Commit Graph

127 Commits

Author SHA1 Message Date
Eric Garver
cb592bb50d rebase to v0.6.0 2018-07-25 09:01:04 -04:00
Fedora Release Engineering
00cd29af08 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-13 00:35:25 +00:00
Eric Garver
53a98bc1d5 backport fix for rhbz 1575431
Fixes: rhbz 1575431
2018-07-03 16:02:19 -04:00
Miro Hrončok
944837798d Rebuilt for Python 3.7 2018-06-19 10:42:57 +02:00
Eric Garver
18f8c5a7f2 rebase to v0.5.3 2018-05-16 10:32:57 -04:00
Charalampos Stratakis
a02936d1a3 Add the python_provide macro 2018-03-22 18:23:33 +01:00
Eric Garver
40f23213c9 remove python2-firewall subpackage 2018-03-22 11:03:14 -04:00
Eric Garver
7dbe008cf6 rebase to v0.5.2 2018-03-19 15:27:18 -04:00
Igor Gnatenko
0ada34b018
Escape macros in %changelog
Reference: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/Y2ZUKK2B7T2IKXPMODNF6HB2O5T5TS6H/
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-09 09:04:28 +01:00
Eric Garver
991b466c6e rebase to v0.5.1 2018-02-07 11:42:15 -05:00
Fedora Release Engineering
5f6b6224e9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-02-07 09:42:22 +00:00
Igor Gnatenko
51ca746843 Remove obsolete scriptlets
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-01-05 23:53:27 +01:00
Zbigniew Jędrzejewski-Szmek
d6aa9a2c01 Python 2 binary package renamed to python2-firewall 2017-12-17 13:05:18 -05:00
Thomas Woerner
1577a1a931 Bump release 2017-07-31 17:40:31 +02:00
Thomas Woerner
3105298608 - Fix spec file for next RHEL versions 2017-07-31 17:38:47 +02:00
Fedora Release Engineering
e7c499b9cb - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild 2017-07-26 08:25:14 +00:00
Thomas Woerner
51ae9526ba - Rebase to firewalld-0.4.4.5
http://www.firewalld.org/2017/06/firewalld-0-4-4-5-release
  - Fix build from spec
  - Fix –remove-service-from-zone option (RHBZ#1438127)
  - Support sctp and dccp in ports, source-ports, forward-ports, helpers and
    rich rules (RHBZ#1429808)
  - firewall-cmd: Fix –{set,get}-{short,description} for zone (RHBZ#1445238)
  - firewall.core.ipXtables: Use new wait option for restore commands if
    available
  - New services for oVirt:
    ctdb, ovirt-imageio, ovirt-storageconsole, ovirt-vmconsole and nrpe
  - Rename extension for policy choices (server and desktop) to .policy.choice
    (RHBZ#1449754)
  - D-Bus interfaces: Fix GetAll for interfaces without properties
    (RHBZ#1452017)
  - Load NAT helpers with conntrack helpers (RHBZ#1452681)
  - Translation updates
- Additional upstream patches:
  - Rich-rule source validation (d69b7cb)
  - IPv6 ICMP type only rich-rule fix (cf50bd0)
2017-06-13 13:39:03 +02:00
Thomas Woerner
a3519c4995 - Rebase to firewalld-0.4.4.4
http://www.firewalld.org/2017/03/firewalld-0-4-4-4-release
- Drop references to fedorahosted.org from spec file and Makefile.am
- Fix inconsistent ordering of rules in INPUT_ZONE_SOURCE (issue#166)
- Fix ipset overloading from /etc/firewalld/ipsets
- Fix permanent rich rules using icmp-type elements (RHBZ#1434594)
- firewall-config: Deactivate edit, remove, .. buttons if there are no items
- Check if ICMP types are supported by kernel before trying to use them
- firewall-config: Show invalid ipset type in the ipset configuration dialog
  in a special label
2017-03-27 20:01:15 +02:00
Thomas Woerner
698a906f32 - Fixed ipset overloading, dropped applied check in get_ipset (issue#206) 2017-02-21 02:32:01 +01:00
Thomas Woerner
e66ea00b1e - Rebase to firewalld-0.4.4.3
http://www.firewalld.org/2017/02/firewalld-0-4-4-3-release
- Speed up of large file loading
- Support for more ipset types
- Speed up of adding or removing entries for ipsets from files
- Support icmp-type usage in rich rules
- Support for more icmp types
- Support for h323 conntrack helper
- New services
- Code cleanup and several other bug fixes
- Translation updates
2017-02-10 17:33:07 +01:00
Fedora Release Engineering
f42660ccba - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild 2017-02-10 09:47:54 +00:00
Charalampos Stratakis
c2d3d5cd8e Rebuild for Python 3.6 2016-12-13 15:50:07 +01:00
Thomas Woerner
27c4930b69 - Dropping firewalld-selinux package again as the required fix made it into
selinux-policy packages for F-23+, updated selinux-policy version conflicts
2016-12-05 17:31:40 +01:00
