Commit Graph

206 Commits

Author SHA1 Message Date
Phil Sutter
8de856585a firewalld-0.8.0-2
- Add suggests to propagate iptables-nft
2020-01-16 17:36:26 +01:00
Eric Garver
aed71ab66d rebase to v0.8.0 2019-11-05 19:36:00 -05:00
Miro Hrončok
cae7418857 Rebuilt for Python 3.8.0rc1 (#1748018) 2019-10-03 13:53:16 +02:00
Eric Garver
873e363aa3 rebase to v0.7.2
Resolves: rhbz 1757513
2019-10-02 13:51:34 -04:00
Miro Hrončok
9ef9382b5b Rebuilt for Python 3.8 2019-08-19 10:13:54 +02:00
Eric Garver
150b1e5ecd drop Requires: kernel
Resolves: rhbz 1733602
2019-08-01 08:38:51 -04:00
Eric Garver
893c89496a rebase to v0.7.1 2019-07-25 15:58:04 -04:00
Fedora Release Engineering
f409ea7304 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-07-25 00:36:30 +00:00
Eric Garver
e9bf51ed63 rebase to v0.6.4 2019-06-07 14:34:51 -04:00
Eric Garver
34a91ae356 remove unused patches 2019-06-07 14:08:58 -04:00
Fedora Release Engineering
43ab8cdd33 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-01-31 19:45:00 +00:00
Eric Garver
abbd77e4fb rebase to v0.6.3 2018-11-01 09:02:34 -04:00
Eric Garver
bb4b5b8270 add missing patch 2018-09-21 14:44:02 -04:00
Eric Garver
ef8e49491c rebase to v0.6.2
Resolves: rhbz 1624600
2018-09-21 14:33:13 -04:00
Eric Garver
7c611c49f7 default to iptables backend
Resolves: rhbz 1623868
2018-08-31 11:29:10 -04:00
Eric Garver
cab87bda0c rebase to v0.6.1
Resolves: rhbz 1614048
2018-08-10 10:24:25 -04:00
Eric Garver
0a594a0f04 Add Conflicts for cockpit-ws
The service definition moved from cockpit to firewalld.
2018-07-29 09:39:37 -04:00
Eric Garver
cb592bb50d rebase to v0.6.0 2018-07-25 09:01:04 -04:00
Fedora Release Engineering
00cd29af08 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-13 00:35:25 +00:00
Eric Garver
53a98bc1d5 backport fix for rhbz 1575431
Fixes: rhbz 1575431
2018-07-03 16:02:19 -04:00
Miro Hrončok
944837798d Rebuilt for Python 3.7 2018-06-19 10:42:57 +02:00
Eric Garver
18f8c5a7f2 rebase to v0.5.3 2018-05-16 10:32:57 -04:00
Charalampos Stratakis
a02936d1a3 Add the python_provide macro 2018-03-22 18:23:33 +01:00
Eric Garver
40f23213c9 remove python2-firewall subpackage 2018-03-22 11:03:14 -04:00
Eric Garver
a86d697d59 remove obsolete patches 2018-03-19 15:31:35 -04:00
Eric Garver
7dbe008cf6 rebase to v0.5.2 2018-03-19 15:27:18 -04:00
Igor Gnatenko
0ada34b018
Escape macros in %changelog
Reference: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/Y2ZUKK2B7T2IKXPMODNF6HB2O5T5TS6H/
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-09 09:04:28 +01:00
Eric Garver
991b466c6e rebase to v0.5.1 2018-02-07 11:42:15 -05:00
Fedora Release Engineering
5f6b6224e9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-02-07 09:42:22 +00:00
Igor Gnatenko
51ca746843 Remove obsolete scriptlets
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-01-05 23:53:27 +01:00
Zbigniew Jędrzejewski-Szmek
d6aa9a2c01 Python 2 binary package renamed to python2-firewall 2017-12-17 13:05:18 -05:00
Thomas Woerner
1577a1a931 Bump release 2017-07-31 17:40:31 +02:00
Thomas Woerner
3105298608 - Fix spec file for next RHEL versions 2017-07-31 17:38:47 +02:00
Fedora Release Engineering
e7c499b9cb - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild 2017-07-26 08:25:14 +00:00
Thomas Woerner
94ddb8feb5 Source for 0.4.4.5 2017-06-13 13:41:32 +02:00
Thomas Woerner
51ae9526ba - Rebase to firewalld-0.4.4.5
http://www.firewalld.org/2017/06/firewalld-0-4-4-5-release
