pool/firewalld
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
210 Commits 1 Branch 0 Tags 3 MiB
factory
Commit Graph

118 Commits

Author SHA256 Message Date
OBS User buildservice-autocommit
d279922d6f auto commit by copy to link target 
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=167
 2024-06-28 13:46:36 +00:00
OBS User buildservice-autocommit
c682aad0cd Updating link to change in openSUSE:Factory/firewalld revision 90 
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=24ccace324433bf535594eb60b7cc607
 2024-06-28 13:46:36 +00:00
Robert Frohl
8d2a8105d7 - remove dependency on /usr/bin/python3 using 
%python3_fix_shebang macro, [bsc#1212476]

OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=166
 2024-06-25 10:57:26 +00:00
Robert Frohl
63bdde2228 Accepting request 1176756 from home:dimstar:Factory 
- Keep English 'translations' (en_US, en_GB) in the main package:
  do not force the lang package on plain English systems.

OBS-URL: https://build.opensuse.org/request/show/1176756
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=164
 2024-05-27 12:00:10 +00:00
Robert Frohl
e6f55ec60e Accepting request 1172979 from home:dirkmueller:Factory 
- update to 2.1.2:
  * fix(policy): allow forward ports w/ to-addr for egress-
    zone=HOST
  * fix(rich): fix range check for large rule limit
  * fix(tests): fix skip detection in fw-in-container environment

  * fix(nm): release NM client after a timeout (d534f07)
- python3-dbus isn't correct either, it's python3-dbus-python.
- Correct Requires, python3-slip-dbus -> python3-dbus.
- fix(cli): all --list-all-zones output identical (boo#1213609)
    changes.
    https://github.com/firewalld/firewalld/releases/tag/v2.0.0
- Always own %_modprobedir (bsc#1196275, jsc#SLE-20639)
  - ipset, ebtables and iptables are purely optional and deprecated,
- Replace references to /var/adm/fillup-templates with new
  * 0001-firewall.core.fw_ipset-get_ipset-may-not-ckeck-if-se.patch
  * 0001-firewall.core.fw_ipset-get_ipset-may-not-ckeck-if-se.patch

OBS-URL: https://build.opensuse.org/request/show/1172979
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=162
 2024-05-21 13:11:06 +00:00
Mohd Saquib
2994173908 Accepting request 1142599 from home:msaquib:branches:security:netfilter 
- update to 2.1.1:
  * fix(offline-cmd): use family when creating ipset (64f78a9)
  * fix(firewall-config): allow rich rule forwarded ports to be logged (d46ea62)
  * fix(ipXtables): log forwarded ports only (07dc202)
  * fix(nftables): log forwarded ports (5c26b73)
  * fix(io.ipset): raise exception if entries exceed limit (a2da5fb)
  * fix(policy): ipXtables: multiple policies using same zone (b6f2f09)
  * fix(policy): dispatch update for active policies (7f6f0e2)

OBS-URL: https://build.opensuse.org/request/show/1142599
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=160
 2024-01-29 17:11:03 +00:00
Mohd Saquib
d2da4cedb0 Accepting request 1137493 from home:msaquib:branches:security:netfilter 
- update to 2.1.0:
  * eat(service): add DNS over QUIC (DoQ) Service (5130430)
  * feat(icmp): add ICMPv6 Multicast Listener Discovery (MLD) types (dd88bbf)
  * feat(fw): add ReloadPolicy option in firewalld.conf (0019371)
  * feat(service): add submission service (tcp 587) (d6a9561)
  * feat(service): Add alvr (3a92358)
  * feat(service): add vrrp (d62fc8d)
  [* Renamed patch 0002-Disable-FlushAllOnReload-option.patch to
     0001-Disable-FlushAllOnReload-option.patch
  [* Renamed patch firewalld-runstatedir.patch to 0002-firewalld-runstatedir.patch]

OBS-URL: https://build.opensuse.org/request/show/1137493
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=158
 2024-01-08 08:29:12 +00:00
Mohd Saquib
2f305546a6 Accepting request 1129725 from home:msaquib:branches:security:netfilter 
- update to 2.0.2:
  * fix(policy): runtime dispatch update if *-zone=ANY (e8b9637)
  * fix(nm): release NM client after a timeout (d534f07)