Thomas Woerner
1118c441f2 - New firewalld-selinux sub package delivering the SELinux policy module for
firewalld (RHBZ#1396765) (RHBZ#1394625) (RHBZ#1394578) (RHBZ#1394573)
  (RHBZ#1394569)
- New firewalld release 0.4.4.2:
  - firewalld.spec: Added helpers and ipsets paths to firewalld-filesystem
  - firewall.core.fw_nm: create NMClient lazily
  - Do not use hard-coded path for modinfo, use autofoo to detect it
  - firewall.core.io.ifcfg: Dropped invalid option warning with bad format
    string
  - firewall.core.io.ifcfg: Properly handle quoted ifcfg values
  - firewall.core.fw_zone: Do not reset ZONE with ifdown
  - Updated translations from zanata
  - firewall-config: Extra grid at bottom to visualize firewalld settings
2016-12-01 15:44:42 +01:00
Thomas Woerner
e49b9a8f35 Fix firewalld-filesystem to provide helpers and ipsets subdirs 2016-11-10 18:46:10 +01:00
Thomas Woerner
92dff91190 New firewalld version 0.4.4.1
Version 0.4.4.1:
- firewall-config: Use proper source check in sourceDialog (fixes issue#162)
- firewallctl: New support for helpers
- Translation updates

Version 0.4.4:
- Fix dist-check
- src/Makefile.am: Install new helper files
- config/Makefile.am: Install helpers
- Merged translations
- Updated translations from zanata
- firewalld.spec: Adapt requires for PyQt5
- firewall-applet: Fix fromUTF8 for python2 PyQt5 usage
- firewall-applet: Use PyQt5
- firewall-config: New nf_conntrack_select dialog, use nf_conntrack_helpers D-Bus property
- shell-completion/bash/firewall-cmd: Updates for helpers and also some fixes
- src/tests/firewall-[offline-]cmd_test.sh: New helper tests, adapted module tests for services
- doc/xml/seealso.xml: Add firewalld.helper(5) man page
- doc/xml/seealso.xml: Add firewalld.ipset(5) man page
- Fixed typo in firewalld.ipset(5) man page
- Updated firewalld.dbus(5) man page
- New firewalld.helper(5) man page
- doc/xml/firewall-offline-cmd.xml: Updated firewall-offline-cmd man page
- doc/xml/firewall-cmd.xml: Updated firewall-cmd man page
- firewall-offline-cmd: New support for helpers
- firewall-cmd: New support for helpers
- firewall.command: New check_helper_family, check_module and print_helper_info methods
- firewall.core.fw_test: Add helpers also to offline backend
- firewall.server.config: New AutomaticHelpers property (rw)
- firewall.server.config: Fix an dict size changed error for firewall.conf file changes
- firewall.server.config: Make LogDenied property readwrite to be consistent
- Some renames of nf_conntrack_helper* functions and structures, helpers is a dict
- firewall.core.fw: Properly check helper setting in set_automatic_helpers
- firewall.errors: Add missing BUILTIN_HELPER error code
- No extra interface for helpers needed in runtime, dropped DBUS_INTERFACE_HELPER
- firewall.server.firewalld: Drop unused queryHelper D-Bus method
- New helpers Q.931 and RAS from nf_conntrack_h323
- firewall.core.io.helper: Allow dots in helper names, remove underscore
- firewall.core.io.firewalld_conf: Fixed typo in FALLBACK_AUTOMATIC_HELPERS
- firewall-[offline-]cmd: Use sys.excepthook to force exception_handler usage always
- firewall.core.fw_config: new_X methods should also check builtins
- firewall.client: Set helper family to "" if None
- firewall.client: Add missing module string to FirewallClientHelperSettings.settings
- config/firewalld.conf: Add possible values description for AutomaticHelpers
- helpers/amanda.xml: Fix typo in helper module
- firewall-config: Added support for helper module setting
- firewall.client: Added support for helper module setting
- firewall.server.config_helper: Added support for helper module setting
- firewall.core.io.service, firewall.server.config_service: Only replace underscore by dash if module start with nf_conntrack_
- firewall.core.fw_zone: Use helper module instead of a generated name from helper name
- helpers: Added kernel module
- firewall.core.io.helper: Add module to helper
- firewall-cmd: Removed duplicate --get-ipset-types from help output
- firewall.core.fw_zone: Add zone bingings for PREROUTING in the raw table
- firewall.core.ipXtables: Add PREROUTING default rules for zones in raw table
- firewall-config: New support to handle helpers, new dialogs, new helper tab, ..
