SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for firewalld-test-1.3.0-3.1.noarch.rpm :

* Fri Jan 06 2023 Callum Farmer - update to 1.3.0:
* feat(service): add Warpinator
* feat(dbus): reset to default settings
* feat(service): add bareos-director bareos-filedaemon bareos-storage
* feat(policy): masquerade: allow ingress zone to have interface
* feat(service): add Nebula service
* feat(service): add Ceph Prometheus exporter
* feat(service): add OMG DDS service definition
* feat(service): add llmnr-client service
* feat(service): add ps2link service
* feat(service): add definition for syncthing-relay
* Sun Dec 04 2022 Dirk Müller - update to 1.2.2:
* fix(client): raise exception (40a473b)
* fix(nftables): raise exception (a4b82cc)
* fix(nftables): invalid conditional statement (e9ca0ad)
* fix(check_config): use on disk firewalld_conf (d141d6d)
* fix(service): llmnr: improve description (d233698)
* Revert \"feat(service): Add jellyfin service\" (ea154d5)
* Thu Nov 03 2022 Paolo Stivanin - Update to 1.2.1:
* fix(modules): don\'t error if /proc/modules is missing (a1f091d)
* fix(readme): format optional (03e61f2)
* docs: add protocols to rich and zones (191cea4)
* docs(policy): add priority attribute to rule (616ed7c)
* fix(runtimeToPermanent): errors for interfaces not in zone (6b5a70b)
* fix(failsafe): log exception on fatal failure (af1b8f0)
* fix(ipset): defer native ipset creation if nftables (ae0ded4)
* fix(nftables): drop invalid packets before zone dispatch (dc972ae)
* fix(iptables): drop invalid packets before zone dispatch (83a4608)
* fix(policies): Splitting interfaces with wildcards (3806e79)
* fix(ipset): exception on overlap checking empty set (bfe827f)
* fix(bash): fix ipset commands autocompletion (742669b)
* docs(README): fix typo (e40b100)
* fix(treewide): misc typos (d121f0c)
* fix: firewalld.conf: trim trailing whitespace (21809ed)
* Thu Sep 01 2022 Stefan Schubert - Migration to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update.
* Tue Aug 02 2022 Marcus Meissner - readd ipset buildrequires to reenable ipset support (bsc#1202043)- readd ebtables too, as there is no builtin support.
* Mon Jul 25 2022 Marcus Meissner - readd iptables requires, as docker uses iptables passthrough currently, which calls into iptables (bsc#1201836)
* Thu Jul 14 2022 Thomas Renninger - Also remove ipset, ebtables and iptables from the BuildRequires list (compare with change from 2022-03-03 - Thorsten Kukuk )
* Mon Jul 04 2022 Callum Farmer - Update to 1.2.0:
* feat(firewalld): add new --log-target parameter
* feat(service): add snmptls, snmptls-trap services
* feat(service): add IPFS service
* feat(fw): startup failsafe
* feat(service): Add kubelet-readonly
* feat(service): Add secure version of k8s controller-plane components
* feat(bash): completion of policy-related commands
* feat(service): add prometheus node-exporter
* feat(service): add Kodi JSON-RPC and EventServer services
* Wed Jun 15 2022 Stefan Schubert - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d.
