Commit Graph

88 Commits

Author SHA1 Message Date
Dennis Gilmore
3467da0208 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild 2015-06-17 06:22:13 +00:00
Stephen Gallagher
bc01174b62 Make sure we always create the polkit policy
There were cases (like Cloud Edition) where we would not create
the polkit policy if firewalld.conf already existed.
2015-06-16 15:09:50 -04:00
Thomas Woerner
5daf27c45b use 0.3.14.1 2015-06-13 00:02:20 +02:00
Thomas Woerner
95cd8262fa * 0.3.14.1-1
- firewall-applet
  - do not use isSystemTrayAvailable check to fix KDE5 startup
  - dropped gtk applet remain: org.fedoraproject.FirewallApplet.gschema.xml

* 0.3.14-1
- renamed python2-firewall to python-firewall
- fixed requirements for GUI parts with Python3
- dropped upstream merged python3 patch
- firewalld:
  - print real zone names in error messages
  - iptables 1.4.21 does not accept limits of 1/day, minimum is 2/day now
  - rate limit fix for rich rules
  - fix readdition of removed permanent direct settings
  - adaption of the polkit domains to use PK_ACTION_DIRECT_INFO
  - fixed two minor Python3 issues in firewall.core.io.direct
  - fixed use of fallback configuration values
  - fixed use without firewalld.conf
  - firewalld main restructureization
  - IPv6_rpfilter now also available as a property on D-Bus in the config interface
  - fixed wait option use for ipXtables
  - added --concurrent support for ebtables
  - richLanguage: allow masquerading with destination
  - richLanguage: limit masquerading forward rule to new connections
  - ipXtables: No dns lookups in available_tables and _detect_wait_option
  - full ebtables support: start, stop, reload, panic mode, direct chains and rules
  - fix for reload with direct rules
  - fix or flaws found by landscape.io
  - pid file handling fixes in case of pid file removal
  - fix for client issue in case of a dbus NoReply error
- configuration
  - new services: dropbox-lansync, ptp
  - new icmptypes: timestamp-request, timestamp-reply
- man pages:
  - firewalld.zones(5): fixed typos
  - firewalld.conf(5): Fixed wrong reference to firewalld.lockdown-whitelist page
- firewall-applet:
  - new version using Qt4 fixing several issues with the Gtk version
- spec file:
  - enabled Python3 support: new backends python-firewall and python3-firewall
  - some cleanup
- git:
  - migrated to github
- translations:
  - migrated to zanata
- build environment:
  - no need for autoconf-2.69, 2.68 is sufficient
2015-06-12 23:58:58 +02:00
Stephen Gallagher
d651ec2e2c Use VARIANT_ID for decisions instead of VARIANT 2015-05-07 10:41:16 -04:00
Stephen Gallagher
07c43f280d Update per-product config specification to latest version
See: https://fedoraproject.org/w/index.php?title=User:Sgallagh/Per-Product_Configuration_Packaging_Draft&oldid=410792
2015-04-23 13:25:57 -04:00
Stephen Gallagher
88e1545c03 Remove unneeded backslash escape 2015-04-16 15:45:22 -04:00
Stephen Gallagher
8aec79859f Switch to using $VARIANT directly from /etc/os-release 2015-04-16 15:37:25 -04:00
Stephen Gallagher
82cf3d8869 Fix bugs with posttrans
- Remove nonexistent fedora-cloud.conf symlink
2015-03-13 21:35:17 -04:00
Stephen Gallagher
4c9547c601 Remove per-edition config files
- Decide on default configuration based on /etc/os-release
2015-03-13 13:48:57 -04:00
Jiri Popelka
e24f6cfcb4 use python3 bindings on fedora >=23
https://lists.fedoraproject.org/pipermail/devel/2015-February/208208.html
2015-02-23 14:44:14 +01:00
Thomas Woerner
9ca578f732 Added latest Python3 patch from upstream 2015-01-28 14:17:38 +01:00
Thomas Woerner
75272d6aaa Enable Python3 support in spec file
- enable python2 and python3 bindings for fedora >= 20 and rhel >= 7
- use python3 bindings on fedora >= 22 and rhel >= 8 for firewalld,
  firewall-config and firewall-applet
2015-01-28 14:16:48 +01:00
Jiri Popelka
f70602740c Merge branch 'f20' into f21 2014-12-04 19:22:47 +01:00
Jiri Popelka
959b2db1fd 0.3.13 2014-12-04 19:13:21 +01:00
Jiri Popelka