- config/org.fedoraproject.FirewallConfig.gschema.xml.in: New show-helpers setting
- firewall.client: New helper management for runtime and permanent configuration
- firewall.server.firewalld: New runtime helper management, new nf_conntrack_helper property
- firewall.server.config_service: Fix module name handling (no nf_conntrack_ prefix needed)
- firewall.server.config: New permanent D-Bus helper management
- New firewall.server.config_helper to provide the permanent D-Bus interface for helpers
- firewall.core.fw_zone: Use helpers fw.nf_conntrack_helper for services using helpers
- firewall.core.fw: New helper management, new _automatic_helpers and nf_conntrack_helper settings
- firewall.core.fw_config: Add support for permanent helper handling
- firewall.core.io.service: The module does not need to start with nf_conntrack_ anymore
- firewall.functions: New functions to get and set nf_conntrack_helper kernel setting
- firewall.core.io.firewalld_conf: New support for AutomaticHelpers setting
- firewall.config.dbus: New D-Bus definitions for helpers, new DBUS_INTERFACE_REVISION 12
- New firewall.core.fw_helper providing FirewallHelper backend
- New firewall.core.helper with HELPER_MAXNAMELEN definition
- config/firewalld.conf: New AutomaticHelpers setting with description
- firewall.config.__init__.py.in: New helpers variables
- firewalld.spec: Add new helpers directory
- config/Makefile.am: Install new helpers
- New helper configuration files for amanda, ftp, irc, netbios-ns, pptp, sane, sip, snmp and tftp
- firewall.core.io.helper: New IO handler for netfilter helpers
- firewall.errors: New INVALID_HELPER error code
- firewall.core.io.ifcfg: Use .bak for save files
- firewall-config: Set internal log_denied setting after changing
- firewall.server.config: Copy props before removing items
- doc/xml/firewalld.ipset: Replaced icmptype name remains with ipset
- firewall.core.fw_zone: Fix LOG rule placement for LogDenied
- firewall.command: Use "source-ports" in print_zone_info
- firewall.core.logger: Use syslog.openlog() and syslog.closelog()
- firewall-[offline-]cmd man pages: Document --path-{zone,icmptype,ipset,service}
- firewall-cmd: Enable --path-{zone,icmptype,service} options again
- firewall.core.{ipXtables,ebtables}: Copy rule before extracting items in set_rules
- firewall.core.fw: Do not abort transaction on failed ipv6_rpfilter rules
- config/Makefile.am: Added cfengine, condor-collector and smtp-submission services
- Makefile.am: New dist-check used in the archive target
- src/Makefile.am: Reordered nobase_dist_python_DATA to be sorted
- config/Makefile.am: New CONFIG_FILES variable to contain the config files
- Merge pull request #150 from hspaans/master
- Merge pull request #146 from canvon/bugfix/spelling
- Merge pull request #145 from jcpunk/condor
- Command line tools man pages: New section about sequence options and exit codes
- Creating service file for SMTP-Submission.
- Creating service file for CFEngine.
- Fix typo in documentation: iptables mangle table
- Only use sort on lists of main items, but not for item properties
- firewall.core.io.io_object: import_config should not change ordering of lists
- firewall.core.fw_transaction: Load helper modules in FirewallZoneTransaction
- firewall.command: Fail with NOT_AUTHORIZED if authorization fails (RHBZ#1368549)
- firewall.command: Fix sequence exit code with at least one succeeded item
- Add condor collector service
- firewall-cmd: Fixed --{get,set}-{description,short} for permanent zones
- firewall.command: Do not use error code 254 for {ALREADY,NOT}_ENABLED sequences
2016-11-10 18:01:01 +01:00
Thomas Woerner
296ea4d3bd New version 0.4.3.3
- Fix CVE-2016-5410: Firewall configuration can be modified by any logged in
  user
- firewall/server/firewalld: Make getXSettings and getLogDenied CONFIG_INFO
- Update AppData configuration file.
