Commit Graph

62 Commits

Author SHA1 Message Date
Eric Garver
ef8e49491c rebase to v0.6.2
Resolves: rhbz 1624600
2018-09-21 14:33:13 -04:00
Eric Garver
cab87bda0c rebase to v0.6.1
Resolves: rhbz 1614048
2018-08-10 10:24:25 -04:00
Eric Garver
cb592bb50d rebase to v0.6.0 2018-07-25 09:01:04 -04:00
Eric Garver
18f8c5a7f2 rebase to v0.5.3 2018-05-16 10:32:57 -04:00
Eric Garver
7dbe008cf6 rebase to v0.5.2 2018-03-19 15:27:18 -04:00
Eric Garver
991b466c6e rebase to v0.5.1 2018-02-07 11:42:15 -05:00
Thomas Woerner
94ddb8feb5 Source for 0.4.4.5 2017-06-13 13:41:32 +02:00
Thomas Woerner
fd60bdf28a Update sources 2017-04-03 17:37:58 +02:00
Thomas Woerner
e66ea00b1e - Rebase to firewalld-0.4.4.3
http://www.firewalld.org/2017/02/firewalld-0-4-4-3-release
- Speed up of large file loading
- Support for more ipset types
- Speed up of adding or removing entries for ipsets from files
- Support icmp-type usage in rich rules
- Support for more icmp types
- Support for h323 conntrack helper
- New services
- Code cleanup and several other bug fixes
- Translation updates
2017-02-10 17:33:07 +01:00
Thomas Woerner
27c4930b69 - Dropping firewalld-selinux package again as the required fix made it into
selinux-policy packages for F-23+, updated selinux-policy version conflicts
2016-12-05 17:31:40 +01:00
Thomas Woerner
1118c441f2 - New firewalld-selinux sub package delivering the SELinux policy module for
firewalld (RHBZ#1396765) (RHBZ#1394625) (RHBZ#1394578) (RHBZ#1394573)
  (RHBZ#1394569)
- New firewalld release 0.4.4.2:
  - firewalld.spec: Added helpers and ipsets paths to firewalld-filesystem
  - firewall.core.fw_nm: create NMClient lazily
  - Do not use hard-coded path for modinfo, use autofoo to detect it
  - firewall.core.io.ifcfg: Dropped invalid option warning with bad format
    string
  - firewall.core.io.ifcfg: Properly handle quoted ifcfg values
  - firewall.core.fw_zone: Do not reset ZONE with ifdown
  - Updated translations from zanata
  - firewall-config: Extra grid at bottom to visualize firewalld settings
2016-12-01 15:44:42 +01:00
Thomas Woerner
92dff91190 New firewalld version 0.4.4.1
Version 0.4.4.1:
- firewall-config: Use proper source check in sourceDialog (fixes issue#162)
- firewallctl: New support for helpers
- Translation updates

Version 0.4.4:
- Fix dist-check
- src/Makefile.am: Install new helper files
- config/Makefile.am: Install helpers
- Merged translations
- Updated translations from zanata
- firewalld.spec: Adapt requires for PyQt5
- firewall-applet: Fix fromUTF8 for python2 PyQt5 usage
- firewall-applet: Use PyQt5
- firewall-config: New nf_conntrack_select dialog, use nf_conntrack_helpers D-Bus property
- shell-completion/bash/firewall-cmd: Updates for helpers and also some fixes
- src/tests/firewall-[offline-]cmd_test.sh: New helper tests, adapted module tests for services
- doc/xml/seealso.xml: Add firewalld.helper(5) man page
- doc/xml/seealso.xml: Add firewalld.ipset(5) man page
- Fixed typo in firewalld.ipset(5) man page
- Updated firewalld.dbus(5) man page
- New firewalld.helper(5) man page
- doc/xml/firewall-offline-cmd.xml: Updated firewall-offline-cmd man page
- doc/xml/firewall-cmd.xml: Updated firewall-cmd man page
- firewall-offline-cmd: New support for helpers
- firewall-cmd: New support for helpers
- firewall.command: New check_helper_family, check_module and print_helper_info methods
- firewall.core.fw_test: Add helpers also to offline backend
- firewall.server.config: New AutomaticHelpers property (rw)
- firewall.server.config: Fix an dict size changed error for firewall.conf file changes
- firewall.server.config: Make LogDenied property readwrite to be consistent
- Some renames of nf_conntrack_helper* functions and structures, helpers is a dict
- firewall.core.fw: Properly check helper setting in set_automatic_helpers
- firewall.errors: Add missing BUILTIN_HELPER error code
- No extra interface for helpers needed in runtime, dropped DBUS_INTERFACE_HELPER
- firewall.server.firewalld: Drop unused queryHelper D-Bus method
- New helpers Q.931 and RAS from nf_conntrack_h323
- firewall.core.io.helper: Allow dots in helper names, remove underscore
- firewall.core.io.firewalld_conf: Fixed typo in FALLBACK_AUTOMATIC_HELPERS
- firewall-[offline-]cmd: Use sys.excepthook to force exception_handler usage always
- firewall.core.fw_config: new_X methods should also check builtins
- firewall.client: Set helper family to "" if None
- firewall.client: Add missing module string to FirewallClientHelperSettings.settings
- config/firewalld.conf: Add possible values description for AutomaticHelpers
- helpers/amanda.xml: Fix typo in helper module
- firewall-config: Added support for helper module setting
- firewall.client: Added support for helper module setting
- firewall.server.config_helper: Added support for helper module setting
- firewall.core.io.service, firewall.server.config_service: Only replace underscore by dash if module start with nf_conntrack_
- firewall.core.fw_zone: Use helper module instead of a generated name from helper name
- helpers: Added kernel module
- firewall.core.io.helper: Add module to helper
- firewall-cmd: Removed duplicate --get-ipset-types from help output
- firewall.core.fw_zone: Add zone bingings for PREROUTING in the raw table
- firewall.core.ipXtables: Add PREROUTING default rules for zones in raw table
- firewall-config: New support to handle helpers, new dialogs, new helper tab, ..
