pool/firewalld
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
175 Commits 1 Branch 0 Tags 2.9 MiB
2609841abf
Commit Graph

175 Commits

This Branch
This Branch
All Branches
Author SHA256 Message Date
Dominique Leuenberger
2609841abf Accepting request 1033616 from security:netfilter 
OBS-URL: https://build.opensuse.org/request/show/1033616
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firewalld?expand=0&rev=74
 2022-11-05 13:46:45 +00:00
Callum Farmer
e903c070c1 Accepting request 1033086 from home:polslinux:branches:security:netfilter 
- Update to 1.2.1:
  * fix(modules): don't error if /proc/modules is missing (a1f091d)
  * fix(readme): format optional <ver> (03e61f2)
  * docs: add protocols to rich and zones (191cea4)
  * docs(policy): add priority attribute to rule (616ed7c)
  * fix(runtimeToPermanent): errors for interfaces not in zone (6b5a70b)
  * fix(failsafe): log exception on fatal failure (af1b8f0)
  * fix(ipset): defer native ipset creation if nftables (ae0ded4)
  * fix(nftables): drop invalid packets before zone dispatch (dc972ae)
  * fix(iptables): drop invalid packets before zone dispatch (83a4608)
  * fix(policies): Splitting interfaces with wildcards (3806e79)
  * fix(ipset): exception on overlap checking empty set (bfe827f)
  * fix(bash): fix ipset commands autocompletion (742669b)
  * docs(README): fix typo (e40b100)
  * fix(treewide): misc typos (d121f0c)
  * fix: firewalld.conf: trim trailing whitespace (21809ed)

OBS-URL: https://build.opensuse.org/request/show/1033086
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=133
 2022-11-04 19:21:10 +00:00
Dominique Leuenberger
240c5fc919 Accepting request 1000604 from security:netfilter 
OBS-URL: https://build.opensuse.org/request/show/1000604
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firewalld?expand=0&rev=73
 2022-09-02 19:56:25 +00:00
Callum Farmer
aba3e0a056 Accepting request 1000602 from home:schubi2 
- Migration to /usr/etc: Saving user changed configuration files
  in /etc and restoring them while an RPM update.

OBS-URL: https://build.opensuse.org/request/show/1000602
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=131
 2022-09-01 08:10:40 +00:00
Dominique Leuenberger
a83b740271 Accepting request 992210 from security:netfilter 
- readd ipset buildrequires to reenable ipset support (bsc#1202043)
- readd ebtables too, as there is no builtin support.

OBS-URL: https://build.opensuse.org/request/show/992210
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firewalld?expand=0&rev=72
 2022-08-03 19:16:25 +00:00
Marcus Meissner
2d03b1f242 - readd ebtables too, as there is no builtin support. 
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=129
 2022-08-02 09:19:49 +00:00
Marcus Meissner
1a47df9e35 - readd ipset buildrequires to reenable ipset support (bsc#1202043) 
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=128
 2022-08-02 09:18:12 +00:00
Richard Brown
c108e82e1a Accepting request 991048 from security:netfilter 
- readd iptables requires, as docker uses iptables passthrough
  currently, which calls into iptables (bsc#1201836)

- Also remove ipset, ebtables and iptables from the BuildRequires
  list (compare with change from 2022-03-03 - Thorsten Kukuk <kukuk@suse.com>)

OBS-URL: https://build.opensuse.org/request/show/991048
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firewalld?expand=0&rev=71
 2022-07-26 17:42:23 +00:00
Marcus Meissner
a278031fad - readd iptables requires, as docker uses iptables passthrough 
currently, which calls into iptables (bsc#1201836)

OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=127
 2022-07-25 13:54:24 +00:00
Fabian Vogt
b8a847311d Revert for boo#1201836 
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firewalld?expand=0&rev=70
 2022-07-25 13:07:02 +00:00
Richard Brown
237d4e47b2 Accepting request 989313 from security:netfilter 
OBS-URL: https://build.opensuse.org/request/show/989313
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firewalld?expand=0&rev=69
 2022-07-21 09:32:44 +00:00
Robert Frohl
50c2870672 Accepting request 989113 from home:trenn:branches:security:netfilter 
- Also remove ipset, ebtables and iptables from the BuildRequires
  list (compare with change from 2022-03-03 - Thorsten Kukuk <kukuk@suse.com>)

