- Enhancements of ipset handling
- No cleanup of ipsets using timeouts while reloading
- Only destroy conflicting ipsets
- Only use ipset types supported by the system
- Add and remove several ipset entries in one call using a file
- Reduce time frame where builtin chains are on policy DROP while reloading
- Include descriptions in --info-X calls
- Command line interface support to get and alter descriptions of zones,
services, ipsets and icmptypes with permanent option
- Properly watch changes in combined zones
- Fix logging in rich rule forward rules
- Transformed direct.passthrough errors into warnings
- Rework of import structures
- Reduced calls to get ids for port and protocol names (RHBZ#1305434)
- Build and installation fixes by Markos Chandras
- Provide D-Bus properties in introspection data
- Fix for flaws found by landscape.io
- Fix for repeated SUGHUP
- New NetworkManager module to get and set zones of connections, used in
firewall-applet and firewall-config
- configure: Autodetect backend tools ({ip,ip6,eb}tables{,-restore}, ipset)
- Code cleanups
- Bug fixes
- Speed ups
- ipset support
- MAC address support
- Log of denied packets
- Mark action in rich rules
- Enhanced alteration of config files with command line tools
- Use of zone chains in direct interface
- firewall-applet enhancement
- New services: ceph-mon, ceph, docker-registry, imap, pop3, pulseaudio,
smtps, snmptrap, snmp, syslog-tls and syslog
- Several bug fixes
- Code optimizations
- fix dependencies for -applet and -config: use_python3 is the proper switch
not with_python3 (RHBZ#1232493)
* New upstream version 0.3.14.2:
- firewalld.spec:
- fixed requirements for -applet and -config
- man pages:
- adapted firewall-applet man page to new version
- firewall-applet:
- Only honour active connections for zone changes
- Change QSettings path and file names
- firewall-config:
- Only honour active connections for zone changes in the “Change Zones of Connections” menu
- Translations:
- updated translations
- marked translations for “Connections” for review
- firewall-applet
- do not use isSystemTrayAvailable check to fix KDE5 startup
- dropped gtk applet remain: org.fedoraproject.FirewallApplet.gschema.xml
* 0.3.14-1
- renamed python2-firewall to python-firewall
- fixed requirements for GUI parts with Python3
- dropped upstream merged python3 patch
- firewalld:
- print real zone names in error messages
- iptables 1.4.21 does not accept limits of 1/day, minimum is 2/day now
- rate limit fix for rich rules
- fix readdition of removed permanent direct settings
- adaption of the polkit domains to use PK_ACTION_DIRECT_INFO
- fixed two minor Python3 issues in firewall.core.io.direct
- fixed use of fallback configuration values
- fixed use without firewalld.conf
- firewalld main restructureization
- IPv6_rpfilter now also available as a property on D-Bus in the config interface
- fixed wait option use for ipXtables
- added --concurrent support for ebtables
- richLanguage: allow masquerading with destination
- richLanguage: limit masquerading forward rule to new connections
- ipXtables: No dns lookups in available_tables and _detect_wait_option
- full ebtables support: start, stop, reload, panic mode, direct chains and rules
- fix for reload with direct rules
- fix or flaws found by landscape.io
- pid file handling fixes in case of pid file removal
- fix for client issue in case of a dbus NoReply error
- configuration
- new services: dropbox-lansync, ptp
- new icmptypes: timestamp-request, timestamp-reply
- man pages:
- firewalld.zones(5): fixed typos
- firewalld.conf(5): Fixed wrong reference to firewalld.lockdown-whitelist page
- firewall-applet:
- new version using Qt4 fixing several issues with the Gtk version
- spec file:
- enabled Python3 support: new backends python-firewall and python3-firewall
- some cleanup
- git:
- migrated to github
- translations:
- migrated to zanata
- build environment:
- no need for autoconf-2.69, 2.68 is sufficient
- enable python2 and python3 bindings for fedora >= 20 and rhel >= 7
- use python3 bindings on fedora >= 22 and rhel >= 8 for firewalld,
firewall-config and firewall-applet
- Fixed persistent port forwarding (RHBZ#1056154)
- Stop default zone rules being applied to all zones (RHBZ#1057875)
- Enforce trust, block and drop zones in the filter table only (RHBZ#1055190)
- Allow RAs prior to applying IPv6_rpfilter (RHBZ#1058505)
