -+"बाद एक जोड़े जाएँगे, पहले से कम प्राथमिकता का उपयोग करें और निम्नलिखित के " -+"लिए उच्चतर जोड़े जाएँगे." - - #: ../src/firewall-config.glade.h:184 - msgid "Add Rule" -@@ -1563,8 +1577,9 @@ msgid "" - "not placed in special chains. All iptables, ip6tables and ebtables options " - "can be used." - msgstr "" --"पासथ्रू नियम सीधे फायरवॉल के द्वारा भेजा जा सकता है और विशेष शृंखला में स्थापित नहीं है. " --"सभी iptables, ip6tables और ebtables विकल्प का उपयोग किया जा सकता है." -+"पासथ्रू नियम सीधे फायरवॉल के द्वारा भेजा जा सकता है और विशेष शृंखला में " -+"स्थापित नहीं है. सभी iptables, ip6tables और ebtables विकल्प का उपयोग किया जा " -+"सकता है." - - #: ../src/firewall-config.glade.h:189 - msgid "Please be careful with passthrough rules to not damage the firewall." -@@ -1592,9 +1607,9 @@ msgid "" - "firewalld. It limits changes to the firewall. The lockdown whitelist can " - "contain commands, contexts, users and user ids." - msgstr "" --"lockdown विशेषता उपयोक्ता और अनुप्रयोग नीति के हल्के संस्करण के लिए firewalld है. यह " --"फ़ायरवॉल में परिवर्तन परिसीमित करता है. लॉकडाउन ह्वाइटलिस्च में कमांड, संदर्भ, उपयोक्ता " --"और उपयोक्ता आईडी समाहित है." -+"lockdown विशेषता उपयोक्ता और अनुप्रयोग नीति के हल्के संस्करण के लिए " -+"firewalld है. यह फ़ायरवॉल में परिवर्तन परिसीमित करता है. लॉकडाउन ह्वाइटलिस्च " -+"में कमांड, संदर्भ, उपयोक्ता और उपयोक्ता आईडी समाहित है." - - #: ../src/firewall-config.glade.h:195 - msgid "" -@@ -1625,9 +1640,9 @@ msgid "" - "command lines starting with the command will match. If the '*' is not there " - "the absolute command inclusive arguments must match." - msgstr "" --"यदि ह्वाइटलिस्ट पर किसी कमांड प्रविष्ट का अंत तारांकन '*' से होता है, तो सभी कमांड " --"लाइन जो कमांड से आरंभ होता है मेल खाएगा. यदि '*' वहाँ नहीं है, तो निरपेक्ष कमांड " --"अंतर्निवेशित तर्क को जरूर मेल खाना चाहिए." -+"यदि ह्वाइटलिस्ट पर किसी कमांड प्रविष्ट का अंत तारांकन '*' से होता है, तो सभी " -+"कमांड लाइन जो कमांड से आरंभ होता है मेल खाएगा. यदि '*' वहाँ नहीं है, तो " -+"निरपेक्ष कमांड अंतर्निवेशित तर्क को जरूर मेल खाना चाहिए." - - #: ../src/firewall-config.glade.h:201 - msgid "Add Command Line" -@@ -1869,11 +1884,11 @@ msgstr "उल्टा" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" --"इसे सक्रिय करने के लिए क्रिया को 'अस्वीकार' करने की जरूरत है और फैमिली को 'ipv4' या " --"'ipv6' (दोनों नहीं) होना चाहिए." -+"इसे सक्रिय करने के लिए क्रिया को 'अस्वीकार' करने की जरूरत है और फैमिली को " -+"'ipv4' या 'ipv6' (दोनों नहीं) होना चाहिए." - - #: ../src/firewall-config.glade.h:267 - msgid "with Type:" -diff --git a/po/hu.po b/po/hu.po -index e4ae29e6c2bb..6effc0801e08 100644 ---- a/po/hu.po -+++ b/po/hu.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # Arpad Biro , 2004,2006,2008 - # teknos.ferenc , 2013 -@@ -18,20 +18,21 @@ - # teknos.ferenc , 2013 - # Zoltan Hoppár , 2012-2013 - # Meskó Balázs , 2017. #zanata -+# Eric Garver , 2018. #zanata - # Meskó Balázs , 2018. #zanata - msgid "" - msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" --"PO-Revision-Date: 2018-08-11 03:00+0000\n" --"Last-Translator: Meskó Balázs \n" --"Language-Team: Hungarian (http://www.transifex.com/projects/p/firewalld/" --"language/hu/)\n" --"Language: hu\n" - "MIME-Version: 1.0\n" - "Content-Type: text/plain; charset=UTF-8\n" - "Content-Transfer-Encoding: 8bit\n" -+"PO-Revision-Date: 2018-11-16 08:24+0000\n" -+"Last-Translator: Copied by Zanata \n" -+"Language-Team: Hungarian (http://www.transifex.com/projects/p/firewalld/" -+"language/hu/)\n" -+"Language: hu\n" - "Plural-Forms: nplurals=2; plural=(n != 1);\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -72,7 +73,8 @@ msgstr "Zóna kiválasztása a(z) „%s” kapcsolathoz" - #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3910 - msgid "Failed to set zone {zone} for connection {connection_name}" - msgstr "" --"Nem sikerült beállítani a(z) {zone} zónát a(z) {connection_name} kapcsolathoz" -+"Nem sikerült beállítani a(z) {zone} zónát a(z) {connection_name} " -+"kapcsolathoz" - - #: ../src/firewall-applet.in:190 - #, c-format -@@ -220,7 +222,8 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" - "A(z) „{zone}” zóna aktív a(z) „{connection}” kapcsolatnál ezen a csatolón: " - "„{interface}”" -@@ -314,8 +317,8 @@ msgid "" - "Failed to connect to firewalld. Please make sure that the service has been " - "started correctly and try again." - msgstr "" --"A firewalld-hez kapcsolódás meghiúsult. Ellenőrizze, hogy a szolgáltatás " --"helyesen lett elindítva, és próbálja újra." -+"Nem sikerült kapcsolódni a FirewallD szolgáltatáshoz. Ellenőrizze, hogy a " -+"szolgáltatás megfelelően el lett-e indítva, és próbálja újra." - - #: ../src/firewall-config.in:95 - msgid "Changes applied." -@@ -357,11 +360,11 @@ msgstr "Felhasználónév" - - #: ../src/firewall-config.in:244 - msgid "User id" --msgstr "Felhasználó-azonosító" -+msgstr "Felhasználóazonosító" - - #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 - msgid "Table" --msgstr "Tábla" -+msgstr "Táblázat" - - #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 - msgid "Chain" -@@ -666,8 +669,7 @@ msgstr "ipv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" - "A továbbítás egy másik rendszerbe csak akkor hasznos, ha a csatoló maszkolva " -@@ -1066,7 +1068,7 @@ msgstr "_Súgó" - - #: ../src/firewall-config.glade.h:82 - msgid "Change Zone" --msgstr "Zóna módosítása" -+msgstr "Zóna megváltoztatása" - - #: ../src/firewall-config.glade.h:83 - msgid "Change zone of binding" -@@ -1241,8 +1243,8 @@ msgid "" - msgstr "" - "Bejegyzések hozzáadása portok továbbításához vagy egy portról egy másikra a " - "helyi rendszeren, vagy a helyi rendszerről egy másik rendszerre. Egy másik " --"rendszerre történő továbbítás csak akkor hasznos, ha a csatoló maszkolva " --"van. A port továbbítás csak IPv4 esetén használható." -+"rendszerre történő továbbítás csak akkor hasznos, ha a csatoló maszkolva van." -+" A port továbbítás csak IPv4 esetén használható." - - #: ../src/firewall-config.glade.h:113 - msgid "Add Forward Port" -@@ -1656,7 +1658,8 @@ msgstr "" - - #: ../src/firewall-config.glade.h:189 - msgid "Please be careful with passthrough rules to not damage the firewall." --msgstr "Legyen óvatos az áteresztő szabályokkal, hogy ne károsítsa a tűzfalat." -+msgstr "" -+"Legyen óvatos az áteresztő szabályokkal, hogy ne károsítsa a tűzfalat." - - #: ../src/firewall-config.glade.h:190 - msgid "Add Passthrough" -@@ -1854,7 +1857,7 @@ msgstr "Válasszon egy IP-készletet:" - - #: ../src/firewall-config.glade.h:234 - msgid "Please enter an ipset entry:" --msgstr "Adjon meg egy IP-készlet bejegyzést:" -+msgstr "Adjon meg egy ipset-bejegyzést:" - - #: ../src/firewall-config.glade.h:235 - msgid "Log Denied" -@@ -1967,8 +1970,8 @@ msgstr "fordított" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" - "A művelet engedélyezéséhez „elutasítás” értékűnek, a családnak pedig vagy " - "„IPv4”-nek, vagy „IPv6”-nak (nem mindkettő) kell lennie." -diff --git a/po/ia.po b/po/ia.po -index 0750ade70d0f..ad26658fb67a 100644 ---- a/po/ia.po -+++ b/po/ia.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # Nik Kalach , 2012-2013 - msgid "" -@@ -9,14 +9,14 @@ msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" --"PO-Revision-Date: 2015-02-26 02:58+0000\n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=UTF-8\n" -+"Content-Transfer-Encoding: 8bit\n" -+"PO-Revision-Date: 2015-02-26 09:58+0000\n" - "Last-Translator: Copied by Zanata \n" - "Language-Team: Interlingua (http://www.transifex.com/projects/p/firewalld/" - "language/ia/)\n" - "Language: ia\n" --"MIME-Version: 1.0\n" --"Content-Type: text/plain; charset=UTF-8\n" --"Content-Transfer-Encoding: 8bit\n" - "Plural-Forms: nplurals=2; plural=(n != 1);\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -197,7 +197,8 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" - - #: ../src/firewall-applet.in:892 -@@ -634,8 +635,7 @@ msgstr "" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" - -@@ -1803,8 +1803,8 @@ msgstr "" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" - - #: ../src/firewall-config.glade.h:267 -diff --git a/po/id.po b/po/id.po -index 18fd1b909c5a..68f9ab52c169 100644 ---- a/po/id.po -+++ b/po/id.po -@@ -4,13 +4,13 @@ msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=UTF-8\n" -+"Content-Transfer-Encoding: 8bit\n" - "PO-Revision-Date: 2018-05-22 09:00+0000\n" - "Last-Translator: Ferdi Saptanera \n" - "Language-Team: Indonesian\n" - "Language: id\n" --"MIME-Version: 1.0\n" --"Content-Type: text/plain; charset=UTF-8\n" --"Content-Transfer-Encoding: 8bit\n" - "X-Generator: Zanata 4.6.2\n" - "Plural-Forms: nplurals=1; plural=0\n" - -@@ -196,7 +196,8 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" - - #: ../src/firewall-applet.in:892 -@@ -633,8 +634,7 @@ msgstr "" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" - -@@ -1802,8 +1802,8 @@ msgstr "" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" - - #: ../src/firewall-config.glade.h:267 -diff --git a/po/it.po b/po/it.po -index f1bf724d4ea3..0387750b62c4 100644 ---- a/po/it.po -+++ b/po/it.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # Andrea La Fauci , 2010 - # antonio montagnani , 2013 -@@ -30,20 +30,21 @@ - # Elena Metelli , 2017. #zanata - # Thomas Woerner , 2017. #zanata - # Elena Metelli , 2018. #zanata -+# Eric Garver , 2018. #zanata - # Milo Casagrande , 2018. #zanata - msgid "" - msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" --"PO-Revision-Date: 2018-06-07 09:00+0000\n" --"Last-Translator: Elena Metelli \n" --"Language-Team: Italian (http://www.transifex.com/projects/p/firewalld/" --"language/it/)\n" --"Language: it\n" - "MIME-Version: 1.0\n" - "Content-Type: text/plain; charset=UTF-8\n" - "Content-Transfer-Encoding: 8bit\n" -+"PO-Revision-Date: 2018-11-16 08:24+0000\n" -+"Last-Translator: Copied by Zanata \n" -+"Language-Team: Italian (http://www.transifex.com/projects/p/firewalld/" -+"language/it/)\n" -+"Language: it\n" - "Plural-Forms: nplurals=2; plural=(n != 1);\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -84,6 +85,7 @@ msgstr "Seleziona la zone per la connessione '%s'" - #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3910 - msgid "Failed to set zone {zone} for connection {connection_name}" - msgstr "" -+"Impossibile impostare la zona {zone} per la connessione {connection_name}" - - #: ../src/firewall-applet.in:190 - #, c-format -@@ -104,9 +106,9 @@ msgid "" - "This feature is useful for people using the default zones mostly. For users, " - "that are changing zones of connections, it might be of limited use." - msgstr "" --"Questa funzione è utile per coloro che usano soprattutto le zone " --"predefinite. Per gli utenti che modificano le zone delle connessioni, " --"potrebbe essere limitata." -+"Questa funzione è utile per coloro che usano soprattutto le zone predefinite." -+" Per gli utenti che modificano le zone delle connessioni, potrebbe essere " -+"limitata." - - #: ../src/firewall-applet.in:235 - msgid "Shields Up Zone:" -@@ -185,7 +187,7 @@ msgstr "Autorizzazione fallita." - - #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2282 - msgid "Invalid name" --msgstr "Argomento %s non valido" -+msgstr "Nome non valido" - - #: ../src/firewall-applet.in:596 ../src/firewall-config.in:2286 - msgid "Name already exists" -@@ -230,7 +232,8 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" - "Zona '{zone}' attiva per la connessione '{connection}' sull'interfaccia " - "'{interface}'" -@@ -323,7 +326,7 @@ msgid "" - "Failed to connect to firewalld. Please make sure that the service has been " - "started correctly and try again." - msgstr "" --"Impossibile connettersi a firewalld. Assicurarsi che il servizio sia stato " -+"Impossibile connettersi al firewall. Verificare che il servizio sia stato " - "avviato correttamente e riprovare." - - #: ../src/firewall-config.in:95 -@@ -366,7 +369,7 @@ msgstr "Nome utente" - - #: ../src/firewall-config.in:244 - msgid "User id" --msgstr "User id" -+msgstr "ID utente" - - #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 - msgid "Table" -@@ -464,7 +467,7 @@ msgstr "Interfaccia" - - #: ../src/firewall-config.in:936 - msgid "Comment" --msgstr "" -+msgstr "Commento" - - #: ../src/firewall-config.in:955 ../src/firewall-config.glade.h:27 - msgid "Source" -@@ -540,7 +543,7 @@ msgstr "blocco-icmp" - #: ../src/firewall-config.in:3348 ../src/firewall-config.in:3658 - #: ../src/firewall-config.glade.h:288 - msgid "icmp-type" --msgstr "" -+msgstr "icmp-type" - - #: ../src/firewall-config.in:2075 ../src/firewall-config.in:3182 - #: ../src/firewall-config.in:3350 ../src/firewall-config.in:3661 -@@ -675,8 +678,7 @@ msgstr "ipv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" - "L'inoltro ad un altro sistema è utile solo se l'interfaccia è nattata.\n" -@@ -893,7 +895,8 @@ msgstr "Configurare le impostazioni di base per gli helper:" - - #: ../src/firewall-config.glade.h:34 - msgid "Bold entries are mandatory, all others are optional." --msgstr "Le voci in grassetto sono obbligatorie, tutte le altre sono opzionali." -+msgstr "" -+"Le voci in grassetto sono obbligatorie, tutte le altre sono opzionali." - - #: ../src/firewall-config.glade.h:35 - msgid "Name:" -@@ -1078,7 +1081,7 @@ msgstr "Aiu_to" - - #: ../src/firewall-config.glade.h:82 - msgid "Change Zone" --msgstr "" -+msgstr "Modifica zona" - - #: ../src/firewall-config.glade.h:83 - msgid "Change zone of binding" -@@ -1501,8 +1504,8 @@ msgid "" - "This IPSet uses the timeout option, therefore no entries are visible here. " - "The entries should be taken care directly with the ipset command." - msgstr "" --"Questo IPSet usa l'opzione timeout, perciò nessuna delle voci è visibile " --"qui. Le voci dovrebbero essere prese in considerazione direttamente con il " -+"Questo IPSet usa l'opzione timeout, perciò nessuna delle voci è visibile qui." -+" Le voci dovrebbero essere prese in considerazione direttamente con il " - "comando ipset." - - #: ../src/firewall-config.glade.h:162 -@@ -1553,27 +1556,27 @@ msgid "" - "ICMP Types can only be changed in the permanent configuration view. The " - "runtime configuration of ICMP Types is fixed." - msgstr "" --"E' possibile cambiare i tipi ICMP solo nella vista configurazione " --"permanente. La configurazione runtime dei tipi ICMP è fissa." -+"E' possibile cambiare i tipi ICMP solo nella vista configurazione permanente." -+" La configurazione runtime dei tipi ICMP è fissa." - - #: ../src/firewall-config.glade.h:173 --#, fuzzy - msgid "" - "A connection tracking helper is assisting to make protocols work that are " - "using different flows for signaling and data transfers. The data transfers " - "are using ports that are unrelated to the signaling connection and are " - "therefore blocked by the firewall without the helper." - msgstr "" --"Un assistente per il monitoraggio della connessione aiuta a far funzionare " --"protocolli che utilizzano diversi flussi di segnalazione e trasferimento dei " --"dati. I trasferimenti di dati utilizzano porte che sono estranee alla " --"connessione di segnalazione e sono quindi bloccate dal firewall senza " --"l'assistente." -+"È disponibile un helper di controllo per la connessione che consente il " -+"funzionamento di protocolli che utilizzano flussi diversi per segnalazione e " -+"trasferimento dati. Per il trasferimento di dati vengono utilizzate porte " -+"diverse da quelle utilizzate per segnalare la connessione e bloccate dal " -+"firewall senza helper." - - #: ../src/firewall-config.glade.h:174 - msgid "Define ports or port ranges, which are monitored by the helper." - msgstr "" - "Definire le porte o intervalli di porte, che sono monitorati dall'assistente." -+"" - - #: ../src/firewall-config.glade.h:175 - msgid "" -@@ -1823,7 +1826,7 @@ msgstr "Zona Predefinita:" - - #: ../src/firewall-config.glade.h:222 - msgid "Please enter an interface name:" --msgstr "" -+msgstr "Immettere un nome per l'interfaccia:" - - #: ../src/firewall-config.glade.h:223 - msgid "Base IPSet Settings" -@@ -1867,7 +1870,7 @@ msgstr "Per favore selezionare un ipset:" - - #: ../src/firewall-config.glade.h:234 - msgid "Please enter an ipset entry:" --msgstr "" -+msgstr "Immettere una voce IPSet:" - - #: ../src/firewall-config.glade.h:235 - msgid "Log Denied" -@@ -1901,7 +1904,7 @@ msgstr "Maschera:" - - #: ../src/firewall-config.glade.h:242 - msgid "Please select a netfilter conntrack helper:" --msgstr "" -+msgstr "Immettere un helper per il controllo della connessione di Netfiler:" - - #: ../src/firewall-config.glade.h:243 - msgid "- Select -" -@@ -1979,8 +1982,8 @@ msgstr "invertito" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" - "Per abilitarlo, Action deve essere 'reject' e Family 'ipv4' o 'ipv6' (non " - "entrambi)." -@@ -2027,7 +2030,7 @@ msgstr "Per favore selezionare un servizio." - - #: ../src/firewall-config.glade.h:297 - msgid "Please enter a source." --msgstr "" -+msgstr "Immettere una sorgente." - - #: ../src/firewall-config.glade.h:298 - msgid "User ID" -diff --git a/po/ja.po b/po/ja.po -index 7e141775bca0..230a38a0bec5 100644 ---- a/po/ja.po -+++ b/po/ja.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # Aiko Sasaki , 2014 - # Copyright (C) Red Hat Inc. 2010, 2011 -@@ -16,20 +16,21 @@ - # Noriko Mizumoto , 2016. #zanata - # Takuro Nagamoto , 2016. #zanata - # Casey Jones , 2018. #zanata -+# Eric Garver , 2018. #zanata - # Hajime Taira , 2018. #zanata - msgid "" - msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" --"PO-Revision-Date: 2018-02-26 12:14+0000\n" --"Last-Translator: Hajime Taira \n" --"Language-Team: Japanese (http://www.transifex.com/projects/p/firewalld/" --"language/ja/)\n" --"Language: ja\n" - "MIME-Version: 1.0\n" - "Content-Type: text/plain; charset=UTF-8\n" - "Content-Transfer-Encoding: 8bit\n" -+"PO-Revision-Date: 2018-11-16 08:25+0000\n" -+"Last-Translator: Copied by Zanata \n" -+"Language-Team: Japanese (http://www.transifex.com/projects/p/firewalld/" -+"language/ja/)\n" -+"Language: ja\n" - "Plural-Forms: nplurals=1; plural=0;\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -82,17 +83,13 @@ msgstr "シールド・アップ/ダウン・ゾーンの設定" - - #: ../src/firewall-applet.in:220 - msgid "Here you can select the zones used for Shields Up and Shields Down." --msgstr "" --"ここからシールド・アップおよびシールド・ダウンに対して使用するゾーンを選択で" --"きます。" -+msgstr "ここからシールド・アップおよびシールド・ダウンに対して使用するゾーンを選択できます。" - - #: ../src/firewall-applet.in:226 - msgid "" - "This feature is useful for people using the default zones mostly. For users, " - "that are changing zones of connections, it might be of limited use." --msgstr "" --"この機能はたいてい標準のゾーンを使用する人々にとって有用です。接続のゾーンを" --"変更しているユーザーに対して、限定的に使用できます。" -+msgstr "この機能はたいてい標準のゾーンを使用する人々にとって有用です。接続のゾーンを変更しているユーザーに対して、限定的に使用できます。" - - #: ../src/firewall-applet.in:235 - msgid "Shields Up Zone:" -@@ -171,7 +168,7 @@ msgstr "認証に失敗しました。" - - #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2282 - msgid "Invalid name" --msgstr "不当な実引数 %s" -+msgstr "無効な名前" - - #: ../src/firewall-applet.in:596 ../src/firewall-config.in:2286 - msgid "Name already exists" -@@ -211,15 +208,13 @@ msgid "" - "Default Zone '{default_zone}' active for connection '{connection}' on " - "interface '{interface}'" - msgstr "" --"デフォルトゾーン '{default_zone}' がインターフェース '{interface}' の接続 " --"'{connection}' に対して有効化" -+"デフォルトゾーン '{default_zone}' がインターフェース '{interface}' の接続 '{connection}' に対して有効化" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" --msgstr "" --"ゾーン '{zone}' がインターフェース '{interface}' の接続 '{connection}' に対し" --"て有効化" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" -+msgstr "ゾーン '{zone}' がインターフェース '{interface}' の接続 '{connection}' に対して有効化" - - #: ../src/firewall-applet.in:892 - msgid "Zone '{zone}' active for interface '{interface}'" -@@ -267,22 +262,21 @@ msgid "" - "Default zone '{default_zone}' {activated_deactivated} for connection " - "'{connection}' on interface '{interface}'" - msgstr "" --"デフォルトゾーン '{default_zone}' がインターフェース '{interface}' の接続 " --"'{connection}' に対して {activated_deactivated} " -+"デフォルトゾーン '{default_zone}' がインターフェース '{interface}' の接続 '{connection}' に対して " -+"{activated_deactivated} " - - #: ../src/firewall-applet.in:1042 - msgid "" - "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " - "interface '{interface}'" - msgstr "" --"ゾーン '{zone}' がインターフェース '{interface}' の接続 '{connection}' に対し" --"て {activated_deactivated}" -+"ゾーン '{zone}' がインターフェース '{interface}' の接続 '{connection}' に対して " -+"{activated_deactivated}" - - #: ../src/firewall-applet.in:1047 - msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" - msgstr "" --"インターフェース '{interface}' に対してゾーン '{zone}' を " --"{activated_deactivated} しました" -+"インターフェース '{interface}' に対してゾーン '{zone}' を {activated_deactivated} しました" - - #: ../src/firewall-applet.in:1070 - #, c-format -@@ -291,8 +285,7 @@ msgstr "ゾーン '%s' をインターフェース '%s' に対して有効化し - - #: ../src/firewall-applet.in:1087 - msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" --msgstr "" --"ゾーン '{zone}' を送信元 '{source}' に対して {activated_deactivated} しました" -+msgstr "ゾーン '{zone}' を送信元 '{source}' に対して {activated_deactivated} しました" - - #: ../src/firewall-applet.in:1111 - #, c-format -@@ -311,7 +304,7 @@ msgstr "firewalld への接続を試行しています。お待ちください.. - msgid "" - "Failed to connect to firewalld. Please make sure that the service has been " - "started correctly and try again." --msgstr "" -+msgstr "firewalldへの接続に失敗しました。サービスが正常に開始していることを確認して、再度接続を試行してください。" - - #: ../src/firewall-config.in:95 - msgid "Changes applied." -@@ -353,23 +346,23 @@ msgstr "ユーザー名" - - #: ../src/firewall-config.in:244 - msgid "User id" --msgstr "" -+msgstr "ユーザーID" - - #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 - msgid "Table" --msgstr "" -+msgstr "テーブル" - - #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 - msgid "Chain" --msgstr "" -+msgstr "チェイン" - - #: ../src/firewall-config.in:322 - msgid "Priority" --msgstr "" -+msgstr "優先度" - - #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 - msgid "Args" --msgstr "" -+msgstr "引数" - - #: ../src/firewall-config.in:401 ../src/firewall-config.in:2329 - msgid "Runtime" -@@ -451,7 +444,7 @@ msgstr "インターフェース" - - #: ../src/firewall-config.in:936 - msgid "Comment" --msgstr "" -+msgstr "コメント" - - #: ../src/firewall-config.in:955 ../src/firewall-config.glade.h:27 - msgid "Source" -@@ -662,12 +655,9 @@ msgstr "IPv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" --msgstr "" --"他のシステムへの転送は、インターフェースがマスカレードされている場合のみ有用" --"です。\n" -+msgstr "他のシステムへの転送は、インターフェースがマスカレードされている場合のみ有用です。\n" - "このゾーンをマスカレードしたいですか ?" - - #: ../src/firewall-config.in:5376 -@@ -692,16 +682,13 @@ msgstr "mask は数字で指定します。" - - #: ../src/firewall-config.in:5591 - msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." --msgstr "" --"IPv4 もしくは IPv6 アドレスを address[/mask] の形式で入力してください。" -+msgstr "IPv4 もしくは IPv6 アドレスを address[/mask] の形式で入力してください。" - - #: ../src/firewall-config.in:5592 - msgid "" - "The mask can be a network mask or a number for ipv4.\n" - "The mask is a number for ipv6." --msgstr "" --"mask は、IPv4 の場合ネットワークマスクが指定できます。IPv6 の場合には数字で指" --"定してください。" -+msgstr "mask は、IPv4 の場合ネットワークマスクが指定できます。IPv6 の場合には数字で指定してください。" - - #: ../src/firewall-config.in:5776 - msgid "Built-in ipset, rename not supported." -@@ -854,9 +841,7 @@ msgstr "送信先" - msgid "" - "If you enable local forwarding, you have to specify a port. This port has to " - "be different to the source port." --msgstr "" --"ローカル転送を有効にする場合、ポートを指定する必要があります。これはソース" --"ポートと異なる必要があります。" -+msgstr "ローカル転送を有効にする場合、ポートを指定する必要があります。これはソースポートと異なる必要があります。" - - #: ../src/firewall-config.glade.h:30 - msgid "Local forwarding" -@@ -964,9 +949,7 @@ msgid "" - "runtime configuration. i.e. all runtime only changes done until reload are " - "lost with reload if they have not been also in permanent configuration." - msgstr "" --"ファイアウォールルールを再読み込みします。現在の永続的な設定が新しい実行時の" --"設定になります。つまり、永続的な設定に存在しない、再読み込みするまでに行われ" --"た実行時の変更はすべて失われます。" -+"ファイアウォールルールを再読み込みします。現在の永続的な設定が新しい実行時の設定になります。つまり、永続的な設定に存在しない、再読み込みするまでに行われた実行時の変更はすべて失われます。" - - #: ../src/firewall-config.glade.h:60 - msgid "Change which zone a network connection belongs to." -@@ -1008,9 +991,7 @@ msgstr "パニックモード" - msgid "" - "Lockdown locks firewall configuration so that only applications on lockdown " - "whitelist are able to change it." --msgstr "" --"ロックダウンにより、ロックダウン・ホワイトリストにあるアプリケーションのみが" --"ファイアウォール設定を変更できるようにロックします。" -+msgstr "ロックダウンにより、ロックダウン・ホワイトリストにあるアプリケーションのみがファイアウォール設定を変更できるようにロックします。" - - #: ../src/firewall-config.glade.h:71 - msgid "Lockdown" -@@ -1058,7 +1039,7 @@ msgstr "ヘルプ(_H)" - - #: ../src/firewall-config.glade.h:82 - msgid "Change Zone" --msgstr "" -+msgstr "ゾーンの変更" - - #: ../src/firewall-config.glade.h:83 - msgid "Change zone of binding" -@@ -1067,16 +1048,12 @@ msgstr "バインディングのゾーンを変更" - #: ../src/firewall-config.glade.h:84 - msgid "" - "Hide active runtime bindings of connections, interfaces and sources to zones" --msgstr "" --"接続のアクティブなランタイムバインディング、インターフェースおよびソースを" --"ゾーンに対して非表示にします" -+msgstr "接続のアクティブなランタイムバインディング、インターフェースおよびソースをゾーンに対して非表示にします" - - #: ../src/firewall-config.glade.h:85 - msgid "" - "Show active runtime bindings of connections, interfaces and sources to zones" --msgstr "" --"接続のアクティブなランタイムバインディング、インターフェースおよびソースを" --"ゾーンに対して表示します" -+msgstr "接続のアクティブなランタイムバインディング、インターフェースおよびソースをゾーンに対して表示します" - - #: ../src/firewall-config.glade.h:86 - msgid "Configuration:" -@@ -1088,8 +1065,7 @@ msgid "" - "configuration. Permanent configuration will be active after service or " - "system reload or restart." - msgstr "" --"現在利用可能な設定。実行時の設定が実際に有効な設定です。永続的な設定は、サー" --"ビスまたはシステムが再読み込みまたは再起動した後、有効になります。" -+"現在利用可能な設定。実行時の設定が実際に有効な設定です。永続的な設定は、サービスまたはシステムが再読み込みまたは再起動した後、有効になります。" - - #: ../src/firewall-config.glade.h:88 - msgid "" -@@ -1099,11 +1075,9 @@ msgid "" - "filters and rich rules. The zone can be bound to interfaces and source " - "addresses." - msgstr "" --"firewalld ゾーンではゾーンに結び付けられているネットワーク接続、インター" --"フェースおよび送信元アドレスの信頼レベルを定義します。サービス、ポート、プロ" --"トコル、マスカレード、ポートとパケット転送、ICMP フィルター、高度なルールを組" --"み合わせます。ゾーンはインターフェースや送信元アドレスに結び付けることができ" --"ます。" -+"firewalld " -+"ゾーンではゾーンに結び付けられているネットワーク接続、インターフェースおよび送信元アドレスの信頼レベルを定義します。サービス、ポート、プロトコル、マスカレード、ポートとパケット転送、ICMP " -+"フィルター、高度なルールを組み合わせます。ゾーンはインターフェースや送信元アドレスに結び付けることができます。" - - #: ../src/firewall-config.glade.h:90 - msgid "Add Zone" -@@ -1127,9 +1101,7 @@ msgid "" - "are accessible from all hosts and networks that can reach the machine from " - "connections, interfaces and sources bound to this zone." - msgstr "" --"このゾーンで信頼できるサービスを定義することができます。このゾーンに結び付け" --"られている接続、インターフェース、送信元からこのマシンに到達できるホストや" --"ネットワークならいずれでも信頼できるサービスへのアクセスが可能になります。" -+"このゾーンで信頼できるサービスを定義することができます。このゾーンに結び付けられている接続、インターフェース、送信元からこのマシンに到達できるホストやネットワークならいずれでも信頼できるサービスへのアクセスが可能になります。" - - #: ../src/firewall-config.glade.h:95 - msgid "Services" -@@ -1139,9 +1111,7 @@ msgstr "サービス" - msgid "" - "Add additional ports or port ranges, which need to be accessible for all " - "hosts or networks that can connect to the machine." --msgstr "" --"このマシンに接続できるホストやネットワークがアクセスできなければならないポー" --"トまたはポート範囲を追加します。" -+msgstr "このマシンに接続できるホストやネットワークがアクセスできなければならないポートまたはポート範囲を追加します。" - - #: ../src/firewall-config.glade.h:97 - msgid "Add Port" -@@ -1161,9 +1131,7 @@ msgstr "ポート" - - #: ../src/firewall-config.glade.h:101 - msgid "Add protocols, which need to be accessible for all hosts or networks." --msgstr "" --"すべてのホストやネットワークがアクセスできなければならないプロトコルを追加し" --"ます。" -+msgstr "すべてのホストやネットワークがアクセスできなければならないプロトコルを追加します。" - - #: ../src/firewall-config.glade.h:102 - msgid "Add Protocol" -@@ -1185,9 +1153,7 @@ msgstr "プロトコル" - msgid "" - "Add additional source ports or port ranges, which need to be accessible for " - "all hosts or networks that can connect to the machine." --msgstr "" --"このマシンに接続できるすべてのホストやネットワークがアクセスできなければなら" --"ないソースポートまたはポート範囲を追加します。" -+msgstr "このマシンに接続できるすべてのホストやネットワークがアクセスできなければならないソースポートまたはポート範囲を追加します。" - - #: ../src/firewall-config.glade.h:107 - msgid "Source Ports" -@@ -1199,10 +1165,8 @@ msgid "" - "network to the internet. Your local network will not be visible and the " - "hosts appear as a single address on the internet. Masquerading is IPv4 only." - msgstr "" --"マスカレード機能を使用するとローカルネットワークをインターネットに繋げるルー" --"ターまたはホストをセットアップすることができます。ローカルネットワークはイン" --"ターネット上からは見えなくなり、インターネット上ではホストが 1 つのアドレスと" --"して表示されます。マスカレード機能は IPv4 限定です。" -+"マスカレード機能を使用するとローカルネットワークをインターネットに繋げるルーターまたはホストをセットアップすることができます。ローカルネットワークはインターネット上からは見えなくなり、インターネット上ではホストが " -+"1 つのアドレスとして表示されます。マスカレード機能は IPv4 限定です。" - - #: ../src/firewall-config.glade.h:109 - msgid "Masquerade zone" -@@ -1212,9 +1176,7 @@ msgstr "マスカレードゾーン" - msgid "" - "If you enable masquerading, IP forwarding will be enabled for your IPv4 " - "networks." --msgstr "" --"マスカレード機能を有効にすると、IPv4 ネットワークで IP フォワーディングが有効" --"になります。" -+msgstr "マスカレード機能を有効にすると、IPv4 ネットワークで IP フォワーディングが有効になります。" - - #: ../src/firewall-config.glade.h:111 - msgid "Masquerading" -@@ -1227,10 +1189,8 @@ msgid "" - "system is only useful if the interface is masqueraded. Port forwarding is " - "IPv4 only." - msgstr "" --"ローカルシステム上の任意のポートから別のポートへポート転送、ローカルシステム" --"から別のシステムへのポート転送を行うためのエントリーを追加します。別のシステ" --"ムへのポート転送についてはインターフェースがマスカレードされている場合にのみ" --"有効です。ポート転送は IPv4 限定です。" -+"ローカルシステム上の任意のポートから別のポートへポート転送、ローカルシステムから別のシステムへのポート転送を行うためのエントリーを追加します。別のシステムへのポート転送についてはインターフェースがマスカレードされている場合にのみ有効です。ポート転送は " -+"IPv4 限定です。" - - #: ../src/firewall-config.glade.h:113 - msgid "Add Forward Port" -@@ -1250,27 +1210,24 @@ msgid "" - "messages between networked computers, but additionally for informational " - "messages like ping requests and replies." - msgstr "" --"ICMP (Internet Control Message Protocol) は、主にネットワーク上の コンピュー" --"タ間でエラーメッセージを送信するのに使用されますが、更には ping の要求や応答" --"などの情報メッセージにも使用されます。" -+"ICMP (Internet Control Message Protocol) は、主にネットワーク上の " -+"コンピュータ間でエラーメッセージを送信するのに使用されますが、更には ping の要求や応答などの情報メッセージにも使用されます。" - - #: ../src/firewall-config.glade.h:117 - msgid "" - "Mark the ICMP types in the list, which should be rejected. All other ICMP " - "types are allowed to pass the firewall. The default is no limitation." - msgstr "" --"一覧内の拒否されるべき ICMP タイプをマークします。 その他すべての ICMP タイプ" --"はファイアーウォールの通過が許可されます。 デフォルトでは無制限になっていま" --"す。" -+"一覧内の拒否されるべき ICMP タイプをマークします。 その他すべての ICMP タイプはファイアーウォールの通過が許可されます。 " -+"デフォルトでは無制限になっています。" - - #: ../src/firewall-config.glade.h:118 - msgid "" - "If Invert Filter is enabled, marked ICMP entries are accepted and the others " - "are rejected. In a zone with the target DROP, they are dropped." - msgstr "" --"反転フィルターが有効にされている場合、マークされた ICMP エントリーは受け入れ" --"られ、それ以外は拒否されます。ターゲットが DROP のゾーンでは、それらは破棄さ" --"れます。" -+"反転フィルターが有効にされている場合、マークされた ICMP エントリーは受け入れられ、それ以外は拒否されます。ターゲットが DROP " -+"のゾーンでは、それらは破棄されます。" - - #: ../src/firewall-config.glade.h:119 - msgid "Invert Filter" -@@ -1305,8 +1262,7 @@ msgid "" - "Add entries to bind interfaces to the zone. If the interface will be used by " - "a connection, the zone will be set to the zone specified in the connection." - msgstr "" --"インターフェースをゾーンに割り当てるための項目を追加します。インターフェース" --"が接続により使用される場合、ゾーンが接続で指定されたゾーンが設定されます。" -+"インターフェースをゾーンに割り当てるための項目を追加します。インターフェースが接続により使用される場合、ゾーンが接続で指定されたゾーンが設定されます。" - - #: ../src/firewall-config.glade.h:127 - msgid "Add Interface" -@@ -1326,10 +1282,9 @@ msgid "" - "to a MAC source address, but with limitations. Port forwarding and " - "masquerading will not work for MAC source bindings." - msgstr "" --"ゾーンに送信元アドレスもしくはエリアをバインドするためにエントリーを追加しま" --"す。送信元の MAC アドレスをバインドすることもできます。しかし、その場合に制約" --"があります。ポートフォアーディングおよびマスカレーディングには、送信元 MAC ア" --"ドレスのバインディングは機能しません。" -+"ゾーンに送信元アドレスもしくはエリアをバインドするためにエントリーを追加します。送信元の MAC " -+"アドレスをバインドすることもできます。しかし、その場合に制約があります。ポートフォアーディングおよびマスカレーディングには、送信元 MAC " -+"アドレスのバインディングは機能しません。" - - #: ../src/firewall-config.glade.h:132 - msgid "Add Source" -@@ -1351,9 +1306,7 @@ msgstr "ゾーン" - msgid "" - "A firewalld service is a combination of ports, protocols, modules and " - "destination addresses." --msgstr "" --"firewalld サービスとはポートやプロトコル、モジュール、送信先アドレスなどの組" --"み合わせを指します。" -+msgstr "firewalld サービスとはポートやプロトコル、モジュール、送信先アドレスなどの組み合わせを指します。" - - #: ../src/firewall-config.glade.h:139 - msgid "Add Service" -@@ -1375,9 +1328,7 @@ msgstr "サービスの標準の読み込み" - msgid "" - "Add additional ports or port ranges, which need to be accessible for all " - "hosts or networks." --msgstr "" --"すべてのホストやネットワークからアクセスできることが必要な追加のポートか、" --"ポートの範囲を追加します。" -+msgstr "すべてのホストやネットワークからアクセスできることが必要な追加のポートか、ポートの範囲を追加します。" - - #: ../src/firewall-config.glade.h:144 - msgid "Edit Entry" -@@ -1391,9 +1342,7 @@ msgstr "エントリーの削除" - msgid "" - "Add additional source ports or port ranges, which need to be accessible for " - "all hosts or networks." --msgstr "" --"すべてのホストやネットワークがアクセスできなければならないソースポートまたは" --"ポート範囲を追加します。" -+msgstr "すべてのホストやネットワークがアクセスできなければならないソースポートまたはポート範囲を追加します。" - - #: ../src/firewall-config.glade.h:147 - msgid "Source Port" -@@ -1412,9 +1361,7 @@ msgid "" - "If you specify destination addresses, the service entry will be limited to " - "the destination address and type. If both entries are empty, there is no " - "limitation." --msgstr "" --"送信先アドレスを指定すると、サービスの項目が送信先アドレスとタイプに制限され" --"ます。どちらの項目も空の場合、制限がありません。" -+msgstr "送信先アドレスを指定すると、サービスの項目が送信先アドレスとタイプに制限されます。どちらの項目も空の場合、制限がありません。" - - #: ../src/firewall-config.glade.h:151 - msgid "IPv4:" -@@ -1428,17 +1375,13 @@ msgstr "IPv6:" - msgid "" - "Services can only be changed in the permanent configuration view. The " - "runtime configuration of services is fixed." --msgstr "" --"サービスは永続的な設定の表示画面だけで変更できます。サービスの実行時の設定が" --"変更されます。" -+msgstr "サービスは永続的な設定の表示画面だけで変更できます。サービスの実行時の設定が変更されます。" - - #: ../src/firewall-config.glade.h:154 - msgid "" - "An IPSet can be used to create white or black lists and is able to store for " - "example IP addresses, port numbers or MAC addresses. " --msgstr "" --"IPSet はホワイトリストもしくはブラックリストを作成でき、その中に、IPアドレス" --"やポート番号、MAC アドレスの情報を格納できます。" -+msgstr "IPSet はホワイトリストもしくはブラックリストを作成でき、その中に、IPアドレスやポート番号、MAC アドレスの情報を格納できます。" - - #: ../src/firewall-config.glade.h:155 - msgid "IPSet" -@@ -1467,17 +1410,16 @@ msgid "" - "added by firewalld. Entries, that have been directly added with the ipset " - "command wil not be listed here." - msgstr "" --"IPSet エントリーの一覧では、タイムアウトオプションを使用していない IPSet のエ" --"ントリー、firewalld によって追加されたエントリーのみを確認することができま" --"す。ipset コマンドを直接実行して追加したエントリーは表示されません。" -+"IPSet エントリーの一覧では、タイムアウトオプションを使用していない IPSet のエントリー、firewalld " -+"によって追加されたエントリーのみを確認することができます。ipset コマンドを直接実行して追加したエントリーは表示されません。" - - #: ../src/firewall-config.glade.h:161 - msgid "" - "This IPSet uses the timeout option, therefore no entries are visible here. " - "The entries should be taken care directly with the ipset command." - msgstr "" --"この IPSet はタイムアウトオプションを使っています。従って、ここにはエントリー" --"が表示されません。エントリーは ipset コマンドを直接実行する必要があります。" -+"この IPSet はタイムアウトオプションを使っています。従って、ここにはエントリーが表示されません。エントリーは ipset " -+"コマンドを直接実行する必要があります。" - - #: ../src/firewall-config.glade.h:162 - msgid "Add" -@@ -1497,8 +1439,8 @@ msgid "" - "A firewalld icmptype provides the information for an Internet Control " - "Message Protocol (ICMP) type for firewalld." - msgstr "" --"firewalld の ICMP タイプは firewalld 用の Internet Control Message Protocol " --"(ICMP) タイプの情報を提供します。" -+"firewalld の ICMP タイプは firewalld 用の Internet Control Message Protocol (ICMP) " -+"タイプの情報を提供します。" - - #: ../src/firewall-config.glade.h:167 - msgid "Add ICMP Type" -@@ -1518,16 +1460,13 @@ msgstr "ICMP タイプの初期値の読み込み" - - #: ../src/firewall-config.glade.h:171 - msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." --msgstr "" --"この ICMP タイプが IPv4 と IPv6 に対して利用可能であるかどうかを指定します。" -+msgstr "この ICMP タイプが IPv4 と IPv6 に対して利用可能であるかどうかを指定します。" - - #: ../src/firewall-config.glade.h:172 - msgid "" - "ICMP Types can only be changed in the permanent configuration view. The " - "runtime configuration of ICMP Types is fixed." --msgstr "" --"ICMP タイプは永続的な設定の表示画面だけで変更できます。ICMP タイプの実行時の" --"設定は変更されます。" -+msgstr "ICMP タイプは永続的な設定の表示画面だけで変更できます。ICMP タイプの実行時の設定は変更されます。" - - #: ../src/firewall-config.glade.h:173 - msgid "" -@@ -1536,16 +1475,11 @@ msgid "" - "are using ports that are unrelated to the signaling connection and are " - "therefore blocked by the firewall without the helper." - msgstr "" --"コネクショントラッキングヘルパーは、シグナルとデータ転送との異なるフローで利" --"用されるプロトコルが動作するよう支援します。データ転送は、シグナル接続と無関" --"係なポートを利用するため、ヘルパーがないとファイアウォールによってブロックさ" --"れてしまいます。" -+"コネクショントラッキングヘルパーは、シグナルとデータ転送との異なるフローで利用されるプロトコルが動作するよう支援します。データ転送は、シグナル接続と無関係なポートを利用するため、ヘルパーがないとファイアウォールによってブロックされてしまいます。" - - #: ../src/firewall-config.glade.h:174 - msgid "Define ports or port ranges, which are monitored by the helper." --msgstr "" --"ポートもしくはポートの範囲を定義し、それをヘルパーによってモニタリングされま" --"す。" -+msgstr "ポートもしくはポートの範囲を定義し、それをヘルパーによってモニタリングされます。" - - #: ../src/firewall-config.glade.h:175 - msgid "" -@@ -1554,11 +1488,8 @@ msgid "" - "commands, parameters and targets. Direct configuration should be used only " - "as a last resort when it is not possible to use other firewalld features." - msgstr "" --"ダイレクト設定により、ファイアウォールにより直接アクセスできます。これらのオ" --"プションは、ユーザーが iptables の基本的な概念、つまりテーブル、チェイン、コ" --"マンド、パラメーター、ターゲットに関する知識を有していることを前提にしていま" --"す。ダイレクト設定は、他のファイアウォール機能を使用できない場合に、最終手段" --"としてのみ使用すべきです。" -+"ダイレクト設定により、ファイアウォールにより直接アクセスできます。これらのオプションは、ユーザーが iptables " -+"の基本的な概念、つまりテーブル、チェイン、コマンド、パラメーター、ターゲットに関する知識を有していることを前提にしています。ダイレクト設定は、他のファイアウォール機能を使用できない場合に、最終手段としてのみ使用すべきです。" - - #: ../src/firewall-config.glade.h:176 - msgid "" -@@ -1566,9 +1497,9 @@ msgid "" - "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " - "bridges (ebtables)." - msgstr "" --"各オプションの ipv 引数は ipv4, ipv6, eb のどれかである必要があります。ipv4 " --"を指定すると、iptables が使用されます。ipv6 を指定すると、ip6tables が使用さ" --"れます。eb を指定すると、イーサネットブリッジ (ebtables) が使用されます。" -+"各オプションの ipv 引数は ipv4, ipv6, eb のどれかである必要があります。ipv4 を指定すると、iptables " -+"が使用されます。ipv6 を指定すると、ip6tables が使用されます。eb を指定すると、イーサネットブリッジ (ebtables) " -+"が使用されます。" - - #: ../src/firewall-config.glade.h:177 - msgid "Additional chains for use with rules." -@@ -1593,9 +1524,7 @@ msgstr "チェイン" - #: ../src/firewall-config.glade.h:182 - msgid "" - "Add a rule with the arguments args to a chain in a table with a priority." --msgstr "" --"ルールを args 引数とともに、テーブルにあるチェインに優先度を付けて追加しま" --"す。" -+msgstr "ルールを args 引数とともに、テーブルにあるチェインに優先度を付けて追加します。" - - #: ../src/firewall-config.glade.h:183 - msgid "" -@@ -1606,11 +1535,8 @@ msgid "" - "after another one, use a low priority for the first and a higher for the " - "following." - msgstr "" --"優先度はルールの順序をつけるために使用されます。優先度 0 はルールをチェインの" --"最初に追加します。より高い優先度を持つルールがさらに下に追加されます。同じ優" --"先度を持つルールは同じレベルになります。これらのルールの順序は固定されず、変" --"更されるかもしれません。ルールを確実に他のルールの後ろに追加したい場合、最初" --"に低い優先度を使用し、次により高い優先度を使用します。" -+"優先度はルールの順序をつけるために使用されます。優先度 0 " -+"はルールをチェインの最初に追加します。より高い優先度を持つルールがさらに下に追加されます。同じ優先度を持つルールは同じレベルになります。これらのルールの順序は固定されず、変更されるかもしれません。ルールを確実に他のルールの後ろに追加したい場合、最初に低い優先度を使用し、次により高い優先度を使用します。" - - #: ../src/firewall-config.glade.h:184 - msgid "Add Rule" -@@ -1634,15 +1560,12 @@ msgid "" - "not placed in special chains. All iptables, ip6tables and ebtables options " - "can be used." - msgstr "" --"パススルールールは直接ファイアウォールに渡されるルールです。特別なチェインに" --"置かれません。iptables, ip6tables, ebtables のすべてのオプションが使用できま" --"す。" -+"パススルールールは直接ファイアウォールに渡されるルールです。特別なチェインに置かれません。iptables, ip6tables, ebtables " -+"のすべてのオプションが使用できます。" - - #: ../src/firewall-config.glade.h:189 - msgid "Please be careful with passthrough rules to not damage the firewall." --msgstr "" --"パススルールールを追加する場合、ファイアウォールを壊さないよう注意してくださ" --"い。" -+msgstr "パススルールールを追加する場合、ファイアウォールを壊さないよう注意してください。" - - #: ../src/firewall-config.glade.h:190 - msgid "Add Passthrough" -@@ -1666,10 +1589,9 @@ msgid "" - "firewalld. It limits changes to the firewall. The lockdown whitelist can " - "contain commands, contexts, users and user ids." - msgstr "" --"ロックダウン機能はユーザーとアプリケーションのポリシーの firewalld 向け軽量" --"バージョンです。これにより、ファイアウォールへの変更が制限されます。ロックダ" --"ウン・ホワイトリストは、コマンド、コンテキスト、ユーザーおよびユーザー ID を" --"含められます。" -+"ロックダウン機能はユーザーとアプリケーションのポリシーの firewalld " -+"向け軽量バージョンです。これにより、ファイアウォールへの変更が制限されます。ロックダウン・ホワイトリストは、コマンド、コンテキスト、ユーザーおよびユーザー " -+"ID を含められます。" - - #: ../src/firewall-config.glade.h:195 - msgid "" -@@ -1677,9 +1599,8 @@ msgid "" - "service. To get the context of a running application use ps -e --" - "context." - msgstr "" --"コンテキストは実行中のアプリケーションやサービスのセキュリティーコンテキスト" --"(SELinux コンテキスト)です。実行中のアプリケーションのコンテキストを確認する" --"には、ps -e --contextコマンドを使用します。" -+"コンテキストは実行中のアプリケーションやサービスのセキュリティーコンテキスト(SELinux " -+"コンテキスト)です。実行中のアプリケーションのコンテキストを確認するには、ps -e --contextコマンドを使用します。" - - #: ../src/firewall-config.glade.h:196 - msgid "Add Context" -@@ -1703,9 +1624,8 @@ msgid "" - "command lines starting with the command will match. If the '*' is not there " - "the absolute command inclusive arguments must match." - msgstr "" --"ホワイトリストのコマンドがアスタリスク '*' で終わっている場合、そのコマンドか" --"ら始まるすべてのコマンドラインに一致します。もし '*' がなければ、引数を含め、" --"コマンドが完全に一致する必要があります。" -+"ホワイトリストのコマンドがアスタリスク '*' で終わっている場合、そのコマンドから始まるすべてのコマンドラインに一致します。もし '*' " -+"がなければ、引数を含め、コマンドが完全に一致する必要があります。" - - #: ../src/firewall-config.glade.h:201 - msgid "Add Command Line" -@@ -1795,7 +1715,7 @@ msgstr "標準ゾーン:" - - #: ../src/firewall-config.glade.h:222 - msgid "Please enter an interface name:" --msgstr "" -+msgstr "インターフェース名を入力してください:" - - #: ../src/firewall-config.glade.h:223 - msgid "Base IPSet Settings" -@@ -1839,7 +1759,7 @@ msgstr "IPSet を選択してください:" - - #: ../src/firewall-config.glade.h:234 - msgid "Please enter an ipset entry:" --msgstr "" -+msgstr "IPSetエントリーを入力してください:" - - #: ../src/firewall-config.glade.h:235 - msgid "Log Denied" -@@ -1919,9 +1839,7 @@ msgstr "高度なルールを入力してください。" - - #: ../src/firewall-config.glade.h:255 - msgid "For host or network white or blacklisting deactivate the element." --msgstr "" --"ホワイトリストまたはブラックリストにより、ホストまたはネットワークに対して要" --"素を非アクティブ化します。" -+msgstr "ホワイトリストまたはブラックリストにより、ホストまたはネットワークに対して要素を非アクティブ化します。" - - #: ../src/firewall-config.glade.h:256 - msgid "Source:" -@@ -1949,11 +1867,11 @@ msgstr "反転" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" --"これを有効にするには、アクションを 'reject' にし、ファミリーを 'ipv4' または " --"'ipv6' のいずれか (両方ではない) にする必要があります。" -+"これを有効にするには、アクションを 'reject' にし、ファミリーを 'ipv4' または 'ipv6' のいずれか (両方ではない) " -+"にする必要があります。" - - #: ../src/firewall-config.glade.h:267 - msgid "with Type:" -@@ -1997,7 +1915,7 @@ msgstr "サービスを選択してください。" - - #: ../src/firewall-config.glade.h:297 - msgid "Please enter a source." --msgstr "" -+msgstr "ソースを入力してください。" - - #: ../src/firewall-config.glade.h:298 - msgid "User ID" -diff --git a/po/ka.po b/po/ka.po -index 9d6f53f668a4..63dd40ce3485 100644 ---- a/po/ka.po -+++ b/po/ka.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # George Machitidze , 2013 - # Thomas Woerner , 2016. #zanata -@@ -10,14 +10,14 @@ msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=UTF-8\n" -+"Content-Transfer-Encoding: 8bit\n" - "PO-Revision-Date: 2016-01-04 12:24+0000\n" - "Last-Translator: Copied by Zanata \n" - "Language-Team: Georgian (http://www.transifex.com/projects/p/firewalld/" - "language/ka/)\n" - "Language: ka\n" --"MIME-Version: 1.0\n" --"Content-Type: text/plain; charset=UTF-8\n" --"Content-Transfer-Encoding: 8bit\n" - "Plural-Forms: nplurals=1; plural=0;\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -198,7 +198,8 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" - - #: ../src/firewall-applet.in:892 -@@ -635,8 +636,7 @@ msgstr "" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" - -@@ -1804,8 +1804,8 @@ msgstr "" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" - - #: ../src/firewall-config.glade.h:267 -diff --git a/po/kn.po b/po/kn.po -index bd0e89996c75..a9cd9097f51a 100644 ---- a/po/kn.po -+++ b/po/kn.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # shanky , 2014 - # shankar , 2006 -@@ -14,14 +14,14 @@ msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" --"PO-Revision-Date: 2015-02-26 02:59+0000\n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=UTF-8\n" -+"Content-Transfer-Encoding: 8bit\n" -+"PO-Revision-Date: 2015-02-26 09:59+0000\n" - "Last-Translator: Copied by Zanata \n" - "Language-Team: Kannada (http://www.transifex.com/projects/p/firewalld/" - "language/kn/)\n" - "Language: kn\n" --"MIME-Version: 1.0\n" --"Content-Type: text/plain; charset=UTF-8\n" --"Content-Transfer-Encoding: 8bit\n" - "Plural-Forms: nplurals=1; plural=0;\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -81,8 +81,9 @@ msgid "" - "This feature is useful for people using the default zones mostly. For users, " - "that are changing zones of connections, it might be of limited use." - msgstr "" --"ಈ ಸೌಲಭ್ಯವು ಹೆಚ್ಚು ಪೂರ್ವನಿಯೋಜಿತವಾದ ವಲಯಗಳನ್ನು ಬಳಸುವ ಜನರಿಗೆ ಪ್ರಯೋಜನವಾಗುತ್ತದೆ. ವಲಯಗಳ " --"ಸಂಪರ್ಕಗಳನ್ನು ಬದಲಾಯಿಸುವ ಬಳಕೆದಾರರಿಗೆ, ಇದು ಬಹುಷಃ ನಿಯಮಿತವಾದ ಉಪಯೋಗವನ್ನು ಒದಗಿಸಬಹುದು." -+"ಈ ಸೌಲಭ್ಯವು ಹೆಚ್ಚು ಪೂರ್ವನಿಯೋಜಿತವಾದ ವಲಯಗಳನ್ನು ಬಳಸುವ ಜನರಿಗೆ ಪ್ರಯೋಜನವಾಗುತ್ತದೆ. " -+"ವಲಯಗಳ ಸಂಪರ್ಕಗಳನ್ನು ಬದಲಾಯಿಸುವ ಬಳಕೆದಾರರಿಗೆ, ಇದು ಬಹುಷಃ ನಿಯಮಿತವಾದ ಉಪಯೋಗವನ್ನು " -+"ಒದಗಿಸಬಹುದು." - - #: ../src/firewall-applet.in:235 - msgid "Shields Up Zone:" -@@ -204,7 +205,8 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" - "'{interface}' ಸಂಪರ್ಕಸಾಧನದಲ್ಲಿನ '{connection}' ಸಂಪರ್ಕಕ್ಕಾಗಿನ '{zone}' ವಲಯವು " - "ಸಕ್ರಿಯವಾಗಿದೆ" -@@ -261,8 +263,8 @@ msgid "" - "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " - "interface '{interface}'" - msgstr "" --"'{interface}' ಸಂಪರ್ಕಸಾಧನದಲ್ಲಿನ '{connection}' ಸಂಪರ್ಕಕ್ಕಾಗಿನ " --"'{zone}' {activated_deactivated} ವಲಯ" -+"'{interface}' ಸಂಪರ್ಕಸಾಧನದಲ್ಲಿನ '{connection}' ಸಂಪರ್ಕಕ್ಕಾಗಿನ '{zone}' " -+"{activated_deactivated} ವಲಯ" - - #: ../src/firewall-applet.in:1047 - msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" -@@ -645,12 +647,11 @@ msgstr "ipv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" --"ಸಂಪರ್ಕಸಾಧನವನ್ನು ಛದ್ಮವೇಶಗೊಳಿಸದಲ್ಲಿ ಮಾತ್ರ ಇನ್ನೊಂದು ವ್ಯವಸ್ಥೆಗೆ ಫಾರ್ವಾರ್ಡ್ ಮಾಡುವುದು " --"ಉಪಯೋಗಕ್ಕೆ ಬರುತ್ತದೆ.\n" -+"ಸಂಪರ್ಕಸಾಧನವನ್ನು ಛದ್ಮವೇಶಗೊಳಿಸದಲ್ಲಿ ಮಾತ್ರ ಇನ್ನೊಂದು ವ್ಯವಸ್ಥೆಗೆ ಫಾರ್ವಾರ್ಡ್ " -+"ಮಾಡುವುದು ಉಪಯೋಗಕ್ಕೆ ಬರುತ್ತದೆ.\n" - "ನೀವು ಈ ವಲಯವನ್ನು ಛದ್ಮವೇಶಗೊಳಿಸಲು ಬಯಸುವಿರಾ?" - - #: ../src/firewall-config.in:5376 -@@ -812,7 +813,8 @@ msgstr "ಸಂಪರ್ಕ ಸ್ಥಾನ ಫಾರ್ವಾರ್ಡಿಂಗ - #: ../src/firewall-config.glade.h:23 - msgid "" - "Please select the source and destination options according to your needs." --msgstr "ನಿಮ್ಮ ಅಗತ್ಯಗಳಿಗನುಗುಣವಾಗಿ ದಯವಿಟ್ಟು ಮೂಲ ಹಾಗು ಉದ್ದಿಷ್ಟ ಸ್ಥಳದ ಆಯ್ಕೆಗಳನ್ನು ಆರಿಸಿ." -+msgstr "" -+"ನಿಮ್ಮ ಅಗತ್ಯಗಳಿಗನುಗುಣವಾಗಿ ದಯವಿಟ್ಟು ಮೂಲ ಹಾಗು ಉದ್ದಿಷ್ಟ ಸ್ಥಳದ ಆಯ್ಕೆಗಳನ್ನು ಆರಿಸಿ." - - #: ../src/firewall-config.glade.h:24 - msgid "Port / Port Range:" -@@ -835,8 +837,8 @@ msgid "" - "If you enable local forwarding, you have to specify a port. This port has to " - "be different to the source port." - msgstr "" --"ನೀವು ಸ್ಥಳೀಯ ಫಾರ್ವಾಡಿಂಗ್ ಅನ್ನು ಶಕ್ತಗೊಳಿಸಿದಲ್ಲಿ, ನೀವು ಒಂದು ಸಂಪರ್ಕಸ್ಥಾನವನ್ನು ಸೂಚಿಸಬೇಕು. " --"ಈ ಸಂಪರ್ಕಸ್ಥಾನವು ಮೂಲ ಸಂಪರ್ಕಸ್ಥಾನಕ್ಕೆ ಪ್ರತ್ಯೇಕವಾಗಿರಬೇಕು." -+"ನೀವು ಸ್ಥಳೀಯ ಫಾರ್ವಾಡಿಂಗ್ ಅನ್ನು ಶಕ್ತಗೊಳಿಸಿದಲ್ಲಿ, ನೀವು ಒಂದು ಸಂಪರ್ಕಸ್ಥಾನವನ್ನು " -+"ಸೂಚಿಸಬೇಕು. ಈ ಸಂಪರ್ಕಸ್ಥಾನವು ಮೂಲ ಸಂಪರ್ಕಸ್ಥಾನಕ್ಕೆ ಪ್ರತ್ಯೇಕವಾಗಿರಬೇಕು." - - #: ../src/firewall-config.glade.h:30 - msgid "Local forwarding" -@@ -944,10 +946,10 @@ msgid "" - "runtime configuration. i.e. all runtime only changes done until reload are " - "lost with reload if they have not been also in permanent configuration." - msgstr "" --"ಫೈರ್ವಾಲ್ ನಿಯಮಗಳನ್ನು ಮರಳಿ ಲೋಡ್ ಮಾಡುತ್ತದೆ. ಪ್ರಸಕ್ತ ಶಾಶ್ವತ ಸಂರಚನೆಯು ಹೊಸ ಚಾಲನಾ ಸಮಯದ " --"ಸಂರಚನೆಯಾಗುತ್ತದೆ. ಅಂದರೆ, ಎಲ್ಲಾ ಚಾಲನಾಸಮಯದ ಮಾತ್ರದ ಬದಲಾವಣೆಗಳು ಶಾಶ್ವತ ಸಂರಚನೆಯಲ್ಲಿ ಇರದೆ " --"ಇದ್ದರೂ ಸಹ ಅವುಗಳನ್ನು ಮರಳಿ ಲೋಡ್ ಆಗುವವರೆಗೆ ಮಾಡಲಾಗುತ್ತದೆ, ಮತ್ತು ಅವುಗಳು ಮರಳಿ ಲೋಡ್ " --"ಮಾಡಿದಾಗ ಇಲ್ಲವಾಗುತ್ತದೆ." -+"ಫೈರ್ವಾಲ್ ನಿಯಮಗಳನ್ನು ಮರಳಿ ಲೋಡ್ ಮಾಡುತ್ತದೆ. ಪ್ರಸಕ್ತ ಶಾಶ್ವತ ಸಂರಚನೆಯು ಹೊಸ ಚಾಲನಾ " -+"ಸಮಯದ ಸಂರಚನೆಯಾಗುತ್ತದೆ. ಅಂದರೆ, ಎಲ್ಲಾ ಚಾಲನಾಸಮಯದ ಮಾತ್ರದ ಬದಲಾವಣೆಗಳು ಶಾಶ್ವತ " -+"ಸಂರಚನೆಯಲ್ಲಿ ಇರದೆ ಇದ್ದರೂ ಸಹ ಅವುಗಳನ್ನು ಮರಳಿ ಲೋಡ್ ಆಗುವವರೆಗೆ ಮಾಡಲಾಗುತ್ತದೆ, ಮತ್ತು " -+"ಅವುಗಳು ಮರಳಿ ಲೋಡ್ ಮಾಡಿದಾಗ ಇಲ್ಲವಾಗುತ್ತದೆ." - - #: ../src/firewall-config.glade.h:60 - msgid "Change which zone a network connection belongs to." -@@ -980,8 +982,8 @@ msgstr "" - #: ../src/firewall-config.glade.h:68 - msgid "Panic mode means that all incoming and outgoing packets are dropped." - msgstr "" --"ಪ್ಯಾನಿಕ್ ಸ್ಥಿತಿ ಎಂದರೆ ಎಲ್ಲಾ ಒಳಬರುವ ಮತ್ತು ಹೊರಹೋಗುವ ಪ್ಯಾಕೆಟ್‌ಗಳನ್ನು ಬಿಟ್ಟುಬಿಡಲಾಗುತ್ತದೆ " --"ಎಂದರ್ಥ." -+"ಪ್ಯಾನಿಕ್ ಸ್ಥಿತಿ ಎಂದರೆ ಎಲ್ಲಾ ಒಳಬರುವ ಮತ್ತು ಹೊರಹೋಗುವ ಪ್ಯಾಕೆಟ್‌ಗಳನ್ನು " -+"ಬಿಟ್ಟುಬಿಡಲಾಗುತ್ತದೆ ಎಂದರ್ಥ." - - #: ../src/firewall-config.glade.h:69 - msgid "Panic Mode" -@@ -992,8 +994,8 @@ msgid "" - "Lockdown locks firewall configuration so that only applications on lockdown " - "whitelist are able to change it." - msgstr "" --"ಕೇವಲ ಲಾಕ್‌ಡೌನ್ ವೈಟ್‌ಲಿಸ್ಟಿನಲ್ಲಿನ ಅನ್ವಯಗಳು ಮಾತ್ರ ಬದಲಾಯಿಸಲು ಅವಕಾಶ ಇರುವಂತೆ ಫೈರ್ವಾಲ್ " --"ಸಂರಚನೆಯನ್ನು ಲಾಕ್‌ಡೌನ್ ಲಾಕ್ ಮಾಡುತ್ತದೆ." -+"ಕೇವಲ ಲಾಕ್‌ಡೌನ್ ವೈಟ್‌ಲಿಸ್ಟಿನಲ್ಲಿನ ಅನ್ವಯಗಳು ಮಾತ್ರ ಬದಲಾಯಿಸಲು ಅವಕಾಶ ಇರುವಂತೆ " -+"ಫೈರ್ವಾಲ್ ಸಂರಚನೆಯನ್ನು ಲಾಕ್‌ಡೌನ್ ಲಾಕ್ ಮಾಡುತ್ತದೆ." - - #: ../src/firewall-config.glade.h:71 - msgid "Lockdown" -@@ -1067,9 +1069,9 @@ msgid "" - "configuration. Permanent configuration will be active after service or " - "system reload or restart." - msgstr "" --"ಪ್ರಸಕ್ತ ಗೋಚರಿಸುವ ಸಂರಚನೆ. ಚಾಲನಾಸಮಯದ ಸಂರಚನೆಯು ನಿಜವಾದ ಸಕ್ರಿಯ ಸಂರಚನೆಯಾಗಿದೆ. ಶಾಶ್ವತ " --"ಸಂರಚನೆಯು ಸೇವೆ ಅಥವ ವ್ಯವಸ್ಥೆಯನ್ನು ಮರಳಿ ಲೋಡ್ ಮಾಡುವಿಕೆ ಅಥವ ಮರಳಿ ಆರಂಭಿಸುವಿಕೆಯ ನಂತರ " --"ಸಕ್ರಿಯವಾಗುತ್ತದೆ." -+"ಪ್ರಸಕ್ತ ಗೋಚರಿಸುವ ಸಂರಚನೆ. ಚಾಲನಾಸಮಯದ ಸಂರಚನೆಯು ನಿಜವಾದ ಸಕ್ರಿಯ ಸಂರಚನೆಯಾಗಿದೆ. " -+"ಶಾಶ್ವತ ಸಂರಚನೆಯು ಸೇವೆ ಅಥವ ವ್ಯವಸ್ಥೆಯನ್ನು ಮರಳಿ ಲೋಡ್ ಮಾಡುವಿಕೆ ಅಥವ ಮರಳಿ " -+"ಆರಂಭಿಸುವಿಕೆಯ ನಂತರ ಸಕ್ರಿಯವಾಗುತ್ತದೆ." - - #: ../src/firewall-config.glade.h:88 - msgid "" -@@ -1079,11 +1081,11 @@ msgid "" - "filters and rich rules. The zone can be bound to interfaces and source " - "addresses." - msgstr "" --"ಒಂದು firewalld ವಲಯವು, ವಲಯಕ್ಕೆ ಬರುವ ಜಾಲಬಂಧ ಸಂಪರ್ಕಗಳು, ಸಂಪರ್ಕಸಾಧನಗಳು (ಇಂಟರ್ಫೇಸಸ್) " --"ಮತ್ತು ಆಕರ ವಿಳಾಸಗಳಿಗಾಗಿನ ನಂಬಿಕೆಯ ಮಟ್ಟವನ್ನು ವಿವರಿಸುತ್ತದೆ. ವಲಯವು ಸೇವೆಗಳು, " --"ಸಂಪರ್ಕಸ್ಥಾನಗಳು, ಪ್ರೊಟೊಕಾಲ್‌ಗಳು, ಛದ್ಮವೇಶಗೊಳಿಕೆ, ಸಂಪರ್ಕಸ್ಥಾನ/ಪ್ಯಾಕೆಟ್ ಫಾರ್ವಾರ್ಡಿಂಗ್, icmp " --"ಫಿಲ್ಟರುಗಳು ಮತ್ತು ಸಮೃದ್ಧ ನಿಯಮಗಳನ್ನು ಹೊಂದಿರುತ್ತದೆ. ವಲಯವು ಸಂಪರ್ಕಸಾಧನಗಳು ಮತ್ತು ಆಕರ " --"ವಿಳಾಸಗಳಿಗೆ ಬದ್ಧವಾಗಿರಬಹುದು." -+"ಒಂದು firewalld ವಲಯವು, ವಲಯಕ್ಕೆ ಬರುವ ಜಾಲಬಂಧ ಸಂಪರ್ಕಗಳು, ಸಂಪರ್ಕಸಾಧನಗಳು " -+"(ಇಂಟರ್ಫೇಸಸ್) ಮತ್ತು ಆಕರ ವಿಳಾಸಗಳಿಗಾಗಿನ ನಂಬಿಕೆಯ ಮಟ್ಟವನ್ನು ವಿವರಿಸುತ್ತದೆ. ವಲಯವು " -+"ಸೇವೆಗಳು, ಸಂಪರ್ಕಸ್ಥಾನಗಳು, ಪ್ರೊಟೊಕಾಲ್‌ಗಳು, ಛದ್ಮವೇಶಗೊಳಿಕೆ, ಸಂಪರ್ಕಸ್ಥಾನ/ಪ್ಯಾಕೆಟ್ " -+"ಫಾರ್ವಾರ್ಡಿಂಗ್, icmp ಫಿಲ್ಟರುಗಳು ಮತ್ತು ಸಮೃದ್ಧ ನಿಯಮಗಳನ್ನು ಹೊಂದಿರುತ್ತದೆ. ವಲಯವು " -+"ಸಂಪರ್ಕಸಾಧನಗಳು ಮತ್ತು ಆಕರ ವಿಳಾಸಗಳಿಗೆ ಬದ್ಧವಾಗಿರಬಹುದು." - - #: ../src/firewall-config.glade.h:90 - msgid "Add Zone" -@@ -1107,9 +1109,9 @@ msgid "" - "are accessible from all hosts and networks that can reach the machine from " - "connections, interfaces and sources bound to this zone." - msgstr "" --"ಯಾವ ಸೇವೆಗಳು ನಂಬಿಕಸ್ತ ಎಂದು ಇಲ್ಲಿ ನೀವು ಸೂಚಿಸಬಹುದು. ನಂಬಿಕಸ್ತ ಸೇವೆಗಳನ್ನು ಈ ವಲಯಕ್ಕೆ " --"ಬರುವ ಸಂಪರ್ಕಗಳು, ಸಂಪರ್ಕಸಾಧನಗಳು (ಇಂಟರ್ಫೇಸಸ್) ಮತ್ತು ಆಕರಗಳಿಂದ ತಲುಪುವ ಎಲ್ಲಾ ಅತಿಥೇಯಗಳಿಂದ " --"ಹಾಗು ಜಾಲಬಂಧಗಳಿಂದ ನಿಲುಕಿಸಿಕೊಳ್ಳಬಹುದಾಗಿರುತ್ತವೆ." -+"ಯಾವ ಸೇವೆಗಳು ನಂಬಿಕಸ್ತ ಎಂದು ಇಲ್ಲಿ ನೀವು ಸೂಚಿಸಬಹುದು. ನಂಬಿಕಸ್ತ ಸೇವೆಗಳನ್ನು ಈ " -+"ವಲಯಕ್ಕೆ ಬರುವ ಸಂಪರ್ಕಗಳು, ಸಂಪರ್ಕಸಾಧನಗಳು (ಇಂಟರ್ಫೇಸಸ್) ಮತ್ತು ಆಕರಗಳಿಂದ ತಲುಪುವ " -+"ಎಲ್ಲಾ ಅತಿಥೇಯಗಳಿಂದ ಹಾಗು ಜಾಲಬಂಧಗಳಿಂದ ನಿಲುಕಿಸಿಕೊಳ್ಳಬಹುದಾಗಿರುತ್ತವೆ." - - #: ../src/firewall-config.glade.h:95 - msgid "Services" -@@ -1120,8 +1122,9 @@ msgid "" - "Add additional ports or port ranges, which need to be accessible for all " - "hosts or networks that can connect to the machine." - msgstr "" --"ಗಣಕಕ್ಕೆ ಸಂಪರ್ಕ ಜೋಡಿಸುವ ಎಲ್ಲಾ ಅತಿಥೇಯಗಳಿಂದ ಅಥವ ಜಾಲಬಂಧಗಳಿಂದ ನಿಲುಕಿಸಿಕೊಳ್ಳಬಹುದಾದಂತ " --"ಹೆಚ್ಚುವರಿ ಸಂಪರ್ಕಸ್ಥಾನಗಳನ್ನು ಅಥವ ಸಂಪರ್ಕಸ್ಥಾನ ವ್ಯಾಪ್ತಿಗಳನ್ನು ಸೇರಿಸಿ." -+"ಗಣಕಕ್ಕೆ ಸಂಪರ್ಕ ಜೋಡಿಸುವ ಎಲ್ಲಾ ಅತಿಥೇಯಗಳಿಂದ ಅಥವ ಜಾಲಬಂಧಗಳಿಂದ " -+"ನಿಲುಕಿಸಿಕೊಳ್ಳಬಹುದಾದಂತ ಹೆಚ್ಚುವರಿ ಸಂಪರ್ಕಸ್ಥಾನಗಳನ್ನು ಅಥವ ಸಂಪರ್ಕಸ್ಥಾನ " -+"ವ್ಯಾಪ್ತಿಗಳನ್ನು ಸೇರಿಸಿ." - - #: ../src/firewall-config.glade.h:97 - msgid "Add Port" -@@ -1176,8 +1179,9 @@ msgid "" - "hosts appear as a single address on the internet. Masquerading is IPv4 only." - msgstr "" - "ನಿಮ್ಮ ಸ್ಥಳೀಯ ಜಾಲಬಂಧಕ್ಕೆ ಸಂಪರ್ಕ ಕಲ್ಪಿಸುವ ಅತಿಥೇಯ ಅಥವ ರೌಟರ್ ಅನ್ನು ಸಂಯೋಜಿಸುವಾಗ " --"ಛದ್ಮವೇಶಗೊಳಿಕೆಯು(Masquerading) ಸಹಾಯಕವಾಗುತ್ತದೆ. ನಿಮ್ಮ ಸ್ಥಳೀಯ ಜಾಲಬಂಧವು ಅಂತರ್ಜಾಲಕ್ಕೆ " --"ಒಂದು ಅತಿಥೇಯವಾಗಿ ಗೋಚರಿಸುವುದಿಲ್ಲ. ಛದ್ಮವೇಶಿಸುವುದು IPv4 ನಲ್ಲಿ ಮಾತ್ರ." -+"ಛದ್ಮವೇಶಗೊಳಿಕೆಯು(Masquerading) ಸಹಾಯಕವಾಗುತ್ತದೆ. ನಿಮ್ಮ ಸ್ಥಳೀಯ ಜಾಲಬಂಧವು " -+"ಅಂತರ್ಜಾಲಕ್ಕೆ ಒಂದು ಅತಿಥೇಯವಾಗಿ ಗೋಚರಿಸುವುದಿಲ್ಲ. ಛದ್ಮವೇಶಿಸುವುದು IPv4 ನಲ್ಲಿ ಮಾತ್ರ." -+"" - - #: ../src/firewall-config.glade.h:109 - msgid "Masquerade zone" -@@ -1202,10 +1206,10 @@ msgid "" - "system is only useful if the interface is masqueraded. Port forwarding is " - "IPv4 only." - msgstr "" --"ಸ್ಥಳೀಯ ಗಣಕದಲ್ಲಿನ ಒಂದು ಸಂಪರ್ಕಸ್ಥಾನದಿಂದ ಇನ್ನೊಂದಕ್ಕೆ ಅಥವ ಸ್ಥಳೀಯ ಗಣಕದಿಂದ ಇನ್ನೊಂದು ಗಣಕಕ್ಕೆ " --"ಸಂಪರ್ಕಸ್ಥಾನಗಳನ್ನು ಫಾರ್ವಾರ್ಡ್‌ಮಾಡಲು ನಮೂದುಗಳನ್ನು ಸೇರಿಸಿ. ಬೇರೆ ಗಣಕಕ್ಕೆ ಫಾರ್ವಾರ್ಡ್‌ ಮಾಡುವುದು, " --"ಸಂಪರ್ಕಸಾಧನವು ಮರೆಮಾಚಲ್ಪಟ್ಟಿದ್ದಲ್ಲಿ ಮಾತ್ರ ಪ್ರಯೋಜನಕಾರಿಯಾಗುತ್ತದೆ. ಸಂಪರ್ಕಸ್ಥಾನ ಫಾರ್ವಾಡಿಂಗ್ " --"ಕೇವಲ IPv4 ಮಾತ್ರ ಆಗಿರುತ್ತದೆ." -+"ಸ್ಥಳೀಯ ಗಣಕದಲ್ಲಿನ ಒಂದು ಸಂಪರ್ಕಸ್ಥಾನದಿಂದ ಇನ್ನೊಂದಕ್ಕೆ ಅಥವ ಸ್ಥಳೀಯ ಗಣಕದಿಂದ " -+"ಇನ್ನೊಂದು ಗಣಕಕ್ಕೆ ಸಂಪರ್ಕಸ್ಥಾನಗಳನ್ನು ಫಾರ್ವಾರ್ಡ್‌ಮಾಡಲು ನಮೂದುಗಳನ್ನು ಸೇರಿಸಿ. ಬೇರೆ " -+"ಗಣಕಕ್ಕೆ ಫಾರ್ವಾರ್ಡ್‌ ಮಾಡುವುದು, ಸಂಪರ್ಕಸಾಧನವು ಮರೆಮಾಚಲ್ಪಟ್ಟಿದ್ದಲ್ಲಿ ಮಾತ್ರ " -+"ಪ್ರಯೋಜನಕಾರಿಯಾಗುತ್ತದೆ. ಸಂಪರ್ಕಸ್ಥಾನ ಫಾರ್ವಾಡಿಂಗ್ ಕೇವಲ IPv4 ಮಾತ್ರ ಆಗಿರುತ್ತದೆ." - - #: ../src/firewall-config.glade.h:113 - msgid "Add Forward Port" -@@ -1225,17 +1229,18 @@ msgid "" - "messages between networked computers, but additionally for informational " - "messages like ping requests and replies." - msgstr "" --"ಇಂಟರ್ನೆಟ್ ಕಂಟ್ರೋಲ್ ಮೆಸೇಜ್ ಪ್ರೊಟೋಕಾಲ್ (ICMP) ಹೆಚ್ಚಾಗಿ ಜಾಲದೊಳಗಿನ ಗಣಕಗಳ ನಡುವೆ ದೋಷ " --"ಸಂದೇಶಗಳನ್ನು ಕಳುಹಿಸಲು ಬಳಸಲ್ಪಡುತ್ತದೆ, ಆದರೆ ಇದರ ಜೊತೆಗೆ ಮಾಹಿತಿಯ ಸಂದೇಶಗಳಾದಂತಹ ಪಿಂಗ್ " --"ಮನವಿಗಳು ಹಾಗು ಪ್ರತ್ಯುತ್ತರಗಳನ್ನೂ ಸಹ ಕಳುಹಿಸಲು ಬಳಸಲ್ಪಡುತ್ತದೆ." -+"ಇಂಟರ್ನೆಟ್ ಕಂಟ್ರೋಲ್ ಮೆಸೇಜ್ ಪ್ರೊಟೋಕಾಲ್ (ICMP) ಹೆಚ್ಚಾಗಿ ಜಾಲದೊಳಗಿನ ಗಣಕಗಳ ನಡುವೆ " -+"ದೋಷ ಸಂದೇಶಗಳನ್ನು ಕಳುಹಿಸಲು ಬಳಸಲ್ಪಡುತ್ತದೆ, ಆದರೆ ಇದರ ಜೊತೆಗೆ ಮಾಹಿತಿಯ ಸಂದೇಶಗಳಾದಂತಹ " -+"ಪಿಂಗ್ ಮನವಿಗಳು ಹಾಗು ಪ್ರತ್ಯುತ್ತರಗಳನ್ನೂ ಸಹ ಕಳುಹಿಸಲು ಬಳಸಲ್ಪಡುತ್ತದೆ." - - #: ../src/firewall-config.glade.h:117 - msgid "" - "Mark the ICMP types in the list, which should be rejected. All other ICMP " - "types are allowed to pass the firewall. The default is no limitation." - msgstr "" --"ಪಟ್ಟಿಯಲ್ಲಿರುವ ತಿರಸ್ಕರಿಸಬೇಕಿರುವ ICMP ಬಗೆಗಳನ್ನು ಗುರುತು ಹಾಕಿ. ಎಲ್ಲಾ ಇತರೆ ICMP ಬಗೆಗಳು " --"ಫೈರ್ವಾಲ್ ಮೂಲಕ ಹಾದುಹೋಗಲು ಅನುಮತಿಸಲ್ಪಡುತ್ತವೆ. ಪೂರ್ವನಿಯೋಜಿತವಾಗಿ ಯಾವುದೆ ಮಿತಿ ಇರುವುದಿಲ್ಲ." -+"ಪಟ್ಟಿಯಲ್ಲಿರುವ ತಿರಸ್ಕರಿಸಬೇಕಿರುವ ICMP ಬಗೆಗಳನ್ನು ಗುರುತು ಹಾಕಿ. ಎಲ್ಲಾ ಇತರೆ ICMP " -+"ಬಗೆಗಳು ಫೈರ್ವಾಲ್ ಮೂಲಕ ಹಾದುಹೋಗಲು ಅನುಮತಿಸಲ್ಪಡುತ್ತವೆ. ಪೂರ್ವನಿಯೋಜಿತವಾಗಿ ಯಾವುದೆ " -+"ಮಿತಿ ಇರುವುದಿಲ್ಲ." - - #: ../src/firewall-config.glade.h:118 - msgid "" -@@ -1276,8 +1281,9 @@ msgid "" - "Add entries to bind interfaces to the zone. If the interface will be used by " - "a connection, the zone will be set to the zone specified in the connection." - msgstr "" --"ಸಂಪರ್ಕಸಾಧನಗಳನ್ನು ವಲಯಕ್ಕೆ ಬೈಂಡ್ ಮಾಡಲು ನಮೂದುಗಳನ್ನು ಸೇರಿಸಿ. ಸಂಪರ್ಕಸಾಧನವನ್ನು ಒಂದು " --"ಸಂಪರ್ಕದಿಂದ ಬಳಸಲಾಗುತ್ತಿದ್ದರೆ, ವಲಯವನ್ನು ಸಂಪರ್ಕದಿಂದ ಸೂಚಿಸಲಾದ ವಲಯಕ್ಕೆ ಹೊಂದಿಸಲಾಗುತ್ತದೆ." -+"ಸಂಪರ್ಕಸಾಧನಗಳನ್ನು ವಲಯಕ್ಕೆ ಬೈಂಡ್ ಮಾಡಲು ನಮೂದುಗಳನ್ನು ಸೇರಿಸಿ. ಸಂಪರ್ಕಸಾಧನವನ್ನು " -+"ಒಂದು ಸಂಪರ್ಕದಿಂದ ಬಳಸಲಾಗುತ್ತಿದ್ದರೆ, ವಲಯವನ್ನು ಸಂಪರ್ಕದಿಂದ ಸೂಚಿಸಲಾದ ವಲಯಕ್ಕೆ " -+"ಹೊಂದಿಸಲಾಗುತ್ತದೆ." - - #: ../src/firewall-config.glade.h:127 - msgid "Add Interface" -@@ -1319,8 +1325,8 @@ msgid "" - "A firewalld service is a combination of ports, protocols, modules and " - "destination addresses." - msgstr "" --"ಒಂದು firewalld ಸೇವೆಯು ಸಂಪರ್ಕಸ್ಥಾನಗಳು, ಪ್ರೊಟೊಕಾಲ್‌ಗಳು, ಮಾಡ್ಯೂಲ್‌ಗಳು ಮತ್ತು ಉದ್ಧೇಶಿತ " --"ವಿಳಾಸಗಳ ಒಂದು ಸಂಯೋಜನೆಯಾಗಿರುತ್ತದೆ." -+"ಒಂದು firewalld ಸೇವೆಯು ಸಂಪರ್ಕಸ್ಥಾನಗಳು, ಪ್ರೊಟೊಕಾಲ್‌ಗಳು, ಮಾಡ್ಯೂಲ್‌ಗಳು ಮತ್ತು " -+"ಉದ್ಧೇಶಿತ ವಿಳಾಸಗಳ ಒಂದು ಸಂಯೋಜನೆಯಾಗಿರುತ್ತದೆ." - - #: ../src/firewall-config.glade.h:139 - msgid "Add Service" -@@ -1376,8 +1382,9 @@ msgid "" - "the destination address and type. If both entries are empty, there is no " - "limitation." - msgstr "" --"ನೀವು ಉದ್ಧೇಶಿತ ವಿಳಾಸವನ್ನು ಸೂಚಿಸಿದಲ್ಲಿ, ಸೇವೆಯ ನಮೂದನ್ನು ಉದ್ಧೇಶಿತ ವಿಳಾಸ ಮತ್ತು ಬಗೆಗೆ " --"ಮಿತಿಗೊಳಿಸಲಾಗುತ್ತದೆ. ಎರಡೂ ನಮೂದಗಳನ್ನು ಖಾಲಿ ಬಿಟ್ಟಲ್ಲಿ, ಯಾವುದೆ ಮಿತಿ ಇರುವುದಿಲ್ಲ." -+"ನೀವು ಉದ್ಧೇಶಿತ ವಿಳಾಸವನ್ನು ಸೂಚಿಸಿದಲ್ಲಿ, ಸೇವೆಯ ನಮೂದನ್ನು ಉದ್ಧೇಶಿತ ವಿಳಾಸ ಮತ್ತು " -+"ಬಗೆಗೆ ಮಿತಿಗೊಳಿಸಲಾಗುತ್ತದೆ. ಎರಡೂ ನಮೂದಗಳನ್ನು ಖಾಲಿ ಬಿಟ್ಟಲ್ಲಿ, ಯಾವುದೆ ಮಿತಿ " -+"ಇರುವುದಿಲ್ಲ." - - #: ../src/firewall-config.glade.h:151 - msgid "IPv4:" -@@ -1392,8 +1399,8 @@ msgid "" - "Services can only be changed in the permanent configuration view. The " - "runtime configuration of services is fixed." - msgstr "" --"ಸೇವೆಗಳನ್ನು ಶಾಶ್ವತ ಸಂರಚನಾ ನೋಟದಲ್ಲಿ ಮಾತ್ರ ಬಳಸಲು ಸಾಧ್ಯವಿರುತ್ತದೆ. ಸೇವೆಗಳ ಚಾಲನಾಸಮಯ " --"ಸಂರಚನೆಯು ನಿಶ್ಚಿತವಾಗಿರುತ್ತದೆ." -+"ಸೇವೆಗಳನ್ನು ಶಾಶ್ವತ ಸಂರಚನಾ ನೋಟದಲ್ಲಿ ಮಾತ್ರ ಬಳಸಲು ಸಾಧ್ಯವಿರುತ್ತದೆ. ಸೇವೆಗಳ " -+"ಚಾಲನಾಸಮಯ ಸಂರಚನೆಯು ನಿಶ್ಚಿತವಾಗಿರುತ್ತದೆ." - - #: ../src/firewall-config.glade.h:154 - msgid "" -@@ -1453,8 +1460,8 @@ msgid "" - "A firewalld icmptype provides the information for an Internet Control " - "Message Protocol (ICMP) type for firewalld." - msgstr "" --"ಒಂದು firewalld icmptype ಎನ್ನುವುದು firewalld ಗಾಗಿನ ಇಂಟರ್ನೆಟ್ ಕಂಟ್ರೋಲ್ ಮೆಸೇಜಿಂಗ್ " --"ಪ್ರೊಟೊಕಾಲ್ (ICMP) ಗಾಗಿ ಮಾಹಿತಿಯನ್ನು ಒದಗಿಸುತ್ತದೆ." -+"ಒಂದು firewalld icmptype ಎನ್ನುವುದು firewalld ಗಾಗಿನ ಇಂಟರ್ನೆಟ್ ಕಂಟ್ರೋಲ್ " -+"ಮೆಸೇಜಿಂಗ್ ಪ್ರೊಟೊಕಾಲ್ (ICMP) ಗಾಗಿ ಮಾಹಿತಿಯನ್ನು ಒದಗಿಸುತ್ತದೆ." - - #: ../src/firewall-config.glade.h:167 - msgid "Add ICMP Type" -@@ -1503,11 +1510,11 @@ msgid "" - "commands, parameters and targets. Direct configuration should be used only " - "as a last resort when it is not possible to use other firewalld features." - msgstr "" --"ನೇರ ಸಂರಚನೆಯು ಫೈರ್ವಾಲ್‌ಗೆ ಹೆಚ್ಚು ನೇರವಾದ ಪ್ರವೇಶವನ್ನು ಒದಗಿಸುತ್ತದೆ. ಈ ಆಯ್ಕೆಗಳಿಗಾಗಿ " --"ಬಳಕೆದಾರರು ಮೂಲಭೂತ iptables ಪರಿಕಲ್ಪನೆಗಳನ್ನು ತಿಳಿಯುವ ಅಗತ್ಯವಿರುತ್ತದೆ, ಅಂದರೆ, " --"ಕೋಷ್ಟಕಗಳು, ಸರಣಿಗಳು, ಆದೇಶಗಳು, ನಿಯತಾಂಕಗಳು ಮತ್ತು ಗುರಿಗಳು. ನೇರ ಸಂರಚನೆಯನ್ನು " --"ಬೇರವಾವುದೆ firewalld ಯ ಸೌಲಭ್ಯಗಳನ್ನು ಬಳಸಲು ಸಾಧ್ಯವಾಗದೆ ಇದ್ದಾಗ ಮಾತ್ರ ಕೊನೆಯ ಉಪಾಯವಾಗಿ " --"ಬಳಸಬೇಕ." -+"ನೇರ ಸಂರಚನೆಯು ಫೈರ್ವಾಲ್‌ಗೆ ಹೆಚ್ಚು ನೇರವಾದ ಪ್ರವೇಶವನ್ನು ಒದಗಿಸುತ್ತದೆ. ಈ " -+"ಆಯ್ಕೆಗಳಿಗಾಗಿ ಬಳಕೆದಾರರು ಮೂಲಭೂತ iptables ಪರಿಕಲ್ಪನೆಗಳನ್ನು ತಿಳಿಯುವ " -+"ಅಗತ್ಯವಿರುತ್ತದೆ, ಅಂದರೆ, ಕೋಷ್ಟಕಗಳು, ಸರಣಿಗಳು, ಆದೇಶಗಳು, ನಿಯತಾಂಕಗಳು ಮತ್ತು ಗುರಿಗಳು." -+" ನೇರ ಸಂರಚನೆಯನ್ನು ಬೇರವಾವುದೆ firewalld ಯ ಸೌಲಭ್ಯಗಳನ್ನು ಬಳಸಲು ಸಾಧ್ಯವಾಗದೆ ಇದ್ದಾಗ " -+"ಮಾತ್ರ ಕೊನೆಯ ಉಪಾಯವಾಗಿ ಬಳಸಬೇಕ." - - #: ../src/firewall-config.glade.h:176 - msgid "" -@@ -1515,9 +1522,9 @@ msgid "" - "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " - "bridges (ebtables)." - msgstr "" --"ಪ್ರತಿಯೊಂದು ಆಯ್ಕೆಯ ipv ಆರ್ಗ್ಯುಮೆಂಟ್‌ ipv4 ಅಥವ ipv6 ಅಥವ eb ಆಗಿರಬೇಕು. ipv4 ನೊಂದಿಗೆ " --"ಇದು iptables ಗಾಗಿ, ip6tables ಗಾಗಿ ipv6 ನೊಂದಿಗೆ ಮತ್ತು ಎತರ್ನೆಟ್ ಬ್ರಿಜ್‌ಗಳಿಗಾಗಿ " --"(ebtables) eb ಇರುತ್ತದೆ." -+"ಪ್ರತಿಯೊಂದು ಆಯ್ಕೆಯ ipv ಆರ್ಗ್ಯುಮೆಂಟ್‌ ipv4 ಅಥವ ipv6 ಅಥವ eb ಆಗಿರಬೇಕು. ipv4 " -+"ನೊಂದಿಗೆ ಇದು iptables ಗಾಗಿ, ip6tables ಗಾಗಿ ipv6 ನೊಂದಿಗೆ ಮತ್ತು ಎತರ್ನೆಟ್ " -+"ಬ್ರಿಜ್‌ಗಳಿಗಾಗಿ (ebtables) eb ಇರುತ್ತದೆ." - - #: ../src/firewall-config.glade.h:177 - msgid "Additional chains for use with rules." -@@ -1543,8 +1550,8 @@ msgstr "ಸರಣಿಗಳು" - msgid "" - "Add a rule with the arguments args to a chain in a table with a priority." - msgstr "" --"ಒಂದು ಆದ್ಯತೆಯೊಂದಿಗೆ ಕೋಷ್ಟಕವೊಂದರಲ್ಲಿ ಒಂದು ಸರಣಗೆ ಆರ್ಗ್ಯುಮೆಂಟ್‌ಗಳ args ನೊಂದಿಗೆ ಒಂದು " --"ನಿಯಮವನ್ನು ಸೇರಿಸು." -+"ಒಂದು ಆದ್ಯತೆಯೊಂದಿಗೆ ಕೋಷ್ಟಕವೊಂದರಲ್ಲಿ ಒಂದು ಸರಣಗೆ ಆರ್ಗ್ಯುಮೆಂಟ್‌ಗಳ args ನೊಂದಿಗೆ " -+"ಒಂದು ನಿಯಮವನ್ನು ಸೇರಿಸು." - - #: ../src/firewall-config.glade.h:183 - msgid "" -@@ -1555,12 +1562,13 @@ msgid "" - "after another one, use a low priority for the first and a higher for the " - "following." - msgstr "" --"ನಿಯಮಗಳನ್ನು ಕ್ರಮವಾಗಿರಿಸಲು ಆದ್ಯತೆಯನ್ನು ಬಳಸಲಾಗುತ್ತದೆ. ಆದ್ಯತೆ 0 ಎಂದರೆ ಸರಣಿಯ ಮೇಲ್ಭಾಗದಲ್ಲಿ " --"ನಿಯಮವನ್ನು ಸೇರಿಸು ಎಂದರ್ಥ, ಹೆಚ್ಚಿನ ಆದ್ಯತೆಯಲ್ಲಿ ನಿಯಮವನ್ನು ಇನ್ನೂ ಕೆಳಗೆ ಸೇರಿಸಲಾಗುತ್ತದೆ. " --"ಒಂದೇ ಆದ್ಯತೆಯನ್ನು ಹೊಂದಿರುವ ನಿಯಮಗಳು ಒಂದೇ ಹಂತದಲ್ಲಿ ಇರುತ್ತವೆ ಮತ್ತು ಈ ನಿಯಮಗಳ ಅನುಕ್ರಮವು " --"ಒಂದೇ ರೀತಿ ಇರದೆ ಬದಲಾವಣೆ ಹೊಂದುವ ಸಾಧ್ಯತೆ ಇರುತ್ತದೆ. ಒಂದು ನಿಯಮದ ನಂತರ ಇನ್ನೊಂದು " --"ನಿಯಮವನ್ನು ಸೇರಿಸಬೇಕು ಎನ್ನುವುದನ್ನು ಖಚಿತಪಡಿಸಿಕೊಳ್ಳಲು ನೀವು ಬಯಸಿದಲ್ಲಿ, ಮೊದಲನೆಯದಕ್ಕೆ " --"ಕಡಿಮೆ ಆದ್ಯತೆಯನ್ನು ಮತ್ತು ನಂತರದವುಗಳಿಗೆ ಹೆಚ್ಚಿನ ಆದ್ಯತೆಯನ್ನು ಬಳಸಿ." -+"ನಿಯಮಗಳನ್ನು ಕ್ರಮವಾಗಿರಿಸಲು ಆದ್ಯತೆಯನ್ನು ಬಳಸಲಾಗುತ್ತದೆ. ಆದ್ಯತೆ 0 ಎಂದರೆ ಸರಣಿಯ " -+"ಮೇಲ್ಭಾಗದಲ್ಲಿ ನಿಯಮವನ್ನು ಸೇರಿಸು ಎಂದರ್ಥ, ಹೆಚ್ಚಿನ ಆದ್ಯತೆಯಲ್ಲಿ ನಿಯಮವನ್ನು ಇನ್ನೂ " -+"ಕೆಳಗೆ ಸೇರಿಸಲಾಗುತ್ತದೆ. ಒಂದೇ ಆದ್ಯತೆಯನ್ನು ಹೊಂದಿರುವ ನಿಯಮಗಳು ಒಂದೇ ಹಂತದಲ್ಲಿ " -+"ಇರುತ್ತವೆ ಮತ್ತು ಈ ನಿಯಮಗಳ ಅನುಕ್ರಮವು ಒಂದೇ ರೀತಿ ಇರದೆ ಬದಲಾವಣೆ ಹೊಂದುವ ಸಾಧ್ಯತೆ " -+"ಇರುತ್ತದೆ. ಒಂದು ನಿಯಮದ ನಂತರ ಇನ್ನೊಂದು ನಿಯಮವನ್ನು ಸೇರಿಸಬೇಕು ಎನ್ನುವುದನ್ನು " -+"ಖಚಿತಪಡಿಸಿಕೊಳ್ಳಲು ನೀವು ಬಯಸಿದಲ್ಲಿ, ಮೊದಲನೆಯದಕ್ಕೆ ಕಡಿಮೆ ಆದ್ಯತೆಯನ್ನು ಮತ್ತು " -+"ನಂತರದವುಗಳಿಗೆ ಹೆಚ್ಚಿನ ಆದ್ಯತೆಯನ್ನು ಬಳಸಿ." - - #: ../src/firewall-config.glade.h:184 - msgid "Add Rule" -@@ -1584,9 +1592,9 @@ msgid "" - "not placed in special chains. All iptables, ip6tables and ebtables options " - "can be used." - msgstr "" --"ಪಾಸ್‌ತ್ರೂ ನಿಯಮಗಳನ್ನು ನೇರವಾಗಿ ಫೈರ್ವಾಲ್‌ ಮುಖಾಂತರ ಹಾದುಹೋಗುವಂತೆ ಮಾಡಲಾಗುತ್ತದೆ ಮತ್ತು ಅದನ್ನು " --"ವಿಶೇಷ ಸರಣಿಗಳಲ್ಲಿ ಇರಿಸಲಾಗುವುದಿಲ್ಲ. ಎಲ್ಲಾ iptables, ip6tables ಮತ್ತು ebtables " --"ಆಯ್ಕೆಗಳನ್ನು ಬಳಸಬಹುದು." -+"ಪಾಸ್‌ತ್ರೂ ನಿಯಮಗಳನ್ನು ನೇರವಾಗಿ ಫೈರ್ವಾಲ್‌ ಮುಖಾಂತರ ಹಾದುಹೋಗುವಂತೆ ಮಾಡಲಾಗುತ್ತದೆ " -+"ಮತ್ತು ಅದನ್ನು ವಿಶೇಷ ಸರಣಿಗಳಲ್ಲಿ ಇರಿಸಲಾಗುವುದಿಲ್ಲ. ಎಲ್ಲಾ iptables, ip6tables " -+"ಮತ್ತು ebtables ಆಯ್ಕೆಗಳನ್ನು ಬಳಸಬಹುದು." - - #: ../src/firewall-config.glade.h:189 - msgid "Please be careful with passthrough rules to not damage the firewall." -@@ -1615,8 +1623,9 @@ msgid "" - "contain commands, contexts, users and user ids." - msgstr "" - "ಲಾಕ್‌ಡೌನ್ ಸೌಲಭ್ಯವು firewalld ಗಾಗಿನ ಬಳಕೆದಾರ ಮತ್ತು ಅನ್ವಯ ಪಾಲಿಸಿಗಳ ಒಂದು ಹಗುರ " --"ಆವೃತ್ತಿಯಾಗಿದೆ. ಇದು ಫೈರ್‌ವಾಲ್‌ಗೆ ಬದಲಾವಣೆಗಳನ್ನು ಮಿತಿಗೊಳಿಸುತ್ತದೆ. ಲಾಕ್‌ಡೌನ್‌ ವೈಟ್‌ಲಿಸ್ಟ್ " --"ಆದೇಶಗಳು, ಸನ್ನಿವೇಶಗಳು, ಬಳಕೆದಾರರು ಮತ್ತು ಬಳಕೆದಾರ idಗಳನ್ನು ಹೊಂದಿರುತ್ತದೆ." -+"ಆವೃತ್ತಿಯಾಗಿದೆ. ಇದು ಫೈರ್‌ವಾಲ್‌ಗೆ ಬದಲಾವಣೆಗಳನ್ನು ಮಿತಿಗೊಳಿಸುತ್ತದೆ. ಲಾಕ್‌ಡೌನ್‌ " -+"ವೈಟ್‌ಲಿಸ್ಟ್ ಆದೇಶಗಳು, ಸನ್ನಿವೇಶಗಳು, ಬಳಕೆದಾರರು ಮತ್ತು ಬಳಕೆದಾರ idಗಳನ್ನು " -+"ಹೊಂದಿರುತ್ತದೆ." - - #: ../src/firewall-config.glade.h:195 - msgid "" -@@ -1647,9 +1656,10 @@ msgid "" - "command lines starting with the command will match. If the '*' is not there " - "the absolute command inclusive arguments must match." - msgstr "" --"ವೈಟ್‌ಲಿಸ್ಟಿನಲ್ಲಿನ ಒಂದು ಆದೇಶದ ನಮೂದು ಒಂದು ಆಸ್ಟೆರಿಸ್ಕ್ '*' ಇಂದ ಕೊನೆಗೊಳ್ಳುತ್ತಿದ್ದರೆ, " --"ಆದೇಶದಿಂದ ಆರಂಭಗೊಳ್ಳುವ ಎಲ್ಲಾ ಆದೇಶ ಸಾಲುಗಳು ಹೊಂದಿಕೆಯಾಗುತ್ತವೆ. '*' ಇಲ್ಲದೆ ಇದ್ದಲ್ಲಿ, " --"ಪರಿಪೂರ್ಣವಾದ ಆದೇಶವನ್ನು ಹೊಂದಿರುವ ಆರ್ಗ್ಯುಮೆಂಟ್‌ಗಳು ಹೊಂದಿಕೆಯಾಗುವುದು ಅತ್ಯಗತ್ಯ." -+"ವೈಟ್‌ಲಿಸ್ಟಿನಲ್ಲಿನ ಒಂದು ಆದೇಶದ ನಮೂದು ಒಂದು ಆಸ್ಟೆರಿಸ್ಕ್ '*' ಇಂದ " -+"ಕೊನೆಗೊಳ್ಳುತ್ತಿದ್ದರೆ, ಆದೇಶದಿಂದ ಆರಂಭಗೊಳ್ಳುವ ಎಲ್ಲಾ ಆದೇಶ ಸಾಲುಗಳು " -+"ಹೊಂದಿಕೆಯಾಗುತ್ತವೆ. '*' ಇಲ್ಲದೆ ಇದ್ದಲ್ಲಿ, ಪರಿಪೂರ್ಣವಾದ ಆದೇಶವನ್ನು ಹೊಂದಿರುವ " -+"ಆರ್ಗ್ಯುಮೆಂಟ್‌ಗಳು ಹೊಂದಿಕೆಯಾಗುವುದು ಅತ್ಯಗತ್ಯ." - - #: ../src/firewall-config.glade.h:201 - msgid "Add Command Line" -@@ -1840,7 +1850,8 @@ msgstr "ನೇರ ನಿಯಮ" - #: ../src/firewall-config.glade.h:248 - msgid "Please select ipv and table, chain priority and enter the args." - msgstr "" --"ದಯವಿಟ್ಟು ipv ಮತ್ತು ಕೋಷ್ಟಕವನ್ನು, ಸರಣಿ ಆದ್ಯತೆಯನ್ನು ಆರಿಸಿ ನಂತರ args ಅನ್ನು ನಮೂದಿಸಿ." -+"ದಯವಿಟ್ಟು ipv ಮತ್ತು ಕೋಷ್ಟಕವನ್ನು, ಸರಣಿ ಆದ್ಯತೆಯನ್ನು ಆರಿಸಿ ನಂತರ args ಅನ್ನು " -+"ನಮೂದಿಸಿ." - - #: ../src/firewall-config.glade.h:249 - msgid "Priority:" -@@ -1864,7 +1875,9 @@ msgstr "ದಯವಿಟ್ಟು ಒಂದು ಸಮೃದ್ಧ ನಿಯಮವ - - #: ../src/firewall-config.glade.h:255 - msgid "For host or network white or blacklisting deactivate the element." --msgstr "ಆತಿಥೇಯ ಅಥವ ಜಾಲಬಂಧದ ವೈಟ್ ಅಥವ ಬ್ಲಾಕ್‌ಲಿಸ್ಟ್ ಮಾಡುವಿಕೆಗಾಗಿ ಅಂಶವನ್ನು ನಿಷ್ಕ್ರಿಯೊಳಿಸಿ." -+msgstr "" -+"ಆತಿಥೇಯ ಅಥವ ಜಾಲಬಂಧದ ವೈಟ್ ಅಥವ ಬ್ಲಾಕ್‌ಲಿಸ್ಟ್ ಮಾಡುವಿಕೆಗಾಗಿ ಅಂಶವನ್ನು " -+"ನಿಷ್ಕ್ರಿಯೊಳಿಸಿ." - - #: ../src/firewall-config.glade.h:256 - msgid "Source:" -@@ -1892,11 +1905,11 @@ msgstr "ವಿಲೋಮಗೊಳಿಸಿದ" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" --"ಇದನ್ನು ನಿಷ್ಕ್ರಿಯಗೊಳಿಸಲು ಕ್ರಿಯೆಯು 'reject' ಮತ್ತು ಕುಟುಂಬವು (ಫ್ಯಾಮಿಲಿ) 'ipv4' ಅಥವ " --"'ipv6' (ಎರಡೂ ಒಟ್ಟಿಗೆ ಅಲ್ಲ) ಆಗಿರಬೇಕು." -+"ಇದನ್ನು ನಿಷ್ಕ್ರಿಯಗೊಳಿಸಲು ಕ್ರಿಯೆಯು 'reject' ಮತ್ತು ಕುಟುಂಬವು (ಫ್ಯಾಮಿಲಿ) 'ipv4' " -+"ಅಥವ 'ipv6' (ಎರಡೂ ಒಟ್ಟಿಗೆ ಅಲ್ಲ) ಆಗಿರಬೇಕು." - - #: ../src/firewall-config.glade.h:267 - msgid "with Type:" -diff --git a/po/ko.po b/po/ko.po -index 0ee85d93d286..f1a49be66160 100644 ---- a/po/ko.po -+++ b/po/ko.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # eukim , 2014 - # eukim , 2014 -@@ -13,19 +13,20 @@ - # Michelle Kim , 2002 - # Eun-Ju Kim , 2016. #zanata - # Terry Chuang , 2016. #zanata -+# Eric Garver , 2018. #zanata - msgid "" - msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" --"PO-Revision-Date: 2016-08-22 05:00+0000\n" --"Last-Translator: Eun-Ju Kim \n" --"Language-Team: Korean (http://www.transifex.com/projects/p/firewalld/" --"language/ko/)\n" --"Language: ko\n" - "MIME-Version: 1.0\n" - "Content-Type: text/plain; charset=UTF-8\n" - "Content-Transfer-Encoding: 8bit\n" -+"PO-Revision-Date: 2018-11-16 08:25+0000\n" -+"Last-Translator: Copied by Zanata \n" -+"Language-Team: Korean (http://www.transifex.com/projects/p/firewalld/" -+"language/ko/)\n" -+"Language: ko\n" - "Plural-Forms: nplurals=1; plural=0;\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -85,8 +86,7 @@ msgid "" - "This feature is useful for people using the default zones mostly. For users, " - "that are changing zones of connections, it might be of limited use." - msgstr "" --"이 기능은 대부분 기본값 영역을 사용하는 사용자에게 유용합니다. 연결 영역을 변" --"경한 사용자의 경우 제한적으로 사용할 수 있습니다." -+"이 기능은 대부분 기본값 영역을 사용하는 사용자에게 유용합니다. 연결 영역을 변경한 사용자의 경우 제한적으로 사용할 수 있습니다." - - #: ../src/firewall-applet.in:235 - msgid "Shields Up Zone:" -@@ -205,15 +205,13 @@ msgid "" - "Default Zone '{default_zone}' active for connection '{connection}' on " - "interface '{interface}'" - msgstr "" --"기본 영역 '{default_zone}'은 인터페이스 '{interface}' 상의 연결 " --"'{connection}'에 대해 활성화" -+"기본 영역 '{default_zone}'은 인터페이스 '{interface}' 상의 연결 '{connection}'에 대해 활성화" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" --msgstr "" --"영역 '{zone}'은 인터페이스 '{interface}' 상의 연결 '{connection}'에 대해 활성" --"화" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" -+msgstr "영역 '{zone}'은 인터페이스 '{interface}' 상의 연결 '{connection}'에 대해 활성화" - - #: ../src/firewall-applet.in:892 - msgid "Zone '{zone}' active for interface '{interface}'" -@@ -261,21 +259,18 @@ msgid "" - "Default zone '{default_zone}' {activated_deactivated} for connection " - "'{connection}' on interface '{interface}'" - msgstr "" --"기본 영역 '{default_zone}'은 인터페이스 '{interface}' 상의 연결 " --"'{connection}'에 대해 {activated_deactivated}" -+"기본 영역 '{default_zone}'은 인터페이스 '{interface}' 상의 연결 '{connection}'에 대해 " -+"{activated_deactivated}" - - #: ../src/firewall-applet.in:1042 - msgid "" - "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " - "interface '{interface}'" --msgstr "" --"영역 '{zone}'이 인터페이스 '{interface}' 상의 연결에 대해 " --"{activated_deactivated}" -+msgstr "영역 '{zone}'이 인터페이스 '{interface}' 상의 연결에 대해 {activated_deactivated}" - - #: ../src/firewall-applet.in:1047 - msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" --msgstr "" --"영역 '{zone}'이 인터페이스 '{interface}'에 대해 {activated_deactivated}" -+msgstr "영역 '{zone}'이 인터페이스 '{interface}'에 대해 {activated_deactivated}" - - #: ../src/firewall-applet.in:1070 - #, c-format -@@ -303,7 +298,7 @@ msgstr "firewalld에 연결 시도 중입니다. 대기 중..." - msgid "" - "Failed to connect to firewalld. Please make sure that the service has been " - "started correctly and try again." --msgstr "" -+msgstr "방화벽에 연결할 수 없습니다. 서비스를 제대로 시작했는지 확인하고 다시 시도해 주십시오." - - #: ../src/firewall-config.in:95 - msgid "Changes applied." -@@ -345,23 +340,23 @@ msgstr "사용자 이름 " - - #: ../src/firewall-config.in:244 - msgid "User id" --msgstr "" -+msgstr "사용자 ID" - - #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 - msgid "Table" --msgstr "" -+msgstr "테이블" - - #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 - msgid "Chain" --msgstr "" -+msgstr "체인" - - #: ../src/firewall-config.in:322 - msgid "Priority" --msgstr "" -+msgstr "우선순위" - - #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 - msgid "Args" --msgstr "" -+msgstr "인수" - - #: ../src/firewall-config.in:401 ../src/firewall-config.in:2329 - msgid "Runtime" -@@ -439,11 +434,11 @@ msgstr "감사 " - - #: ../src/firewall-config.in:934 ../src/firewall-config.glade.h:221 - msgid "Interface" --msgstr "" -+msgstr "인터페이스" - - #: ../src/firewall-config.in:936 - msgid "Comment" --msgstr "" -+msgstr "코멘트" - - #: ../src/firewall-config.in:955 ../src/firewall-config.glade.h:27 - msgid "Source" -@@ -519,7 +514,7 @@ msgstr "icmp-차단 " - #: ../src/firewall-config.in:3348 ../src/firewall-config.in:3658 - #: ../src/firewall-config.glade.h:288 - msgid "icmp-type" --msgstr "" -+msgstr "icmp 유형" - - #: ../src/firewall-config.in:2075 ../src/firewall-config.in:3182 - #: ../src/firewall-config.in:3350 ../src/firewall-config.in:3661 -@@ -654,12 +649,9 @@ msgstr "ipv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" --msgstr "" --"인터페이스가 마스커레이딩되는 경우에만 다른 시스템에 전송하는 것이 유용합니" --"다.\n" -+msgstr "인터페이스가 마스커레이딩되는 경우에만 다른 시스템에 전송하는 것이 유용합니다.\n" - "이 영역을 마스커레이딩하시겠습니까? " - - #: ../src/firewall-config.in:5376 -@@ -690,8 +682,7 @@ msgstr "ipv4 또는 ipv6 주소를 address[/mask] 형식으로 입력하십시 - msgid "" - "The mask can be a network mask or a number for ipv4.\n" - "The mask is a number for ipv6." --msgstr "" --"mask는 네트워크 마스크 또는 ipv4 숫자로 지정할 수 있습니다.\n" -+msgstr "mask는 네트워크 마스크 또는 ipv4 숫자로 지정할 수 있습니다.\n" - "mask는 ipv6 숫자입니다." - - #: ../src/firewall-config.in:5776 -@@ -713,7 +704,7 @@ msgstr "모든 파일 " - #: ../src/firewall-config.in:6383 ../src/firewall-config.in:6412 - #: ../src/firewall-config.glade.h:40 - msgid "All" --msgstr "" -+msgstr "모두" - - #: ../src/firewall-config.in:6383 ../src/firewall-config.in:6412 - #: ../src/firewall-config.glade.h:41 -@@ -727,7 +718,7 @@ msgstr "IPv6" - - #: ../src/firewall-config.in:6389 - msgid "Built-in helper, rename not supported." --msgstr "" -+msgstr "기본 제공 헬퍼, 이름 바꾸기가 지원되지 않습니다." - - #: ../src/firewall-config.in:6867 - msgid "Built-in icmp, rename not supported." -@@ -750,11 +741,11 @@ msgstr "주소" - - #: ../src/firewall-config.glade.h:2 - msgid "Automatic Helpers" --msgstr "" -+msgstr "자동 헬퍼" - - #: ../src/firewall-config.glade.h:3 - msgid "Please select the automatic helpers value:" --msgstr "" -+msgstr "자동 헬퍼 값을 선택해 주십시오." - - #: ../src/firewall-config.glade.h:5 - msgid "Please enter the command line." -@@ -845,9 +836,7 @@ msgstr "대상" - msgid "" - "If you enable local forwarding, you have to specify a port. This port has to " - "be different to the source port." --msgstr "" --"로컬 포워딩을 사용하실 경우, 포트를 지정하셔야 합니다. 이러한 포트는 소스 포" --"트와 달라야 합니다. " -+msgstr "로컬 포워딩을 사용하실 경우, 포트를 지정하셔야 합니다. 이러한 포트는 소스 포트와 달라야 합니다. " - - #: ../src/firewall-config.glade.h:30 - msgid "Local forwarding" -@@ -859,11 +848,11 @@ msgstr "다른 포트로 포워드 " - - #: ../src/firewall-config.glade.h:32 - msgid "Base Helper Settings" --msgstr "" -+msgstr "기본 헬퍼 설정" - - #: ../src/firewall-config.glade.h:33 - msgid "Please configure base helper settings:" --msgstr "" -+msgstr "기본 헬퍼를 설정을 구성해 주십시오." - - #: ../src/firewall-config.glade.h:34 - msgid "Bold entries are mandatory, all others are optional." -@@ -891,15 +880,15 @@ msgstr "제품군: " - - #: ../src/firewall-config.glade.h:43 - msgid "Module:" --msgstr "" -+msgstr "모듈:" - - #: ../src/firewall-config.glade.h:44 - msgid "Helper" --msgstr "" -+msgstr "헬퍼" - - #: ../src/firewall-config.glade.h:45 - msgid "Please select a helper:" --msgstr "" -+msgstr "헬퍼를 선택해 주십시오." - - #: ../src/firewall-config.glade.h:46 - msgid "Base ICMP Type Settings" -@@ -955,9 +944,8 @@ msgid "" - "runtime configuration. i.e. all runtime only changes done until reload are " - "lost with reload if they have not been also in permanent configuration." - msgstr "" --"방화벽 규칙을 다시 로딩합니다. 현재 영구 설정은 새로운 런타임 설정이 됩니다. " --"즉, 방화벽 규칙이 영구적 설정에 존재하지 않을 경우 다시 로딩할 때 까지 변경" --"된 모든 런타임 내용이 손실됩니다." -+"방화벽 규칙을 다시 로딩합니다. 현재 영구 설정은 새로운 런타임 설정이 됩니다. 즉, 방화벽 규칙이 영구적 설정에 존재하지 않을 경우 " -+"다시 로딩할 때 까지 변경된 모든 런타임 내용이 손실됩니다." - - #: ../src/firewall-config.glade.h:60 - msgid "Change which zone a network connection belongs to." -@@ -981,11 +969,11 @@ msgstr "로그 거부 값을 변경합니다." - - #: ../src/firewall-config.glade.h:66 - msgid "Configure Automatic Helper Assigment" --msgstr "" -+msgstr "자동 헬퍼 할당을 구성해 주십시오." - - #: ../src/firewall-config.glade.h:67 - msgid "Configure Automatic Helper Assignment setting." --msgstr "" -+msgstr "자동 헬퍼 할당 설정을 구성해 주십시오." - - #: ../src/firewall-config.glade.h:68 - msgid "Panic mode means that all incoming and outgoing packets are dropped." -@@ -999,9 +987,7 @@ msgstr "패닉 모드 " - msgid "" - "Lockdown locks firewall configuration so that only applications on lockdown " - "whitelist are able to change it." --msgstr "" --"잠금 기능은 방화벽 설정을 잠금하여 잠금 화이트리스트에 있는 애플리케이션만 변" --"경할 수 있게 합니다. " -+msgstr "잠금 기능은 방화벽 설정을 잠금하여 잠금 화이트리스트에 있는 애플리케이션만 변경할 수 있게 합니다. " - - #: ../src/firewall-config.glade.h:71 - msgid "Lockdown" -@@ -1029,7 +1015,7 @@ msgstr "ICMP 유형 " - - #: ../src/firewall-config.glade.h:77 - msgid "Helpers" --msgstr "" -+msgstr "헬퍼" - - #: ../src/firewall-config.glade.h:78 - msgid "Direct Configuration" -@@ -1049,7 +1035,7 @@ msgstr "도움말(_H)" - - #: ../src/firewall-config.glade.h:82 - msgid "Change Zone" --msgstr "" -+msgstr "영역 변경" - - #: ../src/firewall-config.glade.h:83 - msgid "Change zone of binding" -@@ -1075,8 +1061,8 @@ msgid "" - "configuration. Permanent configuration will be active after service or " - "system reload or restart." - msgstr "" --"현재 사용 가능한 설정. 런타임 설정은 실제 활성화된 설정입니다. 영구 설정은 서" --"비스나 시스템을 다시 로딩하거나 다시 시작한 후 사용할 수 있습니다." -+"현재 사용 가능한 설정. 런타임 설정은 실제 활성화된 설정입니다. 영구 설정은 서비스나 시스템을 다시 로딩하거나 다시 시작한 후 사용할 " -+"수 있습니다." - - #: ../src/firewall-config.glade.h:88 - msgid "" -@@ -1086,10 +1072,9 @@ msgid "" - "filters and rich rules. The zone can be bound to interfaces and source " - "addresses." - msgstr "" --"firewalld 영역은 영역과 결합된 네트워크 연결, 인터페이스 및 소스 주소의 신뢰" --"된 수준을 정의합니다. 영역은 서비스, 포트 프로토콜, 마스커레이딩, 포트/패킷 " --"포워딩, icmp 필터 및 고급 규칙의 조합입니다. 영역은 인터페이스와 소스 주소로 " --"연결될 수 있습니다." -+"firewalld 영역은 영역과 결합된 네트워크 연결, 인터페이스 및 소스 주소의 신뢰된 수준을 정의합니다. 영역은 서비스, 포트 " -+"프로토콜, 마스커레이딩, 포트/패킷 포워딩, icmp 필터 및 고급 규칙의 조합입니다. 영역은 인터페이스와 소스 주소로 연결될 수 " -+"있습니다." - - #: ../src/firewall-config.glade.h:90 - msgid "Add Zone" -@@ -1113,9 +1098,8 @@ msgid "" - "are accessible from all hosts and networks that can reach the machine from " - "connections, interfaces and sources bound to this zone." - msgstr "" --"영역에서 신뢰할 수 있는 서비스를 지정할 수 있습니다. 신뢰할 수 있는 서비스는 " --"이 영역에 결합된 연결, 인터페이스, 소스에서 시스템에 도달할 수 있는 모든 호스" --"트 및 네트워크에서 액세스 가능하게 됩니다." -+"영역에서 신뢰할 수 있는 서비스를 지정할 수 있습니다. 신뢰할 수 있는 서비스는 이 영역에 결합된 연결, 인터페이스, 소스에서 시스템에 " -+"도달할 수 있는 모든 호스트 및 네트워크에서 액세스 가능하게 됩니다." - - #: ../src/firewall-config.glade.h:95 - msgid "Services" -@@ -1125,9 +1109,7 @@ msgstr "서비스 " - msgid "" - "Add additional ports or port ranges, which need to be accessible for all " - "hosts or networks that can connect to the machine." --msgstr "" --"이 컴퓨터에 연결 가능한 모든 호스트 또는 네트워크에 액세스할 수 있어야 하는 " --"추가 포트 또는 포트 범위를 추가합니다. " -+msgstr "이 컴퓨터에 연결 가능한 모든 호스트 또는 네트워크에 액세스할 수 있어야 하는 추가 포트 또는 포트 범위를 추가합니다. " - - #: ../src/firewall-config.glade.h:97 - msgid "Add Port" -@@ -1170,12 +1152,11 @@ msgid "" - "Add additional source ports or port ranges, which need to be accessible for " - "all hosts or networks that can connect to the machine." - msgstr "" --"이 컴퓨터에 연결 가능한 모든 호스트 또는 네트워크에 액세스할 수 있어야 하는 " --"추가 소스 포트 또는 포트 범위를 추가합니다. " -+"이 컴퓨터에 연결 가능한 모든 호스트 또는 네트워크에 액세스할 수 있어야 하는 추가 소스 포트 또는 포트 범위를 추가합니다. " - - #: ../src/firewall-config.glade.h:107 - msgid "Source Ports" --msgstr "" -+msgstr "소스 포트" - - #: ../src/firewall-config.glade.h:108 - msgid "" -@@ -1183,10 +1164,9 @@ msgid "" - "network to the internet. Your local network will not be visible and the " - "hosts appear as a single address on the internet. Masquerading is IPv4 only." - msgstr "" --"마스커레이딩 (Masquerading) 기능은 로컬 네트워크를 인터넷에 연결하는 호스트" --"나 라우터를 설정할 수 있게 합니다. 로컬 네트워크는 볼 수 없으며 호스트는 인터" --"넷에서 하나의 주소로 나타납니다. 마스커레이딩 (Masquerading) 기능은 IPv4에서" --"만 해당됩니다. " -+"마스커레이딩 (Masquerading) 기능은 로컬 네트워크를 인터넷에 연결하는 호스트나 라우터를 설정할 수 있게 합니다. 로컬 " -+"네트워크는 볼 수 없으며 호스트는 인터넷에서 하나의 주소로 나타납니다. 마스커레이딩 (Masquerading) 기능은 IPv4에서만 " -+"해당됩니다. " - - #: ../src/firewall-config.glade.h:109 - msgid "Masquerade zone" -@@ -1196,8 +1176,7 @@ msgstr "마스커레이딩 영역 " - msgid "" - "If you enable masquerading, IP forwarding will be enabled for your IPv4 " - "networks." --msgstr "" --"마스커레이딩을 활성화할 경우 IP 포워딩은 IPv4 네트워크에 대해 활성화됩니다." -+msgstr "마스커레이딩을 활성화할 경우 IP 포워딩은 IPv4 네트워크에 대해 활성화됩니다." - - #: ../src/firewall-config.glade.h:111 - msgid "Masquerading" -@@ -1210,10 +1189,8 @@ msgid "" - "system is only useful if the interface is masqueraded. Port forwarding is " - "IPv4 only." - msgstr "" --"로컬 시스템 상에서 하나의 포트에서 다른 포트로 또는 로컬 시스템에서 다른 시스" --"템으로 포트를 포워딩하기 위해 항목을 추가합니다. 다른 시스템으로 포워딩하는 " --"것은 인터페이스가 마스커레이딩되었을 경우에만 유용합니다. 포트 포워딩은 IPv4" --"에서만 해당됩니다. " -+"로컬 시스템 상에서 하나의 포트에서 다른 포트로 또는 로컬 시스템에서 다른 시스템으로 포트를 포워딩하기 위해 항목을 추가합니다. 다른 " -+"시스템으로 포워딩하는 것은 인터페이스가 마스커레이딩되었을 경우에만 유용합니다. 포트 포워딩은 IPv4에서만 해당됩니다. " - - #: ../src/firewall-config.glade.h:113 - msgid "Add Forward Port" -@@ -1233,25 +1210,23 @@ msgid "" - "messages between networked computers, but additionally for informational " - "messages like ping requests and replies." - msgstr "" --"ICMP (Internet Control Message Protocol)는 네트워크로 연결된 컴퓨터 간의 오" --"류 메세지를 보내는 데 주로 사용되지만, 추가로 핑 요청 및 응답과 같은 알림 메" --"세지를 보내는 데 사용될 수 있습니다. " -+"ICMP (Internet Control Message Protocol)는 네트워크로 연결된 컴퓨터 간의 오류 메세지를 보내는 데 주로 " -+"사용되지만, 추가로 핑 요청 및 응답과 같은 알림 메세지를 보내는 데 사용될 수 있습니다. " - - #: ../src/firewall-config.glade.h:117 - msgid "" - "Mark the ICMP types in the list, which should be rejected. All other ICMP " - "types are allowed to pass the firewall. The default is no limitation." - msgstr "" --"목록에서 거부해야 할 ICMP 유형을 표시합니다. 그 외의 모든 ICMP 유형은 방화벽 " --"통과를 허용합니다. 기본값은 제한 없음입니다. " -+"목록에서 거부해야 할 ICMP 유형을 표시합니다. 그 외의 모든 ICMP 유형은 방화벽 통과를 허용합니다. 기본값은 제한 없음입니다. " - - #: ../src/firewall-config.glade.h:118 - msgid "" - "If Invert Filter is enabled, marked ICMP entries are accepted and the others " - "are rejected. In a zone with the target DROP, they are dropped." - msgstr "" --"필터 반전이 활성화되어 있을 경우 표시된 ICMP 항목이 허용되며 그 외의 항목은 " --"거부됩니다. 대상 DROP이 있는 영역에서 이러한 항목은 선택 해제됩니다." -+"필터 반전이 활성화되어 있을 경우 표시된 ICMP 항목이 허용되며 그 외의 항목은 거부됩니다. 대상 DROP이 있는 영역에서 이러한 " -+"항목은 선택 해제됩니다." - - #: ../src/firewall-config.glade.h:119 - msgid "Invert Filter" -@@ -1286,8 +1261,7 @@ msgid "" - "Add entries to bind interfaces to the zone. If the interface will be used by " - "a connection, the zone will be set to the zone specified in the connection." - msgstr "" --"영역에 인터페이스를 바인딩할 항목을 추가합니다. 인터페이스가 연결에 의해 사용" --"될 경우 영역은 연결에 지정된 영역으로 설정됩니다." -+"영역에 인터페이스를 바인딩할 항목을 추가합니다. 인터페이스가 연결에 의해 사용될 경우 영역은 연결에 지정된 영역으로 설정됩니다." - - #: ../src/firewall-config.glade.h:127 - msgid "Add Interface" -@@ -1307,9 +1281,8 @@ msgid "" - "to a MAC source address, but with limitations. Port forwarding and " - "masquerading will not work for MAC source bindings." - msgstr "" --"영역에 소스 주소 또는 범위를 바인딩할 항목을 추가합니다. MAC 소스 주소를 바인" --"딩할 수 있지만 제한이 따릅니다. 포트 포워딩 및 마스커레이딩은 MAC 소스 바인딩" --"에 작동하지 않습니다." -+"영역에 소스 주소 또는 범위를 바인딩할 항목을 추가합니다. MAC 소스 주소를 바인딩할 수 있지만 제한이 따릅니다. 포트 포워딩 및 " -+"마스커레이딩은 MAC 소스 바인딩에 작동하지 않습니다." - - #: ../src/firewall-config.glade.h:132 - msgid "Add Source" -@@ -1353,8 +1326,7 @@ msgstr "서비스 기본값 읽기 " - msgid "" - "Add additional ports or port ranges, which need to be accessible for all " - "hosts or networks." --msgstr "" --"모든 호스트 또는 네트워크에 액세스 가능한 포트 및 포트 범위를 추가합니다." -+msgstr "모든 호스트 또는 네트워크에 액세스 가능한 포트 및 포트 범위를 추가합니다." - - #: ../src/firewall-config.glade.h:144 - msgid "Edit Entry" -@@ -1368,9 +1340,7 @@ msgstr "항목 삭제 " - msgid "" - "Add additional source ports or port ranges, which need to be accessible for " - "all hosts or networks." --msgstr "" --"모든 호스트 또는 네트워크에 액세스 가능한 소스 포트 및 포트 범위를 추가합니" --"다." -+msgstr "모든 호스트 또는 네트워크에 액세스 가능한 소스 포트 및 포트 범위를 추가합니다." - - #: ../src/firewall-config.glade.h:147 - msgid "Source Port" -@@ -1378,7 +1348,7 @@ msgstr "소스 포트" - - #: ../src/firewall-config.glade.h:148 - msgid "Netfilter helper modules are needed for some services." --msgstr "" -+msgstr "일부 서비스 실행에 Netfilter 헬퍼 모듈이 필요합니다." - - #: ../src/firewall-config.glade.h:149 - msgid "Modules" -@@ -1390,8 +1360,7 @@ msgid "" - "the destination address and type. If both entries are empty, there is no " - "limitation." - msgstr "" --"대상 주소를 지정할 경우, 서비스 항목은 대상 주소 및 유형으로 제한됩니다. 두 " --"항목 모두가 비어 있을 경우 제한이 없게 됩니다." -+"대상 주소를 지정할 경우, 서비스 항목은 대상 주소 및 유형으로 제한됩니다. 두 항목 모두가 비어 있을 경우 제한이 없게 됩니다." - - #: ../src/firewall-config.glade.h:151 - msgid "IPv4:" -@@ -1405,17 +1374,14 @@ msgstr "IPv6:" - msgid "" - "Services can only be changed in the permanent configuration view. The " - "runtime configuration of services is fixed." --msgstr "" --"서비스는 영구 설정 보기에서만 변경할 수 있습니다. 서비스의 런타임 설정은 고정" --"되어 있습니다. " -+msgstr "서비스는 영구 설정 보기에서만 변경할 수 있습니다. 서비스의 런타임 설정은 고정되어 있습니다. " - - #: ../src/firewall-config.glade.h:154 - msgid "" - "An IPSet can be used to create white or black lists and is able to store for " - "example IP addresses, port numbers or MAC addresses. " - msgstr "" --"IPSet를 사용하여 화이트리스트 또는 블랙리스트를 만들 수 있으며 IP 주소, 포트 " --"번호, MAC 주소 등을 저장할 수 있습니다." -+"IPSet를 사용하여 화이트리스트 또는 블랙리스트를 만들 수 있으며 IP 주소, 포트 번호, MAC 주소 등을 저장할 수 있습니다." - - #: ../src/firewall-config.glade.h:155 - msgid "IPSet" -@@ -1444,17 +1410,15 @@ msgid "" - "added by firewalld. Entries, that have been directly added with the ipset " - "command wil not be listed here." - msgstr "" --" IPSet 항목입니다. 시간 제한 옵션을 사용하지 않는 IPSet 항목과 firewalld에 " --"의해 추가된 항목만을 확인할 수 있습니다. 직접 ipset 명령을 실행하여 추가된 항" --"목을 표시되지 않습니다." -+" IPSet 항목입니다. 시간 제한 옵션을 사용하지 않는 IPSet 항목과 firewalld에 의해 추가된 항목만을 확인할 수 있습니다." -+" 직접 ipset 명령을 실행하여 추가된 항목을 표시되지 않습니다." - - #: ../src/firewall-config.glade.h:161 - msgid "" - "This IPSet uses the timeout option, therefore no entries are visible here. " - "The entries should be taken care directly with the ipset command." - msgstr "" --"IPSet는 시간 제한 옵션을 사용하기 때문에 여기에는 항목이 표시되지 않습니" --"다. ipset 명령을 직접 실행하여 항목을 관리합니다." -+"IPSet는 시간 제한 옵션을 사용하기 때문에 여기에는 항목이 표시되지 않습니다. ipset 명령을 직접 실행하여 항목을 관리합니다." - - #: ../src/firewall-config.glade.h:162 - msgid "Add" -@@ -1474,8 +1438,8 @@ msgid "" - "A firewalld icmptype provides the information for an Internet Control " - "Message Protocol (ICMP) type for firewalld." - msgstr "" --"firewalld icmp 유형은 firewalld 용 ICMP (Internet Control Message Protocol) " --"유형의 정보를 제공합니다. " -+"firewalld icmp 유형은 firewalld 용 ICMP (Internet Control Message Protocol) 유형의 " -+"정보를 제공합니다. " - - #: ../src/firewall-config.glade.h:167 - msgid "Add ICMP Type" -@@ -1501,9 +1465,7 @@ msgstr "ICMP 유형이 IPv4 및 IPv6에서 사용 가능한 지에 대한 여부 - msgid "" - "ICMP Types can only be changed in the permanent configuration view. The " - "runtime configuration of ICMP Types is fixed." --msgstr "" --"ICMP 유형은 영구 설정 보기에서만 변경할 수 있습니다. ICMP 유형의 런타임 설정" --"은 고정되어 있습니다. " -+msgstr "ICMP 유형은 영구 설정 보기에서만 변경할 수 있습니다. ICMP 유형의 런타임 설정은 고정되어 있습니다. " - - #: ../src/firewall-config.glade.h:173 - msgid "" -@@ -1512,10 +1474,12 @@ msgid "" - "are using ports that are unrelated to the signaling connection and are " - "therefore blocked by the firewall without the helper." - msgstr "" -+"연결 추적 헬퍼가 신호 발송과 데이터 전송에 서로 다른 흐름을 사용하는 프로토콜이 작동하도록 돕습니다. 데이터 전송은 신호 발송 연결과 " -+"무관한 포트를 사용하므로 헬퍼 없이는 방화벽에 의해 차단됩니다." - - #: ../src/firewall-config.glade.h:174 - msgid "Define ports or port ranges, which are monitored by the helper." --msgstr "" -+msgstr "헬퍼가 모니터링하는 포트 또는 포트 범위를 정의해 주십시오." - - #: ../src/firewall-config.glade.h:175 - msgid "" -@@ -1524,10 +1488,9 @@ msgid "" - "commands, parameters and targets. Direct configuration should be used only " - "as a last resort when it is not possible to use other firewalld features." - msgstr "" --"직접 설정하면 방화벽에 직접 액세스할 수 있습니다. 이 옵션은 사용자가 iptables" --"의 기본 개념, 즉 테이블, 체인, 명령, 매개 변수, 대상에 대한 지식을 가지고 있" --"음을 전제로 하고 있습니다. 직접 설정은 다른 방화벽 기능을 사용할 수 없는 경우" --"에 마지막 방법으로 사용해야 합니다." -+"직접 설정하면 방화벽에 직접 액세스할 수 있습니다. 이 옵션은 사용자가 iptables의 기본 개념, 즉 테이블, 체인, 명령, 매개 " -+"변수, 대상에 대한 지식을 가지고 있음을 전제로 하고 있습니다. 직접 설정은 다른 방화벽 기능을 사용할 수 없는 경우에 마지막 방법으로 " -+"사용해야 합니다." - - #: ../src/firewall-config.glade.h:176 - msgid "" -@@ -1535,9 +1498,8 @@ msgid "" - "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " - "bridges (ebtables)." - msgstr "" --"각 옵션의 ipv 인수는 ipv4, ipv6, eb 중 하나여야 합니다. ipv4를 지정하면 " --"iptables가 사용됩니다. ipv6를 지정하면 ip6tables가 사용됩니다. eb를 사용하면 " --"이더넷 브리지 (ebtables)가 사용됩니다." -+"각 옵션의 ipv 인수는 ipv4, ipv6, eb 중 하나여야 합니다. ipv4를 지정하면 iptables가 사용됩니다. ipv6를 " -+"지정하면 ip6tables가 사용됩니다. eb를 사용하면 이더넷 브리지 (ebtables)가 사용됩니다." - - #: ../src/firewall-config.glade.h:177 - msgid "Additional chains for use with rules." -@@ -1562,8 +1524,7 @@ msgstr "체인 " - #: ../src/firewall-config.glade.h:182 - msgid "" - "Add a rule with the arguments args to a chain in a table with a priority." --msgstr "" --"규칙을 args 인수와 함께 테이블에 있는 체인에 우선 순위를 붙여 추가합니다." -+msgstr "규칙을 args 인수와 함께 테이블에 있는 체인에 우선 순위를 붙여 추가합니다." - - #: ../src/firewall-config.glade.h:183 - msgid "" -@@ -1574,11 +1535,9 @@ msgid "" - "after another one, use a low priority for the first and a higher for the " - "following." - msgstr "" --"우선 순위는 규칙의 순서를 지정하는데 사용됩니다. 우선 순위 0은 규칙을 체인의 " --"처음에 추가합니다. 더 높은 우선 순위를 가진 규칙이 더 아래에 추가됩니다. 동일" --"한 우선 순위를 갖는 규칙은 동일한 수준이 되며 이러한 규칙의 순서는 고정되지 " --"않고 변경될 수 있습니다. 규칙을 다른 규칙 뒤에 추가하려면 먼저 낮은 우선 순위" --"를 사용하고 그 다음으로 더 높은 우선 순위를 사용합니다." -+"우선 순위는 규칙의 순서를 지정하는데 사용됩니다. 우선 순위 0은 규칙을 체인의 처음에 추가합니다. 더 높은 우선 순위를 가진 규칙이 더 " -+"아래에 추가됩니다. 동일한 우선 순위를 갖는 규칙은 동일한 수준이 되며 이러한 규칙의 순서는 고정되지 않고 변경될 수 있습니다. 규칙을 " -+"다른 규칙 뒤에 추가하려면 먼저 낮은 우선 순위를 사용하고 그 다음으로 더 높은 우선 순위를 사용합니다." - - #: ../src/firewall-config.glade.h:184 - msgid "Add Rule" -@@ -1602,8 +1561,8 @@ msgid "" - "not placed in special chains. All iptables, ip6tables and ebtables options " - "can be used." - msgstr "" --"통과 규칙은 직접 방화벽에 전달되는 규칙으로 특별한 체인에 두지 않습니다. " --"iptables, ip6tables, ebtables의 모든 옵션을 사용할 수 있습니다." -+"통과 규칙은 직접 방화벽에 전달되는 규칙으로 특별한 체인에 두지 않습니다. iptables, ip6tables, ebtables의 모든 " -+"옵션을 사용할 수 있습니다." - - #: ../src/firewall-config.glade.h:189 - msgid "Please be careful with passthrough rules to not damage the firewall." -@@ -1631,9 +1590,8 @@ msgid "" - "firewalld. It limits changes to the firewall. The lockdown whitelist can " - "contain commands, contexts, users and user ids." - msgstr "" --"잠금 기능은 firewalld의 사용자 및 애플리케이션 정책에 대한 경량 버전입니다. " --"이는 방화벽 변경을 제한합니다. 잠금 화이트리스트에는 명령, 컨텍스트, 사용자 " --"및 사용자 ID가 포함되어 있습니다. " -+"잠금 기능은 firewalld의 사용자 및 애플리케이션 정책에 대한 경량 버전입니다. 이는 방화벽 변경을 제한합니다. 잠금 " -+"화이트리스트에는 명령, 컨텍스트, 사용자 및 사용자 ID가 포함되어 있습니다. " - - #: ../src/firewall-config.glade.h:195 - msgid "" -@@ -1641,9 +1599,8 @@ msgid "" - "service. To get the context of a running application use ps -e --" - "context." - msgstr "" --"컨텍스트는 실행 중인 애플리케이션이나 서비스의 보안 (SELinux) 컨텍스트입니" --"다. 실행 중인 애플리케이션의 컨텍스트를 얻으려면 ps -e --context를 " --"사용합니다." -+"컨텍스트는 실행 중인 애플리케이션이나 서비스의 보안 (SELinux) 컨텍스트입니다. 