2011-01-07 15:38:25 +00:00
|
|
|
Summary: A firewall daemon with D-BUS interface providing a dynamic firewall
|
|
|
|
Name: firewalld
|
2013-03-20 17:04:20 +00:00
|
|
|
Version: 0.3.0
|
|
|
|
Release: 1%{?dist}
|
2011-01-07 15:38:25 +00:00
|
|
|
URL: http://fedorahosted.org/firewalld
|
|
|
|
License: GPLv2+
|
|
|
|
ExclusiveOS: Linux
|
|
|
|
Group: System Environment/Base
|
|
|
|
BuildArch: noarch
|
|
|
|
Source0: https://fedorahosted.org/released/firewalld/%{name}-%{version}.tar.bz2
|
2012-08-28 18:56:29 +00:00
|
|
|
%if 0%{?fedora} > 17
|
2012-08-07 11:25:11 +00:00
|
|
|
Patch0: firewalld-0.2.6-MDNS-default.patch
|
2012-08-28 18:56:29 +00:00
|
|
|
%endif
|
2011-01-07 15:38:25 +00:00
|
|
|
BuildRequires: desktop-file-utils
|
|
|
|
BuildRequires: gettext
|
|
|
|
BuildRequires: intltool
|
2012-02-07 11:05:54 +00:00
|
|
|
# glib2-devel is needed for gsettings.m4
|
|
|
|
BuildRequires: glib2, glib2-devel
|
2011-09-09 18:52:24 +00:00
|
|
|
BuildRequires: systemd-units
|
2012-02-06 23:32:16 +00:00
|
|
|
Requires: dbus-python
|
|
|
|
Requires: python-slip-dbus >= 0.2.7
|
2012-08-07 11:25:11 +00:00
|
|
|
Requires: python-decorator
|
2013-01-14 14:29:15 +00:00
|
|
|
%if 0%{?fedora} > 17
|
2012-12-13 16:13:52 +00:00
|
|
|
Requires: pygobject3-base
|
2013-01-14 14:29:15 +00:00
|
|
|
%else
|
|
|
|
Requires: pygobject3
|
|
|
|
%endif
|
2012-02-06 23:32:16 +00:00
|
|
|
Requires: iptables, ebtables
|
|
|
|
Requires(post): chkconfig
|
|
|
|
Requires(preun): chkconfig
|
2011-09-09 18:52:24 +00:00
|
|
|
Requires(post): systemd-sysv
|
|
|
|
Requires(post): systemd-units
|
|
|
|
Requires(preun): systemd-units
|
|
|
|
Requires(postun): systemd-units
|
2011-01-07 15:38:25 +00:00
|
|
|
|
|
|
|
%description
|
|
|
|
firewalld is a firewall service daemon that provides a dynamic customizable
|
|
|
|
firewall with a D-BUS interface.
|
|
|
|
|
|
|
|
%package -n firewall-applet
|
|
|
|
Summary: Firewall panel applet
|
|
|
|
Group: System Environment/Base
|
|
|
|
Requires: %{name} = %{version}-%{release}
|
2012-08-07 11:25:11 +00:00
|
|
|
Requires: firewall-config = %{version}-%{release}
|
2011-01-07 15:38:25 +00:00
|
|
|
Requires: hicolor-icon-theme
|
2012-04-20 19:16:48 +00:00
|
|
|
Requires: gtk3
|
2013-01-14 14:29:15 +00:00
|
|
|
%if 0%{?fedora} > 17
|
2012-12-13 16:13:52 +00:00
|
|
|
Requires: pygobject3-base
|
2013-01-14 14:29:15 +00:00
|
|
|
%else
|
|
|
|
Requires: pygobject3
|
|
|
|
%endif
|
2011-01-07 15:38:25 +00:00
|
|
|
|
|
|
|
%description -n firewall-applet
|
|
|
|
The firewall panel applet provides a status information of firewalld and also
|
|
|
|
the firewall settings.
|
|
|
|
|
2012-08-07 11:25:11 +00:00
|
|
|
%package -n firewall-config
|
|
|
|
Summary: Firewall configuration application
|
|
|
|
Group: System Environment/Base
|
|
|
|
Requires: %{name} = %{version}-%{release}
|
|
|
|
Requires: hicolor-icon-theme
|
2012-12-13 16:13:52 +00:00
|
|
|
Requires: gtk3
|
2013-01-14 14:29:15 +00:00
|
|
|
%if 0%{?fedora} > 17
|
2012-12-13 16:13:52 +00:00
|
|
|
Requires: pygobject3-base
|
2013-01-14 14:29:15 +00:00
|
|
|
%else
|
|
|
|
Requires: pygobject3
|
|
|
|
%endif
|
2012-08-07 11:25:11 +00:00
|
|
|
|
|
|
|
%description -n firewall-config
|
|
|
|
The firewall configuration application provides an configuration interface for
|
|
|
|
firewalld.