OBS-URL: https://build.opensuse.org/request/show/989113
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=126
 2022-07-15 06:25:55 +00:00
Dominique Leuenberger
467626e703 Accepting request 986626 from security:netfilter 
OBS-URL: https://build.opensuse.org/request/show/986626
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firewalld?expand=0&rev=68
 2022-07-05 10:27:32 +00:00
Callum Farmer
949bf0320d Accepting request 986625 from home:gmbr3:Active 
- Update to 1.2.0:
  * feat(firewalld): add new --log-target parameter
  * feat(service): add snmptls, snmptls-trap services
  * feat(service): add IPFS service
  * feat(fw): startup failsafe
  * feat(service): Add kubelet-readonly
  * feat(service): Add secure version of k8s controller-plane components
  * feat(bash): completion of policy-related commands
  * feat(service): add prometheus node-exporter
  * feat(service): add Kodi JSON-RPC and EventServer services

OBS-URL: https://build.opensuse.org/request/show/986625
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=125
 2022-07-04 11:07:28 +00:00
Dominique Leuenberger
559714d645 Accepting request 984239 from security:netfilter 
OBS-URL: https://build.opensuse.org/request/show/984239
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firewalld?expand=0&rev=67
 2022-06-24 06:45:08 +00:00
Callum Farmer
d3f927f0c8 Accepting request 984147 from home:schubi2 
- Moved logrotate files from user specific directory /etc/logrotate.d
  to vendor specific directory /usr/etc/logrotate.d.

OBS-URL: https://build.opensuse.org/request/show/984147
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=124
 2022-06-21 18:20:51 +00:00
Dominique Leuenberger
ea2c2ccba9 Accepting request 966068 from security:netfilter 
OBS-URL: https://build.opensuse.org/request/show/966068
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firewalld?expand=0&rev=66
 2022-04-02 16:20:03 +00:00
Callum Farmer
09d5965ce8 Accepting request 966067 from home:gmbr3:Active 
- Update to 1.1.1:
  * fix(build): oci: use centos:stream8 instead of ubi:8
  * fix(functions): --check-config fails if direct.xml exists
  * fix(build): oci: use dbus inside the container
  * docs(README): add note about container host integration
  * docs: typo fixes

OBS-URL: https://build.opensuse.org/request/show/966067
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=123
 2022-03-30 17:10:59 +00:00
Dominique Leuenberger
3b54277ca5 Accepting request 964017 from security:netfilter 
OBS-URL: https://build.opensuse.org/request/show/964017
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firewalld?expand=0&rev=65
 2022-03-24 21:56:57 +00:00
Michał Rostecki
de4b94d2a0 Accepting request 962711 from home:witekbedyk:branches:security:netfilter 
- Provide dummy firewalld-prometheus-config package (bsc#1197042)

This is to prevent file conflicts between Firewalld and Prometheus packages in case Prometheus package is built on a different system than the target one (as it is the case for SUSE Manager).

OBS-URL: https://build.opensuse.org/request/show/962711
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=122
 2022-03-22 16:26:21 +00:00
Dominique Leuenberger
d5bae943bc Accepting request 960423 from security:netfilter 
OBS-URL: https://build.opensuse.org/request/show/960423
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firewalld?expand=0&rev=64
 2022-03-11 20:40:55 +00:00
Callum Farmer
ceb14b7b7e Accepting request 960050 from home:mwilck:modprobe.d 
- Add code for safe modprobe.d migration
  (https://en.opensuse.org/openSUSE:Packaging_UsrEtc)
- Always own %_modprobedir (bsc#1196275, jsc#SLE-20639)