  - Fix build from spec
  - Fix –remove-service-from-zone option (RHBZ#1438127)
  - Support sctp and dccp in ports, source-ports, forward-ports, helpers and
    rich rules (RHBZ#1429808)
  - firewall-cmd: Fix –{set,get}-{short,description} for zone (RHBZ#1445238)
  - firewall.core.ipXtables: Use new wait option for restore commands if
    available
  - New services for oVirt:
    ctdb, ovirt-imageio, ovirt-storageconsole, ovirt-vmconsole and nrpe
  - Rename extension for policy choices (server and desktop) to .policy.choice
    (RHBZ#1449754)
  - D-Bus interfaces: Fix GetAll for interfaces without properties
    (RHBZ#1452017)
  - Load NAT helpers with conntrack helpers (RHBZ#1452681)
  - Translation updates
- Additional upstream patches:
  - Rich-rule source validation (d69b7cb)
  - IPv6 ICMP type only rich-rule fix (cf50bd0)
2017-06-13 13:39:03 +02:00
Thomas Woerner
fd60bdf28a Update sources 2017-04-03 17:37:58 +02:00
Thomas Woerner
a3519c4995 - Rebase to firewalld-0.4.4.4
http://www.firewalld.org/2017/03/firewalld-0-4-4-4-release
- Drop references to fedorahosted.org from spec file and Makefile.am
- Fix inconsistent ordering of rules in INPUT_ZONE_SOURCE (issue#166)
- Fix ipset overloading from /etc/firewalld/ipsets
- Fix permanent rich rules using icmp-type elements (RHBZ#1434594)
- firewall-config: Deactivate edit, remove, .. buttons if there are no items
- Check if ICMP types are supported by kernel before trying to use them
- firewall-config: Show invalid ipset type in the ipset configuration dialog
  in a special label
2017-03-27 20:01:15 +02:00
Thomas Woerner
698a906f32 - Fixed ipset overloading, dropped applied check in get_ipset (issue#206) 2017-02-21 02:32:01 +01:00
Thomas Woerner
e66ea00b1e - Rebase to firewalld-0.4.4.3
http://www.firewalld.org/2017/02/firewalld-0-4-4-3-release
- Speed up of large file loading
- Support for more ipset types
- Speed up of adding or removing entries for ipsets from files
- Support icmp-type usage in rich rules
- Support for more icmp types
- Support for h323 conntrack helper
- New services
- Code cleanup and several other bug fixes
- Translation updates
2017-02-10 17:33:07 +01:00
Fedora Release Engineering
f42660ccba - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild 2017-02-10 09:47:54 +00:00
Charalampos Stratakis
c2d3d5cd8e Rebuild for Python 3.6 2016-12-13 15:50:07 +01:00
Thomas Woerner
27c4930b69 - Dropping firewalld-selinux package again as the required fix made it into
selinux-policy packages for F-23+, updated selinux-policy version conflicts
2016-12-05 17:31:40 +01:00
Thomas Woerner
1118c441f2 - New firewalld-selinux sub package delivering the SELinux policy module for
firewalld (RHBZ#1396765) (RHBZ#1394625) (RHBZ#1394578) (RHBZ#1394573)
  (RHBZ#1394569)
- New firewalld release 0.4.4.2:
  - firewalld.spec: Added helpers and ipsets paths to firewalld-filesystem
  - firewall.core.fw_nm: create NMClient lazily
  - Do not use hard-coded path for modinfo, use autofoo to detect it
  - firewall.core.io.ifcfg: Dropped invalid option warning with bad format
    string
  - firewall.core.io.ifcfg: Properly handle quoted ifcfg values
  - firewall.core.fw_zone: Do not reset ZONE with ifdown
  - Updated translations from zanata
  - firewall-config: Extra grid at bottom to visualize firewalld settings
2016-12-01 15:44:42 +01:00
Thomas Woerner
e49b9a8f35 Fix firewalld-filesystem to provide helpers and ipsets subdirs 2016-11-10 18:46:10 +01:00