|
2011-01-07 15:38:25 +00:00
|
|
|
|
|
|
|
%prep
|
|
|
|
%setup -q
|
2012-08-28 18:56:29 +00:00
|
|
|
%if 0%{?fedora} > 17
|
2012-08-07 11:36:56 +00:00
|
|
|
%patch0 -p1
|
2012-08-28 18:56:29 +00:00
|
|
|
%endif
|
2011-01-07 15:38:25 +00:00
|
|
|
|
|
|
|
%build
|
2012-02-07 11:05:54 +00:00
|
|
|
%configure --with-systemd-unitdir=%{_unitdir}
|
2011-01-07 15:38:25 +00:00
|
|
|
|
|
|
|
%install
|
2012-02-06 23:32:16 +00:00
|
|
|
make install DESTDIR=%{buildroot}
|
2011-09-09 18:52:24 +00:00
|
|
|
|
2011-01-07 15:38:25 +00:00
|
|
|
desktop-file-install --delete-original \
|
|
|
|
--dir %{buildroot}%{_datadir}/applications \
|
|
|
|
%{buildroot}%{_datadir}/applications/firewall-applet.desktop
|
2012-08-07 11:25:11 +00:00
|
|
|
desktop-file-install --delete-original \
|
|
|
|
--dir %{buildroot}%{_datadir}/applications \
|
|
|
|
%{buildroot}%{_datadir}/applications/firewall-config.desktop
|
2011-01-07 15:38:25 +00:00
|
|
|
|
|
|
|
%find_lang %{name} --all-name
|
|
|
|
|
|
|
|
%post
|
2012-09-07 15:44:38 +00:00
|
|
|
%systemd_post firewalld.service
|
2011-01-07 15:38:25 +00:00
|
|
|
|
|
|
|
%preun
|
2012-09-07 15:44:38 +00:00
|
|
|
%systemd_preun firewalld.service
|
2011-01-07 15:38:25 +00:00
|
|
|
|
|
|
|
%postun
|
2012-09-07 15:44:38 +00:00
|
|
|
%systemd_postun_with_restart firewalld.service
|
|
|
|
|
2011-01-07 15:38:25 +00:00
|
|
|
|
2012-02-06 23:32:16 +00:00
|
|
|
%triggerun -- firewalld < 0.1.3-3
|
2011-09-09 18:52:24 +00:00
|
|
|
# Save the current service runlevel info
|
|
|
|
# User must manually run systemd-sysv-convert --apply firewalld
|
|
|
|
# to migrate them to systemd targets
|
|
|
|
/usr/bin/systemd-sysv-convert --save firewalld >/dev/null 2>&1 ||:
|
|
|
|
|
|
|
|
# Run these because the SysV package being removed won't do them
|
|
|
|
/sbin/chkconfig --del firewalld >/dev/null 2>&1 || :
|
|
|
|
/bin/systemctl try-restart firewalld.service >/dev/null 2>&1 || :
|
|
|
|
|
2012-03-06 12:56:05 +00:00
|
|
|
%post -n firewall-applet
|
2013-01-22 16:17:55 +00:00
|
|
|
/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || :
|
2012-03-06 12:56:05 +00:00
|
|
|
|
|
|
|
%postun -n firewall-applet
|
|
|
|
if [ $1 -eq 0 ] ; then
|
2013-01-22 16:17:55 +00:00
|
|
|
/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null
|
|
|
|
/usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
|
|
|
|
/usr/bin/glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
|
2012-03-06 12:56:05 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
%posttrans -n firewall-applet
|
2013-01-22 16:17:55 +00:00
|
|
|
/usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
|
2012-02-07 11:05:54 +00:00
|
|
|
/usr/bin/glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
|
|
|
|
|
2011-01-07 15:38:25 +00:00
|
|
|
|
2013-01-22 16:17:55 +00:00
|
|
|
%post -n firewall-config
|
|
|
|
/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || :
|
|
|
|
|
|
|
|
%postun -n firewall-config
|
|
|
|
if [ $1 -eq 0 ] ; then
|
|
|
|
/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null
|
|
|
|
/usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
|
|
|
|
fi
|
|
|
|
|
|
|
|
%posttrans -n firewall-config
|
|
|
|
/usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
|
|
|
|
|
2011-01-07 15:38:25 +00:00
|
|
|
%files -f %{name}.lang
|
|
|
|
%doc COPYING
|
|
|
|
%{_sbindir}/firewalld
|
|
|
|
%{_bindir}/firewall-cmd
|
2012-10-17 15:16:19 +00:00
|
|
|
%{_bindir}/firewall-offline-cmd
|
2013-03-20 17:04:20 +00:00
|
|
|
%dir %{_sysconfdir}/bash_completion.d
|
|
|
|
%{_sysconfdir}/bash_completion.d/firewall-cmd-bash-completion.sh
|
2012-02-06 23:32:16 +00:00
|
|
|
%defattr(0640,root,root)
|
2012-03-06 12:56:05 +00:00
|
|
|
%attr(0750,root,root) %dir %{_prefix}/lib/firewalld
|
|
|
|
%attr(0750,root,root) %dir %{_prefix}/lib/firewalld/icmptypes
|
|
|
|
%attr(0750,root,root) %dir %{_prefix}/lib/firewalld/services
|
|
|
|
%attr(0750,root,root) %dir %{_prefix}/lib/firewalld/zones
|
|
|
|
%{_prefix}/lib/firewalld/icmptypes/*.xml
|
|
|
|
%{_prefix}/lib/firewalld/services/*.xml
|
|
|
|
%{_prefix}/lib/firewalld/zones/*.xml
|
2012-02-06 23:32:16 +00:00
|
|
|
%attr(0750,root,root) %dir %{_sysconfdir}/firewalld
|
2012-03-06 12:56:05 +00:00
|
|
|
%config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf
|
2013-03-20 17:04:20 +00:00
|
|
|