실행 중인 애플리케이션의 컨텍스트를 얻으려면 " -+"ps -e --context를 사용합니다." - - #: ../src/firewall-config.glade.h:196 - msgid "Add Context" -@@ -1667,9 +1624,8 @@ msgid "" - "command lines starting with the command will match. If the '*' is not there " - "the absolute command inclusive arguments must match." - msgstr "" --"화이트리스트의 명령이 별표 '*'로 끝나는 경우 해당 명령으로 시작하는 모든 명령" --"행과 일치하게 됩니다. '*'가 없을 경우 인수를 포함하여 명령이 정확하게 일치해" --"야 합니다. " -+"화이트리스트의 명령이 별표 '*'로 끝나는 경우 해당 명령으로 시작하는 모든 명령행과 일치하게 됩니다. '*'가 없을 경우 인수를 " -+"포함하여 명령이 정확하게 일치해야 합니다. " - - #: ../src/firewall-config.glade.h:201 - msgid "Add Command Line" -@@ -1747,7 +1703,7 @@ msgctxt "" - "Meaning: Log of denied packets. But this is too long. LogDenied is also the " - "parameter used in firewalld.conf." - msgid "Automatic Helpers:" --msgstr "" -+msgstr "자동 헬퍼:" - - #: ../src/firewall-config.glade.h:219 - msgid "Lockdown:" -@@ -1759,7 +1715,7 @@ msgstr "기본 영역: " - - #: ../src/firewall-config.glade.h:222 - msgid "Please enter an interface name:" --msgstr "" -+msgstr "인터페이스 이름을 입력해 주십시오:" - - #: ../src/firewall-config.glade.h:223 - msgid "Base IPSet Settings" -@@ -1803,7 +1759,7 @@ msgstr " IPSet을 선택하십시오:" - - #: ../src/firewall-config.glade.h:234 - msgid "Please enter an ipset entry:" --msgstr "" -+msgstr "ipset 항목을 입력해 주십시오:" - - #: ../src/firewall-config.glade.h:235 - msgid "Log Denied" -@@ -1835,7 +1791,7 @@ msgstr "Mask:" - - #: ../src/firewall-config.glade.h:242 - msgid "Please select a netfilter conntrack helper:" --msgstr "" -+msgstr "Netfilter conntrack 헬퍼를 선택해 주십시오." - - #: ../src/firewall-config.glade.h:243 - msgid "- Select -" -@@ -1843,7 +1799,7 @@ msgstr "- 선택 -" - - #: ../src/firewall-config.glade.h:244 - msgid "Other Module:" --msgstr "" -+msgstr "기타 모듈:" - - #: ../src/firewall-config.glade.h:245 - msgid "Port and Protocol" -@@ -1883,9 +1839,7 @@ msgstr "고급 규칙을 입력하십시오. " - - #: ../src/firewall-config.glade.h:255 - msgid "For host or network white or blacklisting deactivate the element." --msgstr "" --"호스트 또는 네트워크의 경우 화이트 또는 블랙 리스트에 따라 요소가 비활성화됩" --"니다." -+msgstr "호스트 또는 네트워크의 경우 화이트 또는 블랙 리스트에 따라 요소가 비활성화됩니다." - - #: ../src/firewall-config.glade.h:256 - msgid "Source:" -@@ -1913,11 +1867,9 @@ msgstr "변환됨 " - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." --msgstr "" --"이를 활성화하려면 작업을 '거부'하고 'ipv4' 또는 'ipv6' 중 하나 (둘 중 하나)" --"의 제품군을 선택합니다. " -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." -+msgstr "이를 활성화하려면 작업을 '거부'하고 'ipv4' 또는 'ipv6' 중 하나 (둘 중 하나)의 제품군을 선택합니다. " - - #: ../src/firewall-config.glade.h:267 - msgid "with Type:" -@@ -1961,7 +1913,7 @@ msgstr "서비스를 선택하십시오. " - - #: ../src/firewall-config.glade.h:297 - msgid "Please enter a source." --msgstr "" -+msgstr "소스를 입력해 주십시오." - - #: ../src/firewall-config.glade.h:298 - msgid "User ID" -diff --git a/po/lt.po b/po/lt.po -index c129e2be23b9..b2061321ab56 100644 ---- a/po/lt.po -+++ b/po/lt.po -@@ -4,16 +4,16 @@ msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" --"PO-Revision-Date: 2018-10-09 09:55+0000\n" --"Last-Translator: Moo \n" --"Language-Team: Lithuanian\n" --"Language: lt\n" - "MIME-Version: 1.0\n" - "Content-Type: text/plain; charset=UTF-8\n" - "Content-Transfer-Encoding: 8bit\n" -+"PO-Revision-Date: 2018-10-31 08:18+0000\n" -+"Last-Translator: Moo \n" -+"Language-Team: Lithuanian\n" -+"Language: lt\n" - "X-Generator: Zanata 4.6.2\n" --"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && (n" --"%100<10 || n%100>=20) ? 1 : 2)\n" -+"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && " -+"(n%100<10 || n%100>=20) ? 1 : 2)\n" - - #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 - msgid "Firewall Applet" -@@ -71,6 +71,8 @@ msgid "" - "This feature is useful for people using the default zones mostly. For users, " - "that are changing zones of connections, it might be of limited use." - msgstr "" -+"Ši ypatybė yra naudinga žmonėms, kurie, daugiausiai, naudoja numatytąsias " -+"zonas. Naudotojams, kurie keičia ryšių zonas ši ypatybė gali būti ribota." - - #: ../src/firewall-applet.in:235 - msgid "Shields Up Zone:" -@@ -78,7 +80,7 @@ msgstr "" - - #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 - msgid "Reset To Default" --msgstr "" -+msgstr "Atstatyti į numatytąją" - - #: ../src/firewall-applet.in:248 - msgid "Shields Down Zone:" -@@ -141,7 +143,7 @@ msgstr "Sąsajos" - #: ../src/firewall-config.in:2499 ../src/firewall-config.in:2667 - #: ../src/firewall-config.in:2691 ../src/firewall-config.glade.h:135 - msgid "Sources" --msgstr "" -+msgstr "Šaltiniai" - - #: ../src/firewall-applet.in:590 ../src/firewall-config.in:2279 - msgid "Authorization failed." -@@ -189,19 +191,22 @@ msgid "" - "Default Zone '{default_zone}' active for connection '{connection}' on " - "interface '{interface}'" - msgstr "" -+"Numatytoji zona \"{default_zone}\" aktyvi ryšiui \"{connection}\" ties " -+"sąsaja \"{interface}\"" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" --msgstr "" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" -+msgstr "Zona \"{zone}\" aktyvi ryšiui \"{connection}\" ties sąsaja \"{interface}\"" - - #: ../src/firewall-applet.in:892 - msgid "Zone '{zone}' active for interface '{interface}'" --msgstr "" -+msgstr "Zona \"{zone}\" aktyvi sąsajai \"{interface}\"" - - #: ../src/firewall-applet.in:900 - msgid "Zone '{zone}' active for source {source}" --msgstr "" -+msgstr "Zona \"{zone}\" aktyvi sąsajai {source}" - - #: ../src/firewall-applet.in:904 - msgid "No Active Zones." -@@ -230,41 +235,45 @@ msgstr "Tinklo duomenų srautas daugiau nebėra užblokuotas." - - #: ../src/firewall-applet.in:1031 ../src/firewall-applet.in:1085 - msgid "activated" --msgstr "" -+msgstr "aktyvuota" - - #: ../src/firewall-applet.in:1032 ../src/firewall-applet.in:1086 - msgid "deactivated" --msgstr "" -+msgstr "pasyvinta" - - #: ../src/firewall-applet.in:1037 - msgid "" - "Default zone '{default_zone}' {activated_deactivated} for connection " - "'{connection}' on interface '{interface}'" - msgstr "" -+"Numatytoji zona \"{default_zone}\" {activated_deactivated} ryšiui " -+"\"{connection}\" ties sąsaja \"{interface}\"" - - #: ../src/firewall-applet.in:1042 - msgid "" - "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " - "interface '{interface}'" - msgstr "" -+"Zona \"{zone}\" {activated_deactivated} ryšiui \"{connection}\" ties sąsaja " -+"\"{interface}\"" - - #: ../src/firewall-applet.in:1047 - msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" --msgstr "" -+msgstr "Zona \"{zone}\" {activated_deactivated} sąsajai \"{interface}\"" - - #: ../src/firewall-applet.in:1070 - #, c-format - msgid "Zone '%s' activated for interface '%s'" --msgstr "" -+msgstr "Zona \"%s\" aktyvuota sąsajai \"%s\"" - - #: ../src/firewall-applet.in:1087 - msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" --msgstr "" -+msgstr "Zona \"{zone}\" {activated_deactivated} šaltiniui \"{source}\"" - - #: ../src/firewall-applet.in:1111 - #, c-format - msgid "Zone '%s' activated for source '%s'" --msgstr "" -+msgstr "Zona \"%s\" aktyvuota šaltiniui \"%s\"" - - #: ../src/firewall-config.in:89 - msgid "Connection to firewalld established." -@@ -294,15 +303,15 @@ msgstr "" - #: ../src/firewall-config.in:97 - #, c-format - msgid "Default zone used by network connection '%s'" --msgstr "" -+msgstr "Numatytoji zona, naudojama ryšio \"%s\"" - - #: ../src/firewall-config.in:99 - msgid "enabled" --msgstr "" -+msgstr "įjungta" - - #: ../src/firewall-config.in:100 - msgid "disabled" --msgstr "" -+msgstr "išjungta" - - #: ../src/firewall-config.in:125 - msgid "Failed to load icons." -@@ -310,31 +319,31 @@ msgstr "Nepavyko įkelti piktogramų." - - #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 - msgid "Context" --msgstr "" -+msgstr "Kontekstas" - - #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 - msgid "Command line" --msgstr "" -+msgstr "Komandų eilutė" - - #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 - msgid "User name" --msgstr "" -+msgstr "Naudotojo vardas" - - #: ../src/firewall-config.in:244 - msgid "User id" --msgstr "" -+msgstr "Naudotojo id" - - #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 - msgid "Table" --msgstr "" -+msgstr "Lentelė" - - #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 - msgid "Chain" --msgstr "" -+msgstr "Grandinė" - - #: ../src/firewall-config.in:322 - msgid "Priority" --msgstr "" -+msgstr "Pirmenybė" - - #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 - msgid "Args" -@@ -342,15 +351,15 @@ msgstr "" - - #: ../src/firewall-config.in:401 ../src/firewall-config.in:2329 - msgid "Runtime" --msgstr "" -+msgstr "Vykdymo trukmės" - - #: ../src/firewall-config.in:402 - msgid "Permanent" --msgstr "" -+msgstr "Ilgalaikė" - - #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 - msgid "Service" --msgstr "" -+msgstr "Tarnyba" - - #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 - #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 -@@ -368,23 +377,23 @@ msgstr "Protokolas" - - #: ../src/firewall-config.in:564 - msgid "To Port" --msgstr "" -+msgstr "Į prievadą" - - #: ../src/firewall-config.in:566 - msgid "To Address" --msgstr "" -+msgstr "Į adresą" - - #: ../src/firewall-config.in:616 - msgid "Bindings" --msgstr "" -+msgstr "Susiejimai" - - #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 - msgid "Entry" --msgstr "" -+msgstr "Įrašas" - - #: ../src/firewall-config.in:777 - msgid "Icmp Type" --msgstr "" -+msgstr "Icmp tipas" - - #: ../src/firewall-config.in:821 - msgid "Family" -@@ -396,15 +405,15 @@ msgstr "Veiksmas" - - #: ../src/firewall-config.in:825 - msgid "Element" --msgstr "" -+msgstr "Elementas" - - #: ../src/firewall-config.in:827 - msgid "Src" --msgstr "" -+msgstr "Šalt." - - #: ../src/firewall-config.in:829 - msgid "Dest" --msgstr "" -+msgstr "Pask." - - #: ../src/firewall-config.in:831 - msgid "log" -@@ -424,7 +433,7 @@ msgstr "Komentaras" - - #: ../src/firewall-config.in:955 ../src/firewall-config.glade.h:27 - msgid "Source" --msgstr "" -+msgstr "Šaltinis" - - #: ../src/firewall-config.in:1609 ../src/firewall-config.in:2802 - #: ../src/firewall-config.in:2850 -@@ -438,13 +447,13 @@ msgstr "Klaida" - #: ../src/firewall-config.in:2035 ../src/firewall-config.in:3199 - #: ../src/firewall-config.in:3692 ../src/firewall-config.glade.h:262 - msgid "accept" --msgstr "" -+msgstr "priimti" - - #: ../src/firewall-config.in:2037 ../src/firewall-config.in:3201 - #: ../src/firewall-config.in:3694 ../src/firewall-config.in:3842 - #: ../src/firewall-config.glade.h:263 - msgid "reject" --msgstr "" -+msgstr "atmesti" - - #: ../src/firewall-config.in:2041 ../src/firewall-config.in:3216 - #: ../src/firewall-config.in:3699 ../src/firewall-config.glade.h:264 -@@ -455,7 +464,7 @@ msgstr "" - #: ../src/firewall-config.in:3701 ../src/firewall-config.in:3843 - #: ../src/firewall-config.glade.h:265 - msgid "mark" --msgstr "" -+msgstr "žymėti" - - #: ../src/firewall-config.in:2046 ../src/firewall-config.in:2090 - #: ../src/firewall-config.in:2095 -@@ -537,7 +546,7 @@ msgstr "Zona: %s" - #: ../src/firewall-config.in:2799 - #, c-format - msgid "Zone '%s': Service '%s' is not available." --msgstr "" -+msgstr "Zona \"%s\": Tarnyba \"%s\" yra neprieinama." - - #: ../src/firewall-config.in:2803 ../src/firewall-config.in:2851 - #: ../src/firewall-config.glade.h:163 -@@ -631,10 +640,12 @@ msgstr "ipv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" -+"Peradresavimas į kitą sistemą yra naudingas tik tuomet, jei sąsaja yra " -+"maskuojama.\n" -+"Ar norite maskuoti šią zoną?" - - #: ../src/firewall-config.in:5376 - msgid "Built-in service, rename not supported." -@@ -665,6 +676,8 @@ msgid "" - "The mask can be a network mask or a number for ipv4.\n" - "The mask is a number for ipv6." - msgstr "" -+"Kaukė gali būti tinklo kaukė arba, ipv4 atveju, gali būti skaičius.\n" -+"Kaukė, ipv6 atveju, yra skaičius." - - #: ../src/firewall-config.in:5776 - msgid "Built-in ipset, rename not supported." -@@ -676,16 +689,16 @@ msgstr "Pasirinkite failą" - - #: ../src/firewall-config.in:5875 ../src/firewall-config.in:5957 - msgid "Text Files" --msgstr "" -+msgstr "Tekstiniai failai" - - #: ../src/firewall-config.in:5880 ../src/firewall-config.in:5962 - msgid "All Files" --msgstr "" -+msgstr "Visi failai" - - #: ../src/firewall-config.in:6383 ../src/firewall-config.in:6412 - #: ../src/firewall-config.glade.h:40 - msgid "All" --msgstr "" -+msgstr "Visi" - - #: ../src/firewall-config.in:6383 ../src/firewall-config.in:6412 - #: ../src/firewall-config.glade.h:41 -@@ -742,23 +755,23 @@ msgstr "Pasirinkite numatytąją zoną iš sąrašo žemiau." - - #: ../src/firewall-config.glade.h:10 - msgid "Direct Chain" --msgstr "" -+msgstr "Tiesioginė grandinė" - - #: ../src/firewall-config.glade.h:11 - msgid "Please select ipv and table and enter the chain name." --msgstr "" -+msgstr "Pasirinkite ipv bei lentelę ir įveskite grandinės pavadinimą." - - #: ../src/firewall-config.glade.h:12 - msgid "ipv:" --msgstr "" -+msgstr "ipv:" - - #: ../src/firewall-config.glade.h:13 - msgid "eb" --msgstr "" -+msgstr "eb" - - #: ../src/firewall-config.glade.h:14 - msgid "Chain:" --msgstr "" -+msgstr "Grandinė:" - - #: ../src/firewall-config.glade.h:15 - msgid "nat" -@@ -774,7 +787,7 @@ msgstr "" - - #: ../src/firewall-config.glade.h:18 - msgid "Table:" --msgstr "" -+msgstr "Lentelė:" - - #: ../src/firewall-config.glade.h:19 - msgid "Direct Passthrough Rule" -@@ -786,16 +799,16 @@ msgstr "" - - #: ../src/firewall-config.glade.h:21 - msgid "Args:" --msgstr "" -+msgstr "Argumentai:" - - #: ../src/firewall-config.glade.h:22 - msgid "Port Forwarding" --msgstr "" -+msgstr "Prievadų peradresavimas" - - #: ../src/firewall-config.glade.h:23 - msgid "" - "Please select the source and destination options according to your needs." --msgstr "" -+msgstr "Pasirinkite šaltinio ir paskirties parametrus pagal savo poreikius." - - #: ../src/firewall-config.glade.h:24 - msgid "Port / Port Range:" -@@ -818,14 +831,16 @@ msgid "" - "If you enable local forwarding, you have to specify a port. This port has to " - "be different to the source port." - msgstr "" -+"Jeigu įjungsite vietinį peradresavimą, turėsite nurodyti prievadą. Šis " -+"prievadas turės būti kitoks nei šaltinio prievadas." - - #: ../src/firewall-config.glade.h:30 - msgid "Local forwarding" --msgstr "" -+msgstr "Vietinis peradresavimas" - - #: ../src/firewall-config.glade.h:31 - msgid "Forward to another port" --msgstr "" -+msgstr "Peradresuoti į kitą prievadą" - - #: ../src/firewall-config.glade.h:32 - msgid "Base Helper Settings" -@@ -837,7 +852,7 @@ msgstr "" - - #: ../src/firewall-config.glade.h:34 - msgid "Bold entries are mandatory, all others are optional." --msgstr "" -+msgstr "Pusjuodžiai įrašai yra privalomi, visi kiti - nebūtini." - - #: ../src/firewall-config.glade.h:35 - msgid "Name:" -@@ -925,18 +940,22 @@ msgid "" - "runtime configuration. i.e. all runtime only changes done until reload are " - "lost with reload if they have not been also in permanent configuration." - msgstr "" -+"Iš naujo įkelia visas užkardos taisykles. Dabartinė ilgalaikė konfigūracija " -+"taps naująja vykdymo trukmės konfigūracija. T. y. įkėlus iš naujo, visi tik " -+"vykdymo trukmės pakeitimai bus prarasti, jeigu jų nebuvo taip pat ir " -+"ilgalaikėje konfigūracijoje." - - #: ../src/firewall-config.glade.h:60 - msgid "Change which zone a network connection belongs to." --msgstr "" -+msgstr "Keisti kuriai zonai priklausys tinklo ryšys." - - #: ../src/firewall-config.glade.h:62 - msgid "Change Default Zone" --msgstr "" -+msgstr "Keisti numatytąją zoną" - - #: ../src/firewall-config.glade.h:63 - msgid "Change default zone for connections or interfaces." --msgstr "" -+msgstr "Keisti numatytąją ryšių ir sąsajų zoną." - - #: ../src/firewall-config.glade.h:64 - msgid "Change Log Denied" -@@ -948,11 +967,11 @@ msgstr "" - - #: ../src/firewall-config.glade.h:66 - msgid "Configure Automatic Helper Assigment" --msgstr "" -+msgstr "Konfigūruoti automatinių pagelbiklių priskyrimą" - - #: ../src/firewall-config.glade.h:67 - msgid "Configure Automatic Helper Assignment setting." --msgstr "" -+msgstr "Konfigūruoti automatinių pagelbiklių priskyrimo nustatymą." - - #: ../src/firewall-config.glade.h:68 - msgid "Panic mode means that all incoming and outgoing packets are dropped." -@@ -960,7 +979,7 @@ msgstr "" - - #: ../src/firewall-config.glade.h:69 - msgid "Panic Mode" --msgstr "" -+msgstr "Panikos veiksena" - - #: ../src/firewall-config.glade.h:70 - msgid "" -@@ -974,11 +993,11 @@ msgstr "" - - #: ../src/firewall-config.glade.h:72 - msgid "Make runtime configuration permanent" --msgstr "" -+msgstr "Paversti vykdymo trukmės konfigūracija į ilgalaikę" - - #: ../src/firewall-config.glade.h:73 - msgid "Runtime To Permanent" --msgstr "" -+msgstr "Vykdymo trukmės į ilgalaikę" - - #: ../src/firewall-config.glade.h:74 - msgid "_View" -@@ -998,7 +1017,7 @@ msgstr "Pagelbikliai" - - #: ../src/firewall-config.glade.h:78 - msgid "Direct Configuration" --msgstr "" -+msgstr "Tiesioginė konfigūracija" - - #: ../src/firewall-config.glade.h:79 - msgid "Lockdown Whitelist" -@@ -1006,7 +1025,7 @@ msgstr "" - - #: ../src/firewall-config.glade.h:80 - msgid "Active Bindings" --msgstr "" -+msgstr "Aktyvūs susiejimai" - - #: ../src/firewall-config.glade.h:81 - msgid "_Help" -@@ -1018,7 +1037,7 @@ msgstr "Keisti zoną" - - #: ../src/firewall-config.glade.h:83 - msgid "Change zone of binding" --msgstr "" -+msgstr "Keisti susiejimo zoną" - - #: ../src/firewall-config.glade.h:84 - msgid "" -@@ -1032,7 +1051,7 @@ msgstr "" - - #: ../src/firewall-config.glade.h:86 - msgid "Configuration:" --msgstr "" -+msgstr "Konfigūracija:" - - #: ../src/firewall-config.glade.h:87 - msgid "" -@@ -1040,6 +1059,9 @@ msgid "" - "configuration. Permanent configuration will be active after service or " - "system reload or restart." - msgstr "" -+"Šiuo metu matoma konfigūracija. Vykdymo trukmės konfigūracija yra dabartinė " -+"aktyvi konfigūracija. Ilgalaikė konfigūracija bus aktyvi po tarnybos ar " -+"sistemos įkelimo iš naujo, ar paleidimo iš naujo." - - #: ../src/firewall-config.glade.h:88 - msgid "" -@@ -1049,6 +1071,10 @@ msgid "" - "filters and rich rules. The zone can be bound to interfaces and source " - "addresses." - msgstr "" -+"Firewalld zona apibrėžia su zona susietų tinklo ryšių, sąsajų ir šaltinio " -+"adresų pasitikėjimo lygius. Zoną sudaro tarnybos, prievadai, protokolai, " -+"maskavimai, prievadų/paketų peradresavimai, icmp filtrai ir išsamios " -+"taisyklės. Zona gali būti susieta su sąsajomis ir šaltinio adresais." - - #: ../src/firewall-config.glade.h:90 - msgid "Add Zone" -@@ -1075,7 +1101,7 @@ msgstr "" - - #: ../src/firewall-config.glade.h:95 - msgid "Services" --msgstr "" -+msgstr "Tarnybos" - - #: ../src/firewall-config.glade.h:96 - msgid "" -@@ -1138,17 +1164,19 @@ msgstr "" - - #: ../src/firewall-config.glade.h:109 - msgid "Masquerade zone" --msgstr "" -+msgstr "Maskuoti zoną" - - #: ../src/firewall-config.glade.h:110 - msgid "" - "If you enable masquerading, IP forwarding will be enabled for your IPv4 " - "networks." - msgstr "" -+"Jeigu įjungsite maskavimą, tuomet jūsų IPv4 tinklams bus įjungtas IP " -+"peradresavimas." - - #: ../src/firewall-config.glade.h:111 - msgid "Masquerading" --msgstr "" -+msgstr "Maskavimas" - - #: ../src/firewall-config.glade.h:112 - msgid "" -@@ -1176,6 +1204,10 @@ msgid "" - "messages between networked computers, but additionally for informational " - "messages like ping requests and replies." - msgstr "" -+"Internetinio valdymo pranešimų protokolas (angl. Internet Control Message " -+"Protocol (ICMP)) pagrinde yra naudojamas siųsti žinutes tarp kompiuterių " -+"tinkle, o taip pat ir informacinius pranešimus, tokius kaip ryšio " -+"patikrinimų užklausas ir atsakymus." - - #: ../src/firewall-config.glade.h:117 - msgid "" -@@ -1195,33 +1227,35 @@ msgstr "" - - #: ../src/firewall-config.glade.h:120 - msgid "ICMP Filter" --msgstr "" -+msgstr "ICMP filtras" - - #: ../src/firewall-config.glade.h:121 - msgid "Here you can set rich language rules for the zone." --msgstr "" -+msgstr "Čia galite nustatyti zonai išsamios kalbos taisykles." - - #: ../src/firewall-config.glade.h:122 - msgid "Add Rich Rule" --msgstr "" -+msgstr "Pridėti išsamią taisyklę" - - #: ../src/firewall-config.glade.h:123 - msgid "Edit Rich Rule" --msgstr "" -+msgstr "Taisyti išsamią taisyklę" - - #: ../src/firewall-config.glade.h:124 - msgid "Remove Rich Rule" --msgstr "" -+msgstr "Šalinti išsamią taisyklę" - - #: ../src/firewall-config.glade.h:125 - msgid "Rich Rules" --msgstr "" -+msgstr "Išsamios taisyklės" - - #: ../src/firewall-config.glade.h:126 - msgid "" - "Add entries to bind interfaces to the zone. If the interface will be used by " - "a connection, the zone will be set to the zone specified in the connection." - msgstr "" -+"Pridėkite įrašus, norėdami susieti sąsajas su zona. Jeigu ryšys naudos " -+"sąsają, tuomet zona bus nustatyta į tą, kuri yra nurodyta ryšyje." - - #: ../src/firewall-config.glade.h:127 - msgid "Add Interface" -@@ -1241,18 +1275,21 @@ msgid "" - "to a MAC source address, but with limitations. Port forwarding and " - "masquerading will not work for MAC source bindings." - msgstr "" -+"Pridėkite įrašus, norėdami susieti adresus ar sritis su zona. Taip pat " -+"galite susieti su MAC šaltinio adresu, tačiau su apribojimais. Prievadų " -+"peradresavimas ir maskavimas neveiks su MAC šaltinio susiejimais." - - #: ../src/firewall-config.glade.h:132 - msgid "Add Source" --msgstr "" -+msgstr "Pridėti šaltinį" - - #: ../src/firewall-config.glade.h:133 - msgid "Edit Source" --msgstr "" -+msgstr "Taisyti šaltinį" - - #: ../src/firewall-config.glade.h:134 - msgid "Remove Source" --msgstr "" -+msgstr "Šalinti šaltinį" - - #: ../src/firewall-config.glade.h:136 - msgid "Zones" -@@ -1263,18 +1300,20 @@ msgid "" - "A firewalld service is a combination of ports, protocols, modules and " - "destination addresses." - msgstr "" -+"Firewalld tarnyba yra prievadų, protokolų, modulių ir paskirties adresų " -+"kombinacija." - - #: ../src/firewall-config.glade.h:139 - msgid "Add Service" --msgstr "" -+msgstr "Pridėti tarnybą" - - #: ../src/firewall-config.glade.h:140 - msgid "Edit Service" --msgstr "" -+msgstr "Taisyti tarnybą" - - #: ../src/firewall-config.glade.h:141 - msgid "Remove Service" --msgstr "" -+msgstr "Šalinti tarnybą" - - #: ../src/firewall-config.glade.h:142 - msgid "Load Service Defaults" -@@ -1332,6 +1371,8 @@ msgid "" - "Services can only be changed in the permanent configuration view. The " - "runtime configuration of services is fixed." - msgstr "" -+"Tarnybos gali būti keičiamos tik ilgalaikės konfigūracijos rodinyje. Tarnybų " -+"vykdymo trukmės konfigūracija yra fiksuota." - - #: ../src/firewall-config.glade.h:154 - msgid "" -@@ -1379,7 +1420,7 @@ msgstr "Pridėti" - - #: ../src/firewall-config.glade.h:164 - msgid "Entries" --msgstr "" -+msgstr "Įrašai" - - #: ../src/firewall-config.glade.h:165 - msgid "" -@@ -1394,15 +1435,15 @@ msgstr "" - - #: ../src/firewall-config.glade.h:167 - msgid "Add ICMP Type" --msgstr "" -+msgstr "Pridėti ICMP tipą" - - #: ../src/firewall-config.glade.h:168 - msgid "Edit ICMP Type" --msgstr "" -+msgstr "Taisyti ICMP tipą" - - #: ../src/firewall-config.glade.h:169 - msgid "Remove ICMP Type" --msgstr "" -+msgstr "Šalinti ICMP tipą" - - #: ../src/firewall-config.glade.h:170 - msgid "Load ICMP Type Defaults" -@@ -1410,13 +1451,15 @@ msgstr "" - - #: ../src/firewall-config.glade.h:171 - msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." --msgstr "" -+msgstr "Nurodykite ar šis ICMP tipas yra prieinamas IPv4 ir/ar IPv6." - - #: ../src/firewall-config.glade.h:172 - msgid "" - "ICMP Types can only be changed in the permanent configuration view. The " - "runtime configuration of ICMP Types is fixed." - msgstr "" -+"ICMP tipai gali būti keičiami tik ilgalaikės konfigūracijos rodinyje. ICMP " -+"tipų vykdymo trukmės konfigūracija yra fiksuota." - - #: ../src/firewall-config.glade.h:173 - msgid "" -@@ -1429,6 +1472,7 @@ msgstr "" - #: ../src/firewall-config.glade.h:174 - msgid "Define ports or port ranges, which are monitored by the helper." - msgstr "" -+"Apibrėžkite prievadus ar prievadų rėžius, kurie bus stebimi pagelbiklio." - - #: ../src/firewall-config.glade.h:175 - msgid "" -@@ -1447,23 +1491,23 @@ msgstr "" - - #: ../src/firewall-config.glade.h:177 - msgid "Additional chains for use with rules." --msgstr "" -+msgstr "Papildomos grandinės, kurios bus naudojamos su taisyklėmis." - - #: ../src/firewall-config.glade.h:178 - msgid "Add Chain" --msgstr "" -+msgstr "Pridėti grandinę" - - #: ../src/firewall-config.glade.h:179 - msgid "Edit Chain" --msgstr "" -+msgstr "Taisyti grandinę" - - #: ../src/firewall-config.glade.h:180 - msgid "Remove Chain" --msgstr "" -+msgstr "Šalinti grandinę" - - #: ../src/firewall-config.glade.h:181 - msgid "Chains" --msgstr "" -+msgstr "Grandinės" - - #: ../src/firewall-config.glade.h:182 - msgid "" -@@ -1618,7 +1662,7 @@ msgstr "Naudotojų Id" - - #: ../src/firewall-config.glade.h:215 - msgid "Current default zone of the system." --msgstr "" -+msgstr "Dabartinė numatytoji sistemos zona." - - #: ../src/firewall-config.glade.h:216 - msgctxt "" -@@ -1629,7 +1673,7 @@ msgstr "" - - #: ../src/firewall-config.glade.h:217 - msgid "Panic Mode:" --msgstr "" -+msgstr "Panikos veiksena:" - - #: ../src/firewall-config.glade.h:218 - msgctxt "" -@@ -1664,7 +1708,7 @@ msgstr "Tipas:" - - #: ../src/firewall-config.glade.h:226 - msgid "Timeout:" --msgstr "" -+msgstr "Laiko limitas:" - - #: ../src/firewall-config.glade.h:227 - msgid "Hashsize:" -@@ -1676,15 +1720,15 @@ msgstr "" - - #: ../src/firewall-config.glade.h:229 - msgid "Timeout value in seconds" --msgstr "" -+msgstr "Laiko limitas, sekundėmis" - - #: ../src/firewall-config.glade.h:230 - msgid "Initial hash size, default 1024" --msgstr "" -+msgstr "Pradinis maišos dydis, numatytasis 1024" - - #: ../src/firewall-config.glade.h:231 - msgid "Max number of elements, default 65536" --msgstr "" -+msgstr "Maksimalus elementų skaičius, numatytasis 65536" - - #: ../src/firewall-config.glade.h:232 - msgid "Please select an ipset:" -@@ -1704,19 +1748,20 @@ msgstr "" - - #: ../src/firewall-config.glade.h:237 - msgid "Mark" --msgstr "" -+msgstr "Žymėti" - - #: ../src/firewall-config.glade.h:238 - msgid "Please enter a mark with an optional mask." --msgstr "" -+msgstr "Įveskite žymėjimą ir neprivalomai kaukę." - - #: ../src/firewall-config.glade.h:239 - msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." - msgstr "" -+"Žymėjimo ir kaukės laukai abudu yra 32 bitų pločio skaičiai be ženklo." - - #: ../src/firewall-config.glade.h:240 - msgid "Mark:" --msgstr "" -+msgstr "Žymėjimas:" - - #: ../src/firewall-config.glade.h:241 - msgid "Mask:" -@@ -1744,7 +1789,7 @@ msgstr "Įveskite prievadą ir protokolą." - - #: ../src/firewall-config.glade.h:247 - msgid "Direct Rule" --msgstr "" -+msgstr "Tiesioginė taisyklė" - - #: ../src/firewall-config.glade.h:248 - msgid "Please select ipv and table, chain priority and enter the args." -@@ -1764,27 +1809,29 @@ msgstr "Kitas protokolas:" - - #: ../src/firewall-config.glade.h:253 - msgid "Rich Rule" --msgstr "" -+msgstr "Išsami taisyklė" - - #: ../src/firewall-config.glade.h:254 - msgid "Please enter a rich rule." --msgstr "" -+msgstr "Įveskite išsamią taisyklę" - - #: ../src/firewall-config.glade.h:255 - msgid "For host or network white or blacklisting deactivate the element." - msgstr "" -+"Serverio ar tinklo įtraukimui į baltąjį ar juodąjį sąrašą, pasyvinkite " -+"elementą." - - #: ../src/firewall-config.glade.h:256 - msgid "Source:" --msgstr "" -+msgstr "Šaltinis:" - - #: ../src/firewall-config.glade.h:257 - msgid "Destination:" --msgstr "" -+msgstr "Paskirtis:" - - #: ../src/firewall-config.glade.h:258 - msgid "Log:" --msgstr "" -+msgstr "Registruoti:" - - #: ../src/firewall-config.glade.h:259 - msgid "Audit:" -@@ -1796,21 +1843,21 @@ msgstr "ipv4 ir ipv6" - - #: ../src/firewall-config.glade.h:261 - msgid "inverted" --msgstr "" -+msgstr "invertuota" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" - - #: ../src/firewall-config.glade.h:267 - msgid "with Type:" --msgstr "" -+msgstr "naudojant tipą:" - - #: ../src/firewall-config.glade.h:268 - msgid "With limit:" --msgstr "" -+msgstr "naudojant ribą:" - - #: ../src/firewall-config.glade.h:269 - msgid "/" -@@ -1818,7 +1865,7 @@ msgstr "/" - - #: ../src/firewall-config.glade.h:274 - msgid "Prefix:" --msgstr "" -+msgstr "Priešdėlis:" - - #: ../src/firewall-config.glade.h:275 - msgid "Level:" -@@ -1826,7 +1873,7 @@ msgstr "" - - #: ../src/firewall-config.glade.h:292 - msgid "Element:" --msgstr "" -+msgstr "Elementas:" - - #: ../src/firewall-config.glade.h:293 - msgid "Action:" -@@ -1842,11 +1889,11 @@ msgstr "" - - #: ../src/firewall-config.glade.h:296 - msgid "Please select a service." --msgstr "" -+msgstr "Pasirinkite tarnybą." - - #: ../src/firewall-config.glade.h:297 - msgid "Please enter a source." --msgstr "" -+msgstr "Įveskite šaltinį." - - #: ../src/firewall-config.glade.h:298 - msgid "User ID" -@@ -1862,7 +1909,7 @@ msgstr "Įveskite naudotojo vardą." - - #: ../src/firewall-config.glade.h:302 - msgid "label" --msgstr "" -+msgstr "etiketė" - - #: ../src/firewall-config.glade.h:303 - msgid "Base Zone Settings" -diff --git a/po/ml.po b/po/ml.po -index 30b20b203e1e..1bccd7f00ffd 100644 ---- a/po/ml.po -+++ b/po/ml.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # Ani Peter , 2006-2007,2009,2014 - msgid "" -@@ -9,14 +9,14 @@ msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" --"PO-Revision-Date: 2015-02-26 03:00+0000\n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=UTF-8\n" -+"Content-Transfer-Encoding: 8bit\n" -+"PO-Revision-Date: 2015-02-26 10:00+0000\n" - "Last-Translator: Copied by Zanata \n" - "Language-Team: Malayalam (http://www.transifex.com/projects/p/firewalld/" - "language/ml/)\n" - "Language: ml\n" --"MIME-Version: 1.0\n" --"Content-Type: text/plain; charset=UTF-8\n" --"Content-Transfer-Encoding: 8bit\n" - "Plural-Forms: nplurals=2; plural=(n != 1);\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -69,15 +69,18 @@ msgstr "ഷീള്‍ഡ്സ് അപ്പ്/ഡൌണ്‍ മേഘല - - #: ../src/firewall-applet.in:220 - msgid "Here you can select the zones used for Shields Up and Shields Down." --msgstr "ഷീള്‍ഡ്സ് അപ്പ്, ഷീള്‍ഡ്സ് ഡൌണ്‍ എന്നിവയ്ക്കുപയോഗിച്ച മേഘലകള്‍ നിങ്ങള്‍ക്കു് ഇവിടെ തെരഞ്ഞെടുക്കാം." -+msgstr "" -+"ഷീള്‍ഡ്സ് അപ്പ്, ഷീള്‍ഡ്സ് ഡൌണ്‍ എന്നിവയ്ക്കുപയോഗിച്ച മേഘലകള്‍ നിങ്ങള്‍ക്കു് " -+"ഇവിടെ തെരഞ്ഞെടുക്കാം." - - #: ../src/firewall-applet.in:226 - msgid "" - "This feature is useful for people using the default zones mostly. For users, " - "that are changing zones of connections, it might be of limited use." - msgstr "" --"മിക്കപ്പോഴും സ്വതവേയുള്ള മേഘലകള്‍ ഉപയോഗിയ്ക്കുവര്‍ക്കു് ഈ വിശേഷത പ്രയോജനകരമാണു്. കണക്ഷനുകളുടെ " --"മേഘലകള്‍ മാറ്റുന്ന ഉപയോക്താക്കള്‍ക്കു് അധികം ഉപയോഗമുണ്ടാവില്ല." -+"മിക്കപ്പോഴും സ്വതവേയുള്ള മേഘലകള്‍ ഉപയോഗിയ്ക്കുവര്‍ക്കു് ഈ വിശേഷത " -+"പ്രയോജനകരമാണു്. കണക്ഷനുകളുടെ മേഘലകള്‍ മാറ്റുന്ന ഉപയോക്താക്കള്‍ക്കു് അധികം " -+"ഉപയോഗമുണ്ടാവില്ല." - - #: ../src/firewall-applet.in:235 - msgid "Shields Up Zone:" -@@ -199,8 +202,11 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" --msgstr "'{interface}' ഇന്റര്‍ഫെയിസില്‍ '{connection}' കണക്ഷനു് സജീവമായ '{zone}' മേഘല" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" -+msgstr "" -+"'{interface}' ഇന്റര്‍ഫെയിസില്‍ '{connection}' കണക്ഷനു് സജീവമായ '{zone}' " -+"മേഘല" - - #: ../src/firewall-applet.in:892 - msgid "Zone '{zone}' active for interface '{interface}'" -@@ -260,7 +266,8 @@ msgstr "" - #: ../src/firewall-applet.in:1047 - msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" - msgstr "" --"'{interface}' ഇന്റര്‍ഫെയിസില്‍ സജീവമായ '{zone}' {activated_deactivated} മേഘല" -+"'{interface}' ഇന്റര്‍ഫെയിസില്‍ സജീവമായ '{zone}' {activated_deactivated} " -+"മേഘല" - - #: ../src/firewall-applet.in:1070 - #, c-format -@@ -639,12 +646,11 @@ msgstr "ipv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" --"ഇന്റര്‍ഫെയിസ് മാസ്ക്യുറേഡ് ചെയ്താല്‍ മാത്രമേ മറ്റൊരു സിസ്റ്റത്തിലേക്കു് ഫോര്‍വേഡ് ചെയ്യുന്നതു് " --"പ്രയോജനകരമാകൂ.\n" -+"ഇന്റര്‍ഫെയിസ് മാസ്ക്യുറേഡ് ചെയ്താല്‍ മാത്രമേ മറ്റൊരു സിസ്റ്റത്തിലേക്കു് " -+"ഫോര്‍വേഡ് ചെയ്യുന്നതു് പ്രയോജനകരമാകൂ.\n" - "ഈ മേഖല മാസ്ക്യുറേഡ് ചെയ്യണമോ ?" - - #: ../src/firewall-config.in:5376 -@@ -749,7 +755,9 @@ msgstr "ദയവായി സന്ദര്‍ഭം നല്‍കുക." - - #: ../src/firewall-config.glade.h:9 - msgid "Please select default zone from the list below." --msgstr "താഴെ കാണിച്ചിട്ടുള്ള പട്ടികയില്‍ നിന്നും സ്വതവേയുള്ള മേഘല ദയവായി തെരഞ്ഞെടുക്കുക." -+msgstr "" -+"താഴെ കാണിച്ചിട്ടുള്ള പട്ടികയില്‍ നിന്നും സ്വതവേയുള്ള മേഘല ദയവായി " -+"തെരഞ്ഞെടുക്കുക." - - #: ../src/firewall-config.glade.h:10 - msgid "Direct Chain" -@@ -806,7 +814,8 @@ msgstr "പോര്‍ട്ട് ഫോര്‍‍വേര്‍‍ഡി - #: ../src/firewall-config.glade.h:23 - msgid "" - "Please select the source and destination options according to your needs." --msgstr "നിങ്ങളുടെ ആവശ്യ‌മനുസരിച്ച് ഉറവിട, ലക്ഷ്യ പോര്‍ട്ടുകള്‍ തെരഞ്ഞെടുക്കുക." -+msgstr "" -+"നിങ്ങളുടെ ആവശ്യ‌മനുസരിച്ച് ഉറവിട, ലക്ഷ്യ പോര്‍ട്ടുകള്‍ തെരഞ്ഞെടുക്കുക." - - #: ../src/firewall-config.glade.h:24 - msgid "Port / Port Range:" -@@ -829,8 +838,8 @@ msgid "" - "If you enable local forwarding, you have to specify a port. This port has to " - "be different to the source port." - msgstr "" --"നിങ്ങള്‍ ലോക്കല്‍ ഫോര്‍വേര്‍ഡിങ് സജ്ജമാക്കിയാല്‍, പോര്‍ട്ട് നല്‍കേണ്ടതാണ്. ഇത് ഉറവിട പോര്‍ട്ടില്‍ നിന്നും " --"വ്യ‌‌ത്യ‌‌സ്തമാണ്." -+"നിങ്ങള്‍ ലോക്കല്‍ ഫോര്‍വേര്‍ഡിങ് സജ്ജമാക്കിയാല്‍, പോര്‍ട്ട് നല്‍കേണ്ടതാണ്. " -+"ഇത് ഉറവിട പോര്‍ട്ടില്‍ നിന്നും വ്യ‌‌ത്യ‌‌സ്തമാണ്." - - #: ../src/firewall-config.glade.h:30 - msgid "Local forwarding" -@@ -938,9 +947,10 @@ msgid "" - "runtime configuration. i.e. all runtime only changes done until reload are " - "lost with reload if they have not been also in permanent configuration." - msgstr "" --"ഫയര്‍വോള്‍ നിയമങ്ങള്‍ വീണ്ടും ലഭ്യമാക്കുന്നു. നിലവില്‍ സ്ഥിരമായുള്ള ക്രമീകരണം പുതിയ പ്രവര്‍ത്തന " --"ക്രമീകരണമാകുന്നു. അതായതു്, സ്ഥിരമായ ക്രമീകരണത്തിലില്ലെങ്കില്‍, പ്രവര്‍ത്തന സമയത്തു് വരുത്തിയ " --"മാറ്റങ്ങള്‍ വീണ്ടും ലഭ്യമാക്കുമ്പോള്‍ നഷ്ടമാകുന്നു." -+"ഫയര്‍വോള്‍ നിയമങ്ങള്‍ വീണ്ടും ലഭ്യമാക്കുന്നു. നിലവില്‍ സ്ഥിരമായുള്ള " -+"ക്രമീകരണം പുതിയ പ്രവര്‍ത്തന ക്രമീകരണമാകുന്നു. അതായതു്, സ്ഥിരമായ " -+"ക്രമീകരണത്തിലില്ലെങ്കില്‍, പ്രവര്‍ത്തന സമയത്തു് വരുത്തിയ മാറ്റങ്ങള്‍ വീണ്ടും " -+"ലഭ്യമാക്കുമ്പോള്‍ നഷ്ടമാകുന്നു." - - #: ../src/firewall-config.glade.h:60 - msgid "Change which zone a network connection belongs to." -@@ -972,7 +982,9 @@ msgstr "" - - #: ../src/firewall-config.glade.h:68 - msgid "Panic mode means that all incoming and outgoing packets are dropped." --msgstr "പാനിക്ക് മോഡിനര്‍ത്ഥം വരുന്നതും പോകുന്നതുമായ എല്ലാ പാക്കറ്റുകളും ഇല്ലാതാക്കുന്നു് എന്നാണു്." -+msgstr "" -+"പാനിക്ക് മോഡിനര്‍ത്ഥം വരുന്നതും പോകുന്നതുമായ എല്ലാ പാക്കറ്റുകളും " -+"ഇല്ലാതാക്കുന്നു് എന്നാണു്." - - #: ../src/firewall-config.glade.h:69 - msgid "Panic Mode" -@@ -983,8 +995,8 @@ msgid "" - "Lockdown locks firewall configuration so that only applications on lockdown " - "whitelist are able to change it." - msgstr "" --"ലോക്ക്‍ഡൌണ്‍ ഫയര്‍വോള്‍ ക്രമീകരണം പൂട്ടുന്നു. ഇങ്ങനെ വൈറ്റ്‌ലിസ്റ്റിലുള്ള പ്രയോഗങ്ങള്‍ക്കു് മാത്രമേ ഇതില്‍ " --"മാറ്റം വരുത്തുവാന്‍ സാധ്യമാകൂ." -+"ലോക്ക്‍ഡൌണ്‍ ഫയര്‍വോള്‍ ക്രമീകരണം പൂട്ടുന്നു. ഇങ്ങനെ വൈറ്റ്‌ലിസ്റ്റിലുള്ള " -+"പ്രയോഗങ്ങള്‍ക്കു് മാത്രമേ ഇതില്‍ മാറ്റം വരുത്തുവാന്‍ സാധ്യമാകൂ." - - #: ../src/firewall-config.glade.h:71 - msgid "Lockdown" -@@ -1058,9 +1070,9 @@ msgid "" - "configuration. Permanent configuration will be active after service or " - "system reload or restart." - msgstr "" --"നിലവില്‍ ദൃശ്യമായ ക്രമീകരണം. പ്രവര്‍ത്തന ക്രമീകരണമാണു് സജീവമായ ക്രമീകരണം. സര്‍വീസ് അല്ലെങ്കില്‍ " --"സിസ്റ്റം വീണ്ടും ലഭ്യമാക്കുന്നതിനു് അല്ലെങ്കില്‍ വീണ്ടും ആരംഭിയ്ക്കുന്നതിനു് ശേഷം എന്നേക്കുമുള്ള " --"ക്രമീകരണം സജീവമാകുന്നു." -+"നിലവില്‍ ദൃശ്യമായ ക്രമീകരണം. പ്രവര്‍ത്തന ക്രമീകരണമാണു് സജീവമായ ക്രമീകരണം. " -+"സര്‍വീസ് അല്ലെങ്കില്‍ സിസ്റ്റം വീണ്ടും ലഭ്യമാക്കുന്നതിനു് അല്ലെങ്കില്‍ " -+"വീണ്ടും ആരംഭിയ്ക്കുന്നതിനു് ശേഷം എന്നേക്കുമുള്ള ക്രമീകരണം സജീവമാകുന്നു." - - #: ../src/firewall-config.glade.h:88 - msgid "" -@@ -1070,10 +1082,12 @@ msgid "" - "filters and rich rules. The zone can be bound to interfaces and source " - "addresses." - msgstr "" --"മേഘലയ്ക്കുള്ള നെറ്റ്‌വര്‍ക്ക് കണക്ഷനുകള്‍, ഇന്റര്‍ഫെയിസുകള്‍, ശ്രോതസ്സ് വിലാസങ്ങള്‍ എന്നിവയ്ക്കുള്ള വിശ്വസ്തത " --"firewalld മേഘല നിഷ്കര്‍ഷിയ്ക്കുന്നു. സര്‍വീസുകള്‍, പോര്‍ട്ടുകള്‍, സമ്പ്രദായങ്ങള്‍, മാസ്ക്യൂറേഡിങ്, പോര്‍ട്ട്/" --"പാക്കറ്റ് ഫോര്‍വേഡിങ്, icmp ഫില്‍റ്ററുകള്‍, റിച്ച് റൂളുകള്‍ എന്നിവ മേഘലയില്‍ ലഭ്യമാകുന്നു. " --"ഇന്റര്‍ഫെയിസുകളും ശ്രോതസ്സിനുള്ള വിലാസങ്ങളും അനുസരിച്ചാണു് മേഘല." -+"മേഘലയ്ക്കുള്ള നെറ്റ്‌വര്‍ക്ക് കണക്ഷനുകള്‍, ഇന്റര്‍ഫെയിസുകള്‍, ശ്രോതസ്സ് " -+"വിലാസങ്ങള്‍ എന്നിവയ്ക്കുള്ള വിശ്വസ്തത firewalld മേഘല നിഷ്കര്‍ഷിയ്ക്കുന്നു. " -+"സര്‍വീസുകള്‍, പോര്‍ട്ടുകള്‍, സമ്പ്രദായങ്ങള്‍, മാസ്ക്യൂറേഡിങ്, പോര്‍ട്ട്/" -+"പാക്കറ്റ് ഫോര്‍വേഡിങ്, icmp ഫില്‍റ്ററുകള്‍, റിച്ച് റൂളുകള്‍ എന്നിവ മേഘലയില്‍ " -+"ലഭ്യമാകുന്നു. ഇന്റര്‍ഫെയിസുകളും ശ്രോതസ്സിനുള്ള വിലാസങ്ങളും അനുസരിച്ചാണു് " -+"മേഘല." - - #: ../src/firewall-config.glade.h:90 - msgid "Add Zone" -@@ -1097,9 +1111,10 @@ msgid "" - "are accessible from all hosts and networks that can reach the machine from " - "connections, interfaces and sources bound to this zone." - msgstr "" --"ഏതെല്ലാം സര്‍‍വീസുകളാണ് വിശ്വസനീയം എന്ന് നിങ്ങള്‍ക്ക് ഇവിടെ വ്യ‌ക്തമാക്കാം. ഈ മേഘലയ്ക്കുള്ള " --"ശ്രോതസ്സുകളും ഇന്റര്‍ഫെയിസുകളും കണക്ഷനുകളിലും നിന്നും സിസ്റ്റത്തിലേക്കുള്ള എല്ലാ ഹോസ്റ്റുകളും " --"നെറ്റ്‌വര്‍ക്കുകളും വിശ്വസനീയമായ സേവനങ്ങള്‍ക്കു് ലഭ്യമാകുന്നു." -+"ഏതെല്ലാം സര്‍‍വീസുകളാണ് വിശ്വസനീയം എന്ന് നിങ്ങള്‍ക്ക് ഇവിടെ വ്യ‌ക്തമാക്കാം. " -+"ഈ മേഘലയ്ക്കുള്ള ശ്രോതസ്സുകളും ഇന്റര്‍ഫെയിസുകളും കണക്ഷനുകളിലും നിന്നും " -+"സിസ്റ്റത്തിലേക്കുള്ള എല്ലാ ഹോസ്റ്റുകളും നെറ്റ്‌വര്‍ക്കുകളും വിശ്വസനീയമായ " -+"സേവനങ്ങള്‍ക്കു് ലഭ്യമാകുന്നു." - - #: ../src/firewall-config.glade.h:95 - msgid "Services" -@@ -1110,8 +1125,9 @@ msgid "" - "Add additional ports or port ranges, which need to be accessible for all " - "hosts or networks that can connect to the machine." - msgstr "" --"അധികമായ പോര്‍ട്ടുകള്‍ അല്ലെങ്കില്‍ പോര്‍ട്ട് പരിധികളും ചേര്‍ക്കുക, സിസ്റ്റത്തിലേക്കു് കണക്ട് ചെയ്യുവാന്‍ " --"സാധ്യമായ നെറ്റ്‌വര്‍ക്കുകള്‍ അല്ലെങ്കില്‍ എല്ലാം ഹോസ്റ്റുകളിലേക്കുള്ള ഇവയ്ക്കു് പ്രവേശിയ്ക്കേണ്ടതുണ്ടു്." -+"അധികമായ പോര്‍ട്ടുകള്‍ അല്ലെങ്കില്‍ പോര്‍ട്ട് പരിധികളും ചേര്‍ക്കുക, " -+"സിസ്റ്റത്തിലേക്കു് കണക്ട് ചെയ്യുവാന്‍ സാധ്യമായ നെറ്റ്‌വര്‍ക്കുകള്‍ " -+"അല്ലെങ്കില്‍ എല്ലാം ഹോസ്റ്റുകളിലേക്കുള്ള ഇവയ്ക്കു് പ്രവേശിയ്ക്കേണ്ടതുണ്ടു്." - - #: ../src/firewall-config.glade.h:97 - msgid "Add Port" -@@ -1165,10 +1181,12 @@ msgid "" - "network to the internet. Your local network will not be visible and the " - "hosts appear as a single address on the internet. Masquerading is IPv4 only." - msgstr "" --"നിങ്ങളുടെ പ്രാദേശിക ശൃംഖലാ പ്രവര്‍ത്തനത്തിനെ ഇന്റര്‍നെറ്റുമായി ബന്ധപ്പെടുത്തുന്നതിനായി ഒരു " --"ആതിഥേയന്‍ അല്ലെങ്കില്‍ റൂട്ടര്‍ നിങ്ങള്‍ ക്രമീകരിക്കുന്നു എങ്കില്‍ മാസ്ക്യുറേഡിംഗ് നിങ്ങള്‍ക്ക് " --"പ്രയോജനകരമാകുന്നു. നിങ്ങളുടെ പ്രാദേശിക ശൃംഖലാകര്മ്മം അദൃശ്യ‌മായിരിക്കും, മാത്രമല്ല, " --"ഇന്റര്‍നെറ്റില്‍ ആതിഥേയനെ ഒരു വിലാസമായി കണക്കാക്കുന്നു. മാസ്ക്യുറേഡിംഗ് IPv4 മാത്രമാണ്." -+"നിങ്ങളുടെ പ്രാദേശിക ശൃംഖലാ പ്രവര്‍ത്തനത്തിനെ ഇന്റര്‍നെറ്റുമായി " -+"ബന്ധപ്പെടുത്തുന്നതിനായി ഒരു ആതിഥേയന്‍ അല്ലെങ്കില്‍ റൂട്ടര്‍ നിങ്ങള്‍ " -+"ക്രമീകരിക്കുന്നു എങ്കില്‍ മാസ്ക്യുറേഡിംഗ് നിങ്ങള്‍ക്ക് പ്രയോജനകരമാകുന്നു. " -+"നിങ്ങളുടെ പ്രാദേശിക ശൃംഖലാകര്മ്മം അദൃശ്യ‌മായിരിക്കും, മാത്രമല്ല, " -+"ഇന്റര്‍നെറ്റില്‍ ആതിഥേയനെ ഒരു വിലാസമായി കണക്കാക്കുന്നു. മാസ്ക്യുറേഡിംഗ് IPv4 " -+"മാത്രമാണ്." - - #: ../src/firewall-config.glade.h:109 - msgid "Masquerade zone" -@@ -1179,8 +1197,8 @@ msgid "" - "If you enable masquerading, IP forwarding will be enabled for your IPv4 " - "networks." - msgstr "" --"മാസ്ക്യുറേഡിങ് പ്രവര്‍ത്തന സജ്ജമാക്കുന്നെങ്കില്‍, നിങ്ങളുടെ IPv4 നെറ്റ്‌വര്‍ക്കു് ഐപി ഫോര്‍വേഡിങ് " --"പ്രവര്‍ത്തന സജ്ജമാക്കുന്നു." -+"മാസ്ക്യുറേഡിങ് പ്രവര്‍ത്തന സജ്ജമാക്കുന്നെങ്കില്‍, നിങ്ങളുടെ IPv4 " -+"നെറ്റ്‌വര്‍ക്കു് ഐപി ഫോര്‍വേഡിങ് പ്രവര്‍ത്തന സജ്ജമാക്കുന്നു." - - #: ../src/firewall-config.glade.h:111 - msgid "Masquerading" -@@ -1193,10 +1211,11 @@ msgid "" - "system is only useful if the interface is masqueraded. Port forwarding is " - "IPv4 only." - msgstr "" --"ഒരു പ്രാദേശിക വ്യവ്സ്ഥയിലുള്ള പോര്‍ട്ടില്‍ നിന്നും മറ്റൊന്നിലേക്ക് അല്ലെങ്കില്‍ ഒരു പ്രാദേശിക " --"വ്യ‌വസ്ഥയില്‍നിന്നും മറ്റൊന്നിലേക്ക് പോര്‍ട്ടുകള്‍ അയയ്ക്കുന്നതിനായി എന്ട്രികള്‍ നല്‍കുക. വിനിമയതലം " --"മാസ്ക്യുറേഡ് ചെയ്തെങ്കില്‍ മാത്രമേ മറ്റൊരു സിസ്റ്റമിലേക്ക് അയയ്ക്കുന്നതില്‍ പ്രയോജനമുള്ളൂ. പോര്‍ട്ട് " --"ഫോര്‍വേര്‍ഡിംഗ് IPv4 മാത്രമാണ്." -+"ഒരു പ്രാദേശിക വ്യവ്സ്ഥയിലുള്ള പോര്‍ട്ടില്‍ നിന്നും മറ്റൊന്നിലേക്ക് " -+"അല്ലെങ്കില്‍ ഒരു പ്രാദേശിക വ്യ‌വസ്ഥയില്‍നിന്നും മറ്റൊന്നിലേക്ക് " -+"പോര്‍ട്ടുകള്‍ അയയ്ക്കുന്നതിനായി എന്ട്രികള്‍ നല്‍കുക. വിനിമയതലം മാസ്ക്യുറേഡ് " -+"ചെയ്തെങ്കില്‍ മാത്രമേ മറ്റൊരു സിസ്റ്റമിലേക്ക് അയയ്ക്കുന്നതില്‍ പ്രയോജനമുള്ളൂ." -+" പോര്‍ട്ട് ഫോര്‍വേര്‍ഡിംഗ് IPv4 മാത്രമാണ്." - - #: ../src/firewall-config.glade.h:113 - msgid "Add Forward Port" -@@ -1216,17 +1235,19 @@ msgid "" - "messages between networked computers, but additionally for informational " - "messages like ping requests and replies." - msgstr "" --"ശൃംഖലയിലെ കമ്പ്യൂട്ടറുകള്‍ക്ക് തമ്മില്‍ പിശക് അറിയിക്കുന്ന സന്ദേശങ്ങള്‍ അയയ്ക്കുന്നതിനാണ് പ്രധാനമായും " --"ഇന്റര്‍നെറ്റ് കണ്ട്രോള്‍ മെസേജ് പ്രോട്ടോക്കോള്‍ (ICMP) ഉപയോഗിക്കുന്നത്. കൂടാതെ, വിവരങ്ങള്‍ " --"ലഭ്യ‌മാക്കുവാന്‍ സഹായിക്കുന്ന പിങ് അപേക്ഷകള്‍ക്കും മറുപടികള്‍ക്കും ഇവ ഉപയോഗിക്കുന്നു." -+"ശൃംഖലയിലെ കമ്പ്യൂട്ടറുകള്‍ക്ക് തമ്മില്‍ പിശക് അറിയിക്കുന്ന സന്ദേശങ്ങള്‍ " -+"അയയ്ക്കുന്നതിനാണ് പ്രധാനമായും ഇന്റര്‍നെറ്റ് കണ്ട്രോള്‍ മെസേജ് " -+"പ്രോട്ടോക്കോള്‍ (ICMP) ഉപയോഗിക്കുന്നത്. കൂടാതെ, വിവരങ്ങള്‍ ലഭ്യ‌മാക്കുവാന്‍ " -+"സഹായിക്കുന്ന പിങ് അപേക്ഷകള്‍ക്കും മറുപടികള്‍ക്കും ഇവ ഉപയോഗിക്കുന്നു." - - #: ../src/firewall-config.glade.h:117 - msgid "" - "Mark the ICMP types in the list, which should be rejected. All other ICMP " - "types are allowed to pass the firewall. The default is no limitation." - msgstr "" --"പട്ടികയില്‍ നിന്നും വേണ്ട എന്ന് തീരുമാനിക്കേണ്ട ICMP തരത്തിലുള്ളവ അടയാളപ്പെടുത്തുക. മറ്റെല്ലാ " --"ICMP തരത്തിലുള്ളവയും ഫയര്‍വോള്‍ കടക്കുന്നതിന് അനുവാദമുള്ളവയാണ്. പരിമിതികളില്ലാത്തതാണ് സഹജം." -+"പട്ടികയില്‍ നിന്നും വേണ്ട എന്ന് തീരുമാനിക്കേണ്ട ICMP തരത്തിലുള്ളവ " -+"അടയാളപ്പെടുത്തുക. മറ്റെല്ലാ ICMP തരത്തിലുള്ളവയും ഫയര്‍വോള്‍ കടക്കുന്നതിന് " -+"അനുവാദമുള്ളവയാണ്. പരിമിതികളില്ലാത്തതാണ് സഹജം." - - #: ../src/firewall-config.glade.h:118 - msgid "" -@@ -1267,8 +1288,9 @@ msgid "" - "Add entries to bind interfaces to the zone. If the interface will be used by " - "a connection, the zone will be set to the zone specified in the connection." - msgstr "" --"മേഘലയ്ക്കു് സംയോജക ഘടകങ്ങള്‍ ബൈന്‍ഡ് ചെയ്യുന്നതിനു് എന്‍ട്രികള്‍ ചേര്‍ക്കുക. സംയോജകഘടകം ഒരു കണക്ഷന്‍ " --"ഉപയോഗിയ്ക്കുന്നെങ്കില്‍, കണക്ഷനില്‍ വ്യക്തമാക്കിയിരിയ്ക്കുന്ന മേഘലയായി ഈ മേഘല സജ്ജമാക്കുന്നു." -+"മേഘലയ്ക്കു് സംയോജക ഘടകങ്ങള്‍ ബൈന്‍ഡ് ചെയ്യുന്നതിനു് എന്‍ട്രികള്‍ ചേര്‍ക്കുക. " -+"സംയോജകഘടകം ഒരു കണക്ഷന്‍ ഉപയോഗിയ്ക്കുന്നെങ്കില്‍, കണക്ഷനില്‍ " -+"വ്യക്തമാക്കിയിരിയ്ക്കുന്ന മേഘലയായി ഈ മേഘല സജ്ജമാക്കുന്നു." - - #: ../src/firewall-config.glade.h:127 - msgid "Add Interface" -@@ -1310,8 +1332,8 @@ msgid "" - "A firewalld service is a combination of ports, protocols, modules and " - "destination addresses." - msgstr "" --"പോര്‍ട്ടുകള്‍, സമ്പ്രദായങ്ങള്‍, ഘടകങ്ങള്‍, ലക്ഷ്യ വിലാസങ്ങള്‍ എന്നിവയെ ഒന്നിച്ചു് ഒരു firewalld " --"സര്‍വീസായി കണക്കാക്കുന്നു." -+"പോര്‍ട്ടുകള്‍, സമ്പ്രദായങ്ങള്‍, ഘടകങ്ങള്‍, ലക്ഷ്യ വിലാസങ്ങള്‍ എന്നിവയെ " -+"ഒന്നിച്ചു് ഒരു firewalld സര്‍വീസായി കണക്കാക്കുന്നു." - - #: ../src/firewall-config.glade.h:139 - msgid "Add Service" -@@ -1367,8 +1389,9 @@ msgid "" - "the destination address and type. If both entries are empty, there is no " - "limitation." - msgstr "" --"ലക്ഷ്യസ്ഥാന വിലാസങ്ങള്‍ നല്‍കുന്നെങ്കില്‍, ലക്ഷ്യസ്ഥാന വിലാസം , തരം എന്നതില്‍ സര്‍വീസ് എന്‍ട്രി " --"ഒതുങ്ങുന്നു. രണ്ടു് എന്‍ട്രികളും കാലിയെങ്കില്‍ ഒരു പരിമിതികളുമില്ല." -+"ലക്ഷ്യസ്ഥാന വിലാസങ്ങള്‍ നല്‍കുന്നെങ്കില്‍, ലക്ഷ്യസ്ഥാന വിലാസം , തരം " -+"എന്നതില്‍ സര്‍വീസ് എന്‍ട്രി ഒതുങ്ങുന്നു. രണ്ടു് എന്‍ട്രികളും കാലിയെങ്കില്‍ " -+"ഒരു പരിമിതികളുമില്ല." - - #: ../src/firewall-config.glade.h:151 - msgid "IPv4:" -@@ -1383,8 +1406,9 @@ msgid "" - "Services can only be changed in the permanent configuration view. The " - "runtime configuration of services is fixed." - msgstr "" --"സ്ഥിരമായുള്ള ക്രമീകരണ കാഴ്ചയില്‍ മാത്രമേ സര്‍വീസുകള്‍ക്കു് മാറ്റം വരുത്തുവാന്‍ സാധിയ്ക്കൂ. സര്‍വീസുകളുടെ " --"പ്രവര്‍ത്തന ക്രമീകരണം പരിഹരിച്ചിരിയ്ക്കുന്നു." -+"സ്ഥിരമായുള്ള ക്രമീകരണ കാഴ്ചയില്‍ മാത്രമേ സര്‍വീസുകള്‍ക്കു് മാറ്റം " -+"വരുത്തുവാന്‍ സാധിയ്ക്കൂ. സര്‍വീസുകളുടെ പ്രവര്‍ത്തന ക്രമീകരണം " -+"പരിഹരിച്ചിരിയ്ക്കുന്നു." - - #: ../src/firewall-config.glade.h:154 - msgid "" -@@ -1444,8 +1468,8 @@ msgid "" - "A firewalld icmptype provides the information for an Internet Control " - "Message Protocol (ICMP) type for firewalld." - msgstr "" --"firewalld-യ്ക്കുള്ളൊരു ഇന്റര്‍നെറ്റ് കണ്ട്രോള്‍ മസ്സേജ് പ്രോട്ടോക്കോള്‍ (ഐസിഎംപി) തരത്തിനുള്ള " --"വിവരങ്ങള്‍ ഒരു firewalld icmptype ലഭ്യമാക്കുന്നു." -+"firewalld-യ്ക്കുള്ളൊരു ഇന്റര്‍നെറ്റ് കണ്ട്രോള്‍ മസ്സേജ് പ്രോട്ടോക്കോള്‍ " -+"(ഐസിഎംപി) തരത്തിനുള്ള വിവരങ്ങള്‍ ഒരു firewalld icmptype ലഭ്യമാക്കുന്നു." - - #: ../src/firewall-config.glade.h:167 - msgid "Add ICMP Type" -@@ -1472,8 +1496,9 @@ msgid "" - "ICMP Types can only be changed in the permanent configuration view. The " - "runtime configuration of ICMP Types is fixed." - msgstr "" --"സ്ഥിരമായുള്ള ക്രമീകരണ കാഴ്ചയില്‍ മാത്രമേ ഐസിഎംപി തരങ്ങള്‍ക്കു് മാറ്റം വരുത്തുവാന്‍ സാധിയ്ക്കൂ. " --"ഐസിഎംപി തരങ്ങളുടെ പ്രവര്‍ത്തന ക്രമീകരണം പരിഹരിച്ചിരിയ്ക്കുന്നു." -+"സ്ഥിരമായുള്ള ക്രമീകരണ കാഴ്ചയില്‍ മാത്രമേ ഐസിഎംപി തരങ്ങള്‍ക്കു് മാറ്റം " -+"വരുത്തുവാന്‍ സാധിയ്ക്കൂ. ഐസിഎംപി തരങ്ങളുടെ പ്രവര്‍ത്തന ക്രമീകരണം " -+"പരിഹരിച്ചിരിയ്ക്കുന്നു." - - #: ../src/firewall-config.glade.h:173 - msgid "" -@@ -1494,10 +1519,12 @@ msgid "" - "commands, parameters and targets. Direct configuration should be used only " - "as a last resort when it is not possible to use other firewalld features." - msgstr "" --"നേരിട്ടുള്ള ക്രമീകരണം ഫയര്‍വോളിലേക്കു് കൂടുതല്‍ അനുമതി നല്‍കുന്നു. ഈ ഐച്ഛികങ്ങള്‍ക്കു്, ഉപയോക്താവു് " --"അടിസ്ഥാന iptables ശൈലികള്‍, അതായതു്, പട്ടികകള്‍, ചെയിനുകള്‍, കമാന്‍ഡുകള്‍, പരാമീറ്ററുകള്‍, " --"ടാര്‍ഗറ്റുകള്‍ എന്നിവ അറിയേണ്ട ആവശ്യമുണ്ടു്. മറ്റു് firewalld വിശേഷതകള്‍ ഉപയോഗിയ്ക്കുവാന്‍ സാധ്യമല്ല " --"എന്നുറപ്പുള്ളപ്പോള്‍ മാത്രം നേരിട്ടുള്ള ക്രമീകരണം ഉപയോഗിയ്ക്കുവാന്‍ പാടുള്ളൂ." -+"നേരിട്ടുള്ള ക്രമീകരണം ഫയര്‍വോളിലേക്കു് കൂടുതല്‍ അനുമതി നല്‍കുന്നു. ഈ " -+"ഐച്ഛികങ്ങള്‍ക്കു്, ഉപയോക്താവു് അടിസ്ഥാന iptables ശൈലികള്‍, അതായതു്, " -+"പട്ടികകള്‍, ചെയിനുകള്‍, കമാന്‍ഡുകള്‍, പരാമീറ്ററുകള്‍, ടാര്‍ഗറ്റുകള്‍ എന്നിവ " -+"അറിയേണ്ട ആവശ്യമുണ്ടു്. മറ്റു് firewalld വിശേഷതകള്‍ ഉപയോഗിയ്ക്കുവാന്‍ " -+"സാധ്യമല്ല എന്നുറപ്പുള്ളപ്പോള്‍ മാത്രം നേരിട്ടുള്ള ക്രമീകരണം " -+"ഉപയോഗിയ്ക്കുവാന്‍ പാടുള്ളൂ." - - #: ../src/firewall-config.glade.h:176 - msgid "" -@@ -1505,9 +1532,9 @@ msgid "" - "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " - "bridges (ebtables)." - msgstr "" --"ഓരോ ഐച്ഛികത്തിന്റേയും ipv ആര്‍ഗ്യുമെന്റ് ipv4 അല്ലെങ്കില്‍ ipv6 അല്ലെങ്കില്‍ eb ആയിരിയ്ക്കണം. " --"ipv4 - iptables, ipv6 - ip6tables, eb - ഇഥര്‍നെറ്റ് ബ്രിഡ്ജുകള്‍ക്കു് (ebtables) " --"എന്നിങ്ങനെയാകുന്നു." -+"ഓരോ ഐച്ഛികത്തിന്റേയും ipv ആര്‍ഗ്യുമെന്റ് ipv4 അല്ലെങ്കില്‍ ipv6 അല്ലെങ്കില്‍ " -+"eb ആയിരിയ്ക്കണം. ipv4 - iptables, ipv6 - ip6tables, eb - ഇഥര്‍നെറ്റ് " -+"ബ്രിഡ്ജുകള്‍ക്കു് (ebtables) എന്നിങ്ങനെയാകുന്നു." - - #: ../src/firewall-config.glade.h:177 - msgid "Additional chains for use with rules." -@@ -1533,7 +1560,8 @@ msgstr "ചെയിനുകള്‍" - msgid "" - "Add a rule with the arguments args to a chain in a table with a priority." - msgstr "" --"മുന്‍ഗണനയ്ക്കൊപ്പം ഒരു പട്ടികയില്‍ ഒരു ചെയിനിനു് args ആര്‍ഗ്യുമെന്റുകള്‍ക്കൊപ്പം ഒരു നിയമം ചേര്‍ക്കുക." -+"മുന്‍ഗണനയ്ക്കൊപ്പം ഒരു പട്ടികയില്‍ ഒരു ചെയിനിനു് args " -+"ആര്‍ഗ്യുമെന്റുകള്‍ക്കൊപ്പം ഒരു നിയമം ചേര്‍ക്കുക." - - #: ../src/firewall-config.glade.h:183 - msgid "" -@@ -1544,10 +1572,12 @@ msgid "" - "after another one, use a low priority for the first and a higher for the " - "following." - msgstr "" --"നിയമങ്ങളുടെ ക്രമത്തിനു് വേണ്ടി മുന്‍ഗണന ഉപയോഗിയ്ക്കുന്നു. മുന്‍ഗണന 0 - ചെയിനിന്റെ മുകളില്‍ നിയമം " --"ചേര്‍ക്കുക, ഇതിനു് ശേഷം കൂടുതല്‍ മുന്‍ഗണനയോടെ നിയമങ്ങള്‍ ചേര്‍ക്കുന്നു. ഒരേ മുന്‍ഗണനയുള്ള നിയമങ്ങള്‍ ഒരേ " --"തലത്തിലാകുന്നു. ഇവയുടെ ക്രമം സ്ഥിരമല്ല, മാറ്റുവാന്‍ സാധ്യമാകുന്നു. ഒന്നിനു് ശേഷം മറ്റൊന്നായി " --"നിയമം ചേര്‍ക്കുന്നതിനു്, ആദ്യം മുന്‍ഗണന കുറഞ്ഞതു് ഉപയോഗിയ്ക്കുക ശേഷം മുന്‍ഗണന കൂടിയതു്, അങ്ങനെ..." -+"നിയമങ്ങളുടെ ക്രമത്തിനു് വേണ്ടി മുന്‍ഗണന ഉപയോഗിയ്ക്കുന്നു. മുന്‍ഗണന 0 - " -+"ചെയിനിന്റെ മുകളില്‍ നിയമം ചേര്‍ക്കുക, ഇതിനു് ശേഷം കൂടുതല്‍ മുന്‍ഗണനയോടെ " -+"നിയമങ്ങള്‍ ചേര്‍ക്കുന്നു. ഒരേ മുന്‍ഗണനയുള്ള നിയമങ്ങള്‍ ഒരേ തലത്തിലാകുന്നു. " -+"ഇവയുടെ ക്രമം സ്ഥിരമല്ല, മാറ്റുവാന്‍ സാധ്യമാകുന്നു. ഒന്നിനു് ശേഷം മറ്റൊന്നായി " -+"നിയമം ചേര്‍ക്കുന്നതിനു്, ആദ്യം മുന്‍ഗണന കുറഞ്ഞതു് ഉപയോഗിയ്ക്കുക ശേഷം " -+"മുന്‍ഗണന കൂടിയതു്, അങ്ങനെ..." - - #: ../src/firewall-config.glade.h:184 - msgid "Add Rule" -@@ -1571,12 +1601,14 @@ msgid "" - "not placed in special chains. All iptables, ip6tables and ebtables options " - "can be used." - msgstr "" --"പാസ്ത്രൂ നിയമങ്ങള്‍ പ്രത്യേക ചെയിനിലല്ല, പക്ഷേ നേരിട്ടു് ഫയര്‍വോളിലേക്കു് അയയ്ക്കുന്നു. iptables, " --"ip6tables, ebtables എന്നിവയെല്ലാം ഉപയോഗിയ്ക്കാം." -+"പാസ്ത്രൂ നിയമങ്ങള്‍ പ്രത്യേക ചെയിനിലല്ല, പക്ഷേ നേരിട്ടു് ഫയര്‍വോളിലേക്കു് " -+"അയയ്ക്കുന്നു. iptables, ip6tables, ebtables എന്നിവയെല്ലാം ഉപയോഗിയ്ക്കാം." - - #: ../src/firewall-config.glade.h:189 - msgid "Please be careful with passthrough rules to not damage the firewall." --msgstr "പാസ്ത്രൂ നിയമങ്ങള്‍ ഫയര്‍വോളിനെ ബാധിയ്ക്കുന്നില്ലെന്നു് ദയവായി ഉറപ്പു് വരുത്തുക." -+msgstr "" -+"പാസ്ത്രൂ നിയമങ്ങള്‍ ഫയര്‍വോളിനെ ബാധിയ്ക്കുന്നില്ലെന്നു് ദയവായി ഉറപ്പു് " -+"വരുത്തുക." - - #: ../src/firewall-config.glade.h:190 - msgid "Add Passthrough" -@@ -1600,9 +1632,10 @@ msgid "" - "firewalld. It limits changes to the firewall. The lockdown whitelist can " - "contain commands, contexts, users and user ids." - msgstr "" --"firewalld-യ്ക്കുള്ള ഉപയോക്താവിനും പ്രയോഗത്തിനുമുള്ള ലളിതമായ പോളിസികളാണു് ലോക്ക്ഡൌണ്‍ വിശേഷത. " --"ഇതു് ഫയര്‍വോളില്‍ മാത്രമേയുള്ളൂ. ലോക്ക്ഡൌണ്‍ വൈറ്റ് ലിസ്റ്റില്‍ കമാന്‍ഡുകള്‍, സന്ദര്‍ഭങ്ങള്‍, ഉപയോക്താക്കള്‍, " --"ഉപയോക്തൃ ഐഡികള്‍ എന്നിവ അടങ്ങുന്നു." -+"firewalld-യ്ക്കുള്ള ഉപയോക്താവിനും പ്രയോഗത്തിനുമുള്ള ലളിതമായ പോളിസികളാണു് " -+"ലോക്ക്ഡൌണ്‍ വിശേഷത. ഇതു് ഫയര്‍വോളില്‍ മാത്രമേയുള്ളൂ. ലോക്ക്ഡൌണ്‍ വൈറ്റ് " -+"ലിസ്റ്റില്‍ കമാന്‍ഡുകള്‍, സന്ദര്‍ഭങ്ങള്‍, ഉപയോക്താക്കള്‍, ഉപയോക്തൃ ഐഡികള്‍ " -+"എന്നിവ അടങ്ങുന്നു." - - #: ../src/firewall-config.glade.h:195 - msgid "" -@@ -1633,8 +1666,9 @@ msgid "" - "command lines starting with the command will match. If the '*' is not there " - "the absolute command inclusive arguments must match." - msgstr "" --"വൈറ്റ് ലിസ്റ്റിലുള്ളൊരു കമാന്‍ഡ് എന്‍ട്രി '*'-ല്‍ അവസാനിയ്ക്കുന്നെങ്കില്‍, കമാന്‍‍ഡില്‍ ആരംഭിയ്ക്കുന്ന എല്ലാ " --"കമാന്‍ഡ് ലൈനുകളും ചേരുന്നു. '*' ലഭ്യമല്ലെങ്കില്‍, ആര്‍ഗ്യുമെന്റുകള്‍ ഉള്‍പ്പടെയുള്ള ആബ്സല്യൂട്ട് കമാന്‍ഡും " -+"വൈറ്റ് ലിസ്റ്റിലുള്ളൊരു കമാന്‍ഡ് എന്‍ട്രി '*'-ല്‍ അവസാനിയ്ക്കുന്നെങ്കില്‍, " -+"കമാന്‍‍ഡില്‍ ആരംഭിയ്ക്കുന്ന എല്ലാ കമാന്‍ഡ് ലൈനുകളും ചേരുന്നു. '*' " -+"ലഭ്യമല്ലെങ്കില്‍, ആര്‍ഗ്യുമെന്റുകള്‍ ഉള്‍പ്പടെയുള്ള ആബ്സല്യൂട്ട് കമാന്‍ഡും " - "പൊരുത്തപ്പെടണം. " - - #: ../src/firewall-config.glade.h:201 -@@ -1825,7 +1859,9 @@ msgstr "നേരിട്ടുള്ള നിയമം" - - #: ../src/firewall-config.glade.h:248 - msgid "Please select ipv and table, chain priority and enter the args." --msgstr "ipv, പട്ടിക, ചെയിന്‍ മുന്‍ഗണം എന്നിവ പരിശോധിച്ചു് ആര്‍ഗ്യുമെന്റുകള്‍ നല്‍കുക." -+msgstr "" -+"ipv, പട്ടിക, ചെയിന്‍ മുന്‍ഗണം എന്നിവ പരിശോധിച്ചു് ആര്‍ഗ്യുമെന്റുകള്‍ നല്‍കുക." -+"" - - #: ../src/firewall-config.glade.h:249 - msgid "Priority:" -@@ -1850,8 +1886,8 @@ msgstr "ദയവായി ഒരു റിച്ച് റൂള്‍ നല - #: ../src/firewall-config.glade.h:255 - msgid "For host or network white or blacklisting deactivate the element." - msgstr "" --"ഹോസ്റ്റ് അല്ലെങ്കില്‍ നെറ്റ്‌വര്‍ക്കിനു്, വൈറ്റ് അല്ലെങ്കില്‍ ബ്ലാക്ക് ലിസ്റ്റ് ചെയ്തതിനു് എലമെന്റ് " --"നിര്‍ജീവമാക്കുക." -+"ഹോസ്റ്റ് അല്ലെങ്കില്‍ നെറ്റ്‌വര്‍ക്കിനു്, വൈറ്റ് അല്ലെങ്കില്‍ ബ്ലാക്ക് " -+"ലിസ്റ്റ് ചെയ്തതിനു് എലമെന്റ് നിര്‍ജീവമാക്കുക." - - #: ../src/firewall-config.glade.h:256 - msgid "Source:" -@@ -1879,11 +1915,11 @@ msgstr "വിപിരീതമായ" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" --"പ്രവര്‍ത്തനസജ്ജമാക്കുന്നതിനായി, ഈ പ്രവര്‍ത്തി 'reject' ചെയ്തു് കുടുംബം 'ipv4' അല്ലെങ്കില്‍ " --"'ipv6' ആയിരിയ്ക്കണം (രണ്ടും പാടില്ല )." -+"പ്രവര്‍ത്തനസജ്ജമാക്കുന്നതിനായി, ഈ പ്രവര്‍ത്തി 'reject' ചെയ്തു് കുടുംബം " -+"'ipv4' അല്ലെങ്കില്‍ 'ipv6' ആയിരിയ്ക്കണം (രണ്ടും പാടില്ല )." - - #: ../src/firewall-config.glade.h:267 - msgid "with Type:" -diff --git a/po/mr.po b/po/mr.po -index 4688fb41d207..434742a6da47 100644 ---- a/po/mr.po -+++ b/po/mr.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # Automatically generated, 2004 - # Rahul Bhalerao , 2006 -@@ -16,14 +16,14 @@ msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" --"PO-Revision-Date: 2015-02-26 03:00+0000\n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=UTF-8\n" -+"Content-Transfer-Encoding: 8bit\n" -+"PO-Revision-Date: 2015-02-26 10:00+0000\n" - "Last-Translator: Copied by Zanata \n" - "Language-Team: Marathi (http://www.transifex.com/projects/p/firewalld/" - "language/mr/)\n" - "Language: mr\n" --"MIME-Version: 1.0\n" --"Content-Type: text/plain; charset=UTF-8\n" --"Content-Transfer-Encoding: 8bit\n" - "Plural-Forms: nplurals=2; plural=(n != 1);\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -83,8 +83,8 @@ msgid "" - "This feature is useful for people using the default zones mostly. For users, " - "that are changing zones of connections, it might be of limited use." - msgstr "" --"हे गुणधर्म पूर्वनिर्धारित झोन्सचा वापर करणाऱ्यांना उपयोगी ठरेल. वापरकर्त्यांना, जे जोडणींचे " --"झोन्स बदलतात, याचा मर्यादीत वापर ठरू शकतो." -+"हे गुणधर्म पूर्वनिर्धारित झोन्सचा वापर करणाऱ्यांना उपयोगी ठरेल. " -+"वापरकर्त्यांना, जे जोडणींचे झोन्स बदलतात, याचा मर्यादीत वापर ठरू शकतो." - - #: ../src/firewall-applet.in:235 - msgid "Shields Up Zone:" -@@ -206,8 +206,10 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" --msgstr "संवाद '{interface}' वरील जोडणी '{connection}' करिता क्षेत्र '{zone}' सक्रीय" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" -+msgstr "" -+"संवाद '{interface}' वरील जोडणी '{connection}' करिता क्षेत्र '{zone}' सक्रीय" - - #: ../src/firewall-applet.in:892 - msgid "Zone '{zone}' active for interface '{interface}'" -@@ -261,8 +263,8 @@ msgid "" - "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " - "interface '{interface}'" - msgstr "" --"संवाद '{interface}' वरील जोडणी '{connection}' करिता क्षेत्र " --"'{zone}' {activated_deactivated}" -+"संवाद '{interface}' वरील जोडणी '{connection}' करिता क्षेत्र '{zone}' " -+"{activated_deactivated}" - - #: ../src/firewall-applet.in:1047 - msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" -@@ -645,8 +647,7 @@ msgstr "ipv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" - "संवाद संक्रमीत झाले असल्यावरच इतर प्रणालीकरिता फॉरवर्ड करणे उपयोगी ठरते.\n" -@@ -834,8 +835,8 @@ msgid "" - "If you enable local forwarding, you have to specify a port. This port has to " - "be different to the source port." - msgstr "" --"स्थानीक फॉर्वडींग कार्यान्वीत केल्यास, तुम्हाला पोर्ट निर्देशीत करावे लागेल. स्त्रोत पोर्ट " --"करीता हे पोर्ट वेगळे असायला हवे." -+"स्थानीक फॉर्वडींग कार्यान्वीत केल्यास, तुम्हाला पोर्ट निर्देशीत करावे लागेल. " -+"स्त्रोत पोर्ट करीता हे पोर्ट वेगळे असायला हवे." - - #: ../src/firewall-config.glade.h:30 - msgid "Local forwarding" -@@ -943,8 +944,9 @@ msgid "" - "runtime configuration. i.e. all runtime only changes done until reload are " - "lost with reload if they have not been also in permanent configuration." - msgstr "" --"फायरवॉल रूल्स पुन्हा लोड करतो. सध्याची कायम संरचना नविन रनटाइम संचरना बनेल. म्हणजेच " --"कायम संरचनामध्ये न आढळल्यास रिलोड पर्यंतचे फक्त रनटाइम बदल गमवले जातात." -+"फायरवॉल रूल्स पुन्हा लोड करतो. सध्याची कायम संरचना नविन रनटाइम संचरना बनेल. " -+"म्हणजेच कायम संरचनामध्ये न आढळल्यास रिलोड पर्यंतचे फक्त रनटाइम बदल गमवले " -+"जातात." - - #: ../src/firewall-config.glade.h:60 - msgid "Change which zone a network connection belongs to." -@@ -987,7 +989,8 @@ msgid "" - "Lockdown locks firewall configuration so that only applications on lockdown " - "whitelist are able to change it." - msgstr "" --"लॉकडाऊन फायरवॉल संरचना कुलूपबंद करते जेणेकरूण फक्त लॉकडाऊनकरिता ॲप्लिकेशन्स त्यास बदलू शकेल." -+"लॉकडाऊन फायरवॉल संरचना कुलूपबंद करते जेणेकरूण फक्त लॉकडाऊनकरिता ॲप्लिकेशन्स " -+"त्यास बदलू शकेल." - - #: ../src/firewall-config.glade.h:71 - msgid "Lockdown" -@@ -1061,8 +1064,9 @@ msgid "" - "configuration. Permanent configuration will be active after service or " - "system reload or restart." - msgstr "" --"सध्या दृश्यास्पद संरचना. रनटाइम संरचना वास्तविक सक्रीय संरचना आहे. सर्व्हिस किंवा " --"प्रणालीला पुन्हा लोड किंवा पुन्हा सुरू केल्यानंतर कायम संरचना सक्रीय केली जाईल." -+"सध्या दृश्यास्पद संरचना. रनटाइम संरचना वास्तविक सक्रीय संरचना आहे. सर्व्हिस " -+"किंवा प्रणालीला पुन्हा लोड किंवा पुन्हा सुरू केल्यानंतर कायम संरचना सक्रीय " -+"केली जाईल." - - #: ../src/firewall-config.glade.h:88 - msgid "" -@@ -1072,10 +1076,11 @@ msgid "" - "filters and rich rules. The zone can be bound to interfaces and source " - "addresses." - msgstr "" --"firewalld क्षेत्र नेटवर्क जोडणींकरिता विश्वासर्हता स्तर, इंटरफेसेस व झोनकरिता बांधणी असलेले " --"सोअर्स पत्ता ठरवतो. क्षेत्र सर्व्हिसेस, पोर्टस, प्रोटोकॉल्स, मॅस्क्युरेडिंग, पोर्ट किंवा पॅकेट " --"फॉरवर्डिंग, icmp फिल्टर्स व रिच रूल्स एकत्रीत करतो. क्षेत्र इंटरफेसेस व सोअर्स पत्त्यांकरिता " --"बांधणी करतो." -+"firewalld क्षेत्र नेटवर्क जोडणींकरिता विश्वासर्हता स्तर, इंटरफेसेस व " -+"झोनकरिता बांधणी असलेले सोअर्स पत्ता ठरवतो. क्षेत्र सर्व्हिसेस, पोर्टस, " -+"प्रोटोकॉल्स, मॅस्क्युरेडिंग, पोर्ट किंवा पॅकेट फॉरवर्डिंग, icmp फिल्टर्स व " -+"रिच रूल्स एकत्रीत करतो. क्षेत्र इंटरफेसेस व सोअर्स पत्त्यांकरिता बांधणी करतो." -+"" - - #: ../src/firewall-config.glade.h:90 - msgid "Add Zone" -@@ -1099,9 +1104,10 @@ msgid "" - "are accessible from all hosts and networks that can reach the machine from " - "connections, interfaces and sources bound to this zone." - msgstr "" --"येथे तुम्ही झोनमध्ये कोणती सर्व्हिसेस विश्वासर्ह आहेत ते ठरवू शकता. विश्वासर्ह सर्व्हिसेस सर्व " --"यजमानांपासून व ह्या झोनकरिता बांधीत असलेल्या जोडणी, संवाद व सोअर्सेसपासून मशीनपर्यंत " --"पोहचण्याजोगी नेटवर्कसकरिता प्रवेशजोगी आहेत." -+"येथे तुम्ही झोनमध्ये कोणती सर्व्हिसेस विश्वासर्ह आहेत ते ठरवू शकता. " -+"विश्वासर्ह सर्व्हिसेस सर्व यजमानांपासून व ह्या झोनकरिता बांधीत असलेल्या " -+"जोडणी, संवाद व सोअर्सेसपासून मशीनपर्यंत पोहचण्याजोगी नेटवर्कसकरिता " -+"प्रवेशजोगी आहेत." - - #: ../src/firewall-config.glade.h:95 - msgid "Services" -@@ -1112,8 +1118,8 @@ msgid "" - "Add additional ports or port ranges, which need to be accessible for all " - "hosts or networks that can connect to the machine." - msgstr "" --"अगाऊ पोर्टस् किंवा पोर्ट व्याप्ति समाविष्ट करा, जे सर्व यजमान किंवा मशनसह जोडणीजोगी " --"नेटवर्ककरिता प्रवेशजोगी असायला हवे." -+"अगाऊ पोर्टस् किंवा पोर्ट व्याप्ति समाविष्ट करा, जे सर्व यजमान किंवा मशनसह " -+"जोडणीजोगी नेटवर्ककरिता प्रवेशजोगी असायला हवे." - - #: ../src/firewall-config.glade.h:97 - msgid "Add Port" -@@ -1167,9 +1173,10 @@ msgid "" - "network to the internet. Your local network will not be visible and the " - "hosts appear as a single address on the internet. Masquerading is IPv4 only." - msgstr "" --"मास्क्युरेडींग यजमान स्थापीत करण्यास किंवा इंटरनेटवरील स्थानीक संजाळ जुळवणीकरीता राऊटरला " --"परवानगी देतो. तुमचे स्थानीक संजाळ दिसणार नाही व इंटरनेटवर यजमान एक पत्ता म्हणूनच दिसून " --"येईल. मास्क्युरेडींग फक्त IPv4 करीता आहे." -+"मास्क्युरेडींग यजमान स्थापीत करण्यास किंवा इंटरनेटवरील स्थानीक संजाळ " -+"जुळवणीकरीता राऊटरला परवानगी देतो. तुमचे स्थानीक संजाळ दिसणार नाही व " -+"इंटरनेटवर यजमान एक पत्ता म्हणूनच दिसून येईल. मास्क्युरेडींग फक्त IPv4 करीता " -+"आहे." - - #: ../src/firewall-config.glade.h:109 - msgid "Masquerade zone" -@@ -1179,7 +1186,9 @@ msgstr "मास्क्युरेड क्षेत्र" - msgid "" - "If you enable masquerading, IP forwarding will be enabled for your IPv4 " - "networks." --msgstr "मास्क्युरेडिंग सुरू करताना, IP फॉर्वरर्डिंग IPv4 नेटवर्क्सकरिता सुरू केले जाईल." -+msgstr "" -+"मास्क्युरेडिंग सुरू करताना, IP फॉर्वरर्डिंग IPv4 नेटवर्क्सकरिता सुरू केले " -+"जाईल." - - #: ../src/firewall-config.glade.h:111 - msgid "Masquerading" -@@ -1192,9 +1201,10 @@ msgid "" - "system is only useful if the interface is masqueraded. Port forwarding is " - "IPv4 only." - msgstr "" --"स्थानीक प्रणालीवरील किंवा एका स्थानीक प्रणली वरून अन्य प्रणाली करीता एका पोर्ट पासून " --"इतर पोर्ट पर्यंत पोर्ट फॉर्वड करण्यासाठी नोंदणी जोडा. अन्य प्रणाली करीता फॉर्वडींग " --"तेव्हाच उपयोगी ठरेल जेव्हा संवाद लपविला जाईल. पोर्ट फॉर्वडींग फक्त IPv4 करीता आहे." -+"स्थानीक प्रणालीवरील किंवा एका स्थानीक प्रणली वरून अन्य प्रणाली करीता एका " -+"पोर्ट पासून इतर पोर्ट पर्यंत पोर्ट फॉर्वड करण्यासाठी नोंदणी जोडा. अन्य " -+"प्रणाली करीता फॉर्वडींग तेव्हाच उपयोगी ठरेल जेव्हा संवाद लपविला जाईल. पोर्ट " -+"फॉर्वडींग फक्त IPv4 करीता आहे." - - #: ../src/firewall-config.glade.h:113 - msgid "Add Forward Port" -@@ -1215,16 +1225,16 @@ msgid "" - "messages like ping requests and replies." - msgstr "" - "Internet Control Message Protocol (ICMP) चा वापर संभाव्यतः त्रुटी संदेश " --"पाठविण्याकीरता केला जातो, पण अगाऊरित्या माहिती संदेश करीता देखील वापरला जातो जसे की " --"पींग विनंती किंवा प्रतिसाद." -+"पाठविण्याकीरता केला जातो, पण अगाऊरित्या माहिती संदेश करीता देखील वापरला जातो " -+"जसे की पींग विनंती किंवा प्रतिसाद." - - #: ../src/firewall-config.glade.h:117 - msgid "" - "Mark the ICMP types in the list, which should be rejected. All other ICMP " - "types are allowed to pass the firewall. The default is no limitation." - msgstr "" --"यादीतील ICMP प्रकार, जे स्वीकारले नाही पाहिजे. इतर सर्व ICMP प्रकार फायरवॉल ला भेदून " --"जाऊ शकतात. पूर्वनिर्धारीतवर मर्यादा नाही." -+"यादीतील ICMP प्रकार, जे स्वीकारले नाही पाहिजे. इतर सर्व ICMP प्रकार फायरवॉल " -+"ला भेदून जाऊ शकतात. पूर्वनिर्धारीतवर मर्यादा नाही." - - #: ../src/firewall-config.glade.h:118 - msgid "" -@@ -1265,8 +1275,8 @@ msgid "" - "Add entries to bind interfaces to the zone. If the interface will be used by " - "a connection, the zone will be set to the zone specified in the connection." - msgstr "" --"संवादांना झोनकरिता बांधणी करण्यासाठी नोंदणी समाविष्ट करा. जोडणीतर्फे संवादचा वापर " --"करायचे असल्यास, जोडणीमध्ये निर्देशीत झोनकरिता झोन सेट केले जाईल." -+"संवादांना झोनकरिता बांधणी करण्यासाठी नोंदणी समाविष्ट करा. जोडणीतर्फे संवादचा " -+"वापर करायचे असल्यास, जोडणीमध्ये निर्देशीत झोनकरिता झोन सेट केले जाईल." - - #: ../src/firewall-config.glade.h:127 - msgid "Add Interface" -@@ -1307,7 +1317,9 @@ msgstr "झोन्स" - msgid "" - "A firewalld service is a combination of ports, protocols, modules and " - "destination addresses." --msgstr "firewalld सर्व्हिस पोर्टस्, प्रोटोकॉल्स, घटक व लक्ष्य पत्त्यांचे एकत्रीकरण आहे." -+msgstr "" -+"firewalld सर्व्हिस पोर्टस्, प्रोटोकॉल्स, घटक व लक्ष्य पत्त्यांचे एकत्रीकरण " -+"आहे." - - #: ../src/firewall-config.glade.h:139 - msgid "Add Service" -@@ -1363,8 +1375,8 @@ msgid "" - "the destination address and type. If both entries are empty, there is no " - "limitation." - msgstr "" --"लक्ष्य पत्ता निर्देशीत केल्यास, सर्व्हिस नोंदणी लक्ष्य पत्ता व प्रकारकरिता मर्यादीत राहेल. " --"दोंही नोंदणी रिकामे असल्यास, कुठलिही मर्यादा राहत नाही." -+"लक्ष्य पत्ता निर्देशीत केल्यास, सर्व्हिस नोंदणी लक्ष्य पत्ता व प्रकारकरिता " -+"मर्यादीत राहेल. दोंही नोंदणी रिकामे असल्यास, कुठलिही मर्यादा राहत नाही." - - #: ../src/firewall-config.glade.h:151 - msgid "IPv4:" -@@ -1379,8 +1391,8 @@ msgid "" - "Services can only be changed in the permanent configuration view. The " - "runtime configuration of services is fixed." - msgstr "" --"सर्व्हिसेसला फक्त नेहमीच्या संरचना दृष्यमध्ये बदलणे शक्य आहे. सर्व्हिसेसची रनटाइम संरचना ठरवले " --"आहे." -+"सर्व्हिसेसला फक्त नेहमीच्या संरचना दृष्यमध्ये बदलणे शक्य आहे. सर्व्हिसेसची " -+"रनटाइम संरचना ठरवले आहे." - - #: ../src/firewall-config.glade.h:154 - msgid "" -@@ -1440,8 +1452,8 @@ msgid "" - "A firewalld icmptype provides the information for an Internet Control " - "Message Protocol (ICMP) type for firewalld." - msgstr "" --"firewalldसाठी इंटरनेट कंट्रोल मेसेज प्रोटोकॉल (ICMP) प्रकारकरिता firewalld icmptype " --"माहिती पुरवते." -+"firewalldसाठी इंटरनेट कंट्रोल मेसेज प्रोटोकॉल (ICMP) प्रकारकरिता firewalld " -+"icmptype माहिती पुरवते." - - #: ../src/firewall-config.glade.h:167 - msgid "Add ICMP Type" -@@ -1462,15 +1474,16 @@ msgstr "ICMP प्रकार पूर्वनिर्धारित ल - #: ../src/firewall-config.glade.h:171 - msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." - msgstr "" --"IPv4 आणि किंवा IPv6 करिता हे ICMP प्रकार उपलब्ध आहे किंवा नाही ते निर्देशीत करा." -+"IPv4 आणि किंवा IPv6 करिता हे ICMP प्रकार उपलब्ध आहे किंवा नाही ते निर्देशीत " -+"करा." - - #: ../src/firewall-config.glade.h:172 - msgid "" - "ICMP Types can only be changed in the permanent configuration view. The " - "runtime configuration of ICMP Types is fixed." - msgstr "" --"ICMP प्रकारला कायमस्वरूपी संरचना दृष्यमध्ये बदलणे शक्य आहे. ICMP प्रकारची रनटाइम संरचना " --"ठरवली आहे." -+"ICMP प्रकारला कायमस्वरूपी संरचना दृष्यमध्ये बदलणे शक्य आहे. ICMP प्रकारची " -+"रनटाइम संरचना ठरवली आहे." - - #: ../src/firewall-config.glade.h:173 - msgid "" -@@ -1491,10 +1504,10 @@ msgid "" - "commands, parameters and targets. Direct configuration should be used only " - "as a last resort when it is not possible to use other firewalld features." - msgstr "" --"डाइरेक्ट संरचना फायरवॉलकरिता प्रत्यक्ष प्रवेश देते. ह्या पर्यायमुळे वापरकर्त्याला मूळ " --"iptables तत्व, जसे कि तक्ता, चैन्स, आदेश, बाबी आणि लक्ष्य माहिती असणे आवश्यक आहे. " --"प्रत्यक्ष संरचनेचा वापर शेवटचा पर्याय म्हणून करावा जेव्हा इतर फायरवॉल्ड गुणविशेषांचा वापर " --"शक्य होत नाही." -+"डाइरेक्ट संरचना फायरवॉलकरिता प्रत्यक्ष प्रवेश देते. ह्या पर्यायमुळे " -+"वापरकर्त्याला मूळ iptables तत्व, जसे कि तक्ता, चैन्स, आदेश, बाबी आणि लक्ष्य " -+"माहिती असणे आवश्यक आहे. प्रत्यक्ष संरचनेचा वापर शेवटचा पर्याय म्हणून करावा " -+"जेव्हा इतर फायरवॉल्ड गुणविशेषांचा वापर शक्य होत नाही." - - #: ../src/firewall-config.glade.h:176 - msgid "" -@@ -1502,9 +1515,9 @@ msgid "" - "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " - "bridges (ebtables)." - msgstr "" --"प्रत्येक पर्यायचे ipv बाब ipv4 किंवा ipv6 किंवा eb पाहिजे. ipv4 असल्यास ते iptables " --"करिता, ipv6 असल्यास ip6tables करिता आणि eb असल्यास for इथरनेट ब्रिजेसकरिता " --"(ebtables) असायला हवे." -+"प्रत्येक पर्यायचे ipv बाब ipv4 किंवा ipv6 किंवा eb पाहिजे. ipv4 असल्यास ते " -+"iptables करिता, ipv6 असल्यास ip6tables करिता आणि eb असल्यास for इथरनेट " -+"ब्रिजेसकरिता (ebtables) असायला हवे." - - #: ../src/firewall-config.glade.h:177 - msgid "Additional chains for use with rules." -@@ -1529,7 +1542,8 @@ msgstr "चैन्स" - #: ../src/firewall-config.glade.h:182 - msgid "" - "Add a rule with the arguments args to a chain in a table with a priority." --msgstr "प्राधान्यतासह तक्तामध्ये चैनकरिता आर्ग्युमेंट्स args सह नियम समाविष्ट करा." -+msgstr "" -+"प्राधान्यतासह तक्तामध्ये चैनकरिता आर्ग्युमेंट्स args सह नियम समाविष्ट करा." - - #: ../src/firewall-config.glade.h:183 - msgid "" -@@ -1540,12 +1554,12 @@ msgid "" - "after another one, use a low priority for the first and a higher for the " - "following." - msgstr "" --"नियमांना क्रमवारित लावण्याकरिता प्राधान्यता. प्राधान्यता 0 म्हणजे चैनच्या शीर्षमध्ये नियम " --"समाविष्ट करा , जास्त प्राधान्यता असणाऱ्या नियमाला अखेरीस समाविष्ट केले जाईल. समान " --"प्राधान्यता असलेले नियम एकाच स्तारावर असतात आणि या नियमांची क्रमवारी निश्चीत नसते आणि " --"कदाचित बदलू शकते. एका नियम नंतर इतर समाविष्ट केले जाईल, याची खात्री करायचे असल्यास, " --"पहिल्या नियमकरिता किमान प्राधान्यताचा वापर करा आणि खालीलकरिता जास्त प्राधान्यताचा " --"वापर करा." -+"नियमांना क्रमवारित लावण्याकरिता प्राधान्यता. प्राधान्यता 0 म्हणजे चैनच्या " -+"शीर्षमध्ये नियम समाविष्ट करा , जास्त प्राधान्यता असणाऱ्या नियमाला अखेरीस " -+"समाविष्ट केले जाईल. समान प्राधान्यता असलेले नियम एकाच स्तारावर असतात आणि या " -+"नियमांची क्रमवारी निश्चीत नसते आणि कदाचित बदलू शकते. एका नियम नंतर इतर " -+"समाविष्ट केले जाईल, याची खात्री करायचे असल्यास, पहिल्या नियमकरिता किमान " -+"प्राधान्यताचा वापर करा आणि खालीलकरिता जास्त प्राधान्यताचा वापर करा." - - #: ../src/firewall-config.glade.h:184 - msgid "Add Rule" -@@ -1569,8 +1583,9 @@ msgid "" - "not placed in special chains. All iptables, ip6tables and ebtables options " - "can be used." - msgstr "" --"फायरवॉलकरिता पासथ्रु नियम प्रत्यक्षरित्या पुरवले जातात आणि त्यास विशेष चैनमध्ये स्थित केले " --"जात नाही. सर्व iptables, ip6tables आणि ebtables पर्यायांचा वापर शक्य आहे." -+"फायरवॉलकरिता पासथ्रु नियम प्रत्यक्षरित्या पुरवले जातात आणि त्यास विशेष " -+"चैनमध्ये स्थित केले जात नाही. सर्व iptables, ip6tables आणि ebtables " -+"पर्यायांचा वापर शक्य आहे." - - #: ../src/firewall-config.glade.h:189 - msgid "Please be careful with passthrough rules to not damage the firewall." -@@ -1599,8 +1614,8 @@ msgid "" - "contain commands, contexts, users and user ids." - msgstr "" - "firewalld करिता लॉकडाऊन वापरकर्ता व ॲप्लिकेशन करारचे लाइटवेट गुणधर्म आहे. ते " --"फायरवॉलकरिता बदल मर्यादीत ठेवते. लॉकडाउन वाइटलिस्टमध्ये आदेश, संदर्भ, वापरकर्ते व युजर " --"आयडीज समाविष्टीत असू शकते." -+"फायरवॉलकरिता बदल मर्यादीत ठेवते. लॉकडाउन वाइटलिस्टमध्ये आदेश, संदर्भ, " -+"वापरकर्ते व युजर आयडीज समाविष्टीत असू शकते." - - #: ../src/firewall-config.glade.h:195 - msgid "" -@@ -1631,8 +1646,9 @@ msgid "" - "command lines starting with the command will match. If the '*' is not there " - "the absolute command inclusive arguments must match." - msgstr "" --"वाइटलिस्ट वरील आदेश नोंदणी ॲस्टेरिस्क '*' सह समाप्त होत असल्यास, आदेश पासून सुरू होणारे " --"सर्व आदेश ओळ जुळतील. '*' हे ॲबसोल्युट आदेश अंतर्गत न आढळल्यास परस्पर बाबी जुळायला पाहिजे." -+"वाइटलिस्ट वरील आदेश नोंदणी ॲस्टेरिस्क '*' सह समाप्त होत असल्यास, आदेश पासून " -+"सुरू होणारे सर्व आदेश ओळ जुळतील. '*' हे ॲबसोल्युट आदेश अंतर्गत न आढळल्यास " -+"परस्पर बाबी जुळायला पाहिजे." - - #: ../src/firewall-config.glade.h:201 - msgid "Add Command Line" -@@ -1846,7 +1862,9 @@ msgstr "कृपया रिच रूल भरा." - - #: ../src/firewall-config.glade.h:255 - msgid "For host or network white or blacklisting deactivate the element." --msgstr "यजमान किंवा नेटवर्ककरिता घटकांना निष्क्रीय करण्यासाठी वाइट किंवा ब्लॅकलिस्ट करा." -+msgstr "" -+"यजमान किंवा नेटवर्ककरिता घटकांना निष्क्रीय करण्यासाठी वाइट किंवा ब्लॅकलिस्ट " -+"करा." - - #: ../src/firewall-config.glade.h:256 - msgid "Source:" -@@ -1874,11 +1892,11 @@ msgstr "इनवर्टेड" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" --"सुरू करण्यासाठी ह्या कृतीला 'reject' करा आणि फॅमिलि एकतर 'ipv4' किंवा 'ipv6' (दोन्ही " --"नाही) पाहिजे." -+"सुरू करण्यासाठी ह्या कृतीला 'reject' करा आणि फॅमिलि एकतर 'ipv4' किंवा 'ipv6' " -+"(दोन्ही नाही) पाहिजे." - - #: ../src/firewall-config.glade.h:267 - msgid "with Type:" -diff --git a/po/nl.po b/po/nl.po -index 8cb4e7a47038..b835d4e79cf0 100644 ---- a/po/nl.po -+++ b/po/nl.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # Bart Couvreur , 2007 - # Geert Warrink , 2009-2014 -@@ -11,20 +11,21 @@ - # Geert Warrink , 2015. #zanata - # Geert Warrink , 2016. #zanata - # Geert Warrink , 2017. #zanata -+# Eric Garver , 2018. #zanata - # Geert Warrink , 2018. #zanata - msgid "" - msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" --"PO-Revision-Date: 2018-08-21 07:53+0000\n" --"Last-Translator: Geert Warrink \n" --"Language-Team: Dutch (http://www.transifex.com/projects/p/firewalld/language/" --"nl/)\n" --"Language: nl\n" - "MIME-Version: 1.0\n" - "Content-Type: text/plain; charset=UTF-8\n" - "Content-Transfer-Encoding: 8bit\n" -+"PO-Revision-Date: 2018-11-16 08:26+0000\n" -+"Last-Translator: Copied by Zanata \n" -+"Language-Team: Dutch (http://www.transifex.com/projects/p/firewalld/language/" -+"nl/)\n" -+"Language: nl\n" - "Plural-Forms: nplurals=2; plural=(n != 1);\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -151,7 +152,7 @@ msgstr "Verbindingen" - #: ../src/firewall-config.in:2468 ../src/firewall-config.in:2664 - #: ../src/firewall-config.in:2689 ../src/firewall-config.glade.h:130 - msgid "Interfaces" --msgstr "" -+msgstr "interface" - - #: ../src/firewall-applet.in:514 ../src/firewall-config.in:622 - #: ../src/firewall-config.in:2499 ../src/firewall-config.in:2667 -@@ -165,7 +166,7 @@ msgstr "Autorisatie is mislukt." - - #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2282 - msgid "Invalid name" --msgstr "Ongeldig argument %s" -+msgstr "Ongeldige naam" - - #: ../src/firewall-applet.in:596 ../src/firewall-config.in:2286 - msgid "Name already exists" -@@ -210,7 +211,8 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" - "Zone '{zone}' actief voor verbinding '{connection}' op interface " - "'{interface}'" -@@ -303,8 +305,8 @@ msgid "" - "Failed to connect to firewalld. Please make sure that the service has been " - "started correctly and try again." - msgstr "" --"De verbinding met firewalld mislukte. Zorg ervoor dat de service correct " --"opgestart is en probeer het opnieuw." -+"Verbinding maken met de firewall is mislukt. Zorg ervoor dat de dienst juist " -+"is opgestart en probeer het opnieuw." - - #: ../src/firewall-config.in:95 - msgid "Changes applied." -@@ -346,7 +348,7 @@ msgstr "Gebruikersnaam" - - #: ../src/firewall-config.in:244 - msgid "User id" --msgstr "Gebruikers-ID" -+msgstr "Gebruikers-id" - - #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 - msgid "Table" -@@ -655,8 +657,7 @@ msgstr "ipv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" - "Het doorsturen naar een ander systeem is alleen nuttig als de interface " -@@ -1053,7 +1054,7 @@ msgstr "_Hulp" - - #: ../src/firewall-config.glade.h:82 - msgid "Change Zone" --msgstr "Verander de zone" -+msgstr "Zone wijzigen" - - #: ../src/firewall-config.glade.h:83 - msgid "Change zone of binding" -@@ -1527,8 +1528,8 @@ msgid "" - "ICMP Types can only be changed in the permanent configuration view. The " - "runtime configuration of ICMP Types is fixed." - msgstr "" --"ICMP types kunnen alleen in de permanente configuratie view veranderd " --"worden. De runtime configuratie van ICMP types is gefixeerd." -+"ICMP types kunnen alleen in de permanente configuratie view veranderd worden." -+" De runtime configuratie van ICMP types is gefixeerd." - - #: ../src/firewall-config.glade.h:173 - msgid "" -@@ -1554,7 +1555,7 @@ msgid "" - "commands, parameters and targets. Direct configuration should be used only " - "as a last resort when it is not possible to use other firewalld features." - msgstr "" --"De directe configuratie biedt een rechtstreekse toegang tot de firwall aan. " -+"De directe configuratie biedt een rechtstreekse toegang tot de firewall aan. " - "Deze opties vereisen dat de gebruiker basis iptables concepten begrijpt, d.w." - "z. tabellen, ketens, commando's, parameters en doelen. Directe configuratie " - "moet alleen als laatste redmiddel gebruikt worden als het niet mogelijk is " -@@ -1797,7 +1798,7 @@ msgstr "Standaard zone:" - - #: ../src/firewall-config.glade.h:222 - msgid "Please enter an interface name:" --msgstr "Geef een interfacenaam op:" -+msgstr "Voer een interfacenaam in:" - - #: ../src/firewall-config.glade.h:223 - msgid "Base IPSet Settings" -@@ -1841,7 +1842,7 @@ msgstr "Selecteer een ipset:" - - #: ../src/firewall-config.glade.h:234 - msgid "Please enter an ipset entry:" --msgstr "Geef een ipset ingang op:" -+msgstr "Voer een ipsetinvoer in:" - - #: ../src/firewall-config.glade.h:235 - msgid "Log Denied" -@@ -1953,11 +1954,11 @@ msgstr "geïnverteerd" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" --"Om dit aan te zetten moet Actie 'afwijzen' zijn en Familie 'ipv4' of " --"'ipv6' (niet beide)." -+"Om dit aan te zetten moet Actie 'afwijzen' zijn en Familie 'ipv4' of 'ipv6' " -+"(niet beide)." - - #: ../src/firewall-config.glade.h:267 - msgid "with Type:" -@@ -2001,7 +2002,7 @@ msgstr "Selecteer een service." - - #: ../src/firewall-config.glade.h:297 - msgid "Please enter a source." --msgstr "Geef een bron op." -+msgstr "Voer een bron in." - - #: ../src/firewall-config.glade.h:298 - msgid "User ID" -diff --git a/po/or.po b/po/or.po -index e3b61a750e9c..c63beed50300 100644 ---- a/po/or.po -+++ b/po/or.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # Manoj Kumar Giri , 2008-2011,2014 - # saroj kumar padhy , 2008 -@@ -13,14 +13,14 @@ msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=UTF-8\n" -+"Content-Transfer-Encoding: 8bit\n" - "PO-Revision-Date: 2016-01-04 12:33+0000\n" - "Last-Translator: Copied by Zanata \n" - "Language-Team: Oriya (http://www.transifex.com/projects/p/firewalld/language/" - "or/)\n" - "Language: or\n" --"MIME-Version: 1.0\n" --"Content-Type: text/plain; charset=UTF-8\n" --"Content-Transfer-Encoding: 8bit\n" - "Plural-Forms: nplurals=2; plural=(n != 1);\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -80,8 +80,9 @@ msgid "" - "This feature is useful for people using the default zones mostly. For users, " - "that are changing zones of connections, it might be of limited use." - msgstr "" --"ଏହି ବିଶେଷତାଟି ପୂର୍ବନିର୍ଦ୍ଧାରିତ ଅଞ୍ଚଳକୁ ବ୍ୟବହାର କରୁଥିବା ବ୍ୟକ୍ତିଙ୍କ ପାଇଁ ଉପଯୋଗୀ ହୋଇଥାଏ। ସଂଯୋଗଗୁଡ଼ିକର " --"ଅଞ୍ଚଳ ବଦଳାଉଥିବା ବ୍ୟବହାରକାରୀଙ୍କ ପାଇଁ, ଏହାର ଉପଯୋଗୀତା ସିମୀତ ଅଟେ।" -+"ଏହି ବିଶେଷତାଟି ପୂର୍ବନିର୍ଦ୍ଧାରିତ ଅଞ୍ଚଳକୁ ବ୍ୟବହାର କରୁଥିବା ବ୍ୟକ୍ତିଙ୍କ ପାଇଁ " -+"ଉପଯୋଗୀ ହୋଇଥାଏ। ସଂଯୋଗଗୁଡ଼ିକର ଅଞ୍ଚଳ ବଦଳାଉଥିବା ବ୍ୟବହାରକାରୀଙ୍କ ପାଇଁ, ଏହାର " -+"ଉପଯୋଗୀତା ସିମୀତ ଅଟେ।" - - #: ../src/firewall-applet.in:235 - msgid "Shields Up Zone:" -@@ -203,9 +204,11 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" --"ଅଞ୍ଚଳ '{zone}' ସଂଯୋଗ '{connection}' ପାଇଁ ଅନ୍ତରାପୃଷ୍ଠ'{interface}' ଉପରେ ସକ୍ରିୟ ଅଛି" -+"ଅଞ୍ଚଳ '{zone}' ସଂଯୋଗ '{connection}' ପାଇଁ ଅନ୍ତରାପୃଷ୍ଠ'{interface}' ଉପରେ " -+"ସକ୍ରିୟ ଅଛି" - - #: ../src/firewall-applet.in:892 - msgid "Zone '{zone}' active for interface '{interface}'" -@@ -259,8 +262,8 @@ msgid "" - "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " - "interface '{interface}'" - msgstr "" --"ଅଞ୍ଚଳ '{zone}' {activated_deactivated} କୁ ସଂଯୋଗ '{connection}' ପାଇଁଅନ୍ତରାପୃଷ୍ଠ " --"'{interface}' ରେ" -+"ଅଞ୍ଚଳ '{zone}' {activated_deactivated} କୁ ସଂଯୋଗ '{connection}' " -+"ପାଇଁଅନ୍ତରାପୃଷ୍ଠ '{interface}' ରେ" - - #: ../src/firewall-applet.in:1047 - msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" -@@ -643,8 +646,7 @@ msgstr "ipv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" - "ଅନ୍ୟ ଏକ ତନ୍ତ୍ରକୁ ପଠାଇବା ଉପଯୋଗୀ ହୋଇଥାଏ ଯଦି ଅନ୍ତରାପୃଷ୍ଠ ଛଦ୍ମବେଶ ଧାରଣ କରିଥାଏ।\n" -@@ -809,7 +811,9 @@ msgstr "ସଂଯୋଗିକୀ ଅଗ୍ରସରଣ" - #: ../src/firewall-config.glade.h:23 - msgid "" - "Please select the source and destination options according to your needs." --msgstr "ଆପଣଙ୍କର ଆବଶ୍ୟକତା ଅନୁସାରେ ଦୟାକରି ମୂଳ ସ୍ଥାନ ଏବଂ ଲକ୍ଷ୍ଯ ସ୍ଥଳ ବିକଳ୍ପଗୁଡ଼ିକୁ ଚୟନକରନ୍ତୁ." -+msgstr "" -+"ଆପଣଙ୍କର ଆବଶ୍ୟକତା ଅନୁସାରେ ଦୟାକରି ମୂଳ ସ୍ଥାନ ଏବଂ ଲକ୍ଷ୍ଯ ସ୍ଥଳ ବିକଳ୍ପଗୁଡ଼ିକୁ " -+"ଚୟନକରନ୍ତୁ." - - #: ../src/firewall-config.glade.h:24 - msgid "Port / Port Range:" -@@ -832,8 +836,8 @@ msgid "" - "If you enable local forwarding, you have to specify a port. This port has to " - "be different to the source port." - msgstr "" --"ଯଦି ଆପଣ ସ୍ଥାନୀୟ ଅଗ୍ରସରଣକୁ ସକ୍ରିୟ କରନ୍ତି, ତେବେ ଆପଣଙ୍କୁ ଗୋଟିଏ ସଂଯୋଗିକୀ ଉଲ୍ଲେଖ କରିବାକୁ ପଡ଼ିବ. ଏହି " --"ସଂଯୋଗିକୀ ଉତ୍ସ ସଂଯୋଗିକୀ ଠାରୁ ଅଲଗା ହୋଇଥିବା ଉଚିତ." -+"ଯଦି ଆପଣ ସ୍ଥାନୀୟ ଅଗ୍ରସରଣକୁ ସକ୍ରିୟ କରନ୍ତି, ତେବେ ଆପଣଙ୍କୁ ଗୋଟିଏ ସଂଯୋଗିକୀ ଉଲ୍ଲେଖ " -+"କରିବାକୁ ପଡ଼ିବ. ଏହି ସଂଯୋଗିକୀ ଉତ୍ସ ସଂଯୋଗିକୀ ଠାରୁ ଅଲଗା ହୋଇଥିବା ଉଚିତ." - - #: ../src/firewall-config.glade.h:30 - msgid "Local forwarding" -@@ -941,9 +945,9 @@ msgid "" - "runtime configuration. i.e. all runtime only changes done until reload are " - "lost with reload if they have not been also in permanent configuration." - msgstr "" --"ଫୟାରୱାଲ ନିୟମାବଳୀକୁ ପୁନର୍ଦ୍ଧାରଣ କରିଥାଏ। ପ୍ରଚଳିତ ସ୍ଥାୟୀ ସଂରଚନାଟି ନୂତନ ଚାଲୁଥିବା ସଂରଚନାରେ " --"ପରିବର୍ତ୍ତନ ହୋଇଥାଏ ଯେପରିକି କେବଳ ପୁନର୍ଦ୍ଧାରଣ ପର୍ଯ୍ୟନ୍ତ ପରିବର୍ତ୍ତିତ ହୋଇଥିବା ସମସ୍ତ ଚଳନ୍ତି ସଂରଚନା " --"ନଷ୍ଟ ହୋଇଥାଏ ଯଦି ସେଗୁଡ଼ିକ ସ୍ଥାୟୀ ସଂରଚନାରେ ନଥାଏ।" -+"ଫୟାରୱାଲ ନିୟମାବଳୀକୁ ପୁନର୍ଦ୍ଧାରଣ କରିଥାଏ। ପ୍ରଚଳିତ ସ୍ଥାୟୀ ସଂରଚନାଟି ନୂତନ ଚାଲୁଥିବା " -+"ସଂରଚନାରେ ପରିବର୍ତ୍ତନ ହୋଇଥାଏ ଯେପରିକି କେବଳ ପୁନର୍ଦ୍ଧାରଣ ପର୍ଯ୍ୟନ୍ତ ପରିବର୍ତ୍ତିତ " -+"ହୋଇଥିବା ସମସ୍ତ ଚଳନ୍ତି ସଂରଚନା ନଷ୍ଟ ହୋଇଥାଏ ଯଦି ସେଗୁଡ଼ିକ ସ୍ଥାୟୀ ସଂରଚନାରେ ନଥାଏ।" - - #: ../src/firewall-config.glade.h:60 - msgid "Change which zone a network connection belongs to." -@@ -955,7 +959,9 @@ msgstr "ପୂର୍ବ ନିର୍ଦ୍ଧାରିତ ଅଞ୍ଚଳକୁ - - #: ../src/firewall-config.glade.h:63 - msgid "Change default zone for connections or interfaces." --msgstr "ସଂଯୋଗ ଅଥବା ଅନ୍ତରାପୃଷ୍ଠଗୁଡ଼ିକ ପାଇଁ ପୂର୍ବନିର୍ଦ୍ଧାରିତ ଅଞ୍ଚଳକୁ ପରିବର୍ତ୍ତନ କରନ୍ତୁ।" -+msgstr "" -+"ସଂଯୋଗ ଅଥବା ଅନ୍ତରାପୃଷ୍ଠଗୁଡ଼ିକ ପାଇଁ ପୂର୍ବନିର୍ଦ୍ଧାରିତ ଅଞ୍ଚଳକୁ ପରିବର୍ତ୍ତନ " -+"କରନ୍ତୁ।" - - #: ../src/firewall-config.glade.h:64 - msgid "Change Log Denied" -@@ -975,7 +981,9 @@ msgstr "" - - #: ../src/firewall-config.glade.h:68 - msgid "Panic mode means that all incoming and outgoing packets are dropped." --msgstr "ଆକସ୍ମିକ ଧାରା ଅର୍ଥ ହେଉଛି ସମସ୍ତ ଆସୁଥିବା ଏବଂ ଯାଉଥିବା ପ୍ୟାକେଟଗୁଡ଼ିକୁ ତ୍ୟାଗ କରାଯାଇଛି।" -+msgstr "" -+"ଆକସ୍ମିକ ଧାରା ଅର୍ଥ ହେଉଛି ସମସ୍ତ ଆସୁଥିବା ଏବଂ ଯାଉଥିବା ପ୍ୟାକେଟଗୁଡ଼ିକୁ ତ୍ୟାଗ " -+"କରାଯାଇଛି।" - - #: ../src/firewall-config.glade.h:69 - msgid "Panic Mode" -@@ -986,8 +994,8 @@ msgid "" - "Lockdown locks firewall configuration so that only applications on lockdown " - "whitelist are able to change it." - msgstr "" --"ଲକଡାଉନ ଫାୟାରୱାଲ ସଂରଚନାକୁ ଅପରିବର୍ତ୍ତନୀୟ କରିଥାଏ ଯାହାଫଳରେ କେବଳ ଲକଡାଉନ ହ୍ୱାଇଟଲିଷ୍ଟରେ ଥିବା " --"ପ୍ରୟୋଗଗୁଡ଼ିକ ଏହାକୁ ପରିବର୍ତ୍ତନ କରିବାରେ ସକ୍ଷମ ହୋଇଥାନ୍ତି।" -+"ଲକଡାଉନ ଫାୟାରୱାଲ ସଂରଚନାକୁ ଅପରିବର୍ତ୍ତନୀୟ କରିଥାଏ ଯାହାଫଳରେ କେବଳ ଲକଡାଉନ " -+"ହ୍ୱାଇଟଲିଷ୍ଟରେ ଥିବା ପ୍ରୟୋଗଗୁଡ଼ିକ ଏହାକୁ ପରିବର୍ତ୍ତନ କରିବାରେ ସକ୍ଷମ ହୋଇଥାନ୍ତି।" - - #: ../src/firewall-config.glade.h:71 - msgid "Lockdown" -@@ -1061,8 +1069,9 @@ msgid "" - "configuration. Permanent configuration will be active after service or " - "system reload or restart." - msgstr "" --"ବର୍ତ୍ତମାନ ଦୃଶ୍ୟମାନ ସଂରଚନା। ଚାଲୁଥିବା ସମୟର ସଂରଚନା ହେଉଛି ପ୍ରକୃତ ସକ୍ରିୟ ସଂରଚନା। ସ୍ଥାୟୀ " --"ସଂରଚନା ସର୍ଭିସ ପରେ କିମ୍ବା ତନ୍ତ୍ର ପୁନର୍ଦ୍ଧାରଣ କିମ୍ବା ପୁନଃଚାଳନ ପରେ ସକ୍ରିୟ ହେବ।" -+"ବର୍ତ୍ତମାନ ଦୃଶ୍ୟମାନ ସଂରଚନା। ଚାଲୁଥିବା ସମୟର ସଂରଚନା ହେଉଛି ପ୍ରକୃତ ସକ୍ରିୟ ସଂରଚନା। " -+"ସ୍ଥାୟୀ ସଂରଚନା ସର୍ଭିସ ପରେ କିମ୍ବା ତନ୍ତ୍ର ପୁନର୍ଦ୍ଧାରଣ କିମ୍ବା ପୁନଃଚାଳନ ପରେ " -+"ସକ୍ରିୟ ହେବ।" - - #: ../src/firewall-config.glade.h:88 - msgid "" -@@ -1072,10 +1081,11 @@ msgid "" - "filters and rich rules. The zone can be bound to interfaces and source " - "addresses." - msgstr "" --"ଗୋଟିଏ firewalld ଅଞ୍ଚଳ ନେଟୱର୍କ ସଂଯୋଗଗୁଡ଼ିକ, ଅନ୍ତରାପୃଷ୍ଠ ଏବଂ ଅଞ୍ଚଳ ସହିତ ସଂଶ୍ଳିଷ୍ଟ ଉତ୍ସ " --"ଠିକଣାଗୁଡ଼ିକ ପାଇଁ ବିଶ୍ୱାସର ସ୍ତର ବ୍ୟାଖ୍ୟା କରିଥାଏ। ଏହି ଅଞ୍ଚଳ ସର୍ଭିସ, ପୋର୍ଟ, ପ୍ରୋଟୋକଲ, ଛଦ୍ମ ବେଶ, " --"ପୋର୍ଟ/ପ୍ୟାକେଟ ଅଗ୍ରସରଣ, icmp ଫିଲଟର ଏବଂ ଶକ୍ତ ନିୟମାବଳୀକୁ ମିଶ୍ରଣ କରିଥାଏ। ଏହି ଅଞ୍ଚଳ " --"ଅନ୍ତରାପୃଷ୍ଠଗୁଡ଼ିକୁ ଏବଂ ଠିକଣାଗୁଡ଼ିକୁ ବାନ୍ଧିଥାଏ।" -+"ଗୋଟିଏ firewalld ଅଞ୍ଚଳ ନେଟୱର୍କ ସଂଯୋଗଗୁଡ଼ିକ, ଅନ୍ତରାପୃଷ୍ଠ ଏବଂ ଅଞ୍ଚଳ ସହିତ " -+"ସଂଶ୍ଳିଷ୍ଟ ଉତ୍ସ ଠିକଣାଗୁଡ଼ିକ ପାଇଁ ବିଶ୍ୱାସର ସ୍ତର ବ୍ୟାଖ୍ୟା କରିଥାଏ। ଏହି ଅଞ୍ଚଳ " -+"ସର୍ଭିସ, ପୋର୍ଟ, ପ୍ରୋଟୋକଲ, ଛଦ୍ମ ବେଶ, ପୋର୍ଟ/ପ୍ୟାକେଟ ଅଗ୍ରସରଣ, icmp ଫିଲଟର ଏବଂ " -+"ଶକ୍ତ ନିୟମାବଳୀକୁ ମିଶ୍ରଣ କରିଥାଏ। ଏହି ଅଞ୍ଚଳ ଅନ୍ତରାପୃଷ୍ଠଗୁଡ଼ିକୁ ଏବଂ ଠିକଣାଗୁଡ଼ିକୁ " -+"ବାନ୍ଧିଥାଏ।" - - #: ../src/firewall-config.glade.h:90 - msgid "Add Zone" -@@ -1099,8 +1109,8 @@ msgid "" - "are accessible from all hosts and networks that can reach the machine from " - "connections, interfaces and sources bound to this zone." - msgstr "" --"କେଉଁ ସେବା ଗୁଡିକ ବିଶ୍ଯସ୍ତ ଆପଣ ତାହା ଏଠାରେ ବ୍ଯାଖ୍ଯା କରିପାରିବେ। ଏହାର ଅର୍ଥ ହେଉଛି ଯେ ଏହି ସେବା " --"ଗୁଡିକୁ ସମସ୍ତ ଆଧାର କିମ୍ବା ନେଟୱାର୍କରୁ ଅଭିଗମ କରିହେବ।" -+"କେଉଁ ସେବା ଗୁଡିକ ବିଶ୍ଯସ୍ତ ଆପଣ ତାହା ଏଠାରେ ବ୍ଯାଖ୍ଯା କରିପାରିବେ। ଏହାର ଅର୍ଥ ହେଉଛି " -+"ଯେ ଏହି ସେବା ଗୁଡିକୁ ସମସ୍ତ ଆଧାର କିମ୍ବା ନେଟୱାର୍କରୁ ଅଭିଗମ କରିହେବ।" - - #: ../src/firewall-config.glade.h:95 - msgid "Services" -@@ -1111,8 +1121,8 @@ msgid "" - "Add additional ports or port ranges, which need to be accessible for all " - "hosts or networks that can connect to the machine." - msgstr "" --"ଅତିରିକ୍ତ ସଂଯୋଗିକୀ କିମ୍ବା ସଂଯୋଗିକୀ ପରିସର ମାନଙ୍କୁ ଯୋଗ କରନ୍ତୁ, ଯାହାକି ସମସ୍ତ ଆଧାର କିମ୍ବା ନେଟୱାର୍କ " --"ଦ୍ବାରା ଅଭିଗମ୍ଯ ହେବା ଉଚିତ।" -+"ଅତିରିକ୍ତ ସଂଯୋଗିକୀ କିମ୍ବା ସଂଯୋଗିକୀ ପରିସର ମାନଙ୍କୁ ଯୋଗ କରନ୍ତୁ, ଯାହାକି ସମସ୍ତ " -+"ଆଧାର କିମ୍ବା ନେଟୱାର୍କ ଦ୍ବାରା ଅଭିଗମ୍ଯ ହେବା ଉଚିତ।" - - #: ../src/firewall-config.glade.h:97 - msgid "Add Port" -@@ -1166,9 +1176,10 @@ msgid "" - "network to the internet. Your local network will not be visible and the " - "hosts appear as a single address on the internet. Masquerading is IPv4 only." - msgstr "" --"ମିଥ୍ୟାଭନୟ ଆପଣଙ୍କୁ ଇଣ୍ଟରନେଟ ସହିତ ଆପଣଙ୍କ ସ୍ଥାନୀୟ ନେଟୱର୍କକୁ ସଂଯୋଗ କରୁଥିବା ଆଧାର କିମ୍ବା ରାଉଟରକୁ " --"ବିନ୍ୟାସ କରିବାକୁ ଅନୁମତି ଦେଇଥାଏ. ଆପଣଙ୍କର ସ୍ଥାନୀୟ ନେଟୱର୍କ ଦେଖାଯିବ ନାହିଁ ଏବଂ ସେହି ଆଧାରଟି " --"ଇଣ୍ଟରନେଟରେ ଗୋଟିଏ ଠିକଣା ପରି ଦେଖାଯିବ. କେବଳ IPv4 ମିଥ୍ୟାଭିନୟ କରୁଅଛି." -+"ମିଥ୍ୟାଭନୟ ଆପଣଙ୍କୁ ଇଣ୍ଟରନେଟ ସହିତ ଆପଣଙ୍କ ସ୍ଥାନୀୟ ନେଟୱର୍କକୁ ସଂଯୋଗ କରୁଥିବା ଆଧାର " -+"କିମ୍ବା ରାଉଟରକୁ ବିନ୍ୟାସ କରିବାକୁ ଅନୁମତି ଦେଇଥାଏ. ଆପଣଙ୍କର ସ୍ଥାନୀୟ ନେଟୱର୍କ " -+"ଦେଖାଯିବ ନାହିଁ ଏବଂ ସେହି ଆଧାରଟି ଇଣ୍ଟରନେଟରେ ଗୋଟିଏ ଠିକଣା ପରି ଦେଖାଯିବ. କେବଳ IPv4 " -+"ମିଥ୍ୟାଭିନୟ କରୁଅଛି." - - #: ../src/firewall-config.glade.h:109 - msgid "Masquerade zone" -@@ -1179,8 +1190,8 @@ msgid "" - "If you enable masquerading, IP forwarding will be enabled for your IPv4 " - "networks." - msgstr "" --"ଯଦି ଆପଣ ଛଦ୍ମ ବେଶ କରିବାରେ ସକ୍ରିୟ ହୁଅନ୍ତି, ତେବେ IP ଅଗ୍ରସରଣକୁ ଆପଣଙ୍କ IPv4 ନେଟୱର୍କଗୁଡ଼ିକ " --"ପାଇଁସକ୍ରିୟ କରାଯିବ।" -+"ଯଦି ଆପଣ ଛଦ୍ମ ବେଶ କରିବାରେ ସକ୍ରିୟ ହୁଅନ୍ତି, ତେବେ IP ଅଗ୍ରସରଣକୁ ଆପଣଙ୍କ IPv4 " -+"ନେଟୱର୍କଗୁଡ଼ିକ ପାଇଁସକ୍ରିୟ କରାଯିବ।" - - #: ../src/firewall-config.glade.h:111 - msgid "Masquerading" -@@ -1193,9 +1204,10 @@ msgid "" - "system is only useful if the interface is masqueraded. Port forwarding is " - "IPv4 only." - msgstr "" --"ସ୍ଥାନୀୟ ତନ୍ତ୍ରରେ ଗୋଟିଏ ସଂଯୋଗିକୀରୁ ଅନ୍ୟ ଏକ ସଂଯୋଗିକୀକୁ ଅଥବା ସ୍ଥାନୀୟ ତନ୍ତ୍ରରୁ ଅନ୍ୟ ଏକ ତନ୍ତ୍ରକୁ " --"ଅଗ୍ରସରଣ ସଂଯୋଗିକୀରେ ଭରଣଗୁଡ଼ିକୁ ଯୋଗକରନ୍ତୁ. ଅନ୍ୟ ଏକ ତନ୍ତ୍ରକୁ ପଠାଇବା ହିଁ କେବଳ ଫଳପ୍ରଦ ହୋଇଥାଏ ଯଦି " --"ଅନ୍ତରାପୃଷ୍ଠ ମିଥ୍ୟାଭିନୟ କରୁଥାଏ. ସଂଯୋଗିକୀ ଆଗେଇବାଟି କେବଳ IPv4." -+"ସ୍ଥାନୀୟ ତନ୍ତ୍ରରେ ଗୋଟିଏ ସଂଯୋଗିକୀରୁ ଅନ୍ୟ ଏକ ସଂଯୋଗିକୀକୁ ଅଥବା ସ୍ଥାନୀୟ ତନ୍ତ୍ରରୁ " -+"ଅନ୍ୟ ଏକ ତନ୍ତ୍ରକୁ ଅଗ୍ରସରଣ ସଂଯୋଗିକୀରେ ଭରଣଗୁଡ଼ିକୁ ଯୋଗକରନ୍ତୁ. ଅନ୍ୟ ଏକ ତନ୍ତ୍ରକୁ " -+"ପଠାଇବା ହିଁ କେବଳ ଫଳପ୍ରଦ ହୋଇଥାଏ ଯଦି ଅନ୍ତରାପୃଷ୍ଠ ମିଥ୍ୟାଭିନୟ କରୁଥାଏ. ସଂଯୋଗିକୀ " -+"ଆଗେଇବାଟି କେବଳ IPv4." - - #: ../src/firewall-config.glade.h:113 - msgid "Add Forward Port" -@@ -1215,17 +1227,18 @@ msgid "" - "messages between networked computers, but additionally for informational " - "messages like ping requests and replies." - msgstr "" --"ଇଣ୍ଟରନେଟ ନିୟନ୍ତ୍ରଣ ସନ୍ଦେଶ ପ୍ରୋଟୋକଲ (ICMP) ଟି ମୁଖ୍ୟତଃ ନେଟୱର୍କ କମ୍ପୁଟରଗୁଡ଼ିକ ମଧ୍ୟରେ ତ୍ରୁଟି ସନ୍ଦେଶ " --"ପଠାଇବାରେ ବ୍ୟବହାର ହୋଇଥାଏ, କିନ୍ତୁ ଅତିରିକ୍ତ ଭାବରେ ସୂଚନାତ୍ମକ ସନ୍ଦେଶଗୁଡ଼ିକୁ ଯେପରି କି ping ଅନୁରୋଧ " --"ଏବଂ ଉତ୍ତରଗୁଡ଼ିକ ପାଇଁ." -+"ଇଣ୍ଟରନେଟ ନିୟନ୍ତ୍ରଣ ସନ୍ଦେଶ ପ୍ରୋଟୋକଲ (ICMP) ଟି ମୁଖ୍ୟତଃ ନେଟୱର୍କ କମ୍ପୁଟରଗୁଡ଼ିକ " -+"ମଧ୍ୟରେ ତ୍ରୁଟି ସନ୍ଦେଶ ପଠାଇବାରେ ବ୍ୟବହାର ହୋଇଥାଏ, କିନ୍ତୁ ଅତିରିକ୍ତ ଭାବରେ " -+"ସୂଚନାତ୍ମକ ସନ୍ଦେଶଗୁଡ଼ିକୁ ଯେପରି କି ping ଅନୁରୋଧ ଏବଂ ଉତ୍ତରଗୁଡ଼ିକ ପାଇଁ." - - #: ../src/firewall-config.glade.h:117 - msgid "" - "Mark the ICMP types in the list, which should be rejected. All other ICMP " - "types are allowed to pass the firewall. The default is no limitation." - msgstr "" --"ICMP ପ୍ରକାରଗୁଡ଼ିକୁ ତାଲିକାରେ ଚିହ୍ନଟକରନ୍ତୁ, ଯାହାକୁ କି ଅସ୍ୱୀକାର କରିବା ଉଚିତ. ଅନ୍ୟ ସମସ୍ତ ICMP " --"ପ୍ରକାରଗୁଡ଼ିକ ଅଗ୍ନିକବଚ ପାରକରିବା ପାଇଁ ଅନୁମତିପ୍ରାପ୍ତ. ପୂର୍ବନିର୍ଦ୍ଧାରିତରେ କୌଣସି ସୀମା ବନ୍ଧନ ନାହିଁ." -+"ICMP ପ୍ରକାରଗୁଡ଼ିକୁ ତାଲିକାରେ ଚିହ୍ନଟକରନ୍ତୁ, ଯାହାକୁ କି ଅସ୍ୱୀକାର କରିବା ଉଚିତ. " -+"ଅନ୍ୟ ସମସ୍ତ ICMP ପ୍ରକାରଗୁଡ଼ିକ ଅଗ୍ନିକବଚ ପାରକରିବା ପାଇଁ ଅନୁମତିପ୍ରାପ୍ତ. " -+"ପୂର୍ବନିର୍ଦ୍ଧାରିତରେ କୌଣସି ସୀମା ବନ୍ଧନ ନାହିଁ." - - #: ../src/firewall-config.glade.h:118 - msgid "" -@@ -1266,8 +1279,9 @@ msgid "" - "Add entries to bind interfaces to the zone. If the interface will be used by " - "a connection, the zone will be set to the zone specified in the connection." - msgstr "" --"ଏହି ଅଞ୍ଚଳରେ ଅନ୍ତରାପୃଷ୍ଠଗୁଡ଼ିକୁ ବାନ୍ଧିବା ପାଇଁ ଯୋଗ କରନ୍ତୁ। ଯଦି ଏହି ଅନ୍ତରାପୃଷ୍ଠଗୁଡ଼ିକ କୌଣସି ସଂଯୋଗ " --"ଦ୍ୱାରା ବ୍ୟବହାର ହୋଇଥାଏ, ତେବେ ସେହି ଅଞ୍ଚଳଟି ସଂଯୋଗରେ ଉଲ୍ଲେଖିତ ଅଞ୍ଚଳରେ ସେଟ ହେବ।" -+"ଏହି ଅଞ୍ଚଳରେ ଅନ୍ତରାପୃଷ୍ଠଗୁଡ଼ିକୁ ବାନ୍ଧିବା ପାଇଁ ଯୋଗ କରନ୍ତୁ। ଯଦି ଏହି " -+"ଅନ୍ତରାପୃଷ୍ଠଗୁଡ଼ିକ କୌଣସି ସଂଯୋଗ ଦ୍ୱାରା ବ୍ୟବହାର ହୋଇଥାଏ, ତେବେ ସେହି ଅଞ୍ଚଳଟି " -+"ସଂଯୋଗରେ ଉଲ୍ଲେଖିତ ଅଞ୍ଚଳରେ ସେଟ ହେବ।" - - #: ../src/firewall-config.glade.h:127 - msgid "Add Interface" -@@ -1308,7 +1322,9 @@ msgstr "ଅଞ୍ଚଳ" - msgid "" - "A firewalld service is a combination of ports, protocols, modules and " - "destination addresses." --msgstr "firewalld ସର୍ଭିସ ହେଉଛି ପୋର୍ଟ, ପ୍ରୋଟୋକଲ, ମଡ୍ୟୁଲ ଏବଂ ଲକ୍ଷ୍ଯସ୍ଥଳ ଠିକଣାଗୁଡ଼ିକର ଏକ ମିଶ୍ରଣ।" -+msgstr "" -+"firewalld ସର୍ଭିସ ହେଉଛି ପୋର୍ଟ, ପ୍ରୋଟୋକଲ, ମଡ୍ୟୁଲ ଏବଂ ଲକ୍ଷ୍ଯସ୍ଥଳ ଠିକଣାଗୁଡ଼ିକର " -+"ଏକ ମିଶ୍ରଣ।" - - #: ../src/firewall-config.glade.h:139 - msgid "Add Service" -@@ -1364,8 +1380,9 @@ msgid "" - "the destination address and type. If both entries are empty, there is no " - "limitation." - msgstr "" --"ଯଦି ଆପଣ ଲକ୍ଷ୍ଯସ୍ଥଳ ଠିକଣାକୁ ଉଲ୍ଲେଖ କରନ୍ତି, ତେବେ ସର୍ଭିସ ନିବେଶ ଲକ୍ଷ୍ଯସ୍ଥଳ ଠିକଣା ଏବଂ ପ୍ରକାରରେ " --"ସିମୀତ ହେବ। ଯଦି ଉଭୟ ନିବେଶଗୁଡ଼ିକ ଖାଲିଥାଏ, ତେବେ ସେଠାରେ କୌଣସି ସୀମା ନଥାଏ।" -+"ଯଦି ଆପଣ ଲକ୍ଷ୍ଯସ୍ଥଳ ଠିକଣାକୁ ଉଲ୍ଲେଖ କରନ୍ତି, ତେବେ ସର୍ଭିସ ନିବେଶ ଲକ୍ଷ୍ଯସ୍ଥଳ ଠିକଣା " -+"ଏବଂ ପ୍ରକାରରେ ସିମୀତ ହେବ। ଯଦି ଉଭୟ ନିବେଶଗୁଡ଼ିକ ଖାଲିଥାଏ, ତେବେ ସେଠାରେ କୌଣସି ସୀମା " -+"ନଥାଏ।" - - #: ../src/firewall-config.glade.h:151 - msgid "IPv4:" -@@ -1380,8 +1397,8 @@ msgid "" - "Services can only be changed in the permanent configuration view. The " - "runtime configuration of services is fixed." - msgstr "" --"ସର୍ଭିସଗୁଡ଼ିକ କେବଳ ସ୍ଥାୟୀ ବିନ୍ୟାସ ଦୃଶ୍ୟରେ ପରିବର୍ତ୍ତନ ହୋଇପାରିବ। ସର୍ଭିସଗୁଡ଼ିକର ପ୍ରଚଳିତ ବିନ୍ୟାସ ସ୍ଥାୟୀ " --"ଅଟେ।" -+"ସର୍ଭିସଗୁଡ଼ିକ କେବଳ ସ୍ଥାୟୀ ବିନ୍ୟାସ ଦୃଶ୍ୟରେ ପରିବର୍ତ୍ତନ ହୋଇପାରିବ। ସର୍ଭିସଗୁଡ଼ିକର " -+"ପ୍ରଚଳିତ ବିନ୍ୟାସ ସ୍ଥାୟୀ ଅଟେ।" - - #: ../src/firewall-config.glade.h:154 - msgid "" -@@ -1463,15 +1480,16 @@ msgstr "ICMP ପ୍ରକାର ପୂର୍ବନିର୍ଦ୍ଧାରିତ - #: ../src/firewall-config.glade.h:171 - msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." - msgstr "" --"ଏହି ICMP ପ୍ରକାରଟି IPv4 ଏବଂ/ଅଥବା IPv6 ରେ ଉପଲବ୍ଧ ହୋଇଥାଏ କି ନାହିଁ ତାହା ଉଲ୍ଲେଖ କରନ୍ତୁ।" -+"ଏହି ICMP ପ୍ରକାରଟି IPv4 ଏବଂ/ଅଥବା IPv6 ରେ ଉପଲବ୍ଧ ହୋଇଥାଏ କି ନାହିଁ ତାହା ଉଲ୍ଲେଖ " -+"କରନ୍ତୁ।" - - #: ../src/firewall-config.glade.h:172 - msgid "" - "ICMP Types can only be changed in the permanent configuration view. The " - "runtime configuration of ICMP Types is fixed." - msgstr "" --"ICMP ପ୍ରକାରଗୁଡ଼ିକ ସ୍ଥାୟୀ ବିନ୍ୟାସ ଦୃଶ୍ୟରେ ହିଁ କେବଳ ପରିବର୍ତ୍ତିତ ହୋଇଥାଏ। ICMP ପ୍ରକାରଗୁଡ଼ିକ ପ୍ରଚଳିତ " --"ବିନ୍ୟାସ ସ୍ଥାୟୀ ଅଛି।" -+"ICMP ପ୍ରକାରଗୁଡ଼ିକ ସ୍ଥାୟୀ ବିନ୍ୟାସ ଦୃଶ୍ୟରେ ହିଁ କେବଳ ପରିବର୍ତ୍ତିତ ହୋଇଥାଏ। ICMP " -+"ପ୍ରକାରଗୁଡ଼ିକ ପ୍ରଚଳିତ ବିନ୍ୟାସ ସ୍ଥାୟୀ ଅଛି।" - - #: ../src/firewall-config.glade.h:173 - msgid "" -@@ -1493,9 +1511,10 @@ msgid "" - "as a last resort when it is not possible to use other firewalld features." - msgstr "" - "ସିଧାସଳଖ ସଂରଚନା ଫାୟାରୱାଲରେ ସିଧାସଳଖ ପ୍ରବେଶାନୁମତି ଦେଇଥାଏ। ଏହି ବିକଳ୍ପଗୁଡ଼ିକ ପାଇଁ " --"ବ୍ୟବହାରକାରୀଙ୍କ ପାଖରେ ମୌଳିକ iptables ଜ୍ଞାନ ଥିବା ଆବଶ୍ୟକ, ଯେପରିକି ସାରଣୀ, ଶୃଙ୍ଖଳ, ନିର୍ଦ୍ଦେଶ, " --"ପ୍ରାଚଳ ଏବଂ ଲକ୍ଷ୍ଯସ୍ଥଳ। ସିଧାସଳଖ ସଂରଚନାକୁ କେବଳ ଶେଷ ଆଶ୍ରୟ ଭାବରେ ବ୍ୟବହାର କରିବା ଉଚିତ " --"ଯେତେବେଳେ ଅନ୍ୟ କୌଣସି firewalld ବିଶେଷତା ବ୍ୟବହାର କରିବା ସମ୍ଭବ ହୋଇନଥାଏ।" -+"ବ୍ୟବହାରକାରୀଙ୍କ ପାଖରେ ମୌଳିକ iptables ଜ୍ଞାନ ଥିବା ଆବଶ୍ୟକ, ଯେପରିକି ସାରଣୀ, " -+"ଶୃଙ୍ଖଳ, ନିର୍ଦ୍ଦେଶ, ପ୍ରାଚଳ ଏବଂ ଲକ୍ଷ୍ଯସ୍ଥଳ। ସିଧାସଳଖ ସଂରଚନାକୁ କେବଳ ଶେଷ ଆଶ୍ରୟ " -+"ଭାବରେ ବ୍ୟବହାର କରିବା ଉଚିତ ଯେତେବେଳେ ଅନ୍ୟ କୌଣସି firewalld ବିଶେଷତା ବ୍ୟବହାର କରିବା " -+"ସମ୍ଭବ ହୋଇନଥାଏ।" - - #: ../src/firewall-config.glade.h:176 - msgid "" -@@ -1503,9 +1522,9 @@ msgid "" - "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " - "bridges (ebtables)." - msgstr "" --"ପ୍ରତ୍ୟେକ ବିକଳ୍ପର ipv ସ୍ୱତନ୍ତ୍ରଚର ipv4 କିମ୍ବା ipv6 ଅଥବା eb ହୋଇଥିବା ଉଚିତ। ipv4 ସହିତ ଏହା " --"iptables ପାଇଁ ହୋଇଥାଏ, ipv6 ସହିତ ip6tables ପାଇଁ ଏବଂ eb ସହିତ ଇଥରନେଟ ବ୍ରିଜଗୁଡ଼ିକ ପାଇଁ " --"ହୋଇଥାଏ (ebtables)." -+"ପ୍ରତ୍ୟେକ ବିକଳ୍ପର ipv ସ୍ୱତନ୍ତ୍ରଚର ipv4 କିମ୍ବା ipv6 ଅଥବା eb ହୋଇଥିବା ଉଚିତ। ipv4 " -+"ସହିତ ଏହା iptables ପାଇଁ ହୋଇଥାଏ, ipv6 ସହିତ ip6tables ପାଇଁ ଏବଂ eb ସହିତ ଇଥରନେଟ " -+"ବ୍ରିଜଗୁଡ଼ିକ ପାଇଁ ହୋଇଥାଏ (ebtables)." - - #: ../src/firewall-config.glade.h:177 - msgid "Additional chains for use with rules." -@@ -1530,7 +1549,8 @@ msgstr "ସୃଙ୍ଖଳଗୁଡ଼ିକ" - #: ../src/firewall-config.glade.h:182 - msgid "" - "Add a rule with the arguments args to a chain in a table with a priority." --msgstr "ସ୍ୱତନ୍ତ୍ରଚର args ସହିତ ଏକ ଶୃଙ୍ଖଳରେ ପ୍ରାଥମିକତା ଦେଇ ଗୋଟିଏ ନିୟମ ଯୋଗ କରନ୍ତୁ।" -+msgstr "" -+"ସ୍ୱତନ୍ତ୍ରଚର args ସହିତ ଏକ ଶୃଙ୍ଖଳରେ ପ୍ରାଥମିକତା ଦେଇ ଗୋଟିଏ ନିୟମ ଯୋଗ କରନ୍ତୁ।" - - #: ../src/firewall-config.glade.h:183 - msgid "" -@@ -1541,11 +1561,12 @@ msgid "" - "after another one, use a low priority for the first and a higher for the " - "following." - msgstr "" --"ନିୟମାବଳୀକୁ କ୍ରମାନ୍ୱୟରେ ରଖିବା ପାଇଁ ପ୍ରାଥମିକତାକୁ ବ୍ୟବହାର କରାଯାଇଥାଏ। ପ୍ରାଥମିକତା 0 ଅର୍ଥ ହେଉଛି " --"ଶୃଙ୍ଖଳ ଉପରେ ନିୟମ ଯୋଗ କରନ୍ତୁ, ଉଚ୍ଚ ପ୍ରାଥମିକତା ସହିତ ନିୟମଟି ତଳେ ଯୋଗ କରାଯାଇଥାଏ। ସମାନ " --"ପ୍ରାଥମିକତା ବିଶିଷ୍ଟ ନିୟମାବଳୀ ସମାନ ସ୍ତରରେ ଥାଏ ଏବଂ ସେହି ନିୟମାବଳୀର କ୍ରମ ସ୍ଥାୟୀନଥାଏ ଏବଂ " --"ପରିବର୍ତ୍ତନ ହୋଇପାରେ। ଯଦି ଆପଣ ନିଶ୍ଚିତ କରିବାକୁ ଚାହୁଁଛନ୍ତି ଯେ ଅନ୍ୟ ଗୋଟିଏ ଉପରେ ନିୟମାବଳୀ ଯୋଗ ହେବ " --"ତେବେ, ପ୍ରଥମେ କମ ପ୍ରାଥମିକତାକୁ ବ୍ୟବହାର କରନ୍ତୁ ଏବଂ ତାପରେ ଉଚ୍ଚ ପ୍ରାଥମିକତାକୁ ରଖନ୍ତୁ।" -+"ନିୟମାବଳୀକୁ କ୍ରମାନ୍ୱୟରେ ରଖିବା ପାଇଁ ପ୍ରାଥମିକତାକୁ ବ୍ୟବହାର କରାଯାଇଥାଏ। ପ୍ରାଥମିକତା " -+"0 ଅର୍ଥ ହେଉଛି ଶୃଙ୍ଖଳ ଉପରେ ନିୟମ ଯୋଗ କରନ୍ତୁ, ଉଚ୍ଚ ପ୍ରାଥମିକତା ସହିତ ନିୟମଟି ତଳେ " -+"ଯୋଗ କରାଯାଇଥାଏ। ସମାନ ପ୍ରାଥମିକତା ବିଶିଷ୍ଟ ନିୟମାବଳୀ ସମାନ ସ୍ତରରେ ଥାଏ ଏବଂ ସେହି " -+"ନିୟମାବଳୀର କ୍ରମ ସ୍ଥାୟୀନଥାଏ ଏବଂ ପରିବର୍ତ୍ତନ ହୋଇପାରେ। ଯଦି ଆପଣ ନିଶ୍ଚିତ କରିବାକୁ " -+"ଚାହୁଁଛନ୍ତି ଯେ ଅନ୍ୟ ଗୋଟିଏ ଉପରେ ନିୟମାବଳୀ ଯୋଗ ହେବ ତେବେ, ପ୍ରଥମେ କମ ପ୍ରାଥମିକତାକୁ " -+"ବ୍ୟବହାର କରନ୍ତୁ ଏବଂ ତାପରେ ଉଚ୍ଚ ପ୍ରାଥମିକତାକୁ ରଖନ୍ତୁ।" - - #: ../src/firewall-config.glade.h:184 - msgid "Add Rule" -@@ -1569,12 +1590,14 @@ msgid "" - "not placed in special chains. All iptables, ip6tables and ebtables options " - "can be used." - msgstr "" --"ଅଗ୍ରଗତି ନିୟମାବଳୀ ସିଧାସଳଖ ଭାବରେ ଫାୟାରୱାଲ ମଧ୍ଯ ଦେଇ ଯାଇଥାଏ ଏବଂ ତାହା ବିଶେଷ ଶୃଙ୍ଖଳରେ " --"ରଖାଯାଇନଥାଏ। ସମସ୍ତ iptables, ip6tables ଏବଂ etables ବିକଳ୍ପକୁ ବ୍ୟବହାର କରାଯାଇପାରିବ।" -+"ଅଗ୍ରଗତି ନିୟମାବଳୀ ସିଧାସଳଖ ଭାବରେ ଫାୟାରୱାଲ ମଧ୍ଯ ଦେଇ ଯାଇଥାଏ ଏବଂ ତାହା ବିଶେଷ " -+"ଶୃଙ୍ଖଳରେ ରଖାଯାଇନଥାଏ। ସମସ୍ତ iptables, ip6tables ଏବଂ etables ବିକଳ୍ପକୁ ବ୍ୟବହାର " -+"କରାଯାଇପାରିବ।" - - #: ../src/firewall-config.glade.h:189 - msgid "Please be careful with passthrough rules to not damage the firewall." --msgstr "ଅଗ୍ରଗତି ନିୟମାବଳୀ ସହିତ ଦୟାକରି ସତର୍କ ରୁହନ୍ତୁ ଯେପରି ତାହା ଫାୟାରୱାଲକୁ କ୍ଷତି ନକରେ।" -+msgstr "" -+"ଅଗ୍ରଗତି ନିୟମାବଳୀ ସହିତ ଦୟାକରି ସତର୍କ ରୁହନ୍ତୁ ଯେପରି ତାହା ଫାୟାରୱାଲକୁ କ୍ଷତି ନକରେ।" - - #: ../src/firewall-config.glade.h:190 - msgid "Add Passthrough" -@@ -1598,9 +1621,9 @@ msgid "" - "firewalld. It limits changes to the firewall. The lockdown whitelist can " - "contain commands, contexts, users and user ids." - msgstr "" --"ଲକଡାଉନ ବିଶେଷତାଟି ହେଉଛି firewalld ପାଇଁ ବ୍ୟବହାରକାରୀ ଏବଂ ପ୍ରୟୋଗ ନିତୀଗୁଡ଼ିକର ହାଲୁକା ସଂସ୍କରଣ। " --"ଏହା ଫାୟାରୱାଲର ପରିବର୍ତ୍ତନକୁ ସିମୀତ କରିଥାଏ। ଲକଡାଉନ ହ୍ୱାଇଟଲିଷ୍ଟ ନିର୍ଦ୍ଦେଶ, ପ୍ରସଙ୍ଗ, ବ୍ୟବହାରକାରୀ " --"ଏବଂ ବ୍ୟବହାରକାରୀ id ଗୁଡ଼ିକୁ ଧାରଣ କରିଥାଏ।" -+"ଲକଡାଉନ ବିଶେଷତାଟି ହେଉଛି firewalld ପାଇଁ ବ୍ୟବହାରକାରୀ ଏବଂ ପ୍ରୟୋଗ ନିତୀଗୁଡ଼ିକର " -+"ହାଲୁକା ସଂସ୍କରଣ। ଏହା ଫାୟାରୱାଲର ପରିବର୍ତ୍ତନକୁ ସିମୀତ କରିଥାଏ। ଲକଡାଉନ ହ୍ୱାଇଟଲିଷ୍ଟ " -+"ନିର୍ଦ୍ଦେଶ, ପ୍ରସଙ୍ଗ, ବ୍ୟବହାରକାରୀ ଏବଂ ବ୍ୟବହାରକାରୀ id ଗୁଡ଼ିକୁ ଧାରଣ କରିଥାଏ।" - - #: ../src/firewall-config.glade.h:195 - msgid "" -@@ -1631,9 +1654,10 @@ msgid "" - "command lines starting with the command will match. If the '*' is not there " - "the absolute command inclusive arguments must match." - msgstr "" --"ଯଦି ହ୍ୱାଇଟଲିଷ୍ଟରେ ଗୋଟିଏ ନିର୍ଦ୍ଦେଶ ନିବେଶ ଆସଟେରିସ୍କ '*' ରେ ସମାପ୍ତ ହୋଇଥାଏ, ତେବେ ସେହି ନିର୍ଦ୍ଦେଶ " --"ସହିତ ଆରମ୍ଭ ହେଉଥିବା ସମସ୍ତ ନିର୍ଦ୍ଦେଶ ଧାରା ମେଳ ଖାଇବ। ଯଦି ସେହି '*' ସେଠାରେ ନଥାଏ ତେବେ ସେହି " --"ସ୍ୱଚନ୍ତ୍ରଚର ସହିତ ମେଳଖାଉଥିବା ନିର୍ଦ୍ଦିଷ୍ଟ ନିର୍ଦ୍ଦେଶ ନିଶ୍ଚିତ ଭାବରେ ମେଳଖାଇବ।" -+"ଯଦି ହ୍ୱାଇଟଲିଷ୍ଟରେ ଗୋଟିଏ ନିର୍ଦ୍ଦେଶ ନିବେଶ ଆସଟେରିସ୍କ '*' ରେ ସମାପ୍ତ ହୋଇଥାଏ, ତେବେ " -+"ସେହି ନିର୍ଦ୍ଦେଶ ସହିତ ଆରମ୍ଭ ହେଉଥିବା ସମସ୍ତ ନିର୍ଦ୍ଦେଶ ଧାରା ମେଳ ଖାଇବ। ଯଦି ସେହି " -+"'*' ସେଠାରେ ନଥାଏ ତେବେ ସେହି ସ୍ୱଚନ୍ତ୍ରଚର ସହିତ ମେଳଖାଉଥିବା ନିର୍ଦ୍ଦିଷ୍ଟ ନିର୍ଦ୍ଦେଶ " -+"ନିଶ୍ଚିତ ଭାବରେ ମେଳଖାଇବ।" - - #: ../src/firewall-config.glade.h:201 - msgid "Add Command Line" -@@ -1823,7 +1847,8 @@ msgstr "ସିଧାସଳଖ ନିୟମ" - - #: ../src/firewall-config.glade.h:248 - msgid "Please select ipv and table, chain priority and enter the args." --msgstr "ଦୟାକରି ipv ଏବଂ table, ଶୃଙ୍ଖଳ ଅଗ୍ରାଧୀକାରକୁ ବାଛନ୍ତୁ ଏବଂ args କୁ ଭରଣ କରନ୍ତୁ।" -+msgstr "" -+"ଦୟାକରି ipv ଏବଂ table, ଶୃଙ୍ଖଳ ଅଗ୍ରାଧୀକାରକୁ ବାଛନ୍ତୁ ଏବଂ args କୁ ଭରଣ କରନ୍ତୁ।" - - #: ../src/firewall-config.glade.h:249 - msgid "Priority:" -@@ -1847,7 +1872,9 @@ msgstr "ଦୟାକରି ଗୋଟିଏ ଶକ୍ତ ନିୟମକୁ ଭ - - #: ../src/firewall-config.glade.h:255 - msgid "For host or network white or blacklisting deactivate the element." --msgstr "ହୋଷ୍ଟ କିମ୍ବା ନେଟୱର୍କ ହ୍ୱାଇଟ କିମ୍ବା ବ୍ଲାକଲିଷ୍ଟ ପାଇଁ ଉପାଦାନକୁ ନିଷ୍କ୍ରିୟ କରିଥାଏ।" -+msgstr "" -+"ହୋଷ୍ଟ କିମ୍ବା ନେଟୱର୍କ ହ୍ୱାଇଟ କିମ୍ବା ବ୍ଲାକଲିଷ୍ଟ ପାଇଁ ଉପାଦାନକୁ ନିଷ୍କ୍ରିୟ " -+"କରିଥାଏ।" - - #: ../src/firewall-config.glade.h:256 - msgid "Source:" -@@ -1875,11 +1902,11 @@ msgstr "ଓଲଟି ଯାଇଛି" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" --"ଏହାକୁ ସକ୍ରିୟ କରିବା ପାଇଁ କାର୍ଯ୍ୟକୁ 'ପ୍ରତ୍ୟାଖ୍ୟାନ' କରିବା ଉଚିତ ଏବଂ 'ipv4' କିମ୍ବା 'ipv6' ପରିବାରର " --"ହୋଇଥିବା ଉଚିତ (ଉଭୟ ନୁହଁ)।" -+"ଏହାକୁ ସକ୍ରିୟ କରିବା ପାଇଁ କାର୍ଯ୍ୟକୁ 'ପ୍ରତ୍ୟାଖ୍ୟାନ' କରିବା ଉଚିତ ଏବଂ 'ipv4' " -+"କିମ୍ବା 'ipv6' ପରିବାରର ହୋଇଥିବା ଉଚିତ (ଉଭୟ ନୁହଁ)।" - - #: ../src/firewall-config.glade.h:267 - msgid "with Type:" -diff --git a/po/pa.po b/po/pa.po -index 3dc2161d890d..1c791a2140c4 100644 ---- a/po/pa.po -+++ b/po/pa.