- config/org.fedoraproject.FirewallConfig.gschema.xml.in: New show-helpers setting
- firewall.client: New helper management for runtime and permanent configuration
- firewall.server.firewalld: New runtime helper management, new nf_conntrack_helper property
- firewall.server.config_service: Fix module name handling (no nf_conntrack_ prefix needed)
- firewall.server.config: New permanent D-Bus helper management
- New firewall.server.config_helper to provide the permanent D-Bus interface for helpers
- firewall.core.fw_zone: Use helpers fw.nf_conntrack_helper for services using helpers
- firewall.core.fw: New helper management, new _automatic_helpers and nf_conntrack_helper settings
- firewall.core.fw_config: Add support for permanent helper handling
- firewall.core.io.service: The module does not need to start with nf_conntrack_ anymore
- firewall.functions: New functions to get and set nf_conntrack_helper kernel setting
- firewall.core.io.firewalld_conf: New support for AutomaticHelpers setting
- firewall.config.dbus: New D-Bus definitions for helpers, new DBUS_INTERFACE_REVISION 12
- New firewall.core.fw_helper providing FirewallHelper backend
- New firewall.core.helper with HELPER_MAXNAMELEN definition
- config/firewalld.conf: New AutomaticHelpers setting with description
- firewall.config.__init__.py.in: New helpers variables
- firewalld.spec: Add new helpers directory
- config/Makefile.am: Install new helpers
- New helper configuration files for amanda, ftp, irc, netbios-ns, pptp, sane, sip, snmp and tftp
- firewall.core.io.helper: New IO handler for netfilter helpers
- firewall.errors: New INVALID_HELPER error code
- firewall.core.io.ifcfg: Use .bak for save files
- firewall-config: Set internal log_denied setting after changing
- firewall.server.config: Copy props before removing items
- doc/xml/firewalld.ipset: Replaced icmptype name remains with ipset
- firewall.core.fw_zone: Fix LOG rule placement for LogDenied
- firewall.command: Use "source-ports" in print_zone_info
- firewall.core.logger: Use syslog.openlog() and syslog.closelog()
- firewall-[offline-]cmd man pages: Document --path-{zone,icmptype,ipset,service}
- firewall-cmd: Enable --path-{zone,icmptype,service} options again
- firewall.core.{ipXtables,ebtables}: Copy rule before extracting items in set_rules
- firewall.core.fw: Do not abort transaction on failed ipv6_rpfilter rules
- config/Makefile.am: Added cfengine, condor-collector and smtp-submission services
- Makefile.am: New dist-check used in the archive target
- src/Makefile.am: Reordered nobase_dist_python_DATA to be sorted
- config/Makefile.am: New CONFIG_FILES variable to contain the config files
- Merge pull request #150 from hspaans/master
- Merge pull request #146 from canvon/bugfix/spelling
- Merge pull request #145 from jcpunk/condor
- Command line tools man pages: New section about sequence options and exit codes
- Creating service file for SMTP-Submission.
- Creating service file for CFEngine.
- Fix typo in documentation: iptables mangle table
- Only use sort on lists of main items, but not for item properties
- firewall.core.io.io_object: import_config should not change ordering of lists
- firewall.core.fw_transaction: Load helper modules in FirewallZoneTransaction
- firewall.command: Fail with NOT_AUTHORIZED if authorization fails (RHBZ#1368549)
- firewall.command: Fix sequence exit code with at least one succeeded item
- Add condor collector service
- firewall-cmd: Fixed --{get,set}-{description,short} for permanent zones
- firewall.command: Do not use error code 254 for {ALREADY,NOT}_ENABLED sequences
2016-11-10 18:01:01 +01:00
Thomas Woerner
296ea4d3bd New version 0.4.3.3
- Fix CVE-2016-5410: Firewall configuration can be modified by any logged in
  user
- firewall/server/firewalld: Make getXSettings and getLogDenied CONFIG_INFO
- Update AppData configuration file.
