diff --git a/0001-firewall-backend-Switch-default-backend-to-iptables.patch b/0001-firewall-backend-Switch-default-backend-to-iptables.patch index bb0ca3c..3179681 100644 --- a/0001-firewall-backend-Switch-default-backend-to-iptables.patch +++ b/0001-firewall-backend-Switch-default-backend-to-iptables.patch @@ -1,7 +1,8 @@ -diff -burNE firewalld-0.7.4_orig/config/firewalld.conf firewalld-0.7.4/config/firewalld.conf ---- firewalld-0.7.4_orig/config/firewalld.conf 2020-04-03 09:45:04.363964087 +0200 -+++ firewalld-0.7.4/config/firewalld.conf 2020-04-03 09:45:21.495215479 +0200 -@@ -53,9 +53,9 @@ +Index: firewalld-0.8.3/config/firewalld.conf +=================================================================== +--- firewalld-0.8.3.orig/config/firewalld.conf ++++ firewalld-0.8.3/config/firewalld.conf +@@ -43,9 +43,9 @@ LogDenied=off # FirewallBackend # Selects the firewall backend implementation. # Choices are: @@ -14,9 +15,10 @@ diff -burNE firewalld-0.7.4_orig/config/firewalld.conf firewalld-0.7.4/config/fi # FlushAllOnReload # Flush all runtime rules on a reload. In previous releases some runtime -diff -burNE firewalld-0.7.4_orig/doc/xml/firewalld.conf.xml firewalld-0.7.4/doc/xml/firewalld.conf.xml ---- firewalld-0.7.4_orig/doc/xml/firewalld.conf.xml 2020-04-03 09:45:05.071933150 +0200 -+++ firewalld-0.7.4/doc/xml/firewalld.conf.xml 2020-04-03 09:45:21.499215305 +0200 +Index: firewalld-0.8.3/doc/xml/firewalld.conf.xml +=================================================================== +--- firewalld-0.8.3.orig/doc/xml/firewalld.conf.xml ++++ firewalld-0.8.3/doc/xml/firewalld.conf.xml @@ -149,8 +149,8 @@ @@ -28,13 +30,14 @@ diff -burNE firewalld-0.7.4_orig/doc/xml/firewalld.conf.xml firewalld-0.7.4/doc/ firewalld primitives. The only exception is direct and passthrough rules which always use the traditional iptables, ip6tables, and ebtables backends. -diff -burNE firewalld-0.7.4_orig/src/firewall/config/__init__.py.in firewalld-0.7.4/src/firewall/config/__init__.py.in ---- firewalld-0.7.4_orig/src/firewall/config/__init__.py.in 2020-04-03 09:45:05.367920215 +0200 -+++ firewalld-0.7.4/src/firewall/config/__init__.py.in 2020-04-03 09:45:21.503215130 +0200 -@@ -128,7 +128,7 @@ +Index: firewalld-0.8.3/src/firewall/config/__init__.py.in +=================================================================== +--- firewalld-0.8.3.orig/src/firewall/config/__init__.py.in ++++ firewalld-0.8.3/src/firewall/config/__init__.py.in +@@ -127,7 +127,7 @@ FALLBACK_IPV6_RPFILTER = True FALLBACK_INDIVIDUAL_CALLS = False FALLBACK_LOG_DENIED = "off" - FALLBACK_AUTOMATIC_HELPERS = "system" + FALLBACK_AUTOMATIC_HELPERS = "no" -FALLBACK_FIREWALL_BACKEND = "nftables" +FALLBACK_FIREWALL_BACKEND = "iptables" FALLBACK_FLUSH_ALL_ON_RELOAD = True diff --git a/_service b/_service deleted file mode 100644 index 8cb04dd..0000000 --- a/_service +++ /dev/null @@ -1,17 +0,0 @@ - - - https://github.com/firewalld/firewalld - git - firewalld - @PARENT_TAG@ - v(.*) - v0.7.5 - enable - - - - *.tar - xz - - - diff --git a/_servicedata b/_servicedata deleted file mode 100644 index f7cd6be..0000000 --- a/_servicedata +++ /dev/null @@ -1,4 +0,0 @@ - - - https://github.com/firewalld/firewalld - 7c900054e5293c4c569e3da5def7700045290753 \ No newline at end of file diff --git a/firewalld-0.7.5.obscpio b/firewalld-0.7.5.obscpio deleted file mode 100644 index 158f202..0000000 --- a/firewalld-0.7.5.obscpio +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c6c7b2fdc002b90a30f6d085fdfbbd9068e7c0bb5d2fd9ccc24583c5c256926e -size 7351309 diff --git a/firewalld-0.9.0.tar.gz b/firewalld-0.9.0.tar.gz new file mode 100644 index 0000000..fcd864d --- /dev/null +++ b/firewalld-0.9.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7cfbf8a33f726151e60c07486af0921fa05cbbab097adf90ec1caef37b49d9a0 +size 2007954 diff --git a/firewalld.changes b/firewalld.changes index 929900e..9573c2d 100644 --- a/firewalld.changes +++ b/firewalld.changes @@ -1,3 +1,67 @@ +------------------------------------------------------------------- +Wed Sep 9 14:47:20 UTC 2020 - Michał Rostecki + +- Add python3-nftables as a requirement. + +------------------------------------------------------------------- +Fri Sep 4 16:10:06 UTC 2020 - Callum Farmer + +- update to 0.9.0: + * New major features + * prevention of Zone Drifting + * Intra Zone Forwarding + * Policy Objects + * For a full list of changes, see + https://github.com/firewalld/firewalld/compare/v0.8.0...v0.9.0 + +------------------------------------------------------------------- +Sun Aug 16 17:09:43 UTC 2020 - Dirk