- Update to 0.5.3 (bsc#1093120)
* tests/regression: add test for ipset with timeout
* ipset: allow adding entries to ipsets with timeout
* translations: update
* helpers: load helper module explicitly if no port given
* helpers: nf_conntrack_proto-* helpers needs name cropped
* config/Makefile: correct name of proto-gre helper
* tests/regression: test helper nf_conntrack_proto_gre (#263)
* functions: get_nf_nat_helpers() should look in other directories too
* functions: Allow nf_conntrack_proto_* helpers
* services: Add GRE
* helpers: Add proto-gre
* tests/regression: add test to verify ICMP block in forward chain
* ipXtables: fix ICMP block not being present in FORWARD chain
OBS-URL: https://build.opensuse.org/request/show/607015
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firewalld?expand=0&rev=28
- Update to 0.5.3
* tests/regression: add test for ipset with timeout
* ipset: allow adding entries to ipsets with timeout
* translations: update
* helpers: load helper module explicitly if no port given
* helpers: nf_conntrack_proto-* helpers needs name cropped
* config/Makefile: correct name of proto-gre helper
* tests/regression: test helper nf_conntrack_proto_gre (#263)
* functions: get_nf_nat_helpers() should look in other directories too
* functions: Allow nf_conntrack_proto_* helpers
* services: Add GRE
* helpers: Add proto-gre
* tests/regression: add test to verify ICMP block in forward chain
* ipXtables: fix ICMP block not being present in FORWARD chain
OBS-URL: https://build.opensuse.org/request/show/606954
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=67
- Remove high-availability service. SUSE HA uses the cluster service
provided by the yast2-cluster package (bsc#1078223)
- Update to 0.5.1
* ipXtables: fix iptables-restore wait option detection
* python3: use "foo in dict" not dict.has_key(foo)
* Fix potential python3 keys() incompatibility in watcher
* Fixed python3 compatibility
* ebtables: fix missing default value to set_rule()
* fw_zone: fix invalid reference to __icmp_block_inversion
* zones: Correct and defer check_name for combined zones
- Update to 0.5.0
* firewallctl: mark deprecated (gh#firewalld/firewalld##261)
* Add nmea-0183 service
* Add sycthing-gui service
* Add syncthing service
* Adding FirewallD jenkins service (gh#firewalld/firewalld#256)
* services/high-availability: Add port 9929
* Fix and improve firewalld-sysctls.conf
* firewalld: also reload dbus config interface for global options
* Add MongoDB service definition
* src: firewall: Add support for SUSE ifcfg scripts
* Add UPnP client service
* firewalld: Allow specifying log file location
* firewalld/firewall-offline-cmd: Allow setting system config directories
- Drop obsolete patch
* 0001-suse-ifcfg-files.patch
- Drop tests installation
OBS-URL: https://build.opensuse.org/request/show/575487
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firewalld?expand=0&rev=25
- Remove high-availability service. SUSE HA uses the cluster service
provided by the yast2-cluster package (bsc#1078223)
- Update to 0.5.1
* ipXtables: fix iptables-restore wait option detection
* python3: use "foo in dict" not dict.has_key(foo)
* Fix potential python3 keys() incompatibility in watcher
* Fixed python3 compatibility
* ebtables: fix missing default value to set_rule()
* fw_zone: fix invalid reference to __icmp_block_inversion
* zones: Correct and defer check_name for combined zones
- Update to 0.5.0
* firewallctl: mark deprecated (gh#firewalld/firewalld##261)
* Add nmea-0183 service
* Add sycthing-gui service
* Add syncthing service
* Adding FirewallD jenkins service (gh#firewalld/firewalld#256)
* services/high-availability: Add port 9929
* Fix and improve firewalld-sysctls.conf
* firewalld: also reload dbus config interface for global options
* Add MongoDB service definition
* src: firewall: Add support for SUSE ifcfg scripts
* Add UPnP client service
* firewalld: Allow specifying log file location
* firewalld/firewall-offline-cmd: Allow setting system config directories
- Drop tests installation
OBS-URL: https://build.opensuse.org/request/show/571711
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=59
- Update to version 0.4.4.6
* firewall.core.fw_config: Fix check for icmp builtin name
* config.services: docker-swarm: fix incorrect attribute
* xmlschema/service.xsd: Fix protocol looking for name instead of value
* Add docker swarm service (gh#firewalld/firewalld#230)
* Adding FirewallD redis service (gh#firewalld/firewalld#248)
* Adding firewalld zabbix server and agent services (gh#firewalld/firewalld#221)
* firewall-offline-cmd: Don't require root for help output
* doc: firewall-cmd: Document --query-* options return codes
* firewall-cmd: Use colors only if output is a TTY
* core: Log unsupported ICMP types as informational only
* add bgp service to predefined services edit to config/Makefile.am
* Add git service
* Add kprop service
* minidlna definitions (gh#firewalld/firewalld#236)
* SpiderOak ONE listens on port 21327 and 21328
* autogen.sh: Allow skipping configure via NOCONFIGURE env var
* Add missing ports to RH-Satellite-6 service
* Reload nf_conntrack sysctls after the module is loaded
* Add NFSv3 service.