%config(noreplace) %{_sysconfdir}/firewalld/lockdown-whitelist.xml
|
2012-02-06 23:32:16 +00:00
|
|
|
%attr(0750,root,root) %dir %{_sysconfdir}/firewalld/icmptypes
|
|
|
|
%attr(0750,root,root) %dir %{_sysconfdir}/firewalld/services
|
|
|
|
%attr(0750,root,root) %dir %{_sysconfdir}/firewalld/zones
|
|
|
|
%defattr(0644,root,root)
|
2011-01-07 15:38:25 +00:00
|
|
|
%config(noreplace) %{_sysconfdir}/sysconfig/firewalld
|
2012-02-06 23:32:16 +00:00
|
|
|
#%attr(0755,root,root) %{_initrddir}/firewalld
|
2011-09-09 18:52:24 +00:00
|
|
|
%{_unitdir}/firewalld.service
|
2011-01-07 15:38:25 +00:00
|
|
|
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/FirewallD.conf
|
- firewall-cmd: several changes and fixes
- code cleanup
- fixed icmp protocol used for ipv6 (rhbz#801182)
- added and fixed some comments
- properly restore zone settings, timeout is always set, check for 0
- some FirewallError exceptions were actually not raised
- do not REJECT in each zone
- removeInterface() don't require zone
- new tests in firewall-test script
- dbus_to_python() was ignoring certain values
- added functions for the direct interface: chains, rules, passthrough
- fixed inconsistent data after reload
- some fixes for the direct interface: priority positions are bound to ipv,
table and chain
- added support for direct interface in firewall-cmd:
- added isImmutable(zone) to zone D-Bus interface
- renamed policy file
- enhancements for error messages, enables output for direct.passthrough
- added allow_any to firewald policies, using at leas auth_admin for policies
- replaced ENABLE_FAILED, DISABLE_FAILED, ADD_FAILED and REMOVE_FAILED by
COMMAND_FAILED, resorted error codes
- new firewalld configuration setting CleanupOnExit
- enabled polkit again, found a fix for property problem with slip.dbus.service
- added dhcpv6-client to 'public' (the default) and to 'internal' zones.
- fixed missing settings form zone config files in
"firewall-cmd --list=all --zone=<zone>" call
- added list functions for services and icmptypes, added --list=services and
--list=icmptypes to firewall-cmd
2012-03-15 21:36:11 +00:00
|
|
|
%{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
|
2012-02-06 23:32:16 +00:00
|
|
|
%attr(0755,root,root) %dir %{python_sitelib}/firewall
|
|
|
|
%attr(0755,root,root) %dir %{python_sitelib}/firewall/config
|
|
|
|
%attr(0755,root,root) %dir %{python_sitelib}/firewall/core
|
|
|
|
%attr(0755,root,root) %dir %{python_sitelib}/firewall/core/io
|
|
|
|
%attr(0755,root,root) %dir %{python_sitelib}/firewall/server
|
|
|
|
%{python_sitelib}/firewall/*.py*
|
|
|
|
%{python_sitelib}/firewall/config/*.py*
|
|
|
|
%{python_sitelib}/firewall/core/*.py*
|
|
|
|
%{python_sitelib}/firewall/core/io/*.py*
|
|
|
|
%{python_sitelib}/firewall/server/*.py*
|
2012-04-20 19:26:55 +00:00
|
|
|
%{_mandir}/man1/firewall*.1*
|
|
|
|
%{_mandir}/man5/firewall*.5*
|
2011-01-07 15:38:25 +00:00
|
|
|
|
|
|
|
%files -n firewall-applet
|
|
|
|
%{_bindir}/firewall-applet
|
|
|
|
%defattr(0644,root,root)
|
|
|
|
%{_datadir}/applications/firewall-applet.desktop
|
|
|
|
%{_datadir}/icons/hicolor/*/apps/firewall-applet*.*
|
2012-02-06 23:32:16 +00:00
|
|
|
%{_datadir}/glib-2.0/schemas/org.fedoraproject.FirewallApplet.gschema.xml
|
2011-01-07 15:38:25 +00:00
|
|
|
|
2012-08-07 11:25:11 +00:00
|
|
|
%files -n firewall-config
|
|
|
|
%{_bindir}/firewall-config
|
|
|
|
%defattr(0644,root,root)
|
2012-08-13 11:38:11 +00:00
|
|
|
%{_datadir}/firewalld/firewall-config.glade
|
2012-09-07 15:44:38 +00:00
|
|
|
%{_datadir}/firewalld/gtk3_chooserbutton.py*
|
2012-08-07 11:25:11 +00:00
|
|
|
%{_datadir}/applications/firewall-config.desktop
|
2012-08-13 11:38:11 +00:00
|
|
|
%{_datadir}/icons/hicolor/*/apps/firewall-config*.*
|
2011-01-07 15:38:25 +00:00
|
|
|
|
|
|
|
%changelog
|
2013-03-20 17:04:20 +00:00
|
|
|
* Wed Mar 20 2013 Thomas Woerner <twoerner@redhat.com> 0.3.0-1
|
|
|
|
- Added rich language support
|
|
|
|
- Added lockdown feature
|
|
|
|
- Allow to bind interfaces and sources to zones permanently
|
|
|
|
- Enabled IPv6 NAT support
|
|
|
|
masquerading and port/packet forwarding for IPv6 only with rich language
|
|
|
|
- Handle polkit errors in client class and firewall-config
|
|
|
|
- Added priority description for --direct --add-rule in firewall-cmd man page
|
|