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # Amandeep Singh Saini , 2013-2014 - # Amanpreet Singh Alam , 2004,2006 -@@ -23,14 +23,14 @@ msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=UTF-8\n" -+"Content-Transfer-Encoding: 8bit\n" - "PO-Revision-Date: 2017-11-26 02:37+0000\n" - "Last-Translator: A S Alam \n" - "Language-Team: Panjabi (Punjabi) (http://www.transifex.com/projects/p/" - "firewalld/language/pa/)\n" - "Language: pa\n" --"MIME-Version: 1.0\n" --"Content-Type: text/plain; charset=UTF-8\n" --"Content-Transfer-Encoding: 8bit\n" - "Plural-Forms: nplurals=2; plural=(n != 1);\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -90,8 +90,9 @@ msgid "" - "This feature is useful for people using the default zones mostly. For users, " - "that are changing zones of connections, it might be of limited use." - msgstr "" --"ਇਹ ਫ਼ੀਚਰ ਉਹਨਾਂ ਲੋਕਾਂ ਲਈ ਉਪਯੋਗੀ ਹੈ ਜਿਹੜੇ ਜਿਆਦਾਤਰ ਮੂਲ ਜ਼ੋਨ ਵਰਤਦੇ ਹਨ। ਉਹਨਾਂ ਯੂਜ਼ਰਾਂ, ਜਿਹੜੇ " --"ਸੰਪਰਕਾਂ ਦੇ ਜੋ਼ਨਾਂ ਨੂੰ ਬਦਲਦੇ ਰਹੇ ਹਨ, ਇਹ ਸੀਮਿਤ ਵਰਤੋਂ ਵਾਲਾ ਹੋ ਸਕਦਾ ਹੈ।" -+"ਇਹ ਫ਼ੀਚਰ ਉਹਨਾਂ ਲੋਕਾਂ ਲਈ ਉਪਯੋਗੀ ਹੈ ਜਿਹੜੇ ਜਿਆਦਾਤਰ ਮੂਲ ਜ਼ੋਨ ਵਰਤਦੇ ਹਨ। ਉਹਨਾਂ " -+"ਯੂਜ਼ਰਾਂ, ਜਿਹੜੇ ਸੰਪਰਕਾਂ ਦੇ ਜੋ਼ਨਾਂ ਨੂੰ ਬਦਲਦੇ ਰਹੇ ਹਨ, ਇਹ ਸੀਮਿਤ ਵਰਤੋਂ ਵਾਲਾ ਹੋ " -+"ਸਕਦਾ ਹੈ।" - - #: ../src/firewall-applet.in:235 - msgid "Shields Up Zone:" -@@ -213,8 +214,10 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" --msgstr "'{zone}' ਜ਼ੋਨ ਸਰਗਰਮ '{connection}' ਸੰਪਰਕ ਲਈ '{interface}' ਇੰਟਰਫੇਸ ਉੱਤੇ" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" -+msgstr "" -+"'{zone}' ਜ਼ੋਨ ਸਰਗਰਮ '{connection}' ਸੰਪਰਕ ਲਈ '{interface}' ਇੰਟਰਫੇਸ ਉੱਤੇ" - - #: ../src/firewall-applet.in:892 - msgid "Zone '{zone}' active for interface '{interface}'" -@@ -652,11 +655,11 @@ msgstr "ipv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" --"ਕਿਸੇ ਹੋਰ ਸਿਸਟਮ ਤੇ ਫਾਰਵਰਡਿੰਗ ਸਿਰਫ ਉਸ ਵੇਲੇ ਹੀ ਵਰਤੋਂਯੋਗ ਹੈ ਜੇ ਇੰਟਰਫੇਸ ਦਾ ਮੁਖੌਟਾਪਨ ਕੀਤਾ ਹੈ।\n" -+"ਕਿਸੇ ਹੋਰ ਸਿਸਟਮ ਤੇ ਫਾਰਵਰਡਿੰਗ ਸਿਰਫ ਉਸ ਵੇਲੇ ਹੀ ਵਰਤੋਂਯੋਗ ਹੈ ਜੇ ਇੰਟਰਫੇਸ ਦਾ " -+"ਮੁਖੌਟਾਪਨ ਕੀਤਾ ਹੈ।\n" - "ਕੀ ਤੁਸੀਂ ਇਸ ਜ਼ੋਨ ਦਾ ਮੁਖੌਟਾਪਨ ਕਰਨਾ ਚਾਹੁੰਦੇ ਹੋ?" - - #: ../src/firewall-config.in:5376 -@@ -841,8 +844,8 @@ msgid "" - "If you enable local forwarding, you have to specify a port. This port has to " - "be different to the source port." - msgstr "" --"ਜੇ ਤੁਸੀਂ ਸਥਾਨਕ ਫਾਰਵਰਡਿੰਗ ਯੋਗ ਕਰਦੇ ਹੋ, ਤੁਹਾਨੂੰ ਇੱਕ ਪੋਰਟ ਦੇਣੀ ਚਾਹੀਦੀ ਹੈ। ਇਹ ਪੋਰਟ ਸਰੋਤ ਪੋਰਟ ਲਈ " --"ਵੱਖਰੀ ਹੋਣੀ ਜਰੂਰੀ ਹੈ।" -+"ਜੇ ਤੁਸੀਂ ਸਥਾਨਕ ਫਾਰਵਰਡਿੰਗ ਯੋਗ ਕਰਦੇ ਹੋ, ਤੁਹਾਨੂੰ ਇੱਕ ਪੋਰਟ ਦੇਣੀ ਚਾਹੀਦੀ ਹੈ। ਇਹ " -+"ਪੋਰਟ ਸਰੋਤ ਪੋਰਟ ਲਈ ਵੱਖਰੀ ਹੋਣੀ ਜਰੂਰੀ ਹੈ।" - - #: ../src/firewall-config.glade.h:30 - msgid "Local forwarding" -@@ -950,8 +953,9 @@ msgid "" - "runtime configuration. i.e. all runtime only changes done until reload are " - "lost with reload if they have not been also in permanent configuration." - msgstr "" --"ਫਾਇਰਵਾਲ ਨਿਯਮ ਮੁੜ ਲੋਡ ਕਰੋ। ਮੌਜੂਦਾ ਪੱਕੀ ਸੰਰਚਨਾ ਨਵੀਂ ਚੱਲ ਰਹੀ ਸੰਰਚਨਾ ਬਣ ਜਾਵੇਗੀ। ਮਤਲਬ ਕਿ ਮੁੜ-" --"ਲੋਡ ਕਰਨ ਤੱਕ ਚਾਲੂ ਹਾਲਾਤ ਵਿੱਚ ਕੀਤੇ ਸਾਰੇ ਬਦਲਾਅ ਗੁੰਮ ਜਾਂਦੇ ਹਨ ਜੇ ਉਹ ਵੀ ਪੱਕੀ ਸੰਰਚਨਾ ਵਿੱਚ ਨਹੀਂ ਹਨ।" -+"ਫਾਇਰਵਾਲ ਨਿਯਮ ਮੁੜ ਲੋਡ ਕਰੋ। ਮੌਜੂਦਾ ਪੱਕੀ ਸੰਰਚਨਾ ਨਵੀਂ ਚੱਲ ਰਹੀ ਸੰਰਚਨਾ ਬਣ ਜਾਵੇਗੀ। " -+"ਮਤਲਬ ਕਿ ਮੁੜ-ਲੋਡ ਕਰਨ ਤੱਕ ਚਾਲੂ ਹਾਲਾਤ ਵਿੱਚ ਕੀਤੇ ਸਾਰੇ ਬਦਲਾਅ ਗੁੰਮ ਜਾਂਦੇ ਹਨ ਜੇ ਉਹ " -+"ਵੀ ਪੱਕੀ ਸੰਰਚਨਾ ਵਿੱਚ ਨਹੀਂ ਹਨ।" - - #: ../src/firewall-config.glade.h:60 - msgid "Change which zone a network connection belongs to." -@@ -994,8 +998,8 @@ msgid "" - "Lockdown locks firewall configuration so that only applications on lockdown " - "whitelist are able to change it." - msgstr "" --"ਤਾਲਾਬੰਦ ਫਾਇਰਵਾਲ ਸੰਰਚਨਾ ਤੇ ਤਾਲਾ ਲਗਾ ਦਿੰਦਾ ਹੈ ਤਾਂ ਕਿ ਸਿਰਫ਼ ਤਾਲਾਬੰਦੀ ਦੀ ਵਾਈ੍ਹਟਲਿਸਟ " --"ਉੱਪਰਲੀਆਂ ਐਪਲੀਕੇਸ਼ਨਾਂ ਹੀ ਇਸ ਨੂੰ ਬਦਲਣ ਦੇ ਯੋਗ ਹੋਣ।" -+"ਤਾਲਾਬੰਦ ਫਾਇਰਵਾਲ ਸੰਰਚਨਾ ਤੇ ਤਾਲਾ ਲਗਾ ਦਿੰਦਾ ਹੈ ਤਾਂ ਕਿ ਸਿਰਫ਼ ਤਾਲਾਬੰਦੀ ਦੀ " -+"ਵਾਈ੍ਹਟਲਿਸਟ ਉੱਪਰਲੀਆਂ ਐਪਲੀਕੇਸ਼ਨਾਂ ਹੀ ਇਸ ਨੂੰ ਬਦਲਣ ਦੇ ਯੋਗ ਹੋਣ।" - - #: ../src/firewall-config.glade.h:71 - msgid "Lockdown" -@@ -1069,8 +1073,8 @@ msgid "" - "configuration. Permanent configuration will be active after service or " - "system reload or restart." - msgstr "" --"ਮੌਜੂਦਾ ਪਰਗਟ ਸੰਰਚਨਾ। ਚਾਲੂ ਸੰਰਚਨਾ ਹੀ ਅਸਲ ਸਰਗਰਮ ਸੰਰਚਨਾ ਹੈ। ਸਥਾਈ ਸੰਰਚਨਾ ਸੇਵਾ ਜਾਂ ਸਿਸਟਮ ਦੇ " --"ਮੁੜ-ਲੋਡ ਜਾਂ ਮੁੜ-ਸ਼ੁਰੂ ਹੋਣ ਤੋਂ ਬਾਅਦ ਸਰਗਰਮ ਹੋਵੇਗੀ" -+"ਮੌਜੂਦਾ ਪਰਗਟ ਸੰਰਚਨਾ। ਚਾਲੂ ਸੰਰਚਨਾ ਹੀ ਅਸਲ ਸਰਗਰਮ ਸੰਰਚਨਾ ਹੈ। ਸਥਾਈ ਸੰਰਚਨਾ ਸੇਵਾ ਜਾਂ " -+"ਸਿਸਟਮ ਦੇ ਮੁੜ-ਲੋਡ ਜਾਂ ਮੁੜ-ਸ਼ੁਰੂ ਹੋਣ ਤੋਂ ਬਾਅਦ ਸਰਗਰਮ ਹੋਵੇਗੀ" - - #: ../src/firewall-config.glade.h:88 - msgid "" -@@ -1080,9 +1084,10 @@ msgid "" - "filters and rich rules. The zone can be bound to interfaces and source " - "addresses." - msgstr "" --"ਇੱਕ ਫਾਇਰਵਾਲ ਵਾਲਾ ਜ਼ੋਨ ਨੈੱਟਵਰਕ ਸੰਪਰਕਾਂ, ਇੰਟਰਫੇਸਾਂ ਅਤੇ ਜ਼ੋਨ ਨਾਲ ਬੱਝੇ ਸਰੋਤਾਂ ਲਈ ਭਰੋਸੇ ਦਾ ਪੱਧਰ " --"ਦਰਸਾਉਂਦਾ ਹੈ। ਜ਼ੋਨ ਸੇਵਾਵਾਂ, ਪੋਰਟਾਂ, ਜਾਬਤਿਆਂ, ਮੁਖੌਟਾਪਨ, ਪੋਰਟ/ਪੈਕੇਟ ਫਾਰਵਰਡ ਕਰਨਾ, icmp ਫਿਲਟਰਾਂ " --"ਅਤੇ ਉੱਚ-ਪੱਧਰ ਨਿਯਮਾਂ ਨੂੰ ਇਕੱਠਿਆਂ ਕਰਦਾ ਹੈ। ਜ਼ੋਨ ਨੂੰ ਇੰਟਰਫੇਸਾਂ ਅਤੇ ਸਰੋਤ ਪਤਿਆਂ ਨਾਲ ਬੰਨ੍ਹਿਆ ਜਾ ਸਕਦਾ ਹੈ।" -+"ਇੱਕ ਫਾਇਰਵਾਲ ਵਾਲਾ ਜ਼ੋਨ ਨੈੱਟਵਰਕ ਸੰਪਰਕਾਂ, ਇੰਟਰਫੇਸਾਂ ਅਤੇ ਜ਼ੋਨ ਨਾਲ ਬੱਝੇ ਸਰੋਤਾਂ ਲਈ " -+"ਭਰੋਸੇ ਦਾ ਪੱਧਰ ਦਰਸਾਉਂਦਾ ਹੈ। ਜ਼ੋਨ ਸੇਵਾਵਾਂ, ਪੋਰਟਾਂ, ਜਾਬਤਿਆਂ, ਮੁਖੌਟਾਪਨ, ਪੋਰਟ/" -+"ਪੈਕੇਟ ਫਾਰਵਰਡ ਕਰਨਾ, icmp ਫਿਲਟਰਾਂ ਅਤੇ ਉੱਚ-ਪੱਧਰ ਨਿਯਮਾਂ ਨੂੰ ਇਕੱਠਿਆਂ ਕਰਦਾ ਹੈ। " -+"ਜ਼ੋਨ ਨੂੰ ਇੰਟਰਫੇਸਾਂ ਅਤੇ ਸਰੋਤ ਪਤਿਆਂ ਨਾਲ ਬੰਨ੍ਹਿਆ ਜਾ ਸਕਦਾ ਹੈ।" - - #: ../src/firewall-config.glade.h:90 - msgid "Add Zone" -@@ -1106,9 +1111,9 @@ msgid "" - "are accessible from all hosts and networks that can reach the machine from " - "connections, interfaces and sources bound to this zone." - msgstr "" --"ਇੱਥੇ ਤੁਸੀਂ ਦੱਸ ਸਕਦੇ ਹੋ ਕਿ ਕਿਹੜੀ ਸੇਵਾ ਭਰੋਸੇਯੋਗ ਜ਼ੋਨ ਵਿੱਚ ਹੈ। ਭਰੋਸੇਯੋਗ ਸੋਵਾਵਾਂ ਸਭ ਮੇਜ਼ਬਾਨਾਂ ਅਤੇ ਨੈੱਟਵਰਕਾਂ " --"ਤੋਂ ਵਰਤੀਆਂ ਜਾ ਸਕਦੀਆਂ ਹਨ ਜਿਹੜੇ ਇਸ ਜ਼ੋਨ ਨਾਲ ਬੱਝੇ ਸੰਪਰਕਾਂ, ਇੰਟਰਫੇਸਾਂ ਅਤੇ ਸਰੋਤਾਂ ਤੋਂ ਮਸ਼ੀਨ ਤੱਕ ਪਹੁੰਚ " --"ਸਕਦੇ ਹਨ।" -+"ਇੱਥੇ ਤੁਸੀਂ ਦੱਸ ਸਕਦੇ ਹੋ ਕਿ ਕਿਹੜੀ ਸੇਵਾ ਭਰੋਸੇਯੋਗ ਜ਼ੋਨ ਵਿੱਚ ਹੈ। ਭਰੋਸੇਯੋਗ ਸੋਵਾਵਾਂ " -+"ਸਭ ਮੇਜ਼ਬਾਨਾਂ ਅਤੇ ਨੈੱਟਵਰਕਾਂ ਤੋਂ ਵਰਤੀਆਂ ਜਾ ਸਕਦੀਆਂ ਹਨ ਜਿਹੜੇ ਇਸ ਜ਼ੋਨ ਨਾਲ ਬੱਝੇ " -+"ਸੰਪਰਕਾਂ, ਇੰਟਰਫੇਸਾਂ ਅਤੇ ਸਰੋਤਾਂ ਤੋਂ ਮਸ਼ੀਨ ਤੱਕ ਪਹੁੰਚ ਸਕਦੇ ਹਨ।" - - #: ../src/firewall-config.glade.h:95 - msgid "Services" -@@ -1119,8 +1124,8 @@ msgid "" - "Add additional ports or port ranges, which need to be accessible for all " - "hosts or networks that can connect to the machine." - msgstr "" --"ਵਾਧੂ ਪੋਰਟਾਂ ਜਾਂ ਪੋਰਟ ਰੇਂਜਾਂ ਸ਼ਾਮਿਲ ਕਰੋ, ਜੋ ਉਹਨਾਂ ਸਭ ਮੇਜ਼ਬਾਨਾਂ ਜਾਂ ਨੈੱਟਵਰਕਾਂ ਲਈ ਦਖਲ ਦੇਣ ਯੋਗ ਹੋਣ " --"ਜਿਹੜੇ ਮਸ਼ੀਨ ਨਾਲ ਜੁੜ ਸਕਦੇ ਹਨ।" -+"ਵਾਧੂ ਪੋਰਟਾਂ ਜਾਂ ਪੋਰਟ ਰੇਂਜਾਂ ਸ਼ਾਮਿਲ ਕਰੋ, ਜੋ ਉਹਨਾਂ ਸਭ ਮੇਜ਼ਬਾਨਾਂ ਜਾਂ ਨੈੱਟਵਰਕਾਂ ਲਈ " -+"ਦਖਲ ਦੇਣ ਯੋਗ ਹੋਣ ਜਿਹੜੇ ਮਸ਼ੀਨ ਨਾਲ ਜੁੜ ਸਕਦੇ ਹਨ।" - - #: ../src/firewall-config.glade.h:97 - msgid "Add Port" -@@ -1174,9 +1179,9 @@ msgid "" - "network to the internet. Your local network will not be visible and the " - "hosts appear as a single address on the internet. Masquerading is IPv4 only." - msgstr "" --"ਮਖੌਟਾ ਤੁਹਾਨੂੰ ਮੇਜ਼ਬਾਨ ਜਾਂ ਰਾਊਟਰ ਨਿਰਧਾਰਤ ਕਰਨ ਵਿੱਚ ਮਦਦ ਕਰਦਾ ਹੈ ਜੋ ਤੁਹਾਡੇ ਸਥਾਨਕ ਨੈੱਟਵਰਕ ਨੂੰ " --"ਇੰਟਰਨੈੱਟ ਨਾਲ ਜੋੜਦਾ ਹੈ। ਤੁਹਾਡਾ ਸਥਾਨਕ ਨੈੱਟਵਰਕ ਦਿੱਖ ਹੋਵੇਗਾ ਅਤੇ ਇੰਟਰਨੈੱਟ ਲਈ ਮੇਜ਼ਬਾਨ ਇੱਕ ਵੱਖਰੇ ਪਤੇ ਵਾਂਗ " --"ਦਿਸਦਾ ਹੈ। ਮਖੌਟਾ ਸਿਰਫ IPv4 ਹੈ।" -+"ਮਖੌਟਾ ਤੁਹਾਨੂੰ ਮੇਜ਼ਬਾਨ ਜਾਂ ਰਾਊਟਰ ਨਿਰਧਾਰਤ ਕਰਨ ਵਿੱਚ ਮਦਦ ਕਰਦਾ ਹੈ ਜੋ ਤੁਹਾਡੇ ਸਥਾਨਕ " -+"ਨੈੱਟਵਰਕ ਨੂੰ ਇੰਟਰਨੈੱਟ ਨਾਲ ਜੋੜਦਾ ਹੈ। ਤੁਹਾਡਾ ਸਥਾਨਕ ਨੈੱਟਵਰਕ ਦਿੱਖ ਹੋਵੇਗਾ ਅਤੇ " -+"ਇੰਟਰਨੈੱਟ ਲਈ ਮੇਜ਼ਬਾਨ ਇੱਕ ਵੱਖਰੇ ਪਤੇ ਵਾਂਗ ਦਿਸਦਾ ਹੈ। ਮਖੌਟਾ ਸਿਰਫ IPv4 ਹੈ।" - - #: ../src/firewall-config.glade.h:109 - msgid "Masquerade zone" -@@ -1186,7 +1191,9 @@ msgstr "ਮੁਖੌਟਾ ਜ਼ੋਨ" - msgid "" - "If you enable masquerading, IP forwarding will be enabled for your IPv4 " - "networks." --msgstr "ਜੇ ਤੁਸੀਂ ਮੁਖੌਟਾ ਯੋਗ ਕੀਤਾ, IP ਫਾਰਵਰਡਿੰਗ ਵੀ ਤੁਹਾਡੇ IPv4 ਨੈੱਟਵਰਕਾਂ ਲਈ ਯੋਗ ਹੋ ਜਾਏਗੀ।" -+msgstr "" -+"ਜੇ ਤੁਸੀਂ ਮੁਖੌਟਾ ਯੋਗ ਕੀਤਾ, IP ਫਾਰਵਰਡਿੰਗ ਵੀ ਤੁਹਾਡੇ IPv4 ਨੈੱਟਵਰਕਾਂ ਲਈ ਯੋਗ ਹੋ " -+"ਜਾਏਗੀ।" - - #: ../src/firewall-config.glade.h:111 - msgid "Masquerading" -@@ -1199,9 +1206,10 @@ msgid "" - "system is only useful if the interface is masqueraded. Port forwarding is " - "IPv4 only." - msgstr "" --"ਪੋਰਟਾਂ ਨੂੰ ਸਥਾਨਕ ਸਿਸਟਮ ਉੱਪਰ ਇੱਕ ਪੋਰਟ ਤੋਂ ਦੂਜੀ ਪੋਰਟ ਤੇ ਫਾਰਵਰਡ ਕਰਨ ਲਈ ਜਾਂ ਸਥਾਨਕ ਸਿਸਟਮ ਤੋਂ ਹੋਰ " --"ਸਿਸਟਮ ਵੱਲ ਫਾਰਵਰਡ ਕਰਨ ਲਈ ਇੰਦਰਾਜ ਸ਼ਾਮਿਲ ਕਰੋ। ਹੋਰ ਸਿਸਟਮ ਤੇ ਫਾਰਵਰਡ ਕਰਨ ਨਾਲ ਸਿਰਫ ਤਾਂ ਹੀ " --"ਲਾਹੇਵੰਦ ਹੈ ਜੇ ਇੰਟਰਫੇਸ ਮਖੌਟਾ ਹੈ। ਪੋਰਟ ਫਾਰਵਰਡਿੰਗ ਸਿਰਫ IPv4 ਹੈ।" -+"ਪੋਰਟਾਂ ਨੂੰ ਸਥਾਨਕ ਸਿਸਟਮ ਉੱਪਰ ਇੱਕ ਪੋਰਟ ਤੋਂ ਦੂਜੀ ਪੋਰਟ ਤੇ ਫਾਰਵਰਡ ਕਰਨ ਲਈ ਜਾਂ " -+"ਸਥਾਨਕ ਸਿਸਟਮ ਤੋਂ ਹੋਰ ਸਿਸਟਮ ਵੱਲ ਫਾਰਵਰਡ ਕਰਨ ਲਈ ਇੰਦਰਾਜ ਸ਼ਾਮਿਲ ਕਰੋ। ਹੋਰ ਸਿਸਟਮ ਤੇ " -+"ਫਾਰਵਰਡ ਕਰਨ ਨਾਲ ਸਿਰਫ ਤਾਂ ਹੀ ਲਾਹੇਵੰਦ ਹੈ ਜੇ ਇੰਟਰਫੇਸ ਮਖੌਟਾ ਹੈ। ਪੋਰਟ ਫਾਰਵਰਡਿੰਗ " -+"ਸਿਰਫ IPv4 ਹੈ।" - - #: ../src/firewall-config.glade.h:113 - msgid "Add Forward Port" -@@ -1221,16 +1229,17 @@ msgid "" - "messages between networked computers, but additionally for informational " - "messages like ping requests and replies." - msgstr "" --"ਇੰਟਰਨੈੱਟ ਕੰਟਰੋਲ ਮੈਸੇਜ ਪਰੋਟੋਕਾਲ (ICMP) ਮੁੱਖ ਤੌਰ ਤੇ ਨੈੱਟਵਰਕ ਕੰਪਿਊਟਰਾਂ ਵਿੱਚ ਗਲਤੀ ਸੁਨੇਹੇ ਭੇਜਣ ਲਈ ਵਰਤਿਆ " --"ਜਾਂਦਾ ਹੈ, ਪਰ ਨਾਲ ਹੀ ਵੀ ਭੇਜਦਾ ਹੈ ਜਿਵੇਂ ਪਿੰਗ ਬੇਨਤੀ ਅਤੇ ਜਵਾਬ।" -+"ਇੰਟਰਨੈੱਟ ਕੰਟਰੋਲ ਮੈਸੇਜ ਪਰੋਟੋਕਾਲ (ICMP) ਮੁੱਖ ਤੌਰ ਤੇ ਨੈੱਟਵਰਕ ਕੰਪਿਊਟਰਾਂ ਵਿੱਚ " -+"ਗਲਤੀ ਸੁਨੇਹੇ ਭੇਜਣ ਲਈ ਵਰਤਿਆ ਜਾਂਦਾ ਹੈ, ਪਰ ਨਾਲ ਹੀ ਵੀ ਭੇਜਦਾ ਹੈ ਜਿਵੇਂ ਪਿੰਗ ਬੇਨਤੀ " -+"ਅਤੇ ਜਵਾਬ।" - - #: ../src/firewall-config.glade.h:117 - msgid "" - "Mark the ICMP types in the list, which should be rejected. All other ICMP " - "types are allowed to pass the firewall. The default is no limitation." - msgstr "" --"ਸੂਚੀ ਵਿੱਚ ICMP ਕਿਸਮਾਂ ਮਾਰਕ ਕਰੋ, ਜੋ ਰੱਧ ਕੀਤੀਆਂ ਜਾ ਸਕਦੀਆਂ ਹਨ। ਹੋਰ ਸਭ ICMP ਕਿਸਮਾਂ ਫਾਇਰਵਾਲ " --"ਵਿੱਚ ਲੰਘ ਸਕਦੀਆਂ ਹਨ। ਮੂਲ ਰੂਪ ਵਿੱਚ ਕੋਈ ਪਾਬੰਦੀ ਨਹੀਂ ਹੈ।" -+"ਸੂਚੀ ਵਿੱਚ ICMP ਕਿਸਮਾਂ ਮਾਰਕ ਕਰੋ, ਜੋ ਰੱਧ ਕੀਤੀਆਂ ਜਾ ਸਕਦੀਆਂ ਹਨ। ਹੋਰ ਸਭ ICMP " -+"ਕਿਸਮਾਂ ਫਾਇਰਵਾਲ ਵਿੱਚ ਲੰਘ ਸਕਦੀਆਂ ਹਨ। ਮੂਲ ਰੂਪ ਵਿੱਚ ਕੋਈ ਪਾਬੰਦੀ ਨਹੀਂ ਹੈ।" - - #: ../src/firewall-config.glade.h:118 - msgid "" -@@ -1271,8 +1280,8 @@ msgid "" - "Add entries to bind interfaces to the zone. If the interface will be used by " - "a connection, the zone will be set to the zone specified in the connection." - msgstr "" --"ਜ਼ੋਨ ਨਾਲ ਇੰਟਰਫੇਸ ਬੰਨ੍ਹਣ ਲਈ ਐਂਟਰੀਆਂ ਸਾਮਿਲ ਕਰੋ। ਜੇ ਇੰਟਰਫੇਸ ਸੰਪਰਕ ਦੁਆਰਾ ਵਰਤਿਆ ਜਾਵੇਗਾ, ਜ਼ੋਨ ਉਸ ਜ਼ੋਨ " --"ਵਜੋਂ ਸੈੱਟ ਹੋਵੇਗਾ ਜੋ ਸੰਪਰਕ ਵਿੱਚ ਦਰਸਾਇਆ ਗਿਆ ਹੈ।" -+"ਜ਼ੋਨ ਨਾਲ ਇੰਟਰਫੇਸ ਬੰਨ੍ਹਣ ਲਈ ਐਂਟਰੀਆਂ ਸਾਮਿਲ ਕਰੋ। ਜੇ ਇੰਟਰਫੇਸ ਸੰਪਰਕ ਦੁਆਰਾ ਵਰਤਿਆ " -+"ਜਾਵੇਗਾ, ਜ਼ੋਨ ਉਸ ਜ਼ੋਨ ਵਜੋਂ ਸੈੱਟ ਹੋਵੇਗਾ ਜੋ ਸੰਪਰਕ ਵਿੱਚ ਦਰਸਾਇਆ ਗਿਆ ਹੈ।" - - #: ../src/firewall-config.glade.h:127 - msgid "Add Interface" -@@ -1313,7 +1322,8 @@ msgstr "ਜ਼ੋਨ" - msgid "" - "A firewalld service is a combination of ports, protocols, modules and " - "destination addresses." --msgstr "ਇੱਕ ਫਾਇਰਵਾਲ-ਡੀ ਸੇਵਾ ਪੋਰਟਾਂ, ਜਾਬਤਿਆਂ, ਮੌਡਿਊਲਾਂ ਅਤੇ ਟਿਕਾਣਾ ਪਤਿਆਂ ਦਾ ਮਿਸ਼ਰਣ ਹੈ।" -+msgstr "" -+"ਇੱਕ ਫਾਇਰਵਾਲ-ਡੀ ਸੇਵਾ ਪੋਰਟਾਂ, ਜਾਬਤਿਆਂ, ਮੌਡਿਊਲਾਂ ਅਤੇ ਟਿਕਾਣਾ ਪਤਿਆਂ ਦਾ ਮਿਸ਼ਰਣ ਹੈ।" - - #: ../src/firewall-config.glade.h:139 - msgid "Add Service" -@@ -1369,8 +1379,8 @@ msgid "" - "the destination address and type. If both entries are empty, there is no " - "limitation." - msgstr "" --"ਜੇ ਤੁਸੀਂ ਟਿਕਾਣਾ ਪਤੇ ਦਰਸਾਉਂਦੇ ਹੋ, ਸੇਵਾ ਇੰਦਰਾਜ ਟਿਕਾਣੇ ਦੇ ਪਤੇ ਅਤੇ ਕਿਸਮ ਤੱਕ ਸੀਮਿਤ ਰਹੇਗੀ। ਜੇ ਦੋਵੇਂ " --"ਇੰਦਰਾਜ ਖਾਲੀ ਹਨ, ਫਿਰ ਕੋਈ ਬੰਦਿਸ਼ ਨਹੀਂ।" -+"ਜੇ ਤੁਸੀਂ ਟਿਕਾਣਾ ਪਤੇ ਦਰਸਾਉਂਦੇ ਹੋ, ਸੇਵਾ ਇੰਦਰਾਜ ਟਿਕਾਣੇ ਦੇ ਪਤੇ ਅਤੇ ਕਿਸਮ ਤੱਕ " -+"ਸੀਮਿਤ ਰਹੇਗੀ। ਜੇ ਦੋਵੇਂ ਇੰਦਰਾਜ ਖਾਲੀ ਹਨ, ਫਿਰ ਕੋਈ ਬੰਦਿਸ਼ ਨਹੀਂ।" - - #: ../src/firewall-config.glade.h:151 - msgid "IPv4:" -@@ -1385,7 +1395,8 @@ msgid "" - "Services can only be changed in the permanent configuration view. The " - "runtime configuration of services is fixed." - msgstr "" --"ਸੇਵਾਵਾਂ ਸਿਰਫ਼ ਸਥਾਈ ਸੰਰਚਨਾ ਝਾਤ ਵਿੱਚ ਹੀ ਬਦਲੀਆਂ ਜਾ ਸਕਦੀਆਂ ਹਨ। ਸੇਵਾਵਾਂ ਦੀ ਚਾਲੂ ਸੰਰਚਨਾ ਪੱਕੀ ਹੈ।" -+"ਸੇਵਾਵਾਂ ਸਿਰਫ਼ ਸਥਾਈ ਸੰਰਚਨਾ ਝਾਤ ਵਿੱਚ ਹੀ ਬਦਲੀਆਂ ਜਾ ਸਕਦੀਆਂ ਹਨ। ਸੇਵਾਵਾਂ ਦੀ ਚਾਲੂ " -+"ਸੰਰਚਨਾ ਪੱਕੀ ਹੈ।" - - #: ../src/firewall-config.glade.h:154 - msgid "" -@@ -1445,8 +1456,8 @@ msgid "" - "A firewalld icmptype provides the information for an Internet Control " - "Message Protocol (ICMP) type for firewalld." - msgstr "" --"ਫਾਇਰਵਾਲ-ਡੀ icmptype ਫਾਇਰਵਾਲ-ਡੀ ਦੀ ਇੰਟਰਨੈੱਟ ਕੰਟਰੋਲ ਮੈਸੇਜ ਪਰੋਟੋਕੌਲ (ICMP) ਕਿਸਮ ਦੀ " --"ਜਾਣਕਾਰੀ ਮੁਹੱਈਆ ਕਰਵਾਉਂਦਾ ਹੈ।" -+"ਫਾਇਰਵਾਲ-ਡੀ icmptype ਫਾਇਰਵਾਲ-ਡੀ ਦੀ ਇੰਟਰਨੈੱਟ ਕੰਟਰੋਲ ਮੈਸੇਜ ਪਰੋਟੋਕੌਲ (ICMP) ਕਿਸਮ " -+"ਦੀ ਜਾਣਕਾਰੀ ਮੁਹੱਈਆ ਕਰਵਾਉਂਦਾ ਹੈ।" - - #: ../src/firewall-config.glade.h:167 - msgid "Add ICMP Type" -@@ -1473,8 +1484,8 @@ msgid "" - "ICMP Types can only be changed in the permanent configuration view. The " - "runtime configuration of ICMP Types is fixed." - msgstr "" --"ICMP ਕਿਸਮਾਂ ਸਿਰਫ਼ ਸਥਾਈ ਸੰਰਚਨਾ ਝਾਤ ਵਿੱਚ ਹੀ ਬਦਲੀਆਂ ਜਾ ਸਕਦੀਆਂ ਹਨ। ICMP ਕਿਸਮ ਦੀ ਚਾਲੂ " --"ਸੰਰਚਨਾ ਪੱਕੀ ਹੈ।" -+"ICMP ਕਿਸਮਾਂ ਸਿਰਫ਼ ਸਥਾਈ ਸੰਰਚਨਾ ਝਾਤ ਵਿੱਚ ਹੀ ਬਦਲੀਆਂ ਜਾ ਸਕਦੀਆਂ ਹਨ। ICMP ਕਿਸਮ ਦੀ " -+"ਚਾਲੂ ਸੰਰਚਨਾ ਪੱਕੀ ਹੈ।" - - #: ../src/firewall-config.glade.h:173 - msgid "" -@@ -1495,10 +1506,10 @@ msgid "" - "commands, parameters and targets. Direct configuration should be used only " - "as a last resort when it is not possible to use other firewalld features." - msgstr "" --"ਸਿੱਧੀ ਸੰਰਚਨਾ ਫਾਇਰਵਾਲ ਤੱਕ ਹੋਰ ਜਿਆਦਾ ਸਿੱਧਾ ਦਖਲ ਦਿੰਦੀ ਹੈ। ਇਹ ਚੋਣਾਂ ਲਈ ਲੋੜੀਂਦਾ ਹੈ ਕਿ ਯੂਜ਼ਰ ਨੂੰ " --"iptables ਦੇ ਮੁੱਢਲੇ ਸਿਧਾਂਤ ਪਤਾ ਹੋਣ, i.e. ਸਾਰਣੀਆਂ, ਲੜੀਆਂ, ਕਮਾਂਡਾਂ, ਪੈਰਾਮੀਟਰ ਅਤੇ ਟਿਕਾਣੇ। " --"ਸਿੱਧੀ ਸੰਰਚਨਾ ਆਖਿਰੀ ਹੱਲ ਵਜੋਂ ਵਰਤਣੀ ਚਾਹੀਦੀ ਹੈ ਜਦੋਂ ਹੋਰ ਫਾਇਰਵਾਲ-ਡੀ ਫੀਚਰਾਂ ਨੂੰ ਵਰਤਣਾ ਸੰਭਵ ਨਾ " --"ਹੋਵੇ।" -+"ਸਿੱਧੀ ਸੰਰਚਨਾ ਫਾਇਰਵਾਲ ਤੱਕ ਹੋਰ ਜਿਆਦਾ ਸਿੱਧਾ ਦਖਲ ਦਿੰਦੀ ਹੈ। ਇਹ ਚੋਣਾਂ ਲਈ ਲੋੜੀਂਦਾ " -+"ਹੈ ਕਿ ਯੂਜ਼ਰ ਨੂੰ iptables ਦੇ ਮੁੱਢਲੇ ਸਿਧਾਂਤ ਪਤਾ ਹੋਣ, i.e. ਸਾਰਣੀਆਂ, ਲੜੀਆਂ, " -+"ਕਮਾਂਡਾਂ, ਪੈਰਾਮੀਟਰ ਅਤੇ ਟਿਕਾਣੇ। ਸਿੱਧੀ ਸੰਰਚਨਾ ਆਖਿਰੀ ਹੱਲ ਵਜੋਂ ਵਰਤਣੀ ਚਾਹੀਦੀ ਹੈ " -+"ਜਦੋਂ ਹੋਰ ਫਾਇਰਵਾਲ-ਡੀ ਫੀਚਰਾਂ ਨੂੰ ਵਰਤਣਾ ਸੰਭਵ ਨਾ ਹੋਵੇ।" - - #: ../src/firewall-config.glade.h:176 - msgid "" -@@ -1506,8 +1517,9 @@ msgid "" - "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " - "bridges (ebtables)." - msgstr "" --"ਹਰੇਕ ਚੋਣ ਦੇ ipv ਆਰਗੂਮੈਂਟ ਦਾ ipv4 ਜਾਂ ipv6 ਜਾਂ eb ਹੋਣਾ ਹੈ। ipv4 ਨਾਲ ਇਹ iptables ਲਈ " --"ਹੋਵੇਗਾ, ipv6 ਨਾਲ ਇਹ ip6tables ਲਈ ਅਤੇ eb ਨਾਲ ਇਹ ਈਥਰਨੈੱਟ ਬਰਿੱਜਾਂ (ebtables) ਲਈ।" -+"ਹਰੇਕ ਚੋਣ ਦੇ ipv ਆਰਗੂਮੈਂਟ ਦਾ ipv4 ਜਾਂ ipv6 ਜਾਂ eb ਹੋਣਾ ਹੈ। ipv4 ਨਾਲ ਇਹ " -+"iptables ਲਈ ਹੋਵੇਗਾ, ipv6 ਨਾਲ ਇਹ ip6tables ਲਈ ਅਤੇ eb ਨਾਲ ਇਹ ਈਥਰਨੈੱਟ ਬਰਿੱਜਾਂ " -+"(ebtables) ਲਈ।" - - #: ../src/firewall-config.glade.h:177 - msgid "Additional chains for use with rules." -@@ -1543,10 +1555,11 @@ msgid "" - "after another one, use a low priority for the first and a higher for the " - "following." - msgstr "" --"ਤਰਜੀਹ ਨਿਯਮਾਂ ਨੂੰ ਤਰਤੀਬ ਦੇਣ ਲਈ ਵਰਤੀ ਜਾਂਦੀ ਹੈ। ਤਰਜੀਹ 0 ਦਾ ਮਤਲਬ ਨਿਯਮ ਨੂੰ ਲੜੀ ਵਿੱਚ ਸਿਖਰ ਤੇ " --"ਜੋੜੋ, ਵੱਡੀ ਤਰਜੀਹ ਨਾਲ ਨਿਯਮ ਹੋਰ ਥੱਲੇ ਜੋੜੇ ਜਾਣਗੇ। ਇੱਕੋ ਤਰਜੀਹ ਵਾਲੇ ਨਿਯਮ ਇੱਕੋ ਪੱਧਰ ਤੇ ਹਨ ਅਤੇ ਇਹਨਾਂ " --"ਨਿਯਮਾਂ ਦੀ ਤਰਤੀਬ ਪੱਕੀ ਨਹੀਂ ਹੈ ਤੇ ਬਦਲ ਸਕਦੀ ਹੈ। ਜੇ ਤੁਸੀਂ ਇਹ ਪੱਕਾ ਕਰਨਾ ਚਾਹੁੰਦੇ ਹੋ ਕਿ ਨਿਯਮ ਇੱਕ " --"ਦੂਜੇ ਤੋਂ ਬਾਅਦ ਜੋੜੇ ਜਾਣਗੇ, ਪਹਿਲੇ ਲਈ ਘੱਟ ਅਤੇ ਬਾਅਦ ਵਾਲੇ ਲਈ ਵੱਡੀ ਤਰਜੀਹ ਵਰਤੋ।" -+"ਤਰਜੀਹ ਨਿਯਮਾਂ ਨੂੰ ਤਰਤੀਬ ਦੇਣ ਲਈ ਵਰਤੀ ਜਾਂਦੀ ਹੈ। ਤਰਜੀਹ 0 ਦਾ ਮਤਲਬ ਨਿਯਮ ਨੂੰ ਲੜੀ " -+"ਵਿੱਚ ਸਿਖਰ ਤੇ ਜੋੜੋ, ਵੱਡੀ ਤਰਜੀਹ ਨਾਲ ਨਿਯਮ ਹੋਰ ਥੱਲੇ ਜੋੜੇ ਜਾਣਗੇ। ਇੱਕੋ ਤਰਜੀਹ ਵਾਲੇ " -+"ਨਿਯਮ ਇੱਕੋ ਪੱਧਰ ਤੇ ਹਨ ਅਤੇ ਇਹਨਾਂ ਨਿਯਮਾਂ ਦੀ ਤਰਤੀਬ ਪੱਕੀ ਨਹੀਂ ਹੈ ਤੇ ਬਦਲ ਸਕਦੀ ਹੈ। " -+"ਜੇ ਤੁਸੀਂ ਇਹ ਪੱਕਾ ਕਰਨਾ ਚਾਹੁੰਦੇ ਹੋ ਕਿ ਨਿਯਮ ਇੱਕ ਦੂਜੇ ਤੋਂ ਬਾਅਦ ਜੋੜੇ ਜਾਣਗੇ, ਪਹਿਲੇ " -+"ਲਈ ਘੱਟ ਅਤੇ ਬਾਅਦ ਵਾਲੇ ਲਈ ਵੱਡੀ ਤਰਜੀਹ ਵਰਤੋ।" - - #: ../src/firewall-config.glade.h:184 - msgid "Add Rule" -@@ -1570,12 +1583,13 @@ msgid "" - "not placed in special chains. All iptables, ip6tables and ebtables options " - "can be used." - msgstr "" --"ਪਾਸਥਰੂਅ ਨਿਯਮ ਸਿੱਧੇ ਫਾਇਰਵਾਲ ਤੱਕ ਲੰਘਾ ਦਿੱਤੇ ਜਾਂਦੇ ਹਨ ਅਤੇ ਖਾਸ ਲੜੀਆਂ ਵਿੱਚ ਨਹੀਂ ਰੱਖੇ ਜਾਂਦੇ। ਸਾਰੀਆਂ " --"iptables, ip6tables ਅਤੇ ebtables ਚੋਣਾਂ ਵਰਤੀਆਂ ਜਾ ਸਕਦੀਆਂ।" -+"ਪਾਸਥਰੂਅ ਨਿਯਮ ਸਿੱਧੇ ਫਾਇਰਵਾਲ ਤੱਕ ਲੰਘਾ ਦਿੱਤੇ ਜਾਂਦੇ ਹਨ ਅਤੇ ਖਾਸ ਲੜੀਆਂ ਵਿੱਚ ਨਹੀਂ " -+"ਰੱਖੇ ਜਾਂਦੇ। ਸਾਰੀਆਂ iptables, ip6tables ਅਤੇ ebtables ਚੋਣਾਂ ਵਰਤੀਆਂ ਜਾ ਸਕਦੀਆਂ।" - - #: ../src/firewall-config.glade.h:189 - msgid "Please be careful with passthrough rules to not damage the firewall." --msgstr "ਕਿਰਪਾ ਕਰ ਕੇ ਪਾਸਥਰੂਅ ਨਿਯਮਾਂ ਨਾਲ ਸੁਚੇਤ ਰਹੋ ਕਿਤੇ ਫਾਇਰਵਾਲ ਨੂੰ ਨੁਕਸਾਨ ਨਾ ਪਹੁੰਚੇ।" -+msgstr "" -+"ਕਿਰਪਾ ਕਰ ਕੇ ਪਾਸਥਰੂਅ ਨਿਯਮਾਂ ਨਾਲ ਸੁਚੇਤ ਰਹੋ ਕਿਤੇ ਫਾਇਰਵਾਲ ਨੂੰ ਨੁਕਸਾਨ ਨਾ ਪਹੁੰਚੇ।" - - #: ../src/firewall-config.glade.h:190 - msgid "Add Passthrough" -@@ -1599,9 +1613,9 @@ msgid "" - "firewalld. It limits changes to the firewall. The lockdown whitelist can " - "contain commands, contexts, users and user ids." - msgstr "" --"ਤਾਲਾਬੰਦ ਗੁਣ ਫਾਇਰਵਾਲ-ਡੀ ਲਈ ਯੂਜ਼ਰ ਅਤੇ ਐਪਲੀਕੇਸ਼ਨ ਨੀਤੀਆਂ ਦਾ ਹਲਕਾ ਸੰਸਕਰਣ ਹੈ। ਇਹ ਫਾਇਰਵਾਲ-ਡੀ " --"ਵਿੱਚ ਬਦਲਾਆਂ ਨੂੰ ਸੀਮਿਤ ਕਰਦਾ ਹੈ। ਤਾਲਾਬੰਦ ਵਾਈ੍ਹਟਲਿਸਟ ਵਿੱਚ ਕਮਾਂਡਾਂ, ਪ੍ਰਸੰਗ, ਯੂਜ਼ਰ ਅਤੇ ਯੂਜ਼ਰ idਆਂ ਹੋ " --"ਸਕਦੀਆਂ ਹਨ।" -+"ਤਾਲਾਬੰਦ ਗੁਣ ਫਾਇਰਵਾਲ-ਡੀ ਲਈ ਯੂਜ਼ਰ ਅਤੇ ਐਪਲੀਕੇਸ਼ਨ ਨੀਤੀਆਂ ਦਾ ਹਲਕਾ ਸੰਸਕਰਣ ਹੈ। ਇਹ " -+"ਫਾਇਰਵਾਲ-ਡੀ ਵਿੱਚ ਬਦਲਾਆਂ ਨੂੰ ਸੀਮਿਤ ਕਰਦਾ ਹੈ। ਤਾਲਾਬੰਦ ਵਾਈ੍ਹਟਲਿਸਟ ਵਿੱਚ ਕਮਾਂਡਾਂ, " -+"ਪ੍ਰਸੰਗ, ਯੂਜ਼ਰ ਅਤੇ ਯੂਜ਼ਰ idਆਂ ਹੋ ਸਕਦੀਆਂ ਹਨ।" - - #: ../src/firewall-config.glade.h:195 - msgid "" -@@ -1632,9 +1646,9 @@ msgid "" - "command lines starting with the command will match. If the '*' is not there " - "the absolute command inclusive arguments must match." - msgstr "" --"ਜੇ ਵਾਈ੍ਹਟਲਿਸਟ ਤੇ ਕੋਈ ਕਮਾਂਡ ਇੰਦਰਾਜ '*' ਨਾਲ ਖਤਮ ਹੁੰਦਾ ਹੈ, ਤਾਂ ਕਮਾਂਡ ਨਾਲ ਸ਼ੁਰੂ ਹੁੰਦੀਆਂ ਸਾਰੀਆਂ " --"ਕਮਾਂਡ ਲਾਈਨਾਂ ਵੀ ਮੇਲ ਖਾਣਗੀਆਂ। ਜੇ '*' ਨਹੀਂ ਲੱਗਾ ਤਾਂ ਕਮਾਂਡ ਆਰਗੂਮੈਂਟਾਂ ਸਮੇਤ ਪੂਰੀ ਤਰ੍ਹਾਂ ਮੇਲ ਖਾਂਦੀ " --"ਹੋਣੀ ਜਰੂਰੀ ਹੈ।" -+"ਜੇ ਵਾਈ੍ਹਟਲਿਸਟ ਤੇ ਕੋਈ ਕਮਾਂਡ ਇੰਦਰਾਜ '*' ਨਾਲ ਖਤਮ ਹੁੰਦਾ ਹੈ, ਤਾਂ ਕਮਾਂਡ ਨਾਲ ਸ਼ੁਰੂ " -+"ਹੁੰਦੀਆਂ ਸਾਰੀਆਂ ਕਮਾਂਡ ਲਾਈਨਾਂ ਵੀ ਮੇਲ ਖਾਣਗੀਆਂ। ਜੇ '*' ਨਹੀਂ ਲੱਗਾ ਤਾਂ ਕਮਾਂਡ " -+"ਆਰਗੂਮੈਂਟਾਂ ਸਮੇਤ ਪੂਰੀ ਤਰ੍ਹਾਂ ਮੇਲ ਖਾਂਦੀ ਹੋਣੀ ਜਰੂਰੀ ਹੈ।" - - #: ../src/firewall-config.glade.h:201 - msgid "Add Command Line" -@@ -1848,7 +1862,8 @@ msgstr "ਕਿਰਪਾ ਕਰ ਕੇ ਇੱਕ ਉੱਚ-ਪੱਧਰੀ ਨਿ - - #: ../src/firewall-config.glade.h:255 - msgid "For host or network white or blacklisting deactivate the element." --msgstr "ਮੇਜਬਾਨ ਜਾਂ ਨੈੱਟਵਰਕ ਲਈ ਵਾਈ੍ਹਟ ਜਾਂ ਬਲੈਕ-ਲਿਸਟਿੰਗ ਤੱਤ ਨੂੰ ਗੈਰ-ਕਿਰਿਆਸ਼ੀਲ ਕਰਦਾ ਹੈ।" -+msgstr "" -+"ਮੇਜਬਾਨ ਜਾਂ ਨੈੱਟਵਰਕ ਲਈ ਵਾਈ੍ਹਟ ਜਾਂ ਬਲੈਕ-ਲਿਸਟਿੰਗ ਤੱਤ ਨੂੰ ਗੈਰ-ਕਿਰਿਆਸ਼ੀਲ ਕਰਦਾ ਹੈ।" - - #: ../src/firewall-config.glade.h:256 - msgid "Source:" -@@ -1876,10 +1891,11 @@ msgstr "ਪਲਟਾਇਆ" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" --"ਇਸ ਨੂੰ ਯੋਗ ਕਰਨ ਲਈ ਕਾਰਵਾਈ 'reject' ਅਤੇ ਟੱਬਰ ਜਾਂ ਤਾਂ 'ipv4' ਜਾਂ 'ipv6' (ਦੋਵੇਂ ਨਹੀਂ) ਹੋਵੇ।" -+"ਇਸ ਨੂੰ ਯੋਗ ਕਰਨ ਲਈ ਕਾਰਵਾਈ 'reject' ਅਤੇ ਟੱਬਰ ਜਾਂ ਤਾਂ 'ipv4' ਜਾਂ 'ipv6' (ਦੋਵੇਂ " -+"ਨਹੀਂ) ਹੋਵੇ।" - - #: ../src/firewall-config.glade.h:267 - msgid "with Type:" -diff --git a/po/pl.po b/po/pl.po -index 268fb15bdfcc..6c4a1d1fe1a2 100644 ---- a/po/pl.po -+++ b/po/pl.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # Andrzej Olszewski , 2004 - # Piotr Drąg , 2007,2013-2014 -@@ -11,20 +11,21 @@ - # Piotr Drąg , 2015. #zanata - # Piotr Drąg , 2016. #zanata - # Piotr Drąg , 2017. #zanata -+# Eric Garver , 2018. #zanata - # Piotr Drąg , 2018. #zanata - msgid "" - msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" --"PO-Revision-Date: 2018-07-30 06:41+0000\n" --"Last-Translator: Piotr Drąg \n" --"Language-Team: Polish (http://www.transifex.com/projects/p/firewalld/" --"language/pl/)\n" --"Language: pl\n" - "MIME-Version: 1.0\n" - "Content-Type: text/plain; charset=UTF-8\n" - "Content-Transfer-Encoding: 8bit\n" -+"PO-Revision-Date: 2018-11-16 08:26+0000\n" -+"Last-Translator: Copied by Zanata \n" -+"Language-Team: Polish (http://www.transifex.com/projects/p/firewalld/" -+"language/pl/)\n" -+"Language: pl\n" - "Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 " - "|| n%100>=20) ? 1 : 2);\n" - "X-Generator: Zanata 4.6.2\n" -@@ -45,8 +46,7 @@ msgstr "Konfiguracja zapory sieciowej" - #: ../config/firewall-config.desktop.in.h:4 - msgid "firewall;network;security;iptables;netfilter;" - msgstr "" --"zapora;sieciowa;ogniowa;firewall;sieć;sieci;network;bezpieczeństwo;" --"zabezpieczenia;security;iptables;netfilter;" -+"zapora;sieciowa;ogniowa;firewall;sieć;sieci;network;bezpieczeństwo;zabezpieczenia;security;iptables;netfilter;" - - #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 - #, c-format -@@ -214,7 +214,8 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" - "Strefa „{zone}” jest aktywna dla połączenia „{connection}” na interfejsie " - "„{interface}”" -@@ -308,8 +309,8 @@ msgid "" - "Failed to connect to firewalld. Please make sure that the service has been " - "started correctly and try again." - msgstr "" --"Połączenie z usługą firewalld się nie powiodło. Proszę się upewnić, że " --"usługa została poprawnie uruchomiona i spróbować ponownie." -+"Połączenie z firewalld nie powiodło się. Sprawdź, czy usługa została " -+"poprawnie uruchomiona, i ponów próbę." - - #: ../src/firewall-config.in:95 - msgid "Changes applied." -@@ -355,7 +356,7 @@ msgstr "Identyfikator użytkownika" - - #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 - msgid "Table" --msgstr "Tablica" -+msgstr "Tabela" - - #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 - msgid "Chain" -@@ -367,7 +368,7 @@ msgstr "Priorytet" - - #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 - msgid "Args" --msgstr "Parametry" -+msgstr "Argumenty" - - #: ../src/firewall-config.in:401 ../src/firewall-config.in:2329 - msgid "Runtime" -@@ -660,8 +661,7 @@ msgstr "IPv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" - "Przekierowywanie do innego systemu jest przydatne tylko, jeśli interfejs " -@@ -992,7 +992,8 @@ msgstr "Skonfiguruj przypisanie automatycznego modułu pomocniczego" - - #: ../src/firewall-config.glade.h:67 - msgid "Configure Automatic Helper Assignment setting." --msgstr "Skonfiguruj ustawienia przypisania automatycznego modułu pomocniczego." -+msgstr "" -+"Skonfiguruj ustawienia przypisania automatycznego modułu pomocniczego." - - #: ../src/firewall-config.glade.h:68 - msgid "Panic mode means that all incoming and outgoing packets are dropped." -@@ -1439,7 +1440,7 @@ msgid "" - "example IP addresses, port numbers or MAC addresses. " - msgstr "" - "Zestaw adresów IP może być używany do tworzenia białych i czarnych list, " --"i może przechowywać na przykład adresy IP, numery portów i adresy MAC." -+"i może przechowywać na przykład adresy IP, numery portów i adresy MAC. " - - #: ../src/firewall-config.glade.h:155 - msgid "IPSet" -@@ -1548,6 +1549,7 @@ msgstr "" - msgid "Define ports or port ranges, which are monitored by the helper." - msgstr "" - "Proszę określić porty lub zakresy portów monitorowane przez moduł pomocniczy." -+"" - - #: ../src/firewall-config.glade.h:175 - msgid "" -@@ -1795,7 +1797,7 @@ msgstr "Domyślna strefa:" - - #: ../src/firewall-config.glade.h:222 - msgid "Please enter an interface name:" --msgstr "Proszę podać nazwę interfejsu:" -+msgstr "Wprowadź nazwę initerfejsu:" - - #: ../src/firewall-config.glade.h:223 - msgid "Base IPSet Settings" -@@ -1839,7 +1841,7 @@ msgstr "Proszę wybrać zestaw adresów IP:" - - #: ../src/firewall-config.glade.h:234 - msgid "Please enter an ipset entry:" --msgstr "Proszę podać wpis ipset:" -+msgstr "Wprowadź wpis zestawu adresów IP:" - - #: ../src/firewall-config.glade.h:235 - msgid "Log Denied" -@@ -1949,11 +1951,11 @@ msgstr "odwrócone" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" --"Aby to włączyć, działanie musi wynosić „reject”, a rodzina „ipv4” lub " --"„ipv6” (nie oba)." -+"Aby to włączyć, działanie musi wynosić „reject”, a rodzina „ipv4” lub „ipv6” " -+"(nie oba)." - - #: ../src/firewall-config.glade.h:267 - msgid "with Type:" -@@ -1997,7 +1999,7 @@ msgstr "Proszę wybrać usługę." - - #: ../src/firewall-config.glade.h:297 - msgid "Please enter a source." --msgstr "Proszę podać źródło." -+msgstr "Wprowadź źródło." - - #: ../src/firewall-config.glade.h:298 - msgid "User ID" -diff --git a/po/pt.po b/po/pt.po -index e1f0c374c281..1be428f5c160 100644 ---- a/po/pt.po -+++ b/po/pt.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # Pedro Marques Daniel , 2013 - # Pedro Marques Daniel , 2013 -@@ -12,14 +12,14 @@ msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=UTF-8\n" -+"Content-Transfer-Encoding: 8bit\n" - "PO-Revision-Date: 2015-10-28 10:12+0000\n" - "Last-Translator: Miguel Sousa \n" - "Language-Team: Portuguese (http://www.transifex.com/projects/p/firewalld/" - "language/pt/)\n" - "Language: pt\n" --"MIME-Version: 1.0\n" --"Content-Type: text/plain; charset=UTF-8\n" --"Content-Transfer-Encoding: 8bit\n" - "Plural-Forms: nplurals=2; plural=(n != 1);\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -200,7 +200,8 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" - "Zona '{zone}' ativa para conexão '{connection}' na interface '{interface}'" - -@@ -640,8 +641,7 @@ msgstr "ipv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" - "Forwarding para outro sistema só é útil se a interface estiver mascarada.\n" -@@ -1183,7 +1183,8 @@ msgid "" - "If you enable masquerading, IP forwarding will be enabled for your IPv4 " - "networks." - msgstr "" --"Se ativar as omascarar, o reencaminhamento de IP será ativado para o seu IPv4" -+"Se ativar as omascarar, o reencaminhamento de IP será ativado para o seu " -+"IPv4" - - #: ../src/firewall-config.glade.h:111 - msgid "Masquerading" -@@ -1890,8 +1891,8 @@ msgstr "invertido" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" - "Para ativar esta Ação tem de ser 'reject' e da Familia 'ipv4' ou 'ipv6' (não " - "ambos)" -diff --git a/po/pt_BR.po b/po/pt_BR.po -index 1bb5abde7b49..dafe57381516 100644 ---- a/po/pt_BR.po -+++ b/po/pt_BR.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # ataliba , 2013 - # ataliba , 2013 -@@ -28,20 +28,21 @@ - # Daniel Lara , 2016. #zanata - # Frederico Henrique Gonçalves Lima , 2017. #zanata - # Mateus de Melo Santos , 2017. #zanata -+# Eric Garver , 2018. #zanata - # Renan Marcos Ferreira , 2018. #zanata - msgid "" - msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" --"PO-Revision-Date: 2018-05-17 02:28+0000\n" --"Last-Translator: Renan Marcos Ferreira \n" --"Language-Team: Portuguese (Brazil) (http://www.transifex.com/projects/p/" --"firewalld/language/pt_BR/)\n" --"Language: pt_BR\n" - "MIME-Version: 1.0\n" - "Content-Type: text/plain; charset=UTF-8\n" - "Content-Transfer-Encoding: 8bit\n" -+"PO-Revision-Date: 2018-11-16 08:27+0000\n" -+"Last-Translator: Copied by Zanata \n" -+"Language-Team: Portuguese (Brazil) (http://www.transifex.com/projects/p/" -+"firewalld/language/pt_BR/)\n" -+"Language: pt_BR\n" - "Plural-Forms: nplurals=2; plural=(n > 1);\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -81,7 +82,7 @@ msgstr "Selecione zona para conexão '%s'" - - #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3910 - msgid "Failed to set zone {zone} for connection {connection_name}" --msgstr "" -+msgstr "Falha ao definir o fuso {zone} para conexão{connection_name}" - - #: ../src/firewall-applet.in:190 - #, c-format -@@ -228,7 +229,8 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" - "Zona '{zone}' ativada para conexão '{connection}' na interface '{interface}'" - -@@ -321,8 +323,8 @@ msgid "" - "Failed to connect to firewalld. Please make sure that the service has been " - "started correctly and try again." - msgstr "" --"Falha ao conectar-se no firewalld. Por favor, tenha certeza de que o serviço " --"foi iniciado corretamente e tente novamente." -+"Falha na conexão com o firewalld. Verifique se o serviço foi iniciado " -+"corretamente e tente de novo." - - #: ../src/firewall-config.in:95 - msgid "Changes applied." -@@ -364,7 +366,7 @@ msgstr "Nome de usuário" - - #: ../src/firewall-config.in:244 - msgid "User id" --msgstr "ID de usuário" -+msgstr "ID do usuário" - - #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 - msgid "Table" -@@ -372,7 +374,7 @@ msgstr "Tabela" - - #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 - msgid "Chain" --msgstr "Corrente" -+msgstr "Cadeia" - - #: ../src/firewall-config.in:322 - msgid "Priority" -@@ -380,7 +382,7 @@ msgstr "Prioridade" - - #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 - msgid "Args" --msgstr "Argumentos" -+msgstr "Argum." - - #: ../src/firewall-config.in:401 ../src/firewall-config.in:2329 - msgid "Runtime" -@@ -673,8 +675,7 @@ msgstr "ipv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" - "O encaminhamento para outro sistema só é útil se a interface estiver " -@@ -1077,7 +1078,7 @@ msgstr "_Ajuda" - - #: ../src/firewall-config.glade.h:82 - msgid "Change Zone" --msgstr "Mudar zona" -+msgstr "Mudar Zona" - - #: ../src/firewall-config.glade.h:83 - msgid "Change zone of binding" -@@ -1250,8 +1251,8 @@ msgid "" - msgstr "" - "Adicione entradas para o encaminhamento de portas tanto de uma porta para " - "outra no sistema local, quanto do sistema local para outro sistema. O " --"encaminhamento para outro sistema só é útil se a interface estiver " --"mascarada. O encaminhamento de portas é somente para IPv4." -+"encaminhamento para outro sistema só é útil se a interface estiver mascarada." -+" O encaminhamento de portas é somente para IPv4." - - #: ../src/firewall-config.glade.h:113 - msgid "Add Forward Port" -@@ -1282,6 +1283,7 @@ msgid "" - msgstr "" - "Marque na lista os tipos de ICMP que devem ser rejeitados. Todos os outros " - "tipos serão permitidos passar pelo firewall. O padrão é não haver limitações." -+"" - - #: ../src/firewall-config.glade.h:118 - msgid "" -@@ -1290,6 +1292,7 @@ msgid "" - msgstr "" - "Se o Filtro Inverter está habilitado, entradas marcadas ICPM são aceitas e " - "as outras são rejeitadas. Em uma zona com o alvo DROP, elas serão rejeitadas." -+"" - - #: ../src/firewall-config.glade.h:119 - msgid "Invert Filter" -@@ -1420,7 +1423,8 @@ msgstr "Porta de Origem" - - #: ../src/firewall-config.glade.h:148 - msgid "Netfilter helper modules are needed for some services." --msgstr "Módulos assistentes do Netfilter são necessários para alguns serviços." -+msgstr "" -+"Módulos assistentes do Netfilter são necessários para alguns serviços." - - #: ../src/firewall-config.glade.h:149 - msgid "Modules" -@@ -1498,8 +1502,8 @@ msgid "" - "The entries should be taken care directly with the ipset command." - msgstr "" - "Este IPSet utiliza a opção de limite de tempo, portanto nenhuma entrada é " --"visível aqui. As entradas devem ser atendidas diretamente pelo comando " --"ipset. " -+"visível aqui. As entradas devem ser atendidas diretamente pelo comando ipset." -+" " - - #: ../src/firewall-config.glade.h:162 - msgid "Add" -@@ -1818,7 +1822,7 @@ msgstr "Zona Padrão:" - - #: ../src/firewall-config.glade.h:222 - msgid "Please enter an interface name:" --msgstr "Por favor, insira um nome de interface:" -+msgstr "Inserir nome da interface:" - - #: ../src/firewall-config.glade.h:223 - msgid "Base IPSet Settings" -@@ -1862,7 +1866,7 @@ msgstr "Por favor, selecione um ipset:" - - #: ../src/firewall-config.glade.h:234 - msgid "Please enter an ipset entry:" --msgstr "Por favor, insira uma entrada ipset:" -+msgstr "Inserir entrada ipset:" - - #: ../src/firewall-config.glade.h:235 - msgid "Log Denied" -@@ -1975,8 +1979,8 @@ msgstr "inverso" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" - "Para habilitar isto, o Action precisa estar definido como 'reject' e Family " - "como 'ipv4' ou 'ipv6' (não como ambos)" -@@ -2023,7 +2027,7 @@ msgstr "Por favor selecione um serviço." - - #: ../src/firewall-config.glade.h:297 - msgid "Please enter a source." --msgstr "Por favor, insira uma fonte." -+msgstr "Insira uma origem." - - #: ../src/firewall-config.glade.h:298 - msgid "User ID" -diff --git a/po/ru.po b/po/ru.po -index e590fadac8b7..fc55b58d8445 100644 ---- a/po/ru.po -+++ b/po/ru.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # Alexey Kostyuk , 2009 - # Andrew Martynov , 2004-2006,2008 -@@ -16,22 +16,23 @@ - # yuliya , 2016. #zanata - # Igor Gorbounov , 2017. #zanata - # Thomas Woerner , 2017. #zanata -+# Eric Garver , 2018. #zanata - # Igor Gorbounov , 2018. #zanata - msgid "" - msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" --"PO-Revision-Date: 2018-03-05 03:27+0000\n" --"Last-Translator: Igor Gorbounov \n" --"Language-Team: Russian (http://www.transifex.com/projects/p/firewalld/" --"language/ru/)\n" --"Language: ru\n" - "MIME-Version: 1.0\n" - "Content-Type: text/plain; charset=UTF-8\n" - "Content-Transfer-Encoding: 8bit\n" --"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" --"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" -+"PO-Revision-Date: 2018-11-16 08:27+0000\n" -+"Last-Translator: Copied by Zanata \n" -+"Language-Team: Russian (http://www.transifex.com/projects/p/firewalld/" -+"language/ru/)\n" -+"Language: ru\n" -+"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && " -+"n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" - "X-Generator: Zanata 4.6.2\n" - - #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 -@@ -70,7 +71,7 @@ msgstr "Выберите зону для соединения «%s»" - - #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3910 - msgid "Failed to set zone {zone} for connection {connection_name}" --msgstr "" -+msgstr "Не удалось установить зону {zone} для соединения {connection_name}" - - #: ../src/firewall-applet.in:190 - #, c-format -@@ -217,7 +218,8 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" - "Зона '{zone}' активна для соединения '{connection}' на интерфейсе " - "'{interface}'" -@@ -290,7 +292,7 @@ msgstr "Зона «%s» активирована на интерфейсе «%s - - #: ../src/firewall-applet.in:1087 - msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" --msgstr "Зона '{zone}' {activated_deactivated} для источника '{source}' " -+msgstr "Зона '{zone}' {activated_deactivated} для источника '{source}'" - - #: ../src/firewall-applet.in:1111 - #, c-format -@@ -310,6 +312,8 @@ msgid "" - "Failed to connect to firewalld. Please make sure that the service has been " - "started correctly and try again." - msgstr "" -+"Не удалось подключиться к брандмауэру. Проверьте, запущена ли служба, и " -+"повторите попытку." - - #: ../src/firewall-config.in:95 - msgid "Changes applied." -@@ -351,23 +355,23 @@ msgstr "Пользователь" - - #: ../src/firewall-config.in:244 - msgid "User id" --msgstr "" -+msgstr "ИД пользователя" - - #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 - msgid "Table" --msgstr "" -+msgstr "Таблица" - - #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 - msgid "Chain" --msgstr "" -+msgstr "Цепочка" - - #: ../src/firewall-config.in:322 - msgid "Priority" --msgstr "" -+msgstr "Приоритет" - - #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 - msgid "Args" --msgstr "" -+msgstr "Аргументы" - - #: ../src/firewall-config.in:401 ../src/firewall-config.in:2329 - msgid "Runtime" -@@ -449,7 +453,7 @@ msgstr "Интерфейс" - - #: ../src/firewall-config.in:936 - msgid "Comment" --msgstr "" -+msgstr "Комментарий" - - #: ../src/firewall-config.in:955 ../src/firewall-config.glade.h:27 - msgid "Source" -@@ -525,7 +529,7 @@ msgstr "блокирование icmp" - #: ../src/firewall-config.in:3348 ../src/firewall-config.in:3658 - #: ../src/firewall-config.glade.h:288 - msgid "icmp-type" --msgstr "" -+msgstr "Тип ICMP" - - #: ../src/firewall-config.in:2075 ../src/firewall-config.in:3182 - #: ../src/firewall-config.in:3350 ../src/firewall-config.in:3661 -@@ -660,8 +664,7 @@ msgstr "ipv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" - "Переадресация в другую систему поможет только при маскировании интерфейса.\n" -@@ -1057,7 +1060,7 @@ msgstr "_Справка" - - #: ../src/firewall-config.glade.h:82 - msgid "Change Zone" --msgstr "" -+msgstr "Изменить зону" - - #: ../src/firewall-config.glade.h:83 - msgid "Change zone of binding" -@@ -1230,7 +1233,7 @@ msgstr "" - - #: ../src/firewall-config.glade.h:113 - msgid "Add Forward Port" --msgstr "Добавить перенаправляемый порт " -+msgstr "Добавить перенаправляемый порт" - - #: ../src/firewall-config.glade.h:114 - msgid "Edit Forward Port" -@@ -1433,7 +1436,7 @@ msgid "" - "example IP addresses, port numbers or MAC addresses. " - msgstr "" - "IPSet позволяет настроить «белые» и «черные» списки, а также сохранить IP, " --"MAC-адреса, а также номера портов." -+"MAC-адреса, а также номера портов. " - - #: ../src/firewall-config.glade.h:155 - msgid "IPSet" -@@ -1538,7 +1541,8 @@ msgstr "" - - #: ../src/firewall-config.glade.h:174 - msgid "Define ports or port ranges, which are monitored by the helper." --msgstr "Добавьте порты или диапазоны портов, контролируемые модулем поддержки." -+msgstr "" -+"Добавьте порты или диапазоны портов, контролируемые модулем поддержки." - - #: ../src/firewall-config.glade.h:175 - msgid "" -@@ -1781,7 +1785,7 @@ msgstr "Зона по умолчанию:" - - #: ../src/firewall-config.glade.h:222 - msgid "Please enter an interface name:" --msgstr "" -+msgstr "Укажите название интерфейса:" - - #: ../src/firewall-config.glade.h:223 - msgid "Base IPSet Settings" -@@ -1825,7 +1829,7 @@ msgstr "Выберите ipset:" - - #: ../src/firewall-config.glade.h:234 - msgid "Please enter an ipset entry:" --msgstr "" -+msgstr "Укажите запись IPSet:" - - #: ../src/firewall-config.glade.h:235 - msgid "Log Denied" -@@ -1935,8 +1939,8 @@ msgstr "инверсия" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" - "Чтобы разрешить, поле «Действие» должно иметь значение «отказать», а " - "«Семейство протоколов» — «ipv4» или «ipv6»." -@@ -1983,7 +1987,7 @@ msgstr "Выберите службу." - - #: ../src/firewall-config.glade.h:297 - msgid "Please enter a source." --msgstr "" -+msgstr "Укажите источник." - - #: ../src/firewall-config.glade.h:298 - msgid "User ID" -diff --git a/po/sk.po b/po/sk.po -index d1a1a73f3205..8ba479ddbc41 100644 ---- a/po/sk.po -+++ b/po/sk.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # Dušan Kazik , 2012-2013 - # Marcel Telka , 2004 -@@ -15,14 +15,14 @@ msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=UTF-8\n" -+"Content-Transfer-Encoding: 8bit\n" - "PO-Revision-Date: 2018-08-13 06:16+0000\n" - "Last-Translator: feonsu \n" - "Language-Team: Slovak (http://www.transifex.com/projects/p/firewalld/" - "language/sk/)\n" - "Language: sk\n" --"MIME-Version: 1.0\n" --"Content-Type: text/plain; charset=UTF-8\n" --"Content-Transfer-Encoding: 8bit\n" - "Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -207,7 +207,8 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" - "Zóna '{zone}' je aktívna pre pripojenie '{connection}' na rozhraní " - "'{interface}'" -@@ -652,8 +653,7 @@ msgstr "ipv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" - "Preposielanie na iný systém je užitočné len ak je na rozhraní maškaráda. \n" -@@ -1660,6 +1660,7 @@ msgid "" - msgstr "" - "Kontext je kontext zabezpečenia (SELinux) bežiacej aplikácie alebo služby. " - "Ak chcete zistiť kontext bežiacej aplikácie použite ps -e --context." -+"" - - #: ../src/firewall-config.glade.h:196 - msgid "Add Context" -@@ -1929,8 +1930,8 @@ msgstr "invertované" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" - "Ak chcete toto povoliť, akcia musí byť 'reject' a rodina buď 'ipv4' alebo " - "'ipv6' (nie obe)." -diff --git a/po/sq.po b/po/sq.po -index a36f50f0b779..f02470c19a04 100644 ---- a/po/sq.po -+++ b/po/sq.po -@@ -5,13 +5,13 @@ msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=UTF-8\n" -+"Content-Transfer-Encoding: 8bit\n" - "PO-Revision-Date: 2017-04-20 11:49+0000\n" - "Last-Translator: Sidorela Uku \n" - "Language-Team: Albanian\n" - "Language: sq\n" --"MIME-Version: 1.0\n" --"Content-Type: text/plain; charset=UTF-8\n" --"Content-Transfer-Encoding: 8bit\n" - "X-Generator: Zanata 4.6.2\n" - "Plural-Forms: nplurals=2; plural=(n != 1)\n" - -@@ -192,7 +192,8 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" - - #: ../src/firewall-applet.in:892 -@@ -629,8 +630,7 @@ msgstr "ipv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" - -@@ -1798,8 +1798,8 @@ msgstr "" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" - - #: ../src/firewall-config.glade.h:267 -diff --git a/po/sr.po b/po/sr.po -index 86f89b35eeb1..a7ccc20a302a 100644 ---- a/po/sr.po -+++ b/po/sr.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # Igor Miletic , 2008 - # Miloš Komarčević , 2005 -@@ -13,16 +13,16 @@ msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=UTF-8\n" -+"Content-Transfer-Encoding: 8bit\n" - "PO-Revision-Date: 2016-01-04 12:42+0000\n" - "Last-Translator: Momcilo Medic \n" - "Language-Team: Serbian (http://www.transifex.com/projects/p/firewalld/" - "language/sr/)\n" - "Language: sr\n" --"MIME-Version: 1.0\n" --"Content-Type: text/plain; charset=UTF-8\n" --"Content-Transfer-Encoding: 8bit\n" --"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" --"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" -+"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && " -+"n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" - "X-Generator: Zanata 4.6.2\n" - - #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 -@@ -205,7 +205,8 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" - "Зона '{zone}' је активна за везу '{connection}' на интерфејсу '{interface}'" - -@@ -645,8 +646,7 @@ msgstr "ipv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" - "Преусмеравање на други систем је корисно само ако је интерфејс маскиран.\n" -@@ -1224,6 +1224,7 @@ msgstr "" - "Протокол за контролисање интернет порука (ICMP — Internet Control Message " - "Protocol) се углавном користи за слање порука о грешкама између умрежених " - "рачунара, али и додатно за информативне поруке попут пинг захтева и одговора." -+"" - - #: ../src/firewall-config.glade.h:117 - msgid "" -@@ -1884,11 +1885,11 @@ msgstr "обрнуто" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" --"Да омогућите ово Акција мора бити 'одбиј' и Породица или 'ipv4' или " --"'ipv6' (не оба)." -+"Да омогућите ово Акција мора бити 'одбиј' и Породица или 'ipv4' или 'ipv6' " -+"(не оба)." - - #: ../src/firewall-config.glade.h:267 - msgid "with Type:" -diff --git a/po/sr@latin.po b/po/sr@latin.po -index 3ef5a849f3e8..5cdc16cfd19b 100644 ---- a/po/sr@latin.po -+++ b/po/sr@latin.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # Igor Miletic , 2008 - # Miloš Komarčević , 2005 -@@ -11,16 +11,16 @@ msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" --"PO-Revision-Date: 2015-02-26 03:03+0000\n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=UTF-8\n" -+"Content-Transfer-Encoding: 8bit\n" -+"PO-Revision-Date: 2015-02-26 10:03+0000\n" - "Last-Translator: Copied by Zanata \n" - "Language-Team: Serbian (Latin) (http://www.transifex.com/projects/p/" - "firewalld/language/sr@latin/)\n" - "Language: sr@latin\n" --"MIME-Version: 1.0\n" --"Content-Type: text/plain; charset=UTF-8\n" --"Content-Transfer-Encoding: 8bit\n" --"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" --"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" -+"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && " -+"n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" - "X-Generator: Zanata 4.6.2\n" - - #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 -@@ -200,7 +200,8 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" - - #: ../src/firewall-applet.in:892 -@@ -637,8 +638,7 @@ msgstr "" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" - -@@ -1194,6 +1194,7 @@ msgstr "" - "Protokol za kontrolisanje internet poruka (ICMP — Internet Control Message " - "Protocol) se uglavnom koristi za slanje poruka o greškama između umreženih " - "računara, ali i dodatno za informativne poruke poput ping zahteva i odgovora." -+"" - - #: ../src/firewall-config.glade.h:117 - msgid "" -@@ -1821,8 +1822,8 @@ msgstr "" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" - - #: ../src/firewall-config.glade.h:267 -diff --git a/po/sv.po b/po/sv.po -index 2556dc57e436..39d8df8ecf69 100644 ---- a/po/sv.po -+++ b/po/sv.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # denka , 2014 - # denka , 2014 -@@ -9,20 +9,21 @@ - # Göran Uddeborg , 2015. #zanata - # Göran Uddeborg , 2016. #zanata - # Göran Uddeborg , 2017. #zanata -+# Eric Garver , 2018. #zanata - # Göran Uddeborg , 2018. #zanata - msgid "" - msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" --"PO-Revision-Date: 2018-08-15 08:04+0000\n" --"Last-Translator: Göran Uddeborg \n" --"Language-Team: Swedish (http://www.transifex.com/projects/p/firewalld/" --"language/sv/)\n" --"Language: sv\n" - "MIME-Version: 1.0\n" - "Content-Type: text/plain; charset=UTF-8\n" - "Content-Transfer-Encoding: 8bit\n" -+"PO-Revision-Date: 2018-11-16 08:28+0000\n" -+"Last-Translator: Copied by Zanata \n" -+"Language-Team: Swedish (http://www.transifex.com/projects/p/firewalld/" -+"language/sv/)\n" -+"Language: sv\n" - "Plural-Forms: nplurals=2; plural=(n != 1);\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -209,7 +210,8 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" - "Zonen ”{zone}” aktiv för anslutningen ”{connection}” på gränssnittet " - "”{interface}”" -@@ -302,8 +304,8 @@ msgid "" - "Failed to connect to firewalld. Please make sure that the service has been " - "started correctly and try again." - msgstr "" --"Misslyckades att ansluta till firewalld. Se till att tjänsten har kommit " --"igång som den skall och försök igen." -+"Det gick inte att ansluta till brandväggen. Kontrollera att tjänsten har " -+"startats korrekt och försök igen." - - #: ../src/firewall-config.in:95 - msgid "Changes applied." -@@ -345,7 +347,7 @@ msgstr "Användarnamn" - - #: ../src/firewall-config.in:244 - msgid "User id" --msgstr "Användar-id" -+msgstr "Användar-ID" - - #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 - msgid "Table" -@@ -443,7 +445,7 @@ msgstr "Gränssnitt" - - #: ../src/firewall-config.in:936 - msgid "Comment" --msgstr "Kommentera" -+msgstr "Kommentar" - - #: ../src/firewall-config.in:955 ../src/firewall-config.glade.h:27 - msgid "Source" -@@ -654,8 +656,7 @@ msgstr "ipv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" - "Vidarebefordran till ett annat system är endast användbart om gränssnittet " -@@ -1050,7 +1051,7 @@ msgstr "_Hjälp" - - #: ../src/firewall-config.glade.h:82 - msgid "Change Zone" --msgstr "Byt zon" -+msgstr "Ändra zon" - - #: ../src/firewall-config.glade.h:83 - msgid "Change zone of binding" -@@ -1431,7 +1432,7 @@ msgid "" - "example IP addresses, port numbers or MAC addresses. " - msgstr "" - "En IPMängd kan användas för att skapa vit- eller svartlistningar och kan " --"lagra till exempel IP-adresser, portnummer eller MAC-adresser." -+"lagra till exempel IP-adresser, portnummer eller MAC-adresser. " - - #: ../src/firewall-config.glade.h:155 - msgid "IPSet" -@@ -1486,6 +1487,7 @@ msgid "" - "IPSets can only be created or deleted in the permanent configuration view." - msgstr "" - "IPMängder kan endast skapas eller tas bort i vyn med permanent konfiguration." -+"" - - #: ../src/firewall-config.glade.h:166 - msgid "" -@@ -1785,7 +1787,7 @@ msgstr "Standardzon:" - - #: ../src/firewall-config.glade.h:222 - msgid "Please enter an interface name:" --msgstr "Ange ett gränssnittsnamn:" -+msgstr "Ange ett namn för gränssnittet:" - - #: ../src/firewall-config.glade.h:223 - msgid "Base IPSet Settings" -@@ -1829,7 +1831,7 @@ msgstr "Välj en ipmängd:" - - #: ../src/firewall-config.glade.h:234 - msgid "Please enter an ipset entry:" --msgstr "Ange en ipmängdpost:" -+msgstr "Ange en ipset-post:" - - #: ../src/firewall-config.glade.h:235 - msgid "Log Denied" -@@ -1938,8 +1940,8 @@ msgstr "inverterad" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" - "För att aktivera detta måste Åtgärd vara ”avvisa” och Familj antingen ”ipv4” " - "eller ”ipv6” (inte båda)." -diff --git a/po/ta.po b/po/ta.po -index 29d47a06e76c..3f8debb7f1f1 100644 ---- a/po/ta.po -+++ b/po/ta.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # Felix , 2006-2007 - # I felix , 2007 -@@ -17,14 +17,14 @@ msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" --"PO-Revision-Date: 2015-02-26 03:04+0000\n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=UTF-8\n" -+"Content-Transfer-Encoding: 8bit\n" -+"PO-Revision-Date: 2015-02-26 10:04+0000\n" - "Last-Translator: Copied by Zanata \n" - "Language-Team: Tamil (http://www.transifex.com/projects/p/firewalld/language/" - "ta/)\n" - "Language: ta\n" --"MIME-Version: 1.0\n" --"Content-Type: text/plain; charset=UTF-8\n" --"Content-Transfer-Encoding: 8bit\n" - "Plural-Forms: nplurals=2; plural=(n != 1);\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -78,16 +78,17 @@ msgstr "ஷீல்டுகள் மேலே/கீழே மண்டலங - #: ../src/firewall-applet.in:220 - msgid "Here you can select the zones used for Shields Up and Shields Down." - msgstr "" --"இங்கு நீங்கள் ஷீல்டுகள் மேலே மற்றும் ஷீல்டுகள் கீழே என்பவற்றுக்குப் பயன்படும் மண்டலங்களைத் " --"தேர்ந்தெடுக்கலாம்." -+"இங்கு நீங்கள் ஷீல்டுகள் மேலே மற்றும் ஷீல்டுகள் கீழே என்பவற்றுக்குப் " -+"பயன்படும் மண்டலங்களைத் தேர்ந்தெடுக்கலாம்." - - #: ../src/firewall-applet.in:226 - msgid "" - "This feature is useful for people using the default zones mostly. For users, " - "that are changing zones of connections, it might be of limited use." - msgstr "" --"இந்த அம்சம் பெரும்பாலும் முன்னிருப்பு மண்டலங்களைப் பயன்படுத்தும் நபர்களுக்குப் பயனுள்ளது. " --"இணைப்புகளின் மண்டலங்களை மாற்றும் பயனர்களுக்கு இது வரம்புக்குட்பட்ட பயனுள்ளதாக இருக்கும்." -+"இந்த அம்சம் பெரும்பாலும் முன்னிருப்பு மண்டலங்களைப் பயன்படுத்தும் " -+"நபர்களுக்குப் பயனுள்ளது. இணைப்புகளின் மண்டலங்களை மாற்றும் பயனர்களுக்கு இது " -+"வரம்புக்குட்பட்ட பயனுள்ளதாக இருக்கும்." - - #: ../src/firewall-applet.in:235 - msgid "Shields Up Zone:" -@@ -209,9 +210,11 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" --"இடைமுகம் '{interface}' இல் உள்ள இணைப்பு '{connection}' க்கு மண்டலம் '{zone}' செயலில் " -+"இடைமுகம் '{interface}' இல் உள்ள இணைப்பு '{connection}' க்கு மண்டலம் '{zone}' " -+"செயலில் " - - #: ../src/firewall-applet.in:892 - msgid "Zone '{zone}' active for interface '{interface}'" -@@ -649,12 +652,11 @@ msgstr "ipv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" --"இடைமுகம் போலித்தோற்றமாக்கப்பட்டிருந்தால் மட்டுமே மற்றொரு கணினிக்கு முன்னனுப்புதல் என்பது " --"பயனுள்ளதாக இருக்கும்.\n" -+"இடைமுகம் போலித்தோற்றமாக்கப்பட்டிருந்தால் மட்டுமே மற்றொரு கணினிக்கு " -+"முன்னனுப்புதல் என்பது பயனுள்ளதாக இருக்கும்.\n" - "இந்த மண்டலத்தை போலித்தோற்றமாக்க வேண்டுமா ?" - - #: ../src/firewall-config.in:5376 -@@ -759,7 +761,8 @@ msgstr "சூழலை உள்ளிடவும்." - - #: ../src/firewall-config.glade.h:9 - msgid "Please select default zone from the list below." --msgstr "கீழே உள்ள பட்டியலில் இருந்து முன்னிருப்பு மண்டலத்தைத் தேர்ந்தெடுக்கவும்." -+msgstr "" -+"கீழே உள்ள பட்டியலில் இருந்து முன்னிருப்பு மண்டலத்தைத் தேர்ந்தெடுக்கவும்." - - #: ../src/firewall-config.glade.h:10 - msgid "Direct Chain" -@@ -839,8 +842,8 @@ msgid "" - "If you enable local forwarding, you have to specify a port. This port has to " - "be different to the source port." - msgstr "" --"நீங்கள் உள்ளமை முன்னனுப்புதலை செயல்படுத்தினால், நீங்கள் ஒரு துறையை குறிப்பிட வேண்டும். இந்த " --"துறை மூல துறைக்கு வேறாக இருக்கும்." -+"நீங்கள் உள்ளமை முன்னனுப்புதலை செயல்படுத்தினால், நீங்கள் ஒரு துறையை குறிப்பிட " -+"வேண்டும். இந்த துறை மூல துறைக்கு வேறாக இருக்கும்." - - #: ../src/firewall-config.glade.h:30 - msgid "Local forwarding" -@@ -948,9 +951,10 @@ msgid "" - "runtime configuration. i.e. all runtime only changes done until reload are " - "lost with reload if they have not been also in permanent configuration." - msgstr "" --"ஃபயர்வால் விதிகளை மீளேற்றும். நடப்பு நிரந்தர அமைவாக்கம் புதிய நிகழ் நேர அமைவாக்கமாக " --"மாறும். அதாவது, மீளேற்றம் வரை செய்த நிகழ் நேரத்திற்கு மட்டுமான மாற்றங்கள் அனைத்தும், அவை " --"நிரந்தர அமைவாக்கத்திலும் இல்லாமல் இருந்தால், மீளேற்றும் போது இழக்கப்படும்." -+"ஃபயர்வால் விதிகளை மீளேற்றும். நடப்பு நிரந்தர அமைவாக்கம் புதிய நிகழ் நேர " -+"அமைவாக்கமாக மாறும். அதாவது, மீளேற்றம் வரை செய்த நிகழ் நேரத்திற்கு மட்டுமான " -+"மாற்றங்கள் அனைத்தும், அவை நிரந்தர அமைவாக்கத்திலும் இல்லாமல் இருந்தால், " -+"மீளேற்றும் போது இழக்கப்படும்." - - #: ../src/firewall-config.glade.h:60 - msgid "Change which zone a network connection belongs to." -@@ -983,8 +987,8 @@ msgstr "" - #: ../src/firewall-config.glade.h:68 - msgid "Panic mode means that all incoming and outgoing packets are dropped." - msgstr "" --"பேனிக் பயன்முறை என்பது, உள்வரும் மற்றும் வெளிச்செல்லும் சிப்பங்கள் அனைத்தும் கைவிடப்பட்டன " --"என்பதைக் குறிக்கிறது." -+"பேனிக் பயன்முறை என்பது, உள்வரும் மற்றும் வெளிச்செல்லும் சிப்பங்கள் அனைத்தும் " -+"கைவிடப்பட்டன என்பதைக் குறிக்கிறது." - - #: ../src/firewall-config.glade.h:69 - msgid "Panic Mode" -@@ -995,8 +999,8 @@ msgid "" - "Lockdown locks firewall configuration so that only applications on lockdown " - "whitelist are able to change it." - msgstr "" --"லாக்டவுன் என்பது ஃபயர்வால் அமைவாக்கத்தைப் பூட்டும், இதனால் லாக்டவுன் வெண்பட்டியலில் உள்ள " --"பயன்பாடுகள் மட்டுமே இதை மாற்ற முடியும்." -+"லாக்டவுன் என்பது ஃபயர்வால் அமைவாக்கத்தைப் பூட்டும், இதனால் லாக்டவுன் " -+"வெண்பட்டியலில் உள்ள பயன்பாடுகள் மட்டுமே இதை மாற்ற முடியும்." - - #: ../src/firewall-config.glade.h:71 - msgid "Lockdown" -@@ -1071,8 +1075,8 @@ msgid "" - "system reload or restart." - msgstr "" - "தற்போது புலனாகும் அமைவாக்கம். நிகழ்நேர அமைவாக்கமானது உண்மையில் செயலில் உள்ள " --"அமைவாக்கமாகும். சேவை அல்லது கணினி மீளேற்றியதும் அல்லது மறுதொடக்கப்பட்டதும் நிரந்த " --"அமைவாக்கம் செயலாகும்." -+"அமைவாக்கமாகும். சேவை அல்லது கணினி மீளேற்றியதும் அல்லது மறுதொடக்கப்பட்டதும் " -+"நிரந்த அமைவாக்கம் செயலாகும்." - - #: ../src/firewall-config.glade.h:88 - msgid "" -@@ -1082,11 +1086,11 @@ msgid "" - "filters and rich rules. The zone can be bound to interfaces and source " - "addresses." - msgstr "" --"ஒரு firewalld மண்டலமானது அந்த மண்டலத்துக்குரிய பிணைய இணைப்புகள், இடைமுகங்கள் மற்றும் " --"மூல முகவரிகளின் நம்பகத்தன்மையின் நிலையை வரையறுக்கிறது. மண்டலமானது சேவைகள், முனையங்கள், " --"நெறிமுறைகள், masquerading, முனையம்/பேக்கெட் பகிர்தல், icmp வடிகட்டிகள் மற்றும் உயர் " --"விதிகள் ஆகியவற்றை உள்ளடக்கியது. மண்டலமானது இடைமுகங்கள் மற்றும் மூல முகவரிகளுக்கு " --"கட்டுப்பட்டவையாக இருக்கலாம்." -+"ஒரு firewalld மண்டலமானது அந்த மண்டலத்துக்குரிய பிணைய இணைப்புகள், இடைமுகங்கள் " -+"மற்றும் மூல முகவரிகளின் நம்பகத்தன்மையின் நிலையை வரையறுக்கிறது. மண்டலமானது " -+"சேவைகள், முனையங்கள், நெறிமுறைகள், masquerading, முனையம்/பேக்கெட் பகிர்தல், " -+"icmp வடிகட்டிகள் மற்றும் உயர் விதிகள் ஆகியவற்றை உள்ளடக்கியது. மண்டலமானது " -+"இடைமுகங்கள் மற்றும் மூல முகவரிகளுக்கு கட்டுப்பட்டவையாக இருக்கலாம்." - - #: ../src/firewall-config.glade.h:90 - msgid "Add Zone" -@@ -1110,9 +1114,10 @@ msgid "" - "are accessible from all hosts and networks that can reach the machine from " - "connections, interfaces and sources bound to this zone." - msgstr "" --"இங்கு மண்டலத்தில் எந்த சேவைகளை நம்பலாம் என நீங்கள் குறிப்பிடலாம். நம்பப்பட்ட சேவைகள் இந்த " --"மண்டலத்துக்குரிய இணைப்புகள், இடைமுகங்கள் மற்றும் மூலங்களிலிருந்து கணினியை அணுகக்கூடிய " --"அனைத்து புரவலன்கள் மற்றும் பிணையங்களிலிருந்து அணுகப்பட முடியும்." -+"இங்கு மண்டலத்தில் எந்த சேவைகளை நம்பலாம் என நீங்கள் குறிப்பிடலாம். நம்பப்பட்ட " -+"சேவைகள் இந்த மண்டலத்துக்குரிய இணைப்புகள், இடைமுகங்கள் மற்றும் " -+"மூலங்களிலிருந்து கணினியை அணுகக்கூடிய அனைத்து புரவலன்கள் மற்றும் " -+"பிணையங்களிலிருந்து அணுகப்பட முடியும்." - - #: ../src/firewall-config.glade.h:95 - msgid "Services" -@@ -1123,8 +1128,9 @@ msgid "" - "Add additional ports or port ranges, which need to be accessible for all " - "hosts or networks that can connect to the machine." - msgstr "" --"கணினியுடன் இணைக்க முடிகின்ற அனைத்து வழங்கிகள் அல்லது பிணையங்களுக்கும் அணுகக்கூடியதாக " --"இருக்க வேண்டிய கூடுதல் முனையங்கள் அல்லது முனைய வரம்புகளைச் சேர்க்கவும்." -+"கணினியுடன் இணைக்க முடிகின்ற அனைத்து வழங்கிகள் அல்லது பிணையங்களுக்கும் " -+"அணுகக்கூடியதாக இருக்க வேண்டிய கூடுதல் முனையங்கள் அல்லது முனைய வரம்புகளைச் " -+"சேர்க்கவும்." - - #: ../src/firewall-config.glade.h:97 - msgid "Add Port" -@@ -1178,9 +1184,10 @@ msgid "" - "network to the internet. Your local network will not be visible and the " - "hosts appear as a single address on the internet. Masquerading is IPv4 only." - msgstr "" --"Masquerading உங்களை ஒரு புரவலன் அல்லது ரௌட்டரை அமைக்கிறது, இது இணையத்தில் உங்கள் " --"உள்ளமை பிணையத்தில் இணைக்கிறது. உங்கள் உள்ளமை பிணையம் தெரியாது மற்றும் புரவலன்கள் ஒரு " --"ஒற்றை முகவரியில் இணையத்தில் தோன்றும் Masquerading IPv4 மட்டுமே." -+"Masquerading உங்களை ஒரு புரவலன் அல்லது ரௌட்டரை அமைக்கிறது, இது இணையத்தில் " -+"உங்கள் உள்ளமை பிணையத்தில் இணைக்கிறது. உங்கள் உள்ளமை பிணையம் தெரியாது மற்றும் " -+"புரவலன்கள் ஒரு ஒற்றை முகவரியில் இணையத்தில் தோன்றும் Masquerading IPv4 " -+"மட்டுமே." - - #: ../src/firewall-config.glade.h:109 - msgid "Masquerade zone" -@@ -1191,8 +1198,8 @@ msgid "" - "If you enable masquerading, IP forwarding will be enabled for your IPv4 " - "networks." - msgstr "" --"நீங்கள் masquerading ஐ செயல்படுத்தினால், உங்கள் IPv4 பிணையங்களுக்கு IP முன்னனுப்புதலும் " --"செயல்படுத்தப்படும்." -+"நீங்கள் masquerading ஐ செயல்படுத்தினால், உங்கள் IPv4 பிணையங்களுக்கு IP " -+"முன்னனுப்புதலும் செயல்படுத்தப்படும்." - - #: ../src/firewall-config.glade.h:111 - msgid "Masquerading" -@@ -1206,8 +1213,8 @@ msgid "" - "IPv4 only." - msgstr "" - "உள்ளீடுகளை சேர்க்க ஒரு துறையிலிருந்து மற்றொன்றிற்கு உள்ளமை கணினி அல்லது வேறு " --"கணினியிலிருந்த சேர்க்கவும். வேறு கணினியை முன்னனுப்புவது முகப்பு சரியாக இருந்தால் " --"மட்டுமே பயனாக இருக்கும். துறை முன்னனுப்புதல் IPv4 இல் மட்டும்." -+"கணினியிலிருந்த சேர்க்கவும். வேறு கணினியை முன்னனுப்புவது முகப்பு சரியாக " -+"இருந்தால் மட்டுமே பயனாக இருக்கும். துறை முன்னனுப்புதல் IPv4 இல் மட்டும்." - - #: ../src/firewall-config.glade.h:113 - msgid "Add Forward Port" -@@ -1228,16 +1235,17 @@ msgid "" - "messages like ping requests and replies." - msgstr "" - "Internet Control Message Protocol (ICMP) என்பது முக்கியமாக பயன்படுத்தப்படும் " --"பிணையப்பட்ட கணினிகளுக்கிடையே அனுப்பப்படும் பிழை செய்திகள் ஆனால் கூடுதலாக தகவல் " --"செய்திகளே வருகிறது." -+"பிணையப்பட்ட கணினிகளுக்கிடையே அனுப்பப்படும் பிழை செய்திகள் ஆனால் கூடுதலாக " -+"தகவல் செய்திகளே வருகிறது." - - #: ../src/firewall-config.glade.h:117 - msgid "" - "Mark the ICMP types in the list, which should be rejected. All other ICMP " - "types are allowed to pass the firewall. The default is no limitation." - msgstr "" --"பட்டியலில் ICMP வகைகளை குறிக்கவும், அது நிராகரிக்கப்பட வேண்டும். மற்ற அனைத்து ICMP " --"வகைகளும் ஃபயர்வாலின் வழியாக செல்லும். முன்னிருப்புக்கு வரம்பு இல்லை." -+"பட்டியலில் ICMP வகைகளை குறிக்கவும், அது நிராகரிக்கப்பட வேண்டும். மற்ற " -+"அனைத்து ICMP வகைகளும் ஃபயர்வாலின் வழியாக செல்லும். முன்னிருப்புக்கு வரம்பு " -+"இல்லை." - - #: ../src/firewall-config.glade.h:118 - msgid "" -@@ -1278,8 +1286,9 @@ msgid "" - "Add entries to bind interfaces to the zone. If the interface will be used by " - "a connection, the zone will be set to the zone specified in the connection." - msgstr "" --"மண்டலத்திற்கு இடைமுகங்களைப் பிணைக்க உள்ளீடுகளைச் சேர்க்கவும். இடைமுகம் ஒரு இணைப்பால் " --"பயன்படுத்தப்படும் எனில், மண்டலமானது இணைப்பில் குறிப்பிடப்பட்ட மண்டலமாக அமைக்கப்படும்." -+"மண்டலத்திற்கு இடைமுகங்களைப் பிணைக்க உள்ளீடுகளைச் சேர்க்கவும். இடைமுகம் ஒரு " -+"இணைப்பால் பயன்படுத்தப்படும் எனில், மண்டலமானது இணைப்பில் குறிப்பிடப்பட்ட " -+"மண்டலமாக அமைக்கப்படும்." - - #: ../src/firewall-config.glade.h:127 - msgid "Add Interface" -@@ -1321,8 +1330,8 @@ msgid "" - "A firewalld service is a combination of ports, protocols, modules and " - "destination addresses." - msgstr "" --"ஒரு firewalld சேவையானது முனையங்கள், நெறிமுறைகள், தொகுதிக்கூறுகள் மற்றும் இலக்கு " --"முகவரிகள் ஆகியவற்றின் சேர்க்கையாகும்." -+"ஒரு firewalld சேவையானது முனையங்கள், நெறிமுறைகள், தொகுதிக்கூறுகள் மற்றும் " -+"இலக்கு முகவரிகள் ஆகியவற்றின் சேர்க்கையாகும்." - - #: ../src/firewall-config.glade.h:139 - msgid "Add Service" -@@ -1378,9 +1387,9 @@ msgid "" - "the destination address and type. If both entries are empty, there is no " - "limitation." - msgstr "" --"நீங்கள் இலக்கு முகவரிகளைக் குறிப்பிட்டால், சேவையின் நுழைவானது அந்த இலக்கு முகவரி மற்றும் " --"வகைக்கு மட்டும் என வரம்புடையதாக இருக்கும். இரண்டு உள்ளீடுகளும் காலியாக இருந்தால் வரம்பு " --"ஏதும் இல்லை." -+"நீங்கள் இலக்கு முகவரிகளைக் குறிப்பிட்டால், சேவையின் நுழைவானது அந்த இலக்கு " -+"முகவரி மற்றும் வகைக்கு மட்டும் என வரம்புடையதாக இருக்கும். இரண்டு " -+"உள்ளீடுகளும் காலியாக இருந்தால் வரம்பு ஏதும் இல்லை." - - #: ../src/firewall-config.glade.h:151 - msgid "IPv4:" -@@ -1395,8 +1404,8 @@ msgid "" - "Services can only be changed in the permanent configuration view. The " - "runtime configuration of services is fixed." - msgstr "" --"சேவைகளை நிரந்தர அமைவாக்கக் காட்சியில் மட்டுமே மாற்ற முடியும். சேவைகளின் நிகழ்நேர " --"அமைவாக்கம் நிலையானது. " -+"சேவைகளை நிரந்தர அமைவாக்கக் காட்சியில் மட்டுமே மாற்ற முடியும். சேவைகளின் " -+"நிகழ்நேர அமைவாக்கம் நிலையானது. " - - #: ../src/firewall-config.glade.h:154 - msgid "" -@@ -1456,8 +1465,8 @@ msgid "" - "A firewalld icmptype provides the information for an Internet Control " - "Message Protocol (ICMP) type for firewalld." - msgstr "" --"firewalld icmptype ஆனது firewalld இன் இணைய கட்டுப்பாட்டு செய்தி நெறிமுறைக்கான " --"(ICMP) தகவலை வழங்குகிறது." -+"firewalld icmptype ஆனது firewalld இன் இணைய கட்டுப்பாட்டு செய்தி " -+"நெறிமுறைக்கான (ICMP) தகவலை வழங்குகிறது." - - #: ../src/firewall-config.glade.h:167 - msgid "Add ICMP Type" -@@ -1477,15 +1486,17 @@ msgstr "ICMP வகை முன்னிருப்பு மதிப்ப - - #: ../src/firewall-config.glade.h:171 - msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." --msgstr "இந்த ICMP வகை IPv4 மற்றும்/அல்லது IPv6 க்குக் கிடைக்குமா என்பதைக் குறிப்பிடவும்." -+msgstr "" -+"இந்த ICMP வகை IPv4 மற்றும்/அல்லது IPv6 க்குக் கிடைக்குமா என்பதைக் " -+"குறிப்பிடவும்." - - #: ../src/firewall-config.glade.h:172 - msgid "" - "ICMP Types can only be changed in the permanent configuration view. The " - "runtime configuration of ICMP Types is fixed." - msgstr "" --"ICMP வகைகளை நிரந்தர அமைவாக்கக் காட்சியில் மட்டுமே மாற்றச் முடியும். ICMP வகைகளின் " --"நிகழ்நேர அமைவாக்கம் நிலையானது." -+"ICMP வகைகளை நிரந்தர அமைவாக்கக் காட்சியில் மட்டுமே மாற்றச் முடியும். ICMP " -+"வகைகளின் நிகழ்நேர அமைவாக்கம் நிலையானது." - - #: ../src/firewall-config.glade.h:173 - msgid "" -@@ -1507,10 +1518,11 @@ msgid "" - "as a last resort when it is not possible to use other firewalld features." - msgstr "" - "நேரடி அமைவாக்கமானது ஃபயர்வாலுக்கான கூடுதல் நேரடி அணுகலைக் கொடுக்கிறது. இந்த " --"விருப்பங்களைப் பயன்படுத்த, பயனருக்கு அடிப்படை iptables கருத்துகள் தெரிந்திருக்க வேண்டும் " --"அதாவது, அட்டவணைகள், சங்கிலிகள், கட்டளைகள், அளவுருக்கள் மற்றும் இலக்குகள் போன்றவை " --"தெரிந்திருக்க வேண்டும். மற்ற ஃபயர்வால் அம்சங்களை பயன்படுத்த முடியாது போகும் போது கடைசி " --"விருப்பமாகவே நேரடி அமைவாக்கமானது பயன்படுத்தப்பட வேண்டும்." -+"விருப்பங்களைப் பயன்படுத்த, பயனருக்கு அடிப்படை iptables கருத்துகள் " -+"தெரிந்திருக்க வேண்டும் அதாவது, அட்டவணைகள், சங்கிலிகள், கட்டளைகள், " -+"அளவுருக்கள் மற்றும் இலக்குகள் போன்றவை தெரிந்திருக்க வேண்டும். மற்ற ஃபயர்வால் " -+"அம்சங்களை பயன்படுத்த முடியாது போகும் போது கடைசி விருப்பமாகவே நேரடி " -+"அமைவாக்கமானது பயன்படுத்தப்பட வேண்டும்." - - #: ../src/firewall-config.glade.h:176 - msgid "" -@@ -1518,9 +1530,9 @@ msgid "" - "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " - "bridges (ebtables)." - msgstr "" --"ஒவ்வொரு விருப்பத்தின் ipv மதிப்புருவும் ipv4 அல்லது ipv6 அல்லது eb ஆக இருக்க வேண்டும். " --"ipv4 உடன் அது iptables க்காக இருக்கும், ipv6 உடன் ip6tables க்காக இருக்கும், eb உடன் " --"ஈத்தர்நெட் பாலங்களுக்காக (ebtables) இருக்கும்." -+"ஒவ்வொரு விருப்பத்தின் ipv மதிப்புருவும் ipv4 அல்லது ipv6 அல்லது eb ஆக இருக்க " -+"வேண்டும். ipv4 உடன் அது iptables க்காக இருக்கும், ipv6 உடன் ip6tables க்காக " -+"இருக்கும், eb உடன் ஈத்தர்நெட் பாலங்களுக்காக (ebtables) இருக்கும்." - - #: ../src/firewall-config.glade.h:177 - msgid "Additional chains for use with rules." -@@ -1546,8 +1558,8 @@ msgstr "சங்கிலிகள்" - msgid "" - "Add a rule with the arguments args to a chain in a table with a priority." - msgstr "" --"ஒரு அட்டவணையில் உள்ள ஒரு சங்கிலிக்கு மதிப்புருக்களுடன் முன்னுரிமையையுடன் ஒரு விதியைச் " --"சேர்க்கவும்." -+"ஒரு அட்டவணையில் உள்ள ஒரு சங்கிலிக்கு மதிப்புருக்களுடன் முன்னுரிமையையுடன் ஒரு " -+"விதியைச் சேர்க்கவும்." - - #: ../src/firewall-config.glade.h:183 - msgid "" -@@ -1558,12 +1570,13 @@ msgid "" - "after another one, use a low priority for the first and a higher for the " - "following." - msgstr "" --"முன்னுரிமையானது விதிகளை வரிசைப்படுத்தப் பயன்படுகிறது. முன்னுரிமை 0 என்றால், விதியை " --"சங்கிலியின் மேல்மட்டத்தில் சேர்க்கவும் என்று பொருள், முன்னுரிமை அதிகம் எனில் விதியானது " --"சங்கிலியின் கீழ் பகுதிக்குச் செல்லும். ஒரே முன்னுரிமை கொண்ட விதிகள், ஒரே நிலையில் " --"இருக்கும், இந்த விதிகளின் வரிசை நிலையானதாக இருக்காது, மாறக்கூடும். ஒரு விதியானது " --"மற்றொன்றுகுப் பிறகு சேர்க்கப்படுவதை நீங்கள் உறுதிப்படுத்த விரும்பினால், முதல் விதிக்கு " --"குறைந்த முன்னுரிமையையும் அடுத்ததற்கு அதிக முன்னுரிமையையும் பயன்படுத்தவும்." -+"முன்னுரிமையானது விதிகளை வரிசைப்படுத்தப் பயன்படுகிறது. முன்னுரிமை 0 என்றால், " -+"விதியை சங்கிலியின் மேல்மட்டத்தில் சேர்க்கவும் என்று பொருள், முன்னுரிமை " -+"அதிகம் எனில் விதியானது சங்கிலியின் கீழ் பகுதிக்குச் செல்லும். ஒரே முன்னுரிமை " -+"கொண்ட விதிகள், ஒரே நிலையில் இருக்கும், இந்த விதிகளின் வரிசை நிலையானதாக " -+"இருக்காது, மாறக்கூடும். ஒரு விதியானது மற்றொன்றுகுப் பிறகு சேர்க்கப்படுவதை " -+"நீங்கள் உறுதிப்படுத்த விரும்பினால், முதல் விதிக்கு குறைந்த முன்னுரிமையையும் " -+"அடுத்ததற்கு அதிக முன்னுரிமையையும் பயன்படுத்தவும்." - - #: ../src/firewall-config.glade.h:184 - msgid "Add Rule" -@@ -1587,9 +1600,9 @@ msgid "" - "not placed in special chains. All iptables, ip6tables and ebtables options " - "can be used." - msgstr "" --"பாஸ்த்ரூ விதிகள், நேரடியாக ஃபயர்வாலுக்கு அனுப்பப்படுகின்றன, இவை சிறப்பு சங்கிலிகளில் " --"வைக்கப்படுவதில்லை. iptables, ip6tables மற்றும் ebtables விருப்பங்கள் அனைத்தும் " --"பயன்படுத்தப்படலாம்." -+"பாஸ்த்ரூ விதிகள், நேரடியாக ஃபயர்வாலுக்கு அனுப்பப்படுகின்றன, இவை சிறப்பு " -+"சங்கிலிகளில் வைக்கப்படுவதில்லை. iptables, ip6tables மற்றும் ebtables " -+"விருப்பங்கள் அனைத்தும் பயன்படுத்தப்படலாம்." - - #: ../src/firewall-config.glade.h:189 - msgid "Please be careful with passthrough rules to not damage the firewall." -@@ -1617,9 +1630,10 @@ msgid "" - "firewalld. It limits changes to the firewall. The lockdown whitelist can " - "contain commands, contexts, users and user ids." - msgstr "" --"லாக்டவுன் வசதியானது firewalld க்கான பயனர் மற்றும் பயன்பாட்டுக் கொள்கைகளின் லேசான " --"பதிப்பாகும். இது ஃபயர்வாலுக்கான மாற்றங்களை வரம்புக்குட்படுத்துகிறது. லாக்டவுன் " --"வெண்பட்டியலில் கட்டளைகள், சூழல்கள், பயனர்கள் மற்றும் பயனர் idகள் ஆகியவை இருக்கலாம்." -+"லாக்டவுன் வசதியானது firewalld க்கான பயனர் மற்றும் பயன்பாட்டுக் கொள்கைகளின் " -+"லேசான பதிப்பாகும். இது ஃபயர்வாலுக்கான மாற்றங்களை வரம்புக்குட்படுத்துகிறது. " -+"லாக்டவுன் வெண்பட்டியலில் கட்டளைகள், சூழல்கள், பயனர்கள் மற்றும் பயனர் idகள் " -+"ஆகியவை இருக்கலாம்." - - #: ../src/firewall-config.glade.h:195 - msgid "" -@@ -1650,9 +1664,9 @@ msgid "" - "command lines starting with the command will match. If the '*' is not there " - "the absolute command inclusive arguments must match." - msgstr "" --"வெண்பட்டியலில் உள்ள ஒரு கட்டளை உள்ளீடு நட்சத்திரக்குறியுடன் '*' முடிந்தால், கட்டளையுடன் " --"தொடங்கும் அனைத்து கட்டளை வரிகளும் பொருந்தும். '*' இல்லாவிட்டால், மதிப்புருக்கள் உட்பட " --"கட்டளை மட்டும் துல்லியமாகப் பொருந்த வேண்டும்." -+"வெண்பட்டியலில் உள்ள ஒரு கட்டளை உள்ளீடு நட்சத்திரக்குறியுடன் '*' முடிந்தால், " -+"கட்டளையுடன் தொடங்கும் அனைத்து கட்டளை வரிகளும் பொருந்தும். '*' இல்லாவிட்டால், " -+"மதிப்புருக்கள் உட்பட கட்டளை மட்டும் துல்லியமாகப் பொருந்த வேண்டும்." - - #: ../src/firewall-config.glade.h:201 - msgid "Add Command Line" -@@ -1843,7 +1857,8 @@ msgstr "நேரடி விதி" - #: ../src/firewall-config.glade.h:248 - msgid "Please select ipv and table, chain priority and enter the args." - msgstr "" --"ipv மற்றும் அட்டவணை, சங்கிலி முன்னுரிமையைத் தேர்ந்தெடுத்து மதிப்புருக்களை உள்ளிடவும்." -+"ipv மற்றும் அட்டவணை, சங்கிலி முன்னுரிமையைத் தேர்ந்தெடுத்து மதிப்புருக்களை " -+"உள்ளிடவும்." - - #: ../src/firewall-config.glade.h:249 - msgid "Priority:" -@@ -1867,7 +1882,9 @@ msgstr "ஒரு உயர் விதியை உள்ளிடவும் - - #: ../src/firewall-config.glade.h:255 - msgid "For host or network white or blacklisting deactivate the element." --msgstr "புரவலன் அல்லது பிணைய வெண் அல்லது கருப்புப் பட்டியலிடுதலுக்கு கூறை முடக்கவும்." -+msgstr "" -+"புரவலன் அல்லது பிணைய வெண் அல்லது கருப்புப் பட்டியலிடுதலுக்கு கூறை முடக்கவும்." -+"" - - #: ../src/firewall-config.glade.h:256 - msgid "Source:" -@@ -1895,8 +1912,8 @@ msgstr "தலைகீழ்" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" - "இதைச் செயல்படுத்த செயல் 'நிராகரி' என்றும் குடும்பம் 'ipv4' அல்லது 'ipv6' " - "என்று(இரண்டுமல்ல) இருக்க வேண்டும்." -diff --git a/po/te.po b/po/te.po -index 7e82ca5cf64b..b60e3592c10e 100644 ---- a/po/te.po -+++ b/po/te.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # Krishnababu Krothapalli , 2007-2010 - # Krishnababu Krothapalli , 2013 -@@ -16,14 +16,14 @@ msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=UTF-8\n" -+"Content-Transfer-Encoding: 8bit\n" - "PO-Revision-Date: 2016-01-04 12:44+0000\n" - "Last-Translator: Copied by Zanata \n" - "Language-Team: Telugu (http://www.transifex.com/projects/p/firewalld/" - "language/te/)\n" - "Language: te\n" --"MIME-Version: 1.0\n" --"Content-Type: text/plain; charset=UTF-8\n" --"Content-Transfer-Encoding: 8bit\n" - "Plural-Forms: nplurals=2; plural=(n != 1);\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -76,15 +76,17 @@ msgstr "అప్ / జోన్స్ డౌన్ షీల్డ్స్ క - - #: ../src/firewall-applet.in:220 - msgid "Here you can select the zones used for Shields Up and Shields Down." --msgstr "ఇక్కడ మీరు టాప్ షీల్డ్స్ మరియు డౌన్ షీల్డ్స్ ఉపయోగించే మండలాలు ఎంచుకోవచ్చు." -+msgstr "" -+"ఇక్కడ మీరు టాప్ షీల్డ్స్ మరియు డౌన్ షీల్డ్స్ ఉపయోగించే మండలాలు ఎంచుకోవచ్చు." - - #: ../src/firewall-applet.in:226 - msgid "" - "This feature is useful for people using the default zones mostly. For users, " - "that are changing zones of connections, it might be of limited use." - msgstr "" --"ఈ ఫీచర్ ఎక్కువగా డిఫాల్ట్ మండలాల్లో ఉపయోగించడం ప్రజలు కోసం ఉపయోగపడుతుంది. వినియోగదారులు కోసం, " --"కనెక్షన్ల మండలాలు మారుతున్న, అది పరిమిత వినియోగం కావచ్చు." -+"ఈ ఫీచర్ ఎక్కువగా డిఫాల్ట్ మండలాల్లో ఉపయోగించడం ప్రజలు కోసం ఉపయోగపడుతుంది. " -+"వినియోగదారులు కోసం, కనెక్షన్ల మండలాలు మారుతున్న, అది పరిమిత వినియోగం కావచ్చు." -+"" - - #: ../src/firewall-applet.in:235 - msgid "Shields Up Zone:" -@@ -206,7 +208,8 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" - "ఇంటర్ఫేస్ '{interface}' పైన అనుసంధానం '{connection}' కొరకు జోన్ '{zone}' " - "క్రియాశీలపరచబడెను" -@@ -263,8 +266,8 @@ msgid "" - "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " - "interface '{interface}'" - msgstr "" --"జోన్ '{zone}' {activated_deactivated} అనుసంధానం '{connection}' కొరకు ఇంటర్ఫేస్ " --"'{interface}' పైన" -+"జోన్ '{zone}' {activated_deactivated} అనుసంధానం '{connection}' కొరకు " -+"ఇంటర్ఫేస్ '{interface}' పైన" - - #: ../src/firewall-applet.in:1047 - msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" -@@ -647,8 +650,7 @@ msgstr "ipv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" - "ఇంటర్ఫేస్ మారువేషంలో వుంటేనే వేరొక వ్యవస్థకు పంపుట వుపయోగకరంగా వుంటుంది.\n" -@@ -813,7 +815,8 @@ msgstr "పోర్టు ఫార్వార్డింగ్" - #: ../src/firewall-config.glade.h:23 - msgid "" - "Please select the source and destination options according to your needs." --msgstr "మీ అవసరములకు తగినట్లు ములం మరియు గమ్యం ఐచ్చికాలను దయచేసి ఎంపికచేసికొనుము." -+msgstr "" -+"మీ అవసరములకు తగినట్లు ములం మరియు గమ్యం ఐచ్చికాలను దయచేసి ఎంపికచేసికొనుము." - - #: ../src/firewall-config.glade.h:24 - msgid "Port / Port Range:" -@@ -836,8 +839,8 @@ msgid "" - "If you enable local forwarding, you have to specify a port. This port has to " - "be different to the source port." - msgstr "" --"మీరు స్థానిక ఫార్వార్డింగ్‌ను చేతనం చేస్తే, మీరు పోర్ట్‍‌ను తెలుపవలసి వుంటుంది. మూలం పోర్ట్‍‌కు ఈ పోర్ట్‍ " --"భిన్నంగా వుండాలి." -+"మీరు స్థానిక ఫార్వార్డింగ్‌ను చేతనం చేస్తే, మీరు పోర్ట్‍‌ను తెలుపవలసి " -+"వుంటుంది. మూలం పోర్ట్‍‌కు ఈ పోర్ట్‍ భిన్నంగా వుండాలి." - - #: ../src/firewall-config.glade.h:30 - msgid "Local forwarding" -@@ -945,8 +948,9 @@ msgid "" - "runtime configuration. i.e. all runtime only changes done until reload are " - "lost with reload if they have not been also in permanent configuration." - msgstr "" --"ఫైర్‌వాల్ నియమాలు తిరిగిలోడుచేయి. ప్రస్తుత శాశ్వత ఆకృతీకరణ కొత్త రన్‌టైమ్ ఆకృతీకరణగా ఆగును. అనగా తిరిగిలోడు " --"చేసే వరకు చేసిన అన్ని రన్‌టైమ్ మార్పులూ శాశ్వత ఆకృతీకరణనందు లేకపోతే తిరిగిలోడు చేయగానే పోతాయి." -+"ఫైర్‌వాల్ నియమాలు తిరిగిలోడుచేయి. ప్రస్తుత శాశ్వత ఆకృతీకరణ కొత్త రన్‌టైమ్ " -+"ఆకృతీకరణగా ఆగును. అనగా తిరిగిలోడు చేసే వరకు చేసిన అన్ని రన్‌టైమ్ మార్పులూ " -+"శాశ్వత ఆకృతీకరణనందు లేకపోతే తిరిగిలోడు చేయగానే పోతాయి." - - #: ../src/firewall-config.glade.h:60 - msgid "Change which zone a network connection belongs to." -@@ -978,7 +982,8 @@ msgstr "" - - #: ../src/firewall-config.glade.h:68 - msgid "Panic mode means that all incoming and outgoing packets are dropped." --msgstr "పానిక్ రీతి అనగా లోనికివచ్చు మరియు బయటకిపోవు అన్ని పాకెట్లు వదిలివేయబడును." -+msgstr "" -+"పానిక్ రీతి అనగా లోనికివచ్చు మరియు బయటకిపోవు అన్ని పాకెట్లు వదిలివేయబడును." - - #: ../src/firewall-config.glade.h:69 - msgid "Panic Mode" -@@ -989,8 +994,8 @@ msgid "" - "Lockdown locks firewall configuration so that only applications on lockdown " - "whitelist are able to change it." - msgstr "" --"లాక్‌డౌన్ అనునది ఫైర్‌వాల్ ఆకృతీకరణను లాక్ చేయును అలా లాక్‌డౌన్ వైట్‌లిస్ట్ పైని అనువర్తనాలు మాత్రమే దానిని " --"మార్చగలవు." -+"లాక్‌డౌన్ అనునది ఫైర్‌వాల్ ఆకృతీకరణను లాక్ చేయును అలా లాక్‌డౌన్ వైట్‌లిస్ట్ " -+"పైని అనువర్తనాలు మాత్రమే దానిని మార్చగలవు." - - #: ../src/firewall-config.glade.h:71 - msgid "Lockdown" -@@ -1064,8 +1069,9 @@ msgid "" - "configuration. Permanent configuration will be active after service or " - "system reload or restart." - msgstr "" --"ప్రస్తుతం దర్శనీయమైన ఆకృతీకరణ. రన్‌టైమ్ ఆకృతీకరణ అనునది యథార్ధ క్రియాశీల ఆకృతీకరణ. శాశ్వత ఆకృతీకరణ " --"అనునది సేవ తర్వాత లేదా వ్యవస్థ తిరిగిలోడైన తర్వాత లేదా పునఃప్రారంభం తరువాత క్రియాశీలమగును." -+"ప్రస్తుతం దర్శనీయమైన ఆకృతీకరణ. రన్‌టైమ్ ఆకృతీకరణ అనునది యథార్ధ క్రియాశీల " -+"ఆకృతీకరణ. శాశ్వత ఆకృతీకరణ అనునది సేవ తర్వాత లేదా వ్యవస్థ తిరిగిలోడైన తర్వాత " -+"లేదా పునఃప్రారంభం తరువాత క్రియాశీలమగును." - - #: ../src/firewall-config.glade.h:88 - msgid "" -@@ -1075,10 +1081,11 @@ msgid "" - "filters and rich rules. The zone can be bound to interfaces and source " - "addresses." - msgstr "" --"firewalld జోన్ అనునది జోన్‌కు బందనమైన నెట్వర్కు అనుసంధానాలు, ఇంటర్ఫేసులు మరియు మూలపు చిరునామాల " --"నమ్మిక స్థాయిను నిర్వచించును. జోన్ అనునది సేవలను, పోర్టులను, ప్రొటోకాల్సును, మాస్క్వారేడింగ్‌ను, పోర్ట్/" --"పాకెట్ ఫార్వార్డింగ్‌ను, icmp ఫిల్టర్లను మరియు రిచ్ నియమాలను కలుపును. జోన్ అనునది ఇంటర్ఫేసులకు మరియు " --"మూలపు చిరునామాలకు బందనం కాగలదు." -+"firewalld జోన్ అనునది జోన్‌కు బందనమైన నెట్వర్కు అనుసంధానాలు, ఇంటర్ఫేసులు " -+"మరియు మూలపు చిరునామాల నమ్మిక స్థాయిను నిర్వచించును. జోన్ అనునది సేవలను, " -+"పోర్టులను, ప్రొటోకాల్సును, మాస్క్వారేడింగ్‌ను, పోర్ట్/పాకెట్ " -+"ఫార్వార్డింగ్‌ను, icmp ఫిల్టర్లను మరియు రిచ్ నియమాలను కలుపును. జోన్ అనునది " -+"ఇంటర్ఫేసులకు మరియు మూలపు చిరునామాలకు బందనం కాగలదు." - - #: ../src/firewall-config.glade.h:90 - msgid "Add Zone" -@@ -1102,9 +1109,9 @@ msgid "" - "are accessible from all hosts and networks that can reach the machine from " - "connections, interfaces and sources bound to this zone." - msgstr "" --"జోన్ నందు ఏ సేవలు నమ్మదగినవో మీరు యిక్కడ నిర్వచించవచ్చు. ఈ జోన్‌కు బందనం అయిన అనుసంధానాలు, " --"ఇంటర్ఫేసులు మరియు మూలాల నుండి మిషన్‌ను చేరగల అన్ని అతిధేయలు మరియు నెట్వర్కుల నుండి నమ్మదగిన సేవలు " --"ఏక్సెస్ చేయవచ్చు." -+"జోన్ నందు ఏ సేవలు నమ్మదగినవో మీరు యిక్కడ నిర్వచించవచ్చు. ఈ జోన్‌కు బందనం " -+"అయిన అనుసంధానాలు, ఇంటర్ఫేసులు మరియు మూలాల నుండి మిషన్‌ను చేరగల అన్ని " -+"అతిధేయలు మరియు నెట్వర్కుల నుండి నమ్మదగిన సేవలు ఏక్సెస్ చేయవచ్చు." - - #: ../src/firewall-config.glade.h:95 - msgid "Services" -@@ -1115,8 +1122,8 @@ msgid "" - "Add additional ports or port ranges, which need to be accessible for all " - "hosts or networks that can connect to the machine." - msgstr "" --"మిషన్‌కు అనుసంధానం కాగల అన్ని అతిధేయలు లేదా నెట్వర్కుల నుండి ఏక్సెస్ కావలసిన, పోర్టులు లేదా పోర్టుల " --"విస్తృతిని జతచేయి." -+"మిషన్‌కు అనుసంధానం కాగల అన్ని అతిధేయలు లేదా నెట్వర్కుల నుండి ఏక్సెస్ " -+"కావలసిన, పోర్టులు లేదా పోర్టుల విస్తృతిని జతచేయి." - - #: ../src/firewall-config.glade.h:97 - msgid "Add Port" -@@ -1170,9 +1177,10 @@ msgid "" - "network to the internet. Your local network will not be visible and the " - "hosts appear as a single address on the internet. Masquerading is IPv4 only." - msgstr "" --"మీరు అతిధేయ నుగాని లేదా రూటర్ ను గాని మీ స్థానిక నెట్వర్కును ఇంటర్‌నెట్ కు అనుసంధానించుటకు " --"మారువేషదారణ ఉపయోగకరంగా ఉంటుంది.మీ స్థానిక నెట్వర్కు కనిపించదు మరియు ఇంటర్‌నెట్ కు ఒక అతిధేయ లాగా " --"కనబడుతుంది. మారువేషదారణ IPv4 మాత్రమే." -+"మీరు అతిధేయ నుగాని లేదా రూటర్ ను గాని మీ స్థానిక నెట్వర్కును ఇంటర్‌నెట్ కు " -+"అనుసంధానించుటకు మారువేషదారణ ఉపయోగకరంగా ఉంటుంది.