Thomas Woerner
92dff91190 New firewalld version 0.4.4.1
Version 0.4.4.1:
- firewall-config: Use proper source check in sourceDialog (fixes issue#162)
- firewallctl: New support for helpers
- Translation updates

Version 0.4.4:
- Fix dist-check
- src/Makefile.am: Install new helper files
- config/Makefile.am: Install helpers
- Merged translations
- Updated translations from zanata
- firewalld.spec: Adapt requires for PyQt5
- firewall-applet: Fix fromUTF8 for python2 PyQt5 usage
- firewall-applet: Use PyQt5
- firewall-config: New nf_conntrack_select dialog, use nf_conntrack_helpers D-Bus property
- shell-completion/bash/firewall-cmd: Updates for helpers and also some fixes
- src/tests/firewall-[offline-]cmd_test.sh: New helper tests, adapted module tests for services
- doc/xml/seealso.xml: Add firewalld.helper(5) man page
- doc/xml/seealso.xml: Add firewalld.ipset(5) man page
- Fixed typo in firewalld.ipset(5) man page
- Updated firewalld.dbus(5) man page
- New firewalld.helper(5) man page
- doc/xml/firewall-offline-cmd.xml: Updated firewall-offline-cmd man page
- doc/xml/firewall-cmd.xml: Updated firewall-cmd man page
- firewall-offline-cmd: New support for helpers
- firewall-cmd: New support for helpers
- firewall.command: New check_helper_family, check_module and print_helper_info methods
- firewall.core.fw_test: Add helpers also to offline backend
- firewall.server.config: New AutomaticHelpers property (rw)
- firewall.server.config: Fix an dict size changed error for firewall.conf file changes
- firewall.server.config: Make LogDenied property readwrite to be consistent
- Some renames of nf_conntrack_helper* functions and structures, helpers is a dict
- firewall.core.fw: Properly check helper setting in set_automatic_helpers
- firewall.errors: Add missing BUILTIN_HELPER error code
- No extra interface for helpers needed in runtime, dropped DBUS_INTERFACE_HELPER
- firewall.server.firewalld: Drop unused queryHelper D-Bus method
- New helpers Q.931 and RAS from nf_conntrack_h323
- firewall.core.io.helper: Allow dots in helper names, remove underscore
- firewall.core.io.firewalld_conf: Fixed typo in FALLBACK_AUTOMATIC_HELPERS
- firewall-[offline-]cmd: Use sys.excepthook to force exception_handler usage always
- firewall.core.fw_config: new_X methods should also check builtins
- firewall.client: Set helper family to "" if None
- firewall.client: Add missing module string to FirewallClientHelperSettings.settings
- config/firewalld.conf: Add possible values description for AutomaticHelpers
- helpers/amanda.xml: Fix typo in helper module
- firewall-config: Added support for helper module setting
- firewall.client: Added support for helper module setting
- firewall.server.config_helper: Added support for helper module setting
- firewall.core.io.service, firewall.server.config_service: Only replace underscore by dash if module start with nf_conntrack_
- firewall.core.fw_zone: Use helper module instead of a generated name from helper name
- helpers: Added kernel module
- firewall.core.io.helper: Add module to helper
- firewall-cmd: Removed duplicate --get-ipset-types from help output
- firewall.core.fw_zone: Add zone bingings for PREROUTING in the raw table
- firewall.core.ipXtables: Add PREROUTING default rules for zones in raw table
- firewall-config: New support to handle helpers, new dialogs, new helper tab, ..