- tests/firewalld_rich.py: Use new import structure and FirewallClient classes
- tests/firewalld_direct.py: Use new import structure
- tests: firewalld_direct: Fix assert to check for True instead of False
- tests: firewalld_config: Fix expected value when querying the zone target
- tests: firewalld_config: Use real nf_conntrack modules
- firewalld.spec: Added comment about make call for %build
- firewall-config: Use also width_request and height_request with default size
- Updated firewall-config screenshot
- firewall-cmd: Fixed typo in help output (RHBZ#1367171)
- test-suite: Ignore stderr to get default zone also for missing firewalld.conf
- firewall.core.logger: Warnings should be printed to stderr per default
- firewall.core.fw_nm: Ignore NetworkManager if NM.Client connect fails
- firewall-cmd, firewallctl: Gracefully fail if SystemBus can not be aquired
- firewall.client: Generate new DBUS_ERROR if SystemBus can not be aquired
- test-suite: Do not fail on ALREADY_ENABLED --add-destination tests
- firewall.command: ALREADY_ENABLED, NOT_ENABLED, ZONE_ALREADY_SET are warnings
- doc/xml/firewalld.dbus.xml: Removed undefined reference
- doc/xml/transform-html.xsl.in: Fixed references in the document
- doc/xml/firewalld.{dbus,zone}.xml: Embed programlisting in para
- doc/xml/transform-html.xsl.in: Enhanced html formatting closer to the man page
- firewall: core: fw_nm: Instantiate the NM client only once
- firewall/core/io/*.py: Do not traceback on a general sax parsing issue
- firewall-offline-cmd: Fix --{add,remove}-entries-from-file
- firewall-cmd: Add missing action to fix --{add,remove}-entries-from-file
- firewall.core.prog: Do not output stderr, but return it in the error case
- firewall.core.io.ifcfg.py: Fix ifcfg file reader and writer (RHBZ#1362171)
- config/firewall.service.in: use KillMode=mixed
- config/firewalld.service.in: use network-pre.target
- firewall-config: Add missing gettext.textdomain call to fix translations
- Add UDP to transmission-client.xml service
- tests/firewall-[offline-]cmd_test.sh: Hide errors and warnings
- firewall.client: Fix ALREADY_ENABLED errors in icmptype destination calls
- firewall.client: Fix NOT_ENABLED errors in icmptype destination calls
- firewall.client: Use {ALREADY,NOT}_ENABLED errors in icmptype destination
  calls
- firewall.command: Add the removed FirewallError handling to the action
  (a17ce50)
- firewall.command: Do not use query methods for sequences and also single
  options
- Add missing information about MAC and ipset sources to man pages and help
  output
- firewalld.spec: Add BuildRequires for libxslt to enable rebuild of man pages
- firewall[-offline]-cmd, firewallctl, firewall.command: Use sys.{stdout,stderr}
- firewallctl: Fix traceback if not connected to firewalld
- firewall-config: Initialize value in on_richRuleDialogElementChooser_clicked
- firewall.command: Convert errors to string for Python3
- firewall.command: Get proper firewall error code from D-BusExceptions
- firewall-cmd: Fixed traceback without args
- Add missing service files to Makefile.am
- shell-completion: Add shell completion support for
  --{get,set}--{description,short}
- Updated RHEL-7 selinux-policy and squid conflict
2016-08-16 22:26:58 +02:00
Fedora Release Engineering
f03f262716 - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages 2016-07-19 07:05:09 +00:00
Thomas Woerner
ffe18e7c08 - New firewalld release 0.4.3.2
- Fix regression with unavailable optional commands
- All missing backend messages should be warnings
- Individual calls for missing restore commands
- Only one authenticate call for add and remove options and also sequences
- New service RH-Satellite-6
- Fixed selinux-policy conflict version for RHEL-7
2016-07-05 19:47:25 +02:00
Thomas Woerner
ebe2f35f6d - Fixed selinux-policy conflict version for Fedora 24 2016-06-29 11:45:26 +02:00
Thomas Woerner
2e46c99b3b Fix version compare of RHEL-7 selinux-policy conflict 2016-06-28 21:04:28 +02:00
Thomas Woerner
99b1f46310 - New firewalld release 0.4.3.1
- firewall.command: Fix python3 DBusException message not interable error
- src/Makefile.am: Fix path in firewall-[offline-]cmd_test.sh while installing
- firewallctl: Do not trace back on list command without further arguments
- firewallctl (man1): Added remaining sections zone, service, ..