- tests/firewalld_rich.py: Use new import structure and FirewallClient classes
- tests/firewalld_direct.py: Use new import structure
- tests: firewalld_direct: Fix assert to check for True instead of False
- tests: firewalld_config: Fix expected value when querying the zone target
- tests: firewalld_config: Use real nf_conntrack modules
- firewalld.spec: Added comment about make call for %build
- firewall-config: Use also width_request and height_request with default size
- Updated firewall-config screenshot
- firewall-cmd: Fixed typo in help output (RHBZ#1367171)
- test-suite: Ignore stderr to get default zone also for missing firewalld.conf
- firewall.core.logger: Warnings should be printed to stderr per default
- firewall.core.fw_nm: Ignore NetworkManager if NM.Client connect fails
- firewall-cmd, firewallctl: Gracefully fail if SystemBus can not be aquired
- firewall.client: Generate new DBUS_ERROR if SystemBus can not be aquired
- test-suite: Do not fail on ALREADY_ENABLED --add-destination tests
- firewall.command: ALREADY_ENABLED, NOT_ENABLED, ZONE_ALREADY_SET are warnings
- doc/xml/firewalld.dbus.xml: Removed undefined reference
- doc/xml/transform-html.xsl.in: Fixed references in the document
- doc/xml/firewalld.{dbus,zone}.xml: Embed programlisting in para
- doc/xml/transform-html.xsl.in: Enhanced html formatting closer to the man page
- firewall: core: fw_nm: Instantiate the NM client only once
- firewall/core/io/*.py: Do not traceback on a general sax parsing issue
- firewall-offline-cmd: Fix --{add,remove}-entries-from-file
- firewall-cmd: Add missing action to fix --{add,remove}-entries-from-file
- firewall.core.prog: Do not output stderr, but return it in the error case
- firewall.core.io.ifcfg.py: Fix ifcfg file reader and writer (RHBZ#1362171)
- config/firewall.service.in: use KillMode=mixed
- config/firewalld.service.in: use network-pre.target
- firewall-config: Add missing gettext.textdomain call to fix translations
- Add UDP to transmission-client.xml service
- tests/firewall-[offline-]cmd_test.sh: Hide errors and warnings
- firewall.client: Fix ALREADY_ENABLED errors in icmptype destination calls
- firewall.client: Fix NOT_ENABLED errors in icmptype destination calls
- firewall.client: Use {ALREADY,NOT}_ENABLED errors in icmptype destination
  calls
- firewall.command: Add the removed FirewallError handling to the action
  (a17ce50)
- firewall.command: Do not use query methods for sequences and also single
  options
- Add missing information about MAC and ipset sources to man pages and help
  output
- firewalld.spec: Add BuildRequires for libxslt to enable rebuild of man pages
- firewall[-offline]-cmd, firewallctl, firewall.command: Use sys.{stdout,stderr}
- firewallctl: Fix traceback if not connected to firewalld
- firewall-config: Initialize value in on_richRuleDialogElementChooser_clicked
- firewall.command: Convert errors to string for Python3
- firewall.command: Get proper firewall error code from D-BusExceptions
- firewall-cmd: Fixed traceback without args
- Add missing service files to Makefile.am
- shell-completion: Add shell completion support for
  --{get,set}--{description,short}
- Updated RHEL-7 selinux-policy and squid conflict
2016-08-16 22:26:58 +02:00
Thomas Woerner
ffe18e7c08 - New firewalld release 0.4.3.2
- Fix regression with unavailable optional commands
- All missing backend messages should be warnings
- Individual calls for missing restore commands
- Only one authenticate call for add and remove options and also sequences
- New service RH-Satellite-6
- Fixed selinux-policy conflict version for RHEL-7
2016-07-05 19:47:25 +02:00
Thomas Woerner
99b1f46310 - New firewalld release 0.4.3.1
- firewall.command: Fix python3 DBusException message not interable error
- src/Makefile.am: Fix path in firewall-[offline-]cmd_test.sh while installing
- firewallctl: Do not trace back on list command without further arguments
- firewallctl (man1): Added remaining sections zone, service, ..