- config/org.fedoraproject.FirewallConfig.gschema.xml.in: New show-helpers setting
- firewall.client: New helper management for runtime and permanent configuration
- firewall.server.firewalld: New runtime helper management, new nf_conntrack_helper property
- firewall.server.config_service: Fix module name handling (no nf_conntrack_ prefix needed)
- firewall.server.config: New permanent D-Bus helper management
- New firewall.server.config_helper to provide the permanent D-Bus interface for helpers
- firewall.core.fw_zone: Use helpers fw.nf_conntrack_helper for services using helpers
- firewall.core.fw: New helper management, new _automatic_helpers and nf_conntrack_helper settings
- firewall.core.fw_config: Add support for permanent helper handling
- firewall.core.io.service: The module does not need to start with nf_conntrack_ anymore
- firewall.functions: New functions to get and set nf_conntrack_helper kernel setting
- firewall.core.io.firewalld_conf: New support for AutomaticHelpers setting
- firewall.config.dbus: New D-Bus definitions for helpers, new DBUS_INTERFACE_REVISION 12
- New firewall.core.fw_helper providing FirewallHelper backend
- New firewall.core.helper with HELPER_MAXNAMELEN definition
- config/firewalld.conf: New AutomaticHelpers setting with description
- firewall.config.__init__.py.in: New helpers variables
- firewalld.spec: Add new helpers directory
- config/Makefile.am: Install new helpers
- New helper configuration files for amanda, ftp, irc, netbios-ns, pptp, sane, sip, snmp and tftp
- firewall.core.io.helper: New IO handler for netfilter helpers
- firewall.errors: New INVALID_HELPER error code
- firewall.core.io.ifcfg: Use .bak for save files
- firewall-config: Set internal log_denied setting after changing
- firewall.server.config: Copy props before removing items
- doc/xml/firewalld.ipset: Replaced icmptype name remains with ipset
- firewall.core.fw_zone: Fix LOG rule placement for LogDenied
- firewall.command: Use "source-ports" in print_zone_info
- firewall.core.logger: Use syslog.openlog() and syslog.closelog()
- firewall-[offline-]cmd man pages: Document --path-{zone,icmptype,ipset,service}
- firewall-cmd: Enable --path-{zone,icmptype,service} options again
- firewall.core.{ipXtables,ebtables}: Copy rule before extracting items in set_rules
- firewall.core.fw: Do not abort transaction on failed ipv6_rpfilter rules
- config/Makefile.am: Added cfengine, condor-collector and smtp-submission services
- Makefile.am: New dist-check used in the archive target
- src/Makefile.am: Reordered nobase_dist_python_DATA to be sorted
- config/Makefile.am: New CONFIG_FILES variable to contain the config files
- Merge pull request #150 from hspaans/master
- Merge pull request #146 from canvon/bugfix/spelling
- Merge pull request #145 from jcpunk/condor
- Command line tools man pages: New section about sequence options and exit codes
- Creating service file for SMTP-Submission.
- Creating service file for CFEngine.
- Fix typo in documentation: iptables mangle table
- Only use sort on lists of main items, but not for item properties
- firewall.core.io.io_object: import_config should not change ordering of lists
- firewall.core.fw_transaction: Load helper modules in FirewallZoneTransaction
- firewall.command: Fail with NOT_AUTHORIZED if authorization fails (RHBZ#1368549)
- firewall.command: Fix sequence exit code with at least one succeeded item
- Add condor collector service
- firewall-cmd: Fixed --{get,set}-{description,short} for permanent zones
- firewall.command: Do not use error code 254 for {ALREADY,NOT}_ENABLED sequences
2016-11-10 18:01:01 +01:00
Thomas Woerner
296ea4d3bd New version 0.4.3.3
- Fix CVE-2016-5410: Firewall configuration can be modified by any logged in
  user
- firewall/server/firewalld: Make getXSettings and getLogDenied CONFIG_INFO
- Update AppData configuration file.