- firewallctl: Added runtime-to-permanent, interface and source parser,
  IndividualCalls setting
- firewall.server.config: Allow to set IndividualCalls property in config
  interface
- Fix missing icmp rules for some zones
- runProg: Fix issue with running programs
- firewall-offline-cmd: Fix issues with missing system-config-firewall
- firewall.core.ipXtables: Split up source and dest addresses for transaction
- firewall.server.config: Log error in case of loading malformed files in
  watcher
- Install and package the firewallctl man page
- New firewallctl utility (RHBZ#1147959)
- doc.xml.seealso: Show firewalld.dbus in See Also sections
- firewall.core.fw_config: Create backup on zone, service, ipset and icmptype
  removal (RHBZ#1339251)
- {zone,service,ipset,icmptype}_writer: Do not fail on failed backup
- firewall-[offline-]cmd: Fix --new-X-from-file options for files in cwd
- firewall-cmd: Dropped duplicate setType call in --new-ipset
- radius service: Support also tcp ports (RBZ#1219717)
- xmlschemas: Support source-port, protocol, icmp-block-inversion and ipset
  sources
- config.xmlschema.service.xsd: Fix service destination conflicts
  (RHBZ#1296573)
- firewall-cmd, firewalld man: Information about new NetworkManager and ifcfg
- firewall.command: Only print summary and description in print_X_info with
  verbose
- firewall.command: print_msg should be able to print empty lines
- firewall-config: No processing of runtime passthroughs signals in permanent
- Landspace.io fixes and pylint calm downs
- firewall.core.io.zone: Add zone_reader and zone_writer to __all__, pylint
  fixes
- firewall-config: Fixed titles of command and context dialogs, also entry
  lenths
- firewall-config: pylint calm downs
- firewall.core.fw_zone: Fix use of MAC source in rich rules without ipv limit
- firewall-config: Use self.active_zoens in conf_zone_added_cb
- firewall.command: New parse_port, extended parse methods with more checks
- firewall.command: Fixed parse_port to use the separator in the split call
- firewall.command: New [de]activate_exception_handler, raise error in parse_X
- services ha: Allow corosync-qnetd port
- firewall-applet: Support for kde5-nm-connection-editor
- tests/firewall-offline-cmd_test.sh: New tests for service and icmptype
  modifications
- firewall-offline-cmd: Use FirewallCommand for simplification and sequence
  options
- tests/firewall-cmd_test.sh: New tests for service and icmptype modifications
- firewall-cmd: Fixed set, remove and query destination options for services
- firewall.core.io.service: Source ports have not been checked in _check_config
- firewall.core.fw_zone: Method check_source_port is not used, removed
- firewall.core.base: Added default to ZONE_TARGETS
- firewall.client: Allow to remove ipv:address pair for service destinations
- tests/firewall-offline-cmd_test.sh: There is no timeout option in permanent
- firewall-cmd: Landscape.io fixes, pylint calm downs
- firewall-cmd: Use FirewallCommand for simplification and sequence options
- firewall.command: New FirewallCommand for command line client simplification
- New services: kshell, rsh, ganglia-master, ganglia-client
- firewalld: Cleanup of unused imports, do not translate some deamon messages
- firewalld: With fd close interation in runProg, it is not needed here anymore
- firewall.core.prog: Add fd close iteration to runProg
- firewall.core.fw_nm: Hide NM typelib import, new nm_get_dbus_interface
  function
- firewalld.spec: Require NetworkManager-libnm instead of NetworkManager-glib
- firewall-config: New add/remove ipset entries from file, remove all entries
- firewall-applet: Fix tooltip after applet start with connection to firewalld
- firewall-config: Select new zone, service or icmptype if the view was empty
- firewalld.spec: Added build requires for iptables, ebtables and ipset
- Adding nf_conntrack_sip module to the service SIP
- firewall: core: fw_ifcfg: Quickly return if ifcfg directory does not exist
- Drop unneeded python shebangs
- Translation updates

* Mon May 30 2016 Thomas Woerner <twoerner@redhat.com> - 0.4.2-1
- New module to search for and change ifcfg files for interfaces not under
  control of NM
- firewall_config: Enhanced messages in status bar