మీ స్థానిక నెట్వర్కు " -+"కనిపించదు మరియు ఇంటర్‌నెట్ కు ఒక అతిధేయ లాగా కనబడుతుంది. మారువేషదారణ IPv4 " -+"మాత్రమే." - - #: ../src/firewall-config.glade.h:109 - msgid "Masquerade zone" -@@ -1182,7 +1190,9 @@ msgstr "మాస్క్వరేడ్ జోన్" - msgid "" - "If you enable masquerading, IP forwarding will be enabled for your IPv4 " - "networks." --msgstr "మీరు మాస్క్వరేడింగ్ చేతనంచేస్తే, ఐపి ఫార్వార్డింగ్ అనునది మీ IPv4 నెట్వర్కుల కొరకు చేతనమగును." -+msgstr "" -+"మీరు మాస్క్వరేడింగ్ చేతనంచేస్తే, ఐపి ఫార్వార్డింగ్ అనునది మీ IPv4 నెట్వర్కుల " -+"కొరకు చేతనమగును." - - #: ../src/firewall-config.glade.h:111 - msgid "Masquerading" -@@ -1195,9 +1205,10 @@ msgid "" - "system is only useful if the interface is masqueraded. Port forwarding is " - "IPv4 only." - msgstr "" --"ఒక పర్ట్‍ నుండి వేరక పోర్ట్‍‌కు స్థానిక సిస్టమ్ నందు పంపుటకు లేదా స్థానిక సిస్టమ్ నుండి వేరొక సిస్టమ్‌కు " --"పంపుటకు ప్రవేశాలను పోర్ట్స్‍‌కు జతచేయుము. వేరొక సిస్టమ్‌కు పంపుట ఇంటర్‌ఫేస్ మారువేషంలోవుంటేనే " --"ఉపయోగకరంగా వుంటుంది. పోర్ట్‍ పంపుట IPv4 మాత్రమే." -+"ఒక పర్ట్‍ నుండి వేరక పోర్ట్‍‌కు స్థానిక సిస్టమ్ నందు పంపుటకు లేదా స్థానిక " -+"సిస్టమ్ నుండి వేరొక సిస్టమ్‌కు పంపుటకు ప్రవేశాలను పోర్ట్స్‍‌కు జతచేయుము. " -+"వేరొక సిస్టమ్‌కు పంపుట ఇంటర్‌ఫేస్ మారువేషంలోవుంటేనే ఉపయోగకరంగా వుంటుంది. " -+"పోర్ట్‍ పంపుట IPv4 మాత్రమే." - - #: ../src/firewall-config.glade.h:113 - msgid "Add Forward Port" -@@ -1217,17 +1228,17 @@ msgid "" - "messages between networked computers, but additionally for informational " - "messages like ping requests and replies." - msgstr "" --"ఇంటర్నెట్ కంట్రోల్ మెసేజ్ ప్రోటోకాల్ (ICMP) ముఖ్యంగా నెట్వర్క్‍‌డ్ కంప్యూటర్స్‍ మద్య దోషపు సందేశాలను " --"పంపుటకు ఉపయోగించబడుతుంది, అయితే అదనంగా పింగ్ అభ్యర్దనలు మరియు ప్రత్యుత్తరాలు వంటి సమాచార " --"సందేశాలు కు." -+"ఇంటర్నెట్ కంట్రోల్ మెసేజ్ ప్రోటోకాల్ (ICMP) ముఖ్యంగా నెట్వర్క్‍‌డ్ " -+"కంప్యూటర్స్‍ మద్య దోషపు సందేశాలను పంపుటకు ఉపయోగించబడుతుంది, అయితే అదనంగా " -+"పింగ్ అభ్యర్దనలు మరియు ప్రత్యుత్తరాలు వంటి సమాచార సందేశాలు కు." - - #: ../src/firewall-config.glade.h:117 - msgid "" - "Mark the ICMP types in the list, which should be rejected. All other ICMP " - "types are allowed to pass the firewall. The default is no limitation." - msgstr "" --"జాబితానందు ICMP రకాలను గుర్తుంచుము, ఏవైతే తిరస్కరించాలో. అన్ని ఇతర ICMP రకములు ఫైర్‌వాల్ దాటుటకు " --"అనుమతించబడినవి. అప్రమేయంగా ఏ పరిమితి లేదు." -+"జాబితానందు ICMP రకాలను గుర్తుంచుము, ఏవైతే తిరస్కరించాలో. అన్ని ఇతర ICMP " -+"రకములు ఫైర్‌వాల్ దాటుటకు అనుమతించబడినవి. అప్రమేయంగా ఏ పరిమితి లేదు." - - #: ../src/firewall-config.glade.h:118 - msgid "" -@@ -1268,8 +1279,9 @@ msgid "" - "Add entries to bind interfaces to the zone. If the interface will be used by " - "a connection, the zone will be set to the zone specified in the connection." - msgstr "" --"ఇంటర్ఫేసులను జోన్‌కు బందనం చేయుటకు ప్రవేశాలను జతచేయి. ఒకవేళ ఇంటర్ఫేస్ అనునది అనుసంధానం చేత " --"వుపయోగించబడితే, జోన్ అనునది అనుసంధానం నందు తెలిపిన జోన్‌కు అమర్చబడును." -+"ఇంటర్ఫేసులను జోన్‌కు బందనం చేయుటకు ప్రవేశాలను జతచేయి. ఒకవేళ ఇంటర్ఫేస్ అనునది " -+"అనుసంధానం చేత వుపయోగించబడితే, జోన్ అనునది అనుసంధానం నందు తెలిపిన జోన్‌కు " -+"అమర్చబడును." - - #: ../src/firewall-config.glade.h:127 - msgid "Add Interface" -@@ -1310,7 +1322,9 @@ msgstr "జోన్స్" - msgid "" - "A firewalld service is a combination of ports, protocols, modules and " - "destination addresses." --msgstr "firewalld సేవ అనునది పోర్టులు, ప్రొటోకాల్స్, మాడ్యూళ్ళు మరియు గమ్యపు చిరునామాల సమ్మేళనం." -+msgstr "" -+"firewalld సేవ అనునది పోర్టులు, ప్రొటోకాల్స్, మాడ్యూళ్ళు మరియు గమ్యపు " -+"చిరునామాల సమ్మేళనం." - - #: ../src/firewall-config.glade.h:139 - msgid "Add Service" -@@ -1366,8 +1380,9 @@ msgid "" - "the destination address and type. If both entries are empty, there is no " - "limitation." - msgstr "" --"ఒకవేళ మీరు గమ్యపు చిరునామాలను తెలిపితే, సేవా ప్రవేశం అనునది గమ్యపు చిరునామా మరియు రకమునకు పరిమితం " --"అగును. ఒకవేళ రెండు ప్రవేశాలు ఖాళీ అయితే, అప్పుడు ఏ పరిమితి వుండదు." -+"ఒకవేళ మీరు గమ్యపు చిరునామాలను తెలిపితే, సేవా ప్రవేశం అనునది గమ్యపు చిరునామా " -+"మరియు రకమునకు పరిమితం అగును. ఒకవేళ రెండు ప్రవేశాలు ఖాళీ అయితే, అప్పుడు ఏ " -+"పరిమితి వుండదు." - - #: ../src/firewall-config.glade.h:151 - msgid "IPv4:" -@@ -1382,8 +1397,8 @@ msgid "" - "Services can only be changed in the permanent configuration view. The " - "runtime configuration of services is fixed." - msgstr "" --"సేవలు అనునవి శాశ్వత ఆకృతీకరణ దర్శని నందు మాత్రమే మారగలవు. సేవల యొక్క రన్‌టైమ్ ఆకృతీకరణ అనునది " --"నిర్ధిష్టం." -+"సేవలు అనునవి శాశ్వత ఆకృతీకరణ దర్శని నందు మాత్రమే మారగలవు. సేవల యొక్క " -+"రన్‌టైమ్ ఆకృతీకరణ అనునది నిర్ధిష్టం." - - #: ../src/firewall-config.glade.h:154 - msgid "" -@@ -1443,8 +1458,8 @@ msgid "" - "A firewalld icmptype provides the information for an Internet Control " - "Message Protocol (ICMP) type for firewalld." - msgstr "" --"firewalld icmptype అనునది firewalld కొరకు ఇంటర్నెట్ కంట్రోల్ మెసేజ్ ప్రొటోకాల్ (ICMP) కు " --"చెందిన సమాచారం ఇచ్చును." -+"firewalld icmptype అనునది firewalld కొరకు ఇంటర్నెట్ కంట్రోల్ మెసేజ్ " -+"ప్రొటోకాల్ (ICMP) కు చెందిన సమాచారం ఇచ్చును." - - #: ../src/firewall-config.glade.h:167 - msgid "Add ICMP Type" -@@ -1471,8 +1486,8 @@ msgid "" - "ICMP Types can only be changed in the permanent configuration view. The " - "runtime configuration of ICMP Types is fixed." - msgstr "" --"ICMP రకాలు అనునవి శాశ్వత ఆకృతీకరణ దర్శని నందు మాత్రమే మారగలవు. ICMP రకాల యొక్క రన్‌టైమ్ " --"ఆకృతీకరణ అనునది నిర్ధిష్టం." -+"ICMP రకాలు అనునవి శాశ్వత ఆకృతీకరణ దర్శని నందు మాత్రమే మారగలవు. ICMP రకాల " -+"యొక్క రన్‌టైమ్ ఆకృతీకరణ అనునది నిర్ధిష్టం." - - #: ../src/firewall-config.glade.h:173 - msgid "" -@@ -1493,9 +1508,10 @@ msgid "" - "commands, parameters and targets. Direct configuration should be used only " - "as a last resort when it is not possible to use other firewalld features." - msgstr "" --"సూటి ఆకృతీకరణ అనునది ఫైర్‌వాల్‌కు మరింత సూటిగా ఏక్సెస్ ఇచ్చును. ఈ ఐచ్చికాలు వుపయోగించుటకు వాడుకరికి " --"ప్రాథమిక ఐపిపట్టికల విషయాలు తెలవాలి, అనగా పట్టికలు, చైన్స్, ఆదేశాలు, పారామితులు మరియు లక్ష్యాలు. ఇతర " --"firewalld విశేషణాలు ఏవీ వుపయోగించుటకు సాధ్యకానప్పుడు మాత్రమే సూటి ఆకృతీకరణను వుపయోగించాలి." -+"సూటి ఆకృతీకరణ అనునది ఫైర్‌వాల్‌కు మరింత సూటిగా ఏక్సెస్ ఇచ్చును. ఈ ఐచ్చికాలు " -+"వుపయోగించుటకు వాడుకరికి ప్రాథమిక ఐపిపట్టికల విషయాలు తెలవాలి, అనగా పట్టికలు, " -+"చైన్స్, ఆదేశాలు, పారామితులు మరియు లక్ష్యాలు. ఇతర firewalld విశేషణాలు ఏవీ " -+"వుపయోగించుటకు సాధ్యకానప్పుడు మాత్రమే సూటి ఆకృతీకరణను వుపయోగించాలి." - - #: ../src/firewall-config.glade.h:176 - msgid "" -@@ -1503,8 +1519,9 @@ msgid "" - "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " - "bridges (ebtables)." - msgstr "" --"ప్రతి ఐచ్చికం యొక్క ipv ఆర్గుమెంట్ ipv4 లేదా ipv6 లేదా eb కావాలి. ipv4 తో అది ఐపిపట్టికల కొరకు, " --"ipv6 కొరకు ఐపి6పట్టికల కొరకు మరియు eb తో ఈథర్నెట్ బ్రిడ్జులు (ఈబిపట్టికలు) కొరకు." -+"ప్రతి ఐచ్చికం యొక్క ipv ఆర్గుమెంట్ ipv4 లేదా ipv6 లేదా eb కావాలి. ipv4 తో " -+"అది ఐపిపట్టికల కొరకు, ipv6 కొరకు ఐపి6పట్టికల కొరకు మరియు eb తో ఈథర్నెట్ " -+"బ్రిడ్జులు (ఈబిపట్టికలు) కొరకు." - - #: ../src/firewall-config.glade.h:177 - msgid "Additional chains for use with rules." -@@ -1529,7 +1546,8 @@ msgstr "చైన్స్" - #: ../src/firewall-config.glade.h:182 - msgid "" - "Add a rule with the arguments args to a chain in a table with a priority." --msgstr "పట్టిక నందలి చైన్‌కు ప్రాముఖ్యతతో ఆర్గుమెంట్స్ args వుపయోగించి నియమం జతచేయి." -+msgstr "" -+"పట్టిక నందలి చైన్‌కు ప్రాముఖ్యతతో ఆర్గుమెంట్స్ args వుపయోగించి నియమం జతచేయి." - - #: ../src/firewall-config.glade.h:183 - msgid "" -@@ -1540,10 +1558,12 @@ msgid "" - "after another one, use a low priority for the first and a higher for the " - "following." - msgstr "" --"ఆర్డర్ నియమాలను వుపయోగించటమే ప్రాముఖ్యం. ప్రాముఖ్యత 0 అనగా నియమాన్ని చైన్ పైన జతచేయమని, అత్యధిక " --"ప్రాముఖ్యతతో నియమం అనునది ఇంకా కిందకు చేర్చబడును. ఒకే ప్రాముఖ్యతతో వున్న నియమాలు ఒకే స్థాయిలో వుంటాయి " --"మరియు ఈ నియమాల క్రమం నిర్దిష్టంకాదు మారవచ్చు. ఒకదాని తరువాత మళ్ళీ ఒక నియమం జతచేయబడును అనేది " --"నిర్థారించుకొనుటకు, ఒకదానికి తక్కువ ప్రాముఖ్యత ఇచ్చి తరువాతదానికి ఎక్కువ ప్రాముఖ్యత ఇవ్వండి." -+"ఆర్డర్ నియమాలను వుపయోగించటమే ప్రాముఖ్యం. ప్రాముఖ్యత 0 అనగా నియమాన్ని చైన్ " -+"పైన జతచేయమని, అత్యధిక ప్రాముఖ్యతతో నియమం అనునది ఇంకా కిందకు చేర్చబడును. ఒకే " -+"ప్రాముఖ్యతతో వున్న నియమాలు ఒకే స్థాయిలో వుంటాయి మరియు ఈ నియమాల క్రమం " -+"నిర్దిష్టంకాదు మారవచ్చు. ఒకదాని తరువాత మళ్ళీ ఒక నియమం జతచేయబడును అనేది " -+"నిర్థారించుకొనుటకు, ఒకదానికి తక్కువ ప్రాముఖ్యత ఇచ్చి తరువాతదానికి ఎక్కువ " -+"ప్రాముఖ్యత ఇవ్వండి." - - #: ../src/firewall-config.glade.h:184 - msgid "Add Rule" -@@ -1567,12 +1587,15 @@ msgid "" - "not placed in special chains. All iptables, ip6tables and ebtables options " - "can be used." - msgstr "" --"పాస్‌త్రూ నియమాలు అనునవి నేరుగా ఫైర్‌వాల్‌కు పంపుబడును మరియు ప్రత్యేక చైన్స్ నందు వుంచబడవు. అన్ని " --"ఐపిపట్టికలు, ఐపి6పట్టికలు మరియు ఈబిపట్టికల ఐచ్చికాలు వుపయోగించవచ్చు." -+"పాస్‌త్రూ నియమాలు అనునవి నేరుగా ఫైర్‌వాల్‌కు పంపుబడును మరియు ప్రత్యేక చైన్స్ " -+"నందు వుంచబడవు. అన్ని ఐపిపట్టికలు, ఐపి6పట్టికలు మరియు ఈబిపట్టికల ఐచ్చికాలు " -+"వుపయోగించవచ్చు." - - #: ../src/firewall-config.glade.h:189 - msgid "Please be careful with passthrough rules to not damage the firewall." --msgstr "ఫైర్‌వాల్‌కు నష్టంవాటిల్లకుండా వుండుటకు పాస్‌త్రూ నియమాలతో జాగ్రత్తగా వుండండి." -+msgstr "" -+"ఫైర్‌వాల్‌కు నష్టంవాటిల్లకుండా వుండుటకు పాస్‌త్రూ నియమాలతో జాగ్రత్తగా " -+"వుండండి." - - #: ../src/firewall-config.glade.h:190 - msgid "Add Passthrough" -@@ -1596,9 +1619,10 @@ msgid "" - "firewalld. It limits changes to the firewall. The lockdown whitelist can " - "contain commands, contexts, users and user ids." - msgstr "" --"లాక్‌డౌన్ విశేషణం అనునది firewalld కొరకు వాడుకరి మరియు అనువర్తనం విధానాల లైట్ వర్షన్. ఇది మార్పులను " --"ఫైర్‌వాల్‌కు పరిమితం చేయును. లాక్‌డౌన్ వైట్‌లిస్ట్ అనునది ఆదేశాలను, సందర్భాలను, వాడుకరులను మరియు వాడుకరి " --"ఐడిలను కలిగివుండవచ్చు." -+"లాక్‌డౌన్ విశేషణం అనునది firewalld కొరకు వాడుకరి మరియు అనువర్తనం విధానాల " -+"లైట్ వర్షన్. ఇది మార్పులను ఫైర్‌వాల్‌కు పరిమితం చేయును. లాక్‌డౌన్ " -+"వైట్‌లిస్ట్ అనునది ఆదేశాలను, సందర్భాలను, వాడుకరులను మరియు వాడుకరి ఐడిలను " -+"కలిగివుండవచ్చు." - - #: ../src/firewall-config.glade.h:195 - msgid "" -@@ -1629,8 +1653,9 @@ msgid "" - "command lines starting with the command will match. If the '*' is not there " - "the absolute command inclusive arguments must match." - msgstr "" --"వైట్‌లిస్ట్ పైన ఆదేశం ప్రవేశం ఏస్ట్రిక్ '*' తో ముగిస్తే, అప్పుడు ఆ ఆదేశంతో ప్రారంభమయ్యే అన్ని ఆదేశ " --"వరుసలు సరిపోలును. ఒకవేళ '*' లేకపోతే అప్పుడు ఆదేశం అనునది ఆర్గుమెంట్లతో సహా ఖచ్చితంగా సరిపోలాలి." -+"వైట్‌లిస్ట్ పైన ఆదేశం ప్రవేశం ఏస్ట్రిక్ '*' తో ముగిస్తే, అప్పుడు ఆ ఆదేశంతో " -+"ప్రారంభమయ్యే అన్ని ఆదేశ వరుసలు సరిపోలును. ఒకవేళ '*' లేకపోతే అప్పుడు ఆదేశం " -+"అనునది ఆర్గుమెంట్లతో సహా ఖచ్చితంగా సరిపోలాలి." - - #: ../src/firewall-config.glade.h:201 - msgid "Add Command Line" -@@ -1820,7 +1845,9 @@ msgstr "సూటి నియమం" - - #: ../src/firewall-config.glade.h:248 - msgid "Please select ipv and table, chain priority and enter the args." --msgstr "దయచేసి ipv మరియు పట్టిక, చైన్ ప్రాముఖ్యత ఎంపికచేసి ఆర్గుమెంట్లు ప్రవేశపెట్టు." -+msgstr "" -+"దయచేసి ipv మరియు పట్టిక, చైన్ ప్రాముఖ్యత ఎంపికచేసి ఆర్గుమెంట్లు ప్రవేశపెట్టు." -+"" - - #: ../src/firewall-config.glade.h:249 - msgid "Priority:" -@@ -1844,7 +1871,9 @@ msgstr "దయచేసి రిట్ నియమం ప్రవేశపె - - #: ../src/firewall-config.glade.h:255 - msgid "For host or network white or blacklisting deactivate the element." --msgstr "అతిధేయ లేదా నెట్వర్కునకు వైట్ లేదా బ్లాక్‌లిస్టింగ్ అనునది మూలకం క్రియాహీనం చేయును." -+msgstr "" -+"అతిధేయ లేదా నెట్వర్కునకు వైట్ లేదా బ్లాక్‌లిస్టింగ్ అనునది మూలకం క్రియాహీనం " -+"చేయును." - - #: ../src/firewall-config.glade.h:256 - msgid "Source:" -@@ -1872,11 +1901,11 @@ msgstr "తిరగతిప్పిన" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" --"దీనిని చేతనం చేయుటకు చర్య అనేది 'తిరస్కరించు' అవ్వాలి మరియు ఫ్యామిలీ 'ipv4' లేదా 'ipv6' అవ్వాలి " --"(రెండూ కాదు)." -+"దీనిని చేతనం చేయుటకు చర్య అనేది 'తిరస్కరించు' అవ్వాలి మరియు ఫ్యామిలీ 'ipv4' " -+"లేదా 'ipv6' అవ్వాలి (రెండూ కాదు)." - - #: ../src/firewall-config.glade.h:267 - msgid "with Type:" -diff --git a/po/tr.po b/po/tr.po -index b2e2dd8a53a3..7da35aea825d 100644 ---- a/po/tr.po -+++ b/po/tr.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # Automatically generated, 2004 - # Hasan Alp İNAN, 2011 -@@ -13,14 +13,14 @@ msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=UTF-8\n" -+"Content-Transfer-Encoding: 8bit\n" - "PO-Revision-Date: 2016-01-04 12:45+0000\n" - "Last-Translator: Copied by Zanata \n" - "Language-Team: Turkish (http://www.transifex.com/projects/p/firewalld/" - "language/tr/)\n" - "Language: tr\n" --"MIME-Version: 1.0\n" --"Content-Type: text/plain; charset=UTF-8\n" --"Content-Transfer-Encoding: 8bit\n" - "Plural-Forms: nplurals=2; plural=(n > 1);\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -206,7 +206,8 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" - "Alanı '{zone}' etkin bağlantısı '{connection}' arayüzünde '{interface}'" - -@@ -646,8 +647,7 @@ msgstr "" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" - -@@ -856,7 +856,8 @@ msgstr "" - - #: ../src/firewall-config.glade.h:34 - msgid "Bold entries are mandatory, all others are optional." --msgstr "Kalın girişlerin hepsi zorunludur. Diğer tüm girişler isteğe bağlıdır." -+msgstr "" -+"Kalın girişlerin hepsi zorunludur. Diğer tüm girişler isteğe bağlıdır." - - #: ../src/firewall-config.glade.h:35 - msgid "Name:" -@@ -1206,10 +1207,9 @@ msgid "" - "messages between networked computers, but additionally for informational " - "messages like ping requests and replies." - msgstr "" --"İnternet Kontrol Mesaj Protokolü \"The Internet Control Message Protocol" --"\" (ICMP) genellikle bilgisayarlar arasındaki hata mesajları için " --"kullanılır, fakat ek olarak bilgi mesajları ping istek ve cevapları içinde " --"kullanılır." -+"İnternet Kontrol Mesaj Protokolü \"The Internet Control Message Protocol\" " -+"(ICMP) genellikle bilgisayarlar arasındaki hata mesajları için kullanılır, " -+"fakat ek olarak bilgi mesajları ping istek ve cevapları içinde kullanılır." - - #: ../src/firewall-config.glade.h:117 - msgid "" -@@ -1840,8 +1840,8 @@ msgstr "" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" - - #: ../src/firewall-config.glade.h:267 -diff --git a/po/uk.po b/po/uk.po -index d82de6e71754..9c5f867f07e7 100644 ---- a/po/uk.po -+++ b/po/uk.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # Maxim Dubovoy , 2003 - # Yuri Chornoivan , 2010-2014 -@@ -15,16 +15,16 @@ msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=UTF-8\n" -+"Content-Transfer-Encoding: 8bit\n" - "PO-Revision-Date: 2018-07-29 04:00+0000\n" - "Last-Translator: Yuri Chornoivan \n" - "Language-Team: Ukrainian (http://www.transifex.com/projects/p/firewalld/" - "language/uk/)\n" - "Language: uk\n" --"MIME-Version: 1.0\n" --"Content-Type: text/plain; charset=UTF-8\n" --"Content-Transfer-Encoding: 8bit\n" --"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" --"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" -+"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && " -+"n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" - "X-Generator: Zanata 4.6.2\n" - - #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 -@@ -43,8 +43,7 @@ msgstr "Налаштовування мережного екрану" - #: ../config/firewall-config.desktop.in.h:4 - msgid "firewall;network;security;iptables;netfilter;" - msgstr "" --"firewall;network;security;iptables;netfilter;брандмауер;файрвол;екран;мережа;" --"безпека;захист;айпітейблс;нетфільтр;" -+"firewall;network;security;iptables;netfilter;брандмауер;файрвол;екран;мережа;безпека;захист;айпітейблс;нетфільтр;" - - #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 - #, c-format -@@ -211,7 +210,8 @@ msgstr "" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "" - "Зона «{zone}» використовується для з’єднання «{connection}» на інтерфейсі " - "«{interface}»" -@@ -656,8 +656,7 @@ msgstr "ipv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" - msgstr "" - "Переспрямовування до іншої системи працюватиме, лише якщо інтерфейс " -@@ -779,6 +778,7 @@ msgstr "Безпосередній ланцюжок" - msgid "Please select ipv and table and enter the chain name." - msgstr "" - "Будь ласка виберіть версію протоколу IP та таблицю та введіть назву ланцюжка." -+"" - - #: ../src/firewall-config.glade.h:12 - msgid "ipv:" -@@ -992,12 +992,14 @@ msgstr "Налаштовування автоматичного призначе - - #: ../src/firewall-config.glade.h:67 - msgid "Configure Automatic Helper Assignment setting." --msgstr "Налаштовування параметра автоматичного призначення допоміжних засобів." -+msgstr "" -+"Налаштовування параметра автоматичного призначення допоміжних засобів." - - #: ../src/firewall-config.glade.h:68 - msgid "Panic mode means that all incoming and outgoing packets are dropped." - msgstr "" - "Режим супербезпеки означає, що усіх вхідні та вихідні пакети відкидатимуться." -+"" - - #: ../src/firewall-config.glade.h:69 - msgid "Panic Mode" -@@ -1067,7 +1069,8 @@ msgstr "Змінити зону прив’язки" - msgid "" - "Hide active runtime bindings of connections, interfaces and sources to zones" - msgstr "" --"Приховати активні динамічні прив’язки з’єднань, інтерфейсів або джерел до зон" -+"Приховати активні динамічні прив’язки з’єднань, інтерфейсів або джерел до " -+"зон" - - #: ../src/firewall-config.glade.h:85 - msgid "" -@@ -1398,7 +1401,8 @@ msgstr "Порт джерела" - - #: ../src/firewall-config.glade.h:148 - msgid "Netfilter helper modules are needed for some services." --msgstr "Модулі допоміжних засобів фільтрування мережі потребують певних служб." -+msgstr "" -+"Модулі допоміжних засобів фільтрування мережі потребують певних служб." - - #: ../src/firewall-config.glade.h:149 - msgid "Modules" -@@ -1436,8 +1440,8 @@ msgid "" - "example IP addresses, port numbers or MAC addresses. " - msgstr "" - "IPSet може бути використано для створення «білих» або «чорних» списків, у " --"ньому можуть зберігатися, наприклад, IP-адреси, номери портів або MAC-" --"адреси. " -+"ньому можуть зберігатися, наприклад, IP-адреси, номери портів або MAC-адреси." -+" " - - #: ../src/firewall-config.glade.h:155 - msgid "IPSet" -@@ -1549,6 +1553,7 @@ msgstr "" - msgid "Define ports or port ranges, which are monitored by the helper." - msgstr "" - "Визначення портів або діапазонів портів, за якими стежитиме допоміжний засіб." -+"" - - #: ../src/firewall-config.glade.h:175 - msgid "" -@@ -1709,9 +1714,9 @@ msgid "" - "the absolute command inclusive arguments must match." - msgstr "" - "Якщо запис команди у «білому» списку завершується зірочкою, «*», його буде " --"використано для обробки усіх рядків команд, що починаються відповідним " --"чином. Якщо у записі немає «*», обробка виконуватиметься лише для вказано " --"разом з аргументами команди." -+"використано для обробки усіх рядків команд, що починаються відповідним чином." -+" Якщо у записі немає «*», обробка виконуватиметься лише для вказано разом з " -+"аргументами команди." - - #: ../src/firewall-config.glade.h:201 - msgid "Add Command Line" -@@ -1960,8 +1965,8 @@ msgstr "інвертування" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "" - "Щоб можна було скористатися цим, значення «Дія» має бути «відмова», а " - "«Сімейством» має бути «ipv4» або «ipv6» (не обидва)." -diff --git a/po/zh_CN.po b/po/zh_CN.po -index 4678a430e1e4..a6229bee26ce 100644 ---- a/po/zh_CN.po -+++ b/po/zh_CN.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # Alick Zhao , 2013 - # Christopher Meng , 2012-2013 -@@ -17,20 +17,21 @@ - # Zamir SUN , 2016. #zanata - # xhuang , 2016. #zanata - # Zamir SUN , 2017. #zanata -+# Eric Garver , 2018. #zanata - # Qiyu Yan , 2018. #zanata - msgid "" - msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" --"PO-Revision-Date: 2018-10-10 07:48+0000\n" --"Last-Translator: Qiyu Yan \n" --"Language-Team: Chinese (China) (http://www.transifex.com/projects/p/" --"firewalld/language/zh_CN/)\n" --"Language: zh_CN\n" - "MIME-Version: 1.0\n" - "Content-Type: text/plain; charset=UTF-8\n" - "Content-Transfer-Encoding: 8bit\n" -+"PO-Revision-Date: 2018-11-16 08:29+0000\n" -+"Last-Translator: Copied by Zanata \n" -+"Language-Team: Chinese (China) (http://www.transifex.com/projects/p/" -+"firewalld/language/zh_CN/)\n" -+"Language: zh_CN\n" - "Plural-Forms: nplurals=1; plural=0;\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -89,9 +90,7 @@ msgstr "在这里您可以选择开启保护和关闭保护的区域。" - msgid "" - "This feature is useful for people using the default zones mostly. For users, " - "that are changing zones of connections, it might be of limited use." --msgstr "" --"这项功能对于在绝大多数时间里使用默认区域的人有用。对于经常改变连接区域的用户" --"来说,用处有限。" -+msgstr "这项功能对于在绝大多数时间里使用默认区域的人有用。对于经常改变连接区域的用户来说,用处有限。" - - #: ../src/firewall-applet.in:235 - msgid "Shields Up Zone:" -@@ -209,12 +208,12 @@ msgstr "默认区域: '%s'" - msgid "" - "Default Zone '{default_zone}' active for connection '{connection}' on " - "interface '{interface}'" --msgstr "" --"接口 '{interface}' 上连接 '{connection}' 的活动默认区 '{default_zone}'" -+msgstr "接口 '{interface}' 上连接 '{connection}' 的活动默认区 '{default_zone}'" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "在接口 '{interface}' 启用连接 '{connection}' 的区域 '{zone}'" - - #: ../src/firewall-applet.in:892 -@@ -263,16 +262,15 @@ msgid "" - "Default zone '{default_zone}' {activated_deactivated} for connection " - "'{connection}' on interface '{interface}'" - msgstr "" --"接口 '{interface}' 上连接 '{connection}' 的默认区 " --"'{default_zone}' {activated_deactivated}" -+"接口 '{interface}' 上连接 '{connection}' 的默认区 '{default_zone}' " -+"{activated_deactivated}" - - #: ../src/firewall-applet.in:1042 - msgid "" - "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " - "interface '{interface}'" - msgstr "" --"在接口 '{interface}' {activated_deactivated} 连接 '{connection}' 的区域 " --"'{zone}' " -+"在接口 '{interface}' {activated_deactivated} 连接 '{connection}' 的区域 '{zone}' " - - #: ../src/firewall-applet.in:1047 - msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" -@@ -304,7 +302,7 @@ msgstr "试图连接至 firewalld,等待中..." - msgid "" - "Failed to connect to firewalld. Please make sure that the service has been " - "started correctly and try again." --msgstr "不能连接到防火墙守护进程,请检查服务是否被正确的启动然后重试" -+msgstr "连接 firewalld 失败。请确保该服务已正常启动,然后重试。" - - #: ../src/firewall-config.in:95 - msgid "Changes applied." -@@ -346,7 +344,7 @@ msgstr "用户名" - - #: ../src/firewall-config.in:244 - msgid "User id" --msgstr "" -+msgstr "用户 ID" - - #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 - msgid "Table" -@@ -362,7 +360,7 @@ msgstr "优先级" - - #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 - msgid "Args" --msgstr "参数" -+msgstr "自变量" - - #: ../src/firewall-config.in:401 ../src/firewall-config.in:2329 - msgid "Runtime" -@@ -440,11 +438,11 @@ msgstr "审计" - - #: ../src/firewall-config.in:934 ../src/firewall-config.glade.h:221 - msgid "Interface" --msgstr "" -+msgstr "接口" - - #: ../src/firewall-config.in:936 - msgid "Comment" --msgstr "" -+msgstr "注释" - - #: ../src/firewall-config.in:955 ../src/firewall-config.glade.h:27 - msgid "Source" -@@ -520,7 +518,7 @@ msgstr "ICMP 阻拦" - #: ../src/firewall-config.in:3348 ../src/firewall-config.in:3658 - #: ../src/firewall-config.glade.h:288 - msgid "icmp-type" --msgstr "" -+msgstr "icmp-type" - - #: ../src/firewall-config.in:2075 ../src/firewall-config.in:3182 - #: ../src/firewall-config.in:3350 ../src/firewall-config.in:3661 -@@ -655,11 +653,9 @@ msgstr "ipv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" --msgstr "" --"转发至其他系统琴在端口伪装时才有用。\n" -+msgstr "转发至其他系统琴在端口伪装时才有用。\n" - "您想要伪装该区域吗?" - - #: ../src/firewall-config.in:5376 -@@ -690,8 +686,7 @@ msgstr "请输入 ipv4 或者 ipv6 地址,格式为 address[/mask]。" - msgid "" - "The mask can be a network mask or a number for ipv4.\n" - "The mask is a number for ipv6." --msgstr "" --"对于 ipv4 地址,该掩码必须为网络掩码或一个数字。\n" -+msgstr "对于 ipv4 地址,该掩码必须为网络掩码或一个数字。\n" - "对于 ipv6 地址,则该掩码为一个数字。" - - #: ../src/firewall-config.in:5776 -@@ -726,9 +721,8 @@ msgid "IPv6" - msgstr "IPv6" - - #: ../src/firewall-config.in:6389 --#, fuzzy - msgid "Built-in helper, rename not supported." --msgstr "内置辅助模块,不支持重命名。" -+msgstr "内置帮助程序,不支持重命名。" - - #: ../src/firewall-config.in:6867 - msgid "Built-in icmp, rename not supported." -@@ -751,11 +745,11 @@ msgstr "地址" - - #: ../src/firewall-config.glade.h:2 - msgid "Automatic Helpers" --msgstr "" -+msgstr "自动帮助程序" - - #: ../src/firewall-config.glade.h:3 - msgid "Please select the automatic helpers value:" --msgstr "" -+msgstr "请选择自动帮助程序的值:" - - #: ../src/firewall-config.glade.h:5 - msgid "Please enter the command line." -@@ -858,11 +852,11 @@ msgstr "转发到另一端口" - - #: ../src/firewall-config.glade.h:32 - msgid "Base Helper Settings" --msgstr "" -+msgstr "基础帮助程序设置" - - #: ../src/firewall-config.glade.h:33 - msgid "Please configure base helper settings:" --msgstr "" -+msgstr "请配置基础帮助程序设置:" - - #: ../src/firewall-config.glade.h:34 - msgid "Bold entries are mandatory, all others are optional." -@@ -894,11 +888,11 @@ msgstr "模块: " - - #: ../src/firewall-config.glade.h:44 - msgid "Helper" --msgstr "" -+msgstr "帮助程序" - - #: ../src/firewall-config.glade.h:45 - msgid "Please select a helper:" --msgstr "" -+msgstr "请选择帮助程序:" - - #: ../src/firewall-config.glade.h:46 - msgid "Base ICMP Type Settings" -@@ -953,9 +947,7 @@ msgid "" - "Reloads firewall rules. Current permanent configuration will become new " - "runtime configuration. i.e. all runtime only changes done until reload are " - "lost with reload if they have not been also in permanent configuration." --msgstr "" --"重载防火墙规则。当前永久配置将变成新的运行时配置。例如所有仅在运行时配置所做" --"的变更若未在永久配置中操作,将在重载后丢失。" -+msgstr "重载防火墙规则。当前永久配置将变成新的运行时配置。例如所有仅在运行时配置所做的变更若未在永久配置中操作,将在重载后丢失。" - - #: ../src/firewall-config.glade.h:60 - msgid "Change which zone a network connection belongs to." -@@ -979,11 +971,11 @@ msgstr "修改 LogDenied 值。" - - #: ../src/firewall-config.glade.h:66 - msgid "Configure Automatic Helper Assigment" --msgstr "" -+msgstr "配置自动帮助程序指派" - - #: ../src/firewall-config.glade.h:67 - msgid "Configure Automatic Helper Assignment setting." --msgstr "" -+msgstr "配置自动帮助程序指派设置。" - - #: ../src/firewall-config.glade.h:68 - msgid "Panic mode means that all incoming and outgoing packets are dropped." -@@ -1025,7 +1017,7 @@ msgstr "ICMP 类型" - - #: ../src/firewall-config.glade.h:77 - msgid "Helpers" --msgstr "" -+msgstr "帮助程序" - - #: ../src/firewall-config.glade.h:78 - msgid "Direct Configuration" -@@ -1045,7 +1037,7 @@ msgstr "帮助(_H)" - - #: ../src/firewall-config.glade.h:82 - msgid "Change Zone" --msgstr "" -+msgstr "更改区域" - - #: ../src/firewall-config.glade.h:83 - msgid "Change zone of binding" -@@ -1070,9 +1062,7 @@ msgid "" - "Currently visible configuration. Runtime configuration is the actual active " - "configuration. Permanent configuration will be active after service or " - "system reload or restart." --msgstr "" --"当前可见配置。运行时配置为实际启用的配置。永久配置则会在服务或系统重载或重启" --"时启用。" -+msgstr "当前可见配置。运行时配置为实际启用的配置。永久配置则会在服务或系统重载或重启时启用。" - - #: ../src/firewall-config.glade.h:88 - msgid "" -@@ -1082,9 +1072,8 @@ msgid "" - "filters and rich rules. The zone can be bound to interfaces and source " - "addresses." - msgstr "" --"FirewallD 区域定义了绑定的网络连接、接口以及源地址的可信程度。区域是服务、端" --"口、协议、IP伪装、端口/报文转发、ICMP过滤以及富规则的组合。区域可以绑定到接口" --"以及源地址。" -+"FirewallD 区域定义了绑定的网络连接、接口以及源地址的可信程度。区域是服务、端口、协议、IP伪装、端口/" -+"报文转发、ICMP过滤以及富规则的组合。区域可以绑定到接口以及源地址。" - - #: ../src/firewall-config.glade.h:90 - msgid "Add Zone" -@@ -1107,9 +1096,7 @@ msgid "" - "Here you can define which services are trusted in the zone. Trusted services " - "are accessible from all hosts and networks that can reach the machine from " - "connections, interfaces and sources bound to this zone." --msgstr "" --"可以在这里定义区域中哪些服务是可信的。可连接至绑定到这个区域的连接、接口和源" --"的所有主机和网络及丶可以访问可信服务。" -+msgstr "可以在这里定义区域中哪些服务是可信的。可连接至绑定到这个区域的连接、接口和源的所有主机和网络及丶可以访问可信服务。" - - #: ../src/firewall-config.glade.h:95 - msgid "Services" -@@ -1161,9 +1148,7 @@ msgstr "协议" - msgid "" - "Add additional source ports or port ranges, which need to be accessible for " - "all hosts or networks that can connect to the machine." --msgstr "" --"添加额外的源端口或范围,它们对于所有可以连接至这台主机的所有主机或网络都需要" --"是可以访问的。" -+msgstr "添加额外的源端口或范围,它们对于所有可以连接至这台主机的所有主机或网络都需要是可以访问的。" - - #: ../src/firewall-config.glade.h:107 - msgid "Source Ports" -@@ -1175,8 +1160,7 @@ msgid "" - "network to the internet. Your local network will not be visible and the " - "hosts appear as a single address on the internet. Masquerading is IPv4 only." - msgstr "" --"如果您要设置一台将您的本地网络连接到互联网的主机或者路由器,伪装是很有用的。" --"您的本地网络将不可见,且该主机是以单一地址的形式出现在互联网中。伪装仅适用于 " -+"如果您要设置一台将您的本地网络连接到互联网的主机或者路由器,伪装是很有用的。您的本地网络将不可见,且该主机是以单一地址的形式出现在互联网中。伪装仅适用于 " - "IPv4。" - - #: ../src/firewall-config.glade.h:109 -@@ -1200,8 +1184,7 @@ msgid "" - "system is only useful if the interface is masqueraded. Port forwarding is " - "IPv4 only." - msgstr "" --"添加条目来转发端口,可以是从本地系统的一个端口到另一个端口,也可以是从本地系" --"统到另一个系统。转发到另一个系统只在接口是伪装的时候有用。端口转发只适用于 " -+"添加条目来转发端口,可以是从本地系统的一个端口到另一个端口,也可以是从本地系统到另一个系统。转发到另一个系统只在接口是伪装的时候有用。端口转发只适用于 " - "IPv4。" - - #: ../src/firewall-config.glade.h:113 -@@ -1221,25 +1204,21 @@ msgid "" - "The Internet Control Message Protocol (ICMP) is mainly used to send error " - "messages between networked computers, but additionally for informational " - "messages like ping requests and replies." --msgstr "" --"互联网控制报文协议(ICMP)主要用于在联网的计算机间发送出错信息,但也发送类似 " --"ping 请求以及回应等信息。" -+msgstr "互联网控制报文协议(ICMP)主要用于在联网的计算机间发送出错信息,但也发送类似 ping 请求以及回应等信息。" - - #: ../src/firewall-config.glade.h:117 - msgid "" - "Mark the ICMP types in the list, which should be rejected. All other ICMP " - "types are allowed to pass the firewall. The default is no limitation." --msgstr "" --"在列表中标记应该被拒绝的 ICMP 类型。所有其它 ICMP 类型则被允许通过防火墙。默" --"认设置是没有限制。" -+msgstr "在列表中标记应该被拒绝的 ICMP 类型。所有其它 ICMP 类型则被允许通过防火墙。默认设置是没有限制。" - - #: ../src/firewall-config.glade.h:118 - msgid "" - "If Invert Filter is enabled, marked ICMP entries are accepted and the others " - "are rejected. In a zone with the target DROP, they are dropped." - msgstr "" --"如果启用了反向过滤器(Invert Filter),作了标记的 ICMP 条目都被会被接受,而其" --"他条目则会被拒绝。在带有目标 DROP 的区里,它们会被丢弃。" -+"如果启用了反向过滤器(Invert Filter),作了标记的 ICMP 条目都被会被接受,而其他条目则会被拒绝。在带有目标 DROP " -+"的区里,它们会被丢弃。" - - #: ../src/firewall-config.glade.h:119 - msgid "Invert Filter" -@@ -1273,9 +1252,7 @@ msgstr "富规则" - msgid "" - "Add entries to bind interfaces to the zone. If the interface will be used by " - "a connection, the zone will be set to the zone specified in the connection." --msgstr "" --"增加入口以将接口加入区域。若接口已经被连接占用,区域将被设定为连接所指定的区" --"域。" -+msgstr "增加入口以将接口加入区域。若接口已经被连接占用,区域将被设定为连接所指定的区域。" - - #: ../src/firewall-config.glade.h:127 - msgid "Add Interface" -@@ -1294,9 +1271,7 @@ msgid "" - "Add entries to bind source addresses or areas to the zone. You can also bind " - "to a MAC source address, but with limitations. Port forwarding and " - "masquerading will not work for MAC source bindings." --msgstr "" --"添加条目以便在该区域绑定源地址或范围。还可以绑定到 MAC 源地址,但会有所限制。" --"端口转发及伪装不适用于 MAC 源绑定。" -+msgstr "添加条目以便在该区域绑定源地址或范围。还可以绑定到 MAC 源地址,但会有所限制。端口转发及伪装不适用于 MAC 源绑定。" - - #: ../src/firewall-config.glade.h:132 - msgid "Add Source" -@@ -1361,9 +1336,8 @@ msgid "Source Port" - msgstr "源端口" - - #: ../src/firewall-config.glade.h:148 --#, fuzzy - msgid "Netfilter helper modules are needed for some services." --msgstr "某些服务需要网络过滤辅助模块" -+msgstr "需要对某些服务使用网络过滤帮助程序模块。" - - #: ../src/firewall-config.glade.h:149 - msgid "Modules" -@@ -1374,9 +1348,7 @@ msgid "" - "If you specify destination addresses, the service entry will be limited to " - "the destination address and type. If both entries are empty, there is no " - "limitation." --msgstr "" --"如果您指定了目的地址,服务项目将仅限于目的地址和类型。如果两个项目均为空,则" --"没有限制。" -+msgstr "如果您指定了目的地址,服务项目将仅限于目的地址和类型。如果两个项目均为空,则没有限制。" - - #: ../src/firewall-config.glade.h:151 - msgid "IPv4:" -@@ -1396,8 +1368,7 @@ msgstr "仅可以在永久配置视图中修改服务。运行时配置中的服 - msgid "" - "An IPSet can be used to create white or black lists and is able to store for " - "example IP addresses, port numbers or MAC addresses. " --msgstr "" --"可使用 IPSet 创建白名单或黑名单,以便保存 IP 地址、端口号或者 MAC 地址。" -+msgstr "可使用 IPSet 创建白名单或黑名单,以便保存 IP 地址、端口号或者 MAC 地址。" - - #: ../src/firewall-config.glade.h:155 - msgid "IPSet" -@@ -1426,16 +1397,14 @@ msgid "" - "added by firewalld. Entries, that have been directly added with the ipset " - "command wil not be listed here." - msgstr "" --"IPSet 条目。只能看到不使用 timeout 选项的 ipset 条目以及已经由 firewalld 添加" --"的条目。这里不会列出直接由 ipset 命令添加的条目。" -+"IPSet 条目。只能看到不使用 timeout 选项的 ipset 条目以及已经由 firewalld 添加的条目。这里不会列出直接由 ipset " -+"命令添加的条目。" - - #: ../src/firewall-config.glade.h:161 - msgid "" - "This IPSet uses the timeout option, therefore no entries are visible here. " - "The entries should be taken care directly with the ipset command." --msgstr "" --"这个 IPSet 使用 timeout 选项,因此在这个看不到。应直接使用 ipset 命令处理该条" --"目。" -+msgstr "这个 IPSet 使用 timeout 选项,因此在这个看不到。应直接使用 ipset 命令处理该条目。" - - #: ../src/firewall-config.glade.h:162 - msgid "Add" -@@ -1480,8 +1449,7 @@ msgstr "指定是否该 ICMP 类型可用于 IPv4 和/或 IPv6。" - msgid "" - "ICMP Types can only be changed in the permanent configuration view. The " - "runtime configuration of ICMP Types is fixed." --msgstr "" --"仅可以在永久配置视图中修改 ICMP 类型。运行时配置中的 ICMP 类型是固定的。" -+msgstr "仅可以在永久配置视图中修改 ICMP 类型。运行时配置中的 ICMP 类型是固定的。" - - #: ../src/firewall-config.glade.h:173 - msgid "" -@@ -1490,10 +1458,11 @@ msgid "" - "are using ports that are unrelated to the signaling connection and are " - "therefore blocked by the firewall without the helper." - msgstr "" -+"正在指派连接跟踪帮助程序,以确保使用不同信号发送和数据传输流程的协议正常工作。数据传输使用的是与信号发送连接不相关的端口,因此若没有该帮助程序将会被防火墙阻挡。" - - #: ../src/firewall-config.glade.h:174 - msgid "Define ports or port ranges, which are monitored by the helper." --msgstr "" -+msgstr "定义帮助程序将监视的端口或端口范围。" - - #: ../src/firewall-config.glade.h:175 - msgid "" -@@ -1502,9 +1471,8 @@ msgid "" - "commands, parameters and targets. Direct configuration should be used only " - "as a last resort when it is not possible to use other firewalld features." - msgstr "" --"直接配置给予直接访问防火墙方式。这些选项需要用户了解基本的 iptables 概念,比" --"如表、链、命令、参数和目标。直接配置应该仅用于当其他 firewalld 功能都不可用时" --"的最后手段。" -+"直接配置给予直接访问防火墙方式。这些选项需要用户了解基本的 iptables 概念,比如表、链、命令、参数和目标。直接配置应该仅用于当其他 " -+"firewalld 功能都不可用时的最后手段。" - - #: ../src/firewall-config.glade.h:176 - msgid "" -@@ -1512,8 +1480,8 @@ msgid "" - "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " - "bridges (ebtables)." - msgstr "" --"每个操作的 IPV 参数应为 ipv4 或 ipv6 或 eb。ipv4 用于 iptables,ipv6 用于 " --"ip6tables,eb 用于以太网桥接(ebtables)。" -+"每个操作的 IPV 参数应为 ipv4 或 ipv6 或 eb。ipv4 用于 iptables,ipv6 用于 ip6tables,eb " -+"用于以太网桥接(ebtables)。" - - #: ../src/firewall-config.glade.h:177 - msgid "Additional chains for use with rules." -@@ -1549,9 +1517,8 @@ msgid "" - "after another one, use a low priority for the first and a higher for the " - "following." - msgstr "" --"优先级用于规则排序。优先级0 代表在链顶端添加规则,更大的优先级将添加到链下" --"方。优先级相同的规则将具备相同的级别,排序并不固定并有可能变化。如果您想要确" --"保一个规则会在另外一个后添加,需为前者指定低优先级而为后者指定高优先级。" -+"优先级用于规则排序。优先级0 " -+"代表在链顶端添加规则,更大的优先级将添加到链下方。优先级相同的规则将具备相同的级别,排序并不固定并有可能变化。如果您想要确保一个规则会在另外一个后添加,需为前者指定低优先级而为后者指定高优先级。" - - #: ../src/firewall-config.glade.h:184 - msgid "Add Rule" -@@ -1574,9 +1541,7 @@ msgid "" - "The passthrough rules are directly passed through to the firewall and are " - "not placed in special chains. All iptables, ip6tables and ebtables options " - "can be used." --msgstr "" --"穿通规则将被直接传递给防火墙而不会放置到特殊链中。可以使用所有 iptables、" --"ip6tables 和 ebtables 选项。" -+msgstr "穿通规则将被直接传递给防火墙而不会放置到特殊链中。可以使用所有 iptables、ip6tables 和 ebtables 选项。" - - #: ../src/firewall-config.glade.h:189 - msgid "Please be careful with passthrough rules to not damage the firewall." -@@ -1604,8 +1569,7 @@ msgid "" - "firewalld. It limits changes to the firewall. The lockdown whitelist can " - "contain commands, contexts, users and user ids." - msgstr "" --"锁定功能是适用于 firewalld 的轻量级用户和应用程序规范。它保证变更仅限于防火" --"墙。锁定白名单可以包含命令、上下文、用户和用户 ID。" -+"锁定功能是适用于 firewalld 的轻量级用户和应用程序规范。它保证变更仅限于防火墙。锁定白名单可以包含命令、上下文、用户和用户 ID。" - - #: ../src/firewall-config.glade.h:195 - msgid "" -@@ -1613,8 +1577,8 @@ msgid "" - "service. To get the context of a running application use ps -e --" - "context." - msgstr "" --"上下文是正在运行的应用程序或服务的安全(SELinux)上下文。请使用 ps -e --" --"context 获取正在运行的应用程序的上下文。" -+"上下文是正在运行的应用程序或服务的安全(SELinux)上下文。请使用 ps -e --context " -+"获取正在运行的应用程序的上下文。" - - #: ../src/firewall-config.glade.h:196 - msgid "Add Context" -@@ -1637,9 +1601,7 @@ msgid "" - "If a command entry on the whitelist ends with an asterisk '*', then all " - "command lines starting with the command will match. If the '*' is not there " - "the absolute command inclusive arguments must match." --msgstr "" --"如果在白名单输入的命令以 '*' 星号结尾,则匹配所有以其开头的命令。如果不含 " --"'*' 则命令和其中的参数必须绝对匹配。" -+msgstr "如果在白名单输入的命令以 '*' 星号结尾,则匹配所有以其开头的命令。如果不含 '*' 则命令和其中的参数必须绝对匹配。" - - #: ../src/firewall-config.glade.h:201 - msgid "Add Command Line" -@@ -1717,7 +1679,7 @@ msgctxt "" - "Meaning: Log of denied packets. But this is too long. LogDenied is also the " - "parameter used in firewalld.conf." - msgid "Automatic Helpers:" --msgstr "" -+msgstr "自动帮助程序:" - - #: ../src/firewall-config.glade.h:219 - msgid "Lockdown:" -@@ -1729,7 +1691,7 @@ msgstr "默认区域:" - - #: ../src/firewall-config.glade.h:222 - msgid "Please enter an interface name:" --msgstr "" -+msgstr "请输入接口名称:" - - #: ../src/firewall-config.glade.h:223 - msgid "Base IPSet Settings" -@@ -1773,7 +1735,7 @@ msgstr "请选择 ipset:" - - #: ../src/firewall-config.glade.h:234 - msgid "Please enter an ipset entry:" --msgstr "" -+msgstr "请输入 ipset 条目:" - - #: ../src/firewall-config.glade.h:235 - msgid "Log Denied" -@@ -1805,7 +1767,7 @@ msgstr "掩码:" - - #: ../src/firewall-config.glade.h:242 - msgid "Please select a netfilter conntrack helper:" --msgstr "" -+msgstr "请选择网络过滤 conntrack 帮助程序:" - - #: ../src/firewall-config.glade.h:243 - msgid "- Select -" -@@ -1881,8 +1843,8 @@ msgstr "反转" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." - msgstr "若启用该项,操作需为'reject'并且家族选择'ipv4'或'ipv6'(但不能同时选择)" - - #: ../src/firewall-config.glade.h:267 -@@ -1927,7 +1889,7 @@ msgstr "请选择一个服务。" - - #: ../src/firewall-config.glade.h:297 - msgid "Please enter a source." --msgstr "" -+msgstr "请输入来源。" - - #: ../src/firewall-config.glade.h:298 - msgid "User ID" -diff --git a/po/zh_TW.po b/po/zh_TW.po -index 1f5f74cc7a63..02970d500a31 100644 ---- a/po/zh_TW.po -+++ b/po/zh_TW.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # Ben Wu , 2002-2004 - # Chester Cheng , 2004-2006,2010,2014 -@@ -15,20 +15,21 @@ - # Chester Cheng , 2016. #zanata - # Terry Chuang , 2016. #zanata - # Cheng-Chia Tseng , 2017. #zanata -+# Eric Garver , 2018. #zanata - # Peter Pan , 2018. #zanata - msgid "" - msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" - "POT-Creation-Date: 2018-10-11 15:05-0400\n" --"PO-Revision-Date: 2018-08-13 01:35+0000\n" --"Last-Translator: Peter Pan \n" --"Language-Team: Chinese (Taiwan) (http://www.transifex.com/projects/p/" --"firewalld/language/zh_TW/)\n" --"Language: zh_TW\n" - "MIME-Version: 1.0\n" - "Content-Type: text/plain; charset=UTF-8\n" - "Content-Transfer-Encoding: 8bit\n" -+"PO-Revision-Date: 2018-11-16 08:29+0000\n" -+"Last-Translator: Copied by Zanata \n" -+"Language-Team: Chinese (Taiwan) (http://www.transifex.com/projects/p/" -+"firewalld/language/zh_TW/)\n" -+"Language: zh_TW\n" - "Plural-Forms: nplurals=1; plural=0;\n" - "X-Generator: Zanata 4.6.2\n" - -@@ -87,9 +88,7 @@ msgstr "您可以在這裡選取「防禦展開」與「防禦卸下」所要使 - msgid "" - "This feature is useful for people using the default zones mostly. For users, " - "that are changing zones of connections, it might be of limited use." --msgstr "" --"此功能對於大多數使用預設界域的人來說很有用處。至於更改連線的界域之使用者,這" --"可能用處不大。" -+msgstr "此功能對於大多數使用預設界域的人來說很有用處。至於更改連線的界域之使用者,這可能用處不大。" - - #: ../src/firewall-applet.in:235 - msgid "Shields Up Zone:" -@@ -168,7 +167,7 @@ msgstr "授權失敗。" - - #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2282 - msgid "Invalid name" --msgstr "無效的引數 %s" -+msgstr "無效的名稱" - - #: ../src/firewall-applet.in:596 ../src/firewall-config.in:2286 - msgid "Name already exists" -@@ -207,12 +206,12 @@ msgstr "預設界域:「%s」" - msgid "" - "Default Zone '{default_zone}' active for connection '{connection}' on " - "interface '{interface}'" --msgstr "" --"預設界域「{default_zone}」使用中:連線「{connection}」,介面「{interface}」" -+msgstr "預設界域「{default_zone}」使用中:連線「{connection}」,介面「{interface}」" - - #: ../src/firewall-applet.in:880 - msgid "" --"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" -+"Zone '{zone}' active for connection '{connection}' on interface " -+"'{interface}'" - msgstr "界域「{zone}」使用中:連線「{connection}」,介面「{interface}」" - - #: ../src/firewall-applet.in:892 -@@ -261,16 +260,13 @@ msgid "" - "Default zone '{default_zone}' {activated_deactivated} for connection " - "'{connection}' on interface '{interface}'" - msgstr "" --"預設界域「{default_zone}」{activated_deactivated}:連線「{connection}」,介面" --"「{interface}」" -+"預設界域「{default_zone}」{activated_deactivated}:連線「{connection}」,介面「{interface}」" - - #: ../src/firewall-applet.in:1042 - msgid "" - "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " - "interface '{interface}'" --msgstr "" --"界域「{zone}」{activated_deactivated}:連線「{connection}」,介面" --"「{interface}」" -+msgstr "界域「{zone}」{activated_deactivated}:連線「{connection}」,介面「{interface}」" - - #: ../src/firewall-applet.in:1047 - msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" -@@ -302,7 +298,7 @@ msgstr "正在嘗試連上 firewalld,等待中..." - msgid "" - "Failed to connect to firewalld. Please make sure that the service has been " - "started correctly and try again." --msgstr "無法連線到 firewalld。請確保服務已經正確啟動,並且重試。" -+msgstr "連接 firewalld 失敗。請確定該服務已正常啟動,然後重試。" - - #: ../src/firewall-config.in:95 - msgid "Changes applied." -@@ -348,15 +344,15 @@ msgstr "使用者 ID" - - #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 - msgid "Table" --msgstr "表格" -+msgstr "表" - - #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 - msgid "Chain" --msgstr "鏈條" -+msgstr "鏈" - - #: ../src/firewall-config.in:322 - msgid "Priority" --msgstr "優先等級" -+msgstr "優先程度" - - #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 - msgid "Args" -@@ -653,11 +649,9 @@ msgstr "ipv6" - - #: ../src/firewall-config.in:5014 - msgid "" --"Forwarding to another system is only useful if the interface is " --"masqueraded.\n" -+"Forwarding to another system is only useful if the interface is masqueraded.\n" - "Do you want to masquerade this zone ?" --msgstr "" --"轉送至其他系統的功能僅在介面為偽裝之時才會有用。\n" -+msgstr "轉送至其他系統的功能僅在介面為偽裝之時才會有用。\n" - "您是否想要偽裝此界域?" - - #: ../src/firewall-config.in:5376 -@@ -688,8 +682,7 @@ msgstr "請從格式位址(或遮罩)輸入 IPV4 或 IPV6 位址。" - msgid "" - "The mask can be a network mask or a number for ipv4.\n" - "The mask is a number for ipv6." --msgstr "" --"IPv4 遮罩可以是網路遮罩或數字。\n" -+msgstr "IPv4 遮罩可以是網路遮罩或數字。\n" - "IPv6 遮罩是數字。" - - #: ../src/firewall-config.in:5776 -@@ -843,8 +836,7 @@ msgstr "目的地" - msgid "" - "If you enable local forwarding, you have to specify a port. This port has to " - "be different to the source port." --msgstr "" --"若您啟用本地端轉送,您就必須要指定連接埠。這個連接埠必須和來源連接埠不同。" -+msgstr "若您啟用本地端轉送,您就必須要指定連接埠。這個連接埠必須和來源連接埠不同。" - - #: ../src/firewall-config.glade.h:30 - msgid "Local forwarding" -@@ -952,9 +944,7 @@ msgid "" - "runtime configuration. i.e. all runtime only changes done until reload are " - "lost with reload if they have not been also in permanent configuration." - msgstr "" --"重新載入防火牆規則。目前的永久組態會變成新的執行時期組態。舉例,所有的執行時" --"期下的變動直到重新載入前都會有效:只要改變不是設在永久組態中,那麼一旦重新載" --"入後所有改動都會消失。" -+"重新載入防火牆規則。目前的永久組態會變成新的執行時期組態。舉例,所有的執行時期下的變動直到重新載入前都會有效:只要改變不是設在永久組態中,那麼一旦重新載入後所有改動都會消失。" - - #: ../src/firewall-config.glade.h:60 - msgid "Change which zone a network connection belongs to." -@@ -996,8 +986,7 @@ msgstr "恐慌模式" - msgid "" - "Lockdown locks firewall configuration so that only applications on lockdown " - "whitelist are able to change it." --msgstr "" --"封鎖管制會鎖上防火牆組態,只有封鎖管制白名單中列出的應用程式可以改動組態。" -+msgstr "封鎖管制會鎖上防火牆組態,只有封鎖管制白名單中列出的應用程式可以改動組態。" - - #: ../src/firewall-config.glade.h:71 - msgid "Lockdown" -@@ -1070,9 +1059,7 @@ msgid "" - "Currently visible configuration. Runtime configuration is the actual active " - "configuration. Permanent configuration will be active after service or " - "system reload or restart." --msgstr "" --"目前可見的組態。執行時期組態為實際使用中組態。永久組態將在服務或系統重新載入" --"或重新啟動之後啟動。" -+msgstr "目前可見的組態。執行時期組態為實際使用中組態。永久組態將在服務或系統重新載入或重新啟動之後啟動。" - - #: ../src/firewall-config.glade.h:88 - msgid "" -@@ -1082,9 +1069,8 @@ msgid "" - "filters and rich rules. The zone can be bound to interfaces and source " - "addresses." - msgstr "" --"firewalld 界域所定義的是綁定該界域之網路連線、介面、來源位址的信任等級。界域" --"能結合服務、連接埠、協定、偽裝、連接埠/封包轉送、icmp 過濾、豐富規則等。界域" --"可以與介面、來源位址等綁定。" -+"firewalld 界域所定義的是綁定該界域之網路連線、介面、來源位址的信任等級。界域能結合服務、連接埠、協定、偽裝、連接埠/封包轉送、icmp " -+"過濾、豐富規則等。界域可以與介面、來源位址等綁定。" - - #: ../src/firewall-config.glade.h:90 - msgid "Add Zone" -@@ -1107,9 +1093,7 @@ msgid "" - "Here you can define which services are trusted in the zone. Trusted services " - "are accessible from all hosts and networks that can reach the machine from " - "connections, interfaces and sources bound to this zone." --msgstr "" --"你可以在此處定義該界域中有哪些服務值得信任。只要此界域所綁定之連線、介面、來" --"源的主機與網路能觸及本機,則皆可存取這些信任的服務。" -+msgstr "你可以在此處定義該界域中有哪些服務值得信任。只要此界域所綁定之連線、介面、來源的主機與網路能觸及本機,則皆可存取這些信任的服務。" - - #: ../src/firewall-config.glade.h:95 - msgid "Services" -@@ -1173,8 +1157,8 @@ msgid "" - "network to the internet. Your local network will not be visible and the " - "hosts appear as a single address on the internet. Masquerading is IPv4 only." - msgstr "" --"偽裝可讓您設置個能讓您本本地端網路連至網際網路的主機或路由器。您的本地端網路" --"不會被看見,且眾主機在網際網路上會顯示成單一位址。偽裝功能僅適用於 IPv4。" -+"偽裝可讓您設置個能讓您本本地端網路連至網際網路的主機或路由器。您的本地端網路不會被看見,且眾主機在網際網路上會顯示成單一位址。偽裝功能僅適用於 " -+"IPv4。" - - #: ../src/firewall-config.glade.h:109 - msgid "Masquerade zone" -@@ -1197,8 +1181,7 @@ msgid "" - "system is only useful if the interface is masqueraded. Port forwarding is " - "IPv4 only." - msgstr "" --"新增條目來從本地端系統上的一個連接埠轉送至另一個連接埠,或由本地端系統轉送至" --"另一部系統。僅在介面卡偽裝時才能轉送至另一部系統。連接埠轉送功能僅適用於 " -+"新增條目來從本地端系統上的一個連接埠轉送至另一個連接埠,或由本地端系統轉送至另一部系統。僅在介面卡偽裝時才能轉送至另一部系統。連接埠轉送功能僅適用於 " - "IPv4。" - - #: ../src/firewall-config.glade.h:113 -@@ -1219,24 +1202,20 @@ msgid "" - "messages between networked computers, but additionally for informational " - "messages like ping requests and replies." - msgstr "" --"網際網路控制訊息通訊協定 (Internet Control Message Protocol, ICMP) 主要用在連" --"網電腦間錯誤訊息的傳送,不過也能被用來傳送像是 ping 請求和回應的資訊訊息。" -+"網際網路控制訊息通訊協定 (Internet Control Message Protocol, ICMP) " -+"主要用在連網電腦間錯誤訊息的傳送,不過也能被用來傳送像是 ping 請求和回應的資訊訊息。" - - #: ../src/firewall-config.glade.h:117 - msgid "" - "Mark the ICMP types in the list, which should be rejected. All other ICMP " - "types are allowed to pass the firewall. The default is no limitation." --msgstr "" --"將清單中應被拒絕的 ICMP 類型標記起來。其他所有 ICMP 則允許通過防火牆。預設值" --"為無限制。" -+msgstr "將清單中應被拒絕的 ICMP 類型標記起來。其他所有 ICMP 則允許通過防火牆。預設值為無限制。" - - #: ../src/firewall-config.glade.h:118 - msgid "" - "If Invert Filter is enabled, marked ICMP entries are accepted and the others " - "are rejected. In a zone with the target DROP, they are dropped." --msgstr "" --"如果啟用了反轉篩選器,系統會接受已標示的 ICMP 項目,但拒絕其他項目。在目標為 " --"DROP 的界域中,它們會被丟棄。" -+msgstr "如果啟用了反轉篩選器,系統會接受已標示的 ICMP 項目,但拒絕其他項目。在目標為 DROP 的界域中,它們會被丟棄。" - - #: ../src/firewall-config.glade.h:119 - msgid "Invert Filter" -@@ -1270,9 +1249,7 @@ msgstr "豐富規則" - msgid "" - "Add entries to bind interfaces to the zone. If the interface will be used by " - "a connection, the zone will be set to the zone specified in the connection." --msgstr "" --"請添加條目來將介面與此界域綁定。如果介面會被某連線使用,則界域將被設為連線中" --"所指定的界域。" -+msgstr "請添加條目來將介面與此界域綁定。如果介面會被某連線使用,則界域將被設為連線中所指定的界域。" - - #: ../src/firewall-config.glade.h:127 - msgid "Add Interface" -@@ -1292,8 +1269,8 @@ msgid "" - "to a MAC source address, but with limitations. Port forwarding and " - "masquerading will not work for MAC source bindings." - msgstr "" --"請添加條目來將來源位址或區域與此界域綁定。您也可以綁定至 MAC 來源位址,但有限" --"制。port forwarding 與 masquerading 都無法在 MAC 來源綁定上運作。" -+"請添加條目來將來源位址或區域與此界域綁定。您也可以綁定至 MAC 來源位址,但有限制。port forwarding 與 masquerading " -+"都無法在 MAC 來源綁定上運作。" - - #: ../src/firewall-config.glade.h:132 - msgid "Add Source" -@@ -1370,8 +1347,7 @@ msgid "" - "If you specify destination addresses, the service entry will be limited to " - "the destination address and type. If both entries are empty, there is no " - "limitation." --msgstr "" --"若您指定目標位址,服務條目將限於目的地位址與類型。若兩條目皆空,則沒有限制。" -+msgstr "若您指定目標位址,服務條目將限於目的地位址與類型。若兩條目皆空,則沒有限制。" - - #: ../src/firewall-config.glade.h:151 - msgid "IPv4:" -@@ -1391,9 +1367,7 @@ msgstr "服務僅可以在永久組態檢視下更動。服務的執行時期組 - msgid "" - "An IPSet can be used to create white or black lists and is able to store for " - "example IP addresses, port numbers or MAC addresses. " --msgstr "" --"IPSet 可以用來建立白名單或黑名單,且可以儲存例如 IP 位址、連接埠號、或 MAC 位" --"址等。" -+msgstr "IPSet 可以用來建立白名單或黑名單,且可以儲存例如 IP 位址、連接埠號、或 MAC 位址等。" - - #: ../src/firewall-config.glade.h:155 - msgid "IPSet" -@@ -1422,16 +1396,14 @@ msgid "" - "added by firewalld. Entries, that have been directly added with the ipset " - "command wil not be listed here." - msgstr "" --"IPSet 的條目。您只能看到未使用逾時選項的 IPset 條目,以及加入 firewalld 的條" --"目。已經透過 ipset 指令直接加入的條目不會在此列出。" -+"IPSet 的條目。您只能看到未使用逾時選項的 IPset 條目,以及加入 firewalld 的條目。已經透過 ipset " -+"指令直接加入的條目不會在此列出。" - - #: ../src/firewall-config.glade.h:161 - msgid "" - "This IPSet uses the timeout option, therefore no entries are visible here. " - "The entries should be taken care directly with the ipset command." --msgstr "" --"這 IPSet 使用逾時值,因此此處看不到任何條目。這些條目應該直接透過 ipset 指令" --"來處理。" -+msgstr "這 IPSet 使用逾時值,因此此處看不到任何條目。這些條目應該直接透過 ipset 指令來處理。" - - #: ../src/firewall-config.glade.h:162 - msgid "Add" -@@ -1451,8 +1423,8 @@ msgid "" - "A firewalld icmptype provides the information for an Internet Control " - "Message Protocol (ICMP) type for firewalld." - msgstr "" --"firewalld icmptype 為 firewalld 提供網際網路控制訊息協定 (ICMP,Internet " --"Control Message Protocol) 類型資訊。" -+"firewalld icmptype 為 firewalld 提供網際網路控制訊息協定 (ICMP,Internet Control Message " -+"Protocol) 類型資訊。" - - #: ../src/firewall-config.glade.h:167 - msgid "Add ICMP Type" -@@ -1478,8 +1450,7 @@ msgstr "指明此 ICMP 類型在 IPv4 與/或 IPv6 中是否可用。" - msgid "" - "ICMP Types can only be changed in the permanent configuration view. The " - "runtime configuration of ICMP Types is fixed." --msgstr "" --"ICMP 類型僅可以在永久組態檢視下更動。ICMP 類型的執行時期組態是固定不變的。" -+msgstr "ICMP 類型僅可以在永久組態檢視下更動。ICMP 類型的執行時期組態是固定不變的。" - - #: ../src/firewall-config.glade.h:173 - msgid "" -@@ -1487,9 +1458,7 @@ msgid "" - "using different flows for signaling and data transfers. The data transfers " - "are using ports that are unrelated to the signaling connection and are " - "therefore blocked by the firewall without the helper." --msgstr "" --"連線追蹤輔助器是要輔助使用不同訊號、資料傳輸流向的協定運作。資料傳輸若使用無" --"關訊號連線的連接埠,在沒有輔助器的情況下會被防火牆封鎖。" -+msgstr "連線追蹤輔助器是要輔助使用不同訊號、資料傳輸流向的協定運作。資料傳輸若使用無關訊號連線的連接埠,在沒有輔助器的情況下會被防火牆封鎖。" - - #: ../src/firewall-config.glade.h:174 - msgid "Define ports or port ranges, which are monitored by the helper." -@@ -1502,9 +1471,8 @@ msgid "" - "commands, parameters and targets. Direct configuration should be used only " - "as a last resort when it is not possible to use other firewalld features." - msgstr "" --"直接組態讓您可以更直接地存取防火牆。這些選項需要使用者知曉基礎的 iptables 概" --"念,例如表格、鏈條、指令、參數、目標等。直接組態應該謹以「最後的避風港」的心" --"態對待,只在無法使用其他 firewalld 功能時才使用。" -+"直接組態讓您可以更直接地存取防火牆。這些選項需要使用者知曉基礎的 iptables " -+"概念,例如表格、鏈條、指令、參數、目標等。直接組態應該謹以「最後的避風港」的心態對待,只在無法使用其他 firewalld 功能時才使用。" - - #: ../src/firewall-config.glade.h:176 - msgid "" -@@ -1512,8 +1480,8 @@ msgid "" - "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " - "bridges (ebtables)." - msgstr "" --"每個選項的 ipv 引數必須是 ipv4 或 ipv6 或 eb。ipv4 用於 iptables,ipv6 用於 " --"ip6tables,而 eb 用於乙太網路接橋 (ebtables)。" -+"每個選項的 ipv 引數必須是 ipv4 或 ipv6 或 eb。ipv4 用於 iptables,ipv6 用於 ip6tables,而 eb " -+"用於乙太網路接橋 (ebtables)。" - - #: ../src/firewall-config.glade.h:177 - msgid "Additional chains for use with rules." -@@ -1549,10 +1517,8 @@ msgid "" - "after another one, use a low priority for the first and a higher for the " - "following." - msgstr "" --"優先等級用來排序規則。優先等級 0 代表將規則加到鏈條頂端;優先等級數字越高,規" --"則會越往後擺放。相同優先等級的規則位在同個等級中,而這些規則的順序並非固定而" --"可能變動。如果您想要確保某規則在某個規則之後才加入,前者請使用較低的優先等" --"級,後者請使用較高的優先等級。" -+"優先等級用來排序規則。優先等級 0 " -+"代表將規則加到鏈條頂端;優先等級數字越高,規則會越往後擺放。相同優先等級的規則位在同個等級中,而這些規則的順序並非固定而可能變動。如果您想要確保某規則在某個規則之後才加入,前者請使用較低的優先等級,後者請使用較高的優先等級。" - - #: ../src/firewall-config.glade.h:184 - msgid "Add Rule" -@@ -1575,9 +1541,7 @@ msgid "" - "The passthrough rules are directly passed through to the firewall and are " - "not placed in special chains. All iptables, ip6tables and ebtables options " - "can be used." --msgstr "" --"通透規則會直接傳遞給防火牆,而不會放入特殊鏈條中。所有的 iptabls、ip6tables " --"與 ebtables 選項皆可使用。" -+msgstr "通透規則會直接傳遞給防火牆,而不會放入特殊鏈條中。所有的 iptabls、ip6tables 與 ebtables 選項皆可使用。" - - #: ../src/firewall-config.glade.h:189 - msgid "Please be careful with passthrough rules to not damage the firewall." -@@ -1605,8 +1569,7 @@ msgid "" - "firewalld. It limits changes to the firewall. The lockdown whitelist can " - "contain commands, contexts, users and user ids." - msgstr "" --"封鎖管制功能是 firewalld 其使用者與應用程式方針的輕量版。它會限制防火牆的更" --"動。封鎖管制白名單可以包含指令、情境、使用者與使用者 ID。" -+"封鎖管制功能是 firewalld 其使用者與應用程式方針的輕量版。它會限制防火牆的更動。封鎖管制白名單可以包含指令、情境、使用者與使用者 ID。" - - #: ../src/firewall-config.glade.h:195 - msgid "" -@@ -1614,8 +1577,8 @@ msgid "" - "service. To get the context of a running application use ps -e --" - "context." - msgstr "" --"情境是指執行中應用程式或服務的安全情境 (SELinux 情境)。若要取得執行中應用程式" --"的情境,請使用指令 ps -e --context。" -+"情境是指執行中應用程式或服務的安全情境 (SELinux 情境)。若要取得執行中應用程式的情境,請使用指令 ps -e --context。" - - #: ../src/firewall-config.glade.h:196 - msgid "Add Context" -@@ -1638,9 +1601,7 @@ msgid "" - "If a command entry on the whitelist ends with an asterisk '*', then all " - "command lines starting with the command will match. If the '*' is not there " - "the absolute command inclusive arguments must match." --msgstr "" --"如果白名單中的指令條目是以米字號「*」結尾,則所有以該指令列開頭的任何指令皆會" --"匹配。如果「*」並非結尾,則必須精確符合該指令與相關引數。" -+msgstr "如果白名單中的指令條目是以米字號「*」結尾,則所有以該指令列開頭的任何指令皆會匹配。如果「*」並非結尾,則必須精確符合該指令與相關引數。" - - #: ../src/firewall-config.glade.h:201 - msgid "Add Command Line" -@@ -1882,11 +1843,9 @@ msgstr "反轉" - - #: ../src/firewall-config.glade.h:266 - msgid "" --"To enable this Action has to be 'reject' and Family either 'ipv4' or " --"'ipv6' (not both)." --msgstr "" --"要啟用此功能,「動作」必須是「拒絕」而「家族」必須是「ipv4」或「ipv6」(而非" --"兩者)。" -+"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " -+"(not both)." -+msgstr "要啟用此功能,「動作」必須是「拒絕」而「家族」必須是「ipv4」或「ipv6」(而非兩者)。" - - #: ../src/firewall-config.glade.h:267 - msgid "with Type:" --- -2.18.0 - diff --git a/SOURCES/0007-services-steam-streaming-update-udp-ports.patch b/SOURCES/0007-services-steam-streaming-update-udp-ports.patch deleted file mode 100644 index 96e1711..0000000 --- a/SOURCES/0007-services-steam-streaming-update-udp-ports.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 2e5e2afd55a4dac47affaeddee0c510a0389cc6c Mon Sep 17 00:00:00 2001 -From: ykgmfq -Date: Fri, 2 Nov 2018 13:58:05 +0100 -Subject: [PATCH 07/34] services/steam-streaming: update udp ports - -See the changelog for 2018-10-11 at https://store.steampowered.com/news/?feed=steam_client - -(cherry picked from commit 2d958577968b8fc3baf515939cde4e0c1e0c482f) -(cherry picked from commit 52fd2d228debc156561e9a66100489eb942b9143) ---- - config/services/steam-streaming.xml | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/config/services/steam-streaming.xml b/config/services/steam-streaming.xml -index 0e0aca62a90e..59ca8faca9e7 100644 ---- a/config/services/steam-streaming.xml -+++ b/config/services/steam-streaming.xml -@@ -4,6 +4,5 @@ - Steam in-home streaming allows you to play a game on one computer when the game process is actually running on another computer elsewhere in your home. Through Steam, game audio and video is captured on the remote computer and sent to the player's computer. The game input (keyboard, mouse or gamepad) is sent from the player's computer to the game process on the remote computer. - - -- -- -+ - --- -2.18.0 - diff --git a/SOURCES/0007-test-new-macro-CHECK_MODULE_PROTO_GRE.patch b/SOURCES/0007-test-new-macro-CHECK_MODULE_PROTO_GRE.patch new file mode 100644 index 0000000..e9d0edb --- /dev/null +++ b/SOURCES/0007-test-new-macro-CHECK_MODULE_PROTO_GRE.patch @@ -0,0 +1,28 @@ +From cedbd55380bfcb60bc600d8d8833a4d9abab1080 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Mon, 17 Jun 2019 14:30:34 -0400 +Subject: [PATCH 07/20] test: new macro CHECK_MODULE_PROTO_GRE + +(cherry picked from commit af89dacab41d6dc6a42e992aa74a2d6f4a420abc) +--- + src/tests/functions.at | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/tests/functions.at b/src/tests/functions.at +index 69f71c133d15..7a0242cb33fb 100644 +--- a/src/tests/functions.at ++++ b/src/tests/functions.at +@@ -444,6 +444,10 @@ m4_define([CHECK_NFT_CT_HELPER], [ + ]) + ]) + ++m4_define([CHECK_MODULE_PROTO_GRE], [ ++ AT_SKIP_IF([! NS_CMD([modinfo nf_conntrack_proto_gre])]) ++]) ++ + m4_define([HOST_SUPPORTS_NFT_FIB], m4_esyscmd([ + KERNEL_MAJOR=`uname -r | cut -d. -f1` + KERNEL_MINOR=`uname -r | cut -d. -f2` +-- +2.20.1 + diff --git a/SOURCES/0008-fix-test-regression-pr323-skip-if-GRE-module-doesn-t.patch b/SOURCES/0008-fix-test-regression-pr323-skip-if-GRE-module-doesn-t.patch new file mode 100644 index 0000000..a6eef65 --- /dev/null +++ b/SOURCES/0008-fix-test-regression-pr323-skip-if-GRE-module-doesn-t.patch @@ -0,0 +1,30 @@ +From c4601cf33ba1c21c3233a33f39dff286c04a1872 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Mon, 17 Jun 2019 14:31:15 -0400 +Subject: [PATCH 08/20] fix: test/regression/pr323: skip if GRE module doesn't + exist + +Newer kernels use a built-in so the module nf_conntrack_proto_gre +doesn't exist. + +(cherry picked from commit 6cda87d3a532c5ca6e8ef74c03f2e7a6bb45627a) +--- + src/tests/regression/pr323.at | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/tests/regression/pr323.at b/src/tests/regression/pr323.at +index 7fd719d0ada2..25b09930c34a 100644 +--- a/src/tests/regression/pr323.at ++++ b/src/tests/regression/pr323.at +@@ -1,6 +1,8 @@ + FWD_START_TEST([GRE proto helper]) + AT_KEYWORDS(helper gh323) + ++CHECK_MODULE_PROTO_GRE ++ + FWD_CHECK([-q --add-protocol=gre]) + FWD_CHECK([-q --remove-protocol=gre]) + +-- +2.20.1 + diff --git a/SOURCES/0008-nftables-fix-panic-mode-not-filtering-output-packets.patch b/SOURCES/0008-nftables-fix-panic-mode-not-filtering-output-packets.patch deleted file mode 100644 index b2689a3..0000000 --- a/SOURCES/0008-nftables-fix-panic-mode-not-filtering-output-packets.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 6c779d426173f0a35fa7ed1a2c2fde802c5eee1d Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Mon, 3 Dec 2018 12:40:41 -0500 -Subject: [PATCH 08/34] nftables: fix panic mode not filtering output packets - -This simplifies policy in the nftables backend by filtering only on the -prerouting and output hooks. The others hooks are unnecessary since -we're using a higher precedence. - -Also fixes an issue when re-enabling panic mode multiple times. Due to -rule de-duplication the policy drop rule was not being re-added. - -Fixes: rhbz 1579740 -Fixes: a0f683dfef2c ("nftables: fix policy") -(cherry picked from commit 2f5608b4897ff99afbb1c2425a94df035031c1a2) -(cherry picked from commit 2b31106c5cb8ed299821f7978968c7fed6d23b37) ---- - src/firewall/core/nftables.py | 36 +++++++++-------------------------- - 1 file changed, 9 insertions(+), 27 deletions(-) - -diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py -index 69236a9600c2..44cd4f9e1752 100644 ---- a/src/firewall/core/nftables.py -+++ b/src/firewall/core/nftables.py -@@ -314,38 +314,20 @@ class nftables(object): - # packets while initially starting and for panic mode. As such, using - # hooks with a higher priority than our base chains is sufficient. - # -- table_chains = [] -- for table in list(IPTABLES_TO_NFT_HOOK.keys()): -- for chain in IPTABLES_TO_NFT_HOOK[table]: -- table_chains.append((table, chain)) -- - table_name = TABLE_NAME + "_" + "policy_drop" - -- def _policy_drop_helper(table, chain, family, rules): -- _chain = "%s_%s" % (table, chain) -- _hook = IPTABLES_TO_NFT_HOOK[table][chain][0] -- # add hooks with priority -1, only contain drop rule -- _priority = IPTABLES_TO_NFT_HOOK[table][chain][1] - 1 -- _add_chain = "add chain %s %s %s '{ type filter hook %s priority %d ; }'" % \ -- (family, table_name, _chain, _hook, _priority) -- rules.append(splitArgs(_add_chain)) -- rules.append(["add", "rule", family, table_name, _chain, "drop"]) -- - rules = [] - if policy == "DROP": -- for family in ["inet", "ip", "ip6"]: -- rules.append(["add", "table", family, table_name]) -- -- for table,chain in table_chains: -- if table == "nat": -- # nat requires two families -- for family in ["ip", "ip6"]: -- _policy_drop_helper(table, chain, family, rules) -- else: -- _policy_drop_helper(table, chain, "inet", rules) -+ rules.append(["add", "table", "inet", table_name]) -+ -+ # To drop everything we need to use the "raw" priority. These occur -+ # before conntrack, mangle, nat, etc -+ for hook in ["prerouting", "output"]: -+ _add_chain = "add chain inet %s %s_%s '{ type filter hook %s priority %d ; policy drop ; }'" % \ -+ (table_name, "raw", hook, hook, -300 + NFT_HOOK_OFFSET - 1) -+ rules.append(splitArgs(_add_chain)) - elif policy == "ACCEPT": -- for family in ["inet", "ip", "ip6"]: -- rules.append(["delete", "table", family, table_name]) -+ rules.append(["delete", "table", "inet", table_name]) - else: - FirewallError(UNKNOWN_ERROR, "not implemented") - --- -2.18.0 - diff --git a/SOURCES/0009-fw_zone-fix-rich-rule-masquerading.patch b/SOURCES/0009-fw_zone-fix-rich-rule-masquerading.patch deleted file mode 100644 index 5830825..0000000 --- a/SOURCES/0009-fw_zone-fix-rich-rule-masquerading.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 2bb98f4881d6ac73644e1a98c69032dd40e45c2f Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Wed, 5 Dec 2018 13:09:28 -0500 -Subject: [PATCH 09/34] fw_zone: fix rich rule masquerading - -We weren't passing the rich rule to the backend so filtering on -source/destination would not work. - -(cherry picked from commit 14acf26afe09ff9092bebbfc7ffe718b1758c573) -(cherry picked from commit bd784bfd009859583b3606268d6109f8aff6c037) ---- - src/firewall/core/fw_zone.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py -index ca90f7fba0d4..816fa50340b3 100644 ---- a/src/firewall/core/fw_zone.py -+++ b/src/firewall/core/fw_zone.py -@@ -1690,7 +1690,7 @@ class FirewallZone(object): - if backend.is_ipv_supported(ipv): - zone_transaction.add_post(enable_ip_forwarding, ipv) - -- rules = backend.build_zone_masquerade_rules(enable, zone) -+ rules = backend.build_zone_masquerade_rules(enable, zone, rule) - zone_transaction.add_rules(backend, rules) - - # FORWARD PORT --- -2.18.0 - diff --git a/SOURCES/0009-test-service-coverage-for-import-from-file.patch b/SOURCES/0009-test-service-coverage-for-import-from-file.patch new file mode 100644 index 0000000..b6353b3 --- /dev/null +++ b/SOURCES/0009-test-service-coverage-for-import-from-file.patch @@ -0,0 +1,36 @@ +From e34b1005145d950382808b7f1d776511b2d710fa Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Wed, 3 Jul 2019 10:41:07 -0400 +Subject: [PATCH 09/20] test: service: coverage for import from file + +(cherry picked from commit 40d8d6a105a7212db138e3afacf0f471676a8b78) +--- + src/tests/firewall-cmd.at | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/src/tests/firewall-cmd.at b/src/tests/firewall-cmd.at +index 6444b4566af5..7bb13aee0221 100644 +--- a/src/tests/firewall-cmd.at ++++ b/src/tests/firewall-cmd.at +@@ -319,6 +319,18 @@ FWD_START_TEST([user services]) + FWD_CHECK([--permanent --zone=public --list-services | grep foobar], 0, ignore) + FWD_CHECK([--permanent --delete-service=foobar], 0, ignore) + FWD_CHECK([--permanent --zone=public --list-services | grep foobar], 1, ignore) ++ ++ AT_DATA([./foobar-to-be-renamed], [m4_strip([dnl ++ ++ ++ ++ ++ ++ ]) ++ FWD_CHECK([--permanent --new-service-from-file="./foobar-to-be-renamed" --name="foobar-from-file"]) ++ FWD_CHECK([--permanent --get-services | grep foobar-from-file], 0, [ignore]) ++]) ++ + FWD_END_TEST([-e '/ERROR: NAME_CONFLICT: new_service():/d' dnl + -e '/ERROR: INVALID_ADDR:/d']) + +-- +2.20.1 + diff --git a/SOURCES/0010-fix-dbus-fix-service-API-break.patch b/SOURCES/0010-fix-dbus-fix-service-API-break.patch new file mode 100644 index 0000000..6ae9743 --- /dev/null +++ b/SOURCES/0010-fix-dbus-fix-service-API-break.patch @@ -0,0 +1,238 @@ +From 905f7eb62dd31a58b86fbfa191b2ce2482361b0b Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Mon, 24 Jun 2019 10:36:40 -0400 +Subject: [PATCH 10/20] fix: dbus: fix service API break + +This fixes a dbus API break that occurred when introducing service +includes. The includes were added to the method's tuple, but doing so +changed the dbus signature and thus broke the API. This restores the old +signature. + +Move to using key,value based import/export and sanity checking. +Previously we were using a tuple with semi-undocumented positions. + +Fixes: 1fc208bf9317 ("feat: service includes") +Fixes: rhbz 1721414 +(cherry picked from commit 335a68c1bba5b1b1fbd430505a485a9eb035360c) +--- + doc/xml/firewalld.dbus.xml | 5 ++- + src/firewall/core/fw_config.py | 59 +++++++++++++++++++++++++++++++- + src/firewall/core/io/service.py | 35 ++++++++++++++++--- + src/firewall/server/firewalld.py | 13 ++++++- + 4 files changed, 103 insertions(+), 9 deletions(-) + +diff --git a/doc/xml/firewalld.dbus.xml b/doc/xml/firewalld.dbus.xml +index 64d4d2b9c73b..cb4e1eac0fb9 100644 +--- a/doc/xml/firewalld.dbus.xml ++++ b/doc/xml/firewalld.dbus.xml +@@ -242,12 +242,12 @@ + + + +- getServiceSettings(s: service) → (sssa(ss)asa{ss}asa(ss)as) ++ getServiceSettings(s: service) → (sssa(ss)asa{ss}asa(ss)) + + + Return runtime settings of given service. + For getting permanent settings see org.fedoraproject.FirewallD1.config.service.Methods.getSettings. +- Settings are in format: version, name, description, array of ports (port, protocol), array of module names, dictionary of destinations, array of protocols, array of source-ports (port, protocol) and array of service includes. ++ Settings are in format: version, name, description, array of ports (port, protocol), array of module names, dictionary of destinations, array of protocols, array of source-ports (port, protocol). + + + +@@ -259,7 +259,6 @@ + destinations (a{ss}): dictionary of {IP family : IP address} where 'IP family' key can be either 'ipv4' or 'ipv6'. See destination tag in firewalld.service5. + protocols (as): array of protocols, see protocol tag in firewalld.service5. + source-ports (a(ss)): array of port and protocol pairs. See source-port tag in firewalld.service5. +- includes (as): array of service includes, see include tag in firewalld.service5. + + + +diff --git a/src/firewall/core/fw_config.py b/src/firewall/core/fw_config.py +index a759cfdf83b3..8f29f0c416d2 100644 +--- a/src/firewall/core/fw_config.py ++++ b/src/firewall/core/fw_config.py +@@ -545,9 +545,43 @@ class FirewallConfig(object): + return self._builtin_services[obj.name] + + def get_service_config(self, obj): ++ conf_dict = obj.export_config() ++ conf_list = [] ++ for i in range(8): # tuple based dbus API has 8 elements ++ if obj.IMPORT_EXPORT_STRUCTURE[i][0] not in conf_dict: ++ # old API needs the empty elements as well. Grab it from the ++ # object otherwise we don't know the type. ++ conf_list.append(copy.deepcopy(getattr(obj, obj.IMPORT_EXPORT_STRUCTURE[i][0]))) ++ else: ++ conf_list.append(conf_dict[obj.IMPORT_EXPORT_STRUCTURE[i][0]]) ++ return tuple(conf_list) ++ ++ def get_service_config_dict(self, obj): + return obj.export_config() + + def set_service_config(self, obj, conf): ++ conf_dict = {} ++ for i,value in enumerate(conf): ++ conf_dict[obj.IMPORT_EXPORT_STRUCTURE[i][0]] = value ++ ++ if obj.builtin: ++ x = copy.copy(obj) ++ x.cleanup() ++ x.import_config(conf_dict) ++ x.path = config.ETC_FIREWALLD_SERVICES ++ x.builtin = False ++ if obj.path != x.path: ++ x.default = False ++ self.add_service(x) ++ service_writer(x) ++ return x ++ else: ++ obj.cleanup() ++ obj.import_config(conf_dict) ++ service_writer(obj) ++ return obj ++ ++ def set_service_config_dict(self, obj, conf): + if obj.builtin: + x = copy.copy(obj) + x.import_config(conf) +@@ -568,6 +602,29 @@ class FirewallConfig(object): + raise FirewallError(errors.NAME_CONFLICT, + "new_service(): '%s'" % name) + ++ conf_dict = {} ++ for i,value in enumerate(conf): ++ conf_dict[Service.IMPORT_EXPORT_STRUCTURE[i][0]] = value ++ ++ x = Service() ++ x.check_name(name) ++ x.import_config(conf_dict) ++ x.name = name ++ x.filename = "%s.xml" % name ++ x.path = config.ETC_FIREWALLD_SERVICES ++ # It is not possible to add a new one with a name of a buitin ++ x.builtin = False ++ x.default = True ++ ++ service_writer(x) ++ self.add_service(x) ++ return x ++ ++ def new_service_dict(self, name, conf): ++ if name in self._services or name in self._builtin_services: ++ raise FirewallError(errors.NAME_CONFLICT, ++ "new_service(): '%s'" % name) ++ + x = Service() + x.check_name(name) + x.import_config(conf) +@@ -684,7 +741,7 @@ class FirewallConfig(object): + return new_service + + def _copy_service(self, obj, name): +- return self.new_service(name, obj.export_config()) ++ return self.new_service_dict(name, obj.export_config()) + + # zones + +diff --git a/src/firewall/core/io/service.py b/src/firewall/core/io/service.py +index 3479dab7f175..44dc0ff8a9b0 100644 +--- a/src/firewall/core/io/service.py ++++ b/src/firewall/core/io/service.py +@@ -25,6 +25,8 @@ import xml.sax as sax + import os + import io + import shutil ++import copy ++from collections import OrderedDict + + from firewall import config + from firewall.functions import u2b_if_py2 +@@ -47,7 +49,7 @@ class Service(IO_Object): + ( "source_ports", [ ( "", "" ), ], ), # a(ss) + ( "includes", [ "" ], ), # as + ) +- DBUS_SIGNATURE = '(sssa(ss)asa{ss}asa(ss)as)' ++ DBUS_SIGNATURE = '(sssa(ss)asa{ss}asa(ss))' + ADDITIONAL_ALNUM_CHARS = [ "_", "-" ] + PARSER_REQUIRED_ELEMENT_ATTRS = { + "short": None, +@@ -76,6 +78,34 @@ class Service(IO_Object): + self.source_ports = [ ] + self.includes = [ ] + ++ def import_config(self, conf): ++ self.check_config(conf) ++ ++ for key in conf: ++ if not hasattr(self, key): ++ raise FirewallError(errors.UNKNOWN_ERROR, "Internal error. '{}' is not a valid attribute".format(key)) ++ if isinstance(conf[key], list): ++ # maintain list order while removing duplicates ++ setattr(self, key, list(OrderedDict.fromkeys(copy.deepcopy(conf[key])))) ++ else: ++ setattr(self, key, copy.deepcopy(conf[key])) ++ ++ def export_config(self): ++ conf = {} ++ type_formats = dict([(x[0], x[1]) for x in self.IMPORT_EXPORT_STRUCTURE]) ++ for key in type_formats: ++ if getattr(self, key): ++ conf[key] = copy.deepcopy(getattr(self, key)) ++ return conf ++ ++ def check_config(self, conf): ++ type_formats = dict([(x[0], x[1]) for x in self.IMPORT_EXPORT_STRUCTURE]) ++ for key in conf: ++ if key not in [x for (x,y) in self.IMPORT_EXPORT_STRUCTURE]: ++ raise FirewallError(errors.INVALID_OPTION, "service option '{}' is not valid".format(key)) ++ self._check_config_structure(conf[key], type_formats[key]) ++ self._check_config(conf[key], key) ++ + def cleanup(self): + self.version = "" + self.short = "" +@@ -138,9 +168,6 @@ class Service(IO_Object): + if len(module) < 2: + raise FirewallError(errors.INVALID_MODULE, module) + +- elif item == "includes": +- pass +- + # PARSER + + class service_ContentHandler(IO_Object_ContentHandler): +diff --git a/src/firewall/server/firewalld.py b/src/firewall/server/firewalld.py +index bc04f2d0f4c3..233160b64b18 100644 +--- a/src/firewall/server/firewalld.py ++++ b/src/firewall/server/firewalld.py +@@ -26,6 +26,7 @@ from gi.repository import GLib, GObject + import sys + sys.modules['gobject'] = GObject + ++import copy + import dbus + import dbus.service + import slip.dbus +@@ -921,7 +922,17 @@ class FirewallD(slip.dbus.service.Object): + # returns service settings for service + service = dbus_to_python(service, str) + log.debug1("getServiceSettings(%s)", service) +- return self.fw.service.get_service(service).export_config() ++ obj = self.fw.service.get_service(service) ++ conf_dict = obj.export_config() ++ conf_list = [] ++ for i in range(8): # tuple based dbus API has 8 elements ++ if obj.IMPORT_EXPORT_STRUCTURE[i][0] not in conf_dict: ++ # old API needs the empty elements as well. Grab it from the ++ # object otherwise we don't know the type. ++ conf_list.append(copy.deepcopy(getattr(obj, obj.IMPORT_EXPORT_STRUCTURE[i][0]))) ++ else: ++ conf_list.append(conf_dict[obj.IMPORT_EXPORT_STRUCTURE[i][0]]) ++ return tuple(conf_list) + + @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_INFO) + @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', +-- +2.20.1 + diff --git a/SOURCES/0010-fw_zone-fix-IPv6-rich-rule-forward-port-without-toad.patch b/SOURCES/0010-fw_zone-fix-IPv6-rich-rule-forward-port-without-toad.patch deleted file mode 100644 index bf0617b..0000000 --- a/SOURCES/0010-fw_zone-fix-IPv6-rich-rule-forward-port-without-toad.patch +++ /dev/null @@ -1,41 +0,0 @@ -From f74241d6ff7ef4538c545fd46aad95a0f5a6a1f0 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Wed, 5 Dec 2018 16:29:49 -0500 -Subject: [PATCH 10/34] fw_zone: fix IPv6 rich rule forward-port without toaddr - -Using a rich rule with family=ipv6 and no toaddr specified was silently -not applying any rules. - -(cherry picked from commit 2210822a2450a7b9ed853593c3d88aca1c43c2fc) -(cherry picked from commit 67d76790e921befbc5b454023f202fa638e8c0c3) ---- - src/firewall/core/fw_zone.py | 11 ++--------- - 1 file changed, 2 insertions(+), 9 deletions(-) - -diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py -index 816fa50340b3..db90c32be540 100644 ---- a/src/firewall/core/fw_zone.py -+++ b/src/firewall/core/fw_zone.py -@@ -1702,17 +1702,10 @@ class FirewallZone(object): - for ipv in ipvs: - if backend.is_ipv_supported(ipv): - self.check_forward_port(ipv, port, protocol, toport, toaddr) -- -- if check_single_address("ipv6", toaddr): -- ipv = "ipv6" -- else: -- ipv = "ipv4" -- -- if not backend.is_ipv_supported(ipv): -- continue -+ if enable: -+ zone_transaction.add_post(enable_ip_forwarding, ipv) - - if enable: -- zone_transaction.add_post(enable_ip_forwarding, ipv) - mark_id = self._fw.new_mark() - - filter_chain = "INPUT" if not toaddr else "FORWARD_IN" --- -2.18.0 - diff --git a/SOURCES/0011-fix-dbus-add-missing-APIs-for-service-includes.patch b/SOURCES/0011-fix-dbus-add-missing-APIs-for-service-includes.patch new file mode 100644 index 0000000..7b4c10b --- /dev/null +++ b/SOURCES/0011-fix-dbus-add-missing-APIs-for-service-includes.patch @@ -0,0 +1,83 @@ +From 464add2ad05781e72e54d05cc06150c21e1c282d Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Mon, 1 Jul 2019 10:27:51 -0400 +Subject: [PATCH 11/20] fix: dbus: add missing APIs for service includes + +Fixes: 1fc208bf9317 ("feat: service includes") +(cherry picked from commit bcdc1e2bf1e71c32606fdaadabd9a913e2e1d651) +--- + src/firewall/server/config_service.py | 61 +++++++++++++++++++++++++++ + 1 file changed, 61 insertions(+) + +diff --git a/src/firewall/server/config_service.py b/src/firewall/server/config_service.py +index 47530d319bdb..05ded1c78da7 100644 +--- a/src/firewall/server/config_service.py ++++ b/src/firewall/server/config_service.py +@@ -652,3 +652,64 @@ class FirewallDConfigService(slip.dbus.service.Object): + settings = self.getSettings() + return (family in settings[5] and + address == settings[5][family]) ++ ++ # includes ++ ++ @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, ++ out_signature='as') ++ @dbus_handle_exceptions ++ def getIncludes(self, sender=None): ++ log.debug1("%s.getIncludes()", self._log_prefix) ++ self.parent.accessCheck(sender) ++ settings = list(self.config.get_service_config(self.obj)) ++ return settings[8] ++ ++ @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, ++ in_signature='as') ++ @dbus_handle_exceptions ++ def setIncludes(self, includes, sender=None): ++ includes = dbus_to_python(includes, list) ++ log.debug1("%s.setIncludes('%s')", self._log_prefix, includes) ++ self.parent.accessCheck(sender) ++ settings = list(self.config.get_service_config(self.obj)) ++ settings[8] = includes[:] ++ self.config.set_service_config(self.obj, tuple(settings)) ++ self.Updated(self.obj.name) ++ ++ @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, ++ in_signature='s') ++ @dbus_handle_exceptions ++ def addInclude(self, include, sender=None): ++ include = dbus_to_python(include, str) ++ log.debug1("%s.addInclude('%s')", self._log_prefix, include) ++ self.parent.accessCheck(sender) ++ settings = list(self.config.get_service_config(self.obj)) ++ settings[8].append(include) ++ self.config.set_service_config(self.obj, tuple(settings)) ++ self.Updated(self.obj.name) ++ ++ @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, ++ in_signature='s') ++ @dbus_handle_exceptions ++ def removeInclude(self, include, sender=None): ++ include = dbus_to_python(include, str) ++ log.debug1("%s.removeInclude('%s')", self._log_prefix, include) ++ self.parent.accessCheck(sender) ++ settings = list(self.config.get_service_config(self.obj)) ++ settings[8].remove(include) ++ self.config.set_service_config(self.obj, tuple(settings)) ++ self.Updated(self.obj.name) ++ ++ @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, ++ in_signature='s', out_signature='b') ++ @dbus_handle_exceptions ++ def queryInclude(self, include, sender=None): ++ include = dbus_to_python(include, str) ++ log.debug1("%s.queryInclude('%s')", self._log_prefix, include) ++ settings = list(self.config.get_service_config(self.obj)) ++ try: ++ settings[8].index(include) ++ except ValueError: ++ return False ++ else: ++ return True +-- +2.20.1 + diff --git a/SOURCES/0011-nftables-fix-rich-rule-masquerade.patch b/SOURCES/0011-nftables-fix-rich-rule-masquerade.patch deleted file mode 100644 index c29f9c8..0000000 --- a/SOURCES/0011-nftables-fix-rich-rule-masquerade.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 93a281423cd0041fc4c5061fdced9cadb1e785a1 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Wed, 5 Dec 2018 17:16:30 -0500 -Subject: [PATCH 11/34] nftables: fix rich rule masquerade - -(cherry picked from commit aee4948e86fde6df8205b07f4da58e2a8c07377c) -(cherry picked from commit d7b9c1c646c07c24dd44e9e2792d0c6471d54c1b) ---- - src/firewall/core/nftables.py | 7 +++---- - 1 file changed, 3 insertions(+), 4 deletions(-) - -diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py -index 44cd4f9e1752..00a02ad149e5 100644 ---- a/src/firewall/core/nftables.py -+++ b/src/firewall/core/nftables.py -@@ -900,7 +900,6 @@ class nftables(object): - - rule_fragment = [] - if rich_rule: -- rule_fragment += self._rich_rule_family_fragment(rich_rule.family) - rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination) - rule_fragment += self._rich_rule_source_fragment(rich_rule.source) - -@@ -912,10 +911,10 @@ class nftables(object): - # nat tables needs to use ip/ip6 family - rules = [] - if rich_rule and (rich_rule.family and rich_rule.family == "ipv6" -- or rich_rule.source and check_address("ipv6", rich_rule.source)): -+ or rich_rule.source and check_address("ipv6", rich_rule.source.addr)): - rules.extend(self._build_zone_masquerade_nat_rules(enable, zone, "ip6", rich_rule)) -- if rich_rule and (rich_rule.family and rich_rule.family == "ipv4" -- or rich_rule.source and check_address("ipv4", rich_rule.source)): -+ elif rich_rule and (rich_rule.family and rich_rule.family == "ipv4" -+ or rich_rule.source and check_address("ipv4", rich_rule.source.addr)): - rules.extend(self._build_zone_masquerade_nat_rules(enable, zone, "ip", rich_rule)) - else: - rules.extend(self._build_zone_masquerade_nat_rules(enable, zone, "ip6", rich_rule)) --- -2.18.0 - diff --git a/SOURCES/0012-fix-tests-functions-use-gdbus-instead-of-dbus-send.patch b/SOURCES/0012-fix-tests-functions-use-gdbus-instead-of-dbus-send.patch new file mode 100644 index 0000000..55abc97 --- /dev/null +++ b/SOURCES/0012-fix-tests-functions-use-gdbus-instead-of-dbus-send.patch @@ -0,0 +1,44 @@ +From 4d2a2b79aefac90d4656b0d9c3b58661d2b88a07 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Tue, 25 Jun 2019 14:04:34 -0400 +Subject: [PATCH 12/20] fix: tests/functions: use gdbus instead of dbus-send + +dbus-send doesn't support all the types and nested types that we need +for testing. + +(cherry picked from commit 15346d6ff16e75bbbd05e40ac2e8cbe051e08dd9) +--- + src/tests/functions.at | 16 +++++++++++++--- + 1 file changed, 13 insertions(+), 3 deletions(-) + +diff --git a/src/tests/functions.at b/src/tests/functions.at +index 7a0242cb33fb..28af5a7fc532 100644 +--- a/src/tests/functions.at ++++ b/src/tests/functions.at +@@ -355,10 +355,20 @@ m4_define([NFT_LIST_SET], [ + ]) + ]) + ++m4_define([DBUS_CHECK_NORMALIZE], [dnl ++ [sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g'] | dnl truncate dictionary output ++ TRIM_WHITESPACE | dnl ++ sort dnl sort dictionaries by keys ++]) ++ + m4_define([DBUS_CHECK], [ +- NS_CHECK([dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 dnl +- /org/fedoraproject/FirewallD1/$1 org.fedoraproject.FirewallD1.$2 $3], +- [$4], [$5], [$6], [$7], [$8]) ++ AT_SKIP_IF([! NS_CMD([which gdbus >/dev/null 2>&1])]) ++ NS_CHECK([PIPESTATUS0([gdbus call --system --dest=org.fedoraproject.FirewallD1 dnl ++ m4_ifblank([$1], [--object-path /org/fedoraproject/FirewallD1], ++ [--object-path /org/fedoraproject/FirewallD1/$1]) dnl ++ --method org.fedoraproject.FirewallD1.$2 $3], ++ [DBUS_CHECK_NORMALIZE])], ++ [$4], [m4_strip([$5])], [m4_strip([$6])], [$7], [$8]) + ]) + + m4_define([DBUS_GETALL_NORMALIZE], dnl +-- +2.20.1 + diff --git a/SOURCES/0012-nftables-fix-ipv6-rich-rule-forward-ports.patch b/SOURCES/0012-nftables-fix-ipv6-rich-rule-forward-ports.patch deleted file mode 100644 index fdbccc3..0000000 --- a/SOURCES/0012-nftables-fix-ipv6-rich-rule-forward-ports.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 8c2afad1a02de4018e8f5f4caabbd0211be9fe80 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Wed, 5 Dec 2018 19:11:06 -0500 -Subject: [PATCH 12/34] nftables: fix ipv6 rich rule forward-ports - -The were mistakenly being added to the ipv4 nat tables as well. - -Fixes: #422 -Fixes: b630abd8e901 ("backend: introduce nftables support") -(cherry picked from commit 628657cdafa7ba3217fb031c748f5a7d32924c90) -(cherry picked from commit d293fbeb583c273120ad1172fa953493324b2228) ---- - src/firewall/core/nftables.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py -index 00a02ad149e5..a1cb2c474737 100644 ---- a/src/firewall/core/nftables.py -+++ b/src/firewall/core/nftables.py -@@ -980,7 +980,7 @@ class nftables(object): - or toaddr and check_single_address("ipv6", toaddr)): - rules.extend(self._build_zone_forward_port_nat_rules(enable, zone, - protocol, mark_fragment, toaddr, toport, "ip6")) -- if rich_rule and (rich_rule.family and rich_rule.family == "ipv4" -+ elif rich_rule and (rich_rule.family and rich_rule.family == "ipv4" - or toaddr and check_single_address("ipv4", toaddr)): - rules.extend(self._build_zone_forward_port_nat_rules(enable, zone, - protocol, mark_fragment, toaddr, toport, "ip")) --- -2.18.0 - diff --git a/SOURCES/0013-ipset-fix-set-apply-if-IndividualCalls-yes.patch b/SOURCES/0013-ipset-fix-set-apply-if-IndividualCalls-yes.patch deleted file mode 100644 index 02713a9..0000000 --- a/SOURCES/0013-ipset-fix-set-apply-if-IndividualCalls-yes.patch +++ /dev/null @@ -1,83 +0,0 @@ -From c96c468ace1d37a80bcd546a70bd6a7769ae00df Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Tue, 11 Dec 2018 11:32:54 -0500 -Subject: [PATCH 13/34] ipset: fix set apply if IndividualCalls=yes - -Fixes: rhbz 1644834 -Fixes: e6188ec98ff4 ("FirewallIPSet: Support restore in apply_ipsets, use it in Firewall") -(cherry picked from commit 4157393136bbaff53e812029376b2a0a5113cedb) -(cherry picked from commit a0e749f90a7cfddb7a4f0ce65f34053bebd1c762) ---- - src/firewall/core/fw_ipset.py | 2 +- - src/tests/regression/rhbz1601610.at | 43 +++++++++++++++++++++++++++++ - 2 files changed, 44 insertions(+), 1 deletion(-) - -diff --git a/src/firewall/core/fw_ipset.py b/src/firewall/core/fw_ipset.py -index b06a60d027a6..54ace39ea6e1 100644 ---- a/src/firewall/core/fw_ipset.py -+++ b/src/firewall/core/fw_ipset.py -@@ -125,7 +125,7 @@ class FirewallIPSet(object): - raise FirewallError(errors.COMMAND_FAILED, msg) - else: - obj.applied = True -- if "timeout" not in obj.options or \ -+ if "timeout" in obj.options and \ - obj.options["timeout"] != "0": - # no entries visible for ipsets with timeout - continue -diff --git a/src/tests/regression/rhbz1601610.at b/src/tests/regression/rhbz1601610.at -index 0676bb82e31c..5ba0cee44be0 100644 ---- a/src/tests/regression/rhbz1601610.at -+++ b/src/tests/regression/rhbz1601610.at -@@ -57,5 +57,48 @@ FWD_CHECK([-q --permanent --ipset=foobar --remove-entry=10.1.1.0/22]) - FWD_CHECK([--permanent --ipset=foobar --get-entries], 0, [ - ]) - -+dnl rhbz 1644834 -+FWD_CHECK([-q --ipset=foobar --add-entry=10.1.0.0/16]) -+FWD_CHECK([-q --runtime-to-permanent]) -+FWD_RELOAD -+m4_if(nftables, FIREWALL_BACKEND, [ -+NFT_LIST_SET([foobar], 0, [dnl -+table inet firewalld { -+set foobar { -+type ipv4_addr -+flags interval -+elements = { 10.1.0.0/16, 10.2.0.0/22 } -+} -+} -+])], [ -+IPSET_LIST_SET([foobar], 0, [dnl -+Name: foobar -+Type: hash:net -+Members: -+10.1.0.0/16 -+10.2.0.0/22 -+])]) -+ -+dnl rhbz 1644834, again with IndividualCalls=yes -+AT_CHECK([sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf]) -+FWD_RELOAD -+m4_if(nftables, FIREWALL_BACKEND, [ -+NFT_LIST_SET([foobar], 0, [dnl -+table inet firewalld { -+set foobar { -+type ipv4_addr -+flags interval -+elements = { 10.1.0.0/16, 10.2.0.0/22 } -+} -+} -+])], [ -+IPSET_LIST_SET([foobar], 0, [dnl -+Name: foobar -+Type: hash:net -+Members: -+10.1.0.0/16 -+10.2.0.0/22 -+])]) -+ - FWD_END_TEST([-e '/ERROR: COMMAND_FAILED:.*already added.*/d'dnl - -e '/ERROR: COMMAND_FAILED:.*element.*exists/d']) --- -2.18.0 - diff --git a/SOURCES/0013-test-functions-add-CHOMP-macro-for-shell-output.patch b/SOURCES/0013-test-functions-add-CHOMP-macro-for-shell-output.patch new file mode 100644 index 0000000..3facd15 --- /dev/null +++ b/SOURCES/0013-test-functions-add-CHOMP-macro-for-shell-output.patch @@ -0,0 +1,30 @@ +From d74f03af843c71872e60af4a59204a6cab4cd934 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Mon, 22 Jul 2019 14:48:19 -0400 +Subject: [PATCH 13/20] test: functions: add CHOMP macro for shell output + +chomps all trailing newlines by exploiting posix shell behavior for +variable expansion. + +(cherry picked from commit a8b90c38c19732f3dc9ca5cfedc10bb54c0d84bf) +--- + src/tests/functions.at | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/tests/functions.at b/src/tests/functions.at +index 28af5a7fc532..8aeaf158a066 100644 +--- a/src/tests/functions.at ++++ b/src/tests/functions.at +@@ -226,7 +226,8 @@ m4_define([FWD_GREP_LOG], [ + m4_define([TRIM], [[sed -e 's/^[ \t]*//' -e 's/[ \t]*$//']]) + m4_define([TRIMV], [[sed -e '/^[ \t]*$/d']]) + m4_define([TRIM_INTERNAL], [[sed -e 's/[ \t]\+/ /g']]) +-m4_define([TRIM_WHITESPACE], [TRIM | TRIMV | TRIM_INTERNAL]) ++m4_define([CHOMP], [printf "%s" "$(cat /dev/stdin)"]) ++m4_define([TRIM_WHITESPACE], [TRIM | TRIMV | TRIM_INTERNAL | { CHOMP; echo; }]) + + dnl m4sugar's m4_strip has a bug that causes it to print a space after + dnl newlines. So implement our own suck-less version. +-- +2.20.1 + diff --git a/SOURCES/0014-test-functions-add-macro-DBUS_INTROSPECT.patch b/SOURCES/0014-test-functions-add-macro-DBUS_INTROSPECT.patch new file mode 100644 index 0000000..c721850 --- /dev/null +++ b/SOURCES/0014-test-functions-add-macro-DBUS_INTROSPECT.patch @@ -0,0 +1,36 @@ +From aba9e384a4de8785717e569905a4459a2fc15b4d Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Fri, 5 Jul 2019 17:13:20 -0400 +Subject: [PATCH 14/20] test: functions: add macro DBUS_INTROSPECT + +We'll use this to introspect and verify the API. + +(cherry picked from commit 5f32c24dec88c60e4f43d27ea56ea208016c339b) +--- + src/tests/functions.at | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/src/tests/functions.at b/src/tests/functions.at +index 8aeaf158a066..3771bb8bd5a7 100644 +--- a/src/tests/functions.at ++++ b/src/tests/functions.at +@@ -356,6 +356,16 @@ m4_define([NFT_LIST_SET], [ + ]) + ]) + ++m4_define([DBUS_INTROSPECT], [ ++ AT_SKIP_IF([! NS_CMD([which gdbus >/dev/null 2>&1])]) ++ AT_SKIP_IF([! NS_CMD([which xmllint >/dev/null 2>&1])]) ++ NS_CHECK([PIPESTATUS0([gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 dnl ++ m4_ifblank([$1], [--object-path /org/fedoraproject/FirewallD1], ++ [--object-path /org/fedoraproject/FirewallD1/$1])], dnl ++ [m4_ifnblank([$2], [xmllint --xpath '$2' - |]) TRIM_WHITESPACE])], ++ [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) ++]) ++ + m4_define([DBUS_CHECK_NORMALIZE], [dnl + [sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g'] | dnl truncate dictionary output + TRIM_WHITESPACE | dnl +-- +2.20.1 + diff --git a/SOURCES/0014-tests-regression-rhbz1601610-modify-test-to-satisfy-.patch b/SOURCES/0014-tests-regression-rhbz1601610-modify-test-to-satisfy-.patch deleted file mode 100644 index 6f1d96b..0000000 --- a/SOURCES/0014-tests-regression-rhbz1601610-modify-test-to-satisfy-.patch +++ /dev/null @@ -1,77 +0,0 @@ -From a80248c01407613fbff8e5c6054eaef3410a025f Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Thu, 13 Dec 2018 12:19:21 -0500 -Subject: [PATCH 14/34] tests/regression/rhbz1601610: modify test to satisfy - buggy kernel versions - -Older versions of nftables (kernel) had issues with overlapping sets. -Let's use non-overlapping sets to avoid the kernel bug while still -exercising the cases we want. - -This in a kernel bug that was fixed back in v4.6. nftables backend -requires v4.18, but the CI uses a really old kernel. - -Kernel fix: -e701001e7cbe ("netfilter: nft_rbtree: allow adjacent intervals with -dynamic updates") - -(cherry picked from commit 7925d6ff9dde7e52efed6a28427364b30dbdc363) -(cherry picked from commit bab24ad848c522f7988d05e8ad9f26feb9612658) ---- - src/tests/regression/rhbz1601610.at | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/src/tests/regression/rhbz1601610.at b/src/tests/regression/rhbz1601610.at -index 5ba0cee44be0..17129a541041 100644 ---- a/src/tests/regression/rhbz1601610.at -+++ b/src/tests/regression/rhbz1601610.at -@@ -58,7 +58,7 @@ FWD_CHECK([--permanent --ipset=foobar --get-entries], 0, [ - ]) - - dnl rhbz 1644834 --FWD_CHECK([-q --ipset=foobar --add-entry=10.1.0.0/16]) -+FWD_CHECK([-q --ipset=foobar --add-entry=10.3.0.0/22]) - FWD_CHECK([-q --runtime-to-permanent]) - FWD_RELOAD - m4_if(nftables, FIREWALL_BACKEND, [ -@@ -67,7 +67,7 @@ table inet firewalld { - set foobar { - type ipv4_addr - flags interval --elements = { 10.1.0.0/16, 10.2.0.0/22 } -+elements = { 10.2.0.0/22, 10.3.0.0/22 } - } - } - ])], [ -@@ -75,8 +75,8 @@ IPSET_LIST_SET([foobar], 0, [dnl - Name: foobar - Type: hash:net - Members: --10.1.0.0/16 - 10.2.0.0/22 -+10.3.0.0/22 - ])]) - - dnl rhbz 1644834, again with IndividualCalls=yes -@@ -88,7 +88,7 @@ table inet firewalld { - set foobar { - type ipv4_addr - flags interval --elements = { 10.1.0.0/16, 10.2.0.0/22 } -+elements = { 10.2.0.0/22, 10.3.0.0/22 } - } - } - ])], [ -@@ -96,8 +96,8 @@ IPSET_LIST_SET([foobar], 0, [dnl - Name: foobar - Type: hash:net - Members: --10.1.0.0/16 - 10.2.0.0/22 -+10.3.0.0/22 - ])]) - - FWD_END_TEST([-e '/ERROR: COMMAND_FAILED:.