OBS-URL: https://build.opensuse.org/request/show/960050
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=121
 2022-03-09 09:11:22 +00:00
Dominique Leuenberger
2629c8fc50 Accepting request 959443 from security:netfilter 
OBS-URL: https://build.opensuse.org/request/show/959443
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firewalld?expand=0&rev=63
 2022-03-05 13:43:08 +00:00
Callum Farmer
b31285ff7d Accepting request 959442 from home:kukuk:container 
- Fix modprobe.d directory for SLE15 SP3
- Cleanup dependencies:
  - ipset, ebtables and iptables are purely optional and deprecated, 
    so don't require them
  - sysconfig is not needed at all
  - Don't hard require systemd, we don't have and need that in containers

OBS-URL: https://build.opensuse.org/request/show/959442
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=120
 2022-03-04 13:25:06 +00:00
Dominique Leuenberger
e306261337 Accepting request 957780 from security:netfilter 
1.1.0

OBS-URL: https://build.opensuse.org/request/show/957780
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firewalld?expand=0&rev=62
 2022-02-27 21:42:48 +00:00
Callum Farmer
098c192bd5 Accepting request 957778 from home:gmbr3:Active 
- Update to 1.1.0:
  * feat(service): Add jellyfin service
  * feat(policy): support OUTPUT forward ports
  * feat: config check improvements
  * feat(service): add http3
  * feat(service): add service definition for WS-Discovery Client
  * feat(service): add service definition for WS-Discovery
  * feat(service): add service definition for AFP
  * feat(rich): Support nflog target and add log attribute
    errors/checks
  * feat(service): add ZeroTier service

OBS-URL: https://build.opensuse.org/request/show/957778
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=119
 2022-02-26 14:37:46 +00:00
Dominique Leuenberger
ace763cab4 Accepting request 946416 from security:netfilter 
1.0.3

OBS-URL: https://build.opensuse.org/request/show/946416
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firewalld?expand=0&rev=61
 2022-01-15 20:45:08 +00:00
Callum Farmer
f92eed8643 Accepting request 946415 from home:gmbr3:Active 
- Update to 1.0.3:
  * fix(io): _check_config() expects a dict
  * feat(build): distribute an OCI container image
  * fix(ipset): reduce cost of entry overlap detection

OBS-URL: https://build.opensuse.org/request/show/946415
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=118
 2022-01-14 13:02:36 +00:00
Dominique Leuenberger
5200262b33 Accepting request 932170 from security:netfilter 
- Update to 1.0.2:
  * fix(firewalld): check capng_apply() return code
  * fix(nftables): do not log icmp block if inversion
  * fix(nftables): rich: source address with netmask
  * fix(fw_config): zone: on rename remove then add
  * fix(io/functions): check_config against on disk conf
  * fix(zone): detect same source/interface in zones
  * docs(policy): fix typos
  * docs(policies): fix typos (forwarded request 932169 from mrostecki)

OBS-URL: https://build.opensuse.org/request/show/932170
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firewalld?expand=0&rev=60
 2021-11-20 21:47:48 +00:00
Michał Rostecki
e6ddad9a48 Accepting request 932169 from home:mrostecki:branches:security:netfilter 
- Update to 1.0.2:
  * fix(firewalld): check capng_apply() return code
  * fix(nftables): do not log icmp block if inversion
  * fix(nftables): rich: source address with netmask
  * fix(fw_config): zone: on rename remove then add
  * fix(io/functions): check_config against on disk conf
  * fix(zone): detect same source/interface in zones
  * docs(policy): fix typos
  * docs(policies): fix typos

OBS-URL: https://build.opensuse.org/request/show/932169
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=117
 2021-11-18 10:10:37 +00:00
Dominique Leuenberger
e5d2d63627 Accepting request 924225 from security:netfilter 
OBS-URL: https://build.opensuse.org/request/show/924225
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firewalld?expand=0&rev=59
 2021-10-11 14:48:44 +00:00
Michał Rostecki
6c5a600340 Accepting request 921449 from home:gmbr3:Active 
- Update to 1.0.1:
  * keep linux capability CAP_SYS_MODULE
  * UPnP Client: actually allow SSDP traffic
  * Fix RPM macros to test if firewall-cmd is executable