- firewallctl: Added runtime-to-permanent, interface and source parser,
  IndividualCalls setting
- firewall.server.config: Allow to set IndividualCalls property in config
  interface
- Fix missing icmp rules for some zones
- runProg: Fix issue with running programs
- firewall-offline-cmd: Fix issues with missing system-config-firewall
- firewall.core.ipXtables: Split up source and dest addresses for transaction
- firewall.server.config: Log error in case of loading malformed files in
  watcher
- Install and package the firewallctl man page
- New firewallctl utility (RHBZ#1147959)
- doc.xml.seealso: Show firewalld.dbus in See Also sections
- firewall.core.fw_config: Create backup on zone, service, ipset and icmptype
  removal (RHBZ#1339251)
- {zone,service,ipset,icmptype}_writer: Do not fail on failed backup
- firewall-[offline-]cmd: Fix --new-X-from-file options for files in cwd
- firewall-cmd: Dropped duplicate setType call in --new-ipset
- radius service: Support also tcp ports (RBZ#1219717)
- xmlschemas: Support source-port, protocol, icmp-block-inversion and ipset
  sources
- config.xmlschema.service.xsd: Fix service destination conflicts
  (RHBZ#1296573)
- firewall-cmd, firewalld man: Information about new NetworkManager and ifcfg
- firewall.command: Only print summary and description in print_X_info with
  verbose
- firewall.command: print_msg should be able to print empty lines
- firewall-config: No processing of runtime passthroughs signals in permanent
- Landspace.io fixes and pylint calm downs
- firewall.core.io.zone: Add zone_reader and zone_writer to __all__, pylint
  fixes
- firewall-config: Fixed titles of command and context dialogs, also entry
  lenths
- firewall-config: pylint calm downs
- firewall.core.fw_zone: Fix use of MAC source in rich rules without ipv limit
- firewall-config: Use self.active_zoens in conf_zone_added_cb
- firewall.command: New parse_port, extended parse methods with more checks
- firewall.command: Fixed parse_port to use the separator in the split call
- firewall.command: New [de]activate_exception_handler, raise error in parse_X
- services ha: Allow corosync-qnetd port
- firewall-applet: Support for kde5-nm-connection-editor
- tests/firewall-offline-cmd_test.sh: New tests for service and icmptype
  modifications
- firewall-offline-cmd: Use FirewallCommand for simplification and sequence
  options
- tests/firewall-cmd_test.sh: New tests for service and icmptype modifications
- firewall-cmd: Fixed set, remove and query destination options for services
- firewall.core.io.service: Source ports have not been checked in _check_config
- firewall.core.fw_zone: Method check_source_port is not used, removed
- firewall.core.base: Added default to ZONE_TARGETS
- firewall.client: Allow to remove ipv:address pair for service destinations
- tests/firewall-offline-cmd_test.sh: There is no timeout option in permanent
- firewall-cmd: Landscape.io fixes, pylint calm downs
- firewall-cmd: Use FirewallCommand for simplification and sequence options
- firewall.command: New FirewallCommand for command line client simplification
- New services: kshell, rsh, ganglia-master, ganglia-client
- firewalld: Cleanup of unused imports, do not translate some deamon messages
- firewalld: With fd close interation in runProg, it is not needed here anymore
- firewall.core.prog: Add fd close iteration to runProg
- firewall.core.fw_nm: Hide NM typelib import, new nm_get_dbus_interface
  function
- firewalld.spec: Require NetworkManager-libnm instead of NetworkManager-glib
- firewall-config: New add/remove ipset entries from file, remove all entries
- firewall-applet: Fix tooltip after applet start with connection to firewalld
- firewall-config: Select new zone, service or icmptype if the view was empty
- firewalld.spec: Added build requires for iptables, ebtables and ipset
- Adding nf_conntrack_sip module to the service SIP
- firewall: core: fw_ifcfg: Quickly return if ifcfg directory does not exist
- Drop unneeded python shebangs
- Translation updates

* Mon May 30 2016 Thomas Woerner <twoerner@redhat.com> - 0.4.2-1
- New module to search for and change ifcfg files for interfaces not under
  control of NM
- firewall_config: Enhanced messages in status bar
- firewall-config: New message window as overlay if not connected
- firewall-config: Fix sentivity of option, view menus and main paned if not
  connected
- firewall-applet: Quit on SIGINT (Ctrl-C), reduced D-Bus calls, some cleanup
- firewall-[offline]cmd: Show target in zone information
- D-Bus: Completed masquerade methods in FirewallClientZoneSettings
- Fixed log-denied rules for icmp-blocks
- Keep sorting of interfaces, services, icmp-blocks and other settings in zones
- Fixed runtime-to-permanent not to save interfaces under control of NM
- New icmp-block-inversion flag in the zones
- ICMP type filtering in the zones
- New services: sip, sips, managesieve
- rich rules: Allow destination action (RHBZ#1163428)
- firewall-offline-cmd: New option -q/--quiet
- firewall-[offline-]cmd: New --add-[zone,service,ipset,icmptype]-from-file
- firewall-[offline-]cmd: Fix option for setting the destination address
- firewall-config: Fixed resizing behaviour
- New transaction model for speed ups in start, restart, stop and other actions
- firewall-cmd: New options --load{zone,service,ipset,icmptype}-defaults
- Fixed memory leak in dbus_introspection_add_properties
- Landscape.io fixes, pylint calm downs
- New D-Bus getXnames methods to speed up firewall-config and firewall-cmd
- ebtables-restore: No support for COMMIT command
- Source port support in services, zones and rich rules
- firewall-offline-cmd: Added --{add,remove}-entries-from-file for ipsets