* config/Makefile.am: Add murmur service (a95eed1)
* add new service IRC
* firewall.core.prog: Simplify runProg output: Combine stderr and stdout
* firewall.core.fw: Fix possible dict size change in for loop
* firewall.core.fw: Use new firewalld git repo in firewalld organization
* config/firewall-config.appdata.xml.in: Use new firewalld git repo in firewalld organization
* firewall.core.fw_zone: Rich-rule ICMP type: Error only for conflicting family
* firewall.core.rich: Add checks for Rich_Source validation
* Handle also IPv6 with the zone masquerade flag
* Add IPv6 support for forward-ports in zones
OBS-URL: https://build.opensuse.org/request/show/542023
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=47
- Update to version 0.4.4.5
* firewall-offline-cmd: Fix --remove-service-from-zone option (rh#1438127)
* Support sctp and dccp in ports, source-ports, forward-ports, helpers and rich rules
* firewall-cmd: Fix --{set,get}-{short,description} for zone
* firewall.core.ipXtables: Use new wait option for restore commands if available
* Adding ovirt-vmconsole service file
* Adding oVirt storage-console service.
* Adding ctdb service file.
* Adding service file for nrpe.
* Rename extension for policy choices (server and desktop) to .policy.choice (rh#1449754)
* D-Bus interfaces: Fix GetAll for interfaces without properties (rh#1452017)
* firewall.core.fw_config: Fix wrong variable use in repr output
* firewall.core.fw_icmptype: Add missing import for copy
* firewall.core.fw_test: Fix wrong format string in repr
* firewall.core.io.zone: Fix getattr use on super(Zone)
* firewall.functions: New function get_nf_nat_helpers
* firewall.core.fw: Get NAT helpers and store them internally.
* firewall.core.fw_zone: Load NAT helpers with conntrack helpers
* firewalld.dbus: Add missing properties nf_conntrach_helper_setting and nf_conntrack_helpers
* firewall.server.firewalld: New property for NAT helpers supported by the kernel
OBS-URL: https://build.opensuse.org/request/show/501444
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=43
- Update to version 0.4.4.4
* Drop references to fedorahosted.org from spec file and Makefile.am
* firewall-config: Show invalid ipset type in the ipset dialog in the bad label
* firewall.core.fw: Show icmptypes and ipsets with type errors in permanent env
* firewall.server.firewalld: Provide information about the supported icmp types
* firewall.core.fw_icmptype: Add ICMP type only if the type is supported
* firewall.core.fw: New attributes ip{4,6}tables_supported_icmp_types
* firewall.core.ipXtables: New method supported_icmp_types
* firewall-config: Deactivate edit buttons if there are no items
* firewall.core.io.zone: Fix permanent rich rules using icmp-type (rh#1434594)
* firewall.core.fw_ipset: get_ipset may not ckeck if set is applied by default
* firewall.core.fw_transaction: Use LastUpdatedOrderedDict for zone transactions
- Remove upstream patch:
* 0001-firewall.core.fw_ipset-get_ipset-may-not-ckeck-if-se.patch
OBS-URL: https://build.opensuse.org/request/show/482972
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=41
- Update to version 0.4.4.3
* New service freeipa-trust (rh#1411650)
* Complete icmp types for IPv4 and IPv6
* New h323 helper container
* Support helper container: h323
* firewall.server.decorators: ALREADY_ errors should be logged as warnings
* firewall.command: ALREADY_SET should also result in zero exit code
* tests/firewall-offline-cmd_test.sh: Only use firewall-offline-cmd
* Support more ipset types: hash:ip,port, hash:ip,port,ip, hash:ip,port,net, hash:ip,mark, hash:net,net, hash:net,port, hash:net,port,net, hash:net,iface
* New checks for ipset entry validation
* Use ipset dimension for match
* firewall.core.base: New ZONE_SOURCE_IPSET_TYPES list