68cca00bb6 Merge branch 'f20' into f21 2014-10-14 18:21:58 +02:00
Jiri Popelka
e89b2b2ecd 0.3.12 2014-10-14 18:20:55 +02:00
Jiri Popelka
9ad9772159 Merge branch 'f20' into f21 2014-08-27 10:40:58 +02:00
Jiri Popelka
1c3b179dfb Quiet systemctl if cups-browsed.service is not installed 2014-08-27 10:40:20 +02:00
Orion Poplawski
e4cb880aa3 Quiet systemctl if cups-browsed.service is not installed 2014-08-27 10:37:27 +02:00
Orion Poplawski
1e43ccc8ce Quiet systemctl if cups-browsed.service is not installed 2014-08-26 09:59:32 -06:00
Jiri Popelka
c1a852fecb Merge branch 'f20' into f21 2014-08-25 12:15:24 +02:00
Jiri Popelka
b42d00a678 add few Requires to spec (RHBZ#1133167) 2014-08-25 12:14:12 +02:00
Jiri Popelka
8b10fa9e19 Merge branch 'f20' into f21 2014-08-20 19:07:00 +02:00
Jiri Popelka
0b65a30f38 0.3.11 2014-08-20 18:53:02 +02:00
Thomas Woerner
92eb709782 - Bump release 2014-07-22 10:34:12 +02:00
Thomas Woerner
fd6e3ebbd5 - Fixed wrong default zone names for server and workstation (RHBZ#1120296) 2014-07-22 10:31:34 +02:00
Thomas Woerner
3bcc74d626 - renamed fedora specific zones to FedoraServer and FedoraWorkstation for
zone name limitations (length and allowed chars)
2014-07-08 13:39:14 +02:00
Thomas Woerner
3f62620b7f - Added Fedora server zone with cockpit enabled (RHBZ#1110711)
- Added Fedora workstation zone(RHBZ#1113775)
2014-07-07 19:16:42 +02:00
Thomas Woerner
7ab6dab432 - New support for Fedora per-product configuration settings for Fedora.next
https://fedoraproject.org/wiki/Per-Product_Configuration_Packaging_Draft
2014-07-07 18:47:24 +02:00
Dennis Gilmore
f51ba2801b - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild 2014-06-07 07:10:38 -05:00
Jiri Popelka
c27a83cb8e 0.3.10 2014-05-29 10:34:57 +02:00
Jiri Popelka
cabfc2d180 0.3.9.3
- Fixed persistent port forwarding (RHBZ#1056154)
- Stop default zone rules being applied to all zones (RHBZ#1057875)
- Enforce trust, block and drop zones in the filter table only (RHBZ#1055190)
- Allow RAs prior to applying IPv6_rpfilter (RHBZ#1058505)
2014-02-05 17:52:17 +01:00
Jiri Popelka
660f9abf4a fix regression introduced in 0.3.9 (RHBZ#1053932) 2014-01-17 07:03:33 +01:00
Jiri Popelka
3c3e49e817 0.3.9.1 2014-01-16 16:11:10 +01:00
Jiri Popelka
ad89fb7fd0 0.3.9 2014-01-13 17:22:51 +01:00
Jiri Popelka
15e74e15b5 0.3.8 - memleaks fixed, python3 support 2013-11-05 16:06:55 +01:00
Jiri Popelka
71ed8131bf 0.3.7 2013-10-17 17:30:19 +02:00
Jiri Popelka
f9bb7ae3b6 0.3.6.2
firewall-offline-cmd: --forward-port 'toaddr' is optional (RHBZ#1014958)
firewall-cmd: fix variable name (RHBZ#1015011)
2013-10-04 17:38:32 +02:00
Jiri Popelka
8606b62ae8 0.3.6.1: removed superfluous po files 2013-10-03 11:06:47 +02:00
Jiri Popelka
87ffdf6d8d 0.3.6 2013-10-02 16:41:08 +02:00
Jiri Popelka
a56d3af167 removed unused firewalld-0.3.3-rich_rule_import.patch 2013-09-30 14:20:41 +02:00
Jiri Popelka
606593b832 0.3.5 2013-09-30 14:05:37 +02:00
Thomas Woerner
264441a52b Uploaded source archive 2013-07-30 20:18:11 +02:00
Thomas Woerner
e7b59ed68a New version 0.3.4
- several rich rule check enhancements and fixes
- firewall-cmd: direct options - check ipv4|ipv6|eb (RHBZ#970505)
- firewall-cmd(1): improve description of direct options (RHBZ#970509)
- several firewall-applet enhancements and fixes
- New README
- several doc and man page fixes
- Service definitions for PCP daemons (RHBZ#972262)
- bash-completion: add lockdown and rich language options
- firewall-cmd: add --permanent --list-all[-zones]
- firewall-cmd: new -q/--quiet option
- firewall-cmd: warn when default zone not active (RHBZ#971843)
- firewall-cmd: check priority in --add-rule (RHBZ#914955)
- add dhcpv6 (for server) service (RHBZ#917866)
- firewall-cmd: add --permanent --get-zone-of-interface/source --change-interface/source
- firewall-cmd: print result (yes/no) of all --query-* commands
- move permanent-getZoneOf{Interface|Source} from firewall-cmd to server
- Check Interfaces/sources when updating permanent zone settings.