Mueller + +- update to 0.8.3: + * nftables: convert to libnftables JSON interface + * service: new “helper” element to replace “module” More accurately represents the conntrack helper. Deprecates “module”. + * allow custom helpers using standard helper modules (rhbz 1733066) + * testsuite is now shipped in the dist tarball + * Typo in firewall-config(1) + * Fix typo in TFTP service description + * doc: README: add note about language translations + * fix: rich: source/dest only matching with mark action + * feat: AllowZoneDrifting config option + * feat: nftables: support AllowZoneDrifting=yes + * feat: ipXtables: support AllowZoneDrifting=yes + * fix: firewall-offline-cmd: Don’t print warning about AllowZoneDrifting + * fix: add logrotate policy + * doc: direct: add CAVEATS section + * fix: checkIP6: strip leading/trailing square brackets + * fix: nftables: remove square brackets from IPv6 addresses + * fix: ipXtables: remove square brackets from IPv6 addresses + * fix: nftables: ipset types using “port” + * fix: nftables: zone dispatch with multidimensional ipsets + * fix: ipset: destroy runtime sets on reload/stop + * fix: port: support querying sub ranges + * fix: source_port: support querying sub ranges + * doc: specify accepted characters for object names + * fix: doc: address copy/paste mistakes in short/description + * fix: configure: atlocal: quote variable values + * fix: nftables: allow set intervals with concatenations + * doc: clarify –set-target values “default” vs “reject” + * fix: update dynamic DCE RPC ports in freeipa-trust service + * fix: nftables: ipset: port ranges for non-default protocols + * fix(systemd): Conflict with nftables.service + * fix(direct): rule in a zone chain + * fix(client): addService needs to reduce tuple size + * fix(doc): dbus: signatures for zone tuple based APIs + * fix(config): bool values in dict based import/export + * fix(dbus): service: don’t cleanup config for old set APIs + * fix(ipset): flush the set if IndividiualCalls=yes + * fix(firewall-offline-cmd): remove instances of “[P]” in help text + * fix(rich): source mac with nftables backend + * docs: replace occurrences of the term blacklist with denylist + * fix: core: rich: Catch ValueError on non-numeric priority values + * docs(README): add libxslt for doc generation + * fix(cli): add –zone is an invalid option with –direct + * fix(cli): add ipset type hash:mac is incompatible with the family parameter + ------------------------------------------------------------------- Wed Aug 12 13:48:37 UTC 2020 - mrostecki@suse.com diff --git a/firewalld.obsinfo b/firewalld.obsinfo deleted file mode 100644 index b2bfe94..0000000 --- a/firewalld.obsinfo +++ /dev/null @@ -1,5 +0,0 @@ -name: firewalld -version: 0.7.5 -mtime: 1593546094 -commit: 7c900054e5293c4c569e3da5def7700045290753 - diff --git a/firewalld.spec b/firewalld.spec index 1a48378..cd95631 100644 --- a/firewalld.spec +++ b/firewalld.spec @@ -21,13 +21,13 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: firewalld -Version: 0.7.5 +Version: 0.9.0 Release: 0 Summary: A firewall daemon with D-Bus interface providing a dynamic firewall License: GPL-2.0-or-later Group: Productivity/Networking/Security Url: http://www.firewalld.org -Source: %{name}-%{version}.tar.xz +Source: https://github.com/firewalld/firewalld/releases/download/v%{version}/firewalld-%{version}.tar.gz Patch0: 0001-firewall-backend-Switch-default-backend-to-iptables.patch BuildRequires: autoconf @@ -55,6 +55,7 @@ Requires: iptables Requires: logrotate Requires: nftables Requires: python3-firewall = %{version} +Requires: python3-nftables Requires: sysconfig Requires(post): %fillup_prereq Suggests: susefirewall2-to-firewalld @@ -217,11 +218,13 @@ fi %dir %{_prefix}/lib/firewalld/services %dir %{_prefix}/lib/firewalld/zones %dir %{_prefix}/lib/firewalld/helpers +%dir %{_prefix}/lib/firewalld/policies %{_prefix}/lib/firewalld/icmptypes/*.xml %{_prefix}/lib/firewalld/ipsets/README %{_prefix}/lib/firewalld/services/*.xml %{_prefix}/lib/firewalld/zones/*.xml %{_prefix}/lib/firewalld/helpers/*.xml +%{_prefix}/lib/firewalld/policies/*.xml %{_datadir}/polkit-1 %dir %{_datadir}/dbus-1 %dir %{_datadir}/dbus-1/system.d @@ -236,6 +239,7 @@ fi %attr(0750,root,root) %dir %{_sysconfdir}/firewalld/zones %attr(0750,root,root) %dir %{_sysconfdir}/firewalld/ipsets %attr(0750,root,root) %dir %{_sysconfdir}/firewalld/helpers +%attr(0750,root,root) %dir %{_sysconfdir}/firewalld/policies %{_unitdir}/firewalld.service %{_fillupdir}/sysconfig.%{name} %{_datadir}/dbus-1/system.d/FirewallD.conf