OBS-URL: https://build.opensuse.org/request/show/1129725
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=156
 2023-11-29 07:21:58 +00:00
Mohd Saquib
696e343d98 Accepting request 1114900 from home:msaquib:branches:security:netfilter 
- update to 2.0.1:
  * fix(cli): all --list-all-zones output identical (d30bc61)
  * fix(cli): properly show default zone attribute (ea8d9a8)
  * fix(cli): properly show active attribute for zones and policies (b202403)
  * fix(cli): --get-active-zones should include the default zone (dae9112)
  * fix(nftables): always flush main table on start (cd20981)
  * fix(runtimeToPermanent): deepcopy settings before mangling (9c53639)
  * docs: fix reference to lockdown-whitelist.xml in SYNOPSIS section (1c77205)
  * fix(firewall-config): escape markup stored in bindings store (c876fd0)
  * fix(tests): avoid deprecated assertRaisesRegexp for assertRaisesRegex (2935119)
  * fix(icmp): fix check_icmpv6_name() to use correct IPv6 names (af3c35b)
  * fix(ipset): fix configuring IP range for ipsets with nftables (6a050ec)
  * fix(ipset): fix configuring "timeout","maxelem" values for ipsets with nftables (7d3340c)
  * fix(core): fix exception while parsing invalid "tcp-mss-clamp" in policy (ff61209)
  * docs(policy): fix wrong documentation of in man firewalld.policy (21026d9)
- removed following patch:
  [- fix_list_all_zones_output.patch]

OBS-URL: https://build.opensuse.org/request/show/1114900
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=154
 2023-10-03 06:46:08 +00:00
Mohd Saquib
3aec93e256 Accepting request 1113321 from home:StevenK:branches:security:netfilter 
- python3-dbus isn't correct either, it's python3-dbus-python.

OBS-URL: https://build.opensuse.org/request/show/1113321
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=152
 2023-09-25 05:39:28 +00:00
Mohd Saquib
b4fe948076 Accepting request 1112692 from home:StevenK:branches:security:netfilter 
- Correct Requires, python3-slip-dbus -> python3-dbus.

OBS-URL: https://build.opensuse.org/request/show/1112692
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=151
 2023-09-21 07:54:25 +00:00
Mohd Saquib
2ec7c43968 Accepting request 1105432 from home:msaquib:branches:security:netfilter 
- fix(cli): all --list-all-zones output identical (boo#1213609) 
  [+ fix_list_all_zones_output.patch]

OBS-URL: https://build.opensuse.org/request/show/1105432
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=149
 2023-08-23 08:21:51 +00:00
Mohd Saquib
9bdb6d4a6f Accepting request 1095078 from home:msaquib:branches:security:netfilter 
- update to version 2.0.0:
  * This is a major release. The major version is being bumped symbolically
    to reflect significant changes done in commit f4d2b80 ("fix(policy):
    disallow zone drifting"). It does not contain any deliberate breaking
    changes. 
  * Complete changelog:
    https://github.com/firewalld/firewalld/releases/tag/v2.0.0

OBS-URL: https://build.opensuse.org/request/show/1095078
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=147
 2023-06-24 15:10:37 +00:00
Mohd Saquib
698d019100 Accepting request 1093235 from home:msaquib:branches:security:netfilter 
- update to 1.3.3:
  * fix(reload): restore policy for old backend if it changed (de85849)
  * fix(io): rich: tcp mss: handle value=None (8016f10)
  * fix(firewall-config): rich: set destination address (f6641a9)
  * fix(policy): mixed IP families in ingress/egress (69ed4d6)

OBS-URL: https://build.opensuse.org/request/show/1093235
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=145
 2023-06-15 07:53:32 +00:00
Callum Farmer
e945f49835 Accepting request 1087467 from home:gmbr3:Active 
- Add firewalld-runstatedir.patch: change pid file location from
  /var/run to /run

OBS-URL: https://build.opensuse.org/request/show/1087467
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=143
 2023-05-16 20:04:59 +00:00
Mohd Saquib
b09aab8023 Accepting request 1082733 from home:msaquib:branches:security:netfilter 
update to version 1.3.2