- firewall-config: New active bindings side bar for simple binding changes
- Reworked NetworkManager module
- Proper default zone handling for NM connections
- Try to set zone binding with NM if interface is under control of NM
- Code cleanup and bug fixes
- Include test suite in the release and install in /usr/share/firewalld/tests
- New Travis-CI configuration file
- Fixed more broken frensh translations
- Translation updates
2016-06-28 21:01:55 +02:00
Thomas Woerner
6a8dbbc80b New firewalld release 0.4.2
- New module to search for and change ifcfg files for interfaces not under
  control of NM
- firewall_config: Enhanced messages in status bar
- firewall-config: New message window as overlay if not connected
- firewall-config: Fix sentivity of option, view menus and main paned if not
  connected
- firewall-applet: Quit on SIGINT (Ctrl-C), reduced D-Bus calls, some cleanup
- firewall-[offline]cmd: Show target in zone information
- D-Bus: Completed masquerade methods in FirewallClientZoneSettings
- Fixed log-denied rules for icmp-blocks
- Keep sorting of interfaces, services, icmp-blocks and other settings in zones
- Fixed runtime-to-permanent not to save interfaces under control of NM
- New icmp-block-inversion flag in the zones
- ICMP type filtering in the zones
- New services: sip, sips, managesieve
- rich rules: Allow destination action (RHBZ#1163428)
- firewall-offline-cmd: New option -q/--quiet
- firewall-[offline-]cmd: New --add-[zone,service,ipset,icmptype]-from-file
- firewall-[offline-]cmd: Fix option for setting the destination address
- firewall-config: Fixed resizing behaviour
- New transaction model for speed ups in start, restart, stop and other actions
- firewall-cmd: New options --load{zone,service,ipset,icmptype}-defaults
- Fixed memory leak in dbus_introspection_add_properties
- Landscape.io fixes, pylint calm downs
- New D-Bus getXnames methods to speed up firewall-config and firewall-cmd
- ebtables-restore: No support for COMMIT command
- Source port support in services, zones and rich rules
- firewall-offline-cmd: Added --{add,remove}-entries-from-file for ipsets
- firewall-config: New active bindings side bar for simple binding changes
- Reworked NetworkManager module
- Proper default zone handling for NM connections
- Try to set zone binding with NM if interface is under control of NM
- Code cleanup and bug fixes
- Include test suite in the release and install in /usr/share/firewalld/tests
- New Travis-CI configuration file
- Fixed more broken frensh translations
- Translation updates
2016-05-30 18:35:48 +02:00
Thomas Woerner
a81efa3c56 - Fixed translations with python3
- Fixed exception for failed NM import, new doc string
- Make ipsets visible per default in firewall-config
- Install new fw_nm module
- Do not fail if log file could not be opened
- Fixed broken fr translation
2016-04-20 19:13:31 +02:00
Thomas Woerner
59f898339e New firewalld version 0.4.1
- Enhancements of ipset handling
  - No cleanup of ipsets using timeouts while reloading
  - Only destroy conflicting ipsets
  - Only use ipset types supported by the system
  - Add and remove several ipset entries in one call using a file
- Reduce time frame where builtin chains are on policy DROP while reloading
- Include descriptions in --info-X calls
- Command line interface support to get and alter descriptions of zones,
  services, ipsets and icmptypes with permanent option
- Properly watch changes in combined zones
- Fix logging in rich rule forward rules
- Transformed direct.passthrough errors into warnings
- Rework of import structures
- Reduced calls to get ids for port and protocol names (RHBZ#1305434)
- Build and installation fixes by Markos Chandras
- Provide D-Bus properties in introspection data
- Fix for flaws found by landscape.io
- Fix for repeated SUGHUP
- New NetworkManager module to get and set zones of connections, used in
  firewall-applet and firewall-config
- configure: Autodetect backend tools ({ip,ip6,eb}tables{,-restore}, ipset)
- Code cleanups
- Bug fixes
2016-04-19 17:22:50 +02:00
Thomas Woerner
b2398523d9 New version 0.4.0
- Speed ups
  - ipset support
  - MAC address support
  - Log of denied packets
  - Mark action in rich rules
  - Enhanced alteration of config files with command line tools
  - Use of zone chains in direct interface
  - firewall-applet enhancement
  - New services: ceph-mon, ceph, docker-registry, imap, pop3, pulseaudio,
    smtps, snmptrap, snmp, syslog-tls and syslog
  - Several bug fixes
  - Code optimizations
2016-02-01 17:53:28 +01:00
Thomas Woerner
a852a77a23 - reunification of the firewalld spec files for all Fedora releases
- fix dependencies for -applet and -config: use_python3 is the proper switch
  not with_python3 (RHBZ#1232493)

* New upstream version 0.3.14.2:

- firewalld.spec:
  - fixed requirements for -applet and -config
- man pages:
  - adapted firewall-applet man page to new version
- firewall-applet:
  - Only honour active connections for zone changes
  - Change QSettings path and file names
- firewall-config:
  - Only honour active connections for zone changes in the “Change Zones of Connections” menu
- Translations:
  - updated translations
  - marked translations for “Connections” for review
2015-06-17 11:54:16 +02:00
Thomas Woerner
5daf27c45b use 0.3.14.1 2015-06-13 00:02:20 +02:00
Jiri Popelka
959b2db1fd 0.3.13 2014-12-04 19:13:21 +01:00
Jiri Popelka
e89b2b2ecd 0.3.12 2014-10-14 18:20:55 +02:00
Jiri Popelka
0b65a30f38 0.3.11 2014-08-20 18:53:02 +02:00
Jiri Popelka
c27a83cb8e 0.3.10 2014-05-29 10:34:57 +02:00
Jiri Popelka
cabfc2d180 0.3.9.3
- Fixed persistent port forwarding (RHBZ#1056154)
- Stop default zone rules being applied to all zones (RHBZ#1057875)