* Wed Mar 30 2022 Callum Farmer - Update to 1.1.1:
* fix(build): oci: use centos:stream8 instead of ubi:8
* fix(functions): --check-config fails if direct.xml exists
* fix(build): oci: use dbus inside the container
* docs(README): add note about container host integration
* docs: typo fixes
* Fri Mar 18 2022 Witek Bedyk - Provide dummy firewalld-prometheus-config package (bsc#1197042)
* Mon Mar 07 2022 Martin Wilck - Add code for safe modprobe.d migration (https://en.opensuse.org/openSUSE:Packaging_UsrEtc)
* Fri Mar 04 2022 Martin Wilck - Always own %_modprobedir (bsc#1196275, jsc#SLE-20639)
* Thu Mar 03 2022 Thorsten Kukuk - Fix modprobe.d directory for SLE15 SP3- Cleanup dependencies: - ipset, ebtables and iptables are purely optional and deprecated, so don\'t require them - sysconfig is not needed at all - Don\'t hard require systemd, we don\'t have and need that in containers
* Sat Feb 26 2022 Callum Farmer - Update to 1.1.0:
* feat(service): Add jellyfin service
* feat(policy): support OUTPUT forward ports
* feat: config check improvements
* feat(service): add http3
* feat(service): add service definition for WS-Discovery Client
* feat(service): add service definition for WS-Discovery
* feat(service): add service definition for AFP
* feat(rich): Support nflog target and add log attribute errors/checks
* feat(service): add ZeroTier service
* Fri Jan 14 2022 Callum Farmer - Update to 1.0.3:
* fix(io): _check_config() expects a dict
* feat(build): distribute an OCI container image
* fix(ipset): reduce cost of entry overlap detection
* Thu Nov 18 2021 Michał Rostecki - Update to 1.0.2:
* fix(firewalld): check capng_apply() return code
* fix(nftables): do not log icmp block if inversion
* fix(nftables): rich: source address with netmask
* fix(fw_config): zone: on rename remove then add
* fix(io/functions): check_config against on disk conf
* fix(zone): detect same source/interface in zones
* docs(policy): fix typos
* docs(policies): fix typos
* Sat Sep 25 2021 Callum Farmer - Update to 1.0.1:
* keep linux capability CAP_SYS_MODULE
* UPnP Client: actually allow SSDP traffic
* Fix RPM macros to test if firewall-cmd is executable
* Sat Aug 07 2021 Callum Farmer - Update to 1.0.0:
* Reduced dependencies
* Intra-zone forwarding by default
* NAT rules moved to inet family (reduced rule set)
* Default target is now similar to reject
* ICMP blocks and block inversion only apply to input, not forward
* tftp-client service has been removed
* iptables backend is deprecated
* Direct interface is deprecated
* CleanupModulesOnExit defaults to no (kernel modules not unloaded)- Add new firewalld-test package- Move bash and zsh completions to more useful separate packages- Clean spec file- Move modprobe.d and autostart files out of /etc
* Wed Apr 07 2021 Michał Rostecki - Remove dependency on firewalld from firewall-macros (bsc#1183404)
* Tue Jan 26 2021 Michał Rostecki - Disable FlushAllOnReload option to not retain interface to zone assignments and direct rules when using --reload option.
* 0002-Disable-FlushAllOnReload-option.patch
* Mon Jan 25 2021 Michał Rostecki - Update to 0.9.3 (jsc#SLE-17336):
* docs(dbus): fix invalid method names
* fix(forward): iptables: ipset used as zone source
* fix(rich): non-printable characters removed from rich rules
* docs(firewall-cmd): small description grammar fix
* fix(rich): limit table to strip non-printables to C0 and C1
* fix(zone): add source with mac address
* Thu Jan 14 2021 Robert Frohl - Add dependency for firewall-offline-cmd (bsc#1180883)
* Mon Nov 09 2020 Michał Rostecki - Remove the patch which enforces usage of iptables instead of nftables (jsc#SLE-16300):
* 0001-firewall-backend-Switch-default-backend-to-iptables.patch- Add firewalld zone for the docker0 interface. This is the workaround for lack of nftables support in docker. Without that additional zone, containers have no Internet connectivity. (rhbz#1817022, jsc#SLE-16300)- Update to 0.9.1:
* Bugfixes:
* docs(firewall-cmd): clarify lockdown whitelist command paths
* fix(dbus): getActivePolicies shouldn\'t return a policy if a zone is not active
* fix(policy): zone interface/source changes should affect all using zone
* Fri Sep 11 2020 Franck Bui - Make use of %service_del_postun_without_restart And stop using DISABLE_RESTART_ON_UPDATE as this interface is obsolete.