|
|
- Add XML Schemas for zones/services/icmptypes XMLs
|
|
|
|
- Don't keep file descriptors open when forking
|
|
|
|
- Introduce --nopid option for firewalld
|
|
|
|
- New FORWARD_IN_ZONES and FORWARD_OUT_ZONES chains (RHBZ#912782)
|
|
|
|
- Update cluster-suite service (RHBZ#885257)
|
|
|
|
- firewall-cmd: rename --enable/disable-panic to --panic-on/off (RHBZ#874912)
|
|
|
|
- Fix interaction problem of changed event of gtk combobox with polkit-kde
|
|
|
|
by processing all remaining events (RHBZ#915892)
|
|
|
|
- Stop default zone rules being applied to all zones (RHBZ#912782)
|
|
|
|
- Firewall.start(): don't call set_default_zone()
|
|
|
|
- Add wiki's URL to firewalld(1) and firewall-cmd(1) man pages
|
|
|
|
- firewalld-cmd: make --state verbose (RHBZ#886484)
|
|
|
|
- improve firewalld --help (RHBZ#910492)
|
|
|
|
- firewall-cmd: --add/remove-* can be used multiple times (RHBZ#879834)
|
|
|
|
- Continue loading zone in case of wrong service/port etc. (RHBZ#909466)
|
|
|
|
- Check also services and icmptypes in Zone() (RHBZ#909466)
|
|
|
|
- Increase the maximum length of the port forwarding fields from 5 to 11 in
|
|
|
|
firewall-config
|
|
|
|
- firewall-cmd: add usage to fail message
|
|
|
|
- firewall-cmd: redefine usage to point to man page
|
|
|
|
- firewall-cmd: fix visible problems with arg. parsing
|
|
|
|
- Use argparse module for parsing command line options and arguments
|
|
|
|
- firewall-cmd.1: better clarify where to find ACTIONs
|
|
|
|
- firewall-cmd Bash completion
|
|
|
|
- firewall-cmd.1: comment --zone=<zone> usage and move some options
|
|
|
|
- Use zone's target only in %s_ZONES chains
|
|
|
|
- default zone in firewalld.conf was set to public with every restart (#902845)
|
|
|
|
- man page cleanup
|
|
|
|
- code cleanup
|
|
|
|
|
2013-03-07 09:54:22 +00:00
|
|
|
* Thu Mar 07 2013 Jiri Popelka <jpopelka@redhat.com> - 0.2.12-5
|
2013-03-07 09:52:21 +00:00
|
|
|
- Another fix for RHBZ#912782
|
|
|
|
|
2013-02-20 15:04:58 +00:00
|
|
|
* Wed Feb 20 2013 Jiri Popelka <jpopelka@redhat.com> - 0.2.12-4
|
2013-02-20 15:03:09 +00:00
|
|
|
- Stop default zone rules being applied to all zones (RHBZ#912782)
|
|
|
|
|
2013-02-13 21:42:28 +00:00
|
|
|
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2.12-3
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
|
|
|
|
2013-01-22 16:17:55 +00:00
|
|
|
* Tue Jan 22 2013 Jiri Popelka <jpopelka@redhat.com> - 0.2.12-2
|
|
|
|
- Default zone in firewalld.conf was reseted with every restart (RHBZ#902845)
|
|
|
|
- Add icon cache related scriptlets for firewall-config (RHBZ#902680)
|
|
|
|
- Fix typo in firewall-config (RHBZ#895812)
|
|
|
|
|
2013-01-14 14:29:15 +00:00
|
|
|
* Mon Jan 14 2013 Thomas Woerner <twoerner@redhat.com> 0.2.12-1
|
|
|
|
- firewall-cmd: use -V instead of -v for version info (RHBZ#886477)
|
|
|
|
- firewall-cmd: don't check reload()'s return value (RHBZ#886461)
|
|
|
|
- actually install firewalld.zones.5
|
|
|
|
- firewall-config: treat exceptions when adding new zone/service/icmp
|
|
|
|
(RHBZ#886602)
|
|
|
|
- firewalld.spec: Fixed requirements of firewall-config to use gtk2 and
|
|
|
|
pygobject3
|
|
|
|
- Fail gracefully when running in non X environment.(RHBZ#886551)
|
|
|
|
- offline-cmd: fail gracefully when no s-c-f config
|
|
|
|
- fix duplicated iptables rules (RHBZ#886515)
|
|
|
|
- detect errors and duplicates in config file (RHBZ#886581)
|
|
|
|
- firewall-config: don't make 'Edit Service' and 'Edit ICMP Type' insensitive
|
|
|
|
- firewalld.spec: fixed requirements, require pygobject3-base
|
|
|
|
- frewall-applet: Unused code cleanup
|
|
|
|
- firewall-applet: several usability fixes and enhancements
|
|
|
|
(RHBZ#886531) (RHBZ#886534)
|
|
|
|
- firewall/server/server.py: fixed KeyboardInterrupt message (RHBZ#886558)
|
|
|
|
- Moved fallback zone and minimal_mark to firewall.config.__init__
|
|
|
|
- Do not raise ZONE_ALREADY_SET in change_zone if old zone is set again
|
|
|
|
(RHBZ#886432)
|
|
|
|
- Make default zone default for all unset connections/interfaces
|
|
|
|
(RHBZ#888288) (RHBZ#882736)
|
|
|
|
- firewall-config: Use Gtk.MessageType.WARNING for warning dialog
|
|
|
|
- firewall-config: Handle unknown services and icmptypes in persistent mode
|
|
|
|
- firewall-config: Do not load settings more than once