OBS-URL: https://build.opensuse.org/request/show/1082733
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=141
 2023-04-25 11:30:15 +00:00
Mohd Saquib
f978c8b5bd Accepting request 1080030 from home:msaquib:branches:security:netfilter 
- update to 1.3.1:
  * fix(fw_nm): use IP interface names for connection lookup (18c8b81)
  * fix(fw_policy): raise exceptions (5ae9322)
  * fix(service): include: when used with rich rule (986f0be)
  * fix(nftables): rich: log: limit was not taking effect (0dc0575)
  * fix(build): rpm must build all as prerequisite (6896748)
  * fix: use error codes for FirewallError instances (370e5f2)
  * fix(ipset): chunk entries when restoring set (8a88855)
  * fix(applet): allows using KDE network connection editor (29c8ef6)

OBS-URL: https://build.opensuse.org/request/show/1080030
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=139
 2023-04-18 03:33:16 +00:00
Callum Farmer
430d717ca5 Accepting request 1056417 from home:gmbr3:Active 
- update to 1.3.0:
  * feat(service): add Warpinator
  * feat(dbus): reset to default settings
  * feat(service): add bareos-director bareos-filedaemon
    bareos-storage
  * feat(policy): masquerade: allow ingress zone to have interface
  * feat(service): add Nebula service
  * feat(service): add Ceph Prometheus exporter
  * feat(service): add OMG DDS service definition
  * feat(service): add llmnr-client service
  * feat(service): add ps2link service
  * feat(service): add definition for syncthing-relay

OBS-URL: https://build.opensuse.org/request/show/1056417
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=137
 2023-01-06 15:16:49 +00:00
Callum Farmer
c577c7773e Accepting request 1040022 from home:dirkmueller:Factory 
- update to 1.2.2:
  * fix(client): raise exception (40a473b)
  * fix(nftables): raise exception (a4b82cc)
  * fix(nftables): invalid conditional statement (e9ca0ad)
  * fix(check_config): use on disk firewalld_conf (d141d6d)
  * fix(service): llmnr: improve description (d233698)
  * Revert "feat(service): Add jellyfin service" (ea154d5)

OBS-URL: https://build.opensuse.org/request/show/1040022
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=135
 2022-12-05 15:44:43 +00:00
Callum Farmer
e903c070c1 Accepting request 1033086 from home:polslinux:branches:security:netfilter 
- Update to 1.2.1:
  * fix(modules): don't error if /proc/modules is missing (a1f091d)
  * fix(readme): format optional <ver> (03e61f2)
  * docs: add protocols to rich and zones (191cea4)
  * docs(policy): add priority attribute to rule (616ed7c)
  * fix(runtimeToPermanent): errors for interfaces not in zone (6b5a70b)
  * fix(failsafe): log exception on fatal failure (af1b8f0)
  * fix(ipset): defer native ipset creation if nftables (ae0ded4)
  * fix(nftables): drop invalid packets before zone dispatch (dc972ae)
  * fix(iptables): drop invalid packets before zone dispatch (83a4608)
  * fix(policies): Splitting interfaces with wildcards (3806e79)
  * fix(ipset): exception on overlap checking empty set (bfe827f)
  * fix(bash): fix ipset commands autocompletion (742669b)
  * docs(README): fix typo (e40b100)
  * fix(treewide): misc typos (d121f0c)
  * fix: firewalld.conf: trim trailing whitespace (21809ed)

OBS-URL: https://build.opensuse.org/request/show/1033086
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=133
 2022-11-04 19:21:10 +00:00
Callum Farmer
aba3e0a056 Accepting request 1000602 from home:schubi2 
- Migration to /usr/etc: Saving user changed configuration files
  in /etc and restoring them while an RPM update.