* Wed Sep 09 2020 Michał Rostecki - Add python3-nftables as a requirement.
* Fri Sep 04 2020 Callum Farmer - update to 0.9.0:
* New major features
* prevention of Zone Drifting
* Intra Zone Forwarding
* Policy Objects
* For a full list of changes, see https://github.com/firewalld/firewalld/compare/v0.8.0...v0.9.0
* Sun Aug 16 2020 Dirk Mueller - update to 0.8.3:
* nftables: convert to libnftables JSON interface
* service: new “helper” element to replace “module” More accurately represents the conntrack helper. Deprecates “module”.
* allow custom helpers using standard helper modules (rhbz 1733066)
* testsuite is now shipped in the dist tarball
* Typo in firewall-config(1)
* Fix typo in TFTP service description
* doc: README: add note about language translations
* fix: rich: source/dest only matching with mark action
* feat: AllowZoneDrifting config option
* feat: nftables: support AllowZoneDrifting=yes
* feat: ipXtables: support AllowZoneDrifting=yes
* fix: firewall-offline-cmd: Don’t print warning about AllowZoneDrifting
* fix: add logrotate policy
* doc: direct: add CAVEATS section
* fix: checkIP6: strip leading/trailing square brackets
* fix: nftables: remove square brackets from IPv6 addresses
* fix: ipXtables: remove square brackets from IPv6 addresses
* fix: nftables: ipset types using “port”
* fix: nftables: zone dispatch with multidimensional ipsets
* fix: ipset: destroy runtime sets on reload/stop
* fix: port: support querying sub ranges
* fix: source_port: support querying sub ranges
* doc: specify accepted characters for object names
* fix: doc: address copy/paste mistakes in short/description
* fix: configure: atlocal: quote variable values
* fix: nftables: allow set intervals with concatenations
* doc: clarify –set-target values “default” vs “reject”
* fix: update dynamic DCE RPC ports in freeipa-trust service
* fix: nftables: ipset: port ranges for non-default protocols
* fix(systemd): Conflict with nftables.service
* fix(direct): rule in a zone chain
* fix(client): addService needs to reduce tuple size
* fix(doc): dbus: signatures for zone tuple based APIs
* fix(config): bool values in dict based import/export
* fix(dbus): service: don’t cleanup config for old set APIs
* fix(ipset): flush the set if IndividiualCalls=yes
* fix(firewall-offline-cmd): remove instances of “[P]” in help text
* fix(rich): source mac with nftables backend
* docs: replace occurrences of the term blacklist with denylist
* fix: core: rich: Catch ValueError on non-numeric priority values
* docs(README): add libxslt for doc generation
* fix(cli): add –zone is an invalid option with –direct
* fix(cli): add ipset type hash:mac is incompatible with the family parameter
* Wed Aug 12 2020 mrosteckiAATTsuse.com- Update to version 0.7.5 (jsc#SLE-12281):
* release: v0.7.5
* chore(translation): merge from master
* fix(cli): add ipset type hash:mac is incompatible with the family parameter Fixes: rhbz1541077
* test(rhbz1483921): better test name
* fix(cli): add --zone is an invalid option with --direct
* fix: core: rich: Catch ValueError on non-numeric priority values
* fix: update dynamic DCE RPC ports in freeipa-trust service
* docs: replace occurrences of the term blacklist with denylist
* docs(README): add libxslt for doc generation
* test(rich): source mac with nftables backend
* fix(firewall-offline-cmd): remove instances of \"[P]\" in help text
* test(check-container): add support for centos8 stream
* test(functions): use IndividualCalls if host doesn\'t support nft rule index
* test(functions): add macro IF_HOST_SUPPORTS_NFT_RULE_INDEX
* test(dbus): better way to check IPv6_rpfilter expected value
* fix(ipset): flush the set if IndividiualCalls=yes
* test(ipv6): skip square bracket address tests if ipv6 not available
* test(gh509): only run test for nftables backend
* fix(dbus): service: don\'t cleanup config for old set APIs
* fix(config): bool values in dict based import/export
* fix(doc): dbus: signatures for zone tuple based APIs
* test(dbus): zone: fix zone runtime functional test title
* test(dbus): zone: fix false failure due to list order
* fix(client): addService needs to reduce tuple size
* test(direct): rule in a zone chain
* fix(direct): rule in a zone chain
* test(dbus): zone: verify runtime config APIs
* test(dbus): zone: verify permanent config APIs
* fix(systemd): Conflict with nftables.service
* fix: test/regression/gh599: use expr to be more portable
* test: dbus: zone: verify runtime config API signatures
* test: dbus: zone: verify permanent config API signatures
* fix: test/regression/gh599: fix if not using debug output
* test: log: verify logging still works after truncate
* test: ipset: verify port ranges for non-default protocol
* Fri Apr 03 2020 Mathias Homann - Update to 0.7.4 This is a bug fix only release. However, it does reintroduce the zone drifting bug as a feature. See #258 and #441. This behavior is disabled by default.