- Enforce trust, block and drop zones in the filter table only (RHBZ#1055190)
- Allow RAs prior to applying IPv6_rpfilter (RHBZ#1058505)
2014-02-05 17:52:17 +01:00
Jiri Popelka
660f9abf4a fix regression introduced in 0.3.9 (RHBZ#1053932) 2014-01-17 07:03:33 +01:00
Jiri Popelka
3c3e49e817 0.3.9.1 2014-01-16 16:11:10 +01:00
Jiri Popelka
ad89fb7fd0 0.3.9 2014-01-13 17:22:51 +01:00
Jiri Popelka
15e74e15b5 0.3.8 - memleaks fixed, python3 support 2013-11-05 16:06:55 +01:00
Jiri Popelka
71ed8131bf 0.3.7 2013-10-17 17:30:19 +02:00
Jiri Popelka
f9bb7ae3b6 0.3.6.2
firewall-offline-cmd: --forward-port 'toaddr' is optional (RHBZ#1014958)
firewall-cmd: fix variable name (RHBZ#1015011)
2013-10-04 17:38:32 +02:00
Jiri Popelka
8606b62ae8 0.3.6.1: removed superfluous po files 2013-10-03 11:06:47 +02:00
Jiri Popelka
87ffdf6d8d 0.3.6 2013-10-02 16:41:08 +02:00
Jiri Popelka
606593b832 0.3.5 2013-09-30 14:05:37 +02:00
Thomas Woerner
264441a52b Uploaded source archive 2013-07-30 20:18:11 +02:00
Thomas Woerner
09913dec88 New version 0.3.3
- new service files
- relicensed logger.py under GPLv2+
- firewall-config: sometimes we don't want to use client's exception handler
- When removing Service/IcmpType remove it from zones too (RHBZ#958401)
- firewall-config: work-around masquerade_check_cb() being called more times
- Zone(IO): add interfaces/sources to D-Bus signature
- Added missing UNKNOWN_SOURCE error code
- fw_zone.check_source: Raise INVALID_FAMILY if family is invalid
- New changeZoneOfInterface method, marked changeZone as deprecated
- Fixed firewall-cmd man page entry for --panic-on
- firewall-applet: Fixed possible problems of unescaped strings used for markup
- New support to bind zones to source addresses and ranges (D-BUS, cmd, applet
- Cleanup of unused variables in FirewallD.start
- New firewall/fw_types.py with LastUpdatedOrderedDict
- direct.chains, direct.rules: Using LastUpdatedOrderedDict
- Support splitted zone files
- New reader and writer for stored direct chains and rules
- LockdownWhitelist: fix write(), add get_commands/uids/users/contexts()
- fix service_writer() and icmptype_writer() to put newline at end of file
- firewall-cmd: fix --list-sources
- No need to specify whether source address family is IPv4 or IPv6
- add getZoneOfSource() to D-Bus interface
- Add tests and bash-completion for the new "source" operations
- Convert all input args in D-Bus methods
- setDefaultZone() was calling accessCheck() *after* the action
- New uniqify() function to remove duplicates from list whilst preserving order
- Zone.combine() merge also services and ports
- config/applet: silence DBusException during start when FirewallD is not running (RHBZ#966518)
- firewall-applet: more fixes to make the address sources family agnostic
- Better defaults for lockdown white list
- Use auth_admin_keep for allow_any and allow_inactive also
- New D-Bus API for lockdown policies
- Use IPv4, IPv6 and BRIDGE for FirewallD properties
- Use rich rule action as audit type
- Prototype of string-only D-Bus interface for rich language
- Fixed wrongly merged source family check in firewall/core/io/zone.py
- handle_cmr: report errors, cleanup modules in error case only, mark handling
- Use audit type from rule action, fixed rule output
- Fixed lockdown whitelist D-Bus handling method names
- New rich rule handling in runtime D-Bus interface
- Added interface, source and rich rule handling (runtime and permanent)
- Fixed dbus_obj in FirewallClientConfigPolicies, added queryLockdown
- Write changes in setLockdownWhitelist
- Fixed typo in policies log message in method calls
- firewall-cmd: Added rich rule, lockdown and lockdown whitelist handling
- Don't check access in query/getLockdownWhitelist*()
- firewall-cmd: Also output masquerade flag in --list-all
- firewall-cmd: argparse is able to convert argument to desired type itself
- firewall-cmd_test.sh: tests for permanent interfaces/sources and lockdown whitelist
- Makefile.am: add missing files
- firewall-cmd_test.sh: tests for rich rules
- Added lockdown, source, interface and rich rule docs to firewall-cmd
- Do not masquerade lo if masquerade is enabled in the default zone (RHBZ#904098)
- Use <rule> in metavar for firewall-cmd parser
2013-06-06 18:16:48 +02:00
Jiri Popelka
153e91a20e removed unintentional en_US.po from tarball 2013-05-10 12:15:41 +02:00
Jiri Popelka
621401bf15 0.3.2
- Fix signal handling for SIGTERM
- Additional service files (RHBZ#914859)
- Updated po files
- s/persistent/permanent/ (Trac Ticket #7)
- Better behaviour when running without valid DISPLAY (RHBZ#955414)
- client.handle_exceptions(): do not loop forever
- Set Zone.defaults in zone_reader (RHBZ#951747)
- client: do not pass the dbus exception name to handler
- IO_Object_XMLGenerator: make it work with Python 2.7.4 (RHBZ#951741)
- firewall-cmd: do not use deprecated BaseException.message
- client.py: fix handle_exceptions() (RHBZ#951314)
- firewall-config: check zone/service/icmptype name (RHBZ#947820)
- Allow 3121/tcp (pacemaker_remote) in cluster-suite service. (RHBZ#885257)
- firewall-applet: fix default zone hangling in 'shields-up' (RHBZ#947230)
- FirewallError.get_code(): check for unknown error
2013-04-30 18:24:00 +02:00
Jiri Popelka
c802b43c04 0.3.1
- Use explicit file lists for make dist
- New rich rule validation check code
- New global check_port and check_address functions
- Allow source white and black listing with the rich rule
- Fix error handling in case of unsupported family in rich rule
- Enable ip_forwarding in masquerade and forward-port
- New functions to read and write simple files using filename and content
- Add --enable-sysconfig to install Fedora-specific sysconfig config file.