*already added.*/d'dnl --- -2.18.0 - diff --git a/SOURCES/0015-test-dbus-service-API-coverage.patch b/SOURCES/0015-test-dbus-service-API-coverage.patch new file mode 100644 index 0000000..3e79c8d --- /dev/null +++ b/SOURCES/0015-test-dbus-service-API-coverage.patch @@ -0,0 +1,319 @@ +From 0d526d6f20695b48d374b1966038ac5c4397e17c Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Mon, 24 Jun 2019 10:20:23 -0400 +Subject: [PATCH 15/20] test: dbus: service API coverage + +(cherry picked from commit b0ecd9e3916a691fa7adefa258e7ab0df2e9e1ea) +--- + src/tests/dbus.at | 1 + + src/tests/dbus/service.at | 290 ++++++++++++++++++++++++++++++++++++++ + 2 files changed, 291 insertions(+) + create mode 100644 src/tests/dbus/service.at + +diff --git a/src/tests/dbus.at b/src/tests/dbus.at +index 4cb0568cbc9c..46fec2ff4024 100644 +--- a/src/tests/dbus.at ++++ b/src/tests/dbus.at +@@ -1,2 +1,3 @@ + AT_BANNER([dbus]) + m4_include([dbus/firewalld.conf.at]) ++m4_include([dbus/service.at]) +diff --git a/src/tests/dbus/service.at b/src/tests/dbus/service.at +new file mode 100644 +index 000000000000..579548d66509 +--- /dev/null ++++ b/src/tests/dbus/service.at +@@ -0,0 +1,290 @@ ++FWD_START_TEST([dbus api - services]) ++AT_KEYWORDS(dbus service rhbz1721414) ++ ++DBUS_INTROSPECT([config], [[//method[@name="addService"]]], 0, [dnl ++ ++ ++ ++ ++ ++]) ++DBUS_CHECK([config], [config.addService], ++ ["foobar" dnl name ++ '("1.0", dnl version ++ "foobar", dnl short ++ "foobar service is for foobar", dnl description ++ @<:@("1234", "udp"), ("22", "tcp"), ("1234", "udp")@:>@, dnl ports, deliberate duplicate ++ @<:@"ftp"@:>@, dnl modules ++ {"ipv4": "1.2.3.4"}, dnl destination ++ @<:@"icmp", "igmp"@:>@, dnl protocols ++ @<:@("4321", "tcp"), ("4321", "udp")@:>@ dnl source ports ++ )'dnl ++ ], 0, [stdout]) ++SERVICE_OBJ=[$(sed -e "s/.*config\/service\/\([^']\+\)['].*/\1/" ./stdout)] ++export SERVICE_OBJ ++ ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="getSettings"]]], 0, [dnl ++ ++ ++ ++]) ++DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.getSettings], [], 0, [dnl ++ [(('1.0', 'foobar', 'foobar service is for foobar', [('1234', 'udp'), ('22', 'tcp')], ['ftp'], {'ipv4': '1.2.3.4'}, ['icmp', 'igmp'], [('4321', 'tcp'), ('4321', 'udp')]),)] ++]) ++ ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="update"]]], 0, [dnl ++ ++ ++ ++]) ++DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.update], ++ ['("1.1", dnl version ++ "foobar new", dnl short ++ "foobar new service is for foobar", dnl description ++ @<:@("12345", "udp"), ("2222", "tcp")@:>@, dnl ports ++ @<:@"ftp"@:>@, dnl modules ++ {}, dnl destination ++ @<:@"icmp"@:>@, dnl protocols ++ @<:@("4321", "tcp")@:>@ dnl source ports ++ )'dnl ++ ], 0, [ignore]) ++ ++DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.getSettings], [], 0, [dnl ++ [(('1.1', 'foobar new', 'foobar new service is for foobar', [('12345', 'udp'), ('2222', 'tcp')], ['ftp'], @a{ss} {}, ['icmp'], [('4321', 'tcp')]),)] ++]) ++ ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="loadDefaults"]]], 0, [dnl ++ ++ ++]) ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="remove"]]], 0, [dnl ++ ++ ++]) ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="rename"]]], 0, [dnl ++ ++ ++ ++]) ++ ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="getVersion"]]], 0, [dnl ++ ++ ++ ++]) ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="setVersion"]]], 0, [dnl ++ ++ ++ ++]) ++ ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="getShort"]]], 0, [dnl ++ ++ ++ ++]) ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="setShort"]]], 0, [dnl ++ ++ ++ ++]) ++ ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="getDescription"]]], 0, [dnl ++ ++ ++ ++]) ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="setDescription"]]], 0, [dnl ++ ++ ++ ++]) ++ ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="getPorts"]]], 0, [dnl ++ ++ ++ ++]) ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="setPorts"]]], 0, [dnl ++ ++ ++ ++]) ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="addPort"]]], 0, [dnl ++ ++ ++ ++ ++]) ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="removePort"]]], 0, [dnl ++ ++ ++ ++ ++]) ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="queryPort"]]], 0, [dnl ++ ++ ++ ++ ++ ++]) ++ ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="getSourcePorts"]]], 0, [dnl ++ ++ ++ ++]) ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="setSourcePorts"]]], 0, [dnl ++ ++ ++ ++]) ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="addSourcePort"]]], 0, [dnl ++ ++ ++ ++ ++]) ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="removeSourcePort"]]], 0, [dnl ++ ++ ++ ++ ++]) ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="querySourcePort"]]], 0, [dnl ++ ++ ++ ++ ++ ++]) ++ ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="getProtocols"]]], 0, [dnl ++ ++ ++ ++]) ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="setProtocols"]]], 0, [dnl ++ ++ ++ ++]) ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="addProtocol"]]], 0, [dnl ++ ++ ++ ++]) ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="removeProtocol"]]], 0, [dnl ++ ++ ++ ++]) ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="queryProtocol"]]], 0, [dnl ++ ++ ++ ++ ++]) ++ ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="getModules"]]], 0, [dnl ++ ++ ++ ++]) ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="setModules"]]], 0, [dnl ++ ++ ++ ++]) ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="addModule"]]], 0, [dnl ++ ++ ++ ++]) ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="removeModule"]]], 0, [dnl ++ ++ ++ ++]) ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="queryModule"]]], 0, [dnl ++ ++ ++ ++ ++]) ++ ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="getDestinations"]]], 0, [dnl ++ ++ ++ ++]) ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="setDestinations"]]], 0, [dnl ++ ++ ++ ++]) ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="setDestination"]]], 0, [dnl ++ ++ ++ ++ ++]) ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="getDestination"]]], 0, [dnl ++ ++ ++ ++ ++]) ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="removeDestination"]]], 0, [dnl ++ ++ ++ ++]) ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="queryDestination"]]], 0, [dnl ++ ++ ++ ++ ++ ++]) ++ ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="getIncludes"]]], 0, [dnl ++ ++ ++ ++]) ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="setIncludes"]]], 0, [dnl ++ ++ ++ ++]) ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="addInclude"]]], 0, [dnl ++ ++ ++ ++]) ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="removeInclude"]]], 0, [dnl ++ ++ ++ ++]) ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="queryInclude"]]], 0, [dnl ++ ++ ++ ++ ++]) ++ ++FWD_RELOAD ++DBUS_INTROSPECT([], [[//method[@name="getServiceSettings"]]], 0, [dnl ++ ++ ++ ++ ++]) ++DBUS_CHECK([], [getServiceSettings], ["foobar"], 0, [dnl ++ [(('1.1', 'foobar new', 'foobar new service is for foobar', [('12345', 'udp'), ('2222', 'tcp')], ['ftp'], @a{ss} {}, ['icmp'], [('4321', 'tcp')]),)] ++]) ++ ++FWD_END_TEST +-- +2.20.1 + diff --git a/SOURCES/0016-fix-dbus-new-dict-based-APIs-for-services.patch b/SOURCES/0016-fix-dbus-new-dict-based-APIs-for-services.patch new file mode 100644 index 0000000..b7b16e3 --- /dev/null +++ b/SOURCES/0016-fix-dbus-new-dict-based-APIs-for-services.patch @@ -0,0 +1,362 @@ +From 08101a69d8b06f176c6f5e975ddfc1a562864bd2 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Wed, 19 Jun 2019 17:52:55 -0400 +Subject: [PATCH 16/20] fix: dbus: new dict based APIs for services + +Since we can't change the dbus APIs, we need new ones that are more +flexible. This adds a few for manipulating services using a dictionary +of key,value pairs. All new code should use these new APIs. The old APIs +have been marked deprecated. + +Fixes: 1fc208bf9317 ("feat: service includes") +(cherry picked from commit bbadd3943dabcc11e864223503a46144b0c03007) +--- + doc/xml/firewalld.dbus.xml | 92 +++++++++++++++++++-------- + src/firewall/core/io/service.py | 19 +++--- + src/firewall/server/config.py | 18 +++++- + src/firewall/server/config_service.py | 24 ++++++- + src/firewall/server/firewalld.py | 13 +++- + 5 files changed, 123 insertions(+), 43 deletions(-) + +diff --git a/doc/xml/firewalld.dbus.xml b/doc/xml/firewalld.dbus.xml +index cb4e1eac0fb9..4a81e8e61858 100644 +--- a/doc/xml/firewalld.dbus.xml ++++ b/doc/xml/firewalld.dbus.xml +@@ -241,13 +241,22 @@ + + + +- ++ ++ + getServiceSettings(s: service) → (sssa(ss)asa{ss}asa(ss)) ++ ++ ++ This function is deprecated, use org.fedoraproject.FirewallD1.Methods.getServiceSettings2 instead. ++ ++ ++ ++ ++ getServiceSettings2(s: service) → s{sv} + + + Return runtime settings of given service. +- For getting permanent settings see org.fedoraproject.FirewallD1.config.service.Methods.getSettings. +- Settings are in format: version, name, description, array of ports (port, protocol), array of module names, dictionary of destinations, array of protocols, array of source-ports (port, protocol). ++ For getting permanent settings see org.fedoraproject.FirewallD1.config.service.Methods.getSettings2. ++ Settings are a dictionary indexed by keywords. For the type of each value see below. If the value is empty it may be ommitted. + + + +@@ -258,12 +267,13 @@ + module names (as): array of kernel netfilter helpers, see module tag in firewalld.service5. + destinations (a{ss}): dictionary of {IP family : IP address} where 'IP family' key can be either 'ipv4' or 'ipv6'. See destination tag in firewalld.service5. + protocols (as): array of protocols, see protocol tag in firewalld.service5. +- source-ports (a(ss)): array of port and protocol pairs. See source-port tag in firewalld.service5. ++ source_ports (a(ss)): array of port and protocol pairs. See source-port tag in firewalld.service5. ++ includes (as): array of service includes, see include tag in firewalld.service5. + + +- +- Possible errors: INVALID_SERVICE +- ++ ++ Possible errors: INVALID_SERVICE ++ + + + +@@ -2293,12 +2303,20 @@ + + + ++ + addService(s: service, (sssa(ss)asa{ss}asa(ss)): settings) → o + + +- Add service with given settings into permanent configuration. +- Settings are in format: version, name, description, array of ports (port, protocol), array of module names, dictionary of destinations, array of protocols and array of source-ports (port, protocol). +- Returns object path of the new icmp type. ++ This function is deprecated, use org.fedoraproject.FirewallD1.config.Methods.addService2 instead. ++ ++ ++ ++ ++ addService2s: service, a{sv}: settings) → o ++ ++ ++ Add service with given settings into permanent configuration. ++ Settings are a dictionary indexed by keywords. For the type of each value see below. To zero a value pass an empty string or list. + + + +@@ -2308,13 +2326,14 @@ + ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.service5. + module names (as): array of kernel netfilter helpers, see module tag in firewalld.service5. + destinations (a{ss}): dictionary of {IP family : IP address} where 'IP family' key can be either 'ipv4' or 'ipv6'. See destination tag in firewalld.service5. +- protocols (as): array of protocols. See protocol tag in firewalld.service5. +- source-ports (a(ss)): array of port and protocol pairs. See source-port tag in firewalld.service5. ++ protocols (as): array of protocols, see protocol tag in firewalld.service5. ++ source_ports (a(ss)): array of port and protocol pairs. See source-port tag in firewalld.service5. ++ includes (as): array of service includes, see include tag in firewalld.service5. + + +- +- Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE +- ++ ++ Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE ++ + + + +@@ -4500,12 +4519,21 @@ + + + ++ + getSettings() → (sssa(ss)asa{ss}asa(ss)) + + +- Return permanent settings of a service. +- For getting runtime settings see org.fedoraproject.FirewallD1.Methods.getServiceSettings. +- Settings are in format: version, name, description, array of ports (port, protocol), array of module names, dictionary of destinations, array of protocols and array of source-ports (port, protocol). ++ This function is deprecated, use org.fedoraproject.FirewallD1.config.service.Methods.getSettings2 instead. ++ ++ ++ ++ ++ getSettings2(s: service) → s{sv} ++ ++ ++ Return runtime settings of given service. ++ For getting runtime settings see org.fedoraproject.FirewallD1.Methods.getServiceSettings2. ++ Settings are a dictionary indexed by keywords. For the type of each value see below. If the value is empty it may be ommitted. + + + +@@ -4515,8 +4543,9 @@ + ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.service5. + module names (as): array of kernel netfilter helpers, see module tag in firewalld.service5. + destinations (a{ss}): dictionary of {IP family : IP address} where 'IP family' key can be either 'ipv4' or 'ipv6'. See destination tag in firewalld.service5. +- protocols (as): array of protocols. See protocol tag in firewalld.service5. +- source-ports (a(ss)): array of port and protocol pairs. See source-port tag in firewalld.service5. ++ protocols (as): array of protocols, see protocol tag in firewalld.service5. ++ source_ports (a(ss)): array of port and protocol pairs. See source-port tag in firewalld.service5. ++ includes (as): array of service includes, see include tag in firewalld.service5. + + + +@@ -4774,11 +4803,20 @@ + + + ++ + update((sssa(ss)asa{ss}asa(ss)): settings) → Nothing + + +- Update settings of service to settings. +- Settings are in format: version, name, description, array of ports (port, protocol), array of module names, dictionary of destinations, array of protocols and array of source-ports (port, protocol). ++ This function is deprecated, use org.fedoraproject.FirewallD1.config.service.Methods.update2 instead. ++ ++ ++ ++ ++ update2a{sv}: settings) → Nothing ++ ++ ++ Update settings of service to settings. ++ Settings are a dictionary indexed by keywords. For the type of each value see below. To zero a value pass an empty string or list. + + + +@@ -4788,12 +4826,14 @@ + ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.service5. + module names (as): array of kernel netfilter helpers, see module tag in firewalld.service5. + destinations (a{ss}): dictionary of {IP family : IP address} where 'IP family' key can be either 'ipv4' or 'ipv6'. See destination tag in firewalld.service5. +- protocols (as): array of protocols. See protocol tag in firewalld.service5. ++ protocols (as): array of protocols, see protocol tag in firewalld.service5. ++ source_ports (a(ss)): array of port and protocol pairs. See source-port tag in firewalld.service5. ++ includes (as): array of service includes, see include tag in firewalld.service5. + + +- +- Possible errors: INVALID_TYPE +- ++ ++ Possible errors: INVALID_TYPE ++ + + + +diff --git a/src/firewall/core/io/service.py b/src/firewall/core/io/service.py +index 44dc0ff8a9b0..8236d3078fbe 100644 +--- a/src/firewall/core/io/service.py ++++ b/src/firewall/core/io/service.py +@@ -39,17 +39,16 @@ from firewall.errors import FirewallError + + class Service(IO_Object): + IMPORT_EXPORT_STRUCTURE = ( +- ( "version", "" ), # s +- ( "short", "" ), # s +- ( "description", "" ), # s +- ( "ports", [ ( "", "" ), ], ), # a(ss) +- ( "modules", [ "", ], ), # as +- ( "destination", { "": "", }, ), # a{ss} +- ( "protocols", [ "", ], ), # as +- ( "source_ports", [ ( "", "" ), ], ), # a(ss) +- ( "includes", [ "" ], ), # as ++ ( "version", "" ), ++ ( "short", "" ), ++ ( "description", "" ), ++ ( "ports", [ ( "", "" ), ], ), ++ ( "modules", [ "", ], ), ++ ( "destination", { "": "", }, ), ++ ( "protocols", [ "", ], ), ++ ( "source_ports", [ ( "", "" ), ], ), ++ ( "includes", [ "" ], ), + ) +- DBUS_SIGNATURE = '(sssa(ss)asa{ss}asa(ss))' + ADDITIONAL_ALNUM_CHARS = [ "_", "-" ] + PARSER_REQUIRED_ELEMENT_ATTRS = { + "short": None, +diff --git a/src/firewall/server/config.py b/src/firewall/server/config.py +index 971dc7d4a14a..e03c4984e058 100644 +--- a/src/firewall/server/config.py ++++ b/src/firewall/server/config.py +@@ -41,7 +41,6 @@ from firewall.server.config_zone import FirewallDConfigZone + from firewall.server.config_ipset import FirewallDConfigIPSet + from firewall.server.config_helper import FirewallDConfigHelper + from firewall.core.io.zone import Zone +-from firewall.core.io.service import Service + from firewall.core.io.icmptype import IcmpType + from firewall.core.io.ipset import IPSet + from firewall.core.io.helper import Helper +@@ -1065,7 +1064,7 @@ class FirewallDConfig(slip.dbus.service.Object): + raise FirewallError(errors.INVALID_SERVICE, service) + + @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, +- in_signature='s'+Service.DBUS_SIGNATURE, ++ in_signature='s(sssa(ss)asa{ss}asa(ss))', + out_signature='o') + @dbus_handle_exceptions + def addService(self, service, settings, sender=None): +@@ -1079,6 +1078,21 @@ class FirewallDConfig(slip.dbus.service.Object): + config_service = self._addService(obj) + return config_service + ++ @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, ++ in_signature='sa{sv}', ++ out_signature='o') ++ @dbus_handle_exceptions ++ def addService2(self, service, settings, sender=None): ++ """add service with given name and settings ++ """ ++ service = dbus_to_python(service, str) ++ settings = dbus_to_python(settings) ++ log.debug1("config.addService2('%s')", service) ++ self.accessCheck(sender) ++ obj = self.config.new_service_dict(service, settings) ++ config_service = self._addService(obj) ++ return config_service ++ + @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG, signature='s') + @dbus_handle_exceptions + def ServiceAdded(self, service): +diff --git a/src/firewall/server/config_service.py b/src/firewall/server/config_service.py +index 05ded1c78da7..3236b3aee135 100644 +--- a/src/firewall/server/config_service.py ++++ b/src/firewall/server/config_service.py +@@ -32,7 +32,6 @@ from firewall import config + from firewall.dbus_utils import dbus_to_python, \ + dbus_introspection_prepare_properties, \ + dbus_introspection_add_properties +-from firewall.core.io.service import Service + from firewall.core.logger import log + from firewall.server.decorators import handle_exceptions, \ + dbus_handle_exceptions, dbus_service_method +@@ -173,7 +172,7 @@ class FirewallDConfigService(slip.dbus.service.Object): + # S E T T I N G S + + @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, +- out_signature=Service.DBUS_SIGNATURE) ++ out_signature='(sssa(ss)asa{ss}asa(ss))') + @dbus_handle_exceptions + def getSettings(self, sender=None): # pylint: disable=W0613 + """get settings for service +@@ -182,7 +181,16 @@ class FirewallDConfigService(slip.dbus.service.Object): + return self.config.get_service_config(self.obj) + + @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, +- in_signature=Service.DBUS_SIGNATURE) ++ out_signature='a{sv}') ++ @dbus_handle_exceptions ++ def getSettings2(self, sender=None): ++ """get settings for service ++ """ ++ log.debug1("%s.getSettings2()", self._log_prefix) ++ return self.config.get_service_config_dict(self.obj) ++ ++ @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, ++ in_signature='(sssa(ss)asa{ss}asa(ss))') + @dbus_handle_exceptions + def update(self, settings, sender=None): + """update settings for service +@@ -193,6 +201,16 @@ class FirewallDConfigService(slip.dbus.service.Object): + self.obj = self.config.set_service_config(self.obj, settings) + self.Updated(self.obj.name) + ++ @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, ++ in_signature='a{sv}') ++ @dbus_handle_exceptions ++ def update2(self, settings, sender=None): ++ settings = dbus_to_python(settings) ++ log.debug1("%s.update2('...')", self._log_prefix) ++ self.parent.accessCheck(sender) ++ self.obj = self.config.set_service_config_dict(self.obj, settings) ++ self.Updated(self.obj.name) ++ + @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE) + @dbus_handle_exceptions + def loadDefaults(self, sender=None): +diff --git a/src/firewall/server/firewalld.py b/src/firewall/server/firewalld.py +index 233160b64b18..06c2834c602e 100644 +--- a/src/firewall/server/firewalld.py ++++ b/src/firewall/server/firewalld.py +@@ -49,7 +49,6 @@ from firewall.dbus_utils import dbus_to_python, \ + from firewall.core.io.functions import check_config + from firewall.core.io.zone import Zone + from firewall.core.io.ipset import IPSet +-from firewall.core.io.service import Service + from firewall.core.io.icmptype import IcmpType + from firewall.core.io.helper import Helper + from firewall.core.fw_nm import nm_get_bus_name, nm_get_connection_of_interface, \ +@@ -916,7 +915,7 @@ class FirewallD(slip.dbus.service.Object): + + @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG_INFO) + @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='s', +- out_signature=Service.DBUS_SIGNATURE) ++ out_signature='(sssa(ss)asa{ss}asa(ss))') + @dbus_handle_exceptions + def getServiceSettings(self, service, sender=None): # pylint: disable=W0613 + # returns service settings for service +@@ -934,6 +933,16 @@ class FirewallD(slip.dbus.service.Object): + conf_list.append(conf_dict[obj.IMPORT_EXPORT_STRUCTURE[i][0]]) + return tuple(conf_list) + ++ @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG_INFO) ++ @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='s', ++ out_signature='a{sv}') ++ @dbus_handle_exceptions ++ def getServiceSettings2(self, service, sender=None): # pylint: disable=W0613 ++ service = dbus_to_python(service, str) ++ log.debug1("getServiceSettings2(%s)", service) ++ obj = self.fw.service.get_service(service) ++ return obj.export_config() ++ + @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_INFO) + @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', + out_signature='as') +-- +2.20.1 + diff --git a/SOURCES/0017-test-dbus-coverage-for-new-service-APIs.patch b/SOURCES/0017-test-dbus-coverage-for-new-service-APIs.patch new file mode 100644 index 0000000..a0afd2e --- /dev/null +++ b/SOURCES/0017-test-dbus-coverage-for-new-service-APIs.patch @@ -0,0 +1,186 @@ +From 99ecd06f1f6028bcf9bd7d4ece7f3ce8df39077b Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Tue, 25 Jun 2019 18:19:08 -0400 +Subject: [PATCH 17/20] test: dbus: coverage for new service APIs + +(cherry picked from commit 335f238481401e97f3a9bc6773295fe34c89962c) +--- + src/tests/dbus/service.at | 165 +++++++++++++++++++++++++++++++++++++- + 1 file changed, 164 insertions(+), 1 deletion(-) + +diff --git a/src/tests/dbus/service.at b/src/tests/dbus/service.at +index 579548d66509..8ad9334aaa56 100644 +--- a/src/tests/dbus/service.at ++++ b/src/tests/dbus/service.at +@@ -287,4 +287,167 @@ DBUS_CHECK([], [getServiceSettings], ["foobar"], 0, [dnl + [(('1.1', 'foobar new', 'foobar new service is for foobar', [('12345', 'udp'), ('2222', 'tcp')], ['ftp'], @a{ss} {}, ['icmp'], [('4321', 'tcp')]),)] + ]) + +-FWD_END_TEST ++ ++dnl =============== ++dnl New APIs tests ++dnl =============== ++ ++dnl modify service with new API that was created with old API ++dnl Verify old APIs also reflect the change. ++DBUS_CHECK([config], [config.addService], ++ ["foobar-old" dnl name ++ '("1.0", dnl version ++ "foobar-old", dnl short ++ "foobar-old service is for foobar-old", dnl description ++ @<:@("1234", "udp"), ("22", "tcp"), ("1234", "udp")@:>@, dnl ports, deliberate duplicate ++ @<:@"ftp"@:>@, dnl modules ++ {}, dnl destination ++ @<:@@:>@, dnl protocols ++ @<:@("4321", "tcp"), ("4321", "udp")@:>@ dnl source ports ++ )'dnl ++ ], 0, [stdout]) ++SERVICE_OBJ=[$(sed -e "s/.*config\/service\/\([^']\+\)['].*/\1/" ./stdout)] ++export SERVICE_OBJ ++DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.update2], ++ ['{"version": <"1.1">, ++ "includes": <@<:@"https"@:>@>, ++ "protocols": <@<:@"icmp"@:>@> ++ }'dnl ++ ], 0, [ignore]) ++ ++DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.getSettings], [], 0, [dnl ++ [(('1.1', 'foobar-old', 'foobar-old service is for foobar-old', [('1234', 'udp'), ('22', 'tcp')], ['ftp'], @a{ss} {}, ['icmp'], [('4321', 'tcp'), ('4321', 'udp')]),)] ++]) ++DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.getSettings2], [], 0, [dnl ++ ['description': <'foobar-old service is for foobar-old'> ++ 'includes': <['https']> ++ 'modules': <['ftp']> ++ 'ports': <[('1234', 'udp'), ('22', 'tcp')]> ++ 'protocols': <['icmp']> ++ 'short': <'foobar-old'> ++ 'source_ports': <[('4321', 'tcp'), ('4321', 'udp')]> ++ 'version': <'1.1'>] ++]) ++ ++FWD_RELOAD ++DBUS_CHECK([], [getServiceSettings], ["foobar-old"], 0, [dnl ++ [(('1.1', 'foobar-old', 'foobar-old service is for foobar-old', [('1234', 'udp'), ('22', 'tcp')], ['ftp'], @a{ss} {}, ['icmp'], [('4321', 'tcp'), ('4321', 'udp')]),)] ++]) ++DBUS_CHECK([], [getServiceSettings2], ["foobar-old"], 0, [dnl ++ ['description': <'foobar-old service is for foobar-old'> ++ 'includes': <['https']> ++ 'modules': <['ftp']> ++ 'ports': <[('1234', 'udp'), ('22', 'tcp')]> ++ 'protocols': <['icmp']> ++ 'short': <'foobar-old'> ++ 'source_ports': <[('4321', 'tcp'), ('4321', 'udp')]> ++ 'version': <'1.1'>] ++]) ++ ++dnl add service with new API ++DBUS_INTROSPECT([config], [[//method[@name="addService2"]]], 0, [dnl ++ ++ ++ ++ ++ ++]) ++DBUS_CHECK([config], [config.addService2], ++ ["foobar-dict" dnl name ++ '{"version": <"1.0">, ++ "short": <"foobar-dict">, ++ "description": <"foobar-dict service is for foobar-dict">, ++ "ports": <@<:@("1234", "udp"), ("22", "tcp"), ("1234", "udp")@:>@>, ++ "modules": <@<:@"ftp"@:>@>, ++ "destination": <{"ipv6": "1234::4321"}>, ++ "protocols": <@<:@"icmp", "igmp"@:>@>, ++ "source_ports": <@<:@("4321", "tcp"), ("4321", "udp")@:>@>, ++ "includes": <@<:@"https", "samba"@:>@> ++ }'dnl ++ ], 0, [stdout]) ++SERVICE_OBJ=[$(sed -e "s/.*config\/service\/\([^']\+\)['].*/\1/" ./stdout)] ++export SERVICE_OBJ ++ ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="getSettings2"]]], 0, [dnl ++ ++ ++ ++]) ++DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.getSettings2], [], 0, [dnl ++ ['description': <'foobar-dict service is for foobar-dict'> ++ 'destination': <{'ipv6': '1234::4321'}> ++ 'includes': <['https', 'samba']> ++ 'modules': <['ftp']> ++ 'ports': <[('1234', 'udp'), ('22', 'tcp')]> ++ 'protocols': <['icmp', 'igmp']> ++ 'short': <'foobar-dict'> ++ 'source_ports': <[('4321', 'tcp'), ('4321', 'udp')]> ++ 'version': <'1.0'>] ++]) ++ ++dnl New API allows partial updates to service object ++DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="update2"]]], 0, [dnl ++ ++ ++ ++]) ++DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.update2], ++ ['{"version": <"1.1">, ++ "includes": <@<:@"https", "samba", "http"@:>@> ++ }'dnl ++ ], 0, [ignore]) ++DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.getSettings2], [], 0, [dnl ++ ['description': <'foobar-dict service is for foobar-dict'> ++ 'destination': <{'ipv6': '1234::4321'}> ++ 'includes': <['https', 'samba', 'http']> ++ 'modules': <['ftp']> ++ 'ports': <[('1234', 'udp'), ('22', 'tcp')]> ++ 'protocols': <['icmp', 'igmp']> ++ 'short': <'foobar-dict'> ++ 'source_ports': <[('4321', 'tcp'), ('4321', 'udp')]> ++ 'version': <'1.1'>] ++]) ++ ++dnl To zero a field you have to set it with an empty value ++DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.update2], ++ ['{"version": <"1.2">, ++ "includes": <@as @<:@@:>@> ++ }'dnl ++ ], 0, [ignore]) ++DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.getSettings2], [], 0, [dnl ++ ['description': <'foobar-dict service is for foobar-dict'> ++ 'destination': <{'ipv6': '1234::4321'}> ++ 'modules': <['ftp']> ++ 'ports': <[('1234', 'udp'), ('22', 'tcp')]> ++ 'protocols': <['icmp', 'igmp']> ++ 'short': <'foobar-dict'> ++ 'source_ports': <[('4321', 'tcp'), ('4321', 'udp')]> ++ 'version': <'1.2'>] ++]) ++ ++FWD_RELOAD ++DBUS_INTROSPECT([], [[//method[@name="getServiceSettings2"]]], 0, [dnl ++ ++ ++ ++ ++]) ++DBUS_CHECK([], [getServiceSettings2], ["foobar-dict"], 0, [dnl ++ ['description': <'foobar-dict service is for foobar-dict'> ++ 'destination': <{'ipv6': '1234::4321'}> ++ 'modules': <['ftp']> ++ 'ports': <[('1234', 'udp'), ('22', 'tcp')]> ++ 'protocols': <['icmp', 'igmp']> ++ 'short': <'foobar-dict'> ++ 'source_ports': <[('4321', 'tcp'), ('4321', 'udp')]> ++ 'version': <'1.2'>] ++]) ++ ++dnl bogus arguments ++DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.update2], ++ ['{"version": <"1.3">, ++ "thisdoesnotexist": <""> ++ }'dnl ++ ], 1, [ignore], [ignore]) ++ ++FWD_END_TEST([-e '/ERROR: INVALID_OPTION: service option/d']) +-- +2.20.1 + diff --git a/SOURCES/0018-fix-client-service-use-dict-based-dbus-APIs.patch b/SOURCES/0018-fix-client-service-use-dict-based-dbus-APIs.patch new file mode 100644 index 0000000..5986101 --- /dev/null +++ b/SOURCES/0018-fix-client-service-use-dict-based-dbus-APIs.patch @@ -0,0 +1,107 @@ +From f0e4beea7c96478661dd1e3088392400f7cec66e Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Wed, 26 Jun 2019 15:07:16 -0400 +Subject: [PATCH 18/20] fix: client: service: use dict based dbus APIs + +Fixes: 1fc208bf9317 ("feat: service includes") +(cherry picked from commit 632380e6efcdfd2282216002bd92f8f6d96467b9) +--- + src/firewall/client.py | 51 ++++++++++++++++++++++++++++++++++-------- + 1 file changed, 42 insertions(+), 9 deletions(-) + +diff --git a/src/firewall/client.py b/src/firewall/client.py +index 242c3a0ab0f4..3c4ea5c63559 100644 +--- a/src/firewall/client.py ++++ b/src/firewall/client.py +@@ -818,15 +818,46 @@ class FirewallClientConfigZone(object): + class FirewallClientServiceSettings(object): + @handle_exceptions + def __init__(self, settings=None): ++ self.settings = ["", "", "", [], [], {}, [], [], []] ++ self.settings_name = ["version", "short", "description", "ports", ++ "modules", "destination", "protocols", ++ "source_ports", "includes"] ++ self.settings_dbus_type = ["s", "s", "s", "(ss)", ++ "s", "ss", "s", ++ "(ss)", "s"] + if settings: +- self.settings = settings +- else: +- self.settings = ["", "", "", [], [], {}, [], [], []] ++ if type(settings) is list: ++ for i,v in enumerate(settings): ++ self.settings[i] = settings[i] ++ elif type(settings) is dict: ++ self.setSettingsDict(settings) + + @handle_exceptions + def __repr__(self): + return '%s(%r)' % (self.__class__, self.settings) + ++ @handle_exceptions ++ def getSettingsDict(self): ++ settings = {} ++ for key,value in zip(self.settings_name, self.settings): ++ settings[key] = value ++ return settings ++ @handle_exceptions ++ def setSettingsDict(self, settings): ++ for key in settings: ++ self.settings[self.settings_name.index(key)] = settings[key] ++ @handle_exceptions ++ def getSettingsDbusDict(self): ++ settings = {} ++ for key,value,sig in zip(self.settings_name, self.settings, self.settings_dbus_type): ++ if type(value) is list: ++ settings[key] = dbus.Array(value, signature=sig) ++ elif type(value) is dict: ++ settings[key] = dbus.Dictionary(value, signature=sig) ++ else: ++ settings[key] = value ++ return settings ++ + @handle_exceptions + def getVersion(self): + return self.settings[0] +@@ -1467,13 +1498,13 @@ class FirewallClientConfigService(object): + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def getSettings(self): +- return FirewallClientServiceSettings(list(dbus_to_python(\ +- self.fw_service.getSettings()))) ++ return FirewallClientServiceSettings(dbus_to_python( ++ self.fw_service.getSettings2())) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def update(self, settings): +- self.fw_service.update(tuple(settings.settings)) ++ self.fw_service.update2(settings.getSettingsDbusDict()) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions +@@ -2431,7 +2462,9 @@ class FirewallClientConfig(object): + @handle_exceptions + def addService(self, name, settings): + if isinstance(settings, FirewallClientServiceSettings): +- path = self.fw_config.addService(name, tuple(settings.settings)) ++ path = self.fw_config.addService2(name, settings.getSettingsDbusDict()) ++ elif type(settings) is dict: ++ path = self.fw_config.addService2(name, settings) + else: + path = self.fw_config.addService(name, tuple(settings)) + return FirewallClientConfigService(self.bus, path) +@@ -2899,8 +2932,8 @@ class FirewallClient(object): + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def getServiceSettings(self, service): +- return FirewallClientServiceSettings(list(dbus_to_python(\ +- self.fw.getServiceSettings(service)))) ++ return FirewallClientServiceSettings(dbus_to_python( ++ self.fw.getServiceSettings2(service))) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions +-- +2.20.1 + diff --git a/SOURCES/0019-fix-firewall-offline-cmd-service-use-dict-based-APIs.patch b/SOURCES/0019-fix-firewall-offline-cmd-service-use-dict-based-APIs.patch new file mode 100644 index 0000000..fb1d7e0 --- /dev/null +++ b/SOURCES/0019-fix-firewall-offline-cmd-service-use-dict-based-APIs.patch @@ -0,0 +1,155 @@ +From 588b7960abb8a6191fb8e8e5974d52c961d3aa67 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Tue, 2 Jul 2019 15:53:29 -0400 +Subject: [PATCH 19/20] fix: firewall-offline-cmd: service: use dict based APIs + +Fixes: ce631f8515a6 ("feat: CLI: service includes") +(cherry picked from commit 91c1434de8617f547576355ce3028a1bd67f408f) +--- + src/firewall-offline-cmd.in | 36 ++++++++++++++++++------------------ + 1 file changed, 18 insertions(+), 18 deletions(-) + +diff --git a/src/firewall-offline-cmd.in b/src/firewall-offline-cmd.in +index 1a8315f8e230..91736c1fafc5 100755 +--- a/src/firewall-offline-cmd.in ++++ b/src/firewall-offline-cmd.in +@@ -1245,8 +1245,8 @@ try: + cmd.print_and_exit(" ".join(services)) + + elif a.new_service: +- fw.config.new_service(a.new_service, +- FirewallClientServiceSettings().settings) ++ fw.config.new_service_dict(a.new_service, ++ FirewallClientServiceSettings().getSettingsDict()) + + elif a.new_service_from_file: + filename = os.path.basename(a.new_service_from_file) +@@ -1287,7 +1287,7 @@ try: + elif a.info_service: + service = fw.config.get_service(a.info_service) + settings = FirewallClientServiceSettings( +- list(fw.config.get_service_config(service))) ++ fw.config.get_service_config_dict(service)) + cmd.print_service_info(a.info_service, settings) + sys.exit(0) + +@@ -1402,17 +1402,17 @@ try: + elif a.service and options_service: + service = fw.config.get_service(a.service) + settings = FirewallClientServiceSettings( +- list(fw.config.get_service_config(service))) ++ fw.config.get_service_config_dict(service)) + + if a.add_port: + cmd.add_sequence(a.add_port, settings.addPort, + settings.queryPort, cmd.parse_port, "%s/%s") +- fw.config.set_service_config(service, settings.settings) ++ fw.config.set_service_config_dict(service, settings.getSettingsDict()) + + elif a.remove_port: + cmd.remove_sequence(a.remove_port, settings.removePort, + settings.queryPort, cmd.parse_port, "%s/%s") +- fw.config.set_service_config(service, settings.settings) ++ fw.config.set_service_config_dict(service, settings.getSettingsDict()) + + elif a.query_port: + cmd.query_sequence(a.query_port, settings.queryPort, +@@ -1425,12 +1425,12 @@ try: + elif a.add_protocol: + cmd.add_sequence(a.add_protocol, settings.addProtocol, + settings.queryProtocol, None, "'%s'") +- fw.config.set_service_config(service, settings.settings) ++ fw.config.set_service_config_dict(service, settings.getSettingsDict()) + + elif a.remove_protocol: + cmd.remove_sequence(a.remove_protocol, settings.removeProtocol, + settings.queryProtocol, None, "'%s'") +- fw.config.set_service_config(service, settings.settings) ++ fw.config.set_service_config_dict(service, settings.getSettingsDict()) + + elif a.query_protocol: + cmd.query_sequence(a.query_protocol, settings.queryProtocol, +@@ -1443,13 +1443,13 @@ try: + elif a.add_source_port: + cmd.add_sequence(a.add_source_port, settings.addSourcePort, + settings.querySourcePort, cmd.parse_port, "%s/%s") +- fw.config.set_service_config(service, settings.settings) ++ fw.config.set_service_config_dict(service, settings.getSettingsDict()) + + elif a.remove_source_port: + cmd.remove_sequence(a.remove_source_port, settings.removeSourcePort, + settings.querySourcePort, cmd.parse_port, + "%s/%s") +- fw.config.set_service_config(service, settings.settings) ++ fw.config.set_service_config_dict(service, settings.getSettingsDict()) + + elif a.query_source_port: + cmd.query_sequence(a.query_source_port, settings.querySourcePort, +@@ -1462,12 +1462,12 @@ try: + elif a.add_module: + cmd.add_sequence(a.add_module, settings.addModule, + settings.queryModule, None, "'%s'") +- fw.config.set_service_config(service, settings.settings) ++ fw.config.set_service_config_dict(service, settings.getSettingsDict()) + + elif a.remove_module: + cmd.remove_sequence(a.remove_module, settings.removeModule, + settings.queryModule, None, "'%s'") +- fw.config.set_service_config(service, settings.settings) ++ fw.config.set_service_config_dict(service, settings.getSettingsDict()) + + elif a.query_module: + cmd.query_sequence(a.query_module, settings.queryModule, +@@ -1481,7 +1481,7 @@ try: + cmd.add_sequence(a.set_destination, settings.setDestination, + settings.queryDestination, + cmd.parse_service_destination, "%s:%s") +- fw.config.set_service_config(service, settings.settings) ++ fw.config.set_service_config_dict(service, settings.getSettingsDict()) + + elif a.remove_destination: + # special case for removeDestination: Only ipv, no address +@@ -1496,7 +1496,7 @@ try: + code) + else: + settings.removeDestination(ipv) +- fw.config.set_service_config(service, settings.settings) ++ fw.config.set_service_config_dict(service, settings.getSettingsDict()) + + elif a.query_destination: + cmd.query_sequence(a.query_destination, settings.queryDestination, +@@ -1509,12 +1509,12 @@ try: + elif a.add_include: + cmd.add_sequence(a.add_include, settings.addInclude, + settings.queryInclude, None, "'%s'") +- fw.config.set_service_config(service, settings.settings) ++ fw.config.set_service_config_dict(service, settings.getSettingsDict()) + + elif a.remove_include: + cmd.remove_sequence(a.remove_include, settings.removeInclude, + settings.queryInclude, None, "'%s'") +- fw.config.set_service_config(service, settings.settings) ++ fw.config.set_service_config_dict(service, settings.getSettingsDict()) + + elif a.query_include: + cmd.query_sequence(a.query_include, settings.queryInclude, +@@ -1526,14 +1526,14 @@ try: + + elif a.set_description: + settings.setDescription(a.set_description) +- fw.config.set_service_config(service, settings.settings) ++ fw.config.set_service_config_dict(service, settings.getSettingsDict()) + + elif a.get_description: + cmd.print_and_exit(settings.getDescription()) + + elif a.set_short: + settings.setShort(a.set_short) +- fw.config.set_service_config(service, settings.settings) ++ fw.config.set_service_config_dict(service, settings.getSettingsDict()) + + elif a.get_short: + cmd.print_and_exit(settings.getShort()) +-- +2.20.1 + diff --git a/SOURCES/0020-fix-direct-removeRules-was-mistakenly-removing-all-r.patch b/SOURCES/0020-fix-direct-removeRules-was-mistakenly-removing-all-r.patch new file mode 100644 index 0000000..e3eac4f --- /dev/null +++ b/SOURCES/0020-fix-direct-removeRules-was-mistakenly-removing-all-r.patch @@ -0,0 +1,34 @@ +From b91b7cbeeb62cb2ba316918acd0e60a53ed676aa Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Fri, 26 Jul 2019 13:32:44 -0400 +Subject: [PATCH 20/26] fix: direct: removeRules() was mistakenly removing all + rules + +Only remove the rules that match the specified criteria (ipv, table, +chain). + +Fixes: #385 +Fixes: rhbz 1723610 +(cherry picked from commit 174005b15059db054b2f8dcf3b35c23fcbaf44ec) +--- + src/firewall/server/config.py | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/firewall/server/config.py b/src/firewall/server/config.py +index e03c4984e058..b1b839da82ea 100644 +--- a/src/firewall/server/config.py ++++ b/src/firewall/server/config.py +@@ -1422,7 +1422,9 @@ class FirewallDConfig(slip.dbus.service.Object): + (ipv, table, chain, )) + self.accessCheck(sender) + settings = list(self.getSettings()) +- settings[1] = [] ++ for rule in settings[1]: ++ if (ipv, table, chain) == (rule[0], rule[1], rule[2]): ++ settings[1].remove(rule) + self.update(tuple(settings)) + + @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, +-- +2.20.1 + diff --git a/SOURCES/0021-test-coverage-for-rhbz-1723610-and-gh-385.patch b/SOURCES/0021-test-coverage-for-rhbz-1723610-and-gh-385.patch new file mode 100644 index 0000000..6ae5710 --- /dev/null +++ b/SOURCES/0021-test-coverage-for-rhbz-1723610-and-gh-385.patch @@ -0,0 +1,60 @@ +From 53a4e15b72087a84bc59b69936d6bdaa91fa15fd Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Fri, 26 Jul 2019 08:26:50 -0400 +Subject: [PATCH 21/26] test: coverage for rhbz 1723610 and gh #385 + +(cherry picked from commit 75fc4876dbfbdb1de09a67c48630fa8503ed152d) +--- + src/tests/regression.at | 1 + + src/tests/regression/rhbz1723610.at | 30 +++++++++++++++++++++++++++++ + 2 files changed, 31 insertions(+) + create mode 100644 src/tests/regression/rhbz1723610.at + +diff --git a/src/tests/regression.at b/src/tests/regression.at +index 3438c97f4633..919fc32f9bfb 100644 +--- a/src/tests/regression.at ++++ b/src/tests/regression.at +@@ -21,3 +21,4 @@ m4_include([regression/gh478.at]) + m4_include([regression/gh453.at]) + m4_include([regression/gh258.at]) + m4_include([regression/rhbz1715977.at]) ++m4_include([regression/rhbz1723610.at]) +diff --git a/src/tests/regression/rhbz1723610.at b/src/tests/regression/rhbz1723610.at +new file mode 100644 +index 000000000000..f020141e1808 +--- /dev/null ++++ b/src/tests/regression/rhbz1723610.at +@@ -0,0 +1,30 @@ ++FWD_START_TEST([direct remove-rules per family]) ++AT_KEYWORDS(direct rhbz1723610 gh385) ++ ++FWD_CHECK([-q --permanent --direct --add-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT]) ++FWD_CHECK([--permanent --direct --get-all-rules], 0, [dnl ++ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ++]) ++FWD_RELOAD ++FWD_CHECK([--direct --get-all-rules], 0, [dnl ++ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ++]) ++ ++FWD_CHECK([-q --permanent --direct --remove-rules ipv6 filter input]) ++FWD_CHECK([-q --permanent --direct --remove-rules ipv4 filter INPUT]) ++FWD_CHECK([--permanent --direct --get-all-rules], 0, [dnl ++ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ++]) ++FWD_RELOAD ++FWD_CHECK([--direct --get-all-rules], 0, [dnl ++ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ++]) ++FWD_CHECK([-q --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT]) ++FWD_CHECK([-q --direct --add-rule ipv6 filter INPUT 0 -p tcp --dport 22 -j ACCEPT]) ++FWD_CHECK([-q --direct --remove-rules ipv4 filter OUTPUT]) ++FWD_CHECK([--direct --get-all-rules], 0, [dnl ++ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT ++ipv6 filter INPUT 0 -p tcp --dport 22 -j ACCEPT ++]) ++ ++FWD_END_TEST +-- +2.20.1 + diff --git a/SOURCES/0022-fix-tests-regression-rhbz1723610-make-output-reliabl.patch b/SOURCES/0022-fix-tests-regression-rhbz1723610-make-output-reliabl.patch new file mode 100644 index 0000000..703ddf2 --- /dev/null +++ b/SOURCES/0022-fix-tests-regression-rhbz1723610-make-output-reliabl.patch @@ -0,0 +1,32 @@ +From 395720e73e84b9b92bd92c5297faf7caa5d10242 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Fri, 26 Jul 2019 13:56:54 -0400 +Subject: [PATCH 22/26] fix: tests/regression/rhbz1723610: make output reliable + +The rule listing is unordered, so lets make it reliable. + +Fixes: 75fc4876dbfb ("test: coverage for rhbz 1723610 and gh #385") +(cherry picked from commit 645fc816c09d2d5f767fcecf4bea3d61219780e9) +--- + src/tests/regression/rhbz1723610.at | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/src/tests/regression/rhbz1723610.at b/src/tests/regression/rhbz1723610.at +index f020141e1808..3eccc0436ed7 100644 +--- a/src/tests/regression/rhbz1723610.at ++++ b/src/tests/regression/rhbz1723610.at +@@ -19,11 +19,9 @@ FWD_RELOAD + FWD_CHECK([--direct --get-all-rules], 0, [dnl + ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT + ]) +-FWD_CHECK([-q --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT]) + FWD_CHECK([-q --direct --add-rule ipv6 filter INPUT 0 -p tcp --dport 22 -j ACCEPT]) + FWD_CHECK([-q --direct --remove-rules ipv4 filter OUTPUT]) + FWD_CHECK([--direct --get-all-rules], 0, [dnl +-ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT + ipv6 filter INPUT 0 -p tcp --dport 22 -j ACCEPT + ]) + +-- +2.20.1 + diff --git a/SOURCES/0023-fix-tests-regression-rhbz1723610-avoid-calling-IPv6-.patch b/SOURCES/0023-fix-tests-regression-rhbz1723610-avoid-calling-IPv6-.patch new file mode 100644 index 0000000..631d6d9 --- /dev/null +++ b/SOURCES/0023-fix-tests-regression-rhbz1723610-avoid-calling-IPv6-.patch @@ -0,0 +1,35 @@ +From 05d7ecbd8d50e4b80c64443a8351bc943b4bf4a0 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Fri, 26 Jul 2019 14:17:28 -0400 +Subject: [PATCH 23/26] fix: tests/regression/rhbz1723610: avoid calling IPv6 + backend + +We support running without IPv6, so calling the backend in the test +case. + +Fixes: 75fc4876dbfb ("test: coverage for rhbz 1723610 and gh #385") +(cherry picked from commit 38978bfde28a3fea9fb4cc61d2bb30ee5474e341) +--- + src/tests/regression/rhbz1723610.at | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/tests/regression/rhbz1723610.at b/src/tests/regression/rhbz1723610.at +index 3eccc0436ed7..35feed2bda9f 100644 +--- a/src/tests/regression/rhbz1723610.at ++++ b/src/tests/regression/rhbz1723610.at +@@ -19,10 +19,10 @@ FWD_RELOAD + FWD_CHECK([--direct --get-all-rules], 0, [dnl + ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT + ]) +-FWD_CHECK([-q --direct --add-rule ipv6 filter INPUT 0 -p tcp --dport 22 -j ACCEPT]) ++FWD_CHECK([-q --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT]) + FWD_CHECK([-q --direct --remove-rules ipv4 filter OUTPUT]) + FWD_CHECK([--direct --get-all-rules], 0, [dnl +-ipv6 filter INPUT 0 -p tcp --dport 22 -j ACCEPT ++ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT + ]) + + FWD_END_TEST +-- +2.20.1 + diff --git a/SOURCES/0024-fix-guarantee-zone-source-dispatch-is-sorted-by-zone.patch b/SOURCES/0024-fix-guarantee-zone-source-dispatch-is-sorted-by-zone.patch new file mode 100644 index 0000000..c30118d --- /dev/null +++ b/SOURCES/0024-fix-guarantee-zone-source-dispatch-is-sorted-by-zone.patch @@ -0,0 +1,871 @@ +From 9cecc7729a8d44fcdec9a4852545286cb7eb8fad Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Wed, 31 Jul 2019 13:57:10 -0400 +Subject: [PATCH 24/26] fix: guarantee zone source dispatch is sorted by zone + name + +Apparently users depend on firewalld sorting zone dispatch for sources +by the zone name. This is used to specify precedence for overlapping +address spaces. + +Since we have to track rule positions of source based dispatch we might +as well abuse this and combine the source/interface dispatch into a +single chain. + +Fixes: rhbz 1734765 +Fixes: 70993581d79b ("fix: do not allow zone drifting") +(cherry picked from commit afc35c20e58b00b81cd2e1f3e863b3b3bac37c77) +--- + src/firewall/core/ipXtables.py | 88 ++++++++--- + src/firewall/core/nftables.py | 71 +++++++-- + src/tests/firewall-cmd.at | 14 +- + src/tests/regression/gh258.at | 277 ++++++++++----------------------- + 4 files changed, 211 insertions(+), 239 deletions(-) + +diff --git a/src/firewall/core/ipXtables.py b/src/firewall/core/ipXtables.py +index 9055e9566d15..2f4ec46d8339 100644 +--- a/src/firewall/core/ipXtables.py ++++ b/src/firewall/core/ipXtables.py +@@ -178,6 +178,7 @@ class ip4tables(object): + self.fill_exists() + self.available_tables = [] + self.rich_rule_priority_counts = {} ++ self.zone_source_index_cache = [] + self.our_chains = {} # chains created by firewalld + + def fill_exists(self): +@@ -289,6 +290,44 @@ class ip4tables(object): + chain = args[i+1] + return (table, chain) + ++ def _run_replace_zone_source(self, rule, zone_source_index_cache): ++ try: ++ i = rule.index("%%ZONE_SOURCE%%") ++ rule.pop(i) ++ zone = rule.pop(i) ++ if "-m" == rule[4]: # ipset/mac ++ zone_source = (zone, rule[7]) # (zone, address) ++ else: ++ zone_source = (zone, rule[5]) # (zone, address) ++ except ValueError: ++ try: ++ i = rule.index("%%ZONE_INTERFACE%%") ++ rule.pop(i) ++ zone_source = None ++ except ValueError: ++ return ++ ++ rule_add = True ++ if rule[0] in ["-D", "--delete"]: ++ rule_add = False ++ ++ if zone_source and not rule_add: ++ if zone_source in zone_source_index_cache: ++ zone_source_index_cache.remove(zone_source) ++ elif rule_add: ++ if zone_source: ++ # order source based dispatch by zone name ++ if zone_source not in zone_source_index_cache: ++ zone_source_index_cache.append(zone_source) ++ zone_source_index_cache.sort(key=lambda x: x[0]) ++ ++ index = zone_source_index_cache.index(zone_source) ++ else: ++ index = len(zone_source_index_cache) ++ ++ rule[0] = "-I" ++ rule.insert(2, "%d" % (index + 1)) ++ + def _set_rule_replace_rich_rule_priority(self, rule, rich_rule_priority_counts): + """ + Change something like +@@ -374,6 +413,7 @@ class ip4tables(object): + + table_rules = { } + rich_rule_priority_counts = copy.deepcopy(self.rich_rule_priority_counts) ++ zone_source_index_cache = copy.deepcopy(self.zone_source_index_cache) + for _rule in rules: + rule = _rule[:] + +@@ -398,6 +438,7 @@ class ip4tables(object): + rule.pop(i) + + self._set_rule_replace_rich_rule_priority(rule, rich_rule_priority_counts) ++ self._run_replace_zone_source(rule, zone_source_index_cache) + + table = "filter" + # get table form rule +@@ -461,6 +502,7 @@ class ip4tables(object): + raise ValueError("'%s %s' failed: %s" % (self._restore_command, + " ".join(args), ret)) + self.rich_rule_priority_counts = rich_rule_priority_counts ++ self.zone_source_index_cache = zone_source_index_cache + return ret + + def set_rule(self, rule, log_denied): +@@ -485,9 +527,14 @@ class ip4tables(object): + rule.pop(i) + + rich_rule_priority_counts = copy.deepcopy(self.rich_rule_priority_counts) ++ zone_source_index_cache = copy.deepcopy(self.zone_source_index_cache) + self._set_rule_replace_rich_rule_priority(rule, rich_rule_priority_counts) ++ self._run_replace_zone_source(rule, zone_source_index_cache) ++ + output = self.__run(rule) ++ + self.rich_rule_priority_counts = rich_rule_priority_counts ++ self.zone_source_index_cache = zone_source_index_cache + return output + + def get_available_tables(self, table=None): +@@ -539,6 +586,7 @@ class ip4tables(object): + + def build_flush_rules(self): + self.rich_rule_priority_counts = {} ++ self.zone_source_index_cache = [] + rules = [] + for table in BUILT_IN_CHAINS.keys(): + if not self.get_available_tables(table): +@@ -620,10 +668,8 @@ class ip4tables(object): + + if chain == "PREROUTING": + default_rules["raw"].append("-N %s_ZONES" % chain) +- default_rules["raw"].append("-N %s_ZONES_IFACES" % chain) + default_rules["raw"].append("-A %s -j %s_ZONES" % (chain, chain)) +- default_rules["raw"].append("-A %s_ZONES -g %s_ZONES_IFACES" % (chain, chain)) +- self.our_chains["raw"].update(set(["%s_ZONES" % chain, "%s_ZONES_IFACES" % chain])) ++ self.our_chains["raw"].update(set(["%s_ZONES" % chain])) + + if self.get_available_tables("mangle"): + default_rules["mangle"] = [ ] +@@ -635,10 +681,8 @@ class ip4tables(object): + + if chain == "PREROUTING": + default_rules["mangle"].append("-N %s_ZONES" % chain) +- default_rules["mangle"].append("-N %s_ZONES_IFACES" % chain) + default_rules["mangle"].append("-A %s -j %s_ZONES" % (chain, chain)) +- default_rules["mangle"].append("-A %s_ZONES -g %s_ZONES_IFACES" % (chain, chain)) +- self.our_chains["mangle"].update(set(["%s_ZONES" % chain, "%s_ZONES_IFACES" % chain])) ++ self.our_chains["mangle"].update(set(["%s_ZONES" % chain])) + + if self.get_available_tables("nat"): + default_rules["nat"] = [ ] +@@ -650,21 +694,17 @@ class ip4tables(object): + + if chain in [ "PREROUTING", "POSTROUTING" ]: + default_rules["nat"].append("-N %s_ZONES" % chain) +- default_rules["nat"].append("-N %s_ZONES_IFACES" % chain) + default_rules["nat"].append("-A %s -j %s_ZONES" % (chain, chain)) +- default_rules["nat"].append("-A %s_ZONES -g %s_ZONES_IFACES" % (chain, chain)) +- self.our_chains["nat"].update(set(["%s_ZONES" % chain, "%s_ZONES_IFACES" % chain])) ++ self.our_chains["nat"].update(set(["%s_ZONES" % chain])) + + default_rules["filter"] = [ + "-N INPUT_direct", + "-N INPUT_ZONES", +- "-N INPUT_ZONES_IFACES", + + "-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED,DNAT -j ACCEPT", + "-A INPUT -i lo -j ACCEPT", + "-A INPUT -j INPUT_direct", + "-A INPUT -j INPUT_ZONES", +- "-A INPUT_ZONES -g INPUT_ZONES_IFACES", + ] + if log_denied != "off": + default_rules["filter"].append("-A INPUT -m conntrack --ctstate INVALID %%LOGTYPE%% -j LOG --log-prefix 'STATE_INVALID_DROP: '") +@@ -677,16 +717,12 @@ class ip4tables(object): + "-N FORWARD_direct", + "-N FORWARD_IN_ZONES", + "-N FORWARD_OUT_ZONES", +- "-N FORWARD_IN_ZONES_IFACES", +- "-N FORWARD_OUT_ZONES_IFACES", + + "-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED,DNAT -j ACCEPT", + "-A FORWARD -i lo -j ACCEPT", + "-A FORWARD -j FORWARD_direct", + "-A FORWARD -j FORWARD_IN_ZONES", + "-A FORWARD -j FORWARD_OUT_ZONES", +- "-A FORWARD_IN_ZONES -g FORWARD_IN_ZONES_IFACES", +- "-A FORWARD_OUT_ZONES -g FORWARD_OUT_ZONES_IFACES", + ] + if log_denied != "off": + default_rules["filter"].append("-A FORWARD -m conntrack --ctstate INVALID %%LOGTYPE%% -j LOG --log-prefix 'STATE_INVALID_DROP: '") +@@ -702,10 +738,9 @@ class ip4tables(object): + "-A OUTPUT -j OUTPUT_direct", + ] + +- self.our_chains["filter"] = set(["INPUT_direct", "INPUT_ZONES", "INPUT_ZONES_IFACES" ++ self.our_chains["filter"] = set(["INPUT_direct", "INPUT_ZONES", + "FORWARD_direct", "FORWARD_IN_ZONES", +- "FORWARD_IN_ZONES_IFACES" "FORWARD_OUT_ZONES", +- "FORWARD_OUT_ZONES_IFACES", "OUTPUT_direct"]) ++ "FORWARD_OUT_ZONES", "OUTPUT_direct"]) + + final_default_rules = [] + for table in default_rules: +@@ -748,11 +783,13 @@ class ip4tables(object): + action = "-g" + + if enable and not append: +- rule = [ "-I", "%s_ZONES_IFACES" % chain, "1" ] ++ rule = [ "-I", "%s_ZONES" % chain, "%%ZONE_INTERFACE%%" ] + elif enable: +- rule = [ "-A", "%s_ZONES_IFACES" % chain ] ++ rule = [ "-A", "%s_ZONES" % chain ] + else: +- rule = [ "-D", "%s_ZONES_IFACES" % chain ] ++ rule = [ "-D", "%s_ZONES" % chain ] ++ if not append: ++ rule += ["%%ZONE_INTERFACE%%"] + rule += [ "-t", table, opt, interface, action, target ] + return [rule] + +@@ -780,7 +817,8 @@ class ip4tables(object): + opt = "src" + flags = ",".join([opt] * self._fw.ipset.get_dimension(name)) + rule = [ add_del, +- "%s_ZONES" % chain, "-t", table, ++ "%s_ZONES" % chain, "%%ZONE_SOURCE%%", zone, ++ "-t", table, + "-m", "set", "--match-set", name, + flags, action, target ] + else: +@@ -789,12 +827,14 @@ class ip4tables(object): + if opt == "-d": + return "" + rule = [ add_del, +- "%s_ZONES" % chain, "-t", table, ++ "%s_ZONES" % chain, "%%ZONE_SOURCE%%", zone, ++ "-t", table, + "-m", "mac", "--mac-source", address.upper(), + action, target ] + else: + rule = [ add_del, +- "%s_ZONES" % chain, "-t", table, ++ "%s_ZONES" % chain, "%%ZONE_SOURCE%%", zone, ++ "-t", table, + opt, address, action, target ] + return [rule] + +diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py +index ba52a0e87493..c0b48f1501fd 100644 +--- a/src/firewall/core/nftables.py ++++ b/src/firewall/core/nftables.py +@@ -157,6 +157,7 @@ class nftables(object): + self.rule_to_handle = {} + self.rule_ref_count = {} + self.rich_rule_priority_counts = {} ++ self.zone_source_index_cache = {} + self.used_families = ["inet", "ip", "ip6"] + + def fill_exists(self): +@@ -171,6 +172,48 @@ class nftables(object): + raise FirewallError(INVALID_RULE, "position/handle not allowed in rule") + return " ".join([str(x) for x in rule_key]) + ++ def _run_replace_zone_source(self, rule_add, rule, zone_source_index_cache): ++ try: ++ i = rule.index("%%ZONE_SOURCE%%") ++ rule.pop(i) ++ zone = rule.pop(i) ++ zone_source = (zone, rule[7]) # (zone, address) ++ except ValueError: ++ try: ++ i = rule.index("%%ZONE_INTERFACE%%") ++ rule.pop(i) ++ zone_source = None ++ except ValueError: ++ return ++ ++ family = rule[2] ++ ++ if zone_source and not rule_add: ++ if family in zone_source_index_cache and \ ++ zone_source in zone_source_index_cache[family]: ++ zone_source_index_cache[family].remove(zone_source) ++ elif rule_add: ++ if family not in zone_source_index_cache: ++ zone_source_index_cache[family] = [] ++ ++ if zone_source: ++ # order source based dispatch by zone name ++ if zone_source not in zone_source_index_cache[family]: ++ zone_source_index_cache[family].append(zone_source) ++ zone_source_index_cache[family].sort(key=lambda x: x[0]) ++ ++ index = zone_source_index_cache[family].index(zone_source) ++ else: ++ index = len(zone_source_index_cache[family]) ++ ++ if index == 0: ++ rule[0] = "insert" ++ else: ++ index -= 1 # point to the rule before insertion point ++ rule[0] = "add" ++ rule.insert(i, "index") ++ rule.insert(i+1, "%d" % index) ++ + def __run(self, args): + nft_opts = ["--echo", "--handle"] + _args = args[:] +@@ -257,6 +300,10 @@ class nftables(object): + _args.insert(i, "index") + _args.insert(i+1, "%d" % index) + ++ if rule_key: ++ zone_source_index_cache = copy.deepcopy(self.zone_source_index_cache) ++ self._run_replace_zone_source(rule_add, _args, zone_source_index_cache) ++ + if not rule_key or (not rule_add and self.rule_ref_count[rule_key] == 0) \ + or ( rule_add and rule_key not in self.rule_ref_count): + +@@ -274,6 +321,7 @@ class nftables(object): + + if rule_key: + self.rich_rule_priority_counts = rich_rule_priority_counts ++ self.zone_source_index_cache = zone_source_index_cache + + # nft requires deleting rules by handle. So we must cache the rule + # handle when adding/inserting rules. +@@ -362,6 +410,7 @@ class nftables(object): + self.rule_to_handle = saved_rule_to_handle + self.rule_ref_count = saved_rule_ref_count + self.rich_rule_priority_counts = {} ++ self.zone_source_index_cache = {} + + rules = [] + for family in self.used_families: +@@ -440,9 +489,7 @@ class nftables(object): + + for chain in ["PREROUTING"]: + default_rules.append("add chain inet %s raw_%s_ZONES" % (TABLE_NAME, chain)) +- default_rules.append("add chain inet %s raw_%s_ZONES_IFACES" % (TABLE_NAME, chain)) + default_rules.append("add rule inet %s raw_%s jump raw_%s_ZONES" % (TABLE_NAME, chain, chain)) +- default_rules.append("add rule inet %s raw_%s_ZONES goto raw_%s_ZONES_IFACES" % (TABLE_NAME, chain, chain)) + + for chain in IPTABLES_TO_NFT_HOOK["mangle"].keys(): + default_rules.append("add chain inet %s mangle_%s '{ type filter hook %s priority %d ; }'" % +@@ -451,9 +498,7 @@ class nftables(object): + IPTABLES_TO_NFT_HOOK["mangle"][chain][1])) + + default_rules.append("add chain inet %s mangle_%s_ZONES" % (TABLE_NAME, chain)) +- default_rules.append("add chain inet %s mangle_%s_ZONES_IFACES" % (TABLE_NAME, chain)) + default_rules.append("add rule inet %s mangle_%s jump mangle_%s_ZONES" % (TABLE_NAME, chain, chain)) +- default_rules.append("add rule inet %s mangle_%s_ZONES goto mangle_%s_ZONES_IFACES" % (TABLE_NAME, chain, chain)) + + for family in ["ip", "ip6"]: + for chain in IPTABLES_TO_NFT_HOOK["nat"].keys(): +@@ -463,9 +508,7 @@ class nftables(object): + IPTABLES_TO_NFT_HOOK["nat"][chain][1])) + + default_rules.append("add chain %s %s nat_%s_ZONES" % (family, TABLE_NAME, chain)) +- default_rules.append("add chain %s %s nat_%s_ZONES_IFACES" % (family, TABLE_NAME, chain)) + default_rules.append("add rule %s %s nat_%s jump nat_%s_ZONES" % (family, TABLE_NAME, chain, chain)) +- default_rules.append("add rule %s %s nat_%s_ZONES goto nat_%s_ZONES_IFACES" % (family, TABLE_NAME, chain, chain)) + + for chain in IPTABLES_TO_NFT_HOOK["filter"].keys(): + default_rules.append("add chain inet %s filter_%s '{ type filter hook %s priority %d ; }'" % +@@ -475,12 +518,10 @@ class nftables(object): + + # filter, INPUT + default_rules.append("add chain inet %s filter_%s_ZONES" % (TABLE_NAME, "INPUT")) +- default_rules.append("add chain inet %s filter_%s_ZONES_IFACES" % (TABLE_NAME, "INPUT")) + default_rules.append("add rule inet %s filter_%s ct state established,related accept" % (TABLE_NAME, "INPUT")) + default_rules.append("add rule inet %s filter_%s ct status dnat accept" % (TABLE_NAME, "INPUT")) + default_rules.append("add rule inet %s filter_%s iifname lo accept" % (TABLE_NAME, "INPUT")) + default_rules.append("add rule inet %s filter_%s jump filter_%s_ZONES" % (TABLE_NAME, "INPUT", "INPUT")) +- default_rules.append("add rule inet %s filter_%s_ZONES goto filter_%s_ZONES_IFACES" % (TABLE_NAME, "INPUT", "INPUT")) + if log_denied != "off": + default_rules.append("add rule inet %s filter_%s ct state invalid %%%%LOGTYPE%%%% log prefix '\"STATE_INVALID_DROP: \"'" % (TABLE_NAME, "INPUT")) + default_rules.append("add rule inet %s filter_%s ct state invalid drop" % (TABLE_NAME, "INPUT")) +@@ -490,16 +531,12 @@ class nftables(object): + + # filter, FORWARD + default_rules.append("add chain inet %s filter_%s_IN_ZONES" % (TABLE_NAME, "FORWARD")) +- default_rules.append("add chain inet %s filter_%s_IN_ZONES_IFACES" % (TABLE_NAME, "FORWARD")) + default_rules.append("add chain inet %s filter_%s_OUT_ZONES" % (TABLE_NAME, "FORWARD")) +- default_rules.append("add chain inet %s filter_%s_OUT_ZONES_IFACES" % (TABLE_NAME, "FORWARD")) + default_rules.append("add rule inet %s filter_%s ct state established,related accept" % (TABLE_NAME, "FORWARD")) + default_rules.append("add rule inet %s filter_%s ct status dnat accept" % (TABLE_NAME, "FORWARD")) + default_rules.append("add rule inet %s filter_%s iifname lo accept" % (TABLE_NAME, "FORWARD")) + default_rules.append("add rule inet %s filter_%s jump filter_%s_IN_ZONES" % (TABLE_NAME, "FORWARD", "FORWARD")) + default_rules.append("add rule inet %s filter_%s jump filter_%s_OUT_ZONES" % (TABLE_NAME, "FORWARD", "FORWARD")) +- default_rules.append("add rule inet %s filter_%s_IN_ZONES goto filter_%s_IN_ZONES_IFACES" % (TABLE_NAME, "FORWARD", "FORWARD")) +- default_rules.append("add rule inet %s filter_%s_OUT_ZONES goto filter_%s_OUT_ZONES_IFACES" % (TABLE_NAME, "FORWARD", "FORWARD")) + if log_denied != "off": + default_rules.append("add rule inet %s filter_%s ct state invalid %%%%LOGTYPE%%%% log prefix '\"STATE_INVALID_DROP: \"'" % (TABLE_NAME, "FORWARD")) + default_rules.append("add rule inet %s filter_%s ct state invalid drop" % (TABLE_NAME, "FORWARD")) +@@ -554,11 +591,14 @@ class nftables(object): + action = "goto" + + if enable and not append: +- rule = ["insert", "rule", family, "%s" % TABLE_NAME, "%s_%s_ZONES_IFACES" % (table, chain)] ++ rule = ["insert", "rule", family, "%s" % TABLE_NAME, "%s_%s_ZONES" % (table, chain), ++ "%%ZONE_INTERFACE%%"] + elif enable: +- rule = ["add", "rule", family, "%s" % TABLE_NAME, "%s_%s_ZONES_IFACES" % (table, chain)] ++ rule = ["add", "rule", family, "%s" % TABLE_NAME, "%s_%s_ZONES" % (table, chain)] + else: +- rule = ["delete", "rule", family, "%s" % TABLE_NAME, "%s_%s_ZONES_IFACES" % (table, chain)] ++ rule = ["delete", "rule", family, "%s" % TABLE_NAME, "%s_%s_ZONES" % (table, chain)] ++ if not append: ++ rule += ["%%ZONE_INTERFACE%%"] + if interface == "*": + rule += [action, "%s_%s" % (table, target)] + else: +@@ -609,6 +649,7 @@ class nftables(object): + + rule = [add_del, "rule", family, "%s" % TABLE_NAME, + "%s_%s_ZONES" % (table, chain), ++ "%%ZONE_SOURCE%%", zone, + rule_family, opt, address, action, "%s_%s" % (table, target)] + return [rule] + +diff --git a/src/tests/firewall-cmd.at b/src/tests/firewall-cmd.at +index 7bb13aee0221..53f2eb2c7c88 100644 +--- a/src/tests/firewall-cmd.at ++++ b/src/tests/firewall-cmd.at +@@ -148,14 +148,14 @@ FWD_START_TEST([zone interfaces]) + FWD_CHECK([--zone=trusted --add-interface=+], 0, ignore) + FWD_CHECK([--add-interface=foobar+++], 0, ignore) + FWD_CHECK([--add-interface=foobar+], 0, ignore) +- NFT_LIST_RULES([inet], [filter_INPUT_ZONES_IFACES], 0, [dnl ++ NFT_LIST_RULES([inet], [filter_INPUT_ZONES], 0, [dnl + table inet firewalld { +- chain filter_INPUT_ZONES_IFACES { +- iifname "foobar*" goto filter_IN_public +- iifname "foobar++*" goto filter_IN_public +- goto filter_IN_trusted +- goto filter_IN_public +- } ++ chain filter_INPUT_ZONES { ++ iifname "foobar*" goto filter_IN_public ++ iifname "foobar++*" goto filter_IN_public ++ goto filter_IN_trusted ++ goto filter_IN_public ++ } + } + ]) + FWD_CHECK([--zone=trusted --remove-interface=+], 0, ignore) +diff --git a/src/tests/regression/gh258.at b/src/tests/regression/gh258.at +index ba76946f0333..1896a9bfc61c 100644 +--- a/src/tests/regression/gh258.at ++++ b/src/tests/regression/gh258.at +@@ -9,7 +9,6 @@ FWD_CHECK([--zone=work --add-interface=dummy0], 0, ignore) + FWD_CHECK([--zone=public --add-interface=dummy1], 0, ignore) + + dnl verify layout of zone dispatch +-m4_if(nftables, FIREWALL_BACKEND, [ + NFT_LIST_RULES([inet], [filter_INPUT], 0, [dnl + table inet firewalld { + chain filter_INPUT { +@@ -27,13 +26,6 @@ NFT_LIST_RULES([inet], [filter_INPUT_ZONES], 0, [dnl + chain filter_INPUT_ZONES { + ip6 saddr dead:beef::/54 goto filter_IN_public + ip saddr 1.2.3.0/24 goto filter_IN_work +- goto filter_INPUT_ZONES_IFACES +- } +- } +-]) +-NFT_LIST_RULES([inet], [filter_INPUT_ZONES_IFACES], 0, [dnl +- table inet firewalld { +- chain filter_INPUT_ZONES_IFACES { + iifname "dummy1" goto filter_IN_public + iifname "dummy0" goto filter_IN_work + goto filter_IN_public +@@ -59,13 +51,6 @@ NFT_LIST_RULES([inet], [filter_FORWARD_IN_ZONES], 0, [dnl + chain filter_FORWARD_IN_ZONES { + ip6 saddr dead:beef::/54 goto filter_FWDI_public + ip saddr 1.2.3.0/24 goto filter_FWDI_work +- goto filter_FORWARD_IN_ZONES_IFACES +- } +- } +-]) +-NFT_LIST_RULES([inet], [filter_FORWARD_IN_ZONES_IFACES], 0, [dnl +- table inet firewalld { +- chain filter_FORWARD_IN_ZONES_IFACES { + iifname "dummy1" goto filter_FWDI_public + iifname "dummy0" goto filter_FWDI_work + goto filter_FWDI_public +@@ -77,13 +62,6 @@ NFT_LIST_RULES([inet], [filter_FORWARD_OUT_ZONES], 0, [dnl + chain filter_FORWARD_OUT_ZONES { + ip6 daddr dead:beef::/54 goto filter_FWDO_public + ip daddr 1.2.3.0/24 goto filter_FWDO_work +- goto filter_FORWARD_OUT_ZONES_IFACES +- } +- } +-]) +-NFT_LIST_RULES([inet], [filter_FORWARD_OUT_ZONES_IFACES], 0, [dnl +- table inet firewalld { +- chain filter_FORWARD_OUT_ZONES_IFACES { + oifname "dummy1" goto filter_FWDO_public + oifname "dummy0" goto filter_FWDO_work + goto filter_FWDO_public +@@ -106,13 +84,6 @@ NFT_LIST_RULES([inet], [raw_PREROUTING_ZONES], 0, [dnl + chain raw_PREROUTING_ZONES { + ip6 saddr dead:beef::/54 goto raw_PRE_public + ip saddr 1.2.3.0/24 goto raw_PRE_work +- goto raw_PREROUTING_ZONES_IFACES +- } +- } +-]) +-NFT_LIST_RULES([inet], [raw_PREROUTING_ZONES_IFACES], 0, [dnl +- table inet firewalld { +- chain raw_PREROUTING_ZONES_IFACES { + iifname "dummy1" goto raw_PRE_public + iifname "dummy0" goto raw_PRE_work + goto raw_PRE_public +@@ -131,13 +102,6 @@ NFT_LIST_RULES([inet], [mangle_PREROUTING_ZONES], 0, [dnl + chain mangle_PREROUTING_ZONES { + ip6 saddr dead:beef::/54 goto mangle_PRE_public + ip saddr 1.2.3.0/24 goto mangle_PRE_work +- goto mangle_PREROUTING_ZONES_IFACES +- } +- } +-]) +-NFT_LIST_RULES([inet], [mangle_PREROUTING_ZONES_IFACES], 0, [dnl +- table inet firewalld { +- chain mangle_PREROUTING_ZONES_IFACES { + iifname "dummy1" goto mangle_PRE_public + iifname "dummy0" goto mangle_PRE_work + goto mangle_PRE_public +@@ -155,13 +119,6 @@ NFT_LIST_RULES([ip], [nat_PREROUTING_ZONES], 0, [dnl + table ip firewalld { + chain nat_PREROUTING_ZONES { + ip saddr 1.2.3.0/24 goto nat_PRE_work +- goto nat_PREROUTING_ZONES_IFACES +- } +- } +-]) +-NFT_LIST_RULES([ip], [nat_PREROUTING_ZONES_IFACES], 0, [dnl +- table ip firewalld { +- chain nat_PREROUTING_ZONES_IFACES { + iifname "dummy1" goto nat_PRE_public + iifname "dummy0" goto nat_PRE_work + goto nat_PRE_public +@@ -179,13 +136,6 @@ NFT_LIST_RULES([ip], [nat_POSTROUTING_ZONES], 0, [dnl + table ip firewalld { + chain nat_POSTROUTING_ZONES { + ip daddr 1.2.3.0/24 goto nat_POST_work +- goto nat_POSTROUTING_ZONES_IFACES +- } +- } +-]) +-NFT_LIST_RULES([ip], [nat_POSTROUTING_ZONES_IFACES], 0, [dnl +- table ip firewalld { +- chain nat_POSTROUTING_ZONES_IFACES { + oifname "dummy1" goto nat_POST_public + oifname "dummy0" goto nat_POST_work + goto nat_POST_public +@@ -203,13 +153,6 @@ NFT_LIST_RULES([ip6], [nat_PREROUTING_ZONES], 0, [dnl + table ip6 firewalld { + chain nat_PREROUTING_ZONES { + ip6 saddr dead:beef::/54 goto nat_PRE_public +- goto nat_PREROUTING_ZONES_IFACES +- } +- } +-]) +-NFT_LIST_RULES([ip6], [nat_PREROUTING_ZONES_IFACES], 0, [dnl +- table ip6 firewalld { +- chain nat_PREROUTING_ZONES_IFACES { + iifname "dummy1" goto nat_PRE_public + iifname "dummy0" goto nat_PRE_work + goto nat_PRE_public +@@ -227,20 +170,12 @@ NFT_LIST_RULES([ip6], [nat_POSTROUTING_ZONES], 0, [dnl + table ip6 firewalld { + chain nat_POSTROUTING_ZONES { + ip6 daddr dead:beef::/54 goto nat_POST_public +- goto nat_POSTROUTING_ZONES_IFACES +- } +- } +-]) +-NFT_LIST_RULES([ip], [nat_POSTROUTING_ZONES_IFACES], 0, [dnl +- table ip firewalld { +- chain nat_POSTROUTING_ZONES_IFACES { + oifname "dummy1" goto nat_POST_public + oifname "dummy0" goto nat_POST_work + goto nat_POST_public + } + } + ]) +-], [ + + IPTABLES_LIST_RULES([filter], [INPUT], 0, [dnl + ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED,DNAT +@@ -250,15 +185,12 @@ IPTABLES_LIST_RULES([filter], [INPUT], 0, [dnl + DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID + REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited + ]) +-IPTABLES_LIST_RULES([filter], [INPUT_ZONES], 0, [dnl +- IN_work all -- 1.2.3.0/24 0.0.0.0/0 @<:@goto@:>@ +- INPUT_ZONES_IFACES all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +-]) +-IPTABLES_LIST_RULES([filter], [INPUT_ZONES_IFACES], 0, [dnl +- IN_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +- IN_work all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +- IN_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +-]) ++IPTABLES_LIST_RULES([filter], [INPUT_ZONES], 0, ++ [[IN_work all -- 1.2.3.0/24 0.0.0.0/0 [goto] ++ IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ IN_work all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++]]) + IPTABLES_LIST_RULES([filter], [FORWARD], 0, [dnl + ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED,DNAT + ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 +@@ -268,77 +200,58 @@ IPTABLES_LIST_RULES([filter], [FORWARD], 0, [dnl + DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID + REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited + ]) +-IPTABLES_LIST_RULES([filter], [FORWARD_IN_ZONES], 0, [dnl +- FWDI_work all -- 1.2.3.0/24 0.0.0.0/0 @<:@goto@:>@ +- FORWARD_IN_ZONES_IFACES all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +-]) +-IPTABLES_LIST_RULES([filter], [FORWARD_IN_ZONES_IFACES], 0, [dnl +- FWDI_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +- FWDI_work all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +- FWDI_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +-]) +-IPTABLES_LIST_RULES([filter], [FORWARD_OUT_ZONES], 0, [dnl +- FWDO_work all -- 0.0.0.0/0 1.2.3.0/24 @<:@goto@:>@ +- FORWARD_OUT_ZONES_IFACES all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +-]) +-IPTABLES_LIST_RULES([filter], [FORWARD_OUT_ZONES_IFACES], 0, [dnl +- FWDO_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +- FWDO_work all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +- FWDO_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +-]) ++IPTABLES_LIST_RULES([filter], [FORWARD_IN_ZONES], 0, ++ [[FWDI_work all -- 1.2.3.0/24 0.0.0.0/0 [goto] ++ FWDI_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ FWDI_work all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ FWDI_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++]]) ++IPTABLES_LIST_RULES([filter], [FORWARD_OUT_ZONES], 0, ++ [[FWDO_work all -- 0.0.0.0/0 1.2.3.0/24 [goto] ++ FWDO_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ FWDO_work all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ FWDO_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++]]) + IPTABLES_LIST_RULES([raw], [PREROUTING], 0, [dnl + PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 + PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 + ]) +-IPTABLES_LIST_RULES([raw], [PREROUTING_ZONES], 0, [dnl +- PRE_work all -- 1.2.3.0/24 0.0.0.0/0 @<:@goto@:>@ +- PREROUTING_ZONES_IFACES all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +-]) +-IPTABLES_LIST_RULES([raw], [PREROUTING_ZONES_IFACES], 0, [dnl +- PRE_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +- PRE_work all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +- PRE_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +-]) ++IPTABLES_LIST_RULES([raw], [PREROUTING_ZONES], 0, ++ [[PRE_work all -- 1.2.3.0/24 0.0.0.0/0 [goto] ++ PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ PRE_work all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++]]) + IPTABLES_LIST_RULES([mangle], [PREROUTING], 0, [dnl + PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 + PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 + ]) +-IPTABLES_LIST_RULES([mangle], [PREROUTING_ZONES], 0, [dnl +- PRE_work all -- 1.2.3.0/24 0.0.0.0/0 @<:@goto@:>@ +- PREROUTING_ZONES_IFACES all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +-]) +-IPTABLES_LIST_RULES([mangle], [PREROUTING_ZONES_IFACES], 0, [dnl +- PRE_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +- PRE_work all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +- PRE_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +-]) ++IPTABLES_LIST_RULES([mangle], [PREROUTING_ZONES], 0, ++ [[PRE_work all -- 1.2.3.0/24 0.0.0.0/0 [goto] ++ PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ PRE_work all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++]]) + IPTABLES_LIST_RULES([nat], [PREROUTING], 0, [dnl + PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 + PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 + ]) +-IPTABLES_LIST_RULES([nat], [PREROUTING_ZONES], 0, [dnl +- PRE_work all -- 1.2.3.0/24 0.0.0.0/0 @<:@goto@:>@ +- PREROUTING_ZONES_IFACES all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +-]) +-IPTABLES_LIST_RULES([nat], [PREROUTING_ZONES_IFACES], 0, [dnl +- PRE_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +- PRE_work all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +- PRE_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +-]) ++IPTABLES_LIST_RULES([nat], [PREROUTING_ZONES], 0, ++ [[PRE_work all -- 1.2.3.0/24 0.0.0.0/0 [goto] ++ PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ PRE_work all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++]]) + IPTABLES_LIST_RULES([nat], [POSTROUTING], 0, [dnl + POSTROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 + POSTROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 + ]) +-IPTABLES_LIST_RULES([nat], [POSTROUTING_ZONES], 0, [dnl +- POST_work all -- 0.0.0.0/0 1.2.3.0/24 @<:@goto@:>@ +- POSTROUTING_ZONES_IFACES all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +-]) +-IPTABLES_LIST_RULES([nat], [POSTROUTING_ZONES_IFACES], 0, [dnl +- POST_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +- POST_work all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +- POST_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +-]) +- ++IPTABLES_LIST_RULES([nat], [POSTROUTING_ZONES], 0, ++ [[POST_work all -- 0.0.0.0/0 1.2.3.0/24 [goto] ++ POST_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ POST_work all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ POST_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++]]) + + IP6TABLES_LIST_RULES([filter], [INPUT], 0, [dnl + ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT +@@ -348,15 +261,12 @@ IP6TABLES_LIST_RULES([filter], [INPUT], 0, [dnl + DROP all ::/0 ::/0 ctstate INVALID + REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited + ]) +-IP6TABLES_LIST_RULES([filter], [INPUT_ZONES], 0, [dnl +- IN_public all dead:beef::/54 ::/0 @<:@goto@:>@ +- INPUT_ZONES_IFACES all ::/0 ::/0 @<:@goto@:>@ +-]) +-IP6TABLES_LIST_RULES([filter], [INPUT_ZONES_IFACES], 0, [dnl +- IN_public all ::/0 ::/0 @<:@goto@:>@ +- IN_work all ::/0 ::/0 @<:@goto@:>@ +- IN_public all ::/0 ::/0 @<:@goto@:>@ +-]) ++IP6TABLES_LIST_RULES([filter], [INPUT_ZONES], 0, ++ [[IN_public all dead:beef::/54 ::/0 [goto] ++ IN_public all ::/0 ::/0 [goto] ++ IN_work all ::/0 ::/0 [goto] ++ IN_public all ::/0 ::/0 [goto] ++]]) + IP6TABLES_LIST_RULES([filter], [FORWARD], 0, [dnl + ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT + ACCEPT all ::/0 ::/0 +@@ -367,24 +277,18 @@ IP6TABLES_LIST_RULES([filter], [FORWARD], 0, [dnl + DROP all ::/0 ::/0 ctstate INVALID + REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited + ]) +-IP6TABLES_LIST_RULES([filter], [FORWARD_IN_ZONES], 0, [dnl +- FWDI_public all dead:beef::/54 ::/0 @<:@goto@:>@ +- FORWARD_IN_ZONES_IFACES all ::/0 ::/0 @<:@goto@:>@ +-]) +-IP6TABLES_LIST_RULES([filter], [FORWARD_IN_ZONES_IFACES], 0, [dnl +- FWDI_public all ::/0 ::/0 @<:@goto@:>@ +- FWDI_work all ::/0 ::/0 @<:@goto@:>@ +- FWDI_public all ::/0 ::/0 @<:@goto@:>@ +-]) +-IP6TABLES_LIST_RULES([filter], [FORWARD_OUT_ZONES], 0, [dnl +- FWDO_public all ::/0 dead:beef::/54 @<:@goto@:>@ +- FORWARD_OUT_ZONES_IFACES all ::/0 ::/0 @<:@goto@:>@ +-]) +-IP6TABLES_LIST_RULES([filter], [FORWARD_OUT_ZONES_IFACES], 0, [dnl +- FWDO_public all ::/0 ::/0 @<:@goto@:>@ +- FWDO_work all ::/0 ::/0 @<:@goto@:>@ +- FWDO_public all ::/0 ::/0 @<:@goto@:>@ +-]) ++IP6TABLES_LIST_RULES([filter], [FORWARD_IN_ZONES], 0, ++ [[FWDI_public all dead:beef::/54 ::/0 [goto] ++ FWDI_public all ::/0 ::/0 [goto] ++ FWDI_work all ::/0 ::/0 [goto] ++ FWDI_public all ::/0 ::/0 [goto] ++]]) ++IP6TABLES_LIST_RULES([filter], [FORWARD_OUT_ZONES], 0, ++ [[FWDO_public all ::/0 dead:beef::/54 [goto] ++ FWDO_public all ::/0 ::/0 [goto] ++ FWDO_work all ::/0 ::/0 [goto] ++ FWDO_public all ::/0 ::/0 [goto] ++]]) + IP6TABLES_LIST_RULES([raw], [PREROUTING], 0, [dnl + ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 134 + ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 135 +@@ -392,54 +296,41 @@ IP6TABLES_LIST_RULES([raw], [PREROUTING], 0, [dnl + PREROUTING_direct all ::/0 ::/0 + PREROUTING_ZONES all ::/0 ::/0 + ]) +-IP6TABLES_LIST_RULES([raw], [PREROUTING_ZONES], 0, [dnl +- PRE_public all dead:beef::/54 ::/0 @<:@goto@:>@ +- PREROUTING_ZONES_IFACES all ::/0 ::/0 @<:@goto@:>@ +-]) +-IP6TABLES_LIST_RULES([raw], [PREROUTING_ZONES_IFACES], 0, [dnl +- PRE_public all ::/0 ::/0 @<:@goto@:>@ +- PRE_work all ::/0 ::/0 @<:@goto@:>@ +- PRE_public all ::/0 ::/0 @<:@goto@:>@ +-]) ++IP6TABLES_LIST_RULES([raw], [PREROUTING_ZONES], 0, ++ [[PRE_public all dead:beef::/54 ::/0 [goto] ++ PRE_public all ::/0 ::/0 [goto] ++ PRE_work all ::/0 ::/0 [goto] ++ PRE_public all ::/0 ::/0 [goto] ++]]) + IP6TABLES_LIST_RULES([mangle], [PREROUTING], 0, [dnl + PREROUTING_direct all ::/0 ::/0 + PREROUTING_ZONES all ::/0 ::/0 + ]) +-IP6TABLES_LIST_RULES([mangle], [PREROUTING_ZONES], 0, [dnl +- PRE_public all dead:beef::/54 ::/0 @<:@goto@:>@ +- PREROUTING_ZONES_IFACES all ::/0 ::/0 @<:@goto@:>@ +-]) +-IP6TABLES_LIST_RULES([mangle], [PREROUTING_ZONES_IFACES], 0, [dnl +- PRE_public all ::/0 ::/0 @<:@goto@:>@ +- PRE_work all ::/0 ::/0 @<:@goto@:>@ +- PRE_public all ::/0 ::/0 @<:@goto@:>@ +-]) ++IP6TABLES_LIST_RULES([mangle], [PREROUTING_ZONES], 0, ++ [[PRE_public all dead:beef::/54 ::/0 [goto] ++ PRE_public all ::/0 ::/0 [goto] ++ PRE_work all ::/0 ::/0 [goto] ++ PRE_public all ::/0 ::/0 [goto] ++]]) + IP6TABLES_LIST_RULES([nat], [PREROUTING], 0, [dnl + PREROUTING_direct all ::/0 ::/0 + PREROUTING_ZONES all ::/0 ::/0 + ]) +-IP6TABLES_LIST_RULES([nat], [PREROUTING_ZONES], 0, [dnl +- PRE_public all dead:beef::/54 ::/0 @<:@goto@:>@ +- PREROUTING_ZONES_IFACES all ::/0 ::/0 @<:@goto@:>@ +-]) +-IP6TABLES_LIST_RULES([nat], [PREROUTING_ZONES_IFACES], 0, [dnl +- PRE_public all ::/0 ::/0 @<:@goto@:>@ +- PRE_work all ::/0 ::/0 @<:@goto@:>@ +- PRE_public all ::/0 ::/0 @<:@goto@:>@ +-]) ++IP6TABLES_LIST_RULES([nat], [PREROUTING_ZONES], 0, ++ [[PRE_public all dead:beef::/54 ::/0 [goto] ++ PRE_public all ::/0 ::/0 [goto] ++ PRE_work all ::/0 ::/0 [goto] ++ PRE_public all ::/0 ::/0 [goto] ++]]) + IP6TABLES_LIST_RULES([nat], [POSTROUTING], 0, [dnl + POSTROUTING_direct all ::/0 ::/0 + POSTROUTING_ZONES all ::/0 ::/0 + ]) +-IP6TABLES_LIST_RULES([nat], [POSTROUTING_ZONES], 0, [dnl +- POST_public all ::/0 dead:beef::/54 @<:@goto@:>@ +- POSTROUTING_ZONES_IFACES all ::/0 ::/0 @<:@goto@:>@ +-]) +-IP6TABLES_LIST_RULES([nat], [POSTROUTING_ZONES_IFACES], 0, [dnl +- POST_public all ::/0 ::/0 @<:@goto@:>@ +- POST_work all ::/0 ::/0 @<:@goto@:>@ +- POST_public all ::/0 ::/0 @<:@goto@:>@ +-]) +-]) ++IP6TABLES_LIST_RULES([nat], [POSTROUTING_ZONES], 0, ++ [[POST_public all ::/0 dead:beef::/54 [goto] ++ POST_public all ::/0 ::/0 [goto] ++ POST_work all ::/0 ::/0 [goto] ++ POST_public all ::/0 ::/0 [goto] ++]]) + + FWD_END_TEST +-- +2.20.1 + diff --git a/SOURCES/0025-test-verify-source-based-zone-dispatch-ordered-by-zo.patch b/SOURCES/0025-test-verify-source-based-zone-dispatch-ordered-by-zo.patch new file mode 100644 index 0000000..62e4168 --- /dev/null +++ b/SOURCES/0025-test-verify-source-based-zone-dispatch-ordered-by-zo.patch @@ -0,0 +1,184 @@ +From 4fc4e688596dc030955fc18f3207b75c8de06452 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Wed, 31 Jul 2019 08:53:51 -0400 +Subject: [PATCH 25/26] test: verify source-based zone dispatch ordered by zone + name + +coverage for rhbz 1734765 + +(cherry picked from commit 25032eb3a60706f22e1b2c0f34d2be8d0b82c89f) +--- + src/tests/regression.at | 1 + + src/tests/regression/rhbz1734765.at | 151 ++++++++++++++++++++++++++++ + 2 files changed, 152 insertions(+) + create mode 100644 src/tests/regression/rhbz1734765.at + +diff --git a/src/tests/regression.at b/src/tests/regression.at +index 919fc32f9bfb..6f57a1122925 100644 +--- a/src/tests/regression.at ++++ b/src/tests/regression.at +@@ -22,3 +22,4 @@ m4_include([regression/gh453.at]) + m4_include([regression/gh258.at]) + m4_include([regression/rhbz1715977.at]) + m4_include([regression/rhbz1723610.at]) ++m4_include([regression/rhbz1734765.at]) +diff --git a/src/tests/regression/rhbz1734765.at b/src/tests/regression/rhbz1734765.at +new file mode 100644 +index 000000000000..3d54ceb6628f +--- /dev/null ++++ b/src/tests/regression/rhbz1734765.at +@@ -0,0 +1,151 @@ ++FWD_START_TEST([zone sources ordered by name]) ++AT_KEYWORDS(zone rhbz1734765 rhbz1421222 gh166) ++dnl ++dnl Users depend on firewalld ordering source-based zone dispatch by zone name. ++dnl ++ ++FWD_CHECK([-q --permanent --new-zone=foobar_00]) ++FWD_CHECK([-q --permanent --new-zone=foobar_05]) ++FWD_CHECK([-q --permanent --new-zone=foobar_02]) ++FWD_CHECK([-q --permanent --new-zone=foobar_03]) ++FWD_CHECK([-q --permanent --new-zone=foobar_01]) ++FWD_CHECK([-q --permanent --new-zone=foobar_04]) ++FWD_CHECK([-q --permanent --new-zone=foobar_010]) ++ ++FWD_CHECK([-q --permanent --zone=foobar_00 --add-source="10.1.1.1" --add-source="1234:5678::1:1:1"]) ++FWD_CHECK([-q --permanent --zone=foobar_01 --add-source="10.1.1.0/24" --add-source="1234:5678::1:1:0/112"]) ++FWD_CHECK([-q --permanent --zone=foobar_02 --add-source="10.1.0.0/16" --add-source="1234:5678::1:0:0/96"]) ++FWD_CHECK([-q --permanent --zone=foobar_03 --add-source="10.2.2.0/24" --add-source="1234:5678::2:2:0/112"]) ++FWD_CHECK([-q --permanent --zone=foobar_04 --add-source="10.2.0.0/16" --add-source="1234:5678::2:0:0/96"]) ++FWD_CHECK([-q --permanent --zone=foobar_05 --add-source="10.0.0.0/8" --add-source="1234:5678::0:0:0/80"]) ++ ++FWD_CHECK([-q --permanent --zone=internal --add-interface=foobar0]) ++FWD_CHECK([-q --permanent --zone=trusted --add-interface=foobar1]) ++ ++FWD_RELOAD ++ ++FWD_CHECK([-q --zone=foobar_010 --add-source="10.10.10.10" --add-source="1234:5678::10:10:10"]) ++FWD_CHECK([-q --zone=public --add-source="20.20.20.20" --add-source="1234:5678::20:20:20"]) ++FWD_CHECK([-q --zone=foobar_010 --add-interface=foobar2]) ++ ++NFT_LIST_RULES([inet], [filter_INPUT_ZONES], 0, [dnl ++ table inet firewalld { ++ chain filter_INPUT_ZONES { ++ ip saddr 10.1.1.1 goto filter_IN_foobar_00 ++ ip6 saddr 1234:5678::1:1:1 goto filter_IN_foobar_00 ++ ip saddr 10.1.1.0/24 goto filter_IN_foobar_01 ++ ip6 saddr 1234:5678::1:1:0/112 goto filter_IN_foobar_01 ++ ip saddr 10.10.10.10 goto filter_IN_foobar_010 ++ ip6 saddr 1234:5678::10:10:10 goto filter_IN_foobar_010 ++ ip saddr 10.1.0.0/16 goto filter_IN_foobar_02 ++ ip6 saddr 1234:5678::1:0:0/96 goto filter_IN_foobar_02 ++ ip saddr 10.2.2.0/24 goto filter_IN_foobar_03 ++ ip6 saddr 1234:5678::2:2:0/112 goto filter_IN_foobar_03 ++ ip saddr 10.2.0.0/16 goto filter_IN_foobar_04 ++ ip6 saddr 1234:5678::2:0:0/96 goto filter_IN_foobar_04 ++ ip saddr 10.0.0.0/8 goto filter_IN_foobar_05 ++ ip6 saddr 1234:5678::/80 goto filter_IN_foobar_05 ++ ip saddr 20.20.20.20 goto filter_IN_public ++ ip6 saddr 1234:5678::20:20:20 goto filter_IN_public ++ iifname "foobar2" goto filter_IN_foobar_010 ++ iifname "foobar1" goto filter_IN_trusted ++ iifname "foobar0" goto filter_IN_internal ++ goto filter_IN_public ++ } ++ } ++]) ++NFT_LIST_RULES([ip], [nat_POSTROUTING_ZONES], 0, [dnl ++ table ip firewalld { ++ chain nat_POSTROUTING_ZONES { ++ ip daddr 10.1.1.1 goto nat_POST_foobar_00 ++ ip daddr 10.1.1.0/24 goto nat_POST_foobar_01 ++ ip daddr 10.10.10.10 goto nat_POST_foobar_010 ++ ip daddr 10.1.0.0/16 goto nat_POST_foobar_02 ++ ip daddr 10.2.2.0/24 goto nat_POST_foobar_03 ++ ip daddr 10.2.0.0/16 goto nat_POST_foobar_04 ++ ip daddr 10.0.0.0/8 goto nat_POST_foobar_05 ++ ip daddr 20.20.20.20 goto nat_POST_public ++ oifname "foobar2" goto nat_POST_foobar_010 ++ oifname "foobar1" goto nat_POST_trusted ++ oifname "foobar0" goto nat_POST_internal ++ goto nat_POST_public ++ } ++ } ++]) ++NFT_LIST_RULES([ip6], [nat_POSTROUTING_ZONES], 0, [dnl ++ table ip6 firewalld { ++ chain nat_POSTROUTING_ZONES { ++ ip6 daddr 1234:5678::1:1:1 goto nat_POST_foobar_00 ++ ip6 daddr 1234:5678::1:1:0/112 goto nat_POST_foobar_01 ++ ip6 daddr 1234:5678::10:10:10 goto nat_POST_foobar_010 ++ ip6 daddr 1234:5678::1:0:0/96 goto nat_POST_foobar_02 ++ ip6 daddr 1234:5678::2:2:0/112 goto nat_POST_foobar_03 ++ ip6 daddr 1234:5678::2:0:0/96 goto nat_POST_foobar_04 ++ ip6 daddr 1234:5678::/80 goto nat_POST_foobar_05 ++ ip6 daddr 1234:5678::20:20:20 goto nat_POST_public ++ oifname "foobar2" goto nat_POST_foobar_010 ++ oifname "foobar1" goto nat_POST_trusted ++ oifname "foobar0" goto nat_POST_internal ++ goto nat_POST_public ++ } ++ } ++]) ++ ++IPTABLES_LIST_RULES([filter], [INPUT_ZONES], 0, ++ [[IN_foobar_00 all -- 10.1.1.1 0.0.0.0/0 [goto] ++ IN_foobar_01 all -- 10.1.1.0/24 0.0.0.0/0 [goto] ++ IN_foobar_010 all -- 10.10.10.10 0.0.0.0/0 [goto] ++ IN_foobar_02 all -- 10.1.0.0/16 0.0.0.0/0 [goto] ++ IN_foobar_03 all -- 10.2.2.0/24 0.0.0.0/0 [goto] ++ IN_foobar_04 all -- 10.2.0.0/16 0.0.0.0/0 [goto] ++ IN_foobar_05 all -- 10.0.0.0/8 0.0.0.0/0 [goto] ++ IN_public all -- 20.20.20.20 0.0.0.0/0 [goto] ++ IN_foobar_010 all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ IN_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ IN_internal all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++]]) ++IP6TABLES_LIST_RULES([filter], [INPUT_ZONES], 0, ++ [[IN_foobar_00 all 1234:5678::1:1:1 ::/0 [goto] ++ IN_foobar_01 all 1234:5678::1:1:0/112 ::/0 [goto] ++ IN_foobar_010 all 1234:5678::10:10:10 ::/0 [goto] ++ IN_foobar_02 all 1234:5678::1:0:0/96 ::/0 [goto] ++ IN_foobar_03 all 1234:5678::2:2:0/112 ::/0 [goto] ++ IN_foobar_04 all 1234:5678::2:0:0/96 ::/0 [goto] ++ IN_foobar_05 all 1234:5678::/80 ::/0 [goto] ++ IN_public all 1234:5678::20:20:20 ::/0 [goto] ++ IN_foobar_010 all ::/0 ::/0 [goto] ++ IN_trusted all ::/0 ::/0 [goto] ++ IN_internal all ::/0 ::/0 [goto] ++ IN_public all ::/0 ::/0 [goto] ++]]) ++IPTABLES_LIST_RULES([nat], [POSTROUTING_ZONES], 0, ++ [[POST_foobar_00 all -- 0.0.0.0/0 10.1.1.1 [goto] ++ POST_foobar_01 all -- 0.0.0.0/0 10.1.1.0/24 [goto] ++ POST_foobar_010 all -- 0.0.0.0/0 10.10.10.10 [goto] ++ POST_foobar_02 all -- 0.0.0.0/0 10.1.0.0/16 [goto] ++ POST_foobar_03 all -- 0.0.0.0/0 10.2.2.0/24 [goto] ++ POST_foobar_04 all -- 0.0.0.0/0 10.2.0.0/16 [goto] ++ POST_foobar_05 all -- 0.0.0.0/0 10.0.0.0/8 [goto] ++ POST_public all -- 0.0.0.0/0 20.20.20.20 [goto] ++ POST_foobar_010 all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ POST_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ POST_internal all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ POST_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++]]) ++IP6TABLES_LIST_RULES([nat], [POSTROUTING_ZONES], 0, ++ [[POST_foobar_00 all ::/0 1234:5678::1:1:1 [goto] ++ POST_foobar_01 all ::/0 1234:5678::1:1:0/112 [goto] ++ POST_foobar_010 all ::/0 1234:5678::10:10:10 [goto] ++ POST_foobar_02 all ::/0 1234:5678::1:0:0/96 [goto] ++ POST_foobar_03 all ::/0 1234:5678::2:2:0/112 [goto] ++ POST_foobar_04 all ::/0 1234:5678::2:0:0/96 [goto] ++ POST_foobar_05 all ::/0 1234:5678::/80 [goto] ++ POST_public all ::/0 1234:5678::20:20:20 [goto] ++ POST_foobar_010 all ::/0 ::/0 [goto] ++ POST_trusted all ::/0 ::/0 [goto] ++ POST_internal all ::/0 ::/0 [goto] ++ POST_public all ::/0 ::/0 [goto] ++]]) ++ ++FWD_END_TEST +-- +2.20.1 + diff --git a/SOURCES/0026-fix-test-regression-rhbz1734765-guard-IPv6-usage.patch b/SOURCES/0026-fix-test-regression-rhbz1734765-guard-IPv6-usage.patch new file mode 100644 index 0000000..5e0c4bd --- /dev/null +++ b/SOURCES/0026-fix-test-regression-rhbz1734765-guard-IPv6-usage.patch @@ -0,0 +1,59 @@ +From c094e3d548374e7b63ce72b2a1deebcde718a567 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Mon, 5 Aug 2019 16:06:07 -0400 +Subject: [PATCH 26/26] fix: test: regression/rhbz1734765: guard IPv6 usage + +Fixes: 25032eb3a607 ("test: verify source-based zone dispatch ordered by zone name") +(cherry picked from commit f4411b95e127fea7a7ed87cd2b01e59c2ce333c5) +--- + src/tests/regression/rhbz1734765.at | 28 ++++++++++++++++++++-------- + 1 file changed, 20 insertions(+), 8 deletions(-) + +diff --git a/src/tests/regression/rhbz1734765.at b/src/tests/regression/rhbz1734765.at +index 3d54ceb6628f..d2158e34b547 100644 +--- a/src/tests/regression/rhbz1734765.at ++++ b/src/tests/regression/rhbz1734765.at +@@ -12,20 +12,32 @@ FWD_CHECK([-q --permanent --new-zone=foobar_01]) + FWD_CHECK([-q --permanent --new-zone=foobar_04]) + FWD_CHECK([-q --permanent --new-zone=foobar_010]) + +-FWD_CHECK([-q --permanent --zone=foobar_00 --add-source="10.1.1.1" --add-source="1234:5678::1:1:1"]) +-FWD_CHECK([-q --permanent --zone=foobar_01 --add-source="10.1.1.0/24" --add-source="1234:5678::1:1:0/112"]) +-FWD_CHECK([-q --permanent --zone=foobar_02 --add-source="10.1.0.0/16" --add-source="1234:5678::1:0:0/96"]) +-FWD_CHECK([-q --permanent --zone=foobar_03 --add-source="10.2.2.0/24" --add-source="1234:5678::2:2:0/112"]) +-FWD_CHECK([-q --permanent --zone=foobar_04 --add-source="10.2.0.0/16" --add-source="1234:5678::2:0:0/96"]) +-FWD_CHECK([-q --permanent --zone=foobar_05 --add-source="10.0.0.0/8" --add-source="1234:5678::0:0:0/80"]) ++FWD_CHECK([-q --permanent --zone=foobar_00 --add-source="10.1.1.1"]) ++FWD_CHECK([-q --permanent --zone=foobar_01 --add-source="10.1.1.0/24"]) ++FWD_CHECK([-q --permanent --zone=foobar_02 --add-source="10.1.0.0/16"]) ++FWD_CHECK([-q --permanent --zone=foobar_03 --add-source="10.2.2.0/24"]) ++FWD_CHECK([-q --permanent --zone=foobar_04 --add-source="10.2.0.0/16"]) ++FWD_CHECK([-q --permanent --zone=foobar_05 --add-source="10.0.0.0/8"]) ++IF_IPV6_SUPPORTED([ ++FWD_CHECK([-q --permanent --zone=foobar_00 --add-source="1234:5678::1:1:1"]) ++FWD_CHECK([-q --permanent --zone=foobar_01 --add-source="1234:5678::1:1:0/112"]) ++FWD_CHECK([-q --permanent --zone=foobar_02 --add-source="1234:5678::1:0:0/96"]) ++FWD_CHECK([-q --permanent --zone=foobar_03 --add-source="1234:5678::2:2:0/112"]) ++FWD_CHECK([-q --permanent --zone=foobar_04 --add-source="1234:5678::2:0:0/96"]) ++FWD_CHECK([-q --permanent --zone=foobar_05 --add-source="1234:5678::0:0:0/80"]) ++]) + + FWD_CHECK([-q --permanent --zone=internal --add-interface=foobar0]) + FWD_CHECK([-q --permanent --zone=trusted --add-interface=foobar1]) + + FWD_RELOAD + +-FWD_CHECK([-q --zone=foobar_010 --add-source="10.10.10.10" --add-source="1234:5678::10:10:10"]) +-FWD_CHECK([-q --zone=public --add-source="20.20.20.20" --add-source="1234:5678::20:20:20"]) ++FWD_CHECK([-q --zone=foobar_010 --add-source="10.10.10.10"]) ++FWD_CHECK([-q --zone=public --add-source="20.20.20.20"]) ++IF_IPV6_SUPPORTED([ ++FWD_CHECK([-q --zone=foobar_010 --add-source="1234:5678::10:10:10"]) ++FWD_CHECK([-q --zone=public --add-source="1234:5678::20:20:20"]) ++]) + FWD_CHECK([-q --zone=foobar_010 --add-interface=foobar2]) + + NFT_LIST_RULES([inet], [filter_INPUT_ZONES], 0, [dnl +-- +2.20.1 + diff --git a/SOURCES/0027-fix-nftables-fix-zone-dispatch-using-ipset-sources-i.patch b/SOURCES/0027-fix-nftables-fix-zone-dispatch-using-ipset-sources-i.patch new file mode 100644 index 0000000..9ed9aa5 --- /dev/null +++ b/SOURCES/0027-fix-nftables-fix-zone-dispatch-using-ipset-sources-i.patch @@ -0,0 +1,41 @@ +From ec38f84551e7488ca42ce06d028138d40539e47c Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Thu, 8 Aug 2019 13:40:01 -0400 +Subject: [PATCH 27/28] fix: nftables: fix zone dispatch using ipset sources in + nat chains + +If using an ipset as a zone source the rules for doing a goto to the +zone's rules were omitted. This means the zone's rules for nat +postrouting/prerouting were not having any effect. Affected features; +masquerade, forward-ports + +(cherry picked from commit b363548f2ab0983d7b88dd82620c0c545e2cef39) +--- + src/firewall/core/nftables.py | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py +index c0b48f1501fd..33a170a76a98 100644 +--- a/src/firewall/core/nftables.py ++++ b/src/firewall/core/nftables.py +@@ -610,10 +610,15 @@ class nftables(object): + # nat tables needs to use ip/ip6 family + if table == "nat" and family == "inet": + rules = [] +- if check_address("ipv4", address) or check_mac(address): ++ if address.startswith("ipset:"): ++ ipset_family = self._set_get_family(address[len("ipset:"):]) ++ else: ++ ipset_family = None ++ ++ if check_address("ipv4", address) or check_mac(address) or ipset_family == "ip": + rules.extend(self.build_zone_source_address_rules(enable, zone, + address, table, chain, "ip")) +- if check_address("ipv6", address) or check_mac(address): ++ if check_address("ipv6", address) or check_mac(address) or ipset_family == "ip6": + rules.extend(self.build_zone_source_address_rules(enable, zone, + address, table, chain, "ip6")) + return rules +-- +2.20.1 + diff --git a/SOURCES/0028-test-regression-rhbz1734765-add-coverage-for-rhbz-17.patch b/SOURCES/0028-test-regression-rhbz1734765-add-coverage-for-rhbz-17.patch new file mode 100644 index 0000000..b24e586 --- /dev/null +++ b/SOURCES/0028-test-regression-rhbz1734765-add-coverage-for-rhbz-17.patch @@ -0,0 +1,147 @@ +From 197b393ddab8d144d869a8a4f024e6ba1e92d941 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Wed, 7 Aug 2019 08:41:11 -0400 +Subject: [PATCH 28/28] test: regression/rhbz1734765: add coverage for rhbz + 1738545 + +(cherry picked from commit 20cd5c7d29c586fa55e76d6f21adfee6a7ca34bb) +--- + src/tests/regression/rhbz1734765.at | 46 +++++++++++++++++++++++++---- + 1 file changed, 41 insertions(+), 5 deletions(-) + +diff --git a/src/tests/regression/rhbz1734765.at b/src/tests/regression/rhbz1734765.at +index d2158e34b547..168be70a2900 100644 +--- a/src/tests/regression/rhbz1734765.at ++++ b/src/tests/regression/rhbz1734765.at +@@ -1,5 +1,5 @@ + FWD_START_TEST([zone sources ordered by name]) +-AT_KEYWORDS(zone rhbz1734765 rhbz1421222 gh166) ++AT_KEYWORDS(zone rhbz1734765 rhbz1421222 gh166 rhbz1738545) + dnl + dnl Users depend on firewalld ordering source-based zone dispatch by zone name. + dnl +@@ -11,20 +11,28 @@ FWD_CHECK([-q --permanent --new-zone=foobar_03]) + FWD_CHECK([-q --permanent --new-zone=foobar_01]) + FWD_CHECK([-q --permanent --new-zone=foobar_04]) + FWD_CHECK([-q --permanent --new-zone=foobar_010]) ++FWD_CHECK([-q --permanent --new-zone=foobar_011]) ++FWD_CHECK([-q --permanent --new-zone=foobar_012]) + +-FWD_CHECK([-q --permanent --zone=foobar_00 --add-source="10.1.1.1"]) ++FWD_CHECK([-q --permanent --new-ipset 'ipsetv4' --type hash:ip]) ++FWD_CHECK([-q --permanent --new-ipset 'ipsetv6' --type hash:ip --family=inet6]) ++FWD_CHECK([-q --permanent --ipset ipsetv4 --add-entry '192.0.2.12']) ++FWD_CHECK([-q --permanent --ipset ipsetv6 --add-entry '::2']) ++ ++FWD_CHECK([-q --permanent --zone=foobar_011 --add-source ipset:ipsetv4]) + FWD_CHECK([-q --permanent --zone=foobar_01 --add-source="10.1.1.0/24"]) + FWD_CHECK([-q --permanent --zone=foobar_02 --add-source="10.1.0.0/16"]) +-FWD_CHECK([-q --permanent --zone=foobar_03 --add-source="10.2.2.0/24"]) + FWD_CHECK([-q --permanent --zone=foobar_04 --add-source="10.2.0.0/16"]) ++FWD_CHECK([-q --permanent --zone=foobar_00 --add-source="10.1.1.1"]) ++FWD_CHECK([-q --permanent --zone=foobar_03 --add-source="10.2.2.0/24"]) + FWD_CHECK([-q --permanent --zone=foobar_05 --add-source="10.0.0.0/8"]) + IF_IPV6_SUPPORTED([ +-FWD_CHECK([-q --permanent --zone=foobar_00 --add-source="1234:5678::1:1:1"]) + FWD_CHECK([-q --permanent --zone=foobar_01 --add-source="1234:5678::1:1:0/112"]) + FWD_CHECK([-q --permanent --zone=foobar_02 --add-source="1234:5678::1:0:0/96"]) +-FWD_CHECK([-q --permanent --zone=foobar_03 --add-source="1234:5678::2:2:0/112"]) + FWD_CHECK([-q --permanent --zone=foobar_04 --add-source="1234:5678::2:0:0/96"]) ++FWD_CHECK([-q --permanent --zone=foobar_03 --add-source="1234:5678::2:2:0/112"]) + FWD_CHECK([-q --permanent --zone=foobar_05 --add-source="1234:5678::0:0:0/80"]) ++FWD_CHECK([-q --permanent --zone=foobar_00 --add-source="1234:5678::1:1:1"]) + ]) + + FWD_CHECK([-q --permanent --zone=internal --add-interface=foobar0]) +@@ -32,11 +40,31 @@ FWD_CHECK([-q --permanent --zone=trusted --add-interface=foobar1]) + + FWD_RELOAD + ++NFT_LIST_SET([ipsetv4], 0, [dnl ++ table inet firewalld { ++ set ipsetv4 { ++ type ipv4_addr ++ flags interval ++ elements = { 192.0.2.12 } ++ } ++ } ++]) ++NFT_LIST_SET([ipsetv6], 0, [dnl ++ table inet firewalld { ++ set ipsetv6 { ++ type ipv6_addr ++ flags interval ++ elements = { ::2 } ++ } ++ } ++]) ++ + FWD_CHECK([-q --zone=foobar_010 --add-source="10.10.10.10"]) + FWD_CHECK([-q --zone=public --add-source="20.20.20.20"]) + IF_IPV6_SUPPORTED([ + FWD_CHECK([-q --zone=foobar_010 --add-source="1234:5678::10:10:10"]) + FWD_CHECK([-q --zone=public --add-source="1234:5678::20:20:20"]) ++FWD_CHECK([-q --zone=foobar_012 --add-source ipset:ipsetv6]) + ]) + FWD_CHECK([-q --zone=foobar_010 --add-interface=foobar2]) + +@@ -49,6 +77,8 @@ NFT_LIST_RULES([inet], [filter_INPUT_ZONES], 0, [dnl + ip6 saddr 1234:5678::1:1:0/112 goto filter_IN_foobar_01 + ip saddr 10.10.10.10 goto filter_IN_foobar_010 + ip6 saddr 1234:5678::10:10:10 goto filter_IN_foobar_010 ++ ip saddr @ipsetv4 goto filter_IN_foobar_011 ++ ip6 saddr @ipsetv6 goto filter_IN_foobar_012 + ip saddr 10.1.0.0/16 goto filter_IN_foobar_02 + ip6 saddr 1234:5678::1:0:0/96 goto filter_IN_foobar_02 + ip saddr 10.2.2.0/24 goto filter_IN_foobar_03 +@@ -72,6 +102,7 @@ NFT_LIST_RULES([ip], [nat_POSTROUTING_ZONES], 0, [dnl + ip daddr 10.1.1.1 goto nat_POST_foobar_00 + ip daddr 10.1.1.0/24 goto nat_POST_foobar_01 + ip daddr 10.10.10.10 goto nat_POST_foobar_010 ++ ip daddr @ipsetv4 goto nat_POST_foobar_011 + ip daddr 10.1.0.0/16 goto nat_POST_foobar_02 + ip daddr 10.2.2.0/24 goto nat_POST_foobar_03 + ip daddr 10.2.0.0/16 goto nat_POST_foobar_04 +@@ -90,6 +121,7 @@ NFT_LIST_RULES([ip6], [nat_POSTROUTING_ZONES], 0, [dnl + ip6 daddr 1234:5678::1:1:1 goto nat_POST_foobar_00 + ip6 daddr 1234:5678::1:1:0/112 goto nat_POST_foobar_01 + ip6 daddr 1234:5678::10:10:10 goto nat_POST_foobar_010 ++ ip6 daddr @ipsetv6 goto nat_POST_foobar_012 + ip6 daddr 1234:5678::1:0:0/96 goto nat_POST_foobar_02 + ip6 daddr 1234:5678::2:2:0/112 goto nat_POST_foobar_03 + ip6 daddr 1234:5678::2:0:0/96 goto nat_POST_foobar_04 +@@ -107,6 +139,7 @@ IPTABLES_LIST_RULES([filter], [INPUT_ZONES], 0, + [[IN_foobar_00 all -- 10.1.1.1 0.0.0.0/0 [goto] + IN_foobar_01 all -- 10.1.1.0/24 0.0.0.0/0 [goto] + IN_foobar_010 all -- 10.10.10.10 0.0.0.0/0 [goto] ++ IN_foobar_011 all -- 0.0.0.0/0 0.0.0.0/0 [goto] match-set ipsetv4 src + IN_foobar_02 all -- 10.1.0.0/16 0.0.0.0/0 [goto] + IN_foobar_03 all -- 10.2.2.0/24 0.0.0.0/0 [goto] + IN_foobar_04 all -- 10.2.0.0/16 0.0.0.0/0 [goto] +@@ -121,6 +154,7 @@ IP6TABLES_LIST_RULES([filter], [INPUT_ZONES], 0, + [[IN_foobar_00 all 1234:5678::1:1:1 ::/0 [goto] + IN_foobar_01 all 1234:5678::1:1:0/112 ::/0 [goto] + IN_foobar_010 all 1234:5678::10:10:10 ::/0 [goto] ++ IN_foobar_012 all ::/0 ::/0 [goto] match-set ipsetv6 src + IN_foobar_02 all 1234:5678::1:0:0/96 ::/0 [goto] + IN_foobar_03 all 1234:5678::2:2:0/112 ::/0 [goto] + IN_foobar_04 all 1234:5678::2:0:0/96 ::/0 [goto] +@@ -135,6 +169,7 @@ IPTABLES_LIST_RULES([nat], [POSTROUTING_ZONES], 0, + [[POST_foobar_00 all -- 0.0.0.0/0 10.1.1.1 [goto] + POST_foobar_01 all -- 0.0.0.0/0 10.1.1.0/24 [goto] + POST_foobar_010 all -- 0.0.0.0/0 10.10.10.10 [goto] ++ POST_foobar_011 all -- 0.0.0.0/0 0.0.0.0/0 [goto] match-set ipsetv4 dst + POST_foobar_02 all -- 0.0.0.0/0 10.1.0.0/16 [goto] + POST_foobar_03 all -- 0.0.0.0/0 10.2.2.0/24 [goto] + POST_foobar_04 all -- 0.0.0.0/0 10.2.0.0/16 [goto] +@@ -149,6 +184,7 @@ IP6TABLES_LIST_RULES([nat], [POSTROUTING_ZONES], 0, + [[POST_foobar_00 all ::/0 1234:5678::1:1:1 [goto] + POST_foobar_01 all ::/0 1234:5678::1:1:0/112 [goto] + POST_foobar_010 all ::/0 1234:5678::10:10:10 [goto] ++ POST_foobar_012 all ::/0 ::/0 [goto] match-set ipsetv6 dst + POST_foobar_02 all ::/0 1234:5678::1:0:0/96 [goto] + POST_foobar_03 all ::/0 1234:5678::2:2:0/112 [goto] + POST_foobar_04 all ::/0 1234:5678::2:0:0/96 [goto] +-- +2.20.1 + diff --git a/SOURCES/RHEL-only-0001-Add-cockpit-by-default-to-some-zones.patch b/SOURCES/RHEL-only-0001-Add-cockpit-by-default-to-some-zones.patch index 9d2b8be..9995b07 100644 --- a/SOURCES/RHEL-only-0001-Add-cockpit-by-default-to-some-zones.patch +++ b/SOURCES/RHEL-only-0001-Add-cockpit-by-default-to-some-zones.patch @@ -1,17 +1,20 @@ -From 742ed8613bff7f6ecb78a58ceca02c308af6786e Mon Sep 17 00:00:00 2001 +From 0f28f2b7b8072bdc2e483d035230ddcb8b00a919 Mon Sep 17 00:00:00 2001 From: Eric Garver Date: Mon, 9 Jul 2018 11:29:33 -0400 Subject: [PATCH] Add cockpit by default to some zones Fixes: #1581578 --- - config/zones/home.xml | 1 + - config/zones/internal.xml | 1 + - config/zones/public.xml | 1 + - config/zones/work.xml | 1 + - src/tests/regression/gh366.at | 3 +++ - src/tests/regression/rhbz1514043.at | 2 +- - 6 files changed, 8 insertions(+), 1 deletion(-) + config/zones/home.xml | 1 + + config/zones/internal.xml | 1 + + config/zones/public.xml | 1 + + config/zones/work.xml | 1 + + src/tests/features/service_include.at | 2 +- + src/tests/firewall-cmd.at | 14 +++++++++++++- + src/tests/regression/gh366.at | 3 +++ + src/tests/regression/gh453.at | 2 ++ + src/tests/regression/rhbz1514043.at | 2 +- + 9 files changed, 24 insertions(+), 3 deletions(-) diff --git a/config/zones/home.xml b/config/zones/home.xml index 42b29b2f2d50..8aa8afa0e8aa 100644 @@ -53,8 +56,130 @@ index 6ea5550a40bd..9609ee6f65c2 100644 + +diff --git a/src/tests/features/service_include.at b/src/tests/features/service_include.at +index b3a50a84bd88..992c5ef0ba92 100644 +--- a/src/tests/features/service_include.at ++++ b/src/tests/features/service_include.at +@@ -90,7 +90,7 @@ FWD_CHECK([--zone=drop --list-services], 0, [dnl + + ]) + FWD_CHECK([--zone=public --list-services], 0, [dnl +-dhcpv6-client ssh ++cockpit dhcpv6-client ssh + ]) + FWD_CHECK([-q --permanent --service=my-service-with-include --remove-include=does-not-exist]) + FWD_RELOAD +diff --git a/src/tests/firewall-cmd.at b/src/tests/firewall-cmd.at +index efc8f9c50757..6444b4566af5 100644 +--- a/src/tests/firewall-cmd.at ++++ b/src/tests/firewall-cmd.at +@@ -1046,6 +1046,7 @@ FWD_START_TEST([rich rules priority]) + chain filter_IN_public_allow { + tcp dport 22 ct state new,untracked accept + ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept ++ tcp dport 9090 ct state new,untracked accept + tcp dport 1122 ct state new,untracked accept + tcp dport 3333 ct state new,untracked accept + tcp dport 4444 ct state new,untracked accept +@@ -1061,6 +1062,7 @@ FWD_START_TEST([rich rules priority]) + ]) + IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl + ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ++ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED + ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1122 ctstate NEW,UNTRACKED + ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3333 ctstate NEW,UNTRACKED + ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4444 ctstate NEW,UNTRACKED +@@ -1075,6 +1077,7 @@ FWD_START_TEST([rich rules priority]) + IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl + ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED + ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ++ ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED + ACCEPT tcp ::/0 ::/0 tcp dpt:1122 ctstate NEW,UNTRACKED + ACCEPT tcp ::/0 ::/0 tcp dpt:3333 ctstate NEW,UNTRACKED + ACCEPT tcp ::/0 ::/0 tcp dpt:4444 ctstate NEW,UNTRACKED +@@ -1156,6 +1159,7 @@ FWD_START_TEST([rich rules priority]) + chain filter_IN_public_allow { + tcp dport 22 ct state new,untracked accept + ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept ++ tcp dport 9090 ct state new,untracked accept + } + } + ]) +@@ -1259,6 +1263,7 @@ FWD_START_TEST([rich rules priority]) + ]) + IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl + ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ++ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED + ]) + IPTABLES_LIST_RULES([filter], [FWDI_public_pre], 0, [dnl + ]) +@@ -1293,6 +1298,7 @@ FWD_START_TEST([rich rules priority]) + IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl + ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED + ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ++ ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED + ]) + IP6TABLES_LIST_RULES([filter], [FWDI_public_pre], 0, [dnl + ]) +@@ -1340,6 +1346,7 @@ FWD_START_TEST([rich rules priority]) + chain filter_IN_public_allow { + tcp dport 22 ct state new,untracked accept + ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept ++ tcp dport 9090 ct state new,untracked accept + icmp type echo-request accept + icmpv6 type echo-request accept + } +@@ -1380,6 +1387,7 @@ FWD_START_TEST([rich rules priority]) + ]) + IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl + ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ++ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED + ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 + ]) + IPTABLES_LIST_RULES([filter], [FWDI_public_pre], 0, [dnl +@@ -1402,6 +1410,7 @@ FWD_START_TEST([rich rules priority]) + IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl + ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED + ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ++ ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED + ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128 + ]) + IP6TABLES_LIST_RULES([filter], [FWDI_public_pre], 0, [dnl +@@ -1458,6 +1467,7 @@ FWD_START_TEST([rich rules priority]) + chain filter_IN_public_allow { + tcp dport 22 ct state new,untracked accept + ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept ++ tcp dport 9090 ct state new,untracked accept + } + } + ]) +@@ -1495,6 +1505,7 @@ FWD_START_TEST([rich rules priority]) + ]) + IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl + ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ++ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED + ]) + IPTABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl + ]) +@@ -1515,6 +1526,7 @@ FWD_START_TEST([rich rules priority]) + IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl + ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED + ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ++ ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED + ]) + IP6TABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl + ]) +@@ -1540,7 +1552,7 @@ FWD_START_TEST([rich rules priority]) + icmp-block-inversion: no + interfaces: + sources: +- services: dhcpv6-client ssh ++ services: cockpit dhcpv6-client ssh + ports: + protocols: + masquerade: no diff --git a/src/tests/regression/gh366.at b/src/tests/regression/gh366.at -index dd6963f9ac3a..6347f6650525 100644 +index 1441a6be53bf..51ff504e6a9d 100644 --- a/src/tests/regression/gh366.at +++ b/src/tests/regression/gh366.at @@ -7,6 +7,7 @@ table inet firewalld { @@ -66,7 +191,7 @@ index dd6963f9ac3a..6347f6650525 100644 ip6 daddr ff02::fb udp dport 5353 ct state new,untracked accept } @@ -14,11 +15,13 @@ ip6 daddr ff02::fb udp dport 5353 ct state new,untracked accept - ])], [ + ]) IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED +ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED @@ -77,13 +202,33 @@ index dd6963f9ac3a..6347f6650525 100644 ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED +ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ff02::fb udp dpt:5353 ctstate NEW,UNTRACKED - ])])]) + ])]) +diff --git a/src/tests/regression/gh453.at b/src/tests/regression/gh453.at +index f57a79dcf9a2..6d820fce840a 100644 +--- a/src/tests/regression/gh453.at ++++ b/src/tests/regression/gh453.at +@@ -18,6 +18,7 @@ NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl + chain filter_IN_public_allow { + tcp dport 22 ct state new,untracked accept + ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept ++ tcp dport 9090 ct state new,untracked accept + tcp dport 21 ct helper set "helper-ftp-tcp" + tcp dport 21 ct state new,untracked accept + } +@@ -42,6 +43,7 @@ NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl + chain filter_IN_public_allow { + tcp dport 22 ct state new,untracked accept + ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept ++ tcp dport 9090 ct state new,untracked accept + tcp dport 21 ct helper set "helper-ftp-tcp" + tcp dport 21 ct state new,untracked accept + tcp dport 5060 ct helper set "helper-sip-tcp" diff --git a/src/tests/regression/rhbz1514043.at b/src/tests/regression/rhbz1514043.at -index a7368dbd9eeb..36ee0050141d 100644 +index deb93a5fac94..88ce4934e5ea 100644 --- a/src/tests/regression/rhbz1514043.at +++ b/src/tests/regression/rhbz1514043.at -@@ -3,7 +3,7 @@ FWD_CHECK([-q --set-log-denied=all]) +@@ -5,7 +5,7 @@ FWD_CHECK([-q --set-log-denied=all]) FWD_CHECK([-q --permanent --zone=public --add-service=samba]) FWD_RELOAD FWD_CHECK([--zone=public --list-all | TRIM | grep ^services], 0, [dnl @@ -93,5 +238,5 @@ index a7368dbd9eeb..36ee0050141d 100644 dnl check that log denied actually took effect m4_if(iptables, FIREWALL_BACKEND, [ -- -2.18.0 +2.20.1 diff --git a/SOURCES/RHEL-only-0001-tests-firewall-cmd-fix-rich-rule-priority-test.patch b/SOURCES/RHEL-only-0001-tests-firewall-cmd-fix-rich-rule-priority-test.patch deleted file mode 100644 index 532e976..0000000 --- a/SOURCES/RHEL-only-0001-tests-firewall-cmd-fix-rich-rule-priority-test.patch +++ /dev/null @@ -1,122 +0,0 @@ -From 7321922c6682eba8d54dfcb2f41be52b36527608 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Thu, 13 Dec 2018 15:03:37 -0500 -Subject: [PATCH] tests/firewall-cmd: fix rich rule priority test - -Since we enabled cockpit by default, we need to adjusts these tests. ---- - src/tests/firewall-cmd.at | 14 +++++++++++++- - 1 file changed, 13 insertions(+), 1 deletion(-) - -diff --git a/src/tests/firewall-cmd.at b/src/tests/firewall-cmd.at -index baef4d6dc7ef..87e0eea4150e 100644 ---- a/src/tests/firewall-cmd.at -+++ b/src/tests/firewall-cmd.at -@@ -956,6 +956,7 @@ FWD_START_TEST([rich rules priority]) - chain filter_IN_public_allow { - tcp dport 22 ct state new,untracked accept - ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept -+ tcp dport 9090 ct state new,untracked accept - tcp dport 1122 ct state new,untracked accept - tcp dport 3333 ct state new,untracked accept - tcp dport 4444 ct state new,untracked accept -@@ -971,6 +972,7 @@ FWD_START_TEST([rich rules priority]) - ]) - IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl - ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED -+ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED - ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1122 ctstate NEW,UNTRACKED - ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3333 ctstate NEW,UNTRACKED - ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4444 ctstate NEW,UNTRACKED -@@ -985,6 +987,7 @@ FWD_START_TEST([rich rules priority]) - IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl - ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED - ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED -+ ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED - ACCEPT tcp ::/0 ::/0 tcp dpt:1122 ctstate NEW,UNTRACKED - ACCEPT tcp ::/0 ::/0 tcp dpt:3333 ctstate NEW,UNTRACKED - ACCEPT tcp ::/0 ::/0 tcp dpt:4444 ctstate NEW,UNTRACKED -@@ -1057,6 +1060,7 @@ FWD_START_TEST([rich rules priority]) - chain filter_IN_public_allow { - tcp dport 22 ct state new,untracked accept - ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept -+ tcp dport 9090 ct state new,untracked accept - ct state new,untracked mark 0x00000064 accept - ct state new,untracked mark 0x00000068 accept - } -@@ -1173,6 +1177,7 @@ FWD_START_TEST([rich rules priority]) - ]) - IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl - ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED -+ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED - ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW,UNTRACKED mark match 0x64 - ]) - IPTABLES_LIST_RULES([filter], [FWDI_public_pre], 0, [dnl -@@ -1215,6 +1220,7 @@ FWD_START_TEST([rich rules priority]) - IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl - ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED - ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED -+ ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED - ACCEPT all ::/0 ::/0 ctstate NEW,UNTRACKED mark match 0x68 - ]) - IP6TABLES_LIST_RULES([filter], [FWDI_public_pre], 0, [dnl -@@ -1268,6 +1274,7 @@ FWD_START_TEST([rich rules priority]) - chain filter_IN_public_allow { - tcp dport 22 ct state new,untracked accept - ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept -+ tcp dport 9090 ct state new,untracked accept - icmp type echo-request accept - icmpv6 type echo-request accept - } -@@ -1308,6 +1315,7 @@ FWD_START_TEST([rich rules priority]) - ]) - IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl - ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED -+ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED - ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 - ]) - IPTABLES_LIST_RULES([filter], [FWDI_public_pre], 0, [dnl -@@ -1330,6 +1338,7 @@ FWD_START_TEST([rich rules priority]) - IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl - ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED - ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED -+ ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED - ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128 - ]) - IP6TABLES_LIST_RULES([filter], [FWDI_public_pre], 0, [dnl -@@ -1387,6 +1396,7 @@ FWD_START_TEST([rich rules priority]) - chain filter_IN_public_allow { - tcp dport 22 ct state new,untracked accept - ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept -+ tcp dport 9090 ct state new,untracked accept - } - } - ]) -@@ -1424,6 +1434,7 @@ FWD_START_TEST([rich rules priority]) - ]) - IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl - ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED -+ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED - ]) - IPTABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl - ]) -@@ -1444,6 +1455,7 @@ FWD_START_TEST([rich rules priority]) - IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl - ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED - ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED -+ ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED - ]) - IP6TABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl - ]) -@@ -1469,7 +1481,7 @@ FWD_START_TEST([rich rules priority]) - icmp-block-inversion: no - interfaces: - sources: -- services: dhcpv6-client ssh -+ services: cockpit dhcpv6-client ssh - ports: - protocols: - masquerade: no --- -2.18.0 - diff --git a/SOURCES/firewalld-0.7-0001-Add-FlushAllOnReload-config-option.patch b/SOURCES/firewalld-0.7-0001-Add-FlushAllOnReload-config-option.patch deleted file mode 100644 index ade754a..0000000 --- a/SOURCES/firewalld-0.7-0001-Add-FlushAllOnReload-config-option.patch +++ /dev/null @@ -1,427 +0,0 @@ -From 242bc4e2e20c6944164fe2495598982b1cfcc4fe Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Tue, 16 Oct 2018 10:02:38 -0400 -Subject: [PATCH] Add "FlushAllOnReload" config option - -Default value is "yes". - -Even on --reload some runtime configuration was being retained. This was -a surprise to many users. Lets default to flushing all the runtime -configuration and also introduce a config option to go back the old -behavior of retaining; interface to zone assignments, and direct rules. - -This also adjusts a few test cases that depend on the old -FlushAllOnReload=no behavior. - -Fixes: suze bz #1109153 -Fixes: #409 -Closes: #408 ---- - config/firewalld.conf | 8 +++ - doc/xml/firewalld.conf.xml | 13 ++++ - doc/xml/firewalld.dbus.xml | 8 +++ - src/firewall/config/__init__.py.in | 1 + - src/firewall/core/fw.py | 99 +++++++++++++++----------- - src/firewall/core/io/firewalld_conf.py | 11 ++- - src/firewall/server/config.py | 20 +++++- - src/tests/dbus/firewalld.conf.at | 2 + - src/tests/python/firewalld_direct.py | 6 ++ - src/tests/python/firewalld_test.py | 9 ++- - src/tests/regression/rhbz1498923.at | 4 ++ - 11 files changed, 133 insertions(+), 48 deletions(-) - -diff --git a/config/firewalld.conf b/config/firewalld.conf -index b53c0aa50c53..7cb02561fd4d 100644 ---- a/config/firewalld.conf -+++ b/config/firewalld.conf -@@ -62,3 +62,11 @@ AutomaticHelpers=system - # - nftables (default) - # - iptables (iptables, ip6tables, ebtables and ipset) - FirewallBackend=nftables -+ -+# FlushAllOnReload -+# Flush all runtime rules on a reload. In previous releases some runtime -+# configuration was retained during a reload, namely; interface to zone -+# assignment, and direct rules. This was confusing to users. To get the old -+# behavior set this to "no". -+# Default: yes -+FlushAllOnReload=yes -diff --git a/doc/xml/firewalld.conf.xml b/doc/xml/firewalld.conf.xml -index df4b9521fd71..600919ae822d 100644 ---- a/doc/xml/firewalld.conf.xml -+++ b/doc/xml/firewalld.conf.xml -@@ -158,6 +158,19 @@ - - - -+ -+ -+ -+ -+ Flush all runtime rules on a reload. In previous releases some -+ runtime configuration was retained during a reload, namely; -+ interface to zone assignment, and direct rules. This was -+ confusing to users. To get the old behavior set this to "no". -+ Defaults to "yes". -+ -+ -+ -+ - - - -diff --git a/doc/xml/firewalld.dbus.xml b/doc/xml/firewalld.dbus.xml -index 8352f96cc057..132200f3cb42 100644 ---- a/doc/xml/firewalld.dbus.xml -+++ b/doc/xml/firewalld.dbus.xml -@@ -2592,6 +2592,14 @@ - - - -+ -+ FirewallBackend - s - (rw) -+ -+ -+ Flush all runtime rules on a reload. Valid options are; yes, no. -+ -+ -+ - - IPv6_rpfilter - s - (rw) - Indicates whether the reverse path filter test on a packet for IPv6 is enabled. If a reply to the packet would be sent via the same interface that the packet arrived on, the packet will match and be accepted, otherwise dropped. -diff --git a/src/firewall/config/__init__.py.in b/src/firewall/config/__init__.py.in -index 955be32077e1..2cfbef804778 100644 ---- a/src/firewall/config/__init__.py.in -+++ b/src/firewall/config/__init__.py.in -@@ -130,3 +130,4 @@ FALLBACK_INDIVIDUAL_CALLS = False - FALLBACK_LOG_DENIED = "off" - FALLBACK_AUTOMATIC_HELPERS = "system" - FALLBACK_FIREWALL_BACKEND = "nftables" -+FALLBACK_FLUSH_ALL_ON_RELOAD = True -diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py -index 9be13a5c1313..7e6255f77398 100644 ---- a/src/firewall/core/fw.py -+++ b/src/firewall/core/fw.py -@@ -113,6 +113,7 @@ class Firewall(object): - self._log_denied = config.FALLBACK_LOG_DENIED - self._automatic_helpers = config.FALLBACK_AUTOMATIC_HELPERS - self._firewall_backend = config.FALLBACK_FIREWALL_BACKEND -+ self._flush_all_on_reload = config.FALLBACK_FLUSH_ALL_ON_RELOAD - self.nf_conntrack_helper_setting = 0 - self.nf_conntrack_helpers = { } - self.nf_nat_helpers = { } -@@ -298,6 +299,15 @@ class Firewall(object): - log.debug1("FirewallBackend is set to '%s'", - self._firewall_backend) - -+ if self._firewalld_conf.get("FlushAllOnReload"): -+ value = self._firewalld_conf.get("FlushAllOnReload") -+ if value.lower() in [ "no", "false" ]: -+ self._flush_all_on_reload = False -+ else: -+ self._flush_all_on_reload = True -+ log.debug1("FlushAllOnReload is set to '%s'", -+ self._flush_all_on_reload) -+ - self.config.set_firewalld_conf(copy.deepcopy(self._firewalld_conf)) - - self._select_firewall_backend(self._firewall_backend) -@@ -963,13 +973,17 @@ class Firewall(object): - def reload(self, stop=False): - _panic = self._panic - -- # save zone interfaces -- _zone_interfaces = { } -- for zone in self.zone.get_zones(): -- _zone_interfaces[zone] = self.zone.get_settings(zone)["interfaces"] -- # save direct config -- _direct_config = self.direct.get_runtime_config() -- _old_dz = self.get_default_zone() -+ # must stash this. The value may change after _start() -+ flush_all = self._flush_all_on_reload -+ -+ if not flush_all: -+ # save zone interfaces -+ _zone_interfaces = { } -+ for zone in self.zone.get_zones(): -+ _zone_interfaces[zone] = self.zone.get_settings(zone)["interfaces"] -+ # save direct config -+ _direct_config = self.direct.get_runtime_config() -+ _old_dz = self.get_default_zone() - - # stop - self.cleanup() -@@ -984,41 +998,42 @@ class Firewall(object): - # etc. We'll re-raise it at the end. - start_exception = e - -- # handle interfaces in the default zone and move them to the new -- # default zone if it changed -- _new_dz = self.get_default_zone() -- if _new_dz != _old_dz: -- # if_new_dz has been introduced with the reload, we need to add it -- # https://github.com/firewalld/firewalld/issues/53 -- if _new_dz not in _zone_interfaces: -- _zone_interfaces[_new_dz] = { } -- # default zone changed. Move interfaces from old default zone to -- # the new one. -- for iface, settings in list(_zone_interfaces[_old_dz].items()): -- if settings["__default__"]: -- # move only those that were added to default zone -- # (not those that were added to specific zone same as -- # default) -- _zone_interfaces[_new_dz][iface] = \ -- _zone_interfaces[_old_dz][iface] -- del _zone_interfaces[_old_dz][iface] -- -- # add interfaces to zones again -- for zone in self.zone.get_zones(): -- if zone in _zone_interfaces: -- self.zone.set_settings(zone, { "interfaces": -- _zone_interfaces[zone] }) -- del _zone_interfaces[zone] -- else: -- log.info1("New zone '%s'.", zone) -- if len(_zone_interfaces) > 0: -- for zone in list(_zone_interfaces.keys()): -- log.info1("Lost zone '%s', zone interfaces dropped.", zone) -- del _zone_interfaces[zone] -- del _zone_interfaces -- -- # restore direct config -- self.direct.set_config(_direct_config) -+ if not flush_all: -+ # handle interfaces in the default zone and move them to the new -+ # default zone if it changed -+ _new_dz = self.get_default_zone() -+ if _new_dz != _old_dz: -+ # if_new_dz has been introduced with the reload, we need to add it -+ # https://github.com/firewalld/firewalld/issues/53 -+ if _new_dz not in _zone_interfaces: -+ _zone_interfaces[_new_dz] = { } -+ # default zone changed. Move interfaces from old default zone to -+ # the new one. -+ for iface, settings in list(_zone_interfaces[_old_dz].items()): -+ if settings["__default__"]: -+ # move only those that were added to default zone -+ # (not those that were added to specific zone same as -+ # default) -+ _zone_interfaces[_new_dz][iface] = \ -+ _zone_interfaces[_old_dz][iface] -+ del _zone_interfaces[_old_dz][iface] -+ -+ # add interfaces to zones again -+ for zone in self.zone.get_zones(): -+ if zone in _zone_interfaces: -+ self.zone.set_settings(zone, { "interfaces": -+ _zone_interfaces[zone] }) -+ del _zone_interfaces[zone] -+ else: -+ log.info1("New zone '%s'.", zone) -+ if len(_zone_interfaces) > 0: -+ for zone in list(_zone_interfaces.keys()): -+ log.info1("Lost zone '%s', zone interfaces dropped.", zone) -+ del _zone_interfaces[zone] -+ del _zone_interfaces -+ -+ # restore direct config -+ self.direct.set_config(_direct_config) - - # enable panic mode again if it has been enabled before or set policy - # to ACCEPT -diff --git a/src/firewall/core/io/firewalld_conf.py b/src/firewall/core/io/firewalld_conf.py -index 4d57bad693c1..953a6d2618ec 100644 ---- a/src/firewall/core/io/firewalld_conf.py -+++ b/src/firewall/core/io/firewalld_conf.py -@@ -30,7 +30,7 @@ from firewall.functions import b2u, u2b, PY2 - - valid_keys = [ "DefaultZone", "MinimalMark", "CleanupOnExit", "Lockdown", - "IPv6_rpfilter", "IndividualCalls", "LogDenied", -- "AutomaticHelpers", "FirewallBackend" ] -+ "AutomaticHelpers", "FirewallBackend", "FlushAllOnReload" ] - - class firewalld_conf(object): - def __init__(self, filename): -@@ -80,6 +80,7 @@ class firewalld_conf(object): - self.set("LogDenied", config.FALLBACK_LOG_DENIED) - self.set("AutomaticHelpers", config.FALLBACK_AUTOMATIC_HELPERS) - self.set("FirewallBackend", config.FALLBACK_FIREWALL_BACKEND) -+ self.set("FlushAllOnReload", "yes" if config.FALLBACK_FLUSH_ALL_ON_RELOAD else "no") - raise - - for line in f: -@@ -183,6 +184,14 @@ class firewalld_conf(object): - config.FALLBACK_FIREWALL_BACKEND) - self.set("FirewallBackend", str(config.FALLBACK_FIREWALL_BACKEND)) - -+ value = self.get("FlushAllOnReload") -+ if not value or value.lower() not in [ "yes", "true", "no", "false" ]: -+ if value is not None: -+ log.warning("FlushAllOnReload '%s' is not valid, using default " -+ "value %s", value if value else '', -+ config.FALLBACK_FLUSH_ALL_ON_RELOAD) -+ self.set("FlushAllOnReload", str(config.FALLBACK_FLUSH_ALL_ON_RELOAD)) -+ - # save to self.filename if there are key/value changes - def write(self): - if len(self._config) < 1: -diff --git a/src/firewall/server/config.py b/src/firewall/server/config.py -index dfc562b537eb..ba04107fe4a1 100644 ---- a/src/firewall/server/config.py -+++ b/src/firewall/server/config.py -@@ -106,6 +106,7 @@ class FirewallDConfig(slip.dbus.service.Object): - "LogDenied": "readwrite", - "AutomaticHelpers": "readwrite", - "FirewallBackend": "readwrite", -+ "FlushAllOnReload": "readwrite", - }) - - @handle_exceptions -@@ -485,7 +486,8 @@ class FirewallDConfig(slip.dbus.service.Object): - def _get_property(self, prop): - if prop not in [ "DefaultZone", "MinimalMark", "CleanupOnExit", - "Lockdown", "IPv6_rpfilter", "IndividualCalls", -- "LogDenied", "AutomaticHelpers", "FirewallBackend" ]: -+ "LogDenied", "AutomaticHelpers", "FirewallBackend", -+ "FlushAllOnReload" ]: - raise dbus.exceptions.DBusException( - "org.freedesktop.DBus.Error.InvalidArgs: " - "Property '%s' does not exist" % prop) -@@ -530,6 +532,10 @@ class FirewallDConfig(slip.dbus.service.Object): - if value is None: - value = config.FALLBACK_FIREWALL_BACKEND - return dbus.String(value) -+ elif prop == "FlushAllOnReload": -+ if value is None: -+ value = "yes" if config.FALLBACK_FLUSH_ALL_ON_RELOAD else "no" -+ return dbus.String(value) - - @dbus_handle_exceptions - def _get_dbus_property(self, prop): -@@ -551,6 +557,8 @@ class FirewallDConfig(slip.dbus.service.Object): - return dbus.String(self._get_property(prop)) - elif prop == "FirewallBackend": - return dbus.String(self._get_property(prop)) -+ elif prop == "FlushAllOnReload": -+ return dbus.String(self._get_property(prop)) - else: - raise dbus.exceptions.DBusException( - "org.freedesktop.DBus.Error.InvalidArgs: " -@@ -590,7 +598,8 @@ class FirewallDConfig(slip.dbus.service.Object): - if interface_name == config.dbus.DBUS_INTERFACE_CONFIG: - for x in [ "DefaultZone", "MinimalMark", "CleanupOnExit", - "Lockdown", "IPv6_rpfilter", "IndividualCalls", -- "LogDenied", "AutomaticHelpers", "FirewallBackend" ]: -+ "LogDenied", "AutomaticHelpers", "FirewallBackend", -+ "FlushAllOnReload" ]: - ret[x] = self._get_property(x) - elif interface_name in [ config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, - config.dbus.DBUS_INTERFACE_CONFIG_POLICIES ]: -@@ -617,7 +626,7 @@ class FirewallDConfig(slip.dbus.service.Object): - if property_name in [ "MinimalMark", "CleanupOnExit", "Lockdown", - "IPv6_rpfilter", "IndividualCalls", - "LogDenied", "AutomaticHelpers", -- "FirewallBackend" ]: -+ "FirewallBackend", "FlushAllOnReload" ]: - if property_name == "MinimalMark": - try: - int(new_value) -@@ -651,6 +660,11 @@ class FirewallDConfig(slip.dbus.service.Object): - raise FirewallError(errors.INVALID_VALUE, - "'%s' for %s" % \ - (new_value, property_name)) -+ if property_name == "FlushAllOnReload": -+ if new_value.lower() not in ["yes", "true", "no", "false"]: -+ raise FirewallError(errors.INVALID_VALUE, -+ "'%s' for %s" % \ -+ (new_value, property_name)) - self.config.get_firewalld_conf().set(property_name, new_value) - self.config.get_firewalld_conf().write() - self.PropertiesChanged(interface_name, -diff --git a/src/tests/dbus/firewalld.conf.at b/src/tests/dbus/firewalld.conf.at -index 473210de10af..72c61bdc4940 100644 ---- a/src/tests/dbus/firewalld.conf.at -+++ b/src/tests/dbus/firewalld.conf.at -@@ -6,6 +6,7 @@ string "AutomaticHelpers" : variant string "system" - string "CleanupOnExit" : variant string "no" - string "DefaultZone" : variant string "public" - string "FirewallBackend" : variant string "nftables" -+string "FlushAllOnReload" : variant string "yes" - m4_if(no, HOST_SUPPORTS_NFT_FIB, [dnl - string "IPv6_rpfilter" : variant string "no"],[dnl - string "IPv6_rpfilter" : variant string "yes"]) -@@ -30,6 +31,7 @@ _helper([LogDenied], [string:"all"], [variant string "all"]) - _helper([IPv6_rpfilter], [string:"yes"], [variant string "yes"]) - _helper([IndividualCalls], [string:"yes"], [variant string "yes"]) - _helper([FirewallBackend], [string:"iptables"], [variant string "iptables"]) -+_helper([FlushAllOnReload], [string:"no"], [variant string "no"]) - _helper([CleanupOnExit], [string:"yes"], [variant string "yes"]) - dnl Note: DefaultZone is RO - m4_undefine([_helper]) -diff --git a/src/tests/python/firewalld_direct.py b/src/tests/python/firewalld_direct.py -index 4cb843492663..28da523d35d0 100755 ---- a/src/tests/python/firewalld_direct.py -+++ b/src/tests/python/firewalld_direct.py -@@ -36,10 +36,16 @@ class TestFirewallDInterfaceDirect(unittest.TestCase): - bus = dbus.SystemBus() - dbus_obj = bus.get_object(config.dbus.DBUS_INTERFACE, - config.dbus.DBUS_PATH) -+ dbus_obj_config = bus.get_object(config.dbus.DBUS_INTERFACE, -+ config.dbus.DBUS_PATH_CONFIG) - self.fw = dbus.Interface(dbus_obj, - dbus_interface=config.dbus.DBUS_INTERFACE) - self.fw_direct = dbus.Interface( - dbus_obj, dbus_interface=config.dbus.DBUS_INTERFACE_DIRECT) -+ self.config_properties = dbus.Interface(dbus_obj_config, -+ dbus_interface='org.freedesktop.DBus.Properties') -+ self.config_properties.Set(config.dbus.DBUS_INTERFACE_CONFIG, "FlushAllOnReload", "no") -+ self.fw.reload() - # always have "direct_foo1" available - self.fw_direct.addChain("ipv4", "filter", "direct_foo1") - -diff --git a/src/tests/python/firewalld_test.py b/src/tests/python/firewalld_test.py -index 62c567fcd299..0d8b4c78bd51 100755 ---- a/src/tests/python/firewalld_test.py -+++ b/src/tests/python/firewalld_test.py -@@ -28,8 +28,8 @@ import sys - import time - import unittest - --from firewall.config.dbus import DBUS_PATH, DBUS_INTERFACE, \ -- DBUS_INTERFACE_ZONE -+from firewall.config.dbus import DBUS_PATH, DBUS_PATH_CONFIG, DBUS_INTERFACE, \ -+ DBUS_INTERFACE_ZONE, DBUS_INTERFACE_CONFIG - from firewall.dbus_utils import dbus_to_python - from pprint import pprint - -@@ -43,9 +43,14 @@ class TestFirewallD(unittest.TestCase): - unittest.TestCase.setUp(self) - bus = dbus.SystemBus() - dbus_obj = bus.get_object(DBUS_INTERFACE, DBUS_PATH) -+ dbus_obj_config = bus.get_object(DBUS_INTERFACE, DBUS_PATH_CONFIG) - self.fw = dbus.Interface(dbus_obj, dbus_interface=DBUS_INTERFACE) - self.fw_zone = dbus.Interface(dbus_obj, - dbus_interface=DBUS_INTERFACE_ZONE) -+ self.config_properties = dbus.Interface(dbus_obj_config, -+ dbus_interface='org.freedesktop.DBus.Properties') -+ self.config_properties.Set(DBUS_INTERFACE_CONFIG, "FlushAllOnReload", "no") -+ self.fw.reload() - - def test_get_setDefaultZone(self): - old_zone = dbus_to_python(self.fw.getDefaultZone()) -diff --git a/src/tests/regression/rhbz1498923.at b/src/tests/regression/rhbz1498923.at -index 9b68678180ef..ed1022fb0ca4 100644 ---- a/src/tests/regression/rhbz1498923.at -+++ b/src/tests/regression/rhbz1498923.at -@@ -1,4 +1,8 @@ - FWD_START_TEST([invalid direct rule causes reload error]) -+dnl Below we test retention of some items applicable to FlushAllOnReload=no -+AT_CHECK([sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=no/' ./firewalld.conf]) -+FWD_RELOAD -+ - FWD_CHECK([-q --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 8080 -j ACCEPT]) - FWD_CHECK([-q --permanent --direct --add-rule ipv4 filter INPUT 1 --a-bogus-flag]) - --- -2.18.0 - diff --git a/SOURCES/firewalld-0.7-0001-fw-On-reload-when-restoring-NM-interfaces-also-consi.patch b/SOURCES/firewalld-0.7-0001-fw-On-reload-when-restoring-NM-interfaces-also-consi.patch deleted file mode 100644 index 79bad0a..0000000 --- a/SOURCES/firewalld-0.7-0001-fw-On-reload-when-restoring-NM-interfaces-also-consi.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 2c003eefff31bb41dcef5ee80f003f277a008139 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Tue, 18 Dec 2018 09:55:08 -0500 -Subject: [PATCH] fw: On reload, when restoring NM interfaces also consider - default zone - -An empty zone, "", is used for interfaces implicitly assigned to the -default zone. We need to include those when reapplying the assignments. - -Fixes: rhbz 1656962 -Fixes: 242bc4e2e20c ("Add "FlushAllOnReload" config option") -Fixes: cd97204a06f3 ("fw: on reload() retain interfaces from NetworkManager") ---- - src/firewall/core/fw.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py -index 4ec2087ec48d..e614a4609edc 100644 ---- a/src/firewall/core/fw.py -+++ b/src/firewall/core/fw.py -@@ -1039,7 +1039,7 @@ class Firewall(object): - # Restore permanent interfaces from NetworkManager - nm_bus_name = nm_get_bus_name() - if nm_bus_name: -- for zone in self.zone.get_zones(): -+ for zone in self.zone.get_zones() + [""]: - for interface in nm_get_interfaces_in_zone(zone): - self.zone.add_interface(zone, interface, sender=nm_bus_name) - --- -2.18.0 - diff --git a/SOURCES/firewalld-0.7-0001-nftables-move-OUR_CHAINS-inside-the-class.patch b/SOURCES/firewalld-0.7-0001-nftables-move-OUR_CHAINS-inside-the-class.patch deleted file mode 100644 index 6e33908..0000000 --- a/SOURCES/firewalld-0.7-0001-nftables-move-OUR_CHAINS-inside-the-class.patch +++ /dev/null @@ -1,137 +0,0 @@ -From f20ba9f1493a31ca31ee071007533b4e35cb57a2 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Thu, 10 Jan 2019 13:29:12 -0500 -Subject: [PATCH 1/3] nftables: move OUR_CHAINS inside the class - -No reason for it to be at the file level. Lets move it inside the class. - -(cherry picked from commit 37606c1eca2b247e648c658ea29af5b5194447e9) ---- - src/firewall/core/nftables.py | 47 +++++++++++++++++------------------ - 1 file changed, 23 insertions(+), 24 deletions(-) - -diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py -index 1d0ce24d68a2..1eb9c3fb94c2 100644 ---- a/src/firewall/core/nftables.py -+++ b/src/firewall/core/nftables.py -@@ -76,13 +76,6 @@ IPTABLES_TO_NFT_HOOK = { - }, - } - --OUR_CHAINS = { # chains created by firewalld -- # family: { chains ...} -- "inet": {}, -- "ip": {}, -- "ip6": {}, --} -- - # Most ICMP types are provided by nft, but for the codes we have to use numeric - # values. - # -@@ -163,6 +156,12 @@ class nftables(object): - self.rule_to_handle = {} - self.rule_ref_count = {} - self.rich_rule_priority_counts = {} -+ self.our_chains = { # chains created by firewalld -+ # family: { chains ...} -+ "inet": {}, -+ "ip": {}, -+ "ip6": {}, -+ } - - def fill_exists(self): - self.command_exists = os.path.exists(self._command) -@@ -359,7 +358,7 @@ class nftables(object): - self.rich_rule_priority_counts = {} - - rules = [] -- for family in OUR_CHAINS.keys(): -+ for family in self.our_chains.keys(): - rules.append(["delete", "table", family, "%s" % TABLE_NAME]) - return rules - -@@ -399,13 +398,13 @@ class nftables(object): - - def build_default_tables(self): - default_tables = [] -- for family in OUR_CHAINS.keys(): -+ for family in self.our_chains.keys(): - default_tables.append("add table %s %s" % (family, TABLE_NAME)) - return map(splitArgs, default_tables) - - def build_default_rules(self, log_denied="off"): - default_rules = [] -- OUR_CHAINS["inet"]["raw"] = set() -+ self.our_chains["inet"]["raw"] = set() - for chain in IPTABLES_TO_NFT_HOOK["raw"].keys(): - default_rules.append("add chain inet %s raw_%s '{ type filter hook %s priority %d ; }'" % - (TABLE_NAME, chain, -@@ -417,9 +416,9 @@ class nftables(object): - default_rules.append("add chain inet %s raw_%s_ZONES" % (TABLE_NAME, chain)) - default_rules.append("add rule inet %s raw_%s jump raw_%s_ZONES_SOURCE" % (TABLE_NAME, chain, chain)) - default_rules.append("add rule inet %s raw_%s jump raw_%s_ZONES" % (TABLE_NAME, chain, chain)) -- OUR_CHAINS["inet"]["raw"].update(set(["%s_ZONES_SOURCE" % chain, "%s_ZONES" % chain])) -+ self.our_chains["inet"]["raw"].update(set(["%s_ZONES_SOURCE" % chain, "%s_ZONES" % chain])) - -- OUR_CHAINS["inet"]["mangle"] = set() -+ self.our_chains["inet"]["mangle"] = set() - for chain in IPTABLES_TO_NFT_HOOK["mangle"].keys(): - default_rules.append("add chain inet %s mangle_%s '{ type filter hook %s priority %d ; }'" % - (TABLE_NAME, chain, -@@ -430,10 +429,10 @@ class nftables(object): - default_rules.append("add chain inet %s mangle_%s_ZONES" % (TABLE_NAME, chain)) - default_rules.append("add rule inet %s mangle_%s jump mangle_%s_ZONES_SOURCE" % (TABLE_NAME, chain, chain)) - default_rules.append("add rule inet %s mangle_%s jump mangle_%s_ZONES" % (TABLE_NAME, chain, chain)) -- OUR_CHAINS["inet"]["mangle"].update(set(["%s_ZONES_SOURCE" % chain, "%s_ZONES" % chain])) -+ self.our_chains["inet"]["mangle"].update(set(["%s_ZONES_SOURCE" % chain, "%s_ZONES" % chain])) - -- OUR_CHAINS["ip"]["nat"] = set() -- OUR_CHAINS["ip6"]["nat"] = set() -+ self.our_chains["ip"]["nat"] = set() -+ self.our_chains["ip6"]["nat"] = set() - for family in ["ip", "ip6"]: - for chain in IPTABLES_TO_NFT_HOOK["nat"].keys(): - default_rules.append("add chain %s %s nat_%s '{ type nat hook %s priority %d ; }'" % -@@ -445,9 +444,9 @@ class nftables(object): - default_rules.append("add chain %s %s nat_%s_ZONES" % (family, TABLE_NAME, chain)) - default_rules.append("add rule %s %s nat_%s jump nat_%s_ZONES_SOURCE" % (family, TABLE_NAME, chain, chain)) - default_rules.append("add rule %s %s nat_%s jump nat_%s_ZONES" % (family, TABLE_NAME, chain, chain)) -- OUR_CHAINS[family]["nat"].update(set(["%s_ZONES_SOURCE" % chain, "%s_ZONES" % chain])) -+ self.our_chains[family]["nat"].update(set(["%s_ZONES_SOURCE" % chain, "%s_ZONES" % chain])) - -- OUR_CHAINS["inet"]["filter"] = set() -+ self.our_chains["inet"]["filter"] = set() - for chain in IPTABLES_TO_NFT_HOOK["filter"].keys(): - default_rules.append("add chain inet %s filter_%s '{ type filter hook %s priority %d ; }'" % - (TABLE_NAME, chain, -@@ -486,12 +485,12 @@ class nftables(object): - default_rules.append("add rule inet %s filter_%s %%%%LOGTYPE%%%% log prefix '\"FINAL_REJECT: \"'" % (TABLE_NAME, "FORWARD")) - default_rules.append("add rule inet %s filter_%s reject with icmpx type admin-prohibited" % (TABLE_NAME, "FORWARD")) - -- OUR_CHAINS["inet"]["filter"] = set(["INPUT_ZONES_SOURCE", -- "INPUT_ZONES", -- "FORWARD_IN_ZONES_SOURCE", -- "FORWARD_IN_ZONES", -- "FORWARD_OUT_ZONES_SOURCE", -- "FORWARD_OUT_ZONES"]) -+ self.our_chains["inet"]["filter"] = set(["INPUT_ZONES_SOURCE", -+ "INPUT_ZONES", -+ "FORWARD_IN_ZONES_SOURCE", -+ "FORWARD_IN_ZONES", -+ "FORWARD_OUT_ZONES_SOURCE", -+ "FORWARD_OUT_ZONES"]) - - return map(splitArgs, default_rules) - -@@ -610,7 +609,7 @@ class nftables(object): - - _zone = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS[chain], zone=zone) - -- OUR_CHAINS[family][table].update(set([_zone, -+ self.our_chains[family][table].update(set([_zone, - "%s_log" % _zone, - "%s_deny" % _zone, - "%s_pre" % _zone, --- -2.18.0 - diff --git a/SOURCES/firewalld-0.7-0001-nftables-rpfilter-collapse-log-and-drop-into-same-ru.patch b/SOURCES/firewalld-0.7-0001-nftables-rpfilter-collapse-log-and-drop-into-same-ru.patch deleted file mode 100644 index 9495549..0000000 --- a/SOURCES/firewalld-0.7-0001-nftables-rpfilter-collapse-log-and-drop-into-same-ru.patch +++ /dev/null @@ -1,41 +0,0 @@ -From dc5771fe648410f8097fe68003e6449f20470d04 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Thu, 20 Dec 2018 15:55:01 -0500 -Subject: [PATCH 1/8] nftables: rpfilter: collapse log and drop into same rule - -(cherry picked from commit 759680552bef435ae4142a2e2bd5591e5f00ae50) ---- - src/firewall/core/nftables.py | 15 +++++++-------- - 1 file changed, 7 insertions(+), 8 deletions(-) - -diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py -index d0d1f6d1610d..72f2180ec504 100644 ---- a/src/firewall/core/nftables.py -+++ b/src/firewall/core/nftables.py -@@ -1230,16 +1230,15 @@ class nftables(object): - return rules - - def build_rpfilter_rules(self, log_denied=False): -+ rule_fragment = ["meta", "nfproto", "ipv6", "fib", "saddr", ".", "iif", -+ "oif", "missing"] -+ if log_denied != "off": -+ rule_fragment += ["log", "prefix", "\"rpfilter_DROP: \""] -+ rule_fragment += ["drop"] -+ - rules = [] - rules.append(["insert", "rule", "inet", "%s" % TABLE_NAME, -- "raw_%s" % "PREROUTING", -- "meta", "nfproto", "ipv6", "fib", "saddr", ".", "iif", -- "oif", "missing", "drop"]) -- if log_denied != "off": -- rules.append(["insert", "rule", "inet", "%s" % TABLE_NAME, -- "raw_%s" % "PREROUTING", -- "meta", "nfproto", "ipv6", "fib", "saddr", ".", "iif", -- "oif", "missing", "log", "prefix", "\"rpfilter_DROP: \""]) -+ "raw_%s" % "PREROUTING"] + rule_fragment) - rules.append(["insert", "rule", "inet", "%s" % TABLE_NAME, - "raw_%s" % "PREROUTING", - "icmpv6", "type", "{ nd-router-advert, nd-neighbor-solicit }", --- -2.18.0 - diff --git a/SOURCES/firewalld-0.7-0002-Add-RFC3964_IPv4-config-option.patch b/SOURCES/firewalld-0.7-0002-Add-RFC3964_IPv4-config-option.patch deleted file mode 100644 index ec612a6..0000000 --- a/SOURCES/firewalld-0.7-0002-Add-RFC3964_IPv4-config-option.patch +++ /dev/null @@ -1,244 +0,0 @@ -From 21dae834490f1d004b2468c1532bf78fbf455d9e Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Wed, 19 Dec 2018 13:40:22 -0500 -Subject: [PATCH 2/8] Add "RFC3964_IPv4" config option - -As per RFC 3964, filter IPv6 traffic with 6to4 destination addresses -that correspond to IPv4 addresses that should not be routed over the -public internet. - -Defaults to "yes". - -(cherry picked from commit fce80236bf38dcdfa4a66cd86e6dc03dd08d7f03) ---- - config/firewalld.conf | 7 +++++++ - doc/xml/firewalld.conf.xml | 12 ++++++++++++ - doc/xml/firewalld.dbus.xml | 10 ++++++++++ - src/firewall/config/__init__.py.in | 1 + - src/firewall/core/fw.py | 9 +++++++++ - src/firewall/core/io/firewalld_conf.py | 12 +++++++++++- - src/firewall/server/config.py | 20 +++++++++++++++++--- - src/tests/dbus/firewalld.conf.at | 2 ++ - 8 files changed, 69 insertions(+), 4 deletions(-) - -diff --git a/config/firewalld.conf b/config/firewalld.conf -index 7cb02561fd4d..1dbce81469e0 100644 ---- a/config/firewalld.conf -+++ b/config/firewalld.conf -@@ -70,3 +70,10 @@ FirewallBackend=nftables - # behavior set this to "no". - # Default: yes - FlushAllOnReload=yes -+ -+# RFC3964_IPv4 -+# As per RFC 3964, filter IPv6 traffic with 6to4 destination addresses that -+# correspond to IPv4 addresses that should not be routed over the public -+# internet. -+# Defaults to "yes". -+RFC3964_IPv4=yes -diff --git a/doc/xml/firewalld.conf.xml b/doc/xml/firewalld.conf.xml -index 600919ae822d..457cadfaa38e 100644 ---- a/doc/xml/firewalld.conf.xml -+++ b/doc/xml/firewalld.conf.xml -@@ -171,6 +171,18 @@ - - - -+ -+ -+ -+ -+ As per RFC 3964, filter IPv6 traffic with 6to4 destination -+ addresses that correspond to IPv4 addresses that should not -+ be routed over the public internet. -+ Defaults to "yes". -+ -+ -+ -+ - - - -diff --git a/doc/xml/firewalld.dbus.xml b/doc/xml/firewalld.dbus.xml -index 132200f3cb42..028d3778e4b6 100644 ---- a/doc/xml/firewalld.dbus.xml -+++ b/doc/xml/firewalld.dbus.xml -@@ -2635,6 +2635,16 @@ - - - -+ -+ FirewallBackend - s - (rw) -+ -+ -+ As per RFC 3964, filter IPv6 traffic with 6to4 destination -+ addresses that correspond to IPv4 addresses that should not be -+ routed over the public internet. Valid options are; yes, no. -+ -+ -+ - - - -diff --git a/src/firewall/config/__init__.py.in b/src/firewall/config/__init__.py.in -index 2cfbef804778..5bb318c5b269 100644 ---- a/src/firewall/config/__init__.py.in -+++ b/src/firewall/config/__init__.py.in -@@ -131,3 +131,4 @@ FALLBACK_LOG_DENIED = "off" - FALLBACK_AUTOMATIC_HELPERS = "system" - FALLBACK_FIREWALL_BACKEND = "nftables" - FALLBACK_FLUSH_ALL_ON_RELOAD = True -+FALLBACK_RFC3964_IPV4 = True -diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py -index e614a4609edc..e8d77f11b2ae 100644 ---- a/src/firewall/core/fw.py -+++ b/src/firewall/core/fw.py -@@ -309,6 +309,15 @@ class Firewall(object): - log.debug1("FlushAllOnReload is set to '%s'", - self._flush_all_on_reload) - -+ if self._firewalld_conf.get("RFC3964_IPv4"): -+ value = self._firewalld_conf.get("RFC3964_IPv4") -+ if value.lower() in [ "no", "false" ]: -+ self._rfc3964_ipv4 = False -+ else: -+ self._rfc3964_ipv4 = True -+ log.debug1("RFC3964_IPv4 is set to '%s'", -+ self._rfc3964_ipv4) -+ - self.config.set_firewalld_conf(copy.deepcopy(self._firewalld_conf)) - - self._select_firewall_backend(self._firewall_backend) -diff --git a/src/firewall/core/io/firewalld_conf.py b/src/firewall/core/io/firewalld_conf.py -index 953a6d2618ec..4ba5bf5f218d 100644 ---- a/src/firewall/core/io/firewalld_conf.py -+++ b/src/firewall/core/io/firewalld_conf.py -@@ -30,7 +30,8 @@ from firewall.functions import b2u, u2b, PY2 - - valid_keys = [ "DefaultZone", "MinimalMark", "CleanupOnExit", "Lockdown", - "IPv6_rpfilter", "IndividualCalls", "LogDenied", -- "AutomaticHelpers", "FirewallBackend", "FlushAllOnReload" ] -+ "AutomaticHelpers", "FirewallBackend", "FlushAllOnReload", -+ "RFC3964_IPv4" ] - - class firewalld_conf(object): - def __init__(self, filename): -@@ -81,6 +82,7 @@ class firewalld_conf(object): - self.set("AutomaticHelpers", config.FALLBACK_AUTOMATIC_HELPERS) - self.set("FirewallBackend", config.FALLBACK_FIREWALL_BACKEND) - self.set("FlushAllOnReload", "yes" if config.FALLBACK_FLUSH_ALL_ON_RELOAD else "no") -+ self.set("RFC3964_IPv4", "yes" if config.FALLBACK_RFC3964_IPV4 else "no") - raise - - for line in f: -@@ -192,6 +194,14 @@ class firewalld_conf(object): - config.FALLBACK_FLUSH_ALL_ON_RELOAD) - self.set("FlushAllOnReload", str(config.FALLBACK_FLUSH_ALL_ON_RELOAD)) - -+ value = self.get("RFC3964_IPv4") -+ if not value or value.lower() not in [ "yes", "true", "no", "false" ]: -+ if value is not None: -+ log.warning("RFC3964_IPv4 '%s' is not valid, using default " -+ "value %s", value if value else '', -+ config.FALLBACK_RFC3964_IPV4) -+ self.set("RFC3964_IPv4", str(config.FALLBACK_RFC3964_IPV4)) -+ - # save to self.filename if there are key/value changes - def write(self): - if len(self._config) < 1: -diff --git a/src/firewall/server/config.py b/src/firewall/server/config.py -index ba04107fe4a1..971dc7d4a14a 100644 ---- a/src/firewall/server/config.py -+++ b/src/firewall/server/config.py -@@ -107,6 +107,7 @@ class FirewallDConfig(slip.dbus.service.Object): - "AutomaticHelpers": "readwrite", - "FirewallBackend": "readwrite", - "FlushAllOnReload": "readwrite", -+ "RFC3964_IPv4": "readwrite", - }) - - @handle_exceptions -@@ -487,7 +488,7 @@ class FirewallDConfig(slip.dbus.service.Object): - if prop not in [ "DefaultZone", "MinimalMark", "CleanupOnExit", - "Lockdown", "IPv6_rpfilter", "IndividualCalls", - "LogDenied", "AutomaticHelpers", "FirewallBackend", -- "FlushAllOnReload" ]: -+ "FlushAllOnReload", "RFC3964_IPv4" ]: - raise dbus.exceptions.DBusException( - "org.freedesktop.DBus.Error.InvalidArgs: " - "Property '%s' does not exist" % prop) -@@ -536,6 +537,10 @@ class FirewallDConfig(slip.dbus.service.Object): - if value is None: - value = "yes" if config.FALLBACK_FLUSH_ALL_ON_RELOAD else "no" - return dbus.String(value) -+ elif prop == "RFC3964_IPv4": -+ if value is None: -+ value = "yes" if config.FALLBACK_RFC3964_IPV4 else "no" -+ return dbus.String(value) - - @dbus_handle_exceptions - def _get_dbus_property(self, prop): -@@ -559,6 +564,8 @@ class FirewallDConfig(slip.dbus.service.Object): - return dbus.String(self._get_property(prop)) - elif prop == "FlushAllOnReload": - return dbus.String(self._get_property(prop)) -+ elif prop == "RFC3964_IPv4": -+ return dbus.String(self._get_property(prop)) - else: - raise dbus.exceptions.DBusException( - "org.freedesktop.DBus.Error.InvalidArgs: " -@@ -599,7 +606,7 @@ class FirewallDConfig(slip.dbus.service.Object): - for x in [ "DefaultZone", "MinimalMark", "CleanupOnExit", - "Lockdown", "IPv6_rpfilter", "IndividualCalls", - "LogDenied", "AutomaticHelpers", "FirewallBackend", -- "FlushAllOnReload" ]: -+ "FlushAllOnReload", "RFC3964_IPv4" ]: - ret[x] = self._get_property(x) - elif interface_name in [ config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, - config.dbus.DBUS_INTERFACE_CONFIG_POLICIES ]: -@@ -626,7 +633,8 @@ class FirewallDConfig(slip.dbus.service.Object): - if property_name in [ "MinimalMark", "CleanupOnExit", "Lockdown", - "IPv6_rpfilter", "IndividualCalls", - "LogDenied", "AutomaticHelpers", -- "FirewallBackend", "FlushAllOnReload" ]: -+ "FirewallBackend", "FlushAllOnReload", -+ "RFC3964_IPv4" ]: - if property_name == "MinimalMark": - try: - int(new_value) -@@ -665,6 +673,12 @@ class FirewallDConfig(slip.dbus.service.Object): - raise FirewallError(errors.INVALID_VALUE, - "'%s' for %s" % \ - (new_value, property_name)) -+ if property_name == "RFC3964_IPv4": -+ if new_value.lower() not in ["yes", "true", "no", "false"]: -+ raise FirewallError(errors.INVALID_VALUE, -+ "'%s' for %s" % \ -+ (new_value, property_name)) -+ - self.config.get_firewalld_conf().set(property_name, new_value) - self.config.get_firewalld_conf().write() - self.PropertiesChanged(interface_name, -diff --git a/src/tests/dbus/firewalld.conf.at b/src/tests/dbus/firewalld.conf.at -index 72c61bdc4940..07f6d31de725 100644 ---- a/src/tests/dbus/firewalld.conf.at -+++ b/src/tests/dbus/firewalld.conf.at -@@ -14,6 +14,7 @@ string "IndividualCalls" : variant string "no" - string "Lockdown" : variant string "no" - string "LogDenied" : variant string "off" - string "MinimalMark" : variant int32 100 -+string "RFC3964_IPv4" : variant string "yes" - ]) - - m4_define([_helper], [ -@@ -33,6 +34,7 @@ _helper([IndividualCalls], [string:"yes"], [variant string "yes"]) - _helper([FirewallBackend], [string:"iptables"], [variant string "iptables"]) - _helper([FlushAllOnReload], [string:"no"], [variant string "no"]) - _helper([CleanupOnExit], [string:"yes"], [variant string "yes"]) -+_helper([RFC3964_IPv4], [string:"no"], [variant string "no"]) - dnl Note: DefaultZone is RO - m4_undefine([_helper]) - --- -2.18.0 - diff --git a/SOURCES/firewalld-0.7-0002-fw-on-reload-retain-interfaces-from-NetworkManager.patch b/SOURCES/firewalld-0.7-0002-fw-on-reload-retain-interfaces-from-NetworkManager.patch deleted file mode 100644 index 3b71be7..0000000 --- a/SOURCES/firewalld-0.7-0002-fw-on-reload-retain-interfaces-from-NetworkManager.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 680fc277f90e5a8286016c644b40f8178bf50b12 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Fri, 7 Dec 2018 14:09:28 -0500 -Subject: [PATCH 16/34] fw: on reload() retain interfaces from NetworkManager - -With FlushOnAllReload=yes the interface to zone assignment controlled by -NM was being lost during a reload. This is because these assignments are -"runtime" from firewalld's point of view. Lets query NM for its -assignments during a reload and reapply them. - -Also add test coverage for FlushAllOnReload=yes. - -Fixes: rhbz 1656962 -Fixes: 242bc4e2e20c ("Add "FlushAllOnReload" config option") -(cherry picked from commit cd97204a06f3243b789d4213f5bd888b0b156f88) ---- - src/firewall/core/fw.py | 8 ++++++++ - src/tests/regression/rhbz1498923.at | 12 ++++++++++++ - 2 files changed, 20 insertions(+) - -diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py -index 7e6255f77398..4ec2087ec48d 100644 ---- a/src/firewall/core/fw.py -+++ b/src/firewall/core/fw.py -@@ -42,6 +42,7 @@ from firewall.core.fw_policies import FirewallPolicies - from firewall.core.fw_ipset import FirewallIPSet - from firewall.core.fw_transaction import FirewallTransaction - from firewall.core.fw_helper import FirewallHelper -+from firewall.core.fw_nm import nm_get_bus_name, nm_get_interfaces_in_zone - from firewall.core.logger import log - from firewall.core.io.firewalld_conf import firewalld_conf - from firewall.core.io.direct import Direct -@@ -1035,6 +1036,13 @@ class Firewall(object): - # restore direct config - self.direct.set_config(_direct_config) - -+ # Restore permanent interfaces from NetworkManager -+ nm_bus_name = nm_get_bus_name() -+ if nm_bus_name: -+ for zone in self.zone.get_zones(): -+ for interface in nm_get_interfaces_in_zone(zone): -+ self.zone.add_interface(zone, interface, sender=nm_bus_name) -+ - # enable panic mode again if it has been enabled before or set policy - # to ACCEPT - if _panic: -diff --git a/src/tests/regression/rhbz1498923.at b/src/tests/regression/rhbz1498923.at -index ed1022fb0ca4..70f7a6036b8f 100644 ---- a/src/tests/regression/rhbz1498923.at -+++ b/src/tests/regression/rhbz1498923.at -@@ -1,4 +1,16 @@ - FWD_START_TEST([invalid direct rule causes reload error]) -+dnl Verify runtime interface to zone assignment is gone after reload -+AT_CHECK([sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=yes/' ./firewalld.conf]) -+FWD_RELOAD -+FWD_CHECK([-q --zone=public --add-interface=foobar0]) -+FWD_CHECK([--get-zone-of-interface=foobar0], 0, [dnl -+public -+]) -+FWD_RELOAD -+FWD_CHECK([--get-zone-of-interface=foobar0], 2, [], [dnl -+no zone -+]) -+ - dnl Below we test retention of some items applicable to FlushAllOnReload=no - AT_CHECK([sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=no/' ./firewalld.conf]) - FWD_RELOAD --- -2.18.0 - diff --git a/SOURCES/firewalld-0.7-0002-ipXtables-Avoid-inserting-rules-with-index.patch b/SOURCES/firewalld-0.7-0002-ipXtables-Avoid-inserting-rules-with-index.patch deleted file mode 100644 index 1aae603..0000000 --- a/SOURCES/firewalld-0.7-0002-ipXtables-Avoid-inserting-rules-with-index.patch +++ /dev/null @@ -1,349 +0,0 @@ -From e7a361474d58b66fcd1c135cf465f0308cf3f8cb Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Thu, 10 Jan 2019 13:02:34 -0500 -Subject: [PATCH 2/3] ipXtables: Avoid inserting rules with index - -iptables-restore (nftables) has a bug in which inserting by index -doesn't always work as expected. Rules may be inserted at the wrong -index. We can mostly avoid this by appending rules. This actually -simplifies things because we don't have to count indexes. Ref rhbz -1647925. - -(cherry picked from commit 9f0eb929c240211d3da978732a9f6930da71486c) ---- - src/firewall/core/fw_direct.py | 5 +- - src/firewall/core/ipXtables.py | 260 ++++++++++++++++----------------- - 2 files changed, 134 insertions(+), 131 deletions(-) - -diff --git a/src/firewall/core/fw_direct.py b/src/firewall/core/fw_direct.py -index 94196e8a41fa..e53a72e3326a 100644 ---- a/src/firewall/core/fw_direct.py -+++ b/src/firewall/core/fw_direct.py -@@ -181,7 +181,10 @@ class FirewallDirect(object): - def _check_builtin_chain(self, ipv, table, chain): - if ipv in ['ipv4', 'ipv6']: - built_in_chains = ipXtables.BUILT_IN_CHAINS[table] -- our_chains = ipXtables.OUR_CHAINS[table] -+ if self._fw.nftables_enabled: -+ our_chains = {} -+ else: -+ our_chains = self._fw.get_direct_backend_by_ipv(ipv).our_chains[table] - else: - built_in_chains = ebtables.BUILT_IN_CHAINS[table] - our_chains = ebtables.OUR_CHAINS[table] -diff --git a/src/firewall/core/ipXtables.py b/src/firewall/core/ipXtables.py -index 2d2d9f76d5c9..c5b17aa3a846 100644 ---- a/src/firewall/core/ipXtables.py -+++ b/src/firewall/core/ipXtables.py -@@ -51,106 +51,6 @@ ICMP = { - "ipv6": "ipv6-icmp", - } - --DEFAULT_RULES = { } --LOG_RULES = { } --OUR_CHAINS = {} # chains created by firewalld -- --DEFAULT_RULES["security"] = [ ] --OUR_CHAINS["security"] = set() --for chain in BUILT_IN_CHAINS["security"]: -- DEFAULT_RULES["security"].append("-N %s_direct" % chain) -- DEFAULT_RULES["security"].append("-I %s 1 -j %s_direct" % (chain, chain)) -- OUR_CHAINS["security"].add("%s_direct" % chain) -- --DEFAULT_RULES["raw"] = [ ] --OUR_CHAINS["raw"] = set() --for chain in BUILT_IN_CHAINS["raw"]: -- DEFAULT_RULES["raw"].append("-N %s_direct" % chain) -- DEFAULT_RULES["raw"].append("-I %s 1 -j %s_direct" % (chain, chain)) -- OUR_CHAINS["raw"].add("%s_direct" % chain) -- -- if chain == "PREROUTING": -- DEFAULT_RULES["raw"].append("-N %s_ZONES_SOURCE" % chain) -- DEFAULT_RULES["raw"].append("-N %s_ZONES" % chain) -- DEFAULT_RULES["raw"].append("-I %s 2 -j %s_ZONES_SOURCE" % (chain, chain)) -- DEFAULT_RULES["raw"].append("-I %s 3 -j %s_ZONES" % (chain, chain)) -- OUR_CHAINS["raw"].update(set(["%s_ZONES_SOURCE" % chain, "%s_ZONES" % chain])) -- --DEFAULT_RULES["mangle"] = [ ] --OUR_CHAINS["mangle"] = set() --for chain in BUILT_IN_CHAINS["mangle"]: -- DEFAULT_RULES["mangle"].append("-N %s_direct" % chain) -- DEFAULT_RULES["mangle"].append("-I %s 1 -j %s_direct" % (chain, chain)) -- OUR_CHAINS["mangle"].add("%s_direct" % chain) -- -- if chain == "PREROUTING": -- DEFAULT_RULES["mangle"].append("-N %s_ZONES_SOURCE" % chain) -- DEFAULT_RULES["mangle"].append("-N %s_ZONES" % chain) -- DEFAULT_RULES["mangle"].append("-I %s 2 -j %s_ZONES_SOURCE" % (chain, chain)) -- DEFAULT_RULES["mangle"].append("-I %s 3 -j %s_ZONES" % (chain, chain)) -- OUR_CHAINS["mangle"].update(set(["%s_ZONES_SOURCE" % chain, "%s_ZONES" % chain])) -- --DEFAULT_RULES["nat"] = [ ] --OUR_CHAINS["nat"] = set() --for chain in BUILT_IN_CHAINS["nat"]: -- DEFAULT_RULES["nat"].append("-N %s_direct" % chain) -- DEFAULT_RULES["nat"].append("-I %s 1 -j %s_direct" % (chain, chain)) -- OUR_CHAINS["nat"].add("%s_direct" % chain) -- -- if chain in [ "PREROUTING", "POSTROUTING" ]: -- DEFAULT_RULES["nat"].append("-N %s_ZONES_SOURCE" % chain) -- DEFAULT_RULES["nat"].append("-N %s_ZONES" % chain) -- DEFAULT_RULES["nat"].append("-I %s 2 -j %s_ZONES_SOURCE" % (chain, chain)) -- DEFAULT_RULES["nat"].append("-I %s 3 -j %s_ZONES" % (chain, chain)) -- OUR_CHAINS["nat"].update(set(["%s_ZONES_SOURCE" % chain, "%s_ZONES" % chain])) -- --DEFAULT_RULES["filter"] = [ -- "-N INPUT_direct", -- "-N INPUT_ZONES_SOURCE", -- "-N INPUT_ZONES", -- -- "-I INPUT 1 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT", -- "-I INPUT 2 -i lo -j ACCEPT", -- "-I INPUT 3 -j INPUT_direct", -- "-I INPUT 4 -j INPUT_ZONES_SOURCE", -- "-I INPUT 5 -j INPUT_ZONES", -- "-I INPUT 6 -m conntrack --ctstate INVALID -j DROP", -- "-I INPUT 7 -j %%REJECT%%", -- -- "-N FORWARD_direct", -- "-N FORWARD_IN_ZONES_SOURCE", -- "-N FORWARD_IN_ZONES", -- "-N FORWARD_OUT_ZONES_SOURCE", -- "-N FORWARD_OUT_ZONES", -- -- "-I FORWARD 1 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT", -- "-I FORWARD 2 -i lo -j ACCEPT", -- "-I FORWARD 3 -j FORWARD_direct", -- "-I FORWARD 4 -j FORWARD_IN_ZONES_SOURCE", -- "-I FORWARD 5 -j FORWARD_IN_ZONES", -- "-I FORWARD 6 -j FORWARD_OUT_ZONES_SOURCE", -- "-I FORWARD 7 -j FORWARD_OUT_ZONES", -- "-I FORWARD 8 -m conntrack --ctstate INVALID -j DROP", -- "-I FORWARD 9 -j %%REJECT%%", -- -- "-N OUTPUT_direct", -- -- "-I OUTPUT 1 -j OUTPUT_direct", --] -- --LOG_RULES["filter"] = [ -- "-I INPUT 6 -m conntrack --ctstate INVALID %%LOGTYPE%% -j LOG --log-prefix 'STATE_INVALID_DROP: '", -- "-I INPUT 8 %%LOGTYPE%% -j LOG --log-prefix 'FINAL_REJECT: '", -- -- "-I FORWARD 8 -m conntrack --ctstate INVALID %%LOGTYPE%% -j LOG --log-prefix 'STATE_INVALID_DROP: '", -- "-I FORWARD 10 %%LOGTYPE%% -j LOG --log-prefix 'FINAL_REJECT: '", --] -- --OUR_CHAINS["filter"] = set(["INPUT_direct", "INPUT_ZONES_SOURCE", "INPUT_ZONES", -- "FORWARD_direct", "FORWARD_IN_ZONES_SOURCE", -- "FORWARD_IN_ZONES", "FORWARD_OUT_ZONES_SOURCE", -- "FORWARD_OUT_ZONES", "OUTPUT_direct"]) -- - # ipv ebtables also uses this - # - def common_reverse_rule(args): -@@ -278,6 +178,7 @@ class ip4tables(object): - self.fill_exists() - self.available_tables = [] - self.rich_rule_priority_counts = {} -+ self.our_chains = {} # chains created by firewalld - - def fill_exists(self): - self.command_exists = os.path.exists(self._command) -@@ -694,20 +595,117 @@ class ip4tables(object): - return [] - - def build_default_rules(self, log_denied="off"): -- default_rules = [] -- for table in DEFAULT_RULES: -+ default_rules = {} -+ -+ default_rules["security"] = [ ] -+ self.our_chains["security"] = set() -+ for chain in BUILT_IN_CHAINS["security"]: -+ default_rules["security"].append("-N %s_direct" % chain) -+ default_rules["security"].append("-A %s -j %s_direct" % (chain, chain)) -+ self.our_chains["security"].add("%s_direct" % chain) -+ -+ default_rules["raw"] = [ ] -+ self.our_chains["raw"] = set() -+ for chain in BUILT_IN_CHAINS["raw"]: -+ default_rules["raw"].append("-N %s_direct" % chain) -+ default_rules["raw"].append("-A %s -j %s_direct" % (chain, chain)) -+ self.our_chains["raw"].add("%s_direct" % chain) -+ -+ if chain == "PREROUTING": -+ default_rules["raw"].append("-N %s_ZONES_SOURCE" % chain) -+ default_rules["raw"].append("-N %s_ZONES" % chain) -+ default_rules["raw"].append("-A %s -j %s_ZONES_SOURCE" % (chain, chain)) -+ default_rules["raw"].append("-A %s -j %s_ZONES" % (chain, chain)) -+ self.our_chains["raw"].update(set(["%s_ZONES_SOURCE" % chain, "%s_ZONES" % chain])) -+ -+ default_rules["mangle"] = [ ] -+ self.our_chains["mangle"] = set() -+ for chain in BUILT_IN_CHAINS["mangle"]: -+ default_rules["mangle"].append("-N %s_direct" % chain) -+ default_rules["mangle"].append("-A %s -j %s_direct" % (chain, chain)) -+ self.our_chains["mangle"].add("%s_direct" % chain) -+ -+ if chain == "PREROUTING": -+ default_rules["mangle"].append("-N %s_ZONES_SOURCE" % chain) -+ default_rules["mangle"].append("-N %s_ZONES" % chain) -+ default_rules["mangle"].append("-A %s -j %s_ZONES_SOURCE" % (chain, chain)) -+ default_rules["mangle"].append("-A %s -j %s_ZONES" % (chain, chain)) -+ self.our_chains["mangle"].update(set(["%s_ZONES_SOURCE" % chain, "%s_ZONES" % chain])) -+ -+ default_rules["nat"] = [ ] -+ self.our_chains["nat"] = set() -+ for chain in BUILT_IN_CHAINS["nat"]: -+ default_rules["nat"].append("-N %s_direct" % chain) -+ default_rules["nat"].append("-A %s -j %s_direct" % (chain, chain)) -+ self.our_chains["nat"].add("%s_direct" % chain) -+ -+ if chain in [ "PREROUTING", "POSTROUTING" ]: -+ default_rules["nat"].append("-N %s_ZONES_SOURCE" % chain) -+ default_rules["nat"].append("-N %s_ZONES" % chain) -+ default_rules["nat"].append("-A %s -j %s_ZONES_SOURCE" % (chain, chain)) -+ default_rules["nat"].append("-A %s -j %s_ZONES" % (chain, chain)) -+ self.our_chains["nat"].update(set(["%s_ZONES_SOURCE" % chain, "%s_ZONES" % chain])) -+ -+ default_rules["filter"] = [ -+ "-N INPUT_direct", -+ "-N INPUT_ZONES_SOURCE", -+ "-N INPUT_ZONES", -+ -+ "-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT", -+ "-A INPUT -i lo -j ACCEPT", -+ "-A INPUT -j INPUT_direct", -+ "-A INPUT -j INPUT_ZONES_SOURCE", -+ "-A INPUT -j INPUT_ZONES", -+ ] -+ if log_denied != "off": -+ default_rules["filter"].append("-A INPUT -m conntrack --ctstate INVALID %%LOGTYPE%% -j LOG --log-prefix 'STATE_INVALID_DROP: '") -+ default_rules["filter"].append("-A INPUT -m conntrack --ctstate INVALID -j DROP") -+ if log_denied != "off": -+ default_rules["filter"].append("-A INPUT %%LOGTYPE%% -j LOG --log-prefix 'FINAL_REJECT: '") -+ default_rules["filter"].append("-A INPUT -j %%REJECT%%") -+ -+ default_rules["filter"] += [ -+ "-N FORWARD_direct", -+ "-N FORWARD_IN_ZONES_SOURCE", -+ "-N FORWARD_IN_ZONES", -+ "-N FORWARD_OUT_ZONES_SOURCE", -+ "-N FORWARD_OUT_ZONES", -+ -+ "-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT", -+ "-A FORWARD -i lo -j ACCEPT", -+ "-A FORWARD -j FORWARD_direct", -+ "-A FORWARD -j FORWARD_IN_ZONES_SOURCE", -+ "-A FORWARD -j FORWARD_IN_ZONES", -+ "-A FORWARD -j FORWARD_OUT_ZONES_SOURCE", -+ "-A FORWARD -j FORWARD_OUT_ZONES", -+ ] -+ if log_denied != "off": -+ default_rules["filter"].append("-A FORWARD -m conntrack --ctstate INVALID %%LOGTYPE%% -j LOG --log-prefix 'STATE_INVALID_DROP: '") -+ default_rules["filter"].append("-A FORWARD -m conntrack --ctstate INVALID -j DROP") -+ if log_denied != "off": -+ default_rules["filter"].append("-A FORWARD %%LOGTYPE%% -j LOG --log-prefix 'FINAL_REJECT: '") -+ default_rules["filter"].append("-A FORWARD -j %%REJECT%%") -+ -+ default_rules["filter"] += [ -+ "-N OUTPUT_direct", -+ -+ "-A OUTPUT -o lo -j ACCEPT", -+ "-A OUTPUT -j OUTPUT_direct", -+ ] -+ -+ self.our_chains["filter"] = set(["INPUT_direct", "INPUT_ZONES_SOURCE", "INPUT_ZONES", -+ "FORWARD_direct", "FORWARD_IN_ZONES_SOURCE", -+ "FORWARD_IN_ZONES", "FORWARD_OUT_ZONES_SOURCE", -+ "FORWARD_OUT_ZONES", "OUTPUT_direct"]) -+ -+ final_default_rules = [] -+ for table in default_rules: - if table not in self.get_available_tables(): - continue -- _default_rules = DEFAULT_RULES[table][:] -- if log_denied != "off" and table in LOG_RULES: -- _default_rules.extend(LOG_RULES[table]) -- prefix = [ "-t", table ] -- for rule in _default_rules: -- if type(rule) == list: -- default_rules.append(prefix + rule) -- else: -- default_rules.append(prefix + splitArgs(rule)) -- return default_rules -+ for rule in default_rules[table]: -+ final_default_rules.append(["-t", table] + splitArgs(rule)) -+ -+ return final_default_rules - - def get_zone_table_chains(self, table): - if table == "filter": -@@ -801,7 +799,7 @@ class ip4tables(object): - def build_zone_chain_rules(self, zone, table, chain): - _zone = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS[chain], zone=zone) - -- OUR_CHAINS[table].update(set([_zone, -+ self.our_chains[table].update(set([_zone, - "%s_log" % _zone, - "%s_deny" % _zone, - "%s_pre" % _zone, -@@ -815,35 +813,37 @@ class ip4tables(object): - rules.append([ "-N", "%s_deny" % _zone, "-t", table ]) - rules.append([ "-N", "%s_allow" % _zone, "-t", table ]) - rules.append([ "-N", "%s_post" % _zone, "-t", table ]) -- rules.append([ "-I", _zone, "1", "-t", table, "-j", "%s_pre" % _zone ]) -- rules.append([ "-I", _zone, "2", "-t", table, "-j", "%s_log" % _zone ]) -- rules.append([ "-I", _zone, "3", "-t", table, "-j", "%s_deny" % _zone ]) -- rules.append([ "-I", _zone, "4", "-t", table, "-j", "%s_allow" % _zone ]) -- rules.append([ "-I", _zone, "5", "-t", table, "-j", "%s_post" % _zone ]) -+ rules.append([ "-A", _zone, "-t", table, "-j", "%s_pre" % _zone ]) -+ rules.append([ "-A", _zone, "-t", table, "-j", "%s_log" % _zone ]) -+ rules.append([ "-A", _zone, "-t", table, "-j", "%s_deny" % _zone ]) -+ rules.append([ "-A", _zone, "-t", table, "-j", "%s_allow" % _zone ]) -+ rules.append([ "-A", _zone, "-t", table, "-j", "%s_post" % _zone ]) - -- # Handle trust, block and drop zones: -- # Add an additional rule with the zone target (accept, reject -- # or drop) to the base zone only in the filter table. -- # Otherwise it is not be possible to have a zone with drop -- # target, that is allowing traffic that is locally initiated -- # or that adds additional rules. (RHBZ#1055190) - target = self._fw.zone._zones[zone].target -- if table == "filter" and \ -- target in [ "ACCEPT", "REJECT", "%%REJECT%%", "DROP" ] and \ -- chain in [ "INPUT", "FORWARD_IN", "FORWARD_OUT", "OUTPUT" ]: -- rules.append([ "-I", _zone, "6", "-t", table, "-j", target ]) - - if self._fw.get_log_denied() != "off": - if table == "filter" and \ - chain in [ "INPUT", "FORWARD_IN", "FORWARD_OUT", "OUTPUT" ]: - if target in [ "REJECT", "%%REJECT%%" ]: -- rules.append([ "-I", _zone, "6", "-t", table, "%%LOGTYPE%%", -+ rules.append([ "-A", _zone, "-t", table, "%%LOGTYPE%%", - "-j", "LOG", "--log-prefix", - "\"%s_REJECT: \"" % _zone ]) - if target == "DROP": -- rules.append([ "-I", _zone, "6", "-t", table, "%%LOGTYPE%%", -+ rules.append([ "-A", _zone, "-t", table, "%%LOGTYPE%%", - "-j", "LOG", "--log-prefix", - "\"%s_DROP: \"" % _zone ]) -+ -+ # Handle trust, block and drop zones: -+ # Add an additional rule with the zone target (accept, reject -+ # or drop) to the base zone only in the filter table. -+ # Otherwise it is not be possible to have a zone with drop -+ # target, that is allowing traffic that is locally initiated -+ # or that adds additional rules. (RHBZ#1055190) -+ if table == "filter" and \ -+ target in [ "ACCEPT", "REJECT", "%%REJECT%%", "DROP" ] and \ -+ chain in [ "INPUT", "FORWARD_IN", "FORWARD_OUT", "OUTPUT" ]: -+ rules.append([ "-A", _zone, "-t", table, "-j", target ]) -+ - return rules - - def _rule_limit(self, limit): --- -2.18.0 - diff --git a/SOURCES/firewalld-0.7-0003-RFC3964_IPv4-Use-filter-table-instead-of-raw.patch b/SOURCES/firewalld-0.7-0003-RFC3964_IPv4-Use-filter-table-instead-of-raw.patch deleted file mode 100644 index cf735cb..0000000 --- a/SOURCES/firewalld-0.7-0003-RFC3964_IPv4-Use-filter-table-instead-of-raw.patch +++ /dev/null @@ -1,331 +0,0 @@ -From ca0695dd53ad321d89906d190b93a5898cb40220 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Thu, 10 Jan 2019 10:10:12 -0500 -Subject: [PATCH 3/3] RFC3964_IPv4: Use filter table instead of raw - -This allows us to use the reject statement, which is more useful to -provide feedback to senders. - -Fixes: 5afa02271418 ("nftables: support RFC3964_IPv4 filtering") -Fixes: b86206ed1590 ("ipXtables: support RFC3964_IPv4 filtering") -(cherry picked from commit 44200d0f508a990c5dfff9f480a6206ec507e229) ---- - src/firewall/core/fw.py | 12 ++- - src/firewall/core/ipXtables.py | 24 +++-- - src/firewall/core/nftables.py | 20 ++-- - src/tests/features/rfc3964_ipv4.at | 159 +++++++++++++++-------------- - 4 files changed, 122 insertions(+), 93 deletions(-) - -diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py -index a3089ce70eb8..66f4d9508afa 100644 ---- a/src/firewall/core/fw.py -+++ b/src/firewall/core/fw.py -@@ -822,9 +822,15 @@ class Firewall(object): - rules = ipv6_backend.build_rpfilter_rules(self._log_denied) - transaction.add_rules(ipv6_backend, rules) - -- if self._rfc3964_ipv4: -- rules = ipv6_backend.build_rfc3964_ipv4_rules() -- transaction.add_rules(ipv6_backend, rules) -+ if self._rfc3964_ipv4: -+ # Flush due to iptables-restore (nftables) bug tiggered when -+ # specifying same index multiple times in same batch -+ # rhbz 1647925 -+ transaction.execute(True) -+ transaction.clear() -+ -+ rules = ipv6_backend.build_rfc3964_ipv4_rules() -+ transaction.add_rules(ipv6_backend, rules) - - else: - if use_transaction is None: -diff --git a/src/firewall/core/ipXtables.py b/src/firewall/core/ipXtables.py -index c5b17aa3a846..1355a473f792 100644 ---- a/src/firewall/core/ipXtables.py -+++ b/src/firewall/core/ipXtables.py -@@ -1320,13 +1320,23 @@ class ip6tables(ip4tables): - "2002:e000::/19", # 224.0.0.0/4 (multicast), 240.0.0.0/4 (reserved and broadcast) - ] - -+ chain_name = "RFC3964_IPv4" -+ self.our_chains["filter"].add(chain_name) -+ - rules = [] -+ rules.append(["-t", "filter", "-N", chain_name]) - for daddr in daddr_list: -- for chain in ["PREROUTING", "OUTPUT"]: -- rules.append(["-t", "raw", "-I", chain, -- "-d", daddr, "-j", "DROP"]) -- if self._fw._log_denied in ["unicast", "all"]: -- rules.append(["-t", "raw", "-I", chain, -- "-d", daddr, "-j", "LOG", -- "--log-prefix", "\"RFC3964_IPv4_DROP: \""]) -+ rules.append(["-t", "filter", "-I", chain_name, -+ "-d", daddr, "-j", "REJECT", "--reject-with", -+ "addr-unreach"]) -+ if self._fw._log_denied in ["unicast", "all"]: -+ rules.append(["-t", "filter", "-I", chain_name, -+ "-d", daddr, "-j", "LOG", -+ "--log-prefix", "\"RFC3964_IPv4_REJECT: \""]) -+ -+ # Inject into FORWARD and OUTPUT chains -+ rules.append(["-t", "filter", "-I", "OUTPUT", "3", -+ "-j", chain_name]) -+ rules.append(["-t", "filter", "-I", "FORWARD", "4", -+ "-j", chain_name]) - return rules -diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py -index 1eb9c3fb94c2..94d8c2b155dc 100644 ---- a/src/firewall/core/nftables.py -+++ b/src/firewall/core/nftables.py -@@ -54,7 +54,7 @@ IPTABLES_TO_NFT_HOOK = { - #}, - "raw": { - "PREROUTING": ("prerouting", -300 + NFT_HOOK_OFFSET), -- "OUTPUT": ("output", -300 + NFT_HOOK_OFFSET), -+ # "OUTPUT": ("output", -300 + NFT_HOOK_OFFSET), - }, - "mangle": { - "PREROUTING": ("prerouting", -150 + NFT_HOOK_OFFSET), -@@ -72,7 +72,7 @@ IPTABLES_TO_NFT_HOOK = { - "filter": { - "INPUT": ("input", 0 + NFT_HOOK_OFFSET), - "FORWARD": ("forward", 0 + NFT_HOOK_OFFSET), -- # "OUTPUT": ("output", 0 + NFT_HOOK_OFFSET), -+ "OUTPUT": ("output", 0 + NFT_HOOK_OFFSET), - }, - } - -@@ -485,6 +485,9 @@ class nftables(object): - default_rules.append("add rule inet %s filter_%s %%%%LOGTYPE%%%% log prefix '\"FINAL_REJECT: \"'" % (TABLE_NAME, "FORWARD")) - default_rules.append("add rule inet %s filter_%s reject with icmpx type admin-prohibited" % (TABLE_NAME, "FORWARD")) - -+ # filter, OUTPUT -+ default_rules.append("add rule inet %s filter_%s oifname lo accept" % (TABLE_NAME, "OUTPUT")) -+ - self.our_chains["inet"]["filter"] = set(["INPUT_ZONES_SOURCE", - "INPUT_ZONES", - "FORWARD_IN_ZONES_SOURCE", -@@ -1260,13 +1263,16 @@ class nftables(object): - - rule_fragment = ["ip6", "daddr"] + daddr_set - if self._fw._log_denied in ["unicast", "all"]: -- rule_fragment += ["log", "prefix", "\"RFC3964_IPv4_DROP: \""] -- rule_fragment += ["drop"] -+ rule_fragment += ["log", "prefix", "\"RFC3964_IPv4_REJECT: \""] -+ rule_fragment += ["reject"] -+ rule_fragment += self._reject_types_fragment("addr-unreach") - - rules = [] -- for chain in ["PREROUTING", "OUTPUT"]: -- rules.append(["insert", "rule", "inet", "%s" % TABLE_NAME, -- "raw_%s" % chain] + rule_fragment) -+ # WARN: index must be kept in sync with build_default_rules() -+ rules.append(["add", "rule", "inet", "%s" % TABLE_NAME, -+ "filter_OUTPUT", "index", "0"] + rule_fragment) -+ rules.append(["add", "rule", "inet", "%s" % TABLE_NAME, -+ "filter_FORWARD", "index", "1"] + rule_fragment) - return rules - - def build_zone_rich_source_destination_rules(self, enable, zone, rich_rule): -diff --git a/src/tests/features/rfc3964_ipv4.at b/src/tests/features/rfc3964_ipv4.at -index ea8dd40bb5c3..a93aba192c2c 100644 ---- a/src/tests/features/rfc3964_ipv4.at -+++ b/src/tests/features/rfc3964_ipv4.at -@@ -5,74 +5,70 @@ AT_CHECK([sed -i 's/^RFC3964_IPv4.