Changelog for
firewalld-test-2.1.2-131.3.noarch.rpm :
* Fri Jun 14 2024 pgajdosAATTsuse.com- remove dependency on /usr/bin/python3 using %python3_fix_shebang macro, [bsc#1212476]
* Fri May 24 2024 Dominique Leuenberger
- Keep English \'translations\' (en_US, en_GB) in the main package: do not force the lang package on plain English systems.
* Thu May 09 2024 Dirk Müller - update to 2.1.2:
* fix(policy): allow forward ports w/ to-addr for egress- zone=HOST
* fix(rich): fix range check for large rule limit
* fix(tests): fix skip detection in fw-in-container environment
* Mon Jan 29 2024 Mohd Saquib - update to 2.1.1:
* fix(offline-cmd): use family when creating ipset (64f78a9)
* fix(firewall-config): allow rich rule forwarded ports to be logged (d46ea62)
* fix(ipXtables): log forwarded ports only (07dc202)
* fix(nftables): log forwarded ports (5c26b73)
* fix(io.ipset): raise exception if entries exceed limit (a2da5fb)
* fix(policy): ipXtables: multiple policies using same zone (b6f2f09)
* fix(policy): dispatch update for active policies (7f6f0e2)
* Mon Jan 08 2024 Mohd Saquib - update to 2.1.0:
* eat(service): add DNS over QUIC (DoQ) Service (5130430)
* feat(icmp): add ICMPv6 Multicast Listener Discovery (MLD) types (dd88bbf)
* feat(fw): add ReloadPolicy option in firewalld.conf (0019371)
* feat(service): add submission service (tcp 587) (d6a9561)
* feat(service): Add alvr (3a92358)
* feat(service): add vrrp (d62fc8d) [
* Renamed patch 0002-Disable-FlushAllOnReload-option.patch to 0001-Disable-FlushAllOnReload-option.patch [
* Renamed patch firewalld-runstatedir.patch to 0002-firewalld-runstatedir.patch]
* Wed Nov 29 2023 Mohd Saquib - update to 2.0.2:
* fix(policy): runtime dispatch update if
*-zone=ANY (e8b9637)
* fix(nm): release NM client after a timeout (d534f07)
* Tue Oct 03 2023 Mohd Saquib - update to 2.0.1:
* fix(cli): all --list-all-zones output identical (d30bc61)
* fix(cli): properly show default zone attribute (ea8d9a8)
* fix(cli): properly show active attribute for zones and policies (b202403)
* fix(cli): --get-active-zones should include the default zone (dae9112)
* fix(nftables): always flush main table on start (cd20981)
* fix(runtimeToPermanent): deepcopy settings before mangling (9c53639)
* docs: fix reference to lockdown-whitelist.xml in SYNOPSIS section (1c77205)
* fix(firewall-config): escape markup stored in bindings store (c876fd0)
* fix(tests): avoid deprecated assertRaisesRegexp for assertRaisesRegex (2935119)
* fix(icmp): fix check_icmpv6_name() to use correct IPv6 names (af3c35b)
* fix(ipset): fix configuring IP range for ipsets with nftables (6a050ec)
* fix(ipset): fix configuring \"timeout\",\"maxelem\" values for ipsets with nftables (7d3340c)
* fix(core): fix exception while parsing invalid \"tcp-mss-clamp\" in policy (ff61209)
* docs(policy): fix wrong documentation of in man firewalld.policy (21026d9)- removed following patch: [- fix_list_all_zones_output.patch]
* Mon Sep 25 2023 Steve Kowalik - python3-dbus isn\'t correct either, it\'s python3-dbus-python.
* Thu Sep 21 2023 Steve Kowalik - Correct Requires, python3-slip-dbus -> python3-dbus.
* Tue Aug 22 2023 Mohd Saquib - fix(cli): all --list-all-zones output identical (boo#1213609) [+ fix_list_all_zones_output.patch]
* Sat Jun 24 2023 Mohd Saquib - update to version 2.0.0:
* This is a major release. The major version is being bumped symbolically to reflect significant changes done in commit f4d2b80 (\"fix(policy): disallow zone drifting\"). It does not contain any deliberate breaking changes.