- FirewallDConfig: getZoneOfInterface/Source can actually return more zones
- Fixed toaddr check in forward port to only allow single address, no range
- firewall-cmd: various output improvements
- fw_zone: use check_single_address from firewall.functions
- getZoneOfInterface/Source does not need to throw exception
- firewall.functions: Use socket.inet_pton in checkIP, fixed checkIP*nMask
- firewall.core.io.service: Properly check port/proto and destination address
- Install applet desktop file into /etc/xdg/autostart
- Fixed option problem with rich rule destinations (RHBZ#979804)
- Better exception creation in dbus_handle_exceptions() decorator (RHBZ#979790)
- Updated firewall-offline-cmd
- Use priority in add, remove, query and list of direct rules (RHBZ#979509)
- New documentation (man pages are created from docbook sources)
- firewall/core/io/direct.py: use prirority for rule methods, new get_all_ methods
- direct: pass priority also to client.py and firewall-cmd
- applet: New blink and blink-count settings
- firewall.functions: New function ppid_of_pid
- applet: Check for gnome3 and fix it, use new settings, new size-changed cb
- firewall-offline-cmd: Fix use of systemctl in chroot
- firewall-config: use string.ascii_letters instead of string.letters
- dbus_to_python(): handle non-ascii chars in dbus.String.
- Modernize old syntax constructions.
- dict.keys() in Python 3 returns a "view" instead of list
- Use gettext.install() to install _() in builtins namespace.
- Allow non-ascii chars in 'short' and 'description'
- README: More information for "Working With The Source Repository"
- Build environment fixes
- firewalld.spec: Added missing checks for rhel > 6 for pygobject3-base
- firewall-applet: New setting show-inactive
- Don't stop on reload when lockdown already enabled (RHBZ#987403)
- firewall-cmd: --lockdown-on/off did not touch firewalld.conf
- FirewallApplet.gschema.xml: Dropped unused sender-info setting
- doc/firewall-applet.xml: Added information about gsettings
- several debug and log message fixes
- Add chain for sources so they can be checked before interfaces (RHBZ#903222)
- Add dhcp and proxy-dhcp services (RHBZ#986947)
- io/Zone(): don't error on deprecated family attr of source elem
- Limit length of zone file name (to 12 chars) due to Netfilter internals.
- It was not possible to overload a zone with defined source(s).
- DEFAULT_ZONE_TARGET: {chain}_ZONE_{zone} -> {chain}_{zone}
- New runtime get<X>Settings for services and icmptypes, fixed policies callbacks
- functions: New functions checkUser, checkUid and checkCommand
- src/firewall/client: Fixed lockdown-whitelist-updated signal handling
- firewall-cmd(1): move firewalld.richlanguage(5) reference in --*-rich-rule
- Rich rule service: Only add modules for accept action
- firewall/core/rich: Several fixes and enhanced checks
- Fixed reload of direct rules
- firewall/client: New functions to set and get the exception handler
- firewall-config: New and enhanced UI to handle lockdown and rich rules
- zone's immutable attribute is redundant
- Do not allow to set settings in config for immutable zones.
- Ignore deprecated 'immutable' attribute in zone files.
- Eviscerate 'immutable' completely.