- tests/firewalld_rich.py: Use new import structure and FirewallClient classes
- tests/firewalld_direct.py: Use new import structure
- tests: firewalld_direct: Fix assert to check for True instead of False
- tests: firewalld_config: Fix expected value when querying the zone target
- tests: firewalld_config: Use real nf_conntrack modules
- firewalld.spec: Added comment about make call for %build
- firewall-config: Use also width_request and height_request with default size
- Updated firewall-config screenshot
- firewall-cmd: Fixed typo in help output (RHBZ#1367171)
- test-suite: Ignore stderr to get default zone also for missing firewalld.conf
- firewall.core.logger: Warnings should be printed to stderr per default
- firewall.core.fw_nm: Ignore NetworkManager if NM.Client connect fails
- firewall-cmd, firewallctl: Gracefully fail if SystemBus can not be aquired
- firewall.client: Generate new DBUS_ERROR if SystemBus can not be aquired
- test-suite: Do not fail on ALREADY_ENABLED --add-destination tests
- firewall.command: ALREADY_ENABLED, NOT_ENABLED, ZONE_ALREADY_SET are warnings
- doc/xml/firewalld.dbus.xml: Removed undefined reference
- doc/xml/transform-html.xsl.in: Fixed references in the document
- doc/xml/firewalld.{dbus,zone}.xml: Embed programlisting in para
- doc/xml/transform-html.xsl.in: Enhanced html formatting closer to the man page
- firewall: core: fw_nm: Instantiate the NM client only once
- firewall/core/io/*.py: Do not traceback on a general sax parsing issue
- firewall-offline-cmd: Fix --{add,remove}-entries-from-file
- firewall-cmd: Add missing action to fix --{add,remove}-entries-from-file
- firewall.core.prog: Do not output stderr, but return it in the error case
- firewall.core.io.ifcfg.py: Fix ifcfg file reader and writer (RHBZ#1362171)
- config/firewall.service.in: use KillMode=mixed
- config/firewalld.service.in: use network-pre.target
- firewall-config: Add missing gettext.textdomain call to fix translations
- Add UDP to transmission-client.xml service
- tests/firewall-[offline-]cmd_test.sh: Hide errors and warnings
- firewall.client: Fix ALREADY_ENABLED errors in icmptype destination calls
- firewall.client: Fix NOT_ENABLED errors in icmptype destination calls
- firewall.client: Use {ALREADY,NOT}_ENABLED errors in icmptype destination
  calls
- firewall.command: Add the removed FirewallError handling to the action
  (a17ce50)
- firewall.command: Do not use query methods for sequences and also single
  options
- Add missing information about MAC and ipset sources to man pages and help
  output
- firewalld.spec: Add BuildRequires for libxslt to enable rebuild of man pages
- firewall[-offline]-cmd, firewallctl, firewall.command: Use sys.{stdout,stderr}
- firewallctl: Fix traceback if not connected to firewalld
- firewall-config: Initialize value in on_richRuleDialogElementChooser_clicked
- firewall.command: Convert errors to string for Python3
- firewall.command: Get proper firewall error code from D-BusExceptions
- firewall-cmd: Fixed traceback without args
- Add missing service files to Makefile.am
- shell-completion: Add shell completion support for
  --{get,set}--{description,short}
- Updated RHEL-7 selinux-policy and squid conflict
2016-08-16 22:26:58 +02:00
Fedora Release Engineering
f03f262716 - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages 2016-07-19 07:05:09 +00:00
Thomas Woerner
ffe18e7c08 - New firewalld release 0.4.3.2
- Fix regression with unavailable optional commands
- All missing backend messages should be warnings
- Individual calls for missing restore commands
- Only one authenticate call for add and remove options and also sequences
- New service RH-Satellite-6
- Fixed selinux-policy conflict version for RHEL-7
2016-07-05 19:47:25 +02:00
Thomas Woerner
ebe2f35f6d - Fixed selinux-policy conflict version for Fedora 24 2016-06-29 11:45:26 +02:00