- Update to 0.6.2. Some of the changes are:
  * update translations
  * nftables: fix log-denied with values other than "all" or "off"
  * fw_ipset: raise FirewallError if backend command fails
  * ipset: only use "-exist" on restore
  * fw_ipset: fix duplicate add of ipset entries
  * *tables: For opened ports/protocols/etc match ct state new,untracked (bsc#1105821)
  * ipXtables: increase wait lock to 10s
  * nftables: fix rich rules ports/protocols/source ports not considering ct state
  * ports: allow querying a single added by range
  * fw_zone: do not change rich rule errors into warnings
  * fw_zone: fix services with multiple destination IP versions (bsc#1105899)
  * fw_zone: consider destination for protocols
  * firewall/core/fw_nm: nm_get_zone_of_connection should return None or empty string instead of False (boo#1106319)
  * fw: If direct rules fail to apply add a "Direct" label to error msg
  * fw: if startup fails on reload, reapply non-perm config that survives reload
  * nftables: fix rich rule audit log
  * ebtables: replace RETURN policy with explicit RETURN at end of chain
  * direct backends: allow build_chain() to build multiple rules
  * fw: if failure occurs during startup set state to FAILED
  * fw: on restart set policy from same function
  * ebtables: drop support for broute table
- Remove upstream patches
  * 0001-nftables-fix-rich-rules-ports-protocols-source-ports.patch
  * 0001-fw_zone-consider-destination-for-protocols.patch
  * 0002-fw_zone-fix-services-with-multiple-destination-IP-ve.patch
  * firewalld-fix-firewalld-config-crash.patch

• Files Changed
• Browse Source

  * 0001-nftables-fix-rich-rules-ports-protocols-source-ports.patch
- Add upstream patch to fix building rules for multiple IP families (bsc#1105899)

• Files Changed
• Browse Source

- Add upstream patch to fix Neighbor Discovery filtering for IPv6 (bsc#1105821)
  * 0001-nftables-fx-rich-rules-ports-protocols-source-ports.patch
- Add upstream patch to fix building rules for multiple IP families (bsc#1108651)
  * 0001-fw_zone-consider-destination-for-protocols.patch
  * 0002-fw_zone-fix-services-with-multiple-destination-IP-ve.patch

• Files Changed
• Browse Source

- Also switch firewall backend fallback to 'iptables' (bsc#1102761)
  This ensures that existing configuration files will keep working
  even if FirewallBackend option is missing.
  * 0001-firewall-backend-Switch-default-backend-to-iptables.patch

• Files Changed
• Browse Source

Restore package to Factory version

• Files Changed
• Browse Source

add firewalld-fix-firewalld-config-crash.patch to fix firewall-config crash

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- Restore nftables as default backend (bsc#1102761). nftables and
  iptables can co-exist but the 'nat' table had a bug which was fixed
  in kernel-4.18.

• Files Changed
• Browse Source

  * 0001-firewall-backend-Switch-default-backend-to-iptables.patch

• Files Changed
• Browse Source

- Also switch firewall backend fallback to 'iptables' (bsc#1102761)
  This ensures that existing configuration files will keep working
  even if FirewallBackend option is missing.

• Files Changed
• Browse Source

- Update to 0.6.1. Some of the changes are:
  * Correct source/destination in rich rule masquerade
  * Only modify ifcfg files for permanent configuration changes
  * Fix a backtrace when calling common_reverse_rule()
  * man firewalld.conf: Show nftables is the default FirewallBackend
  * firewall-config: fix some untranslated strings that caused a UI
    bug causing rich rules to not be modify-able (bsc#1096542)
  * fw_direct: avoid log for untracked passthrough queries
  * fixed many issues if iptables is actually iptables-nft
  * Use preferred location for AppData files
  * ipXtables: fix ICMP block inversion with set-log-denied
  * fixes ICMP block inversion with set-log-denied with
    IndividualCalls=yes
  * nftables: fix set-log-denied if target is not ACCEPT
  * fw_direct: strip _direct chain suffix if using nftables
  * NetworkManager integration bugfixes.

• Files Changed
• Browse Source

- Switch back to 'iptables' backend as default (bsc#1102761)

• Files Changed
• Browse Source

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- Update to 0.6.0. Some of the changes are:
  * update translations
  * firewall-config: Add ipv6-icmp to the protocol dropdown box (#348, bsc#1099698)
  * core: logger: Remove world-readable bit from logfile (#349, bsc#1098986)
  * IPv6 rpfilter: explicitly allow neighbor solicitation
  * nftables backend (default)
  * Added loads of new services
  * firewall-cmd: add --check-config option
  * firewall-offline-cmd: add --check-config option
  * firewallctl: completely remove all code and references
  * dbus: expose FirewallBackend
  * dbus: fix erroneous fallback for AutomaticHelpers
- Remove patches which have made it upstream
  * firewalld-add-additional-services.patch
- spec-cleaner fixes

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- Translations update (bsc#1081623).

• Files Changed
• Browse Source

- Update to 0.5.3 (bsc#1093120)

• Files Changed
• Browse Source

- Update to 0.5.3
  * tests/regression: add test for ipset with timeout
  * ipset: allow adding entries to ipsets with timeout
  * translations: update
  * helpers: load helper module explicitly if no port given
  * helpers: nf_conntrack_proto-* helpers needs name cropped
  * config/Makefile: correct name of proto-gre helper
  * tests/regression: test helper nf_conntrack_proto_gre (#263)
  * functions: get_nf_nat_helpers() should look in other directories too
  * functions: Allow nf_conntrack_proto_* helpers
  * services: Add GRE
  * helpers: Add proto-gre
  * tests/regression: add test to verify ICMP block in forward chain
  * ipXtables: fix ICMP block not being present in FORWARD chain

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source