*/RFC3964_IPv4=yes/' ./firewalld.conf]) - FWD_RELOAD - - m4_if(nftables, FIREWALL_BACKEND, [ -- NFT_LIST_RULES([inet], [raw_PREROUTING], 0, [dnl -+ NFT_LIST_RULES([inet], [filter_FORWARD], 0, [dnl - table inet firewalld { -- chain raw_PREROUTING { -- ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } log prefix "RFC3964_IPv4_DROP: " drop -- m4_if(yes, HOST_SUPPORTS_NFT_FIB, [dnl -- icmpv6 type { nd-router-advert, nd-neighbor-solicit } accept -- meta nfproto ipv6 fib saddr . iif oif missing log prefix "rpfilter_DROP: " drop -- ])dnl -- jump raw_PREROUTING_ZONES_SOURCE -- jump raw_PREROUTING_ZONES -+ chain filter_FORWARD { -+ ct state established,related accept -+ iifname "lo" accept -+ ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } log prefix "RFC3964_IPv4_REJECT: " reject with icmpv6 type addr-unreachable -+ jump filter_FORWARD_IN_ZONES_SOURCE -+ jump filter_FORWARD_IN_ZONES -+ jump filter_FORWARD_OUT_ZONES_SOURCE -+ jump filter_FORWARD_OUT_ZONES -+ ct state invalid log prefix "STATE_INVALID_DROP: " -+ ct state invalid drop -+ log prefix "FINAL_REJECT: " -+ reject with icmpx type admin-prohibited - } - } - ]) -- NFT_LIST_RULES([inet], [raw_OUTPUT], 0, [dnl -+ NFT_LIST_RULES([inet], [filter_OUTPUT], 0, [dnl - table inet firewalld { -- chain raw_OUTPUT { -- ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } log prefix "RFC3964_IPv4_DROP: " drop -+ chain filter_OUTPUT { -+ oifname "lo" accept -+ ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } log prefix "RFC3964_IPv4_REJECT: " reject with icmpv6 type addr-unreachable - } - } - ]) - ], [ -- IP6TABLES_LIST_RULES([raw], [PREROUTING], 0, [dnl -- LOG all ::/0 2002:e000::/19 LOG flags 0 level 4 prefix "RFC3964_IPv4_DROP: " -- DROP all ::/0 2002:e000::/19 -- LOG all ::/0 2002:a9fe::/32 LOG flags 0 level 4 prefix "RFC3964_IPv4_DROP: " -- DROP all ::/0 2002:a9fe::/32 -- LOG all ::/0 2002:c0a8::/32 LOG flags 0 level 4 prefix "RFC3964_IPv4_DROP: " -- DROP all ::/0 2002:c0a8::/32 -- LOG all ::/0 2002:ac10::/28 LOG flags 0 level 4 prefix "RFC3964_IPv4_DROP: " -- DROP all ::/0 2002:ac10::/28 -- LOG all ::/0 2002:7f00::/24 LOG flags 0 level 4 prefix "RFC3964_IPv4_DROP: " -- DROP all ::/0 2002:7f00::/24 -- LOG all ::/0 2002:a00::/24 LOG flags 0 level 4 prefix "RFC3964_IPv4_DROP: " -- DROP all ::/0 2002:a00::/24 -- LOG all ::/0 2002::/24 LOG flags 0 level 4 prefix "RFC3964_IPv4_DROP: " -- DROP all ::/0 2002::/24 -- LOG all ::/0 ::ffff:0.0.0.0/96 LOG flags 0 level 4 prefix "RFC3964_IPv4_DROP: " -- DROP all ::/0 ::ffff:0.0.0.0/96 -- LOG all ::/0 ::/96 LOG flags 0 level 4 prefix "RFC3964_IPv4_DROP: " -- DROP all ::/0 ::/96 -- ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 134 -- ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 135 -- LOG all ::/0 ::/0 rpfilter invert LOG flags 0 level 4 prefix "rpfilter_DROP: " -- DROP all ::/0 ::/0 rpfilter invert -- PREROUTING_direct all ::/0 ::/0 -- PREROUTING_ZONES_SOURCE all ::/0 ::/0 -- PREROUTING_ZONES all ::/0 ::/0 -+ IP6TABLES_LIST_RULES([filter], [RFC3964_IPv4], 0, [dnl -+ LOG all ::/0 2002:e000::/19 LOG flags 0 level 4 prefix "RFC3964_IPv4_REJECT: " -+ REJECT all ::/0 2002:e000::/19 reject-with icmp6-addr-unreachable -+ LOG all ::/0 2002:a9fe::/32 LOG flags 0 level 4 prefix "RFC3964_IPv4_REJECT: " -+ REJECT all ::/0 2002:a9fe::/32 reject-with icmp6-addr-unreachable -+ LOG all ::/0 2002:c0a8::/32 LOG flags 0 level 4 prefix "RFC3964_IPv4_REJECT: " -+ REJECT all ::/0 2002:c0a8::/32 reject-with icmp6-addr-unreachable -+ LOG all ::/0 2002:ac10::/28 LOG flags 0 level 4 prefix "RFC3964_IPv4_REJECT: " -+ REJECT all ::/0 2002:ac10::/28 reject-with icmp6-addr-unreachable -+ LOG all ::/0 2002:7f00::/24 LOG flags 0 level 4 prefix "RFC3964_IPv4_REJECT: " -+ REJECT all ::/0 2002:7f00::/24 reject-with icmp6-addr-unreachable -+ LOG all ::/0 2002:a00::/24 LOG flags 0 level 4 prefix "RFC3964_IPv4_REJECT: " -+ REJECT all ::/0 2002:a00::/24 reject-with icmp6-addr-unreachable -+ LOG all ::/0 2002::/24 LOG flags 0 level 4 prefix "RFC3964_IPv4_REJECT: " -+ REJECT all ::/0 2002::/24 reject-with icmp6-addr-unreachable -+ LOG all ::/0 ::ffff:0.0.0.0/96 LOG flags 0 level 4 prefix "RFC3964_IPv4_REJECT: " -+ REJECT all ::/0 ::ffff:0.0.0.0/96 reject-with icmp6-addr-unreachable -+ LOG all ::/0 ::/96 LOG flags 0 level 4 prefix "RFC3964_IPv4_REJECT: " -+ REJECT all ::/0 ::/96 reject-with icmp6-addr-unreachable - ]) -- IP6TABLES_LIST_RULES([raw], [OUTPUT], 0, [dnl -- LOG all ::/0 2002:e000::/19 LOG flags 0 level 4 prefix "RFC3964_IPv4_DROP: " -- DROP all ::/0 2002:e000::/19 -- LOG all ::/0 2002:a9fe::/32 LOG flags 0 level 4 prefix "RFC3964_IPv4_DROP: " -- DROP all ::/0 2002:a9fe::/32 -- LOG all ::/0 2002:c0a8::/32 LOG flags 0 level 4 prefix "RFC3964_IPv4_DROP: " -- DROP all ::/0 2002:c0a8::/32 -- LOG all ::/0 2002:ac10::/28 LOG flags 0 level 4 prefix "RFC3964_IPv4_DROP: " -- DROP all ::/0 2002:ac10::/28 -- LOG all ::/0 2002:7f00::/24 LOG flags 0 level 4 prefix "RFC3964_IPv4_DROP: " -- DROP all ::/0 2002:7f00::/24 -- LOG all ::/0 2002:a00::/24 LOG flags 0 level 4 prefix "RFC3964_IPv4_DROP: " -- DROP all ::/0 2002:a00::/24 -- LOG all ::/0 2002::/24 LOG flags 0 level 4 prefix "RFC3964_IPv4_DROP: " -- DROP all ::/0 2002::/24 -- LOG all ::/0 ::ffff:0.0.0.0/96 LOG flags 0 level 4 prefix "RFC3964_IPv4_DROP: " -- DROP all ::/0 ::ffff:0.0.0.0/96 -- LOG all ::/0 ::/96 LOG flags 0 level 4 prefix "RFC3964_IPv4_DROP: " -- DROP all ::/0 ::/96 -+ IP6TABLES_LIST_RULES([filter], [FORWARD], 0, [dnl -+ ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED -+ ACCEPT all ::/0 ::/0 -+ FORWARD_direct all ::/0 ::/0 -+ RFC3964_IPv4 all ::/0 ::/0 -+ FORWARD_IN_ZONES_SOURCE all ::/0 ::/0 -+ FORWARD_IN_ZONES all ::/0 ::/0 -+ FORWARD_OUT_ZONES_SOURCE all ::/0 ::/0 -+ FORWARD_OUT_ZONES all ::/0 ::/0 -+ LOG all ::/0 ::/0 ctstate INVALID LOG flags 0 level 4 prefix "STATE_INVALID_DROP: " -+ DROP all ::/0 ::/0 ctstate INVALID -+ LOG all ::/0 ::/0 LOG flags 0 level 4 prefix "FINAL_REJECT: " -+ REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited -+ ]) -+ IP6TABLES_LIST_RULES([filter], [OUTPUT], 0, [dnl -+ ACCEPT all ::/0 ::/0 - OUTPUT_direct all ::/0 ::/0 -+ RFC3964_IPv4 all ::/0 ::/0 - ]) - ]) - -@@ -80,35 +76,46 @@ AT_CHECK([sed -i 's/^RFC3964_IPv4.*/RFC3964_IPv4=no/' ./firewalld.conf]) - FWD_RELOAD - - m4_if(nftables, FIREWALL_BACKEND, [ -- NFT_LIST_RULES([inet], [raw_PREROUTING], 0, [dnl -+ NFT_LIST_RULES([inet], [filter_FORWARD], 0, [dnl - table inet firewalld { -- chain raw_PREROUTING { -- m4_if(yes, HOST_SUPPORTS_NFT_FIB, [dnl -- icmpv6 type { nd-router-advert, nd-neighbor-solicit } accept -- meta nfproto ipv6 fib saddr . iif oif missing log prefix "rpfilter_DROP: " drop -- ])dnl -- jump raw_PREROUTING_ZONES_SOURCE -- jump raw_PREROUTING_ZONES -+ chain filter_FORWARD { -+ ct state established,related accept -+ iifname "lo" accept -+ jump filter_FORWARD_IN_ZONES_SOURCE -+ jump filter_FORWARD_IN_ZONES -+ jump filter_FORWARD_OUT_ZONES_SOURCE -+ jump filter_FORWARD_OUT_ZONES -+ ct state invalid log prefix "STATE_INVALID_DROP: " -+ ct state invalid drop -+ log prefix "FINAL_REJECT: " -+ reject with icmpx type admin-prohibited - } - } - ]) -- NFT_LIST_RULES([inet], [raw_OUTPUT], 0, [dnl -+ NFT_LIST_RULES([inet], [filter_OUTPUT], 0, [dnl - table inet firewalld { -- chain raw_OUTPUT { -+ chain filter_OUTPUT { -+ oifname "lo" accept - } - } - ]) - ], [ -- IP6TABLES_LIST_RULES([raw], [PREROUTING], 0, [dnl -- ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 134 -- ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 135 -- LOG all ::/0 ::/0 rpfilter invert LOG flags 0 level 4 prefix "rpfilter_DROP: " -- DROP all ::/0 ::/0 rpfilter invert -- PREROUTING_direct all ::/0 ::/0 -- PREROUTING_ZONES_SOURCE all ::/0 ::/0 -- PREROUTING_ZONES all ::/0 ::/0 -+ NS_CHECK([ip6tables -w -n -t filter -L RFC3964_IPv4], 1, [ignore], [ignore]) -+ IP6TABLES_LIST_RULES([filter], [FORWARD], 0, [dnl -+ ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED -+ ACCEPT all ::/0 ::/0 -+ FORWARD_direct all ::/0 ::/0 -+ FORWARD_IN_ZONES_SOURCE all ::/0 ::/0 -+ FORWARD_IN_ZONES all ::/0 ::/0 -+ FORWARD_OUT_ZONES_SOURCE all ::/0 ::/0 -+ FORWARD_OUT_ZONES all ::/0 ::/0 -+ LOG all ::/0 ::/0 ctstate INVALID LOG flags 0 level 4 prefix "STATE_INVALID_DROP: " -+ DROP all ::/0 ::/0 ctstate INVALID -+ LOG all ::/0 ::/0 LOG flags 0 level 4 prefix "FINAL_REJECT: " -+ REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited - ]) -- IP6TABLES_LIST_RULES([raw], [OUTPUT], 0, [dnl -+ IP6TABLES_LIST_RULES([filter], [OUTPUT], 0, [dnl -+ ACCEPT all ::/0 ::/0 - OUTPUT_direct all ::/0 ::/0 - ]) - ]) --- -2.18.0 - diff --git a/SOURCES/firewalld-0.7-0003-nftables-support-RFC3964_IPv4-filtering.patch b/SOURCES/firewalld-0.7-0003-nftables-support-RFC3964_IPv4-filtering.patch deleted file mode 100644 index 369f794..0000000 --- a/SOURCES/firewalld-0.7-0003-nftables-support-RFC3964_IPv4-filtering.patch +++ /dev/null @@ -1,65 +0,0 @@ -From b0267902150824c1e0e6e626921181e461a101bd Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Wed, 19 Dec 2018 14:20:46 -0500 -Subject: [PATCH 3/8] nftables: support RFC3964_IPv4 filtering - -(cherry picked from commit 5afa02271418284ae95dc81304c7af65ff6e41ae) ---- - src/firewall/core/nftables.py | 27 ++++++++++++++++++++++++++- - 1 file changed, 26 insertions(+), 1 deletion(-) - -diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py -index 72f2180ec504..1d0ce24d68a2 100644 ---- a/src/firewall/core/nftables.py -+++ b/src/firewall/core/nftables.py -@@ -54,7 +54,7 @@ IPTABLES_TO_NFT_HOOK = { - #}, - "raw": { - "PREROUTING": ("prerouting", -300 + NFT_HOOK_OFFSET), -- # "OUTPUT": ("output", -300 + NFT_HOOK_OFFSET), -+ "OUTPUT": ("output", -300 + NFT_HOOK_OFFSET), - }, - "mangle": { - "PREROUTING": ("prerouting", -150 + NFT_HOOK_OFFSET), -@@ -412,6 +412,7 @@ class nftables(object): - IPTABLES_TO_NFT_HOOK["raw"][chain][0], - IPTABLES_TO_NFT_HOOK["raw"][chain][1])) - -+ for chain in ["PREROUTING"]: - default_rules.append("add chain inet %s raw_%s_ZONES_SOURCE" % (TABLE_NAME, chain)) - default_rules.append("add chain inet %s raw_%s_ZONES" % (TABLE_NAME, chain)) - default_rules.append("add rule inet %s raw_%s jump raw_%s_ZONES_SOURCE" % (TABLE_NAME, chain, chain)) -@@ -1245,6 +1246,30 @@ class nftables(object): - "accept"]) # RHBZ#1058505, RHBZ#1575431 (bug in kernel 4.16-4.17) - return rules - -+ def build_rfc3964_ipv4_rules(self): -+ daddr_set = ["{", -+ "::0.0.0.0/96,", # IPv4 compatible -+ "::ffff:0.0.0.0/96,", # IPv4 mapped -+ "2002:0000::/24,", # 0.0.0.0/8 (the system has no address assigned yet) -+ "2002:0a00::/24,", # 10.0.0.0/8 (private) -+ "2002:7f00::/24,", # 127.0.0.0/8 (loopback) -+ "2002:ac10::/28,", # 172.16.0.0/12 (private) -+ "2002:c0a8::/32,", # 192.168.0.0/16 (private) -+ "2002:a9fe::/32,", # 169.254.0.0/16 (IANA Assigned DHCP link-local) -+ "2002:e000::/19,", # 224.0.0.0/4 (multicast), 240.0.0.0/4 (reserved and broadcast) -+ "}"] -+ -+ rule_fragment = ["ip6", "daddr"] + daddr_set -+ if self._fw._log_denied in ["unicast", "all"]: -+ rule_fragment += ["log", "prefix", "\"RFC3964_IPv4_DROP: \""] -+ rule_fragment += ["drop"] -+ -+ rules = [] -+ for chain in ["PREROUTING", "OUTPUT"]: -+ rules.append(["insert", "rule", "inet", "%s" % TABLE_NAME, -+ "raw_%s" % chain] + rule_fragment) -+ return rules -+ - def build_zone_rich_source_destination_rules(self, enable, zone, rich_rule): - table = "filter" - target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS["INPUT"], --- -2.18.0 - diff --git a/SOURCES/firewalld-0.7-0004-ipXtables-support-RFC3964_IPv4-filtering.patch b/SOURCES/firewalld-0.7-0004-ipXtables-support-RFC3964_IPv4-filtering.patch deleted file mode 100644 index 55f5e0e..0000000 --- a/SOURCES/firewalld-0.7-0004-ipXtables-support-RFC3964_IPv4-filtering.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 9c0d0621440868e3ce0da36933c6aca53c4a2206 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Thu, 20 Dec 2018 14:25:12 -0500 -Subject: [PATCH 4/8] ipXtables: support RFC3964_IPv4 filtering - -(cherry picked from commit b86206ed15908287b1e08882c62306f860a3b6b6) ---- - src/firewall/core/ipXtables.py | 24 ++++++++++++++++++++++++ - 1 file changed, 24 insertions(+) - -diff --git a/src/firewall/core/ipXtables.py b/src/firewall/core/ipXtables.py -index d7626df1b023..2d2d9f76d5c9 100644 ---- a/src/firewall/core/ipXtables.py -+++ b/src/firewall/core/ipXtables.py -@@ -1306,3 +1306,27 @@ class ip6tables(ip4tables): - "--icmpv6-type=router-advertisement", - "-j", "ACCEPT" ]) # RHBZ#1058505 - return rules -+ -+ def build_rfc3964_ipv4_rules(self): -+ daddr_list = [ -+ "::0.0.0.0/96", # IPv4 compatible -+ "::ffff:0.0.0.0/96", # IPv4 mapped -+ "2002:0000::/24", # 0.0.0.0/8 (the system has no address assigned yet) -+ "2002:0a00::/24", # 10.0.0.0/8 (private) -+ "2002:7f00::/24", # 127.0.0.0/8 (loopback) -+ "2002:ac10::/28", # 172.16.0.0/12 (private) -+ "2002:c0a8::/32", # 192.168.0.0/16 (private) -+ "2002:a9fe::/32", # 169.254.0.0/16 (IANA Assigned DHCP link-local) -+ "2002:e000::/19", # 224.0.0.0/4 (multicast), 240.0.0.0/4 (reserved and broadcast) -+ ] -+ -+ rules = [] -+ for daddr in daddr_list: -+ for chain in ["PREROUTING", "OUTPUT"]: -+ rules.append(["-t", "raw", "-I", chain, -+ "-d", daddr, "-j", "DROP"]) -+ if self._fw._log_denied in ["unicast", "all"]: -+ rules.append(["-t", "raw", "-I", chain, -+ "-d", daddr, "-j", "LOG", -+ "--log-prefix", "\"RFC3964_IPv4_DROP: \""]) -+ return rules --- -2.18.0 - diff --git a/SOURCES/firewalld-0.7-0005-fw-enable-RFC3964_IPv4-support.patch b/SOURCES/firewalld-0.7-0005-fw-enable-RFC3964_IPv4-support.patch deleted file mode 100644 index 5282614..0000000 --- a/SOURCES/firewalld-0.7-0005-fw-enable-RFC3964_IPv4-support.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 236a8ea6f170dcab1484447b16d52d01c95b512f Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Thu, 20 Dec 2018 14:26:19 -0500 -Subject: [PATCH 5/8] fw: enable RFC3964_IPv4 support - -Actually call it and make it active now that both backends support it. - -(cherry picked from commit 36139d2ae3fd9b0184d2b9668970c291d22276ce) ---- - src/firewall/core/fw.py | 24 +++++++----------------- - 1 file changed, 7 insertions(+), 17 deletions(-) - -diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py -index e8d77f11b2ae..a3089ce70eb8 100644 ---- a/src/firewall/core/fw.py -+++ b/src/firewall/core/fw.py -@@ -817,24 +817,14 @@ class Firewall(object): - transaction.add_rules(backend, rules) - - ipv6_backend = self.get_backend_by_ipv("ipv6") -- if self.ipv6_rpfilter_enabled and \ -- "raw" in ipv6_backend.get_available_tables(): -- -- # Execute existing transaction -- transaction.execute(True) -- # Start new transaction -- transaction.clear() -- -- rules = ipv6_backend.build_rpfilter_rules(self._log_denied) -- transaction.add_rules(ipv6_backend, rules) -+ if "raw" in ipv6_backend.get_available_tables(): -+ if self.ipv6_rpfilter_enabled: -+ rules = ipv6_backend.build_rpfilter_rules(self._log_denied) -+ transaction.add_rules(ipv6_backend, rules) - -- # Execute ipv6_rpfilter transaction, it might fail -- try: -- transaction.execute(True) -- except FirewallError as msg: -- log.warning("Applying rules for ipv6_rpfilter failed: %s", msg) -- # Start new transaction -- transaction.clear() -+ if self._rfc3964_ipv4: -+ rules = ipv6_backend.build_rfc3964_ipv4_rules() -+ transaction.add_rules(ipv6_backend, rules) - - else: - if use_transaction is None: --- -2.18.0 - diff --git a/SOURCES/firewalld-0.7-0006-test-functions-Strip-nft-hook-and-policy-from-output.patch b/SOURCES/firewalld-0.7-0006-test-functions-Strip-nft-hook-and-policy-from-output.patch deleted file mode 100644 index 92789a0..0000000 --- a/SOURCES/firewalld-0.7-0006-test-functions-Strip-nft-hook-and-policy-from-output.patch +++ /dev/null @@ -1,33 +0,0 @@ -From d858968a41b69f3af5a3d45baf40336618cccc9d Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Fri, 21 Dec 2018 09:14:15 -0500 -Subject: [PATCH 6/8] test/functions: Strip nft hook and policy from output - -Depending on the nft version the priority may print as "-290" or "raw + -10". Just strip the whole hook line - we really just want to see the -rules. - -(cherry picked from commit 9b681605f96907f3fced59a4e6c884b68db0ffc8) ---- - src/tests/functions.at | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/src/tests/functions.at b/src/tests/functions.at -index 964bb8800637..3b367fdc0f58 100644 ---- a/src/tests/functions.at -+++ b/src/tests/functions.at -@@ -255,7 +255,10 @@ m4_define([IP6TABLES_LIST_RULES], [ - m4_define([NFT_LIST_RULES], [ - dnl nftables commit 6dd848339444 change list output to show "meta mark" - dnl instead of just "mark". -- m4_define([NFT_LIST_RULES_NORMALIZE], [sed -e 's/meta mark/mark/g']) -+ m4_define([NFT_LIST_RULES_NORMALIZE], [dnl -+ sed -e 's/meta mark/mark/g'dnl -+ | sed -e '/type.*hook.*priority.*policy.*/d'dnl -+ ]) - m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ - NS_CHECK([nft -nn list chain $1 firewalld $2 | TRIM_WHITESPACE | NFT_LIST_RULES_NORMALIZE], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) - ]) --- -2.18.0 - diff --git a/SOURCES/firewalld-0.7-0007-tests-add-new-group-features.patch b/SOURCES/firewalld-0.7-0007-tests-add-new-group-features.patch deleted file mode 100644 index f728074..0000000 --- a/SOURCES/firewalld-0.7-0007-tests-add-new-group-features.patch +++ /dev/null @@ -1,45 +0,0 @@ -From a29e4ca5aa62663b57edcf2eefe0b0a880cc893f Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Thu, 20 Dec 2018 14:36:58 -0500 -Subject: [PATCH 7/8] tests: add new group "features" - -(cherry picked from commit 1344458447ce7674b2cc41d8573cce605e8c1c02) ---- - src/tests/Makefile.am | 1 + - src/tests/features.at | 1 + - src/tests/testsuite.at | 1 + - 3 files changed, 3 insertions(+) - create mode 100644 src/tests/features.at - -diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am -index a30ce4d5d607..3241c1f5fbb3 100644 ---- a/src/tests/Makefile.am -+++ b/src/tests/Makefile.am -@@ -2,6 +2,7 @@ TESTSUITE = $(srcdir)/testsuite - TESTSUITE_FILES = \ - $(wildcard $(srcdir)/*.at) \ - $(wildcard $(srcdir)/dbus/*.at) \ -+ $(wildcard $(srcdir)/features/*.at) - $(wildcard $(srcdir)/regression/*.at) - - EXTRA_DIST = \ -diff --git a/src/tests/features.at b/src/tests/features.at -new file mode 100644 -index 000000000000..5fdfbe35a926 ---- /dev/null -+++ b/src/tests/features.at -@@ -0,0 +1 @@ -+AT_BANNER([features (FIREWALL_BACKEND)]) -diff --git a/src/tests/testsuite.at b/src/tests/testsuite.at -index 2943d7460919..b4dc05a59f55 100644 ---- a/src/tests/testsuite.at -+++ b/src/tests/testsuite.at -@@ -14,4 +14,5 @@ m4_foreach([FIREWALL_BACKEND], [[nftables], [iptables]], [ - m4_include([firewall-cmd.at]) - m4_include([regression.at]) - m4_include([python.at]) -+ m4_include([features.at]) - ]) --- -2.18.0 - diff --git a/SOURCES/firewalld-0.7-0008-tests-features-add-coverage-for-RFC3964_IPv4.patch b/SOURCES/firewalld-0.7-0008-tests-features-add-coverage-for-RFC3964_IPv4.patch deleted file mode 100644 index e52231c..0000000 --- a/SOURCES/firewalld-0.7-0008-tests-features-add-coverage-for-RFC3964_IPv4.patch +++ /dev/null @@ -1,144 +0,0 @@ -From be105551fa365c5f0bc06d84da9c47fe2a078af9 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Thu, 20 Dec 2018 14:40:20 -0500 -Subject: [PATCH 8/8] tests/features: add coverage for RFC3964_IPv4 - -(cherry picked from commit 74211168c8f59994356619f214ad28d69ba1744b) ---- - src/tests/features.at | 1 + - src/tests/features/rfc3964_ipv4.at | 116 +++++++++++++++++++++++++++++ - 2 files changed, 117 insertions(+) - create mode 100644 src/tests/features/rfc3964_ipv4.at - -diff --git a/src/tests/features.at b/src/tests/features.at -index 5fdfbe35a926..744d313e9226 100644 ---- a/src/tests/features.at -+++ b/src/tests/features.at -@@ -1 +1,2 @@ - AT_BANNER([features (FIREWALL_BACKEND)]) -+m4_include([features/rfc3964_ipv4.at]) -diff --git a/src/tests/features/rfc3964_ipv4.at b/src/tests/features/rfc3964_ipv4.at -new file mode 100644 -index 000000000000..ea8dd40bb5c3 ---- /dev/null -+++ b/src/tests/features/rfc3964_ipv4.at -@@ -0,0 +1,116 @@ -+FWD_START_TEST([RFC3964_IPv4]) -+ -+AT_CHECK([sed -i 's/^LogDenied.*/LogDenied=all/' ./firewalld.conf]) -+AT_CHECK([sed -i 's/^RFC3964_IPv4.*/RFC3964_IPv4=yes/' ./firewalld.conf]) -+FWD_RELOAD -+ -+m4_if(nftables, FIREWALL_BACKEND, [ -+ NFT_LIST_RULES([inet], [raw_PREROUTING], 0, [dnl -+ table inet firewalld { -+ chain raw_PREROUTING { -+ ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } log prefix "RFC3964_IPv4_DROP: " drop -+ m4_if(yes, HOST_SUPPORTS_NFT_FIB, [dnl -+ icmpv6 type { nd-router-advert, nd-neighbor-solicit } accept -+ meta nfproto ipv6 fib saddr . iif oif missing log prefix "rpfilter_DROP: " drop -+ ])dnl -+ jump raw_PREROUTING_ZONES_SOURCE -+ jump raw_PREROUTING_ZONES -+ } -+ } -+ ]) -+ NFT_LIST_RULES([inet], [raw_OUTPUT], 0, [dnl -+ table inet firewalld { -+ chain raw_OUTPUT { -+ ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } log prefix "RFC3964_IPv4_DROP: " drop -+ } -+ } -+ ]) -+], [ -+ IP6TABLES_LIST_RULES([raw], [PREROUTING], 0, [dnl -+ LOG all ::/0 2002:e000::/19 LOG flags 0 level 4 prefix "RFC3964_IPv4_DROP: " -+ DROP all ::/0 2002:e000::/19 -+ LOG all ::/0 2002:a9fe::/32 LOG flags 0 level 4 prefix "RFC3964_IPv4_DROP: " -+ DROP all ::/0 2002:a9fe::/32 -+ LOG all ::/0 2002:c0a8::/32 LOG flags 0 level 4 prefix "RFC3964_IPv4_DROP: " -+ DROP all ::/0 2002:c0a8::/32 -+ LOG all ::/0 2002:ac10::/28 LOG flags 0 level 4 prefix "RFC3964_IPv4_DROP: " -+ DROP all ::/0 2002:ac10::/28 -+ LOG all ::/0 2002:7f00::/24 LOG flags 0 level 4 prefix "RFC3964_IPv4_DROP: " -+ DROP all ::/0 2002:7f00::/24 -+ LOG all ::/0 2002:a00::/24 LOG flags 0 level 4 prefix "RFC3964_IPv4_DROP: " -+ DROP all ::/0 2002:a00::/24 -+ LOG all ::/0 2002::/24 LOG flags 0 level 4 prefix "RFC3964_IPv4_DROP: " -+ DROP all ::/0 2002::/24 -+ LOG all ::/0 ::ffff:0.0.0.0/96 LOG flags 0 level 4 prefix "RFC3964_IPv4_DROP: " -+ DROP all ::/0 ::ffff:0.0.0.0/96 -+ LOG all ::/0 ::/96 LOG flags 0 level 4 prefix "RFC3964_IPv4_DROP: " -+ DROP all ::/0 ::/96 -+ ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 134 -+ ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 135 -+ LOG all ::/0 ::/0 rpfilter invert LOG flags 0 level 4 prefix "rpfilter_DROP: " -+ DROP all ::/0 ::/0 rpfilter invert -+ PREROUTING_direct all ::/0 ::/0 -+ PREROUTING_ZONES_SOURCE all ::/0 ::/0 -+ PREROUTING_ZONES all ::/0 ::/0 -+ ]) -+ IP6TABLES_LIST_RULES([raw], [OUTPUT], 0, [dnl -+ LOG all ::/0 2002:e000::/19 LOG flags 0 level 4 prefix "RFC3964_IPv4_DROP: " -+ DROP all ::/0 2002:e000::/19 -+ LOG all ::/0 2002:a9fe::/32 LOG flags 0 level 4 prefix "RFC3964_IPv4_DROP: " -+ DROP all ::/0 2002:a9fe::/32 -+ LOG all ::/0 2002:c0a8::/32 LOG flags 0 level 4 prefix "RFC3964_IPv4_DROP: " -+ DROP all ::/0 2002:c0a8::/32 -+ LOG all ::/0 2002:ac10::/28 LOG flags 0 level 4 prefix "RFC3964_IPv4_DROP: " -+ DROP all ::/0 2002:ac10::/28 -+ LOG all ::/0 2002:7f00::/24 LOG flags 0 level 4 prefix "RFC3964_IPv4_DROP: " -+ DROP all ::/0 2002:7f00::/24 -+ LOG all ::/0 2002:a00::/24 LOG flags 0 level 4 prefix "RFC3964_IPv4_DROP: " -+ DROP all ::/0 2002:a00::/24 -+ LOG all ::/0 2002::/24 LOG flags 0 level 4 prefix "RFC3964_IPv4_DROP: " -+ DROP all ::/0 2002::/24 -+ LOG all ::/0 ::ffff:0.0.0.0/96 LOG flags 0 level 4 prefix "RFC3964_IPv4_DROP: " -+ DROP all ::/0 ::ffff:0.0.0.0/96 -+ LOG all ::/0 ::/96 LOG flags 0 level 4 prefix "RFC3964_IPv4_DROP: " -+ DROP all ::/0 ::/96 -+ OUTPUT_direct all ::/0 ::/0 -+ ]) -+]) -+ -+AT_CHECK([sed -i 's/^RFC3964_IPv4.*/RFC3964_IPv4=no/' ./firewalld.conf]) -+FWD_RELOAD -+ -+m4_if(nftables, FIREWALL_BACKEND, [ -+ NFT_LIST_RULES([inet], [raw_PREROUTING], 0, [dnl -+ table inet firewalld { -+ chain raw_PREROUTING { -+ m4_if(yes, HOST_SUPPORTS_NFT_FIB, [dnl -+ icmpv6 type { nd-router-advert, nd-neighbor-solicit } accept -+ meta nfproto ipv6 fib saddr . iif oif missing log prefix "rpfilter_DROP: " drop -+ ])dnl -+ jump raw_PREROUTING_ZONES_SOURCE -+ jump raw_PREROUTING_ZONES -+ } -+ } -+ ]) -+ NFT_LIST_RULES([inet], [raw_OUTPUT], 0, [dnl -+ table inet firewalld { -+ chain raw_OUTPUT { -+ } -+ } -+ ]) -+], [ -+ IP6TABLES_LIST_RULES([raw], [PREROUTING], 0, [dnl -+ ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 134 -+ ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 135 -+ LOG all ::/0 ::/0 rpfilter invert LOG flags 0 level 4 prefix "rpfilter_DROP: " -+ DROP all ::/0 ::/0 rpfilter invert -+ PREROUTING_direct all ::/0 ::/0 -+ PREROUTING_ZONES_SOURCE all ::/0 ::/0 -+ PREROUTING_ZONES all ::/0 ::/0 -+ ]) -+ IP6TABLES_LIST_RULES([raw], [OUTPUT], 0, [dnl -+ OUTPUT_direct all ::/0 ::/0 -+ ]) -+]) -+ -+FWD_END_TEST --- -2.18.0 - diff --git a/SOURCES/firewalld-0.7-0017-nftables-build-rule_key-properly-for-delete-verb.patch b/SOURCES/firewalld-0.7-0017-nftables-build-rule_key-properly-for-delete-verb.patch deleted file mode 100644 index b519e8d..0000000 --- a/SOURCES/firewalld-0.7-0017-nftables-build-rule_key-properly-for-delete-verb.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 838a1561e4812601a35e294523c7aaf5361c60ef Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Tue, 13 Nov 2018 16:00:30 -0500 -Subject: [PATCH 17/34] nftables: build rule_key properly for delete verb - -When deleting a rule make sure to strip the index/position from the rule -string. - -(cherry picked from commit 7b40ad43f120dd08176fb3c52cdc94722f0a72bb) ---- - src/firewall/core/nftables.py | 32 +++++++++++++++++--------------- - 1 file changed, 17 insertions(+), 15 deletions(-) - -diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py -index a1cb2c474737..47b1c27dc8cc 100644 ---- a/src/firewall/core/nftables.py -+++ b/src/firewall/core/nftables.py -@@ -169,6 +169,21 @@ class nftables(object): - nft_opts = ["--echo", "--handle"] - _args = args[:] - -+ def rule_key_from_rule(rule): -+ rule_key = rule[2:] -+ if rule_key[3] in ["position", "handle", "index"]: -+ # strip "position #" -+ # "insert rule family table chain position " -+ # ^^ rule_key starts here -+ try: -+ int(rule_key[4]) -+ except Exception: -+ raise FirewallError(INVALID_RULE, "position without a number") -+ else: -+ rule_key.pop(3) -+ rule_key.pop(3) -+ return " ".join(rule_key) -+ - # If we're deleting a table (i.e. build_flush_rules()) - # then check if its exist first to avoid nft throwing an error - if _args[0] == "delete" and _args[1] == "table": -@@ -181,23 +196,10 @@ class nftables(object): - rule_key = None - if _args[0] in ["add", "insert"] and _args[1] == "rule": - rule_add = True -- rule_key = _args[2:] -- if rule_key[3] == "position": -- # strip "position #" -- # "insert rule family table chain position " -- # ^^ rule_key starts here -- try: -- int(rule_key[4]) -- except Exception: -- raise FirewallError(INVALID_RULE, "position without a number") -- else: -- rule_key.pop(3) -- rule_key.pop(3) -- rule_key = " ".join(rule_key) -+ rule_key = rule_key_from_rule(_args) - elif _args[0] in ["delete"] and _args[1] == "rule": - rule_add = False -- rule_key = _args[2:] -- rule_key = " ".join(rule_key) -+ rule_key = rule_key_from_rule(_args) - # delete using rule handle - _args = ["delete", "rule"] + _args[2:5] + \ - ["handle", self.rule_to_handle[rule_key]] --- -2.18.0 - diff --git a/SOURCES/firewalld-0.7-0018-nftables-Use-index-for-ICMP-block-inversion-rules.patch b/SOURCES/firewalld-0.7-0018-nftables-Use-index-for-ICMP-block-inversion-rules.patch deleted file mode 100644 index 81e51ac..0000000 --- a/SOURCES/firewalld-0.7-0018-nftables-Use-index-for-ICMP-block-inversion-rules.patch +++ /dev/null @@ -1,97 +0,0 @@ -From 5964984c68b5101c372ce6b067fbe627a7a33d1b Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Tue, 13 Nov 2018 15:30:08 -0500 -Subject: [PATCH 18/34] nftables: Use index for ICMP block inversion rules - -(cherry picked from commit 54e1bac809fccbc83540f6151a64aeb1f058c06a) ---- - src/firewall/core/fw_zone.py | 6 ----- - src/firewall/core/nftables.py | 43 +++++++++-------------------------- - 2 files changed, 11 insertions(+), 38 deletions(-) - -diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py -index db90c32be540..afa4b2ce0022 100644 ---- a/src/firewall/core/fw_zone.py -+++ b/src/firewall/core/fw_zone.py -@@ -1961,12 +1961,6 @@ class FirewallZone(object): - zone_transaction.add_chain("filter", "INPUT") - zone_transaction.add_chain("filter", "FORWARD_IN") - -- # To satisfy nftables backend rule lookup we must execute pending -- # rules. See nftables.build_zone_icmp_block_inversion_rules() -- if enable: -- zone_transaction.execute(enable) -- zone_transaction.clear() -- - for backend in self._fw.enabled_backends(): - if not backend.zones_supported: - continue -diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py -index 47b1c27dc8cc..a763ed3ec103 100644 ---- a/src/firewall/core/nftables.py -+++ b/src/firewall/core/nftables.py -@@ -1066,50 +1066,29 @@ class nftables(object): - def build_zone_icmp_block_inversion_rules(self, enable, zone): - table = "filter" - rules = [] -+ add_del = { True: "add", False: "delete" }[enable] -+ - for chain in ["INPUT", "FORWARD_IN"]: - _zone = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS[chain], - zone=zone) -- # HACK: nft position is actually a handle, so we need to lookup the -- # handle of the rule we want to insert this after. -- # -- # This must be kept in sync with build_zone_chain_rules() -- # -- # WARN: This does not work if we haven't executed the transaction -- # yet, because we don't have a handle for our rule_key!! As such, -- # we execute transactions before calling this function. -- # -- rule_key = " ".join(["inet", "%s" % TABLE_NAME, -- "%s_%s" % (table, _zone), -- "jump", "%s_%s_allow" % (table, _zone)]) -- rule_handle = self.rule_to_handle[rule_key] - - if self._fw.zone.query_icmp_block_inversion(zone): - ibi_target = "%%REJECT%%" - else: - ibi_target = "accept" - -- if enable: -- # FIXME: can we get rid of position ? -- rule = ["add", "rule", "inet", "%s" % TABLE_NAME, -- "%s_%s" % (table, _zone), "position", rule_handle] -- else: -- rule = ["delete", "rule", "inet", "%s" % TABLE_NAME, -- "%s_%s" % (table, _zone)] -- rule += ["%%ICMP%%", ibi_target] -- rules.append(rule) -+ # WARN: index must be kept in sync with build_zone_chain_rules() -+ rules.append([add_del, "rule", "inet", "%s" % TABLE_NAME, -+ "%s_%s" % (table, _zone), "index", "2", -+ "%%ICMP%%", ibi_target]) - - if self._fw.zone.query_icmp_block_inversion(zone): - if self._fw.get_log_denied() != "off": -- if enable: -- # FIXME: can we get rid of position ? -- rule = ["add", "rule", "inet", "%s" % TABLE_NAME, -- "%s_%s" % (table, _zone), "position", rule_handle] -- else: -- rule = ["delete", "rule", "inet", "%s" % TABLE_NAME, -- "%s_%s" % (table, _zone)] -- rule += ["%%ICMP%%", "%%LOGTYPE%%", "log", "prefix", -- "\"%s_%s_ICMP_BLOCK: \"" % (table, _zone)] -- rules.append(rule) -+ # WARN: index must be kept in sync with build_zone_chain_rules() -+ rules.append([add_del, "rule", "inet", "%s" % TABLE_NAME, -+ "%s_%s" % (table, _zone), "index", "2", -+ "%%ICMP%%", "%%LOGTYPE%%", "log", "prefix", -+ "\"%s_%s_ICMP_BLOCK: \"" % (table, _zone)]) - - return rules - --- -2.18.0 - diff --git a/SOURCES/firewalld-0.7-0019-rich-add-support-for-rule-priorities.patch b/SOURCES/firewalld-0.7-0019-rich-add-support-for-rule-priorities.patch deleted file mode 100644 index f3deec2..0000000 --- a/SOURCES/firewalld-0.7-0019-rich-add-support-for-rule-priorities.patch +++ /dev/null @@ -1,145 +0,0 @@ -From fb83f0f12e3ce0a972943b2e087375986983e959 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Thu, 18 Oct 2018 16:26:54 -0400 -Subject: [PATCH 19/34] rich: add support for rule priorities - -(cherry picked from commit aeac75088ef2263a7a91c52956c914e69bee8a4b) ---- - src/firewall/core/io/zone.py | 9 +++++++-- - src/firewall/core/rich.py | 19 +++++++++++++++++-- - src/firewall/errors.py | 1 + - 3 files changed, 25 insertions(+), 4 deletions(-) - -diff --git a/src/firewall/core/io/zone.py b/src/firewall/core/io/zone.py -index 05368e9c73eb..68b2a7c9567c 100644 ---- a/src/firewall/core/io/zone.py -+++ b/src/firewall/core/io/zone.py -@@ -88,7 +88,7 @@ class Zone(IO_Object): - "zone": [ "name", "immutable", "target", "version" ], - "masquerade": [ "enabled" ], - "forward-port": [ "to-port", "to-addr" ], -- "rule": [ "family" ], -+ "rule": [ "family", "priority" ], - "source": [ "address", "mac", "invert", "family", "ipset" ], - "destination": [ "invert" ], - "log": [ "prefix", "level" ], -@@ -627,6 +627,7 @@ class zone_ContentHandler(IO_Object_ContentHandler): - - elif name == "rule": - family = None -+ priority = 0 - if "family" in attrs: - family = attrs["family"] - if family not in [ "ipv4", "ipv6" ]: -@@ -634,7 +635,9 @@ class zone_ContentHandler(IO_Object_ContentHandler): - attrs["family"]) - self._rule_error = True - return -- self._rule = rich.Rich_Rule(family) -+ if "priority" in attrs: -+ priority = int(attrs["priority"]) -+ self._rule = rich.Rich_Rule(family=family, priority=priority) - - elif name == "limit": - if not self._limit_ok: -@@ -834,6 +837,8 @@ def zone_writer(zone, path=None): - attrs = { } - if rule.family: - attrs["family"] = rule.family -+ if rule.priority != 0: -+ attrs["priority"] = str(rule.priority) - handler.ignorableWhitespace(" ") - handler.startElement("rule", attrs) - handler.ignorableWhitespace("\n") -diff --git a/src/firewall/core/rich.py b/src/firewall/core/rich.py -index 04791da612a2..c415bf39212f 100644 ---- a/src/firewall/core/rich.py -+++ b/src/firewall/core/rich.py -@@ -266,12 +266,16 @@ class Rich_Limit(object): - return '' - - class Rich_Rule(object): -- def __init__(self, family=None, rule_str=None): -+ priority_min = -32768 -+ priority_max = 32767 -+ -+ def __init__(self, family=None, rule_str=None, priority=0): - if family is not None: - self.family = str(family) - else: - self.family = None - -+ self.priority = priority - self.source = None - self.destination = None - self.element = None -@@ -303,6 +307,7 @@ class Rich_Rule(object): - if not rule_str: - raise FirewallError(errors.INVALID_RULE, 'empty rule') - -+ self.priority = 0 - self.family = None - self.source = None - self.destination = None -@@ -325,7 +330,7 @@ class Rich_Rule(object): - #print ("in_elements: ", in_elements) - #print ("index: %s, element: %s, attribute: %s=%s" % (index, element, attr_name, attr_value)) - if attr_name: # attribute -- if attr_name not in ['family', 'address', 'mac', 'ipset', -+ if attr_name not in ['priority', 'family', 'address', 'mac', 'ipset', - 'invert', 'value', - 'port', 'protocol', 'to-port', 'to-addr', - 'name', 'prefix', 'level', 'type', -@@ -360,6 +365,8 @@ class Rich_Rule(object): - if not element and attr_name: - if attr_name == 'family': - raise FirewallError(errors.INVALID_RULE, "'family' outside of rule. Use 'rule family=...'.") -+ elif attr_name == 'priority': -+ raise FirewallError(errors.INVALID_RULE, "'priority' outside of rule. Use 'rule priority=...'.") - else: - raise FirewallError(errors.INVALID_RULE, "'%s' outside of any element. Use 'rule %s= ...'." % (attr_name, attr_name)) - elif 'rule' not in element: -@@ -371,6 +378,8 @@ class Rich_Rule(object): - if attr_value not in ['ipv4', 'ipv6']: - raise FirewallError(errors.INVALID_RULE, "'family' attribute cannot have '%s' value. Use 'ipv4' or 'ipv6' instead." % attr_value) - self.family = attr_value -+ elif attr_name == 'priority': -+ self.priority = int(attr_value) - elif attr_name: - if attr_name == 'protocol': - err_msg = "wrong 'protocol' usage. Use either 'rule protocol value=...' or 'rule [forward-]port protocol=...'." -@@ -528,6 +537,10 @@ class Rich_Rule(object): - if type(self.element) == Rich_ForwardPort: - raise FirewallError(errors.MISSING_FAMILY) - -+ if self.priority < self.priority_min or self.priority > self.priority_max: -+ raise FirewallError(errors.INVALID_PRIORITY, "'priority' attribute must be between %d and %d." \ -+ % (self.priority_min, self.priority_max)) -+ - if self.element is None: - if self.action is None: - raise FirewallError(errors.INVALID_RULE, "no element, no action") -@@ -679,6 +692,8 @@ class Rich_Rule(object): - - def __str__(self): - ret = 'rule' -+ if self.priority: -+ ret += ' priority="%d"' % self.priority - if self.family: - ret += ' family="%s"' % self.family - if self.source: -diff --git a/src/firewall/errors.py b/src/firewall/errors.py -index a48038028f25..4589f60848b9 100644 ---- a/src/firewall/errors.py -+++ b/src/firewall/errors.py -@@ -87,6 +87,7 @@ INVALID_IPSET = 135 - INVALID_ENTRY = 136 - INVALID_OPTION = 137 - INVALID_HELPER = 138 -+INVALID_PRIORITY = 139 - - MISSING_TABLE = 200 - MISSING_CHAIN = 201 --- -2.18.0 - diff --git a/SOURCES/firewalld-0.7-0020-firewalld.richlanguage-document-priority-value.patch b/SOURCES/firewalld-0.7-0020-firewalld.richlanguage-document-priority-value.patch deleted file mode 100644 index 6793040..0000000 --- a/SOURCES/firewalld-0.7-0020-firewalld.richlanguage-document-priority-value.patch +++ /dev/null @@ -1,66 +0,0 @@ -From c077c8401afbe3d704b2f99af59f152f8d15db05 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Tue, 6 Nov 2018 10:16:06 -0500 -Subject: [PATCH 20/34] firewalld.richlanguage: document priority value - -(cherry picked from commit 4e284fb7ba334cfccf410ae5a575d4f27bd2779b) ---- - doc/xml/firewalld.richlanguage.xml | 21 +++++++++++++++++---- - 1 file changed, 17 insertions(+), 4 deletions(-) - -diff --git a/doc/xml/firewalld.richlanguage.xml b/doc/xml/firewalld.richlanguage.xml -index bf8d766cf3f2..a0562b93249e 100644 ---- a/doc/xml/firewalld.richlanguage.xml -+++ b/doc/xml/firewalld.richlanguage.xml -@@ -99,10 +99,15 @@ rule - Rule - - --rule [family="ipv4|ipv6"] -+rule [family="ipv4|ipv6"] [priority="priority"] - -+ -+ - If the rule family is provided, it can be either "ipv4" or "ipv6", which limits the rule to IPv4 or IPv6. If the rule family is not provided, the rule will be added for IPv4 and IPv6. If source or destination addresses are used in a rule, then the rule family need to be provided. This is also the case for port/packet forwarding. - -+ -+ If the rule priority is provided, it can be in the range of -32768 to 32767 where lower values have higher precendence. Rich rules are sorted by priority. Ordering for rules with the same priority value is undefined. A negative priority value will be executed before other firewalld primitives. A positive priority value will be executed after other firewalld primitives. A priority value of 0 will place the rule in a chain based on the action as per the "Information about logging and actions" below. -+ - - - -@@ -332,20 +337,28 @@ limit value="rate/duration" - - Information about logging and actions - -- Logging can be done with the log and also with audit. A new chain is added to all zones: zone_log. This will be jumped into before the deny chain to be able to have a proper ordering. -+ Logging can be done with the log and audit actions. A new chain is added to all zones: zone_log. This will be jumped into before the deny chain to be able to have a proper ordering. - - -- The rules or parts of them are placed in separate chains according to the action of the rule: -+ The rules or parts of them are placed in separate chains according to the priority and action of the rule: - - - -+zone_rich_rule_pre - zone_log - zone_deny - zone_allow -+zone_rich_rule_post - - - -- Then all logging rules will be placed in the zone_log chain, which will be walked first. All reject and drop rules will be placed in the zone_deny chain, which will be walked after the log chain. All accept rules will be placed in the zone_allow chain, which will be walked after the deny chain. If a rule contains log and also deny or allow actions, the parts are placed in the matching chains. -+ When priority < 0, the rich rule will be placed in the zone_rich_rule_pre chain. -+ -+ -+ When priority == 0Then all logging rules will be placed in the zone_log chain. All reject and drop rules will be placed in the zone_deny chain, which will be walked after the log chain. All accept rules will be placed in the zone_allow chain, which will be walked after the deny chain. If a rule contains log and also deny or allow actions, the parts are placed in the matching chains. -+ -+ -+ When priority > 0, the rich rule will be placed in the zone_rich_rule_post chain. - - - --- -2.18.0 - diff --git a/SOURCES/firewalld-0.7-0021-rich-rules-allow-catch-all-rules.patch b/SOURCES/firewalld-0.7-0021-rich-rules-allow-catch-all-rules.patch deleted file mode 100644 index 74d5fc7..0000000 --- a/SOURCES/firewalld-0.7-0021-rich-rules-allow-catch-all-rules.patch +++ /dev/null @@ -1,31 +0,0 @@ -From b81c4e04ad26fd73dfdd024efd9fc60561ce0ab2 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Thu, 8 Nov 2018 12:42:43 -0500 -Subject: [PATCH 21/34] rich rules: allow catch-all rules - -Since we now support rich rule priorities it makes sense to allow -catch-all rules if priority is specified. But disallow it for -priority==0 as this will cause unexpected results for the user (always -drop everything). - -(cherry picked from commit df846d7a6c20582a2db79d690526662990e8541f) ---- - src/firewall/core/rich.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/firewall/core/rich.py b/src/firewall/core/rich.py -index c415bf39212f..f0e4af54f32c 100644 ---- a/src/firewall/core/rich.py -+++ b/src/firewall/core/rich.py -@@ -544,7 +544,7 @@ class Rich_Rule(object): - if self.element is None: - if self.action is None: - raise FirewallError(errors.INVALID_RULE, "no element, no action") -- if self.source is None and self.destination is None: -+ if self.source is None and self.destination is None and self.priority == 0: - raise FirewallError(errors.INVALID_RULE, "no element, no source, no destination") - - if type(self.element) not in [ Rich_IcmpBlock, --- -2.18.0 - diff --git a/SOURCES/firewalld-0.7-0022-rich-rules-allow-catch-all-log-rules.patch b/SOURCES/firewalld-0.7-0022-rich-rules-allow-catch-all-log-rules.patch deleted file mode 100644 index 0c44651..0000000 --- a/SOURCES/firewalld-0.7-0022-rich-rules-allow-catch-all-log-rules.patch +++ /dev/null @@ -1,31 +0,0 @@ -From f7de36d140394d012ee40c800733250a9615db32 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Thu, 8 Nov 2018 15:11:27 -0500 -Subject: [PATCH 22/34] rich rules: allow catch-all log rules - -Since we now support rich rule priorities it makes sense to allow -catch-all log rules if priority is specified. But disallow it for -priority==0. - -(cherry picked from commit 8fafd9e840c5c4adca318c5c704702b6399fc0c9) ---- - src/firewall/core/rich.py | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/firewall/core/rich.py b/src/firewall/core/rich.py -index f0e4af54f32c..91f53fd94578 100644 ---- a/src/firewall/core/rich.py -+++ b/src/firewall/core/rich.py -@@ -541,7 +541,8 @@ class Rich_Rule(object): - raise FirewallError(errors.INVALID_PRIORITY, "'priority' attribute must be between %d and %d." \ - % (self.priority_min, self.priority_max)) - -- if self.element is None: -+ if self.element is None and \ -+ (self.log is None or (self.log is not None and self.priority == 0)): - if self.action is None: - raise FirewallError(errors.INVALID_RULE, "no element, no action") - if self.source is None and self.destination is None and self.priority == 0: --- -2.18.0 - diff --git a/SOURCES/firewalld-0.7-0023-firewall-config-support-rich-rule-priorities.patch b/SOURCES/firewalld-0.7-0023-firewall-config-support-rich-rule-priorities.patch deleted file mode 100644 index c7e18ea..0000000 --- a/SOURCES/firewalld-0.7-0023-firewall-config-support-rich-rule-priorities.patch +++ /dev/null @@ -1,634 +0,0 @@ -From 03871c1e06b2384442b0e4f359e848d25e380875 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Wed, 28 Nov 2018 10:14:19 -0500 -Subject: [PATCH 23/34] firewall-config: support rich rule priorities - -(cherry picked from commit e7998960fb285120b3b97e163bb87e25976d22d0) ---- - src/firewall-config.glade | 163 ++++++++++++-------------------------- - src/firewall-config.in | 33 ++++++-- - 2 files changed, 76 insertions(+), 120 deletions(-) - -diff --git a/src/firewall-config.glade b/src/firewall-config.glade -index 75c229b408fd..689433c47eca 100644 ---- a/src/firewall-config.glade -+++ b/src/firewall-config.glade -@@ -1,5 +1,5 @@ - -- -+ - - - -@@ -31,9 +31,6 @@ - - - -- -- -- - - - False -@@ -169,9 +166,6 @@ - addressDialogCancelButton - addressDialogOkButton - -- -- -- - - - False -@@ -292,9 +286,6 @@ - automaticHelpersDialogCancelButton - automaticHelpersDialogOkButton - -- -- -- - - - False -@@ -414,9 +405,6 @@ - commandDialogCancelButton - commandDialogOkButton - -- -- -- - - - False -@@ -536,9 +524,6 @@ - contextDialogCancelButton - contextDialogOkButton - -- -- -- - - - 200 -@@ -660,9 +645,6 @@ - portDialogCancelButton1 - defaultZoneDialogOkButton - -- -- -- - - - False -@@ -862,9 +844,6 @@ - directChainDialogCancelButton - directChainDialogOkButton - -- -- -- - - - False -@@ -1028,9 +1007,6 @@ - directPassthroughDialogCancelButton - directPassthroughDialogOkButton - -- -- -- - - - 200 -@@ -1369,9 +1345,6 @@ - button15 - forwardDialogOkButton - -- -- -- - - - False -@@ -1715,9 +1688,6 @@ - helperBaseDialogCancelButton - helperBaseDialogOkButton - -- -- -- - - - 300 -@@ -1832,9 +1802,6 @@ - helperDialogCancelButton - helperDialogOkButton - -- -- -- - - - False -@@ -2070,9 +2037,6 @@ - icmpBaseDialogCancelButton - icmpBaseDialogOkButton - -- -- -- - - - 300 -@@ -2186,9 +2150,6 @@ - icmptypeDialogCancelButton - icmptypeDialogOkButton - -- -- -- - - - True -@@ -7852,9 +7813,6 @@ - interfaceDialogCancelButton - interfaceDialogOkButton - -- -- -- - - - False -@@ -8258,9 +8216,6 @@ - ipsetBaseDialogCancelButton - ipsetBaseDialogOkButton - -- -- -- - - - 300 -@@ -8375,9 +8330,6 @@ - ipsetDialogCancelButton - ipsetDialogOkButton - -- -- -- - - - False -@@ -8541,9 +8493,6 @@ - ipsetEntryDialogCancelButton - ipsetEntryDialogOkButton - -- -- -- - - - False -@@ -8664,9 +8613,6 @@ - logDeniedDialogCancelButton - logDeniedDialogOkButton - -- -- -- - - - -@@ -8789,9 +8735,6 @@ - macDialogCancelButton - macDialogOkButton - -- -- -- - - - False -@@ -8969,9 +8912,6 @@ - markDialogCancelButton - markDialogOkButton - -- -- -- - - - False -@@ -9139,9 +9079,6 @@ - moduleDialogCancelButton - moduleDialogOkButton - -- -- -- - - - False -@@ -9307,9 +9244,6 @@ - portDialogCancelButton - portDialogOkButton - -- -- -- - - - -99999999 -@@ -9563,9 +9497,6 @@ - directRuleDialogCancelButton - directRuleDialogOkButton - -- -- -- - - - False -@@ -9744,9 +9675,12 @@ - protoDialogCancelButton - protoDialogOkButton - -- -- -- -+ -+ -+ -32768 -+ 32767 -+ 1 -+ 10 - - - False -@@ -9855,7 +9789,7 @@ - - - 0 -- 6 -+ 7 - - - -@@ -9868,7 +9802,7 @@ - - - 0 -- 8 -+ 9 - - - -@@ -9884,7 +9818,7 @@ - - - 0 -- 10 -+ 11 - - - -@@ -9900,7 +9834,7 @@ - - - 0 -- 12 -+ 13 - - - -@@ -10024,7 +9958,7 @@ - - - 1 -- 6 -+ 7 - - - -@@ -10113,7 +10047,7 @@ - - - 1 -- 8 -+ 9 - - - -@@ -10375,7 +10309,7 @@ - - - 1 -- 4 -+ 5 - - - -@@ -10541,7 +10475,7 @@ - - - 1 -- 10 -+ 11 - - - -@@ -10627,7 +10561,7 @@ - - - 1 -- 12 -+ 13 - - - -@@ -10724,7 +10658,7 @@ - - - 1 -- 2 -+ 3 - - - -@@ -10753,7 +10687,7 @@ - - - 0 -- 2 -+ 3 - - - -@@ -10763,7 +10697,7 @@ - - - 0 -- 1 -+ 2 - 2 - - -@@ -10774,7 +10708,7 @@ - - - 0 -- 3 -+ 4 - 2 - - -@@ -10785,7 +10719,7 @@ - - - 0 -- 5 -+ 6 - 2 - - -@@ -10796,7 +10730,7 @@ - - - 0 -- 7 -+ 8 - 2 - - -@@ -10807,7 +10741,7 @@ - - - 0 -- 9 -+ 10 - 2 - - -@@ -10818,7 +10752,7 @@ - - - 0 -- 11 -+ 12 - 2 - - -@@ -10835,7 +10769,33 @@ - - - 0 -- 4 -+ 5 -+ -+ -+ -+ -+ True -+ False -+ Priority: -+ 1 -+ -+ -+ 0 -+ 1 -+ -+ -+ -+ -+ True -+ True -+ number -+ rich_rule_priority_adjustment -+ True -+ -+ -+ -+ 1 -+ 1 - - - -@@ -10858,9 +10818,6 @@ - richRuleDialogCancelButton - richRuleDialogOkButton - -- -- -- - - - False -@@ -11095,9 +11052,6 @@ - serviceBaseDialogCancelButton - serviceBaseDialogOkButton - -- -- -- - - - 300 -@@ -11211,9 +11165,6 @@ - serviceDialogCancelButton - serviceDialogOkButton - -- -- -- - - - False -@@ -11393,9 +11344,6 @@ - sourceDialogCancelButton - sourceDialogOkButton - -- -- -- - - - False -@@ -11517,9 +11465,6 @@ - uidDialogCancelButton - uidDialogOkButton - -- -- -- - - - False -@@ -11640,9 +11585,6 @@ - userDialogCancelButton - userDialogOkButton - -- -- -- - - - False -@@ -12033,8 +11975,5 @@ - zoneBaseDialogCancelButton - zoneBaseDialogOkButton - -- -- -- - - -diff --git a/src/firewall-config.in b/src/firewall-config.in -index c19541b0ce82..373f431685cc 100755 ---- a/src/firewall-config.in -+++ b/src/firewall-config.in -@@ -810,6 +810,7 @@ class FirewallConfig(object): - self.richRuleView = builder.get_object("richRuleView") - self.richRuleStore = Gtk.ListStore(GObject.TYPE_PYOBJECT, # the rule obj - GObject.TYPE_STRING, # ipv4/ipv6 -+ GObject.TYPE_INT, # priority - GObject.TYPE_STRING, # action - GObject.TYPE_STRING, # element - GObject.TYPE_STRING, # source -@@ -820,18 +821,21 @@ class FirewallConfig(object): - self.richRuleView.append_column( - Gtk.TreeViewColumn(_("Family"), Gtk.CellRendererText(), text=1)) - self.richRuleView.append_column( -- Gtk.TreeViewColumn(_("Action"), Gtk.CellRendererText(), text=2)) -+ Gtk.TreeViewColumn(_("Priority"), Gtk.CellRendererText(), text=2)) - self.richRuleView.append_column( -- Gtk.TreeViewColumn(_("Element"), Gtk.CellRendererText(), text=3)) -+ Gtk.TreeViewColumn(_("Action"), Gtk.CellRendererText(), text=3)) - self.richRuleView.append_column( -- Gtk.TreeViewColumn(_("Src"), Gtk.CellRendererText(), text=4)) -+ Gtk.TreeViewColumn(_("Element"), Gtk.CellRendererText(), text=4)) - self.richRuleView.append_column( -- Gtk.TreeViewColumn(_("Dest"), Gtk.CellRendererText(), text=5)) -+ Gtk.TreeViewColumn(_("Src"), Gtk.CellRendererText(), text=5)) - self.richRuleView.append_column( -- Gtk.TreeViewColumn(_("log"), Gtk.CellRendererText(), text=6)) -+ Gtk.TreeViewColumn(_("Dest"), Gtk.CellRendererText(), text=6)) - self.richRuleView.append_column( -- Gtk.TreeViewColumn(_("Audit"), Gtk.CellRendererText(), text=7)) -+ Gtk.TreeViewColumn(_("log"), Gtk.CellRendererText(), text=7)) -+ self.richRuleView.append_column( -+ Gtk.TreeViewColumn(_("Audit"), Gtk.CellRendererText(), text=8)) - self.richRuleView.set_model(self.richRuleStore) -+ self.richRuleStore.set_sort_column_id(2, Gtk.SortType.ASCENDING) - - self.richRuleView.get_selection().connect( \ - "changed", self.change_rich_rule_selection_cb) -@@ -848,6 +852,8 @@ class FirewallConfig(object): - - self.richRuleDialogFamilyCombobox = builder.get_object( \ - "richRuleDialogFamilyCombobox") -+ self.richRuleDialogPriorityEntry = builder.get_object( \ -+ "richRuleDialogPriorityEntry") - self.richRuleDialogElementCheck = builder.get_object( \ - "richRuleDialogElementCheck") - self.richRuleDialogElementBox = builder.get_object( \ -@@ -2021,6 +2027,7 @@ class FirewallConfig(object): - - def _add_rich_rule(self, obj): - family = "all" -+ priority = 0 - src = "" - dest = "" - elem = "" -@@ -2030,6 +2037,8 @@ class FirewallConfig(object): - - if obj.family: - family = obj.family -+ if obj.priority: -+ priority = obj.priority - if obj.action: - if type(obj.action) == rich.Rich_Accept: - action = _("accept") -@@ -2096,8 +2105,8 @@ class FirewallConfig(object): - if audit == "": - audit = _("yes") - -- self.richRuleStore.append([obj, family, action, elem, src, dest, log, -- audit]) -+ self.richRuleStore.append([obj, family, priority, action, elem, src, -+ dest, log, audit]) - - def richrule_added_cb(self, zone, rule, timeout): - if not self.runtime_view or zone != self.get_selected_zone(): -@@ -3085,6 +3094,7 @@ class FirewallConfig(object): - - def add_edit_rich_rule(self, add): - self.richRuleDialogFamilyCombobox.set_active(0) -+ self.richRuleDialogPriorityEntry.set_value(0) - self.richRuleDialogElementCheck.set_active(False) - self.richRuleDialogElementCombobox.set_active(0) - self.richRuleDialogElementChooser.set_text("") -@@ -3143,6 +3153,8 @@ class FirewallConfig(object): - if old_obj.family in [ "ipv4", "ipv6" ]: - combobox_select_text(self.richRuleDialogFamilyCombobox, - old_obj.family, insensitive=True) -+ if old_obj.priority != 0: -+ self.richRuleDialogPriorityEntry.set_value(old_obj.priority) - - if old_obj.element: - self.richRuleDialogElementCheck.set_active(True) -@@ -3633,6 +3645,11 @@ class FirewallConfig(object): - else: - rule = rich.Rich_Rule() # ipv4+ipv6 rule - -+ # priority -+ priority = self.richRuleDialogPriorityEntry.get_value_as_int() -+ if priority != 0: -+ rule.priority = priority -+ - # element - if self.richRuleDialogElementCheck.get_active(): - combolabel = self.richRuleDialogElementCombobox.get_active_text() --- -2.18.0 - diff --git a/SOURCES/firewalld-0.7-0024-nftables-support-rich-rule-priorities.patch b/SOURCES/firewalld-0.7-0024-nftables-support-rich-rule-priorities.patch deleted file mode 100644 index 3c9b2f4..0000000 --- a/SOURCES/firewalld-0.7-0024-nftables-support-rich-rule-priorities.patch +++ /dev/null @@ -1,456 +0,0 @@ -From 9f998164b87cd00dfb7a5750b898a2e17359c31c Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Fri, 19 Oct 2018 09:22:04 -0400 -Subject: [PATCH 24/34] nftables: support rich rule priorities - -Fixes: #149 -Fixes: #224 -(cherry picked from commit 25e9a62532d6395ff13665db02aabaa010d6fca5) ---- - src/firewall/core/nftables.py | 214 +++++++++++++++++++++++++++------- - 1 file changed, 174 insertions(+), 40 deletions(-) - -diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py -index a763ed3ec103..d59bc55bf1a5 100644 ---- a/src/firewall/core/nftables.py -+++ b/src/firewall/core/nftables.py -@@ -20,6 +20,7 @@ - # - - import os.path -+import copy - - from firewall.core.base import SHORTCUTS, DEFAULT_ZONE_TARGET - from firewall.core.prog import runProg -@@ -29,7 +30,8 @@ from firewall.functions import splitArgs, check_mac, portStr, \ - from firewall import config - from firewall.errors import FirewallError, UNKNOWN_ERROR, INVALID_RULE, \ - INVALID_ICMPTYPE, INVALID_TYPE, INVALID_ENTRY --from firewall.core.rich import Rich_Accept, Rich_Reject, Rich_Drop, Rich_Mark -+from firewall.core.rich import Rich_Accept, Rich_Reject, Rich_Drop, Rich_Mark, \ -+ Rich_Masquerade, Rich_ForwardPort, Rich_IcmpBlock - - TABLE_NAME = "firewalld" - -@@ -160,6 +162,7 @@ class nftables(object): - self.available_tables = [] - self.rule_to_handle = {} - self.rule_ref_count = {} -+ self.rich_rule_priority_counts = {} - - def fill_exists(self): - self.command_exists = os.path.exists(self._command) -@@ -171,18 +174,11 @@ class nftables(object): - - def rule_key_from_rule(rule): - rule_key = rule[2:] -- if rule_key[3] in ["position", "handle", "index"]: -- # strip "position #" -- # "insert rule family table chain position " -- # ^^ rule_key starts here -- try: -- int(rule_key[4]) -- except Exception: -- raise FirewallError(INVALID_RULE, "position without a number") -- else: -- rule_key.pop(3) -- rule_key.pop(3) -- return " ".join(rule_key) -+ # "insert rule family table chain index " -+ # ^^ rule_key starts here -+ if rule_key[3] in ["position", "handle"]: -+ raise FirewallError(INVALID_RULE, "position/handle not allowed in rule") -+ return " ".join([str(x) for x in rule_key]) - - # If we're deleting a table (i.e. build_flush_rules()) - # then check if its exist first to avoid nft throwing an error -@@ -200,11 +196,6 @@ class nftables(object): - elif _args[0] in ["delete"] and _args[1] == "rule": - rule_add = False - rule_key = rule_key_from_rule(_args) -- # delete using rule handle -- _args = ["delete", "rule"] + _args[2:5] + \ -- ["handle", self.rule_to_handle[rule_key]] -- -- _args_str = " ".join(_args) - - # rule deduplication - if rule_key in self.rule_ref_count: -@@ -220,22 +211,82 @@ class nftables(object): - raise FirewallError(UNKNOWN_ERROR, "rule ref count bug: rule_key '%s', cnt %d" - % (rule_key, self.rule_ref_count[rule_key])) - log.debug2("%s: rule ref cnt %d, %s %s", self.__class__, -- self.rule_ref_count[rule_key], self._command, _args_str) -+ self.rule_ref_count[rule_key], self._command, -+ " ".join([str(x) for x in _args])) -+ -+ # replace %%RICH_RULE_PRIORITY%% -+ if rule_key: -+ rich_rule_priority_counts = self.rich_rule_priority_counts -+ try: -+ i = _args.index("%%RICH_RULE_PRIORITY%%") -+ except ValueError: -+ pass -+ else: -+ rich_rule_priority_counts = copy.deepcopy(self.rich_rule_priority_counts) -+ _args.pop(i) -+ priority = _args.pop(i) -+ if type(priority) != int: -+ raise FirewallError(INVALID_RULE, "rich rule priority must be followed by a number") -+ chain = (_args[2], _args[4]) # family, chain -+ # Add the rule to the priority counts. We don't need to store the -+ # rule, just bump the ref count for the priority value. -+ if not rule_add: -+ if chain not in rich_rule_priority_counts or \ -+ priority not in rich_rule_priority_counts[chain] or \ -+ rich_rule_priority_counts[chain][priority] <= 0: -+ raise FirewallError(UNKNOWN_ERROR, "nonexistent or underflow of rich rule priority count") -+ -+ rich_rule_priority_counts[chain][priority] -= 1 -+ else: -+ if chain not in rich_rule_priority_counts: -+ rich_rule_priority_counts[chain] = {} -+ if priority not in rich_rule_priority_counts[chain]: -+ rich_rule_priority_counts[chain][priority] = 0 -+ -+ # calculate index of new rule -+ index = 0 -+ for p in sorted(rich_rule_priority_counts[chain].keys()): -+ if p == priority and _args[0] == "insert": -+ break -+ index += rich_rule_priority_counts[chain][p] -+ if p == priority and _args[0] == "add": -+ break -+ -+ rich_rule_priority_counts[chain][priority] += 1 -+ -+ if index == 0: -+ _args[0] = "insert" -+ else: -+ index -= 1 # point to the rule before insertion point -+ _args[0] = "add" -+ _args.insert(i, "index") -+ _args.insert(i+1, "%d" % index) - - if not rule_key or (not rule_add and self.rule_ref_count[rule_key] == 0) \ - or ( rule_add and rule_key not in self.rule_ref_count): -+ -+ # delete using rule handle -+ if rule_key and not rule_add: -+ _args = ["delete", "rule"] + _args[2:5] + \ -+ ["handle", self.rule_to_handle[rule_key]] -+ -+ _args_str = " ".join(_args) - log.debug2("%s: %s %s", self.__class__, self._command, _args_str) - (status, output) = runProg(self._command, nft_opts + _args) - if status != 0: - raise ValueError("'%s %s' failed: %s" % (self._command, - _args_str, output)) -+ -+ if rule_key: -+ self.rich_rule_priority_counts = rich_rule_priority_counts -+ - # nft requires deleting rules by handle. So we must cache the rule - # handle when adding/inserting rules. - # - if rule_key: - if rule_add: -- str = "# handle " -- offset = output.index(str) + len(str) -+ handle_str = "# handle " -+ offset = output.index(handle_str) + len(handle_str) - self.rule_to_handle[rule_key] = output[offset:].strip() - self.rule_ref_count[rule_key] = 1 - else: -@@ -305,6 +356,7 @@ class nftables(object): - def build_flush_rules(self): - self.rule_to_handle = {} - self.rule_ref_count = {} -+ self.rich_rule_priority_counts = {} - - rules = [] - for family in OUR_CHAINS.keys(): -@@ -557,18 +609,27 @@ class nftables(object): - OUR_CHAINS[family][table].update(set([_zone, - "%s_log" % _zone, - "%s_deny" % _zone, -+ "%s_rich_rule_pre" % _zone, -+ "%s_rich_rule_post" % _zone, - "%s_allow" % _zone])) - - rules = [] - rules.append(["add", "chain", family, "%s" % TABLE_NAME, - "%s_%s" % (table, _zone)]) -+ rules.append(["add", "chain", family, "%s" % TABLE_NAME, -+ "%s_%s_rich_rule_pre" % (table, _zone)]) - rules.append(["add", "chain", family, "%s" % TABLE_NAME, - "%s_%s_log" % (table, _zone)]) - rules.append(["add", "chain", family, "%s" % TABLE_NAME, - "%s_%s_deny" % (table, _zone)]) - rules.append(["add", "chain", family, "%s" % TABLE_NAME, - "%s_%s_allow" % (table, _zone)]) -+ rules.append(["add", "chain", family, "%s" % TABLE_NAME, -+ "%s_%s_rich_rule_post" % (table, _zone)]) - -+ rules.append(["add", "rule", family, "%s" % TABLE_NAME, -+ "%s_%s" % (table, _zone), -+ "jump", "%s_%s_rich_rule_pre" % (table, _zone)]) - rules.append(["add", "rule", family, "%s" % TABLE_NAME, - "%s_%s" % (table, _zone), - "jump", "%s_%s_log" % (table, _zone)]) -@@ -578,6 +639,9 @@ class nftables(object): - rules.append(["add", "rule", family, "%s" % TABLE_NAME, - "%s_%s" % (table, _zone), - "jump", "%s_%s_allow" % (table, _zone)]) -+ rules.append(["add", "rule", family, "%s" % TABLE_NAME, -+ "%s_%s" % (table, _zone), -+ "jump", "%s_%s_rich_rule_post" % (table, _zone)]) - - target = self._fw.zone._zones[zone].target - -@@ -659,14 +723,54 @@ class nftables(object): - return ["limit", "rate", limit.value[0:i], "/", - rich_to_nft[limit.value[i+1]]] - -+ def _rich_rule_chain_suffix(self, rich_rule): -+ if type(rich_rule.element) in [Rich_Masquerade, Rich_ForwardPort, Rich_IcmpBlock]: -+ # These are special and don't have an explicit action -+ pass -+ elif rich_rule.action: -+ if type(rich_rule.action) not in [Rich_Accept, Rich_Reject, Rich_Drop, Rich_Mark]: -+ raise FirewallError(INVALID_RULE, "Unknown action %s" % type(rich_rule.action)) -+ else: -+ raise FirewallError(INVALID_RULE, "No rule action specified.") -+ -+ if rich_rule.priority == 0: -+ if type(rich_rule.element) in [Rich_Masquerade, Rich_ForwardPort] or \ -+ type(rich_rule.action) in [Rich_Accept, Rich_Mark]: -+ return "allow" -+ elif type(rich_rule.element) in [Rich_IcmpBlock] or \ -+ type(rich_rule.action) in [Rich_Reject, Rich_Drop]: -+ return "deny" -+ elif rich_rule.priority < 0: -+ return "rich_rule_pre" -+ else: -+ return "rich_rule_post" -+ -+ def _rich_rule_chain_suffix_from_log(self, rich_rule): -+ if not rich_rule.log and not rich_rule.audit: -+ raise FirewallError(INVALID_RULE, "Not log or audit") -+ -+ if rich_rule.priority == 0: -+ return "log" -+ elif rich_rule.priority < 0: -+ return "rich_rule_pre" -+ else: -+ return "rich_rule_post" -+ -+ def _rich_rule_priority_fragment(self, rich_rule): -+ if rich_rule.priority == 0: -+ return [] -+ return ["%%RICH_RULE_PRIORITY%%", rich_rule.priority] -+ - def _rich_rule_log(self, rich_rule, enable, table, target, rule_fragment): - if not rich_rule.log: - return [] - - add_del = { True: "add", False: "delete" }[enable] - -+ chain_suffix = self._rich_rule_chain_suffix_from_log(rich_rule) - rule = [add_del, "rule", "inet", "%s" % TABLE_NAME, -- "%s_%s_log" % (table, target)] -+ "%s_%s_%s" % (table, target, chain_suffix)] -+ rule += self._rich_rule_priority_fragment(rich_rule) - rule += rule_fragment + ["log"] - if rich_rule.log.prefix: - rule += ["prefix", "\"%s\"" % rich_rule.log.prefix] -@@ -682,8 +786,10 @@ class nftables(object): - - add_del = { True: "add", False: "delete" }[enable] - -+ chain_suffix = self._rich_rule_chain_suffix_from_log(rich_rule) - rule = [add_del, "rule", "inet", "%s" % TABLE_NAME, -- "%s_%s_log" % (table, target)] -+ "%s_%s_%s" % (table, target, chain_suffix)] -+ rule += self._rich_rule_priority_fragment(rich_rule) - rule += rule_fragment + ["log", "level", "audit"] - rule += self._rich_rule_limit_fragment(rich_rule.audit.limit) - -@@ -695,28 +801,28 @@ class nftables(object): - - add_del = { True: "add", False: "delete" }[enable] - -+ chain_suffix = self._rich_rule_chain_suffix(rich_rule) -+ chain = "%s_%s_%s" % (table, target, chain_suffix) - if type(rich_rule.action) == Rich_Accept: -- chain = "%s_%s_allow" % (table, target) - rule_action = ["accept"] - elif type(rich_rule.action) == Rich_Reject: -- chain = "%s_%s_deny" % (table, target) - rule_action = ["reject"] - if rich_rule.action.type: - rule_action += self._reject_types_fragment(rich_rule.action.type) - elif type(rich_rule.action) == Rich_Drop: -- chain = "%s_%s_deny" % (table, target) - rule_action = ["drop"] - elif type(rich_rule.action) == Rich_Mark: - target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS["PREROUTING"], - zone=zone) - table = "mangle" -- chain = "%s_%s_allow" % (table, target) -+ chain = "%s_%s_%s" % (table, target, chain_suffix) - rule_action = ["meta", "mark", "set", rich_rule.action.set] - else: - raise FirewallError(INVALID_RULE, - "Unknown action %s" % type(rich_rule.action)) - - rule = [add_del, "rule", "inet", "%s" % TABLE_NAME, chain] -+ rule += self._rich_rule_priority_fragment(rich_rule) - rule += rule_fragment - rule += self._rich_rule_limit_fragment(rich_rule.action.limit) - rule += rule_action -@@ -902,11 +1008,15 @@ class nftables(object): - - rule_fragment = [] - if rich_rule: -+ rule_fragment += self._rich_rule_priority_fragment(rich_rule) - rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination) - rule_fragment += self._rich_rule_source_fragment(rich_rule.source) -+ chain_suffix = self._rich_rule_chain_suffix(rich_rule) -+ else: -+ chain_suffix = "allow" - - return [[add_del, "rule", family, "%s" % TABLE_NAME, -- "nat_%s_allow" % (target)] -+ "nat_%s_%s" % (target, chain_suffix)] - + rule_fragment + ["oifname", "!=", "lo", "masquerade"]] - - def build_zone_masquerade_rules(self, enable, zone, rich_rule=None): -@@ -928,18 +1038,22 @@ class nftables(object): - - rule_fragment = [] - if rich_rule: -+ rule_fragment += self._rich_rule_priority_fragment(rich_rule) - rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination) - rule_fragment += self._rich_rule_source_fragment(rich_rule.source) -+ chain_suffix = self._rich_rule_chain_suffix(rich_rule) -+ else: -+ chain_suffix = "allow" - - rules.append([add_del, "rule", "inet", "%s" % TABLE_NAME, -- "filter_%s_allow" % (target)] -+ "filter_%s_%s" % (target, chain_suffix)] - + rule_fragment + ["ct", "state", "new,untracked", "accept"]) - - return rules - - def _build_zone_forward_port_nat_rules(self, enable, zone, protocol, - mark_fragment, toaddr, toport, -- family): -+ family, rich_rule=None): - add_del = { True: "add", False: "delete" }[enable] - target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS["PREROUTING"], - zone=zone) -@@ -953,8 +1067,17 @@ class nftables(object): - if toport and toport != "": - dnat_fragment += [":%s" % portStr(toport, "-")] - -+ rich_rule_priority_fragment = [] -+ if rich_rule: -+ rich_rule_priority_fragment += self._rich_rule_priority_fragment(rich_rule) -+ chain_suffix = self._rich_rule_chain_suffix(rich_rule) -+ else: -+ chain_suffix = "allow" -+ - return [[add_del, "rule", family, "%s" % TABLE_NAME, -- "nat_%s_allow" % (target), "meta", "l4proto", protocol] -+ "nat_%s_%s" % (target, chain_suffix)] -+ + rich_rule_priority_fragment + -+ ["meta", "l4proto", protocol] - + mark_fragment + dnat_fragment] - - def build_zone_forward_port_rules(self, enable, zone, filter_chain, port, -@@ -968,36 +1091,45 @@ class nftables(object): - zone=zone) - rule_fragment = [] - if rich_rule: -+ rule_fragment += self._rich_rule_priority_fragment(rich_rule) - rule_fragment += self._rich_rule_family_fragment(rich_rule.family) - rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination) - rule_fragment += self._rich_rule_source_fragment(rich_rule.source) -+ chain_suffix = self._rich_rule_chain_suffix(rich_rule) -+ else: -+ chain_suffix = "allow" - - rules = [] - rules.append([add_del, "rule", "inet", "%s" % TABLE_NAME, -- "mangle_%s_allow" % (target)] -+ "mangle_%s_%s" % (target, chain_suffix)] - + rule_fragment + - [protocol, "dport", port, "meta", "mark", "set", mark_str]) - - if rich_rule and (rich_rule.family and rich_rule.family == "ipv6" - or toaddr and check_single_address("ipv6", toaddr)): - rules.extend(self._build_zone_forward_port_nat_rules(enable, zone, -- protocol, mark_fragment, toaddr, toport, "ip6")) -+ protocol, mark_fragment, toaddr, toport, "ip6", rich_rule)) - elif rich_rule and (rich_rule.family and rich_rule.family == "ipv4" - or toaddr and check_single_address("ipv4", toaddr)): - rules.extend(self._build_zone_forward_port_nat_rules(enable, zone, -- protocol, mark_fragment, toaddr, toport, "ip")) -+ protocol, mark_fragment, toaddr, toport, "ip", rich_rule)) - else: - if not toaddr or check_single_address("ipv6", toaddr): - rules.extend(self._build_zone_forward_port_nat_rules(enable, zone, -- protocol, mark_fragment, toaddr, toport, "ip6")) -+ protocol, mark_fragment, toaddr, toport, "ip6", rich_rule)) - if not toaddr or check_single_address("ipv4", toaddr): - rules.extend(self._build_zone_forward_port_nat_rules(enable, zone, -- protocol, mark_fragment, toaddr, toport, "ip")) -+ protocol, mark_fragment, toaddr, toport, "ip", rich_rule)) - - target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS[filter_chain], - zone=zone) -+ rule_fragment = [] -+ if rich_rule: -+ rule_fragment += self._rich_rule_priority_fragment(rich_rule) - rules.append([add_del, "rule", "inet", "%s" % TABLE_NAME, -- "filter_%s_allow" % (target), "ct", "state", "new,untracked"] -+ "filter_%s_%s" % (target, chain_suffix)] -+ + rule_fragment + -+ ["ct", "state", "new,untracked"] - + mark_fragment + ["accept"]) - - return rules -@@ -1049,8 +1181,10 @@ class nftables(object): - if rich_rule.action: - rules.append(self._rich_rule_action(zone, rich_rule, enable, table, target, rule_fragment)) - else: -+ chain_suffix = self._rich_rule_chain_suffix(rich_rule) - rules.append([add_del, "rule", "inet", "%s" % TABLE_NAME, -- "%s_%s_deny" % (table, target)] -+ "%s_%s_%s" % (table, target, chain_suffix)] -+ + self._rich_rule_priority_fragment(rich_rule) - + rule_fragment + ["%%REJECT%%"]) - else: - if self._fw.get_log_denied() != "off" and final_target != "accept": -@@ -1079,14 +1213,14 @@ class nftables(object): - - # WARN: index must be kept in sync with build_zone_chain_rules() - rules.append([add_del, "rule", "inet", "%s" % TABLE_NAME, -- "%s_%s" % (table, _zone), "index", "2", -+ "%s_%s" % (table, _zone), "index", "4", - "%%ICMP%%", ibi_target]) - - if self._fw.zone.query_icmp_block_inversion(zone): - if self._fw.get_log_denied() != "off": - # WARN: index must be kept in sync with build_zone_chain_rules() - rules.append([add_del, "rule", "inet", "%s" % TABLE_NAME, -- "%s_%s" % (table, _zone), "index", "2", -+ "%s_%s" % (table, _zone), "index", "4", - "%%ICMP%%", "%%LOGTYPE%%", "log", "prefix", - "\"%s_%s_ICMP_BLOCK: \"" % (table, _zone)]) - --- -2.18.0 - diff --git a/SOURCES/firewalld-0.7-0025-ipXtables-support-rich-rule-priorities.patch b/SOURCES/firewalld-0.7-0025-ipXtables-support-rich-rule-priorities.patch deleted file mode 100644 index 3868347..0000000 --- a/SOURCES/firewalld-0.7-0025-ipXtables-support-rich-rule-priorities.patch +++ /dev/null @@ -1,420 +0,0 @@ -From ddcd5e1677c3c273e259699c3de8ef3e5f69f14c Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Fri, 30 Nov 2018 09:55:30 -0500 -Subject: [PATCH 25/34] ipXtables: support rich rule priorities - -(cherry picked from commit 29d657527bd24492ec269fd9ab756bb7360dd3df) ---- - src/firewall/core/ipXtables.py | 214 ++++++++++++++++++++++++++++----- - 1 file changed, 186 insertions(+), 28 deletions(-) - -diff --git a/src/firewall/core/ipXtables.py b/src/firewall/core/ipXtables.py -index b98ba5228e68..43ff9307a41c 100644 ---- a/src/firewall/core/ipXtables.py -+++ b/src/firewall/core/ipXtables.py -@@ -20,6 +20,7 @@ - # - - import os.path -+import copy - - from firewall.core.base import SHORTCUTS, DEFAULT_ZONE_TARGET - from firewall.core.prog import runProg -@@ -27,8 +28,9 @@ from firewall.core.logger import log - from firewall.functions import tempFile, readfile, splitArgs, check_mac, portStr, \ - check_single_address - from firewall import config --from firewall.errors import FirewallError, INVALID_PASSTHROUGH, INVALID_RULE --from firewall.core.rich import Rich_Accept, Rich_Reject, Rich_Drop, Rich_Mark -+from firewall.errors import FirewallError, INVALID_PASSTHROUGH, INVALID_RULE, UNKNOWN_ERROR -+from firewall.core.rich import Rich_Accept, Rich_Reject, Rich_Drop, Rich_Mark, \ -+ Rich_Masquerade, Rich_ForwardPort, Rich_IcmpBlock - import string - - BUILT_IN_CHAINS = { -@@ -275,6 +277,7 @@ class ip4tables(object): - self.restore_wait_option = self._detect_restore_wait_option() - self.fill_exists() - self.available_tables = [] -+ self.rich_rule_priority_counts = {} - - def fill_exists(self): - self.command_exists = os.path.exists(self._command) -@@ -385,10 +388,91 @@ class ip4tables(object): - chain = args[i+1] - return (table, chain) - -+ def _set_rule_replace_rich_rule_priority(self, rule, rich_rule_priority_counts): -+ """ -+ Change something like -+ -t filter -I public_IN %%RICH_RULE_PRIORITY%% 123 -+ or -+ -t filter -A public_IN %%RICH_RULE_PRIORITY%% 321 -+ into -+ -t filter -I public_IN 4 -+ or -+ -t filter -I public_IN -+ """ -+ try: -+ i = rule.index("%%RICH_RULE_PRIORITY%%") -+ except ValueError: -+ pass -+ else: -+ rule_add = True -+ insert = False -+ insert_add_index = -1 -+ rule.pop(i) -+ priority = rule.pop(i) -+ if type(priority) != int: -+ raise FirewallError(INVALID_RULE, "rich rule priority must be followed by a number") -+ -+ table = "filter" -+ for opt in [ "-t", "--table" ]: -+ try: -+ j = rule.index(opt) -+ except ValueError: -+ pass -+ else: -+ if len(rule) >= j+1: -+ table = rule[j+1] -+ for opt in [ "-A", "--append", -+ "-I", "--insert", -+ "-D", "--delete" ]: -+ try: -+ insert_add_index = rule.index(opt) -+ except ValueError: -+ pass -+ else: -+ if len(rule) >= insert_add_index+1: -+ chain = rule[insert_add_index+1] -+ -+ if opt in [ "-I", "--insert" ]: -+ insert = True -+ if opt in [ "-D", "--delete" ]: -+ rule_add = False -+ -+ chain = (table, chain) -+ -+ # Add the rule to the priority counts. We don't need to store the -+ # rule, just bump the ref count for the priority value. -+ if not rule_add: -+ if chain not in rich_rule_priority_counts or \ -+ priority not in rich_rule_priority_counts[chain] or \ -+ rich_rule_priority_counts[chain][priority] <= 0: -+ raise FirewallError(UNKNOWN_ERROR, "nonexistent or underflow of rich rule priority count") -+ -+ rich_rule_priority_counts[chain][priority] -= 1 -+ else: -+ if chain not in rich_rule_priority_counts: -+ rich_rule_priority_counts[chain] = {} -+ if priority not in rich_rule_priority_counts[chain]: -+ rich_rule_priority_counts[chain][priority] = 0 -+ -+ # calculate index of new rule -+ index = 1 -+ for p in sorted(rich_rule_priority_counts[chain].keys()): -+ if p == priority and insert: -+ break -+ index += rich_rule_priority_counts[chain][p] -+ if p == priority: -+ break -+ -+ rich_rule_priority_counts[chain][priority] += 1 -+ -+ rule[insert_add_index] = "-I" -+ rule.insert(insert_add_index+2, "%d" % index) -+ - def set_rules(self, rules, log_denied): - temp_file = tempFile() - - table_rules = { } -+ rich_rule_priority_counts = copy.deepcopy(self.rich_rule_priority_counts) - for _rule in rules: - rule = _rule[:] - -@@ -412,6 +496,8 @@ class ip4tables(object): - else: - rule.pop(i) - -+ self._set_rule_replace_rich_rule_priority(rule, rich_rule_priority_counts) -+ - table = "filter" - # get table form rule - for opt in [ "-t", "--table" ]: -@@ -473,6 +559,7 @@ class ip4tables(object): - if status != 0: - raise ValueError("'%s %s' failed: %s" % (self._restore_command, - " ".join(args), ret)) -+ self.rich_rule_priority_counts = rich_rule_priority_counts - return ret - - def set_rule(self, rule, log_denied): -@@ -496,7 +583,11 @@ class ip4tables(object): - else: - rule.pop(i) - -- return self.__run(rule) -+ rich_rule_priority_counts = copy.deepcopy(self.rich_rule_priority_counts) -+ self._set_rule_replace_rich_rule_priority(rule, self.rich_rule_priority_counts) -+ output = self.