New version 0.3.0

- Added rich language support
- Added lockdown feature
- Allow to bind interfaces and sources to zones permanently
- Enabled IPv6 NAT support
  masquerading and port/packet forwarding for IPv6 only with rich language
- Handle polkit errors in client class and firewall-config
- Added priority description for --direct --add-rule in firewall-cmd man page
- Add XML Schemas for zones/services/icmptypes XMLs
- Don't keep file descriptors open when forking
- Introduce --nopid option for firewalld
- New FORWARD_IN_ZONES and FORWARD_OUT_ZONES chains (RHBZ#912782)
- Update cluster-suite service (RHBZ#885257)
- firewall-cmd: rename --enable/disable-panic to --panic-on/off (RHBZ#874912)
- Fix interaction problem of changed event of gtk combobox with polkit-kde
  by processing all remaining events (RHBZ#915892)
- Stop default zone rules being applied to all zones (RHBZ#912782)
- Firewall.start(): don't call set_default_zone()
- Add wiki's URL to firewalld(1) and firewall-cmd(1) man pages
- firewalld-cmd: make --state verbose (RHBZ#886484)
- improve firewalld --help (RHBZ#910492)
- firewall-cmd: --add/remove-* can be used multiple times (RHBZ#879834)
- Continue loading zone in case of wrong service/port etc. (RHBZ#909466)
- Check also services and icmptypes in Zone() (RHBZ#909466)
- Increase the maximum length of the port forwarding fields from 5 to 11 in
  firewall-config
- firewall-cmd: add usage to fail message
- firewall-cmd: redefine usage to point to man page
- firewall-cmd: fix visible problems with arg. parsing
- Use argparse module for parsing command line options and arguments
- firewall-cmd.1: better clarify where to find ACTIONs
- firewall-cmd Bash completion
- firewall-cmd.1: comment --zone=<zone> usage and move some options
- Use zone's target only in %s_ZONES chains
- default zone in firewalld.conf was set to public with every restart (#902845)
- man page cleanup
- code cleanup

.gitignore

@@ -13,3 +13,4 @@
 /firewalld-0.2.10.tar.bz2
 /firewalld-0.2.11.tar.bz2
 /firewalld-0.2.12.tar.bz2
+/firewalld-0.3.0.tar.bz2

firewalld-0.2.12-bz912782.patch

@@ -1,32 +0,0 @@
-From 3253df596ab6f5e43d22dff3049600fc0de9c41b Mon Sep 17 00:00:00 2001
-From: Jiri Popelka <jpopelka@redhat.com>
-Date: Wed, 20 Feb 2013 14:58:40 +0100
-Subject: [PATCH 1/2] Stop default zone rules being applied to all zones
- (RHBZ#912782)
-
-See https://bugzilla.redhat.com/show_bug.cgi?id=912782
-for description.
-
-Patch from Quentin Armitage
----
- src/firewall/core/fw_zone.py | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py
-index 6d874e5..0fd0267 100644
---- a/src/firewall/core/fw_zone.py
-+++ b/src/firewall/core/fw_zone.py
-@@ -272,8 +272,9 @@ class FirewallZone:
-                     if target == "DROP" and table == "nat":
-                         # DROP is not supported in nat table
-                         continue
-+                    action = "-g" if "_ZONE_" in target else "-j"
-                     rule = [ "%s_ZONES" % src_chain, "-t", table,
--                             opt, interface, "-j", target ]
-+                             opt, interface, action, target ]
-                     if enable and not append:
-                         rule.insert(1, "1")
-                     rules.append((ipv, rule))
--- 
-1.8.1.2
-