OBS-URL: https://build.opensuse.org/request/show/1000602
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=131
 2022-09-01 08:10:40 +00:00
Marcus Meissner
2d03b1f242 - readd ebtables too, as there is no builtin support. 
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=129
 2022-08-02 09:19:49 +00:00
Marcus Meissner
1a47df9e35 - readd ipset buildrequires to reenable ipset support (bsc#1202043) 
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=128
 2022-08-02 09:18:12 +00:00
Marcus Meissner
a278031fad - readd iptables requires, as docker uses iptables passthrough 
currently, which calls into iptables (bsc#1201836)

OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=127
 2022-07-25 13:54:24 +00:00
Robert Frohl
50c2870672 Accepting request 989113 from home:trenn:branches:security:netfilter 
- Also remove ipset, ebtables and iptables from the BuildRequires
  list (compare with change from 2022-03-03 - Thorsten Kukuk <kukuk@suse.com>)

OBS-URL: https://build.opensuse.org/request/show/989113
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=126
 2022-07-15 06:25:55 +00:00
Callum Farmer
949bf0320d Accepting request 986625 from home:gmbr3:Active 
- Update to 1.2.0:
  * feat(firewalld): add new --log-target parameter
  * feat(service): add snmptls, snmptls-trap services
  * feat(service): add IPFS service
  * feat(fw): startup failsafe
  * feat(service): Add kubelet-readonly
  * feat(service): Add secure version of k8s controller-plane components
  * feat(bash): completion of policy-related commands
  * feat(service): add prometheus node-exporter
  * feat(service): add Kodi JSON-RPC and EventServer services

OBS-URL: https://build.opensuse.org/request/show/986625
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=125
 2022-07-04 11:07:28 +00:00
Callum Farmer
d3f927f0c8 Accepting request 984147 from home:schubi2 
- Moved logrotate files from user specific directory /etc/logrotate.d
  to vendor specific directory /usr/etc/logrotate.d.

OBS-URL: https://build.opensuse.org/request/show/984147
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=124
 2022-06-21 18:20:51 +00:00
Callum Farmer
09d5965ce8 Accepting request 966067 from home:gmbr3:Active 
- Update to 1.1.1:
  * fix(build): oci: use centos:stream8 instead of ubi:8
  * fix(functions): --check-config fails if direct.xml exists
  * fix(build): oci: use dbus inside the container
  * docs(README): add note about container host integration
  * docs: typo fixes

OBS-URL: https://build.opensuse.org/request/show/966067
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=123
 2022-03-30 17:10:59 +00:00
Michał Rostecki
de4b94d2a0 Accepting request 962711 from home:witekbedyk:branches:security:netfilter 
- Provide dummy firewalld-prometheus-config package (bsc#1197042)

This is to prevent file conflicts between Firewalld and Prometheus packages in case Prometheus package is built on a different system than the target one (as it is the case for SUSE Manager).

OBS-URL: https://build.opensuse.org/request/show/962711
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=122
 2022-03-22 16:26:21 +00:00
Callum Farmer
ceb14b7b7e Accepting request 960050 from home:mwilck:modprobe.d 
- Add code for safe modprobe.d migration
  (https://en.opensuse.org/openSUSE:Packaging_UsrEtc)
- Always own %_modprobedir (bsc#1196275, jsc#SLE-20639)

OBS-URL: https://build.opensuse.org/request/show/960050
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=121
 2022-03-09 09:11:22 +00:00
Callum Farmer
b31285ff7d Accepting request 959442 from home:kukuk:container 
- Fix modprobe.d directory for SLE15 SP3
- Cleanup dependencies:
  - ipset, ebtables and iptables are purely optional and deprecated, 
    so don't require them
  - sysconfig is not needed at all
  - Don't hard require systemd, we don't have and need that in containers

OBS-URL: https://build.opensuse.org/request/show/959442
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=120
 2022-03-04 13:25:06 +00:00
Callum Farmer
098c192bd5 Accepting request 957778 from home:gmbr3:Active 
- Update to 1.1.0:
  * feat(service): Add jellyfin service
  * feat(policy): support OUTPUT forward ports
  * feat: config check improvements
  * feat(service): add http3
  * feat(service): add service definition for WS-Discovery Client
  * feat(service): add service definition for WS-Discovery
  * feat(service): add service definition for AFP
  * feat(rich): Support nflog target and add log attribute
    errors/checks
  * feat(service): add ZeroTier service