|
|
|
|
- firewall-config: UI cleanup and fixes (RHBZ#888242)
|
|
|
|
- firewall-cmd: created alias --change-zone for --change-interface
|
|
|
|
- firewall-cmd man page updates (RHBZ#806511)
|
|
|
|
- Merged branch 'build-cleanups'
|
|
|
|
- dropped call to autogen.sh in build stage, not needed anymore due to
|
|
|
|
'build-cleanups' merge
|
|
|
|
|
2012-12-13 16:13:52 +00:00
|
|
|
* Thu Dec 13 2012 Thomas Woerner <twoerner@redhat.com> 0.2.11-2
|
|
|
|
- require pygobject3-base instead of pygobject3 (no cairo needed) (RHBZ#874378)
|
|
|
|
- fixed dependencies of firewall-config to use gtk3 with pygobject3-base and
|
|
|
|
not pygtk2
|
|
|
|
|
2012-12-11 20:34:31 +00:00
|
|
|
* Tue Dec 11 2012 Thomas Woerner <twoerner@redhat.com> 0.2.11-1
|
|
|
|
- Fixed more _xmlplus (PyXML) incompatibilities to python xml
|
|
|
|
- Several man page updates
|
|
|
|
- Fixed error in addForwardPort, removeForwardPort and queryForwardPort
|
|
|
|
- firewall-cmd: use already existing queryForwardPort()
|
|
|
|
- Update firewall.cmd man page, use man page as firewall-cmd usage (rhbz#876394)
|
|
|
|
- firewall-config: Do not force to show labels in the main toolbar
|
|
|
|
- firewall-config: Dropped "Change default zone" from toolbar
|
|
|
|
- firewall-config: Added menu entry to change zones of connections
|
|
|
|
- firewall-applet: Zones can be changed now using nm-connection-editor
|
|
|
|
(rhbz#876661)
|
|
|
|
- translation updates: cs, hu, ja
|
|
|
|
|
2012-11-20 15:35:51 +00:00
|
|
|
* Tue Nov 20 2012 Thomas Woerner <twoerner@redhat.com> 0.2.10-1
|
|
|
|
- tests/firewalld_config.py: tests for config.service and config.icmptype
|
|
|
|
- FirewallClientConfigServiceSettings(): destinations are dict not list
|
|
|
|
- service/zone/icmptype: do not write deprecated name attribute
|
|
|
|
- New service ntp
|
|
|
|
- firewall-config: Fixed name of about dialog
|
|
|
|
- configure.in: Fixed getting of error codes
|
|
|
|
- Added coding to all pyhton files
|
|
|
|
- Fixed copyright years
|
|
|
|
- Beautified file headers
|
|
|
|
- Force use of pygobject3 in python-slip (RHBZ#874378)
|
|
|
|
- Log: firewall.server.config_icmptype, firewall.server.config_service and
|
|
|
|
firewall.server.config_zone: Prepend full path
|
|
|
|
- Allow ":" in interface names for interface aliases
|
|
|
|
- Add name argument to Updated and Renamed signal
|
|
|
|
- Disable IPv4, IPv6 and EB tables if missing - for IPv4/IPv6 only environments
|
|
|
|
- firewall-config.glade file cleanup
|
|
|
|
- firewall-config: loadDefaults() can throw exception
|
|
|
|
- Use toolbars for Add/Edit/Remove/LoadDefaults buttons for zones, services
|
|
|
|
and icmp types
|
|
|
|
- New vnc-server service, opens ports for displays :0 to :3 (RHBZ#877035)
|
|
|
|
- firewall-cmd: Fix typo in help output, allow default zone usage for
|
|
|
|
permanenent options
|
|
|
|
- Translation updates: cs, fr, ja, pt_BR and zh_CN
|
|
|
|
|
2012-10-17 15:16:19 +00:00
|
|
|
* Wed Oct 17 2012 Thomas Woerner <twoerner@redhat.com> 0.2.9-1
|
|
|
|
- firewall-config: some UI usability changes
|
|
|
|
- firewall-cmd: New option --list-all-zones, output of --list-all changed,
|
|
|
|
more option combination checks
|
|
|
|
- firewall-applet: Replaced NMClient by direct DBUS calls to fix python core
|
|
|
|
dumps in case of connection activates/deactivates
|
|
|
|
- Use fallback 'C' locale if current locale isn't supported (RHBZ#860278)
|
|
|
|
- Add interfaces to zones again after reload
|
|
|
|
- firewall-cmd: use FirewallClient().connected value
|
|
|
|
- firewall-cmd: --remove-interface was not working due to a typo
|
|
|
|
- Do not use restorecon for new and backup files
|
|
|
|
- Fixed use of properties REJECT and DROP
|
|
|
|
- firewalld_test.py: check interfaces after reload
|
|
|
|
- Translation updates
|
|
|
|
- Renamed firewall-convert-scfw-config to firewall-offline-cmd, used by
|
|
|
|
anaconda for firewall configuration (e.g. kickstart)
|
|
|
|
- Fix python shebang to use -Es at installation time for bin_SCRIPTS and
|
|
|
|
sbin_SCRIPTS and at all times in gtk3_chooserbutton.py
|
|
|
|
- tests/firewalld_config.py: update test_zones() test case
|
|
|
|
- Config interface: improve renaming of zones/services/icmp_types
|
|
|
|
- Move emiting of Added signals closer to source.