* improvement: build: add an option to disable building documentation
* Typo in firewall-config(1)
* Fix typo in TFTP service description
* doc: README: add note about language translations
* fix: rich: source/dest only matching with mark action
* feat: AllowZoneDrifting config option
* feat: nftables: support AllowZoneDrifting=yes
* feat: ipXtables: support AllowZoneDrifting=yes
* fix: firewall-offline-cmd: Don\'t print warning about AllowZoneDrifting
* fix: add logrotate policy
* fix: tests: regenerate testsuite if .../{cli,python}/
*.at changes
* doc: direct: add CAVEATS section
* fix: checkIP6: strip leading/trailing square brackets
* fix: nftables: remove square brackets from IPv6 addresses
* fix: ipXtables: remove square brackets from IPv6 addresses
* fix: nftables: zone dispatch with multidimensional ipsets
* fix: ipset: destroy runtime sets on reload/stop
* fix: port: support querying sub ranges
* fix: source_port: support querying sub ranges
* doc: specify accepted characters for object names
* fix: doc: address copy/paste mistakes in short/description
* fix: configure: atlocal: quote variable values
* fix: nftables: allow set intervals with concatenations
* doc: clarify --set-target values \"default\" vs \"reject\"
* Sun Mar 08 2020 hpjAATTurpla.net- Update to version 0.7.3:
* release: v0.7.3
* chore: update translations
* doc: README: add note about integration tests
* test: check-container: also run check-integration
* test: integration: NM zone overrides interface on reload
* test: build: support integration tests
* test: functions: add macro NMCLI_CHECK
* test: functions: new macros for starting/stopping NetworkManager
* fix: test: leave \"cleanup\" for tests cases
* test: check-container: add support for fedora rawhide
* test: check-container: add support for debian sid
* test: build: add support for running in containers
* fix: test/functions: FWD_END_TEST: improve grep for errors/warnings
* fix: test: direct passthrough: no need to check for dummy module
* fix: test: CHECK_NAT_COEXISTENCE: only check for kernel version
* fix: reload: let NM interface assignments override permanent config
* chore: tests: rename IF_IPV6_SUPPORTED to IF_HOST_SUPPORTS_IPV6_RULES
* fix: tests: convert host ipv6 checks to runtime
* fix: tests: convert ip6tables checks to runtime
* fix: tests: convert probe of nft numeric args to runtime
* fix: tests: convert nftables fib checks to runtime
* fix: build: distribute testsuite
* fix: don\'t probe for available kernel modules
* fix: failure to load modules no longer fatal
* fix: tests/functions: canonicalize XML output
* chore: doc: update authors
* fix: test: use debug output based on autotest variable
* fix: src/tests/Makefile: distclean should clean atconfig
* Tue Feb 04 2020 Bjørn Lie - No longer recommend -lang: supplements are in use.
  
ICM