__run(rule) -+ self.rich_rule_priority_counts = rich_rule_priority_counts -+ return output - - def get_available_tables(self, table=None): - ret = [] -@@ -546,6 +637,7 @@ class ip4tables(object): - return wait_option - - def build_flush_rules(self): -+ self.rich_rule_priority_counts = {} - rules = [] - for table in BUILT_IN_CHAINS.keys(): - # Flush firewall rules: -F -@@ -712,16 +804,22 @@ class ip4tables(object): - OUR_CHAINS[table].update(set([_zone, - "%s_log" % _zone, - "%s_deny" % _zone, -+ "%s_rich_rule_pre" % _zone, -+ "%s_rich_rule_post" % _zone, - "%s_allow" % _zone])) - - rules = [] - rules.append([ "-N", _zone, "-t", table ]) -+ rules.append([ "-N", "%s_rich_rule_pre" % _zone, "-t", table ]) - rules.append([ "-N", "%s_log" % _zone, "-t", table ]) - rules.append([ "-N", "%s_deny" % _zone, "-t", table ]) - rules.append([ "-N", "%s_allow" % _zone, "-t", table ]) -- rules.append([ "-I", _zone, "1", "-t", table, "-j", "%s_log" % _zone ]) -- rules.append([ "-I", _zone, "2", "-t", table, "-j", "%s_deny" % _zone ]) -- rules.append([ "-I", _zone, "3", "-t", table, "-j", "%s_allow" % _zone ]) -+ rules.append([ "-N", "%s_rich_rule_post" % _zone, "-t", table ]) -+ rules.append([ "-I", _zone, "1", "-t", table, "-j", "%s_rich_rule_pre" % _zone ]) -+ rules.append([ "-I", _zone, "2", "-t", table, "-j", "%s_log" % _zone ]) -+ rules.append([ "-I", _zone, "3", "-t", table, "-j", "%s_deny" % _zone ]) -+ rules.append([ "-I", _zone, "4", "-t", table, "-j", "%s_allow" % _zone ]) -+ rules.append([ "-I", _zone, "5", "-t", table, "-j", "%s_rich_rule_post" % _zone ]) - - # Handle trust, block and drop zones: - # Add an additional rule with the zone target (accept, reject -@@ -733,17 +831,17 @@ class ip4tables(object): - if table == "filter" and \ - target in [ "ACCEPT", "REJECT", "%%REJECT%%", "DROP" ] and \ - chain in [ "INPUT", "FORWARD_IN", "FORWARD_OUT", "OUTPUT" ]: -- rules.append([ "-I", _zone, "4", "-t", table, "-j", target ]) -+ rules.append([ "-I", _zone, "6", "-t", table, "-j", target ]) - - if self._fw.get_log_denied() != "off": - if table == "filter" and \ - chain in [ "INPUT", "FORWARD_IN", "FORWARD_OUT", "OUTPUT" ]: - if target in [ "REJECT", "%%REJECT%%" ]: -- rules.append([ "-I", _zone, "4", "-t", table, "%%LOGTYPE%%", -+ rules.append([ "-I", _zone, "6", "-t", table, "%%LOGTYPE%%", - "-j", "LOG", "--log-prefix", - "\"%s_REJECT: \"" % _zone ]) - if target == "DROP": -- rules.append([ "-I", _zone, "4", "-t", table, "%%LOGTYPE%%", -+ rules.append([ "-I", _zone, "6", "-t", table, "%%LOGTYPE%%", - "-j", "LOG", "--log-prefix", - "\"%s_DROP: \"" % _zone ]) - return rules -@@ -753,13 +851,53 @@ class ip4tables(object): - return [ "-m", "limit", "--limit", limit.value ] - return [] - -+ def _rich_rule_chain_suffix(self, rich_rule): -+ if type(rich_rule.element) in [Rich_Masquerade, Rich_ForwardPort, Rich_IcmpBlock]: -+ # These are special and don't have an explicit action -+ pass -+ elif rich_rule.action: -+ if type(rich_rule.action) not in [Rich_Accept, Rich_Reject, Rich_Drop, Rich_Mark]: -+ raise FirewallError(INVALID_RULE, "Unknown action %s" % type(rich_rule.action)) -+ else: -+ raise FirewallError(INVALID_RULE, "No rule action specified.") -+ -+ if rich_rule.priority == 0: -+ if type(rich_rule.element) in [Rich_Masquerade, Rich_ForwardPort] or \ -+ type(rich_rule.action) in [Rich_Accept, Rich_Mark]: -+ return "allow" -+ elif type(rich_rule.element) in [Rich_IcmpBlock] or \ -+ type(rich_rule.action) in [Rich_Reject, Rich_Drop]: -+ return "deny" -+ elif rich_rule.priority < 0: -+ return "rich_rule_pre" -+ else: -+ return "rich_rule_post" -+ -+ def _rich_rule_chain_suffix_from_log(self, rich_rule): -+ if not rich_rule.log and not rich_rule.audit: -+ raise FirewallError(INVALID_RULE, "Not log or audit") -+ -+ if rich_rule.priority == 0: -+ return "log" -+ elif rich_rule.priority < 0: -+ return "rich_rule_pre" -+ else: -+ return "rich_rule_post" -+ -+ def _rich_rule_priority_fragment(self, rich_rule): -+ if rich_rule.priority == 0: -+ return [] -+ return ["%%RICH_RULE_PRIORITY%%", rich_rule.priority] -+ - def _rich_rule_log(self, rich_rule, enable, table, target, rule_fragment): - if not rich_rule.log: - return [] - - add_del = { True: "-A", False: "-D" }[enable] - -- rule = [ add_del, "%s_log" % (target), "-t", table] -+ chain_suffix = self._rich_rule_chain_suffix_from_log(rich_rule) -+ rule = ["-t", table, add_del, "%s_%s" % (target, chain_suffix)] -+ rule += self._rich_rule_priority_fragment(rich_rule) - rule += rule_fragment + [ "-j", "LOG" ] - if rich_rule.log.prefix: - rule += [ "--log-prefix", "'%s'" % rich_rule.log.prefix ] -@@ -775,7 +913,10 @@ class ip4tables(object): - - add_del = { True: "-A", False: "-D" }[enable] - -- rule = [add_del, "%s_log" % (target), "-t", table] + rule_fragment -+ chain_suffix = self._rich_rule_chain_suffix_from_log(rich_rule) -+ rule = ["-t", table, add_del, "%s_%s" % (target, chain_suffix)] -+ rule += self._rich_rule_priority_fragment(rich_rule) -+ rule += rule_fragment - if type(rich_rule.action) == Rich_Accept: - _type = "accept" - elif type(rich_rule.action) == Rich_Reject: -@@ -795,28 +936,28 @@ class ip4tables(object): - - add_del = { True: "-A", False: "-D" }[enable] - -+ chain_suffix = self._rich_rule_chain_suffix(rich_rule) -+ chain = "%s_%s" % (target, chain_suffix) - if type(rich_rule.action) == Rich_Accept: -- chain = "%s_allow" % target - rule_action = [ "-j", "ACCEPT" ] - elif type(rich_rule.action) == Rich_Reject: -- chain = "%s_deny" % target - rule_action = [ "-j", "REJECT" ] - if rich_rule.action.type: - rule_action += [ "--reject-with", rich_rule.action.type ] - elif type(rich_rule.action) == Rich_Drop: -- chain = "%s_deny" % target - rule_action = [ "-j", "DROP" ] - elif type(rich_rule.action) == Rich_Mark: - target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS["PREROUTING"], - zone=zone) - table = "mangle" -- chain = "%s_allow" % target -+ chain = "%s_%s" % (target, chain_suffix) - rule_action = [ "-j", "MARK", "--set-xmark", rich_rule.action.set ] - else: - raise FirewallError(INVALID_RULE, - "Unknown action %s" % type(rich_rule.action)) - -- rule = [ add_del, chain, "-t", table ] -+ rule = ["-t", table, add_del, chain] -+ rule += self._rich_rule_priority_fragment(rich_rule) - rule += rule_fragment + rule_action - rule += self._rule_limit(rich_rule.action.limit) - -@@ -957,11 +1098,15 @@ class ip4tables(object): - zone=zone) - rule_fragment = [] - if rich_rule: -+ chain_suffix = self._rich_rule_chain_suffix(rich_rule) -+ rule_fragment += self._rich_rule_priority_fragment(rich_rule) - rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination) - rule_fragment += self._rich_rule_source_fragment(rich_rule.source) -+ else: -+ chain_suffix = "allow" - - rules = [] -- rules.append([ add_del, "%s_allow" % (target), "-t", "nat" ] -+ rules.append(["-t", "nat", add_del, "%s_%s" % (target, chain_suffix)] - + rule_fragment + - [ "!", "-o", "lo", "-j", "MASQUERADE" ]) - # FORWARD_OUT -@@ -969,10 +1114,14 @@ class ip4tables(object): - zone=zone) - rule_fragment = [] - if rich_rule: -+ chain_suffix = self._rich_rule_chain_suffix(rich_rule) -+ rule_fragment += self._rich_rule_priority_fragment(rich_rule) - rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination) - rule_fragment += self._rich_rule_source_fragment(rich_rule.source) -+ else: -+ chain_suffix = "allow" - -- rules.append([ add_del, "%s_allow" % (target), "-t", "filter"] -+ rules.append(["-t", "filter", add_del, "%s_%s" % (target, chain_suffix)] - + rule_fragment + - ["-m", "conntrack", "--ctstate", "NEW,UNTRACKED", "-j", "ACCEPT" ]) - -@@ -998,28 +1147,35 @@ class ip4tables(object): - zone=zone) - - rule_fragment = [ "-p", protocol, "--dport", portStr(port) ] -+ rich_rule_priority_fragment = [] - if rich_rule: -+ chain_suffix = self._rich_rule_chain_suffix(rich_rule) -+ rich_rule_priority_fragment = self._rich_rule_priority_fragment(rich_rule) - rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination) - rule_fragment += self._rich_rule_source_fragment(rich_rule.source) -+ else: -+ chain_suffix = "allow" - - rules = [] - if rich_rule: - rules.append(self._rich_rule_log(rich_rule, enable, "mangle", target, rule_fragment)) -- rules.append([ add_del, "%s_allow" % (target), "-t", "mangle"] -- + rule_fragment + -+ rules.append(["-t", "mangle", add_del, "%s_%s" % (target, chain_suffix)] -+ + rich_rule_priority_fragment + rule_fragment + - [ "-j", "MARK", "--set-mark", mark_str ]) - - # local and remote -- rules.append([ add_del, "%s_allow" % (target), "-t", "nat", -- "-p", protocol ] + mark + -+ rules.append(["-t", "nat", add_del, "%s_%s" % (target, chain_suffix)] -+ + rich_rule_priority_fragment + -+ ["-p", protocol ] + mark + - [ "-j", "DNAT", "--to-destination", to ]) - - target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS[filter_chain], - zone=zone) -- rules.append([ add_del, "%s_allow" % (target), -- "-t", "filter", "-m", "conntrack", -- "--ctstate", "NEW,UNTRACKED" ] + -- mark + [ "-j", "ACCEPT" ]) -+ rules.append(["-t", "filter", add_del, "%s_%s" % (target, chain_suffix)] -+ + rich_rule_priority_fragment + -+ ["-m", "conntrack", "--ctstate", "NEW,UNTRACKED" ] -+ + mark + -+ [ "-j", "ACCEPT" ]) - - return rules - -@@ -1057,7 +1213,9 @@ class ip4tables(object): - if rich_rule.action: - rules.append(self._rich_rule_action(zone, rich_rule, enable, table, target, rule_fragment)) - else: -- rules.append([ add_del, "%s_deny" % target, "-t", table ] -+ chain_suffix = self._rich_rule_chain_suffix(rich_rule) -+ rules.append(["-t", table, add_del, "%s_%s" % (target, chain_suffix)] -+ + self._rich_rule_priority_fragment(rich_rule) - + rule_fragment + - [ "-j", "%%REJECT%%" ]) - else: -@@ -1076,7 +1234,7 @@ class ip4tables(object): - table = "filter" - rules = [] - for chain in [ "INPUT", "FORWARD_IN" ]: -- rule_idx = 4 -+ rule_idx = 6 - _zone = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS[chain], - zone=zone) - --- -2.18.0 - diff --git a/SOURCES/firewalld-0.7-0026-command-sort-rich-rule-output-by-priority.patch b/SOURCES/firewalld-0.7-0026-command-sort-rich-rule-output-by-priority.patch deleted file mode 100644 index 7f0388f..0000000 --- a/SOURCES/firewalld-0.7-0026-command-sort-rich-rule-output-by-priority.patch +++ /dev/null @@ -1,47 +0,0 @@ -From bec614ce987935a8fccb99c32fb2ba342b17048a Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Thu, 29 Nov 2018 12:26:08 -0500 -Subject: [PATCH 26/34] command: sort rich rule output by priority - -(cherry picked from commit 606e853e58028b6a8cfd91c1544e58346e7966be) ---- - src/firewall/command.py | 16 +++++++++++++++- - 1 file changed, 15 insertions(+), 1 deletion(-) - -diff --git a/src/firewall/command.py b/src/firewall/command.py -index 6c93be840760..1449b6dfc3ea 100644 ---- a/src/firewall/command.py -+++ b/src/firewall/command.py -@@ -393,6 +393,19 @@ class FirewallCommand(object): - description = settings.getDescription() - short_description = settings.getShort() - -+ def rich_rule_sorted_key(rule): -+ priority = 0 -+ search_str = "priority=" -+ try: -+ i = rule.index(search_str) -+ except ValueError: -+ pass -+ else: -+ i += len(search_str) -+ priority = int(rule[i:i+(rule[i:].index(" "))].replace("\"", "")) -+ -+ return priority -+ - attributes = [] - if default_zone is not None: - if zone == default_zone: -@@ -424,7 +437,8 @@ class FirewallCommand(object): - " ".join(["%s/%s" % (port[0], port[1]) - for port in source_ports])) - self.print_msg(" icmp-blocks: " + " ".join(icmp_blocks)) -- self.print_msg(" rich rules: \n\t" + "\n\t".join(rules)) -+ self.print_msg(" rich rules: \n\t" + "\n\t".join( -+ sorted(rules, key=rich_rule_sorted_key))) - - def print_service_info(self, service, settings): - ports = settings.getPorts() --- -2.18.0 - diff --git a/SOURCES/firewalld-0.7-0027-tests-functions-increase-firewalld-debug-level.patch b/SOURCES/firewalld-0.7-0027-tests-functions-increase-firewalld-debug-level.patch deleted file mode 100644 index 6021170..0000000 --- a/SOURCES/firewalld-0.7-0027-tests-functions-increase-firewalld-debug-level.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 20701da25b4991f34fbc698447a0f3d987551f63 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Wed, 5 Dec 2018 09:40:46 -0500 -Subject: [PATCH 27/34] tests/functions: increase firewalld debug level - -This is so we get a dump of the iptables-restore input. - -(cherry picked from commit 98a3155c569b2d91fbaa5d0921f3b97ce724000e) ---- - src/tests/functions.at | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/tests/functions.at b/src/tests/functions.at -index f8ab929118e5..9fd57e6a4b1a 100644 ---- a/src/tests/functions.at -+++ b/src/tests/functions.at -@@ -12,7 +12,7 @@ m4_define([FWD_START_FIREWALLD], [ - FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" - dnl if testsuite ran with debug flag, add debug output - case "${TESTSUITEFLAGS}" in -- *-d*|*--debug*) FIREWALLD_ARGS="--debug=2 ${FIREWALLD_ARGS}";; -+ *-d*|*--debug*) FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}";; - *) :;; - esac - if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then --- -2.18.0 - diff --git a/SOURCES/firewalld-0.7-0028-tests-functions-implement-a-better-m4_strip.patch b/SOURCES/firewalld-0.7-0028-tests-functions-implement-a-better-m4_strip.patch deleted file mode 100644 index 39276f6..0000000 --- a/SOURCES/firewalld-0.7-0028-tests-functions-implement-a-better-m4_strip.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 6bdf308d0bdf47055511a0e20630a8d2938768a5 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Tue, 6 Nov 2018 15:45:51 -0500 -Subject: [PATCH 28/34] tests/functions: implement a better m4_strip() - -m4sugar's version is buggy and adds a space after newlines. - -(cherry picked from commit f6a3116ee1df7990362bf08cc48bc05db75a4d18) ---- - src/tests/functions.at | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/src/tests/functions.at b/src/tests/functions.at -index 9fd57e6a4b1a..7b5be8b6360c 100644 ---- a/src/tests/functions.at -+++ b/src/tests/functions.at -@@ -217,6 +217,12 @@ m4_define([TRIMV], [[sed -e '/^[ \t]*$/d']]) - m4_define([TRIM_INTERNAL], [[sed -e 's/[ \t]\+/ /g']]) - m4_define([TRIM_WHITESPACE], [TRIM | TRIMV | TRIM_INTERNAL]) - -+dnl m4sugar's m4_strip has a bug that causes it to print a space after -+dnl newlines. So implement our own suck-less version. -+m4_define([m4_strip], -+[m4_bpatsubsts([$1], [[ ]+], [ ], -+ [^ ?\(.*\) ?$], [\1])]) -+ - m4_define([NS_CMD], [dnl - env DBUS_SYSTEM_BUS_ADDRESS="CURRENT_DBUS_ADDRESS" ip netns exec CURRENT_TEST_NS $1 dnl - ]) --- -2.18.0 - diff --git a/SOURCES/firewalld-0.7-0029-tests-functions-m4_strip-expected-output.patch b/SOURCES/firewalld-0.7-0029-tests-functions-m4_strip-expected-output.patch deleted file mode 100644 index 2e275c9..0000000 --- a/SOURCES/firewalld-0.7-0029-tests-functions-m4_strip-expected-output.patch +++ /dev/null @@ -1,74 +0,0 @@ -From a53d11f05f6f3226121f0c8b5d46638643574832 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Mon, 5 Nov 2018 16:59:00 -0500 -Subject: [PATCH 29/34] tests/functions: m4_strip expected output - -This is so we can indent them in tests instead of starting at column 0. - -(cherry picked from commit 1b64149267f316fdbe38ecd185b74e5dc4f67ac2) ---- - src/tests/functions.at | 16 ++++++++-------- - 1 file changed, 8 insertions(+), 8 deletions(-) - -diff --git a/src/tests/functions.at b/src/tests/functions.at -index 7b5be8b6360c..b69036087639 100644 ---- a/src/tests/functions.at -+++ b/src/tests/functions.at -@@ -232,30 +232,30 @@ m4_define([NS_CHECK], [ - ]) - - m4_define([EBTABLES_LIST_RULES], [ -- NS_CHECK([ebtables --concurrent -t $1 -L $2 | TRIM_WHITESPACE | grep -v "^Bridge"], [$3], [$4], [$5], [$6], [$7]) -+ NS_CHECK([ebtables --concurrent -t $1 -L $2 | TRIM_WHITESPACE | grep -v "^Bridge"], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) - ]) - - m4_define([IPTABLES_LIST_RULES], [ -- NS_CHECK([iptables -w -n -t $1 -L $2 | TRIM_WHITESPACE | tail -n +3], [$3], [$4], [$5], [$6], [$7]) -+ NS_CHECK([iptables -w -n -t $1 -L $2 | TRIM_WHITESPACE | tail -n +3], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) - ]) - - m4_define([IP6TABLES_LIST_RULES], [ -- NS_CHECK([ip6tables -w -n -t $1 -L $2 | TRIM_WHITESPACE | tail -n +3], [$3], [$4], [$5], [$6], [$7]) -+ NS_CHECK([ip6tables -w -n -t $1 -L $2 | TRIM_WHITESPACE | tail -n +3], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) - ]) - - m4_define([NFT_LIST_RULES], [ -- NS_CHECK([nft -nn list chain $1 firewalld $2 | TRIM_WHITESPACE], [$3], [$4], [$5], [$6], [$7]) -+ NS_CHECK([nft -nn list chain $1 firewalld $2 | TRIM_WHITESPACE], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) - ]) - - m4_define([IPSET_LIST_SET], [ - NS_CHECK([ipset list $1 | TRIM_WHITESPACE |dnl - grep -v "^\(Revision\|Header\|Size\|References\|Number\)" |dnl - awk 'NR <= 3; NR > 3 {print | "sort"}'], -- [$2], [$3], [$4], [$5], [$6]) -+ [$2], [m4_strip([$3])], [m4_strip([$4])], [$5], [$6]) - ]) - - m4_define([NFT_LIST_SET], [ -- NS_CHECK([nft -nn list set inet firewalld $1 | TRIM_WHITESPACE], [$2], [$3], [$4], [$5], [$6]) -+ NS_CHECK([nft -nn list set inet firewalld $1 | TRIM_WHITESPACE], [$2], [m4_strip([$3])], [m4_strip([$4])], [$5], [$6]) - ]) - - m4_define([DBUS_CHECK], [ -@@ -273,7 +273,7 @@ m4_define([DBUS_GETALL], [ - /org/fedoraproject/FirewallD1/$1 dnl - org.freedesktop.DBus.Properties.GetAll string:"org.fedoraproject.FirewallD1.$2" dnl - | TRIM_WHITESPACE | DBUS_GETALL_NORMALIZE], -- [$3], [$4], [$5], [$6], [$7]) -+ [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) - ]) - - m4_define([DBUS_GET], [ -@@ -281,7 +281,7 @@ m4_define([DBUS_GET], [ - /org/fedoraproject/FirewallD1/$1 dnl - org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.$2" $3 dnl - | tail -n +2 | TRIM_WHITESPACE], -- [$4], [$5], [$6], [$7], [$8]) -+ [$4], [m4_strip([$5])], [m4_strip([$6])], [$7], [$8]) - ]) - - m4_define([DBUS_SET], [ --- -2.18.0 - diff --git a/SOURCES/firewalld-0.7-0030-tests-functions-for-list-macros-skip-if-testing-fire.patch b/SOURCES/firewalld-0.7-0030-tests-functions-for-list-macros-skip-if-testing-fire.patch deleted file mode 100644 index 018f1dd..0000000 --- a/SOURCES/firewalld-0.7-0030-tests-functions-for-list-macros-skip-if-testing-fire.patch +++ /dev/null @@ -1,78 +0,0 @@ -From f0c0937c3f0252f51bc6ca44c429ccb7b88adddc Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Wed, 5 Dec 2018 09:32:10 -0500 -Subject: [PATCH 30/34] tests/functions: for list macros skip if testing - firewall-offline-cmd - -Otherwise all the tests have to wrap the list macros in something like - - m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ - ... - ]) - -so lets just do that inside the macros themselves. - -(cherry picked from commit 544404c428ea6a117a7d21f10a46d1640804d357) ---- - src/tests/functions.at | 30 +++++++++++++++++++++--------- - 1 file changed, 21 insertions(+), 9 deletions(-) - -diff --git a/src/tests/functions.at b/src/tests/functions.at -index b69036087639..9bb9aac30dee 100644 ---- a/src/tests/functions.at -+++ b/src/tests/functions.at -@@ -232,30 +232,42 @@ m4_define([NS_CHECK], [ - ]) - - m4_define([EBTABLES_LIST_RULES], [ -- NS_CHECK([ebtables --concurrent -t $1 -L $2 | TRIM_WHITESPACE | grep -v "^Bridge"], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) -+ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ -+ NS_CHECK([ebtables --concurrent -t $1 -L $2 | TRIM_WHITESPACE | grep -v "^Bridge"], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) -+ ]) - ]) - - m4_define([IPTABLES_LIST_RULES], [ -- NS_CHECK([iptables -w -n -t $1 -L $2 | TRIM_WHITESPACE | tail -n +3], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) -+ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ -+ NS_CHECK([iptables -w -n -t $1 -L $2 | TRIM_WHITESPACE | tail -n +3], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) -+ ]) - ]) - - m4_define([IP6TABLES_LIST_RULES], [ -- NS_CHECK([ip6tables -w -n -t $1 -L $2 | TRIM_WHITESPACE | tail -n +3], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) -+ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ -+ NS_CHECK([ip6tables -w -n -t $1 -L $2 | TRIM_WHITESPACE | tail -n +3], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) -+ ]) - ]) - - m4_define([NFT_LIST_RULES], [ -- NS_CHECK([nft -nn list chain $1 firewalld $2 | TRIM_WHITESPACE], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) -+ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ -+ NS_CHECK([nft -nn list chain $1 firewalld $2 | TRIM_WHITESPACE], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) -+ ]) - ]) - - m4_define([IPSET_LIST_SET], [ -- NS_CHECK([ipset list $1 | TRIM_WHITESPACE |dnl -- grep -v "^\(Revision\|Header\|Size\|References\|Number\)" |dnl -- awk 'NR <= 3; NR > 3 {print | "sort"}'], -- [$2], [m4_strip([$3])], [m4_strip([$4])], [$5], [$6]) -+ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ -+ NS_CHECK([ipset list $1 | TRIM_WHITESPACE |dnl -+ grep -v "^\(Revision\|Header\|Size\|References\|Number\)" |dnl -+ awk 'NR <= 3; NR > 3 {print | "sort"}'], -+ [$2], [m4_strip([$3])], [m4_strip([$4])], [$5], [$6]) -+ ]) - ]) - - m4_define([NFT_LIST_SET], [ -- NS_CHECK([nft -nn list set inet firewalld $1 | TRIM_WHITESPACE], [$2], [m4_strip([$3])], [m4_strip([$4])], [$5], [$6]) -+ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ -+ NS_CHECK([nft -nn list set inet firewalld $1 | TRIM_WHITESPACE], [$2], [m4_strip([$3])], [m4_strip([$4])], [$5], [$6]) -+ ]) - ]) - - m4_define([DBUS_CHECK], [ --- -2.18.0 - diff --git a/SOURCES/firewalld-0.7-0031-tests-firewall-cmd-remove-redundant-checks-for-TESTI.patch b/SOURCES/firewalld-0.7-0031-tests-firewall-cmd-remove-redundant-checks-for-TESTI.patch deleted file mode 100644 index 4d035c8..0000000 --- a/SOURCES/firewalld-0.7-0031-tests-firewall-cmd-remove-redundant-checks-for-TESTI.patch +++ /dev/null @@ -1,91 +0,0 @@ -From c2803dba3beb1cfd8f0d19f6eb622c55977e77cb Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Wed, 5 Dec 2018 09:38:26 -0500 -Subject: [PATCH 31/34] tests/firewall-cmd: remove redundant checks for - TESTING_FIREWALL_OFFLINE_CMD - -These checks are now part of the list macros. - -(cherry picked from commit 158e5db21e99c48bdd4992de46cc92162d3ba626) ---- - src/tests/firewall-cmd.at | 50 ++++++++++++++++----------------------- - 1 file changed, 21 insertions(+), 29 deletions(-) - -diff --git a/src/tests/firewall-cmd.at b/src/tests/firewall-cmd.at -index 82ffa9f52b47..3cb3e8a96ca7 100644 ---- a/src/tests/firewall-cmd.at -+++ b/src/tests/firewall-cmd.at -@@ -731,36 +731,30 @@ FWD_START_TEST([direct ebtables]) - FWD_CHECK([--direct --get-chains eb filter | grep mychain], 0, ignore) - FWD_CHECK([--direct --add-rule eb filter mychain 1 -p 0x86dd -j DROP], 0, ignore) - FWD_CHECK([--direct --add-rule eb filter mychain 999 -p IPv6 --ip6-protocol UDP --ip6-source-port ! 12345 -j DROP], 0, ignore) --m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ - EBTABLES_LIST_RULES([filter], [mychain], 0, [dnl ---p IPv6 -j DROP ---p IPv6 --ip6-proto udp --ip6-sport ! 12345 -j DROP ---j RETURN --]) --]) -+ -p IPv6 -j DROP -+ -p IPv6 --ip6-proto udp --ip6-sport ! 12345 -j DROP -+ -j RETURN -+ ]) - FWD_CHECK([--direct --remove-rule eb filter mychain 1 -p 0x86dd -j DROP], 0, ignore) --m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ - EBTABLES_LIST_RULES([filter], [mychain], 0, [dnl ---p IPv6 --ip6-proto udp --ip6-sport ! 12345 -j DROP ---j RETURN --]) --]) -+ -p IPv6 --ip6-proto udp --ip6-sport ! 12345 -j DROP -+ -j RETURN -+ ]) - - FWD_CHECK([--direct --add-rule eb filter INPUT 1 -p 0x86dd -j DROP], 0, ignore) - FWD_CHECK([--direct --add-rule eb filter INPUT_direct 1 -p 0x86dd -j DROP], 0, ignore) --m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [dnl --m4_if(nftables, FIREWALL_BACKEND, [dnl -- EBTABLES_LIST_RULES([filter], [INPUT], 0, [dnl ---p IPv6 -j DROP ---p IPv6 -j DROP --])], [dnl -- EBTABLES_LIST_RULES([filter], [INPUT_direct], 0, [dnl ---p IPv6 -j DROP ---p IPv6 -j DROP ---j RETURN --]) --]) --]) -+ m4_if(nftables, FIREWALL_BACKEND, [dnl -+ EBTABLES_LIST_RULES([filter], [INPUT], 0, [dnl -+ -p IPv6 -j DROP -+ -p IPv6 -j DROP -+ ])], [dnl -+ EBTABLES_LIST_RULES([filter], [INPUT_direct], 0, [dnl -+ -p IPv6 -j DROP -+ -p IPv6 -j DROP -+ -j RETURN -+ ]) -+ ]) - - FWD_CHECK([--direct --remove-rules eb filter INPUT], 0, ignore) - FWD_CHECK([--direct --remove-rules eb filter mychain], 0, ignore) -@@ -769,12 +763,10 @@ m4_if(nftables, FIREWALL_BACKEND, [dnl - FWD_CHECK([--permanent --direct --get-chains eb filter | grep mychain], 0, ignore) - FWD_CHECK([--permanent --direct --add-rule eb filter mychain 1 -p 0x86dd -j DROP], 0, ignore) - FWD_RELOAD --m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ - EBTABLES_LIST_RULES([filter], [mychain], 0, [dnl ---p IPv6 -j DROP ---j RETURN --]) --]) -+ -p IPv6 -j DROP -+ -j RETURN -+ ]) - FWD_END_TEST - - FWD_START_TEST([lockdown]) --- -2.18.0 - diff --git a/SOURCES/firewalld-0.7-0032-tests-firewall-cmd-add-test-coverage-for-rich-rules-.patch b/SOURCES/firewalld-0.7-0032-tests-firewall-cmd-add-test-coverage-for-rich-rules-.patch deleted file mode 100644 index 094e7ae..0000000 --- a/SOURCES/firewalld-0.7-0032-tests-firewall-cmd-add-test-coverage-for-rich-rules-.patch +++ /dev/null @@ -1,658 +0,0 @@ -From 255ba3e5ef7f5662251b73da1d9c906ee4082fb8 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Fri, 2 Nov 2018 14:46:17 -0400 -Subject: [PATCH 32/34] tests/firewall-cmd: add test coverage for rich rules - priorities - -(cherry picked from commit d1bea40c157c06439e0ebd54f9f00a5385ad505d) ---- - src/tests/firewall-cmd.at | 633 ++++++++++++++++++++++++++++++++++++++ - 1 file changed, 633 insertions(+) - -diff --git a/src/tests/firewall-cmd.at b/src/tests/firewall-cmd.at -index 3cb3e8a96ca7..0c74a2d087cc 100644 ---- a/src/tests/firewall-cmd.at -+++ b/src/tests/firewall-cmd.at -@@ -863,6 +863,639 @@ FWD_START_TEST([rich rules audit]) - FWD_END_TEST - m4_undefine([rich_rule_test]) - -+FWD_START_TEST([rich rules priority]) -+ CHECK_LOG_AUDIT -+ -+ dnl Verify generic layout of zone -+ m4_if(nftables, FIREWALL_BACKEND, [ -+ NFT_LIST_RULES([inet], [filter_IN_public], 0, [dnl -+ table inet firewalld { -+ chain filter_IN_public { -+ jump filter_IN_public_rich_rule_pre -+ jump filter_IN_public_log -+ jump filter_IN_public_deny -+ jump filter_IN_public_allow -+ jump filter_IN_public_rich_rule_post -+ meta l4proto { icmp, ipv6-icmp } accept -+ } -+ } -+ ]) -+ NFT_LIST_RULES([inet], [filter_FWDI_public], 0, [dnl -+ table inet firewalld { -+ chain filter_FWDI_public { -+ jump filter_FWDI_public_rich_rule_pre -+ jump filter_FWDI_public_log -+ jump filter_FWDI_public_deny -+ jump filter_FWDI_public_allow -+ jump filter_FWDI_public_rich_rule_post -+ meta l4proto { icmp, ipv6-icmp } accept -+ } -+ } -+ ])], [ -+ IPTABLES_LIST_RULES([filter], [IN_public], 0, [dnl -+ IN_public_rich_rule_pre all -- 0.0.0.0/0 0.0.0.0/0 -+ IN_public_log all -- 0.0.0.0/0 0.0.0.0/0 -+ IN_public_deny all -- 0.0.0.0/0 0.0.0.0/0 -+ IN_public_allow all -- 0.0.0.0/0 0.0.0.0/0 -+ IN_public_rich_rule_post all -- 0.0.0.0/0 0.0.0.0/0 -+ ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 -+ ]) -+ IPTABLES_LIST_RULES([filter], [FWDI_public], 0, [dnl -+ FWDI_public_rich_rule_pre all -- 0.0.0.0/0 0.0.0.0/0 -+ FWDI_public_log all -- 0.0.0.0/0 0.0.0.0/0 -+ FWDI_public_deny all -- 0.0.0.0/0 0.0.0.0/0 -+ FWDI_public_allow all -- 0.0.0.0/0 0.0.0.0/0 -+ FWDI_public_rich_rule_post all -- 0.0.0.0/0 0.0.0.0/0 -+ ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 -+ ]) -+ IP6TABLES_LIST_RULES([filter], [IN_public], 0, [dnl -+ IN_public_rich_rule_pre all ::/0 ::/0 -+ IN_public_log all ::/0 ::/0 -+ IN_public_deny all ::/0 ::/0 -+ IN_public_allow all ::/0 ::/0 -+ IN_public_rich_rule_post all ::/0 ::/0 -+ ACCEPT icmpv6 ::/0 ::/0 -+ ]) -+ IP6TABLES_LIST_RULES([filter], [FWDI_public], 0, [dnl -+ FWDI_public_rich_rule_pre all ::/0 ::/0 -+ FWDI_public_log all ::/0 ::/0 -+ FWDI_public_deny all ::/0 ::/0 -+ FWDI_public_allow all ::/0 ::/0 -+ FWDI_public_rich_rule_post all ::/0 ::/0 -+ ACCEPT icmpv6 ::/0 ::/0 -+ ])]) -+ -+ dnl priority 0 (or not specified) is special: -+ dnl accept goes to _allow chain -+ dnl drop goes to _deny chain -+ dnl log goes to _log chain -+ dnl audit goes to _log chain -+ FWD_CHECK([--add-rich-rule='rule port port="1111" protocol="tcp" log'], 0, ignore) -+ FWD_CHECK([--add-rich-rule='rule priority=0 port port="1122" protocol="tcp" audit accept'], 0, ignore) -+ FWD_CHECK([--add-rich-rule='rule port port="2222" protocol="tcp" drop'], 0, ignore) -+ FWD_CHECK([--add-rich-rule='rule port port="3333" protocol="tcp" accept'], 0, ignore) -+ FWD_CHECK([--add-rich-rule='rule priority=0 port port="4444" protocol="tcp" accept'], 0, ignore) -+ m4_if(nftables, FIREWALL_BACKEND, [ -+ NFT_LIST_RULES([inet], [filter_IN_public_log], 0, [dnl -+ table inet firewalld { -+ chain filter_IN_public_log { -+ tcp dport 1111 ct state new,untracked log -+ tcp dport 1122 ct state new,untracked log level audit -+ } -+ } -+ ]) -+ NFT_LIST_RULES([inet], [filter_IN_public_deny], 0, [dnl -+ table inet firewalld { -+ chain filter_IN_public_deny { -+ tcp dport 2222 ct state new,untracked drop -+ } -+ } -+ ]) -+ NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl -+ table inet firewalld { -+ chain filter_IN_public_allow { -+ tcp dport 22 ct state new,untracked accept -+ ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept -+ tcp dport 1122 ct state new,untracked accept -+ tcp dport 3333 ct state new,untracked accept -+ tcp dport 4444 ct state new,untracked accept -+ } -+ } -+ ])], [ -+ IPTABLES_LIST_RULES([filter], [IN_public_log], 0, [dnl -+ LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1111 ctstate NEW,UNTRACKED LOG flags 0 level 4 -+ AUDIT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1122 ctstate NEW,UNTRACKED AUDIT accept -+ ]) -+ IPTABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl -+ DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222 ctstate NEW,UNTRACKED -+ ]) -+ IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl -+ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED -+ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1122 ctstate NEW,UNTRACKED -+ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3333 ctstate NEW,UNTRACKED -+ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4444 ctstate NEW,UNTRACKED -+ ]) -+ IP6TABLES_LIST_RULES([filter], [IN_public_log], 0, [dnl -+ LOG tcp ::/0 ::/0 tcp dpt:1111 ctstate NEW,UNTRACKED LOG flags 0 level 4 -+ AUDIT tcp ::/0 ::/0 tcp dpt:1122 ctstate NEW,UNTRACKED AUDIT accept -+ ]) -+ IP6TABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl -+ DROP tcp ::/0 ::/0 tcp dpt:2222 ctstate NEW,UNTRACKED -+ ]) -+ IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl -+ ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED -+ ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED -+ ACCEPT tcp ::/0 ::/0 tcp dpt:1122 ctstate NEW,UNTRACKED -+ ACCEPT tcp ::/0 ::/0 tcp dpt:3333 ctstate NEW,UNTRACKED -+ ACCEPT tcp ::/0 ::/0 tcp dpt:4444 ctstate NEW,UNTRACKED -+ ]) -+ ]) -+ FWD_RELOAD -+ -+ dnl verify priority range -+ FWD_CHECK([--add-rich-rule='rule priority=-32768 port port="1234" protocol="tcp" accept'], 0, ignore) -+ FWD_CHECK([--add-rich-rule='rule priority=32767 port port="1234" protocol="tcp" accept'], 0, ignore) -+ FWD_CHECK([--add-rich-rule='rule priority=-32769 port port="1234" protocol="tcp" accept'], 139, ignore, ignore) -+ FWD_CHECK([--add-rich-rule='rule priority=32768 port port="1234" protocol="tcp" accept'], 139, ignore, ignore) -+ FWD_RELOAD -+ -+ dnl Special catch-all rule -+ m4_define([rich_rule_str], ['rule priority=127 drop']) -+ FWD_CHECK([--add-rich-rule=rich_rule_str], 0, ignore) -+ FWD_CHECK([--query-rich-rule=rich_rule_str], 0, ignore) -+ m4_if(nftables, FIREWALL_BACKEND, [ -+ NFT_LIST_RULES([inet], [filter_IN_public_rich_rule_post], 0, [dnl -+ table inet firewalld { -+ chain filter_IN_public_rich_rule_post { -+ drop -+ } -+ } -+ ])], [ -+ IPTABLES_LIST_RULES([filter], [IN_public_rich_rule_post], 0, [dnl -+ DROP all -- 0.0.0.0/0 0.0.0.0/0 -+ ]) -+ IP6TABLES_LIST_RULES([filter], [IN_public_rich_rule_post], 0, [dnl -+ DROP all ::/0 ::/0 -+ ])]) -+ FWD_CHECK([--remove-rich-rule=rich_rule_str], 0, ignore) -+ FWD_CHECK([--query-rich-rule=rich_rule_str], 1, ignore) -+ FWD_CHECK([--permanent --add-rich-rule=rich_rule_str], 0, ignore) -+ FWD_CHECK([--permanent --query-rich-rule=rich_rule_str], 0, ignore) -+ FWD_CHECK([--permanent --remove-rich-rule=rich_rule_str], 0, ignore) -+ FWD_CHECK([--permanent --query-rich-rule=rich_rule_str], 1, ignore) -+ m4_undefine([rich_rule_str]) -+ dnl special catch-all should be denied if priority not specified -+ FWD_CHECK([--add-rich-rule='rule drop'], 122, ignore, ignore) -+ FWD_CHECK([--add-rich-rule='rule priority=0 drop'], 122, ignore, ignore) -+ FWD_CHECK([--add-rich-rule='rule log prefix="foobar: "'], 122, ignore, ignore) -+ FWD_RELOAD -+ -+ dnl masquerade and forward-ports are special because they use nat and mangle. -+ FWD_CHECK([--add-rich-rule='rule family="ipv4" source address="10.10.0.0/16" masquerade'], 0, ignore) -+ FWD_CHECK([--add-rich-rule='rule family="ipv4" priority=-10 source address="10.1.1.0/24" masquerade'], 0, ignore) -+ FWD_CHECK([--add-rich-rule='rule family="ipv4" priority=-1 source address="10.1.0.0/16" drop'], 0, ignore) -+ dnl -+ FWD_CHECK([--add-rich-rule='rule family="ipv4" priority=0 forward-port port="222" protocol="tcp" to-port="22"'], 0, ignore) -+ FWD_CHECK([--add-rich-rule='rule family="ipv4" priority=0 forward-port port="2222" protocol="tcp" to-port="22" to-addr="10.1.1.1"'], 0, ignore) -+ FWD_CHECK([--add-rich-rule='rule family="ipv4" priority=-10 forward-port port="8888" protocol="tcp" to-port="80"'], 0, ignore) -+ FWD_CHECK([--add-rich-rule='rule family="ipv4" priority=-10 forward-port port="8080" protocol="tcp" to-port="80" to-addr="10.1.1.1"'], 0, ignore) -+ FWD_CHECK([--add-rich-rule='rule family="ipv6" priority=0 forward-port port="9090" protocol="tcp" to-port="90"'], 0, ignore) -+ FWD_CHECK([--add-rich-rule='rule family="ipv6" priority=-123 forward-port port="999" protocol="tcp" to-port="99"'], 0, ignore) -+ FWD_CHECK([--add-rich-rule='rule family="ipv6" priority=-123 forward-port port="9999" protocol="tcp" to-port="9999" to-addr="1234::4321"'], 0, ignore) -+ m4_if(nftables, FIREWALL_BACKEND, [ -+ NFT_LIST_RULES([inet], [filter_IN_public_rich_rule_pre], 0, [dnl -+ table inet firewalld { -+ chain filter_IN_public_rich_rule_pre { -+ ct state new,untracked meta mark 0x00000069 accept -+ ct state new,untracked meta mark 0x00000066 accept -+ ip saddr 10.1.0.0/16 drop -+ } -+ } -+ ]) -+ NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl -+ table inet firewalld { -+ chain filter_IN_public_allow { -+ tcp dport 22 ct state new,untracked accept -+ ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept -+ ct state new,untracked meta mark 0x00000064 accept -+ ct state new,untracked meta mark 0x00000068 accept -+ } -+ } -+ ]) -+ NFT_LIST_RULES([inet], [filter_FWDI_public_rich_rule_pre], 0, [dnl -+ table inet firewalld { -+ chain filter_FWDI_public_rich_rule_pre { -+ ct state new,untracked meta mark 0x0000006a accept -+ ct state new,untracked meta mark 0x00000067 accept -+ } -+ } -+ ]) -+ NFT_LIST_RULES([inet], [filter_FWDI_public_allow], 0, [dnl -+ table inet firewalld { -+ chain filter_FWDI_public_allow { -+ ct state new,untracked meta mark 0x00000065 accept -+ } -+ } -+ ]) -+ NFT_LIST_RULES([inet], [filter_FWDO_public_rich_rule_pre], 0, [dnl -+ table inet firewalld { -+ chain filter_FWDO_public_rich_rule_pre { -+ ip saddr 10.1.1.0/24 ct state new,untracked accept -+ } -+ } -+ ]) -+ NFT_LIST_RULES([inet], [filter_FWDO_public_allow], 0, [dnl -+ table inet firewalld { -+ chain filter_FWDO_public_allow { -+ ip saddr 10.10.0.0/16 ct state new,untracked accept -+ } -+ } -+ ]) -+ NFT_LIST_RULES([ip], [nat_PRE_public_rich_rule_pre], 0, [dnl -+ table ip firewalld { -+ chain nat_PRE_public_rich_rule_pre { -+ meta l4proto tcp meta mark 0x00000066 redirect to :80 -+ meta l4proto tcp meta mark 0x00000067 dnat to 10.1.1.1:80 -+ } -+ } -+ ]) -+ NFT_LIST_RULES([ip], [nat_PRE_public_allow], 0, [dnl -+ table ip firewalld { -+ chain nat_PRE_public_allow { -+ meta l4proto tcp meta mark 0x00000064 redirect to :22 -+ meta l4proto tcp meta mark 0x00000065 dnat to 10.1.1.1:22 -+ } -+ } -+ ]) -+ NFT_LIST_RULES([ip], [nat_POST_public_rich_rule_pre], 0, [dnl -+ table ip firewalld { -+ chain nat_POST_public_rich_rule_pre { -+ ip saddr 10.1.1.0/24 oifname != "lo" masquerade -+ } -+ } -+ ]) -+ NFT_LIST_RULES([ip], [nat_POST_public_allow], 0, [dnl -+ table ip firewalld { -+ chain nat_POST_public_allow { -+ ip saddr 10.10.0.0/16 oifname != "lo" masquerade -+ } -+ } -+ ]) -+ NFT_LIST_RULES([ip6], [nat_PRE_public_rich_rule_pre], 0, -+ [[table ip6 firewalld { -+ chain nat_PRE_public_rich_rule_pre { -+ meta l4proto tcp meta mark 0x00000069 redirect to :99 -+ meta l4proto tcp meta mark 0x0000006a dnat to [1234::4321]:9999 -+ } -+ } -+ ]]) -+ NFT_LIST_RULES([ip6], [nat_PRE_public_allow], 0, [dnl -+ table ip6 firewalld { -+ chain nat_PRE_public_allow { -+ meta l4proto tcp meta mark 0x00000068 redirect to :90 -+ } -+ } -+ ]) -+ NFT_LIST_RULES([ip6], [nat_POST_public_rich_rule_pre], 0, [dnl -+ table ip6 firewalld { -+ chain nat_POST_public_rich_rule_pre { -+ } -+ } -+ ]) -+ NFT_LIST_RULES([ip6], [nat_POST_public_allow], 0, [dnl -+ table ip6 firewalld { -+ chain nat_POST_public_allow { -+ } -+ } -+ ]) -+ NFT_LIST_RULES([inet], [mangle_PRE_public_rich_rule_pre], 0, [dnl -+ table inet firewalld { -+ chain mangle_PRE_public_rich_rule_pre { -+ meta nfproto ipv6 tcp dport 999 meta mark set 0x00000069 -+ meta nfproto ipv6 tcp dport 9999 meta mark set 0x0000006a -+ meta nfproto ipv4 tcp dport 8888 meta mark set 0x00000066 -+ meta nfproto ipv4 tcp dport 8080 meta mark set 0x00000067 -+ } -+ } -+ ]) -+ NFT_LIST_RULES([inet], [mangle_PRE_public_allow], 0, [dnl -+ table inet firewalld { -+ chain mangle_PRE_public_allow { -+ meta nfproto ipv4 tcp dport 222 meta mark set 0x00000064 -+ meta nfproto ipv4 tcp dport 2222 meta mark set 0x00000065 -+ meta nfproto ipv6 tcp dport 9090 meta mark set 0x00000068 -+ } -+ } -+ ])], [ -+ IPTABLES_LIST_RULES([filter], [IN_public_rich_rule_pre], 0, [dnl -+ ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW,UNTRACKED mark match 0x66 -+ DROP all -- 10.1.0.0/16 0.0.0.0/0 -+ ]) -+ IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl -+ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED -+ ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW,UNTRACKED mark match 0x64 -+ ]) -+ IPTABLES_LIST_RULES([filter], [FWDI_public_rich_rule_pre], 0, [dnl -+ ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW,UNTRACKED mark match 0x67 -+ ]) -+ IPTABLES_LIST_RULES([filter], [FWDI_public_allow], 0, [dnl -+ ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW,UNTRACKED mark match 0x65 -+ ]) -+ IPTABLES_LIST_RULES([filter], [FWDO_public_rich_rule_pre], 0, [dnl -+ ACCEPT all -- 10.1.1.0/24 0.0.0.0/0 ctstate NEW,UNTRACKED -+ ]) -+ IPTABLES_LIST_RULES([filter], [FWDO_public_allow], 0, [dnl -+ ACCEPT all -- 10.10.0.0/16 0.0.0.0/0 ctstate NEW,UNTRACKED -+ ]) -+ IPTABLES_LIST_RULES([nat], [PRE_public_rich_rule_pre], 0, [dnl -+ DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 mark match 0x66 to::80 -+ DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 mark match 0x67 to:10.1.1.1:80 -+ ]) -+ IPTABLES_LIST_RULES([nat], [PRE_public_allow], 0, [dnl -+ DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 mark match 0x64 to::22 -+ DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 mark match 0x65 to:10.1.1.1:22 -+ ]) -+ IPTABLES_LIST_RULES([nat], [POST_public_rich_rule_pre], 0, [dnl -+ MASQUERADE all -- 10.1.1.0/24 0.0.0.0/0 -+ ]) -+ IPTABLES_LIST_RULES([nat], [POST_public_allow], 0, [dnl -+ MASQUERADE all -- 10.10.0.0/16 0.0.0.0/0 -+ ]) -+ IPTABLES_LIST_RULES([mangle], [PRE_public_rich_rule_pre], 0, [dnl -+ MARK tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8888 MARK set 0x66 -+ MARK tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 MARK set 0x67 -+ ]) -+ IPTABLES_LIST_RULES([mangle], [PRE_public_allow], 0, [dnl -+ MARK tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:222 MARK set 0x64 -+ MARK tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222 MARK set 0x65 -+ ]) -+ IP6TABLES_LIST_RULES([filter], [IN_public_rich_rule_pre], 0, [dnl -+ ACCEPT all ::/0 ::/0 ctstate NEW,UNTRACKED mark match 0x69 -+ ]) -+ IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl -+ ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED -+ ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED -+ ACCEPT all ::/0 ::/0 ctstate NEW,UNTRACKED mark match 0x68 -+ ]) -+ IP6TABLES_LIST_RULES([filter], [FWDI_public_rich_rule_pre], 0, [dnl -+ ACCEPT all ::/0 ::/0 ctstate NEW,UNTRACKED mark match 0x6a -+ ]) -+ IP6TABLES_LIST_RULES([filter], [FWDI_public_allow], 0, [dnl -+ ]) -+ IP6TABLES_LIST_RULES([nat], [PRE_public_rich_rule_pre], 0, -+ [[DNAT tcp ::/0 ::/0 mark match 0x69 to::99 -+ DNAT tcp ::/0 ::/0 mark match 0x6a to:[1234::4321]:9999 -+ ]]) -+ IP6TABLES_LIST_RULES([nat], [PRE_public_allow], 0, [dnl -+ DNAT tcp ::/0 ::/0 mark match 0x68 to::90 -+ ]) -+ IP6TABLES_LIST_RULES([mangle], [PRE_public_rich_rule_pre], 0, [dnl -+ MARK tcp ::/0 ::/0 tcp dpt:999 MARK set 0x69 -+ MARK tcp ::/0 ::/0 tcp dpt:9999 MARK set 0x6a -+ ]) -+ IP6TABLES_LIST_RULES([mangle], [PRE_public_allow], 0, [dnl -+ MARK tcp ::/0 ::/0 tcp dpt:9090 MARK set 0x68 -+ ])]) -+ FWD_RELOAD -+ -+ dnl icmp-block and icmp-type coverage -+ FWD_CHECK([--add-rich-rule='rule icmp-block name="destination-unreachable"'], 0, ignore) -+ FWD_CHECK([--add-rich-rule='rule priority=-10 icmp-block name="destination-unreachable"'], 0, ignore) -+ dnl -+ FWD_CHECK([--add-rich-rule='rule icmp-type name="echo-request" accept'], 0, ignore) -+ FWD_CHECK([--add-rich-rule='rule priority=-10 icmp-type name="echo-request" accept'], 0, ignore) -+ m4_if(nftables, FIREWALL_BACKEND, [ -+ NFT_LIST_RULES([inet], [filter_IN_public_rich_rule_pre], 0, [dnl -+ table inet firewalld { -+ chain filter_IN_public_rich_rule_pre { -+ icmp type destination-unreachable reject with icmp type admin-prohibited -+ icmpv6 type destination-unreachable reject with icmpv6 type admin-prohibited -+ icmp type echo-request accept -+ icmpv6 type echo-request accept -+ } -+ } -+ ]) -+ NFT_LIST_RULES([inet], [filter_IN_public_deny], 0, [dnl -+ table inet firewalld { -+ chain filter_IN_public_deny { -+ icmp type destination-unreachable reject with icmp type admin-prohibited -+ icmpv6 type destination-unreachable reject with icmpv6 type admin-prohibited -+ } -+ } -+ ]) -+ NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl -+ table inet firewalld { -+ chain filter_IN_public_allow { -+ tcp dport 22 ct state new,untracked accept -+ ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept -+ icmp type echo-request accept -+ icmpv6 type echo-request accept -+ } -+ } -+ ]) -+ NFT_LIST_RULES([inet], [filter_FWDI_public_rich_rule_pre], 0, [dnl -+ table inet firewalld { -+ chain filter_FWDI_public_rich_rule_pre { -+ icmp type destination-unreachable reject with icmp type admin-prohibited -+ icmpv6 type destination-unreachable reject with icmpv6 type admin-prohibited -+ icmp type echo-request accept -+ icmpv6 type echo-request accept -+ } -+ } -+ ]) -+ NFT_LIST_RULES([inet], [filter_FWDI_public_deny], 0, [dnl -+ table inet firewalld { -+ chain filter_FWDI_public_deny { -+ icmp type destination-unreachable reject with icmp type admin-prohibited -+ icmpv6 type destination-unreachable reject with icmpv6 type admin-prohibited -+ } -+ } -+ ]) -+ NFT_LIST_RULES([inet], [filter_FWDI_public_allow], 0, [dnl -+ table inet firewalld { -+ chain filter_FWDI_public_allow { -+ icmp type echo-request accept -+ icmpv6 type echo-request accept -+ } -+ } -+ ])], [ -+ IPTABLES_LIST_RULES([filter], [IN_public_rich_rule_pre], 0, [dnl -+ REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3 reject-with icmp-host-prohibited -+ ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 -+ ]) -+ IPTABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl -+ REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3 reject-with icmp-host-prohibited -+ ]) -+ IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl -+ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED -+ ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 -+ ]) -+ IPTABLES_LIST_RULES([filter], [FWDI_public_rich_rule_pre], 0, [dnl -+ REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3 reject-with icmp-host-prohibited -+ ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 -+ ]) -+ IPTABLES_LIST_RULES([filter], [FWDI_public_deny], 0, [dnl -+ REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3 reject-with icmp-host-prohibited -+ ]) -+ IPTABLES_LIST_RULES([filter], [FWDI_public_allow], 0, [dnl -+ ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 -+ ]) -+ IP6TABLES_LIST_RULES([filter], [IN_public_rich_rule_pre], 0, [dnl -+ REJECT icmpv6 ::/0 ::/0 ipv6-icmptype 1 reject-with icmp6-adm-prohibited -+ ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128 -+ ]) -+ IP6TABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl -+ REJECT icmpv6 ::/0 ::/0 ipv6-icmptype 1 reject-with icmp6-adm-prohibited -+ ]) -+ IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl -+ ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED -+ ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED -+ ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128 -+ ]) -+ IP6TABLES_LIST_RULES([filter], [FWDI_public_rich_rule_pre], 0, [dnl -+ REJECT icmpv6 ::/0 ::/0 ipv6-icmptype 1 reject-with icmp6-adm-prohibited -+ ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128 -+ ]) -+ IP6TABLES_LIST_RULES([filter], [FWDI_public_deny], 0, [dnl -+ REJECT icmpv6 ::/0 ::/0 ipv6-icmptype 1 reject-with icmp6-adm-prohibited -+ ]) -+ IP6TABLES_LIST_RULES([filter], [FWDI_public_allow], 0, [dnl -+ ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128 -+ ])]) -+ FWD_RELOAD -+ -+ dnl add many negative/positive priorities and make sure they're in the right order -+ FWD_CHECK([--add-rich-rule='rule priority=70 service name="smtps" accept'], 0, ignore) -+ FWD_CHECK([--add-rich-rule='rule priority=-111 service name="ntp" accept'], 0, ignore) -+ FWD_CHECK([--add-rich-rule='rule priority=-10 port port="1111" protocol="tcp" drop'], 0, ignore) -+ FWD_CHECK([--add-rich-rule='rule priority=-100 port port="1111" protocol="tcp" log'], 0, ignore) -+ FWD_CHECK([--add-rich-rule='rule priority="-77" service name="smtp" accept'], 0, ignore) -+ FWD_CHECK([--remove-rich-rule='rule priority=-111 service name="ntp" accept'], 0, ignore) -+ FWD_CHECK([--add-rich-rule='rule family="ipv4" priority=-32768 source address="10.0.0.0/8" log'], 0, ignore) -+ FWD_CHECK([--add-rich-rule='rule family="ipv4" priority=-2 source address="10.0.0.0/8" log'], 0, ignore) -+ FWD_CHECK([--add-rich-rule='rule family="ipv4" priority=-1 source address="10.0.0.0/8" drop'], 0, ignore) -+ FWD_CHECK([--add-rich-rule='rule family="ipv4" priority=-5 source address="10.10.10.0/24" accept'], 0, ignore) -+ FWD_CHECK([--add-rich-rule='rule family="ipv4" priority=-3 source address="10.100.100.0/24" drop'], 0, ignore) -+ FWD_CHECK([--add-rich-rule='rule priority=127 drop'], 0, ignore) -+ FWD_CHECK([--add-rich-rule='rule priority=125 service name="imap" accept'], 0, ignore) -+ FWD_CHECK([--add-rich-rule='rule priority=126 log prefix="DROPPED: "'], 0, ignore) -+ FWD_CHECK([--add-rich-rule='rule priority=10 service name="ssh" accept'], 0, ignore) -+ FWD_CHECK([--add-rich-rule='rule priority=1 service name="http" accept'], 0, ignore) -+ FWD_CHECK([--add-rich-rule='rule priority=100 service name="https" accept'], 0, ignore) -+ FWD_CHECK([--add-rich-rule='rule priority=5 service name="https" accept'], 0, ignore) -+ FWD_CHECK([--add-rich-rule='rule priority=66 service name="smtp" accept'], 0, ignore) -+ FWD_CHECK([--remove-rich-rule='rule priority=66 service name="smtp" accept'], 0, ignore) -+ FWD_CHECK([--remove-rich-rule='rule priority=70 service name="smtps" accept'], 0, ignore) -+ FWD_CHECK([--remove-rich-rule='rule priority=5 service name="https" accept'], 0, ignore) -+ FWD_CHECK([--remove-rich-rule='rule priority="-77" service name="smtp" accept'], 0, ignore) -+ FWD_CHECK([--remove-rich-rule='rule family="ipv4" priority=-3 source address="10.100.100.0/24" drop'], 0, ignore) -+ m4_if(nftables, FIREWALL_BACKEND, [ -+ NFT_LIST_RULES([inet], [filter_IN_public_rich_rule_pre], 0, [dnl -+ table inet firewalld { -+ chain filter_IN_public_rich_rule_pre { -+ ip saddr 10.0.0.0/8 log -+ tcp dport 1111 ct state new,untracked log -+ tcp dport 1111 ct state new,untracked drop -+ ip saddr 10.10.10.0/24 accept -+ ip saddr 10.0.0.0/8 log -+ ip saddr 10.0.0.0/8 drop -+ } -+ } -+ ]) -+ NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl -+ table inet firewalld { -+ chain filter_IN_public_allow { -+ tcp dport 22 ct state new,untracked accept -+ ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept -+ } -+ } -+ ]) -+ NFT_LIST_RULES([inet], [filter_IN_public_deny], 0, [dnl -+ table inet firewalld { -+ chain filter_IN_public_deny { -+ } -+ } -+ ]) -+ NFT_LIST_RULES([inet], [filter_IN_public_log], 0, [dnl -+ table inet firewalld { -+ chain filter_IN_public_log { -+ } -+ } -+ ]) -+ NFT_LIST_RULES([inet], [filter_IN_public_rich_rule_post], 0, [dnl -+ table inet firewalld { -+ chain filter_IN_public_rich_rule_post { -+ tcp dport 80 ct state new,untracked accept -+ tcp dport 22 ct state new,untracked accept -+ tcp dport 443 ct state new,untracked accept -+ tcp dport 143 ct state new,untracked accept -+ log prefix "DROPPED: " -+ drop -+ } -+ } -+ ])], [ -+ IPTABLES_LIST_RULES([filter], [IN_public_rich_rule_pre], 0, [dnl -+ LOG all -- 10.0.0.0/8 0.0.0.0/0 LOG flags 0 level 4 -+ LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1111 ctstate NEW,UNTRACKED LOG flags 0 level 4 -+ DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1111 ctstate NEW,UNTRACKED -+ ACCEPT all -- 10.10.10.0/24 0.0.0.0/0 -+ LOG all -- 10.0.0.0/8 0.0.0.0/0 LOG flags 0 level 4 -+ DROP all -- 10.0.0.0/8 0.0.0.0/0 -+ ]) -+ IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl -+ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED -+ ]) -+ IPTABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl -+ ]) -+ IPTABLES_LIST_RULES([filter], [IN_public_log], 0, [dnl -+ ]) -+ IPTABLES_LIST_RULES([filter], [IN_public_rich_rule_post], 0, [dnl -+ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ctstate NEW,UNTRACKED -+ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED -+ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ctstate NEW,UNTRACKED -+ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 ctstate NEW,UNTRACKED -+ LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "'DROPPED: '" -+ DROP all -- 0.0.0.0/0 0.0.0.0/0 -+ ]) -+ IP6TABLES_LIST_RULES([filter], [IN_public_rich_rule_pre], 0, [dnl -+ LOG tcp ::/0 ::/0 tcp dpt:1111 ctstate NEW,UNTRACKED LOG flags 0 level 4 -+ DROP tcp ::/0 ::/0 tcp dpt:1111 ctstate NEW,UNTRACKED -+ ]) -+ IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl -+ ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED -+ ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED -+ ]) -+ IP6TABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl -+ ]) -+ IP6TABLES_LIST_RULES([filter], [IN_public_log], 0, [dnl -+ ]) -+ IP6TABLES_LIST_RULES([filter], [IN_public_rich_rule_post], 0, [dnl -+ ACCEPT tcp ::/0 ::/0 tcp dpt:80 ctstate NEW,UNTRACKED -+ ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED -+ ACCEPT tcp ::/0 ::/0 tcp dpt:443 ctstate NEW,UNTRACKED -+ ACCEPT tcp ::/0 ::/0 tcp dpt:143 ctstate NEW,UNTRACKED -+ LOG all ::/0 ::/0 LOG flags 0 level 4 prefix "'DROPPED: '" -+ DROP all ::/0 ::/0 -+ ])]) -+ FWD_CHECK([-q --runtime-to-permanent]) -+ FWD_RELOAD -+ -+ dnl Verify the rules are displayed in order of priority, not by when they -+ dnl were added. -+ FWD_CHECK([--add-rich-rule='rule priority=0 service name="http" accept'], 0, ignore) -+ FWD_CHECK([--list-all | TRIM_WHITESPACE], 0, [m4_strip([dnl -+ public -+ target: default -+ icmp-block-inversion: no -+ interfaces: -+ sources: -+ services: dhcpv6-client ssh -+ ports: -+ protocols: -+ masquerade: no -+ forward-ports: -+ source-ports: -+ icmp-blocks: -+ rich rules: -+ rule priority="-32768" family="ipv4" source address="10.0.0.0/8" log -+ rule priority="-100" port port="1111" protocol="tcp" log -+ rule priority="-10" port port="1111" protocol="tcp" drop -+ rule priority="-5" family="ipv4" source address="10.10.10.0/24" accept -+ rule priority="-2" family="ipv4" source address="10.0.0.0/8" log -+ rule priority="-1" family="ipv4" source address="10.0.0.0/8" drop -+ rule service name="http" accept -+ rule priority="1" service name="http" accept -+ rule priority="10" service name="ssh" accept -+ rule priority="100" service name="https" accept -+ rule priority="125" service name="imap" accept -+ rule priority="126" log prefix="DROPPED: " -+ rule priority="127" drop -+ ])]) -+ -+FWD_END_TEST([-e '/INVALID_RULE: no element, no source, no destination/d'dnl -+ -e '/INVALID_RULE: no element, no action/d'dnl -+ -e '/ERROR: INVALID_PRIORITY: /d']) -+ - FWD_START_TEST([rich rules bad]) - m4_define([rich_rule_test], [ - FWD_CHECK([--add-rich-rule='$1'], $2, ignore, ignore) --- -2.18.0 - diff --git a/SOURCES/firewalld-0.7-0033-treewide-shorten-rich-rule-chain-suffix.patch b/SOURCES/firewalld-0.7-0033-treewide-shorten-rich-rule-chain-suffix.patch deleted file mode 100644 index b570e87..0000000 --- a/SOURCES/firewalld-0.7-0033-treewide-shorten-rich-rule-chain-suffix.patch +++ /dev/null @@ -1,576 +0,0 @@ -From 851c03faa007db22dd28be5e7fbf63eb6861dec2 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Thu, 6 Dec 2018 15:25:17 -0500 -Subject: [PATCH 33/34] treewide: shorten rich rule chain suffix - -iptables only allows chain names up to 29 characters. So lets reduce the -chain suffix for rich rules with priorities. Otherwise zones with longer -names won't be usable. - - _rich_rule_pre --> _pre - _rich_rule_post --> _post - -Note: This is a non issue for the nftables backend. As of kernel v4.14 -it allows names up to 255 bytes. - -Fixes: 29d657527bd2 ("ipXtables: support rich rule priorities") -(cherry picked from commit f4a8a4f57cccea32bef0e3725ec6d657824b8b5c) ---- - doc/xml/firewalld.richlanguage.xml | 8 +- - src/firewall/core/ipXtables.py | 20 ++--- - src/firewall/core/nftables.py | 20 ++--- - src/tests/firewall-cmd.at | 116 ++++++++++++++--------------- - 4 files changed, 82 insertions(+), 82 deletions(-) - -diff --git a/doc/xml/firewalld.richlanguage.xml b/doc/xml/firewalld.richlanguage.xml -index a0562b93249e..a053a828f1fe 100644 ---- a/doc/xml/firewalld.richlanguage.xml -+++ b/doc/xml/firewalld.richlanguage.xml -@@ -344,21 +344,21 @@ limit value="rate/duration" - - - --zone_rich_rule_pre -+zone_pre - zone_log - zone_deny - zone_allow --zone_rich_rule_post -+zone_post - - - -- When priority < 0, the rich rule will be placed in the zone_rich_rule_pre chain. -+ When priority < 0, the rich rule will be placed in the zone_pre chain. - - - When priority == 0Then all logging rules will be placed in the zone_log chain. All reject and drop rules will be placed in the zone_deny chain, which will be walked after the log chain. All accept rules will be placed in the zone_allow chain, which will be walked after the deny chain. If a rule contains log and also deny or allow actions, the parts are placed in the matching chains. - - -- When priority > 0, the rich rule will be placed in the zone_rich_rule_post chain. -+ When priority > 0, the rich rule will be placed in the zone_post chain. - - - -diff --git a/src/firewall/core/ipXtables.py b/src/firewall/core/ipXtables.py -index 43ff9307a41c..1940641c982e 100644 ---- a/src/firewall/core/ipXtables.py -+++ b/src/firewall/core/ipXtables.py -@@ -804,22 +804,22 @@ class ip4tables(object): - OUR_CHAINS[table].update(set([_zone, - "%s_log" % _zone, - "%s_deny" % _zone, -- "%s_rich_rule_pre" % _zone, -- "%s_rich_rule_post" % _zone, -+ "%s_pre" % _zone, -+ "%s_post" % _zone, - "%s_allow" % _zone])) - - rules = [] - rules.append([ "-N", _zone, "-t", table ]) -- rules.append([ "-N", "%s_rich_rule_pre" % _zone, "-t", table ]) -+ rules.append([ "-N", "%s_pre" % _zone, "-t", table ]) - rules.append([ "-N", "%s_log" % _zone, "-t", table ]) - rules.append([ "-N", "%s_deny" % _zone, "-t", table ]) - rules.append([ "-N", "%s_allow" % _zone, "-t", table ]) -- rules.append([ "-N", "%s_rich_rule_post" % _zone, "-t", table ]) -- rules.append([ "-I", _zone, "1", "-t", table, "-j", "%s_rich_rule_pre" % _zone ]) -+ rules.append([ "-N", "%s_post" % _zone, "-t", table ]) -+ rules.append([ "-I", _zone, "1", "-t", table, "-j", "%s_pre" % _zone ]) - rules.append([ "-I", _zone, "2", "-t", table, "-j", "%s_log" % _zone ]) - rules.append([ "-I", _zone, "3", "-t", table, "-j", "%s_deny" % _zone ]) - rules.append([ "-I", _zone, "4", "-t", table, "-j", "%s_allow" % _zone ]) -- rules.append([ "-I", _zone, "5", "-t", table, "-j", "%s_rich_rule_post" % _zone ]) -+ rules.append([ "-I", _zone, "5", "-t", table, "-j", "%s_post" % _zone ]) - - # Handle trust, block and drop zones: - # Add an additional rule with the zone target (accept, reject -@@ -869,9 +869,9 @@ class ip4tables(object): - type(rich_rule.action) in [Rich_Reject, Rich_Drop]: - return "deny" - elif rich_rule.priority < 0: -- return "rich_rule_pre" -+ return "pre" - else: -- return "rich_rule_post" -+ return "post" - - def _rich_rule_chain_suffix_from_log(self, rich_rule): - if not rich_rule.log and not rich_rule.audit: -@@ -880,9 +880,9 @@ class ip4tables(object): - if rich_rule.priority == 0: - return "log" - elif rich_rule.priority < 0: -- return "rich_rule_pre" -+ return "pre" - else: -- return "rich_rule_post" -+ return "post" - - def _rich_rule_priority_fragment(self, rich_rule): - if rich_rule.priority == 0: -diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py -index d59bc55bf1a5..8e24721c94f5 100644 ---- a/src/firewall/core/nftables.py -+++ b/src/firewall/core/nftables.py -@@ -609,15 +609,15 @@ class nftables(object): - OUR_CHAINS[family][table].update(set([_zone, - "%s_log" % _zone, - "%s_deny" % _zone, -- "%s_rich_rule_pre" % _zone, -- "%s_rich_rule_post" % _zone, -+ "%s_pre" % _zone, -+ "%s_post" % _zone, - "%s_allow" % _zone])) - - rules = [] - rules.append(["add", "chain", family, "%s" % TABLE_NAME, - "%s_%s" % (table, _zone)]) - rules.append(["add", "chain", family, "%s" % TABLE_NAME, -- "%s_%s_rich_rule_pre" % (table, _zone)]) -+ "%s_%s_pre" % (table, _zone)]) - rules.append(["add", "chain", family, "%s" % TABLE_NAME, - "%s_%s_log" % (table, _zone)]) - rules.append(["add", "chain", family, "%s" % TABLE_NAME, -@@ -625,11 +625,11 @@ class nftables(object): - rules.append(["add", "chain", family, "%s" % TABLE_NAME, - "%s_%s_allow" % (table, _zone)]) - rules.append(["add", "chain", family, "%s" % TABLE_NAME, -- "%s_%s_rich_rule_post" % (table, _zone)]) -+ "%s_%s_post" % (table, _zone)]) - - rules.append(["add", "rule", family, "%s" % TABLE_NAME, - "%s_%s" % (table, _zone), -- "jump", "%s_%s_rich_rule_pre" % (table, _zone)]) -+ "jump", "%s_%s_pre" % (table, _zone)]) - rules.append(["add", "rule", family, "%s" % TABLE_NAME, - "%s_%s" % (table, _zone), - "jump", "%s_%s_log" % (table, _zone)]) -@@ -641,7 +641,7 @@ class nftables(object): - "jump", "%s_%s_allow" % (table, _zone)]) - rules.append(["add", "rule", family, "%s" % TABLE_NAME, - "%s_%s" % (table, _zone), -- "jump", "%s_%s_rich_rule_post" % (table, _zone)]) -+ "jump", "%s_%s_post" % (table, _zone)]) - - target = self._fw.zone._zones[zone].target - -@@ -741,9 +741,9 @@ class nftables(object): - type(rich_rule.action) in [Rich_Reject, Rich_Drop]: - return "deny" - elif rich_rule.priority < 0: -- return "rich_rule_pre" -+ return "pre" - else: -- return "rich_rule_post" -+ return "post" - - def _rich_rule_chain_suffix_from_log(self, rich_rule): - if not rich_rule.log and not rich_rule.audit: -@@ -752,9 +752,9 @@ class nftables(object): - if rich_rule.priority == 0: - return "log" - elif rich_rule.priority < 0: -- return "rich_rule_pre" -+ return "pre" - else: -- return "rich_rule_post" -+ return "post" - - def _rich_rule_priority_fragment(self, rich_rule): - if rich_rule.priority == 0: -diff --git a/src/tests/firewall-cmd.at b/src/tests/firewall-cmd.at -index 0c74a2d087cc..d408f31bd6b8 100644 ---- a/src/tests/firewall-cmd.at -+++ b/src/tests/firewall-cmd.at -@@ -871,11 +871,11 @@ FWD_START_TEST([rich rules priority]) - NFT_LIST_RULES([inet], [filter_IN_public], 0, [dnl - table inet firewalld { - chain filter_IN_public { -- jump filter_IN_public_rich_rule_pre -+ jump filter_IN_public_pre - jump filter_IN_public_log - jump filter_IN_public_deny - jump filter_IN_public_allow -- jump filter_IN_public_rich_rule_post -+ jump filter_IN_public_post - meta l4proto { icmp, ipv6-icmp } accept - } - } -@@ -883,45 +883,45 @@ FWD_START_TEST([rich rules priority]) - NFT_LIST_RULES([inet], [filter_FWDI_public], 0, [dnl - table inet firewalld { - chain filter_FWDI_public { -- jump filter_FWDI_public_rich_rule_pre -+ jump filter_FWDI_public_pre - jump filter_FWDI_public_log - jump filter_FWDI_public_deny - jump filter_FWDI_public_allow -- jump filter_FWDI_public_rich_rule_post -+ jump filter_FWDI_public_post - meta l4proto { icmp, ipv6-icmp } accept - } - } - ])], [ - IPTABLES_LIST_RULES([filter], [IN_public], 0, [dnl -- IN_public_rich_rule_pre all -- 0.0.0.0/0 0.0.0.0/0 -+ IN_public_pre all -- 0.0.0.0/0 0.0.0.0/0 - IN_public_log all -- 0.0.0.0/0 0.0.0.0/0 - IN_public_deny all -- 0.0.0.0/0 0.0.0.0/0 - IN_public_allow all -- 0.0.0.0/0 0.0.0.0/0 -- IN_public_rich_rule_post all -- 0.0.0.0/0 0.0.0.0/0 -+ IN_public_post all -- 0.0.0.0/0 0.0.0.0/0 - ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 - ]) - IPTABLES_LIST_RULES([filter], [FWDI_public], 0, [dnl -- FWDI_public_rich_rule_pre all -- 0.0.0.0/0 0.0.0.0/0 -+ FWDI_public_pre all -- 0.0.0.0/0 0.0.0.0/0 - FWDI_public_log all -- 0.0.0.0/0 0.0.0.0/0 - FWDI_public_deny all -- 0.0.0.0/0 0.0.0.0/0 - FWDI_public_allow all -- 0.0.0.0/0 0.0.0.0/0 -- FWDI_public_rich_rule_post all -- 0.0.0.0/0 0.0.0.0/0 -+ FWDI_public_post all -- 0.0.0.0/0 0.0.0.0/0 - ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 - ]) - IP6TABLES_LIST_RULES([filter], [IN_public], 0, [dnl -- IN_public_rich_rule_pre all ::/0 ::/0 -+ IN_public_pre all ::/0 ::/0 - IN_public_log all ::/0 ::/0 - IN_public_deny all ::/0 ::/0 - IN_public_allow all ::/0 ::/0 -- IN_public_rich_rule_post all ::/0 ::/0 -+ IN_public_post all ::/0 ::/0 - ACCEPT icmpv6 ::/0 ::/0 - ]) - IP6TABLES_LIST_RULES([filter], [FWDI_public], 0, [dnl -- FWDI_public_rich_rule_pre all ::/0 ::/0 -+ FWDI_public_pre all ::/0 ::/0 - FWDI_public_log all ::/0 ::/0 - FWDI_public_deny all ::/0 ::/0 - FWDI_public_allow all ::/0 ::/0 -- FWDI_public_rich_rule_post all ::/0 ::/0 -+ FWDI_public_post all ::/0 ::/0 - ACCEPT icmpv6 ::/0 ::/0 - ])]) - -@@ -1004,17 +1004,17 @@ FWD_START_TEST([rich rules priority]) - FWD_CHECK([--add-rich-rule=rich_rule_str], 0, ignore) - FWD_CHECK([--query-rich-rule=rich_rule_str], 0, ignore) - m4_if(nftables, FIREWALL_BACKEND, [ -- NFT_LIST_RULES([inet], [filter_IN_public_rich_rule_post], 0, [dnl -+ NFT_LIST_RULES([inet], [filter_IN_public_post], 0, [dnl - table inet firewalld { -- chain filter_IN_public_rich_rule_post { -+ chain filter_IN_public_post { - drop - } - } - ])], [ -- IPTABLES_LIST_RULES([filter], [IN_public_rich_rule_post], 0, [dnl -+ IPTABLES_LIST_RULES([filter], [IN_public_post], 0, [dnl - DROP all -- 0.0.0.0/0 0.0.0.0/0 - ]) -- IP6TABLES_LIST_RULES([filter], [IN_public_rich_rule_post], 0, [dnl -+ IP6TABLES_LIST_RULES([filter], [IN_public_post], 0, [dnl - DROP all ::/0 ::/0 - ])]) - FWD_CHECK([--remove-rich-rule=rich_rule_str], 0, ignore) -@@ -1043,9 +1043,9 @@ FWD_START_TEST([rich rules priority]) - FWD_CHECK([--add-rich-rule='rule family="ipv6" priority=-123 forward-port port="999" protocol="tcp" to-port="99"'], 0, ignore) - FWD_CHECK([--add-rich-rule='rule family="ipv6" priority=-123 forward-port port="9999" protocol="tcp" to-port="9999" to-addr="1234::4321"'], 0, ignore) - m4_if(nftables, FIREWALL_BACKEND, [ -- NFT_LIST_RULES([inet], [filter_IN_public_rich_rule_pre], 0, [dnl -+ NFT_LIST_RULES([inet], [filter_IN_public_pre], 0, [dnl - table inet firewalld { -- chain filter_IN_public_rich_rule_pre { -+ chain filter_IN_public_pre { - ct state new,untracked meta mark 0x00000069 accept - ct state new,untracked meta mark 0x00000066 accept - ip saddr 10.1.0.0/16 drop -@@ -1062,9 +1062,9 @@ FWD_START_TEST([rich rules priority]) - } - } - ]) -- NFT_LIST_RULES([inet], [filter_FWDI_public_rich_rule_pre], 0, [dnl -+ NFT_LIST_RULES([inet], [filter_FWDI_public_pre], 0, [dnl - table inet firewalld { -- chain filter_FWDI_public_rich_rule_pre { -+ chain filter_FWDI_public_pre { - ct state new,untracked meta mark 0x0000006a accept - ct state new,untracked meta mark 0x00000067 accept - } -@@ -1077,9 +1077,9 @@ FWD_START_TEST([rich rules priority]) - } - } - ]) -- NFT_LIST_RULES([inet], [filter_FWDO_public_rich_rule_pre], 0, [dnl -+ NFT_LIST_RULES([inet], [filter_FWDO_public_pre], 0, [dnl - table inet firewalld { -- chain filter_FWDO_public_rich_rule_pre { -+ chain filter_FWDO_public_pre { - ip saddr 10.1.1.0/24 ct state new,untracked accept - } - } -@@ -1091,9 +1091,9 @@ FWD_START_TEST([rich rules priority]) - } - } - ]) -- NFT_LIST_RULES([ip], [nat_PRE_public_rich_rule_pre], 0, [dnl -+ NFT_LIST_RULES([ip], [nat_PRE_public_pre], 0, [dnl - table ip firewalld { -- chain nat_PRE_public_rich_rule_pre { -+ chain nat_PRE_public_pre { - meta l4proto tcp meta mark 0x00000066 redirect to :80 - meta l4proto tcp meta mark 0x00000067 dnat to 10.1.1.1:80 - } -@@ -1107,9 +1107,9 @@ FWD_START_TEST([rich rules priority]) - } - } - ]) -- NFT_LIST_RULES([ip], [nat_POST_public_rich_rule_pre], 0, [dnl -+ NFT_LIST_RULES([ip], [nat_POST_public_pre], 0, [dnl - table ip firewalld { -- chain nat_POST_public_rich_rule_pre { -+ chain nat_POST_public_pre { - ip saddr 10.1.1.0/24 oifname != "lo" masquerade - } - } -@@ -1121,9 +1121,9 @@ FWD_START_TEST([rich rules priority]) - } - } - ]) -- NFT_LIST_RULES([ip6], [nat_PRE_public_rich_rule_pre], 0, -+ NFT_LIST_RULES([ip6], [nat_PRE_public_pre], 0, - [[table ip6 firewalld { -- chain nat_PRE_public_rich_rule_pre { -+ chain nat_PRE_public_pre { - meta l4proto tcp meta mark 0x00000069 redirect to :99 - meta l4proto tcp meta mark 0x0000006a dnat to [1234::4321]:9999 - } -@@ -1136,9 +1136,9 @@ FWD_START_TEST([rich rules priority]) - } - } - ]) -- NFT_LIST_RULES([ip6], [nat_POST_public_rich_rule_pre], 0, [dnl -+ NFT_LIST_RULES([ip6], [nat_POST_public_pre], 0, [dnl - table ip6 firewalld { -- chain nat_POST_public_rich_rule_pre { -+ chain nat_POST_public_pre { - } - } - ]) -@@ -1148,9 +1148,9 @@ FWD_START_TEST([rich rules priority]) - } - } - ]) -- NFT_LIST_RULES([inet], [mangle_PRE_public_rich_rule_pre], 0, [dnl -+ NFT_LIST_RULES([inet], [mangle_PRE_public_pre], 0, [dnl - table inet firewalld { -- chain mangle_PRE_public_rich_rule_pre { -+ chain mangle_PRE_public_pre { - meta nfproto ipv6 tcp dport 999 meta mark set 0x00000069 - meta nfproto ipv6 tcp dport 9999 meta mark set 0x0000006a - meta nfproto ipv4 tcp dport 8888 meta mark set 0x00000066 -@@ -1167,7 +1167,7 @@ FWD_START_TEST([rich rules priority]) - } - } - ])], [ -- IPTABLES_LIST_RULES([filter], [IN_public_rich_rule_pre], 0, [dnl -+ IPTABLES_LIST_RULES([filter], [IN_public_pre], 0, [dnl - ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW,UNTRACKED mark match 0x66 - DROP all -- 10.1.0.0/16 0.0.0.0/0 - ]) -@@ -1175,19 +1175,19 @@ FWD_START_TEST([rich rules priority]) - ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED - ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW,UNTRACKED mark match 0x64 - ]) -- IPTABLES_LIST_RULES([filter], [FWDI_public_rich_rule_pre], 0, [dnl -+ IPTABLES_LIST_RULES([filter], [FWDI_public_pre], 0, [dnl - ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW,UNTRACKED mark match 0x67 - ]) - IPTABLES_LIST_RULES([filter], [FWDI_public_allow], 0, [dnl - ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW,UNTRACKED mark match 0x65 - ]) -- IPTABLES_LIST_RULES([filter], [FWDO_public_rich_rule_pre], 0, [dnl -+ IPTABLES_LIST_RULES([filter], [FWDO_public_pre], 0, [dnl - ACCEPT all -- 10.1.1.0/24 0.0.0.0/0 ctstate NEW,UNTRACKED - ]) - IPTABLES_LIST_RULES([filter], [FWDO_public_allow], 0, [dnl - ACCEPT all -- 10.10.0.0/16 0.0.0.0/0 ctstate NEW,UNTRACKED - ]) -- IPTABLES_LIST_RULES([nat], [PRE_public_rich_rule_pre], 0, [dnl -+ IPTABLES_LIST_RULES([nat], [PRE_public_pre], 0, [dnl - DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 mark match 0x66 to::80 - DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 mark match 0x67 to:10.1.1.1:80 - ]) -@@ -1195,13 +1195,13 @@ FWD_START_TEST([rich rules priority]) - DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 mark match 0x64 to::22 - DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 mark match 0x65 to:10.1.1.1:22 - ]) -- IPTABLES_LIST_RULES([nat], [POST_public_rich_rule_pre], 0, [dnl -+ IPTABLES_LIST_RULES([nat], [POST_public_pre], 0, [dnl - MASQUERADE all -- 10.1.1.0/24 0.0.0.0/0 - ]) - IPTABLES_LIST_RULES([nat], [POST_public_allow], 0, [dnl - MASQUERADE all -- 10.10.0.0/16 0.0.0.0/0 - ]) -- IPTABLES_LIST_RULES([mangle], [PRE_public_rich_rule_pre], 0, [dnl -+ IPTABLES_LIST_RULES([mangle], [PRE_public_pre], 0, [dnl - MARK tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8888 MARK set 0x66 - MARK tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 MARK set 0x67 - ]) -@@ -1209,7 +1209,7 @@ FWD_START_TEST([rich rules priority]) - MARK tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:222 MARK set 0x64 - MARK tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222 MARK set 0x65 - ]) -- IP6TABLES_LIST_RULES([filter], [IN_public_rich_rule_pre], 0, [dnl -+ IP6TABLES_LIST_RULES([filter], [IN_public_pre], 0, [dnl - ACCEPT all ::/0 ::/0 ctstate NEW,UNTRACKED mark match 0x69 - ]) - IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl -@@ -1217,19 +1217,19 @@ FWD_START_TEST([rich rules priority]) - ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED - ACCEPT all ::/0 ::/0 ctstate NEW,UNTRACKED mark match 0x68 - ]) -- IP6TABLES_LIST_RULES([filter], [FWDI_public_rich_rule_pre], 0, [dnl -+ IP6TABLES_LIST_RULES([filter], [FWDI_public_pre], 0, [dnl - ACCEPT all ::/0 ::/0 ctstate NEW,UNTRACKED mark match 0x6a - ]) - IP6TABLES_LIST_RULES([filter], [FWDI_public_allow], 0, [dnl - ]) -- IP6TABLES_LIST_RULES([nat], [PRE_public_rich_rule_pre], 0, -+ IP6TABLES_LIST_RULES([nat], [PRE_public_pre], 0, - [[DNAT tcp ::/0 ::/0 mark match 0x69 to::99 - DNAT tcp ::/0 ::/0 mark match 0x6a to:[1234::4321]:9999 - ]]) - IP6TABLES_LIST_RULES([nat], [PRE_public_allow], 0, [dnl - DNAT tcp ::/0 ::/0 mark match 0x68 to::90 - ]) -- IP6TABLES_LIST_RULES([mangle], [PRE_public_rich_rule_pre], 0, [dnl -+ IP6TABLES_LIST_RULES([mangle], [PRE_public_pre], 0, [dnl - MARK tcp ::/0 ::/0 tcp dpt:999 MARK set 0x69 - MARK tcp ::/0 ::/0 tcp dpt:9999 MARK set 0x6a - ]) -@@ -1245,9 +1245,9 @@ FWD_START_TEST([rich rules priority]) - FWD_CHECK([--add-rich-rule='rule icmp-type name="echo-request" accept'], 0, ignore) - FWD_CHECK([--add-rich-rule='rule priority=-10 icmp-type name="echo-request" accept'], 0, ignore) - m4_if(nftables, FIREWALL_BACKEND, [ -- NFT_LIST_RULES([inet], [filter_IN_public_rich_rule_pre], 0, [dnl -+ NFT_LIST_RULES([inet], [filter_IN_public_pre], 0, [dnl - table inet firewalld { -- chain filter_IN_public_rich_rule_pre { -+ chain filter_IN_public_pre { - icmp type destination-unreachable reject with icmp type admin-prohibited - icmpv6 type destination-unreachable reject with icmpv6 type admin-prohibited - icmp type echo-request accept -@@ -1273,9 +1273,9 @@ FWD_START_TEST([rich rules priority]) - } - } - ]) -- NFT_LIST_RULES([inet], [filter_FWDI_public_rich_rule_pre], 0, [dnl -+ NFT_LIST_RULES([inet], [filter_FWDI_public_pre], 0, [dnl - table inet firewalld { -- chain filter_FWDI_public_rich_rule_pre { -+ chain filter_FWDI_public_pre { - icmp type destination-unreachable reject with icmp type admin-prohibited - icmpv6 type destination-unreachable reject with icmpv6 type admin-prohibited - icmp type echo-request accept -@@ -1299,7 +1299,7 @@ FWD_START_TEST([rich rules priority]) - } - } - ])], [ -- IPTABLES_LIST_RULES([filter], [IN_public_rich_rule_pre], 0, [dnl -+ IPTABLES_LIST_RULES([filter], [IN_public_pre], 0, [dnl - REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3 reject-with icmp-host-prohibited - ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 - ]) -@@ -1310,7 +1310,7 @@ FWD_START_TEST([rich rules priority]) - ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED - ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 - ]) -- IPTABLES_LIST_RULES([filter], [FWDI_public_rich_rule_pre], 0, [dnl -+ IPTABLES_LIST_RULES([filter], [FWDI_public_pre], 0, [dnl - REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3 reject-with icmp-host-prohibited - ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 - ]) -@@ -1320,7 +1320,7 @@ FWD_START_TEST([rich rules priority]) - IPTABLES_LIST_RULES([filter], [FWDI_public_allow], 0, [dnl - ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 - ]) -- IP6TABLES_LIST_RULES([filter], [IN_public_rich_rule_pre], 0, [dnl -+ IP6TABLES_LIST_RULES([filter], [IN_public_pre], 0, [dnl - REJECT icmpv6 ::/0 ::/0 ipv6-icmptype 1 reject-with icmp6-adm-prohibited - ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128 - ]) -@@ -1332,7 +1332,7 @@ FWD_START_TEST([rich rules priority]) - ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED - ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128 - ]) -- IP6TABLES_LIST_RULES([filter], [FWDI_public_rich_rule_pre], 0, [dnl -+ IP6TABLES_LIST_RULES([filter], [FWDI_public_pre], 0, [dnl - REJECT icmpv6 ::/0 ::/0 ipv6-icmptype 1 reject-with icmp6-adm-prohibited - ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128 - ]) -@@ -1370,9 +1370,9 @@ FWD_START_TEST([rich rules priority]) - FWD_CHECK([--remove-rich-rule='rule priority="-77" service name="smtp" accept'], 0, ignore) - FWD_CHECK([--remove-rich-rule='rule family="ipv4" priority=-3 source address="10.100.100.0/24" drop'], 0, ignore) - m4_if(nftables, FIREWALL_BACKEND, [ -- NFT_LIST_RULES([inet], [filter_IN_public_rich_rule_pre], 0, [dnl -+ NFT_LIST_RULES([inet], [filter_IN_public_pre], 0, [dnl - table inet firewalld { -- chain filter_IN_public_rich_rule_pre { -+ chain filter_IN_public_pre { - ip saddr 10.0.0.0/8 log - tcp dport 1111 ct state new,untracked log - tcp dport 1111 ct state new,untracked drop -@@ -1402,9 +1402,9 @@ FWD_START_TEST([rich rules priority]) - } - } - ]) -- NFT_LIST_RULES([inet], [filter_IN_public_rich_rule_post], 0, [dnl -+ NFT_LIST_RULES([inet], [filter_IN_public_post], 0, [dnl - table inet firewalld { -- chain filter_IN_public_rich_rule_post { -+ chain filter_IN_public_post { - tcp dport 80 ct state new,untracked accept - tcp dport 22 ct state new,untracked accept - tcp dport 443 ct state new,untracked accept -@@ -1414,7 +1414,7 @@ FWD_START_TEST([rich rules priority]) - } - } - ])], [ -- IPTABLES_LIST_RULES([filter], [IN_public_rich_rule_pre], 0, [dnl -+ IPTABLES_LIST_RULES([filter], [IN_public_pre], 0, [dnl - LOG all -- 10.0.0.0/8 0.0.0.0/0 LOG flags 0 level 4 - LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1111 ctstate NEW,UNTRACKED LOG flags 0 level 4 - DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1111 ctstate NEW,UNTRACKED -@@ -1429,7 +1429,7 @@ FWD_START_TEST([rich rules priority]) - ]) - IPTABLES_LIST_RULES([filter], [IN_public_log], 0, [dnl - ]) -- IPTABLES_LIST_RULES([filter], [IN_public_rich_rule_post], 0, [dnl -+ IPTABLES_LIST_RULES([filter], [IN_public_post], 0, [dnl - ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ctstate NEW,UNTRACKED - ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED - ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ctstate NEW,UNTRACKED -@@ -1437,7 +1437,7 @@ FWD_START_TEST([rich rules priority]) - LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "'DROPPED: '" - DROP all -- 0.0.0.0/0 0.0.0.0/0 - ]) -- IP6TABLES_LIST_RULES([filter], [IN_public_rich_rule_pre], 0, [dnl -+ IP6TABLES_LIST_RULES([filter], [IN_public_pre], 0, [dnl - LOG tcp ::/0 ::/0 tcp dpt:1111 ctstate NEW,UNTRACKED LOG flags 0 level 4 - DROP tcp ::/0 ::/0 tcp dpt:1111 ctstate NEW,UNTRACKED - ]) -@@ -1449,7 +1449,7 @@ FWD_START_TEST([rich rules priority]) - ]) - IP6TABLES_LIST_RULES([filter], [IN_public_log], 0, [dnl - ]) -- IP6TABLES_LIST_RULES([filter], [IN_public_rich_rule_post], 0, [dnl -+ IP6TABLES_LIST_RULES([filter], [IN_public_post], 0, [dnl - ACCEPT tcp ::/0 ::/0 tcp dpt:80 ctstate NEW,UNTRACKED - ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED - ACCEPT tcp ::/0 ::/0 tcp dpt:443 ctstate NEW,UNTRACKED --- -2.18.0 - diff --git a/SOURCES/firewalld-0.7-0034-tests-functions-normalize-nft-list-rule-output.patch b/SOURCES/firewalld-0.7-0034-tests-functions-normalize-nft-list-rule-output.patch deleted file mode 100644 index a2c251b..0000000 --- a/SOURCES/firewalld-0.7-0034-tests-functions-normalize-nft-list-rule-output.patch +++ /dev/null @@ -1,150 +0,0 @@ -From 9142be6d529e2aa9bc17bc2c3ae37a81d7ca8b98 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Fri, 7 Dec 2018 09:34:27 -0500 -Subject: [PATCH 34/34] tests/functions: normalize nft list rule output - -nftables commit 6dd848339444 ("src: meta: always prefix 'meta' for -almost all tokens") made the "mark" output always be prefixd by "meta". -To be compatible with old nft version, strip the meta keyword. - -Fix test cases as well. - -(cherry picked from commit 3e56d69f5702bbf326dd6701e329aa1e98071b7a) ---- - src/tests/firewall-cmd.at | 42 +++++++++++++++++++-------------------- - src/tests/functions.at | 6 +++++- - 2 files changed, 26 insertions(+), 22 deletions(-) - -diff --git a/src/tests/firewall-cmd.at b/src/tests/firewall-cmd.at -index d408f31bd6b8..baef4d6dc7ef 100644 ---- a/src/tests/firewall-cmd.at -+++ b/src/tests/firewall-cmd.at -@@ -1046,8 +1046,8 @@ FWD_START_TEST([rich rules priority]) - NFT_LIST_RULES([inet], [filter_IN_public_pre], 0, [dnl - table inet firewalld { - chain filter_IN_public_pre { -- ct state new,untracked meta mark 0x00000069 accept -- ct state new,untracked meta mark 0x00000066 accept -+ ct state new,untracked mark 0x00000069 accept -+ ct state new,untracked mark 0x00000066 accept - ip saddr 10.1.0.0/16 drop - } - } -@@ -1057,23 +1057,23 @@ FWD_START_TEST([rich rules priority]) - chain filter_IN_public_allow { - tcp dport 22 ct state new,untracked accept - ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept -- ct state new,untracked meta mark 0x00000064 accept -- ct state new,untracked meta mark 0x00000068 accept -+ ct state new,untracked mark 0x00000064 accept -+ ct state new,untracked mark 0x00000068 accept - } - } - ]) - NFT_LIST_RULES([inet], [filter_FWDI_public_pre], 0, [dnl - table inet firewalld { - chain filter_FWDI_public_pre { -- ct state new,untracked meta mark 0x0000006a accept -- ct state new,untracked meta mark 0x00000067 accept -+ ct state new,untracked mark 0x0000006a accept -+ ct state new,untracked mark 0x00000067 accept - } - } - ]) - NFT_LIST_RULES([inet], [filter_FWDI_public_allow], 0, [dnl - table inet firewalld { - chain filter_FWDI_public_allow { -- ct state new,untracked meta mark 0x00000065 accept -+ ct state new,untracked mark 0x00000065 accept - } - } - ]) -@@ -1094,16 +1094,16 @@ FWD_START_TEST([rich rules priority]) - NFT_LIST_RULES([ip], [nat_PRE_public_pre], 0, [dnl - table ip firewalld { - chain nat_PRE_public_pre { -- meta l4proto tcp meta mark 0x00000066 redirect to :80 -- meta l4proto tcp meta mark 0x00000067 dnat to 10.1.1.1:80 -+ meta l4proto tcp mark 0x00000066 redirect to :80 -+ meta l4proto tcp mark 0x00000067 dnat to 10.1.1.1:80 - } - } - ]) - NFT_LIST_RULES([ip], [nat_PRE_public_allow], 0, [dnl - table ip firewalld { - chain nat_PRE_public_allow { -- meta l4proto tcp meta mark 0x00000064 redirect to :22 -- meta l4proto tcp meta mark 0x00000065 dnat to 10.1.1.1:22 -+ meta l4proto tcp mark 0x00000064 redirect to :22 -+ meta l4proto tcp mark 0x00000065 dnat to 10.1.1.1:22 - } - } - ]) -@@ -1124,15 +1124,15 @@ FWD_START_TEST([rich rules priority]) - NFT_LIST_RULES([ip6], [nat_PRE_public_pre], 0, - [[table ip6 firewalld { - chain nat_PRE_public_pre { -- meta l4proto tcp meta mark 0x00000069 redirect to :99 -- meta l4proto tcp meta mark 0x0000006a dnat to [1234::4321]:9999 -+ meta l4proto tcp mark 0x00000069 redirect to :99 -+ meta l4proto tcp mark 0x0000006a dnat to [1234::4321]:9999 - } - } - ]]) - NFT_LIST_RULES([ip6], [nat_PRE_public_allow], 0, [dnl - table ip6 firewalld { - chain nat_PRE_public_allow { -- meta l4proto tcp meta mark 0x00000068 redirect to :90 -+ meta l4proto tcp mark 0x00000068 redirect to :90 - } - } - ]) -@@ -1151,19 +1151,19 @@ FWD_START_TEST([rich rules priority]) - NFT_LIST_RULES([inet], [mangle_PRE_public_pre], 0, [dnl - table inet firewalld { - chain mangle_PRE_public_pre { -- meta nfproto ipv6 tcp dport 999 meta mark set 0x00000069 -- meta nfproto ipv6 tcp dport 9999 meta mark set 0x0000006a -- meta nfproto ipv4 tcp dport 8888 meta mark set 0x00000066 -- meta nfproto ipv4 tcp dport 8080 meta mark set 0x00000067 -+ meta nfproto ipv6 tcp dport 999 mark set 0x00000069 -+ meta nfproto ipv6 tcp dport 9999 mark set 0x0000006a -+ meta nfproto ipv4 tcp dport 8888 mark set 0x00000066 -+ meta nfproto ipv4 tcp dport 8080 mark set 0x00000067 - } - } - ]) - NFT_LIST_RULES([inet], [mangle_PRE_public_allow], 0, [dnl - table inet firewalld { - chain mangle_PRE_public_allow { -- meta nfproto ipv4 tcp dport 222 meta mark set 0x00000064 -- meta nfproto ipv4 tcp dport 2222 meta mark set 0x00000065 -- meta nfproto ipv6 tcp dport 9090 meta mark set 0x00000068 -+ meta nfproto ipv4 tcp dport 222 mark set 0x00000064 -+ meta nfproto ipv4 tcp dport 2222 mark set 0x00000065 -+ meta nfproto ipv6 tcp dport 9090 mark set 0x00000068 - } - } - ])], [ -diff --git a/src/tests/functions.at b/src/tests/functions.at -index 9bb9aac30dee..080e44a73383 100644 ---- a/src/tests/functions.at -+++ b/src/tests/functions.at -@@ -250,9 +250,13 @@ m4_define([IP6TABLES_LIST_RULES], [ - ]) - - m4_define([NFT_LIST_RULES], [ -+ dnl nftables commit 6dd848339444 change list output to show "meta mark" -+ dnl instead of just "mark". -+ m4_define([NFT_LIST_RULES_NORMALIZE], [sed -e 's/meta mark/mark/g']) - m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ -- NS_CHECK([nft -nn list chain $1 firewalld $2 | TRIM_WHITESPACE], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) -+ NS_CHECK([nft -nn list chain $1 firewalld $2 | TRIM_WHITESPACE | NFT_LIST_RULES_NORMALIZE], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) - ]) -+ m4_undefine([NFT_LIST_RULES_NORMALIZE]) - ]) - - m4_define([IPSET_LIST_SET], [ --- -2.18.0 - diff --git a/SPECS/firewalld.spec b/SPECS/firewalld.spec index dde7d65..14a9d87 100644 --- a/SPECS/firewalld.spec +++ b/SPECS/firewalld.spec @@ -1,61 +1,39 @@ Summary: A firewall daemon with D-Bus interface providing a dynamic firewall Name: firewalld -Version: 0.6.3 -Release: 7%{?dist} +Version: 0.7.0 +Release: 5%{?dist} URL: http://www.firewalld.org License: GPLv2+ -Source0: https://github.com/firewalld/firewalld/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz +Source0: https://github.com/firewalld/firewalld/releases/download/v%{version}/firewalld-%{version}.tar.gz Patch1: RHEL-only-0001-Add-cockpit-by-default-to-some-zones.patch -Patch2: 0001-config-lockdown-whitelist-Don-t-auto-add-Es-to-inter.patch -Patch3: 0003-ipXtables-nftables-Fix-object-has-no-attribute-_log_.patch -Patch4: 0004-tests-regression-rhbz1571957-exercise-log-denied-bro.patch -Patch5: 0005-rich-rules-fix-mark-action.patch -Patch6: 0006-update-translations.patch -Patch7: 0007-services-steam-streaming-update-udp-ports.patch -Patch8: 0008-nftables-fix-panic-mode-not-filtering-output-packets.patch -Patch9: 0009-fw_zone-fix-rich-rule-masquerading.patch -Patch10: 0010-fw_zone-fix-IPv6-rich-rule-forward-port-without-toad.patch -Patch11: 0011-nftables-fix-rich-rule-masquerade.patch -Patch12: 0012-nftables-fix-ipv6-rich-rule-forward-ports.patch -Patch13: 0013-ipset-fix-set-apply-if-IndividualCalls-yes.patch -Patch14: 0014-tests-regression-rhbz1601610-modify-test-to-satisfy-.patch -Patch15: firewalld-0.7-0001-Add-FlushAllOnReload-config-option.patch -Patch16: firewalld-0.7-0002-fw-on-reload-retain-interfaces-from-NetworkManager.patch -Patch17: firewalld-0.7-0017-nftables-build-rule_key-properly-for-delete-verb.patch -Patch18: firewalld-0.7-0018-nftables-Use-index-for-ICMP-block-inversion-rules.patch -Patch19: firewalld-0.7-0019-rich-add-support-for-rule-priorities.patch -Patch20: firewalld-0.7-0020-firewalld.richlanguage-document-priority-value.patch -Patch21: firewalld-0.7-0021-rich-rules-allow-catch-all-rules.patch -Patch22: firewalld-0.7-0022-rich-rules-allow-catch-all-log-rules.patch -Patch23: firewalld-0.7-0023-firewall-config-support-rich-rule-priorities.patch -Patch24: firewalld-0.7-0024-nftables-support-rich-rule-priorities.patch -Patch25: firewalld-0.7-0025-ipXtables-support-rich-rule-priorities.patch -Patch26: firewalld-0.7-0026-command-sort-rich-rule-output-by-priority.patch -Patch27: firewalld-0.7-0027-tests-functions-increase-firewalld-debug-level.patch -Patch28: firewalld-0.7-0028-tests-functions-implement-a-better-m4_strip.patch -Patch29: firewalld-0.7-0029-tests-functions-m4_strip-expected-output.patch -Patch30: firewalld-0.7-0030-tests-functions-for-list-macros-skip-if-testing-fire.patch -Patch31: firewalld-0.7-0031-tests-firewall-cmd-remove-redundant-checks-for-TESTI.patch -Patch32: firewalld-0.7-0032-tests-firewall-cmd-add-test-coverage-for-rich-rules-.patch -Patch33: firewalld-0.7-0033-treewide-shorten-rich-rule-chain-suffix.patch -Patch34: firewalld-0.7-0034-tests-functions-normalize-nft-list-rule-output.patch -Patch35: RHEL-only-0001-tests-firewall-cmd-fix-rich-rule-priority-test.patch -Patch36: firewalld-0.7-0001-fw-On-reload-when-restoring-NM-interfaces-also-consi.patch -Patch37: 0001-nftables-Allow-interfaces-with-wildcards.patch -Patch38: 0002-tests-firewall-cmd-Coverage-for-interface-wildcardin.patch -Patch39: 0003-tests-functions-normalize-ebtables-inversion-output.patch -Patch40: 0004-ipXtables-simplify-rpfilter-rule-generation.patch -Patch41: firewalld-0.7-0001-nftables-rpfilter-collapse-log-and-drop-into-same-ru.patch -Patch42: firewalld-0.7-0002-Add-RFC3964_IPv4-config-option.patch -Patch43: firewalld-0.7-0003-nftables-support-RFC3964_IPv4-filtering.patch -Patch44: firewalld-0.7-0004-ipXtables-support-RFC3964_IPv4-filtering.patch -Patch45: firewalld-0.7-0005-fw-enable-RFC3964_IPv4-support.patch -Patch46: firewalld-0.7-0006-test-functions-Strip-nft-hook-and-policy-from-output.patch -Patch47: firewalld-0.7-0007-tests-add-new-group-features.patch -Patch48: firewalld-0.7-0008-tests-features-add-coverage-for-RFC3964_IPv4.patch -Patch49: firewalld-0.7-0001-nftables-move-OUR_CHAINS-inside-the-class.patch -Patch50: firewalld-0.7-0002-ipXtables-Avoid-inserting-rules-with-index.patch -Patch51: firewalld-0.7-0003-RFC3964_IPv4-Use-filter-table-instead-of-raw.patch +Patch2: 0001-fix-src-test-Makefile-use-wildcard-in-variable-expan.patch +Patch3: 0002-fix-CLI-show-service-includes-with-info-service.patch +Patch4: 0003-fix-tests-always-list-rules-using-macros.patch +Patch5: 0004-test-new-macro-PIPESTATUS0.patch +Patch6: 0005-test-use-PIPESTATUS0-in-LIST-macros.patch +Patch7: 0006-fix-test-features-rfc3964_ipv4-use-return-code-not-o.patch +Patch8: 0007-test-new-macro-CHECK_MODULE_PROTO_GRE.patch +Patch9: 0008-fix-test-regression-pr323-skip-if-GRE-module-doesn-t.patch +Patch10: 0009-test-service-coverage-for-import-from-file.patch +Patch11: 0010-fix-dbus-fix-service-API-break.patch +Patch12: 0011-fix-dbus-add-missing-APIs-for-service-includes.patch +Patch13: 0012-fix-tests-functions-use-gdbus-instead-of-dbus-send.patch +Patch14: 0013-test-functions-add-CHOMP-macro-for-shell-output.patch +Patch15: 0014-test-functions-add-macro-DBUS_INTROSPECT.patch +Patch16: 0015-test-dbus-service-API-coverage.patch +Patch17: 0016-fix-dbus-new-dict-based-APIs-for-services.patch +Patch18: 0017-test-dbus-coverage-for-new-service-APIs.patch +Patch19: 0018-fix-client-service-use-dict-based-dbus-APIs.patch +Patch20: 0019-fix-firewall-offline-cmd-service-use-dict-based-APIs.patch +Patch21: 0020-fix-direct-removeRules-was-mistakenly-removing-all-r.patch +Patch22: 0021-test-coverage-for-rhbz-1723610-and-gh-385.patch +Patch23: 0022-fix-tests-regression-rhbz1723610-make-output-reliabl.patch +Patch24: 0023-fix-tests-regression-rhbz1723610-avoid-calling-IPv6-.patch +Patch25: 0024-fix-guarantee-zone-source-dispatch-is-sorted-by-zone.patch +Patch26: 0025-test-verify-source-based-zone-dispatch-ordered-by-zo.patch +Patch27: 0026-fix-test-regression-rhbz1734765-guard-IPv6-usage.patch +Patch28: 0027-fix-nftables-fix-zone-dispatch-using-ipset-sources-i.patch +Patch29: 0028-test-regression-rhbz1734765-add-coverage-for-rhbz-17.patch BuildArch: noarch BuildRequires: autoconf @@ -70,9 +48,9 @@ BuildRequires: docbook-style-xsl BuildRequires: libxslt BuildRequires: iptables, ebtables, ipset BuildRequires: python3-devel -BuildRequires: nftables +BuildRequires: nftables >= 0.9.0-13 Requires: iptables, ebtables, ipset -Requires: nftables +Requires: nftables >= 0.9.0-13 Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -140,12 +118,11 @@ firewalld. %prep %autosetup -p1 +# must autogen since a patch above touched a Makefile.am ./autogen.sh %build %configure --enable-sysconfig --enable-rpmmacros PYTHON="%{__python3} %{py3_shbang_opts}" -# Enable the make line if there are patches affecting man pages to -# regenerate them make %{?_smp_mflags} %install @@ -175,6 +152,8 @@ desktop-file-install --delete-original \ %{_bindir}/firewall-offline-cmd %dir %{_datadir}/bash-completion/completions %{_datadir}/bash-completion/completions/firewall-cmd +%dir %{_datadir}/zsh/site-functions +%{_datadir}/zsh/site-functions/_firewalld %{_prefix}/lib/firewalld/icmptypes/*.xml %{_prefix}/lib/firewalld/ipsets/README %{_prefix}/lib/firewalld/services/*.xml @@ -191,7 +170,7 @@ desktop-file-install --delete-original \ %defattr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/firewalld %{_unitdir}/firewalld.service -%config(noreplace) %{_sysconfdir}/dbus-1/system.d/FirewallD.conf +%config(noreplace) %{_datadir}/dbus-1/system.d/FirewallD.conf %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.desktop.policy.choice %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.server.policy.choice %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy @@ -232,10 +211,10 @@ desktop-file-install --delete-original \ %{_rpmconfigdir}/macros.d/macros.firewalld %files -n firewall-applet +%attr(0755,root,root) %dir %{_sysconfdir}/firewall %{_bindir}/firewall-applet %defattr(0644,root,root) %{_sysconfdir}/xdg/autostart/firewall-applet.desktop -%dir %{_sysconfdir}/firewall %{_sysconfdir}/firewall/applet.conf %{_datadir}/icons/hicolor/*/apps/firewall-applet*.* %{_mandir}/man1/firewall-applet*.1* @@ -253,6 +232,22 @@ desktop-file-install --delete-original \ %{_mandir}/man1/firewall-config*.1* %changelog +* Tue Aug 13 2019 Eric Garver - 0.7.0-5 +- bump nftables version requirements + +* Tue Aug 06 2019 Eric Garver - 0.7.0-4 +- backport patches to sort source-based zone dispatch by zone name + +* Tue Jul 23 2019 Eric Garver - 0.7.0-3 +- backport patch to show service includes in service output +- backport patches to fix dbus API break + +* Thu Jun 13 2019 Eric Garver - 0.7.0-2 +- package rebuild + +* Wed Jun 12 2019 Eric Garver - 0.7.0-1 +- rebase to v0.7.0 + * Sun Jan 13 2019 Eric Garver - 0.6.3-7 - backport additional patches for RFC3964_IPv4 filter feature