|
|
|
|
- FirewallClient(): config:ServiceAdded signal was wrongly mapped
|
|
|
|
- Add argument 'name' to Removed signal
|
|
|
|
- firewall-config: Add callbacks for config:[service|icmp]-[added|removed]
|
|
|
|
- firewall-config: catch INVALID_X error when removing zone/service/icmp_type
|
|
|
|
- firewall-config: remove unused code
|
|
|
|
- Revert "Neutralize _xmlplus instead of conforming it"
|
|
|
|
- firewall-applet: some UI usability changes
|
|
|
|
- firewall-cmd: ALREADY_ENABLED, NOT_ENABLED, ZONE_ALREADY_SET are warnings
|
|
|
|
|
2012-09-07 15:44:38 +00:00
|
|
|
* Fri Sep 7 2012 Thomas Woerner <twoerner@redhat.com> 0.2.8-1
|
|
|
|
- Do not apply old settings to zones after reload
|
|
|
|
- FirewallClient: Added callback structure for firewalld signals
|
|
|
|
- New firewall-config with full zone, service and icmptype support
|
|
|
|
- Added Shields Up/Down configuration dialog to firewall-applet
|
|
|
|
- Name attribute of main tag deprecated for zones, services and icmptypes,
|
|
|
|
will be ignored if present
|
|
|
|
- Fixed wrong references in firewalld man page
|
|
|
|
- Unregister DBus interfaces after sending out the Removed signal
|
|
|
|
- Use proper DBus signature in addIcmpType, addService and addZone
|
|
|
|
- New builtin property for config interfaces
|
|
|
|
- New test case for Config interface
|
|
|
|
- spec: use new systemd-rpm macros (rhbz#850110)
|
|
|
|
- More config file verifications
|
|
|
|
- Lots of smaller fixes and enhancements
|
|
|
|
|
|
|
|
* Tue Aug 21 2012 Jiri Popelka <jpopelka@redhat.com> 0.2.7-2
|
|
|
|
- use new systemd-rpm macros (rhbz#850110)
|
|
|
|
|
2012-08-13 11:38:11 +00:00
|
|
|
* Mon Aug 13 2012 Thomas Woerner <twoerner@redhat.com> 0.2.7-1
|
|
|
|
- Update of firewall-config
|
|
|
|
- Some bug fixes
|
|
|
|
|
2012-08-07 11:25:11 +00:00
|
|
|
* Tue Aug 7 2012 Thomas Woerner <twoerner@redhat.com> 0.2.6-1
|
|
|
|
- New D-BUS interface for persistent configuration
|
|
|
|
- Aded support for persistent zone configuration in firewall-cmd
|
|
|
|
- New Shields Up feature in firewall-applet
|
|
|
|
- New requirements for python-decorator and pygobject3
|
|
|
|
- New firewall-config sub-package
|
|
|
|
- New firewall-convert-scfw-config config script
|
|
|
|
|
2012-04-20 19:16:48 +00:00
|
|
|
* Fri Apr 20 2012 Thomas Woerner <twoerner@redhat.com> 0.2.5-1
|
|
|
|
- Fixed traceback in firewall-cmd for failed or canceled authorization,
|
|
|
|
return proper error codes, new error codes NOT_RUNNING and NOT_AUTHORIZED
|
|
|
|
- Enhanced firewalld service file (RHBZ#806868) and (RHBZ#811240)
|
|
|
|
- Fixed duplicates in zone after reload, enabled timed settings after reload
|
|
|
|
- Removed conntrack --ctstate INVALID check from default ruleset, because it
|
|
|
|
results in ICMP problems (RHBZ#806017).