OBS-URL: https://build.opensuse.org/request/show/957778
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=119
 2022-02-26 14:37:46 +00:00
Callum Farmer
f92eed8643 Accepting request 946415 from home:gmbr3:Active 
- Update to 1.0.3:
  * fix(io): _check_config() expects a dict
  * feat(build): distribute an OCI container image
  * fix(ipset): reduce cost of entry overlap detection

OBS-URL: https://build.opensuse.org/request/show/946415
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=118
 2022-01-14 13:02:36 +00:00
Michał Rostecki
e6ddad9a48 Accepting request 932169 from home:mrostecki:branches:security:netfilter 
- Update to 1.0.2:
  * fix(firewalld): check capng_apply() return code
  * fix(nftables): do not log icmp block if inversion
  * fix(nftables): rich: source address with netmask
  * fix(fw_config): zone: on rename remove then add
  * fix(io/functions): check_config against on disk conf
  * fix(zone): detect same source/interface in zones
  * docs(policy): fix typos
  * docs(policies): fix typos

OBS-URL: https://build.opensuse.org/request/show/932169
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=117
 2021-11-18 10:10:37 +00:00
Michał Rostecki
6c5a600340 Accepting request 921449 from home:gmbr3:Active 
- Update to 1.0.1:
  * keep linux capability CAP_SYS_MODULE
  * UPnP Client: actually allow SSDP traffic
  * Fix RPM macros to test if firewall-cmd is executable

OBS-URL: https://build.opensuse.org/request/show/921449
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=116
 2021-10-08 13:20:47 +00:00
Michał Rostecki
aa08f2b535 Accepting request 910605 from home:gmbr3:Active 
- Update to 1.0.0:
  * Reduced dependencies
  * Intra-zone forwarding by default
  * NAT rules moved to inet family (reduced rule set)
  * Default target is now similar to reject
  * ICMP blocks and block inversion only apply to input,
    not forward
  * tftp-client service has been removed
  * iptables backend is deprecated
  * Direct interface is deprecated
  * CleanupModulesOnExit defaults to no
    (kernel modules not unloaded)
- Add new firewalld-test package
- Move bash and zsh completions to more useful separate packages
- Clean spec file
- Move modprobe.d and autostart files out of /etc

OBS-URL: https://build.opensuse.org/request/show/910605
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=115
 2021-08-11 07:56:26 +00:00
Michał Rostecki
491b7af7c8 Accepting request 883554 from home:mrostecki:branches:security:netfilter 
- Remove dependency on firewalld from firewall-macros (bsc#1183404)

OBS-URL: https://build.opensuse.org/request/show/883554
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=114
 2021-04-07 09:26:19 +00:00
Michał Rostecki
86a24bbf7f Accepting request 873148 from home:mrostecki:branches:security:netfilter 
Preserve the reference to jsc#SLE-12281 in the old update to 0.7.5

OBS-URL: https://build.opensuse.org/request/show/873148
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=113
 2021-02-17 14:03:36 +00:00
Michał Rostecki
a50f2805cc Accepting request 866984 from home:mrostecki:branches:security:netfilter 
- Update to 0.9.3 (jsc#SLE-17336):
  nftables (jsc#SLE-16300):
  (rhbz#1817022, jsc#SLE-16300)

OBS-URL: https://build.opensuse.org/request/show/866984
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=112
 2021-01-26 17:59:52 +00:00
Michał Rostecki
7dc08b4e6b Accepting request 866974 from home:mrostecki:branches:security:netfilter 
- Update to 0.9.3 (SLE-17336):
  nftables (SLE-16300):
  (rhbz#1817022, SLE-16300)

OBS-URL: https://build.opensuse.org/request/show/866974
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=111
 2021-01-26 17:13:46 +00:00
Michał Rostecki
93ac3ead82 Accepting request 866966 from home:mrostecki:branches:security:netfilter 
- Disable FlushAllOnReload option to not retain interface to zone
  assignments and direct rules when using --reload option.
  * 0002-Disable-FlushAllOnReload-option.patch