- firewall-config: New message window as overlay if not connected
- firewall-config: Fix sentivity of option, view menus and main paned if not
  connected
- firewall-applet: Quit on SIGINT (Ctrl-C), reduced D-Bus calls, some cleanup
- firewall-[offline]cmd: Show target in zone information
- D-Bus: Completed masquerade methods in FirewallClientZoneSettings
- Fixed log-denied rules for icmp-blocks
- Keep sorting of interfaces, services, icmp-blocks and other settings in zones
- Fixed runtime-to-permanent not to save interfaces under control of NM
- New icmp-block-inversion flag in the zones
- ICMP type filtering in the zones
- New services: sip, sips, managesieve
- rich rules: Allow destination action (RHBZ#1163428)
- firewall-offline-cmd: New option -q/--quiet
- firewall-[offline-]cmd: New --add-[zone,service,ipset,icmptype]-from-file
- firewall-[offline-]cmd: Fix option for setting the destination address
- firewall-config: Fixed resizing behaviour
- New transaction model for speed ups in start, restart, stop and other actions
- firewall-cmd: New options --load{zone,service,ipset,icmptype}-defaults
- Fixed memory leak in dbus_introspection_add_properties
- Landscape.io fixes, pylint calm downs
- New D-Bus getXnames methods to speed up firewall-config and firewall-cmd
- ebtables-restore: No support for COMMIT command
- Source port support in services, zones and rich rules
- firewall-offline-cmd: Added --{add,remove}-entries-from-file for ipsets
- firewall-config: New active bindings side bar for simple binding changes
- Reworked NetworkManager module
- Proper default zone handling for NM connections
- Try to set zone binding with NM if interface is under control of NM
- Code cleanup and bug fixes
- Include test suite in the release and install in /usr/share/firewalld/tests
- New Travis-CI configuration file
- Fixed more broken frensh translations
- Translation updates
2016-06-28 21:01:55 +02:00
Thomas Woerner
6a8dbbc80b New firewalld release 0.4.2
- New module to search for and change ifcfg files for interfaces not under
  control of NM
- firewall_config: Enhanced messages in status bar
- firewall-config: New message window as overlay if not connected
- firewall-config: Fix sentivity of option, view menus and main paned if not
  connected
- firewall-applet: Quit on SIGINT (Ctrl-C), reduced D-Bus calls, some cleanup
- firewall-[offline]cmd: Show target in zone information
- D-Bus: Completed masquerade methods in FirewallClientZoneSettings
- Fixed log-denied rules for icmp-blocks
- Keep sorting of interfaces, services, icmp-blocks and other settings in zones
- Fixed runtime-to-permanent not to save interfaces under control of NM
- New icmp-block-inversion flag in the zones
- ICMP type filtering in the zones
- New services: sip, sips, managesieve
- rich rules: Allow destination action (RHBZ#1163428)
- firewall-offline-cmd: New option -q/--quiet
- firewall-[offline-]cmd: New --add-[zone,service,ipset,icmptype]-from-file
- firewall-[offline-]cmd: Fix option for setting the destination address
- firewall-config: Fixed resizing behaviour
- New transaction model for speed ups in start, restart, stop and other actions
- firewall-cmd: New options --load{zone,service,ipset,icmptype}-defaults
- Fixed memory leak in dbus_introspection_add_properties
- Landscape.io fixes, pylint calm downs
- New D-Bus getXnames methods to speed up firewall-config and firewall-cmd
- ebtables-restore: No support for COMMIT command
- Source port support in services, zones and rich rules
- firewall-offline-cmd: Added --{add,remove}-entries-from-file for ipsets
- firewall-config: New active bindings side bar for simple binding changes
- Reworked NetworkManager module
- Proper default zone handling for NM connections
- Try to set zone binding with NM if interface is under control of NM
- Code cleanup and bug fixes
- Include test suite in the release and install in /usr/share/firewalld/tests
- New Travis-CI configuration file
- Fixed more broken frensh translations
- Translation updates
2016-05-30 18:35:48 +02:00
Thomas Woerner
07c6568ae0 - Fixed ebtables-restore does not support the COMMIT command issue 2016-05-09 15:26:35 +02:00
Thomas Woerner