|
|
|
|
- Update interfaces in default zone after reload (rhbz#804814)
|
|
|
|
- New man pages for firewalld(1), firewalld.conf(5), firewalld.icmptype(5),
|
|
|
|
firewalld.service(5) and firewalld.zone(5), updated firewall-cmd man page
|
|
|
|
(RHBZ#811257)
|
|
|
|
- Fixed firewall-cmd help output
|
|
|
|
- Fixed missing icon for firewall-applet (RHBZ#808759)
|
|
|
|
- Added root user check for firewalld (RHBZ#767654)
|
|
|
|
- Fixed requirements of firewall-applet sub package (RHBZ#808746)
|
|
|
|
- Update interfaces in default zone after changing of default zone (RHBZ#804814)
|
|
|
|
- Start firewalld before NetworkManager (RHBZ#811240)
|
|
|
|
- Add Type=dbus and BusName to service file (RHBZ#811240)
|
|
|
|
|
2012-03-16 15:36:03 +00:00
|
|
|
* Fri Mar 16 2012 Thomas Woerner <twoerner@redhat.com> 0.2.4-1
|
|
|
|
- fixed firewalld.conf save exception if no temporary file can be written to
|
|
|
|
/etc/firewalld/
|
|
|
|
|
- firewall-cmd: several changes and fixes
- code cleanup
- fixed icmp protocol used for ipv6 (rhbz#801182)
- added and fixed some comments
- properly restore zone settings, timeout is always set, check for 0
- some FirewallError exceptions were actually not raised
- do not REJECT in each zone
- removeInterface() don't require zone
- new tests in firewall-test script
- dbus_to_python() was ignoring certain values
- added functions for the direct interface: chains, rules, passthrough
- fixed inconsistent data after reload
- some fixes for the direct interface: priority positions are bound to ipv,
table and chain
- added support for direct interface in firewall-cmd:
- added isImmutable(zone) to zone D-Bus interface
- renamed policy file
- enhancements for error messages, enables output for direct.passthrough
- added allow_any to firewald policies, using at leas auth_admin for policies
- replaced ENABLE_FAILED, DISABLE_FAILED, ADD_FAILED and REMOVE_FAILED by
COMMAND_FAILED, resorted error codes
- new firewalld configuration setting CleanupOnExit
- enabled polkit again, found a fix for property problem with slip.dbus.service
- added dhcpv6-client to 'public' (the default) and to 'internal' zones.
- fixed missing settings form zone config files in
"firewall-cmd --list=all --zone=<zone>" call
- added list functions for services and icmptypes, added --list=services and
--list=icmptypes to firewall-cmd
2012-03-15 21:36:11 +00:00
|
|
|
* Thu Mar 15 2012 Thomas Woerner <twoerner@redhat.com> 0.2.3-1
|
|
|
|
- firewall-cmd: several changes and fixes
|
|
|
|
- code cleanup
|
|
|
|
- fixed icmp protocol used for ipv6 (rhbz#801182)
|
|
|
|
- added and fixed some comments
|
|
|
|
- properly restore zone settings, timeout is always set, check for 0
|
|
|
|
- some FirewallError exceptions were actually not raised
|
|
|
|
- do not REJECT in each zone
|
|
|
|
- removeInterface() don't require zone
|
|
|
|
- new tests in firewall-test script
|
|
|
|
- dbus_to_python() was ignoring certain values
|
|
|
|
- added functions for the direct interface: chains, rules, passthrough
|
|
|
|
- fixed inconsistent data after reload
|
|
|
|
- some fixes for the direct interface: priority positions are bound to ipv,
|
|
|
|
table and chain
|
|
|
|
- added support for direct interface in firewall-cmd:
|
|
|
|
- added isImmutable(zone) to zone D-Bus interface
|
|
|
|
- renamed policy file
|
|
|
|
- enhancements for error messages, enables output for direct.passthrough
|
|
|
|
- added allow_any to firewald policies, using at leas auth_admin for policies
|
|
|
|
- replaced ENABLE_FAILED, DISABLE_FAILED, ADD_FAILED and REMOVE_FAILED by
|
|
|
|
COMMAND_FAILED, resorted error codes
|
|
|
|
- new firewalld configuration setting CleanupOnExit
|
|
|
|
- enabled polkit again, found a fix for property problem with slip.dbus.service
|
|
|
|
- added dhcpv6-client to 'public' (the default) and to 'internal' zones.