OBS-URL: https://build.opensuse.org/request/show/866966
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=110
 2021-01-26 16:36:13 +00:00
Michał Rostecki
3c89112cb1 Accepting request 866564 from home:mrostecki:branches:security:netfilter 
- Update to 0.9.3:
  * docs(dbus): fix invalid method names
  * fix(forward): iptables: ipset used as zone source
  * fix(rich): non-printable characters removed from rich rules
  * docs(firewall-cmd): small description grammar fix
  * fix(rich): limit table to strip non-printables to C0 and C1
  * fix(zone): add source with mac address

OBS-URL: https://build.opensuse.org/request/show/866564
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=109
 2021-01-25 11:43:27 +00:00
Michał Rostecki
6108127596 Accepting request 863051 from home:rfrohl:branches:security:netfilter 
add missing dependency for firewall-offline-cmd

OBS-URL: https://build.opensuse.org/request/show/863051
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=108
 2021-01-14 13:23:51 +00:00
Michał Rostecki
e87c42cb75 Accepting request 847325 from home:mrostecki:branches:security:netfilter 
- Remove the patch which enforces usage of iptables instead of
  nftables:
  * 0001-firewall-backend-Switch-default-backend-to-iptables.patch
- Add firewalld zone for the docker0 interface. This is the
  workaround for lack of nftables support in docker. Without that
  additional zone, containers have no Internet connectivity.
  (rhbz#1817022)
- Update to 0.9.1:
  * Bugfixes:
    * docs(firewall-cmd): clarify lockdown whitelist command paths
    * fix(dbus): getActivePolicies shouldn't return a policy if a zone is not active
    * fix(policy): zone interface/source changes should affect all using zone

OBS-URL: https://build.opensuse.org/request/show/847325
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=107
 2020-11-09 17:48:32 +00:00
Robert Frohl
0dea11c5eb Accepting request 835127 from home:fbui:branches:security:netfilter 
- Make use of %service_del_postun_without_restart
  And stop using DISABLE_RESTART_ON_UPDATE as this interface is
  obsolete.

OBS-URL: https://build.opensuse.org/request/show/835127
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=106
 2020-09-24 08:08:44 +00:00
Michał Rostecki
dda7c66e07 Accepting request 833251 from home:mrostecki:branches:security:netfilter 
- Add python3-nftables as a requirement.

OBS-URL: https://build.opensuse.org/request/show/833251
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=105
 2020-09-09 14:50:16 +00:00
Michał Rostecki
469df4f998 Accepting request 832520 from home:gmbr3:Active 
- update to 0.9.0:
  * New major features
    * prevention of Zone Drifting
    * Intra Zone Forwarding
    * Policy Objects
  * For a full list of changes, see
    https://github.com/firewalld/firewalld/compare/v0.8.0...v0.9.0

OBS-URL: https://build.opensuse.org/request/show/832520
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=104
 2020-09-07 12:44:19 +00:00
Michał Rostecki
d6d990908d Accepting request 827072 from home:dirkmueller:branches:security:netfilter 
- update to 0.8.3:
  * nftables: convert to libnftables JSON interface
  * service: new “helper” element to replace “module” More accurately represents the conntrack helper. Deprecates “module”.
  * allow custom helpers using standard helper modules (rhbz 1733066)
  * testsuite is now shipped in the dist tarball
  * Typo in firewall-config(1)
  * Fix typo in TFTP service description
  * doc: README: add note about language translations
  * fix: rich: source/dest only matching with mark action
  * feat: AllowZoneDrifting config option
  * feat: nftables: support AllowZoneDrifting=yes
  * feat: ipXtables: support AllowZoneDrifting=yes
  * fix: firewall-offline-cmd: Don’t print warning about AllowZoneDrifting
  * fix: add logrotate policy
  * doc: direct: add CAVEATS section
  * fix: checkIP6: strip leading/trailing square brackets
  * fix: nftables: remove square brackets from IPv6 addresses
  * fix: ipXtables: remove square brackets from IPv6 addresses
  * fix: nftables: ipset types using “port”
  * fix: nftables: zone dispatch with multidimensional ipsets
  * fix: ipset: destroy runtime sets on reload/stop
  * fix: port: support querying sub ranges
  * fix: source_port: support querying sub ranges
  * doc: specify accepted characters for object names
  * fix: doc: address copy/paste mistakes in short/description
  * fix: configure: atlocal: quote variable values
  * fix: nftables: allow set intervals with concatenations
  * doc: clarify –set-target values “default” vs “reject”
  * fix: update dynamic DCE RPC ports in freeipa-trust service
  * fix: nftables: ipset: port ranges for non-default protocols

