- Update to 0.7.4
This is a bug fix only release.
However, it does reintroduce the zone drifting bug as a feature. See #258 and #441. This behavior is disabled by default.
* improvement: build: add an option to disable building documentation
* Typo in firewall-config(1)
* Fix typo in TFTP service description
* doc: README: add note about language translations
* fix: rich: source/dest only matching with mark action
* feat: AllowZoneDrifting config option
* feat: nftables: support AllowZoneDrifting=yes
* feat: ipXtables: support AllowZoneDrifting=yes
* fix: firewall-offline-cmd: Don't print warning about AllowZoneDrifting
* fix: add logrotate policy
* fix: tests: regenerate testsuite if .../{cli,python}/*.at changes
* doc: direct: add CAVEATS section
* fix: checkIP6: strip leading/trailing square brackets
* fix: nftables: remove square brackets from IPv6 addresses
* fix: ipXtables: remove square brackets from IPv6 addresses
* fix: nftables: zone dispatch with multidimensional ipsets
* fix: ipset: destroy runtime sets on reload/stop
* fix: port: support querying sub ranges
* fix: source_port: support querying sub ranges
* doc: specify accepted characters for object names
* fix: doc: address copy/paste mistakes in short/description
* fix: configure: atlocal: quote variable values
* fix: nftables: allow set intervals with concatenations
* doc: clarify --set-target values "default" vs "reject"
OBS-URL: https://build.opensuse.org/request/show/791189
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=101
- rebased the original patch from revision 19
- apply patch only on openSUSE < TW, and SLES.
- Added a patch to make iptables the default again on openSUSE
- Update to version 0.7.2:
This is a bug fix only release.
* fix: direct: removeRules() was mistakenly removing all rules
* fix: guarantee zone source dispatch is sorted by zone name
* fix: nftables: fix zone dispatch using ipset sources in nat chains
* doc: add --default-config and --system-config
* fix: --add-masquerade should only affect ipv4
* fix: nftables: --forward-ports should only affect IPv4
* fix: direct: removeRules() not removing all rules in chain
* dbus: service: fix service includes individual APIs
* fix: allow custom helpers using standard helper modules
* fix: service: usage of helpers with '-' in name
* fix: Revert "ebtables: drop support for broute table"
* fix: ebtables: don't use tables that aren't available
* fix: fw: initialize _rfc3964_ipv4
OBS-URL: https://build.opensuse.org/request/show/736856
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=96
- Update to version 0.7.1:
* Rich Rule Priorities
* Service Definition Includes - Service definitions can now
include lines like: <include service="https"/> which will
include all the ports, etc from the https service.
* RFC3964 IPv4 filtering - A new option RFC3964_IPv4 in
firewalld.conf is available. It does filtering based on RFC3964
in regards to IPv4 addresses. This functionality was
traditionally in network-scripts.
* FlushAllOnReload - A new option FlushAllOnReload in
firewalld.conf is available. Older release retained some
settings (direct rules, interface to zone assignments) during a
--reload. With the introduction of this configuration option
that is no longer the case. Old behavior can be restored by
setting FlushAllOnReload=no.
* 15 new service definitions
* fix: firewall-offline-cmd: service: use dict based APIs
* fix: client: service: use dict based dbus APIs
* test: dbus: coverage for new service APIs
* fix: dbus: new dict based APIs for services
* test: dbus: service API coverage
* test: functions: add macro DBUS_INTROSPECT
* test: functions: add CHOMP macro for shell output
* fix: tests/functions: use gdbus instead of dbus-send
* fix: dbus: add missing APIs for service includes
- Remove patch for using iptables instead of nftables - we should
finally switch to nftables and fix its issues properly if they
occur again:
* 0001-firewall-backend-Switch-default-backend-to-iptables.patch
- Remove patch which was released upstream:
* 0002-Add-FlushAllOnReload-config-option.patch
OBS-URL: https://build.opensuse.org/request/show/729405
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=95