|
|
|
|
- fixed missing settings form zone config files in
|
|
|
|
"firewall-cmd --list=all --zone=<zone>" call
|
|
|
|
- added list functions for services and icmptypes, added --list=services and
|
|
|
|
--list=icmptypes to firewall-cmd
|
|
|
|
|
2012-03-06 12:56:05 +00:00
|
|
|
* Tue Mar 6 2012 Thomas Woerner <twoerner@redhat.com> 0.2.2-1
|
|
|
|
- enabled dhcpv6-client service for zones home and work
|
|
|
|
- new dhcpv6-client service
|
|
|
|
- firewall-cmd: query mode returns reversed values
|
|
|
|
- new zone.changeZone(zone, interface)
|
|
|
|
- moved zones, services and icmptypes to /usr/lib/firewalld, can be overloaded
|
|
|
|
by files in /etc/firewalld (no overload of immutable zones block, drop,
|
|
|
|
trusted)
|
|
|
|
- reset MinimalMark in firewalld.cnf to default value
|
|
|
|
- fixed service destination (addresses not used)
|
|
|
|
- fix xmlplus to be compatible with the python xml sax parser and python 3
|
|
|
|
by adding __contains__ to xml.sax.xmlreader.AttributesImpl
|
|
|
|
- use icon and glib related post, postun and posttrans scriptes for firewall
|
|
|
|
- firewall-cmd: fix typo in state
|
|
|
|
- firewall-cmd: fix usage()
|
|
|
|
- firewall-cmd: fix interface action description in usage()
|
|
|
|
- client.py: fix definition of queryInterface()
|
|
|
|
- client.py: fix typo in getInterfaces()
|
|
|
|
- firewalld.service: do not fork
|
|
|
|
- firewall-cmd: fix bug in --list=port and --port action help message
|
|
|
|
- firewall-cmd: fix bug in --list=service
|
|
|
|
|
|
|
|
* Mon Mar 5 2012 Thomas Woerner <twoerner@redhat.com>
|
|
|
|
- moved zones, services and icmptypes to /usr/lib/firewalld, can be overloaded
|
|
|
|
by files in /etc/firewalld (no overload of immutable zones block, drop,
|
|
|
|
trusted)
|
|
|
|
|
2012-02-21 12:37:40 +00:00
|
|
|
* Tue Feb 21 2012 Thomas Woerner <twoerner@redhat.com> 0.2.1-1
|
|
|
|
- added missing firewall.dbus_utils
|
|
|
|
|
2012-02-07 11:05:54 +00:00
|
|
|
* Tue Feb 7 2012 Thomas Woerner <twoerner@redhat.com> 0.2.0-2
|
|
|
|
- added glib2-devel to build requires, needed for gsettings.m4
|
|
|
|
- added --with-system-unitdir arg to fix installaiton of system file
|
|
|
|
- added glib-compile-schemas calls for postun and posttrans
|
|
|
|
- added EXTRA_DIST file lists
|
|
|
|
|
2012-02-06 23:32:16 +00:00
|
|
|
* Mon Feb 6 2012 Thomas Woerner <twoerner@redhat.com> 0.2.0-1
|
|
|
|
- version 0.2.0 with new FirewallD1 D-BUS interface
|
|
|
|
- supports zones with a default zone
|
|
|
|
- new direct interface as a replacement of the partial virt interface with
|
|
|
|
additional passthrough functionality
|
|
|
|
- dropped custom rules, use direct interface instead
|
|
|
|
- dropped trusted interface funcionality, use trusted zone instead
|
|
|
|
- using zone, service and icmptype configuration files
|
|
|
|
- not using any system-config-firewall parts anymore
|
|
|
|
|
- new version 0.1.3
- restore all firewall features for reload: panic and virt rules and chains
- string fixes for firewall-cmd man page (by Jiri Popelka)
- fixed firewall-cmd port list (by Jiri Popelka)
- added firewall dbus client connect check to firewall-cmd (by Jiri Popelka)
- translation updates: de, es, gu, it, ja, kn, ml, nl, or, pa, pl, ru, ta,
uk, zh_CN
2011-02-15 17:54:04 +00:00
|
|
|
* Mon Feb 14 2011 Thomas Woerner <twoerner@redhat.com> 0.1.3-1
|
|
|
|
- new version 0.1.3
|
|
|
|
- restore all firewall features for reload: panic and virt rules and chains
|
|
|
|
- string fixes for firewall-cmd man page (by Jiri Popelka)
|
|
|
|
- fixed firewall-cmd port list (by Jiri Popelka)
|
|
|
|
- added firewall dbus client connect check to firewall-cmd (by Jiri Popelka)
|
|
|
|
- translation updates: de, es, gu, it, ja, kn, ml, nl, or, pa, pl, ru, ta,
|
|
|
|
uk, zh_CN
|
|
|
|
|
2011-01-07 15:38:25 +00:00
|
|
|
* Mon Jan 3 2011 Thomas Woerner <twoerner@redhat.com> 0.1.2-1
|
|
|
|
- fixed package according to package review (rhbz#665395):
|
|
|
|
- non executable scripts: dropped shebang
|
|
|
|
- using newer GPL license file
|
|
|
|
- made /etc/dbus-1/system.d/FirewallD.conf config(noreplace)
|
|
|
|
- added requires(post) and (pre) for chkconfig
|
|
|
|
|
|
|
|
* Mon Jan 3 2011 Thomas Woerner <twoerner@redhat.com> 0.1.1-1
|
|
|
|
- new version 0.1.1
|
|
|
|
- fixed source path in POTFILES*
|
|
|
|
- added missing firewall_config.py.in
|
|
|
|
- added misssing space for spec_ver line
|
|
|
|
- using firewall_config.VARLOGFILE
|
|
|
|
- added date to logging output
|
|
|
|
- also log fatal and error logs to stderr and firewall_config.VARLOGFILE
|
|
|
|
- make log message for active_firewalld fatal
|
|
|
|
|
|
|
|
* Mon Dec 20 2010 Thomas Woerner <twoerner@redhat.com> 0.1-1
|
|
|
|
- initial package (proof of concept implementation)
|