OBS-URL: https://build.opensuse.org/request/show/827072
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=103
 2020-08-17 07:45:59 +00:00
Michał Rostecki
20a544565d Accepting request 826046 from home:mrostecki:branches:security:netfilter 
- Update to version 0.7.5:
  * release: v0.7.5
  * chore(translation): merge from master
  * fix(cli): add ipset type hash:mac is incompatible with the family parameter Fixes: rhbz1541077
  * test(rhbz1483921): better test name
  * fix(cli): add --zone is an invalid option with --direct
  * fix: core: rich: Catch ValueError on non-numeric priority values
  * fix: update dynamic DCE RPC ports in freeipa-trust service
  * docs: replace occurrences of the term blacklist with denylist
  * docs(README): add libxslt for doc generation
  * test(rich): source mac with nftables backend
  * fix(firewall-offline-cmd): remove instances of "[P]" in help text
  * test(check-container): add support for centos8 stream
  * test(functions): use IndividualCalls if host doesn't support nft rule index
  * test(functions): add macro IF_HOST_SUPPORTS_NFT_RULE_INDEX
  * test(dbus): better way to check IPv6_rpfilter expected value
  * fix(ipset): flush the set if IndividiualCalls=yes
  * test(ipv6): skip square bracket address tests if ipv6 not available
  * test(gh509): only run test for nftables backend
  * fix(dbus): service: don't cleanup config for old set APIs
  * fix(config): bool values in dict based import/export
  * fix(doc): dbus: signatures for zone tuple based APIs
  * test(dbus): zone: fix zone runtime functional test title
  * test(dbus): zone: fix false failure due to list order
  * fix(client): addService needs to reduce tuple size
  * test(direct): rule in a zone chain
  * fix(direct): rule in a zone chain
  * test(dbus): zone: verify runtime config APIs
  * test(dbus): zone: verify permanent config APIs
  * fix(systemd): Conflict with nftables.service

OBS-URL: https://build.opensuse.org/request/show/826046
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=102
 2020-08-12 14:05:48 +00:00
Michał Rostecki
ac3eadc775 Accepting request 791189 from home:lemmy04:branches:security:netfilter 
- Update to 0.7.4
This is a bug fix only release.
However, it does reintroduce the zone drifting bug as a feature. See #258 and #441. This behavior is disabled by default.
  * improvement: build: add an option to disable building documentation
  * Typo in firewall-config(1)
  * Fix typo in TFTP service description
  * doc: README: add note about language translations
  * fix: rich: source/dest only matching with mark action
  * feat: AllowZoneDrifting config option
  * feat: nftables: support AllowZoneDrifting=yes
  * feat: ipXtables: support AllowZoneDrifting=yes
  * fix: firewall-offline-cmd: Don't print warning about AllowZoneDrifting
  * fix: add logrotate policy
  * fix: tests: regenerate testsuite if .../{cli,python}/*.at changes
  * doc: direct: add CAVEATS section
  * fix: checkIP6: strip leading/trailing square brackets
  * fix: nftables: remove square brackets from IPv6 addresses
  * fix: ipXtables: remove square brackets from IPv6 addresses
  * fix: nftables: zone dispatch with multidimensional ipsets
  * fix: ipset: destroy runtime sets on reload/stop
  * fix: port: support querying sub ranges
  * fix: source_port: support querying sub ranges
  * doc: specify accepted characters for object names
  * fix: doc: address copy/paste mistakes in short/description
  * fix: configure: atlocal: quote variable values
  * fix: nftables: allow set intervals with concatenations
  * doc: clarify --set-target values "default" vs "reject"

OBS-URL: https://build.opensuse.org/request/show/791189
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=101
 2020-04-03 12:30:54 +00:00