firewalld-0.2.12-bz912782_2.patch

@@ -1,72 +0,0 @@
-From 41a1a4c69448991bb89b22081b29bffe47bfcca1 Mon Sep 17 00:00:00 2001
-From: Jiri Popelka <jpopelka@redhat.com>
-Date: Wed, 6 Mar 2013 17:21:00 +0100
-Subject: [PATCH] FORWARD_IN_ZONES and FORWARD_OUT_ZONES chains
- (RHBZ#912782)
-
-We need to separate top-level FORWARD_ZONES chain
-into these two chains to be able to correctly match
-rules for input and output interface, see
-https://bugzilla.redhat.com/show_bug.cgi?id=912782#c11
----
- src/firewall/core/base.py      |  4 ++--
- src/firewall/core/fw_zone.py   |  2 +-
- src/firewall/core/ipXtables.py | 10 ++++++----
- 3 files changed, 9 insertions(+), 7 deletions(-)
-
-diff --git a/src/firewall/core/base.py b/src/firewall/core/base.py
-index b89870d..1dcf30b 100644
---- a/src/firewall/core/base.py
-+++ b/src/firewall/core/base.py
-@@ -44,8 +44,8 @@ INTERFACE_ZONE_SRC = {
-     "PREROUTING": "PREROUTING",
-     "POSTROUTING": "POSTROUTING",
-     "INPUT": "INPUT",
--    "FORWARD_IN": "FORWARD",
--    "FORWARD_OUT": "FORWARD",
-+    "FORWARD_IN": "FORWARD_IN",
-+    "FORWARD_OUT": "FORWARD_OUT",
-     "OUTPUT": "OUTPUT",
- }
- 
-diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py
-index 2b0ac8b..c72055e 100644
---- a/src/firewall/core/fw_zone.py
-+++ b/src/firewall/core/fw_zone.py
-@@ -264,7 +264,7 @@ class FirewallZone:
-                     target = self._zones[zone].target.format(
-                         chain=SHORTCUTS[chain], zone=zone)
-                     if target in [ "REJECT", "%%REJECT%%" ] and \
--                            src_chain not in [ "INPUT", "FORWARD", "OUTPUT" ]:
-+                            src_chain not in [ "INPUT", "FORWARD_IN", "FORWARD_OUT", "OUTPUT" ]:
-                         # REJECT is only valid in the INPUT, FORWARD and
-                         # OUTPUT chains, and user-defined chains which are 
-                         # only called from those chains
-diff --git a/src/firewall/core/ipXtables.py b/src/firewall/core/ipXtables.py
-index d172151..311f9e4 100644
---- a/src/firewall/core/ipXtables.py
-+++ b/src/firewall/core/ipXtables.py
-@@ -83,14 +83,16 @@ DEFAULT_RULES["filter"] = [
-     "-I INPUT 6 -j %%REJECT%%",
- 
-     "-N FORWARD_direct",
--    "-N FORWARD_ZONES",
-+    "-N FORWARD_IN_ZONES",
-+    "-N FORWARD_OUT_ZONES",
- 
-     "-I FORWARD 1 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT",
-     "-I FORWARD 2 -i lo -j ACCEPT",
-     "-I FORWARD 3 -j FORWARD_direct",
--    "-I FORWARD 4 -j FORWARD_ZONES",
--    "-I FORWARD 5 -p %%ICMP%% -j ACCEPT",
--    "-I FORWARD 6 -j %%REJECT%%",
-+    "-I FORWARD 4 -j FORWARD_IN_ZONES",
-+    "-I FORWARD 5 -j FORWARD_OUT_ZONES",
-+    "-I FORWARD 6 -p %%ICMP%% -j ACCEPT",
-+    "-I FORWARD 7 -j %%REJECT%%",
- 
-     "-N OUTPUT_direct",
- 
--- 
-1.8.1.4
-

firewalld-0.2.12-conf.patch

@@ -1,26 +0,0 @@
-From 0a9017067bd04a1370faa461ceede31316f1caaa Mon Sep 17 00:00:00 2001
-From: Jiri Popelka <jpopelka@redhat.com>
-Date: Tue, 22 Jan 2013 16:27:56 +0100
-Subject: [PATCH 4/5] default zone in firewalld.conf was set to public with
- every restart (#902845)
-
----
- src/firewall/core/io/firewalld_conf.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/firewall/core/io/firewalld_conf.py b/src/firewall/core/io/firewalld_conf.py
-index 159df99..911f8bf 100644
---- a/src/firewall/core/io/firewalld_conf.py
-+++ b/src/firewall/core/io/firewalld_conf.py
-@@ -37,7 +37,7 @@ class firewalld_conf:
-         self._deleted = [ ]
- 
-     def get(self, key):
--        self._config.get(key.strip())
-+        return self._config.get(key.strip())
- 
-     def set(self, key, value):
-         _key = key.strip()
--- 
-1.8.1
-

firewalld-0.2.12-gtk.patch

@@ -1,26 +0,0 @@
-From 964bd061f00c9e90935430ba3036b228800cd5ed Mon Sep 17 00:00:00 2001
-From: Jiri Popelka <jpopelka@redhat.com>
-Date: Wed, 16 Jan 2013 14:17:10 +0100
-Subject: [PATCH 2/5] firewall-config: fix typo gtk -> Gtk
-
-Fixes: RHBZ#895812
----
- src/firewall-config | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/firewall-config b/src/firewall-config
-index b783268..1f0b5dc 100755
---- a/src/firewall-config
-+++ b/src/firewall-config
-@@ -839,7 +839,7 @@ class FirewallConfig(object):
-         if default_zone in zones:
-             selection.select_path(zones.index(default_zone))
-         else:
--            selection.set_mode(gtk.SelectionMode.NONE)
-+            selection.set_mode(Gtk.SelectionMode.NONE)
- 
-         self.defaultZoneDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT)
-         self.defaultZoneDialog.set_transient_for(self.mainWindow)
--- 
-1.8.1
-