* Complete changelog: https://github.com/firewalld/firewalld/releases/tag/v2.0.0
* Thu Jun 15 2023 Mohd Saquib - update to 1.3.3:
* fix(reload): restore policy for old backend if it changed (de85849)
* fix(io): rich: tcp mss: handle value=None (8016f10)
* fix(firewall-config): rich: set destination address (f6641a9)
* fix(policy): mixed IP families in ingress/egress (69ed4d6)
* Tue May 16 2023 Callum Farmer - Add firewalld-runstatedir.patch: change pid file location from /var/run to /run
* Tue Apr 25 2023 Mohd Saquib - update to 1.3.2:
* test(container): add centos9-stream (b7bb3d0)
* test(functions): iptables: normalize protocols to numeric values (33a1b16)
* test(functions): ip6tables: normalize opt field output (eeac39c)
* Tue Apr 18 2023 Mohd Saquib - update to 1.3.1:
* fix(fw_nm): use IP interface names for connection lookup (18c8b81)
* fix(fw_policy): raise exceptions (5ae9322)
* fix(service): include: when used with rich rule (986f0be)
* fix(nftables): rich: log: limit was not taking effect (0dc0575)
* fix(build): rpm must build all as prerequisite (6896748)
* fix: use error codes for FirewallError instances (370e5f2)
* fix(ipset): chunk entries when restoring set (8a88855)
* fix(applet): allows using KDE network connection editor (29c8ef6)
* Fri Jan 06 2023 Callum Farmer - update to 1.3.0:
* feat(service): add Warpinator
* feat(dbus): reset to default settings
* feat(service): add bareos-director bareos-filedaemon bareos-storage
* feat(policy): masquerade: allow ingress zone to have interface
* feat(service): add Nebula service
* feat(service): add Ceph Prometheus exporter
* feat(service): add OMG DDS service definition
* feat(service): add llmnr-client service
* feat(service): add ps2link service
* feat(service): add definition for syncthing-relay
* Sun Dec 04 2022 Dirk Müller - update to 1.2.2:
* fix(client): raise exception (40a473b)
* fix(nftables): raise exception (a4b82cc)
* fix(nftables): invalid conditional statement (e9ca0ad)
* fix(check_config): use on disk firewalld_conf (d141d6d)
* fix(service): llmnr: improve description (d233698)
* Revert \"feat(service): Add jellyfin service\" (ea154d5)
* Thu Nov 03 2022 Paolo Stivanin - Update to 1.2.1:
* fix(modules): don\'t error if /proc/modules is missing (a1f091d)
* fix(readme): format optional (03e61f2)
* docs: add protocols to rich and zones (191cea4)
* docs(policy): add priority attribute to rule (616ed7c)
* fix(runtimeToPermanent): errors for interfaces not in zone (6b5a70b)
* fix(failsafe): log exception on fatal failure (af1b8f0)
* fix(ipset): defer native ipset creation if nftables (ae0ded4)
* fix(nftables): drop invalid packets before zone dispatch (dc972ae)
* fix(iptables): drop invalid packets before zone dispatch (83a4608)
* fix(policies): Splitting interfaces with wildcards (3806e79)
* fix(ipset): exception on overlap checking empty set (bfe827f)
* fix(bash): fix ipset commands autocompletion (742669b)
* docs(README): fix typo (e40b100)
* fix(treewide): misc typos (d121f0c)
* fix: firewalld.conf: trim trailing whitespace (21809ed)
* Thu Sep 01 2022 Stefan Schubert - Migration to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update.
* Tue Aug 02 2022 Marcus Meissner - readd ipset buildrequires to reenable ipset support (bsc#1202043)- readd ebtables too, as there is no builtin support.
* Mon Jul 25 2022 Marcus Meissner - readd iptables requires, as docker uses iptables passthrough currently, which calls into iptables (bsc#1201836)
* Thu Jul 14 2022 Thomas Renninger - Also remove ipset, ebtables and iptables from the BuildRequires list (compare with change from 2022-03-03 - Thorsten Kukuk )
* Mon Jul 04 2022 Callum Farmer - Update to 1.2.0:
* feat(firewalld): add new --log-target parameter
* feat(service): add snmptls, snmptls-trap services
* feat(service): add IPFS service
* feat(fw): startup failsafe
* feat(service): Add kubelet-readonly
* feat(service): Add secure version of k8s controller-plane components
* feat(bash): completion of policy-related commands
* feat(service): add prometheus node-exporter
* feat(service): add Kodi JSON-RPC and EventServer services
* Wed Jun 15 2022 Stefan Schubert - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d.