- FirewallDirect.query_rule(): fix it
- permanent direct: activate firewall.core.io.direct:Direct reader
- core/io/*: simplify getting of character data
- FirewallDirect.set_config(): allow reloading
2013-07-30 20:09:59 +02:00
Thomas Woerner
158ba25727 - Fixed rich rule check for use in D-Bus 2013-06-07 13:06:32 +02:00
Thomas Woerner
09913dec88 New version 0.3.3
- new service files
- relicensed logger.py under GPLv2+
- firewall-config: sometimes we don't want to use client's exception handler
- When removing Service/IcmpType remove it from zones too (RHBZ#958401)
- firewall-config: work-around masquerade_check_cb() being called more times
- Zone(IO): add interfaces/sources to D-Bus signature
- Added missing UNKNOWN_SOURCE error code
- fw_zone.check_source: Raise INVALID_FAMILY if family is invalid
- New changeZoneOfInterface method, marked changeZone as deprecated
- Fixed firewall-cmd man page entry for --panic-on
- firewall-applet: Fixed possible problems of unescaped strings used for markup
- New support to bind zones to source addresses and ranges (D-BUS, cmd, applet
- Cleanup of unused variables in FirewallD.start
- New firewall/fw_types.py with LastUpdatedOrderedDict
- direct.chains, direct.rules: Using LastUpdatedOrderedDict
- Support splitted zone files
- New reader and writer for stored direct chains and rules
- LockdownWhitelist: fix write(), add get_commands/uids/users/contexts()
- fix service_writer() and icmptype_writer() to put newline at end of file
- firewall-cmd: fix --list-sources
- No need to specify whether source address family is IPv4 or IPv6
- add getZoneOfSource() to D-Bus interface
- Add tests and bash-completion for the new "source" operations
- Convert all input args in D-Bus methods
- setDefaultZone() was calling accessCheck() *after* the action
- New uniqify() function to remove duplicates from list whilst preserving order
- Zone.combine() merge also services and ports
- config/applet: silence DBusException during start when FirewallD is not running (RHBZ#966518)
- firewall-applet: more fixes to make the address sources family agnostic
- Better defaults for lockdown white list
- Use auth_admin_keep for allow_any and allow_inactive also
- New D-Bus API for lockdown policies
- Use IPv4, IPv6 and BRIDGE for FirewallD properties
- Use rich rule action as audit type
- Prototype of string-only D-Bus interface for rich language
- Fixed wrongly merged source family check in firewall/core/io/zone.py
- handle_cmr: report errors, cleanup modules in error case only, mark handling
- Use audit type from rule action, fixed rule output
- Fixed lockdown whitelist D-Bus handling method names
- New rich rule handling in runtime D-Bus interface
- Added interface, source and rich rule handling (runtime and permanent)
- Fixed dbus_obj in FirewallClientConfigPolicies, added queryLockdown
- Write changes in setLockdownWhitelist
- Fixed typo in policies log message in method calls
- firewall-cmd: Added rich rule, lockdown and lockdown whitelist handling
- Don't check access in query/getLockdownWhitelist*()
- firewall-cmd: Also output masquerade flag in --list-all
- firewall-cmd: argparse is able to convert argument to desired type itself
- firewall-cmd_test.sh: tests for permanent interfaces/sources and lockdown whitelist
- Makefile.am: add missing files
- firewall-cmd_test.sh: tests for rich rules
- Added lockdown, source, interface and rich rule docs to firewall-cmd
- Do not masquerade lo if masquerade is enabled in the default zone (RHBZ#904098)
- Use <rule> in metavar for firewall-cmd parser
2013-06-06 18:16:48 +02:00
Jiri Popelka
153e91a20e removed unintentional en_US.po from tarball 2013-05-10 12:15:41 +02:00
Jiri Popelka
621401bf15 0.3.2
- Fix signal handling for SIGTERM
- Additional service files (RHBZ#914859)
- Updated po files
- s/persistent/permanent/ (Trac Ticket #7)
- Better behaviour when running without valid DISPLAY (RHBZ#955414)
- client.handle_exceptions(): do not loop forever
- Set Zone.defaults in zone_reader (RHBZ#951747)
- client: do not pass the dbus exception name to handler
- IO_Object_XMLGenerator: make it work with Python 2.7.4 (RHBZ#951741)
- firewall-cmd: do not use deprecated BaseException.message
- client.py: fix handle_exceptions() (RHBZ#951314)
- firewall-config: check zone/service/icmptype name (RHBZ#947820)
- Allow 3121/tcp (pacemaker_remote) in cluster-suite service. (RHBZ#885257)
- firewall-applet: fix default zone hangling in 'shields-up' (RHBZ#947230)
- FirewallError.get_code(): check for unknown error
2013-04-30 18:24:00 +02:00
Jiri Popelka
266373aa73 Make permanenent changes work with Python 2.7.4 (RHBZ#951741) 2013-04-17 10:10:01 +02:00