firewalld.spec

@@ -1,7 +1,7 @@
 Summary: A firewall daemon with D-BUS interface providing a dynamic firewall
 Name: firewalld
-Version: 0.2.12
+Version: 0.3.0
-Release: 5%{?dist}
+Release: 1%{?dist}
 URL: http://fedorahosted.org/firewalld
 License: GPLv2+
 ExclusiveOS: Linux
@@ -11,10 +11,6 @@ Source0: https://fedorahosted.org/released/firewalld/%{name}-%{version}.tar.bz2
 %if 0%{?fedora} > 17
 Patch0: firewalld-0.2.6-MDNS-default.patch
 %endif
-Patch1: firewalld-0.2.12-conf.patch
-Patch2: firewalld-0.2.12-gtk.patch
-Patch3: firewalld-0.2.12-bz912782.patch
-Patch4: firewalld-0.2.12-bz912782_2.patch
 BuildRequires: desktop-file-utils
 BuildRequires: gettext
 BuildRequires: intltool
@@ -80,11 +76,6 @@ firewalld.
 %patch0 -p1
 %endif
 
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
-%patch4 -p1
-
 %build
 %configure --with-systemd-unitdir=%{_unitdir}
 
@@ -152,6 +143,8 @@ fi
 %{_sbindir}/firewalld
 %{_bindir}/firewall-cmd
 %{_bindir}/firewall-offline-cmd
+%dir %{_sysconfdir}/bash_completion.d
+%{_sysconfdir}/bash_completion.d/firewall-cmd-bash-completion.sh
 %defattr(0640,root,root)
 %attr(0750,root,root) %dir %{_prefix}/lib/firewalld
 %attr(0750,root,root) %dir %{_prefix}/lib/firewalld/icmptypes
@@ -162,6 +155,7 @@ fi
 %{_prefix}/lib/firewalld/zones/*.xml
 %attr(0750,root,root) %dir %{_sysconfdir}/firewalld
 %config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf
+%config(noreplace) %{_sysconfdir}/firewalld/lockdown-whitelist.xml
 %attr(0750,root,root) %dir %{_sysconfdir}/firewalld/icmptypes
 %attr(0750,root,root) %dir %{_sysconfdir}/firewalld/services
 %attr(0750,root,root) %dir %{_sysconfdir}/firewalld/zones
@@ -200,6 +194,44 @@ fi
 %{_datadir}/icons/hicolor/*/apps/firewall-config*.*
 
 %changelog
+* Wed Mar 20 2013 Thomas Woerner <twoerner@redhat.com> 0.3.0-1
+- Added rich language support
+- Added lockdown feature
+- Allow to bind interfaces and sources to zones permanently
+- Enabled IPv6 NAT support
+  masquerading and port/packet forwarding for IPv6 only with rich language
+- Handle polkit errors in client class and firewall-config
+- Added priority description for --direct --add-rule in firewall-cmd man page
+- Add XML Schemas for zones/services/icmptypes XMLs
+- Don't keep file descriptors open when forking
+- Introduce --nopid option for firewalld
+- New FORWARD_IN_ZONES and FORWARD_OUT_ZONES chains (RHBZ#912782)
+- Update cluster-suite service (RHBZ#885257)
+- firewall-cmd: rename --enable/disable-panic to --panic-on/off (RHBZ#874912)
+- Fix interaction problem of changed event of gtk combobox with polkit-kde
+  by processing all remaining events (RHBZ#915892)
+- Stop default zone rules being applied to all zones (RHBZ#912782)
+- Firewall.start(): don't call set_default_zone()
+- Add wiki's URL to firewalld(1) and firewall-cmd(1) man pages
+- firewalld-cmd: make --state verbose (RHBZ#886484)
+- improve firewalld --help (RHBZ#910492)
+- firewall-cmd: --add/remove-* can be used multiple times (RHBZ#879834)
+- Continue loading zone in case of wrong service/port etc. (RHBZ#909466)
+- Check also services and icmptypes in Zone() (RHBZ#909466)
+- Increase the maximum length of the port forwarding fields from 5 to 11 in
+  firewall-config
+- firewall-cmd: add usage to fail message
+- firewall-cmd: redefine usage to point to man page
+- firewall-cmd: fix visible problems with arg. parsing
+- Use argparse module for parsing command line options and arguments
+- firewall-cmd.1: better clarify where to find ACTIONs
+- firewall-cmd Bash completion
+- firewall-cmd.1: comment --zone=<zone> usage and move some options
+- Use zone's target only in %s_ZONES chains
+- default zone in firewalld.conf was set to public with every restart (#902845)
+- man page cleanup
+- code cleanup
+
 * Thu Mar 07 2013 Jiri Popelka <jpopelka@redhat.com> - 0.2.12-5
 - Another fix for RHBZ#912782
 

sources

@@ -1 +1 @@
-49abe07b77efade4bbaacfb80da9990c  firewalld-0.2.12.tar.bz2
+a6c52df72fd5dcaa8b26dd89edc5e3a9  firewalld-0.3.0.tar.bz2