* New firewall.core.icmp providing names and types for icmp and icmpv6 values
* firewall.core.fw_ipset: New methods to get ipset dimension and applied state
* firewall.errors: New error NOT_APPLIED
* firewall-cmd man page: Add missing --get-ipset-types
* firewall.core.fw_nm: No trace back on failed get_connection call (rh#1413345)
* firewall.core.prog: Fix addition of the error output in runProg
* Speed up ipset handling, (re)loading and import from file
* Support --family option for --new-ipset
* Handle FirewallError for query sequences in command line tools
* Fail to alter entries of ipsets with timeout
* Extended tests for ipset options
* Return empty list for ipsets using timeouts
* firewall.functions: Fix checks in checkIPnMask and checkIP6nMask (gh#t-woerner/firewalld#186)
* firewalld.conf man page: New section about AutomaticHelpers
* firewall-offline-cmd man page: Added -v and -q options, fixed section ids
* firewall{-cmd, ctl}: Fix scope of final return in try_set_zone_of_interface
* firewall.core.fw_zone: Limit masquerading forward rule to new connections
* firewall-config: Update active zones on reloaded signal
OBS-URL: https://build.opensuse.org/request/show/458640
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=38
- Update to version 0.4.4.2
* firewalld.spec: Added helpers and ipsets paths to firewalld-filesystem
* firewall.core.fw_nm: create NMClient lazily
* Do not use hard-coded path for modinfo, use autofoo to detect it
* firewall.core.io.ifcfg: Dropped invalid option warning with bad format string
* firewall.core.io.ifcfg: Properly handle quoted ifcfg values
* firewall.core.fw_zone: Do not reset ZONE with ifdown
* Updated translations from zanata
* firewall-config: Extra grid at bottom to visualize firewalld settings
OBS-URL: https://build.opensuse.org/request/show/443842
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=36
- Update to version 0.4.4
* firewall-applet: Use PyQt5
* firewall-config: New nf_conntrack_select dialog, use nf_conntrack_helpers
D-Bus property
* New helpers Q.931 and RAS from nf_conntrack_h323
* firewall.core.fw_zone: Add zone bingings for PREROUTING in the raw table
* firewall.core.ipXtables: Add PREROUTING default rules for zones in raw
table
* New helper configuration files for amanda, ftp, irc, netbios-ns, pptp,
sane, sip, snmp and tftp
* firewall-cmd: Fixed --{get,set}-{description,short} for permanent zones
* firewall.command: Do not use error code 254 for {ALREADY,NOT}_ENABLED
sequences
* Misc bug fixes.
* For the complete list of changes please see:
https://github.com/t-woerner/firewalld/releases/tag/v0.4.4
OBS-URL: https://build.opensuse.org/request/show/438020
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=32
- Update to version 0.4.3.1
* firewall.command: Fix python3 DBusException message not interable error
* src/Makefile.am: Fix path in firewall-[offline-]cmd_test.sh while installing
* firewallctl: Do not trace back on list command without further arguments
* firewallctl (man1): Added remaining sections zone, service, ..
* firewallctl: Added runtime-to-permanent, interface and source parser, IndividualCalls setting
* firewall.server.config: Allow to set IndividualCalls property in config interface
* Fix missing icmp rules for some zones
* runProg: Fix issue with running programs
* firewall-offline-cmd: Fix issues with missing system-config-firewall
* firewall.core.ipXtables: Split up source and dest addresses for transaction
* firewall.server.config: Log error in case of loading malformed files in watcher
* Install and package the firewallctl man page
* Translation updates
OBS-URL: https://build.opensuse.org/request/show/405271
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=24