- Add chains for security table (RHBZ#927015)
- firewalld.spec: no need to specify --with-systemd-unitdir
- firewalld.service: remove syslog.target and dbus.target
- firewalld.service: replace hard-coded paths
- Move bash-completion to new location.
2013-03-28 15:32:35 +01:00
Thomas Woerner
7b258f3cda New version 0.3.0
- Added rich language support
- Added lockdown feature
- Allow to bind interfaces and sources to zones permanently
- Enabled IPv6 NAT support
  masquerading and port/packet forwarding for IPv6 only with rich language
- Handle polkit errors in client class and firewall-config
- Added priority description for --direct --add-rule in firewall-cmd man page
- Add XML Schemas for zones/services/icmptypes XMLs
- Don't keep file descriptors open when forking
- Introduce --nopid option for firewalld
- New FORWARD_IN_ZONES and FORWARD_OUT_ZONES chains (RHBZ#912782)
- Update cluster-suite service (RHBZ#885257)
- firewall-cmd: rename --enable/disable-panic to --panic-on/off (RHBZ#874912)
- Fix interaction problem of changed event of gtk combobox with polkit-kde
  by processing all remaining events (RHBZ#915892)
- Stop default zone rules being applied to all zones (RHBZ#912782)
- Firewall.start(): don't call set_default_zone()
- Add wiki's URL to firewalld(1) and firewall-cmd(1) man pages
- firewalld-cmd: make --state verbose (RHBZ#886484)
- improve firewalld --help (RHBZ#910492)
- firewall-cmd: --add/remove-* can be used multiple times (RHBZ#879834)
- Continue loading zone in case of wrong service/port etc. (RHBZ#909466)
- Check also services and icmptypes in Zone() (RHBZ#909466)
- Increase the maximum length of the port forwarding fields from 5 to 11 in
  firewall-config
- firewall-cmd: add usage to fail message
- firewall-cmd: redefine usage to point to man page
- firewall-cmd: fix visible problems with arg. parsing
- Use argparse module for parsing command line options and arguments
- firewall-cmd.1: better clarify where to find ACTIONs
- firewall-cmd Bash completion
- firewall-cmd.1: comment --zone=<zone> usage and move some options
- Use zone's target only in %s_ZONES chains
- default zone in firewalld.conf was set to public with every restart (#902845)
- man page cleanup
- code cleanup
2013-03-20 18:04:20 +01:00
Thomas Woerner
d9e0d917c2 updated source 2013-01-14 16:39:18 +01:00
Thomas Woerner
d801abc3f0 Added missing files for new build env 2013-01-14 15:45:21 +01:00
Thomas Woerner
2c00316c83 New version 0.2.12:
- firewall-cmd: use -V instead of -v for version info (RHBZ#886477)
- firewall-cmd: don't check reload()'s return value (RHBZ#886461)
- actually install firewalld.zones.5
- firewall-config: treat exceptions when adding new zone/service/icmp
  (RHBZ#886602)
- firewalld.spec: Fixed requirements of firewall-config to use gtk2 and
  pygobject3
- Fail gracefully when running in non X environment.(RHBZ#886551)
- offline-cmd: fail gracefully when no s-c-f config
- fix duplicated iptables rules (RHBZ#886515)
- detect errors and duplicates in config file (RHBZ#886581)
- firewall-config: don't make 'Edit Service' and 'Edit ICMP Type' insensitive
- firewalld.spec: fixed requirements, require pygobject3-base
- frewall-applet: Unused code cleanup
- firewall-applet: several usability fixes and enhancements
  (RHBZ#886531) (RHBZ#886534)
- firewall/server/server.py: fixed KeyboardInterrupt message (RHBZ#886558)
- Moved fallback zone and minimal_mark to firewall.config.__init__
- Do not raise ZONE_ALREADY_SET in change_zone if old zone is set again
  (RHBZ#886432)
- Make default zone default for all unset connections/interfaces
  (RHBZ#888288) (RHBZ#882736)
- firewall-config: Use Gtk.MessageType.WARNING for warning dialog
- firewall-config: Handle unknown services and icmptypes in persistent mode
- firewall-config: Do not load settings more than once
- firewall-config: UI cleanup and fixes (RHBZ#888242)
- firewall-cmd: created alias --change-zone for --change-interface
- firewall-cmd man page updates (RHBZ#806511)
- Merged branch 'build-cleanups'
- dropped call to autogen.sh in build stage, not needed anymore due to
  'build-cleanups' merge
2013-01-14 15:29:15 +01:00
Thomas Woerner
144b73b24a New version 0.2.11
- Fixed more _xmlplus (PyXML) incompatibilities to python xml
- Several man page updates
- Fixed error in addForwardPort, removeForwardPort and queryForwardPort
- firewall-cmd: use already existing queryForwardPort()
- Update firewall.cmd man page, use man page as firewall-cmd usage (rhbz#876394)