OBS-URL: https://build.opensuse.org/request/show/921449
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=116
 2021-10-08 13:20:47 +00:00
Richard Brown
4a1aeb23a7 Accepting request 911378 from security:netfilter 
OBS-URL: https://build.opensuse.org/request/show/911378
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firewalld?expand=0&rev=58
 2021-08-16 08:08:46 +00:00
Michał Rostecki
aa08f2b535 Accepting request 910605 from home:gmbr3:Active 
- Update to 1.0.0:
  * Reduced dependencies
  * Intra-zone forwarding by default
  * NAT rules moved to inet family (reduced rule set)
  * Default target is now similar to reject
  * ICMP blocks and block inversion only apply to input,
    not forward
  * tftp-client service has been removed
  * iptables backend is deprecated
  * Direct interface is deprecated
  * CleanupModulesOnExit defaults to no
    (kernel modules not unloaded)
- Add new firewalld-test package
- Move bash and zsh completions to more useful separate packages
- Clean spec file
- Move modprobe.d and autostart files out of /etc

OBS-URL: https://build.opensuse.org/request/show/910605
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=115
 2021-08-11 07:56:26 +00:00
Richard Brown
d17e057975 Accepting request 883555 from security:netfilter 
- Remove dependency on firewalld from firewall-macros (bsc#1183404) (forwarded request 883554 from mrostecki)

OBS-URL: https://build.opensuse.org/request/show/883555
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firewalld?expand=0&rev=57
 2021-04-10 13:26:30 +00:00
Michał Rostecki
491b7af7c8 Accepting request 883554 from home:mrostecki:branches:security:netfilter 
- Remove dependency on firewalld from firewall-macros (bsc#1183404)

OBS-URL: https://build.opensuse.org/request/show/883554
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=114
 2021-04-07 09:26:19 +00:00
Dominique Leuenberger
97d4bd875a Accepting request 873150 from security:netfilter 
Preserve the reference to jsc#SLE-12281 in the old update to 0.7.5 (forwarded request 873148 from mrostecki)

OBS-URL: https://build.opensuse.org/request/show/873150
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firewalld?expand=0&rev=56
 2021-02-17 17:09:37 +00:00
Michał Rostecki
86a24bbf7f Accepting request 873148 from home:mrostecki:branches:security:netfilter 
Preserve the reference to jsc#SLE-12281 in the old update to 0.7.5

OBS-URL: https://build.opensuse.org/request/show/873148
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=113
 2021-02-17 14:03:36 +00:00
Dominique Leuenberger
9d471d09b3 Accepting request 866985 from security:netfilter 
- Update to 0.9.3 (jsc#SLE-17336):
  nftables (jsc#SLE-16300):
  (rhbz#1817022, jsc#SLE-16300) (forwarded request 866984 from mrostecki)

OBS-URL: https://build.opensuse.org/request/show/866985
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firewalld?expand=0&rev=55
 2021-02-01 12:25:19 +00:00
Michał Rostecki
a50f2805cc Accepting request 866984 from home:mrostecki:branches:security:netfilter 
- Update to 0.9.3 (jsc#SLE-17336):
  nftables (jsc#SLE-16300):
  (rhbz#1817022, jsc#SLE-16300)

OBS-URL: https://build.opensuse.org/request/show/866984
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=112
 2021-01-26 17:59:52 +00:00
Michał Rostecki
7dc08b4e6b Accepting request 866974 from home:mrostecki:branches:security:netfilter 
- Update to 0.9.3 (SLE-17336):
  nftables (SLE-16300):
  (rhbz#1817022, SLE-16300)

OBS-URL: https://build.opensuse.org/request/show/866974
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=111
 2021-01-26 17:13:46 +00:00
Michał Rostecki
93ac3ead82 Accepting request 866966 from home:mrostecki:branches:security:netfilter 
- Disable FlushAllOnReload option to not retain interface to zone
  assignments and direct rules when using --reload option.
  * 0002-Disable-FlushAllOnReload-option.patch