* Wed Mar 30 2022 Callum Farmer - Update to 1.1.1:
* fix(build): oci: use centos:stream8 instead of ubi:8
* fix(functions): --check-config fails if direct.xml exists
* fix(build): oci: use dbus inside the container
* docs(README): add note about container host integration
* docs: typo fixes
* Fri Mar 18 2022 Witek Bedyk - Provide dummy firewalld-prometheus-config package (bsc#1197042)
* Mon Mar 07 2022 Martin Wilck - Add code for safe modprobe.d migration (https://en.opensuse.org/openSUSE:Packaging_UsrEtc)
* Fri Mar 04 2022 Martin Wilck - Always own %_modprobedir (bsc#1196275, jsc#SLE-20639)
* Thu Mar 03 2022 Thorsten Kukuk - Fix modprobe.d directory for SLE15 SP3- Cleanup dependencies: - ipset, ebtables and iptables are purely optional and deprecated, so don\'t require them - sysconfig is not needed at all - Don\'t hard require systemd, we don\'t have and need that in containers
* Sat Feb 26 2022 Callum Farmer - Update to 1.1.0:
* feat(service): Add jellyfin service
* feat(policy): support OUTPUT forward ports
* feat: config check improvements
* feat(service): add http3
* feat(service): add service definition for WS-Discovery Client
* feat(service): add service definition for WS-Discovery
* feat(service): add service definition for AFP
* feat(rich): Support nflog target and add log attribute errors/checks
* feat(service): add ZeroTier service
* Fri Jan 14 2022 Callum Farmer - Update to 1.0.3:
* fix(io): _check_config() expects a dict
* feat(build): distribute an OCI container image
* fix(ipset): reduce cost of entry overlap detection
* Thu Nov 18 2021 Michał Rostecki - Update to 1.0.2:
* fix(firewalld): check capng_apply() return code
* fix(nftables): do not log icmp block if inversion
* fix(nftables): rich: source address with netmask
* fix(fw_config): zone: on rename remove then add
* fix(io/functions): check_config against on disk conf
* fix(zone): detect same source/interface in zones
* docs(policy): fix typos
* docs(policies): fix typos
* Sat Sep 25 2021 Callum Farmer - Update to 1.0.1:
* keep linux capability CAP_SYS_MODULE
* UPnP Client: actually allow SSDP traffic
* Fix RPM macros to test if firewall-cmd is executable
* Sat Aug 07 2021 Callum Farmer - Update to 1.0.0:
* Reduced dependencies
* Intra-zone forwarding by default
* NAT rules moved to inet family (reduced rule set)
* Default target is now similar to reject
* ICMP blocks and block inversion only apply to input, not forward
* tftp-client service has been removed
* iptables backend is deprecated
* Direct interface is deprecated
* CleanupModulesOnExit defaults to no (kernel modules not unloaded)- Add new firewalld-test package- Move bash and zsh completions to more useful separate packages- Clean spec file- Move modprobe.d and autostart files out of /etc
* Wed Apr 07 2021 Michał Rostecki - Remove dependency on firewalld from firewall-macros (bsc#1183404)
* Tue Jan 26 2021 Michał Rostecki - Disable FlushAllOnReload option to not retain interface to zone assignments and direct rules when using --reload option.
* 0002-Disable-FlushAllOnReload-option.patch
* Mon Jan 25 2021 Michał Rostecki - Update to 0.9.3 (jsc#SLE-17336):
* docs(dbus): fix invalid method names
* fix(forward): iptables: ipset used as zone source
* fix(rich): non-printable characters removed from rich rules
* docs(firewall-cmd): small description grammar fix
* fix(rich): limit table to strip non-printables to C0 and C1
* fix(zone): add source with mac address
* Thu Jan 14 2021 Robert Frohl - Add dependency for firewall-offline-cmd (bsc#1180883)