- firewall-config: Do not force to show labels in the main toolbar
- firewall-config: Dropped "Change default zone" from toolbar
- firewall-config: Added menu entry to change zones of connections
- firewall-applet: Zones can be changed now using nm-connection-editor
  (rhbz#876661)
- translation updates: cs, hu, ja
2012-12-11 21:34:31 +01:00
Thomas Woerner
802d9266c0 New version 0.2.10
- tests/firewalld_config.py: tests for config.service and config.icmptype
- FirewallClientConfigServiceSettings(): destinations are dict not list
- service/zone/icmptype: do not write deprecated name attribute
- New service ntp
- firewall-config: Fixed name of about dialog
- configure.in: Fixed getting of error codes
- Added coding to all pyhton files
- Fixed copyright years
- Beautified file headers
- Force use of pygobject3 in python-slip (RHBZ#874378)
- Log: firewall.server.config_icmptype, firewall.server.config_service and
  firewall.server.config_zone: Prepend full path
- Allow ":" in interface names for interface aliases
- Add name argument to Updated and Renamed signal
- Disable IPv4, IPv6 and EB tables if missing - for IPv4/IPv6 only environments
- firewall-config.glade file cleanup
- firewall-config: loadDefaults() can throw exception
- Use toolbars for Add/Edit/Remove/LoadDefaults buttons for zones, services
  and icmp types
- New vnc-server service, opens ports for displays :0 to :3 (RHBZ#877035)
- firewall-cmd: Fix typo in help output, allow default zone usage for
  permanenent options
- Translation updates: cs, fr, ja, pt_BR and zh_CN
2012-11-20 16:35:51 +01:00
Thomas Woerner
a6b084ef3e New version 0.2.9
- firewall-config: some UI usability changes
- firewall-cmd: New option --list-all-zones, output of --list-all changed,
  more option combination checks
- firewall-applet: Replaced NMClient by direct DBUS calls to fix python core
  dumps in case of connection activates/deactivates
- Use fallback 'C' locale if current locale isn't supported (RHBZ#860278)
- Add interfaces to zones again after reload
- firewall-cmd: use FirewallClient().connected value
- firewall-cmd: --remove-interface was not working due to a typo
- Do not use restorecon for new and backup files
- Fixed use of properties REJECT and DROP
- firewalld_test.py: check interfaces after reload
- Translation updates
- Renamed firewall-convert-scfw-config to firewall-offline-cmd, used by
  anaconda for firewall configuration (e.g. kickstart)
- Fix python shebang to use -Es at installation time for bin_SCRIPTS and
  sbin_SCRIPTS and at all times in gtk3_chooserbutton.py
- tests/firewalld_config.py: update test_zones() test case
- Config interface: improve renaming of zones/services/icmp_types
- Move emiting of Added signals closer to source.
- FirewallClient(): config:ServiceAdded signal was wrongly mapped
- Add argument 'name' to Removed signal
- firewall-config: Add callbacks for config:[service|icmp]-[added|removed]
- firewall-config: catch INVALID_X error when removing zone/service/icmp_type
- firewall-config: remove unused code
- Revert "Neutralize _xmlplus instead of conforming it"
- firewall-applet: some UI usability changes
- firewall-cmd: ALREADY_ENABLED, NOT_ENABLED, ZONE_ALREADY_SET are warnings
2012-10-17 17:16:19 +02:00
Thomas Woerner
7fa1b0edb2 New version 0.2.8:
- Do not apply old settings to zones after reload
- FirewallClient: Added callback structure for firewalld signals
- New firewall-config with full zone, service and icmptype support
- Added Shields Up/Down configuration dialog to firewall-applet
- Name attribute of main tag deprecated for zones, services and icmptypes,
  will be ignored if present
- Fixed wrong references in firewalld man page
- Unregister DBus interfaces after sending out the Removed signal
- Use proper DBus signature in addIcmpType, addService and addZone
- New builtin property for config interfaces
- New test case for Config interface
- spec: use new systemd-rpm macros (rhbz#850110)
- More config file verifications
- Lots of smaller fixes and enhancements
2012-09-07 17:44:38 +02:00
Thomas Woerner
a7e552c674 - Update of firewall-config
- Some bug fixes
2012-08-13 13:38:11 +02:00
Thomas Woerner
ecdf399bdc New version 0.2.6
- New D-BUS interface for persistent configuration
- Aded support for persistent zone configuration in firewall-cmd
- New Shields Up feature in firewall-applet
- New requirements for python-decorator and pygobject3
- New firewall-config sub-package
- New firewall-convert-scfw-config config script
2012-08-07 13:25:11 +02:00