OBS-URL: https://build.opensuse.org/request/show/866966
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=110
 2021-01-26 16:36:13 +00:00
Michał Rostecki
3c89112cb1 Accepting request 866564 from home:mrostecki:branches:security:netfilter 
- Update to 0.9.3:
  * docs(dbus): fix invalid method names
  * fix(forward): iptables: ipset used as zone source
  * fix(rich): non-printable characters removed from rich rules
  * docs(firewall-cmd): small description grammar fix
  * fix(rich): limit table to strip non-printables to C0 and C1
  * fix(zone): add source with mac address

OBS-URL: https://build.opensuse.org/request/show/866564
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=109
 2021-01-25 11:43:27 +00:00
Dominique Leuenberger
0a323e9ee8 Accepting request 863088 from security:netfilter 
OBS-URL: https://build.opensuse.org/request/show/863088
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firewalld?expand=0&rev=54
 2021-01-18 10:27:30 +00:00
Michał Rostecki
6108127596 Accepting request 863051 from home:rfrohl:branches:security:netfilter 
add missing dependency for firewall-offline-cmd

OBS-URL: https://build.opensuse.org/request/show/863051
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=108
 2021-01-14 13:23:51 +00:00
Dominique Leuenberger
fda4feede4 Accepting request 853450 from security:netfilter 
- Remove the patch which enforces usage of iptables instead of
  nftables:
  * 0001-firewall-backend-Switch-default-backend-to-iptables.patch
- Add firewalld zone for the docker0 interface. This is the
  workaround for lack of nftables support in docker. Without that
  additional zone, containers have no Internet connectivity.
  (rhbz#1817022)
- Update to 0.9.1:
  * Bugfixes:
    * docs(firewall-cmd): clarify lockdown whitelist command paths
    * fix(dbus): getActivePolicies shouldn't return a policy if a zone is not active
    * fix(policy): zone interface/source changes should affect all using zone

OBS-URL: https://build.opensuse.org/request/show/853450
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firewalld?expand=0&rev=53
 2020-12-09 21:11:01 +00:00
Dominique Leuenberger
20c8db02de https://bugzilla.opensuse.org/show_bug.cgi?id=1178801 
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firewalld?expand=0&rev=52
 2020-11-14 17:22:52 +00:00
Dominique Leuenberger
1c671ba1b4 Accepting request 847328 from security:netfilter 
- Remove the patch which enforces usage of iptables instead of
  nftables:
  * 0001-firewall-backend-Switch-default-backend-to-iptables.patch
- Add firewalld zone for the docker0 interface. This is the
  workaround for lack of nftables support in docker. Without that
  additional zone, containers have no Internet connectivity.
  (rhbz#1817022)
- Update to 0.9.1:
  * Bugfixes:
    * docs(firewall-cmd): clarify lockdown whitelist command paths
    * fix(dbus): getActivePolicies shouldn't return a policy if a zone is not active
    * fix(policy): zone interface/source changes should affect all using zone (forwarded request 847325 from mrostecki)

OBS-URL: https://build.opensuse.org/request/show/847328
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firewalld?expand=0&rev=51
 2020-11-13 17:53:00 +00:00
Michał Rostecki
e87c42cb75 Accepting request 847325 from home:mrostecki:branches:security:netfilter 
- Remove the patch which enforces usage of iptables instead of
  nftables:
  * 0001-firewall-backend-Switch-default-backend-to-iptables.patch
- Add firewalld zone for the docker0 interface. This is the
  workaround for lack of nftables support in docker. Without that
  additional zone, containers have no Internet connectivity.
  (rhbz#1817022)
- Update to 0.9.1:
  * Bugfixes:
    * docs(firewall-cmd): clarify lockdown whitelist command paths
    * fix(dbus): getActivePolicies shouldn't return a policy if a zone is not active
    * fix(policy): zone interface/source changes should affect all using zone

OBS-URL: https://build.opensuse.org/request/show/847325
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=107
 2020-11-09 17:48:32 +00:00
Dominique Leuenberger
1e3872aa2b Accepting request 836462 from security:netfilter 
OBS-URL: https://build.opensuse.org/request/show/836462
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firewalld?expand=0&rev=50
 2020-10-03 16:55:28 +00:00