Revisions of firewalld
Markos Chandras (markoschandras)
accepted
request 636832
from
Markos Chandras (markoschandras)
(revision 85)
- Update to 0.6.2. Some of the changes are: * update translations * nftables: fix log-denied with values other than "all" or "off" * fw_ipset: raise FirewallError if backend command fails * ipset: only use "-exist" on restore * fw_ipset: fix duplicate add of ipset entries * *tables: For opened ports/protocols/etc match ct state new,untracked (bsc#1105821) * ipXtables: increase wait lock to 10s * nftables: fix rich rules ports/protocols/source ports not considering ct state * ports: allow querying a single added by range * fw_zone: do not change rich rule errors into warnings * fw_zone: fix services with multiple destination IP versions (bsc#1105899) * fw_zone: consider destination for protocols * firewall/core/fw_nm: nm_get_zone_of_connection should return None or empty string instead of False (boo#1106319) * fw: If direct rules fail to apply add a "Direct" label to error msg * fw: if startup fails on reload, reapply non-perm config that survives reload * nftables: fix rich rule audit log * ebtables: replace RETURN policy with explicit RETURN at end of chain * direct backends: allow build_chain() to build multiple rules * fw: if failure occurs during startup set state to FAILED * fw: on restart set policy from same function * ebtables: drop support for broute table - Remove upstream patches * 0001-nftables-fix-rich-rules-ports-protocols-source-ports.patch * 0001-fw_zone-consider-destination-for-protocols.patch * 0002-fw_zone-fix-services-with-multiple-destination-IP-ve.patch * firewalld-fix-firewalld-config-crash.patch
Markos Chandras (markoschandras)
committed
(revision 84)
* 0001-nftables-fix-rich-rules-ports-protocols-source-ports.patch - Add upstream patch to fix building rules for multiple IP families (bsc#1105899)
Markos Chandras (markoschandras)
accepted
request 636192
from
Markos Chandras (markoschandras)
(revision 83)
- Add upstream patch to fix Neighbor Discovery filtering for IPv6 (bsc#1105821) * 0001-nftables-fx-rich-rules-ports-protocols-source-ports.patch - Add upstream patch to fix building rules for multiple IP families (bsc#1108651) * 0001-fw_zone-consider-destination-for-protocols.patch * 0002-fw_zone-fix-services-with-multiple-destination-IP-ve.patch
Markos Chandras (markoschandras)
committed
(revision 82)
- Also switch firewall backend fallback to 'iptables' (bsc#1102761) This ensures that existing configuration files will keep working even if FirewallBackend option is missing. * 0001-firewall-backend-Switch-default-backend-to-iptables.patch
Markos Chandras (markoschandras)
committed
(revision 81)
Restore package to Factory version
Markos Chandras (markoschandras)
accepted
request 632901
from
Luciano Santos (luc14n0)
(revision 80)
add firewalld-fix-firewalld-config-crash.patch to fix firewall-config crash
Markos Chandras (markoschandras)
committed
(revision 79)
Markos Chandras (markoschandras)
committed
(revision 78)
- Restore nftables as default backend (bsc#1102761). nftables and iptables can co-exist but the 'nat' table had a bug which was fixed in kernel-4.18.
Markos Chandras (markoschandras)
committed
(revision 77)
* 0001-firewall-backend-Switch-default-backend-to-iptables.patch
Markos Chandras (markoschandras)
accepted
request 629064
from
Markos Chandras (markoschandras)
(revision 76)
- Also switch firewall backend fallback to 'iptables' (bsc#1102761) This ensures that existing configuration files will keep working even if FirewallBackend option is missing.
Markos Chandras (markoschandras)
accepted
request 628528
from
Markos Chandras (markoschandras)
(revision 75)
- Update to 0.6.1. Some of the changes are: * Correct source/destination in rich rule masquerade * Only modify ifcfg files for permanent configuration changes * Fix a backtrace when calling common_reverse_rule() * man firewalld.conf: Show nftables is the default FirewallBackend * firewall-config: fix some untranslated strings that caused a UI bug causing rich rules to not be modify-able (bsc#1096542) * fw_direct: avoid log for untracked passthrough queries * fixed many issues if iptables is actually iptables-nft * Use preferred location for AppData files * ipXtables: fix ICMP block inversion with set-log-denied * fixes ICMP block inversion with set-log-denied with IndividualCalls=yes * nftables: fix set-log-denied if target is not ACCEPT * fw_direct: strip _direct chain suffix if using nftables * NetworkManager integration bugfixes.
Markos Chandras (markoschandras)
accepted
request 627579
from
Markos Chandras (markoschandras)
(revision 74)
- Switch back to 'iptables' backend as default (bsc#1102761)
Dominique Leuenberger (dimstar_suse)
committed
(revision 73)
buildservice-autocommit
accepted
request 622082
from
Markos Chandras (markoschandras)
(revision 72)
baserev update by copy to link target
Markos Chandras (markoschandras)
accepted
request 621850
from
Markos Chandras (markoschandras)
(revision 71)
- Update to 0.6.0. Some of the changes are: * update translations * firewall-config: Add ipv6-icmp to the protocol dropdown box (#348, bsc#1099698) * core: logger: Remove world-readable bit from logfile (#349, bsc#1098986) * IPv6 rpfilter: explicitly allow neighbor solicitation * nftables backend (default) * Added loads of new services * firewall-cmd: add --check-config option * firewall-offline-cmd: add --check-config option * firewallctl: completely remove all code and references * dbus: expose FirewallBackend * dbus: fix erroneous fallback for AutomaticHelpers - Remove patches which have made it upstream * firewalld-add-additional-services.patch - spec-cleaner fixes
buildservice-autocommit
accepted
request 607015
from
Markos Chandras (markoschandras)
(revision 70)
baserev update by copy to link target
Markos Chandras (markoschandras)
accepted
request 597838
from
Stanislav Brabec (sbrabec)
(revision 69)
- Translations update (bsc#1081623).
Markos Chandras (markoschandras)
committed
(revision 68)
- Update to 0.5.3 (bsc#1093120)
Markos Chandras (markoschandras)
accepted
request 606954
from
Markos Chandras (markoschandras)
(revision 67)
- Update to 0.5.3 * tests/regression: add test for ipset with timeout * ipset: allow adding entries to ipsets with timeout * translations: update * helpers: load helper module explicitly if no port given * helpers: nf_conntrack_proto-* helpers needs name cropped * config/Makefile: correct name of proto-gre helper * tests/regression: test helper nf_conntrack_proto_gre (#263) * functions: get_nf_nat_helpers() should look in other directories too * functions: Allow nf_conntrack_proto_* helpers * services: Add GRE * helpers: Add proto-gre * tests/regression: add test to verify ICMP block in forward chain * ipXtables: fix ICMP block not being present in FORWARD chain
buildservice-autocommit
accepted
request 596927
from
Markos Chandras (markoschandras)
(revision 66)
baserev update by copy to link target
Displaying revisions 81 - 100 of 165