- rebased the original patch from revision 19
- apply patch only on openSUSE < TW, and SLES.
- Added a patch to make iptables the default again on openSUSE
- Update to version 0.7.2:
This is a bug fix only release.
* fix: direct: removeRules() was mistakenly removing all rules
* fix: guarantee zone source dispatch is sorted by zone name
* fix: nftables: fix zone dispatch using ipset sources in nat chains
* doc: add --default-config and --system-config
* fix: --add-masquerade should only affect ipv4
* fix: nftables: --forward-ports should only affect IPv4
* fix: direct: removeRules() not removing all rules in chain
* dbus: service: fix service includes individual APIs
* fix: allow custom helpers using standard helper modules
* fix: service: usage of helpers with '-' in name
* fix: Revert "ebtables: drop support for broute table"
* fix: ebtables: don't use tables that aren't available
* fix: fw: initialize _rfc3964_ipv4
OBS-URL: https://build.opensuse.org/request/show/736856
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=96
- Update to version 0.7.1:
* Rich Rule Priorities
* Service Definition Includes - Service definitions can now
include lines like: <include service="https"/> which will
include all the ports, etc from the https service.
* RFC3964 IPv4 filtering - A new option RFC3964_IPv4 in
firewalld.conf is available. It does filtering based on RFC3964
in regards to IPv4 addresses. This functionality was
traditionally in network-scripts.
* FlushAllOnReload - A new option FlushAllOnReload in
firewalld.conf is available. Older release retained some
settings (direct rules, interface to zone assignments) during a
--reload. With the introduction of this configuration option
that is no longer the case. Old behavior can be restored by
setting FlushAllOnReload=no.
* 15 new service definitions
* fix: firewall-offline-cmd: service: use dict based APIs
* fix: client: service: use dict based dbus APIs
* test: dbus: coverage for new service APIs
* fix: dbus: new dict based APIs for services
* test: dbus: service API coverage
* test: functions: add macro DBUS_INTROSPECT
* test: functions: add CHOMP macro for shell output
* fix: tests/functions: use gdbus instead of dbus-send
* fix: dbus: add missing APIs for service includes
- Remove patch for using iptables instead of nftables - we should
finally switch to nftables and fix its issues properly if they
occur again:
* 0001-firewall-backend-Switch-default-backend-to-iptables.patch
- Remove patch which was released upstream:
* 0002-Add-FlushAllOnReload-config-option.patch
OBS-URL: https://build.opensuse.org/request/show/729405
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=95
- Update to version 0.4.3
* New firewallctl utility (RHBZ#1147959)
* doc.xml.seealso: Show firewalld.dbus in See Also sections
* firewall.core.fw_config: Create backup on zone, service, ipset and icmptype removal (RHBZ#1339251)
* {zone,service,ipset,icmptype}_writer: Do not fail on failed backup
* firewall-[offline-]cmd: Fix --new-X-from-file options for files in cwd
* firewall-cmd: Dropped duplicate setType call in --new-ipset
* radius service: Support also tcp ports (RBZ#1219717)
* xmlschemas: Support source-port, protocol, icmp-block-inversion and ipset sources
* config.xmlschema.service.xsd: Fix service destination conflicts (RHBZ#1296573)
* firewall-cmd, firewalld man: Information about new NetworkManager and ifcfg
* firewall.command: Only print summary and description in print_X_info with verbose
* firewall.command: print_msg should be able to print empty lines
* firewall-config: No processing of runtime passthroughs signals in permanent
* Landspace.io fixes and pylint calm downs
* firewall.core.io.zone: Add zone_reader and zone_writer to all, pylint fixes
* firewall-config: Fixed titles of command and context dialogs, also entry lenths
* firewall-config: pylint calm downs
* firewall.core.fw_zone: Fix use of MAC source in rich rules without ipv limit
* firewall-config: Use self.active_zoens in conf_zone_added_cb
* firewall.command: New parse_port, extended parse methods with more checks
* firewall.command: Fixed parse_port to use the separator in the split call
* firewall.command: New [de]activate_exception_handler, raise error in parse_X
* services ha: Allow corosync-qnetd port
* firewall-applet: Support for kde5-nm-connection-editor
* tests/firewall-offline-cmd_test.sh: New tests for service and icmptype modifications
* firewall-offline-cmd: Use FirewallCommand for simplification and sequence options
* tests/firewall-cmd_test.sh: New tests for service and icmptype modifications
* firewall-cmd: Fixed set, remove and query destination options for services
* firewall.core.io.service: Source ports have not been checked in _check_config
OBS-URL: https://build.opensuse.org/request/show/404198
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=21
- Update to version 0.4.2
* New module to search for and change ifcfg files for interfaces
not under control of NM
* firewall_config: Enhanced messages in status bar
* firewall-config: New message window as overlay if not connected
* firewall-config: Fix sentivity of option, view menus and main
paned if not connected
* firewall-applet: Quit on SIGINT (Ctrl-C), reduced D-Bus calls,
some cleanup
* firewall-[offline]cmd: Show target in zone information
* D-Bus: Completed masquerade methods in FirewallClientZoneSettings
* Fixed log-denied rules for icmp-blocks
* Keep sorting of interfaces, services, icmp-blocks and other
settings in zones
* Fixed runtime-to-permanent not to save interfaces under control
of NM
* New icmp-block-inversion flag in the zones
* ICMP type filtering in the zones
* New services: sip, sips, managesieve
* rich rules: Allow destination action (RHBZ#1163428)
* firewall-offline-cmd: New option -q/--quiet
* firewall-[offline-]cmd: New --add-[zone,service,ipset,icmptype]-from-file
* firewall-[offline-]cmd: Fix option for setting the destination
address
* firewall-config: Fixed resizing behaviour
* New transaction model for speed ups in start, restart, stop and
other actions
* firewall-cmd: New options --load{zone,service,ipset,icmptype}-defaults
* Fixed memory leak in dbus_introspection_add_properties
* Landscape.io fixes, pylint calm downs
OBS-URL: https://build.opensuse.org/request/show/399135
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=17
- Update to version 0.4.1.2
* Install fw_nm module
* firewalld: Do not fail if log file could not be opened
* Make ipsets visible per default in firewall-config
* Fixed translations with python3
[changes in 0.4.1.1]
* Fix for broken frensh translation
[changes in 0.4.1]
* Enhancements of ipset handling
* No cleanup of ipsets using timeouts while reloading
* Only destroy conflicting ipsets
* Only use ipset types supported by the system
* Add and remove several ipset entries in one call using a file
* Reduce time frame where builtin chains are on policy DROP while reloading
* Include descriptions in --info-X calls
* Command line interface support to get and alter descriptions of zones,
* services, ipsets and icmptypes with permanent option
* Properly watch changes in combined zones
* Fix logging in rich rule forward rules
* Transformed direct.passthrough errors into warnings
* Rework of import structures
* Reduced calls to get ids for port and protocol names (RHBZ#1305434)
* Build and installation fixes by Markos Chandras
* Provide D-Bus properties in introspection data
* Fix for flaws found by landscape.io
* Fix for repeated SUGHUP
* New NetworkManager module to get and set zones of connections, used in
firewall-applet and firewall-config
* configure: Autodetect backend tools ({ip,ip6,eb}tables{,-restore}, ipset)
* Code cleanups
OBS-URL: https://build.opensuse.org/request/show/391120
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=11