a81efa3c56 - Fixed translations with python3
- Fixed exception for failed NM import, new doc string
- Make ipsets visible per default in firewall-config
- Install new fw_nm module
- Do not fail if log file could not be opened
- Fixed broken fr translation
2016-04-20 19:13:31 +02:00
Thomas Woerner
41c649ed4b New buildrequires for automatic detection of {ip,ip6,eb}tables{,-restore} and ipset 2016-04-19 17:31:44 +02:00
Thomas Woerner
59f898339e New firewalld version 0.4.1
- Enhancements of ipset handling
  - No cleanup of ipsets using timeouts while reloading
  - Only destroy conflicting ipsets
  - Only use ipset types supported by the system
  - Add and remove several ipset entries in one call using a file
- Reduce time frame where builtin chains are on policy DROP while reloading
- Include descriptions in --info-X calls
- Command line interface support to get and alter descriptions of zones,
  services, ipsets and icmptypes with permanent option
- Properly watch changes in combined zones
- Fix logging in rich rule forward rules
- Transformed direct.passthrough errors into warnings
- Rework of import structures
- Reduced calls to get ids for port and protocol names (RHBZ#1305434)
- Build and installation fixes by Markos Chandras
- Provide D-Bus properties in introspection data
- Fix for flaws found by landscape.io
- Fix for repeated SUGHUP
- New NetworkManager module to get and set zones of connections, used in
  firewall-applet and firewall-config
- configure: Autodetect backend tools ({ip,ip6,eb}tables{,-restore}, ipset)
- Code cleanups
- Bug fixes
2016-04-19 17:22:50 +02:00
Jiri Popelka
1eb325692c Revert one commit to temporary work-around RHBZ#1309754 2016-02-22 19:05:51 +01:00
Jiri Popelka
4f8a6cb801 fix release 2016-02-08 14:20:11 +01:00
Jiri Popelka
9e870ac09d Merge branch 'f23' 2016-02-08 14:16:52 +01:00
Jiri Popelka
e253f94325 Make sure tempdir is created even in offline mode. (RHBZ#1305175) 2016-02-08 14:12:25 +01:00
Dennis Gilmore
0d988a0fcf - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild 2016-02-03 20:32:09 +00:00
Thomas Woerner
b2398523d9 New version 0.4.0
- Speed ups
  - ipset support
  - MAC address support
  - Log of denied packets
  - Mark action in rich rules
  - Enhanced alteration of config files with command line tools
  - Use of zone chains in direct interface
  - firewall-applet enhancement
  - New services: ceph-mon, ceph, docker-registry, imap, pop3, pulseaudio,
    smtps, snmptrap, snmp, syslog-tls and syslog
  - Several bug fixes
  - Code optimizations
2016-02-01 17:53:28 +01:00
Peter Robinson
01f44ea547 - Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5 2015-11-10 14:19:55 +00:00
Adam Williamson
edff2d5149 bump versions on old config package obsoletes (f21 is on 0.3.14)
The versions being too low meant that on upgrade from F21 to
F22 or F23 you didn't get the obsolete kicking in as it should.
2015-07-22 14:50:09 -07:00
Thomas Woerner
6daecaddcb - Require python3-gobject-base for fedora >= 23 and rhel >= 8 (RHBZ#1242076)
- Fix rhel defines: No python3 for rhel-7
2015-07-13 15:35:33 +02:00
Thomas Woerner
400c17b1f3 - Fixed 'pid_file' referenced before assignment (RHBZ#1233232) 2015-06-18 17:54:59 +02:00
Thomas Woerner
a852a77a23 - reunification of the firewalld spec files for all Fedora releases
- fix dependencies for -applet and -config: use_python3 is the proper switch
  not with_python3 (RHBZ#1232493)

* New upstream version 0.3.14.2:

- firewalld.spec:
  - fixed requirements for -applet and -config
- man pages:
  - adapted firewall-applet man page to new version
- firewall-applet:
  - Only honour active connections for zone changes
  - Change QSettings path and file names
- firewall-config:
  - Only honour active connections for zone changes in the “Change Zones of Connections” menu
- Translations:
  - updated translations
  - marked translations for “Connections” for review
2015-06-17 11:54:16 +02:00
Dennis Gilmore
3467da0208 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild 2015-06-17 06:22:13 +00:00
Stephen Gallagher
bc01174b62 Make sure we always create the polkit policy
There were cases (like Cloud Edition) where we would not create
the polkit policy if firewalld.conf already existed.
2015-06-16 15:09:50 -04:00